Software: First and foremost: must be unix-like, must be able to communicate in both ways with an open-wrt router firmware distro and the devices on the local network (android, windows, linux, ipadOS systems). Must be very secure, like enterprise-grade or almost like that. Must be free and open-source. Must be somewhat fault-tolerant (so no Arch or gentoo or anything like that, i don’t feel like recompiling the server’s system daily). Must have these in base repos or easily installed in other methods: secure ssh client (like openSSH or such caliber), a software that enables me to securely control and see the gui of the server from android (Rustdesk? or such), (optionally i2p, dnscrypt, vpn clients, not needed if the router has them, just in case of emergency), ip camera management software, high-security intrusion-detection system, https server with css and js support (preferably command-line). Window manager: must support a very easy to use and lightweight tiling window manager (like i3wm) or if not, its installation and configuration needs to be possible and documented.
Hardware: affordable, x86_64 architecture, should be able to handle all of these at the same time, without freezing or overheating (i live in Hungary, so should be able to handle up to 40°C air temperature with stock fans or there should be space for more fans. liquid cooling is no-go).
I have considered these operating systems. Are any of these bad ideas? What you recommend that is not here?
AlmaLinux Alpine Linux Ubuntu Server Rhino Linux (unofficial ubuntu rolling) Debian Testing Void Linux FreeBSD
i have all of those things on my ubuntu server; but i wouldn’t characterize all of them as enterprise-grade . my ubuntu server it’s based off of off-the-shelf hardware from a couple years ago and it does all of those things that you described plus more.
it’s my wifi router; my data storage backup; my home made security system; my media server inside; & my cat’s favorite warm spot all within a tiny case the size of a toaster with lots of harddrives. it uses 2 kvm/qemu based virtual machines on top of the bare iron and they both use pci-passthrough; the first virtual machine is based off of the pfsense soft firewall & router and also serves to air-gap the bare iron server from the internet and the second virtual machine is windows 10 and serves to provide wifi 6 & 7 speeds with the windows ap driver.
i wouldn’t describe any of it as enterprise grade since they’re a bit hacky: for example, the server is mostly headless; but i did install the xserver & vnc because i use the motion project along with a bunch of old androids to create a homemade security monitoring system and that requires a browser. this means that i can now access the server’s gui anywhere than i want; but it’s subject to vnc’s limitations.
however the things that come from the soft firewall are definitely enterprise grade: the vpn works well and i can use both it and ssh from anywhere in the world to access my home network and i could theoretically add in a remote check in capability from a new project that reacts to incoming connections.
the only thing i don’t think it could do i the high temperatures; the case is compact so i doubt that its thermals are any good.
the size of a toaster with lots of harddrives
a pretty big toaster then, isn’t it?
it the length of 3 spinning platter harddrives and the width of 3 of them; it’s smaller than my actual toaster.
well yeah actually it depends on how they are rotated. if they are “hanging” with the connectors facing the bottom/top, it does not make the box big in the dimensions I imagined
so i should avoid mini and compact pcs then, right?
for heat: you’re either going to want a blade serve with lots of fans or big, mostly empty case.
I have considered these operating systems. Are any of these bad ideas? What you recommend that is not here?
why not Debian? Perhaps Proxmox (but only if you are interested in virtualization based separation)?
If they want to run all those services, they will absolutely need some kind of separation like VMs or containers, else it will very quickly become a mess.
Absolutely. I think having this in mind would probably also solve the outdated packages problem. the docker based services won’t depend on it, and unless OP wants it to be a full blown desktop system too, the older packages shouldn’t get in the way
ps: I want to avoid debian. I need more recent software than that. Maybe debian testing can get into consideration, but certainly not the main build
can you give examples of what you need more recent versions of?
anything that has even a little to do with security. Not like a live release enviroment where i grab packages almost instantly, but i don’t think my server could be secure with 5 months - 2-3 years old packages
I’m quite sure Debian’s server-related packages are kept patched against security issues in a timely manner
if debian, i’d still go with testing
for what kind of software? also, do you maybe also have exact features on your mimd?
survallience, ids, vpn, dnscrypt, i2p, and all of their depencies
I run all of these or their equivalents in docker containers and have up to date versions of them. to me it makes management easy and the system clean from random files at random places. just one example: fortunately it does not need babysitting but i2p keeps its files in a very disorganized way inside the container, and I would never want to install it directly to the system (maybe unless the system would be dedicated to that)
Ubuntu is debian-based, and their repositories are kept pretty up-to-date. They offer a server config.
what about Rhino (it is Ubuntu’s unofficial rolling distro)?
I’m confused. Your OP seems to describe wanting something stable and “fault-tolerant,” but then you go and ask about an unofficial rolling distro? I think you should figure out what your priorities are first.
i have priorities. And fresh software is higher priority that being ultra stable and fault tolerant. I used Tumbleweed which is a rolling release and it was perfectly stable. I would use SUSE server in no question, if it was free
I didn’t mean to imply you didn’t have priorities, just that a couple of them seemed to be conflicting. To me, what you described called more for reliability than cutting edge. I understand your concern with getting security updates expediently, but you can get those with less system stability risk using a more standard distro.
I haven’t used a SUSE in a very long time, but as I recall Tumbleweed is an official product of theirs. I’ve not heard of Rhino until now, which gives me pause in considering it - let alone the fact it’s not backed by a known significant team. There’s nothing wrong with that, but when setting up a server like you’re describing I’d rather it not require a significant amount of time at random once I’ve got it up and running, which is what can happen when relying upon less vetted software.
It’s your choice, obviously. Rhino looks like it might make a nice desktop to play with, but I personally would really be hesitant to use it for a server because I just don’t have the time to deal with problems at random - I’ve got enough of those already in my life. Your priorities are obviously different, and there’s no denying the fact that even things going awry on your server can be a plus from a learning perspective. I would really be concerned with the project being abandoned since it’s just a year old, tho.
Good luck whichever way you choose to go.
I run Slackware on all my servers
i heard it is extremely hard to use. is it true?
Preface: Not the person you responded to.
I’ve never used Slackware myself, but it’s probably the oldest distribution out there. It’s supposed to be stable AF, doesn’t “fix” what ain’t broken, and is very old school in its efficiency mindset. This means it’s indeed not likely to hold your hand through things, but it’s also very thoroughly documented at this point, and any help you find online is much more likely to still (mostly) work regardless of it’s age - unlike most other more frequently updated distros. It’s meant to be reliable, not fancy.
security, being up to date, stability, ease of use. All of these are important, but in this order
It is the oldest distribution and tries to not modify any source so as to keep things pure to the vision of the maintainer of whatever software you have installed. It doesn’t hold your hand, there is no auto find and install dependencies for example, but then again that’s one of its advantages, you know what you have installed and why. I picked up a raspberry pi a while back and gave their Rasbian a try. booted it up and ran its update and saw a Microsoft repo get added and stuff from it starting to download so I unplugged it real quick and put Slackware-arm on that microSD card and never looked back at the rasbian/debian stuff again.
i couldn’t live with no automatic depency resolving. It is like booting up without a package manager, network connection, gui, sudo command. I want a server, not a broken system to fix
It already has all that. And the reason it doesn’t do it auto is so that you can yourself, so you know whats going on. I’m running nextcloud at home for example and apache, mysql, etc were already there so it was like 30 minutes to download and install nextcloud and set it up, very simple, easy and fast to spin up new servers. There are third party package managers that do like sbopkg so you still can if you want.