m3tam3re/self-host-playbook
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Prepare v0.1.0

Browse Source
This commit is contained in:
m3tam3re 2025-04-09 16:08:16 +02:00
parent 171e9dd89e
commit 851f1b1344
6 changed files with 451 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1 +0,0 @@
config.json

3
flake.lock generated
View File

@ -75,6 +75,9 @@
"root": { "root": {
"inputs": { "inputs": {
"base-config": "base-config", "base-config": "base-config",
"deploy-rs": [
"nixpkgs"
],
"disko": "disko", "disko": "disko",
"nixpkgs": [ "nixpkgs": [
"base-config", "base-config",

22
flake.nix
View File

@ -14,20 +14,27 @@
url = "github:nix-community/disko"; url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
deploy-rs = {
url = "github:serokell/deploy-rs";
follows = "nixpkgs";
};
}; };
outputs = { outputs = {
self, self,
base-config, base-config,
deploy-rs,
nixpkgs, nixpkgs,
... ...
} @ inputs: { } @ inputs: let
jsonConfig = builtins.fromJSON (builtins.readFile ./config.json);
in {
nixosConfigurations.nixos = nixpkgs.lib.nixosSystem { nixosConfigurations.nixos = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
(base-config.nixosModules.default { (base-config.nixosModules.default {
tier = "starter"; tier = "starter";
jsonConfig = builtins.fromJSON (builtins.readFile ./config.json); inherit jsonConfig;
}) # Pass tier here }) # Pass tier here
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
./configuration.nix ./configuration.nix
@ -36,5 +43,16 @@
inherit self; inherit self;
}; };
}; };
deploy.nodes.nixos = {
hostname = "self-host-playbook";
profiles.system = {
sshUser = jsonConfig.username;
user = "root";
interactiveSudo = true;
path =
deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.nixos;
};
};
}; };
} }

155
install.sh
View File

@ -13,14 +13,23 @@ fi
if [ -z "${INSIDE_NIX_SHELL+x}" ]; then if [ -z "${INSIDE_NIX_SHELL+x}" ]; then
export NIX_CONFIG="experimental-features = nix-command flakes" export NIX_CONFIG="experimental-features = nix-command flakes"
export INSIDE_NIX_SHELL=1 export INSIDE_NIX_SHELL=1
exec nix shell nixpkgs#git nixpkgs#mkpasswd --command bash "$0" exec nix shell nixpkgs#git nixpkgs#mkpasswd nixpkgs#jq --command bash "$0"
fi fi
# Function to setup from template # Check directory situation and handle navigation
setup_from_template() { DIR_NAME="self-host-playbook"
local TEMPLATE=starter CURRENT_DIR=$(basename "$(pwd)")
local DIR_NAME="self-host-playbook"
if [ "$CURRENT_DIR" = "$DIR_NAME" ]; then
echo "📂 Already in $DIR_NAME directory"
echo "⚠️ Warning: Proceeding will overwrite the current version!"
read -p "Do you want to continue? (y/N) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo "❌ Operation cancelled"
exit 1
fi
else
if [ -d "$DIR_NAME" ]; then if [ -d "$DIR_NAME" ]; then
echo "📂 Directory '$DIR_NAME' already exists" echo "📂 Directory '$DIR_NAME' already exists"
read -p "Do you want to proceed in the existing directory? (y/N) " -n 1 -r read -p "Do you want to proceed in the existing directory? (y/N) " -n 1 -r
@ -32,17 +41,78 @@ setup_from_template() {
exit 1 exit 1
fi fi
else else
echo "🔄 Creating new self-host-playbook configuration from template..." echo "🔄 Creating new self-host-playbook configuration..."
nix flake new --template "git+https://code.m3tam3re.com/m3tam3re/self-host-playbook#${TEMPLATE}" "$DIR_NAME" mkdir -p "$DIR_NAME"
cd "$DIR_NAME" cd "$DIR_NAME"
fi fi
fi
get_latest_version() {
local LATEST_VERSION
latest_version=$(curl -s "https://code.m3tam3re.com/api/v1/repos/m3tam3re/self-host-playbook/tags" | jq -r '.[] | select(.name | startswith("v")) | .name' | sort -V | tail -n1)
if [ -z "$latest_version" ]; then
echo "❌ Error: Could not fetch latest version from repository"
exit 1
fi
# Remove 'v' prefix if present and return
echo "${latest_version#v}"
}
setup_latest_version() {
local target_version=$1
local dir_name=$2
echo "⬇️ Downloading version $target_version..."
TEMP_DIR=$(mktemp -d)
trap 'rm -rf "$TEMP_DIR"' EXIT
# Create a subdirectory for the clone
CLONE_DIR="${TEMP_DIR}/clone"
mkdir -p "$CLONE_DIR"
# Clone to temporary directory with --quiet flag
if ! nix flake clone --quiet "git+https://code.m3tam3re.com/m3tam3re/self-host-playbook?ref=v${target_version}" --dest "$CLONE_DIR" 2>/dev/null; then
echo "❌ Failed to clone repository"
return 1
fi
# Copy files from clone to target directory
cp -r "$CLONE_DIR"/* "$dir_name/"
return 0
}
# Function to setup from template
setup_from_template() {
# Create backup if directory is not empty
if [ -n "$(ls -A)" ]; then
local CURRENT_VERSION=$(date +%Y%m%d_%H%M%S)
local backup_dir="backup_${CURRENT_VERSION}_$(date +%Y%m%d_%H%M%S)"
echo "📑 Creating backup in $backup_dir..."
mkdir -p "$backup_dir"
find . -maxdepth 1 ! -name "." ! -name ".." ! -name "$backup_dir" -exec cp -r {} "$backup_dir/" \;
echo "✅ Backup created successfully"
# Clean current directory except backup
echo "🗑️ Cleaning current directory..."
find . -maxdepth 1 ! -name "." ! -name ".." ! -name "$backup_dir" -exec rm -rf {} \;
fi
# Get and setup latest version
local LATEST_VERSION=$(get_latest_version)
echo "⬇️ Setting up version $LATEST_VERSION..."
setup_latest_version "$LATEST_VERSION" "."
} }
# Function to generate SSH key # Function to generate SSH key
generate_ssh_key() { generate_ssh_key() {
local KEY_NAME="self-host-playbook" local KEY_NAME="self-host-playbook"
local KEY_PATH="$HOME/.ssh/${KEY_NAME}" local KEY_PATH="$HOME/.ssh/${KEY_NAME}"
W
if [ ! -f "$KEY_PATH" ]; then if [ ! -f "$KEY_PATH" ]; then
mkdir -p "$HOME/.ssh" mkdir -p "$HOME/.ssh"
echo "🔑 Generating new SSH key pair..." >&2 echo "🔑 Generating new SSH key pair..." >&2
@ -122,6 +192,58 @@ get_device_name() {
esac esac
} }
setup_ssh_config() {
local username=$1
local ip_address=$2
local ssh_config_dir="$HOME/.ssh"
local ssh_config_file="$ssh_config_dir/config"
local ssh_key_file="$ssh_config_dir/self-host-playbook"
# Create .ssh directory if it doesn't exist
mkdir -p "$ssh_config_dir"
chmod 700 "$ssh_config_dir"
# Create or append to SSH config
local config_entry="Host self-host-playbook
HostName $ip_address
User $username
IdentityFile $ssh_key_file"
# Check if entry already exists
if ! grep -q "Host self-host-playbook" "$ssh_config_file" 2>/dev/null; then
echo -e "\n$config_entry" >> "$ssh_config_file"
echo "✅ Added SSH config entry"
else
# Update existing entry
sed -i.bak "/Host self-host-playbook/,/IdentityFile.*/{
s/HostName.*/HostName $ip_address/
s/User.*/User $username/
}" "$ssh_config_file"
echo "✅ Updated existing SSH config entry"
fi
# Set appropriate permissions
chmod 600 "$ssh_config_file"
}
install_deploy_rs() {
echo "🔧 Installing deploy-rs to user environment..."
# Check if deploy is already installed
if command -v deploy >/dev/null 2>&1; then
echo " deploy-rs is already installed"
return 0
fi
# Install deploy-rs using nix profile
if nix profile install 'github:serokell/deploy-rs'; then
echo "✅ deploy-rs installed successfully"
else
echo "❌ Failed to install deploy-rs"
return 1
fi
}
echo "🚀 Welcome to the Self-Host Playbook!" echo "🚀 Welcome to the Self-Host Playbook!"
echo "================================================" echo "================================================"
echo "This script will help you manage your NixOS server with:" echo "This script will help you manage your NixOS server with:"
@ -155,11 +277,11 @@ read -p "Press ENTER to continue or CTRL + C to abort..."
echo "" echo ""
echo "📝 Please provide the following information:" echo "📝 Please provide the following information:"
echo "-------------------------------------------" echo "-------------------------------------------"
read -p "1. Enter target server IP address: " SERVER_IP read -p "1. Enter target server IP address: " IP_ADDRESS
read -p "2. Enter desired username for server access: " USERNAME read -p "2. Enter desired username for server access: " USERNAME
read -s -p "3. Enter desired password: " PASSWORD read -s -p "3. Enter desired password: " PASSWORD
echo echo
echo "4. Enter domain names for services (must point to $SERVER_IP):" echo "4. Enter domain names for services (must point to $IP_ADDRESS):"
read -p " - Domain for Portainer: " PORTAINER_DOMAIN read -p " - Domain for Portainer: " PORTAINER_DOMAIN
read -p " - Domain for n8n: " N8N_DOMAIN read -p " - Domain for n8n: " N8N_DOMAIN
read -p " - Domain for Baserow: " BASEROW_DOMAIN read -p " - Domain for Baserow: " BASEROW_DOMAIN
@ -173,10 +295,10 @@ read -p "Enter your choice (1-2): " KEY_CHOICE
case $KEY_CHOICE in case $KEY_CHOICE in
1) 1)
INSTALL_COMMAND="nix run github:nix-community/nixos-anywhere -- --flake .#server root@$SERVER_IP" INSTALL_COMMAND="nix run github:nix-community/nixos-anywhere -- --flake .#server root@$IP_ADDRESS"
;; ;;
2) 2)
INSTALL_COMMAND="nix run github:nix-community/nixos-anywhere -- --flake .#server -i $SSH_KEY_PATH root@$SERVER_IP" INSTALL_COMMAND="nix run github:nix-community/nixos-anywhere -- --flake .#server -i $SSH_KEY_PATH root@$IP_ADDRESS"
;; ;;
*) *)
echo "❌ Invalid choice" echo "❌ Invalid choice"
@ -264,7 +386,8 @@ cat > config.json << EOF
"n8n": "$N8N_DOMAIN", "n8n": "$N8N_DOMAIN",
"baserow": "$BASEROW_DOMAIN" "baserow": "$BASEROW_DOMAIN"
}, },
"rootDevice": "$DEVICE_NAME" "rootDevice": "$DEVICE_NAME",
"ipAddress": "$IP_ADDRESS"
} }
EOF EOF
@ -292,6 +415,8 @@ echo "This process might take several minutes..."
# Run nixos-anywhere installation # Run nixos-anywhere installation
$INSTALL_COMMAND && { $INSTALL_COMMAND && {
echo "🔧 Setting up SSH configuration..."
setup_ssh_config "$USERNAME" "$IP_ADDRESS"
echo echo
echo "🎉 Installation completed successfully!" echo "🎉 Installation completed successfully!"
echo "=====================================>" echo "=====================================>"
@ -301,7 +426,9 @@ $INSTALL_COMMAND && {
echo "- Baserow: https://$BASEROW_DOMAIN" echo "- Baserow: https://$BASEROW_DOMAIN"
echo echo
echo "To connect to your server, use:" echo "To connect to your server, use:"
echo "ssh -i $SSH_KEY_PATH -p 2222 $USERNAME@$SERVER_IP" echo "ssh self-host-playbook"
echo
install_deploy_rs
echo echo
echo "⚠️ Important: Please save your SSH key path: $SSH_KEY_PATH" echo "⚠️ Important: Please save your SSH key path: $SSH_KEY_PATH"
echo "=====================================>" echo "=====================================>"

280
update.sh Normal file
View File

@ -0,0 +1,280 @@
#!/usr/bin/env bash
set -euo pipefail
# Ensure we're in a flakes-enabled environment with required tools
if ! command -v nix &> /dev/null; then
echo "❌ Nix is not installed. Please install Nix first:"
echo "curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install"
exit 1
fi
# Check if we need to enter a new shell
if [ -z "${INSIDE_NIX_SHELL+x}" ]; then
export NIX_CONFIG="experimental-features = nix-command flakes"
export INSIDE_NIX_SHELL=1
exec nix shell nixpkgs#git nixpkgs#jq --command bash "$0"
fi
get_current_version() {
local version_file=$1
if [ -f "$version_file" ]; then
jq -r '.version' "$version_file"
else
echo "0.0.0"
fi
}
get_latest_version() {
local LATEST_VERSION
latest_version=$(curl -s "https://code.m3tam3re.com/api/v1/repos/m3tam3re/self-host-playbook/tags" | jq -r '.[] | select(.name | startswith("v")) | .name' | sort -V | tail -n1)
if [ -z "$latest_version" ]; then
echo "❌ Error: Could not fetch latest version from repository"
exit 1
fi
# Remove 'v' prefix if present and return
echo "${latest_version#v}"
}
check_compatibility() {
local current_version=$1
local target_version=$2
local version_file=$3
# Special case for initial install
if [ "$current_version" = "0.0.0" ]; then
echo " First time upgrade detected - proceeding with upgrade"
return 0
fi
local min_compatible_version
min_compatible_version=$(curl -s "https://code.m3tam3re.com/m3tam3re/self-host-playbook/raw/branch/develop/v${target_version}/$version_file" | jq -r '.minCompatibleVersion')
if version_lt "$current_version" "$min_compatible_version"; then
echo "❌ Your current version ($current_version) is too old for direct upgrade."
echo "Please upgrade to version $min_compatible_version first."
return 1
fi
return 0
}
# Show changelog - modified to use version file parameter
show_changelog() {
local current_version=$1
local target_version=$2
local version_file=$3
echo "📋 Changelog from $current_version to $target_version:"
echo "------------------------------------------------"
local changelog
changelog=$(curl -s "https://code.m3tam3re.com/m3tam3re/self-host-playbook/raw/branch/develop/v${target_version}/$version_file" | jq -r '.changelog')
# Process each version once, then all its changes
echo "$changelog" | jq -r --arg cv "$current_version" --arg tv "$target_version" '
to_entries[]
| select(.key > $cv and .key <= $tv)
| "\(.key):\n" + (.value | map(" - " + .) | join("\n"))
' 2>/dev/null
echo "------------------------------------------------"
}
perform_update() {
local target_version=$1
local backup_dir=$2
echo "⬇️ Downloading version $target_version..."
TEMP_DIR=$(mktemp -d)
trap 'rm -rf "$TEMP_DIR"' EXIT
# Create a subdirectory for the clone
CLONE_DIR="${TEMP_DIR}/clone"
mkdir -p "$CLONE_DIR"
# Clone to temporary directory with --quiet flag
if ! nix flake clone --quiet "git+https://code.m3tam3re.com/m3tam3re/self-host-playbook?ref=v${target_version}" --dest "$CLONE_DIR" 2>/dev/null; then
echo "❌ Failed to clone repository"
return 1
fi
# Remove current directory contents except backup
echo "🗑️ Cleaning current directory..."
find . -maxdepth 1 ! -name "." ! -name ".." ! -name "$backup_dir" -exec rm -rf {} +
# Copy new version from clone
echo "📋 Installing new version..."
cp -r "$CLONE_DIR"/* .
# Restore configuration files from backup
echo "🔄 Restoring configuration files..."
cp -r "${backup_dir}/config.json" \
"${backup_dir}/env" . 2>/dev/null || true
return 0
}
setup_ssh_config() {
local username=$1
local ip_address=$2
local ssh_config_dir="$HOME/.ssh"
local ssh_config_file="$ssh_config_dir/config"
local ssh_key_file="$ssh_config_dir/self-host-playbook"
# Create .ssh directory if it doesn't exist
mkdir -p "$ssh_config_dir"
chmod 700 "$ssh_config_dir"
# Create or append to SSH config
local config_entry="Host self-host-playbook
HostName $ip_address
User $username
IdentityFile $ssh_key_file"
# Check if entry already exists
if ! grep -q "Host self-host-playbook" "$ssh_config_file" 2>/dev/null; then
echo -e "\n$config_entry" >> "$ssh_config_file"
echo "✅ Added SSH config entry"
else
# Update existing entry
sed -i.bak "/Host self-host-playbook/,/IdentityFile.*/{
s/HostName.*/HostName $ip_address/
s/User.*/User $username/
}" "$ssh_config_file"
echo "✅ Updated existing SSH config entry"
fi
# Set appropriate permissions
chmod 600 "$ssh_config_file"
}
update_config_json() {
local ip_address=$1
local config_file="config.json"
# Read existing config
local config
config=$(cat "$config_file")
# Update or add ipAddress field
if jq -e '.ipAddress' "$config_file" >/dev/null 2>&1; then
config=$(echo "$config" | jq --arg ip "$ip_address" '.ipAddress = $ip')
else
config=$(echo "$config" | jq --arg ip "$ip_address" '. + {ipAddress: $ip}')
fi
# Write back to file
echo "$config" | jq '.' > "$config_file"
echo "✅ Updated IP address in config.json"
}
install_deploy_rs() {
echo "🔧 Installing deploy-rs to user environment..."
# Check if deploy is already installed
if command -v deploy >/dev/null 2>&1; then
echo " deploy-rs is already installed"
return 0
fi
# Install deploy-rs using nix profile
if nix profile install 'github:serokell/deploy-rs'; then
echo "✅ deploy-rs installed successfully"
else
echo "❌ Failed to install deploy-rs"
return 1
fi
}
# Main script
echo "🔄 Self-Host Playbook Update Assistant"
echo "======================================"
# Check if we're in the right directory
if [ ! -f "config.json" ]; then
echo "❌ Error: config.json not found. Please run this script in your self-host-playbook directory."
exit 1
fi
USERNAME=$(jq -r '.username' config.json)
IP_ADDRESS=$(jq -r '.ipAddress // empty' config.json)
if [ -z "$USERNAME" ]; then
echo "❌ Error: Could not read username from config.json"
exit 1
fi
# If IP address is not in config.json, prompt for it
if [ -z "$IP_ADDRESS" ]; then
echo " No IP address found in config.json"
read -p "Enter the IP address of your server: " IP_ADDRESS
# Validate IP address format
if ! [[ $IP_ADDRESS =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "❌ Error: Invalid IP address format"
exit 1
fi
# Update config.json with the new IP address
update_config_json "$IP_ADDRESS"
fi
VERSION_FILE="version.json"
CURRENT_VERSION=$(get_current_version "$VERSION_FILE")
LATEST_VERSION=$(get_latest_version)
echo "Current version: $CURRENT_VERSION"
echo "Latest version: $LATEST_VERSION"
echo
if [ "$CURRENT_VERSION" = "$LATEST_VERSION" ]; then
echo "✅ You are already on the latest version!"
exit 0
fi
if ! check_compatibility "$CURRENT_VERSION" "$LATEST_VERSION" "$VERSION_FILE"; then
exit 1
fi
show_changelog "$CURRENT_VERSION" "$LATEST_VERSION" "$VERSION_FILE"
echo
read -p "Do you want to update to version $LATEST_VERSION? (y/N) " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
# Create backup
backup_dir="backup_${CURRENT_VERSION}_$(date +%Y%m%d_%H%M%S)"
echo "📑 Creating backup in $backup_dir..."
mkdir -p "$backup_dir"
find . -maxdepth 1 ! -name "." ! -name ".." ! -name "$backup_dir" -exec cp -r {} "$backup_dir/" \;
# Perform update
if perform_update "$LATEST_VERSION" "$backup_dir"; then
echo
echo "✅ Update completed successfully!"
# Setup SSH configuration
echo
echo "🔧 Setting up SSH configuration..."
setup_ssh_config "$USERNAME" "$IP_ADDRESS"
echo
install_deploy_rs
echo
echo "To apply the changes, run:"
echo "sudo nixos-rebuild switch"
echo
echo "If you encounter any issues, your backup is available in $backup_dir"
else
echo "❌ Update failed. Your backup is available in $backup_dir"
exit 1
fi
else
echo "Update cancelled."
exit 1
fi

8
version.json
View File

@ -3,6 +3,12 @@
"minCompatibleVersion": "0.0.0", "minCompatibleVersion": "0.0.0",
"updateUrl": "https://code.m3tam3re.com/m3tam3re/self-host-playbook", "updateUrl": "https://code.m3tam3re.com/m3tam3re/self-host-playbook",
"changelog": { "changelog": {
"0.1.0": ["Management CLI", "Flake rework"] "0.1.0": [
"Added a management CLI for easily adding custom services.",
"Automated server updates / security patches daily.",
"Structural rework for easier upgrades.",
"Install Script Optimizations",
"Update Script"
]
} }
} }