HOWTO - GPT/UEFI install with full disk encryption: BTRFSonLUKS with separate root, home and pkg subvolumes; hibernation with a swapfile; auto-snapshots with easy system rollback (GUI); boot into snapshots

ok, my head hurts. How would I set up btrfs with automatic snapshots, without encryption and with a swap partition/file?

I forgot to add, I am using a 120GB SSD for root now and a 1TB SSD for home.

Further question - for external backups, should I use EXT4 or BTRFS as I have read conflicting information about which is better for protecting data.

I don’t quite understand; Timeshifts btrfs snapshots contain a subvolumes state at a certain time. This of course also includes hidden files, metadata and everything the filesystem can see, like access and modification times for example. An option to include this data would be redundant.

See …

With btrfs’s send and receive commands you can replicate a snapshot on a different filesystem. The command operates in two modes: full and incremental. In the incremental mode, previously sent snapshots that are available on both the sending and receiving side can be used to reduce the amount of information that has to be sent to reconstruct the sent snapshot on a different filesystem; much like rsync in non-btrfs Timeshift.

It’s just a btrfs feature that Timeshift doesn’t make use of. But you could still send/receive snapshots created by Timeshift manually if you wanted to.

It’s not that difficult to achieve. Just read post #2 carefully and leave out everything encryption related.

Instead of the /dev/mapper/luks-… device you’ll have to refer to your actual device (e. g. /dev/sda2).

Well, if you’re going to send/receive btrfs snapshots you’ll have to use btrfs.

In all other cases I’d personally opt for ext4. A btrfs filesystem probably needs an occasional scrub and balance. EXT4 doesn’t require near as much maintenance than btrfs.
If it weren’t for the superior btrfs snapshots I’d still be using ext4 (ext4 also has snapshotting features, btw.)

1 Like

Hello @2000
So i did another install using your tutorial for KDE Plasma. Had the same issue with the swap file and i was able to rectify that since i did it once before. It would be nice if you could edit the tutorial and add the step that’s missing. Bryan said only you can edit it so it should work for you. If it doesn’t it may be only the first post that you can’t edit but give it a try when you have some time. It seems once i fix adding the swap. Then i have to add the line in /etc/default/grub and then update grub.

Anyway i have a question. So i have two 500 GB nvme drives and i did the install on the other drive but grub doesn’t see the other install because of the encryption obviously. So i have to use an F11 to boot to kde as it won’t add it to grub. So how do you deal with that?

Perhaps it would be on btrfs - on ext4 you have the option to only include the hidden files/dirs - which is a nice setting to have (when I consider the things I have in .config)

I’m sure I’d have to know a LOT more about btrfs before that could happen :smile: I’m still trying to figure out what’s going on in the background with that filesystem - especially when starting up and shutting down. It’s on the list (of things I should find out)

As I can’t edit the first few posts anymore and burying a fix in this thread somewhere is very uneficciant, I have written a Wiki article.
It’s finished and I’m only waiting for Bryan to sign it off before going public.

The encryption shouldn’t be a problem. Maybe it’s the old Arch not seeing other Arch installs issue? There’s a Wiki article about it. You could try there first.
I myself haven’t multibooted for ages, so I probably won’t be much help in that area.

2 Likes

Oh, sorry. I misunderstood; makes more sense now :man_facepalming:
I see how this could be useful.

Sorry - was on a newer system that I hadn’t fitted with timeshift yet… here’s a screenshot from rsync mode setup:
time-scn
That’s a little clearer!

1 Like

I switched to rEFInd in order to multiboot with encryption.

2 Likes

Now that I think about it, one could actually combine the use of rsync with btrfs snapshots on a btrfs system.
Well, for manual instigated snapshots that is.

I have a small script that activates the “also snapshot @home” feature, makes a snapshot and then reverts the setting as I don’t want this for my automated snapshots.

It shouldn’t be a problem activating and running certain rsync features this way. The benefit of using Timeshift on a btrfs system is that you can choose rsync or btrfs snapshots after all.

We do have an excellent Wiki article for that, if I recall.
Problem solved :smirk:

2 Likes

THIS TUTORIAL IS NOW A WIKI ARTICLE


Find the quick and dirty (recommended) version here:
https://endeavouros.com/docs/encrypted-installation-2/btrfsonluks-quick-copypaste-version/

Or the verbose version here:
https://endeavouros.com/docs/encrypted-installation-2/btrfsonluks-verbose-version/

7 Likes

Quick and dirty is recommended…tsss :wink:

Really good work. This tutorial is excellent!

1 Like

I think I may have to rephrase that … :sweat_smile:

3 Likes

Thanks for taking the time to do this.

1 Like

To get rEFInd working with this, is it sufficient to simply follow the wiki article on normal rEFInd installation?

I haven’t done much with btrfs, but rEFInd at worst will manage to find the grub that is created… and start it for you if selected. To get the right logo on rEFInd, follow the main wiki instruction for copying it into /boot/efi/EFI/refind/icons…

I have tested it to boot Garuda Linux that way - still working on whether there are alternative methods… :grin:

Gotcha. I was just wondering if anything special had to be done with respect to encryption.

So I’m trying to get rEFInd working with this and I managed to find this guide.

The line in refind.conf that I’m unsure of how to translate to my install is:
options "cryptdevice=UUID=bde363f5-7de6-4794-83da-0dd56ff89bfa:zotacroot root=/dev/mapper/zotacroot rootflags=subvol=root rw add_efi_memmap"

Since this guide is happening during an initial install, I know the :zotacroot & /dev/mapper/zotacroot parts are going to be different and I’m unsure what to put there.