diff --git a/README.md b/README.md new file mode 100644 index 0000000..2e0432f --- /dev/null +++ b/README.md @@ -0,0 +1,62 @@ +# vauxite-build + +This is my personalized Vauxite configuration. Vauxite is an unofficial Xfce variant of Fedora Atomic. I'm currently working with Fedora developers to make it an official variant. There is already a sort-of-official treefile for Vauxite at https://pagure.io/workstation-ostree-config, as well as an experimental Vauxite container image hosted at https://quay.io/repository/fedora-ostree-desktops/vauxite. + +The `vauxite.json` treefile under the `src` directory contains my personal customizations and differ from the upstream one, so it may not be suitable for everyone. + +## How I use this repository + +### Setup GitLab runner with Podman + +1. Install [GitLab Runner](https://docs.gitlab.com/16.9/runner/install/linux-manually.html). + +2. Create a new runner from the GitLab UI. + +3. Use the authentication token from the GitLab UI to register a new runner on the machine hosting the runner. Select the Docker executor. + +``` shell +sudo systemctl enable --now gitlab-runner.service +sudo gitlab-runner register --url https://git.hyperreal.coffee --token +``` + +4. Add the following lines to `/etc/gitlab-runner/config.toml` for Podman: + +> We need to set `privileged = true` in order to create new namespaces inside the runner container. See https://github.com/coreos/rpm-ostree/pull/429 + +``` toml +[[runners]] + environment = ["FF_NETWORK_PER_BUILD=1"] + [runners.docker] + host = "unix://run/podman/podman.sock" + tls_verify = false + image = "git.hyperreal.coffee:5050/fedora-atomic/containers/fedora:latest" + privileged = true + volumes = ["/build-repo", "/cache", "/source-repo"] +``` + +5. Restart the gitlab-runner: + +``` shell +sudo gitlab-runner restart +``` + +We should now be ready to use the Podman runner. + +### Notes about `.gitlab-ci.yml` + +- The package `container-selinux` is required for the vauxite-compose-job so SELinux works inside the runner container. I have a custom built image based on Fedora that includes recent updates and various dependency packages for this project. +- BUILD_REPO and SOURCE_REPO are the directories `/build-repo` and `/source-repo`. If these values are changed, then we would need to make equivalent changes to the `volumes` directive in `/etc/gitlab-runner/config.toml` if we want to keep persistent storage of those repos across pipeline runs. +- TODO: Add a conditional to `.gitlab-ci.yml` to clean the above volumes if another variable (say, CLEAN_BUILD) is set to true or something. + +### Images in container registry + +| Image | Description | +| ----- | ----------- | +| vauxite:39 | Vanilla Vauxite with only my customizations in the treefile | +| vauxite-nonfree:39 | Vauxite with nonfree components from the rpmfusion repositories. E.g., ffmpeg-libs | + +### Rebase to the container image + +``` shell +rpm-ostree rebase ostree-unverified-registry:git.hyperreal.coffee:5050/fedora-atomic/vauxite-build/vauxite-nonfree:39 +``` diff --git a/README.org b/README.org deleted file mode 100644 index d721569..0000000 --- a/README.org +++ /dev/null @@ -1,51 +0,0 @@ -#+title: vauxite-build - -This is my personalized Vauxite configuration. Vauxite is an unofficial Xfce variant of ostree-based Fedora. I'm currently working with Fedora developers to make it an official variant. There is already a sort-of-official treefile for Vauxite at https://pagure.io/workstation-ostree-config, as well as an experimental Vauxite container image hosted at https://quay.io/repository/fedora-ostree-desktops/vauxite. - -The ~vauxite.json~ treefile and under the ~src~ directory contains my personal customizations and differ from the [[https://pagure.io/workstation-ostree-config][upstream one]], so they may not be suitable for everyone. - -** How I use this repository -*** Setup GitLab runner with Podman -1. Install [[https://docs.gitlab.com/16.9/runner/install/linux-manually.html][GitLab Runner]]. - -2. Create a new runner from the GitLab UI. - -3. Use the authentication token from the GitLab UI to register a new runner on the machine hosting the runner. Select the Docker executor. - #+begin_src shell - sudo systemctl enable --now gitlab-runner.service - sudo gitlab-runner register --url https://git.hyperreal.coffee --token - #+end_src - -4. Add the following lines to ~/etc/gitlab-runner/config.toml~ for Podman: - #+begin_quote - We need to set ~privileged = true~ in order to create new namespaces inside the runner container. See https://github.com/coreos/rpm-ostree/pull/429 - #+end_quote - - #+begin_src toml - [[runners]] - environment = ["FF_NETWORK_PER_BUILD=1"] - [runners.docker] - host = "unix:///run/podman/podman.sock" - tls_verify = false - image = "registry.fedoraproject.org/fedora:latest" - privileged = true - volumes = ["/build-repo", "/cache", "/source-repo"] - #+end_src - -5. Restart the gitlab-runner: - #+begin_src shell - sudo gitlab-runner restart - #+end_src - - We should now be ready to use the Podman runner. - -*** Notes about ~.gitlab-ci.yml~ -- The package ~container-selinux~ is required for the vauxite-compose-job so SELinux works inside the runner container. I'm considering having a custom image built on a weekly basis from registry.fedoraproject.org/fedora:latest that contains updated packages and the required dependencies, which I would then just use as the runner's container image. The registry.fedoraproject.org/fedora:latest image doesn't seem to be updated at all. See [[https://git.hyperreal.coffee/fedora-atomic/containers]] -- BUILD_REPO and SOURCE_REPO are the directories ~/build-repo~ and ~/source-repo~. If these values are changed, then we would need make equivalent changes to the ~volumes~ directive in ~/etc/gitlab-runner/config.toml~ if we want to keep persistent storage of those repos across pipeline runs. Eventually there will be a conditional in the ~.gitlab-ci.yml~ to clean these volumes if another variable (say CLEAN_BUILD) is set to true. - -*** Rebase to the container image -On PCs using Vauxite, rebase to the container image from the registry: -#+begin_src shell -rpm-ostree rebase ostree-unverified-registry:git.hyperreal.coffee:5050/fedora-atomic/vauxite-build/vauxite-nonfree:39 -sudo systemctl reboot -#+end_src