Login

u/bfenski

NASty v0.0.6
▲ 12 r/bcachefs

NASty v0.0.6

NASty is a NAS operating system built on NixOS and bcachefs. It turns commodity hardware into a storage appliance serving NFS, SMB, iSCSI, and NVMe-oF — managed from a single web UI, updated atomically, and rolled back when things go sideways.

Highlights of 0.0.6:

  • OIDC / Single Sign-On — Log in with Google, Authentik, Keycloak, or any OIDC provider. Configure from Access Control → Identity Providers.

  • Security hardening pass — Browser sessions moved to httpOnly cookies, per-IP login rate-limit with persisted lockouts, WebSocket origin validation, gated WS endpoints, legacy ?token= URL auth removed, tightened HTTP security headers, {@html} XSS sinks killed, compose deploys sandboxed, NFS exports hardened, secret files locked down.

  • Network bridges — Linux bridges as a virtual switch for VMs (and apps), composable with bonds and VLANs (closes #27).

  • MTU configuration — Configurable MTU on physical interfaces, bonds, bridges, and VLANs from the WebUI — including jumbo frames (9000) for SMB / NFS workloads (closes #62).

  • Filesystem wizard upgrades — Drive model / serial / vendor / transport on the disk picker, usable-capacity estimate that matches the filesystems list, and a summary line on the filesystem card showing device count, erasure coding, and encryption.

  • Apps allow_unsafe escape hatch — Deploy compose stacks (or simple apps) that need privileged options with explicit user opt-in, surfaced in the deploy form and app list. Internal port now editable on Apps.

  • Background alert evaluation — Alerts fire from the engine's background notifier instead of waiting for a browser to be connected.

  • Test & CI footprint — fmt / clippy / svelte-check / test gates in CI, pinned Rust toolchain, integration nixosTest that drives JSON-RPC over the appliance, bcachefs smoke test, and unit tests across JSON-RPC framing, alert evaluation, sharing config, storage parsers, update rollback, the WebSocket client, the toast queue, and IO history.

  • Dependency refresh — rusqlite 0.34 → 0.39, openidconnect 3 → 4, vitest 3 → 4, plus major bumps to sha2 / rand / x509-parser / bollard / reqwest, nixpkgs to 549bd84 (2026-05-05), and bcachefs-tools to v1.38.2.

  • Smaller polish — SSH banner is now dismissible and renamed to "Configure SSH", banner buttons actually navigate, VM-detect loop fix, audit log rotation fix, dead nft -f - spawn removed.

github.com
u/bfenski — 5 days ago
▲ 12 r/bcachefs

NASty is a NAS operating system built on NixOS and bcachefs. It turns commodity hardware into a storage appliance serving NFS, SMB, iSCSI, and NVMe-oF — managed from a single web UI, updated atomically, and rolled back when things go sideways.

Highlights of 0.0.5:

  • Backup system — Deduplicating, encrypted backups via rustic_core library. Local, S3, SFTP, REST, and B2 targets. Scheduled backups with retention policies. Backup Server (restic REST) as a managed service for NASty-to-NASty backups.

  • Sidebar reorganization — 15 flat menu items collapsed into groups (Storage, Sharing, Protection, Compute, System) with collapsible sections and a search bar for quick navigation.

  • Log viewer — Dedicated Logs page with real-time streaming (follow mode), server-side grep, and client-side search/filter.

  • Notifications — SMTP, Telegram, Webhook, ntfy, and Signal notification channels with test-before-save.

  • Networking — Multi-interface support with per-interface IPv4/IPv6, dynamic nftables firewall with per-service source restrictions, bonds and VLANs.

  • SMB Groups — Group-based share permissions via @groupname, inline user/group creation in share wizard.

  • Services Page — Unified page with per-service Configure panels: NFS, SMB, iSCSI, NVMe-oF, UPS, SSH, Docker, Backup Server.

  • Boot Reliability — Device wait with udevadm settle before mounting, critical alerts on mount failure.

  • ARM Support - ISO for aarch64 is now included.

And obviously bunch of bugfixes and some refactors to make future development easier. Also that's probably last BIG reorg release. Things should now start stabilizing.

Enjoy!

u/bfenski — 12 days ago
▲ 19 r/bcachefs

NASty is a NAS operating system built on NixOS and bcachefs. It turns commodity hardware into a storage appliance serving NFS, SMB, iSCSI, and NVMe-oF — managed from a single web UI, updated atomically, and rolled back when things go sideways.

Highlights of 0.0.4:

Docker Apps

The apps runtime has been rewritten. Deploy single containers or paste a docker-compose.yml with syntax highlighting, port conflict detection, and live deploy output. Apps are automatically accessible through the built-in reverse proxy — no firewall changes needed.

bcachefs 1.38

Full compatibility with bcachefs 1.38. Per-subvolume options (data_replicas, compression, tiering targets) are now visible in the WebUI. New dataReplicas StorageClass parameter lets the CSI driver create volumes with reduced replication for expendable data.

Quality of Life

  • Global progress indicator for all operations
  • File preview and download in the file browser
  • nasty-top TUI for live bcachefs monitoring
  • Audit logging for all mutations
  • Firmware update support via fwupd
github.com
u/bfenski — 22 days ago