Until I am smart enough to run guixSD completely this feels like a decent compromise.
First, last time they had no firewall and the main developer thinks a firewall is not needed. I disagree strongly and won't run an OS w/o firewall. (https://forums.opensuse.org/t/micro-os-suse-aeon-compared-to...)
Second, getting everything from flatpak would be a good idea, if the software I need would be available as certified flatpaks. Downloading random flatpaks is IMHO the same as downloading random executables.
Third, the AARCH64 version is not distributed anymore (this was the version I tried/used), AFAIK because the initial install script could not download the non-existent Firefox for AARCH64 flatpak (thanks Mozilla).
In the end I still like the idea of Aeon and hope they change their positions concerning firewalls. Points two and three are obviously not Aeons to fix, so I hope we as a community (and Mozilla) get there in time.
I suppose I could have use Aeon instead? But I like having OpenSUSE Leap across the fleet too which others doing more heavy lifting.
I've been using ArchLinux for ~14 years now, previous to that I used Slackware and Gentoo. IMO it's better to be simple, yes there aren't any guarantees but worst case scenario I can rebuild, run my install script (which might require a few tweaks if it's been a while since I setup a new system), push new keys etc and then I'm up and running again in ~15 mins. i.e I think it's easier to repair or replace a simple system than it is to try work out how to do novel things on a complicated but safe system.
I intend to try NixOS at some point as a foray into these more complicated but "safer"/transactional/immutable/deterministic systems but I just haven't found the motivation yet.