I want to minimize writes to the boot/root filesystem for a bunch of bullshit reasons:
- It's a flash drive, so repeated writing will eventually wear it out,
- "security",
- keeping myself honest from a reproduceability perspective, in terms of modifying the in-place system vs. the virtual machine image.
Some idealized version of the system would employ a really-read-only boot drive with some sort of overlay/union filesystem to capture changes to reasonable non-volatile storage (such as the RAID array).
In any case, the following has been useful to log writes, in order to determinate what needs to be moved to spinning rust:
$# inotifywait --daemon -e modify,attrib,move,create,delete -r / --exclude='^/(dev|run|proc|sys|data|tmp|home)' --outfile=/data/system/var/log/file-modifications
Since this creates watches on the individual inodes, you will probably need to do something like this, first:
$# echo $(( 8 * (2 ** 20) )) > /proc/sys/fs/inotify/max_user_watches
While I'd already proactively moved /var/log/
and /var/lib
subdirectories for most services, the following were missed as being very write heavy:
/var/lib/samba/private/msg.sock
/var/cache/samba
/var/cache/man
/var/lib/mlocate
After moving/symlinking these to /data/system/
on the RAID, there's just a handful of regular writes that I will need to do further investigation to understand how appropriately to mitigate:
/var/lib/private/systemd/timesync/clock
/var/lib/systemd/timers/stamp-cron-hourly.timer
/var/log/{lastlog,wtmp}
/root/.bash_history