From 335fb1f95e86a4a82b92d5be7b81ea70b492ab3c Mon Sep 17 00:00:00 2001 From: Michele Cereda Date: Thu, 14 Sep 2023 00:24:11 +0200 Subject: [PATCH] chore: diy nas progresses --- knowledge base/cpupower.md | 9 ++-- knowledge base/disks maintenance.md | 28 ++++++++++ knowledge base/diy nas/v1.md | 70 ++---------------------- knowledge base/openmediavault.md | 82 +++++++++++++++++++++++++++++ knowledge base/proxmox.md | 3 ++ knowledge base/truenas core.md | 68 ++++++++++++++++++++++++ 6 files changed, 191 insertions(+), 69 deletions(-) create mode 100644 knowledge base/disks maintenance.md create mode 100644 knowledge base/openmediavault.md create mode 100644 knowledge base/truenas core.md diff --git a/knowledge base/cpupower.md b/knowledge base/cpupower.md index 8ad02a5..865d75d 100644 --- a/knowledge base/cpupower.md +++ b/knowledge base/cpupower.md @@ -6,7 +6,8 @@ Default governor is _ondemand_ for older CPUs and kernels and _schedutil_ for ne ```sh # Install. -sudo dnf install kernel-tools +sudo apt install 'linux-cpupower' +sudo dnf install 'kernel-tools' # List the available governors. cpupower frequency-info --governors @@ -15,9 +16,9 @@ cpupower frequency-info --governors cpupower frequency-info --policy # Set a new governor until reboot. -sudo cpupower frequency-set -g performance -sudo cpupower frequency-set --governor powersave -sudo cpupower frequency-set --governor schedutil +sudo cpupower frequency-set -g 'performance' +sudo cpupower frequency-set --governor 'powersave' +sudo cpupower frequency-set --governor 'schedutil' ``` ## Further readings diff --git a/knowledge base/disks maintenance.md b/knowledge base/disks maintenance.md new file mode 100644 index 0000000..240074b --- /dev/null +++ b/knowledge base/disks maintenance.md @@ -0,0 +1,28 @@ +# Disks maintenance + +## Table of contents + +1. [TL;DR](#tldr) +1. [Sources](#sources) + +## TL;DR + +```sh +# Check disks have spun down. +# 'standby' means they did. +smartctl -i -n standby '/dev/sda' +hdparm -C '/dev/sd'* +``` + +## Sources + +- [`smartctl`][smartctl] +- [`hdparm`][hdparm] + + + + +[hdparm]: hdparm.md +[smartctl]: smartctl.md diff --git a/knowledge base/diy nas/v1.md b/knowledge base/diy nas/v1.md index fac9801..009d8fa 100644 --- a/knowledge base/diy nas/v1.md +++ b/knowledge base/diy nas/v1.md @@ -3,12 +3,6 @@ ## Table of contents 1. [Hardware](#hardware) -1. [Software](#software) -1. [Operational burdens](#operational-burdens) - 1. [Reserved managed port for Proxmox](#reserved-managed-port-for-proxmox) - 1. [Disk passthrough](#disk-passthrough) - 1. [Default permissions on files and directories](#default-permissions-on-files-and-directories) - 1. [Default permissions in SMB shares](#default-permissions-in-smb-shares) 1. [Further readings](#further-readings) 1. [Sources](#sources) @@ -24,72 +18,17 @@ | RAM | [Crucial CT2K16G4SFRA32A] 32GB kit (2x16GB) | [€67,95][amazon crucial ct2k16g4sfra32a] | | SATA cables | Cable Matters 6.0Gbps SATA III cable with 90 degrees angle, black, 45cm | €11,98 (2x [€5,99][amazon cable matters sata cables]) | -## Software - -[Proxmox] on bare metal, running [TrueNAS Core] as VM. - -## Operational burdens - -### Reserved managed port for Proxmox - -One NIC is used by Proxmox as _management port_.
-This one is given a fixed IP address and bridged from inside the system. - -### Disk passthrough - -To allow for disk suspension and SMART checks from the VM, Proxmox needs to **directly** attach the disks to it: - -```sh -$ lsblk -do 'NAME,SIZE,TYPE,MODEL,SERIAL' -I '8' -NAME SIZE TYPE MODEL SERIAL -sda 3.6T disk ST4000VN008-2DR166 ZGY9WA2F -sdb 3.6T disk ST4000VN008-2DR166 ZGY9WDD5 -sdc 3.6T disk ST4000VN008-2DR166 ZGY9WL4Z -sdd 3.6T disk ST4000VN008-2DR166 ZGY9W66G - -$ qm set 100 -sata0 /dev/disk/by-id/ata-ST4000VN008-2DR166_ZGY9WA2F -$ qm set 100 -sata1 /dev/disk/by-id/ata-ST4000VN008-2DR166_ZGY9WDD5 -$ qm set 100 -sata2 /dev/disk/by-id/ata-ST4000VN008-2DR166_ZGY9WL4Z -$ qm set 100 -sata3 /dev/disk/by-id/ata-ST4000VN008-2DR166_ZGY9W66G -``` - -### Default permissions on files and directories - -Suppose you want a shared dataset to set the default permissions of newly created files and directories to `0664` and `0775` respectively. - -The best way to achieve this would be to set up the dataset's ACLs accordingly: - -| Who | ACL Type | Permissions Type | Permissions | Flags Type | Flags | Translated `getfacl` Tags | Resulting Unix Permissions | -| --------- | -------- | ---------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | ----------------- | ---------------------------------------- | -------------------------- | -| owner@ | Allow | Advanced | Read Data, Write Data, Append Data
Read Named Attributes, Write Named Attributes
Read Attributes, Write Attributes
Delete
Read ACL, Write ACL
Write Owner
Synchronize | Advanced | File Inherit | ` owner@:rw-p-daARWcCos:f------:allow` | `-rw-------` | -| owner@ | Allow | Basic | Full Control | Advanced | Directory Inherit | ` owner@:rwxpDdaARWcCos:-d-----:allow` | `drwx------` | -| group@ | Allow | Advanced | Read Data, Write Data, Append Data
Read Named Attributes, Write Named Attributes
Read Attributes, Write Attributes
Delete
Read ACL, Write ACL
Write Owner
Synchronize | Advanced | File Inherit | ` group@:rw-p-daARWcCos:f------:allow` | `----rw----` | -| group@ | Allow | Basic | Full Control | Advanced | Directory Inherit | ` group@:rwxpDdaARWcCos:-d-----:allow` | `d---rwx---` | -| everyone@ | Allow | Advanced | Read Data
Read Named Attributes
Read Attributes
Read ACL | Advanced | File Inherit | `everyone@:r-----a-R-c---:f------:allow` | `-------r--` | -| everyone@ | Allow | Advanced | Read Data
Read Named Attributes
Execute
Read Attributes
Read ACL | Advanced | Directory Inherit | `everyone@:r-x---a-R-c---:-d-----:allow` | `d------r-x` | - -#### Default permissions in SMB shares - -A simpler but arguably worse way to achieve a similar result **only for SMB shares** is by using the _mask_ `smb.conf` additional parameters in the share definition: - -```txt -create mask = 664 -directory mask = 775 -``` - -If a dataset has no ACLs set and you create a SMB share for it, you are asked to create them for its filesystem.
-You can cancel at this point and go for the additional parameters instead. - ## Further readings -- [TrueNAS core] +- [OpenMediaVault] ## Sources All the references in the [further readings] section, plus the following: - [The Perfect Home Server 2023] -- [How to run TrueNAS on Proxmox?] +- [TrueNAS core] +- [Proxmox] [further readings]: #further-readings +[openmediavault]: ../openmediavault.md [proxmox]: ../proxmox.md +[truenas core]: ../truenas%20core.md [amazon cable matters sata cables]: https://www.amazon.nl/dp/B018Y2LEBE/ diff --git a/knowledge base/openmediavault.md b/knowledge base/openmediavault.md new file mode 100644 index 0000000..6bec9e8 --- /dev/null +++ b/knowledge base/openmediavault.md @@ -0,0 +1,82 @@ +# OpenMediaVault + +NAS solution based on [Debian Linux][debian]. + +## Table of contents + +1. [TL;DR](#tldr) +1. [Make other users administrators](#make-other-users-administrators) +1. [Remove access for the default admin user](#remove-access-for-the-default-admin-user) +1. [Further readings](#further-readings) +1. [Sources](#sources) + +## TL;DR + +```sh +# Install OMV-Extras. +wget -O - 'https://github.com/OpenMediaVault-Plugin-Developers/packages/raw/master/install' | bash +``` + +## Make other users administrators + +Just add the user to the `openmediavault-admin` group: + +```sh +gpasswd -a 'me' 'openmediavault-admin' +usermod -aG 'openmediavault-admin' 'me' +``` + +## Remove access for the default admin user + +Only do this **after** you created another user and [made it an admin][make other users administrators]. + +From the safest to the less safe option: + +1. Lock the account: + ```sh + chage -E0 'admin' + ``` +1. Remove it from the `openmediavault-admin` group: + ```sh + gpasswd -d 'admin' 'openmediavault-admin' + deluser 'admin' 'openmediavault-admin' + ``` +1. Delete it completely: + ```sh + userdel -r 'admin' + deluser 'admin' + ``` + +## Further readings + +- [Website] +- [Debian] +- [Proxmox] +- [OMV-Extras] +- [Disks maintenance] + +## Sources + +All the references in the [further readings] section, plus the following: + +- [How to lock or disable an user account] + + + + +[omv-extras]: https://wiki.omv-extras.org/ +[website]: https://www.openmediavault.org/ + + +[further readings]: #further-readings +[make other users administrators]: #make-other-users-administrators + + +[debian]: debian.md +[disks maintenance]: disks%20maintenance.md +[proxmox]: proxmox.md + + +[how to lock or disable an user account]: https://www.thegeekdiary.com/unix-linux-how-to-lock-or-disable-an-user-account/ diff --git a/knowledge base/proxmox.md b/knowledge base/proxmox.md index 6fcd3ab..10a009e 100644 --- a/knowledge base/proxmox.md +++ b/knowledge base/proxmox.md @@ -54,5 +54,8 @@ All the references in the [further readings] section, plus the following: [further readings]: #further-readings + +[disks maintenance]: disks%20maintenance.md + [how to run truenas on proxmox?]: https://www.youtube.com/watch?v=M3pKprTdNqQ diff --git a/knowledge base/truenas core.md b/knowledge base/truenas core.md new file mode 100644 index 0000000..8da9bb7 --- /dev/null +++ b/knowledge base/truenas core.md @@ -0,0 +1,68 @@ +# TrueNAS core + +## Table of contents + +1. [TL;DR](#tldr) +1. [Default permissions on files and directories](#default-permissions-on-files-and-directories) + 1. [Default permissions in SMB shares](#default-permissions-in-smb-shares) +1. [Further readings](#further-readings) +1. [Sources](#sources) + +## TL;DR + +## Default permissions on files and directories + +Suppose you want a shared dataset to set the default permissions of newly created files and directories to `0664` and `0775` respectively. + +The best way to achieve this would be to set up the dataset's ACLs accordingly: + +| Who | ACL Type | Permissions Type | Permissions | Flags Type | Flags | Translated `getfacl` Tags | Resulting Unix Permissions | +| --------- | -------- | ---------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | ----------------- | ---------------------------------------- | -------------------------- | +| owner@ | Allow | Advanced | Read Data, Write Data, Append Data
Read Named Attributes, Write Named Attributes
Read Attributes, Write Attributes
Delete
Read ACL, Write ACL
Write Owner
Synchronize | Advanced | File Inherit | ` owner@:rw-p-daARWcCos:f------:allow` | `-rw-------` | +| owner@ | Allow | Basic | Full Control | Advanced | Directory Inherit | ` owner@:rwxpDdaARWcCos:-d-----:allow` | `drwx------` | +| group@ | Allow | Advanced | Read Data, Write Data, Append Data
Read Named Attributes, Write Named Attributes
Read Attributes, Write Attributes
Delete
Read ACL, Write ACL
Write Owner
Synchronize | Advanced | File Inherit | ` group@:rw-p-daARWcCos:f------:allow` | `----rw----` | +| group@ | Allow | Basic | Full Control | Advanced | Directory Inherit | ` group@:rwxpDdaARWcCos:-d-----:allow` | `d---rwx---` | +| everyone@ | Allow | Advanced | Read Data
Read Named Attributes
Read Attributes
Read ACL | Advanced | File Inherit | `everyone@:r-----a-R-c---:f------:allow` | `-------r--` | +| everyone@ | Allow | Advanced | Read Data
Read Named Attributes
Execute
Read Attributes
Read ACL | Advanced | Directory Inherit | `everyone@:r-x---a-R-c---:-d-----:allow` | `d------r-x` | + +### Default permissions in SMB shares + +A simpler but arguably worse way to achieve a similar result **only for SMB shares** is by using the _mask_ `smb.conf` additional parameters in the share definition: + +```txt +create mask = 664 +directory mask = 775 +``` + +If a dataset has no ACLs set and you create a SMB share for it, you are asked to create them for its filesystem.
+You can cancel at this point and go for the additional parameters instead. + +## Further readings + +- [Website] +- [Proxmox] +- [OpenMediaVault] + +## Sources + +All the references in the [further readings] section, plus the following: + +- [How to run TrueNAS on Proxmox?] + + + + +[website]: https://www.truenas.com/truenas-core/ + + +[further readings]: #further-readings + + +[disks maintenance]: disks%20maintenance.md +[openmediavault]: openmediavault.md +[proxmox]: proxmox.md + + +[how to run truenas on proxmox?]: https://www.youtube.com/watch?v=M3pKprTdNqQ