I was sick of reinstalling after every experiment, so I built a desktop that survives distro hopping, dumb package upgrades and the occasional X11/Wayland meltdown. The trick is simple: encrypted LUKS root, Btrfs subvolumes with aggressive zstd compression and snapshotting, plus borg backups mirrored offsite with rclone. I can break everything and be back to a working system in 10 minutes.

Quick recipe you can follow (NVMe primary, small EFI, LUKS encrypted root):

• Partition: EFI 512M, root as LUKS. Cryptsetup and create Btrfs inside the LUKS container: cryptsetup luksFormat /dev/nvme0n1p2; cryptsetup open /dev/nvme0n1p2 cryptroot; mkfs.btrfs -f /dev/mapper/cryptroot
• Create subvolumes: mount /dev/mapper/cryptroot /mnt; btrfs subvolume create /mnt/@; btrfs subvolume create /mnt/@home; umount /mnt
• Mount for install: mount -o subvol=@,noatime,compress=zstd:15,space_cache=v2,ssd /dev/mapper/cryptroot /mnt; mkdir -p /mnt/home; mount -o subvol=@home,compress=zstd:15 /dev/mapper/cryptroot /mnt/home
• Install your distro onto /mnt normally, put /boot or EFI on the unencrypted partition if your distro needs it.

Make snapshots and backups part of the routine:

• Local snapshots: use Timeshift (GUI) or snapper for automatic pre/post package snapshots. Snapper is great for root snapshots on Btrfs.
• Offsite backups: borg init --encryption=repokey-blake2 /path/to/repo; borg create --stats /path/to/repo::‘{now:%Y-%m-%d_%H:%M}’ /home /etc; borg prune --keep-daily=7 --keep-weekly=4 --keep-monthly=6. Mirror the borg repo to cloud with rclone or an inexpensive S3/backblaze bucket.

How to recover when you inevitably mess up:

1. Boot a live USB, open the LUKS container with cryptsetup open /dev/nvme0n1p2 cryptroot.
2. Mount the Btrfs and list snapshots: btrfs subvolume list -s /mnt.
3. Make the snapshot the default root with btrfs subvolume set-default <id> /mnt and reboot.

Hardware notes: buy a second NVMe or a small external SSD for local borg archives and cold snapshots. Avoid weird consumer RAID features on laptops and get a wifi card known to have mainline driver support. This setup saved my butt more than once when a kernel update nuked my X11 config or when I wanted to try a new distro without grief.

If you want, I can post a ready-to-run install script for Ubuntu/Arch with these exact commands and a sample snapper config. Stop treating your root filesystem like a fragile snowflake and start building resilience.

OC by @[email protected]