#+title: vauxite-build

This is my personalized Vauxite configuration. Vauxite is an unofficial Xfce variant of ostree-based Fedora. I'm currently working with Fedora developers to make it an official variant. There is already a sort-of-official treefile for Vauxite at https://pagure.io/workstation-ostree-config, as well as an experimental Vauxite container image hosted at https://quay.io/repository/fedora-ostree-desktops/vauxite.

The ~vauxite.json~ treefile and under the ~src~ directory contains my personal customizations and differ from the [[https://pagure.io/workstation-ostree-config][upstream one]], so they may not be suitable for everyone.

** How I use this repository
*** Setup GitLab runner with Podman
1. Install [[https://docs.gitlab.com/16.9/runner/install/linux-manually.html][GitLab Runner]].

2. Create a new runner from the GitLab UI.

3. Use the authentication token from the GitLab UI to register a new runner on the machine hosting the runner. Select the Docker executor.
   #+begin_src shell
   sudo systemctl enable --now gitlab-runner.service
   sudo gitlab-runner register --url https://git.hyperreal.coffee --token <TOKEN>
   #+end_src

4. Add the following lines to ~/etc/gitlab-runner/config.toml~ for Podman:
   #+begin_quote
   We need to set ~privileged = true~ in order to create new namespaces inside the runner container. See https://github.com/coreos/rpm-ostree/pull/429
   #+end_quote

   #+begin_src toml
   [[runners]]
     environment = ["FF_NETWORK_PER_BUILD=1"]
     [runners.docker]
       host = "unix:///run/podman/podman.sock"
       tls_verify = false
       image = "registry.fedoraproject.org/fedora:latest"
       privileged = true
       volumes = ["/build-repo", "/cache", "/source-repo"]
   #+end_src

5. Restart the gitlab-runner:
   #+begin_src shell
   sudo gitlab-runner restart
   #+end_src

   We should now be ready to use the Podman runner.

*** Notes about ~.gitlab-ci.yml~
- The package ~container-selinux~ is required for the vauxite-compose-job so SELinux works inside the runner container. I'm considering having a custom image built on a weekly basis from registry.fedoraproject.org/fedora:latest that contains updated packages and the required dependencies, which I would then just use as the runner's container image. The registry.fedoraproject.org/fedora:latest image doesn't seem to be updated at all. See [[https://git.hyperreal.coffee/fedora-atomic/containers]]
- BUILD_REPO and SOURCE_REPO are the directories ~/build-repo~ and ~/source-repo~. If these values are changed, then we would need make equivalent changes to the ~volumes~ directive in ~/etc/gitlab-runner/config.toml~ if we want to keep persistent storage of those repos across pipeline runs. Eventually there will be a conditional in the ~.gitlab-ci.yml~ to clean these volumes if another variable (say CLEAN_BUILD) is set to true.

*** Rebase to the container image
On PCs using Vauxite, rebase to the container image from the registry:
#+begin_src shell
rpm-ostree rebase ostree-unverified-registry:git.hyperreal.coffee:5050/fedora-atomic/vauxite-build/vauxite-nonfree:39
sudo systemctl reboot
#+end_src