@girish said in JMAP:

on dovecot side, JMAP support is not really being actively worked on - http://dovecot.2317879.n4.nabble.com/JMAP-support-td73445.html

Yeah, kind of being ignored a little bit. lol
AFAICS, JMAP does not seem to bring such great enhancements such as to shake the email servers industry, yet. That is very likely why there's seems to be not so much enthusiasm about this protocol. IMHO
Andy

@scooke said in Cloudron Pricing and Licensing Help:

I'm just thinking digitally here, but most fonts, Wordpress themes and plugins (and other paid themes and plugins), etc. are for one installation/project.

As you mention it, first fonts are not in the same category as Wordpress which carries a General Public License (GPL) which carries the obligation to ALL themes and plugins to be produce and distributed under the exact same condition, meaning they must be GPL as well.

Limiting the number of instance installation in the case of themes or plugins for Wordpress, or any FOSS which comes with such license of freedom, is among the biggest SCAM going on in this sphere right now, as this is a violation of the GPL license which, among other things, stipulate that once you have a copy, you can freely copy and distribute it under the same license's terms. Hence, technically speaking, if a wp theme developer does limits you in the number of instances you can install, then he's breaking the license himself which they still pretend to be GPL which is an absolute non-sense.

Clourdon is NOT GPL, nor even open source if I'm not mistaken, right now, even though most of the software part of the offer are. That's not a problem at all. simply because you do not absolutely need a Cloudron box to run any of the software offer which are coming with GPL. When one pays for either cPanel or Plesk the principle is the same, the prices are always PER INSTANCE, obviously, and that is even though they too offer GPL apps installation via their dashboard via Softaculous and the like.

My 2 cents worth, tale care 🙂
Andy

@subtlecourage I'm not sure on which machine you get this message now, but have you checked for file permissions (chmod) on your RSA keys that could also be a factor.

Andy

@jlx89 yeah, admins always have access to everything afaik

@jdaviescoates Awesome, thanks for the tip! I just replaced the LAMP apps with Surfer for the redirect role, that saves some resources off MySQL and Redis which is nice. Thanks again. 🙂

@girish Correct. In my case they're almost all managed by Cloudron with some exceptions like extra records needed by Mailjet for example, but yeah the vast majority of the DNS records between all the domains I manage are Cloudron-related.

@ccfu That's a good point. Probably one for their forum but I think I'd like that too so may help develop.

@d19dotca Swift based object stores are one of the least advanced.

IBMs is one of the most. (20GB free)

@seeker makes sense. Well, thanks for sharing! Already downloaded used it!

@seeker Send me your GitLab.com ID here or via DM and I'll share access if you like. All EspoCRM based. Needs a teeny bit of config but overall will have you an impression of what's possible.

@timconsidine
https://mailbox.org/en/ has also very good spam detection, is privacy conscious (inter alia data centers in Germany, anonymous registration possible, etc., see https://mailbox.org/en/security) and offers quite easy end-to-end encryption. Works reliable as an smtp-relay for domains as well (no deliverability issues).

Only issue is the constant notification that my domain isn't configurated correctly for mail.

@jdaviescoates said in Cloudron selfhosting platform:

@nebulon if I were you I'd edit the post with the wrong links to put the correct links back in, or just delete the comment (and perhaps block the user too).

And perhaps simply delete this thread, so we don't waste our time to finally getting nowhere loll

Andy

Added https://forum.cloudron.io/topic/5027/pop3-gmail-polling-support

Just adding this here to keep it all in one place:

@malvim said in Other self-hosted communities?:

Managing of ssl certificates without intervention and containerization were what got me into it, but great documentation, ease of packaging, support, and a thriving community is what keeps me here. Cloudron rocks.

We haven't worked out the details around subscription for multihost, however you still can just go ahead as you mentioned. Anyways you can migrate apps from one Cloudron to another, mostly this works well as long as the usernames are consistent (we try to setup most apps to use the username as the unique identifier)

@timconsidine Also good to point out is if the plan is to just use a personal google account's SMTP settings it will be severely rate limited.

Any plans to make this Cloudron-easy?

https://docs.storj.io/api-reference/s3-gateway

Otherwise, it looks like their integration partner Filebase puts a markup on that:

https://filebase.com

Latest round of SpamAssassin rules I'm using, if anyone is interested.

The highlights here are just a couple of things:

A few new sources which come with new rules Slight scoring tweaks on just a few rules

Of course, as they say... YMMV. 😉

# scoring DNSBLs (blocklists & allowlists) score RCVD_IN_BL_SPAMCOP_NET 2.5 score RCVD_IN_DNSWL_HI -5.0 score RCVD_IN_DNSWL_LOW -0.5 score RCVD_IN_DNSWL_MED -2.5 score RCVD_IN_DNSWL_NONE 0.5 score RCVD_IN_GBUDB 4.5 score RCVD_IN_IADB_DK -0.5 score RCVD_IN_IADB_DOPTIN_GT50 -0.5 score RCVD_IN_IADB_DOPTIN_LT50 -0.5 score RCVD_IN_IADB_EDDB -0.5 score RCVD_IN_IADB_EPIA -0.5 score RCVD_IN_IADB_GOODMAIL -0.5 score RCVD_IN_IADB_LISTED -0.5 score RCVD_IN_IADB_LOOSE -0.5 score RCVD_IN_IADB_MI_CPEAR 0 score RCVD_IN_IADB_MI_CPR_30 0 score RCVD_IN_IADB_MI_CPR_MAT 0.0 score RCVD_IN_IADB_NOCONTROL -0.5 score RCVD_IN_IADB_OOO -0.5 score RCVD_IN_IADB_OPTIN -0.5 score RCVD_IN_IADB_OPTIN_GT50 -0.5 score RCVD_IN_IADB_OPTIN_LT50 -0.5 score RCVD_IN_IADB_OPTOUTONLY -0.5 score RCVD_IN_IADB_RDNS -0.5 score RCVD_IN_IADB_SENDERID -0.5 score RCVD_IN_IADB_SPF -0.5 score RCVD_IN_IADB_UNVERIFIED_1 -0.5 score RCVD_IN_IADB_UNVERIFIED_2 -0.5 score RCVD_IN_IADB_UT_CPEAR 0 score RCVD_IN_IADB_UT_CPR_30 0 score RCVD_IN_IADB_UT_CPR_MAT 0 score RCVD_IN_JMF_BL 2.5 score RCVD_IN_MSPIKE_BL 0.0 score RCVD_IN_MSPIKE_H2 0.0 score RCVD_IN_MSPIKE_H3 -0.5 score RCVD_IN_MSPIKE_H4 -2.0 score RCVD_IN_MSPIKE_H5 -3.0 score RCVD_IN_MSPIKE_L2 1.5 score RCVD_IN_MSPIKE_L3 3.5 score RCVD_IN_MSPIKE_L4 4.5 score RCVD_IN_MSPIKE_L5 5.0 score RCVD_IN_MSPIKE_WL 0.0 score RCVD_IN_MSPIKE_ZBI 4.0 score RCVD_IN_PBL 3.5 score RCVD_IN_SBL 3.5 score RCVD_IN_SBL_CSS 3.5 score RCVD_IN_SEM_BACKSCATTER 1.5 score RCVD_IN_SEM_BLACK 3.5 score RCVD_IN_SEM_NET_BLACK 2.5 score RCVD_IN_SORBS_BLOCK 2.5 score RCVD_IN_SORBS_DUL 2.5 score RCVD_IN_SORBS_HTTP 2.5 score RCVD_IN_SORBS_MISC 2.5 score RCVD_IN_SORBS_SMTP 2.5 score RCVD_IN_SORBS_SOCKS 2.5 score RCVD_IN_SORBS_SPAM 2.5 score RCVD_IN_SORBS_WEB 2.5 score RCVD_IN_SORBS_ZOMBIE 2.5 score RCVD_IN_SPAMRATS 2.5 score RCVD_IN_XBL 3.5 score RCVD_IN_ZEN_BLOCKED 0.0 score RCVD_IN_ZEN_BLOCKED_OPENDNS 0.0 # scoring URIBLs score URIBL_ABUSE_SURBL 4.0 score URIBL_BLACK 4.5 score URIBL_CR_SURBL 4.0 score URIBL_CSS 2.0 score URIBL_CSS_A 2.0 score URIBL_DBL_ABUSE_BOTCC 3.5 score URIBL_DBL_ABUSE_MALW 3.5 score URIBL_DBL_ABUSE_PHISH 3.5 score URIBL_DBL_ABUSE_REDIR 3.5 score URIBL_DBL_ABUSE_SPAM 3.5 score URIBL_DBL_BLOCKED 0.0 score URIBL_DBL_BLOCKED_OPENDNS 0.0 score URIBL_DBL_BOTNETCC 3.5 score URIBL_DBL_ERROR 3.5 score URIBL_DBL_MALWARE 3.5 score URIBL_DBL_PHISH 3.5 score URIBL_DBL_SPAM 3.5 score URIBL_GREY 1.0 score URIBL_MW_SURBL 4.0 score URIBL_PH_SURBL 4.0 score URIBL_RED 1.5 score URIBL_RHS_DOB 2.0 score URIBL_SBL 2.0 score URIBL_SBL_A 2.0 score URIBL_SEM 3.0 score URIBL_SEM_FRESH30 1.5 score URIBL_WS_SURBL 3.0 score URIBL_ZEN_BLOCKED 0.0 score URIBL_ZEN_BLOCKED_OPENDNS 0.0 # scoring DKIM & SPF score DKIM_INVALID 1.5 score DKIM_SIGNED 0.0 score DKIM_VALID 0.0 score DKIM_VALID_AU 0.0 score DKIM_VALID_EF 0.0 score DKIM_VERIFIED 0.0 score DKIMWL_BL 3.0 score DKIMWL_WL_HIGH -3.5 score DKIMWL_WL_MED -1.5 score DKIMWL_WL_MEDHI -2.5 score FORGED_SPF_HELO 3.0 score SPF_FAIL 1.5 score SPF_HELO_FAIL 1.5 score SPF_HELO_NEUTRAL 1.0 score SPF_HELO_NONE 0.5 score SPF_HELO_PASS 0.0 score SPF_HELO_SOFTFAIL 1.5 score SPF_NEUTRAL 0.5 score SPF_NONE 0.5 score SPF_PASS 0.0 score SPF_SOFTFAIL 1.5 # scoring BAYES score BAYES_00 -3.0 score BAYES_05 -1.5 score BAYES_20 0.5 score BAYES_40 1.5 score BAYES_50 2.0 score BAYES_60 3.0 score BAYES_80 4.0 score BAYES_95 4.5 score BAYES_99 5.0 score BAYES_999 1.5 # scoring HTML score HTML_FONT_LOW_CONTRAST 0.5 score HTML_IMAGE_ONLY_04 1.5 score HTML_IMAGE_ONLY_08 2.0 score HTML_IMAGE_ONLY_12 2.0 score HTML_IMAGE_ONLY_16 2.0 score HTML_IMAGE_ONLY_20 2.0 score HTML_IMAGE_ONLY_24 2.5 score HTML_IMAGE_ONLY_28 2.5 score HTML_IMAGE_ONLY_32 3.0 score HTML_IMAGE_RATIO_02 0.0 score HTML_IMAGE_RATIO_04 0.0 score HTML_IMAGE_RATIO_06 0.0 score HTML_IMAGE_RATIO_08 0.0 score HTML_MESSAGE 0.0 # scoring HEADER & MISSING score HEADER_FROM_DIFFERENT_DOMAINS 0.5 score HEADER_SPAM 2.5 score MISSING_DATE 3.0 score MISSING_FROM 1.5 score MISSING_HB_SEP 0.0 score MISSING_HEADERS 1.5 score MISSING_MID 1.0 score MISSING_MIMEOLE 2.0 score MISSING_SUBJECT 2.0 # scoring FREEMAIL score FORGED_GMAIL_RCVD 2.5 score FORGED_YAHOO_RCVD 2.5 score FREEMAIL_ENVFROM_END_DIGIT 0.5 score FREEMAIL_FORGED_REPLYTO 1.5 score FREEMAIL_FROM 0 score FREEMAIL_REPLY 1.0 score FREEMAIL_REPLYTO 1.0 score FREEMAIL_REPLYTO_END_DIGIT 0.5 score MALFORMED_FREEMAIL 4.0 # additional scoring tweaks score BILLION_DOLLARS 2.0 score BODY_URI_ONLY 1.5 score EMPTY_MESSAGE 1.5 score HELO_DYNAMIC_SPLIT_IP 2.0 score HK_RANDOM_ENVFROM 0.5 score HK_RANDOM_FROM 0.5 score LOTS_OF_MONEY 0.5 score MPART_ALT_DIFF 1.0 score MPART_ALT_DIFF_COUNT 1.5 score NO_DNS_FOR_FROM 0.5 score PDS_TONAME_EQ_TOLOCAL 0.5 score PDS_TONAME_EQ_TOLOCAL_VSHORT 0.5 score RDNS_NONE 1.5 score REPLYTO_WITHOUT_TO_CC 2.5 score UNPARSEABLE_RELAY 0.5 score URI_DQ_UNSUB 2.0 # add GDUB TRUNCATE DNSBL header RCVD_IN_GBUDB eval:check_rbl('gbudb', 'truncate.gbudb.net.') describe RCVD_IN_GBUDB Listed in truncate.gbudb.net tflags RCVD_IN_GBUDB net # add JMF-Black DNSBL header RCVD_IN_JMF_BL eval:check_rbl('jmf', 'black.junkemailfilter.com.') describe RCVD_IN_JMF_BL Listed in black.junkemailfilter.com tflags RCVD_IN_JMF_BL net # add Spamrats DNSBL header RCVD_IN_SPAMRATS eval:check_rbl('spamrats', 'all.spamrats.com.') describe RCVD_IN_SPAMRATS Sender listed in all.spamrats.com tflags RCVD_IN_SPAMRATS net # add SpamEatingMonkey backscatter DNSBL header RCVD_IN_SEM_BACKSCATTER eval:check_rbl('sem', 'backscatter.spameatingmonkey.net') tflags RCVD_IN_SEM_BACKSCATTER net describe RCVD_IN_SEM_BACKSCATTER Received from an IP listed by SEM-BACKSCATTER # add SpamEatingMonkey network blacklist DNSBL header RCVD_IN_SEM_NET_BLACK eval:check_rbl('sem', 'netbl.spameatingmonkey.net') tflags RCVD_IN_SEM_NET_BLACK net describe RCVD_IN_SEM_NET_BLACK Received from an IP listed by SpamEatingMonkeys # add SpamEatingMonkey blacklist DNSBL header RCVD_IN_SEM_BLACK eval:check_rbl('sem', 'bl.spameatingmonkey.net') tflags RCVD_IN_SEM_BLACK net describe RCVD_IN_SEM_BLACK Received from an IP listed by SpamEatingMonkeys # add SpamEatingMonkey URIBL urirhssub URIBL_SEM uribl.spameatingmonkey.net. A 2 body URIBL_SEM eval:check_uridnsbl('URIBL_SEM') describe URIBL_SEM Contains a URI listed by SpamEatingMonkeys tflags URIBL_SEM net # add SpamEatingMonkey fresh domain URIBL urirhssub URIBL_SEM_FRESH30 fresh30.spameatingmonkey.net. A 2 body URIBL_SEM_FRESH30 eval:check_uridnsbl('URIBL_SEM_FRESH30') describe URIBL_SEM_FRESH30 From a domain registered less than 30 days ago tflags URIBL_SEM_FRESH30 net

@atrilahiji thank you, yes.
I moved a LAMP with a basic landing page setup to Surfer.
Certainly seems like it should be a lighter setup.

Surfer seems good for static (html/css/js) sites which are static (rarely changing).

Grav seems good for sites which might need more content changes. Will try to monitor what resources Grav consumes.

Generally I am a fan of Hugo as SSG but Grav looks a slicker quicker-to-maintain option.

@atrilahiji thanks for the heads up! A bit embarrassing that we have overlooked that part. I've filled in the sections with appropriate text now.

@necrevistonnezr noone is blaming you, no need to be defensive.

Discuss the technical merits of the upgrades and changes?

@tshirt-chihuahu Try Contabo 😉

Added a new one to the list.

@dswd said in Borg backup to local/attached and S3 Compatible Object Storage:

Since I opened that issue back then, I want to mention that in the meantime I developed my own backup solution which I think is better than Borg. Right now I am 90% done with version 2 of it and I will definitively use it to backup my Cloudron instance.

As mentioned before, I use the built-in daily unencrypted Backup to local filesystem using the rsync backend and the "3 daily, 4 weekly, 6 monthly" schedule.

These daily encrypted backups of the "snapshot" folder are backed up via restic to OneDrive (which is in my O365 subscription) with the same schedule as above.

This gives me mountable(!) remote point-in-time backups.

What I use for backing up (daily):

#!/bin/bash d=$(date +%Y-%m-%d) if pidof -o %PPID -x “$0”; then echo “$(date “+%d.%m.%Y %T”) Exit, already running.” exit 1 fi restic -r rclone:onedrive:restic backup /media/Cloudron/snapshot/ -p=resticpw restic -r rclone:onedrive:restic forget --keep-monthly 6 --keep-weekly 4 --keep-daily 7 -p=resticpw

What I use for pruning (once a month):

#!/bin/bash d=$(date +%Y-%m-%d) if pidof -o %PPID -x “$0”; then echo “$(date “+%d.%m.%Y %T”) Exit, already running.” exit 1 fi restic -r rclone:onedrive:restic prune -p=resticpw

@girish said

I went ahead and fixed ~20-30 places in the UI where we got that wrong. This and the it's / its always trips me 🙂

Wow, thank you for your attention to detail and changing these! By the way, I am loving Cloudron! 🙂

Castopod : https://podlibre.org/tag/castopod-host/ (upvote here - https://forum.cloudron.io/topic/4839/castopod-host-open-source-hosting-platform-made-for-podcasters-who-want-engage-and-interact-with-their-audience)

Nice. Thanks

Here's someone's account of do's and don't with ZFS.

Creating and managing single/dual drive ZFS filesystem on Linux

Do NOT use ZFS in these cases:

you want to use ZFS on single/one external USB drive (worst case, data corruption will happen on non clean dismount, and you would have to recreate whole dataset) you want to use ZFS on single/one drive and you do not have any external drive for the backup purpose (why? when the zpool is not cleanly dismounted/exported, some data can get corrupted permanently and zfs will have no other mirror drive from which it can automatically get valid data, unless you get secondary drive of same type, size for parity, redundancy) you do not have hours of your time to learn basics of ZFS management, on this page though are most basic things

Majority of following commands will work on all Linux distributions though first part of the tutorial is using Arch/Manjaro Linux packages and package manager. On Ubuntu i was able to setup ZFS using command "sudo apt install zfsutils-linux". If you have other distribution, you need to discover if your distribution has packages for zfs (and kernel modules).

Upgrade and update system and reboot (in case new kernel was installed since last reboot)

A)
sudo pacman -S linux-latest-zfs
reboot
sudo /sbin/modprobe zfs

if modprobe not works, try "sudo pacman -R linux-latest-zfs" and try method B:

B)
Discover installed kernels:
uname -r
pacman -Q | grep “^linux”

and install zfs packages for these:
sudo pacman -Ss zfs|grep -i linux
sudo pacman -S linux123-zfs
pamac install zfs-dkms
reboot
enable zfs support in kernel (it was not enabled in 5.8.16-2-MANJARO after reboot, but once enabled by following command it persist)

sudo /sbin/modprobe zfs

===================================

Open two pages and search for things and parameters to understand following commands:
https://zfsonlinux.org/manpages/0.8.1/man8/zpool.8.html
https://zfsonlinux.org/manpages/0.8.1/man8/zfs.8.html

sudo smartctl -a /dev/sdb|grep -i "sector size"
Sector Sizes: 512 bytes logical, 4096 bytes physical
(smartctl is in package "smartmontools")

It was suggested here https://forum.proxmox.com/threads/how-can-i-set-the-correct-ashift-on-zfs.58242/post-268384 to use in the following "zpool create" command the parameter ashift=12 for drives with 4096 bytes physical sector size and for 8K physical to use ashift=13. If ashift not defined, then zfs use autodetect where i do not know how good it is.
attempt to create pool named "poolname" on a HDD of choice: (use disk that store no important data or it will be lost + unmount the drive, maybe using gparted)

A) sudo zpool create -o ashift=12 -o feature@async_destroy=enabled -o feature@empty_bpobj=enabled -o feature@lz4_compress=enabled poolname /dev/disk/ID-HERE(ls -l /dev/disk/by-id/)

or the same command only the pool will be created across 2 physical drives (of same size, else pool will not use all the space on bigger drive?) where one will be used for redundancy (recommended to reduce irreversible data corruption risk and double the read/write performance)
B) sudo zpool create -o ashift=12 -o feature@async_destroy=enabled -o feature@empty_bpobj=enabled -o feature@lz4_compress=enabled poolname mirror /dev/disk/DRIVE1-ID-HERE(ls -l /dev/disk/by-id/) /dev/disk/DRIVE2-ID-HERE(ls -l /dev/disk/by-id/)
(for 4 drives mirror, it should be: zpool create poolname mirror drive1id drive2id mirror drive3id drive4id)

Regarding following parameter recordsize, it was suggested on places like this https://blog.programster.org/zfs-record-size and https://jrs-s.net/2019/04/03/on-zfs-recordsize/ and https://www.reddit.com/r/zfs/comments/8l20f5/zfs_record_size_is_smaller_really_better/ that for large media files drive, the block size is better to increase from 128k to 512k. So i did it for my multimedia drive. Though above linked manual page for zfs says this value is only suggested and zfs automatically adjust size per usage patterns. Also is said on mentioned unofficial article that the record size should be similar to a size of the typical storage operation within the dataset which may contradict with the file size itself. "zpool iostat -r" shows the operation sizes distribution/counts, also if zpool is single drive, maybe can be used "sudo iostat -axh 3 /dev/zpooldrivename" and checking the "rareq-sz" (read average request size).

Creating two datasets one encrypted one not:
sudo zfs create -o compression=lz4 -o checksum=skein -o atime=off -o xattr=sa -o encryption=on -o keyformat=passphrase -o mountpoint=/e poolname/enc
sudo zfs create -o compression=lz4 -o checksum=skein -o atime=off -o xattr=sa -o encryption=off -o recordsize=512K -o mountpoint=/d poolname/data

fix permissions:
sudo chown -R $(whoami):$(whoami) /poolname /e /d

gracefully unmount the pools (i think necessary or poor will be marked as suspended and compute restart needed):
sudo zpool export -a

mount the pools:
sudo zpool import -a
(if it fails, you have to mount manually, list disk names (ls -l /dev/disk/by-id/), then: sudo zpool import -a -d /dev/disk/by-id/yourdisk1name-part1 -d /dev/disk/by-id/yourdisk2name-part1 )

If some pool is encrypted, then additional command needed (-l parameter to enter passphrase, else it complains "encryption key not loaded"):
sudo zfs mount -a -l

pool activity statistics:
zpool iostat -vlq
zpool iostat -r (request size histograms)
zpool iostat -w (wait/latency histograms)

intent log statistics:
cat /proc/spl/kstat/zfs/zil

change mountpoint of some dataset within the pool:
sudo mkdir /new;sudo zfs set mountpoint=/new poolname/datasetname

rename/move dataset (error "cannot destroy filesystem has children"):
sudo zfs rename poolname/dataset/subdataset poolname/subdatasetnew

attach new drive (if the existing one is non-redundant single drive, result will be mirror (something like RAID1, with enhanced read/write and 1 drive fault tollerance, data self healing), if existing is part of mirror, it will be three way mirror:
zpool attach poolname existingdrive newdrive

Detach, remove, replace, see manual page (man zpool) or https://zfsonlinux.org/manpages/0.8.1/man8/zpool.8.html

create snapshot:
zfs snapshot -r poolname@snapshot1

destroy (delete) all snapshots (no prompt):
sudo zfs list -H -o name -t snapshot -r POOLNAME|sudo xargs -n1 zfs destroy

destroy (delete) dataset (no prompt):
sudo zfs destroy poolname/enc

destroy (delete) whole pool (no prompt):
sudo zpool destroy poolname

========
If you are OK with the HDD activity to increase at times regular activity is no/low, then consider enabling automatic scrubbing (kind of runtime "fsck" that checks files and even can repair files on replicated devices (mirror/raidz)). Following sets the monthly task:

su;echo -e "[Unit]\nDescription=Monthly zpool scrub on %i\n\n[Timer]\nOnCalendar=monthly\nAccuracySec=1h\nPersistent=true\n\n[Install]\nWantedBy=multi-user.target" > /etc/systemd/system/zfs-scrub@.timer echo -e "[Unit]\nDescription=zpool scrub on %i\n\n[Service]\nNice=19\nIOSchedulingClass=idle\nKillSignal=SIGINT\nExecStart=/usr/bin/zpool scrub %i\n\n[Install]\nWantedBy=multi-user.target" > /etc/systemd/system/zfs-scrub@.service;exit systemctl enable zfs-scrub@YOURPOOLNAMEHERE.timer

========
Another page worth reading: https://wiki.archlinux.org/index.php/ZFS

Terminology:
ZIL - ZFS intent log is allocated from blocks within the main pool. However, it might be possible to get better sequential write performance using separate intent log devices (SLOG) such as NVRAM.
SLOG - It's just a really fast place/device to store the ZIL (Zfs Intent Log). Most systems do not write anything close to 4GB to ZIL. (cat /proc/spl/kstat/zfs/zil). ZFS will not benefit from more SLOG storage than the maximum ARC size. That is half of system memory on Linux by default. SLOG device can only increase throughput and decrease latency in a workload with many sync writes.

ARC - Adaptive Replacement Cache is the ZFS read cache in the main memory (DRAM).

L2ARC - Second Level Adaptive Replacement Cache is used to store read cache data outside of the main memory. ... use read-optimized SSDs (no need to mirror/fault tolerance)

Cache - These devices (typically a SSD) are managed by L2ARC to provide an additional layer of caching between main memory and disk. For read-heavy workloads, where the working set size is much larger than what can be cached in main memory, using cache devices allow much more of this working set to be served from low latency media. Using cache devices provides the greatest performance improvement for random read-workloads of mostly static content. (zpool add POOLNAME cache DEVICENAME)

Interesting utilities:
ZREP is a ZFS based replication and failover script https://github.com/bolthole/zrep
Syncoid facilitates the asynchronous incremental replication of ZFS filesystems https://github.com/jimsalterjrs/sanoid#syncoid

========
ZFS zpool file statistics (file size, number of files):
/decko/
a) zpool iostat -r;zpool iostat -w
b)
[code]find /decko/ -type f -print0 | xargs -0 ls -l | awk '{ n=int(log($5)/log(2)); if (n<10) { n=10; } size[n]++ } END { for (i in size) printf("%d %d\n", 2^i, size[i]) }' | sort -n | awk 'function human(x) { x[1]/=1024; if (x[1]>=1024) { x[2]++; human(x) } } { a[1]=$1; a[2]=0; human(a); printf("%3d%s: %6d\n", a[1],substr("kMGTEPYZ",a[2]+1,1),$2) }'

1k: 8102
2k: 2938
4k: 2169
8k: 2102
16k: 2311
32k: 2986
64k: 2533
128k: 2164
256k: 2146
512k: 1692
1M: 2284
2M: 4512
4M: 7483
8M: 7890
16M: 4184
32M: 1911
64M: 484
128M: 1461
256M: 4911
512M: 2344
1G: 578
2G: 113
4G: 13
8G: 11
16G: 2[/code]

/ecko/ZN:
[code]find /ecko/ZN/ -type f -print0 2>/dev/null| xargs -0 ls -l 2>/dev/null| awk '{ n=int(log($5)/log(2)); if (n<10) { n=10; } size[n]++ } END { for (i in size) printf("%d %d\n", 2^i, size[i]) }' | sort -n | awk 'function human(x) { x[1]/=1024; if (x[1]>=1024) { x[2]++; human(x) } } { a[1]=$1; a[2]=0; human(a); printf("%3d%s: %6d\n", a[1],substr("kMGTEPYZ",a[2]+1,1),$2) }'

1k: 403007
2k: 33644
4k: 48356
8k: 155711
16k: 62305
32k: 52709
64k: 47308
128k: 44223
256k: 35698
512k: 32049
1M: 34376
2M: 22291
4M: 38327
8M: 8134
16M: 2448
32M: 1346
64M: 1948
128M: 1438
256M: 379
512M: 276
1G: 124
2G: 3[/code]