From bb957703202ae0508c14b99163f601b659811a4f Mon Sep 17 00:00:00 2001
From: Ryan Harg <ryan.harg@mailbox.org>
Date: Thu, 21 Nov 2024 13:38:37 +0100
Subject: [PATCH] Improve configuration

---
 .gitignore          |  1 +
 compose.yml         | 14 +-------------
 config.yml.template | 34 ++++++++++++++++++++++++++++++++++
 3 files changed, 36 insertions(+), 13 deletions(-)
 create mode 100644 config.yml.template

diff --git a/.gitignore b/.gitignore
index fc48ac9..6752674 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 auth/
+conf/
 .env
diff --git a/compose.yml b/compose.yml
index 7daa7ff..dfd1e16 100644
--- a/compose.yml
+++ b/compose.yml
@@ -2,22 +2,10 @@ services:
   registry:
     image: registry:2
     container_name: registry
-    env_file:
-      - .env
-    environment:
-      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
-      REGISTRY_STORAGE_DELETE_ENABLED: 'true'
-      REGISTRY_AUTH: htpasswd
-      REGISTRY_AUTH_HTPASSWD_REALM: Registry
-      REGISTRY_AUTH_HTPASSWD_PATH: /auth/registry.password
-      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Origin: "[$REGISTRY_URL]"
-      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Methods: '[HEAD,GET,OPTIONS,DELETE]'
-      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Credentials: '[true]'
-      REGISTRY_HTTP_HEADERS_Access-Control-Allow-Headers: '[Authorization,Accept,Cache-Control]'
-      REGISTRY_HTTP_HEADERS_Access-Control-Expose-Headers: '[Docker-Content-Digest]'
     volumes:
       - /mnt/raid/registry/data:/data
       - ./auth:/auth
+      - ./conf/config.yml:/etc/docker/registry/config.yml
     networks:
       - nginx_proxy
 
diff --git a/config.yml.template b/config.yml.template
new file mode 100644
index 0000000..a43ab2e
--- /dev/null
+++ b/config.yml.template
@@ -0,0 +1,34 @@
+version: 0.1
+log:
+  fields:
+    service: registry
+
+storage:
+  delete:
+    enabled: true
+  cache:
+    blobdescriptor: inmemory
+  filesystem:
+    rootdirectory: /data
+
+auth:
+  htpasswd:
+    realm: Registry
+    path: /auth/registry.password
+
+http:
+  addr: :5000
+  headers:
+    X-Content-Type-Options: [nosniff]
+    Access-Control-Allow-Origin: [https://registry.example.org]
+    Access-Control-Allow-Methods: [HEAD,GET,OPTIONS,DELETE]
+    Access-Control-Allow-Credentials: [true]
+    Access-Control-Allow-Headers: [Authorization,Accept,Cache-Control]
+    Access-Control-Expose-Headers: [Docker-Content-Digest]
+
+health:
+  storagedriver:
+    enabled: true
+    interval: 10s
+    threshold: 3
+