diff --git a/.drone-do.star b/.drone-do.star
new file mode 100644
index 0000000..d7d2e39
--- /dev/null
+++ b/.drone-do.star
@@ -0,0 +1,14 @@
+
+load("@this//drone:drone.star", "drone")
+load("@this//drone:stack-name.star", "stackName")
+load("@this//drone:stack-root.star", "stackRoot")
+
+def main(ctx):
+  return drone(
+    ctx,
+    "do",
+    stackRoot,
+    stackName,
+    []
+  )
+  
\ No newline at end of file
diff --git a/.drone-home.star b/.drone-home.star
index a6690ba..9326beb 100644
--- a/.drone-home.star
+++ b/.drone-home.star
@@ -9,6 +9,9 @@ def main(ctx):
     "home-deploy",
     stackRoot,
     stackName,
-    []
+    [
+      "docker service scale proxy_letsencrypt-drone=0",
+      "docker service scale proxy_letsencrypt-drone=1",
+    ]
   )
   
\ No newline at end of file
diff --git a/drone-starlark/repos/build-docker-folder.star b/drone-starlark/repos/build-docker-folder.star
index 90d5f98..66dd30b 100644
--- a/drone-starlark/repos/build-docker-folder.star
+++ b/drone-starlark/repos/build-docker-folder.star
@@ -19,9 +19,11 @@ def buildDockerFolder(
     ],
     "environment": environment([
       "local-docker-registry",
+      "registry-password",
     ]),
     "commands": [
       "cd {folder}".format(folder=folder),
+      'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
       "sh build-docker-folder.sh {dockerFile} {image} {tag}".format(
         image = image,
         dockerFile = dockerFile,
diff --git a/drone-starlark/repos/build-folder.star b/drone-starlark/repos/build-folder.star
index 7ccf5ea..1a43f1c 100644
--- a/drone-starlark/repos/build-folder.star
+++ b/drone-starlark/repos/build-folder.star
@@ -14,9 +14,11 @@ def buildFolder(name, folder):
     ],
     "environment": environment([
       "local-docker-registry",
+      "registry-password",
     ]),
     "commands": [
       "cd {folder}".format(folder=folder),
+      'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
       "sh build.sh {name} $${{LOCAL_DOCKER_REGISTRY}}".format(name = name),
     ],
   }
diff --git a/drone-starlark/repos/build.star b/drone-starlark/repos/build.star
index 827c7ab..c095ae9 100644
--- a/drone-starlark/repos/build.star
+++ b/drone-starlark/repos/build.star
@@ -12,9 +12,11 @@ def build(name):
     ],
     "environment": environment([
       "local-docker-registry",
+      "registry-password"
     ]),
     "commands": [
       "cd {name}".format(name=name),
+      'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
       "docker build . -t $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name),
       "docker push $${{LOCAL_DOCKER_REGISTRY}}{name}".format(name=name),
     ],
diff --git a/drone-starlark/repos/chat/secret-secrets.star b/drone-starlark/repos/chat/secret-secrets.star
index 2d1fba3..509b22a 100644
--- a/drone-starlark/repos/chat/secret-secrets.star
+++ b/drone-starlark/repos/chat/secret-secrets.star
@@ -1,3 +1,4 @@
 secretSecrets = [
   "chat-admin-password",
+  "registry-password",
 ]
\ No newline at end of file
diff --git a/drone-starlark/repos/commento/secret-secrets.star b/drone-starlark/repos/commento/secret-secrets.star
index 89a50fb..964aa36 100644
--- a/drone-starlark/repos/commento/secret-secrets.star
+++ b/drone-starlark/repos/commento/secret-secrets.star
@@ -3,4 +3,5 @@ secretSecrets = [
   "commento-askimet-key",
   "commento-postgres-password",
   "commento-github-secret",
+  "registry-password",
 ]
\ No newline at end of file
diff --git a/drone-starlark/repos/deploy.star b/drone-starlark/repos/deploy.star
index 0f9dda1..9e59892 100644
--- a/drone-starlark/repos/deploy.star
+++ b/drone-starlark/repos/deploy.star
@@ -30,6 +30,7 @@ def deploy(
         "export DRONE_COMMIT={commit}".format(commit=ctx.build.commit),
         "docker network prune -f",
         "cd {folder}".format(folder=folder),
+        'docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"',
         "docker stack rm {name}".format(name = name),
         "sleep 30",
         "docker stack deploy -c {filename} {name}".format(name= name, filename = filename),
diff --git a/drone-starlark/repos/drone/secret-secrets.star b/drone-starlark/repos/drone/secret-secrets.star
index 2e04f61..0b52e58 100644
--- a/drone-starlark/repos/drone/secret-secrets.star
+++ b/drone-starlark/repos/drone/secret-secrets.star
@@ -2,4 +2,5 @@ secretSecrets = [
   "drone-convert-secret",
   "drone-gitea-client-secret",
   "drone-rpc-secret",
+  "registry-password",
 ]
\ No newline at end of file
diff --git a/drone-starlark/repos/ghost/secret-secrets.star b/drone-starlark/repos/ghost/secret-secrets.star
index a2fa134..45a9b6c 100644
--- a/drone-starlark/repos/ghost/secret-secrets.star
+++ b/drone-starlark/repos/ghost/secret-secrets.star
@@ -1,3 +1,4 @@
 secretSecrets = [
   "ghost-mysql-root-password",
+  "registry-password",
 ]
\ No newline at end of file
diff --git a/drone-starlark/repos/gitea/drone.star b/drone-starlark/repos/gitea/drone.star
index b767e00..00b2200 100644
--- a/drone-starlark/repos/gitea/drone.star
+++ b/drone-starlark/repos/gitea/drone.star
@@ -9,8 +9,8 @@ load("@this//:echo-secret.star", "echoSecret")
 load("@this//:wait.star", "wait")
 load("@this//:build.star", "build")
 load("@this//:scp.star", "scp")
-load("@this//ghost:public-secrets.star", "publicSecrets")
-load("@this//ghost:secret-secrets.star", "secretSecrets")
+load("@this//gitea:public-secrets.star", "publicSecrets")
+load("@this//gitea:secret-secrets.star", "secretSecrets")
 load("@this//:rescale.star", "rescale")
 load("@this//:pull.star", "pull")
 load("@this//:deploy.star", "deploy")
diff --git a/drone-starlark/repos/gitea/secret-secrets.star b/drone-starlark/repos/gitea/secret-secrets.star
index d093d87..907fd0a 100644
--- a/drone-starlark/repos/gitea/secret-secrets.star
+++ b/drone-starlark/repos/gitea/secret-secrets.star
@@ -4,4 +4,5 @@ secretSecrets = [
   "gitea-security-internal-token",
   "gitea-oauth2-jwt-secret",
   "gitea-mailer-passwd",
+  "registry-password",
 ]
\ No newline at end of file
diff --git a/drone-starlark/repos/guacamole/secret-secrets.star b/drone-starlark/repos/guacamole/secret-secrets.star
index 5eb83e0..ef0c167 100644
--- a/drone-starlark/repos/guacamole/secret-secrets.star
+++ b/drone-starlark/repos/guacamole/secret-secrets.star
@@ -1,3 +1,4 @@
 secretSecrets = [
   "guacamole-postgres-password",
+  "registry-password",
 ]
\ No newline at end of file
diff --git a/drone-starlark/repos/matomo/secret-secrets.star b/drone-starlark/repos/matomo/secret-secrets.star
index 373c06d..5c049ef 100644
--- a/drone-starlark/repos/matomo/secret-secrets.star
+++ b/drone-starlark/repos/matomo/secret-secrets.star
@@ -1,4 +1,5 @@
 secretSecrets = [
   "matomo-mysql-root-password",
   "matomo-mysql-password",
+  "registry-password",
 ]
\ No newline at end of file
diff --git a/drone-starlark/repos/portainer/secret-secrets.star b/drone-starlark/repos/portainer/secret-secrets.star
index 301110f..d58bfd8 100644
--- a/drone-starlark/repos/portainer/secret-secrets.star
+++ b/drone-starlark/repos/portainer/secret-secrets.star
@@ -1 +1,3 @@
-secretSecrets = []
+secretSecrets = [
+  "registry-password",
+]
diff --git a/drone-starlark/repos/proxy/drone.star b/drone-starlark/repos/proxy/drone.star
index 2d6141b..6094734 100644
--- a/drone-starlark/repos/proxy/drone.star
+++ b/drone-starlark/repos/proxy/drone.star
@@ -37,6 +37,7 @@ def drone(
             secretSecrets,
           ),
           build("ngrok-gitea"),
+          build("registry"),
           build("letsencrypt-nginx"),
           buildDockerFolder(
             "Dockerfile.git",
@@ -57,6 +58,7 @@ def drone(
             "pull images",
             [
               "ngrok-gitea",
+              "registry",
               "letsencrypt-git",
               "letsencrypt-drone",
             ],
diff --git a/drone-starlark/repos/proxy/public-secrets.star b/drone-starlark/repos/proxy/public-secrets.star
index 400e6cd..4867439 100644
--- a/drone-starlark/repos/proxy/public-secrets.star
+++ b/drone-starlark/repos/proxy/public-secrets.star
@@ -2,4 +2,5 @@ publicSecrets = [
   "certbot-email",
   "drone-domain",
   "git-domain",
+  "local-docker-registry",
 ]
\ No newline at end of file
diff --git a/drone-starlark/repos/proxy/secret-secrets.star b/drone-starlark/repos/proxy/secret-secrets.star
index dd71813..a401da8 100644
--- a/drone-starlark/repos/proxy/secret-secrets.star
+++ b/drone-starlark/repos/proxy/secret-secrets.star
@@ -1,3 +1,5 @@
 secretSecrets = [
   "ngrok-auth-token",
+  "registry-password",
+  "new-registry-password",
 ]
\ No newline at end of file
diff --git a/drone-starlark/repos/pull.star b/drone-starlark/repos/pull.star
index c0acd4e..c24c577 100644
--- a/drone-starlark/repos/pull.star
+++ b/drone-starlark/repos/pull.star
@@ -7,7 +7,10 @@ def pull(
   name,
   images,
 ):
-  secrets = [ "local-docker-registry"]
+  secrets = [
+    "local-docker-registry",
+    "registry-password",
+  ]
   return {
     "name": name,
     "image": "appleboy/drone-ssh",
@@ -21,7 +24,8 @@ def pull(
       "script": [
         "set -e"
       ] +
-      map(export, secrets) + 
+      map(export, secrets) +
+      ['docker login $${LOCAL_DOCKER_REGISTRY} --username client --password "$${REGISTRY_PASSWORD}"'] +
       ["docker pull $${{LOCAL_DOCKER_REGISTRY}}{image}".format(image=image) for image in images ]
     }
   }
diff --git a/drone-starlark/repos/zabbix/secret-secrets.star b/drone-starlark/repos/zabbix/secret-secrets.star
index 621d7da..01d7873 100644
--- a/drone-starlark/repos/zabbix/secret-secrets.star
+++ b/drone-starlark/repos/zabbix/secret-secrets.star
@@ -1,4 +1,5 @@
 secretSecrets = [
   "zabbix-mysql-root-password",
   "zabbix-mysql-password",
+  "registry-password",
 ]
\ No newline at end of file