Add basic proof-of-concept

.gitignore

@@ -1,2 +1,6 @@
 harbor.yml
 cert/*
+common/
+database/
+redis/
+secret/

README.md

@@ -1,6 +1,6 @@
 **Harbor on Podman for Rocky Linux 9**
 
-This document provides a minimal, engineer‑oriented guide to deploy Harbor on Rocky Linux 9 using Podman and podman‑compose. It covers system preparation, repository setup, configuration, TLS certificate generation, installer adjustments, and troubleshooting.
+This document provides a minimal, engineer‑oriented guide to deploy Harbor on Rocky Linux 9 using Podman and podman‑compose. It covers system preparation, repository setup, configuration, TLS certificate generation and the setup.
 
 ## 1. Prerequisites & System Preparation
 

docker-compose.yml

@@ -0,0 +1,237 @@
+services:
+  log:
+    image: goharbor/harbor-log:v2.13.0
+    container_name: harbor-log
+    restart: always
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - DAC_OVERRIDE
+      - SETGID
+      - SETUID
+    volumes:
+      - /opt/harbor-podman/log:/var/log/docker/:z
+      - type: bind
+        source: /opt/harbor-podman/common/config/log/logrotate.conf
+        target: /etc/logrotate.d/logrotate.conf
+      - type: bind
+        source: /opt/harbor-podman/common/config/log/rsyslog_docker.conf
+        target: /etc/rsyslog.d/rsyslog_docker.conf
+    ports:
+      - 127.0.0.1:1514:10514
+    networks:
+      - harbor
+  registry:
+    image: goharbor/registry-photon:v2.13.0
+    container_name: registry
+    restart: always
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - SETGID
+      - SETUID
+    volumes:
+      - /opt/harbor-podman/registry:/storage:z
+      - /opt/harbor-podman/common/config/registry/:/etc/registry/:z
+      - type: bind
+        source: /opt/harbor-podman/secret/registry/root.crt
+        target: /etc/registry/root.crt
+      - type: bind
+        source: /opt/harbor-podman/common/config/shared/trust-certificates
+        target: /harbor_cust_cert
+    networks:
+      - harbor
+    depends_on:
+      - log
+  registryctl:
+    image: goharbor/harbor-registryctl:v2.13.0
+    container_name: registryctl
+    env_file:
+      - /opt/harbor-podman/common/config/registryctl/env
+    restart: always
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - SETGID
+      - SETUID
+    volumes:
+      - /opt/harbor-podman/registry:/storage:z
+      - /opt/harbor-podman/common/config/registry/:/etc/registry/:z
+      - type: bind
+        source: /opt/harbor-podman/common/config/registryctl/config.yml
+        target: /etc/registryctl/config.yml
+      - type: bind
+        source: /opt/harbor-podman/common/config/shared/trust-certificates
+        target: /harbor_cust_cert
+    networks:
+      - harbor
+    depends_on:
+      - log
+  postgresql:
+    image: goharbor/harbor-db:v2.13.0
+    container_name: harbor-db
+    restart: always
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - DAC_OVERRIDE
+      - SETGID
+      - SETUID
+    volumes:
+      - /opt/harbor-podman/database:/var/lib/postgresql/data:z
+    networks:
+      harbor:
+    env_file:
+      - /opt/harbor-podman/common/config/db/env
+    depends_on:
+      - log
+  core:
+    image: goharbor/harbor-core:v2.13.0
+    container_name: harbor-core
+    env_file:
+      - /opt/harbor-podman/common/config/core/env
+    restart: always
+    cap_drop:
+      - ALL
+    cap_add:
+      - SETGID
+      - SETUID
+    volumes:
+      - /opt/harbor-podman/ca_download/:/etc/core/ca/:z
+      - /opt/harbor-podman/:/data/:z
+      - /opt/harbor-podman/common/config/core/certificates/:/etc/core/certificates/:z
+      - type: bind
+        source: /opt/harbor-podman/common/config/core/app.conf
+        target: /etc/core/app.conf
+      - type: bind
+        source: /opt/harbor-podman/secret/core/private_key.pem
+        target: /etc/core/private_key.pem
+      - type: bind
+        source: /opt/harbor-podman/secret/keys/secretkey
+        target: /etc/core/key
+      - type: bind
+        source: /opt/harbor-podman/common/config/shared/trust-certificates
+        target: /harbor_cust_cert
+    networks:
+      harbor:
+    depends_on:
+      - log
+      - registry
+      - redis
+      - postgresql
+  portal:
+    image: goharbor/harbor-portal:v2.13.0
+    container_name: harbor-portal
+    restart: always
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - SETGID
+      - SETUID
+      - NET_BIND_SERVICE
+    volumes:
+      - type: bind
+        source: /opt/harbor-podman/common/config/portal/nginx.conf
+        target: /etc/nginx/nginx.conf
+    networks:
+      - harbor
+    depends_on:
+      - log
+  jobservice:
+    image: goharbor/harbor-jobservice:v2.13.0
+    container_name: harbor-jobservice
+    env_file:
+      - /opt/harbor-podman/common/config/jobservice/env
+    restart: always
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - SETGID
+      - SETUID
+    volumes:
+      - /opt/harbor-podman/job_logs:/var/log/jobs:z
+      - type: bind
+        source: /opt/harbor-podman/common/config/jobservice/config.yml
+        target: /etc/jobservice/config.yml
+      - type: bind
+        source: /opt/harbor-podman/common/config/shared/trust-certificates
+        target: /harbor_cust_cert
+    networks:
+      - harbor
+    depends_on:
+      - core
+  redis:
+    image: goharbor/redis-photon:v2.13.0
+    container_name: redis
+    restart: always
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - SETGID
+      - SETUID
+    volumes:
+      - /opt/harbor-podman/redis:/var/lib/redis
+    networks:
+      harbor:
+    depends_on:
+      - log
+  proxy:
+    image: goharbor/nginx-photon:v2.13.0
+    container_name: nginx
+    restart: always
+    cap_drop:
+      - ALL
+    cap_add:
+      - CHOWN
+      - SETGID
+      - SETUID
+      - NET_BIND_SERVICE
+    volumes:
+      - /opt/harbor-podman/common/config/nginx:/etc/nginx:z
+      - /opt/harbor-podman/secret/cert:/etc/cert:z
+      - type: bind
+        source: /opt/harbor-podman/common/config/shared/trust-certificates
+        target: /harbor_cust_cert
+    networks:
+      - harbor
+    ports:
+      - 80:8080
+      - 443:8443
+    depends_on:
+      - registry
+      - core
+      - portal
+      - log
+  trivy-adapter:
+    container_name: trivy-adapter
+    image: goharbor/trivy-adapter-photon:v2.13.0
+    restart: always
+    cap_drop:
+      - ALL
+    depends_on:
+      - log
+      - redis
+    networks:
+      - harbor
+    volumes:
+      - type: bind
+        source: /opt/harbor-podman/trivy-adapter/trivy
+        target: /home/scanner/.cache/trivy
+      - type: bind
+        source: /opt/harbor-podman/trivy-adapter/reports
+        target: /home/scanner/.cache/reports
+      - type: bind
+        source: /opt/harbor-podman/common/config/shared/trust-certificates
+        target: /harbor_cust_cert
+  harbor:
+    external: false
+
+networks:
+  harbor: