feat: migrate all container images to Archipelago app registry
Some checks failed
Build Archipelago ISO / build-iso (push) Failing after 0s
Some checks failed
Build Archipelago ISO / build-iso (push) Failing after 0s
All container image references now pull from 80.71.235.15:3000/archipelago/
instead of Docker Hub and ghcr.io. image-versions.sh is the single source
of truth; all scripts use $*_IMAGE variables instead of hardcoded refs.
Files updated:
- scripts/image-versions.sh: central ARCHY_REGISTRY variable
- core/*/config.rs: registry whitelist includes app registry
- core/*/stacks.rs: Immich + Penpot stack images
- scripts/{first-boot,deploy-to-target,container-specs}.sh: use variables
- docker/*/Dockerfile: nginx base image from registry
- image-recipe/: ISO build, podman config, menu script
- scripts/{container-doctor,deploy-bitcoin-knots,fix-indeedhub,validate-app-manifest}.sh
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -4,7 +4,7 @@ use anyhow::{Context, Result};
|
||||
|
||||
/// Trusted Docker registries. Only images from these sources are allowed.
|
||||
#[allow(dead_code)]
|
||||
pub(super) const TRUSTED_REGISTRIES: &[&str] = &["docker.io/", "ghcr.io/", "localhost/"];
|
||||
pub(super) const TRUSTED_REGISTRIES: &[&str] = &["docker.io/", "ghcr.io/", "localhost/", "80.71.235.15:3000/"];
|
||||
|
||||
/// Detect which Bitcoin container is running on archy-net for DNS resolution.
|
||||
/// Returns the container name to use as the RPC host (e.g., "bitcoin-knots").
|
||||
@@ -40,7 +40,7 @@ pub(super) fn is_valid_docker_image(image: &str) -> bool {
|
||||
Some(r) => r,
|
||||
None => return false,
|
||||
};
|
||||
matches!(registry, "docker.io" | "ghcr.io" | "localhost")
|
||||
matches!(registry, "docker.io" | "ghcr.io" | "localhost" | "80.71.235.15:3000")
|
||||
}
|
||||
|
||||
/// Per-app Linux capabilities needed beyond the default cap-drop=ALL.
|
||||
|
||||
@@ -33,9 +33,9 @@ impl RpcHandler {
|
||||
}
|
||||
|
||||
let images = [
|
||||
"ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0",
|
||||
"docker.io/valkey/valkey:7-alpine",
|
||||
"ghcr.io/immich-app/immich-server:release",
|
||||
"80.71.235.15:3000/archipelago/immich-postgres:14-vectorchord0.4.3-pgvectors0.2.0",
|
||||
"80.71.235.15:3000/archipelago/valkey:7-alpine",
|
||||
"80.71.235.15:3000/archipelago/immich-server:release",
|
||||
];
|
||||
for img in &images {
|
||||
let _ = tokio::process::Command::new("podman")
|
||||
@@ -76,7 +76,7 @@ impl RpcHandler {
|
||||
"POSTGRES_USER=postgres",
|
||||
"-e",
|
||||
"POSTGRES_DB=immich",
|
||||
"ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0",
|
||||
"80.71.235.15:3000/archipelago/immich-postgres:14-vectorchord0.4.3-pgvectors0.2.0",
|
||||
])
|
||||
.output()
|
||||
.await;
|
||||
@@ -92,7 +92,7 @@ impl RpcHandler {
|
||||
"unless-stopped",
|
||||
"--network",
|
||||
"immich-net",
|
||||
"docker.io/valkey/valkey:7-alpine",
|
||||
"80.71.235.15:3000/archipelago/valkey:7-alpine",
|
||||
])
|
||||
.output()
|
||||
.await;
|
||||
@@ -124,7 +124,7 @@ impl RpcHandler {
|
||||
"REDIS_HOSTNAME=immich_redis",
|
||||
"-e",
|
||||
"UPLOAD_LOCATION=/usr/src/app/upload",
|
||||
"ghcr.io/immich-app/immich-server:release",
|
||||
"80.71.235.15:3000/archipelago/immich-server:release",
|
||||
])
|
||||
.output()
|
||||
.await
|
||||
@@ -161,11 +161,11 @@ impl RpcHandler {
|
||||
}
|
||||
|
||||
let images = [
|
||||
"docker.io/postgres:15",
|
||||
"docker.io/valkey/valkey:8.1",
|
||||
"docker.io/penpotapp/backend:2.4",
|
||||
"docker.io/penpotapp/exporter:2.4",
|
||||
"docker.io/penpotapp/frontend:2.4",
|
||||
"80.71.235.15:3000/archipelago/postgres:15",
|
||||
"80.71.235.15:3000/archipelago/valkey:8.1",
|
||||
"80.71.235.15:3000/archipelago/penpot-backend:2.4",
|
||||
"80.71.235.15:3000/archipelago/penpot-exporter:2.4",
|
||||
"80.71.235.15:3000/archipelago/penpot-frontend:2.4",
|
||||
];
|
||||
for img in &images {
|
||||
let _ = tokio::process::Command::new("podman")
|
||||
@@ -211,7 +211,7 @@ impl RpcHandler {
|
||||
"POSTGRES_USER=penpot",
|
||||
"-e",
|
||||
"POSTGRES_PASSWORD=penpot",
|
||||
"docker.io/postgres:15",
|
||||
"80.71.235.15:3000/archipelago/postgres:15",
|
||||
])
|
||||
.output()
|
||||
.await;
|
||||
@@ -229,7 +229,7 @@ impl RpcHandler {
|
||||
"penpot-net",
|
||||
"-e",
|
||||
"VALKEY_EXTRA_FLAGS=--maxmemory 128mb --maxmemory-policy volatile-lfu",
|
||||
"docker.io/valkey/valkey:8.1",
|
||||
"80.71.235.15:3000/archipelago/valkey:8.1",
|
||||
])
|
||||
.output()
|
||||
.await;
|
||||
@@ -265,7 +265,7 @@ impl RpcHandler {
|
||||
"PENPOT_OBJECTS_STORAGE_FS_DIRECTORY=/opt/data/assets",
|
||||
"-e",
|
||||
"PENPOT_FLAGS=disable-email-verification enable-smtp enable-prepl-server disable-secure-session-cookies",
|
||||
"docker.io/penpotapp/backend:2.4",
|
||||
"80.71.235.15:3000/archipelago/penpot-backend:2.4",
|
||||
])
|
||||
.output()
|
||||
.await;
|
||||
@@ -287,7 +287,7 @@ impl RpcHandler {
|
||||
"PENPOT_PUBLIC_URI=http://penpot-frontend:8080",
|
||||
"-e",
|
||||
"PENPOT_REDIS_URI=redis://penpot-valkey/0",
|
||||
"docker.io/penpotapp/exporter:2.4",
|
||||
"80.71.235.15:3000/archipelago/penpot-exporter:2.4",
|
||||
])
|
||||
.output()
|
||||
.await;
|
||||
@@ -311,7 +311,7 @@ impl RpcHandler {
|
||||
&format!("PENPOT_PUBLIC_URI=http://{}:9001", host_ip),
|
||||
"-e",
|
||||
"PENPOT_FLAGS=disable-email-verification enable-smtp enable-prepl-server disable-secure-session-cookies",
|
||||
"docker.io/penpotapp/frontend:2.4",
|
||||
"80.71.235.15:3000/archipelago/penpot-frontend:2.4",
|
||||
])
|
||||
.output()
|
||||
.await
|
||||
|
||||
Reference in New Issue
Block a user