### Debian GNU/Linux with read only root filesystem.

* Example:
    /dev/sda: SSD disk (solid state disk)
    /dev/sdb: HDD disk (mechanical disk)

    /dev/sda1:  /
    /dev/sdb1: swap
    /dev/sdb2: /home /tmp /var/tmp

* Install Debian in /dev/sda1

* Boot Debian in /dev/sda1

* Update & upgrade
    apt-get update
    apt-get dist-upgrade

* Mount HDD disk
    mount /dev/sdb2 /mnt

* Make /tmp directory
    mkdir /mnt/tmp
    chmod 1777 /mnt/tmp
    chown 0.0 /mnt/tmp

* If needed, copy all users data from SSD to HDD
    rsync -av /home/ /mnt/
    rm -fr /home/* ; rm -fr /home/.*  <-- CAUTION!

* Get the UUID of the partitions
    Example:
      blkid
        /dev/sda1: UUID="505267d4-ad80-4eae-b6ed-ebfec59e4748" TYPE="ext4" PARTUUID="60a30271-01"
        /dev/sdb1: UUID="6b684928-5786-4882-af6d-b9d8c98bccf0" TYPE="swap" PARTUUID="5e1c8d9b-01"
        /dev/sdb2: UUID="30e81e2b-faaa-43a4-b188-db37c13588a6" TYPE="ext4" PARTUUID="5e1c8d9b-02"

* Edit /etc/fstab
    UUID=505267d4-ad80-4eae-b6ed-ebfec59e4748   /           ext4    noatime,errors=remount-ro                       0   1
    UUID=30e81e2b-faaa-43a4-b188-db37c13588a6   /home       ext4    noatime,errors=remount-ro,x-systemd.requires=/  0   1
    UUID=6b684928-5786-4882-af6d-b9d8c98bccf0   none        swap    sw                                              0   0
    /home/tmp                                   /tmp        none    bind,x-systemd.requires=/home                   0   0
    /home/tmp                                   /var/tmp    none    bind,x-systemd.requires=/home                   0   0

* For optional NFS server, add in /etc/fstab
    [NFSSERVER_IP]:/path/to/nfs/share1  /media/share1  nfs     _netdev,rw,noauto,user,users,noexec,nosuid,nolock,noatime,nfsvers=3,sec=sys,udp,rsize=32768,wsize=32768     0   0

* Reboot. Check if all working fine.

* Install bilibop.
    apt-get install bilibop

    Do you intend to install bilibop-rules on a Live System ?   --> No
    What kind of GRUB device map do you want to use ?           --> a dynamically updated device map

* Clean.
    apt-get clean
    apt-get autoremove

* Make root filesystem as readonly.
    Edit /etc/bilibop/bilibop.conf
        BILIBOP_LOCKFS=true
        BILIBOP_LOCKFS_POLICY=hard
        BILIBOP_LOCKFS_SWAP_POLICY=soft
        BILIBOP_LOCKFS_WHITELIST="UUID=30e81e2b-faaa-43a4-b188-db37c13588a6 /home/tmp"
        BILIBOP_LOCKFS_SIZE="/=64M"
        BILIBOP_LOCKFS_NOTIFY_POLICY=never

    BILIBOP_LOCKFS_WHITELIST: partitions from /etc/fstab in read-write
        mode. Whitespace separated list of mountpoints or device names
        as known in fstab.

    BILIBOP_LOCKFS_SIZE: RAM size of the overlay writable branch.
        Whitespace separated list of mountpoint=size pairs.
        Sizes can be absolute (suffixed with k, K, m, M, g or G),
        or relative to the total amount of RAM (and suffixed with %).

* Rebuild the initram-fs.
    dpkg-reconfigure bilibop-lockfs

* Reboot.

* Later, to make permanent changes:
    Reboot
    In grub menu, press 'e' to edit the item.
    Add 'nolockfs'.
    Press CTRL-X to boot.

    Make the changes.

    Rebuild the initram-fs.
        dpkg-reconfigure bilibop-lockfs

    Reboot.

* Done!.