From eac705bdfbdedcee3e504c5c3db2bd8cef00db22 Mon Sep 17 00:00:00 2001 From: Christoph Urlacher Date: Sat, 24 Jan 2026 01:32:14 +0100 Subject: [PATCH] Modules/Docker: Enable IP forwarding + add IPv6 fallback dns --- system/systemmodules/docker/default.nix | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/system/systemmodules/docker/default.nix b/system/systemmodules/docker/default.nix index 2eee0736..aa438261 100644 --- a/system/systemmodules/docker/default.nix +++ b/system/systemmodules/docker/default.nix @@ -19,8 +19,9 @@ in { networking.firewall.trustedInterfaces = ["docker0" "podman0"]; # Needed for default bridge network to automatically work - # boot.kernel.sysctl."net.ipv4.ip_forward" = 1; - # boot.kernel.sysctl."net.ipv6.ip_forward" = 1; + boot.kernel.sysctl."net.ipv4.ip_forward" = 1; + boot.kernel.sysctl."net.ipv6.ip_forward" = 1; + boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; virtualisation = { docker = { @@ -36,12 +37,14 @@ in { }; daemon.settings = { + # Enables IPv6 for all networks by default and sets the subnet for the bridge. + # We don't need the bridge network and only have 4 IPv6 prefixes, so leave this off. # ipv6 = true; - # fixed-cidr-v6 = "2001::/80"; + # fixed-cidr-v6 = "fd00::/80"; dns = [ "8.8.8.8" - # "2001:4860:4860::8888" + "2001:4860:4860::8888" # "127.0.0.1" # "192.168.86.25" @@ -78,6 +81,7 @@ in { then "${config.virtualisation.podman.package}/bin/podman" else "${config.virtualisation.docker.package}/bin/docker"; + # TODO: This is bugged. Won't create the network even if it doesn't exist... mkDockerNetwork = options: builtins.concatStringsSep "\n" [ # Make sure to return true on fail to not crash