it's the same idea, done slightly differently because with fedora you can start from their own atomic images and change them a bit. the setup is much easier and probably more robust because it feels less like a hack. ironically, my intermediate step between silverblue with layered packages and vyy was similar: https://github.com/myyc/silverpurple/ – using bluebuild instead of containerfiles.
exactly. plus i mean, this particular build is quite boring because it's, like i said, silverblue. vanilla gnome and all that. but one can go quite wild and make vastly different builds. building locally takes very little since it's basically decompressing a bunch of packages, moving some files around and building an initramfs, so the infrastructure one actually needs is minimal (especially if said upgrades happen silently).
i must say that even though this tech has been around for a while it's still very much WIP. much of the ostree command line is undocumented, some commands are hidden and even though there is significant overlap between rpm-ostree, ostree and bootc, they do quite different things and some things are easy with one tool and outright impossible with the other. but personally i think this is the future of "mainstream" linux, and even though "immutable linux" has been often associated to locked platforms (e.g. android), it's been fun to showcase how you can do it yourself too, with whichever distro you like.
this one technically doesn't have an ostree server because it would require dedicated infrastructure, but if you decide to either try out images (they're in ghcr) or fork the project and build your own, you can schedule nightly builds (as it's being done now) and use bootc rather than ostree. the problem is that you'd always have to pull a 2GB image rather than incremental updates.
regardless of firewalls and best practices and all, i'd just put all sorts of admin-related stuff behind tailscale (or similar), including ssh. hetzner allows you to have ssh closed in your public ip and still open a terminal via the console if ssh-on-tailscale fails. for the web stuff you should do a similar trick. blog and public websites on the public address, while admin stuff goes on tailscale. and if you do it nicely with letsencrypt you can even have nice hostnames pointing to your private stuff.
regardless, kindle books can be cracked. not the easiest thing ever, but it's doable. cracking ADE books is much, much easier. i crack all my ebooks because otherwise i can't read them in my ereader
i am not sure why everyone (comments, this post, etc.) assume there is a one-size-fits-all solution to every problem, even this one that looks quite simple. companies have to align a few things, ranging from the skills of the current employees, hiring plans, investor/shareholder management, or how to make sure the CEO really gets that boat he really wants and deserves.
not all businesses are the same. businesses with fat contracts but few users won't have massive operating costs, and they can use whichever easy and non-scalable technology they want, because once the business scales up, those fat contracts will pay for enough data engineers. a gaming startup will face high server costs right away, without any optimisation, while data platforms (e.g. bigquery) with a tiny bit of optimisation (materialising 2-3 summary tables, for example) will bring the cost down to "laughable" pretty easily.
it is true that many of these things are choices, e.g. do you really want to spend a shit ton of money for looker when superset for most users is just as good? are you even able to make that choice? if these choices are hard to make because a potential user (or set of users) in the company really wants something instead of something else, well, that is not a technical choice, and the issue you have has nothing to do with the technology.
