---
harbor_port_http: 20080
harbor_port_https: 20443
harbor_port_metrics: 29000

harbor_db_host: "{{ postgres.host }}"
harbor_db_port: "{{ postgres.port }}"
harbor_db_database: harbor
harbor_db_user: "{{ vault_harbor.db.user }}"
harbor_db_pass: "{{ vault_harbor.db.pass }}"
harbor_version: 2.9.0

harbor_svc:
  name: harbor
  domain: registry.serguzim.me
  caddy_extra: |
    reverse_proxy /metrics host.docker.internal:{{ harbor_port_metrics }}
    reverse_proxy host.docker.internal:{{ harbor_port_https }} {
        transport http {
            tls
            tls_server_name registry.serguzim.me
        }
    }
  caddy_default: false
  db:
    host: "{{ postgres.host }}"
    port: "{{ postgres.port }}"
    database: harbor
    user: "{{ vault_harbor.db.user }}"
    pass: "{{ vault_harbor.db.pass }}"
  harbor_version: 2.9.0

harbor_yml:
  hostname: "{{ harbor_svc.domain }}"
  http:
    port: "{{ harbor_port_http }}"
  https:
    port: "{{ harbor_port_https }}"
    certificate: /opt/services/.lego/certificates/registry.serguzim.me.crt # TODO
    private_key: /opt/services/.lego/certificates/registry.serguzim.me.key # TODO
  external_url: https://registry.serguzim.me
  harbor_admin_password: "{{ vault_harbor.admin_password }}"
  data_volume: "{{ (service_path, 'data') | path_join }}"
  storage_service:
    s3:
      accesskey: "{{ vault_harbor.minio.accesskey }}"
      secretkey: "{{ vault_harbor.minio.secretkey }}"
      region: de-contabo-1
      regionendpoint: https://s3.serguzim.me
      bucket: registry
      secure: true
  trivy:
    ignore_unfixed: false
    skip_update: false
    offline_scan: false
    security_check: vuln
    insecure: false
  jobservice:
    max_job_workers: 10
    job_loggers:
      - STD_OUTPUT
      - FILE
    logger_sweeper_duration: 1
  notification:
    webhook_job_max_retry: 3
    webhook_job_http_client_timeout: 3
  log:
    level: info
    local:
      rotate_count: 50
      rotate_size: 200M
      location: /var/log/harbor
  _version: "{{ harbor_version }}"
  external_database:
    harbor:
      host: "{{ harbor_db_host }}"
      port: "{{ harbor_db_port }}"
      db_name: "{{ harbor_db_database }}"
      username: "{{ harbor_db_user }}"
      password: "{{ harbor_db_pass }}"
      ssl_mode: verify-full
      max_idle_conns: 2
      max_open_conns: 0
  proxy:
    http_proxy:
    https_proxy:
    no_proxy:
    components:
      - core
      - jobservice
      - trivy
  metric:
    enabled: enabled
    port: "{{ harbor_port_metrics }}"
    path: /metrics
  upload_purging:
    enabled: true
    age: 168h
    interval: 24h
    dryrun: false
  cache:
    enabled: false
    expire_hours: 24