15

I use Fedora Kinoite daily and find it to be the only OS to make sense really.

I find Fedora CoreOS totally confusing (with that ignition file, no anaconda, no user password by default, like how would I set this up anywhere I dont have filesystem access to?)

But there are alternatives. I would like to build my own hardened Fedora server image that can be deployed anywhere (i.e. any PC to turn into a secure and easy out-of-the-box server).

As modern server often uses containers anyways, I think an atomic server only makes sense, as damn Debian is just a pain to use.

Experiences, recommendations?

top 37 comments
sorted by: hot top controversial new old
[-] myersguy@lemmy.simpl.website 16 points 8 months ago

What makes Debian a pain to use on servers?

[-] jlh@lemmy.jlh.name 12 points 8 months ago

NixOS works really well as an image based server. Use nixos-generate to create a pre-configured image and put it on a flash drive/PXE share, and you're good to go. Automatic updates are a bit confusing and not really documented, but doable. I have code examples.

[-] Pantherina@feddit.de 1 points 8 months ago

I would be interested in automatic updates on NixOS!

[-] jlh@lemmy.jlh.name 2 points 8 months ago

This wiki page has an example on how to do automatic updates on a normal install of nixos:

https://nixos.wiki/wiki/Automatic_system_upgrades

But this won't work for nixos-generate because nixos-generate doesn't have a configuration.nix file in the booted system.

Here is the code I use for my nixos-generate flake that I use to generate all of the nixos images in my homelab:

https://codeberg.org/jlh/h5b/src/commit/763a873c5bb7a4706ad021ea5ac3634b4efeadce/nodes/common.nix#L113

The way this works is that it includes the flake source code as a folder in the nix store on the booted system, and the nixos-upgrade timer will then use the flake to build an updated version of itself. Note that nixos-generate uses the packages output of the flake, while nixos-upgrade uses the nixosConfigurations output of the flake. I have written the flake so that they build identical systems, but it means there's some code that I had to write twice in flake.nix.

Feel free to try it out yourself, though note that you will probably have to rip out the agenix stuff to get it to build.

Nixos isnt really that user friendly yet, but insanely powerful once you understand how it works. Feel free to ask questions if anything seems confusing.

[-] d_k_bo@feddit.de 5 points 8 months ago

You can use Fedora IoT which is essentially rpm-ostree based Fedora Server. It would be less confusing if it was just named Fedora Atomic Server.

[-] bastion@feddit.nl 2 points 8 months ago

This new distribution of Fedora is FAT!

[-] Pantherina@feddit.de 1 points 8 months ago* (last edited 8 months ago)

Omg yes thats true. Thanks!

But CoreOS is also using rpm-ostree, how are they different?

[-] d_k_bo@feddit.de 2 points 8 months ago

I didn't try CoreOS as I didn't even get how to set it up. As I understand it, it uses a completely different workflow for administering the system compared to regular distros.

[-] Pantherina@feddit.de -1 points 8 months ago

Yep, and thats all cloud-first I suppose. It sounds cool but you need to create an ignition file (which sounds very possible) but then you need to get that to a server that doesnt yet have a user account.

I dont understand anything of that. I dont think mounting a drive with that file is possible everywhere, and how do you setup LUKS?

Just no. I see if IOT is actually atomic but normal.

Like, just use a cli installer that can load a file to automate it. Or have a backup user password. There is an issue that addressed this, its old and closed, yeah.

[-] const_void@lemmy.ml 3 points 8 months ago

the only OS to make sense really

How does it make more sense than Fedora KDE?

[-] Pantherina@feddit.de -2 points 8 months ago

I want a server haha.

And yes, atomic ftw.

[-] Guenther_Amanita@feddit.de -4 points 8 months ago

Because containers (Distrobox, Flatpak, etc.) are bae.
You can read my post I made a while ago for more information: https://feddit.de/post/8234416

Once you "get" image based distros, you probably never want to go back. Traditional distros just feel... off now for me.
Containerisation is the biggest strength in Linux, we use it all the time on servers, so why not on the desktop?
Atomic OSs just make more sense for me, not only because of security/ bug/ whatever reasons, no, also because they feel simpler and are pretty convenient and robust.

[-] const_void@lemmy.ml 1 points 8 months ago

Interesting. I didn't realize it was structured this way. I thought it was similar to NixOS for some reason.

[-] anders@rytter.me 2 points 8 months ago

@Pantherina i use fedora kinoite and yeah it's really awesome! new packages and a safe system.

I wanted to use Fedora CoreOS on my server but no providers offer it so I ended up installing AlmaLinux instead. But yeah the ignition file setup is really painful. tried in a vm but never managed to get everything i wanted. i'm gonna stick with enterprise linux until they make it easier, i think

[-] Pantherina@feddit.de 1 points 8 months ago* (last edited 8 months ago)

I tried IOT too and it the bootloader didnt install.

Then I just installed Atomic Sway (because not that much bloat), and before logging in rebased to secureblue server-main-userns-hardened. It worked but I have no DNS? Damn...

[-] anders@rytter.me 2 points 8 months ago* (last edited 8 months ago)

@Pantherina have you checked if systemd-resolved is working properly and that systemd-networkd or networkmanager is used? only one of them shall be used. i had a similar issue when upgrading from 38 to 39 because then both were active. i'm using NetworkManager on my desktop and disabled systemd-networkd and then it worked..

[-] Pantherina@feddit.de 2 points 8 months ago

Strange, Fedora39 to Fedora39, I use that atomic base always (like 15 different installs, GNOME, Plasma6, Secureblue, Cosmic, Sway,...)

[-] anders@rytter.me 1 points 8 months ago

@Pantherina
I see. At least systemd-resolved needs to be running and /etc/resolv.conf needs to be 127.0.0.1

[-] Pantherina@feddit.de 1 points 8 months ago

I rebooted and now it works. /etc/resolv.conf is not the file you edit, but that localhost DNS is interesting. Saw that a long time ago (Obi wan face)

[-] anders@rytter.me 1 points 8 months ago

@Pantherina
Awesome! Great to hear that it works :)
@selfhosted

[-] Guenther_Amanita@feddit.de -2 points 8 months ago

I made a similar post a few weeks ago.
I will try uBlue core and give you all a small update about it.

I feel similar about Debian. It's a good distro for sure and I don't have any issues with it for server use, but somehow, I still don't like it somehow. RPM-/ OSTree based distros are more my taste, and I don't even know why.

[-] Pantherina@feddit.de -1 points 8 months ago* (last edited 8 months ago)

I am completely confused about ublue currently, (okay all they did is remove the image list, its the same on Github)

Debian is old and crusty with all its tooling. Apt sucks, automatic updates are strange, there are no snapshots afaik, it uses ext4, its like Fedora was 10 years ago

[-] lemmyvore@feddit.nl 5 points 8 months ago

People who use Debian servers typically just install Docker on a basic system and then use containers. Which is exactly the same concept that you describe.

What's the filesystem of the server got to do with anything? You can take snapshots in half a dozen different ways, everybody uses the method they're comfortable with.

[-] halm@leminal.space 3 points 8 months ago* (last edited 8 months ago)

A bunch of edgelord babies skimmed the selfhosted subs and noticed that "atomic distros" is a common buzzword ATM; they then flood said subs with opinionated posts that atomic subs are the best and everything else sucks 🙄

this post was submitted on 03 Mar 2024
15 points (74.2% liked)

Selfhosted

40383 readers
363 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS