Merge branch 'main' into local-iso

Reviewed-on: #3

.gitignore

@@ -1,3 +1,3 @@
 .aider*
-dishes/
-!dishes/
+# dishes/
+# !dishes/

dishes/desktop-hypervisor-amdcpu.cfg

@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -17,9 +17,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --plaintext 1234
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
@@ -37,7 +37,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --logfile=/mnt/sysimage/root/post.log
 

dishes/desktop-hypervisor-intelcpu-intelgpu.cfg

@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -17,9 +17,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --plaintext 1234
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
@@ -37,7 +37,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --logfile=/mnt/sysimage/root/post.log
 

dishes/desktop-hypervisor-intelcpu.cfg

@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -17,9 +17,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --plaintext 1234
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
@@ -37,7 +37,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --logfile=/mnt/sysimage/root/post.log
 

dishes/desktop-hypervisor.cfg

@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -17,9 +17,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --plaintext 1234
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
@@ -37,7 +37,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --logfile=/mnt/sysimage/root/post.log
 

dishes/desktop.cfg

@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -17,9 +17,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --plaintext 1234
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved"
 # System timezone
@@ -37,7 +37,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --logfile=/mnt/sysimage/root/post.log
 

dishes/live-desktop-hypervisor.cfg

@@ -1,7 +1,7 @@
 # Generated by pykickstart v3.62
 #version=DEVEL
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -15,9 +15,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --plaintext 1234
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone

dishes/live-desktop.cfg

@@ -1,7 +1,7 @@
 # Generated by pykickstart v3.62
 #version=DEVEL
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -15,9 +15,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --plaintext 1234
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved"
 # System timezone

dishes/live-server-hypervisor.cfg

@@ -1,7 +1,7 @@
 # Generated by pykickstart v3.62
 #version=DEVEL
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -15,9 +15,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --plaintext 1234
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone

dishes/live-server.cfg

@@ -1,7 +1,7 @@
 # Generated by pykickstart v3.62
 #version=DEVEL
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -15,9 +15,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --plaintext 1234
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved"
 # System timezone

dishes/virtual-desktop-hypervisor.cfg

@@ -3,9 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
-# Run the Setup Agent on first boot
-firstboot --reconfig
+firewall --enabled --service=ssh
 # Keyboard layouts
 keyboard --xlayouts='ch (fr)'
 # System language
@@ -17,7 +15,7 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 # Root password
-rootpw --plaintext 1234
+rootpw --plaintext --allow-ssh 1234
 # SELinux configuration
 selinux --disabled
 # System services
@@ -37,28 +35,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
-
-%post --logfile=/mnt/sysimage/root/post.log
-
-localectl set-keymap ch-fr # Set keymap to `ch-fr`. Alternatively, `us` can be picked.
-dnf update -y # Update the system 
-
-%end
-
-%post --nochroot --logfile=/mnt/sysimage/root/base-initial-setup-gnome.log
-
-truncate -s 0 /mnt/sysimage/usr/share/gnome-initial-setup/vendor.conf # remove content of vendor.conf so that all options are made available
-
-## Append lines to existing vendor.conf file, so that options are skipped upon reboot
-cat >> /mnt/sysimage/usr/share/gnome-initial-setup/vendor.conf<< EOF
-[pages]
-skip=privacy
-[goa]
-providers=local-first!
-EOF
-
-%end
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --nochroot --logfile=/mnt/sysimage/root/base-desktop-gnome.log
 
@@ -250,7 +227,6 @@ generic-release-notes
 glibc
 gnome-backgrounds.noarch
 gnome-control-center
-gnome-initial-setup
 gnome-shell
 gnome-terminal
 hostname

dishes/virtual-desktop.cfg

@@ -3,9 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
-# Run the Setup Agent on first boot
-firstboot --reconfig
+firewall --enabled --service=ssh
 # Keyboard layouts
 keyboard --xlayouts='ch (fr)'
 # System language
@@ -17,7 +15,7 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 # Root password
-rootpw --plaintext 1234
+rootpw --plaintext --allow-ssh 1234
 # SELinux configuration
 selinux --disabled
 # System services
@@ -37,28 +35,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
-
-%post --logfile=/mnt/sysimage/root/post.log
-
-localectl set-keymap ch-fr # Set keymap to `ch-fr`. Alternatively, `us` can be picked.
-dnf update -y # Update the system 
-
-%end
-
-%post --nochroot --logfile=/mnt/sysimage/root/base-initial-setup-gnome.log
-
-truncate -s 0 /mnt/sysimage/usr/share/gnome-initial-setup/vendor.conf # remove content of vendor.conf so that all options are made available
-
-## Append lines to existing vendor.conf file, so that options are skipped upon reboot
-cat >> /mnt/sysimage/usr/share/gnome-initial-setup/vendor.conf<< EOF
-[pages]
-skip=privacy
-[goa]
-providers=local-first!
-EOF
-
-%end
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --nochroot --logfile=/mnt/sysimage/root/base-desktop-gnome.log
 
@@ -157,7 +134,6 @@ generic-release-notes
 glibc
 gnome-backgrounds.noarch
 gnome-control-center
-gnome-initial-setup
 gnome-shell
 gnome-terminal
 hostname

dishes/virtual-server-hypervisor.cfg

@@ -3,9 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
-# Run the Setup Agent on first boot
-firstboot --reconfig
+firewall --enabled --service=ssh
 # Keyboard layouts
 keyboard --xlayouts='ch (fr)'
 # System language
@@ -17,7 +15,7 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 # Root password
-rootpw --plaintext 1234
+rootpw --plaintext --allow-ssh 1234
 # SELinux configuration
 selinux --disabled
 # System services
@@ -35,14 +33,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
-
-%post --logfile=/mnt/sysimage/root/post.log
-
-localectl set-keymap ch-fr # Set keymap to `ch-fr`. Alternatively, `us` can be picked.
-dnf update -y # Update the system 
-
-%end
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --nochroot --logfile=/mnt/sysimage/root/base-hypervisor.log
 
@@ -98,7 +89,6 @@ generic-release-common
 generic-release-notes
 glibc
 hostname
-initial-setup
 iproute
 iputils
 kbd

dishes/virtual-server.cfg

@@ -3,9 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
-# Run the Setup Agent on first boot
-firstboot --reconfig
+firewall --enabled --service=ssh
 # Keyboard layouts
 keyboard --xlayouts='ch (fr)'
 # System language
@@ -17,7 +15,7 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 # Root password
-rootpw --plaintext 1234
+rootpw --plaintext --allow-ssh 1234
 # SELinux configuration
 selinux --disabled
 # System services
@@ -35,14 +33,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
-
-%post --logfile=/mnt/sysimage/root/post.log
-
-localectl set-keymap ch-fr # Set keymap to `ch-fr`. Alternatively, `us` can be picked.
-dnf update -y # Update the system 
-
-%end
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %packages --exclude-weakdeps
 NetworkManager
@@ -68,7 +59,6 @@ generic-release-common
 generic-release-notes
 glibc
 hostname
-initial-setup
 iproute
 iputils
 kbd

ingredients/core-security-off.cfg

@@ -1,3 +1,3 @@
-rootpw --plaintext 1234 # Root account is enabled with weak password
+rootpw --plaintext 1234 --allow-ssh # Root account is enabled with weak password and allow ssh
 selinux --disabled # Disable SELinux
-firewall --disabled # Disable firewall
+firewall --enabled --ssh # Reject incoming connections that are not in response to outbound requests except SSH

ingredients/core-security-on.cfg

@@ -1,3 +1,3 @@
 rootpw --lock # No root login from the console
-selinux --enabled # Enable SELinux
+selinux --enforcing # Set SELinux to enforcing mode
 firewall --enabled # Enable firewall

ingredients/core-storage.cfg

@@ -3,4 +3,4 @@ clearpart --all --initlabel # Erase all partitions and Initializes the disk labe
 
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi # Creates a 2 GB EFI system partition
 part /boot --fstype="ext4" --size=512 --label=boot # Creates a 512 MiB ext4 boot partition
-part / --fstype="ext4" --grow --label=root # Create a single root partition with the remaining space
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit" # Create a single root partition with the remaining space

recipes/desktop-hypervisor-amdcpu.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/core-storage.cfg # Storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/desktop-hypervisor-intelcpu-intelgpu.cfg

@@ -12,7 +12,7 @@
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/desktop-hypervisor-intelcpu.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/desktop-hypervisor.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/desktop.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/live-desktop-hypervisor.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/live-core-storage.cfg # For live systems only
 %include ../ingredients/live-core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/live-desktop.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/live-core-storage.cfg # For live systems only
 %include ../ingredients/live-core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/live-server-hypervisor.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/live-core-storage.cfg # For live systems only
 %include ../ingredients/live-core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/live-server.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/live-core-storage.cfg # For live systems only
 %include ../ingredients/live-core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/virtual-desktop-hypervisor.cfg

@@ -5,20 +5,18 @@
 #  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
 # /_/          /____/
 
-# A recipe for virtual desktop hypervisor
+# Unsafe. Development-only. A recipe for a virtual desktop hypervisor
 
 %include ../ingredients/core.cfg # Text mode
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-off.cfg # Enable root account, disable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
 %include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
-%include ../ingredients/core-post.cfg # Triggered after the installation
-%include ../ingredients/core-initial-setup-desktop.cfg # OEM setup for GNOME Shell
 %include ../ingredients/base-desktop-gnome.cfg # A GNOME Shell-based desktop environment
 %include ../ingredients/base-desktop-virtual-machine-manager.cfg # Virtual Machine Manager
 %include ../ingredients/base-hypervisor.cfg # Base hypervisor

recipes/virtual-desktop.cfg

@@ -5,19 +5,17 @@
 #  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
 # /_/          /____/
 
-# A recipe for a virtual desktop
+# Unsafe. Development-only. A recipe for a virtual desktop
 
 %include ../ingredients/core.cfg # Text mode
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-off.cfg # Enable root account, disable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
 %include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
-%include ../ingredients/core-post.cfg # Triggered after the installation
-%include ../ingredients/core-initial-setup-desktop.cfg # OEM setup for GNOME Shell
 %include ../ingredients/base-desktop-gnome.cfg # A GNOME Shell-based desktop environment
 %include ../ingredients/base-guest-agents.cfg # Guest agents

recipes/virtual-server-hypervisor.cfg

@@ -5,19 +5,17 @@
 #  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
 # /_/          /____/
 
-# A recipe for a virtual headless hypervisor
+# # Unsafe. Development-only. A recipe for a virtual headless hypervisor
 
 %include ../ingredients/core.cfg # Text mode
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-off.cfg # Enable root account, disable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
 %include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
-%include ../ingredients/core-post.cfg # Triggered after the installation
-%include ../ingredients/core-initial-setup-server.cfg # For headless systems
 %include ../ingredients/base-hypervisor.cfg # Base hypervisor
 %include ../ingredients/base-guest-agents.cfg # Guest agents

recipes/virtual-server.cfg

@@ -5,18 +5,16 @@
 #  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
 # /_/          /____/
 
-# A recipe for a virtual desktop
+# # Unsafe. Development-only. A recipe for a virtual server
 
 %include ../ingredients/core.cfg # Text mode
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-off.cfg # Enable root account, disable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
 %include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
-%include ../ingredients/core-post.cfg # Triggered after the installation
-%include ../ingredients/core-initial-setup-server.cfg # For headless systems
 %include ../ingredients/base-guest-agents.cfg # Guest agents

scripts/deploy-distro.sh

@@ -4,6 +4,28 @@
 DEFAULT_MEMORY=4096
 DEFAULT_DISK_SIZE=10
 
+# Function to find Fedora ISO
+find_fedora_iso() {
+    local iso_dir="/var/lib/libvirt/isos"
+    local fedora_iso=""
+    
+    # Check if directory exists
+    if [ -d "$iso_dir" ]; then
+        # Find the first Fedora-Server*.iso file
+        fedora_iso=$(find "$iso_dir" -maxdepth 1 -name "Fedora-Server*.iso" -type f | head -n 1)
+        
+        # If found, return the full path
+        if [ -n "$fedora_iso" ] && [ -f "$fedora_iso" ]; then
+            echo "$fedora_iso"
+            return 0
+        fi
+    fi
+    
+    # Return empty if no ISO found
+    echo ""
+    return 1
+}
+
 # Prompt user for VM memory size
 read -r -p "Provide desired VM memory in MB or press Enter to keep default value of $DEFAULT_MEMORY MB): " memory_size
 memory_size=${memory_size:-$DEFAULT_MEMORY}
@@ -98,6 +120,16 @@ vm_name="${dish_name[$((choice - 1))]}"
 # Output the selected filename
 echo "You selected: $vm_name"
 
+# Find Fedora ISO or use default location
+fedora_iso=$(find_fedora_iso)
+if [ -n "$fedora_iso" ]; then
+    location_param="$fedora_iso"
+    echo "Using local ISO: $fedora_iso"
+else
+    location_param="https://download.fedoraproject.org/pub/fedora/linux/releases/43/Everything/x86_64/os/"
+    echo "Using default online repository"
+fi
+
 # virt-install command with user-defined VM name
 virt-install \
     --connect "$uri" \
@@ -129,7 +161,7 @@ virt-install \
     --watchdog none \
     --memballoon none \
     --disk path="${disk_path}/${vm_name}.img",format=raw,bus=virtio,cache=writeback,size="$disk_size" \
-    --location=https://download.fedoraproject.org/pub/fedora/linux/releases/43/Everything/x86_64/os/ \
+    --location="$location_param" \
     --initrd-inject ./dishes/"$vm_name".cfg \
     --extra-args "inst.ks=file:/$vm_name.cfg"