Skip to content

Commit

Permalink
more tweaks and updates
Browse files Browse the repository at this point in the history
  • Loading branch information
detiber committed Dec 12, 2024
1 parent 0d4bccd commit 80014c5
Show file tree
Hide file tree
Showing 11 changed files with 319 additions and 39 deletions.
64 changes: 64 additions & 0 deletions bootc/Containerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
# Base bootc image
FROM ghcr.io/ublue-os/base-main:latest

# Install required packages
RUN \
--mount=type=cache,dst=/var/cache/rpm-ostree,id=rpm-ostree-cache-beardy-os-latest,sharing=locked \
--mount=type=cache,dst=/var/cache/libdnf5,id=dnf-cache-beardy-os-latest,sharing=locked \
dnf5 -y install glibc-locale-source glibc-langpack-en osbuild-selinux && \
dnf5 -y copr enable gmaglione/podman-bootc && \
dnf5 -y install podman-bootc && \
ostree container commit

RUN localedef -i en_US -f UTF-8 en_US.UTF-8
RUN echo "LANG=\"en_US.UTF-8\"" > /etc/locale.conf
RUN ln -s -f /usr/share/zoneinfo/America/New_York /etc/localtime

# Install additional packages
RUN \
--mount=type=cache,dst=/var/cache/rpm-ostree,id=rpm-ostree-cache-beardy-os-latest,sharing=locked \
--mount=type=cache,dst=/var/cache/libdnf5,id=dnf-cache-beardy-os-latest,sharing=locked \
dnf5 -y install \
cockpit-bridge \
cockpit-machines \
cockpit-navigator \
cockpit-networkmanager \
cockpit-ostree \
cockpit-podman \
cockpit-selinux \
cockpit-storaged \
cockpit-system \
podman-compose \
libvirt-client \
virt-install \
btrfs-assistant \
btrfsmaintenance \
dbus-daemon \
dbus-tools \
fastfetch \
ptyxis \
setroubleshoot-plugins \
setroubleshoot-server \
usermode \
virt-install \
virt-manager \
virt-what \
xdg-user-dirs \
xdg-user-dirs-gtk \
tig \
libguestfs \
&& ostree container commit

RUN bootc container lint

# bluebuild: Labels are added last since they cause cache misses with buildah
LABEL org.blue-build.build-id="c74bf003-e98a-4ac0-8db2-8869239c6c13"
LABEL org.opencontainers.image.title="beardy-os"
LABEL org.opencontainers.image.description="The preferred u-blue based OS for bearded developers."
LABEL org.opencontainers.image.base.digest="sha256:4ff605c93dca3a99b434f7363f400925685432cc22c5affbef9567e97d49603d"
LABEL org.opencontainers.image.base.name="ghcr.io/ublue-os/silverblue-main:latest"
LABEL org.opencontainers.image.created="2024-12-10T01:22:13.918756743+00:00"
LABEL io.artifacthub.package.readme-url=https://raw.githubusercontent.com/detiber/beardy-os/main/README.md
LABEL org.opencontainers.image.source=https://github.com/detiber/beardy-os
LABEL org.opencontainers.image.url=https://github.com/detiber/beardy-os
LABEL org.opencontainers.image.vendor=detiber
13 changes: 13 additions & 0 deletions docs/notes.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
# Notes

## Kickstart

- kickstart config option for installing a disk img vs packages: https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#liveimg
- option for ostree installations: https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#ostreecontainer

## bootc

- kernel arguments: https://containers.github.io/bootc/building/kernel-arguments.html
- injected at install time: https://containers.github.io/bootc/building/kernel-arguments.html#kernel-arguments-injected-at-installation-time
- users and groups: https://containers.github.io/bootc/building/users-and-groups.html
-
4 changes: 2 additions & 2 deletions hack/beardy-autorebase.butane
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ systemd:
[Service]
Type=oneshot
StandardOutput=journal+console
ExecStart=/usr/bin/rpm-ostree rebase --bypass-driver ostree-unverified-registry:ghcr.io/detiber/beardy-os:latest
ExecStart=/usr/bin/rpm-ostree rebase --bypass-driver ostree-unverified-registry:ghcr.io/detiber/beardy-os-base:latest
ExecStart=/usr/bin/touch /etc/ucore-autorebase/unverified
ExecStart=/usr/bin/systemctl disable ucore-unsigned-autorebase.service
ExecStart=/usr/bin/systemctl reboot
Expand All @@ -43,7 +43,7 @@ systemd:
[Service]
Type=oneshot
StandardOutput=journal+console
ExecStart=/usr/bin/rpm-ostree rebase --bypass-driver ostree-image-signed:docker://ghcr.io/detiber/beardy-os:latest
ExecStart=/usr/bin/rpm-ostree rebase --bypass-driver ostree-image-signed:docker://ghcr.io/detiber/beardy-os-base:latest
ExecStart=/usr/bin/touch /etc/ucore-autorebase/signed
ExecStart=/usr/bin/systemctl disable ucore-signed-autorebase.service
ExecStart=/usr/bin/systemctl reboot
Expand Down
4 changes: 2 additions & 2 deletions hack/beardy-autorebase.ign
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,12 @@
"systemd": {
"units": [
{
"contents": "[Unit]\nDescription=uCore autorebase to unsigned OCI and reboot\nConditionPathExists=!/etc/ucore-autorebase/unverified\nConditionPathExists=!/etc/ucore-autorebase/signed\nAfter=network-online.target\nWants=network-online.target\n[Service]\nType=oneshot\nStandardOutput=journal+console\nExecStart=/usr/bin/rpm-ostree rebase --bypass-driver ostree-unverified-registry:ghcr.io/detiber/beardy-os:latest\nExecStart=/usr/bin/touch /etc/ucore-autorebase/unverified\nExecStart=/usr/bin/systemctl disable ucore-unsigned-autorebase.service\nExecStart=/usr/bin/systemctl reboot\n[Install]\nWantedBy=multi-user.target\n",
"contents": "[Unit]\nDescription=uCore autorebase to unsigned OCI and reboot\nConditionPathExists=!/etc/ucore-autorebase/unverified\nConditionPathExists=!/etc/ucore-autorebase/signed\nAfter=network-online.target\nWants=network-online.target\n[Service]\nType=oneshot\nStandardOutput=journal+console\nExecStart=/usr/bin/rpm-ostree rebase --bypass-driver ostree-unverified-registry:ghcr.io/detiber/beardy-os-base:latest\nExecStart=/usr/bin/touch /etc/ucore-autorebase/unverified\nExecStart=/usr/bin/systemctl disable ucore-unsigned-autorebase.service\nExecStart=/usr/bin/systemctl reboot\n[Install]\nWantedBy=multi-user.target\n",
"enabled": true,
"name": "ucore-unsigned-autorebase.service"
},
{
"contents": "[Unit]\nDescription=uCore autorebase to signed OCI and reboot\nConditionPathExists=/etc/ucore-autorebase/unverified\nConditionPathExists=!/etc/ucore-autorebase/verified\nAfter=network-online.target\nWants=network-online.target\n[Service]\nType=oneshot\nStandardOutput=journal+console\nExecStart=/usr/bin/rpm-ostree rebase --bypass-driver ostree-image-signed:docker://ghcr.io/detiber/beardy-os:latest\nExecStart=/usr/bin/touch /etc/ucore-autorebase/signed\nExecStart=/usr/bin/systemctl disable ucore-signed-autorebase.service\nExecStart=/usr/bin/systemctl reboot\n[Install]\nWantedBy=multi-user.target",
"contents": "[Unit]\nDescription=uCore autorebase to signed OCI and reboot\nConditionPathExists=/etc/ucore-autorebase/unverified\nConditionPathExists=!/etc/ucore-autorebase/verified\nAfter=network-online.target\nWants=network-online.target\n[Service]\nType=oneshot\nStandardOutput=journal+console\nExecStart=/usr/bin/rpm-ostree rebase --bypass-driver ostree-image-signed:docker://ghcr.io/detiber/beardy-os-base:latest\nExecStart=/usr/bin/touch /etc/ucore-autorebase/signed\nExecStart=/usr/bin/systemctl disable ucore-signed-autorebase.service\nExecStart=/usr/bin/systemctl reboot\n[Install]\nWantedBy=multi-user.target",
"enabled": true,
"name": "ucore-signed-autorebase.service"
}
Expand Down
4 changes: 2 additions & 2 deletions hack/beardy-bootc-switch.butane
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ systemd:
[Service]
Type=oneshot
StandardOutput=journal+console
ExecStart=/usr/bin/bootc switch ghcr.io/detiber/beardy-os:latest
ExecStart=/usr/bin/bootc switch ghcr.io/detiber/beardy-os-base:latest
ExecStart=/usr/bin/touch /etc/ucore-autobootcswitch/unverified
ExecStart=/usr/bin/systemctl disable ucore-unsigned-autobootcswitch.service
ExecStart=/usr/bin/systemctl reboot
Expand All @@ -44,7 +44,7 @@ systemd:
[Service]
Type=oneshot
StandardOutput=journal+console
ExecStart=/usr/bin/bootc switch --enforce-container-sigpolicy ghcr.io/detiber/beardy-os:latest
ExecStart=/usr/bin/bootc switch --enforce-container-sigpolicy ghcr.io/detiber/beardy-os-base:latest
ExecStart=/usr/bin/touch /etc/ucore-autobootcswitch/signed
ExecStart=/usr/bin/systemctl disable ucore-signed-autobootcswitch.service
ExecStart=/usr/bin/systemctl reboot
Expand Down
4 changes: 2 additions & 2 deletions hack/beardy-bootc-switch.ign
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,12 @@
"systemd": {
"units": [
{
"contents": "[Unit]\nDescription=uCore autobootcswitch to unsigned OCI and reboot\nConditionPathExists=!/etc/ucore-autobootcswitch/unverified\nConditionPathExists=!/etc/ucore-autobootcswitch/signed\nAfter=network-online.target\nWants=network-online.target\n[Service]\nType=oneshot\nStandardOutput=journal+console\nExecStart=/usr/bin/bootc switch ghcr.io/detiber/beardy-os:latest\nExecStart=/usr/bin/touch /etc/ucore-autobootcswitch/unverified\nExecStart=/usr/bin/systemctl disable ucore-unsigned-autobootcswitch.service\nExecStart=/usr/bin/systemctl reboot\n[Install]\nWantedBy=multi-user.target\n",
"contents": "[Unit]\nDescription=uCore autobootcswitch to unsigned OCI and reboot\nConditionPathExists=!/etc/ucore-autobootcswitch/unverified\nConditionPathExists=!/etc/ucore-autobootcswitch/signed\nAfter=network-online.target\nWants=network-online.target\n[Service]\nType=oneshot\nStandardOutput=journal+console\nExecStart=/usr/bin/bootc switch ghcr.io/detiber/beardy-os-base:latest\nExecStart=/usr/bin/touch /etc/ucore-autobootcswitch/unverified\nExecStart=/usr/bin/systemctl disable ucore-unsigned-autobootcswitch.service\nExecStart=/usr/bin/systemctl reboot\n[Install]\nWantedBy=multi-user.target\n",
"enabled": true,
"name": "ucore-unsigned-autobootcswitch.service"
},
{
"contents": "[Unit]\nDescription=uCore autobootcswitch to signed OCI and reboot\nConditionPathExists=/etc/ucore-autobootcswitch/unverified\nConditionPathExists=!/etc/ucore-autobootcswitch/verified\nAfter=network-online.target\nWants=network-online.target\n[Service]\nType=oneshot\nStandardOutput=journal+console\nExecStart=/usr/bin/bootc switch --enforce-container-sigpolicy ghcr.io/detiber/beardy-os:latest\nExecStart=/usr/bin/touch /etc/ucore-autobootcswitch/signed\nExecStart=/usr/bin/systemctl disable ucore-signed-autobootcswitch.service\nExecStart=/usr/bin/systemctl reboot\n[Install]\nWantedBy=multi-user.target",
"contents": "[Unit]\nDescription=uCore autobootcswitch to signed OCI and reboot\nConditionPathExists=/etc/ucore-autobootcswitch/unverified\nConditionPathExists=!/etc/ucore-autobootcswitch/verified\nAfter=network-online.target\nWants=network-online.target\n[Service]\nType=oneshot\nStandardOutput=journal+console\nExecStart=/usr/bin/bootc switch --enforce-container-sigpolicy ghcr.io/detiber/beardy-os-base:latest\nExecStart=/usr/bin/touch /etc/ucore-autobootcswitch/signed\nExecStart=/usr/bin/systemctl disable ucore-signed-autobootcswitch.service\nExecStart=/usr/bin/systemctl reboot\n[Install]\nWantedBy=multi-user.target",
"enabled": true,
"name": "ucore-signed-autobootcswitch.service"
}
Expand Down
2 changes: 1 addition & 1 deletion hack/bib-img-config.toml
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,4 @@
name = "detiber"
password = "changeme"
key = "[email protected] AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDFeiGuhMVEvVcRI8/yb1U6SkdNnv4OaBlfbcEWkKhafAAAABHNzaDo="
groups = ["wheel"]
groups = ["wheel", "admins"]
18 changes: 12 additions & 6 deletions hack/bib-iso-config.toml
Original file line number Diff line number Diff line change
@@ -1,7 +1,13 @@
# TODO: sort out a proper config
# possibly use firstboot --reconfigure
# possibly look into auto encrypting disk: https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#autopart
# additional bootloader options: https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#bootloader
# additional btrfs options: https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#btrfs
# use kecec option for reboot? https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#reboot
# is eula --agreed needed? https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#eula
[customizations.installer.kickstart]
contents = """
graphical --noninteractive
graphical --non-interactive
zerombr
clearpart --all --initlabel --disklabel=gpt
autopart --noswap --type btrfs
Expand All @@ -11,8 +17,8 @@ firstboot --enable
reboot
"""

# [customizations.installer.modules]
# enable = [
# "org.fedoraproject.Anaconda.Modules.Localization",
# "org.fedoraproject.Anaconda.Modules.Users"
# ]
[customizations.installer.modules]
enable = [
"org.fedoraproject.Anaconda.Modules.Localization",
"org.fedoraproject.Anaconda.Modules.Timezone"
]
Loading

0 comments on commit 80014c5

Please sign in to comment.