scottk/secureblue
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/secureblue.git synced 2025-11-01 10:57:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: cleanup and add river images

Browse Source
This commit is contained in:
qoijjj
2024-02-29 18:12:01 -08:00
committed by GitHub
parent bc09b9db6e
commit 6d9da7fbc0
11 changed files with 192 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.github/workflows/build.yml vendored
View File

@@ -37,6 +37,8 @@ jobs:
- recipes/desktop/recipe-wayblue-wayfire-nvidia.yml
- recipes/desktop/recipe-wayblue-hyprland-main.yml
- recipes/desktop/recipe-wayblue-hyprland-nvidia.yml
- recipes/desktop/recipe-wayblue-river-main.yml
- recipes/desktop/recipe-wayblue-river-nvidia.yml
# laptop
- recipes/laptop/recipe-silverblue-main-laptop.yml
- recipes/laptop/recipe-silverblue-nvidia-laptop.yml
@@ -56,6 +58,8 @@ jobs:
- recipes/laptop/recipe-wayblue-wayfire-nvidia-laptop.yml
- recipes/laptop/recipe-wayblue-hyprland-main-laptop.yml
- recipes/laptop/recipe-wayblue-hyprland-nvidia-laptop.yml
- recipes/laptop/recipe-wayblue-river-main-laptop.yml
- recipes/laptop/recipe-wayblue-river-nvidia-laptop.yml
# framework
- recipes/laptop/recipe-silverblue-framework.yml
- recipes/laptop/recipe-kinoite-framework.yml
@@ -82,6 +86,8 @@ jobs:
- recipes/desktop/recipe-wayblue-wayfire-nvidia-userns.yml
- recipes/desktop/recipe-wayblue-hyprland-main-userns.yml
- recipes/desktop/recipe-wayblue-hyprland-nvidia-userns.yml
- recipes/desktop/recipe-wayblue-river-main-userns.yml
- recipes/desktop/recipe-wayblue-river-nvidia-userns.yml
# laptop
- recipes/laptop/recipe-silverblue-main-laptop-userns.yml
- recipes/laptop/recipe-silverblue-nvidia-laptop-userns.yml
@@ -103,6 +109,8 @@ jobs:
- recipes/laptop/recipe-wayblue-wayfire-nvidia-laptop-userns.yml
- recipes/laptop/recipe-wayblue-hyprland-main-laptop-userns.yml
- recipes/laptop/recipe-wayblue-hyprland-nvidia-laptop-userns.yml
- recipes/laptop/recipe-wayblue-river-main-laptop-userns.yml
- recipes/laptop/recipe-wayblue-river-nvidia-laptop-userns.yml
# framework
- recipes/laptop/recipe-silverblue-framework-userns.yml
- recipes/laptop/recipe-kinoite-framework-userns.yml

8
README.md
View File

@@ -80,6 +80,8 @@ Have a look at [PREINSTALL-README](PREINSTALL-README.md) before proceeding.
- wayblue-wayfire-nvidia-hardened
- wayblue-hyprland-main-hardened
- wayblue-hyprland-nvidia-hardened
- wayblue-river-main-hardened
- wayblue-river-nvidia-hardened
##### laptop <sup>[changes](./config/recipes/laptop/laptop-bling.yml)</sup>
- kinoite-main-laptop-hardened
@@ -100,6 +102,8 @@ Have a look at [PREINSTALL-README](PREINSTALL-README.md) before proceeding.
- wayblue-wayfire-nvidia-laptop-hardened
- wayblue-hyprland-main-laptop-hardened
- wayblue-hyprland-nvidia-laptop-hardened
- wayblue-river-main-laptop-hardened
- wayblue-river-nvidia-laptop-hardened
###### framework <sup>[docs](https://universal-blue.org/images/framework/)</sup>
- kinoite-framework-hardened
@@ -130,6 +134,8 @@ Have a look at [PREINSTALL-README](PREINSTALL-README.md) before proceeding.
- wayblue-wayfire-nvidia-userns-hardened
- wayblue-hyprland-main-userns-hardened
- wayblue-hyprland-nvidia-userns-hardened
- wayblue-river-main-userns-hardened
- wayblue-river-nvidia-userns-hardened
##### laptop <sup>[changes](./config/recipes/laptop/laptop-bling.yml)</sup>
- kinoite-main-laptop-userns-hardened
@@ -152,6 +158,8 @@ Have a look at [PREINSTALL-README](PREINSTALL-README.md) before proceeding.
- wayblue-wayfire-nvidia-laptop-userns-hardened
- wayblue-hyprland-main-laptop-userns-hardened
- wayblue-hyprland-nvidia-laptop-userns-hardened
- wayblue-river-main-laptop-userns-hardened
- wayblue-river-nvidia-laptop-userns-hardened
###### framework <sup>[docs](https://universal-blue.org/images/framework/)</sup>
- kinoite-framework-userns-hardened

56
config/README.md
View File

@@ -1,56 +0,0 @@
# Configuring your image
The main file of your is *the recipe file*. You can have multiple recipe files, and the ones to build are declared in the matrix section of [build.yml](../.github/workflows/build.yml).
## Basic options
At the top of the recipe, there are four *mandatory* configuration options.
`name:` is the name of the image that is used when rebasing to it. For example, the name "sapphire" would result in the final URL of the container being `ghcr.io/<yourusername>/sapphire`.
`description:` is a short description of your image that will be attached to your image's metadata.
`base-image:` is the URL of the image your image will be built upon.
`image-version:` is the version tag of the `base-image` that will be pulled. For example, Universal Blue's images build with Fedora version tags (`38`, `39`), with the `latest` tag for the latest major version, and [many other tags](https://github.com/ublue-os/main/pkgs/container/base-main/versions?filters%5Bversion_type%5D=tagged).
## Modules
The core of startingpoint's configuration is built around the idea of modules. Modules are scripts in the [`../modules`](../modules/) directory that you configure under `modules:` in the recipe. They are executed in order, and can run arbitrary shell commands and write any files.
This repository fetches some useful default modules from [`ublue-os/bling`](https://github.com/ublue-os/bling/), like [`rpm-ostree`](https://universal-blue.org/tinker/modules/rpm-ostree) for pseudo-declarative package management, [`bling`](https://universal-blue.org/tinker/modules/bling) for pulling extra components from [`ublue-os/bling`](https://github.com/ublue-os/bling), and [`files`](https://universal-blue.org/tinker/modules/files) for copying files from the `config/files/` directory into your image.
For a comprehensive list of modules, their in-depth documentation and example configuration, check out [the Modules page on the website](https://universal-blue.org/tinker/modules/).
### Building multiple images and including module configuration from other files
To build multiple images, you need to create another recipe.yml file, which you should name based on what kind of image you want it to build. Then, edit the [`build.yml`](../.github/workflows/build.yml) file. Inside the file, under `jobs: strategy: matrix:`, there's a list of recipe files to build images, which you need to add your new recipe file to. These should be paths to files inside the `config` directory.
Module configuration can be included from other files using the `from-file` syntax. The value should be a path to a file inside the `config` directory. For example, the following snippet could be used to include the configuration for installing a set of packages common to multiple images.
```yaml
modules:
- from-file: common-packages.yml
```
And inside config/common-packages.yml
```yaml
type: rpm-ostree
install:
- i3
- dunst
- rofi
- kitty
```
An external module can also include multiple modules.
```yaml
# config/common.yml
modules:
- type: files
files:
- usr: /usr
- type: rpm-ostree
install:
- i3
- dunst
- rofi
- kitty
```

20
config/recipes/desktop/recipe-wayblue-river-main-userns.yml Normal file
View File

@@ -0,0 +1,20 @@
# image will be published to ghcr.io/<user>/<name>
name: wayblue-river-main-userns-hardened
# description will be included in the image's metadata
description: "wayblue river main with some hardening applied"
# the base image to build on top of (FROM) and the version tag to use
base-image: ghcr.io/wayblueorg/river
image-version: 39
# list of modules, executed in order
# you can include multiple instances of the same module
modules:
- from-file: common/common-files.yml
- from-file: common/gui-packages.yml
- from-file: common/common-packages.yml
- from-file: common/remove-firefox.yml
- from-file: common/common-scripts.yml
- type: signing
- from-file: common/gui-scripts.yml
- type: yafti

22
config/recipes/desktop/recipe-wayblue-river-main.yml Normal file
View File

@@ -0,0 +1,22 @@
# image will be published to ghcr.io/<user>/<name>
name: wayblue-river-main-hardened
# description will be included in the image's metadata
description: "wayblue river main with some hardening applied"
# the base image to build on top of (FROM) and the version tag to use
base-image: ghcr.io/wayblueorg/river
image-version: 39
# list of modules, executed in order
# you can include multiple instances of the same module
modules:
- from-file: common/common-files.yml
- from-file: common/gui-packages.yml
- from-file: common/common-packages.yml
- from-file: common/remove-firefox.yml
- from-file: common/common-scripts.yml
- type: signing
- from-file: common/gui-scripts.yml
- from-file: common/disableuserns-packages.yml
- from-file: common/disableuserns-scripts.yml
- type: yafti

20
config/recipes/desktop/recipe-wayblue-river-nvidia-userns.yml Normal file
View File

@@ -0,0 +1,20 @@
# image will be published to ghcr.io/<user>/<name>
name: wayblue-river-nvidia-userns-hardened
# description will be included in the image's metadata
description: "wayblue river nvidia with some hardening applied"
# the base image to build on top of (FROM) and the version tag to use
base-image: ghcr.io/wayblueorg/river-nvidia
image-version: 39
# list of modules, executed in order
# you can include multiple instances of the same module
modules:
- from-file: common/common-files.yml
- from-file: common/gui-packages.yml
- from-file: common/common-packages.yml
- from-file: common/remove-firefox.yml
- from-file: common/common-scripts.yml
- type: signing
- from-file: common/gui-scripts.yml
- type: yafti

22
config/recipes/desktop/recipe-wayblue-river-nvidia.yml Normal file
View File

@@ -0,0 +1,22 @@
# image will be published to ghcr.io/<user>/<name>
name: wayblue-river-nvidia-hardened
# description will be included in the image's metadata
description: "wayblue river nvidia with some hardening applied"
# the base image to build on top of (FROM) and the version tag to use
base-image: ghcr.io/wayblueorg/river-nvidia
image-version: 39
# list of modules, executed in order
# you can include multiple instances of the same module
modules:
- from-file: common/common-files.yml
- from-file: common/gui-packages.yml
- from-file: common/common-packages.yml
- from-file: common/remove-firefox.yml
- from-file: common/common-scripts.yml
- type: signing
- from-file: common/gui-scripts.yml
- from-file: common/disableuserns-packages.yml
- from-file: common/disableuserns-scripts.yml
- type: yafti

21
config/recipes/laptop/recipe-wayblue-river-main-laptop-userns.yml Normal file
View File

@@ -0,0 +1,21 @@
# image will be published to ghcr.io/<user>/<name>
name: wayblue-river-main-laptop-userns-hardened
# description will be included in the image's metadata
description: "wayblue river main with some hardening applied, for laptops"
# the base image to build on top of (FROM) and the version tag to use
base-image: ghcr.io/wayblueorg/river
image-version: 39
# list of modules, executed in order
# you can include multiple instances of the same module
modules:
- from-file: common/common-files.yml
- from-file: common/gui-packages.yml
- from-file: common/common-packages.yml
- from-file: common/remove-firefox.yml
- from-file: recipes/laptop/laptop-bling.yml
- from-file: common/common-scripts.yml
- type: signing
- from-file: common/gui-scripts.yml
- type: yafti

23
config/recipes/laptop/recipe-wayblue-river-main-laptop.yml Normal file
View File

@@ -0,0 +1,23 @@
# image will be published to ghcr.io/<user>/<name>
name: wayblue-river-main-laptop-hardened
# description will be included in the image's metadata
description: "wayblue river main with some hardening applied, for laptops"
# the base image to build on top of (FROM) and the version tag to use
base-image: ghcr.io/wayblueorg/river
image-version: 39
# list of modules, executed in order
# you can include multiple instances of the same module
modules:
- from-file: common/common-files.yml
- from-file: common/gui-packages.yml
- from-file: common/common-packages.yml
- from-file: common/remove-firefox.yml
- from-file: recipes/laptop/laptop-bling.yml
- from-file: common/common-scripts.yml
- type: signing
- from-file: common/gui-scripts.yml
- from-file: common/disableuserns-packages.yml
- from-file: common/disableuserns-scripts.yml
- type: yafti

23
config/recipes/laptop/recipe-wayblue-river-nvidia-laptop-userns.yml Normal file
View File

@@ -0,0 +1,23 @@
# image will be published to ghcr.io/<user>/<name>
name: wayblue-river-nvidia-laptop-userns-hardened
# description will be included in the image's metadata
description: "wayblue river nvidia with some hardening applied, for laptops"
# the base image to build on top of (FROM) and the version tag to use
base-image: ghcr.io/wayblueorg/river-nvidia
image-version: 39
# list of modules, executed in order
# you can include multiple instances of the same module
modules:
- from-file: common/common-files.yml
- from-file: common/gui-packages.yml
- from-file: common/common-packages.yml
- from-file: common/remove-firefox.yml
- from-file: recipes/laptop/laptop-bling.yml
- from-file: common/common-scripts.yml
- type: signing
- from-file: common/gui-scripts.yml
- from-file: common/nvidia-optimus-workaround-scripts.yml
- from-file: common/nvidia-laptop-scripts.yml
- type: yafti

25
config/recipes/laptop/recipe-wayblue-river-nvidia-laptop.yml Normal file
View File

@@ -0,0 +1,25 @@
# image will be published to ghcr.io/<user>/<name>
name: wayblue-river-nvidia-laptop-hardened
# description will be included in the image's metadata
description: "wayblue river nvidia with some hardening applied, for laptops"
# the base image to build on top of (FROM) and the version tag to use
base-image: ghcr.io/wayblueorg/river-nvidia
image-version: 39
# list of modules, executed in order
# you can include multiple instances of the same module
modules:
- from-file: common/common-files.yml
- from-file: common/gui-packages.yml
- from-file: common/common-packages.yml
- from-file: common/remove-firefox.yml
- from-file: recipes/laptop/laptop-bling.yml
- from-file: common/common-scripts.yml
- type: signing
- from-file: common/gui-scripts.yml
- from-file: common/disableuserns-packages.yml
- from-file: common/disableuserns-scripts.yml
- from-file: common/nvidia-optimus-workaround-scripts.yml
- from-file: common/nvidia-laptop-scripts.yml
- type: yafti