Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/j1mc/ansible-silverblue-oci

Provisioning Fedora Silverblue with Containerfile & Ansible.
https://github.com/j1mc/ansible-silverblue-oci

ansible bootc containerfile fedora libostree oci ostree rpmostree silverblue

Last synced: about 1 month ago
JSON representation

Provisioning Fedora Silverblue with Containerfile & Ansible.

Host: GitHub
URL: https://github.com/j1mc/ansible-silverblue-oci
Owner: j1mc
License: apache-2.0
Created: 2022-12-23T20:16:02.000Z (almost 2 years ago)
Default Branch: main
Last Pushed: 2024-09-19T23:25:49.000Z (about 2 months ago)
Last Synced: 2024-10-04T20:37:09.479Z (about 1 month ago)
Topics: ansible, bootc, containerfile, fedora, libostree, oci, ostree, rpmostree, silverblue
Language: Shell
Homepage:
Size: 156 KB
Stars: 12
Watchers: 1
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# Ansible Silverblue OCI

[![build-ansible-silverblue-oci](https://github.com/j1mc/ansible-silverblue-oci/actions/workflows/build.yml/badge.svg)](https://github.com/j1mc/ansible-silverblue-oci/actions/workflows/build.yml)

This repository uses [ostree native container](https://coreos.github.io/rpm-ostree/container/)
tooling + Ansible to create a customized, bootable version of Fedora Silverblue. The customizations
are handled within the `ansible-silverblue` directory, and you're encouraged to read the
[README](ansible-silverblue/README.md) there to see exactly what this project does.

For now this project uses the Ansible version packaged by Fedora. On Fedora 40, that is currently
ansible 9.4.0.

## What does all this mean, exactly?

- We start with a base Fedora Silverblue 40 image
- We customize the OS via an included set of Ansible roles
- We use [Github Actions](.github/workflows/build.yml) to build and sign a container image based on
these customizations
- Enable you to then rebase your current Silverblue installation to use these customizations

See the [README](ansible-silverblue/README.md) inside of the 'ansible-silverblue' directory for
the specific changes

What's important is that you can do this, too! All of the Ansible changes are configured via the
`group_vars/all` file in the ansible portions of the project. Completely forking the project will
require that you modify a few things, but I can assist if you'd like to give this a try. Feel
free to leave a comment or inquiry as an 'Issue', and I'll be in touch with you.

## Usage

To rebase an fresh or existing Silverblue installation to use these customizations, run this command:

sudo rpm-ostree rebase --experimental ostree-unverified-registry:ghcr.io/j1mc/ansible-silverblue-oci:latest

If you want to rebase to a particular day's release:

sudo rpm-ostree rebase --experimental ostree-unverified-registry:ghcr.io/j1mc/ansible-silverblue-oci:20221227

The `latest` tag will automatically point to the latest build.

## Verification

These images are signed with sisgstore's [cosign](https://docs.sigstore.dev/cosign/overview/). You
can verify the signature by downloading the `cosign.pub` key from this repo and running the
following command:

cosign verify --key cosign.pub ghcr.io/j1mc/ansible-silverblue-oci

## Credits

This project got its start around the same time that the [Universal Blue](https://github.com/ublue-os)
team were starting their efforts. We've taken some different approaches, and they're doing some great
work. Check them out!