overthinkos/bootc-config
distros/skills/bootc-config/SKILL.md
Bootc system configuration: tty1 autologin, graphical target, pipewire/wireplumber enablement, and the systemd-user supervisord autostart unit that brings up supervisord-managed desktop services on bootc. Canonical home for any bootc-side boot wiring. Use when working with bootc images, autologin, systemd graphical target, or the supervisord-under-systemd autostart pattern.
content-media
Updated Jun 4, 2026
$ install --global
skillsauthnpx skillsauth add overthinkos/overthink-plugins bootc-configInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 4, 2026, 8:03 AM137.5s1 file scanned
SKILL.md
- name:
- bootc-config
- description:
- |
- Bootc system configuration:
- tty1 autologin, graphical target, pipewire/wireplumber enablement,
bootc-config -- bootc system configuration
Layer Properties
| Property | Value |
|----------|-------|
| Install files | task:, layer.yml |
Packages
sway-systemd(RPM) -- Sway systemd integration
What this layer configures
- tty1 autologin — writes
/etc/systemd/system/[email protected]/autologin.confso theuseraccount logs in automatically on the first virtual console. - Default graphical target —
systemctl set-default graphical.targetso the OS boots into the desktop, not multi-user. - Global PipeWire + WirePlumber — enables
pipewire.socketandwireplumber.servicefor every user session viasystemctl --global enable. - Systemd user supervisord autostart (see next section) — ships
/etc/systemd/user/supervisord.service+systemctl --global enable supervisord.service. - Linger for
user— writes the sentinel file/var/lib/systemd/linger/userso the user's systemd instance starts at boot even without an interactive login.
Each systemctl cmd is suffixed || true because the directives succeed on live systems but may fail harmlessly during offline bootc assembly.
Running supervisord under systemd (bootc desktop autostart)
The selkies-desktop and openclaw metalayers compose supervisord service: fragments for every desktop program (labwc, chrome, swaync, waybar, selkies, traefik, …). On container images that's fine: ENTRYPOINT=supervisord starts the whole tree as PID 1. On bootc images, systemd is PID 1 and nothing wraps supervisord by default — the desktop would never come up.
This layer ships the missing wiring: a systemd user unit at /etc/systemd/user/supervisord.service that runs /usr/bin/supervisord -c /etc/supervisord.conf -n, guarded by ConditionFileIsExecutable=/usr/bin/supervisord + ConditionPathExists=/etc/supervisord.conf so it no-ops on bootc images that don't use supervisord. It's systemctl --global enabled so every user session started via tty1 autologin brings the desktop tier up.
StandardOutput=file:/tmp/supervisord-stdout.log is load-bearing
The unit declares:
StandardOutput=file:/tmp/supervisord-stdout.log
StandardError=file:/tmp/supervisord-stderr.log
These aren't for log collection — they're required for supervisord's per-program stdout_logfile=/dev/fd/1 entries to resolve. Under a systemd user service without this redirect, fd 1 points at the journal pipe; per-program dispatchers call open("/dev/fd/1") on that pipe and get ENXIO: No such device or address, causing every program to enter FATAL with the message unknown error making dispatchers for <name>: ENXIO. Redirecting stdout to a real file makes /dev/fd/1 openable. Also: the supervisord header template was separately changed from logfile=/dev/stdout to logfile=/tmp/supervisord.log for the same reason — see /ov-infrastructure:supervisord.
Linger sentinel file trick
loginctl enable-linger user is the usual way to enable linger, but it requires a running logind — which the offline bootc builder doesn't have. The equivalent effect is writing an empty file at /var/lib/systemd/linger/user. Existence alone enables linger at boot. This layer uses a mkdir: + cmd: touch pair to plant the sentinel (empty content doesn't pass write: validation).
Usage
# image.yml — this layer is included transitively via bootc-base
my-bootc-image:
base: "quay.io/fedora/fedora-bootc:43"
bootc: true
distro: ["fedora:43", fedora] # external bases need this — see /ov-image:image
layers:
- bootc-base
- <other desktop layers>
Used In Images
Part of the /ov-distros:bootc-base composition layer. Used transitively in every bootc image:
/ov-distros:bazzite— canonical worked example (exercises every piece of the supervisord + tty1 autologin + graphical target flow end-to-end)/ov-distros:aurora
Related Layers
/ov-distros:bootc-base-- composition that includes this layer + sshd + qemu-guest-agent/ov-coder:sshd-- SSH server (also in bootc-base; NOPASSWD-sudo test handles the dual USER=root/1000 context)/ov-distros:qemu-guest-agent-- QEMU agent (also in bootc-base)/ov-infrastructure:supervisord-- the init system that this layer wires into systemd on bootc/ov-selkies:selkies-desktop-layer-- the 19-sublayer desktop metalayer that this autostart brings up
Related Skills
/ov-vm:vm-- VM lifecycle + the/dev:/devmount requirement forbootc install to-disk/ov-image:image-- the external-basedistro:requirement/ov-build:generate-- the empty-systemd-services-stage fix that makes bootc images with only packaged systemd units (unifiedservice:entries usinguse_packaged:) build cleanly/ov-eval:eval-- dual-mode USER context authoring gotcha (test #11)/ov-image:layer-- layer authoring reference
When to Use This Skill
Use when the user asks about:
- Bootc image autologin configuration
- systemd graphical target setup
- pipewire/wireplumber system service enablement
- tty1 autologin in bootable containers
- How supervisord starts on a bootc image (systemd user service +
StandardOutput=file:trick) - The
/var/lib/systemd/linger/usersentinel-file pattern - Symptoms like
unknown error making dispatchers for <name>: ENXIOin supervisord logs
Related Skills
overthinkos/agents
development
VerifiedTrustedCommunity
Claude Code multi-agent support in Overthink — sub-agents, dynamic workflows, and agent teams, and how each drives the existing `ov eval` disposable beds to test and verify. MUST be invoked before authoring or invoking an ov sub-agent / dynamic workflow / agent team, wiring agent-lifecycle hooks, or asking "which primitive should drive the R10 beds?".
SKILL.mdUpdated May 31, 2026
overthinkos/workspace-mount
tools
VerifiedTrustedCommunity
Mounts a virtiofs share tagged `workspace` at /workspace inside a VM guest via a systemd .mount unit. Use when a kind:vm entity shares a host directory into the guest and you need it auto-mounted (and re-mounted at every boot).
SKILL.mdUpdated May 30, 2026
overthinkos/android
development
VerifiedTrustedCommunity
MUST be invoked before any work involving: the `kind: android` schema kind, a `target: android` deploy, the `apk:` layer package format (installing Android apps declaratively), AndroidDeployTarget, an in-pod emulator OR a remote/physical adb-endpoint device, or nested `pod → android` deployment. The first-class Android device + app surface that sits above `ov eval adb`/`appium`.
SKILL.mdUpdated May 26, 2026
overthinkos/git-workflow
tools
VerifiedTrustedCommunity
Use when committing, branching, pushing, merging, tagging, creating PRs, or approving/merging PRs with gh — the feat/-branch, R10-gated, never-force-push landing workflow across the main repo + the plugins submodule + image/<distro> submodules. Covers sync-to-upstream, branch/worktree pruning, the fork+PR path for contributors without write access, and cross-repo @github landing order.
SKILL.mdUpdated May 25, 2026