diff --git a/config/live/zipl.prm b/config/live/zipl.prm
deleted file mode 100644
index 56a2c07e8930f56d1b15b5888724ffac9f80dc41..0000000000000000000000000000000000000000
--- a/config/live/zipl.prm
+++ /dev/null
@@ -1 +0,0 @@
-@@KERNEL-ARGS@@ ignition.firstboot ignition.platform.id=metal
diff --git a/config/manifest.yaml b/config/manifest.yaml
deleted file mode 100644
index 98db1880656703630c6e8bb8804d1ade66af2563..0000000000000000000000000000000000000000
--- a/config/manifest.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-ref: openEuler/${basearch}/nestos/stable
-include: manifests/nestos.yaml
-
-releasever: "LTS"
-
-rojig:
-  license: MIT
-  name: nestos
-  summary: NestOS stable
-
-repos:
-  - nestos
-
-add-commit-metadata:
-  fedora-coreos.stream: stable
diff --git a/config/overlay.d/05core/usr/lib/systemd/system/rescue.service.d/coreos-sulogin-force.conf b/config/overlay.d/05core/usr/lib/systemd/system/rescue.service.d/coreos-sulogin-force.conf
deleted file mode 100644
index 7300c8593902dff6ef746caee742c7021873f8b9..0000000000000000000000000000000000000000
--- a/config/overlay.d/05core/usr/lib/systemd/system/rescue.service.d/coreos-sulogin-force.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-
-# https://github.com/systemd/systemd/pull/10397
-# We want things like `systemd.unit=emergency.target` and `single` on the 
-# kernel command line to just work even with our locked root account.
-# This file is used as an override for both emergency.target and rescue.target.
-[Service]
-Environment=SYSTEMD_SULOGIN_FORCE=1
diff --git a/config/overlay.d/08nouveau/etc/modprobe.d/blacklist-nouveau.conf b/config/overlay.d/08nouveau/etc/modprobe.d/blacklist-nouveau.conf
deleted file mode 100644
index 2ea53bda3a0d80cba884a20e9e2a4a5814197da7..0000000000000000000000000000000000000000
--- a/config/overlay.d/08nouveau/etc/modprobe.d/blacklist-nouveau.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-
-blacklist nouveau
diff --git a/config/overlay.d/09misc/usr/lib/tmpfiles.d/coreos-fix-etc-ownership.conf b/config/overlay.d/09misc/usr/lib/tmpfiles.d/coreos-fix-etc-ownership.conf
deleted file mode 100644
index 8d52ab0603f3d62d696bc83cb323dc8034b481b9..0000000000000000000000000000000000000000
--- a/config/overlay.d/09misc/usr/lib/tmpfiles.d/coreos-fix-etc-ownership.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-
-# Fix mode (chmod g-w) for existing files on the system during boot
-#z /etc/crypto-policies/state/current               644 root root
-#z /etc/group                                       644 root root
-#z /etc/group-                                      644 root root
-#z /etc/iscsi/initiatorname.iscsi                   644 root root
-#z /etc/passwd                                      644 root root
-#z /etc/passwd-                                     644 root root
-#z /etc/selinux/config                              644 root root
-#z /etc/ssh/sshd_config.d/40-disable-passwords.conf 644 root root
-#z /etc/systemd/dont-synthesize-nobody              644 root root
diff --git a/config/overlay.d/12kdump/usr/lib/systemd/system/kdump.service.d/remount-boot.conf b/config/overlay.d/12kdump/usr/lib/systemd/system/kdump.service.d/remount-boot.conf
deleted file mode 100644
index 10d437d8e01539a89526873906ce096962401375..0000000000000000000000000000000000000000
--- a/config/overlay.d/12kdump/usr/lib/systemd/system/kdump.service.d/remount-boot.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-
-# `/boot` is read-only, but `kdump.service` wants to 
-# places its generated initramfs alongside the default
-# initramfs under `/boot/ostree`.
-# Until `kdump` gains the ability to place its initramfs
-# elsewhere, temporarily remount `/boot` read-write before
-# the `kdump` initramfs is generated.
-[Service]
-ExecStartPre=/usr/bin/mount -o remount,rw /boot
diff --git a/config/overlay.d/15fcos/usr/libexec/coreos-check-ignition-config b/config/overlay.d/15fcos/usr/libexec/coreos-check-ignition-config
deleted file mode 100644
index f96d743503700aec9bec32f571b64b2e7da979dc..0000000000000000000000000000000000000000
--- a/config/overlay.d/15fcos/usr/libexec/coreos-check-ignition-config
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/usr/bin/bash
-# The logic for the message_id is handled in 
-
-# In this script, we need to capture the journald 
-# log with the particular message_id and query using 
-#`jq` utility to check if a user config is provided.
-
-# Change the output color to yellow
-warn='\033[0;33m'
-# No color
-nc='\033[0m'
-
-
-# It will track the journal messages related to an Ignition config provided 
-# by the user.
-output=$(journalctl -o json-pretty MESSAGE_ID=57124006b5c94805b77ce473e92a8aeb | jq -s '.[] | select(.IGNITION_CONFIG_TYPE == "user")'| wc -l)
-
-if [[ $output -gt  0 ]];then
-    echo "Ignition: user-provided config was applied" > /etc/issue.d/30_ignition_config_info.issue
-else
-    echo -e "${warn}Ignition: no config provided by user${nc}" > /etc/issue.d/30_ignition_config_info.issue
-fi
-
-# Ask all running agetty instances to reload and update their
-# displayed prompts in case this script was run before agetty.
-/usr/sbin/agetty --reload
diff --git a/config/COPYING b/nestos-config/COPYING
similarity index 96%
rename from config/COPYING
rename to nestos-config/COPYING
index 660c8228beb2050c8ee1ab70192f9c474ab00c97..b81e261c59cc56e339a5d3b475b9ba43200b0395 100644
--- a/config/COPYING
+++ b/nestos-config/COPYING
@@ -1,4 +1,4 @@
-Copyright 2021 NestOS Authors.
+Copyright 2018 Fedora CoreOS Authors.
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the
diff --git a/nestos-config/LICENSE b/nestos-config/LICENSE
new file mode 100644
index 0000000000000000000000000000000000000000..e50acb0241fee58a0e67ee0b5e51e949592882be
--- /dev/null
+++ b/nestos-config/LICENSE
@@ -0,0 +1,21 @@
+Copyright 2018 Fedora CoreOS Authors.
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
diff --git a/config/image-base.yaml b/nestos-config/image-base.yaml
similarity index 59%
rename from config/image-base.yaml
rename to nestos-config/image-base.yaml
index 66e023a444d06d0c248bfcbe3f6acaeabedb6aa9..9645d1342113ce0c3f49e3db021d2a819ff19fb9 100644
--- a/config/image-base.yaml
+++ b/nestos-config/image-base.yaml
@@ -9,6 +9,7 @@ size: 10
 extra-kargs:
     # Disable SMT on systems vulnerable to MDS or any similar future issue.
     - mitigations=auto,nosmt
+    - console=tty1
 
 # Disable networking by default on firstboot. We can drop this once cosa stops
 # defaulting to `ip=dhcp,dhcp6 rd.neednet=1` when it doesn't see this key.
@@ -17,9 +18,14 @@ ignition-network-kcmdline: []
 # Optional remote by which to prefix the deployed OSTree ref
 ostree-remote: openEuler
 
-# We want read-only /sysroot to protect from unintentional damage.
-# https://github.com/ostreedev/ostree/issues/1265
-sysroot-readonly: true
+# opt in to using the `metadata_csum_seed` feature of the ext4 filesystem
+# for the /boot filesystem. Support for this was only recently added to grub
+# and isn't available everywhere yet so we'll gate it behind this image.yaml
+# knob. It should be easy to know when RHEL/RHCOS supports this by just flipping
+# this to `true` and doing a build. It should error when building the disk
+# images if grub doesn't support it.
+# https://lists.gnu.org/archive/html/grub-devel/2021-06/msg00031.html
+#bootfs_metadata_csum_seed: true
 
 # After this, we plan to add support for the Ignition
 # storage/filesystems sections.  (Although one can do
diff --git a/config/image.yaml b/nestos-config/image.yaml
similarity index 100%
rename from config/image.yaml
rename to nestos-config/image.yaml
diff --git a/nestos-config/kola-denylist.yaml b/nestos-config/kola-denylist.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c436860a70b2befcbef0f9294c4ead0d99b9c965
--- /dev/null
+++ b/nestos-config/kola-denylist.yaml
@@ -0,0 +1,14 @@
+# This file documents currently known-to-fail kola tests. It is consumed by
+# coreos-assembler to automatically skip some tests. For more information,
+# see: https://github.com/coreos/coreos-assembler/pull/866.
+- pattern: fcos.internet
+  tracker: https://github.com/coreos/coreos-assembler/pull/1478
+- pattern: podman.workflow
+  tracker: https://github.com/coreos/coreos-assembler/pull/1478
+- pattern: ostree.hotfix
+  tracker: https://github.com/coreos/fedora-coreos-tracker/issues/942
+  snooze: 2021-10-25
+  streams:
+    - rawhide
+  arches:
+    - aarch64
diff --git a/config/live/EFI/openEuler/grub.cfg b/nestos-config/live/EFI/openEuler/grub.cfg
similarity index 89%
rename from config/live/EFI/openEuler/grub.cfg
rename to nestos-config/live/EFI/openEuler/grub.cfg
index f208a7ff5070c207f15326d66fe952787dadbd70..0db10324c906451e95bd139a5f185459a16a955a 100644
--- a/config/live/EFI/openEuler/grub.cfg
+++ b/nestos-config/live/EFI/openEuler/grub.cfg
@@ -4,9 +4,11 @@
 #
 # One diff to note is we use linux and initrd instead of linuxefi and
 # initrdefi. We do this because it works and allows us to use this same
-# file on other architecutres. 
+# file on other architectures. 
 #
-# This file gets embedded into the efiboot.img on our NestOS ISO.
+# This file is loaded directly when booting via El Torito, and indirectly
+# from a stub config in efiboot.img when booting via the hybrid ESP.
+
 set default="1"
 
 function load_video {
@@ -28,7 +30,7 @@ set timeout=5
 
 ### BEGIN /etc/grub.d/10_linux ###
 menuentry 'NestOS (Live)' --class openeuler --class gnu-linux --class gnu --class os {
-	linux /images/pxeboot/vmlinuz @@KERNEL-ARGS@@ ignition.firstboot ignition.platform.id=metal
+	linux /images/pxeboot/vmlinuz @@KERNEL-ARGS@@ ignition.firstboot ignition.platform.id=metal console=tty1
 ################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################ COREOS_KARG_EMBED_AREA
 	initrd /images/pxeboot/initrd.img /images/ignition.img
 }
diff --git a/config/live/README-devel.md b/nestos-config/live/README-devel.md
similarity index 80%
rename from config/live/README-devel.md
rename to nestos-config/live/README-devel.md
index 6316954340443ad6600e834578b0146d19c37ad0..c0bde041c03cf58bb656ccded800b5f521fa3f49 100644
--- a/config/live/README-devel.md
+++ b/nestos-config/live/README-devel.md
@@ -1,6 +1,6 @@
 These files will be copied to the target live ISO
 via the CoreOS Assembler buildextend-live call. It
-picks up all files in the NestOS-config/live/
+picks up all files in the coreos/NestOS-config/live/
 directory and copies them to the base of the ISO. 
 
 Files currently copied are:
@@ -10,4 +10,4 @@ Files currently copied are:
 
 Files that get copied into efiboot.img in the ISO:
 
-- EFI/grub.cfg 
\ No newline at end of file
+- EFI/grub.cfg 
diff --git a/config/live/isolinux/boot.msg b/nestos-config/live/isolinux/boot.msg
similarity index 100%
rename from config/live/isolinux/boot.msg
rename to nestos-config/live/isolinux/boot.msg
diff --git a/config/live/isolinux/isolinux.cfg b/nestos-config/live/isolinux/isolinux.cfg
similarity index 97%
rename from config/live/isolinux/isolinux.cfg
rename to nestos-config/live/isolinux/isolinux.cfg
index 06159f6ef9976a6dbaa5cf29612240f57b3d1a64..5ec947c009f85d71075fd803976d144a91678a22 100644
--- a/config/live/isolinux/isolinux.cfg
+++ b/nestos-config/live/isolinux/isolinux.cfg
@@ -67,7 +67,7 @@ label linux
   menu label ^NestOS (Live)
   menu default
   kernel /images/pxeboot/vmlinuz
-  append initrd=/images/pxeboot/initrd.img,/images/ignition.img @@KERNEL-ARGS@@ ignition.firstboot ignition.platform.id=metal
+  append initrd=/images/pxeboot/initrd.img,/images/ignition.img @@KERNEL-ARGS@@ ignition.firstboot ignition.platform.id=metal console=tty1
 ################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################################ COREOS_KARG_EMBED_AREA
 
 menu separator # insert an empty line
diff --git a/nestos-config/live/zipl.prm b/nestos-config/live/zipl.prm
new file mode 100644
index 0000000000000000000000000000000000000000..c98eab0dc2a05cfab141515f68d7f66000a46cf4
--- /dev/null
+++ b/nestos-config/live/zipl.prm
@@ -0,0 +1 @@
+@@KERNEL-ARGS@@ ignition.firstboot ignition.platform.id=metal console=tty1
diff --git a/nestos-config/manifest.yaml b/nestos-config/manifest.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..acdb147ce78970347fbaf6eb513cdaf0d0c8502a
--- /dev/null
+++ b/nestos-config/manifest.yaml
@@ -0,0 +1,25 @@
+ref: openEuler/${basearch}/nestos/stable
+include: manifests/nestos.yaml
+
+releasever: "22.03"
+
+rojig:
+  license: MIT
+  name: nestos
+  summary: NestOS stable
+
+add-commit-metadata:
+  fedora-coreos.stream: stable
+
+packages:
+  # resolved was broken out to its own package in rawhide/f35
+  #  - systemd-resolved
+  # In F35+ need `iptables-legacy` package
+  # See https://github.com/coreos/fedora-coreos-tracker/issues/676#issuecomment-928028451
+  # - iptables-legacy
+
+remove-from-packages:
+  # Hopefully short-term hack -- see https://github.com/coreos/fedora-coreos-config/pull/1206#discussion_r705425869.
+  # This keeps the size down and ensures nothing tries to use it, preventing us
+  # from shedding the dep eventually.
+  - [cracklib-dicts, .*]
diff --git a/config/manifests/bootable-rpm-ostree.yaml b/nestos-config/manifests/bootable-rpm-ostree.yaml
similarity index 70%
rename from config/manifests/bootable-rpm-ostree.yaml
rename to nestos-config/manifests/bootable-rpm-ostree.yaml
index ddc39387a9fa658e81020835a52580b163df4f5f..aaef03a9be8ea048ef2395285b5c38e6727d4da3 100644
--- a/config/manifests/bootable-rpm-ostree.yaml
+++ b/nestos-config/manifests/bootable-rpm-ostree.yaml
@@ -2,14 +2,12 @@
 # The intent of this is to inherit from this if you are doing something highly
 # custom that e.g. might not involve Ignition or podman, but you do want
 # rpm-ostree.
-# We expect most people though using coreos-assembler to inherit from
-# fedora-coreos-base.yaml.
+# We expect most people though using nestos-assembler to inherit from
+# nestos-base.yaml.
 packages:
  # Kernel + systemd.  Note we explicitly specify kernel-{core,modules}
  # because otherwise depsolving could bring in kernel-debug.
- - kernel systemd
-# - kernel-devel kernel-tools kernel-headers
-  # kernel-core kernel-modules
+ - kernel  systemd
  # rpm-ostree
  - rpm-ostree nss-altfiles
  # firmware updates
@@ -25,7 +23,5 @@ packages-s390x:
   # provided by s390utils-base, but soon will be -core too.
   - /usr/sbin/zipl
 packages-x86_64:
-  - grub2  efibootmgr shim
-# grub2-efi-x64-cdboot grub2-efi-x64-modules grub2-tools-efi grub2-emu grub2-emu-modules
+  - grub2 grub2-efi-x64 efibootmgr shim
   - microcode_ctl
-  - grub2-efi-x64
diff --git a/config/manifests/bootupd.yaml b/nestos-config/manifests/bootupd.yaml
similarity index 80%
rename from config/manifests/bootupd.yaml
rename to nestos-config/manifests/bootupd.yaml
index a107a98dee59aa556cef9c3c1a3b10df067ef47a..659f72d30de14aa7a195e1a1af70a8e524e44140 100644
--- a/config/manifests/bootupd.yaml
+++ b/nestos-config/manifests/bootupd.yaml
@@ -7,10 +7,10 @@ postprocess:
   - |
     #!/bin/bash
     set -xeuo pipefail
-    ## Until we have https://github.com/coreos/rpm-ostree/pull/2275
+    # Until we have https://github.com/coreos/rpm-ostree/pull/2275
     mkdir -p /run
     # Transforms /usr/lib/ostree-boot into a bootupd-compatible update payload
     /usr/bin/bootupctl backend generate-update-metadata /
     chmod -R +x /usr/bin/
     chmod -R +x /usr/sbin/
-    chmod -R +x /usr/libexec/
+    chmod -R +x /usr/libexec/
\ No newline at end of file
diff --git a/config/manifests/file-transfer.yaml b/nestos-config/manifests/file-transfer.yaml
similarity index 76%
rename from config/manifests/file-transfer.yaml
rename to nestos-config/manifests/file-transfer.yaml
index aa584dd02decf7b6da94f8d07fe4ed97ba717cb6..64ae36782c6a42fb0de5e93c88d63279ea15f2a9 100644
--- a/config/manifests/file-transfer.yaml
+++ b/nestos-config/manifests/file-transfer.yaml
@@ -1,6 +1,5 @@
 # Moving files around and verifying them
 packages:
- # - git-core
-  - git
+  - git-core
   - gnupg2
   - rsync
diff --git a/config/manifests/group b/nestos-config/manifests/group
similarity index 96%
rename from config/manifests/group
rename to nestos-config/manifests/group
index fac113c56a4b8d4f77d3d8925b01ce8bc523b650..4c2f543d4d329f9242eb5dfcaed6d4c983cf578b 100644
--- a/config/manifests/group
+++ b/nestos-config/manifests/group
@@ -51,8 +51,8 @@ systemd-resolve:x:989:
 systemd-bus-proxy:x:988:
 cockpit-ws:x:987:
 
-#duyiwei
 named:x:25:
 dhcpd:x:177:
 dnsmasq:x:980:
-
+saslauth:x:76:
+isula:x:986:
diff --git a/config/manifests/grub2-removals.yaml b/nestos-config/manifests/grub2-removals.yaml
similarity index 100%
rename from config/manifests/grub2-removals.yaml
rename to nestos-config/manifests/grub2-removals.yaml
diff --git a/config/manifests/ignition-and-ostree.yaml b/nestos-config/manifests/ignition-and-ostree.yaml
similarity index 99%
rename from config/manifests/ignition-and-ostree.yaml
rename to nestos-config/manifests/ignition-and-ostree.yaml
index df57ea6736821f6581cc71f95bed64971518377e..34879ff4089f4425479a5c0f9139191110077f56 100644
--- a/config/manifests/ignition-and-ostree.yaml
+++ b/nestos-config/manifests/ignition-and-ostree.yaml
@@ -24,7 +24,7 @@ packages:
   - dracut-network
   # for encryption
   - clevis  clevis-dracut clevis-systemd
- # - clevis-luks
+
 remove-from-packages:
   # We don't want systemd-firstboot.service. It conceptually conflicts with
   # Ignition.  We also inject runtime bits to disable it in systemd-firstboot.service.d/fcos-disable.conf
diff --git a/config/manifests/nestos-base.yaml b/nestos-config/manifests/nestos-base.yaml
similarity index 81%
rename from config/manifests/nestos-base.yaml
rename to nestos-config/manifests/nestos-base.yaml
index 121d9bfcb577ec1ad6ad5ff1e375ee0faf1806c2..1aca9344fd08154a4f3ddd6521f2244bc9243d1e 100644
--- a/config/manifests/nestos-base.yaml
+++ b/nestos-config/manifests/nestos-base.yaml
@@ -8,6 +8,7 @@ include:
   - networking-tools.yaml
   - system-configuration.yaml
   - user-experience.yaml
+  - shared-workarounds.yaml
 
 initramfs-args:
   - --no-hostonly
@@ -51,7 +52,9 @@ rpmdb: sqlite
 postprocess:
   - |
     #!/usr/bin/env bash
-     /usr/sbin/mpathconf --enable
+     #/usr/sbin/mpathconf --enable
+    systemctl mask kdump.service
+    systemctl mask multipathd.service
             
   - |
     #!/usr/bin/env bash
@@ -60,6 +63,7 @@ postprocess:
     echo "u    chrony     -    chrony" > /usr/lib/sysusers.d/chrony.conf
     echo "u    sshd       -    sshd" > /usr/lib/sysusers.d/sshd.conf
     echo "u    rpc       -    rpc" > /usr/lib/sysusers.d/rpc.conf
+    echo "u    rpcuser   -    rpcuser" > /usr/lib/sysusers.d/rpcuser.conf
   # This will be dropped once rpm-ostree because module-aware.
   # https://github.com/projectatomic/rpm-ostree/issues/1542#issuecomment-419684977
   # https://github.com/projectatomic/rpm-ostree/issues/1435
@@ -69,12 +73,12 @@ postprocess:
     for x in /etc/yum.repos.d/*modular.repo; do
       sed -i -e 's,enabled=[01],enabled=0,' ${x}
     done
-
   # Enable SELinux booleans used by OpenShift
   # https://github.com/coreos/fedora-coreos-tracker/issues/284
   - |
     #!/usr/bin/env bash
     set -xeuo pipefail
+    #setsebool -P -N container_use_cephfs on  # RHBZ#1692369
     setsebool -P -N virt_use_samba on  # RHBZ#1754825
 
   # Mask dnsmasq. We include dnsmasq for host services that use the dnsmasq
@@ -93,25 +97,33 @@ postprocess:
 
   # Neuter systemd-resolved for now.
   # https://github.com/coreos/fedora-coreos-tracker/issues/649#issuecomment-743219353
-  # Note: When removing this, we likely also want to remove
-  # coreos-reset-stub-resolv-selinux-context.{path,service} and their presets.
+  # Remove when on F35+ as NM now handles rdns + resolved better
+  # https://github.com/coreos/fedora-coreos-tracker/issues/834
+  # https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/601
+  # https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/877
   - |
     #!/usr/bin/env bash
     set -xeuo pipefail
+    # Only operate on F34 since F35+ has been fixed
+    source /etc/os-release
+    [ ${VERSION_ID} -eq 34 ] || exit 0
     # Get us back to Fedora 32's nsswitch.conf settings
     sed -i 's/^hosts:.*/hosts:      files dns myhostname/' /etc/nsswitch.conf
     mkdir -p /usr/lib/systemd/resolved.conf.d/
     cat > /usr/lib/systemd/resolved.conf.d/nestos-stub-listener.conf <<'EOF'
+    # Fedora CoreOS is electing to not use systemd-resolved's internal
+    # logic for now because of issues with setting hostnames via reverse DNS.
     # https://github.com/coreos/fedora-coreos-tracker/issues/649#issuecomment-736104003
     [Resolve]
     DNSStubListener=no
     EOF
 
-  # Set the fallback hostname to `localhost`. This piggybacks on the
-  # postprocess script above which neuters systemd-resolved, because
-  # currently, a fallback hostname of `localhost` + systemd-resolved breaks
-  # rDNS. Eventually, we should be able to drop this at the same time as we drop
-  # the above. See: https://bugzilla.redhat.com/show_bug.cgi?id=1892235#c25
+  # Set the fallback hostname to `localhost`. This was needed in F33/F34
+  # because a fallback hostname of `fedora` + systemd-resolved broke
+  # rDNS. It's now fixed in F35+ NetworkManager to handle the corner cases
+  # around synthetized hostnames and systemd-resolved, but the question
+  # remains on what is a more appropriate default hostname for a server like
+  # host. https://github.com/coreos/fedora-coreos-tracker/issues/902
   - |
     #!/usr/bin/env bash
     source /etc/os-release
@@ -125,8 +137,11 @@ postprocess:
 packages:
   # Container tooling
   - crun
+  # Security
   - polkit
+  # System setup
   - afterburn-dracut
+  # SSH
   - ssh-key-dir
   # Containers
   - systemd-container catatonit
@@ -138,11 +153,12 @@ packages:
   # Remote IPC for podman
   - libvarlink-util
   # Minimal NFS client
-  - nfs-utils-coreos
+  - nfs-utils-nestos
   # Active Directory support
   - adcli
   # Additional firewall support; we aren't including these in RHCOS or they
   # don't exist in RHEL
+ #- iptables-nft iptables-services
   # WireGuard https://github.com/coreos/fedora-coreos-tracker/issues/362
   - wireguard-tools
   # Storage
diff --git a/config/manifests/nestos.yaml b/nestos-config/manifests/nestos.yaml
similarity index 81%
rename from config/manifests/nestos.yaml
rename to nestos-config/manifests/nestos.yaml
index 17086044fec29a597a4659997875f3c28257acb6..3dcdd93092b0a744137211680f1e2545678a4516 100644
--- a/config/manifests/nestos.yaml
+++ b/nestos-config/manifests/nestos.yaml
@@ -1,16 +1,29 @@
-
+# This manifest file defines things that should really only go
+# into "official" builds of Fedora CoreOS (such as including `fedora-release-coreos`)
+# or are very "opinionated" like disabling SSH passwords by default.
 
 include: nestos-base.yaml
 
 automatic-version-prefix: "${releasever}.<date:%Y%m%d>.dev"
 mutate-os-release: "${releasever}"
 
+# All NestOS streams share the same pool for locked files.
+lockfile-repos:
+  - nestos
+
 packages:
   - openEuler-release-nestos
   - openEuler-repos-ostree
+  # Continue to include it in case users want to use it.
   - openEuler-repos-modular
+  # the archive repo for more reliable package layering
+  # https://github.com/coreos/fedora-coreos-tracker/issues/400
   - openEuler-repos-archive
+  # CL ships this.
   - docker-engine
+  # User metrics
+  
+  # Updates
   - zincati
 
 etc-group-members:
@@ -19,15 +32,14 @@ etc-group-members:
   # This will be no longer needed when systemd-sysusers has been implemented:
   # https://github.com/projectatomic/rpm-ostree/issues/49
   - docker
-  - isulad
-  - podman
 
-# XXX: this is used by coreos-assembler for artifact naming...
+# XXX: this is used by nestos-assembler for artifact naming...
 rojig:
   license: MIT
   name: nestos
   summary: NestOS base image
 
+
 # âš âš âš  ONLY TEMPORARY HACKS ALLOWED HERE; ALL ENTRIES NEED TRACKER LINKS âš âš âš 
 # See also the version of this in fedora-coreos-base.yaml
 postprocess:
@@ -78,12 +90,16 @@ exclude-packages:
   - python
   - python2
   - python2-libs
+  - python3
   - python3-libs
+  - perl
   - nodejs
   - dnf
-  - cowsay
+ #- grubby
+  - cowsay  # Just in case
   # Let's make sure initscripts doesn't get pulled back in
   # https://github.com/coreos/fedora-coreos-tracker/issues/220#issuecomment-611566254
+ #- initscripts
   # For (datacenter/cloud oriented) servers, we want to see the details by default.
   # https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/HSMISZ3ETWQ4ETVLWZQJ55ARZT27AAV3/
   - plymouth
diff --git a/config/manifests/networking-tools.yaml b/nestos-config/manifests/networking-tools.yaml
similarity index 87%
rename from config/manifests/networking-tools.yaml
rename to nestos-config/manifests/networking-tools.yaml
index ee8e4084e6bfd642db2af4aeb6b78005ef0dcabb..29cf58d1272924acc43edc7058d14b8e0cc8d5b3 100644
--- a/config/manifests/networking-tools.yaml
+++ b/nestos-config/manifests/networking-tools.yaml
@@ -9,14 +9,14 @@ packages:
   - NetworkManager-tui
   # Teaming https://github.com/coreos/fedora-coreos-config/pull/289 
   # and http://bugzilla.redhat.com/1758162
-  - NetworkManager-team teamd
+  - NetworkManager-team 
+ #teamd
   # Support for cloud quirks and dynamic config in real rootfs:
   # https://github.com/coreos/fedora-coreos-tracker/issues/320
-  - NetworkManager-cloud-setup
+  #- NetworkManager-cloud-setup
   # Route manipulation and QoS
-  - iproute iproute-tc
+  - iproute 
   # Firewall manipulation
-  - iptables
-  - nftables
+  - iptables nftables
   # Interactive network tools for admins
   - socat net-tools bind-utils
diff --git a/config/manifests/passwd b/nestos-config/manifests/passwd
similarity index 96%
rename from config/manifests/passwd
rename to nestos-config/manifests/passwd
index b05ebdbfe8f608c1bb430d287efc4888442426fa..285f5e769eaeadb38db1fc420535a81bd58f4c93 100644
--- a/config/manifests/passwd
+++ b/nestos-config/manifests/passwd
@@ -30,4 +30,4 @@ systemd-timesync:x:993:991:systemd Time Synchronization:/:/sbin/nologin
 systemd-network:x:991:990:systemd Network Management:/:/sbin/nologin
 systemd-resolve:x:990:989:systemd Resolver:/:/sbin/nologin
 systemd-bus-proxy:x:989:988:systemd Bus Proxy:/:/sbin/nologin
-cockpit-ws:x:988:987:User for cockpit-ws:/:/sbin/nologin
+cockpit-ws:x:988:987:User for cockpit-ws:/:/sbin/nologin
\ No newline at end of file
diff --git a/nestos-config/manifests/shared-workarounds.yaml b/nestos-config/manifests/shared-workarounds.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..29ff05a0b5d74509749fca19fcee3d2898087b13
--- /dev/null
+++ b/nestos-config/manifests/shared-workarounds.yaml
@@ -0,0 +1,64 @@
+# This manifest is a list of shared workarounds that are needed in both Fedora CoreOS
+# and downstreams (i.e. Red Hat CoreOS).
+
+postprocess:
+  # Put in the fix for multipathd.socket on releases that haven't been fixed yet.
+  # https://bugzilla.redhat.com/show_bug.cgi?id=2008098
+  # https://github.com/coreos/fedora-coreos-config/pull/1246
+  - |
+    #!/usr/bin/env bash
+    set -xeuo pipefail
+    # Operate on RHCOS and FCOS. 
+    source /etc/os-release
+    if [[ ${NAME} =~ "Fedora" ]]; then
+        # FCOS: Only operate on releases before F36. The fix has landed
+        # in F36+ and there is no need for a workaround.
+        [ ${VERSION_ID} -le 35 ] || exit 0
+    else 
+        # RHCOS: The fix hasn't landed in any version of RHEL yet
+        true
+    fi
+    mkdir /usr/lib/systemd/system/multipathd.socket.d
+    cat > /usr/lib/systemd/system/multipathd.socket.d/50-start-conditions.conf <<'EOF'
+    # Temporary workaround for https://bugzilla.redhat.com/show_bug.cgi?id=2008098
+    [Unit]
+    ConditionKernelCommandLine=!multipath=off
+    ConditionKernelCommandLine=!nompath
+    ConditionPathExists=/etc/multipath.conf
+    ConditionVirtualization=!container
+    EOF
+
+  # Put in the fix for multipathd.service in dracut on releases that haven't
+  # been fixed yet.
+  # https://github.com/dracutdevs/dracut/pull/1606
+  # https://github.com/coreos/fedora-coreos-config/pull/1233
+  - |
+    #!/usr/bin/env bash
+    set -xeuo pipefail
+    source /etc/os-release
+    if [[ ${NAME} =~ "Fedora" ]]; then
+        # FCOS: This fix hasn't landed in rawhide (F36) yet,
+        # but hopefully will soon.
+        [ ${VERSION_ID} -le 36 ] || exit 0
+    else 
+        # RHCOS: The fix hasn't landed in any version of RHEL yet
+        true
+    fi
+    mkdir /usr/lib/dracut/modules.d/36coreos-multipath-fix
+    cat > /usr/lib/dracut/modules.d/36coreos-multipath-fix/90-multipathd-remove-execstop.conf <<'EOF'
+    # Temporary workaround for https://github.com/dracutdevs/dracut/pull/1606.
+    [Service]
+    ExecStop=
+    EOF
+    cat > /usr/lib/dracut/modules.d/36coreos-multipath-fix/module-setup.sh <<'EOF'
+    #!/bin/bash
+    # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+    # ex: ts=8 sw=4 sts=4 et filetype=sh
+    install() {
+        # Temporary workaround for https://github.com/dracutdevs/dracut/pull/1606.
+        mkdir -p "$systemdsystemunitdir/multipathd.service.d"
+        inst_simple "$moddir/90-multipathd-remove-execstop.conf" \
+        "$systemdsystemunitdir/multipathd.service.d/90-multipathd-remove-execstop.conf"
+    }
+    EOF
+    chmod +x /usr/lib/dracut/modules.d/36coreos-multipath-fix/module-setup.sh
diff --git a/config/manifests/system-configuration.yaml b/nestos-config/manifests/system-configuration.yaml
similarity index 93%
rename from config/manifests/system-configuration.yaml
rename to nestos-config/manifests/system-configuration.yaml
index 295820113b3e3adbf47279e3cd55481b4ed7e580..8c219546fa5302167fc0782aa5f78c62f2d65fe7 100644
--- a/config/manifests/system-configuration.yaml
+++ b/nestos-config/manifests/system-configuration.yaml
@@ -8,7 +8,7 @@ packages:
   # NTP support
   - chrony
   # Installing CoreOS itself
-  - coreos-installer coreos-installer-bootinfra
+  - nestos-installer nestos-installer-bootinfra
   # Storage configuration/management
   ## cloud-utils-growpart - For growing root partition
   - cifs-utils
@@ -16,7 +16,7 @@ packages:
   - cryptsetup
   - device-mapper-multipath
   - e2fsprogs
-  - iscsi-initiator-utils
+ #- open-iscsi
   - lvm2
   - mdadm
   - sg3_utils
diff --git a/config/manifests/user-experience.yaml b/nestos-config/manifests/user-experience.yaml
similarity index 96%
rename from config/manifests/user-experience.yaml
rename to nestos-config/manifests/user-experience.yaml
index 6cd01ef026b05cf2dcf7c63d31bbf6f07fbded0f..b24b9117ade8b1428b5d74c7f549e9fccf586e67 100644
--- a/config/manifests/user-experience.yaml
+++ b/nestos-config/manifests/user-experience.yaml
@@ -7,9 +7,9 @@ packages:
   # Basic user tools
   ## jq - parsing/interacting with JSON data
   - bash-completion
-  - wget
   - coreutils
   - jq
+  #- nano
   - less
   - sudo
   - vim-minimal
@@ -30,6 +30,8 @@ packages:
   - openssh-clients openssh-server
   # Container tooling
   - podman
+  - crio
+  - cri-tools
   - docker-runc
   - skopeo
   - toolbox
diff --git a/config/nestos-pool.repo b/nestos-config/nestos-pool.repo
similarity index 46%
rename from config/nestos-pool.repo
rename to nestos-config/nestos-pool.repo
index ae37c274546389f992b5e9253b2883a5e26e9bd1..7986b1bd942b0ce5cbacc24429b0496b85a1fab4 100644
--- a/config/nestos-pool.repo
+++ b/nestos-config/nestos-pool.repo
@@ -1,10 +1,7 @@
 [nestos]
 name= extra repository - $basearch
-baseurl=http://10.1.110.88/nestos/nestos_x86
+baseurl=Èí¼þ°üÔ´µØÖ·
 enabled=1
-#repo_gpgcheck=0
 type=rpm-md
 gpgcheck=0
-#skip_if_unavailable=True
-
 
diff --git a/config/overlay.d/05core/etc/security/pwquality.conf.d/20-disable-dict.conf b/nestos-config/overlay.d/05core/etc/security/pwquality.conf.d/20-disable-dict.conf
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/etc/security/pwquality.conf.d/20-disable-dict.conf
rename to nestos-config/overlay.d/05core/etc/security/pwquality.conf.d/20-disable-dict.conf
diff --git a/config/overlay.d/05core/etc/sudoers.d/coreos-sudo-group b/nestos-config/overlay.d/05core/etc/sudoers.d/coreos-sudo-group
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/etc/sudoers.d/coreos-sudo-group
rename to nestos-config/overlay.d/05core/etc/sudoers.d/coreos-sudo-group
diff --git a/nestos-config/overlay.d/05core/statoverride b/nestos-config/overlay.d/05core/statoverride
new file mode 100755
index 0000000000000000000000000000000000000000..9769b8ccb0a4f22ba660296422eac75b11661f82
--- /dev/null
+++ b/nestos-config/overlay.d/05core/statoverride
@@ -0,0 +1,6 @@
+# Config file for overriding permission bits on overlay files/dirs
+# Format: =<file mode in decimal> <absolute path to a file or directory>
+
+# Some security scanners complain if /etc/sudoers.d files have 0044 mode bits
+# https://bugzilla.redhat.com/show_bug.cgi?id=1981979
+=384 /etc/sudoers.d/coreos-sudo-group
diff --git a/config/overlay.d/05core/usr/lib/NetworkManager/conf.d/20-client-id-from-mac.conf b/nestos-config/overlay.d/05core/usr/lib/NetworkManager/conf.d/20-client-id-from-mac.conf
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/NetworkManager/conf.d/20-client-id-from-mac.conf
rename to nestos-config/overlay.d/05core/usr/lib/NetworkManager/conf.d/20-client-id-from-mac.conf
diff --git a/config/overlay.d/05core/usr/lib/coreos/generator-lib.sh b/nestos-config/overlay.d/05core/usr/lib/coreos/generator-lib.sh
old mode 100644
new mode 100755
similarity index 64%
rename from config/overlay.d/05core/usr/lib/coreos/generator-lib.sh
rename to nestos-config/overlay.d/05core/usr/lib/coreos/generator-lib.sh
index b133e5ac67def5d08052fa0126c406b00035434a..dd19ad813d081c5a441bf76fc16ca75895599990
--- a/config/overlay.d/05core/usr/lib/coreos/generator-lib.sh
+++ b/nestos-config/overlay.d/05core/usr/lib/coreos/generator-lib.sh
@@ -17,3 +17,14 @@ have_karg() {
     done
     return 1
 }
+
+karg() {
+    local name="$1" value="${2:-}"
+    local cmdline=( $(</proc/cmdline) )
+    for arg in "${cmdline[@]}"; do
+        if [[ "${arg%%=*}" == "${name}" ]]; then
+            value="${arg#*=}"
+        fi
+    done
+    echo "${value}"
+}
diff --git a/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/01scsi-rules/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/01scsi-rules/module-setup.sh
new file mode 100755
index 0000000000000000000000000000000000000000..d874dc8b27c8b8c9b228dbd8203a2d8883f305bc
--- /dev/null
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/01scsi-rules/module-setup.sh
@@ -0,0 +1,13 @@
+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
+# ex: ts=8 sw=4 sts=4 et filetype=sh
+
+# 1) Fix for https://bugzilla.redhat.com/show_bug.cgi?id=1918244
+# On s390x systems with IBM 2810XIV discs multipath couldn't be configured
+# because SCSI_IDENT_* udev properties are not set at boot time
+# 2-) Fix for https://bugzilla.redhat.com/show_bug.cgi?id=1990506
+# Missing symlinks to disk install
+install() {
+    inst_simple sg_inq
+    inst_rules 61-scsi-sg3_id.rules
+    inst_rules 63-scsi-sg3_symlink.rules
+}
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/10coreos-sysctl/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/10coreos-sysctl/module-setup.sh
old mode 100644
new mode 100755
similarity index 66%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/10coreos-sysctl/module-setup.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/10coreos-sysctl/module-setup.sh
index 4d4e69b75fa3791edeb39046286a92f14e8ad239..cbb88a4d5aa37a62f006e9da40e9036daf734d27
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/10coreos-sysctl/module-setup.sh
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/10coreos-sysctl/module-setup.sh
@@ -7,8 +7,11 @@
 # ring buffer using `dmesg`). In the future we will rely on kernel
 # console multiplexing [2] for this and will not use kmsg.
 #
+# [1] https://github.com/coreos/ignition-dracut/blob/26f2396b116286dcb46644dc157e4211aea3aba5/dracut/99journald-conf/00-journal-log-forwarding.conf#L2
+# [2] https://github.com/coreos/fedora-coreos-tracker/issues/136
 
-
+# See also 10-coreos-ratelimit-kmsg.conf, which turns ratelimiting back *on*
+# in the real root.
 
 check() {
     return 0
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/25coreos-azure-udev/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/25coreos-azure-udev/module-setup.sh
old mode 100644
new mode 100755
similarity index 81%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/25coreos-azure-udev/module-setup.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/25coreos-azure-udev/module-setup.sh
index 49ece8bea3363b3d46a9217877456eb269b387e0..e796e89267c8143e88c67be7f2aaeda2ae2438aa
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/25coreos-azure-udev/module-setup.sh
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/25coreos-azure-udev/module-setup.sh
@@ -8,7 +8,8 @@
 # If the WALinuxAgent-udev package is changed to install the udev rules as
 # part of the initramfs, we should drop this module.
 #
-
+# See https://bugzilla.redhat.com/show_bug.cgi?id=1909287
+# See also https://bugzilla.redhat.com/show_bug.cgi?id=1756173
 
 install() {
     inst_multiple \
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.sh
old mode 100644
new mode 100755
similarity index 63%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.sh
index 3b16813b46433afbcca237b7f3d1cdd228bee019..4116f032176ab28d1965cac8a4d722b6f60a2a24
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.sh
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-boot-edit.sh
@@ -31,5 +31,21 @@ rm -vrf ${initramfs_firstboot_network_dir}
 # append rootmap kargs to the BLS configs.
 root=$(karg root)
 if [ -z "${root}" ]; then
-    /usr/bin/rdcore rootmap /sysroot --boot-mount ${bootmnt}
+    rdcore rootmap /sysroot --boot-mount ${bootmnt}
+fi
+
+# And similarly, only inject boot= if it's not already present.
+boot=$(karg boot)
+if [ -z "${boot}" ]; then
+    # XXX: `rdcore rootmap --inject-boot-karg` or maybe `rdcore bootmap`
+    eval $(blkid -o export "${bootdev}")
+    if [ -z "${UUID}" ]; then
+        # This should never happen
+        echo "Boot filesystem ${bootdev} has no UUID" >&2
+        exit 1
+    fi
+    rdcore kargs --boot-mount ${bootmnt} --append boot=UUID=${UUID}
+    # but also put it in /run for the first boot real root mount
+    mkdir -p /run/coreos
+    echo "${UUID}" > /run/coreos/bootfs_uuid
 fi
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-diskful-generator
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh
old mode 100644
new mode 100755
similarity index 98%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh
index ee2fc4f4c044c62f49ae692483317dc2fe99318d..dc55409429aeefb084cd1feb92605b2dc2fda173
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-gpt-setup.sh
@@ -39,4 +39,4 @@ fi
 
 echo "Randomizing disk GUID"
 sgdisk --disk-guid=R --move-second-header "$PKNAME"
-udevadm settle
+udevadm settle || :
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.sh
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-ignition-setup-user.sh
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service
old mode 100644
new mode 100755
similarity index 73%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service
index 4f50823092223aebe10cf1d10f39e01cead5c98b..6ac57ff7b7a4c14fe089593a60e9bb05e88e027b
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs-reboot.service
@@ -1,7 +1,7 @@
 [Unit]
 Description=CoreOS Kernel Arguments Reboot
 ConditionPathExists=/etc/initrd-release
-ConditionPathExists=/run/ignition-modified-kargs
+ConditionPathExists=/run/coreos-kargs-reboot
 DefaultDependencies=false
 Before=ignition-complete.target
  
@@ -18,4 +18,6 @@ OnFailureJobMode=isolate
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=/usr/bin/systemctl reboot
+# --force causes a rapid reboot.  Without it, systemd continues running
+# Ignition stages in parallel with shutting down.
+ExecStart=/usr/bin/systemctl reboot --force
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh
old mode 100644
new mode 100755
similarity index 65%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh
index 3744eb6d4b5bb6b46980f339b9f3b522d8e92184..adad195737ea76ad4d4904d9567a1845c3f420fb
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-kargs.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
 set -euo pipefail
 
-/usr/bin/rdcore kargs --boot-device /dev/disk/by-label/boot --create-if-changed /run/ignition-modified-kargs "$@"
+/usr/bin/rdcore kargs --boot-device /dev/disk/by-label/boot --create-if-changed /run/coreos-kargs-reboot "$@"
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service
old mode 100644
new mode 100755
similarity index 90%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service
index feb39932ba9931703328a6c8700b63d8d544b356..060530e72190e2c599572d469755a7f991099a57
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.service
@@ -1,6 +1,6 @@
 # Clean up the initramfs networking on first boot
 # so the real network is being brought up
-
+# https://github.com/coreos/fedora-coreos-tracker/issues/394#issuecomment-599721763
 
 [Unit]
 Description=CoreOS Tear Down Initramfs
@@ -14,7 +14,7 @@ DefaultDependencies=false
 # The only other one right now is ignition-mount that has an ExecStop
 # for doing an unmount. Since the ordering for ExecStop is the
 # opposite of ExecStart we need to use `Before=ignition-mount.service`.
-
+# https://github.com/coreos/fedora-coreos-tracker/issues/440
 Before=ignition-mount.service
 Before=ignition-complete.target
 
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh
old mode 100644
new mode 100755
similarity index 95%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh
index 96f1ffc9f95dd7502809dbf456f50a2014ccafe1..8fea202022835b8ed77e66e46aeb1dd7c8db6c63
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/coreos-teardown-initramfs.sh
@@ -66,9 +66,9 @@ are_default_NM_configs() {
 #      defaults (trying dhcp/dhcp6 on everything). If it's just the
 #      defaults then we want to avoid a slight behavior diff between
 #      propagating configs and just booting with no configuration. See
-#      
+#      https://github.com/coreos/fedora-coreos-tracker/issues/696
 #
-
+# See https://github.com/coreos/fedora-coreos-tracker/issues/394#issuecomment-599721173
 propagate_initramfs_networking() {
     # Check for any real root config in the two locations where a user could have
     # provided network configuration. On FCOS we only support keyfiles, but on RHCOS
@@ -85,7 +85,7 @@ propagate_initramfs_networking() {
     # Did the user tell us to force initramfs networking config
     # propagation even if real root networking config exists?
     # Hopefully we only need this in rare circumstances.
-    
+    # https://github.com/coreos/fedora-coreos-tracker/issues/853
     forcepropagate=0
     if dracut_func getargbool 0 'coreos.force_persist_ip'; then
         forcepropagate=1
@@ -155,7 +155,8 @@ down_interface() {
 # Iterate through the interfaces in the machine and take them down.
 # Note that in the futre we would like to possibly use `nmcli` networking off`
 # for this. See the following two comments for details:
-
+# https://github.com/coreos/fedora-coreos-tracker/issues/394#issuecomment-599721763
+# https://github.com/coreos/fedora-coreos-tracker/issues/394#issuecomment-599746049
 down_interfaces() {
     if ! [ -z "$(ls /sys/class/net)" ]; then
         for f in /sys/class/net/*; do
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh
old mode 100644
new mode 100755
similarity index 92%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh
index 52abd13864936295ee9b2ccc8eccc3c6da9127ee..a42bcc3724f0fe2278f0edc96b74bca1a827f2ac
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-ignition/module-setup.sh
@@ -12,7 +12,7 @@ install_ignition_unit() {
     local instantiated="${1:-$unit}"; shift
     inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit"
     # note we `|| exit 1` here so we error out if e.g. the units are missing
-
+    # see https://github.com/coreos/fedora-coreos-config/issues/799
     systemctl -q --root="$initdir" add-requires "$target" "$instantiated" || exit 1
 }
 
@@ -34,7 +34,7 @@ install() {
         "/usr/sbin/coreos-ignition-setup-user"
 
     # For consistency tear down the network and persist multipath between the initramfs and
-    # real root. 
+    # real root. See https://github.com/coreos/fedora-coreos-tracker/issues/394#issuecomment-599721763
     inst_script "$moddir/coreos-teardown-initramfs.sh" \
         "/usr/sbin/coreos-teardown-initramfs"
     install_ignition_unit coreos-teardown-initramfs.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-clear-sssd-cache.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-clear-sssd-cache.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-clear-sssd-cache.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-clear-sssd-cache.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.sh
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-live-unmount-tmpfs-var.sh
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-persist-osmet.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-persist-osmet.service
old mode 100644
new mode 100755
similarity index 77%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-persist-osmet.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-persist-osmet.service
index 95684102df110e0c98149a622341af17a614dbd0..c6ca7899ce6802d1464095d1a2d893d2265697a0
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-persist-osmet.service
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-liveiso-persist-osmet.service
@@ -9,7 +9,7 @@ Before=initrd-switch-root.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=/usr/bin/mkdir -p /run/coreos-installer/osmet
+ExecStart=/usr/bin/mkdir -p /run/nestos-installer/osmet
 # bsdtar reads cpio archives, and unlike cpio(1L), knows how to seek over
 # members it isn't reading
-ExecStart=/usr/bin/bsdtar -x -C /run/coreos-installer/osmet -f /run/media/iso/images/pxeboot/rootfs.img *.osmet
+ExecStart=/usr/bin/bsdtar -x -C /run/nestos-installer/osmet -f /run/media/iso/images/pxeboot/rootfs.img *.osmet
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-persist-osmet.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-persist-osmet.service
old mode 100644
new mode 100755
similarity index 80%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-persist-osmet.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-persist-osmet.service
index 17484e66a1ee6df574dbec648dbca5ba016688cd..75250d2f8fd03df7c795852f5edbda599864cc1f
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-persist-osmet.service
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-persist-osmet.service
@@ -10,5 +10,5 @@ Before=initrd-switch-root.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
-ExecStart=/usr/bin/mkdir -p /run/coreos-installer/osmet
-ExecStart=/usr/bin/sh -c "if ls /*.osmet &>/dev/null; then cp /*.osmet /run/coreos-installer/osmet; fi"
+ExecStart=/usr/bin/mkdir -p /run/nestos-installer/osmet
+ExecStart=/usr/bin/sh -c "if ls /*.osmet &>/dev/null; then cp /*.osmet /run/nestos-installer/osmet; fi"
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh
old mode 100644
new mode 100755
similarity index 88%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh
index 483587efa5629c3e888ee08fe0c90544e35c6a18..9f59a8dbd7a1b1bb62593b29e14f30ba084b7120
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/coreos-livepxe-rootfs.sh
@@ -26,8 +26,9 @@ elif [[ -n "${rootfs_url}" ]]; then
     if [[ ${rootfs_url} != http:* && ${rootfs_url} != https:* ]]; then
         # Don't commit to supporting protocols we might not want to expose in
         # the long term.
-        echo "coreos.live.rootfs_url= supports HTTP and HTTPS only." >&2
-        echo "Please fix your PXE configuration." >&2
+        echo "Unsupported scheme for image specified by:" >&2
+        echo "coreos.live.rootfs_url=${rootfs_url}" >&2
+        echo "Only HTTP and HTTPS are supported. Please fix your PXE configuration." >&2
         exit 1
     fi
 
@@ -39,7 +40,8 @@ elif [[ -n "${rootfs_url}" ]]; then
     # We retry forever, matching Ignition's semantics.
     curl_common_args="--silent --show-error --insecure --location"
     while ! curl --head $curl_common_args "${rootfs_url}" >/dev/null; do
-        echo "Couldn't establish connectivity with the server specified by coreos.live.rootfs_url=" >&2
+        echo "Couldn't establish connectivity with the server specified by:" >&2
+        echo "coreos.live.rootfs_url=${rootfs_url}" >&2
         echo "Retrying in 5s..." >&2
         sleep 5
     done
@@ -54,14 +56,15 @@ elif [[ -n "${rootfs_url}" ]]; then
     if ! curl $curl_common_args --retry 5 "${rootfs_url}" | \
             rdcore stream-hash /etc/coreos-live-want-rootfs | \
             bsdtar -xf - -C / ; then
-        echo "Couldn't fetch, verify, and unpack image specified by coreos.live.rootfs_url=" >&2
+        echo "Couldn't fetch, verify, and unpack image specified by:" >&2
+        echo "coreos.live.rootfs_url=${rootfs_url}" >&2
         echo "Check that the URL is correct and that the rootfs version matches the initramfs." >&2
         exit 1
     fi
 else
     # Nothing.  Fail.
     echo "No rootfs image found.  Modify your PXE configuration to add the rootfs" >&2
-    echo "image as a second initrd, or use the coreos.live.rootfs_url= kernel parameter" >&2
+    echo "image as a second initrd, or use the coreos.live.rootfs_url kernel parameter" >&2
     echo "to specify an HTTP or HTTPS URL to the rootfs." >&2
     exit 1
 fi
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/is-live-image.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/is-live-image.sh
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/is-live-image.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/is-live-image.sh
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator
old mode 100644
new mode 100755
similarity index 98%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator
index 3f137a5927534832f64e63d454c615a118b43fcf..560b0b6af5d7d5d18248f9e2ec091650d3de7524
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/live-generator
@@ -86,7 +86,7 @@ EOF
 
 [Unit]
 DefaultDependencies=false
-
+# HACK for https://github.com/coreos/fedora-coreos-config/issues/437
 Wants=systemd-udev-settle.service
 # Note that bootup(7) implies that initrd-root-device is After=basic.target
 # but that appears to not be the case.  We explicitly order after sysinit.target
@@ -123,7 +123,7 @@ fi
 # It turns out that `tmpfs` currently munches all SELinux labels
 # we set before policy is loaded, so we make an XFS filesystem
 # loopback mounted that's sized the same as /run.
-
+# https://github.com/coreos/fedora-coreos-config/pull/499
 cat >"${UNIT_DIR}/sysroot-xfs-ephemeral-mkfs.service" <<'EOF'
 [Unit]
 DefaultDependencies=false
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh
old mode 100644
new mode 100755
similarity index 91%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh
index f9b1b83a5760b6e0b97ac2dc8c0a83592fba5b2e..6a91048d7d8e6572addf6bf542915e3a66c14b31
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/module-setup.sh
@@ -8,10 +8,15 @@ install_and_enable_unit() {
     target="$1"; shift
     inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit"
     # note we `|| exit 1` here so we error out if e.g. the units are missing
-    
+    # see https://github.com/coreos/fedora-coreos-config/issues/799
     systemctl -q --root="$initdir" add-requires "$target" "$unit" || exit 1
 }
 
+installkernel() {
+    # we do loopmounts
+    instmods -c loop
+}
+
 install() {
     inst_multiple \
         bsdtar \
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/ostree-cmdline.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/ostree-cmdline.sh
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/ostree-cmdline.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-live/ostree-cmdline.sh
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-generator b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-generator
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-generator
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-generator
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-trigger.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-trigger.service
old mode 100644
new mode 100755
similarity index 91%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-trigger.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-trigger.service
index 60ab199d2e186254e7a3dd4abcb8d05fc37f252e..524dc9140ea7535aecc2e74b2d5ff62840ba6f9a
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-trigger.service
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-trigger.service
@@ -4,7 +4,7 @@
 # here to make sure it's re-added.
 #
 # This is tracked at:
-
+# https://bugzilla.redhat.com/show_bug.cgi?id=1963242
 
 [Unit]
 Description=CoreOS Trigger Multipath
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-wait.target b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-wait.target
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-wait.target
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-multipath-wait.target
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.sh
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/coreos-propagate-multipath-conf.sh
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh
old mode 100644
new mode 100755
similarity index 94%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh
index d467dd42573909196744c8386d0b148947bd81d9..4ab4bc4006c2ec5e5d03402625c14e91484351be
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-multipath/module-setup.sh
@@ -7,7 +7,7 @@ install_ignition_unit() {
     local target=${1:-complete}
     inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit"
     # note we `|| exit 1` here so we error out if e.g. the units are missing
-    
+    # see https://github.com/coreos/fedora-coreos-config/issues/799
     systemctl -q --root="$initdir" add-requires "ignition-${target}.target" "$unit" || exit 1
 }
 
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf
old mode 100644
new mode 100755
similarity index 80%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf
index 44735dd6661c363d5d1c7841d2bfd110b94278af..bad6d14047488b517d9dfc321c8b625979434d1b
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/50-afterburn-network-kargs-default.conf
@@ -1,7 +1,7 @@
 # This contains the default kargs for firstboot network configuration.
 # Default values can be dynamically overridden by platform-specific
 # logic (e.g. injected via a back-channel).
-
+# https://github.com/coreos/fedora-coreos-tracker/issues/460
 
 [Service]
 Environment=AFTERBURN_NETWORK_KARGS_DEFAULT='ip=dhcp,dhcp6'
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service
old mode 100644
new mode 100755
similarity index 96%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service
index af9c020a8c6ab2583eab3b8db01def071d1de352..7dfbc59c8a47aa347ec71250aa7563152556085e
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.service
@@ -49,7 +49,7 @@ After=coreos-multipath-wait.target
 After=coreos-enable-network.service
 # We've seen races with ignition-kargs.service, which accesses /boot rw.
 # Let's introduce some ordering here. Need to use `Before` because otherwise
-
+# we get a systemd ordering cycle. https://github.com/coreos/fedora-coreos-tracker/issues/883
 Before=ignition-kargs.service
 
 [Service]
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.sh
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-copy-firstboot-network.sh
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.sh
old mode 100644
new mode 100755
similarity index 89%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.sh
index 2bb4fcf6bb84185cc99f9e015fd2525668bcb3ed..6c54f49abbb32b0a2b02679f8df5ded989d000e8
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.sh
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/coreos-enable-network.sh
@@ -20,7 +20,7 @@ if ! dracut_func getargbool 0 'rd.neednet'; then
     # Hack: we need to rerun the NM cmdline hook because we run after
     # dracut-cmdline.service because we need udev. We should be able to move
     # away from this once we run NM as a systemd unit. See also:
-    
+    # https://github.com/coreos/fedora-coreos-config/pull/346#discussion_r409843428
     set +euo pipefail
     . /usr/lib/dracut/hooks/cmdline/99-nm-config.sh
     set -euo pipefail
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh
old mode 100644
new mode 100755
similarity index 94%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh
index 58052ee8d105c9df1a17b367b1ed0ac6d7b64c59..7c910b1b749ef1cc34cff579fbab9c7672da7322
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/35coreos-network/module-setup.sh
@@ -3,7 +3,7 @@ install_and_enable_unit() {
     target="$1"; shift
     inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit"
     # note we `|| exit 1` here so we error out if e.g. the units are missing
-    
+    # see https://github.com/coreos/fedora-coreos-config/issues/799
     systemctl -q --root="$initdir" add-requires "$target" "$unit" || exit 1
 }
 
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/00-core.ign b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/00-core.ign
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/00-core.ign
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/00-core.ign
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/README.md b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/README.md
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/README.md
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/README.md
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/module-setup.sh
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/module-setup.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-conf/module-setup.sh
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-check-rootfs-size b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-check-rootfs-size
old mode 100644
new mode 100755
similarity index 82%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-check-rootfs-size
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-check-rootfs-size
index d758ac489c11d90f3553e2183f3a79ff52920ac9..2c320bed93924aa5740fb86cdba0a96d001fd4a7
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-check-rootfs-size
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-check-rootfs-size
@@ -2,7 +2,7 @@
 set -euo pipefail
 
 # See also ignition-ostree-check-rootfs-size.service
-
+# https://github.com/coreos/fedora-coreos-tracker/issues/586#issuecomment-777220000
 
 srcdev=$(findmnt -nvr -o SOURCE /sysroot | tail -n1)
 size=$(lsblk --nodeps --noheadings --bytes -o SIZE "${srcdev}")
@@ -22,7 +22,8 @@ ${YELLOW}
 ############################################################################
 WARNING: The root filesystem is too small. It is strongly recommended to
 allocate at least ${MINIMUM_GB} GiB of space to allow for upgrades. From June 2021, this
-condition will trigger a failure in some cases. 
+condition will trigger a failure in some cases. For more information, see:
+https://docs.fedoraproject.org/en-US/fedora-coreos/storage/
 
 You may delete this warning using:
 sudo rm ${MOTD_DROPIN}
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-relabel b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-relabel
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-relabel
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-relabel
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-rootflags.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-rootflags.sh
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-rootflags.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/coreos-rootflags.sh
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-check-rootfs-size.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-check-rootfs-size.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-check-rootfs-size.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-check-rootfs-size.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid
old mode 100644
new mode 100755
similarity index 90%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid
index e7809535177bce5b2abafcd20510777d99bfe0ad..b2177352e8784325cdee735c40201b0ddb0f7558
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-firstboot-uuid
@@ -1,6 +1,6 @@
 #!/bin/bash
 set -euo pipefail
-
+# https://github.com/coreos/fedora-coreos-tracker/issues/465
 # coreos-assembler generates disk images which are installed bit-for-bit
 # or booted directly in the cloud.
 # Generate new UUID on firstboot; this is general best practice, but in the future
@@ -8,7 +8,7 @@ set -euo pipefail
 
 label=$1
 
-
+# Keep this in sync with https://github.com/coreos/coreos-assembler/blob/e3905fd2e138de04184c1cd86b99b0fd83cbe5cf/src/create_disk.sh#L17
 bootfs_uuid="96d15588-3596-4b3c-adca-a2ff7279ea63"
 rootfs_uuid="910678ff-f77e-4a7d-8d53-86f2ac47a823"
 
@@ -43,6 +43,7 @@ if [ "${TYPE}" == "${orig_type}" ] && [ "${UUID}" == "${orig_uuid}" ]; then
               # complain. It will still error if the last checked timestamp (just
               # set by the e2fsck above) is older than the last mount timestamp (happens
               # on systems with out of date or non-functioning hardware clocks).
+              # See https://github.com/coreos/fedora-coreos-tracker/issues/735#issuecomment-859605953
               # Potentially fixed in future by: https://www.spinics.net/lists/linux-ext4/msg78012.html
               tune2fsinfo="$(tune2fs -l ${target})"
               lastmount=$(echo "$tune2fsinfo" | grep '^Last mount time:' | cut -d ':' -f 2,3,4)
@@ -60,7 +61,7 @@ if [ "${TYPE}" == "${orig_type}" ] && [ "${UUID}" == "${orig_uuid}" ]; then
     xfs) xfs_admin -U generate "${target}" ;;
     *) echo "unexpected filesystem type ${TYPE}" 1>&2; exit 1 ;;
   esac
-  udevadm settle
+  udevadm settle || :
   echo "Regenerated UUID for ${target}"
 else
   echo "No changes required for ${target} TYPE=${TYPE} UUID=${UUID}"
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh
old mode 100644
new mode 100755
similarity index 97%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh
index 90f9595476a4824c15d74e57fc9e04e3b5871d6d..d20b6a08d984e0c217168d7b67f3b76b44bb38a8
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-growfs.sh
@@ -61,6 +61,7 @@ esac
 
 # Now, go through the hierarchy, growing everything. Note we go one device at a
 # time using --nodeps, because ordering is buggy in el8:
+# https://bugzilla.redhat.com/show_bug.cgi?id=1940607
 current_blkdev=${partition}
 while true; do
     eval "$(lsblk --paths --nodeps --pairs -o NAME,TYPE,PKNAME "${current_blkdev}")"
@@ -71,7 +72,7 @@ while true; do
             if [ -n "${DM_MPATH:-}" ]; then
                 # Since growpart does not understand device mapper, we have to use sfdisk.
                 echo ", +" | sfdisk --no-reread --no-tell-kernel --force -N "${DM_PART}" "/dev/mapper/${DM_MPATH}"
-                udevadm settle # Wait for udev-triggered kpartx to update mappings
+                udevadm settle || : # Wait for udev-triggered kpartx to update mappings
             else
                 partnum=$(cat "/sys/dev/block/${MAJMIN}/partition")
                 # XXX: ideally this'd be idempotent and we wouldn't `|| :`
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-firstboot-sysroot.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-firstboot-sysroot.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-firstboot-sysroot.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-firstboot-sysroot.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-subsequent-sysroot.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-subsequent-sysroot.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-subsequent-sysroot.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-subsequent-sysroot.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-sysroot.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-sysroot.sh
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-sysroot.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-sysroot.sh
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.sh
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-mount-var.sh
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.sh
old mode 100644
new mode 100755
similarity index 90%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.sh
index fb5092d829e7fe51951e7c1a89ec00ee1ce0618b..01212db7d5c0a54d58e2a630edf17bd5747e175c
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.sh
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-populate-var.sh
@@ -29,7 +29,7 @@ for varsubdir in lib log home roothome opt srv usrlocal mnt media; do
         # (though... we *could* import them from the sysroot, and have
         # nss-altfiles in the initrd, but meh...  let's just wait for
         # systemd-sysusers which will make this way easier:
-        
+        # https://github.com/coreos/fedora-coreos-config/pull/56/files#r262592361).
         mkdir -p /sysroot/var/${varsubdir}
     else
         systemd-tmpfiles --create --boot --root=/sysroot --prefix="/var/${varsubdir}"
@@ -37,7 +37,7 @@ for varsubdir in lib log home roothome opt srv usrlocal mnt media; do
 
     if [[ $varsubdir == roothome ]]; then
         # TODO move this to tmpfiles.d once systemd-tmpfiles handles C! with --root correctly.
-        
+        # See https://github.com/coreos/fedora-coreos-config/pull/137
         cp /sysroot/etc/skel/.bash* /sysroot/var/${varsubdir}
     fi
 
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-detect.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-detect.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-detect.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-detect.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-restore.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-restore.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-restore.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-restore.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-save.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-save.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-save.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs-save.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-transposefs.sh
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-boot.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/ignition-ostree-uuid-root.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh
old mode 100644
new mode 100755
similarity index 97%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh
index ccaf8ccb21a7f06f24cd47b9ddf967bc79259788..bf9a7872abc14f91a94e3e30275b04baa8b6450b
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/40ignition-ostree/module-setup.sh
@@ -11,6 +11,7 @@ install_ignition_unit() {
     local target=${1:-complete}
     inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit"
     # note we `|| exit 1` here so we error out if e.g. the units are missing
+    # see https://github.com/coreos/fedora-coreos-config/issues/799
     systemctl -q --root="$initdir" add-requires "ignition-${target}.target" "$unit" || exit 1
 }
 
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/coreos-check-kernel.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/coreos-check-kernel.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/coreos-check-kernel.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/coreos-check-kernel.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/module-setup.sh
old mode 100644
new mode 100755
similarity index 85%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/module-setup.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/module-setup.sh
index 6c278a93e204f9111b3a0ae433341613cb34492e..cac7b643f4536ce304e4446b8315f43adb69b048
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/module-setup.sh
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/50coreos-kernel/module-setup.sh
@@ -3,6 +3,7 @@ install_unit() {
     target="$1"; shift
     inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit"
     # note we `|| exit 1` here so we error out if e.g. the units are missing
+    # see https://github.com/coreos/fedora-coreos-config/issues/799
     systemctl -q --root="$initdir" add-requires "$target" "$unit" || exit 1
 }
 
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/coreos-touch-run-agetty.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/coreos-touch-run-agetty.service
old mode 100644
new mode 100755
similarity index 68%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/coreos-touch-run-agetty.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/coreos-touch-run-agetty.service
index 195b392ddbe9db53aa16c74b08ad086d08afe3d4..743670ea0bf3d64c615e90ca7811ac58250edc69
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/coreos-touch-run-agetty.service
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/coreos-touch-run-agetty.service
@@ -1,4 +1,6 @@
 # Temporary hack to work around agetty SELinux denials.
+# https://github.com/coreos/fedora-coreos-config/pull/859#issuecomment-783713383
+# https://bugzilla.redhat.com/show_bug.cgi?id=1932053
 [Unit]
 Description=CoreOS: Touch /run/agetty.reload
 Documentation=https://bugzilla.redhat.com/show_bug.cgi?id=1932053
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh
old mode 100644
new mode 100755
similarity index 78%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh
index cce3ace68ac5e29c99a2adc3be4fbd862876cff2..1423fd5a42ad334a2bd3421f65c489c229c928ef
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/60coreos-agetty-workaround/module-setup.sh
@@ -2,11 +2,13 @@
 # -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
 # ex: ts=8 sw=4 sts=4 et filetype=sh
 
+# Temporary workaround for https://bugzilla.redhat.com/show_bug.cgi?id=1932053.
 
 install_unit() {
     local unit=$1; shift
     inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit"
     # note we `|| exit 1` here so we error out if e.g. the units are missing
+    # see https://github.com/coreos/fedora-coreos-config/issues/799
     systemctl -q --root="$initdir" add-requires initrd.target "$unit" || exit 1
 }
 
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.service b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.service
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.service
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.sh
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/ignition-virtio-dump-journal.sh
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/module-setup.sh
old mode 100644
new mode 100755
similarity index 91%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/module-setup.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/module-setup.sh
index d8ba3c039df5ba525209932bc04f53202c000e0b..63907da41266ecbdce76cb0c2dcea51b1813ef88
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/module-setup.sh
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/module-setup.sh
@@ -8,6 +8,7 @@ install_unit_wants() {
     local instantiated="${1:-$unit}"; shift
     inst_simple "$moddir/$unit" "$systemdsystemunitdir/$unit"
     # note we `|| exit 1` here so we error out if e.g. the units are missing
+    # see https://github.com/coreos/fedora-coreos-config/issues/799
     systemctl -q --root="$initdir" add-wants "$target" "$instantiated" || exit 1
 }
 
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/timeout.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/timeout.sh
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/timeout.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99emergency-timeout/timeout.sh
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/00-journal-log-forwarding.conf b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/00-journal-log-forwarding.conf
old mode 100644
new mode 100755
similarity index 87%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/00-journal-log-forwarding.conf
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/00-journal-log-forwarding.conf
index f66ea93fa98bc12542679350d4a21ed414aad7f9..091a114d5cea1bf90ec2c2f2cbce28fb9c45a1a2
--- a/config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/00-journal-log-forwarding.conf
+++ b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/00-journal-log-forwarding.conf
@@ -7,6 +7,6 @@
 # ring buffer using `dmesg`). In the future we will rely on kernel
 # console multiplexing (link below) for this and will not use kmsg.
 # 
-
+# https://github.com/coreos/fedora-coreos-tracker/issues/136
 ForwardToKMsg=yes
 MaxLevelKMsg=info
diff --git a/config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/module-setup.sh b/nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/module-setup.sh
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/module-setup.sh
rename to nestos-config/overlay.d/05core/usr/lib/dracut/modules.d/99journal-conf/module-setup.sh
diff --git a/config/overlay.d/05core/usr/lib/sysctl.d/10-coreos-ratelimit-kmsg.conf b/nestos-config/overlay.d/05core/usr/lib/sysctl.d/10-coreos-ratelimit-kmsg.conf
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/sysctl.d/10-coreos-ratelimit-kmsg.conf
rename to nestos-config/overlay.d/05core/usr/lib/sysctl.d/10-coreos-ratelimit-kmsg.conf
diff --git a/config/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf b/nestos-config/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf
rename to nestos-config/overlay.d/05core/usr/lib/systemd/journald.conf.d/10-coreos-persistent.conf
diff --git a/config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator b/nestos-config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator
old mode 100644
new mode 100755
similarity index 60%
rename from config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator
rename to nestos-config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator
index c1beaebbcbc9dcce5d8fe16299479d0246146b43..5724fdcb26eac07285b97982a1d3fd00ae239a4a
--- a/config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator
+++ b/nestos-config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-boot-mount-generator
@@ -61,14 +61,50 @@ EOF
     add_wants "${unit_name}"
 }
 
+# Copied from
+# https://github.com/dracutdevs/dracut/blob/9491e599282d0d6bb12063eddbd192c0d2ce8acf/modules.d/99base/dracut-lib.sh#L586
+# rather than sourcing it.
+label_uuid_to_dev() {
+    local _dev
+    _dev="${1#block:}"
+    case "$_dev" in
+        LABEL=*)
+            echo "/dev/disk/by-label/$(echo "${_dev#LABEL=}" | sed 's,/,\\x2f,g;s, ,\\x20,g')"
+            ;;
+        PARTLABEL=*)
+            echo "/dev/disk/by-partlabel/$(echo "${_dev#PARTLABEL=}" | sed 's,/,\\x2f,g;s, ,\\x20,g')"
+            ;;
+        UUID=*)
+            echo "/dev/disk/by-uuid/$(echo "${_dev#UUID=}" | tr "[:upper:]" "[:lower:]")"
+            ;;
+        PARTUUID=*)
+            echo "/dev/disk/by-partuuid/$(echo "${_dev#PARTUUID=}" | tr "[:upper:]" "[:lower:]")"
+            ;;
+    esac
+}
+
 # If the root device is multipath, hook up /boot to use that too,
 # based on our custom udev rules in 90-coreos-device-mapper.rules
 # that creates "label found on mpath" links.
 # Otherwise, use the usual by-label symlink.
+# See discussion in https://github.com/coreos/fedora-coreos-config/pull/1022
 bootdev=/dev/disk/by-label/boot
-# TODO add equivalent of getargbool() so we handle rd.multipath=0
-if have_karg rd.multipath; then
+bootkarg=$(karg boot)
+mpath=$(karg rd.multipath)
+if [ -n "${mpath}" ] && [ "${mpath}" != 0 ]; then
     bootdev=/dev/disk/by-label/dm-mpath-boot
+# Newer nodes inject boot=UUID=..., but we support a larger subset of the dracut/fips API
+elif [ -n "${bootkarg}" ]; then
+    # Adapted from https://github.com/dracutdevs/dracut/blob/9491e599282d0d6bb12063eddbd192c0d2ce8acf/modules.d/01fips/fips.sh#L17
+    case "$bootkarg" in
+        LABEL=* | UUID=* | PARTUUID=* | PARTLABEL=*)
+            bootdev="$(label_uuid_to_dev "$bootkarg")";;
+        /dev/*) bootdev=$bootkarg;;
+        *) echo "Unknown boot karg '${bootkarg}'; falling back to ${bootdev}";;
+    esac
+# This is used for the first boot only
+elif [ -f /run/coreos/bootfs_uuid ]; then
+    bootdev=/dev/disk/by-uuid/$(cat /run/coreos/bootfs_uuid)
 fi
 
 # We mount read-only by default mostly to protect
diff --git a/config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-liveiso-autologin-generator b/nestos-config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-liveiso-autologin-generator
old mode 100644
new mode 100755
similarity index 89%
rename from config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-liveiso-autologin-generator
rename to nestos-config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-liveiso-autologin-generator
index 9e177ce3c808639348cddce0670e79e633592805..ef615942205a0d8ef3ba6eb34afafcd31a0ed33a
--- a/config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-liveiso-autologin-generator
+++ b/nestos-config/overlay.d/05core/usr/lib/systemd/system-generators/coreos-liveiso-autologin-generator
@@ -40,15 +40,15 @@ write_interactive_live_motd() {
 Welcome to the NestOS live environment. This system is running completely
 from memory, making it a good candidate for hardware discovery and
 installing persistently to disk. Here is an example of running an install
-to disk via coreos-installer:
+to disk via nestos-installer:
 
-sudo coreos-installer install /dev/sda \\
-    --ignition-file config.ign
+sudo nestos-installer install /dev/sda \\
+    --ignition-url https://example.com/example.ign
 
 You may configure networking via 'sudo nmcli' or 'sudo nmtui' and have
 that configuration persist into the installed system by passing the
-'--copy-network' argument to 'coreos-installer install'. Please run
-'coreos-installer install --help' for more information on the possible
+'--copy-network' argument to 'nestos-installer install'. Please run
+'nestos-installer install --help' for more information on the possible
 install options.
 ###########################################################################
 
@@ -85,9 +85,7 @@ fi
 # If the user supplied an Ignition config, they have the ability to enable
 # autologin themselves.  Don't automatically render them insecure, since
 # they might be running in production and booting via e.g. IPMI.
-
-ign_usercfg_msg=$(journalctl -q MESSAGE_ID=57124006b5c94805b77ce473e92a8aeb IGNITION_CONFIG_TYPE=user)
-if [ -n "${ign_usercfg_msg}" ]; then
+if jq -e .userConfigProvided /etc/.ignition-result.json &>/dev/null; then
     exit 0
 fi
 
diff --git a/config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset b/nestos-config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset
rename to nestos-config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos-systemd.preset
diff --git a/config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset b/nestos-config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset
old mode 100644
new mode 100755
similarity index 46%
rename from config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset
rename to nestos-config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset
index 15100944fa3675cf3dcb223b6b3597d9838389cf..13963ef789d83d4114890bb9487697679f08c5d0
--- a/config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset
+++ b/nestos-config/overlay.d/05core/usr/lib/systemd/system-preset/40-coreos.preset
@@ -1,10 +1,11 @@
+# Presets here that eventually should live in the generic fedora presets
 
-
+# console-login-helper-messages - https://github.com/coreos/console-login-helper-messages
 enable console-login-helper-messages-gensnippet-os-release.service
 enable console-login-helper-messages-gensnippet-ssh-keys.service
-
+# CA certs (probably to add to base fedora eventually)
 enable coreos-update-ca-trust.service
-
+# https://github.com/coreos/ignition/issues/1125
 enable coreos-ignition-firstboot-complete.service
 # Boot checkin services for cloud providers.
 enable afterburn-checkin.service
@@ -17,7 +18,10 @@ enable zincati.service
 enable coreos-liveiso-success.service
 # See bootupd.yaml
 enable bootupd.socket
-
-
+# Enable rtas_errd for ppc64le to discover dynamically attached pci devices - https://bugzilla.redhat.com/show_bug.cgi?id=1811537
+# The event for the attached device comes as a diag event.
+# Ideally it should have been added as part of base Fedora - but since it was arch specific, it was not added: https://bugzilla.redhat.com/show_bug.cgi?id=1433859
 enable rtas_errd.service
 enable clevis-luks-askpass.path
+# Provide information if no ignition is provided
+enable coreos-check-ignition-config.service
diff --git a/config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ignition-config.service b/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-check-ignition-config.service
old mode 100644
new mode 100755
similarity index 42%
rename from config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ignition-config.service
rename to nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-check-ignition-config.service
index 1a91853d6bcbc071fe83b34c77899d2d95604021..569de69eee8700835c5db9fffced2f16d06574f4
--- a/config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ignition-config.service
+++ b/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-check-ignition-config.service
@@ -2,15 +2,13 @@
 # no Ignition config is provided.
 [Unit]
 Description=Check if Ignition config is provided
-# Only perform checks on the first (Ignition) boot as they are
-# mostly useful only on that boot. This ensures systems started
-# before Ignition/Afterburn started logging structured data don't
-# get misleading messages. Also handles the case where the journal
-# gets rotated and no longer has the structured log messages.
-ConditionKernelCommandLine=ignition.firstboot
+Before=systemd-user-sessions.service
+ConditionPathExists=/etc/.ignition-result.json
+
 [Service]
 Type=oneshot
 ExecStart=/usr/libexec/coreos-check-ignition-config
 RemainAfterExit=yes
+
 [Install]
 WantedBy=multi-user.target
diff --git a/config/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service b/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service
rename to nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-ignition-firstboot-complete.service
diff --git a/config/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service b/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service
old mode 100644
new mode 100755
similarity index 49%
rename from config/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service
rename to nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service
index e7dc06182225e2d016e4c5c0b6f4a6ac17538067..d148d12cb207480282edb762a79cdc946c3cfce6
--- a/config/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service
+++ b/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-liveiso-success.service
@@ -15,14 +15,12 @@ ConditionPathExists=/dev/virtio-ports/coreos.liveiso-success
 
 [Service]
 Type=simple
-# https://stackoverflow.com/questions/44358723/systemd-unit-file-problems-with-tr
-IgnoreSIGPIPE=false
-# See https://cgit.freedesktop.org/systemd/systemd/plain/src/systemd/sd-messages.h for the MESSAGE_ID source.
-# The logic here is that we're doing a streaming journalctl query (-f to follow)
-# and the `| head` bit will cause the pipeline to wait until at least one line is
-# emitted, which will happen when a user login starts.  We then just write a static
-# knows how to read.
-ExecStart=/bin/sh -c 'journalctl -b -q -f --no-tail -o cat -u systemd-logind.service MESSAGE_ID=8d45620c1a4348dbb17410da57c60c66 | head -1; echo coreos-liveiso-success > /dev/virtio-ports/coreos.liveiso-success'
+# Wait for a user session to start, then write a static message to the
+# virtio channel, which https://github.com/coreos/coreos-assembler/pull/1330
+# knows how to read.  We previously did "journalctl -f ... | head -1" here,
+# but RHEL 8 has systemd 239, which has
+# https://github.com/systemd/systemd/issues/9374.
+ExecStart=/bin/sh -c 'while [ -z "$(loginctl list-sessions --no-legend)" ]; do sleep 1; done; echo coreos-liveiso-success > /dev/virtio-ports/coreos.liveiso-success'
 
 [Install]
 WantedBy=multi-user.target
diff --git a/config/overlay.d/05core/usr/lib/systemd/system/coreos-update-ca-trust.service b/nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-update-ca-trust.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/systemd/system/coreos-update-ca-trust.service
rename to nestos-config/overlay.d/05core/usr/lib/systemd/system/coreos-update-ca-trust.service
diff --git a/config/overlay.d/05core/usr/lib/systemd/system/emergency.service.d/coreos-sulogin-force.conf b/nestos-config/overlay.d/05core/usr/lib/systemd/system/emergency.service.d/coreos-sulogin-force.conf
old mode 100644
new mode 100755
similarity index 77%
rename from config/overlay.d/05core/usr/lib/systemd/system/emergency.service.d/coreos-sulogin-force.conf
rename to nestos-config/overlay.d/05core/usr/lib/systemd/system/emergency.service.d/coreos-sulogin-force.conf
index 7300c8593902dff6ef746caee742c7021873f8b9..390f72723f0c94f4edef92a4f1eda67bf5607644
--- a/config/overlay.d/05core/usr/lib/systemd/system/emergency.service.d/coreos-sulogin-force.conf
+++ b/nestos-config/overlay.d/05core/usr/lib/systemd/system/emergency.service.d/coreos-sulogin-force.conf
@@ -1,4 +1,4 @@
-
+# https://github.com/coreos/coreos-installer/commit/15a79263d0bd5d72056a6080f6687dc10cba2dda
 # https://github.com/systemd/systemd/pull/10397
 # We want things like `systemd.unit=emergency.target` and `single` on the 
 # kernel command line to just work even with our locked root account.
diff --git a/nestos-config/overlay.d/05core/usr/lib/systemd/system/rescue.service.d/coreos-sulogin-force.conf b/nestos-config/overlay.d/05core/usr/lib/systemd/system/rescue.service.d/coreos-sulogin-force.conf
new file mode 100755
index 0000000000000000000000000000000000000000..a8a1f7adb7eeca4bd5e21ca0ee834efbf72396b5
--- /dev/null
+++ b/nestos-config/overlay.d/05core/usr/lib/systemd/system/rescue.service.d/coreos-sulogin-force.conf
@@ -0,0 +1 @@
+../emergency.service.d/coreos-sulogin-force.conf
\ No newline at end of file
diff --git a/nestos-config/overlay.d/05core/usr/lib/systemd/system/systemd-backlight@.service.d/45-after-ostree-remount.conf b/nestos-config/overlay.d/05core/usr/lib/systemd/system/systemd-backlight@.service.d/45-after-ostree-remount.conf
new file mode 100755
index 0000000000000000000000000000000000000000..fc1c8218a4ddd3bab76239d9d4234834daa8df23
--- /dev/null
+++ b/nestos-config/overlay.d/05core/usr/lib/systemd/system/systemd-backlight@.service.d/45-after-ostree-remount.conf
@@ -0,0 +1,4 @@
+# Temporary fix for https://github.com/coreos/fedora-coreos-tracker/issues/975
+# until https://github.com/ostreedev/ostree/issues/2115 is fixed.
+[Unit]
+After=ostree-remount.service
diff --git a/config/overlay.d/05core/usr/lib/systemd/system/systemd-firstboot.service.d/fcos-disable.conf b/nestos-config/overlay.d/05core/usr/lib/systemd/system/systemd-firstboot.service.d/fcos-disable.conf
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/systemd/system/systemd-firstboot.service.d/fcos-disable.conf
rename to nestos-config/overlay.d/05core/usr/lib/systemd/system/systemd-firstboot.service.d/fcos-disable.conf
diff --git a/config/overlay.d/05core/usr/lib/udev/rules.d/65-gce-disk-naming.rules b/nestos-config/overlay.d/05core/usr/lib/udev/rules.d/65-gce-disk-naming.rules
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/udev/rules.d/65-gce-disk-naming.rules
rename to nestos-config/overlay.d/05core/usr/lib/udev/rules.d/65-gce-disk-naming.rules
diff --git a/config/overlay.d/05core/usr/lib/udev/rules.d/68-azure-sriov-nm-unmanaged.rules b/nestos-config/overlay.d/05core/usr/lib/udev/rules.d/68-azure-sriov-nm-unmanaged.rules
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/udev/rules.d/68-azure-sriov-nm-unmanaged.rules
rename to nestos-config/overlay.d/05core/usr/lib/udev/rules.d/68-azure-sriov-nm-unmanaged.rules
diff --git a/config/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules b/nestos-config/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules
rename to nestos-config/overlay.d/05core/usr/lib/udev/rules.d/90-coreos-device-mapper.rules
diff --git a/nestos-config/overlay.d/05core/usr/libexec/coreos-check-ignition-config b/nestos-config/overlay.d/05core/usr/libexec/coreos-check-ignition-config
new file mode 100755
index 0000000000000000000000000000000000000000..794efe974eecb7b7b2e47db248f349a997939159
--- /dev/null
+++ b/nestos-config/overlay.d/05core/usr/libexec/coreos-check-ignition-config
@@ -0,0 +1,47 @@
+#!/usr/bin/bash
+set -euo pipefail
+
+IGNITION_RESULT=/etc/.ignition-result.json
+
+WARN='\033[0;33m' # yellow
+RESET='\033[0m' # reset
+
+mkdir -p /run/issue.d
+touch /run/issue.d/30_coreos_ignition_provisioning.issue
+
+d=$(date --date "$(jq -r .provisioningDate "${IGNITION_RESULT}")" +"%Y/%m/%d %H:%M:%S %Z")
+ignitionBoot=$(jq -r .provisioningBootID "${IGNITION_RESULT}")
+if [ $(cat /proc/sys/kernel/random/boot_id) = "${ignitionBoot}" ]; then
+    echo "Ignition: ran on ${d} (this boot)" \
+        > /run/issue.d/30_coreos_ignition_provisioning.issue
+
+    # checking for /run/ostree-live as the live system with persistent storage can run Ignition more than once
+    if ! test -f /run/ostree-live && jq -e .previousReport.provisioningDate "${IGNITION_RESULT}" &>/dev/null; then
+        prevdate=$(date --date "$(jq -r .previousReport.provisioningDate "${IGNITION_RESULT}")" +"%Y/%m/%d %H:%M:%S %Z")
+        cat << EOF > /etc/issue.d/30_coreos_ignition_run_more_than_once.issue
+${WARN}
+############################################################################
+WARNING: Ignition previously ran on ${prevdate}. Unexpected 
+behavior may occur. Ignition is not designed to run more than once per system.
+############################################################################
+${RESET}
+EOF
+    fi
+else
+    nreboots=$(($(journalctl --list-boots | wc -l) - 1))
+    [ "${nreboots}" -eq 1 ] && boot="boot" || boot="boots"
+    echo "Ignition: ran on ${d} (at least $nreboots $boot ago)" \
+        > /run/issue.d/30_coreos_ignition_provisioning.issue
+fi
+
+if jq -e .userConfigProvided "${IGNITION_RESULT}" &>/dev/null; then
+    echo "Ignition: user-provided config was applied" \
+        >> /run/issue.d/30_coreos_ignition_provisioning.issue
+else
+    echo -e "${WARN}Ignition: no config provided by user${RESET}" \
+        >> /run/issue.d/30_coreos_ignition_provisioning.issue
+fi
+
+# Our makeshift way of getting /run/issue.d semantics. See:
+# https://github.com/coreos/console-login-helper-messages/blob/e06fc88ae8fbcc3a422bc8c686f70c15aebb9d9a/usr/lib/console-login-helper-messages/issue.defs#L8-L17
+ln -sf /run/issue.d/30_coreos_ignition_provisioning.issue /etc/issue.d/
diff --git a/config/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete b/nestos-config/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete
old mode 100644
new mode 100755
similarity index 88%
rename from config/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete
rename to nestos-config/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete
index b9d105c25b611f691709f11549580277feafff57..3973d11e04a538a62ed8c542f96e21d814676506
--- a/config/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete
+++ b/nestos-config/overlay.d/05core/usr/libexec/coreos-ignition-firstboot-complete
@@ -9,7 +9,7 @@ fi
 
 # We're done provisioning. Remove the whole /boot/ignition directory if present,
 # which may include a baked Ignition config. See
-
+# https://github.com/coreos/fedora-coreos-tracker/issues/889.
 rm -rf /boot/ignition
 
 # Regarding the lack of `-f` for rm ; we should have only run if GRUB detected
diff --git a/config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/LICENSE b/nestos-config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/LICENSE
old mode 100644
new mode 100755
similarity index 96%
rename from config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/LICENSE
rename to nestos-config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/LICENSE
index 660c8228beb2050c8ee1ab70192f9c474ab00c97..b81e261c59cc56e339a5d3b475b9ba43200b0395
--- a/config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/LICENSE
+++ b/nestos-config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/LICENSE
@@ -1,4 +1,4 @@
-Copyright 2021 NestOS Authors.
+Copyright 2018 Fedora CoreOS Authors.
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the
diff --git a/config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/README.md b/nestos-config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/README.md
old mode 100644
new mode 100755
similarity index 64%
rename from config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/README.md
rename to nestos-config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/README.md
index c966244dfd822ad33e309edd53d68b7463f63a22..ba7a3261a9a2bb2ad142891dd2b42445c38c1eeb
--- a/config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/README.md
+++ b/nestos-config/overlay.d/05core/usr/share/licenses/fedora-coreos-config/README.md
@@ -1,12 +1,13 @@
-# nestos-config
+# fedora-coreos-config
 
-Today most components of NestOS are built as RPMs; this
-is the main exception.  nest-config is "architecture-independent glue"
+Today most components of Fedora CoreOS are built as RPMs; this
+is the main exception.  fedora-coreos-config is "architecture-independent glue"
 and the overhead of building an RPM for each change is onerous.
 
 It's also *the* central point of management (e.g. it contains lockfiles), so having it be
 an RPM too would become circular.  Instead, coreos-assembler directly consumes it.
 
+The upstream git repository is: https://github.com/coreos/fedora-coreos-config
 
 From a running system, to find the source commit use:
 ```
diff --git a/nestos-config/overlay.d/08nouveau/etc/modprobe.d/blacklist-nouveau.conf b/nestos-config/overlay.d/08nouveau/etc/modprobe.d/blacklist-nouveau.conf
new file mode 100755
index 0000000000000000000000000000000000000000..0cc994e48b318ea4538fc983c6689920f23f1284
--- /dev/null
+++ b/nestos-config/overlay.d/08nouveau/etc/modprobe.d/blacklist-nouveau.conf
@@ -0,0 +1,2 @@
+# See https://bugzilla.redhat.com/show_bug.cgi?id=1700056
+blacklist nouveau
diff --git a/nestos-config/overlay.d/08nouveau/statoverride b/nestos-config/overlay.d/08nouveau/statoverride
new file mode 100755
index 0000000000000000000000000000000000000000..27a95affe231775fe6dfa01c7fdf79a5f184575b
--- /dev/null
+++ b/nestos-config/overlay.d/08nouveau/statoverride
@@ -0,0 +1,2 @@
+# Config file for overriding permission bits on overlay files/dirs
+# Format: =<file mode in decimal> <absolute path to a file or directory>
diff --git a/config/overlay.d/09misc/etc/sysconfig/README b/nestos-config/overlay.d/09misc/etc/sysconfig/README
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/09misc/etc/sysconfig/README
rename to nestos-config/overlay.d/09misc/etc/sysconfig/README
diff --git a/nestos-config/overlay.d/09misc/statoverride b/nestos-config/overlay.d/09misc/statoverride
new file mode 100755
index 0000000000000000000000000000000000000000..27a95affe231775fe6dfa01c7fdf79a5f184575b
--- /dev/null
+++ b/nestos-config/overlay.d/09misc/statoverride
@@ -0,0 +1,2 @@
+# Config file for overriding permission bits on overlay files/dirs
+# Format: =<file mode in decimal> <absolute path to a file or directory>
diff --git a/nestos-config/overlay.d/14NetworkManager-plugins/statoverride b/nestos-config/overlay.d/14NetworkManager-plugins/statoverride
new file mode 100755
index 0000000000000000000000000000000000000000..27a95affe231775fe6dfa01c7fdf79a5f184575b
--- /dev/null
+++ b/nestos-config/overlay.d/14NetworkManager-plugins/statoverride
@@ -0,0 +1,2 @@
+# Config file for overriding permission bits on overlay files/dirs
+# Format: =<file mode in decimal> <absolute path to a file or directory>
diff --git a/config/overlay.d/14NetworkManager-plugins/usr/lib/NetworkManager/conf.d/10-disable-default-plugins.conf b/nestos-config/overlay.d/14NetworkManager-plugins/usr/lib/NetworkManager/conf.d/10-disable-default-plugins.conf
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/14NetworkManager-plugins/usr/lib/NetworkManager/conf.d/10-disable-default-plugins.conf
rename to nestos-config/overlay.d/14NetworkManager-plugins/usr/lib/NetworkManager/conf.d/10-disable-default-plugins.conf
diff --git a/config/overlay.d/15fcos/etc/ssh/sshd_config.d/40-disable-passwords.conf b/nestos-config/overlay.d/15fcos/etc/ssh/sshd_config.d/40-disable-passwords.conf
old mode 100644
new mode 100755
similarity index 70%
rename from config/overlay.d/15fcos/etc/ssh/sshd_config.d/40-disable-passwords.conf
rename to nestos-config/overlay.d/15fcos/etc/ssh/sshd_config.d/40-disable-passwords.conf
index f0faa508601208cc2034ec0c80958725baa78f6d..5785acd256888ee630a4c246975acaa5f7f5eed4
--- a/config/overlay.d/15fcos/etc/ssh/sshd_config.d/40-disable-passwords.conf
+++ b/nestos-config/overlay.d/15fcos/etc/ssh/sshd_config.d/40-disable-passwords.conf
@@ -1,4 +1,5 @@
 # Disable password logins by default.
+# https://github.com/coreos/fedora-coreos-tracker/issues/138
 # This file must sort before 50-redhat.conf, which enables
 # PasswordAuthentication.
 PasswordAuthentication no
diff --git a/nestos-config/overlay.d/15fcos/statoverride b/nestos-config/overlay.d/15fcos/statoverride
new file mode 100755
index 0000000000000000000000000000000000000000..27a95affe231775fe6dfa01c7fdf79a5f184575b
--- /dev/null
+++ b/nestos-config/overlay.d/15fcos/statoverride
@@ -0,0 +1,2 @@
+# Config file for overriding permission bits on overlay files/dirs
+# Format: =<file mode in decimal> <absolute path to a file or directory>
diff --git a/config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-aws-nm-cloud-setup.ign b/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-aws-nm-cloud-setup.ign
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-aws-nm-cloud-setup.ign
rename to nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-aws-nm-cloud-setup.ign
diff --git a/config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-azure-nm-cloud-setup.ign b/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-azure-nm-cloud-setup.ign
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-azure-nm-cloud-setup.ign
rename to nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-azure-nm-cloud-setup.ign
diff --git a/config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-gcp-nm-cloud-setup.ign b/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-gcp-nm-cloud-setup.ign
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-gcp-nm-cloud-setup.ign
rename to nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/20-gcp-nm-cloud-setup.ign
diff --git a/config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/30-afterburn-sshkeys-core.ign b/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/30-afterburn-sshkeys-core.ign
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/30-afterburn-sshkeys-core.ign
rename to nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/30-afterburn-sshkeys-core.ign
diff --git a/config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/README.md b/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/README.md
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/README.md
rename to nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/README.md
diff --git a/config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/module-setup.sh b/nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/module-setup.sh
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/module-setup.sh
rename to nestos-config/overlay.d/15fcos/usr/lib/dracut/modules.d/50ignition-conf-fcos/module-setup.sh
diff --git a/config/overlay.d/15fcos/usr/lib/motd.d/tracker.motd b/nestos-config/overlay.d/15fcos/usr/lib/motd.d/tracker.motd
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/15fcos/usr/lib/motd.d/tracker.motd
rename to nestos-config/overlay.d/15fcos/usr/lib/motd.d/tracker.motd
diff --git a/config/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset b/nestos-config/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset
old mode 100644
new mode 100755
similarity index 74%
rename from config/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset
rename to nestos-config/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset
index eec4287d49940331f0ceae6339367ce67a127fac..ad082ac3674f1d336c504abab1400e1607585ab6
--- a/config/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset
+++ b/nestos-config/overlay.d/15fcos/usr/lib/systemd/system-preset/45-fcos.preset
@@ -1,9 +1,8 @@
 # User metrics client
 enable fedora-coreos-pinger.service
-# Provide information if no ignition is provided
-enable coreos-check-ignition-config.service
 enable coreos-check-ssh-keys.service
 # Check if cgroupsv1 is still being used
 enable coreos-check-cgroups.service
 # Clean up injected Ignition config in /boot on upgrade
+# https://github.com/coreos/fedora-coreos-tracker/issues/889
 enable coreos-cleanup-ignition-config.service
diff --git a/config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service b/nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service
old mode 100644
new mode 100755
similarity index 100%
rename from config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service
rename to nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-cgroups.service
diff --git a/config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service b/nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service
old mode 100644
new mode 100755
similarity index 85%
rename from config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service
rename to nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service
index 793b26c5be6cb958057225360f7274317088f3c6..858e7ed693d05eb2b9a4ea30c050b425ed1d28c8
--- a/config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service
+++ b/nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-check-ssh-keys.service
@@ -4,7 +4,7 @@
 Description=Check that ssh-keys are added by Afterburn/Ignition
 # It allows other units to synchronize around any instance
 # of `afterburn-sshkeys@` and not just the `core` user.
-
+# See https://github.com/coreos/afterburn/pull/481
 After=afterburn-sshkeys.target
 # Only perform checks on the first (Ignition) boot as they are
 # mostly useful only on that boot. This ensures systems started
@@ -12,6 +12,8 @@ After=afterburn-sshkeys.target
 # get misleading messages. Also handles the case where the journal
 # gets rotated and no longer has the structured log messages.
 ConditionKernelCommandLine=ignition.firstboot
+# Run before user sessions to avoid reloading agetty
+Before=systemd-user-sessions.service
 
 [Service]
 Type=oneshot
diff --git a/config/overlay.d/15fcos/usr/lib/systemd/system/coreos-cleanup-ignition-config.service b/nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-cleanup-ignition-config.service
old mode 100644
new mode 100755
similarity index 86%
rename from config/overlay.d/15fcos/usr/lib/systemd/system/coreos-cleanup-ignition-config.service
rename to nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-cleanup-ignition-config.service
index 2df7e2db1a4560e62c21f2806e4b74c24c8c37fd..bb923418ddf303f0cf6b191ad9bbc9fa09fe4a53
--- a/config/overlay.d/15fcos/usr/lib/systemd/system/coreos-cleanup-ignition-config.service
+++ b/nestos-config/overlay.d/15fcos/usr/lib/systemd/system/coreos-cleanup-ignition-config.service
@@ -6,8 +6,6 @@ Documentation=https://github.com/coreos/fedora-coreos-tracker/issues/889
 ConditionKernelCommandLine=!ignition.firstboot
 RequiresMountsFor=/boot
 ConditionPathExists=/boot/ignition
-# We ship a kdump.service dropin that remounts /boot rw; avoid conflicts
-Before=kdump.service
 
 [Service]
 Type=oneshot
diff --git a/config/overlay.d/15fcos/usr/libexec/coreos-check-cgroups b/nestos-config/overlay.d/15fcos/usr/libexec/coreos-check-cgroups
old mode 100644
new mode 100755
similarity index 92%
rename from config/overlay.d/15fcos/usr/libexec/coreos-check-cgroups
rename to nestos-config/overlay.d/15fcos/usr/libexec/coreos-check-cgroups
index 8dfaf0c7df4b95a9299c4944df1d6b9da05dfc2a..39a68b7178e610646801ca1fcd96703720103c5d
--- a/config/overlay.d/15fcos/usr/libexec/coreos-check-cgroups
+++ b/nestos-config/overlay.d/15fcos/usr/libexec/coreos-check-cgroups
@@ -16,6 +16,7 @@ WARNING: This system is using cgroups v1. For increased reliability
 it is strongly recommended to migrate this system and your workloads
 to use cgroups v2. For instructions on how to adjust kernel arguments
 to use cgroups v2, see:
+https://docs.fedoraproject.org/en-US/fedora-coreos/kernel-args/
 
 To disable this warning, use:
 sudo systemctl disable coreos-check-cgroups.service
diff --git a/config/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys b/nestos-config/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys
old mode 100644
new mode 100755
similarity index 88%
rename from config/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys
rename to nestos-config/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys
index f7182f59f1474ebb1971f30f97ba3eff611fbf51..7a7bc350793f11bc37da08237cd7c8b41139e36d
--- a/config/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys
+++ b/nestos-config/overlay.d/15fcos/usr/libexec/coreos-check-ssh-keys
@@ -7,7 +7,7 @@ main() {
     # No color
     nc='\033[0m'
 
-    
+    # See https://github.com/coreos/ignition/pull/964 for the MESSAGE_ID 
     # source. It will track the authorized-ssh-keys entries in journald 
     # provided via Ignition.
     ignitionusers=$(
@@ -15,7 +15,7 @@ main() {
             jq -r '.MESSAGE' | \
             xargs -I{} echo "Ignition: {}")
 
-    
+    # See https://github.com/coreos/afterburn/pull/397 for the MESSAGE_ID 
     # source. It will track the authorized-ssh-keys entries in journald  
     # provided via Afterburn.
     afterburnusers=$(
@@ -41,10 +41,6 @@ main() {
         echo -e "${warn}No SSH authorized keys provided by Ignition or Afterburn${nc}" \
             > /etc/issue.d/30_ssh_authorized_keys.issue
     fi
-
-    # Ask all running agetty instances to reload and update their
-    # displayed prompts in case this script was run before agetty.
-    /usr/sbin/agetty --reload
 }
 
 main
diff --git a/config/overlay.d/15fcos/usr/libexec/coreos-cleanup-ignition-config b/nestos-config/overlay.d/15fcos/usr/libexec/coreos-cleanup-ignition-config
old mode 100644
new mode 100755
similarity index 78%
rename from config/overlay.d/15fcos/usr/libexec/coreos-cleanup-ignition-config
rename to nestos-config/overlay.d/15fcos/usr/libexec/coreos-cleanup-ignition-config
index 172fb48317b825dd5bdc7baa19cb7fb944dfb474..ee76687c0ab0b807e23843d8a738848ac197e92b
--- a/config/overlay.d/15fcos/usr/libexec/coreos-cleanup-ignition-config
+++ b/nestos-config/overlay.d/15fcos/usr/libexec/coreos-cleanup-ignition-config
@@ -2,6 +2,7 @@
 #
 # Clean up existing nodes that have a world-readable /boot/ignition/config.ign.
 # Remove this after the next barrier release on all streams.
+# https://github.com/coreos/fedora-coreos-tracker/issues/889
 
 set -euo pipefail
 
diff --git a/nestos-config/overlay.d/20platform-chrony/statoverride b/nestos-config/overlay.d/20platform-chrony/statoverride
new file mode 100755
index 0000000000000000000000000000000000000000..27a95affe231775fe6dfa01c7fdf79a5f184575b
--- /dev/null
+++ b/nestos-config/overlay.d/20platform-chrony/statoverride
@@ -0,0 +1,2 @@
+# Config file for overriding permission bits on overlay files/dirs
+# Format: =<file mode in decimal> <absolute path to a file or directory>
diff --git a/config/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony b/nestos-config/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony
old mode 100644
new mode 100755
similarity index 84%
rename from config/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony
rename to nestos-config/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony
index d6136e8d194eec5ffdbb5c788d5532a0687eec80..958c6e1732a30943c182303f09d9a846ed31c498
--- a/config/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony
+++ b/nestos-config/overlay.d/20platform-chrony/usr/lib/systemd/system-generators/coreos-platform-chrony
@@ -5,7 +5,14 @@ set -euo pipefail
 # that doesn't work for us because we have a single update stream.  Hence
 # this generator dynamically inspects the platform and reconfigures chrony.
 #
+# AWS: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html
+# Azure: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/time-sync
+# GCP: https://cloud.google.com/compute/docs/instances/managing-instances#configure-ntp
+#
+# Originally spawned from discussion in https://github.com/openshift/installer/pull/3513
 
+# Generators don't have logging right now
+# https://github.com/systemd/systemd/issues/15638
 exec 1>/dev/kmsg; exec 2>&1
 
 self=$(basename $0)
@@ -41,7 +48,7 @@ if [ ! -e /etc/sysconfig/network ] || ! grep -q "PEERNTP" /etc/sysconfig/network
     cat <<EOF >> /etc/sysconfig/network
 # PEERNTP=no is automatically added by default when a platform-provided time
 # source is available, but this behavior may be overridden through an Ignition
-
+# config specifying PEERNTP=yes. See https://github.com/coreos/fedora-coreos-config/pull/412.
 PEERNTP=no
 EOF
 fi
@@ -52,7 +59,7 @@ cat <<EOF
 
 # Allow the system clock step on any clock update.
 # It will avoid the time resynchronization issue when VMs are resumed from suspend.
-
+# See https://bugzilla.redhat.com/show_bug.cgi?id=1780165 for more information.
 makestep 1.0 -1
 
 EOF
diff --git a/config/overlay.d/README.md b/nestos-config/overlay.d/README.md
old mode 100644
new mode 100755
similarity index 71%
rename from config/overlay.d/README.md
rename to nestos-config/overlay.d/README.md
index 761579e36077b32584f0ce3aacc41b7cc9b558d3..384112faec6be6209bddf12df54b2583bfc0e689
--- a/config/overlay.d/README.md
+++ b/nestos-config/overlay.d/README.md
@@ -1,21 +1,21 @@
 05core
 -----
 
-This overlay matches `nestos-base.yaml`; core Ignition+ostree bits.
+This overlay matches `fedora-coreos-base.yaml`; core Ignition+ostree bits.
 
 08nouveau
 ---------
 
 Blacklist the nouveau driver because it causes issues with some NVidia GPUs in EC2,
-and we don't have a use case for NestOS with nouveau.
+and we don't have a use case for FCOS with nouveau.
 
 "Cannot boot an p3.2xlarge instance with RHCOS (g3.4xlarge is working)"
+https://bugzilla.redhat.com/show_bug.cgi?id=1700056
 
 09misc
 ------
 
-* Warning about `/etc/sysconfig`.
-* Temporary systemd-tpmfiles.d config to fix ownership and permissions in /etc
+Warning about `/etc/sysconfig`.
 
 14NetworkManager-plugins
 ------------------------
@@ -25,12 +25,12 @@ Disables the Red Hat Linux legacy `ifcfg` format.
 15fcos
 ------
 
-Things that are more closely "NestOS":
+Things that are more closely "Fedora CoreOS":
 
 * disable password logins by default over SSH
 * enable SSH keys written by Ignition and Afterburn
 * branding (MOTD)
-* enable services by default (NestOS-pinger)
+* enable services by default (fedora-coreos-pinger)
 * display warnings on the console if no ignition config was provided or no ssh
   key found.