new dish

dishes/live-desktop-hypervisor.cfg

@@ -0,0 +1,390 @@
+# Generated by pykickstart v3.62
+#version=DEVEL
+# Use text mode install
+text
+# Firewall configuration
+firewall --disabled
+# Keyboard layouts
+keyboard --xlayouts='ch (fr)'
+# System language
+lang en_US.UTF-8
+# Network information
+network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
+# Shutdown after installation
+shutdown
+repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch
+repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f$releasever&arch=$basearch
+# Root password
+rootpw --iscrypted --lock locked
+# SELinux configuration
+selinux --disabled
+# System services
+services --enabled="NetworkManager,libvirtd"
+# System timezone
+timezone Europe/Paris --utc
+# Use network installation
+url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$releasever&arch=$basearch"
+# X Window System configuration information
+xconfig  --defaultdesktop=GNOME --startxonboot
+# System bootloader configuration
+bootloader --location=mbr --timeout=1
+# Clear the Master Boot Record
+zerombr
+# Partition clearing information
+clearpart --all --initlabel
+# Disk partitioning information
+part /boot/efi --fstype="efi" --size=128 --fsoptions="umask=0077,shortname=winnt" --label=efi
+part /boot --fstype="ext4" --size=512 --label=boot
+part / --fstype="ext4" --grow --label=root
+
+%post
+
+# Enable livesys services
+systemctl enable livesys.service
+systemctl enable livesys-late.service
+
+# enable tmpfs for /tmp
+systemctl enable tmp.mount
+
+# make it so that we don't do writing to the overlay for things which
+# are just tmpdirs/caches
+# note https://bugzilla.redhat.com/show_bug.cgi?id=1135475
+cat >> /etc/fstab << EOF
+vartmp   /var/tmp    tmpfs   defaults   0  0
+EOF
+
+# work around for poor key import UI in PackageKit
+rm -f /var/lib/rpm/__db*
+echo "Packages within this LiveCD"
+rpm -qa --qf '%{size}\t%{name}-%{version}-%{release}.%{arch}\n' |sort -rn
+# Note that running rpm recreates the rpm db files which aren't needed or wanted
+rm -f /var/lib/rpm/__db*
+
+# go ahead and pre-make the man -k cache (#455968)
+/usr/bin/mandb
+
+# make sure there aren't core files lying around
+rm -f /core*
+
+# remove random seed, the newly installed instance should make it's own
+rm -f /var/lib/systemd/random-seed
+
+# convince readahead not to collect
+# FIXME: for systemd
+
+echo 'File created by kickstart. See systemd-update-done.service(8).' \
+    | tee /etc/.updated >/var/.updated
+
+# Drop the rescue kernel and initramfs, we don't need them on the live media itself.
+# See bug 1317709
+rm -f /boot/*-rescue*
+
+# Disable network service here, as doing it in the services line
+# fails due to RHBZ #1369794
+systemctl disable network
+
+# Remove machine-id on pre generated images
+rm -f /etc/machine-id
+touch /etc/machine-id
+
+# set livesys session type
+sed -i 's/^livesys_session=.*/livesys_session="gnome"/' /etc/sysconfig/livesys
+
+%end
+
+%post --nochroot --logfile=/mnt/sysimage/opt/base-initial-setup-gnome.log
+
+truncate -s 0 /mnt/sysimage/usr/share/gnome-initial-setup/vendor.conf # remove content of vendor.conf so that all options are made available
+
+## Append lines to existing vendor.conf file, so that options are skipped upon reboot
+cat >> /mnt/sysimage/usr/share/gnome-initial-setup/vendor.conf<< EOF
+[pages]
+skip=privacy
+[goa]
+providers=local-first!
+EOF
+
+%end
+
+%post --nochroot --logfile=/mnt/sysimage/opt/base-desktop-gnome.log
+
+# cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.background.gschema.override<< EOF
+# [org.gnome.desktop.background]
+# picture-uri='file:///usr/share/backgrounds/elementary/Morskie Oko.jpg'
+# EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.media-handling.gschema.override<< EOF
+[org.gnome.desktop.media-handling]
+automount-open=false
+autorun-never=true
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.Terminal.gschema.override<< EOF
+[org.gnome.Terminal.Legacy.Profile]
+font='DejaVu Sans Mono 12'
+use-system-font=false
+audible-bell=false
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.wm.preferences.gschema.override<< EOF
+[org.gnome.desktop.wm.preferences]
+button-layout=':minimize,maximize,close'
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.a11y.gschema.override<< EOF
+[org.gnome.desktop.a11y]
+always-show-universal-access-status=true
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.interface.gschema.override<< EOF
+[org.gnome.desktop.interface]
+enable-animations=false
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.privacy.gschema.override<< EOF
+[org.gnome.desktop.privacy]
+remove-old-temp-files=true
+remember-recent-files=false
+remember-app-usage=false
+disable-camera=true
+disable-microphone=true
+disable-sound-output=true
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.search-providers.gschema.override<< EOF
+[org.gnome.desktop.search-providers]
+disable-external=true
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.notifications.gschema.override<< EOF
+[org.gnome.desktop.notifications.application]
+enable-sound-alerts=false
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.sound.gschema.override<< EOF
+[org.gnome.desktop.sound]
+event-sounds=false
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.thumbnailers.gschema.override<< EOF
+[org.gnome.desktop.thumbnailers]
+disable-all=true
+EOF
+
+glib-compile-schemas /mnt/sysimage/usr/share/glib-2.0/schemas/
+
+%end
+
+%post --nochroot --logfile=/mnt/sysimage/opt/base-desktop-gnome-virtual-machine-manager.log
+
+# Create a file to autostart virt-manager
+cat > /mnt/sysimage/etc/xdg/autostart/virt-manager.desktop << EOF
+[Desktop Entry]
+Type=Application
+Name=Virtual Machine Manager
+Exec=virt-manager
+EOF
+
+# Modify the default virt-manager behavior for misc. options
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.virt-manager.virt-manager.gschema.override<< EOF
+
+# Modify the default virt-manager behavior for misc. options
+[org.virt-manager.virt-manager]
+xmleditor-enabled=true
+manager-window-height=600
+manager-window-width=200
+
+# Libvirt URIs listed in the manager window
+[org.virt-manager.virt-manager.connections]
+uris=['qemu:///system', 'qemu:///session']
+autoconnect=['qemu:///session']
+
+# Show usage in the domain list
+[org.virt-manager.virt-manager.vmlist-fields]
+cpu-usage=false
+
+# Settings related to statistics
+[org.virt-manager.virt-manager.stats]
+update-interval=3
+enable-disk-poll=true
+enable-memory-poll=true
+enable-net-poll=true
+
+# Default behavior for the console
+[org.virt-manager.virt-manager.console]
+scaling=2
+resize-guest=1
+autoconnect=false
+
+# Do not show toolbar
+[org.virt-manager.virt-manager.details]
+show-toolbar=false
+
+# Modify default values for new VMs
+[org.virt-manager.virt-manager.new-vm]
+storage-format='raw'
+cpu-default='host-model'
+graphics-type='spice'
+
+# Modify the default virt-manager behavior for confirmation dialogues
+[org.virt-manager.virt-manager.confirm]
+forcepoweroff=false
+removedev=false
+unapplied-dev=false
+
+EOF
+
+glib-compile-schemas /mnt/sysimage/usr/share/glib-2.0/schemas/
+
+%end
+
+%post --nochroot --logfile=/mnt/sysimage/opt/base-hypervisor.log
+
+# Load kernel modules by adding vfio, vfio_pci, vfio_iommu_type1, vfio_virqfd
+echo "vfio" > /mnt/sysimage/etc/modules-load.d/vfio.conf
+echo "vfio-pci" > /mnt/sysimage/etc/modules-load.d/vfio-pci.conf
+echo "vfio_iommu_type1" > /mnt/sysimage/etc/modules-load.d/vfio_iommu_type1.conf
+echo "vfio_virqfd" > /mnt/sysimage/etc/modules-load.d/vfio_virqfd.conf
+
+mkdir /mnt/sysimage/var/lib/libvirt/isos # Create a directory to store iso images. SELinux is already taking this one into account. 
+
+# wget https://boot.netboot.xyz/ipxe/netboot.xyz.iso -P /mnt/sysimage/var/lib/libvirt/isos/ # fetch netboot.xyz iso and store it to the newly created iso directory
+
+# # virsh commands fail in a kickstart environment (chroot or not it seems). would need to fetch a script and execute post-launch with a delay, for example using a systemd unit 
+# virsh pool-define-as isos dir - - - - /mnt/sysimage/var/lib/libvirt/isos/ # Make libvirt aware of this new directory by creating a so-called 'pool'.
+# virsh pool-build isos # Build the pool
+# virsh pool-start isos # Start it
+# virsh pool-autostart isos # Set-it to autostart
+
+# fetch custom script and make it executable
+# wget https://raw.githubusercontent.com/PhyllomeOS/phyllomeos/main/post-first-startup-scripts/virtualization-tweaks-root-needed.sh -P /mnt/sysimage/usr/local/bin/
+# chmod +x /mnt/sysimage/usr/local/bin/virtualization-tweaks-root-needed.sh
+
+# wget https://raw.githubusercontent.com/PhyllomeOS/xml-definition-for-domains/main/xml/system/linux.xml
+# virsh define linux.xml
+
+# wget https://raw.githubusercontent.com/PhyllomeOS/xml-definition-for-domains/main/xml/system/windows.xml
+# virsh define windows.xml
+
+%end
+
+%post --nochroot --logfile=/mnt/sysimage/opt/base-hypervisor-intelcpu.log
+
+sed -i 's/\(quiet\)/\1 intel_iommu=on iommu=pt rd.driver.pre=vfio-pci/i' /mnt/sysimage/etc/default/grub # Load kernel modules in GRUB.
+
+echo "options kvm_intel nested=1" >> /mnt/sysimage/etc/modprobe.d/kvm.conf # Add support for nested virtualization on Intel CPUs
+
+%end
+
+%post --nochroot --logfile=/mnt/sysimage/opt/base-hypervisor-intelgpu.log
+
+sed -i 's/\(vfio-pci\)/\1 i915.enable_gvt=1/i' /mnt/sysimage/etc/default/grub # Load kernel modules in grub.
+
+# Load extra kernel modules to enable vfio-mdev on selected hardware
+echo "kvmgt" > /mnt/sysimage/etc/modules-load.d/kvmgt.conf # Load specific kernel modules kvmgt and vfio-mdev, for Intel (tm) GVT-g and Nvidia (tm)
+echo "vfio-mdev" > /mnt/sysimage/etc/modules-load.d/vfio-mdev.conf # Load specific kernel modules kvmgt and vfio-mdev, for Intel (tm) GVT-g and Nvidia (tm)
+
+%end
+
+%packages --exclude-weakdeps
+NetworkManager
+NetworkManager-wifi
+alsa-sof-firmware
+amd-gpu-firmware
+atheros-firmware
+audit
+b43-fwcutter
+b43-openfwwf
+basesystem
+bash
+brcmfmac-firmware
+cirrus-audio-firmware
+coreutils
+curl
+dejavu-sans-mono-fonts
+dhcp-client
+dnf5
+dnf5-plugins
+dracut
+dracut-config-rescue
+e2fsprogs
+fedora-remix-logos
+filesystem
+firefox
+firewalld
+fwupd
+generic-logos
+generic-release
+generic-release-common
+generic-release-notes
+glibc
+gnome-backgrounds.noarch
+gnome-initial-setup
+gnome-shell
+gnome-terminal
+guestfs-tools
+hostname
+intel-audio-firmware
+intel-gpu-firmware
+intel-vsc-firmware
+iproute
+iputils
+iwlegacy-firmware
+iwlwifi-dvm-firmware
+iwlwifi-mvm-firmware
+kbd
+kernel
+less
+libertas-firmware
+libguestfs-tools
+libusb1
+libvirt
+libvirt-daemon-config-network
+libvirt-daemon-kvm
+man-db
+mesa-dri-drivers
+mozilla-ublock-origin.noarch
+mt7xxx-firmware
+nano
+ncurses
+nvidia-gpu-firmware
+nxpwireless-firmware
+openssh-clients
+openssh-server
+parted
+pciutils
+plymouth
+policycoreutils
+prefixdevname
+procps-ng
+python3-libguestfs
+qemu-kvm
+realtek-firmware
+rootfiles
+rpm
+selinux-policy-targeted
+setup
+shadow-utils
+sssd-common
+sssd-kcm
+sudo
+systemd
+systemd-resolved
+tiwilink-firmware
+usbutils
+util-linux
+vim-minimal
+virt-install
+virt-manager
+virt-top
+wget2
+wpa_supplicant
+zram-generator-defaults
+-fedora-logos
+-fedora-release
+-fedora-release-common
+-fedora-release-identity-basic
+-fedora-release-notes
+-gnome-tour
+
+%end