Seedbox and NAS on Raspberry Pi 4
With rtorrent, OpenMediaVault and Mullvad VPN

• Raspberry Pi 4
• Flirc case (Argon Neo as an alternative).
• Yottamaster PS500U3-SV5 HDD enclosure with UASP. We want an enclosure without built-in hardware raid. This enclosure supports 5x 8TB 3.5" HDD SATA 6 Gbps drives through single USB3.0 cable (= 5Gbps transmission) to our Rpi4. Enclosure comes with a 12V 6.5A power supply, which is needed to spin our 3.5" HDDs.

• Western Digital Red NAS 3.5" HDDs

• Kingston SA400 SATAIII SSD 2.5 Inch 120 GB (SA400S37)
• SATA 3 to USB-3 adapter with UASP (All You Need to Know About UASP). Check that UASP is enabled. Also make sure you choose a rpi4 compatible USB adapter.³

• Why Flirc case?
• With Flirc we want to ensure the temperature stays below 80 °C; otherwise CPU clock speed is throttled from the standard 1,5 GHz down to 600 MHz.
• We want the most effective, silent, passive cooling solution as this box will be on prominent place in living room. Bonus points for Flirc: it is also stylished.
• Installation instructions for Flirc case.

• Attach the enclosure's USB-cable into one of the two of RPI4's blue usb-3 ports.
• Attach the HDDs (I have 5) to trays and slide them in to enclosure and power it up.

• Install Etcher: https://etcher.io/
• With it, write minimal Raspberry Pi OS Lite on the SD card.
• To find a suitable SD-card, run a speed test for the card.
• Plug in the external SSD into usb3-port (blue colored) and Micro SD into SD-slot and boot up the Pi by attaching usb-c power cord in it. See: Setup raspberry.
• Raspberry starts when power cord is attached. Let it boot, then check its IP from router.
• Change Raspberry's IP to static by logging in to your Asus RT-N66U router: http://10.0.1.1/Main_Login.asp and go to: LAN, DHCP Server: Enable Manual Assignment: Yes.
• Select raspberrypi from the client's list and bind it to: 10.0.1.240 ⁴.
• Once done, ssh into rpi4: $ ssh pi@10.0.1.240 pass: raspberry.

The authenticity of host '10.0.1.240 (10.0.1.240)' can't be established.
ECDSA key fingerprint is SHA256:l/LA0mZ8187cXSazV5b1nNvzRws6+5KfVAm5EJhrCgY.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.0.1.240' (ECDSA) to the list of known hosts.
pi@10.0.1.240's password:

Update [2021-09-05 Sun]: below is no longer needed as with this fix eee-prom is now capable of booting fully though USB. See e.g. this video on how to do it.

Raspberry Pi 4 booting off of SDD has Positive performance gains.

• First, list all partitions:

$ sudo fdisk -l

• Seeing our external SSD has partition table at /dev/sda we launch fdisk like so:

$ sudo fdisk /dev/sda

Delete any existing partitions and write a new primary partition to SSD:

Welcome to fdisk (util-linux 2.33.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Command (m for help): p
Disk /dev/sda: 111.8 GiB, 120034123776 bytes, 234441648 sectors
Disk model: ASM105x
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 33553920 bytes
Disklabel type: dos
Disk identifier: 0x6c586e13

Device     Boot  Start     End Sectors  Size Id Type
/dev/sda1         8192  532479  524288  256M  c W95 FAT32 (LBA)
/dev/sda2       532480 4390911 3858432  1.9G 83 Linux

Command (m for help): d
Partition number (1,2, default 2): 2

Partition 2 has been deleted.

Command (m for help): d
Selected partition 1
Partition 1 has been deleted.

Command (m for help): p

Disk /dev/sda: 111.8 GiB, 120034123776 bytes, 234441648 sectors
Disk model: ASM105x
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 33553920 bytes
Disklabel type: dos
Disk identifier: 0x6c586e13

Command (m for help): n
Partition type
   p   primary (0 primary, 0 extended, 4 free)
   e   extended (container for logical partitions)
Select (default p): p
Partition number (1-4, default 1): 1
First sector (65535-234441647, default 65535):
Last sector, +/-sectors or +/-size{K,M,G,T,P} (65535-234441647, default 234441647):

Created a new partition 1 of type 'Linux' and of size 111.8 GiB.

Command (m for help): w
The partition table has been altered.
Failed to remove partition 1 from system: Device or resource busy
Failed to add partition 1 to system: Device or resource busy

The kernel still uses the old partitions. The new table will be used at the next reboot.
Syncing disks.

pi@raspberrypi:~ $ sudo reboot

As I'm getting above an error:

Failed to remove partition 1 from system: Device or resource busy
Failed to add partition 1 to system: Device or resource busy

• I can workaround it by rebooting the rpi4. Otherwise, I can continue by formatting the partition for ext4 file format:

$ sudo mkfs.ext4 /dev/sda1

mke2fs 1.44.5 (15-Dec-2018)
Creating filesystem with 29297014 4k blocks and 7331840 inodes
Filesystem UUID: 34b431e6-5776-4387-be44-1a42b30f244c
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
        4096000, 7962624, 11239424, 20480000, 23887872

Allocating group tables: done
Writing inode tables: done
Creating journal (131072 blocks): done
Writing superblocks and filesystem accounting information: done

• Create a new directory called /media/newdrive, which you will use to mount your external drive:

$ sudo mkdir /media/newdrive

• Mount the new partition as /media/newdrive. Note that your partition name will be /dev/sda1, rather than just /dev/sda:

$ sudo mount /dev/sda1 /media/newdrive

• Copy all the files from your root directory:

$ sudo rsync -avx / /media/newdrive

• Open the /boot/cmdline.txt file for editing:

$ sudo nano /boot/cmdline.txt

Contents of cmdline.txt should be something like:

console=serial0,115200 console=tty1 root=PARTUUID=6c586e13-02 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait

• Replace root=PARTUUID=6c586e13-02 with root=/dev/sda1 so it becomes:

console=serial0,115200 console=tty1 root=/dev/sda1 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait

• Save the changes by hitting ctrl-w and then y. If I check now where the root partition is loaded from, it should be from the SD-card:

$ findmnt -n -o SOURCE /

/dev/mmcblk0p2

Reboot your Raspberry Pi 4 with $ sudo reboot then issue $ findmnt -n -o SOURCE / again, and this time the result should be /dev/sda1. Rpi4 is now loading Raspberry Pi OS from /root which is residing in the faster SSD-drive. Note that SD-card is currently still needed for boot as Rpi4 firmware doesn't yet support full boot.

• By doing $ systemctl status fstrim.timer as per recommendation here.

• As per https://lemariva.com/blog/2020/08/raspberry-pi-4-ssd-no-microsd-required
• Execute and document the step above, investigate how they can be combined under previous subtitle.

As per script by James Chambers:

$ sudo curl https://raw.githubusercontent.com/TheRemote/PiBenchmarks/master/Storage.sh | sudo bash

[...]
iozone test complete.
RandRead: 17621 - RandWrite: 20914 - Read: 33385 - Write: 21415
Enter a description of your storage and setup (Example: Kingston A400 SSD on Pi 4 using StarTech SATA to USB adapter)
Description: Kingston A400 SSD on Pi 4 using StarTech SATA to USB adapter
(Optional) Enter alias to use on benchmark results.  Leave blank for completely anonymous.
Alias (leave blank for Anonymous):


     Category                  Test                      Result
HDParm                    Disk Read                 273.10 MB/s
HDParm                    Cached Disk Read          192.69 MB/s
DD                        Disk Write                98.2 MB/s
FIO                       4k random read            14970 IOPS (59883 KB/s)
FIO                       4k random write           9126 IOPS (36506 KB/s)
IOZone                    4k read                   33385 KB/s
IOZone                    4k write                  21415 KB/s
IOZone                    4k random read            17621 KB/s
IOZone                    4k random write           20914 KB/s

                          Score: 5861

Compare with previous benchmark results at:
https://storage.jamesachambers.com/
pi@raspberrypi:~ $

As per tutorial by Jeff Geerling.

Changing hostname is good practice in case we have multiple machines so we know which is which and human errors are minimized:

$ sudo nano /etc/hostname

Delete the old raspberrypi and setup a new name omv.

$ sudo nano /etc/hosts

Replace any occurrence of the existing computer name raspberrypi with your new one omv.

Set up a static IP and DNS that is of Mullvad's:

$ sudo nano /etc/dhcpcd.conf

Add to the end of file:

static ip_address=10.0.1.240/24
static routers=10.0.1.1
static domain_name_servers=193.138.218.74

Then restart dhcp-service:

$ sudo service dhcpcd restart

$ sudo systemctl daemon-reload

This is important tto prevent DNS leaks when using Mullvad's VPN. Check that DNS-server changed has taken place with:

$ cat /etc/resolv.conf

Reboot the system for rest of changes (hostname change) to take effect:

$ sudo reboot

• Get aptitude cfg file (including no-recommended installations):

$ sudo wget -c http://iki.fi/~pyyhttu/debian/aptitude/apt.conf /etc/apt/

• Install aptitude (not mandatory as this is a personal preference for me to manage packages):

$ sudo apt update

$ sudo apt install aptitude

• Install and run localepurge to get rid of locales that we do not use, as well as localized packages and man pages.
• Install and run deborphan that searches for orphaned packages, i.e., which are not required by any other package:

$ sudo aptitude update

$ sudo aptitude install localepurge deborphan

• Leave locales "en" and "en_US.UTF-8". Choose "yes" for "Use dpkg --path-exclude?".
• Configure correct time zone:

$ sudo dpkg-reconfigure tzdata

Current default time zone: 'Europe/Helsinki'
Local time is now:      Sun Feb  9 17:11:41 EET 2020.
Universal Time is now:  Sun Feb  9 15:11:41 UTC 2020.

• Check the current firmware version:

$ /opt/vc/bin/vcgencmd version

Aug 15 2019 12:06:42
Copyright (c) 2012 Broadcom
version 0e6daa5106dd4164474616408e0dc24f997ffcf3 (clean) (release) (start)

• Then issue $ sudo aptitude full-upgrade. This will also update the latest stable firmware. Non-stable beta firmware, if needed, is installed with $ sudo rpi-update.

Starting of Rpi4, device actually has onboard upgradable firmware stored on an EEPROM chip where the firmware upgrade is written, instead of the SD-card.

To check the status of the bootloader and VL805 code after full-upgrade, do:

$ sudo rpi-eeprom-update

BCM2711 detected
BOOTLOADER: up-to-date
CURRENT: Tue 10 Sep 10:41:50 UTC 2019 (1568112110)
 LATEST: Tue 10 Sep 10:41:50 UTC 2019 (1568112110)
VL805: update required
CURRENT: 00013701
 LATEST: 000137ab

The bootloader code is up to date but a reboot is required to update the VL805 code to latest. So do:

$ sudo reboot

After reboot firmware should show: CURRENT: 000137ab. This version will fix network boot and overheating. See complete release notes for detailed changes.

I want to control when the updates are applied to avoid any unforeseen changes. So disabling autoupdating service with:

$ sudo systemctl mask rpi-eeprom-update

Created symlink /etc/systemd/system/rpi-eeprom-update.service → /dev/null.

The startup service has now been disabled and automatic bootloader firmware updates will be only applied if updating manually.

If I want to reenable the service, do unmasking with:

$ sudo systemctl unmask rpi-eeprom-update

To be notified about the updates, subscribe to rpi-eeprom releases rss-feed.

Once new version is released, check the availability with:

$ sudo rpi-eeprom-update

tuomas@omv:~ $ sudo rpi-eeprom-update
[sudo] password for tuomas:
BCM2711 detected
Dedicated VL805 EEPROM detected
*** UPDATE AVAILABLE ***
BOOTLOADER: update available
CURRENT: Thu Apr 16 17:11:26 UTC 2020 (1587057086)
 LATEST: Thu Sep  3 12:11:43 UTC 2020 (1599135103)
 FW DIR: /lib/firmware/raspberrypi/bootloader/default
VL805: update available
CURRENT: 000137ad
 LATEST: 000138a1
tuomas@omv:~ $

Then to update do:

$ sudo rpi-eeprom-update -a

tuomas@omv:~ $ sudo rpi-eeprom-update -a
BCM2711 detected
Dedicated VL805 EEPROM detected
*** INSTALLING EEPROM UPDATES ***
BOOTLOADER: update available
CURRENT: Thu Apr 16 17:11:26 UTC 2020 (1587057086)
 LATEST: Thu Sep  3 12:11:43 UTC 2020 (1599135103)
 FW DIR: /lib/firmware/raspberrypi/bootloader/default
VL805: update available
CURRENT: 000137ad
 LATEST: 000138a1
BOOTFS /boot
EEPROM updates pending. Please reboot to apply the update.
tuomas@omv:~ $

Then issue a reboot for the update to take effect.

Alternatively, run $ raspi-config.

• Go to System, General Settings and change Auto logout to 30 minutes.

• Go to System, General Settings, Web Administrator Password.

Add user tuomas to ssh group

• Go to Access Rights Management, User, highlight user tuomas and press Edit. Add user to group ssh. This way $ ssh tuomas@10.0.1.240 still works.

Delete old user pi

• Go to Access Rights Management, User, highlight user pi and press Delete. Note: This results in an error:

Failed to execute XPath query '//system/usermanagement/users/user[name='pi']'.

Error #0:
OMV\Config\DatabaseException: Failed to execute XPath query '//system/usermanagement/users/user[name='pi']'. in /usr/share/php/openmediavault/config/database.inc:344
Stack trace:
#0 /usr/share/openmediavault/engined/rpc/usermgmt.inc(658): OMV\Config\Database->deleteByFilter('conf.system.use...', Array)
#1 [internal function]: Engined\Rpc\UserMgmt->deleteUser(Array, Array)
#2 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)
#3 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('deleteUser', Array, Array)
#4 /usr/sbin/omv-engined(537): OMV\Rpc\Rpc::call('UserMgmt', 'deleteUser', Array, Array, 1)
#5 {main}

But the user is still deleted.

• Go to System, Network, Interfaces, click on the + Add-button

and select Ethernet. For Name drop down select eth0 and under IPV4 for Method select DHCP. Note: At least since OMV version 5.5.2-1 (Usul), above is already filled out.

• Go to System, Notification, Settings and Enable notifications. Then fill in the SMTP settings:

SMTP server: mail.kapsi.fi SMTP Port: 587 Encryption mode: STARTTLS Sender mail: your-kapsi-mail Username: your-kapsi-username Password: your-kapsi-password

Recipient: your-notification-mail

Note: After this I will receive notification to my mail when: I login to openmediavault ("Your user account was used to log in…")

The notification is sent only once, provided that: a session cookie is present.

As per: https://forum.openmediavault.org/index.php?thread/33893-omv-5-system-monitoring/&postID=248049 and https://www.realhardwarereviews.com/homebrew-nas/21/ also check instructions at https://forum.openmediavault.org/index.php?thread/34453-parity-on-a-cheap-nas-victim-of-silent-corruption/&postID=251372#post251372

• Go to System, Notification, Notifications and Enable Filesystems and S.M.A.R.T.
• Go to Storage, S.M.A.R.T., Settings and

• Go to Monitoring, toggle Enable on.

• Go to System, Update Management, press Check, select everything with Package information and press Install.

• Go to OMV-Extras, check the Testing repo, Extra repo and Backports. After this the missing System, Plugins is populated with more packages after pressing Check.

• Docker is the defacto plugin ecosystem offering various software for OMV5 nowadays. Trying to install software as plugins outside of docker containers is not recommended, otherwise breakage may occur.
• Portainer is a graphical frontend for docker.
• Go to OMV-Extras, Docker then select from Docker dropdown button Install. Once finished, select Portainer dropdown button, Install.
• Open a new tabl to browser and go to 10.0.1.240:9000. Create your Username and Password for portainer, then press Create user.
• Select Local to manage the local Docker environment and press Connect.

Note: When using USB-enclosure for HDDs, always partition and format a drive under the controller you intend to use it on. Otherwise, USB-adapters may silently change sector sizes.

• To format a drive, go to Storage, Disks. Select the drive, in my case /dev/sdb and press Wipe (quick wipe is fine).

  In cases with disks that have existing partitioning table, I've gotten an error:

Failed to execute command 'export
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export
LANG=C.UTF-8; blockdev --rereadpt '/dev/sdc' 2>&1' with exit code '1':
blockdev: ioctl error on BLKRRPART: Device or resource busy

And:

***************************************************************
Found invalid GPT and valid MBR; converting MBR to GPT format
in memory.
***************************************************************

Warning: The kernel is still using the old partition table.
The new table will be used at the next reboot or after you
run partprobe(8) or kpartx(8)
GPT data structures destroyed! You may now partition the disk using fdisk or
other utilities.
1+0 records in
1+0 records out
4194304 bytes (4.2 MB, 4.0 MiB) copied, 0.0213194 s, 197 MB/s

This may be due to device being mounted, but in my case this wasn't so. So to overcome this, I did "Secure wipe", which takes longer but allows me to wipe the disks.

• Go to Storage, File Systems and press Create. Select from drop down /dev/sdb and Label it as data.

Mounting may fail with error message:

Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; partprobe '/dev/sdc' 2>&1' with exit code '1': Error: Partition(s) 1, 5 on /dev/sdc have been written, but we have been unable to inform the kernel of the change, probably because it/they are in use. As a result, the old partition(s) will remain in use. You should reboot now before making further changes.

Error #0:
OMV\ExecException: Failed to execute command 'export PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin; export LANG=C.UTF-8; partprobe '/dev/sdc' 2>&1' with exit code '1': Error: Partition(s) 1, 5 on /dev/sdc have been written, but we have been unable to inform the kernel of the change, probably because it/they are in use.  As a result, the old partition(s) will remain in use.  You should reboot now before making further changes. in /usr/share/openmediavault/engined/rpc/filesystemmgmt.inc:648
Stack trace:
#0 /usr/share/php/openmediavault/rpc/serviceabstract.inc(588): Engined\Rpc\OMVRpcServiceFileSystemMgmt->Engined\Rpc\{closure}('/tmp/bgstatusol...', '/tmp/bgoutputsZ...')
#1 /usr/share/openmediavault/engined/rpc/filesystemmgmt.inc(688): OMV\Rpc\ServiceAbstract->execBgProc(Object(Closure), NULL, Object(Closure))
#2 [internal function]: Engined\Rpc\OMVRpcServiceFileSystemMgmt->create(Array, Array)
#3 /usr/share/php/openmediavault/rpc/serviceabstract.inc(123): call_user_func_array(Array, Array)
#4 /usr/share/php/openmediavault/rpc/rpc.inc(86): OMV\Rpc\ServiceAbstract->callMethod('create', Array, Array)
#5 /usr/sbin/omv-engined(537): OMV\Rpc\Rpc::call('FileSystemMgmt', 'create', Array, Array, 1)
#6 {main}

As the error says, this can be fixed by rebooting the rpi4.

• Once file system creation has finished with message The file system creation has completed successfully, press Close, select the drive, press Mount and Apply.

• Create file systems like so:

• Test the HDD read/write speeds with hdparm:

tuomas@omv:$ sudo hdparm -tT /dev/sdb

/dev/sdb:
 Timing cached reads:   1458 MB in  2.01 seconds = 726.53 MB/sec
 Timing buffered disk reads: 468 MB in  3.01 seconds = 155.67 MB/sec

• Go to Access Rights Management, Shared Folders. Press Add, name it smb-music, device is data and path Music/.

• Go to Services, SMB/CIFS. Under General Settings toggle Enable on, and for Extra options define:

min receivefile size = 16384
write cache size = 524288
getwd cache = yes
socket options = TCP_NODELAY IPTOS_LOWDELAY
mangled names = no
catia:mappings =
0x22:0xa8,0x2a:0xa4,0x2f:0xf8,0x3a:0xf7,0x3c:0xab,0x3e:0xbb,0x3f:0xbf,0x5c:0xff,0x7c:0xa6

Note that there isn't other reasons to tweak smb settings.

• Go to Shares tab and press Add. Select music share and define for Public Only guests. For Extra options define vfs objects = catia. This makes sure the characters in filenames, such as '?', are transformed into '¿', which Windows can display.
• The Samba share and mount point can be found in rpi4 host from /srv/dev-disk-by-label-data/Music.

Run $ testparm to see if there are problems with samba config:

tuomas@omv:~ $ testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[smb-music]"
Loaded services file OK.
Server role: ROLE_STANDALONE

Press enter to see a dump of your service definitions

# Global parameters
[global]
        disable spoolss = Yes
        dns proxy = No
        load printers = No
        log file = /var/log/samba/log.%m
        logging = syslog
        map to guest = Bad User
        max log size = 1000
        min receivefile size = 16384
        multicast dns register = No
        pam password change = Yes
        panic action = /usr/share/samba/panic-action %d
        passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
        passwd program = /usr/bin/passwd %u
        printcap name = /dev/null
        server string = %h server
        socket options = TCP_NODELAY IPTOS_LOWDELAY
        catia:mappings =
        fruit:aapl = yes
        idmap config * : backend = tdb
        aio read size = 16384
        aio write size = 16384
        create mask = 0777
        directory mask = 0777
        mangled names = no
        printing = bsd
        use sendfile = Yes
        write cache size = 524288


[smb-music]
        create mask = 0664
        directory mask = 0775
        ea support = No
        force create mode = 0664
        force directory mode = 0775
        guest ok = Yes
        guest only = Yes
        hide special files = Yes
        inherit acls = Yes
        path = /srv/dev-disk-by-label-data/Music/
        read only = No
        store dos attributes = No

tuomas@omv:~ $

• Open Windows file explorer with win-e, focus address bar with ctrl-l and type \\10.0.1.240.
• A Windows 10 authentication window opens up. Select Other and type in admin and your-omv-password. Check Save your password.

• Copy a file to music. Transfer speed should be… ?

  Continue troubleshooting the SMB speed with:

• https://www.reddit.com/r/OpenMediaVault/comments/emu2n4/expected_speeds_for_rpi_4/
• https://www.reddit.com/r/OpenMediaVault/comments/er9eqx/help_increasing_slow_11_mbs_pi4_nas_transfer/
• https://www.reddit.com/r/OpenMediaVault/search?q=SMB%20speed&restrict_sr=1
• https://www.google.fi/search?sclient=psy-ab&site=&source=hp&q=site%3Ahttps%3A%2F%2Fforum.openmediavault.org+rpi4+SMB+speed&=&=&oq=&pbx=1
• Probably slow transfer is due to wireless network, according to iper3 test over wlan: https://forum.openmediavault.org/index.php/Thread/28408-Poor-speed-while-copying-Files/?postID=211858#post211858

• Similar speed issues: https://www.reddit.com/r/OpenMediaVault/comments/fwuicz/raspberry_pi4_slow_speeds/ –> maybe I have just reached max wifi speed: "30MB/s (300Mbps theoretical) is max for Wi-Fi" –> I get 25 MB/s with wifi).

  Edit: This is correct, as is witnessed by in this reddit thread.

• Update: Potential solution to smb speed issues: https://www.reddit.com/r/OpenMediaVault/comments/11gwi1g/significant_samba_speedperformance_improvement_by/

Continue with guide Getting started with openmediavault 5 and from "OMV - Initial Configuration".

• Go to Services, NFS, Shares tab. Press Add and then +.
• For Name, give e.g. music-staging (share name must be unique), for Device, select music [/dev/sdc1]. Leave Path as default /Music and default for Permissions (Others: read only). Press Save. This will produce /etc/exports with content:

# This file is auto-generated by openmediavault (https://www.openmediavault.org)
# WARNING: Do not edit this file, your changes will get lost.

# /etc/exports: the access control list for filesystems which may be exported
#               to NFS clients.  See exports(5)

/export/music-staging (fsid=cbe0ded1-f420-4fa8-86eb-f7ab7487dcb7,rw,subtree_check,insecure,no_root_squash,async)

# NFSv4 - pseudo filesystem root
/export (ro,fsid=0,root_squash,no_subtree_check,hide)

• In Add share dialogue for Shared folder select music-staging. Client can be empty as we don't have requirements in LAN who is allowed to mount this (otherwise this could be (10.0.1.1/24). Privilege can be Read/Write. Extra Options setup as: subtree_check,insecure,no_root_squash,async, see here for more info. Press Save, then Apply.
• Lastly in Services, NFS toggle Enable to activate NFS, remember to Save and Apply changes.
• NFS is now mounted and visible in files system under /export:

$ ls -al /export/music-staging/

total 60
drwxr-sr-x     4 root users  4096 Jun 11 21:56 .
drwxr-xr-x     3 root root   4096 Jun 12 09:27 ..
drwxrwsrwx+ 1008 root users 36864 Apr 27 18:28 Music
drwx------     2 root root  16384 Jun 11 17:47 lost+found

• With another linux box, install first nfs-common. This will make /sbin/mount.nfs4 and /sbin/showmount commands available:

$ sudo aptitude install nfs-common

• Create a mount point in the client box:

$ sudo mkdir -p /mnt/nfs/share

• Mount as NFSv4 file system:

$ sudo mount -t nfs4 10.0.1.240:/export/music-staging /mnt/nfs/share

Edit: Use instead:

$ sudo mount.nfs4 10.0.1.240:/ /mnt/nfs/share

Reason: You need to specify only / as fsid is set to 0. Source.

• As per openmediavault forum post.
• Install autofs on the client:

$ sudo aptitude install autofs

• Create /etc/auto.master. This specifies the mount point for autofs:

#
# Sample auto.master file
# This is a 'master' automounter map and it has the following format:
# mount-point [map-type[,format]:]map [options]
# For details of the format look at auto.master(5).
#
#/misc  /etc/auto.misc
#
# NOTE: mounts done from a hosts map will be mounted with the
#       "nosuid" and "nodev" options unless the "suid" and "dev"
#       options are explicitly given.
#
#/net   -hosts
#
# Include /etc/auto.master.d/*.autofs
# The included files must conform to the format of this file.
#
#+dir:/etc/auto.master.d
#
# Include central master map if it can be found using
# nsswitch sources.
#
# Note that if there are entries for /net or /misc (as
# above) in the included master map any keys that are the
# same will not be seen as the first read key seen takes
# precedence.
#
# +auto.master

/srv/nfs /etc/auto.nfs --ghost

• Create /etc/auto.nfs. This specifies the nfs servers and mount settings:

music-staging -fstype=nfs4,hard,intr,nodev,nosuid,async,rsize=1048576,wsize=1048576 10.0.1.240:/export/music-staging

• Finally, add the user you're logged in, as a member to the group users. This needs to be on both on host (already done by OMV), and the client.
• On client, do $ groups

tuomas@UX32LN:~/$ groups
tuomas adm cdrom sudo dip plugdev lpadmin sambashare

• Add yourself to same users group as your user at omv-serve with $ sudo usermod -a -G users tuomas
• Logout & login or reboot for group changes to take effect.

After this on client, /srv/nfs/music-staging (mapped to /export/music-staging) is automatically mounted on reboot and is writable by my regular user.

• If you need to add any other mount points & shares to auto.nfs, add a new line and restart autofs by doing: $ sudo service autofs reload

To easily see what shared folders are shared by which services (NFS, SMB, etc.) and to manage read/write/execute permissions of said folders, and reset the permissions to their defaults.

• Go to Services, Plugins and search for a plugin

openmediavault-resetperms 5.0. Select it and press Install.

After this, a new tab "Shared Folder In Use" appears on the shared folders page.

Install fatrace as per the instructions.

$ sudo mkdir /srv/dev-disk-by-label-photos/nextcloud/data

Backups for Tuomas:

$ sudo rsync -avhz --progress --delete --exclude={"cache","files_trashbin","files_versions","uploads","files/Music","files/Games","files/Shared"} pyyhttu@kapsi.fi:"~/siilo/sites/pyyhttu-siilo.kapsi.fi/www/nextcloud/data/Tuomas" /srv/dev-disk-by-label-photos/nextcloud/data/

Backups for Heidi:

$ sudo rsync -avhz --progress --delete --exclude={"cache","files_trashbin","files_versions","uploads"} pyyhttu@kapsi.fi:"~/siilo/sites/pyyhttu-siilo.kapsi.fi/www/nextcloud/data/Heidi" /srv/dev-disk-by-label-photos/nextcloud/data/

Backups for Aura

$ sudo rsync -avhz --progress --delete --exclude={"cache","files_trashbin","files_versions","uploads"} pyyhttu@kapsi.fi:"~/siilo/sites/pyyhttu-siilo.kapsi.fi/www/nextcloud/data/Aura" /srv/dev-disk-by-label-photos/nextcloud/data/

If data in group folders, then:

$ sudo rsync -avhz --progress --delete --exclude={"trash","versions","1/Music"} pyyhttu@kapsi.fi:"~/siilo/sites/pyyhttu-siilo.kapsi.fi/www/nextcloud/data/__groupfolders/" /srv/dev-disk-by-label-photos/nextcloud/data/__groupfolders/

$ sudo rsync -avhuz --progress --exclude={"appdata_ocg80o430zwr","audit.log*","files_external","__groupfolders",".htaccess","index.html","news","nexcloud.log*",".ocdata","ownbackup","pyyhttu","Tuomas/cache","Tuomas/files/Music","Tuomas/files/Shared","Tuomas/files_trashbin","Tuomas/files_versions","updater*"} user@host.fi:"~/siilo/sites/user-siilo.kapsi.fi/www/nextcloud/data/" /srv/dev-disk-by-label-photos/nextcloud/data/

• So that sudo is not needed.

• Go to System, Update Management, press Check, select everything with Package information and press Install.

These are the very same updates as one would login via ssh and do $ sudo aptitude update && sudo aptitude safe-upgrade.

Alternatively, setup unattended upgrades.

• As per this recommendation needrestart is installed, and it is operated then periodically as per this blog post. It will check which daemons need to be restarted after library upgrades, or if reboot need is due to new kernel.

To check the services, do before & after reboot:

$ sudo needrestart -b

$ sudo needrestart -u NeedRestart::UI::stdio -r l

In order for scheduled rsync job to run through establish passwordless login to remote server. This is needed so that the job can run from start to finish without stopping in between prompting the password.

Generate public/private rsa key pair on rpi4:

$ ssh-keygen -t rsa

Experiment with new installation if changing hostname (omv) and new user (tuomas) are OK. Check that new user is created properly under Access Rights Management, User. I may still have to read tuomas to ssh group there, if adding that user prior running the script is removed from group (by the script).

After reading not having disks to spin down is actually wanted as it will prolong the disks life span.

• https://forum.openmediavault.org/index.php?thread/23005-installation-and-setup-videos-beginning-intermediate-and-advanced/

• Requires 64-bit Raspberry Pi OS image, but the benefits of NFS are lucrative.

• and setup it correctly: https://forum.openmediavault.org/index.php?thread/32837-borgbackup-cronjob/
• Investigate into scheduling omv-backup and snapraid-diff.

• https://www.reddit.com/r/OpenMediaVault/comments/i4hw9r/what_are_fail2ban_jails/

• As per https://www.reddit.com/r/OpenMediaVault/comments/hctnu8/faster_smb_speeds_stuck_at_70_mbsec/fvhg033/?context=3

• Install and experiment usage of the plugins: "Nevertheless I still use a LOT of plugins which I think will never go away because they're all system related: snapraid, unionfs, backup, wakealarm, flashmemory and so on." – Source.

• As is written here.
• When VPN tunnel is on, restore pi-hole for 10.0.1.240.
• Install Wireguard to Raspberry Pi OS:

$ echo "deb http://deb.debian.org/debian/ unstable main" | sudo tee --append /etc/apt/sources.list.d/unstable.list

$ wget -O - https://ftp-master.debian.org/keys/archive-key-$(lsb_release -sr).asc | sudo apt-key add -

$ sudo aptitude update

$ sudo aptitude install wireguard -y

• Run Mullvad configuration script:

$ curl -LO https://mullvad.net/media/files/mullvad-wg.sh && chmod +x ./mullvad-wg.sh && ./mullvad-wg.sh

% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  3291  100  3291    0     0  17412      0 --:--:-- --:--:-- --:--:-- 17505
[?] Please enter your Mullvad account number: xxxxxxxxxxxxxxxx
[+] Contacting Mullvad API for server locations.
[+] Generating new private key.
[+] Contacting Mullvad API.
[+] Writing WriteGuard configuration files.
[+] Success. The following commands may be run for connecting to Mullvad:
- Melbourne, Australia:
  $ wg-quick up mullvad-au3
- Melbourne, Australia:
  $ wg-quick up mullvad-au4
- Sydney, Australia:
  $ wg-quick up mullvad-au1
- Sydney, Australia:
  $ wg-quick up mullvad-au2
- Sydney, Australia:
  $ wg-quick up mullvad-au5
- Sydney, Australia:
  $ wg-quick up mullvad-au6
- Sydney, Australia:
  $ wg-quick up mullvad-au7
- Vienna, Austria:
  $ wg-quick up mullvad-at1
- Vienna, Austria:
  $ wg-quick up mullvad-at2
- Brussels, Belgium:
  $ wg-quick up mullvad-be1
- Brussels, Belgium:
  $ wg-quick up mullvad-be2
- Brussels, Belgium:
  $ wg-quick up mullvad-be3
- Brussels, Belgium:
  $ wg-quick up mullvad-be4
- Sao Paulo, Brazil:
  $ wg-quick up mullvad-br1
- Sofia, Bulgaria:
  $ wg-quick up mullvad-bg1
- Sofia, Bulgaria:
  $ wg-quick up mullvad-bg2
[...]
- Salt Lake City, UT, USA:
  $ wg-quick up mullvad-us9
- Seattle, WA, USA:
  $ wg-quick up mullvad-us5
Please wait up to 60 seconds for your public key to be added to the servers.
tuomas@omv:~ $

• Enable port forwarding: https://mullvad.net/en/help/wireguard-and-mullvad-vpn/
• Before enabling the Wireguard tunnel with Mullvad, check your current ip with: $ curl ipconfig.me.
• Now test the connection with some server, in this case with mullvad-se4:

$ wg-quick up mullvad-se4

[#] ip link add mullvad-se4 type wireguard
[#] wg setconf mullvad-se4 /dev/fd/63
[#] ip -4 address add 10.67.107.184/32 dev mullvad-se4
[#] ip -6 address add fc00:bbbb:bbbb:bb01::4:6bb7/128 dev mullvad-se4
[#] ip link set mtu 1420 up dev mullvad-se4
[#] resolvconf -a mullvad-se4 -m 0 -x
Too few arguments.
Too few arguments.
[#] wg set mullvad-se4 fwmark 51820
[#] ip -6 route add ::/0 dev mullvad-se4 table 51820
[#] ip -6 rule add not fwmark 51820 table 51820
[#] ip -6 rule add table main suppress_prefixlength 0
[#] ip6tables-restore -n
[#] ip -4 route add 0.0.0.0/0 dev mullvad-se4 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] iptables-restore -n

• Do ip check again and observe that the IP is now different:

$ curl ipconfig.me