So, I recently got interested with the idea of an atomic distro, particularly the derivatives of Fedora Kinoite (currently testing Aurora).
What’s your experience with them? What are the unexpected troubles and did you manage to resolve them? Do you feel it’s worth it to learn the nuances of their use?
Also, on a personal testing note, did you manage to properly run AppImages and what did you do to make it happen? I couldn’t properly run them either natively or via Fedora toolbox on Aurora. (Also, I borked Aurora within 4 hours of trying to install Outline VPN that consistently had issues with tunneling).
While shopping around for a distro for my gaming box, I tried NixOS and Bazzite. Both were fine, but the atomicity made everything more complicated without any practical upsides for my use case.
So I’m just using Nobara, which is a gaming-optimized Fedora. For my laptop, I’m just using Arch, it’s much less hassle. The declarativeness of centralization of NixOS is alluring, but I don’t really need it.
I will say that Bazzite and the rest of the Universal Blue distros are going to be moving to
bootc
eventually, which should hopefully make things much easier for end-users to customize. Layering withrpm-ostree
is fine for a lot of people, but only if your software can be found via the Fedora free and non-free repos or comes as an RPM.It’s great for most, and they have a lot of additional
ujust
commands to make other changes, but doing things like ricing or installing a proprietary binary can be tricky or impossible.Yeah, that’s something I faced the wall with too. Hopefully we’ll see bootc soon!
I haven’t used one, but my guess would be they’re fine if you’re a “web browsing and email” sort, but most of us here probably aren’t, and then you’re going to have pain when you need to install some tool that expects to be installed globally, because so many pieces of open source software assume the “spew files all over
/usr
” installation method.Feels like you’d be spending a lot of time fighting expectations in the same way that Nix has to.
I hope this changes once
bootc
is mature, but if you currently need a package that comes as a weird binary or tries to make system changes at runtime (like some VPN clients), it might be difficult or impossible to work a solution.True, it constantly feels like a war game with my own system and I wanted to know if it gets any better :D
That’s why you install with rpm-ostree or similar. It creates a overlay that is the app
Maybe you should actually try one before sharing your thoughts.
I love to install Atomic distributions for less technically savvy people. Reducing the conflict and issue potential.
If we’re talking email and docs and stuff, doesn’t it make sense to install something like Debian, properly set it up and leave it be?
Sounds like an option that really really wouldn’t ever bork.
That’d work, too. But doing that I still had to occasionally/rarely fix my relatives laptops. I think after some of the major updates and the stupid Brother printer drivers messed up and needed manual intervention. But Debian is pretty stable. But with that said, it’s not the only option. I can imagine an atomic distro doing a good job, too. And being low maintenance, or at least fail in a way my mom could handle. I mean that’s how some modern devices work anyways. Be atomic, have A/B updates…
Printer drivers are pain indeed. Had some trouble installing drivers for an obscure Brother printer myself, and that’s with AUR at hand (I currently run Manjaro, an Arch derivative, on my main PC, and Debian on laptop)
Atomic distributions have read only filesystems for nearly anything but /home, it makes it way more reliant against loss of power then just a normal Debian. I had a few people with distributions that broke due to filesystems corruption.
Fair enough
It is more complex not less. Maybe one day it will be hassle free but that day isn’t right now
Never had any issues, everything just works for me.
I’ve been using NixOS for nearly a decade. It took me several days to understand the filesystem layout, and I had the advantage of knowing some capability theory beforehand. However, once I understood the Nix store, my paradigm shifted and I haven’t had any further “unexpected troubles.”
As far as I can tell, AppImages and Flatpaks are extraneous, heavy, improperly isolated, and propagate a sprawling filesystem which is hard to secure. Compare and contrast with Impermanent NixOS, which only persists data that the user has explicitly marked to be saved and has systemwide caching of installed applications.
NixOS is currently beyond my comprehension, sadly, but I keep an eye on it, still!
I tried Fedora Silverblue.
Didn’t see the point. Anything that needs access to system files can’t be installed as a FlatPak or in a container.
When you need to alter the install image just to get htop or Gnome Tweaks, it defeats the purpose of running an atomic distro.And I didn’t see any benefit. It was buggier than all other distros I tried except Ubuntu. So the selling point of “the devs test on the exact same system you run” doesn’t seem to have any effect. And I wasn’t in a situation where I would have needed to roll back to a previous state in years. Linux doesn’t really bork your install with an update anymore.
Yeah that’s my problems as I currently faced described in one comment.
System files install is a mess, and stability is actually shitty for some reason.
Why would it defeat the point? It is still layer so updates are smoother.
I use Kinoite daily since over a year at least.
First learn how rpm-ostree works. I dont think you borked your install.
Appimages run normally. As helpers I recommend “AppMan” where you should use the mode for the local user
Checkout discussion.fedoraproject.org and the tags #atomic-desktops #silverblue #kinoite #rpm-ostree
Thanks! Much appreciated.
I run Bazzite on a HTPC, and it’s great, but I’m still deciding what to put on my daily driver PC, which needs to be able to do things like gaming and coding. As you also pointed out, Fedora atomic distros don’t like VPN clients that aren’t already packaged neatly as an RPM.
In light of that, you can either try to build your own custom downstream derivation that pulls from the upstream image of your choice (Universal Blue has instructions and a template for doing this) and make customizations to the system at build time, go with something like Blue Build, or go for a traditional mutable distro.
I’ve been trying to get Private Internet Access to install at build time on my own custom attempt, but so far, it’s been a failure. I’ve also tried on other immutable distros that use
ostree
alternatives, and they’ve also failed. I may just have to concede the client and only use the preset OVPN configurations, or I may need to move onto mutable options.Thanks for sharing your experience :)
Will look into BlueBuild indeed!
As I have been using Silverblue for enough time, I would say that splitting between the base OS and the apps is an important thing but atomicity/immutability of the base system is not so much.
For example: I also use QubesOS and it gives quite immutable-like experience while the base distro is a regular non-atomic Fedora.
By using flatpaks (or snaps) or tools like distrobox on a regular distro you will get a similar experience.
The main think is to cut dependencies between apps and the os and to be able to update them independently.
And then, when you have the apps separated, there are just not many reasons against choosing an immutable distro for the base system because it gives you additional bonus things as safe updates and rollbacks. But you can use a non-immutable distro as well if you want a specific or a niche distro (for example Chimera Linux or Alpine).
I see your point, thanks!
After using Fedora Atomic for around a year, I’ve switched my mom over from Linux Mint. Since then a few years’ve gone by and there’s been no issues with automatic updates failing or not applying. That’s awesome compared to regular issues with dpkg errors because of shutdown/power loss while updating.
Obviously release upgrades still require manual intervention, but that’s an hour once a year for updating and testing if everything works as it should.
Personally I’ve switched to NixOS, because even with ublue image-based OS aren’t great for configuring window managers. In general, image-based OS are especially awesome for long-running, low maintenance systems. I wouldn’t want to use an OS which doesn’t provide some kind of rollbacks anymore (btrfs snapshots is the minimum).
Edit:
Do you feel it’s worth it to learn the nuances of their use?
Fedora Atomic is almost identical to regular Fedora, the difference is mostly how the root filesystem is managed:
The former are files from rpms get copied to an ostree image, which then gets mounted as the root file system.
For the latter dnf copies files from rpms to the root file system.
[…] did you manage to properly run AppImages […]
They always worked flawlessly on everything except NixOS (because of no FHS-layout). Through distrobox they should work on any distro.
[…] trying to install Outline VPN […]).
These kinds of not properly packaged apps are a big issue with ostree based systems. VPN provider apps need to be natively installed and usually aren’t available in repos.
Thanks for such a detailed response!
I switched to Silverblue and it is fine
I’m testing OpenSUSE Kalpa on an old machine, and I guess it’s alright if you do standard normie things. I found there are tools I want that aren’t available. There are usually a way around that, but it takes some faffing around. But I tend to want to customize and control my system in a way that is ideologically almost antithetical to immutable distros, so, meh. But YMMV.
It’s pretty useful for systems you want to be reliable but don’t need too many customisations (like Bazzite on gaming machines).
Although if we’re counting NixOS, it’s the declarative config aspect that is the main selling point for me, with atomic updates just being part of it.
The problem with Nix is that is it a pain and specific to Nix. I prefer Ansible as it is cross compatible and much more portable. I can do things like write a playbook to configure DNS of HTTPS
I like the idea of immutable distros a lot, but I realised they are not for me, at least not now.
I couldn’t install global themes because the SDDM is immutable. There is a workaround, but it didn’t work 100% for me.
I couldn’t get Steam to put shortcuts on the desktop (it’s a known thing, simply I didn’t know it). It only worked with Bazzite which comes with Steam preinstalled. But then I couldn’t edit these shortcuts (for example: -silent) because if I did, they would vanish.
Then I experimented with Waydroid. There was something I wanted to test but couldn’t use the online advice because Bazzite/Aurora doesn’t have dnf for example.
There were other little things I’m used to tinker on my system and couldn’t so I realised, I wanna stick with other distros for the moment.
In fairness, dnf can be used via Fedora toolbox.
But yeah, I see your point!
Oh, it is annoying part of GNU/Linux that there is no way to override /usr/share/* resources system-wide. It is possible to do for each user by placing files into ~/.local/share but not for the system.