diff --git a/flake.nix b/flake.nix
index 703560f..f619bc8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -111,6 +111,7 @@
         buildInputs = with pkgs; [
           apply-local
           colmena.packages.${system}.colmena
+          cachix
           fluxcd
           k9s
           kubectl
diff --git a/nixos/hosts/hades/default.nix b/nixos/hosts/hades/default.nix
index 934c63a..0c7410c 100644
--- a/nixos/hosts/hades/default.nix
+++ b/nixos/hosts/hades/default.nix
@@ -131,7 +131,6 @@
     hostname = "docker-registry-proxy";
     ip = "192.168.0.128";
     mac = "0e:11:65:62:66:9f";
-    nix = false;
   }
   {
     hostname = "hassio";
@@ -143,7 +142,6 @@
     hostname = "docker-registry";
     ip = "192.168.0.130";
     mac = "5e:0e:a6:cf:64:70";
-    nix = false;
   }
   {
     hostname = "minecraft";
diff --git a/nixos/hosts/hades/docker-registry-proxy/configuration.nix b/nixos/hosts/hades/docker-registry-proxy/configuration.nix
new file mode 100644
index 0000000..75c381d
--- /dev/null
+++ b/nixos/hosts/hades/docker-registry-proxy/configuration.nix
@@ -0,0 +1,40 @@
+{ config, pkgs, lib, ... }:
+let vs = config.vault-secrets.secrets; in
+{
+  system.stateVersion = "22.05";
+
+  networking.interfaces.eth0.useDHCP = true;
+
+  # the registry port and metrics port
+  networking.firewall.allowedTCPPorts = [ config.services.dockerRegistry.port 5001 ];
+
+  vault-secrets.secrets.docker-registry = { };
+
+  # Sets the minio user and password
+  systemd.services.docker-registry.serviceConfig.EnvironmentFile = "${vs.docker-registry}/environment";
+
+  services.dockerRegistry = {
+    enable = true;
+    enableDelete = true;
+    enableGarbageCollect = true;
+    listenAddress = "0.0.0.0";
+    storagePath = null; # We want to store in s3
+    garbageCollectDates = "weekly";
+    extraConfig = {
+      # S3 Storages
+      storage.s3 = {
+        regionendpoint = "https://o.xirion.net";
+        bucket = "docker-registry-proxy";
+        region = "us-east-1"; # Fake but needed
+      };
+
+      # The actual proxy
+      proxy.remoteurl = "https://registry-1.docker.io";
+
+      # Enable prom under :5001/metrics
+      http.debug.addr = "0.0.0.0:5001";
+      http.debug.prometheus.enabled = true;
+    };
+  };
+}
+
diff --git a/nixos/hosts/hades/docker-registry/configuration.nix b/nixos/hosts/hades/docker-registry/configuration.nix
new file mode 100644
index 0000000..d7f9117
--- /dev/null
+++ b/nixos/hosts/hades/docker-registry/configuration.nix
@@ -0,0 +1,49 @@
+{ config, pkgs, lib, ... }:
+let vs = config.vault-secrets.secrets; in
+{
+  system.stateVersion = "22.05";
+
+  networking.interfaces.eth0.useDHCP = true;
+
+  # the registry port and metrics port
+  networking.firewall.allowedTCPPorts = [ config.services.dockerRegistry.port 5001 ];
+
+  vault-secrets.secrets.docker-registry = { };
+
+  # Sets the minio user and password
+  systemd.services.docker-registry.serviceConfig.EnvironmentFile = "${vs.docker-registry}/environment";
+
+  services.dockerRegistry = {
+    enable = true;
+    enableDelete = true;
+    enableGarbageCollect = true;
+    listenAddress = "0.0.0.0";
+    storagePath = null; # We want to store in s3
+    garbageCollectDates = "weekly";
+
+    extraConfig = {
+      # S3 Storages
+      storage.s3 = {
+        regionendpoint = "https://o.xirion.net";
+        bucket = "docker-registry";
+        region = "us-east-1"; # Fake but needed
+      };
+
+      # Enable prom under :5001/metrics
+      http.debug.addr = "0.0.0.0:5001";
+      http.debug.prometheus.enabled = true;
+
+      # Webhooks
+      notifications.endpoints = [
+        {
+          name = "keel";
+          url = "http://10.10.10.17:9300/v1/webhooks/registry";
+          timeout = "500ms";
+          treshold = 5;
+          backoff = "1s";
+        }
+      ];
+    };
+  };
+}
+