2019-07-06 02:10:46 +02:00
|
|
|
|
# Edit this configuration file to define what should be installed on
|
|
|
|
|
# your system. Help is available in the configuration.nix(5) man page
|
|
|
|
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
2019-03-20 14:42:02 +01:00
|
|
|
|
|
2019-07-06 02:10:46 +02:00
|
|
|
|
{ config, pkgs, lib, ... }:
|
2019-03-20 14:42:02 +01:00
|
|
|
|
|
2019-07-06 02:10:46 +02:00
|
|
|
|
{
|
|
|
|
|
imports =
|
|
|
|
|
[ ../../../lib/lxc-container.nix
|
|
|
|
|
../../../lib/shared.nix
|
|
|
|
|
../../../lib/admins.nix
|
|
|
|
|
];
|
2019-03-20 14:42:02 +01:00
|
|
|
|
|
|
|
|
|
networking = {
|
|
|
|
|
hostName = "registry";
|
|
|
|
|
# usePredictableInterfacenames = false;
|
|
|
|
|
interfaces.eth0.ipv4.addresses = [{
|
|
|
|
|
address = "172.22.99.34";
|
|
|
|
|
prefixLength = 24;
|
|
|
|
|
}];
|
|
|
|
|
interfaces.eth0.ipv6.addresses = [{
|
|
|
|
|
address= "2a02:8106:208:5201::34";
|
|
|
|
|
prefixLength = 64;
|
|
|
|
|
}];
|
|
|
|
|
|
|
|
|
|
dhcpcd.denyInterfaces = [ "eth0" ];
|
|
|
|
|
|
|
|
|
|
defaultGateway = {
|
|
|
|
|
address = "172.22.99.1";
|
|
|
|
|
interface = "eth0";
|
|
|
|
|
metric = 10;
|
|
|
|
|
};
|
|
|
|
|
#defaultGateway6 = {
|
|
|
|
|
# address = "fe80::a800:42ff:fe7a:3246";
|
|
|
|
|
# interface = "ens18";
|
|
|
|
|
#};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# Open ports in the firewall.
|
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
|
|
|
22
|
|
|
|
|
80
|
|
|
|
|
443
|
|
|
|
|
5000
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# List packages installed in system profile. To search, run:
|
|
|
|
|
# $ nix search wget
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
wget
|
|
|
|
|
vim
|
|
|
|
|
];
|
|
|
|
|
|
2019-07-06 02:10:46 +02:00
|
|
|
|
services.dockerRegistry = {
|
|
|
|
|
enable = true;
|
|
|
|
|
storagePath = "/srv/docker-registry";
|
|
|
|
|
enableGarbageCollect = true;
|
|
|
|
|
enableDelete = true;
|
|
|
|
|
};
|
2019-03-20 14:42:02 +01:00
|
|
|
|
|
|
|
|
|
services.nginx.enable = true;
|
|
|
|
|
services.nginx.virtualHosts."registry.hq.c3d2.de" = {
|
2019-07-06 02:10:46 +02:00
|
|
|
|
# serverAliases = [ "registry.serv.zentralwerk.org" ];
|
2019-03-20 14:42:02 +01:00
|
|
|
|
enableACME = true;
|
2019-11-09 14:39:50 +01:00
|
|
|
|
onlySSL = true;
|
2019-03-20 14:42:02 +01:00
|
|
|
|
locations.".well-known/acme-challenge/" = {
|
2019-11-09 14:39:50 +01:00
|
|
|
|
root = "/var/lib/acme/acme-challenge/.well-known/acme-challenge/";
|
2019-03-20 14:42:02 +01:00
|
|
|
|
};
|
2019-11-09 14:39:50 +01:00
|
|
|
|
locations."/" = { proxyPass = "http://localhost:5000"; };
|
2019-04-16 12:32:26 +02:00
|
|
|
|
extraConfig = ''
|
2019-07-06 02:10:46 +02:00
|
|
|
|
client_max_body_size 4096M;
|
2019-04-16 12:32:26 +02:00
|
|
|
|
gzip off;
|
|
|
|
|
'';
|
2019-03-20 14:42:02 +01:00
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# This value determines the NixOS release with which your system is to be
|
|
|
|
|
# compatible, in order to avoid breaking some software such as database
|
|
|
|
|
# servers. You should change this only after NixOS release notes say you
|
|
|
|
|
# should.
|
2019-07-06 02:10:46 +02:00
|
|
|
|
system.stateVersion = "19.03"; # Did you read the comment?
|
2019-03-20 14:42:02 +01:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|