Run docker registry as mrsk accessory

mrsk-accessory-docker-registry.yml

registry-github: &docker
  username: username
  password:
    - DOCKER_TOKEN
registry-internal: &internal
  server: registry.example.com
  username: testuser
  password: testpassword123
# This uses YAML magic and Ruby template language to select registry on the fly
registry: *<%= ENV["MRSK_REGISTRY"] || 'internal' %>
healthcheck:
  path: /api/health
accessories:
  registry:
    image: registry:2
    host: *host
    port: 5000
    volumes:
      - registry:/var/lib/registry
    files:
      # Will be placed to ${USER}/${service.name}-${accessory.name} folder
      # and mounted inside the container at the specified path
      - config/htpasswd:/etc/docker/registry/htpasswd
    env:
      clear:
        REGISTRY_HTTP_ADDR: 0.0.0.0:5000
        REGISTRY_AUTH: htpasswd
        REGISTRY_HTTP_SECRET: asecretforlocaldevelopment
        # Must use bcrypt for the password hash https://docs.docker.com/registry/configuration/#htpasswd
        # docker run --entrypoint htpasswd httpd:2 -Bbn testuser testpassword123
        REGISTRY_AUTH_HTPASSWD_PATH: /etc/docker/registry/htpasswd
        REGISTRY_AUTH_HTPASSWD_REALM: Registry Realm
        REGISTRY_STORAGE_DELETE_ENABLED: true
    labels:
      traefik.http.routers.registry-web.rule: Host(`registry.example.com`)
      traefik.http.services.registry.loadbalancer.server.port: 5000
      traefik.http.routers.registry-websecure.entrypoints: websecure
      traefik.http.routers.registry-websecure.rule: Host(`registry.example.com`)
      traefik.http.routers.registry-websecure.tls: true
      traefik.http.routers.registry-websecure.tls.certresolver: letsencrypt

On first run, use docker (or ghcr) registry so we can boot the internal registry container

MRSK_REGISTRY=docker mrsk accessory boot registry

After that, run normally as you would to deploy the rest of stuff...

mrsk deploy