In Linux, what encryption implementation approach is optimal given specific use & threat models?

In Linux, what encryption implementation approach is optimal given specific use & threat models?

Given the following use & threat models, what is the optimal encryption implementation? Optimal is defined as the approach best matching the use model.

Use Model

1. Computer must be optimized for performance.
2. Computer use will include significant data reads and writes, including both small and large block reads/writes.
3. Storage space (SSD) will be at a premium, so do not want to waste it.

Threat Model

1. The computer will be physically secure and will not be exposed to possible physical tampering.
2. The only people who will have physical access to the computer will be authorized to use it.
3. Physical theft will always be possible, but unlikely (low reward / high risk).
4. The computer will be connected to the Internet. No servers will be running. Remote access will not be supported. Hardware and software firewalls will assist with security.
5. Only the data stored on the computer needs to be encrypted. The names of the apps being used, timestamps of logins, system settings, app settings, MRU lists, shell history, etc. do not need to be encrypted.

Implementation approaches currently being considered (other ideas are welcome too):

1. Put the system and data in a single partition and encrypt the entire partition with LUKS. This is the simplest method, but will likely not yield the best performance, as the system partition is needlessly encrypted (it doesn't seem needed given the threat model).
2. Put the system in an unencrypted partition, and the data in a separate LUKS-encrypted partition. This will likely yield the best performance, but has the disadvantage of having separate pools of unused space in each partition, thus wasting storage space.
3. Create a single partition, but use virtual volumes (e.g. using btrfs). Leave the system virtual volume unencrypted, and encrypt the data virtual volume with LUKS. After performing some internet searches, I'm unclear if this will actually work and how it will affect performance as compared to the implementation approach immediately above.