Conversation

Notices

1. Embed this notice
   djsumdog (djsumdog@djsumdog.com)'s status on Monday, 16-Sep-2024 14:12:31 JST djsumdog

   • Piggo :verified_horse:
   Just build your own? I built this one for my server rack back in 2022. It just runs Alpine and uses ZFS for the drives.
   
   Prior to that, I built this ITX NAS which ran FreeBSD: https://battlepenguin.com/tech/video/build-a-small-form-factor-storage-server-nas/
   • Embed this notice
     djsumdog (djsumdog@djsumdog.com)'s status on Monday, 16-Sep-2024 14:28:05 JST djsumdog

     in reply to

     • Piggo :verified_horse:
     • vic
     If you want NFS encryption, that can be a pain. I don't know if any of these NAS operating systems will setup Kerberos (required for NFS encryption) but I've set up a wireguard network between my NAS and everything that needs access to storage, and restrict NFS to that network. It only runs internally in my house, separate from my external Wireguard/VPN that goes to my hosting solution.
     
     It's way easier than NFS encryption, and probably just as secure. I would run benchmarks to compare the two, but I never even got NFS+Kerberos working. :blobcatgooglyshrug:
   • Embed this notice
     vic (vic@seal.cafe)'s status on Monday, 16-Sep-2024 14:28:11 JST vic

     in reply to

     • Piggo :verified_horse:
     @djsumdog @piggo Basic server with ZFS is the way. Learn to rsync or even just use the GUI to mount a directory over SSH, and it's simple enough.
     
     Every NAS falls very short of a computer's own native interface.
   • Embed this notice
     djsumdog (djsumdog@djsumdog.com)'s status on Monday, 16-Sep-2024 14:36:57 JST djsumdog

     in reply to

     • Piggo :verified_horse:
     • vic
     Yea I used sshfs for some things too but NFS ended up being faster more reliable. NFS+wireguard really helps with disconnection and "stale handle" issues. sshfs still operates in userland/FUSE and is so slow (even with 10Gb connections).
     
     There's one Windows machine I still export some Samba stuff for, but I hope to get rid of it this fall.
   • Embed this notice
     vic (vic@seal.cafe)'s status on Monday, 16-Sep-2024 14:36:59 JST vic

     in reply to

     • Piggo :verified_horse:
     @djsumdog @piggo I don't even bother with NFS. It's an outdated protocol and a huge security liability. Wireguard can help for sure, but it's a sloppy Band-Aid.
     
     Unfortunately SSHFS isn't perfect, either. There is one maintainer, and he doesn't have time to really fix issues. https://github.com/libfuse/sshfs?tab=readme-ov-file#development-status
     
     Maybe there's a native mTLS file-sharing solution that doesn't require layer-3 finagling (a la Wireguard) but which still guarantees transport security.