Huge update to organization. Added future numbus projects.

2026-03-13 11:37:53 +01:00
parent 3d3154f25f
commit 99d19af39a
22 changed files with 414 additions and 49 deletions
@@ -1,54 +1,109 @@
-# ☁️ Numbus Server: Your Personal Cloud, Simplified 🚀
+# ☁️ Welcome to Numbus 🚀

-Welcome to the **Numbus Server** project! This repository provides a complete NixOS configuration to deploy a personal home server with a rich set of services in minutes. Our goal is to make self-hosting accessible to everyone, allowing you to take back control of your data with a solution that is easy to manage and highly reliable.
-
-## ✨ Features
-
-   🌐 **Free & Open-Source:** Built with transparency and community collaboration in mind.
-   🚀 **Easy Deployment:** Get your server up and running in minutes with a single command.
-   🛠️ **Set & Forget:** A highly reliable, low-maintenance solution.
-   🔒 **Secure by Design:** Strong security practices are at the core of our configuration.
-   📦 **Popular Services:** Access a wide range of popular, pre-configured services.
-   ⚙️ **Declarative & Reproducible:** Thanks to NixOS, your system configuration is entirely declarative, ensuring reproducibility and easy maintenance.
-
-## 🛠️ Key Technologies
-
-   **NixOS:** A declarative Linux distribution that makes system management a breeze.
-   **Nix Flakes:** For reproducible builds and dependency management.
-   **Docker & Docker Compose:** To run containerized services with ease.
-   **Traefik:** A modern reverse proxy for securely exposing services.
-   **Sops-nix:** For secure and convenient management of secrets.
-   **NixOS-anywhere:** For seamless initial deployment to any machine.
-   **Disko:** For declarative and predictable disk partitioning.
+Welcome to the **Numbus Server** project! This repository provides a complete selection of highly customizable NixOS configurations to deploy **home servers**, **backup servers**, **computers**, **TVs** in an automated manner. Deploy devices in hours instead of days !

 ## 🚀 Getting Started

-The entire deployment process is automated with the `deploy.sh` script. This script dynamically adapts the configuration to your hardware, network environment, and secrets.
+The entire deployment process is automated around a bash script. It helps to dynamically adapt the configuration to your hardware, network environment, and secrets.

-**1. Clone the Repository:**
+### Requirements :
+#### For numbus-server :
+-   A NixOS-based machine to deploy from
+-   A NixOS-based live machine to deploy to
+-   An email address with automated mail sending support
+-   A valid, public domain name
+
+
+#### For numbus-backup-server :
+-   A NixOS-based machine to deploy from
+-   A NixOS-based live machine to deploy to
+-   An email address with automated mail sending support
+-   A valid domain name
+
+#### For numbus-computer :
+-   A NixOS-based machine to deploy from
+-   A NixOS-based live machine to deploy to
+
+#### For numbus-tv :
+-   A NixOS-based machine to deploy from
+-   A NixOS-based live machine to deploy to
+
+### On your Nix-based machine :
+
+**1. Clone the Repository :**

 ```bash
-git clone https://git.numbus.eu/raphael/numbus-server.git
-cd numbus-server
+git clone https://git.numbus.eu/raphael/numbus.git
+cd numbus
 ```

-**2. Run the Deployment Script:**
+**2. (Optional) Fill in the configuration file :**
+
+This step is globally recommended as it reduces the risks of typos in the credentials. It also is better suited for repeated deployments to multiple machines.
+
+```bash
+nano $your_choosed_device.conf
+```
+
+Example: if you want to deploy a server
+
+```bash
+nano numbus-server.conf
+```
+
+**3. Run the Deployment Script :**

 ```bash
 ./deploy.sh
 ```

-**3. Follow the Prompts:**
+**4. Follow the script's Prompts :**
+
+> If you followed **step 2**, then choose non-interactive mode.
+
+> If you skipped **step 2**, then choose interactive mode.

 The script will guide you through the setup process, including choosing a deployment mode and providing the necessary information. Once completed, the script will:

 -   Adapt the configuration to your machine.
 -   Generate SSH and `sops` keys.
 -   Encrypt secrets for secure storage.
-   Generate configuration files for Docker services.
-   Deploy the NixOS configuration using `nixos-anywhere`.
+-   Generate configuration files for Podman services.
+-   Deploy the NixOS configuration to the remote using `nixos-anywhere`.
 -   Verify the deployment and guide you through the final setup of the web UIs.

+## ✨ Features
+
+-   🌐 **Free & Open-Source :** Built with transparency and community collaboration in mind.
+-   🚀 **Easy Deployment :** Get your server up and running in minutes with a single command.
+-   🛠️ **Set & Forget :** A highly reliable, low-maintenance solution.
+-   🔒 **Secure by Design :** Strong security practices are at the core of our configuration.
+-   📦 **Popular Services :** Access a wide range of popular, pre-configured services.
+-   ⚙️ **Declarative & Reproducible :** Thanks to NixOS, your system configuration is entirely declarative, ensuring reproducibility and easy maintenance.
+
+## 🛠️ Key Technologies
+
+#### Global project :
+-   **[NixOS](https://nixos.org):** A declarative Linux distribution that makes system management a breeze.
+-   **[Nix Flakes](https://wiki.nixos.org/wiki/Flakes):** For reproducible builds and dependency management.
+-   **[Sops-nix](https://github.com/Mic92/sops-nix):** For secure and convenient management of secrets.
+-   **[NixOS-anywhere](https://github.com/nix-community/nixos-anywhere):** For seamless initial deployment to any machine.
+-   **[Disko](https://github.com/nix-community/disko):** For declarative and predictable disk partitioning.
+
+#### Server-centric features :
+-   **[SnapRAID](https://www.snapraid.it):** Keep your data safe.
+-   **[Qemu/KVM](https://www.qemu.org):** Run virtual with near-native performance.
+-   **[Podman](https://podman.io):** Run rootless, containerized services with ease.
+-   **[Traefik](https://traefik.io/traefik):** A modern reverse proxy for securely exposing services.
+
+#### Desktop-centric features :
+-   **[GNOME](https://www.gnome.org):** A modern, elegant desktop environment.
+-   **[KDE Plasma](https://kde.org):** A full-featured and highly customizable desktop environment.
+
+#### TV-centric features :
+-   **[KDE Plasma Bigscreen](https://plasma-bigscreen.org):** An open-source TV interface for Linux.
+
+
 ## 🔧 Deployment Modes

 The `deploy.sh` script offers three modes to suit your needs:
@@ -7,21 +7,20 @@ export GUM_SPIN_SPINNER_BOLD=true
 export GUM_SPIN_SHOW_ERROR=true
 export GUM_SPIN_TITLE_BOLD=true

-NECESSARY_VARIABLES_LIST=(
+NECESSARY_BACKUP_SERVER_VARIABLES_LIST=(
  #LIVE TARGET SETTINGS
  LIVE_TARGET_IP
  LIVE_TARGET_PASSWD
  #SERVER SETTINGS
-  LANGUAGE
-  LOCALE
-  TIMEZONE
+  SERVER_LANGUAGE
+  SERVER_LOCALE
+  SERVER_TIMEZONE
  SERVER_OWNER_NAME
  SERVER_USER_EMAIL
  SERVER_ADMIN_EMAIL
-  AUTHORIZED_SSH_PUBLIC_KEY
+  SERVER_AUTHORIZED_SSH_PUBKEYS
  # TRAEFIK SETTINGS
-  DOMAIN_NAME
-  CLOUDFLARE_DNS_API_TOKEN
+  TRAEFIK_CLOUDFLARE_TOKEN
  # SMTP SETTINGS
  SMTP_SERVER_USERNAME
  SMTP_SERVER_PASSWORD
@@ -30,11 +29,83 @@ NECESSARY_VARIABLES_LIST=(
  #NETWORK SETTINGS
  NETWORK_SUBNET
  NETWORK_ROUTER_IP
-  HOME_SERVER_IP
+  NETWORK_HOME_SERVER_IP
  # SERVICES SETTINGS
-  SELECTED_DNS_SERVICE
-  SELECTED_WEB_APPLICATIONS
-  SELECTED_SYSTEM_SERVICES
+  SERVICES_DOMAIN_NAME
+  SERVICES_SELECTED_SYSTEM
+  SERVICES_SELECTED_WEB_APPLICATIONS
+)
+
+NECESSARY_COMPUTER_VARIABLES_LIST=(
+  #LIVE TARGET SETTINGS
+  LIVE_TARGET_IP
+  LIVE_TARGET_PASSWD
+  #COMPUTER SETTINGS
+  COMPUTER_LANGUAGE
+  COMPUTER_LOCALE
+  COMPUTER_TIMEZONE
+  COMPUTER_OWNER_NAME
+  COMPUTER_USER_EMAIL
+  COMPUTER_ADMIN_EMAIL
+  COMPUTER_AUTHORIZED_SSH_PUBKEYS
+  #NETWORK SETTINGS
+  NETWORK_SUBNET
+  NETWORK_ROUTER_IP
+  NETWORK_HOME_COMPUTER_IP
+  # SERVICES SETTINGS
+  SERVICES_SELECTED_SYSTEM
+  SERVICES_SELECTED_APPLICATIONS
+)
+
+NECESSARY_SERVER_VARIABLES_LIST=(
+  #LIVE TARGET SETTINGS
+  LIVE_TARGET_IP
+  LIVE_TARGET_PASSWD
+  #SERVER SETTINGS
+  SERVER_LANGUAGE
+  SERVER_LOCALE
+  SERVER_TIMEZONE
+  SERVER_OWNER_NAME
+  SERVER_USER_EMAIL
+  SERVER_ADMIN_EMAIL
+  SERVER_AUTHORIZED_SSH_PUBKEYS
+  # TRAEFIK SETTINGS
+  TRAEFIK_CLOUDFLARE_TOKEN
+  # SMTP SETTINGS
+  SMTP_SERVER_USERNAME
+  SMTP_SERVER_PASSWORD
+  SMTP_SERVER_HOST
+  SMTP_SERVER_PORT
+  #NETWORK SETTINGS
+  NETWORK_SUBNET
+  NETWORK_ROUTER_IP
+  NETWORK_HOME_SERVER_IP
+  # SERVICES SETTINGS
+  SERVICES_DOMAIN_NAME
+  SERVICES_SELECTED_DNS
+  SERVICES_SELECTED_SYSTEM
+  SERVICES_SELECTED_WEB_APPLICATIONS
+)
+
+NECESSARY_TV_VARIABLES_LIST=(
+  #LIVE TARGET SETTINGS
+  LIVE_TARGET_IP
+  LIVE_TARGET_PASSWD
+  #TV SETTINGS
+  TV_LANGUAGE
+  TV_LOCALE
+  TV_TIMEZONE
+  TV_OWNER_NAME
+  TV_USER_EMAIL
+  TV_ADMIN_EMAIL
+  TV_AUTHORIZED_SSH_PUBKEYS
+  #NETWORK SETTINGS
+  NETWORK_SUBNET
+  NETWORK_ROUTER_IP
+  NETWORK_HOME_TV_IP
+  # SERVICES SETTINGS
+  SERVICES_SELECTED_SYSTEM
+  SERVICES_SELECTED_WEB_APPLICATIONS
 )

 # Available services
@@ -42,6 +113,7 @@ DNS_SERVICES_LIST=(
  "pi-hole"
  "adguard"
 )
+
 WEB_APPLICATIONS_LIST=(
  "crafty"
  "frigate"
@@ -56,15 +128,18 @@ WEB_APPLICATIONS_LIST=(
  "uptime-kuma"
  "vscodium"
 )
+
 SYSTEM_SERVICES_LIST=(
  "clamav"
  "virtualization"
 )
+
 # Services descriptions
 DNS_SERVICES_DESCRIPTION=(
  "Pi-Hole : Simple open-source DNS black hole"
  "AdGuard : Feature rich DNS service"
 )
+
 WEB_APPLICATIONS_DESCRIPTION=(
  "Crafty : A web-based control panel for Minecraft servers"
  "Frigate [Home Assistant required] : AI-powered NVR for smart security cameras"
@@ -79,6 +154,7 @@ WEB_APPLICATIONS_DESCRIPTION=(
  "Uptime-Kuma : A fancy self-hosted monitoring tool"
  "VSCodium : An open-source version of VScode in your web browser"
 )
+
 SYSTEM_SERVICES_DESCRIPTION=(
  "ClamAV : An open-source anti-virus"
  "Virtualization : Run Virtual Machines (KVM/QEMU) with Libvirt"
@@ -162,13 +238,16 @@ necessary_information() {
  user_input "HOME_SERVER_IP" "  Please choose the ip address that your server will use (i.e. any address in the 192.168.1.1/24 range that is not in use.) :" "For example 192.168.1.5" "${IP_REGEX}" "Invalid IP address format."
 }

-necessary_information_config() {
+import_variables() {
+  VARIABLES_LIST="${1}"
+  NECESSARY="${2:-false}"
+
  echo -e "\n\n➡️  Please choose your configuration file :"
  local CONFIG_PATH="$(gum file)"

  source "${CONFIG_PATH}"
  local MISSING=0
-  for VAR in "${NECESSARY_VARIABLES_LIST[@]}"; do
+  for VAR in "${VARIABLES_LIST[@]}"; do
      if [[ -v "${VAR}" && -n "${!VAR}" ]]; then
        gum style "✅ "${VAR}" imported successfully from the config file"
      else
@@ -985,7 +1064,7 @@ elif [[ "$ACTION_ANSWER" == "[2] 💽 Deploy NixOS on a remote machine with a fi
  gum style --border normal --margin "1" --padding "1 2" --border-foreground 212 "➡️  On the target host : start the computer and boot into the NixOS iso.
              Launch a console and set up a new user password"
  gum confirm "Do you understand and wish to proceed?" || { echo "❌ Aborting as requested"; exit 1; }
-  necessary_information_config
+  import_variables
  hierarchy_preparation
  setup_ssh
  hardware_detection
@@ -17,8 +17,4 @@
  # Secrets
  sops.secrets."authorizedSshPublicKeys" = { owner = "numbus-admin"; path = "/home/numbus-admin/.ssh/authorized_keys"; mode = "0600"; };
  sops.secrets."smtpPassword" = { owner = "numbus-admin"; mode = "0600"; };
-  sops.secrets."cloudflareDnsApiToken" = { owner = "numbus-admin"; mode = "0600"; };
-
-#  # TPM2 PCR check
-#  systemIdentity.enable = true;
-#  systemIdentity.pcr15 = "PCR_HASH"; 
+  sops.secrets."cloudflareDnsApiToken" = { owner = "numbus-admin"; mode = "0600"; };
@@ -3,7 +3,7 @@
    # Core Nixpkgs
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
    # Numbus server configuration
-    numbus.url = "git+https://gittea.dev/numbus/numbus-server-module";
+    numbus.url = "git+https://gittea.dev/numbus/numbus-backup-server";
    numbus.inputs.nixpkgs.follows = "nixpkgs";
    # Disk-partitioning helper
    disko.url = "github:nix-community/disko";
@@ -0,0 +1,18 @@
+{ modulesPath, config, pkgs, inputs, ... }:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  # System
+  system.stateVersion = "25.11";
+
+  # Secrets management
+  sops.defaultSopsFile = ./secrets/secrets.yaml;
+  sops.age.sshKeyPaths = [ "/home/numbus-admin/.ssh/id_ed25519" ];
+  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+  # Secrets
+  sops.secrets."authorizedSshPublicKeys" = { owner = "numbus-admin"; path = "/home/numbus-admin/.ssh/authorized_keys"; mode = "0600"; };
@@ -0,0 +1,48 @@
+{
+  inputs = {
+    # Core Nixpkgs
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
+    # Numbus server configuration
+    numbus.url = "git+https://gittea.dev/numbus/numbus-computer";
+    numbus.inputs.nixpkgs.follows = "nixpkgs";
+    # Disk-partitioning helper
+    disko.url = "github:nix-community/disko";
+    disko.inputs.nixpkgs.follows = "nixpkgs";
+    # Secrets handling
+    sops-nix.url = "github:Mic92/sops-nix";
+    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
+    # Power savings
+    autoaspm.url = "git+https://git.notthebe.ee/notthebee/AutoASPM";
+    autoaspm.inputs.nixpkgs.follows = "nixpkgs";
+  };
+
+  outputs = { self, nixpkgs, numbus, disko, sops-nix, autoaspm, ... }@inputs: let
+    # System definition
+    system = "x86_64-linux";
+    pkgs = import nixpkgs {
+      inherit system;
+      config.allowUnfree = true;
+    };
+  in 
+  {
+    nixosConfigurations = {
+      numbus-server = nixpkgs.lib.nixosSystem {
+        inherit system;
+        specialArgs = { inherit inputs; };
+        modules = [
+          # Numbus server configuration
+          numbus.nixosModules.numbus
+          # Disk-partitioning helper
+          disko.nixosModules.disko
+          # Secrets handling
+          sops-nix.nixosModules.sops
+          # Power savings
+          autoaspm.nixosModules.autoaspm
+          # Core host configuration
+          ./configuration.nix
+          ./hardware-configuration.nix
+        ];
+      };
+    };
+  };
+}
@@ -0,0 +1,9 @@
+# .sops.yaml
+
+keys:
+  - &primary $SOPS_PUBLIC_KEY
+creation_rules:
+  - path_regex: secrets/secrets.yaml$
+    key_groups:
+    - age:
+      - *primary
@@ -0,0 +1,2 @@
+authorizedSshPublicKeys: |
+$SSH_KEYS_FORMATTED
@@ -0,0 +1,20 @@
+{ modulesPath, config, pkgs, inputs, ... }:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  # System
+  system.stateVersion = "25.11";
+
+  # Secrets management
+  sops.defaultSopsFile = ./secrets/secrets.yaml;
+  sops.age.sshKeyPaths = [ "/home/numbus-admin/.ssh/id_ed25519" ];
+  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+  # Secrets
+  sops.secrets."authorizedSshPublicKeys" = { owner = "numbus-admin"; path = "/home/numbus-admin/.ssh/authorized_keys"; mode = "0600"; };
+  sops.secrets."smtpPassword" = { owner = "numbus-admin"; mode = "0600"; };
+  sops.secrets."cloudflareDnsApiToken" = { owner = "numbus-admin"; mode = "0600"; };
@@ -0,0 +1,48 @@
+{
+  inputs = {
+    # Core Nixpkgs
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
+    # Numbus server configuration
+    numbus.url = "git+https://gittea.dev/numbus/numbus-server";
+    numbus.inputs.nixpkgs.follows = "nixpkgs";
+    # Disk-partitioning helper
+    disko.url = "github:nix-community/disko";
+    disko.inputs.nixpkgs.follows = "nixpkgs";
+    # Secrets handling
+    sops-nix.url = "github:Mic92/sops-nix";
+    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
+    # Power savings
+    autoaspm.url = "git+https://git.notthebe.ee/notthebee/AutoASPM";
+    autoaspm.inputs.nixpkgs.follows = "nixpkgs";
+  };
+
+  outputs = { self, nixpkgs, numbus, disko, sops-nix, autoaspm, ... }@inputs: let
+    # System definition
+    system = "x86_64-linux";
+    pkgs = import nixpkgs {
+      inherit system;
+      config.allowUnfree = true;
+    };
+  in 
+  {
+    nixosConfigurations = {
+      numbus-server = nixpkgs.lib.nixosSystem {
+        inherit system;
+        specialArgs = { inherit inputs; };
+        modules = [
+          # Numbus server configuration
+          numbus.nixosModules.numbus
+          # Disk-partitioning helper
+          disko.nixosModules.disko
+          # Secrets handling
+          sops-nix.nixosModules.sops
+          # Power savings
+          autoaspm.nixosModules.autoaspm
+          # Core host configuration
+          ./configuration.nix
+          ./hardware-configuration.nix
+        ];
+      };
+    };
+  };
+}
@@ -0,0 +1,9 @@
+# .sops.yaml
+
+keys:
+  - &primary $SOPS_PUBLIC_KEY
+creation_rules:
+  - path_regex: secrets/secrets.yaml$
+    key_groups:
+    - age:
+      - *primary
@@ -0,0 +1,4 @@
+authorizedSshPublicKeys: |
+$SSH_KEYS_FORMATTED
+smtpPassword: "$SMTP_SERVER_PASSWORD"
+cloudflareDnsApiToken: "$CLOUDFLARE_DNS_API_TOKEN"
@@ -0,0 +1,18 @@
+{ modulesPath, config, pkgs, inputs, ... }:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+    inputs.sops-nix.nixosModules.sops
+  ];
+
+  # System
+  system.stateVersion = "25.11";
+
+  # Secrets management
+  sops.defaultSopsFile = ./secrets/secrets.yaml;
+  sops.age.sshKeyPaths = [ "/home/numbus-admin/.ssh/id_ed25519" ];
+  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+  # Secrets
+  sops.secrets."authorizedSshPublicKeys" = { owner = "numbus-admin"; path = "/home/numbus-admin/.ssh/authorized_keys"; mode = "0600"; };
@@ -0,0 +1,48 @@
+{
+  inputs = {
+    # Core Nixpkgs
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
+    # Numbus server configuration
+    numbus.url = "git+https://gittea.dev/numbus/numbus-tv";
+    numbus.inputs.nixpkgs.follows = "nixpkgs";
+    # Disk-partitioning helper
+    disko.url = "github:nix-community/disko";
+    disko.inputs.nixpkgs.follows = "nixpkgs";
+    # Secrets handling
+    sops-nix.url = "github:Mic92/sops-nix";
+    sops-nix.inputs.nixpkgs.follows = "nixpkgs";
+    # Power savings
+    autoaspm.url = "git+https://git.notthebe.ee/notthebee/AutoASPM";
+    autoaspm.inputs.nixpkgs.follows = "nixpkgs";
+  };
+
+  outputs = { self, nixpkgs, numbus, disko, sops-nix, autoaspm, ... }@inputs: let
+    # System definition
+    system = "x86_64-linux";
+    pkgs = import nixpkgs {
+      inherit system;
+      config.allowUnfree = true;
+    };
+  in 
+  {
+    nixosConfigurations = {
+      numbus-server = nixpkgs.lib.nixosSystem {
+        inherit system;
+        specialArgs = { inherit inputs; };
+        modules = [
+          # Numbus server configuration
+          numbus.nixosModules.numbus
+          # Disk-partitioning helper
+          disko.nixosModules.disko
+          # Secrets handling
+          sops-nix.nixosModules.sops
+          # Power savings
+          autoaspm.nixosModules.autoaspm
+          # Core host configuration
+          ./configuration.nix
+          ./hardware-configuration.nix
+        ];
+      };
+    };
+  };
+}
@@ -0,0 +1,9 @@
+# .sops.yaml
+
+keys:
+  - &primary $SOPS_PUBLIC_KEY
+creation_rules:
+  - path_regex: secrets/secrets.yaml$
+    key_groups:
+    - age:
+      - *primary
@@ -0,0 +1,2 @@
+authorizedSshPublicKeys: |
+$SSH_KEYS_FORMATTED