Repurposing my PC as a media and backup server

I think I would be happy to start again if I’ve done things that would cause issue in the future.

I’m running Plex, Transmission, NextCloud, Wireguard and PiHole.

My ideal situation is to use
1 NVME for OS

1 NVME for Transmission

Multiple HDDs for media and NextCloud storage with some sort of redundancy.

With the ability to add HDDs in the future to expand the storage.

Initially I thought RAID-5 was easily expandable, but it seems that isn’t the case.

LVM looks fantastic for easily adding drives and extending storage - However, that seems to offer no redundancy; I’ve got quite a large Physical Media collection that I’d like to digitise, so I’d hate to have to do it more than once if there was a HDD failure.

If you want a Debian based server I suggest giving a try to Openmediavault. Much lighter than Ubuntu and makes it easier to manage with a decent web GUI.
If you want to follow the de-facto standard for home NAS, Truenas Core (was called Freenas, just changed name due to project merge) is what most are running. Good web GUI to interact with it and lots of plugins to do everything you mentioned.

Using Truenas you can boot off of a USB stick and reclaim 500GB of storage to use for anything you want.

You’ll need to enter the decryption key if you encrypt the whole drive. If you’re just encrypting the Nextcloud backup the data will be decrypted when you input the password to log into your istance.

There’s a setting into the Nextcloud GUI to enable encryption so you can just follow that procedure.

I have took a look into TrueNas and it actually does look like a good solution for me.

It seems that it is easy to add extra HDD’s later down the line to be able to expand the pool to store more media - Is that correct?

I will have a large media collection that isn’t essential in being backed up - However, everything I store on NextCloud (Around 1TB) I will want to be backed up off site on another system.

What would be the best way to do this? Would it be to take a Snapshot of the Nextcloud data pool? Then if so, how would I get this to the other system?

Sorry, never used TrueNas before so it’s quite new to me.

There has also now been a change of plan as I am able to move to a larger chassis, one which I can use my BluRay drive in.

So I’d also like to rip some of my new BluRays and I’m under the impression is be able to do this in TrueNas by using a VM?

Never used a VM before.

Not necessarily, although this unlock via ssh is a common/popular setup.

This is all customizable, through initramfs and crypttab, and there’s various documented common setups.

Basically, because luks/cryptsetup allows managing multiple key slots for each volume, you can have a lot of flexibility over how you manage these keys. You can add/remove additional passwords and none of this requires re encrypting or rewriting data.

For example, if reboots are a concern, you could keep a password(key) on a flash stick that is read automatically on boot, such that it will unlock spinning HDDs and NVMe drives.

That will still allow you to discard dead/semi broken disks safely, without the risk of leaking data in case drives come back to life after being powered off for a while or after being moved or in case the drive is ever miraculously repaired, but it will not impede your reboots.

In case your flash stick with a password dies or the data is corrupted, you could leave yourself one or more additional ssh password entry backdoors, that let you type-in a key.

Obviously, if someone breaks in and steals both the encrypted drives and the flash stick and knows what they’re doing - then the data you’ve been storing will be compromised. Because, they can boot up without having you ssh in.

You could also come up with other schemes/set up keys with limited lifespan, etc etc, ssh + flash stick approaches are the most popular however. Some folks use TPMs as well.

Also, in general, the kernel has a keyring that luks/cryptsetup can use, so that if you have a setup with multiple encrypted disks and ssh, you typically only need to type in a key once for multiple devices.

Also, lots of people just use an ssh client on their phones to unlock their servers after a reboot, and typically the way this ssh is setup is that you identify with a private/public ecdsa key, but instead of being logged into some temporary environment with a shell, you just get a password prompt and are disconnected as soon as you enter a password.

I can’t argue with the accuracy and precision of all these informations, thanks for having added to what I said!

I was referring to the default behaviour of an encrypted disk and, because I never used or think of all those methods, I didn’t mention all the possible ways to unlock it without having to input the password every reboot.

I’m going to go with TrueNas as it seems to offer everything I’m after.

Just got a Bitfenix Prodigy ITX case in the mail along with 1x 4TB WD Red.

Currently backing up the media on my RAID-5 array onto an external 2TB drive.

Hopefully by the end of the week I’ll be up and running with TrueNaa and the 4TB drive for media storage, until I can afford another for RAID-1

I’m also on the lookout for deals for some ECC RAM. Currently I have 16GB of Corsair 3600mhz but I’ve read that ECC is much better, if not essential for TrueNas. However, the only sticks I can afford of ECC are 2133mhz. A lot slower than what I have now.

Would it be just plug and play when I do get the ECC? So remove my standard DDR4 and then replace it with ECC - Or will TrueNas require a fresh install?

I plan on installing TrueNAS on an NVME. Am I correct that any jail’s do NOT install onto the OS drive?