On Fri, 28 Jul 2023 14:57:25 +0100, Michael wrote: > > I too put everything on subvolumes, and set the one containing / to be > > the default when mounted without a subvolid. > > When you say "everything", do you include temporary and virtual > filesystems too (e.g. /sys, /proc/ /tmp, /run), or do you place these > in hierarchically lower subvolumes so they are not backed up?
Everything but virtual filesystems, they are still virtual. > Also, how do you treat /var/db and /var/cache/distfiles? /var/db is just a directory on /var. I have $DISTDIR on an NFS mount, so I can share it with all clients. > How much space do you allocate for snapshots and at what point you > start moving/deleting older snapshots? You don't allocate space for them, at least I don't. I take snapshots every 15 minutes, keeping 5. Then hourly snapshots, keeping 25, daily snapshots keeping 8, weekly keeping 6 and monthly snapshots that I clean manually as space requires. > I have one SSD and a larger spinning disk. I have a separate partition > on the SSD for /home, so I could put dm-crypt on this partition alone > and afford some basic security for personal data against opportunistic > theft. No RAID on this box, unless you suggest to create a RAID 1 with > two partitions, in case the SSD cells go wrong on one of them? > > Without RAID things should be simpler with block device level > encryption for / home. But, ... will this work without an initrd? The > unencrypted rootfs will be mounted before /home. You should only need an initrd if / is encrypted. I encrypt everything except /boot and dracut handles decrypting via an initrd easily. > I am also not clear on steps I would need to follow in recovery > operation scenarios and what I must have available to achieve this. It > is not as simple as booting with any ol' liveUSB to try to access an > unecrypted drive/ partition. I'll need dm-crypt and cryptsetup, or > ecryptfs-utils and some familiarity with these tools, if I'm not > reading off my exceptionally well structured notes I had the > premonition to put together BEFORE the drive went south. ;-) systemrescue has all those tools, plus a web browser so you can work out how to use them :) -- Neil Bothwick "There are two ways of constructing a software design: One way is to make it so simple that there are obviously no deficiencies, and the other way is to make it so complicated that there are no obvious deficiencies. The first method is far more difficult" -C.A.R. Hoare
pgp9vlqOHQRqM.pgp
Description: OpenPGP digital signature
