tl;dr: at this point, unless you have a strong aversion to Linux or preference for FreeBSD, SCALE. It’s been the near-exclusive focus of iX’ development efforts for 3+ years[1], and there’s no sign of that changing. For more, see:
Yes, they’re still working on CORE–in the sense of releasing 13.0 and its various patch releases, and theoretically getting 13.3 out in the next couple of months–but no significant new features have been added for years, and none are coming. ↩︎
@dan thanks, scale it is. how are you doing your apps? are there any constrains on using vms specific to truenas?
All of my apps except for Storj are from TrueCharts. I run them on their own pool consisting of two 2 TB NVMe SSDs, mirrored.
I’ve done very little with VMs on TrueNAS; that’s what I have a Proxmox cluster for.
If you’re used to installing your apps, you may want to look into jailmaker as a lighter alternative to VMs.
Especially since there is overhead with kubernets.
thank you all for your inputs. i guess I have food for thought for another week of research and then go hands-on. perhaps I can do a small lab with esxi to experiment a bit
Bigger issue is usually home users do not have much for a perimeter device, but their ISP’s router and thus little to no control over any type of filtering, geo blocks et cetera. And with how ISP routers can have exploits that are seldom quickly patched, opens things up to more potential compromise.
So if you do run OPNSense, great, use the equivilent to pfblocker on pfsense, geo block as many country ranges as you can from inbound, and even outbound. Also set up block DNS requests so device on your network can only use your OPNSense for DNS. From there, you could use other plugins to monitor anything questionable, but that can get ugly fast!
My biggest concern is always, you are exposing your storage system and rest of your network to the internet, through various possible means vs hosting such a small app on AWS, or even something else that could be close to free or dirt cheap and you get better uptime vs a home connection.
My ISP forces updates on the firmware; the flip side is that I have no control over its hardware’s firmware, nor root access… jailbraking it is possible, but it’s a PIA and not really worth it imho.
Generally, if you run TrueNAS you should be aware of what your router does and does not, and spending some time learning about it would be a good investement; actually, everyone should spend some time in understanding the tech they bring into home, but…
In general, I feel there is a lack of awareness [in society] as well as little effort to improve this situation.
Update for future memory: Dedicated Nas up and running. Currently experimenting with proxmox on a separate box to host the VMs. Still pondering on either to virtualize opensense on proxmox or not…
@dan you mentioned you have chained pfsense and a opensense boxes. is this one baremetal and one virtualized? why both?
No, I have one router. It used to run pfSense; now it runs OPNsense and has for the past three years or so. I like the idea of putting two in parallel for high availability, but haven’t yet pulled the trigger on that.
