Usually these drives will be mounted on Linux. But occasionally they will be mounted on Windows 10 where I do not have admin or developer mode access, so I cannot depend on symlinks.

Thanks for the wonderful info. I think I will go with the iStorage datAshur PRO+C because it has the best speeds out of all of them. It is slightly more involved to activate read-only mode than a simple switch, but it should be negligible compared to the time to boot the system and other overhead.

There is no way for me to verify how the write-protect works with this drive, but that is true for all of them, so I have to trust one. However, this company seems very competent. And importantly there are many 3rd party reviews of this and similar iStorage products. Also the firmware is supposedly signed so it should be immune to badUSB. But you do make the point that there is no way to be sure.

I plan to use root on LUKS anyway (I want persistent storage), so I can keep / encrypted and checksum my /boot every boot to search for anomalies. Once LUKS is decrypted, theoretically malware could get embedded in there, but I feel like it would be unlikely for malware to infect one partition and not the other.

I wonder if there is a way to setup a “honeypot” partition which holds no useful data but exhibits traits that are appealing for malwares to embed themselves in. It would be checksummed regularly while the system was running and alert me if anything changed.

That open source flash drive looks awesome, and I will keep my eye on it, maybe I would consider it if my threat model was tougher.

Note: I haven’t tested this yet, but I don’t see any reason why it wouldn’t.

You can have the best of both worlds by importing modules and then enabling/disabling them with config options.

The idea is that every single module, whether you want to be able to toggle them on/off or not, gets imported into your configuration.nix. For options that you want to permanently be enabled, there is no more work to do. For options or groups of options that you want to be toggleable on/off, you put them behind a lib.mkIf.

In the following video, Vimjoyer essentially makes an option that enables/disables an entire module, even though it is already imported. He creates an options.module1.enable option, and then hides the entire contents of module1 behind a lib.mkIf options.module1.enable

https://youtu.be/vYc6IzKvAJQ?t=147

Not yet, I am looking to buy my printer in a couple months. If I get this one then I will test it and do a write up of it and post it somewhere.

In the past I have used Proxmox with ZFS raid on a basic mini PC. With ZFS raid it syncs everything except /boot. Proxmox has a tool called “proxmox-boot-tool-refresh” which will syncs /boot between drives. ZFS kernel module can be loaded in the initramfs so it will boot fine, even if missing a drive.

For this project I do not plan to use ZFS, but AFAIK software raid is now standard. Here is a popular video from Level1Techs talking about the flaws of hardware RAID: https://youtu.be/l55GfAwa8RI