From a4d1194e4819a39dad3427cea02ba7f1b918992e Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Tue, 24 Mar 2026 10:34:58 -0300 Subject: [PATCH 01/18] add github actions --- .github/workflows/cleanup.yml | 21 ++++++++ .github/workflows/image.yml | 95 +++++++++++++++++++++++++++++++++++ 2 files changed, 116 insertions(+) create mode 100644 .github/workflows/cleanup.yml create mode 100644 .github/workflows/image.yml diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml new file mode 100644 index 0000000..9a0f17c --- /dev/null +++ b/.github/workflows/cleanup.yml @@ -0,0 +1,21 @@ +name: Ryd op i GHCR + +on: + schedule: + - cron: '0 0 * * 0' # Kører hver søndag ved midnat + workflow_dispatch: # Gør det muligt at køre den manuelt + +jobs: + delete-old-images: + runs-on: ubuntu-latest + permissions: + packages: write + steps: + - name: Slet gamle versioner + uses: actions/delete-package-versions@v5 + with: + package-name: 'image-63245' # Skift til dit image navn + package-type: 'container' + min-versions-to-keep: 50 + delete-only-untagged-versions: 'false' + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml new file mode 100644 index 0000000..8cc5aa7 --- /dev/null +++ b/.github/workflows/image.yml @@ -0,0 +1,95 @@ +name: image + +on: + schedule: + - cron: '0 5 8,18,28 * *' + push: + paths: + - 'Dockerfile' + - 'etc/**' + - 'usr/**' + - 'repo/**' + - '.github/workflows/image.yml' + workflow_dispatch: + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + build: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + id-token: write # Påkrævet til cosign keyless signering + + steps: + - name: Maximize build space + uses: AdityaGarg8/remove-unwanted-software@v5 + with: + remove-dotnet: 'true' + remove-android: 'true' + remove-haskell: 'true' + + - name: Get current date + id: date + run: echo "date=$(date +'%Y%m%d')" >> $GITHUB_OUTPUT + + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + # Vi konstruerer tags her med branch-navnet som præfiks + tags: | + type=ref,event=branch + type=raw,value=latest,enable={{is_default_branch}} + type=raw,value=${{ github.ref_name }}-10 + type=raw,value=${{ github.ref_name }}-10.${{ steps.date.outputs.date }} + + - name: Log into GHCR + if: github.event_name != 'pull_request' + run: | + buildah login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ${{ env.REGISTRY }} + + - name: Build image with Buildah + id: build-image + run: | + # Vi bygger med 'raw-img' lokalt + buildah bud \ + --label "org.opencontainers.image.source=https://github.com/${{ github.repository }}" \ + -t raw-img . + + # Gem det primære tag til signering (vi tager det første fra listen) + PRIMARY_TAG=$(echo "${{ steps.meta.outputs.tags }}" | head -n 1) + echo "primary_tag=$PRIMARY_TAG" >> $GITHUB_OUTPUT + + - name: Push to GHCR + if: github.event_name != 'pull_request' + run: | + for tag in $(echo "${{ steps.meta.outputs.tags }}"); do + echo "Tagging and pushing: $tag" + buildah tag raw-img "$tag" + buildah push "$tag" + done + + - name: Install cosign + if: github.event_name != 'pull_request' + uses: sigstore/cosign-installer@v3.3.0 + + # VI TILFØJER LOGIN TIL COSIGN HER + - name: Log into GHCR (Cosign) + if: github.event_name != 'pull_request' + run: | + cosign login ${{ env.REGISTRY }} -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} + + - name: Sign image + if: github.event_name != 'pull_request' + run: | + # Vi signerer det primære tag. + # Vi bruger --yes til at acceptere betingelserne automatisk. + cosign sign --yes "${{ steps.build-image.outputs.primary_tag }}" From 4df5c089e0cf21c26730999cb235310b3c85087e Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Tue, 24 Mar 2026 10:42:07 -0300 Subject: [PATCH 02/18] add -y to command --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6ec021b..ebf6a90 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,7 +36,7 @@ RUN dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docke RUN rm -f /usr/lib64/libopenh264.so.2.4.1 /usr/lib64/libopenh264.so.7 RUN rpm -Uvh --nodeps https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/o/openh264-2.5.1-1.fc42.x86_64.rpm https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/m/mozilla-openh264-2.5.1-1.fc42.x86_64.rpm -RUN dnf install xlibre-xserver-Xorg xlibre-xf86-input-libinput xinput +RUN dnf install xlibre-xserver-Xorg xlibre-xf86-input-libinput xinput -y # Install VLC RUN dnf install vlc vlc-plugins-freeworld vlc-plugin-pipewire -y @@ -48,4 +48,4 @@ COPY etc /etc RUN cd /usr/bin && wget https://raw.githubusercontent.com/CachyOS/CachyOS-Settings/refs/heads/master/usr/bin/kerver && chmod +x kerver RUN rm -rf /tmp/* /var/* && mkdir -p /var/tmp && chmod -R 1777 /var/tmp && \ - bootc container lint \ No newline at end of file + bootc container lint From 4c1d58ba7fab9b3b9d71034e2118e1a2877da889 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Tue, 24 Mar 2026 10:59:42 -0300 Subject: [PATCH 03/18] Add X11 config files --- etc/X11/xorg.conf.d/00-keyboard.conf | 10 ++++++++++ etc/X11/xorg.conf.d/20-modesetting.conf | 7 +++++++ 2 files changed, 17 insertions(+) create mode 100644 etc/X11/xorg.conf.d/00-keyboard.conf create mode 100644 etc/X11/xorg.conf.d/20-modesetting.conf diff --git a/etc/X11/xorg.conf.d/00-keyboard.conf b/etc/X11/xorg.conf.d/00-keyboard.conf new file mode 100644 index 0000000..146d931 --- /dev/null +++ b/etc/X11/xorg.conf.d/00-keyboard.conf @@ -0,0 +1,10 @@ +# Written by systemd-localed(8), read by systemd-localed and Xorg. It's +# probably wise not to edit this file manually. Use localectl(1) to +# update this file. +Section "InputClass" + Identifier "system-keyboard" + MatchIsKeyboard "on" + Option "XkbLayout" "dk" + Option "XkbModel" "pc105" + Option "XkbOptions" "terminate:ctrl_alt_bksp" +EndSection diff --git a/etc/X11/xorg.conf.d/20-modesetting.conf b/etc/X11/xorg.conf.d/20-modesetting.conf new file mode 100644 index 0000000..332e165 --- /dev/null +++ b/etc/X11/xorg.conf.d/20-modesetting.conf @@ -0,0 +1,7 @@ +Section "Device" + Identifier "Intel Graphics" + Driver "modesetting" + Option "ShadowFB" "false" # you don't need on recent hardware + Option "Atomic" "true" #only effective on Xlibre, or Xorg-git with a special patch + Option "TearFree" "false" # We will be using compositor, so TearFree (extra buffer) in the driver is not necessary +EndSection From 49e3336047aad1a8c7f62668b5f35d520e0659a4 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Fri, 27 Mar 2026 18:08:28 -0300 Subject: [PATCH 04/18] Installer flere pakker --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ebf6a90..fdd1c71 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,7 +36,8 @@ RUN dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docke RUN rm -f /usr/lib64/libopenh264.so.2.4.1 /usr/lib64/libopenh264.so.7 RUN rpm -Uvh --nodeps https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/o/openh264-2.5.1-1.fc42.x86_64.rpm https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/m/mozilla-openh264-2.5.1-1.fc42.x86_64.rpm -RUN dnf install xlibre-xserver-Xorg xlibre-xf86-input-libinput xinput -y +RUN dnf install xlibre-xserver-Xorg xlibre-xserver-devel xinput meson gcc cmake libX11-devel libXext-devel libXft-devel libXinerama-devel xorg-x11-proto-devel libxshmfence-devel libxkbfile-devel libbsd-devel libXfont2-devel xkbcomp libfontenc-devel libXres-devel libXdmcp-devel dbus-devel systemd-devel libudev-devel libxcvt-devel libdrm-devel libXv-devel libseat-devel libXv-devel xkbcomp xkeyboard-config-devel mesa-libGL-devel mesa-libEGL-devel libepoxy-devel mesa-libgbm-devel libdrm-devel xcb-util-devel xcb-util-image-devel xcb-util-keysyms-devel xcb-util-wm-devel xcb-util-renderutil-devel openssl-devel libXau-devel libXdmcp-devel libSM-devel libICE-devel startup-notification-devel libgtop2-devel libepoxy-devel libgudev-devel libwnck3-devel.x86_64 libdisplay-info-devel.x86_64 libnotify-devel.x86_64 upower-devel.x86_64 iceauth libICE-devel libSM-devel libXpresent-devel libyaml-devel vte291-devel gtk3-devel xorg-x11-xinit xlibre-xf86-input-libinput-devel xlibre-xf86-input-libinput \ + libXScrnSaver-devel libxklavier-devel pam-devel gcc-c++ dbus-glib-devel libtool gettext-devel gstreamer1-devel sqlite-devel pavucontrol pulseaudio-libs-devel weston cage network-manager-applet redshift blueman -y # Install VLC RUN dnf install vlc vlc-plugins-freeworld vlc-plugin-pipewire -y From 3edbb69990fc86e4ee52873b0254d563bc2260b3 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Fri, 27 Mar 2026 18:12:27 -0300 Subject: [PATCH 05/18] remove unfound and unneeded packages --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index fdd1c71..60193f8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,7 +37,7 @@ RUN rm -f /usr/lib64/libopenh264.so.2.4.1 /usr/lib64/libopenh264.so.7 RUN rpm -Uvh --nodeps https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/o/openh264-2.5.1-1.fc42.x86_64.rpm https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/m/mozilla-openh264-2.5.1-1.fc42.x86_64.rpm RUN dnf install xlibre-xserver-Xorg xlibre-xserver-devel xinput meson gcc cmake libX11-devel libXext-devel libXft-devel libXinerama-devel xorg-x11-proto-devel libxshmfence-devel libxkbfile-devel libbsd-devel libXfont2-devel xkbcomp libfontenc-devel libXres-devel libXdmcp-devel dbus-devel systemd-devel libudev-devel libxcvt-devel libdrm-devel libXv-devel libseat-devel libXv-devel xkbcomp xkeyboard-config-devel mesa-libGL-devel mesa-libEGL-devel libepoxy-devel mesa-libgbm-devel libdrm-devel xcb-util-devel xcb-util-image-devel xcb-util-keysyms-devel xcb-util-wm-devel xcb-util-renderutil-devel openssl-devel libXau-devel libXdmcp-devel libSM-devel libICE-devel startup-notification-devel libgtop2-devel libepoxy-devel libgudev-devel libwnck3-devel.x86_64 libdisplay-info-devel.x86_64 libnotify-devel.x86_64 upower-devel.x86_64 iceauth libICE-devel libSM-devel libXpresent-devel libyaml-devel vte291-devel gtk3-devel xorg-x11-xinit xlibre-xf86-input-libinput-devel xlibre-xf86-input-libinput \ - libXScrnSaver-devel libxklavier-devel pam-devel gcc-c++ dbus-glib-devel libtool gettext-devel gstreamer1-devel sqlite-devel pavucontrol pulseaudio-libs-devel weston cage network-manager-applet redshift blueman -y + libXScrnSaver-devel libxklavier-devel pam-devel gcc-c++ dbus-glib-devel libtool gettext-devel gstreamer1-devel sqlite-devel pavucontrol pulseaudio-libs-devel weston network-manager-applet -y # Install VLC RUN dnf install vlc vlc-plugins-freeworld vlc-plugin-pipewire -y From d0ef166f9cc7f63f0b0c8eb57ed49ccf91ce59b4 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Fri, 27 Mar 2026 18:20:20 -0300 Subject: [PATCH 06/18] Install firefox --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 60193f8..c8d176f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/xlib RUN dnf install sonic-workspace-x11 sonic-win sonic-interface-libraries sonic-workspace --allowerasing -y -RUN dnf install -y fish distrobox nvtop intel-media-driver libva-intel-driver htop +RUN dnf install -y fish distrobox nvtop intel-media-driver libva-intel-driver htop firefox # Remove plocate to avoid updatedb going crazy with scanning the file system once a day RUN dnf remove -y plocate From f7879d4b15d01ebc6a67c735c626c59a553a421e Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Fri, 27 Mar 2026 18:28:08 -0300 Subject: [PATCH 07/18] Touchpad tap --- etc/X11/xorg.conf.d/90-touchpad-tap.conf | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 etc/X11/xorg.conf.d/90-touchpad-tap.conf diff --git a/etc/X11/xorg.conf.d/90-touchpad-tap.conf b/etc/X11/xorg.conf.d/90-touchpad-tap.conf new file mode 100644 index 0000000..9000db3 --- /dev/null +++ b/etc/X11/xorg.conf.d/90-touchpad-tap.conf @@ -0,0 +1,19 @@ +Section "InputClass" + Identifier "Touchpad Tap" + # Matcher alle touchpads der bruger libinput + MatchIsTouchpad "on" + MatchDevicePath "/dev/input/event*" + Driver "libinput" + + # Korrigerer hastigheden til 2x (til 4K / 200% skalering) + #Option "TransformationMatrix" "5 0 0 0 5 0 0 0 2" + + # Bruger den ergonomiske 'adaptive' profil (1 0 er Adaptive) + #Option "AccelProfile" "adaptive" + + # Holder grundhastigheden neutral (0.0) + #Option "AccelSpeed" "0" + + # Valgfrit: Slå tap-to-click til, hvis du foretrækker det + Option "Tapping" "on" +EndSection From 21d16dee46d89d067225adc24a727f54c27b3766 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Sat, 28 Mar 2026 10:16:59 -0300 Subject: [PATCH 08/18] disable kde screenlocker --- etc/xdg/kscreenlockerrc | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 etc/xdg/kscreenlockerrc diff --git a/etc/xdg/kscreenlockerrc b/etc/xdg/kscreenlockerrc new file mode 100644 index 0000000..c64a7a8 --- /dev/null +++ b/etc/xdg/kscreenlockerrc @@ -0,0 +1,3 @@ +[Daemon] +Autolock=false[$i] +LockOnResume=false[$i] From 2476823914fb1093cfa193803d8f059fe0c7bc1f Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Wed, 24 Jun 2026 11:12:48 -0300 Subject: [PATCH 09/18] Convert Github action to Forgejo --- .forgejo/workflows/os.yml | 71 ++++++++++++++++++++++++++ .github/workflows/cleanup.yml | 21 -------- .github/workflows/image.yml | 95 ----------------------------------- 3 files changed, 71 insertions(+), 116 deletions(-) create mode 100644 .forgejo/workflows/os.yml delete mode 100644 .github/workflows/cleanup.yml delete mode 100644 .github/workflows/image.yml diff --git a/.forgejo/workflows/os.yml b/.forgejo/workflows/os.yml new file mode 100644 index 0000000..688a6d9 --- /dev/null +++ b/.forgejo/workflows/os.yml @@ -0,0 +1,71 @@ +name: os + +on: + schedule: + - cron: '0 5 8,18,28 * *' + push: + paths: + - 'Dockerfile' + - 'etc/**' + - 'usr/**' + - 'repo/**' + - '.forgejo/workflows/os.yml' + - 'buildinstallxfce.sh' + - 'buildinstallxfceaddons.sh' + workflow_dispatch: + +env: + REGISTRY: forge.pc-rytteren.dk + IMAGE_NAME: ${{ github.repository }} + +jobs: + build: + runs-on: almalinux-10 + permissions: + contents: read + packages: write + + steps: + + - name: Get current date + id: date + run: echo "date=$(date +'%Y%m%d')" >> $FORGEJO_OUTPUT + + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Extract Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + # Vi konstruerer tags her med branch-navnet som præfiks + tags: | + type=ref,event=branch + type=raw,value=latest,enable={{is_default_branch}} + type=raw,value=${{ github.ref_name }} + type=raw,value=${{ github.ref_name }}-10 + type=raw,value=${{ github.ref_name }}-10.${{ steps.date.outputs.date }} + + - name: Log into Forgejo Container Registry + if: github.event_name != 'pull_request' + run: | + buildah login -u ${{ github.actor }} -p ${{ secrets.PACKAGE_TOKEN }} ${{ env.REGISTRY }} + + - name: Build image with Buildah + id: build-image + run: | + # Vi bygger med 'raw-img' lokalt + buildah bud \ + --label "org.opencontainers.image.source=https://pc-rytteren.dk/forge/${{ github.repository }}" \ + -t raw-img . + + - name: Push to Forgejo Container Registry + if: github.event_name != 'pull_request' + run: | + for tag in $(echo "${{ steps.meta.outputs.tags }}"); do + echo "Tagging and pushing: $tag" + buildah tag raw-img "$tag" + buildah push "$tag" + done + diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml deleted file mode 100644 index 9a0f17c..0000000 --- a/.github/workflows/cleanup.yml +++ /dev/null @@ -1,21 +0,0 @@ -name: Ryd op i GHCR - -on: - schedule: - - cron: '0 0 * * 0' # Kører hver søndag ved midnat - workflow_dispatch: # Gør det muligt at køre den manuelt - -jobs: - delete-old-images: - runs-on: ubuntu-latest - permissions: - packages: write - steps: - - name: Slet gamle versioner - uses: actions/delete-package-versions@v5 - with: - package-name: 'image-63245' # Skift til dit image navn - package-type: 'container' - min-versions-to-keep: 50 - delete-only-untagged-versions: 'false' - token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/image.yml b/.github/workflows/image.yml deleted file mode 100644 index 8cc5aa7..0000000 --- a/.github/workflows/image.yml +++ /dev/null @@ -1,95 +0,0 @@ -name: image - -on: - schedule: - - cron: '0 5 8,18,28 * *' - push: - paths: - - 'Dockerfile' - - 'etc/**' - - 'usr/**' - - 'repo/**' - - '.github/workflows/image.yml' - workflow_dispatch: - -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} - -jobs: - build: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - id-token: write # Påkrævet til cosign keyless signering - - steps: - - name: Maximize build space - uses: AdityaGarg8/remove-unwanted-software@v5 - with: - remove-dotnet: 'true' - remove-android: 'true' - remove-haskell: 'true' - - - name: Get current date - id: date - run: echo "date=$(date +'%Y%m%d')" >> $GITHUB_OUTPUT - - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Extract Docker metadata - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - # Vi konstruerer tags her med branch-navnet som præfiks - tags: | - type=ref,event=branch - type=raw,value=latest,enable={{is_default_branch}} - type=raw,value=${{ github.ref_name }}-10 - type=raw,value=${{ github.ref_name }}-10.${{ steps.date.outputs.date }} - - - name: Log into GHCR - if: github.event_name != 'pull_request' - run: | - buildah login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ${{ env.REGISTRY }} - - - name: Build image with Buildah - id: build-image - run: | - # Vi bygger med 'raw-img' lokalt - buildah bud \ - --label "org.opencontainers.image.source=https://github.com/${{ github.repository }}" \ - -t raw-img . - - # Gem det primære tag til signering (vi tager det første fra listen) - PRIMARY_TAG=$(echo "${{ steps.meta.outputs.tags }}" | head -n 1) - echo "primary_tag=$PRIMARY_TAG" >> $GITHUB_OUTPUT - - - name: Push to GHCR - if: github.event_name != 'pull_request' - run: | - for tag in $(echo "${{ steps.meta.outputs.tags }}"); do - echo "Tagging and pushing: $tag" - buildah tag raw-img "$tag" - buildah push "$tag" - done - - - name: Install cosign - if: github.event_name != 'pull_request' - uses: sigstore/cosign-installer@v3.3.0 - - # VI TILFØJER LOGIN TIL COSIGN HER - - name: Log into GHCR (Cosign) - if: github.event_name != 'pull_request' - run: | - cosign login ${{ env.REGISTRY }} -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} - - - name: Sign image - if: github.event_name != 'pull_request' - run: | - # Vi signerer det primære tag. - # Vi bruger --yes til at acceptere betingelserne automatisk. - cosign sign --yes "${{ steps.build-image.outputs.primary_tag }}" From fa84b015ce10a9c4fbd640b25e123afa50e1fa50 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Wed, 24 Jun 2026 11:17:05 -0300 Subject: [PATCH 10/18] Update dockerfile for almalinux 10.2 --- Dockerfile | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index c8d176f..351c9d6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,7 @@ FROM quay.io/almalinuxorg/atomic-desktop-kde:10 +RUN dnf update -y + # This may be necessary for the speakers and internal microphone RUN dnf install -y alsa-sof-firmware @@ -7,8 +9,23 @@ RUN dnf install --nogpgcheck -y https://mirrors.rpmfusion.org/free/el/rpmfusion- RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/andersrh/sonicDE/repo/rhel+epel-10/andersrh-sonicDE-rhel+epel-10.repo -y RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/xlibre/xlibre-xserver/repo/rhel+epel-10/group_xlibre-xlibre-xserver-rhel+epel-10.repo -y +RUN dnf config-manager --add-repo https://pc-rytteren.dk/forge/api/packages/anders/rpm.repo -y -RUN dnf install sonic-workspace-x11 sonic-win sonic-interface-libraries sonic-workspace --allowerasing -y +RUN rpm -e --nodeps plasma-workspace-libs plasma-workspace libplasma \ + kwin kwin-common kwin-libs kscreenlocker plasma-desktop sddm-wayland-plasma && \ + dnf install --allowerasing --nogpgcheck -y \ + sonic-workspace \ + sonic-workspace-libs \ + sonic-workspace-common \ + sonic-workspace-x11 \ + sonic-win \ + sonic-desktop-interface \ + sonic-interface-libraries + +RUN dnf install --allowerasing --nogpgcheck -y sonic-keybind-daemon sonic-frameworks-windowsystem sonic-system-info sonic-screen sonic-screen-library sonic-sysguard-library + +RUN dnf remove -y sddm && \ + dnf install --allowerasing --nogpgcheck -y sonic-login-manager RUN dnf install -y fish distrobox nvtop intel-media-driver libva-intel-driver htop firefox @@ -36,8 +53,7 @@ RUN dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docke RUN rm -f /usr/lib64/libopenh264.so.2.4.1 /usr/lib64/libopenh264.so.7 RUN rpm -Uvh --nodeps https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/o/openh264-2.5.1-1.fc42.x86_64.rpm https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/m/mozilla-openh264-2.5.1-1.fc42.x86_64.rpm -RUN dnf install xlibre-xserver-Xorg xlibre-xserver-devel xinput meson gcc cmake libX11-devel libXext-devel libXft-devel libXinerama-devel xorg-x11-proto-devel libxshmfence-devel libxkbfile-devel libbsd-devel libXfont2-devel xkbcomp libfontenc-devel libXres-devel libXdmcp-devel dbus-devel systemd-devel libudev-devel libxcvt-devel libdrm-devel libXv-devel libseat-devel libXv-devel xkbcomp xkeyboard-config-devel mesa-libGL-devel mesa-libEGL-devel libepoxy-devel mesa-libgbm-devel libdrm-devel xcb-util-devel xcb-util-image-devel xcb-util-keysyms-devel xcb-util-wm-devel xcb-util-renderutil-devel openssl-devel libXau-devel libXdmcp-devel libSM-devel libICE-devel startup-notification-devel libgtop2-devel libepoxy-devel libgudev-devel libwnck3-devel.x86_64 libdisplay-info-devel.x86_64 libnotify-devel.x86_64 upower-devel.x86_64 iceauth libICE-devel libSM-devel libXpresent-devel libyaml-devel vte291-devel gtk3-devel xorg-x11-xinit xlibre-xf86-input-libinput-devel xlibre-xf86-input-libinput \ - libXScrnSaver-devel libxklavier-devel pam-devel gcc-c++ dbus-glib-devel libtool gettext-devel gstreamer1-devel sqlite-devel pavucontrol pulseaudio-libs-devel weston network-manager-applet -y +RUN dnf install xorg-x11-xinit xkbcomp xinput xlibre-xserver-Xorg xlibre-xf86-input-libinput -y # Install VLC RUN dnf install vlc vlc-plugins-freeworld vlc-plugin-pipewire -y From 3eb414dcca11b539b682cdecee077133e8cd8d42 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Wed, 24 Jun 2026 12:45:57 -0300 Subject: [PATCH 11/18] fix plasma start error --- Dockerfile | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 351c9d6..43b4b9b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,6 +9,7 @@ RUN dnf install --nogpgcheck -y https://mirrors.rpmfusion.org/free/el/rpmfusion- RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/andersrh/sonicDE/repo/rhel+epel-10/andersrh-sonicDE-rhel+epel-10.repo -y RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/xlibre/xlibre-xserver/repo/rhel+epel-10/group_xlibre-xlibre-xserver-rhel+epel-10.repo -y +RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/skip77/MateDesktop-EL10/repo/rhel+epel-10/skip77-MateDesktop-EL10-rhel+epel-10.repo -y RUN dnf config-manager --add-repo https://pc-rytteren.dk/forge/api/packages/anders/rpm.repo -y RUN rpm -e --nodeps plasma-workspace-libs plasma-workspace libplasma \ @@ -53,7 +54,9 @@ RUN dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docke RUN rm -f /usr/lib64/libopenh264.so.2.4.1 /usr/lib64/libopenh264.so.7 RUN rpm -Uvh --nodeps https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/o/openh264-2.5.1-1.fc42.x86_64.rpm https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/m/mozilla-openh264-2.5.1-1.fc42.x86_64.rpm -RUN dnf install xorg-x11-xinit xkbcomp xinput xlibre-xserver-Xorg xlibre-xf86-input-libinput -y +RUN dnf install xlibre-xserver-Xorg xlibre-xserver-devel xinput meson gcc cmake libX11-devel libXext-devel libXft-devel libXinerama-devel xorg-x11-proto-devel libxshmfence-devel libxkbfile-devel libbsd-devel libXfont2-devel xkbcomp libfontenc-devel libXres-devel libXdmcp-devel dbus-devel systemd-devel libudev-devel libxcvt-devel libdrm-devel libXv-devel libseat-devel libXv-devel xkbcomp xkeyboard-config-devel mesa-libGL-devel mesa-libEGL-devel libepoxy-devel mesa-libgbm-devel libdrm-devel xcb-util-devel xcb-util-image-devel xcb-util-keysyms-devel xcb-util-wm-devel xcb-util-renderutil-devel openssl-devel libXau-devel libXdmcp-devel libSM-devel libICE-devel startup-notification-devel libgtop2-devel libepoxy-devel libgudev-devel libwnck3-devel.x86_64 libdisplay-info-devel.x86_64 libnotify-devel.x86_64 upower-devel.x86_64 iceauth libICE-devel libSM-devel libXpresent-devel libyaml-devel vte291-devel gtk3-devel xorg-x11-xinit xlibre-xf86-input-libinput-devel xlibre-xf86-input-libinput \ + libXScrnSaver-devel libxklavier-devel pam-devel gcc-c++ dbus-glib-devel libtool gettext-devel gstreamer1-devel sqlite-devel pavucontrol pulseaudio-libs-devel weston network-manager-applet -y + # Install VLC RUN dnf install vlc vlc-plugins-freeworld vlc-plugin-pipewire -y From 68f16029f65c5c5d694d822d653c775a7dc9506d Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Wed, 24 Jun 2026 13:31:27 -0300 Subject: [PATCH 12/18] delete kscreenlock file --- etc/xdg/kscreenlockerrc | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 etc/xdg/kscreenlockerrc diff --git a/etc/xdg/kscreenlockerrc b/etc/xdg/kscreenlockerrc deleted file mode 100644 index c64a7a8..0000000 --- a/etc/xdg/kscreenlockerrc +++ /dev/null @@ -1,3 +0,0 @@ -[Daemon] -Autolock=false[$i] -LockOnResume=false[$i] From bf6c8088a97f312cd4b6487164f00d1c072c8d76 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Tue, 30 Jun 2026 14:19:13 -0300 Subject: [PATCH 13/18] try to fix crash when logging in --- Dockerfile | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/Dockerfile b/Dockerfile index 43b4b9b..349ef08 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,14 +7,15 @@ RUN dnf install -y alsa-sof-firmware RUN dnf install --nogpgcheck -y https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-$(rpm -E %rhel).noarch.rpm https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-$(rpm -E %rhel).noarch.rpm -RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/andersrh/sonicDE/repo/rhel+epel-10/andersrh-sonicDE-rhel+epel-10.repo -y +RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/SonicDE/SonicDE-EL10/repo/rhel+epel-10/group_SonicDE-SonicDE-EL10-rhel+epel-10.repo -y RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/xlibre/xlibre-xserver/repo/rhel+epel-10/group_xlibre-xlibre-xserver-rhel+epel-10.repo -y -RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/skip77/MateDesktop-EL10/repo/rhel+epel-10/skip77-MateDesktop-EL10-rhel+epel-10.repo -y -RUN dnf config-manager --add-repo https://pc-rytteren.dk/forge/api/packages/anders/rpm.repo -y -RUN rpm -e --nodeps plasma-workspace-libs plasma-workspace libplasma \ - kwin kwin-common kwin-libs kscreenlocker plasma-desktop sddm-wayland-plasma && \ - dnf install --allowerasing --nogpgcheck -y \ +# This may be necessary for the speakers and internal microphone +RUN dnf install -y alsa-sof-firmware + +RUN dnf install xorg-x11-xinit xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston redshift xrandr -y + +RUN dnf install --allowerasing -y \ sonic-workspace \ sonic-workspace-libs \ sonic-workspace-common \ @@ -23,10 +24,10 @@ RUN rpm -e --nodeps plasma-workspace-libs plasma-workspace libplasma \ sonic-desktop-interface \ sonic-interface-libraries -RUN dnf install --allowerasing --nogpgcheck -y sonic-keybind-daemon sonic-frameworks-windowsystem sonic-system-info sonic-screen sonic-screen-library sonic-sysguard-library +RUN dnf install --allowerasing -y sonic-keybind-daemon sonic-frameworks-windowsystem sonic-system-info sonic-screen sonic-screen-library sonic-sysguard-library RUN dnf remove -y sddm && \ - dnf install --allowerasing --nogpgcheck -y sonic-login-manager + dnf install --allowerasing -y sonic-login-manager RUN dnf install -y fish distrobox nvtop intel-media-driver libva-intel-driver htop firefox @@ -54,10 +55,6 @@ RUN dnf install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docke RUN rm -f /usr/lib64/libopenh264.so.2.4.1 /usr/lib64/libopenh264.so.7 RUN rpm -Uvh --nodeps https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/o/openh264-2.5.1-1.fc42.x86_64.rpm https://codecs.fedoraproject.org/openh264/42/x86_64/Packages/m/mozilla-openh264-2.5.1-1.fc42.x86_64.rpm -RUN dnf install xlibre-xserver-Xorg xlibre-xserver-devel xinput meson gcc cmake libX11-devel libXext-devel libXft-devel libXinerama-devel xorg-x11-proto-devel libxshmfence-devel libxkbfile-devel libbsd-devel libXfont2-devel xkbcomp libfontenc-devel libXres-devel libXdmcp-devel dbus-devel systemd-devel libudev-devel libxcvt-devel libdrm-devel libXv-devel libseat-devel libXv-devel xkbcomp xkeyboard-config-devel mesa-libGL-devel mesa-libEGL-devel libepoxy-devel mesa-libgbm-devel libdrm-devel xcb-util-devel xcb-util-image-devel xcb-util-keysyms-devel xcb-util-wm-devel xcb-util-renderutil-devel openssl-devel libXau-devel libXdmcp-devel libSM-devel libICE-devel startup-notification-devel libgtop2-devel libepoxy-devel libgudev-devel libwnck3-devel.x86_64 libdisplay-info-devel.x86_64 libnotify-devel.x86_64 upower-devel.x86_64 iceauth libICE-devel libSM-devel libXpresent-devel libyaml-devel vte291-devel gtk3-devel xorg-x11-xinit xlibre-xf86-input-libinput-devel xlibre-xf86-input-libinput \ - libXScrnSaver-devel libxklavier-devel pam-devel gcc-c++ dbus-glib-devel libtool gettext-devel gstreamer1-devel sqlite-devel pavucontrol pulseaudio-libs-devel weston network-manager-applet -y - - # Install VLC RUN dnf install vlc vlc-plugins-freeworld vlc-plugin-pipewire -y From 5ed5474c79868a06746a4e8c3c8c9a08d0797db9 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Tue, 30 Jun 2026 14:24:36 -0300 Subject: [PATCH 14/18] remove redshift --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 349ef08..e7fe801 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/xlib # This may be necessary for the speakers and internal microphone RUN dnf install -y alsa-sof-firmware -RUN dnf install xorg-x11-xinit xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston redshift xrandr -y +RUN dnf install xorg-x11-xinit xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y RUN dnf install --allowerasing -y \ sonic-workspace \ From 01cb23083bc442e73049cbf5e11016f91ab582a3 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Tue, 30 Jun 2026 15:44:47 -0300 Subject: [PATCH 15/18] add xorg-x11-xinit-session --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e7fe801..badf0a5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/xlib # This may be necessary for the speakers and internal microphone RUN dnf install -y alsa-sof-firmware -RUN dnf install xorg-x11-xinit xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y +RUN dnf install xorg-x11-xinit xorg-x11-xinit-session xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y RUN dnf install --allowerasing -y \ sonic-workspace \ From 73798e518eeae368f871f00197cd175fba0cf390 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Tue, 30 Jun 2026 16:00:30 -0300 Subject: [PATCH 16/18] SE policy test --- Dockerfile | 10 +++++++++- selinux/plasmalogin-selinux.te | 12 ++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 selinux/plasmalogin-selinux.te diff --git a/Dockerfile b/Dockerfile index badf0a5..734aa27 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/xlib # This may be necessary for the speakers and internal microphone RUN dnf install -y alsa-sof-firmware -RUN dnf install xorg-x11-xinit xorg-x11-xinit-session xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y +RUN dnf install xorg-x11-xinit xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y RUN dnf install --allowerasing -y \ sonic-workspace \ @@ -29,6 +29,14 @@ RUN dnf install --allowerasing -y sonic-keybind-daemon sonic-frameworks-windowsy RUN dnf remove -y sddm && \ dnf install --allowerasing -y sonic-login-manager +RUN dnf install -y selinux-policy-devel checkpolicy + +COPY selinux/plasmalogin-selinux.te /tmp/plasmalogin-selinux.te +RUN checkmodule -M -m -o /tmp/plasmalogin-selinux.mod /tmp/plasmalogin-selinux.te && \ + semodule_package -o /tmp/plasmalogin-selinux.pp -m /tmp/plasmalogin-selinux.mod && \ + semodule -i /tmp/plasmalogin-selinux.pp && \ + rm -f /tmp/plasmalogin-selinux.* + RUN dnf install -y fish distrobox nvtop intel-media-driver libva-intel-driver htop firefox # Remove plocate to avoid updatedb going crazy with scanning the file system once a day diff --git a/selinux/plasmalogin-selinux.te b/selinux/plasmalogin-selinux.te new file mode 100644 index 0000000..2acbf27 --- /dev/null +++ b/selinux/plasmalogin-selinux.te @@ -0,0 +1,12 @@ +module plasmalogin-selinux 1.0; + +require { + type unconfined_t; + type xdm_exec_t; + class file { entrypoint execute }; +} + +# Allow the plasmalogin process to execute the X11 user helper binary +# which is labeled as xdm_exec_t. This is needed when the plasmalogin +# daemon is not running in the xdm_t domain on SELinux enforcing systems. +allow unconfined_t xdm_exec_t:file { entrypoint execute }; From 6ecad0c5c4192448848dd0710e09a9b2eff693ba Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Tue, 30 Jun 2026 16:36:09 -0300 Subject: [PATCH 17/18] Revert "SE policy test" This reverts commit 73798e518eeae368f871f00197cd175fba0cf390. --- Dockerfile | 10 +--------- selinux/plasmalogin-selinux.te | 12 ------------ 2 files changed, 1 insertion(+), 21 deletions(-) delete mode 100644 selinux/plasmalogin-selinux.te diff --git a/Dockerfile b/Dockerfile index 734aa27..badf0a5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/xlib # This may be necessary for the speakers and internal microphone RUN dnf install -y alsa-sof-firmware -RUN dnf install xorg-x11-xinit xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y +RUN dnf install xorg-x11-xinit xorg-x11-xinit-session xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y RUN dnf install --allowerasing -y \ sonic-workspace \ @@ -29,14 +29,6 @@ RUN dnf install --allowerasing -y sonic-keybind-daemon sonic-frameworks-windowsy RUN dnf remove -y sddm && \ dnf install --allowerasing -y sonic-login-manager -RUN dnf install -y selinux-policy-devel checkpolicy - -COPY selinux/plasmalogin-selinux.te /tmp/plasmalogin-selinux.te -RUN checkmodule -M -m -o /tmp/plasmalogin-selinux.mod /tmp/plasmalogin-selinux.te && \ - semodule_package -o /tmp/plasmalogin-selinux.pp -m /tmp/plasmalogin-selinux.mod && \ - semodule -i /tmp/plasmalogin-selinux.pp && \ - rm -f /tmp/plasmalogin-selinux.* - RUN dnf install -y fish distrobox nvtop intel-media-driver libva-intel-driver htop firefox # Remove plocate to avoid updatedb going crazy with scanning the file system once a day diff --git a/selinux/plasmalogin-selinux.te b/selinux/plasmalogin-selinux.te deleted file mode 100644 index 2acbf27..0000000 --- a/selinux/plasmalogin-selinux.te +++ /dev/null @@ -1,12 +0,0 @@ -module plasmalogin-selinux 1.0; - -require { - type unconfined_t; - type xdm_exec_t; - class file { entrypoint execute }; -} - -# Allow the plasmalogin process to execute the X11 user helper binary -# which is labeled as xdm_exec_t. This is needed when the plasmalogin -# daemon is not running in the xdm_t domain on SELinux enforcing systems. -allow unconfined_t xdm_exec_t:file { entrypoint execute }; From b8c1977874f0c75e3ff3d7dca8f12a1177398574 Mon Sep 17 00:00:00 2001 From: Anders da Silva Rytter Hansen Date: Tue, 30 Jun 2026 16:36:26 -0300 Subject: [PATCH 18/18] Revert "add xorg-x11-xinit-session" This reverts commit 01cb23083bc442e73049cbf5e11016f91ab582a3. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index badf0a5..e7fe801 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,7 +13,7 @@ RUN dnf config-manager --add-repo https://copr.fedorainfracloud.org/coprs/g/xlib # This may be necessary for the speakers and internal microphone RUN dnf install -y alsa-sof-firmware -RUN dnf install xorg-x11-xinit xorg-x11-xinit-session xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y +RUN dnf install xorg-x11-xinit xkbcomp xinput xlibre-xserver-Xorg xlibre-xserver-common xlibre-xf86-input-libinput cage weston xrandr -y RUN dnf install --allowerasing -y \ sonic-workspace \