I had ~60GB going spare on my #RaspberryPi so figured I may as well make the most of it and set up #Samba for file sharing across my LAN. I'm allowing access only from mine and my partner's IPs (which are bound to our MACs) but I'm concerned the share isn't encrypted, so anyone could just walk up to the Pi and take out the SD. Any suggestions for securing shares?
@syntax I would use VeraCrypt, you can benchmark it on the PI but any low-grade encryption should be good enough without noticing any large speed degradation. AES-256 is lightning fast, and while not the most secure it's enough for another layer. Cryptomator could also work if you don't have much experience with VeraCrypt.
@ThreeBadgersInATrenchcoat
Thanks. I'm familiar with Veracrypt as I use it for my own backups. But I went with a LUKS container on the Pi. I've left it unlocked on the Pi so it can be mounted easily on our devices. Works well with my Debian system but I'm yet to test my partner's Mac.
@syntax
Report back please on performance of SD card, I'm thinking of getting SSD and RPi4 but if SD is good I won't chanage it
@ThreeBadgersInATrenchcoat
@nikolal
I've had no issues yet. My Pi 4 runs off a 64GB SD but is only used for Pi-hole and Samba shares. It seems fine to me but I haven't done proper benchmarking or anything. I also just got a Pi Zero W with camera and have it running motionEyeOS.
@ThreeBadgersInATrenchcoat
@syntax My only fear is read/write speed for large files since I plan to host some via Nextcloid or IPFS, I don't know if SD is up to the task.
@ThreeBadgersInATrenchcoat
@syntax Did you consider setting up smb folder as temporary besides LUKS? Something like /tmp? I think it might be useful if you are lazy to delete data.
@nikolal
Good idea for temp shares etc but the Pi stays on 24/7 so I just have a persistent 'Public' smb share, and inside of that other folders including the (unlocked) 'Encrypted' LUKS folder.
@nikolal Yeah I think if I was going to be using mine more often for backups, larger files etc., I would plug in an SSD, but mine is just for occasional use. For example, sharing smaller files with a few clicks instead of looking for spare USBs etc. Also, I have the LUKS container so we have the option of centralising some of the more important/sensitive docs.