From a952f68bdfdb7bb176bc71221df1062facddf6c5 Mon Sep 17 00:00:00 2001
From: Nathan <nathan@castaldifamily.com>
Date: Fri, 17 Apr 2026 15:03:27 -0400
Subject: [PATCH] Add Docker registry service configuration with htpasswd
 authentication

---
 .gitignore                                  |  1 +
 nodes/heimdall/docker_registry/compose.yaml | 25 +++++++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 nodes/heimdall/docker_registry/compose.yaml

diff --git a/.gitignore b/.gitignore
index 380d96e..dffc59e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -45,3 +45,4 @@ logs/
 # Local development overrides
 docker-compose.override.yml
 compose.override.yml
+htpasswd
\ No newline at end of file
diff --git a/nodes/heimdall/docker_registry/compose.yaml b/nodes/heimdall/docker_registry/compose.yaml
new file mode 100644
index 0000000..fbff16e
--- /dev/null
+++ b/nodes/heimdall/docker_registry/compose.yaml
@@ -0,0 +1,25 @@
+services:
+  registry:
+    image: registry:2
+    restart: always
+    environment:
+      - REGISTRY_AUTH=htpasswd
+      - REGISTRY_AUTH_HTPASSWD_REALM=Registry
+      - REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd
+      - REGISTRY_STORAGE_DELETE_ENABLED=true
+    volumes:
+      - /mnt/appdata/docker_registry/data:/var/lib/registry
+      - /mnt/appdata/docker_registry/auth:/auth
+    networks:
+      - proxy-net
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.registry.rule=Host(`registry.castaldifamily.com`)
+      - traefik.http.routers.registry.entrypoints=websecure
+      - traefik.http.routers.registry.tls.certresolver=cloudflare
+      - traefik.http.services.registry.loadbalancer.server.port=5000
+
+networks:
+  proxy-net:
+    name: proxy-net
+    external: true
\ No newline at end of file