mkosi: Use shared extra tree between initrd and main image

Let's share more between initrd and main system and use a shared
extra tree to achieve that.

6 files changed, 57 insertions, 0 deletions

diff --git a/mkosi.extra.common/etc/issue b/mkosi.extra.common/etc/issue
new file mode 100644
index 0000000000..6aa6fc0ec0
--- /dev/null
+++ b/mkosi.extra.common/etc/issue
@@ -0,0 +1,2 @@
+\S (built from systemd tree)
+Kernel \r on an \m (\l)
diff --git a/mkosi.extra.common/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf b/mkosi.extra.common/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
new file mode 100644
index 0000000000..cde9785d28
--- /dev/null
+++ b/mkosi.extra.common/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
@@ -0,0 +1,4 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Coredump]
+Storage=journal
diff --git a/mkosi.extra.common/usr/lib/systemd/journald.conf.d/ratelimit.conf b/mkosi.extra.common/usr/lib/systemd/journald.conf.d/ratelimit.conf
new file mode 100644
index 0000000000..3baede462e
--- /dev/null
+++ b/mkosi.extra.common/usr/lib/systemd/journald.conf.d/ratelimit.conf
@@ -0,0 +1,5 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Journal]
+RateLimitIntervalSec=0
+RateLimitBurst=0
diff --git a/mkosi.extra.common/usr/lib/systemd/leak-sanitizer-suppressions b/mkosi.extra.common/usr/lib/systemd/leak-sanitizer-suppressions
new file mode 100644
index 0000000000..639abb8f3f
--- /dev/null
+++ b/mkosi.extra.common/usr/lib/systemd/leak-sanitizer-suppressions
@@ -0,0 +1 @@
+leak:libselinux
diff --git a/mkosi.extra.common/usr/lib/systemd/system-preset/00-mkosi.preset b/mkosi.extra.common/usr/lib/systemd/system-preset/00-mkosi.preset
new file mode 100644
index 0000000000..5a15e6bcbb
--- /dev/null
+++ b/mkosi.extra.common/usr/lib/systemd/system-preset/00-mkosi.preset
@@ -0,0 +1,41 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+# mkosi adds its own ssh units via the --ssh switch so disable the default ones.
+disable ssh.service
+disable sshd.service
+
+# These are started manually in integration tests so don't start them by default.
+disable dnsmasq.service
+disable isc-dhcp-server.service
+disable isc-dhcp-server6.service
+
+# Pulled in via dracut-network by kexec-tools on Fedora.
+disable NetworkManager*
+
+# Make sure dbus-broker is started by default on Debian/Ubuntu.
+enable dbus-broker.service
+
+# systemd-networkd is disabled by default on Fedora so make sure it is enabled.
+enable systemd-networkd.service
+enable systemd-networkd-wait-online.service
+
+# systemd-resolved is disable by default on CentOS so make sure it is enabled.
+enable systemd-resolved.service
+
+# We install dnf in some images but it's only going to be used rarely,
+# so let's not have dnf create its cache.
+disable dnf-makecache.*
+
+# We have journald to receive audit data so let's make sure we're not running auditd as well
+disable auditd.service
+
+# systemd-timesyncd is not enabled by default in the default systemd preset so enable it here instead.
+enable systemd-timesyncd.service
+
+# Enabled by default on OpenSUSE and not conditioned out in containers, so let's disable these here instead.
+disable iscsi.service
+disable iscsid.socket
+disable iscsiuio.socket
+
+# mkosi relabels the image itself so no need to do it on boot.
+disable selinux-autorelabel-mark.service
diff --git a/mkosi.extra.common/usr/lib/systemd/system-preset/99-mkosi.preset b/mkosi.extra.common/usr/lib/systemd/system-preset/99-mkosi.preset
new file mode 100644
index 0000000000..710ee7c6f9
--- /dev/null
+++ b/mkosi.extra.common/usr/lib/systemd/system-preset/99-mkosi.preset
@@ -0,0 +1,4 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+# Make sure that services are disabled by default (primarily for Debian/Ubuntu).
+disable *