I should add rhat it is very easy to extend the immutable os usong a short dockerfile, if your tooling is so important that you want it in the immutable layers.
this post was submitted on 22 Apr 2026
70 points (97.3% liked)
Linux
64958 readers
597 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 7 years ago
MODERATORS
Distrobox or toolbx are the canonical dev environment approach (persistant containers) but bluefin also comes with linuxbrew for host level tooling. I actually use mise (mise en place) instead.
I built a systemd-sysext with nmap, screen, iperf etc based on https://github.com/fedora-sysexts/fedora
Isn't the purpose of an immutable OS supposed to be for things like specific services that generally aren't supposed to be logged into? For example a web-proxy, or log-forwarder or maybe some kind of LB front-end?
I didn't think "daily driving" an immutable OS as a user who needs to invoke a shell was its purpose.
You're indeed describing workflows that suit servers better. Be it "immutable"(/atomic) or not.
But, atomicity (i.e., updates either occur as a whole or simply don't at all) have been used on our phones (source) for quite a while now. And we do all kinds of things on our phones.
Similarly, we might borrow other concepts for reliability: like e.g. making part of the root filesystem read-only at runtime. On Fedora Atomic (and its derivatives; OP's Bluefin being one of them), this basically only applies to /usr. This is the extent of its immutability. Most of the remaining root folder is symlinked to /var (source). Which, together with /etc, continues to be mutable. Thus, enabling it to become perfectly suitable for desktop workflows. Like, literally; there's very little you actually can't do on these. The main difference being how. Hence, it's more of a paradigm shift if anything.
Rant on the naming scheme
Unfortunately, the name "immutable distro" doesn't do a great job at conveying the nuance described above. Heck, while atomic distro is definitely more descriptive, I don't think it helps to group/categorize these distros under one name beyond contrasting it to the traditional model. Simply, because the guts of these distros tend to differ a lot compared to traditional distros. I'm afraid that this will inevitably lead to a shift in how these convos will go: Instead of peeps making all kinds of assumptions because "immutability", they might make all kinds of assumptions based on their experiences with the popular kids; i.e. Fedora Atomic and NixOS.
Distrobox is pretty shrimple
🍤
Yup. I use brew if there is a package already, otherwise you can install in distrobox and use distrobox-export to make an alias easily in your host system
I think you're supposed to use brew on uBlue.
Wow, I always thought it was MacOS only, how interesting!
I've done this, like with gping. It's great.
ie. "The Gnome Way"* exported to the OS as a whole.
* Strip all features but allow them back as plugins that aren't supported or secured.
I don't think you understand the point of an immutable distro.
Full caveat - not personally into immutable, 90% of the time I'm in Debian or a derivative. 9% arch or derivative. 1% work requirements made me have to use something else.
So I'm less making a rec on method and more commenting on this:
I've read that containers are preferred for development, but they aren't persistent
They absolutely can be, thats the point of mounting volumes. I don't want to do the same thing more than once, so whether I'm playing with something stupid at home or I'm doing something critical at work, I'm going to make a spot for any and all changes I might want to make to use it again elsewhere, without much effort. That could mean mapping a directory to a volume, setting specific variables in my compose/kompose, having a container grab data from elsewhere every time it starts, or whatever, but the parts I want persistent are, the parts I want variable are.
Keeping whether or not containers are the "right" way on an immutable distro aside, what isn't persistent for you that should be?
I've been loving Incus containers for this very use case. Unlike Docker, Incus containers are by default persistent, and are full system containers, not just applications. So when you launch an Incus Debian 13 container for instance, you get a full Debian 13 installation, but at a fraction of the size of even a small traditional VM.
It's a great happy medium between Ultra-minimal Docker containers designed for single applications, and old-school heavy VMs.
what isn't persistent for you that should be?
They don't actually know
I switch back and forth between bazzite and bluefin quite often
on these and other immutable distributions, /usr is read-only, and the recommended is to use installation methods that write to your HOME (or to /var which is where docker and flatpak --system save files)
i really should muck about with container-based development flows
my current preference is flatpak, then whatever per-language package tooling (e.g. cargo for tools written in Rust, npm with a custom HOME prefix for tools written in Node.js, uv for Python projects, etc) when there's no flatpak, then homebrew, then rpm-ostree as a last resort
for editing files in /etc my recommendation would be to set the EDITOR environment variable to point at whatever you like, installed however you like, and edit with sudoedit /etc/fstab, because then your editor is not running with root permissions
you could also point EDITOR at a custom script that mounts the target file into a container running your desired editor
Use homebrew for Linux.
Install them in your $HOME
For example $HOME/MY_CLI_TOOLS
Add it to your $PATH
~/.local/bin
Layer things that genuinely need (often in boot sequence) low level access like filesystems (e.g. I have mergerfs+snapraid on my desktop). If you're OK with a longer rpm-ostree update, you can layer some self contained things like btop with little risk, perhaps also your preferred shell. Also anything you want in TTYs if something breaks.
vim edit /etc/fstab works fine from within a distrobox, you just need to do sudo vim /run/host/etc/fstab or distrobox-export the binary to your main shell, which means that the container will start, but you don't have to enter it. If you fire a terminal profile into the container by default at login you won't need to start the container when you use an exported command.
Embrace the distrobox experience for development and generally mucking around, use Arch's AUR, archive entire environments, there's lots going for it.
Linux brew is coming along nicely, use it first if there's a formula, but I've been fine with flatpak, distrobox and layers (in that order) for a couple of years now.
There's a way to create aliases to the programs in the containers so that you can run them on the host as if they were installed. Look into the Boxy app (should be able to find it as a flatpak) for a GUI way to do it, but you might also look into nix to set up different dev environments. If it's not already a ujust recipe, look into how you can layer it and how to load up different nix configs for your different environments.
That's the neat part - You don't! (unless you want incredibly long update times as every new util is a new overlay!)
Incredibly long update time? Yeah... No. Definitely not something in had any issues with due to layered packages.
And to create your own image, you need half the repo as dependency and a 20 steps chain.
Not in my experience. Though, I suppose I have to thank BlueBuild for the heavy lifting. It's not even restrictive either, even big^[relatively speaking] projects like secureblue depend on it.