bojanzelic.zfs_datasets

This playbook and role let you create a list of encrypted ZFS datasets.

I used this for my Proxmox setup, but it works in any ZFS environment.

Encryption happens by loading the encryption key into ZFS. The playbook then attempts to mount the dataset.

Since the dataset is encrypted, you will need to run the playbook again after rebooting your server to mount the dataset.

Installing

Clone this repository into your roles directory:

git clone [email protected]:BojanZelic/ansible-zfs-encrypted-datasets.git roles/bojanzelic.zfs_datasets

Alternatively, you can install it using:

ansible-galaxy install bojanzelic.zfs_datasets 

Be aware of any prerequisites that may not be included with Ansible or this role. For example, if the role uses the EC2 module, you should mention that the boto package is required.

Role Variables

You need to provide the encryption key as an environmental variable called ZFS_KEY.

Example Playbook

- hosts: all
  roles:
    - role: bojanzelic.zfs_datasets
      zfs_key: "{{ lookup('env','ZFS_KEY') }}"
      zfs_datasources:
        rpool:
          state: present
        rpool/backups:
          encrypted: true
          extra_zfs_properties:
            sharenfs: rw=@192.168.1.1/24
        rpool/documents:
          encrypted: true
        rpool/personal_media:
          state: present
        rpool/media:
          state: present

License

GNU General Public License v3.0

Author Information

You can contact me at https://bojan.zelic.io