77 lines
1.9 KiB
Nix
77 lines
1.9 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
let
|
|
cfg = config.virtualisation.containers;
|
|
|
|
inherit (lib) mkOption types;
|
|
|
|
toml = pkgs.formats.toml { };
|
|
in {
|
|
meta.maintainers = [ lib.maintainers.michaelCTS ];
|
|
|
|
options.virtualisation.containers = {
|
|
enable = lib.mkEnableOption "the common containers configuration module";
|
|
|
|
ociSeccompBpfHook.enable = lib.mkEnableOption "the OCI seccomp BPF hook";
|
|
|
|
registries = {
|
|
search = mkOption {
|
|
type = types.listOf types.str;
|
|
default = [ "docker.io" "quay.io" ];
|
|
description = ''
|
|
List of repositories to search.
|
|
'';
|
|
};
|
|
|
|
insecure = mkOption {
|
|
type = types.listOf types.str;
|
|
default = [ ];
|
|
description = ''
|
|
List of insecure repositories.
|
|
'';
|
|
};
|
|
|
|
block = mkOption {
|
|
type = types.listOf types.str;
|
|
default = [ ];
|
|
description = ''
|
|
List of blocked repositories.
|
|
'';
|
|
};
|
|
};
|
|
|
|
policy = mkOption {
|
|
type = types.attrs;
|
|
default = { };
|
|
example = lib.literalExpression ''
|
|
{
|
|
default = [ { type = "insecureAcceptAnything"; } ];
|
|
transports = {
|
|
docker-daemon = {
|
|
"" = [ { type = "insecureAcceptAnything"; } ];
|
|
};
|
|
};
|
|
}
|
|
'';
|
|
description = ''
|
|
Signature verification policy file.
|
|
If this option is empty the default policy file from
|
|
`skopeo` will be used.
|
|
'';
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
xdg.configFile."containers/registries.conf".source =
|
|
toml.generate "registries.conf" {
|
|
registries = lib.mapAttrs (n: v: { registries = v; }) cfg.registries;
|
|
};
|
|
|
|
xdg.configFile."containers/policy.json".source = if cfg.policy != { } then
|
|
pkgs.writeText "policy.json" (builtins.toJSON cfg.policy)
|
|
else
|
|
"${pkgs.skopeo.src}/default-policy.json";
|
|
};
|
|
|
|
}
|