ZFS: Difference between revisions

(17 intermediate revisions by 7 users not shown)

Line 65:

== Guides ==

===~~= '''OpenZFS Documentation for installing''' =~~===

=== Root on ZFS with disko ===

~~{{warning|This guide is not endorsed by NixOS and some features like immutable root do not have upstream support~~ and ~~could break on updates. If an issue arises while following this guide, please consult the guides support channels~~.}}

disko[https://github.com/nix-community/disko/blob/master/example/zfs.nix] can partition disks declaratively and handle mount points at install time.

~~One~~ guide ~~for a NixOS installation with ZFS is maintained at [https://openzfs~~.~~github~~.~~io/~~openzfs-docs~~/Getting%20Started/NixOS/ OpenZFS Documentation (''Getting Started''~~ for ~~''NixOS'')]~~

Don't follow the Root on ZFS guide found in OpenZFS documentation. It was abandoned and has not been updated in years. See commit log for the openzfs-docs repo for details.

~~It is about:~~

* [https://openzfs.github.~~io/openzfs-docs/Getting%20Started/NixOS/index.html#installation Enabling ZFS on an existing NixOS installation]~~

* [https://openzfs.github.io/openzfs-docs/Getting%20Started/NixOS/#root-on-zfs (Installing NixOS with) Root on ZFS].

~~It is not about:~~

* Giving understandable, easy to follow instructions which are close to the standard installation guide

* Integrating ZFS into your existing config

~~==== '''Simple NixOS ZFS on root installation''' ====~~

=== Simple NixOS ZFS on root installation ===

Start from here in the NixOS manual: [https://nixos.org/manual/nixos/stable/#sec-installation-manual].

Under manual partitioning [https://nixos.org/manual/nixos/stable/#sec-installation-manual-partitioning] do this instead:

~~'''~~Partition ~~your~~ disk ~~with your favorite partition tool'''~~

==== Partition the disk ====

We need the following partitions:

Line 145:

Line 136:

</syntaxhighlight>

'''Let's use variables from now on for simplicity.

'''Let's use variables from now on for simplicity.''' Get the device ID in <code>/dev/disk/by-id/</code> (using {{ic|blkid}}), in our case here it is <code>nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O</code>

Get the device ID in <code>/dev/disk/by-id/</code> (using {{ic|blkid}}), in our case here it is <code>nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O</code>

~~'''~~

BOOT=/dev/disk/by-id/nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O-part1

Line 156:

Line 146:

{{note|It is often recommended to specify the drive using the device ID/UUID to prevent incorrect configuration, but it is also possible to use the device name (e.g. /dev/sda). See also: [[#Zpool created with bus-based disk names]], [https://wiki.archlinux.org/title/Persistent_block_device_naming Persistent block device naming - ArchWiki]}}

~~'''~~Make a ZFS pool with encryption and mount points~~'''~~

==== Make a ZFS pool with encryption and mount points ====

~~'''~~Note~~:'''~~ zpool config can significantly affect performance (especially the ashift option) so you may want to do some research. The ~~[https://jrs-s.net/2018/08/17/zfs-tuning-cheat-sheet/~~ ZFS tuning cheatsheet] or ~~[https://wiki.archlinux.org/title/ZFS#Storage_pools~~ ArchWiki] is a good place to start.

{{Note|zpool config can significantly affect performance (especially the ashift option) so you may want to do some research. The ZFS tuning cheatsheet or ArchWiki is a good place to start.}}

Line 197:

Line 187:

</syntaxhighlight>

~~'''~~Format boot partition ~~with FAT as filesystem'''~~

==== Format boot partition and enable swap ====

mkfs.fat -F 32 -n boot $BOOT

</syntaxhighlight>

~~'''Enable swap'''~~

mkswap -L swap $SWAP

Line 208:

Line 197:

</syntaxhighlight>

~~'''~~Installation~~'''~~

==== Installation ====

# Mount boot

Line 380:

Line 368:

* If your network card isn't started, you'll need to add the according Kernel module to the Kernel and initrd as well, e.g. <syntaxhighlight lang="nix">

boot.kernelModules = [ "r8169" ];

boot.initrd.kernelModules = [ "r8169" ];</syntaxhighlight>

boot.initrd.kernelModules = [ "r8169" ];</syntaxhighlight>To know what kernel modules are needed, run <code>nix shell nixpkgs#pciutils --command lspci -v | grep -iA8 'network\|ethernet'</code> .

After that you can unlock your datasets using the following ssh command:

Line 431:

Line 419:

== Take snapshots automatically ==

See {{nixos:option|services.sanoid}} section in <code>man configuration.nix</code>.

See {{nixos:option|services.zfs.autoSnapshot}} or {{nixos:option|services.sanoid}} section in <code>man configuration.nix</code>.

== NFS share ==

Line 446:

Line 434:

</syntaxhighlight>

Only this line is needed. Configure firewall if necessary, as described in [[NFS]] article.

{{warning|<code>zfs share</code> or <code>sharenfs</code> does not work if the <code>mountpoint</code> is set to <code>legacy</code> (or <code>none</code>, of course). I was unable to find a source for this behaviour, but I was stuck on the problem for days, until I realized the problem. ::Reply: sharenfs controlls what

is written into <code>/etc/exports</code>. If ZFS does not know the mountpoint, as is the case in

mountpoint legacy or none, the contents of <code>/etc/exports</code> would be wrong}}

Then, set <code>sharenfs</code> property:

Line 458:

Line 450:

ZFS Event Daemon (zed) monitors events generated by the ZFS Kernel module and runs configured tasks. It can be configured to send an email when a pool scrub is finished or a disk has failed. [https://search.nixos.org/options?query=services.zfs.zed zed options]

~~=== Option A: enable mail notifications without re-compliation ===~~

First, we need to configure a mail transfer agent, the program that sends email:

{

age.secrets.msmtp = {

file = "${inputs.self.outPath}/secrets/msmtp.age";

};

# for zed enableMail, enable sendmailSetuidWrapper

services.mail.sendmailSetuidWrapper.enable = true;

programs.msmtp = {

enable = true;

Line 469:

Line 466:

defaults = {

aliases = "/etc/aliases";

port = ~~465~~;

port = 587;

~~tls_trust_file~~ = "~~/etc/ssl/certs/ca-certificates.crt~~";

auth = "plain";

tls = "on";

~~auth = "login";~~

tls_starttls = "on";

tls_starttls = "~~off~~";

};

accounts = {

default = {

host = "mail.example.com";

host = "smtp.mail.example.com";

passwordeval = "cat ~~/etc/emailpass~~.~~txt~~";

passwordeval = "cat ${config.age.secrets.msmtp.path}";

user = "~~user~~@example.com";

user = "myname@example.com";

from = "~~user~~@example.com";

from = "myname@example.com";

};

Line 489:

Line 485:

Then, configure an alias for root account. With this alias configured, all mails sent to root, such as cron job results and failed sudo login events, will be redirected to the configured email account.

~~tee -a /~~etc/aliases ~~<<EOF~~

{

root: ~~user~~@example.com

environment.etc.aliases.text = ''

~~EOF~~

root: admin@example.com

'';

}

</syntaxhighlight>

Finally, ~~override default~~ zed ~~settings with a custom one~~:

Finally, enable zed mail notification:

{

services.zfs.zed~~.settings~~ = {

services.zfs.zed = {

~~ZED_DEBUG_LOG~~ = ~~"/tmp/zed.debug.log"~~;

enableMail = true;

ZED_EMAIL_ADDR = [ "root" ];

settings = {

~~ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";~~

ZED_EMAIL_ADDR = [ "root" ];

~~ZED_EMAIL_OPTS = "@ADDRESS@";~~

# send notification if scrub succeeds

ZED_NOTIFY_VERBOSE = true;

~~ZED_NOTIFY_INTERVAL_SECS = 3600;~~

};

ZED_NOTIFY_VERBOSE = true;

~~ZED_USE_ENCLOSURE_LEDS = true;~~

~~ZED_SCRUB_AFTER_RESILVER = true~~;

};

~~# this option does not work; will return error~~

~~services.zfs.zed.enableMail = false;~~

}

</syntaxhighlight>

Line 520:

Line 512:

</syntaxhighlight>

~~=== Option B: Rebuild ZFS with mail support ===~~

The <code>zfs</code> package can be rebuilt with mail features. However, please note that this will cause Nix to recompile the entire ZFS package on the computer, and on every Kernel update, which could be very time-consuming on lower-end NAS systems.

~~An alternative solution that does not involve recompliation can be found above.~~

~~The following override is needed as <code>zfs</code>is implicitly used in partition mounting:~~

~~<syntaxhighlight lang="nix">~~

~~nixpkgs.config.packageOverrides = pkgs: {~~

~~zfsStable = pkgs.zfsStable.override { enableMail = true; };~~

};

~~</syntaxhighlight>~~

~~A mail sender like [[msmtp]] or [[postfix]] is required.~~

~~A minimal, testable ZED configuration example:~~

~~<syntaxhighlight lang="nix">~~

~~services.zfs.zed.enableMail = true;~~

~~services.zfs.zed.settings = {~~

~~ZED_EMAIL_ADDR = [ "root" ];~~

~~ZED_NOTIFY_VERBOSE = true;~~

};

~~</syntaxhighlight>~~

Above, <code>ZED_EMAIL_ADDR</code> is set to <code>root</code>, which most people will have an alias for in their mailer. You can change it to directly mail you: <code>ZED_EMAIL_ADDR = [ "you@example.com" ];</code>

ZED pulls in <code>mailutils</code> and runs <code>mail</code> by default, but you can override it with <code>ZED_EMAIL_PROG</code>. If using msmtp, you may need <code>ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";</code>.

You can customize the mail command with <code>ZED_EMAIL_OPTS</code>. For example, if your upstream mail server requires a certain FROM address: <code>ZED_EMAIL_OPTS = "-r 'noreply@example.com' -s '@SUBJECT@' @ADDRESS@";</code>

[[Category:Guide]]

@@ Line 65: / Line 65: @@
 == Guides ==
-==== '''OpenZFS Documentation for installing''' ====
+=== Root on ZFS with disko ===
-{{warning|This guide is not endorsed by NixOS and some features like immutable root do not have upstream support and could break on updates. If an issue arises while following this guide, please consult the guides support channels.}}
+disko[https://github.com/nix-community/disko/blob/master/example/zfs.nix] can partition disks declaratively and handle mount points at install time.
-One guide for a NixOS installation with ZFS is maintained at [https://openzfs.github.io/openzfs-docs/Getting%20Started/NixOS/ OpenZFS Documentation (''Getting Started'' for ''NixOS'')]
+Don't follow the Root on ZFS guide found in OpenZFS documentation. It was abandoned and has not been updated in years. See commit log for the openzfs-docs repo for details.
-It is about:
-* [https://openzfs.github.io/openzfs-docs/Getting%20Started/NixOS/index.html#installation Enabling ZFS on an existing NixOS installation]
-* [https://openzfs.github.io/openzfs-docs/Getting%20Started/NixOS/#root-on-zfs (Installing NixOS with) Root on ZFS].
-It is not about:
-* Giving understandable, easy to follow instructions which are close to the standard installation guide
-* Integrating ZFS into your existing config
-==== '''Simple NixOS ZFS on root installation''' ====
+=== Simple NixOS ZFS on root installation ===
 Start from here in the NixOS manual: [https://nixos.org/manual/nixos/stable/#sec-installation-manual].
 Under manual partitioning [https://nixos.org/manual/nixos/stable/#sec-installation-manual-partitioning] do this instead:
-'''Partition your disk with your favorite partition tool'''
+==== Partition the disk ====
 We need the following partitions:
@@ Line 145: / Line 136: @@
 </syntaxhighlight>
-'''Let's use variables from now on for simplicity.
+'''Let's use variables from now on for simplicity.''' Get the device ID in <code>/dev/disk/by-id/</code> (using {{ic|blkid}}), in our case here it is <code>nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O</code>
-Get the device ID in <code>/dev/disk/by-id/</code> (using {{ic|blkid}}), in our case here it is <code>nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O</code>
-'''
 <syntaxhighlight lang=bash>
 BOOT=/dev/disk/by-id/nvme-SKHynix_HFS512GDE9X081N_FNB6N634510106K5O-part1
@@ Line 156: / Line 146: @@
 {{note|It is often recommended to specify the drive using the device ID/UUID to prevent incorrect configuration, but it is also possible to use the device name (e.g. /dev/sda). See also: [[#Zpool created with bus-based disk names]], [https://wiki.archlinux.org/title/Persistent_block_device_naming Persistent block device naming - ArchWiki]}}
-'''Make a ZFS pool with encryption and mount points'''
+==== Make a ZFS pool with encryption and mount points ====
-'''Note:''' zpool config can significantly affect performance (especially the ashift option) so you may want to do some research. The [https://jrs-s.net/2018/08/17/zfs-tuning-cheat-sheet/ ZFS tuning cheatsheet] or [https://wiki.archlinux.org/title/ZFS#Storage_pools ArchWiki] is a good place to start.
+{{Note|zpool config can significantly affect performance (especially the ashift option) so you may want to do some research. The ZFS tuning cheatsheet or ArchWiki is a good place to start.}}
 <syntaxhighlight lang="bash">
@@ Line 197: / Line 187: @@
 </syntaxhighlight>
-'''Format boot partition with FAT as filesystem'''
+==== Format boot partition and enable swap ====
 <syntaxhighlight lang="bash">
 mkfs.fat -F 32 -n boot $BOOT
 </syntaxhighlight>
-'''Enable swap'''
 <syntaxhighlight lang="bash">
 mkswap -L swap $SWAP
@@ Line 208: / Line 197: @@
 </syntaxhighlight>
-'''Installation'''
+==== Installation ====
 <syntaxhighlight lang="bash">
 # Mount boot
@@ Line 380: / Line 368: @@
 * If your network card isn't started, you'll need to add the according Kernel module to the Kernel and initrd as well, e.g. <syntaxhighlight lang="nix">
 boot.kernelModules = [ "r8169" ];
-boot.initrd.kernelModules = [ "r8169" ];</syntaxhighlight>
+boot.initrd.kernelModules = [ "r8169" ];</syntaxhighlight>To know what kernel modules are needed, run <code>nix shell nixpkgs#pciutils --command lspci -v | grep -iA8 'network\|ethernet'</code> .
 After that you can unlock your datasets using the following ssh command:
@@ Line 431: / Line 419: @@
 == Take snapshots automatically ==
-See {{nixos:option|services.sanoid}} section in <code>man configuration.nix</code>.
+See {{nixos:option|services.zfs.autoSnapshot}} or {{nixos:option|services.sanoid}} section in <code>man configuration.nix</code>.
 == NFS share ==
@@ Line 446: / Line 434: @@
 </syntaxhighlight>
 Only this line is needed. Configure firewall if necessary, as described in [[NFS]] article.
+{{warning|<code>zfs share</code> or <code>sharenfs</code> does not work if the <code>mountpoint</code> is set to <code>legacy</code> (or <code>none</code>, of course). I was unable to find a source for this behaviour, but I was stuck on the problem for days, until I realized the problem.  ::Reply: sharenfs controlls what
+is written into <code>/etc/exports</code>.  If ZFS does not know the mountpoint, as is the case in
+mountpoint legacy or none, the contents of <code>/etc/exports</code> would be wrong}}
 Then, set <code>sharenfs</code> property:
@@ Line 458: / Line 450: @@
 ZFS Event Daemon (zed) monitors events generated by the ZFS Kernel module and runs configured tasks. It can be configured to send an email when a pool scrub is finished or a disk has failed. [https://search.nixos.org/options?query=services.zfs.zed zed options]
-=== Option A: enable mail notifications without re-compliation ===
 First, we need to configure a mail transfer agent, the program that sends email:
 <syntaxhighlight lang="nix">
 {
+  age.secrets.msmtp = {
+    file = "${inputs.self.outPath}/secrets/msmtp.age";
+  };
+  # for zed enableMail, enable sendmailSetuidWrapper
+  services.mail.sendmailSetuidWrapper.enable = true;
    programs.msmtp = {
      enable = true;
@@ Line 469: / Line 466: @@
      defaults = {
        aliases = "/etc/aliases";
-       port = 465;
+       port = 587;
-       tls_trust_file = "/etc/ssl/certs/ca-certificates.crt";
+       auth = "plain";
        tls = "on";
-      auth = "login";
+       tls_starttls = "on";
-       tls_starttls = "off";
      };
      accounts = {
        default = {
-         host = "mail.example.com";
+         host = "smtp.mail.example.com";
-         passwordeval = "cat /etc/emailpass.txt";
+         passwordeval = "cat ${config.age.secrets.msmtp.path}";
-         user = "user@example.com";
+         user = "myname@example.com";
-         from = "user@example.com";
+         from = "myname@example.com";
        };
      };
@@ Line 489: / Line 485: @@
 Then, configure an alias for root account. With this alias configured, all mails sent to root, such as cron job results and failed sudo login events, will be redirected to the configured email account.
-<syntaxhighlight lang="bash">
+<syntaxhighlight lang="nix">
-tee -a /etc/aliases <<EOF
+{
-root: user@example.com
+  environment.etc.aliases.text = ''
-EOF
+    root: admin@example.com
+  '';
+}
 </syntaxhighlight>
-Finally, override default zed settings with a custom one:
+Finally, enable zed mail notification:
 <syntaxhighlight lang="nix">
 {
-   services.zfs.zed.settings = {
+   services.zfs.zed = {
-     ZED_DEBUG_LOG = "/tmp/zed.debug.log";
+     enableMail = true;
-     ZED_EMAIL_ADDR = [ "root" ];
+     settings = {
-    ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";
+      ZED_EMAIL_ADDR = [ "root" ];
-    ZED_EMAIL_OPTS = "@ADDRESS@";
+      # send notification if scrub succeeds
+      ZED_NOTIFY_VERBOSE = true;
-    ZED_NOTIFY_INTERVAL_SECS = 3600;
+     };
-    ZED_NOTIFY_VERBOSE = true;
-     ZED_USE_ENCLOSURE_LEDS = true;
-    ZED_SCRUB_AFTER_RESILVER = true;
    };
-  # this option does not work; will return error
-  services.zfs.zed.enableMail = false;
 }
 </syntaxhighlight>
@@ Line 520: / Line 512: @@
 </syntaxhighlight>
-=== Option B: Rebuild ZFS with mail support ===
-The <code>zfs</code> package can be rebuilt with mail features. However, please note that this will cause Nix to recompile the entire ZFS package on the computer, and on every Kernel update, which could be very time-consuming on lower-end NAS systems.
-An alternative solution that does not involve recompliation can be found above.
-The following override is needed as <code>zfs</code>is implicitly used in partition mounting:
-<syntaxhighlight lang="nix">
-nixpkgs.config.packageOverrides = pkgs: {
-  zfsStable = pkgs.zfsStable.override { enableMail = true; };
-};
-</syntaxhighlight>
-A mail sender like [[msmtp]] or [[postfix]] is required.
-A minimal, testable ZED configuration example:
-<syntaxhighlight lang="nix">
-services.zfs.zed.enableMail = true;
-services.zfs.zed.settings = {
-  ZED_EMAIL_ADDR = [ "root" ];
-  ZED_NOTIFY_VERBOSE = true;
-};
-</syntaxhighlight>
-Above, <code>ZED_EMAIL_ADDR</code> is set to <code>root</code>, which most people will have an alias for in their mailer. You can change it to directly mail you: <code>ZED_EMAIL_ADDR = [ "you@example.com" ];</code>
-ZED pulls in <code>mailutils</code> and runs <code>mail</code> by default, but you can override it with <code>ZED_EMAIL_PROG</code>. If using msmtp, you may need <code>ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";</code>.
-You can customize the mail command with <code>ZED_EMAIL_OPTS</code>. For example, if your upstream mail server requires a certain FROM address: <code>ZED_EMAIL_OPTS = "-r 'noreply@example.com' -s '@SUBJECT@' @ADDRESS@";</code>
 [[Category:Guide]]