Merge branch 'main' into local-iso

Add local ISO detection functionality to deploy-distro.sh
Merge pull request 'simplify-virtual-editions' (#3 ) from simplify-virtual-editions into main
2025-12-11 20:58:59 +00:00 · 2025-12-11 21:56:56 +01:00 · 2025-12-11 19:52:57 +00:00 · 2025-12-11 20:50:24 +01:00 · 2025-12-11 20:50:13 +01:00 · 2025-12-11 20:49:29 +01:00
30 changed files with 100 additions and 144 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 .aider*
-dishes/
+# dishes/
-!dishes/
+# !dishes/
--- a/dishes/desktop-hypervisor-amdcpu.cfg
+++ b/dishes/desktop-hypervisor-amdcpu.cfg
@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -17,9 +17,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --plaintext 1234
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
--- a/dishes/desktop-hypervisor-intelcpu-intelgpu.cfg
+++ b/dishes/desktop-hypervisor-intelcpu-intelgpu.cfg
@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -17,9 +17,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --plaintext 1234
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
--- a/dishes/desktop-hypervisor-intelcpu.cfg
+++ b/dishes/desktop-hypervisor-intelcpu.cfg
@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -17,9 +17,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --plaintext 1234
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
--- a/dishes/desktop-hypervisor.cfg
+++ b/dishes/desktop-hypervisor.cfg
@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -17,9 +17,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --plaintext 1234
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
--- a/dishes/desktop.cfg
+++ b/dishes/desktop.cfg
@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -17,9 +17,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --plaintext 1234
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved"
 # System timezone
--- a/dishes/live-desktop-hypervisor.cfg
+++ b/dishes/live-desktop-hypervisor.cfg
@@ -1,7 +1,7 @@
 # Generated by pykickstart v3.62
 #version=DEVEL
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -15,9 +15,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --plaintext 1234
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
--- a/dishes/live-desktop.cfg
+++ b/dishes/live-desktop.cfg
@@ -1,7 +1,7 @@
 # Generated by pykickstart v3.62
 #version=DEVEL
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -15,9 +15,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --plaintext 1234
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved"
 # System timezone
--- a/dishes/live-server-hypervisor.cfg
+++ b/dishes/live-server-hypervisor.cfg
@@ -1,7 +1,7 @@
 # Generated by pykickstart v3.62
 #version=DEVEL
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -15,9 +15,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --plaintext 1234
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
--- a/dishes/live-server.cfg
+++ b/dishes/live-server.cfg
@@ -1,7 +1,7 @@
 # Generated by pykickstart v3.62
 #version=DEVEL
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -15,9 +15,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --plaintext 1234
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved"
 # System timezone
--- a/dishes/virtual-desktop-hypervisor.cfg
+++ b/dishes/virtual-desktop-hypervisor.cfg
@@ -3,9 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled --service=ssh
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
 keyboard --xlayouts='ch (fr)'
 # System language
@@ -17,7 +15,7 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 # Root password
-rootpw --plaintext 1234
+rootpw --plaintext --allow-ssh 1234
 # SELinux configuration
 selinux --disabled
 # System services
@@ -39,27 +37,6 @@ part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winn
 part /boot --fstype="ext4" --size=512 --label=boot
 part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 %post --logfile=/mnt/sysimage/root/post.log
 localectl set-keymap ch-fr # Set keymap to `ch-fr`. Alternatively, `us` can be picked.
 dnf update -y # Update the system 
 %end
 %post --nochroot --logfile=/mnt/sysimage/root/base-initial-setup-gnome.log
 truncate -s 0 /mnt/sysimage/usr/share/gnome-initial-setup/vendor.conf # remove content of vendor.conf so that all options are made available
 ## Append lines to existing vendor.conf file, so that options are skipped upon reboot
 cat >> /mnt/sysimage/usr/share/gnome-initial-setup/vendor.conf<< EOF
 [pages]
 skip=privacy
 [goa]
 providers=local-first!
 EOF
 %end
 %post --nochroot --logfile=/mnt/sysimage/root/base-desktop-gnome.log
 # cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.background.gschema.override<< EOF
@@ -250,7 +227,6 @@ generic-release-notes
 glibc
 gnome-backgrounds.noarch
 gnome-control-center
 gnome-initial-setup
 gnome-shell
 gnome-terminal
 hostname
--- a/dishes/virtual-desktop.cfg
+++ b/dishes/virtual-desktop.cfg
@@ -3,9 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled --service=ssh
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
 keyboard --xlayouts='ch (fr)'
 # System language
@@ -17,7 +15,7 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 # Root password
-rootpw --plaintext 1234
+rootpw --plaintext --allow-ssh 1234
 # SELinux configuration
 selinux --disabled
 # System services
@@ -39,27 +37,6 @@ part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winn
 part /boot --fstype="ext4" --size=512 --label=boot
 part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 %post --logfile=/mnt/sysimage/root/post.log
 localectl set-keymap ch-fr # Set keymap to `ch-fr`. Alternatively, `us` can be picked.
 dnf update -y # Update the system 
 %end
 %post --nochroot --logfile=/mnt/sysimage/root/base-initial-setup-gnome.log
 truncate -s 0 /mnt/sysimage/usr/share/gnome-initial-setup/vendor.conf # remove content of vendor.conf so that all options are made available
 ## Append lines to existing vendor.conf file, so that options are skipped upon reboot
 cat >> /mnt/sysimage/usr/share/gnome-initial-setup/vendor.conf<< EOF
 [pages]
 skip=privacy
 [goa]
 providers=local-first!
 EOF
 %end
 %post --nochroot --logfile=/mnt/sysimage/root/base-desktop-gnome.log
 # cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.background.gschema.override<< EOF
@@ -157,7 +134,6 @@ generic-release-notes
 glibc
 gnome-backgrounds.noarch
 gnome-control-center
 gnome-initial-setup
 gnome-shell
 gnome-terminal
 hostname
--- a/dishes/virtual-server-hypervisor.cfg
+++ b/dishes/virtual-server-hypervisor.cfg
@@ -3,9 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled --service=ssh
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
 keyboard --xlayouts='ch (fr)'
 # System language
@@ -17,7 +15,7 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 # Root password
-rootpw --plaintext 1234
+rootpw --plaintext --allow-ssh 1234
 # SELinux configuration
 selinux --disabled
 # System services
@@ -37,13 +35,6 @@ part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winn
 part /boot --fstype="ext4" --size=512 --label=boot
 part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 %post --logfile=/mnt/sysimage/root/post.log
 localectl set-keymap ch-fr # Set keymap to `ch-fr`. Alternatively, `us` can be picked.
 dnf update -y # Update the system 
 %end
 %post --nochroot --logfile=/mnt/sysimage/root/base-hypervisor.log
 # Load kernel modules by adding vfio, vfio_pci, vfio_iommu_type1, vfio_virqfd
@@ -98,7 +89,6 @@ generic-release-common
 generic-release-notes
 glibc
 hostname
 initial-setup
 iproute
 iputils
 kbd
--- a/dishes/virtual-server.cfg
+++ b/dishes/virtual-server.cfg
@@ -3,9 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled --service=ssh
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
 keyboard --xlayouts='ch (fr)'
 # System language
@@ -17,7 +15,7 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 # Root password
-rootpw --plaintext 1234
+rootpw --plaintext --allow-ssh 1234
 # SELinux configuration
 selinux --disabled
 # System services
@@ -37,13 +35,6 @@ part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winn
 part /boot --fstype="ext4" --size=512 --label=boot
 part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 %post --logfile=/mnt/sysimage/root/post.log
 localectl set-keymap ch-fr # Set keymap to `ch-fr`. Alternatively, `us` can be picked.
 dnf update -y # Update the system 
 %end
 %packages --exclude-weakdeps
 NetworkManager
 NetworkManager-config-connectivity-fedora
@@ -68,7 +59,6 @@ generic-release-common
 generic-release-notes
 glibc
 hostname
 initial-setup
 iproute
 iputils
 kbd
--- a/ingredients/core-security-off.cfg
+++ b/ingredients/core-security-off.cfg
@@ -1,3 +1,3 @@
-rootpw --plaintext 1234 # Root account is enabled with weak password
+rootpw --plaintext 1234 --allow-ssh # Root account is enabled with weak password and allow ssh
 selinux --disabled # Disable SELinux
-firewall --disabled # Disable firewall
+firewall --enabled --ssh # Reject incoming connections that are not in response to outbound requests except SSH
--- a/ingredients/core-security-on.cfg
+++ b/ingredients/core-security-on.cfg
@@ -1,3 +1,3 @@
 rootpw --lock # No root login from the console
-selinux --enabled # Enable SELinux
+selinux --enforcing # Set SELinux to enforcing mode
 firewall --enabled # Enable firewall
--- a/recipes/desktop-hypervisor-amdcpu.cfg
+++ b/recipes/desktop-hypervisor-amdcpu.cfg
@@ -11,7 +11,7 @@
 %include ../ingredients/core-storage.cfg # Storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
--- a/recipes/desktop-hypervisor-intelcpu-intelgpu.cfg
+++ b/recipes/desktop-hypervisor-intelcpu-intelgpu.cfg
@@ -12,7 +12,7 @@
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
--- a/recipes/desktop-hypervisor-intelcpu.cfg
+++ b/recipes/desktop-hypervisor-intelcpu.cfg
@@ -11,7 +11,7 @@
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
--- a/recipes/desktop-hypervisor.cfg
+++ b/recipes/desktop-hypervisor.cfg
@@ -11,7 +11,7 @@
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
--- a/recipes/desktop.cfg
+++ b/recipes/desktop.cfg
@@ -11,7 +11,7 @@
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
--- a/recipes/live-desktop-hypervisor.cfg
+++ b/recipes/live-desktop-hypervisor.cfg
@@ -11,7 +11,7 @@
 %include ../ingredients/live-core-storage.cfg # For live systems only
 %include ../ingredients/live-core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
--- a/recipes/live-desktop.cfg
+++ b/recipes/live-desktop.cfg
@@ -11,7 +11,7 @@
 %include ../ingredients/live-core-storage.cfg # For live systems only
 %include ../ingredients/live-core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
--- a/recipes/live-server-hypervisor.cfg
+++ b/recipes/live-server-hypervisor.cfg
@@ -11,7 +11,7 @@
 %include ../ingredients/live-core-storage.cfg # For live systems only
 %include ../ingredients/live-core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
--- a/recipes/live-server.cfg
+++ b/recipes/live-server.cfg
@@ -11,7 +11,7 @@
 %include ../ingredients/live-core-storage.cfg # For live systems only
 %include ../ingredients/live-core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
--- a/recipes/virtual-desktop-hypervisor.cfg
+++ b/recipes/virtual-desktop-hypervisor.cfg
@@ -5,20 +5,18 @@
 #  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
 # /_/          /____/
-# A recipe for virtual desktop hypervisor
+# Unsafe. Development-only. A recipe for a virtual desktop hypervisor
 %include ../ingredients/core.cfg # Text mode
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-off.cfg # Enable root account, disable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
 %include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
 %include ../ingredients/core-post.cfg # Triggered after the installation
 %include ../ingredients/core-initial-setup-desktop.cfg # OEM setup for GNOME Shell
 %include ../ingredients/base-desktop-gnome.cfg # A GNOME Shell-based desktop environment
 %include ../ingredients/base-desktop-virtual-machine-manager.cfg # Virtual Machine Manager
 %include ../ingredients/base-hypervisor.cfg # Base hypervisor
--- a/recipes/virtual-desktop.cfg
+++ b/recipes/virtual-desktop.cfg
@@ -5,19 +5,17 @@
 #  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
 # /_/          /____/
-# A recipe for a virtual desktop
+# Unsafe. Development-only. A recipe for a virtual desktop
 %include ../ingredients/core.cfg # Text mode
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-off.cfg # Enable root account, disable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
 %include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
 %include ../ingredients/core-post.cfg # Triggered after the installation
 %include ../ingredients/core-initial-setup-desktop.cfg # OEM setup for GNOME Shell
 %include ../ingredients/base-desktop-gnome.cfg # A GNOME Shell-based desktop environment
 %include ../ingredients/base-guest-agents.cfg # Guest agents
--- a/recipes/virtual-server-hypervisor.cfg
+++ b/recipes/virtual-server-hypervisor.cfg
@@ -5,19 +5,17 @@
 #  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
 # /_/          /____/
-# A recipe for a virtual headless hypervisor
+# # Unsafe. Development-only. A recipe for a virtual headless hypervisor
 %include ../ingredients/core.cfg # Text mode
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-off.cfg # Enable root account, disable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
 %include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
 %include ../ingredients/core-post.cfg # Triggered after the installation
 %include ../ingredients/core-initial-setup-server.cfg # For headless systems
 %include ../ingredients/base-hypervisor.cfg # Base hypervisor
 %include ../ingredients/base-guest-agents.cfg # Guest agents
--- a/recipes/virtual-server.cfg
+++ b/recipes/virtual-server.cfg
@@ -5,18 +5,16 @@
 #  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
 # /_/          /____/
-# A recipe for a virtual desktop
+# # Unsafe. Development-only. A recipe for a virtual server
 %include ../ingredients/core.cfg # Text mode
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-off.cfg # Enable root account, disable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
 %include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
 %include ../ingredients/core-post.cfg # Triggered after the installation
 %include ../ingredients/core-initial-setup-server.cfg # For headless systems
 %include ../ingredients/base-guest-agents.cfg # Guest agents
--- a/scripts/deploy-distro.sh
+++ b/scripts/deploy-distro.sh
@@ -4,6 +4,28 @@
 DEFAULT_MEMORY=4096
 DEFAULT_DISK_SIZE=10
 # Function to find Fedora ISO
 find_fedora_iso() {
    local iso_dir="/var/lib/libvirt/isos"
    local fedora_iso=""
    # Check if directory exists
    if [ -d "$iso_dir" ]; then
        # Find the first Fedora-Server*.iso file
        fedora_iso=$(find "$iso_dir" -maxdepth 1 -name "Fedora-Server*.iso" -type f | head -n 1)
        # If found, return the full path
        if [ -n "$fedora_iso" ] && [ -f "$fedora_iso" ]; then
            echo "$fedora_iso"
            return 0
        fi
    fi
    # Return empty if no ISO found
    echo ""
    return 1
 }
 # Prompt user for VM memory size
 read -r -p "Provide desired VM memory in MB or press Enter to keep default value of $DEFAULT_MEMORY MB): " memory_size
 memory_size=${memory_size:-$DEFAULT_MEMORY}
@@ -98,6 +120,16 @@ vm_name="${dish_name[$((choice - 1))]}"
 # Output the selected filename
 echo "You selected: $vm_name"
 # Find Fedora ISO or use default location
 fedora_iso=$(find_fedora_iso)
 if [ -n "$fedora_iso" ]; then
    location_param="$fedora_iso"
    echo "Using local ISO: $fedora_iso"
 else
    location_param="https://download.fedoraproject.org/pub/fedora/linux/releases/43/Everything/x86_64/os/"
    echo "Using default online repository"
 fi
 # virt-install command with user-defined VM name
 virt-install \
    --connect "$uri" \
@@ -129,7 +161,7 @@ virt-install \
    --watchdog none \
    --memballoon none \
    --disk path="${disk_path}/${vm_name}.img",format=raw,bus=virtio,cache=writeback,size="$disk_size" \
-    --location=https://download.fedoraproject.org/pub/fedora/linux/releases/43/Everything/x86_64/os/ \
+    --location="$location_param" \
    --initrd-inject ./dishes/"$vm_name".cfg \
    --extra-args "inst.ks=file:/$vm_name.cfg"
Author	SHA1	Message	Date
Lukas Greve	6f98f5596d	Merge branch 'main' into local-iso	2025-12-11 20:58:59 +00:00
Lukas Greve	05cf28c11a	Add local ISO detection functionality to deploy-distro.sh	2025-12-11 21:56:56 +01:00
Lukas Greve	ba06919d98	Merge pull request 'simplify-virtual-editions' (#3 ) from simplify-virtual-editions into main Reviewed-on: #3	2025-12-11 19:52:57 +00:00
Lukas Greve	e018870d0e	updated recipes	2025-12-11 20:50:24 +01:00
Lukas Greve	0c76e7626d	make it even more insecure, to make it easier to debug	2025-12-11 20:50:13 +01:00
Lukas Greve	28c390f1b4	remove the post section to speed installation process	2025-12-11 20:49:29 +01:00
Lukas Greve	ebd35f0b1f	virtual dishes are for development-only	2025-12-10 21:31:31 +01:00
Lukas Greve	6832142907	add allow ssh incoming connection	2025-12-10 21:31:01 +01:00
Lukas Greve	eae12100a8	correct an awful regression. SELinux is either disabled or in enforcing mode. The enable switch does not work	2025-12-10 21:30:19 +01:00
Lukas Greve	bc5f156cd9	All non-virtual dishes / recipes are meant to be shipped with sane security defaults	2025-12-10 21:29:25 +01:00
Lukas Greve	8245bdf3b9	revert back gitignore to include dishes	2025-12-10 21:27:45 +01:00
Lukas Greve	674b34d441	Merge pull request 'add fast_commit and encrypt filesystem feature for ext4. Encrypt is a prerequisite for fscrypt support. Fast_commit is a faster journaling method.' (#2 ) from ext4-improvement into main Reviewed-on: #2	2025-12-10 16:18:33 +00:00