I have a fresh installation of Proxmox. I found this [blog post](https://bitgrounds.tech/posts/proxmox-zfs-encryption/) which I followed, and by some miracle, I got everything to seemingly work. However, the author of the blog post has a different volume scheme going on.
The following is my volume scheme. mount-zfs consists of two NVMe drives (mirror-0) that I use for Docker. tank consists of four HDDs (raidz2) that are used for media. This is what I'm seeing after setting up the encryption.
Based off the blog, the author says "encryption is inherited to child datasets" and you don't need perform this for all the datasets contained in our pool. I got curious and ran zfs destroy tank (there's nothing currently on there) and I was met with a prompt stating it couldn't destroy it since said operation doesn't apply to pools. It then prompted the recursive tag to destroy all datasets in said pool, followed by one to use zpool destroy tank to destroy the pool itself. I decided to quit while I was still ahead.
My main question is, going off what the blog says, does this mean I don't need to touch mount-zfs and tank, since the encryption will be "inherited", or does that only apply to ones that are within rpool itself? I have a hard time believing it's going to cover encryption for those too. Also, would destroying the pool, then using zfs create to generate the new dataset be all I have to do if I do need to set up encryption? If you have any questions or need clarification lmk.
The following is my volume scheme. mount-zfs consists of two NVMe drives (mirror-0) that I use for Docker. tank consists of four HDDs (raidz2) that are used for media. This is what I'm seeing after setting up the encryption.
Based off the blog, the author says "encryption is inherited to child datasets" and you don't need perform this for all the datasets contained in our pool. I got curious and ran zfs destroy tank (there's nothing currently on there) and I was met with a prompt stating it couldn't destroy it since said operation doesn't apply to pools. It then prompted the recursive tag to destroy all datasets in said pool, followed by one to use zpool destroy tank to destroy the pool itself. I decided to quit while I was still ahead.
My main question is, going off what the blog says, does this mean I don't need to touch mount-zfs and tank, since the encryption will be "inherited", or does that only apply to ones that are within rpool itself? I have a hard time believing it's going to cover encryption for those too. Also, would destroying the pool, then using zfs create to generate the new dataset be all I have to do if I do need to set up encryption? If you have any questions or need clarification lmk.
Last edited: