Merge branch 'main' of davejansen.dev:davejansen/fedora-toolbox

Neomutt, weechat, and newsboat

.gitea/workflows/build.yml

@@ -4,8 +4,8 @@ on:
   pull_request:
     branches:
       - main
-  schedule:
-    - cron: "05 4 */3 * *" # 4:05am every three days.
+  #schedule:
+  #  - cron: "05 4 */7 * *" # 4:05am every three days.
   push:
     branches:
       - main
@@ -16,7 +16,8 @@ on:
 env:
   REGISTRY_USER: ${{ github.actor }}
   REGISTRY_AUTH_FILE: /root/.podman/auth.json
-  IMAGE_DESC: "My customized Fedora bootc image, based on Universal Blue"
+  IMAGE_DESC:
+    "My customized Fedora toolbox image, based on Universal Blue's work."
   IMAGE_KEYWORDS: "bootc,fedora,silverblue,ublue,universal-blue"
   IMAGE_LOGO_URL: "https://davejansen.dev/avatars/940c9cc684fa03784359f97d591a389ecd90cd912acf2335a60acd616922000a?size=48"
   IMAGE_NAME: "${{ github.event.repository.name }}" # output image name, usually same as repo name
@@ -27,26 +28,22 @@ env:
     https://davejansen.dev/${{ github.repository_owner }}/${{
     github.event.repository.name }}
 
+concurrency:
+  group:
+    ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{
+    inputs.brand_name}}-${{ inputs.stream_name }}
+  cancel-in-progress: true
+
 jobs:
   build_push:
     name: Build and push image
     runs-on: ubuntu-24.04
 
-    strategy:
-      matrix:
-        variant: [gnome, niri]
-
     permissions:
       contents: read
       packages: write
       id-token: write
 
-    concurrency:
-      group:
-        ${{ github.workflow }}-${{ github.ref || github.run_id }}-${{
-        matrix.variant }}
-      cancel-in-progress: true
-
     steps:
       - name: Prepare environment
         run: |
@@ -78,9 +75,9 @@ jobs:
           # This generates all the tags for your image, you can add custom tags here too!
           tags: |
             type=sha,enable=${{ github.event_name == 'pull_request' }}
-            type=raw,value=latest-${{ matrix.variant }}
-            type=raw,value=${{ env.FEDORA_BASE }}-${{ matrix.variant }}
-            type=raw,value=${{ env.FEDORA_BASE }}-${{ matrix.variant }}-{{date 'YYYYMMDD'}}
+            type=raw,value=latest
+            type=raw,value=${{ env.FEDORA_BASE }}
+            type=raw,value=${{ env.FEDORA_BASE }}-{{date 'YYYYMMDD'}}
             type=ref,event=pr
           labels: |
             io.artifacthub.package.readme-url=${{ env.README_URL }}
@@ -110,7 +107,7 @@ jobs:
         uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2
         with:
           containerfiles: |
-            ./Containerfile.${{ matrix.variant }}
+            ./Containerfile
           build-args: |
             FEDORA_BASE=${{ env.FEDORA_BASE }}
           image: ${{ env.IMAGE_NAME }}

Containerfile

@@ -0,0 +1,22 @@
+ARG FEDORA_BASE=43
+
+# Allow build scripts to be referenced without being copied into the final image
+FROM scratch AS ctx
+
+COPY build_files /
+COPY /sys_files /sys_files
+COPY cosign.pub /cosign.pub
+
+# Base Image
+FROM registry.fedoraproject.org/fedora-toolbox:$FEDORA_BASE
+
+### MODIFICATIONS
+## make modifications desired in your image and install packages by modifying the build.sh script
+## the following RUN directive does all the things required to run "build.sh" as recommended.
+
+RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
+  --mount=type=cache,dst=/var/cache \
+  --mount=type=cache,dst=/var/log \
+  --mount=type=tmpfs,dst=/tmp \
+  /ctx/build.sh
+

Containerfile.gnome

@@ -1,35 +0,0 @@
-ARG FEDORA_BASE=43
-
-# Allow build scripts to be referenced without being copied into the final image
-FROM scratch AS ctx
-COPY build_files /
-COPY /sys_files /sys_files
-COPY cosign.pub /cosign.pub
-
-# Base Image
-FROM quay.io/fedora-ostree-desktops/silverblue:$FEDORA_BASE
-
-### [IM]MUTABLE /opt
-## Some bootable images, like Fedora, have /opt symlinked to /var/opt, in order to
-## make it mutable/writable for users. However, some packages write files to this directory,
-## thus its contents might be wiped out when bootc deploys an image, making it troublesome for
-## some packages. Eg, google-chrome, docker-desktop.
-##
-## Uncomment the following line if one desires to make /opt immutable and be able to be used
-## by the package manager.
-
-RUN rm /opt && mkdir /opt
-
-### MODIFICATIONS
-## make modifications desired in your image and install packages by modifying the build.sh script
-## the following RUN directive does all the things required to run "build.sh" as recommended.
-
-RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
-  --mount=type=cache,dst=/var/cache \
-  --mount=type=cache,dst=/var/log \
-  --mount=type=tmpfs,dst=/tmp \
-  /ctx/gnome/build.sh && /ctx/gnome/cleanup.sh
-
-### LINTING
-## Verify final image and contents are correct.
-RUN bootc container lint

Containerfile.niri

@@ -1,35 +0,0 @@
-ARG FEDORA_BASE=43
-
-# Allow build scripts to be referenced without being copied into the final image
-FROM scratch AS ctx
-COPY build_files /
-COPY /sys_files /sys_files
-COPY cosign.pub /cosign.pub
-
-# Base Image
-FROM quay.io/fedora-ostree-desktops/base-atomic:$FEDORA_BASE
-
-### [IM]MUTABLE /opt
-## Some bootable images, like Fedora, have /opt symlinked to /var/opt, in order to
-## make it mutable/writable for users. However, some packages write files to this directory,
-## thus its contents might be wiped out when bootc deploys an image, making it troublesome for
-## some packages. Eg, google-chrome, docker-desktop.
-##
-## Uncomment the following line if one desires to make /opt immutable and be able to be used
-## by the package manager.
-
-RUN rm /opt && mkdir /opt
-
-### MODIFICATIONS
-## make modifications desired in your image and install packages by modifying the build.sh script
-## the following RUN directive does all the things required to run "build.sh" as recommended.
-
-RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
-  --mount=type=cache,dst=/var/cache \
-  --mount=type=cache,dst=/var/log \
-  --mount=type=tmpfs,dst=/tmp \
-  /ctx/niri/build.sh && /ctx/niri/cleanup.sh
-
-### LINTING
-## Verify final image and contents are correct.
-RUN bootc container lint

build_files/build.sh

@@ -0,0 +1,75 @@
+#!/bin/bash
+
+set -ouex pipefail
+
+# Copy System Files onto root
+rsync -rvK /ctx/sys_files/ /
+
+# Copy cosign.pub key into the right location
+mkdir -p /etc/pki/containers
+cp /ctx/cosign.pub /etc/pki/containers/davejansen.pub
+
+### Install packages
+
+# Add country query to all repo metalinks
+# shellcheck disable=SC2016
+sed -i -e '/^metalink\=/s/\$releasever\&arch\=\$basearch$/\$releasever\&arch\=\$basearch\&country\=KR,JP,TW/g' /etc/yum.repos.d/*.repo
+
+# Update all existing packages
+dnf5 update -y
+
+# Install my own layered packages
+dnf5 install -y \
+  fish \
+  tmux \
+  neovim \
+  ripgrep \
+  curl wget \
+  stow \
+  pass \
+  wl-clipboard \
+  htop \
+  gnupg2-scdaemon \
+  pinentry pinentry-tty pinentry-gnome3 \
+  patch gcc gcc-c++ \
+  python3 python3-pip \
+  nodejs \
+  php composer \
+  weechat \
+  neomutt libnotify notmuch abook isync \
+  khal vdirsyncer \
+  newsboat
+#dotnet-sdk-8.0 \
+
+# Install uv
+curl -LsSf https://astral.sh/uv/install.sh | sh
+
+# Install LazyGit
+dnf5 copr enable -y dejan/lazygit
+dnf5 install -y lazygit
+
+# Install `host-spawn`
+wget https://github.com/1player/host-spawn/releases/latest/download/host-spawn-x86_64
+chmod +x host-spawn-x86_64
+mv host-spawn-x86_64 /usr/local/bin/host-spawn
+
+# Set up a few host-spawn aliases
+ln -s /usr/local/bin/host-spawn /usr/local/bin/flatpak
+ln -s /usr/local/bin/host-spawn /usr/sbin/podman
+
+# For seeing notifications (ie. from )
+ln -s /usr/local/bin/host-spawn /usr/sbin/dbus-send
+ln -s /usr/local/bin/host-spawn /usr/local/bin/op
+
+# Cleanup
+
+dnf5 clean all
+
+# Remove tmp files
+rm -rf /tmp/* || true
+
+# # Make sure /var/tmp is properly created
+# mkdir -p /var/tmp
+# chmod -R 1777 /var/tmp
+
+echo "Done."

build_files/common/packages.sh

@@ -1,101 +0,0 @@
-#!/bin/bash
-
-set -ouex pipefail
-
-### Install packages
-
-# Packages can be installed from any enabled yum repo on the image.
-# RPMfusion repos are available by default in ublue main images
-# List of rpmfusion packages can be found here:
-# https://mirrors.rpmfusion.org/mirrorlist?path=free/fedora/updates/39/x86_64/repoview/index.html&protocol=https&redirect=1
-
-# Enable fedora-multimedia with a higher priority than default
-if ! grep -q fedora-multimedia <(dnf5 repolist); then
-  # Enable or Install Repofile
-  #dnf5 install \
-  #  https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
-  #  https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
-
-  # Enable fedora-multimedia
-  dnf5 config-manager setopt fedora-multimedia.enabled=1 ||
-    dnf5 config-manager addrepo --from-repofile="https://negativo17.org/repos/fedora-multimedia.repo"
-fi
-
-# Set higher priority
-dnf5 config-manager setopt fedora-multimedia.priority=90
-
-# use override to replace mesa and others with less crippled versions
-OVERRIDES=(
-  "intel-gmmlib"
-  "intel-mediasdk"
-  "intel-vpl-gpu-rt"
-  "libheif"
-  "libva"
-  "libva-intel-media-driver"
-  "mesa-dri-drivers"
-  "mesa-filesystem"
-  "mesa-libEGL"
-  "mesa-libGL"
-  "mesa-libgbm"
-  "mesa-va-drivers"
-  "mesa-vulkan-drivers"
-)
-
-dnf5 distro-sync --skip-unavailable -y --repo='fedora-multimedia' "${OVERRIDES[@]}"
-dnf5 versionlock add "${OVERRIDES[@]}"
-
-# Add Flathub to the image for eventual application
-mkdir -p /etc/flatpak/remotes.d/
-curl --retry 3 -Lo /etc/flatpak/remotes.d/flathub.flatpakrepo https://dl.flathub.org/repo/flathub.flatpakrepo
-
-# Remove Fedora's package that enforces their own (filtered) version of the
-# flathub repo is present, as-well as the system-installed Firefox as I prefer to use the Flatpak version
-dnf5 remove -y fedora-flathub-remote firefox firefox-langpacks
-
-# Remove additional repositories Fedora comes with out of the box
-# And don't raise an error if any of these files does not exist when attempting
-# to delete them.
-rm \
-  /etc/yum.repos.d/fedora-cisco-openh264.repo \
-  /etc/yum.repos.d/google-chrome.repo \
-  /etc/yum.repos.d/rpmfusion-nonfree-nvidia-driver.repo \
-  /etc/yum.repos.d/rpmfusion-nonfree-steam.repo \
-  /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:phracek:PyCharm.repo \
-  2>&1
-
-# Add country query to all repo metalinks
-# shellcheck disable=SC2016
-sed -i -e '/^metalink\=/s/\$releasever\&arch\=\$basearch$/\$releasever\&arch\=\$basearch\&country\=KR,JP,AU/g' /etc/yum.repos.d/*.repo
-
-# Add 1Password repo
-#rpmkeys --import https://downloads.1password.com/linux/keys/1password.asc
-cp /ctx/rpm-keys/1password.asc /etc/pki/rpm-gpg/1password.asc
-sh -c 'echo -e "[1password]\nname=1Password Stable Channel\nbaseurl=https://downloads.1password.com/linux/rpm/stable/\$basearch\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\ngpgkey=\"file:///etc/pki/rpm-gpg/1password.asc\"" > /etc/yum.repos.d/1password.repo'
-
-# Add Tailscale repo
-#rpmkeys --import https://pkgs.tailscale.com/stable/fedora/repo.gpg
-#dnf5 config-manager addrepo --from-repofile=https://pkgs.tailscale.com/stable/fedora/tailscale.repo
-cp /ctx/rpm-keys/tailscale.gpg /etc/pki/rpm-gpg/tailscale.gpg
-sh -c 'echo -e "[tailscale-stable]\nname=Tailscale stable\nbaseurl=https://pkgs.tailscale.com/stable/fedora/\$basearch\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\ngpgkey=\"file:///etc/pki/rpm-gpg/tailscale.gpg\"" > /etc/yum.repos.d/tailscale.repo'
-
-# Install my own layered packages
-dnf5 install -y \
-  fish \
-  gvfs-nfs \
-  openssl \
-  wl-clipboard \
-  ffmpeg ffmpeg-libs ffmpegthumbnailer \
-  heif-pixbuf-loader intel-vaapi-driver libavcodec libheif \
-  libcamera libcamera-gstreamer libcamera-ipa libcamera-tools pipewire-plugin-libcamera \
-  gnome-shell-extension-appindicator \
-  1password 1password-cli \
-  tailscale \
-  waypipe \
-  htop
-
-cd /tmp
-wget -O bitwarden.rpm "https://bitwarden.com/download/?app=desktop&platform=linux&variant=rpm"
-dnf install -y ./bitwarden.rpm
-
-# Update all existing packages
-# dnf5 update -y

build_files/common/services.sh

@@ -1,6 +0,0 @@
-#!/bin/bash
-
-set -ouex pipefail
-
-# Enable Tailscale service
-systemctl enable tailscaled

build_files/common/setup.sh

@@ -1,12 +0,0 @@
-#!/bin/bash
-
-set -ouex pipefail
-
-# Copy System Files onto root
-rsync -rvK /ctx/sys_files/ /
-
-# Copy cosign.pub key into the right location
-mkdir -p /etc/pki/containers
-cp /ctx/cosign.pub /etc/pki/containers/davejansen.pub
-
-/ctx/common/packages.sh

build_files/gnome/build.sh

@@ -1,15 +0,0 @@
-#!/bin/bash
-
-set -ouex pipefail
-
-/ctx/common/setup.sh
-
-# Install Niri, the scrollable-tiling window compositor
-# https://yalter.github.io/niri/
-dnf5 -y copr enable avengemedia/dms
-dnf5 -y install niri dms alacritty brightnessctl
-dnf5 -y copr disable avengemedia/dms
-
-/ctx/common/services.sh
-
-echo "Done."

build_files/gnome/cleanup.sh

@@ -1,120 +0,0 @@
-#!/bin/bash
-
-set -ouex pipefail
-
-# Delete 1Password and Tailscale repos once packages are installed
-# so they don't end up in the final image, and don't raise an error if any of
-# these files does not exist when attempting to delete them.
-rm \
-  /etc/yum.repos.d/1password.repo \
-  /etc/yum.repos.d/tailscale.repo \
-  /etc/pki/rpm-gpg/1password.asc \
-  /etc/pki/rpm-gpg/tailscale.gpg \
-  2>&1
-
-# Or just disable:
-# dnf5 config-manager setopt 1password.enabled=0 tailscale-stable.enabled=0
-# sed -i 's/enabled=1/enabled=0/' \
-#   /etc/yum.repos.d/1password.repo \
-#   /etc/yum.repos.d/tailscale.repo \
-
-# Fedora Flatpak service is a part of the flatpak package, ensure it's overridden by moving to replace it at the end of the build.
-mv -f /usr/lib/systemd/system/flatpak-add-flathub-repos.service /usr/lib/systemd/system/flatpak-add-fedora-repos.service
-
-# Re-install all pre-installed (GNOME) applications from Flathub
-#flatpak install --reinstall flathub "$(flatpak list --app-runtime=org.fedoraproject.Platform --columns=application | tail -n +1 )"
-
-# ...and remove  the fedora flatpak remotes
-#flatpak remote-delete --force fedora
-#flatpak remote-delete --force fedora-testing
-
-# TODO: Add flathub remove, enable, and remove filter
-# TODO: Install core GNOME Flatpak apps
-# TODO: Install my own commonly used Flatpak apps
-# IDEA: Can I set certain dconf settings, like Ptyxis config, temperature settings, etc?
-# IDEA: Can I set certain Flatpak system defaults (ie. no read/write anywhere by default)
-
-# Remove dnf5 versionlocks
-dnf5 versionlock clear
-
-# Remove tmp files and everything in dirs that make bootc unhappy
-rm -rf /tmp/* || true
-rm -rf /usr/etc
-rm -rf /boot && mkdir /boot
-# Preserve cache mounts
-find /var/* -maxdepth 0 -type d \! -name cache \! -name log -exec rm -rf {} \;
-find /var/cache/* -maxdepth 0 -type d \! -name libdnf5 -exec rm -rf {} \;
-
-# Make sure /var/tmp is properly created
-mkdir -p /var/tmp
-chmod -R 1777 /var/tmp
-
-## Handle files that rpm-ostree would normally remove
-## Adapted from: https://github.com/hhd-dev/rechunk/blob/master/1_prune.sh#L33
-
-# if [ -f /etc/passwd ]; then
-#   out="$(grep -v 'root' /etc/passwd)"
-#
-#   if [[ ! -z "$out" ]]; then
-#     echo
-#     echo Appending the following passwd users to /usr/lib/passwd
-#     echo "${out}"
-#     echo "$out" >>/usr/lib/passwd
-#   fi
-# fi
-
-if [ -f /etc/group ]; then
-  out="$(grep -v 'root\|wheel' /etc/group)"
-
-  if [[ ! -z "$out" ]]; then
-    echo
-    echo Appending the following group entries to /usr/lib/group
-    echo "$out"
-    echo "$out" >>/usr/lib/group
-  fi
-fi
-
-if [ -f /etc/passwd ] || [ -f /etc/group ]; then
-  echo
-  echo "Warning: Make sure processed users and groups are from installed programs!"
-fi
-
-# # Create defaults for /etc/passwd, /etc/group
-# cat <<EOT >/etc/passwd
-# root:x:0:0:root:/root:/bin/bash
-# EOT
-# cat <<EOT >/etc/group
-# root:x:0:
-# wheel:x:10:
-# EOT
-
-# Extra lock files created by container processes that might cause issues
-rm -rf \
-  /etc/.pwd.lock \
-  /etc/passwd- \
-  /etc/group- \
-  /etc/shadow- \
-  /etc/gshadow- \
-  /etc/subuid- \
-  /etc/subgid- \
-  /.dockerenv
-
-# # Merge /usr/etc to /etc
-# # OSTree will error out if both dirs exist
-# # And rpm-ostree will be confused and use only one of them
-# if [ -d /usr/etc ]; then
-#   echo
-#   echo WARNING: FOUND /usr/etc. MERGING TO ETC FOR COMPATIBILITY
-#   echo EXPECT PERMISSIONS ISSUES ON THE MERGED PATHS
-#   echo The following files from /usr/etc will be merged to /etc:
-#   tree /usr/etc
-#
-#   echo
-#   rsync -aAX --numeric-ids --checksum --links /usr/etc/ /etc
-#   rm -rf /usr/etc
-# fi
-#
-# # Move /etc to /usr/etc
-# mv /etc /usr/
-
-# ...normal ublue-inspired steps continue.

build_files/niri/build.sh

@@ -1,20 +0,0 @@
-#!/bin/bash
-
-set -ouex pipefail
-
-/ctx/common/setup.sh
-
-# Install Niri, the scrollable-tiling window compositor
-# https://yalter.github.io/niri/
-dnf5 -y copr enable avengemedia/dms
-
-# Install my own layered packages
-dnf5 install -y \
-  alacritty \
-  niri dms
-
-dnf5 -y copr disable avengemedia/dms
-
-/ctx/common/services.sh
-
-echo "Done."

build_files/niri/cleanup.sh

@@ -1,120 +0,0 @@
-#!/bin/bash
-
-set -ouex pipefail
-
-# Delete 1Password and Tailscale repos once packages are installed
-# so they don't end up in the final image, and don't raise an error if any of
-# these files does not exist when attempting to delete them.
-rm \
-  /etc/yum.repos.d/1password.repo \
-  /etc/yum.repos.d/tailscale.repo \
-  /etc/pki/rpm-gpg/1password.asc \
-  /etc/pki/rpm-gpg/tailscale.gpg \
-  2>&1
-
-# Or just disable:
-# dnf5 config-manager setopt 1password.enabled=0 tailscale-stable.enabled=0
-# sed -i 's/enabled=1/enabled=0/' \
-#   /etc/yum.repos.d/1password.repo \
-#   /etc/yum.repos.d/tailscale.repo \
-
-# Fedora Flatpak service is a part of the flatpak package, ensure it's overridden by moving to replace it at the end of the build.
-mv -f /usr/lib/systemd/system/flatpak-add-flathub-repos.service /usr/lib/systemd/system/flatpak-add-fedora-repos.service
-
-# Re-install all pre-installed (GNOME) applications from Flathub
-#flatpak install --reinstall flathub "$(flatpak list --app-runtime=org.fedoraproject.Platform --columns=application | tail -n +1 )"
-
-# ...and remove  the fedora flatpak remotes
-#flatpak remote-delete --force fedora
-#flatpak remote-delete --force fedora-testing
-
-# TODO: Add flathub remove, enable, and remove filter
-# TODO: Install core GNOME Flatpak apps
-# TODO: Install my own commonly used Flatpak apps
-# IDEA: Can I set certain dconf settings, like Ptyxis config, temperature settings, etc?
-# IDEA: Can I set certain Flatpak system defaults (ie. no read/write anywhere by default)
-
-# Remove dnf5 versionlocks
-dnf5 versionlock clear
-
-# Remove tmp files and everything in dirs that make bootc unhappy
-rm -rf /tmp/* || true
-rm -rf /usr/etc
-rm -rf /boot && mkdir /boot
-# Preserve cache mounts
-find /var/* -maxdepth 0 -type d \! -name cache \! -name log -exec rm -rf {} \;
-find /var/cache/* -maxdepth 0 -type d \! -name libdnf5 -exec rm -rf {} \;
-
-# Make sure /var/tmp is properly created
-mkdir -p /var/tmp
-chmod -R 1777 /var/tmp
-
-## Handle files that rpm-ostree would normally remove
-## Adapted from: https://github.com/hhd-dev/rechunk/blob/master/1_prune.sh#L33
-
-if [ -f /etc/passwd ]; then
-  out="$(grep -v 'root' /etc/passwd)"
-
-  if [[ ! -z "$out" ]]; then
-    echo
-    echo Appending the following passwd users to /usr/lib/passwd
-    echo "${out}"
-    echo "$out" >>/usr/lib/passwd
-  fi
-fi
-
-if [ -f /etc/group ]; then
-  out="$(grep -v 'root\|wheel' /etc/group)"
-
-  if [[ ! -z "$out" ]]; then
-    echo
-    echo Appending the following group entries to /usr/lib/group
-    echo "$out"
-    echo "$out" >>/usr/lib/group
-  fi
-fi
-
-if [ -f /etc/passwd ] || [ -f /etc/group ]; then
-  echo
-  echo "Warning: Make sure processed users and groups are from installed programs!"
-fi
-
-# # Create defaults for /etc/passwd, /etc/group
-# cat <<EOT >/etc/passwd
-# root:x:0:0:root:/root:/bin/bash
-# EOT
-# cat <<EOT >/etc/group
-# root:x:0:
-# wheel:x:10:
-# EOT
-
-# Extra lock files created by container processes that might cause issues
-rm -rf \
-  /etc/.pwd.lock \
-  /etc/passwd- \
-  /etc/group- \
-  /etc/shadow- \
-  /etc/gshadow- \
-  /etc/subuid- \
-  /etc/subgid- \
-  /.dockerenv
-
-# # Merge /usr/etc to /etc
-# # OSTree will error out if both dirs exist
-# # And rpm-ostree will be confused and use only one of them
-# if [ -d /usr/etc ]; then
-#   echo
-#   echo WARNING: FOUND /usr/etc. MERGING TO ETC FOR COMPATIBILITY
-#   echo EXPECT PERMISSIONS ISSUES ON THE MERGED PATHS
-#   echo The following files from /usr/etc will be merged to /etc:
-#   tree /usr/etc
-#
-#   echo
-#   rsync -aAX --numeric-ids --checksum --links /usr/etc/ /etc
-#   rm -rf /usr/etc
-# fi
-#
-# # Move /etc to /usr/etc
-# mv /etc /usr/
-
-# ...normal ublue-inspired steps continue.

build_files/rpm-keys/1password.asc

@@ -1,50 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBFkeAh4BEACy6fUHiFi/YvXZ2E5Gs7qFL8TSKQGLt0g8w/NtBotMNveW2Nzg
-aXcmJ2E0aXY7nBRtpIgRRrb7XuskDZwGmVx4PQshaZuIozS0T1kdMitobi4k3g2M
-551yf1bPWl1neVJ5MmbpknnaIG6VjMHxcRKE0xXDYhpBtt7QQQw1HT8vOjUOXBUf
-VIj2o7I/+cRGNgDdkbuGRccC8hSGyiWXy4FY8xPvxMSCXoL5w531ewaGl/M+mAOC
-3c6T7S05CcNN50Z6wulCiDZGvuJ2547E5iU9KClAEchJH9yQ2PkLHy3OQi0lBt+4
-PmGeBOIxvFVXGbtGGtx6oFZxVaYDzF+BHHHRRdUs75pWzRm5y/3j0j+O4UKLWvMx
-3SN7gRRu6gP5nvOw6wdyYerci2NHx1JJKlM6d6zxEj+cJ4GoBeJQhJi3UVpDy0Hh
-TX3iid9Zz1ansQrSujXU2t82695WTGau5sarheDya4niKfVOh4IDMBbA17fnqJbS
-ttYiL5i4+eqXbkAItdq+skhqqUElrROC0RKiXhX00nHu+ASHYupr/1Ac9/jdk0wG
-TNb1ue76aBGJHZA0U67onp/MkVEOCv04nHRZbHArM0w52v40VIaUax5ZYfLSOIkq
-IkPHoywmhR7W6QVlBbjP6zWVrTAWEnPx2VDQVk1CX29n/kM/J1kE60poZQARAQAB
-tDNDb2RlIHNpZ25pbmcgZm9yIDFQYXNzd29yZCA8Y29kZXNpZ25AMXBhc3N3b3Jk
-LmNvbT6JAlQEEwEIAD4CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AWIQQ/75dI
-Rprb4V2nyoCsLWJ0IBLqIgUCaAf6fgUJHDSngAAKCRCsLWJ0IBLqItFpD/0QlwqC
-5Z0YX3y8zX1J1uMkL/eQIxHJzq7aJeh7Nh5MofGl9SA0YPhU3JEwyVAZYmXzelMA
-c65YevrY7VK2yqUi8Oec7OtaMQx3Kf3hxnY69kqfkIJr+qBOZCIofpdpZYFBUyf0
-bSknt6YOlPQJezJJ0w47n87/Mrqn3BM29x8CQm4ZbbnEp8AjWUysCmwjFoc8os+k
-pRAylUKE/3WZb/LHErTbGjjX8d/QaCR8HYYGjsBzx3EAxn3/zlpDdoIZ3NGUZ6Eo
-GWRZHnGDZySMFjBPetYtXKBwPFGxxWxjlH2Me8j0z8jlIl5OmaypIA8b2QSl0BuR
-CX2fgMnCSOQWK68xTc7+3aV8cqXhVww1j56TrIMCQL/majXd9SWO4AyXsqKC5qv/
-hTC+x6EulEskgbo+W0Y8wAgO9PA438e5RucLugqSYMNPvXuj1IPY1OncBQagWup0
-KzBskSox9b44QrC1uPkuMELIvugWAGJ8XpV+PcWsxLIrSBou5sSEmmnT9Q4Uag/u
-24EEbenbG+6KvIi9QN6fDrryqmmUEBoboXWXEOJrVhjtUg4HH84RNUjF12bd4kcu
-pwEnZd/31ajITCotC5BcTvm0WGs2dmDQaX+9PlvxRSUWgZjDo7y8QVRMbYOvZ9zY
-vsIBfsOEMPeJwqarla1aZxSyuv8BFYE/g27dXYkCMwQQAQgAHRYhBPAnWT97ensh
-T+2Lyy37ftAFej6jBQJZH38iAAoJEC37ftAFej6jNj8QAM5NpjCS0FYP3eLUoGYE
-CUHKAkCPim37Wuz0E1L8zwg02XQbzwQ/99hpCbsgqm8s/cCIprfJ0ioGnMa25IJN
-0keLLgocJQHeq+7Dw+tGrqVFU3Dnpyg2F7FBSTL5fvGYtPJe8Om7FFS9bm6nDytk
-vQ7fnyZxC3l+WyxlcQeYahgW4YIMZ4qOBY+ZE4m+Y2SXTAm3qKIbJJ/oixSVXCJS
-g964G7A7PN7RMqfKsbwL2ec4CsnOfYl6xe38muPXChvwZtoW1VtNZiBYkKfEOg4U
-57cJqclNp8GQRXcSfHY3G9hRIaJic6KFrjBlgwVHpRpSxhj1ydp/RghbjUBzuY22
-hgpHeVdw2wFDVef9st+3XHu6JiEHrGpWjc7VTpCiiYaHAPIFWMu8B9gnQrxc9ZXw
-0OzS4vu82mAiyitvw+dY3V4U5uo0q56iyswmDs2S2Kn8/510n2vdCqEtaKMV5cV+
-cnF1aU1PdRct/ZMfqOC+VcfTiS/Svx5/BCie0nIATJGcYtuX9fFd4Z0V3T0N6aM7
-QENgOny7X/zJgp5dWbgkv3Qyz83rz32cfcv9gSf8yUjV3/NsxrzCeKxFWFn+oPh3
-+PTforlP1OsyZORh9IgtoQ5Jqk6YYnSsYkJfseZVQigVpaD2nWwSmmQHMnHmwDvP
-CXKaBqnE2TXnoqXw4o8nSRvYiQEcBBABCAAGBQJZH3WeAAoJEL1Y5xxC89TUrRoH
-/iGhamPA0Z/ldEtBhSYGj/307UvFywP2tlXTeJqma1XwEBzXvx6j9Xn8pLIlvFh3
-/ouLmP36bY+Ftj8Im3EWGnmVm5joe5S2hDLQI7FDbWGUwJePDNaMxC/SsvVzkXJz
-jAvajVAReB3Pu93SfsraNV/nNMGO4ALW+1Z1p/tzgwW7G4YpiXmRZ1EcL688MQKB
-/B8IrKajadMk5avGsoPc53MFEDOboZ3lA7F9WnuS6OSX3zBqyiPYxWskAiVf2TVK
-lBU54ptBq8ruhKAQqn54VJ9A3jX31XAcEv1YBw44bPvZzMPxc51ufODSWN80Y5Tu
-i5hpxQVKjCfhjtBaYrwtTnuIXQQQEQIAHRYhBCIx3/CGnuOliFrn1PeHeivJxAwx
-BQJZsEYgAAoJEPeHeivJxAwxo6oAn1dFjYZNzLyIhZeKaeIiZwGmq/9EAJ4+fRg9
-P4I7jHwe0BN3iNAG1nKbGg==
-=+LeX
------END PGP PUBLIC KEY BLOCK-----
-

build_files/rpm-keys/tailscale.gpg

@@ -1,52 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBF5UmbgBEADAA5mxC8EoWEf53RVdlhQJbNnQW7fctUA5yNcGUbGGGTk6XFqO
-nlek0Us0FAl5KVBgcS0Bj+VSwKVI/wx91tnAWI36CHeMyPTawdT4FTcS2jZMHbcN
-UMqM1mcGs3wEQmKz795lfy2cQdVktc886aAF8hy1GmZDSs2zcGMvq5KCNPuX3DD5
-INPumZqRTjwSwlGptUZrJpKWH4KvuGr5PSy/NzC8uSCuhLbFJc1Q6dQGKlQxwh+q
-AF4uQ1+bdy92GHiFsCMi7q43hiBg5J9r55M/skboXkNBlS6kFviP+PADHNZe5Vw0
-0ERtD/HzYb3cH5YneZuYXvnJq2/XjaN6OwkQXuqQpusB5fhIyLXE5ZqNlwBzX71S
-779tIyjShpPXf1HEVxNO8TdVncx/7Zx/FSdwUJm4PMYQmnwBIyKlYWlV2AGgfxFk
-mt2VexyS5s4YA1POuyiwW0iH1Ppp9X14KtOfNimBa0yEzgW3CHTEg55MNZup6k2Q
-mRGtRjeqM5cjrq/Ix15hISmgbZogPRkhz/tcalK38WWAR4h3N8eIoPasLr9i9OVe
-8aqsyXefCrziaiJczA0kCqhoryUUtceMgvaHl+lIPwyW0XWwj+0q45qzjLvKet+V
-Q8oKLT1nMr/whgeSJi99f/jE4sWIbHZ0wwR02ZCikKnS05arl3v+hiBKPQARAQAB
-tERUYWlsc2NhbGUgSW5jLiAoUGFja2FnZSByZXBvc2l0b3J5IHNpZ25pbmcga2V5
-KSA8aW5mb0B0YWlsc2NhbGUuY29tPokCTgQTAQgAOBYhBCWWqZ6qszghiTwKeUWM
-qDKVf1hoBQJeVJm4AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEEWMqDKV
-f1hoWHEP/1DYd9WZrodyV5zy1izvj0FXtUReJi374gDn3cHrG6uYtXcE9HWZhxQD
-6nDgYuey5sBhLvPQiE/sl5GYXNw/O95XVk8HS54BHCCYq1GeYkZaiCGLGFBA08JK
-7PZItGsfdJHwHfhSMtGPS7Cpmylje9gh8ic56NAhC7c5tGTlD69Y8zGHjnRQC6Hg
-wF34jdp8JTQpSctpmiOxOXN+eH8N59zb0k30CUym1Am438AR0PI6RBTnubBH+Xsc
-eQhLJnmJ1bM6GP4agXw5T1G/qp95gjIddHXzOkEvrpVfJFCtp91VIlBwycspKYVp
-1IKAdPM6CVf/YoDkawwm4y4OcmvNarA5dhWBG0Xqse4v1dlYbiHIFcDzXuMyrHYs
-D2Wg8Hx8TD64uBHY0fp24nweCLnaZCckVUsnYjb0A494lgwveswbZeZ6JC5SbDKH
-Tc2SE4jq+fsEEJsqsdHIC04d+pMXI95HinJHU1SLBTeKLvEF8Zuk7RTJyaUTjs7h
-Ne+xWDmRjjR/D/GXBxNrM9mEq6Jvp/ilYTdWwAyrSmTdotHb+NWjAGpJWj5AZCH9
-HeBr2mtVhvTu3KtCQmGpRiR18zMbmemRXUh+IX5hpWGzynhtnSt7vXOvhJdqqc1D
-VennRMQZMb09wJjPcvLIApUMl69r29XmyB59NM3UggK/UCJrpYfmuQINBF5UmbgB
-EADTSKKyeF3XWDxm3x67MOv1Zm3ocoe5xGDRApPkgqEMA+7/mjVlahNXqA8btmwM
-z1BH5+trjOUoohFqhr9FPPLuKaS/pE7BBP38KzeA4KcTiEq5FQ4JzZAIRGyhsAr+
-6bxcKV/tZirqOBQFC7bH2UAHH7uIKHDUbBIDFHjnmdIzJ5MBPMgqvSPZvcKWm40g
-W+LWMGoSMH1Uxd+BvW74509eezL8p3ts42txVNvWMSKDkpiCRMBhfcf5c+YFXWbu
-r5qus2mnVw0hIyYTUdRZIkOcYBalBjewVmGuSIISnUv76vHz133i0zh4JcXHUDqc
-yLBUgVWckqci32ahy3jc4MdilPeAnjJQcpJVBtMUNTZ4KM7UxLmOa5hYwvooliFJ
-wUFPB+1ZwN8d+Ly12gRKf8qA/iL8M5H4nQrML2dRJ8NKzP2U73Fw+n6S1ngrDX8k
-TPhQBq4EDjDyX7SW3Liemj5BCuWJAo53/2cL9P9I5Nu3i2pLJOHzjBSXxWaMMmti
-kopArlSMWMdsGgb0xYX+aSV7xW+tefYZJY1AFJ1x2ZgfIc+4zyuXnHYA2jVYLAfF
-pApqwwn8JaTJWNhny/OtAss7XV/WuTEOMWXaTO9nyNmHla9KjxlBkDJG9sCcgYMg
-aCAnoLRUABCWatxPly9ZlVbIPPzBAr8VN/TEUbceAH0nIwARAQABiQI2BBgBCAAg
-FiEEJZapnqqzOCGJPAp5RYyoMpV/WGgFAl5UmbgCGwwACgkQRYyoMpV/WGji9w/8
-Di9yLnnudvRnGLXGDDF2DbQUiwlNeJtHPHH4B9kKRKJDH1Rt5426Lw8vAumDpBlR
-EeuT6/YQU+LSapWoDzNcmDLzoFP7RSQaB9aL/nJXv+VjlsVH/crpSTTgGDs8qGsL
-O3Y2U1Gjo5uMBoOfXwS8o1VWO/5eUwS0KH7hpbOuZcf9U9l1VD2YpGfnMwX1rnre
-INJqseQAUL3oyNl76gRzyuyQ4AIA06r40hZDgybH0ADN1JtfVk8z4ofo/GcfoXqm
-hifWJa2SwwHeijhdN1T/kG0FZFHs1DBuBYJG3iJ3/bMeL15j1OjncIYIYccdoEUd
-uHnp4+ZYj5kND0DFziTvOC4WyPpv3BlBVariPzEnEqnhjx5RYwMabtTXoYJwUkxX
-2gAjKqh2tXissChdwDGRNASSDrChHLkQewx+SxT5kDaOhB84ZDnp+urn9A+clLkN
-lZMsMQUObaRW68uybSbZSmIWFVM1GovRMgrPG3T6PAykQhFyE/kMFrv5KpPh7jDj
-5JwzQkxLkFMcZDdS43VymKEggxqtM6scIRU55i059fLPAVXJG5in1WhMNsmt49lb
-KqB6je3plIWOLSPuCJ/kR9xdFp7Qk88GCXEd0+4z/vFn4hoOr85NXFtxhS8k9GfJ
-mM/ZfUq7YmHR+Rswe0zrrCwTDdePjGMo9cHpd39jCvc=
-=AIVM
------END PGP PUBLIC KEY BLOCK-----

disk_config/disk.toml

@@ -1,3 +0,0 @@
-[[customizations.filesystem]]
-mountpoint = "/"
-minsize = "20 GiB"

disk_config/iso-gnome.toml

@@ -1,20 +0,0 @@
-[customizations.installer.kickstart]
-contents = """
-%post
-bootc switch --mutate-in-place --transport registry ghcr.io/ublue-os/image-template:latest
-%end
-"""
-
-[customizations.installer.modules]
-enable = [
-  "org.fedoraproject.Anaconda.Modules.Storage",
-  "org.fedoraproject.Anaconda.Modules.Runtime"
-]
-disable = [
-  "org.fedoraproject.Anaconda.Modules.Network",
-  "org.fedoraproject.Anaconda.Modules.Security",
-  "org.fedoraproject.Anaconda.Modules.Services",
-  "org.fedoraproject.Anaconda.Modules.Users",
-  "org.fedoraproject.Anaconda.Modules.Subscription",
-  "org.fedoraproject.Anaconda.Modules.Timezone"
-]

disk_config/iso-kde.toml

@@ -1,21 +0,0 @@
-[customizations.installer.kickstart]
-contents = """
-%post
-bootc switch --mutate-in-place --transport registry ghcr.io/ublue-os/image-template:latest
-%end
-"""
-
-[customizations.installer.modules]
-enable = [
-  "org.fedoraproject.Anaconda.Modules.Storage",
-  "org.fedoraproject.Anaconda.Modules.Runtime",
-  "org.fedoraproject.Anaconda.Modules.Network",
-  "org.fedoraproject.Anaconda.Modules.Security",
-  "org.fedoraproject.Anaconda.Modules.Services",
-  "org.fedoraproject.Anaconda.Modules.Users",
-  "org.fedoraproject.Anaconda.Modules.Timezone"
-]
-
-disable = [
-  "org.fedoraproject.Anaconda.Modules.Subscription",
-]