Switch back to Docker

Signed-off-by: Tommy <contact@tommytran.io>

README.md

@@ -4,5 +4,4 @@ Ignition configurations for Fedora CoreOS<br />
 # Notes
 These configurations are tailored for Metropolis.nexus environment:
 - Firewalling is handled by Proxmox (not the individual VMs)
-- DNSSEC validation is done by either OPNsense or a central VM dedicated to running the DNS resolver
-- Podman will be used for deployment, not Docker
+- DNSSEC validation is done by either OPNsense or a central VM dedicated to running the DNS resolver

x86.yml

@@ -46,8 +46,11 @@ systemd:
         ExecStart=/usr/sbin/setsebool -P virt_use_nfs off
         ExecStart=/usr/sbin/setsebool -P virt_use_samba off
         ExecStart=/usr/bin/systemctl start gvisor-auto-update.service
-        ExecStart=/usr/bin/rpm-ostree install hardened_malloc qemu-guest-agent tuned
+        ExecStart=/usr/bin/rpm-ostree override remove containerd docker-cli moby-engine runc systemd-resolved
+        ExecStart=/usr/bin/rpm-ostree install docker-ce docker-compose-plugin hardened_malloc qemu-guest-agent tuned
         ExecStart=/usr/bin/sed -i 's/\s+nullok//g' /etc/pam.d/system-auth
+        ExecStart=/usr/bin/systemctl disable --now systemd-resolved
+        ExecStart=/usr/bin/rm /etc/resolv.conf
         ExecStart=/usr/bin/touch /var/lib/%N.stamp
         ExecStart=/usr/bin/systemctl --no-block reboot
 
@@ -174,7 +177,9 @@ storage:
     - path: /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:secureblue:hardened_malloc.repo
       contents:
         source: https://raw.githubusercontent.com/Metropolis-nexus/Common-Files/main/etc/yum.repos.d/_copr:copr.fedorainfracloud.org:secureblue:hardened_malloc.repo
-      overwrite: true
+    - path: /etc/yum.repos.d/docker-ce.repo
+      contents:
+        source: https://raw.githubusercontent.com/Metropolis-nexus/Common-Files/refs/heads/main/etc/yum.repos.d/docker-ce.repo
 
     - path: /etc/zincati/config.d/51-rollout-wariness.toml
       contents: