~jbauer/knowledgebase

a6128188333ce88cbe7dc8104e951b89b2328a32 — Jake Bauer 3 months ago 34443f7
Add FreeBSD NAS info
2 files changed, 102 insertions(+), 0 deletions(-)

M index.gmi
A sysadmin/freebsd-nas.gmi
M index.gmi => index.gmi +1 -0
@@ 30,6 30,7 @@
### Homelab

=> /sysadmin/openbsd-router.gmi OpenBSD Router
=> /sysadmin/freebsd-nas.gmi FreeBSD NAS

### JadeRune.net


A sysadmin/freebsd-nas.gmi => sysadmin/freebsd-nas.gmi +101 -0
@@ 0,0 1,101 @@
# FreeBSD NAS

## Hardware

The machine is a Dell Optiplex 3020MT with the following specs:

* CPU: i3-4150 @ 3.50GHz (2C/4T)
* RAM: 2+4GB DDR3
* Boot: Samsung 870 EVO 250GB SSD
* Storage: Mirror of Two HGST HDN726040ALE614 (4TB) HDDs

## Software

FreeBSD was installed to the system using ZFS on the boot drive. A zfs pool was created on the two hard drives with:

```zfs pool creation
zpool create -f -o ashift=12 -m /var/nas nas mirror /dev/ada1 /dev/ada2
```

Periodic maintenance is done by copying /etc/defaults/periodic.conf to /etc/periodic.conf and editing it to include regular ZFS status checking, a scrub every 7 days, and smartctl checking (requires the smartmontools package to be installed and `sysrc smartd_enable=YES`):

```/etc/periodic.conf
# 404.status-zfs
daily_status_zfs_enable="YES"                           # Check ZFS
daily_status_zfs_zpool_list_enable="YES"                # List ZFS pools

# 800.scrub-zfs
daily_scrub_zfs_enable="YES"
daily_scrub_zfs_pools=""                        # empty string selects all pools
daily_scrub_zfs_default_threshold="7"           # days between scrubs

# 900 Smart status
daily_status_smart_devices="/dev/ada0 /dev/ada1 /dev/ada2"
```

/etc/aliases was changed to point mails that would otherwise go to root to my personal email.

DMA from DragonflyBSD was installed to handle forwarding these status messages to my personal email from this machine (which is behind NAT on a residential network and therefore can't send its own emails). It was configured as follows:

```/usr/local/etc/dma/dma.conf
SMARTHOST mail.paritybit.ca
PORT 465
AUTHPATH /usr/local/etc/dma/auth.conf
SECURETRANSFER
MAILNAME mail.paritybit.ca
MASQUERADE no-reply@paritybit.ca
```

With the following in the auth.conf file:

```/usr/local/etc/dma/auth.conf
no-reply|mail.paritybit.ca:SUPERSECUREPASSWORD
```

### Samba

A Samba file server is used to distribute files. First, the latest samba package was installed, then the following configuration was placed in /usr/local/etc/smb4.conf:

```/usr/local/etc/smb4.conf
[global]
        workgroup = NASGROUP
        realm = nasgroup.local
        netbios name = NAS

[nas]
        path = /var/nas
        public = no
        writable = yes
        printable = no
        guest ok = no
        valid users = jbauer
```

This was followed by:

```
sysrc samba_server_enable=YES
system samba_server start
```

A system user with the same name as listed in "valid users" was created, and then `pdbedit -a -u jbauer` was used to enable the user for Samba.

### Tuning

Some tuning for performance was done. The following settings were set in /etc/sysctl.conf:

```sysctl.conf
kern.maxfiles=25600
kern.maxfilesperproc=16384
kern.inet.tcp.sendspace=65536
kern.inet.tcp.recvspace=65536
```

And the following settings were configured for the zfs pool:

```zfs pool settings
zfs set relatime=on nas
zfs set compression=lz4 nas
zfs set recordsize=1M nas
```