last updated: 2023/07/28

install:			dnf install -y https://zfsonlinux.org/fedora/zfs-release-2-2$(rpm --eval "%{dist}").noarch.rpm && dnf install -y zfs --allowerasing
auto load kmod:			echo zfs > /etc/modules-load.d/zfs.conf
support secure boot:		mokutil --import /var/lib/dkms/mok.pub

get drives:			ls -lha /dev/disk/by-id
create encryption key:		dd if=/dev/random of=/path/to/key bs=1 count=32
create encrypted pool:		zpool create -f -o ashift=12 -o feature@encryption=enabled -O encryption=aes-256-gcm -O keylocation=file:///path/to/key -O keyformat=raw -m /mnt/tank tank raidz1 [n drives here]
create pool:			zpool create -f -o ashift=12 -m /mnt/tank tank raidz1 [n drives here]
mandatory tuning:		zfs set acltype=posixacl atime=off relatime=off xattr=sa dnodesize=auto compression=zstd tank && zpool set autoexpand=on tank && zpool set autotrim=on tank
add another vdev to pool:	zpool add tank raidz1 [n drives here]
add (read) cache:		zpool add tank cache [drive here]
add slog (write buffer):	zpool add tank log mirror [2 drives here]

create dataset:			zfs create tank/testing
create dataset at mount:	zfs create -o mountpoint=/mnt/testing tank/testing
create encrypted dataset:	zfs create -o encryption=aes-256-gcm -o keyformat=raw -o keylocation=file:///path/to/key tank/encrypt
create zvol:			zfs create -V 128G tank/vdisk1

enable acl:			zfs set acltype=posixacl tank
disable atime:			zfs set atime=off relatime=off tank
efficient xattrs:		zfs set xattr=sa dnodesize=auto tank
enable compression:		zfs set compression=zstd tank
get compression ratio:		zfs get compressratio
enable expansion:		zpool set autoexpand=on tank
enable dedup (slow!):		zfs set dedup=on tank
get dedup stats:		zpool status -D tank -v

read/writes:			zpool iostat -v
health:				zpool status -v
pool use:			zpool list -v
dataset use:			zfs list

scrub:				zpool scrub tank
automatic scrub:		systemctl enable zfs-scrub-weekly@tank.timer
replace disk:			zpool replace tank old new

enable trim:			zpool set autotrim=on tank
manual trim:			zpool trim tank
get status:			zpool status -t tank

check key loaded:		zfs get keystatus tank/encrypt
load key:			zfs load-key -r tank/encrypt
unload encryption key:		zfs unload-key -r tank/encrypt

list snapshots:			zfs list -t snapshot
rollback:			zfs rollback tank/test@mark

unmount dataset:		zfs unmount tank/test
unregister pool:		zpool export tank

destroy pool:			zpool destroy tank
destroy dataset/snap:		zfs destroy tank/test

unlock at boot: nano /etc/systemd/system/zfs-load-key.service
----
[Unit]
Description=Load encryption keys
DefaultDependencies=no
After=zfs-import.target
Before=zfs-mount.service

[Service]
Type=oneshot
RemainAfterExit=yes
#adjust the path as necessary, (bin for arch, sbin for fedora)
ExecStart=/usr/sbin/zfs load-key -a
StandardInput=tty-force

[Install]
WantedBy=zfs-mount.service
----
sudo systemctl enable zfs-load-key.service --now


https://openzfs.github.io/openzfs-docs/Getting%20Started/Fedora/index.html
https://wiki.archlinux.org/title/ZFS
https://timor.site/2021/11/creating-fully-encrypted-zfs-pool/
strongly recommended reading: https://pthree.org/2012/04/17/install-zfs-on-debian-gnulinux/
tler: https://old.reddit.com/r/DataHoarder/comments/84e9uo/wd_8tb_mybook_hgst_helium_enterprise_drive_white/dy98y89/
raidz 4k waste: https://github.com/openzfs/zfs/issues/548
native encryption issues: https://github.com/openzfs/zfs/issues/12594#issuecomment-929941596
note native encryption doesn't encrypt *all* metadata, use dm-crypt if necessary
https://superuser.com/questions/384095/how-to-force-a-remap-of-sectors-reported-in-s-m-a-r-t-c5-current-pending-secto
https://svennd.be/basic-zfs-tune-tips/
https://jrs-s.net/2018/08/17/zfs-tuning-cheat-sheet/


If you need a license for this file, consider it CC0