It was fairly easy. I used rustic to back up my entire home directory to a USB flash drive.
The trick is to ensure that all applications (except KDE) are closed. Firefox, for example, really hates if you try to actively sync or copy over it's profile directories while it is running.
And then I also nuked my podman user data. (podman system reset). Podman sometimes makes the ownership of it's files weird, but also the container images take up a lot of space that I don't really care about actually backing up. It's okay if those aren't on the new laptop.
Then I backed up to the usb flash drive:
rustic init -r /path/to/repo — this will prompt you for a password
rustic backup -r /path/to/repo /home/moonpie
One cool thing about the backups is that they are deduplicated and compressed. So I backed up 120 gb of data, but it was compressed to 80 gb.
restic snapshots -r /path/to/repo
The snapshots are deduplicated as well. Data that doesn't change between snapshot versions, doesn't take up any extra space.
rustic restore -r /path/to/repo snapshotid /
The / is needed because rustic restores to paths underneath the thing. It gave me a bunch of permission errors about not being able to read stuff not in my home directory, but eventually it restored all of my data.
And then yeah. All my data. Except Wifi passwords, which I had stored as unencrypted for all users, because I didn't like having to unlock the KDE wallet to get to Wifi passwords when connecting. I had (and have) LUKS encryption so I didn't worry about that too much. But it means that data not in my home directory was not copied over.
It was surprisingly smooth, and now I have all my data and firefox profiles and stuff on the new machine.
The reality is that security is not just technical implementation, but also actually getting people to use the solutions. "Stop disabling SELinux" is not a real answer to when people disable it, like we have one person in this thread.
Another problem with complex security solutions is they are hard to get right. Even if you enable them and configure them, without being an expert, it's possible you left a gap here or there, and holes and gaps in these solutions.*
There is a good, but bit dated writeup here about the problems with Linux security, from an architecturual perspective: https://madaidans-insecurities.github.io/linux.html . But, the short version is that the Linux kernel is large and complex, and has a lot of attack surface. And it's a frequent source of vulnerabilities because attackers can hit it as long as they access to the kernel, even if they are in a container/sandbox. Like, copyfail and dirtyfrag would punch through containers, but also punch through SELinux.
For example, just earlier on lemmy someone dropped a zero day that punches through SELinux: https://programming.dev/post/51103657
Now, SELinux can be used to restrict what a root shell could do after escalating... but that's further complexity you have to learn to configure, and configure it correctly as well.
Ultimately, none of the Linux security solutions come anywhere near the isolation of simply running something in a virtual machine. Which, also happens to be a lot simpler and actually possible to get people to use.
*(putting this at the bottom because it veers off topic) I have a greater argument and problem with mentalities like this. I have noticed a pattern, where many of the more effortfull and toil intensive security solutions are recommended by people who have the time, energy, and skills to execute them. They have a bias/blindspot to the realities, which is that not everyone is in the same situation as them.
For example, updating/patching software. Linux distros like RHEL or Debian, have a policy where they only do security updates, and don't do feature updates or bugfixes. This enables them to ship automatic updates, so that security issues are automatically handled.
On the other hand software like Windows, likes to bundle in breaking changes along with security updates. So automatic updates get disabled because "They might break something". And then, people don't update them, and environments get horrifically out of date, because not enough money/time/people is put into regular IT people who are in charge of maintaining them.
But some environments, have heroes, people who go around patching everything and keeping everything up to date and secure. And when they see these environments that don't have everything patched, they usually give the advice of "You should patch everything" (while simultaneously advising against auto updates), not understanding that these environments are lacking a key ingredient: Themselves.
Sure, I could be a hero. I could "patch" everything manually. I could deploy SELinux. But that would only last until I get burnt out, or leave. Once I'm gone, SELinux, the patches, any similar security solutions are gone. I've met so many people, even in cybersecurity, that are apathetic about security, even though they might have cared once upon a time.