From d90a1af7d36acb006f2f7f29477c9ac782c9d8b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Numbus?= Date: Fri, 2 Jan 2026 22:05:21 +0100 Subject: [PATCH] Update networking --- deploy.sh | 117 +++++++++++++---------- templates/nix-config/configuration.nix | 8 +- templates/nix-config/misc/networking.nix | 39 ++++---- 3 files changed, 96 insertions(+), 68 deletions(-) diff --git a/deploy.sh b/deploy.sh index 6dc3671..010c615 100644 --- a/deploy.sh +++ b/deploy.sh @@ -180,9 +180,62 @@ lsusb 2>/dev/null | grep -iq "google" && TARGET_USB_CORAL="true" || TARGET_USB_C lspci -nn 2>/dev/null | grep -iq "089a" && TARGET_PCIE_CORAL="true" || TARGET_PCIE_CORAL="false" ls /dev/serial/by-id/ 2>/dev/null | grep -i "zigbee" && TARGET_ZIGBEE_DEVICE=\$(ls /dev/serial/by-id/ 2>/dev/null | grep -i "zigbee" | head -n 1) || TARGET_ZIGBEE_DEVICE="" -for var in TARGET_GRAPHICS TARGET_GRAPHICS_BRAND TARGET_GRAPHICS_RENDERER TARGET_USB_CORAL TARGET_PCIE_CORAL TARGET_ZIGBEE_DEVICE; do +TARGET_INTERFACE=\$(ip -4 route show default | awk '{print \$5}' | head -n1) + +HDD=1 +DISK_DEVPATH=() +DISK_NAME=() +DISK_TYPE=() +DISK_HEALTH=() +DISK_ID=() +DISK_SIZE=() + +for DISK in \$(lsblk -x SIZE -d -n -e 7,11 -o NAME); do + # Disk name and simple path + DISK_DEVPATH+=("/dev/\$DISK") + DISK_NAME+=("\$DISK") + # Disk type + HDD=\$(cat /sys/block/\$DISK/queue/rotational) + TRANSPORT_PROTOCOL=\$(lsblk -x SIZE -d -n -e 7,11 -o TRAN /dev/\$DISK) + if [[ "\$DISK" == "nvme*" ]]; then DISK_TYPE+=("NVMe"); + elif [[ "\$TRANSPORT_PROTOCOL" == "usb" ]]; then DISK_TYPE+=("USB"); + elif [[ "\$HDD" -eq 1 ]]; then DISK_TYPE+=("HDD"); + elif [[ "\$HDD" -eq 0 ]]; then DISK_TYPE+=("SSD"); + else DISK_TYPE+=("Other") + fi + # Disk health + if [[ \$(echo "$REMOTE_PASS" | sudo -S smartctl -H /dev/\$DISK 2>/dev/null | grep 'self-assessment' | awk '{print \$6}') == "PASSED" ]]; then + DISK_HEALTH+=("PASSED") + else + DISK_HEALTH+=("N/A") + fi + # Disk ID + DISK_ID+=("\$(ls -l /dev/disk/by-id | grep -m1 "../../\$DISK" | awk '{print "/dev/disk/by-id/" \$9}')") + # Disk size + DISK_SIZE+=("\$(lsblk -x SIZE -d -n -e 7,11 -o SIZE /dev/\$DISK)") +done + +echo "# Hardware detection results on \$(date)" > "${TMPFILE}" +for var in \ + TARGET_GRAPHICS \ + TARGET_GRAPHICS_BRAND \ + TARGET_GRAPHICS_RENDERER \ + TARGET_USB_CORAL \ + TARGET_PCIE_CORAL \ + TARGET_ZIGBEE_DEVICE \ + TARGET_INTERFACE; do echo "export \${var}=\${!var}" >> "${TMPFILE}" done + +for var in \ + DISK_DEVPATH \ + DISK_NAME \ + DISK_TYPE \ + DISK_HEALTH \ + DISK_ID \ + DISK_SIZE; do + declare -p \${var} >> "${TMPFILE}" +done SSHEND ### Get hardware information <-- @@ -203,7 +256,7 @@ services_selection() { echo -e "\n\n➡️ You will now select the services you want installed on your server:" local AVAILABLE_SERVICES=( "frigate" "gitea" "home-assistant" "immich" "it-tools" \ -"nextcloud" "passbolt" "pi-hole" ) +"nextcloud" "passbolt" "pi-hole" "virtualization" ) local SERVICES_DESCRIPTION=( "Pi-Hole : Block ads on all your devices" \ "Immich : Pictures and videos backup with local machine-learning" \ @@ -212,7 +265,8 @@ services_selection() { "Home-Assistant : Manage your smart home and security cameras" \ "Frigate [Home Assistant required] : Secure your house with security cameras" \ "Gitea : Your own git platform" \ - "IT-tools : A set of useful tools when doing IT" + "IT-tools : A set of useful tools when doing IT" \ + "Virtualization : Run Virtual Machines (KVM/QEMU) with Libvirt" ) local SELECTED_SERVICES_DESCRIPTION=$(gum choose --no-limit --header "Homelab services:" "${SERVICES_DESCRIPTION[@]}") @@ -255,12 +309,15 @@ files_generation() { echo -e "\n✅ Writing correct ips to configuration.nix..." sed -i "s|HOME_SERVER_IP|${HOME_SERVER_IP}|g" final-nix-config/etc/nixos/misc/networking.nix sed -i "s|HOME_ROUTER_IP|${HOME_ROUTER_IP}|g" final-nix-config/etc/nixos/misc/networking.nix + sed -i "s|TARGET_INTERFACE|${TARGET_INTERFACE}|g" final-nix-config/etc/nixos/misc/networking.nix echo -e "\n✅ Writing configuration files for the selected homelab services..." envsubst < templates/podman-config/traefik/traefik.yaml > final-nix-config/mnt/config/traefik/traefik.yaml for service in "${SELECTED_SERVICES[@]}"; do - cp templates/nix-config/podman/${service}.nix final-nix-config/etc/nixos/podman/${service}.nix + if [[ "${service}" != "virtualization" ]]; then + cp templates/nix-config/podman/${service}.nix final-nix-config/etc/nixos/podman/${service}.nix + fi case "${service}" in frigate) local FRIGATE_DEVICES_BLOCK="" @@ -314,6 +371,11 @@ files_generation() { nextcloud) envsubst < templates/podman-config/traefik/nextcloud.yaml > final-nix-config/mnt/config/traefik/rules/nextcloud.yaml ;; + virtualization) + sed -i "s|# virtualisation.libvirtd.enable = true;| virtualisation.libvirtd.enable = true;|" final-nix-config/etc/nixos/configuration.nix + sed -i "s|# programs.virt-manager.enable = true;| programs.virt-manager.enable = true;|" final-nix-config/etc/nixos/configuration.nix + sed -i 's|extraGroups = \[ "wheel" \];|extraGroups = [ "wheel" "libvirtd" ];|' final-nix-config/etc/nixos/configuration.nix + ;; esac done } @@ -331,54 +393,7 @@ disk_config_generation() { echo -e "\n\n🔎 Fetching and analyzing disks from target host... (This may take a moment)" ### Disk wiping warning <-- -### --> Get disk information - local TMPFILE="/tmp/nixos-installation-disk-detection-temp-file" - ssh_to_host 'bash -s' << EOF -HDD=1 - -DISK_DEVPATH=() -DISK_NAME=() -DISK_TYPE=() -DISK_HEALTH=() -DISK_ID=() -DISK_SIZE=() - -for DISK in \$(lsblk -x SIZE -d -n -e 7,11 -o NAME); do - # Disk name and simple path - DISK_DEVPATH+=("/dev/\$DISK") - DISK_NAME+=("\$DISK") - # Disk type - HDD=\$(cat /sys/block/\$DISK/queue/rotational) - TRANSPORT_PROTOCOL=\$(lsblk -x SIZE -d -n -e 7,11 -o TRAN /dev/\$DISK) - if [[ "\$DISK" == "nvme*" ]]; then DISK_TYPE+=("NVMe"); - elif [[ "\$TRANSPORT_PROTOCOL" == "usb" ]]; then DISK_TYPE+=("USB"); - elif [[ "\$HDD" -eq 1 ]]; then DISK_TYPE+=("HDD"); - elif [[ "\$HDD" -eq 0 ]]; then DISK_TYPE+=("SSD"); - else DISK_TYPE+=("Other") - fi - # Disk health - if [[ \$(echo "$REMOTE_PASS" | sudo -S smartctl -H /dev/\$DISK 2>/dev/null | grep 'self-assessment' | awk '{print \$6}') == "PASSED" ]]; then - DISK_HEALTH+=("PASSED") - else - DISK_HEALTH+=("N/A") - fi - # Disk ID - DISK_ID+=("\$(ls -l /dev/disk/by-id | grep -m1 "../../\$DISK" | awk '{print "/dev/disk/by-id/" \$9}')") - # Disk size - DISK_SIZE+=("\$(lsblk -x SIZE -d -n -e 7,11 -o SIZE /dev/\$DISK)") -done - -echo "DISK_DEVPATH=(\${DISK_DEVPATH[@]})" > "${TMPFILE}" -echo "DISK_NAME=(\${DISK_NAME[@]})" >> "${TMPFILE}" -echo "DISK_TYPE=(\${DISK_TYPE[@]})" >> "${TMPFILE}" -echo "DISK_HEALTH=(\${DISK_HEALTH[@]})" >> "${TMPFILE}" -echo "DISK_ID=(\${DISK_ID[@]})" >> "${TMPFILE}" -echo "DISK_SIZE=(\${DISK_SIZE[@]})" >> "${TMPFILE}" -EOF - - scp -i "final-nix-config/home/numbus-admin/.ssh/id_ed25519" "${TARGET_USER}@${TARGET_HOST}":"${TMPFILE}" "${TMPFILE}" &> /dev/null - source "${TMPFILE}" && rm "${TMPFILE}" ### --> Disk selection if [[ "${#DISK_NAME[@]}" -eq 0 ]]; then diff --git a/templates/nix-config/configuration.nix b/templates/nix-config/configuration.nix index 22323ab..2d4ce2e 100644 --- a/templates/nix-config/configuration.nix +++ b/templates/nix-config/configuration.nix @@ -6,6 +6,8 @@ (modulesPath + "/profiles/qemu-guest.nix") inputs.sops-nix.nixosModules.sops ./disks/disko.nix + ./misc/networking.nix + ./misc/mail.nix # ./disks/snapraid.nix # ./disks/pcr-check.nix # ./pcie-coral/coral.nix @@ -112,11 +114,15 @@ virtualisation.podman.enable = true; virtualisation.podman.defaultNetwork.settings.dns_enabled = true; + # Enable libvirt +# virtualisation.libvirtd.enable = true; +# programs.virt-manager.enable = true; + # User account users.users.numbus-admin = { isNormalUser = true; description = "Numbus Admin"; - extraGroups = [ "networkmanager" "wheel" ]; + extraGroups = [ "wheel" ]; uid = 1000; initialPassword = "changeMe!"; }; diff --git a/templates/nix-config/misc/networking.nix b/templates/nix-config/misc/networking.nix index 352d648..5e510fe 100644 --- a/templates/nix-config/misc/networking.nix +++ b/templates/nix-config/misc/networking.nix @@ -4,34 +4,41 @@ # Hostname networking.hostName = "numbus-server"; - # Enable networking and firewall - networking.interfaces.eth0.ipv4.addresses = [ - { - address = "HOME_SERVER_IP"; - prefixLength = 24; - } - ]; - networking.defaultGateway = "HOME_ROUTER_IP"; - networking.nameservers = [ "HOME_SERVER_IP" "9.9.9.9" ]; - networking.networkmanager.enable = true; + networking.wireless.enable = false; + networking.networkmanager.enable = false; + networking.nftables.enable = true; networking.firewall.enable = true; + # Bridge configuration for VMs + networking.bridges.br0.interfaces = [ "TARGET_INTERFACE" ]; + networking.interfaces.br0.useDHCP = false; + networking.nameservers = [ "HOME_SERVER_IP" "9.9.9.9" ]; + networking.interfaces.br0.ipv4.addresses = [{ + address = "HOME_SERVER_IP"; + prefixLength = 24; + }]; + networking.defaultGateway = { + address = "HOME_ROUTER_IP"; + interface = "br0"; + }; + networking.nftables.tables.nat = { family = "ip"; content = '' chain prerouting { type nat hook prerouting priority dstnat; policy accept; - tcp dport 80 redirect to :8080 - tcp dport 443 redirect to :8443 - tcp dport 53 redirect to :5353 - udp dport 53 redirect to :5353 + iifname "br0" tcp dport 80 redirect to :8080 + iifname "br0" tcp dport 443 redirect to :8443 + iifname "br0" tcp dport 53 redirect to :5353 + iifname "br0" udp dport 53 redirect to :5353 + iifname "br0" udp dport 67 redirect to :6767 } ''; }; # Open ports in the firewall networking.firewall.allowPing = true; - networking.firewall.allowedTCPPorts = [ 53 80 443 ]; - networking.firewall.allowedUDPPorts = [ 53 ]; + networking.firewall.allowedTCPPorts = [ 5353 8080 8443 ]; + networking.firewall.allowedUDPPorts = [ 5353 6767 ]; } \ No newline at end of file