driver: freenas-smb instance_id: httpConnection: protocol: http host: server address port: 80 # use only 1 of apiKey or username/password # if both are present, apiKey is preferred # apiKey is only available starting in TrueNAS-12 #apiKey: username: root password: allowInsecure: true # use apiVersion 2 for TrueNAS-12 and up (will work on 11.x in some scenarios as well) # leave unset for auto-detection #apiVersion: 2 sshConnection: host: server address port: 22 username: root # use either password or key password: "" privateKey: | -----BEGIN RSA PRIVATE KEY----- ... -----END RSA PRIVATE KEY----- zfs: # can be used to override defaults if necessary # the example below is useful for TrueNAS 12 #cli: # sudoEnabled: true # # leave paths unset for auto-detection # paths: # zfs: /usr/local/sbin/zfs # zpool: /usr/local/sbin/zpool # sudo: /usr/local/bin/sudo # chroot: /usr/sbin/chroot # can be used to set arbitrary values on the dataset/zvol # can use handlebars templates with the parameters from the storage class/CO #datasetProperties: # "org.freenas:description": "{{ parameters.[csi.storage.k8s.io/pvc/namespace] }}/{{ parameters.[csi.storage.k8s.io/pvc/name] }}" # "org.freenas:test": "{{ parameters.foo }}" # "org.freenas:test2": "some value" datasetProperties: aclmode: restricted aclinherit: passthrough acltype: nfsv4 casesensitivity: insensitive datasetParentName: tank/k8s/a/vols # do NOT make datasetParentName and detachedSnapshotsDatasetParentName overlap # they may be siblings, but neither should be nested in the other # do NOT comment this option out even if you don't plan to use snapshots, just leave it with dummy value detachedSnapshotsDatasetParentName: tank/k8s/a/snaps datasetEnableQuotas: true datasetEnableReservation: false datasetPermissionsMode: "0770" # as appropriate create a dedicated user for smb connections # and set this datasetPermissionsUser: 65534 datasetPermissionsGroup: 65534 # CORE #datasetPermissionsAclsBinary: setfacl # SCALE #datasetPermissionsAclsBinary: nfs4xdr_setfacl # if using a user other than guest/nobody comment the 'everyone@' acl # and uncomment the appropriate block below datasetPermissionsAcls: - "-m everyone@:full_set:fd:allow" # CORE # in CORE you cannot have multiple entries for the same principle # or said differently, they are declarative so using -m will replace # whatever the current value is for the principle rather than adding a # entry in the acl list #- "-m g:builtin_users:full_set:fd:allow" #- "-m group@:modify_set:fd:allow" #- "-m owner@:full_set:fd:allow" # SCALE # https://www.truenas.com/community/threads/get-setfacl-on-scale-with-nfsv4-acls.95231/ # -s replaces everything # so we put this in specific order to mimic the defaults of SCALE when using the api #- -s group:builtin_users:full_set:fd:allow #- -a group:builtin_users:modify_set:fd:allow #- -a group@:modify_set:fd:allow #- -a owner@:full_set:fd:allow smb: shareHost: server address nameTemplate: "" namePrefix: "" nameSuffix: "" # if any of the shareFoo parameters do not work with your version of FreeNAS # simply comment the param (and use the configuration template if necessary) shareAuxiliaryConfigurationTemplate: | #guest ok = yes #guest only = yes shareHome: false shareAllowedHosts: [] shareDeniedHosts: [] #shareDefaultPermissions: true shareGuestOk: false #shareGuestOnly: true #shareShowHiddenFiles: true shareRecycleBin: true shareBrowsable: false shareAccessBasedEnumeration: true shareTimeMachine: false #shareStorageTask: