William Morder wrote:
Yes, this was more or less my plan. It was yourself or another who suggested the logical volumes inside sda2, and yes, I was also planning to encrypt, although I wasn't sure of the method. (I've previously used truecrypt, easycrypt, and variants, but I needed something to encrypt everything from scratch.) I will look into luks.
crypt luks layer comes first. look below I post some of my notes - you must update the values to match your setup
I ought to say, too, that I intend to backup the contents of my flash drive somewhere secure (say, online ...?), but I haven't quite decided that. My O.G. friend has some kind of secure storage on a server that he has been using since about 1970 or so; I was thinking of some kind of server with an onion address, so that I can go to the library, etc., and download my system to a flash drive.
why not buy another usb stick and replicate the first one - keep the second at home or wherever is secure
I believe I have the basic idea for how to partition my hard drives according to my needs from what was said earlier about creating logical volumes inside sda2. The rest is just working out what I want to backup from /opt, /etc, and so on.
You don't backup things you can easily recreate (for example default installation and config files). You also design your backup by asking yourself how you would eventually restore. In any case nowdays usb3.1 has amazing speed and I just bought few days ago usb3.1 64GB. I was also thinking to make a rescue system out of it :)
Notes:
CRYPTSETUP
WARNING! The following command will remove all data on the partition that you are encrypting. You WILL lose all your information! So make sure you backup your data to an external source such as NAS or hard disk before typing any one of the following command.
In this example, I'm going to encrpt /dev/sdb7. Type the following command:
# cryptsetup -y -v luksFormat /dev/sdb7
Open the crypted device
# cryptsetup luksOpen /dev/sdb7 backup
LVM setup
Create physical volumes
# pvcreate /dev/mapper/backup
Create a volume group
# vgcreate G750lvm /dev/mapper/backup
Creating a logical volume
# lvcreate -L50G -nroot G750lvm
# lvcreate -L150G -nhome G750lvm
# lvcreate -L2G -nswap1 G750lvm
# lvcreate -L2G -nswap2 G750lvm
After rebooting the system or running vgchange -an, you will not be able to access your VGs and LVs. To reactivate the volume group, run:
# vgchange -a y G750lvm
Check the dm device
# ls -l /dev/mapper/backup
or use following command
# cryptsetup -v status backup
You can dump LUKS headers using the following command:
# cryptsetup luksDump /dev/sdb7
Close a dm device after unmounting it
# cryptsetup luksClose backup