NAS home server setup

Why: The hardware determines the power efficiency, noise level, and future expandability of your NAS.

How:

• For a 'set-and-forget' experience, choose a 4-bay generic NAS enclosure with at least 4GB of RAM.
• For maximum flexibility and power, build a DIY NAS using a power-efficient CPU (e.g., Intel N100 or Core i3) and a case with multiple 3.5-inch drive bays.
• Ensure the system has a Gigabit Ethernet port (2.5GbE is preferred for 2025 standards).

Done when: Hardware platform is chosen and ordered.

Why: Using the wrong drive technology (SMR) in a NAS will lead to extreme performance drops and potential data loss during RAID rebuilds.

How:

• Look for drives explicitly labeled as CMR (Conventional Magnetic Recording).
• Avoid SMR (Shingled Magnetic Recording) drives for any RAID or ZFS setup.
• Buy at least two drives of the same capacity to allow for data redundancy (RAID 1 or ZFS Mirror).

Done when: At least two CMR hard drives are ready for installation.

Why: TrueNAS SCALE is the 2025 industry standard for DIY NAS, offering robust ZFS data integrity and Linux-based app support.

How:

• Download the latest TrueNAS SCALE ISO from the official website.
• Use a tool like BalenaEtcher or Rufus to flash the ISO onto a high-quality USB 3.0 stick.
• This USB stick will serve as your installation media.

Done when: Bootable USB drive with TrueNAS SCALE is ready.

Why: Proper physical assembly ensures cooling efficiency and prevents hardware failures.

How:

• Install the CPU, RAM, and storage drives into the chassis.
• Connect the NAS to your router via a Cat6 Ethernet cable (avoid Wi-Fi for servers).
• Ensure all cables are managed to allow for optimal airflow over the hard drives.

Done when: NAS is physically assembled and connected to power and network.

Why: The OS manages your data and provides the interface for all cloud services.

How:

• Plug the bootable USB into the NAS and boot from it via the BIOS.
• Select the internal SSD or a dedicated small drive as the installation destination (do not install on your storage HDDs).
• Follow the on-screen prompts to set an administrative password.

Done when: Installation is complete and the NAS reboots into the OS.

Why: A static IP ensures you can always find your NAS on the network without it changing unexpectedly.

How:

• Log into your router's web interface.
• Find the 'DHCP Reservations' or 'Static IP' section.
• Map the NAS's MAC address to a specific IP (e.g., 192.168.1.100).

Done when: NAS is accessible via a fixed IP address.

Why: ZFS pools provide the 'self-healing' capability that protects your data from silent corruption (bit rot).

How:

• Open the TrueNAS web UI in your browser.
• Go to 'Storage' -> 'Create Pool'.
• Select your CMR drives and choose Mirror (for 2 drives) or RAID-Z1 (for 3+ drives) for redundancy.

Done when: Storage pool is online and healthy.

Why: Datasets allow you to set individual quotas and permissions for different types of data (e.g., Photos, Backups).

How:

• Create a dataset named 'Media' and another named 'Backups'.
• Go to 'Shares' -> 'Windows Shares (SMB)' and add these datasets.
• Set permissions so your primary user account has full access.

Done when: NAS folders appear as network drives on your PC/Mac.

Why: Nextcloud provides a Google Drive-like interface for your files, including mobile sync and document editing.

How:

• Use the 'Apps' section in TrueNAS SCALE.
• Search for Nextcloud and click 'Install'.
• Map the Nextcloud data folder to the dataset you created earlier.

Done when: Nextcloud is running and accessible via the local network.

Why: Opening ports for your NAS is dangerous; a VPN like WireGuard provides a secure 'tunnel' into your home network.

How:

• Install the WireGuard app on TrueNAS or use Tailscale for a zero-config alternative.
• Generate a client config for your phone and laptop.
• Connect to the VPN when outside your home to access your NAS as if you were there.

Done when: Secure remote access is established without exposing the NAS to the public internet.

Why: 2FA prevents unauthorized access even if your password is compromised.

How:

• Go to 'User Settings' in the TrueNAS UI.
• Enable Two-Factor Authentication.
• Scan the QR code with an app like Google Authenticator or Ente Auth.

Done when: Login requires both a password and a timed code.

Why: Snapshots allow you to 'roll back' files to a previous state, providing instant protection against accidental deletion or ransomware.

How:

• Go to 'Data Protection' -> 'Periodic Snapshot Tasks'.
• Set a schedule (e.g., daily) and a retention period (e.g., keep for 2 weeks).
• Apply this to your most important datasets.

Done when: Automated snapshots are running daily.

Why: A local NAS is not a complete backup; you need one copy off-site to protect against fire, theft, or flood.

How:

• Set up a 'Cloud Sync Task' in TrueNAS.
• Use a provider like Backblaze B2 or Amazon S3 Glacier (generic S3-compatible storage).
• Encrypt the data before it leaves your NAS for maximum privacy.

Done when: Critical data is automatically synced to an encrypted off-site location.