pyrox.dev
nixos/oci-containers: enable login for registry
authored by Tobias Happ and committed by zowoq bbd5cdac f674130f
+33
nixos/modules/virtualisation/oci-containers.nix
+33
nixos/modules/virtualisation/oci-containers.nix
···
31
31
example = literalExample "pkgs.dockerTools.buildDockerImage {...};";
32
32
};
33
33
34
+
login = {
35
+
36
+
username = mkOption {
37
+
type = with types; nullOr str;
38
+
default = null;
39
+
description = "Username for login.";
40
+
};
41
+
42
+
passwordFile = mkOption {
43
+
type = with types; nullOr str;
44
+
default = null;
45
+
description = "Path to file containing password.";
46
+
example = "/etc/nixos/dockerhub-password.txt";
47
+
};
48
+
49
+
registry = mkOption {
50
+
type = with types; nullOr str;
51
+
default = null;
52
+
description = "Registry where to login to.";
53
+
example = "https://docker.pkg.github.com";
54
+
};
55
+
56
+
};
57
+
34
58
cmd = mkOption {
35
59
type = with types; listOf str;
36
60
default = [];
···
220
244
};
221
245
};
222
246
247
+
isValidLogin = login: login.username != null && login.passwordFile != null && login.registry != null;
248
+
223
249
mkService = name: container: let
224
250
dependsOn = map (x: "${cfg.backend}-${x}.service") container.dependsOn;
225
251
in {
···
235
261
236
262
preStart = ''
237
263
${cfg.backend} rm -f ${name} || true
264
+
${optionalString (isValidLogin container.login) ''
265
+
cat ${container.login.passwordFile} | \
266
+
${cfg.backend} login \
267
+
${container.login.registry} \
268
+
--username ${container.login.username} \
269
+
--password-stdin
270
+
''}
238
271
${optionalString (container.imageFile != null) ''
239
272
${cfg.backend} load -i ${container.imageFile}
240
273
''}