Richard Chamberlain
Posted on September 16, 2024
When I imagine the future of my home lab, I envision it filled with professional-grade equipment—a sleek server rack, servers humming away, and network switches blinking behind a perforated door. However, like many enthusiasts, my current setup is a bit more modest, made up of a mix of end-of-life workstations and desktops.
But that's part of the fun, right? Taking bits and pieces of hardware and transforming them into something practical and useful. That’s the beauty of a home lab.
In this article series, I’ll walk you through how I built a Network Attached Storage (NAS) solution using a DAC (Direct Access Storage) and a Single Board Computer (SBC). While this may not be the most conventional approach, it was certainly a fun and rewarding experience!
The SBC NAS
At its core, a NAS (Network Attached Storage) is simply a device that shares storage across a network. For my setup, I had an Orange Pi 5 Pro that I’d been experimenting with, and since it features two network interfaces, it was a perfect candidate for the NAS device to connect to the DAC.
One network interface would serve Proxmox, acting as the NAS for my virtual environment, while the other would be dedicated to my personal media storage. I set up the Orange Pi with a headless Debian server and connected it to the DAC, using Samba to share the storage across the network.
And just like that, I had something that was almost a fully functional NAS!
To Bridge or Not to Bridge
The Orange Pi 5 Pro comes with two network interfaces, and when I first envisioned this project, I considered bridging them. However, bridging the two would essentially connect two subnets that are normally separated by a firewall, bypassing that isolation.
This led to an important question: did I really want to bridge these two networks on a Debian SBC? After weighing the pros and cons, I had to carefully consider whether merging these networks would compromise the structure and security of my home lab.
Security Concerns with the Bridge
Although my home lab isn’t a production-level environment, I try to approach it with the same security considerations. By bridging the networks, I realized a couple of important access concerns:
- From a Proxmox and personal device perspective, bridging effectively gave both access to the NAS.
- From a NAS perspective, it now had access not only to the Proxmox server and VMs running on it, but also to any personal devices I use to access media.
This raised a significant question: was I compromising security by bridging these networks?
In my next post, I’ll walk through the steps I took to secure access to the NAS and maintain proper isolation.
/etc/samba/smb.conf
[global]
workgroup = sebos
log file = /var/log/samba/smb.log
max log size = 10000
log level = 1
server string = sebos nas %v
security = user
min protocol = SMB2
# Include additional configuration files
[media]
include = /etc/samba/smb.d/media.conf
[pve]
include = /etc/samba/smb.d/pve.conf
/etc/samba/smb.d/media.conf
comment = home media server
path = /srv/nas_storage/media
browseable = yes
writable = yes
guest ok = no
create mask = 0664
directory mask = 0775
force user = samba_media
force group = samba_admin_media
valid users = samba_media
/etc/samba/smb.d/pve.conf
comment = pve storage
path = /srv/nas_storage/pve
browseable = yes
writable = yes
guest ok = no
create mask = 0664
directory mask = 0775
force user = samba_pve
force group = samba_admin_pve
valid users = samba_pve
Posted on September 16, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.