On 07/05/2025 17:39, Anna wrote:
Hi! I'm not satisfied with my partition layout, so I'm considering
changing it. It currently looks like this (/dev/sda and /dev/sdc are
SSDs, /dev/sdb is HDD):
$ lsblk -A -o NAME,MODEL,SIZE,FSUSED,MOUNTPOINT,FSTYPE
NAME MODEL SIZE FSUSED MOUNTPOINT FSTYPE
sda Samsung SSD 850 120GB 111,8G
├─sda1 128M 36M /boot vfat
├─sda2 45G 40,1G / ext4
└─sda3 66,7G 50,5G /home xfs
sdb SAMSUNG HM321HI 298,1G
└─sdb1 298,1G 13,1G /mnt/storage ext4
sdc Micron_1100_MTFDDAK256TBN 238,5G
promise_fasttrack_raid_member
├─sdc1 39,1G 27,3G /var xfs
└─sdc2 199,4G 144,5G /home/cyber xfs
It's currently full of ugly workarounds: at least 20G belong in /var
rather than /home.
Hmmm...
My wishes for the new layout are:
* Encrypted /home partition. The rest of the system should stay
unencrypted so it could be restarted by someone else without my
intervention.
Though if /home is not decrypted right after reboot, it will lead to
failed mail delivery to maildirs, until I decrypt it.
Two points here. Firstly, is one of your big disks one of these that
self-encrypts? I'd make that drive a single /home and that's it.
And why would that mess up mail? Run something like dovecot and/or some
mailserver which dumps everything into /var. Then stuff only ends up in
~/mail or whatever once you log in.
* Flexibility. I don't want to face this ugly situation again.
A big / and nothing else isn't a good idea. I've filled up root before
and it's not a good place to be.
If I had only one disk, I'd just make one big root partition. But
there are two SSDs, and I could need more than the smallest (111,8G)
disk allows to fit. I could combine them into singe logical partition
using LVM.
So, I'd take the smallest disk, and make it /efi (or /boot) and /. I'd
also disagree with Eli about a tiny /efi. If you want to multi-boot
you'll be up a gum tree (yes, you can have multiple efi partitions blah
blah blah, but - I think it was SUSE - defaulted to a tiny efi and I had
to wipe and rebuild the laptop). Make /efi about 512MB. The rest of it
will make a big / partition.
I'd then make the largest disk /home, and the middle one /var. Tell
portage to put all its temporary files in /var.
So now / is pretty much immutable, /home is a decent chunk of space, and
if things do go wrong, it's /var which is going to crash. And actually,
that's not really a problem. A pain, yes, but ...
If I decide to proceed with LVM, XFS will be a bad choice because it
cannot be shrinked. So I'll need a different filesystem, like ext4,
Btrfs or maybe even ZFS?
Booting without initramfs will not be possible anymore, so I'll likely
need more disk space (how much?) for /boot, which can not be a logical
partition if I wish to continue using EFI stub kernels.
Just put the full kernel in /efi. I think an efi grub will quite happily
boot a complete compressed kernel that you can store in /efi - another
reason for wanting a larger /efi. Or you can put a full kernel and
initramfs and everything in your "stub kernel". There's options.
And the last question: is there point in Secure Boot without FDE?
Full Disk Encryption? What's the connection between Secure Boot and FDE?
There's none unless you want it. Secure Boot guarantees that your kernel
is what you think it is - that your system isn't compromised. If Secure
Boot fails you've lost anyway. Then FDE guarantees that someone can't
just boot your system and access your /home - a completely different
kettle of fish.
Or of course, going back to disk space and "having just one disk", how
much would it cost to replace all those disks with a single, *larger*
disk. I think a 1TB SSD is about £100? Not that expensive.
Cheers,
Wol
