Recommended way to install proxmox on ZFS with encryption with autodecryption

[esi_y]

Ok i got luks keys working with help of this
https://unix.stackexchange.com/ques...d-debian-root-with-key-file-on-boot-partition

This is somehow overkill, it works with keyscripts, e.g.:

# this does not work (in initramfs):
# sdb1_crypt UUID=65fce98c-7240-4495-9622-f334c8b79c57 /boot/my.key luks

# but this does
sdb1_crypt UUID=9dc95441-91f0-4614-85eb-ee152b1a9cfc none discard,luks,keyscript=/boot/luks/ppscript.sh

Now of course if all you want to do is echo / cat another file within the script, up to you.

EDIT: ok i've added initramfs option to both crypttab entries and this time both drives are decrypted at initramfs stage. I didn't know about this option, i must read about it more.

This is should not be necessary. Maybe you ran into this?
https://unix.stackexchange.com/a/736089

EDIT2: Ok it seems like BTRFS need special kernel parameter to behave such way. Which is somewhat reasonable ...
https://forum.proxmox.com/threads/btrfs-raid1-totally-useless.124075/

This is the same for mdadm. I personally prefer (with a regular machine) not to boot on a degraded array automatically - it forces you to act. It's a recovery situation in my view, handled manually.