66 lines
1.7 KiB
Nix
66 lines
1.7 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
{
|
|
imports = [
|
|
../../../config
|
|
../../../config/lxc-container.nix
|
|
../../../config/shared.nix
|
|
];
|
|
|
|
networking = {
|
|
hostName = "registry";
|
|
# usePredictableInterfacenames = false;
|
|
interfaces.eth0.ipv4.addresses = [{
|
|
address = "172.22.99.34";
|
|
prefixLength = 24;
|
|
}];
|
|
interfaces.eth0.ipv6.addresses = [{
|
|
address = "2a00:8180:2c00:223::34";
|
|
prefixLength = 64;
|
|
}];
|
|
|
|
dhcpcd.denyInterfaces = [ "eth0" ];
|
|
|
|
defaultGateway = {
|
|
address = "172.22.99.1";
|
|
interface = "eth0";
|
|
metric = 10;
|
|
};
|
|
#defaultGateway6 = {
|
|
# address = "fe80::a800:42ff:fe7a:3246";
|
|
# interface = "ens18";
|
|
#};
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 22 80 443 5000 ];
|
|
|
|
services.dockerRegistry = {
|
|
enable = true;
|
|
storagePath = "/srv/docker-registry";
|
|
enableGarbageCollect = true;
|
|
enableDelete = true;
|
|
};
|
|
|
|
services.nginx.enable = true;
|
|
services.nginx.virtualHosts."registry.hq.c3d2.de" = {
|
|
# serverAliases = [ "registry.serv.zentralwerk.org" ];
|
|
enableACME = true;
|
|
onlySSL = true;
|
|
locations.".well-known/acme-challenge/" = {
|
|
root = "/var/lib/acme/acme-challenge/.well-known/acme-challenge/";
|
|
};
|
|
locations."/" = { proxyPass = "http://localhost:5000"; };
|
|
extraConfig = ''
|
|
client_max_body_size 4096M;
|
|
gzip off;
|
|
'';
|
|
};
|
|
|
|
# This value determines the NixOS release with which your system is to be
|
|
# compatible, in order to avoid breaking some software such as database
|
|
# servers. You should change this only after NixOS release notes say you
|
|
# should.
|
|
system.stateVersion = "19.03"; # Did you read the comment?
|
|
}
|
|
|