veilor-org/veilor-os
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions 1
hardened Fedora KDE; primary on Forgejo
45 commits 66 branches 3 tags 1.4 MiB
Shell 96.3%
QML 3.4%
Dockerfile 0.3%
Find a file
veilor-org 3328ffb460 v0.5.0-alpha: TTY1 installer (omarchy/archinstall-style) 
Adds:
- overlay/usr/local/sbin/veilor-installer — bash+whiptail TUI
- overlay/etc/systemd/system/getty@tty1.service.d/veilor-installer.conf
  → replaces tty1 login with installer
- ks: newt + parted + cryptsetup + lvm2 + btrfs-progs packages
- ks: systemctl set-default multi-user.target (TTY1 lands first; user
  picks "Try live — desktop" from menu to isolate graphical.target)
- ks: chmod +x veilor-installer in chroot %post

Flow:
1. Boot ISO → TTY1 → ASCII banner + menu:
   1) Install to disk    2) Try live — desktop   3) Try live — shell
   4) Reboot             5) Power off
2. Install path: collects disk/hostname/LUKS/admin pw/locale via whiptail,
   generates /run/install/veilor-generated.ks, execs anaconda --kickstart=
3. Reboots into hardened install with full init_on_alloc/free cmdline

Known limitations (v0.5.0-alpha):
- Generated ks doesn't yet copy overlay/scripts into target (anaconda
  installs base Fedora, missing veilor branding/hardening). Fix in v0.5.1.
- whiptail = ugly. v0.5.1 swaps to gum (Go TUI) for omarchy-tier UX.
- No mid-install progress bar; anaconda runs unattended in same tty.
2026-05-02 03:20:42 +01:00
.github ci: patch livecd-creator __get_efi_image_stanza LABEL → CDLABEL 2026-05-01 21:26:34 +01:00
assets v0.3 theme: strip onyx refs from comments (use 'reference system'); lint: filter self-referencing grep patterns 2026-04-30 17:19:12 +01:00
build ci: switch refs from veilorveilor-org (GH org slug); domain veilor.org 2026-04-30 13:59:20 +01:00
docs veilor-os v0.1 scaffold — kickstart + hardening + 3-mode power + DuckSans-ready KDE black theme 2026-04-30 03:43:33 +01:00
kickstart v0.5.0-alpha: TTY1 installer (omarchy/archinstall-style) 2026-05-02 03:20:42 +01:00
overlay v0.5.0-alpha: TTY1 installer (omarchy/archinstall-style) 2026-05-02 03:20:42 +01:00
scripts v0.2.3: os-release branding + admin user creation in %post 2026-05-01 18:25:57 +01:00
test test: add VM runner — qemu+OVMF wrapper for fast iso iteration loop 2026-04-30 04:06:19 +01:00
upstream v0.3 theme: match onyx exactly — solid black wallpaper, Linux Konsole scheme, Breeze_Light cursor 2026-04-30 17:18:14 +01:00
.gitignore chore: gitignore agent worktrees + un-track accidental embedded repos 2026-05-02 01:08:14 +01:00
CONTRIBUTING.md ci: switch refs from veilorveilor-org (GH org slug); domain veilor.org 2026-04-30 13:59:20 +01:00
LICENSE veilor-os v0.1 scaffold — kickstart + hardening + 3-mode power + DuckSans-ready KDE black theme 2026-04-30 03:43:33 +01:00
README.md fonts: swap DuckSans → Fira Code (Fedora fira-code-fonts, SIL OFL 1.1) 2026-04-30 03:57:17 +01:00

README.md

veilor-os

Hardened minimal Fedora KDE remix. Black-on-black. Locked down by default.

veilor-os is a Fedora 43 KDE spin built for operators who want a clean, fast, opinionated desktop with serious hardening already in place. No prompts at install beyond the LUKS passphrase. Boot, set admin password, work.

Highlights

  • Single-prompt install — only LUKS passphrase. No account wizard, no initial-setup screen. admin account is created automatically; password is set on first boot.
  • Hardened by default — SELinux enforcing, USBGuard, fail2ban, firewalld drop zone, kernel sysctl lockdown, NTS-authenticated NTP, DNS-over-TLS.
  • 3-mode power managementveilor-power save | mid | perf, with AC/battery auto-switching via udev. Backed by tuned profiles.
  • Fira Code system font — programming ligatures, monospace consistency across UI + terminal. (DuckSans planned for v0.3.)
  • Pure-black KDE color schemeveilor-black theme system-wide.
  • LUKS2 + Secure Boot — argon2id, aes-xts, btrfs subvolumes, zram swap (no disk swap, no cold-boot leak).
  • Reproducible build — kickstart + podman + livemedia-creator. ISO output is deterministic given pinned base.

Repo layout

kickstart/   veilor-os.ks                full kickstart definition
build/       Containerfile + build-iso.sh   reproducible ISO builder
overlay/     files dropped into installed root via %post
scripts/     hardening, SELinux policy, theme apply, firstboot
assets/      fonts, KDE color scheme, branding, plymouth theme
docs/        HARDENING / POWER / BUILD / INSTALL
test/        boot-checklist + findings log

See docs/BUILD.md for build instructions, docs/INSTALL.md for install, docs/HARDENING.md for what's locked down and why.

Status

Pre-release. v0.x. Repo private until first green ISO boots clean on test hardware.

License

MIT — see LICENSE. Fira Code ships from Fedora's fira-code-fonts package under SIL OFL 1.1.