I run homeservers for years. Starting with OMV, checking proxmox and having ubuntu server for years. Now, with a new machine I found fedora server with native cockpit integration and btrfs support appealing.
But I fight with the security complexity of it. Running a docker container with some drive access is so comlex to accomplish. I tried podman only to discover that a simple restart=always like in docker involves a ridiculus number of steps (outside of the compose.yaml definition.
Similary complex is allowing a docker container using a folder on the host. Aparently there is no way defining this allowance in the compose.yaml.
Another struggle is to let the server accept traffic form a (via wireguard) linked second LAN.
I ended up disabeling as many secutity features as possible to get the job done ;(. SElinux - off, firewall - off. This - of course - is not ment to be but I just want a home lab, not a fort knox.
TL;DR: Should I go for another server OS for my home lab? Is there maybe guidance to have a less hardened fedora server?
Good point about the RHEL subscription. I have one for the free 16 server installs and have also benefited from the KB articles and community (even though I have a subscription for work also).
The only caveat I see with the RHEL subscription is the subscription enrollment and re-enrollment on a yearly basis. It can be annoying. Whereas with AlmaLinux, and the others mentioned, you don’t have to worry about enrolling. @dorfed I too disable SELinux and the firewall for my home lab. Even though there are those that scoff at me, I prefer Docker instead of Podman (right now) for my containers. I just stick with what I know. However, these server suggestions are pretty much the same as Fedora Server in that they would be just as securely hardened. And truthfully, most, if not all, server distributions will always be secure and hardened. It’s just a matter of configuring the security features to your needs to accomplish required server tasks.
Thanks for the answers. I guess fedora is just the wrong OS for my needs. I’ll turn to - as someone snotty commented - a “unsafe by design” system. I just want to get things done.