Add registry role

project/main.yml

@@ -8,3 +8,4 @@
   roles:
     - vault
     - traefik
+    - registry

project/roles/registry/handlers/main.yml

@@ -0,0 +1,9 @@
+---
+- name: reload systemd
+  ansible.builtin.systemd:
+    daemon_reload: yes
+
+- name: restart registry
+  ansible.builtin.systemd:
+    name: registry
+    state: restarted

project/roles/registry/tasks/main.yml

@@ -0,0 +1,21 @@
+---
+- name: Create registry.service
+  ansible.builtin.template:
+    src: registry.service.j2
+    dest: /etc/systemd/system/registry.service
+  notify:
+    - reload systemd
+    - restart registry
+
+- name: Flush handlers
+  meta: flush_handlers
+
+- name: Ensure service is started
+  ansible.builtin.systemd:
+    state: started
+    name: registry
+
+- name: Ensure service is enabled
+  ansible.builtin.systemd:
+    enabled: yes
+    name: registry

project/roles/registry/templates/registry.service.j2

@@ -0,0 +1,28 @@
+[Unit]
+Description=Registry Container
+After=docker.service
+After=dockerdata.mount
+Requires=docker.service
+Requires=dockerdata.mount
+
+[Service]
+TimeoutStartSec=0
+Restart=always
+ExecStartPre=-/usr/bin/docker stop registry
+ExecStartPre=-/usr/bin/docker rm registry
+ExecStartPre=-/usr/bin/docker pull registry:2
+ExecStart=/usr/bin/docker run \
+  -e "REGISTRY_AUTH=htpasswd" \
+  -e "REGISTRY_AUTH_HTPASSWD_REALM=registry.t-juice.club" \
+  -e "REGISTRY_AUTH_HTPASSWD_PATH=/htpasswd" \
+  -l "traefik.enable=true" \
+  -l "traefik.http.routers.registry.rule=Host(`registry.t-juice.club`)" \
+  -l "traefik.http.routers.registry.tls=true" \
+  -l "traefik.http.routers.registry.tls.certresolver=le" \
+  -v /dockerdata/registry-data:/var/lib/registry \
+  -v /var/registry/htpasswd:/htpasswd \
+  --network proxy \
+  --name registry registry:2
+
+[Install]
+WantedBy=multi-user.target