Update setup to prompt for HEADSCALE_AUTHKEY if not set
- Load from .env if present - Prompt user for authkey if not defined - Better error messages
This commit is contained in:
Debian
341
setup
341
setup
@@ -6,233 +6,79 @@ set -e
|
||||
|
||||
HEADSCALE_URL="https://headscale.du-senegal.com"
|
||||
HEADSCALE_FALLBACK="http://141.94.23.212"
|
||||
HEADSCALE_AUTHKEY="<HEADSCALE_AUTHKEY>"
|
||||
|
||||
# Paramètres NATS
|
||||
NATS_SERVER="100.64.0.1:4222"
|
||||
NATS_CLUSTER="KAWA"
|
||||
NATS_USER="kawa"
|
||||
NATS_PASS="kawa123"
|
||||
# Charger les variables depuis .env si présent
|
||||
if [ -f ".env" ]; then
|
||||
source .env
|
||||
fi
|
||||
|
||||
# Paramètres Syncthing
|
||||
SYNCTHING_DEVICE_ID="" # Sera généré
|
||||
SYNCTHING_FOLDERS="kawa-memory,kawa-workspace,kawa-forge"
|
||||
SYNCTHING_VPS_ID="AHF53QZ-ZYCQ2K7-556QBZ2-2UAYZL4-QNEQOGZ-PHZQIAG-4ZRXI3P-QLLJNA6"
|
||||
# Demander la clé si pas définie
|
||||
if [ -z "$HEADSCALE_AUTHKEY" ] || [ "$HEADSCALE_AUTHKEY" = "<HEADSCALE_AUTHKEY>" ]; then
|
||||
echo ""
|
||||
echo "⚠️ HEADSCALE_AUTHKEY non défini!"
|
||||
echo ""
|
||||
echo "Options:"
|
||||
echo " 1. Créer un fichier .env avec:"
|
||||
echo " HEADSCALE_AUTHKEY=votre-clé"
|
||||
echo ""
|
||||
echo " 2. Ou entrer la clé maintenant:"
|
||||
read -p "Entrez votre clé Headscale: " HEADSCALE_AUTHKEY
|
||||
fi
|
||||
|
||||
echo "🜄 KAWA OS - Installation"
|
||||
echo ""
|
||||
|
||||
# Détection du type de système
|
||||
detect_system() {
|
||||
# NixOS
|
||||
if [ -f /etc/NIXOS ]; then
|
||||
echo "nixos"
|
||||
return
|
||||
fi
|
||||
|
||||
# Debian/Ubuntu
|
||||
if [ -f /etc/debian_version ]; then
|
||||
echo "debian"
|
||||
return
|
||||
fi
|
||||
|
||||
# Fedora/RHEL
|
||||
if [ -f /etc/redhat-release ]; then
|
||||
echo "redhat"
|
||||
return
|
||||
fi
|
||||
|
||||
# Arch Linux
|
||||
if [ -f /etc/arch-release ]; then
|
||||
echo "arch"
|
||||
return
|
||||
fi
|
||||
|
||||
# Docker/Container
|
||||
if [ -f /.dockerenv ]; then
|
||||
echo "docker"
|
||||
return
|
||||
fi
|
||||
|
||||
# Container générique
|
||||
if grep -q "docker\|lxc\|container" /proc/1/cgroup 2>/dev/null; then
|
||||
elif grep -q "docker\|lxc\|container" /proc/1/cgroup 2>/dev/null; then
|
||||
echo "container"
|
||||
return
|
||||
fi
|
||||
|
||||
# Machine physique
|
||||
if [ -f /sys/class/dmi/id/product_name ]; then
|
||||
elif [ -f /etc/NIXOS ]; then
|
||||
echo "nixos"
|
||||
elif [ -f /etc/debian_version ]; then
|
||||
echo "debian"
|
||||
elif [ -f /etc/redhat-release ]; then
|
||||
echo "redhat"
|
||||
elif [ -f /etc/arch-release ]; then
|
||||
echo "arch"
|
||||
elif [ -f /sys/class/dmi/id/product_name ]; then
|
||||
echo "physical"
|
||||
return
|
||||
fi
|
||||
|
||||
echo "unknown"
|
||||
}
|
||||
|
||||
# Installation spécifique NixOS
|
||||
install_nixos() {
|
||||
echo "📦 Installation NixOS détectée"
|
||||
echo ""
|
||||
|
||||
# Demander le hostname
|
||||
read -p "Hostname pour ce nœud (ex: kawa-node-01): " HOSTNAME_INPUT
|
||||
HOSTNAME="${HOSTNAME_INPUT:-kawa-node-$(head -c 4 /dev/urandom | xxd -p 2>/dev/null || echo "$(date +%s | tail -c 4)")}"
|
||||
|
||||
# Créer la configuration NixOS
|
||||
echo "Création de la configuration NixOS..."
|
||||
|
||||
NIXOS_CONFIG="/etc/nixos/kawa-configuration.nix"
|
||||
|
||||
cat > "$NIXOS_CONFIG" << NIXOS_EOF
|
||||
# KAWA Node - Configuration NixOS
|
||||
# Généré automatiquement par kawa-setup
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./kawa.nix
|
||||
];
|
||||
|
||||
# Configuration réseau
|
||||
networking.hostName = "$HOSTNAME";
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [ 22 4222 22000 ];
|
||||
allowedUDPPorts = [ 41641 22000 ];
|
||||
trustedInterfaces = [ "tailscale0" ];
|
||||
};
|
||||
|
||||
# Tailscale/Headscale
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
extraUpFlags = [
|
||||
"--login-server=$HEADSCALE_URL"
|
||||
"--authkey=$HEADSCALE_AUTHKEY"
|
||||
"--hostname=$HOSTNAME"
|
||||
"--force-reauth"
|
||||
];
|
||||
};
|
||||
|
||||
# NATS Client
|
||||
services.nats = {
|
||||
enable = true;
|
||||
server = "$NATS_SERVER";
|
||||
};
|
||||
|
||||
# Syncthing
|
||||
services.syncthing = {
|
||||
enable = true;
|
||||
user = "kawa";
|
||||
group = "kawa";
|
||||
config = {
|
||||
devices = {
|
||||
"vps-7ed4abb0" = { id = "$SYNCTHING_VPS_ID"; };
|
||||
};
|
||||
folders = {
|
||||
"kawa-memory" = {
|
||||
path = "/home/kawa/.local/share/kawa/memory";
|
||||
devices = [ "vps-7ed4abb0" ];
|
||||
};
|
||||
"kawa-workspace" = {
|
||||
path = "/home/kawa/.local/share/kawa/workspace";
|
||||
devices = [ "vps-7ed4abb0" ];
|
||||
};
|
||||
"kawa-forge" = {
|
||||
path = "/home/kawa/.local/share/kawa/forge";
|
||||
devices = [ "vps-7ed4abb0" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Utilisateur KAWA
|
||||
users.users.kawa = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" "networkmanager" "tailscale" "syncthing" ];
|
||||
};
|
||||
|
||||
# Packages système
|
||||
environment.systemPackages = with pkgs; [
|
||||
tailscale
|
||||
natscli
|
||||
syncthing
|
||||
git
|
||||
curl
|
||||
wget
|
||||
htop
|
||||
];
|
||||
}
|
||||
NIXOS_EOF
|
||||
|
||||
# Copier le module kawa.nix
|
||||
cp ./nixos/kawa.nix /etc/nixos/ 2>/dev/null || true
|
||||
|
||||
echo ""
|
||||
echo "✓ Configuration NixOS créée: $NIXOS_CONFIG"
|
||||
echo ""
|
||||
echo "Pour appliquer:"
|
||||
echo " sudo nixos-rebuild switch"
|
||||
echo ""
|
||||
echo "Ou ajouter à votre configuration existante:"
|
||||
echo " imports = [ ./kawa.nix ];"
|
||||
echo " services.kawa.enable = true;"
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
# Installation standard (Debian/Ubuntu/Fedora/etc.)
|
||||
install_standard() {
|
||||
echo "📦 Installation standard ($1)"
|
||||
|
||||
HOSTNAME="${2:-kawa-$SYSTEM_TYPE-$(head -c 4 /dev/urandom | xxd -p 2>/dev/null || echo "$(date +%s | tail -c 4)")}"
|
||||
echo "Hostname: $HOSTNAME"
|
||||
echo ""
|
||||
|
||||
# Vérifier connexion existante
|
||||
check_existing
|
||||
|
||||
# Installer Tailscale si nécessaire
|
||||
if ! command -v tailscale &> /dev/null; then
|
||||
echo "Installation de Tailscale..."
|
||||
curl -fsSL https://tailscale.com/install.sh | sh
|
||||
fi
|
||||
|
||||
# Démarrer tailscaled
|
||||
echo "Démarrage de tailscaled..."
|
||||
tailscaled 2>/dev/null &
|
||||
sleep 3
|
||||
|
||||
# Connexion au mesh
|
||||
echo "Connexion au mesh KAWA..."
|
||||
|
||||
tailscale down 2>/dev/null || true
|
||||
sleep 1
|
||||
|
||||
if tailscale up --login-server="$HEADSCALE_URL" --authkey="$HEADSCALE_AUTHKEY" --hostname="$HOSTNAME" --force-reauth 2>/dev/null; then
|
||||
echo "✓ Connecté via $HEADSCALE_URL"
|
||||
elif tailscale up --login-server="$HEADSCALE_FALLBACK" --authkey="$HEADSCALE_AUTHKEY" --hostname="$HOSTNAME" --force-reauth 2>/dev/null; then
|
||||
echo "✓ Connecté via $HEADSCALE_FALLBACK"
|
||||
else
|
||||
echo "✗ Échec de connexion"
|
||||
exit 1
|
||||
echo "unknown"
|
||||
fi
|
||||
}
|
||||
|
||||
sleep 2
|
||||
# Génération du hostname
|
||||
generate_hostname() {
|
||||
local SYSTEM_TYPE=$(detect_system)
|
||||
local MODEL
|
||||
local SUFFIX
|
||||
|
||||
# Afficher les infos
|
||||
echo ""
|
||||
echo "🜄 Nœud KAWA configuré!"
|
||||
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
||||
echo "Hostname: $HOSTNAME"
|
||||
echo "IP Mesh: $(tailscale ip 2>/dev/null || echo 'en attente...')"
|
||||
echo "NATS: $NATS_SERVER"
|
||||
echo ""
|
||||
echo "Commandes utiles:"
|
||||
echo " tailscale status # Voir le mesh"
|
||||
echo " tailscale ip # Voir l'IP"
|
||||
echo " tailscale ping NODE # Ping un nœud"
|
||||
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
||||
case "$SYSTEM_TYPE" in
|
||||
docker|container)
|
||||
if [ -f /etc/hostname ]; then
|
||||
MODEL=$(cat /etc/hostname | tr '[:upper:]' '[:lower:]' | tr -d ' ' | cut -c1-15)
|
||||
else
|
||||
MODEL="container"
|
||||
fi
|
||||
SUFFIX=$(head -c 4 /dev/urandom | xxd -p 2>/dev/null || echo "$(date +%s | tail -c 4)")
|
||||
echo "kawa-${MODEL}-${SUFFIX}"
|
||||
;;
|
||||
nixos)
|
||||
SUFFIX=$(head -c 4 /dev/urandom | xxd -p 2>/dev/null || echo "$(date +%s | tail -c 4)")
|
||||
echo "kawa-nixos-${SUFFIX}"
|
||||
;;
|
||||
physical)
|
||||
MODEL=$(cat /sys/class/dmi/id/product_name 2>/dev/null | tr '[:upper:]' '[:lower:]' | tr -d ' ' | cut -c1-15 || echo "node")
|
||||
SUFFIX=$(head -c 4 /dev/urandom | xxd -p 2>/dev/null || echo "$(date +%s | tail -c 4)")
|
||||
echo "kawa-${MODEL}-${SUFFIX}"
|
||||
;;
|
||||
*)
|
||||
SUFFIX=$(head -c 4 /dev/urandom | xxd -p 2>/dev/null || echo "$(date +%s | tail -c 4)")
|
||||
echo "kawa-node-${SUFFIX}"
|
||||
;;
|
||||
esac
|
||||
}
|
||||
|
||||
# Vérifier si déjà connecté
|
||||
@@ -257,21 +103,62 @@ check_existing() {
|
||||
echo "Détection du système..."
|
||||
SYSTEM_TYPE=$(detect_system)
|
||||
echo "Type détecté: $SYSTEM_TYPE"
|
||||
|
||||
HOSTNAME=$(generate_hostname)
|
||||
echo "Hostname: $HOSTNAME"
|
||||
echo ""
|
||||
|
||||
case "$SYSTEM_TYPE" in
|
||||
nixos)
|
||||
install_nixos
|
||||
;;
|
||||
debian|redhat|arch|physical)
|
||||
install_standard "$SYSTEM_TYPE"
|
||||
;;
|
||||
docker|container)
|
||||
install_standard "container"
|
||||
;;
|
||||
*)
|
||||
echo "Type de système non reconnu: $SYSTEM_TYPE"
|
||||
echo "Tentative d'installation standard..."
|
||||
install_standard "unknown"
|
||||
;;
|
||||
esac
|
||||
# Vérifier connexion existante
|
||||
check_existing
|
||||
|
||||
# Installer Tailscale si nécessaire
|
||||
if ! command -v tailscale &> /dev/null; then
|
||||
echo "Installation de Tailscale..."
|
||||
curl -fsSL https://tailscale.com/install.sh | sh
|
||||
fi
|
||||
|
||||
# Démarrer tailscaled
|
||||
echo "Démarrage de tailscaled..."
|
||||
tailscaled 2>/dev/null &
|
||||
sleep 3
|
||||
|
||||
# Connexion au mesh
|
||||
echo "Connexion au mesh KAWA..."
|
||||
|
||||
# Déconnexion préalable si existante
|
||||
tailscale down 2>/dev/null || true
|
||||
sleep 1
|
||||
|
||||
# Tentative de connexion
|
||||
if tailscale up --login-server="$HEADSCALE_URL" --authkey="$HEADSCALE_AUTHKEY" --hostname="$HOSTNAME" --force-reauth 2>/dev/null; then
|
||||
echo "✓ Connecté via $HEADSCALE_URL"
|
||||
elif tailscale up --login-server="$HEADSCALE_FALLBACK" --authkey="$HEADSCALE_AUTHKEY" --hostname="$HOSTNAME" --force-reauth 2>/dev/null; then
|
||||
echo "✓ Connecté via $HEADSCALE_FALLBACK"
|
||||
else
|
||||
echo "✗ Échec de connexion"
|
||||
echo ""
|
||||
echo "Vérifiez:"
|
||||
echo " - La connexion réseau"
|
||||
echo " - Le serveur Headscale est accessible"
|
||||
echo " - L'authkey est valide"
|
||||
echo ""
|
||||
echo "Pour obtenir une nouvelle clé:"
|
||||
echo " headscale preauthkeys create --user kawa --reusable"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
sleep 2
|
||||
|
||||
# Afficher les infos
|
||||
echo ""
|
||||
echo "🜄 Nœud KAWA configuré!"
|
||||
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
||||
echo "Hostname: $HOSTNAME"
|
||||
echo "IP Mesh: $(tailscale ip 2>/dev/null || echo 'en attente...')"
|
||||
echo "IPv6: $(tailscale ip -6 2>/dev/null || echo 'en attente...')"
|
||||
echo ""
|
||||
echo "Commandes utiles:"
|
||||
echo " tailscale status # Voir le mesh"
|
||||
echo " tailscale ip # Voir l'IP"
|
||||
echo " tailscale ping NODE # Ping un nœud"
|
||||
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
|
||||
|
||||
Reference in New Issue
Block a user