Thanks to this community I’ve learned and I’m feeling inspired. I’ve loved having an NAS for the last few years, but it’s woefully under powered for what I’m using it for these days.
So I’ve ordered some basic PC parts, gonna build a basic setup using an old CPU I got lying about and try the NAS OS I saw talked about on here recently.
TrueNAS looks like a good option with only slight fears it’ll go down the well known path to the dark side like so many free options before.
In any event, I’m looking forward to adding Nextcloud and Jellyfin, to trying out Docker and generally having more control over things.
Thanks again to you all for informing and inspiring.
I’ll be back if I get questions!
i like TrueNas! and after trying out True Nas on bare metal for a year or two, now I run it as a VM under Proxmox.
so awesome
You’re the second person to suggest that approach. I’ll check it out before I do setup next week. Thanks!
I quickly got pissed at synology and QNAP and just started making my own shit. Now when anything fails it’s my own damn fault and I can actually fix it. This sounds bad but it’s actually a much better experience. I learn a lot and have fun. I’m the guy who made all those G4 cube retrofit kits on Thingiverse. It’s been a great distraction for me over the years.
On the subject of containers, learn podman. That’s where everybody seems to be migrating to.
Thank you, I’ll add podman to the list of things to checkout. Feels good to know I’ll get to set this up however I want
When my QNAP finally died on me, I decided to build a DIY NAS and did consider some of the NAS OSes, but I ultimately decided that I really just wanted a regular Linux server. I always find the built-in app stores limiting and end up manually running Docker commands anyways so I don’t feel like I ever take advantage of the OS features.
I just have an Arch box and several docker-compose files for my various self-hosting needs, and it’s all stored on top of a ZFS RaidZ-1. The ZFS array does monthly scrubs and sends me an email with the results. Sometimes keeping it simple is the best option, but YMMV.
I went with OMV on older but plenty capable hardware (Intel 4th-7th gen) because 1. I’m cheap, and 2. I could configure it how I wanted.
Glad I went that way, because I was considering “upgrading” to a Synology for a while.
I now have my OMV NAS (currently running on a very-unstressed 2014 Mac mini and a 4-bay drive enclosure), and a separate Proxmox cluster with multiple VMs that use the NAS through NFS shares. Docker-focused VMs are managed by local Dockge instances, which is incredibly handy for visualizing the stacks. Dockge instances can also link to each other, so I can log into any Dockge instance and have everything available.
I can do command line stuff just fine, but I am a visual person, so having all that info right in front of me on one page is very, very helpful.
Out of curiosity as an owner of a QNAP NAS, how did it go out? Any signs it was in its last legs? Now that I’ve used one, the form factor is the only thing better than most options out there when I got it.
Nowadays all QNAP, Sinology and other NAS vendors supposedly offer a lot of extra value with their cloud options, but I find them a sure way to get hacked based on the average company’s investment in security (I work in IT, it is a sad affair sometimes) combined with all the ransomware specifically targeting them due to old packages they rely on = I’ll build my next system from the ground up, even if the initial cost is higher and the result is uglier.
It was this nasty Intel clock drift bug: https://forum.qnap.com/viewtopic.php?t=157459
Support was completely unresponsive and refused to do anything. Didn’t even acknowledge the issue AFAIK. I tried to add the resistor but my copy of the NAS didn’t expose the right pins so I couldn’t even solder them on if I wanted to. Then I tried mounting my drives into another Linux machine, at which point I realized they were using some custom version of LVM that didn’t work with standard Linux. I ended up having to buy a new QNAP NAS just to retrieve my data and then I returned it.
After that, I swore off proprietary NASes. If I can’t easily retrieve data from perfectly good drives, it is an absolute no go.
If I can’t easily retrieve data from perfectly good drives, it is an absolute no go.
I’ve run the same md-raid drives through three different machines (ok, I’ve added a couple). I love that about md-raid. Pull the drives out of one system, stick them into another system with
mdadminstalled, and it recognizes the array immediately.
I like Unraid because it’s essentially “just Linux” but with a nice web UI. It’s got a great UI for Docker, VMs (KVM) and Linux containers (LXC).
Just got unraid up and running for the first time today. There’s a bit of a learning curve coming from TrueNAS Scale but it supports my use case: throwing whatever spinning rust I have into one big array. Seems to work alright, hardware could use additional cooling so I’ve shut it off until a new heatsink arrives.
What made you switch from TrueNAS Scale to Unraid, if I may ask? Is it just the ability to mix different drive sizes? I’m currently using TrueNAS Core and thinking about migrating to TrueNAS Scale.
Yes, that’s the only reason. You can mix drive sizes and still have a dedicated parity drive to rebuild from in case things go poorly. I am aware that it’s basically LVM with extra steps, but for a NAS I just want it to be as appliance-like as possible.
Still using Scale at work, though - that use case is different.
Thanks for your response!
I have feeling I may find myself here in time, as I develop this setup more.
If you’re familiar with Linux, I highly recommend it. The flexibility is just great and you can setup whatever dashboards / management tools you need. No need to tie yourself to a specific solution IMHO.
If you’re going with Docker containers, a lot of the NAS OSes just hold you back because they don’t support all the options that Docker offers. You’ll be fighting the system if you need to do any advanced Docker configuration.
Thank you!
I’m not familiar, yet. My background is MS OS but going back as far as CLIs so I’m confident I’ll learn fast.
If you want reliability, keep your NAS as a NAS; don’t run applications on the same system. If you screw something up, you’ll have to rebuild the whole thing. Run your applications in a VM at the minimum, that way you can just blow it away and start over if it gets fucked, without touching the NAS.
My NASs are purely NAS, I prefer a Debian server for… Pretty much everything. But my storage only does storage, I keep those separate (even for an old PC acting as a NAS).
No matter what goes down, I can bring it back up, even with a hardware failure.
I used to do that. I had a QNAP NAS and a small Intel NUC running Arch that would host all my services. I would just mount the NAS folders via Samba into the NUC. Problem is that services can’t watch the filesystem for changes. If I add a video to my Jellyfin directory, Jellyfin won’t automatically initiate a scan.
Nowadays, I just combine them into one. Just seems simpler that way.
I would just mount the NAS folders via Samba into the NUC. Problem is that services can’t watch the filesystem for changes. If I add a video to my Jellyfin directory, Jellyfin won’t automatically initiate a scan.
That sounds like a config issue. I use NFS shares in a similar way, and Plex/*arr/etc has zero issues watching for changes.
I just have my downloader trigger a scan at completion.
I have a few proxmox clusters going, combining it all wouldn’t be practical. This way my servers (tiny/mini/micros I’ve repurposed) stay small with decent sized ssd’s, big storage in 2 NAS’s, and a third for backups.
Consider that a new power efficient CPU may be cheaper by consuming less electricity over a few years!
I hadn’t considered that! Thank you.
I’m hoping the OS, as it’s designed for this, is going to be helpful in getting the right balance with power usage.
You can calculate it !
Take your power usage and compute the cost over a year.
I will soon add a SSD because i finally moved from a RAID 1 to RAID 5 (so more HDDs), it consume more electricity.
I can measure how much power it draw because the server is on a smart plug. I calculated an additional 20-30€ a year of electricity, adding a SSD for read/write cache would allow the HDDs to stop spinning, make things faster and will be cost effective over a few years.This is why I’m using a refurbished mini PC as my home server. Lower wattage for constant uptime at home. Also very quiet.
When you end up having a mini homelab look into komo.do for container orchestration over the overkill options like kubernetes or portainer
So what’s the threshold for ‘mini’ vs ‘you need to stop’…? Number of hosts, or number of containers, or number of public services, or…
When you lose a system. It responds to ping; all services are up, but you can’t find the damn thing.
So, not a number so much as a limit to your organizational skill+effort.
Not sure, currently have 8 nodes and 40 apps running
anything worth doing is worth overdoing
But k3s so niiiice.
I prefer dockge for putting all of my compositions in one place.
And being able to manage multiple hosts in one UI is the absolute tits. There are a few features I miss from portainer but none strong enough to pull me back. And no bs SaaS licensing and costs…
Portainer is way too bloated for personal use. I liked it initially, but the licensing shit was, well, shit, and the way it managed compose files was garbage. Dockge is way better for my use case, since it works alongside Docker, instead of fucking off to do its own thing.
dokploy is good as well
If you are concerned about TruNAS, go look at Xigmanas. This is the original FreeNAS project before iX acquired the name.
Much appreciated!
Welcome! I personally run proxmox as my host os then virtualize a truenas core VM and have my docker setup in another lxc. A bit more complex than just straight up truenas but its saves me before. I’d recommend looking into it
Thanks! That sounds like one of those things that’s a hassle to setup and appreciated in the long run
Its honestly not too bad as a starting point but its definitely harder than just installing truenas. Reason I’d suggest it is that it gives you more flexibility in the long term.
If you want less complexity, something like yunohost or CasaOS can be great too
I have so many things to try and discover!
Thanks, I’ve made a note of your suggestions, 👍
Its certainly a rabbit hole. If you ever need help shoot me a message. I’m happy to chat about this stuff.
You’re a good soul!
What’s the self hosted guide to security when opening up ports to the public ?
Don’t. Use a VPN like Tailscale or Wireguard. Tailscale uses the Wireguard protocol but it’s very easy to configure, and will automatically set up a peer-to-peer mesh network for you (each node on the VPN can directly reach any other node, without having to route through a central server).
The only things that should be exposed publicly are things that absolutely need to be - for example, parts of Home Assistant need to be publicly exposed if you use the Google Assistant or Alexa integrations, since Google and Amazon need to be able to reach it.
Use tailscale for host nodes, use tailscale docker container in a compose stack with an app that you sidecar to. That way that app is on your tailnet as if it is its own computer. Use tailscale serve for reverse proxying support of the apps. Then, setup a vps node (I use linodes $5 node) with tailscale and configure that to be your DMZ into your tailnet.
For DMZ, use Caddy, UFW, and fail2ban. Also take advantage of ACLs in the Tailscale admin console to only have the VPS able to route traffic to specific apps you want to expose. My current project is to work in Authelia into this setup so a user logs into one exposed app and is able to traverse to other exposed apps through header / token authentication.
Oh also, segment the tailnet using different authentication keys. Each host node should have its own key, all the apps on a host node should have a shared key, and all public facing clients should have a common shared key. That way in case of compromise you can revoke the affected keys without bringing down your network.
Basically not to. Open one for a VPN like Wireguard to accept incoming connections, and that’s it. Use the VPN to connect to your home network and access your services that way.
deploy to dmz
filtered by fw
host based isolation
zerotrust
etc
