vauxite-build

• How I use this repository
  • Setup GitLab runner with Podman
  • Additional notes about .gitlab-ci.yml
• How I previously used this repository

This is my personalized Vauxite configuration. Vauxite is an unofficial Xfce variant of ostree-based Fedora. I'm currently working with Fedora developers to make it an official variant. There is already a sort-of-official treefile for Vauxite at https://pagure.io/workstation-ostree-config, as well as an experimental Vauxite container image hosted at https://quay.io/repository/fedora-ostree-desktops/vauxite.

The vauxite.json treefile and under the src directory contains my personal customizations and differ from the upstream one, so they may not be suitable for everyone.

How I use this repository

Setup GitLab runner with Podman

1. Install GitLab Runner.
2. Create a new runner from the GitLab UI.

3. Use the authentication token from the GitLab UI to register a new runner on the machine hosting the runner. Select the Docker executor.

   sudo systemctl enable --now gitlab-runner.service
   sudo gitlab-runner register --url https://git.hyperreal.coffee --token <TOKEN>

4. Add the following lines to /etc/gitlab-runner/config.toml for Podman:

   We need to set privileged = true in order to create new namespaces inside the runner container. See https://github.com/coreos/rpm-ostree/pull/429

   [[runners]]
     environment = ["FF_NETWORK_PER_BUILD=1"]
     [runners.docker]
       host = "unix:///run/podman/podman.sock"
       tls_verify = false
       image = "registry.fedoraproject.org/fedora:latest"
       privileged = true
       volumes = ["/build-repo", "/cache", "/source-repo"]

5. Restart the gitlab-runner:

   sudo gitlab-runner restart

   We should now be ready to use the Podman runner.

Additional notes about .gitlab-ci.yml

• The package container-selinux is required for the vauxite-compose-job so SELinux works inside the runner container. I'm considering having a custom image built on a weekly basis from registry.fedoraproject.org/fedora:latest that contains updated packages and the required dependencies, which I would then just use as the runner's container image. The registry.fedoraproject.org/fedora:latest image doesn't seem to be updated at all.
• BUILD_REPO and SOURCE_REPO are the directories /build-repo and /source-repo. If these values are changed, then we would need make equivalent changes to the volumes directive in /etc/gitlab-runner/config.toml if we want to keep persistent storage of those repos across pipeline runs. Eventually there will be a conditional in the .gitlab-ci.yml to clean these volumes if another variable (say CLEAN_BUILD) is set to true.

How I previously used this repository

• I run Fedora Server in a VM on my homelab machine. This Fedora Server has the ostree and rpm-ostree commands installed.
• I clone this repository as root under /var/local/vauxite-build.

• I then run the ostree-engine script to build and deploy a new commit for the given reference branch (e.g. vauxite/f39/x86_64/main). The rsync-repos command is used in the ostree-engine script to deploy the resulting OSTree repository to a web server root, which serves as the remote repository.

  To add the repository as a remote on my local client machine:

  sudo ostree remote add --no-gpg-verify vauxite <URL of web server>

  I then rebase to the vauxite branch:

  rpm-ostree rebase vauxite:vauxite/f39/x86_64/main

  To build new commits that contain updates, I put this in /etc/cron.d/ostree-engine on the Fedora Server:

  0 0 * * 2 root /var/local/vauxite-build/ostree-engine

  This will run the ostree-engine script every Tuesday at midnight. Then I can update my local client machine like this:

  rpm-ostree update