name: debian-server
description: Debian Server OS with essential server packages
base-image: debian:trixie
image-version: "13"

stages:
  - type: org.osbuild.debian.debootstrap
    options:
      suite: trixie
      target: /tmp/rootfs
      arch: amd64
      variant: minbase
      components: ["main", "contrib", "non-free"]
      
  - type: org.osbuild.debian.sources
    options:
      suite: trixie
      mirror: https://deb.debian.org/debian
      components: ["main", "contrib", "non-free"]
      additional_sources:
        - "deb https://deb.debian.org/debian-security trixie-security main contrib non-free"
        
  - type: org.osbuild.debian.apt
    options:
      packages:
        - openssh-server
        - nginx
        - apache2
        - mariadb-server
        - postgresql
        - redis-server
        - docker.io
        - docker-compose
        - fail2ban
        - ufw
        - htop
        - iotop
        - nethogs
        - vnstat
        - logwatch
        - rsyslog
        - cron
        - anacron
        - systemd
        - systemd-sysv
        - curl
        - wget
        - vim
        - nano
        - git
        - build-essential
        - python3
        - python3-pip
        - nodejs
        - npm
        - certbot
        - letsencrypt
      update: true
      clean: true
      
  - type: org.osbuild.debian.locale
    options:
      language: en_US.UTF-8
      additional_locales: ["en_GB.UTF-8"]
      default_locale: en_US.UTF-8
      
  - type: org.osbuild.debian.timezone
    options:
      timezone: UTC
      
  - type: org.osbuild.debian.users
    options:
      users:
        admin:
          password: "$6$rounds=656000$salt$hashedpassword"
          shell: /bin/bash
          groups: ["sudo", "users", "adm", "docker"]
          uid: 1000
          gid: 1000
          home: /home/admin
          comment: "Server Administrator"
        deploy:
          password: "$6$rounds=656000$salt$hashedpassword"
          shell: /bin/bash
          groups: ["users", "docker"]
          uid: 1001
          gid: 1001
          home: /home/deploy
          comment: "Deployment User"
      default_shell: /bin/bash
      default_home: /home
      
  - type: org.osbuild.ostree
    options:
      repo: /tmp/ostree-repo
      branch: debian-server
      subject: "Debian Server OS Build"
      body: "Built with particle-os for server deployment"
      
  - type: org.osbuild.bootupd
    options:
      partitions: true
      secure_boot: false
      a_b_partitions: true
      
  - type: org.osbuild.qemu
    options:
      formats: ["raw", "qcow2"]
      size: "15G"
      filename: "debian-server"

output:
  formats: ["raw", "qcow2"]
  size: "15G"
  path: "debian-server"

metadata:
  author: "particle-os"
  category: "server"
  tags: ["web", "database", "docker", "monitoring", "security"]