Hello,
This is my first post here, I’m a former system and security admin, who is now in management, but continues to sysadmin at home and run Linux and BSD. I’ve used BSD and various forms of Linux since the mid 90s. My installations are now… aged and I’m in my once a decade time to reconsider everything research. I’ve been attempting to over-engineer this and have ended up with the following questions that are mostly about getting reliable, repeatable, installs of systems that support ZFS that I can generally ignore for another decade (sans regular upgrades, but not tinkering with the general setup). For my rearchitecture, I’m working on the following systems: a few laptops, a desktop (NAS/Gaming rig/Oversubscribed), DIY router, and a Raspberry Pi.
Now, the too many (mostly offtopic for ZFS) questions I’ve wrapped myself around the axle with:
- Distro preference? (Ubuntu, Arch, EndeavorOS (dubious ZFS support), MXLinux (same)?)
-
Will it run Steam? -
Are snaps really that bad? -
Do you also hate systemd? Or learn to love it? -
Is it stable and secure? (Am I overvaluing Canonical's support vs. community support?) - SecureBoot, is it worth the pain? Or does everyone just turn SecureBoot off? Everything works with it off, but I feel like I’m stripping out critical security. There’s dubious documentation to getting SecureBoot working with ZFS reliably. I’ve got shiny new hardware and have a security background and have spent way too much time trying to make it work…
- Related, preferences for Refind vs. UEFI?
- Swap file on disk vs. swap partition? Encrypted or not?
-
I've seen and noticed that without a swap partition, that performance sucks, even with lots of physical RAM. Thoughts on how best to address this? - ZFS Boot Menu (Seems preferably vs. default ubuntu installs, yes?)
-
Preference for Sithuk script vs. manual installs -
Setting changes to use the downloaded ISO files vs. network download (I've got the live install right there... any way to bypass the debootstrap to the Internet) -
Repeatable installs - I'm attempting to build and rebuild to regain familiarity with newer means of doing things until I have a "clean" install. I've limped old systems along with installation faults and too many upgrades because I didn't have an easy means of rebuilding without losing all of my random customizations. -
ZBM isn't signed by default, right? Which may loop back to my SecureBoot question. - Different encrypted datasets for data types?
-
Personal documents (financial, small file size, etc.) -
Photos & Videos (from phones/cameras) -
Plex content: DVDs, Bluray, Music - Encrypted dataset questions:
-
Do you do encrypt at the pool, dataset, or nested dataset? -
Depending on which you do, where do you do your establish your raw send for backup? -
Can you do nested dataset encryption? (or is this inadvisable, and where do you store the different keys?) - Seperate Pools for NVMe and Rust?
-
I've heard/read Jim's comments about NVMe and regret my storage purchases but am past return windows... but I had these spare NVMe PCIe channels available. :) -
Do you allocate spare devices to your pools / mirrors?
I would appreciate any thoughts, opinions, random rants that you have available on any of these topics. It might help me stop rebuilding my systems and settle on a stable configuration and get on with things instead of engineering it to death.
Thank you!
