Comment by snailmailman

I’ve also been using ZFS native encryption on my machine. I wouldn’t describe it as flawless- but that’s mainly due to how nixos-unstable works.

There have been several times where the latest “stable” ZFS doesn’t support any of the newest kernels, and the “latest working” kernel goes EOL, and so nixos completely drops it.

And my options every time seem to be

-roll all the way back to latest “LTS” kernel. This sometimes breaks things.

-skip ahead to a beta release of ZFS (this isn’t always an option, and do I really want an unstable file system?)

-just don’t update for like a month and wait for new ZFS to release, supporting a newer kernel.

And there really isn’t a good option here. Theoretically there’s another option where I maybe keep using the EOL kernel version, and update the rest of my system normally, but I haven’t figured out how to configure that. So I just pick whichever option breaks the least amount of things each time. It’s definitely more of a ZFS issue than something NixOS-specific, but it’s annoying when I’m suddenly greeted with “That kernel version is EOL now.” And the update fails. And there is no easy way to ignore that and accept the risk of a slightly-outdated kernel.