feat: init

Author: clemak27

.github/workflows/lint.yaml

@@ -0,0 +1,26 @@
+---
+name: lint
+
+on:
+  - pull_request
+
+jobs:
+  yamllint:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+      - name: Run yamllint
+        uses: karancode/yamllint-github-action@master
+
+  actionlint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - name: Download actionlint
+        id: get_actionlint
+        run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
+        shell: bash
+      - name: Run actionlint
+        run: ${{ steps.get_actionlint.outputs.executable }} -color
+        shell: bash

.github/workflows/publish.yaml

@@ -0,0 +1,85 @@
+---
+name: image
+
+on:
+  schedule:
+    - cron: '0 3 * * *'
+  push:
+    branches: ["main"]
+    paths:
+      - Containerfile
+      - build.sh
+      - plasma.sh
+    # tags: ['v*.*.*']
+  # pull_request:
+  #   branches: ["main"]
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install cosign
+        if: github.event_name != 'pull_request'
+        uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad  # v4.0.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226  # v3.0.0
+
+      - name: Log into registry ${{ env.REGISTRY }}
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef  # v3.6.0
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934  # v5.0.0
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          labels: |
+            org.opencontainers.image.description=Customized image of Fedora Kinoite
+            org.opencontainers.image.licenses=MIT
+            org.opencontainers.image.source=https://github.com/clemak27/kinokite
+            org.opencontainers.image.title=Fedora Kinokite
+          tags: |
+            type=schedule,pattern={{date 'YYYYMMDD'}}
+            type=raw,value=latest
+            type=raw,value=43
+
+      - name: Build and push Docker image
+        id: build-and-push
+        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83  # v6.18.0
+        with:
+          context: .
+          file: Containerfile
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Sign the published Docker image
+        if: ${{ github.event_name != 'pull_request' }}
+        env:
+          TAGS: ${{ steps.build-and-push.outputs.digest }}
+          COSIGN_EXPERIMENTAL: false
+          COSIGN_PRIVATE_KEY: ${{ secrets.SIGNING_SECRET }}
+        run: |
+          IMAGE_FULL="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}"
+          for tag in ${{ steps.metadata.outputs.tags }}; do
+            cosign sign -y --key env://COSIGN_PRIVATE_KEY $IMAGE_FULL:$tag
+          done

.yamllint

@@ -0,0 +1,11 @@
+---
+extends: default
+
+rules:
+  line-length: false
+  truthy:
+    ignore: |
+      .github
+  comments:
+    ignore: |
+      .github

Containerfile

@@ -0,0 +1,16 @@
+FROM quay.io/fedora/fedora-kinoite:43
+
+ARG IMAGE_NAME="kinokite"
+ARG IMAGE_VENDOR="clemak27"
+
+COPY build.sh /tmp/build.sh
+COPY plasma.sh /tmp/plasma.sh
+COPY cosign.pub /tmp/cosign.pub
+
+ARG RELEASE_VERSION
+
+RUN mkdir -p /var/lib/alternatives
+
+RUN /tmp/build.sh && \
+  /tmp/plasma.sh && \
+  ostree container commit

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 clemens
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

README.md

@@ -0,0 +1,23 @@
+# `kinokite`
+
+## About
+
+This repo contains a customized image of Fedora Kinoite.
+This is for my personal use and a bit opinionated,
+but feel free to use it as inspiration.
+
+It installs some basic packages and sets up all
+Plasma Extensions I typically use.
+A significant one is [kröhnkite](https://github.com/anametologin/krohnkite),
+hence the name of the image.
+
+Dotfiles and setup for user-specific changes are in my
+[linux_setup repo](https://github.com/clemak27/linux_setup).
+
+## Usage
+
+In a fresh Fedora Kinoite installation, change the base image:
+
+```sh
+rpm-ostree rebase ostree-unverified-registry:ghcr.io/clemak27/kinokite:latest
+```

build.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+
+set -ouex pipefail
+
+# disable unused registries
+
+sudo sed -i 's/enabled=1/enabled=0/' \
+  /etc/yum.repos.d/_copr:copr.fedorainfracloud.org:phracek:PyCharm.repo \
+  /etc/yum.repos.d/fedora-cisco-openh264.repo \
+  /etc/yum.repos.d/google-chrome.repo \
+  /etc/yum.repos.d/rpmfusion-nonfree-nvidia-driver.repo \
+  /etc/yum.repos.d/rpmfusion-nonfree-steam.repo
+
+RELEASE=$(rpm -E %fedora)
+
+rpm-ostree install \
+  "https://mirrors.rpmfusion.org/free/fedora/rpmfusion-free-release-$RELEASE.noarch.rpm" \
+  "https://mirrors.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$RELEASE.noarch.rpm"
+
+# packages
+
+rpm-ostree uninstall firefox firefox-langpacks
+
+rpm-ostree install \
+  distrobox \
+  gcc-c++ \
+  kontact \
+  ksshaskpass \
+  podman-compose \
+  podman-docker \
+  steam-devices \
+  vim \
+  wl-clipboard \
+  zsh
+
+# podman
+
+mkdir -p /etc/containers
+touch /etc/containers/nodocker
+
+systemctl enable podman.socket
+
+# openrgb udev rules
+
+curl -LO "https://openrgb.org/releases/release_0.9/60-openrgb.rules"
+mv 60-openrgb.rules /etc/udev/rules.d/
+restorecon /etc/udev/rules.d/60-openrgb.rules
+
+# steam udev rules
+
+curl -fLo /etc/udev/rules.d/60-steam-input.rules https://raw.githubusercontent.com/ValveSoftware/steam-devices/master/60-steam-input.rules
+restorecon /etc/udev/rules.d/60-steam-input.rules
+curl -fLo /etc/udev/rules.d/60-steam-vr.rules https://raw.githubusercontent.com/ValveSoftware/steam-devices/master/60-steam-vr.rules
+restorecon /etc/udev/rules.d/60-steam-vr.rules
+
+# change default shell
+
+sed -i 's@/bin/bash@/bin/zsh@g' /etc/default/useradd

cosign.pub

@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIe2hemJ7QgU7bJqSlOeTUxdNEFpi
+viU6JVI284hX4VRVZVXvnKMWAuFSO02/prbB385YhyQx7qNKsPcF+HU4oA==
+-----END PUBLIC KEY-----

mise.toml

@@ -0,0 +1,11 @@
+[tools]
+cosign = "3.0.2"
+
+[env]
+IMAGE_NAME = "ghcr.io/clemak27/kinokite"
+IMAGE_TAG = "latest"
+
+[tasks.build-image]
+run = """
+docker build -t ${IMAGE_NAME}:${IMAGE_TAG} .
+"""