著者: Olaf Meeuwissen 日付: To: Didier Kryn CC: dng 題目: Re: [DNG] UEFI, software RAID1, LVM and encryption
Hi Didier,
Didier Kryn writes:
> Le 24/07/2022 à 05:18, Olaf Meeuwissen via Dng a écrit:
>> Hi list,
>>
>> I lost the single SSD on my mini PC and am in the process of rethinking
>> its storage. So far, I've got myself two brand new and identical PCIe
>> NVMe SSDs (256GB) for use in a software RAID1 setup. I think I need to
>> enable UEFI to get access to the BIOS from the GRUB menu.
>>
>> I want my /home directory on a partition of its own, at a minimum, and
>> encrypt it. I don't see a need to encrypt much else as I am not after
>> plausible deniability. It's mostly to be able to return a broken disk
>> for a replacement and still sleep in relative peace of mind;-)
>>
>> I haven't quite made up my mind as to a need for other partitions. I
>> use containers and VMs quite a bit. Perhaps these are better stored
>> some place other than the partitions for / or (an encrypted) /home.
>>
>> With 64GB of RAM, I don't see much need for swap. If needed, I could
>> always add a swapfile instead of a partition.
>
> Apart from the containers, which I haven't any experience of, and
> given your pretty reasonable description of your needs, my take would be
> to reserve the whole of your RAID1 for /home and add a small ssd for all
> the OS, in one single partition. Of course, no swap.
Hmm, if I were to add a small ssd, I'd either have to use up the one
SATA SSD port I have or revert to using an SSD on one of the USB ports.
I think I'm better off carving out a 30GB or so partition for the OS on
the RAID1. The 30GB value comes from a chimaera install using guided
partitioning for the entire disk with encrypted LVM and a separate
/home. I've found a 30GB partition for the OS to be plenty roomy for my
needs but it will happily hold a mostly default Xfce4 GUI. Even adding
fcitx-mocz and Japanese fonts, a must for me, leaves room to spare.
> If you happen to loose the OS disk, which is very unlikely: not a
> big harm, install Devuan on a fresh one. Your home is safe, although the
> only protection against your own mistakes is, of course, backup. KISS!
Putting both OS and /home on RAID1 would keep both safe. Backups don't
only protect against one's own mistakes, they also protect against very
bad disk failures ... as I recently found out the hard way :-(
# I didn't quite expect my SSD to go bad on me after six months and a
# bad. Actually, I can still see some of the file system but as soon
# as I get an I/O error, the device disappears.
# Reading the initrd triggers one ... duh!
My new setup will definitely run rsync backups on (ana)cron to a NAS on
the home LAN.
--
Olaf Meeuwissen