diff options
author | Christian Pointner <equinox@spreadspace.org> | 2023-10-24 23:43:20 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2023-10-24 23:43:20 +0200 |
commit | 792ececf6b450ad9588c45d0f4b8652e42145f3d (patch) | |
tree | 121e22f50e91a552a0067640024997d313c8c16a /inventory/host_vars | |
parent | add new role docker/registry (WIP) (diff) |
x509: some daemons can't be reloaded and need to be restarted...
Diffstat (limited to 'inventory/host_vars')
-rw-r--r-- | inventory/host_vars/ch-testvm-prometheus.yml | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/inventory/host_vars/ch-testvm-prometheus.yml b/inventory/host_vars/ch-testvm-prometheus.yml index 415e6774..a4242f3d 100644 --- a/inventory/host_vars/ch-testvm-prometheus.yml +++ b/inventory/host_vars/ch-testvm-prometheus.yml @@ -35,3 +35,44 @@ network: - *_network_primary_ ntp_variant: systemd-timesyncd + + +docker_registry_storage: + type: lvm + vg: "{{ host_name }}" + lv: docker-registry + size: 3G + fs: ext4 + +docker_registry_http_secret: "larifarisecurity" +docker_registry_http_hostnames: + - docker.example.com +docker_registry_http_tls: + certificate_provider: selfsigned + certificate_config: + mode: "0750" + owner: root + group: docker-registry + key: + mode: "0640" + owner: root + group: docker-registry + cert: + mode: "0644" + owner: root + group: docker-registry + san_extra: + - "IP:{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}" + organization_name: "chaos-at-home" + organizational_unit_name: "ansible" + key_usage: + - digitalSignature + - keyAgreement + key_usage_critical: yes + extended_key_usage: + - serverAuth + extended_key_usage_critical: yes + create_subject_key_identifier: yes + not_after: +1000w + +docker_registry_http_listen_debug: "127.0.0.1:5001" |