A Fedora Kinoite spin I run as my daily driver. KDE Plasma, no corporate branding, rough edges sanded off.
- Firefox via Mozilla's official Flatpak; Bazaar in place of Discover.
- Flathub set up on first boot; Fedora's flatpak remotes removed.
- Fish as the default shell, dynamic wallpapers, fcitx5 for CJK input.
- Fuller codec stack via negativo17 — h264/h265/AV1 playback just works.
- Heavy stuff (Docker, virt, Steam, ROCm, etc.) lives in sysexts instead of the base image.
- PipeWire filter chains for some laptop speaker DSP setups.
- Ollama Quadlets ready to go for local LLMs on CPU, ROCm, or Vulkan.
I borrow the ujust command framework and a couple of utility packages from Universal Blue's COPR, but everything else is built straight on Fedora Kinoite.
If you're on a bootc system already (Kinoite, Aurora, etc.):
sudo bootc switch ghcr.io/alyraffauf/kyanite:stable
sudo systemctl rebootAfter it boots, ujust --list shows what custom recipes are available. A couple things to know up front: stuff under /etc/skel doesn't auto-migrate, and rebasing across desktop environments (e.g. GNOME → KDE) usually goes badly.
Migrating from kyanite-dx / kyanite-gaming? Those tags now alias to
kyanite:stable, so you'll keep getting updates. Runujust rebase-helperto clean up the variant metadata when you get around to it.
Anything heavy or opt-in lives in kyanite-sysexts as systemd-sysext payloads. Install only what you actually want:
| Sysext | What you get |
|---|---|
docker |
Docker CE + buildx, compose, model plugins |
rocm |
AMD ROCm, HIP, OpenCL, rocm-smi |
steam |
Native Steam, Gamescope, MangoHud, GameMode (i686 multilib) |
syncthing |
Native Syncthing daemon |
tailscale |
Tailscale mesh-VPN client + daemon |
virt |
QEMU/KVM, libvirt, edk2-ovmf, virtio drivers |
ujust install-sysext NAME
ujust remove-sysext NAMEThey auto-update via systemd-sysupdate.timer. Gaming launchers (Heroic, ProtonUp-Qt, Lutris) ship as Flatpaks — ujust install-gaming-flatpaks.
Three Quadlet units for running Ollama as a user-level systemd service. The GPU runtimes live inside the container, so you don't have to install ROCm or Vulkan ICDs on the host.
ujust enable-ollama # CPU (or NVIDIA on a kinoite-nvidia base)
ujust enable-ollama-rocm # AMD GPU via ROCm. Run configure-gpu-groups first.
ujust enable-ollama-vulkan # AMD GPU via Vulkan. Works on cards ROCm doesn't.All three listen on 127.0.0.1:11434 and share the ollama-data volume, so model weights don't redownload when you switch backends. They're mutually exclusive: starting one stops the others.
Start with ollama-rocm if you have an officially-supported AMD card (RDNA1/2 high-end, RDNA3, CDNA). If ollama list shows your model running on CPU, your card isn't in the bundled rocBLAS — switch to Vulkan.
ujust install-sysext syncthing
systemctl --user enable --now syncthing.serviceGUI at http://127.0.0.1:8384. Existing config in ~/.local/state/syncthing/ carries over (peer devices, folder lists, etc.).
Coming from the old containerized Quadlet setup? Run
ujust remove-syncthing-quadletfirst to clean up.
Templates ship at /usr/share/kyanite/quadlets/. The ujust enable-X recipes copy a template into ~/.config/containers/systemd/ so OS updates won't clobber your edits. To customize (e.g. uncomment HSA_OVERRIDE_GFX_VERSION in ollama-rocm.container), edit your user copy, then:
systemctl --user daemon-reload
systemctl --user restart <service>podman-auto-update.timer is on by default, so any quadlet with AutoUpdate=registry (all of mine) refreshes nightly.
The configuration is declarative — fork it and edit a few JSON files:
packages.json— packages per variant (include/exclude)services.json— systemd units to enable at build timefiles/<variant>/— variant-specific system files (onlymain/is populated)brew/— Homebrew bundles installed at runtime viaujust install-*flatpaks/— Flatpaks preinstalled on first bootujust/— custom ujust recipes
The variant scaffold (packages.json variants.{name}, IMAGE_FLAVOR=NAME in CI) is still wired up even though I only build kyanite now. Flipping a CI switch can revive dx or any other variant.
just build # build the kyanite container
just build-qcow2 # build a qcow2 for VM testing
just build-iso # ~10GB, takes 30+ min
just run-vm # boot the qcow2 in qemuNVIDIA base experiment:
BASE_IMAGE=ghcr.io/ublue-os/kinoite-nvidia:latest \
BASE_IMAGE_SHA=$(skopeo inspect docker://$BASE_IMAGE --format '{{.Digest}}') \
just buildOutput lands in output/. I don't publish pre-built ISOs — install Fedora Kinoite and rebase, or build one yourself.
Images are signed with cosign against cosign.pub:
cosign verify \
--key https://raw.githubusercontent.com/alyraffauf/kyanite/main/cosign.pub \
ghcr.io/alyraffauf/kyanite:stableostree-image-signed: only works once the running deployment ships kyanite's policy.json and cosign.pub. A fresh switch from non-kyanite is a two-step bootstrap:
# 1. Unsigned switch — gets you a deployment with the policy + key.
sudo bootc switch ghcr.io/alyraffauf/kyanite:stable
sudo systemctl reboot
# 2. After reboot, switch the tracker to signed.
sudo rpm-ostree rebase ostree-image-signed:docker://ghcr.io/alyraffauf/kyanite:stable
sudo systemctl rebootAfter step 2, rpm-ostreed-automatic.timer (on by default) verifies every pulled image against cosign.pub before any bytes touch your filesystem. rpm-ostree status should show ostree-image-signed: as the booted spec.
It works well enough for me to use daily. Despite the rename, plenty of Fedora visual branding is still around (Kickoff logo, fastfetch, wallpapers). This is intended to be a very light repackage.
- kyanite-sysexts — the sysexts repo
- Universal Blue — the project I borrow ideas (and a few packages) from
- bootc docs — the cloud-native OS layer underneath
Apache 2.0. See LICENSE.md. Based on Fedora Kinoite with KDE Plasma, inspired by Universal Blue.