Backup Strategy
All backups originate from zpool0 on pve1-media. Snapshots are managed by sanoid and replicated by syncoid using ZFS send/receive.
Encrypted datasets (zpool0/family, zpool0/vault) are replicated with zfs send --raw so they remain encrypted at rest on backup targets — the backup disks never see plaintext data.
Backup Targets
| Target | Type | Location |
|---|---|---|
backup-local |
USB 3.0 portable HDD (5TB) | On-site — stored in a fire safe box at home |
backup-offsite |
USB 3.0 portable HDD (4TB) | Planned off-site at parents' place — currently still at home |
Both disks are identical replicas of each other. family and vault remain encrypted on both destinations (raw send). media is excluded except for media/music (irreplaceable lossless rips).
Tools
| Tool | Role |
|---|---|
| sanoid | Manages snapshot creation and retention policy on zpool0 |
| syncoid | Replicates snapshots to backup targets via ZFS send/receive |
Snapshot Policy
Replication
Syncoid replicates from zpool0 to each backup target. Raw send is used for encrypted datasets to preserve encryption on the destination.
# Example — encrypted dataset (raw send)
syncoid --sendoptions="w" zpool0/family backup-local/family
# Example — unencrypted dataset
syncoid zpool0/media backup-local/media