From 60e5dd2615e1bd51529c4985778fdf5267b40a2e Mon Sep 17 00:00:00 2001 From: Raphael Numbus Date: Fri, 14 Nov 2025 19:48:16 +0100 Subject: [PATCH] Big update. Data lost found back. --- README.md | 93 ++++++------- deploy.sh | 384 ++++++++++++++++++++++-------------------------------- 2 files changed, 202 insertions(+), 275 deletions(-) diff --git a/README.md b/README.md index 6408506..3998f67 100644 --- a/README.md +++ b/README.md @@ -1,65 +1,66 @@ -# Numbus Server Configuration +# ☁️ Numbus Server: Your Personal Cloud, Simplified πŸš€ -## Project Overview +Welcome to the **Numbus Server** project! This repository provides a complete NixOS configuration to deploy a personal home server with a rich set of services in minutes. Our goal is to make self-hosting accessible to everyone, allowing you to take back control of your data with a solution that is easy to manage and highly reliable. -Welcome to the **numbus server** project ! This **repository** contains the numbus server **NixOS configuration**. +## ✨ Features -It uses the **Nix** package manager and the **NixOS** operating system to declaratively **manage** the **entire system** configuration. +- 🌐 **Free & Open-Source:** Built with transparency and community collaboration in mind. +- πŸš€ **Easy Deployment:** Get your server up and running in minutes with a single command. +- πŸ› οΈ **Set & Forget:** A highly reliable, low-maintenance solution. +- πŸ”’ **Secure by Design:** Strong security practices are at the core of our configuration. +- πŸ“¦ **Popular Services:** Access a wide range of popular, pre-configured services. +- βš™οΈ **Declarative & Reproducible:** Thanks to NixOS, your system configuration is entirely declarative, ensuring reproducibility and easy maintenance. -The goal of this project is to be able to **deploy** a server with a **large set** of services **in minutes**. +## πŸ› οΈ Key Technologies -This make **homelabbing** very **accessible** and **easy** and allows non-very-technical users to **take control over their data**. +- **NixOS:** A declarative Linux distribution that makes system management a breeze. +- **Nix Flakes:** For reproducible builds and dependency management. +- **Docker & Docker Compose:** To run containerized services with ease. +- **Traefik:** A modern reverse proxy for securely exposing services. +- **Sops-nix:** For secure and convenient management of secrets. +- **NixOS-anywhere:** For seamless initial deployment to any machine. +- **Disko:** For declarative and predictable disk partitioning. -#### Features +## πŸš€ Getting Started -- Fully **free**, **libre** and **open-source** project. -- **Easy** to deploy. -- **Set** and **forget** solution. -- Highly **reliable**. -- **Secure**. -- Plenty of **popular** services **available**. +The entire deployment process is automated with the `deploy.sh` script. This script dynamically adapts the configuration to your hardware, network environment, and secrets. -#### Key Technologies -- **NixOS:** The declarative Linux distribution. For an easy management of Linux systems. Deploy, maintain, and update your system like a breeze. -- **Nix Flakes:** Used for reproducible builds and dependency management. -- **Docker & Docker Compose:** For running containerised services with the Traefik reverse proxy. -- **Sops-nix:** For managing secrets. -- **NixOS-anywhere:** For the first deployment of the NixOS configuration to a remote machine. -- **Disko:** For declarative disk partitioning. +**1. Clone the Repository:** -## Get started +```bash +git clone https://git.numbus.eu/raphael/numbus-server.git +cd numbus-server +``` -The primary workflow for this project is centred around the **`deploy.sh`** script. This script automates the entire process of deploying the **`numbus-server`** configuration to a new machine. +**2. Run the Deployment Script:** -NixOS does the **heavy lifting** when it comes to system configuration but there are still **changes** that need to be made **dynamically** to adapt to your system : for example, your **hardware** configuration, **keys** and **secrets**, **network** environment, etc. +```bash +sudo bash deploy.sh +``` -#### Deployment modes +**3. Follow the Prompts:** -The deployment process is handled by the **`deploy.sh`** script. This script can be run in three modes: +The script will guide you through the setup process, including choosing a deployment mode and providing the necessary information. Once completed, the script will: -1. **Interactive Mode:** The script will prompt for all necessary configuration values, such as the target host's IP address, the disk to install on, domain names, and API tokens. -2. **Non-interactive automated Mode:** The script can read configuration values from a file, allowing for non-interactive deployments. -3. **Update and maintain mode**: The script will update a remote system on which this NixOS configuration has already been deployed. +- Adapt the configuration to your machine. +- Generate SSH and `sops` keys. +- Encrypt secrets for secure storage. +- Generate configuration files for Docker services. +- Deploy the NixOS configuration using `nixos-anywhere`. +- Verify the deployment and guide you through the final setup of the web UIs. -#### To run the deployment: +## πŸ”§ Deployment Modes -1. Get the repository by cloning it: +The `deploy.sh` script offers three modes to suit your needs: - ```bash - git clone https://git.numbus.eu/raphael/numbus-server.git - ``` -2. Run the deployment script: - ```bash - sudo bash deploy.sh - ``` -3. Follow the on-screen prompts to choose the deployment mode and provide the required information. +1. **Interactive Mode:** The script will prompt you for all necessary configuration values, such as the target host's IP address, the disk to install on, domain names, and API tokens. +2. **Non-interactive Automated Mode:** The script can read configuration values from a file, allowing for unattended deployments. +3. **Update and Maintain Mode:** This mode allows you to update a remote system on which this NixOS configuration has already been deployed. -The script will then perform the following actions: +## 🀝 Contributing -- Adapt the configuration to the current machine. -- Generate SSH and `sops` keys. -- Gather secrets locally and encrypt them on the remote machine. -- Generate configuration files for Docker services. -- Use `nixos-anywhere` to deploy the NixOS configuration from the `flake.nix` file to the target machine. -- Check that the deployment succeeded by SSHing into the new installation. -- Guiding the user through the (pretty easy) setup of all the web UIs. \ No newline at end of file +Contributions are welcome! If you have any ideas, suggestions, or bug reports, please open an issue or submit a pull request. + +## πŸ“„ License + +This project is licensed under the AGPLv3. See the [LICENSE](LICENSE) file for details. \ No newline at end of file diff --git a/deploy.sh b/deploy.sh index 3b4e432..3d582fd 100644 --- a/deploy.sh +++ b/deploy.sh @@ -1,3 +1,10 @@ +#@GEMINI.md @agents Take the NixOS expert role. I would like to make this installer universal, this means that the disko config has to adapt +#to the available disks in the system. Since covering every possible disk configuration would be impossible, I would like to cover a few of them +#that are relevant in the context of a home server. First I want every disk to be encrypted. Second, there always has to be a boot drive on which +#nixos, docker and config data (small data) is installed. This drive can be standalone (even though that is kind of pointless in production but this +#is more for testing purposes). Third, if present, other disks (2 or 3 never more) than the boot drive must be used in a redundant way for the +#big data (nextcloud user data, immich photos, ...). Fourth, if the data disks are SSDs or NVMes, they must use ZFS (mirror or raid1). + #!/bin/bash set -euo pipefail @@ -28,33 +35,73 @@ EOF sleep 1 -cleanup() { - echo -e "\n πŸ—οΈ Cleaning up before exit..." - rm -rf /home/numbus-admin/.ssh/id_ed25519 /home/numbus-admin/.ssh/id_ed25519.pub - rm -rf /etc/nixos/* - rm -rf /var/lib/sops-nix/ - echo -e "\n βœ… Cleanup done." +hardware_detection() { + echo -e "\n\n πŸ”Ž Detecting graphics card on target host..." + VGA_INFO=$(ssh nixos@$TARGET_HOST 'lspci -nn | grep -i "vga"') + if echo "$VGA_INFO" | grep -iq "intel"; then + echo -e " βœ… Intel graphics card detected." + TARGET_GRAPHICS="true" + elif echo "$VGA_INFO" | grep -iq "amd"; then + echo -e " βœ… AMD graphics card detected." + TARGET_GRAPHICS="true" + elif echo "$VGA_INFO" | grep -iq "nvidia"; then + echo -e " βœ… NVIDIA graphics card detected." + TARGET_GRAPHICS="true" + else + echo -e " ℹ️ No dedicated graphics card detected." + TARGET_GRAPHICS="false" + fi + + echo -e "\n\n πŸ”Ž Detecting transconding acceleration on target host..." + if ls /dev/dri/renderD128; then + echo -e " βœ… Transcoding capable card detected." + TARGET_GRAPHICS_RENDERER="true" + else + echo -e " ℹ️ No transcoding capable card detected." + TARGET_GRAPHICS_RENDERER="false" + fi + + echo -e "\n\n πŸ”Ž Detecting USB Google Coral TPU on target host..." + if ssh nixos@$TARGET_HOST 'lsusb | grep -iq "google"'; then + echo -e " βœ… USB Google Coral TPU detected." + TARGET_USB_CORAL="true" + else + echo -e " ℹ️ No USB Google Coral TPU detected." + TARGET_USB_CORAL="false" + fi + + echo -e "\n\n πŸ”Ž Detecting Zigbee coordinator on target host..." + if ssh nixos@$TARGET_HOST 'ls /dev/serial/by-id/ | grep -i "zigbee"'; then + echo -e " βœ… Zigbee device found in /dev/serial/by-id/." + TARGET_ZIGBEE_DEVICE=$(ssh nixos@$TARGET_HOST 'ls /dev/serial/by-id/ | grep -i "zigbee"') + TARGET_ZIGBEE_DEVICE_PATH="/dev/serial/by-id/$TARGET_ZIGBEE_DEVICE" + TARGET_ZIGBEE="true" + else + echo -e " ℹ️ No Zigbee device found." + TARGET_ZIGBEE="false" + fi } files_generation() { + echo -e "\n\n βœ… Generating necessary folder tree..." + mkdir -p extra-files/home/numbus-admin/.ssh/ + mkdir -p extra-files/var/lib/sops-nix/ + mkdir -p extra-files/etc/nixos/secrets/ + mkdir -p extra-files/mnt/config-storage/traefik/config/conf + mkdir -p extra-files/mnt/config-storage/hass/mqtt/config + mkdir -p extra-files/mnt/config-storage/hass/mqtt/data + mkdir -p extra-files/mnt/data-storage/nextcloud + mkdir -p extra-files/mnt/data-storage/immich + echo -e "\n\n βœ… Generating new SSH for numbus-admin..." - mkdir -p /home/numbus-admin/.ssh/ - ssh-keygen -t ed25519 -C numbus-admin@numbus-server -f /home/numbus-admin/.ssh/id_ed25519 -N "" -q + ssh-keygen -t ed25519 -C numbus-admin@numbus-server -f extra-files/home/numbus-admin/.ssh/id_ed25519 -N "" -q echo -e "\n\n βœ… Generating sops-nix keys..." - mkdir -p /var/lib/sops-nix/ - age-keygen -o /var/lib/sops-nix/key.txt - SOPS_PUBLIC_KEY=$(age-keygen -y /var/lib/sops-nix/key.txt) + nix run nixpkgs#ssh-to-age -- -private-key -i extra-files/home/numbus-admin/.ssh/id_ed25519 > extra-files/var/lib/sops-nix/key.txt + SOPS_PUBLIC_KEY=$(nix shell nixpkgs#age -c age-keygen -y extra-files/var/lib/sops-nix/key.txt) echo -e "\n\n βœ… Generating sops-nix configuration files..." - echo """# .sops.yaml - keys: - - &primary $SOPS_PUBLIC_KEY - creation_rules: - - path_regex: secrets/secrets.yaml$ - key_groups: - - age: - - *primary""" > .sops.yaml + envsubst < config-files/sops-nix/.sops.yaml > extra-files/etc/nixos/.sops.yaml echo -e "\n\n βœ… Generating secure random database passwords..." HOME_ASSISTANT_MQTT_USER=$(openssl rand -base64 29 | tr -d "123456789=+/" | cut -c1-10) @@ -62,50 +109,13 @@ files_generation() { PASSBOLT_MYSQL_DATABASE=$(openssl rand -base64 29 | tr -d "123456789=+/" | cut -c1-10) PASSBOLT_MYSQL_USER=$(openssl rand -base64 29 | tr -d "123456789=+/" | cut -c1-10) PASSBOLT_MYSQL_PASSWORD=$(openssl rand -base64 29 | tr -d "=+/" | cut -c1-64) - FTLCONF_webserver_api_password=$(openssl rand -base64 29 | tr -d "=+/" | cut -c1-64) + FTLCONF_WEBSERVER_PASSWORD=$(openssl rand -base64 29 | tr -d "=+/" | cut -c1-64) echo -e "\n\n βœ… Encrypting secrets in the correct file..." - mkdir -p secrets/ - cd secrets/ - echo """ssh-public-keys: $SSH_PUBLIC_KEY - -docker: - nextcloud: | - DOMAIN_NAME=$DOMAIN_NAME - NEXTCLOUD_ENABLE_DRI_DEVICE=$TARGET_GRAPHICS - frigate: | - DOMAIN_NAME=$DOMAIN_NAME - FRIGATE_MQTT_USER=$HOME_ASSISTANT_MQTT_USER - FRIGATE_MQTT_PASSWORD=$HOME_ASSISTANT_MQTT_PASSWORD - traefik: | - DOMAIN_NAME=$DOMAIN_NAME - CF_DNS_API_TOKEN: $CF_DNS_API_TOKEN - hass: | - DOMAIN_NAME=$DOMAIN_NAME - HOME_ASSISTANT_MQTT_USER: $HOME_ASSISTANT_MQTT_USER - HOME_ASSISTANT_MQTT_PASSWORD: $HOME_ASSISTANT_MQTT_PASSWORD - passbolt: | - DOMAIN_NAME=$DOMAIN_NAME - TZ="Europe/Paris" - PASSBOLT_MYSQL_DATABASE: $PASSBOLT_MYSQL_DATABASE - PASSBOLT_MYSQL_USER: $PASSBOLT_MYSQL_USER - PASSBOLT_MYSQL_PASSWORD: $PASSBOLT_MYSQL_PASSWORD - SENDER_EMAIL_ADDRESS: $SENDER_EMAIL_ADDRESS - SENDER_EMAIL_ADDRESS_PASSWORD: $SENDER_EMAIL_ADDRESS_PASSWORD - SENDER_EMAIL_DOMAIN: $SENDER_EMAIL_DOMAIN - SENDER_EMAIL_PORT: $SENDER_EMAIL_PORT - EMAIL_ADDRESS: $EMAIL_ADDRESS - pihole: | - DOMAIN_NAME=$DOMAIN_NAME - TZ="Europe/Paris" - HOME_ROUTER_SUBNET=$HOME_ROUTER_SUBNET - HOME_ROUTER_IP=$HOME_ROUTER_IP - HOME_SERVER_IP=$HOME_SERVER_IP - FTLCONF_webserver_api_password: $FTLCONF_webserver_api_password""" | sops encrypt --filename-override secrets.yaml \ + envsubst < "config-files/sops-nix/secrets.yaml" | sops encrypt --filename-override secrets.yaml \ --input-type yaml --output-type yaml \ --age $SOPS_PUBLIC_KEY \ - --output secrets.yaml - cd ../ + --output extra-files/etc/nixos/secrets/secrets.yaml echo -e "\n\n βœ… Writing correct disk to disk-config.nix..." sed -i s+TARGET_DISK+$TARGET_DISK+g disk-config.nix @@ -114,165 +124,79 @@ docker: sed -i s+HOME_SERVER_IP+$HOME_SERVER_IP+g configuration.nix sed -i s+HOME_ROUTER_IP+$HOME_ROUTER_IP+g configuration.nix + echo -e "\n\n βœ… Adapting the docker configuration to your hardware..." + if [[ "$TARGET_GRAPHICS" == "true" && "$TARGET_USB_CORAL" == "true" ]]; then + sed -i.bak ' + /^[[:space:]]*# ----------------------------------------- #/{ + N; + /DEVICES SECTION WILL APPEAR HERE IF CORAL/{ + N; + /TPU OR INTEGRATED GRAPHICS ARE PRESENT/{ + N; + /----------------------------------------- #/c\ + devices:\ + - /dev/dri:/dev/dri\ + - /dev/bus/usb:/dev/bus/usb + } + } + }' docker/frigate.nix + elif [[ "$TARGET_GRAPHICS" == "true" && "$TARGET_USB_CORAL" == "false" ]]; then + sed -i.bak ' + /^[[:space:]]*# ----------------------------------------- #/{ + N; + /DEVICES SECTION WILL APPEAR HERE IF CORAL/{ + N; + /TPU OR INTEGRATED GRAPHICS ARE PRESENT/{ + N; + /----------------------------------------- #/c\ + devices:\ + - /dev/dri:/dev/dri\ + } + } + }' docker/frigate.nix + elif [[ "$TARGET_GRAPHICS" == "false" && "$TARGET_USB_CORAL" == "true" ]]; then + sed -i.bak ' + /^[[:space:]]*# ----------------------------------------- #/{ + N; + /DEVICES SECTION WILL APPEAR HERE IF CORAL/{ + N; + /TPU OR INTEGRATED GRAPHICS ARE PRESENT/{ + N; + /----------------------------------------- #/c\ + devices:\ + - /dev/bus/usb:/dev/bus/usb + } + } + }' docker/frigate.nix + fi + if [[ "$TARGET_ZIGBEE" == "true" ]]; then + sed -i.bak " + /^[[:space:]]*# ----------------------------------- #/{ + N; + /DEVICES SECTION WILL APPEAR HERE IF/{ + N; + /ZIGBEE USB DEVICE IS PRESENT/{ + N; + /----------------------------------- #/c\ + devices:\ + - ${TARGET_ZIGBEE_DEVICE_PATH}:/dev/ttyUSB0 + } + } + }" docker/hass.nix + fi + echo -e "\n\n βœ… Copying files to the new installation..." - mkdir -p extra-files/etc/nixos/ - mkdir -p extra-files/home/numbus-admin/.ssh/ - mkdir -p extra-files/var/lib/sops-nix/ - mkdir -p extra-files/mnt/config-storage/docker-data/traefik/config/conf - mkdir -p extra-files/mnt/data-storage/docker-data/nextcloud - mkdir -p extra-files/mnt/data-storage/docker-data/immich - mkdir -p extra-files/mnt/config-storage/docker-data/hass/mqtt/config - mkdir -p extra-files/mnt/config-storage/docker-data/hass/mqtt/data - cp -ravu secrets/ docker/ .sops.yaml configuration.nix disk-config.nix flake.nix hardware-configuration.nix extra-files/etc/nixos/ - cp -ravu /home/numbus-admin/.ssh/ extra-files/home/numbus-admin/ - cp -ravu /var/lib/sops-nix/key.txt extra-files/var/lib/sops-nix/ + cp -ravu secrets/ .sops.yaml hardware-configuration.nix extra-files/etc/nixos/ echo -e "\n\n βœ… Writing docker configuration files..." - cat < extra-files/mnt/config-storage/docker-data/traefik/config/traefik.yaml -global: - checkNewVersion: false - sendAnonymousUsage: false -# - level: [TRACE, DEBUG, INFO, WARN, ERROR, FATAL] -log: - level: ERROR -accesslog: {} -api: - dashboard: true - insecure: true -entryPoints: - web: - address: :80 - http: - redirections: - entryPoint: - to: websecure - scheme: https - websecure: - address: :443 - forwardedHeaders: - trustedIPs: - # Local IPs - - "127.0.0.1/32" - - "10.0.0.0/8" - - "192.168.0.0/16" - - "172.16.0.0/12" -certificatesResolvers: - cloudflare: - acme: - email: ${EMAIL_ADDRESS} - storage: /var/traefik/certs/cloudflare-acme.json - caServer: "https://acme-v02.api.letsencrypt.org/directory" - dnsChallenge: - provider: cloudflare - resolvers: - - "1.1.1.1:53" - - "9.9.9.9:53" -serversTransport: - insecureSkipVerify: true -providers: - docker: - exposedByDefault: false - network: traefik_frigate, traefik_hass, traefik_nextcloud, traefik_passbolt, traefik_pihole - file: - directory: "/etc/traefik/conf/" - watch: true -EOF - - cat < extra-files/mnt/config-storage/docker-data/traefik/config/conf/nextcloud.yaml -http: - routers: - nextcloud: - rule: "Host(\`nextcloud.${DOMAIN_NAME}\`)" - entrypoints: - - "websecure" - service: nextcloud - middlewares: - - nextcloud-chain - tls: - certresolver: "cloudflare" - - services: - nextcloud: - loadBalancer: - servers: - - url: "http://nextcloud-aio-apache:11000" - - middlewares: - nextcloud-secure-headers: - headers: - hostsProxyHeaders: - - "X-Forwarded-Host" - referrerPolicy: "same-origin" - BrowserXssFilter: true - ContentTypeNosniff: true - ForceSTSHeader: true - STSIncludeSubdomains: true - STSPreload: true - STSSeconds: 315360000 - - https-redirect: - redirectscheme: - scheme: https - - nextcloud-chain: - chain: - middlewares: - - https-redirect - - nextcloud-secure-headers -EOF - - cat <<'EOF' > extra-files/mnt/config-storage/docker-data/traefik/config/conf/headers.yaml -http: - middlewares: - passbolt: - headers: - FrameDeny: true - AccessControlAllowMethods: 'GET,OPTIONS,PUT' - AccessControlAllowOriginList: - - origin-list-or-null - AccessControlMaxAge: 100 - AddVaryHeader: true - BrowserXssFilter: true - ContentTypeNosniff: true - ForceSTSHeader: true - STSIncludeSubdomains: true - STSPreload: true - ContentSecurityPolicy: default-src 'self' 'unsafe-inline' - CustomFrameOptionsValue: SAMEORIGIN - ReferrerPolicy: same-origin - PermissionsPolicy: vibrate 'self' - STSSeconds: 315360000 -EOF - - cat <<'EOF' > extra-files/mnt/config-storage/docker-data/traefik/config/conf/tls.yaml -tls: - options: - default: - minVersion: VersionTLS12 - sniStrict: true - curvePreferences: - - CurveP521 - - CurveP384 - cipherSuites: - - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 -EOF - -cat < extra-files/mnt/config-storage/docker-data/hass/mqtt/config/mosquitto.conf -persistence true -persistence_location /mosquitto/data/ -log_dest file /mosquitto/log/mosquitto.log -listener 1883 - -## Authentication ## -allow_anonymous false -password_file /mosquitto/config/password.txt -EOF - -touch extra-files/mnt/config-storage/docker-data/hass/mqtt/config/password.txt -chmod 0700 extra-files/mnt/config-storage/docker-data/hass/mqtt/config/password.txt -nix shell nixpkgs#mosquitto -c mosquitto_passwd -b extra-files/mnt/config-storage/docker-data/hass/mqtt/config/password.txt $HOME_ASSISTANT_MQTT_USER $HOME_ASSISTANT_MQTT_PASSWORD + envsubst < config-files/traefik/headers.yaml > extra-files/mnt/config-storage/traefik/config/conf/headers.yaml + envsubst < config-files/traefik/nextcloud.yaml > extra-files/mnt/config-storage/traefik/config/conf/nextcloud.yaml + envsubst < config-files/traefik/tls.yaml > extra-files/mnt/config-storage/traefik/config/conf/tls.yaml + envsubst < config-files/traefik/traefik.yaml > extra-files/mnt/config-storage/traefik/config/traefik.yaml + envsubst < config-files/hass/mosquitto.conf > extra-files/mnt/config-storage/hass/mqtt/config/mosquitto.conf + touch extra-files/mnt/config-storage/hass/mqtt/config/password.txt + chmod 0700 extra-files/mnt/config-storage/hass/mqtt/config/password.txt + nix shell nixpkgs#mosquitto -c mosquitto_passwd -b extra-files/mnt/config-storage/hass/mqtt/config/password.txt $HOME_ASSISTANT_MQTT_USER $HOME_ASSISTANT_MQTT_PASSWORD } deploy() { @@ -282,7 +206,7 @@ deploy() { --flake .#numbus-server \ --extra-files "extra-files/" \ --chown "/home/numbus-admin/" 1000:1000 \ - --target-host $TARGET_USER@$TARGET_HOST + --target-host nixos@$TARGET_HOST echo -e "\n\n βœ… Installation successfull !!" sleep 1 @@ -295,7 +219,7 @@ nixos_deployment() { if [[ "$SETUP_ANSWER" == "done" ]]; then : else - echo "Aborting – you did not type 'done'." + echo "Aborting - you did not type 'done'." exit 1 fi @@ -304,8 +228,6 @@ nixos_deployment() { read -r TARGET_HOST echo -e "\n\n ➑️ Please provide the disk you want to install NixOS on (i.e. /dev/vda, /dev/sda, /dev/nvme0n1...) :" read -r TARGET_DISK - echo -e "\n\n ➑️ Does the target server has graphics ? (integrated or discrete) :" - read -r TARGET_GRAPHICS echo -e "\n\n ➑️ Please provide the public SSH key of an authorized device :" read -r SSH_PUBLIC_KEY @@ -336,6 +258,11 @@ nixos_deployment() { echo -e "\n\n ➑️ Please choose the ip address that your server will use (i.e. any address in the 192.168.1.1/24\n range that is not in use. 192.168.1.5 for example.) :" read -r HOME_SERVER_IP + echo -e "\n\n ➑️ Please provide enter the password of the remote target." + ssh-copy-id nixos@$TARGET_HOST + + hardware_detection + files_generation deploy @@ -348,12 +275,12 @@ nixos_deployment_with_config() { if [[ "$SETUP_ANSWER" == "done" ]]; then : else - echo "Aborting – you did not type 'done'." + echo "Aborting - you did not type 'done'." exit 1 fi echo -e "\n\n ➑️ Please provide the path to a config file :" - read -rp "Enter the full path to the config file: " CONFIG_PATH + read -erp CONFIG_PATH CONFIG_PATH=$(realpath -m "$CONFIG_PATH") if [[ ! -f "$CONFIG_PATH" ]]; then echo "Error: '$CONFIG_PATH' does not exist or is not a regular file." @@ -373,10 +300,10 @@ nixos_deployment_with_config() { MISSING=0 for VAR in "${REQUIRED_VARS[@]}"; do if [[ -v $VAR && -n ${!VAR} ]]; then - echo -e "\n\n βœ… $VAR imported successfully from the config file" + echo -e "\n βœ… $VAR imported successfully from the config file" sleep 0.1 else - echo "\n\n ❌ $VAR is missing or empty" + echo "\n ❌ $VAR is missing or empty" sleep 0.1 MISSING=1 fi @@ -391,7 +318,9 @@ nixos_deployment_with_config() { deploy } -trap cleanup EXIT +nixos_update() { + +} echo -e "\n\n Please choose an action (i.e. 1, 2 or 3) :\n" echo -e " - [1] 🌐 Deploy NixOS on a remote machine" @@ -401,17 +330,14 @@ read -r ACTION_ANSWER if [[ "$ACTION_ANSWER" == "1" ]]; then echo -e "\n ➑️ Proceeding with deployment…" - TARGET_USER="nixos" nixos_deployment elif [[ "$ACTION_ANSWER" == "2" ]]; then echo -e "\n ➑️ Proceeding with deployment using a config file…" - TARGET_USER="nixos" nixos_deployment_with_config elif [[ "$ACTION_ANSWER" == "3" ]]; then echo -e "\n ➑️ Proceeding with update…" - TARGET_USER="numbus-admin" - nixos_deployment_with_config + nixos_update else - echo "Aborting – you did not type '1, 2 or 3'." + echo "Aborting - you did not type '1, 2 or 3'." exit 1 fi \ No newline at end of file