cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

nixos/dockerRegistry: add openFirewall option

Browse source 
Signed-off-by: Christina Sørensen <christina@cafkafk.com>
This commit is contained in:
Christina Sørensen 2024-02-29 09:54:20 +01:00
parent fdfe8b3a0c
commit d31cbb78ca
Signed by: cafkafk
GPG key ID: 26C542FD97F965CE
2 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
nixos/modules/services/misc/docker-registry.nix
View file

@ -63,6 +63,12 @@ in {
type = types.port; type = types.port;
}; };
openFirewall = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc "Opens the port used by the firewall.";
};
storagePath = mkOption { storagePath = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = "/var/lib/docker-registry"; default = "/var/lib/docker-registry";
@ -154,5 +160,9 @@ in {
isSystemUser = true; isSystemUser = true;
}; };
users.groups.docker-registry = {}; users.groups.docker-registry = {};
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ cfg.port ];
};
}; };
} }

2
nixos/tests/docker-registry.nix
View file

@ -13,7 +13,7 @@ import ./make-test-python.nix ({ pkgs, ...} : {
services.dockerRegistry.port = 8080; services.dockerRegistry.port = 8080;
services.dockerRegistry.listenAddress = "0.0.0.0"; services.dockerRegistry.listenAddress = "0.0.0.0";
services.dockerRegistry.enableGarbageCollect = true; services.dockerRegistry.enableGarbageCollect = true;
networking.firewall.allowedTCPPorts = [ 8080 ]; services.dockerRegistry.openFirewall = true;
}; };
client1 = { ... }: { client1 = { ... }: {