diff --git a/configuration.nix b/configuration.nix index 792f74b..67a2690 100755 --- a/configuration.nix +++ b/configuration.nix @@ -120,16 +120,31 @@ with pkgs.lib; settings = { server = { interface = [ + # Localhost "127.0.0.1" + # Docker container network mask "172.17.0.1" - ]; # 172.17.0.1 is docker container network mask + ]; + domain-insecure = [ "consul." ]; + local-zone = [ "consul. nodefault" ]; verbosity = 1; access-control = [ "127.0.0.0/8 allow" "172.17.0.1/16 allow" "192.168.0.0/16 allow" + "${cfg.clusterPrefix} allow" ]; }; + stub-zone = [ + # Forward .consul queries to Consul daemon + { + name = "consul."; + stub-addr = "${clusterAddress}@8600"; + stub-no-cache = true; + stub-tcp-upstream = false; + stub-tls-upstream = false; + } + ]; }; resolveLocalQueries = true; }; @@ -189,11 +204,11 @@ with pkgs.lib; }; # Make consul try again these nodes - retry_join = [ + retry_join = [ "10.0.1.1" # fifi - "10.0.2.1" # riri - "10.0.3.1" # loulou - ]; + "10.0.2.1" # riri + "10.0.3.1" # loulou + ]; }; }; @@ -242,6 +257,18 @@ with pkgs.lib; }; }; + virtualisation.docker = { + enable = true; + # Set the DNS to local unbound DNS so we can use the consul redirect (.consul) + extraOptions = "--config-file=${ + pkgs.writeText "daemon.json" ( + builtins.toJSON { + dns = [ "172.17.0.1" ]; + } + ) + }"; + }; + # Sets /etc/hosts to link all hostnames to wireguard IP networking.extraHosts = concatStringsSep "\n" ( attrValues (mapAttrs (hostname: { address, ... }: "${address} ${hostname}") cfg.clusterNodes)