Registry works, update landing page

2022-05-22 01:12:03 +02:00 · 2022-05-22 01:12:03 +02:00 · 75ade9c9e1
parent 3a820f4a55
commit 75ade9c9e1
3 changed files with 59 additions and 5 deletions
--- a/nixos/machines/nginx/default.nix
+++ b/nixos/machines/nginx/default.nix
@ -45,6 +45,7 @@ in {
    virtualHosts."vault.asraphiel.dev" = proxy "http://vault.lxd:8200/";
    virtualHosts."s3.asraphiel.dev" = bigProxy "http://minio.lxd:9000/";
    virtualHosts."shell.s3.asraphiel.dev" = proxy "http://minio.lxd:9001/";
+    virtualHosts."registry.asraphiel.dev" = proxy "http://registry.lxd:5000/";
  };
  security.acme.email = "acme@voidcorp.nl";
  security.acme.acceptTerms = true;
--- a/nixos/machines/nginx/index.html
+++ b/nixos/machines/nginx/index.html
@ -18,8 +18,15 @@

 <body>
    <h1>Welcome to my site!</h1>
-    <p>There's absolutely nothing here for now...</p>
-    <p>I'm working on it trust me!</p>
+    <p>There's something here...</p>
+    <h2>Services that I run here</h2>
+    <ul>
+        <li><a href="//git.asraphiel.dev">Gitea</a></li>
+        <li><a href="//shell.s3.asraphiel.dev">Minio</a></li>
+        <li>Vault</li>
+        <li>Postgres DB</li>
+        <li>Docker Registry</li>
+    </ul>
 </body>

 </html>
--- a/nixos/machines/registry/default.nix
+++ b/nixos/machines/registry/default.nix
@ -3,8 +3,54 @@
  networking.hostName = "registry";
  system.stateVersion = "21.11";

-  deployment.keys."wahaha" = {
-    text = "wahaha";
-    
+  networking.firewall.allowedTCPPorts = [ config.services.dockerRegistry.port ];
+
+  services.dockerRegistry = {
+    enable = true;
+    enableDelete = true;
+    enableGarbageCollect = true;
+    listenAddress = "0.0.0.0";
+    storagePath = null; # We want to store in s3
+    garbageCollectDates = "weekly";
+
+    extraConfig = {
+      # S3 Storages
+      storage.s3 = {
+        regionendpoint = "https://s3.asraphiel.dev";
+        bucket = "docker";
+        region = "us-east-1"; # Fake but needed
+        accesskey = "haha";
+        secretkey = "hoho";
+      };
+      auth.htpasswd = {
+        realm = "Voidcorp Registry";
+        path = "/var/lib/keys/htaccess";
+      };
+
+      # notifications.endpoints = [{
+      #   name = "keel";
+      #   url = "http://10.42.20.5:9300/v1/webhooks/registry";
+      #   timeout = "500ms";
+      #   treshold = 5;
+      #   backoff = "1s";
+      # }];
+    };
+  };
+  systemd.services.docker-registry.serviceConfig.EnvironmentFile =
+    "/var/lib/keys/minioSettings";
+
+  deployment.keys = {
+    "minioSettings" = {
+      keyCommand = [ "vault" "kv" "get" "-field=settings" "kv/registry" ];
+      destDir = "/var/lib/keys";
+      user = "docker-registry";
+      permissions = "0660";
+    };
+    "htaccess" = {
+      keyCommand = [ "vault" "kv" "get" "-field=htpasswd" "kv/registry" ];
+      destDir = "/var/lib/keys";
+      user = "docker-registry";
+      permissions = "0660";
+    };
  };
 }