Hi, mostly i use REHL based distros like Centos/Rocky/Oracle for the solutions i develop but it seems its time to leave…
What good server/minimal distro you use ?
Will start to test Debian stable.
You can’t go wrong with Debian
All my servers run debian and it’s going swimmingly. My daily driver runs bookworm with huge success
Bookworm is such a tremendously good release. I’ve been on Debian since Potato, and IMHO we are seeing the absolute best release they ever put out.
I’ve used debian on and off since the late 90s, what stands out about bookworm? They’ve been mostly the same to me, not that that’s a bad thing.
I would hope you could say that with every release.
I’m going to throw my support behind this one as well. I’m circling back to Debian after a long stint on Fedora on my primary machine. I’ve been running Debian 12 on my desktop for several weeks now and it’s been pretty great.
it is one version behind fedora in gnome releases, so I installed the latest gnome from the experimental repos and that worked pretty well. I don’t know if I would recommend that for anyone else, but it worked for me.
I have a few personal servers still running CentOS 7, but I will be migrating them to Debian slowly over the next few months. I suspect I will go fine. Debian organization to maintain FOSS ideals over the next 5 to 10 years, so it seems like a good default for me.
I have read about Vanilla OS. It is Debian based with some neat features stacked on top that might be fun for a desktop OS. I can see myself switching to that on the desktop if they deliver on all their promises.
Life long Debian (and Debian derivatives) user (23 years and counting). I have pretty much settled down into (this has been true for years):
- Debian for servers.
- Mint for workstations (that you want to just work and don’t want to spend time troubleshooting / tinkering). Mint is linux your grandma can use (my Boomer real estate broker father has been running Mint laptops for the last 5 years).
- Ubuntu for jr. Engineers who want to learn linux.
- Qubes (with Debian VMs) for workstations that must be secure (I’ve been working recently with several organizations that are prime targets either the CCP or have DFARS / NIST compliance requirements).
As an old fart, I’m happy to see that Debian is still cool. All of this arch-manjaro-nix-os-awesome-bspwm-i3-xmonad-flatsnap whippersnapper stuff is over my head.
Realistically, it doesn’t make sense for folks to be using bleeding edge distros like Arch for a server anyway. LTS of Debian or even Ubuntu are definitely the right answer
Back when I was hyper into Arch I used it for my servers. “Why not make it the same as your development environment?”. Anyways, that immediately stops working when your development environment changes. For a server, just use Debian or Ubuntu.
“flatsnap”. This made my day
I’m all for using Debian and such, and I think out of all the new and hip things people brag about, using Flatpak is the most useful thing for the average user experience and worth checking out. Everything (almost) else is just extra.
As an old fart, Devuan is like debian of yesteryear. Debian without systemd.
You already figured it out. It’s Debian stable.
Will start to test Debian stable.
This is a smart move.
Debians make for very good servers, I’ve been using Debian servers since moving my desktop from Fedora (when it was still called Fedora Core) to Ubuntu. I don’t regret it one bit. The community is excellent, and there is ample information available online without having to ask a new question.
Debian.
Desktop? Arch. Server? Debian, NixOS.
Go Debian
Debian 12 just released this month too! It has LXD in the repos now, no snap required.
Removed by mod
Bookworm was the final straw that made me switch to Debian (and linux in general full time). Such a polished OS. And if the release cycle doesn’t suit your workflow its a very smooth change over to one of the many debian-based distros.
Removed by mod
Details ?
Removed by mod
Those are not “details”, but “blur sources”.
Removed by mod
Substantiating your claims isn’t “spoonfeeding”, it’s just common courtesy to reassure others that you aren’t talking completely out of your arse.
Removed by mod
Bla bla bla, so much energy to just not give what I ask for.
I love debian now
Does Debian let you specify regulatory compliance at install time? Or is it a do it yourself manually situation where you write an Ansible playbook.
My vote is Archlinux. Debian is sometimes a little too “optimisitic” when backporting security fixes and upgrading from oldstable to stable always comes with manual intervention.
Release-based distros tend to be deployed and left to fend on their own for years - when it is finally time to upgrade it is often a large manual migration process depending on the deployed software. A rolling release does not have those issues, you just keep upgrading continuously.
Archlinux performs excellent as a lightweight server distro. Kernel updates do not affect VM hardware the same they do your laptop, so no issues with that. Same for drivers. It just, works.
Bonus: it is extremely easy to build and maintain your own packages, so administration of many instances with customized software is very convenient.
I would recommend openSuSe. It is using rpm, but it is an independent distribution.
Huge fan of openSuse Tumbleweed. Rolling release like Arch with the backing of a decently sized organization.
I think OpenSuSe is really the best alternative. As much as I like Debian, OpenSuSe will be pretty comfy for someone coming from RHEL.
Until it is clear, how Leap 16 will look like, I would not start to use it now.
If you’re up for it: NixOS!
It’s quite a steep learning curve, but after some time (after you’ve configured your “dream-system”) you don’t want to go back/switch to any different distro.
Specifically servers IMHO are a great use-case for NixOS. It’s usually simpler to configure than a desktop distro, and less of the usual pain points of “dirty” software (like hardcoded dynamic libraries, that exist on most systems (ubuntu as reference) at that path).
I’ve much less fear maintaining my servers with NixOS because of its declarative functional reproducability and “transactional” upgrade system, than previously (where I’ve used Debian mostly).
The thing about NixOS is that while using packages are easy, creating them are still really hard and/or undocumented.
With most popular services already being packaged by people who know what they’re doing this isn’t that big of a deal, but when I want to try out something from Joe Schmoe’s GitHub (or worse, something I made myself) it is much easier for me to throw together a “good enough” Dockerfile and compose.yml together in barely a hour of work than to dig into Nixpkgs internals and wrestle with Nix’s syntax.
Well I guess it depends how deep you’re in the rabbit hole already, I think it’s relatively easy for me at this point to create a new package (I’m maintainer already for quite a few). But yeah … steep learning curve … Less so with Nix itself, though non-the-less, it’s a simple functional programming language with a new paradigm (derivations). But rather NixOS/nixpkgs Nix magic. For example there’s a dynamic dependently typed type-system built on top of untyped Nix in the NixOS module system that is spin up on evaluation time.
But I understand your point, at the beginning of my NixOS journey I have also rather created a “good enough” Dockerfile. Depending on the exact context I still do this nowadays (often because there’s an official well maintained docker image in comparison to a not so well maintained Nix one, and the context is too complex to maintain/develop/extend it myself). But if there’s a good solution in Nix I rather use that, and that is often less headache than setting up a service with e.g. docker-compose. I also use flakes mostly for a dev environment, if you’re a little bit deeper in it, you can spin up a relatively clean dev env in short time (I’m often copy pasting the ones I have written from different projects, and change the packages/dependencies).
Kind of depends what you want to package. For projects that force you to provide dependencies yourself (e.g. most C or C++ projects), Nix packaging is very easy to use. Just slap a flake.nix together with the necessary dependencies, where to get the source from and how to build it.
Where Nix gets really difficult is with packages that reinvent their own packaging system and do dynamic downloads at compile or even runtime. Those really do not harmonize with Nix, as the Nix build process happens in isolation without network access and wants to have all dependencies specified beforehand, with checksum and all.
When it comes to languages with their own package manager it also gets a bit complicated, as while Nix does come with workarounds for all the common cases, there are generally multiple ways to do it, e.g. you can use mach-nix, pypi2nix, buildFHSUserEnv or buildPythonPackage to build Python packages and it’s not always obvious which is the best approach or which will even work.
Packages that softly depend on other packages via some kind of plugin mechanism are also tricky, due to Nix packages all being isolated in their own directories. Again, which workaround works best here can be tricky, some packages require specifying all the plugins at package build time others use environment variables or other means to locate plugins.
All that said, these issues are kind of fundamental when you want to have a proper reproducible packaging system and hard to avoid. I do prefer a system that forces some cleanliness from the ground up instead of adding ever more ugly patchwork on top, but I can understand why that can be at times very frustrating.
I had a really bad experience with NixOS, the idea is great, but I had a lot of troubles at each generation switch. I don’t like it because I had to learn a lot of specific tools, that only applies on that OS, and it was (really.) hard. I prefer a classic distro, maybe Debian (or Freebsd if not linux), with Ansible for declarative config, and ZFS storage to be able to revert a snapshot if I have any kind of problem.
As I said it has a steep learning curve and documentation is pretty much the nixpkgs repo itself (well after understanding the basics of Nix and NixOS at least, with the combination of the https://nixos.wiki mostly IMO). It also takes some time to get used to the quirks of NixOS (and understanding the necessary practical design decisions of these quirks).
But I have nowadays seldom trouble with switching the generations (i.e.
nixos-rebuild switch), unless you’re updating flake inputs or (legacy) channels (where e.g. a new kernel might be used). In that case it makes sense to reboot into the new configuration. Also, obviously that can lead to short down-times (including just restarting a systemd service, if a service has changed in between the generations), if that is unacceptable, there obviously needs to be a more sophisticated solution, like kubernetes via e.g. kubnix. I’m not sure how much of that can be achieved with Ansible, as I haven’t used it that much because I disliked the “programming” capabilities of the Ansible yaml syntax (which feels kinda hacky IMHO).But apart from NixOS, one can also just use Nix on a different system to e.g. deploy or create docker images (which can be really compact, as only the necessary dependencies for a package is packaged) that in turn could e.g. be managed with Ansible or something…
Can’t really go wrong with Debian or Ubuntu server LTS
You can definitely go wrong with an Ubuntu server
How? I’ve run several for years with no issue. They’re as stable as a rock
snaps are pretty insecure.
Snaps are pretty terrible IMO, so I usually end up bootstrapping a custom Ubuntu image without snap for this reason (and others) for my cloud images. Definitely not general purpose though.
Why not just use Mint, which strips snap outfor you?
Mint doesn’t build cloud images as far as I’m aware.
*citation needed
Go to the snap site and try to find a security section that describes how snap packages are signed. You won’t be able to find it because it doesn’t exist, and they don’t highlight their own security vulnerabilities.
What I can cite is how this should work, for example how apt signs all packages by default
Note how in the above doc there’s a message
WARNING: The following packages cannot be authenticated! ... Install these packages without verification [y/N]?That doesn’t exist in snap because snap does not authenticate downloads. It’ll just happily install something maliciously modified.
If your solutions are work/job related and need to be distributed I think your current options are SUSE or Debian. If your solution is something only you maintain, you could check out NixOS.
One of my work colleagues actually uses Nix on Debian to distribute a piece of software. Though it is software made for a hardware appliance so that’s a bit special.
Honestly, unless you’re using Nix within something like docker images (Nix has great support for writing really minimal docker images) or use it to just build software (which is also a great use-case), I would rather go straight to NixOS, in my experience it’s a smoother experience than using Nix on a different distro and e.g. services (like standalone home-manager) .
Debian always
Debian 12, Opensuse leap or tumbleweed, SLES, Fedora, Linux mint / LMDE, Freebsd, Alma Linux OS
