Container applications are deployed by creating an instance of a pre-defined container image from declaratively configured properties. This eases automation and reproducibility of deployments, which in turn reduces operational risk. What if we extend these properties to node provisioning, treating the OS itself like a containerised app? What if, instead of making general purpose operating systems fit our needs we radically re-think our approach, from the ground up, on how an OS should handle and work in a cloud native environment? Applying the same expectations we have towards handling of container applications we present an alternative approach to OS provisioning, configuration, and lifecycle management. Leveraging a strict separation of OS and applications, we show how a zero-touch, immutable, image-based OS can be built. And extending this concept, we make builds attestable and deployments cryptographically secure, thus helping to secure your infrastructure’s supply chain. In this talk we will cover some of the latest thinking in operating systems, going beyond the established concept of a Container Linux to a future based on the latest developments in systemd’s composable images and a generic model for image-based architectures.