Skip to main content

ZFS

Decisions
  1. While encrypting the pool volume is possible, I decided to go with a sub-volume, just in case I need to add un-encrypted data later
  2. The options for encryption keys passphrase, raw key, and hex key. I'll be using a hex key for ease of backup in my password database.
  3. When creating the pool use the entire disk, not partitions where possible
  4. When creating the pool, use /dev/disk/by-id, not /dev/sda, as these can change on boot
  1. ZFS - ArchWiki
  2. Performance tuning - OpenZFS
  3. Tips from JRS
Create the pool
zpool create datapool -o ashift=12 -o compression=lz4 -o autoexpand=true mirror /dev/disk/by-id/disk1 /dev/disk/by-id/disk2
Creating the Volume
  1. Generate the key
mkdir /etc/zfs/keys
chmod 700 /etc/zfs/keys
openssl rand -hex -out /etc/zfs/keys/datasetname 32
chmod 700 /etc/zfs/keys/datasetname
  1. Create datasets
## Encrypted
zfs create -o encryption=aes-256-gcm -o keyformat=hex -o keylocation=file:///etc/zfs/keys/datasetname poolname/datasetname

## Compressed
zfs create -o compression=lz4 poolname/datasetname