feat: Add flatpak installer, system setup, and user setup services fr…

…om Bazzite (#544)

Containerfile

@@ -73,20 +73,21 @@ ARG PACKAGE_LIST="bluefin-dx"
 # dx specific files come from the dx directory in this repo
 COPY dx/usr /usr
 COPY dx/etc/yum.repos.d/ /etc/yum.repos.d/
-COPY workarounds.sh /tmp/workarounds.sh
-COPY packages.json /tmp/packages.json
-COPY build.sh /tmp/build.sh
-COPY image-info.sh /tmp/image-info.sh
+COPY workarounds.sh \
+     packages.json \
+     build.sh \
+     image-info.sh \
+    /tmp
 
 # Apply IP Forwarding before installing Docker to prevent messing with LXC networking
 RUN sysctl -p
 
-RUN wget https://copr.fedorainfracloud.org/coprs/ganto/lxc4/repo/fedora-"${FEDORA_MAJOR_VERSION}"/ganto-lxc4-fedora-"${FEDORA_MAJOR_VERSION}".repo -O /etc/yum.repos.d/ganto-lxc4-fedora-"${FEDORA_MAJOR_VERSION}".repo
-RUN wget https://copr.fedorainfracloud.org/coprs/bobslept/nerd-fonts/repo/fedora-"${FEDORA_MAJOR_VERSION}"/bobslept-nerd-fonts-fedora-"${FEDORA_MAJOR_VERSION}".repo -O /etc/yum.repos.d/bobslept-nerd-fonts-fedora-"${FEDORA_MAJOR_VERSION}".repo
+RUN wget https://copr.fedorainfracloud.org/coprs/ganto/lxc4/repo/fedora-"${FEDORA_MAJOR_VERSION}"/ganto-lxc4-fedora-"${FEDORA_MAJOR_VERSION}".repo -O /etc/yum.repos.d/ganto-lxc4-fedora-"${FEDORA_MAJOR_VERSION}".repo && \
+    wget https://copr.fedorainfracloud.org/coprs/bobslept/nerd-fonts/repo/fedora-"${FEDORA_MAJOR_VERSION}"/bobslept-nerd-fonts-fedora-"${FEDORA_MAJOR_VERSION}".repo -O /etc/yum.repos.d/bobslept-nerd-fonts-fedora-"${FEDORA_MAJOR_VERSION}".repo
 
 # Handle packages via packages.json
-RUN /tmp/build.sh
-RUN /tmp/image-info.sh
+RUN /tmp/build.sh && \
+    /tmp/image-info.sh
 
 RUN wget https://github.com/docker/compose/releases/latest/download/docker-compose-linux-x86_64 -O /tmp/docker-compose && \
     install -c -m 0755 /tmp/docker-compose /usr/bin
@@ -97,33 +98,38 @@ COPY --from=cgr.dev/chainguard/ko:latest /usr/bin/ko /usr/bin/ko
 COPY --from=cgr.dev/chainguard/minio-client:latest /usr/bin/mc /usr/bin/mc
 COPY --from=cgr.dev/chainguard/kubectl:latest /usr/bin/kubectl /usr/bin/kubectl
 
-RUN curl -Lo ./kind "https://github.com/kubernetes-sigs/kind/releases/latest/download/kind-$(uname)-amd64"
-RUN chmod +x ./kind
-RUN mv ./kind /usr/bin/kind
+RUN curl -Lo ./kind "https://github.com/kubernetes-sigs/kind/releases/latest/download/kind-$(uname)-amd64" && \
+    chmod +x ./kind && \
+    mv ./kind /usr/bin/kind
 
 # Install DevPod
 RUN rpm-ostree install $(curl https://api.github.com/repos/loft-sh/devpod/releases/latest | jq -r '.assets[] | select(.name| test(".*x86_64.rpm$")).browser_download_url') && \
-  wget https://github.com/loft-sh/devpod/releases/latest/download/devpod-linux-amd64 -O /tmp/devpod && \
-  install -c -m 0755 /tmp/devpod /usr/bin
+    wget https://github.com/loft-sh/devpod/releases/latest/download/devpod-linux-amd64 -O /tmp/devpod && \
+    install -c -m 0755 /tmp/devpod /usr/bin
 
 # Install kns/kctx and add completions for Bash
 RUN wget https://raw.githubusercontent.com/ahmetb/kubectx/master/kubectx -O /usr/bin/kubectx && \
     wget https://raw.githubusercontent.com/ahmetb/kubectx/master/kubens -O /usr/bin/kubens && \
     chmod +x /usr/bin/kubectx /usr/bin/kubens
 
-RUN systemctl enable podman.socket
-RUN systemctl disable pmie.service
-RUN systemctl disable pmlogger.service
+# Install FlatHub OOTB, set up services
+RUN mkdir -p /usr/etc/flatpak/remotes.d && \
+    wget -q https://dl.flathub.org/repo/flathub.flatpakrepo -P /usr/etc/flatpak/remotes.d && \
+    systemctl enable podman.socket && \
+    systemctl enable ublue-hardware-setup.service && \
+    systemctl enable ublue-flatpak-manager.service && \
+    systemctl --global enable ublue-user-setup.service && \
+    systemctl disable pmie.service && \
+    systemctl disable pmlogger.service
 
 RUN /tmp/workarounds.sh
 
 # Clean up repos, everything is on the image so we don't need them
-RUN rm -f /etc/yum.repos.d/bobslept-nerd-fonts-fedora-"${FEDORA_MAJOR_VERSION}".repo
-RUN rm -f /etc/yum.repos.d/ganto-lxc4-fedora-"${FEDORA_MAJOR_VERSION}".repo
-RUN rm -f /etc/yum.repos.d/vscode.repo
-RUN rm -f /etc/yum.repos.d/docker-ce.repo
-RUN rm -f /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:phracek:PyCharm.repo
-RUN rm -f /etc/yum.repos.d/fedora-cisco-openh264.repo
-
-RUN rm -rf /tmp/* /var/*
-RUN ostree container commit
+RUN rm -f /etc/yum.repos.d/bobslept-nerd-fonts-fedora-"${FEDORA_MAJOR_VERSION}".repo && \
+    rm -f /etc/yum.repos.d/ganto-lxc4-fedora-"${FEDORA_MAJOR_VERSION}".repo && \
+    rm -f /etc/yum.repos.d/vscode.repo && \
+    rm -f /etc/yum.repos.d/docker-ce.repo && \
+    rm -f /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:phracek:PyCharm.repo && \
+    rm -f /etc/yum.repos.d/fedora-cisco-openh264.repo && \
+    rm -rf /tmp/* /var/* && \
+    ostree container commit

usr/bin/ublue-flatpak-manager

@@ -0,0 +1,45 @@
+#!/usr/bin/env bash
+
+# Script Version
+VER=1
+VER_FILE="/etc/ublue/flatpak_manager_version"
+VER_RAN=$(cat $VER_FILE)
+
+# Run script if updated
+if [[ -f $VER_FILE && $VER = $VER_RAN ]]; then
+  echo "Flatpak manager v$VER has already ran. Exiting..."
+  exit 0
+fi
+
+# Opt out of and remove Fedora's flatpak repo
+if grep -qz 'fedora' <<< $(flatpak remotes); then
+  /usr/lib/fedora-third-party/fedora-third-party-opt-out
+  /usr/bin/fedora-third-party disable
+  flatpak remote-delete fedora --force
+fi
+
+# Lists of flatpaks
+FLATPAK_LIST=$(flatpak list --columns=application)
+INSTALL_LIST=$(cat /usr/etc/flatpak/install)
+REMOVE_LIST=$(cat /usr/etc/flatpak/remove)
+
+# Install flatpaks in list
+if [[ -n $INSTALL_LIST ]]; then
+  for flatpak in $INSTALL_LIST; do
+    if grep -qvz $flatpak <<< $FLATPAK_LIST; then
+      flatpak install --system --noninteractive flathub $flatpak
+    fi
+  done
+fi
+
+# Remove flatpaks in list
+if [[ -n $REMOVE_LIST ]]; then
+  for flatpak in $REMOVE_LIST; do
+    if grep -qz $flatpak <<< $FLATPAK_LIST; then
+      flatpak remove --system --noninteractive $flatpak
+    fi
+  done
+fi
+
+mkdir -p /etc/ublue
+echo $VER > $VER_FILE

usr/bin/ublue-hardware-setup

@@ -0,0 +1,104 @@
+#!/usr/bin/env bash
+
+IMAGE_INFO="/usr/share/ublue-os/image-info.json"
+IMAGE_NAME=$(jq -r '."image-name"' < $IMAGE_INFO)
+IMAGE_FLAVOR=$(jq -r '."image-flavor"' < $IMAGE_INFO)
+
+# SCRIPT VERSION
+HWS_VER=1
+HWS_VER_FILE="/etc/ublue/hws_version"
+HWS_VER_RAN=$(cat $HWS_VER_FILE)
+
+# IMAGE IDENTIFIERS
+KNOWN_IMAGE_NAME_FILE="/etc/ublue/image_name"
+KNOWN_IMAGE_NAME=$(cat $KNOWN_IMAGE_NAME_FILE)
+KNOWN_IMAGE_FLAVOR_FILE="/etc/ublue/image_flavor"
+KNOWN_IMAGE_FLAVOR=$(cat $KNOWN_IMAGE_FLAVOR_FILE)
+
+# Run script if updated
+if [[ -f $HWS_VER_FILE && $HWS_VER = $HWS_VER_RAN ]]; then
+  if [[ -f $KNOWN_IMAGE_NAME_FILE && -f $KNOWN_IMAGE_FLAVOR_FILE ]]; then
+    # Run script if image has been rebased
+    if [[ $IMAGE_NAME = $KNOWN_IMAGE_NAME && $IMAGE_FLAVOR = $KNOWN_IMAGE_FLAVOR ]]; then
+      echo "Hardware setup has already run. Exiting..."
+      exit 0
+    fi
+  fi
+fi
+
+# GLOBAL
+SYS_ID="$(cat /sys/devices/virtual/dmi/id/product_name)"
+GPU_ID=$(lspci -k | grep -A 3 -E "(VGA|3D)")
+KARGS=$(rpm-ostree kargs)
+NEEDED_KARGS=""
+echo "Current kargs: $KARGS"
+mkdir -p /etc/ublue
+
+if grep -qz "Kernel driver in use: radeon" <<< $GPU_ID; then
+  echo "Legacy AMD hardware detected, enabling CIK and SI support in AMDGPU"
+  if [[ ! $KARGS =~ "radeon.si_support" ]]; then
+    NEEDED_KARGS="$NEEDED_KARGS --append=radeon.si_support=0"
+  fi
+
+  if [[ ! $KARGS =~ "radeon.cik_support" ]]; then
+    NEEDED_KARGS="$NEEDED_KARGS --append=radeon.cik_support=0"
+  fi
+
+  if [[ ! $KARGS =~ "amdgpu.si_support" ]]; then
+    NEEDED_KARGS="$NEEDED_KARGS --append=amdgpu.si_support=1"
+  fi
+
+  if [[ ! $KARGS =~ "amdgpu.cik_support" ]]; then
+    NEEDED_KARGS="$NEEDED_KARGS --append=amdgpu.cik_support=1"
+  fi
+fi
+
+if [[ $IMAGE_FLAVOR = "nvidia"  ]]; then
+  echo "Checking for needed karg changes (Nvidia)"
+
+  if [[ ! $KARGS =~ "rd.driver.blacklist" ]]; then
+    NEEDED_KARGS="$NEEDED_KARGS --append=rd.driver.blacklist=nouveau"
+  fi
+
+  if [[ ! $KARGS =~ "modprobe.blacklist" ]]; then
+    NEEDED_KARGS="$NEEDED_KARGS --append=modprobe.blacklist=nouveau"
+  fi
+
+  if [[ ! $KARGS =~ "nvidia-drm.modeset" ]]; then
+    NEEDED_KARGS="$NEEDED_KARGS --append=nvidia-drm.modeset=1"
+  fi
+else
+  echo "Checking for needed karg changes"
+
+  if [[ $KARGS =~ "rd.driver.blacklist" ]]; then
+    NEEDED_KARGS="$NEEDED_KARGS --delete=rd.driver.blacklist=nouveau"
+  fi
+
+  if [[ $KARGS =~ "modprobe.blacklist" ]]; then
+    NEEDED_KARGS="$NEEDED_KARGS --delete=modprobe.blacklist=nouveau"
+  fi
+
+  if [[ $KARGS =~ "nvidia-drm.modeset" ]]; then
+    NEEDED_KARGS="$NEEDED_KARGS --delete=nvidia-drm.modeset=1"
+  fi
+fi
+
+if [[ $KARGS =~ "nomodeset" ]]; then
+  echo "Removing nomodeset"
+  NEEDED_KARGS="$NEEDED_KARGS --delete=nomodeset"
+fi
+
+if [[ ! $KARGS =~ "rd.luks.options" ]]; then
+  NEEDED_KARGS="$NEEDED_KARGS --append=rd.luks.options=discard"
+fi
+
+if [[ -n "$NEEDED_KARGS" ]]; then
+  echo "Found needed karg changes, applying the following: $NEEDED_KARGS"
+  rpm-ostree kargs ${NEEDED_KARGS} --reboot || exit 1
+else
+  echo "No karg changes needed"
+fi
+
+echo $HWS_VER > $HWS_VER_FILE
+echo $IMAGE_NAME > $KNOWN_IMAGE_NAME_FILE
+echo $IMAGE_FLAVOR > $KNOWN_IMAGE_FLAVOR_FILE

usr/bin/ublue-user-setup

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+# SCRIPT VERSION
+USER_SETUP_VER=1
+USER_SETUP_VER_FILE="$HOME/.ublue-configured"
+USER_SETUP_VER_RAN=$(cat $USER_SETUP_VER_FILE)
+
+# Run script if updated
+if [[ -f $USER_SETUP_VER_FILE && $USER_SETUP_VER = $USER_SETUP_VER_RAN ]]; then
+  echo "User setup has already run. Exiting..."
+  exit 0
+fi
+
+IMAGE_INFO="/usr/share/ublue-os/image-info.json"
+IMAGE_NAME=$(jq -r '."image-name"' < $IMAGE_INFO)
+
+# Enable NTP
+timedatectl set-ntp true
+
+# Setup Flathub
+if grep -qz 'fedora' <<< $(flatpak remotes); then
+  flatpak remote-delete --user fedora --force
+fi
+flatpak remote-add --if-not-exists --user flathub /etc/flatpak/remotes.d/flathub.flatpakrepo
+
+# Prevent future executions
+echo "Writing state file"
+echo $USER_SETUP_VER > $USER_SETUP_VER_FILE

usr/etc/flatpak/install

@@ -0,0 +1,18 @@
+org.mozilla.firefox
+com.mattjakeman.ExtensionManager
+io.missioncenter.MissionCenter
+org.gnome.Calculator
+org.gnome.Calendar
+org.gnome.Characters
+org.gnome.Contacts
+org.gnome.Evince
+org.gnome.Logs
+org.gnome.Loupe
+org.gnome.Maps
+org.gnome.NautilusPreviewer
+org.gnome.TextEditor
+org.gnome.Weather
+org.gnome.baobab
+org.gnome.Totem
+org.gnome.clocks
+org.gnome.font-viewer

usr/etc/flatpak/remove

@@ -0,0 +1,2 @@
+org.gnome.Cheese
+org.gnome.eog

usr/etc/yafti.yml

@@ -9,20 +9,6 @@ screens:
       icon: "/path/to/icon"
       description: |
         Pick some applications to get started
-  can-we-modify-your-flatpaks:
-    source: yafti.screen.consent
-    values:
-      title: Welcome, Traveler
-      condition:
-        run: flatpak remotes --system | grep fedora
-      description: |
-        WARNING: This will modify your Flatpaks if you are rebasing! If you do not want to do this exit the installer.
-      actions:
-        - run: /usr/lib/fedora-third-party/fedora-third-party-opt-out
-        - run: /usr/bin/fedora-third-party disable
-        - run: flatpak remote-delete fedora --force
-        - run: flatpak remove --system --noninteractive --all
-        - run: flatpak remote-add --if-not-exists --user flathub https://flathub.org/repo/flathub.flatpakrepo
   install-required-packages:
     source: yafti.screen.package
     values:

usr/lib/systemd/system/ublue-flatpak-manager.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=Manage system flatpaks
+Documentation=https://github.com/ublue-os/endlish-oesque/issues/10
+Wants=network-online.target
+After=network-online.target ublue-hardware-setup.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/ublue-flatpak-manager
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target

usr/lib/systemd/system/ublue-hardware-setup.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=Configure system for current hardware
+After=rpm-ostreed.service
+Before=systemd-user-sessions.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/bin/ublue-hardware-setup
+
+[Install]
+WantedBy=multi-user.target

usr/lib/systemd/user/ublue-user-setup.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Configure system for current user
+Requires=xdg-desktop-autostart.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/ublue-user-setup
+
+[Install]
+WantedBy=default.target