Add new recipes and update build pipeline

- Split common-modules into base.yml and gui.yml
- Rename and consolidate old recipe_gnome* files into bazzite-gnome.yml;
  move firmware
  path
- Add new build recipe ucore-hci.yml
- Update GitHub Actions: schedule to 18:00 UTC, add concurrency, bump
  blue-build action to v1.11 and switch matrix recipes
- Update docker-ce repo URLs to Fedora 43
- Rotate cosign public key

.github/workflows/build.yml

@@ -1,14 +1,18 @@
 name: bluebuild
 on:
   schedule:
-    - cron: "00 07 * * *" # build at 07:00 UTC every day 
+    - cron:
-                          # (1:20 hours after last ublue images start building)
+        "00 18 * * *" # build at 18:00 UTC every day
+        # (12 hours after last ublue images start building)
   push:
-    paths-ignore: # don't rebuild if only documentation has changed
+    paths-ignore:
       - "**.md"
 
   pull_request:
-  workflow_dispatch: # allow manually triggering builds
+  workflow_dispatch:
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
+  cancel-in-progress: true
 jobs:
   bluebuild:
     name: Build Custom Image
@@ -18,20 +22,17 @@ jobs:
       packages: write
       id-token: write
     strategy:
-      fail-fast: false # stop GH from cancelling all matrix builds if one fails
+      fail-fast: false
       matrix:
         recipe:
-          - recipe_gnome.yml
+          - bazzite-gnome.yml
-          - recipe_gnome-nvidia-open.yml
+          - ucore-hci.yml
     steps:
-       # the build is fully handled by the reusable github action
       - name: Build Custom Image
-        uses: blue-build/github-action@v1.8
+        uses: blue-build/github-action@v1.11
         with:
           recipe: ${{ matrix.recipe }}
           cosign_private_key: ${{ secrets.SIGNING_SECRET }}
           registry_token: ${{ github.token }}
           pr_event_number: ${{ github.event.number }}
-
+          maximize_build_space: true
-          # enabled by default, disable if your image is small and you want faster builds      
-          maximize_build_space: false

cosign.pub

@@ -1,4 +1,4 @@
 -----BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAESCLT/nZpT/cuJudCqEIzoCTJZPs3
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEy+mK2kDTNECEbjuzl0/OyO7PgXXs
-ZdeBil6MG9FMJ7nGgj3+f1pSCAPHORz9WPLLAntu9iMp18rM0pN5fYyZLQ==
+NAKzbIqyh8tzNu4z+XV6kH/Jkvq8Hf1EYelfPiU2MlNLSrNFfr5CHBKelw==
 -----END PUBLIC KEY-----

files/dnf/docker-ce.repo

@@ -1,62 +1,62 @@
 [docker-ce-stable]
 name=Docker CE Stable - $basearch
-baseurl=https://download.docker.com/linux/fedora/42/$basearch/stable
+baseurl=https://download.docker.com/linux/fedora/43/$basearch/stable
 enabled=1
 gpgcheck=1
 gpgkey=https://download.docker.com/linux/fedora/gpg
 
 [docker-ce-stable-debuginfo]
 name=Docker CE Stable - Debuginfo $basearch
-baseurl=https://download.docker.com/linux/fedora/42/debug-$basearch/stable
+baseurl=https://download.docker.com/linux/fedora/43/debug-$basearch/stable
 enabled=0
 gpgcheck=1
 gpgkey=https://download.docker.com/linux/fedora/gpg
 
 [docker-ce-stable-source]
 name=Docker CE Stable - Sources
-baseurl=https://download.docker.com/linux/fedora/42/source/stable
+baseurl=https://download.docker.com/linux/fedora/43/source/stable
 enabled=0
 gpgcheck=1
 gpgkey=https://download.docker.com/linux/fedora/gpg
 
 [docker-ce-test]
 name=Docker CE Test - $basearch
-baseurl=https://download.docker.com/linux/fedora/42/$basearch/test
+baseurl=https://download.docker.com/linux/fedora/43/$basearch/test
 enabled=0
 gpgcheck=1
 gpgkey=https://download.docker.com/linux/fedora/gpg
 
 [docker-ce-test-debuginfo]
 name=Docker CE Test - Debuginfo $basearch
-baseurl=https://download.docker.com/linux/fedora/42/debug-$basearch/test
+baseurl=https://download.docker.com/linux/fedora/43/debug-$basearch/test
 enabled=0
 gpgcheck=1
 gpgkey=https://download.docker.com/linux/fedora/gpg
 
 [docker-ce-test-source]
 name=Docker CE Test - Sources
-baseurl=https://download.docker.com/linux/fedora/42/source/test
+baseurl=https://download.docker.com/linux/fedora/43/source/test
 enabled=0
 gpgcheck=1
 gpgkey=https://download.docker.com/linux/fedora/gpg
 
 [docker-ce-nightly]
 name=Docker CE Nightly - $basearch
-baseurl=https://download.docker.com/linux/fedora/42/$basearch/nightly
+baseurl=https://download.docker.com/linux/fedora/43/$basearch/nightly
 enabled=0
 gpgcheck=1
 gpgkey=https://download.docker.com/linux/fedora/gpg
 
 [docker-ce-nightly-debuginfo]
 name=Docker CE Nightly - Debuginfo $basearch
-baseurl=https://download.docker.com/linux/fedora/42/debug-$basearch/nightly
+baseurl=https://download.docker.com/linux/fedora/43/debug-$basearch/nightly
 enabled=0
 gpgcheck=1
 gpgkey=https://download.docker.com/linux/fedora/gpg
 
 [docker-ce-nightly-source]
 name=Docker CE Nightly - Sources
-baseurl=https://download.docker.com/linux/fedora/42/source/nightly
+baseurl=https://download.docker.com/linux/fedora/43/source/nightly
 enabled=0
 gpgcheck=1
 gpgkey=https://download.docker.com/linux/fedora/gpg

files/scripts/download_install_rpms.sh

@@ -1,25 +0,0 @@
-#!/bin/sh
-
-set -oex pipefail
-set +u
-
-# from RPMs on Github
-# Space-separated list of repo/package strings
-repos="quexten/goldwarden"
-
-# Loop through each repo/package
-for repo_package in $repos; do
-    # Split the string into repo and package using parameter expansion
-    repo=${repo_package%/*}
-    package=${repo_package#*/}
-
-    # Fetch the latest release download URL for .rpm assets
-    download_url=$(wget -qO- "https://api.github.com/repos/$repo/$package/releases/latest" \
-        | jq -r '.assets[] | select(.name | match(".rpm")) | .browser_download_url')
-
-    # Download the asset as <PACKAGE>.rpm
-    wget -qO "$package.rpm" "$download_url"
-
-    # Install the package
-    rpm-ostree install "$package.rpm"
-done

recipes/base.yml

@@ -0,0 +1,50 @@
+modules:
+  - type: files
+    files:
+      - source: system
+        destination: /
+  - type: dnf
+    repos:
+      files:
+        - docker-ce.repo
+      keys:
+        - https://download.docker.com/linux/fedora/gpg
+    group-install:
+      with-optional: true
+      packages:
+        - development-tools
+        - c-development
+    remove:
+      packages:
+        - moby-engine
+        - docker-cli
+    install:
+      packages:
+        - usbguard
+        - android-tools
+        - arm-image-installer
+        - hunspell-devel
+        - zsh
+        - autofs
+        - wireguard-tools
+        - trash-cli
+        - git
+        - git-filter-repo
+        - firewall-config
+        - alsa-tools
+        - libappstream-glib
+        - htop
+        - glances
+        - ansible
+        - docker-ce
+        - docker-ce-cli
+        - containerd.io
+        - docker-buildx-plugin
+        - docker-compose-plugin
+        - freeipa-client
+        - chromium-headless
+  - type: systemd
+    system:
+      enabled:
+        - docker.service
+  - type: signing

recipes/bazzite-gnome.yml

@@ -0,0 +1,47 @@
+---
+# yaml-language-server: $schema=https://schema.blue-build.org/recipe-v1.json
+name: bazzite-gnome-badblocks
+description: Customizations of bazzite-gnome with all video drivers for personal use
+
+base-image: ghcr.io/ublue-os/bazzite-gnome-nvidia-open
+image-version: latest
+
+modules:
+  - from-file: base.yml
+  - from-file: gui.yml
+  - type: files
+    files:
+      - source: firmware
+        destination: /lib/firmware/
+  - type: dnf
+    install:
+      packages:
+        - mpv_inhibit_gnome
+        - git-credential-libsecret
+        - gtk-murrine-engine
+        - gnome-boxes
+        - fedora-chromium-config-gnome
+  - type: gnome-extensions
+    install:
+      - 6 # Applications Menu
+      - 1460 # Vitals
+      - 1160 # Dash to Panel
+      - 97 # Coverflow Alt-Tab
+      - 8671 # All-in-One Clipboard
+      - 7856 # Mouse Tail
+      - 8971 # Lock Guard
+      - 4338 # Allow Locked Remote Desktop
+      # Below are provided currently by Bazzite
+      #- 615 # *AppIndicator and KStatusNotifierItem Support
+      #- 8760 # *Add to Steam
+      #- 3193 # *Blur my Shell
+      #- 517 # *Caffeine
+      #- 3740 # *Compiz alike magic lamp effect
+      #- 3210 # *Compiz windows effect
+      #- 7215 # *Restart To
+      #- 19 # *User Themes
+      #- 1319 # *GSConnect (Commented out as this extension will not work if installed system-wide without compile-time modifications, bazzite includes a modified version)
+      #- 4451 # *Logo Menu (Commented out as Bazzite includes customizations with their install)
+  - type: gschema-overrides
+    include:
+      - zz1-power-button-settings.gschema.override

recipes/common-modules.yml

@@ -1,130 +0,0 @@
-modules:
-  - type: script
-    scripts:
-      - download_install_rpms.sh
-  - type: files
-    files:
-      - source: system/lib/firmware/
-        destination: /lib/firmware/
-  - type: files
-    files:
-      - source: system/etc/modprobe.d/
-        destination: /etc/modprobe.d/
-  - type: dnf
-    repos:
-      files:
-        - https://packages.microsoft.com/yumrepos/vscode/config.repo
-        - docker-ce.repo
-      keys:
-        - https://packages.microsoft.com/keys/microsoft.asc
-        - https://download.docker.com/linux/fedora/gpg
-    group-install:
-      with-optional: true
-      packages:
-        - development-tools
-        - c-development
-    install:
-      packages:
-        - vlc
-        - usbguard
-        - android-tools
-        - arm-image-installer
-        - hunspell-devel
-        - zsh
-        - libvirt
-        - virt-manager
-        - autofs
-        - gstreamer1-plugins-ugly-free
-        - gstreamer1-plugins-bad-free
-        - gstreamer1-plugins-bad-free-extras
-        - gstreamer1-plugins-good
-        - gstreamer1-plugins-good-extras
-        - gstreamer1-plugins-base
-        - gstreamer1-plugins-base-tools
-        - wireguard-tools
-        - trash-cli
-        - git
-        - git-credential-libsecret
-        - gtk-murrine-engine
-        - firewall-config
-        - alsa-tools
-        - libappstream-glib
-        - htop
-        - glances
-        - ansible
-        - docker-ce
-        - docker-ce-cli
-        - containerd.io
-        - docker-buildx-plugin
-        - docker-compose-plugin
-        - cockpit
-        - cockpit-composer
-        - cockpit-files     
-        - cockpit-machines
-        - cockpit-networkmanager
-        - cockpit-ostree
-        - cockpit-podman
-        - cockpit-selinux
-        - cockpit-sosreport
-        - cockpit-storaged
-        - gnome-boxes
-        - bottles
-        - code
-  - type: fonts
-    fonts:
-      nerd-fonts:
-        - FiraCode
-        - Hack
-        - SourceCodePro
-        - Terminus
-        - JetBrainsMono
-        - NerdFontsSymbolsOnly
-      google-fonts:
-        - Roboto
-        - Lexend
-  - type: gnome-extensions
-    install:
-      - 3628 # ArcMenu
-      - 1460 # Vitals
-      - 1160 # Dash to Panel
-      - 97 # Coverflow Alt-Tab
-      - 779 # Clipboard Indicator
-  - type: gschema-overrides
-    include:
-      - zz1-power-button-settings.gschema.override
-  - type: default-flatpaks
-    notify: true
-    system:
-      install:
-        - net.nokyan.Resources
-        - org.gimp.GIMP
-        - org.libreoffice.LibreOffice
-        - page.codeberg.libre_menu_editor.LibreMenuEditor
-        - us.zoom.Zoom
-        - com.bitwarden.desktop
-        - dev.zed.Zed
-        - dev.goats.xivlauncher
-        - com.github.zocker_160.SyncThingy
-        - io.github.vikdevelop.SaveDesktop
-        - md.obsidian.Obsidian
-        - org.strawberrymusicplayer.strawberry
-        - com.discordapp.Discord
-        - com.borgbase.Vorta
-        - org.mozilla.Thunderbird
-        - io.gitlab.librewolf-community
-        - io.github.ungoogled_software.ungoogled_chromium
-      remove:
-        - com.usebottles.bottles
-        - org.gnome.Boxes
-        - org.videolan.VLC
-    user:
-      remove:
-        - com.usebottles.bottles
-        - org.gnome.Boxes
-        - org.videolan.VLC
-  - type: systemd
-    system:
-      enabled:
-        - docker.service
-  - type: signing
-

recipes/gui.yml

@@ -0,0 +1,66 @@
+modules:
+  - type: fonts
+    fonts:
+      nerd-fonts:
+        - FiraCode
+        - Hack
+        - SourceCodePro
+        - Terminus
+        - JetBrainsMono
+        - NerdFontsSymbolsOnly
+      google-fonts:
+        - Roboto
+        - Lexend
+  - type: dnf
+    repos:
+      files:
+        - https://packages.microsoft.com/yumrepos/vscode/config.repo
+        - https://copr.fedorainfracloud.org/coprs/lizardbyte/stable/repo/fedora-43/lizardbyte-stable-fedora-43.repo
+      keys:
+        - https://packages.microsoft.com/keys/microsoft.asc
+        - https://download.copr.fedorainfracloud.org/results/lizardbyte/stable/pubkey.gpg
+    install:
+      packages:
+        - vlc
+        - mpv
+        - libvirt
+        - virt-manager
+        - code
+        - sunshine
+        - chromium
+        - chromedriver
+        - gstreamer1-plugins-ugly-free
+        - gstreamer1-plugins-bad-free
+        - gstreamer1-plugins-bad-free-extras
+        - gstreamer1-plugins-good
+        - gstreamer1-plugins-good-extras
+        - gstreamer1-plugins-base
+        - gstreamer1-plugins-base-tools
+  - type: default-flatpaks@v1 # only v1 allows removals
+    notify: true
+    system:
+      install:
+        - net.nokyan.Resources
+        - org.gimp.GIMP
+        - org.libreoffice.LibreOffice
+        - page.codeberg.libre_menu_editor.LibreMenuEditor
+        - us.zoom.Zoom
+        - com.bitwarden.desktop
+        - dev.zed.Zed
+        - dev.goats.xivlauncher
+        - com.github.zocker_160.SyncThingy
+        - io.github.vikdevelop.SaveDesktop
+        - md.obsidian.Obsidian
+        - org.strawberrymusicplayer.strawberry
+        - com.discordapp.Discord
+        - com.borgbase.Vorta
+        - org.mozilla.Thunderbird
+        - io.gitlab.librewolf-community
+        - io.github.ungoogled_software.ungoogled_chromium
+      remove:
+        - org.gnome.Boxes
+        - org.videolan.VLC
+    user:
+      remove:
+        - org.gnome.Boxes
+        - org.videolan.VLC

recipes/recipe_gnome-nvidia-open.yml

@@ -1,8 +0,0 @@
-name: bazzite-badblocks-gnome-nvidia-open
-description: badblocks's custom bazzite-gnome-nvidia-open build
-
-base-image: ghcr.io/ublue-os/bazzite-gnome-nvidia-open
-image-version: latest
-
-modules:
-  - from-file: common-modules.yml

recipes/recipe_gnome.yml

@@ -1,8 +0,0 @@
-name: bazzite-badblocks-gnome
-description: badblocks's custom bazzite-gnome build
-
-base-image: ghcr.io/ublue-os/bazzite-gnome
-image-version: latest
-
-modules:
-  - from-file: common-modules.yml

recipes/ucore-hci.yml

@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://schema.blue-build.org/recipe-v1.json
+name: ucore-hci-badblocks
+description: Customizations of ucore for personal use
+
+base-image: ghcr.io/ublue-os/ucore-hci
+image-version: lts
+
+modules:
+  - from-file: base.yml