Skip to content
/ mystation Public

My personal blue-build based atomic workstation configuration for work and play.

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

aussielunix/mystation

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

574 Commits
.github
.github
 
 
files/system
files/system
 
 
recipes
recipes
 
 
tmp/scripts
tmp/scripts
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cosign.pub
cosign.pub
 
 

Repository files navigation

mystation build-mystation

This is my continually improved cloud native (Atomic) Desktop OS.
It is built using the fantastic Blue Build template repo.

Firstboot Runsheet

  • Check TIME & DATE
  • Check HOSTNAME is a FQDN
  • ujust -l
  • ujust bootstrap
  • yadm decrypt
  • yadm remote set-url origin git@github.com:aussielunix/dotfiles.git
  • just update_aussielunix_ca
  • just mytoolbx
  • just owncloud_distrobox
  • nmcli con import type wiregurard file $HOME/.config/wireguard/mgmt.conf
  • rpm-ostree rebase ostree-image-signed:docker://ghcr.io/aussielunix/mystation:latest # not needed for offline installs
  • just customize_gnome
  • systemctl enable --now --user podman-auto-update.timer
  • systemctl reboot
  • log into ownCloud
  • enter into mytoolbox and run brew bundle install

Work out firefox not trusting my cacert

Installation

Warning This is an experimental feature, try at your own discretion.

To rebase an existing atomic Fedora installation to the latest build:

  • First rebase to the unsigned image, to get the proper signing keys and policies installed: 
    rpm-ostree rebase ostree-unverified-registry:ghcr.io/aussielunix/mystation:latest
  • Reboot to complete the rebase: 
    systemctl reboot
  • Then rebase to the signed image, like so: 
    rpm-ostree rebase ostree-image-signed:docker://ghcr.io/aussielunix/mystation:latest
  • Reboot again to complete the installation 
    systemctl reboot

The latest tag will automatically point to the latest build. That build will still always use the Fedora version specified in recipe.yml, so you won't get accidentally updated to the next major Fedora version.

ISO

Some blue-build docs about generating an offline ISO of your latest published blue-build built image.

TL;DR - run the following:

sudo podman run --rm --privileged --volume ./iso-output:/build-container-installer/build --security-opt label=disable --pull=newer ghcr.io/jasonn3/build-container-installer:latest --env IMAGE_REPO=ghcr.io/aussielunix --env IMAGE_NAME=mystation --env IMAGE_TAG=40 --env VARIANT=Server --env VERSION=40

See the tools README for possible build options.

Note: These ISOs cannot unfortunately be distributed on GitHub for free due to large sizes, so for public projects something else has to be used for hosting.

Verification

These images are signed with Sigstore's cosign. You can verify the signature by downloading the cosign.pub file from this repo and running the following command:

cosign verify --key cosign.pub ghcr.io/aussielunix/mystation

About

My personal blue-build based atomic workstation configuration for work and play.

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 10

Languages