zfs external backup drive with snapshot and encryption
​main source​

Get device id

1
$ ls /dev/disk/by-id -alh
2
...
3
lrwxrwxrwx 1 root root 10 okt 24 06:06 ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4 -> ../../sda4
4
...
Copied!
For example, I'm going to use /dev/disk/by-id/ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4

Setup disk encryption with LUKS

setup LuKS​
1
$ sudo apt install cryptsetup
2
$ cryptsetup luksFormat --cipher aes-xts-plain64 --key-size 512 --iter-time 10000 --use-random -y /dev/disk/by-id/ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4
Copied!
  • --cipher encryption algorithm
  • --key-size encryption key size
  • --iter-time Number of millisecond to spend P8KDF passphrase processing
  • --use-random use /dev/random
  • -y verify passphrase
Disk device can now be opened.
1
$ sudo cryptsetup luksOpen /dev/disk/by-id/ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4 luks1
Copied!

Create new zfs pool

1
$ sudo zpool create ext-backup /dev/mapper/luks1
Copied!

Create initial snapshot

Example i have data set tank/ROOT/home
1
$ sudo zfs snapshot tank/ROOT/[email protected]
Copied!

Send the backup

1
$ sudo zfs send tank/ROOT/[email protected] | pv | sudo zfs recv ext-backup/home
Copied!
Or with incremental-backup
1
$ sudo zfs snapshot tank/ROOT/[email protected]
2
$ sudo zfs send -R -i tank/ROOT/[email protected] tank/ROOT/[email protected] | sudo zfs recv ext-backup/hom
Copied!
A good idea is to set the external drive to be read-only
1
$ sudo zfs set readonly=on ext-backup
Copied!

Safely close and remove external drive

After finished sending the snapshot, close the disk and export the pool
1
$ sudo zpool export ext-backup
2
$ sudo cryptsetup luksClose ext-backup
Copied!
Reference:
Last modified 1mo ago