- name: ensure container registries are configured
  template:
    src: registries.conf.j2
    dest: /etc/containers/registries.conf.d/40-registries.conf
    owner: root
    group: root
    mode: u=rw,go=r
  tags:
  - config
  - containers-registries

- name: ensure container registry certs directories exist
  file:
    path: /etc/containers/certs.d/{{ item }}
    owner: root
    group: root
    mode: u=rwx,go=rx
    state: directory
  loop: '{{ container_registry_certs.keys() }}'
  tags:
  - config
  - containers-certs
- name: ensure container registry ca certs are configured
  copy:
    content: |+
      {{ container_registry_certs[item].ca }}
    dest: /etc/containers/certs.d/{{ item }}/ca.crt
    owner: root
    group: root
    mode: u=rw,go=r
  loop: '{{ container_registry_certs.keys() }}'
  tags:
  - config
  - containers-certs
  - ca-cert
- name: ensure container registry client certs are configured
  copy:
    content: |+
      {{ container_registry_certs[item].client_cert }}
    dest: /etc/containers/certs.d/{{ item }}/client.cert
    owner: root
    group: root
    mode: u=rw,go=r
  when: item.client_cert|d
  loop: '{{ container_registry_certs.keys() }}'
  tags:
  - config
  - containers-certs
  - client-cert
- name: ensure container registry client keys are configured
  copy:
    content: |+
      {{ container_registry_certs[item].client_key }}
    dest: /etc/containers/certs.d/{{ item }}/client.key
    owner: root
    group: root
    mode: u=rw,go=r
  diff: false
  when: item.client_key|d
  loop: '{{ container_registry_certs.keys() }}'
  tags:
  - config
  - containers-certs
  - client-key