From 95c50af0d6c718be657a9e68ab17766672291440 Mon Sep 17 00:00:00 2001
From: Michele Cereda <cereda.michele@gmail.com>
Date: Mon, 6 Jun 2022 22:39:08 +0200
Subject: [PATCH] Improved ZFS-related knowledge base and scripts

---
 knowledge base/zfs.md                    | 20 +++++++++++++++---
 scripts/create-a-crypted-btrfs-device.sh | 14 +++++++++----
 scripts/create-a-crypted-zfs-device.sh   | 26 ++++++++++++++++++++++++
 scripts/dnf/zfs.install.sh               | 15 ++++++++++++++
 4 files changed, 68 insertions(+), 7 deletions(-)
 create mode 100755 scripts/create-a-crypted-zfs-device.sh
 create mode 100644 scripts/dnf/zfs.install.sh

diff --git a/knowledge base/zfs.md b/knowledge base/zfs.md
index f374470..978ea94 100644
--- a/knowledge base/zfs.md	
+++ b/knowledge base/zfs.md	
@@ -3,10 +3,17 @@
 ## TL;DR
 
 ```sh
-# create a single device pool
+# Create a pool from a single device.
 zpool create pool_name device
 
-# list pools
+# Create an encrypted pool from multiple devices.
+sudo zpool create \
+  -o feature@encryption=enabled \
+  -O encryption=on -O keyformat=passphrase \
+  pool_name \
+  /dev/sdb /dev/sdc /dev/sdd
+
+# List available pools.
 zpool list
 
 # show pools configuration and status
@@ -52,6 +59,9 @@ zpool upgrade -a
 # get a pool's properties
 zpool get all pool_name
 
+# set a pool's properties
+zpool set compression=lz4 pool_name
+
 # add a vdev to a mirrored pool
 zpool attach pool_name first_drive_in_existing_mirror new_dev
 
@@ -208,12 +218,16 @@ sudo zpool \
 - [aaron toponce's article on zfs administration]
 - [archlinux wiki]
 - [article on zfs on linux]
+- [OpenZFS docs]
+- [Creating fully encrypted ZFS pool]
 
 [aaron toponce's article on zfs administration]: https://pthree.org/2012/12/04/zfs-administration-part-i-vdevs/
-[archlinux wiki]: https://wiki.archlinux.org/index.php/ZFS
+[archlinux wiki]: https://wiki.archlinux.org/title/ZFS
 [article on zfs on linux]: https://blog.heckel.io/2017/01/08/zfs-encryption-openzfs-zfs-on-linux
 [cheat.sh/zfs]: https://cheat.sh/zfs
+[creating fully encrypted zfs pool]: https://timor.site/2021/11/creating-fully-encrypted-zfs-pool/
 [gentoo wiki]: https://wiki.gentoo.org/wiki/ZFS
 [how to enable zfs deduplication]: https://linuxhint.com/zfs-deduplication/
+[openzfs docs]: https://openzfs.github.io/openzfs-docs/
 [oracle solaris zfs administration guide]: https://docs.oracle.com/cd/E19253-01/819-5461/index.html
 [zfs support + kernel, best approach]: https://forum.manjaro.org/t/zfs-support-kernel-best-approach/33329/2
diff --git a/scripts/create-a-crypted-btrfs-device.sh b/scripts/create-a-crypted-btrfs-device.sh
index 774ff0c..5a430f7 100755
--- a/scripts/create-a-crypted-btrfs-device.sh
+++ b/scripts/create-a-crypted-btrfs-device.sh
@@ -5,9 +5,12 @@
 
 : "${MOUNT_OPTIONS:=compress-force=zstd}"
 : "${MOUNT_POINT:=/mnt/$LABEL}"
+: "${USERNAME:=root}"
+: "${GROUPNAME:=root}"
+: "${CLOSE_WHEN_DONE:=true}"
 
-[[ $EUID -eq 0 ]]  || (echo "Please rerun this script with root privileges" && exit 1)
-[[ -f "$DEVICE" ]] || echo "${DEVICE} not found"
+[[ $EUID -eq 0 ]]  || (echo "Re-run this script with root privileges" >&2 && exit 1)
+[[ -b "$DEVICE" ]] || (echo "${DEVICE} not found" >&2 && exit 1)
 
 cryptsetup luksFormat "$DEVICE"
 cryptsetup open "$DEVICE" "$LABEL"
@@ -21,5 +24,8 @@ btrfs subvolume create "$MOUNT_POINT/data"
 
 chown "$USER":"$USER" "$MOUNT_POINT/data"
 
-umount "/mnt/${LABEL}"
-cryptsetup close "$DEVICE"
+if [[ "$CLOSE_WHEN_DONE" ]]
+then
+	umount "/mnt/${LABEL}"
+	cryptsetup close "$DEVICE"
+fi
diff --git a/scripts/create-a-crypted-zfs-device.sh b/scripts/create-a-crypted-zfs-device.sh
new file mode 100755
index 0000000..ad518b4
--- /dev/null
+++ b/scripts/create-a-crypted-zfs-device.sh
@@ -0,0 +1,26 @@
+#!/usr/bin/env sh
+
+: ${DEVICE:?not set}
+: ${POOL_NAME:?not set}
+
+: "${DATASET:=data}"
+: "${MOUNT_POINT:=/mnt/${POOL_NAME}}"
+: "${USERNAME:=root}"
+: "${GROUPNAME:=root}"
+: "${UNMOUNT_WHEN_DONE:=true}"
+
+[[ $EUID -eq 0 ]]  || (echo "Re-run this script with root privileges" >&2 && exit 1)
+[[ -b "$DEVICE" ]] || (echo "${DEVICE} not found" >&2 && exit 1)
+
+zpool create \
+	-o feature@encryption=enabled \
+	-O mountpoint="$MOUNT_POINT" \
+	-O encryption=on -O keyformat=passphrase \
+	-O compression=zstd \
+	"$POOL_NAME" \
+	"$DEVICE"
+
+zfs create "${POOL_NAME}/${DATASET_NAME}"
+chown "$USERNAME":"$GROUPNAME" "${MOUNT_POINT}/${DATASET_NAME}"
+
+[[ "$UNMOUNT_WHEN_DONE" ]] && zfs unmount "${POOL_NAME}/${DATASET_NAME}"
diff --git a/scripts/dnf/zfs.install.sh b/scripts/dnf/zfs.install.sh
new file mode 100644
index 0000000..1b3d651
--- /dev/null
+++ b/scripts/dnf/zfs.install.sh
@@ -0,0 +1,15 @@
+#!/usr/bin/env sh
+
+# sources:
+# - https://openzfs.github.io/openzfs-docs/Getting%20Started/Fedora/index.html
+
+# needs to be installed before zsf
+sudo dnf install -y kernel-devel
+
+# the repo's package is not maintained
+sudo rpm -e --nodeps zfs-fuse
+
+sudo dnf install -y https://zfsonlinux.org/fedora/zfs-release$(rpm -E %dist).noarch.rpm
+sudo dnf install -y zfs
+echo zfs | sudo tee /etc/modules-load.d/zfs.conf
+sudo modprobe zfs