Commit 014816cb authored by Yaya's avatar Yaya Committed by Yureka
Browse files

nixos/gitlab: Add support for gitlab-container-registry 

Support for external container registries (namely
`pkgs.docker-distribution`) has ended in GitLab 16.0 [1] and is
scheduled for removal in a future release. [2]

This commit adds a new registry package option, defaulting to
`pkgs.docker-distribution` and `pkgs.gitlab-container-registry` for
system state versions >= 23.11.

While it is still possible to use the docker container registry, module
users should switch to gitlab's container registry fork soon. A warning
message will be added in a future commit to advise affected users to
back up their state and then switch to the new container registry
package.

[1]: https://gitlab.com/gitlab-org/gitlab/-/issues/376217
[2]: https://gitlab.com/gitlab-org/gitlab/-/issues/403322
parent 049d6805

nixos/modules/services/misc/gitlab.nix

+15 −0
Original line number Diff line number Diff line
@@ -553,6 +553,20 @@ in { 
          default = false;

          description = lib.mdDoc "Enable GitLab container registry.";

        };

        package = mkOption {

          type = types.package;

          default =

            if versionAtLeast config.system.stateVersion "23.11"

            then pkgs.gitlab-container-registry

            else pkgs.docker-distribution;

          defaultText = literalExpression "pkgs.docker-distribution";

          description = lib.mdDoc ''

            Container registry package to use.



            External container registries such as `pkgs.docker-distribution` are not supported

            anymore since GitLab 16.0.0.

          '';

        };

        host = mkOption {

          type = types.str;

          default = config.services.gitlab.host;
@@ -1210,6 +1224,7 @@ in { 
    services.dockerRegistry = optionalAttrs cfg.registry.enable {

      enable = true;

      enableDelete = true; # This must be true, otherwise GitLab won't manage it correctly

      package = cfg.package;

      extraConfig = {

        auth.token = {

          realm = "http${optionalString (cfg.https == true) "s"}://${cfg.host}/jwt/auth";