- #Openzfs native encryption install
- #Openzfs native encryption software
- #Openzfs native encryption series
Every disk will follow the same layout: 1MB BIOS boot partition | 2GB boot partition | ~10TB ZFS partition It seems that it tries to compile the kernel module for multiple versions, and the while compiling it for the installed kernel version does work, a more recent version doesn’t. Note that in my case I got an error complaining that the module could not be built for Linux 5.13.
#Openzfs native encryption install
Rescue# apt install -y zfs-dkms zfsutils-linux Rescue# apt install -y dpkg-dev linux-headers-$(uname -r) linux-image-amd64 Rescue# nano /etc/apt/preferences.d/90_zfs # edit as instructed Following the instructions: rescue# nano /etc/apt//buster-backports.list # edit as instructed
#Openzfs native encryption software
Step 2: setting up the disks #Īfter we’ve logged into the rescue system, we need to install the ZFS software to be able to create ZFS pools. At the date of this article, it is important to use the “Linux (old)” image, since it uses a kernel version (5.10) which is compatible with the ZFS shipped by Debian, while the newer image does not.įrom the rescue system we will setup the drives, gather needed information about the system, edit configuration.nix, install NixOS, and then reboot into it. This loads a live Debian CD onto the server, from which we can setup the disks and install NixOS.įollow the instructions in the link above to boot into it. The installation is executed from inside the Hetzner rescue system. Installing NixOS # Step 1: booting into the rescue system # However we want redundancy there too, therefore we mirror the /boot partition over all the drives, using the mirroredBoots NixOS option.įinally, we setup an SSH server which runs in initrd, before the server fully boots, to be able to unlock the encrypted ZFS drive remotely with ease. Since the root ZFS filesystem is encrypted, we need a separate /boot partition to start the boot process. We also verify that these measures work by intentionally messing with the system after the first install. If a drive fails, it should be replaced soon! Therefore, we use smartd and ZED to alert us when something goes wrong, and mailgun to deliver email. We use ZFS also for full-disk encryption and volume management - to be able to easily expand the storage space when needed. This is equivalent to RAID5: one disk is used for parity, which means that the system can survive at most one drive failure. We use the raidz ZFS configuration to achieve redundancy. The root filesystem is going to be the ZFS filesystem. The system is configured with NixOS, which means that the whole configuration will end up being a single ~250 lines file.
#Openzfs native encryption series
If you’re familiar with NixOS/Hetzner/ZFS already, you can also skip to the configuration.nix file to get a gist of the setup.Īlso refer to the acknowledgements for a series of useful links on these topics. I then spent a few days installing and testing the software, and since it is not a very streamlined procedure, this article describes what I did in the hope of saving somebody else some time.
I didn’t consider alternatives, since we’ve used Hetzner for years and we’ve found them to be an excellent provider.
For 75EUR / month, at no setup cost, I rented a machine with four 10TB enterprise hard drives. I quickly selected a server on Hetzner’s server auction.
0 kommentar(er)
