numbus/numbus-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated activation script. Updated logic.

Browse Source
This commit is contained in:
Raphaël Numbus
2026-02-13 11:23:44 +01:00
parent 46ef39cd10
commit 417e53df72
2 changed files with 46 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy.sh
+34 -62
View File
@@ -384,13 +384,25 @@ services_generation() {
}
echo -e "\n ✅ Writing configuration files for the selected homelab services..."
cp -avu templates/nix-config/podman/traefik.nix final-nix-config/etc/nixos/podman/traefik.nix
cp -avu templates/nix-config/configuration.nix final-nix-config/etc/nixos/configuration.nix
cp -avu templates/nix-config/podman/traefik.nix final-nix-config/etc/nixos/podman/traefik.nix
envsubst < templates/podman-config/traefik/traefik.yaml > final-nix-config/mnt/config/traefik/traefik.yaml
j=1
for service in "${SELECTED_SERVICES[@]}"; do
[[ "${service}" != "virtualization" ]] && cp -avu templates/nix-config/podman/"${service}".nix final-nix-config/etc/nixos/podman/"${service}".nix
[[ "${service}" != "virtualization" ]] && cp -avu templates/nix-config/podman/"${service}".nix final-nix-config/etc/nixos/podman/"${service}".nix
SERVICES_NETWORK_IDS+=("${j},$(( ${j} + 1 )):${service}")
PODMAN_NETWORKS+=" sudo -u numbus-admin podman network exists \"${service}_frontend\" || sudo -u numbus-admin podman network create --driver=\"bridge\" --subnet=\"172.16.${j}.0/24\" --ip-range=\"172.16.${j}.0/24\" --gateway=\"172.16.${j}.254\" \"${service}_frontend\""$'\n'
((j++))
PODMAN_NETWORKS+=" sudo -u numbus-admin podman network exists \"${service}_backend\" || sudo -u numbus-admin podman network create --driver=\"bridge\" --subnet=\"172.16.${j}.0/24\" --ip-range=\"172.16.${j}.0/24\" --gateway=\"172.16.${j}.254\" \"${service}_backend\""$'\n'
TRAEFIK_NETWORKS+=" ${service}_frontend:"$'\n'
TRAEFIK_NETWORKS+=" ipv4_address: 172.16.${j}.253"$'\n'
TRAEFIK_REF_NETWORKS+=" ${service}_frontend:"$'\n'
TRAEFIK_REF_NETWORKS+=" external: true"$'\n'
((j++))
done
for service in "${SELECTED_SERVICES[@]}"; do
if [[ "${service}" == "frigate" ]]; then
local FRIGATE_DEVICES_BLOCK=""
[[ "${TARGET_GRAPHICS_RENDERER}" == "true" ]] && FRIGATE_DEVICES_BLOCK+=" - /dev/dri:/dev/dri\n"
@@ -407,12 +419,6 @@ services_generation() {
elif [[ "${service}" == "gitea" ]]; then
generate_db_creds "GITEA"
PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"gitea_frontend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.10.0/24\" --ip-range=\"172.16.10.0/24\" --gateway=\"172.16.10.254\" \"gitea_frontend\""$'\n'
PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"gitea_backend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.1.0/24\" --ip-range=\"172.16.1.0/24\" --gateway=\"172.16.1.254\" \"gitea_backend\""$'\n'
TRAEFIK_NETWORKS+=" gitea_frontend:"$'\n'
TRAEFIK_NETWORKS+=" ipv4_address: 172.16.10.253"$'\n'
TRAEFIK_REF_NETWORKS+=" gitea_frontend:"$'\n'
TRAEFIK_REF_NETWORKS+=" external: true"$'\n'
elif [[ "${service}" == "home-assistant" ]]; then
if [[ -n "${TARGET_ZIGBEE_DEVICE}" ]]; then
@@ -426,12 +432,6 @@ services_generation() {
touch final-nix-config/mnt/config/mqtt/password.txt
chmod 0700 final-nix-config/mnt/config/mqtt/password.txt
mosquitto_passwd -b final-nix-config/mnt/config/mqtt/password.txt "$HOME_ASSISTANT_MQTT_USER" "$HOME_ASSISTANT_MQTT_PASSWORD"
PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"home-assistant_frontend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.20.0/24\" --ip-range=\"172.16.20.0/24\" --gateway=\"172.16.20.254\" \"home-assistant_frontend\""$'\n'
PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"home-assistant_backend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.2.0/24\" --ip-range=\"172.16.2.0/24\" --gateway=\"172.16.2.254\" \"home-assistant_backend\""$'\n'
TRAEFIK_NETWORKS+=" home-assistant_frontend:"$'\n'
TRAEFIK_NETWORKS+=" ipv4_address: 172.16.20.253"$'\n'
TRAEFIK_REF_NETWORKS+=" home-assistant_frontend:"$'\n'
TRAEFIK_REF_NETWORKS+=" external: true"$'\n'
elif [[ "${service}" == "immich" ]]; then
local IMMICH_DEVICES_BLOCK=""
@@ -443,46 +443,17 @@ services_generation() {
sed -i "s|# --- immich devices --- #|$REPLACEMENT|" final-nix-config/etc/nixos/podman/immich.nix
fi
generate_db_creds "IMMICH"
PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"immich_frontend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.30.0/24\" --ip-range=\"172.16.30.0/24\" --gateway=\"172.16.30.254\" \"immich_frontend\""$'\n'
PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"immich_backend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.3.0/24\" --ip-range=\"172.16.3.0/24\" --gateway=\"172.16.3.254\" \"immich_backend\""$'\n'
TRAEFIK_NETWORKS+=" immich_frontend:"$'\n'
TRAEFIK_NETWORKS+=" ipv4_address: 172.16.30.253"$'\n'
TRAEFIK_REF_NETWORKS+=" immich_frontend:"$'\n'
TRAEFIK_REF_NETWORKS+=" external: true"$'\n'
elif [[ "${service}" == "it-tools" ]]; then
PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"it-tools_frontend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.40.0/24\" --ip-range=\"172.16.40.0/24\" --gateway=\"172.16.40.254\" \"it-tools_frontend\""$'\n'
TRAEFIK_NETWORKS+=" it-tools_frontend:"$'\n'
TRAEFIK_NETWORKS+=" ipv4_address: 172.16.40.253"$'\n'
TRAEFIK_REF_NETWORKS+=" it-tools_frontend:"$'\n'
TRAEFIK_REF_NETWORKS+=" external: true"$'\n'
elif [[ "${service}" == "nextcloud" ]]; then
envsubst < templates/podman-config/traefik/nextcloud.yaml > final-nix-config/mnt/config/traefik/rules/nextcloud.yaml
PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"nextcloud-aio\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.50.0/24\" --ip-range=\"172.16.50.0/24\" --gateway=\"172.16.50.254\" \"nextcloud-aio\""$'\n'
TRAEFIK_NETWORKS+=" nextcloud-aio:"$'\n'
TRAEFIK_NETWORKS+=" ipv4_address: 172.16.50.253"$'\n'
TRAEFIK_REF_NETWORKS+=" nextcloud-aio:"$'\n'
TRAEFIK_REF_NETWORKS+=" external: true"$'\n'
elif [[ "${service}" == "passbolt" ]]; then
generate_db_creds "PASSBOLT"
envsubst < templates/podman-config/traefik/headers.yaml > final-nix-config/mnt/config/traefik/rules/headers.yaml
envsubst < templates/podman-config/traefik/tls.yaml > final-nix-config/mnt/config/traefik/rules/tls.yaml
PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"passbolt_frontend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.60.0/24\" --ip-range=\"172.16.60.0/24\" --gateway=\"172.16.60.254\" \"passbolt_frontend\""$'\n'
PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"passbolt_backend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.6.0/24\" --ip-range=\"172.16.6.0/24\" --gateway=\"172.16.6.254\" \"passbolt_backend\""$'\n'
TRAEFIK_NETWORKS+=" passbolt_frontend:"$'\n'
TRAEFIK_NETWORKS+=" ipv4_address: 172.16.60.253"$'\n'
TRAEFIK_REF_NETWORKS+=" passbolt_frontend:"$'\n'
TRAEFIK_REF_NETWORKS+=" external: true"$'\n'
elif [[ "${service}" == "pi-hole" ]]; then
export FTLCONF_WEBSERVER_PASSWORD="$(xkcdpass -d "-")"
PODMAN_NETWORKS+=" \${pkgs.podman}/bin/podman network exists \"pi-hole_frontend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.70.0/24\" --ip-range=\"172.16.70.0/24\" --gateway=\"172.16.70.254\" \"pi-hole_frontend\""$'\n'
TRAEFIK_NETWORKS+=" pi-hole_frontend:"$'\n'
TRAEFIK_NETWORKS+=" ipv4_address: 172.16.70.253"$'\n'
TRAEFIK_REF_NETWORKS+=" pi-hole_frontend:"$'\n'
TRAEFIK_REF_NETWORKS+=" external: true"$'\n'
elif [[ "${service}" == "virtualization" ]]; then
sed -i "s|# virtualisation.libvirtd.enable = true;| virtualisation.libvirtd.enable = true;|" final-nix-config/etc/nixos/configuration.nix
@@ -810,23 +781,24 @@ export_configuration() {
cp -avu templates/post-install/numbus-server.sh "$CONFIG_EXPORT_DIR"
echo "export TARGET_INTERFACE=\"${TARGET_INTERFACE}\"" >> $CONFIG_EXPORT_FILE
echo -e "\n# SERVER SETTINGS" >> $CONFIG_EXPORT_FILE
echo "export SERVER_OWNER_NAME=\"${SERVER_OWNER_NAME:-User}\"" >> $CONFIG_EXPORT_FILE
echo -e "\n# DISK SETTINGS" >> $CONFIG_EXPORT_FILE
echo "export BOOT_DISKS_ID=\"(${BOOT_DISKS_ID[@]})\"" >> $CONFIG_EXPORT_FILE
echo "export DATA_DISKS_ID=\"(${DATA_DISKS_ID[@]})\"" >> $CONFIG_EXPORT_FILE
echo "export DATA_DISKS_TYPE=\"(${DATA_DISKS_TYPE[@]})\"" >> $CONFIG_EXPORT_FILE
echo "export SPINDOWN_DISKS_ID=\"(${SPINDOWN_DISKS_ID[@]})\"" >> $CONFIG_EXPORT_FILE
echo "export CONTENT_DISK_NUMBER=\"${CONTENT_DISK_NUMBER}\"" >> $CONFIG_EXPORT_FILE
echo "export PARITY_DISK_NUMBER=\"${PARITY_DISK_NUMBER}\"" >> $CONFIG_EXPORT_FILE
echo -e "\n# TPM SETTINGS" >> $CONFIG_EXPORT_FILE
echo "export TARGET_TPM=\"${TARGET_TPM}\"" >> $CONFIG_EXPORT_FILE
echo "export TARGET_TPM_VERSION=\"${TARGET_TPM_VERSION:-}\"" >> $CONFIG_EXPORT_FILE
echo -e "\n# Podman SETTINGS" >> $CONFIG_EXPORT_FILE
echo "export PODMAN_NETWORKS=\"${PODMAN_NETWORKS}\"" >> $CONFIG_EXPORT_FILE
echo "export TRAEFIK_NETWORKS=\"${TRAEFIK_NETWORKS}\"" >> $CONFIG_EXPORT_FILE
echo "export TRAEFIK_REF_NETWORKS=\"${TRAEFIK_REF_NETWORKS}\"" >> $CONFIG_EXPORT_FILE
echo "export TARGET_INTERFACE=\"${TARGET_INTERFACE}\"" >> $CONFIG_EXPORT_FILE
echo -e "\n# SERVER SETTINGS" >> $CONFIG_EXPORT_FILE
echo "export SERVER_OWNER_NAME=\"${SERVER_OWNER_NAME:-User}\"" >> $CONFIG_EXPORT_FILE
echo -e "\n# DISK SETTINGS" >> $CONFIG_EXPORT_FILE
echo "export BOOT_DISKS_ID=\"(${BOOT_DISKS_ID[@]})\"" >> $CONFIG_EXPORT_FILE
echo "export DATA_DISKS_ID=\"(${DATA_DISKS_ID[@]})\"" >> $CONFIG_EXPORT_FILE
echo "export DATA_DISKS_TYPE=\"(${DATA_DISKS_TYPE[@]})\"" >> $CONFIG_EXPORT_FILE
echo "export SPINDOWN_DISKS_ID=\"(${SPINDOWN_DISKS_ID[@]})\"" >> $CONFIG_EXPORT_FILE
echo "export CONTENT_DISK_NUMBER=\"${CONTENT_DISK_NUMBER}\"" >> $CONFIG_EXPORT_FILE
echo "export PARITY_DISK_NUMBER=\"${PARITY_DISK_NUMBER}\"" >> $CONFIG_EXPORT_FILE
echo -e "\n# TPM SETTINGS" >> $CONFIG_EXPORT_FILE
echo "export TARGET_TPM=\"${TARGET_TPM}\"" >> $CONFIG_EXPORT_FILE
echo "export TARGET_TPM_VERSION=\"${TARGET_TPM_VERSION:-}\"" >> $CONFIG_EXPORT_FILE
echo -e "\n# Podman SETTINGS" >> $CONFIG_EXPORT_FILE
echo "export PODMAN_NETWORKS=\"${PODMAN_NETWORKS}\"" >> $CONFIG_EXPORT_FILE
echo "export TRAEFIK_NETWORKS=\"${TRAEFIK_NETWORKS}\"" >> $CONFIG_EXPORT_FILE
echo "export TRAEFIK_REF_NETWORKS=\"${TRAEFIK_REF_NETWORKS}\"" >> $CONFIG_EXPORT_FILE
echo "export SERVICES_NETWORK_IDS=\"(${SERVICES_NETWORK_IDS[@]})\"" >> $CONFIG_EXPORT_FILE
}
deploy() {
@@ -871,7 +843,7 @@ postrun_action() {
fi
done
if [[ "${TARGET_TPM}" == "true" && "${TARGET_TPM_VERSION}" == "2" ]]; then
if [[ "${TARGET_TPM}" == "true" && ${TARGET_TPM_VERSION} -eq 2 ]]; then
gum style --border normal --margin "1" --padding "1 2" --border-foreground 212 "
A TPM version 2 has been detected on the system. You can choose to enable automatic disk decryption on boot.
Enabling automatic disk decryption on boot means that you won't have to enter your disk password everytime you start your server.
@@ -901,7 +873,7 @@ EOF
echo "Skipping TPM configuration."
fi
else
echo "No supported TPM detected (TPM2 required). Skipping TPM configuration."
echo "No supported TPM detected (TPM version 2 required). Skipping TPM configuration."
fi
gum style --border normal --margin "1" --padding "1 2" --border-foreground 212 "
templates/nix-config/misc/activation.nix
+12 -28
View File
@@ -1,11 +1,11 @@
{ config, pkgs, ... }:
{
systemd.services.numbus-activation-chowned = {
systemd.services.numbus-activation = {
description = "Numbus-Server activation : Correct permissions";
wantedBy = [ "multi-user.target" "traefik.service" ];
after = [ "network.target" "local-fs.target" ];
path = [ pkgs.coreutils ];
path = [ pkgs.coreutils pkgs.podman pkgs.sudo ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
@@ -13,7 +13,7 @@
script = ''
#!/usr/bin/env bash
if [[ -e /home/numbus-admin/.numbus-server/chowned.true ]]; then
if [[ -e /home/numbus-admin/.numbus-server/activated.true ]]; then
exit 0
fi
@@ -22,32 +22,12 @@
chown -R numbus-admin:users /mnt/config/
chown -R numbus-admin:users /mnt/data/
chown -R 100032:users /mnt/data/nextcloud/
chown -R numbus-admin:users /home/numbus-admin/.numbus-server/
touch /home/numbus-admin/.numbus-server/chowned.true
'';
};
systemd.services.numbus-activation-networked = {
description = "Numbus-Server activation : Create podman networks";
wantedBy = [ "multi-user.target" "traefik.service" ];
before = [ "traefik.service" ];
after = [ "network.target" "local-fs.target" "numbus-activation-chowned.service" ];
path = [ pkgs.podman pkgs.coreutils ];
serviceConfig = {
User = "numbus-admin";
Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
#!/usr/bin/env bash
export PATH=$PATH:/run/wrappers/bin
PODMAN_NETWORKS
mkdir -p /home/numbus-admin/.numbus-server/
touch /home/numbus-admin/.numbus-server/networked.true
touch /home/numbus-admin/.numbus-server/activated.true
chown -R numbus-admin:users /home/numbus-admin/.numbus-server/
'';
};
@@ -62,7 +42,7 @@ PODMAN_NETWORKS
"pi-hole.service"
"home-assistant.service"
];
path = [ pkgs.curl pkgs.coreutils pkgs.systemd pkgs.podman ];
path = [ pkgs.curl pkgs.coreutils pkgs.systemd pkgs.podman pkgs.sudo ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
@@ -79,12 +59,13 @@ PODMAN_NETWORKS
if [[ -e /etc/nixos/podman/pi-hole.nix ]]; then
mkdir -p /mnt/config/pi-hole/
chown -R numbus-admin:users /mnt/config/pi-hole/
until [[ -e /mnt/config/pi-hole/pihole-FTL.db ]]; do
echo "Waiting for Pi-hole to be ready..."
sleep 15
done
sleep 60
podman exec pi-hole pihole -g
sudo -u numbus-admin podman exec pi-hole pihole -g
sleep 60
systemctl restart pi-hole.service
echo "Pi-Hole quirk applied and service ready !"
@@ -92,6 +73,7 @@ PODMAN_NETWORKS
if [[ -e /etc/nixos/podman/home-assistant.nix ]]; then
mkdir -p /mnt/config/home-assistant/
chown -R numbus-admin:users /mnt/config/home-assistant/
until [[ -e /mnt/config/home-assistant/configuration.yaml ]]; do
echo "Waiting for Home Assistant to be ready..."
sleep 15
@@ -112,6 +94,7 @@ EOF
if [[ -e /etc/nixos/podman/frigate.nix ]]; then
mkdir -p /mnt/config/frigate/
chown -R numbus-admin:users /mnt/config/frigate/
until [[ -e /mnt/config/frigate/config.yaml ]]; do
echo "Waiting for Frigate to be ready..."
sleep 15
@@ -129,6 +112,7 @@ EOF
mkdir -p /home/numbus-admin/.numbus-server/
touch /home/numbus-admin/.numbus-server/quirked.true
chown -R numbus-admin:users /home/numbus-admin/.numbus-server/
'';
};
}