# Container Registry Configuration - Generated by Ansible
# rick-infra Podman Infrastructure Role
#
# This configuration defines trusted container registries
# for secure container image retrieval

# =================================================================
# Registry Search Configuration
# =================================================================

# Default registries to search when pulling unqualified image names
# Images without a registry prefix will search these in order
unqualified-search-registries = {{ podman_registries | to_json }}

{% for registry in podman_registries %}
# =================================================================
# {{ registry | title }} Registry Configuration
# =================================================================

[[registry]]
location = "{{ registry }}"
insecure = {{ podman_registry_insecure | lower }}
blocked = {{ podman_registry_blocked | lower }}

{% endfor %}

# =================================================================
# Security Notes
# =================================================================
# All registries configured with:
# - insecure: false (HTTPS required)
# - blocked: false (registry accessible)
# 
# Additional registries can be added by applications as needed
# following the same security-first configuration pattern