kldload is a re-packer.
Instead of downloading an ISO from your vendor, kldload uses the vendor's own CDNs and package repositories to assemble the OS of your choice — CentOS, Debian, Ubuntu, Fedora, RHEL, Rocky, Arch, or FreeBSD — with ZFS on root, WireGuard, eBPF, and the tools that should have been there from the start. Nothing is patched. Nothing is forked. Nothing is modified. Every package is stock, verified, and pulled directly from your vendor's repos.
The result can be deployed as a bootable USB image for bare metal installs, an in-place deployment tool for existing systems, or a remote/mass deployment pipeline for fleet provisioning. The ISO also carries offline package mirrors (RPM + APT) so you can install in air-gapped environments with zero internet.
What comes out the other side is your distro — not ours. Whatever userland you like.
Whatever package manager you prefer. kldload just makes sure the foundation — ZFS, WireGuard,
eBPF, boot environments — is done right. Updates come from your vendor, not from us.
kldload delivers the OS tuned to the current OpenZFS stable branch. After that, it's your system —
dnf update, apt upgrade, pacman -Syu, whatever you normally do. Fill your boots.
Every script is readable bash. No compiled binaries. No vendor SDK. No magic.
cat any file and read what it does. Point it at any apt, dnf, or pacman repo
and the tool will most likely already work — it's distro-agnostic by design.
Kernel modules & tools — bundled on first boot.
✓ ZFS on Root
Checksummed, compressed, snapshot-capable root filesystem. Boot environments via ZFSBootMenu. Self-healing on mirrors.
✓ WireGuard
Kernel-level encrypted networking. Built as a DKMS module alongside ZFS. Available on first boot for VPNs, site-to-site links, or mesh overlays.
✓ NVIDIA Drivers
GPU drivers baked into the image. CUDA-ready on first boot. No post-install driver dance. No nouveau conflicts.
✓ ZFSBootMenu
UEFI bootloader that understands ZFS. Boot environment selection. 15-second rollback. No GRUB hacks.
✓ Automatic Snapshots
Before every package change. Every 15 minutes for /srv. Hourly boot environment snapshots. Configurable retention.
✓ 30+ CLI Tools
kst, ksnap, kbe, kdf, kdir, kpkg, kupgrade, krecovery — short names, no flags to memorize.
✓ Secure Boot / MOK
Per-machine key generation. Automatic module signing. DKMS auto-sign on kernel upgrades. Works with Secure Boot enabled.
✓ Offline / Air-Gap Ready
Complete package mirror baked in. No internet at install time. No phone home. The USB drive is the deployment.
Pick the platform you need.
Same ISO, same darksites, same ZFS-on-root foundation — what changes per profile is which userland, services, and tools get assembled on first boot. Pick one that matches the job; kpkg can add layers from another profile afterward.
Desktop
GNOME workstation + ZFS on root + Firefox + GPU drivers + all k* tools + web UI + sanoid automatic snapshots + offline RPM/APT darksites. WireGuard, eBPF, and Bob AI assistant ready on first login.
For workstations, dev machines, and NVIDIA AI rigs.
Server
Headless + SSH + ZFS on root + all k* tools + web UI + sanoid + WireGuard + eBPF + offline darksites. NFS, Samba, iSCSI, and observability exporters ready to enable. No desktop, no GPU stack.
For production servers, NAS, and edge boxes.
KVM Host
Bare-metal hypervisor. libvirt + qemu-kvm + virtio. Every VM on a ZFS zvol with volblocksize=16K, compression=lz4, io=native cache=none. Instant clones (~100ms, 0 bytes via ZFS COW), atomic snapshots, incremental zfs send replication, qemu-guest-agent fs-freeze for app-consistent points-in-time. NVIDIA GPU sharing via CUDA time-slicing — no PCIe passthrough required.
For bare-metal hypervisors and homelab clouds.
Kubernetes
KVM Host + a turnkey single-node or three-node Kubernetes cluster. Cilium eBPF networking (no kube-proxy, datapath in the kernel) + Hubble flow visibility + Tetragon runtime security. CRI-O, MetalLB, ZFS-backed persistent volumes, local-path-provisioner with auto-binder for WaitForFirstConsumer storage classes. kube-cluster up spins production K8s in < 20 minutes; kube-demo deploys PetClinic + ArgoCD as a smoke test.
For K8s clusters with eBPF observability built in. New in 1.0.4.
klab — Multi-Distro Test Platform
KVM Host + pre-built golden images of every supported distro (CentOS, Rocky, Fedora, Debian, Ubuntu, RHEL) running ZFS on root. Blue/green deploys via ZFS instant clone — spin a full distro VM in ~2 seconds, run a change, snapshot, promote or roll back. Live Hubble eBPF traffic map, fault injection (network/disk/OOM), Distro Matrix Runner to run the same playbook against every distro in parallel.
For SREs validating changes before they reach production. New in 1.0.5.
OpenZFS Suite
KVM Host + a dedicated set of ZFS test goldens (separate from klab) wired into ztest and zloop. Stand up multi-vdev pools, run the full upstream OpenZFS test suite, reproduce kernel/userland bugs against any supported distro's zfs build. Includes the kzfs-lab tools and ZFS Test Lab tile in the web UI for one-click suite runs.
For OpenZFS contributors and storage teams chasing regressions.
Core
ZFS on root only. Stock distro. No k* tools, no web UI, no sanoid, no darksites. Just the kernel modules, DKMS, initramfs, and ZFSBootMenu chain done right. Roughly 200 MB on disk beyond the vendor's base install.
For advanced users who want ZFS on root and nothing else.
Every profile gives you ZFS on root with proper DKMS, initramfs, and ZFSBootMenu. Nothing is removed from the base distro. The k*, kvm-*, klab, and kube-* tools are additions, not replacements. apt, dnf, zfs, zpool, virsh, and kubectl always work directly. Profiles can be layered — install Server, add KVM Host with kpkg add kvm, then add Kubernetes with kpkg add k8s.
Whatever you want. kldload assembles it.
“I want ZFS on Debian”
Pick Debian. Pick Core. Done. ZFS on root, boot environments, DKMS. Stock Debian underneath.
“I want a KVM hypervisor”
Pick CentOS. Pick KVM Host. Clone VMs in 100ms. Snapshot atomically. Replicate incrementally. See 1.0.3.
“I want a NAS”
Pick any distro. Pick Server. Add NFS or Samba. ZFS handles the rest — checksums, compression, snapshots, replication.
“I want to run AI models”
Pick Desktop or Server. Enable NVIDIA. Ollama runs on the GPU. Two models share one GPU via CUDA time-slicing. No PCIe passthrough. Works on consumer cards.
“I want an air-gapped server”
Boot the USB. Install. No internet needed. Offline RPM and APT mirrors are baked into the ISO. The USB drive is the deployment.
“I want to learn the primitives”
32 masterclasses. 3,273 pages. ZFS, WireGuard, eBPF, KVM, Cilium, IPsec, Keycloak, nftables — every technology explained from first principles. Start here.
Each profile is an expertly crafted userland — a purpose-built assembly of packages, configs, and tools for a specific job. 150+ recipes and 32 masterclasses teach you to craft your own. All of which I've made free — so you can do the same.
Learn the primitives — they'll outlast any product.