registry

2026-01-16 09:35:10 +01:00 · 2024-08-06 23:39:36 +02:00 · 2024-08-06 23:39:36 +02:00 · 0d39279ac9
commit 0d39279ac9
parent 5b2ca88597
23 changed files with 94 additions and 29 deletions
--- a/newinfra/nix/apps/registry/default.nix
+++ b/newinfra/nix/apps/registry/default.nix
@ -0,0 +1,48 @@
+{ config, lib, ... }: {
+  age.secrets = {
+    registry_htpasswd = {
+      file = ../../secrets/registry_htpasswd.age;
+      owner = config.users.users.docker-registry.name;
+    };
+    registry_s3_key_secret = {
+      file = ../../secrets/registry_s3_key_secret.age;
+      owner = config.users.users.docker-registry.name;
+    };
+  };
+
+  systemd.services.docker-registry.serviceConfig.EnvironmentFile = config.age.secrets.registry_s3_key_secret.path;
+  services.dockerRegistry = {
+    enable = true;
+    storagePath = null;
+    port = 5000;
+    extraConfig = {
+      log = {
+        accesslog.disabled = false;
+        level = "info";
+        formatter = "text";
+        fields.service = "registry";
+      };
+      redis = lib.mkForce null;
+      storage = {
+        s3 = {
+          regionendpoint = "http://127.0.0.1:3900";
+          region = "garage";
+          bucket = "docker-registry";
+          # accesskey = ""; ENV REGISTRY_STORAGE_S3_ACCESSKEY
+          # secretkey = ""; ENV REGISTRY_STORAGE_S3_SECRETKEY
+          secure = false;
+        };
+        redirect.disable = true;
+      };
+      http = {
+        host = "https://docker.noratrieb.dev";
+        draintimeout = "60s";
+      };
+      auth.htpasswd = {
+        # TODO: ugh :(
+        realm = "nilstrieb-registry";
+        path = config.age.secrets.registry_htpasswd.path;
+      };
+    };
+  };
+}