Hi! I'm not satisfied with my partition layout, so I'm considering
changing it. It currently looks like this (/dev/sda and /dev/sdc are
SSDs, /dev/sdb is HDD):

$ lsblk -A -o NAME,MODEL,SIZE,FSUSED,MOUNTPOINT,FSTYPE
NAME MODEL SIZE FSUSED MOUNTPOINT FSTYPE
sda Samsung SSD 850 120GB 111,8G
├─sda1 128M 36M /boot vfat
├─sda2 45G 40,1G / ext4
└─sda3 66,7G 50,5G /home xfs
sdb SAMSUNG HM321HI 298,1G
└─sdb1 298,1G 13,1G /mnt/storage ext4
sdc Micron_1100_MTFDDAK256TBN 238,5G promise_fasttrack_raid_member
├─sdc1 39,1G 27,3G /var xfs
└─sdc2 199,4G 144,5G /home/cyber xfs

It's currently full of ugly workarounds: at least 20G belong in /var
rather than /home.

My wishes for the new layout are:

* Encrypted /home partition. The rest of the system should stay
unencrypted so it could be restarted by someone else without my
intervention.

Though if /home is not decrypted right after reboot, it will lead to
failed mail delivery to maildirs, until I decrypt it.

* Flexibility. I don't want to face this ugly situation again.

If I had only one disk, I'd just make one big root partition. But
there are two SSDs, and I could need more than the smallest (111,8G)
disk allows to fit. I could combine them into singe logical partition
using LVM.

If I decide to proceed with LVM, XFS will be a bad choice because it
cannot be shrinked. So I'll need a different filesystem, like ext4,
Btrfs or maybe even ZFS?

Booting without initramfs will not be possible anymore, so I'll likely
need more disk space (how much?) for /boot, which can not be a logical partition if I wish to continue using EFI stub kernels.

And the last question: is there point in Secure Boot without FDE?

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------IJdsWYrztFDr6km4UVJlnt0J
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64

T24gNS83LzI1IDEyOjM5IFBNLCBBbm5hIHdyb3RlOg0KPiBIaSEgSSdtIG5vdCBzYXRpc2Zp ZWQgd2l0aCBteSBwYXJ0aXRpb24gbGF5b3V0LCBzbyBJJ20gY29uc2lkZXJpbmcNCj4gY2hh bmdpbmcgaXQuIEl0IGN1cnJlbnRseSBsb29rcyBsaWtlIHRoaXMgKC9kZXYvc2RhIGFuZCAv ZGV2L3NkYyBhcmUNCj4gU1NEcywgL2Rldi9zZGIgaXMgSEREKToNCj4gDQo+ICQgbHNibGsg LUEgLW8gTkFNRSxNT0RFTCxTSVpFLEZTVVNFRCxNT1VOVFBPSU5ULEZTVFlQRQ0KPiBOQU1F wqDCoCBNT0RFTMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKg IFNJWkUgRlNVU0VEIE1PVU5UUE9JTlTCoMKgIEZTVFlQRQ0KPiBzZGHCoMKgwqAgU2Ftc3Vu ZyBTU0QgODUwIDEyMEdCwqDCoMKgwqAgMTExLDhHDQo+IOKUnOKUgHNkYTHCoMKgwqDCoMKg wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoCAxMjhNwqDC oMKgIDM2TSAvYm9vdMKgwqDCoMKgwqDCoMKgIHZmYXQNCj4g4pSc4pSAc2RhMsKgwqDCoMKg wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqAgNDVH wqAgNDAsMUcgL8KgwqDCoMKgwqDCoMKgwqDCoMKgwqAgZXh0NA0KPiDilJTilIBzZGEzwqDC oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgIDY2 LDdHwqAgNTAsNUcgL2hvbWXCoMKgwqDCoMKgwqDCoCB4ZnMNCj4gc2RiwqDCoMKgIFNBTVNV TkcgSE0zMjFIScKgwqDCoMKgwqDCoMKgwqDCoMKgIDI5OCwxRw0KPiDilJTilIBzZGIxwqDC oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoCAyOTgs MUfCoCAxMywxRyAvbW50L3N0b3JhZ2UgZXh0NA0KPiBzZGPCoMKgwqAgTWljcm9uXzExMDBf TVRGRERBSzI1NlRCTiAyMzgsNUfCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKg wqDCoMKgDQo+IHByb21pc2VfZmFzdHRyYWNrX3JhaWRfbWVtYmVyDQo+IOKUnOKUgHNkYzHC oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqAg MzksMUfCoCAyNywzRyAvdmFywqDCoMKgwqDCoMKgwqDCoCB4ZnMNCj4g4pSU4pSAc2RjMsKg wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqAgMTk5 LDRHIDE0NCw1RyAvaG9tZS9jeWJlcsKgIHhmcw0KPiANCj4gSXQncyBjdXJyZW50bHkgZnVs bCBvZiB1Z2x5IHdvcmthcm91bmRzOiBhdCBsZWFzdCAyMEcgYmVsb25nIGluIC92YXINCj4g cmF0aGVyIHRoYW4gL2hvbWUuDQo+IA0KPiBNeSB3aXNoZXMgZm9yIHRoZSBuZXcgbGF5b3V0 IGFyZToNCj4gDQo+ICogRW5jcnlwdGVkIC9ob21lIHBhcnRpdGlvbi4gVGhlIHJlc3Qgb2Yg dGhlIHN5c3RlbSBzaG91bGQgc3RheSDCoA0KPiB1bmVuY3J5cHRlZCBzbyBpdCBjb3VsZCBi ZSByZXN0YXJ0ZWQgYnkgc29tZW9uZSBlbHNlIHdpdGhvdXQgbXkgwqANCj4gaW50ZXJ2ZW50 aW9uLg0KPiANCj4gwqAgVGhvdWdoIGlmIC9ob21lIGlzIG5vdCBkZWNyeXB0ZWQgcmlnaHQg YWZ0ZXIgcmVib290LCBpdCB3aWxsIGxlYWQgdG8gwqANCj4gZmFpbGVkIG1haWwgZGVsaXZl cnkgdG8gbWFpbGRpcnMsIHVudGlsIEkgZGVjcnlwdCBpdC4NCj4gDQo+ICogRmxleGliaWxp dHkuIEkgZG9uJ3Qgd2FudCB0byBmYWNlIHRoaXMgdWdseSBzaXR1YXRpb24gYWdhaW4uDQo+ IA0KPiDCoCBJZiBJIGhhZCBvbmx5IG9uZSBkaXNrLCBJJ2QganVzdCBtYWtlIG9uZSBiaWcg cm9vdCBwYXJ0aXRpb24uIEJ1dCDCoA0KPiB0aGVyZSBhcmUgdHdvIFNTRHMsIGFuZCBJIGNv dWxkIG5lZWQgbW9yZSB0aGFuIHRoZSBzbWFsbGVzdCAoMTExLDhHKSDCoA0KPiBkaXNrIGFs bG93cyB0byBmaXQuIEkgY291bGQgY29tYmluZSB0aGVtIGludG8gc2luZ2UgbG9naWNhbCBw YXJ0aXRpb24gwqANCj4gdXNpbmcgTFZNLg0KPiANCj4gwqAgSWYgSSBkZWNpZGUgdG8gcHJv Y2VlZCB3aXRoIExWTSwgWEZTIHdpbGwgYmUgYSBiYWQgY2hvaWNlIGJlY2F1c2UgaXQgwqAN Cj4gY2Fubm90IGJlIHNocmlua2VkLiBTbyBJJ2xsIG5lZWQgYSBkaWZmZXJlbnQgZmlsZXN5 c3RlbSwgbGlrZSBleHQ0LA0KPiDCoCBCdHJmcyBvciBtYXliZSBldmVuIFpGUz8NCj4gDQo+ IEJvb3Rpbmcgd2l0aG91dCBpbml0cmFtZnMgd2lsbCBub3QgYmUgcG9zc2libGUgYW55bW9y ZSwgc28gSSdsbCBsaWtlbHkNCj4gbmVlZCBtb3JlIGRpc2sgc3BhY2UgKGhvdyBtdWNoPykg Zm9yIC9ib290LCB3aGljaCBjYW4gbm90IGJlIGEgbG9naWNhbA0KPiBwYXJ0aXRpb24gaWYg SSB3aXNoIHRvIGNvbnRpbnVlIHVzaW5nIEVGSSBzdHViIGtlcm5lbHMuDQoNCg0KR3J1YiBz dXBwb3J0cyBMVk0sIGFuZCBhbHNvIHN1cHBvcnRzIHhmcy9idHJmcy9leHQ0Lg0KDQpTbyBp biB0aGVvcnkgeW91IGNhbiBoYXZlIGEgMm1iIEVGSSBwYXJ0aXRpb24gLS0gaHVnZWx5IG92 ZXJraWxsIGFzDQpncnVieDY0LmVmaSBpcyBvbmx5IGFib3V0IDIwMGtiIGJ1dCBiZXN0IHRv IHN0YXkgb24gdGhlIHNhZmUgc2lkZSB0bw0KZ2l2ZSByb29tIGZvciBmdXR1cmUgZ3Jvd3Ro Lg0KDQpUaGF0IHdpbGwgdGhlbiBtb3VudCB5b3VyIC8gcGFydGl0aW9uIGFuZCByZWFkIHRo ZSBrZXJuZWwgZnJvbSB0aGUgL2Jvb3QNCmRpcmVjdG9yeS4NCg0KSSBkbyB0aGlzIHdpdGgg Z3J1YiArIGJ0cmZzLCBJIGRvIG5vdCB1c2UgTFZNIHNvIGNhbid0IHNwZWFrIGZyb20NCmV4 cGVyaWVuY2UgdGhlcmUuDQoNCk15IEVGSSBwYXJ0aXRpb24gaXMgZmF0MTIgZHVlIHRvIGZh dDMyJ3MgbWluaW11bSBmaWxlc3lzdGVtIHNpemUuIFRoZQ0KVUVGSSBzcGVjaWZpY2F0aW9u IHNheXMgdGhhdCBmYXQxMiBoYXMgdG8gYmUgc3VwcG9ydGVkICgiZm9yIHJlbW92YWJsZQ0K bWVkaWEiIC0tIHdlaXJkIGRpc3RpbmN0aW9uKSBhbmQgSSd2ZSBuZXZlciBoYWQgYW4gaXNz dWUgd2l0aCBpdCBidXQgSQ0KY2FuJ3QgbWFrZSBwcm9taXNlcyBhYm91dCBldmVyeSBVRUZJ IGltcGxlbWVudGF0aW9uJ3Mgc3BlYyBjb25mb3JtYW5jZS4NCg0KDQpBdm9pZCB6ZnMgZHVl IHRvIHRoZSBkYXRhIGNvcnJ1cHRpb24gYnVncy4gUG9ydGFnZSBpbiBwYXJ0aWN1bGFyIHRl bmRzDQp0byBzdHJlc3MtdGVzdCBmaWxlc3lzdGVtcyBhbmQgcmVndWxhcmx5IHVuY292ZXJz IHpmcyBidWdzIHRoYXQgcmVzdWx0DQppbiBicm9rZW4gcGFja2FnZXMuDQoNCg0KPiBBbmQg dGhlIGxhc3QgcXVlc3Rpb246IGlzIHRoZXJlIHBvaW50IGluIFNlY3VyZSBCb290IHdpdGhv dXQgRkRFPw0KDQoNClNlY3VyZSBCb290IGNhbiBwcmV2ZW50IHVuYXV0aG9yaXplZCBjb2Rl IHJ1bm5pbmcgYXQgYm9vdC4gSXQgZG9lc24ndA0KcHJvdGVjdCBhZ2FpbnN0IHRoaWV2ZXMg cmVtb3ZpbmcgdGhlIGRyaXZlIGFuZCBtb3VudGluZyBpdCBhcyBhbg0KZXh0ZXJuYWwgZHJp dmUgb24gdGhlaXIgb3duIHN5c3RlbSwgdGhlbiBkb2luZyBhbnl0aGluZyB0aGV5IHdhbnQg d2l0aA0KaXQsIGluY2x1ZGluZyBleGZpbHRyYXRpbmcgZGF0YSBvciBtb2RpZnlpbmcgL2Jp bi9iYXNoIHdpdGggbWFsd2FyZS4NCg0KSWYgeW91ciB0aHJlYXQgbW9kZWwgaXMgbm90IGNv bmNlcm5lZCB3aXRoIHBoeXNpY2FsIGF0dGFja2VycyBvciBub3QNCmNvbmNlcm5lZCB3aXRo IHBoeXNpY2FsIGF0dGFja2VycyBicmluZ2luZyB0aGVpciBvd24gaGFyZHdhcmUgdGhlbiBp dCBpcw0KcG9zc2libGUgdGhhdCBTZWN1cmUgQm9vdCBkb2VzIHNvbWV0aGluZyB0byBwcm90 ZWN0IGFnYWluc3Qgd2hhdCB5b3UncmUNCndvcnJpZWQgYWJvdXQgLS0geW91J2xsIGhhdmUg dG8gYW5zd2VyIHRoYXQgeW91cnNlbGYuDQoNCg0KLS0gDQpFbGkgU2Nod2FydHoNCg==

--------------IJdsWYrztFDr6km4UVJlnt0J--

-----BEGIN PGP SIGNATURE-----

wnsEABYIACMWIQTnFNnmK0TPZHnXm3qEp9ErcA0vVwUCaBuVaQUDAAAAAAAKCRCEp9ErcA0vV1ZZ AQC3AADwC5BKWWSPI/Lc+CmyPOzlgmKxoVVTwO+NB8AG3AEAzAvexDc3QcFUGJexAgjaM+bmSzgx vFhBSmugsUVf1gU=
=JXi/
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 07/05/2025 17:39, Anna wrote:

Hi! I'm not satisfied with my partition layout, so I'm considering
changing it. It currently looks like this (/dev/sda and /dev/sdc are
SSDs, /dev/sdb is HDD):

$ lsblk -A -o NAME,MODEL,SIZE,FSUSED,MOUNTPOINT,FSTYPE
NAME   MODEL                       SIZE FSUSED MOUNTPOINT   FSTYPE
sda    Samsung SSD 850 120GB     111,8G ├─sda1                             128M    36M /boot        vfat
├─sda2                              45G  40,1G /            ext4
└─sda3                            66,7G  50,5G /home        xfs
sdb    SAMSUNG HM321HI           298,1G └─sdb1                           298,1G  13,1G /mnt/storage ext4
sdc    Micron_1100_MTFDDAK256TBN 238,5G
promise_fasttrack_raid_member ├─sdc1                            39,1G  27,3G /var         xfs
└─sdc2                           199,4G 144,5G /home/cyber  xfs

It's currently full of ugly workarounds: at least 20G belong in /var
rather than /home.

Hmmm...

My wishes for the new layout are:

* Encrypted /home partition. The rest of the system should stay
unencrypted so it could be restarted by someone else without my
intervention.

  Though if /home is not decrypted right after reboot, it will lead to
  failed mail delivery to maildirs, until I decrypt it.

Two points here. Firstly, is one of your big disks one of these that self-encrypts? I'd make that drive a single /home and that's it.

And why would that mess up mail? Run something like dovecot and/or some mailserver which dumps everything into /var. Then stuff only ends up in
~/mail or whatever once you log in.

* Flexibility. I don't want to face this ugly situation again.

A big / and nothing else isn't a good idea. I've filled up root before
and it's not a good place to be.

  If I had only one disk, I'd just make one big root partition. But
there are two SSDs, and I could need more than the smallest (111,8G)
disk allows to fit. I could combine them into singe logical partition
using LVM.

So, I'd take the smallest disk, and make it /efi (or /boot) and /. I'd
also disagree with Eli about a tiny /efi. If you want to multi-boot
you'll be up a gum tree (yes, you can have multiple efi partitions blah
blah blah, but - I think it was SUSE - defaulted to a tiny efi and I had
to wipe and rebuild the laptop). Make /efi about 512MB. The rest of it
will make a big / partition.

I'd then make the largest disk /home, and the middle one /var. Tell
portage to put all its temporary files in /var.

So now / is pretty much immutable, /home is a decent chunk of space, and
if things do go wrong, it's /var which is going to crash. And actually,
that's not really a problem. A pain, yes, but ...

  If I decide to proceed with LVM, XFS will be a bad choice because it
  cannot be shrinked. So I'll need a different filesystem, like ext4,
  Btrfs or maybe even ZFS?

Booting without initramfs will not be possible anymore, so I'll likely
need more disk space (how much?) for /boot, which can not be a logical partition if I wish to continue using EFI stub kernels.

Just put the full kernel in /efi. I think an efi grub will quite happily
boot a complete compressed kernel that you can store in /efi - another
reason for wanting a larger /efi. Or you can put a full kernel and
initramfs and everything in your "stub kernel". There's options.

And the last question: is there point in Secure Boot without FDE?

Full Disk Encryption? What's the connection between Secure Boot and FDE? There's none unless you want it. Secure Boot guarantees that your kernel
is what you think it is - that your system isn't compromised. If Secure
Boot fails you've lost anyway. Then FDE guarantees that someone can't
just boot your system and access your /home - a completely different
kettle of fish.

Or of course, going back to disk space and "having just one disk", how
much would it cost to replace all those disks with a single, *larger*
disk. I think a 1TB SSD is about £100? Not that expensive.

Cheers,
Wol

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

--3e386427ce034ad6686b7d9a99f2f4461186d8a2c68d1566967d34737569
Content-Type: multipart/mixed;
boundary=8cad18959c7238ec5cdd11cbd1c99ebb2a076d392668c8002ea3cf9f8d40

--8cad18959c7238ec5cdd11cbd1c99ebb2a076d392668c8002ea3cf9f8d40
Content-Type: multipart/alternative;
boundary=0e1faad84d87913f5ba5b2be2887f0ab1831f18e050b46279e7075cab12f

--0e1faad84d87913f5ba5b2be2887f0ab1831f18e050b46279e7075cab12f Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Content-Type: text/plain; charset=UTF-8

My wishes for the new layout are:

* Encrypted /home partition. The rest of the system should stay
unencrypted so it could be restarted by someone else without my
intervention.

if you have a tpm, setting up clevis for tpm auto-unlock is also a
possibility here

Though if /home is not decrypted right after reboot, it will lead to
failed mail delivery to maildirs, until I decrypt it.

* Flexibility. I don't want to face this ugly situation again.

If I had only one disk, I'd just make one big root partition. But
there are two SSDs, and I could need more than the smallest (111,8G)
disk allows to fit. I could combine them into singe logical partition
using LVM.

If I decide to proceed with LVM, XFS will be a bad choice because it
cannot be shrinked. So I'll need a different filesystem, like ext4,
Btrfs or maybe even ZFS?

if btrfs is a consideration, btrfs does have nativelly support disk
pools as well

Booting without initramfs will not be possible anymore, so I'll likely
need more disk space (how much?) for /boot, which can not be a logical partition if I wish to continue using EFI stub kernels.

so far 512mb in /boot has been enough for me, noting that i clean all
but the last 2 kernel entries, and i use the default gentoo-kernel, with default dracut initramfs, and with this setup, /boot is usually 200mb
used / 312mb free -- (also note, that /boot is the EFI parition for me)

--0e1faad84d87913f5ba5b2be2887f0ab1831f18e050b46279e7075cab12f--

--8cad18959c7238ec5cdd11cbd1c99ebb2a076d392668c8002ea3cf9f8d40 Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename=68990292A7A98C5E.asc
Content-Type: application/pgp-keys; charset=UTF-8

LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tCgptUUlOQkdOMWVrNEJFQURSZEZa cUgzM3JZay84eUhwblM0U25UUUlGZnNTN3hNUy9sSG9JWVBUcXVUK1RHL0dwClFOQnZxZXh0dDhS c1duQ1k2WEE1dEdNWVg3Y3V0VFBqRjg2WTJwWWJMbzd5N010L3hnZGhDeUYzeUZsSGdGWXIKL0R5 eFFlbVJoOHFISTBlTXQ1Y1VYR1NqekNEU2YrUzhZRlJiVUplOFE3clhNNDB4RVhvcUx1a04rM1Vk bUQxZQpuWTlVVk42TXYvbVJMQVJmS2lCUVpEaEJYUlJOdDdBMlpqUTdubkpEZnY3b3FZUXdhS1p0 QXNrcVc5OG93TnA3ClFYTzZjdWtuOFV3VlJVNUV2QW1Ec1I5YVZkYjQ0NnkrMEh1Qk56SHJqbjE0 dENZcFEwUzZFYkFmL1FBT09UemsKaENaZWtjUTVPVC9oWGZ3YkRmd1N0ZmM2RWI3Qi8yemNmVnlL aGR2emV1eTB2MlJRc0lPR0N1anRidWk0UE9RcApMcm0wTWh4SG1ZTTlEWlZQMW1CM3Vnd3JEcDRQ UVJVcmZaVlBWQmxQd25CbmxBMm5MMlFHbDFiSUxyblZCSXRCCjBuZCtMR0dub1JWTHV2aEdYTi9Z dHE4SU1aaUx0Y09QOUZJajRqSVZCRUZIalpubHI5dUNlMjZGUEN4Yno4UmMKZlhYeWZJTjhsVDdC K1p3VzVvRlVtVk5RN3c5NnZWZXdYZ3c3Yy9xNGlrRER0ZW9yZlQ1OVpXQ0laWUtDWnowTgpvaWha ZEF5NFlyTDFsN2JsSit5Y3I2QkZJejR5NmZnV1FGWCtQdUZJczdvSm1GUlBFMW5qN3dxT3pTa2xK WkFsCjRXcjVjTlZyTjlGTEsyOEpPMGFnZEgvbDBzd1ZZK3l0SktHQWhLb3NjTVFaZmY5SkdRM1k1 ODFaQndBUkFRQUIKdENWQmJtNWhJRVpwWjNWbGFYSmxaRzhnUjI5dFpYTWdQRzVoZG1sQWRteG9i QzVrWlhZK2lRSlhCQk1CQ2dCQgpBaHNCQlFzSkNBY0RCUlVLQ1FnTEJSWURBZ0VBQWg0QkFoZUFB aGtCRmlFRXJvN1hiczdNc25VTzRJZDJhSmtDCmtxZXBqRjRGQW1kSG81a0ZDUWVVa0VzQUNna1Fh SmtDa3FlcGpGNEkwdy8rSVowS25IK1NtekxvSXN1ZUVRUFgKN0JSbEczODFtUHBiODRUZ0ZPRVlX VXpPVnpIVjlneUlBM1VWaHptb2t0ai93NW41Y2wyNkxhZ2tkNVdVZ2lORApicytoT0tEZml1UFo4 RVhlQVN6eml4bTh4dlZUL0hTL1A1bUphYTcwdFhKQ3pxWWJic1JyVG5iMnEvZUlYbzFDCm9pM2Va N3MvSG9URjBnWUMrMlhYZ2MyQmhQSHNreXdDUUpudEdFTkNJeHlwVWRjanVHZWtvYlh5bVo1VUI2 cVkKOWsxQ1dUWmNFTHNtYjFCZEc2R3g4SDRwYXhtQmg2ZkVlZ3dXV2k4REZ2cFR0ek51TlZsZC8v MGRJZVErbFBXUgorVWVic0ZmL1dLWXFKcXYxU2d6N1NkbUFHRm9DMnFTZHJHL09jTTZnL3dIb05G WDVReVhMd0xQRDkycWluSEpUCnIzVitLOUJqUXJSSmt5N2hsVkxGQzFJeW05ZGhCNVVLV3FkSjhj bG5WaFQwOXNTVkRWWkRJR2VucUpPeFJ0dm0Kc1BJWHBLbnFjcjlTS0ZoODJPMVdwK0VtTllyRTBW OEtRVUpVSWhRSkxuK3pvQXRHMXBYNjdVdDBaR0pFQ2dOOQovYy9HSjN2OHFsWXptL3o4RDVjL3g0 NncvZ2tyOHJCdHJyRUF0WEVIdDRTWlhrV0Y5MFkyMU51VHc5b0xUTjZ0Cm9yYUtyYStqbHZVZ0dj WkFGcXc0OVo3S2g3S0NTQUxzTGlCdTFmbnhkcFBRYUdMUXNNdG5YRGNlb3lieE16blIKTjZvOGpK TitnTkhlV3NKN1IvZHVtUXd6d3RMZWtHM1lJQyt0aXhIVVF2a0xwR0hwQ3NqYWlXNEpjVkdzblI5 YQpYdmdnVUhIQkwzbS9tbTlmOW8zREFxVzBMRUZ1Ym1FZ0tHNWhkbWtwSUVacFozVmxhWEpsWkc4 Z1IyOXRaWE1nClBHNWhkbWxBZG14b2JDNWtaWFkraVFKVUJCTUJDZ0ErQWhzQkJRc0pDQWNEQlJV S0NRZ0xCUllEQWdFQUFoNEIKQWhlQUZpRUVybzdYYnM3TXNuVU80SWQyYUprQ2txZXBqRjRGQW1k SG81OEZDUWVVa0VzQUNna1FhSmtDa3FlcApqRjRoWHhBQXJReEZqZjhReXBmVHpLR0MrTE1oODBu a3BxR0hrZm02UXlLbGgwSTJtN2U2dHZiVDZTczd4blVFCmcyQ256eDUvSDNzY3FDeVRjbHE3dHVG T2MxWEUwNlJ4TEswSXRNL21rMk13NmFTNGE2UWtpbXRWQlhVR2VWQ00KSEgvUUpSUmR5Yk1FaEhE YjVxVElLdEhZNVR5ZnIzdXIxU3paamJFb2g1TkE4TFl5MUVoWTFjaUxwYTdBay9FbQpSVzEyNmFx TTcrRVlCNnIrTU9VV0hZWjM0VXBUUmExTkQxR3QxU010VFk1cTFrMnhlaTVmMU9pYVZLZjlkOFZU CkZLNk1pT2RZMklZL0YySC9IZzJHajJKbHZ0c29UWnArZ2p2UU8yY0hWaXNDODJzRGtYaXlLZVJM TG8zTXQ2bzQKUStyZFZMdWIyUjlZWkxPWHhQQWZtYXN3cUZSQnFrMUxYSzZqOVFNYlhvcVZvRDhw YWJnOWJMa1RBb1B6M3JYUApPYW45SHRkVVRQQ1BnbTNhUEJUT0t2RnZuY2VNS3VJV0NjQ1pUb1Bo a245Ulg3K0NyWGREYlFCbzAvcm0xZHdCCmRGeFBJTm1WMVMrZngzVVhYZmRpc2JxRlE3NDNIVks2 SjhnZ1Z2b1RSZy93c2dUOEtJYkNrOXlYSGJZblVUTmMKY2lXY29LTlk0U2RwRUZTVjBrMlJtZmE5 U1RNNW13UFE5c0R1NU9kMTdYa0Q0OUVVMXVvQzQxMkRMenBhU1NXdQpYOWJEOFZSK0dhRzdmMmxC anRTdkdERjVJdEJIQU10N1BhdEFtaVZYWEx2V0dkc0I4bm9jM3phNEQzOXZVd2Z0Ck53QmdIVUhH M2UxTjRRYTMyUmVYM3pjYXZWQ3hjLzVVN00yR3g2YVdlV3RFRWJ2dXlqMjVBUTBFWTN1RFJ3RUkK QUxReU9vcm8vRFZHTzV0RXJXdUJyd3BmY0lPMU8zT05iclV2UUYzQVZQbm5UV1o2NGVtaVJwbkVT ZWk4UUtBNAp0emdLSnZETDd0UVM3MlRrRllSaFh0djlWYm5VQk1VWHJCSFJDMkZwdWtMMFhoT29B dFd1TTRnWW0vVk16ditnCjV6eVBBbTR2ODVqRkpqOFdvbEJDOHA3Qm0yT3hWdWdvTVh5SFZxalFJ YTl5SHl0NVZJMzcyUGk1RzdPUStwK3MKTlFsdDdxZk1reElSMXNhMGFVRytKL1BIa0FTYXNVcis3 MkhKZVVOYjlZODZheFJsdWFKc1duSDF4R2ZDZlVWUApZNVd4OXdUZHQwdlA1TW54U0dEOFVzcTJQ cXpLTWRYa3pqN1dBZjBTT3NVWS90NlNrRHJ5Z1hLcjFaT2ZSTG8zCmk1UEVqaTlqcFFsY2lpZzVs UnRGV0FjQUVRRUFBWWtEMGdRWUFRb0FKZ0liQWhZaEJLNk8xMjdPekxKMUR1Q0gKZG1pWkFwS25x WXhlQlFKblI2UGFCUWtIam9lVEFhREExQ0FFR1FFS0FIMFdJUVE1QmtsRytSR2JHb1RkdzUvQgox T25Wck9oU21nVUNZM3VEUjE4VWdBQUFBQUF1QUNocGMzTjFaWEl0Wm5CeVFHNXZkR0YwYVc5dWN5 NXZjR1Z1CmNHZHdMbVpwWm5Sb2FHOXljMlZ0WVc0dWJtVjBNemt3TmpRNU5EWkdPVEV4T1VJeFFU ZzBSRVJETXpsR1F6RkUKTkVVNVJEVkJRMFU0TlRJNVFRQUtDUkRCMU9uVnJPaFNtbUR2Qi8wZmtC S1NTZmZiWkRsTTROK2hTMElzYTdYNQpXVXhMZDVhUkh3cENjeGh3RytsdG1zU0dYLzB0TGtwYmdh Tkoya0JSQ0pMbGQzTlVQYyswWEthbVZ4UUVXUysyCllnU3J1SWF5aHVMdXdCM0tTUFZGZ1N4TkNU VVhRczBuOUFTaWp6dlJPWS9NK3VGSHY0bjl1aVlSQ2ZtY3p3dnAKR3ZodWluYVBuOWNhWWFOUFh5 SXF4VTRBNTFlN1ZvM0dWRjF5eUlWR1JOK3RSQlJCZFAzeEJDRkYyYTZVOXRsNwpzaUJDQXJHWU1Q NTJjQlM3ZCsvV3hpaEVBQVFONTVNTm1Hc1dyVnQvaHRHRjhIam1rZ1B4T2FHakJYTWNtb3R1ClVt RjBSVFJtYmwrZElxZ05jZjZOM2h2NnlRcUNSaGp6UEMwMGw0MUlCblkwaktQQU5zZFpZOGV2MUw5 NUNSQm8KbVFLU3A2bU1YbU5ZRC85cGx3cGlUMElFVkUvb3dxMFFzdzk0R0p3S3dEamhGSWFzUjRY RmFDcWxMMWlUS2cwaQpucy9haCtrcmxLVVdoN056aTVhWTNQbVlrWGVtZkxYWFF2R1djanIxdjJC cWxyR21XNmZXeXllTzBpZ2dWNTZjCm1sRTUvOHJ3YkdPR2dlZFBTQnlMVFVtWVBPRWFiV21tYmdn a0laWGlabzZ3Ymd0SVc3WFA3bXNEbmFNMnQycVUKMm9janE5UmFYbHNDOU1YdzN6THpnTU0xU3Mw ZHFTMTNzdWlPb1FjdU0rbEtrMlRuK2NtaXZ1VFpnWHQ3dW04NwoxV0VIb0hJZnJxazQzYmtrN3Mx VUMwQXRBVU1FQmpKVVlLMjIxV3F4dHhST0x6SFNPTTBZKzZwN3VGdGtEcGlSCmpSbUxYTlZwVXJs eHlXQ0N4VTNHL0JYbWNZVHViRHkzb0ttMWNnd0U3ckhSdTkrcjh0Ry9pajNkOXVoTG1iTFMKNTNq Y3d1c001OUtCNWtPdHA3akMvSURERDVvbVkreG1FdGUva2FjNXRPRk5RSFBBbGI2RFJwNmxmeTFI NldvUQpuR1hiMy9pSEk4dCt2anROL1VSbW9FTkp0dHV4R0l0Wm1BYzJMSXJtQTk3WHVWR1ByZmlj dTlReU5NMDY3ME81CnJ3NjdpR2ZneUQ0cnM3OHJlNDZ4WDJxQTlmcVFEM2xvSmtlOVhHdzZvQTZM TEpmUEV1RFdrRERoL1k1WTJDUU0KNXJyeThtSVB3bWhhd2N2cTFXTFRGR3ozcVo3TlUvS3RvWXpv S1ZvaElXNjhMV0hCcFZHeVNOcWMvd0x0dHAzTgo2ck54cHhUTDFZZE43ZHhGam1xd21FR2FFT1dS NnhrS3dySEJsWWpxK1A4OHhNalFzYnFVdEUvbXZMa0JEUVJqCmU0TnpBUWdBMFBtSklHcHhnYjlq Y1V5cTRWUHZYMXVuQ3lGdU0wcVBFMytaTUNSM3BVWWJTRGJSVE5DOWVlYXoKVURzWnBvSDhVNkhB UUhsNmxjZXB2cE56aWRvWGxJcXdHOG1NVEdxWHJ1WUFuQ2tEWnBld3VvdnFZR0hOVVpvMgpHTCt0 V3M0ZVdTVkRjcWtjaE9TZHBkSFZzaDdVZG5vai9odlpjY0ZsbUxwdGQ5MmJXR3NtOTVBenR5MTdX NjdICllmVmZhQlVXTmYzWVVuV01JVm0xSlVHSmdnVVh0Z0dLdjBrVGRzVnJZaEMwZk85VUhGTlY0 UzI1L0o5aGVjZFcKb3ArKzMrODdyTnl4WHN5elB1Y3Q1TXJSQW8zOUt2LzNZNXhnd01rL29RTkJI RHIrYmErU29yREdYdVJqVnNiRgphc1ExcVpoOTJSdE1vZ0o0dGJmd2w2WnV4WldkUlFBUkFRQUJp UUk4QkJnQkNnQW1BaHNNRmlFRXJvN1hiczdNCnNuVU80SWQyYUprQ2txZXBqRjRGQW1kSG85b0ZD UWVPaDJjQUNna1FhSmtDa3FlcGpGNWtFQS84RFRqelBkYTYKZlBIcmp1OXo4TGhHNGtxVHlXU0hP ZVVYMmlOcy9Hb3RXeUNKZzB3U3o4TERkUEFwVUpOY21uTVBaYW4vY3YzQwpHMytLWmttNHFpSlY2 L3hJNGNBRU9XdE1uQVA4Qk80cGtCc2pKSmtBQW9NT0ljMm5nWlB2ZzNnekQzbjE0WE8yCnRiMnFZ dzNOcExDYWhPWlNKRmlncUNQQUs5cmY0cWNkT2J0bk9weGZ3V0VQeW9IcDMvem9lNThCc2p0OEg4 ek4KYkppN3B0Qy95L3lLRk00UGFCblR6Nk1hT1B3dFhZRWtNTkdtcnRyd3ZTVnRXWGNhRFZ3MGE3 dmlDRGZXOElhQwp6Vy9QYnhaa0g3NXhTYkd5ZEVVYzQzTHBYMEdBNjVRNS83UE5Qa0FNQ2JEakQ1 RElxcTYvdnZKR3Nmdk13V0VRCjBITTBSb3JuS2svbGdSRnNLTVJ6eEVZOHdlUXhtc0wvempkUHd4 R0sxMTBCUWtmOVN1azhsNDNVak1KSUxDQU4KZkVzMTBrY2VsT1RsaWlwMHFQTTBSeGViVFp0TGI3 MCtSalFCdVBxUnZtVlQ4aERBZVJuVTZnZ1hYQ2pyM3VPdwo1c3ZvV2JPaUxnT2RKNUE4WjNVZytX aEFZc2paSWFqRFUzbFJvbVZwQUlZODBZQU1WWFEyRHJIdG1XYzc0Q1F5Ck53UG5KV3R3cnppakFi M1RrT1IrVnVrdHVpUW5qVFBnRWxQNWJGNlZxbTRwRzZwZU1udFJaWkdHTW9uM0ozSFYKUWg0YkdS bTJrajhGdzRRVmVFNWljZkJtdUFzcDhsQWFpbDBBYmNkT3FYclVPQ0xBSnozUU1YL1R6Y1pGQU9o VAo3Mk5nN2JvMUlMUjJsSk1YMDNkM1dKTE1XWENvdmlpUnhCTzRNd1JqZTRVdEZna3JCZ0VFQWRw SER3RUJCMEE4CldGazdXRElta2REbk5PMFVaV2o1S09LSCsxQlE0d3FIWmdxRTE1KytjSWtDUEFR WUFRb0FKZ0liSUJZaEJLNk8KMTI3T3pMSjFEdUNIZG1pWkFwS25xWXhlQlFKblI2UGFCUWtIam9X dEFBb0pFR2laQXBLbnFZeGVzZThQL2lrcwp4SlIvMUlhaTlUTGVpb3dPKzZKZU55SkoxaDNWNWYr UGp2ZmpwcDF2Y1h6TEtPdGtwOXpKUEcvWXBkdDI3MUM4CmZDdHZvMEJQcmhncysyeG5ZZDZmYisv S2JjRjdHazdyblRkRWZqVS9BTHdBYk8yNTFwaUpRcHVTY3FyUGNtbXMKL1NkUzdhYzB1MThaZFY5 WUE4N3BXbFNIUytnaHpQOUwxMzNmL0hDNGhTTHByMTYzOFozd1VpNlRhWGFOQVNqeApCVi8vQzJr T0ZWenpBcjRyR2ZPMFN4UUZ3NFlPMFVCWTZESGxmNFRXbTlkTTZONks1ZHJyNFFheVh3QXdzWGRX Ckt1Sjg3VTZ3Uk1rdzZqZXQxSXpqZFBwRUszSzRFejdXbUx1TlJLUVR5UUNoNjZQTHVzMGtIcEdS VWR2L0h4NnYKaFRmbmxYWk5TRGVKc3grOGxvQnpiOW1EUFdGQi9pVCtZYmlJY2R6TVZ6bzc1UE9C cFh3TnNZcm5SQ1JCckFSLwo2L2pyRmY0aXVDUVJmK29NWDhCUlJsUVNXVlZPSnQxZGRKeUZmbHhl MEpWd1RONG5sekZ2Yi90ZGF2YzZMeFg4Ck55Vm1MMkxxeEhWT3dVZHV2T2RuL25iVzZmdTlHNGU4 SDhlWGdLTnNVYnZNSW1rQ1d2UUZUd0EwblUyaFVUbXUKVkc0cFBENWxuWS9QRDhCWXhRN2R1YmZ0 WlZVZmdvVTl4VVM5Q0F2RzNtTG93eTI4UHVwVEtFUDhvdStETzNFVApCY1pRRUtYdmpPLzBYZmtJ bTNCTFNnVThXRDZPU3NpWnhQcEFBQ0pic09OQnNpRmdZZ2dTM3c3LzdYRGtPSGVwCktFU2REYy84 VHdjUFhCOVpRRzROdUM1c05YRjV2Z0ZBU1FwUnN1dzQKPUpQbXkKLS0tLS1FTkQgUEdQIFBVQkxJ QyBLRVkgQkxPQ0stLS0tLQo= --8cad18959c7238ec5cdd11cbd1c99ebb2a076d392668c8002ea3cf9f8d40--

--3e386427ce034ad6686b7d9a99f2f4461186d8a2c68d1566967d34737569
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQGiBAABCgCMFiEEOQZJRvkRmxqE3cOfwdTp1azoUpoFAmgbt85fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDM5 MDY0OTQ2RjkxMTlCMUE4NEREQzM5RkMxRDRFOUQ1QUNFODUyOUEOHG5hdmlAdmxo bC5kZXYACgkQwdTp1azoUpqfXwf+JYilX8G5MYVh+24mZxzH8jz8I/iCuLpqx7js AE76Y+Ew+zzvA4b3ch7LbRXcQcVH2uRIsyNDd1T3PIVv31q5NDYNuxktn2k7CWza Kzb/tGB5ICIZ3DpaO1zdtml2eCO6R02sG85D+4Ajr5rGkyopZ9o3wLXJ1LP66OpA rORnp9lnruBcllnNAxBJEkG4c4hQNQou5F8ErpRh2Q1A7m5GN4We9EiyO56N/DVq N9c/dy8RxcQ+U5dz4iFGV1Kc6/AIWudUbQzOAbVvbdIUSVa266GX/Tn64/jfeoTa 2fsYA/ndA1vQ9GcaLVKBgWcJMTus4gXYItAEE9kZbYHV/4s6qw==
=2FVA
-----END PGP SIGNATURE-----

--3e386427ce034ad6686b7d9a99f2f4461186d8a2c68d1566967d34737569--

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------UzAvLTVHAW0O1nwlaRx0Iu0a
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 5/7/25 3:13 PM, Wol wrote:

On 07/05/2025 17:39, Anna wrote:

   If I had only one disk, I'd just make one big root partition. But   >> there are two SSDs, and I could need more than the smallest (111,8G)  
disk allows to fit. I could combine them into singe logical
partition   using LVM.

So, I'd take the smallest disk, and make it /efi (or /boot) and /. I'd
also disagree with Eli about a tiny /efi. If you want to multi-boot
you'll be up a gum tree (yes, you can have multiple efi partitions blah
blah blah, but - I think it was SUSE - defaulted to a tiny efi and I had
to wipe and rebuild the laptop). Make /efi about 512MB. The rest of it
will make a big / partition.

If you want to multiboot, then you... tell grub-mkconfig via os-prober
to scan for them?

It operates precisely the same way booting to Gentoo does. From grub's perspective, *all* operating systems are sets of external OS partitions
and possibly boot partitions or possibly /boot directories. It will
assemble a grub boot menu that mounts the /boot for that multiboot OS
and loads the kernel, as normal.

This is the biggest reason to go without a large efi partition, because
it *just works* instead of worrying about whether your EFI is big enough
to support arbitrary future kernels of arbitrary future OSes.



--
Eli Schwartz

--------------UzAvLTVHAW0O1nwlaRx0Iu0a--

-----BEGIN PGP SIGNATURE-----

wnsEABYIACMWIQTnFNnmK0TPZHnXm3qEp9ErcA0vVwUCaBu6WAUDAAAAAAAKCRCEp9ErcA0vVw2c AP47FodceEY6nfc8N3lLXTqdWIDQW6MlfMMA2fmCAXJLgAD+Lb2CTUzTRuD/81+ySSGNiyd2gKA8 ApgCCuOpDwBNygg=
=WDsQ
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wednesday, 7 May 2025 17:39:47 British Summer Time Anna wrote:

Hi! I'm not satisfied with my partition layout, so I'm considering
changing it. It currently looks like this (/dev/sda and /dev/sdc are
SSDs, /dev/sdb is HDD):

$ lsblk -A -o NAME,MODEL,SIZE,FSUSED,MOUNTPOINT,FSTYPE
NAME MODEL SIZE FSUSED MOUNTPOINT FSTYPE
sda Samsung SSD 850 120GB 111,8G
├─sda1 128M 36M /boot vfat ├─sda2 45G 40,1G / ext4 └─sda3 66,7G 50,5G /home xfs
sdb SAMSUNG HM321HI 298,1G
└─sdb1 298,1G 13,1G /mnt/storage ext4
sdc Micron_1100_MTFDDAK256TBN 238,5G promise_fasttrack_raid_member ├─sdc1 39,1G 27,3G /var xfs
└─sdc2 199,4G 144,5G /home/cyber xfs

It's currently full of ugly workarounds: at least 20G belong in /var
rather than /home.

My wishes for the new layout are:

* Encrypted /home partition. The rest of the system should stay
unencrypted so it could be restarted by someone else without my
intervention.

You can use fscrypt with ext4 or f2fs and each user will be able to have their individual home directory encrypted and decrypted transparently with their login credentials using PAM.

Or you can use luks for whole fs/partitions.

Though if /home is not decrypted right after reboot, it will lead to
failed mail delivery to maildirs, until I decrypt it.

You can look at alternative arrangements for mail if this is a problem - others have commented already.

* Flexibility. I don't want to face this ugly situation again.

If I had only one disk, I'd just make one big root partition. But
there are two SSDs, and I could need more than the smallest (111,8G)
disk allows to fit. I could combine them into singe logical partition
using LVM.

If I decide to proceed with LVM, XFS will be a bad choice because it
cannot be shrinked. So I'll need a different filesystem, like ext4,
Btrfs or maybe even ZFS?

I'm not entirely clear what is the ugly situation you mention, or what may be your current and emerging storage requirements. More space for home? Applications? General data? Redundancy? Frequently changing storage space requirements for home or for some other directory/fs?

There are different ways to achieve any of the above. You could use LVM with ext4 or other fs types. Or instead you could just use btrfs with '-d single' to add the SSD disks together into one large linear storage space. You could have /home as a subvolume and /var as another subvolume on the same btrfs fs. You can have further subvolumes nested within the above if required and snapshot them separately. Each of them will share the overall fs size, thus 'flexing' their space usage as they need to, without you having to resize individual fs/partitions. Some planning up front would be required.

Managing backups is relatively easy with btrfs snapshots and can be automated.
However, you must keep an eye on space taken up by snapshots if you store them on the same fs, because btrfs won't like running out of space.

Since /dev/sdb is HDD, you can 'mount --bind' /var, a swapfile (or create a partition) and any other frequently re-written fs on /dev/sdb, instead of your SDDs. That said, SDDs are quite resilient these days - a spinning drive could potentially die before your SSD.

Booting without initramfs will not be possible anymore, so I'll likely
need more disk space (how much?) for /boot, which can not be a logical partition if I wish to continue using EFI stub kernels.

Booting without an initramfs will still be possible, there's a lot you can include within a unified kernel these days. Especially so if you do not need to encrypt the whole of the OS.

And the last question: is there point in Secure Boot without FDE?

It depends on what you are trying to protect yourself from:

https://xkcd.com/538/

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEXqhvaVh2ERicA8Ceseqq9sKVZxkFAmgcx+YACgkQseqq9sKV ZxnzuQ/9E5DPX3R7iETN08l4dx+k0WzcKj0o0NrFV+eLbS+ZVwFFI0Dm7BLu2Vc9 bz3K9uN+sc3XQPPyG5jgEXKsm2AFqfzC6nVdHii4xk++9RhBwFlggu6cQPWUzfkZ TS5b8aIy9DTLdEv7xBbS612Gg4ZKuMohOU7hSGO1hxl8gaDAkpe4lmI2Q22yu97d 9iD8Wpw5kYrJMNsJGkN9+oTJYOTxuCcxUqJD6AM6VgqF9PWsx2L+AY5a69wd6vMl zLfTdkAI9BpgQsH8/WvFRPozqzYN3LHngKlAxrkYlm4X4oi+ZVduuLWgEMwht8yg 6yGa+cUNAtDAJ+3bdrEN62EZ4kpkOiKe8G51c9aB/OFS64dc4iGEhEFs4SIQv4PQ UGggjUMsoaZClvmNglFe2xtS89U8f63MHobfBAj6RaZzGBPJTzJDNWL47n+pF/FT WD0737Kbu1AQYG6MQ7U/82WVq0jl+JX09JiUD8yG6OWhLJMJeP8lykqRTjz+OdzO olS6DiXo0l0yj738zD1K+tp3/BVs5DL58bN8126QXnz3940aUfkGKQs3M36fdHuH 6xUR+kzh0/V+6TjcdMLc/9+1f0ZbyNcwVayZOlmt1Bvb+ifmT/S+G9lfxV+ALPaA ex3dcyfTHE/1VnrfT4nkC8wnQ6GdxnRhlcgn5ySO9sH5dgrQr3c=
=PMTC
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Thanks for the feedback. I came up with the following "LUKS on LVM"
scheme:

NAME SIZE TYPE MOUNTPOINT FSTYPE
/dev/sda 111,8G disk
|-/dev/sda1 32M part /boot/efi vfat
`-/dev/sda2 111,7G part
/dev/sdb 298,1G disk
/dev/sdc 238,5G disk
/dev/vg0 350,2G lvm
|-/dev/vg0/lvol1 150,2G lvm / btrfs
`-/dev/vg0/lvol2 200G lvm
`-/dev/mapper/home 200G crypt /home btrfs
/dev/vg1 298,1G lvm
`-/dev/vg1/lvol1 298,1G lvm
`-/dev/mapper/storage 298,1G crypt /mnt/storage btrfs

It is important that /var is not located on a separate partition in
order to utilize the benefits of copy-on-write for installing packages.

sys-kernel/installkernel[grub,systemd,ugrd] will be used to generate and install initramfs.

And I'll look into my OpenSMTPd and Dovecot configuration for options.

So, planning is done, time for backing my data up and doing actual disk manipulation.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 09/05/2025 11:10, Anna wrote:

And I'll look into my OpenSMTPd and Dovecot configuration for options.

When you configure dovecot, I missed this first time round, but the
standard configuration chains to a local config. Make sure you create
and use the local file, and don't edit the one that comes with the
package, and your local config won't get overwritten by upgrades.

Cheers,
Wol

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)