*update
hm i don’t think it worked for me
Running as unit: jlmkr-docker.service
root@xxxxx[~]# jlmkr shell docker
Connected to machine docker. Press ^] three times within 1s to exit session.
root@docker:~# ls
initial_startup
root@docker:~# dir
initial_startup
root@docker:~#
so many things to solve
so moving on for now to something i can actually do right now
you could move it’s data to another dataset, delete the dataset, and create a new one where you want it and with the name you want.
Then put the data back.
https://www.reddit.com/r/truenas/comments/14s012x/rename_a_dataset/
i am trying to redo a dataset to put encryption. the one method i saw was create a temporary dataset, transfer data to it from file explorer. zfs is smart to know it’s internal so transfer will be super quick.
once done, delete original dataset, recreate again, then transfer the data back.
maybe it’s not the best option but it works
If you’re running SMB, no slog is needed. If you run NFS, iSCSI, or S3, you will benefit from a slog.
https://www.reddit.com/r/truenas/comments/1c9ycjj/questions_about_slog/
sensitive? not sensitive? discussion here
raid scrub for a 4x 4tb raidz1 takes about 4 hours
in qnap qts, you could change the speed at how fast things like raid sync or scrub does things, but i don’t see that option for truenas. Eitherway it does things fast without me having to do anything for that.
I will still have to set a schedule to monthly scrub runs and trim, but that is expected. a non issue, since i can set that up.
My 2 cents. Don’t do it, keep Proxmox and install TrueNAS as a VM, passing through the disks directly to the VM (as scsiblock or PCI via IOMMU). I run this setup on my server.
Proxmox is a real Type-1 hypervisor, TrueNAS is a NAS first and foremost. I love Proxmox’s VM snapshots when taking backups or setting a “restore point” to try things. As far as I know, TrueNAS doesn’t have the same capability; it can only take ZFS snapshots which may or may not work as well.
Also, I’ve had a bad experience trying to get a proper backup of Apps from TrueNAS (it basically didn’t work because it’s backed by k3s and I lost almost all configurations of apps when I had to reconfigure my pool), to the point I created a VM in Proxmox for containers and managing it with Portainer. Now all Apps backups are painless and proven.
I run Emby in a container with the onboard Intel GPU passed to the VM and subsequently to the container using GVT-g. The shares from TrueNAS are passed to the container as CIFS docker volumes and it’s completely transparent to Emby.
Interesting setup
It could work, but i’m just fine using truenas as is.
https://www.reddit.com/r/truenas/comments/1c91x7j/comment/l0ikwd8/
never really got into proxmox but i know what it is and it gets a lot of praise.
Just thought it was a cool interesting setup worth sharing if you wanted to go truenas, but you could have gone this way in order to do so.
doing more research on optane as a possible slog candidate
https://www.reddit.com/r/freenas/comments/kt4pki/optane_16gb_m10_memory_modules_as_zil_for_cheap/
noticed the new update
just a comment on my backup restoration work. i already mentioned how i did that so i won’t get into those details. Just wanted to point the stuff i didn’t mention.
Example,
on my desktop pc i set shortcuts to my nas e.g.
Novels, Music, Videos …
Even stuff like foobar has playlists pointing to my nas shares.
But since i moved they didn’t work. But after restoring it worked.
When you add shortcuts using target, you can either use a lan ip, or the nas name. I opted for the later.
Anyway just wanted to point out, the restoration worked well and everything works without having to fix. Just be sure when restoring it follows the same pathing.
Example,
Back in QTS, my shares there like Storage, Storage2…
After creating datasets in Truenas it was like
Main dataset name for pool1 (this is the hdd raidz1 pool 4x 4tb)
then you have dataset children under it e.g. Storage, Storage2…
With this layout, it managed to restore the pathing from before for my basic stuff (the shortcuts i use on desktop pointing to my nas name)
in this entire process, the only thing that truly broke was the docker containers. But even that can be fixed given time. I’ve wanted to redo the pathing anyway to a dedicated docker dataset (in this case under jailmaker dataset)
Before i had my containers within the container station folder, which is not best practice. I should have created a share called docker with a docker user/ docker group which is a non admin/root account for the docker containers.
So taking this switch to clean house and do it right this time around if possible.
first app i need to get up and running is portainer which crucial for me to deploy the rest of my dockers. Yes i could deploy other dockers without portainer, but then that defeats the purpose of using portainer. To manage with portainer it’s best to deploy the dockers via that.
Next app would be whoami. A basic app to test with, it’s very simple. A good starting point.
Currently my stumbling block is i can’t access the docker dataset via jailmaker shell.
All i got working is docker, but i can’t do anything if i can’t access the shares by doing a ls and cd to deploy docker compose yaml config.
i think it might be permission issues, will try again later 
trim setting
i just left mine the default
ssd& hdd smart test short and long scheduling
I would consider that the minimum. The range I’ve seen here is short tests every 1-7 days, long tests every 1-4 weeks, and scrubs every 2-4 weeks (being careful not to overlap when the long tests are happening). My own schedule is on the short end of that–short test daily, long test weekly, scrub every two weeks.
SMART Testing on a SSD = It’s Fine
The SMART Short and Long Tests are read-only so this does not reduce the life of your SSD.
my own setting is weekly short smart tests for hdd & ssds. And monthly for long smart tests for hdd & ssds.
Raid scrub is monthly for both raid pools (i have 2, one for the hdds and the other for the ssds)
i had tested setup email notification and it worked bu adding gmail oauth.
However, i want to remove it because i am getting spammed by alerts. There are some truenas alerts that are benign but no off alert for it, so until that gets fixed i rather disable email alerts to stop the spam.
but to my shock, there is no option to remove the gmail oauth in the truenas UI.
I guess i could go gmail and revoke from there. But, why can’t you remove email alert in truenas UI?
if you want to setup nfs shares on windows this is how
in truenas enable both smb and nfs. then in windows follow youtube to set that up.
SMB has additional protocol overhead than NFSv3; unless you need specific Windows features/attributes, NFS will be simpler. However, you can introduce a number of issues, if you aren’t careful about users. Example: let’s say your 40 machines are each connected to an instrument, writing to an NFS share. If all 40 machines use the same username/UID, TrueNAS will handle all the NFS connections nicely, but will run into filelocking issues from the same UID on multiple files/directories. You can easily create cases when each machine can stomp on another machine’s files and directories. Make sure you have a good plan to deal with this or else you’ll have challenges down the road!
https://www.reddit.com/r/truenas/comments/12kww2b/nfs_or_smb/
jlmkr shell docker
Failed to get shell PTY: No machine 'docker' known
hm i know whats going on. because i had just updated truenas, it breaks jailmaker
so what you do is
go to truenas shell, change directory where the jlmkr.py is, then do the command then it will re-add it
root@xxxxxx[~]# jlmkr shell docker
Failed to get shell PTY: No machine 'docker' known
root@xxxxxx[~]# ./jlmkr.py install
zsh: no such file or directory: ./jlmkr.py
root@xxxxxx[~]# cd /mnt/xxxxxx/jailmaker/docker
root@xxxxxx[/mnt/xxxxxx/jailmaker/docker]# ./jlmkr.py install
zsh: no such file or directory: ./jlmkr.py
root@xxxxxx[/mnt/xxxxxx/jailmaker/docker]# cd ..
root@xxxxxx[/mnt/xxxxxx/jailmaker]# ./jlmkr.py install
systemd-nspawn is already installed.
Cannot create symlink because /usr/local/sbin/jlmkr is on a readonly filesystem.
The bash alias jlmkr is already present.
The zsh alias jlmkr is already present.
Done installing jailmaker.
root@xxxxxx[/mnt/xxxxxx/jailmaker]#
sauce
*update
noticed the docker jail is not found 
so i went winscp sftp and found it’s there
also have to rethink how i first deployed this because i see pathin is like this
/mnt/xxxxxx/jailmaker/jails/docker/rootfs/docker
in the documentation it does say it puts the jail into the rootfs.
so does that mean the /jail/docker is not needed? because it seems to create it as /rootfs/docker
So is that then where i put all my docker configs?
I think i had read somewhere another user also made the mistake when adding path and he ended up having a double docker directory when trying to setup. I’m probably making a similar mistake.
It doesnt appear you posted in the discussion, but just in case you havent figured it out yet, the correct way to bind storage is to do two separated locations beginning with the host (TrueNAS) location followed by the location you want to appear in the jail.
Example: --bind=‘/mnt/tank/dataset/folder_for_jail:/home/folder_in_jail’ In which /mnt/tank/dataset/folder_for_jail is present on the TrueNAS and you want every file in that folder to appear at /home/folder_in_jail in the jail’s filesystem.
I’m going to contribute some better documentation to the github soon.
I don’t think you need ACLs for this basic scenario. I have removed all ACLs from my datasets and just use regular Unix filesystem permissions. Have zero trouble using these files inside jailmaker jails. I can even share these datasets simultaneously via SMB with ACL disabled.
Ok so the jailmaker dataset i stripped out the acls and applied to the child datasets within it as well (i didn’t touch my other datasets used by my Storage, Storage2…etc), and will test using that since that should work supposedly.
What I’d try is to create jail with this config:
systemd_nspawn_user_args=--private-users=6000:65536 --private-users-ownership=chownNow the root user inside the jail with ID 0 should be mapped to user 6000 outside the jail. Thanks to --private-users-ownership=chown the ownership of the jail rootfs will be fixed during jail startup.
You don’t need to create a user with ID 6000 in the TrueNAS interface, but of course you can do this if you like.
If you then need to bind mount a directory inside the jail, to which the root user inside the jail must have access, then you should manually recursively chown (once) all files inside the directory to be bind mounted into the jail (not the jail rootfs itself) to 6000. If you have a user with ID 1000 inside the jail which must access these files, then you should chown to 7000 instead.
I didn’t test this, but this seems to me the easy way without ACLs.
Did you add the jlmkr startup script? This is what fixes things after an update.
yes i did. but it didn’t work. maybe i need to reboot?
FWIW, my “docker” jail came up perfectly after the update to 24.04 release.
I’m guessing you haven’t quite got the install right. For example. Did you get the patch to the jlmkr script right in the post-init command?
Also, you need to set startup=1 for jail to start at startup when jlmkr starts
well before upgrading truenas, i did get the jailmaker to work kind of.
like, i could access the docker commands like docker version
note: In truenas shell via UI, you had to
jlmkr shell dockerin order to then begin using docker commands. the docker is simply the jailname i called docker fyi.
but what i couldn’t do at the time was ls (which is list directories). So i wasn’t able to cd (to change directory) to my docker compose.yaml file to docker compose up. Still figuring this out.
So i tried adding the bind mount to the jailmaker docker script config (you basically run this to install the docker for jailmaker). But did not see any improvement.
Now i’m sus it is a permission issue. One thing i didn’t yet do is create a user in jailmaker, which might be what i need to do to move forward on this. But i’m not sure what is the correct approach here.
doc says you create a user, then if they need root, you can do a sudo command to give them such permissions.
can i create a user called docker then assign that root permissions?
and do i then have to go truenas beforehand to create that user first before i do that? these things aren’t quite explained. They assume the person would know these things, but i don’t since i’m a newbie 
Anyway this is what my docker script looks like
startup=0
gpu_passthrough_intel=1
gpu_passthrough_nvidia=0
# Turning off seccomp filtering improves performance at the expense of security
seccomp=1
# Use macvlan networking to provide an isolated network namespace,
# so docker can manage firewall rules
# Alternatively use --network-bridge=br1 instead of --network-macvlan
# Ensure to change eno1/br1 to the interface name you want to use
# You may want to add additional options here, e.g. bind mounts
systemd_nspawn_user_args=--network-bridge=br1
--resolv-conf=bind-host
--system-call-filter='add_key keyctl bpf'
--bind='/mnt/xxxxxx/jailmaker/docker/:/docker'
# Script to run on the HOST before starting the jail
# Load kernel module and config kernel settings required for docker
pre_start_hook=#!/usr/bin/bash
set -euo pipefail
echo 'PRE_START_HOOK'
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe br_netfilter
echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 1 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
# Only used while creating the jail
distro=debian
release=bookworm
# Install docker inside the jail:
# https://docs.docker.com/engine/install/debian/#install-using-the-repository
# NOTE: this script will run in the host networking namespace and ignores
# all systemd_nspawn_user_args such as bind mounts
initial_setup=#!/usr/bin/bash
set -euo pipefail
apt-get update && apt-get -y install ca-certificates curl
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \
$(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update
apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
# You generally will not need to change the options below
systemd_run_default_args=--property=KillMode=mixed
--property=Type=notify
--property=RestartForceExitStatus=133
--property=SuccessExitStatus=133
--property=Delegate=yes
--property=TasksMax=infinity
--collect
--setenv=SYSTEMD_NSPAWN_LOCK=0
systemd_nspawn_default_args=--keep-unit
--quiet
--boot
--bind-ro=/sys/module
--inaccessible=/sys/module/apparmor
Yes i see what you mean. The config i need to change from 0 to 1.
I may also have to change the docker version to the other you mention which works, since the latest docker broke networking or something for jailmaker?