rrix
/
complete-computing-environment
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
complete-computing-environment/wobserver-docker.org

58 lines
2.0 KiB
Org Mode
Raw Permalink Blame History

:PROPERTIES:
:ID: 20221202T124113.404212
:END:
#+TITLE: Docker Containers on the Wobserver
#+FILETAGS: :CCE:
I don't really *want* to use [[roam:Docker]], but it's the most-supported way to get some services etc running on my server. This is kind of the Minimum Viable Docker...
The =htpasswd= file was generated locally and then copied to the server so that it doesn't make it in to any =nix store=... It has to be done with =apacheHttpd='s =htpasswd= like so: =sudo -u docker-registry htpasswd -B /srv/docker-registry/htpasswd rrix=.
#+ARROYO_NIXOS_MODULE: nixos/wobserver-docker.nix
#+ARROYO_SYSTEM_ROLE: server
#+AUTO_TANGLE: t
#+begin_src nix :tangle ~/arroyo-nix/nixos/wobserver-docker.nix
{ config, ... }:
let
cfg = config.services.dockerRegistry;
in{
virtualisation.containers = {
registries.search = ["docker.fontkeming.fail" "docker.io"];
storage.settings = {
storage.driver = "zfs";
};
};
virtualisation.oci-containers.backend = "docker";
services.dockerRegistry = {
enable = true;
enableGarbageCollect = true;
storagePath = "/srv/docker-registry/";
extraConfig = {
auth.htpasswd = {
# sudo htpasswd -B /srv/docker-registry/htpasswd rrix
realm = "basic-realm";
path = "/srv/docker-registry/htpasswd";
};
};
};
services.nginx.virtualHosts."docker.fontkeming.fail" = {
locations."/".proxyPass = "http://${cfg.listenAddress}:${toString cfg.port}";
locations."/".extraConfig = ''
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https; # workaround for double-proxying https://github.com/distribution/distribution/issues/2862 ???
proxy_set_header X-Forwarded-Host $http_host;
'';
extraConfig = ''
client_max_body_size 1G;
'';
};
}
#+end_src
There's a question of whether to set =virtualisation.oci-containers.backend= to docker or use Podman -- I'm tempted to just leave this until I don't need to.
Reference in New Issue View Git Blame Copy Permalink