How to: Debian indestructable with btrfs

in this How to i will describe how u can harden ur Sytem with snapshots.

Step 1 Start your installer

You need an install boot medium ( CD / USB-Stick) and you have to boot from them (check your settings in Bios or access the boot menu).

Once the installer comes up select „expert installation“ and follow the installation instructions until the partitioner comes up

Partition your drive

if needed, delete your selected drive and partitions and create a new „gpt“ drive

  1. create from beginning a 1GB efi partition -> save
  2. create from beginning a 1-4 (maybe more)GB swap partition -> save
  3. create from beginning to the end a btrfs partition ->
  4. write partition table to disk and exit.

Change to the console

now we have to switch over in console by press the keys „ALT“ and F2 together. The console comes up. Hit enter to enter the console.

console commands

//first we have to unmount 
unmount /target/boot/efi
unmount /target

//we need to mount your disk (sdX) with the rootfs. In my case it's sda3
mount /dev/sda3 /mnt

//change dir to /mnt/ to create the subvolumes 
cd /mnt

//create subvolumes in my case its (snapshots,home,var/lib,usr/share) 
btrfs subvolume create @snapshots
btrfs subvolume create @home
btrfs subvolume create @var@lib
btrfs subvolume create @usr@local

// now we need to list our volumes, so we need the IDs for future steps
// keep an eye on the point "."
btrfs subvolume list .

// Output:
ID 256 gen 13742 top level 5 path @rootfs
ID 258 gen 13670 top level 5 path @snapshots
ID 259 gen 13070 top level 5 path @home
ID 260 gen 13742 top level 5 path @var@lib
ID 261 gen 13548 top level 5 path @usr@local

//mount the rootfs subvolume first
mount -o rw,noatime,compress=lzo,space_cache,subvolid=256 /dev/sda3 /target
//create folders
mkdir -p /target/boot/efi
mkdir -p /target/.snapshots
mkdir -p /target/home
mkdir -p /target/var/lib
mkdir -p /target/usr/local

//mount the other subvolumes keep an eye to the right ID 
mount -o rw,noatime,compress=lzo,space_cache,subvolid=258 /dev/sda3 /target/.snapshots
mount -o rw,noatime,compress=lzo,space_cache,subvolid=259 /dev/sda3 /target/home
mount -o rw,noatime,compress=lzo,space_cache,subvolid=260 /dev/sda3 /target/var/lib
mount -o rw,noatime,compress=lzo,space_cache,subvolid=261 /dev/sda3 /target/usr/local

//Mount the efi Disk partition to target
mount /dev/sda1 /target/boot/efi

// edit targets fstab file vim is not aviable but nano
nano /target/etc/fstab

//You have to change this UUID here to yours so keep an eye before copy and paste
// we have now to add the subvolumes and mount points inside the fstab. the easyest way ist to copy ur first line with UUID and paste it for each subvolume
// u have to change the subvolid to the right id from the output above 
// here an excample how ur fstabs looks a like after modification:

UUID=f547b62e-3832-4ab8-a38e-1960cd9c15b1 /               btrfs   rw,noatime,compress=lzo,space_cache,subvolid=256 0       0
UUID=f547b62e-3832-4ab8-a38e-1960cd9c15b1 /.snapshots               btrfs   rw,noatime,compress=lzo,space_cache,subvolid=258 0       0
UUID=f547b62e-3832-4ab8-a38e-1960cd9c15b1 /home               btrfs   rw,noatime,compress=lzo,space_cache,subvolid=259 0       0
UUID=f547b62e-3832-4ab8-a38e-1960cd9c15b1 /var/lib               btrfs   rw,noatime,compress=lzo,space_cache,subvolid=260 0       0
UUID=f547b62e-3832-4ab8-a38e-1960cd9c15b1 /usr/local               btrfs   rw,noatime,compress=lzo,space_cache,subvolid=261 0       0

//with "strg & x" write and quit nano
// now woe are at the end of the console work so we exit the console and return to the installer 
exit

//to return to the installer Press the keys "ALT &F1"

Back on installer

now follow all instructions on the installer. or just hit enter until reboot. i dont select any additional packages and install Debian with the xfce Desktop-enviroment.

After the 1. reboot

the installation is complete, the first reboot is done, so far so good. But now we have to do some more steps.

Install necessary 

sudo apt update && sudo apt install btrfs-progs snapper snapper-gui git make cmake mlocate

//we need the gurb-btrfs package from git 
git clone https://github.com/Antynea/grub-btrfs.git
//install grup-btrfs
cd grub-btrfs
make install
systemctl enable grub-btrfs.path

// Create the snapper configuration for the root filesystem "/"
sudo cp /etc/snapper/config-templates/default /etc/snapper/configs/root
sudo sed -i 's/^SNAPPER_CONFIGS=\"\"/SNAPPER_CONFIGS=\"root\"/' /etc/default/snapper

// Prevent "updatedb" from indexing the snapshots, which would slow down the system
sudo sed -i '/# PRUNENAMES=/ a PRUNENAMES = ".snapshots"' /etc/updatedb.conf

// Reconfigure lightdm to allow booting into readn-only snapshots
sudo sed -i 's/^#user-authority-in-system-dir=false/user-authority-in-system-dir=true/' /etc/lightdm/lightdm.conf

# Reboot for the changes to take effect
sudo reboot

2. reboot

on the Grub Boot option is one new entry „Debian GNU/Linux snapshots“ if not so you have to build a new grub – entry just boot into debian. 

//open Terminal and type
sudo update-grup2 
sudo reboot

Now u can see the new entry on Grub Loader

#debian #btrfs #installation #snapshot

Information, Cybersecurity & Technology 2025 .