diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..b74a651
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,32 @@
+# Created by https://www.gitignore.io/api/osx
+# Edit at https://www.gitignore.io/?templates=osx
+
+### OSX ###
+# General
+.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+# End of https://www.gitignore.io/api/osx
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..36e6afc
--- /dev/null
+++ b/README.md
@@ -0,0 +1,213 @@
+# Pumice
+
+
+My spin on Rocky Linux. Nothing fancy. Bare bones with only the things I need and want. The aim of this repo is to have my stuff easily available to myself and anyone interested. It is essentially a kickstart file that can be modified to suit your needs and build an iso with. Compared to a normal Rocky Linux dark mode is enabled by default, third party repo's been added and a different (minimal) selection of packages is used. Kickstarts are a great way to customise Rocky Linux. The iso can be installed without an active internet connection.
+
+ Packages:
+
+ - GUI Stuff:
+ - Cockpit, manage stuff (remotely) from your browser
+ - Eye of Gnome image viewer
+ - Evince document viewer
+ - Flatseal to manage Flatpak permissions
+ - gedit, simple text editor
+ - Gnome disk utility
+ - Gnome font vieuwer
+ - Gnome schreenshot tool
+ - Gnome software centre
+ - Gnome system monitor
+ - Gnome terminal
+ - Gnome tweaks
+ - Nautilus file manager
+ - Plymouth spinner boot theme
+ - Shell utils:
+ - bat 🦀
+ - btop
+ - eza 🦀
+ - grubby
+ - htop
+ - nano
+ - nvme-cli
+ - pciutils
+ - pfetch 🦀
+ - usbutils
+ - ripgrep 🦀
+ - rsync
+ - wget
+ - zsh
+ - and many others!
+ - Extra repo's:
+ - RPM Fusion
+ - EPEL
+ - El Repo
+ - Flatpaks via the Gnome software centre
+
+
+
+#### Contents:
+* [Installation](#installation)
+* [Post install](#post-install)
+* [Updating](#updating)
+
+### Installation
+1. Disable SELinux:
+ ```sh
+ sudo setenforce 0
+ ```
+2. Install required packages:
+ ```sh
+ sudo dnf -y --refresh update && sudo dnf -y install epel-release
+ sudo dnf -y install --nogpgcheck rpmfusion-free-release \
+ https://mirrors.rpmfusion.org/nonfree/el/rpmfusion-nonfree-release-$(rpm -E %rhel).noarch.rpm
+ sudo dnf -y install mock mock-rpmfusion-free mock-rpmfusion-nonfree
+ ```
+3. Add yourself to the mock group and logout:
+ ```sh
+ sudo usermod -a -G mock $USER && exit
+ ```
+4. Log back in and create ```/etc/mock/pumice.cfg``` and paste in the following:
+ ```sh
+ include('rocky+epel-9-x86_64.cfg')
+ include('templates/rpmfusion_free-epel.tpl')
+ include('templates/rpmfusion_nonfree-epel.tpl')
+ config_opts['root'] = "pumice-9-{{ target_arch }}"
+ config_opts['description'] = 'Pumice 9'
+ ```
+5. Initialise and enter the mock environment:
+ ```sh
+ mock -r pumice --init --nobest
+ mock -r pumice --install lorax-lmc-novirt nano pykickstart git
+ mock -r pumice --shell --isolation=simple --enable-network
+ ```
+ The --nobest option is not strickly needed, just sometimes its fails to initialise and this option prevents/fixes it.
+
+6. From inside the mock enviroment download the kickstart file and edit, then flatten it:
+ ```sh
+ git clone https://github.com/zearp/pumice && cd pumice/kickstart
+ nano pumice.ks
+ ksflatten -c pumice.ks -o flat.ks
+ ```
+7. Generate the iso with the following command:
+ ```sh
+ livemedia-creator --ks flat.ks --no-virt --resultdir /var/lmc --project="Pumice" --make-iso \
+ --volid Pumice-9 --iso-only --iso-name Pumice-9-x86_64.iso --releasever=9 --nomacboot && exit
+ ```
+8. When it's done we'll move the iso file to the current directory and clean up:
+ ```sh
+ sudo mv /var/lib/mock/pumice-9-x86_64/root/var/lmc/Pumice-9-x86_64.iso .
+ sudo chown $USER:$USER Pumice-9-x86_64.iso
+ mock -r pumice --scrub=all
+ ```
+9. Re-enable SELinux:
+ ```sh
+ sudo setenforce 1
+ ```
+That's all, you can now use the iso file to install.
+
+# Post install
+Some (hopefully) useful post install stuff.
+
+### Remove left overs.
+```
+sudo dnf -y remove anaconda\*
+sudo dnf clean all
+```
+Optionally if you just want to use ```dnf``` remove flatpak, flatseal and gnome-software.
+```
+sudo dnf -y remove flatpak\* flatseal gnome-software
+```
+On AMD iGPU/GPU systems the Intel driver can be removed too:
+```
+sudo dnf -y remove intel-media-driver
+```
+
+### Verify SELinux
+Security is paramount so let's make sure SELinux is running in ```enforcement``` mode. run the following command to check the current enforcement status:
+```
+sudo getenforce
+```
+If it shows ```Enforcing``` we don't need to do anything. If it shows ```Permissive``` run the following command, reboot and check the enforcement status again:
+```
+sudo fixfiles onboot
+```
+For more information please refer to [this](https://docs.rockylinux.org/guides/security/learning_selinux) page.
+
+### Check for and install firmware updates
+Run these commands one by one and only update if you want to. If everything is workign fine it might not be needed to update anything. Refer to the release notes and change logs for each firmware update.
+```
+sudo fwupdmgr refresh
+sudo fwupdmgr get-updates
+## make sure you need/want these updates!
+sudo fwupdmgr update
+```
+### Cockpit
+Cockpit is a nice web frontend to do basic monitoring and managements tasks. I suggest using it not only on servers but anywhere and also when you need to troubleshoot issues. It has some great utilities and access to log files and services and so on. The default location is ```http://localhost:9090```. For more information please read [this](https://www.redhat.com/sysadmin/intro-cockpit) page.
+
+### El Repo kernel
+Sometimes you need a more modern kernel, for example very recent hardware. We can use the El Repo repository for that. The only cost is that secure boot will no longer function. To enable and install El Repo's 6.x kernel run the following commands:
+```
+sudo dnf -y install elrepo-release
+sudo yum --enablerepo=elrepo-kernel install kernel-lt kernel-lt-modules-extra
+```
+Now reboot and press the escape key to show the grub menu and select the new kernel from the list.
+
+We can replace ```lt``` for ```ml``` if you want even newer mainline kernel as opposed to the long term support kernel. If everything works well run the following commands to set a new default kernel and remove the old default kernel:
+```
+sudo echo -e "DEFAULTKERNEL=kernel-lt-core\nUPDATEDEFAULT=yes" | sudo tee /etc/sysconfig/kernel
+sudo dnf -y remove kernel kernel-core
+```
+You can also modify the kickstart to build your iso with a 6.x kernel instead. For more information see [this](https://elrepo.org/tiki/kernel-lt) page. In order to compile modules it may be needed to install the ```kernel-devel-matched``` package.
+
+### AMD Drivers
+Only works with the stock 5.x kernels. This will give you OpenCL and some additonal video encoders/decoders. Download the latest installer rpm [here](https://repo.radeon.com/amdgpu-install/latest/rhel/9.3/) and install it:
+```
+sudo rpm -i amdgpu-install*.rpm
+sudo amdgpu-install
+sudo reboot
+```
+
+### Firefox
+For hardware encoding set ```media.ffmpeg.vaapi.enabled``` and ```gfx.webrender.all``` to true in ```about:config``` and restart Firefox. To test check cpu/gpu usage in ```nvtop``` or ```intel_gpu_top```. The latter may have to be compiled from source or if you dare manually install the Fedora package (```igt-gpu-tools```). If you use the Flatpak version it may also be needed to run Firefox in Wayland mode by adding an enviroment option using Flatseal. This shouldn't be needed anymore.
+
+It is recommended to block unsupported codecs using [this](https://addons.mozilla.org/en-US/firefox/addon/enhanced-h264ify) add-on. For example, my NUC 8 does not support AV1 but does support VP8/9 and h264. Setting the add-on to only block AV1 tries to makes it so videos are being decoded by the gpu. To see which codecs are supported you can use the ```vainfo``` command.
+
+You will see entries like ```VAProfileH264``` and so on. Disable any you don't have but are listed in the ```enhanced-h264ify``` add-on. This way Firefox won't be rendering videos ususing the cpu (as much). If you run into a video that doesn't play disabling the add-on and refreshing the page should fix it and let Firefox use the cpu to render the video.
+
+While we're at it let's install [uBlock Origin](https://addons.mozilla.org/en-GB/firefox/addon/ublock-origin) to block some ads and trackers.
+
+### Misc.
+- Change shell to zsh:
+ ```sh
+ sudo usermod --shell /usr/bin/zsh $USER
+ ```
+- Less flickering when booting and old school network interface names:
+ ```sh
+ grubby --update-kernel=ALL --args="loglevel=3 systemd.show_status=auto rd.udev.log_level=3 vt.global_cursor_default=0 biosdevname=0 net.ifnames=0"
+ ```
+- Sort apps alphabetically, logout and in to apply, don't use sudo here:
+ ```sh
+ gsettings set org.gnome.shell app-picker-layout "[]"
+ ```
+- Sync login screen settings (gdm):
+ ```sh
+ sudo cp ~/.config/monitors.xml /var/lib/gdm/.config/
+ ```
+- Remove brightness slider (when applicable):
+ ```sh
+ sudo grubby --update-kernel ALL --args acpi_backlight=none
+ ```
+- Compiling kernel modules:
+ ```sh
+ sudo dnf -y install kernel-devel dkms
+ ```
+- Disable sleep/suspend completely, disable it in Gnome settings first or else you get false positive notifications about impending suspends. Re-run with ```unmask``` to re-enable:
+ ```sh
+ sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
+ ```
+- The firewall (```firewalld```) is enabled and allowing; cockpit and ssh. For some basics on opening ports/services and more information please refer to [this](https://docs.rockylinux.org/guides/security/firewalld-beginners) page.
+
+# Updating
+Easy mode!
+```
+sudo dnf --refresh update
+```
diff --git a/assets/dot_zshrc b/assets/dot_zshrc
new file mode 100644
index 0000000..83e6f43
--- /dev/null
+++ b/assets/dot_zshrc
@@ -0,0 +1,87 @@
+# basic zshrc -- the best shell there is =]
+#
+
+# enable colours and set prompt
+#
+autoload -U colors && colors
+PS1="%B%{$fg[blue]%}[%{$fg[cyan]%}%n%{$fg[white]%}@%{$fg[green]%}%M %{$fg[magenta]%}%~%{$fg[blue]%}]%{$reset_color%}$%b "
+
+# save some history
+#
+HISTFILE=~/.zsh_history
+HISTSIZE=10000
+SAVEHIST=10000
+setopt appendhistory
+setopt hist_ignore_all_dups
+setopt hist_ignore_space
+
+# setup simple aliases
+#
+alias cat="bat -p"
+alias grep="rg"
+alias diff="diff --color=auto"
+alias ip="ip -color=auto"
+alias ls="eza --group-directories-first"
+alias ll="eza --group-directories-first -alg --git"
+alias tree="eza -Tla --time-style=long-iso"
+alias nano="nano -c"
+
+# env
+#
+#export LESS="-R --use-color -Dd+r$Du+b"
+export EDITOR="nano"
+export VISUAL="nano"
+
+# enable auto completion
+#
+autoload -U compinit
+zstyle ':completion:*' menu select
+zmodload zsh/complist
+compinit
+_comp_options+=(globdots)
+
+# timers
+#
+function preexec() {
+ timer=$(($(date +%s%0N)/1000000))
+}
+
+function precmd() {
+ if [ $timer ]; then
+ now=$(($(date +%s%0N)/1000000))
+ elapsed=$(($now-$timer))
+
+ export RPROMPT="%F{yellow}${elapsed}ms %{$reset_color%}"
+ unset timer
+ fi
+ }
+
+# use vim and arrow heys to navigate auto complete
+#
+bindkey -M menuselect 'h' vi-backward-char
+bindkey -M menuselect 'k' vi-up-line-or-history
+bindkey -M menuselect 'l' vi-forward-char
+bindkey -M menuselect 'j' vi-down-line-or-history
+bindkey -M menuselect 'left' vi-backward-char
+bindkey -M menuselect 'up' vi-up-line-or-history
+bindkey -M menuselect 'right' vi-forward-char
+bindkey -M menuselect 'down' vi-down-line-or-history
+
+# make it so newly added executables can be auto completed
+#
+zstyle ':completion:*' rehash true
+
+# auto suggestions
+#
+source /usr/share/zsh-autosuggestions/zsh-autosuggestions.zsh
+
+# pfetch
+#
+export PF_COL1="7"
+export PF_COL2="8"
+export PF_INFO="ascii os host kernel uptime pkgs memory shell editor wm de palette"
+#[[ "$(cat /proc/$PPID/comm)" =~ "(kgx|foot|alacritty|sshd)" ]] && echo "" && pfetch
+
+# enable syntax highlighting, needs to be loaded last
+#
+source /usr/share/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
diff --git a/assets/pfetch b/assets/pfetch
new file mode 100755
index 0000000..a9258a3
Binary files /dev/null and b/assets/pfetch differ
diff --git a/assets/wallpaper.jpg b/assets/wallpaper.jpg
new file mode 100644
index 0000000..1047836
Binary files /dev/null and b/assets/wallpaper.jpg differ
diff --git a/kickstart/include/rocky.ks b/kickstart/include/rocky.ks
new file mode 100644
index 0000000..4f59108
--- /dev/null
+++ b/kickstart/include/rocky.ks
@@ -0,0 +1,383 @@
+%post
+# FIXME: it'd be better to get this installed from a package
+cat > /etc/rc.d/init.d/livesys << EOF
+#!/bin/bash
+#
+# live: Init script for live image
+#
+# chkconfig: 345 00 99
+# description: Init script for live image.
+### BEGIN INIT INFO
+# X-Start-Before: display-manager chronyd
+### END INIT INFO
+
+. /etc/init.d/functions
+
+if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ]; then
+ exit 0
+fi
+
+if [ -e /.liveimg-configured ] ; then
+ configdone=1
+fi
+
+exists() {
+ which \$1 >/dev/null 2>&1 || return
+ \$*
+}
+
+livedir="LiveOS"
+for arg in \`cat /proc/cmdline\` ; do
+ if [ "\${arg##rd.live.dir=}" != "\${arg}" ]; then
+ livedir=\${arg##rd.live.dir=}
+ continue
+ fi
+ if [ "\${arg##live_dir=}" != "\${arg}" ]; then
+ livedir=\${arg##live_dir=}
+ fi
+done
+
+# Enable swap unless requested otherwise
+swaps=\`blkid -t TYPE=swap -o device\`
+if ! strstr "\`cat /proc/cmdline\`" noswap && [ -n "\$swaps" ] ; then
+ for s in \$swaps ; do
+ action "Enabling swap partition \$s" swapon \$s
+ done
+fi
+if ! strstr "\`cat /proc/cmdline\`" noswap && [ -f /run/initramfs/live/\${livedir}/swap.img ] ; then
+ action "Enabling swap file" swapon /run/initramfs/live/\${livedir}/swap.img
+fi
+
+# Support for persistent homes
+mountPersistentHome() {
+ # support label/uuid
+ if [ "\${homedev##LABEL=}" != "\${homedev}" -o "\${homedev##UUID=}" != "\${homedev}" ]; then
+ homedev=\`/sbin/blkid -o device -t "\$homedev"\`
+ fi
+
+ # if we're given a file rather than a blockdev, loopback it
+ if [ "\${homedev##mtd}" != "\${homedev}" ]; then
+ # mtd devs don't have a block device but get magic-mounted with -t jffs2
+ mountopts="-t jffs2"
+ elif [ ! -b "\$homedev" ]; then
+ loopdev=\`losetup -f\`
+ if [ "\${homedev##/run/initramfs/live}" != "\${homedev}" ]; then
+ action "Remounting live store r/w" mount -o remount,rw /run/initramfs/live
+ fi
+ losetup \$loopdev \$homedev
+ homedev=\$loopdev
+ fi
+
+ # if it's encrypted, we need to unlock it
+ if [ "\$(/sbin/blkid -s TYPE -o value \$homedev 2>/dev/null)" = "crypto_LUKS" ]; then
+ echo
+ echo "Setting up encrypted /home device"
+ plymouth ask-for-password --command="cryptsetup luksOpen \$homedev EncHome"
+ homedev=/dev/mapper/EncHome
+ fi
+
+ # and finally do the mount
+ mount \$mountopts \$homedev /home
+ # if we have /home under what's passed for persistent home, then
+ # we should make that the real /home. useful for mtd device on olpc
+ if [ -d /home/home ]; then mount --bind /home/home /home ; fi
+ [ -x /sbin/restorecon ] && /sbin/restorecon /home
+ if [ -d /home/liveuser ]; then USERADDARGS="-M" ; fi
+}
+
+# Help locate persistent homes
+findPersistentHome() {
+ for arg in \`cat /proc/cmdline\` ; do
+ if [ "\${arg##persistenthome=}" != "\${arg}" ]; then
+ homedev=\${arg##persistenthome=}
+ fi
+ done
+}
+
+if strstr "\`cat /proc/cmdline\`" persistenthome= ; then
+ findPersistentHome
+elif [ -e /run/initramfs/live/\${livedir}/home.img ]; then
+ homedev=/run/initramfs/live/\${livedir}/home.img
+fi
+
+# Mount the persistent home if it's available
+if ! strstr "\`cat /proc/cmdline\`" nopersistenthome && [ -n "\$homedev" ] ; then
+ action "Mounting persistent /home" mountPersistentHome
+fi
+
+if [ -n "\$configdone" ]; then
+ exit 0
+fi
+
+# Create the liveuser (no password) so automatic logins and sudo works
+action "Adding live user" useradd \$USERADDARGS -c "Live System User" liveuser
+passwd -d liveuser > /dev/null
+usermod -aG wheel liveuser > /dev/null
+
+# Same for root
+passwd -d root > /dev/null
+
+# Turn off firstboot (similar to a DVD/minimal install, where it asks
+# for the user to accept the EULA before bringing up a TTY)
+systemctl --no-reload disable firstboot-text.service 2> /dev/null || :
+systemctl --no-reload disable firstboot-graphical.service 2> /dev/null || :
+systemctl stop firstboot-text.service 2> /dev/null || :
+systemctl stop firstboot-graphical.service 2> /dev/null || :
+
+# Prelinking damages the images
+sed -i 's/PRELINKING=yes/PRELINKING=no/' /etc/sysconfig/prelink &>/dev/null || :
+
+# Turn off mdmonitor by default
+systemctl --no-reload disable mdmonitor.service 2> /dev/null || :
+systemctl --no-reload disable mdmonitor-takeover.service 2> /dev/null || :
+systemctl stop mdmonitor.service 2> /dev/null || :
+systemctl stop mdmonitor-takeover.service 2> /dev/null || :
+
+# Even if there isn't gnome, this doesn't hurt.
+gsettings set org.gnome.software download-updates 'false' || :
+
+# Disable cron
+systemctl --no-reload disable crond.service 2> /dev/null || :
+systemctl --no-reload disable atd.service 2> /dev/null || :
+systemctl stop crond.service 2> /dev/null || :
+systemctl stop atd.service 2> /dev/null || :
+
+# Disable abrt
+systemctl --no-reload disable abrtd.service 2> /dev/null || :
+systemctl stop abrtd.service 2> /dev/null || :
+
+# Don't sync the system clock when running live (RHBZ #1018162)
+sed -i 's/rtcsync//' /etc/chrony.conf
+
+# Mark things as configured
+touch /.liveimg-configured
+
+# add static hostname to work around xauth bug
+# https://bugzilla.redhat.com/show_bug.cgi?id=679486
+# the hostname must be something else than 'localhost'
+# https://bugzilla.redhat.com/show_bug.cgi?id=1370222
+echo "pumice" > /etc/hostname
+
+EOF
+
+# HAL likes to start late.
+cat > /etc/rc.d/init.d/livesys-late << EOF
+#!/bin/bash
+#
+# live: Late init script for live image
+#
+# chkconfig: 345 99 01
+# description: Late init script for live image.
+
+. /etc/init.d/functions
+
+if ! strstr "\`cat /proc/cmdline\`" rd.live.image || [ "\$1" != "start" ] || [ -e /.liveimg-late-configured ] ; then
+ exit 0
+fi
+
+exists() {
+ which \$1 >/dev/null 2>&1 || return
+ \$*
+}
+
+touch /.liveimg-late-configured
+
+# Read some stuff out of the kernel cmdline
+for o in \`cat /proc/cmdline\` ; do
+ case \$o in
+ ks=*)
+ ks="--kickstart=\${o#ks=}"
+ ;;
+ xdriver=*)
+ xdriver="\${o#xdriver=}"
+ ;;
+ esac
+done
+
+# If liveinst or textinst is given, start installer
+if strstr "\`cat /proc/cmdline\`" liveinst ; then
+ plymouth --quit
+ /usr/sbin/liveinst \$ks
+fi
+if strstr "\`cat /proc/cmdline\`" textinst ; then
+ plymouth --quit
+ /usr/sbin/liveinst --text \$ks
+fi
+
+# Configure X, allowing user to override xdriver
+if [ -n "\$xdriver" ]; then
+ cat > /etc/X11/xorg.conf.d/00-xdriver.conf <> /etc/fstab << EOF
+vartmp /var/tmp tmpfs defaults 0 0
+EOF
+
+# PackageKit likes to play games. Let's fix that.
+rm -f /var/lib/rpm/__db*
+releasever=$(rpm -q --qf '%{version}\n' --whatprovides system-release)
+basearch=$(uname -i)
+rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rockyofficial
+echo "Packages within this LiveCD"
+rpm -qa
+# Note that running rpm recreates the rpm db files which aren't needed or wanted
+rm -f /var/lib/rpm/__db*
+
+# go ahead and pre-make the man -k cache (#455968)
+/usr/bin/mandb
+
+# make sure there aren't core files lying around
+rm -f /core*
+
+# remove random seed, the newly installed instance should make it's own
+rm -f /var/lib/systemd/random-seed
+
+# convince readahead not to collect
+# FIXME: for systemd
+
+echo 'File created by kickstart. See systemd-update-done.service(8).' \
+ | tee /etc/.updated >/var/.updated
+
+# Drop the rescue kernel and initramfs, we don't need them on the live media itself.
+# See bug 1317709
+rm -f /boot/*-rescue*
+
+# Disable network service here, as doing it in the services line
+# fails due to RHBZ #1369794 - the error is expected
+/sbin/chkconfig network off
+
+# Remove machine-id on generated images
+rm -f /etc/machine-id
+touch /etc/machine-id
+
+%end
+
+%post --nochroot
+cp $INSTALL_ROOT/usr/share/licenses/*-release/* $LIVE_ROOT/
+
+# This only works on x86_64
+if [ "$(uname -i)" = "i386" -o "$(uname -i)" = "x86_64" ]; then
+ # For livecd-creator builds
+ if [ ! -d $LIVE_ROOT/LiveOS ]; then mkdir -p $LIVE_ROOT/LiveOS ; fi
+ cp /usr/bin/livecd-iso-to-disk $LIVE_ROOT/LiveOS
+
+ # For lorax/livemedia-creator builds
+ sed -i '
+ /## make boot.iso/ i\
+ # Add livecd-iso-to-disk script to .iso filesystem at /LiveOS/\
+ <% f = "usr/bin/livecd-iso-to-disk" %>\
+ %if exists(f):\
+ install ${f} ${LIVEDIR}/${f|basename}\
+ %endif\
+ ' /usr/share/lorax/templates.d/99-generic/live/x86.tmpl
+fi
+
+%end
+
+%post
+
+cat >> /etc/rc.d/init.d/livesys << EOF
+
+
+# disable gnome-software automatically downloading updates
+cat >> /usr/share/glib-2.0/schemas/org.gnome.software.gschema.override << FOE
+[org.gnome.software]
+download-updates=false
+FOE
+
+# don't autostart gnome-software session service
+rm -f /etc/xdg/autostart/gnome-software-service.desktop
+
+# disable the gnome-software shell search provider
+cat >> /usr/share/gnome-shell/search-providers/org.gnome.Software-search-provider.ini << FOE
+DefaultDisabled=true
+FOE
+
+# don't run gnome-initial-setup
+mkdir ~liveuser/.config
+touch ~liveuser/.config/gnome-initial-setup-done
+
+# suppress anaconda spokes redundant with gnome-initial-setup
+cat >> /etc/sysconfig/anaconda << FOE
+[NetworkSpoke]
+visited=1
+
+[PasswordSpoke]
+visited=1
+
+[UserSpoke]
+visited=1
+FOE
+
+# make the installer show up
+if [ -f /usr/share/applications/liveinst.desktop ]; then
+ # Show harddisk install in shell dash
+ sed -i -e 's/NoDisplay=true/NoDisplay=false/' /usr/share/applications/liveinst.desktop ""
+ # need to move it to anaconda.desktop to make shell happy
+ mv /usr/share/applications/liveinst.desktop /usr/share/applications/anaconda.desktop
+
+ cat >> /usr/share/glib-2.0/schemas/org.gnome.shell.gschema.override << FOE
+[org.gnome.shell]
+favorite-apps=['firefox.desktop', 'evolution.desktop', 'org.gnome.Nautilus.desktop', 'anaconda.desktop']
+FOE
+
+ # Make the welcome screen show up
+ if [ -f /usr/share/anaconda/gnome/fedora-welcome.desktop ]; then
+ mkdir -p ~liveuser/.config/autostart
+ cp /usr/share/anaconda/gnome/fedora-welcome.desktop /usr/share/applications/
+ cp /usr/share/anaconda/gnome/fedora-welcome.desktop ~liveuser/.config/autostart/
+ fi
+
+ # Disable GNOME welcome tour so it doesn't overlap with Fedora welcome screen
+ cat >> /usr/share/glib-2.0/schemas/org.gnome.shell.gschema.override << FOE
+welcome-dialog-last-shown-version='4294967295'
+FOE
+
+ # Copy Anaconda branding in place
+ if [ -d /usr/share/lorax/product/usr/share/anaconda ]; then
+ cp -a /usr/share/lorax/product/* /
+ fi
+fi
+
+# rebuild schema cache with any overrides we installed
+glib-compile-schemas /usr/share/glib-2.0/schemas
+
+# set up auto-login
+cat > /etc/gdm/custom.conf << FOE
+[daemon]
+AutomaticLoginEnable=True
+AutomaticLogin=liveuser
+FOE
+
+# Turn off PackageKit-command-not-found while uninstalled
+if [ -f /etc/PackageKit/CommandNotFound.conf ]; then
+ sed -i -e 's/^SoftwareSourceSearch=true/SoftwareSourceSearch=false/' /etc/PackageKit/CommandNotFound.conf
+fi
+
+# make sure to set the right permissions and selinux contexts
+chown -R liveuser:liveuser /home/liveuser/
+restorecon -R /home/liveuser/
+restorecon -R /
+EOF
+%end
diff --git a/kickstart/pumice.ks b/kickstart/pumice.ks
new file mode 100644
index 0000000..46e6fc2
--- /dev/null
+++ b/kickstart/pumice.ks
@@ -0,0 +1,272 @@
+# pumice.ks
+# https://github.com/zearp
+#
+bootloader --location=none
+clearpart --all
+firewall --enabled --service=mdns
+keyboard 'us'
+lang en_US.UTF-8
+network --bootproto=dhcp --device=link --activate
+part / --fstype="ext4" --size=8192
+rootpw --iscrypted --lock locked
+selinux --enforcing
+services --disabled="ModemManager,sshd" --enabled="NetworkManager"
+shutdown
+timezone Europe/Amsterdam
+url --url="http://dl.rockylinux.org/stg/rocky/9/BaseOS/$basearch/os/"
+xconfig --startxonboot
+zerombr
+
+# fix dns inside mock
+#
+%post --nochroot
+cp --remove-destination /etc/resolv.conf /mnt/sysimage/etc/resolv.conf
+%end
+
+# setup repos
+#
+repo --name="BaseOS" --baseurl=http://dl.rockylinux.org/stg/rocky/9/BaseOS/$basearch/os/ --cost=200
+repo --name="AppStream" --baseurl=http://dl.rockylinux.org/stg/rocky/9/AppStream/$basearch/os/ --cost=200
+repo --name="CRB" --baseurl=http://dl.rockylinux.org/stg/rocky/9/CRB/$basearch/os/ --cost=200
+repo --name="extras" --baseurl=http://dl.rockylinux.org/stg/rocky/9/extras/$basearch/os --cost=200
+repo --name="epel" --mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-$releasever&arch=$basearch
+repo --name="rpmfusion-free-release" --mirrorlist=https://mirrors.rpmfusion.org/metalink?repo=free-el-updates-released-$releasever&arch=$basearch
+repo --name="rpmfusion-nonfree-release" --mirrorlist=https://mirrors.rpmfusion.org/metalink?repo=nonfree-el-updates-released-$releasever&arch=$basearch
+#repo --name="elrepo-kernel" --baseurl=https://elrepo.org/linux/kernel/el9/$basearch/
+
+# enable repos
+#
+%post
+dnf config-manager --enable crb extras
+#dnf config-manager --enable crb elrepo-kernel extras
+%end
+
+# include needed bits from the stock kickstart
+#
+%include include/rocky.ks
+
+# intel tweaks, remove enable_guc for 5th gen and older and set to 3 for 9th gen and newer
+#
+%post
+echo "options i915 enable_guc=2 enable_fbc=1 fastboot=1" | tee /etc/modprobe.d/i915.conf
+echo "dev.i915.perf_stream_paranoid = 0" | tee /etc/sysctl.d/98-i915.conf
+%end
+
+# setup darkmode and wallpaper
+#
+%post
+mkdir -p /usr/share/backgrounds
+wget -q -nc -4 --no-check-certificate https://raw.githubusercontent.com/zearp/pumice/main/assets/wallpaper.jpg -O /usr/share/backgrounds/pumice.jpg
+cat > /etc/skel/.gtkrc-2.0 << EOF
+include "/usr/share/themes/Adwaita-dark/gtk-2.0/gtkrc"
+include "/etc/gtk-2.0/gtkrc"
+gtk-theme-name="Adwaita-dark"
+EOF
+mkdir -p /etc/skel/.config/gtk-3.0
+cat > /etc/skel/.config/gtk-3.0/settings.ini << EOF
+[Settings]
+gtk-theme-name = Adwaita-dark
+EOF
+mkdir -p /etc/dconf/db/local.d
+cat > /etc/dconf/db/local.d/01-darkmode << EOF
+[org/gnome/desktop/interface]
+gtk-theme='Adwaita-dark'
+color-scheme='prefer-dark'
+EOF
+cat > /etc/dconf/db/local.d/02-background << EOF
+[org/gnome/desktop/background]
+picture-uri='file:///usr/share/backgrounds/pumice.jpg'
+picture-options='scaled'
+EOF
+dconf update
+%end
+
+# setup and populate flatpaks
+#
+%post
+flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
+flatpak remote-ls &> /dev/null
+dnf -y makecache
+%end
+
+# setup some misc stuff
+#
+%post
+# sets the spinner theme, requires the plymouth-theme-spinner package
+plymouth-set-default-theme spinner -R
+# fixes flatseal not saving overrides properly
+mkdir -p /etc/skel/.local/share/flatpak/overrides
+# fix mpv not always using hardware encoding
+mkdir -p /etc/skel/.config/mpv
+echo "hwdec=auto" | tee /etc/skel/.config/mpv/mpv.conf
+# fetch .zshrc
+rm /etc/skel/.zshrc
+wget -q -nc -4 --no-check-certificate https://raw.githubusercontent.com/zearp/pumice/main/assets/dot_zshrc -O /etc/skel/.zshrc
+# fetch pfetch
+wget -q -nc -4 --no-check-certificate https://raw.githubusercontent.com/zearp/pumice/main/assets/pfetch -O /usr/local/bin/pfetch
+chmod 755 /usr/local/bin/pfetch
+# monitor the waves
+rpm -i https://kojipkgs.fedoraproject.org//packages/wavemon/0.9.4/4.fc38/x86_64/wavemon-0.9.4-4.fc38.x86_64.rpm
+# some peace and quiet
+touch /etc/skel/.hushlogin
+echo "kernel.printk = 3 3 3 3" | tee /etc/sysctl.d/97-quiet-printk.conf
+%end
+
+# setup some services
+#
+%post
+systemctl disable NetworkManager-wait-online
+systemctl enable --now acpid
+systemctl enable --now cockpit.socket
+systemctl enable --now firewalld
+systemctl enable --now fstrim.timer
+systemctl enable --now sshd
+systemctl enable --now thermald
+systemctl enable --now tuned
+tuned-adm profile desktop
+%end
+
+# el repo
+#
+#%post
+#echo -e "DEFAULTKERNEL=kernel-lt-core\nUPDATEDEFAULT=yes" | tee /etc/sysconfig/kernel
+#%end
+
+# a little maintenance and cleaning
+#
+%post
+dnf -y groupupdate multimedia --setop="install_weak_deps=False" --exclude=PackageKit-gstreamer-plugin
+#dnf -y install iwl7260-firmware
+dnf -y remove gnome-tour rocky-backgrounds gnome-shell-extension-background-logo
+dnf clean all
+%end
+
+# package selection
+#
+%packages
+@^minimal-environment
+@anaconda-tools
+#@base-x
+@core
+# uncomment if you need additional asian language fonts
+#@fonts
+#@gnome-desktop
+# uncomment if you plan to run in a virtual machine
+#@guest-desktop-agents
+#@hardware-support
+#@internet-browser
+@multimedia
+@networkmanager-submodules
+aajohan-comfortaa-fonts
+acpid
+anaconda
+anaconda-install-env-deps
+anaconda-live
+#baobab
+bat
+#broadcom-wl
+btop
+chkconfig
+chrome-gnome-shell
+cockpit
+dracut-live
+efi-filesystem
+efibootmgr
+efivar-libs
+#elrepo-release
+eog
+epel-release
+evince
+eza
+ffmpeg
+file-roller-nautilus
+flatseal
+gdm
+gedit
+glibc-all-langpacks
+#gnome-calculator
+#gnome-characters
+gnome-disk-utility
+# uncomment if you don't intend to use the flatpak extension manager app
+#gnome-extensions-app
+gnome-font-viewer
+gnome-keyring
+#gnome-logs
+gnome-screenshot
+gnome-session-wayland-session
+gnome-software
+gnome-system-monitor
+gnome-terminal
+gnome-tweaks
+google-noto-emoji-color-fonts
+#gparted
+grub2-common
+grub2-efi
+grub2-efi-*64
+grub2-efi-*64-cdboot
+grub2-pc-modules
+grub2-tools
+grub2-tools-efi
+grub2-tools-extra
+grub2-tools-minimal
+grubby
+htop
+initscripts
+# 5th gen and older should use libva-intel-driver or libva-intel-hybrid-driver
+intel-media-driver
+kernel
+kernel-core
+#kernel-devel
+#kernel-headers
+kernel-modules
+kernel-modules-extra
+kernel-tools
+# el repo
+#kernel-lt
+##kernel-lt-devel-matched
+#kernel-lt-modules
+#kernel-lt-modules-extra
+#kernel-lt-tools
+libavcodec-freeworld
+libva-utils
+memtest86+
+mlocate
+mpv
+nano
+nautilus
+nvme-cli
+nvtop
+pciutils
+#piper
+plymouth
+plymouth-theme-spinner
+ripgrep
+rpmfusion-free-release
+rpmfusion-nonfree-release
+rsync
+#seahorse
+shim-*64
+syslinux
+thermald
+tuned
+unzip
+usbutils
+wget
+zsh
+zsh-autosuggestions
+zsh-syntax-highlighting
+-@dial-up
+-@input-methods
+-@standard
+-gfs2-utils
+-iwl*-firmware
+-kmod-kvdo
+-reiserfs-utils
+-shim-unsigned-*64
+-vdo
+%end
+
+# fix for dns inside mock, the installed system doesn't need it
+%post
+rm /etc/resolv.conf
+%end