Skip to content

khoe-cloud/khoe-nas

Repository files navigation

Khoe NAS

Docs

The mission of this project is to offer essential data privacy and security by making self-hosting basic services really simple and secure. Those services are:

  1. Network attached storage
  2. Encrypted offsite backup
  3. System recovery with a USB 'key'
  4. General encryption
  5. Polished, unified and simple web frontend
  6. VPN to access your cloud while on the road (?)

1 and 2 are working. 3 is partially done. 4, 5 and 6 are not done yet.

The goal is to make setup and usage of those services as non-technical and convenient as feasible. And as such it naturally comes with some restrictions to keep the users safe and combobulated but also with default options that just work. It's really important to strike the right balance between security and convenience. My hope is the community will inform these decisions as the project evolves.

Right now the project is at an early stage and is not yet suited for end users or recommended for production. Many design decisions are open for discussion. The ideal early adopter is an enthusiast with some knowledge of Linux systems, SSH, Ansible, Samba, GnuPG, etc. Khoe uses Ansible to set up and maintain a personal cloud server.

The UI still is command line only but working well. If you've entered some commands in Bash before, you'll manage. We're hoping for feedback, info about your use cases, what you like and what's missing for you, suggestions how to make it easier to use and of course contributions, be that code or bug reports or help with documentation. Questions are welcome too!

If you encounter any problems please open an issue.

Features (and some technical info)

  • Open-source, duh.
  • Hardware independent, e.g. use an old laptop or an ARM single board computer. If it can run Linux it probably can run Khoe.
  • Configuration-free
  • Concise command line API, which abstracts away the complexities of the underlying tools like Samba, GnuPG, Duplicity, eCryptFS and so on.
  • Automatic GnuPG encryption key creation for each user.
  • Network shares are visible in network browsers (except Windows 10).
  • Network shares are Apple Time Machine compatible.
  • Share permissions are backed by actual Linux users and file system permissions (soon: and support simple multi-user file sharing.)
  • Simple setup of backup profiles for network shares using Duply/Duplicity.
    • Easy configuration of remote backup destination for a backup profile.
    • Easy setup of cron jobs for automated backups.
    • Multiple backup profiles with individual file lists possible per share
  • Disaster recovery of users and their setups from encrypted data on a USB key. Key may be FAT32 for additional storage use.
  • Easy mounting of removable drives.

Operation

Standard administration of a Khoe server is currently performed by executing ansible-playbook commands logged-in as user khoe on the server. (This will be replaced with a web frontend.)

Quick start: the following command will create a user with default options.

ansible-playbook playbooks/user.yml -e task=create -e username=example1 -"e password='1234'"

Creating a user with Khoe also creates

  • a GPG primary key pair and an encryption key pair
  • a Samba share (NAS)
  • a Duply backup profile for the Samba share

A share can either be created in the users home directory on the boot drive (default) or on a removable drive by specifying a disk label. The share paths are created programmatically from disk label, username and share name and may not be explicitly specified.
To use existing data with a Khoe share see Data Import and Migration.
Backup profiles are bound to share directories, since the only way a standard user interacts with Khoe is via Samba shares. (future: likely also restricted rsync.)
For offsite backups to storage platforms like DigitalOcean Places you need to create an account there and enter the credentials as described in remotename.

See Commands for in-depth usage documentation.

Installation

Prerequisites

  • A Ubuntu Server 18.04 LTS install. A fresh install is recommended.
  • Create a standard user with username khoe.

If you want Khoe running on different distros, PRs are welcome of course. But presently only Ubuntu and Armbian (Ubuntu) are supported. Debian is under consideration, PRs for it would be very welcome.

Connecting to the server

To connect to the server using its hostname you'll want to add it to your local DNS and give it a static IP if you can, i.e. on your router. You may need to consult the documentation for your router. Otherwise use IP address assigned by your DHCP server to log in and also connect shares.

The following assumes khoe.lan as the server's domain name in the local network. Substitute it with what you're using.

SSH

To get your ssh keys on the server, if not done during Ubuntu install. On your computer do the following. Or if you don't have ssh-copy-id: see this.

ssh-copy-id -i ~/.ssh/id_rsa.pub khoe@khoe.lan

Log in to server

ssh khoe@khoe.lan

Get Khoe

git clone https://github.com/khoe-cloud/khoe-nas.git khoe-nas \
&& cd khoe-nas \
&& ./install.sh

Then enter khoe user's password once, when sudo asks for it.

install.sh sets up passwordless sudo for the khoe user, installs Ansible and then uses ansible-playbook to set up the server software. After that the system packages are upgraded and the server will reboot if needed. The process will take a few minutes.

After that you should re-login.