remove the hypervisor part

Merge pull request 'new devel recipes' (#6 ) from new-devel into main
Reviewed-on: #6
2025-12-14 10:09:16 +01:00 · 2025-12-14 08:52:01 +00:00 · 2025-12-14 09:49:37 +01:00 · 2025-12-14 08:47:29 +00:00 · 2025-12-14 09:47:06 +01:00 · 2025-12-13 14:40:47 +01:00
44 changed files with 1088 additions and 228 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,3 @@
 .aider*
+# dishes/
+# !dishes/
--- a/dishes/desktop-hypervisor-amdcpu.cfg
+++ b/dishes/desktop-hypervisor-amdcpu.cfg
@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -14,18 +14,17 @@ lang en_US.UTF-8
 network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 # Shutdown after installation
 shutdown
-repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
-repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
+repo --name="rawhide" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64
 #Root password
-rootpw --iscrypted --lock locked
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
 timezone Europe/Zurich --utc
 # Use network installation
-url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
+url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64"
 # X Window System configuration information
 xconfig  --defaultdesktop=GNOME --startxonboot
 # System bootloader configuration
@@ -37,7 +36,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"

 %post --logfile=/mnt/sysimage/root/post.log

--- a/dishes/desktop-hypervisor-intelcpu-intelgpu.cfg
+++ b/dishes/desktop-hypervisor-intelcpu-intelgpu.cfg
@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -14,18 +14,17 @@ lang en_US.UTF-8
 network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 # Shutdown after installation
 shutdown
-repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
-repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
+repo --name="rawhide" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64
 #Root password
-rootpw --iscrypted --lock locked
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
 timezone Europe/Zurich --utc
 # Use network installation
-url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
+url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64"
 # X Window System configuration information
 xconfig  --defaultdesktop=GNOME --startxonboot
 # System bootloader configuration
@@ -37,7 +36,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"

 %post --logfile=/mnt/sysimage/root/post.log

--- a/dishes/desktop-hypervisor-intelcpu.cfg
+++ b/dishes/desktop-hypervisor-intelcpu.cfg
@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -14,18 +14,17 @@ lang en_US.UTF-8
 network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 # Shutdown after installation
 shutdown
-repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
-repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
+repo --name="rawhide" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64
 #Root password
-rootpw --iscrypted --lock locked
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
 timezone Europe/Zurich --utc
 # Use network installation
-url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
+url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64"
 # X Window System configuration information
 xconfig  --defaultdesktop=GNOME --startxonboot
 # System bootloader configuration
@@ -37,7 +36,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"

 %post --logfile=/mnt/sysimage/root/post.log

--- a/dishes/desktop-hypervisor.cfg
+++ b/dishes/desktop-hypervisor.cfg
@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -14,18 +14,17 @@ lang en_US.UTF-8
 network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 # Shutdown after installation
 shutdown
-repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
-repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
+repo --name="rawhide" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64
 #Root password
-rootpw --iscrypted --lock locked
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
 timezone Europe/Zurich --utc
 # Use network installation
-url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
+url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64"
 # X Window System configuration information
 xconfig  --defaultdesktop=GNOME --startxonboot
 # System bootloader configuration
@@ -37,7 +36,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"

 %post --logfile=/mnt/sysimage/root/post.log

--- a/dishes/desktop.cfg
+++ b/dishes/desktop.cfg
@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -14,18 +14,17 @@ lang en_US.UTF-8
 network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 # Shutdown after installation
 shutdown
-repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
-repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
+repo --name="rawhide" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64
 #Root password
-rootpw --iscrypted --lock locked
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved"
 # System timezone
 timezone Europe/Zurich --utc
 # Use network installation
-url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
+url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64"
 # X Window System configuration information
 xconfig  --defaultdesktop=GNOME --startxonboot
 # System bootloader configuration
@@ -37,7 +36,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"

 %post --logfile=/mnt/sysimage/root/post.log

--- a/dishes/live-desktop-hypervisor.cfg
+++ b/dishes/live-desktop-hypervisor.cfg
@@ -1,7 +1,7 @@
 # Generated by pykickstart v3.62
 #version=DEVEL
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -12,18 +12,17 @@ lang en_US.UTF-8
 network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 # Shutdown after installation
 shutdown
-repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
-repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
+repo --name="rawhide" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64
 #Root password
-rootpw --iscrypted --lock locked
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
 timezone Europe/Zurich --utc
 # Use network installation
-url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
+url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64"
 # X Window System configuration information
 xconfig  --defaultdesktop=GNOME --startxonboot
 # System bootloader configuration
--- a/dishes/live-desktop.cfg
+++ b/dishes/live-desktop.cfg
@@ -1,7 +1,7 @@
 # Generated by pykickstart v3.62
 #version=DEVEL
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -12,18 +12,17 @@ lang en_US.UTF-8
 network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 # Shutdown after installation
 shutdown
-repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
-repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
+repo --name="rawhide" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64
 #Root password
-rootpw --iscrypted --lock locked
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved"
 # System timezone
 timezone Europe/Zurich --utc
 # Use network installation
-url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
+url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64"
 # X Window System configuration information
 xconfig  --defaultdesktop=GNOME --startxonboot
 # System bootloader configuration
--- a/dishes/live-server-hypervisor.cfg
+++ b/dishes/live-server-hypervisor.cfg
@@ -1,7 +1,7 @@
 # Generated by pykickstart v3.62
 #version=DEVEL
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -12,18 +12,17 @@ lang en_US.UTF-8
 network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 # Shutdown after installation
 shutdown
-repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
-repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
+repo --name="rawhide" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64
 #Root password
-rootpw --iscrypted --lock locked
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
 timezone Europe/Zurich --utc
 # Use network installation
-url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
+url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64"
 # System bootloader configuration
 bootloader --location=none --timeout=1
 # Clear the Master Boot Record
--- a/dishes/live-server.cfg
+++ b/dishes/live-server.cfg
@@ -1,7 +1,7 @@
 # Generated by pykickstart v3.62
 #version=DEVEL
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -12,18 +12,17 @@ lang en_US.UTF-8
 network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 # Shutdown after installation
 shutdown
-repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
-repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
+repo --name="rawhide" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64
 #Root password
-rootpw --iscrypted --lock locked
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved"
 # System timezone
 timezone Europe/Zurich --utc
 # Use network installation
-url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
+url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64"
 # System bootloader configuration
 bootloader --location=none --timeout=1
 # Clear the Master Boot Record
--- a/dishes/virtual-desktop-hypervisor.cfg
+++ b/dishes/virtual-desktop-hypervisor.cfg
@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -14,18 +14,17 @@ lang en_US.UTF-8
 network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 # Shutdown after installation
 shutdown
-repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
-repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
+repo --name="rawhide" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64
 #Root password
-rootpw --iscrypted --lock locked
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
 timezone Europe/Zurich --utc
 # Use network installation
-url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
+url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64"
 # X Window System configuration information
 xconfig  --defaultdesktop=GNOME --startxonboot
 # System bootloader configuration
@@ -37,7 +36,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"

 %post --logfile=/mnt/sysimage/root/post.log

@@ -226,9 +225,16 @@ mkdir /mnt/sysimage/var/lib/libvirt/isos # Create a directory to store iso image
 NetworkManager
 NetworkManager-config-connectivity-fedora
 NetworkManager-wifi
+alsa-sof-firmware
+amd-gpu-firmware
+atheros-firmware
 audit
+b43-fwcutter
+b43-openfwwf
 basesystem
 bash
+brcmfmac-firmware
+cirrus-audio-firmware
 coreutils
 curl
 dejavu-sans-mono-fonts
@@ -254,11 +260,18 @@ gnome-initial-setup
 gnome-shell
 gnome-terminal
 hostname
+intel-audio-firmware
+intel-gpu-firmware
+intel-vsc-firmware
 iproute
 iputils
+iwlegacy-firmware
+iwlwifi-dvm-firmware
+iwlwifi-mvm-firmware
 kbd
 kernel
 less
+libertas-firmware
 libusb
 libvirt
 libvirt-client
@@ -278,8 +291,11 @@ libvirt-nss
 man-db
 mesa-dri-drivers
 mozilla-ublock-origin.noarch
+mt7xxx-firmware
 nano
 ncurses
+nvidia-gpu-firmware
+nxpwireless-firmware
 openssh-clients
 openssh-server
 parted
@@ -293,6 +309,7 @@ prefixdevname
 procps-ng
 qemu-guest-agent
 qemu-kvm
+realtek-firmware
 rootfiles
 rpm
 selinux-policy-targeted
@@ -304,6 +321,7 @@ sssd-kcm
 sudo
 systemd
 systemd-resolved
+tiwilink-firmware
 usbutils
 util-linux
 vim-minimal
--- a/dishes/virtual-desktop-hypervisor_devel.cfg
+++ b/dishes/virtual-desktop-hypervisor_devel.cfg
@@ -0,0 +1,292 @@
+# Generated by pykickstart v3.62
+#version=DEVEL
+# Use text mode install
+text
+# Firewall configuration
+firewall --enabled --service=ssh
+# Keyboard layouts
+keyboard --xlayouts='ch (fr)'
+# System language
+lang en_US.UTF-8
+# Network information
+network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
+# Shutdown after installation
+shutdown
+repo --name="rawhide" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64
+# Root password
+rootpw --plaintext --allow-ssh 1234
+# SELinux configuration
+selinux --disabled
+# System services
+services --enabled="NetworkManager,systemd-resolved,libvirtd"
+# System timezone
+timezone Europe/Zurich --utc
+# Use network installation
+url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64"
+# X Window System configuration information
+xconfig  --defaultdesktop=GNOME --startxonboot
+# System bootloader configuration
+bootloader --location=mbr --timeout=1
+# Clear the Master Boot Record
+zerombr
+# Partition clearing information
+clearpart --all --initlabel
+# Disk partitioning information
+part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
+part /boot --fstype="ext4" --size=512 --label=boot
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
+
+%post --nochroot --logfile=/mnt/sysimage/root/base-desktop-gnome.log
+
+# cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.background.gschema.override<< EOF
+# [org.gnome.desktop.background]
+# picture-uri='file:///usr/share/backgrounds/elementary/Morskie Oko.jpg'
+# EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.media-handling.gschema.override<< EOF
+[org.gnome.desktop.media-handling]
+automount-open=false
+autorun-never=true
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.Terminal.gschema.override<< EOF
+[org.gnome.Terminal.Legacy.Profile]
+font='DejaVu Sans Mono 12'
+use-system-font=false
+audible-bell=false
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.wm.preferences.gschema.override<< EOF
+[org.gnome.desktop.wm.preferences]
+button-layout=':minimize,maximize,close'
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.a11y.gschema.override<< EOF
+[org.gnome.desktop.a11y]
+always-show-universal-access-status=true
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.interface.gschema.override<< EOF
+[org.gnome.desktop.interface]
+enable-animations=false
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.privacy.gschema.override<< EOF
+[org.gnome.desktop.privacy]
+remove-old-temp-files=true
+remember-recent-files=false
+remember-app-usage=false
+disable-camera=true
+disable-microphone=true
+disable-sound-output=true
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.search-providers.gschema.override<< EOF
+[org.gnome.desktop.search-providers]
+disable-external=true
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.notifications.gschema.override<< EOF
+[org.gnome.desktop.notifications.application]
+enable-sound-alerts=false
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.sound.gschema.override<< EOF
+[org.gnome.desktop.sound]
+event-sounds=false
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.thumbnailers.gschema.override<< EOF
+[org.gnome.desktop.thumbnailers]
+disable-all=true
+EOF
+
+glib-compile-schemas /mnt/sysimage/usr/share/glib-2.0/schemas/
+
+%end
+
+%post --nochroot --logfile=/mnt/sysimage/root/base-desktop-gnome-virtual-machine-manager.log
+
+# Create a file to autostart virt-manager
+cat > /mnt/sysimage/etc/xdg/autostart/virt-manager.desktop << EOF
+[Desktop Entry]
+Type=Application
+Name=Virtual Machine Manager
+Exec=virt-manager
+EOF
+
+# Modify the default virt-manager behavior for misc. options
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.virt-manager.virt-manager.gschema.override<< EOF
+
+# Modify the default virt-manager behavior for misc. options
+[org.virt-manager.virt-manager]
+xmleditor-enabled=true
+manager-window-height=600
+manager-window-width=200
+
+# Libvirt URIs listed in the manager window
+[org.virt-manager.virt-manager.connections]
+uris=['qemu:///system', 'qemu:///session']
+autoconnect=['qemu:///session']
+
+# Show usage in the domain list
+[org.virt-manager.virt-manager.vmlist-fields]
+cpu-usage=false
+
+# Settings related to statistics
+[org.virt-manager.virt-manager.stats]
+update-interval=3
+enable-disk-poll=true
+enable-memory-poll=true
+enable-net-poll=true
+
+# Default behavior for the console
+[org.virt-manager.virt-manager.console]
+scaling=2
+resize-guest=1
+autoconnect=false
+
+# Do not show toolbar
+[org.virt-manager.virt-manager.details]
+show-toolbar=false
+
+# Modify default values for new VMs
+[org.virt-manager.virt-manager.new-vm]
+storage-format='raw'
+cpu-default='host-model'
+graphics-type='spice'
+
+# Modify the default virt-manager behavior for confirmation dialogues
+[org.virt-manager.virt-manager.confirm]
+forcepoweroff=false
+removedev=false
+unapplied-dev=false
+
+EOF
+
+glib-compile-schemas /mnt/sysimage/usr/share/glib-2.0/schemas/
+
+%end
+
+%post --nochroot --logfile=/mnt/sysimage/root/base-hypervisor.log
+
+# Load kernel modules by adding vfio, vfio_pci, vfio_iommu_type1, vfio_virqfd
+echo "vfio" > /mnt/sysimage/etc/modules-load.d/vfio.conf
+echo "vfio-pci" > /mnt/sysimage/etc/modules-load.d/vfio-pci.conf
+echo "vfio_iommu_type1" > /mnt/sysimage/etc/modules-load.d/vfio_iommu_type1.conf
+echo "vfio_virqfd" > /mnt/sysimage/etc/modules-load.d/vfio_virqfd.conf
+
+mkdir /mnt/sysimage/var/lib/libvirt/isos # Create a directory to store iso images. SELinux is already taking this one into account. 
+
+# wget https://boot.netboot.xyz/ipxe/netboot.xyz.iso -P /mnt/sysimage/var/lib/libvirt/isos/ # fetch netboot.xyz iso and store it to the newly created iso directory
+
+# # virsh commands fail in a kickstart environment (chroot or not it seems). would need to fetch a script and execute post-launch with a delay, for example using a systemd unit 
+# virsh pool-define-as isos dir - - - - /mnt/sysimage/var/lib/libvirt/isos/ # Make libvirt aware of this new directory by creating a so-called 'pool'.
+# virsh pool-build isos # Build the pool
+# virsh pool-start isos # Start it
+# virsh pool-autostart isos # Set-it to autostart
+
+# fetch custom script and make it executable
+# wget https://raw.githubusercontent.com/PhyllomeOS/phyllomeos/main/post-first-startup-scripts/virtualization-tweaks-root-needed.sh -P /mnt/sysimage/usr/local/bin/
+# chmod +x /mnt/sysimage/usr/local/bin/virtualization-tweaks-root-needed.sh
+
+# wget https://raw.githubusercontent.com/PhyllomeOS/xml-definition-for-domains/main/xml/system/linux.xml
+# virsh define linux.xml
+
+# wget https://raw.githubusercontent.com/PhyllomeOS/xml-definition-for-domains/main/xml/system/windows.xml
+# virsh define windows.xml
+
+%end
+
+%packages --exclude-weakdeps
+NetworkManager
+NetworkManager-config-connectivity-fedora
+NetworkManager-wifi
+audit
+basesystem
+bash
+coreutils
+curl
+dejavu-sans-mono-fonts
+dhcp-client
+dnf5
+dnf5-plugins
+dracut
+dracut-config-rescue
+e2fsprogs
+fedora-remix-logos
+filesystem
+firefox
+firewalld
+fwupd
+generic-logos
+generic-release
+generic-release-common
+generic-release-notes
+glibc
+gnome-backgrounds.noarch
+gnome-control-center
+gnome-shell
+gnome-terminal
+hostname
+iproute
+iputils
+kbd
+kernel
+less
+libusb
+libvirt
+libvirt-client
+libvirt-client-qemu
+libvirt-daemon
+libvirt-daemon-common
+libvirt-daemon-config-network
+libvirt-daemon-driver-ch
+libvirt-daemon-driver-interface
+libvirt-daemon-driver-network
+libvirt-daemon-driver-qemu
+libvirt-daemon-kvm
+libvirt-daemon-log
+libvirt-daemon-qemu
+libvirt-dbus
+libvirt-nss
+man-db
+mesa-dri-drivers
+mozilla-ublock-origin.noarch
+nano
+ncurses
+openssh-clients
+openssh-server
+parted
+pciutils
+pipewire-alsa
+pipewire-jack-audio-connection-kit
+pipewire-pulseaudio
+plymouth
+policycoreutils
+prefixdevname
+procps-ng
+qemu-guest-agent
+qemu-kvm
+rootfiles
+rpm
+selinux-policy-targeted
+setup
+shadow-utils
+spice-vdagent
+sssd-common
+sssd-kcm
+sudo
+systemd
+systemd-resolved
+usbutils
+util-linux
+vim-minimal
+virt-install
+virt-manager
+wget
+wpa_supplicant
+zram-generator-defaults
+-gnome-tour
+
+%end
--- a/dishes/virtual-desktop.cfg
+++ b/dishes/virtual-desktop.cfg
@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -14,18 +14,17 @@ lang en_US.UTF-8
 network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 # Shutdown after installation
 shutdown
-repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
-repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
+repo --name="rawhide" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64
 #Root password
-rootpw --iscrypted --lock locked
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved"
 # System timezone
 timezone Europe/Zurich --utc
 # Use network installation
-url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
+url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64"
 # X Window System configuration information
 xconfig  --defaultdesktop=GNOME --startxonboot
 # System bootloader configuration
@@ -37,7 +36,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"

 %post --logfile=/mnt/sysimage/root/post.log

@@ -133,9 +132,16 @@ glib-compile-schemas /mnt/sysimage/usr/share/glib-2.0/schemas/
 NetworkManager
 NetworkManager-config-connectivity-fedora
 NetworkManager-wifi
+alsa-sof-firmware
+amd-gpu-firmware
+atheros-firmware
 audit
+b43-fwcutter
+b43-openfwwf
 basesystem
 bash
+brcmfmac-firmware
+cirrus-audio-firmware
 coreutils
 curl
 dejavu-sans-mono-fonts
@@ -161,17 +167,27 @@ gnome-initial-setup
 gnome-shell
 gnome-terminal
 hostname
+intel-audio-firmware
+intel-gpu-firmware
+intel-vsc-firmware
 iproute
 iputils
+iwlegacy-firmware
+iwlwifi-dvm-firmware
+iwlwifi-mvm-firmware
 kbd
 kernel
 less
+libertas-firmware
 libusb
 man-db
 mesa-dri-drivers
 mozilla-ublock-origin.noarch
+mt7xxx-firmware
 nano
 ncurses
+nvidia-gpu-firmware
+nxpwireless-firmware
 openssh-clients
 openssh-server
 parted
@@ -184,6 +200,7 @@ policycoreutils
 prefixdevname
 procps-ng
 qemu-guest-agent
+realtek-firmware
 rootfiles
 rpm
 selinux-policy-targeted
@@ -195,6 +212,7 @@ sssd-kcm
 sudo
 systemd
 systemd-resolved
+tiwilink-firmware
 usbutils
 util-linux
 vim-minimal
--- a/dishes/virtual-desktop_devel.cfg
+++ b/dishes/virtual-desktop_devel.cfg
@@ -0,0 +1,181 @@
+# Generated by pykickstart v3.62
+#version=DEVEL
+# Use text mode install
+text
+# Firewall configuration
+firewall --enabled --service=ssh
+# Keyboard layouts
+keyboard --xlayouts='ch (fr)'
+# System language
+lang en_US.UTF-8
+# Network information
+network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
+# Shutdown after installation
+shutdown
+repo --name="rawhide" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64
+# Root password
+rootpw --plaintext --allow-ssh 1234
+# SELinux configuration
+selinux --disabled
+# System services
+services --enabled="NetworkManager,systemd-resolved"
+# System timezone
+timezone Europe/Zurich --utc
+# Use network installation
+url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64"
+# X Window System configuration information
+xconfig  --defaultdesktop=GNOME --startxonboot
+# System bootloader configuration
+bootloader --location=mbr --timeout=1
+# Clear the Master Boot Record
+zerombr
+# Partition clearing information
+clearpart --all --initlabel
+# Disk partitioning information
+part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
+part /boot --fstype="ext4" --size=512 --label=boot
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
+
+%post --nochroot --logfile=/mnt/sysimage/root/base-desktop-gnome.log
+
+# cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.background.gschema.override<< EOF
+# [org.gnome.desktop.background]
+# picture-uri='file:///usr/share/backgrounds/elementary/Morskie Oko.jpg'
+# EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.media-handling.gschema.override<< EOF
+[org.gnome.desktop.media-handling]
+automount-open=false
+autorun-never=true
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.Terminal.gschema.override<< EOF
+[org.gnome.Terminal.Legacy.Profile]
+font='DejaVu Sans Mono 12'
+use-system-font=false
+audible-bell=false
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.wm.preferences.gschema.override<< EOF
+[org.gnome.desktop.wm.preferences]
+button-layout=':minimize,maximize,close'
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.a11y.gschema.override<< EOF
+[org.gnome.desktop.a11y]
+always-show-universal-access-status=true
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.interface.gschema.override<< EOF
+[org.gnome.desktop.interface]
+enable-animations=false
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.privacy.gschema.override<< EOF
+[org.gnome.desktop.privacy]
+remove-old-temp-files=true
+remember-recent-files=false
+remember-app-usage=false
+disable-camera=true
+disable-microphone=true
+disable-sound-output=true
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.search-providers.gschema.override<< EOF
+[org.gnome.desktop.search-providers]
+disable-external=true
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.notifications.gschema.override<< EOF
+[org.gnome.desktop.notifications.application]
+enable-sound-alerts=false
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.sound.gschema.override<< EOF
+[org.gnome.desktop.sound]
+event-sounds=false
+EOF
+
+cat >> /mnt/sysimage/usr/share/glib-2.0/schemas/org.gnome.desktop.thumbnailers.gschema.override<< EOF
+[org.gnome.desktop.thumbnailers]
+disable-all=true
+EOF
+
+glib-compile-schemas /mnt/sysimage/usr/share/glib-2.0/schemas/
+
+%end
+
+%packages --exclude-weakdeps
+NetworkManager
+NetworkManager-config-connectivity-fedora
+NetworkManager-wifi
+audit
+basesystem
+bash
+coreutils
+curl
+dejavu-sans-mono-fonts
+dhcp-client
+dnf5
+dnf5-plugins
+dracut
+dracut-config-rescue
+e2fsprogs
+fedora-remix-logos
+filesystem
+firefox
+firewalld
+fwupd
+generic-logos
+generic-release
+generic-release-common
+generic-release-notes
+glibc
+gnome-backgrounds.noarch
+gnome-control-center
+gnome-shell
+gnome-terminal
+hostname
+iproute
+iputils
+kbd
+kernel
+less
+libusb
+man-db
+mesa-dri-drivers
+mozilla-ublock-origin.noarch
+nano
+ncurses
+openssh-clients
+openssh-server
+parted
+pciutils
+pipewire-alsa
+pipewire-jack-audio-connection-kit
+pipewire-pulseaudio
+plymouth
+policycoreutils
+prefixdevname
+procps-ng
+qemu-guest-agent
+rootfiles
+rpm
+selinux-policy-targeted
+setup
+shadow-utils
+spice-vdagent
+sssd-common
+sssd-kcm
+sudo
+systemd
+systemd-resolved
+usbutils
+util-linux
+vim-minimal
+wget
+wpa_supplicant
+zram-generator-defaults
+-gnome-tour
+
+%end
--- a/dishes/virtual-server-hypervisor.cfg
+++ b/dishes/virtual-server-hypervisor.cfg
@@ -3,9 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
-# Run the Setup Agent on first boot
-firstboot --reconfig
+firewall --enabled --service=ssh
 # Keyboard layouts
 keyboard --xlayouts='ch (fr)'
 # System language
@@ -14,10 +12,9 @@ lang en_US.UTF-8
 network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 # Shutdown after installation
 shutdown
-repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
-repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
+repo --name="rawhide" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64
 # Root password
-rootpw --iscrypted --lock locked
+rootpw --plaintext --allow-ssh 1234
 # SELinux configuration
 selinux --disabled
 # System services
@@ -25,7 +22,7 @@ services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
 timezone Europe/Zurich --utc
 # Use network installation
-url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
+url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64"
 # System bootloader configuration
 bootloader --location=mbr --timeout=1
 # Clear the Master Boot Record
@@ -35,14 +32,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
-
-%post --logfile=/mnt/sysimage/root/post.log
-
-localectl set-keymap ch-fr # Set keymap to `ch-fr`. Alternatively, `us` can be picked.
-dnf update -y # Update the system 
-
-%end
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"

 %post --nochroot --logfile=/mnt/sysimage/root/base-hypervisor.log

@@ -98,7 +88,6 @@ generic-release-common
 generic-release-notes
 glibc
 hostname
-initial-setup
 iproute
 iputils
 kbd
--- a/dishes/virtual-server-hypervisor_devel.cfg
+++ b/dishes/virtual-server-hypervisor_devel.cfg
@@ -0,0 +1,143 @@
+# Generated by pykickstart v3.62
+#version=DEVEL
+# Use text mode install
+text
+# Firewall configuration
+firewall --enabled --service=ssh
+# Keyboard layouts
+keyboard --xlayouts='ch (fr)'
+# System language
+lang en_US.UTF-8
+# Network information
+network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
+# Shutdown after installation
+shutdown
+repo --name="rawhide" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64
+# Root password
+rootpw --plaintext --allow-ssh 1234
+# SELinux configuration
+selinux --disabled
+# System services
+services --enabled="NetworkManager,systemd-resolved,libvirtd"
+# System timezone
+timezone Europe/Zurich --utc
+# Use network installation
+url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64"
+# System bootloader configuration
+bootloader --location=mbr --timeout=1
+# Clear the Master Boot Record
+zerombr
+# Partition clearing information
+clearpart --all --initlabel
+# Disk partitioning information
+part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
+part /boot --fstype="ext4" --size=512 --label=boot
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
+
+%post --nochroot --logfile=/mnt/sysimage/root/base-hypervisor.log
+
+# Load kernel modules by adding vfio, vfio_pci, vfio_iommu_type1, vfio_virqfd
+echo "vfio" > /mnt/sysimage/etc/modules-load.d/vfio.conf
+echo "vfio-pci" > /mnt/sysimage/etc/modules-load.d/vfio-pci.conf
+echo "vfio_iommu_type1" > /mnt/sysimage/etc/modules-load.d/vfio_iommu_type1.conf
+echo "vfio_virqfd" > /mnt/sysimage/etc/modules-load.d/vfio_virqfd.conf
+
+mkdir /mnt/sysimage/var/lib/libvirt/isos # Create a directory to store iso images. SELinux is already taking this one into account. 
+
+# wget https://boot.netboot.xyz/ipxe/netboot.xyz.iso -P /mnt/sysimage/var/lib/libvirt/isos/ # fetch netboot.xyz iso and store it to the newly created iso directory
+
+# # virsh commands fail in a kickstart environment (chroot or not it seems). would need to fetch a script and execute post-launch with a delay, for example using a systemd unit 
+# virsh pool-define-as isos dir - - - - /mnt/sysimage/var/lib/libvirt/isos/ # Make libvirt aware of this new directory by creating a so-called 'pool'.
+# virsh pool-build isos # Build the pool
+# virsh pool-start isos # Start it
+# virsh pool-autostart isos # Set-it to autostart
+
+# fetch custom script and make it executable
+# wget https://raw.githubusercontent.com/PhyllomeOS/phyllomeos/main/post-first-startup-scripts/virtualization-tweaks-root-needed.sh -P /mnt/sysimage/usr/local/bin/
+# chmod +x /mnt/sysimage/usr/local/bin/virtualization-tweaks-root-needed.sh
+
+# wget https://raw.githubusercontent.com/PhyllomeOS/xml-definition-for-domains/main/xml/system/linux.xml
+# virsh define linux.xml
+
+# wget https://raw.githubusercontent.com/PhyllomeOS/xml-definition-for-domains/main/xml/system/windows.xml
+# virsh define windows.xml
+
+%end
+
+%packages --exclude-weakdeps
+NetworkManager
+NetworkManager-config-connectivity-fedora
+audit
+basesystem
+bash
+coreutils
+curl
+dhcp-client
+dnf5
+dnf5-plugins
+dracut
+dracut-config-rescue
+e2fsprogs
+fedora-remix-logos
+filesystem
+firewalld
+fwupd
+generic-logos
+generic-release
+generic-release-common
+generic-release-notes
+glibc
+hostname
+iproute
+iputils
+kbd
+kernel
+less
+libusb
+libvirt
+libvirt-client
+libvirt-client-qemu
+libvirt-daemon
+libvirt-daemon-common
+libvirt-daemon-config-network
+libvirt-daemon-driver-ch
+libvirt-daemon-driver-interface
+libvirt-daemon-driver-network
+libvirt-daemon-driver-qemu
+libvirt-daemon-kvm
+libvirt-daemon-log
+libvirt-daemon-qemu
+libvirt-dbus
+libvirt-nss
+man-db
+nano
+ncurses
+openssh-clients
+openssh-server
+parted
+pciutils
+plymouth
+policycoreutils
+prefixdevname
+procps-ng
+qemu-guest-agent
+qemu-kvm
+rootfiles
+rpm
+selinux-policy-targeted
+setup
+shadow-utils
+spice-vdagent
+sssd-common
+sssd-kcm
+sudo
+systemd
+systemd-resolved
+usbutils
+util-linux
+vim-minimal
+virt-install
+wget
+zram-generator-defaults
+
+%end
--- a/dishes/virtual-server.cfg
+++ b/dishes/virtual-server.cfg
@@ -2,46 +2,95 @@
 #version=DEVEL
 # Use text mode install
 text
+# Firewall configuration
+firewall --enabled --service=ssh
 # Keyboard layouts
 keyboard --xlayouts='ch (fr)'
 # System language
 lang en_US.UTF-8
+# Network information
+network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 # Shutdown after installation
 shutdown
-repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
-repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
+repo --name="rawhide" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64
 # Root password
-rootpw --plaintext 1234 # Root account is enabled with weak password
+rootpw --plaintext --allow-ssh 1234
+# SELinux configuration
+selinux --disabled
+# System services
+services --enabled="NetworkManager,systemd-resolved"
 # System timezone
 timezone Europe/Zurich --utc
 # Use network installation
-url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
+url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64"
 # System bootloader configuration
-bootloader --sdboot
+bootloader --location=mbr --timeout=1
 # Clear the Master Boot Record
 zerombr
 # Partition clearing information
 clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
-part / --fstype="ext4" --grow --label=root
+part /boot --fstype="ext4" --size=512 --label=boot
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"

-%packages --nocore --inst-langs=en --exclude-weakdeps
+%packages --exclude-weakdeps
+NetworkManager
+NetworkManager-config-connectivity-fedora
+audit
 basesystem
 bash
+coreutils
+curl
+dhcp-client
+dnf5
+dnf5-plugins
 dracut
+dracut-config-rescue
+e2fsprogs
 fedora-remix-logos
 filesystem
+firewalld
+fwupd
 generic-logos
 generic-release
 generic-release-common
 generic-release-notes
 glibc
+hostname
+iproute
+iputils
+kbd
 kernel
+less
+libusb
+man-db
+nano
+ncurses
+openssh-clients
+openssh-server
+parted
+pciutils
+plymouth
+policycoreutils
+prefixdevname
+procps-ng
+qemu-guest-agent
 rootfiles
 rpm
+selinux-policy-targeted
 setup
+shadow-utils
+spice-vdagent
+sssd-common
+sssd-kcm
+sudo
 systemd
+systemd-resolved
+usbutils
+util-linux
+vim-minimal
+wget
 zram-generator-defaults

 %end
--- a/dishes/virtual-server_devel.cfg
+++ b/dishes/virtual-server_devel.cfg
@@ -0,0 +1,96 @@
+# Generated by pykickstart v3.62
+#version=DEVEL
+# Use text mode install
+text
+# Firewall configuration
+firewall --enabled --service=ssh
+# Keyboard layouts
+keyboard --xlayouts='ch (fr)'
+# System language
+lang en_US.UTF-8
+# Network information
+network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
+# Shutdown after installation
+shutdown
+repo --name="rawhide" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64
+# Root password
+rootpw --plaintext --allow-ssh 1234
+# SELinux configuration
+selinux --disabled
+# System services
+services --enabled="NetworkManager,systemd-resolved"
+# System timezone
+timezone Europe/Zurich --utc
+# Use network installation
+url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=rawhide&arch=x86_64"
+# System bootloader configuration
+bootloader --location=mbr --timeout=1
+# Clear the Master Boot Record
+zerombr
+# Partition clearing information
+clearpart --all --initlabel
+# Disk partitioning information
+part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
+part /boot --fstype="ext4" --size=512 --label=boot
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
+
+%packages --exclude-weakdeps
+NetworkManager
+NetworkManager-config-connectivity-fedora
+audit
+basesystem
+bash
+coreutils
+curl
+dhcp-client
+dnf5
+dnf5-plugins
+dracut
+dracut-config-rescue
+e2fsprogs
+fedora-remix-logos
+filesystem
+firewalld
+fwupd
+generic-logos
+generic-release
+generic-release-common
+generic-release-notes
+glibc
+hostname
+iproute
+iputils
+kbd
+kernel
+less
+libusb
+man-db
+nano
+ncurses
+openssh-clients
+openssh-server
+parted
+pciutils
+plymouth
+policycoreutils
+prefixdevname
+procps-ng
+qemu-guest-agent
+rootfiles
+rpm
+selinux-policy-targeted
+setup
+shadow-utils
+spice-vdagent
+sssd-common
+sssd-kcm
+sudo
+systemd
+systemd-resolved
+usbutils
+util-linux
+vim-minimal
+wget
+zram-generator-defaults
+
+%end
--- a/ingredients/core-bootloader-systemd-boot.cfg
+++ b/ingredients/core-bootloader-systemd-boot.cfg
@@ -1 +1 @@
-bootloader --sdboot --timeout=1 # Use systemd-boot and set a timeout to 1
+bootloader --sdboot --location=mbr --timeout=1 # Use systemd-boot and set a timeout to 1
--- a/ingredients/core-initial-setup-desktop.cfg
+++ b/ingredients/core-initial-setup-desktop.cfg
@@ -1,4 +1,4 @@
-firstboot --reconfig # Initial Setup will start after the first reboot
+firstboot --enable --reconfig # Initial Setup will start after the first reboot

 %packages --exclude-weakdeps # Beginning of the packages section. Do not include weak dependencies.

--- a/ingredients/core-initial-setup-server.cfg
+++ b/ingredients/core-initial-setup-server.cfg
@@ -1,4 +1,4 @@
-firstboot --reconfig # Enable the Setup Agent to start at boot time in reconfiguration mode. This mode enables the language, mouse, keyboard, root password, security level, time zone, and networking configuration options in addition to the default ones
+firstboot --enable --reconfig # Enable the Setup Agent to start at boot time in reconfiguration mode. This mode enables the language, mouse, keyboard, root password, security level, time zone, and networking configuration options in addition to the default ones

 %packages --exclude-weakdeps # Beginning of the packages section. Do not include weak dependencies

--- a/ingredients/core-packages-default.cfg
+++ b/ingredients/core-packages-default.cfg
@@ -0,0 +1,23 @@
+%packages --exclude-weakdeps # Beginning of the package section. Does not include weak dependencies. Description courtesy of the Fedora project
+
+# Default packages fom core dnf group not marked as mandatory (`dnf group info --hidden core`)
+NetworkManager # Network connection manager and user applications
+NetworkManager-config-connectivity-fedora # NetworkManager config file for connectivity checking via Fedora servers
+dnf5-plugins # Plugins for dnf5
+dracut-config-rescue # dracut configuration to turn on rescue image generation
+firewalld # A firewall daemon with D-Bus interface providing a dynamic firewall
+fwupd # Firmware update daemon
+plymouth # Graphical Boot Animation and Logger
+prefixdevname # Udev helper utility that provides network interface naming using user defined prefix
+systemd-resolved # Network Name Resolution manager
+zram-generator-defaults # Default configuration for zram-generator
+
+# Hand-picked packages
+pciutils # PCI bus related utilities
+libusb # Library for accessing USB devices
+usbutils # Linux USB utilities
+curl # transfer a URL
+wget # An advanced file and recursive website downloader
+nano # A small text editor
+
+%end # End of the packages section
--- a/ingredients/core-packages-mandatory.cfg
+++ b/ingredients/core-packages-mandatory.cfg
@@ -0,0 +1,58 @@
+#            __          ____                        ____  _____
+#     ____  / /_  __  __/ / /___  ____ ___  ___     / __ \/ ___/
+#    / __ \/ __ \/ / / / / / __ \/ __ `__ \/ _ \   / / / /\__ \
+#   / /_/ / / / / /_/ / / / /_/ / / / / / /  __/  / /_/ /___/ /
+#  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
+# /_/          /____/
+#
+# Provides the mandatory packages that are part of the core DNF group
+# More information: https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#id240
+
+%packages --ignoremissing --nocore --exclude-weakdeps # Beginning of the package section. Does not include weak dependencies. Description courtesy of the Fedora project
+
+# Mandatory packages found in hidden `core` group (`dnf group info --hidden core`)
+audit # User space tools for kernel auditing
+basesystem # The skeleton package which defines a simple Fedora system
+bash # The Bourne Again SHell, a command-line interpreter.
+coreutils # A set of basic GNU tools commonly used in shell scripts
+curl # A utility for getting files from remote servers (FTP, HTTP, and others)
+dhcp-client # Provides the ISC DHCP client daemon and dhclient-script
+dnf5 # Command-line package manager
+dracut # Initramfs generator using udev
+e2fsprogs # Utilities for managing ext2, ext3, and ext4 file systems
+filesystem # The basic directory layout for a Linux system
+glibc # The GNU libc libraries
+hostname # Utility to set/show the host name or domain name
+iproute # Advanced IP routing and network device configuration tools
+iputils # Network monitoring tools including ping
+kbd # Tools for configuring the console (keyboard, virtual terminals, etc.)
+kernel # The Linux kernel
+less # A text file browser similar to more, but better. Can be excluded
+man-db # Tools for searching and reading man pages. Can be excluded
+ncurses # Ncurses support utilities
+openssh-clients # An open source SSH client applications. Can be excluded
+openssh-server # An open source SSH server daemon. Can be excluded
+parted # The GNU disk partition manipulation program
+policycoreutils # SELinux policy core utilities. Can be excluded
+procps-ng # System and process monitoring utilities
+rootfiles # The basic required files for the root user's directory
+rpm # The RPM package management system
+selinux-policy-targeted # SELinux targeted policy. Can be excluded
+setup # A set of system configuration and setup files
+shadow-utils # Utilities for managing accounts and shadow password files
+sssd-common # Common files for the SSSD. Can be excluded
+sssd-kcm # An implementation of a Kerberos KCM server. Can be excluded
+sudo # Allows restricted root access for specified users
+systemd # System and Service Manager
+util-linux # Collection of basic system utilities
+vim-minimal # A minimal version of the VIM editor
+
+# Packages to make Phyllome OS a generic distro
+# Adds packages to comply with Fedora Remix legal guidelines: https://fedoraproject.org/wiki/Remix 
+fedora-remix-logos # Fedora Remix logos
+generic-release # Generic release files
+generic-logos # Icons and pictures
+generic-release-common # Generic release files
+generic-release-notes # Release Notes
+
+%end # End of the packages section
--- a/ingredients/core-packages.cfg
+++ b/ingredients/core-packages.cfg
@@ -1,64 +0,0 @@
-#            __          ____                        ____  _____
-#     ____  / /_  __  __/ / /___  ____ ___  ___     / __ \/ ___/
-#    / __ \/ __ \/ / / / / / __ \/ __ `__ \/ _ \   / / / /\__ \
-#   / /_/ / / / / /_/ / / / /_/ / / / / / /  __/  / /_/ /___/ /
-#  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
-# /_/          /____/
-#
-# Provides the mandatory packages that are part of the core DNF group
-# More information: https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#id240
-
-%packages --excludedocs --inst-langs=en --nocore --exclude-weakdeps # Beginning of the package section. Does not include weak dependencies. Description courtesy of the Fedora project
-
-# Mandatory packages found in hidden `core` group (`dnf group info --hidden core`)
-basesystem # The skeleton package which defines a simple Fedora system
-bash # The Bourne Again SHell, a command-line interpreter.
-curl # A utility for getting files from remote servers (FTP, HTTP, and others)
-# dhcp-client # Provides the ISC DHCP client daemon and dhclient-script
-dnf5 # Command-line package manager
-dracut # Initramfs generator using udev
-filesystem # The basic directory layout for a Linux system
-glibc # The GNU libc libraries
-# hostname # Utility to set/show the host name or domain name
-# iproute # Advanced IP routing and network device configuration tools
-# iputils # Network monitoring tools including ping
-# kbd # Tools for configuring the console (keyboard, virtual terminals, etc.)
-kernel # The Linux kernel
-# ncurses # Ncurses support utilities
-# parted # The GNU disk partition manipulation program
-# procps-ng # System and process monitoring utilities
-rootfiles # The basic required files for the root user's directory
-rpm # The RPM package management system
-setup # A set of system configuration and setup files
-shadow-utils # Utilities for managing accounts and shadow password files
-systemd # System and Service Manager
-# util-linux # Collection of basic system utilities
-
-# Default packages fom core dnf group not marked as mandatory (`dnf group info --hidden core`)
-# NetworkManager # Network connection manager and user applications
-# NetworkManager-config-connectivity-fedora # NetworkManager config file for connectivity checking via Fedora servers
-# dnf5-plugins # Plugins for dnf5
-# dracut-config-rescue # dracut configuration to turn on rescue image generation
-# firewalld # A firewall daemon with D-Bus interface providing a dynamic firewall
-# fwupd # Firmware update daemon
-# plymouth # Graphical Boot Animation and Logger
-# prefixdevname # Udev helper utility that provides network interface naming using user defined prefix
-# systemd-resolved # Network Name Resolution manager
-zram-generator-defaults # Default configuration for zram-generator
-
-# Hand-picked packages
-# pciutils # PCI bus related utilities
-# libusb # Library for accessing USB devices
-# usbutils # Linux USB utilities
-# wget # An advanced file and recursive website downloader
-# nano # A small text editor
-
-# Packages to make Phyllome OS a generic distro
-# Adds packages to comply with Fedora Remix legal guidelines: https://fedoraproject.org/wiki/Remix 
-fedora-remix-logos # Fedora Remix logos
-generic-release # Generic release files
-generic-logos # Icons and pictures
-generic-release-common # Generic release files
-generic-release-notes # Release Notes
-
-%end # End of the packages section
--- a/ingredients/core-security-off.cfg
+++ b/ingredients/core-security-off.cfg
@@ -1,3 +1,3 @@
-rootpw --lock --iscrypted locked # Lock the root account. Can still be undone by end-user during initial setup
-selinux --disabled # Disable SELinux ; other option: --enable
-firewall --disabled # Disable firewall
+rootpw --plaintext 1234 --allow-ssh # Root account is enabled with weak password and allow ssh
+selinux --disabled # Disable SELinux
+firewall --enabled --ssh # Reject incoming connections that are not in response to outbound requests except SSH
--- a/ingredients/core-security-on.cfg
+++ b/ingredients/core-security-on.cfg
@@ -1,3 +1,3 @@
-rootpw --lock --iscrypted locked # Lock the root account. Can still be undone by end-user during initial setup
-selinux --enabled # Enable SELinux ; other option: --disabled
+rootpw --lock # No root login from the console
+selinux --enforcing # Set SELinux to enforcing mode
 firewall --enabled # Enable firewall
--- a/ingredients/core-storage.cfg
+++ b/ingredients/core-storage.cfg
@@ -3,4 +3,4 @@ clearpart --all --initlabel # Erase all partitions and Initializes the disk labe

 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi # Creates a 2 GB EFI system partition
 part /boot --fstype="ext4" --size=512 --label=boot # Creates a 512 MiB ext4 boot partition
-part / --fstype="ext4" --grow --label=root # Create a single root partition with the remaining space
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit" # Create a single root partition with the remaining space
--- a/recipes/desktop-hypervisor-amdcpu.cfg
+++ b/recipes/desktop-hypervisor-amdcpu.cfg
@@ -11,13 +11,13 @@
 %include ../ingredients/core-storage.cfg # Storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
 %include ../ingredients/core-packages-hardware-support.cfg # Provides extended hardware support 
-%include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
+%include ../ingredients/core-fedora-repo-rawhide.cfg # Offical repositories for Fedora Rawhide
 %include ../ingredients/core-post.cfg # Post configuration script
 %include ../ingredients/core-initial-setup-desktop.cfg # OEM setup for GNOME Shell
 %include ../ingredients/base-desktop-gnome.cfg # A GNOME Shell-based desktop environment
--- a/recipes/desktop-hypervisor-intelcpu-intelgpu.cfg
+++ b/recipes/desktop-hypervisor-intelcpu-intelgpu.cfg
@@ -12,13 +12,13 @@
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
 %include ../ingredients/core-packages-hardware-support.cfg # Extended hardware support 
-%include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
+%include ../ingredients/core-fedora-repo-rawhide.cfg # Offical repositories for Fedora Rawhide
 %include ../ingredients/core-post.cfg # Triggered after the installation
 %include ../ingredients/core-initial-setup-desktop.cfg # OEM setup for GNOME Shell
 %include ../ingredients/base-desktop-gnome.cfg # A GNOME Shell-based desktop environment
--- a/recipes/desktop-hypervisor-intelcpu.cfg
+++ b/recipes/desktop-hypervisor-intelcpu.cfg
@@ -11,13 +11,13 @@
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
 %include ../ingredients/core-packages-hardware-support.cfg # Extended hardware support 
-%include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
+%include ../ingredients/core-fedora-repo-rawhide.cfg # Offical repositories for Fedora Rawhide
 %include ../ingredients/core-post.cfg # Triggered after the installation
 %include ../ingredients/core-initial-setup-desktop.cfg # OEM setup for GNOME Shell
 %include ../ingredients/base-desktop-gnome.cfg # A GNOME Shell-based desktop environment
--- a/recipes/desktop-hypervisor.cfg
+++ b/recipes/desktop-hypervisor.cfg
@@ -11,13 +11,13 @@
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
 %include ../ingredients/core-packages-hardware-support.cfg # Extended hardware support 
-%include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
+%include ../ingredients/core-fedora-repo-rawhide.cfg # Offical repositories for Fedora Rawhide
 %include ../ingredients/core-post.cfg # Triggered after the installation
 %include ../ingredients/core-initial-setup-desktop.cfg # OEM setup for GNOME Shell
 %include ../ingredients/base-desktop-gnome.cfg # A GNOME Shell-based desktop environment
--- a/recipes/desktop.cfg
+++ b/recipes/desktop.cfg
@@ -11,13 +11,13 @@
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
 %include ../ingredients/core-packages-hardware-support.cfg # Extended hardware support 
-%include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
+%include ../ingredients/core-fedora-repo-rawhide.cfg # Offical repositories for Fedora Rawhide
 %include ../ingredients/core-post.cfg # Triggered after the installation
 %include ../ingredients/core-initial-setup-desktop.cfg # OEM setup for GNOME Shell
 %include ../ingredients/base-desktop-gnome.cfg # A GNOME Shell-based desktop environment
--- a/recipes/live-desktop-hypervisor.cfg
+++ b/recipes/live-desktop-hypervisor.cfg
@@ -11,14 +11,14 @@
 %include ../ingredients/live-core-storage.cfg # For live systems only
 %include ../ingredients/live-core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/live-core-mandatory-packages.cfg # For live systems
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
 %include ../ingredients/core-packages-hardware-support.cfg # Extended hardware support 
-%include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
+%include ../ingredients/core-fedora-repo-rawhide.cfg # Offical repositories for Fedora Rawhide
 %include ../ingredients/core-post.cfg # Triggered after the installation
 %include ../ingredients/live-core-post.cfg # Post configuration script for a live system only
 %include ../ingredients/live-core-post-live-session.cfg # Live session script
--- a/recipes/live-desktop.cfg
+++ b/recipes/live-desktop.cfg
@@ -11,14 +11,14 @@
 %include ../ingredients/live-core-storage.cfg # For live systems only
 %include ../ingredients/live-core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/live-core-mandatory-packages.cfg # For live systems
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
 %include ../ingredients/core-packages-hardware-support.cfg # Extended hardware support 
-%include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
+%include ../ingredients/core-fedora-repo-rawhide.cfg # Offical repositories for Fedora Rawhide
 %include ../ingredients/core-post.cfg # Triggered after the installation
 %include ../ingredients/live-core-post.cfg # Post configuration script for a live system only
 %include ../ingredients/live-core-post-live-session.cfg # Live session script
--- a/recipes/live-server-hypervisor.cfg
+++ b/recipes/live-server-hypervisor.cfg
@@ -11,14 +11,14 @@
 %include ../ingredients/live-core-storage.cfg # For live systems only
 %include ../ingredients/live-core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/live-core-mandatory-packages.cfg # For live systems
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
 %include ../ingredients/core-packages-hardware-support.cfg # Extended hardware support 
-%include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
+%include ../ingredients/core-fedora-repo-rawhide.cfg # Offical repositories for Fedora Rawhide
 %include ../ingredients/core-post.cfg # Triggered after the installation
 %include ../ingredients/live-core-post.cfg # Post configuration script for a live system only
 %include ../ingredients/live-core-post-live-session.cfg # Live session script
--- a/recipes/live-server.cfg
+++ b/recipes/live-server.cfg
@@ -11,13 +11,13 @@
 %include ../ingredients/live-core-storage.cfg # For live systems only
 %include ../ingredients/live-core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/live-core-mandatory-packages.cfg # For live systems
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
-%include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
+%include ../ingredients/core-fedora-repo-rawhide.cfg # Offical repositories for Fedora Rawhide
 %include ../ingredients/core-post.cfg # Triggered after the installation
 %include ../ingredients/live-core-post.cfg # Post configuration script for a live system only
 %include ../ingredients/live-core-post-live-session.cfg # Live session script
--- a/recipes/virtual-desktop-hypervisor.cfg
+++ b/recipes/virtual-desktop-hypervisor.cfg
@@ -5,18 +5,21 @@
 #  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
 # /_/          /____/

-# A recipe for virtual desktop hypervisor
+# A recipe for a virtual desktop hypervisor

 %include ../ingredients/core.cfg # Text mode
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
-%include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
+%include ../ingredients/core-packages-hardware-support.cfg # Extended hardware support 
+%include ../ingredients/core-fedora-repo-rawhide.cfg # Offical repositories for Fedora Rawhide
+%include ../ingredients/core-post.cfg # Triggered after the installation
+%include ../ingredients/core-initial-setup-desktop.cfg # OEM setup for GNOME Shell
 %include ../ingredients/base-desktop-gnome.cfg # A GNOME Shell-based desktop environment
 %include ../ingredients/base-desktop-virtual-machine-manager.cfg # Virtual Machine Manager
 %include ../ingredients/base-hypervisor.cfg # Base hypervisor
--- a/recipes/virtual-desktop-hypervisor_devel.cfg
+++ b/recipes/virtual-desktop-hypervisor_devel.cfg
@@ -0,0 +1,23 @@
+#            __          ____                        ____  _____
+#     ____  / /_  __  __/ / /___  ____ ___  ___     / __ \/ ___/
+#    / __ \/ __ \/ / / / / / __ \/ __ `__ \/ _ \   / / / /\__ \
+#   / /_/ / / / / /_/ / / / /_/ / / / / / /  __/  / /_/ /___/ /
+#  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
+# /_/          /____/
+
+# Unsafe. Development-only. A recipe for a virtual desktop hypervisor
+
+%include ../ingredients/core.cfg # Text mode
+%include ../ingredients/core-storage.cfg # ext4-based storage configuration
+%include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
+%include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
+%include ../ingredients/core-security-off.cfg # Enable root account, disable firewall and SELinux
+%include ../ingredients/core-services.cfg # Required systemd services
+%include ../ingredients/core-network.cfg # Network configuration
+%include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
+%include ../ingredients/core-packages-default.cfg # Default but not necessary packages
+%include ../ingredients/core-fedora-repo-rawhide.cfg # Offical repositories for Fedora Rawhide
+%include ../ingredients/base-desktop-gnome.cfg # A GNOME Shell-based desktop environment
+%include ../ingredients/base-desktop-virtual-machine-manager.cfg # Virtual Machine Manager
+%include ../ingredients/base-hypervisor.cfg # Base hypervisor
+%include ../ingredients/base-guest-agents.cfg # Guest agents
--- a/recipes/virtual-desktop.cfg
+++ b/recipes/virtual-desktop.cfg
@@ -11,11 +11,14 @@
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
-%include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
+%include ../ingredients/core-packages-hardware-support.cfg # Extended hardware support 
+%include ../ingredients/core-fedora-repo-rawhide.cfg # Offical repositories for Fedora Rawhide
+%include ../ingredients/core-post.cfg # Triggered after the installation
+%include ../ingredients/core-initial-setup-desktop.cfg # OEM setup for GNOME Shell
 %include ../ingredients/base-desktop-gnome.cfg # A GNOME Shell-based desktop environment
 %include ../ingredients/base-guest-agents.cfg # Guest agents
--- a/recipes/virtual-desktop_devel.cfg
+++ b/recipes/virtual-desktop_devel.cfg
@@ -5,18 +5,17 @@
 #  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
 # /_/          /____/

-# A recipe for a virtual desktop
+# Unsafe. Development-only. A recipe for a virtual desktop

 %include ../ingredients/core.cfg # Text mode
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-off.cfg # Enable root account, disable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
-%include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
-%include ../ingredients/core-post.cfg # Triggered after the installation
-%include ../ingredients/core-initial-setup-server.cfg # For headless systems
+%include ../ingredients/core-fedora-repo-rawhide.cfg # Offical repositories for Fedora Rawhide
+%include ../ingredients/base-desktop-gnome.cfg # A GNOME Shell-based desktop environment
 %include ../ingredients/base-guest-agents.cfg # Guest agents
--- a/recipes/virtual-nano.cfg
+++ b/recipes/virtual-nano.cfg
@@ -1,16 +0,0 @@
-#            __          ____                        ____  _____
-#     ____  / /_  __  __/ / /___  ____ ___  ___     / __ \/ ___/
-#    / __ \/ __ \/ / / / / / __ \/ __ `__ \/ _ \   / / / /\__ \
-#   / /_/ / / / / /_/ / / / /_/ / / / / / /  __/  / /_/ /___/ /
-#  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
-# /_/          /____/
-
-# A recipe for a virtual server
-
-%include ../ingredients/core.cfg # Text mode
-%include ../ingredients/core-storage.cfg # ext4-based storage configuration
-%include ../ingredients/core-bootloader-systemd-boot.cfg # Set bootloader to sdboot
-%include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
-%include ../ingredients/core-packages.cfg # Mandatory packages 
-%include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
--- a/recipes/virtual-server-hypervisor_devel.cfg
+++ b/recipes/virtual-server-hypervisor_devel.cfg
@@ -5,17 +5,17 @@
 #  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
 # /_/          /____/

-# A recipe for a virtual headless hypervisor
+# # Unsafe. Development-only. A recipe for a virtual headless hypervisor

 %include ../ingredients/core.cfg # Text mode
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-off.cfg # Enable root account, disable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
-%include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
+%include ../ingredients/core-fedora-repo-rawhide.cfg # Offical repositories for Fedora Rawhide
 %include ../ingredients/base-hypervisor.cfg # Base hypervisor
 %include ../ingredients/base-guest-agents.cfg # Guest agents
--- a/recipes/virtual-server_devel.cfg
+++ b/recipes/virtual-server_devel.cfg
@@ -0,0 +1,20 @@
+#            __          ____                        ____  _____
+#     ____  / /_  __  __/ / /___  ____ ___  ___     / __ \/ ___/
+#    / __ \/ __ \/ / / / / / __ \/ __ `__ \/ _ \   / / / /\__ \
+#   / /_/ / / / / /_/ / / / /_/ / / / / / /  __/  / /_/ /___/ /
+#  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
+# /_/          /____/
+
+# # Unsafe. Development-only. A recipe for a virtual server
+
+%include ../ingredients/core.cfg # Text mode
+%include ../ingredients/core-storage.cfg # ext4-based storage configuration
+%include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
+%include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
+%include ../ingredients/core-security-off.cfg # Enable root account, disable firewall and SELinux
+%include ../ingredients/core-services.cfg # Required systemd services
+%include ../ingredients/core-network.cfg # Network configuration
+%include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
+%include ../ingredients/core-packages-default.cfg # Default but not necessary packages
+%include ../ingredients/core-fedora-repo-rawhide.cfg # Offical repositories for Fedora Rawhide
+%include ../ingredients/base-guest-agents.cfg # Guest agents
--- a/scripts/deploy-distro.sh
+++ b/scripts/deploy-distro.sh
@@ -4,6 +4,28 @@
 DEFAULT_MEMORY=4096
 DEFAULT_DISK_SIZE=10

+# Function to find Fedora ISO
+find_fedora_iso() {
+    local iso_dir="/var/lib/libvirt/isos"
+    local fedora_iso=""
+    
+    # Check if directory exists
+    if [ -d "$iso_dir" ]; then
+        # Find the first Fedora-Server*.iso file
+        fedora_iso=$(find "$iso_dir" -maxdepth 1 -name "Fedora-Server*.iso" -type f | head -n 1)
+        
+        # If found, return the full path
+        if [ -n "$fedora_iso" ] && [ -f "$fedora_iso" ]; then
+            echo "$fedora_iso"
+            return 0
+        fi
+    fi
+    
+    # Return empty if no ISO found
+    echo ""
+    return 1
+}
+
 # Prompt user for VM memory size
 read -r -p "Provide desired VM memory in MB or press Enter to keep default value of $DEFAULT_MEMORY MB): " memory_size
 memory_size=${memory_size:-$DEFAULT_MEMORY}
@@ -98,6 +120,16 @@ vm_name="${dish_name[$((choice - 1))]}"
 # Output the selected filename
 echo "You selected: $vm_name"

+# Find Fedora ISO or use default location
+fedora_iso=$(find_fedora_iso)
+if [ -n "$fedora_iso" ]; then
+    location_param="$fedora_iso"
+    echo "Using local ISO: $fedora_iso"
+else
+    location_param="https://download.fedoraproject.org/pub/fedora/linux/releases/43/Everything/x86_64/os/"
+    echo "Using default online repository"
+fi
+
 # virt-install command with user-defined VM name
 virt-install \
    --connect "$uri" \
@@ -129,7 +161,7 @@ virt-install \
    --watchdog none \
    --memballoon none \
    --disk path="${disk_path}/${vm_name}.img",format=raw,bus=virtio,cache=writeback,size="$disk_size" \
-    --location=https://download.fedoraproject.org/pub/fedora/linux/releases/43/Everything/x86_64/os/ \
+    --location="$location_param" \
    --initrd-inject ./dishes/"$vm_name".cfg \
    --extra-args "inst.ks=file:/$vm_name.cfg"
Author	SHA1	Message	Date
Lukas Greve	c102ab48f2	remove the hypervisor part	2025-12-14 10:09:16 +01:00
Lukas Greve	7aeb5b33c1	Merge pull request 'new devel recipes' (#6 ) from new-devel into main Reviewed-on: #6	2025-12-14 08:52:01 +00:00
Lukas Greve	854ce5d009	new devel recipes	2025-12-14 09:49:37 +01:00
Lukas Greve	e01ec9f5ae	Merge pull request 'recreate development-ready virtual machine recipes' (#5 ) from dev-recipes into main Reviewed-on: #5	2025-12-14 08:47:29 +00:00
Lukas Greve	c39e9b7803	recreate development-ready virtual machine recipes	2025-12-14 09:47:06 +01:00
Lukas Greve	a5cbd39b31	default to rawhide instead of fedora 43	2025-12-13 14:40:47 +01:00
Lukas Greve	ab8f9af755	Merge pull request 'Add local ISO detection functionality to deploy-distro.sh' (#4 ) from local-iso into main Reviewed-on: #4	2025-12-11 20:59:06 +00:00
Lukas Greve	6f98f5596d	Merge branch 'main' into local-iso	2025-12-11 20:58:59 +00:00
Lukas Greve	05cf28c11a	Add local ISO detection functionality to deploy-distro.sh	2025-12-11 21:56:56 +01:00
Lukas Greve	ba06919d98	Merge pull request 'simplify-virtual-editions' (#3 ) from simplify-virtual-editions into main Reviewed-on: #3	2025-12-11 19:52:57 +00:00
Lukas Greve	e018870d0e	updated recipes	2025-12-11 20:50:24 +01:00
Lukas Greve	0c76e7626d	make it even more insecure, to make it easier to debug	2025-12-11 20:50:13 +01:00
Lukas Greve	28c390f1b4	remove the post section to speed installation process	2025-12-11 20:49:29 +01:00
Lukas Greve	ebd35f0b1f	virtual dishes are for development-only	2025-12-10 21:31:31 +01:00
Lukas Greve	6832142907	add allow ssh incoming connection	2025-12-10 21:31:01 +01:00
Lukas Greve	eae12100a8	correct an awful regression. SELinux is either disabled or in enforcing mode. The enable switch does not work	2025-12-10 21:30:19 +01:00
Lukas Greve	bc5f156cd9	All non-virtual dishes / recipes are meant to be shipped with sane security defaults	2025-12-10 21:29:25 +01:00
Lukas Greve	8245bdf3b9	revert back gitignore to include dishes	2025-12-10 21:27:45 +01:00
Lukas Greve	674b34d441	Merge pull request 'add fast_commit and encrypt filesystem feature for ext4. Encrypt is a prerequisite for fscrypt support. Fast_commit is a faster journaling method.' (#2 ) from ext4-improvement into main Reviewed-on: #2	2025-12-10 16:18:33 +00:00
Lukas Greve	de5acaf289	Merge branch 'main' into ext4-improvement	2025-12-10 16:18:25 +00:00
Lukas Greve	cabebbcedf	add fast_commit and encrypt filesystem feature for ext4. Encrypt is a prerequisite for fscrypt support. Fast_commit is a faster journaling method.	2025-12-10 17:17:39 +01:00
Lukas Greve	b028260090	weak security to enable easier debugging	2025-12-09 22:33:51 +01:00
Lukas Greve	1fbe496b6a	the proper syntax for firstboot enabling	2025-12-09 22:33:15 +01:00
Lukas Greve	ae4ffdc64d	updated gitignore. Let's not track changes to complete kickstart files. It goes in the way	2025-12-09 22:32:40 +01:00
Lukas Greve	8cc2c13c66	Merge pull request 'tweak the security settings, to allow root login for debuging purposes (i.e. when initial-setup does not work)' (#1 ) from lax-security-settings into main Reviewed-on: #1	2025-12-09 21:22:45 +00:00
Lukas Greve	35deff93b3	tweak the security settings, to allow root login for debuging purposes (i.e. when initial-setup does not work)	2025-12-09 22:20:47 +01:00
Lukas Greve	a186c60e9a	add these changes to nano branch	2025-12-09 17:03:18 +01:00