# zfs external backup drive with snapshot and encryption

[main source](http://ryan.himmelwright.net/post/zfs-backups-to-luks-external/)

## Get device id

```
$ ls /dev/disk/by-id -alh
...
lrwxrwxrwx 1 root root  10 okt 24 06:06 ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4 -> ../../sda4
...
```

For example, I'm going to use `/dev/disk/by-id/ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4`

## Setup disk encryption with LUKS

setup [LuKS](http://ryan.himmelwright.net/post/zfs-backups-to-luks-external/)

```
$ sudo apt install cryptsetup
$ cryptsetup luksFormat --cipher aes-xts-plain64 --key-size 512 --iter-time 10000 --use-random -y /dev/disk/by-id/ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4
```

* `--cipher` encryption algorithm
* `--key-size` encryption key size
* `--iter-time` Number of millisecond to spend P8KDF passphrase processing
* `--use-random` use /dev/random
* `-y` verify passphrase

Disk device can now be opened.

```
$ sudo cryptsetup luksOpen /dev/disk/by-id/ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4 luks1
```

## Create new zfs pool

```
$ sudo zpool create ext-backup /dev/mapper/luks1
```

## Create initial snapshot

Example i have data set `tank/ROOT/home`

```
$ sudo zfs snapshot tank/ROOT/home@ext-backup
```

## Send the backup

```
$ sudo zfs send tank/ROOT/home@ext-backup | pv | sudo zfs recv ext-backup/home
```

Or with incremental-backup

```
$ sudo zfs snapshot tank/ROOT/home@ext-backup20180101
$ sudo zfs send -R -i tank/ROOT/home@ext-backup tank/ROOT/home@ext-backup20180101 | sudo zfs recv ext-backup/hom
```

A good idea is to set the external drive to be read-only

```
$ sudo zfs set readonly=on ext-backup
```

## Safely close and remove external drive

After finished sending the snapshot, close the disk and export the pool

```
$ sudo zpool export ext-backup
$ sudo cryptsetup luksClose ext-backup
```

Reference:


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://til.yulrizka.com/linux/zfs-external-backup-drive-with-snapshot-and-encryption.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.