We're primarily a CentOS (6/7, kill me) and Rocky 8+ shop at work, with Debian handling our webservers. My Boss We like Rocky so much, it's even our base image for all of our containers (ugh).
My experience so far is that RHEL (and derivatives) are pretty solid, and not a bad choice. Though, I'd generally want to avoid the complexity that is SELinux in selfhost endeavors.
For an alternative, when I was looking into server os's, from what I can tell RHEL (Red Hat Enterprise Linux) is the go to since it's stable. That said RHEL is not free, so what people use to do is get a free OS which is down stream to RHEL, that's your Alma and Rocky Linux.
However back in 2023 IBM made some changes, and now Alma and Rocky had to rebase off of CentOS Stream which is what RHEL is based off of.
For all intent and purpose I'd recommend using Debain, but Alma and Rocky are alternatives you may want to look into. Personally using Alma and outside of the learning curve of using a RHEL based OS, it has been quite stable.
Debian is a great choice. I'm on Debian and it is solid.
I do have one I like better: I'm transitioning to Fedora IoT from Debian for my homelab stuff. I like using their atomic desktop distros, I want to understand them better, and it seems like a great combination of recent kernel and system stability.
Interesting I hadn't heard of these "atomic" distros. There isn't really much description of what exactly is atomic about them though - all you get is "The whole system is updated in one go". Can you explain it?
I believe the "atomic" action is updating the kernel and all the base packages together such that either the whole thing succeeds or the existing system is unchanged. If the system update is atomic, you cannot be stuck in a partially updated state with new versions of some packages and previous versions of others. Naturally something like that lends itself to making rollbacks easier if it does break, much easier than trying to undo an update on a more traditional distro where they do the update in place.
It works similarly to Android and iOS. The system partition is read-only, and each new system update is applied as a new system partition image. All user apps are kept separate from the system and are sandboxed.
When I’m prototyping some model deployment/application/backend, I choose Ubuntu. I’ve also chosen Debian Stable before.
When te decision has been made to actually write the fucking thing for real enterprise deployment, it’s always Alpine Linux so that we have fine control over literally every aspect of the image.
I’d never recommend Alpine for any other use case, tbh.
I literally once rented a VPS, installed Debian 12, configured automatic updates, installed tor, set the max limit to the VPS limit, enabled the tor relay server.
And now I am unable to login and that thing is just running lol. For the good of the Tor network?!
I am enjoying IoT. I got it for headless machines after trying Bazzite. IoT is definitely an easier install on bare metal, they do an ISO for you. I don't have a setup where CoreOS/ucore make sense just yet, so I cannot speak much to any differences there.
In 2001 we examined the packaging format of debian and found it lacked a validation feature available in RPM. This killed debian and all derivatives as an option by the build group of the unix vendor I worked with -- please tell me you understand why validation is a pivotal feature for build. The fact the validation carries hard sigs all the way down made the security group happier too. This hasn't changed.
So I'm running CentOS now, Rocky later, and PCLinuxOS once they get a good packer template.
Zypper on suse has a series of nice patch commands, to check what patches are out with cve numberd and if they are needed or applied to the system already.
We use ubuntu at work on about 30 servers. It was a mistake made years ago, I’m hoping to switch them to Debian next year. Ubuntu being a Debian based distro means at least 90% of ansible code will work without changes.