This guide shows some post system install steps and tweaks.
Rev8
Feedbacks from 2nd; add fstab checks by findmnt --verify.
First boot to tweak filesystem
Boot with the encryption password.
- "Please unlock disk sdX_crypt": (enter the passphrase of LUKS.)
- Login as root then enter rescue.target.
root# systemctl isolate rescue.target
(follow the message and re-login)
Check /var/mail owner and permission
In this method, /var/mail seems not to be configured right.
root# ls -ld /var/mail
drwxrwxr-x 3 root root ... (if this is shown, then,)
root# chown root:mail /var/mail
root# chmod 2775 /var/mail
root# ls -ld /var/mail
drwxrwsr-x 3 root mail (this is correct.)
Note
Stretch 9.9 and buster 10.0.0 ISO image still has this issue.
Setup tmpfs /tmp (optional)
To do this, you should have enough DRAM; the amount depends what you do. Anyway, since this is a modern amd64 case, you at least have 4GB DRAM.
Note
Raspberry Pi 3 which has 1GB DRAM can run Raspbian Chromium with tmpfs /tmp.
Caution!
YOU NEED APT TEMPDIR CONFIG WITH THIS.
root# rm /tmp/* -fr # Be careful!
root# nano /etc/fstab # add a line below
tmpfs /tmp tmpfs noatime,nodev,nosuid,noexec 0 0
root# findmnt --verify # and check it.
root# mount /tmp
root# findmnt # confirm /tmp is tmpfs now, and its mount options.
Commit interval shifting (optional)
Commit interval shifting and data=writeback seems to provide very slight I/O performance improvement.
Add commit=N and data=writeback options if you want.
Basically, stay on 5.
Use small, different prime numbers if you change those commit values.
root# nano /etc/fstab # and edit options
root# findmnt --verify # and check them.
| MOUNTPOINT | ext4 commit sample values |
|---|---|
| /home | data=writeback # NEVER INCREASE COMMIT VALUE |
| /var/cache | commit=17,data=writeback |
| /var/mail | commit=11 |
| /var/spool | commit=7 |
| /var/tmp | commit=23,data=writeback |
What "man ext4" says about "data=writeback"
It guarantees internal filesystem integrity, however it can allow old data to appear in files after a crash and journal recovery.
So, it is not so much dangerous to apply it on /home, provided you stay on commit=5 (initial value.)
Warning
However, those long commit intervals could be potential risk of data loss on power failure, etc.
Hence, you MUST NOT combine longer commit value and data=writeback for "/home", and other important mount points such as "/", "/var", "/var/log", and "/var/spool".
SSD/NVMe TRIM (discard) over LVM over dm-crypt
Debian Buster Status
Buster automatically detect NVMe and add discard option for /etc/crypttab.
root# nano /etc/crypttab # add option "discard"
yourdevice_crypt UUID=<UUID> none luks,discard
root# nano /etc/lvm/lvm.conf # find (Ctrl-W) and change the value.
issue_discards = 1
root# update-initramfs -u # NEVER FORGET THIS!
Caution!
Every time you edit those settings, you must do update-initramfs -u.
Second boot to setup rest
root# reboot -n
Note
It boot up as emergency mode if there are any mistake. In that case, follow the information displayed and fix them.
Confirm mount points and their options
root# findmnt # don't use ``mount`` for checking.
Confirm TRIM
Note
Do this TRIM manually sometimes (per month or after upgrades.)
root# fstrim -av
Keep proceeding "Next", please.