Sanoid on OPNsense

OpenZFS Sanoid
1

Hey everyone :waving_hand:

Has anyone here successfully installed Sanoid on OPNsense? I’m exploring options for automated ZFS snapshot management on my firewall box and wondering if it’s feasible or if there are any caveats I should know about.

Would love to hear:

  • If you got it working
  • Any tweaks or configs you had to make
  • Whether it’s stable in production

Thanks in advance!

1 Like
2

I don’t use OPNsense but this type of usage of Sanoid, on a appliance-type of system, is exactly why I built sanoid-portable.

It’s a fully portable, self-contained build of the Sanoid suite of tools. No need to install any packages or Perl dependencies. You just download it and run it, that’s it!

If you’re running it on an appliance like OPNsense (I’m running it on TrueNAS), I recommend downloading it to a user data directory (like your home directory) so that it doesn’t get blown away by updates to the operating system.

1 Like
3

Thank you @decoyjoe I’ll definitely take a look :eyes:!

4

Incidentally I just came here for a related question.

You know, no offense, but it’s difficult to download and run unknown binaries from GitHub.

Is there a way that I can convert sanoid bash script to a static binary like an go binary in Debian and copy it over to truenas (which is also based on Debian)?

5

You’re absolutely right, you shouldn’t blindly trust random binaries from GitHub. To help build some trust and be as transparent as possible, I’ve included a GitHub artifact attestation for the release binary that’s built and published with GitHub Actions. You can view that attestation from the project’s releases page. That way you can verify the provenance and be sure the published binary came directly from the build pipeline and not from some untrusted source.

Is there a way that I can convert sanoid bash script to a static binary like an go binary in Debian and copy it over to truenas (which is also based on Debian)?

That’s exactly what sanoid-portable does. It takes the sanoid script, the Perl runtime, and Perl dependencies and shoves them all into a single binary. Then you take that binary and run it wherever you need, Debian, TrueNAS, FreeBSD, etc… it’s platform agnostic.

If you would rather build that binary yourself rather than download it from GitHub, then I have instructions for that too in the README. It’s simply:

  1. Clone the repo onto a Debian-based system.
  2. Run ./init.sh
  3. Run ./build.sh
  4. Grab the binary from output/sanoid-portable
1 Like