m3tam3re/self-host-playbook
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Compare commits

base: m3tam3re:master
Branches Tags
m3tam3re:master
m3tam3re:develop/v0.1.0
m3tam3re:release/0.0.1
m3tam3re:v0.1.0
m3tam3re:v0.0.1
..
compare: m3tam3re:release/0.0.1
Branches Tags
m3tam3re:master
m3tam3re:develop/v0.1.0
m3tam3re:release/0.0.1
m3tam3re:v0.1.0
m3tam3re:v0.0.1

No commits in common. "master" and "release/0.0.1" have entirely different histories.
master ... release/0.

15 changed files with 334 additions and 815 deletions
Show Stats Expand all files Collapse all files

95
configuration.nix
View File

@ -1,95 +0,0 @@
{
config,
lib,
pkgs,
self,
...
}:
# Read configuration from JSON
let
jsonConfig = builtins.fromJSON (builtins.readFile ./config.json);
customServicesDir = ./custom-services;
customServicesExists = builtins.pathExists customServicesDir;
customServices =
if customServicesExists
then
map
(name: ./custom-services + "/${name}")
(builtins.filter
(name: lib.hasSuffix ".nix" name)
(builtins.attrNames (builtins.readDir customServicesDir)))
else [];
in {
imports =
[
./disko-config.nix
]
++ customServices;
options.nixosConfig.flake = lib.mkOption {
type = lib.types.path;
description = "Path to the current flake configuration";
};
config = {
nix.settings = {
trusted-users = [jsonConfig.username];
};
# Set the flake path
nixosConfig.flake = self;
# Activation script to save the configuration
system.activationScripts.saveFlakeConfig = {
deps = [];
text = ''
rm -rf /etc/nixos/current-systemconfig
mkdir -p /etc/nixos/current-systemconfig
cp -rf ${config.nixosConfig.flake}/* /etc/nixos/current-systemconfig/
cd /etc/nixos/current-systemconfig
chown -R ${jsonConfig.username}:users /etc/nixos/current-systemconfig
chmod -R u=rwX,g=rX,o=rX /etc/nixos/current-systemconfig
'';
};
services.selfHostPlaybook = {
enable = true;
tier = "starter"; # This determines which services are enabled
};
# Networking
networking = {
hostName = jsonConfig.hostname;
firewall = {
enable = true;
# Only allow necessary ports
allowedTCPPorts = [80 443 2222]; # HTTP, HTTPS, and SSH
};
};
environment.etc = {
environment-files = {
source = ./env;
};
};
# User configuration
users.users.${jsonConfig.username} = {
isNormalUser = true;
extraGroups = ["wheel" "docker"];
hashedPassword = jsonConfig.hashedPassword;
openssh.authorizedKeys.keys = [jsonConfig.sshKey];
# Set default shell to bash
shell = pkgs.bash;
};
programs.git = {
enable = true;
config = {
user.name = jsonConfig.username;
user.email = "${jsonConfig.username}@nixos";
safe.directory = "/etc/nixos/current-systemconfig";
};
};
};
}

169
flake.lock generated
View File

@ -1,169 +0,0 @@
{
"nodes": {
"base-config": {
"inputs": {
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable"
},
"locked": {
"lastModified": 1744363797,
"narHash": "sha256-Zn8TIOonPBQojN5NZ9Q+y6hvwAKFvW+iLXiceGNQ40o=",
"ref": "stable",
"rev": "45622da8ac40d404e59fa1eff9f63e42b7b95e2b",
"revCount": 10,
"type": "git",
"url": "https://code.m3ta.dev/m3tam3re/self-host-playbook-base"
},
"original": {
"ref": "stable",
"type": "git",
"url": "https://code.m3ta.dev/m3tam3re/self-host-playbook-base"
}
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_2",
"utils": "utils"
},
"locked": {
"lastModified": 1727447169,
"narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76",
"type": "github"
},
"original": {
"owner": "serokell",
"repo": "deploy-rs",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": ["nixpkgs"]
},
"locked": {
"lastModified": 1744145203,
"narHash": "sha256-I2oILRiJ6G+BOSjY+0dGrTPe080L3pbKpc+gCV3Nmyk=",
"owner": "nix-community",
"repo": "disko",
"rev": "76c0a6dba345490508f36c1aa3c7ba5b6b460989",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1741600792,
"narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ebe2788eafd539477f83775ef93c3c7e244421d3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1741708242,
"narHash": "sha256-cNRqdQD4sZpN7JLqxVOze4+WsWTmv2DGH0wNCOVwrWc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b62d2a95c72fb068aecd374a7262b37ed92df82b",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b62d2a95c72fb068aecd374a7262b37ed92df82b",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1702272962,
"narHash": "sha256-D+zHwkwPc6oYQ4G3A1HuadopqRwUY/JkMwHz1YF7j4Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e97b3e4186bcadf0ef1b6be22b8558eab1cdeb5d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"base-config": "base-config",
"deploy-rs": "deploy-rs",
"disko": "disko",
"nixpkgs": ["base-config", "nixpkgs"]
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

66
flake.nix
View File

@ -1,57 +1,29 @@
{ {
description = "Self-hosted server setup with Portainer, n8n, and Baserow"; description = "Self Host Playbook!";
inputs = { inputs = {
base-config = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
# url = "path:/home/m3tam3re/p/nix/self-host-playbook-base";
url = "git+https://code.m3ta.dev/m3tam3re/self-host-playbook-base?ref=stable";
};
nixpkgs = {
url = "github:NixOS/nixpkgs/nixos-24.11";
follows = "base-config/nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
deploy-rs = {
url = "github:serokell/deploy-rs";
};
}; };
outputs = { outputs = {nixpkgs, ...}: let
self, systems = [
base-config, "aarch64-linux"
deploy-rs, "i686-linux"
nixpkgs, "x86_64-linux"
... "aarch64-darwin"
} @ inputs: let "x86_64-darwin"
jsonConfig = builtins.fromJSON (builtins.readFile ./config.json); ];
forAllSystems = nixpkgs.lib.genAttrs systems;
in { in {
nixosConfigurations.${jsonConfig.hostname} = nixpkgs.lib.nixosSystem { templates = {
system = "x86_64-linux"; starter = {
modules = [ description = ''
(base-config.nixosModules.default { Description here!
tier = "starter"; '';
inherit jsonConfig; path = ./starter;
}) # Pass tier here
inputs.disko.nixosModules.disko
./configuration.nix
];
specialArgs = {
inherit self;
};
};
deploy.nodes.${jsonConfig.hostname} = {
hostname = jsonConfig.hostname;
profiles.system = {
sshUser = jsonConfig.username;
user = "root";
interactiveSudo = true;
path =
deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.${jsonConfig.hostname};
}; };
}; };
formatter =
forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
}; };
} }

0
README.md → starter/README.md
View File

0
starter/config.json Normal file
View File

197
starter/configuration.nix Normal file
View File

@ -0,0 +1,197 @@
{
lib,
pkgs,
...
}:
# Read configuration from JSON
let
jsonConfig = builtins.fromJSON (builtins.readFile ./config.json);
in {
imports = [
./disko-config.nix
./hardware-configuration.nix
];
# Enable flakes and nix commands
nix = {
settings = {
experimental-features = ["nix-command" "flakes"];
# Enable automatic garbage collection
auto-optimise-store = true;
trusted-users = [jsonConfig.username];
};
# Automatic cleanup of old generations
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
};
# Boot configuration
boot.loader.grub = {
enable = true;
devices = [jsonConfig.rootDevice];
efiSupport = true;
efiInstallAsRemovable = true;
};
# Networking
networking = {
firewall = {
enable = true;
# Only allow necessary ports
allowedTCPPorts = [80 443 2222]; # HTTP, HTTPS, and SSH
};
};
environment.etc = {
environment-files = {
source = pkgs.copyPathToStore ./env;
};
};
# System packages
environment.systemPackages = with pkgs; [
# System utilities
neovim
git
# Docker tools
docker
docker-compose
];
# Enable Docker with recommended settings
virtualisation.docker = {
enable = true;
# Enable docker daemon to start on boot
enableOnBoot = true;
# Use overlay2 storage driver
storageDriver = "overlay2";
# Enable live restore
liveRestore = true;
};
# Services configuration
services = {
# SSH server configuration
openssh = {
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
# Additional security settings
MaxAuthTries = 3;
LoginGraceTime = "30s";
};
ports = [2222];
};
# Caddy configuration with security headers
caddy = {
enable = true;
virtualHosts = {
"${jsonConfig.domains.portainer}" = {
extraConfig = ''
reverse_proxy localhost:9000
header {
# Security headers
Strict-Transport-Security "max-age=31536000; includeSubDomains"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Referrer-Policy "strict-origin-when-cross-origin"
}
'';
};
"${jsonConfig.domains.n8n}" = {
extraConfig = ''
reverse_proxy localhost:5678
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Referrer-Policy "strict-origin-when-cross-origin"
}
'';
};
"${jsonConfig.domains.baserow}" = {
extraConfig = ''
reverse_proxy localhost:3000
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Referrer-Policy "strict-origin-when-cross-origin"
}
'';
};
};
};
};
# User configuration
users.users.${jsonConfig.username} = {
isNormalUser = true;
extraGroups = ["wheel" "docker"];
hashedPassword = jsonConfig.hashedPassword;
openssh.authorizedKeys.keys = [jsonConfig.sshKey];
# Set default shell to bash
shell = pkgs.bash;
};
# Container configurations
virtualisation.oci-containers = {
backend = "docker";
containers = {
"portainer" = {
image = "docker.io/portainer/portainer-ce:latest";
ports = ["127.0.0.1:9000:9000"];
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/var/run/docker.sock:/var/run/docker.sock:ro"
"portainer_data:/data"
];
extraOptions = [
"--network=web"
];
};
"n8n" = {
image = "docker.io/n8nio/n8n:latest";
environmentFiles = ["/etc/environment-files/n8n.env"];
ports = ["127.0.0.1:5678:5678"];
volumes = ["n8n_data:/home/node/.n8n"];
extraOptions = ["--network=web"];
};
"baserow" = {
image = "docker.io/baserow/baserow:latest";
environmentFiles = ["/etc/environment-files/baserow.env"];
ports = ["127.0.0.1:3000:80"];
volumes = ["baserow_data:/baserow/data"];
extraOptions = ["--network=web"];
};
};
};
systemd.services.docker-network-web = {
description = "Create Docker Network Web";
requires = ["docker.service"];
after = ["docker.service"];
wantedBy = ["multi-user.target"];
# Run on startup if network doesn't exist
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
if ! /run/current-system/sw/bin/docker network ls | grep -q 'web'; then
/run/current-system/sw/bin/docker network create web
fi
'';
};
# System state version (do not change)
system.stateVersion = "24.11";
}

0
disko-config.nix → starter/disko-config.nix
View File

0
env/baserow.env → starter/env/baserow.env vendored
View File

1
env/n8n.env → starter/env/n8n.env vendored
View File

@ -1,4 +1,3 @@
N8N_HOST=N8N_DOMAIN N8N_HOST=N8N_DOMAIN
WEBHOOK_URL=https://N8N_DOMAIN
NODE_ENV=production NODE_ENV=production
N8N_ENCRYPTION_KEY=changeme N8N_ENCRYPTION_KEY=changeme

48
starter/flake.lock generated Normal file
View File

@ -0,0 +1,48 @@
{
"nodes": {
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1739760714,
"narHash": "sha256-SaGuzIQUTC2UPwX0aTm9W4aSEUcq3h6yZbi30piej2U=",
"owner": "nix-community",
"repo": "disko",
"rev": "be1e4321c9fb3a4bc2c061dafcdb424937a74dad",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1739580444,
"narHash": "sha256-+/bSz4EAVbqz8/HsIGLroF8aNaO8bLRL7WfACN+24g4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8bb37161a0488b89830168b81c48aed11569cb93",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"disko": "disko",
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

25
starter/flake.nix Normal file
View File

@ -0,0 +1,25 @@
{
description = "Self-hosted server setup with Portainer, n8n, and Baserow";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
self,
nixpkgs,
...
} @ inputs: {
nixosConfigurations.server = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
inputs.disko.nixosModules.disko
./configuration.nix
];
};
};
}

26
starter/hardware-configuration.nix Normal file
View File

@ -0,0 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

203
install.sh → starter/install.sh
View File

@ -13,23 +13,14 @@ fi
if [ -z "${INSIDE_NIX_SHELL+x}" ]; then if [ -z "${INSIDE_NIX_SHELL+x}" ]; then
export NIX_CONFIG="experimental-features = nix-command flakes" export NIX_CONFIG="experimental-features = nix-command flakes"
export INSIDE_NIX_SHELL=1 export INSIDE_NIX_SHELL=1
exec nix shell nixpkgs#git nixpkgs#mkpasswd nixpkgs#jq --command bash "$0" exec nix shell nixpkgs#git nixpkgs#mkpasswd --command bash "$0"
fi fi
# Check directory situation and handle navigation # Function to setup from template
DIR_NAME="self-host-playbook" setup_from_template() {
CURRENT_DIR=$(basename "$(pwd)") local TEMPLATE=starter
local DIR_NAME="self-host-playbook"
if [ "$CURRENT_DIR" = "$DIR_NAME" ]; then
echo "📂 Already in $DIR_NAME directory"
echo "⚠️ Warning: Proceeding will overwrite the current version!"
read -p "Do you want to continue? (y/N) " -n 1 -r
echo
if [[ ! $REPLY =~ ^[Yy]$ ]]; then
echo "❌ Operation cancelled"
exit 1
fi
else
if [ -d "$DIR_NAME" ]; then if [ -d "$DIR_NAME" ]; then
echo "📂 Directory '$DIR_NAME' already exists" echo "📂 Directory '$DIR_NAME' already exists"
read -p "Do you want to proceed in the existing directory? (y/N) " -n 1 -r read -p "Do you want to proceed in the existing directory? (y/N) " -n 1 -r
@ -41,98 +32,10 @@ else
exit 1 exit 1
fi fi
else else
echo "🔄 Creating new self-host-playbook configuration..." echo "🔄 Creating new self-host-playbook configuration from template..."
mkdir -p "$DIR_NAME" nix flake new --template "git+https://code.m3tam3re.com/m3tam3re/self-host-playbook#${TEMPLATE}" "$DIR_NAME"
cd "$DIR_NAME" cd "$DIR_NAME"
fi fi
fi
get_latest_version() {
local LATEST_VERSION
latest_version=$(curl -s "https://code.m3ta.dev/api/v1/repos/m3tam3re/self-host-playbook/tags" | jq -r '.[] | select(.name | startswith("v")) | .name' | sort -V | tail -n1)
if [ -z "$latest_version" ]; then
echo "❌ Error: Could not fetch latest version from repository"
exit 1
fi
# Remove 'v' prefix if present and return
echo "${latest_version#v}"
}
setup_latest_version() {
local target_version=$1
local dir_name=$2
# Safety check: Ensure we're in the self-host-playbook directory
local current_dir=$(basename "$(pwd)")
if [ "$current_dir" != "self-host-playbook" ]; then
echo "❌ Error: Must be in 'self-host-playbook' directory to setup latest version"
echo "Current directory: $(pwd)"
return 1
fi
echo "⬇️ Downloading version $target_version..."
TEMP_DIR=$(mktemp -d)
trap 'rm -rf "$TEMP_DIR"' EXIT
# Create a subdirectory for the clone
CLONE_DIR="${TEMP_DIR}/clone"
mkdir -p "$CLONE_DIR"
# Clone to temporary directory with --quiet flag
if ! nix flake clone --quiet "git+https://code.m3ta.dev/m3tam3re/self-host-playbook?ref=v${target_version}" --dest "$CLONE_DIR" 2>/dev/null; then
echo "❌ Failed to clone repository"
return 1
fi
# Additional safety check before copying files
if [ ! -f "$CLONE_DIR/flake.nix" ]; then
echo "❌ Error: Downloaded content doesn't appear to be a valid self-host-playbook"
return 1
fi
# Copy files from clone to target directory
cp -r "$CLONE_DIR"/* "$dir_name/"
return 0
}
# Function to setup from template
setup_from_template() {
# Ensure we're in the correct directory
local current_dir=$(basename "$(pwd)")
if [ "$current_dir" != "self-host-playbook" ]; then
echo "❌ Error: Must be in 'self-host-playbook' directory"
exit 1
fi
# Create backup if directory is not empty
if [ -n "$(ls -A)" ]; then
local CURRENT_VERSION=$(date +%Y%m%d_%H%M%S)
local backup_dir="backup_${CURRENT_VERSION}_$(date +%Y%m%d_%H%M%S)"
echo "📑 Creating backup in $backup_dir..."
mkdir -p "$backup_dir"
# Add safety check for backup creation
if [ ! -d "$backup_dir" ]; then
echo "❌ Error: Failed to create backup directory"
exit 1
fi
find . -maxdepth 1 ! -name "." ! -name ".." ! -name "$backup_dir" -exec cp -r {} "$backup_dir/" \;
echo "✅ Backup created successfully"
# Clean current directory except backup
echo "🗑️ Cleaning current directory..."
find . -maxdepth 1 ! -name "." ! -name ".." ! -name "$backup_dir" -exec rm -rf {} \;
fi
# Get and setup latest version
local LATEST_VERSION=$(get_latest_version)
echo "⬇️ Setting up version $LATEST_VERSION..."
setup_latest_version "$LATEST_VERSION" "."
} }
# Function to generate SSH key # Function to generate SSH key
@ -219,60 +122,6 @@ get_device_name() {
esac esac
} }
setup_ssh_config() {
local username=$1
local ip_address=$2
local hostname=$3 # Add hostname parameter
local ssh_config_dir="$HOME/.ssh"
local ssh_config_file="$ssh_config_dir/config"
local ssh_key_file="$ssh_config_dir/self-host-playbook"
# Create .ssh directory if it doesn't exist
mkdir -p "$ssh_config_dir"
chmod 700 "$ssh_config_dir"
# Create or append to SSH config using hostname as the Host name
local config_entry="Host $hostname
HostName $ip_address
User $username
Port 2222
IdentityFile $ssh_key_file"
# Check if entry already exists
if ! grep -q "Host $hostname" "$ssh_config_file" 2>/dev/null; then
echo -e "\n$config_entry" >> "$ssh_config_file"
echo "✅ Added SSH config entry"
else
# Update existing entry
sed -i.bak "/Host $hostname/,/IdentityFile.*/{
s/HostName.*/HostName $ip_address/
s/User.*/User $username/
}" "$ssh_config_file"
echo "✅ Updated existing SSH config entry"
fi
# Set appropriate permissions
chmod 600 "$ssh_config_file"
}
install_deploy_rs() {
echo "🔧 Installing deploy-rs to user environment..."
# Check if deploy is already installed
if command -v deploy >/dev/null 2>&1; then
echo " deploy-rs is already installed"
return 0
fi
# Install deploy-rs using nix profile
if nix profile install 'github:serokell/deploy-rs'; then
echo "✅ deploy-rs installed successfully"
else
echo "❌ Failed to install deploy-rs"
return 1
fi
}
echo "🚀 Welcome to the Self-Host Playbook!" echo "🚀 Welcome to the Self-Host Playbook!"
echo "================================================" echo "================================================"
echo "This script will help you manage your NixOS server with:" echo "This script will help you manage your NixOS server with:"
@ -294,11 +143,11 @@ SSH_PUB_KEY=$(cat "${SSH_KEY_PATH}.pub") || {
echo echo
echo "🔑 Here is your public key:" echo "🔑 Here is your public key:"
echo echo
cat "$SSH_KEY_PATH.pub" cat $SSH_KEY_PATH.pub
echo "" echo ""
echo "📁 You can also find the keyfile here:" echo "📁 You can also find the keyfile here:"
echo echo
echo "$SSH_KEY_PATH.pub" echo $SSH_KEY_PATH.pub
echo echo
read -p "Press ENTER to continue or CTRL + C to abort..." read -p "Press ENTER to continue or CTRL + C to abort..."
@ -306,24 +155,16 @@ read -p "Press ENTER to continue or CTRL + C to abort..."
echo "" echo ""
echo "📝 Please provide the following information:" echo "📝 Please provide the following information:"
echo "-------------------------------------------" echo "-------------------------------------------"
read -p "1. Enter target server IP address: " IP_ADDRESS read -p "1. Enter target server IP address: " SERVER_IP
read -p "2. Enter hostname for the server: " HOSTNAME read -p "2. Enter desired username for server access: " USERNAME
read -s -p "3. Enter desired password: " PASSWORD
# Validate hostname format
while ! [[ $HOSTNAME =~ ^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)*$ ]]; do
echo "❌ Invalid hostname format. Please use a valid hostname (e.g., my-server.example.com)"
read -p "Enter hostname for the server: " HOSTNAME
done
read -p "3. Enter desired username for server access: " USERNAME
read -s -p "4. Enter desired password: " PASSWORD
echo echo
echo "5. Enter domain names for services (must point to $IP_ADDRESS):" echo "4. Enter domain names for services (must point to $SERVER_IP):"
read -p " - Domain for Portainer: " PORTAINER_DOMAIN read -p " - Domain for Portainer: " PORTAINER_DOMAIN
read -p " - Domain for n8n: " N8N_DOMAIN read -p " - Domain for n8n: " N8N_DOMAIN
read -p " - Domain for Baserow: " BASEROW_DOMAIN read -p " - Domain for Baserow: " BASEROW_DOMAIN
echo echo
echo "6. How do you authenticate to the target machine?" echo "5. How do you authentiate to the target machine?"
echo "-------------------------------------------" echo "-------------------------------------------"
echo " 1) Password" echo " 1) Password"
echo " 2) SSH Key" echo " 2) SSH Key"
@ -332,10 +173,10 @@ read -p "Enter your choice (1-2): " KEY_CHOICE
case $KEY_CHOICE in case $KEY_CHOICE in
1) 1)
INSTALL_COMMAND="nix run github:nix-community/nixos-anywhere -- --flake .#$HOSTNAME root@$IP_ADDRESS" INSTALL_COMMAND="nix run github:nix-community/nixos-anywhere -- --flake .#server root@$SERVER_IP"
;; ;;
2) 2)
INSTALL_COMMAND="nix run github:nix-community/nixos-anywhere -- --flake .#$HOSTNAME -i $SSH_KEY_PATH root@$IP_ADDRESS" INSTALL_COMMAND="nix run github:nix-community/nixos-anywhere -- --flake .#server -i $SSH_KEY_PATH root@$SERVER_IP"
;; ;;
*) *)
echo "❌ Invalid choice" echo "❌ Invalid choice"
@ -346,7 +187,7 @@ esac
setup_from_template setup_from_template
echo echo
echo "7. Select your cloud provider:" echo "6. Select your cloud provider:"
echo " 1) AWS (Newer instances with NVMe)" echo " 1) AWS (Newer instances with NVMe)"
echo " 2) AWS (Older instances)" echo " 2) AWS (Older instances)"
echo " 3) Google Cloud Platform" echo " 3) Google Cloud Platform"
@ -423,9 +264,7 @@ cat > config.json << EOF
"n8n": "$N8N_DOMAIN", "n8n": "$N8N_DOMAIN",
"baserow": "$BASEROW_DOMAIN" "baserow": "$BASEROW_DOMAIN"
}, },
"rootDevice": "$DEVICE_NAME", "rootDevice": "$DEVICE_NAME"
"ipAddress": "$IP_ADDRESS",
"hostname": "$HOSTNAME"
} }
EOF EOF
@ -453,8 +292,6 @@ echo "This process might take several minutes..."
# Run nixos-anywhere installation # Run nixos-anywhere installation
$INSTALL_COMMAND && { $INSTALL_COMMAND && {
echo "🔧 Setting up SSH configuration..."
setup_ssh_config "$USERNAME" "$IP_ADDRESS" "$HOSTNAME"
echo echo
echo "🎉 Installation completed successfully!" echo "🎉 Installation completed successfully!"
echo "=====================================>" echo "=====================================>"
@ -464,9 +301,7 @@ $INSTALL_COMMAND && {
echo "- Baserow: https://$BASEROW_DOMAIN" echo "- Baserow: https://$BASEROW_DOMAIN"
echo echo
echo "To connect to your server, use:" echo "To connect to your server, use:"
echo "ssh $HOSTNAME" echo "ssh -i $SSH_KEY_PATH -p 2222 $USERNAME@$SERVER_IP"
echo
install_deploy_rs
echo echo
echo "⚠️ Important: Please save your SSH key path: $SSH_KEY_PATH" echo "⚠️ Important: Please save your SSH key path: $SSH_KEY_PATH"
echo "=====================================>" echo "=====================================>"

305
update.sh
View File

@ -1,305 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
# Ensure we're in a flakes-enabled environment with required tools
if ! command -v nix &> /dev/null; then
echo "❌ Nix is not installed. Please install Nix first:"
echo "curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install"
exit 1
fi
# Check if we need to enter a new shell
if [ -z "${INSIDE_NIX_SHELL+x}" ]; then
export NIX_CONFIG="experimental-features = nix-command flakes"
export INSIDE_NIX_SHELL=1
exec nix shell nixpkgs#git nixpkgs#jq --command bash "$0"
fi
get_current_version() {
local version_file=$1
if [ -f "$version_file" ]; then
jq -r '.version' "$version_file"
else
echo "0.0.0"
fi
}
get_latest_version() {
local latest_version
latest_version=$(curl -s "https://code.m3ta.dev/api/v1/repos/m3tam3re/self-host-playbook/tags" | jq -r '.[] | select(.name | startswith("v")) | .name' | sort -V | tail -n1)
if [ -z "$latest_version" ]; then
echo "❌ Error: Could not fetch latest version from repository"
exit 1
fi
# Remove 'v' prefix if present and return
echo "${latest_version#v}"
}
check_compatibility() {
local current_version=$1
local target_version=$2
local version_file=$3
# Special case for initial install
if [ "$current_version" = "0.0.0" ]; then
echo " First time upgrade detected - proceeding with upgrade"
return 0
fi
local min_compatible_version
min_compatible_version=$(curl -s "https://code.m3ta.dev/m3tam3re/self-host-playbook/raw/branch/develop/v${target_version}/$version_file" | jq -r '.minCompatibleVersion')
if version_lt "$current_version" "$min_compatible_version"; then
echo "❌ Your current version ($current_version) is too old for direct upgrade."
echo "Please upgrade to version $min_compatible_version first."
return 1
fi
return 0
}
# Show changelog - modified to use version file parameter
show_changelog() {
local current_version=$1
local target_version=$2
local version_file=$3
echo "📋 Changelog from $current_version to $target_version:"
echo "------------------------------------------------"
local changelog
changelog=$(curl -s "https://code.m3ta.dev/m3tam3re/self-host-playbook/raw/branch/develop/v${target_version}/$version_file" | jq -r '.changelog')
# Process each version once, then all its changes
echo "$changelog" | jq -r --arg cv "$current_version" --arg tv "$target_version" '
to_entries[]
| select(.key > $cv and .key <= $tv)
| "\(.key):\n" + (.value | map(" - " + .) | join("\n"))
' 2>/dev/null
echo "------------------------------------------------"
}
perform_update() {
local target_version=$1
local backup_dir=$2
# Verify essential files exist before proceeding
if [ ! -f "config.json" ] || [ ! -d "env" ]; then
echo "❌ Error: Essential files missing. Are you in the correct directory?"
return 1
fi
echo "⬇️ Downloading version $target_version..."
TEMP_DIR=$(mktemp -d)
trap 'rm -rf "$TEMP_DIR"' EXIT
# Create a subdirectory for the clone
CLONE_DIR="${TEMP_DIR}/clone"
mkdir -p "$CLONE_DIR"
# Clone to temporary directory with --quiet flag
if ! nix flake clone --quiet "git+https://code.m3ta.dev/m3tam3re/self-host-playbook?ref=v${target_version}" --dest "$CLONE_DIR" 2>/dev/null; then
echo "❌ Failed to clone repository"
return 1
fi
# Verify downloaded content
if [ ! -f "$CLONE_DIR/flake.nix" ]; then
echo "❌ Error: Downloaded content appears invalid"
return 1
fi
# Remove current directory contents except backup
echo "🗑️ Cleaning current directory..."
find . -maxdepth 1 ! -name "." ! -name ".." ! -name "$backup_dir" -exec rm -rf {} +
# Copy new version from clone
echo "📋 Installing new version..."
cp -r "$CLONE_DIR"/* .
# Verify essential files were copied
if [ ! -f "flake.nix" ]; then
echo "❌ Error: Failed to copy new version files"
return 1
fi
# Restore configuration files from backup with validation
echo "🔄 Restoring configuration files..."
if [ -f "${backup_dir}/config.json" ]; then
cp -r "${backup_dir}/config.json" . || {
echo "❌ Error: Failed to restore config.json"
return 1
}
fi
if [ -d "${backup_dir}/env" ]; then
cp -r "${backup_dir}/env" . || {
echo "❌ Error: Failed to restore env directory"
return 1
}
fi
return 0
}
setup_ssh_config() {
local username=$1
local ip_address=$2
local hostname=$3
local ssh_config_dir="$HOME/.ssh"
local ssh_config_file="$ssh_config_dir/config"
local ssh_key_file="$ssh_config_dir/self-host-playbook"
mkdir -p "$ssh_config_dir"
chmod 700 "$ssh_config_dir"
local config_entry="Host $hostname
HostName $ip_address
User $username
Port 2222
IdentityFile $ssh_key_file"
if ! grep -q "Host $hostname" "$ssh_config_file" 2>/dev/null; then
echo -e "\n$config_entry" >> "$ssh_config_file"
echo "✅ Added SSH config entry"
else
sed -i.bak "/Host $hostname/,/IdentityFile.*/{
s/HostName.*/HostName $ip_address/
s/User.*/User $username/
}" "$ssh_config_file"
echo "✅ Updated existing SSH config entry"
fi
chmod 600 "$ssh_config_file"
}
update_config_value() {
local key=$1
local value=$2
local config_file="config.json"
local config
config=$(cat "$config_file")
if jq -e ".$key" "$config_file" >/dev/null 2>&1; then
config=$(echo "$config" | jq --arg key "$key" --arg value "$value" '.[$key] = $value')
else
config=$(echo "$config" | jq --arg key "$key" --arg value "$value" '. + {($key): $value}')
fi
echo "$config" | jq '.' > "$config_file"
echo "✅ Updated $key in config.json"
}
install_deploy_rs() {
echo "🔧 Installing deploy-rs to user environment..."
if command -v deploy >/dev/null 2>&1; then
echo " deploy-rs is already installed"
return 0
fi
if nix profile install 'github:serokell/deploy-rs'; then
echo "✅ deploy-rs installed successfully"
else
echo "❌ Failed to install deploy-rs"
return 1
fi
}
# Main script
echo "🔄 Self-Host Playbook Update Assistant"
echo "======================================"
if [ ! -f "config.json" ]; then
echo "❌ Error: config.json not found. Please run this script in your self-host-playbook directory."
exit 1
fi
USERNAME=$(jq -r '.username' config.json)
IP_ADDRESS=$(jq -r '.ipAddress // empty' config.json)
HOSTNAME=$(jq -r '.hostname // empty' config.json)
if [ -z "$USERNAME" ]; then
echo "❌ Error: Could not read username from config.json"
exit 1
fi
if [ -z "$IP_ADDRESS" ]; then
echo " No IP address found in config.json"
read -p "Enter the IP address of your server: " IP_ADDRESS
if ! [[ $IP_ADDRESS =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
echo "❌ Error: Invalid IP address format"
exit 1
fi
update_config_value "ipAddress" "$IP_ADDRESS"
fi
if [ -z "$HOSTNAME" ]; then
echo " No hostname found in config.json"
read -p "Enter the hostname for your server: " HOSTNAME
if ! [[ $HOSTNAME =~ ^[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]*[a-zA-Z0-9])?)*$ ]]; then
echo "❌ Error: Invalid hostname format"
exit 1
fi
update_config_value "hostname" "$HOSTNAME"
fi
VERSION_FILE="version.json"
CURRENT_VERSION=$(get_current_version "$VERSION_FILE")
LATEST_VERSION=$(get_latest_version)
echo "Current version: $CURRENT_VERSION"
echo "Latest version: $LATEST_VERSION"
echo
if [ "$CURRENT_VERSION" = "$LATEST_VERSION" ]; then
echo "✅ You are already on the latest version!"
exit 0
fi
if ! check_compatibility "$CURRENT_VERSION" "$LATEST_VERSION" "$VERSION_FILE"; then
exit 1
fi
show_changelog "$CURRENT_VERSION" "$LATEST_VERSION" "$VERSION_FILE"
echo
read -p "Do you want to update to version $LATEST_VERSION? (y/N) " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
backup_dir="backup_${CURRENT_VERSION}_$(date +%Y%m%d_%H%M%S)"
echo "📑 Creating backup in $backup_dir..."
mkdir -p "$backup_dir"
find . -maxdepth 1 ! -name "." ! -name ".." ! -name "$backup_dir" -exec cp -r {} "$backup_dir/" \;
if perform_update "$LATEST_VERSION" "$backup_dir"; then
echo
echo "✅ Update completed successfully!"
echo
echo "🔧 Setting up SSH configuration..."
setup_ssh_config "$USERNAME" "$IP_ADDRESS" "$HOSTNAME"
echo
install_deploy_rs
echo "🚀 Applying the update to your system..."
deploy .#$HOSTNAME
echo
echo "If you encounter any issues, your backup is available in $backup_dir"
else
echo "❌ Update failed. Your backup is available in $backup_dir"
exit 1
fi
else
echo "Update cancelled."
exit 1
fi

14
version.json
View File

@ -1,14 +0,0 @@
{
"version": "0.1.0",
"minCompatibleVersion": "0.0.0",
"updateUrl": "https://code.m3ta.dev/m3tam3re/self-host-playbook",
"changelog": {
"0.1.0": [
"Added a management CLI for easily adding custom services.",
"Automated server updates / security patches daily.",
"Structural rework for easier upgrades.",
"Install Script Optimizations",
"Update Script"
]
}
}