nixos: add docker-registry module

5 files changed, 125 insertions, 0 deletions

diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix
index 166bb931a627..10f227b15a50 100644
--- a/nixos/modules/misc/ids.nix
+++ b/nixos/modules/misc/ids.nix
@@ -164,6 +164,7 @@
       systemd-timesync = 154;
       liquidsoap = 155;
       etcd = 156;
+      docker-registry = 157;
 
       # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
 
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 0f09ee24027c..4097224bc1d0 100755
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -166,6 +166,7 @@
   ./services/misc/cgminer.nix
   ./services/misc/dictd.nix
   ./services/misc/disnix.nix
+  ./services/misc/docker-registry.nix
   ./services/misc/etcd.nix
   ./services/misc/felix.nix
   ./services/misc/folding-at-home.nix
diff --git a/nixos/modules/services/misc/docker-registry.nix b/nixos/modules/services/misc/docker-registry.nix
new file mode 100644
index 000000000000..67580a1c6277
--- /dev/null
+++ b/nixos/modules/services/misc/docker-registry.nix
@@ -0,0 +1,82 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.dockerRegistry;
+
+in {
+  ###### interface
+
+  options.services.dockerRegistry = {
+    enable = mkOption {
+      description = "Whether to enable docker registry server.";
+      default = false;
+      type = types.bool;
+    };
+
+    host = mkOption {
+      description = "Docker registry host or ip to bind to.";
+      default = "127.0.0.1";
+      type = types.str;
+    };
+
+    port = mkOption {
+      description = "Docker registry port to bind to.";
+      default = 5000;
+      type = types.int;
+    };
+
+    storagePath = mkOption {
+      type = types.path;
+      default = "/var/lib/docker/registry";
+      description = "Docker registry strorage path.";
+    };
+
+    extraConfig = mkOption {
+      description = ''
+        Docker extra registry configuration. See
+        <link xlink:href="https://github.com/docker/docker-registry/blob/master/config/config_sample.yml"/>
+      '';
+      default = {};
+      type = types.attrsOf types.str;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.docker-registry = {
+      description = "Docker Container Registry";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
+      environment = {
+        REGISTRY_HOST = cfg.host;
+        REGISTRY_PORT = toString cfg.port;
+        GUNICORN_OPTS = "[--preload]"; # see https://github.com/docker/docker-registry#sqlalchemy
+        STORAGE_PATH = cfg.storagePath;
+      } // cfg.extraConfig;
+
+      serviceConfig = {
+        ExecStart = "${pkgs.pythonPackages.docker_registry}/bin/docker-registry";
+        User = "docker-registry";
+        Group = "docker";
+        PermissionsStartOnly = true;
+      };
+
+      preStart = ''
+        mkdir -p ${cfg.storagePath}
+        if [ "$(id -u)" = 0 ]; then
+          chown -R docker-registry:docker ${cfg.storagePath}
+        fi
+      '';
+      postStart = ''
+        until ${pkgs.curl}/bin/curl -s -o /dev/null 'http://${cfg.host}:${toString cfg.port}/'; do
+          sleep 1;
+        done
+      '';
+    };
+
+    users.extraGroups.docker.gid = mkDefault config.ids.gids.docker;
+    users.extraUsers.docker-registry.uid = config.ids.uids.docker-registry;
+  };
+}
diff --git a/nixos/release.nix b/nixos/release.nix
index 890d8d483d73..5c08b26c3cf2 100644
--- a/nixos/release.nix
+++ b/nixos/release.nix
@@ -239,6 +239,7 @@ in rec {
   tests.chromium = callTest tests/chromium.nix {};
   tests.cjdns = callTest tests/cjdns.nix {};
   tests.containers = callTest tests/containers.nix {};
+  tests.dockerRegistry = callTest tests/docker-registry.nix {};
   tests.etcd = callTest tests/etcd.nix {};
   tests.firefox = callTest tests/firefox.nix {};
   tests.firewall = callTest tests/firewall.nix {};
diff --git a/nixos/tests/docker-registry.nix b/nixos/tests/docker-registry.nix
new file mode 100644
index 000000000000..cc3c47746800
--- /dev/null
+++ b/nixos/tests/docker-registry.nix
@@ -0,0 +1,40 @@
+# This test runs docker-registry and check if it works
+
+import ./make-test.nix {
+  name = "docker-registry";
+
+  nodes = {
+    registry = { config, pkgs, ... }: {
+      services.dockerRegistry.enable = true;
+      services.dockerRegistry.port = 8080;
+      services.dockerRegistry.host = "0.0.0.0";
+      networking.firewall.allowedTCPPorts = [ 8080 ];
+    };
+
+    client1 = { config, pkgs, ...}: {
+      virtualisation.docker.enable = true;
+      virtualisation.docker.extraOptions = "--insecure-registry registry:8080";
+    };
+
+    client2 = { config, pkgs, ...}: {
+      virtualisation.docker.enable = true;
+      virtualisation.docker.extraOptions = "--insecure-registry registry:8080";
+    };
+  };
+
+  testScript = ''
+    $client1->start();
+    $client1->waitForUnit("docker.service");
+    $client1->succeed("tar cv --files-from /dev/null | docker import - scratch");
+    $client1->succeed("docker tag scratch registry:8080/scratch");
+
+    $registry->start();
+    $registry->waitForUnit("docker-registry.service");
+    $client1->succeed("docker push registry:8080/scratch");
+
+    $client2->start();
+    $client2->waitForUnit("docker.service");
+    $client2->succeed("docker pull registry:8080/scratch");
+    $client2->succeed("docker images | grep scratch");
+  '';
+}