diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 0000000..dffa7a4 --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,53 @@ +name: Build Ostree Container Image + +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. + +on: + schedule: + - cron: '00 9 * * 1' + push: + branches: [ '*' ] + +env: + # Use docker.io for Docker Hub if empty + REGISTRY: ghcr.io + # github.repository as / + IMAGE_NAME: ${{ github.repository }} + +jobs: + build: + runs-on: ubuntu-latest + container: + image: fedora:latest + options: --privileged + permissions: + contents: read + packages: write + id-token: write + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Build + env: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + image: ${{ env.IMAGE_NAME }} + tag: ${{ github.ref_name }} + composefile: server.yaml + run: | + dnf -y install rpm-ostree skopeo selinux-policy-targeted + skopeo login -u $username -p $password $registry + mkdir -p repo cache + ostree init --repo=repo --mode=archive + rpm-ostree compose image --initialize-mode=if-not-exists \ + --format registry --layer-repo repo --cachedir=cache \ + $composefile \ + $registry/$image:$tag + + \ No newline at end of file diff --git a/server.yaml b/server.yaml new file mode 100644 index 0000000..bebb938 --- /dev/null +++ b/server.yaml @@ -0,0 +1,222 @@ +include: + - fedora-common-ostree.yaml +ref: fedora/40/${basearch}/karuboniru-server + +repos: + - fedora-40 + - fedora-40-updates + +packages: + - NetworkManager-bluetooth + - NetworkManager-l2tp + - NetworkManager-libreswan + - NetworkManager-openconnect + - NetworkManager-vpnc + - NetworkManager-wifi + - abattis-cantarell-fonts + - acl + - alsa-sof-firmware + - apcupsd + - appstream-data + - attr + - bash-color-prompt + - bat + - bear + - bind-utils + - boost-devel + - bootc + - borgbackup + - buildah + - certbot + - checksec + - chrony + - cifs-utils + - cifs-utils-info + - clang + - clang-tools-extra + - cmake + - cmake-data + - cockpit + - cockpit-kdump + - cockpit-machines + - cockpit-navigator + - cockpit-pcp + - cockpit-podman + - cockpit-selinux + - compsize + - conntrack-tools + - copr-cli + - default-editor + - dhcp-client + - dos2unix + - dracut-config-rescue + - efibootmgr + - eigen3-devel + - firewalld + - flexiblas-openblas-serial + - flexiblas-openblas-serial64 + - flexiblas-openblas-threads + - flexiblas-openblas-threads64 + - fpaste + - fwupd + - fwupd-plugin-flashrom + - fwupd-plugin-modem-manager + - fwupd-plugin-uefi-capsule-data + - fzf + - gawk-all-langpacks + - gcc-gdb-plugin + - gcc-gfortran + - gdb + - ghostscript + - ghostscript-tools-fonts + - ghostscript-tools-printing + - git + - perl-Git + - glances + - gnome-keyring + - grub2-tools-efi + - grub2-tools-extra + - gsl-devel + - gstreamer1-plugins-bad-free-libs + - hdparm + - htop + - hunspell-en + - iotop + - iperf3 + - ipmitool + - iptraf-ng + - iptstate + - irqbalance + - iwlegacy-firmware + - iwlwifi-dvm-firmware + - iwlwifi-mvm-firmware + - jwhois + - kernel + - kernel + - kernel + - kernel-modules-extra + - kernel-modules-extra + - kernel-modules-extra + - kernel-tools + - langpacks-zh_CN + - lhapdf-devel + - libXext-devel + - libXft-devel + - libXpm-devel + - libasan + - libdovi + - libertas-firmware + - libnsl2-devel + - libtool + - libubsan + - liburing-devel + - lm_sensors + - log4cpp-devel + - lsof + - ltrace + - man-pages + - man-pages-zh-CN + - mcelog + - microcode_ctl + - mtr + - net-tools + - nginx-mod-stream + - ninja-build + - nmap + - ntfs2btrfs + - numactl + - nvme-cli + - openblas-devel + - opensc + - openssh-server + - openssl-devel + - p7zip + - pandoc + - passwdqc + - patchutils + - pciutils + - perf + - perl-FindBin + - perl-Unicode-Normalize + - perl-YAML-Tiny + - perl-sigtrap + - pipewire-alsa + - pipewire-pulseaudio + - plymouth + - plymouth-scripts + - podman-docker + - podman-plugins + - powertop + - pythia8-devel + - python3-certbot-dns-cloudflare + - python3-pwntools + - python3-rangehttpserver + - python3-root + - qemu-kvm + - radvd + - rclone + - remove-retired-packages + - root-genvector + - root-geom + - root-gui-webgui6 + - root-hist-factory + - root-minuit2 + - root-montecarlo-pythia8 + - root-netx + - root-roofit-more + - root-smatrix + - root-spectrum + - root-tutorial + - root-unfold + - rootfiles + - rpm-ostree + - rust2rpm + - samba-client + - setools-console + - setserial + - shim-x64 + - smartmontools + - softnet-stat + - sssd-kcm + - strace + - stress + - sudo + - sudo-python-plugin + - systemd-oomd-defaults + - systemd-container + - targetcli + - tbb-devel + - tcpdump + - time + - tmux + - toolbox + - tpm2-pkcs11 + - tpm2-pkcs11-tools + - traceroute + - tree + - udica + - unar + - usb_modeswitch + - usb_modeswitch-data + - usbutils + - valgrind + - vim-minimal + - waypipe + - whois + - wireguard-tools + - wol + - words + - xorg-x11-xauth + - xrootd-client + - xrootd-voms + - zram-generator-defaults + - zsh + +postprocess: + - | + # Enable root login with simple password, to + # make sure user can get access after applying + # image + echo "root" | passwd --stdin root + mkdir -p /etc/ssh/sshd_config.d + echo "PasswordAuthentication no" > /etc/ssh/sshd_config.d/99-password-authentication.conf