gribse/nix-cluster
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add Docker

Browse source
This commit is contained in:
Zuma 2025-11-07 14:08:28 +01:00
parent 4971e8c185
commit c7aee1cfd1
1 changed files with 32 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

37
configuration.nix
View file

@ -120,16 +120,31 @@ with pkgs.lib;
settings = {
server = {
interface = [
# Localhost
"127.0.0.1"
# Docker container network mask
"172.17.0.1"
]; # 172.17.0.1 is docker container network mask
];
domain-insecure = [ "consul." ];
local-zone = [ "consul. nodefault" ];
verbosity = 1;
access-control = [
"127.0.0.0/8 allow"
"172.17.0.1/16 allow"
"192.168.0.0/16 allow"
"${cfg.clusterPrefix} allow"
];
};
stub-zone = [
# Forward .consul queries to Consul daemon
{
name = "consul.";
stub-addr = "${clusterAddress}@8600";
stub-no-cache = true;
stub-tcp-upstream = false;
stub-tls-upstream = false;
}
];
};
resolveLocalQueries = true;
};
@ -189,11 +204,11 @@ with pkgs.lib;
};
# Make consul try again these nodes
retry_join = [
retry_join = [
"10.0.1.1" # fifi
"10.0.2.1" # riri
"10.0.3.1" # loulou
];
"10.0.2.1" # riri
"10.0.3.1" # loulou
];
};
};
@ -242,6 +257,18 @@ with pkgs.lib;
};
};
virtualisation.docker = {
enable = true;
# Set the DNS to local unbound DNS so we can use the consul redirect (.consul)
extraOptions = "--config-file=${
pkgs.writeText "daemon.json" (
builtins.toJSON {
dns = [ "172.17.0.1" ];
}
)
}";
};
# Sets /etc/hosts to link all hostnames to wireguard IP
networking.extraHosts = concatStringsSep "\n" (
attrValues (mapAttrs (hostname: { address, ... }: "${address} ${hostname}") cfg.clusterNodes)