These are my custom Fedora CoreOS and bootc-based container images tailored for different infrastructure use cases, including hyperconverged infrastructure (HCI), development environments, and specialized workloads.
This project builds upon Fedora bootc and uCore to create customized, immutable operating system images with pre-configured software stacks. The images are designed for modern container-native infrastructure with automatic updates and declarative configuration.
- Base: Fedora bootc 42
- Purpose: General-purpose server image
- Key Features:
- Tailscale VPN integration
- Cockpit plugins for a remote cockpit-ws instance
- Backup tools (borgmatic, rclone, rsync)
- QEMU guest agent for virtualization
- Firewall and security tools
- Purpose: Hyperconverged Infrastructure
- Key Features:
- Complete QEMU/KVM virtualization stack
- Cockpit Machines for VM management
- File sharing capabilities
- Comprehensive virtualization device support
- Base: uCore HCI stable-zfs
- Purpose: Hyperconverged Infrastructure with ZFS support (x86_64 Only)
- Key Features:
- ZFS filesystem support via Cockpit ZFS Manager (Once I figure out zfs support, this varient will be depreciated)
- Base: CentOS Stream bootc
- Purpose: Enterprise-focused deployment (EXPERIMENTAL: Currently does not boot as of 06/28/25)
- Purpose: Desktop environment in container
(EXPERIMENTAL: Linuxserverio style webtop with kasmVNC using systemd and podman instead of s6)
├── Containerfile # Main Fedora bootc image
├── hci-ucore.Containerfile # HCI image with ZFS
├── centos.Containerfile # CentOS-based image
├── hci.Containerfile # Alternative HCI image
├── webtop.Containerfile # Desktop environment
├── config.toml # Image build configuration
├── ucore-hci.bu # Butane configuration for auto-rebase
├── ucore-hci.ign # Generated Ignition config
├── rootfs/ # Filesystem overlays
│ ├── btrfs_config/ # Btrfs-specific configurations
│ ├── common/ # Shared configurations
│ ├── hci/ # HCI-specific files
│ ├── centos/ # CentOS-specific files
│ └── webtop/ # Desktop environment files
├── build/ # Build artifacts
├── scripts/ # Build and deployment scripts
└── .github/ # CI/CD workflows
- Tailscale: Zero-config VPN mesh networking
- Firewalld: Advanced firewall management
- SSH: Ed25519 key authentication for
coreuser
- Cockpit: Web-based system administration
- Network management
- Container/Podman integration
- OSTree/bootc updates
- SELinux management
- Storage management
- File management
- Borgmatic: Automated, deduplicated backups
- Rclone: Cloud storage synchronization
- ZFS: Advanced filesystem with snapshots (HCI images)
- Btrfs: Copy-on-write filesystem support
- QEMU/KVM: Full virtualization stack
- Cockpit Machines: VM management interface
- Multiple architectures: x86, ARM, RISC-V support
- GPU passthrough: Virtio-GPU support
- Container runtime (Podman/Docker)
- bootc-compatible system for deployment
# Build base Fedora image
podman build -f Containerfile -t my-coreos:latest .
# Build HCI image with ZFS
podman build -f hci-ucore.Containerfile -t my-coreos-hci:latest .# Switch to custom image
sudo bootc switch ghcr.io/yourusername/your-image:latest
sudo systemctl reboot- Default user:
core - SSH key authentication
- Wheel group membership for sudo access
- Minimum root filesystem: 48 GiB
- Place files in appropriate
rootfs/subdirectory - Update relevant Containerfile to copy files
- Enable systemd services as needed
# Lint container before deployment
bootc container lintqemu-guest-agent: VM integrationtailscaled: VPN mesh networking
- Cockpit:
https://your-host:9090(only on hci images)
- Images use immutable, atomic updates via bootc/OSTree
- SSH key-only authentication (no password login)
- Firewall enabled by default
- SELinux enforcing mode
- Regular security updates through base image updates
- Fork the repository
- Create feature branch
- Test changes with
bootc container lintanddev-tools/testvm.sh - Submit pull request