diff options
| author | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-11 02:26:17 +0200 |
|---|---|---|
| committer | Hugo Hörnquist <hugo@lysator.liu.se> | 2023-06-11 02:44:18 +0200 |
| commit | 04ef27409843d9cfc6d6a06a06632b937c547e8d (patch) | |
| tree | 6abc503d489068063fefba1d66d3efcada44c130 /manifests/container_registry.pp | |
| parent | Change dhcpd domain. (diff) | |
| download | profiles-04ef27409843d9cfc6d6a06a06632b937c547e8d.tar.gz profiles-04ef27409843d9cfc6d6a06a06632b937c547e8d.tar.xz | |
Add distribution registry.
Diffstat (limited to 'manifests/container_registry.pp')
| -rw-r--r-- | manifests/container_registry.pp | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/manifests/container_registry.pp b/manifests/container_registry.pp new file mode 100644 index 0000000..de1a268 --- /dev/null +++ b/manifests/container_registry.pp @@ -0,0 +1,48 @@ +# @summary Sets up a local container registry +# +# Note that this is more of a role. +class profiles::container_registry ( + String $server_name, + Enum['present', 'absent'] $ensure = 'present', +) { + include profiles::nginx + + $socket = '/run/distribution/distribution.sock' + class { 'profiles::distribution_registry': + http_addr => $socket, + http_net => 'unix', + } + + include ::profiles::certificate + letsencrypt::domain { $server_name: + cert_name => $profiles::certificate::cert_name, + } + + if $ensure == 'present' { + @@dns::record { "AAAA ${server_name}": + type => 'AAAA', + zone => "${facts['domain']}.", + key => $server_name.split('.')[0], + value => $facts['ipaddress6'], + } + } + + nginx::resource::server { $server_name: + ensure => $ensure, + ipv6_enable => true, + ipv6_listen_options => '', + use_default_location => false, + * => letsencrypt::conf::nginx($server_name), + } + + if $facts['letsencrypt_directory'][$server_name] { + nginx::resource::location { "${server_name} /": + location => '/', + proxy => "http://unix:${socket}", + index_files => [], + ssl => true, + ssl_only => true, + server => $server_name, + } + } +} |