joakim/rick-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1350d10a7cf51758ee5e31ca6339f24d72085d76
rick-infra/roles/podman/templates/registries.conf.j2
Joakim 500224b5de Add Podman container infrastructure role for containerized services 
- Implemented complete Podman infrastructure role following rick-infra patterns
- Minimal installation approach: only install podman, trust Arch dependency management
- Configured with crun runtime for optimal performance and security
- Security-focused: HTTPS-only registries, rootless containers, systemd hardening
- Registry support: docker.io, quay.io, ghcr.io with secure configurations
- Ready for service-specific users with isolated container environments
- Quadlet support for native systemd container management
- Container-to-host networking via bridge networks with host gateway access
- Foundation for future containerized services (Authentik, Nextcloud)
- Maintains rick-infra philosophy: infrastructure provides foundation, apps manage specifics
2025-11-20 22:11:44 +01:00

35 lines
1.3 KiB
Django/Jinja
Raw Blame History

# Container Registry Configuration - Generated by Ansible
# rick-infra Podman Infrastructure Role
#
# This configuration defines trusted container registries
# for secure container image retrieval
# =================================================================
# Registry Search Configuration
# =================================================================
# Default registries to search when pulling unqualified image names
# Images without a registry prefix will search these in order
unqualified-search-registries = {{ podman_registries | to_json }}
{% for registry in podman_registries %}
# =================================================================
# {{ registry | title }} Registry Configuration
# =================================================================
[[registry]]
location = "{{ registry }}"
insecure = {{ podman_registry_insecure | lower }}
blocked = {{ podman_registry_blocked | lower }}
{% endfor %}
# =================================================================
# Security Notes
# =================================================================
# All registries configured with:
# - insecure: false (HTTPS required)
# - blocked: false (registry accessible)
#
# Additional registries can be added by applications as needed
# following the same security-first configuration pattern
Reference in New Issue View Git Blame Copy Permalink