| 10 May 2026 |
 sudoforge | (in case this isn't clear to you trumee - the swap partition is not formatted with zfs and is not a zvol) | 15:13:56 |
 dantefromhell | I've been doing ZFS & swap on a separate partition + hibernate on multiple devices for multiple years w/o pool corruption #DataPoint | 15:16:27 |
 trumee | Yes, my swap is ext4. | 15:16:36 |
| sudoforge | well that makes sense, since zfs has nothing to do with the swap partition | 15:16:47 |
| sudoforge | * dantefromhell well that makes sense, since zfs has nothing to do with the swap partition | 15:17:17 |
| sudoforge | then you should be good to go! | 15:17:40 |
| trumee | did you set this up, https://wiki.nixos.org/wiki/ZFS#Partial_support_for_swap_on_ZFS ? | 15:18:21 |
| trumee | Wiki does not recommend boot.zfs.allowHibernation = true | 15:19:05 |
| sudoforge | because this is for hibernation on swap space that is on a zvol | 15:19:56 |
| sudoforge | you're conflating "i use zfs on /some/partition and have a separate ext4 fs on /another/partition" with "zfs is managing my entire disk" | 15:20:31 |
| trumee | so that option is irrelevant for my ext4 setup i suppose | 15:20:57 |
| sudoforge | correct. | 15:21:06 |
| trumee | so i just need to set boot.resumeDevice ? | 15:22:07 |
| sudoforge | well, you need to specify the swap device too. see: https://wiki.nixos.org/wiki/Power_Management#Hibernation | 15:23:14 |
| trumee | do i need to turn off randomEncryption?,
swapDevices = [
{
device = "/dev/sda3";
randomEncryption.enable = true;
}
| 15:26:23 |
| sudoforge | yes; random encryption is not compatible with hibernation, since you don't know the key used to unlock it when you resume | 15:27:34 |
| sudoforge | you can encrypt it with a known key (passphrase, security key, clevis+tang) instead | 15:28:13 |
| sudoforge | you can optionally encrypt it and add the TPM device as a key, allowing you to automatically decrypt it | 15:28:48 |
| sudoforge | * you can optionally encrypt it and add the TPM device as a key, allowing you to automatically decrypt it. this is inherently less secure, though. | 15:29:09 |
| dantefromhell | In reply to @rajil:rajils.com
did you set this up, https://wiki.nixos.org/wiki/ZFS#Partial_support_for_swap_on_ZFS ? nope... IIRC when I created my disk layouts (i'm using disko everywhere) swap on zvol was discouraged too | 15:29:37 |
| trumee | i use a yubikey to decrypt on bootup. | 15:29:57 |
| sudoforge | to decrypt what, though | 15:30:23 |
| sudoforge | your zfs pool, i'm guessing | 15:30:39 |
| sudoforge | so you can just turn off randomEncryption and enroll your yubikey as a key for the swap partition | 15:31:58 |
| trumee | This is my setup https://discourse.nixos.org/t/yubikey-fido2-and-boot-initrd-systemd/60051/18?u=trumee. I have a separate Luks partition which gets opened by the Yubikey. | 15:32:43 |
| trumee | I am using ZFS encryption. The key is on the luks partition, /run/filesystemkeys | 15:33:42 |
| sudoforge | so... you're creating a random key within a luks container to unlock your zfs pool | 15:42:00 |
| sudoforge | i guess you could enroll that as a keyfile for your swap partition too | 15:42:34 |
| sudoforge | since, once again, it has nothing to do with zfs at all | 15:42:58 |
| trumee | yes, that seems a good way forward | 15:59:01 |
