Initial commit

container_registry.yaml

@@ -0,0 +1,88 @@
+- name: Run registry container
+  hosts: localhost
+  gather_facts: false
+  tasks:
+    - name: Creates directory for certs
+      ansible.builtin.file:
+        path: "{{playbook_dir}}/certs"
+        state: directory
+
+    - name: Creates directory for data, will be mounted on the container and used for the registry store
+      ansible.builtin.file:
+        path: "{{playbook_dir}}/data"
+        state: directory
+
+    - name: Creates directory for auth (htpasswd)
+      ansible.builtin.file:
+        path: "{{playbook_dir}}/auth"
+        state: directory
+
+    - name: Create auth file
+      community.general.htpasswd:
+        path: "{{playbook_dir}}/auth/htpasswd"
+        name: admin
+        password: admin
+        hash_scheme: bcrypt
+
+    - name: Create private key (RSA, 4096 bits)
+      community.crypto.openssl_privatekey:
+        path: "{{playbook_dir}}/certs/domain.key"
+
+    - name: Create certificate signing request (CSR) for self-signed certificate
+      community.crypto.openssl_csr_pipe:
+        privatekey_path: "{{playbook_dir}}/certs/domain.key"
+        common_name: tiptop
+        organization_name: MyOwnVerySelf
+        subject_alt_name:
+          - "DNS:tiptop"
+      register: ca_csr
+
+    - name: Create self-signed certificate from CSR
+      community.crypto.x509_certificate:
+        path: "{{playbook_dir}}/certs/domain.crt"
+        csr_content: "{{ ca_csr.csr }}"
+        privatekey_path: "{{playbook_dir}}/certs/domain.key"
+        provider: selfsigned
+
+    - name: Build container
+      containers.podman.podman_image:
+        name: myregistry
+        state: build
+        build:
+          format: oci
+          container_file: |-
+            FROM docker.io/library/registry:latest
+            ENV REGISTRY_COMPATIBILITY_SCHEMA1_ENABLED true
+            ENV REGISTRY_AUTH htpasswd
+            ENV REGISTRY_AUTH_HTPASSWD_REALM "Registry Realm"
+            ENV REGISTRY_AUTH_HTPASSWD_PATH /auth/htpasswd
+            ENV REGISTRY_HTTP_TLS_CERTIFICATE /certs/domain.crt
+            ENV REGISTRY_HTTP_TLS_KEY /certs/domain.key
+            EXPOSE 5000
+
+    - name: Install quadlet
+      containers.podman.podman_container:
+        name: myregistry
+        state: quadlet
+        image: localhost/myregistry:latest
+        volumes:
+          - "{{playbook_dir}}/certs:/certs:z"
+          - "{{playbook_dir}}/data:/var/lib/registry:z"
+          - "{{playbook_dir}}/auth:/auth:z"
+        ports:
+          - 5000:5000
+        quadlet_options:
+          - |
+            [Install]
+            WantedBy=default.target
+
+    - name: Reload systemd
+      ansible.builtin.systemd_service:
+        daemon_reload: true
+        scope: user
+
+    - name: Start container
+      ansible.builtin.systemd_service:
+        scope: user
+        name: myregistry.service
+        state: started