1
0
Fork
You've already forked linas
0
Network Attached Storage based on Debian and Ansible. https://serverless.industries/2026/01/10/selfmade-nas.en.html
Find a file
2026年01月23日 00:05:34 +01:00
play-nas.yml manage ssh daemon as well 2026年01月22日 23:55:00 +01:00
README.md more readme 2026年01月23日 00:05:34 +01:00

LiNAS

Network Attached Storage based on Debian and Ansible.

This is a Linux based file server offering files via different protocols like HTTPS, Samba and NFS. Powered by Debian Linux and Ansible.

Features

  • Posix ACLs
  • NFS
  • Samba (SMB3 with account only, no anonymous access)
  • HTTPS (fancy index, JSON, XML listings)
  • WebDAV (same URL like fancy index but account required, just use a WebDAV Client)
  • SSH (Allow login for specific NAS users)
  • One read-only and read-write group per file share

Status

Alpha. Just a playbook, no role or so.

Looking for feedback.

I use it productively in my private homelab, but be careful.

Install

  • Install Debian Trixie
  • Ensure proper hostname + domain/fqdn for snakeoil certificate generation
  • Setup Storage (I use ext4 on a mdadm soft RAID)
  • Adjust settings in Playbook
  • Execute Playbook
  • Ensure that your admin user is in sshlogin group
  • Set passwords for users via passwd and smbpasswd

Have fun!

FAQ

Why no anonymous WebDAV/Samba?

Microsoft has disabled "insecure Guest Login" for Samba. So on a default Windows (it cam be reactivated) it does not work anymore. So just use real accounts or the guest user.

WebDAV behaves the same for traceability.

(SSH also requires a password, so now all three protocols bahave the same. Which is nice IMHO.)

Why NGINX and Apache2?

Well, I started with NGINX because of personal preference and then got stuck with the fact that files created by NGINX via WebDAV will not get the Posix ACLs assigned. So I added a very minimal internal Apache2 which handles all WebDAV operations.

If NGINX will stay is still unclear, maybe I will do everything with Apache2 in the future.

Changelog

Release 0.3

  • SSH: Restrict Login via sshlogin group (Be careful, NAS users will not have sudo permissions, ensure that your admin account is able to login! Root is possible with a key. Or create a admin user and add it to sudo group.)

Release 0.2

  • Option to change to a different TLS certificate
  • Public access via guest account (you have to set passwords with passwd and smbpasswd)
  • WebDAV Support via proxied Apache2
  • Samba: Disable public access, as not supported in Windows 11 anymore, use guest user
  • Samba: Fix unix permissions and ACLs translation
  • HTTPS: Show capabilities on share names
  • HTTPS: Make start page more fancy