From 8972d8380074e3e7c4d66eb04efb08da27ca78ef Mon Sep 17 00:00:00 2001
From: Jonas Forsberg <jonas.forsberg@suse.com>
Date: Sun, 26 Sep 2021 12:11:06 +0200
Subject: [PATCH] .

---
 salt/pillars/docker.sls                       |  5 ++
 salt/pillars/nexus.sls                        |  3 ++
 salt/pillars/top.sls                          |  1 +
 .../docker/files/registry-container.service   | 10 ++++
 salt/states/docker/registry.sls               | 50 +++++++++++++++++++
 salt/states/podman/files/registries.conf      | 12 +++++
 salt/states/podman/init.sls                   | 11 ++++
 salt/states/top.sls                           |  2 +
 8 files changed, 94 insertions(+)
 create mode 100644 salt/pillars/docker.sls
 create mode 100644 salt/pillars/nexus.sls
 create mode 100644 salt/states/docker/files/registry-container.service
 create mode 100644 salt/states/docker/registry.sls
 create mode 100644 salt/states/podman/files/registries.conf
 create mode 100644 salt/states/podman/init.sls

diff --git a/salt/pillars/docker.sls b/salt/pillars/docker.sls
new file mode 100644
index 0000000..2553c49
--- /dev/null
+++ b/salt/pillars/docker.sls
@@ -0,0 +1,5 @@
+docker:
+  username:
+  access_token:
+  url: docker.io/registry
+  tag: 2.7.1
diff --git a/salt/pillars/nexus.sls b/salt/pillars/nexus.sls
new file mode 100644
index 0000000..edffa26
--- /dev/null
+++ b/salt/pillars/nexus.sls
@@ -0,0 +1,3 @@
+nexus:
+  url: docker.io/sonatype/nexus3
+  tag: 3.34.1
diff --git a/salt/pillars/top.sls b/salt/pillars/top.sls
index 473a944..1dc794b 100644
--- a/salt/pillars/top.sls
+++ b/salt/pillars/top.sls
@@ -4,6 +4,7 @@ base:
     - chrony
     - mysql
     - rmt
+    - docker
 {% if salt['pillar.file_exists']('local.sls') %}
     - local
 {% endif %}
diff --git a/salt/states/docker/files/registry-container.service b/salt/states/docker/files/registry-container.service
new file mode 100644
index 0000000..1b6db80
--- /dev/null
+++ b/salt/states/docker/files/registry-container.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=Docker registry container
+
+[Service]
+Restart=always
+ExecStart=/usr/bin/podman start -a docker-registry
+ExecStop=/usr/bin/podman stop -t 120 docker-registry
+
+[Install]
+WantedBy=local.target
diff --git a/salt/states/docker/registry.sls b/salt/states/docker/registry.sls
new file mode 100644
index 0000000..ba2c72b
--- /dev/null
+++ b/salt/states/docker/registry.sls
@@ -0,0 +1,50 @@
+Create registry data folder:
+  file.directory:
+    - name: /srv/registry
+    - user: root
+    - group: root
+    - mode: "0755"
+
+Create registry-container systemd unit file:
+  file.managed:
+    - name: /etc/systemd/system/registry-container.service
+    - source: salt://docker/files/registry-container.service
+    - user: root
+    - group: root
+    - mode: "0644"
+
+Realod systemd daemon:
+  cmd.run:
+    - name: systemctl daemon-reload
+    - onchanges:
+      - file: Create registry-container systemd unit file
+
+Pull docker-registry image:
+  cmd.run:
+    - name: "podman image pull {{ pillar['docker']['url'] }}:{{ pillar['docker']['tag'] }}"
+    - unless: "podman image exists {{ pillar['docker']['url'] }}:{{ pillar['docker']['tag'] }}"
+
+Stop docker-registry container before rebuild:
+  service.dead:
+    - name: docker-registry-container
+    - onchanges:
+      - cmd: Pull docker-registry image
+
+Remove old docker-registry container:
+  cmd.run:
+    - name: podman container rm docker-registry
+    - onlyif: podman container exists docker-registry
+    - onchanges:
+      - cmd: Pull docker-registry image
+
+Create docker-registry container:
+  cmd.run:
+    - name: podman container create --name docker-registry --publish 5000:5000 --volume /srv/registry:/var/lib/registry --env REGISTRY_PROXY_USERNAME={{ pillar['docker']['username'] }} --env REGISTRY_PROXY_PASSWORD={{ pillar['docker']['access_token'] }} --env REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io {{ pillar['docker']['url'] }}:{{ pillar['docker']['tag'] }}
+    - unless: podman container exists docker-registry
+
+Start the docker-registry container:
+  service.running:
+    - name: registry-container
+    - enable: True
+    - watch: 
+      - file: Create registry-container systemd unit file
diff --git a/salt/states/podman/files/registries.conf b/salt/states/podman/files/registries.conf
new file mode 100644
index 0000000..51532f7
--- /dev/null
+++ b/salt/states/podman/files/registries.conf
@@ -0,0 +1,12 @@
+unqualified-search-registries = ["registry.opensuse.org", "docker.io"]
+
+
+[[registry]]
+prefix = "docker.io"
+location = "docker.io"
+insecure = false
+blocked = false
+
+[[registry.mirror]]
+location = "localhost:5000"
+insecure = true
diff --git a/salt/states/podman/init.sls b/salt/states/podman/init.sls
new file mode 100644
index 0000000..07393e7
--- /dev/null
+++ b/salt/states/podman/init.sls
@@ -0,0 +1,11 @@
+Install podman:
+  pkg.installed:
+    - name: podman
+
+Configure local registry repository:
+  file.managed:
+    - name: /etc/containers/registries.conf
+    - source: salt://podman/files/registries.conf
+    - user: root
+    - group: root
+    - mode: "0644"
diff --git a/salt/states/top.sls b/salt/states/top.sls
index 0401ada..0311bdb 100644
--- a/salt/states/top.sls
+++ b/salt/states/top.sls
@@ -8,3 +8,5 @@ base:
     - nginx
     - mariadb
     - rmt
+    - podman
+    - docker.registry