# Podman Configuration - Generated by Ansible # rick-infra Podman Infrastructure Role # # Global podman configuration providing secure defaults # for containerized applications # ================================================================= # Container Engine Configuration # ================================================================= [engine] # Container runtime (OCI compliant) # runtime = "runc" # Default, can be overridden to crun # Network backend for container networking network_backend = "netavark" # Default network for new containers default_network = "{{ podman_default_network }}" # ================================================================= # Storage Configuration # ================================================================= # Storage driver for container layers and images # driver = "{{ podman_storage_driver }}" # overlay is default # ================================================================= # Security Configuration # ================================================================= # Enable security features # seccomp_profile = "/usr/share/containers/seccomp.json" # apparmor_profile = "containers-default-0.14.5" # ================================================================= # Network Configuration # ================================================================= [network] # Default subnet for new networks (applications override this) default_subnet = "10.88.0.0/16" default_subnet_pools = [ {"base" = "10.89.0.0/16", "size" = 24}, {"base" = "10.90.0.0/16", "size" = 24} ] # ================================================================= # Service Integration # ================================================================= [service_destinations] # Systemd integration for container services # Applications use this for quadlet deployment # ================================================================= # Infrastructure Notes # ================================================================= # This configuration provides secure defaults for all containers # Applications should: # - Create service-specific users for container isolation # - Use quadlet files for systemd integration # - Create custom networks for multi-container applications # - Access host services via host.containers.internal