diff --git a/nixos/modules/services/misc/docker-registry.nix b/nixos/modules/services/misc/docker-registry.nix index c0dbcf380db..45931cb42b5 100644 --- a/nixos/modules/services/misc/docker-registry.nix +++ b/nixos/modules/services/misc/docker-registry.nix @@ -42,6 +42,8 @@ let }; }; + configFile = pkgs.writeText "docker-registry-config.yml" (builtins.toJSON (registryConfig // cfg.extraConfig)); + in { options.services.dockerRegistry = { enable = mkEnableOption "Docker Registry"; @@ -70,11 +72,7 @@ in { description = "Enable delete for manifests and blobs."; }; - enableRedisCache = mkOption { - type = types.bool; - default = false; - description = "Enable redis as blob cache instade of inmemory."; - }; + enableRedisCache = mkEnableOption "redis as blob cache"; redisUrl = mkOption { type = types.str; @@ -95,6 +93,19 @@ in { default = {}; type = types.attrsOf types.str; }; + + enableGarbageCollect = mkEnableOption "garbage collect"; + + garbageCollectDates = mkOption { + default = "daily"; + type = types.str; + description = '' + Specification (in the format described by + systemd.time + 7) of the time at + which the garbage collect will occur. + ''; + }; }; config = mkIf cfg.enable { @@ -102,9 +113,7 @@ in { description = "Docker Container Registry"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; - script = let - configFile = pkgs.writeText "docker-registry-config.yml" (builtins.toJSON (registryConfig // cfg.extraConfig)); - in '' + script = '' ${pkgs.docker-distribution}/bin/registry serve ${configFile} ''; @@ -114,6 +123,22 @@ in { }; }; + systemd.services.docker-registry-garbage-collect = { + description = "Run Garbage Collection for docker registry"; + + restartIfChanged = false; + unitConfig.X-StopOnRemoval = false; + + serviceConfig.Type = "oneshot"; + + script = '' + ${pkgs.docker-distribution}/bin/registry garbage-collect ${configFile} + ${pkgs.systemd}/bin/systemctl restart docker-registry.service + ''; + + startAt = optional cfg.enableGarbageCollect cfg.garbageCollectDates; + }; + users.extraUsers.docker-registry = { createHome = true; home = cfg.storagePath; diff --git a/nixos/tests/docker-registry.nix b/nixos/tests/docker-registry.nix index 943773ee391..1fbd199c7bc 100644 --- a/nixos/tests/docker-registry.nix +++ b/nixos/tests/docker-registry.nix @@ -3,7 +3,7 @@ import ./make-test.nix ({ pkgs, ...} : { name = "docker-registry"; meta = with pkgs.stdenv.lib.maintainers; { - maintainers = [ globin ma27 ]; + maintainers = [ globin ma27 ironpinguin ]; }; nodes = { @@ -12,6 +12,7 @@ import ./make-test.nix ({ pkgs, ...} : { services.dockerRegistry.enableDelete = true; services.dockerRegistry.port = 8080; services.dockerRegistry.listenAddress = "0.0.0.0"; + services.dockerRegistry.enableGarbageCollect = true; networking.firewall.allowedTCPPorts = [ 8080 ]; }; @@ -23,7 +24,6 @@ import ./make-test.nix ({ pkgs, ...} : { client2 = { config, pkgs, ...}: { virtualisation.docker.enable = true; virtualisation.docker.extraOptions = "--insecure-registry registry:8080"; - environment.systemPackages = [ pkgs.jq ]; }; }; @@ -35,6 +35,7 @@ import ./make-test.nix ({ pkgs, ...} : { $registry->start(); $registry->waitForUnit("docker-registry.service"); + $registry->waitForOpenPort("8080"); $client1->succeed("docker push registry:8080/scratch"); $client2->start(); @@ -43,7 +44,20 @@ import ./make-test.nix ({ pkgs, ...} : { $client2->succeed("docker images | grep scratch"); $client2->succeed( - 'curl -fsS -X DELETE registry:8080/v2/scratch/manifests/$(curl registry:8080/v2/scratch/manifests/latest | jq ".fsLayers[0].blobSum" | sed -e \'s/"//g\')' + 'curl -fsS -X DELETE registry:8080/v2/scratch/manifests/$(curl -fsS -I -H"Accept: application/vnd.docker.distribution.manifest.v2+json" registry:8080/v2/scratch/manifests/latest | grep Docker-Content-Digest | sed -e \'s/Docker-Content-Digest: //\' | tr -d \'\r\')' + ); + + $registry->systemctl("start docker-registry-garbage-collect.service"); + $registry->waitUntilFails("systemctl status docker-registry-garbage-collect.service"); + $registry->waitForUnit("docker-registry.service"); + + $registry->fail( + 'ls -l /var/lib/docker-registry/docker/registry/v2/blobs/sha256/*/*/data' + ); + + $client1->succeed("docker push registry:8080/scratch"); + $registry->succeed( + 'ls -l /var/lib/docker-registry/docker/registry/v2/blobs/sha256/*/*/data' ); ''; })