github nasty-project/nasty v0.0.7
NASty v0.0.7
on GitHub

latest releases: v0.0.9, v0.0.8
16 days ago

This is the NetworkManager-migration release. v0.0.7 runs both the legacy networking layer and NetworkManager in parallel so existing installs migrate transparently. v0.0.8 will drop the compatibility shim — once you're on 0.0.7 and your network reconciles cleanly, you'll be ready for 0.0.8. Boxes still on 0.0.6 or earlier should not jump straight to 0.0.8.

Headline changes

  • Networking moved to NetworkManager, with a confirm-or-rollback safety net. Network edits stage, apply, and revert automatically if you don't confirm in time — no more SSH-locking yourself out from a typo. The WebUI surfaces risk-classified change previews, an active-edit banner with countdown, and per-connection DNS.

  • Encrypted filesystem lifecycle is now end-to-end. Lock / unlock / mount-with-keyring-key all work, the dashboard shows a "locked" alert with one-click recovery, and the WebUI warns about every app, VM, share, and backup that would break before you lock — including a per-row "🔒 on tank" badge linking to the unlock dialog.

  • Hardware passthrough has a real UI. IOMMU groups, system / BIOS / DIMM summary, USB devices, and a passthrough toggle that survives reboots. VMs can be created or edited with USB passthrough, network bridge selection, and an inline disk-import wizard.

  • Subvolumes overview is the new default landing view. One table grouped by filesystem, with real disk-usage progress bars (proper ceiling per subvolume type), block-image actual-allocation reporting, and a self-healing reconcile on engine startup.

  • Update flow is dramatically more reliable. The dev-build channel now refreshes all flake inputs (kernel finally bumps), wrapper-flake templates rebootstrap on drift, failed rebuilds dump the switch-to-configuration journal so you can see what went wrong, and nasty-cleanup is now a one-shot fix for /boot full.

Apps

  • Inline "Enable Apps" prompt when you click Install before the Docker service is running.
  • Volume permission and device checks aggregate into a single warning panel instead of toast spam.
  • Volume / backup source / ingress port pickers replaced raw text inputs with browsable paths.
  • Ingress reverse-proxy panel formatting fixed; <name> literal no longer renders as HTML.
  • Apps view rejects bind-mount paths that don't exist on any mounted FS.
  • Live per-app resource usage (CPU %, memory, network I/O, disk I/O) on the Apps page.

Sharing

  • Per-protocol panels for NFS, SMB, iSCSI, NVMe-oF — one place to see and edit each protocol's exports.
  • Share-creation wizard now uses the same protocol-specific forms (no more "one form fits all").
  • SMB advertises via mDNS + wsdd for Windows / macOS discovery.

Subvolumes

  • Unified overview table with filesystem group headers — alignment matches across groups.
  • Size cell shows a coloured progress bar (amber 75% / red 90%) against the correct ceiling: volsize for block, quota for filesystem-with-quota, FS total otherwise.
  • Block-image rows report actual on-disk allocation (st_blocks * 512) instead of the logical-sparse size, so iSCSI / NVMe-oF images no longer show as 100% full.
  • Quota inflation bug fixed: setquota was passed bytes where it expected 1 KiB blocks, so every NFS PVC got a quota 1024× the requested size (a 5 Gi PVC ended up with 5 TiB). Engine now divides correctly; startup reconcile auto-rewrites existing inflated quotas.
  • Project IDs back-filled at startup for subvolumes created before always-assign landed.
  • Wizard's advanced bcachefs knobs collapsed behind disclosures.

Files / backups

  • Files page now supports rename, in-place edit, and sortable columns.
  • Backup wizard has a proper source picker.

Updates / system

  • Weekly nixpkgs-bump bot landed, with curated package-version diff in the PR body.
  • Dev-build channel correctly refreshes nixpkgs + bcachefs-tools + nasty (kernel-not-bumping bug).
  • Wrapper-flake content hash drives rebootstrap-on-drift; the upstream template flowing onto existing installs no longer needs manual rebootstrap.
  • /boot free-space alert with nasty-cleanup as the one-shot remedy.
  • bcachefs-tools bumped to 1.38.3.

CI / infrastructure

  • aarch64 engine, webui, and bcachefs-tools binaries now pushed to nasty.cachix.org — Pi / Odroid / Rockchip boxes get cache hits instead of compiling Rust + npm locally every upgrade.
  • Cachix push folded into the integration workflow (one build, not two).

Bug fixes

  • Setquota 1024× quota inflation on filesystem subvolumes.
  • Block subvolume size cell stuck at 100% because metadata.len() returned logical-sparse size.
  • Dev-build upgrade button only refreshed the nasty input, never nixpkgs or bcachefs-tools — explained the "kernel won't update" reports.
  • <name> literal rendered as HTML element in Apps page.
  • VM-import auto-naming included image-format suffixes (.qcow2, .img).
  • WebSocket reconnect didn't refresh sysInfo, so the layout footer showed stale data.
  • /run/booted-system/kernel vs /run/current-system/kernel reboot-required check (multiple update-path fixes).
  • Orphan network interfaces left behind after bond/bridge deletion now cleaned up.
  • Filesystem mount uses the keyring key directly instead of re-prompting.

Proxmox users: NASty requires UEFI. Switch the VM firmware from SeaBIOS to OVMF before installing, otherwise NASty won't boot after the first restart.

Switch from SeaBIOS

to OVMF (UEFI)
Check out latest releases or
releases around nasty-project/nasty v0.0.7

Don't miss a new nasty release

NewReleases is sending notifications on new releases.

Get notifications