kernel:
  image: linuxkit/kernel:6.12.52
  cmdline: "console=tty0 console=ttyS0"
init:
  - linuxkit/init:b92210bd04aa29344d70fd2d259e2ae3c7903ec4
  - linuxkit/runc:98ddef9b5b87cb44783566ed2a86cea95439a631
  - linuxkit/containerd:22578becf270fe4bbb82e29f2539f71613e0b4fc
  - linuxkit/ca-certificates:256f1950df59f2f209e9f0b81374177409eb11de
onboot:
  - name: sysctl
    image: linuxkit/sysctl:97e8bb067cd9cef1514531bb692f27263ac6d626
  - name: dhcpcd
    image: linuxkit/dhcpcd:b87e9ececac55a65eaa592f4dd8b4e0c3009afdb
    command: ["/sbin/dhcpcd", "--nobackground", "-f", "/dhcpcd.conf", "-1"]
  - name: format
    image: linuxkit/format:4f779c0b0d0ba145b7f03211b5cbf59fbbe12e54
    command: ["/usr/bin/format", "/dev/sda"]
  - name: dm-crypt
    image: linuxkit/dm-crypt:27e016fa7c12d6cfce0d045a65b112c787f6dc3c
    command: ["/usr/bin/crypto", "crypt_dev", "/dev/sda1"]
  - name: mount
    image: linuxkit/mount:bd1c3bb45e48e68e47a9456d1669f7119f855184
    command: ["/usr/bin/mountie", "/dev/mapper/crypt_dev", "/var/secure_storage"]
  - name: bbox
    image: busybox
    command: ["sh", "-c", "echo 'secret things' >/var/secure_storage/secrets"]
    binds:
      - /var:/var
services:
  - name: getty
    image: linuxkit/getty:a86d74c8f89be8956330c3b115b0b1f2e09ef6e0
    env:
     - INSECURE=true
  - name: rngd
    image: linuxkit/rngd:984eb580ecb63986f07f626b61692a97aacd7198
files:
  - path: etc/dm-crypt/key
    # the below key is just to keep the example self-contained
    # !!! provide a proper key for production use here !!!
    contents: "abcdefghijklmnopqrstuvwxyz123456"