This is a custom Linux build designed around Fedora's Atomic Desktops, as a community-driven adaptation of the Universal Blue project. These systems are immutable by nature, which means users are actually gated from directly modifying the system, providing an incredibly secure form of interacting with the Linux platform.
This is the OS I use daily on a Framework 13 laptop. It features the COSMIC desktop environment, Homebrew for package management, and anything you could want for containerized development. It's unopinionated by design, other than preferring Ghostty for the terminal, and Catppuccin for the system theme.
If you'd like to use this yourself, please feel free! If you'd like to build your own, consult the DIY document.
Verify the image signature with cosign:
cosign verify --key \
https://github.com/givensuman/dune-os/raw/main/cosign.pub \
ghcr.io/givensuman/dune-os:stableYou can download an ISO from the latest Github Action Build Artifact. GitHub requires you be logged in to download.
Alternatively, and preferably for most users, you can rebase from any Fedora Atomic image by running the following:
sudo bootc switch --enforce-container-sigpolicy ghcr.io/givensuman/dune-os:stableDune is developed on and builds two branches: main and dev. ghcr.io/givensuman/dune-os:stable points to main builds, whereas the dev branch is the one I'm working off of and maybe partially broken at any given time.
Default configuration with some additional apps and the Fish shell (see: github.com/givensuman/dune-configs)
You can layer whatever core packages you like on top of this build. I recommend installing your favorite shell:
rpm-ostree install --apply-live fish
sudo usermod -s $(which fish) $USERThis is also a good time to set up rootless Docker, if you're into that sort of thing:
sudo groupadd docker
sudo usermod -aG docker $USERAnd then get the rest of your software through the included app store or with brew:
brew install \
bat \
eza \
fd \
ripgrep \
zoxideAdditional system utilities are run through Just, and can be seen by running ujust.
For development, use distrobox create to create a mutable, containerized OS, and distrobox enter to enter into it. See givensuman/dune-toolbox for more information.
Secure Boot is enabled by default on Universal Blue builds, adding an extra layer of security. During the initial installation, you will be prompted to enroll the secure boot key in the BIOS. To do so, enter the password universalblue when asked.
If this step is skipped during setup, you can manually enroll the key by running the following command in the terminal:
ujust enroll-secure-boot-key
Secure Boot works with Universal Blue's custom key, which can be found in the root of the akmods repository here. To enroll the key before installation or rebase, download the key and run:
sudo mokutil --timeout -1
sudo mokutil --import public_key.derFor issues with the images, feel free to submit an issue in this repository. For COSMIC related issues, please see cosmic-epoch/issues.
Default wallpaper designed by Milad Fakurian.
Artwork is by Jean "Moebius" Giraud.
Intitial interest and some systemd patches:
Interesting projects I stole bits and pieces from: