Craftable Systems with BlueBuild (Ublue) custom images

Hi !

Long time listener and occasional Discord/IRC/Matrix lurker.

Truth be told, although I watch every stream, I’ve stopped watching them live because it seems like half the time is spent with David having to wrangle with Guix rather than spending time to properly show software or techniques.

After yesterday’s stream about distrobox and the mention of “Cloud Native” linux distros, I thought I’d share my workflow with Ublue Linux custom images, now spun off as BlueBuild.

Optional Story Time (and rant)


I’m not a programmer, I’m a technical artist that creates 2D/3D visuals for VFX, live events and television. I work with high-end proprietary software, all of which run natively on Linux and are fairly optimized for use with Nvidia cards. Sometimes I have to write some code (shell, python, C++) to create tools or have to run some containers for AI stuff, but overall writing code is not my job.

But~ I have to manage a render farm of 5+ computers, 3 of which I sometimes take with me on studio sets. So being able have standardized configs that I can easily swap to is really helpful.

While Guix was fun to use on an old thinkpad, it was just not possible for me to reliably use for desktops/workstations or even a surface tablet (even with Nonguix). I genuinely liked Guix and want it to succeed, but there was just so much friction: patching elf files, running wrapper scripts, re/writing packages, etc that I had to give up on it.

NixOS did not fare much better. While Nix can install proprietary drivers, it’s still really messy to use proprietary or pre-compiled software. Guix had a much better user experience and just felt way less clunky to use.

To me, the upsides of a declarative config were just greatly outweighed by the downsides of non-FHS distros.

I’ve been using Linux for more than 10 years, I’ve ran Gentoo reliably for 5 out of those until I just got sick of having to deal with all the tiny movable parts (polkit,Dbus,login managers,pipewire,etc) that make modern linux a much better experience. I can deal with compilation times, but at this point in my life I’d much rather dabble with configs in my home folder than the system ones.

The Meat


In comes Fedora Silverblue.

In short, Fedora Silverblue is an image-based immutable distro, so it means that the core of your OS stays the same whilst your ~home, /etc and some other specific folders can be modified. This lets you easily rollback, rebase your OS to a different version/spin and overlay extra packages without messing up your install.

This is great, but it also comes with a layer of complexity if you want to install extra packages. You can’t just yum dnf install a new package, it uses it’s own rpm-ostree install which overlays extra packages on top of your system’s image, which can be really slow because you’re essentially rebuilding your system for every packages installed. Things don’t get messy, but they get slow.

You can also overwrite the locks in your /usr or /var` folders, but they will get reverted once you update your system or rebase it. Annoying.

But, this is System Crafters, we won’t settle for the vulgar limitations that the basic Fedora images provide ! We want to be able to declare how we want our systems, dammit !

This is where Universal Blue custom images (now Blue Build) become useful.

It was super easy to get started, they have a web-based wizard that guides you into creating a github repo by forking their template, sets up the correct tokens and signature and lets you chose the base-image you want to build upon. Want the KDE environment with nvidia-drivers? ghcr.io/ublue-os/kinoite-nvidia is where it’s at. What about sway ? ghcr.io/ublue-os/sericea-main and so on. You can even build on an already existing fork of someone else or even a bare system.

From what little experience I have with docker images, it basically works the same : Edit yaml files describing your system: files to copy, systemd daemons, flatpaks, fonts, kernel modules, scripts, etc. This is referred to as a recipe. From there you can use specific modules to build and setup some of the previously mentioned features.

Similar to my previous Guix setup, I can split my yaml files and have multiple variations of my systems. ie: common-config.yaml is used by my desktop-nvidia and my laptop-intel systems can share common configurations easily.

From that point on the coolest part is that Bluebuild leverages Github Actions (or Git Forge actions) to build your image and upload it. Usually within 10-15 minutes I have an image up and running and I can either rebase to it or just let my system auto-update and reboot later for it to be applied.

The Good


Very little editing is required, just a couple of yaml recipes and then the github build.yml file to list which images you want to automatically build.

I benefit from a good enough out of the box experience that the base image/Fedora has to offer.

For my use case, having a declarative FHS compliant distro with rpm compatibility has been great. So even if certain things break, you’re not far off from a standard linux distro to fix things.

Ublue offers images for machines that need hardware specific kernels, like the steamdeck, surface tablets, framework laptops, etc. So I’m not stuck having to compile the kernel on an under-powered machine when there’s a new update.

Distrobox is enabled by default, so it’s easy to run any distribution in a sandbox and install graphical applications without having to overlay them. This way I can run my VFX apps on a Rocky/CentOS container and have a system that follows the vfx reference platform while still being able to have a stable and up to date base system.

In general I always install software using distrobox instead of overlaying.

Just is installed by default and has been really fun to use! Want to create an ubuntu distrobox ? just distrobox ubuntu. Want to update your system? just update. Reboot to your bios ? just bios. I know it’s basically fancy shell aliases, but I like it.

ISO images are also built, so I can just pop in a USB and go through the Fedora installer to setup a new system from scratch.

Rebasing to a new image is just a sudo rpm-ostree rebase $imageURL away. So if I want to switch one of my systems from a workstation image to a render-farm image, it’s super easy.

It’s also really easy to just rollback to a previous version, just like Guix.

The Less Good


It’s still fairly new and the base template will be subject to change, which means that my fork of the template might have to merge commits manually.

ISO images are not completely offline, they are basically a 500mb fedora installer that needs to be connected to the internet to download your image and install it locally.

Rebasing can take up to 5-15 minutes to download and install the new image depending on what it needs to download and change.

Not tested yet: but on my previous Fedora system I had virtualization with GPU Identical passthrough (having one of my 2 3090s used by a VM) and I would simply have to comment out a file and then just rebuild with dracut and reboot to toggle when I wanted to passthrough my GPU or not. It seems like it’s still possible, but might be a little more complicated.

Not tested yet: Using private github or git forge repos.

I’ve taken a liking to SystemD, especially user services and timers, but you’re definitely stuck having to use it.

Fedora is not a rolling release distro, so software is not available immediately, but Fedora Copr has been suprisingly good and it’s possible to add specific repos in your recipe file or even directly install rpm files. Otherwise it’s possible to just run an Arch Distrobox and simply install it from there.

Distroboxes can be built and managed with a config file, but it’s not as great as having it in your recipe file.

The Bad


Yaml sucks, I often have to use a linter or a formater to make sure that my builds don’t fail.

To see if things build or not you’re stuck having to wait for github actions to fail and have to parse through the logs. Building locally to debug is probably better.

I haven’t tried Guix on Fedora in a while, but historically guix installed packages did not work flawlessly do to some issue with Fedora deprecating NSCD. Things might have changed, I saw that there was a Guix package in Fedora Copr that seems to fix it, but I’ve yet to try it.

Dotfiles and configs are essentially still all separate files and scripts, there are some things that have modules, but for the moment if you want to manage your NFS/Samba shares or fstab, you’re stuck having to add the entire file to your repo.

While Ublue can copy files and folders anywhere on your system, it does not really manage your home folder other than having to put things in /etc/skel which only works when you’re installing from an ISO and creating a new user. So using dotfile managers or guix/nix-home is still needed.

There’s really no way of configuring hardware or user configuration like Guix or Nix. You pretty much have to have an existing Silverblue install to rebase from or go through the Fedora installer to manage your main user and disk partitions for example. But from experience, Nix and Guix need to be installed on a new system before being able to pull your files and configure the hardware, so it might not be that bad.

Conclusion


I’m overall very happy with my experience with Ublue and Fedora’s immutable distros. I can finally have a “mainstream” experience while still having something that’s stable and configurable. It’s still a work in progress and very adapted to my needs for now, so I’ll refrain from showing my fork, but in the future when I’ll be satisfied I might do a followup here.

While it pains me to have given up on Guix for the moment, I truly wish for it to success and reach more people and offer a great user experience both on the hardware and software side.

Useful links


(Seems like new users can’t post more than 2 links, so sorry for the formating)

  • h ttps://blue-build.org/ : Blue Builds official website
  • h ttps://universal-blue.org/ : Universal Blue Linux official website
  • h ttps://github.com/blue-build/template :Template for making your own OS image using BlueBuild
  • h ttps://github.com/wayblueorg/wayblue?tab=readme-ov-file : Wayblue, builds of Universal Blue focused on wayland window managers and a good example of a custom build
6 Likes

Thanks for the detailed write up! I’ve been notionally curious about immutable images ever since I got the steam deck. I appreciate the explanation about rebasing on hardware specific images, I wasn’t quite clear how that was handled.
It’s good to see that there are so many different ideas/approaches that are being experimented with for configurable systems. I do think that a Fedora Silver Blue with a flatpak app store is a really good model for non technical desktop user. We’re spoiled for choices now which is great.
Thanks again for sharing!

Hey @Burst, great to see you here!

My apologies for that, my lack of preparation for the streams is the number one reason I can end up with so much Guix trouble. It’s not all my fault obviously, Guix can often be challenging :slight_smile:

That’s so awesome.

Yes :slight_smile:

That looks cool, I had not heard of it!

Thanks so much for the super detailed write-up, I think I will be trying this model out soon!

really interesting. lots of details thanks!

this reminds me of this video from Jessie Frazelle https://www.youtube.com/watch?v=gES4-X6y278

She used coreos and ran everything as a container, including bash. The image itself is the same and is immutable. only docker volumes are writtable.

1 Like

I once tried making my own image that (mostly) complies with the GNU Free System Distribution Guidelines. I called it Panama. If uBlue no longer requires GitHub, I may consider picking it up again.