serguzim/infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove harbor

Browse source
This commit is contained in:
Tobias Reisinger 2024-09-28 01:53:53 +02:00
parent 3a24ec2856
commit feab7c6ed8
Signed by: serguzim
GPG key ID: 13AD60C237A28DFE
8 changed files with 0 additions and 177 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
dns/services.json
View file

@ -29,11 +29,6 @@
"domain": "serguzim.me",
"host": "node002"
},
"registry": {
"target": "registry",
"domain": "serguzim.me",
"host": "node002"
},
"s3": {
"target": "s3",
"domain": "serguzim.me",

2
playbooks/node002.yml
View file

@ -29,8 +29,6 @@
tags: [forgejo, git, development]
- role: forgejo_runner
tags: [forgejo-runner, ci, development]
- role: harbor
tags: [harbor, registry, development]
- role: healthcheck
tags: [healthcheck, monitoring]
- role: homebox

44
roles/harbor/tasks/main.yml
View file

@ -1,44 +0,0 @@
---
- name: Set common facts
ansible.builtin.import_tasks: tasks/set-default-facts.yml
- name: Deploy {{ svc.name }}
vars:
svc: "{{ harbor_svc }}"
env: "{{ harbor_env }}"
yml: "{{ harbor_yml }}"
block:
- name: Import prepare tasks for common service
ansible.builtin.import_tasks: tasks/prepare-common-service.yml
- name: Import tasks to template the site for the reverse proxy
ansible.builtin.import_tasks: tasks/steps/template-site-config.yml
- name: Template config
ansible.builtin.template:
src: yml.j2
dest: "{{ (service_path, 'harbor.yml') | path_join }}"
mode: "0644"
- name: Download harbor
ansible.builtin.unarchive:
src: https://github.com/goharbor/harbor/releases/download/v{{ svc.harbor_version }}/harbor-online-installer-v{{ svc.harbor_version }}.tgz
dest: "{{ service_path }}"
remote_src: true
- name: Run the harbor prepare command
ansible.builtin.command:
cmd: "{{ service_path }}/harbor/prepare"
chdir: "{{ service_path }}"
creates: "{{ (service_path, 'docker-compose.yml') | path_join }}"
environment:
HARBOR_BUNDLE_DIR: "{{ service_path }}"
- name: Run the harbor install command
ansible.builtin.command:
cmd: "{{ service_path }}/harbor/install.sh"
chdir: "{{ service_path }}"
environment:
HARBOR_BUNDLE_DIR: "{{ service_path }}"
become: true
changed_when: true # TODO find way to recognize need to run install command

103
roles/harbor/vars/main.yml
View file

@ -1,103 +0,0 @@
---
harbor_port_http: 20080
harbor_port_https: 20443
harbor_port_metrics: 29000
harbor_db_host: "{{ postgres.host }}"
harbor_db_port: "{{ postgres.port }}"
harbor_db_database: harbor
harbor_db_user: "{{ vault_harbor.db.user }}"
harbor_db_pass: "{{ vault_harbor.db.pass }}"
harbor_version: 2.9.0
harbor_svc:
name: harbor
domain: registry.serguzim.me
caddy_extra: |
reverse_proxy /metrics host.docker.internal:{{ harbor_port_metrics }}
reverse_proxy host.docker.internal:{{ harbor_port_https }} {
transport http {
tls
tls_server_name registry.serguzim.me
}
}
caddy_default: false
db:
host: "{{ postgres.host }}"
port: "{{ postgres.port }}"
database: harbor
user: "{{ vault_harbor.db.user }}"
pass: "{{ vault_harbor.db.pass }}"
harbor_version: 2.9.0
harbor_yml:
hostname: "{{ harbor_svc.domain }}"
http:
port: "{{ harbor_port_http }}"
https:
port: "{{ harbor_port_https }}"
certificate: "{{ (service_path, 'server.crt') | path_join }}"
private_key: "{{ (service_path, 'server.key') | path_join }}"
external_url: https://registry.serguzim.me
harbor_admin_password: "{{ vault_harbor.admin_password }}"
data_volume: "{{ (service_path, 'data') | path_join }}"
storage_service:
s3:
accesskey: "{{ vault_harbor.minio.accesskey }}"
secretkey: "{{ vault_harbor.minio.secretkey }}"
region: de-contabo-1
regionendpoint: https://s3.serguzim.me
bucket: registry
secure: true
trivy:
ignore_unfixed: false
skip_update: false
offline_scan: false
security_check: vuln
insecure: false
jobservice:
max_job_workers: 10
job_loggers:
- STD_OUTPUT
- FILE
logger_sweeper_duration: 1
notification:
webhook_job_max_retry: 3
webhook_job_http_client_timeout: 3
log:
level: info
local:
rotate_count: 50
rotate_size: 200M
location: /var/log/harbor
_version: "{{ harbor_version }}"
external_database:
harbor:
host: "{{ harbor_db_host }}"
port: "{{ harbor_db_port }}"
db_name: "{{ harbor_db_database }}"
username: "{{ harbor_db_user }}"
password: "{{ harbor_db_pass }}"
ssl_mode: verify-full
max_idle_conns: 2
max_open_conns: 0
proxy:
http_proxy:
https_proxy:
no_proxy:
components:
- core
- jobservice
- trivy
metric:
enabled: enabled
port: "{{ harbor_port_metrics }}"
path: /metrics
upload_purging:
enabled: true
age: 168h
interval: 24h
dryrun: false
cache:
enabled: false
expire_hours: 24

1
roles/healthcheck/files/data/http
View file

@ -37,7 +37,6 @@ check_url "git.serguzim.me"
check_url "hook.serguzim.me"
check_url "mail.serguzim.me"
#check_url "msrg.cc" # disabled because it keeps creating false alerts
check_url "registry.serguzim.me" "/account/sign-in"
check_url "rss.serguzim.me"
#check_url "serguzim.me" # disabled because it keeps creating false alerts
check_url "status.serguzim.me" "/status/serguzim-net"

17
roles/lego/files/node002/registry.serguzim.me
View file

@ -1,17 +0,0 @@
#!/usr/bin/env sh
domain="registry.serguzim.me"
_install() {
install --owner=root --group=root --mode=600 \
"$CERTIFICATES_PATH/$domain.$1" \
"/opt/services/harbor/server.$1"
}
_install crt
_install key
export HARBOR_BUNDLE_DIR=/opt/services/harbor
$HARBOR_BUNDLE_DIR/harbor/install.sh
# vim: ft=sh

1
roles/lego/tasks/systemd.yml
View file

@ -20,5 +20,4 @@
loop:
- msrg.cc
- db.serguzim.me
- registry.serguzim.me
become: true

4
variables.tf
View file

@ -73,10 +73,6 @@ variable "service_buckets" {
name = "linkwarden"
bucket = "linkwarden.serguzim.me"
},
"harbor" = {
name = "harbor"
bucket = "harbor.serguzim.me"
}
"forgejo" = {
name = "forgejo"
bucket = "forgejo.serguzim.me"