From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id D0E0215800A for ; Thu, 27 Jul 2023 17:30:23 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D1FB6E09B1; Thu, 27 Jul 2023 17:30:17 +0000 (UTC) Received: from mail.digimed.co.uk (mail.digimed.co.uk [82.69.83.178]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 7708BE09A2 for ; Thu, 27 Jul 2023 17:30:17 +0000 (UTC) Received: from digimed.co.uk (shooty.digimed.co.uk [192.168.1.4]) by mail.digimed.co.uk (Postfix) with ESMTPS id EA62E33E34 for ; Thu, 27 Jul 2023 18:30:15 +0100 (BST) Date: Thu, 27 Jul 2023 18:30:11 +0100 From: Neil Bothwick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Simple installation on BTRFS Message-ID: <20230727183011.286ac0e7@digimed.co.uk> In-Reply-To: <2203025.72vocr9iq0@lenovo> References: <2203025.72vocr9iq0@lenovo> Organization: Digital Media Production X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; x86_64-pc-linux-gnu) X-GPG-Fingerprint: 7260 0F33 97EC 2F1E 7667 FE37 BA6E 1A97 4375 1903 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/PJ1+vc39dKZFBKckYTxAKlB"; protocol="application/pgp-signature"; micalg=pgp-sha256 X-Archives-Salt: 730b5dc6-f15e-4bac-bc5a-945c496930d3 X-Archives-Hash: 82d2b8d34007db72ce862d8891caa231 --Sig_/PJ1+vc39dKZFBKckYTxAKlB Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Thu, 27 Jul 2023 17:18:14 +0100, Michael wrote: > Although I've been using btrfs for the best part of 10 years I have not > really done justice to it, because I have neither explored nor used > enough most of its features. I am now thinking of installing Gentoo on > btrfs again, but this time I want to optimise the structure of btrfs > subvolumes, to simplify snapshots and backups. >=20 > I see Ubuntu and derivates install the OS root fs under btrfs subvolume > "@" and /home under subvolume "@home". This makes storing snapshots of > the two subvolumes under the btrfs top-volume, which remains unmounted, > cleaner and reduces the chance of mixing up the fs you may end up in > and operate on (live, or snapshot). >=20 > I have 3 partitions for /boot(ESP), / and /home, but have not yet > created additional partitions for general data storage and backups. >=20 > What's your recommended approach and subvolume structure for the > deployment of btrfs on Gentoo for a personal PC, if the primary > objective is simplicity in maintenance, combined with ease of fs > recovery? I too put everything on subvolumes, and set the one containing / to be the default when mounted without a subvolid. > Any gotchas I should be mindful of? >=20 > Your favoured snapshot/backup strategy? I have a script, I can share it with you if you don't criticise my coding, that creates and destroys snapshots from cron. Based in principle on zfs-snapshot but written from scratch. > The impact of autodefrag on VM performance is noted, but then the > example given proceeds to mount a subvolume for VM storage with > 'autodefrag'. :-/ I disable COW on the subvolume containing my VM disk volumes. > Encryption is mentioned for VMs "... if the VM uses drive encryption, > the whole compression strategy gets blown out of the water" but doesn't > mention what type of encryption, or why/how this presents a problem. >=20 > Given btrfs does not offer fs level encryption, what could/would work > to encrypt a subvolume, *without* requiring an initrd, or the > introduction of encryption becoming orthogonal with snapshots and > backups? I am not clear on the best strategy and components to achieve > this. I'm also concerned of introducing an additional complexity layer > in trying to recover btrfs when/if fs corruption creeps in. The lack of encryption is a problem. You have to encrypt the block device(s) containing btrfs, which means you will need an initrd. It also means each component of a RAID is encrypted separately. so I only use encryption on laptops. The alternative is to use ecryptfs for individual subvolumes or directories. --=20 Neil Bothwick If you got the words it does not mean you got the knowledge. --Sig_/PJ1+vc39dKZFBKckYTxAKlB Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEGfLZTV7dXdQXh/dDdCdyyQfftocFAmTCqaMACgkQdCdyyQff todhVA/6A0mtbYB9ecRmULf3Hbd6HrBfhE2hiz1MSjNIIHjE73rtsuLazRJOqleC P6abvZ1de1MpG1Si0+H79ievcQ+/dopPEgTFZ/CtDHn19yS1KzLOGNSAgjrEtvac D6Byk7ToQIyc71hrMLRgu4m9ruUGwMhlqaZdNd8EANAyXLNrEVpmMBPvBA9QvUFd mVboX8l4zKIR5HRIW9LODge8TqmS55Rti/A50RPSswZxt/1j7Zy/Igj2e14g0kfg GeBR2XkOwZJOau4UbZJ7dzPm3BqN4RG/Kb9QAhFISgKWrOpeaED6KjSaUByie+ma hO3xs6LU1BfsDD2zUZ/BVE5nVNbquB88GNLA8kMmAR+AzuhVR/Lnjsei/WGkOFwU dvJSP/nyfYSWfP46N668OoKn/XbINFTgZvK02iQnZLfMQqNmOnoU6JUY9O5O0O6t 08doMVVDHojDLaGCl1JJsrB0UaYsCwV11T1VdL17LSbfXyKwbT5Jt0iJHMB02FRD r25Ft7L3JMeXKFxFsEQCVolSZaBNkodIfXZENuoblRNMJ4Cb5lpDoRUVmr1KcYy1 S2MLfVbmX4UHGvpdu6152L4mnnXXymYbMib9tdXRhjyHBuDQO/oMTC/XWPRTspMc /O/cCg9KINA+svyyJFHIIJPL2+jQCGbvHrGKGx5sTurCl/6wxPU= =Rcvn -----END PGP SIGNATURE----- --Sig_/PJ1+vc39dKZFBKckYTxAKlB--