about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--nixos/modules/services/misc/docker-registry.nix41
-rw-r--r--nixos/tests/docker-registry.nix20
2 files changed, 50 insertions, 11 deletions
diff --git a/nixos/modules/services/misc/docker-registry.nix b/nixos/modules/services/misc/docker-registry.nix
index c0dbcf380db3..45931cb42b54 100644
--- a/nixos/modules/services/misc/docker-registry.nix
+++ b/nixos/modules/services/misc/docker-registry.nix
@@ -42,6 +42,8 @@ let
     };
   };
 
+  configFile = pkgs.writeText "docker-registry-config.yml" (builtins.toJSON (registryConfig // cfg.extraConfig));
+
 in {
   options.services.dockerRegistry = {
     enable = mkEnableOption "Docker Registry";
@@ -70,11 +72,7 @@ in {
       description = "Enable delete for manifests and blobs.";
     };
 
-    enableRedisCache = mkOption {
-      type = types.bool;
-      default = false;
-      description = "Enable redis as blob cache instade of inmemory.";
-    };
+    enableRedisCache = mkEnableOption "redis as blob cache";
 
     redisUrl = mkOption {
       type = types.str;
@@ -95,6 +93,19 @@ in {
       default = {};
       type = types.attrsOf types.str;
     };
+
+    enableGarbageCollect = mkEnableOption "garbage collect";
+
+    garbageCollectDates = mkOption {
+      default = "daily";
+      type = types.str;
+      description = ''
+        Specification (in the format described by
+        <citerefentry><refentrytitle>systemd.time</refentrytitle>
+        <manvolnum>7</manvolnum></citerefentry>) of the time at
+        which the garbage collect will occur.
+      '';
+    };
   };
 
   config = mkIf cfg.enable {
@@ -102,9 +113,7 @@ in {
       description = "Docker Container Registry";
       wantedBy = [ "multi-user.target" ];
       after = [ "network.target" ];
-      script = let
-        configFile = pkgs.writeText "docker-registry-config.yml" (builtins.toJSON (registryConfig // cfg.extraConfig));
-      in ''
+      script = ''
         ${pkgs.docker-distribution}/bin/registry serve ${configFile}
       '';
 
@@ -114,6 +123,22 @@ in {
       };
     };
 
+    systemd.services.docker-registry-garbage-collect = {
+      description = "Run Garbage Collection for docker registry";
+
+      restartIfChanged = false;
+      unitConfig.X-StopOnRemoval = false;
+
+      serviceConfig.Type = "oneshot";
+
+      script = ''
+        ${pkgs.docker-distribution}/bin/registry garbage-collect ${configFile}
+        ${pkgs.systemd}/bin/systemctl restart docker-registry.service
+      '';
+
+      startAt = optional cfg.enableGarbageCollect cfg.garbageCollectDates;
+    };
+
     users.extraUsers.docker-registry = {
       createHome = true;
       home = cfg.storagePath;
diff --git a/nixos/tests/docker-registry.nix b/nixos/tests/docker-registry.nix
index 943773ee3918..1fbd199c7bc4 100644
--- a/nixos/tests/docker-registry.nix
+++ b/nixos/tests/docker-registry.nix
@@ -3,7 +3,7 @@
 import ./make-test.nix ({ pkgs, ...} : {
   name = "docker-registry";
   meta = with pkgs.stdenv.lib.maintainers; {
-    maintainers = [ globin ma27 ];
+    maintainers = [ globin ma27 ironpinguin ];
   };
 
   nodes = {
@@ -12,6 +12,7 @@ import ./make-test.nix ({ pkgs, ...} : {
       services.dockerRegistry.enableDelete = true;
       services.dockerRegistry.port = 8080;
       services.dockerRegistry.listenAddress = "0.0.0.0";
+      services.dockerRegistry.enableGarbageCollect = true;
       networking.firewall.allowedTCPPorts = [ 8080 ];
     };
 
@@ -23,7 +24,6 @@ import ./make-test.nix ({ pkgs, ...} : {
     client2 = { config, pkgs, ...}: {
       virtualisation.docker.enable = true;
       virtualisation.docker.extraOptions = "--insecure-registry registry:8080";
-      environment.systemPackages = [ pkgs.jq ];
     };
   };
 
@@ -35,6 +35,7 @@ import ./make-test.nix ({ pkgs, ...} : {
 
     $registry->start();
     $registry->waitForUnit("docker-registry.service");
+    $registry->waitForOpenPort("8080");
     $client1->succeed("docker push registry:8080/scratch");
 
     $client2->start();
@@ -43,7 +44,20 @@ import ./make-test.nix ({ pkgs, ...} : {
     $client2->succeed("docker images | grep scratch");
 
     $client2->succeed(
-      'curl -fsS -X DELETE registry:8080/v2/scratch/manifests/$(curl registry:8080/v2/scratch/manifests/latest | jq ".fsLayers[0].blobSum" | sed -e \'s/"//g\')'
+      'curl -fsS -X DELETE registry:8080/v2/scratch/manifests/$(curl -fsS -I -H"Accept: application/vnd.docker.distribution.manifest.v2+json" registry:8080/v2/scratch/manifests/latest | grep Docker-Content-Digest | sed -e \'s/Docker-Content-Digest: //\' | tr -d \'\r\')'
+    );
+
+    $registry->systemctl("start docker-registry-garbage-collect.service");
+    $registry->waitUntilFails("systemctl status docker-registry-garbage-collect.service");
+    $registry->waitForUnit("docker-registry.service");
+
+    $registry->fail(
+      'ls -l /var/lib/docker-registry/docker/registry/v2/blobs/sha256/*/*/data'
+    );
+
+    $client1->succeed("docker push registry:8080/scratch");
+    $registry->succeed(
+      'ls -l /var/lib/docker-registry/docker/registry/v2/blobs/sha256/*/*/data'
     );
   '';
 })
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-28 20:40:31 +0000