numbus/Numbus
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Big update. Data lost found back.

Browse Source
This commit is contained in:
Raphael Numbus
2025-11-14 19:48:16 +01:00
parent 300b0cbccb
commit 60e5dd2615
2 changed files with 202 additions and 275 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+47 -46
View File
@@ -1,65 +1,66 @@
# Numbus Server Configuration
# ☁️ Numbus Server: Your Personal Cloud, Simplified 🚀
## Project Overview
Welcome to the **Numbus Server** project! This repository provides a complete NixOS configuration to deploy a personal home server with a rich set of services in minutes. Our goal is to make self-hosting accessible to everyone, allowing you to take back control of your data with a solution that is easy to manage and highly reliable.
Welcome to the **numbus server** project ! This **repository** contains the numbus server **NixOS configuration**.
## ✨ Features
It uses the **Nix** package manager and the **NixOS** operating system to declaratively **manage** the **entire system** configuration.
- 🌐 **Free & Open-Source:** Built with transparency and community collaboration in mind.
- 🚀 **Easy Deployment:** Get your server up and running in minutes with a single command.
- 🛠️ **Set & Forget:** A highly reliable, low-maintenance solution.
- 🔒 **Secure by Design:** Strong security practices are at the core of our configuration.
- 📦 **Popular Services:** Access a wide range of popular, pre-configured services.
- ⚙️ **Declarative & Reproducible:** Thanks to NixOS, your system configuration is entirely declarative, ensuring reproducibility and easy maintenance.
The goal of this project is to be able to **deploy** a server with a **large set** of services **in minutes**.
## 🛠️ Key Technologies
This make **homelabbing** very **accessible** and **easy** and allows non-very-technical users to **take control over their data**.
- **NixOS:** A declarative Linux distribution that makes system management a breeze.
- **Nix Flakes:** For reproducible builds and dependency management.
- **Docker & Docker Compose:** To run containerized services with ease.
- **Traefik:** A modern reverse proxy for securely exposing services.
- **Sops-nix:** For secure and convenient management of secrets.
- **NixOS-anywhere:** For seamless initial deployment to any machine.
- **Disko:** For declarative and predictable disk partitioning.
#### Features
## 🚀 Getting Started
- Fully **free**, **libre** and **open-source** project.
- **Easy** to deploy.
- **Set** and **forget** solution.
- Highly **reliable**.
- **Secure**.
- Plenty of **popular** services **available**.
The entire deployment process is automated with the `deploy.sh` script. This script dynamically adapts the configuration to your hardware, network environment, and secrets.
#### Key Technologies
- **NixOS:** The declarative Linux distribution. For an easy management of Linux systems. Deploy, maintain, and update your system like a breeze.
- **Nix Flakes:** Used for reproducible builds and dependency management.
- **Docker & Docker Compose:** For running containerised services with the Traefik reverse proxy.
- **Sops-nix:** For managing secrets.
- **NixOS-anywhere:** For the first deployment of the NixOS configuration to a remote machine.
- **Disko:** For declarative disk partitioning.
**1. Clone the Repository:**
## Get started
```bash
git clone https://git.numbus.eu/raphael/numbus-server.git
cd numbus-server
```
The primary workflow for this project is centred around the **`deploy.sh`** script. This script automates the entire process of deploying the **`numbus-server`** configuration to a new machine.
**2. Run the Deployment Script:**
NixOS does the **heavy lifting** when it comes to system configuration but there are still **changes** that need to be made **dynamically** to adapt to your system : for example, your **hardware** configuration, **keys** and **secrets**, **network** environment, etc.
```bash
sudo bash deploy.sh
```
#### Deployment modes
**3. Follow the Prompts:**
The deployment process is handled by the **`deploy.sh`** script. This script can be run in three modes:
The script will guide you through the setup process, including choosing a deployment mode and providing the necessary information. Once completed, the script will:
1. **Interactive Mode:** The script will prompt for all necessary configuration values, such as the target host's IP address, the disk to install on, domain names, and API tokens.
2. **Non-interactive automated Mode:** The script can read configuration values from a file, allowing for non-interactive deployments.
3. **Update and maintain mode**: The script will update a remote system on which this NixOS configuration has already been deployed.
- Adapt the configuration to your machine.
- Generate SSH and `sops` keys.
- Encrypt secrets for secure storage.
- Generate configuration files for Docker services.
- Deploy the NixOS configuration using `nixos-anywhere`.
- Verify the deployment and guide you through the final setup of the web UIs.
#### To run the deployment:
## 🔧 Deployment Modes
1. Get the repository by cloning it:
The `deploy.sh` script offers three modes to suit your needs:
```bash
git clone https://git.numbus.eu/raphael/numbus-server.git
```
2. Run the deployment script:
```bash
sudo bash deploy.sh
```
3. Follow the on-screen prompts to choose the deployment mode and provide the required information.
1. **Interactive Mode:** The script will prompt you for all necessary configuration values, such as the target host's IP address, the disk to install on, domain names, and API tokens.
2. **Non-interactive Automated Mode:** The script can read configuration values from a file, allowing for unattended deployments.
3. **Update and Maintain Mode:** This mode allows you to update a remote system on which this NixOS configuration has already been deployed.
The script will then perform the following actions:
## 🤝 Contributing
- Adapt the configuration to the current machine.
- Generate SSH and `sops` keys.
- Gather secrets locally and encrypt them on the remote machine.
- Generate configuration files for Docker services.
- Use `nixos-anywhere` to deploy the NixOS configuration from the `flake.nix` file to the target machine.
- Check that the deployment succeeded by SSHing into the new installation.
- Guiding the user through the (pretty easy) setup of all the web UIs.
Contributions are welcome! If you have any ideas, suggestions, or bug reports, please open an issue or submit a pull request.
## 📄 License
This project is licensed under the AGPLv3. See the [LICENSE](LICENSE) file for details.
deploy.sh
+155 -229
View File
@@ -1,3 +1,10 @@
#@GEMINI.md @agents Take the NixOS expert role. I would like to make this installer universal, this means that the disko config has to adapt
#to the available disks in the system. Since covering every possible disk configuration would be impossible, I would like to cover a few of them
#that are relevant in the context of a home server. First I want every disk to be encrypted. Second, there always has to be a boot drive on which
#nixos, docker and config data (small data) is installed. This drive can be standalone (even though that is kind of pointless in production but this
#is more for testing purposes). Third, if present, other disks (2 or 3 never more) than the boot drive must be used in a redundant way for the
#big data (nextcloud user data, immich photos, ...). Fourth, if the data disks are SSDs or NVMes, they must use ZFS (mirror or raid1).
#!/bin/bash
set -euo pipefail
@@ -28,33 +35,73 @@ EOF
sleep 1
cleanup() {
echo -e "\n 🏗️ Cleaning up before exit..."
rm -rf /home/numbus-admin/.ssh/id_ed25519 /home/numbus-admin/.ssh/id_ed25519.pub
rm -rf /etc/nixos/*
rm -rf /var/lib/sops-nix/
echo -e "\n ✅ Cleanup done."
hardware_detection() {
echo -e "\n\n 🔎 Detecting graphics card on target host..."
VGA_INFO=$(ssh nixos@$TARGET_HOST 'lspci -nn | grep -i "vga"')
if echo "$VGA_INFO" | grep -iq "intel"; then
echo -e " ✅ Intel graphics card detected."
TARGET_GRAPHICS="true"
elif echo "$VGA_INFO" | grep -iq "amd"; then
echo -e " ✅ AMD graphics card detected."
TARGET_GRAPHICS="true"
elif echo "$VGA_INFO" | grep -iq "nvidia"; then
echo -e " ✅ NVIDIA graphics card detected."
TARGET_GRAPHICS="true"
else
echo -e " ️ No dedicated graphics card detected."
TARGET_GRAPHICS="false"
fi
echo -e "\n\n 🔎 Detecting transconding acceleration on target host..."
if ls /dev/dri/renderD128; then
echo -e " ✅ Transcoding capable card detected."
TARGET_GRAPHICS_RENDERER="true"
else
echo -e " ️ No transcoding capable card detected."
TARGET_GRAPHICS_RENDERER="false"
fi
echo -e "\n\n 🔎 Detecting USB Google Coral TPU on target host..."
if ssh nixos@$TARGET_HOST 'lsusb | grep -iq "google"'; then
echo -e " ✅ USB Google Coral TPU detected."
TARGET_USB_CORAL="true"
else
echo -e " ️ No USB Google Coral TPU detected."
TARGET_USB_CORAL="false"
fi
echo -e "\n\n 🔎 Detecting Zigbee coordinator on target host..."
if ssh nixos@$TARGET_HOST 'ls /dev/serial/by-id/ | grep -i "zigbee"'; then
echo -e " ✅ Zigbee device found in /dev/serial/by-id/."
TARGET_ZIGBEE_DEVICE=$(ssh nixos@$TARGET_HOST 'ls /dev/serial/by-id/ | grep -i "zigbee"')
TARGET_ZIGBEE_DEVICE_PATH="/dev/serial/by-id/$TARGET_ZIGBEE_DEVICE"
TARGET_ZIGBEE="true"
else
echo -e " ️ No Zigbee device found."
TARGET_ZIGBEE="false"
fi
}
files_generation() {
echo -e "\n\n ✅ Generating necessary folder tree..."
mkdir -p extra-files/home/numbus-admin/.ssh/
mkdir -p extra-files/var/lib/sops-nix/
mkdir -p extra-files/etc/nixos/secrets/
mkdir -p extra-files/mnt/config-storage/traefik/config/conf
mkdir -p extra-files/mnt/config-storage/hass/mqtt/config
mkdir -p extra-files/mnt/config-storage/hass/mqtt/data
mkdir -p extra-files/mnt/data-storage/nextcloud
mkdir -p extra-files/mnt/data-storage/immich
echo -e "\n\n ✅ Generating new SSH for numbus-admin..."
mkdir -p /home/numbus-admin/.ssh/
ssh-keygen -t ed25519 -C numbus-admin@numbus-server -f /home/numbus-admin/.ssh/id_ed25519 -N "" -q
ssh-keygen -t ed25519 -C numbus-admin@numbus-server -f extra-files/home/numbus-admin/.ssh/id_ed25519 -N "" -q
echo -e "\n\n ✅ Generating sops-nix keys..."
mkdir -p /var/lib/sops-nix/
age-keygen -o /var/lib/sops-nix/key.txt
SOPS_PUBLIC_KEY=$(age-keygen -y /var/lib/sops-nix/key.txt)
nix run nixpkgs#ssh-to-age -- -private-key -i extra-files/home/numbus-admin/.ssh/id_ed25519 > extra-files/var/lib/sops-nix/key.txt
SOPS_PUBLIC_KEY=$(nix shell nixpkgs#age -c age-keygen -y extra-files/var/lib/sops-nix/key.txt)
echo -e "\n\n ✅ Generating sops-nix configuration files..."
echo """# .sops.yaml
keys:
- &primary $SOPS_PUBLIC_KEY
creation_rules:
- path_regex: secrets/secrets.yaml$
key_groups:
- age:
- *primary""" > .sops.yaml
envsubst < config-files/sops-nix/.sops.yaml > extra-files/etc/nixos/.sops.yaml
echo -e "\n\n ✅ Generating secure random database passwords..."
HOME_ASSISTANT_MQTT_USER=$(openssl rand -base64 29 | tr -d "123456789=+/" | cut -c1-10)
@@ -62,50 +109,13 @@ files_generation() {
PASSBOLT_MYSQL_DATABASE=$(openssl rand -base64 29 | tr -d "123456789=+/" | cut -c1-10)
PASSBOLT_MYSQL_USER=$(openssl rand -base64 29 | tr -d "123456789=+/" | cut -c1-10)
PASSBOLT_MYSQL_PASSWORD=$(openssl rand -base64 29 | tr -d "=+/" | cut -c1-64)
FTLCONF_webserver_api_password=$(openssl rand -base64 29 | tr -d "=+/" | cut -c1-64)
FTLCONF_WEBSERVER_PASSWORD=$(openssl rand -base64 29 | tr -d "=+/" | cut -c1-64)
echo -e "\n\n ✅ Encrypting secrets in the correct file..."
mkdir -p secrets/
cd secrets/
echo """ssh-public-keys: $SSH_PUBLIC_KEY
docker:
nextcloud: |
DOMAIN_NAME=$DOMAIN_NAME
NEXTCLOUD_ENABLE_DRI_DEVICE=$TARGET_GRAPHICS
frigate: |
DOMAIN_NAME=$DOMAIN_NAME
FRIGATE_MQTT_USER=$HOME_ASSISTANT_MQTT_USER
FRIGATE_MQTT_PASSWORD=$HOME_ASSISTANT_MQTT_PASSWORD
traefik: |
DOMAIN_NAME=$DOMAIN_NAME
CF_DNS_API_TOKEN: $CF_DNS_API_TOKEN
hass: |
DOMAIN_NAME=$DOMAIN_NAME
HOME_ASSISTANT_MQTT_USER: $HOME_ASSISTANT_MQTT_USER
HOME_ASSISTANT_MQTT_PASSWORD: $HOME_ASSISTANT_MQTT_PASSWORD
passbolt: |
DOMAIN_NAME=$DOMAIN_NAME
TZ="Europe/Paris"
PASSBOLT_MYSQL_DATABASE: $PASSBOLT_MYSQL_DATABASE
PASSBOLT_MYSQL_USER: $PASSBOLT_MYSQL_USER
PASSBOLT_MYSQL_PASSWORD: $PASSBOLT_MYSQL_PASSWORD
SENDER_EMAIL_ADDRESS: $SENDER_EMAIL_ADDRESS
SENDER_EMAIL_ADDRESS_PASSWORD: $SENDER_EMAIL_ADDRESS_PASSWORD
SENDER_EMAIL_DOMAIN: $SENDER_EMAIL_DOMAIN
SENDER_EMAIL_PORT: $SENDER_EMAIL_PORT
EMAIL_ADDRESS: $EMAIL_ADDRESS
pihole: |
DOMAIN_NAME=$DOMAIN_NAME
TZ="Europe/Paris"
HOME_ROUTER_SUBNET=$HOME_ROUTER_SUBNET
HOME_ROUTER_IP=$HOME_ROUTER_IP
HOME_SERVER_IP=$HOME_SERVER_IP
FTLCONF_webserver_api_password: $FTLCONF_webserver_api_password""" | sops encrypt --filename-override secrets.yaml \
envsubst < "config-files/sops-nix/secrets.yaml" | sops encrypt --filename-override secrets.yaml \
--input-type yaml --output-type yaml \
--age $SOPS_PUBLIC_KEY \
--output secrets.yaml
cd ../
--output extra-files/etc/nixos/secrets/secrets.yaml
echo -e "\n\n ✅ Writing correct disk to disk-config.nix..."
sed -i s+TARGET_DISK+$TARGET_DISK+g disk-config.nix
@@ -114,165 +124,79 @@ docker:
sed -i s+HOME_SERVER_IP+$HOME_SERVER_IP+g configuration.nix
sed -i s+HOME_ROUTER_IP+$HOME_ROUTER_IP+g configuration.nix
echo -e "\n\n ✅ Adapting the docker configuration to your hardware..."
if [[ "$TARGET_GRAPHICS" == "true" && "$TARGET_USB_CORAL" == "true" ]]; then
sed -i.bak '
/^[[:space:]]*# ----------------------------------------- #/{
N;
/DEVICES SECTION WILL APPEAR HERE IF CORAL/{
N;
/TPU OR INTEGRATED GRAPHICS ARE PRESENT/{
N;
/----------------------------------------- #/c\
devices:\
- /dev/dri:/dev/dri\
- /dev/bus/usb:/dev/bus/usb
}
}
}' docker/frigate.nix
elif [[ "$TARGET_GRAPHICS" == "true" && "$TARGET_USB_CORAL" == "false" ]]; then
sed -i.bak '
/^[[:space:]]*# ----------------------------------------- #/{
N;
/DEVICES SECTION WILL APPEAR HERE IF CORAL/{
N;
/TPU OR INTEGRATED GRAPHICS ARE PRESENT/{
N;
/----------------------------------------- #/c\
devices:\
- /dev/dri:/dev/dri\
}
}
}' docker/frigate.nix
elif [[ "$TARGET_GRAPHICS" == "false" && "$TARGET_USB_CORAL" == "true" ]]; then
sed -i.bak '
/^[[:space:]]*# ----------------------------------------- #/{
N;
/DEVICES SECTION WILL APPEAR HERE IF CORAL/{
N;
/TPU OR INTEGRATED GRAPHICS ARE PRESENT/{
N;
/----------------------------------------- #/c\
devices:\
- /dev/bus/usb:/dev/bus/usb
}
}
}' docker/frigate.nix
fi
if [[ "$TARGET_ZIGBEE" == "true" ]]; then
sed -i.bak "
/^[[:space:]]*# ----------------------------------- #/{
N;
/DEVICES SECTION WILL APPEAR HERE IF/{
N;
/ZIGBEE USB DEVICE IS PRESENT/{
N;
/----------------------------------- #/c\
devices:\
- ${TARGET_ZIGBEE_DEVICE_PATH}:/dev/ttyUSB0
}
}
}" docker/hass.nix
fi
echo -e "\n\n ✅ Copying files to the new installation..."
mkdir -p extra-files/etc/nixos/
mkdir -p extra-files/home/numbus-admin/.ssh/
mkdir -p extra-files/var/lib/sops-nix/
mkdir -p extra-files/mnt/config-storage/docker-data/traefik/config/conf
mkdir -p extra-files/mnt/data-storage/docker-data/nextcloud
mkdir -p extra-files/mnt/data-storage/docker-data/immich
mkdir -p extra-files/mnt/config-storage/docker-data/hass/mqtt/config
mkdir -p extra-files/mnt/config-storage/docker-data/hass/mqtt/data
cp -ravu secrets/ docker/ .sops.yaml configuration.nix disk-config.nix flake.nix hardware-configuration.nix extra-files/etc/nixos/
cp -ravu /home/numbus-admin/.ssh/ extra-files/home/numbus-admin/
cp -ravu /var/lib/sops-nix/key.txt extra-files/var/lib/sops-nix/
cp -ravu secrets/ .sops.yaml hardware-configuration.nix extra-files/etc/nixos/
echo -e "\n\n ✅ Writing docker configuration files..."
cat <<EOF > extra-files/mnt/config-storage/docker-data/traefik/config/traefik.yaml
global:
checkNewVersion: false
sendAnonymousUsage: false
# - level: [TRACE, DEBUG, INFO, WARN, ERROR, FATAL]
log:
level: ERROR
accesslog: {}
api:
dashboard: true
insecure: true
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: :443
forwardedHeaders:
trustedIPs:
# Local IPs
- "127.0.0.1/32"
- "10.0.0.0/8"
- "192.168.0.0/16"
- "172.16.0.0/12"
certificatesResolvers:
cloudflare:
acme:
email: ${EMAIL_ADDRESS}
storage: /var/traefik/certs/cloudflare-acme.json
caServer: "https://acme-v02.api.letsencrypt.org/directory"
dnsChallenge:
provider: cloudflare
resolvers:
- "1.1.1.1:53"
- "9.9.9.9:53"
serversTransport:
insecureSkipVerify: true
providers:
docker:
exposedByDefault: false
network: traefik_frigate, traefik_hass, traefik_nextcloud, traefik_passbolt, traefik_pihole
file:
directory: "/etc/traefik/conf/"
watch: true
EOF
cat <<EOF > extra-files/mnt/config-storage/docker-data/traefik/config/conf/nextcloud.yaml
http:
routers:
nextcloud:
rule: "Host(\`nextcloud.${DOMAIN_NAME}\`)"
entrypoints:
- "websecure"
service: nextcloud
middlewares:
- nextcloud-chain
tls:
certresolver: "cloudflare"
services:
nextcloud:
loadBalancer:
servers:
- url: "http://nextcloud-aio-apache:11000"
middlewares:
nextcloud-secure-headers:
headers:
hostsProxyHeaders:
- "X-Forwarded-Host"
referrerPolicy: "same-origin"
BrowserXssFilter: true
ContentTypeNosniff: true
ForceSTSHeader: true
STSIncludeSubdomains: true
STSPreload: true
STSSeconds: 315360000
https-redirect:
redirectscheme:
scheme: https
nextcloud-chain:
chain:
middlewares:
- https-redirect
- nextcloud-secure-headers
EOF
cat <<'EOF' > extra-files/mnt/config-storage/docker-data/traefik/config/conf/headers.yaml
http:
middlewares:
passbolt:
headers:
FrameDeny: true
AccessControlAllowMethods: 'GET,OPTIONS,PUT'
AccessControlAllowOriginList:
- origin-list-or-null
AccessControlMaxAge: 100
AddVaryHeader: true
BrowserXssFilter: true
ContentTypeNosniff: true
ForceSTSHeader: true
STSIncludeSubdomains: true
STSPreload: true
ContentSecurityPolicy: default-src 'self' 'unsafe-inline'
CustomFrameOptionsValue: SAMEORIGIN
ReferrerPolicy: same-origin
PermissionsPolicy: vibrate 'self'
STSSeconds: 315360000
EOF
cat <<'EOF' > extra-files/mnt/config-storage/docker-data/traefik/config/conf/tls.yaml
tls:
options:
default:
minVersion: VersionTLS12
sniStrict: true
curvePreferences:
- CurveP521
- CurveP384
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
EOF
cat <<EOF > extra-files/mnt/config-storage/docker-data/hass/mqtt/config/mosquitto.conf
persistence true
persistence_location /mosquitto/data/
log_dest file /mosquitto/log/mosquitto.log
listener 1883
## Authentication ##
allow_anonymous false
password_file /mosquitto/config/password.txt
EOF
touch extra-files/mnt/config-storage/docker-data/hass/mqtt/config/password.txt
chmod 0700 extra-files/mnt/config-storage/docker-data/hass/mqtt/config/password.txt
nix shell nixpkgs#mosquitto -c mosquitto_passwd -b extra-files/mnt/config-storage/docker-data/hass/mqtt/config/password.txt $HOME_ASSISTANT_MQTT_USER $HOME_ASSISTANT_MQTT_PASSWORD
envsubst < config-files/traefik/headers.yaml > extra-files/mnt/config-storage/traefik/config/conf/headers.yaml
envsubst < config-files/traefik/nextcloud.yaml > extra-files/mnt/config-storage/traefik/config/conf/nextcloud.yaml
envsubst < config-files/traefik/tls.yaml > extra-files/mnt/config-storage/traefik/config/conf/tls.yaml
envsubst < config-files/traefik/traefik.yaml > extra-files/mnt/config-storage/traefik/config/traefik.yaml
envsubst < config-files/hass/mosquitto.conf > extra-files/mnt/config-storage/hass/mqtt/config/mosquitto.conf
touch extra-files/mnt/config-storage/hass/mqtt/config/password.txt
chmod 0700 extra-files/mnt/config-storage/hass/mqtt/config/password.txt
nix shell nixpkgs#mosquitto -c mosquitto_passwd -b extra-files/mnt/config-storage/hass/mqtt/config/password.txt $HOME_ASSISTANT_MQTT_USER $HOME_ASSISTANT_MQTT_PASSWORD
}
deploy() {
@@ -282,7 +206,7 @@ deploy() {
--flake .#numbus-server \
--extra-files "extra-files/" \
--chown "/home/numbus-admin/" 1000:1000 \
--target-host $TARGET_USER@$TARGET_HOST
--target-host nixos@$TARGET_HOST
echo -e "\n\n ✅ Installation successfull !!"
sleep 1
@@ -295,7 +219,7 @@ nixos_deployment() {
if [[ "$SETUP_ANSWER" == "done" ]]; then
:
else
echo "Aborting you did not type 'done'."
echo "Aborting - you did not type 'done'."
exit 1
fi
@@ -304,8 +228,6 @@ nixos_deployment() {
read -r TARGET_HOST
echo -e "\n\n ➡️ Please provide the disk you want to install NixOS on (i.e. /dev/vda, /dev/sda, /dev/nvme0n1...) :"
read -r TARGET_DISK
echo -e "\n\n ➡️ Does the target server has graphics ? (integrated or discrete) :"
read -r TARGET_GRAPHICS
echo -e "\n\n ➡️ Please provide the public SSH key of an authorized device :"
read -r SSH_PUBLIC_KEY
@@ -336,6 +258,11 @@ nixos_deployment() {
echo -e "\n\n ➡️ Please choose the ip address that your server will use (i.e. any address in the 192.168.1.1/24\n range that is not in use. 192.168.1.5 for example.) :"
read -r HOME_SERVER_IP
echo -e "\n\n ➡️ Please provide enter the password of the remote target."
ssh-copy-id nixos@$TARGET_HOST
hardware_detection
files_generation
deploy
@@ -348,12 +275,12 @@ nixos_deployment_with_config() {
if [[ "$SETUP_ANSWER" == "done" ]]; then
:
else
echo "Aborting you did not type 'done'."
echo "Aborting - you did not type 'done'."
exit 1
fi
echo -e "\n\n ➡️ Please provide the path to a config file :"
read -rp "Enter the full path to the config file: " CONFIG_PATH
read -erp CONFIG_PATH
CONFIG_PATH=$(realpath -m "$CONFIG_PATH")
if [[ ! -f "$CONFIG_PATH" ]]; then
echo "Error: '$CONFIG_PATH' does not exist or is not a regular file."
@@ -373,10 +300,10 @@ nixos_deployment_with_config() {
MISSING=0
for VAR in "${REQUIRED_VARS[@]}"; do
if [[ -v $VAR && -n ${!VAR} ]]; then
echo -e "\n\n$VAR imported successfully from the config file"
echo -e "\n ✅ $VAR imported successfully from the config file"
sleep 0.1
else
echo "\n\n$VAR is missing or empty"
echo "\n ❌ $VAR is missing or empty"
sleep 0.1
MISSING=1
fi
@@ -391,7 +318,9 @@ nixos_deployment_with_config() {
deploy
}
trap cleanup EXIT
nixos_update() {
}
echo -e "\n\n Please choose an action (i.e. 1, 2 or 3) :\n"
echo -e " - [1] 🌐 Deploy NixOS on a remote machine"
@@ -401,17 +330,14 @@ read -r ACTION_ANSWER
if [[ "$ACTION_ANSWER" == "1" ]]; then
echo -e "\n ➡️ Proceeding with deployment…"
TARGET_USER="nixos"
nixos_deployment
elif [[ "$ACTION_ANSWER" == "2" ]]; then
echo -e "\n ➡️ Proceeding with deployment using a config file…"
TARGET_USER="nixos"
nixos_deployment_with_config
elif [[ "$ACTION_ANSWER" == "3" ]]; then
echo -e "\n ➡️ Proceeding with update…"
TARGET_USER="numbus-admin"
nixos_deployment_with_config
nixos_update
else
echo "Aborting you did not type '1, 2 or 3'."
echo "Aborting - you did not type '1, 2 or 3'."
exit 1
fi