
Fedora on Scaleway Dedibox with bootc
March 31, 2025
For a while now, I’ve been looking into optimizing and reorganizing some of the infrastructure that powers my self-hosting services. After evaluating a few alternatives, Scaleway’s Dedibox lineup caught my attention: it is a European company with good hardware and decent pricing.
However, as with every good solution, it is not perfect. Scaleway does not provide Fedora as an OS option for their Dedibox machines. They offer a decent selection, including Rocky Linux, Debian, and Ubuntu — but no Fedora. Now, if you know me, you know that Fedora is not just my distro of choice — it’s the one I trust for both personal and professional projects.
Sure, I could have just lived with Rocky, but that would mean tweaking and patching my Ansible roles and expectations to deal with different defaults and behaviors. Thanks, but no thanks.
Although it is possible to hijack a Linux system by replacing all the files and rebooting, it is not a clean solution that I would like to do on a system that then needs to be reliable.
Also, I was looking to have an immutable version of Fedora.
Putting the two things together, I decided to go with bootc
.
If you’re not familiar with it, bootc
is an image-based installation tool designed to install and manage OSTree-based systems like Fedora CoreOS.
Unlike previous approaches, it uses OCI images.
Also, bootc
is able to hijack an installed Linux installation and install itself on the running Linux disk.
The idea is simple: start with Rocky, install Podman, and use bootc
to install Fedora from a container into the host.
Here’s the snippet that did the magic:
dnf install -y podman
podman run --rm \
-v /dev:/dev \
-v /var/lib/containers:/var/lib/containers \
-v /:/target \
--privileged \
--pid=host \
--security-opt label=type:unconfined_t \
quay.io/fale/server:stable \
bootc install to-existing-root \
--root-ssh-authorized-keys /target/root/.ssh/authorized_keys
I used these commands with those parameters specifically for the following reasons:
podman
needs to be installed because it’s not present by default.- All the relevant filesystems need to be mounted inside the container to get access to
/dev
, the existing/var/lib/containers
, and the entire root filesystem under/target
. - The
--privileged
parameter is required since the installer is going to requireroot
privileges on the host system. - The
--pid=host
allows to run the container in the host namespace, allowing the container to properly interact with the host/proc
, needed to configure the bootloader. - The
--security-opt label=type:unconfined_t
is required if on the host system there is SELinux running. Without it, SELinux would block the container in performing the files substitutions. - The
bootc
command needs to be specified with reference to a valid bootc image. - The
--root-ssh-authorized-keys /target/root/.ssh/authorized_keys
option allows for copying the host SSH authorized keys to the new system, which is required if the used bootc image does not already have a mechanism to ensure that the correct SSH key is present.
After this, I rebooted, and everything worked!
Overall, Scaleway’s Dediboxes are pretty flexible. They don’t really mind what you put on them, as long as it boots.
While this trick might seem niche, I know I’m not the only one who finds themselves stuck between a good provider and an unsupported OS. If you’re like me — someone who prefers Fedora’s tooling, fast release cycles, and ecosystem — this method might save you a good amount of time.
If you’re interested in the OCI image I used (quay.io/fale/server:stable
), it’s just a base Fedora image with bootc
and a few handy tools preinstalled.
I might publish some blog posts about how I create and update it if there’s interest.