The Developer-First Immutable OS

XORBANG revolutionizes immutable infrastructure by solving the fundamental tension between security and developer productivity. Build, experiment, deployβ€”without compromise.

πŸ”’ Production Immutability
πŸš€ Developer Flexibility
⚑ 90% Less Complexity
Get Started Learn More 
# Boot into development mode - experiment freely
kernel cmdline: xorbang.dev=1

# Your changes are safe in a transient overlay
apt install experimental-package
vim /etc/nginx/nginx.conf

# Reboot to discard changes or commit to base image
systemctl reboot  # Back to pristine state

The Immutable OS Dilemma

Traditional Immutable Systems

  • ❌ Break developer workflows
  • ❌ Require paradigm shifts (NixOS, Talos)
  • ❌ Force container-only development
  • ❌ Need reboots for package testing

XORBANG's Solution

  • βœ… Preserves Linux development patterns
  • βœ… Uses familiar systemd tooling
  • βœ… Transient overlays for experimentation
  • βœ… Instant rollback via reboot

Revolutionary Features

01

Graduated Immutability

Production systems run with dm-verity protected filesystems. Development mode enables controlled mutability via kernel parameterβ€”no rebuilds required.

# Production: Fully immutable /usr (dm-verity, read-only) /etc (dm-verity + confext) # Development: Transient overlay mount -t overlay /usr/local
02

Composable Layers

Build features as independent systemd-sysext layers. Compose at runtime without rebuilding base images. Mix and match for different deployments.

/usr/lib/extensions/ β”œβ”€β”€ gui.raw β”œβ”€β”€ development.raw β”œβ”€β”€ kubernetes.raw └── monitoring.raw
03

Declarative Simplicity

Replace thousands of lines of Ansible with declarative systemd-repart definitions. Complex disk layouts become simple, reproducible configurations.

[Partition] Type=linux-generic Label=root Encrypt=tpm2+pin Format=btrfs
04

Atomic Updates

OSTree provides Git-like versioning for your OS. Atomic updates with automatic rollback on failure. Always boot into a known-good state.

ostree pull origin main ostree admin deploy main # Automatic rollback on failure
05

Host-Specific Config

Apply host configuration at boot time, not build time. Network settings, disk encryption keys, and hardware configs without image proliferation.

# /etc/xorbang/host-config.yaml hostname: workstation-01 network: interfaces: [...] disk: luks: [...]
06

Security by Default

Full chain of trust from Secure Boot to runtime. Cryptographic verification, IMA/EVM policies, and systemd sandboxing protect your infrastructure.

βœ“ Secure Boot β†’ UKI βœ“ dm-verity filesystems βœ“ SELinux/AppArmor mandatory βœ“ systemd sandboxing

Hybrid Architecture

OSTree Base System (Immutable Debian) Atomic updates β€’ Rollback capability β€’ dm-verity protected systemd-sysext Feature Layers systemd-confext Host Config Transient Overlay Development Mode Workstation Server Hypervisor

Build Time

6x faster with intelligent caching. From 30 minutes to under 5 minutes for incremental builds.

Deployment

Boot from ISO/PXE, run one command. Automated disk partitioning, encryption, and configuration.

Updates

Delta updates via OSTree. Only changed blocks transfer. Automatic rollback on failure.

How XORBANG Compares

Feature XORBANG NixOS Fedora Silverblue Talos Linux
Developer Workflow βœ… Native Linux ❌ Nix language ⚠️ Toolbox required ❌ No shell access
Learning Curve βœ… Minimal ❌ Steep ⚠️ Moderate ❌ Very steep
Package Testing βœ… Instant ⚠️ Rebuild ❌ Reboot ❌ Not supported
Config Complexity βœ… 50 lines ❌ 1000+ lines ⚠️ 500+ lines ⚠️ 200+ lines
Rollback βœ… Automatic βœ… Manual βœ… Manual βœ… Automatic
Host Variability βœ… Boot-time ⚠️ Build-time ⚠️ Build-time ❌ Limited
Migration Path βœ… Incremental ❌ Full rewrite ⚠️ Significant ❌ Full rewrite

Real-World Workflows

Development Workflow

1
Boot with dev flag xorbang.dev=1
2
Experiment freely apt install nginx-experimental
3
Test and validate systemctl start nginx
4
Commit or discard xorbang-commit-overlay

Production Deployment

1
Build new image mkosi build --profile=prod
2
Push to repository ostree push origin main
3
Stage deployment ostree admin deploy --stage
4
Automatic rollback # On failure, auto-rollback

Quick Start

1. Clone the Repository

git clone https://github.com/xoraxiom/xorbang.git
cd xorbang

2. Build Your First Image

# Build base image with OSTree
./build.sh --profile=workstation --output=/srv/images/

# Or use mkosi directly
mkosi --profile=workstation build

3. Deploy to Target System

# Boot target from ISO/PXE, then:
xorbang-installer --host=workstation-01

# System automatically:
# - Partitions disks with systemd-repart
# - Deploys OSTree image
# - Applies host configuration
# - Sets up boot entries

Ready to Revolutionize Your Infrastructure?

Join the growing community building the future of immutable operating systems.

View on GitHub Read Documentation
90% Less Complexity
6x Faster Builds
0 Paradigm Shifts