I want to reset my server soon and I’m toying with the idea of using a different operating system. I am currently using Ubuntu Server LTS. However, I have been toying with the idea of using Fedora Server (I use Fedora on my laptop and made good experiences with it) or even Fedora CoreOS. I also recently installed NixOS on my desktop computer and find the declarativeness pretty cool (but I’m still a complete beginner) and could imagine that it would fit well into a server setup.
I have quite a few services running on my server, such as Nextcloud, Conduit (Matrix), Jellyfin, etc. and all in containers. I would also rather not install programs without containers, because 1. compose is super easy to maintain and set up, 2. it remains very clear with containers (and compose) and 3. I believe that containers are more secure. But since I also want to make the services inside the containers available, I currently have Nginx installed as a reverse proxy (not in the container, but on the system) and always create certificates with certbot so that I can use HTTPS encryption.
In the paragraph above I actually described exactly the use-case of Fedora CoreOS, but I have no experience with the system and how it works. That’s why I’m still a bit hesitant at considering the OS at the moment. I can imagine that NixOS with its declarative nature seems well suited, since, as I have heard, you can configure containers as well as Nginx and with Nginx also https certificates declaratively. But I could also use a base system like before (Fedora Server or Ubuntu Server) and simply install podman, nginx and certbot and manage everything that way.
Have you had any experience with Fedora Server, Fedora CoreOS, NixOS or a completely different operating system for servers and what are/were your impressions with this setup? Or do you just want to share your knowledge here? I would be delighted.
Fedora Server works well, and the Podman integration is great.
I guess it is the boring option, but probably the best when coming from Ubuntu.
I went with Fedora on my VPS because I was also planning to use rootless Podman. Quadlets and running everything through systemd with SELinux enabled is working pretty well for me.
I always think about using nixos. But considering I dockerise everything, I always end up using Debian.
Good old stable DebianYou can also use container within NixOS and AFAICT even declare the containers which should be running. Also NixOS is sad to be stable, or am I missing something?
Yeh, but I already have compose files and ansible things to set up a server.
And I’d have to figure out how health checks and depends-on works for that.I’m sure it would give me an amazing experience, but I have all the tools and I can run them in isolation (ie I can install docker on any os I can SSH into)
Just that compiling packages on a server is not ideal.
Nixos will use/download cached binaries that are available in its repo. It has one of the biggest repositories of any Linux distro. It’s on par with Arch with around 90 thousand packages.
Unless you are doing something custom or niche, your nixos won’t have to compile anything.
Are all those packages available in binary format? Not familiar with Nix but that’s certainly not the case for Arch. Arch has 85k packages in the AUR as source recipes but not as binaries.
I still think Debian makes a better use case for a server since it provides everything as binaries.
If you’re going to use binaries what’s the point of using Nix anyway? The declarative aspect is nice in an abstract sort of way but you can achieve a system deploy or restore just as fast by installing a vanilla system and a few config files.
Yes, all packages in nixos are available as binaries to download.
The comparison with Arch was just in terms of number of packages. Not the binary availability.
At the bottom of this page, they say that binary cache is currently at 120TB. https://nixos.org/community/index.html
If packages being available as binaries is the main criteria, nix has you covered there.
The biggest issue for most people with Nixos is the learning curve just because it’s so different.
If you want to containerise your apps, you could try Talos Linux. It is an api driven OS tailored to run Kubernetes. There is no bulk, only what is needed to run K8s, i.e., even no ssh server.
You control it with talosctl which calls the gRPC api endpoint to read or write all sorts of state including machine configuration.
Debian. Server? Debian.
Debian, Debian and maybe Debian
always . freaking . debian
I have used all three! I started with Server then went to CoreOS running Kubernetes and settled on NixOS which I have been very happy with for about a year now. I run about 25-30 services all using built in modules.
Regarding security, if you are using well crafted modules on NixOS, there should be good systemd hardening in place. That being said there is no reason you can’t just use containers on NixOS.
I also find deploying NixOS far superior to butane/ignition used by CoreOS/Fedora. I use nixos-anywhere and can deploy my entire server in a few minutes without manual intervention.
I’m a NixOS convert too. I actually still run everything in docker but the idea of not having to remeber or document how I set everything up was too appealing…a year later and my desktop and laptop are now on nix too
I am also thinking about installing nix on my laptop, but I need a proprietary library for work, which is kinda hard to install/ not working on NixOS. But we might be able to just use docker for development. Well, that is currently preventing me from installing nix on my laptop, I am still looking for a way to fix that issue.
If you mainly use containers perhaps OpenSUSE Micro OS is of interest to you. Other then that pretty much any distro will do. I use rocky Linux my self for a few different things.
If you want to try out many different distros virtualization is also a option. KVM or something like XCP-NG with XO or proxmox are great options.
What is the difference/benefit to Fedora CoreOS?
I also recommend a stable/LTS distro like Debian or AlmaLinux (or other RHEL-based distros). Or just keep using Ubuntu Server LTS.
The OS packages being hopelessly outdated doesn’t really matter when you’re running most services inside containers.
I really really like Fedora Server, but any RHEL derivative is my go to for servers. I use Rocky Linux when I need something closer to RHEL, and Fedora server for pretty much everything else. I highly recommend Cockpit as well (main reason I like Fedora server) as it has allowed me to so easily manage all of my servers from a single point.
Slackware is a great, simple OS that does what it does and does it well. There will be some getting used to, but when it clicks, it makes sense and doesn’t do anything you wouldn’t expect. It is great if you want to use containers as it provides you with the stable, simple base to run all your containers on top of.
I really don’t see any advantages in your post for choices other than NixOS. I’m sure you’ll improve quickly by necessity! :D
Debian
See you back on Debian in a few months
Or Proxmox
Or, better yet, LXD/Incus.
Proxmox is just Debian 12 with additional software preinstalled
Kind of, yeah. That’s why I replied with it.
Can’t be hit by new backdoors when your packages haven’t had updates for years 😉
In all seriousness Debian makes solid choices that makes everything as low maintenance as it can get for self hosting.
For someone who recently lost a bunch of their free time, that is amazing to not have to mess with stuff.
Not sure what works best in your case. I’m a Debian cat myself but I have been considering openbsd as a future option.
OpenBSD has native limitations on hypervisors. Disabling default measures will lessen security, unfortunately.
I’m a long time user of Debian myself too. No cutting edge fuzz, just a working, stable OS all of the time. What else do you need for a server? It always did the job.
But then I stumbled on FreeBSD, and man, that’s a server OS. Simple design and blazing fast. No Docker but I never liked it anyway. My Docker is called Jails and in my opinion is they’re superior. Service isolation on the next level.
On my laptop? Debian due to hardware and software support. And I’ll stick to that for now. I feel home on that distro.
I can’t say anything about OpenBSD as I never tried it but it sure is a perfect fit for a server as well depending on your needs and preferences. BSD just rocks!
I love Debian too. Could you tell me what you mean FreeBSD being a faster and better server OS? Is there such a difference in speed in operations?
TBH I’d run alpine VMs on Bhyve to get K8S running and that’s it.
My feeling is that there is. I think it all started with the speed I can login over ssh. Debian always seems to have a short delay but FreeBSD feels instant. When it comes to rating FreeBSD as a better OS for servers I may be biased as Debian has served me so well over the years. I was never a Docker fan but instantly liked Jails for isolating services. Then we have native ZFS support which simplifies my backup needs. A simple zfs send | zfs receive and you have an exact copy of your service instance on a remote node. Everything feels integrated and not stacked. Again, just a personal opinion.
Give Gentoo a shot. It’s super stable and you will understand everything in your system. Also it now supports binary packages
And by now you mean for the past decade at least.
Huh?
Portage has supported binary packages since forever, back in 2012 I had some binary packages on my system, I clearly remember because it was a pain in the ass to compile certain things, for those I installed the binary version. It’s like Debian supporting source packages, it’s been there since forever but people don’t know about it.
I mean it’s had -k/-K since mid 2000s from what I remember but it’s changed
The point is that they have recently focused on better binary package availability. Sure they always had support for binary packages but most software needed to be compiled.
