Merge pull request 'Add local ISO detection functionality to deploy-distro.sh' (#4) from local-iso into main

Reviewed-on: #4

.gitignore

@@ -1 +1,3 @@
 .aider*
+# dishes/
+# !dishes/

dishes/desktop-hypervisor-amdcpu.cfg

@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -17,9 +17,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --iscrypted --lock locked
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
@@ -37,7 +37,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --logfile=/mnt/sysimage/root/post.log
 

dishes/desktop-hypervisor-intelcpu-intelgpu.cfg

@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -17,9 +17,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --iscrypted --lock locked
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
@@ -37,7 +37,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --logfile=/mnt/sysimage/root/post.log
 

dishes/desktop-hypervisor-intelcpu.cfg

@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -17,9 +17,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --iscrypted --lock locked
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
@@ -37,7 +37,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --logfile=/mnt/sysimage/root/post.log
 

dishes/desktop-hypervisor.cfg

@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -17,9 +17,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --iscrypted --lock locked
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone
@@ -37,7 +37,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --logfile=/mnt/sysimage/root/post.log
 

dishes/desktop.cfg

@@ -3,7 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -17,9 +17,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --iscrypted --lock locked
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved"
 # System timezone
@@ -37,7 +37,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --logfile=/mnt/sysimage/root/post.log
 

dishes/live-desktop-hypervisor.cfg

@@ -1,7 +1,7 @@
 # Generated by pykickstart v3.62
 #version=DEVEL
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -15,9 +15,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --iscrypted --lock locked
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone

dishes/live-desktop.cfg

@@ -1,7 +1,7 @@
 # Generated by pykickstart v3.62
 #version=DEVEL
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -15,9 +15,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --iscrypted --lock locked
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved"
 # System timezone

dishes/live-server-hypervisor.cfg

@@ -1,7 +1,7 @@
 # Generated by pykickstart v3.62
 #version=DEVEL
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -15,9 +15,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --iscrypted --lock locked
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved,libvirtd"
 # System timezone

dishes/live-server.cfg

@@ -1,7 +1,7 @@
 # Generated by pykickstart v3.62
 #version=DEVEL
 # Firewall configuration
-firewall --disabled
+firewall --enabled
 # Run the Setup Agent on first boot
 firstboot --reconfig
 # Keyboard layouts
@@ -15,9 +15,9 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 #Root password
-rootpw --iscrypted --lock locked
+rootpw --lock
 # SELinux configuration
-selinux --disabled
+selinux --enforcing
 # System services
 services --enabled="NetworkManager,systemd-resolved"
 # System timezone

dishes/virtual-desktop-hypervisor.cfg

@@ -3,9 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
-# Run the Setup Agent on first boot
-firstboot --reconfig
+firewall --enabled --service=ssh
 # Keyboard layouts
 keyboard --xlayouts='ch (fr)'
 # System language
@@ -17,7 +15,7 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 # Root password
-rootpw --iscrypted --lock locked
+rootpw --plaintext --allow-ssh 1234
 # SELinux configuration
 selinux --disabled
 # System services
@@ -37,28 +35,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
-
-%post --logfile=/mnt/sysimage/root/post.log
-
-localectl set-keymap ch-fr # Set keymap to `ch-fr`. Alternatively, `us` can be picked.
-dnf update -y # Update the system 
-
-%end
-
-%post --nochroot --logfile=/mnt/sysimage/root/base-initial-setup-gnome.log
-
-truncate -s 0 /mnt/sysimage/usr/share/gnome-initial-setup/vendor.conf # remove content of vendor.conf so that all options are made available
-
-## Append lines to existing vendor.conf file, so that options are skipped upon reboot
-cat >> /mnt/sysimage/usr/share/gnome-initial-setup/vendor.conf<< EOF
-[pages]
-skip=privacy
-[goa]
-providers=local-first!
-EOF
-
-%end
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --nochroot --logfile=/mnt/sysimage/root/base-desktop-gnome.log
 
@@ -250,7 +227,6 @@ generic-release-notes
 glibc
 gnome-backgrounds.noarch
 gnome-control-center
-gnome-initial-setup
 gnome-shell
 gnome-terminal
 hostname

dishes/virtual-desktop.cfg

@@ -3,9 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
-# Run the Setup Agent on first boot
-firstboot --reconfig
+firewall --enabled --service=ssh
 # Keyboard layouts
 keyboard --xlayouts='ch (fr)'
 # System language
@@ -17,7 +15,7 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 # Root password
-rootpw --iscrypted --lock locked
+rootpw --plaintext --allow-ssh 1234
 # SELinux configuration
 selinux --disabled
 # System services
@@ -37,28 +35,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
-
-%post --logfile=/mnt/sysimage/root/post.log
-
-localectl set-keymap ch-fr # Set keymap to `ch-fr`. Alternatively, `us` can be picked.
-dnf update -y # Update the system 
-
-%end
-
-%post --nochroot --logfile=/mnt/sysimage/root/base-initial-setup-gnome.log
-
-truncate -s 0 /mnt/sysimage/usr/share/gnome-initial-setup/vendor.conf # remove content of vendor.conf so that all options are made available
-
-## Append lines to existing vendor.conf file, so that options are skipped upon reboot
-cat >> /mnt/sysimage/usr/share/gnome-initial-setup/vendor.conf<< EOF
-[pages]
-skip=privacy
-[goa]
-providers=local-first!
-EOF
-
-%end
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --nochroot --logfile=/mnt/sysimage/root/base-desktop-gnome.log
 
@@ -157,7 +134,6 @@ generic-release-notes
 glibc
 gnome-backgrounds.noarch
 gnome-control-center
-gnome-initial-setup
 gnome-shell
 gnome-terminal
 hostname

dishes/virtual-nano.cfg

@@ -1,87 +0,0 @@
-# Generated by pykickstart v3.62
-#version=DEVEL
-# Use text mode install
-text
-# Firewall configuration
-firewall --disabled
-# Run the Setup Agent on first boot
-firstboot --reconfig
-# Keyboard layouts
-keyboard --xlayouts='ch (fr)'
-# System language
-lang en_US.UTF-8
-# Network information
-network  --bootproto=dhcp --device=link --hostname=phyllome-alpha --activate
-# Shutdown after installation
-shutdown
-repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
-repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
-# Root password
-rootpw --iscrypted --lock locked
-# SELinux configuration
-selinux --disabled
-# System services
-services --enabled="NetworkManager,systemd-resolved"
-# System timezone
-timezone Europe/Zurich --utc
-# Use network installation
-url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64"
-# System bootloader configuration
-bootloader --location=mbr --timeout=1
-# Clear the Master Boot Record
-zerombr
-# Partition clearing information
-clearpart --all --initlabel
-# Disk partitioning information
-part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
-part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
-
-%post --logfile=/mnt/sysimage/root/post.log
-
-localectl set-keymap ch-fr # Set keymap to `ch-fr`. Alternatively, `us` can be picked.
-dnf update -y # Update the system 
-
-%end
-
-%packages --exclude-weakdeps
-basesystem
-bash
-curl
-dhcp-client
-dnf5
-dracut
-filesystem
-glibc
-hostname
-initial-setup
-iproute
-iputils
-kbd
-kernel
-ncurses
-parted
-procps-ng
-qemu-guest-agent
-rootfiles
-rpm
-setup
-shadow-utils
-spice-vdagent
-systemd
-util-linux
--audit
--coreutils
--e2fsprogs
--less
--man-db
--openssh-clients
--openssh-server
--policycoreutils
--selinux-policy-targeted
--sssd-common
--sssd-kcm
--sudo
--vim-minimal
-
-%end

dishes/virtual-server-hypervisor.cfg

@@ -3,9 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
-# Run the Setup Agent on first boot
-firstboot --reconfig
+firewall --enabled --service=ssh
 # Keyboard layouts
 keyboard --xlayouts='ch (fr)'
 # System language
@@ -17,7 +15,7 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 # Root password
-rootpw --iscrypted --lock locked
+rootpw --plaintext --allow-ssh 1234
 # SELinux configuration
 selinux --disabled
 # System services
@@ -35,14 +33,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
-
-%post --logfile=/mnt/sysimage/root/post.log
-
-localectl set-keymap ch-fr # Set keymap to `ch-fr`. Alternatively, `us` can be picked.
-dnf update -y # Update the system 
-
-%end
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %post --nochroot --logfile=/mnt/sysimage/root/base-hypervisor.log
 
@@ -98,7 +89,6 @@ generic-release-common
 generic-release-notes
 glibc
 hostname
-initial-setup
 iproute
 iputils
 kbd

dishes/virtual-server.cfg

@@ -3,9 +3,7 @@
 # Use text mode install
 text
 # Firewall configuration
-firewall --disabled
-# Run the Setup Agent on first boot
-firstboot --reconfig
+firewall --enabled --service=ssh
 # Keyboard layouts
 keyboard --xlayouts='ch (fr)'
 # System language
@@ -17,7 +15,7 @@ shutdown
 repo --name="fedora" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-43&arch=x86_64
 repo --name="updates" --mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f43&arch=x86_64
 # Root password
-rootpw --iscrypted --lock locked
+rootpw --plaintext --allow-ssh 1234
 # SELinux configuration
 selinux --disabled
 # System services
@@ -35,14 +33,7 @@ clearpart --all --initlabel
 # Disk partitioning information
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi
 part /boot --fstype="ext4" --size=512 --label=boot
-part / --fstype="ext4" --grow --label=root
-
-%post --logfile=/mnt/sysimage/root/post.log
-
-localectl set-keymap ch-fr # Set keymap to `ch-fr`. Alternatively, `us` can be picked.
-dnf update -y # Update the system 
-
-%end
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit"
 
 %packages --exclude-weakdeps
 NetworkManager
@@ -68,7 +59,6 @@ generic-release-common
 generic-release-notes
 glibc
 hostname
-initial-setup
 iproute
 iputils
 kbd

ingredients/core-initial-setup-desktop.cfg

@@ -1,4 +1,4 @@
-firstboot --reconfig # Initial Setup will start after the first reboot
+firstboot --enable --reconfig # Initial Setup will start after the first reboot
 
 %packages --exclude-weakdeps # Beginning of the packages section. Do not include weak dependencies.
 

ingredients/core-initial-setup-server.cfg

@@ -1,4 +1,4 @@
-firstboot --reconfig # Enable the Setup Agent to start at boot time in reconfiguration mode. This mode enables the language, mouse, keyboard, root password, security level, time zone, and networking configuration options in addition to the default ones
+firstboot --enable --reconfig # Enable the Setup Agent to start at boot time in reconfiguration mode. This mode enables the language, mouse, keyboard, root password, security level, time zone, and networking configuration options in addition to the default ones
 
 %packages --exclude-weakdeps # Beginning of the packages section. Do not include weak dependencies
 

ingredients/core-packages-mandatory-trimming-attempt.cfg

@@ -1,48 +0,0 @@
-#            __          ____                        ____  _____
-#     ____  / /_  __  __/ / /___  ____ ___  ___     / __ \/ ___/
-#    / __ \/ __ \/ / / / / / __ \/ __ `__ \/ _ \   / / / /\__ \
-#   / /_/ / / / / /_/ / / / /_/ / / / / / /  __/  / /_/ /___/ /
-#  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
-# /_/          /____/
-#
-# Provides the mandatory packages that are part of the core DNF group
-
-%packages --exclude-weakdeps # Beginning of the package section. Does not include weak dependencies. Description courtesy of the Fedora project
-
--audit # User space tools for kernel auditing
-basesystem # The skeleton package which defines a simple Fedora system
-bash # The Bourne Again SHell, a command-line interpreter.
--coreutils # A set of basic GNU tools commonly used in shell scripts
-curl # A utility for getting files from remote servers (FTP, HTTP, and others)
-dhcp-client # Provides the ISC DHCP client daemon and dhclient-script
-dnf5 # Command-line package manager
-dracut # Initramfs generator using udev
--e2fsprogs # Utilities for managing ext2, ext3, and ext4 file systems
-filesystem # The basic directory layout for a Linux system
-glibc # The GNU libc libraries
-hostname # Utility to set/show the host name or domain name
-iproute # Advanced IP routing and network device configuration tools
-iputils # Network monitoring tools including ping
-kbd # Tools for configuring the console (keyboard, virtual terminals, etc.)
-kernel # The Linux kernel
--less # A text file browser similar to more, but better. Can be excluded
--man-db # Tools for searching and reading man pages. Can be excluded
-ncurses # Ncurses support utilities
--openssh-clients # An open source SSH client applications. Can be excluded
--openssh-server # An open source SSH server daemon. Can be excluded
-parted # The GNU disk partition manipulation program
--policycoreutils # SELinux policy core utilities. Can be excluded
-procps-ng # System and process monitoring utilities
-rootfiles # The basic required files for the root user's directory
-rpm # The RPM package management system
--selinux-policy-targeted # SELinux targeted policy. Can be excluded
-setup # A set of system configuration and setup files
-shadow-utils # Utilities for managing accounts and shadow password files
--sssd-common # Common files for the SSSD. Can be excluded
--sssd-kcm # An implementation of a Kerberos KCM server. Can be excluded
--sudo # Allows restricted root access for specified users
-systemd # System and Service Manager
-util-linux # Collection of basic system utilities
--vim-minimal # A minimal version of the VIM editor
-
-%end # End of the packages section

ingredients/core-security-off.cfg

@@ -1,3 +1,3 @@
-rootpw --lock --iscrypted locked # Lock the root account. Can still be undone by end-user during initial setup
-selinux --disabled # Disable SELinux ; other option: --enable
-firewall --disabled # Disable firewall
+rootpw --plaintext 1234 --allow-ssh # Root account is enabled with weak password and allow ssh
+selinux --disabled # Disable SELinux
+firewall --enabled --ssh # Reject incoming connections that are not in response to outbound requests except SSH

ingredients/core-security-on.cfg

@@ -1,3 +1,3 @@
-rootpw --lock --iscrypted locked # Lock the root account. Can still be undone by end-user during initial setup
-selinux --enabled # Enable SELinux ; other option: --disabled
+rootpw --lock # No root login from the console
+selinux --enforcing # Set SELinux to enforcing mode
 firewall --enabled # Enable firewall

ingredients/core-storage.cfg

@@ -3,4 +3,4 @@ clearpart --all --initlabel # Erase all partitions and Initializes the disk labe
 
 part /boot/efi --fstype="efi" --size=2048 --fsoptions="umask=0077,shortname=winnt" --label=efi # Creates a 2 GB EFI system partition
 part /boot --fstype="ext4" --size=512 --label=boot # Creates a 512 MiB ext4 boot partition
-part / --fstype="ext4" --grow --label=root # Create a single root partition with the remaining space
+part / --fstype="ext4" --grow --label=root --mkfsoptions="-O encrypt,fast_commit" # Create a single root partition with the remaining space

recipes/desktop-hypervisor-amdcpu.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/core-storage.cfg # Storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/desktop-hypervisor-intelcpu-intelgpu.cfg

@@ -12,7 +12,7 @@
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/desktop-hypervisor-intelcpu.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/desktop-hypervisor.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/desktop.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/live-desktop-hypervisor.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/live-core-storage.cfg # For live systems only
 %include ../ingredients/live-core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/live-desktop.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/live-core-storage.cfg # For live systems only
 %include ../ingredients/live-core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/live-server-hypervisor.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/live-core-storage.cfg # For live systems only
 %include ../ingredients/live-core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/live-server.cfg

@@ -11,7 +11,7 @@
 %include ../ingredients/live-core-storage.cfg # For live systems only
 %include ../ingredients/live-core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-on.cfg # Lock root account, enable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 

recipes/virtual-desktop-hypervisor.cfg

@@ -5,20 +5,18 @@
 #  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
 # /_/          /____/
 
-# A recipe for virtual desktop hypervisor
+# Unsafe. Development-only. A recipe for a virtual desktop hypervisor
 
 %include ../ingredients/core.cfg # Text mode
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-off.cfg # Enable root account, disable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
 %include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
-%include ../ingredients/core-post.cfg # Triggered after the installation
-%include ../ingredients/core-initial-setup-desktop.cfg # OEM setup for GNOME Shell
 %include ../ingredients/base-desktop-gnome.cfg # A GNOME Shell-based desktop environment
 %include ../ingredients/base-desktop-virtual-machine-manager.cfg # Virtual Machine Manager
 %include ../ingredients/base-hypervisor.cfg # Base hypervisor

recipes/virtual-desktop.cfg

@@ -5,19 +5,17 @@
 #  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
 # /_/          /____/
 
-# A recipe for a virtual desktop
+# Unsafe. Development-only. A recipe for a virtual desktop
 
 %include ../ingredients/core.cfg # Text mode
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-off.cfg # Enable root account, disable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
 %include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
-%include ../ingredients/core-post.cfg # Triggered after the installation
-%include ../ingredients/core-initial-setup-desktop.cfg # OEM setup for GNOME Shell
 %include ../ingredients/base-desktop-gnome.cfg # A GNOME Shell-based desktop environment
 %include ../ingredients/base-guest-agents.cfg # Guest agents

recipes/virtual-nano.cfg

@@ -1,21 +0,0 @@
-#            __          ____                        ____  _____
-#     ____  / /_  __  __/ / /___  ____ ___  ___     / __ \/ ___/
-#    / __ \/ __ \/ / / / / / __ \/ __ `__ \/ _ \   / / / /\__ \
-#   / /_/ / / / / /_/ / / / /_/ / / / / / /  __/  / /_/ /___/ /
-#  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
-# /_/          /____/
-
-# A recipe for a virtual a very small nano server
-
-%include ../ingredients/core.cfg # Text mode
-%include ../ingredients/core-storage.cfg # ext4-based storage configuration
-%include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
-%include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
-%include ../ingredients/core-services.cfg # Required systemd services
-%include ../ingredients/core-network.cfg # Network configuration
-%include ../ingredients/core-packages-mandatory-trimming-attempt.cfg # Trimming attempt for the mandatory packages 
-%include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
-%include ../ingredients/core-post.cfg # Triggered after the installation
-%include ../ingredients/core-initial-setup-server.cfg # For headless systems
-%include ../ingredients/base-guest-agents.cfg # Guest agents

recipes/virtual-server-hypervisor.cfg

@@ -5,19 +5,17 @@
 #  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
 # /_/          /____/
 
-# A recipe for a virtual headless hypervisor
+# # Unsafe. Development-only. A recipe for a virtual headless hypervisor
 
 %include ../ingredients/core.cfg # Text mode
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-off.cfg # Enable root account, disable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
 %include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
-%include ../ingredients/core-post.cfg # Triggered after the installation
-%include ../ingredients/core-initial-setup-server.cfg # For headless systems
 %include ../ingredients/base-hypervisor.cfg # Base hypervisor
 %include ../ingredients/base-guest-agents.cfg # Guest agents

recipes/virtual-server.cfg

@@ -5,18 +5,16 @@
 #  / .___/_/ /_/\__, /_/_/\____/_/ /_/ /_/\___/   \____//____/
 # /_/          /____/
 
-# A recipe for a virtual desktop
+# # Unsafe. Development-only. A recipe for a virtual server
 
 %include ../ingredients/core.cfg # Text mode
 %include ../ingredients/core-storage.cfg # ext4-based storage configuration
 %include ../ingredients/core-bootloader-grub.cfg # Set bootloader to GRUB
 %include ../ingredients/core-locale.cfg # System locale set to Swiss French as keyboard layout and English as language
-%include ../ingredients/core-security-off.cfg # Lock root account, disable firewall and SELinux
+%include ../ingredients/core-security-off.cfg # Enable root account, disable firewall and SELinux
 %include ../ingredients/core-services.cfg # Required systemd services
 %include ../ingredients/core-network.cfg # Network configuration
 %include ../ingredients/core-packages-mandatory.cfg # Mandatory packages 
 %include ../ingredients/core-packages-default.cfg # Default but not necessary packages
 %include ../ingredients/core-fedora-repo-43.cfg # Offical repositories for Fedora
-%include ../ingredients/core-post.cfg # Triggered after the installation
-%include ../ingredients/core-initial-setup-server.cfg # For headless systems
 %include ../ingredients/base-guest-agents.cfg # Guest agents

scripts/deploy-distro.sh

@@ -4,6 +4,28 @@
 DEFAULT_MEMORY=4096
 DEFAULT_DISK_SIZE=10
 
+# Function to find Fedora ISO
+find_fedora_iso() {
+    local iso_dir="/var/lib/libvirt/isos"
+    local fedora_iso=""
+    
+    # Check if directory exists
+    if [ -d "$iso_dir" ]; then
+        # Find the first Fedora-Server*.iso file
+        fedora_iso=$(find "$iso_dir" -maxdepth 1 -name "Fedora-Server*.iso" -type f | head -n 1)
+        
+        # If found, return the full path
+        if [ -n "$fedora_iso" ] && [ -f "$fedora_iso" ]; then
+            echo "$fedora_iso"
+            return 0
+        fi
+    fi
+    
+    # Return empty if no ISO found
+    echo ""
+    return 1
+}
+
 # Prompt user for VM memory size
 read -r -p "Provide desired VM memory in MB or press Enter to keep default value of $DEFAULT_MEMORY MB): " memory_size
 memory_size=${memory_size:-$DEFAULT_MEMORY}
@@ -98,6 +120,16 @@ vm_name="${dish_name[$((choice - 1))]}"
 # Output the selected filename
 echo "You selected: $vm_name"
 
+# Find Fedora ISO or use default location
+fedora_iso=$(find_fedora_iso)
+if [ -n "$fedora_iso" ]; then
+    location_param="$fedora_iso"
+    echo "Using local ISO: $fedora_iso"
+else
+    location_param="https://download.fedoraproject.org/pub/fedora/linux/releases/43/Everything/x86_64/os/"
+    echo "Using default online repository"
+fi
+
 # virt-install command with user-defined VM name
 virt-install \
     --connect "$uri" \
@@ -129,7 +161,7 @@ virt-install \
     --watchdog none \
     --memballoon none \
     --disk path="${disk_path}/${vm_name}.img",format=raw,bus=virtio,cache=writeback,size="$disk_size" \
-    --location=https://download.fedoraproject.org/pub/fedora/linux/releases/43/Everything/x86_64/os/ \
+    --location="$location_param" \
     --initrd-inject ./dishes/"$vm_name".cfg \
     --extra-args "inst.ks=file:/$vm_name.cfg"