feat: oidc config on harbor side

roles/harbor-registry/files/harbor-oidc.json

@@ -1,12 +1,12 @@
 {
   "auth_mode": "oidc_auth",
-  "oidc_name": "keycloak",
+  "oidc_name": "AtlantisHQ Accounts",
-  "oidc_endpoint": "https://",
+  "oidc_endpoint": "https://keycloak.atlantishq.de/realms/master",
   "oidc_groups_claim": "groups",
   "oidc_admin_group": "admin",
-  "oidc_client_id": "defaultwithclientkey",
+  "oidc_client_id": "z_harbor",
-  "oidc_client_secret": "asdfasdfasdfasdfasddfasdfasdfasdf",
+  "oidc_client_secret": "HISTORY_PURGED_SECRET",
-  "oidc_scope": "openid,email,profile,offline_access",
+  "oidc_scope": "openid,email,profile",
   "oidc_verify_cert": "true",
   "oidc_auto_onboard": "true",
   "oidc_user_claim": "preferred_username"

roles/harbor-registry/templates/harbor.config.yaml

@@ -28,7 +28,7 @@ http:
 
 # Uncomment external_url if you want to enable external proxy
 # And when it enabled the hostname will no longer used
-external_url: https://harbor.atlantishq.de
+external_url: https://harbor-registry.atlantishq.de
 
 # The initial password of Harbor admin
 # It only works in first time to install harbor

roles/openvpn/tasks/main.yaml

@@ -15,9 +15,10 @@
 - name: Deploy OpenVPN configs
   template:
     src: "{{ item }}.conf"
-    dest: "/etc/openvpn/{{ item }}/"
+    dest: "/etc/openvpn/{{ item }}-{{ item.dev_type }}/{{ item }}-{{ item.dev_type }}.conf"
   with_items:
-    - atlantishq
+    - { "name" : "atlantishq", "dev_type" : "tap", "port" : 7012 }
+    - { "name" : "atlantishq", "dev_type" : "tun", "port" : 7013 }
 
 - name: Openvpn Mgnt interface Pass file
   copy:

roles/openvpn/templates/atlantishq.conf

@@ -2,13 +2,15 @@ server 172.16.1.0 255.255.255.0
 #server-ipv6 fd2a:aef:608:1::/64
 
 dev athq_sheppyvpn
-dev-type tap
+dev-type {{ dev_type }}
 
-proto tcp
+proto {{ proto }}
-port 7012
+port {{ port }}
 
+{% if dev_type == "tap" %}
 topology subnet
 client-to-client
+{% endif %}
 
 # disable logging
 #log /dev/null