💻
Today I Learned
  • README
  • analytics
    • convert json perline to panads data frame
    • hierarchical data format
    • pandas format custom date in data frame
  • bash
    • bash forloop
    • parameter expansion
    • prompt confirmation in bash
  • db
    • disabling foreign key when importing dump
    • postgres add object to jsonb array from the same column
    • postgres audit log trigger
    • postgres naming trigger
    • postgres rename enum
    • postgres reset sequence after import
    • postgres skip table from restore
    • set a column with value from different table
  • dgraph
    • dgraph docker compose whitelist ip
  • docker
    • docker compose make sure postgres is ready before starting other service
  • fish
    • edit last command in editor
  • git
    • checkout last branch
    • different between two dots and three
    • force fail commit on master
    • git finish helper script delete current branch and update master
    • git mergetool and diff with p4merge
    • global gitignore file
    • intellij as diff and mergetool
    • push only current branch
    • reset email multiple commit
    • sign commit with pgp
    • worktree switching branch without stash
  • go
    • default math.rand.source is thread save while rand.new source is not
    • deploying go to a vpn ubuntu server with github and ssl
  • k8s
    • copy file to pod
    • getting cpu and memory usage for container
    • how cert manager and letsencrypt challenge works
    • kubernetes resource short name
    • scale deployment
    • view secret
  • linux
    • boot zfs root filesystem on grub
    • clearing up swap space
    • connect bluetooth device from cli
    • get full argument from a process
    • merge multiple pdf into a single file
    • removing old kernel
    • symbolic vs hard link
    • zfs auto snapshot
    • zfs external backup drive with snapshot and encryption
  • net
    • dnssec
    • html form submit to different action depending on properties
    • ldap list users
  • osx
    • checksum a file from a url
    • cluster ssh in iterm2 with i2cssh
    • list open port
    • manage clipboard easily with jumpcut
    • pipe output to clipboard with pbcopy and pbpaste
    • show hidden file
    • sign application with self certificate
    • starting program on startup with login items
  • python
    • count frequency with lambda
    • dijkstra algorithm shortest path
    • double slash arithmetic operator
    • min and max of dict values
    • python3 match case
    • reduce and opeator
  • react
    • react named export vs default export
    • react useeffect
    • react.useref
  • unix
    • bulk renaming multiple file
    • convert pdf to text using ocr
    • diff output of 2 command
    • encryption with gpg
    • extend letsencrypt certificate with dns challenge
    • ffmpeg monitor and restart stream when it hung or stall
    • file size older than x days
    • filtering json with jq
    • find lines that matches on 2 different sorted file
    • find out what is using swap
    • fish environment variables from 1password
    • fix gpg warning unsafe permissions on homedir
    • formatting or parse json in command line
    • get all line except n last one
    • grep print only matched
    • grep using input file as pattern to search other file
    • jq counting lenght of an array
    • jq extracting properties to arrays from json row line
    • keep n recent item in folder
    • open last command in the editor with fc
    • parsing epoch timestamp to date
    • pbcopy alternative for copying to clipboard
    • process pipe operator
    • record a web stream to youtube
    • regex for validating password
    • rename tmux window
    • repeat content of text x time
    • replacing last command and execute it
    • reusing last command argument
    • send slack message from command line
    • sending curl post with file
    • sort file inline
    • specify compression level in tar gzip
    • zsh ctrl p same behavior as up arrow
  • vim
    • paste yanked text on command buffer
  • web
    • this article is published to dev to with github action
Powered by GitBook
On this page
  • Get device id
  • Setup disk encryption with LUKS
  • Create new zfs pool
  • Create initial snapshot
  • Send the backup
  • Safely close and remove external drive

Was this helpful?

  1. linux

zfs external backup drive with snapshot and encryption

Previouszfs auto snapshotNextnet

Last updated 3 years ago

Was this helpful?

Get device id

$ ls /dev/disk/by-id -alh
...
lrwxrwxrwx 1 root root  10 okt 24 06:06 ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4 -> ../../sda4
...

For example, I'm going to use /dev/disk/by-id/ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4

Setup disk encryption with LUKS

setup

$ sudo apt install cryptsetup
$ cryptsetup luksFormat --cipher aes-xts-plain64 --key-size 512 --iter-time 10000 --use-random -y /dev/disk/by-id/ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4
  • --cipher encryption algorithm

  • --key-size encryption key size

  • --iter-time Number of millisecond to spend P8KDF passphrase processing

  • --use-random use /dev/random

  • -y verify passphrase

Disk device can now be opened.

$ sudo cryptsetup luksOpen /dev/disk/by-id/ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4 luks1

Create new zfs pool

$ sudo zpool create ext-backup /dev/mapper/luks1

Create initial snapshot

Example i have data set tank/ROOT/home

$ sudo zfs snapshot tank/ROOT/home@ext-backup

Send the backup

$ sudo zfs send tank/ROOT/home@ext-backup | pv | sudo zfs recv ext-backup/home

Or with incremental-backup

$ sudo zfs snapshot tank/ROOT/home@ext-backup20180101
$ sudo zfs send -R -i tank/ROOT/home@ext-backup tank/ROOT/home@ext-backup20180101 | sudo zfs recv ext-backup/hom

A good idea is to set the external drive to be read-only

$ sudo zfs set readonly=on ext-backup

Safely close and remove external drive

After finished sending the snapshot, close the disk and export the pool

$ sudo zpool export ext-backup
$ sudo cryptsetup luksClose ext-backup

Reference:

main source
LuKS