103 lines
2.7 KiB
Nix
103 lines
2.7 KiB
Nix
|
[ <nixpkgs/nixos/modules/profiles/minimal.nix>
|
||
|
];
|
||
|
nix.useSandbox = false;
|
||
|
nix.maxJobs = lib.mkDefault 4;
|
||
|
|
||
|
boot.isContainer = true;
|
||
|
# /sbin/init
|
||
|
boot.loader.initScript.enable = true;
|
||
|
boot.loader.grub.enable = false;
|
||
|
#boot.supportedFilesystems = ["zfs" "ext2" "ext3" "vfat" "fat32" "bcache" "bcachefs"];
|
||
|
|
||
|
fileSystems."/" = { fsType = "rootfs"; device = "rootfs"; };
|
||
|
|
||
|
#networking.hostName = "docker-registry"; # Define your hostname.
|
||
|
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||
|
#networking.useNetworkd = true;
|
||
|
|
||
|
networking = {
|
||
|
hostName = "registry";
|
||
|
# usePredictableInterfacenames = false;
|
||
|
interfaces.eth0.ipv4.addresses = [{
|
||
|
address = "172.22.99.34";
|
||
|
prefixLength = 24;
|
||
|
}];
|
||
|
interfaces.eth0.ipv6.addresses = [{
|
||
|
address= "2a02:8106:208:5201::34";
|
||
|
prefixLength = 64;
|
||
|
}];
|
||
|
|
||
|
dhcpcd.denyInterfaces = [ "eth0" ];
|
||
|
|
||
|
nameservers = [ "8.8.8.8" "9.9.9.9" ];
|
||
|
|
||
|
defaultGateway = {
|
||
|
address = "172.22.99.1";
|
||
|
interface = "eth0";
|
||
|
metric = 10;
|
||
|
};
|
||
|
#defaultGateway6 = {
|
||
|
# address = "fe80::a800:42ff:fe7a:3246";
|
||
|
# interface = "ens18";
|
||
|
#};
|
||
|
};
|
||
|
|
||
|
services.openssh.enable = true;
|
||
|
|
||
|
# Open ports in the firewall.
|
||
|
networking.firewall.allowedTCPPorts = [
|
||
|
22
|
||
|
80
|
||
|
443
|
||
|
5000
|
||
|
];
|
||
|
|
||
|
# Set your time zone.
|
||
|
time.timeZone = "Europe/Berlin";
|
||
|
# Select internationalisation properties.
|
||
|
i18n = {
|
||
|
defaultLocale = "en_US.UTF-8";
|
||
|
supportedLocales = lib.mkForce [ "en_US.UTF-8/UTF-8" ];
|
||
|
};
|
||
|
|
||
|
# List packages installed in system profile. To search, run:
|
||
|
# $ nix search wget
|
||
|
environment.systemPackages = with pkgs; [
|
||
|
wget
|
||
|
vim
|
||
|
];
|
||
|
|
||
|
# Create a few files early before packing tarball for Proxmox
|
||
|
# architecture/OS detection.
|
||
|
system.extraSystemBuilderCmds =
|
||
|
''
|
||
|
mkdir -m 0755 -p $out/bin
|
||
|
ln -s ${pkgs.bash}/bin/bash $out/bin/sh
|
||
|
mkdir -m 0755 -p $out/sbin
|
||
|
ln -s ../init $out/sbin/init
|
||
|
'';
|
||
|
|
||
|
services.dockerRegistry.enable = true;
|
||
|
|
||
|
services.nginx.enable = true;
|
||
|
services.nginx.virtualHosts."registry.hq.c3d2.de" = {
|
||
|
enableACME = true;
|
||
|
enableSSL = true;
|
||
|
# forceSSL = true;
|
||
|
locations.".well-known/acme-challenge/" = {
|
||
|
root = "/var/lib/acme/acme-challenge/.well-known/acme-challenge/";
|
||
|
};
|
||
|
locations."/" = {
|
||
|
proxyPass = "http://localhost:5000";
|
||
|
};
|
||
|
};
|
||
|
|
||
|
# This value determines the NixOS release with which your system is to be
|
||
|
# compatible, in order to avoid breaking some software such as database
|
||
|
# servers. You should change this only after NixOS release notes say you
|
||
|
# should.
|
||
|
system.stateVersion = "18.09"; # Did you read the comment?
|
||
|
}
|
||
|
|
||
|
|