System Administration
This section covers the day-to-day operation of an InterGenOS machine: managing users and services, configuring the network, working with filesystems and the boot chain, running virtual machines and containers, and keeping the system maintained over time.
InterGenOS is a built-from-source Linux distribution with a single, consistent design goal: a machine you understand, can modify, and can trust. The administration model reflects that. The system is hardened from the moment it boots rather than after a post-install script, services bind to localhost unless you deliberately open them, and nothing updates or reports home behind your back. Administering the system means making explicit, visible decisions, not discovering hidden ones.
What ships today
The current release is InterGenOS 1.0-dev (build id v1.0-dev1). The desktop is GNOME 49 on Wayland.
Core administration components you will use across the tasks in this section:
- pkm — the package manager. Software is pulled from a signed binary mirror, the index signature is verified on every sync, and each package’s SHA-256 hash is validated locally before install. There are no auto-updates; software changes only when you run pkm yourself.
- Forge — the InterGenOS installer. Forge handles disk layout, initial credentials, and Machine Owner Key (MOK) enrollment for systems that need out-of-tree kernel modules. See the Forge installer guide.
- A signed Secure Boot chain — a Microsoft-signed shim validates the GRUB bootloader, which verifies the kernel and Unified Kernel Images. Installed systems regenerate and sign each kernel’s UKI with your machine’s local MOK on every kernel install or upgrade.
- Image integrity — the read-only live ISO image is sealed with dm-verity (its root hash carried inside the signed UKI); on the installed system, per-file integrity is checked on demand with
pkm verify.
The package set is built across six tiers (toolchain, core, base, desktop, ai, and extra) and totals roughly 850 packages as of June 2026. These counts drift between builds; derive the live figures from the system rather than treating any number as fixed.
On-device assistance
Two local, offline-first tools are available to help administer the system:
- InterGen — a tiered, hardware-detected local assistant built on Qwen models. It runs on-device with zero telemetry.
- InterGen Sentinel — a pluggable security scanner. The defaults are Local-Rules and Local-Qwen, both on-device. Six cloud providers (Claude (Anthropic), Gemini (Google), Copilot (Microsoft), ChatGPT (OpenAI), Grok (xAI), and DeepSeek) are available strictly opt-in. Escalating a scan to one of these external models is called Phone-A-Friend (Frontier/Cloud Escalation); it never happens unless you choose it.
See the assistant documentation for configuration details.
Pages in this section
- Users, Groups & Services — account management and controlling the systemd services that run on your machine.
- Networking — interface configuration and the default localhost-only bind policy for server software.
- Filesystems, Kernel & Boot — storage layout, kernel management, and the signed boot chain including MOK and UKI signing.
- Virtualization & Containers — running virtual machines and containers on InterGenOS.
- Power Management & Maintenance — keeping the system updated, healthy, and efficient over its lifetime.
Security defaults
Much of administering an InterGenOS system is understanding what it already does on your behalf. By default, AppArmor profiles for system daemons run in enforce mode, systemd services are sandboxed with extensive isolation directives, server packages bind only to 127.0.0.1, and no service ships with a blank or default password. There is no telemetry and no analytics. Nothing upgrades itself: the only background package task is a daily update check that notifies you of available upgrades without installing them, and it can be switched off (systemctl disable --now pkm-check-updates.timer).
For the full enforced baseline, read the security section.