Docker pull-through cache for NixOS

· 169 words · 1 minute read

Docker Hub has announced new pull limits starting 2024-04-01. An easy way to get around that is to set up a pull-through cache. This can easily be done using CNCF Distribution. Here’s how I did that on NixOS:

{ lib, config, ... }:
with lib;
let cfg = config.services.dockercache;
in {
  options.services.dockercache = {
    enable = mkEnableOption "Enable docker cache";
    domain = mkOption {
      default = "${config.networking.hostName}.${config.networking.domain}";
      type = types.str;
      description = "default domain to serve";
    };
  };

  config = mkIf cfg.enable {
    services.dockerRegistry = {
      enable = true;
      enableGarbageCollect = true;
      extraConfig = {
        proxy.remoteurl = "https://registry-1.docker.io";
        log.accesslog.disabled = true; # access can be seen in caddy log
        http.debug = { # only if you use prometheus
          addr = "localhost:5001";
          prometheus.enabled = true;
        };
      };
    };

    systemd.services.docker-registry.environment = {
      OTEL_TRACES_EXPORTER = "none"; # disable sending traces (on by default)
    };

    services.caddy.virtualHosts."${cfg.domain}" = {
      extraConfig = ''
        handle /metrics {
          basic_auth {
            prometheus ...
          }

          reverse_proxy http://localhost:5001
        }

        reverse_proxy http://localhost:5000
      '';
    };

    virtualisation.docker.daemon.settings.registry-mirrors = [
      "https://your.sub.domain"
    ];
  };
}