numbus/numbus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bunch of changes. Settled on keeping both TUI and WebUI options.

Browse Source
This commit is contained in:
Raphaël Numbus
2026-04-26 10:39:54 +02:00
parent 80aaacda13
commit 97305c2152
23 changed files with 1234 additions and 1514 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy.sh
Regular → Executable
+143 -100
View File
@@ -1,14 +1,15 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p bash nano coreutils gnused gum fastfetch xkcdpass sops ssh-to-age age sshpass envsubst pciutils usbutils mosquitto curl jq yq python3
cleanup() {
rm -${DIR_RM_FLAGS} /run/numbus/logs
rm -${DIR_RM_FLAGS} /run/numbus/web
rm -${DIR_RM_FLAGS} /run/numbus/config
kill ${BRIDGE_PID}
}
launch_configurator() {
local PORT=8088
local CONFIG_FILE="numbus.yaml"
local BRIDGE_SCRIPT="configurator/bridge.py"
# Cleanup old signals
rm -${FILES_RM_FLAGS} configurator/.discovery_ready configurator/.deploy_signal configurator/live_settings.json configurator/hardware.json
echo -e "\n 🚀 Launching Numbus Configurator..."
python3 "${BRIDGE_SCRIPT}" > /dev/null 2>&1 &
export BRIDGE_PID=$!
@@ -17,37 +18,70 @@ launch_configurator() {
xdg-open "http://localhost:${PORT}" 2>/dev/null || open "http://localhost:${PORT}" 2>/dev/null || true
}
preparation() {
SELECTED_DEVICE_TYPE=$(gum choose --header "Choose the device you want to deploy :" \
"Numbus Server : Professional-grade hosting, strictly kept under your roof." \
"Numbus Backup Server : Automated, high-efficiency protection for your entire ecosystem." \
"Numbus Computer : A modern, privacy-respecting machine built for work, creation, and play — without the corporate bloat." \
"Numbus TV : A premium cinematic experience free from trackers and forced subscriptions.")
SELECTED_DEPLOYMENT_MODE=$(gum choose --header "Choose your preferred deployment mode :" \
"Interactive : You don't already have a configuration." \
"Non-interactive : You have a valid configuration hosted on a Git platform.")
git_url() {
IMPORTED_CONFIG_URL=$(gum input --placeholder "https://yourgitplatform.tld/your-user/repo-containing-the-configuration" --header "Please provide the URL to the git repository containing your configuration :")
}
git_url
until git clone "${IMPORTED_CONFIG_URL}" imported_configuration; do
echo -e "\n ⚠️ This did not work correctly."
echo -e "\n Is this URL correct [y/n] ? ${IMPORTED_CONFIG_URL}"
read URL
if [[ "${URL^^}" == "N" ]];
git_url
fi
echo -e "\n You will be prompted for your credentials again. Make sure that they are correct."
done
}
hierarchy_preparation() {
if [[ -e configuration/etc/nixos/configuration.nix || -e configuration/home/numbus-admin/.ssh/id_ed25519 ]]; then
mkdir -${MKDIR_FLAGS} .trash/
echod "\n 🔄 Preparing the folder hierarchy for the final configuration..."
if [[ -e config/* ]]; then
echo " ⚠️ It seems you have already run this script. Previously generated files need to be cleaned up."
mv -${MV_FLAGS} configuration/{.,}* .trash/"$(date)_cleanup"/
echo " ✅ Your files have been moved to the .trash directory. You can retrieve them there if needed."
OLD_CONFIG_PATH="trash/$(date +"%Y-%m-%d-%Hh%M")/"
mkdir -${MKDIR_FLAGS} ${OLD_CONFIG_PATH}
mv -${MV_FLAGS} config/ ${OLD_CONFIG_PATH}
echo " ✅ Your files have been moved to the ${OLD_CONFIG_PATH} directory. You can retrieve them there if needed."
fi
mkdir -${MKDIR_FLAGS} configuration/home/numbus-admin/.ssh/
mkdir -${MKDIR_FLAGS} configuration/etc/nixos/secrets/podman
mkdir -${MKDIR_FLAGS} configuration/etc/nixos/secrets/system
mkdir -${MKDIR_FLAGS} configuration/etc/nixos/secrets/disks
mkdir -${MKDIR_FLAGS} configuration/var/lib/sops-nix/
mkdir -${MKDIR_FLAGS} configuration/var/lib/numbus-server/
# Secrets
mkdir -${MKDIR_FLAGS} ${EXTRA_FILES_PATH}/home/numbus-admin/.ssh/
mkdir -${MKDIR_FLAGS} ${EXTRA_FILES_PATH}/var/lib/sops-nix/
mkdir -${MKDIR_FLAGS} ${EXTRA_FILES_PATH}/etc/nixos/secrets/disks
if [[ "${SELECTED_DEVICE_TYPE}" == "" ]]; then
mkdir -${MKDIR_FLAGS} ${EXTRA_FILES_PATH}/etc/nixos/secrets/podman
mkdir -${MKDIR_FLAGS} ${EXTRA_FILES_PATH}/etc/nixos/secrets/system
fi
mkdir -${MKDIR_FLAGS} to-keep-preciously/
}
setup_ssh() {
if [[ ${DEBUG} -eq 1 ]]; then
echo -e "\n ✅ Generating new SSH key for numbus-admin..."
fi
echod "\n ✅ Generating new SSH key for numbus-admin..."
chmod 700 configuration/home/numbus-admin/.ssh/
ssh-keygen -t "ed25519" -C "numbus-admin@numbus-server" -f "configuration/home/numbus-admin/.ssh/id_ed25519" -N "" -q
chmod 700 ${EXTRA_FILES_PATH}/home/numbus-admin/.ssh/
ssh-keygen -t "ed25519" -C "numbus-admin@numbus-server" -f "${EXTRA_FILES_PATH}/home/numbus-admin/.ssh/id_ed25519" -N "" -q
if [[ ${DEBUG} -eq 1 ]]; then
echo -e "\n ➡️ Copying SSH key to target host '${TARGET_USER}@${LIVE_TARGET_IP}'..."
fi
if sshpass -p "${LIVE_TARGET_PASSWD}" ssh-copy-id -o StrictHostKeyChecking=no -i "configuration/home/numbus-admin/.ssh/id_ed25519" "${TARGET_USER}@${LIVE_TARGET_IP}"; then
if sshpass -p "${LIVE_TARGET_PASSWD}" ssh-copy-id -o StrictHostKeyChecking=no -i "${EXTRA_FILES_PATH}/home/numbus-admin/.ssh/id_ed25519" "${TARGET_USER}@${LIVE_TARGET_IP}"; then
if [[ ${DEBUG} -eq 1 ]]; then
echo -e "\n ✅ SSH key copied successfully"
fi
@@ -59,7 +93,7 @@ setup_ssh() {
ssh_to_host() {
local COMMAND="${1}"
ssh -i "configuration/home/numbus-admin/.ssh/id_ed25519" "${TARGET_USER}@${LIVE_TARGET_IP}" "${COMMAND}"
ssh -i "${EXTRA_FILES_PATH}/home/numbus-admin/.ssh/id_ed25519" "${TARGET_USER}@${LIVE_TARGET_IP}" "${COMMAND}"
}
hardware_detection() {
@@ -152,7 +186,7 @@ done
SSHEND
### Get hardware information <--
scp -i "configuration/home/numbus-admin/.ssh/id_ed25519" "${TARGET_USER}@${LIVE_TARGET_IP}":"${TMPFILE}" "${TMPFILE}" &> /dev/null
scp -i "${EXTRA_FILES_PATH}/home/numbus-admin/.ssh/id_ed25519" "${TARGET_USER}@${LIVE_TARGET_IP}":"${TMPFILE}" "${TMPFILE}" &> /dev/null
source "${TMPFILE}"
### Transform the bash variables into JSON -->
@@ -185,11 +219,11 @@ SSHEND
name: .[$i], path: .[$i+1], type: .[$i+2], health: .[$i+3], id: .[$i+4], size: .[$i+5]
}
]
}' --args "${DISK_FLAT_ARRAY[@]:-}" > configurator/hardware.json
}' --args "${DISK_FLAT_ARRAY[@]:-}" > ${HARDWARE_DATA_PATH}
### Transform the bash variables into JSON <--
### --> Generate hardware-configuration.nix
if ssh_to_host "sudo nixos-generate-config --no-filesystems --show-hardware-config" > configuration/etc/nixos/hardware-configuration.nix; then
if ssh_to_host "sudo nixos-generate-config --no-filesystems --show-hardware-config" > ${EXTRA_FILES_PATH}/etc/nixos/hardware-configuration.nix; then
echo -e "\n✅ Hardware configuration generated"
else
echo -e "\n❌ Failed to generate hardware configuration"
@@ -402,8 +436,8 @@ disk_config_generation() {
keys_generation() {
for i in $(seq 1 "${#BOOT_DISKS_ID_LIST[@]}"); do
PASS="$(xkcdpass)"
echo -n "$PASS" > "configuration/etc/secrets/disks/boot-${i}"
chmod 600 "configuration/etc/secrets/disks/boot-${i}"
echo -n "$PASS" > "${EXTRA_FILES_PATH}/etc/secrets/disks/boot-${i}"
chmod 600 "${EXTRA_FILES_PATH}/etc/secrets/disks/boot-${i}"
ssh_to_host 'bash -s' << EOF
echo "$LIVE_TARGET_PASSWD" | sudo -S mkdir -p /etc/secrets/disks/
echo "$LIVE_TARGET_PASSWD" | sudo -S bash -c "printf '%s' '$PASS' > /etc/secrets/disks/boot-${i}"
@@ -412,8 +446,8 @@ EOF
done
for i in $(seq 1 "$CONTENT_DISK_NUMBER"); do
PASS="$(xkcdpass)"
echo -n "$PASS" > "configuration/etc/secrets/disks/content-${i}"
chmod 600 "configuration/etc/secrets/disks/content-${i}"
echo -n "$PASS" > "${EXTRA_FILES_PATH}/etc/secrets/disks/content-${i}"
chmod 600 "${EXTRA_FILES_PATH}/etc/secrets/disks/content-${i}"
ssh_to_host 'bash -s' << EOF
echo "$LIVE_TARGET_PASSWD" | sudo -S bash -c "printf '%s' '$PASS' > /etc/secrets/disks/content-${i}"
echo "$LIVE_TARGET_PASSWD" | sudo -S chmod 600 /etc/secrets/disks/content-${i}
@@ -421,8 +455,8 @@ EOF
done
for i in $(seq 1 "$PARITY_DISK_NUMBER"); do
PASS="$(xkcdpass)"
echo -n "$PASS" > "configuration/etc/secrets/disks/parity-${i}"
chmod 600 "configuration/etc/secrets/disks/parity-${i}"
echo -n "$PASS" > "${EXTRA_FILES_PATH}/etc/secrets/disks/parity-${i}"
chmod 600 "${EXTRA_FILES_PATH}/etc/secrets/disks/parity-${i}"
ssh_to_host 'bash -s' << EOF
echo "$LIVE_TARGET_PASSWD" | sudo -S bash -c "printf '%s' '$PASS' > /etc/secrets/disks/parity-${i}"
echo "$LIVE_TARGET_PASSWD" | sudo -S chmod 600 /etc/secrets/disks/parity-${i}
@@ -440,18 +474,18 @@ EOF
export SSH_KEYS_FORMATTED
echo -e "\n ✅ Generating sops-nix keys..."
ssh-to-age -private-key -i configuration/home/numbus-admin/.ssh/id_ed25519 > configuration/var/lib/sops-nix/key.txt
export SOPS_PUBLIC_KEY=$(age-keygen -y configuration/var/lib/sops-nix/key.txt)
ssh-to-age -private-key -i ${EXTRA_FILES_PATH}/home/numbus-admin/.ssh/id_ed25519 > ${EXTRA_FILES_PATH}/var/lib/sops-nix/key.txt
export SOPS_PUBLIC_KEY=$(age-keygen -y ${EXTRA_FILES_PATH}/var/lib/sops-nix/key.txt)
echo -e "\n ✅ Generating sops-nix configuration files..."
envsubst < templates/nix-config/sops-nix/.sops.yaml > configuration/etc/nixos/.sops.yaml
envsubst < templates/nix-config/sops-nix/.sops.yaml > ${EXTRA_FILES_PATH}/etc/nixos/.sops.yaml
echo -e "\n ✅ Encrypting secrets in the correct file..."
envsubst < "templates/nix-config/sops-nix/secrets.yaml" \
| sops encrypt --filename-override secrets.yaml \
--input-type yaml --output-type yaml \
--age $SOPS_PUBLIC_KEY \
--output configuration/etc/nixos/secrets/secrets.yaml
--output ${EXTRA_FILES_PATH}/etc/nixos/secrets/secrets.yaml
}
sum_up() {
@@ -511,18 +545,18 @@ Please save the following secrets to a secure place (i.e. your local password ma
**Boot Disks (${#BOOT_DISKS_ID_LIST[@]}) :**
* **Disk 1 Secret Key :** \`$( cat configuration/etc/secrets/disks/boot-1 )\`
$( [[ -n "${BOOT_DISKS_ID_LIST[1]:-}" ]] && echo "* **Disk 2 secret key :** \`$( cat configuration/etc/secrets/disks/boot-2 )\`" )
* **Disk 1 Secret Key :** \`$( cat ${EXTRA_FILES_PATH}/etc/secrets/disks/boot-1 )\`
$( [[ -n "${BOOT_DISKS_ID_LIST[1]:-}" ]] && echo "* **Disk 2 secret key :** \`$( cat ${EXTRA_FILES_PATH}/etc/secrets/disks/boot-2 )\`" )
**Data Disks ($CONTENT_DISK_NUMBER):**
$( [[ $CONTENT_DISK_NUMBER -eq 0 ]] && echo "* *Not configured*" )
$( [[ $CONTENT_DISK_NUMBER -gt 0 ]] && j=1 && for i in $(seq 0 $(($CONTENT_DISK_NUMBER - 1))); do echo "* **Disk ${j} Secret Key :** \`$( cat configuration/etc/secrets/disks/content-${j} )\`" && j=$((j + 1)); done )
$( [[ $CONTENT_DISK_NUMBER -gt 0 ]] && j=1 && for i in $(seq 0 $(($CONTENT_DISK_NUMBER - 1))); do echo "* **Disk ${j} Secret Key :** \`$( cat ${EXTRA_FILES_PATH}/etc/secrets/disks/content-${j} )\`" && j=$((j + 1)); done )
**Parity Disks ($PARITY_DISK_NUMBER):**
$( [[ $PARITY_DISK_NUMBER -eq 0 ]] && echo "* *Not configured*" )
$( [[ $PARITY_DISK_NUMBER -gt 0 ]] && j=1 && for i in $(seq $CONTENT_DISK_NUMBER $((${#DATA_DISKS_ID[@]} - 1))); do echo "* **Disk ${j} Secret Key :** \`$( cat configuration/etc/secrets/disks/parity-${j} )\`" && j=$((j + 1)); done )
$( [[ $PARITY_DISK_NUMBER -gt 0 ]] && j=1 && for i in $(seq $CONTENT_DISK_NUMBER $((${#DATA_DISKS_ID[@]} - 1))); do echo "* **Disk ${j} Secret Key :** \`$( cat ${EXTRA_FILES_PATH}/etc/secrets/disks/parity-${j} )\`" && j=$((j + 1)); done )
EOF
)
@@ -532,7 +566,7 @@ EOF
gum confirm "➡️ Would you like to manually edit the configuration (⚠️ advanced users only)" || { echo -e "\n\n✅ continuing with the installation..."; return 0; }
nano configuration/etc/nixos/configuration.nix
nano ${EXTRA_FILES_PATH}/etc/nixos/configuration.nix
}
cloudflare_dns_setup() {
@@ -637,9 +671,9 @@ cloudflare_dns_setup() {
}
export_configuration() {
cp -${FILES_CP_FLAGS} deploy.conf configuration/var/lib/numbus-server/numbus-server.conf
cp -${FILES_CP_FLAGS} deploy.conf ${EXTRA_FILES_PATH}/var/lib/numbus-server/numbus-server.conf
local CONFIG_EXPORT_DIR="configuration/var/lib/numbus-server/"
local CONFIG_EXPORT_DIR="${EXTRA_FILES_PATH}/var/lib/numbus-server/"
local CONFIG_EXPORT_FILE="${CONFIG_EXPORT_DIR}/numbus-server.conf"
echo "export TARGET_INTERFACE=\"${TARGET_INTERFACE}\"" >> $CONFIG_EXPORT_FILE
@@ -658,15 +692,15 @@ export_configuration() {
}
deploy() {
git -C . add -f "configuration/"
git -C . add -f "${EXTRA_FILES_PATH}/"
git -C . add -f "templates/"
git -C . add -f "deploy.conf"
echo -e "\n\n🔄 Deploying to the remote server..."
nix flake update --flake ./configuration/etc/nixos
nix flake update --flake ./${EXTRA_FILES_PATH}/etc/nixos
nix run github:nix-community/nixos-anywhere -- \
--flake ./configuration/etc/nixos#numbus-server \
--extra-files configuration \
--flake ${EXTRA_FILES_PATH}/etc/nixos#numbus-server \
--extra-files ${EXTRA_FILES_PATH} \
--chown "/home/numbus-admin/" 1000:1000 \
--target-host ${TARGET_USER}@${LIVE_TARGET_IP}
@@ -714,7 +748,7 @@ postrun_action() {
Do you want to enable automatic disk decryption on boot ?"
if gum confirm "➡️ I understand, 'yes' to proceed."; then
sshpass -p "${LIVE_TARGET_PASSWD}" ssh -i "configuration/home/numbus-admin/.ssh/id_ed25519" "${TARGET_USER}@${LIVE_TARGET_IP}" 'bash -s' << EOF
sshpass -p "${LIVE_TARGET_PASSWD}" ssh -i "${EXTRA_FILES_PATH}/home/numbus-admin/.ssh/id_ed25519" "${TARGET_USER}@${LIVE_TARGET_IP}" 'bash -s' << EOF
echo "Enrolling boot disk key to TPM..."
BOOT_DISKS_NAME=(${BOOT_DISKS_NAME[@]})
@@ -762,45 +796,29 @@ nix_update() {
echo -e "\n\n🔄 Updating NixOS on the remote server..."
nixos-rebuild --target-host numbus-admin@${LIVE_TARGET_IP} \
--use-remote-sudo switch --flake configuration/etc/nixos#numbus-server
--use-remote-sudo switch --flake ${EXTRA_FILES_PATH}/etc/nixos#numbus-server
}
cleanup() {
kill ${BRIDGE_PID}
echod() {
MESSAGE=${1}
if [[ ${DEBUG} -eq 1 ]]; then
echo -e ${MESSAGE}
fi
}
set -euo pipefail
# --- DEFAULTS --->
WEBSERVER_PORT=${WEBSERVER_PORT:-8088}
clear
LIVE_DATA_PATH="/run/numbus/web/live_settings.json"
HARDWARE_DATA_PATH="/run/numbus/web/hardware.json"
echo "
██████ █████ █████
▒▒██████ ▒▒███ ▒▒███
▒███▒███ ▒███ █████ ████ █████████████ ▒███████ █████ ████ █████
▒███▒▒███▒███ ▒▒███ ▒▒███ ▒▒███▒▒███▒▒███ ▒███▒▒███▒▒███ ▒▒███ ███▒▒
▒███ ▒▒██████ ▒███ ▒▒███ ▒███ ▒███ ▒███ ▒███ ▒███ ▒███ ▒▒███ ▒▒█████
▒███ ▒▒█████ ▒███ ▒▒███ ▒███ ▒███ ▒███ ▒███ ▒███ ▒███ ▒▒███ ▒▒▒▒███
█████ ▒▒█████ ▒▒████████ █████▒███ █████ ████████ ▒▒████████ ██████
▒▒▒▒▒ ▒▒▒▒▒ ▒▒▒▒▒▒▒▒ ▒▒▒▒▒ ▒▒▒ ▒▒▒▒▒ ▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒
BRIDGE_SCRIPT="web/logic/bridge.py"
CONFIG_FILE="config/numbus.yaml"
█████████
███▒▒▒▒▒███
▒███ ▒▒▒ ██████ ████████ █████ █████ ██████ ████████
▒▒█████████ ███▒▒███▒▒███▒▒███▒▒███ ▒▒███ ███▒▒███▒▒███▒▒███
▒▒▒▒▒▒▒▒███▒███████ ▒███ ▒▒▒ ▒███ ▒███ ▒███████ ▒███ ▒▒▒
███ ▒███▒███▒▒▒ ▒███ ▒▒███ ███ ▒███▒▒▒ ▒███
▒▒█████████ ▒▒██████ █████ ▒▒█████ ▒▒██████ █████
▒▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒ ▒▒▒▒▒ ▒▒▒▒▒ ▒▒▒▒▒▒ ▒▒▒▒▒
"
TARGET_USER="nixos"
sleep 1
trap cleanup EXIT
# --- MAIN ORCHESTRATION LOOP ---
# 0. TESTING ONLY
DEBUG=1
EXTRA_FILES_PATH="/run/numbus/config"
if [[ ${DEBUG-0} -eq 1 ]]; then
FILES_CP_FLAGS="vau"
@@ -816,31 +834,56 @@ else
MKDIR_FLAGS="p"
MV_FLAGS="u"
fi
# --- DEFAULTS ---<
# 1. Initialize the UI and Bridge
launch_configurator
# --- MAIN PART ---
set -euo pipefail
# 2. Prepare the directories
hierarchy_preparation
clear
trap cleanup EXIT
echo """
_ ____ ____ ______ __ ______
/ |/ / / / / |/ / _ )/ / / / __/
/ / /_/ / /|_/ / _ / /_/ /\ \
/_/|_/\____/_/ /_/____/\____/___/
"""
DEPLOY_MODE=$(gum choose --header "Choose your preferred configuration interface :" "Through my browser (Recommended for beginners)" "Through my terminal (TUI)")
if [[ "$DEPLOY_MODE" == "Through my terminal" ]]; then
preparation
hierarchy_preparation
setup_ssh
else
launch_configurator
hierarchy_preparation
echod "\n ⏳ Waiting for device credentials from web UI..."
while [ ! -f configurator/.discovery_ready ]; do
sleep 5
done
echod "\n ✅ Credentials received."
LANGUAGE=$(jq -r '.language' ${LIVE_DATA_PATH})
COUNTRY=$(jq -r '.country' ${LIVE_DATA_PATH})
TIMEZONE=$(jq -r '.timeZone' ${LIVE_DATA_PATH})
DEVICE_TYPE=$(jq -r '.device' ${LIVE_DATA_PATH})
DEPLOYMENT_MODE=$(jq -r '.deploymentMode' ${LIVE_DATA_PATH})
if [[ "${DEPLOYMENT_MODE}" == "non-interactive" ]]; then
REPLICATION_HARDWARE=$(jq -r '.replicationHardware' ${LIVE_DATA_PATH})
REPLICATION_STRATEGY=$(jq -r '.replicationStrategy' ${LIVE_DATA_PATH})
REPLICATION_SECRETS=$(jq -r '.replicationSecrets' ${LIVE_DATA_PATH})
fi
LIVE_IP=$(jq -r '.liveIp' ${LIVE_DATA_PATH})
LIVE_PASSWORD=$(jq -r '.livePassword' ${LIVE_DATA_PATH})
# 3. Wait for Live Credentials from the Website
if [[ ${DEBUG} -eq 1 ]]; then
echo -e "\n ⏳ Waiting for device credentials from web UI..."
fi
while [ ! -f configurator/.discovery_ready ]; do
sleep 2
done
if [[ ${DEBUG} -eq 1 ]]; then
echo -e "\n ✅ Credentials received."
fi
# 3. Load Credentials and run Discovery
DEVICE_TYPE=$(jq -r '.device' configurator/live_settings.json)
LIVE_TARGET_IP=$(jq -r '.live_ip' configurator/live_settings.json)
LIVE_TARGET_PASSWD=$(jq -r '.live_password' configurator/live_settings.json)
TARGET_USER="nixos" # Default for NixOS ISO
setup_ssh
hardware_detection
@@ -860,4 +903,4 @@ done
# 5. Execute Deployment
echo -e "\n🚀 Starting deployment sequence..."
deploy | tee configurator/deploy.log
deploy > deploy-out.log 2> deploy-err.log