Thank you for the reply. Setting up the ip in the container is what i have problem with. The idea was that it can be done from outside, so only one binary can be running inside. If this is not possible and it needs to be done from some tool inside, then probably i have to run it with Boot=yes, which is not really what i would like.
I watched yesterday a fosdem video from Lennart regarding nspawn containers and he hinted that things about networking should improve; it was in the context of network namespaces. BR, Miroslav. On Thu, Jan 29, 2026 at 3:27 PM Andrei Borzenkov <[email protected]> wrote: > > 29.01.2026 15:39, Miroslav Špehar wrote: > > Hi all, > > > > How can i set the ip of an nspawn container which has Boot=no in .nspawn > > file? > > > > I am not even sure if this is a good idea, its just something im > > trying to do and failing. > > > > The idea is to run a binary like stalwart mail server in the nspawn > > container, but have the container run only that binary (musl binary). > > Since id like to avoid having a shell and other binaries / processes > > in the container, i would resort to having Boot=no in the .nspawn > > file. > > > > Also, i would like that nspawn doesnt open ports on the host itself, > > id rather have it manually forwarded by nftables on host, which means > > no Port= option in .nspawn. > > > > Does any of this make sense? > > > > That's what --network-veth and related is for. You need interface inside > your container for your application and you need something to forward to > on the host side. You still need to setup interface inside the container > with the correct address and other parameters, so you will need at least > those programs plus something to invoke them. > > You would *still* need this even when using --port, because --port > option simply forwards packets between host and container, but for this > it needs the interface into the container.
