| 21 Dec 2024 |
 Raj | Also, if you can think of an easier way to create a USB stick with (i) a bootable NixOS (for recovery purposes) and (ii) persistent storage of important files, that'd work for me too! | 20:12:39 |
| Raj | * Also, if you can think of an easier way to create a USB stick with (i) a bootable custom NixOS (for recovery purposes) and (ii) persistent storage of important files, that'd work for me too! | 20:12:50 |
|  ·☽•Nameless☆•777 · ± changed their profile picture. | 21:37:37 |
 waltmck | hey, what is the best way to set up encrypted ZFS on root using disko? | 23:54:59 |
| waltmck | Is there a way to get it to prompt me for a passphrase while I am provisioning the dataset? | 23:55:36 |
| waltmck | also, what is the difference between zpool.<name>.rootFsOptions and zpool.<name>.options? | 23:58:42 |
| 22 Dec 2024 |
| waltmck | and generally I want to make sure I understand how zfs property inheritance works with disko | 00:18:08 |
 Enzime | In reply to @waltmck:matrix.org
also, what is the difference between zpool.<name>.rootFsOptions and zpool.<name>.options? zpool options are https://openzfs.github.io/openzfs-docs/man/master/7/zpoolprops.7.html | 00:19:28 |
| Enzime | whereas the rootfsoptions is https://openzfs.github.io/openzfs-docs/man/master/7/zfsprops.7.html | 00:19:46 |
| Enzime | because every zpool has an implicit 'root' dataset | 00:20:05 |
| Enzime | In reply to @waltmck:matrix.org
Is there a way to get it to prompt me for a passphrase while I am provisioning the dataset? it should do that if you don't set passwordFile or keyFile | 00:20:27 |
| Enzime | how are you using disko? | 00:20:41 |
| waltmck | I'm not sure yet. I have used it with nixos-anywhere in the pass to deploy to headless servers, but it may be difficult since I am trying to set up encrypted root. I have physical access to this machine | 00:21:36 |
| waltmck | * I'm not sure yet. I have used it with nixos-anywhere in the past to deploy to headless servers, but it may be difficult since I am trying to set up encrypted root. I have physical access to this machine | 00:21:49 |
| Enzime | In reply to @waltmck:matrix.org
I'm not sure yet. I have used it with nixos-anywhere in the past to deploy to headless servers, but it may be difficult since I am trying to set up encrypted root. I have physical access to this machine it should work fine with nixos-anywhere | 00:23:53 |
| Enzime | I'm not sure if I've tested if the prompting for passwords works correctly over SSH though | 00:24:07 |
| Enzime | it should work | 00:24:23 |
| Enzime | https://github.com/nix-community/nixos-anywhere/blob/main/docs/cli.md?plain=1#L41-L43 | 00:24:48 |
| waltmck | I'll check! | 00:24:59 |
| Enzime | In reply to @enzime:nixos.dev
https://github.com/nix-community/nixos-anywhere/blob/main/docs/cli.md?plain=1#L41-L43 this option is for if you want to write the password from a file and read it from that file | 00:25:16 |
| Enzime | you'll need to set the corresponding passwordFile though for your luks | 00:25:40 |
| Enzime | you shouldn't need to use this flag if you want to prompt for your password | 00:26:16 |
| waltmck | I'm not using luks, I'm using zfs native encryption | 00:27:10 |
| waltmck | but I set keylocation="prompt", I'll see if that works | 00:27:45 |
| waltmck | Do you see anything obviously stupid in my config? | 00:28:06 |
| waltmck | (I separated the datasets part into a different file from the vdev part) | 00:28:46 |
| Enzime | oh... I'm not sure if we've implemented any ZFS encryption password handling code | 00:28:57 |
| Enzime | is there a particular reason you want to use ZFS native encryption? | 00:29:26 |
| waltmck | So that I can zfs send incremental encrypted backups to an offsite server, primarily | 00:29:55 |
| Enzime | just wanted to make sure you have an actual usecase as I still see a lot of people recommending to avoid ZFS native encryption | 00:31:02 |
