Be sure to have knowledge of Silverblue or Kinoite before trying this !
This is using BlueBuild and the power of Github ! The current base image is Bazzite but it could change.
This is my attempt to have a fully descriptive operating system without the hassle of NixOS.
From Project Atomic
a set of packages [[...]] pulled together with rpm-ostree to create a filesystem tree that can be deployed, and updated, as an atomic unit. This means that the entire base OS is updated simultaneously, and (just as with Docker containers) can be rolled back if needed.
This is currently a KDE desktop for my computers (laptop and desktop). In the future it should contain Hyprland.
I try to incorporate all I need into the image itself.
- Just follow those instructions to setup Github for automated builds with Actions.
- Copy what you want from here !
The recipe.yml is an abstraction layer of Universal Blue's Containerfiles.
This configuration is split as follow :
- Files (copy)
- Rpm-ostree (packages install)
- Flatpak (flatpak install/remove)
- Systemd (manage services)
- Scripts (run scripts and snippets)
- Chezmoi (fetch your dotfiles and system configuration)
- Fonts (install NerdFonts and GoogleFonts)
TODO: [] Distrobox premade containers [] Fix my dotfiles repository and enable it here [] Hardening [] on_first_run create VMs [] on_first_run create users and groups
I hope you have encrypted your drive !
-
Enroll TPM keys as LUKS
ujust setup-luks-tpm-unlockA) to remove or reinstall :sudo sh /usr/libexec/luks-disable-tpm2-autounlock
-
SecureBoot
unjust enroll-secure-boot-key
[] CHEZMOI [] FingerPrint [ ] Ansible [] users [] dotfiles [] sysconfig [] Distrobox [] Custom images [] QEMU [] Windows [] Waydroid [] Backup/Restore [] Install applications
See the BlueBuild docs for quick setup instructions for setting up your own repository based on this template.
After setup, it is recommended you update this README to describe your custom image.
Warning
This is an experimental feature, try at your own discretion.
To rebase an existing atomic Fedora installation to the latest build:
- First rebase to the unsigned image, to get the proper signing keys and policies installed:
rpm-ostree rebase ostree-unverified-registry:ghcr.io/johnr14/ublue-kde-workstation:latest - Reboot to complete the rebase:
systemctl reboot - Then rebase to the signed image, like so:
rpm-ostree rebase ostree-image-signed:docker://ghcr.io/johnr14/ublue-kde-workstation:latest - Reboot again to complete the installation
systemctl reboot
The latest tag will automatically point to the latest build. That build will still always use the Fedora version specified in recipe.yml, so you won't get accidentally updated to the next major version.
This template includes a simple Github Action to build and release an ISO of your image.
To run the action, simply edit the boot_menu.yml by changing all the references to startingpoint to your repository. This should trigger the action automatically.
The Action currently uses ublue-os/isogenerator-old and works in a similar manner to the official Universal Blue ISO. If you have any issues, you should first check the documentation page on installation. The ISO is a netinstaller and should always pull the latest version of your image.
Note that this release-iso action is not a replacement for a full-blown release automation like release-please.
These images are signed with Sigstore's cosign. You can verify the signature by downloading the cosign.pub file from this repo and running the following command:
cosign verify --key cosign.pub ghcr.io/blue-build/legacy-template