From e7a36487dc01cc1336d69a4e69337ec783523341 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= <nmasse@redhat.com>
Date: Tue, 23 Sep 2025 06:02:38 -0400
Subject: [PATCH] rework

---
 bootc/baremetal/Containerfile                 | 22 ++++++++
 .../root/etc/libvirt/qemu}/hooks/qemu         |  0
 .../root/etc/libvirt/qemu/hooks/qemu.d/.keep} |  0
 .../qemu/networks/autostart/default.xml       |  0
 .../etc/libvirt/qemu/networks/default.xml     |  0
 bootc/base/Containerfile                      | 22 +++++---
 bootc/scenario1/Containerfile                 |  8 ---
 .../hooks.d/afterupdating/30-nextcloud.yaml   | 10 ----
 bootc/scenario2/Containerfile                 |  8 ---
 bootc/scenario3a/Containerfile                |  8 ---
 .../qemu/networks/autostart/default.xml       |  1 -
 .../etc/libvirt/qemu/networks/default.xml     | 19 -------
 bootc/scenario4/Containerfile                 |  8 ---
 .../hooks.d/afterupdating/30-odoo.yaml        | 10 ----
 bootc/scripts/build-image.sh                  | 54 +++++++++++++++++++
 bootc/scripts/{build.sh => build-qcow2.sh}    | 29 ----------
 bootc/scripts/buildall.sh                     |  8 ++-
 bootc/virtualmachine/Containerfile            | 20 +++++++
 .../flightctl-agent.service.d/override.conf   |  0
 .../etc/default/bootstrap-vm-nextcloud.env    |  4 +-
 .../hooks.d/afterupdating/30-edge-vm.yaml     |  5 ++
 .../hooks.d/beforeupdating/30-edge-vm.yaml    |  5 ++
 .../check/required.d/30_nextcloud_check.sh    |  0
 .../libvirt/hooks/qemu.d/nextcloud/iptables   |  0
 .../etc/systemd/system/bootstrap-vm@.service  |  0
 .../edge-vm}/usr/local/bin/bootstrap-vm.sh    |  0
 .../etc/default/migrate-vm-printserver.env    |  0
 .../afterupdating/30-hyperv-migration.yaml    |  5 ++
 .../beforeupdating/30-hyperv-migration.yaml   |  5 ++
 .../check/required.d/30_printserver_check.sh  |  0
 .../etc/systemd/system/migrate-vm@.service    |  0
 .../usr/local/bin/migrate-vm.sh               |  0
 .../systemd/nextcloud-app.container           | 10 ++--
 .../containers/systemd/nextcloud-db.container |  8 +--
 .../systemd/nextcloud-nginx.container         |  4 +-
 .../systemd/nextcloud-redis.container         |  6 +--
 .../systemd/nextcloud}/nextcloud-app.env      |  0
 .../nextcloud}/nextcloud-config.env.tmpl      |  0
 .../systemd/nextcloud}/nextcloud-db.env       |  0
 .../systemd/nextcloud}/nextcloud-redis.env    |  0
 .../containers/systemd/nextcloud}/nginx.conf  |  0
 .../systemd/nextcloud/redis-session.ini       |  0
 .../containers/systemd/nextcloud}/redis.conf  |  0
 .../containers/systemd/nextcloud}/www.conf    |  0
 .../hooks.d/afterupdating/30-nextcloud.yaml   |  5 ++
 .../hooks.d/beforeupdating/30-nextcloud.yaml  |  5 ++
 .../check/required.d/30_nextcloud_check.sh    |  0
 .../etc/systemd/system/nextcloud.target       |  0
 .../etc/containers/systemd/odoo-app.container |  4 +-
 .../etc/containers/systemd/odoo-db.container  | 10 ++--
 .../containers/systemd/odoo-init.container    |  6 +--
 .../systemd/odoo}/odoo-config.env.tmpl        |  0
 .../etc/containers/systemd/odoo}/odoo-db.env  |  1 +
 .../hooks.d/afterupdating/30-odoo.yaml        |  5 ++
 .../hooks.d/beforeupdating/30-odoo.yaml       |  5 ++
 .../check/required.d/30_odoo_check.sh         |  0
 .../apps/odoo}/etc/odoo/init.sh               |  0
 .../apps/odoo}/etc/odoo/odoo.conf             |  0
 .../apps/odoo}/etc/systemd/system/odoo.target |  0
 flightctl/fleets.yaml                         | 24 ---------
 .../sites/default/etc/motd.d/unconfigured     |  0
 .../systemd/configs/nextcloud-config.env      |  0
 .../systemd/configs/odoo-config.env           |  0
 .../systemd/configs/nextcloud-config.env      |  0
 .../systemd/configs/odoo-config.env           |  0
 .../sites/default/etc/motd.d/unconfigured     |  0
 .../systemd/configs/nextcloud-config.env      | 16 ++++++
 .../systemd/configs/nextcloud-config.env      | 16 ++++++
 .../sites/default/etc/motd.d/unconfigured     |  6 ---
 .../systemd/configs/odoo-config.env           |  4 --
 .../systemd/configs/odoo-config.env           |  4 --
 pxe-boot/install.sh                           | 22 +++-----
 pxe-boot/tftpboot/menu.ipxe                   | 47 ++--------------
 pxe-boot/www/ks/mac-00190f440391.ks           |  2 +-
 pxe-boot/www/ks/mac-00be43ec5619.ks           |  2 +-
 75 files changed, 229 insertions(+), 234 deletions(-)
 create mode 100644 bootc/baremetal/Containerfile
 rename bootc/{scenario3a/root/etc/libvirt => baremetal/root/etc/libvirt/qemu}/hooks/qemu (100%)
 rename bootc/{scenario1/root/etc/containers/systemd/configs/redis-session.ini => baremetal/root/etc/libvirt/qemu/hooks/qemu.d/.keep} (100%)
 rename bootc/{scenario2 => baremetal}/root/etc/libvirt/qemu/networks/autostart/default.xml (100%)
 rename bootc/{scenario2 => baremetal}/root/etc/libvirt/qemu/networks/default.xml (100%)
 delete mode 100644 bootc/scenario1/Containerfile
 delete mode 100644 bootc/scenario1/root/etc/flightctl/hooks.d/afterupdating/30-nextcloud.yaml
 delete mode 100644 bootc/scenario2/Containerfile
 delete mode 100644 bootc/scenario3a/Containerfile
 delete mode 120000 bootc/scenario3a/root/etc/libvirt/qemu/networks/autostart/default.xml
 delete mode 100644 bootc/scenario3a/root/etc/libvirt/qemu/networks/default.xml
 delete mode 100644 bootc/scenario4/Containerfile
 delete mode 100644 bootc/scenario4/root/etc/flightctl/hooks.d/afterupdating/30-odoo.yaml
 create mode 100755 bootc/scripts/build-image.sh
 rename bootc/scripts/{build.sh => build-qcow2.sh} (66%)
 create mode 100644 bootc/virtualmachine/Containerfile
 rename bootc/{base => virtualmachine}/root/etc/systemd/system/flightctl-agent.service.d/override.conf (100%)
 rename {bootc/scenario3a/root => flightctl/apps/edge-vm}/etc/default/bootstrap-vm-nextcloud.env (64%)
 create mode 100644 flightctl/apps/edge-vm/etc/flightctl/hooks.d/afterupdating/30-edge-vm.yaml
 create mode 100644 flightctl/apps/edge-vm/etc/flightctl/hooks.d/beforeupdating/30-edge-vm.yaml
 rename {bootc/scenario3a/root => flightctl/apps/edge-vm}/etc/greenboot/check/required.d/30_nextcloud_check.sh (100%)
 rename {bootc/scenario3a/root => flightctl/apps/edge-vm}/etc/libvirt/hooks/qemu.d/nextcloud/iptables (100%)
 rename {bootc/scenario3a/root => flightctl/apps/edge-vm}/etc/systemd/system/bootstrap-vm@.service (100%)
 rename {bootc/scenario3a/root => flightctl/apps/edge-vm}/usr/local/bin/bootstrap-vm.sh (100%)
 rename {bootc/scenario2/root => flightctl/apps/hyperv-migration}/etc/default/migrate-vm-printserver.env (100%)
 create mode 100644 flightctl/apps/hyperv-migration/etc/flightctl/hooks.d/afterupdating/30-hyperv-migration.yaml
 create mode 100644 flightctl/apps/hyperv-migration/etc/flightctl/hooks.d/beforeupdating/30-hyperv-migration.yaml
 rename {bootc/scenario2/root => flightctl/apps/hyperv-migration}/etc/greenboot/check/required.d/30_printserver_check.sh (100%)
 rename {bootc/scenario2/root => flightctl/apps/hyperv-migration}/etc/systemd/system/migrate-vm@.service (100%)
 rename {bootc/scenario2/root => flightctl/apps/hyperv-migration}/usr/local/bin/migrate-vm.sh (100%)
 rename {bootc/scenario1/root => flightctl/apps/nextcloud}/etc/containers/systemd/nextcloud-app.container (79%)
 rename {bootc/scenario1/root => flightctl/apps/nextcloud}/etc/containers/systemd/nextcloud-db.container (77%)
 rename {bootc/scenario1/root => flightctl/apps/nextcloud}/etc/containers/systemd/nextcloud-nginx.container (84%)
 rename {bootc/scenario1/root => flightctl/apps/nextcloud}/etc/containers/systemd/nextcloud-redis.container (79%)
 rename {bootc/scenario1/root/etc/containers/systemd/configs => flightctl/apps/nextcloud/etc/containers/systemd/nextcloud}/nextcloud-app.env (100%)
 rename {bootc/scenario1/root/etc/containers/systemd/configs => flightctl/apps/nextcloud/etc/containers/systemd/nextcloud}/nextcloud-config.env.tmpl (100%)
 rename {bootc/scenario1/root/etc/containers/systemd/configs => flightctl/apps/nextcloud/etc/containers/systemd/nextcloud}/nextcloud-db.env (100%)
 rename {bootc/scenario1/root/etc/containers/systemd/configs => flightctl/apps/nextcloud/etc/containers/systemd/nextcloud}/nextcloud-redis.env (100%)
 rename {bootc/scenario1/root/etc/containers/systemd/configs => flightctl/apps/nextcloud/etc/containers/systemd/nextcloud}/nginx.conf (100%)
 create mode 100644 flightctl/apps/nextcloud/etc/containers/systemd/nextcloud/redis-session.ini
 rename {bootc/scenario1/root/etc/containers/systemd/configs => flightctl/apps/nextcloud/etc/containers/systemd/nextcloud}/redis.conf (100%)
 rename {bootc/scenario1/root/etc/containers/systemd/configs => flightctl/apps/nextcloud/etc/containers/systemd/nextcloud}/www.conf (100%)
 create mode 100644 flightctl/apps/nextcloud/etc/flightctl/hooks.d/afterupdating/30-nextcloud.yaml
 create mode 100644 flightctl/apps/nextcloud/etc/flightctl/hooks.d/beforeupdating/30-nextcloud.yaml
 rename {bootc/scenario1/root => flightctl/apps/nextcloud}/etc/greenboot/check/required.d/30_nextcloud_check.sh (100%)
 rename {bootc/scenario1/root => flightctl/apps/nextcloud}/etc/systemd/system/nextcloud.target (100%)
 rename {bootc/scenario4/root => flightctl/apps/odoo}/etc/containers/systemd/odoo-app.container (90%)
 rename {bootc/scenario4/root => flightctl/apps/odoo}/etc/containers/systemd/odoo-db.container (74%)
 rename {bootc/scenario4/root => flightctl/apps/odoo}/etc/containers/systemd/odoo-init.container (86%)
 rename {bootc/scenario4/root/etc/containers/systemd/configs => flightctl/apps/odoo/etc/containers/systemd/odoo}/odoo-config.env.tmpl (100%)
 rename {bootc/scenario4/root/etc/containers/systemd/configs => flightctl/apps/odoo/etc/containers/systemd/odoo}/odoo-db.env (92%)
 create mode 100644 flightctl/apps/odoo/etc/flightctl/hooks.d/afterupdating/30-odoo.yaml
 create mode 100644 flightctl/apps/odoo/etc/flightctl/hooks.d/beforeupdating/30-odoo.yaml
 rename {bootc/scenario4/root => flightctl/apps/odoo}/etc/greenboot/check/required.d/30_odoo_check.sh (100%)
 rename {bootc/scenario4/root => flightctl/apps/odoo}/etc/odoo/init.sh (100%)
 rename {bootc/scenario4/root => flightctl/apps/odoo}/etc/odoo/odoo.conf (100%)
 rename {bootc/scenario4/root => flightctl/apps/odoo}/etc/systemd/system/odoo.target (100%)
 rename flightctl/{scenario1 => fleets/baremetal}/sites/default/etc/motd.d/unconfigured (100%)
 rename flightctl/{scenario1 => fleets/baremetal}/sites/paris-wagram/etc/containers/systemd/configs/nextcloud-config.env (100%)
 rename flightctl/{scenario3a => fleets/baremetal}/sites/paris-wagram/etc/containers/systemd/configs/odoo-config.env (100%)
 rename flightctl/{scenario1 => fleets/baremetal}/sites/villeneuve-d-ascq/etc/containers/systemd/configs/nextcloud-config.env (100%)
 rename flightctl/{scenario3a => fleets/baremetal}/sites/villeneuve-d-ascq/etc/containers/systemd/configs/odoo-config.env (100%)
 rename flightctl/{scenario3a => fleets/virtualmachines}/sites/default/etc/motd.d/unconfigured (100%)
 create mode 100644 flightctl/fleets/virtualmachines/sites/paris-wagram/etc/containers/systemd/configs/nextcloud-config.env
 create mode 100644 flightctl/fleets/virtualmachines/sites/villeneuve-d-ascq/etc/containers/systemd/configs/nextcloud-config.env
 delete mode 100644 flightctl/scenario4/sites/default/etc/motd.d/unconfigured
 delete mode 100644 flightctl/scenario4/sites/paris-wagram/etc/containers/systemd/configs/odoo-config.env
 delete mode 100644 flightctl/scenario4/sites/villeneuve-d-ascq/etc/containers/systemd/configs/odoo-config.env

diff --git a/bootc/baremetal/Containerfile b/bootc/baremetal/Containerfile
new file mode 100644
index 0000000..943e64b
--- /dev/null
+++ b/bootc/baremetal/Containerfile
@@ -0,0 +1,22 @@
+FROM edge-registry.itix.fr/demo-edge-retail/base:latest
+
+RUN <<EOF
+set -Eeuo pipefail
+
+# Install virtualization packages
+dnf install -y cockpit-machines libvirt libvirt-daemon-kvm virt-install virt-top \
+               libguestfs-tools genisoimage smartmontools hdparm rclone virt-v2v \
+               virt-v2v-bash-completion libguestfs-winsupport
+dnf clean all
+
+EOF
+
+ADD --chown=root:root root /
+
+RUN <<EOF
+set -Eeuo pipefail
+
+# Enable systemd services and sockets
+systemctl enable libvirtd.service libvirt-guests.service
+
+EOF
diff --git a/bootc/scenario3a/root/etc/libvirt/hooks/qemu b/bootc/baremetal/root/etc/libvirt/qemu/hooks/qemu
similarity index 100%
rename from bootc/scenario3a/root/etc/libvirt/hooks/qemu
rename to bootc/baremetal/root/etc/libvirt/qemu/hooks/qemu
diff --git a/bootc/scenario1/root/etc/containers/systemd/configs/redis-session.ini b/bootc/baremetal/root/etc/libvirt/qemu/hooks/qemu.d/.keep
similarity index 100%
rename from bootc/scenario1/root/etc/containers/systemd/configs/redis-session.ini
rename to bootc/baremetal/root/etc/libvirt/qemu/hooks/qemu.d/.keep
diff --git a/bootc/scenario2/root/etc/libvirt/qemu/networks/autostart/default.xml b/bootc/baremetal/root/etc/libvirt/qemu/networks/autostart/default.xml
similarity index 100%
rename from bootc/scenario2/root/etc/libvirt/qemu/networks/autostart/default.xml
rename to bootc/baremetal/root/etc/libvirt/qemu/networks/autostart/default.xml
diff --git a/bootc/scenario2/root/etc/libvirt/qemu/networks/default.xml b/bootc/baremetal/root/etc/libvirt/qemu/networks/default.xml
similarity index 100%
rename from bootc/scenario2/root/etc/libvirt/qemu/networks/default.xml
rename to bootc/baremetal/root/etc/libvirt/qemu/networks/default.xml
diff --git a/bootc/base/Containerfile b/bootc/base/Containerfile
index 344f79d..6d23f7d 100644
--- a/bootc/base/Containerfile
+++ b/bootc/base/Containerfile
@@ -6,15 +6,17 @@ ARG ADMIN_USERNAME=demo \
 RUN <<EOF
 set -Eeuo pipefail
 
+# Enable EPEL and Ansible AAP repos
 dnf config-manager --enable ansible-automation-platform-2.5-for-rhel-9-$(arch)-rpms
 dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
-dnf install -y mkpasswd podman skopeo flightctl-agent cockpit cockpit-machines cockpit-podman \
-               cockpit-files cockpit-ostree cockpit-pcp cockpit-system libvirt libvirt-daemon-kvm \
-               virt-install virt-top libguestfs-tools genisoimage greenboot greenboot-default-health-checks \
-               stress-ng yq podman-compose tmux smartmontools hdparm tcpdump rclone virt-v2v \
-               virt-v2v-bash-completion libguestfs-winsupport
+
+# Install packages
+dnf install -y mkpasswd podman skopeo flightctl-agent cockpit cockpit-podman cockpit-files \
+               cockpit-ostree cockpit-pcp cockpit-system greenboot greenboot-default-health-checks \
+               stress-ng yq podman-compose tmux tcpdump
 dnf clean all
 
+# Create admin user if specified
 if [ -n "$ADMIN_USERNAME" ]; then
   useradd -m -G wheel -p "$(echo -n "$ADMIN_PASSWORD" | mkpasswd -m bcrypt --stdin)" "$ADMIN_USERNAME"
 fi
@@ -24,12 +26,18 @@ ADD --chown=root:root root /
 
 RUN <<EOF
 set -Eeuo pipefail
-systemctl enable flightctl-agent.service cockpit.socket libvirtd.service libvirt-guests.service
+
+# Enable systemd services and sockets
+systemctl enable flightctl-agent.service cockpit.socket
+
+# Make sure the flightctl-agent is the only one that can apply updates
 systemctl mask bootc-fetch-apply-updates.timer
+
+# Set proper ownership and SELinux context on SSH authorized keys
 if [ -n "$ADMIN_USERNAME" -a -f "/etc/ssh/authorized_keys/$ADMIN_USERNAME.keys" ]; then
   chown "$ADMIN_USERNAME:$ADMIN_USERNAME" "/etc/ssh/authorized_keys/$ADMIN_USERNAME.keys"
 fi
 semanage fcontext -a -t ssh_home_t "/etc/ssh/authorized_keys(/.*)?"
 restorecon -Rf /etc/ssh/authorized_keys
-install -d -m 0700 -o root -g root /var/lib/private/flightctl
+
 EOF
diff --git a/bootc/scenario1/Containerfile b/bootc/scenario1/Containerfile
deleted file mode 100644
index 15b6195..0000000
--- a/bootc/scenario1/Containerfile
+++ /dev/null
@@ -1,8 +0,0 @@
-FROM edge-registry.itix.fr/demo-edge-retail/base:latest
-
-ADD --chown=root:root root /
-
-RUN <<EOF
-set -Eeuo pipefail
-systemctl enable nextcloud.target
-EOF
diff --git a/bootc/scenario1/root/etc/flightctl/hooks.d/afterupdating/30-nextcloud.yaml b/bootc/scenario1/root/etc/flightctl/hooks.d/afterupdating/30-nextcloud.yaml
deleted file mode 100644
index 90c7bfd..0000000
--- a/bootc/scenario1/root/etc/flightctl/hooks.d/afterupdating/30-nextcloud.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-- if:
-  - path: /etc/containers/systemd/configs/nextcloud-config.env
-    op: [created, updated]
-  run: systemctl restart nextcloud.target
-  timeout: 5m
-- if:
-  - path: /etc/containers/systemd/configs/nextcloud-config.env
-    op: [removed]
-  run: /bin/sh -c 'if [ -f /etc/systemd/system/nextcloud.target ]; then systemctl stop nextcloud.target; fi'
-  timeout: 5m
diff --git a/bootc/scenario2/Containerfile b/bootc/scenario2/Containerfile
deleted file mode 100644
index 0c06694..0000000
--- a/bootc/scenario2/Containerfile
+++ /dev/null
@@ -1,8 +0,0 @@
-FROM edge-registry.itix.fr/demo-edge-retail/base:latest
-
-ADD --chown=root:root root /
-
-RUN <<EOF
-set -Eeuo pipefail
-systemctl enable migrate-vm@printserver.service
-EOF
diff --git a/bootc/scenario3a/Containerfile b/bootc/scenario3a/Containerfile
deleted file mode 100644
index c6d3b77..0000000
--- a/bootc/scenario3a/Containerfile
+++ /dev/null
@@ -1,8 +0,0 @@
-FROM edge-registry.itix.fr/demo-edge-retail/base:latest
-
-ADD --chown=root:root root /
-
-RUN <<EOF
-set -Eeuo pipefail
-systemctl enable bootstrap-vm@nextcloud.service
-EOF
diff --git a/bootc/scenario3a/root/etc/libvirt/qemu/networks/autostart/default.xml b/bootc/scenario3a/root/etc/libvirt/qemu/networks/autostart/default.xml
deleted file mode 120000
index 8339868..0000000
--- a/bootc/scenario3a/root/etc/libvirt/qemu/networks/autostart/default.xml
+++ /dev/null
@@ -1 +0,0 @@
-../default.xml
\ No newline at end of file
diff --git a/bootc/scenario3a/root/etc/libvirt/qemu/networks/default.xml b/bootc/scenario3a/root/etc/libvirt/qemu/networks/default.xml
deleted file mode 100644
index d7805a3..0000000
--- a/bootc/scenario3a/root/etc/libvirt/qemu/networks/default.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<network>
-  <name>default</name>
-  <bridge name="virbr0" stp="on" delay="5" />
-  <forward mode='nat' />
-  <domain name="libvirt.test" />
-  <dns>
-    <host ip='192.168.122.1'>
-      <hostname>host</hostname>
-    </host>
-  </dns>
-  <ip address="192.168.122.1" netmask="255.255.255.0" localPtr="yes">
-    <dhcp>
-      <range start="192.168.122.100" end="192.168.122.200">
-        <lease expiry='24' unit='hours'/>
-      </range>
-      <host mac="04:00:00:00:00:01" name="nextcloud" ip="192.168.122.2" />
-    </dhcp>
-  </ip>
-</network>
diff --git a/bootc/scenario4/Containerfile b/bootc/scenario4/Containerfile
deleted file mode 100644
index 18e4c0b..0000000
--- a/bootc/scenario4/Containerfile
+++ /dev/null
@@ -1,8 +0,0 @@
-FROM edge-registry.itix.fr/demo-edge-retail/base:latest
-
-ADD --chown=root:root root /
-
-RUN <<EOF
-set -Eeuo pipefail
-systemctl enable odoo.target
-EOF
diff --git a/bootc/scenario4/root/etc/flightctl/hooks.d/afterupdating/30-odoo.yaml b/bootc/scenario4/root/etc/flightctl/hooks.d/afterupdating/30-odoo.yaml
deleted file mode 100644
index ca44ed6..0000000
--- a/bootc/scenario4/root/etc/flightctl/hooks.d/afterupdating/30-odoo.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-- if:
-  - path: /etc/containers/systemd/configs/odoo-config.env
-    op: [created, updated]
-  run: systemctl restart odoo.target
-  timeout: 5m
-- if:
-  - path: /etc/containers/systemd/configs/odoo-config.env
-    op: [removed]
-  run: /bin/sh -c 'if [ -f /etc/systemd/system/odoo.target ]; then systemctl stop odoo.target; fi'
-  timeout: 5m
diff --git a/bootc/scripts/build-image.sh b/bootc/scripts/build-image.sh
new file mode 100755
index 0000000..22c94c6
--- /dev/null
+++ b/bootc/scripts/build-image.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+set -Eeuo pipefail
+
+if [[ "$UID" -ne 0 ]]; then
+  echo "This command must be run as root!"
+  exit 1
+fi
+
+if [ "$#" -lt 1 ]; then
+  echo "Usage: $0 <bootc-target-image> [qcow2-target-image]"
+  exit 1
+fi
+
+TARGET_IMAGE="$1"
+
+OCI_REGISTRY="${TARGET_IMAGE%%/*}"
+SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+PROJECT_DIR="$(dirname "$SCRIPT_DIR")"
+
+if [ ! -f "$PROJECT_DIR/signing-key.pass" ]; then
+  openssl rand -base64 30 > "$PROJECT_DIR/signing-key.pass"
+  chmod 600 "$PROJECT_DIR/signing-key.pass"
+fi
+
+if [ ! -f "$PROJECT_DIR/signing-key.pub" ]; then
+  skopeo generate-sigstore-key --output-prefix "$PROJECT_DIR/signing-key" --passphrase-file "$PROJECT_DIR/signing-key.pass"
+fi
+
+if [ ! -f "/etc/containers/registries.d/${OCI_REGISTRY}.yaml" ]; then
+  tee "/etc/containers/registries.d/${OCI_REGISTRY}.yaml" > /dev/null <<EOF
+docker:
+  ${OCI_REGISTRY}:
+    use-sigstore-attachments: true
+EOF
+fi
+
+export REGISTRY_AUTH_FILE="$PROJECT_DIR/auth.json"
+if [ ! -f "$REGISTRY_AUTH_FILE" ]; then
+  echo "Please enter your credentials for ${OCI_REGISTRY}:"
+  podman login "${OCI_REGISTRY}"
+
+  echo "Please enter your credentials for registry.redhat.io:"
+  podman login registry.redhat.io
+fi
+
+if [ -x "$PWD/custom.sh" ]; then
+  echo "Running custom.sh..."
+  "$PWD/custom.sh"
+fi
+
+echo "Building and pushing image $TARGET_IMAGE..."
+podman build --no-cache -t "${TARGET_IMAGE}" .
+podman push --sign-by-sigstore-private-key "$PROJECT_DIR/signing-key.private" --sign-passphrase-file "$PROJECT_DIR/signing-key.pass" "${TARGET_IMAGE}"
diff --git a/bootc/scripts/build.sh b/bootc/scripts/build-qcow2.sh
similarity index 66%
rename from bootc/scripts/build.sh
rename to bootc/scripts/build-qcow2.sh
index 928b790..33cc35d 100755
--- a/bootc/scripts/build.sh
+++ b/bootc/scripts/build-qcow2.sh
@@ -35,41 +35,12 @@ OCI_REGISTRY="${TARGET_IMAGE%%/*}"
 SCRIPT_DIR="$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 PROJECT_DIR="$(dirname "$SCRIPT_DIR")"
 
-if [ ! -f "$PROJECT_DIR/signing-key.pass" ]; then
-  openssl rand -base64 30 > "$PROJECT_DIR/signing-key.pass"
-  chmod 600 "$PROJECT_DIR/signing-key.pass"
-fi
-
-if [ ! -f "$PROJECT_DIR/signing-key.pub" ]; then
-  skopeo generate-sigstore-key --output-prefix "$PROJECT_DIR/signing-key" --passphrase-file "$PROJECT_DIR/signing-key.pass"
-fi
-
-if [ ! -f "/etc/containers/registries.d/${OCI_REGISTRY}.yaml" ]; then
-  tee "/etc/containers/registries.d/${OCI_REGISTRY}.yaml" > /dev/null <<EOF
-docker:
-  ${OCI_REGISTRY}:
-    use-sigstore-attachments: true
-EOF
-fi
-
 export REGISTRY_AUTH_FILE="$PROJECT_DIR/auth.json"
 if [ ! -f "$REGISTRY_AUTH_FILE" ]; then
   echo "Please enter your credentials for ${OCI_REGISTRY}:"
   podman login "${OCI_REGISTRY}"
-
-  echo "Please enter your credentials for registry.redhat.io:"
-  podman login registry.redhat.io
 fi
 
-if [ -x "$PWD/custom.sh" ]; then
-  echo "Running custom.sh..."
-  "$PWD/custom.sh"
-fi
-
-echo "Building and pushing image $TARGET_IMAGE..."
-podman build --no-cache -t "${TARGET_IMAGE}" .
-podman push --sign-by-sigstore-private-key "$PROJECT_DIR/signing-key.private" --sign-passphrase-file "$PROJECT_DIR/signing-key.pass" "${TARGET_IMAGE}"
-
 echo "Building and pushing image $QCOW2_TARGET_IMAGE..."
 temp_dir="$(mktemp -d)"
 trap 'rm -rf "$temp_dir"' EXIT
diff --git a/bootc/scripts/buildall.sh b/bootc/scripts/buildall.sh
index 291976d..cc45f3c 100755
--- a/bootc/scripts/buildall.sh
+++ b/bootc/scripts/buildall.sh
@@ -12,13 +12,17 @@ PROJECT_DIR="$(dirname "$SCRIPT_DIR")"
 
 . "$PROJECT_DIR/config.env"
 
-for dir in "$PROJECT_DIR"/{base,scenario*}; do
+for dir in "$PROJECT_DIR"/{base,hypervisor,virtualmachine}; do
   if [ -d "$dir" -a -f "$dir/Containerfile" ]; then
     export SCENARIO="${dir##*/}"
     TARGET_IMAGE="$(echo -n "$TARGET_IMAGE_TEMPLATE" | envsubst)"
     echo "Building container image $TARGET_IMAGE from $SCENARIO..."
     pushd "$dir" > /dev/null
-    "$SCRIPT_DIR/build.sh" "$TARGET_IMAGE"
+    "$SCRIPT_DIR/build-image.sh" "$TARGET_IMAGE"
+    if [[ "$SCENARIO" == "virtualmachine" ]]; then
+      echo "Building qcow2 image for $TARGET_IMAGE..."
+      "$SCRIPT_DIR/build-qcow2.sh" "$TARGET_IMAGE"
+    fi
     popd > /dev/null
   fi
 done
diff --git a/bootc/virtualmachine/Containerfile b/bootc/virtualmachine/Containerfile
new file mode 100644
index 0000000..b2ecb15
--- /dev/null
+++ b/bootc/virtualmachine/Containerfile
@@ -0,0 +1,20 @@
+FROM edge-registry.itix.fr/demo-edge-retail/base:latest
+
+RUN <<EOF
+set -Eeuo pipefail
+
+# Install the Qemu guest agent
+dnf install -y qemu-guest-agent
+dnf clean all
+
+EOF
+
+ADD --chown=root:root root /
+
+RUN <<EOF
+set -Eeuo pipefail
+
+# The flightctl-agent configuration will be injected here by the hypervisor
+install -d -m 0700 -o root -g root /var/lib/private/flightctl
+
+EOF
diff --git a/bootc/base/root/etc/systemd/system/flightctl-agent.service.d/override.conf b/bootc/virtualmachine/root/etc/systemd/system/flightctl-agent.service.d/override.conf
similarity index 100%
rename from bootc/base/root/etc/systemd/system/flightctl-agent.service.d/override.conf
rename to bootc/virtualmachine/root/etc/systemd/system/flightctl-agent.service.d/override.conf
diff --git a/bootc/scenario3a/root/etc/default/bootstrap-vm-nextcloud.env b/flightctl/apps/edge-vm/etc/default/bootstrap-vm-nextcloud.env
similarity index 64%
rename from bootc/scenario3a/root/etc/default/bootstrap-vm-nextcloud.env
rename to flightctl/apps/edge-vm/etc/default/bootstrap-vm-nextcloud.env
index 0e2e1cd..273c41b 100644
--- a/bootc/scenario3a/root/etc/default/bootstrap-vm-nextcloud.env
+++ b/flightctl/apps/edge-vm/etc/default/bootstrap-vm-nextcloud.env
@@ -3,6 +3,6 @@ DOMAIN_RAM=8192
 DOMAIN_DISK_SIZE=100
 DOMAIN_OS_VARIANT=rhel9.6
 DOMAIN_MAC_ADDRESS=04:00:00:00:00:01
-FLIGHTCTL_LABELS_OVERRIDE={ "type": "virtualmachine", "vm.name": "nextcloud", "scenario": "scenario1" }
-DOMAIN_DISK_SOURCE=edge-registry.itix.fr/demo-edge-retail/scenario1-qcow2:latest
+FLIGHTCTL_LABELS_OVERRIDE={ "type": "virtualmachine", "vm.name": "nextcloud" }
+DOMAIN_DISK_SOURCE=edge-registry.itix.fr/demo-edge-retail/virtualmachine:latest
 REGISTRY_AUTH_FILE=/etc/ostree/auth.json
diff --git a/flightctl/apps/edge-vm/etc/flightctl/hooks.d/afterupdating/30-edge-vm.yaml b/flightctl/apps/edge-vm/etc/flightctl/hooks.d/afterupdating/30-edge-vm.yaml
new file mode 100644
index 0000000..21a2481
--- /dev/null
+++ b/flightctl/apps/edge-vm/etc/flightctl/hooks.d/afterupdating/30-edge-vm.yaml
@@ -0,0 +1,5 @@
+- if:
+  - path: /etc/default/bootstrap-vm-nextcloud.env
+    op: [created, updated]
+  run: /bin/sh -Eeuo pipefail -c 'systemctl enable bootstrap-vm@nextcloud.service ; systemctl restart bootstrap-vm@nextcloud.service'
+  timeout: 5m
diff --git a/flightctl/apps/edge-vm/etc/flightctl/hooks.d/beforeupdating/30-edge-vm.yaml b/flightctl/apps/edge-vm/etc/flightctl/hooks.d/beforeupdating/30-edge-vm.yaml
new file mode 100644
index 0000000..6f15ae9
--- /dev/null
+++ b/flightctl/apps/edge-vm/etc/flightctl/hooks.d/beforeupdating/30-edge-vm.yaml
@@ -0,0 +1,5 @@
+- if:
+  - path: /etc/default/bootstrap-vm-nextcloud.env
+    op: [removed]
+  run: /bin/sh -c 'if [ -f /etc/systemd/system/bootstrap-vm@.service ]; then systemctl stop bootstrap-vm@nextcloud.service ; systemctl disable bootstrap-vm@nextcloud.service ; fi'
+  timeout: 5m
diff --git a/bootc/scenario3a/root/etc/greenboot/check/required.d/30_nextcloud_check.sh b/flightctl/apps/edge-vm/etc/greenboot/check/required.d/30_nextcloud_check.sh
similarity index 100%
rename from bootc/scenario3a/root/etc/greenboot/check/required.d/30_nextcloud_check.sh
rename to flightctl/apps/edge-vm/etc/greenboot/check/required.d/30_nextcloud_check.sh
diff --git a/bootc/scenario3a/root/etc/libvirt/hooks/qemu.d/nextcloud/iptables b/flightctl/apps/edge-vm/etc/libvirt/hooks/qemu.d/nextcloud/iptables
similarity index 100%
rename from bootc/scenario3a/root/etc/libvirt/hooks/qemu.d/nextcloud/iptables
rename to flightctl/apps/edge-vm/etc/libvirt/hooks/qemu.d/nextcloud/iptables
diff --git a/bootc/scenario3a/root/etc/systemd/system/bootstrap-vm@.service b/flightctl/apps/edge-vm/etc/systemd/system/bootstrap-vm@.service
similarity index 100%
rename from bootc/scenario3a/root/etc/systemd/system/bootstrap-vm@.service
rename to flightctl/apps/edge-vm/etc/systemd/system/bootstrap-vm@.service
diff --git a/bootc/scenario3a/root/usr/local/bin/bootstrap-vm.sh b/flightctl/apps/edge-vm/usr/local/bin/bootstrap-vm.sh
similarity index 100%
rename from bootc/scenario3a/root/usr/local/bin/bootstrap-vm.sh
rename to flightctl/apps/edge-vm/usr/local/bin/bootstrap-vm.sh
diff --git a/bootc/scenario2/root/etc/default/migrate-vm-printserver.env b/flightctl/apps/hyperv-migration/etc/default/migrate-vm-printserver.env
similarity index 100%
rename from bootc/scenario2/root/etc/default/migrate-vm-printserver.env
rename to flightctl/apps/hyperv-migration/etc/default/migrate-vm-printserver.env
diff --git a/flightctl/apps/hyperv-migration/etc/flightctl/hooks.d/afterupdating/30-hyperv-migration.yaml b/flightctl/apps/hyperv-migration/etc/flightctl/hooks.d/afterupdating/30-hyperv-migration.yaml
new file mode 100644
index 0000000..9428255
--- /dev/null
+++ b/flightctl/apps/hyperv-migration/etc/flightctl/hooks.d/afterupdating/30-hyperv-migration.yaml
@@ -0,0 +1,5 @@
+- if:
+  - path: /etc/default/migrate-vm-printserver.env
+    op: [created, updated]
+  run: /bin/sh -Eeuo pipefail -c 'systemctl enable migrate-vm@printserver.service ; systemctl restart migrate-vm@printserver.service'
+  timeout: 5m
diff --git a/flightctl/apps/hyperv-migration/etc/flightctl/hooks.d/beforeupdating/30-hyperv-migration.yaml b/flightctl/apps/hyperv-migration/etc/flightctl/hooks.d/beforeupdating/30-hyperv-migration.yaml
new file mode 100644
index 0000000..ddf1e21
--- /dev/null
+++ b/flightctl/apps/hyperv-migration/etc/flightctl/hooks.d/beforeupdating/30-hyperv-migration.yaml
@@ -0,0 +1,5 @@
+- if:
+  - path: /etc/default/migrate-vm-printserver.env
+    op: [removed]
+  run: /bin/sh -c 'if [ -f /etc/systemd/system/migrate-vm@.service ]; then systemctl stop migrate-vm@printserver.service ; systemctl disable migrate-vm@printserver.service ; fi'
+  timeout: 5m
diff --git a/bootc/scenario2/root/etc/greenboot/check/required.d/30_printserver_check.sh b/flightctl/apps/hyperv-migration/etc/greenboot/check/required.d/30_printserver_check.sh
similarity index 100%
rename from bootc/scenario2/root/etc/greenboot/check/required.d/30_printserver_check.sh
rename to flightctl/apps/hyperv-migration/etc/greenboot/check/required.d/30_printserver_check.sh
diff --git a/bootc/scenario2/root/etc/systemd/system/migrate-vm@.service b/flightctl/apps/hyperv-migration/etc/systemd/system/migrate-vm@.service
similarity index 100%
rename from bootc/scenario2/root/etc/systemd/system/migrate-vm@.service
rename to flightctl/apps/hyperv-migration/etc/systemd/system/migrate-vm@.service
diff --git a/bootc/scenario2/root/usr/local/bin/migrate-vm.sh b/flightctl/apps/hyperv-migration/usr/local/bin/migrate-vm.sh
similarity index 100%
rename from bootc/scenario2/root/usr/local/bin/migrate-vm.sh
rename to flightctl/apps/hyperv-migration/usr/local/bin/migrate-vm.sh
diff --git a/bootc/scenario1/root/etc/containers/systemd/nextcloud-app.container b/flightctl/apps/nextcloud/etc/containers/systemd/nextcloud-app.container
similarity index 79%
rename from bootc/scenario1/root/etc/containers/systemd/nextcloud-app.container
rename to flightctl/apps/nextcloud/etc/containers/systemd/nextcloud-app.container
index 6bdc359..edb9bd2 100644
--- a/bootc/scenario1/root/etc/containers/systemd/nextcloud-app.container
+++ b/flightctl/apps/nextcloud/etc/containers/systemd/nextcloud-app.container
@@ -8,7 +8,7 @@ Requires=nextcloud-db.service nextcloud-redis.service
 After=nextcloud-db.service nextcloud-redis.service
 
 # Only start if Nextcloud has been configured
-ConditionPathExists=/etc/containers/systemd/configs/nextcloud-config.env
+ConditionPathExists=/etc/containers/systemd/nextcloud/nextcloud-config.env
 
 # Start/stop this unit when the target is started/stopped
 PartOf=nextcloud.target
@@ -25,8 +25,8 @@ Network=host
 AddCapability=CAP_NET_BIND_SERVICE
 
 # Environment variables from secrets and config
-EnvironmentFile=/etc/containers/systemd/configs/nextcloud-app.env
-EnvironmentFile=/etc/containers/systemd/configs/nextcloud-config.env
+EnvironmentFile=/etc/containers/systemd/nextcloud/nextcloud-app.env
+EnvironmentFile=/etc/containers/systemd/nextcloud/nextcloud-config.env
 
 # Volume mounts
 Volume=/var/lib/nextcloud/data:/var/www/html:z
@@ -48,8 +48,8 @@ TimeoutStopSec=30
 
 # Skaffold filesystem + fix permissions
 ExecStartPre=/bin/bash -Eeuo pipefail -c 'install -m 0700 -o 82 -g 82 -d /var/lib/nextcloud/data /var/lib/nextcloud/config ; \
-  install -m 0700 -o 82 -g 82 /etc/containers/systemd/configs/www.conf /var/lib/nextcloud/config/www.conf ; \
-  install -m 0700 -o 82 -g 82 /etc/containers/systemd/configs/redis-session.ini /var/lib/nextcloud/config/redis-session.ini'
+  install -m 0700 -o 82 -g 82 /etc/containers/systemd/nextcloud/www.conf /var/lib/nextcloud/config/www.conf ; \
+  install -m 0700 -o 82 -g 82 /etc/containers/systemd/nextcloud/redis-session.ini /var/lib/nextcloud/config/redis-session.ini'
 
 # Wait for PostgreSQL to be ready
 ExecStartPre=/bin/sh -c 'exec 2>/dev/null; for try in $(seq 0 12); do if ! /bin/true 5<> /dev/tcp/127.0.0.1/5432; then echo "Waiting for PostgreSQL to be available..."; sleep 5; else exit 0; fi; done; exit 1'
diff --git a/bootc/scenario1/root/etc/containers/systemd/nextcloud-db.container b/flightctl/apps/nextcloud/etc/containers/systemd/nextcloud-db.container
similarity index 77%
rename from bootc/scenario1/root/etc/containers/systemd/nextcloud-db.container
rename to flightctl/apps/nextcloud/etc/containers/systemd/nextcloud-db.container
index bdad765..f118f77 100644
--- a/bootc/scenario1/root/etc/containers/systemd/nextcloud-db.container
+++ b/flightctl/apps/nextcloud/etc/containers/systemd/nextcloud-db.container
@@ -4,7 +4,7 @@ Documentation=https://www.postgresql.org/
 After=network.target
 
 # Only start if Nextcloud has been configured
-ConditionPathExists=/etc/containers/systemd/configs/nextcloud-config.env
+ConditionPathExists=/etc/containers/systemd/nextcloud/nextcloud-config.env
 
 # Start/stop this unit when the target is started/stopped
 PartOf=nextcloud.target
@@ -17,10 +17,10 @@ Image=docker.io/library/postgres:17-alpine
 Network=host
 
 # Environment variables from config
-EnvironmentFile=/etc/containers/systemd/configs/nextcloud-db.env
+EnvironmentFile=/etc/containers/systemd/nextcloud/nextcloud-db.env
 
 # Volume mounts
-Volume=/var/lib/postgresql/data:/var/lib/postgresql/data:Z
+Volume=/var/lib/postgresql/data-nextcloud:/var/lib/postgresql/data:Z
 
 # Health check
 HealthCmd=pg_isready -U nextcloud -d nextcloud
@@ -36,7 +36,7 @@ TimeoutStartSec=120
 TimeoutStopSec=30
 
 # Skaffold filesystem + fix permissions
-ExecStartPre=install -m 0700 -o 70 -g 70 -d /var/lib/postgresql/data
+ExecStartPre=install -m 0700 -o 70 -g 70 -d /var/lib/postgresql/data-nextcloud
 
 [Install]
 WantedBy=nextcloud.target
diff --git a/bootc/scenario1/root/etc/containers/systemd/nextcloud-nginx.container b/flightctl/apps/nextcloud/etc/containers/systemd/nextcloud-nginx.container
similarity index 84%
rename from bootc/scenario1/root/etc/containers/systemd/nextcloud-nginx.container
rename to flightctl/apps/nextcloud/etc/containers/systemd/nextcloud-nginx.container
index 0d0afea..88764b0 100644
--- a/bootc/scenario1/root/etc/containers/systemd/nextcloud-nginx.container
+++ b/flightctl/apps/nextcloud/etc/containers/systemd/nextcloud-nginx.container
@@ -4,7 +4,7 @@ Documentation=https://nextcloud.com/
 After=network.target
 
 # Only start if Nextcloud has been configured
-ConditionPathExists=/etc/containers/systemd/configs/nextcloud-config.env
+ConditionPathExists=/etc/containers/systemd/nextcloud/nextcloud-config.env
 
 # Start/stop this unit when the target is started/stopped
 PartOf=nextcloud.target
@@ -22,7 +22,7 @@ User=82:82
 
 # Volume mounts
 Volume=/var/lib/nextcloud/data:/var/www/html:z
-Volume=/etc/containers/systemd/configs/nginx.conf:/etc/nginx/nginx.conf:ro
+Volume=/etc/containers/systemd/nextcloud/nginx.conf:/etc/nginx/nginx.conf:ro
 
 # Health check (equivalent to readiness probe)
 HealthCmd=curl -f http://localhost:80/status.php
diff --git a/bootc/scenario1/root/etc/containers/systemd/nextcloud-redis.container b/flightctl/apps/nextcloud/etc/containers/systemd/nextcloud-redis.container
similarity index 79%
rename from bootc/scenario1/root/etc/containers/systemd/nextcloud-redis.container
rename to flightctl/apps/nextcloud/etc/containers/systemd/nextcloud-redis.container
index 6df040d..3296dda 100644
--- a/bootc/scenario1/root/etc/containers/systemd/nextcloud-redis.container
+++ b/flightctl/apps/nextcloud/etc/containers/systemd/nextcloud-redis.container
@@ -4,7 +4,7 @@ Documentation=https://redis.io/
 After=network.target 
 
 # Only start if Nextcloud has been configured
-ConditionPathExists=/etc/containers/systemd/configs/nextcloud-config.env
+ConditionPathExists=/etc/containers/systemd/nextcloud/nextcloud-config.env
 
 # Start/stop this unit when the target is started/stopped
 PartOf=nextcloud.target
@@ -20,11 +20,11 @@ Network=host
 Exec=redis-server /usr/local/etc/redis/redis.conf
 
 # Environment variables
-EnvironmentFile=/etc/containers/systemd/configs/nextcloud-redis.env
+EnvironmentFile=/etc/containers/systemd/nextcloud/nextcloud-redis.env
 
 # Volume mounts for data persistence
 Volume=/var/lib/redis:/data:Z
-Volume=/etc/containers/systemd/configs/redis.conf:/usr/local/etc/redis/redis.conf:ro
+Volume=/etc/containers/systemd/nextcloud/redis.conf:/usr/local/etc/redis/redis.conf:ro
 
 # Health check
 HealthCmd=redis-cli ping | grep -q PONG
diff --git a/bootc/scenario1/root/etc/containers/systemd/configs/nextcloud-app.env b/flightctl/apps/nextcloud/etc/containers/systemd/nextcloud/nextcloud-app.env
similarity index 100%
rename from bootc/scenario1/root/etc/containers/systemd/configs/nextcloud-app.env
rename to flightctl/apps/nextcloud/etc/containers/systemd/nextcloud/nextcloud-app.env
diff --git a/bootc/scenario1/root/etc/containers/systemd/configs/nextcloud-config.env.tmpl b/flightctl/apps/nextcloud/etc/containers/systemd/nextcloud/nextcloud-config.env.tmpl
similarity index 100%
rename from bootc/scenario1/root/etc/containers/systemd/configs/nextcloud-config.env.tmpl
rename to flightctl/apps/nextcloud/etc/containers/systemd/nextcloud/nextcloud-config.env.tmpl
diff --git a/bootc/scenario1/root/etc/containers/systemd/configs/nextcloud-db.env b/flightctl/apps/nextcloud/etc/containers/systemd/nextcloud/nextcloud-db.env
similarity index 100%
rename from bootc/scenario1/root/etc/containers/systemd/configs/nextcloud-db.env
rename to flightctl/apps/nextcloud/etc/containers/systemd/nextcloud/nextcloud-db.env
diff --git a/bootc/scenario1/root/etc/containers/systemd/configs/nextcloud-redis.env b/flightctl/apps/nextcloud/etc/containers/systemd/nextcloud/nextcloud-redis.env
similarity index 100%
rename from bootc/scenario1/root/etc/containers/systemd/configs/nextcloud-redis.env
rename to flightctl/apps/nextcloud/etc/containers/systemd/nextcloud/nextcloud-redis.env
diff --git a/bootc/scenario1/root/etc/containers/systemd/configs/nginx.conf b/flightctl/apps/nextcloud/etc/containers/systemd/nextcloud/nginx.conf
similarity index 100%
rename from bootc/scenario1/root/etc/containers/systemd/configs/nginx.conf
rename to flightctl/apps/nextcloud/etc/containers/systemd/nextcloud/nginx.conf
diff --git a/flightctl/apps/nextcloud/etc/containers/systemd/nextcloud/redis-session.ini b/flightctl/apps/nextcloud/etc/containers/systemd/nextcloud/redis-session.ini
new file mode 100644
index 0000000..e69de29
diff --git a/bootc/scenario1/root/etc/containers/systemd/configs/redis.conf b/flightctl/apps/nextcloud/etc/containers/systemd/nextcloud/redis.conf
similarity index 100%
rename from bootc/scenario1/root/etc/containers/systemd/configs/redis.conf
rename to flightctl/apps/nextcloud/etc/containers/systemd/nextcloud/redis.conf
diff --git a/bootc/scenario1/root/etc/containers/systemd/configs/www.conf b/flightctl/apps/nextcloud/etc/containers/systemd/nextcloud/www.conf
similarity index 100%
rename from bootc/scenario1/root/etc/containers/systemd/configs/www.conf
rename to flightctl/apps/nextcloud/etc/containers/systemd/nextcloud/www.conf
diff --git a/flightctl/apps/nextcloud/etc/flightctl/hooks.d/afterupdating/30-nextcloud.yaml b/flightctl/apps/nextcloud/etc/flightctl/hooks.d/afterupdating/30-nextcloud.yaml
new file mode 100644
index 0000000..879bd66
--- /dev/null
+++ b/flightctl/apps/nextcloud/etc/flightctl/hooks.d/afterupdating/30-nextcloud.yaml
@@ -0,0 +1,5 @@
+- if:
+  - path: /etc/containers/systemd/nextcloud/nextcloud-config.env
+    op: [created, updated]
+  run: /bin/sh -Eeuo pipefail -c 'systemctl enable nextcloud.target ; systemctl restart nextcloud.target'
+  timeout: 5m
diff --git a/flightctl/apps/nextcloud/etc/flightctl/hooks.d/beforeupdating/30-nextcloud.yaml b/flightctl/apps/nextcloud/etc/flightctl/hooks.d/beforeupdating/30-nextcloud.yaml
new file mode 100644
index 0000000..e371d48
--- /dev/null
+++ b/flightctl/apps/nextcloud/etc/flightctl/hooks.d/beforeupdating/30-nextcloud.yaml
@@ -0,0 +1,5 @@
+- if:
+  - path: /etc/containers/systemd/nextcloud/nextcloud-config.env
+    op: [removed]
+  run: /bin/sh -c 'if [ -f /etc/systemd/system/nextcloud.target ]; then systemctl stop nextcloud.target ; systemctl disable nextcloud.target ; fi'
+  timeout: 5m
diff --git a/bootc/scenario1/root/etc/greenboot/check/required.d/30_nextcloud_check.sh b/flightctl/apps/nextcloud/etc/greenboot/check/required.d/30_nextcloud_check.sh
similarity index 100%
rename from bootc/scenario1/root/etc/greenboot/check/required.d/30_nextcloud_check.sh
rename to flightctl/apps/nextcloud/etc/greenboot/check/required.d/30_nextcloud_check.sh
diff --git a/bootc/scenario1/root/etc/systemd/system/nextcloud.target b/flightctl/apps/nextcloud/etc/systemd/system/nextcloud.target
similarity index 100%
rename from bootc/scenario1/root/etc/systemd/system/nextcloud.target
rename to flightctl/apps/nextcloud/etc/systemd/system/nextcloud.target
diff --git a/bootc/scenario4/root/etc/containers/systemd/odoo-app.container b/flightctl/apps/odoo/etc/containers/systemd/odoo-app.container
similarity index 90%
rename from bootc/scenario4/root/etc/containers/systemd/odoo-app.container
rename to flightctl/apps/odoo/etc/containers/systemd/odoo-app.container
index 0024bbd..a3b1779 100644
--- a/bootc/scenario4/root/etc/containers/systemd/odoo-app.container
+++ b/flightctl/apps/odoo/etc/containers/systemd/odoo-app.container
@@ -7,7 +7,7 @@ Requires=odoo-init.service odoo-db.service
 After=odoo-init.service odoo-db.service
 
 # Only start if Odoo has been configured
-ConditionPathExists=/etc/containers/systemd/configs/odoo-config.env
+ConditionPathExists=/etc/containers/systemd/odoo/odoo-config.env
 
 # Only start if initialization has completed
 ConditionPathExists=/var/lib/odoo/initialized
@@ -43,7 +43,7 @@ TimeoutStartSec=600
 TimeoutStopSec=30
 
 # Wait for PostgreSQL to be ready
-ExecStartPre=/bin/sh -c 'exec 2>/dev/null; for try in $(seq 0 12); do if ! /bin/true 5<> /dev/tcp/127.0.0.1/5432; then echo "Waiting for PostgreSQL to be available..."; sleep 5; else exit 0; fi; done; exit 1'
+ExecStartPre=/bin/sh -c 'exec 2>/dev/null; for try in $(seq 0 12); do if ! /bin/true 5<> /dev/tcp/127.0.0.1/5433; then echo "Waiting for PostgreSQL to be available..."; sleep 5; else exit 0; fi; done; exit 1'
 
 [Install]
 WantedBy=odoo.target
diff --git a/bootc/scenario4/root/etc/containers/systemd/odoo-db.container b/flightctl/apps/odoo/etc/containers/systemd/odoo-db.container
similarity index 74%
rename from bootc/scenario4/root/etc/containers/systemd/odoo-db.container
rename to flightctl/apps/odoo/etc/containers/systemd/odoo-db.container
index da7990c..ae18796 100644
--- a/bootc/scenario4/root/etc/containers/systemd/odoo-db.container
+++ b/flightctl/apps/odoo/etc/containers/systemd/odoo-db.container
@@ -4,7 +4,7 @@ Documentation=https://www.postgresql.org/
 After=network.target
 
 # Only start if Odoo has been configured
-ConditionPathExists=/etc/containers/systemd/configs/odoo-config.env
+ConditionPathExists=/etc/containers/systemd/odoo/odoo-config.env
 
 # Start/stop this unit when the target is started/stopped
 PartOf=odoo.target
@@ -17,13 +17,13 @@ Image=docker.io/library/postgres:17-alpine
 Network=host
 
 # Environment variables from config
-EnvironmentFile=/etc/containers/systemd/configs/odoo-db.env
+EnvironmentFile=/etc/containers/systemd/odoo/odoo-db.env
 
 # Volume mounts
-Volume=/var/lib/postgresql/data:/var/lib/postgresql/data:Z
+Volume=/var/lib/postgresql/data-odoo:/var/lib/postgresql/data:Z
 
 # Health check
-HealthCmd=pg_isready -U odoo -d postgres
+HealthCmd=pg_isready -U odoo -d postgres -p 5433
 HealthInterval=30s
 HealthTimeout=10s
 HealthStartPeriod=60s
@@ -36,7 +36,7 @@ TimeoutStartSec=120
 TimeoutStopSec=30
 
 # Skaffold filesystem + fix permissions
-ExecStartPre=install -m 0700 -o 70 -g 70 -d /var/lib/postgresql/data
+ExecStartPre=install -m 0700 -o 70 -g 70 -d /var/lib/postgresql/data-odoo
 
 [Install]
 WantedBy=odoo.target
diff --git a/bootc/scenario4/root/etc/containers/systemd/odoo-init.container b/flightctl/apps/odoo/etc/containers/systemd/odoo-init.container
similarity index 86%
rename from bootc/scenario4/root/etc/containers/systemd/odoo-init.container
rename to flightctl/apps/odoo/etc/containers/systemd/odoo-init.container
index 0fe2ae3..3ce3afb 100644
--- a/bootc/scenario4/root/etc/containers/systemd/odoo-init.container
+++ b/flightctl/apps/odoo/etc/containers/systemd/odoo-init.container
@@ -7,7 +7,7 @@ After=odoo-db.service
 Before=odoo-app.service
 
 # Only start if Odoo has been configured
-ConditionPathExists=/etc/containers/systemd/configs/odoo-config.env
+ConditionPathExists=/etc/containers/systemd/odoo/odoo-config.env
 
 # Prevent running if already initialized
 ConditionPathExists=!/var/lib/odoo/initialized
@@ -24,7 +24,7 @@ Network=host
 AddCapability=CAP_NET_BIND_SERVICE
 
 # Environment variables from secrets and config
-EnvironmentFile=/etc/containers/systemd/configs/odoo-config.env
+EnvironmentFile=/etc/containers/systemd/odoo/odoo-config.env
 
 # Volume mounts
 Volume=/etc/odoo:/etc/odoo:ro
@@ -48,7 +48,7 @@ ExecStartPost=/bin/touch /var/lib/odoo/initialized
 ExecStartPre=install -m 0700 -o 101 -g 101 -d /var/lib/odoo/data /var/lib/odoo/addons /var/log/odoo
 
 # Wait for PostgreSQL to be ready
-ExecStartPre=/bin/sh -c 'exec 2>/dev/null; for try in $(seq 0 12); do if ! /bin/true 5<> /dev/tcp/127.0.0.1/5432; then echo "Waiting for PostgreSQL to be available..."; sleep 5; else exit 0; fi; done; exit 1'
+ExecStartPre=/bin/sh -c 'exec 2>/dev/null; for try in $(seq 0 12); do if ! /bin/true 5<> /dev/tcp/127.0.0.1/5433; then echo "Waiting for PostgreSQL to be available..."; sleep 5; else exit 0; fi; done; exit 1'
 
 [Install]
 WantedBy=odoo.target
diff --git a/bootc/scenario4/root/etc/containers/systemd/configs/odoo-config.env.tmpl b/flightctl/apps/odoo/etc/containers/systemd/odoo/odoo-config.env.tmpl
similarity index 100%
rename from bootc/scenario4/root/etc/containers/systemd/configs/odoo-config.env.tmpl
rename to flightctl/apps/odoo/etc/containers/systemd/odoo/odoo-config.env.tmpl
diff --git a/bootc/scenario4/root/etc/containers/systemd/configs/odoo-db.env b/flightctl/apps/odoo/etc/containers/systemd/odoo/odoo-db.env
similarity index 92%
rename from bootc/scenario4/root/etc/containers/systemd/configs/odoo-db.env
rename to flightctl/apps/odoo/etc/containers/systemd/odoo/odoo-db.env
index d77dc61..25c6342 100644
--- a/bootc/scenario4/root/etc/containers/systemd/configs/odoo-db.env
+++ b/flightctl/apps/odoo/etc/containers/systemd/odoo/odoo-db.env
@@ -3,3 +3,4 @@ POSTGRES_PASSWORD=odoo
 POSTGRES_DB=postgres
 POSTGRES_HOST_AUTH_METHOD=scram-sha-256
 POSTGRES_INITDB_ARGS=--auth-host=scram-sha-256
+PGPORT=5433
diff --git a/flightctl/apps/odoo/etc/flightctl/hooks.d/afterupdating/30-odoo.yaml b/flightctl/apps/odoo/etc/flightctl/hooks.d/afterupdating/30-odoo.yaml
new file mode 100644
index 0000000..f81372f
--- /dev/null
+++ b/flightctl/apps/odoo/etc/flightctl/hooks.d/afterupdating/30-odoo.yaml
@@ -0,0 +1,5 @@
+- if:
+  - path: /etc/containers/systemd/odoo/odoo-config.env
+    op: [created, updated]
+  run: /bin/sh -Eeuo pipefail -c 'systemctl enable odoo.target ; systemctl restart odoo.target'
+  timeout: 5m
diff --git a/flightctl/apps/odoo/etc/flightctl/hooks.d/beforeupdating/30-odoo.yaml b/flightctl/apps/odoo/etc/flightctl/hooks.d/beforeupdating/30-odoo.yaml
new file mode 100644
index 0000000..6e33f25
--- /dev/null
+++ b/flightctl/apps/odoo/etc/flightctl/hooks.d/beforeupdating/30-odoo.yaml
@@ -0,0 +1,5 @@
+- if:
+  - path: /etc/containers/systemd/odoo/odoo-config.env
+    op: [removed]
+  run: /bin/sh -c 'if [ -f /etc/systemd/system/odoo.target ]; then systemctl stop odoo.target ; systemctl disable odoo.target ; fi'
+  timeout: 5m
diff --git a/bootc/scenario4/root/etc/greenboot/check/required.d/30_odoo_check.sh b/flightctl/apps/odoo/etc/greenboot/check/required.d/30_odoo_check.sh
similarity index 100%
rename from bootc/scenario4/root/etc/greenboot/check/required.d/30_odoo_check.sh
rename to flightctl/apps/odoo/etc/greenboot/check/required.d/30_odoo_check.sh
diff --git a/bootc/scenario4/root/etc/odoo/init.sh b/flightctl/apps/odoo/etc/odoo/init.sh
similarity index 100%
rename from bootc/scenario4/root/etc/odoo/init.sh
rename to flightctl/apps/odoo/etc/odoo/init.sh
diff --git a/bootc/scenario4/root/etc/odoo/odoo.conf b/flightctl/apps/odoo/etc/odoo/odoo.conf
similarity index 100%
rename from bootc/scenario4/root/etc/odoo/odoo.conf
rename to flightctl/apps/odoo/etc/odoo/odoo.conf
diff --git a/bootc/scenario4/root/etc/systemd/system/odoo.target b/flightctl/apps/odoo/etc/systemd/system/odoo.target
similarity index 100%
rename from bootc/scenario4/root/etc/systemd/system/odoo.target
rename to flightctl/apps/odoo/etc/systemd/system/odoo.target
diff --git a/flightctl/fleets.yaml b/flightctl/fleets.yaml
index 1f340b2..019c9a9 100644
--- a/flightctl/fleets.yaml
+++ b/flightctl/fleets.yaml
@@ -1,29 +1,5 @@
 apiVersion: flightctl.io/v1alpha1
 kind: Fleet
-metadata:
-  annotations: {}
-  labels:
-    scenario: 'base'
-  name: base
-spec:
-  selector:
-    matchLabels:
-      scenario: 'base'
-  template:
-    metadata:
-      labels:
-        fleet: base
-    spec:
-      applications: []
-      config: []
-      os:
-        image: edge-registry.itix.fr/demo-edge-retail/base:latest
-      systemd:
-        matchPatterns:
-          - greenboot-healthcheck.service
----
-apiVersion: flightctl.io/v1alpha1
-kind: Fleet
 metadata:
   annotations: {}
   labels:
diff --git a/flightctl/scenario1/sites/default/etc/motd.d/unconfigured b/flightctl/fleets/baremetal/sites/default/etc/motd.d/unconfigured
similarity index 100%
rename from flightctl/scenario1/sites/default/etc/motd.d/unconfigured
rename to flightctl/fleets/baremetal/sites/default/etc/motd.d/unconfigured
diff --git a/flightctl/scenario1/sites/paris-wagram/etc/containers/systemd/configs/nextcloud-config.env b/flightctl/fleets/baremetal/sites/paris-wagram/etc/containers/systemd/configs/nextcloud-config.env
similarity index 100%
rename from flightctl/scenario1/sites/paris-wagram/etc/containers/systemd/configs/nextcloud-config.env
rename to flightctl/fleets/baremetal/sites/paris-wagram/etc/containers/systemd/configs/nextcloud-config.env
diff --git a/flightctl/scenario3a/sites/paris-wagram/etc/containers/systemd/configs/odoo-config.env b/flightctl/fleets/baremetal/sites/paris-wagram/etc/containers/systemd/configs/odoo-config.env
similarity index 100%
rename from flightctl/scenario3a/sites/paris-wagram/etc/containers/systemd/configs/odoo-config.env
rename to flightctl/fleets/baremetal/sites/paris-wagram/etc/containers/systemd/configs/odoo-config.env
diff --git a/flightctl/scenario1/sites/villeneuve-d-ascq/etc/containers/systemd/configs/nextcloud-config.env b/flightctl/fleets/baremetal/sites/villeneuve-d-ascq/etc/containers/systemd/configs/nextcloud-config.env
similarity index 100%
rename from flightctl/scenario1/sites/villeneuve-d-ascq/etc/containers/systemd/configs/nextcloud-config.env
rename to flightctl/fleets/baremetal/sites/villeneuve-d-ascq/etc/containers/systemd/configs/nextcloud-config.env
diff --git a/flightctl/scenario3a/sites/villeneuve-d-ascq/etc/containers/systemd/configs/odoo-config.env b/flightctl/fleets/baremetal/sites/villeneuve-d-ascq/etc/containers/systemd/configs/odoo-config.env
similarity index 100%
rename from flightctl/scenario3a/sites/villeneuve-d-ascq/etc/containers/systemd/configs/odoo-config.env
rename to flightctl/fleets/baremetal/sites/villeneuve-d-ascq/etc/containers/systemd/configs/odoo-config.env
diff --git a/flightctl/scenario3a/sites/default/etc/motd.d/unconfigured b/flightctl/fleets/virtualmachines/sites/default/etc/motd.d/unconfigured
similarity index 100%
rename from flightctl/scenario3a/sites/default/etc/motd.d/unconfigured
rename to flightctl/fleets/virtualmachines/sites/default/etc/motd.d/unconfigured
diff --git a/flightctl/fleets/virtualmachines/sites/paris-wagram/etc/containers/systemd/configs/nextcloud-config.env b/flightctl/fleets/virtualmachines/sites/paris-wagram/etc/containers/systemd/configs/nextcloud-config.env
new file mode 100644
index 0000000..32c81ad
--- /dev/null
+++ b/flightctl/fleets/virtualmachines/sites/paris-wagram/etc/containers/systemd/configs/nextcloud-config.env
@@ -0,0 +1,16 @@
+##
+## Nextcloud Configuration Environment Variables
+##
+
+# Nextcloud domain configuration
+NEXTCLOUD_TRUSTED_DOMAINS=optiplex-7000.itix.fr
+OVERWRITEHOST=optiplex-7000.itix.fr
+OVERWRITEPROTOCOL=http
+OVERWRITECLIURL=http://optiplex-7000.itix.fr
+
+# Nextcloud admin credentials
+NEXTCLOUD_ADMIN_USER=admin
+NEXTCLOUD_ADMIN_PASSWORD=nextcloud
+
+# Nextcloud server info token
+NEXTCLOUD_SERVERINFO_TOKEN=S3cr3t!
diff --git a/flightctl/fleets/virtualmachines/sites/villeneuve-d-ascq/etc/containers/systemd/configs/nextcloud-config.env b/flightctl/fleets/virtualmachines/sites/villeneuve-d-ascq/etc/containers/systemd/configs/nextcloud-config.env
new file mode 100644
index 0000000..eca8888
--- /dev/null
+++ b/flightctl/fleets/virtualmachines/sites/villeneuve-d-ascq/etc/containers/systemd/configs/nextcloud-config.env
@@ -0,0 +1,16 @@
+##
+## Nextcloud Configuration Environment Variables
+##
+
+# Nextcloud domain configuration
+NEXTCLOUD_TRUSTED_DOMAINS=adlink-dlap-4001.itix.fr
+OVERWRITEHOST=adlink-dlap-4001.itix.fr
+OVERWRITEPROTOCOL=http
+OVERWRITECLIURL=http://adlink-dlap-4001.itix.fr
+
+# Nextcloud admin credentials
+NEXTCLOUD_ADMIN_USER=admin
+NEXTCLOUD_ADMIN_PASSWORD=nextcloud
+
+# Nextcloud server info token
+NEXTCLOUD_SERVERINFO_TOKEN=S3cr3t!
diff --git a/flightctl/scenario4/sites/default/etc/motd.d/unconfigured b/flightctl/scenario4/sites/default/etc/motd.d/unconfigured
deleted file mode 100644
index af8dfa1..0000000
--- a/flightctl/scenario4/sites/default/etc/motd.d/unconfigured
+++ /dev/null
@@ -1,6 +0,0 @@
-
-
-HEADS UP !!!
-
-This system is not configured !
-
diff --git a/flightctl/scenario4/sites/paris-wagram/etc/containers/systemd/configs/odoo-config.env b/flightctl/scenario4/sites/paris-wagram/etc/containers/systemd/configs/odoo-config.env
deleted file mode 100644
index b70e44c..0000000
--- a/flightctl/scenario4/sites/paris-wagram/etc/containers/systemd/configs/odoo-config.env
+++ /dev/null
@@ -1,4 +0,0 @@
-DATABASE=redhat
-ADMIN_PASSWORD=R3dH4t!
-RIBBON_COLOR=rgba(255,0,0,.6)
-RIBBON_NAME=Paris Wagram<br/>({db_name})
diff --git a/flightctl/scenario4/sites/villeneuve-d-ascq/etc/containers/systemd/configs/odoo-config.env b/flightctl/scenario4/sites/villeneuve-d-ascq/etc/containers/systemd/configs/odoo-config.env
deleted file mode 100644
index efa44bf..0000000
--- a/flightctl/scenario4/sites/villeneuve-d-ascq/etc/containers/systemd/configs/odoo-config.env
+++ /dev/null
@@ -1,4 +0,0 @@
-DATABASE=redhat
-ADMIN_PASSWORD=R3dH4t!
-RIBBON_COLOR=rgba(0,0,255,.6)
-RIBBON_NAME=Villeneuve d'Ascq<br/>({db_name})
diff --git a/pxe-boot/install.sh b/pxe-boot/install.sh
index c1c945d..42bcf7e 100755
--- a/pxe-boot/install.sh
+++ b/pxe-boot/install.sh
@@ -42,26 +42,20 @@ function install_directories() {
     done
 }
 
-
-
 # This function templates a kickstart file by replacing placeholders with actual values.
 # The templates are located in the www/ks directory.
 # The output files are written to /var/www/ks.
 # The placeholders are in the format expected by envsubst.
-# For each template file, eight versions are created: base + scenario{1,2,3a,3b,4,5,6}.
-# The output files are named as /var/www/ks/<template>/<scenario>.ks.
+# The output files are named as /var/www/ks/<template>/baremetal.ks.
 function template_kickstart_files() {
     local templates_dir="${SCRIPT_DIR}/www/ks"
     local output_dir="/var/www/ks"
-    local scenarios=("base" "scenario1" "scenario2" "scenario3a" "scenario3b" "scenario4" "scenario5" "scenario6")
 
     for template in "$templates_dir"/*.ks; do
         local template_name="$(basename "$template" .ks)"
 
-        for scenario in "${scenarios[@]}"; do
-            install -d -m 0755 -o root -g root -Z "$output_dir/${template_name}"
-            template_kickstart_file "$template" "$scenario"
-        done
+        install -d -m 0755 -o root -g root -Z "$output_dir/${template_name}"
+        template_kickstart_file "$template" "edge-registry.itix.fr/demo-edge-retail/baremetal:latest"
     done
 }
 
@@ -70,19 +64,19 @@ function template_kickstart_files() {
 # It uses envsubst to replace placeholders with actual values.
 function template_kickstart_file () {
     local template="$1"
-    local scenario="$2"
+    local bootc_image="$2"
     local template_name="$(basename "$template" .ks)"
-    local output_file="$output_dir/${template_name}/${scenario}.ks"
+    local output_file="$output_dir/${template_name}/${type}.ks"
 
     echo "Templating $template_name to $output_file"
     (
-        export SCENARIO_NAME="$scenario"
+        export BOOTC_IMAGE="$bootc_image"
         if [ -f "auth.json" ]; then
             export AUTH_JSON_CONTENT="$(cat auth.json)"
         fi
         if [ -f "config.yaml" ]; then
             declare -n device_labels=${mac_labels[$template_name]}
-            local labels_json="{ \"scenario\": \"$scenario\""
+            local labels_json="{ \"demo\": \"retail\""
             for label in "${!device_labels[@]}"; do
                 labels_json+=", \"$label\": \"${device_labels[$label]}\""
             done
@@ -90,7 +84,7 @@ function template_kickstart_file () {
             export FLIGHTCTL_CONFIG_CONTENT="$(yq e ".default-labels += $labels_json" config.yaml)"
         fi
         envsubst < "$template" > "/tmp/tmp.$$.ks"
-        declare +x AUTH_JSON_CONTENT FLIGHTCTL_CONFIG_CONTENT SCENARIO_NAME
+        declare +x AUTH_JSON_CONTENT FLIGHTCTL_CONFIG_CONTENT BOOTC_IMAGE
     )
     install -m 0644 -o root -g root "/tmp/tmp.$$.ks" "$output_file"
 }
diff --git a/pxe-boot/tftpboot/menu.ipxe b/pxe-boot/tftpboot/menu.ipxe
index 1a50e1c..c6edf1e 100644
--- a/pxe-boot/tftpboot/menu.ipxe
+++ b/pxe-boot/tftpboot/menu.ipxe
@@ -4,14 +4,7 @@ isset ${menu_default} || set menu_default rhde
 isset ${menu_timeout} || set menu_timeout 30000
 
 menu iPXE Menu
-item --key 0 rhde                  [0] Install Red Hat Device Edge - Base
-item --key 1 rhde-scenario1        [1] Install Red Hat Device Edge - Scenario 1
-item --key 2 rhde-scenario2        [2] Install Red Hat Device Edge - Scenario 2
-item --key 3 rhde-scenario3a       [3] Install Red Hat Device Edge - Scenario 3a
-item --key 4 rhde-scenario4        [4] Install Red Hat Device Edge - Scenario 4
-item --key 5 rhde-scenario5        [5] Install Red Hat Device Edge - Scenario 5
-item --key 6 rhde-scenario6        [6] Install Red Hat Device Edge - Scenario 6
-item --key 7 rhde-scenario3b       [7] Install Red Hat Device Edge - Scenario 3b
+item --key 0 rhde-baremetal        [0] Install Red Hat Device Edge - Baremetal
 item
 item --key r reboot                [R] Reboot computer
 item --key x exit                  [X] Exit iPXE and continue BIOS boot
@@ -24,42 +17,8 @@ reboot
 :exit
 exit
 
-:rhde
+:rhde-baremetal
 initrd ${rhel9_url}/images/pxeboot/initrd.img
-kernel ${rhel9_url}/images/pxeboot/vmlinuz initrd=initrd.img ip=dhcp inst.repo=${rhel9_url} inst.ks=${kickstart_url}/base.ks ${rhde_options}
+kernel ${rhel9_url}/images/pxeboot/vmlinuz initrd=initrd.img ip=dhcp inst.repo=${rhel9_url} inst.ks=${kickstart_url}/baremetal.ks ${rhde_options}
 boot
 
-:rhde-scenario1
-initrd ${rhel9_url}/images/pxeboot/initrd.img
-kernel ${rhel9_url}/images/pxeboot/vmlinuz initrd=initrd.img ip=dhcp inst.repo=${rhel9_url} inst.ks=${kickstart_url}/scenario1.ks ${rhde_options}
-boot
-
-:rhde-scenario2
-initrd ${rhel9_url}/images/pxeboot/initrd.img
-kernel ${rhel9_url}/images/pxeboot/vmlinuz initrd=initrd.img ip=dhcp inst.repo=${rhel9_url} inst.ks=${kickstart_url}/scenario2.ks ${rhde_options}
-boot
-
-:rhde-scenario3a
-initrd ${rhel9_url}/images/pxeboot/initrd.img
-kernel ${rhel9_url}/images/pxeboot/vmlinuz initrd=initrd.img ip=dhcp inst.repo=${rhel9_url} inst.ks=${kickstart_url}/scenario3a.ks ${rhde_options}
-boot
-
-:rhde-scenario3b
-initrd ${rhel9_url}/images/pxeboot/initrd.img
-kernel ${rhel9_url}/images/pxeboot/vmlinuz initrd=initrd.img ip=dhcp inst.repo=${rhel9_url} inst.ks=${kickstart_url}/scenario3b.ks ${rhde_options}
-boot
-
-:rhde-scenario4
-initrd ${rhel9_url}/images/pxeboot/initrd.img
-kernel ${rhel9_url}/images/pxeboot/vmlinuz initrd=initrd.img ip=dhcp inst.repo=${rhel9_url} inst.ks=${kickstart_url}/scenario4.ks ${rhde_options}
-boot
-
-:rhde-scenario5
-initrd ${rhel9_url}/images/pxeboot/initrd.img
-kernel ${rhel9_url}/images/pxeboot/vmlinuz initrd=initrd.img ip=dhcp inst.repo=${rhel9_url} inst.ks=${kickstart_url}/scenario5.ks ${rhde_options}
-boot
-
-:rhde-scenario6
-initrd ${rhel9_url}/images/pxeboot/initrd.img
-kernel ${rhel9_url}/images/pxeboot/vmlinuz initrd=initrd.img ip=dhcp inst.repo=${rhel9_url} inst.ks=${kickstart_url}/scenario6.ks ${rhde_options}
-boot
diff --git a/pxe-boot/www/ks/mac-00190f440391.ks b/pxe-boot/www/ks/mac-00190f440391.ks
index c8a1a6c..8862d64 100644
--- a/pxe-boot/www/ks/mac-00190f440391.ks
+++ b/pxe-boot/www/ks/mac-00190f440391.ks
@@ -61,7 +61,7 @@ chmod 0600 /etc/ostree/auth.json
 ##
 
 rootpw --lock
-ostreecontainer --url="edge-registry.itix.fr/demo-edge-retail/${SCENARIO_NAME}:latest" --transport=registry --no-signature-verification
+ostreecontainer --url="${BOOTC_IMAGE}" --transport=registry --no-signature-verification
 
 ##
 ## Post-installation
diff --git a/pxe-boot/www/ks/mac-00be43ec5619.ks b/pxe-boot/www/ks/mac-00be43ec5619.ks
index a9156e0..cf6d472 100644
--- a/pxe-boot/www/ks/mac-00be43ec5619.ks
+++ b/pxe-boot/www/ks/mac-00be43ec5619.ks
@@ -61,7 +61,7 @@ chmod 0600 /etc/ostree/auth.json
 ##
 
 rootpw --lock
-ostreecontainer --url="edge-registry.itix.fr/demo-edge-retail/${SCENARIO_NAME}:latest" --transport=registry --no-signature-verification
+ostreecontainer --url="${BOOTC_IMAGE}" --transport=registry --no-signature-verification
 
 ##
 ## Post-installation