Skip to content

jacobleblanc-cs/cosmos

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

43 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Cosmos Configuration   bluebuild build badge

This is a custom BlueBuild image for my personal workstation(s). It is based on a SecureBlue image which is itself based on Silverblue.

This is an early WIP as I migrate from NixOS, but I will update this repository as changes come up. Do note that a lot of my package management and configuration is done through Nix + Home-Manager, installed via the Determinate Systems Installer, so fully replicating these systems requires installing and configuring Nix.

Changes on this image so far:

  • Install tailscale + trayscale
  • Install syncthing
  • Add common Gnome shell extensions
  • Add Papirus icon theme

ToDo:

  • Automate Nix setup
  • Automate flatpak installations
  • Automate PaperWM installation
  • Add gsettings overrides
  • Add keybinds to recipe

Installation

To rebase an existing atomic Fedora installation to the latest build:

  • First rebase to the unsigned image, to get the proper signing keys and policies installed:
    rpm-ostree rebase ostree-unverified-registry:ghcr.io/jacobleblanc-cs/andromeda:latest
    
    OR
    
    rpm-ostree rebase ostree-unverified-registry:ghcr.io/jacobleblanc-cs/polaris:latest
    
  • Reboot to complete the rebase:
    systemctl reboot
    
  • Then rebase to the signed image, like so:
    rpm-ostree rebase ostree-image-signed:docker://ghcr.io/jacobleblanc-cs/andromeda:latest
    
    OR
    
    rpm-ostree rebase ostree-image-signed:docker://ghcr.io/jacobleblanc-cs/polaris:latest
    
  • Reboot again to complete the installation
    systemctl reboot
    

The latest tag will automatically point to the latest build. That build will still always use the Fedora version specified in recipe.yml, so you won't get accidentally updated to the next major version.

Please note that you CANNOT rebase from SecureBlue into this image, as SecureBlue's policies do not allow it. Rebase into an image known to SecureBlue first, such as any of those it is built on top of, and then into the custom image. I would suggest vanilla Silverblue as a starting point.

Verification

These images are signed with Sigstore's cosign. You can verify the signature by downloading the cosign.pub file from this repo and running the following command:

cosign verify --key cosign.pub ghcr.io/jacobleblanc-cs/cosmos

About

Configuration for my workstation(s)

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages