eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/ansible
History
Erich Blume d7a10a9b1a Enable zot OIDC auth + accessControl, wire CI registry credentials 
Enable authentication on the zot registry with OIDC (via Authentik) and
API key support. Add three-tier accessControl: anonymous read, CI create
(artifact-workloads group), admin full access.

Wire both CI push paths with registry credentials:
- Dagger publish() gains optional registry_password/username params
- Nix/skopeo path adds --dest-creds to skopeo copy

The ZOT_CI_API_KEY secret flows from 1Password through the existing
forgejo_actions_secrets ansible role to both runners.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-21 09:13:30 -08:00
..
inventory Add NixOS configuration for ringtail workstation (#207) 2026-02-18 08:24:25 -08:00
playbooks Enable zot OIDC auth + accessControl, wire CI registry credentials 2026-02-21 09:13:30 -08:00
roles Enable zot OIDC auth + accessControl, wire CI registry credentials 2026-02-21 09:13:30 -08:00
ansible.cfg Suppress Python interpreter discovery warning in ansible 2026-01-13 21:26:41 -08:00
requirements.yml Add ansible playbook for indri with prometheus and grafana roles 2026-01-13 21:12:24 -08:00