pyrox.dev
1{ config, lib, pkgs, ... }:
2
3with lib;
4
5let
6 cfg = config.services.dockerRegistry;
7
8in {
9 ###### interface
10
11 options.services.dockerRegistry = {
12 enable = mkOption {
13 description = "Whether to enable docker registry server.";
14 default = false;
15 type = types.bool;
16 };
17
18 listenAddress = mkOption {
19 description = "Docker registry host or ip to bind to.";
20 default = "127.0.0.1";
21 type = types.str;
22 };
23
24 port = mkOption {
25 description = "Docker registry port to bind to.";
26 default = 5000;
27 type = types.int;
28 };
29
30 storagePath = mkOption {
31 type = types.path;
32 default = "/var/lib/docker-registry";
33 description = "Docker registry storage path.";
34 };
35
36 extraConfig = mkOption {
37 description = ''
38 Docker extra registry configuration. See
39 <link xlink:href="https://github.com/docker/docker-registry/blob/master/config/config_sample.yml"/>
40 '';
41 default = {};
42 type = types.attrsOf types.str;
43 };
44 };
45
46 config = mkIf cfg.enable {
47 systemd.services.docker-registry = {
48 description = "Docker Container Registry";
49 wantedBy = [ "multi-user.target" ];
50 after = [ "network.target" ];
51
52 environment = {
53 REGISTRY_HOST = cfg.listenAddress;
54 REGISTRY_PORT = toString cfg.port;
55 GUNICORN_OPTS = "[--preload]"; # see https://github.com/docker/docker-registry#sqlalchemy
56 STORAGE_PATH = cfg.storagePath;
57 } // cfg.extraConfig;
58
59 serviceConfig = {
60 ExecStart = "${pkgs.pythonPackages.docker_registry}/bin/docker-registry";
61 User = "docker-registry";
62 Group = "docker";
63 PermissionsStartOnly = true;
64 WorkingDirectory = cfg.storagePath;
65 };
66
67 postStart = ''
68 until ${pkgs.curl}/bin/curl -s -o /dev/null 'http://${cfg.listenAddress}:${toString cfg.port}/'; do
69 sleep 1;
70 done
71 '';
72 };
73
74 users.extraGroups.docker.gid = mkDefault config.ids.gids.docker;
75 users.extraUsers.docker-registry = {
76 createHome = true;
77 home = cfg.storagePath;
78 uid = config.ids.uids.docker-registry;
79 };
80 };
81}