A year ago I built a NAS to reduce my reliance on cloud services, and set up an arr stack. I went with TrueNAS Scale, which was on Bluefin at the time. In the past 12 months, TrueNAS Scale has been through FOUR major OS versions, with a fifth already announced. At least one of those involved a release train switch so, despite diligently checking for updates in the dashboard, I was left in the dust with an obsolete OS, and didn’t find out until it was already a huge hassle to upgrade.

I’ve been really happy with the utility and benefit of having this tool, but holy smokes how is anybody supposed to keep up with all of this? This is far from my only hobby, and I simply do not have the time, patience, or interest for a constant race to keep up with vetting new release versions and fixing what breaks every 3 weeks. I have enough tinkering hobbies as it is.

On top of that, there’s the whole blow up with TrueCharts, which has also left me with an entire suite of obsolete albatrosses around my NAS that I need to deal with. Am I still waiting for them to figure out an upgrade path? I don’t even know anymore.

Sorry for the rant, but I guess what I’m looking for is: how do you keep up with the constant maintenance and updates, and where do I go from here, in February 2025, with a system running Bluefin 22.12, a 32TB ZFS pool (RAIDZ1) that has to remain intact, and a handful of TrueCharts apps that I don’t want to lose the data from (e.g. Jellyfin configs/watch history)?

  • Fedegenerate@lemmynsfw.comEnglish
    4·
    1 day ago

    Release: stable

    Keep the updates as hands off as possible. Docker compose, TTeck’s LXC updater, automatic upgrades.

    I come through once a week or so to update the stacks (dockge > stack > update), I come through once a month or so to update the machines (I have 5 total). Total time updating is 3hrs a month. I could drop that time a lot when I get around to writing some scripts to update docker images, then I’d just have to “apt update && apt upgrade”

    Minimise attack surface and outsource security. I have nothing at all open to the internet, I use Tailscale to create tunnels. I’m trusting my security to Tailscale but they are much, much, better at it than I am.

    • sugar_in_your_tea@sh.itjust.worksEnglish
      2·
      10 hours ago

      Automatically upgrading docker images sounds like a recipe for disaster because:

      • could pull down change that requires manual intervention, so things “randomly” break
      • docker holds on to everything, so you’d need to prune old images or you’ll eventually run out of disk space; if a container is stopped, your prune would make it unbootable (good luck if the newer images are incompatible with when it last ran)

      That’s why I refuse to automate updates. I sometimes go weeks or months between using a given service, so I’d rather use vulnerable containers than have to go fix it when I need it.

      I run OS updates every month or two, and honestly I’d be okay automating those. I run docker pulls every few months, and there’s no way I’d automate that.

      • Fedegenerate@lemmynsfw.comEnglish
        2·
        10 hours ago

        I’ve encountered that before with Watchtower updating parts of a serrvice and breaking the whole stack. But automating a stack update, as opposed to a service update, should mitigate all of that. I’ll include a system prune in the script.

        Most of my stacks are stable so aside from breaking changes I should be fine. If I hit a breaking change, I keep backups, I’ll rebuild and update manually. I think that’ll be a net time save over all.

        I keep two docker lxcs, one for arrs and one for everything else. I might make a third lxc for things that currently require manual updates. Immich is my only one currently.

        • sugar_in_your_tea@sh.itjust.worksEnglish
          2·
          9 hours ago

          Watchtower

          Glad it works for you.

          Automatic updates of software with potential breaking changes scares me. I’m not familiar with watchtower, since I don’t use it or anything like it, but I have several services that I don’t use very often, but would suck if they silently stopped working properly.

          When I think of a service, I think of something like Nextcloud, Immich, etc, even if they consist of multiple containers. For example, I have a separate containers for libre office online and Nextcloud, but I upgrade them together. I don’t want automated upgrades of either because I never know if future builds will be compatible. So I go update things when I remember, but I make sure everything works after.

          That said, it seems watchtower can be used to merely notify, so maybe I’ll use it for that. I certainly want to be around for any automatic updates though.

          • Fedegenerate@lemmynsfw.comEnglish
            2·
            6 hours ago

            It’s Watchtower that I had problems with because of what you described. Watchtower will drop your microservice, say a database, to update it and then not reset the things that are dependent on it. It can be great just not in the ham fisted way I used it. So instead I’m going to update the stack together, everything drops, updates, and comes back up in the correct order

            Uptime Kuma can alert you when a service goes down. I am constantly in my Homarr homepage that tells me if it can’t ping a service, then I go investigating.

            I get that it’s scary, and after my Watchtower trauma I was hesitant to go automatic too. But, I’m managing 5 machines now, and scaling by getting more so I have to think about scale.

            • Pika@sh.itjust.worksEnglish
              2·
              2 hours ago

              I don’t use Watchtower myself for the same reasons described, but I was under the understanding if you had a container as a dependency on another container that if you took the dependency down it also took the container down. Is this not actually true?

              • Fedegenerate@lemmynsfw.comEnglish
                1·
                1 hour ago

                I am not the person to be asking, I am no docker expert. It’s is my understanding depends_on: defines starting order. Once a service is started, it’s started. If it has an internal check for “healthy” I believe watchtower will restart unhealthy containers.

                This is blind leading the blind though, I would check the documentation if using watchtower. We should both go read the “depends on” documents as we both use it.

                • Pika@sh.itjust.worksEnglish
                  2·
                  44 minutes ago

                  Strangely it sounds like that’s correct. I was under the understanding that depends_on cared about it past start as well but it does not. It doesn’t look like there’s a native way of turning containers that are depending on one another when you turn the dependency off. It looks like the current recommended way of doing it is either with a Docker compose file (which doesn’t help if the process crashed/was concidered unhealthy), or having a third party script on the host monitor the dependencies and if one is considered offline, it turns the dependees off.

                  Looking into it the concern has been approached twice now on the GitHub page, however every time that it’s been brought up it’s been closed for stale because nobody ever replies to the question

                  • Fedegenerate@lemmynsfw.comEnglish
                    1·
                    38 minutes ago

                    That was my conclusion as well, however I am at work and it’s not appropriate to be reading docker documentation. Thank you for the write up.