initial: no secrets

roles/harbor-registry/tasks/main.yaml

@@ -0,0 +1,50 @@
+- name: Install Docker prerequisites
+  apt:
+    state: present
+    pkg: 
+      - docker.io
+      - docker-compose
+
+- name: Create /data/ dir
+  file:
+    path: /data/
+    state: directory
+
+- name: Download release
+  get_url:
+    url: https://github.com/goharbor/harbor/releases/download/{{ harbor_version }}/{{ harbor_file }}
+    dest: /opt/{{ harbor_file }}
+
+- name: Extract release
+  unarchive:
+    remote_src: true
+    src: /opt/harbor-online-installer-v2.10.0.tgz
+    dest: /opt/
+  register: release
+
+- name: Copy harbor config
+  template:
+    src: harbor.config.yaml
+    dest: /opt/harbor/harbor.yml # mind the missing a
+  register: config
+
+- name: run installer
+  shell:
+    cmd: ./install.sh --with-trivy
+    chdir: /opt/harbor/
+  when: config.changed or release.changed
+  notify: restart harbor
+
+- name: Inject OIDC Config
+  lineinfile:
+    state: present
+    path: /opt/harbor/common/config/core/env
+    line: CONFIG_OVERWRITE_JSON={{ lookup('file','harbor-oidc.json') | from_json | to_json }}
+    regex: CONFIG_OVERWRITE_JSON=
+  notify: restart harbor
+
+- name: Add @reboot compose job # harbor deps are meh, restart: always is not safe
+  cron:
+    name: "Harbor Up"
+    special_time: "reboot"
+    job: "/usr/bin/docker-compose -f /opt/harbor/docker-compose.yml up"