Noratrieb/vps
1
0
Fork 0
mirror of https://github.com/Noratrieb/vps.git synced 2026-01-14 16:55:00 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
vps/nix/modules/registry/default.nix
Noratrieb 0949cba7be move
2025-08-03 00:41:37 +02:00

58 lines
1.6 KiB
Nix
Raw Blame History

{ config, lib, ... }: {
age.secrets = {
registry_htpasswd = {
file = ../../secrets/registry_htpasswd.age;
owner = config.users.users.docker-registry.name;
};
registry_s3_key_secret = {
file = ../../secrets/registry_s3_key_secret.age;
owner = config.users.users.docker-registry.name;
};
};
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 9011 ]; # metrics
systemd.services.docker-registry.serviceConfig.EnvironmentFile = config.age.secrets.registry_s3_key_secret.path;
services.dockerRegistry = {
enable = true;
storagePath = null;
port = 5000;
extraConfig = {
log = {
accesslog.disabled = false;
level = "info";
formatter = "text";
fields.service = "registry";
};
redis = lib.mkForce null;
storage = {
s3 = {
regionendpoint = "http://127.0.0.1:3900";
forcepathstyle = true; # ensure it doesn't try docker-registry.127.0.0.1 as the host
region = "garage";
bucket = "docker-registry";
# accesskey = ""; ENV REGISTRY_STORAGE_S3_ACCESSKEY
# secretkey = ""; ENV REGISTRY_STORAGE_S3_SECRETKEY
secure = false;
};
redirect.disable = true;
};
http = {
host = "https://docker.noratrieb.dev";
draintimeout = "60s";
debug = {
addr = ":9011";
prometheus = {
enabled = true;
path = "/metrics";
};
};
};
auth.htpasswd = {
# TODO: ugh :(
realm = "nilstrieb-registry";
path = config.age.secrets.registry_htpasswd.path;
};
};
};
}
Reference in a new issue View git blame Copy permalink