diff --git a/dns/services.json b/dns/services.json index d5a0d92..1fca732 100644 --- a/dns/services.json +++ b/dns/services.json @@ -29,11 +29,6 @@ "domain": "serguzim.me", "host": "node002" }, - "registry": { - "target": "registry", - "domain": "serguzim.me", - "host": "node002" - }, "s3": { "target": "s3", "domain": "serguzim.me", diff --git a/playbooks/node002.yml b/playbooks/node002.yml index a6cd6d8..ae20f1f 100644 --- a/playbooks/node002.yml +++ b/playbooks/node002.yml @@ -29,8 +29,6 @@ tags: [forgejo, git, development] - role: forgejo_runner tags: [forgejo-runner, ci, development] - - role: harbor - tags: [harbor, registry, development] - role: healthcheck tags: [healthcheck, monitoring] - role: homebox diff --git a/roles/harbor/tasks/main.yml b/roles/harbor/tasks/main.yml deleted file mode 100644 index 88a58a2..0000000 --- a/roles/harbor/tasks/main.yml +++ /dev/null @@ -1,44 +0,0 @@ ---- -- name: Set common facts - ansible.builtin.import_tasks: tasks/set-default-facts.yml - -- name: Deploy {{ svc.name }} - vars: - svc: "{{ harbor_svc }}" - env: "{{ harbor_env }}" - yml: "{{ harbor_yml }}" - block: - - name: Import prepare tasks for common service - ansible.builtin.import_tasks: tasks/prepare-common-service.yml - - - name: Import tasks to template the site for the reverse proxy - ansible.builtin.import_tasks: tasks/steps/template-site-config.yml - - - name: Template config - ansible.builtin.template: - src: yml.j2 - dest: "{{ (service_path, 'harbor.yml') | path_join }}" - mode: "0644" - - - name: Download harbor - ansible.builtin.unarchive: - src: https://github.com/goharbor/harbor/releases/download/v{{ svc.harbor_version }}/harbor-online-installer-v{{ svc.harbor_version }}.tgz - dest: "{{ service_path }}" - remote_src: true - - - name: Run the harbor prepare command - ansible.builtin.command: - cmd: "{{ service_path }}/harbor/prepare" - chdir: "{{ service_path }}" - creates: "{{ (service_path, 'docker-compose.yml') | path_join }}" - environment: - HARBOR_BUNDLE_DIR: "{{ service_path }}" - - - name: Run the harbor install command - ansible.builtin.command: - cmd: "{{ service_path }}/harbor/install.sh" - chdir: "{{ service_path }}" - environment: - HARBOR_BUNDLE_DIR: "{{ service_path }}" - become: true - changed_when: true # TODO find way to recognize need to run install command diff --git a/roles/harbor/vars/main.yml b/roles/harbor/vars/main.yml deleted file mode 100644 index ef165e5..0000000 --- a/roles/harbor/vars/main.yml +++ /dev/null @@ -1,103 +0,0 @@ ---- -harbor_port_http: 20080 -harbor_port_https: 20443 -harbor_port_metrics: 29000 - -harbor_db_host: "{{ postgres.host }}" -harbor_db_port: "{{ postgres.port }}" -harbor_db_database: harbor -harbor_db_user: "{{ vault_harbor.db.user }}" -harbor_db_pass: "{{ vault_harbor.db.pass }}" -harbor_version: 2.9.0 - -harbor_svc: - name: harbor - domain: registry.serguzim.me - caddy_extra: | - reverse_proxy /metrics host.docker.internal:{{ harbor_port_metrics }} - reverse_proxy host.docker.internal:{{ harbor_port_https }} { - transport http { - tls - tls_server_name registry.serguzim.me - } - } - caddy_default: false - db: - host: "{{ postgres.host }}" - port: "{{ postgres.port }}" - database: harbor - user: "{{ vault_harbor.db.user }}" - pass: "{{ vault_harbor.db.pass }}" - harbor_version: 2.9.0 - -harbor_yml: - hostname: "{{ harbor_svc.domain }}" - http: - port: "{{ harbor_port_http }}" - https: - port: "{{ harbor_port_https }}" - certificate: "{{ (service_path, 'server.crt') | path_join }}" - private_key: "{{ (service_path, 'server.key') | path_join }}" - external_url: https://registry.serguzim.me - harbor_admin_password: "{{ vault_harbor.admin_password }}" - data_volume: "{{ (service_path, 'data') | path_join }}" - storage_service: - s3: - accesskey: "{{ vault_harbor.minio.accesskey }}" - secretkey: "{{ vault_harbor.minio.secretkey }}" - region: de-contabo-1 - regionendpoint: https://s3.serguzim.me - bucket: registry - secure: true - trivy: - ignore_unfixed: false - skip_update: false - offline_scan: false - security_check: vuln - insecure: false - jobservice: - max_job_workers: 10 - job_loggers: - - STD_OUTPUT - - FILE - logger_sweeper_duration: 1 - notification: - webhook_job_max_retry: 3 - webhook_job_http_client_timeout: 3 - log: - level: info - local: - rotate_count: 50 - rotate_size: 200M - location: /var/log/harbor - _version: "{{ harbor_version }}" - external_database: - harbor: - host: "{{ harbor_db_host }}" - port: "{{ harbor_db_port }}" - db_name: "{{ harbor_db_database }}" - username: "{{ harbor_db_user }}" - password: "{{ harbor_db_pass }}" - ssl_mode: verify-full - max_idle_conns: 2 - max_open_conns: 0 - proxy: - http_proxy: - https_proxy: - no_proxy: - components: - - core - - jobservice - - trivy - metric: - enabled: enabled - port: "{{ harbor_port_metrics }}" - path: /metrics - upload_purging: - enabled: true - age: 168h - interval: 24h - dryrun: false - cache: - enabled: false - expire_hours: 24 diff --git a/roles/healthcheck/files/data/http b/roles/healthcheck/files/data/http index 3fecf5e..c5ac26c 100755 --- a/roles/healthcheck/files/data/http +++ b/roles/healthcheck/files/data/http @@ -37,7 +37,6 @@ check_url "git.serguzim.me" check_url "hook.serguzim.me" check_url "mail.serguzim.me" #check_url "msrg.cc" # disabled because it keeps creating false alerts -check_url "registry.serguzim.me" "/account/sign-in" check_url "rss.serguzim.me" #check_url "serguzim.me" # disabled because it keeps creating false alerts check_url "status.serguzim.me" "/status/serguzim-net" diff --git a/roles/lego/files/node002/registry.serguzim.me b/roles/lego/files/node002/registry.serguzim.me deleted file mode 100755 index 4f564c7..0000000 --- a/roles/lego/files/node002/registry.serguzim.me +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/env sh - -domain="registry.serguzim.me" - -_install() { - install --owner=root --group=root --mode=600 \ - "$CERTIFICATES_PATH/$domain.$1" \ - "/opt/services/harbor/server.$1" -} - -_install crt -_install key - -export HARBOR_BUNDLE_DIR=/opt/services/harbor -$HARBOR_BUNDLE_DIR/harbor/install.sh - -# vim: ft=sh diff --git a/roles/lego/tasks/systemd.yml b/roles/lego/tasks/systemd.yml index d31cb31..0c3e56a 100644 --- a/roles/lego/tasks/systemd.yml +++ b/roles/lego/tasks/systemd.yml @@ -20,5 +20,4 @@ loop: - msrg.cc - db.serguzim.me - - registry.serguzim.me become: true diff --git a/variables.tf b/variables.tf index 2d2eeda..f262a08 100644 --- a/variables.tf +++ b/variables.tf @@ -73,10 +73,6 @@ variable "service_buckets" { name = "linkwarden" bucket = "linkwarden.serguzim.me" }, - "harbor" = { - name = "harbor" - bucket = "harbor.serguzim.me" - } "forgejo" = { name = "forgejo" bucket = "forgejo.serguzim.me"