Updated activation script. Updated logic.

2026-02-13 11:23:44 +01:00
parent 46ef39cd10
commit 417e53df72
2 changed files with 46 additions and 90 deletions
@@ -384,13 +384,25 @@ services_generation() {
  }
  echo -e "\n ✅ Writing configuration files for the selected homelab services..."
  cp -avu templates/nix-config/podman/traefik.nix final-nix-config/etc/nixos/podman/traefik.nix
  cp -avu templates/nix-config/configuration.nix final-nix-config/etc/nixos/configuration.nix
  cp -avu templates/nix-config/podman/traefik.nix final-nix-config/etc/nixos/podman/traefik.nix
  envsubst < templates/podman-config/traefik/traefik.yaml > final-nix-config/mnt/config/traefik/traefik.yaml
 j=1
  for service in "${SELECTED_SERVICES[@]}"; do
-  [[ "${service}" != "virtualization" ]] && cp -avu templates/nix-config/podman/"${service}".nix final-nix-config/etc/nixos/podman/"${service}".nix
+    [[ "${service}" != "virtualization" ]] && cp -avu templates/nix-config/podman/"${service}".nix final-nix-config/etc/nixos/podman/"${service}".nix
    SERVICES_NETWORK_IDS+=("${j},$(( ${j} + 1 )):${service}")
    PODMAN_NETWORKS+="      sudo -u numbus-admin podman network exists \"${service}_frontend\" || sudo -u numbus-admin podman network create --driver=\"bridge\" --subnet=\"172.16.${j}.0/24\" --ip-range=\"172.16.${j}.0/24\" --gateway=\"172.16.${j}.254\" \"${service}_frontend\""$'\n'
    ((j++))
    PODMAN_NETWORKS+="      sudo -u numbus-admin podman network exists \"${service}_backend\" || sudo -u numbus-admin podman network create --driver=\"bridge\" --subnet=\"172.16.${j}.0/24\" --ip-range=\"172.16.${j}.0/24\" --gateway=\"172.16.${j}.254\" \"${service}_backend\""$'\n'
    TRAEFIK_NETWORKS+="              ${service}_frontend:"$'\n'
    TRAEFIK_NETWORKS+="                ipv4_address: 172.16.${j}.253"$'\n'
    TRAEFIK_REF_NETWORKS+="          ${service}_frontend:"$'\n'
    TRAEFIK_REF_NETWORKS+="            external: true"$'\n'
    ((j++))
  done
  for service in "${SELECTED_SERVICES[@]}"; do
    if [[ "${service}" == "frigate" ]]; then
      local FRIGATE_DEVICES_BLOCK=""
      [[ "${TARGET_GRAPHICS_RENDERER}" == "true" ]] && FRIGATE_DEVICES_BLOCK+="              - /dev/dri:/dev/dri\n"
@@ -407,12 +419,6 @@ services_generation() {
    elif [[ "${service}" == "gitea" ]]; then
      generate_db_creds "GITEA"
      PODMAN_NETWORKS+="      \${pkgs.podman}/bin/podman network exists \"gitea_frontend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.10.0/24\" --ip-range=\"172.16.10.0/24\" --gateway=\"172.16.10.254\" \"gitea_frontend\""$'\n'
      PODMAN_NETWORKS+="      \${pkgs.podman}/bin/podman network exists \"gitea_backend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.1.0/24\" --ip-range=\"172.16.1.0/24\" --gateway=\"172.16.1.254\" \"gitea_backend\""$'\n'
      TRAEFIK_NETWORKS+="              gitea_frontend:"$'\n'
      TRAEFIK_NETWORKS+="                ipv4_address: 172.16.10.253"$'\n'
      TRAEFIK_REF_NETWORKS+="          gitea_frontend:"$'\n'
      TRAEFIK_REF_NETWORKS+="            external: true"$'\n'
    elif [[ "${service}" == "home-assistant" ]]; then
      if [[ -n "${TARGET_ZIGBEE_DEVICE}" ]]; then
@@ -426,12 +432,6 @@ services_generation() {
      touch final-nix-config/mnt/config/mqtt/password.txt
      chmod 0700 final-nix-config/mnt/config/mqtt/password.txt
      mosquitto_passwd -b final-nix-config/mnt/config/mqtt/password.txt "$HOME_ASSISTANT_MQTT_USER" "$HOME_ASSISTANT_MQTT_PASSWORD"
      PODMAN_NETWORKS+="      \${pkgs.podman}/bin/podman network exists \"home-assistant_frontend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.20.0/24\" --ip-range=\"172.16.20.0/24\" --gateway=\"172.16.20.254\" \"home-assistant_frontend\""$'\n'
      PODMAN_NETWORKS+="      \${pkgs.podman}/bin/podman network exists \"home-assistant_backend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.2.0/24\" --ip-range=\"172.16.2.0/24\" --gateway=\"172.16.2.254\" \"home-assistant_backend\""$'\n'
      TRAEFIK_NETWORKS+="              home-assistant_frontend:"$'\n'
      TRAEFIK_NETWORKS+="                ipv4_address: 172.16.20.253"$'\n'
      TRAEFIK_REF_NETWORKS+="          home-assistant_frontend:"$'\n'
      TRAEFIK_REF_NETWORKS+="            external: true"$'\n'
    elif [[ "${service}" == "immich" ]]; then
      local IMMICH_DEVICES_BLOCK=""
@@ -443,46 +443,17 @@ services_generation() {
        sed -i "s|# --- immich devices --- #|$REPLACEMENT|" final-nix-config/etc/nixos/podman/immich.nix
      fi
      generate_db_creds "IMMICH"
      PODMAN_NETWORKS+="      \${pkgs.podman}/bin/podman network exists \"immich_frontend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.30.0/24\" --ip-range=\"172.16.30.0/24\" --gateway=\"172.16.30.254\" \"immich_frontend\""$'\n'
      PODMAN_NETWORKS+="      \${pkgs.podman}/bin/podman network exists \"immich_backend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.3.0/24\" --ip-range=\"172.16.3.0/24\" --gateway=\"172.16.3.254\" \"immich_backend\""$'\n'
      TRAEFIK_NETWORKS+="              immich_frontend:"$'\n'
      TRAEFIK_NETWORKS+="                ipv4_address: 172.16.30.253"$'\n'
      TRAEFIK_REF_NETWORKS+="          immich_frontend:"$'\n'
      TRAEFIK_REF_NETWORKS+="            external: true"$'\n'
    elif [[ "${service}" == "it-tools" ]]; then
      PODMAN_NETWORKS+="      \${pkgs.podman}/bin/podman network exists \"it-tools_frontend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.40.0/24\" --ip-range=\"172.16.40.0/24\" --gateway=\"172.16.40.254\" \"it-tools_frontend\""$'\n'
      TRAEFIK_NETWORKS+="              it-tools_frontend:"$'\n'
      TRAEFIK_NETWORKS+="                ipv4_address: 172.16.40.253"$'\n'
      TRAEFIK_REF_NETWORKS+="          it-tools_frontend:"$'\n'
      TRAEFIK_REF_NETWORKS+="            external: true"$'\n'
    elif [[ "${service}" == "nextcloud" ]]; then
      envsubst < templates/podman-config/traefik/nextcloud.yaml > final-nix-config/mnt/config/traefik/rules/nextcloud.yaml
      PODMAN_NETWORKS+="      \${pkgs.podman}/bin/podman network exists \"nextcloud-aio\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.50.0/24\" --ip-range=\"172.16.50.0/24\" --gateway=\"172.16.50.254\" \"nextcloud-aio\""$'\n'
      TRAEFIK_NETWORKS+="              nextcloud-aio:"$'\n'
      TRAEFIK_NETWORKS+="                ipv4_address: 172.16.50.253"$'\n'
      TRAEFIK_REF_NETWORKS+="          nextcloud-aio:"$'\n'
      TRAEFIK_REF_NETWORKS+="            external: true"$'\n'
    elif [[ "${service}" == "passbolt" ]]; then
      generate_db_creds "PASSBOLT"
      envsubst < templates/podman-config/traefik/headers.yaml > final-nix-config/mnt/config/traefik/rules/headers.yaml
      envsubst < templates/podman-config/traefik/tls.yaml > final-nix-config/mnt/config/traefik/rules/tls.yaml
      PODMAN_NETWORKS+="      \${pkgs.podman}/bin/podman network exists \"passbolt_frontend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.60.0/24\" --ip-range=\"172.16.60.0/24\" --gateway=\"172.16.60.254\" \"passbolt_frontend\""$'\n'
      PODMAN_NETWORKS+="      \${pkgs.podman}/bin/podman network exists \"passbolt_backend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.6.0/24\" --ip-range=\"172.16.6.0/24\" --gateway=\"172.16.6.254\" \"passbolt_backend\""$'\n'
      TRAEFIK_NETWORKS+="              passbolt_frontend:"$'\n'
      TRAEFIK_NETWORKS+="                ipv4_address: 172.16.60.253"$'\n'
      TRAEFIK_REF_NETWORKS+="          passbolt_frontend:"$'\n'
      TRAEFIK_REF_NETWORKS+="            external: true"$'\n'
    elif [[ "${service}" == "pi-hole" ]]; then
      export FTLCONF_WEBSERVER_PASSWORD="$(xkcdpass -d "-")"
      PODMAN_NETWORKS+="      \${pkgs.podman}/bin/podman network exists \"pi-hole_frontend\" || \${pkgs.podman}/bin/podman network create --driver=\"bridge\" --subnet=\"172.16.70.0/24\" --ip-range=\"172.16.70.0/24\" --gateway=\"172.16.70.254\" \"pi-hole_frontend\""$'\n'
      TRAEFIK_NETWORKS+="              pi-hole_frontend:"$'\n'
      TRAEFIK_NETWORKS+="                ipv4_address: 172.16.70.253"$'\n'
      TRAEFIK_REF_NETWORKS+="          pi-hole_frontend:"$'\n'
      TRAEFIK_REF_NETWORKS+="            external: true"$'\n'
    elif [[ "${service}" == "virtualization" ]]; then
      sed -i "s|#  virtualisation.libvirtd.enable = true;|  virtualisation.libvirtd.enable = true;|" final-nix-config/etc/nixos/configuration.nix
@@ -810,23 +781,24 @@ export_configuration() {
  cp -avu templates/post-install/numbus-server.sh "$CONFIG_EXPORT_DIR"
-  echo "export TARGET_INTERFACE=\"${TARGET_INTERFACE}\""         >> $CONFIG_EXPORT_FILE
+  echo "export TARGET_INTERFACE=\"${TARGET_INTERFACE}\""              >> $CONFIG_EXPORT_FILE
-  echo -e "\n# SERVER SETTINGS"                                  >> $CONFIG_EXPORT_FILE
+  echo -e "\n# SERVER SETTINGS"                                       >> $CONFIG_EXPORT_FILE
-  echo "export SERVER_OWNER_NAME=\"${SERVER_OWNER_NAME:-User}\"" >> $CONFIG_EXPORT_FILE
+  echo "export SERVER_OWNER_NAME=\"${SERVER_OWNER_NAME:-User}\""      >> $CONFIG_EXPORT_FILE
-  echo -e "\n# DISK SETTINGS"                                    >> $CONFIG_EXPORT_FILE
+  echo -e "\n# DISK SETTINGS"                                         >> $CONFIG_EXPORT_FILE
-  echo "export BOOT_DISKS_ID=\"(${BOOT_DISKS_ID[@]})\""          >> $CONFIG_EXPORT_FILE
+  echo "export BOOT_DISKS_ID=\"(${BOOT_DISKS_ID[@]})\""               >> $CONFIG_EXPORT_FILE
-  echo "export DATA_DISKS_ID=\"(${DATA_DISKS_ID[@]})\""          >> $CONFIG_EXPORT_FILE
+  echo "export DATA_DISKS_ID=\"(${DATA_DISKS_ID[@]})\""               >> $CONFIG_EXPORT_FILE
-  echo "export DATA_DISKS_TYPE=\"(${DATA_DISKS_TYPE[@]})\""      >> $CONFIG_EXPORT_FILE
+  echo "export DATA_DISKS_TYPE=\"(${DATA_DISKS_TYPE[@]})\""           >> $CONFIG_EXPORT_FILE
-  echo "export SPINDOWN_DISKS_ID=\"(${SPINDOWN_DISKS_ID[@]})\""  >> $CONFIG_EXPORT_FILE
+  echo "export SPINDOWN_DISKS_ID=\"(${SPINDOWN_DISKS_ID[@]})\""       >> $CONFIG_EXPORT_FILE
-  echo "export CONTENT_DISK_NUMBER=\"${CONTENT_DISK_NUMBER}\""   >> $CONFIG_EXPORT_FILE
+  echo "export CONTENT_DISK_NUMBER=\"${CONTENT_DISK_NUMBER}\""        >> $CONFIG_EXPORT_FILE
-  echo "export PARITY_DISK_NUMBER=\"${PARITY_DISK_NUMBER}\""     >> $CONFIG_EXPORT_FILE
+  echo "export PARITY_DISK_NUMBER=\"${PARITY_DISK_NUMBER}\""          >> $CONFIG_EXPORT_FILE
-  echo -e "\n# TPM SETTINGS"                                     >> $CONFIG_EXPORT_FILE
+  echo -e "\n# TPM SETTINGS"                                          >> $CONFIG_EXPORT_FILE
-  echo "export TARGET_TPM=\"${TARGET_TPM}\""                     >> $CONFIG_EXPORT_FILE
+  echo "export TARGET_TPM=\"${TARGET_TPM}\""                          >> $CONFIG_EXPORT_FILE
-  echo "export TARGET_TPM_VERSION=\"${TARGET_TPM_VERSION:-}\""   >> $CONFIG_EXPORT_FILE
+  echo "export TARGET_TPM_VERSION=\"${TARGET_TPM_VERSION:-}\""        >> $CONFIG_EXPORT_FILE
-  echo -e "\n# Podman SETTINGS"                                  >> $CONFIG_EXPORT_FILE
+  echo -e "\n# Podman SETTINGS"                                       >> $CONFIG_EXPORT_FILE
-  echo "export PODMAN_NETWORKS=\"${PODMAN_NETWORKS}\""           >> $CONFIG_EXPORT_FILE
+  echo "export PODMAN_NETWORKS=\"${PODMAN_NETWORKS}\""                >> $CONFIG_EXPORT_FILE
-  echo "export TRAEFIK_NETWORKS=\"${TRAEFIK_NETWORKS}\""         >> $CONFIG_EXPORT_FILE
+  echo "export TRAEFIK_NETWORKS=\"${TRAEFIK_NETWORKS}\""              >> $CONFIG_EXPORT_FILE
-  echo "export TRAEFIK_REF_NETWORKS=\"${TRAEFIK_REF_NETWORKS}\"" >> $CONFIG_EXPORT_FILE
+  echo "export TRAEFIK_REF_NETWORKS=\"${TRAEFIK_REF_NETWORKS}\""      >> $CONFIG_EXPORT_FILE
  echo "export SERVICES_NETWORK_IDS=\"(${SERVICES_NETWORK_IDS[@]})\"" >> $CONFIG_EXPORT_FILE
 }
 deploy() {
@@ -871,7 +843,7 @@ postrun_action() {
    fi
  done
-  if [[ "${TARGET_TPM}" == "true" && "${TARGET_TPM_VERSION}" == "2" ]]; then
+  if [[ "${TARGET_TPM}" == "true" && ${TARGET_TPM_VERSION} -eq 2 ]]; then
    gum style --border normal --margin "1" --padding "1 2" --border-foreground 212 "
        A TPM version 2 has been detected on the system. You can choose to enable automatic disk decryption on boot.
    Enabling automatic disk decryption on boot means that you won't have to enter your disk password everytime you start your server.
@@ -901,7 +873,7 @@ EOF
      echo "Skipping TPM configuration."
    fi
    else
-      echo "No supported TPM detected (TPM2 required). Skipping TPM configuration."
+      echo "No supported TPM detected (TPM version 2 required). Skipping TPM configuration."
  fi
  gum style --border normal --margin "1" --padding "1 2" --border-foreground 212 "
@@ -1,11 +1,11 @@
 { config, pkgs, ... }:
 {
-  systemd.services.numbus-activation-chowned = {
+  systemd.services.numbus-activation = {
    description = "Numbus-Server activation : Correct permissions";
    wantedBy = [ "multi-user.target" "traefik.service" ];
    after = [ "network.target" "local-fs.target" ];
-    path = [ pkgs.coreutils ];
+    path = [ pkgs.coreutils pkgs.podman pkgs.sudo ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
@@ -13,7 +13,7 @@
    script = ''
      #!/usr/bin/env bash
-      if [[ -e /home/numbus-admin/.numbus-server/chowned.true ]]; then
+      if [[ -e /home/numbus-admin/.numbus-server/activated.true ]]; then
        exit 0
      fi
@@ -22,32 +22,12 @@
      chown -R numbus-admin:users /mnt/config/
      chown -R numbus-admin:users /mnt/data/
      chown -R 100032:users /mnt/data/nextcloud/
      chown -R numbus-admin:users /home/numbus-admin/.numbus-server/
      touch /home/numbus-admin/.numbus-server/chowned.true
    '';
  };
  systemd.services.numbus-activation-networked = {
    description = "Numbus-Server activation : Create podman networks";
    wantedBy = [ "multi-user.target" "traefik.service" ];
    before = [ "traefik.service" ];
    after = [ "network.target" "local-fs.target" "numbus-activation-chowned.service" ];
    path = [ pkgs.podman pkgs.coreutils ];
    serviceConfig = {
      User = "numbus-admin";
      Environment = [ "XDG_RUNTIME_DIR=/run/user/1000" ];
      Type = "oneshot";
      RemainAfterExit = true;
    };
    script = ''
      #!/usr/bin/env bash
      export PATH=$PATH:/run/wrappers/bin
 PODMAN_NETWORKS
      mkdir -p /home/numbus-admin/.numbus-server/
-      touch /home/numbus-admin/.numbus-server/networked.true
+      touch /home/numbus-admin/.numbus-server/activated.true
      chown -R numbus-admin:users /home/numbus-admin/.numbus-server/
    '';
  };
@@ -62,7 +42,7 @@ PODMAN_NETWORKS
      "pi-hole.service"
      "home-assistant.service"
    ];
-    path = [ pkgs.curl pkgs.coreutils pkgs.systemd pkgs.podman ];
+    path = [ pkgs.curl pkgs.coreutils pkgs.systemd pkgs.podman pkgs.sudo ];
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
@@ -79,12 +59,13 @@ PODMAN_NETWORKS
      if [[ -e /etc/nixos/podman/pi-hole.nix ]]; then
        mkdir -p /mnt/config/pi-hole/
        chown -R numbus-admin:users /mnt/config/pi-hole/
        until [[ -e /mnt/config/pi-hole/pihole-FTL.db ]]; do
          echo "Waiting for Pi-hole to be ready..."
          sleep 15
        done
        sleep 60
-        podman exec pi-hole pihole -g
+        sudo -u numbus-admin podman exec pi-hole pihole -g
        sleep 60
        systemctl restart pi-hole.service
        echo "Pi-Hole quirk applied and service ready !"
@@ -92,6 +73,7 @@ PODMAN_NETWORKS
      if [[ -e /etc/nixos/podman/home-assistant.nix ]]; then
        mkdir -p /mnt/config/home-assistant/
        chown -R numbus-admin:users /mnt/config/home-assistant/
        until [[ -e /mnt/config/home-assistant/configuration.yaml ]]; do
          echo "Waiting for Home Assistant to be ready..."
          sleep 15
@@ -112,6 +94,7 @@ EOF
      if [[ -e /etc/nixos/podman/frigate.nix ]]; then
        mkdir -p /mnt/config/frigate/
        chown -R numbus-admin:users /mnt/config/frigate/
        until [[ -e /mnt/config/frigate/config.yaml ]]; do
          echo "Waiting for Frigate to be ready..."
          sleep 15
@@ -129,6 +112,7 @@ EOF
      mkdir -p /home/numbus-admin/.numbus-server/
      touch /home/numbus-admin/.numbus-server/quirked.true
      chown -R numbus-admin:users /home/numbus-admin/.numbus-server/
    '';
  };
 }