add section on decrypting and scrubbing pools

active/os_truenas/truenas.md

@@ -17,6 +17,8 @@
     - [Cleaning up old snapshots](#cleaning-up-old-snapshots)
     - [Creating and restoring snapshots](#creating-and-restoring-snapshots)
     - [Filesystem ACLs](#filesystem-acls)
+    - [Decrypting Pools](#decrypting-pools)
+    - [ZPool Scrubbing](#zpool-scrubbing)
   - [ISCSI](#iscsi)
     - [Create ZVOL](#create-zvol)
     - [Create ISCSI Target](#create-iscsi-target)
@@ -247,6 +249,42 @@ Dataset -> Dataset details (edit) -> Advanced Options -> ACL Type (inherit)
 setfacl -b -R /mnt/enc0/smb/media
 ```
 
+### Decrypting Pools
+
+Unlocking through the UI.
+
+We'll need to recreate the key manifest json. This is a little tedious, but
+your keys will be correct after this process.
+
+```bash
+# List all datasets and format them for json keys
+export LIST_DATASET=pool0/dcsi
+echo "{" && \
+for DATASET_PATH in $(sudo zfs list -r $LIST_DATASET -H -o name); do echo "    \"$DATASET_PATH\": \"key_here\","; done && \
+echo "}"
+
+# If the dataset's children have all the encryption keys
+# Note this generates the cat EOF commands to create the json files needed to unlock.
+export TL_DATASET=pool0
+for TL_DATASET_PATH in $(zfs list -r $TL_DATASET -H -o name -d 1); do \
+echo "cat <<EOF > dataset_${TL_DATASET_PATH}_key.json" && \
+echo "{" && \
+for DATASET_PATH in $(zfs list -r $TL_DATASET_PATH -H -o name); do echo "    \"$DATASET_PATH\": \"key_here\","; done && \
+echo "}" && \
+echo "EOF";
+done
+```
+
+### ZPool Scrubbing
+
+```bash
+# Start a scrub
+zpool scrub pool0
+
+# Check status
+zpool status pool0
+```
+
 ## ISCSI
 
 ### Create ZVOL