diff options
author | Tobias Happ <tobias.happ@gmx.de> | 2021-03-09 21:51:32 +0100 |
---|---|---|
committer | zowoq <59103226+zowoq@users.noreply.github.com> | 2021-07-08 16:30:17 +1000 |
commit | bbd5cdac2995d66518a53e1e496c8bf29cc3260f (patch) | |
tree | 82118d7afaafa9d586ab2ee667f6e1425db61060 /nixos/modules | |
parent | f674130fc04f9112e3b40cd03613533524bc0bd6 (diff) | |
download | nixlib-bbd5cdac2995d66518a53e1e496c8bf29cc3260f.tar nixlib-bbd5cdac2995d66518a53e1e496c8bf29cc3260f.tar.gz nixlib-bbd5cdac2995d66518a53e1e496c8bf29cc3260f.tar.bz2 nixlib-bbd5cdac2995d66518a53e1e496c8bf29cc3260f.tar.lz nixlib-bbd5cdac2995d66518a53e1e496c8bf29cc3260f.tar.xz nixlib-bbd5cdac2995d66518a53e1e496c8bf29cc3260f.tar.zst nixlib-bbd5cdac2995d66518a53e1e496c8bf29cc3260f.zip |
nixos/oci-containers: enable login for registry
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/virtualisation/oci-containers.nix | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/nixos/modules/virtualisation/oci-containers.nix b/nixos/modules/virtualisation/oci-containers.nix index 65b63cebc79c..a4a92f22506c 100644 --- a/nixos/modules/virtualisation/oci-containers.nix +++ b/nixos/modules/virtualisation/oci-containers.nix @@ -31,6 +31,30 @@ let example = literalExample "pkgs.dockerTools.buildDockerImage {...};"; }; + login = { + + username = mkOption { + type = with types; nullOr str; + default = null; + description = "Username for login."; + }; + + passwordFile = mkOption { + type = with types; nullOr str; + default = null; + description = "Path to file containing password."; + example = "/etc/nixos/dockerhub-password.txt"; + }; + + registry = mkOption { + type = with types; nullOr str; + default = null; + description = "Registry where to login to."; + example = "https://docker.pkg.github.com"; + }; + + }; + cmd = mkOption { type = with types; listOf str; default = []; @@ -220,6 +244,8 @@ let }; }; + isValidLogin = login: login.username != null && login.passwordFile != null && login.registry != null; + mkService = name: container: let dependsOn = map (x: "${cfg.backend}-${x}.service") container.dependsOn; in { @@ -235,6 +261,13 @@ let preStart = '' ${cfg.backend} rm -f ${name} || true + ${optionalString (isValidLogin container.login) '' + cat ${container.login.passwordFile} | \ + ${cfg.backend} login \ + ${container.login.registry} \ + --username ${container.login.username} \ + --password-stdin + ''} ${optionalString (container.imageFile != null) '' ${cfg.backend} load -i ${container.imageFile} ''} |