{ config, pkgs, deployment, ... }: {
  imports = [ ../../common ../../common/lxc.nix ];
  networking.hostName = "registry";
  system.stateVersion = "21.11";

  networking.firewall.allowedTCPPorts =
    [ config.services.dockerRegistry.port 5001 ];

  services.dockerRegistry = {
    enable = true;
    enableDelete = true;
    enableGarbageCollect = true;
    listenAddress = "0.0.0.0";
    storagePath = null; # We want to store in s3
    garbageCollectDates = "weekly";

    extraConfig = {
      # S3 Storages
      storage.s3 = {
        regionendpoint = "https://s3.asraphiel.dev";
        bucket = "docker";
        region = "us-east-1"; # Fake but needed
        accesskey = "haha";
        secretkey = "hoho";
      };
      auth.htpasswd = {
        realm = "Voidcorp Registry";
        path = "/var/lib/keys/htaccess";
      };
      http.debug.addr = "0.0.0.0:5001";

      log = {
        accesslog = { disabled = false; };
        level = "debug";
        formatter = "text";
        fields = {
          service = "registry";
          environment = "staging";
        };
      };

      notifications.endpoints = [{
        name = "keel";
        url = "http://kubernetes.lxd:9300/v1/webhooks/registry";
        timeout = "500ms";
        treshold = 5;
        backoff = "1s";
      }];
    };
  };
  systemd.services.docker-registry.serviceConfig.EnvironmentFile =
    "/var/lib/keys/minioSettings";

  deployment.keys = {
    "minioSettings" = {
      keyCommand = [ "vault" "kv" "get" "-field=settings" "kv/registry" ];
      destDir = "/var/lib/keys";
      user = "docker-registry";
      permissions = "0660";
    };
    "htaccess" = {
      keyCommand = [ "vault" "kv" "get" "-field=htpasswd" "kv/registry" ];
      destDir = "/var/lib/keys";
      user = "docker-registry";
      permissions = "0660";
    };
  };
}