UB
Universal Blue7mo ago
j0rge

Local Zot Registry Cache

Zot thread! Details in here please @p5 - currently on mobile
1 Reply
p5
p57mo ago
Have created a Quadlet configuration which can act as a pull-through cache for images hosted in multiple registries (Quay, GHCR, Docker Hub etc) Not checked if you can pull signed images through it yet, but I don't see why not 
[Unit]
Description=A Zot registry container
After=network-online.target

[Container]
Image=ghcr.io/project-zot/zot-linux-amd64:latest
ContainerName=zot
Exec=serve /etc/zot/config.yaml
Network=eternal.network
Volume=zot.volume:/var/lib/zot/data
Volume=%h/.config/eternal/zot-config.yaml:/etc/zot/config.yaml:Z
PublishPort=5000:5000

[Service]
TimeoutStartSec=900
ExecStartPre=-mkdir -p %h/.config/eternal
ExecStartPre=-cp /etc/containers/systemd/users/_config/zot-config.yaml %h/.config/eternal/zot-config.yaml

[Install]
WantedBy=multi-user.target
[Unit]
Description=A Zot registry container
After=network-online.target

[Container]
Image=ghcr.io/project-zot/zot-linux-amd64:latest
ContainerName=zot
Exec=serve /etc/zot/config.yaml
Network=eternal.network
Volume=zot.volume:/var/lib/zot/data
Volume=%h/.config/eternal/zot-config.yaml:/etc/zot/config.yaml:Z
PublishPort=5000:5000

[Service]
TimeoutStartSec=900
ExecStartPre=-mkdir -p %h/.config/eternal
ExecStartPre=-cp /etc/containers/systemd/users/_config/zot-config.yaml %h/.config/eternal/zot-config.yaml

[Install]
WantedBy=multi-user.target
The config file is a bit wierd. It cannot live in /etc because Zot watches it for configuration changes, and that throws permission errors.
This is why there's a pre-start step which copies it to the home directory where user systemd services have sufficient permissions And the main config file which allows you to pull through the registries 
distspecversion: 1.0.1
http:
  address: 0.0.0.0
  port: 5000
storage:
  rootdirectory: /var/lib/zot/data
extensions:
  search:
    enable: true
    cve:
      updateInterval: 12h
  ui:
    enable: true
  sync:
    registries:
      - urls:
        - https://ghcr.io/ublue-os
        onDemand: true
        content:
          - prefix: "ublue-os/**"
distspecversion: 1.0.1
http:
  address: 0.0.0.0
  port: 5000
storage:
  rootdirectory: /var/lib/zot/data
extensions:
  search:
    enable: true
    cve:
      updateInterval: 12h
  ui:
    enable: true
  sync:
    registries:
      - urls:
        - https://ghcr.io/ublue-os
        onDemand: true
        content:
          - prefix: "ublue-os/**"
To add more registries, just add items to the YAML list And finally, to pull an image through Zot (even before it's loaded into Zot), you can run 
$ docker/podman pull localhost:5000/ublue-os/xyz:latest
$ docker/podman pull localhost:5000/ublue-os/xyz:latest
It will show no output at first, but it's first being loaded into Zot. Once it's fully loaded in Zot, you then start downloading it from the local registry All three files can be found in this repo https://github.com/rsturla/eternal-images/blob/main/lumina/files/usr/etc/containers/systemd/users/zot.container https://github.com/rsturla/eternal-images/blob/main/lumina/files/usr/etc/containers/systemd/users/zot.volume https://github.com/rsturla/eternal-images/blob/main/lumina/files/usr/etc/containers/systemd/users/_config/zot-config.yaml So when running an ostree-native container in a VM, I guess you'd replace localhost with your host's IP on the VM network and you're good to go
Want results from more Discord servers?
Add your server