A NAS appliance built on bcachefs.
NASty is a NAS operating system built on NixOS and bcachefs. It turns commodity hardware into a storage appliance serving NFS, SMB, iSCSI, and NVMe-oF — managed from a single web UI, updated atomically, and rolled back when things go sideways.
- bcachefs — compression, checksumming, erasure coding, tiering, encryption, O(1) snapshots
- File sharing — NFS and SMB with per-share ACLs
- Block storage — iSCSI and NVMe-oF with dedicated targets per volume
- Subvolumes — filesystem and block subvolumes with quotas, compression, and tiering per subvolume
- Snapshots — instant, space-efficient point-in-time copies
- Encryption lifecycle — lock and unlock encrypted filesystems from the WebUI, with a dependents preview that lists every app, VM, share, and backup that would break before you confirm. Optional TPM2-sealed keys auto-unlock on boot when the measured-boot state matches
- File browser — browse, upload, edit, rename, copy, move, and bulk-manage files from the web UI
- Backups — encrypted, deduplicated, incremental backups to local, S3, SFTP, REST, or Backblaze B2 with per-profile schedules and retention
- Dashboard — CPU, memory, storage, temperature, frequency — with scrollable history charts (30-day retention)
- Alerts — configurable rules for filesystem usage, disk health, temperatures, scrub errors, and more
- Notifications — alert delivery via SMTP email, Telegram, webhooks, and ntfy push notifications
- S.M.A.R.T. — disk health monitoring with per-disk details
- nasty-top — standalone TUI for live per-device IO, latency, and tuning
- Apps — Docker containers and Compose stacks with image pull progress, container inspect, live per-app resource usage (CPU %, memory, network and disk I/O), and an
allow_unsafeescape hatch for stacks that need privileged options - Virtual machines — QEMU/KVM with VNC console, disk snapshots, USB passthrough (editable on existing VMs), bridge selection, and an inline disk-import wizard for qcow2 / raw / vmdk images
- Hardware passthrough — IOMMU group view, USB device inventory, and vfio-pci toggles that survive reboots
- Network bridges — Linux bridges for attaching VMs (and apps) to L2 networks alongside the host
- Web UI — manage filesystems, subvolumes, snapshots, shares, disks, services, and more
- Web terminal — built-in shell with command cheatsheets and diagnostic tools
- Glossary — built-in help page with storage terms, protocol guidance, and FAQ
- Networking — NetworkManager-based with confirm-or-rollback: edits stage, apply, and auto-revert if you don't confirm in time, so a typo can't lock you out over SSH
- Let's Encrypt — automatic TLS certificates via ACME (TLS-ALPN and DNS challenges)
- Tailscale — built-in VPN with one-click setup
- Access control — local user accounts with role-based permissions, API tokens, OIDC single sign-on, WebAuthn / passkey sign-in with admin-side credential reset, and an append-only audit log of every mutation, login attempt, and privileged-console open
- UPS monitoring — NUT integration for graceful shutdown on power loss (opt-in)
- Atomic updates — NixOS-based, with one-click rollback to any previous generation
- Secure Boot (experimental) — per-box opt-in lanzaboote-enforcing boot chain with a guided enrollment wizard from the Hardware page
- Binary cache — fast updates via cachix on both x86_64 and aarch64 (engine, webui, bcachefs-tools pre-built — no Rust + npm compile on Pi / Odroid / Rockchip boxes)
NASty can serve as a storage backend for Kubernetes — provisioning persistent volumes, snapshots, and clones on demand across all four protocols (NFS, SMB, iSCSI, NVMe-oF).
- nasty-csi — CSI driver for dynamic provisioning, snapshots, cloning, and online expansion
- nasty-chart — Helm chart for one-command install
- nasty-plugin —
kubectl-nastyfor inspecting volumes, snapshots, clones, and health from the CLI
Integrations built by the community on top of NASty's JSON-RPC API:
- nastyplugin by @WarlockSyno — Proxmox storage plugin for using NASty as a backing store for VM and container disks
Building something with NASty? Open an issue or PR and we'll add it here.
Dashboard
Filesystems
Subvolumes
Sharing
Apps
Terminal
Settings
- Download the latest ISO from Releases
- Boot it on your hardware — the installer lets you pick a disk and press Enter
- Open the WebUI at
https://<nasty-ip> - Default credentials: admin / admin
ISO won't boot? Some UEFI firmware doesn't like NixOS ISOs. See INSTALL.md for an alternative installation method from any Linux live environment.
NASty has three update flavors:
| Flavor | What you get | Description |
|---|---|---|
| Mild | Tagged stable releases (v*) |
Stable releases |
| Spicy | Pre-release builds (s*) |
Pre-release builds with newer features |
| Nasty | Latest commit on main | Bleeding edge, no guarantees |
Switch flavors from Settings → Update → Flavor in the WebUI.
| Component | Technology | Why |
|---|---|---|
| Engine | Rust | Async runtime, handles all storage and system operations |
| Web UI | SvelteKit + TypeScript | Reactive UI with real-time WebSocket updates |
| OS | NixOS | Atomic updates, rollback, reproducible system config |
| Filesystem | bcachefs | Checksumming, compression, tiering, snapshots, erasure coding |
| API | JSON-RPC 2.0 over WebSocket | Persistent connection, bidirectional, low overhead |
engine/ Rust workspace — storage, sharing, system management
webui/ SvelteKit web interface
nixos/ NixOS modules and ISO configuration
The full ecosystem (CSI driver, Helm chart, kubectl plugin, and more) lives at github.com/nasty-project.
See FAQ.md for common questions about bcachefs, NixOS, and project status.
NASty collects anonymous usage data (drive count and storage capacity). Disable anytime from Settings → Telemetry. Details: nasty-telemetry.
GPLv3






