Hi Antony, Thanks for the feedback. I've been researching a bit myself in the mean time as well but still value additional input from the list.
Antony Stone writes: > On Sunday 24 July 2022 at 05:18:47, Olaf Meeuwissen via Dng wrote: > >> Hi list, >> >> I lost the single SSD on my mini PC and am in the process of rethinking >> its storage. So far, I've got myself two brand new and identical PCIe >> NVMe SSDs (256GB) for use in a software RAID1 setup. I think I need to >> enable UEFI to get access to the BIOS from the GRUB menu. >> >> I want my /home directory on a partition of its own, at a minimum, and >> encrypt it. I don't see a need to encrypt much else as I am not after >> plausible deniability. It's mostly to be able to return a broken disk >> for a replacement and still sleep in relative peace of mind ;-) >> >> I haven't quite made up my mind as to a need for other partitions. I >> use containers and VMs quite a bit. Perhaps these are better stored >> some place other than the partitions for / or (an encrypted) /home. >> >> With 64GB of RAM, I don't see much need for swap. If needed, I could >> always add a swapfile instead of a partition. >> >> Given the above, >> >> - what are your expert(?) opinions on partitioning for this? > > Use LVM on top of RAID - great flexibility, plus reliability. > >> - how do I make (and keep) both disks bootable? > > grub-install /dev/thing1 > grub-install /dev/thing2 > > You can keep /boot as a separate RAID1 (separate from LVM, that is) if you > want to, or you can include it in LVM these days. > > That means you have the grub loader itself, the grub.conf, and the initramfs > and kernel, all replicated on both disks. > > The only part of this you need to remember to do manually is grub-install > /dev/thing2 if there's ever a new version of grub itself. I vaguely recall reading that you could enter a list of space separated devices to install GRUB to in the installer. On top of that, I think I actually configured something like that in /etc/default/grub on one of the machines at the office. >> - can I put the ESP on RAID1? > > Er, what's ESP? It's not Extra-Sensory Perception in this context :-P It's the EFI System Partition and is what gets mounted on /boot/efi/. >> - if not, how do I keep the copies in sync? > >> - do I need a separate partition for /boot? > > You do not need one, but you can have one. Then I'd rather do without. I asked because on a few of my systems it *is* a separate partition. Thinking about that, I believe these were installed to use a "fully" encrypted system, i.e. the partition mounted on / encrypted as well. In that case it makes sense because most BIOSs probably do not handle that. If I only want/need an encrypted /home then I should be okay with /boot on the partition that's mounted on /. >> - if so, can it be put on RAID1? > > Yes. > >> - if not, how do I keep the copies in sync? > > n/a ACK. >> - should I use LVM? > > Yes, IMHO. > >> - does randomizing the partition for /home make sense if on LVM and may >> get resized sometime in the future? > > What do you mean by randomizing? Writing random data to the partition before using it. This is supposed to make it harder to decrypt for prying eyes. After I sent my mail, I thought I could randomize the whole disk (or that part that's used as an LVM PV) but that might take a while ... Thanks again and looking forward to other opinions and follow-up! -- Olaf Meeuwissen _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng