kawa_bot/kawa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update setup to prompt for HEADSCALE_AUTHKEY if not set

Browse Source 
- Load from .env if present
- Prompt user for authkey if not defined
- Better error messages
This commit is contained in:
Debian
2026-03-17 02:04:52 +00:00
parent 46d9c852ab
commit 0f7134e49f
1 changed files with 115 additions and 228 deletions
Download Patch File Download Diff File Expand all files Collapse all files

343
setup
View File

@@ -6,233 +6,79 @@ set -e
HEADSCALE_URL="https://headscale.du-senegal.com" HEADSCALE_URL="https://headscale.du-senegal.com"
HEADSCALE_FALLBACK="http://141.94.23.212" HEADSCALE_FALLBACK="http://141.94.23.212"
HEADSCALE_AUTHKEY="<HEADSCALE_AUTHKEY>"
# Paramètres NATS # Charger les variables depuis .env si présent
NATS_SERVER="100.64.0.1:4222" if [ -f ".env" ]; then
NATS_CLUSTER="KAWA" source .env
NATS_USER="kawa" fi
NATS_PASS="kawa123"
# Paramètres Syncthing # Demander la clé si pas définie
SYNCTHING_DEVICE_ID="" # Sera généré if [ -z "$HEADSCALE_AUTHKEY" ] || [ "$HEADSCALE_AUTHKEY" = "<HEADSCALE_AUTHKEY>" ]; then
SYNCTHING_FOLDERS="kawa-memory,kawa-workspace,kawa-forge" echo ""
SYNCTHING_VPS_ID="AHF53QZ-ZYCQ2K7-556QBZ2-2UAYZL4-QNEQOGZ-PHZQIAG-4ZRXI3P-QLLJNA6" echo "⚠️ HEADSCALE_AUTHKEY non défini!"
echo ""
echo "Options:"
echo " 1. Créer un fichier .env avec:"
echo " HEADSCALE_AUTHKEY=votre-clé"
echo ""
echo " 2. Ou entrer la clé maintenant:"
read -p "Entrez votre clé Headscale: " HEADSCALE_AUTHKEY
fi
echo "🜄 KAWA OS - Installation" echo "🜄 KAWA OS - Installation"
echo "" echo ""
# Détection du type de système # Détection du type de système
detect_system() { detect_system() {
# NixOS
if [ -f /etc/NIXOS ]; then
echo "nixos"
return
fi
# Debian/Ubuntu
if [ -f /etc/debian_version ]; then
echo "debian"
return
fi
# Fedora/RHEL
if [ -f /etc/redhat-release ]; then
echo "redhat"
return
fi
# Arch Linux
if [ -f /etc/arch-release ]; then
echo "arch"
return
fi
# Docker/Container
if [ -f /.dockerenv ]; then if [ -f /.dockerenv ]; then
echo "docker" echo "docker"
return elif grep -q "docker\|lxc\|container" /proc/1/cgroup 2>/dev/null; then
fi
# Container générique
if grep -q "docker\|lxc\|container" /proc/1/cgroup 2>/dev/null; then
echo "container" echo "container"
return elif [ -f /etc/NIXOS ]; then
fi echo "nixos"
elif [ -f /etc/debian_version ]; then
# Machine physique echo "debian"
if [ -f /sys/class/dmi/id/product_name ]; then elif [ -f /etc/redhat-release ]; then
echo "redhat"
elif [ -f /etc/arch-release ]; then
echo "arch"
elif [ -f /sys/class/dmi/id/product_name ]; then
echo "physical" echo "physical"
return
fi
echo "unknown"
}
# Installation spécifique NixOS
install_nixos() {
echo "📦 Installation NixOS détectée"
echo ""
# Demander le hostname
read -p "Hostname pour ce nœud (ex: kawa-node-01): " HOSTNAME_INPUT
HOSTNAME="${HOSTNAME_INPUT:-kawa-node-$(head -c 4 /dev/urandom | xxd -p 2>/dev/null || echo "$(date +%s | tail -c 4)")}"
# Créer la configuration NixOS
echo "Création de la configuration NixOS..."
NIXOS_CONFIG="/etc/nixos/kawa-configuration.nix"
cat > "$NIXOS_CONFIG" << NIXOS_EOF
# KAWA Node - Configuration NixOS
# Généré automatiquement par kawa-setup
{ config, lib, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./kawa.nix
];
# Configuration réseau
networking.hostName = "$HOSTNAME";
networking.firewall = {
allowedTCPPorts = [ 22 4222 22000 ];
allowedUDPPorts = [ 41641 22000 ];
trustedInterfaces = [ "tailscale0" ];
};
# Tailscale/Headscale
services.tailscale = {
enable = true;
extraUpFlags = [
"--login-server=$HEADSCALE_URL"
"--authkey=$HEADSCALE_AUTHKEY"
"--hostname=$HOSTNAME"
"--force-reauth"
];
};
# NATS Client
services.nats = {
enable = true;
server = "$NATS_SERVER";
};
# Syncthing
services.syncthing = {
enable = true;
user = "kawa";
group = "kawa";
config = {
devices = {
"vps-7ed4abb0" = { id = "$SYNCTHING_VPS_ID"; };
};
folders = {
"kawa-memory" = {
path = "/home/kawa/.local/share/kawa/memory";
devices = [ "vps-7ed4abb0" ];
};
"kawa-workspace" = {
path = "/home/kawa/.local/share/kawa/workspace";
devices = [ "vps-7ed4abb0" ];
};
"kawa-forge" = {
path = "/home/kawa/.local/share/kawa/forge";
devices = [ "vps-7ed4abb0" ];
};
};
};
};
# Utilisateur KAWA
users.users.kawa = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "tailscale" "syncthing" ];
};
# Packages système
environment.systemPackages = with pkgs; [
tailscale
natscli
syncthing
git
curl
wget
htop
];
}
NIXOS_EOF
# Copier le module kawa.nix
cp ./nixos/kawa.nix /etc/nixos/ 2>/dev/null || true
echo ""
echo "✓ Configuration NixOS créée: $NIXOS_CONFIG"
echo ""
echo "Pour appliquer:"
echo " sudo nixos-rebuild switch"
echo ""
echo "Ou ajouter à votre configuration existante:"
echo " imports = [ ./kawa.nix ];"
echo " services.kawa.enable = true;"
return 0
}
# Installation standard (Debian/Ubuntu/Fedora/etc.)
install_standard() {
echo "📦 Installation standard ($1)"
HOSTNAME="${2:-kawa-$SYSTEM_TYPE-$(head -c 4 /dev/urandom | xxd -p 2>/dev/null || echo "$(date +%s | tail -c 4)")}"
echo "Hostname: $HOSTNAME"
echo ""
# Vérifier connexion existante
check_existing
# Installer Tailscale si nécessaire
if ! command -v tailscale &> /dev/null; then
echo "Installation de Tailscale..."
curl -fsSL https://tailscale.com/install.sh | sh
fi
# Démarrer tailscaled
echo "Démarrage de tailscaled..."
tailscaled 2>/dev/null &
sleep 3
# Connexion au mesh
echo "Connexion au mesh KAWA..."
tailscale down 2>/dev/null || true
sleep 1
if tailscale up --login-server="$HEADSCALE_URL" --authkey="$HEADSCALE_AUTHKEY" --hostname="$HOSTNAME" --force-reauth 2>/dev/null; then
echo "✓ Connecté via $HEADSCALE_URL"
elif tailscale up --login-server="$HEADSCALE_FALLBACK" --authkey="$HEADSCALE_AUTHKEY" --hostname="$HOSTNAME" --force-reauth 2>/dev/null; then
echo "✓ Connecté via $HEADSCALE_FALLBACK"
else else
echo "✗ Échec de connexion" echo "unknown"
exit 1
fi fi
}
# Génération du hostname
generate_hostname() {
local SYSTEM_TYPE=$(detect_system)
local MODEL
local SUFFIX
sleep 2 case "$SYSTEM_TYPE" in
docker|container)
# Afficher les infos if [ -f /etc/hostname ]; then
echo "" MODEL=$(cat /etc/hostname | tr '[:upper:]' '[:lower:]' | tr -d ' ' | cut -c1-15)
echo "🜄 Nœud KAWA configuré!" else
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" MODEL="container"
echo "Hostname: $HOSTNAME" fi
echo "IP Mesh: $(tailscale ip 2>/dev/null || echo 'en attente...')" SUFFIX=$(head -c 4 /dev/urandom | xxd -p 2>/dev/null || echo "$(date +%s | tail -c 4)")
echo "NATS: $NATS_SERVER" echo "kawa-${MODEL}-${SUFFIX}"
echo "" ;;
echo "Commandes utiles:" nixos)
echo " tailscale status # Voir le mesh" SUFFIX=$(head -c 4 /dev/urandom | xxd -p 2>/dev/null || echo "$(date +%s | tail -c 4)")
echo " tailscale ip # Voir l'IP" echo "kawa-nixos-${SUFFIX}"
echo " tailscale ping NODE # Ping un nœud" ;;
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" physical)
MODEL=$(cat /sys/class/dmi/id/product_name 2>/dev/null | tr '[:upper:]' '[:lower:]' | tr -d ' ' | cut -c1-15 || echo "node")
SUFFIX=$(head -c 4 /dev/urandom | xxd -p 2>/dev/null || echo "$(date +%s | tail -c 4)")
echo "kawa-${MODEL}-${SUFFIX}"
;;
*)
SUFFIX=$(head -c 4 /dev/urandom | xxd -p 2>/dev/null || echo "$(date +%s | tail -c 4)")
echo "kawa-node-${SUFFIX}"
;;
esac
} }
# Vérifier si déjà connecté # Vérifier si déjà connecté
@@ -257,21 +103,62 @@ check_existing() {
echo "Détection du système..." echo "Détection du système..."
SYSTEM_TYPE=$(detect_system) SYSTEM_TYPE=$(detect_system)
echo "Type détecté: $SYSTEM_TYPE" echo "Type détecté: $SYSTEM_TYPE"
HOSTNAME=$(generate_hostname)
echo "Hostname: $HOSTNAME"
echo "" echo ""
case "$SYSTEM_TYPE" in # Vérifier connexion existante
nixos) check_existing
install_nixos
;; # Installer Tailscale si nécessaire
debian|redhat|arch|physical) if ! command -v tailscale &> /dev/null; then
install_standard "$SYSTEM_TYPE" echo "Installation de Tailscale..."
;; curl -fsSL https://tailscale.com/install.sh | sh
docker|container) fi
install_standard "container"
;; # Démarrer tailscaled
*) echo "Démarrage de tailscaled..."
echo "Type de système non reconnu: $SYSTEM_TYPE" tailscaled 2>/dev/null &
echo "Tentative d'installation standard..." sleep 3
install_standard "unknown"
;; # Connexion au mesh
esac echo "Connexion au mesh KAWA..."
# Déconnexion préalable si existante
tailscale down 2>/dev/null || true
sleep 1
# Tentative de connexion
if tailscale up --login-server="$HEADSCALE_URL" --authkey="$HEADSCALE_AUTHKEY" --hostname="$HOSTNAME" --force-reauth 2>/dev/null; then
echo "✓ Connecté via $HEADSCALE_URL"
elif tailscale up --login-server="$HEADSCALE_FALLBACK" --authkey="$HEADSCALE_AUTHKEY" --hostname="$HOSTNAME" --force-reauth 2>/dev/null; then
echo "✓ Connecté via $HEADSCALE_FALLBACK"
else
echo "✗ Échec de connexion"
echo ""
echo "Vérifiez:"
echo " - La connexion réseau"
echo " - Le serveur Headscale est accessible"
echo " - L'authkey est valide"
echo ""
echo "Pour obtenir une nouvelle clé:"
echo " headscale preauthkeys create --user kawa --reusable"
exit 1
fi
sleep 2
# Afficher les infos
echo ""
echo "🜄 Nœud KAWA configuré!"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "Hostname: $HOSTNAME"
echo "IP Mesh: $(tailscale ip 2>/dev/null || echo 'en attente...')"
echo "IPv6: $(tailscale ip -6 2>/dev/null || echo 'en attente...')"
echo ""
echo "Commandes utiles:"
echo " tailscale status # Voir le mesh"
echo " tailscale ip # Voir l'IP"
echo " tailscale ping NODE # Ping un nœud"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"