2026-01-25 12:06:16 -08:00
11 changed files with 14 additions and 70 deletions
--- a/.forgejo/actions/build-push-image/action.yaml
+++ b/.forgejo/actions/build-push-image/action.yaml
@ -28,7 +28,7 @@ inputs:
  registry:
    description: 'Registry URL'
    required: false
-    default: 'registry.tail8d86e.ts.net'
+    default: 'registry.ops.eblu.me'
  tailscale_authkey:
    description: 'Tailscale OAuth client secret for ci-gateway'
    required: true
--- a/ansible/playbooks/indri.yml
+++ b/ansible/playbooks/indri.yml
@ -114,8 +114,6 @@
      tags: minikube_metrics
    - role: plex_metrics
      tags: plex_metrics
-    - role: tailscale_serve
-      tags: tailscale-serve
    - role: forgejo_runner
      tags: forgejo_runner
    - role: caddy
--- a/ansible/roles/minikube/tasks/main.yml
+++ b/ansible/roles/minikube/tasks/main.yml
@ -85,29 +85,29 @@
  ansible.builtin.command:
    cmd: minikube ssh --native-ssh=false "sudo mkdir -p /etc/containerd/certs.d/{{ item }}"
  loop:
-    - registry.tail8d86e.ts.net
+    - registry.ops.eblu.me
    - docker.io
    - ghcr.io
    - quay.io
  changed_when: false
  when: minikube_final_status.rc == 0 and 'Running' in minikube_final_status.stdout

-# Private registry (registry.tail8d86e.ts.net) - direct to zot
- name: Check registry.tail8d86e.ts.net config
+# Private registry (registry.ops.eblu.me) - direct to zot
+- name: Check registry.ops.eblu.me config
  ansible.builtin.command:
-    cmd: minikube ssh --native-ssh=false "cat /etc/containerd/certs.d/registry.tail8d86e.ts.net/hosts.toml 2>/dev/null || echo ''"
+    cmd: minikube ssh --native-ssh=false "cat /etc/containerd/certs.d/registry.ops.eblu.me/hosts.toml 2>/dev/null || echo ''"
  register: minikube_registry_config
  changed_when: false
  when: minikube_final_status.rc == 0 and 'Running' in minikube_final_status.stdout

- name: Configure registry.tail8d86e.ts.net mirror
+- name: Configure registry.ops.eblu.me mirror
  ansible.builtin.command:
    cmd: |
      minikube ssh --native-ssh=false 'echo "server = \"http://host.minikube.internal:5050\"

      [host.\"http://host.minikube.internal:5050\"]
        capabilities = [\"pull\", \"resolve\", \"push\"]
-        skip_verify = true" | sudo tee /etc/containerd/certs.d/registry.tail8d86e.ts.net/hosts.toml'
+        skip_verify = true" | sudo tee /etc/containerd/certs.d/registry.ops.eblu.me/hosts.toml'
  changed_when: true
  when:
    - minikube_final_status.rc == 0 and 'Running' in minikube_final_status.stdout
--- a/ansible/roles/tailscale_serve/defaults/main.yml
+++ b/ansible/roles/tailscale_serve/defaults/main.yml
@ -1,12 +0,0 @@
---
-# Tailscale serve configuration for this host
-# Each service maps a Tailscale service name to local endpoints
-#
-# NOTE: forge has been migrated to Caddy (forge.ops.eblu.me)
-# Registry will be migrated next, then this role can be retired.
-
-tailscale_serve_services:
-  - name: svc:registry
-    https:
-      port: 443
-      upstream: http://localhost:5050
--- a/ansible/roles/tailscale_serve/meta/main.yml
+++ b/ansible/roles/tailscale_serve/meta/main.yml
@ -1,4 +0,0 @@
---
-# Role ordering is controlled by indri.yml playbook - do not add dependencies here
-# (Ansible's tag accumulation prevents proper deduplication when using meta dependencies)
-dependencies: []
--- a/ansible/roles/tailscale_serve/tasks/main.yml
+++ b/ansible/roles/tailscale_serve/tasks/main.yml
@ -1,38 +0,0 @@
---
- name: Get current tailscale serve status
-  ansible.builtin.command: tailscale serve status --json
-  register: tailscale_serve_status
-  changed_when: false
-
- name: Parse serve status
-  ansible.builtin.set_fact:
-    tailscale_serve_config: "{{ ((tailscale_serve_status.stdout | default('{}', true)) | from_json).Services | default({}) }}"
-
-# Configure HTTPS if service doesn't have Web config yet
- name: Configure HTTPS services
-  ansible.builtin.command: >
-    tailscale serve --service="{{ item.name }}"
-    --https={{ item.https.port }} {{ item.https.upstream }}
-  loop: "{{ tailscale_serve_services }}"
-  when:
-    - item.https is defined
-    - tailscale_serve_config[item.name] is not defined or tailscale_serve_config[item.name].Web is not defined
-  register: tailscale_serve_https_result
-  changed_when: true
-  failed_when: false
-
-# Configure TCP if service doesn't have the specific port configured yet
- name: Configure TCP services
-  ansible.builtin.command: >
-    tailscale serve --service="{{ item.name }}"
-    --tcp={{ item.tcp.port }} {{ item.tcp.upstream }}
-  loop: "{{ tailscale_serve_services }}"
-  when:
-    - item.tcp is defined
-    - tailscale_serve_config[item.name] is not defined or
-      tailscale_serve_config[item.name].TCP is not defined or
-      tailscale_serve_config[item.name].TCP[item.tcp.port | string] is not defined or
-      tailscale_serve_config[item.name].TCP[item.tcp.port | string].TCPForward is not defined
-  register: tailscale_serve_tcp_result
-  changed_when: true
-  failed_when: false
--- a/argocd/manifests/devpi/statefulset.yaml
+++ b/argocd/manifests/devpi/statefulset.yaml
@ -19,7 +19,7 @@ spec:
      containers:
        - name: devpi
          # TODO: Tag builds with semantic versions (e.g., v1.0.0) for reproducibility
-          image: registry.tail8d86e.ts.net/blumeops/devpi:latest
+          image: registry.ops.eblu.me/blumeops/devpi:latest
          env:
            - name: DEVPI_ROOT_PASSWORD
              valueFrom:
--- a/containers/nettest/Dockerfile
+++ b/containers/nettest/Dockerfile
@ -5,10 +5,10 @@
 # - Minikube pods (manual testing)
 #
 # Build:
-#   docker build -t registry.tail8d86e.ts.net/blumeops/nettest:latest .
+#   docker build -t registry.ops.eblu.me/blumeops/nettest:latest .
 #
 # Run:
-#   docker run --rm registry.tail8d86e.ts.net/blumeops/nettest:latest
+#   docker run --rm registry.ops.eblu.me/blumeops/nettest:latest

 FROM alpine:3.21

--- a/mise-tasks/container-list
+++ b/mise-tasks/container-list
@ -3,7 +3,7 @@

 set -euo pipefail

-REGISTRY="registry.tail8d86e.ts.net"
+REGISTRY="registry.ops.eblu.me"
 CONTAINER_DIR="containers"

 echo "Container Images"
--- a/mise-tasks/container-tag-and-release
+++ b/mise-tasks/container-tag-and-release
@ -49,7 +49,7 @@ IMAGE="blumeops/${CONTAINER}"

 echo "Container: $CONTAINER"
 echo "Directory: $CONTAINER_DIR"
-echo "Image: registry.tail8d86e.ts.net/$IMAGE:$VERSION"
+echo "Image: registry.ops.eblu.me/$IMAGE:$VERSION"
 echo ""

 # Confirm
@ -68,7 +68,7 @@ echo ""
 echo "Tag '$TAG' created and pushed"
 echo ""
 echo "The workflow will now build and push:"
-echo "  registry.tail8d86e.ts.net/$IMAGE:$VERSION"
+echo "  registry.ops.eblu.me/$IMAGE:$VERSION"
 echo ""
 echo "Monitor the build at:"
 echo "  https://forge.ops.eblu.me/eblume/blumeops/actions"
--- a/mise-tasks/indri-services-check
+++ b/mise-tasks/indri-services-check
@ -71,7 +71,7 @@ check_http "Loki" "https://loki.tail8d86e.ts.net/ready"
 check_http "Grafana" "https://grafana.tail8d86e.ts.net/api/health"
 check_http "ArgoCD" "https://argocd.tail8d86e.ts.net/healthz"
 check_http "Forgejo" "https://forge.ops.eblu.me/"
-check_http "Zot Registry" "https://registry.tail8d86e.ts.net/v2/_catalog"
+check_http "Zot Registry" "https://registry.ops.eblu.me/v2/_catalog"
 check_http "Kiwix" "https://kiwix.tail8d86e.ts.net/"
 check_http "Miniflux" "https://feed.tail8d86e.ts.net/healthcheck"
 check_http "TeslaMate" "https://tesla.tail8d86e.ts.net/"