diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b5a378d..56bde7e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,9 +9,8 @@ on: env: REGISTRY: ghcr.io SERVER_IMAGE_NAME: "supermicro-x10drh" - SERVER_IMAGE_DIR: "supermicro-x10drh" LAPTOP_IMAGE_NAME: "lenovo-16arh7h" - LAPTOP_IMAGE_DIR: "lenovo-16arh7h" + DESKTOP_IMAGE_NAME: "asrock-x570" IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }} REGISTRY_USER: ${{ github.actor }} REGISTRY_PASSWORD: ${{ github.token }} @@ -27,8 +26,7 @@ jobs: - name: Build container image uses: redhat-actions/buildah-build@v2.12 with: - context: ${{ env.SERVER_IMAGE_DIR }} - containerfiles: ${{ env.SERVER_IMAGE_DIR }}/Containerfile + containerfiles: Containerfile-${{ env.SERVER_IMAGE_NAME }} image: ${{ env.SERVER_IMAGE_NAME }} layers: false oci: true @@ -43,7 +41,7 @@ jobs: password: ${{ env.REGISTRY_PASSWORD }} extra-args: | --disable-content-trust - lenovo-16arh7h: + asrock-x570: runs-on: ubuntu-latest steps: - name: Free Disk Space (Ubuntu) @@ -68,8 +66,48 @@ jobs: - name: Build container image uses: redhat-actions/buildah-build@v2.12 with: - context: ${{ env.LAPTOP_IMAGE_DIR }} - containerfiles: ${{ env.LAPTOP_IMAGE_DIR }}/Containerfile + containerfiles: Containerfile-${{ env.DESKTOP_IMAGE_NAME }} + image: ${{ env.DESKTOP_IMAGE_NAME }} + layers: false + oci: true + + - name: Push to ghcr.io + uses: redhat-actions/push-to-registry@v2.7 + with: + image: ${{ env.DESKTOP_IMAGE_NAME }} + tags: "latest" + registry: ${{ env.IMAGE_REGISTRY }} + username: ${{ env.REGISTRY_USER }} + password: ${{ env.REGISTRY_PASSWORD }} + extra-args: | + --disable-content-trust + lenovo-16arh7h: + needs: asrock-x570 + runs-on: ubuntu-latest + steps: + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@main + with: + # this might remove tools that are actually needed, + # if set to "true" but frees about 6 GB + tool-cache: false + + # all of these default to true, but feel free to set to + # "false" if necessary for your workflow + android: true + dotnet: true + haskell: true + large-packages: true + docker-images: false + swap-storage: true + + - name: Checkout repo + uses: actions/checkout@v3 + + - name: Build container image + uses: redhat-actions/buildah-build@v2.12 + with: + containerfiles: Containerfile-${{ env.LAPTOP_IMAGE_NAME }} image: ${{ env.LAPTOP_IMAGE_NAME }} layers: false oci: true @@ -84,3 +122,4 @@ jobs: password: ${{ env.REGISTRY_PASSWORD }} extra-args: | --disable-content-trust + diff --git a/lenovo-16arh7h/Containerfile b/Containerfile-asrock-x570 similarity index 78% rename from lenovo-16arh7h/Containerfile rename to Containerfile-asrock-x570 index f9af6da..31e2931 100644 --- a/lenovo-16arh7h/Containerfile +++ b/Containerfile-asrock-x570 @@ -22,7 +22,6 @@ RUN rpm --import \ blueman-nemo \ cinnamon \ distrobox \ - dkms \ fuse-sshfs \ geany \ git \ @@ -34,14 +33,11 @@ RUN rpm --import \ libva-nvidia-driver \ numlockx \ nvtop \ - python3-pyusb \ - radeontop \ steam \ syncthing \ vim \ virt-manager \ - vulkan-tools \ - xinput && \ + vulkan-tools && \ dnf5 swap -y ffmpeg-free ffmpeg --allowerasing && \ dnf5 swap -y mesa-va-drivers mesa-va-drivers-freeworld && \ dnf5 swap -y mesa-vdpau-drivers mesa-vdpau-drivers-freeworld && \ @@ -54,15 +50,6 @@ RUN rpm -q akmod-nvidia && rpm -q xorg-x11-drv-nvidia-cuda && rpm -q proton-vpn- RUN /usr/sbin/akmods --force --kernels "$(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}')" -RUN git clone https://github.com/johnfanv2/LenovoLegionLinux.git && \ - mkdir -p /usr/src/LenovoLegionLinux-1.0.0 && \ - cp /LenovoLegionLinux/kernel_module/* /usr/src/LenovoLegionLinux-1.0.0 -r && \ - dkms add -m LenovoLegionLinux -v 1.0.0 && \ - dkms build -m LenovoLegionLinux -v 1.0.0 -k $(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}') && \ - dkms install -m LenovoLegionLinux -v 1.0.0 -k $(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}') && \ - echo legion-laptop > /etc/modules-load.d/legion_laptop.conf && \ - rm -rf LenovoLegionLinux - # The first check makes sure that we have exactly 4 gpg pubkeys trusted in the rpmdb (the ones manually imported above). # Any more than that means that dnf automatically added a new one, which is shady! # Then: cleanup image for linting diff --git a/Containerfile-lenovo-16arh7h b/Containerfile-lenovo-16arh7h new file mode 100644 index 0000000..d2a7303 --- /dev/null +++ b/Containerfile-lenovo-16arh7h @@ -0,0 +1,25 @@ +FROM ghcr.io/benradey/silverblue-asrock-x570:latest + +RUN dnf5 install -y \ + dkms \ + python3-pyusb \ + radeontop \ + xinput && \ + dnf5 clean all + +RUN git clone https://github.com/johnfanv2/LenovoLegionLinux.git && \ + mkdir -p /usr/src/LenovoLegionLinux-1.0.0 && \ + cp /LenovoLegionLinux/kernel_module/* /usr/src/LenovoLegionLinux-1.0.0 -r && \ + dkms add -m LenovoLegionLinux -v 1.0.0 && \ + dkms build -m LenovoLegionLinux -v 1.0.0 -k $(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}') && \ + dkms install -m LenovoLegionLinux -v 1.0.0 -k $(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}') && \ + echo legion-laptop > /etc/modules-load.d/legion_laptop.conf && \ + rm -rf LenovoLegionLinux + +# The first check makes sure that we have exactly 4 gpg pubkeys trusted in the rpmdb (the ones from the base image). +# Any more than that means that dnf automatically added a new one, which is shady! +# Then: cleanup image for linting +# Finally: verify image is good +RUN [[ 4 -eq $(rpm -qa gpg-pubkey* | wc -l) ]] && \ + rm -rf /var /boot && mkdir /var /boot && \ + bootc container lint --fatal-warnings --skip baseimage-composefs diff --git a/Containerfile-supermicro-x10drh b/Containerfile-supermicro-x10drh new file mode 100644 index 0000000..cf600fb --- /dev/null +++ b/Containerfile-supermicro-x10drh @@ -0,0 +1,72 @@ +# ====== Stage 1: Builder image ====== +FROM fedora:latest AS builder + +RUN dnf5 update -y && dnf install -y git golang + +RUN git clone https://github.com/rfjakob/gocryptfs.git + +WORKDIR /gocryptfs + +RUN ./build-without-openssl.bash + +# ====== Stage 2: Server image ====== +FROM quay.io/fedora/fedora-silverblue:43 + +COPY --from=builder /gocryptfs/gocryptfs /usr/bin/gocryptfs + +# Install ZFS repository & build deps & zfs +RUN dnf5 install -y https://github.com/zfsonlinux/zfsonlinux.github.com/raw/master/fedora/zfs-release-3-0$(rpm --eval "%{dist}").noarch.rpm && \ + dnf5 install -y \ + kernel-devel kernel-devel-matched kernel-headers kernel-srpm-macros && \ + dnf5 install -y zfs && \ + dkms autoinstall -k $(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}') && \ + dnf5 clean all + +# Install zrepl repository +COPY supermicro-x10drh/zrepl.asc /var/roothome/zrepl.asc +RUN rpm --import /var/roothome/zrepl.asc +COPY supermicro-x10drh/zrepl.repo /etc/yum.repos.d/zrepl.repo + +# Install smallstep repository +COPY supermicro-x10drh/smallstep.repo /etc/yum.repos.d/smallstep.repo + +RUN dnf5 install -y \ + ansible \ + borgbackup \ + certbot \ + distrobox \ + fail2ban \ + fuse-encfs \ + fuse-sshfs \ + hddtemp \ + htop \ + iftop \ + iotop \ + ipmitool \ + libvirt \ + lm_sensors \ + net-tools \ + netcat \ + nginx \ + nut \ + pv \ + python3-certbot-nginx \ + qemu-kvm \ + rclone \ + screen \ + smartmontools \ + step-cli \ + strace \ + stress-ng \ + telnet \ + vim \ + zrepl-v0.6.0-1.x86_64 && \ + dnf5 clean all + +# Cleanup image for linting +RUN test -f /usr/lib/sysusers.d/libvirt.conf || echo -e 'g libvirt 963' > /usr/lib/sysusers.d/libvirt.conf && \ + test -f /usr/lib/sysusers.d/qat.conf || echo -e 'g qat 995' > /usr/lib/sysusers.d/qat.conf + +# Cleanup image for linting & verify image is good +RUN rm -rf /var /boot && mkdir /var /boot && \ + bootc container lint --fatal-warnings --skip baseimage-composefs diff --git a/lenovo-16arh7h/gpg-keys/RPM-GPG-KEY-rpmfusion-free-fedora-2020 b/gpg-keys/RPM-GPG-KEY-rpmfusion-free-fedora-2020 similarity index 100% rename from lenovo-16arh7h/gpg-keys/RPM-GPG-KEY-rpmfusion-free-fedora-2020 rename to gpg-keys/RPM-GPG-KEY-rpmfusion-free-fedora-2020 diff --git a/lenovo-16arh7h/gpg-keys/RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020 b/gpg-keys/RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020 similarity index 100% rename from lenovo-16arh7h/gpg-keys/RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020 rename to gpg-keys/RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020 diff --git a/lenovo-16arh7h/gpg-keys/public_key_proton.asc b/gpg-keys/public_key_proton.asc similarity index 100% rename from lenovo-16arh7h/gpg-keys/public_key_proton.asc rename to gpg-keys/public_key_proton.asc diff --git a/supermicro-x10drh/Containerfile b/supermicro-x10drh/Containerfile deleted file mode 100644 index 5251ed8..0000000 --- a/supermicro-x10drh/Containerfile +++ /dev/null @@ -1,83 +0,0 @@ -# ====== Stage 1: Builder image ====== -FROM fedora:latest AS builder - -RUN dnf update -y && dnf install -y git golang - -RUN git clone https://github.com/rfjakob/gocryptfs.git - -WORKDIR /gocryptfs - -RUN ./build-without-openssl.bash - -# ====== Stage 2: Server image ====== -FROM quay.io/fedora/fedora-silverblue:42 - -COPY --from=builder /gocryptfs/gocryptfs /usr/bin/gocryptfs - -# Install ZFS repository -RUN dnf install -y https://github.com/zfsonlinux/zfsonlinux.github.com/raw/master/fedora/zfs-release-2-8$(rpm --eval "%{dist}").noarch.rpm && \ - # cleanup and verification stage - dnf clean all - -# Install ZFS build deps -RUN dnf install -y \ - kernel-devel kernel-devel-matched kernel-headers kernel-srpm-macros && \ - # cleanup and verification stage - dnf clean all - -# Install zfs -RUN dnf install -y zfs && \ - dkms autoinstall -k $(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}') \ - && dnf clean all - -# Install zrepl repository -COPY zrepl.asc /var/roothome/zrepl.asc -RUN rpm --import /var/roothome/zrepl.asc -COPY zrepl.repo /etc/yum.repos.d/zrepl.repo - -# Install smallstep repository -COPY smallstep.repo /etc/yum.repos.d/smallstep.repo - -RUN dnf install -y \ - ansible \ - borgbackup \ - certbot \ - distrobox \ - fail2ban \ - fuse-encfs \ - fuse-sshfs \ - hddtemp \ - htop \ - iftop \ - iotop \ - ipmitool \ - libvirt \ - lm_sensors \ - net-tools \ - netcat \ - nginx \ - nut \ - pv \ - python3-certbot-nginx \ - qemu-kvm \ - rclone \ - screen \ - smartmontools \ - step-cli \ - strace \ - stress-ng \ - telnet \ - vim \ - zrepl-v0.6.0-1.x86_64 \ - && dnf clean all - -# Cleanup image for linting -RUN test -f /usr/lib/sysusers.d/libvirt.conf || echo -e 'g libvirt 963' > /usr/lib/sysusers.d/libvirt.conf && \ - test -f /usr/lib/sysusers.d/qat.conf || echo -e 'g qat 995' > /usr/lib/sysusers.d/qat.conf - -# Cleanup image for linting -RUN rm -rf /var && mkdir /var && \ - rm -rf /boot && mkdir /boot - -# Verify image is good -RUN bootc container lint --fatal-warnings --skip baseimage-composefs