from trilobite@lemmy.ml to selfhosted@lemmy.world on 16 May 17:45
https://lemmy.ml/post/47431729
So here is my dilemma. I have a Truenas server that basically acts as a file server. I also have a little machine running Proxmox. I have an NFS share on the Proxmox machine for saving VM backups so that they are secure. On the Proxmox VM, I want to install docker instances. Some of them require large data repositories so I can’t have the data stored on the VM. I’m thinking of creating an “apps” dataset on the Truenas machine, then exporting it via NFS and mounting on the VM. Then I redirect all the Docker volumes on this NFS share. Say I have Docker_App1 on the Proxmox VM, then I would create a folder in the /mnt/Truenas_share/Docker_App1. Do you think this will work? The alternative is to create an individual dataset on the Truenas machine for each Docker_App but this feels overkill and a nightmare to setup and maintain. How are you managing Docker volumes over NFS?
#selfhosted
threaded - newest
It works fine. I do it. I mount the services share to /mnt/data on the host and then just path mount /mnt/data/servicename to the container.
Some of my containers I also mount to directly using NFS volumes in the docker compose. This is for things that generally aren’t service data, like media.
Both is fine. Maintaining different datasets has the administrative overhead you mentioned, but can have security benefits, e.g. if you use different users in the different docker services and adjust the NFS permissions correspondingly. If service A gets hacked and escapes the container but doesn’t get privilege escalation, it can’t access the other services’ data.
This is independent of which version you choose, but check whether adding some storage to Proxmox is an option. Having TrueNAS as a runtime dependency for all your services can get annoying real quick.
I have nfs shares on my truenas for my docker containers on proxmox. I put the info in my guest’s fstab and they usually mount at boot to /srv folders I created and specified.