add docker registry

3 years ago · bde5a3d467
1 changed files with 102 additions and 0 deletions
--- a/hosts/storage-ng/registry/configuration.nix
+++ b/hosts/storage-ng/registry/configuration.nix
@ -0,0 +1,102 @@
+    [ <nixpkgs/nixos/modules/profiles/minimal.nix>
+    ];
+  nix.useSandbox = false;
+  nix.maxJobs = lib.mkDefault 4;
+
+  boot.isContainer = true;
+  # /sbin/init
+  boot.loader.initScript.enable = true;
+  boot.loader.grub.enable = false;
+  #boot.supportedFilesystems = ["zfs" "ext2" "ext3" "vfat" "fat32" "bcache" "bcachefs"];
+
+  fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };
+
+  #networking.hostName = "docker-registry"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  #networking.useNetworkd = true;
+
+  networking = {
+    hostName = "registry";
+    # usePredictableInterfacenames = false;
+    interfaces.eth0.ipv4.addresses = [{
+        address = "172.22.99.34";
+        prefixLength = 24;
+    }];
+    interfaces.eth0.ipv6.addresses = [{
+        address= "2a02:8106:208:5201::34";
+        prefixLength = 64;
+    }];
+
+    dhcpcd.denyInterfaces = [ "eth0" ];
+
+    nameservers = [ "8.8.8.8" "9.9.9.9" ];
+
+    defaultGateway = {
+       address = "172.22.99.1";
+       interface = "eth0";
+       metric = 10;
+    };
+    #defaultGateway6 = {
+    #  address = "fe80::a800:42ff:fe7a:3246";
+    #  interface = "ens18";
+    #};
+  };
+  
+  services.openssh.enable = true;
+
+  # Open ports in the firewall.
+  networking.firewall.allowedTCPPorts = [
+    22
+    80
+    443
+    5000
+   ]; 
+
+  # Set your time zone.
+  time.timeZone = "Europe/Berlin";
+  # Select internationalisation properties.
+  i18n = {
+    defaultLocale = "en_US.UTF-8";
+    supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ];
+  };
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    wget
+    vim
+  ];
+
+  # Create a few files early before packing tarball for Proxmox
+  # architecture/OS detection.
+  system.extraSystemBuilderCmds = 
+      ''
+          mkdir -m 0755 -p $out/bin
+          ln -s ${pkgs.bash}/bin/bash $out/bin/sh
+          mkdir -m 0755 -p $out/sbin
+          ln -s ../init $out/sbin/init
+      '';
+  
+  services.dockerRegistry.enable = true;
+
+  services.nginx.enable = true;
+  services.nginx.virtualHosts."registry.hq.c3d2.de" = {
+    enableACME = true;
+    enableSSL = true;
+    # forceSSL = true;
+    locations.".well-known/acme-challenge/" = {
+           root = "/var/lib/acme/acme-challenge/.well-known/acme-challenge/";
+    };
+    locations."/" = {
+           proxyPass = "http://localhost:5000";
+    };
+  };
+
+  # This value determines the NixOS release with which your system is to be
+  # compatible, in order to avoid breaking some software such as database
+  # servers. You should change this only after NixOS release notes say you
+  # should.
+  system.stateVersion = "18.09"; # Did you read the comment?
+}
+
+