One of my first projects this year is Crosswinds – both acting as my first foray into homelabbing, as well as an interesting project to explore the front-end side of web development (as a primarily back-end focused person).
Simply put, this will be my NAS (Network Attached Storage) server, accessible by friends & family. The current configuration is:
Xeon E3-1270 V2 CPU X9SCM-F Intel C204 Motherboard CM Hyper 212 CPU Cooler be quiet! U9 400W PSU (80+ Bronze) 8GB DDR3 ECC RAM
It will all be bundled up into a Fractal Designs Define R5 tower, powering an array of 6TB WD Red drives, totalling ( for now) 36TB of storage. Not counting the drives, the setup cost me about $400 after tax & shipping – including extra cables and a PCI-e to SATA expansion card.
There were a couple items I could have gotten slightly cheaper if I was more patient, but overall, I am happy enough with the build. I am in the process of building an off-site backup as well, but I am taking my time to get the best deals possible on the parts. In addition, it will be much lower specced as it will only need to power up once daily, run a sync script, then go back to sleep.
Currently, the plan is to run unRAID as the OS as it seems fairly feature-rich, covering all the necessities for my server with an inexpensive, lifetime license (aside: It speaks volumes when I have to double-check if a license is subscription-based or not these days; I tend to assume everything is a payment plan. Quite elated to see a one-time payment.)
That’s the hardware side of things. Crosswinds is a little more than that, though – it will include a web app frontend for accessibility.
I have a few motivations for Crosswinds.
I do not wish to have all my work so tightly wound into the Google infrastructure. GDocs alone contains 99% of things I keep written down, and tends to be the first spot I go when writing up anything. If I ever lost access to the account, for whatever reason, I would be in an unfortunate position.
I want access to my work in unreliable situations. Whether offline or server issues, having the ability to access everything without hassle during unreliable situations is a huge benefit.
Learning! I’m sure there are battle-tested, feature-rich, open-source solutions that solve my problem. That said, I wanted a useful project to get into homelabbing as well as learning auth with modern JS frameworks. Seems like a great use case, to me!
The three primary features I aim to support:
Simple, fast, unlimited* upload and downloads of files. Everything should be intuitive and simple; no fuss, no need for complexity. It’s just drag n’ drop files. Click and download. No one should need an explanation on how to use it.
Quick Share Links: it should be very easy to share files via link. No ads, no limited speed, no login required to download.
Public Directory: when my family is sharing various photos, it’s usually easier to copy a USB drive on everyone’s computer during a family gathering than to download hundreds of photos from Facebook. This can be simplified with a simple, public directory where everyone can share files.
Some thoughts on issues I may face:
Unintentionally malicious files: obviously all the directories are read/write only, no execution. Strelka looks like something I might want to investigate more?
Outside Attacks: standard server hardening practices; hard rate limits, jail IP’s on failed attempts, strict firewall, https only…
Accidental Deletion: Crosswinds isn’t the backup, that’s what the second server is for. I intend on using it as a
working directoryfor various things, similar to how I use Google Docs now. Deleted files should be ‘marked’ for deletion, hidden, then cleaned up in a job queue at the end of the day.
Link Overshare: if a link is accidentally released to the Internet, and I’m getting too many downloads, the link should be forcefully expired by the server. Now, how many is this? Hard to say. This is mostly an ‘internal’ service, so there’s little chance to see more than a handful of downloads on a single share. Probably look at a lax limit early on, and aggressively limit if it becomes an issue.
Account Security: username + password is the intended login strategy; simple, no frills. That said, I want to add an optional 2FA strategy (particularly for myself), as I try not to use any service without proper 2FA (stop using text messages, argh!).
I’m sure there will be plenty more, but I will dig into them in detail as they actually come up in the coming weeks!