I want to run a small VM running a very low-maintenance distro for the sole purpose of running a private VPN (preferably WireGuard).
I do this because I want to access all of my ESXi VMs from WAN.
I’m thinking Fedora Server because it has roling-release, so I don’t have to reinstall, I guess? But I want it to be very stable, because if it fails I lose access to ALL my VMs.
Debian LTS with unattended upgrades is my go-to
Same, but I’ve been glancing at alpine for a while as well.
OpenWRT. All the benefits of Alpine, plus a nice interface. Could also go OPNsense.
Not a bad idea if you want a bare minimum solution but set up could be a bit of a pain. More info: https://openwrt.org/docs/guide-user/installation/openwrt_x86
This isn’t bare x86 if they want to run in it in a VM.
Ubuntu 24.04 is security maintained for 10 years - no major version bumps just security updates the whole time. Installs lean, works great. I use it for exactly this.
I’ve been very pleased with ublue (Fedora) distros as daily drivers. They are very stable and low maintenance like you prefer. UCore sounds best for this purpose - https://github.com/ublue-os/ucore
Ucore is maintenance only afaik, they’re developing cayo server now
deleted by creator
I would of went Alpine, but debian is a solid choice as well.
*would have
deleted by creator
If its solely for setting up a wireguard server, it doesn’t need to be rolling release. Nothing should really need changing.
- Alpine Linux due to it being lightweight and hardened
- Arch Linux due to it being lightweight and fast
- Rocky 9 due to HAProxy in case you decide to turn this into a DIY datacenter :)
I’m not sure I would agree for arch if the OP wants low maintenance. I’ve never run it myself, but the way I’ve heard arch described is the further you go without regular updates the more likely you are to have a problem when you do update.
Yeah, GPG keys expire, but that happens with all package management systems if left alone long enough. I mean you’d have to maintain like 3 packages (linux, wireguard-tools, archlinux-keyring). In Debian you’d have to maintain the kernel, debian-archive-keyring, and wireguard-tools. Its the same.
Alpine with a cronjob to
apk -U upgradeor auto-updating Debian Stable2nd for alpine, it’s what I use for my wg
Anything with docker set up OOTB, like Flatcar Linux
And a good docker container like: WG-Easy
Also, just run Tailscale and be done with it.
