TrueNAS-Compose | Your Docker Stacks for TrueNAS CE (Scale)

Wikis & How-to Guides
,
1

Hi everyone,

I’m creating this thread to ask for your assistance in setting up the ultimate home server using TrueNAS Scale and Docker-Compose.

To help others achieve this goal, I’ve built a simple webpage (still a work in progress, not fully optimized yet, just a Proof of Concept) that I hope will be useful to everyone:

The following applications are set up through this guide:

DOCKER COMPOSE:

NOTIFICATIONS:

ADMIN:

NET-ADMIN:

DEV:

REMOTE:

DNS-DHCP:

REV-PROXY:

SECURITY:

AUTH:

TAILNET:

VPN-SEARCH:

VPN-P2P:

VPN-ARR:

VPN-ALL:

MEDIA:

PHOTOS:

CLOUD:

OFFICE:

LOCAL-AI:

HOME:

GAMES:

CMS:

WEBSITE:

WINDOWS:

While I’m not an expert in Docker, I’m an enthusiast eager to get your help in optimizing the stacks and the instructions for each one. The aim is to make them secure, fully functional, and easy to set up.

PS: Before posting this thread, I reached out via the Level1Techs contact form to request permission to open a thread on the forum. However, I haven’t received a response yet, so I went ahead and posted to get feedback as soon as possible. I sincerely hope I’m not violating any forum rules.

Thanks for your support!

Best regards,
PapaGigas

5 Likes
2

This is an easy to follow guide for a noob like me. Thank you for your time making it.

There are couple issues though, figuring the remote access to some of the services is trial and error or rather re-reading the configuration to find the right ports.

For example, trying to access remotly Kali Linux, I tried two ports visible in Dockge - 38086, 38087 while it actually the other ports: 3000 and 3001.

Is there a way for Dockge to redirect to ‘configured-ip:3001’ port?

4

That’s because Kali Linux is running on a macvlan network called ‘home’.

If you comment that network and redeploy the stack you’ll be able to access it via the host ports! :wink:

networks:
  #home:
    #ipv4_address: ${KALI_HOST_IP:-192.168.1.53}
  proxy:
    ipv4_address: 172.17.0.11

If you remove it from the ‘home’ network you can access it via Dockge or like this:

http://192.168.1.1:38086

https://192.168.1.1:38087

Or… keep it on the ‘home’ network and just disable the host ports (optional):

#ports:
  #- 38086:3000
  #- 38087:3001

Then… you can access it like this (but not from Dockge):

http://192.168.1.53:3000

https://192.168.1.53:3001

PS: Thanks for your feedback! I’ll try to make this clearer in the installation instructions for the containers that are using the ‘home’ network. :wink:

Best regards,
PapaGigas

1 Like
5

Just want to let you know that obtaining API for NordVPN doesn’t work, the link to API returns 404 error.

Is there another way to configure NordVPN or get their API key? Their legacy API has been deprecated.

Up to this point I had no major issues with following your guide. I have to say again it’s quite straightforward.

6

Sorry, my mistake, lol, thanks for pointing that out! :slight_smile:

Here’s the updated version:

25 - Open NordVPN's dashboard and navigate to "Access token" to generate a new access token. # https://my.nordaccount.com/dashboard/nordvpn/access-tokens/authorize

26 - Navigate to "System > Shell" in the TrueNAS interface.

27 - Copy and paste the following command into the TrueNAS shell to get your wireguard key: # Replace '<access_token>' with the token generated on step 25

curl -s -u token:<access_token> https://api.nordvpn.com/v1/users/services/credentials | jq -r .nordlynx_private_key

Best regards,
PapaGigas

1 Like
7

That did it, thank you.

Sorry for bombarding you with questions, but if I don’t have Nvidia then for the immich to work correctly I need to ditch the whole config for immich-ai, is that correct?

8

Yes, you can ditch the ‘immich-ai’ service entirely.

You also need to remove this from the ‘immich’ service:

runtime: nvidia
deploy:
  resources:
    reservations:
      devices:
        - driver: nvidia
          count: all
          capabilities: [compute, utility]

This from the environment variables:

  - MACHINE_LEARNING_HOST=172.17.22.3
  - MACHINE_LEARNING_PORT=3003
  - MACHINE_LEARNING_WORKERS=1
  - MACHINE_LEARNING_WORKER_TIMEOUT=120
  - NVIDIA_DRIVER_CAPABILITIES=all

And this from the dependencies:

  immich-ai:
    condition: service_healthy

PS: I’ll be finishing the guide next week when I get back home, but in the meantime, I’ll try to help with any issues that might come up! :wink:

Best regards,
PapaGigas

1 Like
9

Unfortunately, this still doesn’t work, this is what dockge shows me:

[+] Running 3/3
 ✘ Container immich-postgres  Error                                                                 0.2s 
 ✔ Container immich-redis     Healthy                                                               0.2s 
 ✔ Container immich           Created                                                               0.1s 
dependency failed to start: container immich-postgres is unhealthy

There seems to be a problem with permissions, since dockge fails to deploy the container it doesn’t even show the terminal. Portainer is able to show me the log for immich-postgress and this is what I get:

mkdir: cannot create directory ‘/var/lib/postgresql/data’: Permission denied

Thanks again.

Update:

I tried changing permissions using suggestion from ChatGPT (I guess if this not the good solution I can start over):

sudo chown -R 999:999 /mnt/tank/docker/photos/immich/postgres
sudo chmod -R 770 /mnt/tank/docker/photos/immich/postgres

This solved the problem with permissions and deployment was successful, Immich was able to run without issues. Thought, I’d let you know.

I am also having some issues with NextCloud, but I will redeploy again from the beginning, maybe I messed up something. I will try over the weekend and see if I can reproduce the same errors I am getting.

I really cannot stress how helpful your guide is.

Thanks,
Bart.

10

Strange…

It should’ve worked with the default ACL…

Did you by any chance skip this step in TrueNAS CLI? :confused:

storage dataset create name=tank/docker/photos/immich/postgres share_type=APPS

To check if you’ve created the ‘postgres’ dataset you can follow this steps:

1 - Navigate to "Datasets" in the TrueNAS interface.

2 - Expande your Apps' pool tree, expande "docker",  expande "photos",  expande "immich" and check if the "postgres" dataset is present.

PS: What’s wrong with Nextcloud’s stack?

Best regards,
PapaGigas

1 Like
11

I tried this three times from scratch, to make sure that I didn’t miss anything, and always ended with the same issue:

mkdir: cannot create directory ‘/var/lib/postgresql/data’: Permission denied

I can confirm that I did create this dataset just by going into shell and typing ‘cli’ and then using up arrow to scroll through previously typed commands, at least I did last time.

Nextcloud was not letting me choose database but it’s sorted now. However when I am at this stage I get the error about sel-signed certificate:

{0E2ABC68-6D22-48B9-8910-BF80F980DBBE}
{0E2ABC68-6D22-48B9-8910-BF80F980DBBE}1353×199 29.4 KB

12

What version of TrueNAS Scale are you running?

And since you’re not using a TLD, try to set Collabora like this:

39 - Copy and paste the following commands into the TrueNAS shell to set up Collabora:

sudo docker exec -it nextcloud occ config:app:set richdocuments wopi_url --value=http://192.168.1.1:9980
sudo docker exec -it nextcloud occ config:app:set richdocuments wopi_allowlist --value=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
sudo docker exec -it nextcloud occ richdocuments:activate-config

Hope it works…

Best regards,
PapaGigas

1 Like
13

TrueNAS Scale verion: ElectricEel-24.10.2

Also:
43 - Navigate to “Administration settings > Whiteboard” and verify that “Whiteboard backend server is configured and connected”.

Instead I get error: Failed to verify the connection: websocket error

46 - Copy and paste the following into “High-performance backend URL” …
51 - Copy and paste the following into “Recording backend URL”…

For both I get error: Server responded with: 0

14

After making changes to Collabora I got this error:

{95B2E695-DD04-4637-81EE-78E2E5913E4E}
{95B2E695-DD04-4637-81EE-78E2E5913E4E}1340×197 28.9 KB

15

Try using “http://” instead of “https://”…

Best regards,
PapaGigas

1 Like
16

Unfortuantely that didn’t work either.

sudo docker exec -it nextcloud occ config:app:set richdocuments wopi_url --value=http://10.0.1.3:9980

went back to http, got this:

{C16579C3-AEC5-4F77-9966-1BC2462A4DB3}
{C16579C3-AEC5-4F77-9966-1BC2462A4DB3}1262×244 38.6 KB

went back to https, and I didn’t get any error this time:

{F142622C-DDA0-46B4-A676-41539E72546C}
{F142622C-DDA0-46B4-A676-41539E72546C}1157×433 55.4 KB

but this still doesn’t work:

{8E91FE9E-DF1E-4B70-8EA2-94B1DB32CC1B}
{8E91FE9E-DF1E-4B70-8EA2-94B1DB32CC1B}1269×1153 54.5 KB

17

Can you reach Collabora’s Admin console?

https://10.0.1.3:9980/browser/dist/admin/admin.html

If yes, login into it and test the connection again in “Nextcloud Office”…

PS: What about the Whiteboard? Can you reach it using “http://” instead of “https://”?

Best regards,
PapaGigas

1 Like
18

Both seem to work now, after I went to the Collabora console and accepted exception in Firefox. Same for Whiteboard.

1 Like
19

That’s what I thought, lol, I’ll put that warning in the guide, thanks! :wink:

Best regards,
PapaGigas

1 Like
20

Yeah that would be handy. Thanks.

The only thing that doesn’t work is High-performance backend.

wss://signaling.int.local responds with : 0

Recording works responds with “OK: Running version: 01” only if I untick ‘Validate SS certificate’ - thought I let you know.

21

Try using your host’s IP:Port instead of a domain name:

wss://10.0.1.3:38094

Or…

wss://172.17.17.6:8081

And yes, untick “Validate SSL certificate”! :wink:

PS: You can also try using “ws://” instead os “wss://”…

Best regards,
PapaGigas

2 Likes