Switch to my new Ublue CLI tool

2023-10-11 02:07:46 +00:00
parent 878266e242
commit 2fbff0035b
20 changed files with 99 additions and 388 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 .idea
 cosign.key
 Containerfile
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,6 +1,7 @@
 include:
  - project: "wunker-bunker/ci-pipelines"
    file: "/ublue-build.yml"
    ref: ublue-cli-pipeline
 .recipe-matrix:
  parallel:
@@ -8,6 +9,4 @@ include:
      - RECIPE:
          - recipe-desktop.yml
          - recipe-framework-13.yml
-        USER_NAME: jp
+          - recipe-cp.yml
      - RECIPE: recipe-cp.yml
        USER_NAME: cp
--- a/Containerfile.cp
+++ b/Containerfile.cp
@@ -1,55 +0,0 @@
 # This is the Containerfile for your custom image. 
 # It takes in the recipe, version, and base image as arguments,
 # all of which are provided by build.yml when doing builds
 # in the cloud. The ARGs have default values, but changing those
 # does nothing if the image is built in the cloud.
 ARG FEDORA_MAJOR_VERSION=38
 # Warning: changing this might not do anything for you. Read comment above.
 ARG BASE_IMAGE_URL=ghcr.io/ublue-os/cinnamon-main
 FROM ${BASE_IMAGE_URL}:${FEDORA_MAJOR_VERSION}
 ARG USER_NAME=cp
 ARG USER_DIR=usr-${USER_NAME}
 # The default recipe set to the recipe's default filename
 # so that `podman build` should just work for many people.
 ARG RECIPE=recipe-c.yml
 # Copy static configurations and component files.
 # Warning: If you want to place anything in "/etc" of the final image, you MUST
 # place them in "./usr/etc" in your repo, so that they're written to "/usr/etc"
 # on the final system. That is the proper directory for "system" configuration
 # templates on immutable Fedora distros, whereas the normal "/etc" is ONLY meant
 # for manual overrides and editing by the machine's admin AFTER installation!
 # See issue #28 (https://github.com/ublue-os/startingpoint/issues/28).
 COPY usr/ /usr
 COPY ${USER_DIR}/ /usr
 # Copy the recipe that we're building.
 COPY ${RECIPE} /usr/share/ublue-os/recipe.yml
 # Copy nix install script and Universal Blue wallpapers RPM from Bling image
 COPY --from=ghcr.io/ublue-os/bling:latest /rpms/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm
 # Integrate bling justfiles onto image
 COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/share/ublue-os/just /usr/share/ublue-os/just
 # Add nix installer if you want to use it
 COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/bin/ublue-nix* /usr/bin
 # "yq" used in build.sh and the "setup-flatpaks" just-action to read recipe.yml.
 # Copied from the official container image since it's not available as an RPM.
 COPY --from=docker.io/mikefarah/yq /usr/bin/yq /usr/bin/yq
 # Copy the build script and all custom scripts.
 COPY scripts /tmp/scripts
 # Run the build script, then clean up temp files and finalize container build.
 RUN rpm-ostree install /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm && \
        chmod +x /tmp/scripts/build.sh && \
        /tmp/scripts/build.sh && \
        rm -rf /tmp/* /var/* && \
        ostree container commit
--- a/Containerfile.jp
+++ b/Containerfile.jp
@@ -1,63 +0,0 @@
 # This is the Containerfile for your custom image. 
 # It takes in the recipe, version, and base image as arguments,
 # all of which are provided by build.yml when doing builds
 # in the cloud. The ARGs have default values, but changing those
 # does nothing if the image is built in the cloud.
 ARG FEDORA_MAJOR_VERSION=38
 # Warning: changing this might not do anything for you. Read comment above.
 ARG BASE_IMAGE_URL=ghcr.io/ublue-os/kinoite-main
 FROM ${BASE_IMAGE_URL}:${FEDORA_MAJOR_VERSION}
 ARG USER_NAME=jp
 ARG USER_DIR=usr-${USER_NAME}
 # The default recipe set to the recipe's default filename
 # so that `podman build` should just work for many people.
 ARG RECIPE=recipe-framework-13.yml
 # Copy static configurations and component files.
 # Warning: If you want to place anything in "/etc" of the final image, you MUST
 # place them in "./usr/etc" in your repo, so that they're written to "/usr/etc"
 # on the final system. That is the proper directory for "system" configuration
 # templates on immutable Fedora distros, whereas the normal "/etc" is ONLY meant
 # for manual overrides and editing by the machine's admin AFTER installation!
 # See issue #28 (https://github.com/ublue-os/startingpoint/issues/28).
 COPY usr/ /usr
 COPY ${USER_DIR}/ /usr
 # Copy the recipe that we're building.
 COPY ${RECIPE} /usr/share/ublue-os/recipe.yml
 # Copy nix install script and Universal Blue wallpapers RPM from Bling image
 COPY --from=ghcr.io/ublue-os/bling:latest /rpms/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm
 # Integrate bling justfiles onto image
 COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/share/ublue-os/just /usr/share/ublue-os/just
 # Add nix installer if you want to use it
 COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/bin/ublue-nix* /usr/bin
 # "yq" used in build.sh and the "setup-flatpaks" just-action to read recipe.yml.
 # Copied from the official container image since it's not available as an RPM.
 COPY --from=docker.io/mikefarah/yq /usr/bin/yq /usr/bin/yq
 # Install cosign for verifying signatures for images.
 COPY --from=gcr.io/projectsigstore/cosign /ko-app/cosign /usr/bin/cosign
 # Install xboxdrv for the Xbox 360 controller.
 COPY --from=registry.gitlab.com/wunker-bunker/xboxdrv-docker /usr/local/bin/xboxdrv /usr/bin/xboxdrv
 COPY --from=registry.gitlab.com/wunker-bunker/xboxdrv-docker /usr/local/bin/xboxdrvctl /usr/bin/xboxdrvctl
 COPY --from=registry.gitlab.com/wunker-bunker/xboxdrv-docker /usr/local/share/man/man1/xboxdrv.1 /usr/share/man/man1/xboxdrv.1
 # Copy the build script and all custom scripts.
 COPY scripts /tmp/scripts
 # Run the build script, then clean up temp files and finalize container build.
 RUN rpm-ostree install /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm && \
        chmod +x /tmp/scripts/build.sh && \
        /tmp/scripts/build.sh && \
        rm -rf /tmp/* /var/* && \
        ostree container commit
--- a/containerfiles/xboxdrv
+++ b/containerfiles/xboxdrv
@@ -0,0 +1,3 @@
 COPY --from=registry.gitlab.com/wunker-bunker/xboxdrv-docker /usr/local/bin/xboxdrv /usr/bin/xboxdrv
 COPY --from=registry.gitlab.com/wunker-bunker/xboxdrv-docker /usr/local/bin/xboxdrvctl /usr/bin/xboxdrvctl
 COPY --from=registry.gitlab.com/wunker-bunker/xboxdrv-docker /usr/local/share/man/man1/xboxdrv.1 /usr/share/man/man1/xboxdrv.1
--- a/recipe-cp.yml
+++ b/recipe-cp.yml
@@ -1,20 +1,19 @@
-name: laptop
+name: cp-laptop
 base-image: ghcr.io/ublue-os/cinnamon-main
 fedora-version: 38
-description: The image of Wunker OS for a regular Cinnaomon user.
+description: The image of Wunker OS for CP's laptop.
-scripts:
+usr-dirs:
-  pre:
+  - usr-framework
-    - autorun.sh
+# scripts:
-  post:
+#   pre: []
-    - autorun.sh
+#   post: []
    - setup-framework-13.sh
 rpm:
  # A list of urls of ".repo" files that should be added to your system.
  # This is the proper way to add custom COPR repos to your image.
  # Tip: Use `%FEDORA_VERSION%` instead of static Fedora version numbers,
  # so that your repos automatically use your image's actual Fedora version,
  # which greatly simplifies future maintenance of your custom recipe.
-  repos: []
+  # repos: []
  install:
    # Needed for yafti (the first boot installer). Remove if you're not using yafti.
    - python3-pip
@@ -28,12 +27,10 @@ rpm:
    - fprintd-pam
    - tlp
    - powertop
-  remove: []
+  # remove: []
 firstboot:
-  yafti: false
+  yafti: true
  flatpaks:
    - io.github.celluloid_player.Celluloid
    - org.kde.
    - com.discordapp.Discord
    - com.nextcloud.desktopclient.nextcloud
    - com.google.Chrome
--- a/recipe-desktop.yml
+++ b/recipe-desktop.yml
@@ -1,17 +1,22 @@
-name: desktop
+name: jp-desktop
 base-image: ghcr.io/ublue-os/kinoite-nvidia
 fedora-version: 38
-description: The image of Wunker OS for an Nvidia based desktop meant for gaming.
+description: The image of Wunker OS for JP's desktop.
 usr-dir-overlays:
  - usr-distrobox
  - usr-8bitdo-ultimate
  - usr-steam-firewall
  - usr-desktop-audio
 containerfiles:
  pre:
    - xboxdrv
 scripts:
  pre:
    - autorun.sh
    - install-syncthing.sh
    - setup-kubectl.sh
    - setup-vscode.sh
  post:
    - setup-selinux-dockersock.sh
    - autorun.sh
    - setup-desktop-audio.sh
    - install-codelldb.sh
 rpm:
  # A list of urls of ".repo" files that should be added to your system.
@@ -47,7 +52,7 @@ rpm:
    - ripgrep
    - helix
    - tailscale
-    - alacritty
+    - strawberry
  remove:
    # Remove the native firefox (from Fedora) in favor of the Flatpak.
    - firefox
--- a/recipe-framework-13.yml
+++ b/recipe-framework-13.yml
@@ -1,17 +1,17 @@
-name: framework-13
+name: jp-laptop
 base-image: ghcr.io/ublue-os/kinoite-main
 fedora-version: 38
-description: The image of Wunker OS for a Framework laptop.
+description: The image of Wunker OS for JP's Laptop.
 usr-dir-overlays:
  - usr-distrobox
  - usr-framework
 scripts:
  pre:
    - autorun.sh
    - install-syncthing.sh
    - setup-kubectl.sh
    - setup-vscode.sh
  post:
    - setup-selinux-dockersock.sh
    - autorun.sh
    - setup-framework-13.sh
    - install-codelldb.sh
 rpm:
  # A list of urls of ".repo" files that should be added to your system.
@@ -50,6 +50,7 @@ rpm:
    - neovim
    - ripgrep
    - helix
    - strawberry
    - tailscale
    - alacritty
  remove:
--- a/scripts/autorun.sh
+++ b/scripts/autorun.sh
@@ -1,48 +0,0 @@
 #!/usr/bin/env bash
 # Tell this script to exit if there are any errors.
 set -oue pipefail
 #
 # AUTORUN:
 #
 # This script simplifies your "recipe.yml" management whenever you simply want
 # to "run everything automatically" based on whatever script files exist on disk.
 #
 # Helper functions.
 yell() { echo "${0}: ${*}"; }
 abort() { yell "${*}"; exit 0; }
 die() { yell "${*}"; exit 1; }
 # Determine which directory and script category we're executing under.
 SCRIPT_DIR="$(dirname -- "${BASH_SOURCE[0]}")"
 SCRIPT_MODE="${1:-}"
 if [[ -z "${SCRIPT_MODE}" ]]; then
    die "Missing script mode argument."
 fi
 # Ensure that a "scripts/" sub-directory exists for the "script category".
 # Note that symlinks to other directories will be accepted by the `-d` check.
 RUN_DIR="${SCRIPT_DIR}/${SCRIPT_MODE}"
 if [[ ! -d "${RUN_DIR}" ]]; then
    abort "Nothing to do, since \"${RUN_DIR}\" doesn't exist."
 fi
 # Generate a numerically sorted array of all scripts (or symlinks to scripts),
 # without traversing into deeper subdirectories (to allow the user to store
 # helper libraries in subfolders without accidental execution). Sorting is
 # necessary for manually controlling the execution order via numeric prefixes.
 mapfile -t buildscripts < <(find -L "${RUN_DIR}" -maxdepth 1 -type f -name "*.sh" | sort -n)
 # Exit if there aren't any scripts in the directory.
 if [[ ${#buildscripts[@]} -eq 0 ]]; then
    abort "Nothing to do, since \"${RUN_DIR}\" doesn't contain any scripts in its top-level directory."
 fi
 # Now simply execute all of the discovered scripts, and provide the name of the
 # current "script category" as an argument, to match the behavior of "build.sh".
 for script in "${buildscripts[@]}"; do
    echo "[autorun.sh] Running [${SCRIPT_MODE}]: ${script}"
    "$script" "${SCRIPT_MODE}"
 done
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -1,109 +0,0 @@
 #!/usr/bin/env bash
 # Tell build process to exit if there are any errors.
 set -oue pipefail
 # Helper functions.
 RECIPE_FILE="/usr/share/ublue-os/recipe.yml"
 get_yaml_array() {
    mapfile -t "${1}" < <(yq -- "${2}" "${RECIPE_FILE}")
 }
 get_yaml_string() {
    yq -- "${1}" "${RECIPE_FILE}"
 }
 # Automatically determine which Fedora version we're building.
 FEDORA_VERSION="$(cat /usr/lib/os-release | grep -Po '(?<=VERSION_ID=)\d+')"
 # Read configuration variables.
 BASE_IMAGE="$(get_yaml_string '.base-image')"
 YAFTI_ENABLED="$(get_yaml_string '.firstboot.yafti')"
 # Welcome.
 echo "Building custom Fedora ${FEDORA_VERSION} from image: \"${BASE_IMAGE}\"."
 # Add custom repos.
 get_yaml_array repos '.rpm.repos[]'
 if [[ ${#repos[@]} -gt 0 ]]; then
    echo "-- Adding repos defined in recipe.yml --"
    for repo in "${repos[@]}"; do
        repo="${repo//%FEDORA_VERSION%/${FEDORA_VERSION}}"
        wget "${repo}" -P "/etc/yum.repos.d/"
    done
    echo "---"
 fi
 # Ensure that all script files are executable.
 find /tmp/scripts -type f -exec chmod +x {} \;
 # Run "pre" scripts.
 run_scripts() {
    script_mode="$1"
    get_yaml_array buildscripts ".scripts.${script_mode}[]"
    if [[ ${#buildscripts[@]} -gt 0 ]]; then
        echo "-- Running [${script_mode}] scripts defined in recipe.yml --"
        for script in "${buildscripts[@]}"; do
            echo "Running [${script_mode}]: ${script}"
            "/tmp/scripts/${script}" "${script_mode}"
        done
        echo "---"
    fi
 }
 run_scripts "pre"
 # Install RPMs.
 get_yaml_array install_rpms '.rpm.install[]'
 if [[ ${#install_rpms[@]} -gt 0 ]]; then
    echo "-- Installing RPMs defined in recipe.yml --"
    echo "Installing: ${install_rpms[@]}"
    rpm-ostree install "${install_rpms[@]}"
    echo "---"
 fi
 # Remove RPMs.
 get_yaml_array remove_rpms '.rpm.remove[]'
 if [[ ${#remove_rpms[@]} -gt 0 ]]; then
    echo "-- Removing RPMs defined in recipe.yml --"
    echo "Removing: ${remove_rpms[@]}"
    rpm-ostree override remove "${remove_rpms[@]}"
    echo "---"
 fi
 # Toggle yafti, which provides the "first boot" experience, https://github.com/ublue-os/yafti.
 FIRSTBOOT_DATA="/usr/share/ublue-os/firstboot"
 FIRSTBOOT_LINK="/usr/etc/profile.d/ublue-firstboot.sh"
 if [[ "${YAFTI_ENABLED}" == "true" ]]; then
    echo "-- firstboot: Installing and enabling \"yafti\" --"
    pip install --prefix=/usr yafti
    # Create symlink to our profile script, which creates the per-user "autorun yafti" links.
    mkdir -p "$(dirname "${FIRSTBOOT_LINK}")"
    ln -s "${FIRSTBOOT_DATA}/launcher/login-profile.sh" "${FIRSTBOOT_LINK}"
 else
    echo "-- firstboot: Removing all \"firstboot\" components --"
    # Removes the script symlink that creates the per-user autostart symlinks.
    # We must forcibly remove this here, in case it was added by an upstream image.
    rm -f "${FIRSTBOOT_LINK}"
    # Remove all of the launcher-scripts and yafti config, to de-clutter image and
    # ensure it can't run by accident due to lingering symlinks or upstream image.
    rm -rf "${FIRSTBOOT_DATA}"
 fi
 # Add a new yafti "package group" called Custom, for the packages defined in recipe.yml.
 # Only adds the package group if yafti is enabled and Flatpaks are defined in the recipe.
 if [[ "${YAFTI_ENABLED}" == "true" ]]; then
    YAFTI_FILE="${FIRSTBOOT_DATA}/yafti.yml"
    get_yaml_array flatpaks '.firstboot.flatpaks[]'
    if [[ ${#flatpaks[@]} -gt 0 ]]; then
        echo "-- yafti: Adding Flatpaks defined in recipe.yml --"
        yq -i '.screens.applications.values.groups.Custom.description = "Flatpaks suggested by the image maintainer."' "${YAFTI_FILE}"
        yq -i '.screens.applications.values.groups.Custom.default = true' "${YAFTI_FILE}"
        for pkg in "${flatpaks[@]}"; do
            echo "Adding to yafti: ${pkg}"
            yq -i ".screens.applications.values.groups.Custom.packages += [{\"${pkg}\": \"${pkg}\"}]" "${YAFTI_FILE}"
        done
        echo "---"
    fi
 fi
 # Run "post" scripts.
 run_scripts "post"
--- a/scripts/setup-desktop-audio.sh
+++ b/scripts/setup-desktop-audio.sh
@@ -1,21 +0,0 @@
 #!/usr/bin/env bash
 set -euo pipefail
 echo "# This file was added by the program 'hda-jack-retask'.
 # If you want to revert the changes made by this program, you can simply erase this file and reboot your computer.
 options snd-hda-intel patch=hda-jack-retask.fw,hda-jack-retask.fw,hda-jack-retask.fw,hda-jack-retask.fw" > /etc/modprobe.d/hda-jack-retask.conf
 echo "[codec]
 0x10ec0b00 0x10438797 0
 [pincfg]
 0x11 0x411111f0
 0x14 0x01014010
 0x15 0x01011012
 0x16 0x01016011
 0x17 0x40170000
 0x18 0x01a19050
 0x19 0x02a19060
 0x1a 0x0181305f
 0x1b 0x01014010
 0x1e 0x01456140" > /lib/firmware/hda-jack-retask.fw
--- a/usr-8bitdo-ultimate/etc/udev/rules.d/99-8bitdo-ultimate-xinput.rules
+++ b/usr-8bitdo-ultimate/etc/udev/rules.d/99-8bitdo-ultimate-xinput.rules
--- a/usr-8bitdo-ultimate/lib/systemd/system/8bitdo-ultimate-xinput@.service
+++ b/usr-8bitdo-ultimate/lib/systemd/system/8bitdo-ultimate-xinput@.service
--- a/usr-cp/.gitkeep
+++ b/usr-cp/.gitkeep
--- a/usr-desktop-audio/etc/modprobe.d/hda-jack-retaks.conf
+++ b/usr-desktop-audio/etc/modprobe.d/hda-jack-retaks.conf
@@ -0,0 +1,3 @@
 # This file was added by the program 'hda-jack-retask'.
 # If you want to revert the changes made by this program, you can simply erase this file and reboot your computer.
 options snd-hda-intel patch=hda-jack-retask.fw,hda-jack-retask.fw,hda-jack-retask.fw,hda-jack-retask.fw
--- a/usr-desktop-audio/lib/firmware/hda-jack-retask.fw
+++ b/usr-desktop-audio/lib/firmware/hda-jack-retask.fw
@@ -0,0 +1,14 @@
 [codec]
 0x10ec0b00 0x10438797 0
 [pincfg]
 0x11 0x411111f0
 0x14 0x01014010
 0x15 0x01011012
 0x16 0x01016011
 0x17 0x40170000
 0x18 0x01a19050
 0x19 0x02a19060
 0x1a 0x0181305f
 0x1b 0x01014010
 0x1e 0x01456140
--- a/usr-distrobox/etc/distrobox/distrobox.ini
+++ b/usr-distrobox/etc/distrobox/distrobox.ini
--- a/usr-framework/etc/systemd/system/frpintd.service
+++ b/usr-framework/etc/systemd/system/frpintd.service
@@ -0,0 +1,48 @@
 [Unit]
 Description=Fingerprint Authentication Daemon
 Documentation=man:fprintd(1)
 [Service]
 Type=dbus
 BusName=net.reactivated.Fprint
 ExecStart=/usr/libexec/fprintd
 # Filesystem lockdown
 ProtectSystem=strict
 ProtectKernelTunables=true
 ProtectKernelLogs=true
 ProtectControlGroups=true
 # This always corresponds to /var/lib/fprint
 StateDirectory=fprint
 StateDirectoryMode=0700
 ProtectHome=true
 PrivateTmp=true
 SystemCallFilter=@system-service
 # Network
 RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK
 # Execute Mappings
 MemoryDenyWriteExecute=true
 # Modules
 ProtectKernelModules=true
 # Real-time
 RestrictRealtime=true
 # Privilege escalation
 NoNewPrivileges=true
 # Protect clock, allow USB and SPI device access
 ProtectClock=yes
 DeviceAllow=char-usb_device rw
 DeviceAllow=char-spi rw
 DeviceAllow=char-hidraw rw
 # Allow tuning USB parameters (wakeup and persist)
 ReadWritePaths=/sys/devices
 [Install]
 WantedBy=multi-user.target
--- a/usr-framework/etc/tlp.d/50-framework.conf
+++ b/usr-framework/etc/tlp.d/50-framework.conf
@@ -1,67 +1,3 @@
 #!/usr/bin/env bash
 set -euo pipefail
 echo "Installing fprintd service"
 mkdir -p /usr/etc/systemd/system/
 cat <<EOL >/usr/etc/systemd/system/fprintd.service
 [Unit]
 Description=Fingerprint Authentication Daemon
 Documentation=man:fprintd(1)
 [Service]
 Type=dbus
 BusName=net.reactivated.Fprint
 ExecStart=/usr/libexec/fprintd
 # Filesystem lockdown
 ProtectSystem=strict
 ProtectKernelTunables=true
 ProtectKernelLogs=true
 ProtectControlGroups=true
 # This always corresponds to /var/lib/fprint
 StateDirectory=fprint
 StateDirectoryMode=0700
 ProtectHome=true
 PrivateTmp=true
 SystemCallFilter=@system-service
 # Network
 RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK
 # Execute Mappings
 MemoryDenyWriteExecute=true
 # Modules
 ProtectKernelModules=true
 # Real-time
 RestrictRealtime=true
 # Privilege escalation
 NoNewPrivileges=true
 # Protect clock, allow USB and SPI device access
 ProtectClock=yes
 DeviceAllow=char-usb_device rw
 DeviceAllow=char-spi rw
 DeviceAllow=char-hidraw rw
 # Allow tuning USB parameters (wakeup and persist)
 ReadWritePaths=/sys/devices
 [Install]
 WantedBy=multi-user.target
 EOL
 echo "Installing tlp config"
 mkdir -p /usr/etc/tlp.d/
 cat <<EOL >/usr/etc/tlp.d/50-framework.conf
 # ------------------------------------------------------------------------------
 # /etc/tlp.conf - TLP user configuration (version 1.4)
 # See full explanation: https://linrunner.de/tlp/settings
@@ -195,4 +131,4 @@ PCIE_ASPM_ON_BAT=powersupersave
 # Default: "mei_me nouveau radeon", use "" to disable completely.
 RUNTIME_PM_DRIVER_DENYLIST=""
-EOL
+
--- a/usr-steam-firewall/etc/firewalld/services/steam-local-transfer.xml
+++ b/usr-steam-firewall/etc/firewalld/services/steam-local-transfer.xml