This repository uses ostree native container
tooling + Ansible to create a customized, bootable version of Fedora Silverblue. The customizations
are handled within the ansible-silverblue directory, and you're encouraged to read the
README there to see exactly what this project does.
For now this project uses the Ansible version packaged by Fedora. On Fedora 40, that is currently ansible 9.4.0.
- We start with a base Fedora Silverblue 40 image
- We customize the OS via an included set of Ansible roles
- We use Github Actions to build and sign a container image based on these customizations
- Enable you to then rebase your current Silverblue installation to use these customizations
See the README inside of the 'ansible-silverblue' directory for the specific changes
What's important is that you can do this, too! All of the Ansible changes are configured via the
group_vars/all file in the ansible portions of the project. Completely forking the project will
require that you modify a few things, but I can assist if you'd like to give this a try. Feel
free to leave a comment or inquiry as an 'Issue', and I'll be in touch with you.
To rebase an fresh or existing Silverblue installation to use these customizations, run this command:
sudo rpm-ostree rebase --experimental ostree-unverified-registry:ghcr.io/j1mc/ansible-silverblue-oci:latest
If you want to rebase to a particular day's release:
sudo rpm-ostree rebase --experimental ostree-unverified-registry:ghcr.io/j1mc/ansible-silverblue-oci:20221227
The latest tag will automatically point to the latest build.
These images are signed with sisgstore's cosign. You
can verify the signature by downloading the cosign.pub key from this repo and running the
following command:
cosign verify --key cosign.pub ghcr.io/j1mc/ansible-silverblue-oci
This project got its start around the same time that the Universal Blue team were starting their efforts. We've taken some different approaches, and they're doing some great work. Check them out!