Below is an example of a docker command to run the interactive server install:

podman run -p "10.0.5.2:53:53" -p "<external port>:53:53/udp" -p 80:80 -p 443:443 -p 389:389 -p 636:636 -p 88:88 -p 88:88/udp -p 464:464 -p 464:464/udp -p 123:123/udp -p 8443:8443 -p 8080:8080 -ti -h lan.example.com --name freeipa-master -v /containers/freeipa:/data:Z docker.io/freeipa/freeipa-server:almalinux-9 ipa-server-install -r LAN.EXAMPLE.COM --no-ntp --allow-zone-overlap

Note that I've opened two additional ports - 8080 and 8443. This is necessary for the Dogtag CA and installation will fail if they are not opened.

I've also forwarded port 53/udp specifically to the external IP to avoid conflicting with Aardvark-DNS.

Use the following nix config to join a NixOS client to a FreeIPA realm: