Deinonyxus is a personal spin of the UBlue Bluefin DX image with experimental Nix package manager baked in (borrowed from the great Daemonix image) and a first-login bootstrap for nix/home-manager like declarative package management using curator.

• Base: ghcr.io/ublue-os/bluefin-dx:latest without Cockpit, Docker, Firefox, VS Code
• Nix: multi-user install baked in; nix-overlay.service and nix-daemon.service enabled.
• First-login bootstrap: installs nix packages micro vscodium mc via curator.
• System packages added: syncthing, uv, waydroid;
• System flatpaks added: Telegram Desktop, Waterfox

• Triggers for each non-root user on their first session.
• Writes state to ~/.local/state/deinonyxus/curator-init.done; delete it to rerun.
• Bootstraps ~/.config/curator/inventory.toml and runs curator switch with the packages set above.

# First pull unsigned to get signing policy
rpm-ostree rebase ostree-unverified-registry:ghcr.io/randogoth/deinonyxus:latest
systemctl reboot

# Then move to the signed image
rpm-ostree rebase ostree-image-signed:docker://ghcr.io/randogoth/deinonyxus:latest
systemctl reboot

The latest tag always tracks the latest build for the Fedora base set in recipes/recipe.yml.

bluebuild build --recipe recipes/recipe.yml

Images are signed with Sigstore/cosign. Verify with the repo's cosign.pub:

cosign verify --key cosign.pub ghcr.io/randogoth/deinonyxus