fedora-bootc/build_files/build.sh

#!/bin/bash

set -ouex pipefail

# Copy System Files onto root
rsync -rvK /ctx/sys_files/ /

### Install packages

# Packages can be installed from any enabled yum repo on the image.
# RPMfusion repos are available by default in ublue main images
# List of rpmfusion packages can be found here:
# https://mirrors.rpmfusion.org/mirrorlist?path=free/fedora/updates/39/x86_64/repoview/index.html&protocol=https&redirect=1

# Install RPMFusion and enable fedora-multimedia with a higher priority than default
if ! grep -q fedora-multimedia <(dnf5 repolist); then
  # Enable or Install Repofile
  #dnf5 install \
  #  https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
  #  https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm

  # Enable fedora-multimedia
  dnf5 config-manager setopt fedora-multimedia.enabled=1 ||
    dnf5 config-manager addrepo --from-repofile="https://negativo17.org/repos/fedora-multimedia.repo"
fi

# Set higher priority
dnf5 config-manager setopt fedora-multimedia.priority=90

# Remove system-installed Firefox as I prefer to use the Flatpak version
dnf5 remove -y firefox firefox-langpacks fedora-flathub-remote

# Add Flathub to the image for eventual application
mkdir -p /etc/flatpak/remotes.d/
curl --retry 3 -Lo /etc/flatpak/remotes.d/flathub.flatpakrepo https://dl.flathub.org/repo/flathub.flatpakrepo

# use override to replace mesa and others with less crippled versions
OVERRIDES=(
  "intel-gmmlib"
  "intel-mediasdk"
  "intel-vpl-gpu-rt"
  "libheif"
  "libva"
  "libva-intel-media-driver"
  "mesa-dri-drivers"
  "mesa-filesystem"
  "mesa-libEGL"
  "mesa-libGL"
  "mesa-libgbm"
  "mesa-va-drivers"
  "mesa-vulkan-drivers"
)

dnf5 distro-sync --skip-unavailable -y --repo='fedora-multimedia' "${OVERRIDES[@]}"
dnf5 versionlock add "${OVERRIDES[@]}"

# Remove additional repositories Fedora comes with out of the box
rm \
  /etc/yum.repos.d/fedora-cisco-openh264.repo \
  /etc/yum.repos.d/google-chrome.repo \
  /etc/yum.repos.d/rpmfusion-nonfree-nvidia-driver.repo \
  /etc/yum.repos.d/rpmfusion-nonfree-steam.repo \
  /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:phracek:PyCharm.repo

# Add country query to all repo metalinks
# shellcheck disable=SC2016
sed -i -e '/^metalink\=/s/\$releasever\&arch\=\$basearch$/\$releasever\&arch\=\$basearch\&country\=KR,JP,TW/g' /etc/yum.repos.d/*.repo

# Add 1Password repo
#rpmkeys --import https://downloads.1password.com/linux/keys/1password.asc
cp /ctx/rpm-keys/1password.asc /etc/pki/rpm-gpg/1password.asc
sh -c 'echo -e "[1password]\nname=1Password Stable Channel\nbaseurl=https://downloads.1password.com/linux/rpm/stable/\$basearch\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\ngpgkey=\"file:///etc/pki/rpm-gpg/1password.asc\"" > /etc/yum.repos.d/1password.repo'

# Add Tailscale repo
#rpmkeys --import https://pkgs.tailscale.com/stable/fedora/repo.gpg
#dnf5 config-manager addrepo --from-repofile=https://pkgs.tailscale.com/stable/fedora/tailscale.repo
cp /ctx/rpm-keys/tailscale.gpg /etc/pki/rpm-gpg/tailscale.gpg
sh -c 'echo -e "[tailscale-stable]\nname=Tailscale stable\nbaseurl=https://pkgs.tailscale.com/stable/fedora/\$basearch\nenabled=1\ngpgcheck=1\nrepo_gpgcheck=1\ngpgkey=\"file:///etc/pki/rpm-gpg/tailscale.gpg\"" > /etc/yum.repos.d/tailscale.repo'

# Update all existing packages
# dnf5 update -y

# Install my own layered packages
dnf5 install -y \
  gvfs-nfs \
  openssl \
  wl-clipboard \
  ffmpeg ffmpeg-libs ffmpegthumbnailer \
  heif-pixbuf-loader intel-vaapi-driver libavcodec libheif \
  libcamera libcamera-gstreamer libcamera-ipa libcamera-tools pipewire-plugin-libcamera \
  gnome-shell-extension-appindicator \
  1password 1password-cli \
  tailscale

# Install Niri, the scrollable-tiling window compositor
# https://yalter.github.io/niri/
dnf5 -y copr enable avengemedia/dms
dnf5 -y install --disablerepo="*" --enablerepo="avengemedia-dms" niri dms
dnf5 -y copr disable avengemedia/dms

systemctl enable niri.service
systemctl add-wants niri.service dms

## CLEANUP

# Delete 1Password and Tailscale repos once packages are installed
# so they don't end up in the final image.
rm \
  /etc/yum.repos.d/1password.repo \
  /etc/yum.repos.d/tailscale.repo \
  /etc/pki/rpm-gpg/1password.asc \
  /etc/pki/rpm-gpg/tailscale.gpg

# Or just disable:
# dnf5 config-manager setopt 1password.enabled=0 tailscale-stable.enabled=0
# sed -i 's/enabled=1/enabled=0/' \
#   /etc/yum.repos.d/1password.repo \
#   /etc/yum.repos.d/tailscale.repo \

# Fedora Flatpak service is a part of the flatpak package, ensure it's overridden by moving to replace it at the end of the build.
mv -f /usr/lib/systemd/system/flatpak-add-flathub-repos.service /usr/lib/systemd/system/flatpak-add-fedora-repos.service

# Re-install all pre-installed (GNOME) applications from Flathub
#flatpak install --reinstall flathub "$(flatpak list --app-runtime=org.fedoraproject.Platform --columns=application | tail -n +1 )"

# ...and remove  the fedora flatpak remotes
#flatpak remote-delete --force fedora
#flatpak remote-delete --force fedora-testing

# TODO: Add flathub remove, enable, and remove filter
# TODO: Install core GNOME Flatpak apps
# TODO: Install my own commonly used Flatpak apps
# IDEA: Can I set certain dconf settings, like Ptyxis config, temperature settings, etc?
# IDEA: Can I set certain Flatpak system defaults (ie. no read/write anywhere by default)

# Enable Tailscale service
systemctl enable tailscaled

# Cleanup

# Remove dnf5 versionlocks
dnf5 versionlock clear

# Remove tmp files and everything in dirs that make bootc unhappy
rm -rf /tmp/* || true
rm -rf /usr/etc
rm -rf /boot && mkdir /boot
# Preserve cache mounts
find /var/* -maxdepth 0 -type d \! -name cache \! -name log -exec rm -rf {} \;
find /var/cache/* -maxdepth 0 -type d \! -name libdnf5 -exec rm -rf {} \;

# Make sure /var/tmp is properly created
mkdir -p /var/tmp
chmod -R 1777 /var/tmp

echo "Done."