x509: some daemons can't be reloaded and need to be restarted...

1 files changed, 41 insertions, 0 deletions

diff --git a/inventory/host_vars/ch-testvm-prometheus.yml b/inventory/host_vars/ch-testvm-prometheus.yml
index 415e6774..a4242f3d 100644
--- a/inventory/host_vars/ch-testvm-prometheus.yml
+++ b/inventory/host_vars/ch-testvm-prometheus.yml
@@ -35,3 +35,44 @@ network:
   - *_network_primary_
 
 ntp_variant: systemd-timesyncd
+
+
+docker_registry_storage:
+  type: lvm
+  vg: "{{ host_name }}"
+  lv: docker-registry
+  size: 3G
+  fs: ext4
+
+docker_registry_http_secret: "larifarisecurity"
+docker_registry_http_hostnames:
+  - docker.example.com
+docker_registry_http_tls:
+  certificate_provider: selfsigned
+  certificate_config:
+    mode: "0750"
+    owner: root
+    group: docker-registry
+    key:
+      mode: "0640"
+      owner: root
+      group: docker-registry
+    cert:
+      mode: "0644"
+      owner: root
+      group: docker-registry
+      san_extra:
+      - "IP:{{ network_zones.svc.prefix | ansible.utils.ipaddr(network_zones.svc.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}"
+      organization_name: "chaos-at-home"
+      organizational_unit_name: "ansible"
+      key_usage:
+      - digitalSignature
+      - keyAgreement
+      key_usage_critical: yes
+      extended_key_usage:
+      - serverAuth
+      extended_key_usage_critical: yes
+      create_subject_key_identifier: yes
+      not_after: +1000w
+
+docker_registry_http_listen_debug: "127.0.0.1:5001"