birnam · April 24, 2026 13:54
diff --git a/check-truenas.sh b/check-truenas.sh
 #!/bin/bash

 ping -c 1 172.25.44.21 && nc -zv 172.25.44.21 3260

 if [ $? -eq 0 ]; then
  sleep 2
  systemd-notify --ready
 fi

 exit $?
diff --git a/ip-verify-for-iscsi.service b/ip-verify-for-iscsi.service
 [Unit]
 Description=Checks the TrueNAS IP and port 3260 to see if open-iscsi is ready to run
 Wants=network-online.target
 After=network-online.target

 [Service]
 Type=notify
 ExecStart=/lib/mount-on-vm/check-truenas.sh
 Restart=on-failure
 RestartSec=5

 [Install]
 WantedBy=multi-user.target
diff --git a/mount-on-vm.service b/mount-on-vm.service
 [Unit]
 Description=Finishes mounting drives that are on the VM
 Requires=open-iscsi.service

 [Service]
 Type=simple
 ExecStart=/bin/bash /lib/mount-on-vm/mount.sh
 Restart=on-failure
 RestartSec=5

 [Install]
 WantedBy=multi-user.target
diff --git a/mount.sh b/mount.sh
 #!/bin/bash

 iscsiadm  --mode node  --targetname "iqn.2005-10.org.freenas.ctl:paperless" --portal "172.25.44.21:3260" --login
 iscsiadm  --mode node  --targetname "iqn.2005-10.org.freenas.ctl:ocis" --portal "172.25.44.21:3260" --login
 mount --fstab /lib/mount-on-vm/vm-drives.fstab -a

 sleep 2

 # verify

 mountpoint -q /mnt/lxc_shares/paperless && \
  mountpoint -q /mnt/lxc_shares/ocis && \
  mountpoint -q /mnt/lxc_shares/media

 exit $?
diff --git a/open-iscsi.service.d-override.conf b/open-iscsi.service.d-override.conf
 # /etc/systemd/system/open-iscsi.service.d/override.conf

 [Unit]
 Wants=ip-verify-for-iscsi.service network-online.target remote-fs-pre.target
 After=ip-verify-for-iscsi.service iscsid.service
diff --git a/vm-drives.fstab b/vm-drives.fstab
 # paperless iscsi
 /dev/disk/by-path/ip-172.25.44.21:3260-iscsi-iqn.2005-10.org.freenas.ctl:paperless-lun-0 /mnt/lxc_shares/paperless ext4 _netdev 0 0

 # ocis iscsi
 /dev/disk/by-path/ip-172.25.44.21:3260-iscsi-iqn.2005-10.org.freenas.ctl:ocis-lun-0 /mnt/lxc_shares/ocis ext4 _netdev 0 0

 # note the gid:uid of these shares, which are `lxc_share`:`lxc_share_root`,
 # which were created with IDs of 110000:100000 -- and TrueNAS has matching group:user with those gid:uid
 # the mount locations are created with chown lxc_share:lxc_share_root to match
 # these values translate to 0:10000 inside an unprivileged LXC, which is root and a gid of 10000
 # this allows fairly transparent access to these shares from an unprivileged LXC using a simple mount like:
 # mp0: /mnt/lxc_shares/downloads,mp=/mnt/downloads

 # paperless-consumption via smb
 //172.25.44.21/Paperless-Consumption /mnt/lxc_shares/paperless-consumption cifs credentials=/root/.paperless.smbcredentials,iocharset=utf8,uid=lxc_share_root,gid=lxc_share,nobrl 0 0

 # downloads via smb -- 'nobrl' required for database locks in apps like calibre
 //172.25.44.21/Downloads /mnt/lxc_shares/downloads cifs credentials=/root/.downloads.smbcredentials,uid=lxc_share_root,gid=lxc_share,iocharset=utf8,nobrl 0 0

 # general share directory via smb
 //172.25.44.21/shared /mnt/lxc_shares/shared cifs credentials=/root/.shared.smbcredentials,uid=lxc_share_root,iocharset=utf8,gid=lxc_share,nobrl,dir_mode=0775,file_mode=0664,vers=3.1.1 0 0
	#!/bin/bash

	ping -c 1 172.25.44.21 && nc -zv 172.25.44.21 3260

	if [ $? -eq 0 ]; then
	sleep 2
	systemd-notify --ready
	fi

	exit $?
	[Unit]
	Description=Checks the TrueNAS IP and port 3260 to see if open-iscsi is ready to run
	Wants=network-online.target
	After=network-online.target

	[Service]
	Type=notify
	ExecStart=/lib/mount-on-vm/check-truenas.sh
	Restart=on-failure
	RestartSec=5

	[Install]
	WantedBy=multi-user.target
	[Unit]
	Description=Finishes mounting drives that are on the VM
	Requires=open-iscsi.service

	[Service]
	Type=simple
	ExecStart=/bin/bash /lib/mount-on-vm/mount.sh
	Restart=on-failure
	RestartSec=5

	[Install]
	WantedBy=multi-user.target
	#!/bin/bash

	iscsiadm --mode node --targetname "iqn.2005-10.org.freenas.ctl:paperless" --portal "172.25.44.21:3260" --login
	iscsiadm --mode node --targetname "iqn.2005-10.org.freenas.ctl:ocis" --portal "172.25.44.21:3260" --login
	mount --fstab /lib/mount-on-vm/vm-drives.fstab -a

	sleep 2

	# verify

	mountpoint -q /mnt/lxc_shares/paperless && \
	mountpoint -q /mnt/lxc_shares/ocis && \
	mountpoint -q /mnt/lxc_shares/media

	exit $?
	# /etc/systemd/system/open-iscsi.service.d/override.conf

	[Unit]
	Wants=ip-verify-for-iscsi.service network-online.target remote-fs-pre.target
	After=ip-verify-for-iscsi.service iscsid.service
	# paperless iscsi
	/dev/disk/by-path/ip-172.25.44.21:3260-iscsi-iqn.2005-10.org.freenas.ctl:paperless-lun-0 /mnt/lxc_shares/paperless ext4 _netdev 0 0

	# ocis iscsi
	/dev/disk/by-path/ip-172.25.44.21:3260-iscsi-iqn.2005-10.org.freenas.ctl:ocis-lun-0 /mnt/lxc_shares/ocis ext4 _netdev 0 0

	# note the gid:uid of these shares, which are `lxc_share`:`lxc_share_root`,
	# which were created with IDs of 110000:100000 -- and TrueNAS has matching group:user with those gid:uid
	# the mount locations are created with chown lxc_share:lxc_share_root to match
	# these values translate to 0:10000 inside an unprivileged LXC, which is root and a gid of 10000
	# this allows fairly transparent access to these shares from an unprivileged LXC using a simple mount like:
	# mp0: /mnt/lxc_shares/downloads,mp=/mnt/downloads

	# paperless-consumption via smb
	//172.25.44.21/Paperless-Consumption /mnt/lxc_shares/paperless-consumption cifs credentials=/root/.paperless.smbcredentials,iocharset=utf8,uid=lxc_share_root,gid=lxc_share,nobrl 0 0

	# downloads via smb -- 'nobrl' required for database locks in apps like calibre
	//172.25.44.21/Downloads /mnt/lxc_shares/downloads cifs credentials=/root/.downloads.smbcredentials,uid=lxc_share_root,gid=lxc_share,iocharset=utf8,nobrl 0 0

	# general share directory via smb
	//172.25.44.21/shared /mnt/lxc_shares/shared cifs credentials=/root/.shared.smbcredentials,uid=lxc_share_root,iocharset=utf8,gid=lxc_share,nobrl,dir_mode=0775,file_mode=0664,vers=3.1.1 0 0