Congrats on launching something (more than most of us will ever manage), but I am struggling to see why I would use this over something with more backing. There are a number of similar projects that have a very similar goal, but have the support of a large community and/or commercial sponsor:
- Flatcar Container Linux: An open-source, immutable OS designed for automatic updates and large-scale container deployments.
- Fedora CoreOS: A, secure, automatically updating operating system designed for running containerized applications, succeeding the original CoreOS.
- Talos Linux: A modern, immutable, security-focused OS dedicated entirely to Kubernetes.
- IncusOS: an immutable OS solely designed around safely and reliably running Incus.
I think you need to more clearly explain how this is different. Again, congrats on the launch though.
I use IncusOS in my homelab. It's a joy to set up and use.
Migrated from Proxmox and manage all my VMs. Heavily use coding assistants to automatically set things up through the IncusOS CLI, translate Docker-Compose images to Incus, write bash scripts to automate launching new containers to use `--dangerously-skip-permissions` without fear of repercussions, etc.
What I love the most about it is that it's possible to manage IncusOS with declarative files, so you always have visibility into networking setups, resource configuration, etc.
Highly recommend checking IncusOS out if you have similar use cases!
As someone who has moved the opposite way, heavily using Incus and now checking out Proxmox, what made you go for IncusOS?
My gut feeling is that enterprise sentiment is leaning heavily towards Proxmox, fuelled by a VMware exodus that will only gain speed, and I don't see Incus really meeting the requirements most people have that previously used VMware, but of course Incus is awesome and you can't always pick technologies by what will be "employable" :-)
Having an OS that versions all my VMs and allows A/B running the actual OS, has a high quality CLI, is built on modern standards, supports declarative files, and it’s simpler than Proxmox.
I don’t really care for enterprise support. Incus hits a sweet spot no other solution does.
As long as there is software, you cannot shortcut the need for maintenance. Nothing is bug free, and telling people they will never need to upgrade/patch/maintain a system is a well-paved path to compromised systems.
This OS doesn't says it's maintenance-free! But it skips a whole load of maintenance you'd need to think about with a traditional base system, because 1) there's almost nothing there, and 2) the upgrade to that base is easy, you just reboot and restart your containers.
Obviously the software you run needs upgrades, but (again, but a layer down) it's based on Docker and probably someone else is maintaining it. So you pull that new container, restart and the OS is just making sure your data lands in the same place with the new container.
If you're happy with all your software running from Docker this seems like a step up from a Debian or Redhat, and it has a lot less bureaucracy than something like CoreOS.
Whether it's _usable_ I'm not sure (especially around storage management) but it's a really clear pitch.
> Nothing is bug free, and telling people they will never need to upgrade/patch/maintain a system is a well-paved path to compromised systems.
Of course nothing is. But there's a reason projects like "Talos" do exist: no terminal, no SSH, no package manager (how do we like package managers like NPM lately btw?), read-only filesystem, definitely no systemd, etc.
And then a minimal number of executables.
This does, definitely, reduce the attack surface.
I'm not speaking about this Show HN's project but there are such things as systems both more secure and requiring less maintenance than others.
Throwing in the towel and saying: "nothing can ever be 100% secure so we'll always need to patch so we may as well YOLO by accepting npm packages modified 3 minutes ago" is not the way to go forward either.
IncusOS is another - read-only root FS, interactions with the system exclusively through the Incus API, no package manager, blue-green OS updates (à la Steam Deck / Home Assistant OS).
Talos on IncusOS is likely a very interesting stack that I intend to play with hopefully in the near future.
Same concept, I guess. I'm a platform engineer / SRE, and blue/green is a more common way of describing that way of deploying applications so I didn't even consider it could have a different name on the OS layer.
They are vastly different. Incus is aimed at providing a minimal, immutable Os for the hosting of VMs & containers. nixOS provides a full linux OS that is reproducible and declarative.
I'm a novice in this space I think. I've self-hosted for over a decade and around 2019 I moved over to Unraid, which is generally pretty visual (web portal or configuring and doing maintenance). I find the web portal very easy. How does one interact with your home server OS? I assume it's all via terminal because there are no pictures on the website?
Calling a custom Linux build a brand-new OS is like a car tuner claiming they built a new car. You didn't build the engine or the chassis; you just tuned it and gave it a custom paint job. It's exactly like a hairdresser - they aren't creating a new human being, they're just cutting, coloring, and styling an existing one. It's a Linux distribution, i.e., a "distro," not a new OS!
The way to interact with the OS is significantly different from almost all other Linux distros. There is no shell, no DE. This feels like a lot more than "a custom paint job".
Is Ubuntu an OS? Mint?
Neither have built the package managment system, or the kernel, the DE(s), the utilities (maybe some but certainly not all).
What about CentOS? Or Bazzite? Or even Android?
Is macOS an OS, or "a custom BSD distro"?
And if none of those are OSs, does a Linux-based OS even exist? If not, what's the point of the distinction?
Yours is a distro. Period. When you create your own kernel, then you can make bold claims like "I created an OS," when you haven't. Be humble, and you'll be more successful. Linus Torvalds and DHH are the only two arrogant people in tech, but both have accomplished enough to earn the exception. Hubris has no place in tech!
Me, too! I first thought it was just clickbait, but then I realized it was the author's genuine thought, which is sad. I wonder why the popular Linux distro ranking site DistroWatch [0] is not called "OSWatch"! Well, I don't. The "OS" is CentOS, and NixOS is just branding. NixOS is a huge mod, yet it's still a distro!
This is what Wikipedia says about NixOS:
> NixOS is a Linux distribution built around the Nix package manager.
This is about CentOS:
> CentOS (from Community Enterprise Operating System; also known as CentOS Linux) is a discontinued Linux distribution that provided a free and open-source community-supported computing platform, functionally compatible with its upstream source, Red Hat Enterprise Linux (RHEL).
I like the idea of something like this for swarm mode clusters; not sure if you’re focused on the home server aspect exclusively, but I’ll be following along.
Thanks!
I'm only announcing it for home servers because that's where most people are willing to try it out. But Lightwhale is already running in production, and it makes an excellent Swarm cluster.
This is relevant to what I have been learning about recently!
I'm getting ready to launch an online game and I'm dealing with "how do I just run my game server on dozens of boxes without dealing with linux stuff".
I don't really have an answer yet (leaning into "just get one really powerful box" lol), but my investigation into the problem so far has been pretty interesting.
You can conceptualize the "my program + the OS" as a single program. It's not a pretty picture. Lots of global mutable state. (Also it randomly modifies itself??)
The whole point of Docker appears to be "I just want to run my program", in the least painful way possible. Immutable Linux extends the "lean in the direction of sanity" idea. (The programming and OS worlds seem to be learning the same lessons, from different angles.)
And then there's "it turns out the OS solves problems I don't have, while creating many new problems", which leads to Unikernels. Fun stuff ;)
In a perfect world, I wouldn't need the OS at all. Docker gives me two Linuxes to worry about! The number of operating systems I want to worry about is zero!
Which brings us to Unikernels! Just ditch the OS! Technically the right answer, except... now I'm a kernel developer? Maybe that's the least bad option, long term.
> "how do I just run my game server on dozens of boxes without dealing with linux stuff"
A good first question to ask yourself is why you need to run it on dozens of boxes. You probably don't.
The point of Docker is not "I just want to run my program", the point is to bundle an application with its dependencies. It's one way to distribute applications, and far from the only one (despite what talking to some people might make you think).
As for the last part of your post, none of it is correct. Docker is not a "second linux to worry about" and considering unikernels in your use case is insane.
Terry Davis once said that "an idiot admires complexity, a genius admires simplicity". You say you're "getting ready to launch an online game", then launch it. The best way to do that is the simplest way, which in my opinion is running it as a systemd service on _one_ Linux VM. When that actually creates problems for you, solve those problems, and only those problems.
I wish there was something like this or talos or coreos but more generic:
- immutable
- a/b boot
- declarative (like talos)
But with choice of workload, like docker, k8s, qemu
So I’ve just set up my home server with Ubuntu server, installed docker with one line and I’m off to the races. What’s different/ exactly the value prop of this? You mention maintenance, of what exactly? Is your server a slimmed down version to run on less powerful hardware? Genuinely curious as I’m new to setting up a home server so seeing how this would benefit me.
I do the same thing. Being immutable is supposed to be great for updates. New image version and if there's a problem you can boot back to the last version no problem.
But functionally, like you I find Ubuntu server fine. I run apt update and upgrade a couple times a year and its local only with tailscale access.
I find these immutable OS's really nice on laptop or desktop. The home directory is the only thing that can be written to so the OS is supposed to be more stable and can't break easily
Indeed, Debian stable with podman/Docker is "immutable enough" for me.
It is also the insurance that I will get help whenever I'm stuck.
Sure it could be smaller ... but when it already runs fine on any hardware, even weird stuff like a BananaPi with a low-end RISC-V processor, then I have a difficult time wanting anything else.
If this was built using zfs, it would have zvols and metadata in the fs for persistence. And the states would be perhaps more portable at a cost of .. zfs.
can't imagine a world in which I'd download a little known distro to put on my home network and use as a server. also, doesn't fedora already have something like this already?
Game’s truly gone. I remember when all we did was try to find the most obscure indie band of a Linux distro, form emotional attachments and then argue their merits.
If I had a firm requirement to have only one physical piece of hardware home server on bare metal to run further containerized things on, it would be running proxmox, because that grants the ability to run further QEMU, KVM virtualized things, and then to install docker containers inside of any KVM VMs. Even to use QEMU to fully emulate other CPU architectures if necessary.
Or if not proxmox, without a http GUI, just a boring debian stable x86-64 system to manually install QEMU and virt-tools, virsh toolset on to
run QEMU/KVM things on with purely CLI management.
This is an interesting general concept but being limited to only running docker containers is a huge constraint.
I believe for anything home server (or even production), proxmox got you covered, it’s mature, stable, has strong community, and at the end of the day it’s still debian so you can mod it however you like. You can have containers, vms, firewalls, hdd zfs pools, backups, and more. And you can even use something like community scripts for easier installation, although always read the script before you install anything. I have also been playing with BastilleBSD too but I don’t think it’s there yet.
Even if i don't see a personal need for it it's a really cool project! I sent it to a friend who is in the "wants to run their own servers at home but never finds time to tinker" stage
- Flatcar Container Linux: An open-source, immutable OS designed for automatic updates and large-scale container deployments.
- Fedora CoreOS: A, secure, automatically updating operating system designed for running containerized applications, succeeding the original CoreOS.
- Talos Linux: A modern, immutable, security-focused OS dedicated entirely to Kubernetes.
- IncusOS: an immutable OS solely designed around safely and reliably running Incus.
I think you need to more clearly explain how this is different. Again, congrats on the launch though.
Migrated from Proxmox and manage all my VMs. Heavily use coding assistants to automatically set things up through the IncusOS CLI, translate Docker-Compose images to Incus, write bash scripts to automate launching new containers to use `--dangerously-skip-permissions` without fear of repercussions, etc.
What I love the most about it is that it's possible to manage IncusOS with declarative files, so you always have visibility into networking setups, resource configuration, etc.
Highly recommend checking IncusOS out if you have similar use cases!
My gut feeling is that enterprise sentiment is leaning heavily towards Proxmox, fuelled by a VMware exodus that will only gain speed, and I don't see Incus really meeting the requirements most people have that previously used VMware, but of course Incus is awesome and you can't always pick technologies by what will be "employable" :-)
I don’t really care for enterprise support. Incus hits a sweet spot no other solution does.
Obviously the software you run needs upgrades, but (again, but a layer down) it's based on Docker and probably someone else is maintaining it. So you pull that new container, restart and the OS is just making sure your data lands in the same place with the new container.
If you're happy with all your software running from Docker this seems like a step up from a Debian or Redhat, and it has a lot less bureaucracy than something like CoreOS.
Whether it's _usable_ I'm not sure (especially around storage management) but it's a really clear pitch.
I've long since thrown everything with a user count > 1 out.
Of course nothing is. But there's a reason projects like "Talos" do exist: no terminal, no SSH, no package manager (how do we like package managers like NPM lately btw?), read-only filesystem, definitely no systemd, etc.
And then a minimal number of executables.
This does, definitely, reduce the attack surface.
I'm not speaking about this Show HN's project but there are such things as systems both more secure and requiring less maintenance than others.
Throwing in the towel and saying: "nothing can ever be 100% secure so we'll always need to patch so we may as well YOLO by accepting npm packages modified 3 minutes ago" is not the way to go forward either.
Talos on IncusOS is likely a very interesting stack that I intend to play with hopefully in the near future.
https://linuxcontainers.org/incus-os/docs/main/
First time I heard someone call it blue-green OS updates instead of A/B OS updates.
Same concept, I guess. I'm a platform engineer / SRE, and blue/green is a more common way of describing that way of deploying applications so I didn't even consider it could have a different name on the OS layer.
The source repository isn't very enlightening?
> The actual repository here hosts the source code for Lightwhale, and is not of any interest for most people.
> https://bitbucket.org/asklandd/lightwhale/src/master/
The way to interact with the OS is significantly different from almost all other Linux distros. There is no shell, no DE. This feels like a lot more than "a custom paint job".
Is Ubuntu an OS? Mint?
Neither have built the package managment system, or the kernel, the DE(s), the utilities (maybe some but certainly not all).
What about CentOS? Or Bazzite? Or even Android?
Is macOS an OS, or "a custom BSD distro"?
And if none of those are OSs, does a Linux-based OS even exist? If not, what's the point of the distinction?
> Linus Torvalds and DHH are the only two arrogant people in tech
Are you feeling ok bud?
This is what Wikipedia says about NixOS:
> NixOS is a Linux distribution built around the Nix package manager.
This is about CentOS:
> CentOS (from Community Enterprise Operating System; also known as CentOS Linux) is a discontinued Linux distribution that provided a free and open-source community-supported computing platform, functionally compatible with its upstream source, Red Hat Enterprise Linux (RHEL).
[0]: https://distrowatch.com/
Kudos to the great project!
I'm getting ready to launch an online game and I'm dealing with "how do I just run my game server on dozens of boxes without dealing with linux stuff".
I don't really have an answer yet (leaning into "just get one really powerful box" lol), but my investigation into the problem so far has been pretty interesting.
You can conceptualize the "my program + the OS" as a single program. It's not a pretty picture. Lots of global mutable state. (Also it randomly modifies itself??)
The whole point of Docker appears to be "I just want to run my program", in the least painful way possible. Immutable Linux extends the "lean in the direction of sanity" idea. (The programming and OS worlds seem to be learning the same lessons, from different angles.)
And then there's "it turns out the OS solves problems I don't have, while creating many new problems", which leads to Unikernels. Fun stuff ;)
In a perfect world, I wouldn't need the OS at all. Docker gives me two Linuxes to worry about! The number of operating systems I want to worry about is zero!
Which brings us to Unikernels! Just ditch the OS! Technically the right answer, except... now I'm a kernel developer? Maybe that's the least bad option, long term.
A good first question to ask yourself is why you need to run it on dozens of boxes. You probably don't.
The point of Docker is not "I just want to run my program", the point is to bundle an application with its dependencies. It's one way to distribute applications, and far from the only one (despite what talking to some people might make you think).
As for the last part of your post, none of it is correct. Docker is not a "second linux to worry about" and considering unikernels in your use case is insane.
Terry Davis once said that "an idiot admires complexity, a genius admires simplicity". You say you're "getting ready to launch an online game", then launch it. The best way to do that is the simplest way, which in my opinion is running it as a systemd service on _one_ Linux VM. When that actually creates problems for you, solve those problems, and only those problems.
But functionally, like you I find Ubuntu server fine. I run apt update and upgrade a couple times a year and its local only with tailscale access.
I find these immutable OS's really nice on laptop or desktop. The home directory is the only thing that can be written to so the OS is supposed to be more stable and can't break easily
Why do I need immutable if I'm just running docker?
Why do I need a specialized Debian variant when I can install docker on Debian or Ubuntu in a couple minutes?
And maintenance happens directly through the package manager, either through the distro maintained repo, or by adding the official docker repos?
This immutable fad needs to go away. So does flatpak and snap.
Linux already does the things these "solutions" are trying to solve.
Users can't update the base system without root, and applications should be installing dependencies in /usr/lib
It is also the insurance that I will get help whenever I'm stuck.
Sure it could be smaller ... but when it already runs fine on any hardware, even weird stuff like a BananaPi with a low-end RISC-V processor, then I have a difficult time wanting anything else.
Not a huge criticism, life is about choices.
first read looks good, excited to try.
And I don't think you can get there via this route. But good luck anyway, I would love to be proven wrong.
> Can you please add wget, nano, $my_fav_app_omg_i_love_it to the root filesystem?
> No, not likely.
I am guessing the way to use software not already in the image is to use `docker run`.
Or if not proxmox, without a http GUI, just a boring debian stable x86-64 system to manually install QEMU and virt-tools, virsh toolset on to run QEMU/KVM things on with purely CLI management.
This is an interesting general concept but being limited to only running docker containers is a huge constraint.