Overkill Linux Documentation

Complete reference for installing, configuring, and mastering Overkill Linux v2.0 Katana.

Overview

Overkill Linux is a Debian-based Linux distribution that uses the KDE Plasma desktop environment. It offers customized editions tailored to every user type and need -- developers, gamers, multimedia creators, scientists, crypto users, engineers, and students.

Through the Overkill System Manager, all required packages for each edition are downloaded and kernel settings are applied with a single click. The System Manager also provides ZRAM support, NVIDIA driver installation, package management, DNS configuration, browser installation, and general system administration tools.

The goal of Overkill is to provide an effortless and fast workstation setup for every user. One ISO, install your preferred edition after boot, and your system is ready.

Key Facts: Based on Debian Stable. KDE Plasma desktop. systemd init. amd64 architecture. Flatpak integrated. 20 editions. ZRAM support. NVIDIA driver management. Conky desktop monitor.

Project History

Overkill Linux was formerly known as Linux Megamix. The project was evolved and renamed due to several factors:

Installer issues -- The original debian-installer and squashfs copy mechanism caused reliability problems during installation
Low usability -- The old system lacked a graphical management tool, requiring manual configuration
Maintenance overhead -- Maintaining separate ISO images for each edition was unsustainable; the new single-ISO approach with post-install edition selection greatly reduces maintenance burden
Limited flexibility -- The old system did not support combining editions; the new Mix system allows combining Developer + Gaming, Developer + AI, and other combinations

What changed in 2.0 "Katana"

Single ISO architecture -- editions are installed after boot, not baked into separate images
Overkill System Manager (PyQt6 GUI) for graphical system management
Kernel tuning profiles updated and expanded (gaming, multimedia, AI, hardened)
New editions: Lite variants (Gaming Lite, Dev Lite, Dev+Gaming Lite), Gamebox, and Mix combinations
New KDE Plasma desktop configuration
Conky desktop monitor showing system info, edition, performance, storage, network, and battery
Conky Manager tool for enabling/disabling the desktop monitor from terminal

System Requirements

Component	Minimum	Recommended
CPU	64-bit x86 processor	4+ cores, 2.0 GHz+
RAM	2 GB	4 GB+ (8 GB+ for AI/Dev editions)
Storage	20 GB	50 GB+ SSD
GPU	Any (Intel/AMD/NVIDIA)	Dedicated GPU for Gaming/AI editions
Network	Required for edition install	Broadband connection
Boot	UEFI or Legacy BIOS	UEFI with Secure Boot disabled

Installation

1. Download the ISO

Download overkill-2.0-amd64.iso from SourceForge. After downloading, verify the file integrity:

sha256sum overkill-2.0-amd64.iso

Expected checksum:

349c1ee8d1fda9c94dc098420e75a0f587e5e5adb3876c2e9ce8a8162fc245dd

2. Create a Bootable USB

Flash the ISO to a USB drive (8 GB minimum). The USB contents will be erased.

Linux:

sudo dd if=overkill-2.0-amd64.iso of=/dev/sdX bs=4M status=progress oflag=sync

Replace /dev/sdX with your USB device (use lsblk to identify it). Do not point to a partition (e.g., /dev/sda1), use the whole disk (e.g., /dev/sda).

Windows: Use Rufus or balenaEtcher.

macOS: Use balenaEtcher, or dd in Terminal.

3. Boot from USB

Reboot your machine and enter the BIOS/UEFI boot menu (typically F12, F2, Del, or Esc during POST). Select your USB device. The Debian installer will launch.

Secure Boot: If your system has Secure Boot enabled and the installer fails to start, disable it in your UEFI firmware settings.

4. Complete the Installer

The Debian installer will guide you through disk partitioning, user account creation, timezone, and locale setup. The KDE Plasma desktop and core system packages are pre-installed on the ISO -- no additional desktop selection is needed.

First Boot

After installation, log in to KDE Plasma. The system ships with the base desktop and Overkill System Manager pre-installed. No edition is active by default.

To set up your workstation:

Open the Applications Menu and launch Overkill System Manager.
Browse the 20 available editions in the Editions tab and select the one that matches your workflow.
Click the Install button. The system will download and configure all packages automatically.
Reboot to apply kernel tuning profiles (if applicable to your edition).

Recommended: Always use the graphical Overkill System Manager from the Applications Menu for all system operations. The GUI provides real-time console output, error handling, and a user-friendly interface. The CLI (overkill-setup-cli) exists as an alternative for advanced users and scripting purposes, but is not the recommended way to interact with the system.

Tip: The Conky system monitor on your desktop will display the currently installed edition name, system performance metrics, storage, network, and battery information.

Edition System

The edition system is the core feature of Overkill Linux. Each edition defines:

APT Packages -- System-level software from Debian stable repositories (compilers, libraries, CLI tools, drivers)
Flatpak Applications -- Sandboxed desktop apps from Flathub (IDEs, games, wallets, browsers, AI clients)
Tuning Profile -- Optional kernel-level configuration (sysctl parameters, GRUB settings, module blacklisting, firewall rules)

Only one edition can be installed at a time. The system enforces this by checking for an existing edition before allowing a new installation. The edition state is stored in /usr/share/edition/edition.conf.

Full Edition List

ID	Edition	Description	Tuning
1	Development	Docker, IDEs, compilers, languages, and dev tooling	--
2	AI	AI desktop apps + PyTorch/XGBoost/Pandas + AI tuning	AI
3	Education	Office, math, science, and learning suites	--
4	Engineer	CAD, CAM, EDA, simulation, and 3D tools	--
5	Gaming	Wine, Steam stack, drivers + gaming kernel tuning	Gaming
6	Hardened	KeePassXC, Kleopatra, Cryptomator + nftables firewall	Hardened + FW
7	Cryptocurrency	Wallets, Cryptomator, Picocrypt and crypto apps	--
8	Cryptocurrency Hardened	Crypto apps + full hardening (no firewall)	Hardened
9	Scientific	TeX, Octave, R, Python stack, simulation and plotting	--
10	Office	Office suite, mail, finance, and PDF tools	--
11	Multimedia	DAW, NLE, GFX, photo + multimedia tuning	Multimedia
12	Dev + Gaming Mix	Dev stack + gaming stack with gaming tuning	Gaming
13	Dev + Gaming + Multimedia Mix	Everything for power users	Gaming
14	Dev + AI Mix	Dev stack + AI apps + ML libs + AI tuning	AI
15	Dev + Cryptocurrency Mix	Dev stack + crypto wallets/apps	--
16	Dev + Crypto Hardened Mix	Dev + crypto + full hardening	Hardened
17	Gaming Lite	Steam, Heroic, Lutris, Discord + gaming tuning	Gaming
18	Development Lite	VS Code + GitHub Desktop	--
19	Dev + Gaming Lite Mix	Dev Lite + Gaming Lite combined	Gaming
20	Gamebox	Mindustry, OpenTTD, 0 A.D. and more + gaming tuning	Gaming

Tuning Profiles

Tuning profiles modify kernel parameters, boot configuration, and system services to optimize performance for specific workloads.

Gaming Tuning

Reduced vm.swappiness to keep games in RAM
Increased vm.max_map_count for large game maps
Optimized I/O scheduler and writeback settings
Network latency optimization (TCP nodelay, reduced keepalive)
Hugepages configuration for memory-intensive games
GRUB parameters for performance-oriented boot

Multimedia Tuning

Low-latency audio configuration (reduced buffer sizes)
Balanced I/O writeback for sustained read/write
Optimized memory management for large media files
PipeWire/JACK-friendly kernel parameters

AI Tuning

Maximized vm.max_map_count for large dataset mapping
GPU memory allocation optimization
Increased file descriptor and inotify limits
Large I/O buffer configuration for model loading

Hardened Tuning

Sysctl kernel lockdown parameters (see Sysctl Tuning)
GRUB boot security parameters (see Hardening Overview)
Vulnerable kernel module blacklisting (see Module Blacklisting)
nftables firewall (Hardened Edition only, see nftables Firewall)

Switching Editions

To switch from one edition to another:

Open System Manager and click Uninstall Current Edition, or run sudo overkill-setup-cli uninstall-edition
The system will purge all edition-specific APT packages and Flatpak apps, and revert any kernel tuning changes
Install the new edition
Reboot to apply the new tuning profile

Note: Uninstalling an edition will remove all packages installed by that edition. Any personal data, home directory files, and system-level packages not part of the edition are unaffected.

GUI Overview (Recommended)

The Overkill System Manager is the primary and recommended way to manage your Overkill Linux system. It is a full-featured PyQt6 graphical application with a modular interface -- left sidebar for navigation and a main content area with real-time console output for each operation.

How to launch: Open the Applications Menu on your KDE Plasma desktop and click Overkill System Manager. The application will request root privileges automatically. You do not need to open a terminal.

The GUI is designed to be the single point of control for your entire system. All edition installations, package management, driver setup, DNS configuration, ZRAM management, browser installation, and log viewing can be done through the graphical interface without ever touching a terminal.

Modules

Module	Description
Editions	Browse, install, and uninstall any of the 20 editions. Displays edition name, description, and install button for each. Includes an "Uninstall Current Edition" button at the top.
System	Run full system updates (`apt update && apt dist-upgrade`), clean APT caches and orphan packages, and change the system hostname.
Packages	Install or remove APT packages by name. Enter one or more package names and click Install or Remove.
Installers	Install local `.deb` files via file picker, install Flatpak apps by application ID, remove Flatpak apps, and list all installed Flatpak applications.
Drivers	One-click NVIDIA proprietary driver installation. Detects GPU, installs the appropriate driver package, and configures kernel modules.
ZRAM	Install `zram-tools`, enable/disable ZRAM compressed swap via systemd, and view current ZRAM device status and usage statistics.
Network	Switch DNS to Cloudflare (1.1.1.1), Google (8.8.8.8), Quad9 (9.9.9.9), or configure custom DNS servers. Settings persist across NetworkManager restarts.
Browsers	Install and remove 12 web browsers: Firefox ESR, Brave, Tor Browser, Mullvad Browser, FireDragon, Zen Browser, Floorp, Waterfox, Opera GX, Vivaldi, Chromium, and Falkon.
Logs	View system logs: system (journalctl), boot, kernel (dmesg), Xorg, APT history, and dpkg log. Configurable line count.
System Info	Display comprehensive hardware and software information including CPU, RAM, GPU, storage, kernel version, and distribution details.

CLI Reference (Alternative)

Not recommended for regular use. The CLI backend exists as an alternative for advanced users, scripting, automation, and headless environments. For day-to-day system management, use the graphical Overkill System Manager from the Applications Menu instead.

The CLI backend is located at /usr/bin/overkill-setup-cli. It must be run as root. Without arguments, it launches an interactive TUI menu. With a subcommand, it runs non-interactively.

sudo overkill-setup-cli [subcommand] [arguments...]

Subcommand	Arguments	Description
`status`	--	Show currently installed edition
`install-edition`	`<id>`	Install edition by numeric ID (1-20)
`uninstall-edition`	--	Remove current edition and revert tuning
`sys-update`	--	Full system update (apt update + dist-upgrade)
`sys-clean`	--	Clean APT caches, remove orphan packages
`pkg-install`	`<pkgs...>`	Install APT packages
`pkg-remove`	`<pkgs...>`	Remove APT packages
`set-dns`	`<preset> [primary] [secondary]`	Set DNS (cloudflare, google, quad9, custom)
`set-hostname`	`<name>`	Change system hostname
`install-browser`	`<id>`	Install browser by ID (1-12)
`install-deb`	`<path>`	Install a local .deb file
`install-flatpak`	`<app-id>`	Install Flatpak by application ID
`remove-flatpak`	`<app-id>`	Remove a Flatpak application
`list-flatpak`	--	List installed Flatpak applications
`install-nvidia`	--	Install NVIDIA proprietary drivers
`zram`	`install\|enable\|disable\|status`	Manage ZRAM compressed swap
`view-log`	`<type> [lines]`	View logs (system, boot, kernel, xorg, apt, dpkg)

CLI Examples

# Install the Gaming Edition
sudo overkill-setup-cli install-edition 5

# Check which edition is installed
sudo overkill-setup-cli status

# Uninstall the current edition
sudo overkill-setup-cli uninstall-edition

# Switch DNS to Cloudflare
sudo overkill-setup-cli set-dns cloudflare

# Set custom DNS servers
sudo overkill-setup-cli set-dns custom 1.1.1.1 9.9.9.9

# Enable ZRAM compressed swap
sudo overkill-setup-cli zram install
sudo overkill-setup-cli zram enable

# Install NVIDIA drivers
sudo overkill-setup-cli install-nvidia

# Install a Flatpak application
sudo overkill-setup-cli install-flatpak com.valvesoftware.Steam

# View last 50 lines of kernel log
sudo overkill-setup-cli view-log kernel 50

# Full system update
sudo overkill-setup-cli sys-update

DNS Configuration

Overkill Linux configures DNS persistently by combining two mechanisms:

Writing nameserver entries to /etc/resolv.conf
Creating a NetworkManager drop-in config at /etc/NetworkManager/conf.d/90-dns-manual.conf with dns=none

This prevents NetworkManager from overwriting your DNS settings when network connections change, reconnect, or when the system reboots.

Available Presets

Preset	Primary	Secondary	Notes
Cloudflare	1.1.1.1	1.0.0.1	Fast, privacy-focused, no logging
Google	8.8.8.8	8.8.4.4	Reliable, global infrastructure
Quad9	9.9.9.9	149.112.112.112	Malware-blocking, security-focused
Custom	User-defined	User-defined (optional)	Any DNS server

Reverting DNS

To restore NetworkManager-managed DNS, remove the drop-in and restart:

sudo rm /etc/NetworkManager/conf.d/90-dns-manual.conf
sudo systemctl restart NetworkManager

ZRAM Setup

ZRAM creates a compressed block device in RAM that functions as swap space. This is faster than disk-based swap and particularly beneficial on systems with limited RAM.

# Install the zram-tools package
sudo overkill-setup-cli zram install

# Enable ZRAM swap (starts the systemd service)
sudo overkill-setup-cli zram enable

# Check current ZRAM status and usage
sudo overkill-setup-cli zram status

# Disable ZRAM swap
sudo overkill-setup-cli zram disable

Performance: ZRAM uses CPU cycles to compress/decompress data in memory. On modern CPUs, this is significantly faster than swapping to disk, especially on HDDs. Recommended for systems with 4 GB RAM or less.

NVIDIA Drivers

The System Manager provides one-click NVIDIA proprietary driver installation:

sudo overkill-setup-cli install-nvidia

This will:

Detect your NVIDIA GPU model
Install the appropriate nvidia-driver package from Debian non-free repositories
Configure kernel modules for the NVIDIA driver
A reboot is required after installation

Browser Management

Overkill ships with 12 browser options, installable and removable through System Manager:

ID	Browser	Source
1	Firefox ESR	APT
2	Brave	Flatpak
3	Tor Browser	Flatpak
4	Mullvad Browser	Flatpak
5	FireDragon	Flatpak
6	Zen Browser	Flatpak
7	Floorp	Flatpak
8	Waterfox	Flatpak
9	Opera GX	Flatpak
10	Vivaldi	Flatpak
11	Chromium	APT
12	Falkon	APT

Conky Manager

Overkill Linux ships with a Conky desktop monitor that displays real-time system information (OS, edition, kernel, uptime, CPU, RAM, storage, network, battery). The Conky Manager is a terminal tool for enabling or disabling the Conky autostart.

To launch Conky Manager, open a terminal and run:

conky-manager

The tool presents an interactive menu:

==================================
  Overkill Conky Manager
==================================

Overkill Conky: Enabled
Conky Reanchor: Enabled

==================================
1) Enable Conky (with Reanchor)
2) Disable Conky (with Reanchor)
3) Exit
==================================

Option 1 -- Enables both the Conky widget and the Reanchor service (which repositions Conky on resolution changes). Both will start automatically on next boot.
Option 2 -- Disables both. Neither will start on next boot.
Option 3 -- Exit the tool.

Note: This tool does not require root privileges. It modifies KDE autostart desktop files in /etc/xdg/autostart/. Changes take effect on the next login session.

Hardening Overview

The Hardened Edition (ID 6) and Hardened Mix editions apply a comprehensive security stack consisting of four layers:

Sysctl Parameters -- Kernel-level security settings applied via /etc/sysctl.d/
GRUB Boot Parameters -- Security-focused kernel command-line parameters
Module Blacklisting -- Blocking vulnerable or unnecessary kernel modules via /etc/modprobe.d/
nftables Firewall -- Network-level filtering (Hardened Edition only, not applied to "Hardened No FW" profiles)

Additionally, the Hardened Edition installs the following security applications:

KeePassXC -- Offline password manager with TOTP support
Kleopatra -- GPG key management and certificate manager
Cryptomator -- Transparent client-side encryption for cloud storage (Flatpak)
Warp -- Encrypted file transfer (Flatpak)

nftables Firewall

The nftables firewall is applied only by the Hardened Edition (ID 6). It replaces any existing iptables rules and configures a stateful packet filter.

Key Rules

INPUT chain: Default policy DROP. Only established/related connections and explicitly allowed ports are accepted.
OUTPUT chain: Default policy ACCEPT. All outbound traffic is unrestricted.
FORWARD chain: Default policy DROP.
Bogon filtering: Drops packets from known non-routable source IPs.
SYN flood protection: Rate-limited SYN packet acceptance.
ICMP rate limiting: Prevents ping floods while allowing normal ICMP.

Allowed Inbound Ports

Protocol	Ports	Service
TCP	9001, 9030	Tor relay / directory
TCP	9050, 9150	Tor SOCKS proxy
TCP	4444, 4447	I2P HTTP / SOCKS proxy
TCP/UDP	7656, 7657, 7658	I2P SAM / console / transit
UDP	1194	OpenVPN
UDP	51820	WireGuard
UDP	5353	mDNS (local network discovery)
UDP	67, 68	DHCP client/server

Privacy Networks: Tor, I2P, OpenVPN, and WireGuard ports are explicitly allowed so that privacy tools function correctly behind the firewall.

Sysctl Tuning

Hardened editions apply the following sysctl parameters (non-exhaustive):

net.ipv4.tcp_syncookies = 1 -- SYN flood protection
net.ipv4.conf.all.accept_redirects = 0 -- Block ICMP redirects
net.ipv4.conf.all.rp_filter = 1 -- Reverse-path filtering (anti-spoofing)
net.ipv4.conf.all.log_martians = 1 -- Log suspicious packets
kernel.core_pattern = /dev/null -- Disable core dumps
kernel.kptr_restrict = 2 -- Hide kernel pointers
kernel.yama.ptrace_scope = 2 -- Restrict ptrace

Module Blacklisting

Hardened editions block the following kernel module categories via /etc/modprobe.d/:

USB Storage -- usb-storage, uas (prevents unauthorized USB data exfiltration)
FireWire -- firewire-core, firewire-ohci, firewire-sbp2 (DMA attack vector)
Bluetooth -- bluetooth, btusb (wireless attack surface reduction)
Legacy Network -- dccp, sctp, rds, tipc (rarely-used protocols with known vulnerabilities)
Miscellaneous -- thunderbolt, cramfs, freevxfs, jffs2, hfs, hfsplus, udf

File Locations

File	Purpose
`/usr/bin/overkill-setup`	System Manager GUI (PyQt6)
`/usr/bin/overkill-setup-cli`	System Manager CLI backend (Bash)
`/usr/share/edition/edition.conf`	Currently installed edition state
`/usr/share/conky/overkill_conky.conf`	Conky desktop monitor configuration
`/etc/nftables.conf`	nftables firewall rules (Hardened Edition)
`/etc/nftables.conf.bak`	Backup of original nftables config
`/etc/sysctl.d/99-overkill-*.conf`	Tuning profile sysctl parameters
`/etc/modprobe.d/overkill-*.conf`	Hardened module blacklist
`/etc/NetworkManager/conf.d/90-dns-manual.conf`	DNS persistence (prevents NM override)
`/usr/bin/conky-manager`	Conky Manager (enable/disable Conky autostart)
`/usr/bin/conky-reanchor`	Conky reanchor script (repositions Conky on resolution change)
`/usr/share/icons/over2.png`	Application icon

Contact

For bug reports, feature suggestions, or any other inquiries, please visit Nixovena Labs website:

Website: nixovena.org

You can find our community forums, social media links, and direct contact methods there.

Troubleshooting

Edition install fails

Ensure you have an active internet connection and that APT repositories are reachable. Run sudo apt update manually to check. If a previous edition is installed, uninstall it first.

nftables service fails to start

Check the ruleset syntax: sudo nft -c -f /etc/nftables.conf. If the rules are corrupt, restore the backup: sudo cp /etc/nftables.conf.bak /etc/nftables.conf && sudo systemctl restart nftables.

DNS resets after reboot

Verify that the NetworkManager drop-in exists: cat /etc/NetworkManager/conf.d/90-dns-manual.conf. It should contain [main] and dns=none. If missing, re-apply DNS through System Manager.

NVIDIA driver not loading

Reboot after installation. If the driver still does not load, ensure Secure Boot is disabled in your UEFI settings and try reinstalling through System Manager (Drivers module).

Conky shows "None" for edition

This is normal if no edition has been installed yet. Install an edition through System Manager and the Conky display will update automatically.

Flatpak apps not appearing in menu

Log out and back in. KDE caches the application menu and requires a session restart to detect newly installed Flatpak applications.

ZRAM not activating

Open System Manager, go to the ZRAM module, and click INSTALL first, then ENABLE. Click STATUS to verify it is active.