ZFS: Difference between revisions
imported>Vater mNo edit summary |
imported>Vater m mediawikiwiki:Extension:SyntaxHighlight "best practice" :-/ :-D |
||
| Line 18: | Line 18: | ||
Just add the following to your <code>configuration.nix</code> file: | Just add the following to your <code>configuration.nix</code> file: | ||
<syntaxhighlight lang=nix> | <syntaxhighlight lang="nix"> | ||
boot.supportedFilesystems = [ "zfs" ]; | boot.supportedFilesystems = [ "zfs" ]; | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 25: | Line 25: | ||
To activate the configuration and load the ZFS kernel module, run: | To activate the configuration and load the ZFS kernel module, run: | ||
<syntaxhighlight lang=console> | <syntaxhighlight lang="console"> | ||
nixos-rebuild switch | nixos-rebuild switch | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 33: | Line 33: | ||
If you want NixOS to auto-mount your ZFS filesystems during boot, you should set their <code>mountpoint</code> property to <code>legacy</code> and treat it like if it were any other filesystem, i.e.: mount the filesystem manually and regenerate your list of filesystems, as such: | If you want NixOS to auto-mount your ZFS filesystems during boot, you should set their <code>mountpoint</code> property to <code>legacy</code> and treat it like if it were any other filesystem, i.e.: mount the filesystem manually and regenerate your list of filesystems, as such: | ||
<syntaxhighlight lang=console> | <syntaxhighlight lang="console"> | ||
zfs set mountpoint=legacy <pool>/<fs> | zfs set mountpoint=legacy <pool>/<fs> | ||
</syntaxhighlight> | </syntaxhighlight> | ||
<syntaxhighlight lang=console> | <syntaxhighlight lang="console"> | ||
mount -t zfs <pool>/<fs> <mountpoint> | mount -t zfs <pool>/<fs> <mountpoint> | ||
</syntaxhighlight> | </syntaxhighlight> | ||
This will regenerate your /etc/nixos/hardware-configuration.nix file: | This will regenerate your /etc/nixos/hardware-configuration.nix file: | ||
<syntaxhighlight lang=console> | <syntaxhighlight lang="console"> | ||
nixos-generate-config | nixos-generate-config | ||
</syntaxhighlight> | </syntaxhighlight> | ||
<syntaxhighlight lang=console> | <syntaxhighlight lang="console"> | ||
nixos-rebuild switch | nixos-rebuild switch | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 53: | Line 53: | ||
The <code>nixos-generate-config</code> command regenerates your <code>/etc/nixos/hardware-configuration.nix</code> file, which includes the list of filesystems for NixOS to mount during boot, e.g.: | The <code>nixos-generate-config</code> command regenerates your <code>/etc/nixos/hardware-configuration.nix</code> file, which includes the list of filesystems for NixOS to mount during boot, e.g.: | ||
<syntaxhighlight lang=nix> | <syntaxhighlight lang="nix"> | ||
fileSystems."/home" = | fileSystems."/home" = | ||
{ device = "rpool/home"; | { device = "rpool/home"; | ||
| Line 72: | Line 72: | ||
To change the maximum size of the ARC cache to (for example) 12 GB, add this to your NixOS configuration: | To change the maximum size of the ARC cache to (for example) 12 GB, add this to your NixOS configuration: | ||
<syntaxhighlight lang=nix> | <syntaxhighlight lang="nix"> | ||
boot.kernelParams = ["zfs.zfs_arc_max=12884901888"]; | boot.kernelParams = ["zfs.zfs_arc_max=12884901888"]; | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 81: | Line 81: | ||
Regular scrubbing of ZFS pools is recommended and can be enabled in your NixOS configuration via: | Regular scrubbing of ZFS pools is recommended and can be enabled in your NixOS configuration via: | ||
<syntaxhighlight lang=nix> | <syntaxhighlight lang="nix"> | ||
services.zfs.autoScrub.enable = true; | services.zfs.autoScrub.enable = true; | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 93: | Line 93: | ||
To enable reservations pick any dataset of your and do: | To enable reservations pick any dataset of your and do: | ||
: reserves enough disk space to have room for cleanups/deletion | : reserves enough disk space to have room for cleanups/deletion | ||
<syntaxhighlight lang=console> | <syntaxhighlight lang="console"> | ||
zfs set reservation=1G zroot | zfs set reservation=1G zroot | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 103: | Line 103: | ||
To auto-snapshot a ZFS filesystem or a ZVol, set its <code>com.sun:auto-snapshot</code> property to <code>true</code>, like this: | To auto-snapshot a ZFS filesystem or a ZVol, set its <code>com.sun:auto-snapshot</code> property to <code>true</code>, like this: | ||
<syntaxhighlight lang=console> | <syntaxhighlight lang="console"> | ||
zfs set com.sun:auto-snapshot=true <pool>/<fs> | zfs set com.sun:auto-snapshot=true <pool>/<fs> | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 110: | Line 110: | ||
Then, to enable the auto-snapshot service, add this to your <code>configuration.nix</code>: | Then, to enable the auto-snapshot service, add this to your <code>configuration.nix</code>: | ||
<syntaxhighlight lang=nix> | <syntaxhighlight lang="nix"> | ||
services.zfs.autoSnapshot.enable = true; | services.zfs.autoSnapshot.enable = true; | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 119: | Line 119: | ||
You can globally override this configuration by setting the desired number of snapshots in your <code>configuration.nix</code>, like this: | You can globally override this configuration by setting the desired number of snapshots in your <code>configuration.nix</code>, like this: | ||
<syntaxhighlight lang=nix> | <syntaxhighlight lang="nix"> | ||
services.zfs.autoSnapshot = { | services.zfs.autoSnapshot = { | ||
enable = true; | enable = true; | ||
| Line 129: | Line 129: | ||
You can also disable a given type of snapshots on a per-dataset basis by setting a ZFS property, like this: | You can also disable a given type of snapshots on a per-dataset basis by setting a ZFS property, like this: | ||
<syntaxhighlight lang=console> | <syntaxhighlight lang="console"> | ||
zfs set com.sun:auto-snapshot:weekly=false <pool>/<fs> | zfs set com.sun:auto-snapshot:weekly=false <pool>/<fs> | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 141: | Line 141: | ||
These instructions will get you started with a single-disk ZFS setup. If you're interested in setting up RAID, see below. | These instructions will get you started with a single-disk ZFS setup. If you're interested in setting up RAID, see below. | ||
<syntaxhighlight lang=console> | <syntaxhighlight lang="console"> | ||
# Always use the by-id aliases for devices, otherwise ZFS can choke on imports. | # Always use the by-id aliases for devices, otherwise ZFS can choke on imports. | ||
DISK=/dev/disk/by-id/... | DISK=/dev/disk/by-id/... | ||
| Line 215: | Line 215: | ||
(thanks to Danny Wilson for the instructions) | (thanks to Danny Wilson for the instructions) | ||
<syntaxhighlight lang=console> | <syntaxhighlight lang="console"> | ||
# Add the zfs filesystem to the install environment (note this is no longer | # Add the zfs filesystem to the install environment (note this is no longer | ||
# necessary since nixOS 18.09, as the install environment comes with | # necessary since nixOS 18.09, as the install environment comes with | ||
| Line 311: | Line 311: | ||
Encrypted datasets can be added on top as follow: | Encrypted datasets can be added on top as follow: | ||
: posixacl are needed for journald | : posixacl are needed for journald | ||
<syntaxhighlight lang=console> | <syntaxhighlight lang="console"> | ||
zfs create -o acltype=posixacl -o xattr=sa -o encryption=aes-256-gcm -o keyformat=passphrase -o mountpoint=none zroot/root | zfs create -o acltype=posixacl -o xattr=sa -o encryption=aes-256-gcm -o keyformat=passphrase -o mountpoint=none zroot/root | ||
</syntaxHighlight> | </syntaxHighlight> | ||
Instead of encrypting just a dataset (and all its child datasets) you can also directly encrypt the whole pool upon creation: | Instead of encrypting just a dataset (and all its child datasets) you can also directly encrypt the whole pool upon creation: | ||
<syntaxhighlight lang=console> | <syntaxhighlight lang="console"> | ||
zpool create -o ashift=12 -o altroot="/mnt" -O encryption=aes-256-gcm -O keyformat=passphrase zroot /dev/sdxy | zpool create -o ashift=12 -o altroot="/mnt" -O encryption=aes-256-gcm -O keyformat=passphrase zroot /dev/sdxy | ||
</syntaxHighlight> | </syntaxHighlight> | ||
| Line 325: | Line 325: | ||
A full encrypted nixos installation on an UEFI system could look like this: | A full encrypted nixos installation on an UEFI system could look like this: | ||
<syntaxhighlight lang=console> | <syntaxhighlight lang="console"> | ||
zfs create -o mountpoint=legacy -o sync=disabled zroot/root/tmp | zfs create -o mountpoint=legacy -o sync=disabled zroot/root/tmp | ||
zfs create -o mountpoint=legacy -o com.sun:auto-snapshot=true zroot/root/home | zfs create -o mountpoint=legacy -o com.sun:auto-snapshot=true zroot/root/home | ||
| Line 331: | Line 331: | ||
</syntaxHighlight> | </syntaxHighlight> | ||
<syntaxhighlight lang=console> | <syntaxhighlight lang="console"> | ||
mount -t zfs zroot/root/nixos /mnt | mount -t zfs zroot/root/nixos /mnt | ||
mkdir /mnt/{home,tmp,boot} | mkdir /mnt/{home,tmp,boot} | ||
</syntaxHighlight> | </syntaxHighlight> | ||
: assuming that /dev/sda1 is the boot partition | : assuming that /dev/sda1 is the boot partition | ||
<syntaxhighlight lang=console> | <syntaxhighlight lang="console"> | ||
mkfs.vfat /dev/sda1 | mkfs.vfat /dev/sda1 | ||
mount /dev/sda1 /mnt/boot/ | mount /dev/sda1 /mnt/boot/ | ||
</syntaxHighlight> | </syntaxHighlight> | ||
<syntaxhighlight lang=console> | <syntaxhighlight lang="console"> | ||
mount -t zfs zroot/root/home /mnt/home/ | mount -t zfs zroot/root/home /mnt/home/ | ||
mount -t zfs zroot/root/tmp /mnt/tmp/ | mount -t zfs zroot/root/tmp /mnt/tmp/ | ||
</syntaxHighlight> | </syntaxHighlight> | ||
<syntaxhighlight lang=console> | <syntaxhighlight lang="console"> | ||
nixos-generate-config --root /mnt | nixos-generate-config --root /mnt | ||
</syntaxHighlight> | </syntaxHighlight> | ||
| Line 358: | Line 358: | ||
In case you want unlock a machine remotely (after an update), having a dropbear ssh service in initrd for the password prompt is handy: | In case you want unlock a machine remotely (after an update), having a dropbear ssh service in initrd for the password prompt is handy: | ||
<syntaxhighlight lang=nix> | <syntaxhighlight lang="nix"> | ||
boot = { | boot = { | ||
initrd.network = { | initrd.network = { | ||
| Line 397: | Line 397: | ||
The following example follows the remote unlocking with dropbear, but imports another pool also and prompts for unlocking (either when at the machine itself or when logging in remotely: | The following example follows the remote unlocking with dropbear, but imports another pool also and prompts for unlocking (either when at the machine itself or when logging in remotely: | ||
<syntaxhighlight lang=nix> | <syntaxhighlight lang="nix"> | ||
boot = { | boot = { | ||
initrd.network = { | initrd.network = { | ||
| Line 422: | Line 422: | ||
* For older versions it is still possible to enable it in the existing ISO at runtime adding: | * For older versions it is still possible to enable it in the existing ISO at runtime adding: | ||
<syntaxhighlight lang=nix> | <syntaxhighlight lang="nix"> | ||
{ | { | ||
boot.supportedFilesystems = [ "zfs" ]; | boot.supportedFilesystems = [ "zfs" ]; | ||