Ultimate Linux on the Desktop
Over the past couple of years I have set out to create the ultimate Linux on the desktop experience for myself. Obviously everyone who runs Linux has their own opinions on things. What this post will outline is my ultimate Linux on the desktop experience. So just remember that before you get your panties in a knot on HackerNews because you live and die by Xmonad (I live and die by i3, fight me).
I used to use Debian as my base OS but I recently decided to try and run CoreOS’ Container Linux on the desktop. Container Linux is made for servers, so obviously it doesn’t have graphics drivers. I added them and made a few other horrible tweaks that I’m sure would make some people at CoreOS cringe. I am not proud of these things but overall it worked!
Mostly the changes for graphics drivers were the same
exact changes you would make installing Gentoo on your host: setting
VIDEO_CARDS="intel i915" in
sys-kernel/linux-firmware etc, etc.
Then I cut out the things I don’t need that only pertain to if you are using
Container Linux on your server, cluster management tools, support request
tools (lolz) etc. These were all pretty simple changes that I made to a new
ebuild that I cloned from the
Let me go over some of the benefits I get from using CoreOS’ Container Linux as my base OS.
I can build my own images, it’s Gentoo and I know
emergeso I can customize the base anyway I want.
CoreOS’ Container Linux uses the same auto update system as ChromeOS, which is all based on Google’s Omaha. So all I need to do to have auto updates for my OS is continuously release the modded version of Container Linux to an Omaha server, which I will host. (Yes I know I am insane to go through this much effort for my own laptop but whatever.)
The filesystem is setup perfectly for running containers, there is a read-only
/usrand a stateful read/write
/. The data stored on
/will never be manipulated by the update process. Plus since
/usris read-only it really forces you to run everything in containers.
My hardware has TPM capabilities so I get Trusted Computing through Container Linux.
X11 & Wayland
Currently this setup is using X11 but that is not the goal in the future. I plan to move it over to Wayland after the port of i3, sway, is feature compatible with i3. It’s really close to done so I can try it out currently.
This would eliminate all the problems with X being the worst, something something keylogging blah blah blah. I’m not going to go into more detail now because this is not meant to be a rant.
Everything in Containers
I already mentioned my two other blog posts on running desktop apps with Docker and Runc, but on this laptop I wanted something better.
You see the problem with both Docker and Runc as they are today is that they must be run as root. And I’m not talking about the process in the container. I’m talking about the container spawner itself.
I outlined the future of Sandbox Containers and there are patches to Runc to enable rootless containers. If you want to know more you should also watch Aleksa Sarai’s talk. On this laptop I am only using rootless containers.
So overall everything runs in containers, I can automatically update my operating system, and the containers are NOT running as root on my host. This is the dream and reality.
If you want to know all the stuff about what laptop I use you should checkout my uses this interview.