From 293aed0fd3200ad54461e71423699dedac716b0c Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Fri, 25 Feb 2022 21:48:13 +0000
Subject: [PATCH] Enable GitLab registry

---
 ansible/roles/gitlab/files/gitlab.rb          | 15 ++++++++++
 ansible/roles/gitlab/vars/main.yml            |  2 ++
 ansible/roles/gitlab/vars/vault.yml           | 28 +++++++++++--------
 .../traefik/files/file-provider-gitlab.yml    |  3 ++
 terraform/theorangeone.net.tf                 |  8 ++++++
 5 files changed, 45 insertions(+), 11 deletions(-)

diff --git a/ansible/roles/gitlab/files/gitlab.rb b/ansible/roles/gitlab/files/gitlab.rb
index d39cc04..610529f 100644
--- a/ansible/roles/gitlab/files/gitlab.rb
+++ b/ansible/roles/gitlab/files/gitlab.rb
@@ -36,3 +36,18 @@ gitlab_rails['gitlab_email_from'] = "{{ gitlab_from_email }}"
 
 gitlab_rails['artifacts_path'] = "/mnt/gitlab-bulk/artifacts"
 gitlab_rails['backup_path'] = "/mnt/gitlab-bulk/backups"
+
+# Registry
+registry_external_url "https://registry.git.theorangeone.net"
+registry_nginx['redirect_http_to_https'] = false
+registry_nginx['ssl_certificate'] = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
+registry_nginx['ssl_certificate_key'] = "/etc/ssl/private/ssl-cert-snakeoil.key"
+registry['storage'] = {
+  's3' => {
+    'accesskey' => '{{ gitlab_registry_access_key }}',
+    'secretkey' => '{{ gitlab_registry_secret_key }}',
+    'bucket' => '0rng-registry',
+    'region' => 'eu-central-003',
+    'regionendpoint' => 'https://s3.eu-central-003.backblazeb2.com'
+  }
+}
diff --git a/ansible/roles/gitlab/vars/main.yml b/ansible/roles/gitlab/vars/main.yml
index 4881f08..69a3108 100644
--- a/ansible/roles/gitlab/vars/main.yml
+++ b/ansible/roles/gitlab/vars/main.yml
@@ -3,3 +3,5 @@ gitlab_create_self_signed_cert: false
 gitlab_smtp_password: "{{ vault_gitlab_smtp_password }}"
 gitlab_smtp_user: "{{ vault_gitlab_smtp_user }}"
 gitlab_from_email: "{{ vault_gitlab_from_email }}"
+gitlab_registry_access_key: "{{ vault_gitlab_registry_access_key }}"
+gitlab_registry_secret_key: "{{ vault_gitlab_registry_secret_key }}"
diff --git a/ansible/roles/gitlab/vars/vault.yml b/ansible/roles/gitlab/vars/vault.yml
index 3a7e5a2..e5321d5 100644
--- a/ansible/roles/gitlab/vars/vault.yml
+++ b/ansible/roles/gitlab/vars/vault.yml
@@ -1,12 +1,18 @@
 $ANSIBLE_VAULT;1.1;AES256
-61366238363431353336613362396330363337633339363735383438383939353532376539316263
-6133383136353261386239303730633431653434343636350a353339393932396634656164333035
-65353136333962366334396139316264646666353964643332313933346132303066323231626433
-3761333362396231650a373935363763343831626431633930336337393037633933346339366135
-34653062663737313833623731343462303935376131343061643632336366656636356439653534
-39373430626466353333646638363936383932373161376135376239383231633665303439393939
-62336361643336616634376562613963636461356265303834313162643261323433393965613762
-31663133383163346434343662613965306234306563343565663362386563633664623538343363
-63333965623262653735386563393162386532643362626562643539356339363131396430633030
-31383361396265366237613635323839633562663264666638323531373933363733303839656564
-626432386162306638356434616465396265
+32363562323531613830333735616464333836386638373166633935383663646462323337633533
+6334646537616133366436343335623333626663663732620a653038383139326565336139656135
+39393334373164316334376262353030343732333531346434666336393631363833653262636337
+6139343461613930620a613234353063373433623238333637663462643233396632333831616239
+31616137333339376364653461343266373862666333326563383432383366643731613439643233
+35353831666432636332363035666464373161313765306439316365306537363531373439656439
+36316338636332623630393634306261613365333134373166613334356535336366316534393661
+66363761643532656637333934643763326562626561323639653461383930623333396464383832
+65646238343666326366376666356534353263626638323563323232383563386165663736383439
+39376536396439633137393139643737346234313939396532366333396630666162613232323266
+35663036346562633138623833306631363034663564383238323337616238663361363834623765
+32366266613665363336646635363963626334623937653332366338343163396132353930376164
+63323664666364633032326231356465316262393139336236363032653536326364653433303237
+36343261613732343663653530313333353231333732653834363936303230633138303632643830
+37343130343931346130616634346164393531613638393030366164633665306566323864353331
+66383437383061643634663163303962386261353663393038376332363130306631633332326437
+65383564316131316664393864393731356230663763663932333734636664366466
diff --git a/ansible/roles/traefik/files/file-provider-gitlab.yml b/ansible/roles/traefik/files/file-provider-gitlab.yml
index 130f06f..38f36fc 100644
--- a/ansible/roles/traefik/files/file-provider-gitlab.yml
+++ b/ansible/roles/traefik/files/file-provider-gitlab.yml
@@ -3,6 +3,9 @@ http:
     router-gitlab:
       rule: Host(`git.theorangeone.net`)
       service: service-gitlab
+    router-gitlab-registry:
+      rule: Host(`registry.git.theorangeone.net`)
+      service: service-gitlab
   services:
     service-gitlab:
       loadBalancer:
diff --git a/terraform/theorangeone.net.tf b/terraform/theorangeone.net.tf
index 4a386b4..6cfdaba 100644
--- a/terraform/theorangeone.net.tf
+++ b/terraform/theorangeone.net.tf
@@ -10,6 +10,14 @@ resource "cloudflare_record" "theorangeonenet_git" {
   ttl     = 1
 }
 
+resource "cloudflare_record" "theorangeonenet_git_registry" {
+  zone_id = cloudflare_zone.theorangeonenet.id
+  name    = "registry.git"
+  value   = cloudflare_record.theorangeonenet_git.hostname
+  type    = "CNAME"
+  ttl     = 1
+}
+
 resource "cloudflare_record" "theorangeonenet_whoami" {
   zone_id = cloudflare_zone.theorangeonenet.id
   name    = "whoami"