Some general questions before installing on bare metal

I have some questions before I dare to nuke my current setup and replace it with CachyOS.

  • How does a full disk encryption setup with grub bootloader, on an UEFI install look like? Will boot be encrypted, and if so, do I have to create a keyfile to avoid typing the passphrase twice? (I tried to find out, but the installation fails for me due to keyring issues. See my other post.)

  • In Calamares, which packages can I safely uncheck without breaking stuff? I read that someone ended up with a broken system after removing fish, so I ask in advance. Are bluetooth (meta), bluedevil, kdeconnect, intel-ucode safe to uncheck?

  • Are BTRFS snapshots set up ootb, or do I have to enable them on my own? Is there any documentation for setting up BTRFS and grub to boot from snapshots if needed? I currently use Tumbleweed and have no clue how to set any of this up on my own.

  • Should I disable Cachy’s custom DNS when I already use custom DNS with DoT on the router level? Also will Cachy’s DNS interfere with my VPN DNS?

Hi,

  1. FDE you just select at installation time and their you put your password in and thats it. Be aware that grub’s encrypting is quite slow, compared to systemd-boot and refind. Also, Grub does only support Luks1, while systemd-boot and refind do support luks2
  2. You can untick any package you want. Those are “optional” and just a suggested selection from our side. Yes, bluetooth, kdeconnect and co are safe to uncheck, even tough the ucode gets automatically checked and removed at the end of installation.
  3. Yes, they are setuped OOB, see cachyos-calamares/src/modules/mount/mount.conf at cachyos-grub-qt6-dev · CachyOS/cachyos-calamares · GitHub There is a button in cachyos-hello to setup snapshots called “cachyos-snapper-support”, for grub you need an additonal package (detection not implemented yet in cachyos-hello) called “grub-snapper-support”
  4. We do not provide a custom DNS OOB. There is a option in cachyos-hello to put some common DNS Servers, like cloudflare, quad9 and co but besides that it will use your routers DNS.

Well first thing we would need to know to better answer your question, is what hardware you have.
To answer your second question, There is little reason to un-check anything.
To answer your third question, I do not think that it is quite conifgured out the box but everything to enable it should be present.
As for your fourth question, that is a real tough one to say. I haven’t been able to find a way around the whole dns thing. It always defaults to cloudflare. You might be able to add your own dns to Cachy’s list but when it comes to having it be used by default, might need more assistance with that. I would love to help you with btrfs but I am an xfs guy so I got little experience with snapshots.

Wow, thank you for the quick reply. Blazingly Fast™ one might say :wink:

All my questions are answered, but I’m still not quite sure about the FDE part. So does Cachy’s FDE setup also encrypt boot when I go with the grub bootloader? Only the EFI partition should be left unencrypted in this case, right?

You aren’t going to break your system if you get rid of fish. You just won’t be able to keep the cachy OS settings behind it. You can also just use chsh to get around having to use fish. Just don’t get rid of it before the install. You can safely remove fish after you boot into your new system. Although you will need to remove whatever is dependent upon it, none of that stuff is needed for your system to function. Now as for encryption, I asked about your hardware because encryption puts considerably more stress on your cpu when accessing your drive. And combining that with btrfs is risky if you asked me personally. You will probably find your self needing to use those snapshots as a result.

Yes, when using grub its encrypted. Only at systemd-boot and refind it is not encrypted.

1 Like

I understand. Removing fish wasn’t what I had in mind. I used it as an example because I remembered reading a post about it causing issues due to fish being Cachy’s default shell. My concern were other packages. I know from OpenSUSE and Debian-based distros that ripping out packages doesn’t always go smooth.

Every reasonably modern CPU supports AES-NI, or whatever AMD’s equivalent is called. I’ve been using FDE since forever and never felt a performance hit.

Perfect!

Well if your concerned about other packages, I can’t say for certain which ones you can and cannot remove unless you give me an idea which ones you had in mind. You can skip nano and go with vim for example. I am glad to hear that you haven’t had any performance hit. I would be glad to provide input on packages you can deselect without having to worry about things being broken.