# Configuration file for container registries
# {{ ansible_managed }}

# Unqualified image search registries
# These registries will be searched when pulling images without a registry prefix
unqualified-search-registries = [
{% set registries = podman_policy_trusted_registries | selectattr('unqualified_search', 'defined') | selectattr('unqualified_search') | map(attribute='registry') | list %}
{% if registries | length == 0 %}
{% set registries = podman_policy_trusted_registries | map(attribute='registry') | list %}
{% endif %}
{% set base_registries = registries | map('regex_replace', '^([^/]+).*', '\\1') | list %}
{% for registry in base_registries | unique %}
  "{{ registry }}"{% if not loop.last %},{% endif %}
{% endfor %}
]

{% for registry_config in podman_policy_trusted_registries %}
# Registry: {{ registry_config.registry }}
[[registry]]
location = "{{ registry_config.registry }}"
insecure = {{ registry_config.insecure | default(false) | lower }}
blocked = {{ registry_config.blocked | default(false) | lower }}
{% if registry_config.mirror is defined %}

# Mirror configuration for {{ registry_config.registry }}
{% for mirror in registry_config.mirror %}
[[registry.mirror]]
location = "{{ mirror.location }}"
insecure = {{ mirror.insecure | default(false) | lower }}
{% endfor %}
{% endif %}
{% if registry_config.prefix is defined %}
prefix = "{{ registry_config.prefix }}"
{% endif %}

{% endfor %}

# Additional registry configurations
{% if podman_registries_additional is defined %}
{% for registry in podman_registries_additional %}
[[registry]]
location = "{{ registry.location }}"
insecure = {{ registry.insecure | default(false) | lower }}
blocked = {{ registry.blocked | default(false) | lower }}
{% if registry.mirror is defined %}
{% for mirror in registry.mirror %}
[[registry.mirror]]
location = "{{ mirror.location }}"
insecure = {{ mirror.insecure | default(false) | lower }}
{% endfor %}
{% endif %}

{% endfor %}
{% endif %}