fix: reduce rebuild interval to weekly

.github/workflows/build.yml

@@ -2,15 +2,12 @@
 name: Build container image
 on:
   pull_request:
-    branches:
-      - main
   schedule:
-    - cron: '30 1 * * *'
+    - cron: '30 1 1 * *'
   push:
-    branches:
+    paths:
-      - main
+      - "Containerfile"
-    paths-ignore:
+      - "build_files/**"
-      - '**/README.md'
   workflow_dispatch:
 
 env:
@@ -28,6 +25,12 @@ jobs:
   build_push:
     name: Build and push image
     runs-on: ubuntu-24.04
+    strategy:
+      fail-fast: false
+      matrix:
+        desktop_environment:
+          - gnome
+          - hyprland
 
     permissions:
       contents: read
@@ -65,9 +68,8 @@ jobs:
         id: metadata
         with:
           tags: |
-            type=raw,value=${{ env.DEFAULT_TAG }}
+            type=raw,value=${{ github.ref_name }}.${{ matrix.desktop_environment }}.${{ env.DEFAULT_TAG }}
-            type=raw,value=${{ env.DEFAULT_TAG }}.{{date 'YYYYMMDD-HHmm'}}
+            type=raw,value=${{ github.ref_name }}.${{ matrix.desktop_environment }}.{{date 'YYYYMMDD-HHmm'}}
-            type=raw,value={{date 'YYYYMMDD-HHmm'}}
             type=sha,enable=${{ github.event_name == 'pull_request' }}
             type=ref,event=pr
           labels: |
@@ -79,7 +81,7 @@ jobs:
             org.opencontainers.image.title=${{ env.IMAGE_NAME }}
             org.opencontainers.image.url=https://github.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/tree/${{ github.sha }}
             org.opencontainers.image.vendor=${{ github.repository_owner }}
-            org.opencontainers.image.version=${{ env.DEFAULT_TAG }}.{{date 'YYYYMMDD-HHmm'}}
+            org.opencontainers.image.version=${{ github.ref_name }}.${{ matrix.desktop_environment }}.{{date 'YYYYMMDD-HHmm'}}
             io.artifacthub.package.deprecated=false
             io.artifacthub.package.keywords=${{ env.IMAGE_KEYWORDS }}
             io.artifacthub.package.license=Apache-2.0
@@ -99,10 +101,12 @@ jobs:
           tags: ${{ steps.metadata.outputs.tags }}
           labels: ${{ steps.metadata.outputs.labels }}
           oci: false
+          build-args: |
+            DESKTOP_ENVIRONMENT=${{ matrix.desktop_environment }}
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3
-        if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
+        if: github.event_name != 'pull_request'
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -110,7 +114,7 @@ jobs:
 
       - name: Push To GHCR
         uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2
-        if: github.event_name != 'pull_request' && github.ref == format('refs/heads/{0}', github.event.repository.default_branch)
+        if: github.event_name != 'pull_request'
         id: push
         env:
           REGISTRY_USER: ${{ github.actor }}

Containerfile

@@ -1,19 +1,28 @@
 FROM scratch AS ctx
 COPY build_files /
 
-FROM ghcr.io/ublue-os/akmods-nvidia-open:main-43 AS nvidia-kernel
+FROM ghcr.io/ublue-os/base-nvidia:43
-FROM ghcr.io/bazzite-org/nvidia-drivers:latest-f43-x86_64 AS nvidia-packages
-
-FROM quay.io/fedora/fedora-bootc:43
 
 RUN rm -r /opt && mkdir /opt
 
 RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
-    --mount=type=bind,from=nvidia-kernel,source=/,target=/nvidia-kernel \
-    --mount=type=bind,from=nvidia-packages,src=/,dst=/nvidia-packages \
     --mount=type=cache,dst=/var/cache \
     --mount=type=cache,dst=/var/log \
     --mount=type=tmpfs,dst=/tmp \
-    /ctx/build.sh
+    /ctx/01_pre_desktop.sh
+
+ARG DESKTOP_ENVIRONMENT="gnome"
+
+RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
+    --mount=type=cache,dst=/var/cache \
+    --mount=type=cache,dst=/var/log \
+    --mount=type=tmpfs,dst=/tmp \
+    /ctx/02_${DESKTOP_ENVIRONMENT}.sh
+
+RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
+    --mount=type=cache,dst=/var/cache \
+    --mount=type=cache,dst=/var/log \
+    --mount=type=tmpfs,dst=/tmp \
+    /ctx/03_post_desktop.sh
 
 RUN bootc container lint

Makefile

@@ -1,10 +1,14 @@
 clean:
 	sudo rm -fr flathub output output-repo
 	sudo podman system prune
+	for container in $$(sudo podman container list --external --format "{{.ID}}"); do sudo podman rm --force $$container; done
 
 oci:
 	sudo podman build --network=host -t podman-image .
 
+oci_hyprland:
+	sudo podman build --network=host -t podman-image-hyprland --build-arg DESKTOP_ENVIRONMENT=hyprland .
+
 CONTAINER_IMAGE=localhost/podman-image
 FILESYSTEM_TYPE=ext4
 qcow:

README.md

@@ -39,6 +39,7 @@ It is possible to keep a revision by pinning it: `ostree admin pin 0`
 
 - man
 - langpacks: en, de
+- default-fonts-cjk
 - Gnome + Software
 - curl
 - git
@@ -52,7 +53,42 @@ It is possible to keep a revision by pinning it: `ostree admin pin 0`
 - direnv
 - xsel
 - ffmpeg
+- pandoc
+- ansible
+- sqlite
+- netcat
+- tor & torbrowser-launcher
+- podman compose
+- hugo
 - Flatpak (with default repository configured)
 - Chromium
+- Veracrypt
 - VSCode
 - NVIDIA Drivers
+
+## Referenced Sources for NVIDIA Driver Installation
+
+### NVIDIA
+
+- https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/install-guide.html
+- https://docs.nvidia.com/cuda/cuda-installation-guide-linux/index.html#handle-uninstallation
+- https://developer.nvidia.com/cuda-downloads
+
+### ublue-os
+
+- https://github.com/ublue-os/main
+- https://github.com/ublue-os/akmods
+- https://github.com/ublue-os/hwe/pkgs/container/akmods-nvidia
+
+### RPM Fusion
+
+- https://rpmfusion.org/Howto/NVIDIA
+
+### Bluefin
+
+- https://github.com/ublue-os/bluefin/blob/main/build_files/base/03-install-kernel-akmods.sh
+- https://github.com/ublue-os/bluefin/blob/main/build_files/base/19-initramfs.sh
+
+### Notes
+
+Those also include links that didn't work out in the end for various reasons, the one I use now is based on ublue-os/main scripts.

build_files/01_pre_desktop.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -ouex pipefail
+
+cp /ctx/bootc-fetch-apply-updates.service /usr/lib/systemd/system/bootc-fetch-apply-updates.service
+cp /ctx/os-release /usr/lib/os-release
+
+echo "LANG=de_DE.UTF-8" >> /etc/default/locale
+ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime
+ln -s /usr/bin/xdg-open /usr/bin/open
+
+# dnf5 update -y --setopt=install_weak_deps=False --setopt=install_deps=False
+dnf5 install -y man-pages man-db glibc-langpack-en glibc-langpack-de default-fonts-cjk plymouth git

build_files/02_gnome.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -ouex pipefail
+
+dnf5 install -y --setopt=exclude=gnome-tour,malcontent-control \
+    gnome-shell \
+    gnome-terminal \
+    gnome-bluetooth \
+    gnome-calculator \
+    gnome-disk-utility \
+    gnome-extensions-app \
+    gnome-browser-connector \
+    gnome-backgrounds \
+    gnome-shell-extension-appindicator
+dnf5 install -y  \
+    totem \
+    seahorse \
+    gstreamer1-plugin-libav
+
+git clone https://github.com/Tudmotu/gnome-shell-extension-clipboard-indicator.git /usr/share/gnome-shell/extensions/clipboard-indicator@tudmotu.com

build_files/02_hyprland.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+
+set -ouex pipefail
+
+dnf5 install -y pacman
+
+pacman -Sy && \
+PACMAN_TZDATA=$(pacman -Q tzdata | sed 's/ /=/') && \
+PACMAN_FILESYSTEM=$(pacman -Q filesystem | sed 's/ /=/') && \
+PACMAN_GLIBC=$(pacman -Q glibc | sed 's/ /=/') && \
+PACMAN_LIBGCC=$(pacman -Q libgcc | sed 's/ /=/') && \
+PACMAN_LIBGOMP=$(pacman -Q libgomp | sed 's/ /=/') && \
+PACMAN_LIBSTDCPP=$(pacman -Q libstdc++ | sed 's/ /=/') && \
+PACMAN_NCURSES=$(pacman -Q ncurses | sed 's/ /=/') && \
+PACMAN_READLINE=$(pacman -Q readline | sed 's/ /=/') && \
+PACMAN_BASH=$(pacman -Q bash | sed 's/ /=/') && \
+PACMAN_EXPAT=$(pacman -Q expat | sed 's/ /=/') && \
+PACMAN_BZIP2=$(pacman -Q bzip2 | sed 's/ /=/') && \
+PACMAN_ZLIB=$(pacman -Q zlib | sed 's/ /=/') && \
+PACMAN_LIBPNG=$(pacman -Q libpng | sed 's/ /=/') && \
+PACMAN_FONTCONFIG=$(pacman -Q fontconfig | sed 's/ /=/') && \
+AI="--assume-installed" && \
+PACMAN_ASSUME_INSTALLED="$AI $PACMAN_TZDATA $AI $PACMAN_FILESYSTEM $AI $PACMAN_GLIBC $AI $PACMAN_LIBGCC $AI $PACMAN_LIBGOMP $AI $PACMAN_LIBSTDCPP $AI $PACMAN_NCURSES $AI $PACMAN_READLINE $AI $PACMAN_BASH $AI $PACMAN_EXPAT $AI $PACMAN_BZIP2 $AI $PACMAN_ZLIB $AI $PACMAN_LIBPNG $AI $PACMAN_FONTCONFIG" \
+yes | pacman -Sy --assume-installed $PACMAN_ASSUME_INSTALLED \
+	librsvg
+
+yes | pacman -Sy --assume-installed $PACMAN_ASSUME_INSTALLED \
+	hyprland \
+	hypridle \
+	hyprlock \
+	hyprshot \
+	hyprpolkitagent \
+	cliphist
+
+dnf5 copr enable -y erikreider/SwayNotificationCenter
+dnf5 install -y \
+    waybar \
+    pavucontrol \
+    SwayNotificationCenter-git \
+    foot
+
+echo 'if [[ $(ps aux | grep hyprland | wc -l) -eq 1 ]]; then cd $HOME && echo "launch hyprland?" && read && systemd-run --user --service-type=exec --unit=hyprland --description="hyprland start service" hyprland ; fi' >> /etc/profile.d/launch_hyprland.sh

build_files/03_post_desktop.sh

@@ -0,0 +1,52 @@
+#!/bin/bash
+
+set -ouex pipefail
+
+dnf5 install -y \
+    gnome-keyring \
+    gnome-keyring-pam \
+    evolution \
+    fzf \
+    vlc \
+    curl \
+    btop \
+    tmux \
+    make \
+    xsel \
+    7zip \
+    nvtop \
+    direnv \
+    sqlite \
+    flatpak \
+    chromium \
+    pciutils \
+    nautilus \
+    tailscale \
+    podman-compose \
+    netcat tor torbrowser-launcher \
+    ansible-core ansible-collection-community-general \
+    pandoc-common pandoc-pdf texlive-collection-langgerman \
+    hugo
+
+flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
+
+systemctl enable tailscaled.service
+systemctl disable sshd.service
+
+# Install VSCode: https://packages.microsoft.com/yumrepos/vscode/
+curl -fsSLo /etc/yum.repos.d/vscode.repo https://packages.microsoft.com/yumrepos/vscode/config.repo
+rpm-ostree install code
+rm /etc/yum.repos.d/vscode.repo
+
+dnf5 install -y https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
+                https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
+dnf5 install -y --allowerasing ffmpeg x265-libs
+
+# Install Veracrypt: https://veracrypt.io/en/Downloads.html
+dnf5 install -y https://launchpad.net/veracrypt/trunk/1.26.24/+download/veracrypt-1.26.24-Fedora-40-x86_64.rpm
+
+dnf5 remove  -y rpmfusion-free-release rpmfusion-nonfree-release
+dnf5 clean all
+
+cp /ctx/login /etc/pam.d
+

build_files/build.sh

@@ -1,42 +0,0 @@
-#!/bin/bash
-
-set -ouex pipefail
-cp /ctx/bootc-fetch-apply-updates.service /usr/lib/systemd/system/bootc-fetch-apply-updates.service
-cp /ctx/os-release /usr/lib/os-release
-
-dnf5 update -y
-dnf5 install -y man-pages man-db glibc-langpack-en glibc-langpack-de plymouth
-dnf5 install -y --setopt=exclude=gnome-tour,malcontent-control gnome-shell gnome-keyring gnome-keyring-pam gnome-bluetooth gnome-terminal nautilus seahorse evolution totem gstreamer1-plugin-libav gnome-extensions-app gnome-browser-connector gnome-shell-extension-appindicator
-dnf5 install -y gnome-calculator gnome-disk-utility gnome-backgrounds
-dnf5 install -y curl git btop nvtop tmux flatpak pciutils tailscale make fzf direnv xsel chromium 7zip
-git clone https://github.com/Tudmotu/gnome-shell-extension-clipboard-indicator.git /usr/share/gnome-shell/extensions/clipboard-indicator@tudmotu.com
-flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
-echo "LANG=de_DE.UTF-8" >> /etc/default/locale
-ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime
-ln -s /usr/bin/xdg-open /usr/bin/open
-systemctl enable tailscaled.service
-systemctl disable sshd.service
-# Install VSCode: https://packages.microsoft.com/yumrepos/vscode/
-curl -fsSLo /etc/yum.repos.d/vscode.repo https://packages.microsoft.com/yumrepos/vscode/config.repo
-rpm-ostree install code
-rm /etc/yum.repos.d/vscode.repo
-
-dnf5 install -y https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
-                https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
-dnf5 install -y --allowerasing ffmpeg x265-libs
-
-# https://rpmfusion.org/Howto/NVIDIA
-# https://www.tecmint.com/install-nvidia-drivers-in-linux
-# https://github.com/ublue-os/akmods
-# https://github.com/ublue-os/bazzite
-# https://github.com/Comprehensive-Wall28/Nvidia-Fedora-Guide
-# this is a combination of bazzite & ublue-os nvidia installation
-# there is probably a better way to do it, but this works (I hope)
-dnf install -y \
-    /nvidia-kernel/rpms/ublue-os/ublue-os-nvidia*.rpm \
-    /nvidia-kernel/rpms/kmods/kmod-nvidia*.rpm \
-    /nvidia-packages/nvidia-kmod-common-* \
-    /nvidia-packages/nvidia-modprobe-5*
-
-dnf5 remove  -y rpmfusion-free-release rpmfusion-nonfree-release
-dnf5 clean all

build_files/login

@@ -0,0 +1,18 @@
+#%PAM-1.0
+auth       substack     system-auth
+auth       include      postlogin
+auth       optional	pam_gnome_keyring.so
+account    required     pam_nologin.so
+account    include      system-auth
+password   include      system-auth
+# pam_selinux.so close should be the first session rule
+session    required     pam_selinux.so close
+session    required     pam_loginuid.so
+# pam_selinux.so open should only be followed by sessions to be executed in the user context
+session    required     pam_selinux.so open
+session    required     pam_namespace.so
+session    optional     pam_keyinit.so force revoke
+session    include      system-auth
+session    include      postlogin
+-session   optional     pam_ck_connector.so
+session    optional	pam_gnome_keyring.so auto_start