summary refs log tree commit diff
path: root/nixos/modules/services/misc/docker-registry.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/services/misc/docker-registry.nix')
-rw-r--r--nixos/modules/services/misc/docker-registry.nix44
1 files changed, 4 insertions, 40 deletions
diff --git a/nixos/modules/services/misc/docker-registry.nix b/nixos/modules/services/misc/docker-registry.nix
index 45931cb42b54..08031d33c131 100644
--- a/nixos/modules/services/misc/docker-registry.nix
+++ b/nixos/modules/services/misc/docker-registry.nix
@@ -5,44 +5,7 @@ with lib;
 let
   cfg = config.services.dockerRegistry;
 
-  blobCache = if cfg.enableRedisCache
-    then "redis"
-    else "inmemory";
-
-  registryConfig = {
-    version =  "0.1";
-    log.fields.service = "registry";
-    storage = {
-      cache.blobdescriptor = blobCache;
-      filesystem.rootdirectory = cfg.storagePath;
-      delete.enabled = cfg.enableDelete;
-    };
-    http = {
-      addr = ":${builtins.toString cfg.port}";
-      headers.X-Content-Type-Options = ["nosniff"];
-    };
-    health.storagedriver = {
-      enabled = true;
-      interval = "10s";
-      threshold = 3;
-    };
-  };
-
-  registryConfig.redis = mkIf cfg.enableRedisCache {
-    addr = "${cfg.redisUrl}";
-    password = "${cfg.redisPassword}";
-    db = 0;
-    dialtimeout = "10ms";
-    readtimeout = "10ms";
-    writetimeout = "10ms";
-    pool = {
-      maxidle = 16;
-      maxactive = 64;
-      idletimeout = "300s";
-    };
-  };
-
-  configFile = pkgs.writeText "docker-registry-config.yml" (builtins.toJSON (registryConfig // cfg.extraConfig));
+  configFile = pkgs.writeText "docker-registry-config.yml" (builtins.toJSON (recursiveUpdate registryConfig cfg.extraConfig));
 
 in {
   options.services.dockerRegistry = {
@@ -91,7 +54,7 @@ in {
         Docker extra registry configuration via environment variables.
       '';
       default = {};
-      type = types.attrsOf types.str;
+      type = types.attrs;
     };
 
     enableGarbageCollect = mkEnableOption "garbage collect";
@@ -120,6 +83,7 @@ in {
       serviceConfig = {
         User = "docker-registry";
         WorkingDirectory = cfg.storagePath;
+        AmbientCapabilities = mkIf (cfg.port < 1024) "cap_net_bind_service";
       };
     };
 
@@ -139,7 +103,7 @@ in {
       startAt = optional cfg.enableGarbageCollect cfg.garbageCollectDates;
     };
 
-    users.extraUsers.docker-registry = {
+    users.users.docker-registry = {
       createHome = true;
       home = cfg.storagePath;
     };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-29 00:50:31 +0000