TrueNAS 12 based on FreeBSD 12 now offers ZFS native filesystem encryption. A pool or any part of a pool may be encrypted. This is particularly useful when an application requires encryption of data at rest. One common use case is the encryption of Apple Time Machine backups at rest. In this article, I will explain how to configure an encrypted filesystem for use by Time Machine.
TrueNAS is built on FreeBSD and the ZFS copy on write filesystem originally developed at Sun Microsystems for use in petabyte scale systems, possibly with cluster filesystem support layered on top. Today among hobbyists and system integrators, TrueNAS finds use in small scale file servers in home and office environments.
Purchased storage systems from iX Systems (are you a Dune fan?) make ZFS and TrueNAS FreeBSD accessible to small organizations needing reliable shared file storage. It is ideal for small medical offices and graphic and creative arts professionals needing working and archival storage. The TrueNAS SOHO systems are price competitive with home brew from new systems as a result of volume purchase of components. TrueNAS carefully tailors the FreeBSD component selection and system configuration for the storage appliance mission. In most installations, TrueNAS functions solely in the storage role. In home and small office installations, it may also provide some application support. Here at Dismal Manor, our TrueNAS system also runs our Roon Audio service instance in a VM.
Roon and TrueNAS 12 coexist nicely. Here at Dismal Manor, I have a TrueNAS 12.0 server that has two jobs, to serve music and to provide Time Machine storage for MacOS Big Sur. In this episode, I will describe the TrueNAS configuration used here at Dismal Manor. This arrangement is not particularly elegant as I was learning to manage TrueNAS as it was evolving from FreeNAS 9 to the current TrueNAS 12 core.
All references were retrieved on Ground Hog day. Well across the date line.
TrueNAS functions in terms of pools, volumes, and filesystems. As I understand it, a pool is a TrueNAS container that combines multiple physical disks in a manner that lets TrueNAS use them as a virtual block device. Within the container, TrueNAS can create a volume which behaves like a block device. The volume can contain one or more file systems. The pool can also contain filesystems. File systems can contain file systems. File systems may be exported as network shared file systems.
Use a volume when you want to limit the size of the dataset. When you create a volume, you set a maximum size for it. ZFS uses lazy provisioning. It will add blocks to the volume as needed until the size limit is reached.
Most of the time you will create a filesystem or dataset because the object is expected to grow and you want it to have file system sharing semantics.
ZFS exports are always at the filesystem node level as identified by a filesystem path. This is in keeping with the original NFS model for which ZFS was designed to provide storage support. TrueNAS, to my knowledge, does not export block devices as a network service.
Dismal Manor is thoroughly modern so our Mac runs Big Sur. Dismal (our server) serves music, photos, and a couple of Time Machine spool volumes. Everything is in the primary ZFS Pool. Within the pool, individual datasets hold media, photos, and Roon Backups. One volume in the pool serves as the block device used by the virtual machine in which Roon runs.
The media dataset is further subdivided by iTunes (ALAC), HD Audio (ALAC and FLAC) purchased music from CD, HD Tracks (ALAC and FLAC) purchased music from HDtracks.com , and Qobuz (mostly FLAC but some ALAC) purchased music. It is only recently that iTunes and iThings tolerated FLAC and I’m not completely convinced that iThings like FLAC. So ALAC is kept separate for transfer to iThings.
The FLAC is kept separate by where it came from. HD Audio is FLAC from records. HD Tracks is media purchased from HD Tracks. Qobuz is media purchased from Qobuz, my current favorite source. The HD Audio is mostly direct purchases from artist websites, usually as media. The commercial services track purchases and allow transfer of media to a revived host in the event of media loss.
The figure below shows our shares. As you can see, the Time Machine spool is now SMB. There is a share for virtual machine installation media, one for Roon backups, and one for iTunes and other media, and one for photos.
The photos share is somewhat confounded by MacOS design. MacOS replication services expect the Photos AppLibrary to always be accessible (ie mounted at boot or is it login? Its Apple). So iCloud and the iThings do their thing to the thing-owner’s directory structure.
The Sony “real camera” is transferred twice, once into Photos App and a second time into ZFS photos file system. I’m slowly abandoning this practice as it is much easier to find an image in Photos, select it for editing, and pass it off to Luminar AI for editing.
Photos passes the raw file to Luminar. Luminar returns a TIFF with the edits back to Photos. As Firesign Theater was fond of saying, “When you are two places at once, you are no place at all.” It just became too hard to find stuff. Luminar has OK image management but for a hobby photographer, Big Sur Photos is champ.
Dismal runs a Roon virtual machine. In 2017-2018 I’d tried to run Roon on a Mac Mini running MacOS and that same Mac Mini running Ubuntu. Each time Dominion glitched us, I’d have to intervene on the Mac to get Roon up. Roon on the Mini was restarting before the shares came up so the mounts would fail.
So, I installed Roon in a VM on Dismal. This works nicely as TrueNAS starts the virtual machines after the file services are ready to go. The TrueNAS design enforces this sequence as hosting storage for zillions of virtual machines running Windows is a major TrueNAS use case. The data-less client rules in cubical land today.
This explains the ISOS dataset shared with Trey, this iMac. We fetch the appropriate installation media, copy it to ISOS, and specify it as the VM installation media. Once the OS is installed (Debian server is a good choice but also Ubuntu), download the Roon installation script and follow the Roon procedures.
Create the VM following the reference. Boot Linux from the ISO image and run the installer in the normal way following the TrueNAS VM creation instructions. Once the VM is ready, open a shell in the VM’s web interface and add the required packages to the distribution. The Roon installation procedure clearly explains the packages needed and lists them in an order that satisfies dependencies.
Once all of the dependencies are aboard, fetch the Roon installation script and run it as described in the Roon instructions. It will set up Roon as a service on the VM.
Then follow the Roon setup instructions to add media, create a place for configuration backups, etc. Once installed, your 2 week trial starts. The figure below shows how we configured our storage
Our music storage is partitioned into separate trees for iTunes media (mostly ALAC, but stuff that may be transferred to an iThing), HD Audio (mostly FLAC), and Q0buz purchases (mostly FLAC). I keep these last two separate so I know what came from where should something need replaced down the road.
Note that Roon Focus will let you select items by format and also by where they came from. Click Focus On to bring up the Focus view. Toward the left, there are buttons to refine the focus. Bring up this view, then slide left to bring up the format inspector. This will let you identify Tidal tracks, Qobuz tracks, etc. You can also view by location in the local library.
Roon can also run things down by location using the Inspector.
Once you have your search criteria set, you can export as a list for record keeping purposes. This is a useful thing to do occasionally should your library go missing. But ZFS is robust and you are satisfied with your backup. Aren’t you?
TrueNAS replication is a wonderful thing. Together, Snapshots and Replication let you deal with most file system misfortunes. If you accidentally delete something, it can be retrieved from a prior snapshot. If the local media becomes corrupt, the replication media should have a sound copy.
The purpose of snapshots and replication is two fold.
Keep in mind that snapshots and replication may not protect you from the local processor slowly going batty. This is extremely rare. Disk problems are most common, memory problems less common, and processor problems least common. I’ve yet to see one in integrated processors.
Back in the old days, our trusty work CDC 7600 started misplacing files. OS required files would go missing. The divide unit was miss-calculating hashes so the filer was retrieving random data when a disk directory record was expected. The OS (CDC Scope 2) would trap. The techs living inside the 10×10 paneled office quickly tracked down the divide unit as the problem. A fix took a bit longer as the divide unit was several racks of cigarette pack size modules and cabling to troubleshoot.
Here at Dismal Manor we have the following backups in place.
Note that we don’t treat iCloud storage of photos or data as a backup.
Both APFS, the new Apple File System, and ZFS are copy on write file systems. That means that when a file is updated, only the changed blocks are written to disk. The unaltered blocks remain as the were. So both ZFS and APFS permit retrieval of earlier versions of a file as recorded by snapshots. APFS is snap shotting for Time Machine. Time Machine, like ZFS replication, transfers the most recent snapshot to the backup device by writing just the changed blocks. Pretty slick? Yes actually. So Time Machine is writing to the ZFS SMB_TM dataset which is in turn backed up by ZFS replication to a second pool in our server. And just the changes are transferred!
This Sunday, I watched a Punch Brother’s live show. Yes watched Punch Brothers live streaming an hour-twenty or so of non-stop live music. Just five guys and a Neumann U-87 performing Oprey style like they always do on stage. Lots of tuning as keys changed. But tight and moved.
Punch Brothers engaged Mandolin.com a start up streaming production company to produce the show. Mandolin handled the lighting, video production, stream production, and content distribution and ticketing. The band prepared and practiced like they would for any live gig. Mandolin boffins and roadies handled all the tech for the show.
Publicity for the show. A Punch Brothers tweet, a Chris Thile retweet. Don’t know how big the crowd was. Dismal Manor was a sudden sailor for $25. Calvin needs shoes, what can I say?
Thanks to Apple for use of its Apple Silicon banner image. It’s a new dawn in Apple Land.
MacOS 11 Big Sur arrived at Dismal Manor. Its arrival was mostly uneventful after troubles with installation media download were resolved. Reference 1 gives an excellent guided tour (geeky) of Big Sur. Here, I’ll hit some first impressions.
On November 10, 2020 Apple announced new small MacBooks and a Mac Mini based on Apple Silicon M1, an Apple designed ARM system on a chip similar to those in iPad and iPhone but tweaked for larger computers. So what’s different and how should it affect your purchase plans?
Anyone spending time on YouTube and various fan sites has noticed the vast amount of click bait on the subject of the new M1 Macs. Most of it is some version of the FUD (fear, uncertainty, and doubt video). We are trying hard not to add to it or to get out over our skis here at Dismal Manor.
Apple has done something great. It will get greater as software shops revise their products to best use the new hardware and Mac OS Big Sur. Present Day Production advises continuing with your current computational environment until your software suppliers have sorted their products for the new OS and hardware. But the M1 Mini and Big Sur are working well enough to purchase and begin exploration and migration planning. What they are finding is that the core product works but individual audio or video plugins may be fussy. Fussy is not good for shop margins or delivery commitments so they are holding short of the runway until their suppliers say they’re good to go on the M1.
Apple released its most popular computers first, the individual laptops and the workhorse Mac Mini. They held off on iMac, the larger MacBooks targeted to knowledge workers, and the custom machines used in the graphic arts and software development in the large.
These machines look familiar on the outside but are completely different inside. The processor architecture is different, the graphics subsystem architecture is different, and the memory is on the processor die. So why upset the world like this? The Cold Fusion video introduces the core ideas underlying the Apple Silicon product line.
At last, the dog doorbell I’ve been wanting. Apple HomeKit Secure Video with Eufy second generation wireless cameras makes a nice dog doorbell. This article tells how to set up HomeKit 4 for the dog doorbell application.
I primarily use HomeKit to alert me when the dogs want in. We have only a couple of months of door open weather where temperature and humidity allow the garden door to stay open. The rest of the year it is shut. The cameras are more reliable than an ear peeled for barking (greyhounds are notoriously non-vocal). It also collects video in case we have a break in while I’m away. Greyhounds are not territorial but Rocky is. He scares the bejesus out of anyone who comes to the door.
Dismal Manor has two Eufy Camera 2 wireless battery powered cameras and a USB powered wireless camera. Since I purchased these for Dismal Manor, Eufy has retired the first generation products and now offers only the newer products compatible with the second generation bridge. Only the newer bridge runs the HomeKit gateway.
Eufy has extended the product line to include a complete set of home security door and window sensors, motion sensor, doorbell, etc. Although I’ve not tried it, I believe the perimeter sensors are also HomeKit compatible.
The featured image shows the view from our two back garden cameras. A Ubiquity UniFi Protect DVR and wired 3G cameras capture the front door approach and deep back garden. The Eufy cameras serve primarily as greyhound and fence line monitors. Note that they clearly show the gate and carport X-pen, fence line, and porch landing.
Your mileage may vary. I find battery life is about 2 months here as there are many dog motion and dog coming and going events to be recorded. Battery life is easily checked in Home App camera settings.
Dismal Manor is set up to detect animals and people on the porch. HomeKit will spool video, send an alert, and save video when people or pooches are detected on the porch deck at the door. This is very useful as it lets me know that a dog wants in. Or is mounting Zombie Squad HQ patrol from the porch deck.
An Eve Home door sensor logs door openings and closings in HomeKit. These can be correlated with video clips to locate video of an unauthorized entry.
I have disabled vehicle detection and carefully panned the cameras to minimize the view of the street. Vehicle motion will significantly reduce battery life. Night time vehicle light motion will also eat into battery life.
Note that, depending on motion detection sophistication, the cameras may also report shadow movement and tree branch movement. Be careful to keep busy tree limbs pruned out of view.
Each camera can be configured individually detect motion. There are three settings that may be enabled individually.
This is the key. I can suppress vehicle motion that I don’t care about. These cameras can see a bit of street and traffic is continuous so I don’t want to spend battery saving vehicle transit clips.
People motion can be disabled when the camera has a view of street or public sidewalks. No sense recording passers by. Local or state ordinances may restrict such recording. At a minimum, you must tell people they are on candid camera.
Filtering or reporting animal motion is useful depending on use case. Here at the manor, I have enabled animal motion detection. This ability makes the dog doorbell possible. When a dog comes up on the landing, it is detected and reported.
I have my cameras configured as shown above. Detect people (usually me), detect animals (usually Rocky) and record them. The bridge reflects these settings properly on the Eufy side of things.
Recording happens in an AppleTV or HomePod in the Manor. I’m not sure which takes lead. The Eufy Base Station also has 16 GB of video storage to cache clips locally. Clips pushed off site are encrypted and can only be recovered via the Home App on a Mac or iThing. And all devices must be logged in to a common Apple ID. Access by other Apple IDs may be configured by adding the Apple ID to the HomeKit home.
I can look in on the dogs while away from home. A third Eufy wired camera is our “RockyCam” that is active when I’m away from home. I can check it over LTE to see how badly Rocky is pacing in my absence. He’s convinced there are Zombies under the bed. This camera is positioned primarily to show door reactions and pacing between the lounge and bedrooms. It is set up for away recording.
I have the MacOS notifications set up as shown below. The iPhone is set up to report when any motion is detected.
To participate in HomeKit secure video, an iThing must have a Home App installed. Each iThing individually controls notification delivery. I have my iPhone set to always deliver motion detection notifications. It is also set to pass these on to Apple Watch. This combination lets Apple Watch tap me on the wrist when a dog wants in.
You can gate notifications using your WHISKEY (location, not single malt preference). When home or when not home. I leave this setting off which is treated as always. This works nicely as I get a tap on the wrist when Rocky or Missy wants in.
On Thursday, Siri and I had a shouting match ending in a hard reset and reconfiguring of HomePod. Fortunately, Apple Support procedures included a reset procedure that put HomePod back into factory fresh condition, updated the firmware to HomePodOS 14.1, and allowed me to reconfigure HomePod for use here in the study.
The 14.1 release adds support for HomePod Mini, configuration transfer, the Intercom feature Uncle Tim demonstrated, and more.
Save yourself a lot of trouble and use Genuine Apple Support Procedures rather that magazine articles or how-to click bait.
Apple appears to have resolved the AirPlay connection difficulties in HomePodOS 14.1 release. Before 14.1, HomePod AirPlay server would get horribly tangled and would refuse non-Apple connection requests, specifically from Roon Core. After much fowl language and a reset, HomePod appears to be sorted and is accepting Roon connections.
Siri still has the problem of playing unwanted music in an attempt to ingratiate herself with the user. Since I haven’t used Apple Music in 3 years, she’s at a bit of a loss as to what should be played. There is still no way to turn off Apple Music in HomePod OS or in MacOS. If you remove Apple Music, audio codec libraries are removed.
MacOS Home App lets you check the HomePodOS version fairly easily. Double click on the tile representing the offensive HomePod. It will open to show the device’s preferences pane. Scroll to the bottom where the device ID and software version information appears.
Single clicks will reward you with unwanted music chosen by Siri for your annoyance.
You can also reset or remove your HomePod here.
Apple’s first HQ was at 1 Infinite Loop in Mountain View. Steve Jobs and I apparently share a self-deprecating sense of humor. With the new HQ, Apple now has a much less memorable address. So why write about infinite loops? There appears to be one in the process of changing an Apple ID’s password. Apple ID is the key to using Apple iCloud services and enabling iThings to collaborate in a user environment.
Would the change Apple ID password pass the Tim Cook test? I suspect not. Tim’s an old duffer like me. Or maybe Tim likes infinite loops. Somehow, I suspect not.
In his search for a better calendaring app, the Dismal Wizard remembered that he had been using CardHop for some time to wrangle contacts quickly. So he poked around some at the App Store to discover that the Card Hop people are also the Fantastical Calendar people. So he bravely plunked down $5 colonial dollars for a one month trial of Premium Fantastical Calendar. It is what the Wizard had been seeking for 18 years. He’ll explain after the break
You must be logged in to post a comment.