self-host-playbook/install.sh

#!/usr/bin/env bash

set -euo pipefail

# Ensure we're in a flakes-enabled environment with required tools
if ! command -v nix &> /dev/null; then
    echo "❌ Nix is not installed. Please install Nix first:"
    echo "curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install"
    exit 1
fi

# Check if we need to enter a new shell
if [ -z "${INSIDE_NIX_SHELL+x}" ]; then
    export NIX_CONFIG="experimental-features = nix-command flakes"
    export INSIDE_NIX_SHELL=1
    exec nix shell nixpkgs#git nixpkgs#mkpasswd nixpkgs#jq --command bash "$0"
fi

# Check directory situation and handle navigation
DIR_NAME="self-host-playbook"
CURRENT_DIR=$(basename "$(pwd)")

if [ "$CURRENT_DIR" = "$DIR_NAME" ]; then
    echo "📂 Already in $DIR_NAME directory"
    echo "⚠️  Warning: Proceeding will overwrite the current version!"
    read -p "Do you want to continue? (y/N) " -n 1 -r
    echo
    if [[ ! $REPLY =~ ^[Yy]$ ]]; then
        echo "❌ Operation cancelled"
        exit 1
    fi
else
    if [ -d "$DIR_NAME" ]; then
        echo "📂 Directory '$DIR_NAME' already exists"
        read -p "Do you want to proceed in the existing directory? (y/N) " -n 1 -r
        echo
        if [[ $REPLY =~ ^[Yy]$ ]]; then
            cd "$DIR_NAME"
        else
            echo "❌ Please choose a different directory or remove the existing one"
            exit 1
        fi
    else
        echo "🔄 Creating new self-host-playbook configuration..."
        mkdir -p "$DIR_NAME"
        cd "$DIR_NAME"
    fi
fi

get_latest_version() {
    local LATEST_VERSION

    latest_version=$(curl -s "https://code.m3tam3re.com/api/v1/repos/m3tam3re/self-host-playbook/tags" | jq -r '.[] | select(.name | startswith("v")) | .name' | sort -V | tail -n1)

    if [ -z "$latest_version" ]; then
        echo "❌ Error: Could not fetch latest version from repository"
        exit 1
    fi

    # Remove 'v' prefix if present and return
    echo "${latest_version#v}"
}

setup_latest_version() {
    local target_version=$1
    local dir_name=$2

    # Safety check: Ensure we're in the self-host-playbook directory
    local current_dir=$(basename "$(pwd)")
    if [ "$current_dir" != "self-host-playbook" ]; then
        echo "❌ Error: Must be in 'self-host-playbook' directory to setup latest version"
        echo "Current directory: $(pwd)"
        return 1
    fi

    echo "⬇️ Downloading version $target_version..."

    TEMP_DIR=$(mktemp -d)
    trap 'rm -rf "$TEMP_DIR"' EXIT

    # Create a subdirectory for the clone
    CLONE_DIR="${TEMP_DIR}/clone"
    mkdir -p "$CLONE_DIR"

    # Clone to temporary directory with --quiet flag
    if ! nix flake clone --quiet "git+https://code.m3tam3re.com/m3tam3re/self-host-playbook?ref=v${target_version}" --dest "$CLONE_DIR" 2>/dev/null; then
        echo "❌ Failed to clone repository"
        return 1
    fi

    # Additional safety check before copying files
    if [ ! -f "$CLONE_DIR/flake.nix" ]; then
        echo "❌ Error: Downloaded content doesn't appear to be a valid self-host-playbook"
        return 1
    fi

    # Copy files from clone to target directory
    cp -r "$CLONE_DIR"/* "$dir_name/"

    return 0
}

# Function to setup from template
setup_from_template() {
    # Ensure we're in the correct directory
    local current_dir=$(basename "$(pwd)")
    if [ "$current_dir" != "self-host-playbook" ]; then
        echo "❌ Error: Must be in 'self-host-playbook' directory"
        exit 1
    fi

    # Create backup if directory is not empty
    if [ -n "$(ls -A)" ]; then
        local CURRENT_VERSION=$(date +%Y%m%d_%H%M%S)
        local backup_dir="backup_${CURRENT_VERSION}_$(date +%Y%m%d_%H%M%S)"
        echo "📑 Creating backup in $backup_dir..."
        mkdir -p "$backup_dir"
        # Add safety check for backup creation
        if [ ! -d "$backup_dir" ]; then
            echo "❌ Error: Failed to create backup directory"
            exit 1
        fi

        find . -maxdepth 1 ! -name "." ! -name ".." ! -name "$backup_dir" -exec cp -r {} "$backup_dir/" \;
        echo "✅ Backup created successfully"

        # Clean current directory except backup
        echo "🗑️ Cleaning current directory..."
        find . -maxdepth 1 ! -name "." ! -name ".." ! -name "$backup_dir" -exec rm -rf {} \;
    fi

    # Get and setup latest version
    local LATEST_VERSION=$(get_latest_version)
    echo "⬇️ Setting up version $LATEST_VERSION..."
    setup_latest_version "$LATEST_VERSION" "."
}

# Function to generate SSH key
generate_ssh_key() {
    local KEY_NAME="self-host-playbook"
    local KEY_PATH="$HOME/.ssh/${KEY_NAME}"

    if [ ! -f "$KEY_PATH" ]; then
        mkdir -p "$HOME/.ssh"
        echo "🔑 Generating new SSH key pair..." >&2
        ssh-keygen -t ed25519 -f "$KEY_PATH" -N "" >&2
        echo "✅ New SSH key pair generated" >&2
    else
        echo "🔑 Using existing SSH key pair" >&2
    fi

    if [ ! -f "${KEY_PATH}.pub" ]; then
        echo "❌ Error: Public key file not found" >&2
        exit 1
    fi

    printf "%s" "$KEY_PATH"
}

# Function to hash password using mkpasswd
hash_password() {
    local password=$1
    mkpasswd -m sha-512 "$password"
}

# Function to display device detection guide
show_device_guide() {
    echo
    echo "📝 How to find your root device name:"
    echo "------------------------------------"
    echo "1. SSH into your server with the credentials provided by your cloud provider or use the web console"
    echo "2. Run the following command:"
    echo "   lsblk -d -o NAME,SIZE"
    echo
    echo "Look for the main disk, usually the largest one. It will be shown as:"
    echo "- AWS (older): xvda"
    echo "- AWS (newer): nvme0n1"
    echo "- GCP/Azure/Linode: sda"
    echo "- DigitalOcean: vda"
    echo
    echo "The device name will be /dev/[name shown in lsblk]"
    echo
    echo "💡 Example:"
    echo "   NAME SIZE"
    echo "   sda  76.3G"
    echo "   sr0  1024M"
    echo "------------------------------------"
    echo
}

# Function to get device name based on provider
get_device_name() {
    local provider=$1
    case $provider in
        "aws-new")
            echo "/dev/nvme0n1"
            ;;
        "aws-old")
            echo "/dev/xvda"
            ;;
        "gcp")
            echo "/dev/sda"
            ;;
        "azure")
            echo "/dev/sda"
            ;;
        "digitalocean")
            echo "/dev/vda"
            ;;
        "linode")
            echo "/dev/sda"
            ;;
        "hetzner")
            echo "/dev/sda"
            ;;
        *)
            echo "unknown"
            ;;
    esac
}

setup_ssh_config() {
    local username=$1
    local ip_address=$2
    local hostname=$3  # Add hostname parameter
    local ssh_config_dir="$HOME/.ssh"
    local ssh_config_file="$ssh_config_dir/config"
    local ssh_key_file="$ssh_config_dir/self-host-playbook"

    # Create .ssh directory if it doesn't exist
    mkdir -p "$ssh_config_dir"
    chmod 700 "$ssh_config_dir"

    # Create or append to SSH config using hostname as the Host name
    local config_entry="Host $hostname
    HostName $ip_address
    User $username
    Port 2222
    IdentityFile $ssh_key_file"

    # Check if entry already exists
    if ! grep -q "Host $hostname" "$ssh_config_file" 2>/dev/null; then
        echo -e "\n$config_entry" >> "$ssh_config_file"
        echo "✅ Added SSH config entry"
    else
        # Update existing entry
        sed -i.bak "/Host $hostname/,/IdentityFile.*/{
            s/HostName.*/HostName $ip_address/
            s/User.*/User $username/
        }" "$ssh_config_file"
        echo "✅ Updated existing SSH config entry"
    fi

    # Set appropriate permissions
    chmod 600 "$ssh_config_file"
}

install_deploy_rs() {
    echo "🔧 Installing deploy-rs to user environment..."

    # Check if deploy is already installed
    if command -v deploy >/dev/null 2>&1; then
        echo "ℹ️ deploy-rs is already installed"
        return 0
    fi

    # Install deploy-rs using nix profile
    if nix profile install 'github:serokell/deploy-rs'; then
        echo "✅ deploy-rs installed successfully"
    else
        echo "❌ Failed to install deploy-rs"
        return 1
    fi
}

echo "🚀 Welcome to the Self-Host Playbook!"
echo "================================================"
echo "This script will help you manage your NixOS server with:"
echo "- Portainer (Docker management)"
echo "- n8n (Workflow automation)"
echo "- Baserow (No-code database)"
echo "- Caddy (Automatic HTTPS reverse proxy)"
echo "================================================"
echo

read -p "Press ANY KEY to continue or CTRL + C to abort..."
echo
# Generate SSH key
SSH_KEY_PATH=$(generate_ssh_key) || exit 1
SSH_PUB_KEY=$(cat "${SSH_KEY_PATH}.pub") || {
    echo "❌ Error: Failed to read public key from ${SSH_KEY_PATH}.pub"
    exit 1
}
echo
echo "🔑 Here is your public key:"
echo
cat "$SSH_KEY_PATH.pub"
echo ""
echo "📁 You can also find the keyfile here:"
echo
echo "$SSH_KEY_PATH.pub"
echo
read -p "Press ENTER to continue or CTRL + C to abort..."

# Collect user input
echo ""
echo "📝 Please provide the following information:"
echo "-------------------------------------------"
read -p "1. Enter target server IP address: " IP_ADDRESS
read -p "2. Enter hostname for the server: " HOSTNAME

# Validate hostname format
while ! [[ $HOSTNAME =~ ^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)*$ ]]; do
    echo "❌ Invalid hostname format. Please use a valid hostname (e.g., my-server.example.com)"
    read -p "Enter hostname for the server: " HOSTNAME
done

read -p "3. Enter desired username for server access: " USERNAME
read -s -p "4. Enter desired password: " PASSWORD
echo
echo "5. Enter domain names for services (must point to $IP_ADDRESS):"
read -p "   - Domain for Portainer: " PORTAINER_DOMAIN
read -p "   - Domain for n8n: " N8N_DOMAIN
read -p "   - Domain for Baserow: " BASEROW_DOMAIN
echo
echo "6. How do you authenticate to the target machine?"
echo "-------------------------------------------"
echo "   1) Password"
echo "   2) SSH Key"
echo
read -p "Enter your choice (1-2): " KEY_CHOICE

case $KEY_CHOICE in
    1)
        INSTALL_COMMAND="nix run github:nix-community/nixos-anywhere -- --flake .#$HOSTNAME root@$IP_ADDRESS"
        ;;
    2)
        INSTALL_COMMAND="nix run github:nix-community/nixos-anywhere -- --flake .#$HOSTNAME -i $SSH_KEY_PATH root@$IP_ADDRESS"
        ;;
    *)
        echo "❌ Invalid choice"
        exit 1
        ;;
esac

setup_from_template

echo
echo "7. Select your cloud provider:"
echo "   1) AWS (Newer instances with NVMe)"
echo "   2) AWS (Older instances)"
echo "   3) Google Cloud Platform"
echo "   4) Microsoft Azure"
echo "   5) DigitalOcean"
echo "   6) Linode"
echo "   7) Hetzner"
echo "   8) I'm not sure (Show detection guide)"
echo

read -p "Enter your choice (1-8): " PROVIDER_CHOICE

# Set device name based on provider choice
case $PROVIDER_CHOICE in
    1)
        PROVIDER="aws-new"
        ;;
    2)
        PROVIDER="aws-old"
        ;;
    3)
        PROVIDER="gcp"
        ;;
    4)
        PROVIDER="azure"
        ;;
    5)
        PROVIDER="digitalocean"
        ;;
    6)
        PROVIDER="linode"
        ;;
    7)
        PROVIDER="hetzner"
        ;;
    8)
        show_device_guide
        read -p "Enter your root device name (e.g., /dev/sda): " DEVICE_NAME
        PROVIDER="custom"
        ;;
    *)
        echo "❌ Invalid choice"
        exit 1
        ;;
esac

if [ "$PROVIDER" != "custom" ]; then
    DEVICE_NAME=$(get_device_name "$PROVIDER")
fi

echo
echo "Using root device: $DEVICE_NAME"
read -p "Is this correct? (y/N) " CONFIRM
if [[ ! $CONFIRM =~ ^[Yy]$ ]]; then
    echo "Installation aborted. Please run the script again with the correct device."
    exit 1
fi

echo
echo "🛠️  Preparing server configuration..."

# Hash the password
HASHED_PASSWORD=$(hash_password "$PASSWORD")

echo "📝 Customizing configuration files..."
# Write configuration to JSON file
cat > config.json << EOF
{
  "username": "$USERNAME",
  "hashedPassword": "$HASHED_PASSWORD",
  "sshKey": "$SSH_PUB_KEY",
  "domains": {
    "portainer": "$PORTAINER_DOMAIN",
    "n8n": "$N8N_DOMAIN",
    "baserow": "$BASEROW_DOMAIN"
  },
  "rootDevice": "$DEVICE_NAME",
  "ipAddress": "$IP_ADDRESS",
  "hostname": "$HOSTNAME"
}
EOF

echo "📦 Setting up environment files..."
# Update environment files with domains
if [[ "$OSTYPE" == "darwin"* ]]; then
    sed -i '' "s/N8N_DOMAIN/$N8N_DOMAIN/g" ./env/n8n.env
    sed -i '' "s/BASEROW_DOMAIN/$BASEROW_DOMAIN/g" ./env/baserow.env
else
    sed -i "s/N8N_DOMAIN/$N8N_DOMAIN/g" ./env/n8n.env
    sed -i "s/BASEROW_DOMAIN/$BASEROW_DOMAIN/g" ./env/baserow.env
fi

echo
echo "⚠️  Important: By proceeding the existing virtual machine will be overwritten!"
echo
read -p "Do you want to proceed? (y/N) " CONFIRM
if [[ ! $CONFIRM =~ ^[Yy]$ ]]; then
    echo "Installation aborted."
    exit 1
fi
echo
echo "🚀 Starting NixOS installation..."
echo "This process might take several minutes..."

# Run nixos-anywhere installation
$INSTALL_COMMAND && {
    echo "🔧 Setting up SSH configuration..."
    setup_ssh_config "$USERNAME" "$IP_ADDRESS" "$HOSTNAME"
    echo
    echo "🎉 Installation completed successfully!"
    echo "=====================================>"
    echo "You can now access your services at:"
    echo "- Portainer: https://$PORTAINER_DOMAIN"
    echo "- n8n: https://$N8N_DOMAIN"
    echo "- Baserow: https://$BASEROW_DOMAIN"
    echo
    echo "To connect to your server, use:"
    echo "ssh $HOSTNAME"
    echo
    install_deploy_rs
    echo
    echo "⚠️  Important: Please save your SSH key path: $SSH_KEY_PATH"
    echo "=====================================>"
} || echo "Command failed with exit status $?"