Jaka Hudoklin
10 years ago
parent
444bda1936
commit
73dc767aa0
@ -0,0 +1,82 @@ |
||||
{ config, lib, pkgs, ... }: |
||||
|
||||
with lib; |
||||
|
||||
let |
||||
cfg = config.services.dockerRegistry; |
||||
|
||||
in { |
||||
###### interface |
||||
|
||||
options.services.dockerRegistry = { |
||||
enable = mkOption { |
||||
description = "Whether to enable docker registry server."; |
||||
default = false; |
||||
type = types.bool; |
||||
}; |
||||
|
||||
host = mkOption { |
||||
description = "Docker registry host or ip to bind to."; |
||||
default = "127.0.0.1"; |
||||
type = types.str; |
||||
}; |
||||
|
||||
port = mkOption { |
||||
description = "Docker registry port to bind to."; |
||||
default = 5000; |
||||
type = types.int; |
||||
}; |
||||
|
||||
storagePath = mkOption { |
||||
type = types.path; |
||||
default = "/var/lib/docker/registry"; |
||||
description = "Docker registry strorage path."; |
||||
}; |
||||
|
||||
extraConfig = mkOption { |
||||
description = '' |
||||
Docker extra registry configuration. See |
||||
<link xlink:href="https://github.com/docker/docker-registry/blob/master/config/config_sample.yml"/> |
||||
''; |
||||
default = {}; |
||||
type = types.attrsOf types.str; |
||||
}; |
||||
}; |
||||
|
||||
config = mkIf cfg.enable { |
||||
systemd.services.docker-registry = { |
||||
description = "Docker Container Registry"; |
||||
wantedBy = [ "multi-user.target" ]; |
||||
after = [ "network.target" ]; |
||||
|
||||
environment = { |
||||
REGISTRY_HOST = cfg.host; |
||||
REGISTRY_PORT = toString cfg.port; |
||||
GUNICORN_OPTS = "[--preload]"; # see https://github.com/docker/docker-registry#sqlalchemy |
||||
STORAGE_PATH = cfg.storagePath; |
||||
} // cfg.extraConfig; |
||||
|
||||
serviceConfig = { |
||||
ExecStart = "${pkgs.pythonPackages.docker_registry}/bin/docker-registry"; |
||||
User = "docker-registry"; |
||||
Group = "docker"; |
||||
PermissionsStartOnly = true; |
||||
}; |
||||
|
||||
preStart = '' |
||||
mkdir -p ${cfg.storagePath} |
||||
if [ "$(id -u)" = 0 ]; then |
||||
chown -R docker-registry:docker ${cfg.storagePath} |
||||
fi |
||||
''; |
||||
postStart = '' |
||||
until ${pkgs.curl}/bin/curl -s -o /dev/null 'http://${cfg.host}:${toString cfg.port}/'; do |
||||
sleep 1; |
||||
done |
||||
''; |
||||
}; |
||||
|
||||
users.extraGroups.docker.gid = mkDefault config.ids.gids.docker; |
||||
users.extraUsers.docker-registry.uid = config.ids.uids.docker-registry; |
||||
}; |
||||
} |
||||
@ -0,0 +1,40 @@ |
||||
# This test runs docker-registry and check if it works |
||||
|
||||
import ./make-test.nix { |
||||
name = "docker-registry"; |
||||
|
||||
nodes = { |
||||
registry = { config, pkgs, ... }: { |
||||
services.dockerRegistry.enable = true; |
||||
services.dockerRegistry.port = 8080; |
||||
services.dockerRegistry.host = "0.0.0.0"; |
||||
networking.firewall.allowedTCPPorts = [ 8080 ]; |
||||
}; |
||||
|
||||
client1 = { config, pkgs, ...}: { |
||||
virtualisation.docker.enable = true; |
||||
virtualisation.docker.extraOptions = "--insecure-registry registry:8080"; |
||||
}; |
||||
|
||||
client2 = { config, pkgs, ...}: { |
||||
virtualisation.docker.enable = true; |
||||
virtualisation.docker.extraOptions = "--insecure-registry registry:8080"; |
||||
}; |
||||
}; |
||||
|
||||
testScript = '' |
||||
$client1->start(); |
||||
$client1->waitForUnit("docker.service"); |
||||
$client1->succeed("tar cv --files-from /dev/null | docker import - scratch"); |
||||
$client1->succeed("docker tag scratch registry:8080/scratch"); |
||||
|
||||
$registry->start(); |
||||
$registry->waitForUnit("docker-registry.service"); |
||||
$client1->succeed("docker push registry:8080/scratch"); |
||||
|
||||
$client2->start(); |
||||
$client2->waitForUnit("docker.service"); |
||||
$client2->succeed("docker pull registry:8080/scratch"); |
||||
$client2->succeed("docker images | grep scratch"); |
||||
''; |
||||
} |
||||
Loading…
Reference in new issue