numbus/numbus
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update networking

Browse Source
This commit is contained in:
Raphaël Numbus
2026-01-02 22:05:21 +01:00
parent 3418988c83
commit d90a1af7d3
3 changed files with 96 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy.sh
+66 -51
View File
@@ -180,9 +180,62 @@ lsusb 2>/dev/null | grep -iq "google" && TARGET_USB_CORAL="true" || TARGET_USB_C
lspci -nn 2>/dev/null | grep -iq "089a" && TARGET_PCIE_CORAL="true" || TARGET_PCIE_CORAL="false" lspci -nn 2>/dev/null | grep -iq "089a" && TARGET_PCIE_CORAL="true" || TARGET_PCIE_CORAL="false"
ls /dev/serial/by-id/ 2>/dev/null | grep -i "zigbee" && TARGET_ZIGBEE_DEVICE=\$(ls /dev/serial/by-id/ 2>/dev/null | grep -i "zigbee" | head -n 1) || TARGET_ZIGBEE_DEVICE="" ls /dev/serial/by-id/ 2>/dev/null | grep -i "zigbee" && TARGET_ZIGBEE_DEVICE=\$(ls /dev/serial/by-id/ 2>/dev/null | grep -i "zigbee" | head -n 1) || TARGET_ZIGBEE_DEVICE=""
for var in TARGET_GRAPHICS TARGET_GRAPHICS_BRAND TARGET_GRAPHICS_RENDERER TARGET_USB_CORAL TARGET_PCIE_CORAL TARGET_ZIGBEE_DEVICE; do TARGET_INTERFACE=\$(ip -4 route show default | awk '{print \$5}' | head -n1)
HDD=1
DISK_DEVPATH=()
DISK_NAME=()
DISK_TYPE=()
DISK_HEALTH=()
DISK_ID=()
DISK_SIZE=()
for DISK in \$(lsblk -x SIZE -d -n -e 7,11 -o NAME); do
# Disk name and simple path
DISK_DEVPATH+=("/dev/\$DISK")
DISK_NAME+=("\$DISK")
# Disk type
HDD=\$(cat /sys/block/\$DISK/queue/rotational)
TRANSPORT_PROTOCOL=\$(lsblk -x SIZE -d -n -e 7,11 -o TRAN /dev/\$DISK)
if [[ "\$DISK" == "nvme*" ]]; then DISK_TYPE+=("NVMe");
elif [[ "\$TRANSPORT_PROTOCOL" == "usb" ]]; then DISK_TYPE+=("USB");
elif [[ "\$HDD" -eq 1 ]]; then DISK_TYPE+=("HDD");
elif [[ "\$HDD" -eq 0 ]]; then DISK_TYPE+=("SSD");
else DISK_TYPE+=("Other")
fi
# Disk health
if [[ \$(echo "$REMOTE_PASS" | sudo -S smartctl -H /dev/\$DISK 2>/dev/null | grep 'self-assessment' | awk '{print \$6}') == "PASSED" ]]; then
DISK_HEALTH+=("PASSED")
else
DISK_HEALTH+=("N/A")
fi
# Disk ID
DISK_ID+=("\$(ls -l /dev/disk/by-id | grep -m1 "../../\$DISK" | awk '{print "/dev/disk/by-id/" \$9}')")
# Disk size
DISK_SIZE+=("\$(lsblk -x SIZE -d -n -e 7,11 -o SIZE /dev/\$DISK)")
done
echo "# Hardware detection results on \$(date)" > "${TMPFILE}"
for var in \
TARGET_GRAPHICS \
TARGET_GRAPHICS_BRAND \
TARGET_GRAPHICS_RENDERER \
TARGET_USB_CORAL \
TARGET_PCIE_CORAL \
TARGET_ZIGBEE_DEVICE \
TARGET_INTERFACE; do
echo "export \${var}=\${!var}" >> "${TMPFILE}" echo "export \${var}=\${!var}" >> "${TMPFILE}"
done done
for var in \
DISK_DEVPATH \
DISK_NAME \
DISK_TYPE \
DISK_HEALTH \
DISK_ID \
DISK_SIZE; do
declare -p \${var} >> "${TMPFILE}"
done
SSHEND SSHEND
### Get hardware information <-- ### Get hardware information <--
@@ -203,7 +256,7 @@ services_selection() {
echo -e "\n\n➡️ You will now select the services you want installed on your server:" echo -e "\n\n➡️ You will now select the services you want installed on your server:"
local AVAILABLE_SERVICES=( "frigate" "gitea" "home-assistant" "immich" "it-tools" \ local AVAILABLE_SERVICES=( "frigate" "gitea" "home-assistant" "immich" "it-tools" \
"nextcloud" "passbolt" "pi-hole" ) "nextcloud" "passbolt" "pi-hole" "virtualization" )
local SERVICES_DESCRIPTION=( "Pi-Hole : Block ads on all your devices" \ local SERVICES_DESCRIPTION=( "Pi-Hole : Block ads on all your devices" \
"Immich : Pictures and videos backup with local machine-learning" \ "Immich : Pictures and videos backup with local machine-learning" \
@@ -212,7 +265,8 @@ services_selection() {
"Home-Assistant : Manage your smart home and security cameras" \ "Home-Assistant : Manage your smart home and security cameras" \
"Frigate [Home Assistant required] : Secure your house with security cameras" \ "Frigate [Home Assistant required] : Secure your house with security cameras" \
"Gitea : Your own git platform" \ "Gitea : Your own git platform" \
"IT-tools : A set of useful tools when doing IT" "IT-tools : A set of useful tools when doing IT" \
"Virtualization : Run Virtual Machines (KVM/QEMU) with Libvirt"
) )
local SELECTED_SERVICES_DESCRIPTION=$(gum choose --no-limit --header "Homelab services:" "${SERVICES_DESCRIPTION[@]}") local SELECTED_SERVICES_DESCRIPTION=$(gum choose --no-limit --header "Homelab services:" "${SERVICES_DESCRIPTION[@]}")
@@ -255,12 +309,15 @@ files_generation() {
echo -e "\n✅ Writing correct ips to configuration.nix..." echo -e "\n✅ Writing correct ips to configuration.nix..."
sed -i "s|HOME_SERVER_IP|${HOME_SERVER_IP}|g" final-nix-config/etc/nixos/misc/networking.nix sed -i "s|HOME_SERVER_IP|${HOME_SERVER_IP}|g" final-nix-config/etc/nixos/misc/networking.nix
sed -i "s|HOME_ROUTER_IP|${HOME_ROUTER_IP}|g" final-nix-config/etc/nixos/misc/networking.nix sed -i "s|HOME_ROUTER_IP|${HOME_ROUTER_IP}|g" final-nix-config/etc/nixos/misc/networking.nix
sed -i "s|TARGET_INTERFACE|${TARGET_INTERFACE}|g" final-nix-config/etc/nixos/misc/networking.nix
echo -e "\n✅ Writing configuration files for the selected homelab services..." echo -e "\n✅ Writing configuration files for the selected homelab services..."
envsubst < templates/podman-config/traefik/traefik.yaml > final-nix-config/mnt/config/traefik/traefik.yaml envsubst < templates/podman-config/traefik/traefik.yaml > final-nix-config/mnt/config/traefik/traefik.yaml
for service in "${SELECTED_SERVICES[@]}"; do for service in "${SELECTED_SERVICES[@]}"; do
cp templates/nix-config/podman/${service}.nix final-nix-config/etc/nixos/podman/${service}.nix if [[ "${service}" != "virtualization" ]]; then
cp templates/nix-config/podman/${service}.nix final-nix-config/etc/nixos/podman/${service}.nix
fi
case "${service}" in case "${service}" in
frigate) frigate)
local FRIGATE_DEVICES_BLOCK="" local FRIGATE_DEVICES_BLOCK=""
@@ -314,6 +371,11 @@ files_generation() {
nextcloud) nextcloud)
envsubst < templates/podman-config/traefik/nextcloud.yaml > final-nix-config/mnt/config/traefik/rules/nextcloud.yaml envsubst < templates/podman-config/traefik/nextcloud.yaml > final-nix-config/mnt/config/traefik/rules/nextcloud.yaml
;; ;;
virtualization)
sed -i "s|# virtualisation.libvirtd.enable = true;| virtualisation.libvirtd.enable = true;|" final-nix-config/etc/nixos/configuration.nix
sed -i "s|# programs.virt-manager.enable = true;| programs.virt-manager.enable = true;|" final-nix-config/etc/nixos/configuration.nix
sed -i 's|extraGroups = \[ "wheel" \];|extraGroups = [ "wheel" "libvirtd" ];|' final-nix-config/etc/nixos/configuration.nix
;;
esac esac
done done
} }
@@ -331,54 +393,7 @@ disk_config_generation() {
echo -e "\n\n🔎 Fetching and analyzing disks from target host... (This may take a moment)" echo -e "\n\n🔎 Fetching and analyzing disks from target host... (This may take a moment)"
### Disk wiping warning <-- ### Disk wiping warning <--
### --> Get disk information
local TMPFILE="/tmp/nixos-installation-disk-detection-temp-file"
ssh_to_host 'bash -s' << EOF
HDD=1
DISK_DEVPATH=()
DISK_NAME=()
DISK_TYPE=()
DISK_HEALTH=()
DISK_ID=()
DISK_SIZE=()
for DISK in \$(lsblk -x SIZE -d -n -e 7,11 -o NAME); do
# Disk name and simple path
DISK_DEVPATH+=("/dev/\$DISK")
DISK_NAME+=("\$DISK")
# Disk type
HDD=\$(cat /sys/block/\$DISK/queue/rotational)
TRANSPORT_PROTOCOL=\$(lsblk -x SIZE -d -n -e 7,11 -o TRAN /dev/\$DISK)
if [[ "\$DISK" == "nvme*" ]]; then DISK_TYPE+=("NVMe");
elif [[ "\$TRANSPORT_PROTOCOL" == "usb" ]]; then DISK_TYPE+=("USB");
elif [[ "\$HDD" -eq 1 ]]; then DISK_TYPE+=("HDD");
elif [[ "\$HDD" -eq 0 ]]; then DISK_TYPE+=("SSD");
else DISK_TYPE+=("Other")
fi
# Disk health
if [[ \$(echo "$REMOTE_PASS" | sudo -S smartctl -H /dev/\$DISK 2>/dev/null | grep 'self-assessment' | awk '{print \$6}') == "PASSED" ]]; then
DISK_HEALTH+=("PASSED")
else
DISK_HEALTH+=("N/A")
fi
# Disk ID
DISK_ID+=("\$(ls -l /dev/disk/by-id | grep -m1 "../../\$DISK" | awk '{print "/dev/disk/by-id/" \$9}')")
# Disk size
DISK_SIZE+=("\$(lsblk -x SIZE -d -n -e 7,11 -o SIZE /dev/\$DISK)")
done
echo "DISK_DEVPATH=(\${DISK_DEVPATH[@]})" > "${TMPFILE}"
echo "DISK_NAME=(\${DISK_NAME[@]})" >> "${TMPFILE}"
echo "DISK_TYPE=(\${DISK_TYPE[@]})" >> "${TMPFILE}"
echo "DISK_HEALTH=(\${DISK_HEALTH[@]})" >> "${TMPFILE}"
echo "DISK_ID=(\${DISK_ID[@]})" >> "${TMPFILE}"
echo "DISK_SIZE=(\${DISK_SIZE[@]})" >> "${TMPFILE}"
EOF
scp -i "final-nix-config/home/numbus-admin/.ssh/id_ed25519" "${TARGET_USER}@${TARGET_HOST}":"${TMPFILE}" "${TMPFILE}" &> /dev/null
source "${TMPFILE}" && rm "${TMPFILE}"
### --> Disk selection ### --> Disk selection
if [[ "${#DISK_NAME[@]}" -eq 0 ]]; then if [[ "${#DISK_NAME[@]}" -eq 0 ]]; then
templates/nix-config/configuration.nix
+7 -1
View File
@@ -6,6 +6,8 @@
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
./disks/disko.nix ./disks/disko.nix
./misc/networking.nix
./misc/mail.nix
# ./disks/snapraid.nix # ./disks/snapraid.nix
# ./disks/pcr-check.nix # ./disks/pcr-check.nix
# ./pcie-coral/coral.nix # ./pcie-coral/coral.nix
@@ -112,11 +114,15 @@
virtualisation.podman.enable = true; virtualisation.podman.enable = true;
virtualisation.podman.defaultNetwork.settings.dns_enabled = true; virtualisation.podman.defaultNetwork.settings.dns_enabled = true;
# Enable libvirt
# virtualisation.libvirtd.enable = true;
# programs.virt-manager.enable = true;
# User account # User account
users.users.numbus-admin = { users.users.numbus-admin = {
isNormalUser = true; isNormalUser = true;
description = "Numbus Admin"; description = "Numbus Admin";
extraGroups = [ "networkmanager" "wheel" ]; extraGroups = [ "wheel" ];
uid = 1000; uid = 1000;
initialPassword = "changeMe!"; initialPassword = "changeMe!";
}; };
templates/nix-config/misc/networking.nix
+23 -16
View File
@@ -4,34 +4,41 @@
# Hostname # Hostname
networking.hostName = "numbus-server"; networking.hostName = "numbus-server";
# Enable networking and firewall networking.wireless.enable = false;
networking.interfaces.eth0.ipv4.addresses = [ networking.networkmanager.enable = false;
{
address = "HOME_SERVER_IP";
prefixLength = 24;
}
];
networking.defaultGateway = "HOME_ROUTER_IP";
networking.nameservers = [ "HOME_SERVER_IP" "9.9.9.9" ];
networking.networkmanager.enable = true;
networking.nftables.enable = true; networking.nftables.enable = true;
networking.firewall.enable = true; networking.firewall.enable = true;
# Bridge configuration for VMs
networking.bridges.br0.interfaces = [ "TARGET_INTERFACE" ];
networking.interfaces.br0.useDHCP = false;
networking.nameservers = [ "HOME_SERVER_IP" "9.9.9.9" ];
networking.interfaces.br0.ipv4.addresses = [{
address = "HOME_SERVER_IP";
prefixLength = 24;
}];
networking.defaultGateway = {
address = "HOME_ROUTER_IP";
interface = "br0";
};
networking.nftables.tables.nat = { networking.nftables.tables.nat = {
family = "ip"; family = "ip";
content = '' content = ''
chain prerouting { chain prerouting {
type nat hook prerouting priority dstnat; policy accept; type nat hook prerouting priority dstnat; policy accept;
tcp dport 80 redirect to :8080 iifname "br0" tcp dport 80 redirect to :8080
tcp dport 443 redirect to :8443 iifname "br0" tcp dport 443 redirect to :8443
tcp dport 53 redirect to :5353 iifname "br0" tcp dport 53 redirect to :5353
udp dport 53 redirect to :5353 iifname "br0" udp dport 53 redirect to :5353
iifname "br0" udp dport 67 redirect to :6767
} }
''; '';
}; };
# Open ports in the firewall # Open ports in the firewall
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
networking.firewall.allowedTCPPorts = [ 53 80 443 ]; networking.firewall.allowedTCPPorts = [ 5353 8080 8443 ];
networking.firewall.allowedUDPPorts = [ 53 ]; networking.firewall.allowedUDPPorts = [ 5353 6767 ];
} }