From d6e6b48f6a135d8e2913ee7dc2c800c11d696a4f Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Sun, 25 Jan 2026 12:06:15 -0800 Subject: [PATCH] Migrate registry to Caddy (registry.ops.eblu.me) (#58) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary - Update all references from `registry.tail8d86e.ts.net` to `registry.ops.eblu.me` - Remove `tailscale_serve` ansible role (no longer needed - all services migrated to Caddy) - Update minikube containerd config for new registry URL - Update devpi manifest, CI actions, and mise tasks ## Deployment and Testing - [ ] Run `mise run provision-indri -- --check --diff` (dry run) - [ ] Run `mise run provision-indri -- --tags minikube` to update containerd config - [ ] Sync devpi ArgoCD app: `argocd app sync devpi` - [ ] Manually remove old Tailscale serve entry: `ssh indri 'tailscale serve --service=svc:registry off'` - [ ] Test registry access: `curl https://registry.ops.eblu.me/v2/_catalog` - [ ] Run `mise run indri-services-check` to verify all services healthy 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/58 --- .forgejo/actions/build-push-image/action.yaml | 2 +- ansible/playbooks/indri.yml | 2 - ansible/roles/minikube/tasks/main.yml | 12 +++--- .../roles/tailscale_serve/defaults/main.yml | 12 ------ ansible/roles/tailscale_serve/meta/main.yml | 4 -- ansible/roles/tailscale_serve/tasks/main.yml | 38 ------------------- argocd/manifests/devpi/statefulset.yaml | 2 +- containers/nettest/Dockerfile | 4 +- mise-tasks/container-list | 2 +- mise-tasks/container-tag-and-release | 4 +- mise-tasks/indri-services-check | 2 +- 11 files changed, 14 insertions(+), 70 deletions(-) delete mode 100644 ansible/roles/tailscale_serve/defaults/main.yml delete mode 100644 ansible/roles/tailscale_serve/meta/main.yml delete mode 100644 ansible/roles/tailscale_serve/tasks/main.yml diff --git a/.forgejo/actions/build-push-image/action.yaml b/.forgejo/actions/build-push-image/action.yaml index 083fb99..8c88c32 100644 --- a/.forgejo/actions/build-push-image/action.yaml +++ b/.forgejo/actions/build-push-image/action.yaml @@ -28,7 +28,7 @@ inputs: registry: description: 'Registry URL' required: false - default: 'registry.tail8d86e.ts.net' + default: 'registry.ops.eblu.me' tailscale_authkey: description: 'Tailscale OAuth client secret for ci-gateway' required: true diff --git a/ansible/playbooks/indri.yml b/ansible/playbooks/indri.yml index 6d97257..44afe2d 100644 --- a/ansible/playbooks/indri.yml +++ b/ansible/playbooks/indri.yml @@ -114,8 +114,6 @@ tags: minikube_metrics - role: plex_metrics tags: plex_metrics - - role: tailscale_serve - tags: tailscale-serve - role: forgejo_runner tags: forgejo_runner - role: caddy diff --git a/ansible/roles/minikube/tasks/main.yml b/ansible/roles/minikube/tasks/main.yml index 9e9fdd3..938ad23 100644 --- a/ansible/roles/minikube/tasks/main.yml +++ b/ansible/roles/minikube/tasks/main.yml @@ -85,29 +85,29 @@ ansible.builtin.command: cmd: minikube ssh --native-ssh=false "sudo mkdir -p /etc/containerd/certs.d/{{ item }}" loop: - - registry.tail8d86e.ts.net + - registry.ops.eblu.me - docker.io - ghcr.io - quay.io changed_when: false when: minikube_final_status.rc == 0 and 'Running' in minikube_final_status.stdout -# Private registry (registry.tail8d86e.ts.net) - direct to zot -- name: Check registry.tail8d86e.ts.net config +# Private registry (registry.ops.eblu.me) - direct to zot +- name: Check registry.ops.eblu.me config ansible.builtin.command: - cmd: minikube ssh --native-ssh=false "cat /etc/containerd/certs.d/registry.tail8d86e.ts.net/hosts.toml 2>/dev/null || echo ''" + cmd: minikube ssh --native-ssh=false "cat /etc/containerd/certs.d/registry.ops.eblu.me/hosts.toml 2>/dev/null || echo ''" register: minikube_registry_config changed_when: false when: minikube_final_status.rc == 0 and 'Running' in minikube_final_status.stdout -- name: Configure registry.tail8d86e.ts.net mirror +- name: Configure registry.ops.eblu.me mirror ansible.builtin.command: cmd: | minikube ssh --native-ssh=false 'echo "server = \"http://host.minikube.internal:5050\" [host.\"http://host.minikube.internal:5050\"] capabilities = [\"pull\", \"resolve\", \"push\"] - skip_verify = true" | sudo tee /etc/containerd/certs.d/registry.tail8d86e.ts.net/hosts.toml' + skip_verify = true" | sudo tee /etc/containerd/certs.d/registry.ops.eblu.me/hosts.toml' changed_when: true when: - minikube_final_status.rc == 0 and 'Running' in minikube_final_status.stdout diff --git a/ansible/roles/tailscale_serve/defaults/main.yml b/ansible/roles/tailscale_serve/defaults/main.yml deleted file mode 100644 index d2cf58a..0000000 --- a/ansible/roles/tailscale_serve/defaults/main.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Tailscale serve configuration for this host -# Each service maps a Tailscale service name to local endpoints -# -# NOTE: forge has been migrated to Caddy (forge.ops.eblu.me) -# Registry will be migrated next, then this role can be retired. - -tailscale_serve_services: - - name: svc:registry - https: - port: 443 - upstream: http://localhost:5050 diff --git a/ansible/roles/tailscale_serve/meta/main.yml b/ansible/roles/tailscale_serve/meta/main.yml deleted file mode 100644 index b05a43b..0000000 --- a/ansible/roles/tailscale_serve/meta/main.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# Role ordering is controlled by indri.yml playbook - do not add dependencies here -# (Ansible's tag accumulation prevents proper deduplication when using meta dependencies) -dependencies: [] diff --git a/ansible/roles/tailscale_serve/tasks/main.yml b/ansible/roles/tailscale_serve/tasks/main.yml deleted file mode 100644 index bf7d7be..0000000 --- a/ansible/roles/tailscale_serve/tasks/main.yml +++ /dev/null @@ -1,38 +0,0 @@ ---- -- name: Get current tailscale serve status - ansible.builtin.command: tailscale serve status --json - register: tailscale_serve_status - changed_when: false - -- name: Parse serve status - ansible.builtin.set_fact: - tailscale_serve_config: "{{ ((tailscale_serve_status.stdout | default('{}', true)) | from_json).Services | default({}) }}" - -# Configure HTTPS if service doesn't have Web config yet -- name: Configure HTTPS services - ansible.builtin.command: > - tailscale serve --service="{{ item.name }}" - --https={{ item.https.port }} {{ item.https.upstream }} - loop: "{{ tailscale_serve_services }}" - when: - - item.https is defined - - tailscale_serve_config[item.name] is not defined or tailscale_serve_config[item.name].Web is not defined - register: tailscale_serve_https_result - changed_when: true - failed_when: false - -# Configure TCP if service doesn't have the specific port configured yet -- name: Configure TCP services - ansible.builtin.command: > - tailscale serve --service="{{ item.name }}" - --tcp={{ item.tcp.port }} {{ item.tcp.upstream }} - loop: "{{ tailscale_serve_services }}" - when: - - item.tcp is defined - - tailscale_serve_config[item.name] is not defined or - tailscale_serve_config[item.name].TCP is not defined or - tailscale_serve_config[item.name].TCP[item.tcp.port | string] is not defined or - tailscale_serve_config[item.name].TCP[item.tcp.port | string].TCPForward is not defined - register: tailscale_serve_tcp_result - changed_when: true - failed_when: false diff --git a/argocd/manifests/devpi/statefulset.yaml b/argocd/manifests/devpi/statefulset.yaml index 8afec98..1aad6dd 100644 --- a/argocd/manifests/devpi/statefulset.yaml +++ b/argocd/manifests/devpi/statefulset.yaml @@ -19,7 +19,7 @@ spec: containers: - name: devpi # TODO: Tag builds with semantic versions (e.g., v1.0.0) for reproducibility - image: registry.tail8d86e.ts.net/blumeops/devpi:latest + image: registry.ops.eblu.me/blumeops/devpi:latest env: - name: DEVPI_ROOT_PASSWORD valueFrom: diff --git a/containers/nettest/Dockerfile b/containers/nettest/Dockerfile index 97b03d6..30ae27c 100644 --- a/containers/nettest/Dockerfile +++ b/containers/nettest/Dockerfile @@ -5,10 +5,10 @@ # - Minikube pods (manual testing) # # Build: -# docker build -t registry.tail8d86e.ts.net/blumeops/nettest:latest . +# docker build -t registry.ops.eblu.me/blumeops/nettest:latest . # # Run: -# docker run --rm registry.tail8d86e.ts.net/blumeops/nettest:latest +# docker run --rm registry.ops.eblu.me/blumeops/nettest:latest FROM alpine:3.21 diff --git a/mise-tasks/container-list b/mise-tasks/container-list index 3f572ad..4a168ea 100755 --- a/mise-tasks/container-list +++ b/mise-tasks/container-list @@ -3,7 +3,7 @@ set -euo pipefail -REGISTRY="registry.tail8d86e.ts.net" +REGISTRY="registry.ops.eblu.me" CONTAINER_DIR="containers" echo "Container Images" diff --git a/mise-tasks/container-tag-and-release b/mise-tasks/container-tag-and-release index 2b3653e..7372a35 100755 --- a/mise-tasks/container-tag-and-release +++ b/mise-tasks/container-tag-and-release @@ -49,7 +49,7 @@ IMAGE="blumeops/${CONTAINER}" echo "Container: $CONTAINER" echo "Directory: $CONTAINER_DIR" -echo "Image: registry.tail8d86e.ts.net/$IMAGE:$VERSION" +echo "Image: registry.ops.eblu.me/$IMAGE:$VERSION" echo "" # Confirm @@ -68,7 +68,7 @@ echo "" echo "Tag '$TAG' created and pushed" echo "" echo "The workflow will now build and push:" -echo " registry.tail8d86e.ts.net/$IMAGE:$VERSION" +echo " registry.ops.eblu.me/$IMAGE:$VERSION" echo "" echo "Monitor the build at:" echo " https://forge.ops.eblu.me/eblume/blumeops/actions" diff --git a/mise-tasks/indri-services-check b/mise-tasks/indri-services-check index f89d506..19d0928 100755 --- a/mise-tasks/indri-services-check +++ b/mise-tasks/indri-services-check @@ -71,7 +71,7 @@ check_http "Loki" "https://loki.tail8d86e.ts.net/ready" check_http "Grafana" "https://grafana.tail8d86e.ts.net/api/health" check_http "ArgoCD" "https://argocd.tail8d86e.ts.net/healthz" check_http "Forgejo" "https://forge.ops.eblu.me/" -check_http "Zot Registry" "https://registry.tail8d86e.ts.net/v2/_catalog" +check_http "Zot Registry" "https://registry.ops.eblu.me/v2/_catalog" check_http "Kiwix" "https://kiwix.tail8d86e.ts.net/" check_http "Miniflux" "https://feed.tail8d86e.ts.net/healthcheck" check_http "TeslaMate" "https://tesla.tail8d86e.ts.net/"