All labs need a NAS for storage. Now we build a proper file server on our Proxmox system using Linux Containers. In Proxmox, we use CTs for this, so we can share the host’s ZFS file system. To manage shares and users using a web GUI, we install Cockpit, as well as some additional modules they have from 45 Drives to deal with Samba and NFS.
Because we already have a ZFS file system, we do not need to add another layer of file system or a virtual machine running TrueNAS Core or Scale. A real NAS has a few benefits, but in a small lab environment this is plenty good.

Using an underprivileged container is safe. The root UID is, 100000 and can't do anything (opposed to the privileged that can do anything, UID 0). Container memory can be limited to something, and we limit it to 512k and the disk 8G.

Set up an unprivileged CT

We will use the Debian 12 template for this build. On it, we install Cockpit without admin modules (Proxmox do the networking, and we do not need to do other things Cockpit can do). You can also use Cockpit to control other Servers.

You can run this setup without ZFS if you know what you are doing.

What are we using for the NAS

GUI is Cockpit, Samba for the server and CIFS or NFS for the networking.

Cockpit is a web-based graphical interface for servers, intended for everyone, beginner to expert. The Cockpit Web Console is extendable by modules from several companies.

About Samba

The standard Windows interoperability suite for Linux and Unix.

Since 1992, Samba has provided secure, stable and fast file and print services for all clients using the SMB/CIFS protocol, such as all versions of DOS and Windows, OS/2, Linux and many others.

Samba is an important component to seamlessly integrate Linux/Unix Servers and Desktops into Active Directory environments. It can function both as a domain controller or as a regular domain member.

SMB Ports Open on Firewall (133/TCP, 445/TCP and 137/UDP, 138/UDP)

Network File System (NFS)

NFS allows a system to share directories and files with others over a network. By using NFS, users and programs can access files on remote systems almost as if they were local files.

Some of the most notable benefits that NFS can provide are:

• Local workstations use less disk space because commonly used data can be stored on a single machine and still remain accessible to others over the network.
• There is no need for users to have separate home directories on every network machine. Home directories could be set up on the NFS server and made available throughout the network.
• Storage devices such as floppy disks, CD-ROM drives, and USB Thumb drives can be used by other machines on the network. This may reduce the number of removable media drives throughout the network.

Install Cockpit

Prepare the CT/VM for Samba and Cockpit

Set up an unprivileged CT with the Debian 12 template, 512k memory and 8G disk (we add data storage later). On it, we install Cockpit without admin modules

1. Download the Debian 12 Template (if it's not on your machine yet)
2. Create CT: with 2 cores, 512M memory and 8G disk Networking as you need.
3. Update the CT apt update && apt dist-upgrade -y
4. Install Cockpit and it's tools
5. Add data storage
6. Add groups
7. Add users
8. Add shares and set privileges
9. Test
10. Release to the family

apt update && apt dist-upgrade -y

Install Cockpit

If you intend to control other host too from this instance of Cockpit, you might like to install the full package. The Cockpit project home page, see what apps they have.

apt install cockpit --no-install-recommends

Then we need to allow root login to cockpit

Just remove root from this file and save‌

nano /etc/cockpit/disallowed-users

Test Cockpit

In your browser, open Cockpit https://<ct-ip>:9090. ‌‌
Language will default to your PC settings, change if needed.

Add an entry into your DNS

Install the Cockpit Extensions

We add the Extensions from 45 Drives GitHub repository. Find the .deb file and copy it and download with wget in the CT console.

Visit 45 Drives on GitHub. Check the files and proceed if you trust them. You should newer ever download files from the internet you don't trust.

Samba & NFS - File Sharing

A Cockpit plugin for managing Samba and NFS shares.

Check for latest version and copy the .deb link and download by wget.

wget https://github.com/45Drives/cockpit-file-sharing/releases/download/v3.3.4/cockpit-file-sharing_3.3.4-1focal_all.deb

File System Browser - Navigator

Featureful File System Browser for Cockpit - remotely browse, manage, edit, upload, and download files on your server through your web browser.

Check for latest version and copy the .deb link and download by wget.

As you did for File Sharing tool

wget https://github.com/45Drives/cockpit-navigator/releases/download/v0.5.10/cockpit-navigator_0.5.10-1focal_all.deb

User Management - Identities

User and group management plugin for Cockpit

Check for latest version and copy the .deb link and download by wget.

As you did for File Sharing tool

wget https://github.com/45Drives/cockpit-identities/releases/download/v0.1.12/cockpit-identities_0.1.12-1focal_all.deb

Install the 3 packages from local

apt install ./*.deb -y

Remove the installation files, they are no longer needed

rm *.deb

Configuring the NAS

Login to Cockpit https://<ct-ip>:9090.

Now we can start configuring our NAS. Cockpit have now 3 more tool in the overview section. And can set up our NAS storage (CIFS and NFS) and the groups with users and their privileges.

Add Storage to the CT

Go to Proxmox CT/Resources and add the storage for this NAS. For CTs, we can do this on the fly by Add Mountpoint. I have ZFS Pools on SSD and SAS drives.

I choose to add /srv/ssd with a quota of 50G and /srv/hdd with a quota of 2048G. You probably need something different and/or need some sub-folders.

User Management

We need to configure Samba and add the users and groups. Because Windows has its own hashing for passwords, we need to add every user/password twice, once for Linux/Unix systems and once for Windows.

Enter the passwords 2 times

Add Groups

Go to Overview/Identities/Groups and hit + to add a Group

I added ssd-user (strictly limited users) and nas-user (for the family).

You can add as many groups you need and can manage.

Add Users

Go to Overview/Identities/Users and hit + to add a User

Passwords need to have 1 lower- and 1 uppercase letter, 1 number, 1special character and at least 8 characters long but better to use 16-20.

I added my self and added me to the groups of nas-user and also to the ssd-user.

NOTE You need to have Login Shell set to /bin/bash to be able to login to Cockpit and use Navigator.

Now set the Samba password too!

For short unsafe passwords hit Apply twice.

You can later add the rest of the family. After you've tested, the NAS is working.

Configure Samba

Set the Global and the Share section and run testpatm -y in the Terminal to see if the config is valid or not. Overview/File Sharing/Samba:

Global

Give the Server a description and assign it to a Workgroup. Here you can adjust the log level (SambaWiki) and add Samba some Advanced Settings. If you run MacOS set the Global macOS Shares to on.

Here I added the inherit permissions = yes to see the UNIX form of set GID to make all files and subdirectories belong to the enclosing group. And the MacOS Shares is on.

Shares

Now add the storage you need and the sub-folders needed. Remember the privileges of them - don't create stuff nobody can access.

Remember not use the /home due to the fact that we only have a 8G disk.

Usage

Connect to the NAS and open your files. What I do is that I create the needed folders, like in this. That is then my test "drive".

Don't connect to your personal folder - the system disk is only 8G.

References

Cockpit ^[1] is a GUI for Servers with many features. It's great!
Samba ^[2]: is the work horse of storage all over the place. Samba is the standard Windows interoperability suite of programs for Linux and Unix.
Samba is serving many clients: Apple, Linux, Windows, Free BSD and Unix.
Network File System (NFS) ^[3] NFS allows a system to share directories and files with others over a network. By using NFS, users and programs can access files on remote systems almost as if they were local files.
See also this altenative solution. Ultra-lightweight NAS