Noice. Flawless T480 experience with Arch Linux here. Also one of the last real modular ThinkPads - I swapped the storage, memory and WiFi card. It feels like a piece of hardware from 2026.

Well, now I just have to try it!

I have no idea how to tell specific processes or shells to use a specific interface, while also forbidding others to use the same interface… Which is why I thought, “but I can force a container to use a specific interface! Gotcha!”

I’m almost there, I think. I managed to get my phone and my nspawn-ed wireguard interface to shake hands. I just need to tweak the forwarding and nat-ing rules in my firewall. After I touch grass. Oh, my back…

Thanks! What a sweet little handbook for getting started! :D

Thank you for the suggestion on Podman! The thing is, since the VPN is running on one of my routers (connected to eth0), and since I want the public facing interfaces (1 and 2) not to use that router, I’m going to make use of one of those two extra interfaces anyway. Either way, good advice in adding multiple addresses to the same interface!

I’d absolutely do that if I didn’t already have two extra physical interfaces. :)

Sweet! I’ll start reading up on Docker, especially as it sounds like it has become an integral part of your self-hosting. :)