DietPI as a NFS+SMB server BUT with a luks or encrypted partition to protect data

General Discussion
1

Hi all.

I would like to have a DietPI as a server for luks encrypted shares (or similar) being exposed by dietpi as a server.

I saw there are future plans to load encrypted remotes shares by means of dietpi-drive_manager.
see here

Seems there is no current support, but anyway I would like to validate the following plan:

  1. I can make a normal debian install (to be converted later to Dietpi using your script) to prepare a partition using luks (to store data) and mounting it at /etc/fstab as a /dev/mapper device

  2. In fact I can mount that partition manually after dietpi boots, but I want that partition be mounted and used by dietpi to serve nfs or smb shares.

  3. Is it necessary to make some startup scripts to unlock that partition and then be used by DietPI?

Thanks in advance for your advice and guidance to make some progress.

I do not want a “BIG” linux install just for a NFS+SMB Server

Best Regards.

Francisco

2

Best to my knowledge, you need to enter a password to be able to open the encrypted partition. Not sure if this is possible via script. Maybe this could give some hints how it might be possible How to auto mount LUKS device (encrypted partition) using fstab in Linux | GoLinuxCloud

First complete the DietPi install. Once done you can create the luks encrypted partition. Doing the other way around might not going to work, because out install script will remove all packages not part of DietPi initially :wink:

3

Thanks @Joulinar for your advice,

I went in the direction you recommended with important progress:

  1. Data partition luks encrypted and mounted on boot.
  2. diepi-drive_manager identified luks mounted partition (sda2)
/mnt/storage                              : /dev/mapper/lukssda2 | ext4 | Capacity: 37.1G | Used: 44.6M (0%)

but also reports

/mnt/f0e0a537-ee66-4239-a992-be66aa07f64b : /dev/sda2 | crypto_LUKS | Not mounted
/tmp/lukssda2                             : /dev/lukssda2 | No filesystem / format required

  1. Installed nfs server using dietpi-software.

  2. changed /etc/exports.d/dietpi.exports mount point to /mnt/storage/nfs_shares

  3. From other dietpi install using dietpi-drive_manager remote nfs share is mounted successfully.

  4. I have problems mounting that remote share from other linux install (slackware 15) in
    my case due to permission or uid + guid mapping problems.

I got this message:

mount.nfs: access denied by server while mounting 192.168.X.Y:/mnt/storage/nfs_shares

see nfs share is “available”:

showmount -e 192.168.X.Y
Export list for 192.168.X.Y:
/mnt/storage/nfs_Shares *

I tried changing mount options in client with no sucess. Any hint or advice at this point is appreciated.

Thanks in advance.

Francisco

4

for testing and to exclude something related to disc encryption, change NFS server export to something on local storage like /mnt and try to mount on your slackware system.