This is my continually improved cloud native (Atomic) Desktop OS.
It is built using the fantastic Blue Build template repo.
- Check TIME & DATE
- Check HOSTNAME is a FQDN
ujust -l
ujust bootstrap
yadm decrypt
yadm remote set-url origin [email protected]:aussielunix/dotfiles.git
just update_aussielunix_ca
just mytoolbx
just owncloud_distrobox
nmcli con import type wiregurard file $HOME/.config/wireguard/mgmt.conf
rpm-ostree rebase ostree-image-signed:docker://ghcr.io/aussielunix/mystation:latest
# not needed for offline installsjust customize_gnome
systemctl enable --now --user podman-auto-update.timer
systemctl reboot
- log into ownCloud
- enter into mytoolbox and run
brew bundle install
Work out firefox not trusting my cacert
Warning This is an experimental feature, try at your own discretion.
To rebase an existing atomic Fedora installation to the latest build:
- First rebase to the unsigned image, to get the proper signing keys and policies installed:
rpm-ostree rebase ostree-unverified-registry:ghcr.io/aussielunix/mystation:latest
- Reboot to complete the rebase:
systemctl reboot
- Then rebase to the signed image, like so:
rpm-ostree rebase ostree-image-signed:docker://ghcr.io/aussielunix/mystation:latest
- Reboot again to complete the installation
systemctl reboot
The latest
tag will automatically point to the latest build. That build will still always use the Fedora version specified in recipe.yml
, so you won't get accidentally updated to the next major Fedora version.
Some blue-build docs about generating an offline ISO of your latest published blue-build built image.
TL;DR - run the following:
sudo podman run --rm --privileged --volume ./iso-output:/build-container-installer/build --security-opt label=disable --pull=newer ghcr.io/jasonn3/build-container-installer:latest --env IMAGE_REPO=ghcr.io/aussielunix --env IMAGE_NAME=mystation --env IMAGE_TAG=40 --env VARIANT=Server --env VERSION=40
See the tools README for possible build options.
Note: These ISOs cannot unfortunately be distributed on GitHub for free due to large sizes, so for public projects something else has to be used for hosting.
These images are signed with Sigstore's cosign. You can verify the signature by downloading the cosign.pub
file from this repo and running the following command:
cosign verify --key cosign.pub ghcr.io/aussielunix/mystation