init

templates/policy.json.j2

@@ -0,0 +1,37 @@
+{
+    "default": [
+        {
+            "type": "{{ podman_policy_default_type }}"
+        }
+    ],
+    "transports": {
+        "docker-daemon": {
+            "": [
+                {
+                    "type": "insecureAcceptAnything"
+                }
+            ]
+        },
+        "docker": {
+{% for registry in podman_policy_trusted_registries %}
+            "{{ registry.registry }}": [
+                {
+                    "type": "{{ registry.type }}"{% if registry.keyPath is defined %},
+                    "keyType": "{{ registry.keyType | default('GPGKeys') }}",
+                    "keyPath": "{{ registry.keyPath }}"{% endif %}{% if registry.keyData is defined %},
+                    "keyType": "{{ registry.keyType | default('GPGKeys') }}",
+                    "keyData": "{{ registry.keyData }}"{% endif %}{% if registry.signedIdentity is defined %},
+                    "signedIdentity": {{ registry.signedIdentity | to_json }}{% endif %}
+                }
+            ]{% if not loop.last %},{% endif %}
+{% endfor %}
+{% if podman_policy_reject_unknown_registries %}
+            "": [
+                {
+                    "type": "reject"
+                }
+            ]
+{% endif %}
+        }
+    }
+}

templates/registries.conf.j2

@@ -0,0 +1,54 @@
+# Configuration file for container registries
+# {{ ansible_managed }}
+
+# Unqualified image search registries
+# These registries will be searched when pulling images without a registry prefix
+unqualified-search-registries = [
+{% set registries = podman_policy_trusted_registries | selectattr('unqualified_search', 'defined') | selectattr('unqualified_search') | map(attribute='registry') | list %}
+{% if registries | length == 0 %}
+{% set registries = podman_policy_trusted_registries | map(attribute='registry') | list %}
+{% endif %}
+{% set base_registries = registries | map('regex_replace', '^([^/]+).*', '\\1') | list %}
+{% for registry in base_registries | unique %}
+  "{{ registry }}"{% if not loop.last %},{% endif %}
+{% endfor %}
+]
+
+{% for registry_config in podman_policy_trusted_registries %}
+# Registry: {{ registry_config.registry }}
+[[registry]]
+location = "{{ registry_config.registry }}"
+insecure = {{ registry_config.insecure | default(false) | lower }}
+blocked = {{ registry_config.blocked | default(false) | lower }}
+{% if registry_config.mirror is defined %}
+
+# Mirror configuration for {{ registry_config.registry }}
+{% for mirror in registry_config.mirror %}
+[[registry.mirror]]
+location = "{{ mirror.location }}"
+insecure = {{ mirror.insecure | default(false) | lower }}
+{% endfor %}
+{% endif %}
+{% if registry_config.prefix is defined %}
+prefix = "{{ registry_config.prefix }}"
+{% endif %}
+
+{% endfor %}
+
+# Additional registry configurations
+{% if podman_registries_additional is defined %}
+{% for registry in podman_registries_additional %}
+[[registry]]
+location = "{{ registry.location }}"
+insecure = {{ registry.insecure | default(false) | lower }}
+blocked = {{ registry.blocked | default(false) | lower }}
+{% if registry.mirror is defined %}
+{% for mirror in registry.mirror %}
+[[registry.mirror]]
+location = "{{ mirror.location }}"
+insecure = {{ mirror.insecure | default(false) | lower }}
+{% endfor %}
+{% endif %}
+
+{% endfor %}
+{% endif %}

templates/storage.conf.j2

@@ -0,0 +1,13 @@
+# Storage configuration for containers
+# {{ ansible_managed }}
+
+[storage]
+driver = "{{ podman_storage_driver }}"
+runroot = "{{ podman_storage_runroot }}"
+graphroot = "{{ podman_storage_graphroot }}"
+
+[storage.options]
+additionalimagestores = []
+
+[storage.options.overlay]
+mountopt = "nodev,metacopy=on"