Update networking

deploy.sh

@@ -180,9 +180,62 @@ lsusb 2>/dev/null | grep -iq "google" && TARGET_USB_CORAL="true" || TARGET_USB_C
 lspci -nn 2>/dev/null | grep -iq "089a" && TARGET_PCIE_CORAL="true" || TARGET_PCIE_CORAL="false"
 ls /dev/serial/by-id/ 2>/dev/null | grep -i "zigbee" && TARGET_ZIGBEE_DEVICE=\$(ls /dev/serial/by-id/ 2>/dev/null | grep -i "zigbee" | head -n 1) || TARGET_ZIGBEE_DEVICE=""
 
-for var in TARGET_GRAPHICS TARGET_GRAPHICS_BRAND TARGET_GRAPHICS_RENDERER TARGET_USB_CORAL TARGET_PCIE_CORAL TARGET_ZIGBEE_DEVICE; do
+TARGET_INTERFACE=\$(ip -4 route show default | awk '{print \$5}' | head -n1)
+
+HDD=1
+DISK_DEVPATH=()
+DISK_NAME=()
+DISK_TYPE=()
+DISK_HEALTH=()
+DISK_ID=()
+DISK_SIZE=()
+
+for DISK in \$(lsblk -x SIZE -d -n -e 7,11 -o NAME); do
+  # Disk name and simple path
+  DISK_DEVPATH+=("/dev/\$DISK")
+  DISK_NAME+=("\$DISK")
+  # Disk type
+  HDD=\$(cat /sys/block/\$DISK/queue/rotational)
+  TRANSPORT_PROTOCOL=\$(lsblk -x SIZE -d -n -e 7,11 -o TRAN /dev/\$DISK)
+  if [[ "\$DISK" == "nvme*" ]]; then DISK_TYPE+=("NVMe");
+  elif [[ "\$TRANSPORT_PROTOCOL" == "usb" ]]; then DISK_TYPE+=("USB");
+  elif [[ "\$HDD" -eq 1 ]]; then DISK_TYPE+=("HDD");
+  elif [[ "\$HDD" -eq 0 ]]; then DISK_TYPE+=("SSD");
+  else DISK_TYPE+=("Other")
+  fi
+  # Disk health
+  if [[ \$(echo "$REMOTE_PASS" | sudo -S smartctl -H /dev/\$DISK 2>/dev/null | grep 'self-assessment' | awk '{print \$6}') == "PASSED" ]]; then
+    DISK_HEALTH+=("PASSED")
+  else
+    DISK_HEALTH+=("N/A")
+  fi
+  # Disk ID
+  DISK_ID+=("\$(ls -l /dev/disk/by-id | grep -m1 "../../\$DISK" | awk '{print "/dev/disk/by-id/" \$9}')")
+  # Disk size
+  DISK_SIZE+=("\$(lsblk -x SIZE -d -n -e 7,11 -o SIZE /dev/\$DISK)")
+done
+
+echo "# Hardware detection results on \$(date)" > "${TMPFILE}"
+for var in \
+  TARGET_GRAPHICS \
+  TARGET_GRAPHICS_BRAND \
+  TARGET_GRAPHICS_RENDERER \
+  TARGET_USB_CORAL \
+  TARGET_PCIE_CORAL \
+  TARGET_ZIGBEE_DEVICE \
+  TARGET_INTERFACE; do
   echo "export \${var}=\${!var}" >> "${TMPFILE}"
 done
+
+for var in \
+  DISK_DEVPATH \
+  DISK_NAME \
+  DISK_TYPE \
+  DISK_HEALTH \
+  DISK_ID \
+  DISK_SIZE; do
+  declare -p \${var} >> "${TMPFILE}"
+done
 SSHEND
   ### Get hardware information <--
 
@@ -203,7 +256,7 @@ services_selection() {
   echo -e "\n\n➡️  You will now select the services you want installed on your server:"
 
   local AVAILABLE_SERVICES=( "frigate" "gitea" "home-assistant" "immich" "it-tools" \
-"nextcloud" "passbolt" "pi-hole" )
+"nextcloud" "passbolt" "pi-hole" "virtualization" )
 
   local SERVICES_DESCRIPTION=( "Pi-Hole : Block ads on all your devices" \
   "Immich : Pictures and videos backup with local machine-learning" \
@@ -212,7 +265,8 @@ services_selection() {
   "Home-Assistant : Manage your smart home and security cameras" \
   "Frigate [Home Assistant required] : Secure your house with security cameras" \
   "Gitea : Your own git platform" \
-  "IT-tools : A set of useful tools when doing IT"
+  "IT-tools : A set of useful tools when doing IT" \
+  "Virtualization : Run Virtual Machines (KVM/QEMU) with Libvirt"
   )
 
   local SELECTED_SERVICES_DESCRIPTION=$(gum choose --no-limit --header "Homelab services:" "${SERVICES_DESCRIPTION[@]}")
@@ -255,12 +309,15 @@ files_generation() {
   echo -e "\n✅ Writing correct ips to configuration.nix..."
   sed -i "s|HOME_SERVER_IP|${HOME_SERVER_IP}|g" final-nix-config/etc/nixos/misc/networking.nix
   sed -i "s|HOME_ROUTER_IP|${HOME_ROUTER_IP}|g" final-nix-config/etc/nixos/misc/networking.nix
+  sed -i "s|TARGET_INTERFACE|${TARGET_INTERFACE}|g" final-nix-config/etc/nixos/misc/networking.nix
 
   echo -e "\n✅ Writing configuration files for the selected homelab services..."
   envsubst < templates/podman-config/traefik/traefik.yaml > final-nix-config/mnt/config/traefik/traefik.yaml
 
   for service in "${SELECTED_SERVICES[@]}"; do
-    cp templates/nix-config/podman/${service}.nix final-nix-config/etc/nixos/podman/${service}.nix
+    if [[ "${service}" != "virtualization" ]]; then
+      cp templates/nix-config/podman/${service}.nix final-nix-config/etc/nixos/podman/${service}.nix
+    fi
     case "${service}" in
       frigate)
         local FRIGATE_DEVICES_BLOCK=""
@@ -314,6 +371,11 @@ files_generation() {
       nextcloud)
         envsubst < templates/podman-config/traefik/nextcloud.yaml > final-nix-config/mnt/config/traefik/rules/nextcloud.yaml
         ;;
+      virtualization)
+        sed -i "s|#  virtualisation.libvirtd.enable = true;|  virtualisation.libvirtd.enable = true;|" final-nix-config/etc/nixos/configuration.nix
+        sed -i "s|#  programs.virt-manager.enable = true;|  programs.virt-manager.enable = true;|" final-nix-config/etc/nixos/configuration.nix
+        sed -i 's|extraGroups = \[ "wheel" \];|extraGroups = [ "wheel" "libvirtd" ];|' final-nix-config/etc/nixos/configuration.nix
+        ;;
     esac
   done
 }
@@ -331,54 +393,7 @@ disk_config_generation() {
   echo -e "\n\n🔎 Fetching and analyzing disks from target host... (This may take a moment)"
 ### Disk wiping warning <--
 
-### --> Get disk information
-  local TMPFILE="/tmp/nixos-installation-disk-detection-temp-file"
 
-  ssh_to_host 'bash -s' << EOF
-HDD=1
-
-DISK_DEVPATH=()
-DISK_NAME=()
-DISK_TYPE=()
-DISK_HEALTH=()
-DISK_ID=()
-DISK_SIZE=()
-
-for DISK in \$(lsblk -x SIZE -d -n -e 7,11 -o NAME); do
-  # Disk name and simple path
-  DISK_DEVPATH+=("/dev/\$DISK")
-  DISK_NAME+=("\$DISK")
-  # Disk type
-  HDD=\$(cat /sys/block/\$DISK/queue/rotational)
-  TRANSPORT_PROTOCOL=\$(lsblk -x SIZE -d -n -e 7,11 -o TRAN /dev/\$DISK)
-  if [[ "\$DISK" == "nvme*" ]]; then DISK_TYPE+=("NVMe");
-  elif [[ "\$TRANSPORT_PROTOCOL" == "usb" ]]; then DISK_TYPE+=("USB");
-  elif [[ "\$HDD" -eq 1 ]]; then DISK_TYPE+=("HDD");
-  elif [[ "\$HDD" -eq 0 ]]; then DISK_TYPE+=("SSD");
-  else DISK_TYPE+=("Other")
-  fi
-  # Disk health
-  if [[ \$(echo "$REMOTE_PASS" | sudo -S smartctl -H /dev/\$DISK 2>/dev/null | grep 'self-assessment' | awk '{print \$6}') == "PASSED" ]]; then
-    DISK_HEALTH+=("PASSED")
-  else
-    DISK_HEALTH+=("N/A")
-  fi
-  # Disk ID
-  DISK_ID+=("\$(ls -l /dev/disk/by-id | grep -m1 "../../\$DISK" | awk '{print "/dev/disk/by-id/" \$9}')")
-  # Disk size
-  DISK_SIZE+=("\$(lsblk -x SIZE -d -n -e 7,11 -o SIZE /dev/\$DISK)")
-done
-
-echo "DISK_DEVPATH=(\${DISK_DEVPATH[@]})" > "${TMPFILE}"
-echo "DISK_NAME=(\${DISK_NAME[@]})" >> "${TMPFILE}"
-echo "DISK_TYPE=(\${DISK_TYPE[@]})" >> "${TMPFILE}"
-echo "DISK_HEALTH=(\${DISK_HEALTH[@]})" >> "${TMPFILE}"
-echo "DISK_ID=(\${DISK_ID[@]})" >> "${TMPFILE}"
-echo "DISK_SIZE=(\${DISK_SIZE[@]})" >> "${TMPFILE}"
-EOF
-
-  scp -i "final-nix-config/home/numbus-admin/.ssh/id_ed25519" "${TARGET_USER}@${TARGET_HOST}":"${TMPFILE}" "${TMPFILE}" &> /dev/null
-  source "${TMPFILE}" && rm "${TMPFILE}"
 
 ### --> Disk selection
   if [[ "${#DISK_NAME[@]}" -eq 0 ]]; then

templates/nix-config/configuration.nix

@@ -6,6 +6,8 @@
     (modulesPath + "/profiles/qemu-guest.nix")
     inputs.sops-nix.nixosModules.sops
     ./disks/disko.nix
+    ./misc/networking.nix
+    ./misc/mail.nix
 #    ./disks/snapraid.nix
 #    ./disks/pcr-check.nix
 #    ./pcie-coral/coral.nix
@@ -112,11 +114,15 @@
   virtualisation.podman.enable = true;
   virtualisation.podman.defaultNetwork.settings.dns_enabled = true;
 
+  # Enable libvirt
+#  virtualisation.libvirtd.enable = true;
+#  programs.virt-manager.enable = true;
+
   # User account
   users.users.numbus-admin = {
     isNormalUser = true;
     description = "Numbus Admin";
-    extraGroups = [ "networkmanager" "wheel" ];
+    extraGroups = [ "wheel" ];
     uid = 1000;
     initialPassword = "changeMe!";
   };

templates/nix-config/misc/networking.nix

@@ -4,34 +4,41 @@
   # Hostname
   networking.hostName = "numbus-server";
 
-  # Enable networking and firewall
-  networking.interfaces.eth0.ipv4.addresses = [
-    {
-      address = "HOME_SERVER_IP";
-      prefixLength = 24;
-    }
-  ];
-  networking.defaultGateway = "HOME_ROUTER_IP";
-  networking.nameservers = [ "HOME_SERVER_IP" "9.9.9.9" ];
-  networking.networkmanager.enable = true;
+  networking.wireless.enable = false;
+  networking.networkmanager.enable = false;
+
   networking.nftables.enable = true;
   networking.firewall.enable = true;
 
+  # Bridge configuration for VMs
+  networking.bridges.br0.interfaces = [ "TARGET_INTERFACE" ];
+  networking.interfaces.br0.useDHCP = false;
+  networking.nameservers = [ "HOME_SERVER_IP" "9.9.9.9" ];
+  networking.interfaces.br0.ipv4.addresses = [{
+    address = "HOME_SERVER_IP";
+    prefixLength = 24;
+  }];
+  networking.defaultGateway = {
+    address = "HOME_ROUTER_IP";
+    interface = "br0";
+  };
+
   networking.nftables.tables.nat = {
     family = "ip";
     content = ''
       chain prerouting {
         type nat hook prerouting priority dstnat; policy accept;
-        tcp dport 80 redirect to :8080
-        tcp dport 443 redirect to :8443
-        tcp dport 53 redirect to :5353
-        udp dport 53 redirect to :5353
+        iifname "br0" tcp dport 80 redirect to :8080
+        iifname "br0" tcp dport 443 redirect to :8443
+        iifname "br0" tcp dport 53 redirect to :5353
+        iifname "br0" udp dport 53 redirect to :5353
+        iifname "br0" udp dport 67 redirect to :6767
       }
     '';
   };
 
   # Open ports in the firewall
   networking.firewall.allowPing = true;
-  networking.firewall.allowedTCPPorts = [ 53 80 443 ];
-  networking.firewall.allowedUDPPorts = [ 53 ];
+  networking.firewall.allowedTCPPorts = [ 5353 8080 8443 ];
+  networking.firewall.allowedUDPPorts = [ 5353 6767 ];
 }