16 Apr
2018
16 Apr
'18
10:05 p.m.
William Morder wrote:
Yes, this was more or less my plan. It was yourself or
another who
suggested the logical volumes inside sda2, and yes, I was also planning to
encrypt, although I wasn't sure of the method. (I've previously used
truecrypt, easycrypt, and variants, but I needed something to encrypt
everything from scratch.) I will look into luks.
crypt luks layer comes first.
look below I post some of my notes - you must update the values to match
your setup
I ought to say, too, that I intend to backup the
contents of my flash
drive somewhere secure (say, online ...?), but I haven't quite decided
that. My O.G. friend has some kind of secure storage on a server that he
has been using since about 1970 or so; I was thinking of some kind of
server with an onion address, so that I can go to the library, etc., and
download my system to a flash drive.
why not buy another usb stick and replicate the first one - keep the second
at home or wherever is secure
I believe I have the basic idea for how to partition
my hard drives
according to my needs from what was said earlier about creating logical
volumes inside sda2. The rest is just working out what I want to backup
from /opt, /etc, and so on.
You don't backup things you can easily recreate (for example default
installation and config files). You also design your backup by asking
yourself how you would eventually restore.
In any case nowdays usb3.1 has amazing speed and I just bought few days ago
usb3.1 64GB. I was also thinking to make a rescue system out of it :)
Notes:
CRYPTSETUP
WARNING! The following command will remove all data on the partition that
you are encrypting. You WILL lose all your information! So make sure you
backup your data to an external source such as NAS or hard disk before
typing any one of the following command.
In this example, I'm going to encrpt /dev/sdb7. Type the following command:
# cryptsetup -y -v luksFormat /dev/sdb7
Open the crypted device
# cryptsetup luksOpen /dev/sdb7 backup
LVM setup
Create physical volumes
# pvcreate /dev/mapper/backup
Create a volume group
# vgcreate G750lvm /dev/mapper/backup
Creating a logical volume
# lvcreate -L50G -nroot G750lvm
# lvcreate -L150G -nhome G750lvm
# lvcreate -L2G -nswap1 G750lvm
# lvcreate -L2G -nswap2 G750lvm
After rebooting the system or running vgchange -an, you will not be able
to access your VGs and LVs. To reactivate the volume group, run:
# vgchange -a y G750lvm
Check the dm device
# ls -l /dev/mapper/backup
or use following command
# cryptsetup -v status backup
You can dump LUKS headers using the following command:
# cryptsetup luksDump /dev/sdb7
Close a dm device after unmounting it
# cryptsetup luksClose backup