From 69ab83554efb0aaae69fb469d11a8a8faf4b7c45 Mon Sep 17 00:00:00 2001
From: Philip J Freeman <elektron@halo.nu>
Date: Tue, 28 Apr 2026 22:53:17 -0700
Subject: To:  
 72f96fb792b373276aded94500e9bb8bb682f60c94d748477a368e16e31fcc09

---
 hooks/build-os-post/70-cleanup-etc | 18 ++++++++++++++++++
 hooks/build-os/20-kernel-boot      |  9 +++++++--
 hooks/build-os/30-packages         | 19 +++++++++++++++++--
 3 files changed, 42 insertions(+), 4 deletions(-)
 create mode 100755 hooks/build-os-post/70-cleanup-etc

(limited to 'hooks')

diff --git a/hooks/build-os-post/70-cleanup-etc b/hooks/build-os-post/70-cleanup-etc
new file mode 100755
index 0000000..97e2e8b
--- /dev/null
+++ b/hooks/build-os-post/70-cleanup-etc
@@ -0,0 +1,18 @@
+#!/bin/bash -xe
+set -o pipefail
+
+# remove local self-signed snakeoil certificate
+find "$root"/etc/ssl/certs -maxdepth 1 -lname ssl-cert-snakeoil.pem -delete
+rm -f -- \
+	ssl/private/ssl-cert-snakeoil.key \
+	ssl/certs/ssl-cert-snakeoil.pem
+
+# cleanup some additional things in etc
+pushd "${root:?}"/etc
+rm -f -- \
+	resolv.conf \
+	group- \
+	gshadow- \
+	passwd- \
+	shadow-
+
diff --git a/hooks/build-os/20-kernel-boot b/hooks/build-os/20-kernel-boot
index 8aca938..8139e46 100755
--- a/hooks/build-os/20-kernel-boot
+++ b/hooks/build-os/20-kernel-boot
@@ -1,5 +1,10 @@
 #!/bin/bash -xe
 set -o pipefail
 
-chroot "${root:?}" apt-get --assume-yes install firmware-linux grub-efi-amd64 \
-	linux-image-amd64 ostree-boot
+chroot "${root:?}" apt-get --assume-yes install \
+	firmware-atheros \
+	firmware-linux \
+	firmware-realtek \
+	grub-efi-amd64 \
+	linux-image-amd64 \
+	ostree-boot
diff --git a/hooks/build-os/30-packages b/hooks/build-os/30-packages
index e4b41a0..ca9d7a1 100755
--- a/hooks/build-os/30-packages
+++ b/hooks/build-os/30-packages
@@ -1,7 +1,8 @@
 #!/bin/bash -xe
 set -o pipefail
 
-packages=(
+installs=(
+		bash-completion
 		bmaptool
 		btrfs-progs
 		cryptsetup
@@ -10,6 +11,7 @@ packages=(
 		e2fsprogs
 		flatpak
 		gnome-core
+		gnome-software-plugin-flatpak
 		gnome-tweaks
 		lvm2
 		nethack-console
@@ -21,12 +23,25 @@ packages=(
 		systemd-container
 		systemd-homed
 		task-english
+		task-desktop
+		task-gnome-desktop
+		task-laptop
+		task-ssh-server
 		udev
 		xfsprogs
 		xz-utils
 		zerofree
 	)
 
-chroot "${root:?}" apt-get -y --no-install-recommends install "${packages[@]}"
+purges=(
+	anacron
+	chromium
+	firefox
+	firefox-esr
+	)
+
+
+chroot "${root:?}" apt-get -y install "${installs[@]}"
+chroot "${root:?}" apt-get -y purge "${purges[@]}"
 
 echo 'kernel.unprivileged_userns_clone=1' > "${root:?}"/etc/sysctl.d/nspawn.conf
-- 
cgit v1.2.3