NAS Ansible
NAS deployment playbook built for Debian 11.
Port 80 must be forwarded before running make install
to allow container services to obtain Let's Encrypt certificates.
IMPORTANT!!
DO NOT forward port 443 until container services have been fully configured. Otherwise an attacker could configure the initial admin account.
Bare Metal
make deps
to install playbook dependenciesmake encrypt_string
to encrypt Samba passwords for hosts.yml- Update variables in hosts.yml
- Update variables in vault.yml
make vault
to encrypt vault.ymlmake zfs
to install ZFS- Create/import ZFS pool, ensure
zpool
,zfs_dataset
, andzfs_mountpoint
values in hosts.yml are correct make install
to run playbook for bare metal
LXC
make encrypt_string
to encrypt Samba passwords for hosts.yml- Update variables in hosts.yml
- Update variables in vault.yml
make vault
to encrypt vault.yml- Mount ZFS dataset within container, ensure
zfs_mountpoint
value in hosts.yml contains the mountpoint make lxc
to run playbook for LXC
ZFS
Create Pool
zpool create pool0 raidz2 /dev/sdb /dev/sdc /dev/sdd /dev/sde
Create Encrypted Dataset
zfs create -o encryption=on -o keylocation=prompt -o keyformat=passphrase -o compression=lz4 -o mountpoint=/pool0/encrypted pool0/encrypted
Verify Dataset Settings
zfs list -o encryption,compression,mountpoint
Remount Encrypted Dataset after Reboot
zfs mount -l pool0/encrypted