A NAS appliance built on bcachefs.
NASty is a NAS operating system built on NixOS and bcachefs. It turns commodity hardware into a storage appliance serving NFS, SMB, iSCSI, and NVMe-oF β managed from a single web UI, updated atomically, and rolled back when things go sideways.
- bcachefs β compression, checksumming, erasure coding, tiering, encryption, O(1) snapshots
- File sharing β NFS and SMB with per-share ACLs
- Block storage β iSCSI and NVMe-oF with dedicated targets per volume
- Subvolumes β filesystem and block subvolumes with quotas, compression, and tiering per subvolume
- Snapshots β instant, space-efficient point-in-time copies
- Encryption lifecycle β lock and unlock encrypted filesystems from the WebUI, with a dependents preview that lists every app, VM, share, and backup that would break before you confirm. Optional TPM2-sealed keys auto-unlock on boot when the measured-boot state matches
- File browser β browse, upload, edit, rename, copy, move, and bulk-manage files from the web UI
- Backups β encrypted, deduplicated, incremental backups to local, S3, SFTP, REST, or Backblaze B2 with per-profile schedules and retention
- Dashboard β CPU, memory, storage, temperature, frequency β with scrollable history charts (30-day retention)
- Alerts β configurable rules for filesystem usage, disk health, temperatures, scrub errors, and more
- Notifications β alert delivery via SMTP email, Telegram, webhooks, and ntfy push notifications
- S.M.A.R.T. β disk health monitoring with per-disk details
- nasty-top β standalone TUI for live per-device IO, latency, and tuning
- Apps β Docker containers and Compose stacks with image pull progress, container inspect, live per-app resource usage (CPU %, memory, network and disk I/O), and an
allow_unsafeescape hatch for stacks that need privileged options - Virtual machines β QEMU/KVM with VNC console, disk snapshots, USB passthrough (editable on existing VMs), bridge selection, and an inline disk-import wizard for qcow2 / raw / vmdk images
- Hardware passthrough β IOMMU group view, USB device inventory, and vfio-pci toggles that survive reboots
- Network bridges β Linux bridges for attaching VMs (and apps) to L2 networks alongside the host
- Web UI β manage filesystems, subvolumes, snapshots, shares, disks, services, and more
- Web terminal β built-in shell with command cheatsheets and diagnostic tools
- Glossary β built-in help page with storage terms, protocol guidance, and FAQ
- Networking β NetworkManager-based with confirm-or-rollback: edits stage, apply, and auto-revert if you don't confirm in time, so a typo can't lock you out over SSH
- Let's Encrypt β automatic TLS certificates via ACME (TLS-ALPN and DNS challenges)
- Tailscale β built-in VPN with one-click setup
- Access control β local user accounts with role-based permissions, API tokens, OIDC single sign-on, WebAuthn / passkey sign-in with admin-side credential reset, and an append-only audit log of every mutation, login attempt, and privileged-console open
- UPS monitoring β NUT integration for graceful shutdown on power loss (opt-in)
- Atomic updates β NixOS-based, with one-click rollback to any previous generation
- Secure Boot (experimental) β per-box opt-in lanzaboote-enforcing boot chain with a guided enrollment wizard from the Hardware page
- Binary cache β fast updates via cachix on both x86_64 and aarch64 (engine, webui, bcachefs-tools pre-built β no Rust + npm compile on Pi / Odroid / Rockchip boxes)
NASty can serve as a storage backend for Kubernetes β provisioning persistent volumes, snapshots, and clones on demand across all four protocols (NFS, SMB, iSCSI, NVMe-oF).
- nasty-csi β CSI driver for dynamic provisioning, snapshots, cloning, and online expansion
- nasty-chart β Helm chart for one-command install
- nasty-plugin β
kubectl-nastyfor inspecting volumes, snapshots, clones, and health from the CLI
Integrations built by the community on top of NASty's JSON-RPC API:
- nastyplugin by @WarlockSyno β Proxmox storage plugin for using NASty as a backing store for VM and container disks
Building something with NASty? Open an issue or PR and we'll add it here.
Dashboard
Filesystems
Subvolumes
Sharing
Apps
Terminal
Settings
- Download the latest ISO from Releases
- Boot it on your hardware β the installer lets you pick a disk and press Enter
- Open the WebUI at
https://<nasty-ip> - Default credentials: admin / admin
ISO won't boot? Some UEFI firmware doesn't like NixOS ISOs. See INSTALL.md for an alternative installation method from any Linux live environment.
NASty has three update flavors:
| Flavor | What you get | Description |
|---|---|---|
| Mild | Tagged stable releases (v*) |
Stable releases |
| Spicy | Pre-release builds (s*) |
Pre-release builds with newer features |
| Nasty | Latest commit on main | Bleeding edge, no guarantees |
Switch flavors from Settings β Update β Flavor in the WebUI.
| Component | Technology | Why |
|---|---|---|
| Engine | Rust | Async runtime, handles all storage and system operations |
| Web UI | SvelteKit + TypeScript | Reactive UI with real-time WebSocket updates |
| OS | NixOS | Atomic updates, rollback, reproducible system config |
| Filesystem | bcachefs | Checksumming, compression, tiering, snapshots, erasure coding |
| API | JSON-RPC 2.0 over WebSocket | Persistent connection, bidirectional, low overhead |
engine/ Rust workspace β storage, sharing, system management
webui/ SvelteKit web interface
nixos/ NixOS modules and ISO configuration
The full ecosystem (CSI driver, Helm chart, kubectl plugin, and more) lives at github.com/nasty-project.
See FAQ.md for common questions about bcachefs, NixOS, and project status.
NASty collects anonymous usage data (drive count and storage capacity). Disable anytime from Settings β Telemetry. Details: nasty-telemetry.
GPLv3