There’s really no benefit to use ZFS encryption in Qubes at all that I’m aware of. The underlying block devices that comprise the vdevs should be LUKS2 encrypted (unless you’re deliberately going outside of this approach for some reason)
If you want to make use of zfs send/recv to create/restore backups, yes. It’s nice to be able to have snapshots of /boot and /etc for example
TY,
For the 256GB NVMe, holding swap, temp, log, I’m only asking if it’s worth ZFS’ing it, not questioning encryption. Should I keep this disk EXT4/swap, or should I make it ZFS ?
For the backup disk, I understand there would be advantage to ZFS it as well, to use the ZFS send/receive, and that ZFS backup will be able to accept the non-ZFS partitions (backup) such as /boot, and root /
For the earlier question about encryption of the /var/lib/qubes on the mirror ZFS, I understand there is no benefit, IF the disk is already FDE LUKS2 … so I should have first a partition (like LVM) in LUKS, and THEN make it ZFS, right ? (and that would solve the question about encryption integration)
My mistake, I read too fast
I’m not the best to offer advice there. I’m not sure that you gain much using zfs for tmp or log, but haven’t thought much about it
For swap specifically, you may want to look into zswap. I haven’t used it myself but have heard good things
Yes, that sounds right:
ZRAM is better than zswap because it compress all RAM and makes SWAP in RAM same time.
Ah yes I read about this here - it’s on my list to test out
Thanks for that
The thread I learned about it from originally was this one, I think
aarrrgggg
I can’t !!
[lipsum@dom0 ~]$ cd ZFS-fedora-installer [lipsum@dom0 ZFS-fedora-installer]$ sudo ./deploy-zfs 0m0.05 II Installing packages: kernel-6.15.4-1.qubes.fc37.x86_64, kernel-devel-6.15.4-1.qubes.fc37.x86_64 Using sys-firewall as UpdateVM for Dom0 Downloading packages. This may take a while... Updating and loading repositories: Fedora 37 - x86_64 100% | 20.9 KiB/s | 5.6 KiB | 00m00s Fedora 37 - x86_64 - Updates 100% | 34.4 KiB/s | 5.5 KiB | 00m00s Qubes Host Repository (updates) 100% | 5.8 KiB/s | 2.7 KiB | 00m00s Repositories loaded. Failed to resolve the transaction: No match for argument: kernel-6.15.4-1.qubes.fc37.x86_64 No match for argument: kernel-devel-6.15.4-1.qubes.fc37.x86_64 You can try to add to command line: --skip-unavailable to skip unavailable packages 0m3.99 EE This is not a retryable error, it should not be retried. 0m3.99 II Rewinding stack of actions. 0m3.99 II Rewind complete. 0m3.99 EE Unexpected error Traceback (most recent call last): File "/home/lipsum/ZFS-fedora-installer/./src/installfedoraonzfs/__init__.py", line 2028, in deploy_zfs deploy_zfs_in_machine( File "/home/lipsum/ZFS-fedora-installer/./src/installfedoraonzfs/__init__.py", line 1860, in deploy_zfs_in_machine pkgmgr.ensure_packages_installed(pkgs) File "/home/lipsum/ZFS-fedora-installer/./src/installfedoraonzfs/pm.py", line 172, in ensure_packages_installed _run_with_retries(cmd) File "/home/lipsum/ZFS-fedora-installer/./src/installfedoraonzfs/pm.py", line 27, in _run_with_retries return r(lambda: _check_call_detect_retryable_errors(cmd))() # type: ignore ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/lipsum/ZFS-fedora-installer/./src/installfedoraonzfs/retry.py", line 47, in retryer return kallable(*a, **kw) ^^^^^^^^^^^^^^^^^^ File "/home/lipsum/ZFS-fedora-installer/./src/installfedoraonzfs/pm.py", line 27, in <lambda> return r(lambda: _check_call_detect_retryable_errors(cmd))() # type: ignore ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/lipsum/ZFS-fedora-installer/./src/installfedoraonzfs/pm.py", line 90, in _check_call_detect_retryable_errors raise subprocess.CalledProcessError(ret, cmd, output=out) subprocess.CalledProcessError: Command '['qubes-dom0-update', '--action=install', '--console', '-y', 'kernel-6.15.4-1.qubes.fc37.x86_64', 'kernel-devel-6.15.4-1.qubes.fc37.x86_64']' returned non-zero exit status 1. Traceback (most recent call last): File "/home/lipsum/ZFS-fedora-installer/./deploy-zfs", line 11, in <module> sys.exit(installfedoraonzfs.deploy_zfs()) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/lipsum/ZFS-fedora-installer/./src/installfedoraonzfs/__init__.py", line 2028, in deploy_zfs deploy_zfs_in_machine( File "/home/lipsum/ZFS-fedora-installer/./src/installfedoraonzfs/__init__.py", line 1860, in deploy_zfs_in_machine pkgmgr.ensure_packages_installed(pkgs) File "/home/lipsum/ZFS-fedora-installer/./src/installfedoraonzfs/pm.py", line 172, in ensure_packages_installed _run_with_retries(cmd) File "/home/lipsum/ZFS-fedora-installer/./src/installfedoraonzfs/pm.py", line 27, in _run_with_retries return r(lambda: _check_call_detect_retryable_errors(cmd))() # type: ignore ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/lipsum/ZFS-fedora-installer/./src/installfedoraonzfs/retry.py", line 47, in retryer return kallable(*a, **kw) ^^^^^^^^^^^^^^^^^^ File "/home/lipsum/ZFS-fedora-installer/./src/installfedoraonzfs/pm.py", line 27, in <lambda> return r(lambda: _check_call_detect_retryable_errors(cmd))() # type: ignore ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/lipsum/ZFS-fedora-installer/./src/installfedoraonzfs/pm.py", line 90, in _check_call_detect_retryable_errors raise subprocess.CalledProcessError(ret, cmd, output=out) subprocess.CalledProcessError: Command '['qubes-dom0-update', '--action=install', '--console', '-y', 'kernel-6.15.4-1.qubes.fc37.x86_64', 'kernel-devel-6.15.4-1.qubes.fc37.x86_64']' returned non-zero exit status 1.