Install Docker in experimental Void images

Make the local-only void-exp rootfs useful as a dev VM baseline by baking Docker and Compose into the XBPS package set instead of leaving container setup to manual follow-up.

Enable the docker runit service during image assembly, add a small boot preflight that loads the needed netfilter/overlay modules and applies the Docker sysctl file before dockerd starts, and keep the Void cleanup path removing caches, docs, and stale get-docker artifacts.

Refresh the README and repo guidance to describe Docker as part of the current Void image contract and to remind users that they need to rebuild and recreate Void VMs to pick it up.

Verified with bash -n make-rootfs-void.sh and git diff --check for the touched files. I did not run a live make rootfs-void or boot a fresh Void VM in this pass.

make-rootfs-void.sh

@@ -137,6 +137,52 @@ EOF
   sudo ln -snf /etc/sv/banger-vsock-agent "$ROOT_MOUNT/etc/runit/runsvdir/default/banger-vsock-agent"
 }
 
+configure_docker_bootstrap() {
+  local modules_conf="$ROOT_MOUNT/etc/modules-load.d/docker-netfilter.conf"
+  local sysctl_conf="$ROOT_MOUNT/etc/sysctl.d/99-docker.conf"
+  local service_dir="$ROOT_MOUNT/etc/sv/docker"
+  local run_path="$service_dir/run"
+  local orig_run_path="$service_dir/run.orig"
+  local preflight_path="$ROOT_MOUNT/usr/local/bin/banger-docker-preflight"
+
+  sudo mkdir -p "$ROOT_MOUNT/etc/modules-load.d" "$ROOT_MOUNT/etc/sysctl.d" "$ROOT_MOUNT/usr/local/bin"
+  cat <<'EOF' | sudo tee "$modules_conf" >/dev/null
+nf_tables
+nft_chain_nat
+veth
+br_netfilter
+overlay
+EOF
+  cat <<'EOF' | sudo tee "$sysctl_conf" >/dev/null
+net.bridge.bridge-nf-call-iptables = 1
+net.bridge.bridge-nf-call-ip6tables = 1
+net.ipv4.ip_forward = 1
+EOF
+  cat <<'EOF' | sudo tee "$preflight_path" >/dev/null
+#!/bin/sh
+for module in nf_tables nft_chain_nat veth br_netfilter overlay; do
+  modprobe "$module" 2>/dev/null || true
+done
+if command -v sysctl >/dev/null 2>&1; then
+  sysctl --load /etc/sysctl.d/99-docker.conf >/dev/null 2>&1 || true
+fi
+EOF
+
+  if [[ ! -f "$run_path" ]]; then
+    log "Void rootfs is missing /etc/sv/docker/run after docker install"
+    exit 1
+  fi
+  sudo install -m 0755 "$run_path" "$orig_run_path"
+  cat <<'EOF' | sudo tee "$run_path" >/dev/null
+#!/bin/sh
+set -e
+/usr/local/bin/banger-docker-preflight
+exec /etc/sv/docker/run.orig
+EOF
+  sudo chmod 0644 "$modules_conf" "$sysctl_conf"
+  sudo chmod 0755 "$preflight_path" "$run_path" "$orig_run_path"
+}
+
 enable_sshd_service() {
   if [[ ! -d "$ROOT_MOUNT/etc/sv/sshd" ]]; then
     log "Void rootfs is missing /etc/sv/sshd after openssh install"
@@ -146,6 +192,15 @@ enable_sshd_service() {
   sudo ln -snf /etc/sv/sshd "$ROOT_MOUNT/etc/runit/runsvdir/default/sshd"
 }
 
+enable_docker_service() {
+  if [[ ! -d "$ROOT_MOUNT/etc/sv/docker" ]]; then
+    log "Void rootfs is missing /etc/sv/docker after docker install"
+    exit 1
+  fi
+  sudo mkdir -p "$ROOT_MOUNT/etc/runit/runsvdir/default"
+  sudo ln -snf /etc/sv/docker "$ROOT_MOUNT/etc/runit/runsvdir/default/docker"
+}
+
 normalize_root_shell() {
   local passwd="$ROOT_MOUNT/etc/passwd"
   local shells="$ROOT_MOUNT/etc/shells"
@@ -415,18 +470,25 @@ log "preparing SSH and runit services"
 ensure_sshd_include
 enable_sshd_service
 install_vsock_service
+configure_docker_bootstrap
+enable_docker_service
 normalize_root_shell
 configure_root_bash_prompt
 sudo mkdir -p "$ROOT_MOUNT/root/.ssh"
 sudo touch "$ROOT_MOUNT/etc/fstab" "$ROOT_MOUNT/etc/hostname"
 sudo chroot "$ROOT_MOUNT" /usr/bin/ssh-keygen -A
 
-log "removing bulky caches and docs from the experimental image"
+log "removing bulky caches, docs, and stale installer artifacts from the experimental image"
 sudo rm -rf \
   "$ROOT_MOUNT/var/cache/xbps" \
   "$ROOT_MOUNT/usr/share/doc" \
   "$ROOT_MOUNT/usr/share/info" \
   "$ROOT_MOUNT/usr/share/man"
+sudo rm -f \
+  "$ROOT_MOUNT/root/get-docker" \
+  "$ROOT_MOUNT/root/get-docker.sh" \
+  "$ROOT_MOUNT/tmp/get-docker" \
+  "$ROOT_MOUNT/tmp/get-docker.sh"
 
 sudo umount "$ROOT_MOUNT"