Sanitized mirror from private repository - 2026-04-18 11:19:59 UTC

hosts/synology/atlantis/zot.yaml

@@ -0,0 +1,38 @@
+# Zot — OCI pull-through registry cache
+# =============================================================================
+# Single-instance pull-through cache for Docker Hub, lscr.io, ghcr.io, quay.io
+#
+# How it works:
+#   - Each Docker host points its registry-mirror at http://100.83.230.112:5000
+#   - On first pull, Zot fetches from upstream and caches locally
+#   - Subsequent pulls on any host are served from local cache instantly
+#   - No credentials required for public images
+#
+# Storage: /volume2/metadata/docker2/zot/ (NVMe RAID1 — fast, ~10-20GB steady state)
+#
+# Web UI:  http://100.83.230.112:5050 (browse cached images)
+# Metrics: http://100.83.230.112:5050/metrics (Prometheus)
+#
+# Per-host mirror config (one-time, manual):
+#   Atlantis/Calypso: Container Manager → Registry → Settings → Mirror
+#   Other Linux hosts: /etc/docker/daemon.json → "registry-mirrors": ["http://100.83.230.112:5000"]
+#
+# To add credentials (Docker Hub authenticated pulls, ghcr.io):
+#   Drop /volume2/metadata/docker2/zot/credentials.json on Atlantis
+#   See docs/services/individual/zot.md for format
+# =============================================================================
+
+services:
+  zot:
+    image: ghcr.io/project-zot/zot-linux-amd64:latest
+    container_name: zot
+    restart: unless-stopped
+    ports:
+      - "5050:5000"
+    volumes:
+      - /volume2/metadata/docker2/zot/data:/var/lib/registry
+      - /volume2/metadata/docker2/zot/config.json:/etc/zot/config.json:ro
+      # credentials.json is optional — drop it on Atlantis to enable authenticated pulls
+      # - /volume2/metadata/docker2/zot/credentials.json:/etc/zot/credentials.json:ro
+    labels:
+      - com.centurylinklabs.watchtower.enable=true