From: Wol <antlists@youngman.org.uk>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Help with re-partitioning disks
Date: Wed, 7 May 2025 20:13:05 +0100 [thread overview]
Message-ID: <1d794c1c-22f3-43d8-bd24-51c3d4cf5154@youngman.org.uk> (raw)
In-Reply-To: <aBuM0wf559HAtq0n@sysrq.in>
On 07/05/2025 17:39, Anna wrote:
> Hi! I'm not satisfied with my partition layout, so I'm considering
> changing it. It currently looks like this (/dev/sda and /dev/sdc are
> SSDs, /dev/sdb is HDD):
>
> $ lsblk -A -o NAME,MODEL,SIZE,FSUSED,MOUNTPOINT,FSTYPE
> NAME MODEL SIZE FSUSED MOUNTPOINT FSTYPE
> sda Samsung SSD 850 120GB 111,8G
> ├─sda1 128M 36M /boot vfat
> ├─sda2 45G 40,1G / ext4
> └─sda3 66,7G 50,5G /home xfs
> sdb SAMSUNG HM321HI 298,1G
> └─sdb1 298,1G 13,1G /mnt/storage ext4
> sdc Micron_1100_MTFDDAK256TBN 238,5G
> promise_fasttrack_raid_member
> ├─sdc1 39,1G 27,3G /var xfs
> └─sdc2 199,4G 144,5G /home/cyber xfs
>
> It's currently full of ugly workarounds: at least 20G belong in /var
> rather than /home.
>
Hmmm...
> My wishes for the new layout are:
>
> * Encrypted /home partition. The rest of the system should stay
> unencrypted so it could be restarted by someone else without my
> intervention.
>
> Though if /home is not decrypted right after reboot, it will lead to
> failed mail delivery to maildirs, until I decrypt it.
Two points here. Firstly, is one of your big disks one of these that
self-encrypts? I'd make that drive a single /home and that's it.
And why would that mess up mail? Run something like dovecot and/or some
mailserver which dumps everything into /var. Then stuff only ends up in
~/mail or whatever once you log in.
>
> * Flexibility. I don't want to face this ugly situation again.
>
A big / and nothing else isn't a good idea. I've filled up root before
and it's not a good place to be.
> If I had only one disk, I'd just make one big root partition. But
> there are two SSDs, and I could need more than the smallest (111,8G)
> disk allows to fit. I could combine them into singe logical partition
> using LVM.
So, I'd take the smallest disk, and make it /efi (or /boot) and /. I'd
also disagree with Eli about a tiny /efi. If you want to multi-boot
you'll be up a gum tree (yes, you can have multiple efi partitions blah
blah blah, but - I think it was SUSE - defaulted to a tiny efi and I had
to wipe and rebuild the laptop). Make /efi about 512MB. The rest of it
will make a big / partition.
>
I'd then make the largest disk /home, and the middle one /var. Tell
portage to put all its temporary files in /var.
So now / is pretty much immutable, /home is a decent chunk of space, and
if things do go wrong, it's /var which is going to crash. And actually,
that's not really a problem. A pain, yes, but ...
> If I decide to proceed with LVM, XFS will be a bad choice because it
> cannot be shrinked. So I'll need a different filesystem, like ext4,
> Btrfs or maybe even ZFS?
>
> Booting without initramfs will not be possible anymore, so I'll likely
> need more disk space (how much?) for /boot, which can not be a logical
> partition if I wish to continue using EFI stub kernels.
Just put the full kernel in /efi. I think an efi grub will quite happily
boot a complete compressed kernel that you can store in /efi - another
reason for wanting a larger /efi. Or you can put a full kernel and
initramfs and everything in your "stub kernel". There's options.
>
> And the last question: is there point in Secure Boot without FDE?
>
Full Disk Encryption? What's the connection between Secure Boot and FDE?
There's none unless you want it. Secure Boot guarantees that your kernel
is what you think it is - that your system isn't compromised. If Secure
Boot fails you've lost anyway. Then FDE guarantees that someone can't
just boot your system and access your /home - a completely different
kettle of fish.
Or of course, going back to disk space and "having just one disk", how
much would it cost to replace all those disks with a single, *larger*
disk. I think a 1TB SSD is about £100? Not that expensive.
Cheers,
Wol
next prev parent reply other threads:[~2025-05-07 19:14 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-07 16:39 [gentoo-user] Help with re-partitioning disks Anna
2025-05-07 17:16 ` Eli Schwartz
2025-05-07 19:13 ` Wol [this message]
2025-05-07 19:53 ` Eli Schwartz
2025-05-07 19:43 ` Anna (navi) Figueiredo Gomes
2025-05-08 1:39 ` Dale
2025-05-08 15:04 ` Michael
2025-05-09 10:10 ` [gentoo-user] " Anna
2025-05-09 20:39 ` Wol
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1d794c1c-22f3-43d8-bd24-51c3d4cf5154@youngman.org.uk \
--to=antlists@youngman.org.uk \
--cc=gentoo-user@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox