Compare commits
20 Commits
e91c7ea3cf
..
main
| Author | SHA1 | Date | |
|---|---|---|---|
| 9709b38f9c | |||
| 3b0c37c841 | |||
| 7c834ae98d | |||
| fc74520d2b | |||
| d5a72f6e3d | |||
| 5433bec1b3 | |||
| 4643263e80 | |||
| b9ec652877 | |||
| fccda93a58 | |||
| a44da115fc | |||
| 4aaf4432e5 | |||
| 12a9b79801 | |||
| 70609803dd | |||
| 35891e6481 | |||
| 99d6994941 | |||
| 903baafed8 | |||
| fba2b91632 | |||
| d9f6c7f53e | |||
| 3283cac78e | |||
| f7929a8bb6 |
+1
-1
@@ -32,4 +32,4 @@ export HOME_SERVER_IP="192.168.1.5"
|
|||||||
# SERVICES SETTINGS
|
# SERVICES SETTINGS
|
||||||
export SELECTED_DNS_SERVICE="pi-hole" # or adguard
|
export SELECTED_DNS_SERVICE="pi-hole" # or adguard
|
||||||
export SELECTED_SERVICES=( "frigate" "gitea" "home-assistant" "immich" "it-tools" \
|
export SELECTED_SERVICES=( "frigate" "gitea" "home-assistant" "immich" "it-tools" \
|
||||||
"nextcloud" "passbolt" "pi-hole" "virtualization" )
|
"nextcloud" "passbolt" "clamav" "virtualization" )
|
||||||
|
|||||||
@@ -270,7 +270,7 @@ services_selection() {
|
|||||||
local AVAILABLE_DNS_SERVICES=( "pi-hole" "adguard" )
|
local AVAILABLE_DNS_SERVICES=( "pi-hole" "adguard" )
|
||||||
|
|
||||||
local AVAILABLE_SERVICES=( "frigate" "gitea" "home-assistant" "immich" "it-tools" \
|
local AVAILABLE_SERVICES=( "frigate" "gitea" "home-assistant" "immich" "it-tools" \
|
||||||
"nextcloud" "passbolt" "virtualization" )
|
"nextcloud" "passbolt" "clamav" "virtualization" )
|
||||||
|
|
||||||
local DNS_SERVICES_DESCRIPTION=( "Pi-Hole : Simple open-source DNS black hole" \
|
local DNS_SERVICES_DESCRIPTION=( "Pi-Hole : Simple open-source DNS black hole" \
|
||||||
"AdGuard " : Feature rich DNS service )
|
"AdGuard " : Feature rich DNS service )
|
||||||
@@ -282,13 +282,14 @@ services_selection() {
|
|||||||
"Frigate [Home Assistant required] : Secure your house with security cameras" \
|
"Frigate [Home Assistant required] : Secure your house with security cameras" \
|
||||||
"Gitea : Your own git platform" \
|
"Gitea : Your own git platform" \
|
||||||
"IT-tools : A set of useful tools when doing IT" \
|
"IT-tools : A set of useful tools when doing IT" \
|
||||||
|
"ClamAV : An open-source anti-virus"
|
||||||
"Virtualization : Run Virtual Machines (KVM/QEMU) with Libvirt" )
|
"Virtualization : Run Virtual Machines (KVM/QEMU) with Libvirt" )
|
||||||
|
|
||||||
SELECTED_SERVICES=()
|
SELECTED_SERVICES=()
|
||||||
local SELECTED_SERVICES_DESCRIPTION=$(gum choose --no-limit --header "Homelab services:" "${SERVICES_DESCRIPTION[@]}")
|
local SELECTED_SERVICES_DESCRIPTION=$(gum choose --no-limit --header "Homelab services:" "${SERVICES_DESCRIPTION[@]}")
|
||||||
|
|
||||||
SELECTED_DNS_SERVICE=""
|
SELECTED_DNS_SERVICE=""
|
||||||
local SELECTED_DNS_SERVICE_DESCRIPTION=$(gum choose --no-limit --header "Homelab services:" "${DNS_SERVICES_DESCRIPTION[@]}")
|
local SELECTED_DNS_SERVICE_DESCRIPTION=$(gum choose --limit 1 --header "Homelab services:" "${DNS_SERVICES_DESCRIPTION[@]}")
|
||||||
|
|
||||||
for i in ${!AVAILABLE_SERVICES[@]}; do
|
for i in ${!AVAILABLE_SERVICES[@]}; do
|
||||||
if printf '%s' "${SELECTED_SERVICES_DESCRIPTION}" | grep -iq "${AVAILABLE_SERVICES[${i}]}"; then
|
if printf '%s' "${SELECTED_SERVICES_DESCRIPTION}" | grep -iq "${AVAILABLE_SERVICES[${i}]}"; then
|
||||||
@@ -304,6 +305,16 @@ services_selection() {
|
|||||||
|
|
||||||
export SELECTED_SERVICES
|
export SELECTED_SERVICES
|
||||||
export SELECTED_DNS_SERVICE
|
export SELECTED_DNS_SERVICE
|
||||||
|
|
||||||
|
gum confirm "Do you want to edit the default subdomain of your services ?" || { echo -e "\n\n✅ Continuing..."; return 0; }
|
||||||
|
|
||||||
|
for service in ${!SELECTED_SERVICES[@]} $SELECTED_DNS_SERVICE; do
|
||||||
|
local HEADER="Please provide the desired subdomain for ${service}:"
|
||||||
|
local PLACEHOLDER="${service}"
|
||||||
|
SELECTED_SERVICES_SUBDOMAIN+=("$(gum input --placeholder "${PLACEHOLDER}" --header "${HEADER}")")
|
||||||
|
done
|
||||||
|
|
||||||
|
export SELECTED_SERVICES_SUBDOMAIN
|
||||||
}
|
}
|
||||||
|
|
||||||
disks_selection() {
|
disks_selection() {
|
||||||
@@ -338,7 +349,7 @@ disks_selection() {
|
|||||||
|
|
||||||
for i in ${!DISK_NAME[@]}; do
|
for i in ${!DISK_NAME[@]}; do
|
||||||
if printf '%s' "$SELECTED_BOOT_DISK" | grep -iqw "${DISK_NAME[${i}]}"; then
|
if printf '%s' "$SELECTED_BOOT_DISK" | grep -iqw "${DISK_NAME[${i}]}"; then
|
||||||
BOOT_DISKS_ID_LIST+=("${DISK_ID[${i}]:-${DISK_DEVPATH[${i}]}}")
|
BOOT_DISKS_ID_LIST+=("\"${DISK_ID[${i}]:-${DISK_DEVPATH[${i}]}}\"")
|
||||||
BOOT_DISKS_NAME+=("${DISK_NAME[${i}]}")
|
BOOT_DISKS_NAME+=("${DISK_NAME[${i}]}")
|
||||||
unset "GUM_PRINTED_ELEMENTS[${i}]"
|
unset "GUM_PRINTED_ELEMENTS[${i}]"
|
||||||
fi
|
fi
|
||||||
@@ -359,81 +370,112 @@ disks_selection() {
|
|||||||
if [[ "${#DATA_DISKS_ID[@]}" -eq 1 ]]; then
|
if [[ "${#DATA_DISKS_ID[@]}" -eq 1 ]]; then
|
||||||
export PARITY_DISK_NUMBER=0
|
export PARITY_DISK_NUMBER=0
|
||||||
export CONTENT_DISK_NUMBER=1
|
export CONTENT_DISK_NUMBER=1
|
||||||
export PARITY_DISK_NUMBER_LIST=()
|
export PARITY_DISK_LIST=()
|
||||||
export CONTENT_DISK_NUMBER_LIST=("${#DATA_DISKS_ID[0]}")
|
export CONTENT_DISK_LIST=("\"${DATA_DISKS_ID[0]}\"")
|
||||||
else
|
else
|
||||||
export PARITY_DISK_NUMBER=$(((${#DATA_DISKS_ID[@]} + 2) / 3))
|
export PARITY_DISK_NUMBER=$(((${#DATA_DISKS_ID[@]} + 2) / 3))
|
||||||
export CONTENT_DISK_NUMBER=$((${#DATA_DISKS_ID[@]} - PARITY_DISK_NUMBER))
|
export CONTENT_DISK_NUMBER=$((${#DATA_DISKS_ID[@]} - PARITY_DISK_NUMBER))
|
||||||
for i in $(seq 0 $(($CONTENT_DISK_NUMBER - 1))); do
|
for i in $(seq 0 $(($CONTENT_DISK_NUMBER - 1))); do
|
||||||
CONTENT_DISK_NUMBER_LIST+=("${#DATA_DISKS_ID[${i}]}")
|
CONTENT_DISK_LIST+=("\"${DATA_DISKS_ID[${i}]}\"")
|
||||||
done
|
done
|
||||||
for i in $(seq $CONTENT_DISK_NUMBER $((${#DATA_DISKS_ID[@]} - 1))); do
|
for i in $(seq $CONTENT_DISK_NUMBER $((${#DATA_DISKS_ID[@]} - 1))); do
|
||||||
PARITY_DISK_NUMBER_LIST+=("${#DATA_DISKS_ID[${i}]}")
|
PARITY_DISK_LIST+=("\"${DATA_DISKS_ID[${i}]}\"")
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ "${#DATA_DISKS_ID[@]}" -gt 0 ]]; then
|
if [[ "${#DATA_DISKS_ID[@]}" -gt 0 ]]; then
|
||||||
for i in ${!DATA_DISKS_ID[@]}; do
|
for i in ${!DATA_DISKS_ID[@]}; do
|
||||||
if [[ "${DATA_DISKS_TYPE[${i}]}" == "HDD" ]]; then
|
if [[ "${DATA_DISKS_TYPE[${i}]}" == "HDD" ]]; then
|
||||||
SPINDOWN_DISKS_ID+=("${DATA_DISKS_ID[${i}]}")
|
SPINDOWN_DISKS_LIST+=("\"${DATA_DISKS_ID[${i}]}\"")
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
fi
|
fi
|
||||||
|
|
||||||
export SPINDOWN_DISKS_ID
|
export SPINDOWN_DISKS_LIST
|
||||||
export BOOT_DISKS_ID_LIST
|
export BOOT_DISKS_ID_LIST
|
||||||
export PARITY_DISK_NUMBER_LIST
|
export PARITY_DISK_LIST
|
||||||
export CONTENT_DISK_NUMBER_LIST
|
export CONTENT_DISK_LIST
|
||||||
}
|
}
|
||||||
|
|
||||||
server_config_generation() {
|
server_config_generation() {
|
||||||
echo -e "\n # Server settings" >> ${CONFIGURATION_PATH}
|
echo -e "\n # Server settings" >> ${CONFIGURATION_PATH}
|
||||||
echo -e " time.timeZone = \"${TIMEZONE}\";" >> ${CONFIGURATION_PATH}
|
echo -e " time.timeZone = \"${TIMEZONE}\";" >> ${CONFIGURATION_PATH}
|
||||||
echo -e " config.numbus.locale = \"${LOCALE}\";" >> ${CONFIGURATION_PATH}
|
echo -e " numbus.locale = \"${LOCALE}\";" >> ${CONFIGURATION_PATH}
|
||||||
echo -e " config.numbus.language = \"${LANGUAGE}\";" >> ${CONFIGURATION_PATH}
|
echo -e " numbus.language = \"${LANGUAGE}\";" >> ${CONFIGURATION_PATH}
|
||||||
echo -e " config.numbus.owner = \"${SERVER_OWNER_NAME}\";" >> ${CONFIGURATION_PATH}
|
echo -e " numbus.owner = \"${SERVER_OWNER_NAME}\";" >> ${CONFIGURATION_PATH}
|
||||||
}
|
}
|
||||||
|
|
||||||
network_config_generation() {
|
network_config_generation() {
|
||||||
echo -e "\n # Network settings" >> ${CONFIGURATION_PATH}
|
echo -e "\n # Network settings" >> ${CONFIGURATION_PATH}
|
||||||
echo -e " config.numbus.networking.ipAddress = \"${HOME_SERVER_IP}\";" >> ${CONFIGURATION_PATH}
|
echo -e " numbus.networking.ipAddress = \"${HOME_SERVER_IP}\";" >> ${CONFIGURATION_PATH}
|
||||||
echo -e " config.numbus.networking.interface = \"${TARGET_INTERFACE}\";" >> ${CONFIGURATION_PATH}
|
echo -e " numbus.networking.interface = \"${TARGET_INTERFACE}\";" >> ${CONFIGURATION_PATH}
|
||||||
echo -e " config.numbus.networking.routerIpAddress = \"${NETWORK_ROUTER_IP}\";" >> ${CONFIGURATION_PATH}
|
echo -e " numbus.networking.routerIpAddress = \"${NETWORK_ROUTER_IP}\";" >> ${CONFIGURATION_PATH}
|
||||||
}
|
}
|
||||||
|
|
||||||
services_config_generation() {
|
services_config_generation() {
|
||||||
echo -e "\n # DNS settings" >> ${CONFIGURATION_PATH}
|
echo -e "\n # DNS settings" >> ${CONFIGURATION_PATH}
|
||||||
echo -e " config.numbus.dns = \"${SELECTED_DNS_SERVICE}\";" >> ${CONFIGURATION_PATH}
|
echo -e " numbus.services.dns = \"${SELECTED_DNS_SERVICE}\";" >> ${CONFIGURATION_PATH}
|
||||||
echo -e " config.numbus.services.${SELECTED_DNS_SERVICE} = true;" >> ${CONFIGURATION_PATH}
|
echo -e " numbus.services.${SELECTED_DNS_SERVICE}.enable = true;" >> ${CONFIGURATION_PATH}
|
||||||
|
|
||||||
echo -e "\n # Services settings" >> ${CONFIGURATION_PATH}
|
echo -e "\n # Services settings" >> ${CONFIGURATION_PATH}
|
||||||
echo -e " config.numbus.services.domain = \"${DOMAIN_NAME}\";" >> ${CONFIGURATION_PATH}
|
echo -e " numbus.services.domain = \"${DOMAIN_NAME}\";" >> ${CONFIGURATION_PATH}
|
||||||
|
i=0
|
||||||
for service in "${SELECTED_SERVICES[@]}"; do
|
for service in "${SELECTED_SERVICES[@]}"; do
|
||||||
echo -e " config.numbus.services.${service}.enable = true;" >> ${CONFIGURATION_PATH}
|
[[ "${SELECTED_SERVICES_SUBDOMAIN+x:-false}" ]] && echo -e " numbus.services.${service}.enable.subdomain = \"${SELECTED_SERVICES_SUBDOMAIN[${i}]}\";" >> ${CONFIGURATION_PATH}
|
||||||
|
echo -e " numbus.services.${service}.enable = true;" >> ${CONFIGURATION_PATH}
|
||||||
|
i=$((i + 1))
|
||||||
done
|
done
|
||||||
|
|
||||||
|
if [[ "${SELECTED_SERVICES_SUBDOMAIN+x:-false}" && -n "$SELECTED_DNS_SERVICE" && -n "${SELECTED_SERVICES_SUBDOMAIN[${i}]}" ]]; then
|
||||||
|
echo -e " numbus.services.${SELECTED_DNS_SERVICE}.enable.subdomain = \"${SELECTED_SERVICES_SUBDOMAIN[${i}]}\";" >> ${CONFIGURATION_PATH}
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ "${TARGET_GRAPHICS_RENDERER}" == "true" ]]; then
|
||||||
|
FRIGATE_DEVICES+=" \"/dev/dri/D128\""
|
||||||
|
fi
|
||||||
|
if [[ "${TARGET_USB_CORAL}" == "true" ]]; then
|
||||||
|
FRIGATE_DEVICES+=" \"/dev/bus/usb\""
|
||||||
|
elif [[ "${TARGET_PCIE_CORAL}" == "true" ]]; then
|
||||||
|
FRIGATE_DEVICES+=" \"/dev/apex_0\""
|
||||||
|
fi
|
||||||
|
if [[ -n "${TARGET_ZIGBEE_DEVICE}" ]]; then
|
||||||
|
HOME_ASSISTANT_DEVICES+=" \"${TARGET_ZIGBEE_DEVICE}\""
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -n "${FRIGATE_DEVICES}" ]]; then
|
||||||
|
echo -e " numbus.services.frigate.devices = [${FRIGATE_DEVICES} ];" >> ${CONFIGURATION_PATH}
|
||||||
|
fi
|
||||||
|
if [[ -n "${HOME_ASSISTANT_DEVICES}" ]]; then
|
||||||
|
echo -e " numbus.services.home-assistant.devices = [${HOME_ASSISTANT_DEVICES} ];" >> ${CONFIGURATION_PATH}
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
mail_config_generation() {
|
mail_config_generation() {
|
||||||
echo -e "\n # Mail settings" >> ${CONFIGURATION_PATH}
|
echo -e "\n # Mail settings" >> ${CONFIGURATION_PATH}
|
||||||
echo -e " config.numbus.mail.enable = true;" >> ${CONFIGURATION_PATH}
|
echo -e " numbus.mail.enable = true;" >> ${CONFIGURATION_PATH}
|
||||||
echo -e " config.numbus.mail.userAddress = \"${SERVER_USER_EMAIL}\";" >> ${CONFIGURATION_PATH}
|
echo -e " numbus.mail.userAddress = \"${SERVER_USER_EMAIL}\";" >> ${CONFIGURATION_PATH}
|
||||||
echo -e " config.numbus.mail.adminAddress = \"${SERVER_ADMIN_EMAIL}\";" >> ${CONFIGURATION_PATH}
|
echo -e " numbus.mail.adminAddress = \"${SERVER_ADMIN_EMAIL}\";" >> ${CONFIGURATION_PATH}
|
||||||
echo -e " config.numbus.mail.smtpUsername = \"${SMTP_SERVER_USERNAME}\";" >> ${CONFIGURATION_PATH}
|
echo -e " numbus.mail.smtpUsername = \"${SMTP_SERVER_USERNAME}\";" >> ${CONFIGURATION_PATH}
|
||||||
echo -e " config.numbus.mail.smtpPasswordPath = config.sops.secrets.smtpPassword.path;" >> ${CONFIGURATION_PATH}
|
echo -e " numbus.mail.smtpPasswordPath = config.sops.secrets.smtpPassword.path;" >> ${CONFIGURATION_PATH}
|
||||||
|
|
||||||
if [[ "${SMTP_SERVER_HOST}" != "smtp.gmail.com" ]]; then
|
if [[ "${SMTP_SERVER_HOST}" != "smtp.gmail.com" ]]; then
|
||||||
echo -e " config.numbus.mail.smtpServer = \"${SMTP_SERVER_HOST}\";" >> ${CONFIGURATION_PATH}
|
echo -e " numbus.mail.smtpServer = \"${SMTP_SERVER_HOST}\";" >> ${CONFIGURATION_PATH}
|
||||||
fi
|
fi
|
||||||
if [[ "${SMTP_SERVER_PORT}" != "587" ]]; then
|
if [[ "${SMTP_SERVER_PORT}" != "587" ]]; then
|
||||||
echo -e " config.numbus.mail.smtpPort = ${SMTP_SERVER_PORT};" >> ${CONFIGURATION_PATH}
|
echo -e " numbus.mail.smtpPort = ${SMTP_SERVER_PORT};" >> ${CONFIGURATION_PATH}
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
disk_config_generation() {
|
disk_config_generation() {
|
||||||
echo -e "\n # Hardware settings" >> ${CONFIGURATION_PATH}
|
echo -e "\n # Hardware settings" >> ${CONFIGURATION_PATH}
|
||||||
echo -e " config.numbus.hardware.bootDisksList = [ ${BOOT_DISKS_ID_LIST[@]} ];" >> ${CONFIGURATION_PATH}
|
if [[ "${TARGET_PCIE_CORAL}" == "true" ]]; then
|
||||||
echo -e " config.numbus.hardware.dataDisksList = [ ${CONTENT_DISK_NUMBER_LIST[@]} ];" >> ${CONFIGURATION_PATH}
|
echo " numbus.hardware.pcie-coral.enable = true;" >> ${CONFIGURATION_PATH}
|
||||||
echo -e " config.numbus.hardware.parityDisksList = [ ${PARITY_DISK_NUMBER_LIST[@]} ];" >> ${CONFIGURATION_PATH}
|
fi
|
||||||
|
echo -e " numbus.hardware.bootDisksList = [ ${BOOT_DISKS_ID_LIST[@]} ];" >> ${CONFIGURATION_PATH}
|
||||||
|
echo -e " numbus.hardware.dataDisksList = [ ${CONTENT_DISK_LIST[@]} ];" >> ${CONFIGURATION_PATH}
|
||||||
|
echo -e " numbus.hardware.parityDisksList = [ ${PARITY_DISK_LIST[@]} ];" >> ${CONFIGURATION_PATH}
|
||||||
|
echo -e " numbus.hardware.spindownDisksList = [ ${SPINDOWN_DISKS_LIST[@]} ];" >> ${CONFIGURATION_PATH}
|
||||||
|
echo "}" >> ${CONFIGURATION_PATH}
|
||||||
}
|
}
|
||||||
|
|
||||||
keys_generation() {
|
keys_generation() {
|
||||||
@@ -469,12 +511,12 @@ EOF
|
|||||||
local SSH_KEYS_FORMATTED=""
|
local SSH_KEYS_FORMATTED=""
|
||||||
if [[ "$(declare -p AUTHORIZED_SSH_PUBLIC_KEY 2>/dev/null)" =~ "declare -a" ]]; then
|
if [[ "$(declare -p AUTHORIZED_SSH_PUBLIC_KEY 2>/dev/null)" =~ "declare -a" ]]; then
|
||||||
for key in "${AUTHORIZED_SSH_PUBLIC_KEY[@]}"; do
|
for key in "${AUTHORIZED_SSH_PUBLIC_KEY[@]}"; do
|
||||||
SSH_KEYS_FORMATTED+=" \"$key\""$'\n'
|
SSH_KEYS_FORMATTED+=" $key"$'\n'
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
SSH_KEYS_FORMATTED=" \"$AUTHORIZED_SSH_PUBLIC_KEY\""$'\n'
|
SSH_KEYS_FORMATTED=" $AUTHORIZED_SSH_PUBLIC_KEY"$'\n'
|
||||||
fi
|
fi
|
||||||
export AUTHORIZED_SSH_PUBLIC_KEY="$SSH_KEYS_FORMATTED"
|
export SSH_KEYS_FORMATTED
|
||||||
|
|
||||||
echo -e "\n ✅ Generating sops-nix keys..."
|
echo -e "\n ✅ Generating sops-nix keys..."
|
||||||
ssh-to-age -private-key -i final-nix-config/home/numbus-admin/.ssh/id_ed25519 > final-nix-config/var/lib/sops-nix/key.txt
|
ssh-to-age -private-key -i final-nix-config/home/numbus-admin/.ssh/id_ed25519 > final-nix-config/var/lib/sops-nix/key.txt
|
||||||
@@ -566,6 +608,8 @@ cloudflare_dns_setup() {
|
|||||||
SELECTED_SERVICES_DNS=()
|
SELECTED_SERVICES_DNS=()
|
||||||
for service in "${SELECTED_SERVICES[@]}"; do
|
for service in "${SELECTED_SERVICES[@]}"; do
|
||||||
[[ "${service}" == "virtualization" ]] && continue
|
[[ "${service}" == "virtualization" ]] && continue
|
||||||
|
[[ "${service}" == "clamav" ]] && continue
|
||||||
|
[[ "${service}" == "nextcloud" ]] && SELECTED_SERVICES_DNS+=( "onlyoffice.${DOMAIN_NAME}" "whiteboard.${DOMAIN_NAME}" )
|
||||||
SELECTED_SERVICES_DNS+=( "${service}.${DOMAIN_NAME}" )
|
SELECTED_SERVICES_DNS+=( "${service}.${DOMAIN_NAME}" )
|
||||||
done
|
done
|
||||||
SELECTED_SERVICES_DNS+=( "${SELECTED_DNS_SERVICE}.${DOMAIN_NAME}" )
|
SELECTED_SERVICES_DNS+=( "${SELECTED_DNS_SERVICE}.${DOMAIN_NAME}" )
|
||||||
@@ -617,7 +661,7 @@ export_configuration() {
|
|||||||
echo "export BOOT_DISKS_ID_LIST=\"(${BOOT_DISKS_ID_LIST[@]})\"" >> $CONFIG_EXPORT_FILE
|
echo "export BOOT_DISKS_ID_LIST=\"(${BOOT_DISKS_ID_LIST[@]})\"" >> $CONFIG_EXPORT_FILE
|
||||||
echo "export DATA_DISKS_ID=\"(${DATA_DISKS_ID[@]})\"" >> $CONFIG_EXPORT_FILE
|
echo "export DATA_DISKS_ID=\"(${DATA_DISKS_ID[@]})\"" >> $CONFIG_EXPORT_FILE
|
||||||
echo "export DATA_DISKS_TYPE=\"(${DATA_DISKS_TYPE[@]})\"" >> $CONFIG_EXPORT_FILE
|
echo "export DATA_DISKS_TYPE=\"(${DATA_DISKS_TYPE[@]})\"" >> $CONFIG_EXPORT_FILE
|
||||||
echo "export SPINDOWN_DISKS_ID=\"(${SPINDOWN_DISKS_ID[@]})\"" >> $CONFIG_EXPORT_FILE
|
echo "export SPINDOWN_DISKS_LIST=\"(${SPINDOWN_DISKS_LIST[@]})\"" >> $CONFIG_EXPORT_FILE
|
||||||
echo "export CONTENT_DISK_NUMBER=\"${CONTENT_DISK_NUMBER}\"" >> $CONFIG_EXPORT_FILE
|
echo "export CONTENT_DISK_NUMBER=\"${CONTENT_DISK_NUMBER}\"" >> $CONFIG_EXPORT_FILE
|
||||||
echo "export PARITY_DISK_NUMBER=\"${PARITY_DISK_NUMBER}\"" >> $CONFIG_EXPORT_FILE
|
echo "export PARITY_DISK_NUMBER=\"${PARITY_DISK_NUMBER}\"" >> $CONFIG_EXPORT_FILE
|
||||||
echo -e "\n# TPM SETTINGS" >> $CONFIG_EXPORT_FILE
|
echo -e "\n# TPM SETTINGS" >> $CONFIG_EXPORT_FILE
|
||||||
@@ -626,9 +670,12 @@ export_configuration() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
deploy() {
|
deploy() {
|
||||||
git -C "/home/nixosd/numbus-server" add -f "final-nix-config"
|
git -C . add -f "final-nix-config/"
|
||||||
|
git -C . add -f "templates/"
|
||||||
|
git -C . add -f "deploy.conf"
|
||||||
|
|
||||||
echo -e "\n\n🔄 Deploying to the remote server..."
|
echo -e "\n\n🔄 Deploying to the remote server..."
|
||||||
|
nix flake update --flake ./final-nix-config/etc/nixos
|
||||||
nix run github:nix-community/nixos-anywhere -- \
|
nix run github:nix-community/nixos-anywhere -- \
|
||||||
--flake ./final-nix-config/etc/nixos#numbus-server \
|
--flake ./final-nix-config/etc/nixos#numbus-server \
|
||||||
--extra-files final-nix-config \
|
--extra-files final-nix-config \
|
||||||
|
|||||||
@@ -1,9 +1,10 @@
|
|||||||
{ modulesPath, config, lib, pkgs, inputs, ... }:
|
{ modulesPath, config, pkgs, inputs, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
(modulesPath + "/profiles/qemu-guest.nix")
|
(modulesPath + "/profiles/qemu-guest.nix")
|
||||||
|
inputs.sops-nix.nixosModules.sops
|
||||||
];
|
];
|
||||||
|
|
||||||
# System
|
# System
|
||||||
@@ -13,6 +14,7 @@
|
|||||||
sops.defaultSopsFile = ./secrets/secrets.yaml;
|
sops.defaultSopsFile = ./secrets/secrets.yaml;
|
||||||
sops.age.sshKeyPaths = [ "/home/numbus-admin/.ssh/id_ed25519" ];
|
sops.age.sshKeyPaths = [ "/home/numbus-admin/.ssh/id_ed25519" ];
|
||||||
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
||||||
|
# Secrets
|
||||||
sops.secrets."authorizedSshPublicKeys" = { owner = "numbus-admin"; path = "/home/numbus-admin/.ssh/authorized_keys"; mode = "0600"; };
|
sops.secrets."authorizedSshPublicKeys" = { owner = "numbus-admin"; path = "/home/numbus-admin/.ssh/authorized_keys"; mode = "0600"; };
|
||||||
sops.secrets."smtpPassword" = { owner = "numbus-admin"; mode = "0600"; };
|
sops.secrets."smtpPassword" = { owner = "numbus-admin"; mode = "0600"; };
|
||||||
sops.secrets."cloudflareDnsApiToken" = { owner = "numbus-admin"; mode = "0600"; };
|
sops.secrets."cloudflareDnsApiToken" = { owner = "numbus-admin"; mode = "0600"; };
|
||||||
@@ -20,15 +22,3 @@
|
|||||||
# # TPM2 PCR check
|
# # TPM2 PCR check
|
||||||
# systemIdentity.enable = true;
|
# systemIdentity.enable = true;
|
||||||
# systemIdentity.pcr15 = "PCR_HASH";
|
# systemIdentity.pcr15 = "PCR_HASH";
|
||||||
|
|
||||||
# Server
|
|
||||||
time.timeZone = "Europe/Paris";
|
|
||||||
config.numbus.owner = "Raphael";
|
|
||||||
|
|
||||||
# Enable email notifications
|
|
||||||
config.numbus.mail.enable = true;
|
|
||||||
config.numbus.mail.userAddress = "user@tunea.eu";
|
|
||||||
config.numbus.mail.adminAddress = "admin@tunea.eu";
|
|
||||||
config.numbus.mail.smtpUsername = "raphaels.server@gmail.com";
|
|
||||||
config.numbus.mail.smtpPasswordPath = config.sops.secrets.smtpPassword.path;
|
|
||||||
|
|
||||||
|
|||||||
@@ -37,7 +37,7 @@
|
|||||||
# Secrets handling
|
# Secrets handling
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
# Power savings
|
# Power savings
|
||||||
inputs.autoaspm.nixosModules.autoaspm
|
autoaspm.nixosModules.autoaspm
|
||||||
# Core host configuration
|
# Core host configuration
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
|||||||
@@ -1,12 +0,0 @@
|
|||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
libedgetpu = pkgs.callPackage ./libedgetpu.nix {};
|
|
||||||
gasket = config.boot.kernelPackages.callPackage ./gasket.nix {};
|
|
||||||
in
|
|
||||||
|
|
||||||
{
|
|
||||||
services.udev.packages = [ libedgetpu ];
|
|
||||||
users.groups.plugdev = {};
|
|
||||||
boot.extraModulePackages = [ gasket ];
|
|
||||||
}
|
|
||||||
@@ -1,35 +0,0 @@
|
|||||||
{ stdenv, lib, fetchFromGitHub, kernel }:
|
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
|
||||||
pname = "gasket";
|
|
||||||
version = "1.0-18";
|
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "google";
|
|
||||||
repo = "gasket-driver";
|
|
||||||
rev = "97aeba584efd18983850c36dcf7384b0185284b3";
|
|
||||||
sha256 = "pJwrrI7jVKFts4+bl2xmPIAD01VKFta2SRuElerQnTo=";
|
|
||||||
};
|
|
||||||
|
|
||||||
makeFlags = [
|
|
||||||
"-C"
|
|
||||||
"${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"
|
|
||||||
"M=$(PWD)"
|
|
||||||
];
|
|
||||||
buildFlags = [ "modules" ];
|
|
||||||
|
|
||||||
installFlags = [ "INSTALL_MOD_PATH=${placeholder "out"}" ];
|
|
||||||
installTargets = [ "modules_install" ];
|
|
||||||
|
|
||||||
sourceRoot = "source/src";
|
|
||||||
hardeningDisable = [ "pic" "format" ];
|
|
||||||
nativeBuildInputs = kernel.moduleBuildDependencies;
|
|
||||||
|
|
||||||
meta = with lib; {
|
|
||||||
description = "The Coral Gasket Driver allows usage of the Coral EdgeTPU on Linux systems.";
|
|
||||||
homepage = "https://github.com/google/gasket-driver";
|
|
||||||
license = licenses.gpl2;
|
|
||||||
maintainers = [ lib.maintainers.kylehendricks ];
|
|
||||||
platforms = platforms.linux;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
@@ -1,59 +0,0 @@
|
|||||||
{ stdenv, lib, fetchFromGitHub, libusb1, abseil-cpp, flatbuffers, xxd }:
|
|
||||||
|
|
||||||
let
|
|
||||||
flatbuffers_1_12 = flatbuffers.overrideAttrs (oldAttrs: rec {
|
|
||||||
version = "1.12.0";
|
|
||||||
NIX_CFLAGS_COMPILE = "-Wno-error=class-memaccess -Wno-error=maybe-uninitialized";
|
|
||||||
cmakeFlags = (oldAttrs.cmakeFlags or []) ++ ["-DFLATBUFFERS_BUILD_SHAREDLIB=ON"];
|
|
||||||
NIX_CXXSTDLIB_COMPILE = "-std=c++17";
|
|
||||||
configureFlags = (oldAttrs.configureFlags or []) ++ ["--enable-shared"];
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "google";
|
|
||||||
repo = "flatbuffers";
|
|
||||||
rev = "v${version}";
|
|
||||||
sha256 = "sha256-L1B5Y/c897Jg9fGwT2J3+vaXsZ+lfXnskp8Gto1p/Tg=";
|
|
||||||
};
|
|
||||||
});
|
|
||||||
|
|
||||||
in stdenv.mkDerivation rec {
|
|
||||||
pname = "libedgetpu";
|
|
||||||
version = "grouper";
|
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "google-coral";
|
|
||||||
repo = pname;
|
|
||||||
rev = "release-${version}";
|
|
||||||
sha256 = "sha256-73hwItimf88Iqnb40lk4ul/PzmCNIfdt6Afi+xjNiBE=";
|
|
||||||
};
|
|
||||||
|
|
||||||
makeFlags = ["-f" "makefile_build/Makefile" "libedgetpu" ];
|
|
||||||
|
|
||||||
buildInputs = [
|
|
||||||
libusb1
|
|
||||||
abseil-cpp
|
|
||||||
flatbuffers_1_12
|
|
||||||
];
|
|
||||||
|
|
||||||
nativeBuildInputs = [
|
|
||||||
xxd
|
|
||||||
];
|
|
||||||
|
|
||||||
NIX_CXXSTDLIB_COMPILE = "-std=c++17";
|
|
||||||
|
|
||||||
TFROOT = "${fetchFromGitHub {
|
|
||||||
owner = "tensorflow";
|
|
||||||
repo = "tensorflow";
|
|
||||||
rev = "v2.7.4";
|
|
||||||
sha256 = "sha256-liDbUAdaVllB0b74aBeqNxkYNu/zPy7k3CevzRF5dk0=";
|
|
||||||
}}";
|
|
||||||
|
|
||||||
enableParallelBuilding = false;
|
|
||||||
|
|
||||||
installPhase = ''
|
|
||||||
mkdir -p $out/lib
|
|
||||||
cp out/direct/k8/libedgetpu.so.1.0 $out/lib
|
|
||||||
ln -s $out/lib/libedgetpu.so.1.0 $out/lib/libedgetpu.so.1
|
|
||||||
mkdir -p $out/lib/udev/rules.d
|
|
||||||
cp debian/edgetpu-accelerator.rules $out/lib/udev/rules.d/99-edgetpu-accelerator.rules
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
@@ -1,4 +1,4 @@
|
|||||||
authorizedSshPublicKeys: |
|
authorizedSshPublicKeys: |
|
||||||
$AUTHORIZED_SSH_PUBLIC_KEY
|
$SSH_KEYS_FORMATTED
|
||||||
smtpPassword: "$SMTP_SERVER_PASSWORD"
|
smtpPassword: "$SMTP_SERVER_PASSWORD"
|
||||||
cloudlfareDnsApiToken: "$CLOUDFLARE_DNS_API_TOKEN"
|
cloudflareDnsApiToken: "$CLOUDFLARE_DNS_API_TOKEN"
|
||||||
Reference in New Issue
Block a user