From 5f1ad293407ee82998a62ce93130f93ba9249f89 Mon Sep 17 00:00:00 2001 From: Mathijs Kwik Date: Tue, 5 Jun 2018 11:26:02 +0200 Subject: [PATCH 1/2] nixos/docker-registry: allow nested config options for example: services.dockerRegistry = { enable = true; extraConfig = { http = { host = "https://${config.networking.hostName}:5000"; tls = { certificate = "${registry-tls}/snakeoil.pem"; key = "${registry-tls}/snakeoil.key"; }; }; }; }; --- nixos/modules/services/misc/docker-registry.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/misc/docker-registry.nix b/nixos/modules/services/misc/docker-registry.nix index 45931cb42b54..fe0a8e58de3d 100644 --- a/nixos/modules/services/misc/docker-registry.nix +++ b/nixos/modules/services/misc/docker-registry.nix @@ -42,7 +42,7 @@ let }; }; - configFile = pkgs.writeText "docker-registry-config.yml" (builtins.toJSON (registryConfig // cfg.extraConfig)); + configFile = pkgs.writeText "docker-registry-config.yml" (builtins.toJSON (recursiveUpdate registryConfig cfg.extraConfig)); in { options.services.dockerRegistry = { @@ -91,7 +91,7 @@ in { Docker extra registry configuration via environment variables. ''; default = {}; - type = types.attrsOf types.str; + type = types.attrs; }; enableGarbageCollect = mkEnableOption "garbage collect"; From c4fd2b7318c7e3cdaa2467ef0a9dfc2f6c34c6fa Mon Sep 17 00:00:00 2001 From: Mathijs Kwik Date: Tue, 5 Jun 2018 11:27:03 +0200 Subject: [PATCH 2/2] nixos/docker-registry: allow running on ports < 1024 --- nixos/modules/services/misc/docker-registry.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/services/misc/docker-registry.nix b/nixos/modules/services/misc/docker-registry.nix index fe0a8e58de3d..f628da4ac4c0 100644 --- a/nixos/modules/services/misc/docker-registry.nix +++ b/nixos/modules/services/misc/docker-registry.nix @@ -120,6 +120,7 @@ in { serviceConfig = { User = "docker-registry"; WorkingDirectory = cfg.storagePath; + AmbientCapabilities = mkIf (cfg.port < 1024) "cap_net_bind_service"; }; };