Compare commits
4 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
147a1bd706 | ||
|
|
672eb3820a | ||
|
|
663ecaeb77 | ||
|
|
e0efbbc82c |
7 changed files with 218 additions and 126 deletions
|
|
@ -1,71 +0,0 @@
|
|||
name: os
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '0 5 8,18,28 * *'
|
||||
push:
|
||||
paths:
|
||||
- 'Dockerfile'
|
||||
- 'etc/**'
|
||||
- 'usr/**'
|
||||
- 'repo/**'
|
||||
- '.forgejo/workflows/os.yml'
|
||||
- 'buildinstallxfce.sh'
|
||||
- 'buildinstallxfceaddons.sh'
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
REGISTRY: forge.pc-rytteren.dk
|
||||
IMAGE_NAME: ${{ github.repository }}
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: almalinux-10
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
|
||||
steps:
|
||||
|
||||
- name: Get current date
|
||||
id: date
|
||||
run: echo "date=$(date +'%Y%m%d')" >> $FORGEJO_OUTPUT
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
|
||||
- name: Extract Docker metadata
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
with:
|
||||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
||||
# Vi konstruerer tags her med branch-navnet som præfiks
|
||||
tags: |
|
||||
type=ref,event=branch
|
||||
type=raw,value=latest,enable={{is_default_branch}}
|
||||
type=raw,value=${{ github.ref_name }}
|
||||
type=raw,value=${{ github.ref_name }}-10
|
||||
type=raw,value=${{ github.ref_name }}-10.${{ steps.date.outputs.date }}
|
||||
|
||||
- name: Log into Forgejo Container Registry
|
||||
if: github.event_name != 'pull_request'
|
||||
run: |
|
||||
buildah login -u ${{ github.actor }} -p ${{ secrets.PACKAGE_TOKEN }} ${{ env.REGISTRY }}
|
||||
|
||||
- name: Build image with Buildah
|
||||
id: build-image
|
||||
run: |
|
||||
# Vi bygger med 'raw-img' lokalt
|
||||
buildah bud \
|
||||
--label "org.opencontainers.image.source=https://pc-rytteren.dk/forge/${{ github.repository }}" \
|
||||
-t raw-img .
|
||||
|
||||
- name: Push to Forgejo Container Registry
|
||||
if: github.event_name != 'pull_request'
|
||||
run: |
|
||||
for tag in $(echo "${{ steps.meta.outputs.tags }}"); do
|
||||
echo "Tagging and pushing: $tag"
|
||||
buildah tag raw-img "$tag"
|
||||
buildah push "$tag"
|
||||
done
|
||||
|
||||
114
.github/workflows/os.yml
vendored
Normal file
114
.github/workflows/os.yml
vendored
Normal file
|
|
@ -0,0 +1,114 @@
|
|||
name: os
|
||||
|
||||
# This workflow uses actions that are not certified by GitHub.
|
||||
# They are provided by a third-party and are governed by
|
||||
# separate terms of service, privacy policy, and support
|
||||
# documentation.
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '0 5 * * *' # 5 am every day
|
||||
push:
|
||||
paths:
|
||||
- 'Dockerfile'
|
||||
- 'etc/**'
|
||||
- 'usr/**'
|
||||
- 'repo/**'
|
||||
|
||||
env:
|
||||
# Use docker.io for Docker Hub if empty
|
||||
REGISTRY: ghcr.io
|
||||
# github.repository as <account>/<repo>
|
||||
IMAGE_NAME: ${{ github.repository }}
|
||||
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
|
||||
|
||||
|
||||
jobs:
|
||||
build:
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
# This is used to complete the identity challenge
|
||||
# with sigstore/fulcio when running outside of PRs.
|
||||
id-token: write
|
||||
|
||||
steps:
|
||||
- name: Maximize build space
|
||||
uses: AdityaGarg8/remove-unwanted-software@v1
|
||||
with:
|
||||
remove-dotnet: 'true'
|
||||
remove-android: 'true'
|
||||
remove-haskell: 'true'
|
||||
|
||||
- name: Get current date
|
||||
id: date
|
||||
run: echo "::set-output name=date::$(date +'%Y%m%d')"
|
||||
|
||||
- name: Test with environment variables
|
||||
run: echo $DATE
|
||||
env:
|
||||
DATE: ${{ steps.date.outputs.date }}
|
||||
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
|
||||
# Install the cosign tool except on PR
|
||||
# https://github.com/sigstore/cosign-installer
|
||||
- name: Install cosign
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 #v3.1.1
|
||||
with:
|
||||
cosign-release: 'v2.1.1'
|
||||
|
||||
# Workaround: https://github.com/docker/build-push-action/issues/461
|
||||
- name: Setup Docker buildx
|
||||
uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
|
||||
|
||||
# Login against a Docker registry except on PR
|
||||
# https://github.com/docker/login-action
|
||||
- name: Log into registry ${{ env.REGISTRY }}
|
||||
if: github.event_name != 'pull_request'
|
||||
uses: docker/login-action@28218f9b04b4f3f62068d7b6ce6ca5b26e35336c
|
||||
with:
|
||||
registry: ${{ env.REGISTRY }}
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
# Extract metadata (tags, labels) for Docker
|
||||
# https://github.com/docker/metadata-action
|
||||
- name: Extract Docker metadata
|
||||
id: meta
|
||||
uses: docker/metadata-action@98669ae865ea3cffbcbaa878cf57c20bbf1c6c38
|
||||
with:
|
||||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
||||
|
||||
# Build and push Docker image with Buildx (don't push on PR)
|
||||
# https://github.com/docker/build-push-action
|
||||
- name: Build and push Docker image
|
||||
id: build-and-push
|
||||
uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
|
||||
with:
|
||||
context: .
|
||||
push: ${{ github.event_name != 'pull_request' }}
|
||||
tags: ${{ steps.meta.outputs.tags }}, ${{ steps.meta.outputs.tags }}-10, ${{ steps.meta.outputs.tags }}-10.${{ steps.date.outputs.date }}
|
||||
# labels: ${{ steps.meta.outputs.labels }}
|
||||
cache-from: type=gha
|
||||
cache-to: type=gha,mode=max
|
||||
|
||||
|
||||
# Sign the resulting Docker image digest except on PRs.
|
||||
# This will only write to the public Rekor transparency log when the Docker
|
||||
# repository is public to avoid leaking data. If you would like to publish
|
||||
# transparency data even for private images, pass --force to cosign below.
|
||||
# https://github.com/sigstore/cosign
|
||||
- name: Sign the published Docker image
|
||||
if: ${{ github.event_name != 'pull_request' }}
|
||||
env:
|
||||
# https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
|
||||
TAGS: ${{ steps.meta.outputs.tags }}
|
||||
DIGEST: ${{ steps.build-and-push.outputs.digest }}
|
||||
# This step uses the identity token to provision an ephemeral certificate
|
||||
# against the sigstore community Fulcio instance.
|
||||
run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
|
||||
58
Dockerfile
58
Dockerfile
|
|
@ -1,26 +1,35 @@
|
|||
FROM quay.io/almalinuxorg/atomic-desktop-kde:10
|
||||
ARG CACHEBUST=1
|
||||
|
||||
ARG KERNEL=kernel-cachyos
|
||||
ENV KERNEL=${KERNEL}
|
||||
|
||||
# Get list of kernels from my repo. If the list has been updated, then the image will be rebuilt. If it hasn't been updated, then caching of the previous build will be used.
|
||||
ADD "https://copr.fedorainfracloud.org/api_3/build/list?ownername=andersrh&projectname=my-ostree-os&packagename=kernel" /tmp/builds.txt
|
||||
|
||||
RUN echo 'omit_drivers+=" nouveau "' | tee /etc/dracut.conf.d/blacklist-nouveau.conf
|
||||
|
||||
COPY bin/set_next_version.sh /tmp
|
||||
RUN /tmp/set_next_version.sh
|
||||
|
||||
COPY repo/*.repo /etc/yum.repos.d/
|
||||
RUN dnf config-manager --add-repo=https://negativo17.org/repos/epel-nvidia.repo -y
|
||||
|
||||
# This is necessary for the speakers and internal microphone
|
||||
RUN dnf install -y alsa-sof-firmware
|
||||
RUN dnf copr enable bieszczaders/kernel-cachyos -y
|
||||
|
||||
RUN dnf install -y ${KERNEL} ${KERNEL}-devel-matched
|
||||
|
||||
RUN dnf remove -y kernel kernel-core kernel-modules kernel-modules-core kernel-modules-extra kernel-tools kernel-tools-libs
|
||||
|
||||
RUN dnf install --nogpgcheck -y https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-$(rpm -E %rhel).noarch.rpm https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-$(rpm -E %rhel).noarch.rpm
|
||||
|
||||
RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/andersrh/sonicDE/repo/rhel+epel-10/andersrh-sonicDE-rhel+epel-10.repo -y
|
||||
RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/xlibre/xlibre-xserver/repo/rhel+epel-10/group_xlibre-xlibre-xserver-rhel+epel-10.repo -y
|
||||
RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/skip77/MateDesktop-EL10/repo/rhel+epel-10/skip77-MateDesktop-EL10-rhel+epel-10.repo -y
|
||||
|
||||
RUN dnf install sonic-workspace-x11 sonic-win sonic-interface-libraries sonic-workspace --allowerasing -y
|
||||
|
||||
RUN dnf groupinstall "MATE-Desktop" -y
|
||||
|
||||
RUN dnf install -y fish distrobox nvtop intel-media-driver libva-intel-driver htop
|
||||
RUN dnf install -y fish distrobox nvtop intel-media-driver libva-intel-driver
|
||||
RUN dnf install -y https://github.com/TheAssassin/AppImageLauncher/releases/download/v2.2.0/appimagelauncher-2.2.0-travis995.0f91801.x86_64.rpm
|
||||
|
||||
# Install Negativo17 Nvidia driver
|
||||
RUN dnf install -y dkms-nvidia nvidia-driver nvidia-persistenced opencl-filesystem libva-nvidia-driver
|
||||
RUN dkms install nvidia/$(ls /usr/src/ | grep nvidia- | cut -d- -f2-) -k $(rpm -q --queryformat "%{VERSION}-%{RELEASE}.%{ARCH}\n" kernel-cachyos)
|
||||
|
||||
# Remove plocate to avoid updatedb going crazy with scanning the file system once a day
|
||||
RUN dnf remove -y plocate
|
||||
|
||||
|
|
@ -30,31 +39,20 @@ RUN dnf install libheif-freeworld -y
|
|||
# Install proprietary codecs
|
||||
RUN dnf swap libavcodec-free libavcodec-freeworld --allowerasing -y
|
||||
|
||||
# Install HPLIP for HP printer support
|
||||
RUN dnf install hplip -y
|
||||
|
||||
RUN dnf -y install gwenview vlc kalk okular
|
||||
RUN dnf -y install gwenview haruna kalk okular
|
||||
RUN dnf -y install chromium firefox
|
||||
|
||||
# Enable CachyOS addons EL10 fork repo
|
||||
RUN dnf copr enable andersrh/kernel-cachyos-addons-el10 -y
|
||||
RUN dnf install -y scx-scheds cachyos-settings
|
||||
|
||||
# replace noopenh264 with real openh264 files
|
||||
RUN rm -f /usr/lib64/libopenh264.so.2.4.1 /usr/lib64/libopenh264.so.7
|
||||
RUN rpm -Uvh --nodeps https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/o/openh264-2.5.1-1.fc42.x86_64.rpm https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/m/mozilla-openh264-2.5.1-1.fc42.x86_64.rpm
|
||||
|
||||
RUN dnf config-manager --add-repo https://download.docker.com/linux/rhel/docker-ce.repo
|
||||
RUN dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
|
||||
|
||||
RUN dnf install xorg-x11-xinit xkbcomp xinput xlibre-xserver-Xorg xlibre-xf86-input-libinput -y
|
||||
# Delete default Chromium config so it can be replaced by my own
|
||||
RUN rm -f /etc/chromium/chromium.conf
|
||||
|
||||
# Add rule to SELinux allowing modules to be loaded into custom kernel
|
||||
RUN setsebool -P domain_kernel_load_modules on
|
||||
|
||||
RUN systemctl enable docker
|
||||
RUN dnf install -y alsa-sof-firmware
|
||||
|
||||
COPY etc /etc
|
||||
COPY usr /usr
|
||||
|
||||
RUN rm -rf /tmp/* /var/* && mkdir -p /var/tmp && chmod -R 1777 /var/tmp
|
||||
RUN cd /usr/bin && wget https://raw.githubusercontent.com/CachyOS/CachyOS-Settings/refs/heads/master/usr/bin/kerver && chmod +x kerver
|
||||
|
||||
RUN rm -rf /tmp/* /var/* && mkdir -p /var/tmp && chmod -R 1777 /var/tmp && \
|
||||
bootc container lint
|
||||
|
|
|
|||
|
|
@ -1,7 +0,0 @@
|
|||
Section "Device"
|
||||
Identifier "Intel Graphics"
|
||||
Driver "modesetting"
|
||||
Option "ShadowFB" "false" # you don't need on recent hardware
|
||||
Option "Atomic" "true" #only effective on Xlibre, or Xorg-git with a special patch
|
||||
Option "TearFree" "true"
|
||||
EndSection
|
||||
|
|
@ -1,19 +0,0 @@
|
|||
Section "InputClass"
|
||||
Identifier "Touchpad Tap"
|
||||
# Matcher alle touchpads der bruger libinput
|
||||
MatchIsTouchpad "on"
|
||||
MatchDevicePath "/dev/input/event*"
|
||||
Driver "libinput"
|
||||
|
||||
# Korrigerer hastigheden til 2x (til 4K / 200% skalering)
|
||||
Option "TransformationMatrix" "5 0 0 0 5 0 0 0 2"
|
||||
|
||||
# Bruger den ergonomiske 'adaptive' profil (1 0 er Adaptive)
|
||||
#Option "AccelProfile" "adaptive"
|
||||
|
||||
# Holder grundhastigheden neutral (0.0)
|
||||
#Option "AccelSpeed" "0"
|
||||
|
||||
# Valgfrit: Slå tap-to-click til, hvis du foretrækker det
|
||||
Option "Tapping" "on"
|
||||
EndSection
|
||||
76
etc/chromium/chromium.conf
Normal file
76
etc/chromium/chromium.conf
Normal file
|
|
@ -0,0 +1,76 @@
|
|||
# system wide chromium flags
|
||||
|
||||
ARCH="$(arch)"
|
||||
MODE="$(systemd-detect-virt)"
|
||||
|
||||
# GRAPHIC_DRIVER=[amd|intel|nvidia|default]
|
||||
GRAPHIC_DRIVER=intel
|
||||
|
||||
# WEB_DARKMODE=[on|off]
|
||||
WEB_DARKMODE=off
|
||||
|
||||
# NATIVE_WAYLAND=[on|off]
|
||||
# chromium >=141 switched to --ozone-platform-hint=auto
|
||||
if [ ! -z "$WAYLAND_DISPLAY" ]; then
|
||||
NATIVE_WAYLAND=on
|
||||
else
|
||||
NATIVE_WAYLAND=off
|
||||
fi
|
||||
|
||||
DISABLE_FEATURES="LensOverlay,ExtensionManifestV2Unsupported,ExtensionManifestV2Disabled"
|
||||
ENABLE_FEATURES="AllowQt"
|
||||
CHROMIUM_FLAGS=" --enable-chrome-browser-cloud-management"
|
||||
if [ "$NATIVE_WAYLAND" == "on" ] ; then
|
||||
ENABLE_FEATURES+=",WaylandLinuxDrmSyncobj,WaylandPerSurfaceScale,WaylandUiScale"
|
||||
CHROMIUM_FLAGS+=" --ozone-platform=wayland"
|
||||
else
|
||||
CHROMIUM_FLAGS+=" --enable-gpu-memory-buffer-video-frames"
|
||||
CHROMIUM_FLAGS+=" --enable-zero-copy"
|
||||
CHROMIUM_FLAGS+=" --ignore-gpu-blocklist --disable-gpu-driver-bug-workaround"
|
||||
CHROMIUM_FLAGS+=" --enable-gpu-rasterization"
|
||||
fi
|
||||
|
||||
ENABLE_FEATURES+=",AcceleratedVideoDecodeLinuxGL,AcceleratedVideoDecodeLinuxZeroCopyGL"
|
||||
|
||||
case "$GRAPHIC_DRIVER" in
|
||||
amd|intel)
|
||||
# Need new mesa with AMD multi planes support, is supported in fedora >= 40 (mesa-24.1.1 or newer)
|
||||
# see https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/26165
|
||||
CHROMIUM_FLAGS+=" --enable-accelerated-video-decode"
|
||||
ENABLE_FEATURES+=",VaapiIgnoreDriverChecks,UseMultiPlaneFormatForHardwareVideo"
|
||||
;;
|
||||
nvidia)
|
||||
# The NVIDIA VaAPI drivers are known to not support Chromium
|
||||
# see https://crbug.com/1492880. This feature switch is
|
||||
# provided for developers to test VaAPI drivers on NVIDIA GPUs
|
||||
ENABLE_FEATURES+=",VaapiOnNvidiaGPUs"
|
||||
export CUDA_DISABLE_PERF_BOOST=1
|
||||
;;
|
||||
*)
|
||||
ENABLE_FEATURES+=",AcceleratedVideoEncoder"
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ "$MODE" != "none" ] ; then
|
||||
# chromium in VM, running with standard setting
|
||||
CHROMIUM_FLAGS=""
|
||||
DISABLE_FEATURES=""
|
||||
ENABLE_FEATURES=""
|
||||
fi
|
||||
|
||||
# Set gtk version to 3 by default
|
||||
# todo: switch to gtk4 in the future
|
||||
CHROMIUM_FLAGS+=" --gtk-version=3"
|
||||
|
||||
# Web Dark mode
|
||||
if [ "$WEB_DARKMODE" == "on" ] ; then
|
||||
darktype="WebContentsForceDark:inversion_method/cielab_based/image_behavior/none/foreground_lightness_threshold/150/background_lightness_threshold/205"
|
||||
if [ -z "$ENABLE_FEATURES" ] ; then
|
||||
ENABLE_FEATURES+="$darktype"
|
||||
else
|
||||
ENABLE_FEATURES+=",$darktype"
|
||||
fi
|
||||
fi
|
||||
|
||||
[ -z "$DISABLE_FEATURES" ] || CHROMIUM_FLAGS+=" --disable-features=$DISABLE_FEATURES"
|
||||
[ -z "$ENABLE_FEATURES" ] || CHROMIUM_FLAGS+=" --enable-features=$ENABLE_FEATURES"
|
||||
|
|
@ -8,3 +8,4 @@ gpgkey=https://download.copr.fedorainfracloud.org/results/andersrh/my-ostree-os/
|
|||
repo_gpgcheck=0
|
||||
enabled=1
|
||||
enabled_metadata=1
|
||||
priority=98
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue