Add Docker

configuration.nix

@@ -120,16 +120,31 @@ with pkgs.lib;
         settings = {
           server = {
             interface = [
+              # Localhost
               "127.0.0.1"
+              # Docker container network mask
               "172.17.0.1"
-            ]; # 172.17.0.1 is docker container network mask
+            ];
+            domain-insecure = [ "consul." ];
+            local-zone = [ "consul. nodefault" ];
             verbosity = 1;
             access-control = [
               "127.0.0.0/8 allow"
               "172.17.0.1/16 allow"
               "192.168.0.0/16 allow"
+              "${cfg.clusterPrefix} allow"
             ];
           };
+          stub-zone = [
+            # Forward .consul queries to Consul daemon
+            {
+              name = "consul.";
+              stub-addr = "${clusterAddress}@8600";
+              stub-no-cache = true;
+              stub-tcp-upstream = false;
+              stub-tls-upstream = false;
+            }
+          ];
         };
         resolveLocalQueries = true;
       };
@@ -189,11 +204,11 @@ with pkgs.lib;
           };
 
           # Make consul try again these nodes
-	  retry_join = [
+          retry_join = [
             "10.0.1.1" # fifi
-	    "10.0.2.1" # riri
+            "10.0.2.1" # riri
-	    "10.0.3.1" # loulou
+            "10.0.3.1" # loulou
-	  ];
+          ];
         };
       };
 
@@ -242,6 +257,18 @@ with pkgs.lib;
         };
       };
 
+      virtualisation.docker = {
+        enable = true;
+        # Set the DNS to local unbound DNS so we can use the consul redirect (.consul)
+        extraOptions = "--config-file=${
+          pkgs.writeText "daemon.json" (
+            builtins.toJSON {
+              dns = [ "172.17.0.1" ];
+            }
+          )
+        }";
+      };
+
       # Sets /etc/hosts to link all hostnames to wireguard IP
       networking.extraHosts = concatStringsSep "\n" (
         attrValues (mapAttrs (hostname: { address, ... }: "${address} ${hostname}") cfg.clusterNodes)