I hope that I am posting to the right category. My questions could spread across multiple categories, but this seems to be the best place.
I initially set up my server on TrueNAS Core. I upgraded to Scale and am now on Community version 25.10.3 - Goldeye. I have installed Nextcloud and Immich on my server and I have them both working. Right now I am trying to install 2 1TB SATA SSDs and plan to move my applications and their databases to the SSDs to get better performance. I have connected to SMB shares on both applications to bring in data. All of my data will remain on the HDDs.
My server is a TRUENAS-MINI-3.0-XL+. I have 2 drive arrays (4 4TB with most of my data and currently the applications, 4 2TB where I currently have a couple of VMs that I don’t really use). I will get rid of the second array and will use those bays to install my new SSDs in a mirror. When I bought this machine, I ordered it with 64GB of ram, so I should have plenty of capacity to run everything for a my 4-person family.
I ran a replication job to copy one dataset with iso files from the array I am decommissioning. The job worked, but I am not able to get it to share as an SMB share that is open to everyone. By open what I want is for any user on my LAN to be able to simply access the folder without having to authenticate. I have not set up any users on my NAS. Is that an issue? I am moving away from Windows to Linux, and 2 members of my family will only access this via Nextclod through a Cloudflare revers proxy.
In trouble shooting the ACL issue I have noticed that I have 3 other SMB shares that are open as I want them to be, but the ACL for each of them is different. That got me thinking that I should audit all of my permissions to make sure that I have them right, especially since I have multiple folders that are accessed by either Nextcloud or Immich. Can someone help me to figure out how to do that?
Also, can someone help me to plan for how this setup should be configured? I would like for most of my family’s data to be managed within Nextcloud. However, some of it is not owned by one person, but is something that should be accessed by all of us. In those cases what I have been doing is to leave that data in a share on the NAS and then connect it as external data. That seems to make it available in a folder to everyone in Nextcloud. Is this the best way to do what I am trying to do?
Thank you ahead of time for your help. I appreciate you taking time to read this long post and helping me with this issue.
Terrible business.
I’d strongly recommend to separate “Universes” like NextCloud, Samba, Immich to different VMs at least.
They contains a lots of surprises inside, but orchestration of this greek salad inside one TrueNas is a real challenge for very strong minds, and not for me definitely.
Please look ahead for some lenght of time, considering Truenas upgrades, sudden interruption of container support etc..
As was said: Thanks, but no thanks.
I am not sure I understand what you are suggesting. Each of the apps is an app that is supported within TrueNAS. And I believe that they are all containers, so I am running containers on the server. And I have dedicated datasets for each application. Or am I oversimplifying something? What you are suggesting sounds like you recommend dedicated hardware for each one? I don’t have that kind of hardware available. I do have a pretty beefy server that is able to handle this load for a 4-person family. What am I missing that would indicate that this is going to be too complicated to manage?
I think the caution here is fair, especially with Nextcloud and Immich. Both are more than “just another container,” since each brings databases, background workers, permissions, updates, and storage assumptions.
That said, I think there is an important distinction between:
- putting everything into one undifferentiated app/container pile, and
- running separate Compose stacks with separate datasets, separate databases, clear bind mounts, snapshots, and tested backup/restore paths.
The second approach can still keep the blast radius fairly controlled, even if the services live on the same TrueNAS host.
For something like Nextcloud + Immich, I would personally want:
- separate datasets for each application’s config/database/uploads
- no shared database unless there is a very specific reason
- clear ownership/permissions documented
- snapshots before upgrades
- database dumps included in the backup plan
- reverse proxy configuration kept separate from app data
- a tested restore procedure, not just “the files are on ZFS”
So I agree with the warning that these services should be treated as separate “universes.” I just would not say that automatically requires separate VMs in every case. Separate VMs are a stronger isolation boundary, but separate Compose stacks with disciplined storage and backup design can be a reasonable middle ground for a homelab.
The real mistake would be assuming that because TrueNAS can deploy the apps, the lifecycle/backup/upgrade plan is automatically solved.
1 Like
You’ve nailed this, bro.
As far as TrueNAS now supports VMs, I see an opportunity to achieve the declared goals while avoiding unnecessary risks.
What risks? I’ve observed the transformation of apps from jails to Kubernetes (k8s) to Docker (with side-steps to LXC), and it’s logical to predict this isn’t the final step.
With NC (e.g., Nextcloud), you’re expected to run it for years. However, there’s Immich and the implementation of SAMBA by iXSystems. All this chaotic environment needs separation, in my view.
