TrueNAS Core Dataset & Sharing Sanity Check

Hello forum, hope your day is going well.

I’ve been on TrueNAS Core 13 for about 2 months now coming from a FreeBSD 13 ZFS setup that was very basic. I currently have 2 pools - flash & storage. Flash is an 8 drive SSD array in raidz1 to act as fast NFS storage for my VMs/services. Storage is a 12 drive HDD array in raidz2 to act as bulk storage for mostly media, isos and other various projects for my Windows desktop.

As it sits I have individual datasets on the flash array and have noticed through Tom’s videos he uses nested datasets and this would help me organize things better. I’d like to condense the various VM/services datasets into their own ‘dataset’ and make them nested datasets:

/flash/bittorrent → /flash/storage/bittorrent (fast bulk storage for torrents)
/flash/web → /flash/storage/web (fast bulk storage for the webserver)
etc etc.

Some datasets like /flash/isos will just remain as is - /flash/storage would be strictly for VMs/services to mount within their VM or container. Any problem with the mentioned above? Which brings me to permissions in which I currently do not have a problem with and have gotten ok at basic ACL understanding.

Lets take bittorrent for example. It’s currently nobody/nogroup permissions on the dataset, and Maproot User Nobody/Maproot Group Nobody in the NFS shares, locked to bittorrent VM’s IP. This has been working flawlessly for me.

Is this wrong? Should I make a dedicated bittorrent user/group on TrueNAS, as well as on the bittorrent VM and change ACLs to match? In this ACL change - would the UID/GID on TrueNAS NEED to match the bittorrent VM’s UID/GID for the bittorrent user? (this is one small spot of confusion I have with NFS perms)

My Windows desktop accesses the storage dataset over SMB using my TrueNAS user/group without issue. I did read that mixing datasets with NFS & SMB is not ideal. Currently to access downloaded files bittorrent VM pulls down - I made a SMB share for /mnt/flash/bittorrent, nobody/nogroup with my user’s ACL added and haven’t had issues though I don’t often actually delete files from there, I just copy them to where I want. Thoughts on what I should do differently here?

I tried to be clear & detailed but I made a wall of text instead. Thanks for reading

If you are using CORE then I’d advise against running any application on it. Core was never really intended for that use case and it was mediocre at best. If you are wanting to run applications off truenas then I’d advise using SCALE because it will have greater stability in apps due to utilizing docker/kubernetes.

I know that really wasn’t the answer to your question, but I thought I would get that out there before you go too far down this endeavor. But it does fit in the realm of your permissions question. Tom released a video presently about setting permissions in SCALE.