TrueNAS & Synology Administration Guide#

1. TrueNAS Scale: Initial Setup & Security#

Virtual Machine Configuration (Proxmox)#

• Initial Setup: Create the VM. Add a second virtual disk (10GB) for apps and home directories.
• Post-Login: Verify the Time Zone is accurate.
• Duplicate Serial Error: If Proxmox reports Disks have duplicate serial numbers, add serials manually in the PVE host:

  nano /etc/pve/qemu-server/212.conf
  # Add serial strings:
  scsi0: Storage:vm-212-disk-0,discard=on,size=32G,ssd=1,serial=PROX-001
  scsi1: Storage:vm-212-disk-1,discard=on,size=1G,ssd=1,serial=PROX-002

Datasets & Users#

1. Datasets: Create HP3-10Gb-Apps-HomeDirs. Add sub-datasets Apps (Type: Apps) and HomeDirs (Type: Generic).
2. Standard User: Create user marc for SMB shares.
3. Sync User: Create backupuser. Set a home directory, uncheck Samba authentication, and do not set a password.
4. Admin Hardening: - Create user marcoue with full admin rights.
   • Upload SSH keys and enable 2FA for marcoue.
   • Disable the default truenas_admin account once verified.

SSH Hardening#

sudo nano /etc/ssh/sshd_config
# Modify/Add:
PermitRootLogin prohibit-password
PubkeyAuthentication yes

sudo systemctl restart sshd

• Services: Go to System > Services > SSH and disable “Allow Password Authentication.”

2. System & Networking Optimization#

Startup Scripts & Cron#

• Cron Shutdown: (System Settings > Advanced)
  • Command: /sbin/shutdown -h now
• Init Scripts: (Post Init)
  • Command: iperf3 -s -d
• Session Timeout: (Access > Configure) Set to 2147482.

Host Identification & Email#

• Hostname/NetBIOS: Set to HP2TrueNAS.
• Gmail OAuth/SMTP: - Use OAuth login if available.
  • SMTP: smtp.gmail.com | Port: 25 or 587.
  • Use an App Password from 1Password.

3. Data Protection & Replication#

Periodic Snapshots (Source)#

• Path: Data Protection > Periodic Snapshot Tasks.
• Settings: Uncheck “Recursive” (unless needed). Uncheck “Taking Empty Snapshot.”
• Schedule: Daily at 08:30, retention 7 days.

Replication Task (Remote Server Pull)#

1. Source: Different System.
2. Connection: New SSH (Semi-Auto).
3. Settings: Admin: marcoue, User: backupuser. Enable passwordless sudo.
4. ZFS Commands: Check “Use Sudo for ZFS Commands.”
5. Schedule: Every hour at 08:45.

4. Syncthing Deployment#

TrueNAS Scale Implementation#

1. System Settings > Advanced > Sysctl:
   • Var: fs.inotify.max_user_watches | Value: 524288.
2. Apps > Advanced: Disable “Host Path Safety Check.”
3. App Setup: Install Enterprise Version. Use Host Path for storage (e.g., /mnt/HP1-4TBSSD-Raid0/HP1Storage).

Synology DSM Implementation (Docker)#

1. Inotify Limit:

   echo "fs.inotify.max_user_watches=204800" | sudo tee -a /etc/sysctl.d/90-override.conf
   sudo sysctl -p /etc/sysctl.d/90-override.conf

2. User IDs: Use Task Scheduler to run id > /volume1/docker/id.txt to find UID/GID (e.g., 1027/100).
3. Docker Compose Highlights:

   environment:
     - PUID=1027
     - PGID=100
     - TZ=America/New_York
   volumes:
     - ./config:/config
     - /volume2/HP3Storage:/volume2/HP3Storage

Standard .stignore Patterns#

Create a .stignore file in the root of the sync folder:

(?i)#recycle
@eaDir
.DS_Store
.stfolder
.stignore
$RECYCLE.BIN
Thumbs.db
Desktop.ini
.SynologyWorkingDirectory

5. Hardware-Specific Configurations#

Mac Pro Auto-Restart (After Power Outage)#

cd /sys/bus/pci/devices/0000:00:1f.0
sudo chmod -R 777 config
setpci -s 0:1f.0 0xa4.b=0

Wake-on-LAN (WOL) Persistence#

Create a systemd service to ensure WOL stays active:

nano /etc/systemd/system/wol_fix.service

[Unit]
Description=Fix WakeOnLAN being reset to disabled on shutdown

[Service]
ExecStart=/usr/sbin/ethtool -s eno5 wol g
Type=oneshot
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

systemctl daemon-reload
systemctl enable --now wol_fix

6. Storage & Maintenance Commands#

ZFS Management#

• Rename Pool:

  # Export first, then import with new name
  sudo zpool import OLDNAME NEWNAME
  sudo zpool export NEWNAME

• Rename Dataset:

  sudo zfs rename Pool/OLD_NAME Pool/NEW_NAME

• Locked Folder Deletion:

  sudo rm -rf /mnt/myPool/foldertodelete
  # Remove hidden/junk metadata
  sudo find . -name "@eaDir" -type d -prune -exec rm -rf {} \;

Performance & Updates#

• Update Disk Space Fix: If updates fail due to space, move system dataset to boot-pool:
  • System Settings > Advanced > Storage. Change to boot-pool.
• iPerf3 on Synology: ```bash sudo -i synogear install iperf3 -s -p 11111

Monitoring (NetData)#

Install on each node for real-time metrics:

wget -O /tmp/netdata-kickstart.sh [https://my-netdata.io/kickstart.sh](https://my-netdata.io/kickstart.sh) && sh /tmp/netdata-kickstart.sh --stable-channel --disable-telemetry

7. Installing Proxmox 8 on Mac Pro 5,2#

1. Dataset: Create Vms and TEMP (permissions: libvirt-qemu).
2. VM Config: Clock: Local, Boot: UEFI, Display: VNC, CPU: Host Passthrough.
3. Network: VirtIO.
4. Post-Install Script:

   bash -c "$(wget -qLO - [https://github.com/community-scripts/ProxmoxVE/raw/main/misc/post-pve-install.sh](https://github.com/community-scripts/ProxmoxVE/raw/main/misc/post-pve-install.sh))"