diff --git a/deploy.sh b/deploy.sh index bb001b7..c35bcbd 100755 --- a/deploy.sh +++ b/deploy.sh @@ -15,35 +15,35 @@ prerun_action() { necessary_credentials() { #TARGET SETTINGS echo -e "\n\n ➡️ Please provide the IP address of the target host :" - TARGET_HOST="$(gum input --placeholder "192.168.1.100")" + export TARGET_HOST="$(gum input --placeholder "192.168.1.100")" echo -e "\n\n ➡️ Please provide the public SSH key of an authorized device :" - SSH_PUBLIC_KEY="$(gum input --placeholder "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGhcYDmjMo5YApLkk/3P3HZCnOSzm0uYewNAbxL8Fci8 user@your-pc")" + export SSH_PUBLIC_KEY="$(gum input --placeholder "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGhcYDmjMo5YApLkk/3P3HZCnOSzm0uYewNAbxL8Fci8 user@your-pc")" # TRAEFIK SETTINGS echo -e "\n\n ➡️ Please provide the domain name (FQDN) your home server will use :" - DOMAIN_NAME="$(gum input --placeholder "yourdomain.com")" + export DOMAIN_NAME="$(gum input --placeholder "yourdomain.com")" echo -e "\n\n ➡️ Please provide a valid email address (will be used for ACME, and your services) :" - EMAIL_ADDRESS="$(gum input --placeholder "myemail@gmail.com")" + export EMAIL_ADDRESS="$(gum input --placeholder "myemail@gmail.com")" echo -e "\n\n ➡️ Please provide a cloudflare API token with DNS zone permission :" - CF_DNS_API_TOKEN="$(gum input --placeholder "bA7hdvCOuXGytlNKohi3ZGtlVpf5CHpLuCMiJrE")" + export CF_DNS_API_TOKEN="$(gum input --placeholder "bA7hdvCOuXGytlNKohi3ZGtlVpf5CHpLuCMiJrE")" # SMTP SETTINGS echo -e "\n\n ➡️ Some services will be able to send you emails. For that you need an email that supports sending emails.\n Please provide a valid sender email address :" - SENDER_EMAIL_ADDRESS="$(gum input --placeholder "myemail@gmail.com")" + export SENDER_EMAIL_ADDRESS="$(gum input --placeholder "myemail@gmail.com")" echo -e "\n\n ➡️ Please provide the password of this email address :" - SENDER_EMAIL_ADDRESS_PASSWORD="$(gum input --placeholder "abcd efgh ijkl mnop")" + export SENDER_EMAIL_ADDRESS_PASSWORD="$(gum input --placeholder "abcd efgh ijkl mnop")" echo -e "\n\n ➡️ Please provide the SMTP server endpoint :" - SENDER_EMAIL_DOMAIN="$(gum input --placeholder "smtp.gmail.com")" + export SENDER_EMAIL_DOMAIN="$(gum input --placeholder "smtp.gmail.com")" echo -e "\n\n ➡️ Please provide the smtp TLS port (for gmail : 587) :" - SENDER_EMAIL_PORT="$(gum input --placeholder "587")" + export SENDER_EMAIL_PORT="$(gum input --placeholder "587")" # NETWORK SETTINGS echo -e "\n\n ➡️ Please provide your home network subnet :" - HOME_ROUTER_SUBNET="$(gum input --placeholder "192.168.1.1/24")" + export HOME_ROUTER_SUBNET="$(gum input --placeholder "192.168.1.1/24")" echo -e "\n\n ➡️ Please provide the ip address of your router :" - HOME_ROUTER_IP="$(gum input --placeholder "192.168.1.1")" + export HOME_ROUTER_IP="$(gum input --placeholder "192.168.1.1")" echo -e "\n\n ➡️ Please choose the ip address that your server will use (i.e. any address in the 192.168.1.1/24 range that is not in use.) :" - HOME_SERVER_IP="$(gum input --placeholder "192.168.1.5")" + export HOME_SERVER_IP="$(gum input --placeholder "192.168.1.5")" } necessary_credentials_with_config() { @@ -56,6 +56,7 @@ necessary_credentials_with_config() { for VAR in "${REQUIRED_VARS[@]}"; do if [[ -v $VAR && -n ${!VAR} ]]; then echo -e "\n ✅ $VAR imported successfully from the config file" + export $VAR else echo "\n ❌ $VAR is missing or empty" MISSING=1 @@ -97,16 +98,16 @@ hardware_detection() { VGA_INFO=$(ssh_to_host "lspci -nn | grep -i 'vga'") if echo "$VGA_INFO" | grep -iq "intel" 2>/dev/null; then echo -e " ✅ Intel graphics card detected." - TARGET_GRAPHICS="true" + export TARGET_GRAPHICS="true" elif echo "$VGA_INFO" | grep -iq "amd" 2>/dev/null; then echo -e " ✅ AMD graphics card detected." - TARGET_GRAPHICS="true" + export TARGET_GRAPHICS="true" elif echo "$VGA_INFO" | grep -iq "nvidia" 2>/dev/null; then echo -e " ✅ NVIDIA graphics card detected." - TARGET_GRAPHICS="true" + export TARGET_GRAPHICS="true" else echo -e " ⚠️ No dedicated graphics card detected." - TARGET_GRAPHICS="false" + export TARGET_GRAPHICS="false" fi echo -e "\n\n 🔎 Detecting transconding acceleration on target host..." if ssh_to_host "ls /dev/dri/renderD300" 2>/dev/null; then @@ -169,27 +170,27 @@ files_generation() { echo -e "\n ✅ Generating sops-nix keys..." ssh-to-age -private-key -i extra-files/home/numbus-admin/.ssh/id_ed25519 > extra-files/var/lib/sops-nix/key.txt - SOPS_PUBLIC_KEY=$(age-keygen -y extra-files/var/lib/sops-nix/key.txt) + export SOPS_PUBLIC_KEY=$(age-keygen -y extra-files/var/lib/sops-nix/key.txt) echo -e "\n ✅ Generating sops-nix configuration files..." envsubst < config-files/sops-nix/.sops.yaml > extra-files/etc/nixos/.sops.yaml echo -e "\n ✅ Generating secure random database passwords..." - HOME_ASSISTANT_MQTT_USER="$(openssl rand -hex 10)" - HOME_ASSISTANT_MQTT_PASSWORD="$(openssl rand -base64 32 | tr -d '\=+/')" - PASSBOLT_MYSQL_DATABASE="$(openssl rand -hex 10)" - PASSBOLT_MYSQL_USER="$(openssl rand -hex 10)" - PASSBOLT_MYSQL_PASSWORD="$(openssl rand -base64 32 | tr -d '\=+/')" - FTLCONF_WEBSERVER_PASSWORD="$(openssl rand -base64 32 | tr -d '\=+/')" - DATA_DISK_1="$(openssl rand -base64 32 | tr -d '\=+/')" - DATA_DISK_2="$(openssl rand -base64 32 | tr -d '\=+/')" - DATA_DISK_3="$(openssl rand -base64 32 | tr -d '\=+/')" - DATA_DISK_4="$(openssl rand -base64 32 | tr -d '\=+/')" - DATA_DISK_5="$(openssl rand -base64 32 | tr -d '\=+/')" - DATA_DISK_6="$(openssl rand -base64 32 | tr -d '\=+/')" - PARITY_DISK_1="$(openssl rand -base64 32 | tr -d '\=+/ ')" - PARITY_DISK_2="$(openssl rand -base64 32 | tr -d '\=+/ ')" - PARITY_DISK_3="$(openssl rand -base64 32 | tr -d '\=+/ ')" + export HOME_ASSISTANT_MQTT_USER="$(openssl rand -hex 10)" + export HOME_ASSISTANT_MQTT_PASSWORD="$(openssl rand -base64 32 | tr -d '\=+/')" + export PASSBOLT_MYSQL_DATABASE="$(openssl rand -hex 10)" + export PASSBOLT_MYSQL_USER="$(openssl rand -hex 10)" + export PASSBOLT_MYSQL_PASSWORD="$(openssl rand -base64 32 | tr -d '\=+/')" + export FTLCONF_WEBSERVER_PASSWORD="$(openssl rand -base64 32 | tr -d '\=+/')" + export DATA_DISK_1="$(openssl rand -base64 32 | tr -d '\=+/')" + export DATA_DISK_2="$(openssl rand -base64 32 | tr -d '\=+/')" + export DATA_DISK_3="$(openssl rand -base64 32 | tr -d '\=+/')" + export DATA_DISK_4="$(openssl rand -base64 32 | tr -d '\=+/')" + export DATA_DISK_5="$(openssl rand -base64 32 | tr -d '\=+/')" + export DATA_DISK_6="$(openssl rand -base64 32 | tr -d '\=+/')" + export PARITY_DISK_1="$(openssl rand -base64 32 | tr -d '\=+/ ')" + export PARITY_DISK_2="$(openssl rand -base64 32 | tr -d '\=+/ ')" + export PARITY_DISK_3="$(openssl rand -base64 32 | tr -d '\=+/ ')" echo -e "\n ✅ Encrypting secrets in the correct file..." envsubst < "config-files/sops-nix/secrets.yaml" | sops encrypt --filename-override secrets.yaml \