diff --git a/project/main.yml b/project/main.yml index fc6680a..d965825 100644 --- a/project/main.yml +++ b/project/main.yml @@ -7,4 +7,5 @@ - hosts: docker2.t-juice.club roles: - vault - - traefik \ No newline at end of file + - traefik + - registry \ No newline at end of file diff --git a/project/roles/registry/handlers/main.yml b/project/roles/registry/handlers/main.yml new file mode 100644 index 0000000..671b28e --- /dev/null +++ b/project/roles/registry/handlers/main.yml @@ -0,0 +1,9 @@ +--- +- name: reload systemd + ansible.builtin.systemd: + daemon_reload: yes + +- name: restart registry + ansible.builtin.systemd: + name: registry + state: restarted diff --git a/project/roles/registry/tasks/main.yml b/project/roles/registry/tasks/main.yml new file mode 100644 index 0000000..772c410 --- /dev/null +++ b/project/roles/registry/tasks/main.yml @@ -0,0 +1,21 @@ +--- +- name: Create registry.service + ansible.builtin.template: + src: registry.service.j2 + dest: /etc/systemd/system/registry.service + notify: + - reload systemd + - restart registry + +- name: Flush handlers + meta: flush_handlers + +- name: Ensure service is started + ansible.builtin.systemd: + state: started + name: registry + +- name: Ensure service is enabled + ansible.builtin.systemd: + enabled: yes + name: registry diff --git a/project/roles/registry/templates/registry.service.j2 b/project/roles/registry/templates/registry.service.j2 new file mode 100644 index 0000000..b2e46a4 --- /dev/null +++ b/project/roles/registry/templates/registry.service.j2 @@ -0,0 +1,28 @@ +[Unit] +Description=Registry Container +After=docker.service +After=dockerdata.mount +Requires=docker.service +Requires=dockerdata.mount + +[Service] +TimeoutStartSec=0 +Restart=always +ExecStartPre=-/usr/bin/docker stop registry +ExecStartPre=-/usr/bin/docker rm registry +ExecStartPre=-/usr/bin/docker pull registry:2 +ExecStart=/usr/bin/docker run \ + -e "REGISTRY_AUTH=htpasswd" \ + -e "REGISTRY_AUTH_HTPASSWD_REALM=registry.t-juice.club" \ + -e "REGISTRY_AUTH_HTPASSWD_PATH=/htpasswd" \ + -l "traefik.enable=true" \ + -l "traefik.http.routers.registry.rule=Host(`registry.t-juice.club`)" \ + -l "traefik.http.routers.registry.tls=true" \ + -l "traefik.http.routers.registry.tls.certresolver=le" \ + -v /dockerdata/registry-data:/var/lib/registry \ + -v /var/registry/htpasswd:/htpasswd \ + --network proxy \ + --name registry registry:2 + +[Install] +WantedBy=multi-user.target