7.8 KiB
DIY NAS v1
Table of contents
Hardware
| Component | Choice | Price |
|---|---|---|
| Case | Fractal Design Node 304 | €99 |
| CPU | Intel Celeron N5105 | Included in the motherboard |
| Hard disks | Seagate IronWolf ST4000VN008 4TB | €556,00 (4x €139,00) |
| Motherboard | Mini ITX NAS motherboard with Intel N5105 and I225 | €175,28 |
| Power supply | Corsair RM850e fully modular | €117,90 |
| RAM | Crucial CT2K16G4SFRA32A 32GB kit (2x16GB) | €67,95 |
| SATA cables | Cable Matters 6.0Gbps SATA III cable with 90 degrees angle, black, 45cm | €11,98 (2x €5,99) |
Software
Proxmox on bare metal, running TrueNAS Core as VM.
Operational burdens
Reserved managed port for Proxmox
One NIC is used by Proxmox as management port.
This one is given a fixed IP address and bridged from inside the system.
Disk passthrough
To allow for disk suspension and SMART checks from the VM, Proxmox needs to directly attach the disks to it:
$ lsblk -do 'NAME,SIZE,TYPE,MODEL,SERIAL' -I '8'
NAME SIZE TYPE MODEL SERIAL
sda 3.6T disk ST4000VN008-2DR166 ZGY9WA2F
sdb 3.6T disk ST4000VN008-2DR166 ZGY9WDD5
sdc 3.6T disk ST4000VN008-2DR166 ZGY9WL4Z
sdd 3.6T disk ST4000VN008-2DR166 ZGY9W66G
$ qm set 100 -sata0 /dev/disk/by-id/ata-ST4000VN008-2DR166_ZGY9WA2F
$ qm set 100 -sata1 /dev/disk/by-id/ata-ST4000VN008-2DR166_ZGY9WDD5
$ qm set 100 -sata2 /dev/disk/by-id/ata-ST4000VN008-2DR166_ZGY9WL4Z
$ qm set 100 -sata3 /dev/disk/by-id/ata-ST4000VN008-2DR166_ZGY9W66G
Default permissions on files and directories
Suppose you want a shared dataset to set the default permissions of newly created files and directories to 0664 and 0775 respectively.
The best way to achieve this would be to set up the dataset's ACLs accordingly:
| Who | ACL Type | Permissions Type | Permissions | Flags Type | Flags | Translated getfacl Tags |
Resulting Unix Permissions |
|---|---|---|---|---|---|---|---|
| owner@ | Allow | Advanced | Read Data, Write Data, Append Data Read Named Attributes, Write Named Attributes Read Attributes, Write Attributes Delete Read ACL, Write ACL Write Owner Synchronize |
Advanced | File Inherit | owner@:rw-p-daARWcCos:f------:allow |
-rw------- |
| owner@ | Allow | Basic | Full Control | Advanced | Directory Inherit | owner@:rwxpDdaARWcCos:-d-----:allow |
drwx------ |
| group@ | Allow | Advanced | Read Data, Write Data, Append Data Read Named Attributes, Write Named Attributes Read Attributes, Write Attributes Delete Read ACL, Write ACL Write Owner Synchronize |
Advanced | File Inherit | group@:rw-p-daARWcCos:f------:allow |
----rw---- |
| group@ | Allow | Basic | Full Control | Advanced | Directory Inherit | group@:rwxpDdaARWcCos:-d-----:allow |
d---rwx--- |
| everyone@ | Allow | Advanced | Read Data Read Named Attributes Read Attributes Read ACL |
Advanced | File Inherit | everyone@:r-----a-R-c---:f------:allow |
-------r-- |
| everyone@ | Allow | Advanced | Read Data Read Named Attributes Execute Read Attributes Read ACL |
Advanced | Directory Inherit | everyone@:r-x---a-R-c---:-d-----:allow |
d------r-x |
Default permissions in SMB shares
A simpler but arguably worse way to achieve a similar result only for SMB shares is by using the mask smb.conf additional parameters in the share definition:
create mask = 664
directory mask = 775
If a dataset has no ACLs set and you create a SMB share for it, you are asked to create them for its filesystem.
You can cancel at this point and go for the additional parameters instead.
Further readings
Sources
All the references in the further readings section, plus the following: