IT

Configure Flatpak to store apps on the NAS

Flatpaks are a great way to install applications and avoiding all the dependency problems that come with traditional installation methods. However, Flatpaks are notorious for consuming a ton of disk space. Understandable, given the need to capture the runtime environment and all dependencies. I run several VMs on each NUC in the homelab and primary disk space on the host SSD is at a premium. For the Linux desktop VMs, I didn’t want to expend large portions of primary disk space for what are essentially read-only application files.

This post goes through steps to set up the Flatpak repository on a NAS mount, which moves all the app and included flatpak runtimes off of the primary disk. If you have a large number of Flatpak apps, or heavy duty apps like IDEs, ECAD, MCAD, the storage savings can exceed 100 GB.

There are some additional benefits to this approach, including:
– the ability to create more VMs on a given host, at least those that aren’t CPU bound, given the reduced storage needs.
– reduced size of VM image backups.
– more free space for potential SSD wear leveling.
– the potential to share the same Flatpak repo across multiple VMs. I have no plans yet to investigate this as once a NAS repo is set up, I have essentially unlimited space (multiple TB).

A separate flatpak “Installation” is created, and co-exists with the default installation, providing the option to still install flatpaks locally if desired.

Setup Steps

NAS Preparation

I initially tried setting up the flatpak installation with a repo on an existing NFS share with squash enabled. For normal day-to-day file operations, this was the most pain-free way of managing file access in the homelab across multiple OS’s and over a dozen clients, including VMs, laptops, mobile phones, etc. While it can be made to work, it is so fraught with difficulty and workarounds that it was abandoned. Instead, the fastest and most reliable setup is to create a dedicated non-squash share just for this application. After evaluating several different approaches to Linux uid mapping, it was determined that all the VM default users have uid 1000, so that will be the owner for the flatpak repo.

These steps were performed on a Synology NAS, so adjust accordingly for your environment.
Create the share. For reference, in my case the new share is at /volume1/device-apps.
Set your host name/IP.
Privilege: read/write
Squash: no mapping
Security: sys
Enable other options, including asynchronous, and allow access from mounted sub-folders.

Now ssh to the NAS and set up ownership and permissions.
The flatpak install will live under /volume1/device-apps, create the directory:

sudo mkdir -p /volume1/device-apps/flatpak

Set ownership of the share and sub-directories to match the client user id.

sudo chown -R --changes 1000:1000 /volume1/device-apps/
sudo chmod -R 755 /volume1/device-apps

Confirm permissions:

ls -ld /volume1/device-apps

Client Setup

Perform the remaining steps on the client side, e.g. your Linux Desktop pc or VM.

Create the Mount

In my case, this is at

/mnt/nas-device-apps

Edit fstab:

sudo nano /etc/fstab

Add the following, with host and paths adjusted for your application:

192.168.0.10:/volume1/device-apps  /mnt/nas-device-apps  nfs  defaults,exec,noatime,nolock   0  0

Flatpak repo needs exec permissions. Add performance optimization options noatime,nolock.

Mount it:

sudo mount -a

Create the flatpak Installation config file

Create the installations.d directory:

sudo mkdir -p /etc/flatpak/installations.d

Creat a configuration file defining the Installation:

sudo nano /etc/flatpak/installations.d/nas.conf

Enter the following:

[Installation "nas"]
Path=/mnt/nas-device-apps/flatpak
DisplayName=NAS Flatpak

Save. You can now refer to this Installation location by logical name “nas”. You can set this to whatever works for you.

Verify
List all installations (system default and the one just added):

flatpak --installations
/mnt/nas-device-apps/flatpak
/var/lib/flatpak

Create the flathub repo

Now we can add a repo. In this case flathub.
Note that all flatpak commands are run as sudo since I’m installing all as system (not user).

Add the flathub remote to the nas installation:

sudo flatpak remote-add --installation=nas --if-not-exists --verbose flathub https://flathub.org/repo/flathub.flatpakrepo

Confirm the gpg key is created and permissions are correct at repo/flathub.trustedkeys.gpg

ls -la /mnt/nas-device-apps/flatpak/repo

You should see the following file:

-rw-r--r-- 1 root  root  2888 Mar 29 15:07 flathub.trustedkeys.gpg

Confirm setup by viewing the remotes for this install:

sudo flatpak remotes --installation=nas  --show-details

You should see the following:

Name    Title   URL                          Collection ID Subset Filter Priority Options … … Homepage             Icon
flathub Flathub https://dl.flathub.org/repo/ -             -      -      1                … … https://flathub.org/ https://dl.flathub.org/repo/logo.svg

The repo is now set up and trusted.

Install a Flatpak Application

Shown here is installation of the KiCad EDA environment for schematic and pcb design.
Install the flatpak app:

sudo flatpak install --installation=nas --verbose flathub org.kicad.KiCad

Launch the application. You should find it in the desktop menu.
Note that you can also launch it from a terminal window:

flatpak run --installation=nas --filesystem=/mnt/nas-devices  org.kicad.KiCad

App Permissions

If your app needs access beyond the home directory, you will need to specify flatpak permissions. These steps show the granting of access to another NAS share (already configured) for the flatpak KiCAD application.

Grant Permission:

sudo flatpak override org.kicad.KiCad  --verbose --installation=nas --filesystem=/mnt/nas-devices

Verify the permissions:

flatpak info --installation=nas --show-permissions org.kicad.KiCad

You will see something like:

[Context]
shared=network;ipc;
sockets=x11;
devices=dri;
filesystems=home;/mnt/nas-devices;

[Environment]
TMPDIR=/var/tmp

Conclusion

I’m surprised that app launch delay isn’t really noticable. In my case, the NAS is co-located in the same rack as the NUCs and connected via 1 Gbps lan.