1 files changed, 45 insertions, 29 deletions

diff --git a/mkosi.conf b/mkosi.conf
index 9961407..38d6e83 100644
--- a/mkosi.conf
+++ b/mkosi.conf
@@ -1,39 +1,55 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
 [Config]
-Images=system
+@Images=system
+MinimumVersion=23~devel
 
 [Output]
-OutputDirectory=mkosi.output
-BuildDirectory=mkosi.builddir
-CacheDirectory=mkosi.cache
+@OutputDirectory=build/mkosi.output
+@BuildDirectory=build/mkosi.builddir
+@CacheDirectory=build/mkosi.cache
 
 [Content]
-# Prevent ASAN warnings when building the image and ship the real ASAN options prefixed with MKOSI_.
-Environment=ASAN_OPTIONS=verify_asan_link_order=false
-            MKOSI_ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1
-            MKOSI_UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1
+@SELinuxRelabel=no
+BuildSourcesEphemeral=yes
+
+# Adding more kernel command line arguments is likely to hit the kernel command line limit (512 bytes) in
+# various scenarios. Consider adding support for a credential instead if possible and using that.
+KernelCommandLine=systemd.crash_shell
+                  systemd.log_level=debug,console:info
+                  systemd.log_ratelimit_kmsg=0
+                  # Disable the kernel's ratelimiting on userspace logging to kmsg.
+                  printk.devkmsg=on
+                  # Make sure /sysroot is mounted rw in the initrd.
+                  rw
+                  # Lower the default device timeout so we get a shell earlier if the root device does
+                  # not appear for some reason.
+                  systemd.default_device_timeout_sec=30
+                  # Make sure no LSMs are enabled by default.
+                  apparmor=0
+                  selinux=0
+                  enforcing=0
+                  systemd.early_core_pattern=/core
+                  systemd.firstboot=no
+                  raid=noautodetect
+                  oops=panic
+                  panic=-1
+                  softlockup_panic=1
+                  panic_on_warn=1
+                  # These don't ship proper units with [Install] directives so we have to mask them instead.
+                  systemd.mask=isc-dhcp-server.service
+                  systemd.mask=mdmonitor.service
+
+KernelModulesInitrdExclude=.*
+KernelModulesInitrdInclude=default
 
 [Host]
+Credentials=journal.storage=persistent
 @Incremental=yes
-@QemuMem=2G
-@RuntimeSize=8G
-# Make sure we don't trigger systemd-firstboot prompting for the root password.
-Credentials=passwd.plaintext-password.root=
-KernelCommandLineExtra=systemd.crash_shell
-                       systemd.log_level=debug
-                       systemd.log_ratelimit_kmsg=0
-                       systemd.journald.forward_to_console
-                       systemd.journald.max_level_console=warning
-                       # Disable the kernel's ratelimiting on userspace logging to kmsg.
-                       printk.devkmsg=on
-                       # Make sure /sysroot is mounted rw in the initrd.
-                       rw
-                       # Lower the default device timeout so we get a shell earlier if the root device does
-                       # not appear for some reason.
-                       systemd.default_device_timeout_sec=10
-                       # Make sure no LSMs are enabled by default.
-                       apparmor=0
-                       selinux=0
-                       enforcing=0
-                       systemd.early_core_pattern=/core
+@RuntimeBuildSources=yes
+@RuntimeScratch=no
+@QemuSmp=2
+@QemuSwtpm=yes
+@QemuVsock=yes
+@QemuKvm=yes
+ToolsTreePackages=virtiofsd