.

salt/pillars/docker.sls

@@ -0,0 +1,5 @@
+docker:
+  username:
+  access_token:
+  url: docker.io/registry
+  tag: 2.7.1

salt/pillars/nexus.sls

@@ -0,0 +1,3 @@
+nexus:
+  url: docker.io/sonatype/nexus3
+  tag: 3.34.1

salt/pillars/top.sls

@@ -4,6 +4,7 @@ base:
     - chrony
     - mysql
     - rmt
+    - docker
 {% if salt['pillar.file_exists']('local.sls') %}
     - local
 {% endif %}

salt/states/docker/files/registry-container.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Docker registry container
+
+[Service]
+Restart=always
+ExecStart=/usr/bin/podman start -a docker-registry
+ExecStop=/usr/bin/podman stop -t 120 docker-registry
+
+[Install]
+WantedBy=local.target

salt/states/docker/registry.sls

@@ -0,0 +1,50 @@
+Create registry data folder:
+  file.directory:
+    - name: /srv/registry
+    - user: root
+    - group: root
+    - mode: "0755"
+
+Create registry-container systemd unit file:
+  file.managed:
+    - name: /etc/systemd/system/registry-container.service
+    - source: salt://docker/files/registry-container.service
+    - user: root
+    - group: root
+    - mode: "0644"
+
+Realod systemd daemon:
+  cmd.run:
+    - name: systemctl daemon-reload
+    - onchanges:
+      - file: Create registry-container systemd unit file
+
+Pull docker-registry image:
+  cmd.run:
+    - name: "podman image pull {{ pillar['docker']['url'] }}:{{ pillar['docker']['tag'] }}"
+    - unless: "podman image exists {{ pillar['docker']['url'] }}:{{ pillar['docker']['tag'] }}"
+
+Stop docker-registry container before rebuild:
+  service.dead:
+    - name: docker-registry-container
+    - onchanges:
+      - cmd: Pull docker-registry image
+
+Remove old docker-registry container:
+  cmd.run:
+    - name: podman container rm docker-registry
+    - onlyif: podman container exists docker-registry
+    - onchanges:
+      - cmd: Pull docker-registry image
+
+Create docker-registry container:
+  cmd.run:
+    - name: podman container create --name docker-registry --publish 5000:5000 --volume /srv/registry:/var/lib/registry --env REGISTRY_PROXY_USERNAME={{ pillar['docker']['username'] }} --env REGISTRY_PROXY_PASSWORD={{ pillar['docker']['access_token'] }} --env REGISTRY_PROXY_REMOTEURL=https://registry-1.docker.io {{ pillar['docker']['url'] }}:{{ pillar['docker']['tag'] }}
+    - unless: podman container exists docker-registry
+
+Start the docker-registry container:
+  service.running:
+    - name: registry-container
+    - enable: True
+    - watch: 
+      - file: Create registry-container systemd unit file

salt/states/podman/files/registries.conf

@@ -0,0 +1,12 @@
+unqualified-search-registries = ["registry.opensuse.org", "docker.io"]
+
+
+[[registry]]
+prefix = "docker.io"
+location = "docker.io"
+insecure = false
+blocked = false
+
+[[registry.mirror]]
+location = "localhost:5000"
+insecure = true

salt/states/podman/init.sls

@@ -0,0 +1,11 @@
+Install podman:
+  pkg.installed:
+    - name: podman
+
+Configure local registry repository:
+  file.managed:
+    - name: /etc/containers/registries.conf
+    - source: salt://podman/files/registries.conf
+    - user: root
+    - group: root
+    - mode: "0644"

salt/states/top.sls

@@ -8,3 +8,5 @@ base:
     - nginx
     - mariadb
     - rmt
+    - podman
+    - docker.registry