fix: reduce rebuild interval to weekly

.github/workflows/build.yml

@@ -3,7 +3,7 @@ name: Build container image
 on:
   pull_request:
   schedule:
-    - cron: '30 1 * * *'
+    - cron: '30 1 1 * *'
   push:
     paths:
       - "Containerfile"

Containerfile

@@ -1,23 +1,10 @@
 FROM scratch AS ctx
 COPY build_files /
 
-FROM ghcr.io/ublue-os/akmods:main-43 AS akmods
-
-FROM ghcr.io/ublue-os/akmods-nvidia-open:main-43 AS akmods_nvidia
-
-FROM ghcr.io/ublue-os/base-main:43
+FROM ghcr.io/ublue-os/base-nvidia:43
 
 RUN rm -r /opt && mkdir /opt
 
-RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
-    --mount=type=cache,dst=/var/cache \
-    --mount=type=cache,dst=/var/log \
-    --mount=type=tmpfs,dst=/tmp \
-    --mount=type=bind,from=akmods,src=/rpms/ublue-os,dst=/tmp/akmods-rpms \
-    --mount=type=bind,from=akmods,src=/kernel-rpms,dst=/tmp/kernel-rpms \
-    --mount=type=bind,from=akmods_nvidia,src=/rpms,dst=/tmp/akmods-nv-rpms \
-    /ctx/00_nvidia.sh
-
 RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
     --mount=type=cache,dst=/var/cache \
     --mount=type=cache,dst=/var/log \
@@ -38,10 +25,4 @@ RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
     --mount=type=tmpfs,dst=/tmp \
     /ctx/03_post_desktop.sh
 
-RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
-    --mount=type=cache,dst=/var/cache \
-    --mount=type=cache,dst=/var/log \
-    --mount=type=tmpfs,dst=/tmp \
-    /ctx/04_initramfs.sh
-
 RUN bootc container lint

build_files/00_nvidia.sh

@@ -1,103 +0,0 @@
-#!/bin/bash
-
-set -ouex pipefail
-
-FRELEASE="$(rpm -E %fedora)"
-: "${AKMODNV_PATH:=/tmp/akmods-nv-rpms}"
-
-
-# this is only to aid in human understanding of any issues in CI
-find "${AKMODNV_PATH}"/
-
-if ! command -v dnf5 >/dev/null; then
-    echo "Requires dnf5... Exiting"
-    exit 1
-fi
-
-# Check if any rpmfusion repos exist before trying to disable them
-if dnf5 repolist --all | grep -q rpmfusion; then
-    dnf5 config-manager setopt "rpmfusion*".enabled=0
-fi
-
-# Always try to disable cisco repo (or add similar check)
-dnf5 config-manager setopt fedora-cisco-openh264.enabled=0
-
-## nvidia install steps
-dnf5 install -y "${AKMODNV_PATH}"/ublue-os/ublue-os-nvidia-addons-*.rpm
-
-# Install MULTILIB packages from negativo17-multimedia prior to disabling repo
-
-MULTILIB=(
-    mesa-dri-drivers.i686
-    mesa-filesystem.i686
-    mesa-libEGL.i686
-    mesa-libGL.i686
-    mesa-libgbm.i686
-    mesa-va-drivers.i686
-    mesa-vulkan-drivers.i686
-)
-
-dnf5 install -y "${MULTILIB[@]}"
-
-# enable repos provided by ublue-os-nvidia-addons (not enabling fedora-nvidia-lts)
-dnf5 config-manager setopt fedora-nvidia.enabled=1 nvidia-container-toolkit.enabled=1
-
-# Disable Multimedia
-NEGATIVO17_MULT_PREV_ENABLED=N
-if dnf5 repolist --enabled | grep -q "fedora-multimedia"; then
-    NEGATIVO17_MULT_PREV_ENABLED=Y
-    echo "disabling negativo17-fedora-multimedia to ensure negativo17-fedora-nvidia is used"
-    dnf5 config-manager setopt fedora-multimedia.enabled=0
-fi
-
-# Enable staging for supergfxctl if repo file exists
-if [[ -f /etc/yum.repos.d/_copr_ublue-os-staging.repo ]]; then
-    sed -i 's@enabled=0@enabled=1@g' /etc/yum.repos.d/_copr_ublue-os-staging.repo
-else
-    # Otherwise, retrieve the repo file for staging
-    curl -Lo /etc/yum.repos.d/_copr_ublue-os-staging.repo https://copr.fedorainfracloud.org/coprs/ublue-os/staging/repo/fedora-"${FRELEASE}"/ublue-os-staging-fedora-"${FRELEASE}".repo
-fi
-
-source "${AKMODNV_PATH}"/kmods/nvidia-vars
-
-dnf5 install -y \
-    libnvidia-fbc \
-    libnvidia-ml.i686 \
-    libva-nvidia-driver \
-    nvidia-driver \
-    nvidia-driver-cuda \
-    nvidia-driver-cuda-libs.i686 \
-    nvidia-driver-libs.i686 \
-    nvidia-settings \
-    nvidia-container-toolkit \
-    "${AKMODNV_PATH}"/kmods/kmod-nvidia-"${KERNEL_VERSION}"-"${NVIDIA_AKMOD_VERSION}"."${DIST_ARCH}".rpm
-
-# Ensure the version of the Nvidia module matches the driver
-KMOD_VERSION="$(rpm -q --queryformat '%{VERSION}' kmod-nvidia)"
-DRIVER_VERSION="$(rpm -q --queryformat '%{VERSION}' nvidia-driver)"
-if [ "$KMOD_VERSION" != "$DRIVER_VERSION" ]; then
-    echo "Error: kmod-nvidia version ($KMOD_VERSION) does not match nvidia-driver version ($DRIVER_VERSION)"
-    exit 1
-fi
-
-## nvidia post-install steps
-# disable repos provided by ublue-os-nvidia-addons
-dnf5 config-manager setopt fedora-nvidia.enabled=0 fedora-nvidia-lts.enabled=0 nvidia-container-toolkit.enabled=0
-
-# Disable staging
-sed -i 's@enabled=1@enabled=0@g' /etc/yum.repos.d/_copr_ublue-os-staging.repo
-
-systemctl enable ublue-nvctk-cdi.service
-semodule --verbose --install /usr/share/selinux/packages/nvidia-container.pp
-
-# Universal Blue specific Initramfs fixes
-cp /etc/modprobe.d/nvidia-modeset.conf /usr/lib/modprobe.d/nvidia-modeset.conf
-# we must force driver load to fix black screen on boot for nvidia desktops
-sed -i 's@omit_drivers@force_drivers@g' /usr/lib/dracut/dracut.conf.d/99-nvidia.conf
-# as we need forced load, also mustpre-load intel/amd iGPU else chromium web browsers fail to use hardware acceleration
-sed -i 's@ nvidia @ i915 amdgpu nvidia @g' /usr/lib/dracut/dracut.conf.d/99-nvidia.conf
-
-# re-enable negativo17-mutlimedia since we disabled it
-if [[ "${NEGATIVO17_MULT_PREV_ENABLED}" = "Y" ]]; then
-    dnf5 config-manager setopt fedora-multimedia.enabled=1
-fi

build_files/01_pre_desktop.sh

@@ -9,5 +9,5 @@ echo "LANG=de_DE.UTF-8" >> /etc/default/locale
 ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime
 ln -s /usr/bin/xdg-open /usr/bin/open
 
-dnf5 update -y --setopt=install_weak_deps=False
+# dnf5 update -y --setopt=install_weak_deps=False --setopt=install_deps=False
 dnf5 install -y man-pages man-db glibc-langpack-en glibc-langpack-de default-fonts-cjk plymouth git

build_files/02_gnome.sh

@@ -4,8 +4,6 @@ set -ouex pipefail
 
 dnf5 install -y --setopt=exclude=gnome-tour,malcontent-control \
     gnome-shell \
-    gnome-keyring \
-    gnome-keyring-pam \
     gnome-terminal \
     gnome-bluetooth \
     gnome-calculator \
@@ -16,9 +14,7 @@ dnf5 install -y --setopt=exclude=gnome-tour,malcontent-control \
     gnome-shell-extension-appindicator
 dnf5 install -y  \
     totem \
-    nautilus \
     seahorse \
-    evolution \
     gstreamer1-plugin-libav
 
 git clone https://github.com/Tudmotu/gnome-shell-extension-clipboard-indicator.git /usr/share/gnome-shell/extensions/clipboard-indicator@tudmotu.com

build_files/02_hyprland.sh

@@ -2,5 +2,41 @@
 
 set -ouex pipefail
 
-dnf5 copr enable -y solopasha/hyprland
-dnf5 install -y hyprland
+dnf5 install -y pacman
+
+pacman -Sy && \
+PACMAN_TZDATA=$(pacman -Q tzdata | sed 's/ /=/') && \
+PACMAN_FILESYSTEM=$(pacman -Q filesystem | sed 's/ /=/') && \
+PACMAN_GLIBC=$(pacman -Q glibc | sed 's/ /=/') && \
+PACMAN_LIBGCC=$(pacman -Q libgcc | sed 's/ /=/') && \
+PACMAN_LIBGOMP=$(pacman -Q libgomp | sed 's/ /=/') && \
+PACMAN_LIBSTDCPP=$(pacman -Q libstdc++ | sed 's/ /=/') && \
+PACMAN_NCURSES=$(pacman -Q ncurses | sed 's/ /=/') && \
+PACMAN_READLINE=$(pacman -Q readline | sed 's/ /=/') && \
+PACMAN_BASH=$(pacman -Q bash | sed 's/ /=/') && \
+PACMAN_EXPAT=$(pacman -Q expat | sed 's/ /=/') && \
+PACMAN_BZIP2=$(pacman -Q bzip2 | sed 's/ /=/') && \
+PACMAN_ZLIB=$(pacman -Q zlib | sed 's/ /=/') && \
+PACMAN_LIBPNG=$(pacman -Q libpng | sed 's/ /=/') && \
+PACMAN_FONTCONFIG=$(pacman -Q fontconfig | sed 's/ /=/') && \
+AI="--assume-installed" && \
+PACMAN_ASSUME_INSTALLED="$AI $PACMAN_TZDATA $AI $PACMAN_FILESYSTEM $AI $PACMAN_GLIBC $AI $PACMAN_LIBGCC $AI $PACMAN_LIBGOMP $AI $PACMAN_LIBSTDCPP $AI $PACMAN_NCURSES $AI $PACMAN_READLINE $AI $PACMAN_BASH $AI $PACMAN_EXPAT $AI $PACMAN_BZIP2 $AI $PACMAN_ZLIB $AI $PACMAN_LIBPNG $AI $PACMAN_FONTCONFIG" \
+yes | pacman -Sy --assume-installed $PACMAN_ASSUME_INSTALLED \
+	librsvg
+
+yes | pacman -Sy --assume-installed $PACMAN_ASSUME_INSTALLED \
+	hyprland \
+	hypridle \
+	hyprlock \
+	hyprshot \
+	hyprpolkitagent \
+	cliphist
+
+dnf5 copr enable -y erikreider/SwayNotificationCenter
+dnf5 install -y \
+    waybar \
+    pavucontrol \
+    SwayNotificationCenter-git \
+    foot
+
+echo 'if [[ $(ps aux | grep hyprland | wc -l) -eq 1 ]]; then cd $HOME && echo "launch hyprland?" && read && systemd-run --user --service-type=exec --unit=hyprland --description="hyprland start service" hyprland ; fi' >> /etc/profile.d/launch_hyprland.sh

build_files/03_post_desktop.sh

@@ -3,6 +3,9 @@
 set -ouex pipefail
 
 dnf5 install -y \
+    gnome-keyring \
+    gnome-keyring-pam \
+    evolution \
     fzf \
     vlc \
     curl \
@@ -17,6 +20,7 @@ dnf5 install -y \
     flatpak \
     chromium \
     pciutils \
+    nautilus \
     tailscale \
     podman-compose \
     netcat tor torbrowser-launcher \
@@ -43,3 +47,6 @@ dnf5 install -y https://launchpad.net/veracrypt/trunk/1.26.24/+download/veracryp
 
 dnf5 remove  -y rpmfusion-free-release rpmfusion-nonfree-release
 dnf5 clean all
+
+cp /ctx/login /etc/pam.d
+

build_files/04_initramfs.sh

@@ -1,10 +0,0 @@
-#!/usr/bin/bash
-
-set -eoux pipefail
-
-KERNEL_VERSION="$(rpm -q --queryformat="%{evr}.%{arch}" kernel-core)"
-
-# Ensure Initramfs is generated
-export DRACUT_NO_XATTR=1
-/usr/bin/dracut --no-hostonly --kver "${KERNEL_VERSION}" --reproducible -v --add ostree -f "/lib/modules/${KERNEL_VERSION}/initramfs.img"
-chmod 0600 "/lib/modules/${KERNEL_VERSION}/initramfs.img"

build_files/login

@@ -0,0 +1,18 @@
+#%PAM-1.0
+auth       substack     system-auth
+auth       include      postlogin
+auth       optional	pam_gnome_keyring.so
+account    required     pam_nologin.so
+account    include      system-auth
+password   include      system-auth
+# pam_selinux.so close should be the first session rule
+session    required     pam_selinux.so close
+session    required     pam_loginuid.so
+# pam_selinux.so open should only be followed by sessions to be executed in the user context
+session    required     pam_selinux.so open
+session    required     pam_namespace.so
+session    optional     pam_keyinit.so force revoke
+session    include      system-auth
+session    include      postlogin
+-session   optional     pam_ck_connector.so
+session    optional	pam_gnome_keyring.so auto_start