From ff4cca73b96381f8c90bb01ff794aafb1fd8ebb3 Mon Sep 17 00:00:00 2001
From: Viktor Barzin <vbarzin@gmail.com>
Date: Sat, 9 May 2026 11:03:51 +0000
Subject: [PATCH] chore: remove decommissioned registry.viktorbarzin.me ingress

The old port-5050 R/W private registry was decommissioned 2026-05-07
(forgejo-registry-consolidation Phase 4). The reverse-proxy ingress
+ ExternalName service + Cloudflare DNS record kept pointing at the
dead backend, returning 502 to anyone hitting registry.viktorbarzin.me.

This was driving 3 monitoring artifacts that auto-cleared on cleanup:
- Uptime Kuma external monitor #586 (deleted)
- Pushgateway stale registry-integrity-probe metrics (deleted)
- ExternalAccessDivergence + RegistryIntegrityProbeStale alerts
---
 .../modules/reverse_proxy/main.tf             | 22 +++----------------
 1 file changed, 3 insertions(+), 19 deletions(-)

diff --git a/stacks/reverse-proxy/modules/reverse_proxy/main.tf b/stacks/reverse-proxy/modules/reverse_proxy/main.tf
index 83698d72..51d8022a 100644
--- a/stacks/reverse-proxy/modules/reverse_proxy/main.tf
+++ b/stacks/reverse-proxy/modules/reverse_proxy/main.tf
@@ -167,25 +167,9 @@ module "docker-registry-ui" {
   }
 }
 
-# https://registry.viktorbarzin.me/ (Docker CLI push/pull endpoint)
-module "docker-registry-cli" {
-  source           = "./factory"
-  dns_type         = "non-proxied"
-  name             = "registry"
-  external_name    = "docker-registry.viktorbarzin.lan"
-  port             = 5050
-  backend_protocol = "HTTPS"
-  tls_secret_name  = var.tls_secret_name
-  protected        = false # Docker CLI uses htpasswd, NOT Authentik
-  max_body_size    = "0"   # unlimited - Docker layers can be large
-  depends_on       = [kubernetes_namespace.reverse-proxy]
-  extra_annotations = {
-    # Skip rate-limit (Docker push/pull generates many rapid requests)
-    # Keep CrowdSec for L7 protection
-    "traefik.ingress.kubernetes.io/router.middlewares" = "traefik-csp-headers@kubernetescrd,traefik-crowdsec@kubernetescrd"
-    "gethomepage.dev/enabled"                          = "false"
-  }
-}
+# registry.viktorbarzin.me decommissioned 2026-05-07 (forgejo-registry-consolidation
+# Phase 4). Forgejo at forgejo.viktorbarzin.me is the only writable private
+# registry now. Pull-through caches stay on registry VM at 10.0.20.10:5000-5040.
 
 # https://valchedrym.viktorbarzin.me/
 module "valchedrym" {