diff options
Diffstat (limited to 'nixos/modules/services')
-rw-r--r-- | nixos/modules/services/networking/ddclient.nix | 2 | ||||
-rw-r--r-- | nixos/modules/services/networking/docker-registry-server.nix | 98 | ||||
-rw-r--r-- | nixos/modules/services/networking/racoon.nix | 42 |
3 files changed, 142 insertions, 0 deletions
diff --git a/nixos/modules/services/networking/ddclient.nix b/nixos/modules/services/networking/ddclient.nix index 92f6396b3588..5802d8b95b38 100644 --- a/nixos/modules/services/networking/ddclient.nix +++ b/nixos/modules/services/networking/ddclient.nix @@ -126,6 +126,8 @@ in description = "Dynamic DNS Client"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; + + environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"; serviceConfig = { # Uncomment this if too many problems occur: # Type = "forking"; diff --git a/nixos/modules/services/networking/docker-registry-server.nix b/nixos/modules/services/networking/docker-registry-server.nix new file mode 100644 index 000000000000..093d20ecb16a --- /dev/null +++ b/nixos/modules/services/networking/docker-registry-server.nix @@ -0,0 +1,98 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.nodeDockerRegistry; + +in { + options.services.nodeDockerRegistry = { + enable = mkEnableOption "Whether to enable docker registry service."; + + port = mkOption { + description = "Docker registry listening port."; + default = 8080; + type = types.int; + }; + + users = mkOption { + description = "Docker registry list of users."; + default = []; + options = [{ + user = mkOption { + description = "Docker registry user username."; + type = types.str; + }; + + pass = mkOption { + description = "Docker registry user password."; + type = types.str; + }; + }]; + type = types.listOf types.optionSet; + }; + + onTag = mkOption { + description = "Docker registry hook triggered when an image is tagged."; + default = ""; + type = types.str; + }; + + onImage = mkOption { + description = "Docker registry hook triggered when an image metadata is uploaded."; + default = ""; + type = types.str; + }; + + onLayer = mkOption { + description = "Docker registry hook triggered when an when an image layer is uploaded."; + default = ""; + type = types.str; + }; + + onVerify = mkOption { + description = "Docker registry hook triggered when an image layer+metadata has been verified."; + default = ""; + type = types.str; + }; + + onIndex = mkOption { + description = "Docker registry hook triggered when an when an image file system data has been indexed."; + default = ""; + type = types.str; + }; + + dataDir = mkOption { + description = "Docker registry data directory"; + default = "/var/lib/docker-registry"; + type = types.path; + }; + }; + + config = mkIf cfg.enable { + systemd.services.docker-registry-server = { + description = "Docker Registry Service."; + wantedBy = ["multi-user.target"]; + after = ["network.target"]; + script = '' + ${pkgs.nodePackages.docker-registry-server}/bin/docker-registry-server \ + --dir ${cfg.dataDir} \ + --port ${toString cfg.port} \ + ${concatMapStringsSep " " (u: "--user ${u.user}:${u.pass}") cfg.users} \ + ${optionalString (cfg.onTag != "") "--on-tag '${cfg.onTag}'"} \ + ${optionalString (cfg.onImage != "") "--on-image '${cfg.onImage}'"} \ + ${optionalString (cfg.onVerify != "") "--on-verify '${cfg.onVerify}'"} \ + ${optionalString (cfg.onIndex != "") "--on-index '${cfg.onIndex}'"} + ''; + + serviceConfig.User = "docker-registry"; + }; + + users.extraUsers.docker-registry = { + uid = config.ids.uids.docker-registry; + description = "Docker registry user"; + createHome = true; + home = cfg.dataDir; + }; + }; +} diff --git a/nixos/modules/services/networking/racoon.nix b/nixos/modules/services/networking/racoon.nix new file mode 100644 index 000000000000..00986bbbd849 --- /dev/null +++ b/nixos/modules/services/networking/racoon.nix @@ -0,0 +1,42 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.racoon; +in { + options.services.racoon = { + enable = mkEnableOption "Whether to enable racoon."; + + config = mkOption { + description = "Contents of racoon configuration file."; + default = ""; + type = types.str; + }; + + configPath = mkOption { + description = "Location of racoon config if config is not provided."; + default = "/etc/racoon/racoon.conf"; + type = types.path; + }; + }; + + config = mkIf cfg.enable { + systemd.services.racoon = { + description = "Racoon Daemon"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + serviceConfig = { + ExecStart = "${pkgs.ipsecTools}/bin/racoon -f ${ + if (cfg.config != "") then pkgs.writeText "racoon.conf" cfg.config + else cfg.configPath + }"; + ExecReload = "${pkgs.ipsecTools}/bin/racoonctl reload-config"; + PIDFile = "/var/run/racoon.pid"; + Type = "forking"; + Restart = "always"; + }; + preStart = "rm /var/run/racoon.pid || true"; + }; + }; +} |