# Nexus Box Profiles
## The Three Pillars of Nexus OS Distribution

**Date:** December 27, 2025  
**Status:** Architecture Defined, Prototypes In Progress

---

## Philosophy: No Forks, Only Profiles

Nexus is **NOT** another Linux distro. It's not a BSD fork. It's a **unified build system** that produces three distinct OS profiles from cherry-picked components:

```
┌─────────────────────────────────────────────────────────────┐
│                    NEXUS BUILD TOOLKIT                      │
│              nexus build --profile=<BOX>                    │
├───────────────┬───────────────────┬─────────────────────────┤
│    NexBox     │     OpenBox       │      DragonBox          │
│  Linux-musl   │   OpenBSD pure    │   DragonflyBSD HammerFS │
│  + OpenBSD UL │   + Rumk option   │   + Proxmox Killer      │
├───────────────┴───────────────────┴─────────────────────────┤
│                       Rumk Hypervisor                       │
│                  (Optional Base Layer)                      │
└─────────────────────────────────────────────────────────────┘
```

---

## The Three Boxes

## The Flagship Profiles (Standard Template Constructs)

We define five core "Standard Template Constructs" (STCs) built as a layered hierarchy.

### 1. `tinybox` (STC-1)
**"The Spark"**

*   **Target:** Bootloaders, Rescue Systems, Minimal IoT.
*   **Scale:** **< 5 Packages**.
*   **Components:**
    *   `kernel` (Linux 6.x Minimal)
    *   `toybox` / `core` (Static Userland)
    *   `dinit` (Service Manager)
*   **Size:** ~8-12 MB.
*   **Philosophy:** "The Engine, The Hands, The Heart."

### 2. `cryptobox` (STC-2)
**"The Vault"**

*   **Target:** HSMs, Cold Storage, IoT Controllers, Satellites, Blockchain Nodes.
*   **Scale:** **< 15 Packages**.
*   **Architecture:**
    - **Shield:** Immutable **EROFS** root + **DM-Verity** (Neutrino Shield).
    - **Notebook:** **F2FS** persistent overlay for cryptographic state.
    - **Vault:** hardware-accelerated **dm-crypt** (AES-256-XTS).
*   **Components:**
    *   Extends `tinybox`
    *   `nip` (Sovereign Runtime)
    *   `wireguard` (Secure Mesh)
*   **Size:** ~12-18MB.
*   **Philosophy:** "Ghost in the Shell" — Ephemeral by default, Persistent by choice.

### 3. `dragonbox` (STC-3)
**"The Swarm"**

*   **Target:** Kubernetes Nodes, Container Hosts, Serverless Fleets.
*   **Scale:** **< 80 Packages**.
*   **Components:**
    *   Extends `cryptobox`
    *   `containerd` / `runc`
    *   `cni-plugins`
*   **Philosophy:** "Just enough OS to run a container."

### 4. `nexbox` (STC-4)
**"The Forge"**

*   **Target:** Developer Workstations, Build Nodes, General Purpose CLI.
*   **Scale:** **< 150 Packages**.
*   **Components:**
    *   Extends `dragonbox`
    *   `gcc`, `make`, `git`
    *   `neovim`, `zsh`, `python`
*   **Philosophy:** "Zero GNUs given." The flagship platform for architects.

### 5. `linbox` (STC-5)
**"The Station"**

*   **Target:** Daily Driver, Replacement for standard Linux desktops.
*   **Scale:** **> 500 Packages**.
*   **Components:**
    *   Extends `nexbox`
    *   `wayland` / `niri` / `hyprland`
    *   `kde-plasma` (Desktop)
*   **Philosophy:** "The Sovereign Desktop."

---

## Rumk Integration

All three Boxes can optionally run **ON TOP OF Rumk**:

| Mode | Description |
|------|-------------|
| **Standalone** | Box runs as bare-metal OS |
| **Rumk Guest** | Box runs as Rumk unikernel guest |
| **Hybrid** | Rumk as hypervisor, Box as primary guest |

```
┌─────────────────────────────────────────────────────────┐
│              NexBox / OpenBox / DragonBox               │
│                    (Guest OS)                           │
├─────────────────────────────────────────────────────────┤
│                   Rumk Hypervisor                       │
│              (Optional base layer)                      │
├─────────────────────────────────────────────────────────┤
│                      Hardware                           │
│            x86_64 · ARM64 · RISC-V 64                   │
└─────────────────────────────────────────────────────────┘
```

---

## Architecture Support

| Box | x86_64 | ARM64 | RISC-V 64 |
|-----|--------|-------|-----------|
| NexBox | ✅ Primary | ✅ Ready | 🚧 Q2 2026 |
| OpenBox | ✅ Ready | ✅ Primary (RPi5) | ✅ VisionFive 2 |
| DragonBox | ✅ Primary | 🔮 Future | ❌ N/A |

---

## Roadmap

### Q1 2026: ARM64 Focus
- [ ] OpenBox RPi5 bootable image
- [ ] OpenBox VisionFive 2 (RISC-V) image
- [ ] NexBox ARM64 server variant
- [ ] nip recipes for ARM64 packages

### Q2 2026: Rumk Integration
- [ ] All Boxes bootable on Rumk unikernel
- [ ] NPL driver grafting from each Box
- [ ] ProvChain fleet coordination

### Q3 2026: DragonBox Hypervisor
- [ ] bhyve integration
- [ ] HAMMER2 volume management
- [ ] Web UI (Proxmox-like)
- [ ] Live migration via Rumk

---

## Why Not Just Use [Existing Distro]?

| Alternative | Why Not |
|-------------|---------|
| Ubuntu/Debian | glibc bloat, GPL politics, systemd lock-in |
| Alpine | Good, but no pledge/unveil, limited desktop |
| OpenBSD | No Linux binary compat, limited hardware |
| FreeBSD | No LWKT, no HAMMER2 |
| Proxmox | GPL, bloated, ZFS-only |
| NixOS | Nix DSL complexity, still glibc |

**Nexus Boxes cherry-pick the best from each, unified under one build system.**

---

## Build Commands

```bash
# List available profiles
nexus build --list-profiles

# Build with default settings
nexus build --profile=nexbox

# Build with full customization
nexus build --profile=openbox \
  --arch=arm64 \
  --target=rpi5 \
  --fragments="base,mesh,media" \
  --output=./dist/openbox-rpi5.img
```

---

*Forge unbreakable—Nexus never forks.*  
*December 27, 2025*