Add extra support for framework 13 laptops; sync some files with ublue-os/startingpoint

Containerfile.cp

@@ -31,6 +31,15 @@ COPY ${USR_DIR}/ /usr
 # Copy the recipe that we're building.
 COPY ${RECIPE} /usr/share/ublue-os/recipe.yml
 
+# Copy nix install script and Universal Blue wallpapers RPM from Bling image
+COPY --from=ghcr.io/ublue-os/bling:latest /rpms/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm
+
+# Integrate bling justfiles onto image
+COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/share/ublue-os/just /usr/share/ublue-os/just
+
+# Add nix installer if you want to use it
+COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/bin/ublue-nix* /usr/bin
+
 # "yq" used in build.sh and the "setup-flatpaks" just-action to read recipe.yml.
 # Copied from the official container image since it's not available as an RPM.
 COPY --from=docker.io/mikefarah/yq /usr/bin/yq /usr/bin/yq
@@ -39,7 +48,8 @@ COPY --from=docker.io/mikefarah/yq /usr/bin/yq /usr/bin/yq
 COPY scripts /tmp/scripts
 
 # Run the build script, then clean up temp files and finalize container build.
-RUN chmod +x /tmp/scripts/build.sh && \
+RUN rpm-ostree install /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm && \
+        chmod +x /tmp/scripts/build.sh && \
         /tmp/scripts/build.sh && \
         rm -rf /tmp/* /var/* && \
         ostree container commit

Containerfile.jp

@@ -31,6 +31,15 @@ COPY ${USR_DIR}/ /usr
 # Copy the recipe that we're building.
 COPY ${RECIPE} /usr/share/ublue-os/recipe.yml
 
+# Copy nix install script and Universal Blue wallpapers RPM from Bling image
+COPY --from=ghcr.io/ublue-os/bling:latest /rpms/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm
+
+# Integrate bling justfiles onto image
+COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/share/ublue-os/just /usr/share/ublue-os/just
+
+# Add nix installer if you want to use it
+COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/bin/ublue-nix* /usr/bin
+
 # "yq" used in build.sh and the "setup-flatpaks" just-action to read recipe.yml.
 # Copied from the official container image since it's not available as an RPM.
 COPY --from=docker.io/mikefarah/yq /usr/bin/yq /usr/bin/yq
@@ -47,7 +56,8 @@ COPY --from=registry.gitlab.com/wunker-bunker/xboxdrv-docker /usr/local/share/ma
 COPY scripts /tmp/scripts
 
 # Run the build script, then clean up temp files and finalize container build.
-RUN chmod +x /tmp/scripts/build.sh && \
+RUN rpm-ostree install /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm && \
+        chmod +x /tmp/scripts/build.sh && \
         /tmp/scripts/build.sh && \
         rm -rf /tmp/* /var/* && \
         ostree container commit

recipe-cp.yml

@@ -7,6 +7,7 @@ scripts:
     - autorun.sh
   post:
     - autorun.sh
+    - setup-framework-13.sh
 rpm:
   # A list of urls of ".repo" files that should be added to your system.
   # This is the proper way to add custom COPR repos to your image.

recipe-framework-13.yml

@@ -11,6 +11,7 @@ scripts:
   post:
     - autorun.sh
     - setup-selinux-dockersock.sh
+    - setup-framework-13.sh
 rpm:
   # A list of urls of ".repo" files that should be added to your system.
   # This is the proper way to add custom COPR repos to your image.

scripts/setup-framework-13.sh

@@ -0,0 +1,198 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+echo "Installing fprintd service"
+
+mkdir -p /usr/etc/systemd/system/
+
+cat <<EOL >/usr/etc/systemd/system/fprintd.service
+[Unit]
+Description=Fingerprint Authentication Daemon
+Documentation=man:fprintd(1)
+
+[Service]
+Type=dbus
+BusName=net.reactivated.Fprint
+ExecStart=/usr/libexec/fprintd
+
+# Filesystem lockdown
+ProtectSystem=strict
+ProtectKernelTunables=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+# This always corresponds to /var/lib/fprint
+StateDirectory=fprint
+StateDirectoryMode=0700
+ProtectHome=true
+PrivateTmp=true
+
+SystemCallFilter=@system-service
+
+# Network
+RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK
+
+# Execute Mappings
+MemoryDenyWriteExecute=true
+
+# Modules
+ProtectKernelModules=true
+
+# Real-time
+RestrictRealtime=true
+
+# Privilege escalation
+NoNewPrivileges=true
+
+# Protect clock, allow USB and SPI device access
+ProtectClock=yes
+DeviceAllow=char-usb_device rw
+DeviceAllow=char-spi rw
+DeviceAllow=char-hidraw rw
+
+# Allow tuning USB parameters (wakeup and persist)
+ReadWritePaths=/sys/devices
+
+[Install]
+WantedBy=multi-user.target
+EOL
+
+echo "Installing tlp config"
+
+mkdir -p /usr/etc/tlp.d/
+
+cat <<EOL >/usr/etc/tlp.d/50-framework.conf
+# ------------------------------------------------------------------------------
+# /etc/tlp.conf - TLP user configuration (version 1.4)
+# See full explanation: https://linrunner.de/tlp/settings
+#
+# Settings are read in the following order:
+#
+# 1. Intrinsic defaults
+# 2. /etc/tlp.d/*.conf - Drop-in customization snippets
+# 3. /etc/tlp.conf     - User configuration (this file)
+#
+# Notes:
+# - In case of identical parameters, the last occurence has precedence
+# - This also means, parameters enabled here will override anything else
+# - However you may append values to a parameter already defined as intrinsic
+#   default or in a previously read file: use PARAMETER+="add values"
+# - IMPORTANT: all parameters here are disabled; remove the leading '#' if you
+#   like to enable a feature without default or have a value different from the
+#   default
+# - Default *: intrinsic default that is effective when the parameter is missing
+#     or disabled by a leading '#'; use PARAM="" to disable an intrinsic default
+# - Default <none>: do nothing or use kernel/hardware defaults
+# -
+# ------------------------------------------------------------------------------
+# tlp - Parameters for power saving
+#
+# Settings based on Framework's guidance: https://knowledgebase.frame.work/en_us/optimizing-fedora-battery-life-r1baXZh
+
+# Select a CPU frequency scaling governor.
+# Intel processor with intel_pstate driver:
+#   performance, powersave(*).
+# Intel processor with intel_cpufreq driver (aka intel_pstate passive mode):
+#   conservative, ondemand, userspace, powersave, performance, schedutil(*).
+# Intel and other processor brands with acpi-cpufreq driver:
+#   conservative, ondemand(*), userspace, powersave, performance, schedutil(*).
+# Use tlp-stat -p to show the active driver and available governors.
+# Important:
+#   Governors marked (*) above are power efficient for *almost all* workloads
+#   and therefore kernel and most distributions have chosen them as defaults.
+#   You should have done your research about advantages/disadvantages *before*
+#   changing the governor.
+# Default: <none>
+
+CPU_SCALING_GOVERNOR_ON_AC=performance
+CPU_SCALING_GOVERNOR_ON_BAT=powersave
+
+# Set Intel CPU energy/performance policies HWP.EPP and EPB:
+#   performance, balance_performance, default, balance_power, power.
+# Values are given in order of increasing power saving.
+# Notes:
+# - HWP.EPP: requires kernel 4.10, intel_pstate scaling driver and Intel Core i
+#   6th gen. or newer CPU
+# - EPB: requires kernel 5.2 or module msr and x86_energy_perf_policy from
+#   linux-tools, intel_pstate or intel_cpufreq scaling driver and Intel Core i
+#   2nd gen. or newer CPU
+# - When HWP.EPP is available, EPB is not set
+# Default: balance_performance (AC), balance_power (BAT)
+
+CPU_ENERGY_PERF_POLICY_ON_AC=performance
+CPU_ENERGY_PERF_POLICY_ON_BAT=power
+
+# Set Intel CPU P-state performance: 0..100 (%).
+# Limit the max/min P-state to control the power dissipation of the CPU.
+# Values are stated as a percentage of the available performance.
+# Requires intel_pstate or intel_cpufreq driver and Intel Core i 2nd gen. or
+# newer CPU.
+# Default: <none>
+
+CPU_MIN_PERF_ON_AC=0
+CPU_MAX_PERF_ON_AC=100
+CPU_MIN_PERF_ON_BAT=0
+CPU_MAX_PERF_ON_BAT=30
+
+# Set the CPU "turbo boost" (Intel) or "turbo core" (AMD) feature:
+#   0=disable, 1=allow.
+# Note: a value of 1 does *not* activate boosting, it just allows it.
+# Default: <none>
+
+CPU_BOOST_ON_AC=1
+CPU_BOOST_ON_BAT=0
+
+# Set the Intel CPU HWP dynamic boost feature:
+#   0=disable, 1=enable.
+# Requires intel_pstate scaling driver in 'active' mode and Intel Core i
+# 6th gen. or newer CPU.
+# Default: <none>
+
+CPU_HWP_DYN_BOOST_ON_AC=1
+CPU_HWP_DYN_BOOST_ON_BAT=0
+
+# Select platform profile:
+#   performance, balanced, low-power.
+# Controls system operating characteristics around power/performance levels,
+# thermal and fan speed. Values are given in order of increasing power saving.
+# Note: check the output of tlp-stat -p to determine availability on your
+# hardware and additional profiles such as: balanced-performance, quiet, cool.
+# Default: <none>
+
+PLATFORM_PROFILE_ON_AC=performance
+PLATFORM_PROFILE_ON_BAT=low-power
+
+# Set the min/max/turbo frequency for the Intel GPU.
+# Possible values depend on your hardware. For available frequencies see
+# the output of tlp-stat -g.
+# Default: <none>
+
+INTEL_GPU_MIN_FREQ_ON_AC=100
+INTEL_GPU_MIN_FREQ_ON_BAT=100
+INTEL_GPU_MAX_FREQ_ON_AC=1300
+INTEL_GPU_MAX_FREQ_ON_BAT=800
+INTEL_GPU_BOOST_FREQ_ON_AC=1300
+INTEL_GPU_BOOST_FREQ_ON_BAT=1100
+
+# Wi-Fi power saving mode: on=enable, off=disable.
+# Default: off (AC), on (BAT)
+
+#WIFI_PWR_ON_AC=off
+WIFI_PWR_ON_BAT=off
+
+# PCIe Active State Power Management (ASPM):
+#   default(*), performance, powersave, powersupersave.
+# (*) keeps BIOS ASPM defaults (recommended)
+# Default: <none>
+
+#PCIE_ASPM_ON_AC=default
+PCIE_ASPM_ON_BAT=powersupersave
+
+# Exclude PCIe devices assigned to the listed drivers from Runtime PM.
+# Note: this preserves the kernel driver default, to force a certain state
+# use RUNTIME_PM_ENABLE/DISABLE instead.
+# Separate multiple drivers with spaces.
+# Default: "mei_me nouveau radeon", use "" to disable completely.
+
+RUNTIME_PM_DRIVER_DENYLIST=""
+EOL

usr-cp/etc/tlp.conf

@@ -1 +0,0 @@
-PCIE_ASPM_ON_BAT=powersupersave

usr-jp/etc/distrobox/distrobox.ini

@@ -0,0 +1,15 @@
+[ubuntu]
+image=ghcr.io/ublue-os/ubuntu-toolbox:latest
+init=false
+nvidia=false
+pull=true
+root=false
+replace=true
+
+[fedora]
+image=registry.fedoraproject.org/fedora-toolbox:latest
+init=false
+nvidia=false
+pull=true
+root=false
+replace=true

usr-jp/etc/tlp.conf

@@ -1 +0,0 @@
-PCIE_ASPM_ON_BAT=powersupersave

usr/share/ublue-os/just/custom.just

@@ -1,3 +1,6 @@
+!include /usr/share/ublue-os/just/bling.just
+
+# Install all flatpaks defined in recipe.yml
 setup-flatpaks:
   #!/usr/bin/env bash
   echo 'Installing flatpaks from the ublue recipe ...'
@@ -7,26 +10,4 @@ setup-flatpaks:
       flatpak install --user --noninteractive flathub $pkg; \
   done
 
-setup-gaming:
+# Include some of your custom scripts here!
-  echo 'Setting up gaming experience ... lock and load.'
-  flatpak install -y --user \\
-  com.discordapp.Discord \\
-  com.feaneron.Boatswain \\
-  org.freedesktop.Platform.VulkanLayer.MangoHud//22.08 \\
-  org.freedesktop.Platform.VulkanLayer.OBSVkCapture//22.08 \\
-  org.freedesktop.Platform.VulkanLayer.vkBasalt//22.08 \\
-  com.heroicgameslauncher.hgl \\
-  com.obsproject.Studio \\
-  com.obsproject.Studio.Plugin.OBSVkCapture \\
-  com.obsproject.Studio.Plugin.Gstreamer \\
-  com.usebottles.bottles \\
-  com.valvesoftware.Steam \\
-  com.valvesoftware.Steam.Utility.gamescope \\
-  net.davidotek.pupgui2
-  flatpak override com.usebottles.bottles --user --filesystem=xdg-data/applications 
-  flatpak override --user --env=MANGOHUD=1 com.valvesoftware.Steam 
-  flatpak override --user --env=MANGOHUD=1 com.heroicgameslauncher.hgl 
-
-nix-me-up:
-  echo 'Setting phasers to kill. Installing nix.'
-  /usr/bin/ublue-nix-install