LOW-maintenance distro solely for VPN hosting?
from dysprosium@lemmy.dbzer0.com to linux@lemmy.ml on 31 Jul 17:09
https://lemmy.dbzer0.com/post/50165872

I want to run a small VM running a very low-maintenance distro for the sole purpose of running a private VPN (preferably WireGuard).

I do this because I want to access all of my ESXi VMs from WAN.

I’m thinking Fedora Server because it has roling-release, so I don’t have to reinstall, I guess? But I want it to be very stable, because if it fails I lose access to ALL my VMs.

#linux

threaded - newest

iii@mander.xyz on 31 Jul 17:11 next collapse

Debian LTS with unattended upgrades is my go-to

HelloRoot@lemy.lol on 31 Jul 17:22 collapse

Same, but I’ve been glancing at alpine for a while as well.

Mordikan@kbin.earth on 31 Jul 17:52 next collapse

If its solely for setting up a wireguard server, it doesn't need to be rolling release. Nothing should really need changing.

  1. Alpine Linux due to it being lightweight and hardened
  2. Arch Linux due to it being lightweight and fast
  3. Rocky 9 due to HAProxy in case you decide to turn this into a DIY datacenter :)
paper_moon@lemmy.world on 31 Jul 21:39 collapse

I’m not sure I would agree for arch if the OP wants low maintenance. I’ve never run it myself, but the way I’ve heard arch described is the further you go without regular updates the more likely you are to have a problem when you do update.

Mordikan@kbin.earth on 31 Jul 23:34 collapse

Yeah, GPG keys expire, but that happens with all package management systems if left alone long enough. I mean you'd have to maintain like 3 packages (linux, wireguard-tools, archlinux-keyring). In Debian you'd have to maintain the kernel, debian-archive-keyring, and wireguard-tools. Its the same.

just_another_person@lemmy.world on 31 Jul 19:19 next collapse

OpenWRT. All the benefits of Alpine, plus a nice interface. Could also go OPNsense.

BrianTheeBiscuiteer@lemmy.world on 31 Jul 22:20 collapse

Not a bad idea if you want a bare minimum solution but set up could be a bit of a pain. More info: openwrt.org/docs/guide-user/…/openwrt_x86

just_another_person@lemmy.world on 01 Aug 00:29 collapse

This isn’t bare x86 if they want to run in it in a VM.

TheModerateTankie@hexbear.net on 31 Jul 20:45 next collapse

Anything with docker set up OOTB, like Flatcar Linux

And a good docker container like: WG-Easy

BrianTheeBiscuiteer@lemmy.world on 31 Jul 22:26 next collapse

I’ve been very pleased with ublue (Fedora) distros as daily drivers. They are very stable and low maintenance like you prefer. UCore sounds best for this purpose - github.com/ublue-os/ucore

marcie@lemmy.ml on 01 Aug 02:55 collapse

Ucore is maintenance only afaik, they’re developing cayo server now

umbrella@lemmy.ml on 31 Jul 22:53 next collapse

DEBIAN. this is the one thing in linux i will insist is the only correct choice, and any other choice is wrong.

chaoticnumber@lemmy.dbzer0.com on 31 Jul 23:21 collapse

I would of went Alpine, but debian is a solid choice as well.

jwt@programming.dev on 01 Aug 00:07 next collapse

*would have

umbrella@lemmy.ml on 01 Aug 00:27 collapse

i use minimal alpine on my docker images and it works very well for that purpose.

just_another_person@lemmy.world on 01 Aug 00:29 next collapse

Also, just run Tailscale and be done with it.

rajannpatel@lemmy.ml on 01 Aug 01:29 next collapse

Ubuntu 24.04 is security maintained for 10 years - no major version bumps just security updates the whole time. Installs lean, works great. I use it for exactly this.

data1701d@startrek.website on 01 Aug 02:14 next collapse

As said by @iii@mander.xyz, bog standard Debian Stable.

You really don’t want a rolling release distro for something like this - major software updates might change the behavior of your software, break your configs, etcetera. Stable distros do as much as they can to make sure that software behaves the same, only porting security fixes.

This way, you don’t really have to touch it except for updates with a nearly nonexistent chance of going wrong (and there’s stuff like unattended-upgrades so updates are automatic) and major upgrades.

You can go several years without a major upgrade just fine - Debian versions are supported for 5 years, and we’re only a few days from getting Trixie, which will last into 2030. New versions come out every two years, and it’s not that hard to upgrade between consecutive ones; I don’t think sitting down on a weekend every two years is that bad.

I kind of hate Ubuntu, but it’s pretty based in this case due to really long support. This might be a really great case for Rocky Linux though, as it also gets 10 years support.

corsicanguppy@lemmy.ca on 01 Aug 02:46 collapse

This might be a really great case for Rocky Linux though, as it also gets 10 years support.

That happens to be my plan. I just started rolling out a few but I will have to bulldoze some servers because CloudStack doesn’t work in it yet. That means it’s upgrade-disco for my 9s in 5 years.

Since 2002 I’ve been doing yum-cron for updates, but just at the side gig with up to 50 boxes. It used to be absolutely rock solid before systemd wrecked it, but it’s still pretty reliable.

communism@lemmy.ml on 01 Aug 03:08 collapse

Alpine with a cronjob to apk -U upgrade or auto-updating Debian Stable