# apt-ostree treefile for Debian Trixie server bootc image
# This follows the apt-ostree v1 format specification
# Debian 13+ (trixie) has the required OSTree version for bootc support

apiVersion: v1
kind: Treefile
metadata:
  name: "debian-trixie-server"
  description: "Server Debian Trixie system for bootc images"
  version: "13.0.0"
  
spec:
  # Base system configuration
  base:
    distribution: "trixie"
    architecture: "amd64"
    mirror: "http://deb.debian.org/debian"
    
  # Package management
  packages:
    include:
      # Essential system packages
      - "systemd"
      - "udev"
      - "dbus"
      - "libc6"
      - "libcap2"
      - "ostree"
      - "bootc"
      - "linux-image-amd64"
      
      # Server utilities
      - "bash"
      - "coreutils"
      - "ca-certificates"
      - "curl"
      - "wget"
      - "vim"
      - "htop"
      - "net-tools"
      - "iproute2"
      - "openssh-server"
      - "rsyslog"
      - "cron"
      
    exclude:
      - "unattended-upgrades"
      - "desktop-packages"
      - "unwanted-package"
      
  # Customizations
  customizations:
    users:
      - name: "admin"
        groups: ["sudo", "docker"]
        ssh_keys:
          - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC..."
    
    files:
      - path: "/etc/hostname"
        content: "debian-atomic-server"
        mode: "0644"
        owner: "root:root"
        
      - path: "/etc/motd"
        content: "Welcome to Debian Atomic Server (bootc) - Trixie"
        mode: "0644"
        owner: "root:root"
        
      - path: "/etc/ssh/sshd_config"
        content: |
          Port 22
          Protocol 2
          HostKey /etc/ssh/ssh_host_rsa_key
          HostKey /etc/ssh/ssh_host_ecdsa_key
          HostKey /etc/ssh/ssh_host_ed25519_key
          UsePrivilegeSeparation yes
          KeyRegenerationInterval 3600
          ServerKeyBits 1024
          SyslogFacility AUTH
          LogLevel INFO
          LoginGraceTime 120
          PermitRootLogin no
          StrictModes yes
          RSAAuthentication yes
          PubkeyAuthentication yes
          AuthorizedKeysFile .ssh/authorized_keys
          IgnoreRhosts yes
          RhostsRSAAuthentication no
          HostbasedAuthentication no
          PermitEmptyPasswords no
          ChallengeResponseAuthentication no
          PasswordAuthentication yes
          X11Forwarding yes
          X11DisplayOffset 10
          PrintMotd no
          PrintLastLog yes
          TCPKeepAlive yes
          AcceptEnv LANG LC_*
          Subsystem sftp /usr/lib/openssh/sftp-server
          UsePAM yes
        mode: "0644"
        owner: "root:root"
        
    services:
      enable:
        - "systemd-networkd"
        - "systemd-resolved"
        - "systemd-timesyncd"
        - "ssh"
        - "rsyslog"
        - "cron"
        
  # OSTree configuration
  ostree:
    ref: "debian/13/amd64/server"
    commit_message: "Debian 13 Trixie server bootc image"
    metadata:
      build_tool: "deb-bootc-compose"
      build_timestamp: "2025-08-19T18:44:29Z"
      build_version: "1.0.0"
      variant: "server"
      architecture: "amd64"
      distribution: "trixie"
    
  # Build options
  build:
    parallel_jobs: 4
    cache_dir: "./cache"
    cleanup: true