From 293aed0fd3200ad54461e71423699dedac716b0c Mon Sep 17 00:00:00 2001 From: Jake Howard Date: Fri, 25 Feb 2022 21:48:13 +0000 Subject: [PATCH] Enable GitLab registry --- ansible/roles/gitlab/files/gitlab.rb | 15 ++++++++++ ansible/roles/gitlab/vars/main.yml | 2 ++ ansible/roles/gitlab/vars/vault.yml | 28 +++++++++++-------- .../traefik/files/file-provider-gitlab.yml | 3 ++ terraform/theorangeone.net.tf | 8 ++++++ 5 files changed, 45 insertions(+), 11 deletions(-) diff --git a/ansible/roles/gitlab/files/gitlab.rb b/ansible/roles/gitlab/files/gitlab.rb index d39cc04..610529f 100644 --- a/ansible/roles/gitlab/files/gitlab.rb +++ b/ansible/roles/gitlab/files/gitlab.rb @@ -36,3 +36,18 @@ gitlab_rails['gitlab_email_from'] = "{{ gitlab_from_email }}" gitlab_rails['artifacts_path'] = "/mnt/gitlab-bulk/artifacts" gitlab_rails['backup_path'] = "/mnt/gitlab-bulk/backups" + +# Registry +registry_external_url "https://registry.git.theorangeone.net" +registry_nginx['redirect_http_to_https'] = false +registry_nginx['ssl_certificate'] = "/etc/ssl/certs/ssl-cert-snakeoil.pem" +registry_nginx['ssl_certificate_key'] = "/etc/ssl/private/ssl-cert-snakeoil.key" +registry['storage'] = { + 's3' => { + 'accesskey' => '{{ gitlab_registry_access_key }}', + 'secretkey' => '{{ gitlab_registry_secret_key }}', + 'bucket' => '0rng-registry', + 'region' => 'eu-central-003', + 'regionendpoint' => 'https://s3.eu-central-003.backblazeb2.com' + } +} diff --git a/ansible/roles/gitlab/vars/main.yml b/ansible/roles/gitlab/vars/main.yml index 4881f08..69a3108 100644 --- a/ansible/roles/gitlab/vars/main.yml +++ b/ansible/roles/gitlab/vars/main.yml @@ -3,3 +3,5 @@ gitlab_create_self_signed_cert: false gitlab_smtp_password: "{{ vault_gitlab_smtp_password }}" gitlab_smtp_user: "{{ vault_gitlab_smtp_user }}" gitlab_from_email: "{{ vault_gitlab_from_email }}" +gitlab_registry_access_key: "{{ vault_gitlab_registry_access_key }}" +gitlab_registry_secret_key: "{{ vault_gitlab_registry_secret_key }}" diff --git a/ansible/roles/gitlab/vars/vault.yml b/ansible/roles/gitlab/vars/vault.yml index 3a7e5a2..e5321d5 100644 --- a/ansible/roles/gitlab/vars/vault.yml +++ b/ansible/roles/gitlab/vars/vault.yml @@ -1,12 +1,18 @@ $ANSIBLE_VAULT;1.1;AES256 -61366238363431353336613362396330363337633339363735383438383939353532376539316263 -6133383136353261386239303730633431653434343636350a353339393932396634656164333035 -65353136333962366334396139316264646666353964643332313933346132303066323231626433 -3761333362396231650a373935363763343831626431633930336337393037633933346339366135 -34653062663737313833623731343462303935376131343061643632336366656636356439653534 -39373430626466353333646638363936383932373161376135376239383231633665303439393939 -62336361643336616634376562613963636461356265303834313162643261323433393965613762 -31663133383163346434343662613965306234306563343565663362386563633664623538343363 -63333965623262653735386563393162386532643362626562643539356339363131396430633030 -31383361396265366237613635323839633562663264666638323531373933363733303839656564 -626432386162306638356434616465396265 +32363562323531613830333735616464333836386638373166633935383663646462323337633533 +6334646537616133366436343335623333626663663732620a653038383139326565336139656135 +39393334373164316334376262353030343732333531346434666336393631363833653262636337 +6139343461613930620a613234353063373433623238333637663462643233396632333831616239 +31616137333339376364653461343266373862666333326563383432383366643731613439643233 +35353831666432636332363035666464373161313765306439316365306537363531373439656439 +36316338636332623630393634306261613365333134373166613334356535336366316534393661 +66363761643532656637333934643763326562626561323639653461383930623333396464383832 +65646238343666326366376666356534353263626638323563323232383563386165663736383439 +39376536396439633137393139643737346234313939396532366333396630666162613232323266 +35663036346562633138623833306631363034663564383238323337616238663361363834623765 +32366266613665363336646635363963626334623937653332366338343163396132353930376164 +63323664666364633032326231356465316262393139336236363032653536326364653433303237 +36343261613732343663653530313333353231333732653834363936303230633138303632643830 +37343130343931346130616634346164393531613638393030366164633665306566323864353331 +66383437383061643634663163303962386261353663393038376332363130306631633332326437 +65383564316131316664393864393731356230663763663932333734636664366466 diff --git a/ansible/roles/traefik/files/file-provider-gitlab.yml b/ansible/roles/traefik/files/file-provider-gitlab.yml index 130f06f..38f36fc 100644 --- a/ansible/roles/traefik/files/file-provider-gitlab.yml +++ b/ansible/roles/traefik/files/file-provider-gitlab.yml @@ -3,6 +3,9 @@ http: router-gitlab: rule: Host(`git.theorangeone.net`) service: service-gitlab + router-gitlab-registry: + rule: Host(`registry.git.theorangeone.net`) + service: service-gitlab services: service-gitlab: loadBalancer: diff --git a/terraform/theorangeone.net.tf b/terraform/theorangeone.net.tf index 4a386b4..6cfdaba 100644 --- a/terraform/theorangeone.net.tf +++ b/terraform/theorangeone.net.tf @@ -10,6 +10,14 @@ resource "cloudflare_record" "theorangeonenet_git" { ttl = 1 } +resource "cloudflare_record" "theorangeonenet_git_registry" { + zone_id = cloudflare_zone.theorangeonenet.id + name = "registry.git" + value = cloudflare_record.theorangeonenet_git.hostname + type = "CNAME" + ttl = 1 +} + resource "cloudflare_record" "theorangeonenet_whoami" { zone_id = cloudflare_zone.theorangeonenet.id name = "whoami"