FROM quay.io/fedora/fedora-silverblue:43

COPY gpg-keys/* /keys/

RUN wget -O /etc/udev/rules.d/42-logitech-unify-permissions.rules https://raw.githubusercontent.com/pwr-Solaar/Solaar/refs/heads/master/rules.d-uinput/42-logitech-unify-permissions.rules

RUN rpm --import \
      /keys/public_key_proton.asc \
      /keys/RPM-GPG-KEY-rpmfusion-free-fedora-2020 \
      /keys/RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020 \
      /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-43-x86_64 && \
    rm -rf /keys && \
    dnf5 install -y https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
      https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm \
      https://repo.protonvpn.com/fedora-$(cat /etc/fedora-release | cut -d' ' -f 3)-stable/protonvpn-stable-release/protonvpn-stable-release-1.0.3-1.noarch.rpm && \
    dnf5 install -y \
      akmods \
      android-tools \
      ansible \
      cinnamon \
      distrobox \
      dkms \
      fuse-sshfs \
      geany \
      git \
      gnome-terminal \
      htop \
      iftop \
      iotop \
      libavcodec-freeworld \
      libva-nvidia-driver \
      nvtop \
      radeontop \
      steam \
      syncthing \
      vim \
      vulkan-tools \
      xinput && \
    dnf5 swap -y ffmpeg-free ffmpeg --allowerasing && \
    dnf5 swap -y mesa-va-drivers mesa-va-drivers-freeworld && \
    dnf5 swap -y mesa-vdpau-drivers mesa-vdpau-drivers-freeworld && \
    dnf5 clean all

# TODO: Remove this `|| true` hack once post scriptlets no longer make dnf exit with non-zero
RUN dnf5 install -y akmod-nvidia proton-vpn-gnome-desktop || true
# TODO: Remove these unnecessary checks to make sure the packages above actually got installed. rpm exits non-zero if the package is not installed and aborts the Containerfile build
RUN rpm -q akmod-nvidia && rpm -q proton-vpn-gnome-desktop

RUN /usr/sbin/akmods --force --kernels "$(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}')"

RUN git clone https://github.com/johnfanv2/LenovoLegionLinux.git && \
    mkdir -p /usr/src/LenovoLegionLinux-1.0.0 && \
    cp /LenovoLegionLinux/kernel_module/* /usr/src/LenovoLegionLinux-1.0.0 -r && \
    dkms add -m LenovoLegionLinux -v 1.0.0 && \
    dkms build -m LenovoLegionLinux -v 1.0.0 -k $(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}') && \
    rm -rf LenovoLegionLinux

# The first check makes sure that we have exactly 4 gpg pubkeys trusted in the rpmdb (the ones manually imported above).
# Any more than that means that dnf automatically added a new one, which is shady!
# Then: cleanup image for linting
# Finally: verify image is good
RUN [[ 4 -eq $(rpm -qa gpg-pubkey* | wc -l) ]] && \
    rm -rf /var /boot && mkdir /var /boot && \
    bootc container lint --fatal-warnings --skip baseimage-composefs
