From f50492f13226b2f99f0f38a937a64530fa92a7e9 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Tue, 24 Mar 2026 16:20:22 +0000
Subject: [PATCH] fix: fully-qualify all image names for Podman without search
 registries

Podman without unqualified-search registries configured in
/etc/containers/registries.conf refuses to resolve short image names.
Prefix every image with docker.io/library/ (official images) or
docker.io/<org>/ (third-party) so pulls succeed unconditionally.

https://claude.ai/code/session_01FKCW3FDjNFj6jve4niMFXH
---
 infra/Dockerfile.server  |  4 ++--
 infra/docker-compose.yml | 10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/infra/Dockerfile.server b/infra/Dockerfile.server
index 13d8fdf..236ab0b 100644
--- a/infra/Dockerfile.server
+++ b/infra/Dockerfile.server
@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:1
 # ── Build stage ───────────────────────────────────────────────────────────────
 # Run the compiler on the *build* host; cross-compile to target when needed.
-FROM --platform=$BUILDPLATFORM rust:1.94-slim-bookworm AS builder
+FROM --platform=$BUILDPLATFORM docker.io/library/rust:1.94-slim-bookworm AS builder
 
 ARG BUILDPLATFORM
 ARG TARGETPLATFORM
@@ -60,7 +60,7 @@ RUN TARGET=$(cat /rust_target) && \
 RUN cp /build/target/"$(cat /rust_target)"/release/hiy-server /usr/local/bin/hiy-server
 
 # ── Runtime stage ─────────────────────────────────────────────────────────────
-FROM debian:bookworm-slim
+FROM docker.io/library/debian:bookworm-slim
 
 RUN apt-get update && apt-get install -y \
     ca-certificates \
diff --git a/infra/docker-compose.yml b/infra/docker-compose.yml
index 032cbe6..33a0e52 100644
--- a/infra/docker-compose.yml
+++ b/infra/docker-compose.yml
@@ -12,7 +12,7 @@ services:
   #   rootful:  /run/podman/podman.sock
   #   rootless: /run/user/<UID>/podman/podman.sock  (start.sh sets this)
   podman-proxy:
-    image: alpine/socat
+    image: docker.io/alpine/socat
     command: tcp-listen:2375,fork,reuseaddr unix-connect:/podman.sock
     restart: unless-stopped
     volumes:
@@ -62,7 +62,7 @@ services:
 
   # ── Shared Postgres ───────────────────────────────────────────────────────
   postgres:
-    image: postgres:16-alpine
+    image: docker.io/library/postgres:16-alpine
     restart: unless-stopped
     environment:
       POSTGRES_DB: hiy
@@ -75,7 +75,7 @@ services:
 
   # ── Reverse proxy ─────────────────────────────────────────────────────────
   caddy:
-    image: caddy:2-alpine
+    image: docker.io/library/caddy:2-alpine
     restart: unless-stopped
     ports:
       - "80:80"
@@ -98,7 +98,7 @@ services:
   # Enable with: podman compose --profile monitoring up -d
   gatus:
     profiles: [monitoring]
-    image: twinproduction/gatus:latest
+    image: docker.io/twinproduction/gatus:latest
     restart: unless-stopped
     ports:
       - "8080:8080"
@@ -111,7 +111,7 @@ services:
   # On rootless Podman some host mounts may be unavailable; comment out if so.
   netdata:
     profiles: [monitoring]
-    image: netdata/netdata:stable
+    image: docker.io/netdata/netdata:stable
     restart: unless-stopped
     ports:
       - "19999:19999"