Big update. Data lost found back.

2025-11-14 19:48:16 +01:00
parent 300b0cbccb
commit 60e5dd2615
2 changed files with 202 additions and 275 deletions
@@ -1,65 +1,66 @@
-# Numbus Server Configuration
+# ☁️ Numbus Server: Your Personal Cloud, Simplified 🚀
-## Project Overview
+Welcome to the **Numbus Server** project! This repository provides a complete NixOS configuration to deploy a personal home server with a rich set of services in minutes. Our goal is to make self-hosting accessible to everyone, allowing you to take back control of your data with a solution that is easy to manage and highly reliable.
-Welcome to the **numbus server** project ! This **repository** contains the numbus server **NixOS configuration**. 
+## ✨ Features
-It uses the **Nix** package manager and the **NixOS** operating system to declaratively **manage** the **entire system** configuration.
+-   🌐 **Free & Open-Source:** Built with transparency and community collaboration in mind.
 -   🚀 **Easy Deployment:** Get your server up and running in minutes with a single command.
 -   🛠️ **Set & Forget:** A highly reliable, low-maintenance solution.
 -   🔒 **Secure by Design:** Strong security practices are at the core of our configuration.
 -   📦 **Popular Services:** Access a wide range of popular, pre-configured services.
 -   ⚙️ **Declarative & Reproducible:** Thanks to NixOS, your system configuration is entirely declarative, ensuring reproducibility and easy maintenance.
-The goal of this project is to be able to **deploy** a server with a **large set** of services **in minutes**. 
+## 🛠️ Key Technologies
-This make **homelabbing** very **accessible** and **easy** and allows non-very-technical users to **take control over their data**.
+-   **NixOS:** A declarative Linux distribution that makes system management a breeze.
 -   **Nix Flakes:** For reproducible builds and dependency management.
 -   **Docker & Docker Compose:** To run containerized services with ease.
 -   **Traefik:** A modern reverse proxy for securely exposing services.
 -   **Sops-nix:** For secure and convenient management of secrets.
 -   **NixOS-anywhere:** For seamless initial deployment to any machine.
 -   **Disko:** For declarative and predictable disk partitioning.
-#### Features
+## 🚀 Getting Started
- Fully **free**, **libre** and **open-source** project.
+The entire deployment process is automated with the `deploy.sh` script. This script dynamically adapts the configuration to your hardware, network environment, and secrets.
 - **Easy** to deploy.
 - **Set** and **forget** solution.
 - Highly **reliable**.
 - **Secure**.
 - Plenty of **popular** services **available**.
-#### Key Technologies
+**1. Clone the Repository:**
 - **NixOS:** The declarative Linux distribution. For an easy management of Linux systems. Deploy, maintain, and update your system like a breeze.
 - **Nix Flakes:** Used for reproducible builds and dependency management.
 - **Docker & Docker Compose:** For running containerised services with the Traefik reverse proxy.
 - **Sops-nix:** For managing secrets.
 - **NixOS-anywhere:** For the first deployment of the NixOS configuration to a remote machine.
 - **Disko:** For declarative disk partitioning.
-## Get started
+```bash
 git clone https://git.numbus.eu/raphael/numbus-server.git
 cd numbus-server
 ```
-The primary workflow for this project is centred around the **`deploy.sh`** script. This script automates the entire process of deploying the **`numbus-server`** configuration to a new machine. 
+**2. Run the Deployment Script:**
-NixOS does the **heavy lifting** when it comes to system configuration but there are still **changes** that need to be made **dynamically** to adapt to your system : for example, your **hardware** configuration, **keys** and **secrets**, **network** environment, etc.
+```bash
 sudo bash deploy.sh
 ```
-#### Deployment modes
+**3. Follow the Prompts:**
-The deployment process is handled by the **`deploy.sh`** script. This script can be run in three modes:
+The script will guide you through the setup process, including choosing a deployment mode and providing the necessary information. Once completed, the script will:
-1. **Interactive Mode:** The script will prompt for all necessary configuration values, such as the target host's IP address, the disk to install on, domain names, and API tokens.
+-   Adapt the configuration to your machine.
-2. **Non-interactive automated Mode:** The script can read configuration values from a file, allowing for non-interactive deployments.
+-   Generate SSH and `sops` keys.
-3. **Update and maintain mode**: The script will update a remote system on which this NixOS configuration has already been deployed.
+-   Encrypt secrets for secure storage.
 -   Generate configuration files for Docker services.
 -   Deploy the NixOS configuration using `nixos-anywhere`.
 -   Verify the deployment and guide you through the final setup of the web UIs.
-#### To run the deployment:
+## 🔧 Deployment Modes
-1. Get the repository by cloning it:
+The `deploy.sh` script offers three modes to suit your needs:
-    ```bash
+1.  **Interactive Mode:** The script will prompt you for all necessary configuration values, such as the target host's IP address, the disk to install on, domain names, and API tokens.
-    git clone https://git.numbus.eu/raphael/numbus-server.git
+2.  **Non-interactive Automated Mode:** The script can read configuration values from a file, allowing for unattended deployments.
-    ```
+3.  **Update and Maintain Mode:** This mode allows you to update a remote system on which this NixOS configuration has already been deployed.
 2.  Run the deployment script:
    ```bash
    sudo bash deploy.sh
    ```
 3.  Follow the on-screen prompts to choose the deployment mode and provide the required information.
-The script will then perform the following actions:
+## 🤝 Contributing
- Adapt the configuration to the current machine.
+Contributions are welcome! If you have any ideas, suggestions, or bug reports, please open an issue or submit a pull request.
- Generate SSH and `sops` keys.
+
- Gather secrets locally and encrypt them on the remote machine.
+## 📄 License
- Generate configuration files for Docker services.
+
- Use `nixos-anywhere` to deploy the NixOS configuration from the `flake.nix` file to the target machine.
+This project is licensed under the AGPLv3. See the [LICENSE](LICENSE) file for details.
 - Check that the deployment succeeded by SSHing into the new installation.
 - Guiding the user through the (pretty easy) setup of all the web UIs.
@@ -1,3 +1,10 @@
 #@GEMINI.md @agents Take the NixOS expert role. I would like to make this installer universal, this means that the disko config has to adapt 
 #to the available disks in the system. Since covering every possible disk configuration would be impossible, I would like to cover a few of them 
 #that are relevant in the context of a home server. First I want every disk to be encrypted. Second, there always has to be a boot drive on which 
 #nixos, docker and config data (small data) is installed. This drive can be standalone (even though that is kind of pointless in production but this 
 #is more for testing purposes). Third, if present, other disks (2 or 3 never more) than the boot drive must be used in a redundant way for the 
 #big data (nextcloud user data, immich photos, ...). Fourth, if the data disks are SSDs or NVMes, they must use ZFS (mirror or raid1).
 #!/bin/bash
 set -euo pipefail
@@ -28,33 +35,73 @@ EOF
 sleep 1
-cleanup() {
+hardware_detection() {
-  echo -e "\n  🏗️ Cleaning up before exit..."
+  echo -e "\n\n  🔎 Detecting graphics card on target host..."
-  rm -rf /home/numbus-admin/.ssh/id_ed25519 /home/numbus-admin/.ssh/id_ed25519.pub
+  VGA_INFO=$(ssh nixos@$TARGET_HOST 'lspci -nn | grep -i "vga"')
-  rm -rf /etc/nixos/*
+  if echo "$VGA_INFO" | grep -iq "intel"; then
-  rm -rf /var/lib/sops-nix/
+    echo -e "  ✅ Intel graphics card detected."
-  echo -e "\n  ✅ Cleanup done."
+    TARGET_GRAPHICS="true"
  elif echo "$VGA_INFO" | grep -iq "amd"; then
    echo -e "  ✅ AMD graphics card detected."
    TARGET_GRAPHICS="true"
  elif echo "$VGA_INFO" | grep -iq "nvidia"; then
    echo -e "  ✅ NVIDIA graphics card detected."
    TARGET_GRAPHICS="true"
  else
    echo -e "  ℹ️ No dedicated graphics card detected."
    TARGET_GRAPHICS="false"
  fi
  echo -e "\n\n  🔎 Detecting transconding acceleration on target host..."
  if ls /dev/dri/renderD128; then
    echo -e "  ✅ Transcoding capable card detected."
    TARGET_GRAPHICS_RENDERER="true"
  else
    echo -e "  ℹ️ No transcoding capable card detected."
    TARGET_GRAPHICS_RENDERER="false"
  fi
  echo -e "\n\n  🔎 Detecting USB Google Coral TPU on target host..."
  if ssh nixos@$TARGET_HOST 'lsusb | grep -iq "google"'; then
      echo -e "  ✅ USB Google Coral TPU detected."
      TARGET_USB_CORAL="true"
  else
      echo -e "  ℹ️ No USB Google Coral TPU detected."
      TARGET_USB_CORAL="false"
  fi
  echo -e "\n\n  🔎 Detecting Zigbee coordinator on target host..."
  if ssh nixos@$TARGET_HOST 'ls /dev/serial/by-id/ | grep -i "zigbee"'; then
    echo -e "  ✅ Zigbee device found in /dev/serial/by-id/."
    TARGET_ZIGBEE_DEVICE=$(ssh nixos@$TARGET_HOST 'ls /dev/serial/by-id/ | grep -i "zigbee"')
    TARGET_ZIGBEE_DEVICE_PATH="/dev/serial/by-id/$TARGET_ZIGBEE_DEVICE"
    TARGET_ZIGBEE="true"
  else
    echo -e "  ℹ️ No Zigbee device found."
    TARGET_ZIGBEE="false"
  fi
 }
 files_generation() {
  echo -e "\n\n  ✅ Generating necessary folder tree..."
  mkdir -p extra-files/home/numbus-admin/.ssh/
  mkdir -p extra-files/var/lib/sops-nix/
  mkdir -p extra-files/etc/nixos/secrets/
  mkdir -p extra-files/mnt/config-storage/traefik/config/conf
  mkdir -p extra-files/mnt/config-storage/hass/mqtt/config
  mkdir -p extra-files/mnt/config-storage/hass/mqtt/data
  mkdir -p extra-files/mnt/data-storage/nextcloud
  mkdir -p extra-files/mnt/data-storage/immich
  echo -e "\n\n  ✅ Generating new SSH for numbus-admin..."
-  mkdir -p /home/numbus-admin/.ssh/
+  ssh-keygen -t ed25519 -C numbus-admin@numbus-server -f extra-files/home/numbus-admin/.ssh/id_ed25519 -N "" -q
  ssh-keygen -t ed25519 -C numbus-admin@numbus-server -f /home/numbus-admin/.ssh/id_ed25519 -N "" -q
  echo -e "\n\n  ✅ Generating sops-nix keys..."
-  mkdir -p /var/lib/sops-nix/
+  nix run nixpkgs#ssh-to-age -- -private-key -i extra-files/home/numbus-admin/.ssh/id_ed25519 > extra-files/var/lib/sops-nix/key.txt
-  age-keygen -o /var/lib/sops-nix/key.txt
+  SOPS_PUBLIC_KEY=$(nix shell nixpkgs#age -c age-keygen -y extra-files/var/lib/sops-nix/key.txt)
  SOPS_PUBLIC_KEY=$(age-keygen -y /var/lib/sops-nix/key.txt)
  echo -e "\n\n  ✅ Generating sops-nix configuration files..."
-  echo """# .sops.yaml
+  envsubst < config-files/sops-nix/.sops.yaml > extra-files/etc/nixos/.sops.yaml
  keys:
    - &primary $SOPS_PUBLIC_KEY
  creation_rules:
    - path_regex: secrets/secrets.yaml$
      key_groups:
      - age:
        - *primary""" > .sops.yaml
  echo -e "\n\n  ✅ Generating secure random database passwords..."
  HOME_ASSISTANT_MQTT_USER=$(openssl rand -base64 29 | tr -d "123456789=+/" | cut -c1-10)
@@ -62,50 +109,13 @@ files_generation() {
  PASSBOLT_MYSQL_DATABASE=$(openssl rand -base64 29 | tr -d "123456789=+/" | cut -c1-10)
  PASSBOLT_MYSQL_USER=$(openssl rand -base64 29 | tr -d "123456789=+/" | cut -c1-10)
  PASSBOLT_MYSQL_PASSWORD=$(openssl rand -base64 29 | tr -d "=+/" | cut -c1-64)
-  FTLCONF_webserver_api_password=$(openssl rand -base64 29 | tr -d "=+/" | cut -c1-64)
+  FTLCONF_WEBSERVER_PASSWORD=$(openssl rand -base64 29 | tr -d "=+/" | cut -c1-64)
  echo -e "\n\n  ✅ Encrypting secrets in the correct file..."
-  mkdir -p secrets/
+  envsubst < "config-files/sops-nix/secrets.yaml" | sops encrypt --filename-override secrets.yaml \
  cd secrets/
  echo """ssh-public-keys: $SSH_PUBLIC_KEY
 docker:
  nextcloud: |
    DOMAIN_NAME=$DOMAIN_NAME
    NEXTCLOUD_ENABLE_DRI_DEVICE=$TARGET_GRAPHICS
  frigate: |
    DOMAIN_NAME=$DOMAIN_NAME
    FRIGATE_MQTT_USER=$HOME_ASSISTANT_MQTT_USER
    FRIGATE_MQTT_PASSWORD=$HOME_ASSISTANT_MQTT_PASSWORD
  traefik: |
    DOMAIN_NAME=$DOMAIN_NAME
    CF_DNS_API_TOKEN: $CF_DNS_API_TOKEN
  hass: |
    DOMAIN_NAME=$DOMAIN_NAME
    HOME_ASSISTANT_MQTT_USER: $HOME_ASSISTANT_MQTT_USER
    HOME_ASSISTANT_MQTT_PASSWORD: $HOME_ASSISTANT_MQTT_PASSWORD
  passbolt: |
    DOMAIN_NAME=$DOMAIN_NAME
    TZ="Europe/Paris"
    PASSBOLT_MYSQL_DATABASE: $PASSBOLT_MYSQL_DATABASE
    PASSBOLT_MYSQL_USER: $PASSBOLT_MYSQL_USER
    PASSBOLT_MYSQL_PASSWORD: $PASSBOLT_MYSQL_PASSWORD
    SENDER_EMAIL_ADDRESS: $SENDER_EMAIL_ADDRESS
    SENDER_EMAIL_ADDRESS_PASSWORD: $SENDER_EMAIL_ADDRESS_PASSWORD
    SENDER_EMAIL_DOMAIN: $SENDER_EMAIL_DOMAIN
    SENDER_EMAIL_PORT: $SENDER_EMAIL_PORT
    EMAIL_ADDRESS: $EMAIL_ADDRESS
  pihole: |
    DOMAIN_NAME=$DOMAIN_NAME
    TZ="Europe/Paris"
    HOME_ROUTER_SUBNET=$HOME_ROUTER_SUBNET
    HOME_ROUTER_IP=$HOME_ROUTER_IP
    HOME_SERVER_IP=$HOME_SERVER_IP
    FTLCONF_webserver_api_password: $FTLCONF_webserver_api_password""" | sops encrypt --filename-override secrets.yaml \
      --input-type yaml --output-type yaml \
      --age $SOPS_PUBLIC_KEY \
-      --output secrets.yaml
+      --output extra-files/etc/nixos/secrets/secrets.yaml
  cd ../
  echo -e "\n\n  ✅ Writing correct disk to disk-config.nix..."
  sed -i s+TARGET_DISK+$TARGET_DISK+g disk-config.nix
@@ -114,165 +124,79 @@ docker:
  sed -i s+HOME_SERVER_IP+$HOME_SERVER_IP+g configuration.nix
  sed -i s+HOME_ROUTER_IP+$HOME_ROUTER_IP+g configuration.nix
  echo -e "\n\n  ✅ Adapting the docker configuration to your hardware..."
  if [[ "$TARGET_GRAPHICS" == "true" && "$TARGET_USB_CORAL" == "true" ]]; then
    sed -i.bak '
    /^[[:space:]]*# ----------------------------------------- #/{
      N;
      /DEVICES SECTION WILL APPEAR HERE IF CORAL/{
        N;
        /TPU OR INTEGRATED GRAPHICS ARE PRESENT/{
          N;
          /----------------------------------------- #/c\
              devices:\
                - /dev/dri:/dev/dri\
                - /dev/bus/usb:/dev/bus/usb
        }
      }
    }' docker/frigate.nix
  elif [[ "$TARGET_GRAPHICS" == "true" && "$TARGET_USB_CORAL" == "false" ]]; then
    sed -i.bak '
    /^[[:space:]]*# ----------------------------------------- #/{
      N;
      /DEVICES SECTION WILL APPEAR HERE IF CORAL/{
        N;
        /TPU OR INTEGRATED GRAPHICS ARE PRESENT/{
          N;
          /----------------------------------------- #/c\
              devices:\
                - /dev/dri:/dev/dri\
        }
      }
    }' docker/frigate.nix
  elif [[ "$TARGET_GRAPHICS" == "false" && "$TARGET_USB_CORAL" == "true" ]]; then
    sed -i.bak '
    /^[[:space:]]*# ----------------------------------------- #/{
      N;
      /DEVICES SECTION WILL APPEAR HERE IF CORAL/{
        N;
        /TPU OR INTEGRATED GRAPHICS ARE PRESENT/{
          N;
          /----------------------------------------- #/c\
              devices:\
                - /dev/bus/usb:/dev/bus/usb
        }
      }
    }' docker/frigate.nix
  fi
  if [[ "$TARGET_ZIGBEE" == "true" ]]; then
    sed -i.bak "
    /^[[:space:]]*# ----------------------------------- #/{
      N;
      /DEVICES SECTION WILL APPEAR HERE IF/{
        N;
        /ZIGBEE USB DEVICE IS PRESENT/{
          N;
          /----------------------------------- #/c\
            devices:\
              - ${TARGET_ZIGBEE_DEVICE_PATH}:/dev/ttyUSB0
        }
      }
    }" docker/hass.nix
  fi
  echo -e "\n\n  ✅ Copying files to the new installation..."
-  mkdir -p extra-files/etc/nixos/
+  cp -ravu secrets/ .sops.yaml hardware-configuration.nix extra-files/etc/nixos/
  mkdir -p extra-files/home/numbus-admin/.ssh/
  mkdir -p extra-files/var/lib/sops-nix/
  mkdir -p extra-files/mnt/config-storage/docker-data/traefik/config/conf
  mkdir -p extra-files/mnt/data-storage/docker-data/nextcloud
  mkdir -p extra-files/mnt/data-storage/docker-data/immich
  mkdir -p extra-files/mnt/config-storage/docker-data/hass/mqtt/config
  mkdir -p extra-files/mnt/config-storage/docker-data/hass/mqtt/data
  cp -ravu secrets/ docker/ .sops.yaml configuration.nix disk-config.nix flake.nix hardware-configuration.nix extra-files/etc/nixos/
  cp -ravu /home/numbus-admin/.ssh/ extra-files/home/numbus-admin/
  cp -ravu /var/lib/sops-nix/key.txt extra-files/var/lib/sops-nix/
  echo -e  "\n\n  ✅ Writing docker configuration files..."
-  cat <<EOF > extra-files/mnt/config-storage/docker-data/traefik/config/traefik.yaml
+  envsubst < config-files/traefik/headers.yaml > extra-files/mnt/config-storage/traefik/config/conf/headers.yaml
-global:
+  envsubst < config-files/traefik/nextcloud.yaml > extra-files/mnt/config-storage/traefik/config/conf/nextcloud.yaml
-  checkNewVersion: false
+  envsubst < config-files/traefik/tls.yaml > extra-files/mnt/config-storage/traefik/config/conf/tls.yaml
-  sendAnonymousUsage: false
+  envsubst < config-files/traefik/traefik.yaml > extra-files/mnt/config-storage/traefik/config/traefik.yaml
-#     - level: [TRACE, DEBUG, INFO, WARN, ERROR, FATAL]
+  envsubst < config-files/hass/mosquitto.conf > extra-files/mnt/config-storage/hass/mqtt/config/mosquitto.conf
-log:
+  touch extra-files/mnt/config-storage/hass/mqtt/config/password.txt
-  level: ERROR
+  chmod 0700 extra-files/mnt/config-storage/hass/mqtt/config/password.txt
-accesslog: {}
+  nix shell nixpkgs#mosquitto -c mosquitto_passwd -b extra-files/mnt/config-storage/hass/mqtt/config/password.txt $HOME_ASSISTANT_MQTT_USER $HOME_ASSISTANT_MQTT_PASSWORD
 api:
  dashboard: true
  insecure: true
 entryPoints:
  web:
    address: :80
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: :443
    forwardedHeaders:
      trustedIPs:
        # Local IPs
        - "127.0.0.1/32"
        - "10.0.0.0/8"
        - "192.168.0.0/16"
        - "172.16.0.0/12"
 certificatesResolvers:
  cloudflare:
    acme:
      email: ${EMAIL_ADDRESS}
      storage: /var/traefik/certs/cloudflare-acme.json
      caServer: "https://acme-v02.api.letsencrypt.org/directory"
      dnsChallenge:
        provider: cloudflare
        resolvers:
          - "1.1.1.1:53"
          - "9.9.9.9:53"
 serversTransport:
  insecureSkipVerify: true
 providers:
  docker:
    exposedByDefault: false
    network: traefik_frigate, traefik_hass, traefik_nextcloud, traefik_passbolt, traefik_pihole
  file:
    directory: "/etc/traefik/conf/"
    watch: true
 EOF
  cat <<EOF > extra-files/mnt/config-storage/docker-data/traefik/config/conf/nextcloud.yaml
 http:
  routers:
    nextcloud:
      rule: "Host(\`nextcloud.${DOMAIN_NAME}\`)"
      entrypoints:
        - "websecure"
      service: nextcloud
      middlewares:
        - nextcloud-chain
      tls:
        certresolver: "cloudflare"
  services:
    nextcloud:
      loadBalancer:
        servers:
          - url: "http://nextcloud-aio-apache:11000"
  middlewares:
    nextcloud-secure-headers:
      headers:
        hostsProxyHeaders:
          - "X-Forwarded-Host"
        referrerPolicy: "same-origin"
        BrowserXssFilter: true
        ContentTypeNosniff: true
        ForceSTSHeader: true
        STSIncludeSubdomains: true
        STSPreload: true
        STSSeconds: 315360000
    https-redirect:
      redirectscheme:
        scheme: https
    nextcloud-chain:
      chain:
        middlewares:
          - https-redirect
          - nextcloud-secure-headers
 EOF
  cat <<'EOF' > extra-files/mnt/config-storage/docker-data/traefik/config/conf/headers.yaml
 http:
  middlewares:
    passbolt:
      headers:
        FrameDeny: true
        AccessControlAllowMethods: 'GET,OPTIONS,PUT'
        AccessControlAllowOriginList:
          - origin-list-or-null
        AccessControlMaxAge: 100
        AddVaryHeader: true
        BrowserXssFilter: true
        ContentTypeNosniff: true
        ForceSTSHeader: true
        STSIncludeSubdomains: true
        STSPreload: true
        ContentSecurityPolicy: default-src 'self' 'unsafe-inline'
        CustomFrameOptionsValue: SAMEORIGIN
        ReferrerPolicy: same-origin
        PermissionsPolicy: vibrate 'self'
        STSSeconds: 315360000
 EOF
  cat <<'EOF' > extra-files/mnt/config-storage/docker-data/traefik/config/conf/tls.yaml
 tls:
  options:
    default:
      minVersion: VersionTLS12
      sniStrict: true
      curvePreferences:
        - CurveP521
        - CurveP384
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
 EOF
 cat <<EOF > extra-files/mnt/config-storage/docker-data/hass/mqtt/config/mosquitto.conf
 persistence true
 persistence_location /mosquitto/data/
 log_dest file /mosquitto/log/mosquitto.log
 listener 1883
 ## Authentication ##
 allow_anonymous false
 password_file /mosquitto/config/password.txt
 EOF
 touch extra-files/mnt/config-storage/docker-data/hass/mqtt/config/password.txt
 chmod 0700 extra-files/mnt/config-storage/docker-data/hass/mqtt/config/password.txt
 nix shell nixpkgs#mosquitto -c mosquitto_passwd -b extra-files/mnt/config-storage/docker-data/hass/mqtt/config/password.txt $HOME_ASSISTANT_MQTT_USER $HOME_ASSISTANT_MQTT_PASSWORD
 }
 deploy() {
@@ -282,7 +206,7 @@ deploy() {
    --flake .#numbus-server \
    --extra-files "extra-files/" \
    --chown "/home/numbus-admin/" 1000:1000 \
-    --target-host $TARGET_USER@$TARGET_HOST
+    --target-host nixos@$TARGET_HOST
  echo -e "\n\n  ✅ Installation successfull !!"
  sleep 1
@@ -295,7 +219,7 @@ nixos_deployment() {
  if [[ "$SETUP_ANSWER" == "done" ]]; then
    :
  else
-    echo "Aborting – you did not type 'done'."
+    echo "Aborting - you did not type 'done'."
    exit 1
  fi
@@ -304,8 +228,6 @@ nixos_deployment() {
  read -r TARGET_HOST
  echo -e "\n\n  ➡️ Please provide the disk you want to install NixOS on (i.e. /dev/vda, /dev/sda, /dev/nvme0n1...) :"
  read -r TARGET_DISK
  echo -e "\n\n  ➡️ Does the target server has graphics ? (integrated or discrete) :"
  read -r TARGET_GRAPHICS
  echo -e "\n\n  ➡️ Please provide the public SSH key of an authorized device :"
  read -r SSH_PUBLIC_KEY
@@ -336,6 +258,11 @@ nixos_deployment() {
  echo -e "\n\n  ➡️ Please choose the ip address that your server will use (i.e. any address in the 192.168.1.1/24\n  range that is not in use. 192.168.1.5 for example.) :"
  read -r HOME_SERVER_IP
  echo -e "\n\n  ➡️ Please provide enter the password of the remote target."
  ssh-copy-id nixos@$TARGET_HOST
  hardware_detection
  files_generation
  deploy
@@ -348,12 +275,12 @@ nixos_deployment_with_config() {
  if [[ "$SETUP_ANSWER" == "done" ]]; then
    :
  else
-    echo "Aborting – you did not type 'done'."
+    echo "Aborting - you did not type 'done'."
    exit 1
  fi
  echo -e "\n\n  ➡️ Please provide the path to a config file :"
-  read -rp "Enter the full path to the config file: " CONFIG_PATH
+  read -erp CONFIG_PATH
  CONFIG_PATH=$(realpath -m "$CONFIG_PATH")
  if [[ ! -f "$CONFIG_PATH" ]]; then
      echo "Error: '$CONFIG_PATH' does not exist or is not a regular file."
@@ -373,10 +300,10 @@ nixos_deployment_with_config() {
  MISSING=0
  for VAR in "${REQUIRED_VARS[@]}"; do
      if [[ -v $VAR && -n ${!VAR} ]]; then
-        echo -e "\n\n  ✅ $VAR imported successfully from the config file"
+        echo -e "\n  ✅ $VAR imported successfully from the config file"
        sleep 0.1
      else
-        echo "\n\n  ❌ $VAR is missing or empty"
+        echo "\n  ❌ $VAR is missing or empty"
        sleep 0.1
        MISSING=1
      fi
@@ -391,7 +318,9 @@ nixos_deployment_with_config() {
  deploy
 }
-trap cleanup EXIT
+nixos_update() {
 }
 echo -e "\n\n  Please choose an action (i.e. 1, 2 or 3) :\n"
 echo -e "    - [1] 🌐 Deploy NixOS on a remote machine"
@@ -401,17 +330,14 @@ read -r ACTION_ANSWER
 if [[ "$ACTION_ANSWER" == "1" ]]; then
  echo -e "\n  ➡️ Proceeding with deployment…"
  TARGET_USER="nixos"
  nixos_deployment
 elif [[ "$ACTION_ANSWER" == "2" ]]; then
  echo -e "\n  ➡️ Proceeding with deployment using a config file…"
  TARGET_USER="nixos"
  nixos_deployment_with_config
 elif [[ "$ACTION_ANSWER" == "3" ]]; then
  echo -e "\n  ➡️ Proceeding with update…"
-  TARGET_USER="numbus-admin"
+  nixos_update
  nixos_deployment_with_config
 else
-  echo "Aborting – you did not type '1, 2 or 3'."
+  echo "Aborting - you did not type '1, 2 or 3'."
  exit 1
 fi