Posts by Wek

  • What would be the best practice to give access to only a defined samba share remotely?

    chente I think you convinced me, about the pro and cons I will definitely look into this setup seems a much more easy process to manage external and new users.


    Especially because as an admin of the server I want to be out of the way of creating new user, explaining them how to use vpns\wireguard\tailscale and so forth, and let the less techy "admin" of the servers doing this things on their own, without risking they compromise everything.


    It sounds good :)

    Also I was afraid security wise about give access to the open especially concerning weak passwords made by users, but the 2FA would solve this issue.


    Thank you for the headsup, I tried back then to setup an nginx setup for this kind of stuff, but letsencrypt\cloudflare\domain names setup gave me an headache, hopefully is becoming more streightforward.

    Thank you a lot

  • What would be the best practice to give access to only a defined samba share remotely?

    chente mmmm doesn't this need to be also coupled with nginx and let's encrypt? to make it more secure? also how nextcloud would help me to have just some part of the samba shared and not the whole samba? I don't think nextcloud has user permissions etc. does it?

    Also it lacks the "protection" of sharing encrypted files like through a vpn (tailascale,wireguard) etc. or am I mistaken?

    kind regards for the reply :)

  • What would be the best practice to give access to only a defined samba share remotely?

    Hi I was wondering, what would be the best\easiest\most secure practice to share a defined samba share over the internet for external collaborators?

    I'm using omv primarly as a nas on a LAN, ultimately I will need to give access to files on a share to collaborators outside of my LAN, but maybe the way I'm thinking is not the best way, so I would like to know some suggestions.

    My first thought was to create a tailscale with my server in it and give access to the tailnet machine (omv) to the external users, so I could avoid setting up a bunch of services like nginx or similar, but then I realised I cannot find a way to give access to just that samba folder as a resource, I thought tailscale ACLs were more granular or I'm missing how to do it properly.

    From what I understood using tailscale on the omv server will expose all the services on the openmediavault server if I'm not mistkaen, instead I would like to keep ssh and all other stuff private and give WAN access only at that particular share.


    How can I achive this in the most clean\easy and secure way? any suggestion?

    I didn't went through the simple "wireguard" route, because as I said that would expose my whole lan to the external person connecting through the wireguard client.

    Instead I loved the idea of tailnet control on the machines connected as I want to be able to remove access easily to the external collaborators when the necessity arise.

    Main focus:

    • Let the external users access only that particular samba shares
    • Be an easy setup so to mitigate at a minimum any secuirty risk / attack vector
    • Grant or revoke access to the resource and be able to cut the user off when will not be required anymore throgh a Web GUI


    Any help\idea is much appreciated as I maybe overthinking it.

  • Is it safe to upgrade from 6.x to 7.x if omv is installed on top of debian 11? omv-salt stage run deploy report back only 1 error about quota

    HI all,

    I'm a little concerned about release-upgrading openmediavault from 6.x to 7.x, due to the fact that the origianl omv6 was built on top of an installation of debian 11 bullseye.

    as lsb_release -a shows

    Code
    ~# lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye


    Infact the main ssd is composed by 3 partitions:


    • main os
    • vm partition (docker and containers partition)
    • home partition (partition that contains the home directory of various users)

    here is the lsblk report (with the data raid as well)




    is it safe to do an omv-release-upgrade in this situation?

    Also another doubt

    Before proceding with the omv-release-upgrade, I did the command omv-salt stage run deploy to be sure everything was in check, it spit out only one error complaining about quota, but I cannot understand what the error it is nor how to fix it (if it is any that I should be worried about or fix).




    what is this error about? and is it safe to upgrade despite the error? how can I fix it?

    I hope someone more expert on this quota matter can help as I didn't find any documentation on how to fix it

  • How to create a raid0 hard disks already formatted in BTRFS with data already present in them?

    Hi I would like to have a suggestion on how to go about this:

    I have two hard drives in my OMV formatted already in BTRFS sdd and sde and mounted on the omv as single drives, I also modified the fstab and the config.xml to have them set also with defaults,autodefrag,compress-force=zstd:15,nofail tags for autodefragmentation and compression, one of them sdb has already 1tb of files in it.


    my question:


    is it possible to create a raid0 between them without loosing\formatting the data already in it?

    kind regars

  • Issues with udev and 99-openmediavault-scheduler.rules after upgrading to OMV6: Failed to write ATTR{/sys/devices/pci

    Hi,


    after upgrading to OMV6 I've got some bugs\issues\errors on the boot sequence, I basically ironed out all of them but this one.
    on boot I've got this errors msg constantly:

    Code
    systemd-udevd[346]: sdc: /etc/udev/rules.d/99-openmediavault-scheduler.rules:24 Failed to write ATTR{/sys/devices/pci0000:00/0000:00:02.2/0000:01:00.0/ata3/host2/target2:0:0/2:0:0:0/block/sdc/queue/scheduler}, ignoring: Invalid argument
systemd-udevd[344]: sdb: /etc/udev/rules.d/99-openmediavault-scheduler.rules:24 Failed to write ATTR{/sys/devices/pci0000:00/0000:00:02.2/0000:01:00.0/ata2/host1/target1:0:0/1:0:0:0/block/sdb/queue/scheduler}, ignoring: Invalid argument
systemd-udevd[336]: sdd: /etc/udev/rules.d/99-openmediavault-scheduler.rules:24 Failed to write ATTR{/sys/devices/pci0000:00/0000:00:02.2/0000:01:00.0/ata4/host3/target3:0:0/3:0:0:0/block/sdd/queue/scheduler}, ignoring: Invalid argument


    I thought was something funky with my pci, but I didn't find anything weird there:



    and finally this is the content of the openmediavault file referenced



    how can I solve this issue?

  • Omv 5 + Desktop Env = Media Server\Retro Gaming Station Suggestion

    mmmh I was thinking the same at the beginning, but I would like to emulate also the wii with dolphin and raspberry pi 4 with 8 gg are not powerful enough gpu wise to succesfully run most of the fun wii games like mario kart and so on.


    Also I was more of the idea to not buy anything new just use what I had around and not to have another node to upgrade\upload and take care in the network especially.


    I would love the portability of it though, but gpu wise...they are still bad.

  • Omv 5 + Desktop Env = Media Server\Retro Gaming Station Suggestion

    Hi I'm opening up this thread, to ask some suggestion an experiment with Omv5 as a Media Server that I would like to try.


    My intention:


    I have a beefy server at home that right now is just sitting in my closet used as a Backup\Nas with Omv5 installed on top of Debian Buster without a DE, what I was looking for is to experiment with it and give it the functionality of a media server\retro gaming station connected to the tv as well.


    Scenario:

    My server is in a closet of my house connected at a switch.

    My Smart tv is in another room of the house connected trough ethernet (I would like this to act as a "monitor" for the server in the closet.


    I already installed emby through docker and emby app on my smart tv and that's it for the media server ability.


    Now the last piece that I missed is to install on it retropie (as it works with x86 as well) to use the emulators and have the hdmi signal show through my tv to play with games\emulators and so forth.


    So my main idea was just to install a lightweight DE like xfce on the server, then install retropie on it as well and use and hdmi to ethernet extender to get the signal onto the Tv and call it the day.


    Now it rises the problem:


    • I know that have a DE is not the best thing on a server, so I was wondering is it better to run it on a docker?

    (in this situation I'm worried about performance, I don't think the docker instance can take full advantage of the graphics card installed in the server, I don't even know if it is possible or how to tell the docker container to make use of the hdmi extender for the Smart tv signal).


    • So here my idea to go ahead and install a proper desktop enviroment on the server itself and just proceed from there to have one less layer of abstraction, so to make use of the graphics card and the hdmi extender.
    • Any other more elegant solution that I didn't think of to achieve it?

  • [HowTo] WireGuard with OMV Super-Easy

    Quote from antsh

    Even though I was successful using this script in the past, I just wanted to put it out there that the guys at linuxserver released a docker container for wireguard that I helped verify works for omv 4 and 5 with normal and backport kernels. It has some nifty features like easily adding users and re-displaying QR codes if needed.

    yep I used the docker at first, but I'm having this weird issue with not being able to connect to internet with it but I can connect to my lan, same with the script, I was just playing around to see what was the culprit, but I got almost same result with both methods except maybe with the script a bit worse, I will try again totally manual on the host without script and if that doesn't work I will try again the docker

  • [HowTo] WireGuard with OMV Super-Easy

    Nope unfortunately changing dns doesn't work I tried even with google dns 8.8.8.8 doesn't work.


    Also when I switched back to the normal dns 10.13.13.2 on the android phone, it behaved even stranger, some apps where working like the youtube app whatsapp and so on, but not firefox nor gmail...


    mmmh it seems this docker container is making more trouble than what really needs to, I guess I will delete the container and try to install the proper wireguard on the host itself as ryecoaaron pointed out the package is into buster-backports, this way I hope I will delete the problem of dealing with dns requests not forwarded by the docker gateway correctly.

  • [HowTo] WireGuard with OMV Super-Easy

    Hi nick2k3 my phone wireguard config also seems fine:

    Code
    [Interface]
Address = 10.13.13.2
PrivateKey = xxxxxxxxxxxxx
ListenPort = 51820
DNS = 10.13.13.1

[Peer]
PublicKey = xxxxxxxxxxxx
Endpoint = mambojambo.duckdns.org:51820
AllowedIPs = 0.0.0.0/0, ::/0

    and ipv4 forward is also enabled:


    Code
    root@omv:~# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

    I don't know what else to think about.

    The only thing that I see strange is DNS = 10.13.13.1 on the config, because my normal intranet get dns by my isp through 192.168.1.1 but then again I guess wireguard creates another subnet so I guess is fine, so I'm out of ideas here.


    tinh_x7 thank you, I was more asking specifically about wireguard if it would be better to run directly on the machine instead of docker, because of all this issue the container is giving me, but whatever works it's ok, it's just strange that the lan works but not the wan, but as you can see the config seems fine.

  • [HowTo] WireGuard with OMV Super-Easy

    Hi I have the same issue of tinh_x7, wireguard is working fine to access the smb share of omv through my phone when connected to wireguard vpn, but I cannot access internet, use of firefox or other apps it says there is no internet connection.


    The config file of the server seems fine:



    My router is forwarded correctly (otherwise my phone would not work even to browse lan, as I tested it without using the wifi, but only cellular data).

    I'm using the docker container from linuxserver.


    Is it better at this point to discard, the container\docker way, go directly the debian way installing wireguard from the buster-backports and configure it manually instead?