Home network security – Part 3b: Turris Omnia as network-attached storage via Nextcloud · InfoSec Handbook

Banner image of Home network security – Part 3b: Turris Omnia as network-attached storage via Nextcloud

In this part of our home network security series, we will show you how you can use your Turris Omnia as network-attached storage (NAS) via Nextcloud. This is very useful since your data is kept within your home network. You can share files with your family members and other devices at home. There is no need for flash drives or online storage.

Compared with NAS via SMB, this option is easier to implement, however, the RAM usage is higher.

Always stay in the loop!
Subscribe to our RSS/Atom feeds.

Requirements

For this guide we need:

our Turris Omnia which is connected with our computer and the internet
an installed and empty mSATA drive (see part 3a for installation instructions)
an SSH client on our computer

Step by step to your NAS using Nextcloud

This time, we use the “Storage” module of Foris OS to format the mSATA drive and then install Nextcloud via LuCI and SSH.

Step 1: Format and set the mSATA

First of all, connect to your Turris Omnia using your web browser (e.g., https://192.168.1.1/foris/config/). Log in and go to “Storage”.

There should be a red warning message like “Device currently in use is … (internal flash)". Your mSATA drive should be selectable below (e.g., “sda”).

Select your device and click on “Format & Set”. After confirming this choice, your Omnia will format and set your drive and then reboot. Log in again and check whether your drive is in use now (see image below). The file system is “btrfs” this time.

An image showing the storage page of Foris OS. — Our mSATA drive after formatting and setting is as /srv location. (🔍 Zoom in)

Step 2: Download Nextcloud using LuCI

Now, we must download the Nextcloud packages. This option isn't available in Foris OS, but in LuCI. Reconnect to your Omnia using your web browser but select LuCI this time. Log in.

Go to System / Software
Search for “nextcloud”
Select “nextcloud” and “nextcloud-install” and download both packages

You can optionally set the idle mode as described in our previous article for your mSATA drive:

Go to Services / hd-idle
Enable hd-idle for “sda”
Save & Apply your settings
Go to System / Startup
Check whether “hd-idle” is enabled and running

Step 3: Install Nextcloud using SSH

You can log out of LuCI. We need an SSH connection for this step. Use the terminal on your computer and connect to your Omnia using SSH: ssh root@192.168.1.1 Use the password for “advanced administration” like configured in the first part of this series.

Start the installer by entering sudo nextcloud_install and then “YES”. There will be a lot of output regarding your database which we will configure in the next step. This is the easiest way to configure Nextcloud.

Choose a user as admin and enter a password for this user when prompted. The setup will finally show you the link of your Nextcloud instance and your credentials which you have just entered.

Step 4: Secure the database

After installing Nextcloud, we have to configure our database. Enter sudo /usr/bin/mysql_secure_installation while being still connected with your Omnia via SSH.

Confirm the initial password prompt with ENTER since we haven't set a password before. Then you can set the root password of the database. After that, you have to press “Y” several times:

Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

All done! Disconnect your terminal and close it.

Step 5: Open Nextcloud in your web browser

Open your web browser and enter https://192.168.1.1/nextcloud (change IP address accordingly). You should see your Nextcloud instance after entering your credentials set before (see image below).

An image showing the default page of Nextcloud. — Nextcloud is ready. (🔍 Zoom in)

Tips

Enable and enforce HTTPS (encryption of data in transit)
Enable encryption for data at rest for your Nextcloud instance (in Nextcloud's settings)
Check all settings of your Nextcloud instance for additional configuration and security tips
Keep in mind that users of the guest network of your Turris Omnia can't access your Nextcloud instance since they are in another VLAN!
If you want to access this Nextcloud instance remotely, use VPN! We will show you how to configure VPN in an upcoming article.

This article is part of the Home network security series.
Read other articles of this series.

Summary

Using Nextcloud has many benefits since you can use most of its features in your home network. However, compared with NAS via SMB it needs about 40 to 60% of Omnia's RAM.

The biggest advantage is that you don't have to trust any web provider. Your data is securely stored at home under your physical control.

Sources

Turris doc: Foris: Storage setting plugin^{external link}