diff options
author | Jaka Hudoklin <jakahudoklin@gmail.com> | 2014-11-21 17:20:14 +0100 |
---|---|---|
committer | Jaka Hudoklin <jakahudoklin@gmail.com> | 2014-11-22 12:16:41 +0100 |
commit | 73dc767aa0a1d4bf098fccd3a8f00024ab672912 (patch) | |
tree | d1c53a2f4a7242a965a57610246d82810b938b0d /nixos | |
parent | 444bda19362e6b3d725b91dbcd2f2963f3fc23e8 (diff) | |
download | nixlib-73dc767aa0a1d4bf098fccd3a8f00024ab672912.tar nixlib-73dc767aa0a1d4bf098fccd3a8f00024ab672912.tar.gz nixlib-73dc767aa0a1d4bf098fccd3a8f00024ab672912.tar.bz2 nixlib-73dc767aa0a1d4bf098fccd3a8f00024ab672912.tar.lz nixlib-73dc767aa0a1d4bf098fccd3a8f00024ab672912.tar.xz nixlib-73dc767aa0a1d4bf098fccd3a8f00024ab672912.tar.zst nixlib-73dc767aa0a1d4bf098fccd3a8f00024ab672912.zip |
nixos: add docker-registry module
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/misc/ids.nix | 1 | ||||
-rwxr-xr-x | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/misc/docker-registry.nix | 82 | ||||
-rw-r--r-- | nixos/release.nix | 1 | ||||
-rw-r--r-- | nixos/tests/docker-registry.nix | 40 |
5 files changed, 125 insertions, 0 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index 166bb931a627..10f227b15a50 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -164,6 +164,7 @@ systemd-timesync = 154; liquidsoap = 155; etcd = 156; + docker-registry = 157; # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index 0f09ee24027c..4097224bc1d0 100755 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -166,6 +166,7 @@ ./services/misc/cgminer.nix ./services/misc/dictd.nix ./services/misc/disnix.nix + ./services/misc/docker-registry.nix ./services/misc/etcd.nix ./services/misc/felix.nix ./services/misc/folding-at-home.nix diff --git a/nixos/modules/services/misc/docker-registry.nix b/nixos/modules/services/misc/docker-registry.nix new file mode 100644 index 000000000000..67580a1c6277 --- /dev/null +++ b/nixos/modules/services/misc/docker-registry.nix @@ -0,0 +1,82 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.dockerRegistry; + +in { + ###### interface + + options.services.dockerRegistry = { + enable = mkOption { + description = "Whether to enable docker registry server."; + default = false; + type = types.bool; + }; + + host = mkOption { + description = "Docker registry host or ip to bind to."; + default = "127.0.0.1"; + type = types.str; + }; + + port = mkOption { + description = "Docker registry port to bind to."; + default = 5000; + type = types.int; + }; + + storagePath = mkOption { + type = types.path; + default = "/var/lib/docker/registry"; + description = "Docker registry strorage path."; + }; + + extraConfig = mkOption { + description = '' + Docker extra registry configuration. See + <link xlink:href="https://github.com/docker/docker-registry/blob/master/config/config_sample.yml"/> + ''; + default = {}; + type = types.attrsOf types.str; + }; + }; + + config = mkIf cfg.enable { + systemd.services.docker-registry = { + description = "Docker Container Registry"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + environment = { + REGISTRY_HOST = cfg.host; + REGISTRY_PORT = toString cfg.port; + GUNICORN_OPTS = "[--preload]"; # see https://github.com/docker/docker-registry#sqlalchemy + STORAGE_PATH = cfg.storagePath; + } // cfg.extraConfig; + + serviceConfig = { + ExecStart = "${pkgs.pythonPackages.docker_registry}/bin/docker-registry"; + User = "docker-registry"; + Group = "docker"; + PermissionsStartOnly = true; + }; + + preStart = '' + mkdir -p ${cfg.storagePath} + if [ "$(id -u)" = 0 ]; then + chown -R docker-registry:docker ${cfg.storagePath} + fi + ''; + postStart = '' + until ${pkgs.curl}/bin/curl -s -o /dev/null 'http://${cfg.host}:${toString cfg.port}/'; do + sleep 1; + done + ''; + }; + + users.extraGroups.docker.gid = mkDefault config.ids.gids.docker; + users.extraUsers.docker-registry.uid = config.ids.uids.docker-registry; + }; +} diff --git a/nixos/release.nix b/nixos/release.nix index 890d8d483d73..5c08b26c3cf2 100644 --- a/nixos/release.nix +++ b/nixos/release.nix @@ -239,6 +239,7 @@ in rec { tests.chromium = callTest tests/chromium.nix {}; tests.cjdns = callTest tests/cjdns.nix {}; tests.containers = callTest tests/containers.nix {}; + tests.dockerRegistry = callTest tests/docker-registry.nix {}; tests.etcd = callTest tests/etcd.nix {}; tests.firefox = callTest tests/firefox.nix {}; tests.firewall = callTest tests/firewall.nix {}; diff --git a/nixos/tests/docker-registry.nix b/nixos/tests/docker-registry.nix new file mode 100644 index 000000000000..cc3c47746800 --- /dev/null +++ b/nixos/tests/docker-registry.nix @@ -0,0 +1,40 @@ +# This test runs docker-registry and check if it works + +import ./make-test.nix { + name = "docker-registry"; + + nodes = { + registry = { config, pkgs, ... }: { + services.dockerRegistry.enable = true; + services.dockerRegistry.port = 8080; + services.dockerRegistry.host = "0.0.0.0"; + networking.firewall.allowedTCPPorts = [ 8080 ]; + }; + + client1 = { config, pkgs, ...}: { + virtualisation.docker.enable = true; + virtualisation.docker.extraOptions = "--insecure-registry registry:8080"; + }; + + client2 = { config, pkgs, ...}: { + virtualisation.docker.enable = true; + virtualisation.docker.extraOptions = "--insecure-registry registry:8080"; + }; + }; + + testScript = '' + $client1->start(); + $client1->waitForUnit("docker.service"); + $client1->succeed("tar cv --files-from /dev/null | docker import - scratch"); + $client1->succeed("docker tag scratch registry:8080/scratch"); + + $registry->start(); + $registry->waitForUnit("docker-registry.service"); + $client1->succeed("docker push registry:8080/scratch"); + + $client2->start(); + $client2->waitForUnit("docker.service"); + $client2->succeed("docker pull registry:8080/scratch"); + $client2->succeed("docker images | grep scratch"); + ''; +} |