nixos/docker-registry: add more configuration options for docker-registry

2018-02-04 14:15:47 +01:00 · 2018-02-04 14:15:47 +01:00 · f5c0b3f887
commit f5c0b3f887
parent d9684a2a0b
1 changed files with 78 additions and 1 deletions
--- a/nixos/modules/services/misc/docker-registry.nix
+++ b/nixos/modules/services/misc/docker-registry.nix
@ -5,6 +5,57 @@ with lib;
 let
  cfg = config.services.dockerRegistry;

+  blogCache = if cfg.enableRedisCache
+      then "redis"
+      else "inmemory";
+
+  registryConfig = {
+    version =  "0.1";
+    log = {
+      fields = {
+        service = "registry";
+      };
+    };
+    storage = {
+      cache = {
+        blobdescriptor = "${blogCache}";
+      };
+      filesystem = {
+        rootdirectory = "/var/lib/registry";
+      };
+      delete = {
+        enabled = cfg.enableDelete;
+      };
+    };
+    http = {
+      addr = ":5000";
+      headers = {
+        X-Content-Type-Options = "[nosniff]";
+      };
+    };
+    health = {
+      storagedriver = {
+        enabled = true;
+        interval = "10s";
+        threshold = 3;
+      };
+    };
+  };
+
+  registryConfig.redis = mkIf cfg.enableRedisCache {
+    addr = "${cfg.redisUrl}";
+    password = "${cfg.redisPassword}";
+    db = 0;
+    dialtimeout = "10ms";
+    readtimeout = "10ms";
+    writetimeout = "10ms";
+    pool = {
+      maxidle = 16;
+      maxactive = 64;
+      idletimeout = "300s";
+    };
+  };
+
 in {
  options.services.dockerRegistry = {
    enable = mkEnableOption "Docker Registry";
@ -27,6 +78,30 @@ in {
      description = "Docker registry storage path.";
    };

+    enableDelete = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable delete for manifests and blobs.";
+    };
+
+    enableRedisCache = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Enable redis as blob cache instade of inmemory.";
+    };
+
+    redisUrl = mkOption {
+      type = types.str;
+      default = "localhost:6379";
+      description = "Set redis host and port.";
+    };
+
+    redisPassword = mkOption {
+      type = types.str;
+      default = "asecret";
+      description = "Set redis password.";
+    };
+
    extraConfig = mkOption {
      description = ''
        Docker extra registry configuration via environment variables.
@ -37,6 +112,8 @@ in {
  };

  config = mkIf cfg.enable {
+    environment.etc."docker/registry/config.yml".text = builtins.toJSON registryConfig;
+
    systemd.services.docker-registry = {
      description = "Docker Container Registry";
      wantedBy = [ "multi-user.target" ];
@ -49,7 +126,7 @@ in {

      script = ''
        ${pkgs.docker-distribution}/bin/registry serve \
-          ${pkgs.docker-distribution.out}/share/go/src/github.com/docker/distribution/cmd/registry/config-example.yml
+          /etc/docker/registry/config.yml
      '';

      serviceConfig = {