An installer that knows what it's doing.
An installer that knows what it’s doing.
Vanilla Arch underneath. A configuration knowledge base on top — every setting, every interaction between settings, transparently encoded.
# installer pipeline — NVIDIA detection
$ detect Quadro K3100M (PCI 11b6)
$ cross-reference github.com/NVIDIA/open-gpu-kernel-modules
$ cross-reference nvidia.com/…/legacy-gpu
$ decide recommend proprietary legacy driver 470
$ enforce LTS kernel (DKMS requirement)
✓ four conflicting options resolved into one consistent defaultThree principles, applied throughout.
Every choice is data
Settings, dependencies, and lifecycle scripts live in a KDL knowledge base — auditable, forkable, fetched at install time so improvements ship without re-spinning an ISO.
Security by default
Per-CPU vulnerability mitigation, system hardening sysctls, restricted user namespaces, optional hardened_malloc. Opt-out, not opt-in — and every trade-off is explained where you make it.
XFCE · Wayfire · Niri · COSMIC
Pick one, or install all four side by side and switch from the greeter. Each ships preconfigured with waybar, nwg-launchers, nwgbar and a consistent panel — not a stripped-down minimum.
Four equal desktops, not one default and three afterthoughts.
Wayfire and Niri are commonly considered incomplete environments. Ditana ships everything they need — a polished waybar, nwg-launcher, nwgbar, and a consistent panel layout — and treats all four desktops as first-class citizens.
Every upgrade is reversible.
Arch’s rolling-release model is a feature, not a bug — but it can land breakage on a Tuesday morning. Ditana takes the sting out by snapshotting the system before every upgrade, automatically.
Atomic snapshots, taken by a pacman hook.
On ZFS and BTRFS, snapshots are atomic and free — a few milliseconds before any package upgrade. On XFS and EXT4, Timeshift handles the same job via rsync, completing typical incremental snapshots in seconds.
The first snapshot is created by the installer itself, just before the first reboot. That means you can roll back to a freshly-installed system from day one — no setup, no first-upgrade chicken-and-egg.
System snapshots, not data snapshots: /home and other data volumes are never touched. Roll back the system; keep your work.
For ZFS, Ditana ships its own zfs-autosnap fork that — unlike the upstream — removes the pacman lock file from the snapshot, so a rollback leaves you with a working pacman immediately.
Headless too. System hardening plus automatic snapshots make Ditana a viable Arch-based server choice — uncommon for a rolling release. The installer’s Server profile skips the desktop install entirely and leans into the security defaults.
It checks the upstream sources at install time.
NVIDIA detection, four-way decision.
Ditana queries the live PCI ID lists from github.com/NVIDIA/open-gpu-kernel-modules and the official legacy GPU page at install time. Based on the result, it recommends one of four driver options — nvidia-open-dkms, the legacy proprietary nvidia-580xx-dkms, the older nvidia-470xx-dkms, or nouveau — and refuses kernel combinations that would break DKMS.
It then explains what it picked, and why.
CPU vulnerabilities, detected and mitigated.
Spectre v2, Meltdown, MDS, TAA, MMIO Stale Data, RETBleed, SRSO, GDS, RFDS — Ditana reads /sys/devices/system/cpu/vulnerabilities/ at install time, enables only the mitigations your CPU actually needs, and lets you review each one with documentation.
Every mitigation comes with its cost spelled out, so you can make an informed call instead of choosing between “secure default” and “fast default” blindly.
System hardening, opt-out by default.
Disabled unprivileged user namespaces. Restricted ptrace. Hidden kernel pointers. Hardened FIFO/regular file protection in sticky dirs. SYN cookies, no ICMP redirects, no source routing, reverse-path filtering. Each option ships enabled, each one is explained — and developers get a profile that loosens the right things for debugging.
Ten categories. Sensible defaults. No mystery.
Tell the installer who you are — distro-hopper, developer, server, or default — and it pre-flips checkboxes accordingly. You can review and revise every single one before installation begins.
One screen, the whole system.
Configuration categories let you drill into desktops, browsers, file managers, office suites, AI tools, terminals, kernels, filesystems, hardening, mitigations, and the system allocator — all from one menu, all reversible, all explained.
Every change comes with its impact.
Toggle an option, see the consequence: which packages get added, which scripts will run, what other settings flip in response. The settings graph is data — Ditana shows you the path through it.
The installer is small. The knowledge base is big.
A Linux installer should do more than partition, install packages, and hand off. PKGBUILDs only know about their own package — they can’t know what else is on the system. Ditana keeps the cross-cutting decisions in a separate, auditable knowledge base.
Settings declare their dependencies in plain KDL.
This excerpt says: install bubblewrap-suid only if Flatpak or Bubblejail is enabled and unprivileged user namespaces are disabled. No hardcoded logic in the installer — the reasoning lives next to the package list, where someone reviewing it can see why.
- name="install-bubblewrap-suid" \
default-value="`(flatpak OR install-bubblejail)
AND (kernel-option-duurn
OR install-hardened-stable-kernel)`" {
// Without this, every Flatpak fails at startup
// with "bwrap: No permissions to create a
// new namespace".
arch-packages "bubblewrap-suid"
}Ready to try it?
Ditana 0.9.3 Beta is a 2.6 GB ISO with offline-capable install media and a signed checksum. The full install takes 15–45 minutes depending on what you pick.