diff --git a/tau.yml b/tau.yml index 60bb1f7..5652e28 100644 --- a/tau.yml +++ b/tau.yml @@ -5,6 +5,9 @@ vars: ansible_python_interpreter: /usr/bin/python3 + docker_registry_port: 5000 # this is the reg standard port + docker_registry_domain: "docker-registry.n39.eu" + roles: - role: docker_setup - role: apache @@ -31,6 +34,8 @@ deploy_challenge_hook: "/bin/systemctl restart apache2" - name: "mysql.adm.netz39.de" deploy_challenge_hook: "/bin/systemctl restart apache2" + - name: "{{ docker_registry_domain }}" + deploy_challenge_hook: "/bin/systemctl restart apache2" - name: Setup forward site reservierung.netz39.de include_role: @@ -68,3 +73,42 @@ vars: site_name: mysql.adm.netz39.de proxy_port: 9001 + + + - name: Check if Docker Registry auth dir exists + ansible.builtin.stat: + path: "/srv/docker/registry/auth" + register: docker_dir + - name: Fail if docker registry data dir does not exist + ansible.builtin.fail: + msg: "Docker Registry auth dir is missing, please restore from the backup!" + when: not docker_dir.stat.exists + - name: Ensure the Docker Registry data directory exists + # This may not be part of the backup + file: + path: "/srv/docker/registry/data" + + - name: Setup Docker Registry Container + docker_container: + name: registry + image: "registry:2" + pull: true + state: started + restart_policy: unless-stopped + detach: yes + ports: + - 127.0.0.1:{{ docker_registry_port }}:{{ docker_registry_port }} + env: + REGISTRY_HTTP_HOST: "https://{{ docker_registry_domain }}" + REGISTRY_AUTH_HTPASSWD_REALM: "Netz39 Docker Registry" + REGISTRY_AUTH_HTPASSWD_PATH: "/auth/htpasswd" + volumes: + - "/srv/docker/registry/data:/var/lib/registry:rw" + - "/srv/docker/registry/auth:/auth:rw" + + - name: Setup proxy site for the Docker Registry + include_role: + name: setup-http-site-proxy + vars: + site_name: "{{ docker_registry_domain }}" + proxy_port: "{{ docker_registry_port }}"