From b291cee84c08cc63a0cc0d1c67c5b859a4d20f06 Mon Sep 17 00:00:00 2001
From: Nathan <nathan@castaldifamily.com>
Date: Fri, 17 Apr 2026 15:39:36 -0400
Subject: [PATCH] fix: update Docker registry configuration to use external
 secrets for htpasswd

---
 nodes/heimdall/docker_registry/compose.yaml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/nodes/heimdall/docker_registry/compose.yaml b/nodes/heimdall/docker_registry/compose.yaml
index 2a90493..9bd42f8 100644
--- a/nodes/heimdall/docker_registry/compose.yaml
+++ b/nodes/heimdall/docker_registry/compose.yaml
@@ -6,14 +6,15 @@ services:
     environment:
       - REGISTRY_AUTH=htpasswd
       - REGISTRY_AUTH_HTPASSWD_REALM=Registry
-      - REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd  # Back to this
+      - REGISTRY_AUTH_HTPASSWD_PATH=/run/secrets/registry_htpasswd
       - REGISTRY_STORAGE_DELETE_ENABLED=true
       - REGISTRY_HTTP_SECRET=something_very_random_and_long
     volumes:
       - /mnt/appdata/docker_registry/data:/var/lib/registry
-      - /mnt/appdata/docker_registry/auth:/auth
     networks:
       - proxy-net
+    secrets:
+      - registry_htpasswd
     labels:
       - traefik.enable=true
       - traefik.http.routers.registry.rule=Host(`registry.castaldifamily.com`)
@@ -21,6 +22,10 @@ services:
       - traefik.http.routers.registry.tls.certresolver=cloudflare
       - traefik.http.services.registry.loadbalancer.server.port=5000
 
+secrets:
+  registry_htpasswd:
+    external: true
+
 networks:
   proxy-net:
     name: proxy-net