I'm using zrepl to sync ZFS filesystems incrementally between servers.
I like the ability to incrementally send only the changes of an encrypted filesystem to a target server that never had the encryption key at anytime.
I'm using this to share backup space with my friends. We both push/pull our encrypted snapshot diffs every hour. I don't have my friends' keys so I can't read their data, and they can't read mine. In case of emergency, I can go to their place with my key, and recover my data from their systems.
Have you used sanoid/syncoid? I started my ZFS journey with a custom script and then switched to syncoid/sanoid (and some much simplified scripts) for my backup needs. One of my use cases is for Raspberry Pis which seem to have a habit of becoming unbootable. These are Pi 4Bs running from SATA/USB SSD or CM4s using NVME SSDs. I have scripts that use
* dd to copy the boot sector (to a ZFS filesystem)
* rsync to copy the boot (FAT32) and root (EXT4) partitions (also to a ZFS filesystem)
* syncoid to copy the ZFS filesystem to another host.
This process runs daily. When a system craps, it's pretty straightforward to restore the boot sector and boot and root partitions and finally the ZFS pool.
I'm curious zrepl does that might be useful for me.
I don't need to backup my boot sectors or root partitions since all my systems are provisioned. I can always re-create them with scripts, should any of them fail.
I'm only replicating the data filesystems.
From what I see, sanoid looks quite similar to zrepl. Both tools are probably able to achieve similar results.
I do feel that zrepl has more features so far, though. But hey, if your setup is working and your data is secure, that's the most important.
I like the ability to incrementally send only the changes of an encrypted filesystem to a target server that never had the encryption key at anytime.
I'm using this to share backup space with my friends. We both push/pull our encrypted snapshot diffs every hour. I don't have my friends' keys so I can't read their data, and they can't read mine. In case of emergency, I can go to their place with my key, and recover my data from their systems.