robojerk
cca68c90f6
- Add internal/phases/ with complete phase management system - Add internal/types/ with core data structures - Add internal/treefile/ for OSTree treefile generation - Update examples with YAML configurations - Update .gitignore to properly exclude test artifacts and build outputs - Update dependencies and configuration files
130 lines
3.2 KiB
YAML
130 lines
3.2 KiB
YAML
# apt-ostree treefile for Debian Trixie server bootc image
|
|
# This follows the apt-ostree v1 format specification
|
|
# Debian 13+ (trixie) has the required OSTree version for bootc support
|
|
|
|
apiVersion: v1
|
|
kind: Treefile
|
|
metadata:
|
|
name: "debian-trixie-server"
|
|
description: "Server Debian Trixie system for bootc images"
|
|
version: "13.0.0"
|
|
|
|
spec:
|
|
# Base system configuration
|
|
base:
|
|
distribution: "trixie"
|
|
architecture: "amd64"
|
|
mirror: "http://deb.debian.org/debian"
|
|
|
|
# Package management
|
|
packages:
|
|
include:
|
|
# Essential system packages
|
|
- "systemd"
|
|
- "udev"
|
|
- "dbus"
|
|
- "libc6"
|
|
- "libcap2"
|
|
- "ostree"
|
|
- "bootc"
|
|
- "linux-image-amd64"
|
|
|
|
# Server utilities
|
|
- "bash"
|
|
- "coreutils"
|
|
- "ca-certificates"
|
|
- "curl"
|
|
- "wget"
|
|
- "vim"
|
|
- "htop"
|
|
- "net-tools"
|
|
- "iproute2"
|
|
- "openssh-server"
|
|
- "rsyslog"
|
|
- "cron"
|
|
|
|
exclude:
|
|
- "unattended-upgrades"
|
|
- "desktop-packages"
|
|
- "unwanted-package"
|
|
|
|
# Customizations
|
|
customizations:
|
|
users:
|
|
- name: "admin"
|
|
groups: ["sudo", "docker"]
|
|
ssh_keys:
|
|
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC..."
|
|
|
|
files:
|
|
- path: "/etc/hostname"
|
|
content: "debian-atomic-server"
|
|
mode: "0644"
|
|
owner: "root:root"
|
|
|
|
- path: "/etc/motd"
|
|
content: "Welcome to Debian Atomic Server (bootc) - Trixie"
|
|
mode: "0644"
|
|
owner: "root:root"
|
|
|
|
- path: "/etc/ssh/sshd_config"
|
|
content: |
|
|
Port 22
|
|
Protocol 2
|
|
HostKey /etc/ssh/ssh_host_rsa_key
|
|
HostKey /etc/ssh/ssh_host_ecdsa_key
|
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
|
UsePrivilegeSeparation yes
|
|
KeyRegenerationInterval 3600
|
|
ServerKeyBits 1024
|
|
SyslogFacility AUTH
|
|
LogLevel INFO
|
|
LoginGraceTime 120
|
|
PermitRootLogin no
|
|
StrictModes yes
|
|
RSAAuthentication yes
|
|
PubkeyAuthentication yes
|
|
AuthorizedKeysFile .ssh/authorized_keys
|
|
IgnoreRhosts yes
|
|
RhostsRSAAuthentication no
|
|
HostbasedAuthentication no
|
|
PermitEmptyPasswords no
|
|
ChallengeResponseAuthentication no
|
|
PasswordAuthentication yes
|
|
X11Forwarding yes
|
|
X11DisplayOffset 10
|
|
PrintMotd no
|
|
PrintLastLog yes
|
|
TCPKeepAlive yes
|
|
AcceptEnv LANG LC_*
|
|
Subsystem sftp /usr/lib/openssh/sftp-server
|
|
UsePAM yes
|
|
mode: "0644"
|
|
owner: "root:root"
|
|
|
|
services:
|
|
enable:
|
|
- "systemd-networkd"
|
|
- "systemd-resolved"
|
|
- "systemd-timesyncd"
|
|
- "ssh"
|
|
- "rsyslog"
|
|
- "cron"
|
|
|
|
# OSTree configuration
|
|
ostree:
|
|
ref: "debian/13/amd64/server"
|
|
commit_message: "Debian 13 Trixie server bootc image"
|
|
metadata:
|
|
build_tool: "deb-bootc-compose"
|
|
build_timestamp: "2025-08-19T18:44:29Z"
|
|
build_version: "1.0.0"
|
|
variant: "server"
|
|
architecture: "amd64"
|
|
distribution: "trixie"
|
|
|
|
# Build options
|
|
build:
|
|
parallel_jobs: 4
|
|
cache_dir: "./cache"
|
|
cleanup: true
|