overthinkos/debian-builder
distros/skills/debian-builder/SKILL.md
Minimal Debian 13 builder image (pixi + Node.js + build-toolchain) used as the multi-stage builder for every box based on Debian — currently debian-coder. Produces the pre-compiled pixi envs, npm globals, and cargo crates that land in the final runtime image via COPY --from. MUST be invoked before building, deploying, configuring, or troubleshooting the debian-builder box.
tools
Updated Jun 11, 2026
$ install --global
skillsauthnpx skillsauth add overthinkos/overthink-plugins debian-builderInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 11, 2026, 7:03 AM170.1s1 file scanned
SKILL.md
- name:
- debian-builder
- description:
- |
debian-builder
Debian 13 counterpart of /charly-distros:fedora-builder. Provides the pixi / npm / cargo build environments so downstream Debian boxes (currently /charly-coder:debian-coder) get pre-compiled artifacts from a dedicated builder stage without bloating the final image.
Lives in the overthinkos/debian repo (git submodule at box/debian).
Build it from the submodule: charly -C box/debian box build debian-builder
(normally it builds implicitly as a dependency of debian-coder). Its
pixi/nodejs/build-toolchain layers are pulled by github reference from the
main repo.
Box Properties
| Property | Value |
|----------|-------|
| Base | debian (which = debian:13 + our bootstrap) |
| Layers | pixi, nodejs, build-toolchain |
| Platforms | linux/amd64 |
| Registry | ghcr.io/overthinkos |
| User | user / uid 1000 (create mode — debian:13 ships no pre-existing uid-1000 account) |
Full candy stack
/charly-distros:debian— Debian 13 + ourapt-get update && apt-get install -y --no-install-recommends curl ca-certificates gnupgbootstrap + go-task binary +user:useruid 1000./charly-languages:pixi— pixi package manager + env paths./charly-coder:nodejs— Node.js + npm (genericnodejs— Debian's packaged Node)./charly-coder:build-toolchain— gcc, g++, cmake, autoconf, ninja, pkg-config, and the full set of-devlibraries (Debian equivalents of Fedora's-devel). Used by cargo crates that link system libs (libva, x264, ffmpeg, wayland, xkbcommon, etc.).
Role in the build system
Declares builds: [pixi, npm, cargo] and is listed as debian-coder's builder for all three types via:
debian:
builder:
pixi: debian-builder
npm: debian-builder
cargo: debian-builder
During charly box build debian-coder, any candy that ships pixi.toml / package.json / Cargo.toml gets a multi-stage FROM debian-builder AS <layer>-<builder>-build section emitted by the generator, then COPY --from=<stage> --chown=${UID}:${GID} into the final image. See /charly-internals:generate-source for the template.
No AUR equivalent (unlike /charly-distros:arch-builder) — AUR is an Arch-only concept.
Cross-distro sibling builders
/charly-distros:fedora-builder— Fedora 43 equivalent (+rpmfusionfor x264/ffmpeg/libva headers)./charly-distros:arch-builder— Arch Linux equivalent +yayfor AUR./charly-distros:ubuntu-builder— Ubuntu 24.04 equivalent; differs from this box mainly inuser:ubuntuvsuser:user(adopt mode — see/charly-distros:ubuntu).
Quick start
charly -C box/debian box build debian-builder
charly shell debian-builder
Typically not invoked directly — it's a build-time dependency of /charly-coder:debian-coder.
Verification
charly -C box/debian box list | grep debian-builder— box present.charly shell debian-builder -- pixi --version && node --version && gcc --version.
Related boxes
/charly-distros:debian— parent base, declares the bootstrap packages inbuild.yml./charly-coder:debian-coder— the consumer that this builder exists to serve./charly-distros:fedora-builder— RPM-family sibling./charly-distros:arch-builder— pacman + AUR sibling./charly-distros:ubuntu-builder— Ubuntu 24.04 sibling.
Related candies
/charly-languages:pixi,/charly-coder:nodejs,/charly-coder:build-toolchain
Related commands
/charly-build:build— multi-stage builders,base_user:declaration/charly-image:image—produce:+builder:fields/charly-build:generate— COPY-from stage emission
When to use this skill
MUST be invoked when:
- Building or troubleshooting
debian-builderitself. - Debugging multi-stage
COPY --fromerrors in adebian-coderbuild (the source stage is this image). - Adding a new builder capability (e.g. a
dotnetbuild type) to deb-family images.
Related Skills
overthinkos/charly
tools
VerifiedTrustedCommunity
OpenCharly CLI (charly) binary installed into container/VM images for in-container use. Use when working with charly binary deployment inside containers, native D-Bus support, or the full charly toolchain (charly binary + virtualization + gocryptfs + socat).
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-cachyos
development
VerifiedTrustedCommunity
Operator CachyOS workstation profile — a kind:local template + target:local deploy that installs the full dev stack (30 candies) onto a CachyOS host via ShellExecutor. Lives in the overthinkos/cachyos submodule. MUST be invoked before editing or applying the charly-cachyos workstation profile.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-fedora
tools
VerifiedTrustedCommunity
Fedora box with the full charly toolchain using shared candies. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Same candy list as charly-arch. Includes NVIDIA GPU runtime. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-fedora box.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-arch
tools
VerifiedTrustedCommunity
Arch Linux box with the full charly toolchain. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Composes /charly-coder:charly-mcp so the box is reachable as an MCP gateway on port 18765. NVIDIA GPU runtime composed in. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-arch box.
SKILL.mdUpdated Jun 10, 2026