community-scripts/ProxmoxVED
5
0
Fork 0
Code Issues Pull Requests Actions 6 Packages Projects Releases Wiki Activity

Merge branch 'community-scripts:main' into step-ca

Browse Source
This commit is contained in:
Joerg Heinemann 2026-02-08 18:35:15 +01:00 committed by GitHub
commit 536ff20bc6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
21 changed files with 444 additions and 999 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.github/pull_request_template.md generated vendored
View File

@ -48,3 +48,4 @@ Link: #
- [ ] The application is **actively maintained** - [ ] The application is **actively maintained**
- [ ] The application has **600+ GitHub stars** - [ ] The application has **600+ GitHub stars**
- [ ] Official **release tarballs** are published - [ ] Official **release tarballs** are published
- [ ] I understand that not all scripts will be accepted due to various reasons and criteria by the community-scripts ORG

78
ct/checkmate.sh
View File

@ -1,78 +0,0 @@
#!/usr/bin/env bash
source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/build.func)
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/bluewave-labs/Checkmate
APP="Checkmate"
var_tags="${var_tags:-monitoring;uptime}"
var_cpu="${var_cpu:-2}"
var_ram="${var_ram:-4096}"
var_disk="${var_disk:-10}"
var_os="${var_os:-debian}"
var_version="${var_version:-13}"
var_unprivileged="${var_unprivileged:-1}"
header_info "$APP"
variables
color
catch_errors
function update_script() {
header_info
check_container_storage
check_container_resources
if [[ ! -d /opt/checkmate ]]; then
msg_error "No ${APP} Installation Found!"
exit
fi
if check_for_gh_release "checkmate" "bluewave-labs/Checkmate"; then
msg_info "Stopping Services"
systemctl stop checkmate-server checkmate-client nginx
msg_ok "Stopped Services"
msg_info "Backing up Data"
cp /opt/checkmate/server/.env /opt/checkmate_server.env.bak
[ -f /opt/checkmate/client/.env.local ] && cp /opt/checkmate/client/.env.local /opt/checkmate_client.env.local.bak
msg_ok "Backed up Data"
CLEAN_INSTALL=1 fetch_and_deploy_gh_release "checkmate" "bluewave-labs/Checkmate"
msg_info "Updating Checkmate Server"
cd /opt/checkmate/server
$STD npm install
if [ -f package.json ]; then
grep -q '"build"' package.json && $STD npm run build || true
fi
msg_ok "Updated Checkmate Server"
msg_info "Updating Checkmate Client"
cd /opt/checkmate/client
$STD npm install
VITE_APP_API_BASE_URL="/api/v1" UPTIME_APP_API_BASE_URL="/api/v1" VITE_APP_LOG_LEVEL="warn" $STD npm run build
msg_ok "Updated Checkmate Client"
msg_info "Restoring Data"
mv /opt/checkmate_server.env.bak /opt/checkmate/server/.env
[ -f /opt/checkmate_client.env.local.bak ] && mv /opt/checkmate_client.env.local.bak /opt/checkmate/client/.env.local
msg_ok "Restored Data"
msg_info "Starting Services"
systemctl start checkmate-server checkmate-client nginx
msg_ok "Started Services"
msg_ok "Updated successfully!"
fi
exit
}
start
build_container
description
msg_ok "Completed Successfully!\n"
echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
echo -e "${INFO}${YW} Access it using the following URL:${CL}"
echo -e "${TAB}${GATEWAY}${BGN}http://${IP}${CL}"

6
ct/headers/opencloud
View File

@ -1,6 +0,0 @@
 ____ ________ __
/ __ \____ ___ ____ / ____/ /___ __ ______/ /
/ / / / __ \/ _ \/ __ \/ / / / __ \/ / / / __ /
/ /_/ / /_/ / __/ / / / /___/ / /_/ / /_/ / /_/ /
\____/ .___/\___/_/ /_/\____/_/\____/\__,_/\__,_/
/_/

6
ct/nextexplorer.sh
View File

@ -3,7 +3,7 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV
# Copyright (c) 2021-2026 community-scripts ORG # Copyright (c) 2021-2026 community-scripts ORG
# Author: vhsdream # Author: vhsdream
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE # License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/vikramsoni2/nextExplorer # Source: https://github.com/nxzai/nextExplorer
APP="nextExplorer" APP="nextExplorer"
var_tags="${var_tags:-files;documents}" var_tags="${var_tags:-files;documents}"
@ -31,12 +31,12 @@ function update_script() {
NODE_VERSION="24" setup_nodejs NODE_VERSION="24" setup_nodejs
if check_for_gh_release "nextExplorer" "vikramsoni2/nextExplorer"; then if check_for_gh_release "nextExplorer" "nxzai/nextExplorer"; then
msg_info "Stopping nextExplorer" msg_info "Stopping nextExplorer"
$STD systemctl stop nextexplorer $STD systemctl stop nextexplorer
msg_ok "Stopped nextExplorer" msg_ok "Stopped nextExplorer"
CLEAN_INSTALL=1 fetch_and_deploy_gh_release "nextExplorer" "vikramsoni2/nextExplorer" "tarball" "latest" "/opt/nextExplorer" CLEAN_INSTALL=1 fetch_and_deploy_gh_release "nextExplorer" "nxzai/nextExplorer" "tarball" "latest" "/opt/nextExplorer"
msg_info "Updating nextExplorer" msg_info "Updating nextExplorer"
APP_DIR="/opt/nextExplorer/app" APP_DIR="/opt/nextExplorer/app"

68
ct/nginx-ui.sh
View File

@ -1,68 +0,0 @@
#!/usr/bin/env bash
source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/build.func)
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://nginxui.com
APP="Nginx-UI"
var_tags="${var_tags:-webserver;nginx;proxy}"
var_cpu="${var_cpu:-1}"
var_ram="${var_ram:-512}"
var_disk="${var_disk:-4}"
var_os="${var_os:-debian}"
var_version="${var_version:-13}"
var_unprivileged="${var_unprivileged:-1}"
header_info "$APP"
variables
color
catch_errors
function update_script() {
header_info
check_container_storage
check_container_resources
if [[ ! -f /usr/local/bin/nginx-ui ]]; then
msg_error "No ${APP} Installation Found!"
exit
fi
if check_for_gh_release "nginx-ui" "0xJacky/nginx-ui"; then
msg_info "Stopping Service"
systemctl stop nginx-ui
msg_ok "Stopped Service"
msg_info "Backing up Configuration"
cp /usr/local/etc/nginx-ui/app.ini /tmp/nginx-ui-app.ini.bak
msg_ok "Backed up Configuration"
CLEAN_INSTALL=1 fetch_and_deploy_gh_release "nginx-ui" "0xJacky/nginx-ui" "prebuild" "latest" "/opt/nginx-ui" "nginx-ui-linux-64.tar.gz"
msg_info "Updating Binary"
cp /opt/nginx-ui/nginx-ui /usr/local/bin/nginx-ui
chmod +x /usr/local/bin/nginx-ui
rm -rf /opt/nginx-ui
msg_ok "Updated Binary"
msg_info "Restoring Configuration"
mv /tmp/nginx-ui-app.ini.bak /usr/local/etc/nginx-ui/app.ini
msg_ok "Restored Configuration"
msg_info "Starting Service"
systemctl start nginx-ui
msg_ok "Started Service"
msg_ok "Updated successfully!"
fi
exit
}
start
build_container
description
msg_ok "Completed Successfully!\n"
echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
echo -e "${INFO}${YW} Access it using the following URL:${CL}"
echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:9000${CL}"

58
ct/nightscout.sh
View File

@ -1,58 +0,0 @@
#!/usr/bin/env bash
source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/build.func)
# Copyright (c) 2021-2026 community-scripts ORG
# Author: aendel
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/nightscout/cgm-remote-monitor
APP="Nightscout"
var_tags="${var_tags:-health}"
var_cpu="${var_cpu:-2}"
var_ram="${var_ram:-2048}"
var_disk="${var_disk:-10}"
var_os="${var_os:-debian}"
var_version="${var_version:-13}"
var_unprivileged="${var_unprivileged:-1}"
header_info "$APP"
variables
color
catch_errors
function update_script() {
header_info
check_container_storage
check_container_resources
if [[ ! -d /opt/nightscout ]]; then
msg_error "No ${APP} Installation Found!"
exit
fi
if check_for_gh_release "nightscout" "nightscout/cgm-remote-monitor"; then
msg_info "Stopping Service"
systemctl stop nightscout
msg_ok "Stopped Service"
fetch_and_deploy_gh_release "nightscout" "nightscout/cgm-remote-monitor" "source"
msg_info "Updating Nightscout"
cd /opt/nightscout
$STD npm install
msg_ok "Updated Nightscout"
msg_info "Starting Service"
systemctl start nightscout
msg_ok "Started Service"
msg_ok "Updated successfully!"
fi
exit
}
start
build_container
description
msg_ok "Completed successfully!\n"
echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
echo -e "${INFO}${YW} Access it using the following URL:${CL}"
echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:1337${CL}"

60
ct/opencloud.sh
View File

@ -1,60 +0,0 @@
#!/usr/bin/env bash
source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/build.func)
# Copyright (c) 2021-2026 community-scripts ORG
# Author: vhsdream
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://opencloud.eu
APP="OpenCloud"
var_tags="${var_tags:-files;cloud}"
var_cpu="${var_cpu:-2}"
var_ram="${var_ram:-2048}"
var_disk="${var_disk:-20}"
var_os="${var_os:-debian}"
var_version="${var_version:-13}"
var_unprivileged="${var_unprivileged:-1}"
header_info "$APP"
variables
color
catch_errors
function update_script() {
header_info
check_container_storage
check_container_resources
if [[ ! -d /etc/opencloud ]]; then
msg_error "No ${APP} Installation Found!"
exit
fi
RELEASE="v5.0.1"
if check_for_gh_release "opencloud" "opencloud-eu/opencloud" "${RELEASE}"; then
msg_info "Stopping services"
systemctl stop opencloud opencloud-wopi
msg_ok "Stopped services"
msg_info "Updating packages"
$STD apt-get update
$STD apt-get dist-upgrade -y
msg_ok "Updated packages"
CLEAN_INSTALL=1 fetch_and_deploy_gh_release "opencloud" "opencloud-eu/opencloud" "singlefile" "${RELEASE}" "/usr/bin" "opencloud-*-linux-amd64"
msg_info "Starting services"
systemctl start opencloud opencloud-wopi
msg_ok "Started services"
msg_ok "Updated successfully"
fi
exit
}
start
build_container
description
msg_ok "Completed successfully!\n"
echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
echo -e "${INFO}${YW} Access it using the following URL:${CL}"
echo -e "${TAB}${GATEWAY}${BGN}https://<your-OpenCloud-domain>${CL}"

68
ct/zitadel.sh Normal file
View File

@ -0,0 +1,68 @@
#!/usr/bin/env bash
source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/build.func)
# Copyright (c) 2021-2026 community-scripts ORG
# Author: dave-yap (dave-yap) | Co-author: remz1337
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://zitadel.com/
APP="Zitadel"
var_tags="${var_tags:-identity-provider}"
var_cpu="${var_cpu:-2}"
var_ram="${var_ram:-2048}"
var_disk="${var_disk:-6}"
var_os="${var_os:-debian}"
var_version="${var_version:-13}"
var_unprivileged="${var_unprivileged:-1}"
header_info "$APP"
variables
color
catch_errors
function update_script() {
header_info
check_container_storage
check_container_resources
if [[ ! -f /etc/systemd/system/zitadel-api.service ]]; then
msg_error "No ${APP} Installation Found!"
exit
fi
if check_for_gh_release "zitadel" "zitadel/zitadel"; then
msg_info "Stopping Service"
systemctl stop zitadel-api zitadel-login
msg_ok "Stopped Service"
msg_info "Updating Zitadel"
rm -f /opt/zitadel/*
fetch_and_deploy_gh_release "zitadel" "zitadel/zitadel" "prebuild" "latest" "/opt/zitadel" "zitadel-linux-amd64.tar.gz"
rm -f /opt/login/*
fetch_and_deploy_gh_release "login" "zitadel/zitadel" "prebuild" "latest" "/opt/login" "zitadel-login.tar.gz"
cd /opt/zitadel
./zitadel setup --masterkeyFile /etc/zitadel/.masterkey --config /etc/zitadel/config.yaml --init-projections=true
msg_ok "Updated Zitadel"
msg_info "Starting Service"
systemctl start zitadel
msg_ok "Started Service"
msg_ok "Updated successfully!"
fi
exit
}
start
build_container
description
msg_info "Setting Container to Normal Resources"
pct set $CTID -memory 1024
pct set $CTID -cores 1
msg_ok "Set Container to Normal Resources"
msg_ok "Completed successfully!\n"
echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
echo -e "${INFO}${YW} Access it using the following URL:${CL}"
echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080/ui/console${CL}"
echo -e "${INFO} All credentials are saved in: /etc/zitadel/INSTALLATION_INFO.txt${CL}"

48
frontend/public/json/checkmate.json
View File

@ -1,48 +0,0 @@
{
"name": "Checkmate",
"slug": "checkmate",
"categories": [
9
],
"date_created": "2026-02-02",
"type": "ct",
"updateable": true,
"privileged": false,
"interface_port": 5173,
"documentation": "https://github.com/bluewave-labs/Checkmate#readme",
"website": "https://github.com/bluewave-labs/Checkmate",
"logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/checkmate.webp",
"config_path": "/opt/checkmate/server/.env",
"description": "Checkmate is an open source uptime and infrastructure monitoring application that helps you track the availability and performance of your services.",
"install_methods": [
{
"type": "default",
"script": "ct/checkmate.sh",
"resources": {
"cpu": 2,
"ram": 4096,
"hdd": 10,
"os": "Debian",
"version": "13"
}
}
],
"default_credentials": {
"username": null,
"password": null
},
"notes": [
{
"text": "Create your admin account on first login via the web interface.",
"type": "info"
},
{
"text": "Server API runs on port 52345, Client UI on port 5173.",
"type": "info"
},
{
"text": "For PageSpeed monitoring, add a Google PageSpeed API key to the server .env file.",
"type": "info"
}
]
}

2
frontend/public/json/github-versions.json
View File

@ -1,5 +1,5 @@
{ {
"generated": "2026-02-04T13:17:54Z", "generated": "2026-02-04T19:01:08Z",
"versions": [ "versions": [
{ {
"slug": "affine", "slug": "affine",

2
frontend/public/json/nextexplorer.json
View File

@ -11,7 +11,7 @@
"privileged": false, "privileged": false,
"interface_port": 3000, "interface_port": 3000,
"documentation": "https://explorer.nxz.ai", "documentation": "https://explorer.nxz.ai",
"website": "https://github.com/vikramsoni2/nextExplorer", "website": "https://github.com/nxzai/nextExplorer",
"logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/nextexplorer.webp", "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/nextexplorer.webp",
"config_path": "/etc/nextExplorer/.env", "config_path": "/etc/nextExplorer/.env",
"description": "Self-hosted file access for teams, homelabs, and agencies with a refined interface.", "description": "Self-hosted file access for teams, homelabs, and agencies with a refined interface.",

44
frontend/public/json/nginx-ui.json
View File

@ -1,44 +0,0 @@
{
"name": "Nginx UI",
"slug": "nginx-ui",
"categories": [
21
],
"date_created": "2026-02-03",
"type": "ct",
"updateable": true,
"privileged": false,
"interface_port": 9000,
"documentation": "https://nginxui.com/guide/",
"website": "https://nginxui.com",
"logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/nginx-ui.webp",
"config_path": "/usr/local/etc/nginx-ui/app.ini",
"description": "Nginx UI is a comprehensive web-based interface designed to simplify the management and configuration of Nginx servers. It provides features like online statistics, ChatGPT-powered config assistant, automatic Let's Encrypt certificates, and config file editing with syntax highlighting.",
"install_methods": [
{
"type": "default",
"script": "ct/nginx-ui.sh",
"resources": {
"cpu": 1,
"ram": 512,
"hdd": 4,
"os": "Debian",
"version": "13"
}
}
],
"default_credentials": {
"username": null,
"password": null
},
"notes": [
{
"text": "Nginx runs on ports 80/443, Nginx UI management interface on port 9000.",
"type": "info"
},
{
"text": "SSL certificates can be managed automatically with Let's Encrypt integration.",
"type": "info"
}
]
}

52
frontend/public/json/nightscout.json
View File

@ -1,52 +0,0 @@
{
"name": "Nightscout",
"slug": "nightscout",
"categories": [
0
],
"date_created": "2025-01-17",
"type": "ct",
"updateable": true,
"privileged": false,
"interface_port": 1337,
"documentation": "https://nightscout.github.io/",
"website": "http://www.nightscout.info/",
"logo": "https://raw.githubusercontent.com/nightscout/cgm-remote-monitor/master/static/images/large.png",
"config_path": "/opt/nightscout/my.env",
"description": "Nightscout is an open source, DIY project that allows real time access to a CGM data via personal website, smartwatch watchers, or apps and widgets available for smartphones.",
"install_methods": [
{
"type": "default",
"script": "ct/nightscout.sh",
"resources": {
"cpu": 2,
"ram": 2048,
"hdd": 10,
"os": "debian",
"version": "12"
}
}
],
"default_credentials": {
"username": null,
"password": null
},
"notes": [
{
"text": "Nightscout requires configuring `my.env` with your Mongo connection string. API_SECRET has been generated and saved to `~/nightscout.creds`.",
"type": "info"
},
{
"text": "Edit `/opt/nightscout/my.env` to configure your CGM source (Dexcom/CareLink). Then run: `systemctl restart nightscout`",
"type": "info"
},
{
"text": "Official Configuration Guide: https://nightscout.github.io/nightscout/setup_variables/",
"type": "info"
},
{
"text": "Nightscout requires HTTPS for many features (security, tokens, PWA). Usage of a reverse proxy (e.g. Nginx Proxy Manager, Traefik, Caddy) is highly recommended.",
"type": "warning"
}
]
}

64
frontend/public/json/opencloud.json
View File

@ -1,64 +0,0 @@
{
"name": "OpenCloud",
"slug": "opencloud",
"categories": [
11
],
"date_created": "2025-12-12",
"type": "ct",
"updateable": true,
"privileged": false,
"interface_port": 443,
"documentation": "https://docs.opencloud.eu",
"config_path": "/etc/opencloud/opencloud.env, /etc/opencloud/opencloud.yaml, /etc/opencloud/csp.yaml",
"website": "https://opencloud.eu",
"logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/opencloud.webp",
"description": "OpenCloud is the file sharing and collaboration solution of the Heinlein Group. Through intelligent file management and a strong open source community, files become valuable resources, effectively structured and usable in the long term. With flexible data rooms and intelligent access rights, teams can access and work together on data anytime, anywhere without barriers, but with a lot of productivity.",
"install_methods": [
{
"type": "default",
"script": "ct/opencloud.sh",
"resources": {
"cpu": 2,
"ram": 2048,
"hdd": 20,
"os": "Debian",
"version": "13"
}
}
],
"default_credentials": {
"username": "admin",
"password": "randomly generated during the installation process"
},
"notes": [
{
"text": "Valid TLS certificates and fully-qualified domain names behind a reverse proxy (Caddy) for 3 services - OpenCloud, Collabora, and WOPI are **REQUIRED**",
"type": "warning"
},
{
"text": "Forgot your admin password? Check `admin_password` in the 'idm' section in `/etc/opencloud/opencloud.yaml`",
"type": "info"
},
{
"text": "**Optional External Apps**: extract zip archives from App Store to `/etc/opencloud/assets/apps`",
"type": "info"
},
{
"text": "**Optional CalDAV and CardDAV**: requires separate Radicale install. Edit and rename `/opt/opencloud/proxy.yaml.bak` and change your Radicale config to use `http_x_remote_user` as the auth method",
"type": "info"
},
{
"text": "**Optional OpenID**: Authelia and PocketID supported. Uncomment relevant lines in `/opt/opencloud/opencloud.env` and consult OpenCloud GitHub discussions for configuration tips",
"type": "info"
},
{
"text": "**Optional Full-text Search with Apache Tika**: requires your own Tika LXC. See `https://community-scripts.github.io/ProxmoxVE/scripts?id=apache-tika`",
"type": "info"
},
{
"text": "**Relevant services**: `opencloud.service`, `opencloud-wopi.service`, `coolwsd.service`",
"type": "info"
}
]
}

44
frontend/public/json/zitadel.json Normal file
View File

@ -0,0 +1,44 @@
{
"name": "Zitadel",
"slug": "zitadel",
"categories": [
6
],
"date_created": "2025-02-10",
"type": "ct",
"updateable": true,
"privileged": false,
"interface_port": 8080,
"documentation": "https://zitadel.com/docs/guides/overview",
"website": "https://zitadel.com",
"logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/zitadel.webp",
"config_path": "/etc/zitadel/config.yaml",
"description": "Zitadel is an open-source identity and access management (IAM) solution designed to provide secure authentication, authorization, and user management for modern applications and services. Built with a focus on flexibility, scalability, and security, Zitadel offers a comprehensive set of features for developers and organizations looking to implement robust identity management.",
"install_methods": [
{
"type": "default",
"script": "ct/zitadel.sh",
"resources": {
"cpu": 1,
"ram": 1024,
"hdd": 6,
"os": "debian",
"version": "13"
}
}
],
"default_credentials": {
"username": "zitadel-admin@zitadel.localhost",
"password": "Password1!"
},
"notes": [
{
"text": "Application credentials: `cat /etc/zitadel/INSTALLATION_INFO.txt`",
"type": "info"
},
{
"text": "Change the ExternalDomain value in `/etc/zitadel/config.yaml` to your domain/hostname/IP and run `bash zitadel-rerun.sh`",
"type": "info"
}
]
}

136
install/checkmate-install.sh
View File

@ -1,136 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/bluewave-labs/Checkmate
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
build-essential \
openssl \
nginx
msg_ok "Installed Dependencies"
MONGO_VERSION="8.0" setup_mongodb
NODE_VERSION="22" setup_nodejs
fetch_and_deploy_gh_release "checkmate" "bluewave-labs/Checkmate"
msg_info "Configuring Checkmate"
JWT_SECRET="$(openssl rand -hex 32)"
cat <<EOF >/opt/checkmate/server/.env
CLIENT_HOST="http://${LOCAL_IP}"
JWT_SECRET="${JWT_SECRET}"
DB_CONNECTION_STRING="mongodb://localhost:27017/checkmate_db"
TOKEN_TTL="99d"
ORIGIN="${LOCAL_IP}"
LOG_LEVEL="info"
SERVER_HOST=0.0.0.0
SERVER_PORT=52345
EOF
cat <<EOF >/opt/checkmate/client/.env.local
VITE_APP_API_BASE_URL="/api/v1"
UPTIME_APP_API_BASE_URL="/api/v1"
VITE_APP_LOG_LEVEL="warn"
EOF
msg_ok "Configured Checkmate"
msg_info "Installing Checkmate Server"
cd /opt/checkmate/server
$STD npm install
$STD npm run build
msg_ok "Installed Checkmate Server"
msg_info "Installing Checkmate Client"
cd /opt/checkmate/client
$STD npm install
VITE_APP_API_BASE_URL="/api/v1" UPTIME_APP_API_BASE_URL="/api/v1" VITE_APP_LOG_LEVEL="warn" $STD npm run build
msg_ok "Installed Checkmate Client"
msg_info "Creating Services"
cat <<EOF >/etc/systemd/system/checkmate-server.service
[Unit]
Description=Checkmate Server
After=network.target mongod.service
[Service]
Type=simple
User=root
WorkingDirectory=/opt/checkmate/server
EnvironmentFile=/opt/checkmate/server/.env
ExecStart=/usr/bin/npm start
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
cat <<EOF >/etc/systemd/system/checkmate-client.service
[Unit]
Description=Checkmate Client
After=network.target
[Service]
Type=simple
User=root
WorkingDirectory=/opt/checkmate/client
ExecStart=/usr/bin/npm run preview -- --host 127.0.0.1 --port 5173
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
$STD systemctl enable -q --now checkmate-server
$STD systemctl enable -q --now checkmate-client
msg_ok "Created Services"
msg_info "Configuring Nginx Reverse Proxy"
cat <<EOF >/etc/nginx/sites-available/checkmate
server {
listen 80 default_server;
server_name _;
client_max_body_size 100M;
# Client UI
location / {
proxy_pass http://127.0.0.1:5173;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
# API Server
location /api/v1/ {
proxy_pass http://127.0.0.1:52345/api/v1/;
proxy_http_version 1.1;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
}
}
EOF
ln -sf /etc/nginx/sites-available/checkmate /etc/nginx/sites-enabled/checkmate
rm -f /etc/nginx/sites-enabled/default
$STD nginx -t
$STD systemctl reload nginx
msg_ok "Configured Nginx Reverse Proxy"
motd_ssh
customize
cleanup_lxc

4
install/nextexplorer-install.sh
View File

@ -3,7 +3,7 @@
# Copyright (c) 2021-2026 community-scripts ORG # Copyright (c) 2021-2026 community-scripts ORG
# Author: vhsdream # Author: vhsdream
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE # License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/vikramsoni2/nextExplorer # Source: https://github.com/nxzai/nextExplorer
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color color
@ -26,7 +26,7 @@ msg_ok "Installed Dependencies"
NODE_VERSION="24" setup_nodejs NODE_VERSION="24" setup_nodejs
fetch_and_deploy_gh_release "nextExplorer" "vikramsoni2/nextExplorer" "tarball" "latest" "/opt/nextExplorer" fetch_and_deploy_gh_release "nextExplorer" "nxzai/nextExplorer" "tarball" "latest" "/opt/nextExplorer"
msg_info "Building nextExplorer" msg_info "Building nextExplorer"
APP_DIR="/opt/nextExplorer/app" APP_DIR="/opt/nextExplorer/app"

99
install/nginx-ui-install.sh
View File

@ -1,99 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://nginxui.com
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
nginx \
logrotate
msg_ok "Installed Dependencies"
fetch_and_deploy_gh_release "nginx-ui" "0xJacky/nginx-ui" "prebuild" "latest" "/opt/nginx-ui" "nginx-ui-linux-64.tar.gz"
msg_info "Installing Nginx UI"
cp /opt/nginx-ui/nginx-ui /usr/local/bin/nginx-ui
chmod +x /usr/local/bin/nginx-ui
rm -rf /opt/nginx-ui
msg_ok "Installed Nginx UI"
msg_info "Configuring Nginx UI"
mkdir -p /usr/local/etc/nginx-ui
cat <<EOF >/usr/local/etc/nginx-ui/app.ini
[server]
HttpHost = 0.0.0.0
HttpPort = 9000
RunMode = release
JwtSecret = $(openssl rand -hex 32)
[nginx]
AccessLogPath = /var/log/nginx/access.log
ErrorLogPath = /var/log/nginx/error.log
ConfigDir = /etc/nginx
PIDPath = /run/nginx.pid
TestConfigCmd = nginx -t
ReloadCmd = nginx -s reload
RestartCmd = systemctl restart nginx
[app]
PageSize = 10
[cert]
Email =
CADir =
RenewalInterval = 7
RecursiveNameservers =
EOF
msg_ok "Configured Nginx UI"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/nginx-ui.service
[Unit]
Description=Another WebUI for Nginx
Documentation=https://nginxui.com
After=network.target nginx.service
[Service]
Type=simple
ExecStart=/usr/local/bin/nginx-ui --config /usr/local/etc/nginx-ui/app.ini
RuntimeDirectory=nginx-ui
WorkingDirectory=/var/run/nginx-ui
Restart=on-failure
TimeoutStopSec=5
KillMode=mixed
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
msg_ok "Created Service"
msg_info "Creating Initial Admin User"
systemctl start nginx-ui
sleep 3
systemctl stop nginx-ui
sleep 1
/usr/local/bin/nginx-ui reset-password --config /usr/local/etc/nginx-ui/app.ini &>/tmp/nginx-ui-reset.log || true
ADMIN_PASS=$(grep -oP 'Password: \K\S+' /tmp/nginx-ui-reset.log || echo "admin")
echo -e "Nginx-UI Credentials\nUsername: admin\nPassword: $ADMIN_PASS" >~/nginx-ui.creds
rm -f /tmp/nginx-ui-reset.log
msg_ok "Created Initial Admin User"
msg_info "Starting Service"
systemctl enable -q --now nginx-ui
rm -rf /etc/nginx/sites-enabled/default
msg_ok "Started Service"
motd_ssh
customize
cleanup_lxc

69
install/nightscout-install.sh
View File

@ -1,69 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: aendel
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/nightscout/cgm-remote-monitor
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
build-essential \
libssl-dev \
openssl
msg_ok "Installed Dependencies"
MONGO_VERSION="8.0" setup_mongodb
NODE_VERSION="22" setup_nodejs
fetch_and_deploy_gh_release "nightscout" "nightscout/cgm-remote-monitor" "source"
msg_info "Installing Nightscout"
$STD npm install --prefix /opt/nightscout
msg_ok "Installed Nightscout"
msg_info "Creating Service"
useradd -s /bin/bash -m nightscout
chown -R nightscout:nightscout /opt/nightscout
API_SECRET=$(openssl rand -hex 16)
cat <<EOF >/opt/nightscout/my.env
MONGO_CONNECTION=mongodb://127.0.0.1:27017/nightscout
BASE_URL=http://localhost:1337
API_SECRET=${API_SECRET}
DISPLAY_UNITS=mg/dl
ENABLE=careportal boluscalc food bwp cage sage iage iob cob basal ar2 rawbg pushover bgi pump openaps pvb linear custom
INSECURE_USE_HTTP=true
EOF
chown nightscout:nightscout /opt/nightscout/my.env
cat <<EOF >/etc/systemd/system/nightscout.service
[Unit]
Description=Nightscout CGM Service
After=network.target mongodb.service
[Service]
Type=simple
User=nightscout
WorkingDirectory=/opt/nightscout
EnvironmentFile=/opt/nightscout/my.env
ExecStart=/usr/bin/npm start
Restart=always
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now nightscout
msg_ok "Created Service"
{
echo "Nightscout Credentials"
echo "API_SECRET: ${API_SECRET}"
} >> ~/nightscout.creds
motd_ssh
customize
cleanup_lxc

210
install/opencloud-install.sh
View File

@ -1,210 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: vhsdream
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://opencloud.eu
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
read -r -p "${TAB3}Enter the hostname of your OpenCloud server (eg cloud.domain.tld): " oc_host
if [[ "$oc_host" ]]; then
OC_HOST="$oc_host"
fi
read -r -p "${TAB3}Enter the hostname of your Collabora server (eg collabora.domain.tld): " collabora_host
if [[ "$collabora_host" ]]; then
COLLABORA_HOST="$collabora_host"
fi
read -r -p "${TAB3}Enter the hostname of your WOPI server (eg wopiserver.domain.tld): " wopi_host
if [[ "$wopi_host" ]]; then
WOPI_HOST="$wopi_host"
fi
# Collabora online - this is broken because it adds the Component and apt doesn't like that
# setup_deb822_repo \
# "collaboraonline" \
# "https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg" \
# "https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb/Release" \
# "./" \
# "main"
msg_info "Installing Collabora Online"
curl -fsSL https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg -o /etc/apt/keyrings/collaboraonline-release-keyring.gpg
cat <<EOF >/etc/apt/sources.list.d/colloboraonline.sources
Types: deb
URIs: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb
Suites: ./
Signed-By: /etc/apt/keyrings/collaboraonline-release-keyring.gpg
EOF
$STD apt-get update
$STD apt-get install -y coolwsd code-brand
systemctl stop coolwsd
mkdir -p /etc/systemd/system/coolwsd.service.d
cat <<EOF >/etc/systemd/system/coolwsd.service.d/override.conf
[Unit]
Before=opencloud-wopi.service
EOF
systemctl daemon-reload
COOLPASS="$(openssl rand -base64 36)"
$STD sudo -u cool coolconfig set-admin-password --user=admin --password="$COOLPASS"
echo "$COOLPASS" >~/.coolpass
msg_ok "Installed Collabora Online"
# OpenCloud
fetch_and_deploy_gh_release "opencloud" "opencloud-eu/opencloud" "singlefile" "v5.0.1" "/usr/bin" "opencloud-*-linux-amd64"
msg_info "Configuring OpenCloud"
DATA_DIR="/var/lib/opencloud/"
CONFIG_DIR="/etc/opencloud"
ENV_FILE="${CONFIG_DIR}/opencloud.env"
mkdir -p "$DATA_DIR" "$CONFIG_DIR"/assets/apps
curl -fsSL https://raw.githubusercontent.com/opencloud-eu/opencloud-compose/refs/heads/main/config/opencloud/csp.yaml -o "$CONFIG_DIR"/csp.yaml
curl -fsSL https://raw.githubusercontent.com/opencloud-eu/opencloud-compose/refs/heads/main/config/opencloud/proxy.yaml -o "$CONFIG_DIR"/proxy.yaml.bak
cat <<EOF >"$ENV_FILE"
OC_URL=https://${OC_HOST}
OC_INSECURE=false
IDM_CREATE_DEMO_USERS=false
OC_LOG_LEVEL=warning
OC_CONFIG_DIR=${CONFIG_DIR}
OC_BASE_DATA_PATH=${DATA_DIR}
STORAGE_SYSTEM_OC_ROOT=${DATA_DIR}/storage/metadata
## Web
WEB_ASSET_CORE_PATH=${CONFIG_DIR}/web/assets
WEB_ASSET_APPS_PATH=${CONFIG_DIR}/web/assets/apps
WEB_UI_CONFIG_FILE=${CONFIG_DIR}/web/config.json
# WEB_ASSET_THEMES_PATH=${CONFIG_DIR}/web/assets/themes
# WEB_UI_THEME_PATH=
## Frontend
FRONTEND_DISABLE_RADICALE=true
FRONTEND_GROUPWARE_ENABLED=false
GRAPH_INCLUDE_OCM_SHAREES=true
## Proxy
PROXY_TLS=false
PROXY_CSP_CONFIG_FILE_LOCATION=${CONFIG_DIR}/csp.yaml
## Collaboration - requires VALID TLS
COLLABORA_DOMAIN=${COLLABORA_HOST}
COLLABORATION_APP_NAME="CollaboraOnline"
COLLABORATION_APP_PRODUCT="Collabora"
COLLABORATION_APP_ADDR=https://${COLLABORA_HOST}
COLLABORATION_APP_INSECURE=false
COLLABORATION_HTTP_ADDR=0.0.0.0:9300
COLLABORATION_WOPI_SRC=https://${WOPI_HOST}
COLLABORATION_JWT_SECRET=
## Notifications - Email settings
# NOTIFICATIONS_SMTP_HOST=
# NOTIFICATIONS_SMTP_PORT=
# NOTIFICATIONS_SMTP_SENDER=
# NOTIFICATIONS_SMTP_USERNAME=
# NOTIFICATIONS_SMTP_PASSWORD=
# NOTIFICATIONS_SMTP_AUTHENTICATION=login
## Encryption method. Possible values are 'starttls', 'ssltls' and 'none'
# NOTIFICATIONS_SMTP_ENCRYPTION=starttls
## Allow insecure connections. Defaults to false.
# NOTIFICATIONS_SMTP_INSECURE=false
## Start additional services at runtime
## Examples: notifications, antivirus etc.
## Do not uncomment unless configured above.
# OC_ADD_RUN_SERVICES="notifications"
## OpenID - via web browser
## uncomment for OpenID in general
# OC_EXCLUDE_RUN_SERVICES=idp
# OC_OIDC_ISSUER=<your auth URL>
# IDP_DOMAIN=<your auth URL>
# PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD=none
# PROXY_OIDC_REWRITE_WELLKNOWN=true
# PROXY_USER_OIDC_CLAIM=preferred_username
# PROXY_USER_CS3_CLAIM=username
## automatically create accounts
# PROXY_AUTOPROVISION_ACCOUNTS=true
# WEB_OIDC_SCOPE=openid profile email groups
# GRAPH_ASSIGN_DEFAULT_USER_ROLE=false
#
## uncomment below if using PocketID
# WEB_OIDC_CLIENT_ID=<generated in PocketID>
# WEB_OIDC_METADATA_URL=<your auth URL>/.well-known/openid-configuration
## Full Text Search - Apache Tika
## Requires a separate install of Tika - see https://community-scripts.github.io/ProxmoxVE/scripts?id=apache-tika
# SEARCH_EXTRACTOR_TYPE=tika
# FRONTEND_FULL_TEXT_SEARCH_ENABLED=true
# SEARCH_EXTRACTOR_TIKA_TIKA_URL=<your-tika-url>
## External storage test - Only NFS v4.2+ is supported
## User files
# STORAGE_USERS_POSIX_ROOT=<path-to-your-bind_mount>
EOF
cat <<EOF >/etc/systemd/system/opencloud.service
[Unit]
Description=OpenCloud server
After=network-online.target
[Service]
Type=simple
User=opencloud
Group=opencloud
EnvironmentFile=${ENV_FILE}
ExecStart=/usr/bin/opencloud server
Restart=always
[Install]
WantedBy=multi-user.target
EOF
cat <<EOF >/etc/systemd/system/opencloud-wopi.service
[Unit]
Description=OpenCloud WOPI Server
Wants=coolwsd.service
After=opencloud.service coolwsd.service
[Service]
Type=simple
User=opencloud
Group=opencloud
EnvironmentFile=${ENV_FILE}
ExecStartPre=/bin/sleep 10
ExecStart=/usr/bin/opencloud collaboration server
Restart=always
KillSignal=SIGKILL
KillMode=mixed
TimeoutStopSec=10
[Install]
WantedBy=multi-user.target
EOF
$STD sudo -u cool coolconfig set ssl.enable false
$STD sudo -u cool coolconfig set ssl.termination true
$STD sudo -u cool coolconfig set ssl.ssl_verification true
sed -i "s|CSP2\"/>|CSP2\">frame-ancestors https://${OC_HOST}</content_security_policy>|" /etc/coolwsd/coolwsd.xml
useradd -r -M -s /usr/sbin/nologin opencloud
chown -R opencloud:opencloud "$CONFIG_DIR" "$DATA_DIR"
sudo -u opencloud opencloud init --config-path "$CONFIG_DIR" --insecure no
OPENCLOUD_SECRET="$(sed -n '/jwt/p' "$CONFIG_DIR"/opencloud.yaml | awk '{print $2}')"
sed -i "s/JWT_SECRET=/&${OPENCLOUD_SECRET//&/\\&}/" "$ENV_FILE"
msg_ok "Configured OpenCloud"
msg_info "Starting services"
systemctl enable -q --now coolwsd opencloud
sleep 5
systemctl enable -q --now opencloud-wopi
msg_ok "Started services"
motd_ssh
customize
cleanup_lxc

324
install/zitadel-install.sh Normal file
View File

@ -0,0 +1,324 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: dave-yap (dave-yap) | Co-Author: remz1337
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://zitadel.com/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
# Configuration variables
ZITADEL_DIR="/opt/zitadel"
LOGIN_DIR="/opt/login"
CONFIG_DIR="/etc/zitadel"
ZITADEL_USER="zitadel"
ZITADEL_GROUP="zitadel"
DB_NAME="zitadel"
DB_USER="zitadel"
DB_PASSWORD="$(openssl rand -base64 32 | tr -d '=/+' | head -c 32)"
POSTGRES_ADMIN_PASSWORD="$(openssl rand -base64 32 | tr -d '=/+' | head -c 32)"
MASTERKEY="$(openssl rand -base64 32 | tr -d '=/+' | head -c 32)"
API_PORT="8080"
LOGIN_PORT="3000"
# Detect server IP address
SERVER_IP=$(hostname -I | awk '{print $1}')
msg_info "Installing Dependencies (Patience)"
$STD apt install -y ca-certificates
msg_ok "Installed Dependecies"
# Create zitadel user
msg_info "Creating zitadel system user"
groupadd --system "${ZITADEL_GROUP}"
useradd --system --gid "${ZITADEL_GROUP}" --shell /bin/bash --home-dir "${ZITADEL_DIR}" "${ZITADEL_USER}"
msg_ok "Created zitadel system user"
fetch_and_deploy_gh_release "zitadel" "zitadel/zitadel" "prebuild" "latest" "${ZITADEL_DIR}" "zitadel-linux-amd64.tar.gz"
chown -R "${ZITADEL_USER}:${ZITADEL_GROUP}" "${ZITADEL_DIR}"
fetch_and_deploy_gh_release "login" "zitadel/zitadel" "prebuild" "latest" "${LOGIN_DIR}" "zitadel-login.tar.gz"
chown -R "${ZITADEL_USER}:${ZITADEL_GROUP}" "${LOGIN_DIR}"
NODE_VERSION="24" setup_nodejs
PG_VERSION="17" setup_postgresql
setup_go
msg_info "Configuring Postgresql"
$STD sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD '${POSTGRES_ADMIN_PASSWORD}';"
msg_ok "Configured PostgreSQL"
msg_info "Installing Zitadel"
cd "${ZITADEL_DIR}"
mkdir -p ${CONFIG_DIR}
echo "${MASTERKEY}" > ${CONFIG_DIR}/.masterkey
# Update config.yaml for network access
cat > "${CONFIG_DIR}/config.yaml" <<EOF
ExternalSecure: false
ExternalDomain: ${SERVER_IP}
ExternalPort: ${API_PORT}
TLS:
Enabled: false
Log:
Level: info
Formatter:
Format: text
Database:
Postgres:
Database: ${DB_NAME}
Host: localhost
Port: 5432
AwaitInitialConn: 5m
MaxOpenConns: 20
MaxIdleConns: 20
ConnMaxLifetime: 60m
ConnMaxIdleTime: 10m
User:
Username: ${DB_USER}
Password: ${DB_PASSWORD}
SSL:
Mode: disable
Admin:
Username: postgres
Password: ${POSTGRES_ADMIN_PASSWORD}
SSL:
Mode: disable
FirstInstance:
LoginClientPatPath: login-client.pat
PatPath: admin.pat
InstanceName: ZITADEL
DefaultLanguage: en
Org:
LoginClient:
Machine:
Username: login-client
Name: Automatically Initialized IAM Login Client
Pat:
ExpirationDate: 2099-01-01T00:00:00Z
Machine:
Machine:
Username: admin
Name: Automatically Initialized IAM admin Client
Pat:
ExpirationDate: 2099-01-01T00:00:00Z
Human:
Username: zitadel-admin@zitadel.localhost
Password: Password1!
PasswordChangeRequired: false
DefaultInstance:
Features:
LoginV2:
BaseURI: http://${SERVER_IP}:${LOGIN_PORT}/ui/v2/login
EOF
chown "${ZITADEL_USER}:${ZITADEL_GROUP}" "${CONFIG_DIR}/config.yaml"
# Initialize database as zitadel user (no masterkey needed for init)
$STD ./zitadel init --config ${CONFIG_DIR}/config.yaml
# Run setup phase as zitadel user (with masterkey and steps)
$STD ./zitadel setup --config ${CONFIG_DIR}/config.yaml --steps ${CONFIG_DIR}/config.yaml --masterkey "${MASTERKEY}"
#Read client token
CLIENT_PAT=$(cat ${ZITADEL_DIR}/login-client.pat)
# Update Login V2 login.env file
cat > "${CONFIG_DIR}/login.env" <<EOF
NEXT_PUBLIC_BASE_PATH=/ui/v2/login
EMAIL_VERIFICATION=false
ZITADEL_API_URL=http://${SERVER_IP}:${API_PORT}
ZITADEL_SERVICE_USER_TOKEN_FILE=../../login-client.pat
ZITADEL_SERVICE_USER_TOKEN=${CLIENT_PAT}
EOF
chown "${ZITADEL_USER}:${ZITADEL_GROUP}" "${CONFIG_DIR}/login.env"
# Update package.json to bind to 0.0.0.0 instead of 127.0.0.1
#sed -i 's/"prod": "cd \.\/\.next\/standalone && HOSTNAME=127\.0\.0\.1/"prod": "cd .\/\.next\/standalone \&\& HOSTNAME=0.0.0.0/g' "${LOGIN_DIR}/apps/login/package.json"
# Create api.env file
cat > "${CONFIG_DIR}/api.env" <<EOF
ZITADEL_MASTERKEY=${MASTERKEY}
ZITADEL_DATABASE_POSTGRES_HOST=localhost
ZITADEL_DATABASE_POSTGRES_PORT=5432
ZITADEL_DATABASE_POSTGRES_DATABASE=${DB_NAME}
ZITADEL_DATABASE_POSTGRES_USER_USERNAME=${DB_USER}
ZITADEL_DATABASE_POSTGRES_USER_PASSWORD=${DB_PASSWORD}
ZITADEL_DATABASE_POSTGRES_USER_SSL_MODE=disable
ZITADEL_DATABASE_POSTGRES_ADMIN_USERNAME=postgres
ZITADEL_DATABASE_POSTGRES_ADMIN_PASSWORD=${POSTGRES_ADMIN_PASSWORD}
ZITADEL_DATABASE_POSTGRES_ADMIN_SSL_MODE=disable
ZITADEL_EXTERNALSECURE=false
EOF
# Set secure permissions
chmod 600 "${CONFIG_DIR}/api.env"
chown "${ZITADEL_USER}:${ZITADEL_GROUP}" "${CONFIG_DIR}/api.env"
msg_ok "Installed Zitadel"
msg_info "Creating Services"
# Create API service
cat > /etc/systemd/system/zitadel-api.service <<EOF
[Unit]
Description=ZITADEL API Server
After=network.target postgresql.service
Requires=postgresql.service
[Service]
Type=simple
User=${ZITADEL_USER}
Group=${ZITADEL_GROUP}
WorkingDirectory=${ZITADEL_DIR}
EnvironmentFile=${CONFIG_DIR}/api.env
Environment="PATH=/usr/local/bin:/usr/local/go/bin:/usr/bin:/bin"
ExecStart=${ZITADEL_DIR}/zitadel start --config ${CONFIG_DIR}/config.yaml --masterkey \${ZITADEL_MASTERKEY}
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
EOF
# Create Login V2 service
cat > /etc/systemd/system/zitadel-login.service <<EOF
[Unit]
Description=ZITADEL Login V2 Service
After=network.target zitadel-api.service
Requires=zitadel-api.service
[Service]
Type=simple
User=${ZITADEL_USER}
Group=${ZITADEL_GROUP}
WorkingDirectory=${LOGIN_DIR}/apps/login
EnvironmentFile=${CONFIG_DIR}/login.env
Environment="PATH=/usr/local/bin:/usr/bin:/bin"
Environment="NODE_ENV=production"
ExecStart=node ${LOGIN_DIR}/apps/login/server.js
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
EOF
# Reload systemd
systemctl daemon-reload
# Enable and start API service
systemctl enable -q --now zitadel-api.service
# Wait for API to start
sleep 10
# Enable and start Login service
systemctl enable -q --now zitadel-login.service
msg_ok "Created Services"
msg_info "Saving Credentials"
# Create credentials file
cat > "${CONFIG_DIR}/INSTALLATION_INFO.txt" <<EOF
################################################################################
# ZITADEL Installation Information
# Generated: $(date)
################################################################################
SERVER INFORMATION:
-------------------
Server IP: ${SERVER_IP}
API Port: ${API_PORT}
Login Port: ${LOGIN_PORT}
ACCESS URLS:
------------
Management Console: http://${SERVER_IP}:${API_PORT}/ui/console
Login V2 UI: http://${SERVER_IP}:${LOGIN_PORT}/ui/v2/login
API Endpoint: http://${SERVER_IP}:${API_PORT}
DEFAULT ADMIN CREDENTIALS:
--------------------------
Username: zitadel-admin@zitadel.localhost
Password: Password1!
IMPORTANT: Change this password immediately after first login!
DATABASE CREDENTIALS:
---------------------
Database Name: ${DB_NAME}
Database User: ${DB_USER}
Database Password: ${DB_PASSWORD}
PostgreSQL Admin Password: ${POSTGRES_ADMIN_PASSWORD}
SECURITY:
---------
Master Key: ${MASTERKEY}
IMPORTANT: Keep these credentials secure and backup this file!
VERIFICATION:
-------------
1. Check API health:
curl http://${SERVER_IP}:${API_PORT}/debug/healthz
2. Access Management Console:
http://${SERVER_IP}:${API_PORT}/ui/console
3. Login with admin credentials above
DATABASE INFORMATION:
--------------------
The database and user are automatically created by ZITADEL on first startup.
ZITADEL uses the admin credentials to create:
- Database: ${DB_NAME}
- User: ${DB_USER}
- Schemas: eventstore, projections, system
PRODUCTION NOTES:
-----------------
1. This installation uses HTTP (not HTTPS) for simplicity
2. For production with HTTPS:
- Set ExternalSecure: true in config.yaml
- Configure TLS certificates
- Update firewall rules for port 443
3. Change all default passwords immediately
4. Set up regular database backups
5. Configure proper monitoring and alerting
6. Review and harden PostgreSQL security settings
BACKUP COMMANDS:
----------------
Database backup:
PGPASSWORD=${DB_PASSWORD} pg_dump -h localhost -U ${DB_USER} ${DB_NAME} > zitadel_backup_\$(date +%Y%m%d).sql
Database restore:
PGPASSWORD=${DB_PASSWORD} psql -h localhost -U ${DB_USER} ${DB_NAME} < zitadel_backup_YYYYMMDD.sql
################################################################################
EOF
chmod 600 "${CONFIG_DIR}/INSTALLATION_INFO.txt"
chown "${ZITADEL_USER}:${ZITADEL_GROUP}" "${CONFIG_DIR}/INSTALLATION_INFO.txt"
cp ${ZITADEL_DIR}/admin.pat ${CONFIG_DIR}/admin.pat.BAK
cp ${ZITADEL_DIR}/login-client.pat ${CONFIG_DIR}/login-client.pat.BAK
msg_ok "Saved Credentials"
msg_info "Create zitadel-rerun.sh"
cat <<EOF >~/zitadel-rerun.sh
systemctl stop zitadel
timeout --kill-after=5s 15s zitadel setup --masterkeyFile ${CONFIG_DIR}/.masterkey --config ${CONFIG_DIR}/config.yaml"
systemctl restart zitadel
EOF
msg_ok "Bash script for rerunning Zitadel after changing Zitadel config.yaml"
motd_ssh
customize
cleanup_lxc