MauiKit is a set of templated controls and tools based on QQC2, initially using Kirigami shared among the Maui set of applications. MauiKit helps quickly build UIs that follow the Maui HIG and are ready-to-go across platforms, such as Android and Linux—with seamless transitions between mobile and desktop technologies—where the line between desktop and mobile is blurred. Using the same codebase, Maui Apps provides users with a single app across multiple form factors. Accomplish what would otherwise take hundreds in a few lines, from concept to the end user’s screen — the fastest way to create convergent apps.

Cross-platform

Components are ready to be easily used and work on Android and Linux

Convergent

Easily create applications that work on mobile devices and desktop computers.

LGPL 3 licensed

MauiKit is a free and open-source project, and you can use, copy, merge, publish, and distribute the framework without significant limitations.

The fastest way to develop beautiful desktop and mobile apps

Experience streamlined development with zero-time setup, using the technologies you already know and love – Qt, QML, and C++.

Brilliant look and feel with lots of ready-to-use components and styling

Various UI components designed for mobile and desktop apps. MauiKit provides tons of elements. They all support Linux and Android. With MauiKit, you can support Android and Linux with the same source code.

Improved system integrity and certainty

An immutable operating system remains unchangeable after installation, providing a degree of certainty. In Nitrux, the root directory remains immutable, safeguarding its original content. This design choice offers notable advantages, such as:

• An immutable system enhances confidence in delivering new distribution versions without root conflicts.
• It also prevents issues arising from upgraded packages sourced outside our controlled repository.

This approach also strengthens security against tampering and malware and simplifies system maintenance by minimizing potential points of failure. The core benefits include shielding against update failures and user errors by rendering essential components read-only, streamlining maintenance.

NX Overlayroot is a tool that uses  OverlayFS, a union filesystem. OverlayFS presents a unified view of two different filesystems by overlaying one filesystem on top of another. OverlayFS presents the object from the upper filesystem and hides it from the lower filesystem if the object exists in both filesystems. It merges and presents the directory’s contents on the upper and lower filesystems if the object is a directory.

Effortless system upgrades

In today’s dynamic OS landscape, seamless updates and dependable rollbacks are more crucial than ever. The Nitrux Update Tool System streamlines distribution updates while ensuring a safety net against unexpected issues.

At its core, the Nitrux Update Tool System simplifies the update process:

• Confident Backups: It creates a backup of the root XFS partition using the XFS utilities and stores it locally.
• Swift Updates: Then it downloads an OTA-style update file and installs the system update using a custom AppImage.
• Effortless Rollbacks: It uses the XFS tools to restore the backup.

In a world prioritizing security and convenience. Its backup precision, efficient updates, and stress-free rollbacks offer a smoother, safer, and streamlined way to keep systems current and secure.

Performance optimizations

Nitrux applies extensive kernel and system tuning for responsive, high-performance computing. Below, we highlight some of the tuning we’ve applied by default compared to our upstream base.

Memory management

• Reduced compaction overhead for stable performance.
• Transparent Hugepages for memory-intensive applications.
• Increased memory map limits for demanding workloads (gaming, development).
• OOM Killer tuning to prevent full system freezes.
• Atomic allocation reserves for burst handling.

I/O and networking

• ADIOS I/O scheduler for low-latency disk access.
• TCP buffer autotuning and Fast Open for high-speed networking.
• Optimized dirty page and RCU settings.

CPU scheduling

• SCX scheduler with power-aware profile selection.
• AMD Preferred Core and 3D V-Cache Optimizer support.
• GameMode integration for optimal core pinning on hybrid architectures.
• NX Dynamic PPD for automatic power profile switching.

Aesthetic FHS

Aesthetic FHS is a change in the structure of the root directory to make the FHS directories more human-readable and easier to understand their purpose. Aesthetic FHS is an initial implementation of a proposal for a new filesystem hierarchy standard for Nitrux.

The structure of the Aesthetic FHS is as follows:

• /Applications→Directory for system-wide available self-contained application bundles.
• /System→Directory for operating system components.
• /Users→Directory for user home directories.

Available out-of-the-box

Nitrux is a complete Operating System that ships with essential apps and services for daily use. Nitrux includes a suite of convergent applications called Maui Apps. We use MauiKit, our convergent, cross-platform UI framework, to create these applications. Nitrux also includes a selection of applications carefully picked to perform the best when using your computer:

Built with MauiKit

Index, the file manager.
Nota, the simple text editor.
Station, the terminal emulator.
Pix, an image gallery.
VVave, a music player.
Shelf, a light and straightforward PDF viewer.
Fiery, a web browser.
Cinderward, an easy firewall.
Wirecloak, a simple VPN client.

A great selection of open-source software

Ark, a file archiver by KDE.
Plasma System Monitor, the system task manager.
CoreCtrl, a profile-based system control utility.

A management and integration layer for Nitrux

Nitrux builds around NX AppHub, its own system for delivering, integrating, and managing applications.

NX AppHub forms the foundation of Nitrux’s user-level software management system, with a reproducible, declarative, and rootless model designed specifically for Nitrux’s immutable architecture, built around AppBoxes—our vision of modern, smaller, faster, Nitrux-native application bundles.

• Improved System Integration: NX AppHub is part CLI for management and part system integration daemon.
• Curated Build Sources: The CLI uses Debian packages from curated repositories, defined in each app YAML file as build sources, assembling them into reproducible AppDirs.
• Reproducible Bundles: NX AppHub CLI bundles each AppDir into an AppBox, a structured, self-contained binary that includes metadata, desktop entries, and integration data.
• Verifiable Chain of Trust: AppBoxes are built locally, not by third parties or downloaded from third-party sites, ensuring safer origins and deterministic builds.
• Sandboxing: AppBoxes can include defined sandbox profiles using Firejail, AppArmor, a combination of the two, or Bubblewrap for per-application isolation.
• Simple Management: NX AppHub handles the installation, updating, downgrading, and removal of AppBoxes through its logic, rather than via binary patching or embedded updaters.
• Modern FUSE Runtimes: AppBoxes use FUSE 3 runtimes and can use Zstd compression, resulting in smaller local files and faster startup times.
• Designed for Nitrux: Applications remain rootless, self-contained, and in sync with the base system, preserving the integrity of the immutable root.
• Integrated AppBox Build Debugger: NX Apphub CLI provides the necessary options to debug AppDir bundles and solve issues regarding missing libraries or custom configuration.

Nitrux also supports Flatpak, allowing access to the extensive Flathub application catalog.

A new world for application developers

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. It provides a consistent environment for apps across different distributions, allowing developers to build applications that run on any Linux distribution without having to account for each distribution’s specific quirks or dependencies.

In addition to AppBoxes and Flatpaks, Nitrux also supports containers, allowing users to continue using package managers while respecting Nitrux’s philosophy.

Containers made easy

Distrobox is based on an OCI image and implements concepts similar to those of ToolBox, built on top of Podman and OCI-standard container technologies.

Users can run a container of any Linux distribution (Arch, Fedora, Debian, openSUSE, NixOS, Gentoo, and many more), including multiple containers simultaneously; there are no limitations. Distrobox also allows users to export software that uses a desktop launcher, automatically integrating it into the application menu and picking up the host’s artwork, such as application themes and icons.

Elevating your digital safety and protecting your local data

Nitrux takes extra steps to keep your personal information safe. Below, we highlight some of the security features and policies we’ve enabled by default compared to our upstream base.

• Core Dump Protection:
  • Core dumps are disabled to prevent exposure of sensitive information such as passwords or encryption keys, and to save disk space.
• Enhanced Password Policies:
  • NIST Special Publication 800-63B Revision 4-compliant password policies.
  • The system includes active countermeasures against guessing attacks.
• Root Account Security:
  • The root account is inactive in both the Live session and the installed system.
  • Administrative tasks require sudo.
• Kernel Hardening:
  • Enable BPF JIT hardening to mitigate JIT spraying attacks.
  • Fill freed memory (pages and heap objects) with zeroes to prevent data leaks.
  • Disable merging of similar-sized memory slabs to thwart specific exploits.
  • Disable virtual syscalls to reduce the attack surface.
  • Randomize kernel stack offsets at syscall entry to increase address unpredictability.
  • Use Page Table Isolation to mitigate speculative execution attacks like Meltdown.
  • Enable multiple LSMs (Linux security modules), such as Capability, AppArmor, Yama, BPF, and Landlock.
• Network and Privacy Enhancements:
  • Enable MAC address randomization for privacy.
  • Use IPv6 Privacy Extensions to obscure original IP addresses.
  • Enable Reverse Path Filtering to prevent IP spoofing and mitigate DDoS attacks.
  • Disable source routing to block potential bypassing of security controls.
  • Use dnscrypt-proxy by default and dynamically load dnscrypt-proxy relays.
• System Access Restrictions:
  • Restrict access to kernel pointer addresses to prevent information leaks.

Nitrux includes Cinderward, a simple, no-nonsense, init-agnostic, Wayland-friendly GUI for firewalld built with MauiKit, providing an intuitive interface for managing day-to-day firewall rules without the complexity of firewalld’s command-line tooling. Additionally, Wirecloak, a modern, native WireGuard VPN client for Nitrux, is also built with MauiKit. It provides a user-friendly interface for managing VPN tunnels while securely integrating with the system’s immutable root filesystem.

Nitrux includes and uses AppArmor by default, which, in conjunction with Firejail, can offer a more robust configuration. Other executables have AppArmor profiles enabled. In addition to AppArmor and Firejail, we include Bubblewrap, a low-level, unprivileged sandboxing tool used by Flatpak and similar projects. By default, we include ~117 AppArmor profiles and ~1247 Firejail profiles.

Nitrux provides multiple ways to encrypt information, including block-device (dm-crypt) during installation, filesystem-level (f2fscrypt), and userland encryption tools like fscrypt.

**Despite the efforts and improvements in each release, we’re not claiming to be security or forensic experts or that the distribution is “impenetrable” or “unhackable,” so there isn’t any misunderstanding.