From c0fac3fecdb5bbbaa1964491ffbcd59852a3195a Mon Sep 17 00:00:00 2001
From: godog <godog@autistici.org>
Date: Thu, 24 Apr 2025 19:18:37 +0200
Subject: [PATCH] base-docker: add registry mirror

A sample utility to run a local registry is provided
---
 roles/float-base-docker/files/registry-mirror | 72 +++++++++++++++++++
 roles/float-base-docker/tasks/main.yml        |  9 +++
 .../templates/registry-mirror.yml.j2          |  6 ++
 3 files changed, 87 insertions(+)
 create mode 100755 roles/float-base-docker/files/registry-mirror
 create mode 100644 roles/float-base-docker/templates/registry-mirror.yml.j2

diff --git a/roles/float-base-docker/files/registry-mirror b/roles/float-base-docker/files/registry-mirror
new file mode 100755
index 00000000..0aa495a5
--- /dev/null
+++ b/roles/float-base-docker/files/registry-mirror
@@ -0,0 +1,72 @@
+#!/bin/bash
+
+CACHE_DIR="./cache"
+PORT="5001"
+REGISTRY_URL=""
+
+while [[ $# -gt 0 ]]; do
+  case $1 in
+    --cache-dir)
+      CACHE_DIR="$2"
+      shift 2
+      ;;
+    --port)
+      PORT="$2"
+      shift 2
+      ;;
+    *)
+      REGISTRY_URL="$1"
+      shift
+      ;;
+  esac
+done
+
+if [ -z "$REGISTRY_URL" ]; then
+  echo "Error: Registry URL is required"
+  echo "Usage: $0 [--cache-dir DIR] [--port PORT] registry-url"
+  exit 1
+fi
+
+if [[ ! "$REGISTRY_URL" =~ ^https?:// ]]; then
+  echo "Error: Registry URL must start with http:// or https://"
+  echo "Provided URL: $REGISTRY_URL"
+  exit 1
+fi
+
+install -d "$CACHE_DIR"
+
+
+CONFIG_FILE=$(mktemp)
+trap "rm -f $CONFIG_FILE" EXIT
+
+cat > "$CONFIG_FILE" << EOF
+version: 0.1
+log:
+  level: info
+storage:
+  filesystem:
+    rootdirectory: /var/lib/registry
+  delete:
+    enabled: true
+  cache:
+    blobdescriptor: inmemory
+http:
+  addr: 0.0.0.0:$PORT
+  headers:
+    X-Content-Type-Options: [nosniff]
+proxy:
+  remoteurl: $REGISTRY_URL
+  ttl: 168h
+EOF
+
+echo "Starting registry proxy for $REGISTRY_URL on port $PORT."
+echo "Cache directory: $CACHE_DIR"
+
+CONTAINER_NAME="registry-mirror-$(echo "$REGISTRY_URL" | sed -E 's|^https?://||')"
+
+podman run --rm \
+  --name $CONTAINER_NAME \
+  --network host \
+  -v "$CACHE_DIR:/var/lib/registry:Z" \
+  -v "$CONFIG_FILE:/etc/docker/registry/config.yml:ro,Z" \
+  docker.io/library/registry:2
diff --git a/roles/float-base-docker/tasks/main.yml b/roles/float-base-docker/tasks/main.yml
index 998e6120..3c6c454c 100644
--- a/roles/float-base-docker/tasks/main.yml
+++ b/roles/float-base-docker/tasks/main.yml
@@ -45,6 +45,15 @@
     content: "33 3 * * * root runcron --quiet /usr/local/bin/docker-cleanup\n"
     mode: 0644
 
+- name: Create registry mirror configuration files
+  template:
+    src: registry-mirror.yml.j2
+    dest: "/etc/containers/registries.conf.d/{{ item.key }}.conf"
+    owner: root
+    group: root
+    mode: '0644'
+  loop: "{{ registry_mirrors | dict2items }}"
+
 - import_tasks: start.yml
 
 # Grab the list of currently running containers, and stop / cleanup
diff --git a/roles/float-base-docker/templates/registry-mirror.yml.j2 b/roles/float-base-docker/templates/registry-mirror.yml.j2
new file mode 100644
index 00000000..8b1b591b
--- /dev/null
+++ b/roles/float-base-docker/templates/registry-mirror.yml.j2
@@ -0,0 +1,6 @@
+[[registry]]
+location = "{{ item.key }}"
+
+[[registry.mirror]]
+location = "{{ item.value }}"
+insecure = true
-- 
GitLab