spalencsar/nas
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: Major v2.0.0 rewrite - Enterprise-grade NAS setup script

Browse Source 
🚀 BREAKING CHANGE: Complete rewrite to enterprise-grade standards

###  New Features:
- Enhanced input validation (IP, port, username, path)
- Automatic rollback mechanism on failures
- Comprehensive unit testing framework (50+ tests)
- Advanced logging with timestamps and levels
- Interactive configuration system with persistence
- Performance optimization suite (kernel, Docker, Samba)
- Advanced firewall configuration with monitoring
- System health monitoring and maintenance tools
- Multi-distribution support with version validation

### 🛡️ Security Enhancements:
- SSH hardening with security policies
- Rate limiting for critical services
- IP blocking/unblocking tools
- Intrusion detection capabilities
- Firewall monitoring with alerts
- Secure input sanitization

### 🔧 Architecture Improvements:
- Modular library structure
- Centralized configuration management
- Common functions separation
- Professional error handling with set -euo pipefail
- Signal handling for graceful shutdowns
- Resource cleanup mechanisms

### 📚 Documentation:
- Professional README with comprehensive guides
- Enhanced CONTRIBUTING.md with development standards
- Complete CHANGELOG.md with version history
- Troubleshooting guides and best practices

### 🧪 Testing & Quality:
- Unit tests for all critical functions
- Performance regression testing
- Multi-distribution integration testing
- Input validation testing
- Error scenario testing

This release transforms the script from a basic tool to a production-ready,
enterprise-grade NAS setup solution suitable for professional environments.
This commit is contained in:
Sebastian Palencsár
2025-06-17 10:57:46 +02:00
parent cf27011875
commit cb91166616
11 changed files with 3486 additions and 444 deletions
Download Patch File Download Diff File Expand all files Collapse all files

473
README.md
View File

@@ -1,207 +1,360 @@
# NAS Setup Script
# NAS Setup Script v2.0
An automated script for setting up a Network Attached Storage (NAS) system with various services across multiple Linux distributions.
A fully automated script for setting up a professional Network Attached Storage (NAS) system with advanced security features and comprehensive service integration across multiple Linux distributions.
## Legal Notice
## 🚀 New Features in v2.0
Copyright (c) 2025 Sebastian Palencsár
- **Enhanced Input Validation** with comprehensive error handling
- **Rollback Mechanism** for safe installation and recovery
- **Unit Tests** for critical functions
- **Performance Optimizations** and improved logging functionality
- **Interactive Configuration** with intelligent defaults
- **Automatic Dependency Checks** and installation
- **Advanced Firewall Configuration** with intrusion detection
- **Monitoring and Alerting** for system and security events
## 📋 Legal Notice
**Copyright (c) 2025 Sebastian Palencsár**
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
**Disclaimer:** This script is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose, and noninfringement. In no event shall the authors or copyright holders be liable for any claim, damages, or other liability, whether in an action of contract, tort, or otherwise, arising from, out of, or in connection with the software or the use or other dealings in the software.
## Supported Distributions
## 🖥️ Supported Distributions
- Ubuntu
- Debian
- Fedora
- Arch Linux
- openSUSE
| Distribution | Minimum Version | Status | Tested |
|--------------|----------------|--------|---------|
| Ubuntu | 20.04 LTS | ✅ Full Support | ✅ |
| Debian | 11 (Bullseye) | ✅ Full Support | ✅ |
| Fedora | 35+ | ✅ Full Support | ✅ |
| Arch Linux | Rolling | ✅ Full Support | ✅ |
| openSUSE | Leap 15.4+ | ✅ Full Support | ✅ |
## Features
## Features and Services
- Automatic Linux distribution detection
- Network configuration (static IP)
- Security setup (Fail2ban, Firewall)
- Docker installation and configuration
- Various services:
- Samba shares
- NFS
- Netdata (system monitoring)
- Vaultwarden (password manager)
- Jellyfin (media server)
- Portainer (Docker management)
### 🔧 Core System
- **Automatic Distribution Detection** with version validation
- **Network Configuration** (static IP, gateway, DNS)
- **SSH Hardening** with custom port and security policies
- **User Management** with sudo privileges
- **System Updates** and automatic security updates
## Prerequisites
### 🛡️ Security Features
- **UFW/Firewalld Configuration** with intelligent rules
- **Fail2ban Integration** for brute-force attack protection
- **Rate Limiting** for critical services
- **IP Blocking Tools** for manual security measures
- **Firewall Monitoring** with automatic alerts
- **Secure Shared Memory** implementation
- **Docker Content Trust** activation
- Supported Linux distribution
- Root access or sudo rights
- Active internet connection
- Minimum 2GB RAM
- Minimum 20GB free disk space
### 📁 File Sharing
- **Samba Configuration** with performance optimizations
- **NFS Server** for Unix/Linux clients
- **User-specific Shares** with access control
- **Time Machine Support** for macOS backups
## Installation
### 🐳 Container Platform
- **Docker Installation** with optimized configuration
- **Docker Compose** for multi-container applications
- **Portainer** for graphical container management
- **Secure Container Configuration** with best practices
1. Clone repository:
```bash
git clone https://github.com/noordjonge/nasscript.git
cd nasscript
```
### 📊 Monitoring and Management
- **Netdata** for real-time system monitoring
- **Jellyfin** media server for multimedia content
- **Vaultwarden** for secure password management
- **System Performance Tracking** with automatic reports
2. Make the script executable:
```bash
chmod +x src/setup.sh
```
3. Run the script:
```bash
sudo ./src/setup.sh
```
## Configuration
### Network
- Static IP address
- Gateway
- DNS server
### Security
- SSH port (default: 39000)
- Fail2ban
- Firewall rules
### Services
- Docker data directory
- Samba shares
- NFS exports
- Vaultwarden settings
- Jellyfin media paths
- Portainer configuration
## Directory Structure
```
nasscript/
├── LICENSE
├── README.md
└── src/
├── setup.sh
├── config/
│ └── defaults.sh
└── lib/
├── docker.sh
├── firewall.sh
├── internet.sh
├── jellyfin.sh
├── logging.sh
├── netdata.sh
├── network.sh
├── nfs.sh
├── portainer.sh
├── security.sh
├── unattended-upgrades.sh
└── vaultwarden.sh
```
## Usage
1. Run the script with root privileges
2. Follow the on-screen instructions
3. Configure network settings
4. Choose the services to install
5. Wait for the installation to complete
## System Requirements
## 🔧 System Requirements
### Minimum Hardware Requirements
- CPU: Dual-core processor
- RAM: 2GB minimum, 4GB recommended
- Storage: 20GB for system, additional storage for NAS
- Network: Gigabit Ethernet recommended
- **CPU:** Dual-core processor (x86_64/AMD64)
- **RAM:** 2GB minimum, 4GB recommended
- **Storage:** 20GB for system, additional storage for NAS data
- **Network:** Gigabit Ethernet recommended
### Software Requirements
- Clean installation of supported Linux distribution
- Fresh installation of a supported Linux distribution
- systemd-based system
- Internet connection for package downloads
- UEFI or BIOS boot system
- Root access or sudo privileges
- Active internet connection for package downloads
## Default Ports
- SSH: 39000 (customizable)
- Samba: 139, 445
- NFS: 2049
- Netdata: 19999
- Vaultwarden: 80
- Jellyfin: 8096
- Portainer: 9000
### Optional Requirements
- **ARM64 Support:** Partially available (experimental)
- **UEFI/BIOS:** Both supported
- **Hardware RAID:** Compatible with software RAID
## Security Features
- Automatic security updates
- Fail2ban integration
- UFW firewall configuration
- Docker content trust enabled
- Secure shared memory implementation
- SSH hardening
## 🚀 Installation
## Troubleshooting
Common issues and solutions:
1. Network Configuration
### 1. Clone Repository
```bash
# Check network status
ip addr show
# Verify network configuration
cat /etc/netplan/01-netcfg.yaml
git clone https://github.com/noordjonge/nasscript.git
cd nasscript/nas
```
2. Service Status
### 2. Make Script Executable
```bash
chmod +x setup.sh
```
### 3. Run Installation
```bash
sudo ./setup.sh
```
### 4. Run Unit Tests (Optional)
```bash
chmod +x tests/unit_tests.sh
./tests/unit_tests.sh
```
## ⚙️ Configuration
The script guides you through an interactive configuration:
### Network Settings
- **SSH Port:** Default 39000 (customizable)
- **Static IP:** Optionally configurable
- **Gateway and DNS:** Automatic detection with override capability
### Service Selection
- **Docker:** Container platform
- **NFS:** Network File System
- **Netdata:** System monitoring
- **Vaultwarden:** Password manager
- **Jellyfin:** Media server
- **Portainer:** Docker management
### Security Configuration
- **Firewall Rules:** Automatic based on selected services
- **Fail2ban:** Protection against brute-force attacks
- **Rate Limiting:** Protection against DoS attacks
## 📁 Directory Structure
```
nas/
├── setup.sh # Main installation script
├── config/
│ └── defaults.sh # Configuration variables and defaults
├── lib/
│ ├── common.sh # Common functions and validation
│ ├── logging.sh # Enhanced logging functionality
│ ├── network.sh # Network and SSH configuration
│ ├── firewall.sh # Firewall and security configuration
│ ├── docker.sh # Docker installation and configuration
│ ├── security.sh # Security measures and Fail2ban
│ ├── internet.sh # Internet connectivity checks
│ ├── nfs.sh # NFS server installation
│ ├── netdata.sh # Netdata monitoring installation
│ ├── vaultwarden.sh # Vaultwarden password manager
│ ├── jellyfin.sh # Jellyfin media server
│ ├── portainer.sh # Portainer Docker management
│ ├── unattended-upgrades.sh # Automatic system updates
│ └── performance.sh # Performance optimization
├── tests/
│ └── unit_tests.sh # Unit tests for critical functions
├── README.md # This documentation
├── LICENSE # MIT License
├── CHANGELOG.md # Change log
└── CONTRIBUTING.md # Contribution guidelines
```
## 🔗 Default Ports and Services
| Service | Port | Protocol | Description |
|---------|------|----------|-------------|
| SSH | 39000 | TCP | Secure Shell Access |
| Samba | 139, 445 | TCP | Windows File Sharing |
| Samba | 137, 138 | UDP | NetBIOS Name Service |
| NFS | 2049 | TCP | Network File System |
| Netdata | 19999 | TCP | System Monitoring |
| Jellyfin | 8096 | TCP | Media Server Web Interface |
| Jellyfin | 8920 | TCP | Media Server HTTPS |
| Jellyfin | 1900 | UDP | DLNA Discovery |
| Portainer | 9000 | TCP | Docker Management |
| Vaultwarden | 8080 | TCP | Password Manager |
| Docker API | 2375, 2376 | TCP | Docker Remote API |
## 🛡️ Security Features
### Advanced Firewall Configuration
- **UFW (Ubuntu/Debian/Arch):** Automatic rule configuration
- **Firewalld (Fedora/openSUSE):** Zone-based security
- **Rate Limiting:** Protection against DoS attacks
- **IP Blocking Tools:** Manual security measures
### Intrusion Detection
- **Fail2ban:** Automatic IP blocking for suspicious activities
- **Log Monitoring:** Real-time security event monitoring
- **Alert System:** Notifications for security incidents
### SSH Hardening
- **Custom Ports:** Reduction of automated attacks
- **Key-based Authentication:** SSH key support
- **Connection Limits:** Limiting concurrent connections
- **Root Login Prohibition:** Enhanced security
## 📊 Monitoring and Maintenance
### System Monitoring
```bash
# Netdata Dashboard
http://YOUR_NAS_IP:19999
# Check system status
sudo systemctl status nas-*
# Firewall status
sudo ufw status verbose # Ubuntu/Debian/Arch
sudo firewall-cmd --list-all # Fedora/openSUSE
# Check logs
sudo tail -f /var/log/nas_setup.log
sudo journalctl -f -u netdata
```
### Maintenance Commands
```bash
# Block IP address
sudo /usr/local/bin/block-ip 192.168.1.100
# Unblock IP address
sudo /usr/local/bin/unblock-ip 192.168.1.100
# Firewall monitoring
sudo systemctl status firewall-monitor
# System updates
sudo apt update && sudo apt upgrade # Ubuntu/Debian
sudo dnf update # Fedora
sudo pacman -Syu # Arch
sudo zypper update # openSUSE
```
## 🔄 Backup and Recovery
### Automatic Backups
- **Configuration Backups:** Automatically created before changes
- **Firewall Configuration:** Backed up in `/etc/firewall-backup/`
- **Service Configurations:** Timestamped backups
### Rollback Functionality
The script offers automatic rollback on errors:
```bash
# Rollback is automatically offered on errors
# Manual rollback execution possible via log files
```
### Data Backup Strategy
```bash
# Important directories for backup:
/etc/nas_setup.conf # Configuration
/var/log/nas_setup.log # Installation logs
/srv/samba/ # Samba shares
/opt/vaultwarden/ # Vaultwarden data
/var/lib/jellyfin/ # Jellyfin data
/opt/portainer/ # Portainer data
```
## 🐛 Troubleshooting
### Common Issues and Solutions
#### Network Issues
```bash
# Check network configuration
ip addr show
ip route show
cat /etc/netplan/01-netcfg.yaml # Ubuntu/Debian
cat /etc/sysconfig/network-scripts/ifcfg-* # Fedora/openSUSE
# Restart network services
sudo netplan apply # Ubuntu/Debian
sudo systemctl restart NetworkManager # Fedora/openSUSE
```
#### Service Issues
```bash
# Check service status
systemctl status docker
systemctl status jellyfin
systemctl status vaultwarden
sudo systemctl status docker
sudo systemctl status samba
sudo systemctl status nfs-server
sudo systemctl status netdata
# View service logs
sudo journalctl -u docker -f
sudo journalctl -u samba -f
```
3. Firewall Rules
#### Firewall Issues
```bash
# View firewall status
sudo ufw status
# Check specific port
sudo ufw status | grep 80
# UFW status and rules
sudo ufw status numbered
sudo ufw show raw
# Firewalld status and rules
sudo firewall-cmd --list-all-zones
sudo firewall-cmd --get-active-zones
```
## Backup Strategy
- Configuration files are automatically backed up before modifications
- Docker volumes should be backed up regularly
- User data requires separate backup strategy
- Recommended: Create periodic snapshots
#### Permission Issues
```bash
# Samba user status
sudo pdbedit -L
sudo smbpasswd -a username
## Contributing
# Fix file permissions
sudo chown -R username:username /srv/samba/shared/
sudo chmod -R 755 /srv/samba/shared/
```
## 🤝 Contributing
We welcome contributions to improve this project! Please read [CONTRIBUTING.md](CONTRIBUTING.md) for details.
### Development Workflow
1. Fork the repository
2. Create your feature branch (`git checkout -b feature/AmazingFeature`)
3. Commit your changes (`git commit -m 'Add some AmazingFeature'`)
4. Push to the branch (`git push origin feature/AmazingFeature`)
5. Open a Pull Request
2. Create feature branch (`git checkout -b feature/AmazingFeature`)
3. Commit changes (`git commit -m 'Add some AmazingFeature'`)
4. Push branch (`git push origin feature/AmazingFeature`)
5. Open Pull Request
## Support
### Code Standards
- **Bash Scripting:** Strict error handling (`set -euo pipefail`)
- **Documentation:** Comprehensive commenting
- **Testing:** Unit tests for new functions
- **Security:** Security review for all changes
If you encounter any issues or have questions, please:
## 📞 Support
1. Check the [Wiki](https://github.com/noordjonge/nasscript/wiki)
2. Search [existing issues](https://github.com/noordjonge/nasscript/issues)
3. Create a new issue if needed
### Community Support
1. [Browse Wiki](https://github.com/noordjonge/nasscript/wiki)
2. [Search existing issues](https://github.com/noordjonge/nasscript/issues)
3. Create new issue if needed
## Author
### Professional Support
For commercial support and custom solutions, contact the author.
Sebastian Palencsár
## 🏆 Acknowledgments
## License
- Thanks to all contributors of the open source project
- Inspired by best practices in NAS setup and administration
- Built with and for the open source community
- Special thanks to the maintainers of the packages and services used
## 📄 License
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
## Acknowledgments
## 👨‍💻 Author
- Thanks to all contributors
- Inspired by best practices in NAS setup and administration
- Built with and for the open source community
**Sebastian Palencsár**
- GitHub: [@noordjonge](https://github.com/noordjonge)
- Project Repository: [NAS Script](https://github.com/noordjonge/nasscript)
---
*Developed with ❤️ for the NAS community*