add docker-registry

docker-registry/README.txt

@@ -0,0 +1,75 @@
+Docker Registry Template
+========================
+
+A private Docker registry with htpasswd authentication.
+
+SETUP INSTRUCTIONS
+------------------
+
+1. Create the htpasswd file for authentication:
+
+   # Create a new htpasswd file with the first user:
+   docker run --rm --entrypoint htpasswd httpd:2 -Bbn USERNAME PASSWORD > ${LOCAL_CONFIG_PATH}/htpasswd
+
+   # Add additional users:
+   docker run --rm --entrypoint htpasswd httpd:2 -Bbn ANOTHER_USER PASSWORD >> ${LOCAL_CONFIG_PATH}/htpasswd
+
+   Replace USERNAME and PASSWORD with your desired credentials.
+   The -B flag uses bcrypt encryption (recommended for security).
+
+2. Install the service:
+   dropshell install $SERVER $SERVICE
+
+CONFIGURATION
+-------------
+
+Edit the service.env file to customize:
+- CONTAINER_NAME: Name of the container (default: docker-registry)
+- REGISTRY_PORT: Port to expose the registry (default: 5000)
+- IMAGE_TAG: Registry version (default: 2)
+
+USAGE
+-----
+
+After installation, configure Docker clients to use your registry:
+
+1. For HTTPS (recommended for production):
+   Your registry should be behind a reverse proxy (e.g., Caddy) with TLS.
+
+   docker login registry.yourdomain.com
+   docker push registry.yourdomain.com/myimage:tag
+   docker pull registry.yourdomain.com/myimage:tag
+
+2. For HTTP (testing only - insecure):
+   Add to /etc/docker/daemon.json on each client:
+   {
+     "insecure-registries": ["your-server-ip:5000"]
+   }
+   Then restart Docker and:
+
+   docker login your-server-ip:5000
+   docker push your-server-ip:5000/myimage:tag
+
+MANAGING USERS
+--------------
+
+To add a new user:
+   docker run --rm --entrypoint htpasswd httpd:2 -Bbn NEWUSER PASSWORD >> ${LOCAL_CONFIG_PATH}/htpasswd
+   dropshell install $SERVER $SERVICE   # Restart to apply changes
+
+To remove a user:
+   Edit ${LOCAL_CONFIG_PATH}/htpasswd and remove the line for that user.
+   dropshell install $SERVER $SERVICE   # Restart to apply changes
+
+DATA STORAGE
+------------
+
+All registry data (images, blobs, etc.) is stored in a Docker volume:
+   ${CONTAINER_NAME}_data
+
+This maps to /var/lib/registry inside the container.
+
+PORTS
+-----
+
+- 5000 (configurable via REGISTRY_PORT): Docker registry API

docker-registry/_volumes.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+# Define volume items for docker-registry container
+# These are used across backup, restore, create, and destroy operations
+
+get_registry_volumes() {
+    echo "volume:data:${DATA_VOLUME}"
+}

docker-registry/backup.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+# shellcheck disable=SC1091
+source "${AGENT_PATH}/common.sh"
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "${SCRIPT_DIR}/_volumes.sh"
+_check_required_env_vars
+
+_stop_container "$CONTAINER_NAME"
+
+# shellcheck disable=SC2046
+backup_items $(get_registry_volumes) || _die "Failed to create backup"
+
+_start_container "$CONTAINER_NAME"
+
+echo "Backup created successfully: $BACKUP_FILE"

docker-registry/config/service.env

@@ -0,0 +1,12 @@
+# Service settings specific to this server
+# (can also override anything in the template_info.env file in the template to make it specific to this server)
+CONTAINER_NAME=docker-registry
+IMAGE_TAG="2"
+
+# Server Settings
+SSH_USER="root"
+
+# Registry port (default: 5000)
+REGISTRY_PORT=5000
+
+TEMPLATE=docker-registry

docker-registry/destroy.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+# shellcheck disable=SC1091
+source "${AGENT_PATH}/common.sh"
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "${SCRIPT_DIR}/_volumes.sh"
+_check_required_env_vars
+
+./uninstall.sh
+
+# shellcheck disable=SC2046
+destroy_items $(get_registry_volumes) || _die "Failed to destroy docker volumes"
+
+echo "Destroyed ${CONTAINER_NAME}."

docker-registry/install.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+# shellcheck disable=SC1091
+source "${AGENT_PATH}/common.sh"
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "${SCRIPT_DIR}/_volumes.sh"
+_check_required_env_vars "CONTAINER_NAME" "IMAGE_REGISTRY" "IMAGE_REPO" "IMAGE_TAG" "DATA_VOLUME" "CONFIG_PATH"
+
+# shellcheck disable=SC2046
+create_items $(get_registry_volumes) || _die "Failed to create volume ${DATA_VOLUME}"
+
+_check_docker_installed || _die "Docker test failed, aborting installation..."
+
+docker pull "$IMAGE_REGISTRY/$IMAGE_REPO:$IMAGE_TAG" || _die "Failed to pull image $IMAGE_REGISTRY/$IMAGE_REPO:$IMAGE_TAG"
+
+# Verify htpasswd file exists for authentication
+[ -f "${CONFIG_PATH}/htpasswd" ] || _die "htpasswd file not found in ${CONFIG_PATH}/htpasswd - see README.txt for instructions"
+
+bash ./stop.sh || _die "Failed to stop container ${CONTAINER_NAME}"
+_remove_container "$CONTAINER_NAME" || _die "Failed to remove container ${CONTAINER_NAME}"
+bash ./start.sh || _die "Failed to start container ${CONTAINER_NAME}"
+
+echo "Installation of ${CONTAINER_NAME} complete"

docker-registry/logs.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+source "${AGENT_PATH}/common.sh"
+_check_required_env_vars
+
+# Main script.
+echo "Container ${CONTAINER_NAME} logs:"
+_grey_start
+docker logs "${CONTAINER_NAME}"
+_grey_end

docker-registry/restore.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+# shellcheck disable=SC1091
+source "${AGENT_PATH}/common.sh"
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "${SCRIPT_DIR}/_volumes.sh"
+_check_required_env_vars
+
+# RESTORE SCRIPT
+
+# uninstall container before restore
+./uninstall.sh || _die "Failed to uninstall service before restore"
+
+# restore data from backup file
+# shellcheck disable=SC2046
+restore_items $(get_registry_volumes) || _die "Failed to restore data from backup file"
+
+# reinstall service
+./install.sh || _die "Failed to reinstall service after restore"
+
+echo "Restore complete! Service is running again."

docker-registry/start.sh

@@ -0,0 +1,33 @@
+#!/bin/bash
+source "${AGENT_PATH}/common.sh"
+_check_required_env_vars "CONTAINER_NAME" "IMAGE_REGISTRY" "IMAGE_REPO" "IMAGE_TAG" "DATA_VOLUME" "CONFIG_PATH" "REGISTRY_PORT"
+
+# START SCRIPT
+# The start script is required for all templates.
+# It is used to start the service on the server.
+
+if [ ! -f "${CONFIG_PATH}/htpasswd" ]; then
+    _die "htpasswd file not found in ${CONFIG_PATH}/htpasswd - see README.txt for instructions"
+fi
+
+DOCKER_RUN_CMD="docker run -d \
+                --restart unless-stopped \
+                --name ${CONTAINER_NAME} \
+                -p ${REGISTRY_PORT}:5000 \
+                -v ${DATA_VOLUME}:/var/lib/registry \
+                -v ${CONFIG_PATH}/htpasswd:/auth/htpasswd:ro \
+                -e REGISTRY_AUTH=htpasswd \
+                -e REGISTRY_AUTH_HTPASSWD_REALM=Registry \
+                -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
+                ${IMAGE_REGISTRY}/${IMAGE_REPO}:${IMAGE_TAG}"
+
+if ! _create_and_start_container "$DOCKER_RUN_CMD" "$CONTAINER_NAME"; then
+    _die "Failed to start container ${CONTAINER_NAME}"
+fi
+
+# Check if the container is running
+if ! _is_container_running "$CONTAINER_NAME"; then
+    _die "Container ${CONTAINER_NAME} is not running"
+fi
+
+echo "Container ${CONTAINER_NAME} started on port ${REGISTRY_PORT}"

docker-registry/status.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+source "${AGENT_PATH}/common.sh"
+_check_required_env_vars
+
+# STATUS SCRIPT
+# The status script is required for all templates.
+# It is used to return the status of the service.
+
+# check if the service is running
+_is_container_running "$CONTAINER_NAME" || _die "Service is not running - did not find container $CONTAINER_NAME."
+
+echo "Service is healthy"
+exit 0

docker-registry/stop.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+source "${AGENT_PATH}/common.sh"
+_check_required_env_vars
+
+# STOP SCRIPT
+# The stop script is required for all templates.
+# It is used to stop the service on the server.
+
+_stop_container "$CONTAINER_NAME" || _die "Failed to stop container ${CONTAINER_NAME}"
+
+echo "Container ${CONTAINER_NAME} stopped"

docker-registry/template_info.env

@@ -0,0 +1,16 @@
+# DO NOT EDIT THIS FILE FOR YOUR SERVICE!
+# This file is replaced from the template whenever there is an update.
+# Edit the service.env file to make changes.
+
+# Template to use - always required!
+TEMPLATE=docker-registry
+REQUIRES_HOST_ROOT=false
+REQUIRES_DOCKER=true
+REQUIRES_DOCKER_ROOT=false
+
+# Image settings
+IMAGE_REGISTRY="docker.io"
+IMAGE_REPO="library/registry"
+
+# Volume settings - stores all registry data (images, blobs, etc.)
+DATA_VOLUME="${CONTAINER_NAME}_data"

docker-registry/uninstall.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+source "${AGENT_PATH}/common.sh"
+_check_required_env_vars
+
+# UNINSTALL SCRIPT
+# The uninstall script is required for all templates.
+# It is used to uninstall the service from the server.
+
+_remove_container "$CONTAINER_NAME" || _die "Failed to remove container ${CONTAINER_NAME}"
+_is_container_running "$CONTAINER_NAME" && _die "Couldn't stop existing container"
+_is_container_exists "$CONTAINER_NAME" && _die "Couldn't remove existing container"
+
+# remove the image
+docker rmi "$IMAGE_REGISTRY/$IMAGE_REPO:$IMAGE_TAG" || echo "Failed to remove image $IMAGE_REGISTRY/$IMAGE_REPO:$IMAGE_TAG"
+
+echo "Uninstallation of ${CONTAINER_NAME} complete."
+echo "Local data still in place."