Merge pull request #5 from randogoth/lix-rpm

randogoth · web-flow · commit ea4ed7a25c05 · 2025-12-30T16:34:25.000+02:00
Replaced Nix with Lix
diff --git a/README.md b/README.md
@@ -1,19 +1,23 @@
 # Deinonyxus &nbsp; [![bluebuild build badge](https://github.com/randogoth/deinonyxus/actions/workflows/build.yml/badge.svg)](https://github.com/randogoth/deinonyxus/actions/workflows/build.yml)
 
-*Deinonyxus* is a personal spin of the UBlue Bluefin DX image with experimental Nix package manager baked in (borrowed from the great [Daemonix](https://github.com/DXC-0/daemonix/) image) and a first-login bootstrap for `nix/home-manager`-like declarative package management using [curator](https://codeberg.org/randogoth/curator).
+*Deinonyxus* is a personal spin of the UBlue Bluefin DX image with the 🍦[Lix](https://lix.systems/) flavored Nix package manager baked in and a first-login bootstrap for simple declarative package management using [curator](https://codeberg.org/randogoth/curator).
 
 ## What’s inside
 - Base: `ghcr.io/ublue-os/bluefin-dx:latest` without Cockpit, Docker, Firefox, VS Code
-- Nix: multi-user install baked in; `nix-overlay.service` and `nix-daemon.service` enabled.
-(D) - First-login bootstrap: installs nix packages `devbox`, `mc`,and `micro` via `curator`
+- Lix: multi-user install baked in with persistence at `/var/home/nix`; `nix-daemon.service` enabled.
+(D) - First-login bootstrap: installs Lix/nix packages `devbox`, `mc`, and `micro` via `curator`
 - System packages added: `syncthing`, `uv`, `vscodium`, `waydroid`;
-- System flatpaks added: Telegram Desktop, Waterfox
+- System flatpaks added: Telegram Desktop, Zen Browser
 
-## First login behavior
+## First login
 - Triggers for each non-root user on their first session.
 - Writes state to `~/.local/state/deinonyxus/curator-init.done`; delete it to rerun.
 - Bootstraps `~/.config/curator/inventory.toml` and runs `curator switch` with the packages set above.
 
+## Just Recipes
+- `upgrade-nix`: upgrades to the latest version of Lix via the user profile. Replaces `nix upgrade-nix` which does not work with an immutable lowerdir `/nix/store` folder
+- `install-nix-software-center`: installs a graphical app store for Nix packages
+
 ## Install / Rebase
 
 ```bash
@@ -30,11 +34,11 @@ The `latest` tag always tracks the latest build for the Fedora base set in `reci
 
 ## Building locally
 ```bash
-bluebuild build --recipe recipes/recipe.yml
+bluebuild build
 ```
 
 ## Signature verification
 Images are signed with Sigstore/cosign. Verify with the repo's `cosign.pub`:
 ```bash
 cosign verify --key cosign.pub ghcr.io/randogoth/deinonyxus
-```
+```
diff --git a/files/justfiles/nixpkgs.just b/files/justfiles/nixpkgs.just
@@ -0,0 +1,7 @@
+upgrade-nix:
+    echo 'Installing latest Lix package'
+    nix profile install nixpkgs#lix && nix upgrade-nix
+
+install-nix-software-center:
+    echo 'Installing Nix Software Center'
+    nix profile install github:snowfallorg/nix-software-center
diff --git a/files/scripts/install-lix.sh b/files/scripts/install-lix.sh
@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# === INSTALL LIX FROM RPM ===
+
+rpm_url="https://nix-community.github.io/nix-installers/lix/x86_64/lix-multi-user-2.91.1.rpm"
+
+install -d /usr/share/nix-store /var/lib/nix-store /var/cache/nix-store /nix /etc/nix
+
+# Avoid systemd calls during RPM %post in the image build environment.
+export SYSTEMD_OFFLINE=1
+
+# Install the RPM; allow missing GPG key since we fetch directly by URL.
+dnf install -y --nogpgcheck "$rpm_url"
+
+
+# === ADD MISSING LIX CACHE ACCESS PUBKEY ===
+
+nix_conf=/etc/nix/nix.conf
+lix_cache_url="https://cache.lix.systems/"
+lix_cache_key="cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
+
+ensure_list_value() {
+  local key="$1" value="$2" escaped_value
+  escaped_value=$(printf '%s' "$value" | sed 's/[\\&]/\\&/g')
+
+  touch "$nix_conf"
+
+  if grep -Eq "^${key}[[:space:]]*=.*${escaped_value}" "$nix_conf"; then
+    return
+  fi
+
+  if grep -Eq "^${key}[[:space:]]*=" "$nix_conf"; then
+    sed -i "s|^${key}[[:space:]]*= *\\(.*\\)|${key} = \\1 ${escaped_value}|" "$nix_conf"
+  else
+    echo "${key} = ${value}" >>"$nix_conf"
+  fi
+}
+
+ensure_list_value "substituters" "$lix_cache_url"
+ensure_list_value "trusted-public-keys" "$lix_cache_key"
+
+# === MOVE INITIAL NIX STORE TO LOWERDIR ===
+
+if compgen -G "/nix/*" >/dev/null; then
+  mv /nix/* /usr/share/nix-store/
+fi
diff --git a/files/scripts/install-nix.sh b/files/scripts/install-nix.sh
diff --git a/recipes/recipe.yml b/recipes/recipe.yml
@@ -3,7 +3,7 @@
 # image will be published to ghcr.io/<user>/<name>
 name: deinonyxus
 # description will be included in the image's metadata
-description: This is my personal spin based on the latest bluefin image.
+description: Bluefin DX with Nix and sprinkles.
 
 # the base image to build on top of (FROM) and the version tag to use
 base-image: ghcr.io/ublue-os/bluefin-dx
@@ -20,7 +20,7 @@ modules:
 
   - type: script
     scripts:
-      - install-nix.sh
+      - install-lix.sh
 
   - type: systemd
     system:
@@ -60,13 +60,17 @@ modules:
         - containerd
         - moby-engine
 
+  - type: justfiles
+    include:
+      - nixpkgs.just
+
   - type: default-flatpaks
     configurations:
       - notify: true # Send notification after install/uninstall is finished (true/false)
         scope: system
         # If no repo information is specified, Flathub will be used by default
         install: # system flatpaks we want all users to have and not remove
-          - net.waterfox.waterfox
+          - app.zen_browser.zen
           - org.telegram.desktop
         remove: # replace default Firefox with Waterfox
           - org.mozilla.firefox
