Configuration for my daily work machine running Silverblue.
Silverblue setup using OSTree native containers, the post-install playbook and scripts are only required after the first install.
This is an opinionated build that probably won't suit your needs.
To rebase an existing Silverblue/Kinoite machine to the latest release:
- Download and install Fedora Silverblue
- After you reboot you should pin the working deployment so you can safely rollback
- Open a terminal and use one of the following commands to rebase the OS:
sudo rpm-ostree rebase ostree-unverified-registry:ghcr.io/aorith/blueconfig:stable
Check post-install for the post-install instructions.
These images are signed with sisgstore's cosign. You can verify the signature by downloading the cosign.pub key from this repo and running the following command:
cosign verify --key cosign.pub ghcr.io/aorith/blueconfig
If you're forking this repo you should read the docs on keeping secrets in github. You need to generate a new keypair with cosign. The public key can be in your public repo (your users need it to check the signatures), and you can paste the private key in Settings -> Secrets -> Actions.
This is for easy testing on a VM.
# Run a local registry
podman run --rm -p 5000:5000 registry:2
# Build the image
podman build . -t localhost:5000/blueconfig
# Push the image
podman push --tls-verify=false localhost:5000/blueconfigOn the VM create the file `/etc/containers/registries.conf.d/local.conf:
[[registry]]
location = "<host IP>:5000"
insecure = true
Then rebase:
sudo rpm-ostree rebase ostree-unverified-registry:HOST_IP:5000/blueconfig:latest