97 lines
3.1 KiB
Plaintext
97 lines
3.1 KiB
Plaintext
### Debian GNU/Linux with read only root filesystem.
|
|
|
|
* Example:
|
|
/dev/sda: SSD disk (solid state disk)
|
|
/dev/sdb: HDD disk (mechanical disk)
|
|
|
|
/dev/sda1: /
|
|
/dev/sdb1: swap
|
|
/dev/sdb2: /home /tmp /var/tmp
|
|
|
|
* Install Debian in /dev/sda1
|
|
|
|
* Boot Debian in /dev/sda1
|
|
|
|
* Update & upgrade
|
|
apt-get update
|
|
apt-get dist-upgrade
|
|
|
|
* Mount HDD disk
|
|
mount /dev/sdb2 /mnt
|
|
|
|
* Make /tmp directory
|
|
mkdir /mnt/tmp
|
|
chmod 1777 /mnt/tmp
|
|
chown 0.0 /mnt/tmp
|
|
|
|
* If needed, copy all users data from SSD to HDD
|
|
rsync -av /home/ /mnt/
|
|
rm -fr /home/* ; rm -fr /home/.* <-- CAUTION!
|
|
|
|
* Get the UUID of the partitions
|
|
Example:
|
|
blkid
|
|
/dev/sda1: UUID="505267d4-ad80-4eae-b6ed-ebfec59e4748" TYPE="ext4" PARTUUID="60a30271-01"
|
|
/dev/sdb1: UUID="6b684928-5786-4882-af6d-b9d8c98bccf0" TYPE="swap" PARTUUID="5e1c8d9b-01"
|
|
/dev/sdb2: UUID="30e81e2b-faaa-43a4-b188-db37c13588a6" TYPE="ext4" PARTUUID="5e1c8d9b-02"
|
|
|
|
* Edit /etc/fstab
|
|
UUID=505267d4-ad80-4eae-b6ed-ebfec59e4748 / ext4 noatime,errors=remount-ro 0 1
|
|
UUID=30e81e2b-faaa-43a4-b188-db37c13588a6 /home ext4 noatime,errors=remount-ro,x-systemd.requires=/ 0 1
|
|
UUID=6b684928-5786-4882-af6d-b9d8c98bccf0 none swap sw 0 0
|
|
/home/tmp /tmp none bind,x-systemd.requires=/home 0 0
|
|
/home/tmp /var/tmp none bind,x-systemd.requires=/home 0 0
|
|
|
|
* For optional NFS server, add in /etc/fstab
|
|
[NFSSERVER_IP]:/path/to/nfs/share1 /media/share1 nfs _netdev,rw,noauto,user,users,noexec,nosuid,nolock,noatime,nfsvers=3,sec=sys,udp,rsize=32768,wsize=32768 0 0
|
|
|
|
* Reboot. Check if all working fine.
|
|
|
|
* Install bilibop.
|
|
apt-get install bilibop
|
|
|
|
Do you intend to install bilibop-rules on a Live System ? --> No
|
|
What kind of GRUB device map do you want to use ? --> a dynamically updated device map
|
|
|
|
* Clean.
|
|
apt-get clean
|
|
apt-get autoremove
|
|
|
|
* Make root filesystem as readonly.
|
|
Edit /etc/bilibop/bilibop.conf
|
|
BILIBOP_LOCKFS=true
|
|
BILIBOP_LOCKFS_POLICY=hard
|
|
BILIBOP_LOCKFS_SWAP_POLICY=soft
|
|
BILIBOP_LOCKFS_WHITELIST="UUID=30e81e2b-faaa-43a4-b188-db37c13588a6 /home/tmp"
|
|
BILIBOP_LOCKFS_SIZE="/=64M"
|
|
BILIBOP_LOCKFS_NOTIFY_POLICY=never
|
|
|
|
BILIBOP_LOCKFS_WHITELIST: partitions from /etc/fstab in read-write
|
|
mode. Whitespace separated list of mountpoints or device names
|
|
as known in fstab.
|
|
|
|
BILIBOP_LOCKFS_SIZE: RAM size of the overlay writable branch.
|
|
Whitespace separated list of mountpoint=size pairs.
|
|
Sizes can be absolute (suffixed with k, K, m, M, g or G),
|
|
or relative to the total amount of RAM (and suffixed with %).
|
|
|
|
* Rebuild the initram-fs.
|
|
dpkg-reconfigure bilibop-lockfs
|
|
|
|
* Reboot.
|
|
|
|
* Later, to make permanent changes:
|
|
Reboot
|
|
In grub menu, press 'e' to edit the item.
|
|
Add 'nolockfs'.
|
|
Press CTRL-X to boot.
|
|
|
|
Make the changes.
|
|
|
|
Rebuild the initram-fs.
|
|
dpkg-reconfigure bilibop-lockfs
|
|
|
|
Reboot.
|
|
|
|
* Done!.
|