From 4607ff7cef9d04d5c1011f9743bc72d56d6e490d Mon Sep 17 00:00:00 2001
From: Jamie Magee <jamie.magee@gmail.com>
Date: Sat, 7 Mar 2026 23:07:08 -0800
Subject: [PATCH] nixos/docker-registry: fix mkIf misuse and OCI manifest test

The redis block was wrapped in lib.mkIf inside a let binding. mkIf is a module system primitive that only works inside module config definitions; in a let binding its internal {_type, condition, content} structure got serialized straight into the JSON config file. Move the redis config into services.dockerRegistry.extraConfig with mkIf, where the module system handles it correctly.

Also update the test's curl accept header from application/vnd.docker.distribution.manifest.v2+json to application/vnd.oci.image.manifest.v1+json, since distribution v3 produces OCI manifests by default.
---
 .../modules/services/misc/docker-registry.nix | 30 ++++++++++---------
 nixos/tests/docker-registry.nix               |  2 +-
 2 files changed, 17 insertions(+), 15 deletions(-)

diff --git a/nixos/modules/services/misc/docker-registry.nix b/nixos/modules/services/misc/docker-registry.nix
index d6d8df3b2baf..860128aa163f 100644
--- a/nixos/modules/services/misc/docker-registry.nix
+++ b/nixos/modules/services/misc/docker-registry.nix
@@ -28,20 +28,6 @@ let
     };
   };
 
-  registryConfig.redis = lib.mkIf cfg.enableRedisCache {
-    addr = "${cfg.redisUrl}";
-    password = "${cfg.redisPassword}";
-    db = 0;
-    dialtimeout = "10ms";
-    readtimeout = "10ms";
-    writetimeout = "10ms";
-    pool = {
-      maxidle = 16;
-      maxactive = 64;
-      idletimeout = "300s";
-    };
-  };
-
   configFile = cfg.configFile;
 in
 {
@@ -139,6 +125,22 @@ in
   };
 
   config = lib.mkIf cfg.enable {
+    services.dockerRegistry.extraConfig = lib.mkIf cfg.enableRedisCache {
+      redis = {
+        addr = "${cfg.redisUrl}";
+        password = "${cfg.redisPassword}";
+        db = 0;
+        dialtimeout = "10ms";
+        readtimeout = "10ms";
+        writetimeout = "10ms";
+        pool = {
+          maxidle = 16;
+          maxactive = 64;
+          idletimeout = "300s";
+        };
+      };
+    };
+
     systemd.services.docker-registry = {
       description = "Docker Container Registry";
       wantedBy = [ "multi-user.target" ];
diff --git a/nixos/tests/docker-registry.nix b/nixos/tests/docker-registry.nix
index d30c48132d89..0599e2d978db 100644
--- a/nixos/tests/docker-registry.nix
+++ b/nixos/tests/docker-registry.nix
@@ -53,7 +53,7 @@
     client2.succeed("docker images | grep scratch")
 
     client2.succeed(
-        "curl -fsS -X DELETE registry:8080/v2/scratch/manifests/$(curl -fsS -I -H\"Accept: application/vnd.docker.distribution.manifest.v2+json\" registry:8080/v2/scratch/manifests/latest | grep Docker-Content-Digest | sed -e 's/Docker-Content-Digest: //' | tr -d '\\r')"
+        "curl -fsS -X DELETE registry:8080/v2/scratch/manifests/$(curl -fsS -I -H\"Accept: application/vnd.oci.image.manifest.v1+json\" registry:8080/v2/scratch/manifests/latest | grep Docker-Content-Digest | sed -e 's/Docker-Content-Digest: //' | tr -d '\\r')"
     )
 
     registry.systemctl("start docker-registry-garbage-collect.service")