Use host's DNS resolver in Docker containers (#812)

* Symlink /etc/resolve.conf to systemd-resolved's stub Since systemd-resolved is managing the DNS configuration, ensure that /etc/resolv.conf uses it. * Use systemd-resolved from Docker containers
2025-08-15 14:29:25 +01:00 · 2025-08-15 14:29:25 +01:00 · aca23ad834
commit aca23ad834
parent 2db5e730a7
4 changed files with 42 additions and 2 deletions
--- a/install/config/config.sh
+++ b/install/config/config.sh
@ -29,6 +29,9 @@ sudo sed -i 's|^\(auth\s\+\[default=die\]\s\+pam_faillock.so\)\s\+authfail.*$|\1
 # Set Cloudflare as primary DNS (with Google as backup)
 sudo cp ~/.local/share/omarchy/default/systemd/resolved.conf /etc/systemd/

+# Ensure /etc/resolv.conf is symlinked to systemd-resolved's stub resolver
+sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
+
 # Solve common flakiness with SSH
 echo "net.ipv4.tcp_mtu_probing=1" | sudo tee -a /etc/sysctl.d/99-sysctl.conf

--- a/install/development/docker.sh
+++ b/install/development/docker.sh
@ -2,9 +2,22 @@

 yay -S --noconfirm --needed docker docker-compose docker-buildx

-# Limit log size to avoid running out of disk
+# Configure Docker daemon:
+# - limit log size to avoid running out of disk
+# - use host's DNS resolver
 sudo mkdir -p /etc/docker
-echo '{"log-driver":"json-file","log-opts":{"max-size":"10m","max-file":"5"}}' | sudo tee /etc/docker/daemon.json
+sudo tee /etc/docker/daemon.json >/dev/null <<'EOF'
+{
+    "log-driver": "json-file",
+    "log-opts": { "max-size": "10m", "max-file": "5" },
+    "dns": ["172.17.0.1"],
+    "bip": "172.17.0.1/16"
+}
+EOF
+
+# Expose systemd-resolved to our Docker network
+echo -e '[Resolve]\nDNSStubListenerExtra=172.17.0.1' | sudo tee /etc/systemd/resolved.conf.d/20-docker-dns.conf >/dev/null
+sudo systemctl restart systemd-resolved

 # Start Docker automatically
 sudo systemctl enable docker
--- a/migrations/1754984623.sh
+++ b/migrations/1754984623.sh
@ -0,0 +1,3 @@
+echo "Ensure DNS resolver configuration is properly symlinked"
+
+sudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
--- a/migrations/1754984734.sh
+++ b/migrations/1754984734.sh
@ -0,0 +1,21 @@
+echo "Configure Docker to use the host's DNS resolver"
+
+# If the daemon configuration has been changed since we wrote it, leave it as-is
+ORIGINAL_CONFIG='{"log-driver":"json-file","log-opts":{"max-size":"10m","max-file":"5"}}'
+
+NEW_CONFIG='{
+    "log-driver": "json-file",
+    "log-opts": { "max-size": "10m", "max-file": "5" },
+    "dns": ["172.17.0.1"],
+    "bip": "172.17.0.1/16"
+}'
+
+if grep -Fq "$ORIGINAL_CONFIG" /etc/docker/daemon.json 2>/dev/null; then
+  echo "$NEW_CONFIG" | sudo tee /etc/docker/daemon.json >/dev/null
+fi
+
+# Expose systemd-resolved to our Docker network
+echo -e '[Resolve]\nDNSStubListenerExtra=172.17.0.1' | sudo tee /etc/systemd/resolved.conf.d/20-docker-dns.conf >/dev/null
+
+sudo systemctl restart systemd-resolved
+sudo systemctl restart docker