updated recipes

Reviewed-on: #2

.gitignore

@@ -1 +1,3 @@
 .aider*
+# dishes/
+# !dishes/

dishes/desktop-hypervisor-amdcpu.cfg

@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -16,10 +16,10 @@ network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
-# Root password
-rootpw --iscrypted --lock locked
+#Root password
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
@@ -37,7 +37,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --logfile=/mnt/sysimage/root/post.log
 

dishes/desktop-hypervisor-intelcpu-intelgpu.cfg

@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -16,10 +16,10 @@ network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
-# Root password
-rootpw --iscrypted --lock locked
+#Root password
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
@@ -37,7 +37,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --logfile=/mnt/sysimage/root/post.log
 

dishes/desktop-hypervisor-intelcpu.cfg

@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -16,10 +16,10 @@ network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
-# Root password
-rootpw --iscrypted --lock locked
+#Root password
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
@@ -37,7 +37,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --logfile=/mnt/sysimage/root/post.log
 

dishes/desktop-hypervisor.cfg

@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -16,10 +16,10 @@ network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
-# Root password
-rootpw --iscrypted --lock locked
+#Root password
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
@@ -37,7 +37,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --logfile=/mnt/sysimage/root/post.log
 

dishes/desktop.cfg

@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -16,10 +16,10 @@ network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
-# Root password
-rootpw --iscrypted --lock locked
+#Root password
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved"
 # System timezone
@@ -37,7 +37,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --logfile=/mnt/sysimage/root/post.log
 

dishes/live-desktop-hypervisor.cfg

@@ -1,7 +1,7 @@
 # Generated by pykickstart v3.62
 #version=DEVEL
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -14,10 +14,10 @@ network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
-# Root password
-rootpw --iscrypted --lock locked
+#Root password
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone

dishes/live-desktop.cfg

@@ -1,7 +1,7 @@
 # Generated by pykickstart v3.62
 #version=DEVEL
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -14,10 +14,10 @@ network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
-# Root password
-rootpw --iscrypted --lock locked
+#Root password
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved"
 # System timezone

dishes/live-server-hypervisor.cfg

@@ -1,7 +1,7 @@
 # Generated by pykickstart v3.62
 #version=DEVEL
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -14,10 +14,10 @@ network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
-# Root password
-rootpw --iscrypted --lock locked
+#Root password
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone

dishes/live-server.cfg

@@ -1,7 +1,7 @@
 # Generated by pykickstart v3.62
 #version=DEVEL
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -14,10 +14,10 @@ network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
-# Root password
-rootpw --iscrypted --lock locked
+#Root password
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved"
 # System timezone

dishes/virtual-desktop-hypervisor.cfg

@@ -3,9 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
-# Run the Setup Agent on first boot
-firstboot --reconfig
+firewall --enabled --service=ssh
 # Keyboard layouts
 keyboard --xlayouts='ch (fr)'
 # System language
@@ -17,7 +15,7 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 # Root password
-rootpw --iscrypted --lock locked
+rootpw --plaintext --allow-ssh 1234
 # SELinux configuration
 selinux --disabled
 # System services
@@ -37,28 +35,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
-
-%post --logfile=/mnt/sysimage/root/post.log
-
-localectl set-keymap ch-fr # Set keymap to `ch-fr`. Alternatively, `us` can be picked.
-dnf update -y # Update the system 
-
-%end
-
-%post --nochroot --logfile=/mnt/sysimage/root/base-initial-setup-gnome.log
-
-truncate -s 0 /mnt/sysimage/usr/share/gnome-initial-setup/vendor.conf # remove content of vendor.conf so that all options are made available
-
-## Append lines to existing vendor.conf file, so that options are skipped upon reboot
-cat >> /mnt/sysimage/usr/share/gnome-initial-setup/vendor.conf<< EOF
-[pages]
-skip=privacy
-[goa]
-providers=local-first!
-EOF
-
-%end
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --nochroot --logfile=/mnt/sysimage/root/base-desktop-gnome.log
 
@@ -250,7 +227,6 @@ generic-release-notes
 glibc
 gnome-backgrounds.noarch
 gnome-control-center
-gnome-initial-setup
 gnome-shell
 gnome-terminal
 hostname

dishes/virtual-desktop.cfg

@@ -3,9 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
-# Run the Setup Agent on first boot
-firstboot --reconfig
+firewall --enabled --service=ssh
 # Keyboard layouts
 keyboard --xlayouts='ch (fr)'
 # System language
@@ -17,7 +15,7 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 # Root password
-rootpw --iscrypted --lock locked
+rootpw --plaintext --allow-ssh 1234
 # SELinux configuration
 selinux --disabled
 # System services
@@ -37,28 +35,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
-
-%post --logfile=/mnt/sysimage/root/post.log
-
-localectl set-keymap ch-fr # Set keymap to `ch-fr`. Alternatively, `us` can be picked.
-dnf update -y # Update the system 
-
-%end
-
-%post --nochroot --logfile=/mnt/sysimage/root/base-initial-setup-gnome.log
-
-truncate -s 0 /mnt/sysimage/usr/share/gnome-initial-setup/vendor.conf # remove content of vendor.conf so that all options are made available
-
-## Append lines to existing vendor.conf file, so that options are skipped upon reboot
-cat >> /mnt/sysimage/usr/share/gnome-initial-setup/vendor.conf<< EOF
-[pages]
-skip=privacy
-[goa]
-providers=local-first!
-EOF
-
-%end
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --nochroot --logfile=/mnt/sysimage/root/base-desktop-gnome.log
 
@@ -157,7 +134,6 @@ generic-release-notes
 glibc
 gnome-backgrounds.noarch
 gnome-control-center
-gnome-initial-setup
 gnome-shell
 gnome-terminal
 hostname

dishes/virtual-server-hypervisor.cfg

@@ -3,9 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
-# Run the Setup Agent on first boot
-firstboot --reconfig
+firewall --enabled --service=ssh
 # Keyboard layouts
 keyboard --xlayouts='ch (fr)'
 # System language
@@ -17,7 +15,7 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 # Root password
-rootpw --iscrypted --lock locked
+rootpw --plaintext --allow-ssh 1234
 # SELinux configuration
 selinux --disabled
 # System services
@@ -35,14 +33,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
-
-%post --logfile=/mnt/sysimage/root/post.log
-
-localectl set-keymap ch-fr # Set keymap to `ch-fr`. Alternatively, `us` can be picked.
-dnf update -y # Update the system 
-
-%end
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --nochroot --logfile=/mnt/sysimage/root/base-hypervisor.log
 
@@ -98,7 +89,6 @@ generic-release-common
 generic-release-notes
 glibc
 hostname
-initial-setup
 iproute
 iputils
 kbd

dishes/virtual-server.cfg

@@ -2,46 +2,96 @@
 #version=DEVEL
 # Use text mode install
 text
+# Firewall configuration
+firewall --enabled --service=ssh
 # Keyboard layouts
 keyboard --xlayouts='ch (fr)'
 # System language
 lang en_US.UTF-8
+# Network information
+network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
 # Shutdown after installation
 shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 # Root password
-rootpw --plaintext 1234 # Root account is enabled with weak password
+rootpw --plaintext --allow-ssh 1234
+# SELinux configuration
+selinux --disabled
+# System services
+services --enabled="NetworkManager,systemd-resolved"
 # System timezone
 timezone Europe/Zurich --utc
 # Use network installation
 url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
 # System bootloader configuration
-bootloader --sdboot
+bootloader --location=mbr --timeout=1
 # Clear the Master Boot Record
 zerombr
 # Partition clearing information
 clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
-part / --fstype="ext4" --grow --label=root
+part /boot --fstype="ext4" --size=512 --label=boot
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
-%packages --nocore --inst-langs=en --exclude-weakdeps
+%packages --exclude-weakdeps
+NetworkManager
+NetworkManager-config-connectivity-fedora
+audit
 basesystem
 bash
+coreutils
+curl
+dhcp-client
+dnf5
+dnf5-plugins
 dracut
+dracut-config-rescue
+e2fsprogs
 fedora-remix-logos
 filesystem
+firewalld
+fwupd
 generic-logos
 generic-release
 generic-release-common
 generic-release-notes
 glibc
+hostname
+iproute
+iputils
+kbd
 kernel
+less
+libusb
+man-db
+nano
+ncurses
+openssh-clients
+openssh-server
+parted
+pciutils
+plymouth
+policycoreutils
+prefixdevname
+procps-ng
+qemu-guest-agent
 rootfiles
 rpm
+selinux-policy-targeted
 setup
+shadow-utils
+spice-vdagent
+sssd-common
+sssd-kcm
+sudo
 systemd
+systemd-resolved
+usbutils
+util-linux
+vim-minimal
+wget
 zram-generator-defaults
 
 %end

ingredients/core-bootloader-systemd-boot.cfg

@@ -1 +1 @@
-bootloader --sdboot --timeout=1 # Use systemd-boot and set a timeout to 1
+bootloader --sdboot --location=mbr --timeout=1 # Use systemd-boot and set a timeout to 1

ingredients/core-initial-setup-desktop.cfg

@@ -1,4 +1,4 @@
-firstboot --reconfig # Initial Setup will start after the first reboot
+firstboot --enable --reconfig # Initial Setup will start after the first reboot
 
 %packages --exclude-weakdeps # Beginning of the packages section. Do not include weak dependencies.
 

ingredients/core-initial-setup-server.cfg

@@ -1,4 +1,4 @@
-firstboot --reconfig # Enable the Setup Agent to start at boot time in reconfiguration mode. This mode enables the language, mouse, keyboard, root password, security level, time zone, and networking configuration options in addition to the default ones
+firstboot --enable --reconfig # Enable the Setup Agent to start at boot time in reconfiguration mode. This mode enables the language, mouse, keyboard, root password, security level, time zone, and networking configuration options in addition to the default ones
 
 %packages --exclude-weakdeps # Beginning of the packages section. Do not include weak dependencies
 

ingredients/core-packages-default.cfg

@@ -0,0 +1,23 @@
+%packages --exclude-weakdeps # Beginning of the package section. Does not include weak dependencies. Description courtesy of the Fedora project
+
+# Default packages fom core dnf group not marked as mandatory (`dnf group info --hidden core`)
+NetworkManager # Network connection manager and user applications
+NetworkManager-config-connectivity-fedora # NetworkManager config file for connectivity checking via Fedora servers
+dnf5-plugins # Plugins for dnf5
+dracut-config-rescue # dracut configuration to turn on rescue image generation
+firewalld # A firewall daemon with D-Bus interface providing a dynamic firewall
+fwupd # Firmware update daemon
+plymouth # Graphical Boot Animation and Logger
+prefixdevname # Udev helper utility that provides network interface naming using user defined prefix
+systemd-resolved # Network Name Resolution manager
+zram-generator-defaults # Default configuration for zram-generator
+
+# Hand-picked packages
+pciutils # PCI bus related utilities
+libusb # Library for accessing USB devices
+usbutils # Linux USB utilities
+curl # transfer a URL
+wget # An advanced file and recursive website downloader
+nano # A small text editor
+
+%end # End of the packages section

ingredients/core-packages-mandatory.cfg

@@ -0,0 +1,58 @@
+#            __          ____                        ____  _____
+#     ____  / /_  __  __/ / /___  ____ ___  ___     / __ \/ ___/
+#    / __ \/ __ \/ / / / / / __ \/ __ `__ \/ _ \   / / / /\__ \
+#   / /_/ / / / / /_/ / / / /_/ / / / / / /  __/  / /_/ /___/ /
+#  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
+# /_/          /____/
+#
+# Provides the mandatory packages that are part of the core DNF group
+# More information: https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#id240
+
+%packages --ignoremissing --nocore --exclude-weakdeps # Beginning of the package section. Does not include weak dependencies. Description courtesy of the Fedora project
+
+# Mandatory packages found in hidden `core` group (`dnf group info --hidden core`)
+audit # User space tools for kernel auditing
+basesystem # The skeleton package which defines a simple Fedora system
+bash # The Bourne Again SHell, a command-line interpreter.
+coreutils # A set of basic GNU tools commonly used in shell scripts
+curl # A utility for getting files from remote servers (FTP, HTTP, and others)
+dhcp-client # Provides the ISC DHCP client daemon and dhclient-script
+dnf5 # Command-line package manager
+dracut # Initramfs generator using udev
+e2fsprogs # Utilities for managing ext2, ext3, and ext4 file systems
+filesystem # The basic directory layout for a Linux system
+glibc # The GNU libc libraries
+hostname # Utility to set/show the host name or domain name
+iproute # Advanced IP routing and network device configuration tools
+iputils # Network monitoring tools including ping
+kbd # Tools for configuring the console (keyboard, virtual terminals, etc.)
+kernel # The Linux kernel
+less # A text file browser similar to more, but better. Can be excluded
+man-db # Tools for searching and reading man pages. Can be excluded
+ncurses # Ncurses support utilities
+openssh-clients # An open source SSH client applications. Can be excluded
+openssh-server # An open source SSH server daemon. Can be excluded
+parted # The GNU disk partition manipulation program
+policycoreutils # SELinux policy core utilities. Can be excluded
+procps-ng # System and process monitoring utilities
+rootfiles # The basic required files for the root user's directory
+rpm # The RPM package management system
+selinux-policy-targeted # SELinux targeted policy. Can be excluded
+setup # A set of system configuration and setup files
+shadow-utils # Utilities for managing accounts and shadow password files
+sssd-common # Common files for the SSSD. Can be excluded
+sssd-kcm # An implementation of a Kerberos KCM server. Can be excluded
+sudo # Allows restricted root access for specified users
+systemd # System and Service Manager
+util-linux # Collection of basic system utilities
+vim-minimal # A minimal version of the VIM editor
+
+# Packages to make Phyllome OS a generic distro
+# Adds packages to comply with Fedora Remix legal guidelines: https://fedoraproject.org/wiki/Remix 
+fedora-remix-logos # Fedora Remix logos
+generic-release # Generic release files
+generic-logos # Icons and pictures
+generic-release-common # Generic release files
+generic-release-notes # Release Notes
+
+%end # End of the packages section

ingredients/core-packages.cfg

@@ -1,64 +0,0 @@
-#            __          ____                        ____  _____
-#     ____  / /_  __  __/ / /___  ____ ___  ___     / __ \/ ___/
-#    / __ \/ __ \/ / / / / / __ \/ __ `__ \/ _ \   / / / /\__ \
-#   / /_/ / / / / /_/ / / / /_/ / / / / / /  __/  / /_/ /___/ /
-#  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
-# /_/          /____/
-#
-# Provides the mandatory packages that are part of the core DNF group
-# More information: https://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#id240
-
-%packages --excludedocs --inst-langs=en --nocore --exclude-weakdeps # Beginning of the package section. Does not include weak dependencies. Description courtesy of the Fedora project
-
-# Mandatory packages found in hidden `core` group (`dnf group info --hidden core`)
-basesystem # The skeleton package which defines a simple Fedora system
-bash # The Bourne Again SHell, a command-line interpreter.
-curl # A utility for getting files from remote servers (FTP, HTTP, and others)
-# dhcp-client # Provides the ISC DHCP client daemon and dhclient-script
-dnf5 # Command-line package manager
-dracut # Initramfs generator using udev
-filesystem # The basic directory layout for a Linux system
-glibc # The GNU libc libraries
-# hostname # Utility to set/show the host name or domain name
-# iproute # Advanced IP routing and network device configuration tools
-# iputils # Network monitoring tools including ping
-# kbd # Tools for configuring the console (keyboard, virtual terminals, etc.)
-kernel # The Linux kernel
-# ncurses # Ncurses support utilities
-# parted # The GNU disk partition manipulation program
-# procps-ng # System and process monitoring utilities
-rootfiles # The basic required files for the root user's directory
-rpm # The RPM package management system
-setup # A set of system configuration and setup files
-shadow-utils # Utilities for managing accounts and shadow password files
-systemd # System and Service Manager
-# util-linux # Collection of basic system utilities
-
-# Default packages fom core dnf group not marked as mandatory (`dnf group info --hidden core`)
-# NetworkManager # Network connection manager and user applications
-# NetworkManager-config-connectivity-fedora # NetworkManager config file for connectivity checking via Fedora servers
-# dnf5-plugins # Plugins for dnf5
-# dracut-config-rescue # dracut configuration to turn on rescue image generation
-# firewalld # A firewall daemon with D-Bus interface providing a dynamic firewall
-# fwupd # Firmware update daemon
-# plymouth # Graphical Boot Animation and Logger
-# prefixdevname # Udev helper utility that provides network interface naming using user defined prefix
-# systemd-resolved # Network Name Resolution manager
-zram-generator-defaults # Default configuration for zram-generator
-
-# Hand-picked packages
-# pciutils # PCI bus related utilities
-# libusb # Library for accessing USB devices
-# usbutils # Linux USB utilities
-# wget # An advanced file and recursive website downloader
-# nano # A small text editor
-
-# Packages to make Phyllome OS a generic distro
-# Adds packages to comply with Fedora Remix legal guidelines: https://fedoraproject.org/wiki/Remix 
-fedora-remix-logos # Fedora Remix logos
-generic-release # Generic release files
-generic-logos # Icons and pictures
-generic-release-common # Generic release files
-generic-release-notes # Release Notes
-
-%end # End of the packages section

ingredients/core-security-off.cfg

@@ -1,3 +1,3 @@
-rootpw --lock --iscrypted locked # Lock the root account. Can still be undone by end-user during initial setup
-selinux --disabled # Disable SELinux ; other option: --enable
-firewall --disabled # Disable firewall
+rootpw --plaintext 1234 --allow-ssh # Root account is enabled with weak password and allow ssh
+selinux --disabled # Disable SELinux
+firewall --enabled --ssh # Reject incoming connections that are not in response to outbound requests except SSH

ingredients/core-security-on.cfg

@@ -1,3 +1,3 @@
-rootpw --lock --iscrypted locked # Lock the root account. Can still be undone by end-user during initial setup
-selinux --enabled # Enable SELinux ; other option: --disabled
+rootpw --lock # No root login from the console
+selinux --enforcing # Set SELinux to enforcing mode
 firewall --enabled # Enable firewall

ingredients/core-storage.cfg

@@ -3,4 +3,4 @@ clearpart --all --initlabel # Erase all partitions and Initializes the disk labe
 
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi # Creates a 2 GB EFI system partition
 part /boot --fstype="ext4" --size=512 --label=boot # Creates a 512 MiB ext4 boot partition
-part / --fstype="ext4" --grow --label=root # Create a single root partition with the remaining space
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit" # Create a single root partition with the remaining space

recipes/desktop-hypervisor-amdcpu.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/core-storage.cfg # Storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/desktop-hypervisor-intelcpu-intelgpu.cfg

@@ -12,7 +12,7 @@
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/desktop-hypervisor-intelcpu.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/desktop-hypervisor.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/desktop.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/live-desktop-hypervisor.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/live-core-storage.cfg # For live systems only
 %include ../ingredients/live-core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/live-desktop.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/live-core-storage.cfg # For live systems only
 %include ../ingredients/live-core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/live-server-hypervisor.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/live-core-storage.cfg # For live systems only
 %include ../ingredients/live-core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/live-server.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/live-core-storage.cfg # For live systems only
 %include ../ingredients/live-core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/virtual-desktop-hypervisor.cfg

@@ -5,13 +5,13 @@
 #  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
 # /_/          /____/
 
-# A recipe for virtual desktop hypervisor
+# Unsafe. Development-only. A recipe for a virtual desktop hypervisor
 
 %include ../ingredients/core.cfg # Text mode
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-off.cfg # Enable root account, disable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/virtual-desktop.cfg

@@ -5,13 +5,13 @@
 #  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
 # /_/          /____/
 
-# A recipe for a virtual desktop
+# Unsafe. Development-only. A recipe for a virtual desktop
 
 %include ../ingredients/core.cfg # Text mode
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-off.cfg # Enable root account, disable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/virtual-nano.cfg

@@ -1,16 +0,0 @@
-#            __          ____                        ____  _____
-#     ____  / /_  __  __/ / /___  ____ ___  ___     / __ \/ ___/
-#    / __ \/ __ \/ / / / / / __ \/ __ `__ \/ _ \   / / / /\__ \
-#   / /_/ / / / / /_/ / / / /_/ / / / / / /  __/  / /_/ /___/ /
-#  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
-# /_/          /____/
-
-# A recipe for a virtual server
-
-%include ../ingredients/core.cfg # Text mode
-%include ../ingredients/core-storage.cfg # ext4-based storage configuration
-%include ../ingredients/core-bootloader-systemd-boot.cfg # Set bootloader to sdboot
-%include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
-%include ../ingredients/core-packages.cfg # Mandatory packages 
-%include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora

recipes/virtual-server-hypervisor.cfg

@@ -5,13 +5,13 @@
 #  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
 # /_/          /____/
 
-# A recipe for a virtual headless hypervisor
+# # Unsafe. Development-only. A recipe for a virtual headless hypervisor
 
 %include ../ingredients/core.cfg # Text mode
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-off.cfg # Enable root account, disable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/virtual-server.cfg

@@ -5,18 +5,16 @@
 #  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
 # /_/          /____/
 
-# A recipe for a virtual desktop
+# # Unsafe. Development-only. A recipe for a virtual server
 
 %include ../ingredients/core.cfg # Text mode
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-off.cfg # Enable root account, disable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
 %include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
-%include ../ingredients/core-post.cfg # Triggered after the installation
-%include ../ingredients/core-initial-setup-server.cfg # For headless systems
 %include ../ingredients/base-guest-agents.cfg # Guest agents