hetzner-ansible/roles/harbor_config/defaults/main.yml

---
harbor_system_configuration:
  email_host: '{{ shared_service_mail_hostname }}'
  email_port: 25
  email_from: 'harbor@netgo.de'
  email_password: ''
  email_username: ''
  email_insecure: true
  auth_mode: oidc_auth
  oidc_name: "{{ harbor_oidc_realm }}"
  oidc_endpoint: 'https://{{ shared_service_hostname_keycloak }}/auth/realms/{{ harbor_oidc_realm }}'
  oidc_client_id: "{{ harbor_oidc_client_id }}"
  oidc_client_secret: "{{ harbor_oidc_client_secret }}"
  oidc_groups_claim: groups
  oidc_scope: openid
  oidc_verify_cert: true
  oidc_auto_onboard: true
  oidc_admin_group: 'admin'
  oidc_user_claim: 'sub'
  scan_all_policy:
    parameter:
      daily_time: 0

harbor_project_names:
  - awx
  - sken
  - infrastructure

# default configuration for all harbor projects
harbor_project_template:
  project_attributes:
    project_name: '{{ project_name }}'
  meta_data:
    auto_scan: true
  project_state: present
  members:
    -
      group_name: '{{ project_name }}'
      group_type: oidc
      role: projectadmin

harbor_robot_tokens:
  -
    secret_refresh: true
    name: ansible
    level: system
    description: 'smardigo docker pull credentials'
    secret: '{{ harbor_token }}'
    disable: false
    duration: -1
    editable: true
    expires_at: -1
    permissions:
    - access:
      - action: push
        resource: repository
      - action: pull
        resource: repository
      - action: delete
        resource: artifact
      - action: read
        resource: helm-chart
      - action: create
        resource: helm-chart-version
      - action: delete
        resource: helm-chart-version
      - action: create
        resource: tag
      - action: delete
        resource: tag
      - action: create
        resource: artifact-label
      - action: create
        resource: scan
      kind: project
      namespace: "*"

harbor_scanall:
  -
    schedule:
      cron: 0 0 1 * * *
      type: Custom