🖊️ About 300 words ⏱️ 2 minutes

Intro

I was revisiting my complete backup strategy and instead of using one more technology to remember and maintain, I decided to simply use ZFS instead !

Delete existing partition scheme (if needed)

doas gpart destroy -F /dev/da0

Create a GPT scheme

doas gpart create -s gpt /dev/da0

Create a single partition

Using the whole drive aligned at 1M boundary with a label “extdrive”. This drive will show up at /dev/gpt/extdrive

gpart add -a 1m -l extdrive -t freebsd-zfs /dev/da0

Create a zpool named “backup” with encrypted datasets on two drives

zpool create backup /dev/sdc1 /dev/sdd1

or for one partition

zpool create backup /dev/da0p1

Create the encrypted datasets

doas zfs create -o encryption=on -o keyformat=passphrase -o keylocation=prompt backup/pics
doas zfs create -o encryption=on -o keyformat=passphrase -o keylocation=prompt backup/cirrus7r
doas zfs create -o encryption=on -o keyformat=passphrase -o keylocation=prompt backup/xps

Sequence of Events to start

doas zpool import backup
doas zpool status # to check
doas zfs load-key backup/pics
doas zfs load-key backup/xps
doas zfs load-key backup/cirrus7r
doas zfs mount -a

Sequence of Events to stop

doas zfs umount -a
doas zfs unload-key -a
doas zpool export backup

How to create a backup into another drive without decrypting the dataset

First, import both source pool and destination pool

doas zpool import backup-source
doas zpool import backup-dest

Create a directory on backup-dest

doas mkdir /backup-dest/pics

Send / Recv raw

doas zfs send -w backup-source/pics|doas zfs recv backup-dest/pics

Check with

doas zfs list