ben/silverblue-images
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Adding asrock image, other minor tweaks

Browse Source
This commit is contained in:
Ben Radey
2025-11-15 11:48:35 -05:00
parent d12e6f2bb9
commit b51aeca341
8 changed files with 144 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/build.yml
+46 -7
View File
@@ -9,9 +9,8 @@ on:
env:
REGISTRY: ghcr.io
SERVER_IMAGE_NAME: "supermicro-x10drh"
SERVER_IMAGE_DIR: "supermicro-x10drh"
LAPTOP_IMAGE_NAME: "lenovo-16arh7h"
LAPTOP_IMAGE_DIR: "lenovo-16arh7h"
DESKTOP_IMAGE_NAME: "asrock-x570"
IMAGE_REGISTRY: ghcr.io/${{ github.repository_owner }}
REGISTRY_USER: ${{ github.actor }}
REGISTRY_PASSWORD: ${{ github.token }}
@@ -27,8 +26,7 @@ jobs:
- name: Build container image
uses: redhat-actions/buildah-build@v2.12
with:
context: ${{ env.SERVER_IMAGE_DIR }}
containerfiles: ${{ env.SERVER_IMAGE_DIR }}/Containerfile
containerfiles: Containerfile-${{ env.SERVER_IMAGE_NAME }}
image: ${{ env.SERVER_IMAGE_NAME }}
layers: false
oci: true
@@ -43,7 +41,7 @@ jobs:
password: ${{ env.REGISTRY_PASSWORD }}
extra-args: |
--disable-content-trust
lenovo-16arh7h:
asrock-x570:
runs-on: ubuntu-latest
steps:
- name: Free Disk Space (Ubuntu)
@@ -68,8 +66,48 @@ jobs:
- name: Build container image
uses: redhat-actions/buildah-build@v2.12
with:
context: ${{ env.LAPTOP_IMAGE_DIR }}
containerfiles: ${{ env.LAPTOP_IMAGE_DIR }}/Containerfile
containerfiles: Containerfile-${{ env.DESKTOP_IMAGE_NAME }}
image: ${{ env.DESKTOP_IMAGE_NAME }}
layers: false
oci: true
- name: Push to ghcr.io
uses: redhat-actions/push-to-registry@v2.7
with:
image: ${{ env.DESKTOP_IMAGE_NAME }}
tags: "latest"
registry: ${{ env.IMAGE_REGISTRY }}
username: ${{ env.REGISTRY_USER }}
password: ${{ env.REGISTRY_PASSWORD }}
extra-args: |
--disable-content-trust
lenovo-16arh7h:
needs: asrock-x570
runs-on: ubuntu-latest
steps:
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
with:
# this might remove tools that are actually needed,
# if set to "true" but frees about 6 GB
tool-cache: false
# all of these default to true, but feel free to set to
# "false" if necessary for your workflow
android: true
dotnet: true
haskell: true
large-packages: true
docker-images: false
swap-storage: true
- name: Checkout repo
uses: actions/checkout@v3
- name: Build container image
uses: redhat-actions/buildah-build@v2.12
with:
containerfiles: Containerfile-${{ env.LAPTOP_IMAGE_NAME }}
image: ${{ env.LAPTOP_IMAGE_NAME }}
layers: false
oci: true
@@ -84,3 +122,4 @@ jobs:
password: ${{ env.REGISTRY_PASSWORD }}
extra-args: |
--disable-content-trust
lenovo-16arh7h/Containerfile → Containerfile-asrock-x570
+1 -14
View File
@@ -22,7 +22,6 @@ RUN rpm --import \
blueman-nemo \
cinnamon \
distrobox \
dkms \
fuse-sshfs \
geany \
git \
@@ -34,14 +33,11 @@ RUN rpm --import \
libva-nvidia-driver \
numlockx \
nvtop \
python3-pyusb \
radeontop \
steam \
syncthing \
vim \
virt-manager \
vulkan-tools \
xinput && \
vulkan-tools && \
dnf5 swap -y ffmpeg-free ffmpeg --allowerasing && \
dnf5 swap -y mesa-va-drivers mesa-va-drivers-freeworld && \
dnf5 swap -y mesa-vdpau-drivers mesa-vdpau-drivers-freeworld && \
@@ -54,15 +50,6 @@ RUN rpm -q akmod-nvidia && rpm -q xorg-x11-drv-nvidia-cuda && rpm -q proton-vpn-
RUN /usr/sbin/akmods --force --kernels "$(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}')"
RUN git clone https://github.com/johnfanv2/LenovoLegionLinux.git && \
mkdir -p /usr/src/LenovoLegionLinux-1.0.0 && \
cp /LenovoLegionLinux/kernel_module/* /usr/src/LenovoLegionLinux-1.0.0 -r && \
dkms add -m LenovoLegionLinux -v 1.0.0 && \
dkms build -m LenovoLegionLinux -v 1.0.0 -k $(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}') && \
dkms install -m LenovoLegionLinux -v 1.0.0 -k $(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}') && \
echo legion-laptop > /etc/modules-load.d/legion_laptop.conf && \
rm -rf LenovoLegionLinux
# The first check makes sure that we have exactly 4 gpg pubkeys trusted in the rpmdb (the ones manually imported above).
# Any more than that means that dnf automatically added a new one, which is shady!
# Then: cleanup image for linting
Containerfile-lenovo-16arh7h
+25
View File
@@ -0,0 +1,25 @@
FROM ghcr.io/benradey/silverblue-asrock-x570:latest
RUN dnf5 install -y \
dkms \
python3-pyusb \
radeontop \
xinput && \
dnf5 clean all
RUN git clone https://github.com/johnfanv2/LenovoLegionLinux.git && \
mkdir -p /usr/src/LenovoLegionLinux-1.0.0 && \
cp /LenovoLegionLinux/kernel_module/* /usr/src/LenovoLegionLinux-1.0.0 -r && \
dkms add -m LenovoLegionLinux -v 1.0.0 && \
dkms build -m LenovoLegionLinux -v 1.0.0 -k $(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}') && \
dkms install -m LenovoLegionLinux -v 1.0.0 -k $(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}') && \
echo legion-laptop > /etc/modules-load.d/legion_laptop.conf && \
rm -rf LenovoLegionLinux
# The first check makes sure that we have exactly 4 gpg pubkeys trusted in the rpmdb (the ones from the base image).
# Any more than that means that dnf automatically added a new one, which is shady!
# Then: cleanup image for linting
# Finally: verify image is good
RUN [[ 4 -eq $(rpm -qa gpg-pubkey* | wc -l) ]] && \
rm -rf /var /boot && mkdir /var /boot && \
bootc container lint --fatal-warnings --skip baseimage-composefs
Containerfile-supermicro-x10drh
+72
View File
@@ -0,0 +1,72 @@
# ====== Stage 1: Builder image ======
FROM fedora:latest AS builder
RUN dnf5 update -y && dnf install -y git golang
RUN git clone https://github.com/rfjakob/gocryptfs.git
WORKDIR /gocryptfs
RUN ./build-without-openssl.bash
# ====== Stage 2: Server image ======
FROM quay.io/fedora/fedora-silverblue:43
COPY --from=builder /gocryptfs/gocryptfs /usr/bin/gocryptfs
# Install ZFS repository & build deps & zfs
RUN dnf5 install -y https://github.com/zfsonlinux/zfsonlinux.github.com/raw/master/fedora/zfs-release-3-0$(rpm --eval "%{dist}").noarch.rpm && \
dnf5 install -y \
kernel-devel kernel-devel-matched kernel-headers kernel-srpm-macros && \
dnf5 install -y zfs && \
dkms autoinstall -k $(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}') && \
dnf5 clean all
# Install zrepl repository
COPY supermicro-x10drh/zrepl.asc /var/roothome/zrepl.asc
RUN rpm --import /var/roothome/zrepl.asc
COPY supermicro-x10drh/zrepl.repo /etc/yum.repos.d/zrepl.repo
# Install smallstep repository
COPY supermicro-x10drh/smallstep.repo /etc/yum.repos.d/smallstep.repo
RUN dnf5 install -y \
ansible \
borgbackup \
certbot \
distrobox \
fail2ban \
fuse-encfs \
fuse-sshfs \
hddtemp \
htop \
iftop \
iotop \
ipmitool \
libvirt \
lm_sensors \
net-tools \
netcat \
nginx \
nut \
pv \
python3-certbot-nginx \
qemu-kvm \
rclone \
screen \
smartmontools \
step-cli \
strace \
stress-ng \
telnet \
vim \
zrepl-v0.6.0-1.x86_64 && \
dnf5 clean all
# Cleanup image for linting
RUN test -f /usr/lib/sysusers.d/libvirt.conf || echo -e 'g libvirt 963' > /usr/lib/sysusers.d/libvirt.conf && \
test -f /usr/lib/sysusers.d/qat.conf || echo -e 'g qat 995' > /usr/lib/sysusers.d/qat.conf
# Cleanup image for linting & verify image is good
RUN rm -rf /var /boot && mkdir /var /boot && \
bootc container lint --fatal-warnings --skip baseimage-composefs
lenovo-16arh7h/gpg-keys/RPM-GPG-KEY-rpmfusion-free-fedora-2020 → gpg-keys/RPM-GPG-KEY-rpmfusion-free-fedora-2020
View File
lenovo-16arh7h/gpg-keys/RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020 → gpg-keys/RPM-GPG-KEY-rpmfusion-nonfree-fedora-2020
View File
lenovo-16arh7h/gpg-keys/public_key_proton.asc → gpg-keys/public_key_proton.asc
View File
supermicro-x10drh/Containerfile
-83
View File
@@ -1,83 +0,0 @@
# ====== Stage 1: Builder image ======
FROM fedora:latest AS builder
RUN dnf update -y && dnf install -y git golang
RUN git clone https://github.com/rfjakob/gocryptfs.git
WORKDIR /gocryptfs
RUN ./build-without-openssl.bash
# ====== Stage 2: Server image ======
FROM quay.io/fedora/fedora-silverblue:42
COPY --from=builder /gocryptfs/gocryptfs /usr/bin/gocryptfs
# Install ZFS repository
RUN dnf install -y https://github.com/zfsonlinux/zfsonlinux.github.com/raw/master/fedora/zfs-release-2-8$(rpm --eval "%{dist}").noarch.rpm && \
# cleanup and verification stage
dnf clean all
# Install ZFS build deps
RUN dnf install -y \
kernel-devel kernel-devel-matched kernel-headers kernel-srpm-macros && \
# cleanup and verification stage
dnf clean all
# Install zfs
RUN dnf install -y zfs && \
dkms autoinstall -k $(rpm -qa kernel --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}') \
&& dnf clean all
# Install zrepl repository
COPY zrepl.asc /var/roothome/zrepl.asc
RUN rpm --import /var/roothome/zrepl.asc
COPY zrepl.repo /etc/yum.repos.d/zrepl.repo
# Install smallstep repository
COPY smallstep.repo /etc/yum.repos.d/smallstep.repo
RUN dnf install -y \
ansible \
borgbackup \
certbot \
distrobox \
fail2ban \
fuse-encfs \
fuse-sshfs \
hddtemp \
htop \
iftop \
iotop \
ipmitool \
libvirt \
lm_sensors \
net-tools \
netcat \
nginx \
nut \
pv \
python3-certbot-nginx \
qemu-kvm \
rclone \
screen \
smartmontools \
step-cli \
strace \
stress-ng \
telnet \
vim \
zrepl-v0.6.0-1.x86_64 \
&& dnf clean all
# Cleanup image for linting
RUN test -f /usr/lib/sysusers.d/libvirt.conf || echo -e 'g libvirt 963' > /usr/lib/sysusers.d/libvirt.conf && \
test -f /usr/lib/sysusers.d/qat.conf || echo -e 'g qat 995' > /usr/lib/sysusers.d/qat.conf
# Cleanup image for linting
RUN rm -rf /var && mkdir /var && \
rm -rf /boot && mkdir /boot
# Verify image is good
RUN bootc container lint --fatal-warnings --skip baseimage-composefs