# Modern defaults we want
boot-location: modules
tmp-is-dir: true
# https://github.com/CentOS/centos-bootc/issues/167
machineid-compat: true
# Be minimal
recommends: false

ignore-removed-users:
  - root
ignore-removed-groups:
  - root
etc-group-members:
  - wheel
  - sudo
  - systemd-journal
  - adm

# Default to `bash` in our container, the same as other containers we ship.
container-cmd:
  - /sbin/init

# Note that the default for c9s+ is sqlite; we can't rely on rpm being
# in the target (it isn't in tier-0!) so turn this to host here.  This
# does break the "hermetic build" aspect a bit.  Maybe eventually
# what we should do is special case this and actually install RPM temporarily
# and then remove it...
rpmdb: host

check-passwd:
  type: "file"
  filename: "passwd"
check-groups:
  type: "file"
  filename: "group"

automatic-version-prefix: "${releasever}.<date:%Y%m%d>"
mutate-os-release: "${releasever}"

remove-from-packages:
  # Generally we expect other tools to do this (e.g. Ignition or cloud-init)
  - [systemd, /usr/lib/systemd/system/sysinit.target.wants/systemd-firstboot.service]
  # We don't want auto-generated mount units. See also
  # https://github.com/systemd/systemd/issues/13099
  - [systemd-udev, /usr/lib/systemd/system-generators/systemd-gpt-auto-generator]

include:
  - bootc.yaml
  - bootupd.yaml
  - ostree.yaml
  - initramfs.yaml
  - basic-fixes.yaml

packages:
  # this is implied by dependencies but let's make it explicit
  - coreutils
  # We need dnf for building derived container images. In Fedora, this pulls
  # in dnf5. In CentOS/RHEL, this pulls in dnf(4). We can simplify this back to
  # just `dnf` once the `dnf` package is retired from Fedora.
  - /usr/bin/dnf
  # Even in tier-0, we have this.  If you don't want SELinux today, you'll need
  # to build a custom image.
  - selinux-policy-targeted
  # And we want container-selinux because trying to layer it on later currently causes issues.
  - container-selinux
  # Needed for tpm2 bound luks
  - tpm2-tools