From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 66E831584AD for ; Wed, 07 May 2025 19:14:11 +0000 (UTC) Received: from lists.gentoo.org (bobolink.gentoo.org [140.211.166.189]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) (Authenticated sender: relay-lists.gentoo.org@gentoo.org) by smtp.gentoo.org (Postfix) with ESMTPSA id 2EE2F3430CE for ; Wed, 07 May 2025 19:14:11 +0000 (UTC) Received: from bobolink.gentoo.org (localhost [127.0.0.1]) by bobolink.gentoo.org (Postfix) with ESMTP id 61D201104B7; Wed, 07 May 2025 19:13:09 +0000 (UTC) Received: from smtp.hosts.co.uk (smtp.hosts.co.uk [85.233.160.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bobolink.gentoo.org (Postfix) with ESMTPS id 41AB3110278 for ; Wed, 07 May 2025 19:13:07 +0000 (UTC) Received: from host86-158-182-58.range86-158.btcentralplus.com ([86.158.182.58] helo=[192.168.1.65]) by smtp.hosts.co.uk with esmtpa (Exim) (envelope-from ) id 1uCkCX-000000000YG-9q6w for gentoo-user@lists.gentoo.org; Wed, 07 May 2025 20:13:06 +0100 Message-ID: <1d794c1c-22f3-43d8-bd24-51c3d4cf5154@youngman.org.uk> Date: Wed, 7 May 2025 20:13:05 +0100 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [gentoo-user] Help with re-partitioning disks To: gentoo-user@lists.gentoo.org References: Content-Language: en-GB From: Wol In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Archives-Salt: 7c671ed9-6ea8-4bf9-9046-e734856e32ac X-Archives-Hash: c3ed771ec3afa0612a7d1bc223e52434 On 07/05/2025 17:39, Anna wrote: > Hi! I'm not satisfied with my partition layout, so I'm considering > changing it. It currently looks like this (/dev/sda and /dev/sdc are > SSDs, /dev/sdb is HDD): > > $ lsblk -A -o NAME,MODEL,SIZE,FSUSED,MOUNTPOINT,FSTYPE > NAME   MODEL                       SIZE FSUSED MOUNTPOINT   FSTYPE > sda    Samsung SSD 850 120GB     111,8G > ├─sda1                             128M    36M /boot        vfat > ├─sda2                              45G  40,1G /            ext4 > └─sda3                            66,7G  50,5G /home        xfs > sdb    SAMSUNG HM321HI           298,1G > └─sdb1                           298,1G  13,1G /mnt/storage ext4 > sdc    Micron_1100_MTFDDAK256TBN 238,5G > promise_fasttrack_raid_member > ├─sdc1                            39,1G  27,3G /var         xfs > └─sdc2                           199,4G 144,5G /home/cyber  xfs > > It's currently full of ugly workarounds: at least 20G belong in /var > rather than /home. > Hmmm... > My wishes for the new layout are: > > * Encrypted /home partition. The rest of the system should stay > unencrypted so it could be restarted by someone else without my > intervention. > >   Though if /home is not decrypted right after reboot, it will lead to >   failed mail delivery to maildirs, until I decrypt it. Two points here. Firstly, is one of your big disks one of these that self-encrypts? I'd make that drive a single /home and that's it. And why would that mess up mail? Run something like dovecot and/or some mailserver which dumps everything into /var. Then stuff only ends up in ~/mail or whatever once you log in. > > * Flexibility. I don't want to face this ugly situation again. > A big / and nothing else isn't a good idea. I've filled up root before and it's not a good place to be. >   If I had only one disk, I'd just make one big root partition. But > there are two SSDs, and I could need more than the smallest (111,8G) > disk allows to fit. I could combine them into singe logical partition > using LVM. So, I'd take the smallest disk, and make it /efi (or /boot) and /. I'd also disagree with Eli about a tiny /efi. If you want to multi-boot you'll be up a gum tree (yes, you can have multiple efi partitions blah blah blah, but - I think it was SUSE - defaulted to a tiny efi and I had to wipe and rebuild the laptop). Make /efi about 512MB. The rest of it will make a big / partition. > I'd then make the largest disk /home, and the middle one /var. Tell portage to put all its temporary files in /var. So now / is pretty much immutable, /home is a decent chunk of space, and if things do go wrong, it's /var which is going to crash. And actually, that's not really a problem. A pain, yes, but ... >   If I decide to proceed with LVM, XFS will be a bad choice because it >   cannot be shrinked. So I'll need a different filesystem, like ext4, >   Btrfs or maybe even ZFS? > > Booting without initramfs will not be possible anymore, so I'll likely > need more disk space (how much?) for /boot, which can not be a logical > partition if I wish to continue using EFI stub kernels. Just put the full kernel in /efi. I think an efi grub will quite happily boot a complete compressed kernel that you can store in /efi - another reason for wanting a larger /efi. Or you can put a full kernel and initramfs and everything in your "stub kernel". There's options. > > And the last question: is there point in Secure Boot without FDE? > Full Disk Encryption? What's the connection between Secure Boot and FDE? There's none unless you want it. Secure Boot guarantees that your kernel is what you think it is - that your system isn't compromised. If Secure Boot fails you've lost anyway. Then FDE guarantees that someone can't just boot your system and access your /home - a completely different kettle of fish. Or of course, going back to disk space and "having just one disk", how much would it cost to replace all those disks with a single, *larger* disk. I think a 1TB SSD is about £100? Not that expensive. Cheers, Wol