From e0efbbc82c32d41440122f7d656e3ea42947eac3 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Wed, 3 Dec 2025 14:13:49 -0300 Subject: [PATCH 01/28] test if audio works on cachyos kernel 6.17 --- Dockerfile | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9d94565..961874b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,15 +12,9 @@ RUN /tmp/set_next_version.sh COPY repo/*.repo /etc/yum.repos.d/ RUN dnf config-manager --add-repo=https://negativo17.org/repos/epel-nvidia.repo -y -RUN dnf install -y $( \ - dnf list --available kernel\* --disablerepo='*' --enablerepo=my-ostree-os-rhel-epel 2>/dev/null \ - | grep 'andersdsrhcustom' \ - | awk '{print $1 "-" $2}' \ - | sort -V \ - | tail -1 \ - | sed 's/\.src//g' \ - | sed 's/\.x86_64//g' \ - ) +RUN dnf copr enable bieszczaders/kernel-cachyos -y + +RUN dnf install -y kernel-cachyos RUN dnf install --nogpgcheck -y https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-$(rpm -E %rhel).noarch.rpm https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-$(rpm -E %rhel).noarch.rpm @@ -29,7 +23,7 @@ RUN dnf install -y https://github.com/TheAssassin/AppImageLauncher/releases/down # Install Negativo17 Nvidia driver RUN dnf install -y dkms-nvidia nvidia-driver nvidia-persistenced opencl-filesystem libva-nvidia-driver kernel-devel-matched -RUN dkms install nvidia/$(ls /usr/src/ | grep nvidia- | cut -d- -f2-) -k $(rpm -q --queryformat "%{VERSION}-%{RELEASE}.%{ARCH}\n" kernel) +RUN dkms install nvidia/$(ls /usr/src/ | grep nvidia- | cut -d- -f2-) -k $(rpm -q --queryformat "%{VERSION}-%{RELEASE}.%{ARCH}\n" kernel-cachyos) # Remove plocate to avoid updatedb going crazy with scanning the file system once a day RUN dnf remove -y plocate From 663ecaeb77a4c4500a4e1272bcfec33572f0cd41 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Wed, 3 Dec 2025 14:19:39 -0300 Subject: [PATCH 02/28] remove default kernel --- Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 961874b..5636d60 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,9 @@ FROM quay.io/almalinuxorg/atomic-desktop-kde:10 ARG CACHEBUST=1 +ARG KERNEL=kernel-cachyos +ENV KERNEL=${KERNEL} + # Get list of kernels from my repo. If the list has been updated, then the image will be rebuilt. If it hasn't been updated, then caching of the previous build will be used. ADD "https://copr.fedorainfracloud.org/api_3/build/list?ownername=andersrh&projectname=my-ostree-os&packagename=kernel" /tmp/builds.txt @@ -14,7 +17,9 @@ RUN dnf config-manager --add-repo=https://negativo17.org/repos/epel-nvidia.repo RUN dnf copr enable bieszczaders/kernel-cachyos -y -RUN dnf install -y kernel-cachyos +RUN dnf install -y ${KERNEL} ${KERNEL}-devel-matched + +RUN dnf remove -y kernel kernel-core kernel-modules kernel-modules-core kernel-modules-extra kernel-tools kernel-tools-libs RUN dnf install --nogpgcheck -y https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-$(rpm -E %rhel).noarch.rpm https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-$(rpm -E %rhel).noarch.rpm From 672eb3820ae160c54edd947b5980b3488b47e6c5 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Wed, 3 Dec 2025 14:36:06 -0300 Subject: [PATCH 03/28] oops dont install kernel-devel-matched --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 5636d60..76ca060 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,7 +27,7 @@ RUN dnf install -y fish distrobox nvtop intel-media-driver libva-intel-driver RUN dnf install -y https://github.com/TheAssassin/AppImageLauncher/releases/download/v2.2.0/appimagelauncher-2.2.0-travis995.0f91801.x86_64.rpm # Install Negativo17 Nvidia driver -RUN dnf install -y dkms-nvidia nvidia-driver nvidia-persistenced opencl-filesystem libva-nvidia-driver kernel-devel-matched +RUN dnf install -y dkms-nvidia nvidia-driver nvidia-persistenced opencl-filesystem libva-nvidia-driver RUN dkms install nvidia/$(ls /usr/src/ | grep nvidia- | cut -d- -f2-) -k $(rpm -q --queryformat "%{VERSION}-%{RELEASE}.%{ARCH}\n" kernel-cachyos) # Remove plocate to avoid updatedb going crazy with scanning the file system once a day From 147a1bd7067f40cfeee29d883114b50baffcc67e Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Wed, 3 Dec 2025 15:24:14 -0300 Subject: [PATCH 04/28] add alsa-sof-firmware --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 76ca060..d25ec12 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,6 +47,8 @@ RUN rm -f /etc/chromium/chromium.conf # Add rule to SELinux allowing modules to be loaded into custom kernel RUN setsebool -P domain_kernel_load_modules on +RUN dnf install -y alsa-sof-firmware + COPY etc /etc COPY usr /usr From d8718256e8614b41804c4a305ef08f128fbadb76 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Wed, 3 Dec 2025 15:24:14 -0300 Subject: [PATCH 05/28] add alsa-sof-firmware --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 9d94565..ec97b99 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,6 +48,8 @@ RUN rm -f /etc/chromium/chromium.conf # Add rule to SELinux allowing modules to be loaded into custom kernel RUN setsebool -P domain_kernel_load_modules on +RUN dnf install -y alsa-sof-firmware + COPY etc /etc COPY usr /usr From 66901db9e5e0e2e3aef88f165ae3e5b719c4b6bb Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Wed, 3 Dec 2025 15:50:17 -0300 Subject: [PATCH 06/28] Use default AlmaLinux kernel and add htop --- Dockerfile | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index ec97b99..013ed05 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,19 +12,12 @@ RUN /tmp/set_next_version.sh COPY repo/*.repo /etc/yum.repos.d/ RUN dnf config-manager --add-repo=https://negativo17.org/repos/epel-nvidia.repo -y -RUN dnf install -y $( \ - dnf list --available kernel\* --disablerepo='*' --enablerepo=my-ostree-os-rhel-epel 2>/dev/null \ - | grep 'andersdsrhcustom' \ - | awk '{print $1 "-" $2}' \ - | sort -V \ - | tail -1 \ - | sed 's/\.src//g' \ - | sed 's/\.x86_64//g' \ - ) +# This is necessary for the speakers and internal microphone +RUN dnf install -y alsa-sof-firmware RUN dnf install --nogpgcheck -y https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-$(rpm -E %rhel).noarch.rpm https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-$(rpm -E %rhel).noarch.rpm -RUN dnf install -y fish distrobox nvtop intel-media-driver libva-intel-driver +RUN dnf install -y fish distrobox nvtop intel-media-driver libva-intel-driver htop RUN dnf install -y https://github.com/TheAssassin/AppImageLauncher/releases/download/v2.2.0/appimagelauncher-2.2.0-travis995.0f91801.x86_64.rpm # Install Negativo17 Nvidia driver @@ -48,8 +41,6 @@ RUN rm -f /etc/chromium/chromium.conf # Add rule to SELinux allowing modules to be loaded into custom kernel RUN setsebool -P domain_kernel_load_modules on -RUN dnf install -y alsa-sof-firmware - COPY etc /etc COPY usr /usr From eef11422b274d66310a1eb2bd5b57a3b880302c1 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Thu, 4 Dec 2025 20:04:29 -0300 Subject: [PATCH 07/28] replace noopenh264 with real openh264 files --- Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Dockerfile b/Dockerfile index 013ed05..2ef532b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -35,6 +35,11 @@ RUN dnf swap libavcodec-free libavcodec-freeworld --allowerasing -y RUN dnf -y install gwenview haruna kalk okular RUN dnf -y install chromium firefox + +# replace noopenh264 with real openh264 files +RUN rm -f /usr/lib64/libopenh264.so.2.4.1 /usr/lib64/libopenh264.so.7 +RUN rpm -Uvh --nodeps https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/o/openh264-2.5.1-1.fc42.x86_64.rpm https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/m/mozilla-openh264-2.5.1-1.fc42.x86_64.rpm + # Delete default Chromium config so it can be replaced by my own RUN rm -f /etc/chromium/chromium.conf From fa7c3a5c4e28b2f433489947e32670c050ff7f5c Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Mon, 5 Jan 2026 18:06:29 -0300 Subject: [PATCH 08/28] Use Buildah instead of Docker and build three times a month instead of every day --- .github/workflows/os.yml | 135 +++++++++++++++++---------------------- Dockerfile | 4 -- 2 files changed, 58 insertions(+), 81 deletions(-) diff --git a/.github/workflows/os.yml b/.github/workflows/os.yml index cf2932a..10e0f8c 100644 --- a/.github/workflows/os.yml +++ b/.github/workflows/os.yml @@ -1,42 +1,32 @@ name: os -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - on: schedule: - - cron: '0 5 * * *' # 5 am every day + - cron: '0 5 8,18,28 * *' push: paths: - - 'Dockerfile' - - 'etc/**' - - 'usr/**' - - 'repo/**' + - 'Dockerfile' + - 'etc/**' + - 'usr/**' + - 'repo/**' + - '.github/workflows/os.yml' + workflow_dispatch: env: - # Use docker.io for Docker Hub if empty REGISTRY: ghcr.io - # github.repository as / IMAGE_NAME: ${{ github.repository }} - IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} - jobs: build: - runs-on: ubuntu-latest permissions: contents: read packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. - id-token: write + id-token: write # Påkrævet til cosign keyless signering steps: - name: Maximize build space - uses: AdityaGarg8/remove-unwanted-software@v1 + uses: AdityaGarg8/remove-unwanted-software@v5 with: remove-dotnet: 'true' remove-android: 'true' @@ -44,71 +34,62 @@ jobs: - name: Get current date id: date - run: echo "::set-output name=date::$(date +'%Y%m%d')" - - - name: Test with environment variables - run: echo $DATE - env: - DATE: ${{ steps.date.outputs.date }} + run: echo "date=$(date +'%Y%m%d')" >> $GITHUB_OUTPUT - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 - # Install the cosign tool except on PR - # https://github.com/sigstore/cosign-installer - - name: Install cosign - if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1 - with: - cosign-release: 'v2.1.1' - - # Workaround: https://github.com/docker/build-push-action/issues/461 - - name: Setup Docker buildx - uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf - - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - name: Extract Docker metadata id: meta - uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38 + uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + # Vi konstruerer tags her med branch-navnet som præfiks + tags: | + type=ref,event=branch + type=raw,value=latest,enable={{is_default_branch}} + type=raw,value=${{ github.ref_name }}-10 + type=raw,value=${{ github.ref_name }}-10.${{ steps.date.outputs.date }} - # Build and push Docker image with Buildx (don't push on PR) - # https://github.com/docker/build-push-action - - name: Build and push Docker image - id: build-and-push - uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a - with: - context: . - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }}, ${{ steps.meta.outputs.tags }}-10, ${{ steps.meta.outputs.tags }}-10.${{ steps.date.outputs.date }} - # labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max + - name: Log into GHCR + if: github.event_name != 'pull_request' + run: | + buildah login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ${{ env.REGISTRY }} + - name: Build image with Buildah + id: build-image + run: | + # Vi bygger med 'raw-img' lokalt + buildah bud \ + --label "org.opencontainers.image.source=https://github.com/${{ github.repository }}" \ + -t raw-img . - # Sign the resulting Docker image digest except on PRs. - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign - - name: Sign the published Docker image - if: ${{ github.event_name != 'pull_request' }} - env: - # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable - TAGS: ${{ steps.meta.outputs.tags }} - DIGEST: ${{ steps.build-and-push.outputs.digest }} - # This step uses the identity token to provision an ephemeral certificate - # against the sigstore community Fulcio instance. - run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST} + # Gem det primære tag til signering (vi tager det første fra listen) + PRIMARY_TAG=$(echo "${{ steps.meta.outputs.tags }}" | head -n 1) + echo "primary_tag=$PRIMARY_TAG" >> $GITHUB_OUTPUT + + - name: Push to GHCR + if: github.event_name != 'pull_request' + run: | + for tag in $(echo "${{ steps.meta.outputs.tags }}"); do + echo "Tagging and pushing: $tag" + buildah tag raw-img "$tag" + buildah push "$tag" + done + + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@v3.3.0 + + # VI TILFØJER LOGIN TIL COSIGN HER + - name: Log into GHCR (Cosign) + if: github.event_name != 'pull_request' + run: | + cosign login ${{ env.REGISTRY }} -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} + + - name: Sign image + if: github.event_name != 'pull_request' + run: | + # Vi signerer det primære tag. + # Vi bruger --yes til at acceptere betingelserne automatisk. + cosign sign --yes "${{ steps.build-image.outputs.primary_tag }}" diff --git a/Dockerfile b/Dockerfile index 2ef532b..b987dcc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,8 +1,4 @@ FROM quay.io/almalinuxorg/atomic-desktop-kde:10 -ARG CACHEBUST=1 - -# Get list of kernels from my repo. If the list has been updated, then the image will be rebuilt. If it hasn't been updated, then caching of the previous build will be used. -ADD "https://copr.fedorainfracloud.org/api_3/build/list?ownername=andersrh&projectname=my-ostree-os&packagename=kernel" /tmp/builds.txt RUN echo 'omit_drivers+=" nouveau "' | tee /etc/dracut.conf.d/blacklist-nouveau.conf From 1850c475afb6336527aab6047bdac729b6f69643 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Thu, 15 Jan 2026 20:15:23 -0300 Subject: [PATCH 09/28] Don't prioritize rhel+epel repo over epel repo. Install newest version of packages. --- repo/andersrh-myostree-os-rhel+epel.repo | 1 - 1 file changed, 1 deletion(-) diff --git a/repo/andersrh-myostree-os-rhel+epel.repo b/repo/andersrh-myostree-os-rhel+epel.repo index 0c5b27a..17fbb0c 100644 --- a/repo/andersrh-myostree-os-rhel+epel.repo +++ b/repo/andersrh-myostree-os-rhel+epel.repo @@ -8,4 +8,3 @@ gpgkey=https://download.copr.fedorainfracloud.org/results/andersrh/my-ostree-os/ repo_gpgcheck=0 enabled=1 enabled_metadata=1 -priority=98 From 6edd7c97f8fc3bce1fd586a8a92242e6b57af504 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Fri, 16 Jan 2026 11:42:03 -0300 Subject: [PATCH 10/28] Enable automatic updates --- Dockerfile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/Dockerfile b/Dockerfile index b987dcc..ba944d7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,5 +47,9 @@ COPY usr /usr RUN cd /usr/bin && wget https://raw.githubusercontent.com/CachyOS/CachyOS-Settings/refs/heads/master/usr/bin/kerver && chmod +x kerver +# Enable automatic updates +RUN sed -i 's/#AutomaticUpdatePolicy.*/AutomaticUpdatePolicy=stage/' /etc/rpm-ostreed.conf +RUN systemctl enable rpm-ostreed-automatic.timer + RUN rm -rf /tmp/* /var/* && mkdir -p /var/tmp && chmod -R 1777 /var/tmp && \ bootc container lint From 189b0cc65c34ba43090a426b459c7dbe18bbce52 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Fri, 16 Jan 2026 12:03:12 -0300 Subject: [PATCH 11/28] Revert "Enable automatic updates" This reverts commit 6edd7c97f8fc3bce1fd586a8a92242e6b57af504. --- Dockerfile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index ba944d7..b987dcc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,9 +47,5 @@ COPY usr /usr RUN cd /usr/bin && wget https://raw.githubusercontent.com/CachyOS/CachyOS-Settings/refs/heads/master/usr/bin/kerver && chmod +x kerver -# Enable automatic updates -RUN sed -i 's/#AutomaticUpdatePolicy.*/AutomaticUpdatePolicy=stage/' /etc/rpm-ostreed.conf -RUN systemctl enable rpm-ostreed-automatic.timer - RUN rm -rf /tmp/* /var/* && mkdir -p /var/tmp && chmod -R 1777 /var/tmp && \ bootc container lint From 286b525fd142de5e06a01f54439637b52aba41ce Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Fri, 16 Jan 2026 12:29:34 -0300 Subject: [PATCH 12/28] add cleanup script for GHCR --- .github/workflows/cleanup.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .github/workflows/cleanup.yml diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml new file mode 100644 index 0000000..5337eb6 --- /dev/null +++ b/.github/workflows/cleanup.yml @@ -0,0 +1,21 @@ +name: Ryd op i GHCR + +on: + schedule: + - cron: '0 0 * * 0' # Kører hver søndag ved midnat + workflow_dispatch: # Gør det muligt at køre den manuelt + +jobs: + delete-old-images: + runs-on: ubuntu-latest + permissions: + packages: write + steps: + - name: Slet gamle versioner + uses: actions/delete-package-versions@v5 + with: + package-name: 'os-26535' # Skift til dit image navn + package-type: 'container' + min-versions-to-keep: 50 + delete-only-untagged-versions: 'false' + token: ${{ secrets.GITHUB_TOKEN }} From ebb91059197c413108de08df568dfeb39f7aa137 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Fri, 6 Feb 2026 10:40:00 -0300 Subject: [PATCH 13/28] Install HPLIP for HP printer support --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index b987dcc..485b83f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,6 +29,9 @@ RUN dnf install libheif-freeworld -y # Install proprietary codecs RUN dnf swap libavcodec-free libavcodec-freeworld --allowerasing -y +# Install HPLIP for HP printer support +RUN dnf install hplip -y + RUN dnf -y install gwenview haruna kalk okular RUN dnf -y install chromium firefox From 692f20cb212525542b570d214e26f995f68d31c9 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Tue, 17 Mar 2026 18:21:35 -0300 Subject: [PATCH 14/28] Install Docker --- Dockerfile | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 485b83f..9c26552 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,16 +39,21 @@ RUN dnf -y install chromium firefox RUN rm -f /usr/lib64/libopenh264.so.2.4.1 /usr/lib64/libopenh264.so.7 RUN rpm -Uvh --nodeps https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/o/openh264-2.5.1-1.fc42.x86_64.rpm https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/m/mozilla-openh264-2.5.1-1.fc42.x86_64.rpm +RUN dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo +RUN dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y + # Delete default Chromium config so it can be replaced by my own RUN rm -f /etc/chromium/chromium.conf # Add rule to SELinux allowing modules to be loaded into custom kernel RUN setsebool -P domain_kernel_load_modules on +RUN systemctl enable docker + COPY etc /etc COPY usr /usr RUN cd /usr/bin && wget https://raw.githubusercontent.com/CachyOS/CachyOS-Settings/refs/heads/master/usr/bin/kerver && chmod +x kerver RUN rm -rf /tmp/* /var/* && mkdir -p /var/tmp && chmod -R 1777 /var/tmp && \ -bootc container lint + bootc container lint From 212a58f998435cc29e185f02b4996c507183b3e9 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Fri, 27 Mar 2026 12:53:41 -0300 Subject: [PATCH 15/28] Add KDE/SonicDE X11 session --- Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Dockerfile b/Dockerfile index 9c26552..94e9695 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,6 +13,11 @@ RUN dnf install -y alsa-sof-firmware RUN dnf install --nogpgcheck -y https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-$(rpm -E %rhel).noarch.rpm https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-$(rpm -E %rhel).noarch.rpm +RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/andersrh/sonicDE/repo/rhel+epel-10/andersrh-sonicDE-rhel+epel-10.repo -y +RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/xlibre/xlibre-xserver/repo/rhel+epel-10/group_xlibre-xlibre-xserver-rhel+epel-10.repo -y + +RUN dnf install sonic-workspace-x11 sonic-win sonic-interface-libraries sonic-workspace --allowerasing -y + RUN dnf install -y fish distrobox nvtop intel-media-driver libva-intel-driver htop RUN dnf install -y https://github.com/TheAssassin/AppImageLauncher/releases/download/v2.2.0/appimagelauncher-2.2.0-travis995.0f91801.x86_64.rpm From 0180f9fa4e1da337dfd0b161d524d80a9cf84092 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Fri, 27 Mar 2026 18:09:25 -0300 Subject: [PATCH 16/28] Install more x11 packages --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 94e9695..3b0f2a8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -47,6 +47,9 @@ RUN rpm -Uvh --nodeps https://codecs.fedoraproject.org/openh264/42/x86_64/Packag RUN dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo RUN dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y +RUN dnf install xlibre-xserver-Xorg xlibre-xserver-devel xinput meson gcc cmake libX11-devel libXext-devel libXft-devel libXinerama-devel xorg-x11-proto-devel libxshmfence-devel libxkbfile-devel libbsd-devel libXfont2-devel xkbcomp libfontenc-devel libXres-devel libXdmcp-devel dbus-devel systemd-devel libudev-devel libxcvt-devel libdrm-devel libXv-devel libseat-devel libXv-devel xkbcomp xkeyboard-config-devel mesa-libGL-devel mesa-libEGL-devel libepoxy-devel mesa-libgbm-devel libdrm-devel xcb-util-devel xcb-util-image-devel xcb-util-keysyms-devel xcb-util-wm-devel xcb-util-renderutil-devel openssl-devel libXau-devel libXdmcp-devel libSM-devel libICE-devel startup-notification-devel libgtop2-devel libepoxy-devel libgudev-devel libwnck3-devel.x86_64 libdisplay-info-devel.x86_64 libnotify-devel.x86_64 upower-devel.x86_64 iceauth libICE-devel libSM-devel libXpresent-devel libyaml-devel vte291-devel gtk3-devel xorg-x11-xinit xlibre-xf86-input-libinput-devel xlibre-xf86-input-libinput \ + libXScrnSaver-devel libxklavier-devel pam-devel gcc-c++ dbus-glib-devel libtool gettext-devel gstreamer1-devel sqlite-devel pavucontrol pulseaudio-libs-devel weston cage network-manager-applet redshift blueman -y + # Delete default Chromium config so it can be replaced by my own RUN rm -f /etc/chromium/chromium.conf From b7f457000e107474076dedae9261041e9e7adc38 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Fri, 27 Mar 2026 18:15:26 -0300 Subject: [PATCH 17/28] remove unfound and unneeded packages --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 3b0f2a8..3bd7d08 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,7 +48,7 @@ RUN dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker- RUN dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y RUN dnf install xlibre-xserver-Xorg xlibre-xserver-devel xinput meson gcc cmake libX11-devel libXext-devel libXft-devel libXinerama-devel xorg-x11-proto-devel libxshmfence-devel libxkbfile-devel libbsd-devel libXfont2-devel xkbcomp libfontenc-devel libXres-devel libXdmcp-devel dbus-devel systemd-devel libudev-devel libxcvt-devel libdrm-devel libXv-devel libseat-devel libXv-devel xkbcomp xkeyboard-config-devel mesa-libGL-devel mesa-libEGL-devel libepoxy-devel mesa-libgbm-devel libdrm-devel xcb-util-devel xcb-util-image-devel xcb-util-keysyms-devel xcb-util-wm-devel xcb-util-renderutil-devel openssl-devel libXau-devel libXdmcp-devel libSM-devel libICE-devel startup-notification-devel libgtop2-devel libepoxy-devel libgudev-devel libwnck3-devel.x86_64 libdisplay-info-devel.x86_64 libnotify-devel.x86_64 upower-devel.x86_64 iceauth libICE-devel libSM-devel libXpresent-devel libyaml-devel vte291-devel gtk3-devel xorg-x11-xinit xlibre-xf86-input-libinput-devel xlibre-xf86-input-libinput \ - libXScrnSaver-devel libxklavier-devel pam-devel gcc-c++ dbus-glib-devel libtool gettext-devel gstreamer1-devel sqlite-devel pavucontrol pulseaudio-libs-devel weston cage network-manager-applet redshift blueman -y + libXScrnSaver-devel libxklavier-devel pam-devel gcc-c++ dbus-glib-devel libtool gettext-devel gstreamer1-devel sqlite-devel pavucontrol pulseaudio-libs-devel weston network-manager-applet -y # Delete default Chromium config so it can be replaced by my own RUN rm -f /etc/chromium/chromium.conf From 9ffb10423227c3c51c620b7a27c06110a4501475 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Fri, 27 Mar 2026 18:31:20 -0300 Subject: [PATCH 18/28] Add x11 config files --- etc/X11/xorg.conf.d/20-modesetting.conf | 7 +++++++ etc/X11/xorg.conf.d/90-touchpad-tap.conf | 19 +++++++++++++++++++ 2 files changed, 26 insertions(+) create mode 100644 etc/X11/xorg.conf.d/20-modesetting.conf create mode 100644 etc/X11/xorg.conf.d/90-touchpad-tap.conf diff --git a/etc/X11/xorg.conf.d/20-modesetting.conf b/etc/X11/xorg.conf.d/20-modesetting.conf new file mode 100644 index 0000000..332e165 --- /dev/null +++ b/etc/X11/xorg.conf.d/20-modesetting.conf @@ -0,0 +1,7 @@ +Section "Device" + Identifier "Intel Graphics" + Driver "modesetting" + Option "ShadowFB" "false" # you don't need on recent hardware + Option "Atomic" "true" #only effective on Xlibre, or Xorg-git with a special patch + Option "TearFree" "false" # We will be using compositor, so TearFree (extra buffer) in the driver is not necessary +EndSection diff --git a/etc/X11/xorg.conf.d/90-touchpad-tap.conf b/etc/X11/xorg.conf.d/90-touchpad-tap.conf new file mode 100644 index 0000000..9000db3 --- /dev/null +++ b/etc/X11/xorg.conf.d/90-touchpad-tap.conf @@ -0,0 +1,19 @@ +Section "InputClass" + Identifier "Touchpad Tap" + # Matcher alle touchpads der bruger libinput + MatchIsTouchpad "on" + MatchDevicePath "/dev/input/event*" + Driver "libinput" + + # Korrigerer hastigheden til 2x (til 4K / 200% skalering) + #Option "TransformationMatrix" "5 0 0 0 5 0 0 0 2" + + # Bruger den ergonomiske 'adaptive' profil (1 0 er Adaptive) + #Option "AccelProfile" "adaptive" + + # Holder grundhastigheden neutral (0.0) + #Option "AccelSpeed" "0" + + # Valgfrit: Slå tap-to-click til, hvis du foretrækker det + Option "Tapping" "on" +EndSection From dbb20f3399a28fb09f47934fa43cc73233567ccd Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Fri, 3 Apr 2026 13:18:17 -0300 Subject: [PATCH 19/28] touchpad scaling and 580 nvidia driver --- Dockerfile | 2 +- etc/X11/xorg.conf.d/90-touchpad-tap.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3bd7d08..9bda9d9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,7 +6,7 @@ COPY bin/set_next_version.sh /tmp RUN /tmp/set_next_version.sh COPY repo/*.repo /etc/yum.repos.d/ -RUN dnf config-manager --add-repo=https://negativo17.org/repos/epel-nvidia.repo -y +RUN dnf config-manager --add-repo=https://negativo17.org/repos/epel-nvidia-580.repo -y # This is necessary for the speakers and internal microphone RUN dnf install -y alsa-sof-firmware diff --git a/etc/X11/xorg.conf.d/90-touchpad-tap.conf b/etc/X11/xorg.conf.d/90-touchpad-tap.conf index 9000db3..aef5833 100644 --- a/etc/X11/xorg.conf.d/90-touchpad-tap.conf +++ b/etc/X11/xorg.conf.d/90-touchpad-tap.conf @@ -6,7 +6,7 @@ Section "InputClass" Driver "libinput" # Korrigerer hastigheden til 2x (til 4K / 200% skalering) - #Option "TransformationMatrix" "5 0 0 0 5 0 0 0 2" + Option "TransformationMatrix" "5 0 0 0 5 0 0 0 2" # Bruger den ergonomiske 'adaptive' profil (1 0 er Adaptive) #Option "AccelProfile" "adaptive" From 910fde270b3313fc29fda34922966c60d14940df Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Tue, 5 May 2026 16:52:56 -0300 Subject: [PATCH 20/28] Adjust code for migration --- .forgejo/workflows/os.yml | 70 ++++++++++++++++++++++++++ .github/workflows/cleanup.yml | 21 -------- .github/workflows/os.yml | 95 ----------------------------------- Dockerfile | 3 +- 4 files changed, 71 insertions(+), 118 deletions(-) create mode 100644 .forgejo/workflows/os.yml delete mode 100644 .github/workflows/cleanup.yml delete mode 100644 .github/workflows/os.yml diff --git a/.forgejo/workflows/os.yml b/.forgejo/workflows/os.yml new file mode 100644 index 0000000..e4d6fd2 --- /dev/null +++ b/.forgejo/workflows/os.yml @@ -0,0 +1,70 @@ +name: os + +on: + schedule: + - cron: '0 5 8,18,28 * *' + push: + paths: + - 'Dockerfile' + - 'etc/**' + - 'usr/**' + - 'repo/**' + - '.forgejo/workflows/os.yml' + - 'buildinstallxfce.sh' + - 'buildinstallxfceaddons.sh' + workflow_dispatch: + +env: + REGISTRY: forge.pc-rytteren.dk + IMAGE_NAME: ${{ github.repository }} + +jobs: + build: + runs-on: almalinux-10 + permissions: + contents: read + packages: write + + steps: + + - name: Get current date + id: date + run: echo "date=$(date +'%Y%m%d')" >> $FORGEJO_OUTPUT + + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + # Vi konstruerer tags her med branch-navnet som præfiks + tags: | + type=ref,event=branch + type=raw,value=latest,enable={{is_default_branch}} + type=raw,value=${{ github.ref_name }}-10 + type=raw,value=${{ github.ref_name }}-10.${{ steps.date.outputs.date }} + + - name: Log into Forgejo Container Registry + if: github.event_name != 'pull_request' + run: | + buildah login -u ${{ github.actor }} -p ${{ secrets.PACKAGE_TOKEN }} ${{ env.REGISTRY }} + + - name: Build image with Buildah + id: build-image + run: | + # Vi bygger med 'raw-img' lokalt + buildah bud \ + --label "org.opencontainers.image.source=https://pc-rytteren.dk/forge/${{ github.repository }}" \ + -t raw-img . + + - name: Push to Forgejo Container Registry + if: github.event_name != 'pull_request' + run: | + for tag in $(echo "${{ steps.meta.outputs.tags }}"); do + echo "Tagging and pushing: $tag" + buildah tag raw-img "$tag" + buildah push "$tag" + done + diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml deleted file mode 100644 index 5337eb6..0000000 --- a/.github/workflows/cleanup.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: Ryd op i GHCR - -on: - schedule: - - cron: '0 0 * * 0' # Kører hver søndag ved midnat - workflow_dispatch: # Gør det muligt at køre den manuelt - -jobs: - delete-old-images: - runs-on: ubuntu-latest - permissions: - packages: write - steps: - - name: Slet gamle versioner - uses: actions/delete-package-versions@v5 - with: - package-name: 'os-26535' # Skift til dit image navn - package-type: 'container' - min-versions-to-keep: 50 - delete-only-untagged-versions: 'false' - token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/os.yml b/.github/workflows/os.yml deleted file mode 100644 index 10e0f8c..0000000 --- a/.github/workflows/os.yml +++ /dev/null @@ -1,95 +0,0 @@ -name: os - -on: - schedule: - - cron: '0 5 8,18,28 * *' - push: - paths: - - 'Dockerfile' - - 'etc/**' - - 'usr/**' - - 'repo/**' - - '.github/workflows/os.yml' - workflow_dispatch: - -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} - -jobs: - build: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - id-token: write # Påkrævet til cosign keyless signering - - steps: - - name: Maximize build space - uses: AdityaGarg8/remove-unwanted-software@v5 - with: - remove-dotnet: 'true' - remove-android: 'true' - remove-haskell: 'true' - - - name: Get current date - id: date - run: echo "date=$(date +'%Y%m%d')" >> $GITHUB_OUTPUT - - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - # Vi konstruerer tags her med branch-navnet som præfiks - tags: | - type=ref,event=branch - type=raw,value=latest,enable={{is_default_branch}} - type=raw,value=${{ github.ref_name }}-10 - type=raw,value=${{ github.ref_name }}-10.${{ steps.date.outputs.date }} - - - name: Log into GHCR - if: github.event_name != 'pull_request' - run: | - buildah login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ${{ env.REGISTRY }} - - - name: Build image with Buildah - id: build-image - run: | - # Vi bygger med 'raw-img' lokalt - buildah bud \ - --label "org.opencontainers.image.source=https://github.com/${{ github.repository }}" \ - -t raw-img . - - # Gem det primære tag til signering (vi tager det første fra listen) - PRIMARY_TAG=$(echo "${{ steps.meta.outputs.tags }}" | head -n 1) - echo "primary_tag=$PRIMARY_TAG" >> $GITHUB_OUTPUT - - - name: Push to GHCR - if: github.event_name != 'pull_request' - run: | - for tag in $(echo "${{ steps.meta.outputs.tags }}"); do - echo "Tagging and pushing: $tag" - buildah tag raw-img "$tag" - buildah push "$tag" - done - - - name: Install cosign - if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@v3.3.0 - - # VI TILFØJER LOGIN TIL COSIGN HER - - name: Log into GHCR (Cosign) - if: github.event_name != 'pull_request' - run: | - cosign login ${{ env.REGISTRY }} -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} - - - name: Sign image - if: github.event_name != 'pull_request' - run: | - # Vi signerer det primære tag. - # Vi bruger --yes til at acceptere betingelserne automatisk. - cosign sign --yes "${{ steps.build-image.outputs.primary_tag }}" diff --git a/Dockerfile b/Dockerfile index 9bda9d9..2d6c6c9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -63,5 +63,4 @@ COPY usr /usr RUN cd /usr/bin && wget https://raw.githubusercontent.com/CachyOS/CachyOS-Settings/refs/heads/master/usr/bin/kerver && chmod +x kerver -RUN rm -rf /tmp/* /var/* && mkdir -p /var/tmp && chmod -R 1777 /var/tmp && \ - bootc container lint +RUN rm -rf /tmp/* /var/* && mkdir -p /var/tmp && chmod -R 1777 /var/tmp From dfe737d35cd85978ee425056a0d28ea06bf9b1ef Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Wed, 13 May 2026 16:39:38 -0300 Subject: [PATCH 21/28] add default tag name of branch --- .forgejo/workflows/os.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.forgejo/workflows/os.yml b/.forgejo/workflows/os.yml index e4d6fd2..688a6d9 100644 --- a/.forgejo/workflows/os.yml +++ b/.forgejo/workflows/os.yml @@ -43,6 +43,7 @@ jobs: tags: | type=ref,event=branch type=raw,value=latest,enable={{is_default_branch}} + type=raw,value=${{ github.ref_name }} type=raw,value=${{ github.ref_name }}-10 type=raw,value=${{ github.ref_name }}-10.${{ steps.date.outputs.date }} From e09210e2b24cfb4a7cc50da4fa53df0ead045177 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Wed, 13 May 2026 16:41:20 -0300 Subject: [PATCH 22/28] replace haruna with vlc --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 2d6c6c9..f4c148c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,7 +37,7 @@ RUN dnf swap libavcodec-free libavcodec-freeworld --allowerasing -y # Install HPLIP for HP printer support RUN dnf install hplip -y -RUN dnf -y install gwenview haruna kalk okular +RUN dnf -y install gwenview vlc kalk okular RUN dnf -y install chromium firefox # replace noopenh264 with real openh264 files From cd22c60f912ce2196b6a9686d14f254c9290a190 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Wed, 13 May 2026 16:43:36 -0300 Subject: [PATCH 23/28] add scx_scheds and cachyos-settings --- Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index f4c148c..2bab155 100644 --- a/Dockerfile +++ b/Dockerfile @@ -40,6 +40,10 @@ RUN dnf install hplip -y RUN dnf -y install gwenview vlc kalk okular RUN dnf -y install chromium firefox +# Enable CachyOS addons EL10 fork repo +RUN dnf copr enable andersrh/kernel-cachyos-addons-el10 -y +RUN dnf install -y scx-scheds cachyos-settings + # replace noopenh264 with real openh264 files RUN rm -f /usr/lib64/libopenh264.so.2.4.1 /usr/lib64/libopenh264.so.7 RUN rpm -Uvh --nodeps https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/o/openh264-2.5.1-1.fc42.x86_64.rpm https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/m/mozilla-openh264-2.5.1-1.fc42.x86_64.rpm @@ -61,6 +65,4 @@ RUN systemctl enable docker COPY etc /etc COPY usr /usr -RUN cd /usr/bin && wget https://raw.githubusercontent.com/CachyOS/CachyOS-Settings/refs/heads/master/usr/bin/kerver && chmod +x kerver - RUN rm -rf /tmp/* /var/* && mkdir -p /var/tmp && chmod -R 1777 /var/tmp From f897fca262621f0a4ebfbee1b083d12e54007e91 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Fri, 15 May 2026 20:24:58 -0300 Subject: [PATCH 24/28] remove nvidia driver and unnecessary X11 packages --- Dockerfile | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2bab155..4d58396 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,9 @@ FROM quay.io/almalinuxorg/atomic-desktop-kde:10 -RUN echo 'omit_drivers+=" nouveau "' | tee /etc/dracut.conf.d/blacklist-nouveau.conf - COPY bin/set_next_version.sh /tmp RUN /tmp/set_next_version.sh COPY repo/*.repo /etc/yum.repos.d/ -RUN dnf config-manager --add-repo=https://negativo17.org/repos/epel-nvidia-580.repo -y # This is necessary for the speakers and internal microphone RUN dnf install -y alsa-sof-firmware @@ -21,10 +18,6 @@ RUN dnf install sonic-workspace-x11 sonic-win sonic-interface-libraries sonic-wo RUN dnf install -y fish distrobox nvtop intel-media-driver libva-intel-driver htop RUN dnf install -y https://github.com/TheAssassin/AppImageLauncher/releases/download/v2.2.0/appimagelauncher-2.2.0-travis995.0f91801.x86_64.rpm -# Install Negativo17 Nvidia driver -RUN dnf install -y dkms-nvidia nvidia-driver nvidia-persistenced opencl-filesystem libva-nvidia-driver kernel-devel-matched -RUN dkms install nvidia/$(ls /usr/src/ | grep nvidia- | cut -d- -f2-) -k $(rpm -q --queryformat "%{VERSION}-%{RELEASE}.%{ARCH}\n" kernel) - # Remove plocate to avoid updatedb going crazy with scanning the file system once a day RUN dnf remove -y plocate @@ -51,8 +44,7 @@ RUN rpm -Uvh --nodeps https://codecs.fedoraproject.org/openh264/42/x86_64/Packag RUN dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo RUN dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y -RUN dnf install xlibre-xserver-Xorg xlibre-xserver-devel xinput meson gcc cmake libX11-devel libXext-devel libXft-devel libXinerama-devel xorg-x11-proto-devel libxshmfence-devel libxkbfile-devel libbsd-devel libXfont2-devel xkbcomp libfontenc-devel libXres-devel libXdmcp-devel dbus-devel systemd-devel libudev-devel libxcvt-devel libdrm-devel libXv-devel libseat-devel libXv-devel xkbcomp xkeyboard-config-devel mesa-libGL-devel mesa-libEGL-devel libepoxy-devel mesa-libgbm-devel libdrm-devel xcb-util-devel xcb-util-image-devel xcb-util-keysyms-devel xcb-util-wm-devel xcb-util-renderutil-devel openssl-devel libXau-devel libXdmcp-devel libSM-devel libICE-devel startup-notification-devel libgtop2-devel libepoxy-devel libgudev-devel libwnck3-devel.x86_64 libdisplay-info-devel.x86_64 libnotify-devel.x86_64 upower-devel.x86_64 iceauth libICE-devel libSM-devel libXpresent-devel libyaml-devel vte291-devel gtk3-devel xorg-x11-xinit xlibre-xf86-input-libinput-devel xlibre-xf86-input-libinput \ - libXScrnSaver-devel libxklavier-devel pam-devel gcc-c++ dbus-glib-devel libtool gettext-devel gstreamer1-devel sqlite-devel pavucontrol pulseaudio-libs-devel weston network-manager-applet -y +RUN dnf install xorg-x11-xinit xkbcomp xinput xlibre-xserver-Xorg xlibre-xf86-input-libinput -y # Delete default Chromium config so it can be replaced by my own RUN rm -f /etc/chromium/chromium.conf From e90cfc8b780fb8e8eeddb98e4a414913e41a174a Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Sat, 16 May 2026 13:50:45 -0300 Subject: [PATCH 25/28] Install Mate Desktop --- Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Dockerfile b/Dockerfile index 4d58396..57eb365 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,9 +12,12 @@ RUN dnf install --nogpgcheck -y https://mirrors.rpmfusion.org/free/el/rpmfusion- RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/andersrh/sonicDE/repo/rhel+epel-10/andersrh-sonicDE-rhel+epel-10.repo -y RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/xlibre/xlibre-xserver/repo/rhel+epel-10/group_xlibre-xlibre-xserver-rhel+epel-10.repo -y +RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/skip77/MateDesktop-EL10/repo/rhel+epel-10/skip77-MateDesktop-EL10-rhel+epel-10.repo -y RUN dnf install sonic-workspace-x11 sonic-win sonic-interface-libraries sonic-workspace --allowerasing -y +RUN dnf groupinstall "MATE-Desktop" -y + RUN dnf install -y fish distrobox nvtop intel-media-driver libva-intel-driver htop RUN dnf install -y https://github.com/TheAssassin/AppImageLauncher/releases/download/v2.2.0/appimagelauncher-2.2.0-travis995.0f91801.x86_64.rpm From bf803ff88f582b1ca9f0cb190fc1f07f625d0825 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Sat, 16 May 2026 14:21:45 -0300 Subject: [PATCH 26/28] Enable TearFree --- etc/X11/xorg.conf.d/20-modesetting.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/X11/xorg.conf.d/20-modesetting.conf b/etc/X11/xorg.conf.d/20-modesetting.conf index 332e165..1296f55 100644 --- a/etc/X11/xorg.conf.d/20-modesetting.conf +++ b/etc/X11/xorg.conf.d/20-modesetting.conf @@ -3,5 +3,5 @@ Section "Device" Driver "modesetting" Option "ShadowFB" "false" # you don't need on recent hardware Option "Atomic" "true" #only effective on Xlibre, or Xorg-git with a special patch - Option "TearFree" "false" # We will be using compositor, so TearFree (extra buffer) in the driver is not necessary + Option "TearFree" "true" # We will be using compositor, so TearFree (extra buffer) in the driver is not necessary EndSection From 456fb282e8573f8abb8cf109652e248833936df2 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Sat, 16 May 2026 17:58:44 -0300 Subject: [PATCH 27/28] remove comment --- etc/X11/xorg.conf.d/20-modesetting.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/X11/xorg.conf.d/20-modesetting.conf b/etc/X11/xorg.conf.d/20-modesetting.conf index 1296f55..da8f040 100644 --- a/etc/X11/xorg.conf.d/20-modesetting.conf +++ b/etc/X11/xorg.conf.d/20-modesetting.conf @@ -3,5 +3,5 @@ Section "Device" Driver "modesetting" Option "ShadowFB" "false" # you don't need on recent hardware Option "Atomic" "true" #only effective on Xlibre, or Xorg-git with a special patch - Option "TearFree" "true" # We will be using compositor, so TearFree (extra buffer) in the driver is not necessary + Option "TearFree" "true" EndSection From 94f0906f9d395ebb987531fedd5818ae898be0c2 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Sat, 16 May 2026 18:01:46 -0300 Subject: [PATCH 28/28] remove custom chromium config --- Dockerfile | 3 -- etc/chromium/chromium.conf | 76 -------------------------------------- 2 files changed, 79 deletions(-) delete mode 100644 etc/chromium/chromium.conf diff --git a/Dockerfile b/Dockerfile index 57eb365..3bad7a5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -49,9 +49,6 @@ RUN dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docke RUN dnf install xorg-x11-xinit xkbcomp xinput xlibre-xserver-Xorg xlibre-xf86-input-libinput -y -# Delete default Chromium config so it can be replaced by my own -RUN rm -f /etc/chromium/chromium.conf - # Add rule to SELinux allowing modules to be loaded into custom kernel RUN setsebool -P domain_kernel_load_modules on diff --git a/etc/chromium/chromium.conf b/etc/chromium/chromium.conf deleted file mode 100644 index f6cbbbc..0000000 --- a/etc/chromium/chromium.conf +++ /dev/null @@ -1,76 +0,0 @@ -# system wide chromium flags - -ARCH="$(arch)" -MODE="$(systemd-detect-virt)" - -# GRAPHIC_DRIVER=[amd|intel|nvidia|default] -GRAPHIC_DRIVER=intel - -# WEB_DARKMODE=[on|off] -WEB_DARKMODE=off - -# NATIVE_WAYLAND=[on|off] -# chromium >=141 switched to --ozone-platform-hint=auto -if [ ! -z "$WAYLAND_DISPLAY" ]; then - NATIVE_WAYLAND=on -else - NATIVE_WAYLAND=off -fi - -DISABLE_FEATURES="LensOverlay,ExtensionManifestV2Unsupported,ExtensionManifestV2Disabled" -ENABLE_FEATURES="AllowQt" -CHROMIUM_FLAGS=" --enable-chrome-browser-cloud-management" -if [ "$NATIVE_WAYLAND" == "on" ] ; then - ENABLE_FEATURES+=",WaylandLinuxDrmSyncobj,WaylandPerSurfaceScale,WaylandUiScale" - CHROMIUM_FLAGS+=" --ozone-platform=wayland" -else - CHROMIUM_FLAGS+=" --enable-gpu-memory-buffer-video-frames" - CHROMIUM_FLAGS+=" --enable-zero-copy" - CHROMIUM_FLAGS+=" --ignore-gpu-blocklist --disable-gpu-driver-bug-workaround" - CHROMIUM_FLAGS+=" --enable-gpu-rasterization" -fi - -ENABLE_FEATURES+=",AcceleratedVideoDecodeLinuxGL,AcceleratedVideoDecodeLinuxZeroCopyGL" - -case "$GRAPHIC_DRIVER" in - amd|intel) - # Need new mesa with AMD multi planes support, is supported in fedora >= 40 (mesa-24.1.1 or newer) - # see https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/26165 - CHROMIUM_FLAGS+=" --enable-accelerated-video-decode" - ENABLE_FEATURES+=",VaapiIgnoreDriverChecks,UseMultiPlaneFormatForHardwareVideo" - ;; - nvidia) - # The NVIDIA VaAPI drivers are known to not support Chromium - # see https://crbug.com/1492880. This feature switch is - # provided for developers to test VaAPI drivers on NVIDIA GPUs - ENABLE_FEATURES+=",VaapiOnNvidiaGPUs" - export CUDA_DISABLE_PERF_BOOST=1 - ;; - *) - ENABLE_FEATURES+=",AcceleratedVideoEncoder" - ;; -esac - -if [ "$MODE" != "none" ] ; then - # chromium in VM, running with standard setting - CHROMIUM_FLAGS="" - DISABLE_FEATURES="" - ENABLE_FEATURES="" -fi - -# Set gtk version to 3 by default -# todo: switch to gtk4 in the future -CHROMIUM_FLAGS+=" --gtk-version=3" - -# Web Dark mode -if [ "$WEB_DARKMODE" == "on" ] ; then - darktype="WebContentsForceDark:inversion_method/cielab_based/image_behavior/none/foreground_lightness_threshold/150/background_lightness_threshold/205" - if [ -z "$ENABLE_FEATURES" ] ; then - ENABLE_FEATURES+="$darktype" - else - ENABLE_FEATURES+=",$darktype" - fi -fi - -[ -z "$DISABLE_FEATURES" ] || CHROMIUM_FLAGS+=" --disable-features=$DISABLE_FEATURES" -[ -z "$ENABLE_FEATURES" ] || CHROMIUM_FLAGS+=" --enable-features=$ENABLE_FEATURES"