From 7cba6b9616b15575fd75e0d35ee61fdcbf98f052 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Tue, 14 Sep 2021 17:51:07 +0000
Subject: [PATCH] docker-registry: Limit access to registry base directory

---
 roles/docker-distribution/tasks/main.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/docker-distribution/tasks/main.yml b/roles/docker-distribution/tasks/main.yml
index 6c348ca..e4f3bb6 100644
--- a/roles/docker-distribution/tasks/main.yml
+++ b/roles/docker-distribution/tasks/main.yml
@@ -46,6 +46,14 @@
     group: "{{ ansible_wheel }}"
   notify: restart docker-distribution
 
+- name: create docker image directory
+  file:
+    path: /srv/registry/docker
+    state: directory
+    mode: 0770
+    owner: root
+    group: docker
+
 - name: start service
   service:
     name: docker-distribution