Debian LTS with unattended upgrades is my go-to
this post was submitted on 31 Jul 2025
32 points (97.1% liked)
Linux
56892 readers
555 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 6 years ago
MODERATORS
Same, but I've been glancing at alpine for a while as well.
As said by @iii@mander.xyz, bog standard Debian Stable.
You really don’t want a rolling release distro for something like this - major software updates might change the behavior of your software, break your configs, etcetera. Stable distros do as much as they can to make sure that software behaves the same, only porting security fixes.
This way, you don’t really have to touch it except for updates with a nearly nonexistent chance of going wrong (and there’s stuff like unattended-upgrades so updates are automatic) and major upgrades.
You can go several years without a major upgrade just fine - Debian versions are supported for 5 years, and we’re only a few days from getting Trixie, which will last into 2030. New versions come out every two years, and it’s not that hard to upgrade between consecutive ones; I don’t think sitting down on a weekend every two years is that bad.
I kind of hate Ubuntu, but it’s pretty based in this case due to really long support. This might be a really great case for Rocky Linux though, as it also gets 10 years support.
This might be a really great case for Rocky Linux though, as it also gets 10 years support.
That happens to be my plan. I just started rolling out a few but I will have to bulldoze some servers because CloudStack doesn't work in it yet. That means it's upgrade-disco for my 9s in 5 years.
Since 2002 I've been doing yum-cron for updates, but just at the side gig with up to 50 boxes. It used to be absolutely rock solid before systemd wrecked it, but it's still pretty reliable.
Ubuntu 24.04 is security maintained for 10 years - no major version bumps just security updates the whole time. Installs lean, works great. I use it for exactly this.
OpenWRT. All the benefits of Alpine, plus a nice interface. Could also go OPNsense.
Not a bad idea if you want a bare minimum solution but set up could be a bit of a pain. More info: https://openwrt.org/docs/guide-user/installation/openwrt_x86
This isn't bare x86 if they want to run in it in a VM.
I've been very pleased with ublue (Fedora) distros as daily drivers. They are very stable and low maintenance like you prefer. UCore sounds best for this purpose - https://github.com/ublue-os/ucore
Ucore is maintenance only afaik, they're developing cayo server now
DEBIAN. this is the one thing in linux i will insist is the only correct choice, and any other choice is wrong.
I would of went Alpine, but debian is a solid choice as well.
*would have
i use minimal alpine on my docker images and it works very well for that purpose.
Alpine with a cronjob to apk -U upgrade or auto-updating Debian Stable
If its solely for setting up a wireguard server, it doesn't need to be rolling release. Nothing should really need changing.
- Alpine Linux due to it being lightweight and hardened
- Arch Linux due to it being lightweight and fast
- Rocky 9 due to HAProxy in case you decide to turn this into a DIY datacenter :)
I'm not sure I would agree for arch if the OP wants low maintenance. I've never run it myself, but the way I've heard arch described is the further you go without regular updates the more likely you are to have a problem when you do update.
Yeah, GPG keys expire, but that happens with all package management systems if left alone long enough. I mean you'd have to maintain like 3 packages (linux, wireguard-tools, archlinux-keyring). In Debian you'd have to maintain the kernel, debian-archive-keyring, and wireguard-tools. Its the same.
Also, just run Tailscale and be done with it.