From 5b59fa103920ae7e6b1ec9187b28d6c1479efeab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Numbus?= Date: Sun, 18 Jan 2026 19:19:27 +0100 Subject: [PATCH] Static network IP subnet assignments --- deploy.sh | 76 +++++++++++++++++++++++++++++++++++++------------------ 1 file changed, 52 insertions(+), 24 deletions(-) diff --git a/deploy.sh b/deploy.sh index ef52ff2..b9c5645 100644 --- a/deploy.sh +++ b/deploy.sh @@ -390,30 +390,9 @@ services_generation() { cp -avu templates/nix-config/configuration.nix final-nix-config/etc/nixos/configuration.nix envsubst < templates/podman-config/traefik/traefik.yaml > final-nix-config/mnt/config/traefik/traefik.yaml - local j=0 + for service in "${SELECTED_SERVICES[@]}"; do - if [[ "${service}" != "virtualization" ]]; then - if [[ "${service}" == "nextcloud" ]]; then - j=$((j + 1)) - cp templates/nix-config/podman/${service}.nix final-nix-config/etc/nixos/podman/${service}.nix - PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"nextcloud-aio\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.${j}0.0/24\" --ip-range=\"172.16.${j}0.0/24\" --gateway=\"172.16.${j}0.254\" \"nextcloud-aio\""$'\n' - TRAEFIK_NETWORKS+=" nextcloud-aio:"$'\n' - TRAEFIK_NETWORKS+=" ipv4_address: 172.16.${j}0.253"$'\n' - TRAEFIK_REF_NETWORKS+=" nextcloud-aio:"$'\n' - TRAEFIK_REF_NETWORKS+=" external: true"$'\n' - elif [[ "${service}" == "frigate" ]]; then - cp templates/nix-config/podman/${service}.nix final-nix-config/etc/nixos/podman/${service}.nix - else - j=$((j + 1)) - cp templates/nix-config/podman/${service}.nix final-nix-config/etc/nixos/podman/${service}.nix - PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"${service}_backend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.${j}.0/24\" --ip-range=\"172.16.${j}.0/24\" --gateway=\"172.16.${j}.254\" \"${service}_backend\""$'\n' - PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"${service}_frontend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.${j}0.0/24\" --ip-range=\"172.16.${j}0.0/24\" --gateway=\"172.16.${j}0.254\" \"${service}_frontend\""$'\n' - TRAEFIK_NETWORKS+=" ${service}_frontend:"$'\n' - TRAEFIK_NETWORKS+=" ipv4_address: 172.16.${j}0.253"$'\n' - TRAEFIK_REF_NETWORKS+=" ${service}_frontend:"$'\n' - TRAEFIK_REF_NETWORKS+=" external: true"$'\n' - fi - fi + if [[ "${service}" == "frigate" ]]; then local FRIGATE_DEVICES_BLOCK="" [[ "${TARGET_GRAPHICS_RENDERER}" == "true" ]] && FRIGATE_DEVICES_BLOCK+=" - /dev/dri:/dev/dri\n" @@ -427,8 +406,16 @@ services_generation() { local REPLACEMENT="devices:\n${FRIGATE_DEVICES_BLOCK%\\n}" sed -i "s|# --- frigate devices --- #|$REPLACEMENT|" final-nix-config/etc/nixos/podman/frigate.nix fi + elif [[ "${service}" == "gitea" ]]; then generate_db_creds "GITEA" + PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"gitea_frontend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.10.0/24\" --ip-range=\"172.16.10.0/24\" --gateway=\"172.16.10.254\" \"gitea_frontend\""$'\n' + PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"gitea_backend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.1.0/24\" --ip-range=\"172.16.1.0/24\" --gateway=\"172.16.1.254\" \"gitea_backend\""$'\n' + TRAEFIK_NETWORKS+=" gitea_frontend:"$'\n' + TRAEFIK_NETWORKS+=" ipv4_address: 172.16.10.253"$'\n' + TRAEFIK_REF_NETWORKS+=" gitea_frontend:"$'\n' + TRAEFIK_REF_NETWORKS+=" external: true"$'\n' + elif [[ "${service}" == "home-assistant" ]]; then if [[ -n "${TARGET_ZIGBEE_DEVICE}" ]]; then local REPLACEMENT="devices:\n - /dev/serial/by-id/${TARGET_ZIGBEE_DEVICE}:/dev/ttyUSB0" @@ -441,6 +428,13 @@ services_generation() { touch final-nix-config/mnt/config/mqtt/password.txt chmod 0700 final-nix-config/mnt/config/mqtt/password.txt mosquitto_passwd -b final-nix-config/mnt/config/mqtt/password.txt "$HOME_ASSISTANT_MQTT_USER" "$HOME_ASSISTANT_MQTT_PASSWORD" + PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"home-assistant_frontend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.20.0/24\" --ip-range=\"172.16.20.0/24\" --gateway=\"172.16.20.254\" \"home-assistant_frontend\""$'\n' + PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"home-assistant_backend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.2.0/24\" --ip-range=\"172.16.2.0/24\" --gateway=\"172.16.2.254\" \"home-assistant_backend\""$'\n' + TRAEFIK_NETWORKS+=" home-assistant_frontend:"$'\n' + TRAEFIK_NETWORKS+=" ipv4_address: 172.16.20.253"$'\n' + TRAEFIK_REF_NETWORKS+=" home-assistant_frontend:"$'\n' + TRAEFIK_REF_NETWORKS+=" external: true"$'\n' + elif [[ "${service}" == "immich" ]]; then local IMMICH_DEVICES_BLOCK="" if [[ "$TARGET_GRAPHICS_RENDERER" == "true" ]]; then @@ -451,19 +445,53 @@ services_generation() { sed -i "s|# --- immich devices --- #|$REPLACEMENT|" final-nix-config/etc/nixos/podman/immich.nix fi generate_db_creds "IMMICH" -# elif [[ "${service}" == "it-tools" ]]; then + PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"immich_frontend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.30.0/24\" --ip-range=\"172.16.30.0/24\" --gateway=\"172.16.30.254\" \"immich_frontend\""$'\n' + PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"immich_backend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.3.0/24\" --ip-range=\"172.16.3.0/24\" --gateway=\"172.16.3.254\" \"immich_backend\""$'\n' + TRAEFIK_NETWORKS+=" immich_frontend:"$'\n' + TRAEFIK_NETWORKS+=" ipv4_address: 172.16.30.253"$'\n' + TRAEFIK_REF_NETWORKS+=" immich_frontend:"$'\n' + TRAEFIK_REF_NETWORKS+=" external: true"$'\n' + + elif [[ "${service}" == "it-tools" ]]; then + PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"it-tools_frontend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.40.0/24\" --ip-range=\"172.16.40.0/24\" --gateway=\"172.16.40.254\" \"it-tools_frontend\""$'\n' + TRAEFIK_NETWORKS+=" it-tools_frontend:"$'\n' + TRAEFIK_NETWORKS+=" ipv4_address: 172.16.40.253"$'\n' + TRAEFIK_REF_NETWORKS+=" it-tools_frontend:"$'\n' + TRAEFIK_REF_NETWORKS+=" external: true"$'\n' + elif [[ "${service}" == "nextcloud" ]]; then envsubst < templates/podman-config/traefik/nextcloud.yaml > final-nix-config/mnt/config/traefik/rules/nextcloud.yaml + PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"nextcloud-aio\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.50.0/24\" --ip-range=\"172.16.50.0/24\" --gateway=\"172.16.50.254\" \"nextcloud-aio\""$'\n' + TRAEFIK_NETWORKS+=" nextcloud-aio:"$'\n' + TRAEFIK_NETWORKS+=" ipv4_address: 172.16.50.253"$'\n' + TRAEFIK_REF_NETWORKS+=" nextcloud-aio:"$'\n' + TRAEFIK_REF_NETWORKS+=" external: true"$'\n' + elif [[ "${service}" == "passbolt" ]]; then generate_db_creds "PASSBOLT" envsubst < templates/podman-config/traefik/headers.yaml > final-nix-config/mnt/config/traefik/rules/headers.yaml envsubst < templates/podman-config/traefik/tls.yaml > final-nix-config/mnt/config/traefik/rules/tls.yaml + PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"passbolt_frontend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.60.0/24\" --ip-range=\"172.16.60.0/24\" --gateway=\"172.16.60.254\" \"passbolt_frontend\""$'\n' + PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"passbolt_backend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.6.0/24\" --ip-range=\"172.16.6.0/24\" --gateway=\"172.16.6.254\" \"passbolt_backend\""$'\n' + TRAEFIK_NETWORKS+=" passbolt_frontend:"$'\n' + TRAEFIK_NETWORKS+=" ipv4_address: 172.16.60.253"$'\n' + TRAEFIK_REF_NETWORKS+=" passbolt_frontend:"$'\n' + TRAEFIK_REF_NETWORKS+=" external: true"$'\n' + elif [[ "${service}" == "pi-hole" ]]; then export FTLCONF_WEBSERVER_PASSWORD="$(xkcdpass -d "-")" + PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"pi-hole_frontend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.70.0/24\" --ip-range=\"172.16.70.0/24\" --gateway=\"172.16.70.254\" \"pi-hole_frontend\""$'\n' + PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"pi-hole_backend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.7.0/24\" --ip-range=\"172.16.7.0/24\" --gateway=\"172.16.7.254\" \"pi-hole_backend\""$'\n' + TRAEFIK_NETWORKS+=" pi-hole_frontend:"$'\n' + TRAEFIK_NETWORKS+=" ipv4_address: 172.16.70.253"$'\n' + TRAEFIK_REF_NETWORKS+=" pi-hole_backend:"$'\n' + TRAEFIK_REF_NETWORKS+=" external: true"$'\n' + elif [[ "${service}" == "virtualization" ]]; then sed -i "s|# virtualisation.libvirtd.enable = true;| virtualisation.libvirtd.enable = true;|" final-nix-config/etc/nixos/configuration.nix sed -i "s|# programs.virt-manager.enable = true;| programs.virt-manager.enable = true;|" final-nix-config/etc/nixos/configuration.nix sed -i 's|extraGroups = \[ "wheel" \];|extraGroups = [ "wheel" "libvirtd" ];|' final-nix-config/etc/nixos/configuration.nix + fi done