69 lines
1.8 KiB
Nix
69 lines
1.8 KiB
Nix
{ config, pkgs, deployment, ... }: {
|
|
imports = [ ../../common ../../common/lxc.nix ];
|
|
networking.hostName = "registry";
|
|
system.stateVersion = "21.11";
|
|
|
|
networking.firewall.allowedTCPPorts =
|
|
[ config.services.dockerRegistry.port 5001 ];
|
|
|
|
services.dockerRegistry = {
|
|
enable = true;
|
|
enableDelete = true;
|
|
enableGarbageCollect = true;
|
|
listenAddress = "0.0.0.0";
|
|
storagePath = null; # We want to store in s3
|
|
garbageCollectDates = "weekly";
|
|
|
|
extraConfig = {
|
|
# S3 Storages
|
|
storage.s3 = {
|
|
regionendpoint = "https://s3.asraphiel.dev";
|
|
bucket = "docker";
|
|
region = "us-east-1"; # Fake but needed
|
|
accesskey = "haha";
|
|
secretkey = "hoho";
|
|
};
|
|
auth.htpasswd = {
|
|
realm = "Voidcorp Registry";
|
|
path = "/var/lib/keys/htaccess";
|
|
};
|
|
http.debug.addr = "0.0.0.0:5001";
|
|
|
|
log = {
|
|
accesslog = { disabled = false; };
|
|
level = "debug";
|
|
formatter = "text";
|
|
fields = {
|
|
service = "registry";
|
|
environment = "staging";
|
|
};
|
|
};
|
|
|
|
notifications.endpoints = [{
|
|
name = "keel";
|
|
url = "http://kubernetes.lxd:9300/v1/webhooks/registry";
|
|
timeout = "500ms";
|
|
treshold = 5;
|
|
backoff = "1s";
|
|
}];
|
|
};
|
|
};
|
|
systemd.services.docker-registry.serviceConfig.EnvironmentFile =
|
|
"/var/lib/keys/minioSettings";
|
|
|
|
deployment.keys = {
|
|
"minioSettings" = {
|
|
keyCommand = [ "vault" "kv" "get" "-field=settings" "kv/registry" ];
|
|
destDir = "/var/lib/keys";
|
|
user = "docker-registry";
|
|
permissions = "0660";
|
|
};
|
|
"htaccess" = {
|
|
keyCommand = [ "vault" "kv" "get" "-field=htpasswd" "kv/registry" ];
|
|
destDir = "/var/lib/keys";
|
|
user = "docker-registry";
|
|
permissions = "0660";
|
|
};
|
|
};
|
|
}
|