By default, cap-ram is set to limit the swap partition to 1024 MB. After
removing this limit, the swap partition is then created with the same
size as the RAM. We want to do this to make more swap available to live
systems.
Previously, the ssh connection got stuck when first loading the nftables
ruleset. I now found the reason for this: conntrack was not active
before loading the ruleset, so there was no conntrack entry for the ssh
connection. This means the traffic was not matched by 'ct state
established', and the other output rules did not allow the traffic. To
fix this, we can load a ruleset at boot which uses conntrack; this
ensures that conntrack is already enabled when loading the actual
ruleset over ssh.
zstd decompression is a lot faster than xz (default). This is especially
noticeable when starting Firefox, Chromium or VS Code for the first
time; with zstd, the startup time is cut in half. Compression time is
also faster with zstd at the default level. The downside is that the
squashfs is larger by 138 MB. This is a tradeoff, but I think it's worth
it. Increasing the zstd compression level does not significantly reduce
the size and takes much longer to compress, so I left it at the default.
The laptops owned by SOI have 8 GB of RAM, and live systems running on
them sometimes run out of memory. To mitigate this, find and enable the
swap partition of the installed OS on the internal SSD.
Before this, it loaded everything from the ISO into RAM, now it only
loads the squashfs. This saves about 110 MB of space in RAM, and reduces
boot time.
Jan Schär