[Unit]
Description=Docker Registry with Caddy Reverse Proxy
After=docker.service
Requires=docker.service

[Service]
Type=oneshot
RemainAfterExit=yes
User=CI_SERVICE_USER
Group=CI_SERVICE_USER
WorkingDirectory=/opt/APP_NAME/registry
ExecStart=/usr/bin/docker compose -f docker-compose.registry.yml up -d
ExecStop=/usr/bin/docker compose -f docker-compose.registry.yml down
ExecReload=/usr/bin/docker compose -f docker-compose.registry.yml restart
TimeoutStartSec=0

# Security settings
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/opt/APP_NAME/registry /etc/registry /var/lib/registry /var/log/registry

[Install]
WantedBy=multi-user.target