FROM ghcr.io/benradey/workstation-nvidia-base:latest

RUN dnf5 install -y \
      inotify-tools && \
    dnf5 clean all

# Build nvidia akmod with flag that produces proprietary kernal driver for older hardware
RUN echo "%_without_kmod_nvidia_detect 1" > /etc/rpm/macros.nvidia-kmod && \
    mkdir -p /var/log/akmods /var/cache/akmods/nvidia /var/tmp && \
    chmod 777 /var/tmp && \
    /usr/sbin/akmods --force --kernels "$(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}')"

# The first check makes sure that we have exactly 10 gpg pubkeys trusted in the rpmdb (the ones manually imported above) (Brave adds 6, apparently?).
# Any more than that means that dnf automatically added a new one, which is shady!
# Then: cleanup image for linting
# Finally: verify image is good
# FIXME - remove the `--skip nonempty-run-tmp` when it's no longer needed
RUN [[ 10 -eq $(rpm -qa gpg-pubkey* | wc -l) ]] && \
    rm -rf /var /boot && mkdir /var /boot && \
    bootc container lint --fatal-warnings --skip nonempty-run-tmp
