I was thinking about going immutable for a long time and now I’m choosing a distro to hop to.
My question is: what are good immutable distros other that Fedora Silverblue spins, UBlue family and NixOS?
Maybe someone uses/used any? What is/was your experience with it?

  • pinchcramp@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    6 months ago

    I’ve heard good things about VanillaOS. Not used it myself though.

    With their package manager apx, you can use software from pretty much any distro in VanillaOS (copied from link above):

    Apx is a tool that allows you to generate work environments based on any Linux distribution and seamlessly integrates them with the system in a convenient way …

  • PerogiBoi@lemmy.ca
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    6 months ago

    Bazzite! It’s technically atomic and not fully immutable but I’ve been using it for about a week now (long time I know) and everything just works. Didn’t need to install any extra drivers to get it working with all my peripherals. I like it a lot. Fixed a lot of Wayland issues I was having on previous Ubuntu installs.

    One feature I found really cool is the Waydroid and Boxbuddy integration. You can have Android apps installed alongside regular fedora apps. Just opens an Android emulator in the background. Discovered that last night by accident. Typed in “calculator” and it opened up the Android version of it. Really neat!

    • JustMarkov@lemmy.mlOP
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      6 months ago

      Bazzite is cool, but it is part of UBlue family, which I excluded in my post. I’m not a huge fan of Fedora, no offense to anyone using it, tho!

      • PerogiBoi@lemmy.ca
        link
        fedilink
        arrow-up
        0
        ·
        6 months ago

        Ah my bad. Your post says “other that” instead of “other than” so I misread it as I skimmed 😛

  • Matt@lemmy.ml
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    6 months ago

    Secureblue, GnomeOS (if you like updating daily), VanillaOS, AOSP, SteamOS, blendOS, and many more.

  • BlueSquid0741@lemmy.sdf.org
    link
    fedilink
    arrow-up
    0
    ·
    6 months ago

    I’ve been using Opensuse Aeon just over a year and it’s done great.

    Tumbleweed user for the last 5 years, and dealt with a few issues over that time. The usually infrequent update break that comes with rolling release. And the Opensuse ‘Patterns’ started, which I loathe and it’s a disaster to try to disable them every install.

    Aeon hasn’t had any of those issues. It’s been very much a “turn it on and get to work”.

    I’ve generally had less issues with Aeon than Tumbleweed - like certain flatpaks not crashing.

    But downsides as I see them:

    I’m not a gnome guy. It’s fine though, I don’t hate it. But some people can’t stand it.

    I had a bit of trouble running wine. Something about the default security policy. There’s a known workaround.

      • BlueSquid0741@lemmy.sdf.org
        link
        fedilink
        arrow-up
        0
        ·
        6 months ago

        Kalpa needs to attract more developers to keep up with Aeon’s pace. I understand it is usable as a daily driver, but it’s not just a one to one mirror of Aeon with Plasma on top.

        https://sfalken.tech/posts/2024-06-08-how-do-aeon-and-kalpa-relate/

        Richard Brown is all in on Aeon along with whatever contributors are helping him. Stephen Falken appears to have no one helping him work on Kalpa unfortunately. I disagree with Richard’s stance that Kalpa shouldn’t exist, but I do wish there were some capable people able to help that project.

        I don’t mind using Gnome anyway, it actually does solve some networking issues that I’ve always had with Plasma. (Dolphin not handling it well whilst Gnome Files has no issues)

  • material_hegel@lemmygrad.ml
    link
    fedilink
    arrow-up
    0
    ·
    6 months ago

    Highly recommend Guix, I use it as my daily driver.

    System Crafters has a really nice series on getting it setup the way you want it. I think it’s fixed a lot of stuff that is a little wonky with Nix – proper separation of config-time things and build-time things with g-exps, no putzing with bash scripts, grafting so you can reuse builds even when dependencies get updated, and just general good documentation and hackable culture with a pretty active IRC. They’ve recently added support for also managing your dotfiles the same way you do packages and system config (Guix Home). They’ve also pushed the boundaries of bootstrappability/reproducible builds so far that bitcoin-core is now building on Guix for security.

    The system is pretty well thought through, and has saved me a few times where I would’ve bricked my machine on a mutable distro – now, I can just boot to a previous version of the system from the bootloader whenever my lastest changes are messed up.

    • Telorand@reddthat.com
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      It’s a distro that makes all but a few system directories immutable. This means you can’t just install whatever you want in the same way you would install in a traditional Linux system.

      This comes with some benefits:

      • Malicious and buggy software can’t permanently fuck up your installation. Even root can’t edit those directories.
      • Each system update replaces only the system layer, but you can rollback to the previous one if something breaks.
      • You can rebase to other images (like going from Fedora Kinoite to UBlue Aurora) with a simple command, and you don’t need to reinstall anything or worry about backing up your /home directory.
      • Most software is installed via flatpaks or appimages, keeping a layer of separation between your system and your applications.
      • Distroboxes/Podman containers can handle a lot of additional software while keeping it safely containerized.
      • The system is generally reproducible, so the core of what you have is the core of what everybody else has.

      Some drawbacks:

      • You can’t install whatever you want however you want. There are some hard limitations on where files are allowed to go, and installing certain software that interacts with the kernel can be tricky (I’m currently trying to figure out the best way to install my VPN provider’s client).
      • There’s a definite learning curve to working with containers. It’s not always as simple as “create container, install thing.”
      • There’s a definite learning curve to retraining yourself to think in layers/containers.

      Some examples of modern immutable distros are:

      • Fedora Silverblue
      • Fedora Kinoite
      • Universal Blue Aurora
      • Universal Blue Bluefin
      • Universal Blue Bazzite
      • NixOS
      • BlendOS
    • SeekPie@lemm.ee
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      As I understand it, it’s read-only, so the updates you get are basically replacing your current ones but keeping your apps (like flatpaks) installed.

        • pukeko@lemm.ee
          link
          fedilink
          English
          arrow-up
          0
          ·
          6 months ago

          I think about it like this:

          Layer 2b: ->> User applications (flatpak, nixpkgs, etc.)
          
          Layer 2a: ->> User data (mutable, persistent no matter what your system layer is)
          
          Layer 1: -> System (immutable/read-only/updated "atomically" meaning all at once) 
          
          Layer 0: Hardware
          

          Or, alternately, it’s what macos has been doing with absolutely no fanfare for several versions now. That’s not a knock, btw. It’s an illustration that it can be completely transparent in use, though it may require some habit changes on linux.

    • geoma@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      I had rhe idea fedora atomic was so reliable, ,but I just updated a system and it broke… Reminded me of my manjaro times😑

      • Chewy@discuss.tchncs.de
        link
        fedilink
        arrow-up
        0
        ·
        6 months ago

        How did it break, and what doesn’t work any more?

        I’ve been using Fedora Atomic on at least one device for years now, without any major issues (I.e. device no booting or updating. Upgrades do require some manual intervention).

  • sergay@discuss.online
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    6 months ago

    Currently, the only projects I’d refer to as (remotely) GA are ChimeraOS, Endless OS, Fedora Atomic, Guix System, NixOS and their derivatives. The rest is, unfortunately, simply not there yet. The closest to these would be openSUSE Aeon. But, if you’d like FDE on your device, then you’d have to forego it for now. Currently, I would advice against relying on any other projects; including Arkane Linux, AshOS, blendOS, carbonOS, MocaccinoOS, Nitrux, openSUSE Kalpa, rlxos and Vanilla OS. Unless, you’re fine dealing with whatever random and fringe issues you may have to face.

    As for the previously mentioned GA ‘immutable’ distros, you don’t like to pursue Fedora Atomic, NixOS and their derivatives for IMO fair reasons. ChimeraOS is primarily an OOTB console experience distro (aka couch gaming) that happens to be ‘immutable’. Therefore, bending it (to become your distro for general use) will definitely be an involved process. But, it’s possible. Likewise, Endless OS is somewhat locked down (beyond what you’d expect from your average ‘immutable’ distro) and has to be bend (at least slightly) in order for it to be more suitable as a daily driver.

    This leaves us with Guix System. IMO, if you want to pursue this right now, then Guix System is simply the only remaining way of going forward. It’s fit to suit whatever needs you’d have and offers access to official documentation that’s at least a decade ahead of the one found for NixOS. However, don’t expect this to be entirely painless; ‘immutable’ distros require (in general) a bit more know-how compared to traditional distros. And within the ‘immutable distros’, Guix System and NixOS are uniquely positioned for how ‘powerful’ they feel compare to (literally) any other distro. But, with great power comes great responsibility. Hence, you should definitely know your shit.

    Finally, if FDE is not a hard requirement for you and if you can live with GNOME and if don’t have qualms against containerizing everything and if you don’t intend to tinker, then you might also consider openSUSE Aeon.

    • Laser@feddit.org
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      6 months ago

      Back when I was looking to switch distributions a year ago and it came to the choice between NixOS and Guix System, the latter unfortunately lost due to lack of features I considered essential for me. These were availability of proprietary packages (notably Stan, though I guess this could be rectified with a flatpak version or something), and no support for secure boot, which was the prime reason to switch in the first place, as I wanted to enable passwordless FDE unlock on boot for my machines (at least for the desktop, this should be secure because of fTPM).

      Secure Boot is a bit of a more involved process with Lanzaboote, it’s not just another “enable = true;”, but at least after initial setup it just keeps on working.

      I recently spun up another server for various uses, one being backups using restic. According to https://packages.guix.gnu.org/search/?query=restic, it’s at 0.9.6 in their repos. NixPKGs has 0.16.5. 0.9.6 turns 5 years old this year.

      The other services (yes, they are sketchy, but all GPL) aren’t even in Guix at all. Yes, that’s a network effect, but if switching the distribution forces me write half of it myself (exaggerating here) it’s not suited for my case. The Nix ecosystem has issues but at least it enables me to build the system I want. Guix unfortunately is just another GNU project that’s more focused on ideals than practical reality, which, given GNU’s nature, is completely understandable and justified. But probably also the main reason for why in the real world, Nix is dominant in its niche while Guix System is a footnote.

      • bsergay@discuss.online
        link
        fedilink
        arrow-up
        0
        ·
        6 months ago

        Hi, I’m @sergay@discuss.online with another username.

        I agree with your post. While, Guix System looks the best on paper (after Fedora Atomic and NixOS), it truly requires a lot of expertise from its user. So, if OP is not interested in learning Guix System and/or the Guile Scheme language for the sake of running their OS, then they should look for something else. Because, as you’ve noted, they might have no choice but to contribute by packaging some of the software they need for themselves.

        Regarding Secure Boot, that’s definitely a problem. However, not all distros support it OOTB. I might have dismissed it earlier because I consider FDE to be more important than Secure Boot. But I’m aware that this is not on technical merits.

        IMO one should not dare to touch any ‘immutable’ distros besides Fedora Atomic and/or NixOS unless they know exactly what they’re getting into and why they prefer it over Fedora Atomic and/or NixOS.

        • Laser@feddit.org
          link
          fedilink
          arrow-up
          0
          ·
          6 months ago

          Regarding Secure Boot, that’s definitely a problem. However, not all distros support it OOTB. I might have dismissed it earlier because I consider FDE to be more important than Secure Boot. But I’m aware that this is not on technical merits.

          I’d consider FDE more important as well (apart from some fringe use cases). But it doesn’t cover all possible attacks, as unlikely as some of them are. However, together they create a solution that is both convenient and sufficiently secure, as long as you can’t just intercept the keys on the hardware.

          FDE protects the confidentiality of your data in offline attacks, Secure Boot protects integrity and authenticity of binaries started by UEFI. These complement, they don’t compete.

  • IrritableOcelot@beehaw.org
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    6 months ago

    From OpenSUSE there’s also leap micro. Never used it, but maybe worth looking at.

    If you don’t like fedora it might still be worth trying one of the fedora atomics, depending on what you didn’t like. For instance, I could never get used to dnf, but it’s largely irrelevant on an atomic distro anyways.

    I would love to see a true atomic Debian-based distro, but I think that’s a long way from maturity.

    Edit: opensuse aeon will also be released soon, but at least the comments on this post seem to think that there’s some important things missing from Suse atomic.

    • JustMarkov@lemmy.mlOP
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      6 months ago

      From OpenSUSE there’s also leap micro. Never used it, but maybe worth looking at.

      I heard of it, but it seems more server/development focused, rather than desktop.

      For instance, I could never get used to dnf, but it’s largely irrelevant on an atomic distro anyways.

      100% agree, dnf is a bummer. Maybe I’ll give Kinoite a shot, as it has many differences with “vanilla” Fedora.

      • IrritableOcelot@beehaw.org
        link
        fedilink
        arrow-up
        0
        ·
        6 months ago

        Honestly I tried Silverblue, and had a much better time after I rebased to Bluefin. I would recommend going for Aurora over Kinoite. Of course, you can always rebase.

      • pmk@lemmy.sdf.org
        link
        fedilink
        arrow-up
        0
        ·
        6 months ago

        What started as openSUSE Micro Desktop is now openSUSE Aeon. It’s still RC2, and RC3 will probably be easier to do a clean install since it will add full disk encryption, but if you want to check it out now it’s reliable and works well.

        • IrritableOcelot@beehaw.org
          link
          fedilink
          arrow-up
          0
          ·
          edit-2
          6 months ago

          Ahhh gotcha. The websites don’t give a good indication of that, unfortunately. Trying to find the differences between OpenSUSE flavors was surprisingly hard. Thanks for the info!

          • pmk@lemmy.sdf.org
            link
            fedilink
            arrow-up
            0
            ·
            6 months ago

            In recent turn of events, openSUSE Aeon will probably just be Aeon, and the name openSUSE will disappear everywhere.

  • Jediwan@lemy.lol
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    6 months ago

    I’m surprised to hear you don’t like Fedora. I recently tried Kinoite and I wish I’d discovered it sooner. I’ve never had a Linux distro that felt so detail-oriented and complete. I’d be curious to hear your reasoning!

    • JustMarkov@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      0
      ·
      6 months ago

      It’s complicated and I have a few reasons.

      1. Last time I used it, Fedora’s updates were too unstable. I twice got updates breaking my system setup. For example, with openSUSE it happened only once (recent broken Mesa update). Also openSUSE updates surprisingly feel more stable than Fedora ones.
      2. I don’t like Red Hat. Even though I understand that open-source projects are complex and I should separate decelopers from their software, that doesn’t change my opinion on Red Hat.
      3. This problem stems from the previous ones. Using Fedora I feel like a beta-tester for future Red Hat projects and especially RHEL.

      Keep in mind, that I last used Fedora on versions 37–38 and things might have changed since.

      • sergay@discuss.online
        link
        fedilink
        arrow-up
        0
        ·
        6 months ago

        OP, I don’t intend to convince you otherwise. I merely intend to share my own takes on this. So, without further a due.

        1. Last time I used it, Fedora’s updates were too unstable. I twice got updates breaking my system setup.

        So, first of all, you seem to think that Fedora’s updates are equally “unstable” compared to those found on Fedora Atomic. But this is simply categorically wrong due to Fedora Atomic being (as it’s name applies) an atomic distro. And hence has far superior updates (in terms of ‘stability’).

        Secondly, I recall this period quite vividly, and I actually agree with you that Fedora’s handling was a mess. And, unfortunately, this mess also affected Fedora Atomic. Thankfully, uBlue’s team ensured that the issues were not felt on any of its images. So, even if, at times, issues spill over to Fedora Atomic, users of uBlue images will not have to face those. Heck, history has recorded that the uBlue images have consistently prevented those issues to spill over to its images. Thus, while this may (perhaps rightfully so) make one question if they should use Fedora Atomic or not; this, however, does not represent the situation over at uBlue images. Hence, one could rely on those without fearing issues related to ‘stability’.

        1. I don’t like Red Hat. Even though I understand that open-source projects are complex and I should separate decelopers from their software, that doesn’t change my opinion on Red Hat.

        Fair. What makes you hate Red Hat? I know often cited reasons for why people hate Red Hat. But what are your reasons*?

        1. This problem stems from the previous ones. Using Fedora I feel like a beta-tester for future Red Hat projects and especially RHEL.

        Is this specifically a problem because you hate Red Hat? Because, quite frankly, the same somewhat applies to openSUSE and SLE. But this doesn’t seem to bother you.

        Keep in mind, that I last used Fedora on versions 37–38 and things might have changed since.

        Excellent point. Since that ‘double trouble’, it has been relatively stable. However, I wouldn’t be surprised if Fedora would act similarly if a new issue arises.

        • chunkystyles@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          0
          ·
          6 months ago

          With atomic, unstable updates aren’t a problem. You can just run back to previous.

          Atomic distros are so cool like that.

  • Chewy@discuss.tchncs.de
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    6 months ago

    Fedora Atomic is greag. uBlue is better ootb, but most of it can be simply achieved by layering some packages (rpm-fusion, enable auto updates through /etc/rpm-ostreed.conf).

    NixOS is a whole nother beast and I’d only recommend it if you use standalone compositors (labwc, hyprland, sway, wayfire, river, …), or want a declarative system.

    Edit: Just read your comment about not liking Fedora. In that case I’d recommend OpenSUSE Tumbleweed. Other immutable distros are smaller and I don’t have any experience with them. (IMO with atomic distros the distro doesn’t matter much because apps are installed through flatpak or distrobox anyway.(

  • SexyVetra@sh.itjust.works
    link
    fedilink
    arrow-up
    0
    ·
    6 months ago

    Don’t use NixOS.

    Source:

    • I love NixOS
    • I use it as my daily driver on multiple machines.
    • I’ve contributed both to NixOS and surrounding ecosystem.

    Evidence:

    • Learning cliff rather than curve because:
    • The state of the documentation should have been unacceptable a decade ago. Very unacceptable now.
    • The tooling is also over a decade behind.
    • Governance leaves a lot to be desired.

    These things are getting better but not fast enough that I’d recommend it.

    If you really want to look into nix, use it on another distro and see if you’re still interested after getting a flake-based devshell together. (impossible challenge: do it for a python project that relies on complex dependencies like transformers)

    • pinchcramp@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      6 months ago

      Governance leaves a lot to be desired.

      Genuine question from somebody who’s out of the loop and doesn’t use NixOS: How does this affect your day to day using the distro?

      • vzq@lemmy.blahaj.zone
        link
        fedilink
        arrow-up
        0
        ·
        6 months ago

        Basically you hemorrhage contributors because fuck this shit and then core components get more and more behind.

    • JustMarkov@lemmy.mlOP
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      Don’t use NixOS.

      I don’t like NixOS very much. This whole governance scandal has turned me away from it even more, tbh.

    • dinckel@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      I’ve just switched my secondary machine to Nix, and was in the process of switching my main too, so it really is quite a shame. I’m really enjoying the distribution, but if the organization continues to have colossal government issues, and repelling active packagers, that’s really not a good sign

    • thejevans@lemmy.ml
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      6 months ago

      Now that I’m deep in it with flakes + home manager + impermanence + disko/nixos-anywhere, it’s fantastic having this much control and stability on all my systems, and I’m excited to start switching as much of my homelab as I can over to NixOS like my workstations.

      But I totally agree, I would not recommend this to anyone who is not super interested in it.

    • JustMarkov@lemmy.mlOP
      link
      fedilink
      arrow-up
      0
      ·
      6 months ago

      Guix is interesting, but I need to use proprietary Nvidia drivers to play games and it goes against Guix nature.

      • arouene@emacs.ch
        link
        fedilink
        arrow-up
        0
        ·
        6 months ago

        @JustMarkov @OneRedFox it’s against GNU recommendations, but the nature of open source is about modifications, adaptations, improvements and sharing… and so there is the non-gnu channel.