Fully expanded annotated directory tree of the deployed /=git working
tree (and equivalently the mios.git source tree). Each leaf carries a
one-line description of what it does and which other paths reference it.
The deployed root / IS this tree (mios_root_git): operators edit
files at their FHS paths, git commit, push to the local Forgejo at
localhost:3000, the Forgejo Runner builds a new OCI image, and
bootc switch swaps to it on the next boot.
.
│
├─ Operator entry points ────────────────────────────────────────────
│ ├─ mios-pipeline.sh canonical 11-phase orchestrator (Linux/WSL/macOS host)
│ ├─ mios-pipeline.ps1 canonical 11-phase orchestrator (Windows host)
│ ├─ Get-MiOS.ps1 Windows curl/iex bootstrap landing page (irm | iex entry)
│ ├─ build-mios.ps1 Windows build orchestrator (worker for pipeline phases 1-8)
│ ├─ install.ps1 Windows installer (worker for pipeline phases 9-10)
│ ├─ install.sh Linux Phase-3 system installer (worker for pipeline phase 9)
│ ├─ install-mios-agents.sh AI-agent CLI installer (Cline / Cursor / Claude Code wiring)
│ ├─ preflight.ps1 / tools/preflight.sh prerequisite checks (worker for pipeline phase 1)
│ ├─ push-to-github.ps1 GHCR image push helper
│ ├─ Justfile per-target build recipes (build / iso / qcow2 / vhdx / wsl2 / sbom)
│ ├─ Containerfile OCI image definition (FROM ucore-hci, runs automation/)
│ └─ mios-build-local.ps1 legacy redirector → build-mios.ps1
│
├─ VERSION canonical version stamp (0.2.4); mirrored to /usr/share/mios/VERSION at overlay time
├─ MiOS-SBOM.csv build-time Software Bill of Materials (generated by automation/90-generate-sbom.sh)
├─ image-versions.yml base-image digest pinning (Renovate-managed)
├─ renovate.json Renovate Bot config (image / dep update PRs)
│
├─ Documentation ────────────────────────────────────────────────────
│ ├─ README.md project overview
│ ├─ usr/share/mios/ai/INDEX.md authoritative system interface + Architectural Laws
│ ├─ usr/share/doc/mios/concepts/architecture.md filesystem + hardware blueprints
│ ├─ usr/share/doc/mios/guides/engineering.md security + build standards
│ ├─ usr/share/doc/mios/guides/deploy.md deploy-time instructions
│ ├─ usr/share/doc/mios/guides/install.md install-time instructions
│ ├─ usr/share/doc/mios/guides/self-build.md self-replication-loop docs
│ ├─ SECURITY.md security posture
│ ├─ LICENSE / usr/share/doc/mios/reference/licenses.md Apache-2.0 + bundled-component licenses
│ ├─ usr/share/doc/mios/reference/credits.md upstream attribution registry
│ ├─ usr/share/doc/mios/reference/sources.md upstream-source pointers
│ ├─ AGREEMENTS.md runtime agreements + research-project framing
│ ├─ CONTRIBUTING.md contributor conventions
│ ├─ usr/share/doc/mios/reference/api.md OpenAI-compatible API surface docs
│ ├─ AGENTS.md / GEMINI.md agent-specific entry hints
│ ├─ CLAUDE.md / usr/share/mios/ai/audit-prompt.md Claude Code guidance + audit
│ ├─ usr/share/doc/mios/reference/engineering-reference.md env-var + path reference table
│ ├─ usr/share/doc/mios/reference/tree.md this file
│ ├─ llms.txt AI ingestion index
│ └─ system-prompt.md repo-root pointer to /usr/share/mios/ai/system.md
│
├─ Build context ────────────────────────────────────────────────────
│ │
│ ├─ automation/ numbered build phases (run inside Containerfile)
│ │ ├─ build.sh master phase runner
│ │ ├─ build-mios.sh FHS-overlay-merge for non-bootc Fedora
│ │ ├─ install.sh Phase-3 system installer
│ │ ├─ install-bootstrap.sh interactive ignition installer
│ │ ├─ install-fhs.sh FHS-overlay-merge variant
│ │ ├─ bootstrap.sh public Linux/WSL bootstrap (curl-pipe-bash entry)
│ │ ├─ ai-bootstrap.sh AI-tooling bootstrap helper
│ │ ├─ overlay-builder.sh cross-shape FHS overlay applier
│ │ │
│ │ ├─ 01-repos.sh Fedora 44 / RPMFusion repo enable
│ │ ├─ 02-kernel.sh kernel devel/headers (akmod / DKMS)
│ │ ├─ 05-enable-external-repos.sh CrowdSec / ublue-os / mios-COPR repos
│ │ ├─ 08-system-files-overlay.sh tar usr/ + etc/ overlay onto base; perm-normalize
│ │ ├─ 09-fonts.sh Geist Mono / Nerd Font / Bibata cursor
│ │ ├─ 10-gnome.sh GNOME 50 desktop install (Wayland-only)
│ │ ├─ 11-hardware.sh GPU drivers (Mesa / NVIDIA akmod / ROCm / Intel)
│ │ ├─ 12-virt.sh KVM/QEMU/libvirt + Podman Quadlet stack
│ │ ├─ 13-ceph-k3s.sh Ceph + K3s SELinux module build
│ │ ├─ 18-apply-boot-fixes.sh known-issue patches (composefs/dracut)
│ │ ├─ 19-k3s-selinux.sh build the k3s SELinux policy module
│ │ ├─ 20-fapolicyd-trust.sh fapolicyd trust DB seed
│ │ ├─ 20-services.sh systemd preset + service-gate setup
│ │ ├─ 21-moby-engine.sh Docker-compatible engine (moby)
│ │ ├─ 22-freeipa-client.sh FreeIPA client install
│ │ ├─ 23-uki-render.sh UKI (Unified Kernel Image) tooling
│ │ ├─ 25-firewall-ports.sh firewalld ports for Cockpit / SSH / RDP
│ │ ├─ 26-gnome-remote-desktop.sh gnome-remote-desktop wiring
│ │ ├─ 30-locale-theme.sh dark theme + skel + GTK / Qt
│ │ ├─ 31-user.sh OVERLAY-TIME user creation (sysusers + subuid + password)
│ │ ├─ 32-hostname.sh unique per-instance hostname
│ │ ├─ 33-firewall.sh firewalld zone defaults
│ │ ├─ 34-gpu-detect.sh GPU passthrough bridge service
│ │ ├─ 35-gpu-passthrough.sh VFIO setup
│ │ ├─ 35-gpu-pv-shim.sh Hyper-V GPU-PV shim
│ │ ├─ 35-init-service.sh mios-role.service bridge
│ │ ├─ 36-akmod-guards.sh akmod build-failure guards
│ │ ├─ 36-tools.sh mios CLI installer
│ │ ├─ 37-aichat.sh aichat distrobox host shims
│ │ ├─ 37-flatpak-env.sh capture flatpak env for first-boot install
│ │ ├─ 37-ollama-prep.sh Ollama binary fetch + model bake
│ │ ├─ 37-selinux.sh build-time SELinux policy fixes
│ │ ├─ 38-oh-my-posh.sh oh-my-posh install + theme
│ │ ├─ 38-vm-gating.sh VM service gating + Hyper-V Enhanced Session
│ │ ├─ 39-desktop-polish.sh desktop entries / Cockpit webapp
│ │ ├─ 40-composefs-verity.sh composefs verity setup
│ │ ├─ 40-flatpak-bake.sh bake [desktop].flatpaks list into image
│ │ ├─ 41-gpu-cdi-toolkits.sh AMD/Intel CDI generators (out-of-Fedora binaries)
│ │ ├─ 42-cosign-policy.sh sigstore signed-image policy
│ │ ├─ 43-uupd-installer.sh uupd unified updater install
│ │ ├─ 44-podman-machine-compat.sh podman-machine compat (groups, cloud-init exits)
│ │ ├─ 45-nvidia-cdi-refresh.sh NVIDIA CDI auto-refresh wiring
│ │ ├─ 46-greenboot.sh greenboot health-check + auto-rollback
│ │ ├─ 47-hardening.sh Defense-in-depth hardening
│ │ ├─ 49-finalize.sh final image preparation
│ │ ├─ 50-enable-log-copy-service.sh build-log preservation service
│ │ ├─ 52-bake-kvmfr.sh KVMFR module build
│ │ ├─ 53-bake-lookingglass-client.sh Looking Glass client build
│ │ ├─ 90-generate-sbom.sh SBOM (syft / CSV)
│ │ ├─ 91-strip-build-toolchain.sh strip gcc/cmake/golang from runtime
│ │ ├─ 98-boot-config.sh kargs.d / boot console
│ │ ├─ 99-cleanup.sh final image cleanup
│ │ ├─ 99-postcheck.sh architectural-law audits + lint
│ │ ├─ enroll-mok.sh SecureBoot MOK key enroll
│ │ ├─ generate-mok-key.sh SecureBoot MOK key generation
│ │ ├─ bcvk-wrapper.sh bootc-virt-kernel wrapper
│ │ ├─ validate-kargs.py kargs.d/*.toml schema validator
│ │ ├─ mios-build-builder.ps1 builder helper for Windows side
│ │ ├─ manifest.json build artifact manifest
│ │ ├─ mios-motd MOTD source for image overlay
│ │ ├─ mios-toggle-headless headless-mode toggle script
│ │ │
│ │ └─ lib/ shared helpers
│ │ ├─ common.sh logging + dnf flags + version manifest
│ │ ├─ paths.sh FHS path constants (build-time)
│ │ ├─ globals.sh SSOT registry: VERSION + USERS + IMAGES + PORTS + URLS + REPOS + PATHS + FILES + UNITS + CONTAINERS + COLORS
│ │ ├─ globals.ps1 PowerShell sibling of globals.sh
│ │ ├─ packages.sh mios.toml [packages.<section>].pkgs resolver
│ │ ├─ masking.sh secret-masking helpers (PATs, passwords)
│ │ ├─ agreements-banner.sh scrollable acknowledgement gate (bash)
│ │ └─ agreements-banner.ps1 scrollable acknowledgement gate (PowerShell)
│ │
│ ├─ config/
│ │ ├─ artifacts/ bootc-image-builder configs
│ │ │ ├─ bib.toml shared base
│ │ │ ├─ iso.toml ISO installer
│ │ │ ├─ qcow2.toml KVM/QEMU disk image
│ │ │ ├─ vhdx.toml Hyper-V disk image
│ │ │ └─ wsl2.toml WSL2 tar
│ │ └─ bootstrap/
│ │ ├─ bootstrap.sh legacy bootstrap entry (Linux)
│ │ └─ bootstrap.ps1 legacy bootstrap entry (Windows)
│ │
│ ├─ tools/ non-build helpers
│ │ ├─ preflight.sh Linux preflight check
│ │ ├─ apply-final-config.sh post-deploy config helper
│ │ ├─ ascii-sweep.py ASCII-only sweep linter
│ │ ├─ bibata-suite.sh Bibata cursor install
│ │ ├─ check-ovmf-enrollment.sh OVMF SecureBoot key check
│ │ ├─ configure-xbox-cpu.sh Xbox-controller CPU pinning
│ │ ├─ flight-control.sh ops control helper
│ │ ├─ generate-build-scripts.py regenerate flat usr/share/doc/mios/reference/build-scripts.md
│ │ ├─ generate-sbom.py syft → CSV/JSON SBOM emitter
│ │ ├─ log-to-bootstrap.sh log routing helper
│ │ ├─ mios-upstream-monitor.sh upstream-deps drift watcher
│ │ ├─ path-refactor.py FHS path-refactor sweeper
│ │ ├─ quote-mios.py 'MiOS' proper-noun quoting linter
│ │ ├─ standardize-docs.py docs-standardizer
│ │ ├─ sync-wiki.py wiki sync helper
│ │ ├─ system-assess.sh host hardware/state assessment
│ │ ├─ vm-cpu-pin-manager.sh VFIO CPU pinning manager
│ │ └─ lib/
│ │ ├─ userenv.sh 3-layer mios.toml resolver → MIOS_* env exports
│ │ └─ install-env.ps1 /etc/mios/install.env writer (PowerShell)
│ │
│ └─ .forgejo/
│ └─ workflows/
│ └─ build-mios.yml Forgejo Runner CI (build → push → bootc switch)
│
├─ Deployed surface (read-only after overlay) ───────────────────────
│
├─ usr/
│ ├─ bin/ host CLI tools (mios* prefix)
│ │ ├─ mios OpenAI-API CLI (Python; openai-python SDK)
│ │ ├─ mios-ai opinionated entrypoint → distrobox aichat → MIOS_AI_ENDPOINT
│ │ ├─ mios-backup backup helper
│ │ ├─ mios-build invoke local OCI build
│ │ ├─ mios-dash dashboard launcher
│ │ ├─ mios-deploy deploy helper
│ │ ├─ mios-env env-var explainer
│ │ ├─ mios-flatpaks flatpak install verb
│ │ ├─ mios-ollama Ollama wrapper
│ │ ├─ mios-pull mios.git + bootstrap pull verb
│ │ ├─ mios-rebuild full rebuild verb
│ │ ├─ mios-sync-env install.env regenerator
│ │ ├─ mios-update bootc upgrade verb
│ │ ├─ mios-vfio-check VFIO sanity check
│ │ └─ mios-vfio-toggle VFIO toggle
│ │
│ ├─ lib/mios/ read-only data
│ │ ├─ paths.sh runtime FHS path constants (mirror of build-time)
│ │ ├─ tools/
│ │ │ ├─ chat-completions-api/ OpenAI Chat-Completions function-calling tool defs
│ │ │ └─ responses-api/ OpenAI Responses-API tool defs
│ │ └─ schemas/ JSON schemas for structured outputs
│ │
│ ├─ libexec/mios/ helpers behind shims
│ │ ├─ aichat-distrobox-exec.sh distrobox-routed aichat shim body
│ │ ├─ boot-diag boot-time diagnostic
│ │ ├─ flatpak-install first-boot flatpak install
│ │ ├─ forge-firstboot.sh Forgejo first-boot setup
│ │ ├─ hyperv-enhanced Hyper-V Enhanced Session helper
│ │ ├─ mcp-init.sh MCP server pre-flight
│ │ ├─ mcp-server-runner MCP server runner
│ │ ├─ mios-cdi-detect GPU CDI spec detection (host context)
│ │ ├─ mios-dashboard.sh MOTD dashboard renderer
│ │ ├─ motd minimal MOTD fallback
│ │ ├─ ollama-firstboot.sh Ollama first-boot model pull
│ │ ├─ role-apply mios-role.service body
│ │ ├─ verify post-install verification
│ │ ├─ wsl-firstboot WSL2 first-boot bridge (hostname only; user state baked at overlay)
│ │ └─ tools/ per-tool dispatch executables (chat-completions tool runners)
│ │
│ ├─ share/mios/ vendor-immutable data (lowest mios.toml layer)
│ │ ├─ VERSION deployed version stamp (auto-derived from /ctx/VERSION at overlay)
│ │ ├─ mios.toml vendor defaults (lowest of 3 layers)
│ │ ├─ PACKAGES.md package catalog (documentation; SSOT lives in mios.toml)
│ │ ├─ env.defaults vendor env defaults
│ │ ├─ ai/
│ │ │ ├─ system.md canonical Day-0 agent system prompt
│ │ │ └─ v1/
│ │ │ ├─ models.json OpenAI /v1/models catalog
│ │ │ └─ mcp.json MCP server registry
│ │ ├─ branding/
│ │ │ └─ mios.txt ASCII banner art
│ │ ├─ configurator/
│ │ │ └─ index.html WYSIWYG mios.toml editor (progressive-disclosure sections)
│ │ ├─ distrobox/
│ │ │ └─ aichat/ distrobox aichat assemble files
│ │ │ ├─ Containerfile in-container aichat install
│ │ │ ├─ distrobox.ini distrobox-assemble manifest
│ │ │ └─ config.yaml in-container aichat default config
│ │ ├─ fastfetch/ fastfetch logo + theme
│ │ └─ kb/
│ │ └─ manifest.json AI knowledge-base manifest (OpenAI-compat declarations)
│ │
│ ├─ lib/systemd/system/ hand-written units + drop-ins
│ │ ├─ mios-*.service MiOS-authored systemd services
│ │ ├─ mios-*.target MiOS targets (firstboot, etc.)
│ │ ├─ mios-*.path path-watch units
│ │ ├─ mios-*.timer scheduled jobs
│ │ ├─ <upstream-unit>.service.d/ drop-ins gating upstream units (mostly !wsl)
│ │ ├─ <upstream-unit>.target.d/ drop-ins for targets (greenboot-success, etc.)
│ │ └─ system-preset/
│ │ └─ 90-mios.preset enable/disable preset (mios-* + cockpit + user@1000)
│ │
│ ├─ lib/sysusers.d/ declarative system users
│ │ ├─ 10-mios.conf mios login user (uid 1000) + groups
│ │ ├─ 50-mios.conf base sidecar accounts
│ │ ├─ 50-mios-services.conf mios-forge=816, mios-ai=817, etc.
│ │ ├─ 50-mios-gpu.conf GPU-related groups
│ │ ├─ 50-mios-ai.conf mios-ai uid pinning
│ │ ├─ 30-mios-tmpfiles-prereq.conf prereq users for tmpfiles
│ │ └─ 20-podman-machine.conf podman-machine compat
│ │
│ ├─ lib/tmpfiles.d/ declarative state directories
│ │ ├─ mios.conf /var/lib/mios + /srv/ai/* skeletons
│ │ ├─ mios-user.conf /var/home/mios + skel + linger marker (overlay-time user state)
│ │ ├─ mios-infra.conf cockpit / libvirt / journal / etc/mios
│ │ ├─ mios-ai.conf AI-state dirs
│ │ ├─ mios-ceph.conf ceph crash dir + crash/posted
│ │ ├─ mios-cpu.conf CPU governor / pinning prep
│ │ ├─ mios-fastfetch.conf fastfetch state
│ │ ├─ mios-fontconfig.conf fontconfig state
│ │ ├─ mios-forge.conf Forgejo state
│ │ ├─ mios-forge-runner.conf Runner state
│ │ ├─ mios-freeipa.conf FreeIPA state
│ │ ├─ mios-gpu.conf GPU CDI state
│ │ ├─ mios-grd.conf gnome-remote-desktop state
│ │ ├─ mios-iommu.conf IOMMU prep
│ │ ├─ mios-ipa.conf (legacy alias for freeipa)
│ │ ├─ mios-k3s.conf K3s server state
│ │ ├─ mios-nfs.conf NFS state
│ │ ├─ mios-ollama.conf Ollama model store
│ │ ├─ mios-pxe.conf PXE hub state
│ │ ├─ mios-virtio.conf virtio devices
│ │ ├─ mios-wsl2-hacks.conf WSL2-only state stub-outs
│ │ ├─ mios-backup.conf backup state
│ │ └─ mios-crowdsec.conf CrowdSec state
│ │
│ ├─ lib/bootc/
│ │ ├─ kargs.d/ kernel cmdline (.toml per concern: vfio / nvidia / mios / etc.)
│ │ └─ bound-images.d/ Quadlet → bootc bound-image links (built at Containerfile time)
│ │
│ ├─ lib/udev/rules.d/ 99-mios-gpu / 99-kvmfr / etc.
│ ├─ lib/sysctl.d/ 90-mios-overlayfs / 90-mios-le9uo
│ ├─ lib/modprobe.d/ nvidia-open
│ ├─ lib/sysctl.d/ sysctl tuning
│ ├─ lib/profile.d/ login-shell snippets (motd, wsl2 nudges)
│ ├─ lib/environment.d/ 70-mios-theme (env-vars at session start)
│ ├─ lib/sssd/conf.d/ SSSD config
│ ├─ lib/dracut/ vendored dracut scaffolding
│ ├─ lib/greenboot/check/ greenboot health checks (composefs-verity, etc.)
│ ├─ lib/repart.d/ repartition rules
│ ├─ lib/mios/cloud-init/ cloud-init config files
│ └─ share/containers/systemd/ vendor Quadlets (ollama, mios-aichat.{build,image}, mios-pxe-hub, etc.)
│
├─ etc/ admin-override surface (3-way merge on bootc upgrade)
│ ├─ mios/
│ │ ├─ ai/ per-host AI overrides
│ │ ├─ system-prompts/ per-host system-prompt overrides
│ │ ├─ kb.conf.toml KB pointer config
│ │ └─ eval-criteria.json eval scoring config
│ ├─ aichat/config.yaml host-side aichat config (mirror of in-container default)
│ ├─ containers/
│ │ ├─ systemd/ Quadlets that ship as host overrides
│ │ │ ├─ mios.network single bridge (10.89.0.0/24) -- KISS
│ │ │ ├─ mios-ai.container LocalAI Quadlet (Network=mios.network)
│ │ │ ├─ mios-forge.container Forgejo Quadlet
│ │ │ ├─ mios-forgejo-runner.container self-build runner
│ │ │ ├─ mios-cockpit-link.container Podman Desktop discovery shim
│ │ │ ├─ mios-ceph.container Ceph monitor
│ │ │ └─ mios-k3s.container K3s server
│ │ ├─ storage.conf.d/
│ │ │ └─ 30-mios-additionalstores.conf rootful build store → rootless distrobox view
│ │ └─ containers.conf.d/
│ │ └─ 30-mios-rootless-network.conf default_rootless_network_cmd = "slirp4netns"
│ ├─ profile.d/ login-shell scripts
│ │ ├─ mios-env.sh resolve install.env + 5-layer env overlay
│ │ ├─ mios-colors.sh emit OSC palette to terminal
│ │ ├─ mios-prompt.sh oh-my-posh prompt
│ │ ├─ mios-wslg.sh WSLg detection
│ │ └─ zz-mios-motd.sh last-in-order MOTD render
│ ├─ fapolicyd/fapolicyd.rules fapolicyd trust rules
│ ├─ sysusers.d/cephadm.conf ceph admin user
│ └─ wsl.conf WSL2 config (force-installed in 08-system-files-overlay)
│
├─ var/lib/mios/ runtime mutable (created at first boot via tmpfiles.d)
│ ├─ ai/memory/ agent memory (vendor-neutral persistence per system.md §7)
│ ├─ ai/scratch/ agent scratch
│ ├─ embeddings/ RAG embeddings + ingest tools
│ ├─ evals/ OpenAI evals JSON + local runner
│ └─ training/ SFT JSONL training data
│
├─ Day-0 OS-side helpers ────────────────────────────────────────────
│ ├─ .clinerules Cline AI agent rules
│ ├─ .cursorrules Cursor AI agent rules
│ ├─ .editorconfig editor defaults
│ ├─ .env.mios legacy per-user env overlay (deprecated)
│ ├─ .devcontainer/ VS Code devcontainer (Dockerfile + install-root-overlay.sh)
│ └─ .forgejo/ Forgejo CI workflows
│
└─ ──────────────────────────────────────────────────────────────────
| What | Source of truth | Resolved by | Consumed at runtime by |
|---|---|---|---|
| Project version | VERSION (top-level) |
automation/lib/globals.{sh,ps1} MIOS_VERSION |
MOTD, Containerfile LABEL, mios-dashboard.sh |
| User-tunable options | usr/share/mios/mios.toml (vendor) → /etc/mios/mios.toml (host) → ~/.config/mios/mios.toml (user) |
tools/lib/userenv.sh → MIOS_* env exports |
every entry-point script that sources userenv.sh / install.env |
| Color palette | mios.toml [colors] |
userenv.sh → MIOS_COLOR_* / MIOS_ANSI_* |
etc/profile.d/mios-colors.sh (OSC), configurator HTML :root (CSS) |
| Package selection | mios.toml [packages].sections + [packages.<section>].pkgs |
automation/lib/packages.sh |
automation/*.sh that call install_packages_strict <section> |
| Quadlet enablement | mios.toml [quadlets.enable].* |
mios-role.service at first boot |
systemd unit symlinks under multi-user.target.wants |
| AI endpoint | mios.toml [ai].endpoint |
userenv.sh → MIOS_AI_ENDPOINT |
mios-ai, mios CLI, mios-ai.container, MCP servers |
| Image refs | mios.toml [image].* |
userenv.sh → MIOS_IMAGE_REF, MIOS_BASE_IMAGE, MIOS_BIB_IMAGE |
Containerfile, bootc switch, build-mios.* |
| Identity | mios.toml [identity].* |
userenv.sh → MIOS_USER, MIOS_HOSTNAME, MIOS_USER_GROUPS |
automation/31-user.sh, wsl-firstboot, sysusers.d resolution |
| Pipeline phases | ./mios-pipeline.{sh,ps1} |
-- | calls bootstrap.sh / build-mios.{sh,ps1} / install.{sh,ps1} per phase |
┌──────────────────────────────────────────────────────────────────┐
│ ~/.config/mios/mios.toml per-user override (HIGHEST) │
├──────────────────────────────────────────────────────────────────┤
│ /etc/mios/mios.toml host/admin override │
├──────────────────────────────────────────────────────────────────┤
│ /usr/share/mios/mios.toml vendor defaults (LOWEST) │
└──────────────────────────────────────────────────────────────────┘
Same overlay applies to system.md (system prompt), mios-colors.sh
input slots, and any other mios.toml-shaped config. Higher layers
shadow lower layers field-by-field.
operator edits files at FHS path
│
├─ git commit
│ (deployed `/` IS a git working tree of mios.git)
│
├─ git push http://localhost:3000/mios/mios.git
│ (Forgejo on mios.network at 10.89.0.0/24)
│
├─ Forgejo Runner builds new OCI image
│ (.forgejo/workflows/build-mios.yml; same Containerfile)
│
├─ rechunk + cosign sign
│
├─ push to ghcr.io/mios-dev/mios:latest
│
├─ /usr/lib/systemd/system/mios-bootc-switch.path
│ triggers on registry-pull notification
│
└─ bootc switch → reboot into the freshly-built image
All 932 files in the repository, including vendored upstream
dracut modules, RAG embeddings/eval/training data, AI manifests,
and the flat-dump build-script document. Generated from
git ls-tree -r --name-only HEAD so additions / deletions in
the source tree show up here on the next regen.
+- .devcontainer/
| +- Dockerfile
| +- devcontainer.json
| `- install-root-overlay.sh
+- .forgejo/
| `- workflows/
| `- build-mios.yml
+- .github/
| +- workflows/
| | `- mios-ci.yml
| `- ai-instructions.md
+- automation/
| +- lib/
| | +- agreements-banner.ps1
| | +- agreements-banner.sh
| | +- common.sh
| | +- globals.ps1
| | +- globals.sh
| | +- masking.sh
| | +- packages.sh
| | `- paths.sh
| +- 01-repos.sh
| +- 02-kernel.sh
| +- 05-enable-external-repos.sh
| +- 08-system-files-overlay.sh
| +- 09-fonts.sh
| +- 10-gnome.sh
| +- 11-hardware.sh
| +- 12-virt.sh
| +- 13-ceph-k3s.sh
| +- 18-apply-boot-fixes.sh
| +- 19-k3s-selinux.sh
| +- 20-fapolicyd-trust.sh
| +- 20-services.sh
| +- 21-moby-engine.sh
| +- 22-freeipa-client.sh
| +- 23-uki-render.sh
| +- 25-firewall-ports.sh
| +- 26-gnome-remote-desktop.sh
| +- 30-locale-theme.sh
| +- 31-user.sh
| +- 32-hostname.sh
| +- 33-firewall.sh
| +- 34-gpu-detect.sh
| +- 35-gpu-passthrough.sh
| +- 35-gpu-pv-shim.sh
| +- 35-init-service.sh
| +- 36-akmod-guards.sh
| +- 36-tools.sh
| +- 37-aichat.sh
| +- 37-flatpak-env.sh
| +- 37-ollama-prep.sh
| +- 37-selinux.sh
| +- 38-oh-my-posh.sh
| +- 38-vm-gating.sh
| +- 39-desktop-polish.sh
| +- 40-composefs-verity.sh
| +- 40-flatpak-bake.sh
| +- 41-gpu-cdi-toolkits.sh
| +- 42-cosign-policy.sh
| +- 43-uupd-installer.sh
| +- 44-podman-machine-compat.sh
| +- 45-nvidia-cdi-refresh.sh
| +- 46-greenboot.sh
| +- 47-hardening.sh
| +- 49-finalize.sh
| +- 50-enable-log-copy-service.sh
| +- 52-bake-kvmfr.sh
| +- 53-bake-lookingglass-client.sh
| +- 90-generate-sbom.sh
| +- 91-strip-build-toolchain.sh
| +- 98-boot-config.sh
| +- 99-cleanup.sh
| +- 99-postcheck.sh
| +- ai-bootstrap.sh
| +- bcvk-wrapper.sh
| +- bootstrap.sh
| +- build-mios.sh
| +- build.sh
| +- enroll-mok.sh
| +- generate-mok-key.sh
| +- install-bootstrap.sh
| +- install-fhs.sh
| +- install.sh
| +- manifest.json
| +- mios-build-builder.ps1
| +- mios-motd
| +- mios-toggle-headless
| +- overlay-builder.sh
| `- validate-kargs.py
+- config/
| +- artifacts/
| | +- bib.toml
| | +- iso.toml
| | +- qcow2.toml
| | +- vhdx.toml
| | `- wsl2.toml
| `- bootstrap/
| +- bootstrap.ps1
| `- bootstrap.sh
+- etc/
| +- aichat/
| | `- config.yaml
| +- containers/
| | +- containers.conf.d/
| | | `- 30-mios-rootless-network.conf
| | +- storage.conf.d/
| | | `- 30-mios-additionalstores.conf
| | `- systemd/
| | +- mios-ai.container
| | +- mios-ceph.container
| | +- mios-cockpit-link.container
| | +- mios-forge.container
| | +- mios-forgejo-runner.container
| | +- mios-k3s.container
| | `- mios.network
| +- fapolicyd/
| | `- fapolicyd.rules
| +- mios/
| | +- ai/
| | | `- system-prompt.md
| | +- system-prompts/
| | | +- mios-engineer.md
| | | +- mios-reviewer.md
| | | `- mios-troubleshoot.md
| | +- eval-criteria.json
| | `- kb.conf.toml
| +- profile.d/
| | +- mios-colors.sh
| | +- mios-env.sh
| | +- mios-prompt.sh
| | +- mios-wslg.sh
| | `- zz-mios-motd.sh
| +- sysusers.d/
| | `- cephadm.conf
| +- .keep
| `- wsl.conf
+- tools/
| +- lib/
| | +- ascii-sweep.py
| | +- generate-build-scripts.py
| | +- generate-sbom.py
| | +- install-env.ps1
| | +- path-refactor.py
| | +- quote-mios.py
| | `- userenv.sh
| +- windows/
| | +- Build-MiOS.ps1
| | `- README-WINDOWS.md
| +- README.md
| +- Xbox-AutoEnroll.xml
| +- Xbox-Final-NoAutoSelect.xml
| +- apply-final-config.sh
| +- ascii-sweep.py
| +- bibata-suite.sh
| +- check-ovmf-enrollment.sh
| +- configure-xbox-cpu.sh
| +- find-ovmf-firmware.sh
| +- fix-ovmf-enrollment.sh
| +- fix-secureboot-now.sh
| +- fix-token-input.ps1
| +- fix-xbox-secureboot.sh
| +- flight-control.sh
| +- generate-ai-manifest.py
| +- generate-unified-knowledge.py
| +- get-secureboot-ovmf.sh
| +- init-user-space.sh
| +- iommu-visualizer.sh
| +- journal-sync.py
| +- log-to-bootstrap.sh
| +- manifest.json
| +- mios-overlay.sh
| +- mios-sysext-pack.sh
| +- mios-upstream-monitor.sh
| +- preflight.sh
| +- profile-compare.sh
| +- profiler-menu.sh
| +- quick-summary.sh
| +- refresh-env.py
| +- rtx4090-vfio-configurator.sh
| +- run-all-profilers.sh
| +- standardize-docs.py
| +- sync-wiki.py
| +- system-assess.sh
| +- system-profiler.sh
| +- universal-cpu-isolator.sh
| +- universal-vfio-configurator.sh
| +- vfio-verify.sh
| +- vm-cpu-pin-manager.sh
| `- win11-secureboot-template.xml
+- usr/
| +- bin/
| | +- iommu-groups
| | +- mios
| | +- mios-ai
| | +- mios-backup
| | +- mios-build
| | +- mios-dash
| | +- mios-deploy
| | +- mios-env
| | +- mios-flatpaks
| | +- mios-ollama
| | +- mios-pull
| | +- mios-rebuild
| | +- mios-sync-env
| | +- mios-update
| | +- mios-vfio-check
| | `- mios-vfio-toggle
| +- lib/
| | +- NetworkManager/
| | | +- conf.d/
| | | | +- 22-wifi-mac-addr.conf
| | | | +- 99-nvme-nbft-no-ignore-carrier.conf
| | | | `- rand_mac.conf
| | | +- dispatcher.d/
| | | | +- 20-chrony-dhcp
| | | | +- 20-chrony-onoffline
| | | | `- 99-nvme-nbft-connect.sh
| | | `- system-connections/
| | | `- mios-bridge.nmconnection
| | +- X11/
| | | +- Xresources
| | | `- Xwrapper.config
| | +- bootc/
| | | +- bound-images.d/
| | | | +- crowdsec-dashboard.container
| | | | +- guacamole-postgres.container
| | | | +- guacd.container
| | | | +- mios-ai.container
| | | | +- mios-ceph.container
| | | | +- mios-guacamole.container
| | | | +- mios-k3s.container
| | | | +- mios-pxe-hub.container
| | | | `- ollama.container
| | | +- install/
| | | | `- 00-mios.toml
| | | `- kargs.d/
| | | +- 00-mios.toml
| | | +- 01-mios-hardening.toml
| | | +- 01-mios-vfio.toml
| | | +- 02-mios-gpu.toml
| | | +- 10-mios-console.toml
| | | +- 10-mios-verbose.toml
| | | +- 10-nvidia.toml
| | | +- 12-intel-xe.toml
| | | +- 13-rtx50-vfio-workaround.toml
| | | +- 15-rootflags.toml
| | | +- 16-nested-virt.toml
| | | +- 20-vfio.toml
| | | +- 30-security.toml
| | | `- 31-secureblue-extended.toml
| | +- cloud/
| | | `- cloud.cfg.d/
| | | `- 10-mios.cfg
| | +- cockpit/
| | | +- cockpit.conf.d/
| | | | `- 10-mios-unencrypted.conf
| | | `- cockpit.conf
| | +- containers/
| | | +- registries.d/
| | | | +- ghcr.io-mios-dev.yaml
| | | | `- ghcr.io.yaml
| | | `- policy.json
| | +- crowdsec/
| | | `- acquis.d/
| | | `- journalctl.yaml
| | +- dnf/
| | | `- dnf.conf
| | +- dracut/
| | | +- dracut.conf.d/
| | | | +- 01-dist.conf
| | | | +- 02-generic-image.conf
| | | | +- 10-mios-generic.conf
| | | | +- 50-mios-hyperv.conf
| | | | +- 51-mios-virtio.conf
| | | | +- 52-mios-nvidia-exclude.conf
| | | | +- 90-mios-verify.conf
| | | | `- gce.conf
| | | +- modules.d/
| | | | +- 10bash/
| | | | | `- module-setup.sh
| | | | +- 10systemd/
| | | | | `- module-setup.sh
| | | | +- 10systemd-network-management/
| | | | | `- module-setup.sh
| | | | +- 10warpclock/
| | | | | +- module-setup.sh
| | | | | `- warpclock.sh
| | | | +- 11fips/
| | | | | +- fips-boot.sh
| | | | | +- fips-load-crypto.sh
| | | | | +- fips-noboot.sh
| | | | | +- fips.sh
| | | | | `- module-setup.sh
| | | | +- 11fips-crypto-policies/
| | | | | +- fips-crypto-policies.sh
| | | | | `- module-setup.sh
| | | | +- 11systemd-ac-power/
| | | | | +- 99-initrd-power-targets.rules
| | | | | +- initrd-on-ac-power.target
| | | | | +- initrd-on-battery-power.target
| | | | | `- module-setup.sh
| | | | +- 11systemd-ask-password/
| | | | | `- module-setup.sh
| | | | +- 11systemd-battery-check/
| | | | | `- module-setup.sh
| | | | +- 11systemd-bsod/
| | | | | `- module-setup.sh
| | | | +- 11systemd-coredump/
| | | | | `- module-setup.sh
| | | | +- 11systemd-creds/
| | | | | `- module-setup.sh
| | | | +- 11systemd-cryptsetup/
| | | | | `- module-setup.sh
| | | | +- 11systemd-hostnamed/
| | | | | +- 99-systemd-networkd-dracut.conf
| | | | | +- module-setup.sh
| | | | | +- org.freedesktop.hostname1_dracut.conf
| | | | | `- systemd-hostname-dracut.conf
| | | | +- 11systemd-initrd/
| | | | | `- module-setup.sh
| | | | +- 11systemd-integritysetup/
| | | | | `- module-setup.sh
| | | | +- 11systemd-journald/
| | | | | +- initrd.conf
| | | | | `- module-setup.sh
| | | | +- 11systemd-ldconfig/
| | | | | `- module-setup.sh
| | | | +- 11systemd-modules-load/
| | | | | `- module-setup.sh
| | | | +- 11systemd-pcrphase/
| | | | | `- module-setup.sh
| | | | +- 11systemd-portabled/
| | | | | `- module-setup.sh
| | | | +- 11systemd-pstore/
| | | | | `- module-setup.sh
| | | | +- 11systemd-repart/
| | | | | `- module-setup.sh
| | | | +- 11systemd-resolved/
| | | | | +- module-setup.sh
| | | | | `- resolved-tmpfile-dracut.conf
| | | | +- 11systemd-sysctl/
| | | | | `- module-setup.sh
| | | | +- 11systemd-sysext/
| | | | | `- module-setup.sh
| | | | +- 11systemd-timedated/
| | | | | `- module-setup.sh
| | | | +- 11systemd-timesyncd/
| | | | | +- module-setup.sh
| | | | | `- timesyncd-tmpfile-dracut.conf
| | | | +- 11systemd-tmpfiles/
| | | | | `- module-setup.sh
| | | | +- 11systemd-udevd/
| | | | | `- module-setup.sh
| | | | +- 11systemd-veritysetup/
| | | | | `- module-setup.sh
| | | | +- 13modsign/
| | | | | +- load-modsign-keys.sh
| | | | | `- module-setup.sh
| | | | +- 13rescue/
| | | | | `- module-setup.sh
| | | | +- 14watchdog/
| | | | | +- module-setup.sh
| | | | | +- watchdog-stop.sh
| | | | | `- watchdog.sh
| | | | +- 14watchdog-modules/
| | | | | `- module-setup.sh
| | | | +- 16dbus-broker/
| | | | | `- module-setup.sh
| | | | +- 16dbus-daemon/
| | | | | `- module-setup.sh
| | | | +- 16rngd/
| | | | | +- module-setup.sh
| | | | | `- sysconfig
| | | | +- 19dbus/
| | | | | `- module-setup.sh
| | | | +- 20i18n/
| | | | | +- 10-console.rules
| | | | | +- README
| | | | | +- console_init.sh
| | | | | +- module-setup.sh
| | | | | `- parse-i18n.sh
| | | | +- 30convertfs/
| | | | | +- convertfs.sh
| | | | | +- do-convertfs.sh
| | | | | `- module-setup.sh
| | | | +- 30gcp-udev-rules/
| | | | | `- module-setup.sh
| | | | +- 45drm/
| | | | | `- module-setup.sh
| | | | +- 45net-lib/
| | | | | +- dhcp-root.sh
| | | | | +- ifname-genrules.sh
| | | | | +- module-setup.sh
| | | | | +- net-lib.sh
| | | | | `- netroot.sh
| | | | +- 45plymouth/
| | | | | +- module-setup.sh
| | | | | +- plymouth-emergency.sh
| | | | | +- plymouth-newroot.sh
| | | | | +- plymouth-populate-initrd.sh
| | | | | `- plymouth-pretrigger.sh
| | | | +- 45simpledrm/
| | | | | `- module-setup.sh
| | | | +- 45url-lib/
| | | | | +- module-setup.sh
| | | | | `- url-lib.sh
| | | | +- 68lvmmerge/
| | | | | +- README.md
| | | | | +- lvmmerge.sh
| | | | | `- module-setup.sh
| | | | +- 68lvmthinpool-monitor/
| | | | | +- module-setup.sh
| | | | | +- start-thinpool-monitor.service
| | | | | `- start-thinpool-monitor.sh
| | | | +- 68systemd-sysusers/
| | | | | `- module-setup.sh
| | | | +- 70bluetooth/
| | | | | `- module-setup.sh
| | | | +- 70btrfs/
| | | | | +- 80-btrfs.rules
| | | | | +- btrfs_device_ready.sh
| | | | | +- btrfs_finished.sh
| | | | | +- btrfs_timeout.sh
| | | | | `- module-setup.sh
| | | | +- 70crypt/
| | | | | +- crypt-cleanup.sh
| | | | | +- crypt-lib.sh
| | | | | +- crypt-run-generator.sh
| | | | | +- cryptroot-ask.sh
| | | | | +- module-setup.sh
| | | | | +- parse-crypt.sh
| | | | | +- parse-keydev.sh
| | | | | `- probe-keydev.sh
| | | | +- 70dm/
| | | | | +- 11-dm.rules
| | | | | +- dm-pre-udev.sh
| | | | | +- dm-shutdown.sh
| | | | | `- module-setup.sh
| | | | +- 70dmraid/
| | | | | +- 61-dmraid-imsm.rules
| | | | | +- dmraid.sh
| | | | | +- module-setup.sh
| | | | | `- parse-dm.sh
| | | | +- 70fs-lib/
| | | | | +- fs-lib.sh
| | | | | `- module-setup.sh
| | | | +- 70kernel-modules/
| | | | | `- module-setup.sh
| | | | +- 70kernel-modules-extra/
| | | | | `- module-setup.sh
| | | | +- 70lvm/
| | | | | +- 64-lvm.rules
| | | | | +- lvm_scan.sh
| | | | | +- module-setup.sh
| | | | | `- parse-lvm.sh
| | | | +- 70mdraid/
| | | | | +- 59-persistent-storage-md.rules
| | | | | +- 65-md-incremental-imsm.rules
| | | | | +- md-shutdown.sh
| | | | | +- mdmon-pre-shutdown.sh
| | | | | +- mdmon-pre-udev.sh
| | | | | +- mdraid-cleanup.sh
| | | | | +- mdraid-needshutdown.sh
| | | | | +- mdraid-waitclean.sh
| | | | | +- mdraid_start.sh
| | | | | +- module-setup.sh
| | | | | `- parse-md.sh
| | | | +- 70multipath/
| | | | | +- module-setup.sh
| | | | | +- multipath-shutdown.sh
| | | | | +- multipathd-configure.service
| | | | | +- multipathd-dracut.conf
| | | | | +- multipathd-needshutdown.sh
| | | | | +- multipathd-stop.sh
| | | | | `- multipathd.sh
| | | | +- 70numlock/
| | | | | +- module-setup.sh
| | | | | `- numlock.sh
| | | | +- 70nvdimm/
| | | | | `- module-setup.sh
| | | | +- 70overlayfs/
| | | | | +- module-setup.sh
| | | | | +- mount-overlayfs.sh
| | | | | `- prepare-overlayfs.sh
| | | | +- 70pcmcia/
| | | | | `- module-setup.sh
| | | | +- 70ppcmac/
| | | | | +- load-thermal.sh
| | | | | `- module-setup.sh
| | | | +- 70qemu/
| | | | | `- module-setup.sh
| | | | +- 71prefixdevname/
| | | | | `- module-setup.sh
| | | | +- 71prefixdevname-tools/
| | | | | `- module-setup.sh
| | | | +- 73crypt-gpg/
| | | | | +- README
| | | | | +- crypt-gpg-lib.sh
| | | | | `- module-setup.sh
| | | | +- 73crypt-loop/
| | | | | +- crypt-loop-lib.sh
| | | | | `- module-setup.sh
| | | | +- 73fido2/
| | | | | `- module-setup.sh
| | | | +- 73pcsc/
| | | | | +- module-setup.sh
| | | | | +- pcscd.service
| | | | | `- pcscd.socket
| | | | +- 73pkcs11/
| | | | | `- module-setup.sh
| | | | +- 73tpm2-tss/
| | | | | `- module-setup.sh
| | | | +- 74debug/
| | | | | `- module-setup.sh
| | | | +- 74fstab-sys/
| | | | | +- module-setup.sh
| | | | | `- mount-sys.sh
| | | | +- 74hwdb/
| | | | | `- module-setup.sh
| | | | +- 74lunmask/
| | | | | +- fc_transport_scan_lun.sh
| | | | | +- module-setup.sh
| | | | | +- parse-lunmask.sh
| | | | | `- sas_transport_scan_lun.sh
| | | | +- 74resume/
| | | | | +- module-setup.sh
| | | | | +- parse-resume.sh
| | | | | `- resume.sh
| | | | +- 74rootfs-block/
| | | | | +- 59-persistent-storage.rules
| | | | | +- 61-persistent-storage.rules
| | | | | +- block-genrules.sh
| | | | | +- module-setup.sh
| | | | | +- mount-root.sh
| | | | | `- parse-block.sh
| | | | +- 74rootfs-block-fallback/
| | | | | +- module-setup.sh
| | | | | `- rootfallback.sh
| | | | +- 74terminfo/
| | | | | `- module-setup.sh
| | | | +- 74udev-rules/
| | | | | `- module-setup.sh
| | | | +- 74virtfs/
| | | | | +- module-setup.sh
| | | | | +- mount-virtfs.sh
| | | | | `- parse-virtfs.sh
| | | | +- 74virtiofs/
| | | | | +- module-setup.sh
| | | | | +- mount-virtiofs.sh
| | | | | `- parse-virtiofs.sh
| | | | +- 75securityfs/
| | | | | +- module-setup.sh
| | | | | `- securityfs.sh
| | | | +- 76biosdevname/
| | | | | +- module-setup.sh
| | | | | `- parse-biosdevname.sh
| | | | +- 76masterkey/
| | | | | +- README
| | | | | +- masterkey.sh
| | | | | `- module-setup.sh
| | | | +- 76systemd-emergency/
| | | | | `- module-setup.sh
| | | | +- 77dracut-systemd/
| | | | | +- dracut-cmdline-ask.service
| | | | | +- dracut-cmdline-ask.sh
| | | | | +- dracut-cmdline.service
| | | | | +- dracut-cmdline.service.8
| | | | | +- dracut-cmdline.service.8.adoc
| | | | | +- dracut-cmdline.sh
| | | | | +- dracut-emergency.service
| | | | | +- dracut-emergency.sh
| | | | | +- dracut-mount.service
| | | | | +- dracut-mount.service.8
| | | | | +- dracut-mount.service.8.adoc
| | | | | +- dracut-mount.sh
| | | | | +- dracut-pre-mount.service
| | | | | +- dracut-pre-mount.service.8
| | | | | +- dracut-pre-mount.service.8.adoc
| | | | | +- dracut-pre-mount.sh
| | | | | +- dracut-pre-pivot.service
| | | | | +- dracut-pre-pivot.service.8
| | | | | +- dracut-pre-pivot.service.8.adoc
| | | | | +- dracut-pre-pivot.sh
| | | | | +- dracut-pre-trigger.service
| | | | | +- dracut-pre-trigger.service.8
| | | | | +- dracut-pre-trigger.service.8.adoc
| | | | | +- dracut-pre-trigger.sh
| | | | | +- dracut-pre-udev.service
| | | | | +- dracut-pre-udev.service.8
| | | | | +- dracut-pre-udev.service.8.adoc
| | | | | +- dracut-pre-udev.sh
| | | | | +- dracut-shutdown-onfailure.service
| | | | | +- dracut-shutdown.service
| | | | | +- dracut-shutdown.service.8
| | | | | +- dracut-shutdown.service.8.adoc
| | | | | +- dracut-tmpfiles.conf
| | | | | +- emergency.service
| | | | | +- module-setup.sh
| | | | | +- parse-root.sh
| | | | | `- rootfs-generator.sh
| | | | +- 77ecryptfs/
| | | | | +- README
| | | | | +- ecryptfs-mount.sh
| | | | | `- module-setup.sh
| | | | +- 77initqueue/
| | | | | +- dracut-initqueue.service
| | | | | +- dracut-initqueue.service.8
| | | | | +- dracut-initqueue.service.8.adoc
| | | | | +- dracut-initqueue.sh
| | | | | +- initqueue.sh
| | | | | `- module-setup.sh
| | | | +- 77integrity/
| | | | | +- README
| | | | | +- evm-enable.sh
| | | | | +- ima-keys-load.sh
| | | | | +- ima-policy-load.sh
| | | | | `- module-setup.sh
| | | | +- 77pollcdrom/
| | | | | +- module-setup.sh
| | | | | `- pollcdrom.sh
| | | | +- 77selinux/
| | | | | +- module-setup.sh
| | | | | `- selinux-loadpolicy.sh
| | | | +- 77syslog/
| | | | | +- README
| | | | | +- module-setup.sh
| | | | | +- parse-syslog-opts.sh
| | | | | +- rsyslog.conf
| | | | | +- rsyslogd-start.sh
| | | | | +- rsyslogd-stop.sh
| | | | | `- syslog-cleanup.sh
| | | | +- 77usrmount/
| | | | | +- module-setup.sh
| | | | | `- mount-usr.sh
| | | | +- 80base/
| | | | | +- dracut-dev-lib.sh
| | | | | +- dracut-lib.sh
| | | | | +- init.sh
| | | | | +- insmodpost.sh
| | | | | +- loginit.sh
| | | | | +- module-setup.sh
| | | | | +- parse-kernel.sh
| | | | | +- parse-root-opts.sh
| | | | | `- rdsosreport.sh
| | | | +- 81busybox/
| | | | | `- module-setup.sh
| | | | +- 84memstrack/
| | | | | +- memstrack-report.sh
| | | | | +- memstrack-start.sh
| | | | | +- memstrack.service
| | | | | `- module-setup.sh
| | | | +- 85shell-interpreter/
| | | | | `- module-setup.sh
| | | | +- 86shutdown/
| | | | | +- module-setup.sh
| | | | | `- shutdown.sh
| | | | `- 99openssl/
| | | | +- module-setup.sh
| | | | `- openssl-check.sh
| | | +- dracut-cpio
| | | +- dracut-functions
| | | +- dracut-functions.sh
| | | +- dracut-init.sh
| | | +- dracut-initramfs-restore
| | | +- dracut-install
| | | +- dracut-logger.sh
| | | +- dracut-util
| | | +- dracut-version.sh
| | | +- ossl-config
| | | +- ossl-files
| | | `- skipcpio
| | +- environment.d/
| | | +- 50-mios.conf
| | | +- 60-mios-qt-adwaita.conf
| | | `- 70-mios-theme.conf
| | +- fapolicyd/
| | | +- rules.d/
| | | | +- 70-bootc-ostree.rules
| | | | `- 90-mios-deny.rules
| | | `- fapolicyd.conf
| | +- firewalld/
| | | +- services/
| | | | `- mios-pxe.xml
| | | `- zones/
| | | `- nm-shared.xml
| | +- greenboot/
| | | +- check/
| | | | +- required.d/
| | | | | +- 10-mios-composefs.sh
| | | | | +- 10-mios-role.sh
| | | | | +- 15-composefs-verity.sh
| | | | | +- 20-podman.sh
| | | | | `- 30-network.sh
| | | | `- wanted.d/
| | | | +- 30-nvidia-cdi.sh
| | | | +- 40-role-target.sh
| | | | +- 50-mios-ha-cluster.sh
| | | | `- 60-k3s.sh
| | | +- fail.d/
| | | | `- 00-log-fail.sh
| | | `- greenboot.conf
| | +- libvirt/
| | | +- hooks/
| | | | `- qemu
| | | `- qemu.conf.d/
| | | `- 10-mios.conf
| | +- mios/
| | | +- schemas/
| | | | +- build_status.schema.json
| | | | +- kargs_diagnosis.schema.json
| | | | `- security_audit.schema.json
| | | +- tools/
| | | | +- chat-completions-api/
| | | | | +- bootc_status.json
| | | | | +- bootc_switch.json
| | | | | +- mios_build.json
| | | | | +- mios_build_kb_refresh.json
| | | | | +- mios_kargs_validate.json
| | | | | +- packages_md_query.json
| | | | | `- repo_overlay_inspect.json
| | | | `- responses-api/
| | | | +- bootc_status.json
| | | | +- bootc_switch.json
| | | | +- file_search.json
| | | | +- mcp.json
| | | | +- mios_build.json
| | | | +- mios_build_kb_refresh.json
| | | | +- mios_kargs_validate.json
| | | | +- packages_md_query.json
| | | | `- repo_overlay_inspect.json
| | | `- paths.sh
| | +- modprobe.d/
| | | +- blacklist-nouveau.conf
| | | +- blacklist-vmw_vsock.conf
| | | +- kvmfr.conf
| | | +- mios-nvidia-blacklist.conf
| | | +- nvidia-open.conf
| | | `- nvidia.conf
| | +- modules-load.d/
| | | +- mios-vfio.conf
| | | `- mios.conf
| | +- ostree/
| | | `- prepare-root.conf
| | +- pam.d/
| | | +- mios-pam-fallback
| | | +- password-auth
| | | `- system-auth
| | +- profile.d/
| | | +- mios-motd.sh
| | | `- mios-wsl2.sh
| | +- rancher/
| | | `- k3s/
| | | `- config.yaml
| | +- repart.d/
| | | `- 50-root.conf
| | +- ssh/
| | | `- sshd_config.d/
| | | +- 10-mios.conf
| | | `- 50-mios-hardened.conf
| | +- sssd/
| | | `- conf.d/
| | | `- 10-mios.conf
| | +- sudoers.d/
| | | +- 10-mios-wheel
| | | `- wheel-nopasswd
| | +- sysctl.d/
| | | +- 90-mios-le9uo.conf
| | | +- 90-mios-overlayfs.conf
| | | +- 99-mios-hardening.conf
| | | `- 99-mios-vmhost.conf
| | +- systemd/
| | | +- journald.conf.d/
| | | | +- 10-mios-noaudit.conf
| | | | `- syslog.conf
| | | +- system/
| | | | +- NetworkManager-wait-online.service.d/
| | | | | `- timeout.conf
| | | | +- NetworkManager.service.d/
| | | | | `- 10-mios-container-gate.conf
| | | | +- audit-rules.service.d/
| | | | | `- 10-mios-virt-gate.conf
| | | | +- auditd.service.d/
| | | | | `- 10-mios-virt-gate.conf
| | | | +- avahi-daemon.service.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- avahi-daemon.socket.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- boot-complete.target.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- boot.mount.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- bootloader-update.service.d/
| | | | | `- 10-mios-virt-gate.conf
| | | | +- ceph-bootstrap.service.d/
| | | | | `- 10-mios-virt-gate.conf
| | | | +- chronyd.service.d/
| | | | | `- 10-mios-virt-gate.conf
| | | | +- cloud-config.service.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- cloud-final.service.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- cloud-init-local.service.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- cloud-init-network.service.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- cockpit-wsinstance-socket-user.service.d/
| | | | | `- 10-mios-container.conf
| | | | +- cockpit.service.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- cockpit.socket.d/
| | | | | +- 10-mios-wsl2.conf
| | | | | +- 10-mios.conf
| | | | | `- listen.conf
| | | | +- coreos-ignition-firstboot-complete.service.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- coreos-populate-lvmdevices.service.d/
| | | | | `- 10-mios-virt-gate.conf
| | | | +- coreos-printk-quiet.service.d/
| | | | | `- 10-mios-virt-gate.conf
| | | | +- coreos-warn-invalid-mounts.service.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- corosync.service.d/
| | | | | `- 10-bare-metal-only.conf
| | | | +- crowdsec-firewall-bouncer.service.d/
| | | | | `- 10-bare-metal-only.conf
| | | | +- crowdsec.service.d/
| | | | | `- 10-bare-metal-only.conf
| | | | +- dbus-broker.service.d/
| | | | | `- 10-mios-no-audit.conf
| | | | +- dev-binderfs.mount.d/
| | | | | `- 10-mios-virt-gate.conf
| | | | +- fapolicyd.service.d/
| | | | | `- 10-mios-virt-gate.conf
| | | | +- firewalld.service.d/
| | | | | `- 10-mios-virt-gate.conf
| | | | +- gdm.service.d/
| | | | | `- 10-mios-virt-gate.conf
| | | | +- gnome-remote-desktop.service.d/
| | | | | `- 10-network-wait.conf
| | | | +- greenboot-healthcheck.service.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- greenboot-success.target.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- libvirtd.service.d/
| | | | | +- 10-mios.conf
| | | | | `- override.conf
| | | | +- mios-cdi-detect.service.d/
| | | | | `- 10-virt-gate.conf
| | | | +- mios-ceph-bootstrap.service.d/
| | | | | `- 10-virt-gate.conf
| | | | +- mios-flatpak-install.service.d/
| | | | | `- 10-virt-gate.conf
| | | | +- mios-freeipa-enroll.service.d/
| | | | | `- 10-boot-timeout.conf
| | | | +- mios-gpu-amd.service.d/
| | | | | `- 10-virt-gate.conf
| | | | +- mios-gpu-intel.service.d/
| | | | | `- 10-virt-gate.conf
| | | | +- mios-gpu-nvidia.service.d/
| | | | | +- 10-cycle-fix.conf
| | | | | `- 10-virt-gate.conf
| | | | +- mios-gpu-status.service.d/
| | | | | `- 10-virt-gate.conf
| | | | +- mios-grd-setup.service.d/
| | | | | `- 10-virt-gate.conf
| | | | +- mios-ha-bootstrap.service.d/
| | | | | `- 10-bare-metal-only.conf
| | | | +- mios-k3s-init.service.d/
| | | | | `- 10-virt-gate.conf
| | | | +- mios-libvirtd-setup.service.d/
| | | | | `- 10-virt-gate.conf
| | | | +- mios-nvidia-cdi.service.d/
| | | | | `- 10-virt-gate.conf
| | | | +- mios-role.service.d/
| | | | | `- 10-virt-gate.conf
| | | | +- mios-selinux-init.service.d/
| | | | | `- 10-virt-gate.conf
| | | | +- mios-waydroid-init.service.d/
| | | | | `- 10-virt-gate.conf
| | | | +- multipathd.service.d/
| | | | | `- 10-bare-metal-only.conf
| | | | +- nfs-server.service.d/
| | | | | `- 10-bare-metal-only.conf
| | | | +- nmb.service.d/
| | | | | `- 10-bare-metal-only.conf
| | | | +- nvidia-cdi-refresh.service.d/
| | | | | `- 10-mios-ordering.conf
| | | | +- nvidia-powerd.service.d/
| | | | | +- 10-bare-metal-only.conf
| | | | | `- 10-mios-virt-gate.conf
| | | | +- ollama.service.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- osbuild-composer.service.d/
| | | | | `- 10-bare-metal-only.conf
| | | | +- osbuild-worker@1.service.d/
| | | | | `- 10-bare-metal-only.conf
| | | | +- pacemaker.service.d/
| | | | | `- 10-bare-metal-only.conf
| | | | +- pcsd.service.d/
| | | | | `- 10-bare-metal-only.conf
| | | | +- polkit.service.d/
| | | | | `- 10-mios-container.conf
| | | | +- qemu-guest-agent.service.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- rc-local.service.d/
| | | | | `- debian.conf
| | | | +- rpm-ostree-fix-shadow-mode.service.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- smb.service.d/
| | | | | `- 10-bare-metal-only.conf
| | | | +- sshd.service.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- stratisd.service.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- systemd-homed.service.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- systemd-journald.service.d/
| | | | | `- nice.conf
| | | | +- systemd-localed.service.d/
| | | | | `- x11-keyboard.conf
| | | | +- systemd-logind.service.d/
| | | | | +- 10-grub2-logind-service.conf
| | | | | +- 10-mios-wsl2.conf
| | | | | `- dbus.conf
| | | | +- systemd-machined.service.d/
| | | | | `- wsl2-optional.conf
| | | | +- systemd-networkd-wait-online.service.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- systemd-resolved.service.d/
| | | | | `- 10-mios-container-gate.conf
| | | | +- systemd-udevd.service.d/
| | | | | `- syscall-architecture.conf
| | | | +- tuned.service.d/
| | | | | `- 10-mios-virt-gate.conf
| | | | +- ublue-nvctk-cdi.service.d/
| | | | | `- 10-mios.conf
| | | | +- upower.service.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- usbguard.service.d/
| | | | | `- 10-mios-virt-gate.conf
| | | | +- var-lib-nfs-rpc_pipefs.mount.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- virtlxcd-admin.socket.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- virtlxcd-ro.socket.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- virtlxcd.service.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- waydroid-container.service.d/
| | | | | +- 10-mios-virt-gate.conf
| | | | | `- 10-nvidia-swiftshader.conf
| | | | +- zincati.service.d/
| | | | | `- 10-mios-wsl2.conf
| | | | +- ceph-bootstrap.service
| | | | +- k3s.service
| | | | +- mios-boot-diag.service
| | | | +- mios-bootc-switch.path
| | | | +- mios-bootc-switch.service
| | | | +- mios-cdi-detect.service
| | | | +- mios-ceph-bootstrap.service
| | | | +- mios-copy-build-log.service
| | | | +- mios-cpu-isolate.service
| | | | +- mios-dashboard-issue.service
| | | | +- mios-dashboard-issue.timer
| | | | +- mios-desktop.target
| | | | +- mios-firstboot.target
| | | | +- mios-flatpak-install.service
| | | | +- mios-forge-firstboot.service
| | | | +- mios-freeipa-enroll.service
| | | | +- mios-gpu-amd.service
| | | | +- mios-gpu-detect.service
| | | | +- mios-gpu-intel.service
| | | | +- mios-gpu-nvidia.service
| | | | +- mios-gpu-pv-detect.service
| | | | +- mios-gpu-status.service
| | | | +- mios-grd-setup.service
| | | | +- mios-ha-bootstrap.service
| | | | +- mios-ha-node.target
| | | | +- mios-headless.target
| | | | +- mios-hybrid.target
| | | | +- mios-hyperv-enhanced.service
| | | | +- mios-k3s-init.service
| | | | +- mios-k3s-master.target
| | | | +- mios-k3s-worker.target
| | | | +- mios-kvmfr-load.service
| | | | +- mios-libvirtd-setup.service
| | | | +- mios-mcp.service
| | | | +- mios-nvidia-cdi.service
| | | | +- mios-ollama-firstboot.service
| | | | +- mios-podman-gc.service
| | | | +- mios-podman-gc.timer
| | | | +- mios-role.service
| | | | +- mios-selinux-init.service
| | | | +- mios-sriov-init.service
| | | | +- mios-verify-root.service
| | | | +- mios-verify.service
| | | | +- mios-waydroid-init.service
| | | | +- mios-wsl-firstboot.service
| | | | +- mios-wsl-init.service
| | | | +- mios-wsl-runtime-dir.service
| | | | +- var-home.mount
| | | | `- var-lib-containers.mount
| | | +- system-preset/
| | | | `- 90-mios.preset
| | | `- zram-generator.conf.d/
| | | +- 10-mios.conf
| | | `- mios.conf
| | +- sysupdate.d/
| | | `- 50-mios.conf
| | +- sysusers.d/
| | | +- 10-mios.conf
| | | +- 20-podman-machine.conf
| | | +- 30-mios-tmpfiles-prereq.conf
| | | +- 50-mios-ai.conf
| | | +- 50-mios-gpu.conf
| | | +- 50-mios-services.conf
| | | `- 50-mios.conf
| | +- tmpfiles.d/
| | | +- mios-backup.conf
| | | +- mios-ceph.conf
| | | +- mios-cpu.conf
| | | +- mios-crowdsec.conf
| | | +- mios-fastfetch.conf
| | | +- mios-fontconfig.conf
| | | +- mios-forge-runner.conf
| | | +- mios-forge.conf
| | | +- mios-freeipa.conf
| | | +- mios-gpu.conf
| | | +- mios-grd.conf
| | | +- mios-infra.conf
| | | +- mios-iommu.conf
| | | +- mios-ipa.conf
| | | +- mios-k3s.conf
| | | +- mios-nfs.conf
| | | +- mios-ollama.conf
| | | +- mios-pxe.conf
| | | +- mios-user.conf
| | | +- mios-virtio.conf
| | | +- mios-wsl2-hacks.conf
| | | `- mios.conf
| | +- udev/
| | | `- rules.d/
| | | +- 99-kvmfr.rules
| | | `- 99-mios-gpu.rules
| | +- usbguard/
| | | `- usbguard-daemon.conf
| | +- uupd/
| | | `- config.json
| | +- waydroid/
| | | `- waydroid.cfg
| | +- xrdp/
| | | `- startwm.sh
| | +- locale.conf
| | +- multipath.conf
| | +- wsl-distribution.conf
| | `- wsl.conf
| +- libexec/
| | +- mios/
| | | +- bootc-switch-from-build.sh
| | | +- ceph-bootstrap.sh
| | | +- copy-build-log.sh
| | | +- cpu-isolate
| | | +- forge-firstboot.sh
| | | +- gpu-detect
| | | +- gpu-pv-detect
| | | +- libvirtd-firstboot
| | | +- mcp-init.sh
| | | +- mcp-server-runner
| | | +- mios-cdi-detect
| | | +- mios-configurator-launch
| | | +- mios-dashboard-render-issue.sh
| | | +- mios-dashboard.sh
| | | +- mios-freeipa-enroll.sh
| | | +- mios-sriov-init
| | | +- motd
| | | +- ollama-firstboot.sh
| | | +- role-apply
| | | +- selinux-init
| | | +- verify-root.sh
| | | +- wsl-firstboot
| | | `- wsl-init
| | +- mios-boot-diag
| | +- mios-flatpak-install
| | +- mios-grd-setup
| | +- mios-hyperv-enhanced
| | `- mios-verify
| +- share/
| | +- applications/
| | | +- mios-ai.desktop
| | | `- mios-configurator.desktop
| | +- containers/
| | | +- containers.conf.d/
| | | | `- 99-mios-network.conf
| | | `- systemd/
| | | +- crowdsec-dashboard.container
| | | +- guacamole-postgres.container
| | | +- guacd.container
| | | +- mios-aichat.build
| | | +- mios-aichat.image
| | | +- mios-guacamole.container
| | | +- mios-pxe-hub.container
| | | `- ollama.container
| | +- doc/
| | | `- mios/
| | | +- upstream/
| | | | +- bib.md
| | | | +- bootc.md
| | | | +- cdi.md
| | | | +- composefs.md
| | | | +- cosign.md
| | | | +- crowdsec-fapolicyd-usbguard.md
| | | | +- deploy-targets.md
| | | | +- dnf5.md
| | | | +- fedora-bootc.md
| | | | +- ghcr.md
| | | | +- greenboot.md
| | | | +- k3s-cockpit.md
| | | | +- localai.md
| | | | +- looking-glass-kvmfr.md
| | | | +- nvidia.md
| | | | +- ostree.md
| | | | +- podman.md
| | | | +- rechunk.md
| | | | +- related-distros.md
| | | | +- secureblue.md
| | | | +- selinux.md
| | | | `- ucore-hci.md
| | | +- 00-overview.md
| | | +- 10-build-pipeline.md
| | | +- 20-packages-md.md
| | | +- 30-overlay.md
| | | +- 40-kargs.md
| | | +- 50-orchestrators.md
| | | +- 60-ci-signing.md
| | | +- 70-ai-surface.md
| | | +- 80-security.md
| | | `- 90-deploy.md
| | +- fontconfig/
| | | `- conf.avail/
| | | `- 30-mios-geist.conf
| | `- mios/
| | +- ai/
| | | +- v1/
| | | | +- mcp.json
| | | | `- models.json
| | | `- system.md
| | +- api/
| | | +- batch.requests.jsonl
| | | +- chat.example.json
| | | +- chat.local.example.json
| | | +- embeddings.example.json
| | | +- mcp.tool.json
| | | `- responses.example.json
| | +- branding/
| | | `- mios.txt
| | +- configurator/
| | | `- index.html
| | +- cookbooks/
| | | +- finetune-flow.md
| | | +- ingest-kb.md
| | | `- local-rag-day0.md
| | +- distrobox/
| | | `- aichat/
| | | +- Containerfile
| | | +- config.yaml
| | | `- distrobox.ini
| | +- fastfetch/
| | | `- config.jsonc
| | +- kb/
| | | `- manifest.json
| | +- oh-my-posh/
| | | `- mios.omp.json
| | +- prompts/
| | | +- build-review.xml.md
| | | +- kargs-author.xml.md
| | | `- troubleshoot.xml.md
| | +- PACKAGES.md
| | +- env.defaults
| | +- mios.toml
| | +- mios.toml.example
| | `- profile.toml
| `- .keep
+- v1/
| +- chat/
| | `- completions
| +- context
| +- knowledge
| +- mcp
| +- models
| `- system
+- var/
| `- lib/
| `- mios/
| +- embeddings/
| | +- chunks.jsonl
| | +- ingest_local.py
| | `- vector_store.import.jsonl
| +- evals/
| | +- dataset.jsonl
| | +- mios-knowledge.eval.json
| | `- mios-knowledge.local-runner.py
| `- training/
| +- dpo.jsonl
| `- sft.jsonl
+- .clinerules
+- .cursorrules
+- .editorconfig
+- .env.mios
+- .gitattributes
+- .gitignore
+- AGENTS.md
+- AGREEMENTS.md
+- usr/share/doc/mios/reference/api.md
+- usr/share/doc/mios/concepts/architecture.md
+- usr/share/mios/ai/audit-prompt.md
+- CLAUDE.md
+- CONTRIBUTING.md
+- usr/share/doc/mios/reference/credits.md
+- Containerfile
+- usr/share/doc/mios/guides/deploy.md
+- usr/share/doc/mios/guides/engineering.md
+- GEMINI.md
+- Get-MiOS.ps1
+- usr/share/mios/ai/INDEX.md
+- usr/share/doc/mios/guides/install.md
+- Justfile
+- LICENSE
+- usr/share/doc/mios/reference/licenses.md
+- usr/share/doc/mios/reference/build-scripts.md
+- usr/share/doc/mios/reference/engineering-reference.md
+- MiOS-SBOM.csv
+- README.md
+- SECURITY.md
+- usr/share/doc/mios/guides/self-build.md
+- usr/share/doc/mios/reference/sources.md
+- VERSION
+- build-mios.ps1
+- image-versions.yml
+- install-mios-agents.sh
+- install.ps1
+- install.sh
+- llms-full.txt
+- llms.txt
+- manifest.json
+- mios-build-local.ps1
+- preflight.ps1
+- push-to-github.ps1
+- renovate.json
`- system-prompt.md