TrueNAS-Compose

Setting Up TrueNAS Before Using Docker Stacks

Before you use this Docker stacks, make sure you have completed the following steps to properly configure TrueNAS:

• Step 1: Install TrueNAS Community Edition - Follow the official instructions from the TrueNAS website to install it on your hardware.
• Step 2: Extend Session Timeout - Increase the session timeout duration to prevent TrueNAS from logging you out prematurely:
  1. Navigate to "System > Advanced Settings > Access" in the TrueNAS interface.
  2. Click "Configure".
  3. Change the "Session Timeout" default value from "300" to: # This increases the session timeout from '5 minutes' to 1 hour *

  3600

  * For extra security, revert the session timeout back to 300 seconds after completing the configuration process!

  4. Click "Save".
• Step 3: Configure Console - Ensure that access to your TrueNAS console requires a username and password:
  1. Navigate to "System > Advanced Settings > Console" in the TrueNAS interface.
  2. Click "Configure".
  3. Uncheck "Show Text Console without Password Prompt".
  4. Click "Save".
• Step 4: Configure Location - Ensure that your regional settings are properly configured:
  1. Navigate to "System > General Settings > Location" in the TrueNAS interface.
  2. Click "Settings".
  3. Change the default settings to match your regional settings and formats.
  4. Click "Save".
  5. If needed, change the date/time settings in your TrueNAS system's BIOS to match your local date/time. # Correct date/time is crucial for logs and network services to work properly
• Step 5: Configure Network - Ensure that your network settings are properly configured:
  1. Navigate to "System > Network > Interfaces" in the TrueNAS interface.
  2. Click on the "Edit" button of your network interface to access the interface settings.
  3. Check "Define Static IP Addresses".
  4. Add your TrueNAS IP address to the "Static IP Addresses" section, in most cases:

  192.168.1.1/24

  5. Uncheck "Autoconfigure IPv6".
  6. Set the "MTU" to:

  1500

  7. Click "Save".
  8. Click "Skip" on the "Set Gateway and DNS".
  9. Click on "Test Changes" and confirm.
  10. Access the IP address you set up for TrueNAS and login again to confirm the changes, in most cases:

  https://192.168.1.1

  11. Click on "Go To Network Settings", followed by "Save Changes" and "Save" to confirm.
  12. Navigate to "System > Network > Interfaces" in the TrueNAS interface.
  13. Click on the "Edit" button of your network interface to access the interface settings.
  14. Delete your TrueNAS IP address from the "Static IP Addresses" section.
  15. Click "Save". # Don't click on the 'Test Changes' button
  16. Click on the "Add" button to add a new network interface.
  17. Select "Bridge" from the "Type" dropdown menu to create a virtual Switch.
  18. Type "br0" in the "Name" field.
  19. Type "vSwitch" in the "Description" field.
  20. Check "Define Static IP Addresses".
  21. Add your TrueNAS IP address to the "Static IP Addresses" section, in most cases:

  192.168.1.1/24

  22. Uncheck "Autoconfigure IPv6".
  23. Select your network interface (e.g.: eno1, eth0, etc...) from the "Bridge Members" dropdown menu.
  24. Check "Enable Learning".
  25. Set the "MTU" to:

  1500

  26. Click "Save".
  27. Click on "Test Changes" and confirm.
  28. Click on "Save Changes", followed by "Save" to confirm.
  29. Navigate to "System > Network > Global Configuration > Settings" in the TrueNAS interface.
  30. Replace "local" in the "Domain" field with your Top Level Domain name (e.g.: example.com) if you own one.
  31. Add your router's IP address to the "Default Gateway", in most cases:

  192.168.1.254

  32. Add the following nameservers to the "DNS Servers":

  1.1.1.2

  1.0.0.2

  33. Click "Save".
  34. Navigate to "System > General Settings > GUI > Settings" in the TrueNAS interface.
  35. Choose your TrueNAS IP address in "Web Interface IPv4 Address", in most cases:

  192.168.1.1

  36. Change your TrueNAS HTTP port in "Web Interface HTTP Port" from 80 to:

  81

  37. Change your TrueNAS HTTPS port in "Web Interface HTTPS Port" from 443 to:

  444

  38. Check "Web Interface HTTP -> HTTPS Redirect".
  39. Uncheck "Usage collection & UI error reporting".
  40. Check "Show Console Messages".
  41. Click "Save".
  42. Confirm that you want to "Restart Web Service" and click "Continue".
  43. Access the IP address and HTTPS port you set up for TrueNAS and login again, in most cases:

  https://192.168.1.1:444

  44. Navigate to "System > Advanced Settings > Sysctl" in the TrueNAS interface.
  45. Click on the "Add" button to add a new sysctl tunable.
  46. Select "SYSCTL" from the "Type" dropdown menu.
  47. Add the following "Variable":

  net.ipv6.conf.all.disable_ipv6

  48. Add the following "Value":

  1

  49. Click "Save".
  50. Click on the "Add" button again to add another sysctl tunable.
  51. Select "SYSCTL" from the "Type" dropdown menu.
  52. Add the following "Variable":

  net.ipv4.ip_forward

  53. Add the following "Value":

  1

  54. Click "Save".
  55. Your Sysctl should look like this:

  Var                                     Value          Enabled          Description
  net.ipv6.conf.all.disable_ipv6          1              Yes
  net.ipv4.ip_forward                     1              Yes

• Step 6: Create ZFS Pools - You'll need to create at least one ZFS pool to store your System/Apps data:
  1. Navigate to "Storage" in the TrueNAS interface.
  2. Click on the "Create Pool" button near the top right.
  3. Type "tank" on the "Name" field. # This is the default name used in ZFS documentation and in this guide
  4. Check "Encryption" (optional). # You'll need to download and securely store your encryption key, losing it may result in 'PERMANENT DATA LOSS' *

  Pool-level Encryption is Not Recommended
  
  TrueNAS 22.12.3 or later forces encryption for all child datasets and zvols within an encrypted root or parent dataset that are using the TrueNAS UI. However, datasets created outside of the UI, such as those created programmatically or manually via shell access, might not inherit encryption unless properly configured. For more granular control and awareness, we do not recommend users configure pool-level encryption of the root dataset. Instead, create an unencrypted pool and populate it with encrypted or unencrypted child datasets, as needed.
  
  Source: https://www.truenas.com/docs/scale/scaleuireference/storage/poolcreatewizardscreens/#pool-creation-wizard

  * To download your Encryption Keys: Navigate to 'Datasets' in the TrueNAS interface, select each encrypted pool and click the 'Export Key' button in the 'ZFS Encryption' section!

  5. If encryption is enabled, confirm that "Encryption is for users storing sensitive data" and click "I Understand".
  6. Click "Next".
  7. Select your pool "Layout". # Use at least a Mirror configuration and prioritize low-latency, high-performance storage (e.g.: Optane, NVMe) for your System/Apps pool
  8. Choose the appropriate "Disk Size".
  9. Check "Treat Disk Size as Minimun".
  10. Set the "Width". # Use at least two disks per VDEV to ensure redundancy
  11. Set the "Number of VDEVs". # More VDEVs result in higher IOPS, which are especially important for your System/Apps pool
  12. Click "Save And Go To Review".
  13. Click on the "Create Pool" button to create your System/Apps pool.
  14. Confirm that "The contents of all added disks will be erased" and click "Continue".
  15. If needed, refer to the official TrueNAS documentation for detailed guidance on pool creation and best practices. # Or watch this video: https://youtu.be/ykhaXo6m-04

  Sample Pool Setup (based on the reference system used for this guide):

  Boot
  
  Name: boot-pool
  Disks: 2 SSD
  Layout: 1 x Mirror

  System / Apps
  
  Name: tank
  Disks: 7 Optane
  Layout: 3 x Mirror + Spare

  Media / Downloads
  
  Name: morpheus
  Disks: 2 HDD + 2 NVMe
  Layout: 1 x Mirror + Metadata/Small Blocks (NVMe Mirror)

  Data / Games
  
  Name: trinity
  Disks: 4 SSD + 2 NVMe
  Layout: 1 x RAIDZ1 + Metadata/Small Blocks (NVMe Mirror)

  Backups
  
  Name: neo
  Disks: 8 SSD
  Layout: 1 x RAIDZ2

  NOTE: TrueNAS automatically creates a scheduled data integrity check (scrub) for each pool that runs, by default, every Sunday at 12:00 AM!

• Step 7: Configure Auto TRIM (optional) - Enable Auto TRIM on NVMe/SSD pools to optimize performance and extend the lifespan of your drives: # Optane and HDDs do not use the TRIM command
  1. Navigate to "Storage" in the TrueNAS interface.
  2. Click "Edit Auto TRIM" on the "ZFS Health" widget of your NVMe/SSD pool.
  3. Check "Auto TRIM".
  4. Click "Save".
  5. Repeat steps 2-4 for each NVMe/SSD pool in your system.

  WARNING: Some older or lower-quality SSD firmware may mishandle TRIM commands, potentially leading to data loss! # https://github.com/torvalds/linux/blob/master/drivers/ata/libata-core.c#L4288

• Step 8: Configure Apps' Pool - You'll need to configure your Apps' pool to store your Apps data:
  1. Navigate to "Apps > Configuration > Choose Pool" in the TrueNAS interface.
  2. Select your TrueNAS Apps' pool name from the list, in most cases:

  tank

  3. Click "Choose" to save.
• Step 9: Install NVIDIA Drivers (optional) - If you have a NVIDIA GPU make sure you install the NVIDIA drivers/runtime:
  1. Navigate to "Apps > Configuration > Settings" in the TrueNAS interface.
  2. Check "Install NVIDIA Drivers"
  3. Click "Save".
• Step 10: Configure ZFS Snapshots - Ensure that you create periodic snapshots of your Apps' pool:
  1. Navigate to "Data Protection > Periodic Snapshot Tasks" in the TrueNAS interface.
  2. Click "Add".
  3. Select your TrueNAS Apps' pool name from the "Dataset" dropdown menu, in most cases:

  tank

  4. Check "Recursive".
  5. Uncheck "Allow Taking Empty Snapshots".
  6. Keep the "Schedule" settings at their default values. # Or change them to meet your needs
  7. Click "Save".
  8. In the future, configure periodic snapshot tasks on the datasets associated with your Docker volumes instead.

  WARNING: Deleting data from your pools won't free up space unless you also delete the associated ZFS snapshots!

• Step 11: Configure ZFS Replication (optional) - If you have more than one pool, you can back up your Apps' pool to a different pool:
  1. Navigate to "System > Shell" in the TrueNAS interface.
  2. Copy and paste the following command into the TrueNAS Shell: # Replace 'backups' with your Backups' pool name

  midclt call pool.dataset.create '{"name":"backups/tank","type":"FILESYSTEM","compression":"LZ4","atime":"OFF"}'

  3. Navigate to "Data Protection > Replication Tasks" in the TrueNAS interface.
  4. Click "Add".
  5. Select your source location: # Replace 'tank' with your Apps' pool name

  Source Location: On this System

  Source: /mnt/tank

  6. Select your target location: # Replace 'backups' with your Backups' pool name

  Target Location: On this System

  Target: /mnt/backups/tank

  7. Check "Recursive".
  8. Type "tank_backup" in the "Task Name" field.
  9. Click "Next".
  10. Keep the "Schedule" settings at their default values. # Or change them to meet your needs
  11. Click "Save".
  12. Click on the "Edit" button of your new replication task.
  13. Search for "Destination Dataset Read-only Policy" and change it from "SET" to: # This will preserve your Apps' pool permissions

  IGNORE

  14. Click "Save".
  15. In the future, configure replication tasks on the datasets associated with your Docker volumes instead.
• Step 12: Create ZFS Datasets - You'll need to create datasets within your ZFS pools to organize and manage your data:
  1. Navigate to "System > Shell" in the TrueNAS interface.
  2. Copy and paste the following commands into the TrueNAS Shell: # Replace 'tank' with your Apps' pool name

  midclt call pool.dataset.create '{"name":"tank/docker","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"16K","share_type":"APPS"}'

  midclt call pool.dataset.create '{"name":"tank/docker/dockge","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"16K","share_type":"APPS"}'

  midclt call pool.dataset.create '{"name":"tank/docker/dockge/stacks","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"16K","share_type":"APPS"}'

  midclt call pool.dataset.create '{"name":"tank/docker/dockge/data","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"16K","share_type":"APPS"}'

  midclt call pool.dataset.create '{"name":"tank/docker/notifications","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"16K","share_type":"APPS"}'

  midclt call pool.dataset.create '{"name":"tank/docker/notifications/diun","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"16K","share_type":"APPS"}'

  midclt call pool.dataset.create '{"name":"tank/docker/notifications/gotify","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"16K","share_type":"APPS"}'

  3. Copy and paste the following commands into the TrueNAS Shell: # Replace 'tank' with your Media/Downloads' pool name (it can be your Apps' pool)

  midclt call pool.dataset.create '{"name":"tank/downloads","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"1M","share_type":"APPS"}'

  midclt call pool.dataset.create '{"name":"tank/media","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"1M","share_type":"APPS"}'

  midclt call pool.dataset.create '{"name":"tank/media/audiobooks","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"1M","share_type":"APPS"}'

  midclt call pool.dataset.create '{"name":"tank/media/books","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"1M","share_type":"APPS"}'

  midclt call pool.dataset.create '{"name":"tank/media/movies","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"1M","share_type":"APPS"}'

  midclt call pool.dataset.create '{"name":"tank/media/music","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"1M","share_type":"APPS"}'

  midclt call pool.dataset.create '{"name":"tank/media/podcasts","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"1M","share_type":"APPS"}'

  midclt call pool.dataset.create '{"name":"tank/media/tvseries","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"1M","share_type":"APPS"}'

  4. Copy and paste the following commands into the TrueNAS Shell: # Replace 'tank' with your Data/Games' pool name (it can be your Apps' pool)

  midclt call pool.dataset.create '{"name":"tank/data","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"1M","share_type":"APPS"}'

  midclt call pool.dataset.create '{"name":"tank/games","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"1M","share_type":"APPS"}'

  midclt call pool.dataset.create '{"name":"tank/games/eggs","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"1M","share_type":"APPS"}'

  midclt call pool.dataset.create '{"name":"tank/games/installers","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"1M","share_type":"APPS"}'

  midclt call pool.dataset.create '{"name":"tank/games/roms","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"1M","share_type":"APPS"}'

  midclt call pool.dataset.create '{"name":"tank/users","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"1M","share_type":"APPS"}'

  NOTE: Optimizing the 'recordsize' to match the workload and disabling 'atime' improves overall system performance! # https://openzfs.github.io/openzfs-docs/Performance%20and%20Tuning/Workload%20Tuning.html

• Step 13: Configure Permissions - Ensure that the permissions are configured to grant access to your ZFS datasets:
  1. Navigate to "Datasets" in the TrueNAS interface.
  2. Expand your Apps' pool tree and click on the "docker" dataset to select it.
  3. Navigate to "Permissions > Edit" to access the ACL Editor.
  4. Set the following "Access Control List": # This is the default ACL for Apps (which is applied when you set 'share_type=APPS' during dataset creation)

  owner@ - root                               Allow | Full Control
  group@ - root                               Allow | Modify
  Group - builtin_users                       Allow | Modify
  Group - builtin_administrators              Allow | Full Control
  User - apps                                 Allow | Modify

  5. Check "Apply permissions recursively" and confirm.
  6. Check "Apply permissions to child datasets".
  7. Click "Save Access Control List".
  8. Repeat steps 1-7 for the "media" and "downloads" datasets (instead of the "docker" dataset), which are located at the root of your Media/Downloads' pool.
  9. Repeat steps 1-7 for the "data" and "games" datasets (instead of the "docker" dataset), which are located at the root of your Data/Games' pool.
• Step 14: Configure Users - You'll need to create a user account to access and manage your TrueNAS system:
  1. Copy and paste the following command into your terminal (on your local computer): # Ed25519 is a public-key signature system, more secure than RSA

  ssh-keygen -t ed25519

  2. Press "Enter" to accept the default location:

  %USERPROFILE%\.ssh\id_ed25519 (Windows)

  ~/.ssh/id_ed25519 (macOS/Linux)

  3. Enter a passphrase for extra security. # This will secure your private key
  4. Re-enter the same passphrase to confirm.
  5. If you're using Windows, copy and paste the following command:

  type %USERPROFILE%\.ssh\id_ed25519.pub

  6. If instead you're using macOS/Linux, copy and paste the following command:

  cat ~/.ssh/id_ed25519.pub (macOS/Linux)

  7. Copy your public key.
  8. Navigate to "Credentials > Users" in the TrueNAS web interface.
  9. Click on the "Add" button.
  10. Type your username on the "Username" fields.
  11. Check "SMB Access".
  12. Check "TrueNAS Access".
  13. Select "Full Admin" from the "Select Role" dropdown menu.
  14. Check "Shell Access".
  15. Check "SSH Access".
  16. Type your secure password on the "Password" and "Confirm Password" fields.
  17. Under "Public SSH Key", your public key from step 7.
  18. Type your full name on the "Full Name" field.
  19. Type your valid email address on the "Email" field. # It will be used to send you alerts
  20. Type "/mnt/tank/users" on the "Home Directory" field. # Replace 'tank' with your Data/Games' pool name
  21. Check "Create Home Directory".
  22. Select "bash" from the "Shell" dropdown menu.
  23. Check "Allow all sudo commands" in the "Sudo Commands" field.
  24. Click "Save".
  25. Log out, then log back in using your new "Username" and "Password".
  26. Select your "truenas_admin" account.
  27. Click "Lock User" in the "Access" section.
  28. Navigate to "System > General Settings > Email" in the TrueNAS interface.
  29. Click on the "Settings" button.
  30. Select "GMail OAuth" from the "Send Mail Method" options. # Or choose another method ('Outlook OAuth' for Microsoft accounts or 'SMTP' for other email providers) and ignore steps 31-34

  NOTE: To configure SMTP with your preferred email provider, refer to their official documentation for setup instructions.

  31. Type your valid email address on the "From Email" field.
  32. Type your username on the "From Name" fields.
  33. Click "Log in to Gmail".
  34. Proceed to set up your Oauth credentials.
  35. Click "Send Test Mail" to test the connection. # It will generate a test message on your email inbox
  36. Click "Save".
• Step 15: Configure SSH (optional) - Configure SSH access for your user account:
  1. Navigate to "System > Services" in the TrueNAS web interface.
  2. Click on the "Edit" button of the "SSH" service.
  3. Uncheck "Allow Password Authentication".
  4. Click on the "Advaced Settings" button.
  5. Select "br0" from the "Bind Interfaces" dropdown menu.
  6. Uncheck "None" and "AES128-CBC" from the "Weak Ciphers" dropdown menu.
  7. Click "Save".
  8. Toggle the "SSH" service to "ON".
  9. Toggle the "Start Automatically" option to "ON" to run SSH at every boot.
  10. Copy and paste the following command into your terminal (on your local computer): # Replace 'user' with your username and '192.168.1.1' with your TrueNAS IP address

  ssh [email protected]

• Step 16: Create Docker Networks - You'll need to create the "dns", "proxy" and "home" networks to easily access your Docker services:
  1. Navigate to "System > Shell" in the TrueNAS interface.
  2. Copy and paste the following commands into the TrueNAS shell:

  sudo docker network create --driver=bridge --subnet=172.17.0.0/24 --ip-range=172.17.0.0/24 --gateway=172.17.0.1 dns

  sudo docker network create --driver=bridge --subnet=172.18.0.0/24 --ip-range=172.18.0.0/24 --gateway=172.18.0.1 proxy

  sudo docker network create --driver=macvlan --subnet=192.168.1.0/24 --ip-range=192.168.1.48/28 --aux-address 'host=192.168.1.63' --gateway=192.168.1.254 -o parent=br0 home

  3. If needed, replace the "home" network's subnet, ip-range, aux-address and gateway to match your TrueNAS network's settings. # You'll need to keep the CIDR '/28' for a total of 16 hosts (e.g.: 192.168.1.48 - 192.168.1.63)
• Step 17: Create Host Macvlan Network - You'll need to create the "home-shim" network to allow access to your "home" network from your host:
  1. Navigate to "System > Advanced Settings > Init/Shutdown Scripts" in the TrueNAS interface.
  2. Click "Add" to create a script that sets the "home-shim" network.
  3. Type "Host Macvlan" in the "Description" field.
  4. Select "Command" from the "Type" dropdown menu.
  5. Copy and paste the following command into the "Command" field:

  ip link add home-shim link br0 type macvlan mode bridge; ip addr add 192.168.1.63/32 dev home-shim; ip link set home-shim up; ip route add 192.168.1.48/28 dev home-shim

  6. If needed, replace "192.168.1.48/28" with the ip-range of your "home" network and "192.168.1.63/32" with the aux-address for your host macvlan bridge.
  7. Select "Pre Init" from the "When" dropdown menu.
  8. Click "Save".
• Step 18: Install Dockge - Use Dockge to manage all your Docker stacks. To install it:
  1. Navigate to "Apps > Discover Apps" in the TrueNAS interface.
  2. Search for "dockge" and click to install.
  3. Navigate to "Network Configuration" in the installation interface.
  4. Keep the default "WebUI Port":

  31014

  5. Change the "Certificate" to:

  'truenas_default' Certificate

  6. Navigate to "Storage Configuration" in the installation interface.
  7. Choose the following type in "Dockge Stacks Storage":

  Host Path (Path that already exists on the system)

  8. Insert the following path in "Host Path": # Replace 'tank' with your Apps' pool name

  /mnt/tank/docker/dockge/stacks

  9. Choose the following type in "Dockge Data Storage":

  Host Path (Path that already exists on the system)

  10. Insert the following path in "Host Path": # Replace 'tank' with your Apps' pool name

  /mnt/tank/docker/dockge/data

  11. Navigate to "Labels Configuration" in the installation interface.
  12. Add the following "Key=Value" pairs: # Don't copy the '=' sign in between the Keys and their Values

  diun.enable=true

  tsdproxy.enable=true

  tsdproxy.name=dockge

  13. Make sure to set "dockge" in the "Containers" section of each label.
  14. Click "Install" and wait for the green "Running" status indicator.
  15. Click on the "Web UI" button in the "Application Info" section to open Dockge.
  16. Change the URL to "https://" and press Enter. # Add this page to your browser's bookmark bar
  17. Set your "Username" and "Password". # Confirm password
  18. Click "Create".
• Step 19: Install Gotify and DIUN - Use Gotify and DIUN to manage your notifications. To install them:
  1. Click on the "+ Compose" button on Dockge Web interface and type "notifications" on the "Stack Name" field.
  2. Click "Delete" on the "nginx" container.
  3. Copy the notifications stack Docker Compose: Copy

  ####################################################################################################
  # name: NOTIFICATIONS
  ####################################################################################################
  
  services:
  
  ####################################################################################################
  # GOTIFY | URL: https://gotify.net
  ####################################################################################################
  
    gotify:
      container_name: gotify
      image: gotify/server:latest
      environment:
        - TZ=${TZ:-Europe/Lisbon}
      volumes:
        - /mnt/${APPS_POOL:-tank}/docker/notifications/gotify:/app/data
      networks:
        proxy:
          ipv4_address: 172.18.0.5
        dns:
          ipv4_address: 172.17.0.5
      ports:
        - 31015:80
      dns:
        - 172.17.0.2
      labels:
        - diun.enable=true
        - tsdproxy.enable=true
        - tsdproxy.name=gotify
        - traefik.enable=true
        - traefik.docker.network=proxy
        - traefik.http.routers.gotify.entrypoints=websecure
        - traefik.http.routers.gotify.rule=Host(`gotify.${DOMAIN:-home.arpa}`) || Host(`gotify.ts.${DOMAIN:-home.arpa}`)
        - traefik.http.routers.gotify.tls=true
        - traefik.http.services.gotify.loadbalancer.server.port=80
        #- traefik.http.routers.gotify.middlewares=tinyauth
        #- traefik.http.routers.gotify_ext.entrypoints=cloudflared
        #- traefik.http.routers.gotify_ext.rule=Host(`gotify.${DOMAIN:-home.arpa}`)
        #- traefik.http.routers.gotify_ext.tls=true
        #- traefik.http.services.gotify_ext.loadbalancer.server.port=80
        #- traefik.http.routers.gotify_ext.middlewares=tinyauth
      restart: unless-stopped
  
  ####################################################################################################
  # TRUENAS GOTIFY ADAPTER | URL: https://github.com/ZTube/truenas-gotify-adapter
  ####################################################################################################
  
    gotify-truenas-adapter:
      container_name: gotify-truenas-adapter
      image: ghcr.io/ztube/truenas-gotify-adapter:main
      environment:
        - GOTIFY_URL=http://172.17.0.5
        - GOTIFY_TOKEN=${TRUENAS_TOKEN}
      network_mode: host
      labels:
        - diun.enable=true
        - tsdproxy.enable=false
        - traefik.enable=false
      restart: unless-stopped
      depends_on:
        gotify:
          condition: service_healthy
  
  ####################################################################################################
  # DOCKER IMAGE UPDATE NOTIFIER | URL: https://crazymax.dev/diun
  ####################################################################################################
  
    diun:
      container_name: diun
      image: crazymax/diun:latest
      command: serve
      environment:
        - TZ=${TZ:-Europe/Lisbon}
        - LOG_LEVEL=info
        - DIUN_WATCH_WORKERS=20
        - DIUN_WATCH_SCHEDULE=0 */6 * * *
        - DIUN_WATCH_JITTER=30s
        - DIUN_WATCH_RUNONSTARTUP=true
        - DIUN_PROVIDERS_DOCKER=true
        - DIUN_PROVIDERS_DOCKER_WATCHBYDEFAULT=true
        - DIUN_NOTIF_GOTIFY_ENDPOINT=http://172.17.0.5
        - DIUN_NOTIF_GOTIFY_TOKEN=${DIUN_TOKEN}
        - DIUN_NOTIF_GOTIFY_PRIORITY=1
        - DIUN_NOTIF_GOTIFY_TIMEOUT=10s
      volumes:
        - /var/run/docker.sock:/var/run/docker.sock
        - /mnt/${APPS_POOL:-tank}/docker/notifications/diun:/data
      network_mode: host
      labels:
        - diun.enable=true
        - tsdproxy.enable=false
        - traefik.enable=false
      restart: unless-stopped
      depends_on:
        gotify:
          condition: service_healthy
  
  ####################################################################################################
  # NETWORKS
  ####################################################################################################
  
  networks:
    home:
      external: true
    proxy:
      external: true
    dns:
      external: true
  
  ####################################################################################################
  # EOF - TrueNAS-Compose - URL: https://www.truenas-compose.com
  ####################################################################################################

  4. Paste the notifications stack Docker Compose where it says: # Replacing the default

  version: "3.8"
  services: {}
  networks: {}

  5. Copy the notifications stack .env file: Copy

  ####################################################################################################
  # .env - NOTIFICATIONS
  ####################################################################################################
  
  # GLOBAL:
  
  APPS_POOL=tank # Replace 'tank' with your Apps' pool name
  
  MEDIA_POOL=tank # Replace 'tank' with your Media/Downloads' pool name
  
  DATA_POOL=tank # Replace 'tank' with your Data/Games' pool name
  
  DOMAIN=home.arpa # Replace 'home.arpa' with your Top Level Domain name (e.g.: example.com)
  
  TZ=Europe/Lisbon # Replace 'Europe/Lisbon' with your local time zone
  
  PUID=568 # Default: 568 (Apps)
  
  PGID=568 # Default: 568 (Apps)
  
  ####################################################################################################
  
  # GOTIFY:
  
  TRUENAS_TOKEN=truenas_token # Replace 'truenas_token' with your TrueNAS token
  
  DIUN_TOKEN=diun_token # Replace 'diun_token' with your DIUN token
  
  ####################################################################################################
  # EOF - TrueNAS-Compose - URL: https://www.truenas-compose.com
  ####################################################################################################

  6. Paste the notifications stack .env file where it says: # Replacing the default

  # VARIABLE=value #comment

  7. Edit the .env file to meet your TrueNAS set up if needed. # Ignore "TRUENAS_TOKEN" and "DIUN_TOKEN" for now
  8. Click "Deploy" to install.
  9. Click on the port "31015" in the "gotify" container to access Gotify.
  10. Type "admin" in "Username" and "Password" fields and click "Login". # Default
  11. Navigate to "ADMIN" in Gotify's Web interface, type a "New Password" for the default user and click on "CHANGE".
  12. Navigate to "APPS" in Gotify's Web interface and click on "CREATE APPLICATION" to add TrueNAS as an App.
  13. Type "TrueNAS" in the "Name" field and click "CREATE".
  14. Click on the button to show the token and copy the generated token.
  15. Go back to Dockge's interface and click "Edit" on the notifications stack.
  16. Paste the generated token into the .env file where it says:

  TRUENAS_TOKEN=truenas_token

  17. Go back to "APPS" in Gotify's Web interface and click on "CREATE APPLICATION" to add DIUN as an App.
  18. Type "DIUN" in the "Name" field and click "CREATE".
  19. Click on the button to show the token and copy the generated token.
  20. Go back to Dockge's interface and paste the generated token into the .env file where it says:

  DIUN_TOKEN=diun_token

  21. Click "Deploy" to redeploy the notifications stack.
• Step 20: Install Gotify APP (Android only) - You'll need to install the Gotify app to get notifications:
  1. Download and install the latest Gotify app. # https://play.google.com/store/apps/details?id=com.github.gotify
  2. Type your "Gotify URL", in most cases: # Replace '192.168.1.1' with your TrueNAS IP address

  http://192.168.1.1:31015

  3. Click "Check URL".
  4. Ignore the warning saying "Using HTTP is insecure" and click "I Understand".
  5. Type "admin" in the "Username" field and your new password in the "Password" field.
  6. Click "Login".
  7. Choose a name for your session and click "Create".
  8. Enable notifications on your Android device.
• Step 21: Configure Alerts - You'll need to configure Gotify alerts to warn you of any issues with your TrueNAS system:
  1. Navigate to "System > Alert Settings" in the TrueNAS interface.
  2. Click on the "Add" button to add a new alert.
  3. Type "Gotify" in the "Name" field.
  4. Select "Slack" from the "Type" dropdown menu.
  5. Select "Info" from the "Level" dropdown menu. # This will show you all syslog alerts, adjust the level as needed
  6. Copy and paste the following URL into the "Webhook URL" field:

  http://localhost:31662

  7. Click "Send Test Alert" to test the connection. # It will generate a test alert on your Gotify's dashboard (and a notification on your Android device)
  8. Click "Save" to confirm.
• Step 22: Disable CPU Power Savings (optional) - Ensure that your CPU latency is minimal: # Reduces latency but increases power consumption
  1. Navigate to "System > Advanced Settings > Init/Shutdown Scripts" in the TrueNAS interface.
  2. Click "Add" to create a script that sets the CPU governor to "performance".
  3. Type "CPU governor" in the "Description" field.
  4. Select "Command" from the "Type" dropdown menu.
  5. Copy and paste the following command into the "Command" field:

  cpupower frequency-set -g performance

  6. Select "Post Init" from the "When" dropdown menu.
  7. Click "Save".
  8. Click "Add" again to create a second script to disable the "C2" idle state.
  9. Type "CPU idle-states" in the "Description" field.
  10. Select "Command" from the "Type" dropdown menu.
  11. Copy and paste the following command into the "Command" field:

  cpupower -c all idle-set -d 2

  12. Select "Post Init" from the "When" dropdown menu.
  13. Click "Save".
• Step 23: Disable PCIe Power Savings (optional) - Ensure that your high-performance storage (e.g.: Optane, NVMe) latency is minimal: # Reduces latency but increases power consumption
  1. Navigate to "System > Shell" in the TrueNAS interface.
  2. Copy and paste the following command into the TrueNAS SHELL:

  midclt call system.advanced.update '{"kernel_extra_options": "nvme_core.default_ps_max_latency_us=0 pcie_aspm=off pci=noaer"}'

• Step 24: Offload RCU Callbacks (optional) - Offload RCU (Read-Copy-Update) callbacks from CPU cores to kernel threads: # Reduces latency and improves performance, especially on high-core-count systems
  1. Navigate to "System > Shell" in the TrueNAS interface.
  2. Copy and paste the following command into the TrueNAS SHELL: # Replace '63' with the number of logical CPU cores in your system minus 1 (e.g.: 64 threads - 1 = 63)

  midclt call system.advanced.update '{"kernel_extra_options": "rcu_nocbs=0-63"}'

  WARNING: If you previously configured Step 23, combine those options with these in a single command to avoid overwriting settings!

  3. If needed, copy and paste the following command into the TrueNAS SHELL to find the number of logical CPU cores in your system:

  lscpu | grep '^CPU(s):'

• Step 25: Tune NVMe Driver (optional) - Ensure that the NVMe driver is optimized for your high-performance storage (e.g.: Optane, NVMe): # Improves NVMe performance by optimizing queue usage
  1. Navigate to "System > Shell" in the TrueNAS interface.
  2. Copy and paste the following command into the TrueNAS SHELL: # Choose only the configuration that matches your NVMe hardware layout
     • Optane-only

     midclt call system.advanced.update '{"kernel_extra_options": "nvme.poll_queues=2 nvme.write_queues=2 nvme.io_queue_depth=16 nvme.use_threaded_interrupts=1 nvme.max_host_mem_size_mb=512"}'

     • Optane + NAND

     midclt call system.advanced.update '{"kernel_extra_options": "nvme.poll_queues=2 nvme.write_queues=2 nvme.io_queue_depth=64 nvme.use_threaded_interrupts=1 nvme.max_host_mem_size_mb=512"}'

     • NAND-only # Replace '8' with the number of physical CPU cores in your system divided by 4 (e.g.: 32 cores / 4 = 8) in 'nvme.poll_queues' and 'nvme.write_queues'

     midclt call system.advanced.update '{"kernel_extra_options": "nvme.poll_queues=8 nvme.write_queues=8 nvme.io_queue_depth=256 nvme.use_threaded_interrupts=1 nvme.max_host_mem_size_mb=512"}'

  WARNING: If you previously configured Step 23 and/or Step 24, combine those options with these in a single command to avoid overwriting settings!

  3. If needed, copy and paste the following command into the TrueNAS SHELL to find the number of physical CPU cores in your system:

  lscpu | grep 'Core(s) per socket'

• Step 26: Tune ZFS Module Parameters (optional) - Ensure that ZFS is optimized for your high-performance storage (e.g.: Optane, NVMe): # Maximizes IOPS and reduces I/O bottlenecks
  1. Navigate to "System > Shell" in the TrueNAS interface.
  2. Copy and paste the following command into the TrueNAS SHELL: # Choose only the configuration that matches your storage pool layout
     • NVMe-only pools # Work in progress... please be patient! :)

     midclt call system.advanced.update '{"kernel_extra_options": "zfs.metaslab_lba_weighting_enabled=0"}'

     • NVMe pools + SSD pools # Work in progress... please be patient! :)

     midclt call system.advanced.update '{"kernel_extra_options": "zfs.metaslab_lba_weighting_enabled=0"}'

     • NVMe pools + SSD pools + HDD pools # Work in progress... please be patient! :)

     midclt call system.advanced.update '{"kernel_extra_options": ""}'

     • NVMe pools + HDD pools # Work in progress... please be patient! :)

     midclt call system.advanced.update '{"kernel_extra_options": ""}'

  WARNING: If you previously configured Step 23 and/or Step 24 and/or Step 25, combine those options with these in a single command to avoid overwriting settings!

  3. If needed, refer to the official OpenZFS documentation for detailed guidance on module parameters. # https://openzfs.github.io/openzfs-docs/Performance%20and%20Tuning/Module%20Parameters.html
• Step 27: Save Configuration - Ensure that you back up your TrueNAS configuration file: # Do this periodically
  1. Navigate to "System > General Settings" in the TrueNAS interface.
  2. Click on the "Manage Configuration" dropdown menu and select "Download File".
  3. Check "Export Password Secret Seed".
  4. Click "Save" to confirm.
• Step 28: Reboot - If everything went well, reboot your TrueNAS system.
• Step 29: Install OPNsense (optional) - If you have more than one network interface, you can install OPNsense firewall on a Virtual Machine: [ Click to Expand ]

  ####################################################################################################
  # install - OPNsense
  ####################################################################################################
  
  1 - Download and extract the latest OPNsense "dvd" image. # https://opnsense.org/download
  
  2 - Set up your ISP router in "bridge" mode (usually on port number 4). # RTFM
  
  3 - Navigate to "System > Network > Interfaces" in the TrueNAS interface.
  
  4 - Click on the "Edit" button of the network interface you'll use to connect to the internet (WAN).
  
  5 - Check "Define Static IP Addresses".
  
  6 - Uncheck "Autoconfigure IPv6".
  
  7 - Set the "MTU" to "1500".
  
  8 - Click "Save". # Don't click on the 'Test Changes' button
  
  9 - Click on the "Add" button to add a new network interface.
  
  10 - Select "Bridge" from the "Type" dropdown menu to create a virtual Switch.
  
  11 - Type "br1" in the "Name" field.
  
  12 - Type "vSwitch" in the "Description" field.
  
  13 - Check "Define Static IP Addresses".
  
  14 - Uncheck "Autoconfigure IPv6".
  
  15 - Select your network interface (e.g.: eno2, eth1, etc...) from the "Bridge Members" dropdown menu.
  
  16 - Check "Enable Learning".
  
  17 - Set the "MTU" to "1500".
  
  18 - Click "Save".
  
  19 - Click on "Test Changes" and confirm.
  
  20 - Click on "Save Changes", followed by "Save" to confirm.
  
  21 - Navigate to "System > Shell" in the TrueNAS interface.
  
  22 - Copy and paste the following commands into the TrueNAS Shell: # Replace 'tank' with your Apps' pool name
  
  midclt call pool.dataset.create '{"name":"tank/kvm","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"1M","share_type":"APPS"}'
  
  midclt call pool.dataset.create '{"name":"tank/kvm/installers","type":"FILESYSTEM","compression":"LZ4","atime":"OFF","recordsize":"1M","share_type":"APPS"}'
  
  23 - Navigate to "Datasets" in the TrueNAS interface.
  
  24 - Expand your Apps' pool tree and click on the "kvm" dataset to select it.
  
  25 - Navigate to "Permissions > Edit" to access the ACL Editor.
  
  26 - Set the following "Access Control List": # Add the 'libvirt-qemu' user to the default ACL for Apps (which is applied when you set 'share_type=APPS' during dataset creation)
  
  User - libvirt-qemu                         Allow | Modify
  owner@ - root                               Allow | Full Control
  group@ - root                               Allow | Modify
  Group - builtin_users                       Allow | Modify
  Group - builtin_administrators              Allow | Full Control
  User - apps                                 Allow | Modify
  
  27 - Check "Apply permissions recursively" and confirm.
  
  28 - Check "Apply permissions to child datasets".
  
  29 - Click "Save Access Control List".
  
  30 - Navigate to "Virtual Machines" in the TrueNAS interface.
  
  31 - Click on the "Add" button to add a new virtual machine.
  
  32 - Select "FreeBSD" from the "Guest Operating System" dropdown menu.
  
  33 - Type "OPNsense" in the "Name" field.
  
  34 - Select "192.168.1.1" from the "Bind" dropdown menu. # Replace '192.168.1.1' with your TrueNAS IP address
  
  35 - Type an 8 characters password for VNC in the "Password" field.
  
  36 - Click "Next".
  
  37 - Type "1" in the "Virtual CPUs" field. # Or set it to your preference
  
  38 - Type "4" in the "Cores" field. # Or set it to your preference
  
  39 - Type "1" in the "Threads" field. # Or set it to your preference
  
  40 - Select "Host Passthrough" from the "CPU Mode" dropdown menu.
  
  41 - Type "8 GiB" in the "Memory Size" field. # Or set it to your preference
  
  42 - Click "Next".
  
  43 - Select "VirtIO" from the "Select Disk Type" dropdown menu.
  
  44 - Select "tank/kvm" from the "Zvol Location" dropdown menu.
  
  45 - Type "40 GiB" in the "Size" field. # Or set it to your preference
  
  46 - Click "Next".
  
  47 - Select "br0: vSwitch" from the "Attach NIC" dropdown menu.
  
  48 - Click "Next".
  
  49 - Click "Upload New Image File".
  
  50 - Type "/mnt/tank/kvm/installers" on the "ISO save location" field.
  
  51 - Click "Choose File" and select OPNsense ISO image.
  
  52 - Click "Upload" and wait for the upload to finish.
  
  53 - Click "Next".
  
  54 - Ignore "GPUs".
  
  55 - Click "Next".
  
  56 - Click "Save".
  
  57 - Expand your OPNsense's row and click on "Devices" followed by "Add".
  
  58 - Select "NIC" from the "Type" dropdown menu.
  
  59 - Select "VirtIO" from the "Adapter Type" dropdown menu.
  
  60 - Select "br1: vSwitch" from the "Attach NIC" dropdown menu.
  
  61 - Click "Save".
  
  62 - Navigate to "Virtual Machines" in the TrueNAS interface.
  
  63 - Expand your OPNsense's row and click on "Start".
  
  64 - Open your VNC client and access VNC using the 8 characters password you've set: # Replace '192.168.1.1' with your TrueNAS IP address
  
  192.168.1.1:5900
  
  65 - Login using the user "installer" and password "opnsense".
  
  66 - Select your "keymap" (keyboard layout).
  
  67 - Select "Other Modes" and click "OK".
  
  68 - Select "Auto (UFS)" and click "OK".
  
  69 - Select "Entire Disk" and click "OK".
  
  70 - Click "Yes" to confirm that you're sure you want to erase the disk.
  
  71 - Select "GPT" and click "OK".
  
  72 - Review the disk setup and click "Finish".
  
  73 - Click "Commit" and wait for the installation to finish.
  
  74 - Select "Complete Install" and click "OK". # Don't change the root password just yet
  
  75 - Select "Halt now" and click "OK".
  
  76 - Navigate to "Virtual Machines" in the TrueNAS interface.
  
  77 - Expand your OPNsense's row and click on "Devices".
  
  78 - Click on the "Edit" button of the "CD-ROM" device and choose "Delete".
  
  79 - Select "Force Delete" and click "Delete Device".
  
  80 - Navigate to "Virtual Machines" in the TrueNAS interface.
  
  81 - Expand your OPNsense's row and click on "Start".
  
  82 - Reopen your VNC client and connect again to: # Replace '192.168.1.1' with your TrueNAS IP address
  
  192.168.1.1:5900
  
  83 - Login using the user "root" and password "opnsense". # Default
  
  84 - Enter "2" to "Set interface IP address".
  
  85 - Enter "1" to select the "LAN" interface.
  
  86 - Enter "n" to disable DHCP.
  
  87 - Type your OPNsense Web interface IP address, in most cases: # Replace '192.168.1.253' with OPNsense's IP address on your local network
  
  192.168.1.253
  
  88 - Type "24" as the subnet mask (255.255.255.0).
  
  89 - Press "ENTER" to leave the gateway empty.
  
  90 - Enter "n" to disable IPv6 via WAN tracking.
  
  91 - Enter "n" to disable DHCP for IPv6.
  
  92 - Press "ENTER" to leave IPv6 empty/disabled.
  
  93 - Enter "n" to skip enabling the DHCP server.
  
  94 - Enter "n" to keep the default web GUI protocol (HTTPS).
  
  95 - Enter "n" to skip generating new certificates.
  
  96 - Enter "n" to skip restoring default web GUI access.
  
  97 - Open OPNsense's Web interface, in most cases:
  
  https://192.168.1.253
  
  98 - Login using the user "root" and password "opnsense".
  
  99 - Click "Next" to start the Wizard.
  
  100 - Fill out the "General Information" section: # Replace 'home.arpa' with your Top Level Domain name (e.g.: example.com)
  
  Hostname: opnsense
  
  Domain: home.arpa
  
  Primary DNS Server: 1.1.1.2
  
  Secondary DNS Server: 1.0.0.2
  
  101 - Uncheck "Override DNS".
  
  102 - Uncheck "Enable Resolver".
  
  103 - Click "Next".
  
  104 - Select you "Timezone".
  
  105 - Click "Next".
  
  106 - Ignore the "Configure WAN Interface" section and click "Next".
  
  107 - Ignore the "Configure LAN Interface" section and click "Next".
  
  108 - Change your "Root Password".
  
  109 - Click "Next".
  
  110 - Click "Reload" to apply the changes.
  
  111 - Navigate to "System > Firmware > Status" in the OPNsense interface.
  
  112 - Click "Check for updates". # Do this periodically
  
  113 - Click "Close".
  
  114 - Click "Update" to apply the updates and reboot.
  
  115 - Login using the user "root" and the new password from step 81.
  
  116 - Navigate to "Interfaces > LAN" in the OPNsense interface.
  
  117 - Check "Lock" to prevent interface removal.
  
  118 - Click "Save", followed by "Apply changes".
  
  119 - Navigate to "Interfaces > WAN" in the OPNsense interface.
  
  120 - Check "Lock" to prevent interface removal.
  
  121 - Select "DHCP" from the "IPv4 Configuration Type" dropdown menu.
  
  122 - Select "None" from the "IPv6 Configuration Type" dropdown menu.
  
  123 - Click "Save", followed by "Apply changes".
  
  124 - Navigate to "Interfaces > Settings" in the OPNsense interface.
  
  125 - Uncheck "Allow IPv6".
  
  126 - Click "Save".
  
  127 - Navigate to "System > Settings > Administration" in the OPNsense interface.
  
  128 - Select "LAN" from the "Listen Interfaces" and click "I know what I am doing" to confirm.
  
  129 - Click "Save".
  
  130 - Navigate to "System > Settings > General" in the OPNsense interface.
  
  131 - Check "Prefer IPv4 over IPv6".
  
  132 - Change the DNS servers "Use gateway" option from "None" to: # For both '1.1.1.2' and '1.0.0.2'
  
  WAN_GW - wan -
  
  133 - Type "." in the "DNS search domain" field.
  
  134 - Click "Save".
  
  135 - Navigate to "System > Firmware > Plugins" in the OPNsense interface.
  
  136 - Add the following plugins:
  
  os-clamav
  
  os-crowdsec
  
  os-tailscale
  
  137 - Navigate to "Power > Reboot" in the OPNsense interface.
  
  138 - Click "Yes" to reboot.
  
  139 - Login using the user "root" and the new password from step 81.
  
  140 - Navigate to "Lobby > Dashboard" in the OPNsense interface.
  
  141 - Copy your "WAN_GW" IP address from the "Gateways" widget. 
  
  142 - Navigate to "Services > Intrusion Detection > Administration" in the OPNsense interface.
  
  143 - Toggle the "advanced mode" option to "ON".
  
  144 - Check "Enabled".
  
  145 - Check "IPS mode".
  
  146 - Check "Promiscuous mode".
  
  147 - Select "Hyperscan" from the "Pattern matcher" dropdown menu.
  
  148 - Paste the "WAN_GW" IP address from step 114 into the "Home networks" field. 
  
  WARNING: You'll need to update this field everytime your public IP address changes!
  
  149 - Click "Apply".
  
  150 - Switch to the "Download" tab and select the following "Rulesets": # https://docs.opnsense.org/manual/ips.html#available-rulesets
  
  abuse.ch/Feodo Tracker
  abuse.ch/SSL Fingerprint Blacklist
  abuse.ch/SSL IP Blacklist
  abuse.ch/ThreatFox
  abuse.ch/URLhaus
  
  151 - You may also select the "ET Open" ruleset (optional). # For guidance, visit the Emerging Threats Community at: https://community.emergingthreats.net
  
  152 - Click "Enable selected".
  
  153 - Click "Download & Update Rules".
  
  154 - Navigate to "Services > ClamAV > Configuration" in the OPNsense interface.
  
  155 - Check "Enable clamd service".
  
  156 - Check "Enable freshclam service".
  
  157 - Click "Save".
  
  158 - Click "Download signatures" (on the top right corner of the page).
  
  159 - Navigate to "System > Configuration > Backups" in the OPNsense interface.
  
  160 - Click "Download Configuration". # Do this periodically
  
  161 - Navigate to "System > Shell" in the TrueNAS interface.
  
  162 - Copy and paste the following commands into the TrueNAS shell:
  
  sudo docker network rm home
  sudo docker network create --driver=macvlan --subnet=192.168.1.0/24 --ip-range=192.168.1.0/24 --gateway=192.168.1.253 -o parent=br0 home
  
  NOTE: If needed, replace the "home" network's subnet, ip-range and gateway (OPNsense) to match your TrueNAS network's settings!
  
  163 - Navigate to "Network > Global Configuration > Settings" in the TrueNAS interface.
  
  164 - Replace your router's IP address with your OPNsense IP address in the "Default Gateway" field, in most cases:
  
  192.168.1.253
  
  165 - Click "Save".
  
  166 - Navigate to "System > General Settings" in the TrueNAS interface.
  
  167 - Click on the "Manage Configuration" dropdown menu and select "Download File".
  
  168 - Check "Export Password Secret Seed".
  
  169 - Click "Save" to confirm.
  
  170 - If everything went well, reboot your TrueNAS system.
  
  Congratulations on successfully installing OPNsense in TrueNAS! :)
  
  ####################################################################################################
  # EOF - TrueNAS-Compose - URL: https://www.truenas-compose.com
  ####################################################################################################

Once these steps are completed, you'll be ready to use this Docker stacks on your TrueNAS CE (Scale).

Choose a Docker Stack from the dropdown below to get the Docker Compose and .env File configurations, along with Installation Instructions for TrueNAS CE (Scale).