A set of templated controls and tools initially based on QQC2 and Kirigami shared among the Maui set of applications. MauiKit helps to quickly build UIs that follow the Maui HIG and are ready-to-go tools for different platforms, such as Android and Linux—seamless transition between mobile and desktop technology — where the line between desktop and mobile is blurred. Using the same codebase, Maui Apps provides users with one app for multiple form factors. Accomplish what would otherwise take hundreds in a few lines, from concept to the end user’s screen — the fastest way to create convergent apps.

Cross-platform

Components ready to easily use and that work on Android and Linux

Convergent

Easily create applications that work on mobile devices and desktop computers.

LGPL 3 Licensed

MauiKit is a free and open-source project, and you can use, copy, merge, publish, and distribute the framework without significant limitations.

The fastest way to develop beautiful desktop and mobile apps

Experience streamlined development with zero-time setup, using the technologies you already know and love – Qt, QML, and C++.

Brilliant look and feel with lots of ready-to-use components and styling

Various UI components are specially designed for mobile and desktop apps. MauiKit provides tons of elements. They all have Linux and Android support. With MauiKit, you can support Android and Linux with the same source code.

Improved system integrity and certainty

An immutable operating system remains unchangeable after installation, providing a degree of certainty. In Nitrux, the root directory remains immutable, safeguarding its original content. This design choice offers notable advantages, such as:

• An immutable system enhances confidence in delivering new distribution versions without root conflicts.
• It also prevents issues arising from upgraded packages sourced outside our controlled repository.

This approach also strengthens security against tampering and malware and simplifies system maintenance by minimizing potential points of failure. It is popular in security-sensitive contexts such as military and financial systems. The core benefits include shielding against update failures and user errors by rendering essential components read-only, streamlining maintenance due to reduced vulnerability to mishaps, and ensuring unperturbed system integrity, impervious to malware threats.

NX Overlayroot is a tool that uses  OverlayFS, a union filesystem. OverlayFS presents a unified view of two different filesystems by overlaying one filesystem on top of another. OverlayFS presents the object from the upper filesystem and hides it from the lower filesystem if the object exists in both filesystems. It merges and presents the directory’s contents on the upper and lower filesystems if the object is a directory.

Effortless system upgrades

In today’s dynamic OS landscape, seamless updates and dependable rollbacks are more crucial than ever. The Nitrux Update Tool System streamlines distribution updates while ensuring a safety net against unexpected issues.

At its core, the Nitrux Update Tool System simplifies the update process:

• Confident Backups: It creates a backup of the root directory using SquashFS and the XFS partition using the XFS utilities and stores them locally.
• Swift Updates: Then it downloads an OTA-style update file and installs the system update using a custom AppImage.
• Effortless Rollbacks: Depending on the situation, the utility uses ‘rsync’ and the locally generated SquashFS file or the XFS tools when restoring a backup.

The key to the tool is its autonomy, which requires minimal user input. It caters to new users and experts, delivering simplicity, security, and hassle-free system management.

In a world prioritizing security and convenience, the Nitrux Update Tool System emerges as a reliable companion. Its backup precision, efficient updates, and stress-free rollbacks offer a smoother, safer, and streamlined way to keep systems current and secure, whether for casual users or tech enthusiasts.

Better memory handling in Nitrux

Nitrux focuses on optimizing performance and responsiveness by implementing advanced memory management tweaks.

• Reduced memory compaction overhead. Reduced CPU overhead and improved overall system responsiveness, especially in memory-intensive applications, leading to more stable performance by avoiding sudden spikes in CPU usage caused by proactive compaction.
• Improve performance in contended lock scenarios. By allowing more aggressive page locking, we improve performance in scenarios with memory page contention, which can occur in applications with high memory usage and multi-threaded environments.
• Enable THP (Transparent Hugepages) for all memory locations. This change will improve performance for applications with considerable memory usage and access patterns that benefit from larger pages.
• Disable memory page fragmentation. In workloads like gaming, this change can provide benefits such as reduced CPU overhead, improved system responsiveness, and more predictable performance.

Additional performance optimizations in Nitrux

• Increase Linux autotuning TCP buffer limits. These TCP buffer settings enhance high-speed network performance by dynamically adjusting buffer sizes to improve throughput, reduce packet loss, prevent congestion, and ensure smooth data transfers, all while efficiently managing system memory.
• Increase the maximum number of packets queued for processing before dropping. It improves handling of bursty traffic, reduces packet drops, and enhances performance and stability on high-speed networks under heavy load.
• Reuse Time-Wait TCP connections to reduce the number of open TCP connections. Efficiently manage network connections, reducing open TCP connections, freeing up system resources, and improving performance.
• Control the boost applied to the watermark (the minimum number of free pages the kernel tries to maintain). Maintain higher free memory to prevent the system from stalling due to memory shortages.
• Change dirty page settings to reduce I/O disk access. Allow for efficient memory usage without frequent disk access.
• Optimized RCU settings.
  • Enable expedited RCU grace periods to improve system responsiveness in specific scenarios.
  • Offload all RCU (Read-Copy-Update) callbacks to kernel threads, reducing interrupt contention on CPUs.
  • Enable “lazy” RCU mode to delay some operations and optimize performance.
  • Enable additional security checks for user copy operations.
  • Disable the 32-bit VDSO (Virtual Dynamic Shared Object) on 64-bit systems.
• Enable AMD Preferred Core functionality to ensure the CPU’s most performant cores run scheduled tasks.

Aesthetic FHS

Aesthetic FHS is a change in the structure of the root directory to make the FHS directories more human-readable and easier to understand their purpose. Aesthetic FHS is an initial implementation of a proposal for a new filesystem hierarchy standard for Nitrux.

The structure of the Aesthetic FHS is as follows:

• /Applications→Directory for system-wide available AppImages.
• /System→Directory for operating system components.
  • /System/Binaries→Directory for non-AppImage system-wide binaries.
    • /System/Binaries/Administrative—This is the directory for non-AppImage system-wide binaries intended for administrative tasks, such as openrc, agetty, init, haveged, and others.
    • /System/Binaries/Optional—This is the directory for non-AppImage user-installed system-wide binaries, such as VirtualBox and DisplayLink binaries.
    • /System/Binaries/Standard—This is the directory for non-AppImage system-wide binaries intended for non-administrative tasks, such as pix, index, tree, rm, top, and others.
  • /System/Boot→Directory for kernel, initram, and GRUB files.
  • /System/Configuration→Directory for system-wide configuration files.
  • /System/Devices→Directory for devices.
  • /System/Filesystems→Directory for storage devices.
    • /System/Filesystems/Internal→Directory for internal storage devices.
      
    • /System/Filesystems/External→Directory for external storage devices.
      
  • /System/Libraries→Directory for system-wide libraries.
  • /System/Shareable→Directory for system-wide resources.
  • /System/Variable→Directory for system-wide accessible variable data.
• /Users→Directory for user home directories.

Available out-of-the-box

Nitrux is a complete Operating System that ships with essential apps and services for daily use. Nitrux includes a suite of convergent applications called Maui Apps. We use MauiKit, our convergent, cross-platform UI framework, to create these applications. Nitrux also includes a selection of applications carefully picked to perform the best when using your computer:

Built with MauiKit

Index, the file manager.
Nota, the simple text editor.
Station, the terminal emulator.
Pix, an image gallery.
VVave, a music player.
Shelf, a light and straightforward PDF viewer.
Fiery, a web browser.

A great selection of open-source software

Ark, a file archiver by KDE.
Plasma System Monitor, the system task manager.
CoreCtrl, a profile-based system control utility

A management and integration layer for Nitrux

Nitrux builds around NX AppHub, its own system for delivering, integrating, and managing applications.

NX AppHub forms the foundation of Nitrux’s user-level software management system, with a reproducible, declarative, and rootless model designed specifically for Nitrux’s immutable architecture, built around AppBoxes—our vision of modern, smaller, faster, Nitrux-first AppImages.

• Improved System Integration: NX AppHub is part CLI for management and part system integration daemon. The integration will add GUI AppBoxes to the application launcher and CLI AppBoxes to the $PATH for global access.
• Curated Build Sources: The CLI uses Debian packages from curated repositories such as Debian, Devuan, Ubuntu, KDE Neon, and Nitrux, defined in each app YAML file as build sources, assembling them into reproducible AppDirs.
• Reproducible Bundles: NX AppHub CLI bundles each AppDir into an AppBox, a structured, self-contained binary that includes metadata, desktop entries, and integration data.
• Verifiable Chain of Trust: AppBoxes are built locally, not by third parties or downloaded from third-party sites, ensuring safer origins and deterministic builds. The app repository contains only YAML files for the CLI, not binary files, and is managed exclusively by Nitrux.
• Sandboxing: AppBoxes can include defined sandbox profiles using Firejail, AppArmor, a combination of the two, or Bubblewrap for per-application isolation.
• Simple Management: NX AppHub handles installation, updating, downgrading, and removal of AppBoxes through its logic rather than binary patching or embedded updaters.
• Modern FUSE Runtimes: AppBoxes use FUSE 3 runtimes and can use Zstd compression, resulting in smaller local files and faster startup times.
• Designed for Nitrux: Applications remain rootless, self-contained, and in sync with the base system, preserving the integrity of the immutable root. NX AppHub was designed and developed specifically for Nitrux.
• Integrated AppBox Build Debugger: NX Apphub CLI provides the necessary options to debug AppDir bundles and solve issues regarding missing libraries or custom configuration.

Nitrux also supports Flatpak, allowing access to the extensive application catalog on Flathub.

A new world for application developers

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. It provides a consistent environment for apps across different distributions, allowing developers to build applications that can run on any Linux distribution without needing to account for each one’s specific quirks or dependencies.

In addition to AppBoxes and Flatpaks, Nitrux also supports containers, allowing users to continue using package managers while respecting Nitrux’s philosophy.

Containers made easy

Distrobox is based on an OCI image and implements concepts similar to those of ToolBox, built on top of Podman and OCI-standard container technologies.

Users can run a container of any Linux distribution (Arch, Fedora, Debian, openSUSE, NixOS, Gentoo, and many more), including multiple containers simultaneously; there are no limitations. Distrobox also allows users to export software that uses a desktop launcher, automatically integrating it into the application menu and picking up the artwork from the host, such as application themes and icons.

Elevating your digital safety and protecting your local data

Nitrux takes extra steps to keep your personal information safe. Below, we highlight some of the security features and policies we’ve enabled by default compared to our upstream base.

• Core Dump Protection: Core dumps are disabled to prevent exposure of sensitive information such as passwords or encryption keys, and to save disk space.
• Enhanced Password Policies:
  • Password expiration is limited to 90 days (1111.1x shorter than Debian’s default of 99999 days).
  • Over 60k hashing rounds are used for stronger password protection (Debian default: 5000).
  • New passwords must meet complexity requirements, including randomness, enforced via libpwquality.
• Root Account Security:
  • The root account is inactive in both the Live session and the installed system.
  • Administrative tasks require sudo.
• Kernel Hardening:
  • Enable BPF JIT hardening to mitigate JIT spraying attacks.
  • Fill freed memory (pages and heap objects) with zeroes to prevent data leaks.
  • Disable merging of similar-sized memory slabs to thwart specific exploits.
  • Disable virtual syscalls to reduce the attack surface.
  • Randomize kernel stack offsets at syscall entry to increase address unpredictability.
  • Use Page Table Isolation to mitigate speculative execution attacks like Meltdown.
  • Enable multiple LSMs (Linux security modules), such as Capability, AppArmor, Yama, BPF, and Landlock.
• Network and Privacy Enhancements:
  • Enable MAC address randomization for privacy.
  • Use IPv6 Privacy Extensions to obscure original IP addresses.
  • Enable Reverse Path Filtering to prevent IP spoofing and mitigate DDoS attacks.
  • Disable source routing to block potential bypassing of security controls.
• System Access Restrictions:
  • Restrict access to kernel pointer addresses to prevent information leaks.
  • Disable the SysRq key to block unauthorized system commands.

Nitrux includes and uses AppArmor by default, which, in conjunction with Firejail, can offer a more robust configuration. AppImages are sandboxed by default using Firejail, and other executables have AppArmor profiles enabled. In addition to AppArmor and Firejail, we include Bubblewrap, a low-level, unprivileged sandboxing tool that Flatpak and similar projects use. By default, we include ~117 AppArmor profiles and ~1247 Firejail profiles.

Nitrux provides multiple ways to encrypt information, including block-device (dm-crypt) during installation, filesystem-level (f2fscrypt), and userland encryption tools like fscrypt.

**Despite the efforts and improvements in each release, we’re not claiming to be security or forensic experts or that the distribution is “impenetrable” or “unhackable,” so there isn’t any misunderstanding.