zfs external backup drive with snapshot and encryption

main source

Get device id

$ ls /dev/disk/by-id -alh
...
lrwxrwxrwx 1 root root  10 okt 24 06:06 ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4 -> ../../sda4
...

For example, I'm going to use /dev/disk/by-id/ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4

Setup disk encryption with LUKS

setup LuKS

$ sudo apt install cryptsetup
$ cryptsetup luksFormat --cipher aes-xts-plain64 --key-size 512 --iter-time 10000 --use-random -y /dev/disk/by-id/ata-WDC_WD10EZEX-08M2NA0_WD-WMC3F1471486-part4

  • --cipher encryption algorithm

  • --key-size encryption key size

  • --iter-time Number of millisecond to spend P8KDF passphrase processing

  • --use-random use /dev/random

  • -y verify passphrase

Disk device can now be opened.

Create new zfs pool

Create initial snapshot

Example i have data set tank/ROOT/home

Send the backup

Or with incremental-backup

A good idea is to set the external drive to be read-only

Safely close and remove external drive

After finished sending the snapshot, close the disk and export the pool

Reference:

Previouszfs auto snapshotNextnet

Last updated

Was this helpful?