image:
  distribution: fedora

source:
  downloader: fedora-http
  url: https://kojipkgs.fedoraproject.org

targets:
  lxc:
    #create_message: |
    #  You just created a {{ image.description }} container.
    config:
    - type: all
      before: 5
      content: |-
        lxc.include = LXC_TEMPLATE_CONFIG/fedora.common.conf

    - type: user
      before: 5
      content: |-
        lxc.include = LXC_TEMPLATE_CONFIG/fedora.userns.conf

    - type: all
      after: 4
      content: |-
        lxc.include = LXC_TEMPLATE_CONFIG/common.conf

    - type: user
      after: 4
      content: |-
        lxc.include = LXC_TEMPLATE_CONFIG/userns.conf

    - type: all
      content: |-
        lxc.arch = {{ image.architecture_kernel }}

files:
- path: /etc/machine-id
  generator: dump

- path: /etc/fstab
  generator: dump
  types:
  - container

- path: /var/lib/dbus/machine-id
  generator: remove

- path: /etc/hostname
  generator: hostname

- path: /etc/hosts
  generator: hosts

#dnf-automatic configuration
- path: /etc/dnf/automatic.conf
  generator: dump
  content: |-
   apply_updates = yes
   download_updates = yes
   upgrade_type = security
   

packages:
  manager: dnf
  update: true
  cleanup: true
  sets:
  - packages:
    - cpio
    - file
    - findutils
    - fipscheck
    - gettext
    - glibc-all-langpacks
    - hardlink
    - hostname
    - ipcalc
    - iproute
    - iproute-tc
    - iputils
    - kbd
    - kmod
    - openssh-clients
    - passwd
    - policycoreutils
    - procps-ng
    - systemd-udev
    - systemd-networkd
    - which
    - dnf-automatic
    action: install

  - packages:
    - libsss_idmap
    - libsss_nss_idmap
    - sssd-client
    action: remove

actions:
- trigger: post-unpack
  action: |-
    #!/bin/sh

    set -eux

    # Increase connection timeout
    echo timeout=60 >> /etc/dnf/dnf.conf

    # Let dnf find the fastest mirror
    echo fastestmirror=True >> /etc/dnf/dnf.conf

    # Skip weak dependencies
    echo install_weak_deps=False  >> /etc/dnf/dnf.conf

    #ProxyCacheSetting
    echo '#CacheServer not set' >> /etc/dnf/dnf.conf

    # Backup all repo files
    for repo in $(ls /etc/yum.repos.d/*.repo); do
      cp "${repo}" "${repo}.bak"
    done

- trigger: post-unpack
  action: |-
    #!/bin/sh

    set -eux

    # Use Fedora 38 GPG key to avoid package installation errors
    for repo in $(ls /etc/yum.repos.d/*.repo); do
      grep -q 'RPM-GPG-KEY-fedora-38' "${repo}" && continue

      sed -ri 's#^gpgkey=.*#\0 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-38-$basearch#g' "${repo}"
    done
  architectures:
  - aarch64
  - x86_64
  releases:
  - Rawhide

- trigger: post-packages
  action: |-
    #!/bin/sh
    umount -l /etc/resolv.conf || true
    rm /etc/resolv.conf
    cp -R /etc/skel/.bash* /root/
    
    systemctl enable dnf-automatic.timer

- trigger: post-files
  action: |-
    #!/bin/sh
    set -eux

    # Restore repos
    for repo in $(ls /etc/yum.repos.d/*.bak); do
      mv "${repo}" ${repo%.*}
    done