The OS That Always Has Your Back.
An immutable OS — the core is read-only and can't be broken. Two system copies. One always safe. One command to update. One reboot to undo it — always.

Shanios runs the Arch Linux default kernel for broad hardware compatibility and up-to-date driver support. The Arch ecosystem delivers the newest compilers, runtimes, and developer tools without a fixed release cycle — new drivers and kernels land before any fixed-release distro, without the manual maintenance Arch normally requires.

The immutable deployment layer gives rolling-release updates a verification step before they touch your active system — significantly reducing the chance a broken upgrade reaches your running OS.

Default shell is Zsh with Starship prompt — a fast, informative terminal prompt that shows git branch, exit codes, and environment context at a glance. Fish and Bash are also available.

McFly replaces standard shell history search with a neural network — see the CLI & Developer Toolchain card for full details.

Pre-configured runtimes with isolated Btrfs subvolumes: Podman, Distrobox, LXC, LXD, Flatpak, Snap, Nix, Apptainer — each isolated, each persistent across OS updates.

Avahi active by default — machine reachable as hostname.local from first boot. See Networking for details.

Graphics: Intel, AMD, and NVIDIA drivers pre-installed and configured with full Vulkan support. All major Vulkan drivers included: Intel (ANV), AMD (RADV), NVIDIA proprietary, nouveau (open-source), software (lavapipe), virtio-GPU, DirectX (dzn), and more. Works at first boot. NVIDIA support uses the proprietary driver by default for maximum compatibility — AMD and Intel GPUs are fully supported by open-source Mesa drivers (RADV, ANV).

Printers & Scanners: CUPS with manufacturer-specific drivers, SANE for scanners with broad auto-detection support. Plug in and print.

Firmware updates via LVFS: fwupdmgr is included and configured for the Linux Vendor Firmware Service. Update BIOS, NVMe firmware, SSD controllers, keyboard firmware, and other hardware supported by LVFS with fwupdmgr update — no manufacturer tools, no Windows, no USB boot drive required. Outdated firmware is a major security attack vector; Shanios makes keeping it current trivial.

Fingerprint readers (fprintd) — biometric login and sudo authentication work at first boot on supported hardware. No setup required.

FIDO2/U2F hardware keys (libfido2) — YubiKey and similar hardware security keys work for login, sudo, and web authentication without any configuration.

Smart cards (opensc + ccid) and NFC (libnfc) — enterprise authentication methods work at first boot.

Thunderbolt 3 (bolt authorization) — Thunderbolt device authorization is pre-configured. Connect Thunderbolt peripherals and docks without manual kernel parameter changes.

iOS devices (usbmuxd) — iPhone and iPad file transfer and tethering work out of the box.

5G modems (ModemManager) — mobile broadband connections via USB and PCIe modems are supported and managed through NetworkManager.

Hybrid GPU laptops — nvidia-prime and switcheroo-control are pre-installed for systems with both integrated and discrete GPUs.

Hardware groups automatic: every user account is automatically added to all relevant groups — containers, VMs, printing, scanning, and Nix all work without manual permission setup.

GNOME is designed around one idea: get out of your way. Everything a user needs is already installed and already works. No hunting for apps, no post-install setup, no configuration required.

Core GNOME apps: Text Editor, Calculator, Calendar, Clocks, Maps, Weather, Characters — the everyday utilities that should just be there. GNOME Console (terminal), GNOME Software (app store), Disk Utility, System Monitor, Screenshot, Logs.

Media & Files: Loupe (image viewer), Showtime (video player), Decibels (audio player), Snapshot (webcam/camera), Sound Recorder, Font Viewer, File Roller (archive manager), Nautilus (file manager), Transmageddon (video transcoder), Baobab (disk usage analyser).

Productivity: Gnote (notes), Papers (document/PDF viewer), Meld (visual diff and merge tool), Simple Scan (scanner), GNOME Connections (remote desktop client), NetworkDisplays (Miracast wireless display), GPaste (clipboard manager), Network Tools (ping, traceroute, DNS lookup in one GUI).

Security & Passwords: Seahorse (GNOME Keyring GUI — manage SSH keys, GPG keys, passwords), Secrets (password vault, KeePass-compatible). Malcontent for parental controls.

Hardware: GNOME Firmware (BIOS/firmware updates GUI), GSmartControl (drive health — S.M.A.R.T. monitoring), Disk Utility.

Shell extensions pre-configured: AppIndicator (system tray icons), Caffeine (keep screen awake), GSConnect (KDE Connect integration — phone notifications, file sharing, clipboard sync, remote input — on GNOME).

Customisation: Extension Manager, Papirus icon theme, GNOME browser connector.

Tools: Impression (write ISOs to USB), Drawing (paint/annotation), Fragments (BitTorrent client), Shortwave (internet radio).

Games: Nibbles, GNOME Mahjongg, Chess, Aisleriot (card games), Quadrapassel (Tetris), Sudoku.

GNOME Boxes — clean, minimal VM manager. Sandboxed Flatpak, VM disk images unaffected by OS updates or rollbacks.

Rygel DLNA/UPnP — stream media from your desktop to TVs and DLNA devices on your local network.

OEM Initial Setup wizard — first-boot experience for language, timezone, accounts, and preferences. Zero-drift fleet deployments.

Plymouth BGRT boot theme — displays the device manufacturer's logo at boot. Clean, professional for OEM deployments.

Both editions include: Vivaldi Browser, OnlyOffice, Waydroid, Warehouse, Flatseal, Gear Lever, Pods, BoxBuddy, OEM Initial Setup wizard, all security features, and the full container/networking stack.

A deeply customizable desktop for power users. Panels, themes, shortcuts, widgets — tune everything without touching the immutable OS.

Full gaming stack pre-installed: Steam with Proton, Heroic Games Launcher (Epic Games Store, GOG and Amazon Games), Lutris (supports any platform — GOG, Humble, itch.io, emulators, scripts), RetroArch, Bottles for Windows titles, MangoHud, GameScope, vkBasalt.

Flatpak management: Warehouse (browse, manage, and batch-update all installed Flatpaks) and Flatseal (granular permission control per app) — both pre-installed.

Full KDE app suite pre-installed: Kate (code editor), Okular (PDF/document viewer), Gwenview (image viewer), Elisa (music player), Haruna (video player), Kamoso (webcam), KCalc, KGet (download manager), KTorrent, Skanlite (scanner), ISO Image Writer, KRDC (remote desktop client), Kompare (file diff), KolourPaint — everything a desktop user needs, ready from first boot.

System tools: Konsole (terminal), Yakuake (drop-down terminal, press F12), Dolphin (file manager) with Google Drive integration via KIO, Ark (archive manager), Spectacle (screenshot), Discover (app store), KWallet (password manager), KDE Connect (phone integration — notifications, file sharing, remote input), Partition Manager, Filelight (disk usage analyser), Sweeper (system cleaner), Converseen (batch image converter), QRCA (QR code scanner/generator), KSystemLog + KJournald (system log viewers), KCron (scheduled task GUI), KRFB (remote desktop server), Plasma Vault (encrypted folders), Plasma Firewall GUI, KRDP (Remote Desktop Protocol server).

KDE games pre-installed: KPatience, Knights (chess), KBlocks, KSnakeDuel, KMahjongg, Kapman, KSudoku — for when you need a break.

Kernel gaming optimisations: HPET/RTC timers at 3072 Hz, custom CFS scheduler slices (3000 μs), expanded PID limits, memory maps, inotify watches. GameMode switches the CPU governor to performance on every game launch globally. Full details in the Gaming Performance card.

Ananicy-cpp background process priority manager — automatically deprioritises background tasks the moment a game goes active. See Gaming Performance for full details.

virt-manager + QEMU extension (Flatpak) — full VM lifecycle: networking, snapshots, storage pools, hardware passthrough. No system-level libvirt packages needed.

Bottles for Windows app compatibility. BoxBuddy GUI for Distrobox. Pods GUI for Podman.

Both editions include: Vivaldi Browser, OnlyOffice, Waydroid, Warehouse, Flatseal, Gear Lever, Pods, BoxBuddy, OEM Initial Setup wizard, all security features, and the full container/networking stack.

Font coverage: Indian scripts (Devanagari, Tamil, Telugu, and more), full CJK (Chinese, Japanese, Korean) rendering, complete emoji support — every script renders correctly without hunting for font packages.

IBus is the default input method — seamless switching between dozens of languages and input methods while typing. Localized layouts and screen reader support included.

Indian language support is designed in from the start, not added as an afterthought. This is an intentional focus of the project, reflecting its origin in India — where users shouldn't have to do extra work to use their native scripts on their OS.

Steam with Proton — play your Linux and Windows game library through Valve's compatibility layer. Pre-installed and configured.

Heroic Games Launcher — access Epic Games Store, GOG, and Amazon Games libraries on Linux. Pre-installed.

Lutris — open gaming platform that brings all your games together. Supports GOG, Humble Bundle, itch.io, emulators, and custom install scripts. Works alongside Steam and Heroic for anything they don't cover. Pre-installed.

RetroArch — emulate classic systems from NES to PlayStation. Pre-installed with cores ready to download.

Bottles — Windows app and game compatibility via Wine, with per-app prefixes, DXVK, VKD3D, esync/fsync, and snapshots. Installed as a Flatpak, fully sandboxed.

Kernel gaming tuning — HPET and RTC hardware timers set to 3072 Hz (default is 64 Hz). This dramatically reduces input latency and frame timing jitter — a meaningful competitive advantage in fast-paced games. CFS scheduler time slices (3000 μs), expanded PID limits, memory maps, and inotify watches are all configured for gaming workloads.

MangoHud + GOverlay — overlay your FPS, GPU/CPU temps, VRAM usage, and frame times in-game. GOverlay gives you a GUI to manage MangoHud and vkBasalt profiles.

vkBasalt — Vulkan post-processing layer. Apply sharpening (CAS, DLS), FXAA, or SMAA to any Vulkan game without modifying the game.

GameScope — Valve's micro-compositor. Improves frame pacing and frame limiting. Supports adaptive sync (VRR/FreeSync) and HDR output — HDR support is experimental, works best on AMD.

GameMode — Feral's GameMode daemon runs globally. When a game launches, it switches the CPU governor to performance, raises process priority, and adjusts I/O scheduling. Works with Steam, Heroic, Lutris, and any launcher that supports it — no per-game setup required.

Ananicy-cpp — background process priority manager running at all times. The moment a game goes active, background tasks are automatically deprioritised. Your foreground stays smooth without manual nice/renice commands.

NVIDIA, AMD, Intel drivers pre-installed with Vulkan and OpenGL configured. Vulkan validation tools and Mesa utils included.

Racing wheels with force feedback — Logitech wheels (G25, G27, G29, G920, G923, G PRO and more) are fully supported via in-kernel modules. Thrustmaster (T150, T300RS, T500RS, T248) and Fanatec wheels have udev rules and deadzone removal pre-configured. Force feedback works at first boot — plug in and race.

Flight sticks & HOTAS — Oversteer supports flight sticks and HOTAS controllers. Configure axis curves, deadzones, and force feedback profiles through a clean GUI.

VR headsets — udev rules for HTC Vive, PlayStation VR, and Valve Index / SteamVR devices are pre-configured. Hardware access is available from first boot. VR is ready for SteamVR without additional setup.

Piper + libratbag — configure gaming mice (DPI profiles, buttons, macros, LEDs) via a clean GTK interface. Works with all libratbag-supported mice — Logitech G-series, Razer, SteelSeries, Roccat, and many more.

AntiMicroX — map controller buttons and axes to keyboard/mouse inputs. Essential for games that don't natively support controllers, and useful as an accessibility tool.

OpenRGB — control RGB lighting across motherboards, RAM, fans, keyboards, mice, and peripherals. Vendor-neutral, no manufacturer software required.

All hardware groups (input, realtime, video) are pre-configured so controllers and peripherals work immediately — no permission issues.

Flatpak — sandboxed apps with controlled permissions. Install from Flathub — the largest curated Linux app store. Apps live in a dedicated @flatpak Btrfs subvolume shared between both OS copies. Auto-updates every 12 hours via two independent timers (system-level and per-user), including unused runtime cleanup and automatic repair. Update manually: flatpak update

Snap — snapd included and auto-enabled, backed by its own @snapd subvolume. Full Snap Store library alongside Flathub. Update: snap refresh. Note: the Snap Store backend is operated by Canonical and is not fully open-source — if this matters to your workflow, Flatpak and Flathub are the recommended alternative, with a fully open governance model.

Both keep OS and apps in completely separate layers — an OS update or rollback never affects your installed software.

Nix — reproducible package manager with daemon auto-enabled at boot. Isolates by environment rather than sandboxing — apps share no conflicting dependencies. The Nix store lives in a dedicated @nix subvolume shared between both OS copies. This means your Nix packages survive both updates and rollbacks — no re-download when switching. First-time setup: add a channel before installing packages: nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs && nix-channel --update. After that, install as normal. Update: nix-env -u or nix flake update

AppImages are self-contained portable executables — every dependency is bundled inside a single file. No package manager, no installation, no modifications to the immutable OS root. Just download and run directly.

Gear Lever is an optional GUI for managing AppImages — it is not required to use them. Use it to add desktop shortcuts, set launch-at-login, track updates, and remove AppImages cleanly. AppImage state is stored in a dedicated persistent bind-mount, surviving every OS update and rollback.

Waydroid — full Android container available on both GNOME and KDE editions. Hardware-accelerated on Intel and AMD GPUs; NVIDIA GPUs use software rendering. Service enabled at boot. System images and user data in a dedicated @waydroid Btrfs subvolume, preserved across OS switches. ARM translation included via the pre-installed waydroid-helper — run ARM-only Android apps without needing a compatible device.

For Android developers: Waydroid is a full, hardware-accelerated Android stack — not a slow AVD. Test your apps on real hardware-accelerated Android without a separate device.

Bottles — Windows application compatibility via Wine, per-app prefix management, DXVK, VKD3D, esync/fsync, and snapshots. Installed as a Flatpak, fully sandboxed. Pre-installed on KDE Plasma edition; can be installed from Flathub on GNOME.

Distrobox + BoxBuddy GUI — run any Linux distribution in a desktop-integrated container. Ubuntu toolchain and Fedora toolchain side by side, no host modification. BoxBuddy provides a clean GUI for creating, managing, and entering containers. Containers survive OS updates untouched.

Podman + Pods GUI — Docker-compatible, daemonless, rootless-by-default OCI container runtime. No central daemon means no single point of privilege escalation. Socket enabled at boot. Includes podman-compose, buildah, skopeo, podman-docker. The Pods app provides visual image and container management. Storage in @containers subvolume. Update: podman auto-update

systemd-nspawn — lightweight OS containers managed via machinectl. Images stored in @machines subvolume. Ideal for testing OS configs or running isolated system services without a full VM's overhead.

LXC + LXD — system containers for running full Linux distributions. LXD socket auto-enabled at boot alongside lxcfs. Persistent subvolumes (@lxc, @lxd). Run a complete Ubuntu or Debian server environment on your Arch desktop without a full VM.

Apptainer (formerly Singularity) — the HPC and scientific computing standard. Submit reproducible environments to clusters, share exact environments with collaborators, run GPU workloads in isolation. Pre-configured on Shanios — pair with the immutable host OS for a fully reproducible research stack where both container and host are verifiable artifacts.

GNOME Boxes (GNOME edition) — clean, minimal VM interface. Runs fully sandboxed as a Flatpak; no system QEMU or libvirt required.

virt-manager + QEMU extension (KDE Plasma edition) — full VM lifecycle: networking, snapshots, storage pools, hardware passthrough. Both installed as Flatpaks, fully sandboxed.

VM disk images are stored within the Flatpak sandbox data directory and are unaffected by OS updates or rollbacks.

All relevant groups are pre-configured — VMs work at first boot assuming hardware virtualization (Intel VT-x / AMD-V) is enabled in BIOS.

Shells & Search

Zsh (default, with Starship prompt — shows git branch, exit codes, and environment context at a glance), Bash, Fish. Plugins: autosuggestions, syntax highlighting, history substring search, FZF.

McFly shell history — replaces standard Ctrl+R with a local, on-device neural network that learns from your patterns. Surfaces the most relevant commands based on current directory, recent activity, and exit codes. Runs entirely locally — no data leaves your machine. The longer you use it, the better it gets at predicting what you need.

Editors

Vim, Vi, Nano, Micro, Tmux, Ed, Less, Lynx

Core Utilities

Coreutils, Findutils, Grep, Gawk, BC, Diffutils, Patch, Time, Which, Texinfo

System & Monitoring

Htop, Fastfetch, Tree, Inxi, Dmidecode, Strace, Lsof, Ncdu, Sysstat, Smartmontools, Cronie, Logrotate, PV, JQ, Expect, Dialog

Version Control

Git, Subversion, Mercurial

Archive & Compression

7zip, Arj, Unrar, Unarchiver, Unzip, Zip, Lrzip, Lzop

GPU & Hardware Diagnostics

Vulkan-tools, Mesa-utils, Clinfo, Android-tools

firewalld — active by default from first boot. Zone-based firewall blocking all unsolicited inbound connections.

Enterprise VPN suite — OpenVPN, WireGuard, L2TP, PPTP, strongSwan (IPsec), OpenConnect (Cisco AnyConnect-compatible), SSTP, and Fortinet (openfortivpn) are all pre-installed. Connect to any corporate network without hunting for packages.

Tailscale — private WireGuard mesh network. Access your services privately across devices without public exposure. Activate on sign-in.

Caddy — modern web server with automatic HTTPS. Host sites or dashboards locally or over Tailscale. Not active by default.

Cloudflared — encrypted Cloudflare tunnel. HTTPS access to local services without a static IP or exposing your real address.

OpenSSH — encrypted remote access. Not enabled by default. Recommended to run over Tailscale rather than publicly exposed.

Fail2ban — automatic IP banning for repeated auth failures. Recommended alongside public-facing SSH. Not active by default.

Samba + NFS — file sharing to Windows/macOS (SMB) and Linux/Unix (NFS). Both pre-installed; neither runs by default. All state persists across blue/green OS switches via bind mounts.

dnsmasq — lightweight DNS forwarder, DHCP server, and split-DNS resolver. Configure local DNS for your home or office network — point internal hostnames to local IPs, route only certain domains through VPN. Not active by default.

Avahi — mDNS/DNS-SD active by default. Your machine is reachable as hostname.local from any device on the local network from first boot — no router configuration, no DNS setup needed.

Network tools pre-installed: Nmap, Iftop, Bandwhich, Nethogs, Tcpdump, Traceroute, Rsync, Iperf3, MTR, Socat, OpenBSD Netcat, Curl, Wget, Aria2, Bind, Whois.

Restic — encrypted, deduplicated backups to local drives, SFTP servers, S3-compatible storage, and more. Backup repository metadata stored in a persistent bind mount — backup history preserved across OS updates.

Rclone — sync files to 70+ cloud providers (Google Drive, S3, Backblaze, OneDrive, and more). Remote config and mount state persist across blue/green switches so configured remotes remain available.

fwupdmgr + LVFS — update BIOS, NVMe controllers, SSD firmware, keyboard firmware, and other hardware via the Linux Vendor Firmware Service with fwupdmgr update. Full details in the Hardware Support card.