Hi there EndeavourOS community!
Just switched over to EOS from Manjaro. Really impressed so far, test driving an install now and everything seems to be working really well.
I was hoping to get some feedback/advice/tips on the best way to configure my install, and if the current set up I have makes sense or has any flaws or shortcomings. I’ve read through many reddit posts, forum posts, watched many a youtube videos, and searched through this forum, but I still feel like I don’t have a clear answer an what the “best” way to go about this is.
This is a longer post with a broader scope, so I figured the “Newbies” category would be appropriate. I’ve been daily driving Manjaro for years, but didn’t quite feel up to an Arch install from scratch if that helps explain my linux experience. Thanks in advance for any help!
Objectives
- Full Disk Encryption
- at least home and root
- boot as well?
- Separate Home and Root partitions
- to make recovery or migration easier
- also b/c I have 2 separate physical disks
- Snapshots
- for easy rollback and restore
Current Install
Installation
- Using the Calamares Graphical Installer
- I selected manual partitioning
- I created a fat32 boot partition
- I created a btrfs partition for root on the same disk as the boot partition, checked the box to encrypt
- I created a btrfs partition for home on another disk, checked the box to encrypt and used the same password
- I left my other disks untouched during the installation
- I did not create a swap partition
- Selected to use grub
System Specs, Disks, Partitions, and Volumes
inxi -Fxxc0z
System:
Kernel: 6.4.1-zen2-1-zen arch: x86_64 bits: 64 compiler: gcc v: 13.1.1
Desktop: KDE Plasma v: 5.27.6 tk: Qt v: 5.15.10 wm: kwin_x11 dm: SDDM
Distro: EndeavourOS base: Arch Linux
Machine:
Type: Desktop Mobo: ASUSTeK model: STRIX Z270E GAMING v: Rev 1.xx
serial: <superuser required> UEFI: American Megatrends v: 1203
date: 12/26/2017
CPU:
Info: quad core model: Intel Core i7-7700K bits: 64 type: MT MCP
arch: Kaby Lake rev: 9 cache: L1: 256 KiB L2: 1024 KiB L3: 8 MiB
Speed (MHz): avg: 3350 high: 4200 min/max: 800/4600 cores: 1: 800 2: 800
3: 4200 4: 4200 5: 4200 6: 4200 7: 4200 8: 4200 bogomips: 67200
Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3
Graphics:
Device-1: NVIDIA TU104 [GeForce RTX 2080 SUPER] vendor: eVga.com.
driver: nvidia v: 535.54.03 arch: Turing pcie: speed: 8 GT/s lanes: 8 ports:
active: none off: DP-2,DP-3 empty: DP-1,HDMI-A-1,Unknown-1 bus-ID: 01:00.0
chip-ID: 10de:1e81
Device-2: Logitech C920 PRO HD Webcam driver: snd-usb-audio,uvcvideo
type: USB rev: 2.0 speed: 480 Mb/s lanes: 1 bus-ID: 1-6.2:5
chip-ID: 046d:08e5
Display: x11 server: X.Org v: 21.1.8 compositor: kwin_x11 driver: X:
loaded: nvidia unloaded: modesetting alternate: fbdev,nouveau,nv,vesa
gpu: nvidia,nvidia-nvswitch display-ID: :0 screens: 1
Screen-1: 0 s-res: 3440x2520 s-dpi: 101
Monitor-1: DP-2 note: disabled pos: top-right model: Dell P2219H
res: 1920x1080 dpi: 102 diag: 546mm (21.5")
Monitor-2: DP-3 mapped: DP-4 note: disabled pos: primary,bottom-l
model: Dell AW3418DW res: 3440x1440 dpi: 109 diag: 865mm (34.1")
API: OpenGL v: 4.6.0 NVIDIA 535.54.03 renderer: NVIDIA GeForce RTX 2080
SUPER/PCIe/SSE2 direct-render: Yes
Audio:
Device-1: Intel 200 Series PCH HD Audio vendor: ASUSTeK
driver: snd_hda_intel v: kernel bus-ID: 00:1f.3 chip-ID: 8086:a2f0
Device-2: NVIDIA TU104 HD Audio vendor: eVga.com. driver: snd_hda_intel
v: kernel pcie: speed: 8 GT/s lanes: 8 bus-ID: 01:00.1 chip-ID: 10de:10f8
Device-3: C-Media JLAB TALK GO MICROPHONE
driver: hid-generic,snd-usb-audio,usbhid type: USB rev: 2.0 speed: 12 Mb/s
lanes: 1 bus-ID: 1-6.1:4 chip-ID: 0d8c:1008
Device-4: Logitech C920 PRO HD Webcam driver: snd-usb-audio,uvcvideo
type: USB rev: 2.0 speed: 480 Mb/s lanes: 1 bus-ID: 1-6.2:5
chip-ID: 046d:08e5
API: ALSA v: k6.4.1-zen2-1-zen status: kernel-api
Server-1: PipeWire v: 0.3.72 status: active with: 1: pipewire-pulse
status: active 2: wireplumber status: active 3: pipewire-alsa type: plugin
4: pw-jack type: plugin
Network:
Device-1: Intel Ethernet I219-V vendor: ASUSTeK driver: e1000e v: kernel
port: N/A bus-ID: 00:1f.6 chip-ID: 8086:15b8
IF: enp0s31f6 state: down mac: <filter>
Device-2: Intel 82576 Gigabit Network driver: igb v: kernel pcie:
speed: 2.5 GT/s lanes: 4 port: d020 bus-ID: 02:00.0 chip-ID: 8086:10c9
IF: enp2s0f0 state: down mac: <filter>
Device-3: Intel 82576 Gigabit Network driver: igb v: kernel pcie:
speed: 2.5 GT/s lanes: 4 port: d000 bus-ID: 02:00.1 chip-ID: 8086:10c9
IF: enp2s0f1 state: down mac: <filter>
Device-4: Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter
vendor: ASUSTeK driver: ath10k_pci v: kernel pcie: speed: 2.5 GT/s lanes: 1
bus-ID: 05:00.0 chip-ID: 168c:003e temp: 57.0 C
IF: wlan0 state: up mac: <filter>
Bluetooth:
Device-1: ASUSTek Qualcomm Bluetooth 4.1 driver: btusb v: 0.8 type: USB
rev: 1.1 speed: 12 Mb/s lanes: 1 bus-ID: 1-7:3 chip-ID: 0b05:1825
Report: rfkill ID: hci0 rfk-id: 0 state: up address: see --recommends
RAID:
Hardware-1: Intel SATA Controller [RAID mode] driver: ahci v: 3.0
bus-ID: 00:17.0 chip-ID: 8086:2822
Drives:
Local Storage: total: 4.33 TiB used: 18.32 GiB (0.4%)
ID-1: /dev/nvme0n1 vendor: Toshiba model: KXG50ZNV256G NVMe 256GB
size: 238.47 GiB speed: 31.6 Gb/s lanes: 4 serial: <filter> temp: 51.9 C
ID-2: /dev/nvme1n1 vendor: Samsung model: SSD 960 EVO 500GB
size: 465.76 GiB speed: 31.6 Gb/s lanes: 4 serial: <filter> temp: 31.9 C
ID-3: /dev/sda vendor: Samsung model: SSD 860 EVO 1TB size: 931.51 GiB
speed: 6.0 Gb/s serial: <filter>
ID-4: /dev/sdb vendor: Samsung model: SSD 860 EVO 1TB size: 931.51 GiB
speed: 6.0 Gb/s serial: <filter>
ID-5: /dev/sdc vendor: Samsung model: SSD 860 EVO 1TB size: 931.51 GiB
speed: 6.0 Gb/s serial: <filter>
ID-6: /dev/sdd vendor: Samsung model: SSD 860 EVO 1TB size: 931.51 GiB
speed: 6.0 Gb/s serial: <filter>
Partition:
ID-1: / size: 237.96 GiB used: 12.78 GiB (5.4%) fs: btrfs dev: /dev/dm-0
mapped: luks-34bd9d1b-d489-476c-a19c-2294803d8683
ID-2: /boot/efi size: 511 MiB used: 720 KiB (0.1%) fs: vfat
dev: /dev/nvme0n1p2
ID-3: /home size: 465.76 GiB used: 2.74 GiB (0.6%) fs: btrfs
dev: /dev/dm-1 mapped: luks-879e81a5-1f94-4b82-85cb-ecf69537d9bf
ID-4: /var/log size: 237.96 GiB used: 12.78 GiB (5.4%) fs: btrfs
dev: /dev/dm-0 mapped: luks-34bd9d1b-d489-476c-a19c-2294803d8683
Swap:
Alert: No swap data was found.
Sensors:
System Temperatures: cpu: 38.0 C mobo: N/A
Fan Speeds (RPM): N/A
Info:
Processes: 275 Uptime: 4h 7m Memory: available: 31.28 GiB
used: 3.96 GiB (12.7%) Init: systemd v: 253 default: graphical Compilers:
gcc: 13.1.1 clang: 15.0.7 Packages: pm: pacman pkgs: 1129 Shell: Bash
v: 5.1.16 running-in: konsole inxi: 3.3.27
$ lsblk -o name,type,size,PTTYPE,FSTYPE
NAME TYPE SIZE PTTYPE FSTYPE
sda disk 931.5G gpt
└─sda1 part 931.5G gpt ext4
sdb disk 931.5G
sdc disk 931.5G
sdd disk 931.5G
nvme0n1 disk 238.5G gpt
├─nvme0n1p1 part 8M gpt crypto_LUKS
├─nvme0n1p2 part 512M gpt vfat
└─nvme0n1p3 part 238G gpt crypto_LUKS
└─luks-34bd9d1b-d489-476c-a19c-2294803d8683 crypt 238G btrfs
nvme1n1 disk 465.8G gpt
└─nvme1n1p1 part 465.8G gpt crypto_LUKS
└─luks-879e81a5-1f94-4b82-85cb-ecf69537d9bf crypt 465.8G btrfs
sudo btrfs subvolume list /
ID 256 gen 932 top level 5 path @
ID 257 gen 747 top level 5 path @cache
ID 258 gen 932 top level 5 path @log
ID 259 gen 23 top level 256 path var/lib/portables
ID 260 gen 24 top level 256 path var/lib/machines
ID 261 gen 930 top level 256 path .snapshots
Post install
I installed btrfs-assistant and have it set to take snapshots
Performance and Use
- computer boots to a black luks screen and I type in my password. Only asks for it once.
- goes to the grub screen.
- Everything else seems to be working
My thoughts and assumptions
- The installer created the btrfs volumes, I’ve never worked with btrfs volumes before so I’m not sure I understand them well.
- The boot partition should not be encrypted b/c I did not check the box to encrypt it in the installer
- btrfs should give me more flexibility to work with the various disks I have in my system. It is also what allows for the snapshots and being able to rollback and boot into a snapshot when something goes wrong.
- putting root and home on different disks and partitions is the easiest way to deal with multiple disks
Questions
- should the boot partition of a system be encrypted?
- Is that even possible? - Should there be a @home volume? Why wasn’t that auto created if there is a seperate home partition on a different disk?
- Can I create one (for the purpose of more control over the snapshots) after installation?
- Is my current combination of disks/partitions/btrfs volumes optimal? Or is there a better way to leverage btrfs to simplify things?
- for instance, could I use btrfs to create a pool of all my disks, encrypt just that, and have home and root there?
- This would likely have to be done manually outside of what the installer offers, correct?
- I’m planning to use a swapfile or zram. Any reason not to?
Again, my apologies for the long and broad questions. I understand there might not be a “best” or a correct answer, but I’m interested to see what other people think about some of these questions.
Thanks!