Hello everyone! 
I divided the post into two parts:
- overall context (totally optional, but I fell it may be interesting/inspiring for some people),
- specific question that I have at the moment (feel okay to jump straight to this section).
1. The context:
I am planning to run a small server at home with a few independed applications for my personal usage.
I believe in keeping strict security boundaries in the software as an extra layer of security in case something is compromised. This is why:
- I would like to keep the applications isolated from each other. I think Type-2 hypervisor would provide me a satisfactory level of isolation here.
- in case the application consists of several components (such as HTTP server, database, etc.), I would also like to isolate them from each other. Here I think container-based virtualization will be satisfactory.
As for specific software, on the server I would like to install Proxmox VE. It will be used only for:
- the management of virtual machines,
- and their backups.
Proxmox VE is based on Debian stable, which I perceive as a good (good enough for me) base for secure OS due to its relatively old (so very well tested) packages. It is important especially in case of the “host” operating system (as compromising it would effectively compromise all the apps).
I am planning to run specyfic applications inside Proxmox VE’s Qemu/KVM virtual machines.
Here is the same on a diagram for visual learners:
I would like to choose a guest operating system (an operating system for virtual machines) on which I will run containerized applications. I would also like to choose a method by which I will manage these containers.
Requirements relevant in the context of this post:
- I’d like to keep the operating system and containers with components up-to-date (to fix security vulnerabilities and bugs as soon as possible). In practice, it means the upgrades has to happen automatically.
Note: I accept rare failures caused by automatic upgrades (as I belive I will be able to maintain easily-recorvelable backups of VMs at Proxmox VE level), - I would also like to keep “infrastructure as code”, meaning I would like to keep track of the whole configuration. In practice, I want to store everything what is needed to provision the guest OS (with containers) from scratch using a version control system.
So far, I was considering using Ansible scripts to provision Debian with containers managed by Docker Compose and some small custom script automating regular system and container updates.
However, while doing my research, I came across Fedora Core OS (stable stream). It seems to be a potentially a great fit for my needs, as It seems to:
- be provisioned by nature with “infra as code” in mind (stored in Ignition files) and focused on keeping storage immutable (which is a nice bonus),
- focused on automatic upgrades of the OS and containers (if I understood correctly).
Beyond my requirements, I like that it seems to be a minimal operating system (as I perceive fewer packages as a smaller attack vector and less resource consumption at the same time). One (acceptable) downside is that it has newer (potentially less tested) packages than Debian.
It all leads me to the preliminary conclusion that Fedora Core OS may be a good choice for a guest OS on my server. Now I would like to understand which method of provisioning is best for me.
2. Question
I can see Fedora Core OS uses partially immutable storage.
At the moment, I think I only need a mutable storage for:
- volumes of the custom containers that I will run,
- logs (alternatively I could stream the logs to other place over the network).
I am wondering which option should I choose:
a) Running Fedora CoreOS directly from RAM from a boot image built using --live-ignition flag with:
{
"ignition": {
"config": {
"replace": {
"source": "https://raw.githubusercontent.com/.../coreos.ign"
}
},
"version": "3.3.0"
}
}
I belieive, it would let me simply re-provision the machine simply be changing the ignition file on GitHub and rebooting the virtual machine - which seems very nice 
The actual ignition file stored on GitHub, would need to define a partition for mutable storage (shared between reboots/upgrades) for volumes assosiated with custom containers I am going to run (and maybe for logs as well).
Downside:
- My understanding is that this solution does not provide me automatic upgrades of the OS and containers. So, I would need to take care of automation (that would be a script executed on Proxmox VE) that will regularly rebuild the image and restart the virtual machine. Not sure how often would I need to run it to keep the software fresh (once a day?).
b) Install Fedora CoreOS on disk using a ignition file containing the full config
If I understand correctly, this solution comes with an automated upgrades of the OS and all the containers.
Downside:
- Won’t re-provisioning the machine be more troublesome? Ie. every time I changed the ignition config, I would have to reinstall the OS. However, I assume I could leave the disk/partition with volumes assosiated with my custom containers untouched and keep it between re-provisionings.
- It seems that the whole /var/**/*` will be mutable. One one hand, it’s not a problem, but on the other hand I am not sure if I need it to be muttable.
Question:
Would you recommend me more which of these two options? I am not very familiar with Fedore CoreOS yet, and I don’t know if any of the options are more used in practice, etc.
My intuition is that option B is the way to go, but I wondering what will you say.
Thank you 