Why all the distros?

Why does distro even matter

Linux is insane vague in what it is, and just a pile of source code for the most part. It's up to people to put the pieces together, and choose what's included or not. There is no perfection in life for all use cases, or users. This leaves us with lots of different "distros", which are just sets of default applications that are installed for the most part. Some defaults are better for things like running a server, others are better for realtime audio workstations, others are better for new users of desktop systems and include everything but the kitchen sink.

Servers

Linux on servers comes with a plethora of options. Any Linux can be used as a server, though if you want something that's low maintenance, you'll probably want to look for a few key things.

  • Light and slim default installs
  • Security focused
  • Kernel updates that don't overwrite the running kernel (Arch like distros tend to do this)

Desktop

Linux on desktop is normally focused on things like having more choice in applications, support for more desktop environments, and many prefer having updates sooner, rather than waiting on everything to pass all of the security and stability checks. Rebooting a personal computer is way less problematic than rebooting servers that have many users connected to it. A short list of what people tend to want out of a Linux desktop

  • Good graphics driver support
  • More application choices, especially graphical ones
  • Up to date kernels for the best performance, and newest drivers
  • Easy access to add user submitted packages (AUR on Arch, PPA on Ubuntu, ect)

What distros do I use on my machines, and which is the best?

First off, there is no "best Linux". There could be argued that some are better at some tasks, but with enough work, any Linux distro can do anything the other can. That said, why do all of that work if someone else gets them close enough? Do note that I only use Linux distros without systemd. I'll do my own writeup on personal reasons later of why, but if you are looking for something now, here is a good resource. With that out of the way, this is a list of what I use and why I use them.

Alpine

Alpine is a very lightweight linux distro with security and speed in mind. Alpine uses musl as opposed to glibc, which most other distros use. This causes some incompatibility with closed source applications like Steam, and makes it less suited for a desktop distro unless you only use open source tools and drivers.

Good parts

  • Insanely light and efficient
  • Very good package manager
  • Quite up to date
  • Built to run on servers and embedded systems
  • Runs openrc
  • Is the basis of tons of docker containers
  • Very stable

Bad parts

  • Command line installer (could be an upside)
  • Can't run many popular closed source Linux tools/drivers without workarounds
  • Runs ASH and not BASH by default which can confuse new users
  • Very different from most popular distros, so has a learning curve
  • Less software choice, but most needed things are there for servers

Artix

Artix Linux is based on Arch. Obligatory "I use Arch BTW" meme aside, there were some things about Arch based distros that I really like. Mainly the AUR, and pacman. We all take package managers for granted, and just assume that they all can do the same things as the others. Pacman has features built for the power user, while being fairly simple to use, or even having graphical front ends for those that just don't want to use a terminal.

Good parts

  • Amazing driver support
  • Light and efficient
  • Very good package manager
  • Not bleeding edge, but rapidly updated
  • Has GUI installer or can be installed manually
  • Almost every Linux package available thanks to the AUR
  • Optionally runs openrc

Bad parts

  • Updates the kernel in place. Reboots needed often
  • Almost bleeding edge means security may not alwoys be as high
  • Being a rolling release, it may require user intervention on updates
  • Not as stable as other mentioned offerings due to it's rapid updates

Gentoo

Gentoo is the odd one out. It's the only source based Linux distro. This means that most or all installed things will be turned from source into binaries on your system, leading to potentially long compile times. The upshot of this is extreme control of your installed programs down to compile flags. I rarely use this distro, so I'll give a short list as I never recommend it unless you are looking to learn how a system works at the core, or you know why you want it.

Good parts

  • Light and efficient
  • Insanely good package manager
  • Optionally runs openrc
  • More customizable than most distros due to source based packages
  • Very stable

Bad parts

  • Being a rolling release, it may require user intervention on updates
  • Manual install only
  • Fairly limited in packages
  • Heavy on disk space
  • Most packages need compiled from source

Void

Void linux is often talked about as "the BSD of Linux". I don't use void often due to a personal distaste for runit, but that's subjective, and I would not let that deter you from trying Void. There are great tools to help with this "problem" such asvsv or sv-helper to name just 2.

Good parts

  • Insanely light and efficient
  • Very good package manager
  • Quite up to date
  • Fairly stable
  • Built to run on servers, or desktops alike
  • Offers both muls and glibc

Bad parts

  • Command line installer (could be an upside)
  • Can't run many popular closed source Linux tools/drivers without workarounds on musl
  • Less software choice, but most needed things are available

Honorable mentions

These are some distros that I have used in the past, but have switched away from for one reason or another. I will leave them in order of which I'd recommend generically for desktops and servers. All of these run Systemd as opposed to everything above.

Desktop

  1. Manjaro (Arch based)
  2. PopOS
  3. Arch

Servers

  1. Debian
  2. Ubuntu Server

Closing thoughts

This is currently what I'm using in terms of Linux distros on my machines. Artix is used for anything I set at a display/keyboard by default, void is used on occasion, though I have run into a few bugs here and there when using it as a desktop, along with not being a personal fan of runit that I just don't use it often. Gentoo was a great learning experience, and I can recommend using it for a while to gain something from it, even if it doesn't stick around. I'm sure the list below will change over time, but here's a list of most of my running machines with their OS's at the moment.

  • pfsense
    • Lenovo Thinkstation
    • OpnSense (BSD)
    • Router/Firewall
  • planex
    • Ryzen custom built
    • Artix (openrc) (Soon to be Void or Alpine)
    • SAN
  • bender
    • Ryzen 2500u Dell Inspiron
    • Vaid
    • Tinker laptop
  • amy
    • Ryzen 4500u Lenovo Flex 5
    • Artix (openrc)
    • Primary laptop
  • farnsworth
    • M1 Mac Mini
    • OSX
    • Primary desktop
  • zapp
    • Linode
    • Alpine
    • VPS

Hosting (Aka, how this page gets to you)

How this page gets to you

TLDR: VPS --> zerotier --> docker swarm --> docker container

The long answer

Nginx

Opening ports is generally a security risk, so I wanted to be able to self host, without opening ports where possible. With a cheap VPS running nginx, I'm able to reverse proxy back to where my docker swarm is. That still requires opening ports one would think, but the magic of zerotier makes that not a problem. I'll talk about this later.

Reverse proxies

Configuring a reverse proxy is quite simple in nginx.

server {
        server_name blog.kdb424.xyz;
        listen 80;
        listen [::]:80;

        access_log /var/log/nginx/reverse-access.log;
        error_log /var/log/nginx/reverse-error.log;

        location / {
                    proxy_pass http://planex.far:8197;
  }
}

Hosts file

$ cat /etc/hosts
127.0.1.1	ubuntu
192.168.194.161 planex.far

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Zerotier

Zerotier allows me to create a virtual network, without creating a complex VPN, and just treat it as if all of my machines are on a private subnet, but without an exit node. It's an ethereal network, creating connections as needed. In the above example proxy_pass http://planex.far:8197; points to an address that shouldn't exist. This is added to my /etc/hosts for my convenience, but adding a direct zerotier ip would work. A simple ping test shows what's going on.

$ ping planex.far -c 1
PING planex.far (192.168.194.161) 56(84) bytes of data.
64 bytes from planex.far (192.168.194.161): icmp_seq=1 ttl=64 time=10.4 ms

Docker swarm

Docker swarm conveniently takes the same compose files that you are used to using, and deploys them to a swarm. Swarms consist of multiple machines, can offer failover modes, load balancing, and mony other nice things though in this example, I'll just show how I deploy this blog to my swarm.

---
version: "3"

services:
    nginxBlog:
        image: nginx
        container_name: blog
        ports:
            - 8197:80
        restart: unless-stopped

        volumes:
            - blog:/usr/share/nginx/html

volumes:
    blog:
    driver: local
    driver_opts:
        type: nfs
        o: "addr=192.168.25.51,rw,nfsvers=4"
        device: ":/mnt/data/blog"

The reason we don't use a drive mounted locally, is that we need to ensure that whatever machine in the swarm starts this server, has access to the same data.

Why a swarm and not just run docker on each machine?

Swarms offer things like load balancing, which includes finding the correct machine with a service, even if you point at a different node in the cluster. If you had 3 machines in your swarm, you can access the port number on any of the machines, and the load balancer will properly direct you to the service transparently. Another reason is maintenence. If you have to restart a machine, or shut it down, services will just be moved to another machine in the cluster, or stay up if you had multiple instances already running, offering you little, to no downtime, for no thinking as you maintain, bring up, or down machines.

Static site generator

As you may have seen from the footer of every page, this blog is created with Pelican, which is a static site generator. The source code can actually be seen here.

Conclusion

Hopefully this gives you a better idea of how I host things, and keep my ports closed and secure. If you have any more questions or comments on this, feel free to reach out to me, and I'll be glad to chat about it, or do more writeups on specifics if things are commonly asked.

PMM (Package Manager Manager)

Motivation

PMM came about from a simple frustration. "Why is there so much cruft installed that I just don't care about in my system?!" This is pretty simple to solve one would think. Just list all packages with something like pacman -Qqe, go through them all one by one, and remove what you don't want. After doing this many times, I remembered that Gentoo had solved this in a much better way. A world file was the simple way to keep track of what you explicitly installed, and not worry about dependencies. It only tracked what you actually wanted. I went on the hunt to see if other package managers were able to keep track of things like orphans, dependencies, and explicitly installed packages, and it turns out that most modern package managers can.

Where it started

I knew on things like Arch based Linux distros, I could use things like

$ pacman -Qqe
acpi
acpid
acpid-openrc
alsa-firmware
alsa-utils
...

This will get things explicitly installed. Simply pipe that into a file, and it's effectively a worldfile similar to what Gentoo had.

pacman -Qqe > worldfile

Sets

What became clear quickly was this file was very long, and hard to go through unless I knew what I was looking for, and sometimes things would consist of more that one thing logically. Things like pipewire, were actually installed on my systems as a set of

easyeffects
lsp-plugins
pipewire
pipewire-alsa
pipewire-jack
pipewire-pulse

These packages all logically were "pipewire" for my system, and sets were created. I could have a world file, now known as a "set", that can be pulled in to world files in any order. This allows for things like quickly changing between Sway and XFCE, or PulseAudio and PipeWire.

Installing, and removing

While installing things is great for setting up a system, removing things is also important for cleaning up the cruft, which is why this was all started in the first place. I found that most package manages knew how to know the difference between a dependency and explicitly installed packages. With a world file, that is what we want to be set explicitly in the package manager by design, so pmm can list a diff to tell you what was added/removed, or tell the system to add/purge things to be in sync with the world file. This keeps the system lean, but able to change rapidly, while keeping track of things by ideas, and not just packages thanks to sets.

Orphans

PMM doesn't actuallly remove packages when syncing. This allows running software to stay as it is, while the system transforms itself into the new "correct" state defined by the world file. It marks the things not explicitly installed as dependencies and trusts that the package manager knows how to clean up after itself. Known supported package managers are listed, and pmm offers a way to purge orphans as a wrapper, and uses the package manager itself to do all of the work.

Real world examples

Feel free to check my worldfiles here

Amy Lenovo Flex 5 laptop running Artix Linux

Planex Desktop SAN running Artix Linux

Farnsworth Mac Mini M1 (2020) Running OSX

Hello Blog!

Welcome to my blog where I'm sure I'll ramble about many things. This is all written in markdown, and uses pelican to create a static site, and generate all of these pages. Hopefully I can update everyone on whatever I'm working on as I have time to post.

I'm hoping to do a writeup on several projects that I've contributed to, or am working on. This may include a deep dive into pmm, KMK or whatever other 3 letter project I happen to contribute to.