From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id EC6B115800A for ; Sat, 29 Jul 2023 07:06:47 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BC199E0B01; Sat, 29 Jul 2023 07:06:42 +0000 (UTC) Received: from mail.digimed.co.uk (mail.digimed.co.uk [82.69.83.178]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 14778E0AF6 for ; Sat, 29 Jul 2023 07:06:42 +0000 (UTC) Received: from digimed.co.uk (shooty.digimed.co.uk [192.168.1.4]) by mail.digimed.co.uk (Postfix) with ESMTPS id 1A18D19131E for ; Sat, 29 Jul 2023 08:06:41 +0100 (BST) Date: Sat, 29 Jul 2023 08:06:40 +0100 From: Neil Bothwick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Simple installation on BTRFS Message-ID: <20230729080640.5d048a60@digimed.co.uk> In-Reply-To: <3497631.V25eIC5XRa@lenovo> References: <2203025.72vocr9iq0@lenovo> <20230727183011.286ac0e7@digimed.co.uk> <3497631.V25eIC5XRa@lenovo> Organization: Digital Media Production X-Mailer: Claws Mail 4.1.1 (GTK 3.24.38; x86_64-pc-linux-gnu) X-GPG-Fingerprint: 7260 0F33 97EC 2F1E 7667 FE37 BA6E 1A97 4375 1903 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/CRSiPnre+dmghwjup7Smuhn"; protocol="application/pgp-signature"; micalg=pgp-sha256 X-Archives-Salt: 3d0f7925-b004-40e6-841d-56ff1a0be1c8 X-Archives-Hash: 70de3e74140e5520ef392f202c1a9a9a --Sig_/CRSiPnre+dmghwjup7Smuhn Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Fri, 28 Jul 2023 14:57:25 +0100, Michael wrote: > > I too put everything on subvolumes, and set the one containing / to be > > the default when mounted without a subvolid. =20 >=20 > When you say "everything", do you include temporary and virtual > filesystems too (e.g. /sys, /proc/ /tmp, /run), or do you place these > in hierarchically lower subvolumes so they are not backed up? Everything but virtual filesystems, they are still virtual. > Also, how do you treat /var/db and /var/cache/distfiles? /var/db is just a directory on /var. I have $DISTDIR on an NFS mount, so I can share it with all clients. > How much space do you allocate for snapshots and at what point you > start moving/deleting older snapshots? You don't allocate space for them, at least I don't.=20 I take snapshots every 15 minutes, keeping 5. Then hourly snapshots, keeping 25, daily snapshots keeping 8, weekly keeping 6 and monthly snapshots that I clean manually as space requires. > I have one SSD and a larger spinning disk. I have a separate partition > on the SSD for /home, so I could put dm-crypt on this partition alone > and afford some basic security for personal data against opportunistic > theft. No RAID on this box, unless you suggest to create a RAID 1 with > two partitions, in case the SSD cells go wrong on one of them? >=20 > Without RAID things should be simpler with block device level > encryption for / home. But, ... will this work without an initrd? The > unencrypted rootfs will be mounted before /home. You should only need an initrd if / is encrypted. I encrypt everything except /boot and dracut handles decrypting via an initrd easily. > I am also not clear on steps I would need to follow in recovery > operation scenarios and what I must have available to achieve this. It > is not as simple as booting with any ol' liveUSB to try to access an > unecrypted drive/ partition. I'll need dm-crypt and cryptsetup, or > ecryptfs-utils and some familiarity with these tools, if I'm not > reading off my exceptionally well structured notes I had the > premonition to put together BEFORE the drive went south. ;-) systemrescue has all those tools, plus a web browser so you can work out how to use them :) --=20 Neil Bothwick "There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult" -C.A.R. Hoare --Sig_/CRSiPnre+dmghwjup7Smuhn Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEGfLZTV7dXdQXh/dDdCdyyQfftocFAmTEuoAACgkQdCdyyQff tofjvg//c7VXyr/dmccDDGea9a1TMMr8fL+yzB6QqqPy9dnJRsC55OytO58nVyhy p6im+JoeBT9Wdjf0OiQXa904BzDsIBYXl+SqVXw3ex1zw6G3Pvf2FcaMfX/VFhYb vKpSsxJ2df9Cenu+Qin8F4b5a/mjz7iXGpw60ttQDow6tknzvTgiKBTWjY10uZnS KlBv2o9Ezt3UspLCubzcv1t39OU/33vfh4s5CWrXYksB+5Fx4BuGsvbK3LF0fauf iJ5ZTT6QNHoLJ+jWzvCqvZo3FbVAJIkaWKZX50wRWKmFSI9Z8Cjrek5gBaEJXQ8T ynp6/k57eXsiko1N7w2XFzZQ/jlNyl1l2s80mVBkcB0W0DRqQkeWLUAkfu7oEc89 5Le/hRUAeNkLz2thkWl7J/7yWSP52CHgDVozkXhEV59y6OTLKF9fUlhk9m+3T7KJ 9GOE/5fRcalfFBg68U7kRjx1sRg/5uCRaA000s6XlwCr03C/41flOhu75yUgAPsu VSlIAPyrNL+QeD1rMfVirxmSaaeY7oRyWPpSULYFMm+GPj/Ogz9qwJEZXUohDRQ7 JQQDf+xo/MPDyik+FsbBx3iU1RA1dqQMl6GrRJJd7tVucfNCdLDNhOvt5nQ9rrUK kkNdSQI0g8xVi1mMZj2unBlYonr2/XbjO1p3CtL/fo50G1kINJI= =xbfW -----END PGP SIGNATURE----- --Sig_/CRSiPnre+dmghwjup7Smuhn--