kayobe/ansible/roles/docker-registry/defaults/main.yml

---
# Roughly follows kolla-ansible's service deployment patterns.

# Action to perform. One of 'deploy', 'destroy', 'pull', 'reconfigure',
# 'stop', 'upgrade'.
docker_registry_action: deploy

# Whether a docker registry is enabled.
docker_registry_enabled: true

# Dict of environment variables to provide to the docker registry container.
# This allows to configure the registry by overriding specific configuration
# options, as described at https://docs.docker.com/registry/configuration/
# For example, the registry can be configured as a pull through cache to Docker
# Hub by setting REGISTRY_PROXY_REMOTEURL to "https://registry-1.docker.io".
# Note that it is not possible to push to a registry configured as a
# pull through cache.
docker_registry_env: {}

# Dict of environment variables setting a listen port for docker registry
# container.
docker_registry_env_listen:
  REGISTRY_HTTP_ADDR: "0.0.0.0:{{ docker_registry_port }}"

# Dict of environment variables to provide to the docker registry container
# when TLS is enabled.
docker_registry_env_tls:
  REGISTRY_HTTP_TLS_CERTIFICATE: "{{ docker_registry_config_path }}/cert.pem"
  REGISTRY_HTTP_TLS_KEY: "{{ docker_registry_config_path }}/key.pem"

# Dict of environment variables to provide to the docker registry container
# when basic authentication is enabled.
docker_registry_env_basic_auth:
  REGISTRY_AUTH: htpasswd
  REGISTRY_AUTH_HTPASSWD_REALM: "Registry realm"
  REGISTRY_AUTH_HTPASSWD_PATH: "{{ docker_registry_config_path }}/htpasswd"

# Service deployment definition.
docker_registry_services:
  docker_registry:
    container_name: docker_registry
    env: >-
     {{ {} |
        combine(docker_registry_env_tls if docker_registry_enable_tls | bool else {}) |
        combine(docker_registry_env_basic_auth if docker_registry_enable_basic_auth | bool else {}) |
        combine(docker_registry_env_listen if docker_registry_network_mode == 'host' else {}) |
        combine(docker_registry_env) }}
    enabled: "{{ docker_registry_enabled }}"
    image: "{{ docker_registry_image_full }}"
    network_mode: "{{ docker_registry_network_mode }}"
    ports: "{{ [docker_registry_port ~ ':5000'] if docker_registry_network_mode == 'bridge' else [] }}"
    volumes: "{{ docker_registry_volumes | select | list }}"

# The network mode of the docker registry container.
docker_registry_network_mode: host

# The port on which the docker registry server should listen.
docker_registry_port: 5000

# The name or path to use for the docker volume that backs the registry.
# Defaults to ``docker_registry``.
docker_registry_datadir_volume: docker_registry

# Path in which to store docker registry configuration.
docker_registry_config_path: "/etc/docker/registry"

# Whether to enable TLS for the registry.
docker_registry_enable_tls: false

# Path to a TLS certificate to use when TLS is enabled.
docker_registry_cert_path:

# Path to a TLS key to use when TLS is enabled.
docker_registry_key_path:

# Whether to enable basic authentication for the registry.
docker_registry_enable_basic_auth: false

# Path to a htpasswd formatted password store for the registry.
docker_registry_basic_auth_htpasswd_path:

####################
# Docker
####################
docker_registry_namespace: "library"
docker_registry_image: "docker.io/{{ docker_registry_namespace ~ '/' if docker_registry_namespace else '' }}registry"
docker_registry_tag: "latest"
docker_registry_image_full: "{{ docker_registry_image }}:{{ docker_registry_tag }}"

# List of volumes to be mounted to the docker registry container.
docker_registry_volumes:
  - "/etc/localtime:/etc/localtime:ro"
  - "{{ docker_registry_datadir_volume }}:/var/lib/registry"
  - "{% if docker_registry_enable_tls | bool or docker_registry_enable_basic_auth | bool %}{{ docker_registry_config_path }}:{{ docker_registry_config_path }}:ro{% endif %}"

docker_registry_restart_policy: "unless-stopped"
#docker_registry_restart_retries: