TEST
This commit is contained in:
Raphael Numbus
@@ -149,7 +149,7 @@ services_selection() {
|
||||
|
||||
files_generation() {
|
||||
echo -e "\n\n ✅ Generating necessary folder tree..."
|
||||
mkdir -p extra-files/run/secrets/disks/
|
||||
mkdir -p extra-files/etc/secrets/disks/
|
||||
mkdir -p extra-files/var/lib/sops-nix/
|
||||
mkdir -p extra-files/etc/nixos/secrets/
|
||||
mkdir -p extra-files/mnt/config-storage/traefik/config/conf/
|
||||
@@ -175,12 +175,12 @@ files_generation() {
|
||||
export IMMICH_DB_DATABASE_NAME="$(openssl rand -hex 10)"
|
||||
export IMMICH_DB_USERNAME="$(openssl rand -hex 10)"
|
||||
export IMMICH_DB_PASSWORD="$(openssl rand -base64 32 | tr -d '\=+/')"
|
||||
export DATA_DISK_1_KEY="$(openssl rand -base64 10 | tr -d '\=+/')"
|
||||
export DATA_DISK_2_KEY="$(openssl rand -base64 10 | tr -d '\=+/')"
|
||||
export DATA_DISK_3_KEY="$(openssl rand -base64 10 | tr -d '\=+/')"
|
||||
export DATA_DISK_4_KEY="$(openssl rand -base64 10 | tr -d '\=+/')"
|
||||
export DATA_DISK_5_KEY="$(openssl rand -base64 10 | tr -d '\=+/')"
|
||||
export DATA_DISK_6_KEY="$(openssl rand -base64 10 | tr -d '\=+/')"
|
||||
export CONTENT_DISK_1_KEY="$(openssl rand -base64 10 | tr -d '\=+/')"
|
||||
export CONTENT_DISK_2_KEY="$(openssl rand -base64 10 | tr -d '\=+/')"
|
||||
export CONTENT_DISK_3_KEY="$(openssl rand -base64 10 | tr -d '\=+/')"
|
||||
export CONTENT_DISK_4_KEY="$(openssl rand -base64 10 | tr -d '\=+/')"
|
||||
export CONTENT_DISK_5_KEY="$(openssl rand -base64 10 | tr -d '\=+/')"
|
||||
export CONTENT_DISK_6_KEY="$(openssl rand -base64 10 | tr -d '\=+/')"
|
||||
export PARITY_DISK_1_KEY="$(openssl rand -base64 10 | tr -d '\=+/ ')"
|
||||
export PARITY_DISK_2_KEY="$(openssl rand -base64 10 | tr -d '\=+/ ')"
|
||||
export PARITY_DISK_3_KEY="$(openssl rand -base64 10 | tr -d '\=+/ ')"
|
||||
@@ -188,23 +188,23 @@ files_generation() {
|
||||
export BOOT_DISK_2_KEY="$(openssl rand -base64 10 | tr -d '\=+/ ')"
|
||||
|
||||
echo -e "\n ✅ Generating disk keyfiles in extra-files/etc/secrets/disks/..."
|
||||
for i in {1..6}; do var="DATA_DISK_${i}_KEY"; [[ -n "${!var}" ]] && echo -n "${!var}" > "extra-files/etc/secrets/disks/data-disk-$i"; done
|
||||
for i in {1..6}; do var="CONTENT_DISK_${i}_KEY"; [[ -n "${!var}" ]] && echo -n "${!var}" > "extra-files/etc/secrets/disks/content-disk-$i"; done
|
||||
for i in {1..3}; do var="PARITY_DISK_${i}_KEY"; [[ -n "${!var}" ]] && echo -n "${!var}" > "extra-files/etc/secrets/disks/parity-disk-$i"; done
|
||||
for i in {1..2}; do var="BOOT_DISK_${i}_KEY"; [[ -n "${!var}" ]] && echo -n "${!var}" > "extra-files/etc/secrets/disks/boot-disk-$i"; done
|
||||
|
||||
echo "$REMOTE_PASS" | ssh_to_host """
|
||||
sudo -S mkdir -p /run/secrets/disks/
|
||||
echo -n $DATA_DISK_1_KEY | sudo -S tee /run/secrets/disks/data-disk-1 > /dev/null
|
||||
echo -n $DATA_DISK_2_KEY | sudo -S tee /run/secrets/disks/data-disk-2 > /dev/null
|
||||
echo -n $DATA_DISK_3_KEY | sudo -S tee /run/secrets/disks/data-disk-3 > /dev/null
|
||||
echo -n $DATA_DISK_4_KEY | sudo -S tee /run/secrets/disks/data-disk-4 > /dev/null
|
||||
echo -n $DATA_DISK_5_KEY | sudo -S tee /run/secrets/disks/data-disk-5 > /dev/null
|
||||
echo -n $DATA_DISK_6_KEY | sudo -S tee /run/secrets/disks/data-disk-6 > /dev/null
|
||||
echo -n $PARITY_DISK_1_KEY | sudo -S tee /run/secrets/disks/parity-disk-1 > /dev/null
|
||||
echo -n $PARITY_DISK_2_KEY | sudo -S tee /run/secrets/disks/parity-disk-2 > /dev/null
|
||||
echo -n $PARITY_DISK_3_KEY | sudo -S tee /run/secrets/disks/parity-disk-3 > /dev/null
|
||||
echo -n $BOOT_DISK_1_KEY | sudo -S tee /run/secrets/disks/boot-disk-1 > /dev/null
|
||||
echo -n $BOOT_DISK_2_KEY | sudo -S tee /run/secrets/disks/boot-disk-2 > /dev/null
|
||||
sudo -S mkdir -p /etc/secrets/disks/
|
||||
echo -n $CONTENT_DISK_1_KEY | sudo -S tee /etc/secrets/disks/content-disk-1 > /dev/null
|
||||
echo -n $CONTENT_DISK_2_KEY | sudo -S tee /etc/secrets/disks/content-disk-2 > /dev/null
|
||||
echo -n $CONTENT_DISK_3_KEY | sudo -S tee /etc/secrets/disks/content-disk-3 > /dev/null
|
||||
echo -n $CONTENT_DISK_4_KEY | sudo -S tee /etc/secrets/disks/content-disk-4 > /dev/null
|
||||
echo -n $CONTENT_DISK_5_KEY | sudo -S tee /etc/secrets/disks/content-disk-5 > /dev/null
|
||||
echo -n $CONTENT_DISK_6_KEY | sudo -S tee /etc/secrets/disks/content-disk-6 > /dev/null
|
||||
echo -n $PARITY_DISK_1_KEY | sudo -S tee /etc/secrets/disks/parity-disk-1 > /dev/null
|
||||
echo -n $PARITY_DISK_2_KEY | sudo -S tee /etc/secrets/disks/parity-disk-2 > /dev/null
|
||||
echo -n $PARITY_DISK_3_KEY | sudo -S tee /etc/secrets/disks/parity-disk-3 > /dev/null
|
||||
echo -n $BOOT_DISK_1_KEY | sudo -S tee /etc/secrets/disks/boot-disk-1 > /dev/null
|
||||
echo -n $BOOT_DISK_2_KEY | sudo -S tee /etc/secrets/disks/boot-disk-2 > /dev/null
|
||||
"""
|
||||
|
||||
echo -e "\n ✅ Encrypting secrets in the correct file..."
|
||||
@@ -216,8 +216,8 @@ files_generation() {
|
||||
cp -avu extra-files/etc/nixos/secrets/secrets.yaml ./secrets/secrets.yaml
|
||||
|
||||
echo -e "\n ✅ Writing correct ips to configuration.nix..."
|
||||
sed -i s+HOME_SERVER_IP+$HOME_SERVER_IP+g configuration.nix
|
||||
sed -i s+HOME_ROUTER_IP+$HOME_ROUTER_IP+g configuration.nix
|
||||
sed -i s+HOME_SERVER_IP+$HOME_SERVER_IP+g ./nix-config/configuration.nix
|
||||
sed -i s+HOME_ROUTER_IP+$HOME_ROUTER_IP+g ./nix-config/configuration.nix
|
||||
|
||||
echo -e "\n ✅ Adapting the docker configuration to your hardware..."
|
||||
FRIGATE_DEVICES_BLOCK=""
|
||||
@@ -290,6 +290,7 @@ disk_config_generation() {
|
||||
|
||||
DISK_NAMES=$(ssh_to_host "lsblk -d -n -o NAME,TYPE | awk '\$2==\"disk\" {print \$1}'")
|
||||
|
||||
# --> Get disks info
|
||||
for name in $DISK_NAMES; do
|
||||
details=$(echo "$REMOTE_PASS" | ssh_to_host "
|
||||
set -e
|
||||
@@ -314,6 +315,7 @@ disk_config_generation() {
|
||||
size=\$(lsblk -b -d -n -o SIZE \"\$devpath\")
|
||||
echo \"\$size:::\$type:::\$health:::\$by_id\"
|
||||
")
|
||||
# Get disks info <--
|
||||
|
||||
mapfile -t parts < <(echo "$details" | tr ':' '\n')
|
||||
size="${parts[0]}"
|
||||
@@ -373,12 +375,19 @@ disk_config_generation() {
|
||||
|
||||
num_selected=${#selected_data_names[@]}
|
||||
num_parity=0
|
||||
if (( num_selected > 0 )); then
|
||||
num_parity=$(( (num_selected - 1) / 3 + 1 ))
|
||||
num_content=0
|
||||
|
||||
if (( num_selected == 1 )); then
|
||||
num_content=1
|
||||
num_parity=0
|
||||
elif (( num_selected > 1 )); then
|
||||
num_parity=$(( (num_selected + 2) / 3 ))
|
||||
num_content=$(( num_selected - num_parity ))
|
||||
fi
|
||||
|
||||
# Sort selected disks by size (largest first)
|
||||
sorted_disks=($(
|
||||
# shellcheck disable=SC2145
|
||||
for name in "${selected_data_names[@]}"; do
|
||||
echo "${DISK_SIZE_MAP[$name]} $name"
|
||||
done | sort -rn | awk '{print $2}'
|
||||
@@ -386,33 +395,33 @@ disk_config_generation() {
|
||||
|
||||
# Assign parity disks (the largest ones)
|
||||
parity_disks_final=()
|
||||
for i in $(seq 0 $((num_parity - 1))); do
|
||||
for i in $(seq 0 $((num_parity > 0 ? num_parity - 1 : -1))); do
|
||||
[[ -n "${sorted_disks[$i]}" ]] && parity_disks_final+=("${DISK_BY_ID_MAP[${sorted_disks[$i]}]}")
|
||||
done
|
||||
|
||||
# Assign data disks (the remaining ones)
|
||||
data_disks_final=()
|
||||
# Assign content disks (the remaining ones)
|
||||
content_disks_final=()
|
||||
for i in $(seq $num_parity $((num_selected - 1))); do
|
||||
[[ -n "${sorted_disks[$i]}" ]] && data_disks_final+=("${DISK_BY_ID_MAP[${sorted_disks[$i]}]}")
|
||||
[[ -n "${sorted_disks[$i]}" ]] && content_disks_final+=("${DISK_BY_ID_MAP[${sorted_disks[$i]}]}")
|
||||
done
|
||||
|
||||
# Set exported variables (up to 9 data disks and 2 parity disks)
|
||||
for i in {0..8}; do export "DATA_DISK_$((i+1))"="${data_disks_final[$i]:-}"; done
|
||||
# Set exported variables (up to 6 content disks and 3 parity disks)
|
||||
for i in {0..5}; do export "CONTENT_DISK_$((i+1))"="${content_disks_final[$i]:-}"; done
|
||||
for i in {0..2}; do export "PARITY_DISK_$((i+1))"="${parity_disks_final[$i]:-}"; done
|
||||
fi
|
||||
else
|
||||
echo -e "\n\n ⚠️ No remaining disks to select for data."
|
||||
fi
|
||||
|
||||
# --- Final Recap ---
|
||||
# --> Final recap
|
||||
NUMBER_OF_BOOT_DISKS=0
|
||||
[[ -n "$BOOT_DISK_1" ]] && NUMBER_OF_BOOT_DISKS=$((NUMBER_OF_BOOT_DISKS + 1)) && export BOOT_DISK_1
|
||||
[[ -n "$BOOT_DISK_2" ]] && NUMBER_OF_BOOT_DISKS=$((NUMBER_OF_BOOT_DISKS + 1)) && export BOOT_DISK_2
|
||||
|
||||
NUMBER_OF_DATA_DISKS=0
|
||||
for i in {1..9}; do
|
||||
disk_var="DATA_DISK_$i"
|
||||
[[ -n "${!disk_var}" ]] && NUMBER_OF_DATA_DISKS=$((NUMBER_OF_DATA_DISKS + 1))
|
||||
NUMBER_OF_CONTENT_DISKS=0
|
||||
for i in {1..6}; do
|
||||
disk_var="CONTENT_DISK_$i"
|
||||
[[ -n "${!disk_var}" ]] && NUMBER_OF_CONTENT_DISKS=$((NUMBER_OF_CONTENT_DISKS + 1))
|
||||
done
|
||||
|
||||
NUMBER_OF_PARITY_DISKS=0
|
||||
@@ -430,9 +439,9 @@ Please review the selected disk layout before proceeding.
|
||||
* **Boot 1:** \`$BOOT_DISK_1\`
|
||||
$( [[ -n "$BOOT_DISK_2" ]] && echo "* **Boot 2:** \`$BOOT_DISK_2\`" || echo "* **Boot 2:** *Not configured*")
|
||||
|
||||
**Data Disks ($NUMBER_OF_DATA_DISKS):**
|
||||
$(for i in {1..9}; do disk_var="DATA_DISK_$i"; [[ -n "${!disk_var}" ]] && echo "* **Data $i:** \`${!disk_var}\`"; done)
|
||||
$( [[ $NUMBER_OF_DATA_DISKS -eq 0 ]] && echo "* *Not configured*")
|
||||
**Data Disks ($NUMBER_OF_CONTENT_DISKS):**
|
||||
$(for i in {1..6}; do disk_var="CONTENT_DISK_$i"; [[ -n "${!disk_var}" ]] && echo "* **Data $i:** \`${!disk_var}\`"; done)
|
||||
$( [[ $NUMBER_OF_CONTENT_DISKS -eq 0 ]] && echo "* *Not configured*")
|
||||
|
||||
**Parity Disks ($NUMBER_OF_PARITY_DISKS):**
|
||||
$(for i in {1..3}; do disk_var="PARITY_DISK_$i"; [[ -n "${!disk_var}" ]] && echo "* **Parity $i:** \`${!disk_var}\`"; done)
|
||||
@@ -442,42 +451,81 @@ EOF
|
||||
|
||||
gum style --border normal --margin "1" --padding "1 2" --border-foreground 212 "$(gum format <<< "$RECAP_CONTENT")"
|
||||
gum confirm "Proceed with this disk configuration?" || { echo " ❌ Aborting as requested."; exit 1; }
|
||||
# Final recap <--
|
||||
|
||||
echo -e "\n\n ⚙️ Generating disko configuration from templates..."
|
||||
template_file="config-files/disks/boot-${NUMBER_OF_BOOT_DISKS}.nix"
|
||||
(envsubst < "$template_file") > disk-config.nix
|
||||
(envsubst < "$template_file") > ./nix-config/disks/disko.nix
|
||||
echo -e "\n ✅ Generated boot disk configuration."
|
||||
|
||||
for i in $(seq 1 $NUMBER_OF_DATA_DISKS); do
|
||||
disk_var="DATA_DISK_$i"
|
||||
for i in $(seq 1 $NUMBER_OF_CONTENT_DISKS); do
|
||||
disk_var="CONTENT_DISK_$i"
|
||||
export DISK_NUMBER=$i
|
||||
export DISK_PATH=${!disk_var}
|
||||
(envsubst < "config-files/disks/data.nix") >> disk-config.nix
|
||||
(envsubst < "config-files/disks/data.nix") >> ./nix-config/disks/disko.nix
|
||||
done
|
||||
[[ "$NUMBER_OF_DATA_DISKS" -gt 0 ]] && echo -e "\n ✅ Generated $NUMBER_OF_DATA_DISKS data disk configuration(s)."
|
||||
[[ "$NUMBER_OF_CONTENT_DISKS" -gt 0 ]] && echo -e "\n ✅ Generated $NUMBER_OF_CONTENT_DISKS data disk configuration(s)."
|
||||
|
||||
for i in $(seq 1 $NUMBER_OF_PARITY_DISKS); do
|
||||
disk_var="PARITY_DISK_$i"
|
||||
export DISK_NUMBER=$i
|
||||
export DISK_PATH=${!disk_var}
|
||||
(envsubst < "config-files/disks/parity.nix") >> disk-config.nix
|
||||
(envsubst < "config-files/disks/parity.nix") >> ./nix-config/disks/disko.nix
|
||||
done
|
||||
[[ "$NUMBER_OF_PARITY_DISKS" -gt 0 ]] && echo -e "\n ✅ Generated $NUMBER_OF_PARITY_DISKS parity disk configuration(s)."
|
||||
|
||||
# Close the imports block
|
||||
cat <<'EOF' >> disk-config.nix
|
||||
# Close the disko imports block
|
||||
echo '}' >> ./nix-config/disks/disko.nix
|
||||
echo -e "\n ✅ Final disko configuration created at './nix-config/disks/disko.nix'."
|
||||
|
||||
# --> Generate automatic unlock configuration in ./nix-config/disks/snapraid.nix
|
||||
if [[ "$NUMBER_OF_CONTENT_DISKS" -gt 0 || "$NUMBER_OF_PARITY_DISKS" -gt 0 ]]; then
|
||||
echo -e "\n ⚙️ Adding automatic disk unlocking configuration to './nix-config/disks/snapraid.nix'..."
|
||||
sed -i '$ d' ./nix-config/disks/snapraid.nix
|
||||
|
||||
cat <<EOF >> ./nix-config/disks/snapraid.nix
|
||||
# --> Automatic data disks unlock, generated by deploy.sh on $(date)
|
||||
boot.initrd.luks.devices = {
|
||||
EOF
|
||||
|
||||
for i in $(seq 1 $NUMBER_OF_CONTENT_DISKS); do
|
||||
disk_var="CONTENT_DISK_$i"
|
||||
cat <<EOF >> ./nix-config/disks/snapraid.nix
|
||||
"crypted-content-disk-${i}" = {
|
||||
device = "${!disk_var}";
|
||||
keyFile = "/etc/secrets/disks/content-disk-${i}";
|
||||
};
|
||||
EOF
|
||||
done
|
||||
|
||||
for i in $(seq 1 $NUMBER_OF_PARITY_DISKS); do
|
||||
disk_var="PARITY_DISK_$i"
|
||||
cat <<EOF >> ./nix-config/disks/snapraid.nix
|
||||
"crypted-parity-disk-${i}" = {
|
||||
device = "${!disk_var}";
|
||||
keyFile = "/etc/secrets/disks/parity-disk-${i}";
|
||||
};
|
||||
EOF
|
||||
done
|
||||
cat <<'EOF' >> ./nix-config/disks/snapraid.nix
|
||||
# Automatic data disks unlock <--
|
||||
};
|
||||
}
|
||||
EOF
|
||||
echo -e "\n ✅ Final disko configuration created at 'disk-config.nix'."
|
||||
|
||||
echo -e "\n\n ✅ Automatic disks unlock configuration added."
|
||||
fi
|
||||
# Generate automatic unlock configuration in ./nix-config/disks/snapraid.nix <--
|
||||
}
|
||||
|
||||
necessary_credentials() {
|
||||
}
|
||||
|
||||
deploy() {
|
||||
echo -e "\n\n 🔄 Deploying to the remote server..."
|
||||
nix run github:nix-community/nixos-anywhere -- \
|
||||
--generate-hardware-config nixos-generate-config ./hardware-configuration.nix \
|
||||
--flake .#numbus-server \
|
||||
--generate-hardware-config nixos-generate-config ./nix-config/hardware-configuration.nix \
|
||||
--flake ./nix-config/flake.nix#numbus-server \
|
||||
--extra-files extra-files \
|
||||
--chown "/home/numbus-admin/" 1000:1000 \
|
||||
--target-host nixos@$TARGET_HOST
|
||||
@@ -487,16 +535,15 @@ deploy() {
|
||||
}
|
||||
|
||||
sum_up() {
|
||||
echo $DATA_DISK_1_KEY
|
||||
echo $DATA_DISK_2_KEY
|
||||
echo $DATA_DISK_3_KEY
|
||||
echo $DATA_DISK_4_KEY
|
||||
echo $DATA_DISK_5_KEY
|
||||
echo $DATA_DISK_6_KEY
|
||||
echo $CONTENT_DISK_1_KEY
|
||||
echo $CONTENT_DISK_2_KEY
|
||||
echo $CONTENT_DISK_3_KEY
|
||||
echo $CONTENT_DISK_4_KEY
|
||||
echo $CONTENT_DISK_5_KEY
|
||||
echo $CONTENT_DISK_6_KEY
|
||||
echo $PARITY_DISK_1_KEY
|
||||
echo $PARITY_DISK_2_KEY
|
||||
echo $PARITY_DISK_3_KEY
|
||||
|
||||
}
|
||||
|
||||
postrun_action() {
|
||||
|
||||
Reference in New Issue
Block a user