Remove harbor

dns/services.json

@@ -29,11 +29,6 @@
 		"domain": "serguzim.me",
 		"host": "node002"
 	},
-	"registry": {
-		"target": "registry",
-		"domain": "serguzim.me",
-		"host": "node002"
-	},
 	"s3": {
 		"target": "s3",
 		"domain": "serguzim.me",

playbooks/node002.yml

@@ -29,8 +29,6 @@
       tags: [forgejo, git, development]
     - role: forgejo_runner
       tags: [forgejo-runner, ci, development]
-    - role: harbor
-      tags: [harbor, registry, development]
     - role: healthcheck
       tags: [healthcheck, monitoring]
     - role: homebox

roles/harbor/tasks/main.yml

@@ -1,44 +0,0 @@
----
-- name: Set common facts
-  ansible.builtin.import_tasks: tasks/set-default-facts.yml
-
-- name: Deploy {{ svc.name }}
-  vars:
-    svc: "{{ harbor_svc }}"
-    env: "{{ harbor_env }}"
-    yml: "{{ harbor_yml }}"
-  block:
-    - name: Import prepare tasks for common service
-      ansible.builtin.import_tasks: tasks/prepare-common-service.yml
-
-    - name: Import tasks to template the site for the reverse proxy
-      ansible.builtin.import_tasks: tasks/steps/template-site-config.yml
-
-    - name: Template config
-      ansible.builtin.template:
-        src: yml.j2
-        dest: "{{ (service_path, 'harbor.yml') | path_join }}"
-        mode: "0644"
-
-    - name: Download harbor
-      ansible.builtin.unarchive:
-        src: https://github.com/goharbor/harbor/releases/download/v{{ svc.harbor_version }}/harbor-online-installer-v{{ svc.harbor_version }}.tgz
-        dest: "{{ service_path }}"
-        remote_src: true
-
-    - name: Run the harbor prepare command
-      ansible.builtin.command:
-        cmd: "{{ service_path }}/harbor/prepare"
-        chdir: "{{ service_path }}"
-        creates: "{{ (service_path, 'docker-compose.yml') | path_join }}"
-      environment:
-        HARBOR_BUNDLE_DIR: "{{ service_path }}"
-
-    - name: Run the harbor install command
-      ansible.builtin.command:
-        cmd: "{{ service_path }}/harbor/install.sh"
-        chdir: "{{ service_path }}"
-      environment:
-        HARBOR_BUNDLE_DIR: "{{ service_path }}"
-      become: true
-      changed_when: true # TODO find way to recognize need to run install command

roles/harbor/vars/main.yml

@@ -1,103 +0,0 @@
----
-harbor_port_http: 20080
-harbor_port_https: 20443
-harbor_port_metrics: 29000
-
-harbor_db_host: "{{ postgres.host }}"
-harbor_db_port: "{{ postgres.port }}"
-harbor_db_database: harbor
-harbor_db_user: "{{ vault_harbor.db.user }}"
-harbor_db_pass: "{{ vault_harbor.db.pass }}"
-harbor_version: 2.9.0
-
-harbor_svc:
-  name: harbor
-  domain: registry.serguzim.me
-  caddy_extra: |
-    reverse_proxy /metrics host.docker.internal:{{ harbor_port_metrics }}
-    reverse_proxy host.docker.internal:{{ harbor_port_https }} {
-        transport http {
-            tls
-            tls_server_name registry.serguzim.me
-        }
-    }
-  caddy_default: false
-  db:
-    host: "{{ postgres.host }}"
-    port: "{{ postgres.port }}"
-    database: harbor
-    user: "{{ vault_harbor.db.user }}"
-    pass: "{{ vault_harbor.db.pass }}"
-  harbor_version: 2.9.0
-
-harbor_yml:
-  hostname: "{{ harbor_svc.domain }}"
-  http:
-    port: "{{ harbor_port_http }}"
-  https:
-    port: "{{ harbor_port_https }}"
-    certificate: "{{ (service_path, 'server.crt') | path_join }}"
-    private_key: "{{ (service_path, 'server.key') | path_join }}"
-  external_url: https://registry.serguzim.me
-  harbor_admin_password: "{{ vault_harbor.admin_password }}"
-  data_volume: "{{ (service_path, 'data') | path_join }}"
-  storage_service:
-    s3:
-      accesskey: "{{ vault_harbor.minio.accesskey }}"
-      secretkey: "{{ vault_harbor.minio.secretkey }}"
-      region: de-contabo-1
-      regionendpoint: https://s3.serguzim.me
-      bucket: registry
-      secure: true
-  trivy:
-    ignore_unfixed: false
-    skip_update: false
-    offline_scan: false
-    security_check: vuln
-    insecure: false
-  jobservice:
-    max_job_workers: 10
-    job_loggers:
-      - STD_OUTPUT
-      - FILE
-    logger_sweeper_duration: 1
-  notification:
-    webhook_job_max_retry: 3
-    webhook_job_http_client_timeout: 3
-  log:
-    level: info
-    local:
-      rotate_count: 50
-      rotate_size: 200M
-      location: /var/log/harbor
-  _version: "{{ harbor_version }}"
-  external_database:
-    harbor:
-      host: "{{ harbor_db_host }}"
-      port: "{{ harbor_db_port }}"
-      db_name: "{{ harbor_db_database }}"
-      username: "{{ harbor_db_user }}"
-      password: "{{ harbor_db_pass }}"
-      ssl_mode: verify-full
-      max_idle_conns: 2
-      max_open_conns: 0
-  proxy:
-    http_proxy:
-    https_proxy:
-    no_proxy:
-    components:
-      - core
-      - jobservice
-      - trivy
-  metric:
-    enabled: enabled
-    port: "{{ harbor_port_metrics }}"
-    path: /metrics
-  upload_purging:
-    enabled: true
-    age: 168h
-    interval: 24h
-    dryrun: false
-  cache:
-    enabled: false
-    expire_hours: 24

roles/healthcheck/files/data/http

@@ -37,7 +37,6 @@ check_url "git.serguzim.me"
 check_url "hook.serguzim.me"
 check_url "mail.serguzim.me"
 #check_url "msrg.cc" # disabled because it keeps creating false alerts
-check_url "registry.serguzim.me" "/account/sign-in"
 check_url "rss.serguzim.me"
 #check_url "serguzim.me" # disabled because it keeps creating false alerts
 check_url "status.serguzim.me" "/status/serguzim-net"

roles/lego/files/node002/registry.serguzim.me

@@ -1,17 +0,0 @@
-#!/usr/bin/env sh
-
-domain="registry.serguzim.me"
-
-_install() {
-  install --owner=root --group=root --mode=600 \
-	  "$CERTIFICATES_PATH/$domain.$1" \
-	  "/opt/services/harbor/server.$1"
-}
-
-_install crt
-_install key
-
-export HARBOR_BUNDLE_DIR=/opt/services/harbor
-$HARBOR_BUNDLE_DIR/harbor/install.sh
-
-# vim: ft=sh

roles/lego/tasks/systemd.yml

@@ -20,5 +20,4 @@
   loop:
     - msrg.cc
     - db.serguzim.me
-    - registry.serguzim.me
   become: true

variables.tf

@@ -73,10 +73,6 @@ variable "service_buckets" {
       name = "linkwarden"
       bucket = "linkwarden.serguzim.me"
     },
-    "harbor" = {
-      name = "harbor"
-      bucket = "harbor.serguzim.me"
-    }
     "forgejo" = {
       name = "forgejo"
       bucket = "forgejo.serguzim.me"