I want to run a small VM running a very low-maintenance distro for the sole purpose of running a private VPN (preferably WireGuard).
I do this because I want to access all of my ESXi VMs from WAN.
I’m thinking Fedora Server because it has roling-release, so I don’t have to reinstall, I guess? But I want it to be very stable, because if it fails I lose access to ALL my VMs.
Debian LTS with unattended upgrades is my go-to
Same, but I’ve been glancing at alpine for a while as well.
As said by @iii@mander.xyz, bog standard Debian Stable.
You really don’t want a rolling release distro for something like this - major software updates might change the behavior of your software, break your configs, etcetera. Stable distros do as much as they can to make sure that software behaves the same, only porting security fixes.
This way, you don’t really have to touch it except for updates with a nearly nonexistent chance of going wrong (and there’s stuff like unattended-upgrades so updates are automatic) and major upgrades.
You can go several years without a major upgrade just fine - Debian versions are supported for 5 years, and we’re only a few days from getting Trixie, which will last into 2030. New versions come out every two years, and it’s not that hard to upgrade between consecutive ones; I don’t think sitting down on a weekend every two years is that bad.
I kind of hate Ubuntu, but it’s pretty based in this case due to really long support. This might be a really great case for Rocky Linux though, as it also gets 10 years support.
This might be a really great case for Rocky Linux though, as it also gets 10 years support.
That happens to be my plan. I just started rolling out a few but I will have to bulldoze some servers because CloudStack doesn’t work in it yet. That means it’s upgrade-disco for my 9s in 5 years.
Since 2002 I’ve been doing yum-cron for updates, but just at the side gig with up to 50 boxes. It used to be absolutely rock solid before systemd wrecked it, but it’s still pretty reliable.
Ubuntu 24.04 is security maintained for 10 years - no major version bumps just security updates the whole time. Installs lean, works great. I use it for exactly this.
OpenWRT. All the benefits of Alpine, plus a nice interface. Could also go OPNsense.
Not a bad idea if you want a bare minimum solution but set up could be a bit of a pain. More info: https://openwrt.org/docs/guide-user/installation/openwrt_x86
This isn’t bare x86 if they want to run in it in a VM.
I’ve been very pleased with ublue (Fedora) distros as daily drivers. They are very stable and low maintenance like you prefer. UCore sounds best for this purpose - https://github.com/ublue-os/ucore
Ucore is maintenance only afaik, they’re developing cayo server now
Alpine with a cronjob to
apk -U upgrade
or auto-updating Debian StableDEBIAN. this is the one thing in linux i will insist is the only correct choice, and any other choice is wrong.
I would of went Alpine, but debian is a solid choice as well.
*would have
i use minimal alpine on my docker images and it works very well for that purpose.
Also, just run Tailscale and be done with it.
If its solely for setting up a wireguard server, it doesn’t need to be rolling release. Nothing should really need changing.
- Alpine Linux due to it being lightweight and hardened
- Arch Linux due to it being lightweight and fast
- Rocky 9 due to HAProxy in case you decide to turn this into a DIY datacenter :)
I’m not sure I would agree for arch if the OP wants low maintenance. I’ve never run it myself, but the way I’ve heard arch described is the further you go without regular updates the more likely you are to have a problem when you do update.
Yeah, GPG keys expire, but that happens with all package management systems if left alone long enough. I mean you’d have to maintain like 3 packages (linux, wireguard-tools, archlinux-keyring). In Debian you’d have to maintain the kernel, debian-archive-keyring, and wireguard-tools. Its the same.
Anything with docker set up OOTB, like Flatcar Linux
And a good docker container like: WG-Easy