Merge branch 'ublue-cli' into 'main'

Switch to my new Ublue CLI tool

See merge request wunker-bunker/wunker-os!1

.gitignore

@@ -1,2 +1,3 @@
 .idea
 cosign.key
+Containerfile

.gitlab-ci.yml

@@ -1,6 +1,7 @@
 include:
   - project: "wunker-bunker/ci-pipelines"
     file: "/ublue-build.yml"
+    ref: ublue-cli-pipeline
 
 .recipe-matrix:
   parallel:
@@ -8,6 +9,4 @@ include:
       - RECIPE:
           - recipe-desktop.yml
           - recipe-framework-13.yml
-        USER_NAME: jp
-      - RECIPE: recipe-cp.yml
-        USER_NAME: cp
+          - recipe-cp.yml

Containerfile.cp

@@ -1,55 +0,0 @@
-# This is the Containerfile for your custom image. 
-
-# It takes in the recipe, version, and base image as arguments,
-# all of which are provided by build.yml when doing builds
-# in the cloud. The ARGs have default values, but changing those
-# does nothing if the image is built in the cloud.
-
-ARG FEDORA_MAJOR_VERSION=38
-# Warning: changing this might not do anything for you. Read comment above.
-ARG BASE_IMAGE_URL=ghcr.io/ublue-os/cinnamon-main
-
-FROM ${BASE_IMAGE_URL}:${FEDORA_MAJOR_VERSION}
-
-ARG USER_NAME=cp
-ARG USER_DIR=usr-${USER_NAME}
-
-# The default recipe set to the recipe's default filename
-# so that `podman build` should just work for many people.
-ARG RECIPE=recipe-c.yml
-
-# Copy static configurations and component files.
-# Warning: If you want to place anything in "/etc" of the final image, you MUST
-# place them in "./usr/etc" in your repo, so that they're written to "/usr/etc"
-# on the final system. That is the proper directory for "system" configuration
-# templates on immutable Fedora distros, whereas the normal "/etc" is ONLY meant
-# for manual overrides and editing by the machine's admin AFTER installation!
-# See issue #28 (https://github.com/ublue-os/startingpoint/issues/28).
-COPY usr/ /usr
-COPY ${USER_DIR}/ /usr
-
-# Copy the recipe that we're building.
-COPY ${RECIPE} /usr/share/ublue-os/recipe.yml
-
-# Copy nix install script and Universal Blue wallpapers RPM from Bling image
-COPY --from=ghcr.io/ublue-os/bling:latest /rpms/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm
-
-# Integrate bling justfiles onto image
-COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/share/ublue-os/just /usr/share/ublue-os/just
-
-# Add nix installer if you want to use it
-COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/bin/ublue-nix* /usr/bin
-
-# "yq" used in build.sh and the "setup-flatpaks" just-action to read recipe.yml.
-# Copied from the official container image since it's not available as an RPM.
-COPY --from=docker.io/mikefarah/yq /usr/bin/yq /usr/bin/yq
-
-# Copy the build script and all custom scripts.
-COPY scripts /tmp/scripts
-
-# Run the build script, then clean up temp files and finalize container build.
-RUN rpm-ostree install /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm && \
-        chmod +x /tmp/scripts/build.sh && \
-        /tmp/scripts/build.sh && \
-        rm -rf /tmp/* /var/* && \
-        ostree container commit

Containerfile.jp

@@ -1,63 +0,0 @@
-# This is the Containerfile for your custom image. 
-
-# It takes in the recipe, version, and base image as arguments,
-# all of which are provided by build.yml when doing builds
-# in the cloud. The ARGs have default values, but changing those
-# does nothing if the image is built in the cloud.
-
-ARG FEDORA_MAJOR_VERSION=38
-# Warning: changing this might not do anything for you. Read comment above.
-ARG BASE_IMAGE_URL=ghcr.io/ublue-os/kinoite-main
-
-FROM ${BASE_IMAGE_URL}:${FEDORA_MAJOR_VERSION}
-
-ARG USER_NAME=jp
-ARG USER_DIR=usr-${USER_NAME}
-
-# The default recipe set to the recipe's default filename
-# so that `podman build` should just work for many people.
-ARG RECIPE=recipe-framework-13.yml
-
-# Copy static configurations and component files.
-# Warning: If you want to place anything in "/etc" of the final image, you MUST
-# place them in "./usr/etc" in your repo, so that they're written to "/usr/etc"
-# on the final system. That is the proper directory for "system" configuration
-# templates on immutable Fedora distros, whereas the normal "/etc" is ONLY meant
-# for manual overrides and editing by the machine's admin AFTER installation!
-# See issue #28 (https://github.com/ublue-os/startingpoint/issues/28).
-COPY usr/ /usr
-COPY ${USER_DIR}/ /usr
-
-# Copy the recipe that we're building.
-COPY ${RECIPE} /usr/share/ublue-os/recipe.yml
-
-# Copy nix install script and Universal Blue wallpapers RPM from Bling image
-COPY --from=ghcr.io/ublue-os/bling:latest /rpms/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm
-
-# Integrate bling justfiles onto image
-COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/share/ublue-os/just /usr/share/ublue-os/just
-
-# Add nix installer if you want to use it
-COPY --from=ghcr.io/ublue-os/bling:latest /files/usr/bin/ublue-nix* /usr/bin
-
-# "yq" used in build.sh and the "setup-flatpaks" just-action to read recipe.yml.
-# Copied from the official container image since it's not available as an RPM.
-COPY --from=docker.io/mikefarah/yq /usr/bin/yq /usr/bin/yq
-
-# Install cosign for verifying signatures for images.
-COPY --from=gcr.io/projectsigstore/cosign /ko-app/cosign /usr/bin/cosign
-
-# Install xboxdrv for the Xbox 360 controller.
-COPY --from=registry.gitlab.com/wunker-bunker/xboxdrv-docker /usr/local/bin/xboxdrv /usr/bin/xboxdrv
-COPY --from=registry.gitlab.com/wunker-bunker/xboxdrv-docker /usr/local/bin/xboxdrvctl /usr/bin/xboxdrvctl
-COPY --from=registry.gitlab.com/wunker-bunker/xboxdrv-docker /usr/local/share/man/man1/xboxdrv.1 /usr/share/man/man1/xboxdrv.1
-
-# Copy the build script and all custom scripts.
-COPY scripts /tmp/scripts
-
-# Run the build script, then clean up temp files and finalize container build.
-RUN rpm-ostree install /tmp/ublue-os-wallpapers-0.1-1.fc38.noarch.rpm && \
-        chmod +x /tmp/scripts/build.sh && \
-        /tmp/scripts/build.sh && \
-        rm -rf /tmp/* /var/* && \
-        ostree container commit

containerfiles/xboxdrv

@@ -0,0 +1,3 @@
+COPY --from=registry.gitlab.com/wunker-bunker/xboxdrv-docker /usr/local/bin/xboxdrv /usr/bin/xboxdrv
+COPY --from=registry.gitlab.com/wunker-bunker/xboxdrv-docker /usr/local/bin/xboxdrvctl /usr/bin/xboxdrvctl
+COPY --from=registry.gitlab.com/wunker-bunker/xboxdrv-docker /usr/local/share/man/man1/xboxdrv.1 /usr/share/man/man1/xboxdrv.1

recipe-cp.yml

@@ -1,20 +1,19 @@
-name: laptop
+name: cp-laptop
 base-image: ghcr.io/ublue-os/cinnamon-main
 fedora-version: 38
-description: The image of Wunker OS for a regular Cinnaomon user.
-scripts:
-  pre:
-    - autorun.sh
-  post:
-    - autorun.sh
-    - setup-framework-13.sh
+description: The image of Wunker OS for CP's laptop.
+usr-dirs:
+  - usr-framework
+# scripts:
+#   pre: []
+#   post: []
 rpm:
   # A list of urls of ".repo" files that should be added to your system.
   # This is the proper way to add custom COPR repos to your image.
   # Tip: Use `%FEDORA_VERSION%` instead of static Fedora version numbers,
   # so that your repos automatically use your image's actual Fedora version,
   # which greatly simplifies future maintenance of your custom recipe.
-  repos: []
+  # repos: []
   install:
     # Needed for yafti (the first boot installer). Remove if you're not using yafti.
     - python3-pip
@@ -28,12 +27,10 @@ rpm:
     - fprintd-pam
     - tlp
     - powertop
-  remove: []
+  # remove: []
 firstboot:
-  yafti: false
+  yafti: true
   flatpaks:
-    - io.github.celluloid_player.Celluloid
-    - org.kde.
     - com.discordapp.Discord
     - com.nextcloud.desktopclient.nextcloud
     - com.google.Chrome

recipe-desktop.yml

@@ -1,17 +1,22 @@
-name: desktop
+name: jp-desktop
 base-image: ghcr.io/ublue-os/kinoite-nvidia
 fedora-version: 38
-description: The image of Wunker OS for an Nvidia based desktop meant for gaming.
+description: The image of Wunker OS for JP's desktop.
+usr-dir-overlays:
+  - usr-distrobox
+  - usr-8bitdo-ultimate
+  - usr-steam-firewall
+  - usr-desktop-audio
+containerfiles:
+  pre:
+    - xboxdrv
 scripts:
   pre:
-    - autorun.sh
     - install-syncthing.sh
     - setup-kubectl.sh
     - setup-vscode.sh
   post:
     - setup-selinux-dockersock.sh
-    - autorun.sh
-    - setup-desktop-audio.sh
     - install-codelldb.sh
 rpm:
   # A list of urls of ".repo" files that should be added to your system.
@@ -47,7 +52,7 @@ rpm:
     - ripgrep
     - helix
     - tailscale
-    - alacritty
+    - strawberry
   remove:
     # Remove the native firefox (from Fedora) in favor of the Flatpak.
     - firefox

recipe-framework-13.yml

@@ -1,17 +1,17 @@
-name: framework-13
+name: jp-laptop
 base-image: ghcr.io/ublue-os/kinoite-main
 fedora-version: 38
-description: The image of Wunker OS for a Framework laptop.
+description: The image of Wunker OS for JP's Laptop.
+usr-dir-overlays:
+  - usr-distrobox
+  - usr-framework
 scripts:
   pre:
-    - autorun.sh
     - install-syncthing.sh
     - setup-kubectl.sh
     - setup-vscode.sh
   post:
     - setup-selinux-dockersock.sh
-    - autorun.sh
-    - setup-framework-13.sh
     - install-codelldb.sh
 rpm:
   # A list of urls of ".repo" files that should be added to your system.
@@ -50,6 +50,7 @@ rpm:
     - neovim
     - ripgrep
     - helix
+    - strawberry
     - tailscale
     - alacritty
   remove:

scripts/autorun.sh

@@ -1,48 +0,0 @@
-#!/usr/bin/env bash
-
-# Tell this script to exit if there are any errors.
-set -oue pipefail
-
-#
-# AUTORUN:
-#
-# This script simplifies your "recipe.yml" management whenever you simply want
-# to "run everything automatically" based on whatever script files exist on disk.
-#
-
-# Helper functions.
-yell() { echo "${0}: ${*}"; }
-abort() { yell "${*}"; exit 0; }
-die() { yell "${*}"; exit 1; }
-
-# Determine which directory and script category we're executing under.
-SCRIPT_DIR="$(dirname -- "${BASH_SOURCE[0]}")"
-SCRIPT_MODE="${1:-}"
-if [[ -z "${SCRIPT_MODE}" ]]; then
-    die "Missing script mode argument."
-fi
-
-# Ensure that a "scripts/" sub-directory exists for the "script category".
-# Note that symlinks to other directories will be accepted by the `-d` check.
-RUN_DIR="${SCRIPT_DIR}/${SCRIPT_MODE}"
-if [[ ! -d "${RUN_DIR}" ]]; then
-    abort "Nothing to do, since \"${RUN_DIR}\" doesn't exist."
-fi
-
-# Generate a numerically sorted array of all scripts (or symlinks to scripts),
-# without traversing into deeper subdirectories (to allow the user to store
-# helper libraries in subfolders without accidental execution). Sorting is
-# necessary for manually controlling the execution order via numeric prefixes.
-mapfile -t buildscripts < <(find -L "${RUN_DIR}" -maxdepth 1 -type f -name "*.sh" | sort -n)
-
-# Exit if there aren't any scripts in the directory.
-if [[ ${#buildscripts[@]} -eq 0 ]]; then
-    abort "Nothing to do, since \"${RUN_DIR}\" doesn't contain any scripts in its top-level directory."
-fi
-
-# Now simply execute all of the discovered scripts, and provide the name of the
-# current "script category" as an argument, to match the behavior of "build.sh".
-for script in "${buildscripts[@]}"; do
-    echo "[autorun.sh] Running [${SCRIPT_MODE}]: ${script}"
-    "$script" "${SCRIPT_MODE}"
-done

scripts/build.sh

@@ -1,109 +0,0 @@
-#!/usr/bin/env bash
-
-# Tell build process to exit if there are any errors.
-set -oue pipefail
-
-# Helper functions.
-RECIPE_FILE="/usr/share/ublue-os/recipe.yml"
-get_yaml_array() {
-    mapfile -t "${1}" < <(yq -- "${2}" "${RECIPE_FILE}")
-}
-get_yaml_string() {
-    yq -- "${1}" "${RECIPE_FILE}"
-}
-
-# Automatically determine which Fedora version we're building.
-FEDORA_VERSION="$(cat /usr/lib/os-release | grep -Po '(?<=VERSION_ID=)\d+')"
-
-# Read configuration variables.
-BASE_IMAGE="$(get_yaml_string '.base-image')"
-YAFTI_ENABLED="$(get_yaml_string '.firstboot.yafti')"
-
-# Welcome.
-echo "Building custom Fedora ${FEDORA_VERSION} from image: \"${BASE_IMAGE}\"."
-
-# Add custom repos.
-get_yaml_array repos '.rpm.repos[]'
-if [[ ${#repos[@]} -gt 0 ]]; then
-    echo "-- Adding repos defined in recipe.yml --"
-    for repo in "${repos[@]}"; do
-        repo="${repo//%FEDORA_VERSION%/${FEDORA_VERSION}}"
-        wget "${repo}" -P "/etc/yum.repos.d/"
-    done
-    echo "---"
-fi
-
-# Ensure that all script files are executable.
-find /tmp/scripts -type f -exec chmod +x {} \;
-
-# Run "pre" scripts.
-run_scripts() {
-    script_mode="$1"
-    get_yaml_array buildscripts ".scripts.${script_mode}[]"
-    if [[ ${#buildscripts[@]} -gt 0 ]]; then
-        echo "-- Running [${script_mode}] scripts defined in recipe.yml --"
-        for script in "${buildscripts[@]}"; do
-            echo "Running [${script_mode}]: ${script}"
-            "/tmp/scripts/${script}" "${script_mode}"
-        done
-        echo "---"
-    fi
-}
-run_scripts "pre"
-
-# Install RPMs.
-get_yaml_array install_rpms '.rpm.install[]'
-if [[ ${#install_rpms[@]} -gt 0 ]]; then
-    echo "-- Installing RPMs defined in recipe.yml --"
-    echo "Installing: ${install_rpms[@]}"
-    rpm-ostree install "${install_rpms[@]}"
-    echo "---"
-fi
-
-# Remove RPMs.
-get_yaml_array remove_rpms '.rpm.remove[]'
-if [[ ${#remove_rpms[@]} -gt 0 ]]; then
-    echo "-- Removing RPMs defined in recipe.yml --"
-    echo "Removing: ${remove_rpms[@]}"
-    rpm-ostree override remove "${remove_rpms[@]}"
-    echo "---"
-fi
-
-# Toggle yafti, which provides the "first boot" experience, https://github.com/ublue-os/yafti.
-FIRSTBOOT_DATA="/usr/share/ublue-os/firstboot"
-FIRSTBOOT_LINK="/usr/etc/profile.d/ublue-firstboot.sh"
-if [[ "${YAFTI_ENABLED}" == "true" ]]; then
-    echo "-- firstboot: Installing and enabling \"yafti\" --"
-    pip install --prefix=/usr yafti
-    # Create symlink to our profile script, which creates the per-user "autorun yafti" links.
-    mkdir -p "$(dirname "${FIRSTBOOT_LINK}")"
-    ln -s "${FIRSTBOOT_DATA}/launcher/login-profile.sh" "${FIRSTBOOT_LINK}"
-else
-    echo "-- firstboot: Removing all \"firstboot\" components --"
-    # Removes the script symlink that creates the per-user autostart symlinks.
-    # We must forcibly remove this here, in case it was added by an upstream image.
-    rm -f "${FIRSTBOOT_LINK}"
-    # Remove all of the launcher-scripts and yafti config, to de-clutter image and
-    # ensure it can't run by accident due to lingering symlinks or upstream image.
-    rm -rf "${FIRSTBOOT_DATA}"
-fi
-
-# Add a new yafti "package group" called Custom, for the packages defined in recipe.yml.
-# Only adds the package group if yafti is enabled and Flatpaks are defined in the recipe.
-if [[ "${YAFTI_ENABLED}" == "true" ]]; then
-    YAFTI_FILE="${FIRSTBOOT_DATA}/yafti.yml"
-    get_yaml_array flatpaks '.firstboot.flatpaks[]'
-    if [[ ${#flatpaks[@]} -gt 0 ]]; then
-        echo "-- yafti: Adding Flatpaks defined in recipe.yml --"
-        yq -i '.screens.applications.values.groups.Custom.description = "Flatpaks suggested by the image maintainer."' "${YAFTI_FILE}"
-        yq -i '.screens.applications.values.groups.Custom.default = true' "${YAFTI_FILE}"
-        for pkg in "${flatpaks[@]}"; do
-            echo "Adding to yafti: ${pkg}"
-            yq -i ".screens.applications.values.groups.Custom.packages += [{\"${pkg}\": \"${pkg}\"}]" "${YAFTI_FILE}"
-        done
-        echo "---"
-    fi
-fi
-
-# Run "post" scripts.
-run_scripts "post"

scripts/setup-desktop-audio.sh

@@ -1,21 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-echo "# This file was added by the program 'hda-jack-retask'.
-# If you want to revert the changes made by this program, you can simply erase this file and reboot your computer.
-options snd-hda-intel patch=hda-jack-retask.fw,hda-jack-retask.fw,hda-jack-retask.fw,hda-jack-retask.fw" > /etc/modprobe.d/hda-jack-retask.conf
-
-echo "[codec]
-0x10ec0b00 0x10438797 0
-
-[pincfg]
-0x11 0x411111f0
-0x14 0x01014010
-0x15 0x01011012
-0x16 0x01016011
-0x17 0x40170000
-0x18 0x01a19050
-0x19 0x02a19060
-0x1a 0x0181305f
-0x1b 0x01014010
-0x1e 0x01456140" > /lib/firmware/hda-jack-retask.fw

usr-desktop-audio/etc/modprobe.d/hda-jack-retaks.conf

@@ -0,0 +1,3 @@
+# This file was added by the program 'hda-jack-retask'.
+# If you want to revert the changes made by this program, you can simply erase this file and reboot your computer.
+options snd-hda-intel patch=hda-jack-retask.fw,hda-jack-retask.fw,hda-jack-retask.fw,hda-jack-retask.fw

usr-desktop-audio/lib/firmware/hda-jack-retask.fw

@@ -0,0 +1,14 @@
+[codec]
+0x10ec0b00 0x10438797 0
+
+[pincfg]
+0x11 0x411111f0
+0x14 0x01014010
+0x15 0x01011012
+0x16 0x01016011
+0x17 0x40170000
+0x18 0x01a19050
+0x19 0x02a19060
+0x1a 0x0181305f
+0x1b 0x01014010
+0x1e 0x01456140

usr-framework/etc/systemd/system/frpintd.service

@@ -0,0 +1,48 @@
+[Unit]
+Description=Fingerprint Authentication Daemon
+Documentation=man:fprintd(1)
+
+[Service]
+Type=dbus
+BusName=net.reactivated.Fprint
+ExecStart=/usr/libexec/fprintd
+
+# Filesystem lockdown
+ProtectSystem=strict
+ProtectKernelTunables=true
+ProtectKernelLogs=true
+ProtectControlGroups=true
+# This always corresponds to /var/lib/fprint
+StateDirectory=fprint
+StateDirectoryMode=0700
+ProtectHome=true
+PrivateTmp=true
+
+SystemCallFilter=@system-service
+
+# Network
+RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK
+
+# Execute Mappings
+MemoryDenyWriteExecute=true
+
+# Modules
+ProtectKernelModules=true
+
+# Real-time
+RestrictRealtime=true
+
+# Privilege escalation
+NoNewPrivileges=true
+
+# Protect clock, allow USB and SPI device access
+ProtectClock=yes
+DeviceAllow=char-usb_device rw
+DeviceAllow=char-spi rw
+DeviceAllow=char-hidraw rw
+
+# Allow tuning USB parameters (wakeup and persist)
+ReadWritePaths=/sys/devices
+
+[Install]
+WantedBy=multi-user.target

usr-framework/etc/tlp.d/50-framework.conf

@@ -1,67 +1,3 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-echo "Installing fprintd service"
-
-mkdir -p /usr/etc/systemd/system/
-
-cat <<EOL >/usr/etc/systemd/system/fprintd.service
-[Unit]
-Description=Fingerprint Authentication Daemon
-Documentation=man:fprintd(1)
-
-[Service]
-Type=dbus
-BusName=net.reactivated.Fprint
-ExecStart=/usr/libexec/fprintd
-
-# Filesystem lockdown
-ProtectSystem=strict
-ProtectKernelTunables=true
-ProtectKernelLogs=true
-ProtectControlGroups=true
-# This always corresponds to /var/lib/fprint
-StateDirectory=fprint
-StateDirectoryMode=0700
-ProtectHome=true
-PrivateTmp=true
-
-SystemCallFilter=@system-service
-
-# Network
-RestrictAddressFamilies=AF_UNIX AF_LOCAL AF_NETLINK
-
-# Execute Mappings
-MemoryDenyWriteExecute=true
-
-# Modules
-ProtectKernelModules=true
-
-# Real-time
-RestrictRealtime=true
-
-# Privilege escalation
-NoNewPrivileges=true
-
-# Protect clock, allow USB and SPI device access
-ProtectClock=yes
-DeviceAllow=char-usb_device rw
-DeviceAllow=char-spi rw
-DeviceAllow=char-hidraw rw
-
-# Allow tuning USB parameters (wakeup and persist)
-ReadWritePaths=/sys/devices
-
-[Install]
-WantedBy=multi-user.target
-EOL
-
-echo "Installing tlp config"
-
-mkdir -p /usr/etc/tlp.d/
-
-cat <<EOL >/usr/etc/tlp.d/50-framework.conf
 # ------------------------------------------------------------------------------
 # /etc/tlp.conf - TLP user configuration (version 1.4)
 # See full explanation: https://linrunner.de/tlp/settings
@@ -195,4 +131,4 @@ PCIE_ASPM_ON_BAT=powersupersave
 # Default: "mei_me nouveau radeon", use "" to disable completely.
 
 RUNTIME_PM_DRIVER_DENYLIST=""
-EOL
+