Common blueprint schema discussion

example.yaml

# Decisions for the initial version so far:
#
# * Implementation-free schema (detach from osbuild/image-builder).
# * Minimum top-level primitive types (name, description).
# * Prefer minimal nesting (two levels max).
# * Snake case naming for all keys (snake_case).
# * Plurals for composite elements (sequences, mappings).
# * Utilize native YAML data types (e.g. date, time).
# * Utilize default values from JSON Schema (boolean can be true).
#
---
name: "Image or blueprint name"
description: ""
# version: 1
distribution:
  name: "fedora"
  version: "42"
# minimal:
fips:
  enabled: false
rpm:
  packages:
    - name: "vim-enhanced"
      version: "8.0-1"
  groups:
    - "virtualization"
  import_keys: true
# modules:
containers:
  - source: "quay.io/fedora/fedora:latest"
    name: "fedora"
    tls_insecure: false
    local_storage: "/var/tmp/test"
hostname: "localhost"
kernel:
  name: "kernel-debug"
  append: "nosmt=force"
rshm:
  enabled: true
  product_plugin: true
  repository_management: true
  auto_registration: true
accounts:
  users:
    - name: "lzap"
      description: ""
      password: ""
      ssh_keys: [""]
      home: "/home/lzap"
      shell: "/usr/bin/bash"
      uid: 1001
      gid: 1001
      groups: ["wheel", "operators"]
      expires: 2050-05-13
  groups:
    - name: "operators"
      gid: 1042
timezone:
  posix: "Europe/Prague"
  ntp_servers: ["0.north-america.pool.ntp.org", "1.north-america.pool.ntp.org"]
locale:
  languages: ["en_US.UTF-8", "cs_CZ.UTF-8"]
  keyboard: ["cz-qwerty", "cz", "us"]
#firewall:
  #enabled: ["ssh", "dhcp", "imap:tcp", "53:udp", "60000-60010:udp"]
  #disabled: ["ssh", "dhcp", "imap:tcp", "53:udp", "60000-60010:udp"]
firewall:
  - service: "ssh"
    protocol: "tcp"
    state: "enabled"
  - service: "dhcp"
    state: "enabled"
  - port: 53
    protocol: "both"
  - port_from: 60000
    port_to: 60010
    protocol: "udp"
services:
  enabled: ["sshd"]
  disabled: ["tuned", "cupsd"]
  masked: []
directories:
  - path: "/var/tmp/dir"
    mode: 0755
    user: "lzap"
    group: "lzap"
    ensure_parents: true
files:
  - path: "/var/tmp/dir/file"
    mode: 0644
    user: "lzap"
    group: "lzap"
    data: ""
ignition:
  embedded: ""
  firstboot_url: ""
fdo:
  manufacturing_server_url: ""
  diun_pub_key_insecure: false
  diun_pub_key_hash: ""
  diun_pub_key_root_certs: ""
  di_mfg_string_type_mac_iface: ""
#custom_repositories:
repositories:
  id: ""
  name: ""
  filename: ""
  baseurls: [""]
  mirrorlist: ""
  metalink: ""
  gpgkeys: [""]
  check_gpg: true
  check_repo_gpg: true
  priority: 99
  ssl_verify: true
  module_hotfixes: false
storage:
  installation_device: "/dev/vda"
  partitioning_mode: "lvm"
  filesystems:
    - mountpoint: "/var/log"
      size: 1073741824
openscap:
  datastream: "/usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml"
  profile_id: "xccdf_org.ssgproject.content_profile_cis"
  profile_name: "CIS Red Hat Enterprise Linux 8 Benchmark for Level 2 - Server"
  profile_description: ""
  selected: []
  unselected: ["xccdf_org.ssgproject.content_rule_grub2_password"]
  json_tailorings:
    - profile_id: "name-of-profile-used-in-json-tailoring-file"
      filepath:  "/some/path/tailoring-file.json"
anaconda_installer:
  unattended: true
  sudo_nopassword: ["lzap"]
  enabled_modules: ["org.fedoraproject.Anaconda.Modules.Subscription"]
  disabled_modules: []
  kickstart: ""
# the following is only in hosted mostly from "image_request"
image:
  client_id: "api"
  architecture: "x86_64"
  snapshot_date: 2024-05-13
  type: "aws"
  size: 4294967296
  upload:
    - type: "aws"
      share_with_accounts: ["123456789"]
      share_with_sources: ["12345"]
ostree:
  url: "https://cert.console.stage.redhat.com/api/pulp-content/em652321d/myrhel-2747841137116337868"
  content_url: ""
  ref: "rhel/8/x86_64/edge"
  parent: "rhel/8/x86_64/edge"
  rhsm: true