kldload — your Linux construction kit

Storage & ZFS

ZFS on root. Every distro. Automatic. Identical.

Every kldload install creates the same ZFS dataset hierarchy. The pool layout, compression settings, snapshot policies, and mount points are identical across Debian, CentOS, Rocky, and RHEL. Switch distros and your ZFS muscle memory transfers completely.

Dataset layout

Dataset

Mount

Purpose

rpool

none

Pool root. Container only — never mounted directly.

rpool/ROOT/<host>

/

Active boot environment. Your running system. Snapshottable, cloneable, rollbackable.

rpool/home

/home

User homes. Separate dataset — survives root rollbacks. Each user gets their own child dataset automatically.

rpool/root

/root

Root user's home. Isolated from system root.

rpool/srv

/srv

Service data. Web roots, databases, app state. Snapshotted every 15 minutes.

rpool/var

/var

Variable data container. Isolated from root so log explosion can't fill the OS.

rpool/var/log

/var/log

Logs. Persists across root rollbacks — you can always see what happened.

rpool/var/cache

/var/cache

Package cache. Survives rollbacks so you don't re-download packages.

rpool/var/tmp

/var/tmp

Temporary files. Excluded from snapshots — no wasted space on temp data.

Why separate datasets? When you roll back the root filesystem, /home, /var/log, and /srv stay untouched. Your user data, your logs, and your service data survive the rollback. This is deliberate. Rolling back the OS shouldn't destroy your work.

Pool properties

compression=lz4

Transparent compression. Near-zero CPU overhead. Typically 1.5–2x space savings. Always on.

ashift=12

4K sector alignment. Matches modern disks. Set at pool creation, can't be changed.

autotrim=on

Automatic TRIM for SSDs. Keeps the drive informed about freed blocks.

acltype=posixacl

POSIX ACLs. Required for systemd and most Linux services.

xattr=sa

Store extended attributes in the inode. Faster than external files.

dnodesize=auto

Automatic dnode sizing. Lets ZFS optimize metadata storage per-file.

ZFS encryption

AES-256-GCM — native ZFS encryption

Optional at install time. Not LUKS, not dm-crypt — native ZFS encryption. Per-dataset. Hardware-accelerated on modern CPUs (AES-NI). Passphrase entered at ZFSBootMenu before the OS loads. Encrypted snapshots and replication work transparently (zfs send -w sends raw ciphertext).

Overhead: 5–15% for sequential I/O. Negligible for random I/O. Recovery: None. Forget the passphrase, lose the data. This is by design.

Replication

ZFS send/recv — block-level replication

Replicate datasets to any ZFS target: another kldload node, TrueNAS, any Linux with OpenZFS. Initial full send, then incremental (only changed blocks). Over SSH, over WireGuard, over anything.

# Full replication
zfs send -R rpool/srv@snap | ssh backup "zfs recv -F backup/srv"

# Incremental (only changes since last sync)
zfs send -R -I @old @new | ssh backup "zfs recv backup/srv"

# Encrypted replication (ciphertext only, receiver can't read)
zfs send -w rpool/srv@snap | ssh backup "zfs recv backup/srv"

← Platform ↑ Top