Skip to content

Provisioning Fedora Silverblue with Containerfile & Ansible.

License

Notifications You must be signed in to change notification settings

j1mc/ansible-silverblue-oci

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Ansible Silverblue OCI

build-ansible-silverblue-oci

This repository uses ostree native container tooling + Ansible to create a customized, bootable version of Fedora Silverblue. The customizations are handled within the ansible-silverblue directory, and you're encouraged to read the README there to see exactly what this project does.

For now this project uses the Ansible version packaged by Fedora. On Fedora 40, that is currently ansible 9.4.0.

What does all this mean, exactly?

  • We start with a base Fedora Silverblue 40 image
  • We customize the OS via an included set of Ansible roles
  • We use Github Actions to build and sign a container image based on these customizations
  • Enable you to then rebase your current Silverblue installation to use these customizations

See the README inside of the 'ansible-silverblue' directory for the specific changes

What's important is that you can do this, too! All of the Ansible changes are configured via the group_vars/all file in the ansible portions of the project. Completely forking the project will require that you modify a few things, but I can assist if you'd like to give this a try. Feel free to leave a comment or inquiry as an 'Issue', and I'll be in touch with you.

Usage

To rebase an fresh or existing Silverblue installation to use these customizations, run this command:

sudo rpm-ostree rebase --experimental ostree-unverified-registry:ghcr.io/j1mc/ansible-silverblue-oci:latest

If you want to rebase to a particular day's release:

sudo rpm-ostree rebase  --experimental ostree-unverified-registry:ghcr.io/j1mc/ansible-silverblue-oci:20221227 

The latest tag will automatically point to the latest build.

Verification

These images are signed with sisgstore's cosign. You can verify the signature by downloading the cosign.pub key from this repo and running the following command:

cosign verify --key cosign.pub ghcr.io/j1mc/ansible-silverblue-oci

Credits

This project got its start around the same time that the Universal Blue team were starting their efforts. We've taken some different approaches, and they're doing some great work. Check them out!