Erich Blume
ad7e9af453
Reference docs should describe "what things are", not "how to do things". Removed: - CLI command examples - Operational workflows (PR workflow, sync commands) - Setup/bootstrap procedures - "Useful Commands" sections Also split hosts.md into individual cards: - infrastructure/indri.md - Primary server details - infrastructure/gilbert.md - Development workstation This content belongs in how-to guides (future phase). Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1.1 KiB
1.1 KiB
| title | tags | ||
|---|---|---|---|
| Zot |
|
Zot
OCI-native container registry providing pull-through cache and private image storage.
Quick Reference
| Property | Value |
|---|---|
| URL | https://registry.ops.eblu.me |
| Local Port | 5050 |
| Data | ~/zot |
| Config | ~/.config/zot/config.json |
| LaunchAgent | mcquack |
Namespace Convention
| Path | Source |
|---|---|
registry.ops.eblu.me/docker.io/* |
Cached from Docker Hub |
registry.ops.eblu.me/ghcr.io/* |
Cached from GHCR |
registry.ops.eblu.me/quay.io/* |
Cached from Quay |
registry.ops.eblu.me/blumeops/* |
Private images |
Pull-Through Cache
When kubernetes/cluster pulls an image, containerd checks zot first. If cached, returns immediately. If not, zot fetches from upstream, caches it, then returns.
Security Model
Network access only (no authentication). Defense is the Tailscale ACL boundary.
Related
- services/forgejo - Container build CI
- kubernetes/cluster - Registry consumer