archy/docs/adr/001-podman-over-docker.md

# ADR-001: Podman Over Docker

**Status**: Accepted
**Date**: 2026-03

## Context

Archipelago needs a container runtime for running applications. Docker and Podman are the two main options.

## Decision

Use Podman as the container runtime instead of Docker.

## Consequences

### Positive
- **Rootless by default**: Containers run without root privileges, reducing attack surface
- **Daemonless**: No persistent daemon process; containers are managed as individual processes under systemd
- **Docker-compatible**: Supports Docker images and most Docker CLI commands
- **Systemd integration**: Podman containers can be managed as systemd services natively
- **No vendor lock-in**: OCI-compliant, works with any container registry

### Negative
- **Smaller ecosystem**: Some Docker-specific tools and compose features require adaptation
- **Docker Compose differences**: Podman Compose exists but has occasional compatibility gaps
- **Documentation**: Most container documentation assumes Docker; developers need to translate
- **Networking**: Podman networking (CNI/netavark) differs from Docker's bridge networking

### Mitigation
- Use `podman` CLI wrapper that provides Docker-compatible interface
- Document Podman-specific commands in developer guide
- Use `archy-net` custom network for inter-container DNS
refactor: update dependencies and remove unused code - Added new dependencies: `adler2`, `crc32fast`, `flate2`, `miniz_oxide`, and `libredox`. - Updated existing dependencies: `tokio-rustls` to version 0.26.4 and `filetime` to version 0.2.27. - Removed the `backup.rs` file as it is no longer needed. - Introduced tests for configuration and credential management. - Enhanced the `identity` module to generate W3C compliant DID documents. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> 2026-03-12 00:19:30 +00:00			`# ADR-001: Podman Over Docker`

			`Status: Accepted`
			`Date: 2026-03`

			`## Context`

			`Archipelago needs a container runtime for running applications. Docker and Podman are the two main options.`

			`## Decision`

			`Use Podman as the container runtime instead of Docker.`

			`## Consequences`

			`### Positive`
			`- Rootless by default: Containers run without root privileges, reducing attack surface`
			`- Daemonless: No persistent daemon process; containers are managed as individual processes under systemd`
			`- Docker-compatible: Supports Docker images and most Docker CLI commands`
			`- Systemd integration: Podman containers can be managed as systemd services natively`
			`- No vendor lock-in: OCI-compliant, works with any container registry`

			`### Negative`
			`- Smaller ecosystem: Some Docker-specific tools and compose features require adaptation`
			`- Docker Compose differences: Podman Compose exists but has occasional compatibility gaps`
			`- Documentation: Most container documentation assumes Docker; developers need to translate`
			`- Networking: Podman networking (CNI/netavark) differs from Docker's bridge networking`

			`### Mitigation`
			- Use `podman` CLI wrapper that provides Docker-compatible interface
			`- Document Podman-specific commands in developer guide`
			- Use `archy-net` custom network for inter-container DNS