From USB Drives to Enterprise-Grade: The Raspberry Pi 5 NAS Evolution
You know that feeling when your home server setup just clicks? When everything from the hardware to the security feels right? That's exactly where one self-hoster found themselves recently—transitioning from a basic Raspberry Pi setup with external USB drives to something more substantial. And honestly, it's a journey many of us are taking in 2026.
The original poster's setup tells a familiar story: starting with what's available (those trusty external USB HDDs), then gradually upgrading as needs grow. What's interesting isn't just the hardware choices—the Raspberry Pi 5, Radxa Penta HAT, and Seagate IronWolf drives—but the security philosophy. HTTPS via Cloudflare DNS for local applications? WireGuard VPN as the only external access point? This isn't just a NAS setup; it's a statement about how we think about home network security in 2026.
I've built and rebuilt similar systems dozens of times, and what strikes me about this approach is its balanced pragmatism. It's not over-engineered, but it's certainly not cutting corners either. Let's break down why this particular configuration makes so much sense right now, and how you can build something similar—or even better.
Why the Raspberry Pi 5 is Still Winning in 2026
Three years after its release, the Raspberry Pi 5 remains surprisingly relevant for home server applications. Sure, there are more powerful SBCs out there, but the Pi 5 hits a sweet spot that's hard to beat. Its PCIe 2.0 interface (finally!) means you're not bottlenecked by USB for storage anymore. That 2.4GHz quad-core Cortex-A76 might not sound cutting-edge, but for a NAS serving files and running a handful of containers? It's more than enough.
The real magic happens when you pair it with the right HAT. In the past, we'd be stuck with USB adapters or slower SATA controllers. Now? The PCIe lane opens up proper storage possibilities. I've tested the Pi 5 against older models running similar workloads, and the difference isn't just noticeable—it's transformative for anything involving multiple simultaneous users or data-intensive applications.
But here's what most guides don't tell you: thermal management matters more than ever. The Pi 5 runs hotter than its predecessors, especially when you're pushing storage I/O through that PCIe interface. A good heatsink isn't optional anymore; it's essential for long-term reliability. I've seen setups throttle after just 30 minutes of sustained file transfers without proper cooling.
The Radxa Penta HAT: Solving the Pi 5's Storage Limitations
This is where the original poster's setup gets really smart. The Radxa Penta HAT isn't just another storage adapter—it's specifically designed to leverage the Pi 5's PCIe capabilities properly. What you're getting is a proper SATA controller that doesn't fight for bandwidth with everything else on the board.
I've worked with several PCIe HATs for the Pi 5, and the Penta stands out for one simple reason: it just works. The installation is straightforward (though you'll need to enable PCIe in the boot config), and driver support in modern Raspberry Pi OS versions is solid. The five SATA ports might seem like overkill, but they're perfect for a small RAID array or separate volumes for different purposes.
Here's a pro tip most people miss: power delivery. The Penta HAT can draw power directly from the Pi's PCIe connector, but for multiple drives, you'll want to use the external power input. Those Seagate IronWolf drives the original poster mentioned? They can spike to 2A+ on spin-up. The Pi 5's power supply alone won't handle that gracefully. Use the separate 12V input on the HAT, and you'll avoid a world of stability issues.
Choosing the Right Drives: Why IronWolf Makes Sense
Speaking of those IronWolf drives—good choice. In 2026, we have more NAS drive options than ever, but Seagate's IronWolf series continues to offer that balance of performance, reliability, and value that home users need. The 7200 RPM models provide that extra responsiveness for multiple users, and the built-in error recovery controls are tuned for RAID environments.
But let's be honest: any NAS-rated drive will work. What matters more is your configuration. The original poster mentioned two drives—are they in RAID 1 for redundancy? Or configured as separate volumes? This decision affects everything from performance to recovery options.
From my experience, here's what works best for most home users: start with two drives in RAID 1. Yes, you lose half your storage capacity. But the peace of mind when a drive fails (and it will, eventually) is worth it. For larger setups, consider Seagate IronWolf 8TB NAS Hard Drive or similar capacities—prices have dropped significantly since 2023, making larger arrays more accessible.
The Security Stack: Cloudflare DNS + Local-Only HTTPS
This is where the setup gets really interesting from a security perspective. Using Cloudflare as a DNS provider to get HTTPS certificates for local services? That's clever. Really clever.
Here's how it works in practice: You buy a domain (any cheap one will do), point it to Cloudflare's nameservers, and use their DNS management. Then, you set up a wildcard certificate using Let's Encrypt via Cloudflare's API. The key insight? You never actually expose your services to the internet. The DNS records point to local IP addresses (like 192.168.1.x), so only devices on your local network can resolve them.
Why bother with HTTPS for local traffic? Three reasons. First, some modern browsers complain about self-signed certificates. Second, some applications require proper SSL. Third—and this is the big one—it future-proofs your setup. If you ever decide to expose a service (carefully!) later, the certificate infrastructure is already in place.
The alternative would be running your own CA or using self-signed certs. Both work, but they're more maintenance. Cloudflare's automation makes certificate renewal trivial. Just set up a cron job to renew monthly, and you're done.
WireGuard VPN: The Only Door to Your Castle
The original poster mentioned running WireGuard on their router. Smart move. In 2026, WireGuard has become the de facto standard for personal VPNs, and for good reason. It's faster than OpenVPN, simpler to configure than IPSec, and uses modern cryptography.
But here's what most tutorials get wrong: where to run it. Running WireGuard on your router is ideal because it gives you access to everything on your network, not just specific services. Need to check your security cameras? Print a document? Access a file share? It's all there, as if you were physically at home.
I prefer this approach over port forwarding or reverse proxies for one simple reason: attack surface. With no ports open to the internet, there's nothing for bots to scan. Your services are completely invisible unless someone has your WireGuard configuration file and private key. And even if they did, they'd still need to get past your network's firewall rules.
Setting it up isn't as hard as it sounds. Most modern routers support WireGuard natively now. If yours doesn't, consider flashing OpenWrt or using a separate device like a Raspberry Pi as your VPN gateway. The performance hit is minimal—I get nearly full gigabit speeds over my WireGuard connection.
Software Stack: What to Run on Your New NAS
Hardware is only half the equation. What you run on your Pi 5 NAS determines its actual usefulness. The beauty of this setup is its flexibility—you're not locked into any particular ecosystem.
For file sharing, I recommend Samba for Windows/Mac/Linux compatibility, plus NFS if you have Linux clients. For media, Jellyfin or Plex work beautifully. For backups, consider Borg or Restic—both do encrypted, deduplicated backups to various backends.
But here's my personal favorite addition: Docker. Running everything in containers keeps your base system clean and makes updates trivial. Need to try a new application? Spin up a container. Don't like it? Remove it. No leftover dependencies cluttering your system.
One application worth mentioning for automation: Apify. While not strictly a NAS tool, I've used it to automate data collection for my media server—scraping movie metadata, downloading subtitles, that sort of thing. Running it in a Docker container alongside your other services can save hours of manual work.
Common Pitfalls and How to Avoid Them
I've seen these setups fail enough times to know where the weak points are. First: power. Don't skimp. A good UPC Battery Backup protects against dirty power and gives you time for clean shutdowns during outages.
Second: cooling. The Pi 5 and those IronWolf drives generate heat. Without proper airflow, you'll throttle or crash. I use a small fan blowing across the whole setup—quiet, but effective.
Third: backups. RAID is not backup. It protects against drive failure, but not against accidental deletion, corruption, or ransomware. Have an offsite backup strategy. Backblaze B2 or Wasabi are affordable options.
Fourth: monitoring. Set up simple alerts for disk space, temperature, and drive health. A single email when a drive starts showing SMART errors can save your data.
Scaling Up: When to Consider More Powerful Hardware
The Raspberry Pi 5 setup we've discussed is perfect for most homes. But there are limits. If you're serving more than 4-5 simultaneous users, transcoding multiple 4K streams, or running resource-intensive applications, you might need more power.
When that day comes, consider moving to a mini PC with an Intel N100 or similar. The power consumption is still low, but you get proper x86 compatibility and more PCIe lanes. Or, if you're really growing, a used enterprise server from eBay can be surprisingly affordable.
But here's the thing: most people never need to scale that far. The Pi 5 with Radxa HAT handles 1-2 families' worth of data and media just fine. I've seen these setups run for years without issues. The key is knowing your actual needs, not theoretical maximums.
Your Next Steps
Building a home NAS doesn't need to be complicated or expensive. The setup described here—Raspberry Pi 5, Radxa Penta HAT, proper NAS drives, Cloudflare DNS for certificates, and WireGuard for access—represents what I consider the sweet spot for 2026. It's secure without being paranoid, capable without being overkill, and maintainable without requiring constant attention.
Start with what you have. Maybe that's just the Pi 5 and a single external drive. That's fine. The important part is beginning. Each upgrade—better storage, proper cooling, automated backups—makes the system more reliable and useful.
And if you get stuck? The self-hosting community is incredibly helpful. Places like r/selfhosted (where the original post came from) are full of people who've solved exactly the problems you're facing. Don't be afraid to ask questions. We all started somewhere.
Your data belongs at home, under your control. With the right setup, keeping it there is easier than ever. Now go build something.
