Add Docker

2025-11-07 14:08:28 +01:00 · 2025-11-07 14:08:28 +01:00 · c7aee1cfd1
commit c7aee1cfd1
parent 4971e8c185
1 changed files with 32 additions and 5 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -120,16 +120,31 @@ with pkgs.lib;
        settings = {
          server = {
            interface = [
+              # Localhost
              "127.0.0.1"
+              # Docker container network mask
              "172.17.0.1"
-            ]; # 172.17.0.1 is docker container network mask
+            ];
+            domain-insecure = [ "consul." ];
+            local-zone = [ "consul. nodefault" ];
            verbosity = 1;
            access-control = [
              "127.0.0.0/8 allow"
              "172.17.0.1/16 allow"
              "192.168.0.0/16 allow"
+              "${cfg.clusterPrefix} allow"
            ];
          };
+          stub-zone = [
+            # Forward .consul queries to Consul daemon
+            {
+              name = "consul.";
+              stub-addr = "${clusterAddress}@8600";
+              stub-no-cache = true;
+              stub-tcp-upstream = false;
+              stub-tls-upstream = false;
+            }
+          ];
        };
        resolveLocalQueries = true;
      };
@ -242,6 +257,18 @@ with pkgs.lib;
        };
      };

+      virtualisation.docker = {
+        enable = true;
+        # Set the DNS to local unbound DNS so we can use the consul redirect (.consul)
+        extraOptions = "--config-file=${
+          pkgs.writeText "daemon.json" (
+            builtins.toJSON {
+              dns = [ "172.17.0.1" ];
+            }
+          )
+        }";
+      };
+
      # Sets /etc/hosts to link all hostnames to wireguard IP
      networking.extraHosts = concatStringsSep "\n" (
        attrValues (mapAttrs (hostname: { address, ... }: "${address} ${hostname}") cfg.clusterNodes)