├── README.md
├── fedora.repo
├── Makefile
├── rpmfusion-free.repo
├── group
├── post.sh
├── passwd
└── fale-desktop.yaml


/README.md:
--------------------------------------------------------------------------------
1 | # Fale's desktop OSTree
2 | 
3 | ## Interesting links
4 | * [Fedora Atomic](https://pagure.io/fedora-atomic)
5 | * [Fedora CopperBlue](https://pagure.io/copperblue/)
6 | * [Fedora CoreOS config](https://github.com/coreos/fedora-coreos-config)
7 | * [Fedora Workstation config](https://pagure.io/workstation-ostree-config)
8 | 


--------------------------------------------------------------------------------
/fedora.repo:
--------------------------------------------------------------------------------
 1 | [fedora]
 2 | name=Fedora $releasever - $basearch
 3 | metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch
 4 | enabled=1
 5 | gpgcheck=1
 6 | 
 7 | [fedora-updates]
 8 | name=Fedora $releasever - $basearch - Updates
 9 | metalink=https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch
10 | enabled=1
11 | gpgcheck=1
12 | 


--------------------------------------------------------------------------------
/Makefile:
--------------------------------------------------------------------------------
 1 | all: init build deploy
 2 | 
 3 | init:
 4 | 	ostree init --repo=/ostree/fale-desktop
 5 | 
 6 | build:
 7 | 	rm -Rf /ostree/fale-desktop/tmp
 8 | 	rpm-ostree compose tree --unified-core -r /ostree/fale-desktop --workdir /ostree/repo/tmp --cachedir /ostree/fale-desktop fale-desktop.yaml
 9 | 
10 | deploy:
11 | 	ostree pull-local /ostree/fale-desktop fedora/x86_64/fale-desktop
12 | 	ostree admin deploy fedora/x86_64/fale-desktop
13 | 
14 | clean:
15 | 	rm -Rf /ostree/fale-desktop
16 | 


--------------------------------------------------------------------------------
/rpmfusion-free.repo:
--------------------------------------------------------------------------------
 1 | [rpmfusion-free]
 2 | name=RPM Fusion for Fedora $releasever - Free
 3 | metalink=https://mirrors.rpmfusion.org/metalink?repo=free-fedora-$releasever&arch=$basearch
 4 | enabled=1
 5 | metadata_expire=14d
 6 | type=rpm-md
 7 | gpgcheck=0
 8 | repo_gpgcheck=0
 9 | 
10 | [rpmfusion-free-updates]
11 | name=RPM Fusion for Fedora $releasever - Free - Updates
12 | metalink=https://mirrors.rpmfusion.org/metalink?repo=free-fedora-updates-released-$releasever&arch=$basearch
13 | enabled=1
14 | enabled_metadata=1
15 | type=rpm-md
16 | gpgcheck=0
17 | repo_gpgcheck=0
18 | 


--------------------------------------------------------------------------------
/group:
--------------------------------------------------------------------------------
 1 | root:x:0:
 2 | bin:x:1:
 3 | daemon:x:2:
 4 | sys:x:3:
 5 | adm:x:4:
 6 | tty:x:5:
 7 | disk:x:6:
 8 | lp:x:7:
 9 | mem:x:8:
10 | kmem:x:9:
11 | wheel:x:10:
12 | cdrom:x:11:
13 | mail:x:12:
14 | man:x:15:
15 | dialout:x:18:
16 | floppy:x:19:
17 | games:x:20:
18 | tape:x:30:
19 | video:x:39:
20 | ftp:x:50:
21 | lock:x:54:
22 | audio:x:63:
23 | nobody:x:99:
24 | users:x:100:
25 | utmp:x:22:
26 | utempter:x:35:
27 | ssh_keys:x:999:
28 | systemd-journal:x:190:
29 | dbus:x:81:
30 | polkitd:x:998:
31 | etcd:x:997:
32 | dip:x:40:
33 | cgred:x:996:
34 | tss:x:59:
35 | avahi-autoipd:x:170:
36 | rpc:x:32:
37 | sssd:x:993:
38 | dockerroot:x:986:
39 | rpcuser:x:29:
40 | nfsnobody:x:65534:
41 | kube:x:994:
42 | sshd:x:74:
43 | chrony:x:992:
44 | tcpdump:x:72:
45 | input:x:995:
46 | systemd-timesync:x:991:
47 | systemd-network:x:990:
48 | systemd-resolve:x:989:
49 | systemd-bus-proxy:x:988:
50 | cockpit-ws:x:987:
51 | 


--------------------------------------------------------------------------------
/post.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | # This file is very similar to treecompose-post.sh
 3 | # from fedora-atomic: https://pagure.io/fedora-atomic
 4 | # Make changes there first where applicable.
 5 | 
 6 | set -xeuo pipefail
 7 | 
 8 | # Work around https://bugzilla.redhat.com/show_bug.cgi?id=1265295
 9 | # Also note the create-new-then-rename dance for rofiles-fuse compat
10 | if ! grep -q '^Storage=persistent' /etc/systemd/journald.conf; then
11 |     (cat /etc/systemd/journald.conf && echo 'Storage=persistent') > /etc/systemd.journald.conf.new
12 |     mv /etc/systemd.journald.conf{.new,}
13 | fi
14 | 
15 | # See: https://src.fedoraproject.org/rpms/glibc/pull-request/4
16 | # Basically that program handles deleting old shared library directories
17 | # mid-transaction, which never applies to rpm-ostree. This is structured as a
18 | # loop/glob to avoid hardcoding (or trying to match) the architecture.
19 | for x in /usr/sbin/glibc_post_upgrade.*; do
20 |     if test -f ${x}; then
21 |         ln -srf /usr/bin/true ${x}
22 |     fi
23 | done
24 | 
25 | # Make sure systemd-resolve is in use
26 | ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf
27 | systemctl enable systemd-resolved.service
28 | 


--------------------------------------------------------------------------------
/passwd:
--------------------------------------------------------------------------------
 1 | root:x:0:0:root:/root:/bin/bash
 2 | bin:x:1:1:bin:/bin:/sbin/nologin
 3 | daemon:x:2:2:daemon:/sbin:/sbin/nologin
 4 | adm:x:3:4:adm:/var/adm:/sbin/nologin
 5 | lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
 6 | sync:x:5:0:sync:/sbin:/bin/sync
 7 | shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
 8 | halt:x:7:0:halt:/sbin:/sbin/halt
 9 | mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
10 | operator:x:11:0:operator:/root:/sbin/nologin
11 | games:x:12:100:games:/usr/games:/sbin/nologin
12 | ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
13 | nobody:x:99:99:Nobody:/:/sbin/nologin
14 | dbus:x:81:81:System message bus:/:/sbin/nologin
15 | polkitd:x:999:998:User for polkitd:/:/sbin/nologin
16 | etcd:x:998:997:etcd user:/var/lib/etcd:/sbin/nologin
17 | tss:x:59:59:Account used by the trousers package to sandbox the tcsd daemon:/dev/null:/sbin/nologin
18 | avahi-autoipd:x:170:170:Avahi IPv4LL Stack:/var/lib/avahi-autoipd:/sbin/nologin
19 | rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
20 | sssd:x:995:993:User for sssd:/:/sbin/nologin
21 | dockerroot:x:997:986:Docker User:/var/lib/docker:/sbin/nologin
22 | rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
23 | nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
24 | kube:x:996:994:Kubernetes user:/:/sbin/nologin
25 | sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
26 | chrony:x:994:992::/var/lib/chrony:/sbin/nologin
27 | tcpdump:x:72:72::/:/sbin/nologin
28 | systemd-timesync:x:993:991:systemd Time Synchronization:/:/sbin/nologin
29 | systemd-network:x:991:990:systemd Network Management:/:/sbin/nologin
30 | systemd-resolve:x:990:989:systemd Resolver:/:/sbin/nologin
31 | systemd-bus-proxy:x:989:988:systemd Bus Proxy:/:/sbin/nologin
32 | cockpit-ws:x:988:987:User for cockpit-ws:/:/sbin/nologin
33 | 


--------------------------------------------------------------------------------
/fale-desktop.yaml:
--------------------------------------------------------------------------------
  1 | ref: fedora/${basearch}/fale-desktop
  2 | 
  3 | rojig:
  4 |   name: fale-desktop
  5 |   summary: "Fale immutable desktop OS"
  6 |   license: MIT
  7 | 
  8 | releasever: "36"
  9 | automatic_version_prefix: "36"
 10 | mutate-os-release: "36"
 11 | 
 12 | repos:
 13 |   - fedora
 14 |   - fedora-updates
 15 |   - rpmfusion-free
 16 |   - rpmfusion-free-updates
 17 | 
 18 | install-langs:
 19 |   - en_US
 20 | 
 21 | selinux: true
 22 | documentation: true
 23 | boot_location: modules
 24 | etc-group-members:
 25 |   - wheel
 26 | tmp-is-dir: true
 27 | 
 28 | postprocess-script: post.sh
 29 | 
 30 | ignore-removed-users:
 31 |   - root
 32 | ignore-removed-groups:
 33 |   - root
 34 | check-passwd: { type: file, filename: passwd }
 35 | check-groups: { type: file, filename: group }
 36 | 
 37 | default_target: multi-user.target
 38 | 
 39 | packages:
 40 |   # Boot
 41 |   - efibootmgr
 42 |   - grub2
 43 |   - grub2-efi-x64
 44 |   - kernel-core
 45 |   - kernel-modules
 46 |   - kernel-modules-extra
 47 |   - linux-firmware
 48 |   - microcode_ctl
 49 |   - ostree-grub2
 50 |   - plymouth
 51 |   - plymouth-system-theme
 52 |   - fwupd
 53 |   - bolt
 54 | 
 55 |   # Base
 56 |   - acl
 57 |   - attr
 58 |   - audit
 59 |   - avahi
 60 |   - basesystem
 61 |   - bash
 62 |   - chrony
 63 |   - cryptsetup
 64 |   - file
 65 |   - filesystem
 66 |   - hostname
 67 |   - logrotate
 68 |   - mcelog
 69 |   - mdadm
 70 |   - nss-mdns
 71 |   - passwd
 72 |   - pciutils
 73 |   - polkit
 74 |   - rng-tools
 75 |   - rootfiles
 76 |   - setup
 77 |   - shadow-utils
 78 |   - shim
 79 |   - systemd
 80 |   - systemd-udev
 81 |   - time
 82 |   - util-linux
 83 |   - vconfig
 84 |   - which
 85 | 
 86 |   # SELinux
 87 |   - selinux-policy-targeted
 88 |   - policycoreutils
 89 |   - policycoreutils-python-utils
 90 | 
 91 |   # Perf
 92 |   - perf
 93 | 
 94 |   # Network
 95 |   - bind-utils
 96 |   - bridge-utils
 97 |   - dnsmasq
 98 |   - ethtool
 99 |   - iproute
100 |   - iptables
101 |   - nftables
102 |   - iputils
103 |   - iwd
104 |   - iwl7260-firmware
105 | 
106 |   - socat
107 |   - tcpdump
108 |   - NetworkManager
109 |   - wpa_supplicant
110 | 
111 |   # Network filesystems
112 |   - cifs-utils
113 |   - samba-client
114 |   - nfs-utils
115 | 
116 |   # Disk management
117 |   - e2fsprogs
118 |   - iotop
119 |   - parted
120 |   - squashfs-tools
121 | 
122 |   # Multi-user
123 |   - bash-completion
124 |   - bc
125 |   - bzip2
126 |   - curl
127 |   - dconf
128 |   - gnupg2
129 |   - htop
130 |   - less
131 |   - lsof
132 |   - man-db
133 |   - man-pages
134 |   - mtr
135 |   - ncdu
136 |   - net-tools
137 |   - nmap-ncat
138 |   - nss-altfiles
139 |   - openssh-clients
140 |   - openssh-server
141 |   - procps-ng
142 |   - psmisc
143 |   - p7zip
144 |   - rsync
145 |   - strace
146 |   - sudo
147 |   - tar
148 |   - tmux
149 |   - tree
150 |   - unzip
151 |   - vim-enhanced
152 |   - vlock
153 |   - wget
154 |   - zip
155 | 
156 |   # Devel
157 |   - elfutils-libelf-devel
158 |   - glibc-devel
159 |   - make
160 | 
161 |   # Container
162 |   - buildah
163 |   - fedora-repos-ostree
164 |   - git-core
165 |   - lvm2
166 |   - podman
167 |   - rpm
168 |   - rpm-ostree
169 |   - skopeo
170 |   - toolbox
171 | 
172 |   # virtualization
173 |   - qemu-guest-agent
174 |   - spice-vdagent
175 |   - qemu-kvm
176 |   - libvirt
177 |   - virt-install
178 |   - libguestfs-tools
179 | 
180 |   # Flatpak support
181 |   - flatpak
182 |   - xdg-desktop-portal
183 | 
184 |   # Applications
185 |   - alacritty
186 |   - alsa-plugins-pulseaudio
187 |   - alsa-utils
188 |   - arm-image-installer
189 |   - awscli
190 |   - bash-completion
191 |   - bemenu
192 |   - bind-utils
193 |   - brightnessctl
194 |   - chromium-freeworld
195 |   - chrony
196 |   - curl
197 |   - dejavu-fonts-all
198 |   - dejavu-sans-mono-fonts
199 |   - dejavu-serif-fonts
200 |   - eosrei-emojione-fonts
201 |   - feh
202 |   - firefox-wayland
203 |   - fontawesome-fonts
204 |   - freerdp
205 |   - fwupd
206 |   - gimp
207 |   - git
208 |   - git-annex
209 |   - goaccess
210 |   - golang
211 |   - golang-github-acme-lego
212 |   - gopass
213 |   - gopass-hibp
214 |   - gstreamer1-plugins-bad-free
215 |   - gstreamer1-plugins-bad-free-extras
216 |   - gstreamer1-plugins-bad-free-fluidsynth
217 |   - gstreamer1-plugins-bad-free-wildmidi
218 |   - gstreamer1-plugins-bad-freeworld
219 |   - gstreamer1-plugins-base
220 |   - gstreamer1-plugins-good
221 |   - gstreamer1-plugins-good-extras
222 |   - gstreamer1-plugins-good-gtk
223 |   - gstreamer1-plugins-good-qt
224 |   - gstreamer1-libav
225 |   - httpie
226 |   - hugo
227 |   - i3status
228 |   - inkscape
229 |   - ImageMagick
230 |   - java-latest-openjdk
231 |   - jrnl
232 |   - libreoffice
233 |   - make
234 |   - mesa-dri-drivers
235 |   - most
236 |   - mpv
237 |   - neovim
238 |   - neovim-ale
239 |   - NetworkManager-tui
240 |   - NetworkManager-wifi
241 |   - NetworkManager-wwan
242 |   - obs-studio
243 |   - openssl
244 |   - overpass-fonts
245 |   - overpass-mono-fonts
246 |   - pavucontrol
247 |   - pdf-stapler
248 |   - pinentry
249 |   - pipewire-pulseaudio
250 |   - pipewire-utils
251 |   - pulseeffects
252 |   - s3cmd
253 |   - screen
254 |   - sshfs
255 |   - sway
256 |   - swaylock
257 |   - tar
258 |   - task
259 |   - tig
260 |   - upower
261 |   - wf-recorder
262 |   - wget
263 |   - whois
264 |   - xdg-utils
265 |   - xournalpp
266 |   - xrdb
267 |   - zathura
268 |   - zathura-plugins-all
269 |   - zbar
270 | 
271 |   # Anisble
272 |   - ansible
273 |   - ansible-lint
274 | 
275 |   # Fedora packaging
276 |   - fedora-packager
277 |   - fedora-packager-kerberos
278 |   - fedora-repos-rawhide
279 |   - fedora-review
280 |   - go2rpm
281 | 
282 |   # LaTeX
283 |   - redhat-display-fonts
284 |   - redhat-mono-fonts
285 |   - redhat-text-fonts
286 |   - texlive
287 |   - texlive-babel-italian.noarch
288 |   - texlive-beamertheme-metropolis
289 |   - texlive-cdpbundl
290 |   - texlive-collection-latex
291 |   - texlive-collection-latexrecommended
292 |   - texlive-collection-xetex
293 |   - texlive-comfortaa
294 |   - texlive-datetime2
295 |   - texlive-fontawesome
296 |   - texlive-glossaries
297 |   - texlive-hyphenat
298 |   - texlive-latex
299 |   - texlive-layaureo
300 |   - texlive-makecell
301 |   - texlive-pgfopts
302 |   - texlive-simple-resume-cv
303 |   - texlive-supertabular
304 |   - texlive-textpos
305 |   - texlive-tinos
306 |   - texlive-ulem
307 |   - texlive-xetex
308 |   - texlive-xetex-def
309 |   - texlive-xltxtra
310 | 
311 |   # Network
312 |   - nebula
313 |   - openvpn
314 |   - qbittorrent
315 |   - remmina
316 |   - remmina-plugins-rdp
317 | 
318 |   # PC/SC
319 |   - opensc
320 |   - pcsc-lite
321 |   - pcsc-tools
322 |   - pdfsign
323 | 
324 |   # OSBuild
325 |   - osbuild
326 |   - osbuild-tools
327 | 


--------------------------------------------------------------------------------