Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

UnraiderOfUnlostData

Members
  • Joined

  • Last visited

  1. Hi, wondering if this has been done before. I searched the forums, but it was a bit generic. (some threads had different solutions.. some just more questions) The Issue The config (smbpass, docker templates/scripts) are stored unencrypted on the usb flash drive and can be read/edited. I understand that the drive needs to unencrypted to boot up and cannot be encrypted. What I want to do After the array is up (I login to the interface and enter the password), and before it starts smb, docker, vm, apps.. A script read a keyfile of the array (which is now unecrypted) and mounts a luks/crypt overlay folder at /boot/config. this encrypted container can stay on the flash or array. It shouldn't matter as it's encrypted. and then continue with smb, docker, etc... Does this hook exists, where I can execute such a script? I understand that some /boot/config files are needed for boot (eg shadow, network, etc); but there's a lot there that aren't needed for booting up. What i'm trying to avoid; someone with physical access is able to remove the drive, copy the content and plug it back. system may reboot, or continue. either way, I will notice and bring it up. but now the attacker has access to smb hashes and other config data which may contain keys, etc.. system is vulnerable over the network (samba, tailscale or some other service; because the keys got exposed). user might change the SMB config files and allow guest access to shares. Now the shares are accessible over the network. user can edit shadow file. I understand that some app can be configured to not store keys in config, but there's a lot of apps/docker where sensitive data is stored in the config and cannot be changed. Environment: My use case is a small NAS with unraid that I'm using as backup (tailscale/kopia) and it is being stored offsite (work). so other people will have physical access to it; but it could just as well be a roommate.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.