-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathfedora.ks
368 lines (330 loc) · 19.1 KB
/
fedora.ks
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
#version=F34
# URLs and REPOs
url --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=fedora-34&arch=x86_64"
repo --name=fedora-updates --mirrorlist="https://mirrors.fedoraproject.org/mirrorlist?repo=updates-released-f34&arch=x86_64" --cost=0
# RPMFusion Free
repo --name=rpmfusion-free --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-34&arch=x86_64" --includepkgs=rpmfusion-free-release
repo --name=rpmfusion-free-updates --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=free-fedora-updates-released-34&arch=x86_64" --cost=0
repo --name=rpmfusion-free-tainted --mirrorlist="https://mirrors.rpmfusion.org/metalink?repo=free-fedora-tainted-34&arch=x86_64"
# RPMFusion NonFree
repo --name=rpmfusion-nonfree --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-34&arch=x86_64" --includepkgs=rpmfusion-nonfree-release
repo --name=rpmfusion-nonfree-updates --mirrorlist="https://mirrors.rpmfusion.org/mirrorlist?repo=nonfree-fedora-updates-released-34&arch=x86_64" --cost=0
repo --name=rpmfusion-nonfree-tainted --mirrorlist="https://mirrors.rpmfusion.org/metalink?repo=nonfree-fedora-tainted-34&arch=x86_64"
# Negativo17 NVIDIA/CUDA
repo --name=negativo17 --baseurl="https://negativo17.org/repos/nvidia/fedora-34/x86_64/"
# Secure Messenger
repo --name=element --baseurl="https://download.copr.fedorainfracloud.org/results/taw/element/fedora-33-x86_64/"
# Use graphical install
graphical
# Keyboard layouts
keyboard --xlayouts='us (mac)','de (mac)'
# System language
lang de_DE.UTF-8
# Network information
network --bootproto=dhcp --device=enp3s0 --ipv6=auto --activate
network --hostname=fedora34
# X Window System configuration information
# xconfig --defaultdesktop GNOME --startxonboot
# System services
services --enabled=chronyd,sshd
# System timezone
timezone Europe/Berlin --isUtc --ntpservers=0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org,3.pool.ntp.org
# User configuration
# user --groups=wheel --name=fedora --password=PASSWD --iscrypted --gecos="fedora"
# Root password
# ``python -c 'import crypt; print(crypt.crypt("My Password", "$6$My Salt"))'``
# rootpw --iscrypted PASSWD
# SSH Keys (Ed25519 / RSA 4096)
# sshkey --username fedora "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM2uNvCh4aHbk8v/Fty9inxQLpda4z7Vb16Dbn24zTfm"
# sshkey --username root "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM2uNvCh4aHbk8v/Fty9inxQLpda4z7Vb16Dbn24zTfm"
# sshpw --username root --sshkey "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM2uNvCh4aHbk8v/Fty9inxQLpda4z7Vb16Dbn24zTfm" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDrjDqSVdz/vearombs3vomFY+l3VwAesd2BBfQZK51BekjZJlu4Ac6I2w0adf+vXBHMJULluG0Xh21eL0PF2vWkZ6i4yXGcXd/Zdb40HWsFeryKlaWYaLdnjbXKlu9TYkLtNO6le7Oy+BepydzfkPCjepaeHtm/zi/5SxZ+sHfEzCZclf8aYH1yEMGJIMJqJ96rLxfFBmH1RZThq2F7aIObA/sNySrcDZFFOv9i7Kqohqz8kzJwiARCpThBa+jj/3qWd1VyTRk7Sgk0bcgRSZ/zbhkCYGQ5UUr8CxEggvZGvfL7GD4Fb8gUOo4kZe2r5Y6L568BPuGwdfFtN95MJ"
# SELinux is enabled, but only logs things that would be denied in enforcing mode.
# selinux --permissive
# No SELinux policy is loaded.
selinux --disabled
%packages
@workstation-product-environment
@admin-tools
@container-management
@development-tools
@editors
@gnome-desktop
@fonts
@hardware-support
@libreoffice
@office
@sound-and-video
@system-tools
### Gnome
alacarte # Menu editor for the GNOME desktop
evolution # Mail and calendar client for GNOME
gedit # Text editor for the GNOME desktop
gnome-calendar # Simple and beautiful calendar application designed to fit GNOME 3
gnome-clocks # Clock application designed for GNOME 3
gnome-contacts # Contacts manager for GNOME
gnome-online-accounts # Single sign-on framework for GNOME
gnome-terminal # Terminal emulator for GNOME
gnome-tweaks # Customize advanced GNOME 3 options
gnome-usage # A GNOME app to view information about use of system resources
gnome-weather # A weather application for GNOME
nemo # File manager with more options than nautilus. Fork of nautilus.
nemo-audio-tab # Audio tag information extension for Nemo
nemo-compare # Context menu comparison extension for nemo
nemo-extensions # Nemo extensions library
nemo-fileroller # File Roller extension for Nemo
nemo-gsconnect # Nemo smartphone integration
webextension-gsconnect # Webbrowser smartphone integration
nemo-preview # A quick previewer for Nemo
nemo-python # Python scripting extension for Nemo
nemo-seahorse # PGP encryption and signing for Nemo
nemo-search-helpers # Nemo search helpers
seahorse # A GNOME application for managing encryption keys
# seahorse-nautilus # PGP encryption and signing for nautilus
seahorse-sharing # Sharing of PGP public keys via DNS-SD and HKP
soundconverter # SoundConverter
# geary # beautiful mail client, unfortunately without PGP support so far
# gnome-books # E-Book Manager
# gnome-kiosk # Single Application Mode for Gnome
# gnome-firmware # Install firmware on devices
# gnome-maps # Map application for GNOME
# gnome-todo # Personal task manager for GNOME
# gparted # Gnome Partition Editor
### Gnome Shell Extensions
gnome-extensions-app # Manage GNOME Shell extensions
gnome-shell-extension-apps-menu # Application menu for GNOME Shell
gnome-shell-extension-background-logo # Background logo extension for GNOME Shell
gnome-shell-extension-gsconnect # Smartphone integration
gnome-shell-extension-places-menu # Places status menu for GNOME Shell
gnome-shell-extension-system-monitor-applet # A Gnome shell system monitor extension
### Essential Tools
asciinema # recording and sharing terminal sessions
blivet-gui # Tool for data storage configuration
dbus-x11 # necessary for nm-connection-editor
distribution-gpg-keys # GPG keys of various Linux distributions
dnf-automatic # Package manager - automated upgrades
dnf-plugin-system-upgrade # System Upgrade Plugin for DNF
exfat-utils # Utilities for exFAT file system
fdupes # Finds duplicate files in a given set of directories
fedora-release-workstation # Base package for Fedora Workstation-specific default configurations
flatpak # Application deployment framework for desktop apps
keepassxc # Cross-platform password manager
langpacks-de # German langpacks meta-package
langpacks-en # English langpacks meta-package
libgnome-keyring # Framework for managing passwords and other secrets
libheif # .heif, .heic support
libimobiledevice-utils # iOS support
neofetch # CLI system information tool written in Bash
# screenfetch # like neofetch, but not as nice as neofetch, but with disk usage
p7zip # Very high compression ratio file archiver
p7zip-plugins # Additional plugins for p7zip
pam-u2f # Implements PAM authentication over U2F
pamu2fcfg # Configures PAM authentication over U2F
pcsc-lite # PC/SC Lite smart card framework and applications, like https://en.wikipedia.org/wiki/OpenPGP_card
reptyr # Attach a running process to a new terminal
terminator # Multiple GNOME terminals in one window.
tldr # Simplified and community-driven man pages
vim-enhanced # A version of the VIM editor which includes recent enhancements
# baobab # A graphical directory tree analyzer
# distribution-gpg-keys-copr # GPG keys for Copr projects
# nextcloud-client # The Nextcloud Client
# p7zip-gui # 7zG - 7-Zip GUI version
### Internet
# chromium # A WebKit (Blink) powered web browser
chromium-freeworld # Chromium built with all freeworld codecs and VA-API support
element # A decentralized, secure messaging client for collaborative group communication (Riot)
filezilla # FTP, FTPS and SFTP client
firefox # Mozilla Firefox Web browser
freerdp # Free implementation of the Remote Desktop Protocol (RDP)
remmina # Remote Desktop Client (For performance reasons, use `xfreerdp /rfx /gfx:RFX /u:USER /v:SERVER /multimon` instead)
# thunderbird # Mozilla Thunderbird mail/newsgroup client, Obsolete due to numerous bugs in essential functions.
xrdp # Open source remote desktop protocol (RDP) server
xorgxrdp # xorgxrdp is a set of X11 modules that make Xorg act as a backend for xrdp.
# keybase # The Keybase Go client, filesystem, and GUI
# transmission # A lightweight GTK+ BitTorrent client. Does anyone still use torrents?
### Multimedia
audacious # Audio Player (resource-saving)
audacious-plugins-freeworld # MP3 & Co.
# audacity # Multitrack audio editor
audacity-freeworld # Multitrack audio editor WITH mp3 support
clementine # A music player and library organizer
digikam # A digital camera accessing & photo management application
kdenlive # Non-linear video editor
ffmpeg # Digital VCR and streaming server
gimp # GNU Image Manipulation Program
gmic-gimp # Must have gimp plugin
gimp-heif-plugin # A plugin for loading and saving HEIF images
gimp-jxl-plugin # A plugin for loading and saving JPEG-XL images
gimp-lensfun # Gimp plugin to correct lens distortion
gimp-resynthesizer # Gimp plug-in for texture synthesis (magically repairing areas)
gstreamer1* # Issue 3 # GStreamer streaming media framework runtime
gthumb # Image viewer, editor, organizer
HandBrake # An open-source multiplatform video transcoder
HandBrake-gui # HandBrake GUI
inkscape # Vector-based drawing program using SVG
simplescreenrecorder # Simple Screen Recorder is a screen recorder for Linux
vlc # The cross-platform open-source multimedia framework, player and server
youtube-dl # A small command-line program to download online videos
# chromaprint-tools # Chromaprint audio fingerprinting tools
# gydl # GUI wrapper around youtube-dl program
# darktable # Utility to organize and develop raw images
# kid3 # Efficient KDE ID3 tag editor
# krita # Sketching and painting program
# openshot # replaced by kdenlive
# openshot-lang # replaced by kdenlive
# moc # replaced by audacious; music on console (needs a config-file, so run the following command) # echo "TiMidity_Config = /etc/timidity.cfg" >> .moc/config
# obs-studio # Open Broadcaster Software
# picard # MusicBrainz-based audio tagger
### Office
evince # Document viewer
libreoffice # Free Software Productivity Suite
# bijiben # Simple Note Viewer
# calibre # E-book converter and library manager
### Virtualization
guestfs-tools # Tools to access and modify virtual machine disk images
libvirt # Library providing a simple virtualization API
spice-gtk # High performance VM with OpenGL
qemu # QEMU is a FAST! processor emulator
virt-manager # Desktop tool for managing virtual machines via libvirt
### Backup
backintime-qt # Qt frontend for backintime
borgbackup # very efficient tool for encrypted, deduplicated, optionally append-only remote backups.
borgmatic # Simple Python wrapper script for borgbackup
# testdisk # Tool to check and undelete partition, PhotoRec recovers lost files
### Science
plantumlqeditor # UML diagram Editor, latest plantuml version https://plantuml.com/de/download
# texlive-scheme-small # small scheme (most used packages)
texlive-scheme-full # full scheme (everything)
# texworks # A simple IDE for authoring TeX documents
texstudio # A complex IDE for authoring TeX documents
tikzit # Diagram editor for pgf/TikZ
texlive-plantuml # PlantUML diagrams in (Lua)LaTeX
# octave # A high-level language for numerical computations
# R # A language for data analysis and graphics
### Server
# certbot # A free, automated certificate authority client
# python3-certbot-apache # The apache plugin for certbot
# cockpit # Web Console for Linux servers
# cockpit-composer # Composer GUI for use with Cockpit
# cockpit-dashboard # Cockpit remote server dashboard
# cockpit-machines # Cockpit user interface for virtual machines
# cockpit-networkmanager # Cockpit user interface for networking, using NetworkManager
# cockpit-packagekit # Cockpit user interface for packages
# cockpit-storaged # Cockpit user interface for storage, using udisks
# cockpit-system # Cockpit admin interface package for configuring and troubleshooting a system
# postgresql-server # PostgreSQL server
### Development
git-all # Meta-package to pull in all git tools
# autoconf # A GNU tool for automatically configuring source code
# autofs # autofs daemon
# automake # A GNU tool for automatically creating Makefiles
# cachefilesd # CacheFiles user-space management daemon
# colordiff # Color terminal highlighter for diff files
# diffuse # Graphical tool for merging and comparing text files
### Monitoring
bashtop # Linux resource monitor
htop # Interactive process viewer
iftop # Command line tool that displays bandwidth usage on an interface
powertop # Power consumption monitor
nmap # Network exploration tool and security scanner
nutty # Simple utility for network information
# etherape # Graphical network monitor for Unix
# netdata # PCP Monitoring on localhost:19999, https://github.com/netdata/netdata
# nethogs # Network-Monitoring
# stacer # Linux System Optimizer and Monitor
### CD/DVD/BD
# brasero # Gnome CD/DVD burning application
# ddrescue # Data recovery tool trying hard to rescue data in case of read errors
# dvdautho # Make a disc image or burn the disc: this is left to tools like mkisofs and dvd+rw-tools
# dvdisaster # Additional error protection for CD/DVD media
# k3b # CD/DVD/Blu-ray burning application
libaacs # Blu-ray AACS Library
libbdplus # Blu-ray BD+ Library
libbluray-utils # Blu-ray Library
# vcdimager # VideoCD (pre-)mastering and ripping tool
# All Other
sha3sum # SHA3 Hash
icedtea-web # Additional Java components for OpenJDK - Java Web Start implementation
java-openjdk # Java
libtool # The GNU Portable Library Tool
libva-intel* # VAAPI driver and tools
libva-utils # VAAPI driver and tools
libva-vdpau-driver # VAAPI driver and tools
mesa* # Mesa
NetworkManager-* # Network connection manager and user applications
ocl-icd # OpenCL Library (Installable Client Library) Bindings
opencl-* # Useful OpenCL tools and utilities
paperkey # OpenPGP key archiver
playonlinux # Graphical front-end for Wine
snapper # btrfs snapshots (https://dustymabe.com/2019/01/06/fedora-btrfs-snapper---the-fedora-29-edition/)
python3-dnf-plugin-local # Automatically copy all downloaded packages to a repository on the local filesystem and generating repo metadata.
python3-dnf-plugins-extras-snapper #
ssss # Shamir's secret sharing scheme
syncthing # P2P Synchronisation (https://syncthing.net/downloads/)
# usbguard # The USBGuard software framework helps to protect your computer against rogue USB devices by implementing basic whitelisting/blacklisting capabilities based on USB device attributes.
# usbguard-notifier # Notifier for usbguard
vulkan* # Vulkan
# modem-manager-gui # ModemManager GUI
%end
%addon com_redhat_kdump --disable --reserve-mb='128'
%end
%anaconda
# --minquality does not seem to work
pwpolicy root --minlen=10 --minquality=50 --strict --notempty --nochanges
pwpolicy user --minlen=8 --minquality=30 --strict --notempty --nochanges
pwpolicy luks --minlen=10 --minquality=50 --strict --notempty --nochanges
%end
%post
# Repositories
dnf -y install https://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm https://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm https://prerelease.keybase.io/keybase_amd64.rpm
# Element
dnf -y copr enable taw/element
# negativo17 nvidia repository
dnf config-manager --add-repo=https://negativo17.org/repos/fedora-nvidia.repo
# Packages
dnf -y install rpmfusion-free-release-tainted rpmfusion-nonfree-release-tainted --refresh
# NVIDIA
dnf -y install nvidia-driver nvidia-settings
# Signal Desktop as Flatpak
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo && flatpak install -y flathub org.signal.Signal
# Czkawka as Flatpak
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo && flatpak install -y com.github.qarmin.czkawka
# Portfolio Performance
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo && flatpak install -y info.portfolio_performance.PortfolioPerformance
# Enable nemo as file manager (default: only available under cinnamon)
sed -i '/OnlyShowIn=X-Cinnamon/I s/^/#/' /usr/share/applications/nemo.desktop
# Set nemo as default file manager
xdg-mime default nemo.desktop inode/directory application/x-gnome-saved-search
# dnf-automatic security upgrades
# timer configuration: /etc/systemd/system/multi-user.target.wants/dnf-automatic.timer
echo -n '[commands]
upgrade_type = security
random_sleep = 0
download_updates = yes
apply_updates = yes
[emitters]
emit_via = stdio
[email]
email_from = dnf@localhost
email_to = root@localhost
email_host = localhost
[command]
[command_email]
email_from = dnf@localhost
email_to = root@localhost
[base]
debuglevel = 1' > /etc/dnf/automatic.conf;
systemctl enable --now dnf-automatic.timer
# usbguard configuration #
# usbguard generate-policy > rules.conf
# cp rules.conf /etc/usbguard/rules.conf
# chmod 0600 /etc/usbguard/rules.conf
# edit configuration #
# vim /etc/usbguard/usbguard-daemon.conf
# systemctl enable --now usbguard
# enable notifier for user #
# systemctl enable --now --user usbguard-notifier.service
# For every user who wants to use Syncthing.
# systemctl enable --now syncthing@USER.service
%end
# Reboot After Installation
reboot --eject