# TrueNAS Server

## Access

- **Hostname**: nas.dohertylan.com
- **Version**: TrueNAS 25.04.2.6 (Electric Eel / Linux-based)
- **SSH**: `ssh truenas_admin@10.100.0.25` (passwordless)
- **Web UI**: https://10.100.0.25 (ports 80/443 listening)
- **Domain**: dohertylan.com
- **DNS**: 10.100.0.1

## Network Interfaces

### ens224 — Management / General (10.100.0.0/24)
- **MTU**: 1500
- **IPs**: 10.100.0.25, .26, .27
- **Default gateway**: 10.100.0.1
- **Services**: SMB (445/139), WS-Discovery (5357), SSH (22), HTTP/S (80/443)
- **No NFS on this interface** — NFS (2049) does not bind to 10.100.0.x addresses

### ens256 — Storage / High-speed (10.50.0.0/24)
- **MTU**: 9000 (jumbo frames)
- **IPs**: 10.50.0.25, .26, .27, .28
- **Services**: SMB (445/139), NFS (2049)
- **No default route** — this is a dedicated storage network

## ZFS Pools

| Pool | Size | Used | Free | Health |
|------|------|------|------|--------|
| mypool | 175T | 83.5T | 91.2T | **DEGRADED** |
| SSD_Pool | 2.91T | 3.01G | 2.90T | ONLINE |
| boot-pool | 15G | 11.6G | 3.40G | ONLINE |

**Note**: `mypool` is in DEGRADED state.

### Key Datasets

| Dataset | Mountpoint | Used |
|---------|------------|------|
| mypool | /mnt/mypool | 60.7T (33.5T direct) |
| mypool/veeam | /mnt/mypool/veeam | 26.5T |
| SSD_Pool/benchmark | /mnt/SSD_Pool/benchmark | 3.00G |

`/mnt/mypool/share` and `/mnt/mypool/Other` are directories within the `mypool` dataset (not child datasets).

## SMB Shares

- **Workgroup**: DOHERTYLAN
- **NetBIOS name**: NAS
- **Multichannel**: enabled
- **Bind interfaces**: all IPs on both subnets + loopback
- **NTLMv1**: disabled (`ntlm auth = False`)
- **Guest**: disabled on all shares (`guest ok = False`)

| Share | Path | Notes |
|-------|------|-------|
| share | /mnt/mypool/share | Oplocks disabled, performance-tuned (aio 16K, max_xmit 64K) |
| Other | /mnt/mypool/Other | "Other files", POSIX locking off |
| benchmark | /mnt/SSD_Pool/benchmark | On SSD pool, io_uring sqpoll enabled, aio 16K |

### SMB Users

| User | UID | Full Name |
|------|-----|-----------|
| dohertj2 | 1000 | Joseph Doherty |
| homero | 3001 | Home RO |

## NFS Exports

| Export | Allowed Clients | Squash | anonuid/gid |
|--------|----------------|--------|-------------|
| /mnt/mypool/share | * (all) | all_squash | 1000/0 |
| /mnt/mypool/Other | * (all) | all_squash | 1000/0 |
| /mnt/SSD_Pool/benchmark | * (all) | all_squash | 1000/1000 |
| /mnt/mypool/veeam | 10.50.0.0/24 only | root (anonuid=0) | 0/— |

All exports use `sec=sys` (AUTH_SYS, no Kerberos).

**Important**: NFS (port 2049) only listens on 10.50.0.x addresses. NFS is not reachable via the 10.100.0.0/24 network.

## Filesystem ACLs

| Path | Owner | Group | Permissions |
|------|-------|-------|-------------|
| /mnt/mypool/share | dohertj2 | root | 755 |
| /mnt/mypool/Other | dohertj2 | dohertj2 | 755 |
| /mnt/SSD_Pool/benchmark | dohertj2 | dohertj2 | 777 |
| /mnt/mypool/veeam | root | root | 755 |

## Firewall

No firewall rules — iptables INPUT/OUTPUT/FORWARD all ACCEPT. No nftables rules.