fix: move nautilus to post desktop

.github/workflows/build.yml

@@ -25,6 +25,12 @@ jobs:
   build_push:
     name: Build and push image
     runs-on: ubuntu-24.04
+    strategy:
+      fail-fast: false
+      matrix:
+        desktop_environment:
+          - gnome
+          - hyprland
 
     permissions:
       contents: read
@@ -62,8 +68,8 @@ jobs:
         id: metadata
         with:
           tags: |
-            type=raw,value=${{ github.ref_name }}.${{ env.DEFAULT_TAG }}
-            type=raw,value=${{ github.ref_name }}.{{date 'YYYYMMDD-HHmm'}}
+            type=raw,value=${{ github.ref_name }}.${{ matrix.desktop_environment }}.${{ env.DEFAULT_TAG }}
+            type=raw,value=${{ github.ref_name }}.${{ matrix.desktop_environment }}.{{date 'YYYYMMDD-HHmm'}}
             type=sha,enable=${{ github.event_name == 'pull_request' }}
             type=ref,event=pr
           labels: |
@@ -75,7 +81,7 @@ jobs:
             org.opencontainers.image.title=${{ env.IMAGE_NAME }}
             org.opencontainers.image.url=https://github.com/${{ github.repository_owner }}/${{ env.IMAGE_NAME }}/tree/${{ github.sha }}
             org.opencontainers.image.vendor=${{ github.repository_owner }}
-            org.opencontainers.image.version=${{ github.ref_name }}.{{date 'YYYYMMDD-HHmm'}}
+            org.opencontainers.image.version=${{ github.ref_name }}.${{ matrix.desktop_environment }}.{{date 'YYYYMMDD-HHmm'}}
             io.artifacthub.package.deprecated=false
             io.artifacthub.package.keywords=${{ env.IMAGE_KEYWORDS }}
             io.artifacthub.package.license=Apache-2.0
@@ -95,6 +101,8 @@ jobs:
           tags: ${{ steps.metadata.outputs.tags }}
           labels: ${{ steps.metadata.outputs.labels }}
           oci: false
+          build-args: |
+            DESKTOP_ENVIRONMENT=${{ matrix.desktop_environment }}
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3

Containerfile

@@ -1,7 +1,7 @@
 FROM scratch AS ctx
 COPY build_files /
 
-FROM ghcr.io/ublue-os/base-main:42
+FROM ghcr.io/ublue-os/base-nvidia:43
 
 RUN rm -r /opt && mkdir /opt
 
@@ -9,18 +9,20 @@ RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
     --mount=type=cache,dst=/var/cache \
     --mount=type=cache,dst=/var/log \
     --mount=type=tmpfs,dst=/tmp \
-    /ctx/nvidia.sh
+    /ctx/01_pre_desktop.sh
+
+ARG DESKTOP_ENVIRONMENT="gnome"
 
 RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
     --mount=type=cache,dst=/var/cache \
     --mount=type=cache,dst=/var/log \
     --mount=type=tmpfs,dst=/tmp \
-    /ctx/build.sh
+    /ctx/02_${DESKTOP_ENVIRONMENT}.sh
 
 RUN --mount=type=bind,from=ctx,source=/,target=/ctx \
     --mount=type=cache,dst=/var/cache \
     --mount=type=cache,dst=/var/log \
     --mount=type=tmpfs,dst=/tmp \
-    /ctx/initramfs.sh
+    /ctx/03_post_desktop.sh
 
 RUN bootc container lint

Makefile

@@ -1,10 +1,14 @@
 clean:
 	sudo rm -fr flathub output output-repo
 	sudo podman system prune
+	for container in $$(sudo podman container list --external --format "{{.ID}}"); do sudo podman rm --force $$container; done
 
 oci:
 	sudo podman build --network=host -t podman-image .
 
+oci_hyprland:
+	sudo podman build --network=host -t podman-image-hyprland --build-arg DESKTOP_ENVIRONMENT=hyprland .
+
 CONTAINER_IMAGE=localhost/podman-image
 FILESYSTEM_TYPE=ext4
 qcow:

README.md

@@ -39,6 +39,7 @@ It is possible to keep a revision by pinning it: `ostree admin pin 0`
 
 - man
 - langpacks: en, de
+- default-fonts-cjk
 - Gnome + Software
 - curl
 - git
@@ -54,7 +55,40 @@ It is possible to keep a revision by pinning it: `ostree admin pin 0`
 - ffmpeg
 - pandoc
 - ansible
+- sqlite
+- netcat
+- tor & torbrowser-launcher
+- podman compose
+- hugo
 - Flatpak (with default repository configured)
 - Chromium
+- Veracrypt
 - VSCode
 - NVIDIA Drivers
+
+## Referenced Sources for NVIDIA Driver Installation
+
+### NVIDIA
+
+- https://docs.nvidia.com/datacenter/cloud-native/container-toolkit/latest/install-guide.html
+- https://docs.nvidia.com/cuda/cuda-installation-guide-linux/index.html#handle-uninstallation
+- https://developer.nvidia.com/cuda-downloads
+
+### ublue-os
+
+- https://github.com/ublue-os/main
+- https://github.com/ublue-os/akmods
+- https://github.com/ublue-os/hwe/pkgs/container/akmods-nvidia
+
+### RPM Fusion
+
+- https://rpmfusion.org/Howto/NVIDIA
+
+### Bluefin
+
+- https://github.com/ublue-os/bluefin/blob/main/build_files/base/03-install-kernel-akmods.sh
+- https://github.com/ublue-os/bluefin/blob/main/build_files/base/19-initramfs.sh
+
+### Notes
+
+Those also include links that didn't work out in the end for various reasons, the one I use now is based on ublue-os/main scripts.

build_files/01_pre_desktop.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+
+set -ouex pipefail
+
+cp /ctx/bootc-fetch-apply-updates.service /usr/lib/systemd/system/bootc-fetch-apply-updates.service
+cp /ctx/os-release /usr/lib/os-release
+
+echo "LANG=de_DE.UTF-8" >> /etc/default/locale
+ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime
+ln -s /usr/bin/xdg-open /usr/bin/open
+
+# dnf5 update -y --setopt=install_weak_deps=False --setopt=install_deps=False
+dnf5 install -y man-pages man-db glibc-langpack-en glibc-langpack-de default-fonts-cjk plymouth git

build_files/02_gnome.sh

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -ouex pipefail
+
+dnf5 install -y --setopt=exclude=gnome-tour,malcontent-control \
+    gnome-shell \
+    gnome-terminal \
+    gnome-bluetooth \
+    gnome-calculator \
+    gnome-disk-utility \
+    gnome-extensions-app \
+    gnome-browser-connector \
+    gnome-backgrounds \
+    gnome-shell-extension-appindicator
+dnf5 install -y  \
+    totem \
+    seahorse \
+    gstreamer1-plugin-libav
+
+git clone https://github.com/Tudmotu/gnome-shell-extension-clipboard-indicator.git /usr/share/gnome-shell/extensions/clipboard-indicator@tudmotu.com

build_files/02_hyprland.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+set -ouex pipefail
+
+dnf5 copr enable -y solopasha/hyprland
+dnf5 copr enable -y erikreider/SwayNotificationCenter
+dnf5 install -y \
+    hyprland \
+    hypridle \
+    hyprlock \
+    hyprshot \
+    hyprpolkitagent \
+    waybar \
+    pavucontrol \
+    cliphist \
+    SwayNotificationCenter-git
+
+echo 'if [[ $(ps aux | grep hyprland | wc -l) -eq 1 ]]; then cd $HOME && echo "launch hyprland?" && read && systemd-run --user --service-type=exec --unit=hyprland --description="hyprland start service" hyprland ; fi' >> /etc/profile.d/launch_hyprland.sh

build_files/03_post_desktop.sh

@@ -0,0 +1,52 @@
+#!/bin/bash
+
+set -ouex pipefail
+
+dnf5 install -y \
+    gnome-keyring \
+    gnome-keyring-pam \
+    evolution \
+    fzf \
+    vlc \
+    curl \
+    btop \
+    tmux \
+    make \
+    xsel \
+    7zip \
+    nvtop \
+    direnv \
+    sqlite \
+    flatpak \
+    chromium \
+    pciutils \
+    nautilus \
+    tailscale \
+    podman-compose \
+    netcat tor torbrowser-launcher \
+    ansible-core ansible-collection-community-general \
+    pandoc-common pandoc-pdf texlive-collection-langgerman \
+    hugo
+
+flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
+
+systemctl enable tailscaled.service
+systemctl disable sshd.service
+
+# Install VSCode: https://packages.microsoft.com/yumrepos/vscode/
+curl -fsSLo /etc/yum.repos.d/vscode.repo https://packages.microsoft.com/yumrepos/vscode/config.repo
+rpm-ostree install code
+rm /etc/yum.repos.d/vscode.repo
+
+dnf5 install -y https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm \
+                https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm
+dnf5 install -y --allowerasing ffmpeg x265-libs
+
+# Install Veracrypt: https://veracrypt.io/en/Downloads.html
+dnf5 install -y https://launchpad.net/veracrypt/trunk/1.26.24/+download/veracrypt-1.26.24-Fedora-40-x86_64.rpm
+
+dnf5 remove  -y rpmfusion-free-release rpmfusion-nonfree-release
+dnf5 clean all
+
+cp /ctx/login /etc/pam.d
+

build_files/build.sh

@@ -1,23 +0,0 @@
-#!/bin/bash
-
-set -ouex pipefail
-cp /ctx/bootc-fetch-apply-updates.service /usr/lib/systemd/system/bootc-fetch-apply-updates.service
-cp /ctx/os-release /usr/lib/os-release
-
-dnf5 update -y --setopt=install_weak_deps=False
-dnf5 install -y man-pages man-db glibc-langpack-en glibc-langpack-de plymouth
-dnf5 install -y --setopt=exclude=gnome-tour,malcontent-control gnome-shell gnome-keyring gnome-keyring-pam gnome-bluetooth gnome-terminal nautilus seahorse evolution totem gstreamer1-plugin-libav gnome-extensions-app gnome-browser-connector gnome-shell-extension-appindicator
-dnf5 install -y gnome-calculator gnome-disk-utility gnome-backgrounds
-dnf5 install -y curl git btop nvtop tmux flatpak pciutils tailscale make fzf direnv xsel chromium pandoc-common pandoc-pdf texlive-collection-langgerman ansible-core ansible-collection-community-general vlc
-git clone https://github.com/Tudmotu/gnome-shell-extension-clipboard-indicator.git /usr/share/gnome-shell/extensions/clipboard-indicator@tudmotu.com
-flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
-echo "LANG=de_DE.UTF-8" >> /etc/default/locale
-ln -s /usr/share/zoneinfo/Europe/Berlin /etc/localtime
-ln -s /usr/bin/xdg-open /usr/bin/open
-systemctl enable tailscaled.service
-systemctl disable sshd.service
-# Install VSCode: https://packages.microsoft.com/yumrepos/vscode/
-curl -fsSLo /etc/yum.repos.d/vscode.repo https://packages.microsoft.com/yumrepos/vscode/config.repo
-rpm-ostree install code
-rm /etc/yum.repos.d/vscode.repo
-

build_files/initramfs.sh

@@ -1,14 +0,0 @@
-#!/usr/bin/bash
-# https://github.com/ublue-os/bluefin/blob/ba5d621270982b245343abcae47b3393cc5cffb8/build_files/base/19-initramfs.sh
-
-echo "::group:: ===$(basename "$0")==="
-
-set -oue pipefail
-
-KERNEL_SUFFIX=""
-QUALIFIED_KERNEL="$(rpm -qa | grep -P 'kernel-(|'"$KERNEL_SUFFIX"'-)(\d+\.\d+\.\d+)' | sed -E 's/kernel-(|'"$KERNEL_SUFFIX"'-)//')"
-export DRACUT_NO_XATTR=1
-/usr/bin/dracut --no-hostonly --kver "$QUALIFIED_KERNEL" --reproducible -v --add ostree -f "/lib/modules/$QUALIFIED_KERNEL/initramfs.img"
-chmod 0600 "/lib/modules/$QUALIFIED_KERNEL/initramfs.img"
-
-echo "::endgroup::"

build_files/login

@@ -0,0 +1,18 @@
+#%PAM-1.0
+auth       substack     system-auth
+auth       include      postlogin
+auth       optional	pam_gnome_keyring.so
+account    required     pam_nologin.so
+account    include      system-auth
+password   include      system-auth
+# pam_selinux.so close should be the first session rule
+session    required     pam_selinux.so close
+session    required     pam_loginuid.so
+# pam_selinux.so open should only be followed by sessions to be executed in the user context
+session    required     pam_selinux.so open
+session    required     pam_namespace.so
+session    optional     pam_keyinit.so force revoke
+session    include      system-auth
+session    include      postlogin
+-session   optional     pam_ck_connector.so
+session    optional	pam_gnome_keyring.so auto_start

build_files/nvidia.sh

@@ -1,65 +0,0 @@
-#!/usr/bin/bash
-# based on https://raw.githubusercontent.com/ublue-os/bluefin/ba5d621270982b245343abcae47b3393cc5cffb8/build_files/base/03-install-kernel-akmods.sh
-
-echo "::group:: ===$(basename "$0")==="
-
-# Set Variables
-export AKMODS_FLAVOR=main
-export KERNEL="6.17.9-200.fc42.x86_64"
-export IMAGE_NAME=""
-
-set -eoux pipefail
-
-# Remove Existing Kernel
-for pkg in kernel kernel-core kernel-modules kernel-modules-core kernel-modules-extra; do
-    rpm --erase $pkg --nodeps
-done
-
-# Fetch Common AKMODS & Kernel RPMS
-skopeo copy --retry-times 3 docker://ghcr.io/ublue-os/akmods:"${AKMODS_FLAVOR}"-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods
-AKMODS_TARGZ=$(jq -r '.layers[].digest' </tmp/akmods/manifest.json | cut -d : -f 2)
-tar -xvzf /tmp/akmods/"$AKMODS_TARGZ" -C /tmp/
-mv /tmp/rpms/* /tmp/akmods/
-# NOTE: kernel-rpms should auto-extract into correct location
-
-# Install Kernel
-dnf5 -y install \
-    /tmp/kernel-rpms/kernel-[0-9]*.rpm \
-    /tmp/kernel-rpms/kernel-core-*.rpm \
-    /tmp/kernel-rpms/kernel-modules-*.rpm
-
-# TODO: Figure out why akmods cache is pulling in akmods/kernel-devel
-dnf5 -y install \
-    /tmp/kernel-rpms/kernel-devel-*.rpm
-
-dnf5 versionlock add kernel kernel-devel kernel-devel-matched kernel-core kernel-modules kernel-modules-core kernel-modules-extra
-
-# Everyone
-# NOTE: we won't use dnf5 copr plugin for ublue-os/akmods until our upstream provides the COPR standard naming
-sed -i 's@enabled=0@enabled=1@g' /etc/yum.repos.d/_copr_ublue-os-akmods.repo
-
-# Nvidia AKMODS
-
-# Fetch Nvidia RPMs
-skopeo copy --retry-times 3 docker://ghcr.io/ublue-os/akmods-nvidia-open:"${AKMODS_FLAVOR}"-"$(rpm -E %fedora)"-"${KERNEL}" dir:/tmp/akmods-rpms
-NVIDIA_TARGZ=$(jq -r '.layers[].digest' </tmp/akmods-rpms/manifest.json | cut -d : -f 2)
-tar -xvzf /tmp/akmods-rpms/"$NVIDIA_TARGZ" -C /tmp/
-mv /tmp/rpms/* /tmp/akmods-rpms/
-
-# Monkey patch right now...
-if ! grep -q negativo17 <(rpm -qi mesa-dri-drivers); then
-    dnf5 -y swap --repo=updates-testing \
-        mesa-dri-drivers mesa-dri-drivers
-fi
-
-# Install Nvidia RPMs
-curl -sSL "https://raw.githubusercontent.com/ublue-os/main/main/build_files/nvidia-install.sh" -o /tmp/nvidia-install.sh
-chmod +x /tmp/nvidia-install.sh
-/tmp/nvidia-install.sh
-rm -f /usr/share/vulkan/icd.d/nouveau_icd.*.json
-ln -sf libnvidia-ml.so.1 /usr/lib64/libnvidia-ml.so
-tee /usr/lib/bootc/kargs.d/00-nvidia.toml <<EOF
-kargs = ["rd.driver.blacklist=nouveau", "modprobe.blacklist=nouveau", "nvidia-drm.modeset=1", "initcall_blacklist=simpledrm_platform_driver_init"]
-EOF
-
-echo "::endgroup::"

build_files/os-release

@@ -2,4 +2,4 @@ NAME="ManInDark bootc Linux"
 ID=manindark-linux
 PRETTY_NAME="ManInDark's bootc Linux"
 VARIANT_ID=desktop
-VERSION_ID=42
+VERSION_ID=43