brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: diy nas progresses

Browse Source
This commit is contained in:
Michele Cereda
2023-09-14 00:24:11 +02:00
parent ad0c1da2bf
commit 335fb1f95e
6 changed files with 191 additions and 69 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
knowledge base/cpupower.md
View File

@@ -6,7 +6,8 @@ Default governor is _ondemand_ for older CPUs and kernels and _schedutil_ for ne
```sh ```sh
# Install. # Install.
sudo dnf install kernel-tools sudo apt install 'linux-cpupower'
sudo dnf install 'kernel-tools'
# List the available governors. # List the available governors.
cpupower frequency-info --governors cpupower frequency-info --governors
@@ -15,9 +16,9 @@ cpupower frequency-info --governors
cpupower frequency-info --policy cpupower frequency-info --policy
# Set a new governor until reboot. # Set a new governor until reboot.
sudo cpupower frequency-set -g performance sudo cpupower frequency-set -g 'performance'
sudo cpupower frequency-set --governor powersave sudo cpupower frequency-set --governor 'powersave'
sudo cpupower frequency-set --governor schedutil sudo cpupower frequency-set --governor 'schedutil'
``` ```
## Further readings ## Further readings

28
knowledge base/disks maintenance.md Normal file
View File

@@ -0,0 +1,28 @@
# Disks maintenance
## Table of contents <!-- omit in toc -->
1. [TL;DR](#tldr)
1. [Sources](#sources)
## TL;DR
```sh
# Check disks have spun down.
# 'standby' means they did.
smartctl -i -n standby '/dev/sda'
hdparm -C '/dev/sd'*
```
## Sources
- [`smartctl`][smartctl]
- [`hdparm`][hdparm]
<!--
References
-->
<!-- Knowledge base -->
[hdparm]: hdparm.md
[smartctl]: smartctl.md

70
knowledge base/diy nas/v1.md
View File

@@ -3,12 +3,6 @@
## Table of contents <!-- omit in toc --> ## Table of contents <!-- omit in toc -->
1. [Hardware](#hardware) 1. [Hardware](#hardware)
1. [Software](#software)
1. [Operational burdens](#operational-burdens)
1. [Reserved managed port for Proxmox](#reserved-managed-port-for-proxmox)
1. [Disk passthrough](#disk-passthrough)
1. [Default permissions on files and directories](#default-permissions-on-files-and-directories)
1. [Default permissions in SMB shares](#default-permissions-in-smb-shares)
1. [Further readings](#further-readings) 1. [Further readings](#further-readings)
1. [Sources](#sources) 1. [Sources](#sources)
@@ -24,72 +18,17 @@
| RAM | [Crucial CT2K16G4SFRA32A] 32GB kit (2x16GB) | [€67,95][amazon crucial ct2k16g4sfra32a] | | RAM | [Crucial CT2K16G4SFRA32A] 32GB kit (2x16GB) | [€67,95][amazon crucial ct2k16g4sfra32a] |
| SATA cables | Cable Matters 6.0Gbps SATA III cable with 90 degrees angle, black, 45cm | €11,98 (2x [€5,99][amazon cable matters sata cables]) | | SATA cables | Cable Matters 6.0Gbps SATA III cable with 90 degrees angle, black, 45cm | €11,98 (2x [€5,99][amazon cable matters sata cables]) |
## Software
[Proxmox] on bare metal, running [TrueNAS Core] as VM.
## Operational burdens
### Reserved managed port for Proxmox
One NIC is used by Proxmox as _management port_.<br/>
This one is given a fixed IP address and bridged from inside the system.
### Disk passthrough
To allow for disk suspension and SMART checks from the VM, Proxmox needs to **directly** attach the disks to it:
```sh
$ lsblk -do 'NAME,SIZE,TYPE,MODEL,SERIAL' -I '8'
NAME SIZE TYPE MODEL SERIAL
sda 3.6T disk ST4000VN008-2DR166 ZGY9WA2F
sdb 3.6T disk ST4000VN008-2DR166 ZGY9WDD5
sdc 3.6T disk ST4000VN008-2DR166 ZGY9WL4Z
sdd 3.6T disk ST4000VN008-2DR166 ZGY9W66G
$ qm set 100 -sata0 /dev/disk/by-id/ata-ST4000VN008-2DR166_ZGY9WA2F
$ qm set 100 -sata1 /dev/disk/by-id/ata-ST4000VN008-2DR166_ZGY9WDD5
$ qm set 100 -sata2 /dev/disk/by-id/ata-ST4000VN008-2DR166_ZGY9WL4Z
$ qm set 100 -sata3 /dev/disk/by-id/ata-ST4000VN008-2DR166_ZGY9W66G
```
### Default permissions on files and directories
Suppose you want a shared dataset to set the default permissions of newly created files and directories to `0664` and `0775` respectively.
The best way to achieve this would be to set up the dataset's ACLs accordingly:
| Who | ACL Type | Permissions Type | Permissions | Flags Type | Flags | Translated `getfacl` Tags | Resulting Unix Permissions |
| --------- | -------- | ---------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | ----------------- | ---------------------------------------- | -------------------------- |
| owner@ | Allow | Advanced | Read Data, Write Data, Append Data<br/>Read Named Attributes, Write Named Attributes<br/>Read Attributes, Write Attributes<br/>Delete<br/>Read ACL, Write ACL<br/>Write Owner<br/>Synchronize | Advanced | File Inherit | ` owner@:rw-p-daARWcCos:f------:allow` | `-rw-------` |
| owner@ | Allow | Basic | Full Control | Advanced | Directory Inherit | ` owner@:rwxpDdaARWcCos:-d-----:allow` | `drwx------` |
| group@ | Allow | Advanced | Read Data, Write Data, Append Data<br/>Read Named Attributes, Write Named Attributes<br/>Read Attributes, Write Attributes<br/>Delete<br/>Read ACL, Write ACL<br/>Write Owner<br/>Synchronize | Advanced | File Inherit | ` group@:rw-p-daARWcCos:f------:allow` | `----rw----` |
| group@ | Allow | Basic | Full Control | Advanced | Directory Inherit | ` group@:rwxpDdaARWcCos:-d-----:allow` | `d---rwx---` |
| everyone@ | Allow | Advanced | Read Data<br/>Read Named Attributes<br/>Read Attributes<br/>Read ACL | Advanced | File Inherit | `everyone@:r-----a-R-c---:f------:allow` | `-------r--` |
| everyone@ | Allow | Advanced | Read Data<br/>Read Named Attributes<br/>Execute<br/>Read Attributes<br/>Read ACL | Advanced | Directory Inherit | `everyone@:r-x---a-R-c---:-d-----:allow` | `d------r-x` |
#### Default permissions in SMB shares
A simpler but arguably worse way to achieve a similar result **only for SMB shares** is by using the _mask_ `smb.conf` additional parameters in the share definition:
```txt
create mask = 664
directory mask = 775
```
If a dataset has no ACLs set and you create a SMB share for it, you are asked to create them for its filesystem.<br/>
You can cancel at this point and go for the additional parameters instead.
## Further readings ## Further readings
- [TrueNAS core] - [OpenMediaVault]
## Sources ## Sources
All the references in the [further readings] section, plus the following: All the references in the [further readings] section, plus the following:
- [The Perfect Home Server 2023] - [The Perfect Home Server 2023]
- [How to run TrueNAS on Proxmox?] - [TrueNAS core]
- [Proxmox]
<!-- <!--
References References
@@ -103,13 +42,14 @@ All the references in the [further readings] section, plus the following:
[intel celeron n5105]: https://www.intel.com/content/www/us/en/products/sku/212328/intel-celeron-processor-n5105-4m-cache-up-to-2-90-ghz/specifications.html [intel celeron n5105]: https://www.intel.com/content/www/us/en/products/sku/212328/intel-celeron-processor-n5105-4m-cache-up-to-2-90-ghz/specifications.html
[seagate ironwolf st4000vn008 4tb]: https://www.seagate.com/products/nas-drives/ironwolf-hard-drive/ [seagate ironwolf st4000vn008 4tb]: https://www.seagate.com/products/nas-drives/ironwolf-hard-drive/
[the perfect home server 2023]: https://www.youtube.com/watch?v=vjDoQA4C22c [the perfect home server 2023]: https://www.youtube.com/watch?v=vjDoQA4C22c
[truenas core]: https://www.truenas.com/truenas-core/
<!-- In-article sections --> <!-- In-article sections -->
[further readings]: #further-readings [further readings]: #further-readings
<!-- Knowledge base --> <!-- Knowledge base -->
[openmediavault]: ../openmediavault.md
[proxmox]: ../proxmox.md [proxmox]: ../proxmox.md
[truenas core]: ../truenas%20core.md
<!-- Others --> <!-- Others -->
[amazon cable matters sata cables]: https://www.amazon.nl/dp/B018Y2LEBE/ [amazon cable matters sata cables]: https://www.amazon.nl/dp/B018Y2LEBE/

82
knowledge base/openmediavault.md Normal file
View File

@@ -0,0 +1,82 @@
# OpenMediaVault
NAS solution based on [Debian Linux][debian].
## Table of contents <!-- omit in toc -->
1. [TL;DR](#tldr)
1. [Make other users administrators](#make-other-users-administrators)
1. [Remove access for the default admin user](#remove-access-for-the-default-admin-user)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## TL;DR
```sh
# Install OMV-Extras.
wget -O - 'https://github.com/OpenMediaVault-Plugin-Developers/packages/raw/master/install' | bash
```
## Make other users administrators
Just add the user to the `openmediavault-admin` group:
```sh
gpasswd -a 'me' 'openmediavault-admin'
usermod -aG 'openmediavault-admin' 'me'
```
## Remove access for the default admin user
Only do this **after** you created another user and [made it an admin][make other users administrators].
From the safest to the less safe option:
1. Lock the account:
```sh
chage -E0 'admin'
```
1. Remove it from the `openmediavault-admin` group:
```sh
gpasswd -d 'admin' 'openmediavault-admin'
deluser 'admin' 'openmediavault-admin'
```
1. Delete it completely:
```sh
userdel -r 'admin'
deluser 'admin'
```
## Further readings
- [Website]
- [Debian]
- [Proxmox]
- [OMV-Extras]
- [Disks maintenance]
## Sources
All the references in the [further readings] section, plus the following:
- [How to lock or disable an user account]
<!--
References
-->
<!-- Upstream -->
[omv-extras]: https://wiki.omv-extras.org/
[website]: https://www.openmediavault.org/
<!-- In-article sections -->
[further readings]: #further-readings
[make other users administrators]: #make-other-users-administrators
<!-- Knowledge base -->
[debian]: debian.md
[disks maintenance]: disks%20maintenance.md
[proxmox]: proxmox.md
<!-- Others -->
[how to lock or disable an user account]: https://www.thegeekdiary.com/unix-linux-how-to-lock-or-disable-an-user-account/

3
knowledge base/proxmox.md
View File

@@ -54,5 +54,8 @@ All the references in the [further readings] section, plus the following:
<!-- In-article sections --> <!-- In-article sections -->
[further readings]: #further-readings [further readings]: #further-readings
<!-- Knowledge base -->
[disks maintenance]: disks%20maintenance.md
<!-- Others --> <!-- Others -->
[how to run truenas on proxmox?]: https://www.youtube.com/watch?v=M3pKprTdNqQ [how to run truenas on proxmox?]: https://www.youtube.com/watch?v=M3pKprTdNqQ

68
knowledge base/truenas core.md Normal file
View File

@@ -0,0 +1,68 @@
# TrueNAS core
## Table of contents <!-- omit in toc -->
1. [TL;DR](#tldr)
1. [Default permissions on files and directories](#default-permissions-on-files-and-directories)
1. [Default permissions in SMB shares](#default-permissions-in-smb-shares)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## TL;DR
## Default permissions on files and directories
Suppose you want a shared dataset to set the default permissions of newly created files and directories to `0664` and `0775` respectively.
The best way to achieve this would be to set up the dataset's ACLs accordingly:
| Who | ACL Type | Permissions Type | Permissions | Flags Type | Flags | Translated `getfacl` Tags | Resulting Unix Permissions |
| --------- | -------- | ---------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | ----------------- | ---------------------------------------- | -------------------------- |
| owner@ | Allow | Advanced | Read Data, Write Data, Append Data<br/>Read Named Attributes, Write Named Attributes<br/>Read Attributes, Write Attributes<br/>Delete<br/>Read ACL, Write ACL<br/>Write Owner<br/>Synchronize | Advanced | File Inherit | ` owner@:rw-p-daARWcCos:f------:allow` | `-rw-------` |
| owner@ | Allow | Basic | Full Control | Advanced | Directory Inherit | ` owner@:rwxpDdaARWcCos:-d-----:allow` | `drwx------` |
| group@ | Allow | Advanced | Read Data, Write Data, Append Data<br/>Read Named Attributes, Write Named Attributes<br/>Read Attributes, Write Attributes<br/>Delete<br/>Read ACL, Write ACL<br/>Write Owner<br/>Synchronize | Advanced | File Inherit | ` group@:rw-p-daARWcCos:f------:allow` | `----rw----` |
| group@ | Allow | Basic | Full Control | Advanced | Directory Inherit | ` group@:rwxpDdaARWcCos:-d-----:allow` | `d---rwx---` |
| everyone@ | Allow | Advanced | Read Data<br/>Read Named Attributes<br/>Read Attributes<br/>Read ACL | Advanced | File Inherit | `everyone@:r-----a-R-c---:f------:allow` | `-------r--` |
| everyone@ | Allow | Advanced | Read Data<br/>Read Named Attributes<br/>Execute<br/>Read Attributes<br/>Read ACL | Advanced | Directory Inherit | `everyone@:r-x---a-R-c---:-d-----:allow` | `d------r-x` |
### Default permissions in SMB shares
A simpler but arguably worse way to achieve a similar result **only for SMB shares** is by using the _mask_ `smb.conf` additional parameters in the share definition:
```txt
create mask = 664
directory mask = 775
```
If a dataset has no ACLs set and you create a SMB share for it, you are asked to create them for its filesystem.<br/>
You can cancel at this point and go for the additional parameters instead.
## Further readings
- [Website]
- [Proxmox]
- [OpenMediaVault]
## Sources
All the references in the [further readings] section, plus the following:
- [How to run TrueNAS on Proxmox?]
<!--
References
-->
<!-- Upstream -->
[website]: https://www.truenas.com/truenas-core/
<!-- In-article sections -->
[further readings]: #further-readings
<!-- Knowledge base -->
[disks maintenance]: disks%20maintenance.md
[openmediavault]: openmediavault.md
[proxmox]: proxmox.md
<!-- Others -->
[how to run truenas on proxmox?]: https://www.youtube.com/watch?v=M3pKprTdNqQ