2.0 KiB
2.0 KiB
Docker Containers on the Wobserver
I don't really want to use roam:Docker, but it's the most-supported way to get some services etc running on my server. This is kind of the Minimum Viable Docker…
The htpasswd file was generated locally and then copied to the server so that it doesn't make it in to any nix store… It has to be done with apacheHttpd's htpasswd like so: sudo -u docker-registry htpasswd -B /srv/docker-registry/htpasswd rrix.
{ config, ... }:
let
cfg = config.services.dockerRegistry;
in{
virtualisation.containers = {
registries.search = ["docker.fontkeming.fail" "docker.io"];
storage.settings = {
storage.driver = "zfs";
};
};
virtualisation.oci-containers.backend = "docker";
services.dockerRegistry = {
enable = true;
enableGarbageCollect = true;
storagePath = "/srv/docker-registry/";
extraConfig = {
auth.htpasswd = {
# sudo htpasswd -B /srv/docker-registry/htpasswd rrix
realm = "basic-realm";
path = "/srv/docker-registry/htpasswd";
};
};
};
services.nginx.virtualHosts."docker.fontkeming.fail" = {
locations."/".proxyPass = "http://${cfg.listenAddress}:${toString cfg.port}";
locations."/".extraConfig = ''
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https; # workaround for double-proxying https://github.com/distribution/distribution/issues/2862 ???
proxy_set_header X-Forwarded-Host $http_host;
'';
extraConfig = ''
client_max_body_size 1G;
'';
};
}
There's a question of whether to set virtualisation.oci-containers.backend to docker or use Podman – I'm tempted to just leave this until I don't need to.