| 1. | Design Objectives |
Secure and controlled file sharing | |
Ransomware mitigation by immutable archival repository | |
Centralized authentication | |
Enforced storage quotas | |
Full audit trail and monitoring | |
Automated snapshots and integrity checks | |
Simple and predictable disaster recovery | |
No proprietary software or licensing |
| 2. | Risk Mitigation |
Disk failure | ZFS RAIDZ2 + backup |
Ransomware | Borg Append only + ZFS Immutable snapshots |
Deleted file recovery | ZFS Snapshot rollback |
Backup corruption | Borg check |
User misuse | Audit logging |
| 3. | Software Stack |
OS | Debian LTS (minimal) |
File sharing | Samba (SMB3) |
Filesystem | OpenZFS |
Backup | BorgBackup + Borgmatic |
Immutable | ZFS snapshot hold + Borg append-only |
Quotas | ZFS dataset quota |
Monitoring | Prometheus + Grafana + Node exporter |
Alerts | Alertmanager |
Scheduler | systemd timers (no cron) |
Security | UFW + Fail2ban + AppArmor |
Verification | Borg check + ZFS scrub |
