Migrate services part

2024-09-27 00:02:36 +02:00 · 2024-09-27 00:02:36 +02:00 · 73bce8f6e5
commit 73bce8f6e5
parent 7c59e4ae57
157 changed files with 3883 additions and 9 deletions
--- a/roles/harbor/vars/main.yml
+++ b/roles/harbor/vars/main.yml
@ -0,0 +1,103 @@
+---
+harbor_port_http: 20080
+harbor_port_https: 20443
+harbor_port_metrics: 29000
+
+harbor_db_host: "{{ postgres.host }}"
+harbor_db_port: "{{ postgres.port }}"
+harbor_db_database: harbor
+harbor_db_user: "{{ vault_harbor.db.user }}"
+harbor_db_pass: "{{ vault_harbor.db.pass }}"
+harbor_version: 2.9.0
+
+harbor_svc:
+  name: harbor
+  domain: registry.serguzim.me
+  caddy_extra: |
+    reverse_proxy /metrics host.docker.internal:{{ harbor_port_metrics }}
+    reverse_proxy host.docker.internal:{{ harbor_port_https }} {
+        transport http {
+            tls
+            tls_server_name registry.serguzim.me
+        }
+    }
+  caddy_default: false
+  db:
+    host: "{{ postgres.host }}"
+    port: "{{ postgres.port }}"
+    database: harbor
+    user: "{{ vault_harbor.db.user }}"
+    pass: "{{ vault_harbor.db.pass }}"
+  harbor_version: 2.9.0
+
+harbor_yml:
+  hostname: "{{ harbor_svc.domain }}"
+  http:
+    port: "{{ harbor_port_http }}"
+  https:
+    port: "{{ harbor_port_https }}"
+    certificate: "{{ (service_path, 'server.crt') | path_join }}"
+    private_key: "{{ (service_path, 'server.key') | path_join }}"
+  external_url: https://registry.serguzim.me
+  harbor_admin_password: "{{ vault_harbor.admin_password }}"
+  data_volume: "{{ (service_path, 'data') | path_join }}"
+  storage_service:
+    s3:
+      accesskey: "{{ vault_harbor.minio.accesskey }}"
+      secretkey: "{{ vault_harbor.minio.secretkey }}"
+      region: de-contabo-1
+      regionendpoint: https://s3.serguzim.me
+      bucket: registry
+      secure: true
+  trivy:
+    ignore_unfixed: false
+    skip_update: false
+    offline_scan: false
+    security_check: vuln
+    insecure: false
+  jobservice:
+    max_job_workers: 10
+    job_loggers:
+      - STD_OUTPUT
+      - FILE
+    logger_sweeper_duration: 1
+  notification:
+    webhook_job_max_retry: 3
+    webhook_job_http_client_timeout: 3
+  log:
+    level: info
+    local:
+      rotate_count: 50
+      rotate_size: 200M
+      location: /var/log/harbor
+  _version: "{{ harbor_version }}"
+  external_database:
+    harbor:
+      host: "{{ harbor_db_host }}"
+      port: "{{ harbor_db_port }}"
+      db_name: "{{ harbor_db_database }}"
+      username: "{{ harbor_db_user }}"
+      password: "{{ harbor_db_pass }}"
+      ssl_mode: verify-full
+      max_idle_conns: 2
+      max_open_conns: 0
+  proxy:
+    http_proxy:
+    https_proxy:
+    no_proxy:
+    components:
+      - core
+      - jobservice
+      - trivy
+  metric:
+    enabled: enabled
+    port: "{{ harbor_port_metrics }}"
+    path: /metrics
+  upload_purging:
+    enabled: true
+    age: 168h
+    interval: 24h
+    dryrun: false
+  cache:
+    enabled: false
+    expire_hours: 24