Added documentation for the numbus-server

deploy.sh

@@ -30,23 +30,22 @@ NECESSARY_BACKUP_SERVER_VARIABLES_LIST=(
   NETWORK_SUBNET
   NETWORK_ROUTER_IP
   NETWORK_HOME_SERVER_IP
-  # SERVICES SETTINGS
-  SERVICES_DOMAIN_NAME
-  SERVICES_SELECTED_SYSTEM
-  SERVICES_SELECTED_WEB_APPLICATIONS
 )
 
 OPTIONAL_BACKUP_SERVER_VARIABLES_LIST=(
   # SERVICES SETTINGS
-  SELECTED_DNS_SERVICE_SUBDOMAIN
-  SELECTED_WEB_APPLICATIONS_SUBDOMAIN
+  SERVICES_DOMAIN_NAME
+  SERVICES_SELECTED_SYSTEM_PACKAGES
+  SERVICES_SELECTED_SYSTEM_SERVICES
+  SERVICES_SELECTED_WEB_APPLICATIONS
+  SERVIVCES_SELECTED_WEB_APPLICATIONS_SUBDOMAIN
 )
 
 NECESSARY_COMPUTER_VARIABLES_LIST=(
-  #LIVE TARGET SETTINGS
+  # LIVE TARGET SETTINGS
   LIVE_TARGET_IP
   LIVE_TARGET_PASSWD
-  #COMPUTER SETTINGS
+  # COMPUTER SETTINGS
   COMPUTER_LANGUAGE
   COMPUTER_LOCALE
   COMPUTER_TIMEZONE
@@ -54,16 +53,22 @@ NECESSARY_COMPUTER_VARIABLES_LIST=(
   COMPUTER_USER_EMAIL
   COMPUTER_ADMIN_EMAIL
   COMPUTER_AUTHORIZED_SSH_PUBKEYS
-  #NETWORK SETTINGS
-  NETWORK_SUBNET
-  NETWORK_ROUTER_IP
-  NETWORK_HOME_COMPUTER_IP
+  # USER SETTINGS
+  USER_ADMINISTRATORS
+  USER_NORMAL_USERS
 )
 
 OPTIONAL_COMPUTER_VARIABLES_LIST=(
+  # NETWORK SETTINGS
+  NETWORK_SUBNET
+  NETWORK_ROUTER_IP
+  NETWORK_HOME_COMPUTER_IP
   # SERVICES SETTINGS
-  SERVICES_SELECTED_SYSTEM
-  SERVICES_SELECTED_APPLICATIONS
+  SERVICES_SELECTED_SYSTEM_PACKAGES
+  SERVICES_SELECTED_DESKTOP_ENVIRONMENT
+  SERVICE_SELECTED_GNOME_EXTENSIONS
+  SERVICES_SELECTED_FLATPAK_APPLICATIONS
+  SERVICES_SELECTED_WEB_APPLICATIONS
 )
 
 NECESSARY_SERVER_VARIABLES_LIST=(
@@ -122,16 +127,18 @@ NECESSARY_TV_VARIABLES_LIST=(
 
 OPTIONAL_TV_VARIABLES_LIST=(
   # SERVICES SETTINGS
-  SERVICES_SELECTED_SYSTEM
+  SERVICES_SELECTED_SYSTEM_PACKAGES
+  SERVICES_SELECTED_FLATPAK_APPLICATIONS
   SERVICES_SELECTED_WEB_APPLICATIONS
 )
 
-# Available services
+# Available DNS services
 DNS_SERVICES_LIST=(
   "pi-hole"
   "adguard"
 )
 
+# Available services
 WEB_APPLICATIONS_LIST=(
   "crafty"
   "frigate"
@@ -151,6 +158,7 @@ WEB_APPLICATIONS_LIST=(
   "vscodium"
 )
 
+# Available system services
 SYSTEM_SERVICES_LIST=(
   "clamav"
   "virtualization"
@@ -158,27 +166,27 @@ SYSTEM_SERVICES_LIST=(
 
 # Services descriptions
 DNS_SERVICES_DESCRIPTION=(
-  "Pi-Hole : Simple open-source DNS black hole"
-  "AdGuard : Feature rich DNS service"
+  "Pi-hole : Simple, fully open network-wide Ad Blocker"
+  "AdGuard : Feature-rich network-wide Ad Blocker"
 )
 
 WEB_APPLICATIONS_DESCRIPTION=(
   "Crafty : A web-based control panel for Minecraft servers"
-  "Frigate [Home Assistant required] : AI-powered NVR for smart security cameras"
-  "Gitea : A lightweight, self-hosted Git service like GitHub"
-  "Home-Assistant : Open-source home automation to control all your devices"
-  "Homepage : A modern dashboard to organize your applications and services"
-  "Immich : Self-hosted Google Photos alternative for photos and videos"
+  "Frigate [Home Assistant required] : NVR with real-time local object detection for IP cameras"
+  "Gitea : Painless self-hosted Git service"
+  "Home-Assistant : Open source home automation that puts local control and privacy first"
+  "Homepage : A modern, secure, highly customizable application dashboard"
+  "Immich : High performance self-hosted photo and video management solution"
   "IT-tools : Handy collection of online tools for developers"
-  "Jellyfin : A self-hosted media server to stream your movies and music"
-  "N8n : Workflow automation tool"
-  "netboot.xyz : PXE boot various OS installers and utilities"
-  "Nextcloud : A self-hosted productivity platform, like Google Drive & Office"
-  "Ntfy : Send push notifications to your phone or desktop via HTTP"
-  "Odoo : Open-source business management suite (ERP & CRM)"
-  "Passbolt: An open-source, security-first password manager for teams"
+  "Jellyfin : The Free Software Media System"
+  "N8n : Workflow automation for technical people"
+  "netboot.xyz : Network boot various operating system installers and utilities"
+  "Nextcloud : The most popular self-hosted collaboration platform"
+  "Ntfy : Send push notifications to your phone or desktop via PUT/POST"
+  "Odoo : Open Source ERP and CRM"
+  "Passbolt : Open source password manager for teams"
   "Uptime-Kuma : A fancy self-hosted monitoring tool"
-  "VSCodium : An open-source version of VScode in your web browser"
+  "VSCodium : Free/Libre Open Source Software Binaries of VS Code"
 )
 
 SYSTEM_SERVICES_DESCRIPTION=(
@@ -1032,99 +1040,54 @@ it simple and use defaults) and take care to note down all the passwords. Change
 
 set -euo pipefail
 
-fastfetch --logo nixos --structure ' '
+clear
+fastfetch --logo nixos --logo-padding-left 4 --structure ' '
 
-cat << EOF
-
- ██████   █████                            █████                          
-▒▒██████ ▒▒███                            ▒▒███                           
- ▒███▒███ ▒███  █████ ████ █████████████   ▒███████  █████ ████  █████    
- ▒███▒▒███▒███ ▒▒███ ▒███ ▒▒███▒▒███▒▒███  ▒███▒▒███▒▒███ ▒███  ███▒▒     
- ▒███ ▒▒██████  ▒███ ▒███  ▒███ ▒███ ▒███  ▒███ ▒███ ▒███ ▒███ ▒▒█████    
- ▒███  ▒▒█████  ▒███ ▒███  ▒███ ▒███ ▒███  ▒███ ▒███ ▒███ ▒███  ▒▒▒▒███   
- █████  ▒▒█████ ▒▒████████ █████▒███ █████ ████████  ▒▒████████ ██████    
-▒▒▒▒▒    ▒▒▒▒▒   ▒▒▒▒▒▒▒▒ ▒▒▒▒▒ ▒▒▒ ▒▒▒▒▒ ▒▒▒▒▒▒▒▒    ▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒     
-
-  █████████                                                               
- ███▒▒▒▒▒███                                                              
-▒███    ▒▒▒   ██████  ████████  █████ █████  ██████  ████████             
-▒▒█████████  ███▒▒███▒▒███▒▒███▒▒███ ▒▒███  ███▒▒███▒▒███▒▒███            
- ▒▒▒▒▒▒▒▒███▒███████  ▒███ ▒▒▒  ▒███  ▒███ ▒███████  ▒███ ▒▒▒             
- ███    ▒███▒███▒▒▒   ▒███      ▒▒███ ███  ▒███▒▒▒   ▒███                 
-▒▒█████████ ▒▒██████  █████      ▒▒█████   ▒▒██████  █████                
- ▒▒▒▒▒▒▒▒▒   ▒▒▒▒▒▒  ▒▒▒▒▒        ▒▒▒▒▒     ▒▒▒▒▒▒  ▒▒▒▒▒                 
-
-EOF
+gum style --align center --width 80 --foreground 212 "
+ ██████   █████                            █████
+▒▒██████ ▒▒███                            ▒▒███
+ ▒███▒███ ▒███  █████ ████ █████████████   ▒███████  █████ ████  █████
+ ▒███▒▒███▒███ ▒▒███ ▒▒███ ▒▒███▒▒███▒▒███  ▒███▒▒███▒▒███ ▒▒███  ███▒▒
+ ▒███ ▒▒██████  ▒███ ▒▒███  ▒███ ▒███ ▒███  ▒███ ▒███ ▒███ ▒▒███ ▒▒█████
+ ▒███  ▒▒█████  ▒███ ▒▒███  ▒███ ▒███ ▒███  ▒███ ▒███ ▒███ ▒▒███  ▒▒▒▒███
+ █████  ▒▒█████ ▒▒████████ █████▒███ █████ ████████  ▒▒████████ ██████
+▒▒▒▒▒    ▒▒▒▒▒   ▒▒▒▒▒▒▒▒ ▒▒▒▒▒ ▒▒▒ ▒▒▒▒▒ ▒▒▒▒▒▒▒▒    ▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒
 
+  █████████
+ ███▒▒▒▒▒███
+▒███    ▒▒▒   ██████  ████████  █████ █████  ██████  ████████
+▒▒█████████  ███▒▒███▒▒███▒▒███▒▒███ ▒▒███  ███▒▒███▒▒███▒▒███
+ ▒▒▒▒▒▒▒▒███▒███████  ▒███ ▒▒▒  ▒███  ▒███ ▒███████  ▒███ ▒▒▒
+ ███    ▒███▒███▒▒▒   ▒███      ▒▒███ ███  ▒███▒▒▒   ▒███
+▒▒█████████ ▒▒██████  █████      ▒▒█████   ▒▒██████  █████
+ ▒▒▒▒▒▒▒▒▒   ▒▒▒▒▒▒  ▒▒▒▒▒        ▒▒▒▒▒     ▒▒▒▒▒▒  ▒▒▒▒▒
+"
 sleep 1
 
-# Choose the action
-ACTION_ANSWER=$(gum choose \
-  "[1.A] 🌍 Deploy interactively a numbus-server" \
-  "[1.B] 🌍 Deploy non-interactively (with a config file) a numbus-server" \
-  "[2.A] 💾 Deploy interactively a numbus-backup-server" \
-  "[2.B] 💾 Deploy non-interactively (with a config file) a numbus-backup-server" \
-  "[3.A] 💻 Deploy interactively a numbus-computer" \
-  "[3.B] 💻 Deploy non-interactively (with a config file) a numbus-computer" \
-  "[4.A] 📺 Deploy interactively a numbus-tv" \
-  "[4.B] 📺 Deploy non-interactively (with a config file) a numbus-tv" )
+SELECTED_DEVICE=$(gum choose --header "📦 Select the device type to deploy:" \
+  "numbus-server" \
+  "numbus-backup-server" \
+  "numbus-computer" \
+  "numbus-tv" \
+)
 
-if [[ "$ACTION_ANSWER" == "[1] 🌐 Deploy NixOS on a remote machine" ]]; then
-  TARGET_USER="nixos"
-  echo -e "\n➡️  Proceeding with deployment…"
-  gum style --border normal --margin "1" --padding "1 2" --border-foreground 212 "➡️  On the target host : start the computer and boot into the NixOS iso.
-              Launch a console and set up a new user password"
-  gum confirm "Do you understand and wish to proceed?" || { echo "❌ Aborting as requested"; exit 1; }
-  strictly_necessary_information
-  necessary_information
-  hierarchy_preparation
-  setup_ssh
-  hardware_detection
-  services_selection
-  disks_selection
-  server_config_generation
-  network_config_generation
-  services_config_generation
-  mail_config_generation
-  disk_config_generation
-  keys_generation
-  sum_up
-  cloudflare_dns_setup
-  export_configuration
-  deploy
-  postrun_action
+SELECTED_MODE=$(gum choose --header "🛠️ Select the deployment strategy for ${SELECTED_DEVICE}:" \
+  "Semi-interactive (recommended - use a config file)" \
+  "Interactive (manual input)" \
+  "Update and Maintain (existing installation)" \
+)
 
-elif [[ "$ACTION_ANSWER" == "[2] 💽 Deploy NixOS on a remote machine with a file configuration" ]]; then
-  TARGET_USER="nixos"
-  echo -e "\n➡️  Proceeding with deployment using a config file…"
-  gum style --border normal --margin "1" --padding "1 2" --border-foreground 212 "➡️  On the target host : start the computer and boot into the NixOS iso.
-              Launch a console and set up a new user password"
-  gum confirm "Do you understand and wish to proceed?" || { echo "❌ Aborting as requested"; exit 1; }
-  import_variables
-  hierarchy_preparation
-  setup_ssh
-  hardware_detection
-  disks_selection
-  server_config_generation
-  network_config_generation
-  services_config_generation
-  mail_config_generation
-  disk_config_generation
-  keys_generation
-  sum_up
-  cloudflare_dns_setup
-  export_configuration
-  deploy
-  postrun_action
-
-elif [[ "$ACTION_ANSWER" == "[3] 🛠️ Update a NixOS remote machine" ]]; then
+if [[ "${SELECTED_MODE}" == "Update and Maintain"* ]]; then
   TARGET_USER="numbus-admin"
-  echo -e "\n➡️  Proceeding with update…"
-  gum style --border normal --margin "1" --padding "1 2" --border-foreground 212 "➡️  On the target host : make sure the NixOS installation you want
-        to update is up-and-running, accessible with SSH"
-  gum confirm "Do you understand and wish to proceed?" || { echo "❌ Aborting as requested."; exit 1; }
+  echo -e "\n➡️  Proceeding with maintenance/update for ${SELECTED_DEVICE}..."
+  gum style --border normal --margin "1" --padding "1 2" --border-foreground 212 \
+    "➡️  Ensure the remote device is powered on and accessible via SSH."
+  
+  gum confirm "Ready to proceed?" || { echo "❌ Aborted."; exit 1; }
+  
   strictly_necessary_information
   setup_ssh
+  # Maintain legacy update sequence
   more_information_config
   folder_tree_generation
   nix_generation
@@ -1132,6 +1095,52 @@ elif [[ "$ACTION_ANSWER" == "[3] 🛠️ Update a NixOS remote machine" ]]; then
   congrats
 
 else
-  echo "Aborting - you did not type 1, 2 or 3"
-  exit 1
+  TARGET_USER="nixos"
+  echo -e "\n➡️  Proceeding with new deployment for ${SELECTED_DEVICE}..."
+  gum style --border normal --margin "1" --padding "1 2" --border-foreground 212 \
+    "➡️  On the target host: Boot into the NixOS ISO, launch a console, and set a temporary user password."
+  
+  gum confirm "Ready to proceed?" || { echo "❌ Aborted."; exit 1; }
+
+  if [[ "${SELECTED_MODE}" == "Semi-interactive"* ]]; then
+    import_variables "${VARS_LIST[@]}" "true"
+  else
+    strictly_necessary_information
+    necessary_information
+  fi
+
+  # Standard Deployment Pipeline
+  hierarchy_preparation
+  setup_ssh
+  hardware_detection
+
+  # Server-specific logic
+  if [[ "${SELECTED_DEVICE}" == "numbus-server" ]]; then
+    services_selection
+  fi
+
+  disks_selection
+  server_config_generation
+  network_config_generation
+
+  if [[ "${SELECTED_DEVICE}" == "numbus-server" ]]; then
+    services_config_generation
+  fi
+
+  # Mail setup for server-grade devices
+  if [[ "${SELECTED_DEVICE}" == *"server"* ]]; then
+    mail_config_generation
+  fi
+
+  disk_config_generation
+  keys_generation
+  sum_up
+
+  if [[ "${SELECTED_DEVICE}" == "numbus-server" ]]; then
+    cloudflare_dns_setup
+  fi
+
+  export_configuration
+  deploy
+  postrun_action
 fi

docs/index.md

@@ -0,0 +1,45 @@
+# Numbus documentation
+
+<img title="Numbus Logo" src="./logo.png" alt="The Numbus logo" width="220">
+
+## Deployment process overview
+
+<img title="Overview of the deployment process" src="./deployment_overview.png" alt="A graph showing an overview of the deployment process" width="525">
+
+## Table of contents
+
+### [Numbus Server](https://gittea.dev/numbus/numbus-server)
+
+* [Presentation](https://gittea.dev/numbus/numbus-server)
+* [Requirements](./numbus-server/requirements.md)
+* [Configuration](./numbus-server/configuration/index.md)
+* [Deployment](./numbus-server/deployment/index.md)
+* [Updates](./numbus-server/updates/index.md)
+* [Maintenance](./numbus-server/maintenance/index.md)
+
+### [Numbus Backup Server](https://gittea.dev/numbus/numbus-backup-server)
+
+* [Presentation](https://gittea.dev/numbus/numbus-backup-server)
+* [Requirements](./numbus-backup-server/requirements.md)
+* [Configuration](./numbus-backup-server/configuration/index.md)
+* [Deployment](./numbus-backup-server/deployment/index.md)
+* [Updates](./numbus-backup-server/updates/index.md)
+* [Maintenance](./numbus-backup-server/maintenance/index.md)
+
+### [Numbus Computer](https://gittea.dev/numbus/numbus-computer)
+
+* [Presentation](https://gittea.dev/numbus/numbus-computer)
+* [Requirements](./numbus-computer/requirements.md)
+* [Configuration](./numbus-computer/configuration/index.md)
+* [Deployment](./numbus-computer/deployment/index.md)
+* [Updates](./numbus-computer/updates/index.md)
+* [Maintenance](./numbus-computer/maintenance/index.md)
+
+### [Numbus TV](https://gittea.dev/numbus/numbus-tv)
+
+* [Presentation](https://gittea.dev/numbus/numbus-tv)
+* [Requirements](./numbus-tv/requirements.md)
+* [Configuration](./numbus-tv/configuration/index.md)
+* [Deployment](./numbus-tv/deployment/index.md)
+* [Updates](./numbus-tv/updates/index.md)
+* [Maintenance](./numbus-tv/maintenance/index.md)

docs/numbus-backup-server/requirements.md

@@ -0,0 +1,31 @@
+# Requirements
+
+### To deploy
+
+To deploy a numbus-backup-server, you will need :
+
+* A **live NixOS** bootable USB disk.
+
+You will make the **target** machine **boot** into the NixOS live environment using this **USB stick**. Download the [NixOS iso](https://github.com/nix-community/nixos-images/releases/download/nixos-unstable/nixos-installer-x86_64-linux.iso) image.
+
+*On Linux* : Flash it using [Impression (flatpak)](https://flathub.org/en/apps/io.gitlab.adhami3310.Impression) or [BalenaEtcher (AppImage)](https://etcher.balena.io/#download-etcher).
+
+*On MacOS* : Flash it using [BalenaEtcher](https://etcher.balena.io/#download-etcher).
+
+*On Windows* : Flash it using [Rufus](https://rufus.ie/en/#download) or [BalenaEtcher](https://etcher.balena.io/#download-etcher).
+
+* **Source** Machine:
+
+Can be any machine with **Nix installed**, e.g. a **NixOS** machine.
+
+* **Target** Machine:
+
+Can be **any computer** (desktop, SFF, tiny/mini/micro, even a laptop). It could be a dedicated server that you bought or just some computer that you decided to repurpose into a backup server.
+
+* **Network connection** between the source and the target machine.
+
+---
+
+### Next step
+
+[Configuration](./configuration/index.md)

docs/numbus-computer/requirements.md

@@ -0,0 +1,31 @@
+# Requirements
+
+### To deploy
+
+To deploy a numbus-backup-server, you will need :
+
+* A **live NixOS** bootable USB disk.
+
+You will make the **target** machine **boot** into the NixOS live environment using this **USB stick**. Download the [NixOS iso](https://github.com/nix-community/nixos-images/releases/download/nixos-unstable/nixos-installer-x86_64-linux.iso) image.
+
+*On Linux* : Flash it using [Impression (flatpak)](https://flathub.org/en/apps/io.gitlab.adhami3310.Impression) or [BalenaEtcher (AppImage)](https://etcher.balena.io/#download-etcher).
+
+*On MacOS* : Flash it using [BalenaEtcher](https://etcher.balena.io/#download-etcher).
+
+*On Windows* : Flash it using [Rufus](https://rufus.ie/en/#download) or [BalenaEtcher](https://etcher.balena.io/#download-etcher).
+
+* **Source** Machine:
+
+Can be any machine with **Nix installed**, e.g. a **NixOS** machine.
+
+* **Target** Machine:
+
+Can be **any computer** (desktop, SFF, tiny/mini/micro, even a laptop). It could be a dedicated server that you bought or just some computer that you decided to repurpose into a backup server.
+
+* **Network connection** between the source and the target machine.
+
+---
+
+### Next step
+
+[Configuration](./configuration/index.md)

docs/numbus-server/configuration/automatic_ssl_certs.md

@@ -0,0 +1,7 @@
+# Documentation
+
+## 🚦 Configuring Traefik
+
+| Variable | Description | Values | Default |
+| -------- | ----------- | ------ | --------- | 
+| CLOUDFLARE_DNS_API_TOKEN | The Cloudflare API token with "Zone.DNS" permissions, used for SSL certificate generation. | "bA7hdvCOuXGytlNKohi3ZGtlVpf5CHpLuCMiJrE" | null. Not setting this variable will cause the script to fail. |

docs/numbus-server/configuration/index.md

@@ -0,0 +1,19 @@
+# Documentation
+
+## ✏️ Filling the configuration file
+
+You can deploy the numbus-server without using a configuration file, **but I would strongly advise it** as it diminishes the risk of **typos** when providing credentials. It also creates a file that you can **keep**, **reuse**, **consult** whenever you are **in doubt** about a certain setting.
+
+> 🚀 Let's fill this configuration file !
+
+The configuration file is divided into **multiple categories**. Some of them are **optional**, some are **mandatory**. Here is the list of categories :
+
+| Category | Available variables |
+| -------- | ------------------  |
+| [Live target settings](./live_target.md) | 2 |
+| [Server settings](/.server.md) | 7 |
+| [Mail settings](./mail.md) | 4 |
+| [Traefik settings](./automatic_ssl_certs.md) | 1 |
+| [Network settings](./network.md) | 3 |
+| [Services selection](./services/index.md) | 5 |
+| [Script settings](./script.md) | 1 |

docs/numbus-server/configuration/live_target.md

@@ -0,0 +1,8 @@
+# Documentation
+
+### 📦 Configuring the target settings
+
+| Variable | Description | Values | Default |
+| -------- | ----------- | ------- | --------- | 
+| LIVE_TARGET_IP | The IP address of the target machine. Without the CIDR notation. | "192.168.1.28", "10.10.10.45", ... |  |
+| LIVE_TARGET_PASSWD | The password of the target machine that you set using the `passwd` command. | "my-password", ... |  |

docs/numbus-server/configuration/mail.md

@@ -0,0 +1,24 @@
+# Documentation
+
+## 📬 Configuring the mail settings
+
+| Variable | Description | Values | Default |
+| -------- | ----------- | ------ | --------- | 
+| SMTP_SERVER_USERNAME | The email address used to send automated emails (alerts, notifications). | "your-address@your-domain.com" |  |
+| SMTP_SERVER_PASSWORD | The password or app-specific password for the email account. | "your-secure-password" |  |
+| SMTP_SERVER_HOST | The address of the SMTP server. | "smtp.yourdomain.com" | "smtp.gmail.com" |
+| SMTP_SERVER_PORT | The port number for the SMTP server. | "587" or "465" | "587" |
+
+## ❓ I don't already have an SMTP capable email
+
+If your provider doesn't support **standard SMTP**, the easiest solution is to create a **free Gmail account** dedicated to your server. 
+
+Gmail allows you to generate an **App Password** which works perfectly for automated alerts.
+
+1. Navigate to the [Google account creation page](https://accounts.google.com/signup). Follow the prompts to create your account. Feel free **not to provide** real information about yourself. Giving your phone number and home address is **not needed**.
+
+2. Once your account is **created** navigate to the [Google account settings](https://myaccount.google.com).
+
+3. In the security page, enable the **two factor authentication (2FA)**. The best way to enable 2FA without providing too much information is using **TOTP codes** (under Authenticator label). You can use the open-source [Ente Auth](https://ente.io/auth/) app to get your **TOTP codes**.
+
+4. Finally, once **2FA** is enabled, you can generate an **app password**. Navigate to the [app passwords page](https://myaccount.google.com/apppasswords). Generate an app password and call it "numbus-server" to **remember** what it is used for.

docs/numbus-server/configuration/network.md

@@ -0,0 +1,9 @@
+# Documentation
+
+## 🛜 Configuring the server's network settings
+
+| Variable | Description | Values | Default |
+| -------- | ----------- | ------ | --------- | 
+| NETWORK_SUBNET | The local network subnet in CIDR notation. | "192.168.1.0/24", "10.10.10.0/24", ... | "192.168.1.0/24" |
+| NETWORK_ROUTER_IP | The IP address of your internet router/gateway. | "192.168.1.1", "192.168.1.254", ... | "192.168.1.1" |
+| HOME_SERVER_IP | The static IP address to assign to this server (must be outside the router's DHCP range). | "192.168.1.5", "192.168.0.200", ... | "192.168.1.254" |

docs/numbus-server/configuration/script.md

@@ -0,0 +1,7 @@
+# Documentation
+
+## 📜 Configuring the script's settings
+
+| Variable | Description | Values | Default |
+| -------- | ----------- | ------ | --------- | 
+| VERBOSE | Enables verbose logging for the deployment script (useful for debugging). | "true" or "false" | "false" |

docs/numbus-server/configuration/server.md

@@ -0,0 +1,13 @@
+# Documentation
+
+## ⚙️ Configuring the server settings
+
+| Variable | Description | Values | Default |
+| -------- | ----------- | ------ | --------- | 
+| SERVER_LANGUAGE | The desired language for the server's system and services. | "FR", "DE", "UK", ... | "FR" |
+| SERVER_LOCALE | Defines the server's regional settings, including date, time, and number formatting. | "fr_FR", "de_DE", "en_UK", ... | "fr_FR" |
+| SERVER_TIMEZONE | Sets the server's timezone to ensure accurate timekeeping for logs and services. | "Europe/Paris", "Europe/Berlin", "Europe/London", ... | "Europe/Paris" |
+| SERVER_OWNER_NAME | The name of the server owner. Will be used for emails personnalization and server identification (if you have multiple servers for example). | "Alexandre", "Jane", ... | "Numbus" |
+| SERVER_USER_EMAIL | This email will be used to send friendly alerts in case of problems. | "your-user@your-domain.com" |  |
+| SERVER_ADMIN_EMAIL | This email will be used to send complete alerts, including some logs, in case of problems. | "your-admin@your-domain.com" |  |
+| SERVER_AUTHORIZED_SSH_PUBKEYS | The public SSH key(s) that will be authorized to access the server. You can add multiple keys in the parenthesis, space-separated. | ( "ssh-ed25519 AAAAoefzefpoipoeCEZJCPEACPAcjapjcpajepcjAPJECJPEJAPJAZ yours@your-domain.com" ) |  |

docs/numbus-server/configuration/services/crafty.md

@@ -0,0 +1,13 @@
+# Documentation
+
+## ⛏️ Configuring Crafty Controller
+
+To access your Minecraft server, **ports** need to be **open on the firewall**. In order to **minimize** the number of open ports and thus reduce **risks**, the numbus-server will only open a necessary number of ports that matches the number of minecraft. **Most people** should set the number of servers to **1** of their favorite version.
+
+These option **only configure networking** and **won't** create the Minecraft server for you. You will have to do it in Crafty's interface.
+
+| Variable | Description | Values | Default |
+| -------- | ----------- | ------ | --------- |
+| DYNMAP_ENABLED | Enables the Dynmap feature for Minecraft servers. | "true" or "false" | "false" |
+| WANTED_NUMBER_OF_JAVA_MINECRAFT_SERVERS | The number of Java Edition Minecraft servers you plan on creating. | "0", "1", ..., "100" | "0" |
+| WANTED_NUMBER_OF_BEDROCK_MINECRAFT_SERVERS | The number of Bedrock Edition Minecraft servers you plan on creating. | "0", "1", ..., "100" | "0" |

docs/numbus-server/configuration/services/index.md

@@ -0,0 +1,45 @@
+# Documentation
+
+## 🛠️ Configuring the server's services
+
+| Variable | Description | Values | Default |
+| -------- | ----------- | ------ | --------- | 
+| SELECTED_DNS_SERVICE | The DNS service to install (AdBlocking). | ( "pi-hole" ), ( "adguard" ) | ( "pi-hole" ) |
+| SELECTED_WEB_APPLICATIONS | The list of web applications to install. | ( "nextcloud" ), ( "homepage" jellyfin" "it-tools" "netbootxyz" ), ... [see the full list below](./index.md#web-applications-list) |  |
+| SELECTED_SYSTEM_SERVICES | The list of system services to install. | ( "clamav" ), ( "virtualization" "clamav" ), ... [see the full list below](./index.md#system-services-list) |  |
+| SELECTED_DNS_SERVICE_SUBDOMAIN | Custom subdomain for the DNS service. | "my-dns" | Will be the name of the service. I.e. pi-hole.your-domain.com or adguard.your-domain.com |
+| SELECTED_WEB_APPLICATIONS_SUBDOMAIN | Custom subdomains for the web applications (must match the order of SELECTED_WEB_APPLICATIONS). | "my-cloud", "my-photos" | Will be the name of the service. I.e. nextcloud.your-domain.com, immich.your-domain.com, ... |
+
+## Web applications list
+
+This is the list of **all the available apps** that can be enabled on the numbus-server. You can choose as many as you want, just **keep in mind** that enabling more apps will be more resource **intensive** and consume more power.
+
+| Name | Description | Additional settings ? |
+| -------- | ----------- | ------ |
+| pi-hole | Simple, fully open network-wide Ad Blocker. | No |
+| adguard | Feature-rich network-wide Ad Blocker. | No |
+| crafty | Minecraft server(s) manager. | [Yes](./crafty.md) |
+| frigate | NVR with real-time local object detection. | No |
+| gitea | Painless self-hosted Git service. | No |
+| home-assistant | Open source home automation. | No |
+| homepage | A modern, secure, highly customizable dashboard. | No |
+| immich | High performance self-hosted photo/video management. | No |
+| it-tools | Collection of online tools for developers. | No |
+| jellyfin | The Free Software Media System. | No |
+| n8n | Workflow automation tool. | No |
+| netbootxyz | Network boot operating system installers. | No |
+| nextcloud | Self-hosted collaboration platform. | No |
+| ntfy | Send push notifications via HTTP. | No |
+| odoo | Open Source ERP and CRM. | No |
+| passbolt | Open source password manager. | No |
+| uptime-kuma | Self-hosted monitoring tool. | No |
+| vscodium | VS Code in your browser. | No |
+| clamav | Open-source anti-virus. | No |
+| virtualization | Run Virtual Machines (KVM/QEMU). | No |
+
+## System services list
+
+| Name | Description | Additional settings ? |
+| -------- | ----------- | ------ |
+| clamav | Open-source anti-virus software. | No |
+| virtualization | Run Virtual Machines (KVM/QEMU). | No |

docs/numbus-server/requirements.md

@@ -0,0 +1,31 @@
+# Requirements
+
+### To deploy
+
+To deploy a numbus-backup-server, you will need :
+
+* A **live NixOS** bootable USB disk.
+
+You will make the **target** machine **boot** into the NixOS live environment using this **USB stick**. Download the [NixOS iso](https://github.com/nix-community/nixos-images/releases/download/nixos-unstable/nixos-installer-x86_64-linux.iso) image.
+
+*On Linux* : Flash it using [Impression (flatpak)](https://flathub.org/en/apps/io.gitlab.adhami3310.Impression) or [BalenaEtcher (AppImage)](https://etcher.balena.io/#download-etcher).
+
+*On MacOS* : Flash it using [BalenaEtcher](https://etcher.balena.io/#download-etcher).
+
+*On Windows* : Flash it using [Rufus](https://rufus.ie/en/#download) or [BalenaEtcher](https://etcher.balena.io/#download-etcher).
+
+* **Source** Machine:
+
+Can be any machine with **Nix installed**, e.g. a **NixOS** machine.
+
+* **Target** Machine:
+
+Can be **any computer** (desktop, SFF, tiny/mini/micro, even a laptop). It could be a dedicated server that you bought or just some computer that you decided to repurpose into a backup server.
+
+* **Network connection** between the source and the target machine.
+
+---
+
+### Next step
+
+[Configuration](./configuration/index.md)

docs/numbus-tv/requirements.md

@@ -0,0 +1,31 @@
+# Requirements
+
+### To deploy
+
+To deploy a numbus-backup-server, you will need :
+
+* A **live NixOS** bootable USB disk.
+
+You will make the **target** machine **boot** into the NixOS live environment using this **USB stick**. Download the [NixOS iso](https://github.com/nix-community/nixos-images/releases/download/nixos-unstable/nixos-installer-x86_64-linux.iso) image.
+
+*On Linux* : Flash it using [Impression (flatpak)](https://flathub.org/en/apps/io.gitlab.adhami3310.Impression) or [BalenaEtcher (AppImage)](https://etcher.balena.io/#download-etcher).
+
+*On MacOS* : Flash it using [BalenaEtcher](https://etcher.balena.io/#download-etcher).
+
+*On Windows* : Flash it using [Rufus](https://rufus.ie/en/#download) or [BalenaEtcher](https://etcher.balena.io/#download-etcher).
+
+* **Source** Machine:
+
+Can be any machine with **Nix installed**, e.g. a **NixOS** machine.
+
+* **Target** Machine:
+
+Can be **any computer** (desktop, SFF, tiny/mini/micro, even a laptop). It could be a dedicated server that you bought or just some computer that you decided to repurpose into a backup server.
+
+* **Network connection** between the source and the target machine.
+
+---
+
+### Next step
+
+[Configuration](./configuration/index.md)

numbus-backup-server.conf

@@ -1,88 +1,147 @@
-# -->
-# MANDATORY SETTINGS
-# <--
+### -----------------> ###
+### MANDATORY SETTINGS ###
+
 
-## Script settings
-export DEBUG="true"
 
 ## Live target settings
+# The IP address of the machine to install NixOS on (must be reachable via SSH).
 export LIVE_TARGET_IP="192.168.1.10"
+# The password of the live installer environment (the one you set using 'passwd' on the live machine).
 export LIVE_TARGET_PASSWD="example"
 
-## Server settings
+
+## Backup server settings
+# The language/keyboard layout (e.g. FR, EN, DE). 
 export SERVER_LANGUAGE="FR"
+# The system locale (e.g. fr_FR, en_US, de_DE).
 export SERVER_LOCALE="fr_FR"
+# The timezone (e.g. Europe/Paris, America/New_York, Europe/Berlin).
 export SERVER_TIMEZONE="Europe/Paris"
+# The name of the server owner. Used in mails and for identification (if you bought support or have multiple servers).
 export SERVER_OWNER_NAME="yourName"
+# The email address where services notifications and alerts will be sent.
 export SERVER_USER_EMAIL="user@your-domain.com"
+# The email address where system failure notifications and alerts will be sent.
 export SERVER_ADMIN_EMAIL="admin@your-domain.com"
+# A list of SSH public keys allowed to log in as the administrator.
 export SERVER_AUTHORIZED_SSH_PUBKEYS=( "ssh-ed25519 AAAAoefzefpoipoeCEZJCPEACPAcjapjcpajepcjAPJECJPEJAPJAZ yours@yourdomain.com" )
 
+
 ## Traefik settings
+# Cloudflare API token with "Zone:DNS:Edit" permissions for automatic renewal of Let's Encrypt certificates.
 export CLOUDFLARE_DNS_API_TOKEN="yourToken"
 
+
 ## Smtp settings
+# The email account used by the server to send outgoing notifications.
 export SMTP_SERVER_USERNAME="your-address@gmail.com"
+# The password for the email account (use an App Password if using Gmail/2FA).
 export SMTP_SERVER_PASSWORD="emrp raps vzoi vnoe"
 export SMTP_SERVER_HOST="smtp.yourdomain.com"
 export SMTP_SERVER_PORT="587"
 
+
 ## Network settings
+# The local network subnet in CIDR notation (e.g. 192.168.1.0/24).
 export NETWORK_SUBNET="192.168.1.0/24"
+# The IP address of your internet router/gateway.
 export NETWORK_ROUTER_IP="192.168.1.1"
+# The static IP address to assign to this server (must be outside the router's DHCP range).
 export HOME_SERVER_IP="192.168.1.5"
 
+
 ## Services settings
+# The root domain name for your services (e.g. example.com).
 export DOMAIN_NAME="yourdomain.com"
 
-## DNS service
-export SELECTED_DNS_SERVICE=(
-  "pi-hole" # or "adguard"
-)
 
 ## Web applications
+# All apps are open-source, fully local
 export SELECTED_WEB_APPLICATIONS=(
+  # Minecraft server(s) manager. Supports Bedrock and Java, Dynmap. https://craftycontrol.com/
   "crafty"
+  # Network-Video-Recorder with advanced features such as person detection, face recognition. https://frigate.video/
   "frigate"
+  # Full-featured git platform. Replace GitHub with your own and stop AI bots from accessing your code. https://about.gitea.com/
   "gitea"
+  # Home automation platform. Every smart home devices in one place. Endless automation options. Integrates with Frigate to get notified when someone is detected. https://www.home-assistant.io/
   "home-assistant"
+  # A modern, secure, highly customizable application dashboard. https://gethomepage.dev/
+  "homepage"
+  # Photos backup platform similar to Google Photos. Advanced features such as face and object recognition powered search. https://immich.app/
   "immich"
+  # A set of super useful tools when doing IT. https://it-tools.tech/
   "it-tools"
+  # The Free Software Media System. Stream to any device from your own server, with no strings attached. https://jellyfin.org/
   "jellyfin"
+  # Workflow automation for technical people. node-based workflow automation tool. https://n8n.io/
+  "n8n"
+  # Network boot various operating system installers and utilities from one place. https://netboot.xyz/
   "netbootxyz"
+  # The most popular self-hosted collaboration platform. File sharing, productivity, and groupware. https://nextcloud.com/
   "nextcloud"
+  # Send push notifications to your phone or desktop via PUT/POST. https://ntfy.sh/
+  "ntfy"
+  # Open Source ERP and CRM. https://www.odoo.com/
+  "odoo"
+  # Open source password manager for teams. Security first, privacy focused. https://www.passbolt.com/
   "passbolt"
+  # A fancy self-hosted monitoring tool. https://uptimekuma.org/
   "uptime-kuma"
+  # Free/Libre Open Source Software Binaries of VS Code. Run VS Code in your browser. https://vscodium.com/
   "vscodium"
 )
 
+
 ## System services
+# All apps are open-source, fully local
 export SELECTED_SYSTEM_SERVICES=(
+  # Backup your numbus-server using this client.
+  "backup-client"
+  # Anti-virus software. Will scan the system periodically. Will scan on-access the data stored in your services' data directories : for example, where your Nextcloud data is. https://www.clamav.net/
   "clamav"
+  # Virtualization host software. Uses Qemu/KVM. Run VMs with near-native performance and device passthrough capabilities. https://www.qemu.org/
   "virtualization"
 )
 
-# -->
-# OPTIONAL SETTINGS
-# <--
 
-## DNS service subdomain
-export SELECTED_DNS_SERVICE_SUBDOMAIN=(
-  "my-pi-hole-subdomain" # or "my-adguard-subdomain"
-)
+### MANDATORY SETTINGS ###
+### <----------------- ###
+
+
+
+### -----------------> ###
+### OPTIONAL SETTINGS  ###
+
+
 
 ## Web applications subdomain
-export SELECTED_WEB_APPLICATIONS_SUBDOMAIN=( # ⚠️ Must match SELECTED_WEB_APPLICATIONS order ⚠️
+# Subdomains for each selected web application.
+# ⚠️ The order must strictly match the SELECTED_WEB_APPLICATIONS array above. The below example would be correct if you selected every service in the SELECTED_WEB_APPLICATIONS array.
+export SELECTED_WEB_APPLICATIONS_SUBDOMAIN=(
   "my-crafty-subdomain"
   "my-frigate-subdomain"
   "my-gitea-subdomain"
-  "my-home-assistant-subdomain"
+  "my-home-assistant-subdomain" # Example : your Home-assistant URL will be ; https://my-home-assistant-subdomain.yourdomain.com/
+  "my-homepage-subdomain"
   "my-immich-subdomain"
   "my-it-tools-subdomain"
-  "my-jellyfin-subdomain"
+  "my-jellyfin-subdomain"       # Example : your Jellyfin URL will be ; https://my-jellyfin-subdomain.yourdomain.com/
+  "my-n8n-subdomain"
   "my-netbootxyz-subdomain"
   "my-nextcloud-subdomain"
+  "my-ntfy-subdomain"
+  "my-odoo-subdomain"
   "my-passbolt-subdomain"
   "my-uptime-kuma-subdomain"
   "my-vscodium-subdomain"
-)
+)
+
+
+## Script settings
+# Enable verbose logging for debugging purposes.
+export DEBUG="true"
+
+
+### OPTIONAL SETTINGS  ###
+### <----------------- ###

numbus-server.conf

@@ -1,15 +1,11 @@
-# -->
-# MANDATORY SETTINGS
-# <--
-
-## Script settings
-export DEBUG="true"
-
-## Live target settings
+## 📦 Live target settings
+# See docs/numbus-server/configuration/live_target.md
 export LIVE_TARGET_IP="192.168.1.10"
 export LIVE_TARGET_PASSWD="example"
 
-## Server settings
+
+## ⚙️ Server settings
+# See docs/numbus-server/configuration/server.md
 export SERVER_LANGUAGE="FR"
 export SERVER_LOCALE="fr_FR"
 export SERVER_TIMEZONE="Europe/Paris"
@@ -18,65 +14,106 @@ export SERVER_USER_EMAIL="user@your-domain.com"
 export SERVER_ADMIN_EMAIL="admin@your-domain.com"
 export SERVER_AUTHORIZED_SSH_PUBKEYS=( "ssh-ed25519 AAAAoefzefpoipoeCEZJCPEACPAcjapjcpajepcjAPJECJPEJAPJAZ yours@yourdomain.com" )
 
-## Traefik settings
-export CLOUDFLARE_DNS_API_TOKEN="yourToken"
 
-## Smtp settings
-export SMTP_SERVER_USERNAME="your-address@gmail.com"
+## 📬 Mail settings
+# See docs/numbus-server/configuration/mail.md
+export SMTP_SERVER_USERNAME="your-address@your-domain.com"
 export SMTP_SERVER_PASSWORD="emrp raps vzoi vnoe"
 export SMTP_SERVER_HOST="smtp.yourdomain.com"
 export SMTP_SERVER_PORT="587"
 
-## Network settings
+
+## 🚦 Traefik settings
+# See docs/numbus-server/configuration/services/traefik.md
+export CLOUDFLARE_DNS_API_TOKEN="yourToken"
+
+
+
+
+
+## 🛜 Network settings
+# See docs/numbus-server/configuration/network.md
 export NETWORK_SUBNET="192.168.1.0/24"
 export NETWORK_ROUTER_IP="192.168.1.1"
 export HOME_SERVER_IP="192.168.1.5"
 
-## Services settings
+
+## 🛠️ Services settings
+# See docs/numbus-server/configuration/services/index.md
 export DOMAIN_NAME="yourdomain.com"
+
+
+## DNS service
 export SELECTED_DNS_SERVICE=(
-  "pi-hole" # or "adguard"
+  "pi-hole"
+  "adguard"
 )
+
+
+## Web applications
 export SELECTED_WEB_APPLICATIONS=(
   "crafty"
   "frigate"
   "gitea"
   "home-assistant"
+  "homepage"
   "immich"
   "it-tools"
   "jellyfin"
+  "n8n"
   "netbootxyz"
   "nextcloud"
+  "ntfy"
+  "odoo"
   "passbolt"
   "uptime-kuma"
   "vscodium"
 )
+
+
+## System services
 export SELECTED_SYSTEM_SERVICES=(
   "clamav"
   "virtualization"
 )
 
-# -->
-# OPTIONAL SETTINGS
-# <--
 
 ## DNS service subdomain
+# See docs/numbus-server/configuration/services/index.md
 export SELECTED_DNS_SERVICE_SUBDOMAIN=(
   "my-pi-hole-subdomain" # or "my-adguard-subdomain"
 )
 
+
 ## Web applications subdomain
-export SELECTED_WEB_APPLICATIONS_SUBDOMAIN=( # ⚠️ Must match SELECTED_WEB_APPLICATIONS order ⚠️
+# ⚠️ The order must strictly match the SELECTED_WEB_APPLICATIONS array above.
+export SELECTED_WEB_APPLICATIONS_SUBDOMAIN=(
   "my-crafty-subdomain"
   "my-frigate-subdomain"
   "my-gitea-subdomain"
-  "my-home-assistant-subdomain"
+  "my-home-assistant-subdomain" # Example : your Home-assistant URL will be ; https://my-home-assistant-subdomain.yourdomain.com/
+  "my-homepage-subdomain"
   "my-immich-subdomain"
   "my-it-tools-subdomain"
-  "my-jellyfin-subdomain"
+  "my-jellyfin-subdomain"       # Example : your Jellyfin URL will be ; https://my-jellyfin-subdomain.yourdomain.com/
+  "my-n8n-subdomain"
   "my-netbootxyz-subdomain"
   "my-nextcloud-subdomain"
+  "my-ntfy-subdomain"
+  "my-odoo-subdomain"
   "my-passbolt-subdomain"
   "my-uptime-kuma-subdomain"
   "my-vscodium-subdomain"
-)
+)
+
+
+## ⛏️ Crafty settings
+# See docs/numbus-server/configuration/services/crafty.md
+export DYNMAP_ENABLED="false"
+export WANTED_NUMBER_OF_JAVA_MINECRAFT_SERVERS="1"
+export WANTED_NUMBER_OF_BEDROCK_MINECRAFT_SERVERS="0"
+
+
+## 📜 Script settings
+# See docs/numbus-server/configuration/script.md
+export VERBOSE="true"

wg0.conf

@@ -0,0 +1 @@
+# Populate this file with a valid WireGuard tunnel configuration if you chose to deploy a numbus-backup-server.