# Debian Minimal Variant Definition
# Minimal system equivalent to Fedora CoreOS

variant:
  name: "debian-minimal"
  description: "Debian Atomic Minimal System"
  base: "debian-13"
  architecture: "amd64"
  desktop: "none"
  target: "minimal"

# Base system packages (always included)
base_packages:
  - "systemd"
  - "systemd-sysv"
  - "dbus"
  - "dbus-user-session"
  - "policykit-1"
  - "polkitd"
  - "sudo"
  - "passwd"
  - "bash"
  - "coreutils"
  - "util-linux"
  - "procps"
  - "sysvinit-utils"

# Essential utilities
essential_utils:
  - "less"
  - "vim-tiny"
  - "wget"
  - "curl"
  - "ca-certificates"
  - "gnupg"
  - "apt"
  - "apt-utils"
  - "dpkg"
  - "debian-archive-keyring"

# Networking tools
networking:
  - "iproute2"
  - "net-tools"
  - "network-manager"
  - "resolvconf"
  - "dnsutils"
  - "openssh-client"
  - "openssh-server"
  - "iptables"
  - "ufw"
  - "fail2ban"

# System administration
system_admin:
  - "htop"
  - "iotop"
  - "ncdu"
  - "rsync"
  - "tar"
  - "gzip"
  - "bzip2"
  - "xz-utils"
  - "unzip"
  - "zip"

# Security tools
security:
  - "apparmor"
  - "apparmor-utils"
  - "auditd"
  - "audispd-plugins"
  - "rkhunter"
  - "chkrootkit"
  - "tripwire"
  - "aide"
  - "clamav"
  - "clamav-daemon"

# Monitoring and logging
monitoring:
  - "logrotate"
  - "cron"
  - "anacron"
  - "at"
  - "syslog-ng"
  - "logwatch"
  - "collectd"
  - "prometheus-node-exporter"
  - "grafana-agent"
  - "telegraf"

# Development tools (minimal)
development_minimal:
  - "build-essential"
  - "git"
  - "python3"
  - "python3-pip"
  - "python3-venv"

# Excluded packages (not needed for minimal)
excluded_packages:
  - "packagekit"
  - "update-manager"
  - "unattended-upgrades"
  - "apt-listchanges"
  - "debian-faq"
  - "debian-reference"
  - "debian-handbook"
  - "popularity-contest"
  - "reportbug"
  - "apt-listbugs"
  - "gnome-*"
  - "kde-*"
  - "xfce4-*"
  - "mate-*"
  - "lxde-*"

# Repository configuration
repositories:
  - name: "debian"
    url: "http://deb.debian.org/debian"
    components: ["main", "contrib", "non-free"]
    suite: "trixie"
  
  - name: "debian-security"
    url: "http://deb.debian.org/debian-security"
    components: ["main", "contrib", "non-free"]
    suite: "trixie-security"

# System configuration
system_config:
  hostname: "debian-minimal"
  timezone: "UTC"
  locale: "en_US.UTF-8"
  keyboard: "us"
  
# OSTree configuration
ostree:
  ref: "debian/13/x86_64/minimal"
  url: "https://ostree.debian.org"
  gpg_verify: true
  mode: "bare"