Merge branch 'community-scripts:main' into step-ca

2026-02-25 05:57:26 +00:00 · 2026-02-04 18:36:52 +01:00
parent e186f0e4c2 4ad1dc0f77
commit 0f787aacd8
18 changed files with 419 additions and 513 deletions
--- a/install/deferred/piler-install.sh
+++ b/install/deferred/piler-install.sh
--- a/install/discourse-install.sh
+++ b/install/discourse-install.sh
@@ -29,13 +29,21 @@ $STD apt install -y \
 msg_ok "Installed Dependencies"

 PG_VERSION="16" setup_postgresql
-PG_DB_NAME="discourse" PG_DB_USER="discourse" setup_postgresql_db
 NODE_VERSION="22" setup_nodejs
-RUBY_VERSION="3.3" setup_ruby
+RUBY_VERSION="3.3.6" setup_ruby
+
+msg_info "Configuring PostgreSQL for Discourse"
+DISCOURSE_DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
+# Configure pg_hba.conf for md5 authentication
+PG_HBA="/etc/postgresql/16/main/pg_hba.conf"
+sed -i 's/^local\s\+all\s\+all\s\+peer$/local   all             all                                     md5/' "$PG_HBA"
+$STD systemctl restart postgresql
+# Create user with CREATEDB permission - Rails will create the database
+$STD sudo -u postgres psql -c "CREATE ROLE discourse WITH LOGIN PASSWORD '$DISCOURSE_DB_PASS' CREATEDB;"
+msg_ok "Configured PostgreSQL for Discourse"

 msg_info "Configuring Discourse"
-DISCOURSE_SECRET_KEY=$(openssl rand -hex 32)
-DISCOURSE_DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)
+DISCOURSE_SECRET_KEY=$(openssl rand -hex 64)

 git clone --depth 1 https://github.com/discourse/discourse.git /opt/discourse
 cd /opt/discourse
@@ -45,7 +53,7 @@ RAILS_ENV=production
 RAILS_LOG_TO_STDOUT=true
 RAILS_SERVE_STATIC_FILES=true
 SECRET_KEY_BASE=${DISCOURSE_SECRET_KEY}
-DISCOURSE_DB_HOST=localhost
+DISCOURSE_DB_HOST=/var/run/postgresql
 DISCOURSE_DB_PORT=5432
 DISCOURSE_DB_NAME=discourse
 DISCOURSE_DB_USERNAME=discourse
@@ -64,26 +72,42 @@ chmod 755 /opt/discourse
 msg_ok "Configured Discourse"

 msg_info "Installing Discourse Dependencies"
+$STD systemctl enable --now redis-server
 cd /opt/discourse
-$STD bundle install --deployment --without test development
-$STD yarn install
+export PATH="$HOME/.rbenv/bin:$HOME/.rbenv/shims:$PATH"
+eval "$(rbenv init - bash)" 2>/dev/null || true
+export RAILS_ENV=production
+export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
+$STD corepack enable
+$STD bundle config set --local deployment true
+$STD bundle config set --local without 'test development'
+$STD bundle install
+$STD pnpm install
 msg_ok "Installed Discourse Dependencies"

-msg_info "Building Discourse Assets"
-cd /opt/discourse
-$STD bundle exec rails assets:precompile
-msg_ok "Built Discourse Assets"
-
 msg_info "Setting Up Database"
 cd /opt/discourse
+export PATH="$HOME/.rbenv/bin:$HOME/.rbenv/shims:$PATH"
+eval "$(rbenv init - bash)" 2>/dev/null || true
+export RAILS_ENV=production
+$STD bundle exec rails db:create
 $STD bundle exec rails db:migrate
-$STD systemctl enable --now redis-server
-$STD systemctl enable --now postgresql
 msg_ok "Set Up Database"

+msg_info "Building Discourse Assets"
+cd /opt/discourse
+export PATH="$HOME/.rbenv/bin:$HOME/.rbenv/shims:$PATH"
+eval "$(rbenv init - bash)" 2>/dev/null || true
+export RAILS_ENV=production
+$STD bundle exec rails assets:precompile
+msg_ok "Built Discourse Assets"
+
 msg_info "Creating Discourse Admin User"
 cd /opt/discourse
-$STD bundle exec rails runner -e production "User.create!(email: 'admin@local', username: 'admin', password: '${DISCOURSE_DB_PASS}', admin: true)" || true
+export PATH="$HOME/.rbenv/bin:$HOME/.rbenv/shims:$PATH"
+eval "$(rbenv init - bash)" 2>/dev/null || true
+export RAILS_ENV=production
+$STD bundle exec rails runner "User.create!(email: 'admin@local', username: 'admin', password: '${DISCOURSE_DB_PASS}', admin: true)" || true
 msg_ok "Created Discourse Admin User"

 msg_info "Creating Service"
--- a/install/wger-install.sh
+++ b/install/wger-install.sh
@@ -14,18 +14,18 @@ network_check
 update_os

 msg_info "Installing Dependencies"
-$STD apt-get install -y \
-  apache2 \
-  libapache2-mod-wsgi-py3 \
+$STD apt install -y \
+  build-essential \
+  nginx \
+  redis-server \
  libpq-dev
 msg_ok "Installed Dependencies"

+import_local_ip
 NODE_VERSION="22" NODE_MODULE="sass" setup_nodejs
 setup_uv
-
 PG_VERSION="16" setup_postgresql
 PG_DB_NAME="wger" PG_DB_USER="wger" setup_postgresql_db
-
 fetch_and_deploy_gh_release "wger" "wger-project/wger" "tarball" "latest" "/opt/wger"

 msg_info "Setting up wger"
@@ -36,85 +36,147 @@ $STD corepack enable
 $STD npm install
 $STD npm run build:css:sass
 $STD uv venv
-$STD uv pip install .
+$STD uv pip install . --group docker
 SECRET_KEY=$(openssl rand -base64 40)
 cat <<EOF >/opt/wger/.env
+DJANGO_SETTINGS_MODULE=settings.main
+PYTHONPATH=/opt/wger
+
 DJANGO_DB_ENGINE=django.db.backends.postgresql
 DJANGO_DB_DATABASE=${PG_DB_NAME}
 DJANGO_DB_USER=${PG_DB_USER}
 DJANGO_DB_PASSWORD=${PG_DB_PASS}
 DJANGO_DB_HOST=localhost
 DJANGO_DB_PORT=5432
+DATABASE_URL=postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}
+
 DJANGO_MEDIA_ROOT=/opt/wger/media
 DJANGO_STATIC_ROOT=/opt/wger/static
+DJANGO_STATIC_URL=/static/
+
+ALLOWED_HOSTS=${LOCAL_IP},localhost,127.0.0.1
+CSRF_TRUSTED_ORIGINS=http://${LOCAL_IP}:3000
+
+USE_X_FORWARDED_HOST=True
+SECURE_PROXY_SSL_HEADER=HTTP_X_FORWARDED_PROTO,http
+
+DJANGO_CACHE_BACKEND=django_redis.cache.RedisCache
+DJANGO_CACHE_LOCATION=redis://127.0.0.1:6379/1
+DJANGO_CACHE_TIMEOUT=300
+DJANGO_CACHE_CLIENT_CLASS=django_redis.client.DefaultClient
+AXES_CACHE_ALIAS=default
+
+USE_CELERY=True
+CELERY_BROKER=redis://127.0.0.1:6379/2
+CELERY_BACKEND=redis://127.0.0.1:6379/2
+
+SITE_URL=http://${LOCAL_IP}:3000
 SECRET_KEY=${SECRET_KEY}
 EOF
-cat <<'WSGI' >/opt/wger/wsgi_wrapper.py
-import os
-from pathlib import Path
-
-env_file = Path('/opt/wger/.env')
-if env_file.exists():
-    for line in env_file.read_text().splitlines():
-        if line.strip() and not line.startswith('#') and '=' in line:
-            key, value = line.split('=', 1)
-            os.environ.setdefault(key.strip(), value.strip())
-
-os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'settings.main')
-
-from wger.wsgi import application
-WSGI
 set -a && source /opt/wger/.env && set +a
-export DJANGO_SETTINGS_MODULE=settings.main
-$STD uv run python manage.py migrate
-$STD uv run python manage.py loaddata languages
-$STD uv run python manage.py loaddata gym_config
-$STD uv run python manage.py loaddata groups
-$STD uv run python manage.py loaddata site
+$STD uv run wger bootstrap
 $STD uv run python manage.py collectstatic --no-input
 cat <<EOF | uv run python manage.py shell
 from django.contrib.auth import get_user_model
-UserModel = get_user_model()
-user = UserModel.objects.create_user('admin', email='admin@localhost', password='${PG_DB_PASS}')
-user.is_superuser = True
-user.is_staff = True
-user.save()
+User = get_user_model()
+
+user, created = User.objects.get_or_create(
+    username="admin",
+    defaults={"email": "admin@localhost"},
+)
+
+if created:
+    user.set_password("${PG_DB_PASS}")
+    user.is_superuser = True
+    user.is_staff = True
+    user.save()
 EOF
 msg_ok "Set up wger"
+msg_info "Creating Config and Services"
+cat <<EOF >/etc/systemd/system/wger.service
+[Unit]
+Description=wger Gunicorn
+After=network.target

-msg_info "Creating Service"
-cat <<EOF >/etc/apache2/sites-available/wger.conf
-<Directory /opt/wger>
-    <Files wsgi_wrapper.py>
-        Require all granted
-    </Files>
-</Directory>
+[Service]
+User=root
+WorkingDirectory=/opt/wger
+EnvironmentFile=/opt/wger/.env
+ExecStart=/opt/wger/.venv/bin/gunicorn \
+  --bind 127.0.0.1:8000 \
+  --workers 3 \
+  --threads 2 \
+  --timeout 120 \
+  wger.wsgi:application
+Restart=always

-<VirtualHost *:80>
-    WSGIApplicationGroup %{GLOBAL}
-    WSGIDaemonProcess wger python-path=/opt/wger python-home=/opt/wger/.venv
-    WSGIProcessGroup wger
-    WSGIScriptAlias / /opt/wger/wsgi_wrapper.py
-    WSGIPassAuthorization On
-
-    Alias /static/ /opt/wger/static/
-    <Directory /opt/wger/static>
-        Require all granted
-    </Directory>
-
-    Alias /media/ /opt/wger/media/
-    <Directory /opt/wger/media>
-        Require all granted
-    </Directory>
-
-    ErrorLog /var/log/apache2/wger-error.log
-    CustomLog /var/log/apache2/wger-access.log combined
-</VirtualHost>
+[Install]
+WantedBy=multi-user.target
 EOF
-$STD a2dissite 000-default.conf
-$STD a2ensite wger
-systemctl restart apache2
-msg_ok "Created Service"
+cat <<EOF >/etc/systemd/system/celery.service
+[Unit]
+Description=wger Celery Worker
+After=network.target redis-server.service
+Requires=redis-server.service
+
+[Service]
+WorkingDirectory=/opt/wger
+EnvironmentFile=/opt/wger/.env
+ExecStart=/opt/wger/.venv/bin/celery -A wger worker -l info
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+mkdir -p /var/lib/wger/celery
+chmod 700 /var/lib/wger/celery
+cat <<EOF >/etc/systemd/system/celery-beat.service
+[Unit]
+Description=wger Celery Beat
+After=network.target redis-server.service
+Requires=redis-server.service
+
+[Service]
+WorkingDirectory=/opt/wger
+EnvironmentFile=/opt/wger/.env
+ExecStart=/opt/wger/.venv/bin/celery -A wger beat -l info \
+  --schedule /var/lib/wger/celery/celerybeat-schedule
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+EOF
+cat <<'EOF' >/etc/nginx/sites-available/wger
+server {
+    listen 3000;
+    server_name _;
+
+    client_max_body_size 20M;
+
+    location /static/ {
+        alias /opt/wger/static/;
+        expires 30d;
+    }
+
+    location /media/ {
+        alias /opt/wger/media/;
+    }
+
+    location / {
+        proxy_pass http://127.0.0.1:8000;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_redirect off;
+    }
+}
+EOF
+$STD rm -f /etc/nginx/sites-enabled/default
+$STD ln -sf /etc/nginx/sites-available/wger /etc/nginx/sites-enabled/wger
+systemctl enable -q --now redis-server nginx wger celery celery-beat
+systemctl restart nginx
+msg_ok "Created Config and Services"

 motd_ssh
 customize
--- a/install/wishlist-install.sh
+++ b/install/wishlist-install.sh
@@ -1,67 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: Dunky13
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/cmintey/wishlist
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing dependencies"
-$STD apt install -y \
-  build-essential \
-  python3 \
-  openssl \
-  caddy
-msg_ok "Installed dependencies"
-
-NODE_VERSION="24" NODE_MODULE="pnpm" setup_nodejs
-fetch_and_deploy_gh_release "wishlist" "cmintey/wishlist" "tarball"
-LATEST_APP_VERSION=$(get_latest_github_release "cmintey/wishlist" false)
-
-
-msg_info "Installing Wishlist"
-cd /opt/wishlist
-cp .env.example .env
-sed -i "s|^ORIGIN=.*|ORIGIN=http://${LOCAL_IP}:3000|" /opt/wishlist/.env
-echo "NODE_ENV=production" >>/opt/wishlist/.env
-$STD pnpm install
-$STD pnpm svelte-kit sync
-$STD pnpm prisma generate
-sed -i 's|/usr/src/app/|/opt/wishlist/|g' $(grep -rl '/usr/src/app/' /opt/wishlist)
-export VERSION="v${LATEST_APP_VERSION}"
-export SHA="v${LATEST_APP_VERSION}"
-$STD pnpm run build
-$STD pnpm prune --prod
-chmod +x /opt/wishlist/entrypoint.sh
-mkdir -p /opt/wishlist/uploads
-mkdir -p /opt/wishlist/data
-msg_ok "Installed Wishlist"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/wishlist.service
-[Unit]
-Description=Wishlist Service
-After=network.target
-
-[Service]
-WorkingDirectory=/opt/wishlist
-EnvironmentFile=/opt/wishlist/.env
-ExecStart=/usr/bin/env sh -c './entrypoint.sh'
-Restart=on-failure
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now wishlist
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc
--- a/install/writefreely-install.sh
+++ b/install/writefreely-install.sh
@@ -1,71 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: StellaeAlis
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/writefreely/writefreely
-
-# Import Functions and Setup
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y crudini
-msg_ok "Installed Dependencies"
-
-setup_mariadb
-MARIADB_DB_NAME="writefreely" MARIADB_DB_USER="writefreely" setup_mariadb_db
-
-get_lxc_ip
-
-fetch_and_deploy_gh_release "writefreely" "writefreely/writefreely" "prebuild" "latest" "/opt/writefreely" "writefreely_*_linux_amd64.tar.gz"
-
-msg_info "Setting up WriteFreely"
-cd /opt/writefreely
-$STD ./writefreely config generate
-$STD ./writefreely keys generate
-msg_ok "Setup WriteFreely"
-
-msg_info "Configuring WriteFreely"
-$STD crudini --set config.ini server port 80
-$STD crudini --set config.ini server bind $LOCAL_IP
-$STD crudini --set config.ini database username $MARIADB_DB_USER
-$STD crudini --set config.ini database password $MARIADB_DB_PASS
-$STD crudini --set config.ini database database $MARIADB_DB_NAME
-$STD crudini --set config.ini app host http://$LOCAL_IP:80
-$STD ./writefreely db init
-msg_ok "Configured WriteFreely"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/writefreely.service
-[Unit]
-Description=WriteFreely Service
-After=syslog.target network.target
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/writefreely
-ExecStart=/opt/writefreely/writefreely
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now writefreely
-msg_ok "Created Service"
-
-msg_info "Cleaning up"
-$STD rm ~/writefreely.creds
-msg_ok "Cleaned up"
-
-motd_ssh
-customize
-
-cleanup_lxc