Define tree for pitti's workstation
authorMartin Pitt <martin@piware.de>
Mon, 17 Jun 2019 19:42:46 +0000 (21:42 +0200)
committerMartin Pitt <martin@piware.de>
Sun, 8 Aug 2021 05:54:53 +0000 (07:54 +0200)
Also add helper script for running the ostree build.

2015-RH-IT-Root-CA.pem [new file with mode: 0644]
README.md
compose.sh [new file with mode: 0755]
fedora-34-updates.repo
fedora-common-ostree.yaml
pitti-desktop.yaml [new file with mode: 0644]
pitti-post.sh [new file with mode: 0755]
rpmfusion.repo [new file with mode: 0644]

diff --git a/2015-RH-IT-Root-CA.pem b/2015-RH-IT-Root-CA.pem
new file mode 100644 (file)
index 0000000..f306f00
--- /dev/null
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIENDCCAxygAwIBAgIJANunI0D662cnMA0GCSqGSIb3DQEBCwUAMIGlMQswCQYD
+VQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVp
+Z2gxFjAUBgNVBAoMDVJlZCBIYXQsIEluYy4xEzARBgNVBAsMClJlZCBIYXQgSVQx
+GzAZBgNVBAMMElJlZCBIYXQgSVQgUm9vdCBDQTEhMB8GCSqGSIb3DQEJARYSaW5m
+b3NlY0ByZWRoYXQuY29tMCAXDTE1MDcwNjE3MzgxMVoYDzIwNTUwNjI2MTczODEx
+WjCBpTELMAkGA1UEBhMCVVMxFzAVBgNVBAgMDk5vcnRoIENhcm9saW5hMRAwDgYD
+VQQHDAdSYWxlaWdoMRYwFAYDVQQKDA1SZWQgSGF0LCBJbmMuMRMwEQYDVQQLDApS
+ZWQgSGF0IElUMRswGQYDVQQDDBJSZWQgSGF0IElUIFJvb3QgQ0ExITAfBgkqhkiG
+9w0BCQEWEmluZm9zZWNAcmVkaGF0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBALQt9OJQh6GC5LT1g80qNh0u50BQ4sZ/yZ8aETxt+5lnPVX6MHKz
+bfwI6nO1aMG6j9bSw+6UUyPBHP796+FT/pTS+K0wsDV7c9XvHoxJBJJU38cdLkI2
+c/i7lDqTfTcfLL2nyUBd2fQDk1B0fxrskhGIIZ3ifP1Ps4ltTkv8hRSob3VtNqSo
+GxkKfvD2PKjTPxDPWYyruy9irLZioMffi3i/gCut0ZWtAyO3MVH5qWF/enKwgPES
+X9po+TdCvRB/RUObBaM761EcrLSM1GqHNueSfqnho3AjLQ6dBnPWlo638Zm1VebK
+BELyhkLWMSFkKwDmne0jQ02Y4g075vCKvCsCAwEAAaNjMGEwHQYDVR0OBBYEFH7R
+4yC+UehIIPeuL8Zqw3PzbgcZMB8GA1UdIwQYMBaAFH7R4yC+UehIIPeuL8Zqw3Pz
+bgcZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
+CwUAA4IBAQBDNvD2Vm9sA5A9AlOJR8+en5Xz9hXcxJB5phxcZQ8jFoG04Vshvd0e
+LEnUrMcfFgIZ4njMKTQCM4ZFUPAieyLx4f52HuDopp3e5JyIMfW+KFcNIpKwCsak
+oSoKtIUOsUJK7qBVZxcrIyeQV2qcYOeZhtS5wBqIwOAhFwlCET7Ze58QHmS48slj
+S9K0JAcps2xdnGu0fkzhSQxY8GPQNFTlr6rYld5+ID/hHeS76gq0YG3q6RLWRkHf
+4eTkRjivAlExrFzKcljC4axKQlnOvVAzz+Gm32U0xPBF4ByePVxCJUHw1TsyTmel
+RxNEp7yHoXcwn+fXna+t5JWh1gxUZty3
+-----END CERTIFICATE-----
index 31f49b81b506049ccbc5d888f0789d44faa0c4b0..b0eb74d811dfd62a354266c36f1347c73f20b3ea 100644 (file)
--- a/README.md
+++ b/README.md
@@ -1,3 +1,30 @@
+Martin Pitt's desktop
+=====================
+
+This is an [rpm-ostree](https://coreos.github.io/rpm-ostree/) based minimal
+[Fedora](https://getfedora.org/) developer desktop with the [sway window manager](https://swaywm.org/) and [podman](https://podman.io/)/[toolbox](https://docs.fedoraproject.org/en-US/fedora-silverblue/toolbox/) for doing development and running less common graphical applications.
+
+It gets [automatically built](.github/workflows/build.yml) every week and [published to my server](https://piware.de/ostree/pitti-workstation/).
+
+To use it from an existing OSTree based system like [Fedora CoreOS](https://getfedora.org/coreos) or [Fedora Silverblue](https://docs.fedoraproject.org/en-US/fedora-silverblue/), add my server URL as new remote and rebase your tree to it:
+
+```sh
+sudo ostree remote add --no-gpg-verify piware https://piware.de/ostree/pitti-workstation/
+sudo rpm-ostree rebase piware:pitti-desktop
+```
+
+After that, you can install weekly updates with
+
+```
+sudo rpm-ostree upgrade
+```
+
+If anything goes wrong, you can go back to the previous version with `sudo rpm-ostree rollback`.
+
+
+Original README for [workstation-ostree-config](https://pagure.io/workstation-ostree-config)
+=============================================
+
 For some background, see:
 
  - https://fedoraproject.org/wiki/Workstation/AtomicWorkstation
diff --git a/compose.sh b/compose.sh
new file mode 100755 (executable)
index 0000000..101da94
--- /dev/null
@@ -0,0 +1,12 @@
+#!/bin/sh
+set -eu
+CACHE=/var/cache/ostree
+REPO=/var/tmp/repo
+
+mkdir -p $CACHE
+
+if [ ! -d $REPO/objects ]; then
+    ostree --repo=$REPO init --mode=archive-z2
+fi
+
+rpm-ostree compose tree --unified-core --cachedir=$CACHE --repo=$REPO pitti-desktop.yaml
index 516e1648221aa7cc1256a67bec28c60e2e2c38a1..e107df59cf15cfe355ce40b67bf81355db8896bc 100644 (file)
@@ -4,3 +4,10 @@ mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f34&
 enabled=0
 gpgcheck=1
 metadata_expire=1d
+
+[fedora-34-updates-testing]
+name=Fedora 34 $basearch Updates
+mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f34&arch=$basearch
+enabled=0
+gpgcheck=1
+metadata_expire=1d
index 01d4f56214b7757c413b7f18aaaf923d3d324fb9..83c952efa9f0c8a07f17c82480976dd48e115907 100644 (file)
@@ -3,8 +3,6 @@ ref: fedora/34/${basearch}/ostree-base
 automatic_version_prefix: "34"
 mutate-os-release: "34"
 
-include: fedora-common-ostree-pkgs.yaml
-
 packages:
   - fedora-release-silverblue
   - git-core
diff --git a/pitti-desktop.yaml b/pitti-desktop.yaml
new file mode 100644 (file)
index 0000000..5ce1473
--- /dev/null
@@ -0,0 +1,142 @@
+include: fedora-common-ostree.yaml
+
+ref: pitti-desktop
+rojig:
+  name: pitti-desktop
+  summary: "Pitti Desktop"
+  license: MIT
+
+repos:
+  - fedora-34
+  - fedora-34-updates
+  - fedora-34-updates-testing
+  - rpmfusion-free
+  - rpmfusion-free-updates
+
+packages:
+# hardware/drivers
+  - kernel
+  - kernel-modules-extra
+  - iwl6000g2a-firmware
+  - iwl7260-firmware
+  - alsa-sof-firmware
+  - NetworkManager-wifi
+  - NetworkManager-openvpn-gnome
+  - sane-backends
+  - sane-backends-drivers-scanners
+  - powertop
+  - iwd
+  - udisks2-lvm2
+  - opensc
+# basic system
+  - acl
+  - attr
+  - basesystem
+  - cryptsetup
+  - dnsmasq
+  - fedora-workstation-backgrounds
+  - filesystem
+  - glibc-langpack-de
+  - glibc-langpack-en
+  - hostname
+  - iproute
+  - kbd
+  - nss-altfiles
+  - pciutils
+  - sudo
+  - usbutils
+# shell tools and development
+  - bc
+  - gnupg2
+  - fpaste
+  - lsof
+  - man-db
+  - mtr
+  - tree
+  - bzip2
+  - zip
+  - unzip
+  - vim-enhanced
+  - ranger
+  - bash-completion
+  - fish
+  - qemu-system-x86-core
+  - qemu-ui-sdl
+  - qemu-img
+  - openvpn
+  - mutt
+  - nmap-ncat
+  - isync
+  - weechat
+  - duplicity
+  - openssh-server
+  - systemd-container
+  - git
+  - patchutils
+  - make
+  - strace
+  - wget
+  - w3m
+  - cockpit-system
+  - cockpit-ws
+  - syncthing
+  - krb5-workstation
+
+# desktop plumbing/apps
+  - dejavu-sans-fonts
+  - dejavu-serif-fonts
+  - dejavu-sans-mono-fonts
+  - fontawesome-fonts
+  - google-noto-emoji-color-fonts
+
+  - gvfs-mtp
+  - pulseaudio-utils
+  - alsa-plugins-pulseaudio
+  - gstreamer1-plugins-good
+  - gstreamer1-plugins-ugly
+  - gstreamer1-libav
+  # for wf-recorder
+  - libavdevice
+
+  - pavucontrol
+  - pcmanfm
+  - simple-scan
+  - nm-connection-editor
+  - eog
+  - evince
+  - rhythmbox
+  - gnome-keyring
+  - pinentry-gnome3
+  - lxpolkit
+  - lxterminal
+  - gnome-disk-utility
+  - gtimelog
+
+# sway/wayland desktop
+  - sway
+  - swayidle
+  - swaylock
+  - kanshi
+  - mako
+  - waybar
+  - slurp
+  - grim
+  - xorg-x11-server-Xwayland
+  - firefox-wayland
+  - wofi
+  - brightnessctl
+  - wl-clipboard
+
+exclude-packages:
+  # recommended by sway
+  - alacritty
+  - brltty
+  - glibc-all-langpacks
+  - xdg-desktop-portal-wlr
+  # recommended by gtimelog
+  - yelp
+
+add-files:
+  - ["2015-RH-IT-Root-CA.pem", "/etc/pki/ca-trust/source/anchors/2015-RH-IT-Root-CA.pem"]
+
+postprocess-script: pitti-post.sh
diff --git a/pitti-post.sh b/pitti-post.sh
new file mode 100755 (executable)
index 0000000..5491324
--- /dev/null
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+set -xeuo pipefail
+
+# Enable SysRQ
+echo 'kernel.sysrq = 1' > /usr/lib/sysctl.d/90-sysrq.conf
+
+# power saving
+echo 'blacklist e1000e' > /usr/lib/modprobe.d/blacklist-local.conf
+
+# NetworkManager config
+cat <<EOF > /usr/lib/NetworkManager/conf.d/local.conf
+[main]
+plugins=
+
+[device]
+wifi.backend=iwd
+EOF
+ln -sfn ../iwd.service /usr/lib/systemd/system/multi-user.target.wants/iwd.service
+ln -sfn /run/NetworkManager/resolv.conf /etc/resolv.conf
+
+# enable other units
+mkdir -p /usr/lib/systemd/system/getty.target.wants
+ln -s ../getty@.service /usr/lib/systemd/system/getty.target.wants/getty@tty1.service
+ln -s ../systemd-timesyncd.service /usr/lib/systemd/system/sysinit.target.wants/systemd-timesyncd.service
+ln -s ../cockpit.socket /usr/lib/systemd/system/sockets.target.wants/cockpit.socket
+ln -s ../sshd.socket /usr/lib/systemd/system/sockets.target.wants/sshd.socket
+
+# disable unwanted services
+ln -sfn /dev/null /usr/lib/systemd/user/at-spi-dbus-bus.service
+
+# move OS systemd unit defaults to /usr
+cp -a --verbose /etc/systemd/system /etc/systemd/user /usr/lib/systemd/
+rm -r /etc/systemd/system /etc/systemd/user
+
+# avoid LVM spew in /etc
+sed -i 's/backup = 1/backup = 0/; s/archive = 1/archive = 0/' /etc/lvm/lvm.conf
+
+# update for Red Hat certificate
+ln -s /etc/pki/ca-trust/source/anchors/2015-RH-IT-Root-CA.pem /etc/pki/tls/certs/2015-RH-IT-Root-CA.pem
+update-ca-trust
diff --git a/rpmfusion.repo b/rpmfusion.repo
new file mode 100644 (file)
index 0000000..e826798
--- /dev/null
@@ -0,0 +1,18 @@
+[rpmfusion-free]
+name=RPM Fusion for Fedora $releasever - Free
+#baseurl=http://download1.rpmfusion.org/free/fedora/releases/$releasever/Everything/$basearch/os/
+metalink=https://mirrors.rpmfusion.org/metalink?repo=free-fedora-34&arch=$basearch
+enabled=1
+metadata_expire=14d
+type=rpm-md
+gpgcheck=0
+
+[rpmfusion-free-updates]
+name=RPM Fusion for Fedora $releasever - Free - Updates
+#baseurl=http://download1.rpmfusion.org/free/fedora/updates/$releasever/$basearch/
+metalink=https://mirrors.rpmfusion.org/metalink?repo=free-fedora-updates-released-34&arch=$basearch
+enabled=1
+enabled_metadata=1
+type=rpm-md
+gpgcheck=0
+repo_gpgcheck=0