| 2026-03-15 |
skydick: keep SMB passwords synced from LDAP
|
skydick: switch Samba to ldapsam, rename ylw→ye-lw21, drop legacy datasets
...
- Samba passdb backend changed from tdbsam to ldapsam:ldap://10.0.0.1
- Added samba-ldap-admin-password oneshot to seed LDAP admin cred before smbd
- Pinned storage group to GID 997 to match LDAP posixGroup
- Renamed ylw to ye-lw21 across all hosts (users.nix, skydick, xlab-gateway)
- Removed legacy tmpfiles and NFS exports (share/backup/torrent/vm destroyed)
- Added bootstrap LDIF for sambaDomain, storage group, machines OU
Co-Authored-By: Claude Opus 4.6 <[email protected]>
|
| 2026-03-14 |
skydick: redesign datapool with per-user datasets and service model
...
Replace flat purpose-first layout (share/media/torrent/backup/vm) with
user-first hierarchy:
- dick/public: shared collaborative files
- dick/media: shared media with data/ + library/ in one hardlink domain
- dick/users/<user>/{files,bt-state,vm}: per-user private trees with
ZFS quotas, per-user NFS all_squash, and Samba [homes]
- dick/system/{backup,vm}: admin-only system datasets
- dick/templates/vm: read-only shared VM base images
NFS exports split media into rw writer (all_squash to qbittorrent) and
ro reader (/media/library). Per-user exports use explicit anonuid/gid.
Samba uses [public] for shared, [homes] for per-user, [media] ro for
library. Legacy exports preserved for active migration.
Add DATAPOOL.md with user/admin guide covering SMB/NFS connection,
new-user provisioning, quotas, and troubleshooting.
Co-Authored-By: Claude Opus 4.6 <[email protected]>
|
skydick: increase NFS server threads to 64
...
Default 8 threads is insufficient for 10GbE throughput.
64 threads allow better parallelism for concurrent NFS clients.
Co-Authored-By: Claude Opus 4.6 <[email protected]>
|
skydick: use all_squash for media/torrent NFS exports
...
Map all NFS client UIDs to qbittorrent:storage (900:997) on
media and torrent exports. Eliminates need for UID/GID
coordination between NFS clients and server.
Co-Authored-By: Claude Opus 4.6 <[email protected]>
|
skydick: fix qbittorrent UID collision with ylw
...
UID 1002 was already assigned to ylw on skydick. Change qbittorrent
system user to UID 900 to avoid the collision. NFS sec=sys maps by
UID number, so this must not conflict with any normal user.
Co-Authored-By: Claude Opus 4.6 <[email protected]>
|
skydick: add qbittorrent user and make media NFS export writable
...
Add qbittorrent system user (UID 1002, group storage) for NFS
root_squash write access. Change /srv/media export from ro,async
to rw,sync to support *arr torrent downloads under /srv/media/torrents/.
Co-Authored-By: Claude Opus 4.6 <[email protected]>
|
skydick: add NVMe SLOG+L2ARC documentation for datapool
...
Intel DC P4600 750GB: 8GB SLOG partition for sync write acceleration,
remaining ~690GB as L2ARC read cache for VM working sets.
Co-Authored-By: Claude Opus 4.6 <[email protected]>
|
| 2026-03-13 |
skydick: fill in actual Mach2 WWNs for datapool creation
...
5x ST14000NM0001 14TB SAS Mach2 drives, 4 active + 1 spare.
Mirror vdevs pair LUN0/LUN1 from different physical drives.
Co-Authored-By: Claude Opus 4.6 <[email protected]>
|
skydick: extract datapool.nix for Mach2 ZFS storage config
...
Move all storage-serving config (NFS, Samba, iSCSI, tmpfiles, firewall
ports, storage group) from default.nix into datapool.nix. Add Mach2
dual-actuator mirror layout documentation, new datasets (torrent, vm),
and clean permission model (setgid storage group for user data).
Co-Authored-By: Claude Opus 4.6 <[email protected]>
|
