So, I have used ubuntu for my server for a year now and I can tell you that this is by far the most frustrating distro I have used ever. The amount of annoyences I have dealt with was genuently disgusting to me. How Canoncile, which brought linux to the masses, could have made a server OS so useless for general server computing, at least to me.

I’ll quickly will go over what caused me to get so frustrated with Ubuntu, and in what cases it has caused me issues. Yes, I am not just complaining about theoritical edge case scenarios (those are there too don’t worry). Then I’ll present you with a solution, or at least what I will want to move onto in a near future once I got time.

Why Ubuntu is useless

SNAPS!! And awful repositories

This was to be expected. Snap has been the single most annoying thing to me. This is presisely because They sometimes make it the only way of getting latest packages. Now I undestand, server distro is supposed to use LTS packages, but also should provide the latest and greatest because simply some need it.

I was once (and still) working on a node project with a friend. The project had libraries that were just updated to node 16 and didn’t work well or sometimes at all with node 12. However, by default, Ubuntu 21.04 ships with node 12. Now, you would expect that there should be an easy way to fix it, and happly there is a ppa. ( Here is a tutorial if you need one) However I was in a hurry this time and decided to use snaps. Installing packages was simple and fast, and I indeed got what I needed, Node 16. However, I wanted to run node as a system service. I started writing a systemD script as I always do and… It would not work. snaps apparently needed to create a folder in a home directory… on a system user?! What? Why is this like that? It took me about 2h of trying to make it work and I just could not. It would constantly complain about it. I looked everywhere and I found that snaps uses its own service system. Now, propably somebody well versed with snaps that uses and got used to it will look at me like an idiot that complains about how snaps is bad while clearly not knowing how it works. This is to a cetrain degee true, though why would I want another package manager, with its own strange quirks, deamon menager. My system can already do everything that snaps can. Services? I got systemd and other init systems. Containers? Docker is way more flexible with that. Auto updates? You can just set up unattended upgrades. Specific isolated packages? Rarely have a usecase but there is always flatpak. Again, I don’t need it. Then why do they literally make it the only offical way to install packages? Ubuntu apt repos literally have old, unupdated packages. Some sure are just LTS releases, however sometimes they are literally just not updated for not apparent reason. For example, Certbot would not work for me. I was cofused why, because none of the offical guides were able to help. Then, I discovered that the repository was literally 7 versions behind. This is literally unacceptable. The software was not only dangerously old, perhaps being exploitabe, on top of that it would literally not work, because newer versions were required to function with the certs. This ignorance of the maintainers caused me to not have ssl on my sites for 5 months. Yes, 5 months. Why I think they would not update it? Well because they simply want you to use snaps. Snaps version was prefectly updated, and once I installed it, it worked. The worst thing is that certbot does not have its own ppa, or at least a ppa that would work. The ppa I found would just fail to sync and was marked as depricated. As I said, how is this acceptable? Anyways, those are the 2 times I used snaps and it was always full of issues. Why is this pushed so much on us? This is not the end though. I also found snaps to be just slow to run. This is geniuently annoying when you need to restart a service, or application a few times for testing sake.

On the left you can see my server running certbot with snaps and on the right and my artix pc running certbot from arch repos. Look how it takes almost twice as much to run snaps package. I am aware that this test is hardly precise, since its 2 different distros, hardware setups, etc. Though this is still a huge difference. Imagine that I have to restart node 15 times a day when I am working on something, Not counting the script initiation time. It is terrible.

This is just the tip of the iceberg with this. I bet that there are many outdated, broken packages that force use of snaps, which is a useless as there are tools that do the same thing as snaps.

So, what does Gentoo have to do with this?

Well, server systems have very specific needs. They should be:

  • Stable
  • Have good version control
  • Secure by default
  • Be well documented
  • Have small surface for attack
  • Minimal
  • Flexible

Those are at least the things I want from my server.

Gentoo literally fits this usecase almost perfecty. Gentoo has the most powerful package menager out of them all – portage. Portage allows for ability to mix stable and unstable packages together, like in my case perhaps mostly stable system on LTS packages with latest upstream version of Node. I can do that very easly. It is as simple as editing a textfile. Portage also gives me the use flags Those are awesome. I can compile my software the exact way I need. Servers often do not need extensive featuresets or stuff like Xorg support, alsa support, etc. Being able to not compile it in and speed up a server a bit sounds great. So stability mixed with latest software? Exactly what I need. This is not everything yet. Gentoo also provides us with choice of any security we want. So you can get apparmor, SElinux etc. Perhaps that is not as impressive, however there are also compiler flags and patches. This is what really makes it shine. To give an example you can apply: PaX, PIE, RELRO. I think I don’t need to explain fruther why this is awesome. Oh, and I would almost not mention that you get a choice between 2 best init systems for server usecase – OpenRC and systemD. What else would one need? So, Gentoo is flexible, secure, powerful yet minimal and stable distro.

To add to this, gentoo has also a great documentation. Perhaps not as great as documentation that other distros have, like arch, but it comes close

Now there are also downsides, however I think they are not that big of a deal if one thinks about when they really affect a user. So of course, source distro means you need to compile. Some may be annoyed that it takes some time to update and set up an OS. Thing is, that servers often don’t need heavy packages like firefox. Most server programs cli-based, so no need for support for a lot of graphical stuff that is what mainly takes a long time to compile. Besides, servers often got good cpus, so compile time won’t be that bad. So I don’t think it’s that much of a problem to set up your make.conf for your usecase once, then wait like 3h to get everything installed, since servers run 24/7 anyways. Updates are not that annoying either since you can run stable branch that is not updated daily. There is only one package that is not like this, and that is a kernel. On Gentoo you need to configure it manually and then compile it… Or do you? Gentoo also gives you an option to use some packages as binaries. One of them is kernel. So you can just install LTS hardened binary kernel and go on with your work.

Even for ones in a hurry, there are ways to get a ready to use gentoo server installation. Calculate linux is a gentoo distribution, which is fully compatible with Gentoo. It is basically gentoo with a few additonal things like more binary software. They provide a server ISO that is quick to install and has most of server software installed out of the box. If you are lazy or never used gentoo before, you propably want to use that

I think a made a good case why Gentoo is a great server distro. I have no idea why people would use ubuntu with its terrible snaps and repository quality control. Whenever I get a chance and enough time, I will switch my Ubuntu server to Gentoo. I hope this will be this summer.