Moving proxy things to its own playbook + role

ansible/nuc.yaml

@@ -6,7 +6,6 @@
       tags:
         - setup
         - nomad
-        - proxy
         - volumes
       ansible.builtin.include_role:
         name: local-server-head

ansible/proxy.yaml

@@ -0,0 +1,7 @@
+---
+- hosts: nigel.local
+  remote_user: nigel
+  tasks:
+    - name: Apply reverse proxy role
+      ansible.builtin.include_role:
+        name: proxy

ansible/roles/local-server-head/files/nomad.hcl

@@ -0,0 +1,18 @@
+data_dir  = "/opt/nomad/data"
+bind_addr = "0.0.0.0"
+
+server {
+  enabled          = true
+  bootstrap_expect = 1
+}
+
+
+client {
+  enabled = true
+  servers = ["127.0.0.1"]
+}
+
+host_volume "registry" {
+    path = "/opt/volumes/registry"
+    read_only = false
+}

ansible/roles/local-server-head/tasks/main.yaml

@@ -23,14 +23,6 @@
       become: true
       tags:
         - nomad
-- name: Setup the reverse proxy outside of nomad
-  tags: proxy
-  ansible.builtin.include_tasks:
-    file: reverse_proxy.yaml
-    apply:
-      become: true
-      tags:
-        - proxy
 - name: Setup data directory for the nomad host volumes
   tags: volumes
   ansible.builtin.include_tasks:

ansible/roles/local-server-head/tasks/reverse_proxy.yaml

@@ -1,31 +0,0 @@
-- name: Keep /etc/hosts up to date
-  ansible.builtin.copy:
-    dest: /etc/hosts
-    src: host-file
-    mode: "0644"
-- name: Ensure nginx is setup as latest
-  ansible.builtin.apt:
-    name: nginx
-- name: Copy the nomad.conf to available configurations
-  ansible.builtin.copy:
-    src: "{{ item }}"
-    dest: "/etc/nginx/sites-available/{{ item }}"
-    mode: "0644"
-  loop:
-    - nomad.conf
-    - sanity.conf
-    - ncr.conf
-- name: Link the nomad.conf to sites-enabled
-  ansible.builtin.file:
-    path: "/etc/nginx/sites-enabled/{{ item }}"
-    state: link
-    src: "/etc/nginx/sites-available/{{ item }}"
-    mode: "0644"
-  loop:
-    - nomad.conf
-    - sanity.conf
-    - ncr.conf
-- name: Restart nginx
-  ansible.builtin.systemd_service:
-    name: nginx
-    state: restarted

ansible/roles/proxy/tasks/main.yaml

@@ -0,0 +1,32 @@
+- name: Reverse proxy role configuration
+  become: true
+  vars:
+    nginx_configs:
+      - nomad.conf
+      - ncr.conf
+  block:
+    - name: Ensure /etc/hosts are up to date
+      ansible.builtin.copy:
+        dest: /etc/hosts
+        src: host-file
+        mode: "0644"
+    - name: Ensure nginx is setup as latest
+      ansible.builtin.apt:
+        name: nginx
+    - name: Copy the nomad.conf to available configurations
+      ansible.builtin.copy:
+        src: "{{ item }}"
+        dest: "/etc/nginx/sites-available/{{ item }}"
+        mode: "0644"
+      loop: "{{ nginx_configs }}"
+    - name: Link the nomad.conf to sites-enabled
+      ansible.builtin.file:
+        path: "/etc/nginx/sites-enabled/{{ item }}"
+        state: link
+        src: "/etc/nginx/sites-available/{{ item }}"
+        mode: "0644"
+      loop: "{{ nginx_configs }}"
+    - name: Restart nginx
+      ansible.builtin.systemd_service:
+        name: nginx
+        state: restarted

infra/nigel-nomad/registry.hcl

@@ -0,0 +1,46 @@
+# Nigel's Container Registry
+job "ncr" {
+    type = "service"
+
+    group "ncr" {
+        count = 1
+        network {
+            port "docker" {
+                static = 5000
+            }
+        }
+
+        service {
+            name = "ncr"
+            port = "docker"
+            provider = "nomad"
+        }
+
+        volume "container_images" {
+            type = "host"
+            read_only = false
+            source = "registry"
+        }
+
+        restart {
+            attempts = 10
+            interval = "5m"
+            delay    = "30s"
+            mode     = "delay"
+        }
+
+        task "ncr" {
+            driver = "docker"
+
+            volume_mount {
+                volume      = "container_images"
+                destination = "/registry/data"
+                read_only   = false
+            }
+            config {
+                image = "registry:latest"
+                ports = [ "docker" ]
+            }
+        }
+    }
+}