TrueNAS Scale for Noobs like me

[raskitoma]

Well, reporting that my previous APP disk decided to die... so I have to move all files and got a proper App pool with 3 SSD disks.

Right now I'm moving everything (rsyncing actually) and I hope, after editing mount points here and there, that everything will work as it nothing happened.

I will update this post with my results.

Anyway, this is just to ley you know guys that I have, right now, the experience on how to move apps between pools and migrating data to keep things transparent to end users

 

[ornias]

I wish the default UID/GID was configurable. All my existing data is owned by 1000/1000 which is the user on my self-built NAS/docker server. I replicate the data back and forth. So I run the apps that are going to need access to the data with that UID/GID combo.

And because I'm lazy, I leave the ones that don't need access to that data as 568.

Currently iX is reworking the code behind the "big blue button" for docker containers, previously that button and the Apps used 2 seperate codepaths, which made it hard to maintain, next version this would be one codepath for both. I'm pretty sure adding (pod)SecurityContext (to set UID and GID on native k8s) is on the agenda afterwards.
If those changes are merged it's about 5 hours of work to copy pasta from TrueCharts and thoroughly test.

But it would be silly to implement it during a refactor ;-)

Well, linuxserver.io has multiple docker containers ready with easy config path folders, UID/GID as 1000, etc. Also if you can't find an image there you can build your own starting with one you found there.

Please, try to evade linuxserver.io containers on k8s like the plague.
They are nice for home use or docker-compose, but they f'ed up terribly because they can't support native k8s methods of setting user, groups and permissions.

Let me explain why this is such a big issue:
1. k8s permissions, never booted a container as root. The whole pod is started as a limited user (which is more secure)
2. k8s permissions allow for multiple groups to be set for a user
3. k8s permissions autmatically handle the permissions for your PVC storage out-of-the-box, which does not have to be the same group that runs the container either (super neat)
4. If you want access to attached devices, k8s allows you to use those additional groups to give a container-user just access to those devicegroups. LSIO needs to be started as root and demands to handle it themselves.
5. All those steps to handle things themselves, create a needlessly complicated container (aka bloat)


For most containers I can advice to use the k8s-at-home container variants, which are build with k8s in mind. (which we also use for TrueCharts :) )


Why is the above rant relevant?
Using security context, one would have a number of options to handle this:
1. Set your own uid and gid as the one running the application instead of 568
2. Add your own GID as additional group to just grant access
3. Set your own GID as storage group

---

To be clear @bodly 568 is NOT the default user running your applications!
It's just an added blank-slate users appbuilders and users CAN use for their applications!

So changing it's id, does nothing. because it isn't used by default. It's just a convenience number/name combo.
k8s doesn't work with usersnames anyway, it uses the UID and GID. So the default user is just for optics and convenience if someone want to use it, if you don't want to it isn't used*

*note: We at TrueCharts default to 568 which shows as the apps user. However: we (or rather: k8s) don't actually use it, it just creates a nice name for that number.

 

[leckyBill]

I'm really happy to see that you have an easy way to list all containers, even those that I have installed using docker-compose command or portainer stack, etc.

How do you use portainer and docker-compose? I am coming from OMV which uses portainer and it is really easy. I'm a home user and really don't get all the k8s stuff, it seems to overcomplicate...

 

[ornias]

How do you use portainer and docker-compose? I am coming from OMV which uses portainer and it is really easy. I'm a home user and really don't get all the k8s stuff, it seems to overcomplicate...

Unless you want to run something unsupported, might break stuff and can't file bugreports if something breaks, you shouldn't use portainer to manage containers on SCALE...

 

[leckyBill]

Unless you want to run something unsupported, might break stuff and can't file bugreports if something breaks, you shouldn't use portainer to manage containers on SCALE...

I read this in the SCALE Developer Notes:

• SCALE allows Kubernetes to be disabled. The user will then have access to the native container services within Debian. This will include Docker, LXC (Q1 2021) or any other Kubernetes distribution. There will be a Container Storage Interface (CSI) that can couple the container services with the SCALE storage capabilities. Users can script these capabilities and then use 3rd-party tools like Portainer to manage them. This approach can be used in SCALE 20.10 and later.

just can't find and info on how to do it...

 

[silverback]

I read this in the SCALE Developer Notes:

• SCALE allows Kubernetes to be disabled. The user will then have access to the native container services within Debian. This will include Docker, LXC (Q1 2021) or any other Kubernetes distribution. There will be a Container Storage Interface (CSI) that can couple the container services with the SCALE storage capabilities. Users can script these capabilities and then use 3rd-party tools like Portainer to manage them. This approach can be used in SCALE 20.10 and later.

just can't find and info on how to do it...

I believe if you unset the App pool or if you delete the ix-applications dataset it will not start kubernetes and you can use docker from the terminal.
It is not supported in the latest alpha and the firewall may block connections. I know you can run Portainer unfettered in TrueNAS-SCALE-20.10-ALPHA until the GUI is more developed.

 

[ornias]

I read this in the SCALE Developer Notes:

just can't find and info on how to do it...

To be clear:
"Allowed" does NOT mean the same as "supported", just that it isn't actively prevented by iX systems.

I believe if you unset the App pool or if you delete the ix-applications dataset it will not start kubernetes and you can use docker from the terminal.

That has basically nothing to do with enabling docker and is actually not really smart because it skips over a lot of tweaking iX has done on the docker stack.

Short step-by-step:
- Go to apps and DO select an App pool
- go to the shell
- nano /etc/docker/daemon.json
- change "iptables" to "true"

This does not neatly persist on reboot, but does enable:
- Full docker support, including compose and networking
- Makes sure all tweaking iX has done is applied correctly (which prevents bugs in the future)
- Doesn't store a ton of docker containers on your boot-pool (uses the app pool instead)

I've run like this, including full docker-compose networkstack since 20.10 including 21.04

the firewall may block connections.

Will do so by default, because by default it doesn't set the required entries to use full docker networking.

I know you can run Portainer

Yes you can run it.
However: In stark contrast with other tools of a similair nature (for example: gitops tools like Flux or ArgoCD) it, by default, grants the user access to use it to manage special config iX has done and, by accident, break things that are not automatically repaired when upgrading (which may lead to decreased relyability in the future).

Why it is possible to use portainer as an "overview" tool, one needs to be very carefull.

 

[Jip-Hop]

Currently I'm running Docker and Portainer with a custom script which runs on boot. Seems to work fine. It overwrites the
Docker daemon.json file (only if contents are different) with custom settings to enable iptables and use of the default bridge network and it uses another data-root. Would love for this (just Docker, no Kubernetes) to be officially supported.

 

[Chris Ariyo]

Hi guys,

First of all, sorry for any typo or error, english is not my first language (spanish is)

I just switched from TrueNAS Core to SCALE. The idea was to take advantage of all the features that comes when you're using docker instead of jails(I love jails btw)

Hardware: Just see my signature... everything is there

Version: TrueNAS-SCALE-21.06-BETA.1

*** Update may 4th
I'm really happy to see that you have an easy way to list all containers, even those that I have installed using docker-compose command or portainer stack, etc.

The gui update is really neat, but I must say, the cron options are better and makes more sense in the new section!

So right now I have a full working setup with: (I will always update this list accordingly)

Show : See the full list of services

• Plex Media Server for media (migrated all the tiles/metadata/user_accounts/user_stats from the jail to the docker!!! created from scratch using Launch Docker Image button) - I'm already a PlexPass user
• Jellyfin just for fun... it's nice to try something new as it does mostly the same as Plex, but for free. I'm using it as an alternative for media and for iptv manage (recording, etc. It's much better for this than Plex)
• XTEVE with xml auto updater (using Schedules Direct) Moved to another machine dedicated for this
• dizqueTV - Put some series I have in Plex with commercials and created my own TV-Channel (this is actually fun when you see it working) Moved to the same machine as xteve
• YACReader for Comics
• Calibre and Calibre-Web for Books
• Subsonic for music
• Ombi for requests
• Sonarr/Radarr/Lidarr/Bazarr/Mylar/LazyLibrarian for media management
• Jackett with Flaresolver
• Deluge
• Handbrake for autoenconding and optimization using HEVC
• Tautulli for Plex stats
• Nextcloud (not using the template provided by IX)
• MineOS with 2 instances running move this to another machine
• 2 Valheim dedicated server instances got rid of those... I'm not playing anymore... lol
• Resilio Sync
• Wordpress
• Papermerge for doc organization (receipts, scans, etc)
• Chevereto image gallery Not using it anymore!
• MySQL, PostgreSQL, Mongo and Redis
• HASS - Home automation Moved to a raspberry pi 3 the same machine where xteve is located I have with pihole and smokeping
• Caddy - to manage redirects, proxy reverse, auth, etc.
• GoDaddyddns to auto register dynamic ip with domain
• Netbootxyz
• Doublecommander not using anymore, also was for testing purposes only... too dangerous to keep this alive!
• Sqlite editor
• webtop for testing
• remmina (rdp/vnc web browser client)
• Kimai2 for time tracking - this is specially useful for remote working
• Organizr Not using it anymore!
• Portainer for monitoring and testing(I'm not gonna ever use it for deploy anything I'm actually using it as an easy way to manage containers)
• Netdata for monitoring.
• APCUPSD (Moved to other machine(where xteve is), I didn't have time to deal with recompiling Maxlinear drivers)
• WikiJS
• 1 small monero mining instances activated via cron to run on specific times.
• Multiple telegraf instances to fill up an...
• influx db
• Grafana instance
• Graylog
• Appsmith
• Machinaris, but I installed it using docker-compose, not the one our great guys from Truenas provided... I haven't saw it before... sorry!
• Folding@Home - 1 cpu, low power... Just to help with disease investigation efforts
• liquidctl - To control Corsair Pump and Fans via docker

Also, I was able to setup a cloud sync with OneDrive to backup all the config files, etc.

My idea is to share my experience with all the migration, docker setups, etc. Even if a solution has been made available, sometimes for noobs it is really hard to find. Also most of the times people just want a simple explanation of how to do things. (For example how to solve many things on Caddy!)

So well guys, I'm gonna try to be available and read this post as much as I can so I can help you with any questions.

See ya!

Hello,

Can you shed some light on how you configured your caddy to work with nextcloud.

thanks,
Chris

 

[raskitoma]

Hello,

Can you shed some light on how you configured your caddy to work with nextcloud.

thanks,
Chris

Sure man! I'm using to do a lot of reverse proxy and also to have SSL on my websites with free certificates.

First of all you should have a running instance of Nextcloud. I suggest you to assing it a ip, but I think it's not required.

Also you should have your DNS already configured. In my case, I have added a CNAME record, pointing to @, with 1h TTL and the name is "nextcloud"

Next, your Caddyfile should look like this:

Code:

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace the line below with your
# domain name.

# This is to auto redir requests to https
www.yourdomain.com {
    redir https://yourdomain.com{uri}
}

# This is for your default website (you can omit this and point to your nextcloud instance)
yourdomain.com {
# Basic reverse proxy
    reverse_proxy wordpress_ip:80 {
        header_up Host {http.request.host}
        header_up X-Real-IP {http.request.remote.host}
        header_up X-Forwarded-Proto https
    }
# Header to increase security
    header {
        Strict-Transport-Security "max-age=31536000;"
        Server "YourServer";
        X-Powered-By "Maybe Air?";
        Expect-CT "max-age=31536000;"
        Content-Security-Policy "default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'";
        X-Permitted-Cross-Domain-Policies "none";
        Feature-Policy "autoplay *; camera *; document-domain *; encrypted-media *; fullscreen *; geolocation *; microphone *; midi *; payment *;"
        Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=*, camera=(), document-domain=*, encrypted-media=*, fullscreen=*, geolocation=*, gyroscope=*, microphone=(), midi=(), payment=()";
        Referrer-Policy "no-referrer-when-downgrade"
        X-XSS-Protection "1; mode=block"
        X-Frame-Options "SAMEORIGIN"
        X-Content-Type-Options "nosniff"
    }
}

# This is for Nextcloud
nextcloud.yourdomain.com {
    reverse_proxy nextcloud_ip:80 {
        header_up Host {http.request.host}
        header_up X-Real-IP {http.request.remote.host}
        header_up X-Forwarded-Proto https
    }
    header {
        Strict-Transport-Security "max-age=31536000;"
        Expect-CT "max-age=31536000;"
        Referrer-Policy "no-referrer-when-downgrade"
        X-XSS-Protection "1; mode=block"
        Server "Your Server";
        X-Powered-By "Maybe Air?";
        Feature-Policy "autoplay *; camera *; document-domain *; encrypted-media *; fullscreen *; geolocation *; microphone *; midi *; payment *;"
        Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=*, camera=(), document-domain=*, encrypted-media=*, fullscreen=*, geolocation=*, gyroscope=*, microphone=(), midi=(), payment=()";
        Content-Security-Policy "default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'";
    }
# Redirect configuration to comply with nextcloud
    redir /.well-known/carddav https://nextcloud.yourdomain.com/remote.php/dav
    redir /.well-known/caldav https://nextcloud.yourdomain.com/remote.php/dav
}

As you can see I added how my website is configured, the header options are optional, but those gives you a little extra security. In the nextcloud section you can find the redirect so the cardav and caldav works as expected.

You can use the same config to add other services like WikiJS, etc.

 

[Rudi Pittman]

Hi guys,

First of all, sorry for any typo or error, english is not my first language (spanish is)

I just switched from TrueNAS Core to SCALE. The idea was to take advantage of all the features that comes when you're using docker instead of jails(I love jails btw)

Hardware: Just see my signature... everything is there

Version: TrueNAS-SCALE-21.06-BETA.1

*** Update may 4th
I'm really happy to see that you have an easy way to list all containers, even those that I have installed using docker-compose command or portainer stack, etc.

The gui update is really neat, but I must say, the cron options are better and makes more sense in the new section!

So right now I have a full working setup with: (I will always update this list accordingly)

Show : See the full list of services

• Plex Media Server for media (migrated all the tiles/metadata/user_accounts/user_stats from the jail to the docker!!! created from scratch using Launch Docker Image button) - I'm already a PlexPass user
• Jellyfin just for fun... it's nice to try something new as it does mostly the same as Plex, but for free. I'm using it as an alternative for media and for iptv manage (recording, etc. It's much better for this than Plex)
• XTEVE with xml auto updater (using Schedules Direct) Moved to another machine dedicated for this
• dizqueTV - Put some series I have in Plex with commercials and created my own TV-Channel (this is actually fun when you see it working) Moved to the same machine as xteve
• YACReader for Comics
• Calibre and Calibre-Web for Books
• Subsonic for music
• Ombi for requests
• Sonarr/Radarr/Lidarr/Bazarr/Mylar/LazyLibrarian for media management
• Jackett with Flaresolver
• Deluge
• Handbrake for autoenconding and optimization using HEVC
• Tautulli for Plex stats
• Nextcloud (not using the template provided by IX)
• MineOS with 2 instances running move this to another machine
• 2 Valheim dedicated server instances got rid of those... I'm not playing anymore... lol
• Resilio Sync
• Wordpress
• Papermerge for doc organization (receipts, scans, etc)
• Chevereto image gallery Not using it anymore!
• MySQL, PostgreSQL, Mongo and Redis
• HASS - Home automation Moved to a raspberry pi 3 the same machine where xteve is located I have with pihole and smokeping
• Caddy - to manage redirects, proxy reverse, auth, etc.
• GoDaddyddns to auto register dynamic ip with domain
• Netbootxyz
• Doublecommander not using anymore, also was for testing purposes only... too dangerous to keep this alive!
• Sqlite editor
• webtop for testing
• remmina (rdp/vnc web browser client)
• Kimai2 for time tracking - this is specially useful for remote working
• Organizr Not using it anymore!
• Portainer for monitoring and testing(I'm not gonna ever use it for deploy anything I'm actually using it as an easy way to manage containers)
• Netdata for monitoring.
• APCUPSD (Moved to other machine(where xteve is), I didn't have time to deal with recompiling Maxlinear drivers)
• WikiJS
• 1 small monero mining instances activated via cron to run on specific times.
• Multiple telegraf instances to fill up an...
• influx db
• Grafana instance
• Graylog
• Appsmith
• Machinaris, but I installed it using docker-compose, not the one our great guys from Truenas provided... I haven't saw it before... sorry!
• Folding@Home - 1 cpu, low power... Just to help with disease investigation efforts
• liquidctl - To control Corsair Pump and Fans via docker

Also, I was able to setup a cloud sync with OneDrive to backup all the config files, etc.

My idea is to share my experience with all the migration, docker setups, etc. Even if a solution has been made available, sometimes for noobs it is really hard to find. Also most of the times people just want a simple explanation of how to do things. (For example how to solve many things on Caddy!)

So well guys, I'm gonna try to be available and read this post as much as I can so I can help you with any questions.

See ya!

Thanks for all this! I found the info very valuable but of course now I have a ton of questions...where to begin....do you have any kind of walkthrough for creating a docker container including the dataset creation portion which is what has me confused. I'm unsure where to create anything to keep in sync with the containers I already have(plex, sabnzbd, tautulli, transmission). I'd really like to get transmission-openvpn working but it has a ton of parms that have to be passed in and is complicated on it's own. It also provides an http proxy which lets you route traffic from your other services through the vpn while normal traffic can bypass it) I'm familiar with portainer but it's not in the list of charts so once I understand the manual flow I think I'd be alright.

1) What exactly does jellyfin do better? I have plex with plexpass and I use their dvr with hdhomerun tuners so I'd like to know if it would be worth installing jellyfin.
2) I noticed everyone uses the Sonarr, Lidarr etc family of packages...does no one like Medusa, Couchpotato etc? What are the advantages (other then easy setup with truecharts)?
3) Are you tying handbrake into plex, if so how? If not, where are you using it and specifically I'm interested in the hevc.
4) Papermerge, netbootxyz are now on my to-do list. Thank you. (Any details on process to add these?)
5) What are you using instead of Organizr or is the built in management sufficient?
6) APCUPSD - was the recompiling specific to you or required in general? I have an APC ups on the nas and would like it to handle things (and stop all that beeping if nothing else)
7) While I'm "Pie in the sky'ing it" are you aware of a local instance ifttt replacement that doesn't require your ip to be exposed to internet? I'm behind multiple nat's and unless I can setup a "virtual lan" for my devices/pc's I'm stuck.

Thanks again for the wealth of info!

 

[Chris Ariyo]

Sure man! I'm using to do a lot of reverse proxy and also to have SSL on my websites with free certificates.

First of all you should have a running instance of Nextcloud. I suggest you to assing it a ip, but I think it's not required.

Also you should have your DNS already configured. In my case, I have added a CNAME record, pointing to @, with 1h TTL and the name is "nextcloud"

Next, your Caddyfile should look like this:

Code:

# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace the line below with your
# domain name.

# This is to auto redir requests to https
www.yourdomain.com {
    redir https://yourdomain.com{uri}
}

# This is for your default website (you can omit this and point to your nextcloud instance)
yourdomain.com {
# Basic reverse proxy
    reverse_proxy wordpress_ip:80 {
        header_up Host {http.request.host}
        header_up X-Real-IP {http.request.remote.host}
        header_up X-Forwarded-Proto https
    }
# Header to increase security
    header {
        Strict-Transport-Security "max-age=31536000;"
        Server "YourServer";
        X-Powered-By "Maybe Air?";
        Expect-CT "max-age=31536000;"
        Content-Security-Policy "default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'";
        X-Permitted-Cross-Domain-Policies "none";
        Feature-Policy "autoplay *; camera *; document-domain *; encrypted-media *; fullscreen *; geolocation *; microphone *; midi *; payment *;"
        Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=*, camera=(), document-domain=*, encrypted-media=*, fullscreen=*, geolocation=*, gyroscope=*, microphone=(), midi=(), payment=()";
        Referrer-Policy "no-referrer-when-downgrade"
        X-XSS-Protection "1; mode=block"
        X-Frame-Options "SAMEORIGIN"
        X-Content-Type-Options "nosniff"
    }
}

# This is for Nextcloud
nextcloud.yourdomain.com {
    reverse_proxy nextcloud_ip:80 {
        header_up Host {http.request.host}
        header_up X-Real-IP {http.request.remote.host}
        header_up X-Forwarded-Proto https
    }
    header {
        Strict-Transport-Security "max-age=31536000;"
        Expect-CT "max-age=31536000;"
        Referrer-Policy "no-referrer-when-downgrade"
        X-XSS-Protection "1; mode=block"
        Server "Your Server";
        X-Powered-By "Maybe Air?";
        Feature-Policy "autoplay *; camera *; document-domain *; encrypted-media *; fullscreen *; geolocation *; microphone *; midi *; payment *;"
        Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=*, camera=(), document-domain=*, encrypted-media=*, fullscreen=*, geolocation=*, gyroscope=*, microphone=(), midi=(), payment=()";
        Content-Security-Policy "default-src * data:; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'";
    }
# Redirect configuration to comply with nextcloud
    redir /.well-known/carddav https://nextcloud.yourdomain.com/remote.php/dav
    redir /.well-known/caldav https://nextcloud.yourdomain.com/remote.php/dav
}

As you can see I added how my website is configured, the header options are optional, but those gives you a little extra security. In the nextcloud section you can find the redirect so the cardav and caldav works as expected.

You can use the same config to add other services like WikiJS, etc.

Thanks. Will try it on my system.

 

[raskitoma]

Thanks for all this! I found the info very valuable but of course now I have a ton of questions...where to begin....do you have any kind of walkthrough for creating a docker container including the dataset creation portion which is what has me confused. I'm unsure where to create anything to keep in sync with the containers I already have(plex, sabnzbd, tautulli, transmission). I'd really like to get transmission-openvpn working but it has a ton of parms that have to be passed in and is complicated on it's own. It also provides an http proxy which lets you route traffic from your other services through the vpn while normal traffic can bypass it) I'm familiar with portainer but it's not in the list of charts so once I understand the manual flow I think I'd be alright.

1) What exactly does jellyfin do better? I have plex with plexpass and I use their dvr with hdhomerun tuners so I'd like to know if it would be worth installing jellyfin.
2) I noticed everyone uses the Sonarr, Lidarr etc family of packages...does no one like Medusa, Couchpotato etc? What are the advantages (other then easy setup with truecharts)?
3) Are you tying handbrake into plex, if so how? If not, where are you using it and specifically I'm interested in the hevc.
4) Papermerge, netbootxyz are now on my to-do list. Thank you. (Any details on process to add these?)
5) What are you using instead of Organizr or is the built in management sufficient?
6) APCUPSD - was the recompiling specific to you or required in general? I have an APC ups on the nas and would like it to handle things (and stop all that beeping if nothing else)
7) While I'm "Pie in the sky'ing it" are you aware of a local instance ifttt replacement that doesn't require your ip to be exposed to internet? I'm behind multiple nat's and unless I can setup a "virtual lan" for my devices/pc's I'm stuck.

Thanks again for the wealth of info!

Well, I don't have a proper walkthrough, but if I have something, you can find it in my WikiJS installation (https://wiki.raskitoma.com). About the parameters, we can figure it out, just show me what you got, and then we can setup it for you.

About the set of questions:
1) I also have Plex with Plexpass. The only thing I think it does better could be with other videos integrations, like tutorials, music concert videos and so on. The other thing that I think is better, the dvr, not the dvr per se, but the tv viewing experience. I found some bugs and annoying things (like the guide navigation). I know the new version improves everything, but it doesn't fills up my expectations.
2) Don't know man... I started to use those ones and never tried the others.
3) When something finishes in deluge, it will be copied to a "copied" folder... it's the same "watch" folder in handbrake (using proper mounts in the docker config files). Handbrake will encode using HEVC, copying the result to the "output" folder... that folder should be the "complete" folder of Sonarr, Radarr, etc. The idea is to enable automatic enconding.
4) No other details than just following the docs, and btw, remember to have tftp enabled so netbootxyz works properly.
5) Nothing... I have a folder on my bookmarks, and also inside my network (I'm using pfSense) I have the DNS configured with easy names for all services.
6) It depends. If you can have access to the device, you don't need to do anything. I have all the things I had to do even when I was on TrueNAS Core in my wiki.
7) I don't know if I get it right (remember I'm lost in translation lol) but no... I'm not aware of an ifttt replacement. It would be excellent. Thank you for giving me something else to research. If I found something, take for sure I will post it here.

 

[Rudi Pittman]

Well, I don't have a proper walkthrough, but if I have something, you can find it in my WikiJS installation (https://wikijs.raskitoma.com). About the parameters, we can figure it out, just show me what you got, and then we can setup it for you.

About the set of questions:
1) I also have Plex with Plexpass. The only thing I think it does better could be with other videos integrations, like tutorials, music concert videos and so on. The other thing that I think is better, the dvr, not the dvr per se, but the tv viewing experience. I found some bugs and annoying things (like the guide navigation). I know the new version improves everything, but it doesn't fills up my expectations.
2) Don't know man... I started to use those ones and never tried the others.
3) When something finishes in deluge, it will be copied to a "copied" folder... it's the same "watch" folder in handbrake (using proper mounts in the docker config files). Handbrake will encode using HEVC, copying the result to the "output" folder... that folder should be the "complete" folder of Sonarr, Radarr, etc. The idea is to enable automatic enconding.
4) No other details than just following the docs, and btw, remember to have tftp enabled so netbootxyz works properly.
5) Nothing... I have a folder on my bookmarks, and also inside my network (I'm using pfSense) I have the DNS configured with easy names for all services.
6) It depends. If you can have access to the device, you don't need to do anything. I have all the things I had to do even when I was on TrueNAS Core in my wiki.
7) I don't know if I get it right (remember I'm lost in translation lol) but no... I'm not aware of an ifttt replacement. It would be excellent. Thank you for giving me something else to research. If I found something, take for sure I will post it here.

I'm unable to get to your wikijs instance. The dns does not resolve. You don't use deluge with a vpn? The big thing I had going on old system was transmission-openvpn docker image.....you specified your vpn provider in a parm among others and also whether you wanted a http proxy enabled which then could be used by your other services. I wouldn't mind switching to deluge to accomplish same thing but the "deluge openvpn" docker is looking for a new maintainer (they now manage a deluge-pia container) and I have not seen any method to run the torrent client with a kill switch so it will ONLY work through the vpn. Have you tried plexamp (android app) with plex for music? It's quite configurable.

 

[raskitoma]

I'm unable to get to your wikijs instance. The dns does not resolve. You don't use deluge with a vpn? The big thing I had going on old system was transmission-openvpn docker image.....you specified your vpn provider in a parm among others and also whether you wanted a http proxy enabled which then could be used by your other services. I wouldn't mind switching to deluge to accomplish same thing but the "deluge openvpn" docker is looking for a new maintainer (they now manage a deluge-pia container) and I have not seen any method to run the torrent client with a kill switch so it will ONLY work through the vpn. Have you tried plexamp (android app) with plex for music? It's quite configurable.

My bad, is https://wiki.raskitoma.com

I had to use deluge because it supports plugins and there are auto decompression, copy-complete(once a torrent is done, it copies itself to the "copied" folder with label) and labels. I assume we can use or tweak the config, but if you don't use it, you can still keep transmission

 

[Rudi Pittman]

My bad, is https://wiki.raskitoma.com

I had to use deluge because it supports plugins and there are auto decompression, copy-complete(once a torrent is done, it copies itself to the "copied" folder with label) and labels. I assume we can use or tweak the config, but if you don't use it, you can still keep transmission

I'm gonna give deluge a look but will also be looking at "flood" which is apparently a frontend to deluge, transmission and a few others that adds some additional features. I just need a working torrent + vpn combo.

 

[RidJuan]

I'm very much a noob, running TrueNAS-SCALE-21.08-BETA.1 and somehow managed to install Plex successfully after a few hours. What I can't really wrap my head around or understand is how to correctly apply/enable permissions for apps. So the problem I am facing right now is trying to give Sonarr access to my "Media" dataset. So even if I try to run Sonarr with the ID of 1000 I can't access the datashare through the /mnt folder which appears blank on the Sonarr web interface. My user with ID of 1000 has perms for everything, so I'm not sure where I am going wrong here. Help from anyone would be great!

Also another question I have is for the type of storage function, I don't really understand the difference between PVC and hostPath?

 

[truecharts]

I'm very much a noob, running TrueNAS-SCALE-21.08-BETA.1 and somehow managed to install Plex successfully after a few hours. What I can't really wrap my head around or understand is how to correctly apply/enable permissions for apps. So the problem I am facing right now is trying to give Sonarr access to my "Media" dataset. So even if I try to run Sonarr with the ID of 1000 I can't access the datashare through the /mnt folder which appears blank on the Sonarr web interface. My user with ID of 1000 has perms for everything, so I'm not sure where I am going wrong here. Help from anyone would be great!

Also another question I have is for the type of storage function, I don't really understand the difference between PVC and hostPath?

Hello, in case you use our catalog TrueCharts or you can start using it now, you can reach us on our Discord server, where you can show us what configuration you have made already and try to figure it out.

Thanks
SK

 

[raskitoma]

I'm very much a noob, running TrueNAS-SCALE-21.08-BETA.1 and somehow managed to install Plex successfully after a few hours. What I can't really wrap my head around or understand is how to correctly apply/enable permissions for apps. So the problem I am facing right now is trying to give Sonarr access to my "Media" dataset. So even if I try to run Sonarr with the ID of 1000 I can't access the datashare through the /mnt folder which appears blank on the Sonarr web interface. My user with ID of 1000 has perms for everything, so I'm not sure where I am going wrong here. Help from anyone would be great!

Also another question I have is for the type of storage function, I don't really understand the difference between PVC and hostPath?

The best way IMO to handle this situation (even when I was on TrueNAS CORE) is to create in TrueNAS a group and users with the ids required and set those permissions to the datasets.

For example, I have multiple pools with datasets. I have a dataset for torrent handling(download, etc), a dataset for media files, a dataset for samba shares, etc.

Next thing is get the user ids that your apps are using. Most of the docker containers could use the 1000:1000 combo, but if it not the case, you should try to figure out what user id is your container using with:

Code:

docker exec -it {container_name} bash

and then inside the docker type id. Take note of those ids, and next create users with matching ids inside TrueNAS.

Create your groups (I have plexmedia with 1000 and sambaman with 1001), and assign the users you created before to those groups.

Next, go to your pools configuration and set group ownership to the actual DATASETS, not the pools. Change the permissions: rwx for owner, rw for group(maybe x, it's not needed) and read only to everyone... something like 765 or 775

That's the way I did on the old TrueNAS with jails, that's how I handled it and it worked. Nowadays should work the same, it's basically unix permissions logic.

Hope this helps!

 

[RidJuan]

The best way IMO to handle this situation (even when I was on TrueNAS CORE) is to create in TrueNAS a group and users with the ids required and set those permissions to the datasets.

For example, I have multiple pools with datasets. I have a dataset for torrent handling(download, etc), a dataset for media files, a dataset for samba shares, etc.

Next thing is get the user ids that your apps are using. Most of the docker containers could use the 1000:1000 combo, but if it not the case, you should try to figure out what user id is your container using with:

Code:

docker exec -it {container_name} bash

and then inside the docker type id. Take note of those ids, and next create users with matching ids inside TrueNAS.

Create your groups (I have plexmedia with 1000 and sambaman with 1001), and assign the users you created before to those groups.

Next, go to your pools configuration and set group ownership to the actual DATASETS, not the pools. Change the permissions: rwx for owner, rw for group(maybe x, it's not needed) and read only to everyone... something like 765 or 775

That's the way I did on the old TrueNAS with jails, that's how I handled it and it worked. Nowadays should work the same, it's basically unix permissions logic.

Hope this helps!

After a few days, a lot of head scratching I managed to sort it out. I hope it's just not me failing to understand, but in hindsight it seems very easy setting up these apps. Thanks for your help, put me on the right track!