# Flip this back on, we're going to be a larger system
recommends: true

include:
  - manifest-tier-0.yaml
  - bootable-rpm-ostree.yaml
  - podman.yaml
  - firmware.yaml
  - networking-tools.yaml
  - system-configuration.yaml
  - coreos-user-experience.yaml
  - fwupd.yaml
  - persistent-journal.yaml
  - initramfs-full.yaml
  - generic-growfs.yaml

packages:
  # Include and set the default editor
  - nano
  # And we expect this in general
  - vim-minimal
  - nfs-utils
  # Additional firewall support; we aren't including these in RHCOS or they
  # don't exist in RHEL
  - iptables-nft iptables-services
  - WALinuxAgent-udev
  # Allow communication between sudo and SSSD
  # for caching sudo rules by SSSD.
  # https://github.com/coreos/fedora-coreos-tracker/issues/445
  - libsss_sudo
  # SSSD; we only ship a subset of the backends
  - sssd-client sssd-ad sssd-ipa sssd-krb5 sssd-ldap
  # Used by admins interactively
  - attr
  - openssl
  - lsof
  # Provides terminal tools like clear, reset, tput, and tset
  - ncurses
  # i18n
  - kbd
  # zram-generator (but not zram-generator-defaults) for F33 change
  # https://github.com/coreos/fedora-coreos-tracker/issues/509
  - zram-generator
  # resolved was broken out to its own package in rawhide/f35
  - systemd-resolved
  # This one is in Python so isn't in FCOS, but we can safely add it here.
  - sos

# These are random architecture-specific packages
packages-x86_64:
  - irqbalance
packages-ppc64le:
  - irqbalance
  - librtas
  - powerpc-utils-core
  - ppc64-diag-rtas
packages-aarch64:
  - irqbalance

postprocess:
  # Undo RPM scripts enabling units; we want the presets to be canonical
  # https://github.com/projectatomic/rpm-ostree/issues/1803
  - |
    #!/usr/bin/env bash
    set -xeuo pipefail
    rm -rf /etc/systemd/system/*
    systemctl preset-all
    rm -rf /etc/systemd/user/*
    systemctl --user --global preset-all
  # Default to iptables-nft. Otherwise, legacy wins. We can drop this once/if we
  # remove iptables-legacy. This is needed because alternatives don't work
  # https://github.com/coreos/fedora-coreos-tracker/issues/677
  # https://github.com/coreos/fedora-coreos-tracker/issues/676
  - |
    #!/usr/bin/env bash
    set -xeuo pipefail
    ln -sf /usr/sbin/ip6tables-nft         /etc/alternatives/ip6tables
    ln -sf /usr/sbin/ip6tables-nft-restore /etc/alternatives/ip6tables-restore
    ln -sf /usr/sbin/ip6tables-nft-save    /etc/alternatives/ip6tables-save
    ln -sf /usr/sbin/iptables-nft          /etc/alternatives/iptables
    ln -sf /usr/sbin/iptables-nft-restore  /etc/alternatives/iptables-restore
    ln -sf /usr/sbin/iptables-nft-save     /etc/alternatives/iptables-save
  # See: https://github.com/coreos/fedora-coreos-tracker/issues/1253
  #      https://bugzilla.redhat.com/show_bug.cgi?id=2112857
  #      https://github.com/coreos/rpm-ostree/issues/3918
  # Temporary workaround to remove the SetGID binary from liblockfile that is
  # pulled by the s390utils but not needed for /usr/sbin/zipl.
  - |
    #!/usr/bin/env bash
    set -xeuo pipefail
    rm -f /usr/bin/dotlockfile

# Things we don't expect to ship on the host.  We currently
# have recommends: false so these could only come in via
# hard requirement, in which case the build will fail.
exclude-packages:
  - perl
  - perl-interpreter
  - nodejs
  - grubby
  - cowsay  # Just in case
  # Let's make sure initscripts doesn't get pulled back in
  # https://github.com/coreos/fedora-coreos-tracker/issues/220#issuecomment-611566254
  - initscripts
  # For (datacenter/cloud oriented) servers, we want to see the details by default.
  # https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/HSMISZ3ETWQ4ETVLWZQJ55ARZT27AAV3/
  - plymouth
  # Do not use legacy ifcfg config format in NetworkManager
  # See https://github.com/coreos/fedora-coreos-config/pull/1991
  - NetworkManager-initscripts-ifcfg-rh