Re: btrfs recommended layout for snapshots?

[Efraim Flashner <efraim@flashner.co.il>]

[-- Attachment #1: Type: text/plain, Size: 2422 bytes --]

On Mon, Aug 14, 2023 at 04:41:52PM +0200, Nicolas Graves via Development of GNU Guix and the GNU System distribution. wrote:
> 
> > - either not snapshotting the rootfs / at all, with the hypothesis that
> >   we get it back entirely from config files. Is that possible ? Is there
> >   information in / (I think of /etc in particular) that is saved, not
> >   temporary and not managed by guix system that would justify that we
> >   want to snapshot / at all?
> >   This would allow to simply care about only a few "user data"
> >   directories, and be sure to not miss anything when there's a need to
> >   restore the state.
> >
> > I can't find easily a case of successful use of the second
> > configuration, but would be glad to find one, as well as some discussion
> > about what would be a recommended way to secure the state beyond
> > dotfiles.
> 
> I've found some equivalent information on the NixOS side here :
> https://nixos.wiki/wiki/Impermanence
> 
> Some (rare) directories indeed seem that would better be saved because
> their information is useful for the system, in the case of NixOS, it
> seems to be "/etc/nixos", "/etc/NetworkManager" (for system
> connections), "/var/log", "/var/lib".
> 
> However, I have much more files that aren't linked in the store,
> especially in the /etc directory (at least 20 files). 
> 
> Has anybody tried to do something like this on Guix?

I'm still not using most of the features of btrfs, just compression.

Inside /etc/guix /etc/guix/acl is managed with the guix-service-type.
IMO the signing keys should be rotated if you reload a machine (or at
least properly securing them is more effort than is worthwhile), and
/etc/guix/machines.scm isn't secret. I can't think of anything else in
/etc I'd want besides /etc/guix/machines.scm.

With that in mind, the only thing I could see snapshotting is /home, and
living with the knowledge that I might have to adjust or remove some
symlinks when rolling back. As far as what inside /home/<user> is worth
backing up and what isn't, I suppose that depends on their use of
guix-home or if they want to save space by not backing up ~/.cache or
~/.var or the like.

-- 
Efraim Flashner   <efraim@flashner.co.il>   רנשלפ םירפא
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]