Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
freem
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Openai/695158d7-1b68-800b-a02f-4817bf1f6d25
(section)
Add languages
Page
Discussion
English
Read
Edit
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
Edit source
View history
General
What links here
Related changes
Special pages
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== gpt-5-mini == === User: One more thing: under LVM - Notebook, there is nothing. === One more thing: under LVM - Notebook, there is nothing. What should be there, and should I manually create 33GiB swap for hibernation? === Assistant: Ah, perfect — now we’re back in the LVM/installer world, so let’s go slow and precise. === Ah, perfect — now we’re back in the LVM/installer world, so let’s go slow and precise. ==== When you select your 150 GiB LUKS → LVM Thin Provisioning, the installer will create the following logical volumes (LVs) automatically: ==== | | | | | --- | --- | --- | | | | | | | | | | | | | ===== - The LVM exists at PV → VG level (Notebook) ===== * You haven’t told the installer to auto-create LVs yet, so the VG is empty * Once you accept the configuration, the installer will create dom0 LVs automatically So seeing nothing under Notebook right now is normal. ==== ### ==== * Swap must be ≥ RAM for hibernation * You have 32 GiB RAM → make swap 33 GiB to be safe * Keep it inside the encrypted LUKS/LVM (don’t make a separate partition) ===== 1. Click your LVM “Notebook” ===== # Look for Add LV or Auto-create # Set LV sizes: - qubes-dom0-root → 20–30 GiB (depending on your dom0 plans) - qubes-dom0-swap → 33 GiB - Thin pool LV → remaining space for qubes : ==== - If you make a separate swap partition outside LUKS/LVM: - It will not be encrypted - Hibernation will write plaintext RAM to disk - This breaks Qubes security assumptions ==== ✅ Keep swap inside the encrypted LVM. ==== <syntaxhighlight>/dev/nvme0n1 ==== ├─ p1 600 MiB EFI System Partition /boot/efi (unencrypted) ├─ p2 1 GiB ext4 /boot (unencrypted) ├─ p3 150 GiB LUKS → LVM Thin Notebook │ ├─ qubes-dom0-root 20 GiB / │ ├─ qubes-dom0-swap 33 GiB swap │ └─ thinpool ~97 GiB VM storage └─ p4 ~700 GiB ext4 media (unencrypted) </syntaxhighlight> ✅ Bottom line * Nothing under Notebook yet = normal * Yes, create 33 GiB swap inside LVM for hibernation * Let the installer create dom0 root + thin pool automatically * Don’t make swap outside the encrypted LVM If you want, I can make a click-by-click checklist for the installer GUI including setting dom0 root, 33 GiB swap, thin pool, and leaving media unencrypted — that usually clears up all confusion at once. Do you want me to do that next? === User: yes please. === yes please. Now Inside LVM I have 2 options: LVM2 Logical Volume -size -file system (btrfs esp ext2 ext3 ext4 f2fs physical volume (LVM) ntfs swap vfat xfs unformatted) -label -name -mountpoint -encrypt y/n and LVM2 ThinPool -size -name -NO ENCRYPT?!? === Assistant: Perfect — now I understand exactly what you see. === Perfect — now I understand exactly what you see. Let’s go step by step, so you can configure your LVM in Qubes installer safely, including dom0 root, swap for hibernation, thin pool for VMs, and leave your media partition untouched. === You have 150 GiB inside your LUKS → LVM “Notebook”. === ==== | | | | ==== | --- | --- | --- | | | | | | | | | | | | | ==== 1. Click Add LV → LVM2 Logical Volume ==== # Fill: | | | | --- | --- | | | | | | | | | | | | | | | | | | | Click Add / OK ==== 1. Click Add LV → LVM2 Logical Volume ==== # Fill: | | | | --- | --- | | | | | | | | | | | | | | | | | | | Click Add / OK : ==== 1. Click Add LV → LVM2 ThinPool ==== # Fill: | | | | --- | --- | | | | | | | | | | : ==== After these steps, inside Notebook LVM, you should see: ==== <syntaxhighlight>Notebook (VG) ├─ qubes-dom0-root 20 GiB ext4 / ├─ qubes-dom0-swap 33 GiB swap └─ qubes-thinpool ~97 GiB thin pool (for VMs) </syntaxhighlight> : ==== Leave your media partition outside LVM: ==== * Size: 700–750 GiB * Filesystem: ext4 or exFAT (format later if needed) * Mountpoint: leave empty * Encryption: ❌ No Do not put it inside LUKS or LVM — this keeps it unencrypted and easily mountable in other OSes. ==== - ESP → 600 MiB, vfat, /boot/efi, unencrypted ==== * /boot → 1024 MiB, ext4, unencrypted * LVM → 150 GiB LUKS2 → Notebook - dom0 root LV → 20 GiB ext4 / - dom0 swap LV → 33 GiB swap - thinpool → remaining (~97 GiB) * Media → 750 GiB ext4/exFAT, no mountpoint, unencrypted If all of these match, installer will: * Boot fine * Encrypt dom0 + VMs correctly * Leave media unencrypted If you want, I can also draw a full ASCII “installer tree view” exactly as it should appear in Blivet, so you can literally match it before clicking Begin Installation. Do you want me to do that? === User: Why not use ThinkPool for everything? === Why not use ThinkPool for everything? Wouldn't it save space? Are there any pros/cons to double encryption besides remembering extra password? === Assistant: Ah, now we’re getting into the why Qubes uses LVM Thin + separate dom0 root/swap instead of putting everything into a s… === Ah, now we’re getting into the why Qubes uses LVM Thin + separate dom0 root/swap instead of putting everything into a single thin pool, and the “double encryption” tradeoffs. Let’s break it down carefully. ==== ### ==== * You could, in theory, create one big ThinPool LV, and use it for: - dom0 root - swap - all VM storage * It would save some space because thin provisioning is very efficient with VM volumes. ===== 1. Dom0 isolation and reliability - dom0 is the “control plane” - If dom0 LV is inside the ThinPool and something goes wrong (thin pool full, corruption, VM misbehavior), you risk breaking dom0 - ThinPools can overcommit space → dom0 could unexpectedly run out of space → unbootable ===== # Swap requirements - Swap must be available before thin provisioning is active - Some parts of boot may need to page memory before thinpool is ready # Performance - dom0 root + swap in their own LVs ensures predictable performance - ThinPools are optimized for many small VMs, not for constant dom0 I/O # Installer simplicity and security - Clear separation: - dom0 root LV → always mounted at / - swap LV → hibernation safe - thinpool → VMs - Makes backup, snapshot, recovery easier - Makes audits and security assumptions clear ✅ Verdict: putting everything in one ThinPool may “save a few GiB” but is riskier and not recommended for Qubes. ==== ### ==== # LUKS on the whole LVM (Notebook) → encrypts everything inside LVM # dom0 root LV + swap → encryption inside the LUKS (optional in GUI) So double encryption = encrypting an already encrypted volume. ===== - Extra defense if LUKS header is compromised (rare) ===== * Dom0 swap and root get an extra encryption layer * Fine-grained keys possible if you want separate passphrases ===== 1. No practical security gain for 99% of users - LUKS already encrypts all bytes in the volume - Double encryption does not make brute-force attacks meaningfully harder ===== # Extra complexity - You must enter two passphrases (if not using same) - Recovery and troubleshooting are more difficult # Negligible performance hit - Slight CPU overhead, almost invisible on modern CPUs with AES-NI ===== - Keep one LUKS layer at the VG level ===== * Dom0 root + swap do not need extra encryption (it’s already inside LUKS) * Only use extra LV encryption if you want separate passphrases per LV (rarely needed) ==== | | | ==== | --- | --- | | | | | | | | | | | | | If you want, I can draw a visual diagram of “what goes where” inside your 150 GiB Notebook LVM, showing encryption layers, thinpool, swap, dom0 root, so it’s crystal clear before you click Install. Do you want me to do that next? === User: how easily can dom0 run out of space? === how easily can dom0 run out of space? === Assistant: Ah — this is an important practical question for Qubes. === Ah — this is an important practical question for Qubes. Let’s go step by step, because “dom0 running out of space” is not just theoretical — it can break your system if you’re not careful. ==== 1️⃣ What dom0 actually stores ==== Dom0 is the control domain in Qubes. It holds: * Root filesystem (/) → OS, kernel, drivers * System logs (/var/log) * Bootloader, configuration * Minimal app tools (dom0 apps like Qubes Manager) * Sometimes temporary downloads or templates if misconfigured NOT the VMs themselves → VMs live in thinpool logical volumes. So dom0’s space usage is much smaller than the total LVM size. ==== 2️⃣ Typical dom0 root LV size ==== * Installer default: ~20 GiB * Recommended: 20–30 GiB for typical usage * With 32 GiB RAM → 33 GiB swap If you stick to 20–30 GiB root LV, dom0 is usually very safe, even with logs, updates, and a few templates cached. ==== 3️⃣ How dom0 can run out of space ==== ===== Common causes: ===== # Huge log files - /var/log/journal can grow if system misbehaves # Templates cached in dom0 by mistake - Only ever “template files” should be in thinpool # Manual downloads in dom0 - Installing big packages in dom0 instead of using VMs # Misconfigured qubes VM storage - Accidentally mounting thinpool inside dom0 ===== Rare causes: ===== * Multiple large updates + old kernels not cleaned up * Dom0 home directory storing lots of user files (not recommended!) ==== 4️⃣ How fast it could happen ==== * Normal usage: virtually impossible within first year * Heavy tinkering / dev work: possible after tens of GiB of files, logs, and cached templates * 20–30 GiB is a safe starting point : Rule of thumb: keep dom0 small but clean, don’t store personal files there. Everything else goes in VMs. ==== 5️⃣ How to prevent dom0 from filling ==== # Don’t store personal files in dom0 → Use VMs or unencrypted media partition instead # Enable automatic journal rotation ``<code>bash sudo journalctl --vacuum-size=500M <syntaxhighlight>3. Remove old kernels and packages </syntaxhighlight>bash sudo dnf autoremove <syntaxhighlight>4. Monitor space regularly </syntaxhighlight>bash df -h / </code>`` # Snapshots for emergency rollback - Thinpool snapshots don’t help dom0, but backups of root LV do ==== 6️⃣ Bottom line ==== * With 20–30 GiB root LV, dom0 running out of space is very unlikely for normal usage * Only a problem if you store gigabytes of files in dom0 instead of inside qubes or external media * Swap + thinpool do not affect dom0 free space, so no risk there If you want, I can give you a practical sizing example for your 150 GiB LUKS LVM: * 20–25 GiB dom0 root * 33 GiB swap * Remaining ~97 GiB thinpool → VMs …and explain how this scales if you add many VMs or large templates. Do you want me to do that?
Summary:
Please note that all contributions to freem are considered to be released under the Creative Commons Attribution-ShareAlike 4.0 (see
Freem:Copyrights
for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource.
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
