I recently switched my server over to running Plex and Home Assistant in Docker. I like the ease of transfer (just move my compose file and one directory where I have stored all the configs and I’m set) as well as the simple permissions management to give access to directories.
I have only used Fedora briefly, but I am considering it instead of my usual openSUSE because it is “officially supported” for the Framework 13 I have on order. I saw the immutable versions and the idea seems cool though I don’t really understand what new I would need to learn or really what benefits it would have.
Is the concept overkill for a single-user laptop?
I started my Linux journey on Kinoite, which unfortunately had some issues at the time of installing; after which I rebased to Silverblue, I have since ‘mained’ Silverblue while experimenting with a couple of other distros through dual-boot or on spare devices. The first two weeks were really hard as I literally knew nothing about Linux. The fact that documentation is -generally speaking- lacking doesn’t help either. But if I was able to surpass that initial barrier, then I’m sure you can too.
But, motivation is important! Why do you even consider an ‘immutable’ distro?
You’d have to replace
sudo dnf install *package-name*withflatpak install *package-name*. If, however, the package is not available as a flatpak, then -following Fedora’s initial guidelines- one should install it within a container through Toolbx(/Distrobox). After a container has been created (toolbox create *pick name for container*) and entered (toolbox enter *chosen name for container*), one simply behaves within the container as though how they would in a traditional distro. As a last resort -in case installing within a container is not possible, well supported or doesn’t work as intended- one can layer it (rpm-ostree install *package-name*).Furthermore,
/usrcan’t be touched (at least not easily), except for/usr/local. And some features, like UKI, aren’t supported yet.Updates are atomic; it either happens or doesn’t, there’s no in-between state. Even a power outage or a random crash doesn’t change that. This ensures your system isn’t broken if something unfortunate befalls it.
Additionally, the system (for the most part) is reproducible; I can rebuild my system from scratch (barring configs; unless your dotfiles management is sublime) and it is exactly the same as the one that has been running since the inception of Silverblue. Cruft, state, bitrot etc can finally be left behind…, but we’re not their yet. There’s still some amount of these present in Silverblue’s current model. But we’re embracing OCIs and Silverblue’s primary contributors know what’s up over at NixOS and (hopefully) are working to make Silverblue ever so slightly more stateless. Even if a lot of work is still required, it’s infinitely better than the traditional model as it has gone from an uncountable amount of possible states to a countable amount. And the mathematicians under us know that such an improvement is infinitely times better. Another benefit of where we are currently with reproducibility would be that it allows us to combat bugs effectively.
Security benefits due to more parts of the system being read-only. This is however (somewhat) offset due to lack of the aforementioned UKI support. Hopefully, the well-defined nature of an image-based distro will eventually make more robust system-integrity checks possible.
Not necessarily exclusively granted through/by ‘immutability’, but system maintenance has been a joy. Most of the time, it just works anyways. But, if somehow something breaks, then I can easily rollback; either through the terminal if I was able to get inside. Or through the GRUB-menu if the ‘broken’ deployment doesn’t allow me to get inside. Furthermore, you can even pin a confirmed working deployment through
sudo ostree admin pin *number*to select the deployment to keep around for longer. I recommend everyone to keep around their first deployment after installing Silverblue, if used wisely it’s one of the closest things to a factory reset we’ve got within the Linux space.Arguably there’s a lot more to talk about, but these are probably the primary benefits.