commit a6128188333ce88cbe7dc8104e951b89b2328a32
parent 34443f7a9e707e843a1735d975cf204337bdfd42
Author: Jake Bauer <jbauer@paritybit.ca>
Date: Sun, 13 Mar 2022 23:59:34 -0400
Add FreeBSD NAS info
Diffstat:
2 files changed, 102 insertions(+), 0 deletions(-)
diff --git a/index.gmi b/index.gmi
@@ -30,6 +30,7 @@
### Homelab
=> /sysadmin/openbsd-router.gmi OpenBSD Router
+=> /sysadmin/freebsd-nas.gmi FreeBSD NAS
### JadeRune.net
diff --git a/sysadmin/freebsd-nas.gmi b/sysadmin/freebsd-nas.gmi
@@ -0,0 +1,101 @@
+# FreeBSD NAS
+
+## Hardware
+
+The machine is a Dell Optiplex 3020MT with the following specs:
+
+* CPU: i3-4150 @ 3.50GHz (2C/4T)
+* RAM: 2+4GB DDR3
+* Boot: Samsung 870 EVO 250GB SSD
+* Storage: Mirror of Two HGST HDN726040ALE614 (4TB) HDDs
+
+## Software
+
+FreeBSD was installed to the system using ZFS on the boot drive. A zfs pool was created on the two hard drives with:
+
+```zfs pool creation
+zpool create -f -o ashift=12 -m /var/nas nas mirror /dev/ada1 /dev/ada2
+```
+
+Periodic maintenance is done by copying /etc/defaults/periodic.conf to /etc/periodic.conf and editing it to include regular ZFS status checking, a scrub every 7 days, and smartctl checking (requires the smartmontools package to be installed and `sysrc smartd_enable=YES`):
+
+```/etc/periodic.conf
+# 404.status-zfs
+daily_status_zfs_enable="YES" # Check ZFS
+daily_status_zfs_zpool_list_enable="YES" # List ZFS pools
+
+# 800.scrub-zfs
+daily_scrub_zfs_enable="YES"
+daily_scrub_zfs_pools="" # empty string selects all pools
+daily_scrub_zfs_default_threshold="7" # days between scrubs
+
+# 900 Smart status
+daily_status_smart_devices="/dev/ada0 /dev/ada1 /dev/ada2"
+```
+
+/etc/aliases was changed to point mails that would otherwise go to root to my personal email.
+
+DMA from DragonflyBSD was installed to handle forwarding these status messages to my personal email from this machine (which is behind NAT on a residential network and therefore can't send its own emails). It was configured as follows:
+
+```/usr/local/etc/dma/dma.conf
+SMARTHOST mail.paritybit.ca
+PORT 465
+AUTHPATH /usr/local/etc/dma/auth.conf
+SECURETRANSFER
+MAILNAME mail.paritybit.ca
+MASQUERADE no-reply@paritybit.ca
+```
+
+With the following in the auth.conf file:
+
+```/usr/local/etc/dma/auth.conf
+no-reply|mail.paritybit.ca:SUPERSECUREPASSWORD
+```
+
+### Samba
+
+A Samba file server is used to distribute files. First, the latest samba package was installed, then the following configuration was placed in /usr/local/etc/smb4.conf:
+
+```/usr/local/etc/smb4.conf
+[global]
+ workgroup = NASGROUP
+ realm = nasgroup.local
+ netbios name = NAS
+
+[nas]
+ path = /var/nas
+ public = no
+ writable = yes
+ printable = no
+ guest ok = no
+ valid users = jbauer
+```
+
+This was followed by:
+
+```
+sysrc samba_server_enable=YES
+system samba_server start
+```
+
+A system user with the same name as listed in "valid users" was created, and then `pdbedit -a -u jbauer` was used to enable the user for Samba.
+
+### Tuning
+
+Some tuning for performance was done. The following settings were set in /etc/sysctl.conf:
+
+```sysctl.conf
+kern.maxfiles=25600
+kern.maxfilesperproc=16384
+kern.inet.tcp.sendspace=65536
+kern.inet.tcp.recvspace=65536
+```
+
+And the following settings were configured for the zfs pool:
+
+```zfs pool settings
+zfs set relatime=on nas
+zfs set compression=lz4 nas
+zfs set recordsize=1M nas
+```
+
