[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: btrfs recommended layout for snapshots?
From: |
Efraim Flashner |
Subject: |
Re: btrfs recommended layout for snapshots? |
Date: |
Tue, 15 Aug 2023 17:33:27 +0300 |
On Mon, Aug 14, 2023 at 04:41:52PM +0200, Nicolas Graves via Development of GNU
Guix and the GNU System distribution. wrote:
>
> > - either not snapshotting the rootfs / at all, with the hypothesis that
> > we get it back entirely from config files. Is that possible ? Is there
> > information in / (I think of /etc in particular) that is saved, not
> > temporary and not managed by guix system that would justify that we
> > want to snapshot / at all?
> > This would allow to simply care about only a few "user data"
> > directories, and be sure to not miss anything when there's a need to
> > restore the state.
> >
> > I can't find easily a case of successful use of the second
> > configuration, but would be glad to find one, as well as some discussion
> > about what would be a recommended way to secure the state beyond
> > dotfiles.
>
> I've found some equivalent information on the NixOS side here :
> https://nixos.wiki/wiki/Impermanence
>
> Some (rare) directories indeed seem that would better be saved because
> their information is useful for the system, in the case of NixOS, it
> seems to be "/etc/nixos", "/etc/NetworkManager" (for system
> connections), "/var/log", "/var/lib".
>
> However, I have much more files that aren't linked in the store,
> especially in the /etc directory (at least 20 files).
>
> Has anybody tried to do something like this on Guix?
I'm still not using most of the features of btrfs, just compression.
Inside /etc/guix /etc/guix/acl is managed with the guix-service-type.
IMO the signing keys should be rotated if you reload a machine (or at
least properly securing them is more effort than is worthwhile), and
/etc/guix/machines.scm isn't secret. I can't think of anything else in
/etc I'd want besides /etc/guix/machines.scm.
With that in mind, the only thing I could see snapshotting is /home, and
living with the knowledge that I might have to adjust or remove some
symlinks when rolling back. As far as what inside /home/<user> is worth
backing up and what isn't, I suppose that depends on their use of
guix-home or if they want to save space by not backing up ~/.cache or
~/.var or the like.
--
Efraim Flashner <efraim@flashner.co.il> רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
signature.asc
Description: PGP signature