Editing Introduction to a Self Managed Life: a 13 hour & 28 minute presentation by FUTO software (section)

== Step 5: Setting Up ZFS Pool Mount Points and Permissions ==

<span id="creating-the-base-dataset-structure"></span>
==== 5.1 Creating the Base Dataset Structure ====

First, let’s create our main dataset and its subdirectories:

<pre># Load the encryption key so we can work:
sudo zfs load-key mediapool

# Create mount points if they don't exist

# Create the virtual machine backup dataset where we'll store VM images
sudo zfs create -o mountpoint=/mediapool/vmbackups mediapool/vmbackups

# Create the storage backup dataset where we'll store Linux ISOs and cooking recipes
sudo zfs create -o mountpoint=/mediapool/archive mediapool/archive</pre>
<span id="setting-permissions-for-regular-user-access"></span>
==== 5.2 Setting Permissions for Regular User Access ====

Set ownership for the main archive directory:

<pre># Set ownership of the main archive directory to louis
sudo chown louis:louis /mediapool/archive

# Set base permissions (rwx for owner, rx for group and others)
sudo chmod 755 /mediapool/archive</pre>
<span id="securing-vmbackups-directory-for-root-only"></span>
==== 5.3 Securing vmbackups Directory for Root Only ====

Set restricted permissions on the vmbackups directory:

<pre># Set vmbackups to be owned by root
sudo chown root:root /mediapool/vmbackups

# Set permissions to allow only root access (rwx for root, none for others)
sudo chmod 700 /mediapool/vmbackups</pre>
<span id="verify-the-settings"></span>
==== 5.4 Verify the Settings ====

Check that everything is set correctly:

<pre># Check ZFS mountpoints
zfs get mountpoint mediapool/archive
zfs get mountpoint mediapool/vmbackups

# Check permissions
ls -la /mediapool/archive
ls -la /mediapool/vmbackups

# Verify dataset properties
zfs get all mediapool/archive
zfs get all mediapool/vmbackups</pre>
Expected output for permissions check, note that user <code>louis</code> cannot list the <code>vmbackups</code> directory without sudo.

<pre>louis@happycloud:~$ zfs get mountpoint mediapool/archive
NAME               PROPERTY    VALUE               SOURCE
mediapool/archive  mountpoint  /mediapool/archive  local

louis@happycloud:~$ zfs get mountpoint mediapool/vmbackups
NAME                 PROPERTY    VALUE                 SOURCE
mediapool/vmbackups  mountpoint  /mediapool/vmbackups  local

louis@happycloud:~$ ls -la /mediapool/archive
total 21
drwxr-xr-x 2 louis louis    2 Oct 23 21:45 .
drwxr-xr-x 4 root  root  4096 Oct 23 21:45 ..

louis@happycloud:~$ ls -la /mediapool/vmbackups
ls: cannot open directory '/mediapool/vmbackups': Permission denied

louis@happycloud:~$ sudo ls -la /mediapool/vmbackups
total 21
drwx------ 2 root root    2 Oct 23 21:44 .
drwxr-xr-x 4 root root 4096 Oct 23 21:45 ..
</pre>
<span id="test-access"></span>
==== 5.5 Test Access ====

Test the permissions are working:

<ol style="list-style-type: decimal;">
<li><p>As user ‘louis’:</p>
<pre># Should work
touch /mediapool/archive/testfile

# Should fail
touch /mediapool/vmbackups/testfile</pre></li>
<li><p>As root:</p>
<pre># Should work
sudo touch /mediapool/vmbackups/testfile</pre></li></ol>

If any of these tests don’t work as expected, double-check the permissions and ownership settings above.

<span id="frigate-camera-footage-storage"></span>
==== 5.6 frigate camera footage storage ====

Earlier in the guide, we set up '''frigate''' for recording security camera footage. We left it recording to the frigate installation folder. '''This is bad. Recording to the main solid state drive is a waste of space &amp; SSD life.'''

Archived camera footage belongs on a giant hard drive, not an expensive SSD. If you’d like, you can now go back to the frigate config section and change these two lines:

<pre>      - ./storage:/media/frigate
      - ./database:/data/db</pre>
to something like:

<pre>      - ./storage:/mediapool/archive/camerafootage/media/frigate
      - ./database:/mediapool/archive/camerafootage/data/db</pre>
Of course, make the directories first:

<pre>mkdir -p /mediapool/archive/camerafootage/data/db
mkdir -p /mediapool/archive/camerafootage/media/frigate</pre>
If you want to keep things separate, you could create a third dataset called <code>camerafootage</code>, mount it to <code>/mediapool/camerafootage</code>, and then edit the <code>docker-compose.yml</code> file to look like this:

<pre>      - ./storage:/mediapool/camerafootage/media/frigate
      - ./database:/mediapool/camerafootage/data/db</pre>
And make sure the directories have been created before running frigate:

<pre>mkdir -p /mediapool/camerafootage/data/db
mkdir -p /mediapool/camerafootage/media/frigate</pre>
The full file is provided below, with the assumption that you decided to make a <code>camerafootage</code> dataset that is mounted on <code>/mediapool/camerafootage</code>

<pre>version: &quot;3.9&quot;
services:
  frigate:
    container_name: frigate
    privileged: true # This may not be necessary for all setups
    restart: unless-stopped
    image: ghcr.io/blakeblackshear/frigate:0.13.2 # Last good version
    shm_size: &quot;64mb&quot; # Update for your cameras based on requirements
    devices:
      - /dev/bus/usb:/dev/bus/usb # USB Coral, modify for other hardware
      - /dev/apex_0:/dev/apex_0 # PCIe Coral, modify based on your setup
      - /dev/video11:/dev/video11 # For Raspberry Pi 4B
      - /dev/dri/renderD128:/dev/dri/renderD128 # Intel hwaccel, update for your hardware
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./config:/config
      - ./storage:/mediapool/camerafootage/media/frigate # Changed media directory to ZFS pool
      - ./database:/mediapool/camerafootage/data/db # Changed database directory to ZFS pool
      - type: tmpfs # Optional: Reduces SSD wear
        target: /tmp/cache
        tmpfs:
          size: 1000000000
    ports:
      - &quot;8971:8971&quot;
      - &quot;5000:5000&quot; # Internal unauthenticated access. Be careful with exposure.
      - &quot;8554:8554&quot; # RTSP feeds
      - &quot;8555:8555/tcp&quot; # WebRTC over TCP
      - &quot;8555:8555/udp&quot; # WebRTC over UDP
    environment:
      FRIGATE_RTSP_PASSWORD: &quot;password&quot;</pre>
<span id="step-6-setting-up-samba-to-share-zfs-pool-directories"></span>