We probably won't (we're not looking to grow that much anymore), but I think someone should definitely take either portainer or the proxmox stack and just slap it on top a CoreOS image with a user friendly installer and make a killer SMB server.
We probably won't (we're not looking to grow that much anymore), but I think someone should definitely take either portainer or the proxmox stack and just slap it on top a CoreOS image with a user friendly installer and make a killer SMB server.
Yeah checkout ucore, which is derived from CoreOS instead of Silverblue: https://github.com/ublue-os/ucore
What kind of printer? What's the name of the package that got it working? We can add printer drivers pretty easily.
Here's the repo: https://github.com/ublue-os/bluefin and the intro doc outlines some of the features. We include all the codecs from rpmfusion and use negativo17 for the nvidia drivers.
installs all those things and sets things up properly on a standard fedora install?
That's exactly what all universal blue images do. It's just that setup is done every single day in github from scratch and stamped out as an image so that the end result gets to your computer as a finished deployment artifact. Leads to better update reliability, built in rollback.
The biggest benefit is that it's easier for a community to fix the fast moving gamer stuff as a config layer on top of a distro that's delivered this way than me having to manually figure out what component of my gaming setup changed that week.
I’m unclear how mature the project is and whether it will be updated in a timely manner long term
ublue and bluefin co-maintainer here, we've been around for a while now (3rd birthday coming up!) and have been around in a more unofficial capacity for longer.
Bluefin is feature complete and is in maintenance mode, it's just going to get updated in perpetuity to 41, 42, etc. We invested in automation first so most of the maintenance is automatic and it doesn't take much for our team to do it. Right now most of our major ticket items are waiting for things to finish landing in upstream Fedora, most of which are targetted towards F41. A good portion of the team have been around in OSS for a long time and a bunch of us work in the industry and depend on Bluefin for our jobs, so much so that we have a great working relationship with Framework, so we're supporting those laptops as a community option for them.
Aurora is relatively new, coming in just as Plasma 6 landed in fedora. Most reports with issues we get for it are things like it being a new major release, wayland/nvidia issues, etc.
Hopefully that answers some of your questions, if you have more feel free to ask!
Author here. The distro comes with the filesystem compression and deduplication already set up and I don't need to manage it, so of course I'm going to use it.
Given the cost of storage I have no problems spending a barely noticeable amount of space to use flatpaks given all the problems they solve.
ublue co-maintainer here. I go over a bunch of the reasons here: https://www.ypsidanger.com/homebrew-is-great-on-linux/
Namely we needed a way to complement Flatpak and brew was a natural fit. It's an ecosystem reason not a technical one. It has everything we need and a good deal of Bluefin's target audience are already using it on mac. So for us it's an easier lift to just add homebrew and move on to larger problems.
Plus it's nice that they're working with the openssf to secure the supply chain pipeline, and it's nice that everything is in github where we can inspect it, use the same tooling we use for the OS, etc.
the package entropy over time will get me the very dependency issues that Flatpak wants to solve.
You can declare your distroboxes so that they get created regularly from scratch instead of upgrading in place: https://github.com/89luca89/distrobox/blob/main/docs/usage/distrobox-assemble.md
That way the entropy never hits you. Then use the Prompt terminal https://gitlab.gnome.org/chergert/prompt to make it just part of your terminal ootb.
I work on this image and daily drove it for a while. It's basically Matt Hartley's TLP power recommendations out of the box (we collaborated on this, he's the Linux support person at Framework)
I have an intel FW13 and now prefer the newer gnome-power-profile that we ship instead of the TLP-based recommendations. It has all the latest patches from upstream and it works great on both AMD and Intel systems. I don't personally have an AMD Framework but we have enough people using it to know that the gnome-power-profile setup is awesome thanks to AMD's contributions to gnome-power-profile.
Ideally a Framework image shouldn't need to exist --- to make things more complicated Fedora is considering switching to tuned which is another, third power manager which should unify the stack. Universal Blue is currently testing this in the bazzite:testing branch of that custom image and we're hoping to get that feedback back to Framework. Hope this helps!
Flatcar linux (this is what I use for my NAS/homeserver) and CoreOS are both good.
edit: OpenSUSE has microOS: https://microos.opensuse.org/
Immutable is new to me,
It's best to ignore the whole "immutable" thing as most of the discussion around that is conflating a bunch of other concepts and it just leads to confusion. When it comes to things like host daemons, these systems are designed to deploy daemons the same way as cloud servers, so for mpd it'd be running the service as a container. A quick search of /r/selfhosted shows some options, but I'm on the road so don't have time to recommend a specific image, but generally speaking anything server related is done via containers.
I use the 1password firefox plugin for my password management. There still isn't a flatpak portal that allows flatpaked password managers to talk to flatpaked browsers, that can be a pain point to some people depending on your use case.
As far as how you manage your distroboxes, that's up to you. We differ from fedora here where they default to "just use toolbox" for everything, whereas we default to "just use brew" for everything. I keep an ubuntu and fedora distrobox in case I need to check something from those distros, and arch is a popular choice. If you're happy with your existing distro but want the reliability of atomic updates then this is a good option. For most new users I recommend not caring about distrobox, most of that stuff is for developers or people that know how to linux already and know exactly what they want.
Also, are there any issues with upgrading a distrobox to a new major release over time?
Containers are designed to be ephemeral, so that you can recreate them on the spot when something goes bad. So I never upgrade boxes, I recreate on the spot using my custom configs. That way I have the same experience on all my machines and when something breaks I don't lose any time setting things up again. Distrobox assemble is awesome for this: https://github.com/89luca89/distrobox/blob/main/docs/usage/distrobox-assemble.md
So far my mindset has been make sure I don’t layer anything, but maybe some things like mpd do make sense to layer?
I don't really layer anything, I use everything via containers or brew. Generally speaking some people might have a few things they have no choice to layer - a good example is a VPN provider that doesn't provide a wireguard config for network manager and instead you have to layer some 3rd party app. But it's also not the end of the world, updates will take longer but 99% of the time I'm asleep when that happens or it happens in the background and is transparent to me. The more you layer the more maintenance you'll have to do when you do upgrades, so if you end up adding a bunch of 3rd party repos it'll behave the same way as a traditional distro and likely need to be babysat.
The system will update all your boxes and your brew packages as well, so whichever one you use you'll never be out of date. Hope this helps!
I disagree on your view about the Fedora atomic spins, especially universal blue. Who cares if the underlying OS downloads as one big image. It all happens in the background, you don’t notice that. Everytime you reboot, you are on an updated system.
Universal Blue co-maintainer here, this is a temporary situation, efficient downloads are coming, I'm actually at the Red Hat Summit and have been discussing things with the right engineering teams. This involves an intersection of podman, ostree maintainers etc. all aligning on it. It's definitely a priority for them to fix this.
We've pushed pretty hard and pretty fast on the cloud native model, part of it was convincing people that this was a thing that users want, they hear us loud and clear now, it's going to be an awesome year.
This requires the presence of rpm-ostree and a kernel, which are both missing in the CentOS Stream image.
There are ostree-enabled OCI containers of centos if you know where to look. :D
This should be enough until they start publishing official ones, never used it:
https://quay.io/repository/centos-bootc/centos-bootc-dev?tab=tags
We use quadlets to manage those containers: https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html
As others in the thread have pointed out just having systemd manage them is the way to go, it's a nice combo!
I'm the author of the blog post and a former sysadmin, there's really no maintenance to do with flatpaks, not having to deal with traditional package manager issues have removed that problem completely from my life.
Distros may or may not provide this functionality, but on my systems they're set up for zero maintenance of the OS base image and the flatpaks via service units and then I don't have to do anything.
I am unsure of the status of KDE offhand, I'm getting a bit north of 5 hours when on a plane and on wifi.
I would love to find some script or tool that can just grab all my logs and chart them out so people can share their results in a more reliable manner because I suck at keeping track of this kind of stuff by hand.
Flameshot is 3.6MB on disk according to flatpak info org.flameshot.Flameshot
Most people aren't system administrators and they end up with broken computers for the most basic tasks. It's one of the major reasons why people hate using Linux desktops.
And even if you're an experienced sysadmin you can't account for the entropy that accumulates on traditional OSes. 18.04 -> 20.04 -> 22.04 doesn't end up being the same as a 22.04 clean install. This is a huge problem, especially for people who don't know how to manage linux systems. And the people who do manage systems at scale don't want that behavior either.
I go over this in this video: https://www.youtube.com/watch?v=hn5xNLH-5eA
But day to day I'm in an ubuntu container and using "normal" package management, I just don't do it on the host.
bluefin co-maintainer here. espanso is a hard one, we have an open issue on getting it to work because it'd be something awesome to include. We might end up needing to package it but haven't had a chance to look deeper into the issue.
My Ubuntu installs are extremely reliable, both on desktops and servers.
Probably because you're an experienced user, not everyone has the same skillset.
I'm not a security expert but I do know that the Homebrew is working with openssf on security: https://openssf.org/blog/2023/11/06/alpha-omega-grant-to-help-homebrew-reach-slsa-build-level-2/
Boxkit predates wolfi so it's still alpine, I'll probably replace it at some point but most of the forks of boxkit are because people want the premade github actions and they end up replacing it with whatever distro they want anyway. The wolfi connection is because I know the people who work there (including a ublue maintainer) and we have similar goals/ideas on how linux distros should be put together. My ideal dream is a wolfi userspace systemd-sysext on top of fedora base, then we can have our cake and eat it too!
We're not security experts but lots of us work in the field and that gives us access to peer review from experts when we set things up. We sign every artifact with sigstore so users can verify that the code used in github is what's on their image, that sort of thing. And most of our practices utilize CNCF governance templates that lots of other projects use.
Yeah those don't go on your host they go in containers.
ublue contributor here. We're set up so you can install any cli program from any distro transparently. Should we outline that more in our docs?
You use containers for your tooling, you purposely don't touch the host operating system, that's the entire point.
Been there and done that. It's better to just not have the host OS break in the first place.
Here maybe it's easier if I just paste in the differences:
Ubuntu-like GNOME layout.
GNOME Software with Flathub:
Built on top of the the Universal Blue main image
Starship is enabled by default to give you a nice shell prompt
Solaar - included for Logitech mouse management along with libratbagd
Tailscale - included for VPN along with wireguard-tools
zsh and fish optional
Built-in Ubuntu user space
<kbd>Ctrl</kbd>-<kbd>Alt</kbd>-<kbd>u</kbd> - will launch an Ubuntu image inside a terminal via Distrobox and your home directory will be transparently mounted for the Ubuntu image to access
A BlackBox terminal is used just for this configuration
Use this container for your typical CLI needs or to install software that is not available via Flatpak or Fedora
Optional ubuntu-toolbox image with Python, and other convenience development tools. just distrobox-bluefin to get started. To configure just follow the guide.
Optional universal image with Python, Node.js, JavaScript, TypeScript, C++, Java, C#, F#, .NET Core, PHP, Go, Ruby, and and Conda. just distrobox-universal to get started
just assemble shortcut to declaratively build distroboxes defined in /etc/distrobox/distrobox.ini
Refer to the Distrobox documentation for more information on using and configuring custom images
GNOME Terminal - <kbd>Ctrl</kbd>-<kbd>Alt</kbd>-<kbd>t</kbd> - will launch a host-level GNOME Terminal if you need to do host-level things in Fedora (you shouldn't need to do much).
The difference between silverblue and your image is that silverblue is signed by fedora and yours isn’t.
Of course Fedora only signs Fedora images, we sign our own images.
There’s no reason for anyone but you to use the image. Even if I were to us tailscale and fish, I’d be better off with silverblue.
Then use Silverblue! If you don't understand the features of something then you might not be the target audience!
/etc is completely writeable. This is why we don't use the term "immutable distros" because Bazzite and the rest of universal blue are neither immutable nor distros.
(This is why Fedora moved to the term Atomic)
being a mutable minimal CentOS. So all the linking and making immutable would need to be done.
No it's designed to be consumed as a base image for ostree enabled OCI containers.
Use the distrobox assemble command, that'll let you have an ini file with all the stuff you want and then when the assemble command runs it'll remake the entire thing. Then just toss the assemble in cron and you'll always have a fresh container with your exact setup.
Yeah it's 2024, this stuff should just be built into the OS! I'm at kubecon so don't have time to look into it now but it'd be an awesome thing to have, we'd love the help!
What package is it?
I didn't use any flatpaks on the workstation install. I'm about three years with this setup on 4 computers through multiple OS updates, works great.
Maybe make that clear when someone opens the host terminal on bluefin, or let the bluefin installer give this info to the user.
We're working on a dynamic motd system that will give you some guidance when you first run the terminal. Here's the issue if you have some feedback! https://github.com/ublue-os/bluefin/issues/609
So which one should I use now?
Yeah the reason it's ubuntu by default is that's what the target audience uses, but we've been working on a wolfi/brew distrobox that ends up being a better experience, so we're mulling shipping that by default.
Also, why prefer homebrew over something like nix? AFAIK, homebrew leads to the same dependency issues that the traditional package managers have.
We picked homebrew because it's overwhelmingly the most popular package manager for cloud people and has everything people need. nix doesn't really fit in a container world, but we don't stop people from using it, and with devbox there's at least a common devcontainer pattern people can use. I haven't really run into dependency issues with homebrew but the new bluefin-cli container maintains state and is destroyed/rebuilt regularly so that hopefully won't be a problem.
scattered on the ublue website, blog posts and forum posts.
Yeah this is annoying and we're in the middle of consolidating docs, I'm hoping to streamline it by Fedora 40. I'm also working on a 10m "how to use this thing" video, it's just been hard to spend time on it when we're still making it. We're almost feature complete at this point so I'll start on this soon.
Your starter steps are exactly what we want the default to be, do you think we should say that more strongly? Thanks for your feedback! I think we can clean up a bunch of this stuff to make it easier.
https://github.com/ublue-os/main/blob/main/packages.json
Docs for future reference: https://universal-blue.discourse.group/docs?topic=868
If you kept a basic minimal Ubuntu host it would be trivial to maintain.
That's not true for most people.
I just don’t see the point. You want new users to understand containers.
You don't need to understand containers unless you're using the system for development -- which in Linux land means containers.
mozillavpn
I would just overlay this, that's what it's there for, there's no need to do a full new image for VPN stuff.
Hi! Universal Blue co-maintainer here, here's the TLDR. You've got the basic descriptions right, "Universal Blue" is mostly the parent organization that holds everything in github.
We take Fedora's Atomic OCI images and customize them for different use cases (Aurora, Bazzite, and Bluefin) and then publish base images so people can make their own versions of whatever they want. So if you wanted to take Silverblue, Kinoite, and make your own custom image you can mostly just grab whatever you want and shove it into an OS image. Bluefin started off as a "fix me" script for Silverblue that added all the stuff I wanted and then once I was shown what Fedora wanted to do with it the natural progression was to just make it a custom image. We just released 3.0 a few minutes ago actually!
Basically in Fedora 41 the tech will become more widely available with official OCI base images and better tooling. We just decided to start way earlier in the process so we could get all the automation out of the way, build a community, get familiar with it, etc. Happy to answer any other questions you may have!