74 lines
2.0 KiB
YAML
74 lines
2.0 KiB
YAML
|
|
# Modern defaults we want
|
|
boot-location: modules
|
|
tmp-is-dir: true
|
|
# This one at least historically broke compatibility with Anaconda, but
|
|
# let's use it by default now.
|
|
machineid-compat: false
|
|
# Be minimal
|
|
recommends: false
|
|
|
|
ignore-removed-users:
|
|
- root
|
|
ignore-removed-groups:
|
|
- root
|
|
etc-group-members:
|
|
- wheel
|
|
- sudo
|
|
- systemd-journal
|
|
- adm
|
|
|
|
# Default to `bash` in our container, the same as other containers we ship.
|
|
container-cmd:
|
|
- /usr/bin/bash
|
|
|
|
# Note that the default for c9s+ is sqlite; we can't rely on rpm being
|
|
# in the target (it isn't in tier-0!) so turn this to host here. This
|
|
# does break the "hermetic build" aspect a bit. Maybe eventually
|
|
# what we should do is special case this and actually install RPM temporarily
|
|
# and then remove it...
|
|
rpmdb: host
|
|
|
|
check-passwd:
|
|
type: "file"
|
|
filename: "passwd"
|
|
check-groups:
|
|
type: "file"
|
|
filename: "group"
|
|
|
|
automatic-version-prefix: "${releasever}.<date:%Y%m%d>"
|
|
mutate-os-release: "${releasever}"
|
|
|
|
remove-from-packages:
|
|
# Generally we expect other tools to do this (e.g. Ignition or cloud-init)
|
|
- [systemd, /usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service]
|
|
# We don't want auto-generated mount units. See also
|
|
# https://github.com/systemd/systemd/issues/13099
|
|
- [systemd-udev, /usr/lib/systemd/system-generators/systemd-gpt-auto-generator]
|
|
# Drop some buggy sysusers fragments which do not match static IDs allocation:
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2105177
|
|
- [dbus-common, /usr/lib/sysusers.d/dbus.conf]
|
|
|
|
conditional-include:
|
|
- if: distro != "stream9"
|
|
include: bootc.yaml
|
|
|
|
include:
|
|
- ostree.yaml
|
|
- bootc-config.yaml
|
|
- initramfs.yaml
|
|
|
|
packages:
|
|
# Even in tier-0, we have this. If you don't want SELinux today, you'll need
|
|
# to build a custom image.
|
|
- selinux-policy-targeted
|
|
# And we want container-selinux because trying to layer it on later currently causes issues.
|
|
- container-selinux
|
|
# Needed for tpm2 bound luks
|
|
- tpm2-tools
|
|
|
|
# See https://github.com/coreos/bootupd
|
|
arch-include:
|
|
x86_64: bootupd.yaml
|
|
aarch64: bootupd.yaml
|