jonathan/bootc
jonathan/bootc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 2 Wiki Activity Actions

Upgrade to 42

Browse source
This commit is contained in:
Jonathan Cremin 2025-05-17 19:25:52 +01:00
parent 6a44899aff
commit 9fdc969fa2
4 changed files with 177 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

126
workstation-nvidia/Containerfile
View file

@ -1,81 +1,87 @@
FROM ghcr.io/ublue-os/silverblue-nvidia:41 FROM ghcr.io/ublue-os/silverblue-nvidia:42
COPY etc /etc COPY etc /etc
RUN dnf install -y https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm && \ RUN dnf install -y https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm && \
dnf install -y https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm && \ dnf install -y https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm && \
dnf clean all dnf clean all
RUN dnf remove -y \ RUN dnf remove -y \
ptyxis \ ptyxis \
gnome-software \ gnome-software \
htop \ htop \
gnome-classic-session \ gnome-classic-session \
gnome-shell-extension-apps-menu \ gnome-shell-extension-apps-menu \
gnome-shell-extension-background-logo \ gnome-shell-extension-background-logo \
gnome-shell-extension-launch-new-instance \ gnome-shell-extension-launch-new-instance \
gnome-shell-extension-places-menu \ gnome-shell-extension-places-menu \
gnome-shell-extension-window-list \ gnome-shell-extension-window-list \
open-vm-tools \ open-vm-tools \
open-vm-tools-desktop \ open-vm-tools-desktop \
qemu-guest-agent \ qemu-guest-agent \
spice-vdagent \ spice-vdagent \
spice-webdavd \ spice-webdavd \
virtualbox-guest-additions && \ virtualbox-guest-additions && \
dnf swap -y ffmpeg-free ffmpeg --allowerasing && \ dnf swap -y ffmpeg-free ffmpeg --allowerasing && \
dnf swap -y libavcodec-free libavcodec-freeworld --allowerasing && \ dnf swap -y libavcodec-free libavcodec-freeworld --allowerasing && \
dnf group install -y multimedia --setopt="install_weak_deps=False" --exclude=PackageKit-gstreamer-plugin && \ dnf remove -y pipewire-libs-extra && \
dnf copr enable -y alternateved/eza && \ dnf group install -y multimedia --setopt="install_weak_deps=False" --exclude=PackageKit-gstreamer-plugin --allowerasing && \
dnf install -y \ dnf copr enable -y alternateved/eza && \
acpi \ dnf copr enable -y pgdev/ghostty && \
akmod-v4l2loopback \ dnf install -y \
btop \ acpi \
direnv \ akmod-v4l2loopback \
distrobox \ btop \
eza \ direnv \
git \ dmidecode \
gnome-boxes \ eza \
gstreamer1-vaapi \ ffmpegthumbnailer \
helm \ ghostty \
kubectl \ git \
util-linux \ gnome-boxes \
lm_sensors \ gstreamer1-vaapi \
ncdu \ helm \
pavucontrol \ kubectl \
qemu-guest-agent \ lm_sensors \
sysstat \ lshw \
tailscale \ nmcli \
vdpauinfo \ mpv \
vulkan-tools \ ncdu \
zsh \ pavucontrol \
zsh-syntax-highlighting && \ sysstat \
# Clean up tailscale \
dnf clean all vdpauinfo \
vulkan-tools \
zsh \
zsh-syntax-highlighting && \
# Clean up
dnf clean all
# Setup watercooling
RUN dnf copr enable -y codifryed/CoolerControl && \
dnf install -y coolercontrol && \
systemctl enable coolercontrold
# Remove btop and nvtop shortcuts # Remove btop and nvtop shortcuts
RUN rm /usr/share/applications/btop.desktop /usr/share/applications/nvtop.desktop RUN rm /usr/share/applications/btop.desktop /usr/share/applications/nvtop.desktop
# Don't use the ghostty copr for now, it's broken on 42. Download the appimage in userland.
# Todo: Try again when 42 is final.
# RUN dnf copr enable -y pgdev/ghostty && \
# dnf install -y ghostty
# Don't install 1password, the browser integration breaks because 1Password uses /opt. # Don't install 1password, the browser integration breaks because 1Password uses /opt.
# I think this is polkit related. # I think this is polkit related.
# RUN mkdir -p /var/opt # RUN mkdir -p /var/opt
# COPY scripts/1password.sh /tmp/1password.sh # COPY scripts/1password.sh /tmp/1password.sh
# RUN /bin/sh /tmp/1password.sh # RUN /bin/sh /tmp/1password.sh
RUN authselect enable-feature with-fingerprint # RUN authselect enable-feature with-fingerprint
LABEL org.opencontainers.image.description="Built on ublue-os/silverblue-main, adding more batteries" \ LABEL org.opencontainers.image.description="Built on ublue-os/silverblue-main, adding more batteries" \
org.opencontainers.image.source="https://cremin.dev/jonathan/bootc" \ org.opencontainers.image.source="https://cremin.dev/jonathan/bootc" \
org.opencontainers.image.title="ublue-silverblue-nvidia" \ org.opencontainers.image.title="ublue-silverblue-nvidia" \
org.opencontainers.image.url="https://cremin.dev/jonathan/bootc" \ org.opencontainers.image.url="https://cremin.dev/jonathan/bootc" \
org.opencontainers.image.created="" \ org.opencontainers.image.created="" \
org.opencontainers.image.licenses="Unlicensed" \ org.opencontainers.image.licenses="Unlicensed" \
org.opencontainers.image.revision="" \ org.opencontainers.image.revision="" \
org.opencontainers.image.version="" org.opencontainers.image.version=""

16
workstation-nvidia/build-push.sh
View file

@ -6,17 +6,17 @@ set -e
cd "$(dirname "$0")" cd "$(dirname "$0")"
DATE_TAG=$(date "+%Y%m%d-%H%M%S") DATE_TAG=$(date "+%Y%m%d-%H%M%S")
CURRENT_IMAGE_ID=$(sudo podman images --format "{{.ID}}" cremin.dev/jonathan/ublue-silverblue-main:42) CURRENT_IMAGE_ID=$(podman images --format "{{.ID}}" cremin.dev/jonathan/ublue-silverblue-nvidia:42)
echo "Pulling base image" echo "Pulling base image"
# ensure the base image is up to date # ensure the base image is up to date
sudo -E podman pull ghcr.io/ublue-os/silverblue-main:42 podman pull ghcr.io/ublue-os/silverblue-nvidia:42
echo "Starting build" echo "Starting build"
sudo -E podman build -t cremin.dev/jonathan/ublue-silverblue-main:42 . podman build -t cremin.dev/jonathan/ublue-silverblue-nvidia:42 .
NEW_IMAGE_ID=$(sudo podman images --format "{{.ID}}" cremin.dev/jonathan/ublue-silverblue-main:42) NEW_IMAGE_ID=$(podman images --format "{{.ID}}" cremin.dev/jonathan/ublue-silverblue-nvidia:42)
# Start build and check if any layers were changed (looking for "Using cache" messages) # Start build and check if any layers were changed (looking for "Using cache" messages)
@ -25,9 +25,9 @@ if [ "$CURRENT_IMAGE_ID" = "$NEW_IMAGE_ID" ]; then
else else
echo "Image updated, pushing to registry" echo "Image updated, pushing to registry"
# Add the tags # Add the tags
sudo -E podman tag cremin.dev/jonathan/ublue-silverblue-main:42 cremin.dev/jonathan/ublue-silverblue-main:42-${DATE_TAG} cremin.dev/jonathan/ublue-silverblue-main:latest podman tag cremin.dev/jonathan/ublue-silverblue-nvidia:42 cremin.dev/jonathan/ublue-silverblue-nvidia:42-${DATE_TAG} cremin.dev/jonathan/ublue-silverblue-nvidia:latest
# Push the image # Push the image
sudo -E podman push --authfile ~/.config/containers/auth.json cremin.dev/jonathan/ublue-silverblue-main:42-${DATE_TAG} podman push --authfile ~/.config/containers/auth.json cremin.dev/jonathan/ublue-silverblue-nvidia:42-${DATE_TAG}
sudo -E podman push --authfile ~/.config/containers/auth.json cremin.dev/jonathan/ublue-silverblue-main:42 podman push --authfile ~/.config/containers/auth.json cremin.dev/jonathan/ublue-silverblue-nvidia:42
sudo -E podman push --authfile ~/.config/containers/auth.json cremin.dev/jonathan/ublue-silverblue-main:latest podman push --authfile ~/.config/containers/auth.json cremin.dev/jonathan/ublue-silverblue-nvidia:latest
fi fi

76
workstation-nvidia/scripts/1password.sh Executable file
View file

@ -0,0 +1,76 @@
#!/usr/bin/env sh
# Thanks to bri for the inspiration! My script is mostly based on this example:
# https://github.com/briorg/bluefin/blob/c62c30a04d42fd959ea770722c6b51216b4ec45b/scripts/1password.sh
set -ouex pipefail
echo "Installing 1Password"
# On libostree systems, /opt is a symlink to /var/opt,
# which actually only exists on the live system. /var is
# a separate mutable, stateful FS that's overlaid onto
# the ostree rootfs. Therefore we need to install it into
# /usr/lib/1Password instead, and dynamically create a
# symbolic link /opt/1Password => /usr/lib/1Password upon
# boot.
# Prepare staging directory
mkdir -p /var/opt # -p just in case it exists
# for some reason...
# Setup repo
cat << EOF > /etc/yum.repos.d/1password.repo
[1password]
name=1Password Stable Channel
baseurl=https://downloads.1password.com/linux/rpm/stable/\$basearch
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://downloads.1password.com/linux/keys/1password.asc
EOF
# Import signing key
rpm --import https://downloads.1password.com/linux/keys/1password.asc
# Prepare 1Password groups
# Normally, when after dnf installs the 1password RPM, an
# 'after-install.sh' script runs to cofigure several things, including
# the creation of a group. Under rpm-ostree, this didn't work quite as
# expected, thus several steps were done to hack around and fix things.
# Now with dnf5, there is a problem where 'after-install.sh' creates
# groups which conflict with default user's GID. This now pre-creates
# the groups, rather than fixing after RPM installation.
# I hardcode GIDs and cross fingers that nothing else steps on them.
# These numbers _should_ be okay under normal use, but
# if there's a more specific range that I should use here
# please submit a PR!
# Specifically, GID must be > 1000, and absolutely must not
# conflict with any real groups on the deployed system.
# Normal user group GIDs on Fedora are sequential starting
# at 1000, so let's skip ahead and set to something higher.
GID_ONEPASSWORD="1790"
GID_ONEPASSWORDCLI="1791"
groupadd -g ${GID_ONEPASSWORD} onepassword
groupadd -g ${GID_ONEPASSWORDCLI} onepassword-cli
# Now let's install the packages.
dnf5 install -y 1password 1password-cli
# This places the 1Password contents in an image safe location
mv /var/opt/1Password /usr/lib/1Password # move this over here
# Register path symlink
# We do this via tmpfiles.d so that it is created by the live system.
cat >/usr/lib/tmpfiles.d/onepassword.conf <<EOF
L /opt/1Password - - - - /usr/lib/1Password
EOF
# No further hack SHOULD be needed since dnf5 does run the script
# after-install.sh as expected and uses our pre-set groups.
# Clean up the yum repo (updates are baked into new images)
rm /etc/yum.repos.d/1password.repo -f

26
workstation-nvidia/scripts/kraken.patch Normal file
View file

@ -0,0 +1,26 @@
--- /usr/lib/python3.13/site-packages/liquidctl/driver/kraken3.py 2025-04-07 15:54:42.399225195 +0100
+++ kraken3.py 2025-04-07 15:53:59.676402140 +0100
@@ -594,6 +594,18 @@
"lcd_resolution": (240, 240),
},
),
+ (
+ 0x1E71,
+ 0x3012,
+ "NZXT Kraken 2024 Elite RGB",
+ {
+ "speed_channels": _SPEED_CHANNELS_KRAKEN2023,
+ "color_channels": _COLOR_CHANNELS_KRAKEN2023,
+ "hwmon_ctrl_mapping": _HWMON_CTRL_MAPPING_KRAKENZ,
+ "bulk_buffer_size": 1024 * 1024 * 2, # 2 MB
+ "lcd_resolution": (640, 640),
+ },
+ ),
]
def __init__(
@@ -1154,3 +1166,4 @@
]
)
return response[14] == 0x1
+