conesphere.social is proudly running via podman-tools/podman/coreos now. :) I do like that setup on small scaled and standalone servers.
Phew! This is such a moment when your stomach hurts badly. A moment when you realize that it was the right decision to forbid TCP/80 on all gitlab-runner boxes, and the question starts to think in: "Who else might be accidentally pulling libraries for @cryptpad via http because of insane git defaults?"
Ouch! This might be interesting... As a matter of fact I do operate a project has the exact need of staying Redhat compatible. If that project is moving towards Stream then fine otherwise it will get very interesting soon.
refined README.md of podman_tools I hope i covered all necessary features there.
image-tool can now crawl through all your pod/container definitions, look which one is running, looks for any upgrades, and apply those.