moving all data sets to zfs encryption

2026-04-17 04:58:19 -04:00 · 2026-01-01 23:25:46 -05:00
parent e6472b2cf5
commit 6299d42f75
1 changed files with 18 additions and 18 deletions
--- a/systems/jeeves/scripts/zfs.sh
+++ b/systems/jeeves/scripts/zfs.sh
@@ -15,27 +15,27 @@ sudo zpool add storage -o ashift=12 logs mirror
 sudo zpool create scratch -o ashift=12 -O acltype=posixacl -O atime=off -O dnodesize=auto -O xattr=sa -O compression=zstd -O encryption=aes-256-gcm -O keyformat=hex -O keylocation=file:///key -m /zfs/scratch

 # media datasets
-sudo zfs create -o compression=zstd-9 media/docker
-sudo zfs create -o compression=zstd-9 -o sync=disabled media/github-runners
-sudo zfs create -o copies=3 media/notes
-sudo zfs create -o compression=zstd-9 media/plex
-sudo zfs create -o compression=zstd-9 media/services
-sudo zfs create -o compression=zstd-19 media/home_assistant
-sudo zfs create -o exec=off media/share
-sudo zfs create -o recordsize=16k -o primarycache=metadata -o mountpoint=/zfs/media/database/postgres media/postgres
+sudo zfs create media/secure -o encryption=aes-256-gcm -o keyformat=hex -o keylocation=file:///root/zfs.key
+sudo zfs create media/secure/docker -o compression=zstd-9
+sudo zfs create media/secure/github-runners -o compression=zstd-9 -o sync=disabled
+sudo zfs create media/secure/home_assistant -o compression=zstd-19
+sudo zfs create media/secure/notes -o copies=2
+sudo zfs create media/secure/postgres -o recordsize=16k -o primarycache=metadata
+sudo zfs create media/secure/services -o compression=zstd-9
+sudo zfs create media/secure/share -o mountpoint=/zfs/media/share -o exec=off

 # scratch datasets
 sudo zfs create scratch/kafka -o mountpoint=/zfs/scratch/kafka -o recordsize=1M
 sudo zfs create scratch/transmission -o mountpoint=/zfs/scratch/transmission -o recordsize=16k -o sync=disabled

 # storage datasets
-sudo zfs create -o recordsize=1M -o compression=zstd-19 storage/archive
-sudo zfs create -o compression=zstd-19 storage/main
-sudo zfs create -o recordsize=16K -o compression=zstd-19 -o copies=2 storage/photos
-sudo zfs create -o recordsize=1M -o compression=zstd-19 storage/plex
-sudo zfs create -o compression=zstd-19 -o copies=3 storage/secrets
-sudo zfs create -o compression=zstd-19 storage/syncthing
-sudo zfs create -o recordsize=1M -o compression=zstd-9 -o exec=off -o sync=disabled storage/qbitvpn
-sudo zfs create -o recordsize=1M -o compression=zstd-9 -o exec=off -o sync=disabled storage/transmission
-sudo zfs create -o recordsize=1M -o compression=zstd-19 storage/library
-sudo zfs create -o recordsize=1M -o compression=zstd-19 -o sync=disabled storage/ollama
+sudo zfs create storage/ollama -o recordsize=1M -o compression=zstd-19 -o sync=disabled
+sudo zfs create storage/secure -o encryption=aes-256-gcm -o keyformat=hex -o keylocation=file:///root/zfs.key
+sudo zfs create storage/secure/archive -o recordsize=1M -o compression=zstd-19
+sudo zfs create storage/secure/library -o recordsize=1M -o compression=zstd-19
+sudo zfs create storage/secure/main -o compression=zstd-19
+sudo zfs create storage/secure/photos -o recordsize=16K -o compression=zstd-19 -o copies=2
+sudo zfs create storage/secure/plex -o recordsize=1M -o compression=zstd-19
+sudo zfs create storage/secure/secrets -o compression=zstd-19 -o copies=3
+sudo zfs create storage/secure/syncthing -o compression=zstd-19
+sudo zfs create storage/secure/transmission -o recordsize=1M -o compression=zstd-9 -o exec=off -o sync=disabled