TE
TechEcho
Home24h TopNewestBestAskShowJobs
GitHubTwitter
Home

TechEcho

A tech news platform built with Next.js, providing global tech news and discussions.

GitHubTwitter

Home

HomeNewestBestAskShowJobs

Resources

HackerNews APIOriginal HackerNewsNext.js

© 2025 TechEcho. All rights reserved.

Ask HN: What's a good Linux OS and setup to build a dev “network” on my laptop?

15 pointsby zodzedzialmost 2 years ago
I have a new lightweight laptop with 16 GB of RAM, decent SSD space, and an i7 CPU.<p>And I would like to setup a few systems on it, to have &quot;everything&quot; with me as I move around while disconnected.<p>I&#x27;m looking for recommendations and ideas into how to set this up.<p>Examples of these systems would be:<p>a) A headless server with a dev stack: runs a build workflow, a web server, etc.<p>b) A stable &quot;production&quot; version of server (a)<p>c) A &quot;desktop&quot; dev environment: IDE, language&#x2F;tools-rich<p>d) A &quot;basics&quot; desktop environment for non-tech work: office tools, maybe some media editing (even blender 3d if feeling lucky)<p>They won&#x27;t all be running simultaneously.<p>I haven&#x27;t worked on the OS systems and platforms level since a past life. I don&#x27;t know much about virtualization&#x2F;containers&#x2F;etc, but I&#x27;m good with networking fundamentals, and I&#x27;m willing to learn any old&#x2F;new tech.<p>Ideally:<p>1. The host OS is minimal (i.e. can only keep the core packages I need), and driver-friendly so the core hardware (compute&#x2F;graphics) is efficiently accessible to each guest OS.<p>2. I can network the different &quot;machines&quot; together; so the dev desktop can use the dev server&#x27;s API, and the basics desktop accesses the apps on the production server in its browser.<p>3. I can pull data from each system out into the host OS for data backups.<p>4. I can restrict network&#x2F;internet access from&#x2F;to any of those systems, from the host OS.<p>5. All systems are open-source, can work completely disconnected and do not phone home in order to function.<p>Thankful for any experience you can share.

11 comments

jefuriialmost 2 years ago
I&#x27;ve been doing my work in VMs running on my local for a long time now and it works great. I got started because I wanted my development environment to be a close match for my stage and production.<p>For a long time I ran VirtualBox guests on a laptop host running Debian or Ubuntu. VB is great especially if you&#x27;re getting started with virtual machines, it has a GUI and things are easy to understand. I used a host-only network to keep traffic inside my laptop.<p>If you&#x27;re going to edit code inside a VM you&#x27;ll need an IDE that can handle it. Emacs with tramp has served me well for years. IIRC with VSCode you have to install a server on the VM.<p>I do web development so I&#x27;ve never felt the need to run desktops inside VMs. It&#x27;s nice to have some separation between work and stuff like HN but Gnome workspaces gives me just enough.<p>A couple years ago I levelled up and switched to KVM on a headless Debian box. This system uses bridge networking with DHCP from my router, and I use Tailscale to access my VMs from outside my LAN. You can use virt-manager (which also works for VirtualBox) but I mostly use the libvirt CLI tools and cockpit&#x2F;cockpit-machines if I need something a little more visual. Caveat: I don&#x27;t know how KVM would handle suspend on a laptop.
LinuxBenderalmost 2 years ago
It sounds like you are describing QubesOS [1] I&#x27;ve used it with 16 GB of ram just fine provided each VM does not need a lot of ram. Here [2] are some screenshots and show how networks and firewalls are presented and a video walk-through [3]<p>[1] - <a href="https:&#x2F;&#x2F;www.qubes-os.org&#x2F;intro&#x2F;" rel="nofollow noreferrer">https:&#x2F;&#x2F;www.qubes-os.org&#x2F;intro&#x2F;</a><p>[2] - <a href="https:&#x2F;&#x2F;www.qubes-os.org&#x2F;screenshots&#x2F;" rel="nofollow noreferrer">https:&#x2F;&#x2F;www.qubes-os.org&#x2F;screenshots&#x2F;</a><p>[3] - <a href="https:&#x2F;&#x2F;www.youtube.com&#x2F;live&#x2F;hkWWz3xGqS8?feature=share&amp;t=849">https:&#x2F;&#x2F;www.youtube.com&#x2F;live&#x2F;hkWWz3xGqS8?feature=share&amp;t=849</a>
评论 #36450757 未加载
blablabla123almost 2 years ago
For an off-the-shelve solution there is Qubes but from what I&#x27;ve heard it&#x27;s probably quite a pain to use unless you&#x27;re comfortable debugging Linux desktop and driver problems in particular. Generally KVM&#x2F;libvirt is nice because it&#x27;s fast and can be set up transparently and networking can be customized in any possible way. (It might also be possible to get GPU Passthrough working with KVM but I think this only works if you have 2 GPUs)
dyingkneepadalmost 2 years ago
It really depends on why you want to have separate environments. What&#x27;s the thing you&#x27;re trying to avoid here?<p>Anything that requires graphics is much more efficiently done in the Bare Metal machine. You can have a separate user for those or some other kind of abstraction that&#x27;s not a virtual machine.<p>You can also use Network Namespaces directly, using &quot;ip netns&quot; or even cgroups. That way you can run every single program natively, but have multiple network environments for them.<p>You can go for the jails-style containers where you also run everything natively but on a different chroot, without having a Kernel running on top of a Kernel. For this I recommend creating a chroot with debootstrap or febootstrap and then launching it with systemd-nspawn.<p>You can also have specific applications running on their own &quot;jail&quot; with &#x2F;usr&#x2F;bin&#x2F;firejail.<p>Now if you want even stricter separation you&#x27;ll have to go with full virtualization (guest Kernel running on top of Host Kernel). This is much worse in terms of efficiency of used resources, but gives you the most separation from one thing to another. For that you can use virt-manager or just Virtualbox.
robert_fossalmost 2 years ago
I think Debian for all of these usecases. Or Ubuntu.
gitgudalmost 2 years ago
If I understand the question correctly, you’d like to build a networked system entirely on a single machine.<p>If this is the case, then I’d recommend trying docker-compose. It’s quite an easy little system to get up and running, just need a single file to declare different containers and their relationships. Then just run “docker-compose up&#x2F;down” to spin up and spin down the network.<p>The beauty of this is that it can run on extremely barebones Linux distributions, as it’s all container based.<p>It’s a great starting point anyway, and I’m sure there’s many alternatives now that use a similar api
mindcrashalmost 2 years ago
Have you considered devcontainers?<p>Its use results in carrying entire development environments with you, and because it is using containerization these will not clutter your host OS.<p>Using DevPod (<a href="https:&#x2F;&#x2F;devpod.sh&#x2F;" rel="nofollow noreferrer">https:&#x2F;&#x2F;devpod.sh&#x2F;</a>) you are not locked into Visual Studio or Visual Studio Code, but you can use whatever tool you want.<p>IMO this kind of setup will provide a much better DX than running a bunch of VMs eating away the resources of your laptop.
entropicgravityalmost 2 years ago
I use Linux Mint for a similar host set up. Its worth it to move away from virtualBox to the open source versions as I did recently, KVM etc.<p>There are quite a few paper cuts in setting it up the first time. I recall it took about five hours before I finally had my first VM in the right place, with right size of disk space and ram and the version of linux I wanted. But after the learning curve it becomes very easy. Honest :)
wesapienalmost 2 years ago
I&#x27;ve been using Fedora since 30 and it has been a very good OS. Install the dnf group for virtualization and you got a KVM host that let&#x27;s you play with VMs and LXC. There is also a dnf group for containers.
iam-TJalmost 2 years ago
I have something similar and have had for several years. Just needs a recent-ish kernel and decent distro!<p>I try to avoid virtual machines unless there is an absolute need to virtualise the hardware as well - in most cases single kernel, multiple containers is preferred.<p>Specifically, I use Debian with systemd-nspawn unprivileged (user namespaced) containers (managed by machinectl), defined and built using mkosi as BTRFS subvolumes (a BTRFS mounted on &#x2F;var&#x2F;lib&#x2F;machines&#x2F; allows nspawn to create copy-on-write containers from a &#x27;template&#x27; container).<p>The nice thing about nspawn is being able to create simple declarative configurations with private namespaces. With a private network namespace it has the concept of &#x27;zones&#x27; which are containers that share the same (private) bridged network. systemd-networkd has built-in configs for both the host and containers to do automatic configuration.<p>I use this to create per-domain (e.g. example.com) zones with multiple function-specific containers (one for router&#x2F;firewall, another for DHCP and DNS, others for single-sign-on, database, web, mail, and whatever else is required). I use veth to connect the zone selectively to the host interface public bridge interface providing external access if necessary.<p>This allows &#x27;development&#x27; &#x27;test&#x27; and &#x27;production&#x27; domains using mkosi to define and build each repeatedly as needed. In the non-public domains the zone can be configured to use the same public IP addresses as production will use without it leaking outside the zone.<p>I use IPv6 only in the zones with both ULAs and global prefixes and DNS64&#x2F;NAT64 in the &#x27;router&#x27; container if the zone needs to make outbound connections (to IPv4 destinations).<p>I use netfilter rules applied to each zone&#x27;s bridge interface to impose firewall restrictions.<p>Using veth pairs one can connect two containers (or zones) directly rather than using the common zone bridge interface.<p>I do dev work on the host itself; if you want to partition application usage I&#x27;d suggest keeping it simple by using multiple user accounts, one per &#x27;task&#x27; so $USER configs and so on are all kept separate.<p>In the &#x27;development&#x27; containers I do things like bind-mounting the base source-code directory, or project-specific directory, into the container. I do all source-code work on the host but build and test in the appropriate container.<p>For example I have &#x27;linux-builder&#x27; container where I do out-of-tree kernel builds for multiple architectures. The container has the required crossbuild tools installed. Recently this has been used to build latest mainline kernel for amd64, arm64, and powerpc64 (for the Xbox 360!).
rvzalmost 2 years ago
Windows Subsystem for Linux.<p>Best &#x27;Linux distro&#x27; for Windows.