I have been tossing around the idea of a little distro hopping. I’m an avid mint fan. It was my first jump from windows. I became quite familiar with mint but felt the want to branch out and went down the rabbit hole (oh my lanta). I like stability and cleanliness. Security by default. Least mental load possible long-term.

I’m currently testing out NIXos. Next will be VanillaOS, 3rd will be Fedora Silverblue. Anyone have good recommendations? Easy backups, stability, security first posture, least maintenance and memory load. I hate getting scattered in symlinks, scripts, and filesystem placing.

I’ve tried going full custom Linux mint. But app armour and Firejail constantly conflict or require manual updating and tweaking to keep up to date with app installs, or general life cycle updates.

The most intriguing aspect if NIXos was that basically the entire configurable system was confined to two files. Infinitely reproducable. I tend to swap laptops or hardware relatively often being on the go or getting good tech deals. Having your entire system in two files essentially is awesome.

What are some pros and cons of different distros? What do you daily drive as a power user? Give me your thoughts and recommendations! Thanks.

  • monovergent 🛠️@lemmy.ml
    3·
    1 day ago

    As others have suggested, QubesOS is a good one to have on your list. I’d probably use if it weren’t for its crippling effects on battery life.

    Immutable distros are much friendlier to laptops and, as I understand, update in a way not unlike an Android device would. But I insist on some system-level customizations and I haven’t been motivated to learn how such customizations can be made to survive updates and the like.

    I’ve also been eyeing NixOS, but with everything up and running on Debian smoothly for a few years, I haven’t found the excuse to switch yet. Along with customizing it to be a comfortable daily driver, I’ve also been trying to see how secure I can make my system as a fun exercise. While it’s not immutable, Debian is a good base considering the team behind it and how much is riding on its security, including internet-facing servers.

    What I’ve done to harden Debian, if anyone’s interested:

    • Apply Madaidan’s hardening guide judiciously. Roughly 2/3 of the measures made sense for my use case and it’s almost unnoticeable in my daily workflow.
    • Have as few closed-source components as possible. In my case, intel-microcode is the only non-free package on my system.
    • Install the hardening-runtime package, but remove its included slub_debug=FPZ kernel argument, which in recent kernels forces less secure unhashed pointers.
    • XFCE is still not fully ported to Wayland, so I use slock, the X11 screen locker with fewest lines of code.
    • Install the ufw firewall and default to deny
    • Enable unattended-upgrades
    • Everything including the /boot partition is encrypted. I have built coreboot with just the GRUB2 payload, which I configured to immediately bring up the LUKS password prompt. All other options are behind a password.

    I also put together and maintain a ~16 GB clean system image of Debian set up exactly to my taste, which I clone to my machines as needed. This probably wouldn’t have been a thing if I knew about NixOS earlier, and it certainly hasn’t helped me switch over either.

    • OhVenus_Baby@lemmy.mlOP
      3·
      1 day ago

      You have some decent hardening, just note x11 is turning legacy, wayland seems to be picking up for many reasons. I’m only slightly familiar with Debian as a whole. I’d look into firejail, app armour, firetools GUI for Firejail, flatseal, and good backup plans.

      I discovered NIXos a few days ago and while it was a steep learning curve to set up! And I mean a learning curve and steep in all senses. It’s quite possibly the smoothest, simplest distro I’ve ever used once you make it run. Instant rollbacks in grub. It boots in grub in order. Boot 23 works you tried tweaking boot 24 failed, you made it work boot 25. Got mad. Select boot 23 in grub and your back to square one. 10 seconds.

      Due to the nature of it you can choose like any desktop type you’d like from xfce to cinnamon or names I never heard of even headless, and literally any of them gnome, KDE, you name it. I like simplicity. Low mental load. Immutable is a chef’s kiss but configurable strikes my fancy.

      I loathe getting scattered it symlinks, scripts, having files I forget about scattered all through my system, shit updates and breaks because I firejailed an app from 2 years ago. So much hassle. I like to boot and go. Keeping all if my configs in literally 2 nix files is fantastic, no more where did this go, or where did this write to. It will never change, update and break, it’s like a master key that will forever work. Just don’t lose your config and any hardware, any time, if you have your master file you can boot in like you was at your machine the time you left.

      I still think about my first love, Linux mint so I installed cinnamon and now I feel I got the best of both worlds. I nearly gave up after a few days OK like 4 or 5 lol of attempting a custom install of NIX, full luks from boot to home, all my installed apps and configs, separated partitioning, containerized apps, I went all out. Idles at 1% CPU themed and applets, desklets, conky, etc. Created a couple copies of my NIX config file and I feel fairly safe. I built it all and tweaked then compiled it all finalized. Once you understand the concepts in their coding style, it’ll click in your brain.

      I went straight from Windows, to Mint for 2 years barely touching terminal. Now with a little internet research for commands. I can crawl through almost any issue. I’ve broken so much stuff. But atleast it wasn’t a windows update borking/bricking my entire PC into a paperweight again. I chose to experiment. I’ve cussed myself so many times. But anything is better than going backwards.