diff --git a/files/developer/libexec/dx-groups b/files/developer/libexec/dx-groups new file mode 100644 index 0000000..964dc9c --- /dev/null +++ b/files/developer/libexec/dx-groups @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +# SCRIPT VERSION +GROUP_SETUP_VER=1 +GROUP_SETUP_VER_FILE="/etc/ublue/dx-groups" +GROUP_SETUP_VER_RAN=$(cat "$GROUP_SETUP_VER_FILE") + +# Run script if updated +if [[ -f $GROUP_SETUP_VER_FILE && "$GROUP_SETUP_VER" = "$GROUP_SETUP_VER_RAN" ]]; then + echo "Group setup has already run. Exiting..." + exit 0 +fi + +# Setup Groups +wheelarray=($(getent group wheel | cut -d ":" -f 4 | tr ',' '\n')) +for user in $wheelarray +do + usermod -aG docker $user + usermod -aG incus-admin $user + usermod -aG lxd $user + usermod -aG libvirt $user +done + +# Prevent future executions +echo "Writing state file" +echo "$GROUP_SETUP_VER" > "$GROUP_SETUP_VER_FILE" diff --git a/files/developer/libexec/dx-kvmfr-setup b/files/developer/libexec/dx-kvmfr-setup new file mode 100644 index 0000000..f711cee --- /dev/null +++ b/files/developer/libexec/dx-kvmfr-setup @@ -0,0 +1,108 @@ +#!/usr/bin/env bash +source /usr/lib/ujust/ujust.sh + +# Required disclaimer and where to report issues first +echo "$(Urllink "https://looking-glass.io/docs/rc/ivshmem_kvmfr/#libvirt" "This module") along with $(Urllink "https://looking-glass.io" "Looking Glass") is very experimental and not recommended for production use!" +echo "The ublue team packages the kvmfr module only because it has to be supplied with the system image while using an atomic desktop." +echo "If you do plan to use Looking Glass, please $(Urllink "https://universal-blue.discourse.group/docs?topic=956" "follow the guide here") on how to compile it for your system." +echo "To use the kvmfr module after enabling it, just add and edit the xml for libvirt from the documentation in the first link." +echo "Since we package the kvmfr module please open kvmfr related issues you have on Bluefin or Aurora and tag me" +echo "in the $(Urllink "https://discord.gg/WEu6BdFEtp" "Universal Blue Discord") or the $(Urllink "https://github.com/ublue-os/bluefin/issues" "Bluefin Github issue tracker")." +echo "~ @HikariKnight" + +CONFIRM=$(Choose Ok Cancel) +if [ "$CONFIRM" == "Cancel" ]; then + exit 0 +fi + +# Add kvmfr to dracut so that it's modprobe file can be used +echo "" +echo "Setting up kvmfr module so it loads next boot" +sudo bash -c 'cat << KVMFR_DRACUT > /etc/dracut.conf.d/kvmfr.conf +install_items+=" /etc/modprobe.d/kvmfr.conf " +KVMFR_DRACUT' + +# Add kvmfr modprobe file following upstream documentation +sudo bash -c "cat << KVMFR_MODPROBE > /etc/modprobe.d/kvmfr.conf +options kvmfr static_size_mb=128 +KVMFR_MODPROBE" + +# Add upstream udev rule for kvmfr, adjusted for fedora systems +echo "Adding udev rule for /dev/kvmfr0" +sudo bash -c 'cat << KVMFR_UDEV > /etc/udev/rules.d/99-kvmfr.rules +SUBSYSTEM=="kvmfr", OWNER="'$USER'", GROUP="qemu", MODE="0660" +KVMFR_UDEV' + +# Add /dev/kvmfr0 to qemu cgroup device acl list +echo "Adding /dev/kvmfr0 to qemu cgroup_device_acl" +# This is not ideal and if someone has a better way to do this without perl, you are welcome to change it +sudo perl -0777 -pi -e 's/ +#cgroup_device_acl = \[ +# "\/dev\/null", "\/dev\/full", "\/dev\/zero", +# "\/dev\/random", "\/dev\/urandom", +# "\/dev\/ptmx", "\/dev\/kvm", +# "\/dev\/userfaultfd" +#\] +/ +cgroup_device_acl = \[ + "\/dev\/null", "\/dev\/full", "\/dev\/zero", + "\/dev\/random", "\/dev\/urandom", + "\/dev\/ptmx", "\/dev\/kvm", + "\/dev\/userfaultfd", "\/dev\/kvmfr0" +\] +/' /etc/libvirt/qemu.conf + +# Add SELinux context record for /dev/kvmfr0 (for simplicity we use the same one that was used for the shm) +echo "Adding SELinux context record for /dev/kvmfr0" +sudo semanage fcontext -a -t svirt_tmpfs_t /dev/kvmfr0 + +# Create type enforcement for /dev/kvmfr0 as there is no existing way to access kvmfr using virt context +echo "Adding SELinux access rules for /dev/kvmfr0" +if [ ! -d "$HOME/.config/selinux_te/mod" ]; then + mkdir -p "$HOME/.config/selinux_te/mod" +fi +if [ ! -d "$HOME/.config/selinux_te/pp" ]; then + mkdir -p "$HOME/.config/selinux_te/pp" +fi +bash -c "cat << KVMFR_SELINUX > $HOME/.config/selinux_te/kvmfr.te +module kvmfr 1.0; +require { + type device_t; + type svirt_t; + class chr_file { open read write map }; +} +#============= svirt_t ============== +allow svirt_t device_t:chr_file { open read write map }; +KVMFR_SELINUX" + +# Tell user what type enforcement we made and how it looks like +echo "This is the type enforcement we wrote for SELinux and you can find it in $HOME/.config/selinux_te/kvmfr.te" +echo "#======= start of kvmfr.te =======" +cat "$HOME/.config/selinux_te/kvmfr.te" +echo "#======== end of kvmfr.te ========" +checkmodule -M -m -o "$HOME/.config/selinux_te/mod/kvmfr.mod" "$HOME/.config/selinux_te/kvmfr.te" +semodule_package -o "$HOME/.config/selinux_te/pp/kvmfr.pp" -m "$HOME/.config/selinux_te/mod/kvmfr.mod" +sudo semodule -i "$HOME/.config/selinux_te/pp/kvmfr.pp" + +# Load kvmfr module into currently booted system +echo "Loading kvmfr module so you do not have to reboot to use it the first time" +sudo modprobe kvmfr static_size_mb=128 +sudo chown $USER:qemu /dev/kvmfr0 + +# Final message and regenerate initramfs so kvmfr loads next boot +echo "" +echo "Kvmfr0 $(Urllink "https://looking-glass.io/docs/rc/install_libvirt/#determining-memory" "static size is set to 128mb by default")" +echo "this will work with up to 4K SDR resolutiion, as most dummy plugs go up to 4K" +echo "some games will try use the adapters max resolution on first boot and cause issues if the value is too low." +echo "Most ghost display adapters max out at 4k, hence the default value of 128mb." +echo "" +echo "If you need to change it to a different value" +echo "you can do that in /etc/modprobe.d/kvmfr.conf" +echo "$(Urllink "https://looking-glass.io/docs/rc/ivshmem_kvmfr/#libvirt" "Please read official documentation for kvmfr for how to use it")" +echo "" +echo "Press OK to start the process of regenerating your initramfs, this will take a long time" +echo "and there is no good way to track progress for it, if anything is wrong it will error out." +echo "${b}NOTE: You can start using kvmfr right now without rebooting, but you will need to regenerate initramfs for it to auto load next boot.${n}" + +CONFIRM=$(Choose OK) +rpm-ostree initramfs --enable diff --git a/files/system/etc/profile.d/brew-bash-completion.sh b/files/system/etc/profile.d/brew-bash-completion.sh new file mode 100644 index 0000000..424ac4a --- /dev/null +++ b/files/system/etc/profile.d/brew-bash-completion.sh @@ -0,0 +1,25 @@ +#!/bin/sh +# shellcheck shell=sh disable=SC1091,SC2039,SC2166 +# Check for interactive bash and that we haven't already been sourced. +if [ "x${BASH_VERSION-}" != x -a "x${PS1-}" != x -a "x${BREW_BASH_COMPLETION-}" = x ]; then + + # Check for recent enough version of bash. + if [ "${BASH_VERSINFO[0]}" -gt 4 ] || + [ "${BASH_VERSINFO[0]}" -eq 4 -a "${BASH_VERSINFO[1]}" -ge 2 ]; then + if [ -w /home/linuxbrew/.linuxbrew ]; then + if ! test -L /home/linuxbrew/.linuxbrew/etc/bash_completion.d/brew; then + /home/linuxbrew/.linuxbrew/bin/brew completions link > /dev/null + fi + fi + if test -d /home/linuxbrew/.linuxbrew/etc/bash_completion.d; then + for rc in /home/linuxbrew/.linuxbrew/etc/bash_completion.d/*; do + if test -r "$rc"; then + . "$rc" + fi + done + unset rc + fi + fi + BREW_BASH_COMPLETION=1 + export BREW_BASH_COMPLETION +fi diff --git a/files/system/etc/security/limits.d/30-brew-limits.conf b/files/system/etc/security/limits.d/30-brew-limits.conf new file mode 100644 index 0000000..45d18f4 --- /dev/null +++ b/files/system/etc/security/limits.d/30-brew-limits.conf @@ -0,0 +1,9 @@ +#This file sets the resource limits for the users logged in via PAM, +#more specifically, users logged in on via SSH or tty (console). +#Limits related to terminals in Wayland/Xorg sessions depend on a +#change to /etc/systemd/user.conf. +#This does not affect resource limits of the system services. +#This file overrides defaults set in /etc/security/limits.conf + +* soft nofile 4096 +root soft nofile 4096 diff --git a/files/system/etc/systemd/user.conf b/files/system/etc/systemd/user.conf new file mode 100644 index 0000000..b9fcbc8 --- /dev/null +++ b/files/system/etc/systemd/user.conf @@ -0,0 +1,41 @@ +[Manager] +#LogLevel=info +#LogTarget=auto +#LogColor=yes +#LogLocation=no +#LogTime=no +#SystemCallArchitectures= +#TimerSlackNSec= +#StatusUnitFormat=combined +#DefaultTimerAccuracySec=1min +#DefaultStandardOutput=inherit +#DefaultStandardError=inherit +#DefaultTimeoutStartSec=45s +DefaultTimeoutStopSec=15s +#DefaultTimeoutAbortSec= +#DefaultDeviceTimeoutSec=45s +#DefaultRestartSec=100ms +#DefaultStartLimitIntervalSec=10s +#DefaultStartLimitBurst=5 +#DefaultEnvironment= +#DefaultLimitCPU= +#DefaultLimitFSIZE= +#DefaultLimitDATA= +#DefaultLimitSTACK= +#DefaultLimitCORE= +#DefaultLimitRSS= +DefaultLimitNOFILE=4096:524288 +#DefaultLimitAS= +#DefaultLimitNPROC= +#DefaultLimitMEMLOCK= +#DefaultLimitLOCKS= +#DefaultLimitSIGPENDING= +#DefaultLimitMSGQUEUE= +#DefaultLimitNICE= +#DefaultLimitRTPRIO= +#DefaultLimitRTTIME= +#DefaultMemoryPressureThresholdSec=200ms +#DefaultMemoryPressureWatch=auto +#DefaultSmackProcessLabel= +#ReloadLimitIntervalSec= +#ReloadLimitBurst diff --git a/files/system/etc/yafti.yml b/files/system/etc/yafti.yml new file mode 100644 index 0000000..005bfbc --- /dev/null +++ b/files/system/etc/yafti.yml @@ -0,0 +1,142 @@ +title: Welcome to Hyprland +properties: + mode: "run-on-change" +screens: + first-screen: + source: yafti.screen.title + values: + title: "Welcome to Hyprland" + description: | + This guided installer will help you get started with your new system. + can-we-modify-your-flatpaks: + source: yafti.screen.consent + values: + title: Welcome, Traveler! + condition: + run: flatpak remotes --columns=name | grep fedora + description: | + We have detected the limited, Fedora-provided Flatpak remote on your system, whose applications are usually missing important codecs and other features. This step will therefore remove all basic Fedora Flatpaks from your system! We will instead switch all core Flatpak applications over to the vastly superior, unfiltered Flathub. If you don't want to do this, simply exit this installer. + actions: + - run: flatpak remote-delete --system --force fedora + - run: flatpak remote-delete --user --force fedora + - run: flatpak remove --system --noninteractive --all + - run: flatpak remote-add --if-not-exists --system flathub https://flathub.org/repo/flathub.flatpakrepo + - run: flatpak remote-add --if-not-exists --user flathub https://flathub.org/repo/flathub.flatpakrepo + check-system-flathub: + source: yafti.screen.consent + values: + title: Missing Flathub Repository (System) + condition: + run: flatpak remotes --system --columns=name | grep flathub | wc -l | grep '^0$' + description: | + We have detected that you don't have Flathub's repository on your system. We will now add that repository to your system-wide list. + actions: + - run: flatpak remote-add --if-not-exists --system flathub https://flathub.org/repo/flathub.flatpakrepo + check-user-flathub: + source: yafti.screen.consent + values: + title: Missing Flathub Repository (User) + condition: + run: flatpak remotes --user --columns=name | grep flathub | wc -l | grep '^0$' + description: | + We have detected that you don't have Flathub's repository on your current user account. We will now add that repository to your account. + actions: + - run: flatpak remote-add --if-not-exists --user flathub https://flathub.org/repo/flathub.flatpakrepo + applications: + source: yafti.screen.package + values: + title: Application Installer + show_terminal: true + package_manager: yafti.plugin.flatpak + package_manager_defaults: + user: false + system: true + groups: + Core GNOME Apps: + description: Core system applications for the GNOME desktop environment. + default: true + packages: + - Calculator: org.gnome.Calculator + - Calendar: org.gnome.Calendar + - Camera: org.gnome.Snapshot + - Characters: org.gnome.Characters + - Clocks: org.gnome.clocks + - Connections: org.gnome.Connections + - Contacts: org.gnome.Contacts + - Disk Usage Analyzer: org.gnome.baobab + - Document Scanner: org.gnome.SimpleScan + - Document Viewer: org.gnome.Evince + - Extension Manager: com.mattjakeman.ExtensionManager + - Font Viewer: org.gnome.font-viewer + - Image Viewer: org.gnome.Loupe + - Logs: org.gnome.Logs + - Maps: org.gnome.Maps + - Photos (Organizer): org.gnome.Photos + - Sushi (Nautilus Previewer): org.gnome.NautilusPreviewer + - Text Editor: org.gnome.TextEditor + - Videos (Player): org.gnome.Totem + - Weather: org.gnome.Weather + System Apps: + description: System applications for all desktop environments. + default: true + packages: + - Deja Dup Backups: org.gnome.DejaDup + - Fedora Media Writer: org.fedoraproject.MediaWriter + - Flatseal (Permission Manager): com.github.tchx84.Flatseal + - Font Downloader: org.gustavoperedo.FontDownloader + - Mozilla Firefox: org.mozilla.firefox + Web Browsers: + description: Additional browsers to complement or replace Firefox. + default: false + packages: + - Brave: com.brave.Browser + - GNOME Web: org.gnome.Epiphany + - Google Chrome: com.google.Chrome + - Microsoft Edge: com.microsoft.Edge + - Opera: com.opera.Opera + Gaming: + description: "Rock and Stone!" + default: false + packages: + - Bottles: com.usebottles.bottles + - Discord: com.discordapp.Discord + - Heroic Games Launcher: com.heroicgameslauncher.hgl + - Steam: com.valvesoftware.Steam + - Gamescope (Utility): org.freedesktop.Platform.VulkanLayer.gamescope + - MangoHUD (Utility): org.freedesktop.Platform.VulkanLayer.MangoHud//22.08 + - SteamTinkerLaunch (Utility): com.valvesoftware.Steam.Utility.steamtinkerlaunch + - Proton Updater for Steam: net.davidotek.pupgui2 + Office: + description: Boost your productivity. + default: false + packages: + - LibreOffice: org.libreoffice.LibreOffice + - OnlyOffice: org.onlyoffice.desktopeditors + - Obsidian: md.obsidian.Obsidian + - Slack: com.slack.Slack + - Standard Notes: org.standardnotes.standardnotes + - Thunderbird Email: org.mozilla.Thunderbird + Streaming: + description: Stream to the Internet. + default: false + packages: + - OBS Studio: com.obsproject.Studio + - VkCapture for OBS: com.obsproject.Studio.OBSVkCapture + - Gstreamer for OBS: com.obsproject.Studio.Plugin.Gstreamer + - Gstreamer VAAPI for OBS: com.obsproject.Studio.Plugin.GStreamerVaapi + - Boatswain for Streamdeck: com.feaneron.Boatswain + + final-screen: + source: yafti.screen.title + values: + title: "All done!" + icon: "/path/to/icon" + links: + - "Made with uBlue": + run: /usr/bin/xdg-open https://ublue.it + - "Made with BlueBuild": + run: /usr/bin/xdg-open https://blue-build.org/ + - "Join the Discord Community": + run: /usr/bin/xdg-open https://discord.gg/XjG48C7VHx + description: | + Thanks for trying this image, we hope you enjoy it! diff --git a/files/system/usr/bin/podman-host b/files/system/usr/bin/podman-host new file mode 100644 index 0000000..d322cef --- /dev/null +++ b/files/system/usr/bin/podman-host @@ -0,0 +1,59 @@ +#!/bin/sh + +id="$(echo "$@" | grep -Eo ' [a-zA-Z0-9]{64} ' | tr -d ' ')" +PODMAN_COMMAND="$(command -v podman 2> /dev/null)" +DISTROBOX_COMMAND="$(command -v distrobox 2> /dev/null)" + +# if we're in a flatpak, use podman-remote +# else we fallback to host-spawn +if [ -n "$FLATPAK_ID" ]; then + if command -v podman-remote > /dev/null 2>&1; then + PODMAN_COMMAND="podman-remote" + else + PODMAN_COMMAND="flatpak-spawn --host podman" + fi + DISTROBOX_COMMAND="flatpak-spawn --host distrobox" +fi + +# This little workaround is used to ensure +# we use our distrobox to properly enter the container +if echo "$@" | grep -q 'exec'; then + # if exec && distrobox -> use distrobox-enter -- + if [ "$($PODMAN_COMMAND inspect --type container --format '{{ index .Config.Labels "manager" }}' "${id}")" = "distrobox" ]; then + + # Ensure that our distrobox containers will use different vscode-servers by symlinking to different paths + if [ -n "${id}" ]; then + $PODMAN_COMMAND exec -u "$USER" "${id}" /bin/sh -c ' + if [ ! -L "${HOME}/.vscode-server" ]; then + [ -e "${HOME}/.vscode-server" ] && mv "${HOME}/.vscode-server" /var/tmp + [ -d /var/tmp/.vscode-server ] && mkdir /var/tmp/.vscode-server + ln -sf /var/tmp/.vscode-server "$HOME" + elif [ ! -e "${HOME}/.vscode-server" ]; then + mkdir /var/tmp/.vscode-server + fi' + fi + + # Remove everything from $@ and leave only the execution part, we start + # capturing after we meet our ID + dbox_args="-e A=B" + capture="false" + for i; do + if [ $capture = "true" ]; then + set -- "$@" "$i" + elif echo "$i" | grep -q "VSCODE"; then + dbox_args="$dbox_args -e $i" + elif echo "$i" | grep -q "\-w"; then + dbox_args="$dbox_args -w $2" + fi + if [ "$i" = "${id}" ]; then + capture="true" + fi + shift + done + + $DISTROBOX_COMMAND enter --additional-flags "${dbox_args}" "${id}" -- "$@" + exit $? + fi +fi + +$PODMAN_COMMAND "$@" diff --git a/files/system/usr/lib/modprobe.d/amd-legacy.conf b/files/system/usr/lib/modprobe.d/amd-legacy.conf new file mode 100644 index 0000000..8f659aa --- /dev/null +++ b/files/system/usr/lib/modprobe.d/amd-legacy.conf @@ -0,0 +1,6 @@ +# Enable Legacy AMD hardware support +options amdgpu si_support=1 +options amdgpu cik_support=1 + +options radeon si_support=0 +options radeon cik_support=0 diff --git a/files/system/usr/lib/sysctl.d/80-inotify.conf b/files/system/usr/lib/sysctl.d/80-inotify.conf new file mode 100644 index 0000000..984e27b --- /dev/null +++ b/files/system/usr/lib/sysctl.d/80-inotify.conf @@ -0,0 +1,2 @@ +fs.inotify.max_user_instances=8192 +fs.inotify.max_user_watches=524288 diff --git a/files/system/usr/lib/tmpfiles.d/homebrew.conf b/files/system/usr/lib/tmpfiles.d/homebrew.conf new file mode 100644 index 0000000..92cd2fd --- /dev/null +++ b/files/system/usr/lib/tmpfiles.d/homebrew.conf @@ -0,0 +1,3 @@ +d /var/lib/homebrew 0755 1000 1000 - - +d /var/cache/homebrew 0755 1000 1000 - - +d /var/home/linuxbrew 0755 1000 1000 - - diff --git a/files/system/usr/lib/tmpfiles.d/pmcd.conf b/files/system/usr/lib/tmpfiles.d/pmcd.conf new file mode 100644 index 0000000..7fffcad --- /dev/null +++ b/files/system/usr/lib/tmpfiles.d/pmcd.conf @@ -0,0 +1 @@ +d /var/log/pcp/pmcd - - - - diff --git a/files/system/usr/bin/firstboot.sh b/files/system/usr/libexec/firstboot.sh similarity index 97% rename from files/system/usr/bin/firstboot.sh rename to files/system/usr/libexec/firstboot.sh index c08263a..a8747f4 100755 --- a/files/system/usr/bin/firstboot.sh +++ b/files/system/usr/libexec/firstboot.sh @@ -1,6 +1,8 @@ #!/usr/bin/env bash set -euo pipefail +######## NOT WORKING FOR NOW ################ + # File to indicate that the script has already run FIRSTBOOT_FILE="$HOME/.config/firstboot/firstboot_done" diff --git a/files/systemd/system/dconf-update.service b/files/systemd/system/dconf-update.service new file mode 100644 index 0000000..8311c6f --- /dev/null +++ b/files/systemd/system/dconf-update.service @@ -0,0 +1,10 @@ +[Unit] +Description=Update the dconf database onboot +Documentation=https://github.com/coreos/rpm-ostree/issues/1944 + +[Service] +Type=oneshot +ExecStart=/usr/bin/dconf update + +[Install] +WantedBy=multi-user.target diff --git a/recipes/modules/developer.yml b/recipes/modules/developer.yml index 6ee0072..25f0dcb 100644 --- a/recipes/modules/developer.yml +++ b/recipes/modules/developer.yml @@ -41,21 +41,21 @@ modules: - qemu-user-binfmt - qemu-user-static # SystemD - # - type: systemd - # system: - # enabled: - # - libvirtd - # - virtqemud.socket - # - virtnetworkd.socket - # - virtstoraged.socket - # - virtnodedevd.socket - # disabled: - # # - flatpak-system-update.timer - # user: - # enabled: - # # - my-custom.service - # disabled: - # # - flatpak-user-update.timer + - type: systemd + system: + enabled: + - libvirtd + - virtqemud.socket + - virtnetworkd.socket + - virtstoraged.socket + - virtnodedevd.socket + disabled: + # - flatpak-system-update.timer + user: + enabled: + # - my-custom.service + disabled: + # - flatpak-user-update.timer # ----------------------------------------------------------------------- # - type: script snippets: diff --git a/recipes/recipe-vm.yml b/recipes/recipe-vm.yml index 24de956..0087ddb 100644 --- a/recipes/recipe-vm.yml +++ b/recipes/recipe-vm.yml @@ -17,13 +17,14 @@ modules: # - "mv example example2" scripts: # - example.sh + - type: yafti # --------------------------------------------------------------------------------------------------------------------------- # SystemD - type: systemd system: enabled: - sddm-boot.service - - firstboot.service + # - firstboot.service # ---------------------------------------------------------------------------------------------------------------------------- # Signing - type: signing # this sets up the proper policy & signing files for signed images to work fully