I’m repurposing my old gaming desktop (au.pcpartpicker. com/b/Q37TwPa) 24/7 NAS + Plex + Immich (and potentially a website) machine.
My setup
-
CPU: AMD Ryzen 5 1600, 3.2 GHz 6-Core Processor
-
Motherboard: ASRock B450M Pro4-F Micro ATX AM4 Motherboard
-
Memory: Corsair Vengeance LPX 16 GB (2 x 8 GB) DDR4-3200 CL16 Memory
-
Storage: Crucial P1 1 TB M.2-2280 PCIe 3.0 X4 NVME Solid State Drive
-
Video Card: Gigabyte GAMING OC GeForce GTX 1660 SUPER 6 GB Video Card
-
Case: Cooler Master MasterBox Lite 3.1 MicroATX Mid Tower Case
-
HDD: Likely WD Red Pro 2x12TB
-
ETH card: Will add a 10GbE card into one of the PCIE
I considered:
-
Synology DS425+: even though they’ve reversed the drive decision, they have lost my trust. Their main selling point now is the software with the new systems still using 6 year old intel cpus (the DS925+ with Ryzen doesnt transcoding), ram limitation. Plus its more expensive than a DIY. However, super simple to setup if that’s what someone is looking for. I’m a techie so I’m happy building my own.
-
Ugreen/Terramaster/Aoostar: I dont care about Ugreen “its a Chinese brand”. Currently its not officially available in Australia. UGOS is still getting to that maturity stage.
I am only using my PC because I have one lying around, and the GPU will definitely help with the initial ML process for Immich facial recognition. My motherboard only has 4 SATA ports and no ECC, if I see my needs growing, I will upgrade to a new motherboard OR initially add LSI HBA card for expansion as TrueNAS and ZFS like HBAs in IT (passthru) mode. Down the line I may switch to an actual NAS hardware. In general because gaming motherboard aren’t favoured for server duty in the long run + the extra power draw.
My use cases:
-
Immich: automatic photo/video backup for family (Android + DSLR/GoPro/Drone imports)
-
Plex with *arr: multiple users streaming at the same time
-
Webserver and database for a game that I built: Khalifa (kotw. io)
Networking: I’ll talk about this first because my use cases are around making it really easy for the family to access the app. I considered:
-
Tailscale: not ideal as client devices need the app installed + limits of 3 free users
-
Tailscale Funnel: still in experimental mode, but will require an extra hop
-
WireGuard: about the same as Tailscale
-
ZeroTrust: same as Tailscale
-
Netbird with VPS: Dont want an extra hop, specially if some members might be accessing from overseas.
-
CloudFlare Tunnel: restrictions on 100mb uploads, streaming against their ToS, not a fan of another hop as its just IP masking really with ofc the CF benefits.
Therefore my networking approach, with a little help from ChatGPT + Claude:
Domain & DNS: Point mydomain. com to my static IP. Create subdomains like immich.mydomain. com and plex.mydomain. com via A records.
Reverse Proxy & SSL: On the NAS server, run a reverse-proxy (Caddy, Nginx, or Nginx Proxy Manager) listening on ports 80/443. Configure it to forward immich.mydomain. com → Immich, and plex.mydomain. com → Plex. Use Let’s Encrypt (Caddy does this automatically) for TLS so users browse securely without certificates errors.
Port Forwarding: On your router, forward TCP ports 80 and 443 to the NAS server’s IP. This exposes your HTTPS services to the internet. (Keep SSH/VPN ports closed externally if possible.)
Firewall & Security: Use firewall rules or Fail2Ban to limit login attempts. Optionally, set up 2FA on services. Avoid opening other ports (e.g. Immich’s default port) directly.
Cloudflare (optional): You can use Cloudflare DNS (free) for your domain, but do not enable the proxy (orange cloud) on the A records. If Cloudflare proxy is on, all traffic is routed through Cloudflare and a 100 MB upload size limit is imposed Using DNS-only mode means clients connect directly to your IP with TLS (no extra routing, and no Cloudflare file-size cap). If you must avoid port-forwarding, you could use Cloudflare Tunnel (Argo) or a small VPS with a tunnelling tool (Pangolin/NetBird, etc.) – but then your data flows via an intermediate and may add latency. For example, one user reports running the open-source “Pangolin” tunnel on a cheap Oracle VPS to expose Immich, costing only the domain fee. This adds security (DDoS protection) but at $5–10/month plus some complexity. In summary: the simplest solution is direct HTTPS with reverse-proxy and DNS, which gives the best speed and avoids the 100 MB limit
I will use TailScale myself however for admin access the NAS OS. Currently internet is 500/50, will upgrade to 1000/100 and if I see that the demand from members using my service is more, will upgrade to 2000/200. I do have static IP.
Users with accounts on Plex/Immich will be able to login only via their accounts for added security.
OS: I considered Proxmox, unRaid, TrueNAS, Linux, Windows. I then decided that I would like to go with TrueNAS as their ZFS system was better suited my use case with scrubbing etc, their UI is better imo + its free.
Proxmox was an overkill even though I will be hosting a website - will probably be just fine virtualizing in TrueNAS or just run the website in Docker.
Redundancy & drives: Will initially be setting up 2x12TB drives in ZFS mirror as one vdev. Then down the line, when I decide to upgrade my PC case (has only two SATA slots), I’ll add another 2x12TB drives again in mirror as a new vdev but in the same pool as the original. So essentially, I’ll have 24TB in total of useable storage and can afford 1 drive failure from each vdev. If two drives fail, well its game over. This is excellent for my use cases becuase mirrors offer considerably better IOPS compared to RAIDz1 etc because of Striping across only the mirror drive. Another advantage is, if one drive fails in one of the vdevs, the resilver is faster than the RAID and is much less stressful on the other drives.
I will be storing the OS and Docker containers/metadata/database on my Crucial P1 1 TB NVME and backing it up to the drives. Will skip ssd caching as I dont think it will provide much benefit for streaming.
If instead of going down the route of adding another two drives in the same pool I just want to add one more drive, I’ll probably add it to another pool and move all my plex library to that. If for any reason I do lose this drive, I dont really mind as the metadata for the plex library should be in the NVME and when I replace the drive, it will help with re-downloading the media as required.
One thing I’m unsure about is if rebalancing would be required if I add another mirror
Photo migration: First me and my family would have to do Google Takeout and Apple Privacy takeout. Once we all have the links, I will download the 3-4 TB of photos/videos on my personal computer user by user. Using immich-go to export Google Takeout and Apple .zip files directly into Immich with metadata intact. Planning separate user accounts for each family member. This can be done by creating accounts for each user and getting an API from Immich and plugging the API in the immich-go script. I will also use external libraries within Immich for DSLR, GoPro and Drone footage.
Once the migration is complete, I will ask the family to turn off their uploads to Google/Apple and let Immich handle the uploads directly to NAS. Immich is in stable version but still I will be cautious and try to have backups as I’ve described below.
Note: For anyone planning to use Immich, it will automatically download all icloud photos and upload to Immich server at full resolution even you have ‘Optimize Storage’ enabled - its beautiful to watch. Not fit for my use case as I have TBs of photos and for some family members who are not in Australia do not have the benefit for high speed uploads.
Also considered:
-
icloudpd: works really well to download directly from iCloud to your server. Is a good option for scheduled download instead of bulk downloading TB’s worth of photos.
-
iCloud sync to local computer: Not ideal to do this if there are multiple family members involved for privacy reasons.
-
rclone: Google API changes came into affect and it now only allows download of files that were uploaded by rclone.
-
Multcloud: They look dodgy and reviews arent great
-
Synology Photos: If I was going with Synology, this would be so much easier as it also does the same thing as Immich, downloads the files from iCloud even when Optimized Storage is selected. Doesnt work for Google that way however. Workaround I found was to Google Takeout to iCloud first, then use the app.
Backups: I am considering getting a N150 mini pc and attach drives to it via USB and install windows on it. Will initially place it in the same location but later on move it to a family’s house. The idea is to backup my NAS to this mini pc. And the reason for using Windows is so that I can use Backblaze Personal Cloud unlimited backup for $100/year. I can directly upload from NAS to Backblaze but I’ll have to use B2 for that with is $6/TB.
Power: I will not be undervolting my CPU/GPU as I believe that’s not the best approach when it comes to ZFS or NAS in general. With my computer, I reckon it will be doing roughly:
Idle: ~75–90 W
Typical active: ~130–160 W
Heavy load: ~250–300 W
This should cover the setup that I am planning to do over the next couple of weeks. Will wait for blackfriday for any HD and network card deals.