strato-infra/nixos/machines/registry/default.nix

57 lines
1.5 KiB
Nix
Raw Normal View History

{ config, pkgs, deployment, ... }: {
imports = [ ../../common ../../common/lxc.nix ];
networking.hostName = "registry";
system.stateVersion = "21.11";
2022-05-22 01:12:03 +02:00
networking.firewall.allowedTCPPorts = [ config.services.dockerRegistry.port ];
services.dockerRegistry = {
enable = true;
enableDelete = true;
enableGarbageCollect = true;
listenAddress = "0.0.0.0";
storagePath = null; # We want to store in s3
garbageCollectDates = "weekly";
extraConfig = {
# S3 Storages
storage.s3 = {
regionendpoint = "https://s3.asraphiel.dev";
bucket = "docker";
region = "us-east-1"; # Fake but needed
accesskey = "haha";
secretkey = "hoho";
};
auth.htpasswd = {
realm = "Voidcorp Registry";
path = "/var/lib/keys/htaccess";
};
2022-05-24 09:12:16 +02:00
notifications.endpoints = [{
name = "keel";
url = "http://kubernetes.lxd:9300/v1/webhooks/registry";
timeout = "500ms";
treshold = 5;
backoff = "1s";
}];
2022-05-22 01:12:03 +02:00
};
};
systemd.services.docker-registry.serviceConfig.EnvironmentFile =
"/var/lib/keys/minioSettings";
deployment.keys = {
"minioSettings" = {
keyCommand = [ "vault" "kv" "get" "-field=settings" "kv/registry" ];
destDir = "/var/lib/keys";
user = "docker-registry";
permissions = "0660";
};
"htaccess" = {
keyCommand = [ "vault" "kv" "get" "-field=htpasswd" "kv/registry" ];
destDir = "/var/lib/keys";
user = "docker-registry";
permissions = "0660";
};
};
}