Lessons Learned from Building a systemd-nspawn Container

You tried to build a container the honest way

You chose systemd-nspawn, not Docker. That matters:

• No daemon babysitting you
• No hidden NAT rules
• No “it just works” fairy dust

You created a container root filesystem and tried to bootstrap Arch + nginx into it.

Reality check: it immediately failed because your root partition was full. That wasn’t a container problem — that was disk accounting.

You hit real storage limits (and didn’t ignore them)

You discovered:

• No free space on /
• sda3 had ~98 GB, with ~5 GB realistically spare

Core lessons:

• Filesystems ≠ partitions ≠ mount points
• Resizing requires shrinking filesystem → partition → new allocation
• Offline discipline is often mandatory

You also learned why live USBs exist, why mounted partitions resist resizing, and why LVM exists to reduce friction.

You met systemd’s sharp edges

systemd-networkd refused to start because it was masked.

• Masked ≠ stopped
• Masked = forbidden to run

This was a deliberate desktop networking policy — not random failure.

Host vs container separation

You started systemd-networkd on the host while NetworkManager managed Wi-Fi.

Result: network conflict.

• Host → NetworkManager
• Container → networkd + resolved

This separation clarified system boundaries.

Manual container networking

--network-veth only creates a link — configuration is manual.

• Enable networkd
• Create a .network config
• Request DHCP

Only then did the container gain connectivity.

DNS debugging fundamentals

IP connectivity worked. Domains didn’t.

• Inspect /etc/resolv.conf
• Enable systemd-resolved
• Fix symlinks and restart services

Name resolution restored full connectivity.

The finished system

You built a container with its own:

• Filesystem
• Init system
• Networking stack
• DNS resolver

This clarified how abstractions hide complexity — and how Linux actually behaves.

The deeper outcome

• Disk realities
• Service masking behavior
• Network boundaries
• DNS troubleshooting
• Operational ownership

This wasn’t just setup — it was systems thinking in action.