Switch out Taiwan with Australia

At least one mirror in Taiwan seems to be incomplete/broken right now.

.gitea/workflows/build.yml

@@ -27,12 +27,6 @@ env:
     https://davejansen.dev/${{ github.repository_owner }}/${{
     github.event.repository.name }}
 
-concurrency:
-  group:
-    ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{
-    inputs.brand_name}}-${{ inputs.stream_name }}
-  cancel-in-progress: true
-
 jobs:
   build_push:
     name: Build and push image
@@ -47,6 +41,12 @@ jobs:
       packages: write
       id-token: write
 
+    concurrency:
+      group:
+        ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{
+        matrix.variant }}
+      cancel-in-progress: true
+
     steps:
       - name: Prepare environment
         run: |

build_files/common/packages.sh

@@ -0,0 +1,101 @@
+#!/bin/bash
+
+set -ouex pipefail
+
+### Install packages
+
+# Packages can be installed from any enabled yum repo on the image.
+# RPMfusion repos are available by default in ublue main images
+# List of rpmfusion packages can be found here:
+# https://mirrors.rpmfusion.org/mirrorlist?path=free/fedora/updates/39/x86_64/repoview/index.html&protocol=https&redirect=1
+
+# Enable fedora-multimedia with a higher priority than default
+if ! grep -q fedora-multimedia <(dnf5 repolist); then
+  # Enable or Install Repofile
+  #dnf5 install \
+  #  https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
+  #  https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
+
+  # Enable fedora-multimedia
+  dnf5 config-manager setopt fedora-multimedia.enabled=1 ||
+    dnf5 config-manager addrepo --from-repofile="https://negativo17.org/repos/fedora-multimedia.repo"
+fi
+
+# Set higher priority
+dnf5 config-manager setopt fedora-multimedia.priority=90
+
+# use override to replace mesa and others with less crippled versions
+OVERRIDES=(
+  "intel-gmmlib"
+  "intel-mediasdk"
+  "intel-vpl-gpu-rt"
+  "libheif"
+  "libva"
+  "libva-intel-media-driver"
+  "mesa-dri-drivers"
+  "mesa-filesystem"
+  "mesa-libEGL"
+  "mesa-libGL"
+  "mesa-libgbm"
+  "mesa-va-drivers"
+  "mesa-vulkan-drivers"
+)
+
+dnf5 distro-sync --skip-unavailable -y --repo='fedora-multimedia' "${OVERRIDES[@]}"
+dnf5 versionlock add "${OVERRIDES[@]}"
+
+# Add Flathub to the image for eventual application
+mkdir -p /etc/flatpak/remotes.d/
+curl --retry 3 -Lo /etc/flatpak/remotes.d/flathub.flatpakrepo https://dl.flathub.org/repo/flathub.flatpakrepo
+
+# Remove Fedora's package that enforces their own (filtered) version of the
+# flathub repo is present, as-well as the system-installed Firefox as I prefer to use the Flatpak version
+dnf5 remove -y fedora-flathub-remote firefox firefox-langpacks
+
+# Remove additional repositories Fedora comes with out of the box
+# And don't raise an error if any of these files does not exist when attempting
+# to delete them.
+rm \
+  /etc/yum.repos.d/fedora-cisco-openh264.repo \
+  /etc/yum.repos.d/google-chrome.repo \
+  /etc/yum.repos.d/rpmfusion-nonfree-nvidia-driver.repo \
+  /etc/yum.repos.d/rpmfusion-nonfree-steam.repo \
+  /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:phracek:PyCharm.repo \
+  2>&1
+
+# Add country query to all repo metalinks
+# shellcheck disable=SC2016
+sed -i -e '/^metalink\=/s/\$releasever\&arch\=\$basearch$/\$releasever\&arch\=\$basearch\&country\=KR,JP,AU/g' /etc/yum.repos.d/*.repo
+
+# Add 1Password repo
+#rpmkeys --import https://downloads.1password.com/linux/keys/1password.asc
+cp /ctx/rpm-keys/1password.asc /etc/pki/rpm-gpg/1password.asc
+sh -c 'echo -e "[1password]\nname=1Password Stable Channel\nbaseurl=https://downloads.1password.com/linux/rpm/stable/\$basearch\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\ngpgkey=\"file:///etc/pki/rpm-gpg/1password.asc\"" > /etc/yum.repos.d/1password.repo'
+
+# Add Tailscale repo
+#rpmkeys --import https://pkgs.tailscale.com/stable/fedora/repo.gpg
+#dnf5 config-manager addrepo --from-repofile=https://pkgs.tailscale.com/stable/fedora/tailscale.repo
+cp /ctx/rpm-keys/tailscale.gpg /etc/pki/rpm-gpg/tailscale.gpg
+sh -c 'echo -e "[tailscale-stable]\nname=Tailscale stable\nbaseurl=https://pkgs.tailscale.com/stable/fedora/\$basearch\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\ngpgkey=\"file:///etc/pki/rpm-gpg/tailscale.gpg\"" > /etc/yum.repos.d/tailscale.repo'
+
+# Install my own layered packages
+dnf5 install -y \
+  fish \
+  gvfs-nfs \
+  openssl \
+  wl-clipboard \
+  ffmpeg ffmpeg-libs ffmpegthumbnailer \
+  heif-pixbuf-loader intel-vaapi-driver libavcodec libheif \
+  libcamera libcamera-gstreamer libcamera-ipa libcamera-tools pipewire-plugin-libcamera \
+  gnome-shell-extension-appindicator \
+  1password 1password-cli \
+  tailscale \
+  waypipe \
+  htop
+
+cd /tmp
+wget -O bitwarden.rpm "https://bitwarden.com/download/?app=desktop&platform=linux&variant=rpm"
+dnf install -y ./bitwarden.rpm
+
+# Update all existing packages
+# dnf5 update -y

build_files/common/services.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+set -ouex pipefail
+
+# Enable Tailscale service
+systemctl enable tailscaled

build_files/common/setup.sh

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+set -ouex pipefail
+
+# Copy System Files onto root
+rsync -rvK /ctx/sys_files/ /
+
+# Copy cosign.pub key into the right location
+mkdir -p /etc/pki/containers
+cp /ctx/cosign.pub /etc/pki/containers/davejansen.pub
+
+/ctx/common/packages.sh

build_files/gnome/build.sh

@@ -2,106 +2,7 @@
 
 set -ouex pipefail
 
-# Copy System Files onto root
-rsync -rvK /ctx/sys_files/ /
-
-# Copy cosign.pub key into the right location
-mkdir -p /etc/pki/containers
-cp /ctx/cosign.pub /etc/pki/containers/davejansen.pub
-
-### Install packages
-
-# Packages can be installed from any enabled yum repo on the image.
-# RPMfusion repos are available by default in ublue main images
-# List of rpmfusion packages can be found here:
-# https://mirrors.rpmfusion.org/mirrorlist?path=free/fedora/updates/39/x86_64/repoview/index.html&protocol=https&redirect=1
-
-# Install RPMFusion and enable fedora-multimedia with a higher priority than default
-if ! grep -q fedora-multimedia <(dnf5 repolist); then
-  # Enable or Install Repofile
-  #dnf5 install \
-  #  https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
-  #  https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
-
-  # Enable fedora-multimedia
-  dnf5 config-manager setopt fedora-multimedia.enabled=1 ||
-    dnf5 config-manager addrepo --from-repofile="https://negativo17.org/repos/fedora-multimedia.repo"
-fi
-
-# Set higher priority
-dnf5 config-manager setopt fedora-multimedia.priority=90
-
-# Remove Fedora's package that enforces their own (filtered) version of the
-# flathub repo is present, as-well as the system-installed Firefox as I prefer to use the Flatpak version
-dnf5 remove -y fedora-flathub-remote firefox firefox-langpacks
-
-# Add Flathub to the image for eventual application
-mkdir -p /etc/flatpak/remotes.d/
-curl --retry 3 -Lo /etc/flatpak/remotes.d/flathub.flatpakrepo https://dl.flathub.org/repo/flathub.flatpakrepo
-
-# use override to replace mesa and others with less crippled versions
-OVERRIDES=(
-  "intel-gmmlib"
-  "intel-mediasdk"
-  "intel-vpl-gpu-rt"
-  "libheif"
-  "libva"
-  "libva-intel-media-driver"
-  "mesa-dri-drivers"
-  "mesa-filesystem"
-  "mesa-libEGL"
-  "mesa-libGL"
-  "mesa-libgbm"
-  "mesa-va-drivers"
-  "mesa-vulkan-drivers"
-)
-
-dnf5 distro-sync --skip-unavailable -y --repo='fedora-multimedia' "${OVERRIDES[@]}"
-dnf5 versionlock add "${OVERRIDES[@]}"
-
-# Remove additional repositories Fedora comes with out of the box
-# And don't raise an error if any of these files does not exist when attempting
-# to delete them.
-rm \
-  /etc/yum.repos.d/fedora-cisco-openh264.repo \
-  /etc/yum.repos.d/google-chrome.repo \
-  /etc/yum.repos.d/rpmfusion-nonfree-nvidia-driver.repo \
-  /etc/yum.repos.d/rpmfusion-nonfree-steam.repo \
-  /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:phracek:PyCharm.repo \
-  2>&1
-
-# Add country query to all repo metalinks
-# shellcheck disable=SC2016
-sed -i -e '/^metalink\=/s/\$releasever\&arch\=\$basearch$/\$releasever\&arch\=\$basearch\&country\=KR,JP,TW/g' /etc/yum.repos.d/*.repo
-
-# Add 1Password repo
-#rpmkeys --import https://downloads.1password.com/linux/keys/1password.asc
-cp /ctx/rpm-keys/1password.asc /etc/pki/rpm-gpg/1password.asc
-sh -c 'echo -e "[1password]\nname=1Password Stable Channel\nbaseurl=https://downloads.1password.com/linux/rpm/stable/\$basearch\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\ngpgkey=\"file:///etc/pki/rpm-gpg/1password.asc\"" > /etc/yum.repos.d/1password.repo'
-
-# Add Tailscale repo
-#rpmkeys --import https://pkgs.tailscale.com/stable/fedora/repo.gpg
-#dnf5 config-manager addrepo --from-repofile=https://pkgs.tailscale.com/stable/fedora/tailscale.repo
-cp /ctx/rpm-keys/tailscale.gpg /etc/pki/rpm-gpg/tailscale.gpg
-sh -c 'echo -e "[tailscale-stable]\nname=Tailscale stable\nbaseurl=https://pkgs.tailscale.com/stable/fedora/\$basearch\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\ngpgkey=\"file:///etc/pki/rpm-gpg/tailscale.gpg\"" > /etc/yum.repos.d/tailscale.repo'
-
-# Update all existing packages
-# dnf5 update -y
-
-# Install my own layered packages
-dnf5 install -y \
-  fish \
-  gvfs-nfs \
-  openssl \
-  wl-clipboard \
-  ffmpeg ffmpeg-libs ffmpegthumbnailer \
-  heif-pixbuf-loader intel-vaapi-driver libavcodec libheif \
-  libcamera libcamera-gstreamer libcamera-ipa libcamera-tools pipewire-plugin-libcamera \
-  gnome-shell-extension-appindicator \
-  1password 1password-cli \
-  tailscale \
-  waypipe \
-  htop
+/ctx/common/setup.sh
 
 # Install Niri, the scrollable-tiling window compositor
 # https://yalter.github.io/niri/
@@ -109,7 +10,6 @@ dnf5 -y copr enable avengemedia/dms
 dnf5 -y install niri dms alacritty brightnessctl
 dnf5 -y copr disable avengemedia/dms
 
-# Enable Tailscale service
-systemctl enable tailscaled
+/ctx/common/services.sh
 
 echo "Done."

build_files/niri/build.sh

@@ -2,91 +2,7 @@
 
 set -ouex pipefail
 
-# Copy System Files onto root
-rsync -rvK /ctx/sys_files/ /
-
-# Copy cosign.pub key into the right location
-mkdir -p /etc/pki/containers
-cp /ctx/cosign.pub /etc/pki/containers/davejansen.pub
-
-### Install packages
-
-# Packages can be installed from any enabled yum repo on the image.
-# RPMfusion repos are available by default in ublue main images
-# List of rpmfusion packages can be found here:
-# https://mirrors.rpmfusion.org/mirrorlist?path=free/fedora/updates/39/x86_64/repoview/index.html&protocol=https&redirect=1
-
-# Install RPMFusion and enable fedora-multimedia with a higher priority than default
-if ! grep -q fedora-multimedia <(dnf5 repolist); then
-  # Enable or Install Repofile
-  #dnf5 install \
-  #  https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
-  #  https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
-
-  # Enable fedora-multimedia
-  dnf5 config-manager setopt fedora-multimedia.enabled=1 ||
-    dnf5 config-manager addrepo --from-repofile="https://negativo17.org/repos/fedora-multimedia.repo"
-fi
-
-# Set higher priority
-dnf5 config-manager setopt fedora-multimedia.priority=90
-
-# Remove Fedora's package that enforces their own (filtered) version of the
-# flathub repo is present, as-well as the system-installed Firefox as I prefer to use the Flatpak version
-dnf5 remove -y fedora-flathub-remote
-
-# Add Flathub to the image for eventual application
-mkdir -p /etc/flatpak/remotes.d/
-curl --retry 3 -Lo /etc/flatpak/remotes.d/flathub.flatpakrepo https://dl.flathub.org/repo/flathub.flatpakrepo
-
-# use override to replace mesa and others with less crippled versions
-OVERRIDES=(
-  "intel-gmmlib"
-  "intel-mediasdk"
-  "intel-vpl-gpu-rt"
-  "libheif"
-  "libva"
-  "libva-intel-media-driver"
-  "mesa-dri-drivers"
-  "mesa-filesystem"
-  "mesa-libEGL"
-  "mesa-libGL"
-  "mesa-libgbm"
-  "mesa-va-drivers"
-  "mesa-vulkan-drivers"
-)
-
-dnf5 distro-sync --skip-unavailable -y --repo='fedora-multimedia' "${OVERRIDES[@]}"
-dnf5 versionlock add "${OVERRIDES[@]}"
-
-# Remove additional repositories Fedora comes with out of the box
-# And don't raise an error if any of these files does not exist when attempting
-# to delete them.
-rm \
-  /etc/yum.repos.d/fedora-cisco-openh264.repo \
-  /etc/yum.repos.d/google-chrome.repo \
-  /etc/yum.repos.d/rpmfusion-nonfree-nvidia-driver.repo \
-  /etc/yum.repos.d/rpmfusion-nonfree-steam.repo \
-  /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:phracek:PyCharm.repo \
-  2>&1
-
-# Add country query to all repo metalinks
-# shellcheck disable=SC2016
-sed -i -e '/^metalink\=/s/\$releasever\&arch\=\$basearch$/\$releasever\&arch\=\$basearch\&country\=KR,JP,TW/g' /etc/yum.repos.d/*.repo
-
-# Add 1Password repo
-#rpmkeys --import https://downloads.1password.com/linux/keys/1password.asc
-cp /ctx/rpm-keys/1password.asc /etc/pki/rpm-gpg/1password.asc
-sh -c 'echo -e "[1password]\nname=1Password Stable Channel\nbaseurl=https://downloads.1password.com/linux/rpm/stable/\$basearch\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\ngpgkey=\"file:///etc/pki/rpm-gpg/1password.asc\"" > /etc/yum.repos.d/1password.repo'
-
-# Add Tailscale repo
-#rpmkeys --import https://pkgs.tailscale.com/stable/fedora/repo.gpg
-#dnf5 config-manager addrepo --from-repofile=https://pkgs.tailscale.com/stable/fedora/tailscale.repo
-cp /ctx/rpm-keys/tailscale.gpg /etc/pki/rpm-gpg/tailscale.gpg
-sh -c 'echo -e "[tailscale-stable]\nname=Tailscale stable\nbaseurl=https://pkgs.tailscale.com/stable/fedora/\$basearch\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\ngpgkey=\"file:///etc/pki/rpm-gpg/tailscale.gpg\"" > /etc/yum.repos.d/tailscale.repo'
-
-# Update all existing packages
-# dnf5 update -y
+/ctx/common/setup.sh
 
 # Install Niri, the scrollable-tiling window compositor
 # https://yalter.github.io/niri/
@@ -94,24 +10,11 @@ dnf5 -y copr enable avengemedia/dms
 
 # Install my own layered packages
 dnf5 install -y \
-  git \
-  fish \
-  gvfs-nfs \
-  openssl \
-  wl-clipboard \
-  ffmpeg ffmpeg-libs ffmpegthumbnailer \
-  heif-pixbuf-loader intel-vaapi-driver libavcodec libheif \
-  libcamera libcamera-gstreamer libcamera-ipa libcamera-tools pipewire-plugin-libcamera \
-  1password 1password-cli \
-  tailscale \
-  waypipe \
-  htop \
   alacritty \
   niri dms
 
 dnf5 -y copr disable avengemedia/dms
 
-# Enable Tailscale service
-systemctl enable tailscaled
+/ctx/common/services.sh
 
 echo "Done."

build_files/niri/cleanup.sh

@@ -52,16 +52,16 @@ chmod -R 1777 /var/tmp
 ## Handle files that rpm-ostree would normally remove
 ## Adapted from: https://github.com/hhd-dev/rechunk/blob/master/1_prune.sh#L33
 
-# if [ -f /etc/passwd ]; then
-#   out="$(grep -v 'root' /etc/passwd)"
-#
-#   if [[ ! -z "$out" ]]; then
-#     echo
-#     echo Appending the following passwd users to /usr/lib/passwd
-#     echo "${out}"
-#     echo "$out" >>/usr/lib/passwd
-#   fi
-# fi
+if [ -f /etc/passwd ]; then
+  out="$(grep -v 'root' /etc/passwd)"
+
+  if [[ ! -z "$out" ]]; then
+    echo
+    echo Appending the following passwd users to /usr/lib/passwd
+    echo "${out}"
+    echo "$out" >>/usr/lib/passwd
+  fi
+fi
 
 if [ -f /etc/group ]; then
   out="$(grep -v 'root\|wheel' /etc/group)"