docker-distribution: Run service as docker instead of root

2021-09-14 17:43:25 +00:00 · 2021-09-14 17:43:25 +00:00 · 08d395078d
commit 08d395078d
parent 82a4c66575
1 changed files with 33 additions and 0 deletions
--- a/roles/docker-distribution/tasks/main.yml
+++ b/roles/docker-distribution/tasks/main.yml
@ -4,6 +4,39 @@
    name: docker-distribution
    state: installed

+- name: create docker group
+  group:
+    name: docker
+    gid: 1004
+
+- name: create docker user
+  user:
+    name: docker
+    comment: Service Docker-Registry
+    createhome: false
+    group: docker
+    groups: hostkey
+    home: /var/empty
+    shell: /sbin/nologin
+    uid: 1004
+
+- name: create unit file drop-in directory
+  file:
+    path: /etc/systemd/system/docker-distribution.service.d
+    state: directory
+    mode: 0755
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: create unit file drop-in
+  copy:
+    dest: /etc/systemd/system/docker-distribution.service.d/user.conf
+    src: user.conf
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+  notify: restart docker-distribution
+
 - name: create config file
  template:
    dest: /etc/docker-distribution/registry/config.yml