Prepare ansible role for AlmaLinux 10
* Moved from docker to podman * Refactored certificate generation
This commit is contained in:
@@ -1,15 +0,0 @@
|
||||
version: '3.3'
|
||||
|
||||
services:
|
||||
nginx:
|
||||
image: registry:latest
|
||||
container_name: dockerrepo
|
||||
restart: always
|
||||
environment:
|
||||
- REGISTRY_HTTP_TLS_CERTIFICATE=/certs/dockerrepo.crt
|
||||
- REGISTRY_HTTP_TLS_KEY=/certs/dockerrepo.key
|
||||
volumes:
|
||||
- '{{ dockerrepo_data_dir }}:/var/lib/registry'
|
||||
- '{{ dockerrepo_dir }}/certs:/certs'
|
||||
ports:
|
||||
- 5000:5000
|
||||
@@ -1,16 +0,0 @@
|
||||
version: '3.3'
|
||||
|
||||
services:
|
||||
nginx:
|
||||
image: nginx:latest
|
||||
container_name: rproxy
|
||||
restart: always
|
||||
volumes:
|
||||
- '{{ rproxy_dir }}/nginx.conf:/etc/nginx/nginx.conf'
|
||||
- '{{ rproxy_dir }}/sites:/etc/nginx/sites'
|
||||
- '{{ rproxy_dir }}/certs:/etc/nginx/certs'
|
||||
- '{{ repo_data_dir }}:/repo'
|
||||
ports:
|
||||
- 443:443
|
||||
- 80:80
|
||||
- 9000:9000
|
||||
@@ -1,29 +0,0 @@
|
||||
[ req ]
|
||||
prompt = no
|
||||
distinguished_name = dockerrepo.{{ ansible_domain }}
|
||||
req_extensions = v3_req
|
||||
x509_extensions = v3_x509
|
||||
|
||||
|
||||
[ dockerrepo.{{ ansible_domain }} ]
|
||||
countryName = RU
|
||||
stateOrProvinceName = RU
|
||||
localityName = MSK
|
||||
organizationName = {{ ansible_domain }}
|
||||
organizationalUnitName = IT
|
||||
commonName = dockerrepo.{{ ansible_domain }}
|
||||
emailAddress = admin@{{ ansible_domain }}
|
||||
|
||||
[ v3_req ]
|
||||
basicConstraints = CA:false
|
||||
keyUsage = digitalSignature, keyEncipherment
|
||||
subjectAltName = @sans
|
||||
|
||||
[ v3_x509 ]
|
||||
basicConstraints = CA:false
|
||||
keyUsage = digitalSignature, keyEncipherment
|
||||
subjectAltName = @sans
|
||||
|
||||
[ sans ]
|
||||
DNS.1 = dockerrepo.{{ ansible_domain }}
|
||||
IP.1 = {{ {{ ansible_facts['default_ipv4']['address'] }} }}
|
||||
@@ -1,29 +0,0 @@
|
||||
[ req ]
|
||||
prompt = no
|
||||
distinguished_name = repo.{{ ansible_domain }}
|
||||
req_extensions = v3_req
|
||||
x509_extensions = v3_x509
|
||||
|
||||
|
||||
[ repo.{{ ansible_domain }} ]
|
||||
countryName = RU
|
||||
stateOrProvinceName = RU
|
||||
localityName = MSK
|
||||
organizationName = {{ ansible_domain }}
|
||||
organizationalUnitName = IT
|
||||
commonName = repo.{{ ansible_domain }}
|
||||
emailAddress = admin@{{ ansible_domain }}
|
||||
|
||||
[ v3_req ]
|
||||
basicConstraints = CA:false
|
||||
keyUsage = digitalSignature, keyEncipherment
|
||||
subjectAltName = @sans
|
||||
|
||||
[ v3_x509 ]
|
||||
basicConstraints = CA:false
|
||||
keyUsage = digitalSignature, keyEncipherment
|
||||
subjectAltName = @sans
|
||||
|
||||
[ sans ]
|
||||
DNS.1 = repo.{{ ansible_domain }}
|
||||
IP.1 = {{ {{ ansible_facts['default_ipv4']['address'] }} }}
|
||||
@@ -1,29 +0,0 @@
|
||||
[ req ]
|
||||
prompt = no
|
||||
distinguished_name = {{ rproxy_service_name }}.{{ ansible_domain }}
|
||||
req_extensions = v3_req
|
||||
x509_extensions = v3_x509
|
||||
|
||||
|
||||
[ {{ rproxy_service_name }}.{{ ansible_domain }} ]
|
||||
countryName = RU
|
||||
stateOrProvinceName = RU
|
||||
localityName = MSK
|
||||
organizationName = {{ ansible_domain }}
|
||||
organizationalUnitName = IT
|
||||
commonName = {{ rproxy_service_name }}.{{ ansible_domain }}
|
||||
emailAddress = admin@{{ ansible_domain }}
|
||||
|
||||
[ v3_req ]
|
||||
basicConstraints = CA:false
|
||||
keyUsage = digitalSignature, keyEncipherment
|
||||
subjectAltName = @sans
|
||||
|
||||
[ v3_x509 ]
|
||||
basicConstraints = CA:false
|
||||
keyUsage = digitalSignature, keyEncipherment
|
||||
subjectAltName = @sans
|
||||
|
||||
[ sans ]
|
||||
DNS.1 = {{ rproxy_service_name }}.{{ ansible_domain }}
|
||||
IP.1 = {{ rproxy_service_address }}
|
||||
Reference in New Issue
Block a user