community-scripts/ProxmoxVED
1
0
Fork 0
mirror of https://github.com/community-scripts/ProxmoxVED.git synced 2026-02-25 05:57:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' of https://github.com/GoldenSpringness/ProxmoxVED into feature/sonobarr

Browse Source
This commit is contained in:
GoldenSpring
2026-01-30 11:26:51 +03:00
parent 57fe52595a edac4a2293
commit 6b0b8d07e3
103 changed files with 6774 additions and 2703 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
install/affine-install.sh
View File

@@ -29,7 +29,7 @@ PG_VERSION="16" PG_MODULES="pgvector" setup_postgresql
PG_DB_NAME="affine" PG_DB_USER="affine" setup_postgresql_db
NODE_VERSION="22" setup_nodejs
setup_rust
import_local_ip
fetch_and_deploy_gh_release "affine_app" "toeverything/AFFiNE" "tarball" "latest" "/opt/affine"

41
install/alpine-loki-install.sh
View File

@@ -1,41 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2025 community-scripts ORG
# Author: hoholms
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://github.com/grafana/loki
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Loki"
$STD apk add loki
$STD sed -i '/http_addr/s/127.0.0.1/0.0.0.0/g' /etc/conf.d/loki
$STD rc-service loki start
$STD rc-update add loki default
$STD mkdir /tmp/loki/
$STD chown -R loki:grafana /tmp/loki/
$STD mkdir /var/log/loki/
$STD chown -R loki:grafana /var/log/loki/
$STD chmod 755 /etc/loki/loki-local-config.yaml
$STD sed -i '/^querier:/,/enable_multi_variant_queries: false/ s/^/#/' /etc/loki/loki-local-config.yaml
$STD echo "output_log=\"\${output_log:-/var/log/loki/output.log}\"" >> /etc/init.d/loki
$STD echo "error_log=\"\${error_log:-/var/log/loki/error.log}\"" >> /etc/init.d/loki
$STD echo "start_stop_daemon_args=\"\${SSD_OPTS} -1 \${output_log} -2 \${error_log}\"" >> /etc/init.d/loki
$STD rc-service loki restart
msg_ok "Installed Loki"
msg_info "Installing Promtail"
$STD apk add loki-promtail
$STD sed -i '/http_addr/s/127.0.0.1/0.0.0.0/g' /etc/conf.d/loki
$STD rc-service loki-promtail start
$STD rc-update add loki-promtail default
msg_ok "Installed Promtail"
motd_ssh
customize

34
install/alpine-powerdns-install.sh Normal file
View File

@@ -0,0 +1,34 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: Slaviša Arežina (tremor021)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://www.powerdns.com/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing PowerDNS"
$STD apk add --no-cache pdns pdns-backend-sqlite3 pdns-doc
msg_ok "Installed PowerDNS"
msg_info "Configuring PowerDNS"
sed -i '/^# launch=$/c\launch=gsqlite3\ngsqlite3-database=/var/lib/powerdns/pdns.sqlite3' /etc/pdns/pdns.conf
mkdir /var/lib/powerdns
sqlite3 /var/lib/powerdns/pdns.sqlite3 < /usr/share/doc/pdns/schema.sqlite3.sql
chown -R pdns:pdns /var/lib/powerdns
msg_ok "Configured PowerDNS"
msg_info "Creating Service"
$STD rc-update add pdns default
$STD rc-service pdns start
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

34
install/alpine-rustypaste-install.sh
View File

@@ -13,34 +13,20 @@ setting_up_container
network_check
update_os
fetch_and_deploy_gh_release "rustypaste" "orhun/rustypaste" "prebuild" "latest" "/opt/rustypaste" "*x86_64-unknown-linux-musl.tar.gz"
msg_info "Installing RustyPaste"
$STD apk add --no-cache rustypaste --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community
msg_ok "Installed RustyPaste"
msg_info "Setting up rustypaste"
cd /opt/rustypaste
sed -i 's|^address = ".*"|address = "0.0.0.0:8000"|' config.toml
msg_ok "Set up rustypaste"
msg_info "Configuring RustyPaste"
mkdir -p /var/lib/rustypaste
sed -i 's|^address = ".*"|address = "0.0.0.0:8000"|' /etc/rustypaste/config.toml
msg_ok "Configured RustyPaste"
msg_info "Creating Service"
cat <<'EOF' >/etc/init.d/rustypaste
#!/sbin/openrc-run
name="rustypaste"
description="rustypaste Service"
directory="/opt/rustypaste"
command="/opt/rustypaste/rustypaste"
command_args=""
pidfile="/run/${RC_SVCNAME}.pid"
command_background="yes"
start_stop_daemon_args="--user root"
depend() {
need net
}
EOF
chmod +x /etc/init.d/rustypaste
rc-update add rustypaste default
rc-service rustypaste start
$STD rc-update add rustypaste default
$STD rc-service rustypaste start
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

24
install/alpine-valkey-install.sh
View File

@@ -1,24 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: pshankinclarke (lazarillo)
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://valkey.io/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Valkey"
$STD apk add valkey valkey-openrc valkey-cli
$STD sed -i 's/^bind .*/bind 0.0.0.0/' /etc/valkey/valkey.conf
$STD rc-update add valkey default
$STD rc-service valkey start
msg_ok "Installed Valkey"
motd_ssh
customize

82
install/anytype-install.sh Normal file
View File

@@ -0,0 +1,82 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://anytype.io
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
setup_mongodb
msg_info "Configuring MongoDB Replica Set"
cat <<EOF >>/etc/mongod.conf
replication:
replSetName: "rs0"
EOF
systemctl restart mongod
sleep 3
$STD mongosh --eval 'rs.initiate({_id: "rs0", members: [{_id: 0, host: "127.0.0.1:27017"}]})'
msg_ok "Configured MongoDB Replica Set"
msg_info "Installing Redis Stack"
setup_deb822_repo \
"redis-stack" \
"https://packages.redis.io/gpg" \
"https://packages.redis.io/deb" \
"jammy" \
"main"
$STD apt-get install -y \
redis-stack-server
systemctl enable -q --now redis-stack-server
msg_ok "Installed Redis Stack"
fetch_and_deploy_gh_release "anytype" "grishy/any-sync-bundle" "prebuild" "latest" "/opt/anytype" "any-sync-bundle_*_linux_amd64.tar.gz"
chmod +x /opt/anytype/any-sync-bundle
msg_info "Configuring Anytype"
mkdir -p /opt/anytype/data/storage
cat <<EOF >/opt/anytype/.env
ANY_SYNC_BUNDLE_CONFIG=/opt/anytype/data/bundle-config.yml
ANY_SYNC_BUNDLE_CLIENT_CONFIG=/opt/anytype/data/client-config.yml
ANY_SYNC_BUNDLE_INIT_STORAGE=/opt/anytype/data/storage/
ANY_SYNC_BUNDLE_INIT_EXTERNAL_ADDRS=${LOCAL_IP}
ANY_SYNC_BUNDLE_INIT_MONGO_URI=mongodb://127.0.0.1:27017/
ANY_SYNC_BUNDLE_INIT_REDIS_URI=redis://127.0.0.1:6379/
ANY_SYNC_BUNDLE_LOG_LEVEL=info
EOF
msg_ok "Configured Anytype"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/anytype.service
[Unit]
Description=Anytype Sync Server (any-sync-bundle)
After=network-online.target mongod.service redis-stack-server.service
Wants=network-online.target
Requires=mongod.service redis-stack-server.service
[Service]
Type=simple
User=root
WorkingDirectory=/opt/anytype
EnvironmentFile=/opt/anytype/.env
ExecStart=/opt/anytype/any-sync-bundle start-bundle
Restart=on-failure
RestartSec=10
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now anytype
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

107
install/authelia-install.sh Normal file
View File

@@ -0,0 +1,107 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: thost96 (thost96)
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://www.authelia.com/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
fetch_and_deploy_gh_release "authelia" "authelia/authelia" "binary"
MAX_ATTEMPTS=3
attempt=0
while true; do
attempt=$((attempt + 1))
read -rp "${TAB3}Enter your domain or IP (ex. example.com or 192.168.1.100): " DOMAIN
if [[ -z "$DOMAIN" ]]; then
if ((attempt >= MAX_ATTEMPTS)); then
DOMAIN="${LOCAL_IP:-localhost}"
msg_warn "Using fallback: $DOMAIN"
break
fi
msg_warn "Domain cannot be empty! (Attempt $attempt/$MAX_ATTEMPTS)"
elif [[ "$DOMAIN" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
valid_ip=true
IFS='.' read -ra octets <<< "$DOMAIN"
for octet in "${octets[@]}"; do
if ((octet > 255)); then
valid_ip=false
break
fi
done
if $valid_ip; then
break
else
msg_warn "Invalid IP address!"
fi
elif [[ "$DOMAIN" =~ ^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*\.[a-zA-Z]{2,}$ ]]; then
break
else
msg_warn "Invalid domain format!"
fi
done
msg_info "Setting Authelia up"
touch /etc/authelia/emails.txt
JWT_SECRET=$(openssl rand -hex 64)
SESSION_SECRET=$(openssl rand -hex 64)
STORAGE_KEY=$(openssl rand -hex 64)
if [[ "$DOMAIN" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
AUTHELIA_URL="https://${DOMAIN}:9091"
else
AUTHELIA_URL="https://auth.${DOMAIN}"
fi
echo "$AUTHELIA_URL" > /etc/authelia/.authelia_url
cat <<EOF >/etc/authelia/users.yml
users:
authelia:
disabled: false
displayname: "Authelia Admin"
password: "\$argon2id\$v=19\$m=65536,t=3,p=4\$ZBopMzXrzhHXPEZxRDVT2w\$SxWm96DwhOsZyn34DLocwQEIb4kCDsk632PuiMdZnig"
groups: []
EOF
cat <<EOF >/etc/authelia/configuration.yml
authentication_backend:
file:
path: /etc/authelia/users.yml
access_control:
default_policy: one_factor
session:
secret: "${SESSION_SECRET}"
name: 'authelia_session'
same_site: 'lax'
inactivity: '5m'
expiration: '1h'
remember_me: '1M'
cookies:
- domain: "${DOMAIN}"
authelia_url: "${AUTHELIA_URL}"
storage:
encryption_key: "${STORAGE_KEY}"
local:
path: /etc/authelia/db.sqlite
identity_validation:
reset_password:
jwt_secret: "${JWT_SECRET}"
jwt_lifespan: '5 minutes'
jwt_algorithm: 'HS256'
notifier:
filesystem:
filename: /etc/authelia/emails.txt
EOF
touch /etc/authelia/emails.txt
chown -R authelia:authelia /etc/authelia
systemctl enable -q --now authelia
msg_ok "Authelia Setup completed"
motd_ssh
customize
cleanup_lxc

50
install/byparr-install.sh
View File

@@ -1,50 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: luismco
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://github.com/ThePhaseless/Byparr
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt -y install \
xauth \
xvfb \
scrot \
chromium \
chromium-driver \
ca-certificates
msg_ok "Installed Dependencies"
fetch_and_deploy_gh_release "Byparr" "ThePhaseless/Byparr"
setup_uv
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/byparr.service
[Unit]
Description=Byparr
After=network.target
[Service]
Type=simple
WorkingDirectory=/opt/Byparr
ExecStart=/usr/local/bin/uv run python3 main.py
Restart=on-failure
RestartSec=10
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now byparr
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

31
install/clawdbot-install.sh Normal file
View File

@@ -0,0 +1,31 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: michelroegl-brunner
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/clawdbot/clawdbot
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
build-essential \
git
msg_ok "Installed Dependencies"
NODE_VERSION="24" NODE_MODULE="pnpm@latest" setup_nodejs
curl -fsSL https://clawd.bot/install.sh | bash
motd_ssh
customize
cleanup_lxc

79
install/databasus-install.sh
View File

@@ -14,12 +14,12 @@ network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y nginx
$STD apt install -y \
nginx \
valkey
msg_ok "Installed Dependencies"
import_local_ip
PG_VERSION="17" setup_postgresql
PG_DB_NAME="databasus" PG_DB_USER="databasus" setup_postgresql_db
setup_go
NODE_VERSION="24" setup_nodejs
@@ -36,19 +36,17 @@ $STD go install github.com/swaggo/swag/cmd/swag@latest
$STD /root/go/bin/swag init -g cmd/main.go -o swagger
$STD env CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o databasus ./cmd/main.go
mv /opt/databasus/backend/databasus /opt/databasus/databasus
mkdir -p /opt/databasus_data/{data,backups,logs}
mkdir -p /databasus-data/temp
mkdir -p /databasus-data/{pgdata,temp,backups,data,logs}
mkdir -p /opt/databasus/ui/build
mkdir -p /opt/databasus/migrations
cp -r /opt/databasus/frontend/dist/* /opt/databasus/ui/build/
cp -r /opt/databasus/backend/migrations /opt/databasus/
chown -R postgres:postgres /opt/databasus
chown -R postgres:postgres /opt/databasus_data
cp -r /opt/databasus/backend/migrations/* /opt/databasus/migrations/
chown -R postgres:postgres /databasus-data
msg_ok "Built Databasus"
msg_info "Configuring Databasus"
ADMIN_PASS=$(openssl rand -base64 12)
JWT_SECRET=$(openssl rand -hex 32)
ENCRYPTION_KEY=$(openssl rand -hex 32)
# Create PostgreSQL version symlinks for compatibility
for v in 12 13 14 15 16 18; do
@@ -67,50 +65,67 @@ ENV_MODE=production
SERVER_PORT=4005
SERVER_HOST=0.0.0.0
# Database (Internal PostgreSQL for app data)
DATABASE_DSN=host=localhost user=${PG_DB_USER} password=${PG_DB_PASS} dbname=${PG_DB_NAME} port=5432 sslmode=disable
DATABASE_URL=postgres://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}?sslmode=disable
# Database
DATABASE_DSN=host=localhost user=postgres password=postgres dbname=databasus port=5432 sslmode=disable
DATABASE_URL=postgres://postgres:postgres@localhost:5432/databasus?sslmode=disable
# Migrations
GOOSE_DRIVER=postgres
GOOSE_DBSTRING=postgres://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}?sslmode=disable
GOOSE_DBSTRING=postgres://postgres:postgres@localhost:5432/databasus?sslmode=disable
GOOSE_MIGRATION_DIR=/opt/databasus/migrations
# Valkey (Redis-compatible cache)
VALKEY_HOST=localhost
VALKEY_PORT=6379
# Security
JWT_SECRET=${JWT_SECRET}
ENCRYPTION_KEY=$(openssl rand -hex 32)
# Admin User
ADMIN_EMAIL=admin@localhost
ADMIN_PASSWORD=${ADMIN_PASS}
ENCRYPTION_KEY=${ENCRYPTION_KEY}
# Paths
DATA_DIR=/opt/databasus_data/data
BACKUP_DIR=/opt/databasus_data/backups
LOG_DIR=/opt/databasus_data/logs
# PostgreSQL Tools (for creating backups)
PG_DUMP_PATH=/usr/lib/postgresql/17/bin/pg_dump
PG_RESTORE_PATH=/usr/lib/postgresql/17/bin/pg_restore
PSQL_PATH=/usr/lib/postgresql/17/bin/psql
DATA_DIR=/databasus-data/data
BACKUP_DIR=/databasus-data/backups
LOG_DIR=/databasus-data/logs
EOF
chown postgres:postgres /opt/databasus/.env
chmod 600 /opt/databasus/.env
msg_ok "Configured Databasus"
msg_info "Configuring Valkey"
cat >/etc/valkey/valkey.conf <<EOF
port 6379
bind 127.0.0.1
protected-mode yes
save ""
maxmemory 256mb
maxmemory-policy allkeys-lru
EOF
systemctl enable -q --now valkey-server
systemctl restart valkey-server
msg_ok "Configured Valkey"
msg_info "Creating Database"
# Configure PostgreSQL to allow local password auth for databasus
PG_HBA="/etc/postgresql/17/main/pg_hba.conf"
if ! grep -q "databasus" "$PG_HBA"; then
sed -i '/^local\s*all\s*all/i local databasus postgres trust' "$PG_HBA"
sed -i '/^host\s*all\s*all\s*127/i host databasus postgres 127.0.0.1/32 trust' "$PG_HBA"
systemctl reload postgresql
fi
$STD sudo -u postgres psql -c "CREATE DATABASE databasus;" 2>/dev/null || true
$STD sudo -u postgres psql -c "ALTER USER postgres WITH SUPERUSER CREATEROLE CREATEDB;" 2>/dev/null || true
msg_ok "Created Database"
msg_info "Creating Databasus Service"
cat <<EOF >/etc/systemd/system/databasus.service
[Unit]
Description=Databasus - PostgreSQL Backup Management
After=network.target postgresql.service
Requires=postgresql.service
Description=Databasus - Database Backup Management
After=network.target postgresql.service valkey.service
Requires=postgresql.service valkey.service
[Service]
Type=simple
User=postgres
Group=postgres
WorkingDirectory=/opt/databasus
Environment="PATH=/usr/local/bin:/usr/bin:/bin"
EnvironmentFile=/opt/databasus/.env
ExecStart=/opt/databasus/databasus
Restart=always

179
install/dawarich-install.sh
View File

@@ -1,179 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/Freika/dawarich
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt-get install -y \
build-essential \
git \
libpq-dev \
libgeos-dev \
libyaml-dev \
libffi-dev \
libssl-dev \
libjemalloc2 \
imagemagick \
libmagickwand-dev \
libvips-dev \
cmake \
redis-server \
nginx
msg_ok "Installed Dependencies"
PG_VERSION="17" PG_MODULES="postgis-3" setup_postgresql
PG_DB_NAME="dawarich_production" PG_DB_USER="dawarich" PG_DB_EXTENSIONS="postgis" setup_postgresql_db
fetch_and_deploy_gh_release "dawarich" "Freika/dawarich" "tarball" "latest" "/opt/dawarich/app"
msg_info "Setting up Directories"
mkdir -p /opt/dawarich/app/{storage,log,tmp/pids,tmp/cache,tmp/sockets}
msg_ok "Set up Directories"
msg_info "Configuring Environment"
SECRET_KEY_BASE=$(openssl rand -hex 64)
RELEASE=$(get_latest_github_release "Freika/dawarich")
import_local_ip
cat <<EOF >/opt/dawarich/.env
RAILS_ENV=production
SECRET_KEY_BASE=${SECRET_KEY_BASE}
DATABASE_HOST=localhost
DATABASE_USERNAME=${PG_DB_USER}
DATABASE_PASSWORD=${PG_DB_PASS}
DATABASE_NAME=${PG_DB_NAME}
REDIS_URL=redis://127.0.0.1:6379/0
BACKGROUND_PROCESSING_CONCURRENCY=10
APPLICATION_HOST=${LOCAL_IP}
APPLICATION_HOSTS=${LOCAL_IP},localhost
TIME_ZONE=UTC
DISABLE_TELEMETRY=true
APP_VERSION=${RELEASE}
EOF
msg_ok "Configured Environment"
NODE_VERSION="22" setup_nodejs
RUBY_VERSION=$(cat /opt/dawarich/app/.ruby-version 2>/dev/null || echo "3.4.6")
RUBY_VERSION=${RUBY_VERSION} RUBY_INSTALL_RAILS="false" setup_ruby
msg_info "Installing Dawarich"
cd /opt/dawarich/app
source /root/.profile
export PATH="/root/.rbenv/shims:/root/.rbenv/bin:$PATH"
eval "$(/root/.rbenv/bin/rbenv init - bash)"
set -a && source /opt/dawarich/.env && set +a
$STD gem install bundler
$STD bundle config set --local deployment 'true'
$STD bundle config set --local without 'development test'
$STD bundle install
if [[ -f /opt/dawarich/package.json ]]; then
cd /opt/dawarich
$STD npm install
cd /opt/dawarich/app
elif [[ -f /opt/dawarich/app/package.json ]]; then
$STD npm install
fi
$STD bundle exec rake assets:precompile
$STD bundle exec rails db:prepare
$STD bundle exec rake data:migrate
msg_ok "Installed Dawarich"
msg_info "Creating Services"
cat <<EOF >/etc/systemd/system/dawarich-web.service
[Unit]
Description=Dawarich Web Server
After=network.target postgresql.service redis-server.service
Requires=postgresql.service redis-server.service
[Service]
Type=simple
WorkingDirectory=/opt/dawarich/app
EnvironmentFile=/opt/dawarich/.env
ExecStart=/root/.rbenv/shims/bundle exec puma -C config/puma.rb
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
cat <<EOF >/etc/systemd/system/dawarich-worker.service
[Unit]
Description=Dawarich Sidekiq Worker
After=network.target postgresql.service redis-server.service
Requires=postgresql.service redis-server.service
[Service]
Type=simple
WorkingDirectory=/opt/dawarich/app
EnvironmentFile=/opt/dawarich/.env
ExecStart=/root/.rbenv/shims/bundle exec sidekiq -C config/sidekiq.yml
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now redis-server dawarich-web dawarich-worker
msg_ok "Created Services"
msg_info "Configuring Nginx"
cat <<EOF >/etc/nginx/sites-available/dawarich.conf
upstream dawarich {
server 127.0.0.1:3000;
}
server {
listen 80;
server_name _;
root /opt/dawarich/app/public;
client_max_body_size 100M;
location ~ ^/(assets|packs)/ {
expires max;
add_header Cache-Control "public, immutable";
try_files \$uri =404;
}
location / {
try_files \$uri @rails;
}
location @rails {
proxy_pass http://dawarich;
proxy_http_version 1.1;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_buffering off;
}
}
EOF
ln -sf /etc/nginx/sites-available/dawarich.conf /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default
systemctl enable -q --now nginx
msg_ok "Configured Nginx"
motd_ssh
customize
cleanup_lxc

2
install/deferred/docspell-install.sh
View File

@@ -14,7 +14,7 @@ update_os
msg_info "Setup Functions"
setup_local_ip_helper
import_local_ip
msg_ok "Setup Functions"
msg_info "Installing Dependencies (Patience)"

121
install/docker-install.sh
View File

@@ -1,121 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 tteck
# Author: tteck (tteckster)
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://www.docker.com/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
# Apply AppArmor workaround BEFORE installing Docker
# See: https://github.com/opencontainers/runc/issues/4968
apply_docker_apparmor_workaround
get_latest_release() {
curl -fsSL https://api.github.com/repos/"$1"/releases/latest | grep '"tag_name":' | cut -d'"' -f4
}
DOCKER_LATEST_VERSION=$(get_latest_release "moby/moby")
PORTAINER_LATEST_VERSION=$(get_latest_release "portainer/portainer")
PORTAINER_AGENT_LATEST_VERSION=$(get_latest_release "portainer/agent")
DOCKER_COMPOSE_LATEST_VERSION=$(get_latest_release "docker/compose")
msg_info "Installing Docker $DOCKER_LATEST_VERSION"
DOCKER_CONFIG_PATH='/etc/docker/daemon.json'
mkdir -p $(dirname $DOCKER_CONFIG_PATH)
echo -e '{\n "log-driver": "journald"\n}' >/etc/docker/daemon.json
$STD sh <(curl -fsSL https://get.docker.com)
msg_ok "Installed Docker $DOCKER_LATEST_VERSION"
# Restart Docker to apply AppArmor workaround (if running in LXC)
$STD systemctl restart docker
read -r -p "${TAB3}Install Docker Compose v2 plugin? <y/N> " prompt_compose
if [[ ${prompt_compose,,} =~ ^(y|yes)$ ]]; then
msg_info "Installing Docker Compose $DOCKER_COMPOSE_LATEST_VERSION"
mkdir -p /usr/local/lib/docker/cli-plugins
curl -fsSL "https://github.com/docker/compose/releases/download/${DOCKER_COMPOSE_LATEST_VERSION}/docker-compose-$(uname -s)-$(uname -m)" \
-o /usr/local/lib/docker/cli-plugins/docker-compose
chmod +x /usr/local/lib/docker/cli-plugins/docker-compose
msg_ok "Installed Docker Compose $DOCKER_COMPOSE_LATEST_VERSION"
fi
read -r -p "${TAB3}Would you like to add Portainer (UI)? <y/N> " prompt
if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
msg_info "Installing Portainer $PORTAINER_LATEST_VERSION"
docker volume create portainer_data >/dev/null
$STD docker run -d \
-p 8000:8000 \
-p 9443:9443 \
--name=portainer \
--restart=always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v portainer_data:/data \
portainer/portainer-ce:latest
msg_ok "Installed Portainer $PORTAINER_LATEST_VERSION"
else
read -r -p "${TAB3}Would you like to install the Portainer Agent (for remote management)? <y/N> " prompt_agent
if [[ ${prompt_agent,,} =~ ^(y|yes)$ ]]; then
msg_info "Installing Portainer Agent $PORTAINER_AGENT_LATEST_VERSION"
$STD docker run -d \
-p 9001:9001 \
--name portainer_agent \
--restart=always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /var/lib/docker/volumes:/var/lib/docker/volumes \
portainer/agent
msg_ok "Installed Portainer Agent $PORTAINER_AGENT_LATEST_VERSION"
fi
fi
read -r -p "${TAB3}Expose Docker TCP socket (insecure) ? [n = No, l = Local only (127.0.0.1), a = All interfaces (0.0.0.0)] <n/l/a>: " socket_choice
case "${socket_choice,,}" in
l)
socket="tcp://127.0.0.1:2375"
;;
a)
socket="tcp://0.0.0.0:2375"
;;
*)
socket=""
;;
esac
if [[ -n "$socket" ]]; then
msg_info "Enabling Docker TCP socket on $socket"
$STD apt-get install -y jq
tmpfile=$(mktemp)
jq --arg sock "$socket" '. + { "hosts": ["unix:///var/run/docker.sock", $sock] }' /etc/docker/daemon.json >"$tmpfile" && mv "$tmpfile" /etc/docker/daemon.json
mkdir -p /etc/systemd/system/docker.service.d
cat <<EOF >/etc/systemd/system/docker.service.d/override.conf
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd
EOF
$STD systemctl daemon-reexec
$STD systemctl daemon-reload
if systemctl restart docker; then
msg_ok "Docker TCP socket available on $socket"
else
msg_error "Docker failed to restart. Check journalctl -xeu docker.service"
exit 1
fi
fi
motd_ssh
customize
msg_info "Cleaning up"
$STD apt-get -y autoremove
$STD apt-get -y autoclean
msg_ok "Cleaned"

30
install/ebusd-install.sh Normal file
View File

@@ -0,0 +1,30 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: Joerg Heinemann (heinemannj)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/john30/ebusd
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
setup_deb822_repo \
"ebusd" \
"https://raw.githubusercontent.com/john30/ebusd-debian/master/ebusd.gpg" \
"https://repo.ebusd.eu/apt/default/bookworm/" \
"bookworm" \
"main"
msg_info "Installing ebusd"
$STD apt install -y ebusd
systemctl enable -q --now ebusd
msg_ok "Installed ebusd"
motd_ssh
customize
cleanup_lxc

2
install/ente-install.sh
View File

@@ -28,7 +28,7 @@ setup_go
NODE_VERSION="24" NODE_MODULE="yarn" setup_nodejs
RUST_CRATES="wasm-pack" setup_rust
$STD rustup target add wasm32-unknown-unknown
import_local_ip
ENTE_CLI_VERSION=$(curl -s https://api.github.com/repos/ente-io/ente/releases | jq -r '[.[] | select(.tag_name | startswith("cli-v"))][0].tag_name')
fetch_and_deploy_gh_release "ente-server" "ente-io/ente" "tarball" "latest" "/opt/ente"

45
install/fileflows-install.sh Normal file
View File

@@ -0,0 +1,45 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: kkroboth
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://fileflows.com/
# Import Functions und Setup
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
ffmpeg \
imagemagick
msg_ok "Installed Dependencies"
setup_hwaccel
setup_deb822_repo \
"microsoft" \
"https://packages.microsoft.com/keys/microsoft-2025.asc" \
"https://packages.microsoft.com/debian/13/prod/" \
"trixie"
fetch_and_deploy_archive "https://fileflows.com/downloads/zip" "/opt/fileflows"
msg_info "Installing ASP.NET Core Runtime"
$STD apt install -y aspnetcore-runtime-8.0
msg_ok "Installed ASP.NET Core Runtime"
msg_info "Setting up FileFlows"
$STD ln -svf /usr/bin/ffmpeg /usr/local/bin/ffmpeg
$STD ln -svf /usr/bin/ffprobe /usr/local/bin/ffprobe
cd /opt/fileflows/Server
$STD dotnet FileFlows.Server.dll --systemd install --root true
systemctl enable -q --now fileflows
msg_ok "Setup FileFlows"
motd_ssh
customize
cleanup_lxc

27
install/forgejo-runner-install.sh
View File

@@ -12,19 +12,19 @@ setting_up_container
network_check
update_os
if [[ -z "$var_forgejo_instance" ]]; then
read -rp "Forgejo Instance URL (e.g. https://code.forgejo.org): " var_forgejo_instance
fi
# Get required configuration with sensible fallbacks for unattended mode
# These will show a warning if defaults are used
var_forgejo_instance=$(prompt_input_required \
"Forgejo Instance URL:" \
"${var_forgejo_instance:-https://codeberg.org}" \
120 \
"var_forgejo_instance")
if [[ -z "$var_forgejo_runner_token" ]]; then
read -rp "Forgejo Runner Registration Token: " var_forgejo_runner_token
echo
fi
if [[ -z "$var_forgejo_instance" || -z "$var_forgejo_runner_token" ]]; then
echo "❌ Forgejo instance URL and runner token are required."
exit 1
fi
var_forgejo_runner_token=$(prompt_input_required \
"Forgejo Runner Registration Token:" \
"${var_forgejo_runner_token:-REPLACE_WITH_YOUR_TOKEN}" \
120 \
"var_forgejo_runner_token")
export FORGEJO_INSTANCE="$var_forgejo_instance"
export FORGEJO_RUNNER_TOKEN="$var_forgejo_runner_token"
@@ -78,6 +78,9 @@ EOF
systemctl enable -q --now forgejo-runner
msg_ok "Created Services"
# Show warning if any required values used fallbacks
show_missing_values_warning
motd_ssh
customize
cleanup_lxc

9
install/garmin-grafana-install.sh
View File

@@ -110,8 +110,7 @@ msg_ok "Installed garmin-grafana"
msg_info "Setting up garmin-grafana"
# Check if using Chinese garmin servers
read -rp "Are you using Garmin in mainland China? (y/N): " prompt
if [[ "${prompt,,}" =~ ^(y|yes|Y)$ ]]; then
if prompt_confirm "Are you using Garmin in mainland China?" "n" 60; then
GARMIN_CN="True"
else
GARMIN_CN="False"
@@ -131,9 +130,9 @@ EOF
# garmin-grafana usually prompts the user for email and password (and MFA) on first run,
# then stores a refreshable token. We try to avoid storing user credentials in the env vars
if [ -z "$(ls -A /opt/garmin-grafana/.garminconnect)" ]; then
read -r -p "Please enter your Garmin Connect Email: " GARMIN_EMAIL
read -r -p "Please enter your Garmin Connect Password (this is used to generate a token and NOT stored): " GARMIN_PASSWORD
read -r -p "Please enter your MFA Code (if applicable, leave blank if not): " GARMIN_MFA
GARMIN_EMAIL=$(prompt_input "Please enter your Garmin Connect Email:" "" 120)
GARMIN_PASSWORD=$(prompt_password "Please enter your Garmin Connect Password (used to generate token, NOT stored):" "" 120)
GARMIN_MFA=$(prompt_input "Please enter your MFA Code (leave blank if not applicable):" "" 60)
# Run the script once to prompt for credential
msg_info "Creating Garmin credentials, this will timeout in 60 seconds"
timeout 60s uv run --env-file /opt/garmin-grafana/.env --project /opt/garmin-grafana/ /opt/garmin-grafana/src/garmin_grafana/garmin_fetch.py <<EOF

45
install/ghost-install.sh Normal file
View File

@@ -0,0 +1,45 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: fabrice1236
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://ghost.org/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
nginx \
ca-certificates \
libjemalloc2 \
git
msg_ok "Installed Dependencies"
setup_mariadb
MARIADB_DB_NAME="ghost" MARIADB_DB_USER="ghostuser" setup_mariadb_db
NODE_VERSION="22" setup_nodejs
msg_info "Installing Ghost CLI"
$STD npm install ghost-cli@latest -g
msg_ok "Installed Ghost CLI"
msg_info "Creating Service"
$STD adduser --disabled-password --gecos "Ghost user" ghost-user
$STD usermod -aG sudo ghost-user
echo "ghost-user ALL=(ALL) NOPASSWD:ALL" | tee /etc/sudoers.d/ghost-user
mkdir -p /var/www/ghost
chown -R ghost-user:ghost-user /var/www/ghost
chmod 775 /var/www/ghost
$STD sudo -u ghost-user -H sh -c "cd /var/www/ghost && ghost install --db=mysql --dbhost=localhost --dbuser=$MARIADB_DB_USER --dbpass=$MARIADB_DB_PASS --dbname=$MARIADB_DB_NAME --url=http://localhost:2368 --no-prompt --no-setup-nginx --no-setup-ssl --no-setup-mysql --enable --start --ip 0.0.0.0"
rm /etc/sudoers.d/ghost-user
msg_ok "Creating Service"
motd_ssh
customize
cleanup_lxc

488
install/immich-install.sh Normal file
View File

@@ -0,0 +1,488 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: vhsdream
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://immich.app
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
echo ""
echo ""
echo -e "🤖 ${BL}Immich Machine Learning Options${CL}"
echo "─────────────────────────────────────────"
echo "Please choose your machine-learning type:"
echo ""
echo " 1) CPU only (default)"
echo " 2) Intel OpenVINO (requires GPU passthrough)"
echo ""
read -r -p "${TAB3}Select machine-learning type [1]: " ML_TYPE
ML_TYPE="${ML_TYPE:-1}"
if [[ "$ML_TYPE" == "2" ]]; then
msg_info "Installing OpenVINO dependencies"
touch ~/.openvino
$STD apt install -y --no-install-recommends patchelf
tmp_dir=$(mktemp -d)
$STD pushd "$tmp_dir"
curl -fsSLO https://raw.githubusercontent.com/immich-app/base-images/refs/heads/main/server/Dockerfile
readarray -t INTEL_URLS < <(
sed -n "/intel-[igc|opencl]/p" ./Dockerfile | awk '{print $2}'
sed -n "/libigdgmm12/p" ./Dockerfile | awk '{print $3}'
)
for url in "${INTEL_URLS[@]}"; do
curl -fsSLO "$url"
done
$STD apt install -y ./libigdgmm12*.deb
rm ./libigdgmm12*.deb
$STD apt install -y ./*.deb
$STD apt-mark hold libigdgmm12
$STD popd
rm -rf "$tmp_dir"
dpkg-query -W -f='${Version}\n' intel-opencl-icd >~/.intel_version
msg_ok "Installed OpenVINO dependencies"
fi
setup_uv
msg_info "Installing dependencies"
$STD apt install --no-install-recommends -y \
git \
redis \
autoconf \
build-essential \
python3-dev \
automake \
cmake \
jq \
libtool \
libltdl-dev \
libgdk-pixbuf-2.0-dev \
libbrotli-dev \
libexif-dev \
libexpat1-dev \
libglib2.0-dev \
libgsf-1-dev \
libjpeg62-turbo-dev \
libspng-dev \
liblcms2-dev \
libopenexr-dev \
libgif-dev \
librsvg2-dev \
libexpat1 \
libgcc-s1 \
libgomp1 \
liblqr-1-0 \
libltdl7 \
libopenjp2-7 \
meson \
ninja-build \
pkg-config \
mesa-utils \
mesa-va-drivers \
mesa-vulkan-drivers \
ocl-icd-libopencl1 \
tini \
zlib1g \
libio-compress-brotli-perl \
libwebp7 \
libwebpdemux2 \
libwebpmux3 \
libhwy1t64 \
libdav1d-dev \
libhwy-dev \
libwebp-dev \
libaom-dev \
ccache
setup_deb822_repo \
"jellyfin" \
"https://repo.jellyfin.org/jellyfin_team.gpg.key" \
"https://repo.jellyfin.org/debian" \
"$(get_os_info codename)"
$STD apt install -y jellyfin-ffmpeg7
ln -sf /usr/lib/jellyfin-ffmpeg/ffmpeg /usr/bin/ffmpeg
ln -sf /usr/lib/jellyfin-ffmpeg/ffprobe /usr/bin/ffprobe
# Set permissions for /dev/dri (only in privileged containers and if /dev/dri exists)
if [[ "$CTTYPE" == "0" && -d /dev/dri ]]; then
chgrp video /dev/dri 2>/dev/null || true
chmod 755 /dev/dri 2>/dev/null || true
chmod 660 /dev/dri/* 2>/dev/null || true
$STD adduser "$(id -u -n)" video 2>/dev/null || true
$STD adduser "$(id -u -n)" render 2>/dev/null || true
fi
msg_ok "Dependencies Installed"
msg_info "Installing Mise"
curl -fSs https://mise.jdx.dev/gpg-key.pub | tee /etc/apt/keyrings/mise-archive-keyring.pub 1>/dev/null
echo "deb [signed-by=/etc/apt/keyrings/mise-archive-keyring.pub arch=amd64] https://mise.jdx.dev/deb stable main" >/etc/apt/sources.list.d/mise.list
$STD apt update
$STD apt install -y mise
msg_ok "Installed Mise"
msg_info "Configuring Debian Testing Repo"
sed -i 's/ trixie-updates/ trixie-updates testing/g' /etc/apt/sources.list.d/debian.sources
cat <<EOF >/etc/apt/preferences.d/preferences
Package: *
Pin: release a=unstable
Pin-Priority: 450
Package: *
Pin:release a=testing
Pin-Priority: 450
EOF
$STD apt update
msg_ok "Configured Debian Testing repo"
msg_info "Installing packages from Debian Testing repo"
$STD apt install -t testing --no-install-recommends -yqq libmimalloc3 libde265-dev
msg_ok "Installed packages from Debian Testing repo"
PNPM_VERSION="$(curl -fsSL "https://raw.githubusercontent.com/immich-app/immich/refs/heads/main/package.json" | jq -r '.packageManager | split("@")[1]')"
NODE_VERSION="24" NODE_MODULE="pnpm@${PNPM_VERSION}" setup_nodejs
PG_VERSION="16" PG_MODULES="pgvector" setup_postgresql
VCHORD_RELEASE="0.5.3"
msg_info "Installing Vectorchord v${VCHORD_RELEASE}"
curl -fsSL "https://github.com/tensorchord/VectorChord/releases/download/${VCHORD_RELEASE}/postgresql-16-vchord_${VCHORD_RELEASE}-1_amd64.deb" -o vchord.deb
$STD apt install -y ./vchord.deb
rm vchord.deb
echo "$VCHORD_RELEASE" >~/.vchord_version
msg_ok "Installed Vectorchord v${VCHORD_RELEASE}"
sed -i -e "/^#shared_preload/s/^#//;/^shared_preload/s/''/'vchord.so'/" /etc/postgresql/16/main/postgresql.conf
systemctl restart postgresql.service
PG_DB_NAME="immich" PG_DB_USER="immich" PG_DB_GRANT_SUPERUSER="true" PG_DB_SKIP_ALTER_ROLE="true" setup_postgresql_db
msg_info "Compiling Custom Photo-processing Library (extreme patience)"
LD_LIBRARY_PATH=/usr/local/lib
export LD_RUN_PATH=/usr/local/lib
STAGING_DIR=/opt/staging
BASE_REPO="https://github.com/immich-app/base-images"
BASE_DIR=${STAGING_DIR}/base-images
SOURCE_DIR=${STAGING_DIR}/image-source
$STD git clone -b main "$BASE_REPO" "$BASE_DIR"
mkdir -p "$SOURCE_DIR"
msg_info "(1/5) Compiling libjxl"
cd "$STAGING_DIR"
SOURCE=${SOURCE_DIR}/libjxl
JPEGLI_LIBJPEG_LIBRARY_SOVERSION="62"
JPEGLI_LIBJPEG_LIBRARY_VERSION="62.3.0"
: "${LIBJXL_REVISION:=$(jq -cr '.revision' $BASE_DIR/server/sources/libjxl.json)}"
$STD git clone https://github.com/libjxl/libjxl.git "$SOURCE"
cd "$SOURCE"
$STD git reset --hard "$LIBJXL_REVISION"
$STD git submodule update --init --recursive --depth 1 --recommend-shallow
$STD git apply "$BASE_DIR"/server/sources/libjxl-patches/jpegli-empty-dht-marker.patch
$STD git apply "$BASE_DIR"/server/sources/libjxl-patches/jpegli-icc-warning.patch
mkdir build
cd build
$STD cmake \
-DCMAKE_BUILD_TYPE=Release \
-DBUILD_TESTING=OFF \
-DJPEGXL_ENABLE_DOXYGEN=OFF \
-DJPEGXL_ENABLE_MANPAGES=OFF \
-DJPEGXL_ENABLE_PLUGIN_GIMP210=OFF \
-DJPEGXL_ENABLE_BENCHMARK=OFF \
-DJPEGXL_ENABLE_EXAMPLES=OFF \
-DJPEGXL_FORCE_SYSTEM_BROTLI=ON \
-DJPEGXL_FORCE_SYSTEM_HWY=ON \
-DJPEGXL_ENABLE_JPEGLI=ON \
-DJPEGXL_ENABLE_JPEGLI_LIBJPEG=ON \
-DJPEGXL_INSTALL_JPEGLI_LIBJPEG=ON \
-DJPEGXL_ENABLE_PLUGINS=ON \
-DJPEGLI_LIBJPEG_LIBRARY_SOVERSION="$JPEGLI_LIBJPEG_LIBRARY_SOVERSION" \
-DJPEGLI_LIBJPEG_LIBRARY_VERSION="$JPEGLI_LIBJPEG_LIBRARY_VERSION" \
-DLIBJPEG_TURBO_VERSION_NUMBER=2001005 \
..
$STD cmake --build . -- -j"$(nproc)"
$STD cmake --install .
ldconfig /usr/local/lib
$STD make clean
cd "$STAGING_DIR"
rm -rf "$SOURCE"/{build,third_party}
msg_ok "(1/5) Compiled libjxl"
msg_info "(2/5) Compiling libheif"
SOURCE=${SOURCE_DIR}/libheif
: "${LIBHEIF_REVISION:=$(jq -cr '.revision' $BASE_DIR/server/sources/libheif.json)}"
$STD git clone https://github.com/strukturag/libheif.git "$SOURCE"
cd "$SOURCE"
$STD git reset --hard "$LIBHEIF_REVISION"
mkdir build
cd build
$STD cmake --preset=release-noplugins \
-DWITH_DAV1D=ON \
-DENABLE_PARALLEL_TILE_DECODING=ON \
-DWITH_LIBSHARPYUV=ON \
-DWITH_LIBDE265=ON \
-DWITH_AOM_DECODER=OFF \
-DWITH_AOM_ENCODER=ON \
-DWITH_X265=OFF \
-DWITH_EXAMPLES=OFF \
..
$STD make install -j "$(nproc)"
ldconfig /usr/local/lib
$STD make clean
cd "$STAGING_DIR"
rm -rf "$SOURCE"/build
msg_ok "(2/5) Compiled libheif"
msg_info "(3/5) Compiling libraw"
SOURCE=${SOURCE_DIR}/libraw
: "${LIBRAW_REVISION:=$(jq -cr '.revision' $BASE_DIR/server/sources/libraw.json)}"
$STD git clone https://github.com/libraw/libraw.git "$SOURCE"
cd "$SOURCE"
$STD git reset --hard "$LIBRAW_REVISION"
$STD autoreconf --install
$STD ./configure --disable-examples
$STD make -j"$(nproc)"
$STD make install
ldconfig /usr/local/lib
$STD make clean
cd "$STAGING_DIR"
msg_ok "(3/5) Compiled libraw"
msg_info "(4/5) Compiling imagemagick"
SOURCE=$SOURCE_DIR/imagemagick
: "${IMAGEMAGICK_REVISION:=$(jq -cr '.revision' $BASE_DIR/server/sources/imagemagick.json)}"
$STD git clone https://github.com/ImageMagick/ImageMagick.git "$SOURCE"
cd "$SOURCE"
$STD git reset --hard "$IMAGEMAGICK_REVISION"
$STD ./configure --with-modules CPPFLAGS="-DMAGICK_LIBRAW_VERSION_TAIL=202502"
$STD make -j"$(nproc)"
$STD make install
ldconfig /usr/local/lib
$STD make clean
cd "$STAGING_DIR"
msg_ok "(4/5) Compiled imagemagick"
msg_info "(5/5) Compiling libvips"
SOURCE=$SOURCE_DIR/libvips
: "${LIBVIPS_REVISION:=$(jq -cr '.revision' $BASE_DIR/server/sources/libvips.json)}"
$STD git clone https://github.com/libvips/libvips.git "$SOURCE"
cd "$SOURCE"
$STD git reset --hard "$LIBVIPS_REVISION"
$STD meson setup build --buildtype=release --libdir=lib -Dintrospection=disabled -Dtiff=disabled
cd build
$STD ninja install
ldconfig /usr/local/lib
cd "$STAGING_DIR"
rm -rf "$SOURCE"/build
msg_ok "(5/5) Compiled libvips"
{
echo "imagemagick: $IMAGEMAGICK_REVISION"
echo "libheif: $LIBHEIF_REVISION"
echo "libjxl: $LIBJXL_REVISION"
echo "libraw: $LIBRAW_REVISION"
echo "libvips: $LIBVIPS_REVISION"
} >~/.immich_library_revisions
msg_ok "Custom Photo-processing Libraries Compiled Successfully"
INSTALL_DIR="/opt/${APPLICATION}"
UPLOAD_DIR="${INSTALL_DIR}/upload"
SRC_DIR="${INSTALL_DIR}/source"
APP_DIR="${INSTALL_DIR}/app"
PLUGIN_DIR="${APP_DIR}/corePlugin"
ML_DIR="${APP_DIR}/machine-learning"
GEO_DIR="${INSTALL_DIR}/geodata"
mkdir -p "$INSTALL_DIR"
mkdir -p {"${APP_DIR}","${UPLOAD_DIR}","${GEO_DIR}","${INSTALL_DIR}"/cache}
fetch_and_deploy_gh_release "immich" "immich-app/immich" "tag" "v2.5.2" "$SRC_DIR"
msg_info "Installing Immich (patience)"
cd "$SRC_DIR"/server
export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
export CI=1
corepack enable
# server build
export SHARP_IGNORE_GLOBAL_LIBVIPS=true
$STD pnpm --filter immich --frozen-lockfile build
unset SHARP_IGNORE_GLOBAL_LIBVIPS
export SHARP_FORCE_GLOBAL_LIBVIPS=true
$STD pnpm --filter immich --frozen-lockfile --prod --no-optional deploy "$APP_DIR"
cp "$APP_DIR"/package.json "$APP_DIR"/bin
sed -i 's|^start|./start|' "$APP_DIR"/bin/immich-admin
# openapi & web build
cd "$SRC_DIR"
echo "packageImportMethod: hardlink" >>./pnpm-workspace.yaml
$STD pnpm --filter @immich/sdk --filter immich-web --frozen-lockfile --force install
unset SHARP_FORCE_GLOBAL_LIBVIPS
export SHARP_IGNORE_GLOBAL_LIBVIPS=true
$STD pnpm --filter @immich/sdk --filter immich-web build
cp -a web/build "$APP_DIR"/www
cp LICENSE "$APP_DIR"
# cli build
$STD pnpm --filter @immich/sdk --filter @immich/cli --frozen-lockfile install
$STD pnpm --filter @immich/sdk --filter @immich/cli build
$STD pnpm --filter @immich/cli --prod --no-optional deploy "$APP_DIR"/cli
# plugins
cd "$SRC_DIR"
$STD mise trust --ignore ./mise.toml
$STD mise trust ./plugins/mise.toml
cd plugins
$STD mise install
$STD mise run build
mkdir -p "$PLUGIN_DIR"
cp -r ./dist "$PLUGIN_DIR"/dist
cp ./manifest.json "$PLUGIN_DIR"
msg_ok "Installed Immich Server, Web and Plugin Components"
cd "$SRC_DIR"/machine-learning
$STD useradd -U -s /usr/sbin/nologin -r -M -d "$INSTALL_DIR" immich
mkdir -p "$ML_DIR" && chown -R immich:immich "$INSTALL_DIR"
export VIRTUAL_ENV="${ML_DIR}/ml-venv"
if [[ -f ~/.openvino ]]; then
msg_info "Installing HW-accelerated machine-learning"
$STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv sync --extra openvino --no-dev --active --link-mode copy -n -p python3.13 --managed-python
patchelf --clear-execstack "${VIRTUAL_ENV}/lib/python3.13/site-packages/onnxruntime/capi/onnxruntime_pybind11_state.cpython-313-x86_64-linux-gnu.so"
msg_ok "Installed HW-accelerated machine-learning"
else
msg_info "Installing machine-learning"
$STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv sync --extra cpu --no-dev --active --link-mode copy -n -p python3.11 --managed-python
msg_ok "Installed machine-learning"
fi
cd "$SRC_DIR"
cp -a machine-learning/{ann,immich_ml} "$ML_DIR"
if [[ -f ~/.openvino ]]; then
sed -i "/intra_op/s/int = 0/int = os.cpu_count() or 0/" "$ML_DIR"/immich_ml/config.py
fi
ln -sf "$APP_DIR"/resources "$INSTALL_DIR"
cd "$APP_DIR"
grep -rl /usr/src | xargs -n1 sed -i "s|\/usr/src|$INSTALL_DIR|g"
grep -rlE "'/build'" | xargs -n1 sed -i "s|'/build'|'$APP_DIR'|g"
sed -i "s@\"/cache\"@\"$INSTALL_DIR/cache\"@g" "$ML_DIR"/immich_ml/config.py
ln -s "$UPLOAD_DIR" "$APP_DIR"/upload
ln -s "$UPLOAD_DIR" "$ML_DIR"/upload
msg_info "Installing GeoNames data"
cd "$GEO_DIR"
curl -fsSLZ -O "https://download.geonames.org/export/dump/admin1CodesASCII.txt" \
-O "https://download.geonames.org/export/dump/admin2Codes.txt" \
-O "https://download.geonames.org/export/dump/cities500.zip" \
-O "https://raw.githubusercontent.com/nvkelso/natural-earth-vector/v5.1.2/geojson/ne_10m_admin_0_countries.geojson"
unzip -q cities500.zip
date --iso-8601=seconds | tr -d "\n" >geodata-date.txt
rm cities500.zip
cd "$INSTALL_DIR"
ln -s "$GEO_DIR" "$APP_DIR"
msg_ok "Installed GeoNames data"
mkdir -p /var/log/immich
touch /var/log/immich/{web.log,ml.log}
msg_ok "Installed Immich"
msg_info "Modifying user, creating env file, scripts & services"
usermod -aG video,render immich
cat <<EOF >"${INSTALL_DIR}"/.env
TZ=$(cat /etc/timezone)
IMMICH_VERSION=release
NODE_ENV=production
IMMICH_ALLOW_SETUP=true
DB_HOSTNAME=127.0.0.1
DB_USERNAME=${PG_DB_USER}
DB_PASSWORD=${PG_DB_PASS}
DB_DATABASE_NAME=${PG_DB_NAME}
DB_VECTOR_EXTENSION=vectorchord
REDIS_HOSTNAME=127.0.0.1
IMMICH_MACHINE_LEARNING_URL=http://127.0.0.1:3003
MACHINE_LEARNING_CACHE_FOLDER=${INSTALL_DIR}/cache
## - For OpenVINO only - workaround for onnxruntime-openvino 1.23.x crash
## - See: https://github.com/immich-app/immich/pull/11240
MACHINE_LEARNING_OPENVINO_NUM_THREADS=$(nproc)
## - Uncomment below to increase inference speed while reducing accuracy
# MACHINE_LEARNING_OPENVINO_PRECISION=FP16
IMMICH_MEDIA_LOCATION=${UPLOAD_DIR}
EOF
cat <<EOF >"${ML_DIR}"/ml_start.sh
#!/usr/bin/env bash
cd ${ML_DIR}
. ${VIRTUAL_ENV}/bin/activate
set -a
. ${INSTALL_DIR}/.env
set +a
python3 -m immich_ml
EOF
cat <<EOF >"$APP_DIR"/bin/start.sh
#!/usr/bin/env bash
set -a
. ${INSTALL_DIR}/.env
set +a
/usr/bin/node ${APP_DIR}/dist/main.js "\$@"
EOF
chmod +x "$ML_DIR"/ml_start.sh "$APP_DIR"/bin/start.sh
cat <<EOF >/etc/systemd/system/"${APPLICATION}"-web.service
[Unit]
Description=${APPLICATION} Web Service
After=network.target
Requires=redis-server.service
Requires=postgresql.service
Requires=immich-ml.service
[Service]
Type=simple
User=immich
Group=immich
UMask=0077
WorkingDirectory=${APP_DIR}
EnvironmentFile=${INSTALL_DIR}/.env
ExecStart=/usr/bin/node ${APP_DIR}/dist/main
Restart=on-failure
SyslogIdentifier=immich-web
StandardOutput=append:/var/log/immich/web.log
StandardError=append:/var/log/immich/web.log
[Install]
WantedBy=multi-user.target
EOF
cat <<EOF >/etc/systemd/system/"${APPLICATION}"-ml.service
[Unit]
Description=${APPLICATION} Machine-Learning
After=network.target
[Service]
Type=simple
UMask=0077
User=immich
Group=immich
WorkingDirectory=${APP_DIR}
EnvironmentFile=${INSTALL_DIR}/.env
ExecStart=${ML_DIR}/ml_start.sh
Restart=on-failure
SyslogIdentifier=immich-machine-learning
StandardOutput=append:/var/log/immich/ml.log
StandardError=append:/var/log/immich/ml.log
[Install]
WantedBy=multi-user.target
EOF
chown -R immich:immich "$INSTALL_DIR" /var/log/immich
systemctl enable -q --now "$APPLICATION"-ml.service "$APPLICATION"-web.service
msg_ok "Modified user, created env file, scripts and services"
motd_ssh
customize
cleanup_lxc

97
install/isponsorblocktv-install.sh Normal file
View File

@@ -0,0 +1,97 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: Matthew Stern (sternma)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/dmunozv04/iSponsorBlockTV
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
INSTALL_DIR="/opt/isponsorblocktv"
DATA_DIR="/var/lib/isponsorblocktv"
msg_info "Installing Dependencies"
$STD apt install -y \
python3 \
python3-venv \
python3-pip
msg_ok "Installed Dependencies"
fetch_and_deploy_gh_release "isponsorblocktv" "dmunozv04/iSponsorBlockTV"
msg_info "Setting up iSponsorBlockTV"
$STD python3 -m venv "$INSTALL_DIR/venv"
$STD "$INSTALL_DIR/venv/bin/pip" install --upgrade pip
$STD "$INSTALL_DIR/venv/bin/pip" install "$INSTALL_DIR"
msg_ok "Set up iSponsorBlockTV"
msg_info "Creating data directory"
install -d "$DATA_DIR"
msg_ok "Created data directory"
msg_info "Creating Service"
cat <<EOT >/etc/systemd/system/isponsorblocktv.service
[Unit]
Description=iSponsorBlockTV
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
User=root
Group=root
WorkingDirectory=$INSTALL_DIR
Environment=iSPBTV_data_dir=$DATA_DIR
ExecStart=$INSTALL_DIR/venv/bin/iSponsorBlockTV
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOT
systemctl enable -q --now isponsorblocktv
msg_ok "Created Service"
msg_info "Creating CLI wrapper"
install -d /usr/local/bin
cat <<'EOT' >/usr/local/bin/iSponsorBlockTV
#!/usr/bin/env bash
export iSPBTV_data_dir="/var/lib/isponsorblocktv"
set +e
/opt/isponsorblocktv/venv/bin/iSponsorBlockTV "$@"
status=$?
set -e
case "${1:-}" in
setup|setup-cli)
systemctl restart isponsorblocktv >/dev/null 2>&1 || true
;;
esac
exit $status
EOT
chmod +x /usr/local/bin/iSponsorBlockTV
ln -sf /usr/local/bin/iSponsorBlockTV /usr/bin/iSponsorBlockTV
msg_ok "Created CLI wrapper"
msg_info "Setting default data dir for shells"
cat <<'EOT' >/etc/profile.d/isponsorblocktv.sh
export iSPBTV_data_dir="/var/lib/isponsorblocktv"
EOT
if ! grep -q '^iSPBTV_data_dir=' /etc/environment 2>/dev/null; then
cat <<'EOT' >>/etc/environment
iSPBTV_data_dir=/var/lib/isponsorblocktv
EOT
fi
msg_ok "Set default data dir for shells"
motd_ssh
customize
cleanup_lxc

65
install/jotty-install.sh Normal file
View File

@@ -0,0 +1,65 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: vhsdream | MickLesk
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://github.com/fccview/jotty
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
fetch_and_deploy_gh_release "jotty" "fccview/jotty" "prebuild" "latest" "/opt/jotty" "jotty_*_prebuild.tar.gz"
msg_info "Setup jotty"
mkdir -p data/{users,checklists,notes}
cat <<EOF >/opt/jotty/.env
NODE_ENV=production
# --- Uncomment to enable
# APP_URL=https://your-jotty-domain.com
# INTERNAL_API_URL=http://localhost:3000
# HTTPS=true
# SERVE_PUBLIC_IMAGES=yes
# SERVE_PUBLIC_FILES=yes
# SERVE_PUBLIC_VIDEOS=yes
# STOP_CHECK_UPDATES=yes
# --- For troubleshooting
# DEBUGGER=true
# --- SSO with OIDC (optional)
# SSO_MODE=oidc
# OIDC_ISSUER=<your-oidc-issuer-url>
# OIDC_CLIENT_ID=<oidc-client-id>
# SSO_FALLBACK_LOCAL=yes
# OIDC_CLIENT_SECRET=your_client_secret
# OIDC_ADMIN_GROUPS=admins
EOF
msg_ok "Setup jotty"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/jotty.service
[Unit]
Description=jotty server
After=network.target
[Service]
WorkingDirectory=/opt/jotty
EnvironmentFile=/opt/jotty/.env
ExecStart=/usr/bin/node server.js
Restart=on-abnormal
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now jotty
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

23
install/kitchenowl-install.sh
View File

@@ -17,13 +17,28 @@ msg_info "Installing Dependencies"
$STD apt install -y \
nginx \
build-essential \
gfortran \
pkg-config \
ninja-build \
autoconf \
automake \
libpq-dev \
libffi-dev \
libssl-dev
libssl-dev \
libpcre2-dev \
libre2-dev \
libxml2-dev \
libxslt-dev \
libopenblas-dev \
liblapack-dev \
zlib1g-dev \
libjpeg62-turbo-dev \
libsqlite3-dev \
libexpat1-dev \
libicu-dev
msg_ok "Installed Dependencies"
PYTHON_VERSION="3.14" setup_uv
import_local_ip
fetch_and_deploy_gh_release "kitchenowl" "TomBursch/kitchenowl" "tarball" "latest" "/opt/kitchenowl"
rm -rf /opt/kitchenowl/web
fetch_and_deploy_gh_release "kitchenowl-web" "TomBursch/kitchenowl" "prebuild" "latest" "/opt/kitchenowl/web" "kitchenowl_Web.tar.gz"
@@ -31,10 +46,10 @@ fetch_and_deploy_gh_release "kitchenowl-web" "TomBursch/kitchenowl" "prebuild" "
msg_info "Setting up KitchenOwl"
cd /opt/kitchenowl/backend
#rm -f uv.lock
$STD uv sync --frozen
$STD uv sync --no-dev
sed -i 's/default=True/default=False/' /opt/kitchenowl/backend/wsgi.py
mkdir -p /nltk_data
$STD uv run python -m nltk.downloader -d /nltk_data averaged_perceptron_tagger_eng punkt_tab
$STD uv run python -m nltk.downloader -d /nltk_data averaged_perceptron_tagger_eng
JWT_SECRET=$(openssl rand -hex 32)
mkdir -p /opt/kitchenowl/data
cat <<EOF >/opt/kitchenowl/kitchenowl.env

54
install/languagetool-install.sh
View File

@@ -25,11 +25,65 @@ download_file "https://languagetool.org/download/LanguageTool-stable.zip" /tmp/L
unzip -q /tmp/LanguageTool-stable.zip -d /opt
mv /opt/LanguageTool-*/ /opt/LanguageTool/
download_file "https://dl.fbaipublicfiles.com/fasttext/supervised-models/lid.176.bin" /opt/lid.176.bin
msg_ok "Setup LanguageTool"
ngram_dir=""
lang_code=""
max_attempts=3
attempt=0
while [[ $attempt -lt $max_attempts ]]; do
read -r -p "${TAB3}Enter language code (en, de, es, fr, nl) to download ngrams or press ENTER to skip: " lang_code
if [[ -z "$lang_code" ]]; then
break
fi
if [[ "$lang_code" =~ [[:space:]] ]]; then
((attempt++))
remaining=$((max_attempts - attempt))
if [[ $remaining -gt 0 ]]; then
msg_error "Please enter only ONE language code. You have $remaining attempt(s) remaining."
else
msg_error "Maximum attempts reached. Continuing without ngrams."
lang_code=""
fi
continue
fi
break
done
if [[ -n "$lang_code" ]]; then
if [[ "$lang_code" =~ ^(en|de|es|fr|nl)$ ]]; then
msg_info "Searching for $lang_code ngrams..."
filename=$(curl -fsSL https://languagetool.org/download/ngram-data/ | grep -oP "ngrams-${lang_code}-[0-9]+\.zip" | sort -uV | tail -n1)
if [[ -n "$filename" ]]; then
msg_info "Downloading $filename"
download_file "https://languagetool.org/download/ngram-data/${filename}" "/tmp/${filename}"
mkdir -p /opt/ngrams
msg_info "Extracting $lang_code ngrams to /opt/ngrams"
unzip -q "/tmp/${filename}" -d /opt/ngrams
rm "/tmp/${filename}"
ngram_dir="/opt/ngrams"
msg_ok "Installed $lang_code ngrams"
else
msg_info "No ngram file found for ${lang_code}"
fi
else
msg_error "Invalid language code: $lang_code"
fi
fi
cat <<EOF >/opt/LanguageTool/server.properties
fasttextModel=/opt/lid.176.bin
fasttextBinary=/usr/bin/fasttext
EOF
if [[ -n "$ngram_dir" ]]; then
echo "languageModel=/opt/ngrams" >> /opt/LanguageTool/server.properties
fi
echo "${RELEASE}" >~/.languagetool
msg_ok "Setup LanguageTool"

2
install/linkwarden-install.sh
View File

@@ -22,7 +22,7 @@ PG_VERSION="16" setup_postgresql
PG_DB_NAME="linkwardendb" PG_DB_USER="linkwarden" setup_postgresql_db
RUST_CRATES="monolith" setup_rust
fetch_and_deploy_gh_release "linkwarden" "linkwarden/linkwarden"
import_local_ip
read -r -p "${TAB3}Would you like to add Adminer? <y/N> " prompt
if [[ "${prompt,,}" =~ ^(y|yes)$ ]]; then

37
install/loki-install.sh
View File

@@ -1,37 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2025 community-scripts ORG
# Author: bysinka-95
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://github.com/grafana/loki
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Setting up Grafana Repository"
setup_deb822_repo \
"grafana" \
"https://apt.grafana.com/gpg.key" \
"https://apt.grafana.com" \
"stable" \
"main"
msg_ok "Grafana Repository setup sucessfully"
msg_info "Installing Loki"
$STD apt install -y loki
systemctl enable -q --now loki
msg_ok "Installed Loki"
msg_info "Installing Promtail"
$STD apt install -y promtail
systemctl enable -q --now promtail
msg_ok "Installed Promtail"
motd_ssh
customize
cleanup_lxc

148
install/manyfold-install.sh
View File

@@ -1,148 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: bvdberg01
# Co-Author: SunFlowerOwl
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt-get install -y \
libarchive-dev \
git \
libmariadb-dev \
redis-server \
nginx \
libassimp-dev
msg_ok "Installed Dependencies"
setup_imagemagick
PG_VERSION="16" setup_postgresql
fetch_and_deploy_gh_release "manyfold" "manyfold3d/manyfold" "tarball" "latest" "/opt/manyfold/app"
msg_info "Configuring manyfold environment"
RUBY_INSTALL_VERSION=$(cat /opt/manyfold/app/.ruby-version)
YARN_VERSION=$(grep '"packageManager":' /opt/manyfold/app/package.json | sed -E 's/.*"(yarn@[0-9\.]+)".*/\1/')
RELEASE=$(get_latest_github_release "manyfold3d/manyfold")
DB_NAME=manyfold
DB_USER=manyfold
DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)
$STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';"
$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER TEMPLATE template0;"
$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET default_transaction_isolation TO 'read committed';"
$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET timezone TO 'UTC';"
useradd -m -s /usr/bin/bash manyfold
cat <<EOF >/opt/manyfold/.env
export APP_VERSION=${RELEASE}
export GUID=1002
export PUID=1001
export PUBLIC_PORT=5000
export REDIS_URL=redis://127.0.0.1:6379/1
export DATABASE_ADAPTER=postgresql
export DATABASE_HOST=127.0.0.1
export DATABASE_USER=${DB_USER}
export DATABASE_PASSWORD=${DB_PASS}
export DATABASE_NAME=${DB_NAME}
export DATABASE_CONNECTION_POOL=16
export MULTIUSER=enabled
export HTTPS_ONLY=false
export RAILS_ENV=production
EOF
cat <<EOF >/opt/manyfold/user_setup.sh
#!/bin/bash
source /opt/manyfold/.env
export PATH="/home/manyfold/.rbenv/bin:\$PATH"
eval "\$(/home/manyfold/.rbenv/bin/rbenv init - bash)"
cd /opt/manyfold/app
rbenv global $RUBY_INSTALL_VERSION
gem install bundler
bundle install
gem install sidekiq
gem install foreman
corepack enable yarn
rm -f /opt/manyfold/app/config/credentials.yml.enc
corepack prepare $YARN_VERSION --activate
corepack use $YARN_VERSION
export VISUAL="code --wait"
bin/rails credentials:edit
bin/rails db:migrate
bin/rails assets:precompile
EOF
$STD mkdir -p /opt/manyfold/data
msg_ok "Configured manyfold environment"
NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
RUBY_VERSION=${RUBY_INSTALL_VERSION} RUBY_INSTALL_RAILS="true" HOME=/home/manyfold setup_ruby
msg_info "Installing Manyfold"
chown -R manyfold:manyfold /home/manyfold/.rbenv
chown -R manyfold:manyfold /opt/manyfold
chmod +x /opt/manyfold/user_setup.sh
npm install --global corepack
$STD sudo -u manyfold bash /opt/manyfold/user_setup.sh
rm -f /opt/manyfold/user_setup.sh
msg_ok "Installed manyfold"
msg_info "Creating Services"
source /opt/manyfold/.env
export PATH="/home/manyfold/.rbenv/shims:/home/manyfold/.rbenv/bin:$PATH"
$STD foreman export systemd /etc/systemd/system -a manyfold -u manyfold -f /opt/manyfold/app/Procfile
for f in /etc/systemd/system/manyfold-*.service; do
sed -i "s|/bin/bash -lc '|/bin/bash -lc 'source /opt/manyfold/.env \&\& |" "$f"
done
systemctl enable -q --now manyfold.target manyfold-rails.1 manyfold-default_worker.1 manyfold-performance_worker.1
cat <<EOF >/etc/nginx/sites-available/manyfold.conf
server {
listen 80;
server_name manyfold;
root /opt/manyfold/app/public;
location /cable {
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host \$host;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
}
location / {
try_files \$uri/index.html \$uri @rails;
}
location @rails {
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
}
}
EOF
ln -s /etc/nginx/sites-available/manyfold.conf /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default
$STD systemctl reload nginx
msg_ok "Created Services"
motd_ssh
customize
msg_info "Cleaning up"
$STD apt-get -y autoremove
$STD apt-get -y autoclean
msg_ok "Cleaned"

47
install/minthcm-install.sh
View File

@@ -12,14 +12,12 @@ catch_errors
setting_up_container
network_check
update_os
PHP_VERSION="8.2"
PHP_APACHE="YES" PHP_MODULE="mysql,cli,redis" PHP_FPM="YES" setup_php
setup_composer
msg_info "Enabling Apache modules (rewrite, headers)"
$STD a2enmod rewrite
$STD a2enmod headers
msg_ok "Enabled Apache modules (rewrite, headers)"
PHP_VERSION="8.2"
PHP_APACHE="YES" PHP_MODULE="mysql,redis" PHP_FPM="YES" setup_php
setup_composer
setup_mariadb
$STD mariadb -u root -e "SET GLOBAL sql_mode='STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION'";
fetch_and_deploy_gh_release "MintHCM" "minthcm/minthcm" "tarball" "latest" "/var/www/MintHCM"
@@ -37,19 +35,17 @@ mkdir -p /var/www/script
cp /var/www/MintHCM/docker/script/generate_config.php /var/www/script/generate_config.php
cp /var/www/MintHCM/docker/.env /var/www/script/.env
chown -R www-data:www-data /var/www/script
msg_ok "Configured MintHCM"
msg_info "Restarting Apache2"
$STD a2enmod rewrite
$STD a2enmod headers
$STD systemctl restart apache2
msg_ok "Restarted Apache2"
msg_ok "Configured MintHCM"
msg_info "Setting up Elasticsearch"
setup_deb822_repo \
"elasticsearch" \
"https://artifacts.elastic.co/GPG-KEY-elasticsearch" \
"https://artifacts.elastic.co/packages/7.x/apt" \
"stable" \
"main"
"stable"
$STD apt install -y elasticsearch
echo "-Xms2g" >>/etc/elasticsearch/jvm.options
echo "-Xmx2g" >>/etc/elasticsearch/jvm.options
@@ -57,35 +53,26 @@ $STD /usr/share/elasticsearch/bin/elasticsearch-plugin install ingest-attachment
systemctl enable -q --now elasticsearch
msg_ok "Set up Elasticsearch"
setup_mariadb
msg_info "Setting up MariaDB"
$STD mariadb -u root -e "SET GLOBAL sql_mode='STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION'";
msg_ok "Set up MariaDB"
msg_info "Configuring Database"
DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
$STD mariadb -u root -e "CREATE USER 'minthcm'@'localhost' IDENTIFIED BY '${DB_PASS}';"
$STD mariadb -u root -e "GRANT ALL ON *.* TO 'minthcm'@'localhost'; FLUSH PRIVILEGES;"
sed -i 's/^DB_HOST=.*/DB_HOST=localhost/' /var/www/script/.env
sed -i 's/^DB_USER=.*/DB_USER=minthcm/' /var/www/script/.env
sed -i "s/^DB_PASS=.*/DB_PASS=${DB_PASS}/" /var/www/script/.env
sed -i 's/^ELASTICSEARCH_HOST=.*/ELASTICSEARCH_HOST=localhost/' /var/www/script/.env
msg_ok "Configured MariaDB"
{
echo "MintHCM DB Credentials"
echo "MariaDB User: minthcm"
echo "MariaDB Password: $DB_PASS"
} >>~/minthcm.creds
sed -i "s/^DB_HOST=.*/DB_HOST=localhost/" /var/www/script/.env
sed -i "s/^DB_USER=.*/DB_USER=minthcm/" /var/www/script/.env
sed -i "s/^DB_PASS=.*/DB_PASS=$DB_PASS/" /var/www/script/.env
sed -i "s/^ELASTICSEARCH_HOST=.*/ELASTICSEARCH_HOST=localhost/" /var/www/script/.env
msg_ok "Configured Database"
msg_info "Generating configuration file"
set -a
source /var/www/script/.env
set +a
php /var/www/script/generate_config.php
$STD php /var/www/script/generate_config.php
msg_ok "Generated configuration file"
msg_info "Installing MintHCM"
cd /var/www/MintHCM && su -s /bin/bash -c 'php /var/www/MintHCM/MintCLI install < /var/www/MintHCM/configMint4' www-data
cd /var/www/MintHCM
$STD sudo -u www-data php MintCLI install < /var/www/MintHCM/configMint4
printf "* * * * * cd /var/www/MintHCM/legacy; php -f cron.php > /dev/null 2>&1\n" > /var/spool/cron/crontabs/www-data
service cron start
rm -f /var/www/MintHCM/configMint4

11
install/nextexplorer-install.sh
View File

@@ -17,7 +17,11 @@ msg_info "Installing Dependencies"
$STD apt install -y \
ripgrep \
imagemagick \
ffmpeg
ffmpeg \
libva-drm2 \
libva2 \
mesa-va-drivers \
vainfo
msg_ok "Installed Dependencies"
NODE_VERSION="24" setup_nodejs
@@ -108,6 +112,11 @@ SHOW_VOLUME_USAGE=true
# FFMPEG_PATH=
# FFPROBE_PATH=
## Hardware acceleration
# FFMPEG_HWACCEL=vaapi
# FFMPEG_HWACCEL_DEVICE=/dev/dri/renderD128
# FFMPEG_HWACCEL_OUTPUT_FORMAT=nv12
FAVORITES_DEFAULT_ICON=outline.StarIcon
SHARES_ENABLED=true

69
install/nightscout-install.sh Normal file
View File

@@ -0,0 +1,69 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: aendel
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/nightscout/cgm-remote-monitor
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
build-essential \
libssl-dev \
openssl
msg_ok "Installed Dependencies"
MONGO_VERSION="8.0" setup_mongodb
NODE_VERSION="22" setup_nodejs
fetch_and_deploy_gh_release "nightscout" "nightscout/cgm-remote-monitor" "source"
msg_info "Installing Nightscout"
$STD npm install --prefix /opt/nightscout
msg_ok "Installed Nightscout"
msg_info "Creating Service"
useradd -s /bin/bash -m nightscout
chown -R nightscout:nightscout /opt/nightscout
API_SECRET=$(openssl rand -hex 16)
cat <<EOF >/opt/nightscout/my.env
MONGO_CONNECTION=mongodb://127.0.0.1:27017/nightscout
BASE_URL=http://localhost:1337
API_SECRET=${API_SECRET}
DISPLAY_UNITS=mg/dl
ENABLE=careportal boluscalc food bwp cage sage iage iob cob basal ar2 rawbg pushover bgi pump openaps pvb linear custom
INSECURE_USE_HTTP=true
EOF
chown nightscout:nightscout /opt/nightscout/my.env
cat <<EOF >/etc/systemd/system/nightscout.service
[Unit]
Description=Nightscout CGM Service
After=network.target mongodb.service
[Service]
Type=simple
User=nightscout
WorkingDirectory=/opt/nightscout
EnvironmentFile=/opt/nightscout/my.env
ExecStart=/usr/bin/npm start
Restart=always
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now nightscout
msg_ok "Created Service"
{
echo "Nightscout Credentials"
echo "API_SECRET: ${API_SECRET}"
} >> ~/nightscout.creds
motd_ssh
customize
cleanup_lxc

46
install/nodecast-tv-install.sh
View File

@@ -1,46 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: luismco
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/technomancer702/nodecast-tv
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
fetch_and_deploy_gh_release "nodecast-tv" "technomancer702/nodecast-tv"
setup_nodejs
msg_info "Installing Modules"
cd /opt/nodecast-tv
$STD npm install
msg_ok "Installed Modules"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/nodecast-tv.service
[Unit]
Description=nodecast-tv
After=network.target
Wants=network.target
[Service]
Type=simple
WorkingDirectory=/opt/nodecast-tv
ExecStart=/bin/npm run dev
Restart=on-failure
RestartSec=10
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now nodecast-tv
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

2
install/opencloud-install.sh
View File

@@ -57,7 +57,7 @@ echo "$COOLPASS" >~/.coolpass
msg_ok "Installed Collabora Online"
# OpenCloud
fetch_and_deploy_gh_release "opencloud" "opencloud-eu/opencloud" "singlefile" "v4.1.0" "/usr/bin" "opencloud-*-linux-amd64"
fetch_and_deploy_gh_release "opencloud" "opencloud-eu/opencloud" "singlefile" "v5.0.1" "/usr/bin" "opencloud-*-linux-amd64"
msg_info "Configuring OpenCloud"
DATA_DIR="/var/lib/opencloud/"

263
install/opencloud-install.sh.bak Normal file
View File

@@ -0,0 +1,263 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: vhsdream
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://opencloud.eu
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
echo -e "${TAB3}${INFO}${YW} Leave empty to use IP-based localhost mode (no Collabora)${CL}"
read -r -p "${TAB3}Enter the hostname of your OpenCloud server (eg cloud.domain.tld): " oc_host
if [[ -z "$oc_host" ]]; then
# Localhost/IP mode - no TLS, no Collabora
OC_HOST="${LOCAL_IP}"
LOCALHOST_MODE=true
msg_info "Using localhost mode with IP: ${LOCAL_IP}"
msg_warn "Collabora requires TLS and will be skipped in localhost mode"
else
OC_HOST="$oc_host"
LOCALHOST_MODE=false
read -r -p "${TAB3}Enter the hostname of your Collabora server [collabora.${OC_HOST#*.}]: " collabora_host
COLLABORA_HOST="${collabora_host:-collabora.${OC_HOST#*.}}"
read -r -p "${TAB3}Enter the hostname of your WOPI server [wopiserver.${OC_HOST#*.}]: " wopi_host
WOPI_HOST="${wopi_host:-wopiserver.${OC_HOST#*.}}"
fi
# Collabora Online - only install if not in localhost mode (requires TLS)
if [[ "$LOCALHOST_MODE" != true ]]; then
msg_info "Installing Collabora Online"
curl -fsSL https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg -o /etc/apt/keyrings/collaboraonline-release-keyring.gpg
cat <<EOF >/etc/apt/sources.list.d/collaboraonline.sources
Types: deb
URIs: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-deb
Suites: ./
Signed-By: /etc/apt/keyrings/collaboraonline-release-keyring.gpg
EOF
$STD apt-get update
$STD apt-get install -y coolwsd code-brand
systemctl stop coolwsd
mkdir -p /etc/systemd/system/coolwsd.service.d
cat <<EOF >/etc/systemd/system/coolwsd.service.d/override.conf
[Unit]
Before=opencloud-wopi.service
EOF
systemctl daemon-reload
COOLPASS="$(openssl rand -base64 36)"
$STD runuser -u cool -- coolconfig set-admin-password --user=admin --password="$COOLPASS"
echo "$COOLPASS" >~/.coolpass
msg_ok "Installed Collabora Online"
fi
# OpenCloud
fetch_and_deploy_gh_release "opencloud" "opencloud-eu/opencloud" "singlefile" "v5.0.1" "/usr/bin" "opencloud-*-linux-amd64"
msg_info "Configuring OpenCloud"
DATA_DIR="/var/lib/opencloud/"
CONFIG_DIR="/etc/opencloud"
ENV_FILE="${CONFIG_DIR}/opencloud.env"
mkdir -p "$DATA_DIR" "$CONFIG_DIR"/assets/apps
curl -fsSL https://raw.githubusercontent.com/opencloud-eu/opencloud-compose/refs/heads/main/config/opencloud/csp.yaml -o "$CONFIG_DIR"/csp.yaml
curl -fsSL https://raw.githubusercontent.com/opencloud-eu/opencloud-compose/refs/heads/main/config/opencloud/proxy.yaml -o "$CONFIG_DIR"/proxy.yaml.bak
if [[ "$LOCALHOST_MODE" == true ]]; then
OC_URL="http://${OC_HOST}:9200"
OC_INSECURE="true"
else
OC_URL="https://${OC_HOST}"
OC_INSECURE="false"
fi
# Create web config directory and config.json
mkdir -p "$CONFIG_DIR"/web
cat <<EOF >"$CONFIG_DIR"/web/config.json
{
"server": "${OC_URL}",
"theme": "https://raw.githubusercontent.com/opencloud-eu/opencloud-compose/refs/heads/main/config/opencloud/web/themes/opencloud/theme.json",
"openIdConnect": {
"metadata_url": "${OC_URL}/.well-known/openid-configuration",
"authority": "${OC_URL}",
"client_id": "web",
"response_type": "code",
"scope": "openid profile email"
}
}
EOF
cat <<EOF >"$ENV_FILE"
OC_URL=${OC_URL}
OC_INSECURE=${OC_INSECURE}
IDM_CREATE_DEMO_USERS=false
OC_LOG_LEVEL=warning
OC_CONFIG_DIR=${CONFIG_DIR}
OC_BASE_DATA_PATH=${DATA_DIR}
STORAGE_SYSTEM_OC_ROOT=${DATA_DIR}/storage/metadata
## Web
WEB_ASSET_CORE_PATH=${CONFIG_DIR}/web/assets
WEB_ASSET_APPS_PATH=${CONFIG_DIR}/web/assets/apps
WEB_UI_CONFIG_FILE=${CONFIG_DIR}/web/config.json
# WEB_ASSET_THEMES_PATH=${CONFIG_DIR}/web/assets/themes
# WEB_UI_THEME_PATH=
## Frontend
FRONTEND_DISABLE_RADICALE=true
FRONTEND_GROUPWARE_ENABLED=false
GRAPH_INCLUDE_OCM_SHAREES=true
## Proxy
PROXY_TLS=false
PROXY_CSP_CONFIG_FILE_LOCATION=${CONFIG_DIR}/csp.yaml
## Collaboration - requires VALID TLS (disabled in localhost mode)
# COLLABORA_DOMAIN=
# COLLABORATION_APP_NAME="CollaboraOnline"
# COLLABORATION_APP_PRODUCT="Collabora"
# COLLABORATION_APP_ADDR=
# COLLABORATION_APP_INSECURE=false
# COLLABORATION_HTTP_ADDR=0.0.0.0:9300
# COLLABORATION_WOPI_SRC=
# COLLABORATION_JWT_SECRET=
## Notifications - Email settings
# NOTIFICATIONS_SMTP_HOST=
# NOTIFICATIONS_SMTP_PORT=
# NOTIFICATIONS_SMTP_SENDER=
# NOTIFICATIONS_SMTP_USERNAME=
# NOTIFICATIONS_SMTP_PASSWORD=
# NOTIFICATIONS_SMTP_AUTHENTICATION=login
## Encryption method. Possible values are 'starttls', 'ssltls' and 'none'
# NOTIFICATIONS_SMTP_ENCRYPTION=starttls
## Allow insecure connections. Defaults to false.
# NOTIFICATIONS_SMTP_INSECURE=false
## Start additional services at runtime
## Examples: notifications, antivirus etc.
## Do not uncomment unless configured above.
# OC_ADD_RUN_SERVICES="notifications"
## OpenID - via web browser
## uncomment for OpenID in general
# OC_EXCLUDE_RUN_SERVICES=idp
# OC_OIDC_ISSUER=<your auth URL>
# IDP_DOMAIN=<your auth URL>
# PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD=none
# PROXY_OIDC_REWRITE_WELLKNOWN=true
# PROXY_USER_OIDC_CLAIM=preferred_username
# PROXY_USER_CS3_CLAIM=username
## automatically create accounts
# PROXY_AUTOPROVISION_ACCOUNTS=true
# WEB_OIDC_SCOPE=openid profile email groups
# GRAPH_ASSIGN_DEFAULT_USER_ROLE=false
#
## uncomment below if using PocketID
# WEB_OIDC_CLIENT_ID=<generated in PocketID>
# WEB_OIDC_METADATA_URL=<your auth URL>/.well-known/openid-configuration
## Full Text Search - Apache Tika
## Requires a separate install of Tika - see https://community-scripts.github.io/ProxmoxVE/scripts?id=apache-tika
# SEARCH_EXTRACTOR_TYPE=tika
# FRONTEND_FULL_TEXT_SEARCH_ENABLED=true
# SEARCH_EXTRACTOR_TIKA_TIKA_URL=<your-tika-url>
## External storage test - Only NFS v4.2+ is supported
## User files
# STORAGE_USERS_POSIX_ROOT=<path-to-your-bind_mount>
EOF
cat <<EOF >/etc/systemd/system/opencloud.service
[Unit]
Description=OpenCloud server
After=network-online.target
[Service]
Type=simple
User=opencloud
Group=opencloud
EnvironmentFile=${ENV_FILE}
ExecStart=/usr/bin/opencloud server
Restart=always
[Install]
WantedBy=multi-user.target
EOF
if [[ "$LOCALHOST_MODE" != true ]]; then
cat <<EOF >/etc/systemd/system/opencloud-wopi.service
[Unit]
Description=OpenCloud WOPI Server
Wants=coolwsd.service
After=opencloud.service coolwsd.service
[Service]
Type=simple
User=opencloud
Group=opencloud
EnvironmentFile=${ENV_FILE}
ExecStartPre=/bin/sleep 10
ExecStart=/usr/bin/opencloud collaboration server
Restart=always
KillSignal=SIGKILL
KillMode=mixed
TimeoutStopSec=10
[Install]
WantedBy=multi-user.target
EOF
# Append active Collabora config to env file
cat <<EOF >>"$ENV_FILE"
## Collaboration - active configuration
COLLABORA_DOMAIN=${COLLABORA_HOST}
COLLABORATION_APP_NAME="CollaboraOnline"
COLLABORATION_APP_PRODUCT="Collabora"
COLLABORATION_APP_ADDR=https://${COLLABORA_HOST}
COLLABORATION_APP_INSECURE=false
COLLABORATION_HTTP_ADDR=0.0.0.0:9300
COLLABORATION_WOPI_SRC=https://${WOPI_HOST}
COLLABORATION_JWT_SECRET=
EOF
$STD runuser -u cool -- coolconfig set ssl.enable false
$STD runuser -u cool -- coolconfig set ssl.termination true
$STD runuser -u cool -- coolconfig set ssl.ssl_verification true
sed -i "s|CSP2\"/>|CSP2\">frame-ancestors https://${OC_HOST}</content_security_policy>|" /etc/coolwsd/coolwsd.xml
fi
useradd -r -M -s /usr/sbin/nologin opencloud
chown -R opencloud:opencloud "$CONFIG_DIR" "$DATA_DIR"
if [[ "$LOCALHOST_MODE" == true ]]; then
$STD runuser -u opencloud -- opencloud init --config-path "$CONFIG_DIR" --insecure yes
else
$STD runuser -u opencloud -- opencloud init --config-path "$CONFIG_DIR" --insecure no
fi
OPENCLOUD_SECRET="$(sed -n '/jwt/p' "$CONFIG_DIR"/opencloud.yaml | awk '{print $2}')"
if [[ "$LOCALHOST_MODE" != true ]]; then
sed -i "s/COLLABORATION_JWT_SECRET=/&${OPENCLOUD_SECRET//&/\\&}/" "$ENV_FILE"
fi
msg_ok "Configured OpenCloud"
msg_info "Starting services"
if [[ "$LOCALHOST_MODE" == true ]]; then
systemctl enable -q --now opencloud
else
systemctl enable -q --now coolwsd opencloud
sleep 5
systemctl enable -q --now opencloud-wopi
fi
msg_ok "Started services"
motd_ssh
customize
cleanup_lxc

71
install/papra-install.sh
View File

@@ -14,88 +14,63 @@ network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
$STD apt-get install -y \
build-essential \
tesseract-ocr \
tesseract-ocr-all
msg_ok "Installed Dependencies"
NODE_VERSION="24" setup_nodejs
RELEASE=$(curl -fsSL https://api.github.com/repos/papra-hq/papra/releases | grep -oP '"tag_name":\s*"\K@papra/docker@[^"]+' | head -n1)
fetch_and_deploy_gh_release "papra" "papra-hq/papra" "tarball" "${RELEASE}" "/opt/papra"
msg_info "Setup Papra"
pnpm_version=$(grep -oP '"packageManager":\s*"pnpm@\K[^"]+' /opt/papra/package.json)
NODE_VERSION="24" NODE_MODULE="pnpm@$pnpm_version" setup_nodejs
msg_info "Installing Papra (Patience)"
cd /opt/papra
export COREPACK_ENABLE_NETWORK=1
$STD corepack enable
$STD corepack prepare pnpm@10.19.0 --activate
$STD pnpm install --frozen-lockfile
$STD pnpm --filter "@papra/app-client..." run build
$STD pnpm --filter "@papra/app-server..." run build
msg_ok "Set up Papra"
ln -sf /opt/papra/apps/papra-client/dist /opt/papra/apps/papra-server/public
msg_ok "Installed Papra"
msg_info "Configuring Papra"
CONTAINER_IP=$(hostname -I | awk '{print $1}')
BETTER_AUTH_SECRET=$(openssl rand -hex 32)
mkdir -p /opt/papra/app-data/db
mkdir -p /opt/papra/app-data/documents
cat >/opt/papra/.env <<EOF
mkdir -p /opt/papra_data/{db,documents,ingestion}
[[ ! -f /opt/papra_data/.secret ]] && openssl rand -hex 32 >/opt/papra_data/.secret
cat <<EOF >/opt/papra/apps/papra-server/.env
NODE_ENV=production
SERVER_SERVE_PUBLIC_DIR=true
PORT=1221
# Database Configuration
DATABASE_URL=file:./app-data/db/db.sqlite
# Storage Configuration
DOCUMENT_STORAGE_FILESYSTEM_ROOT=./app-data/documents
PAPRA_CONFIG_DIR=./app-data
# Authentication
BETTER_AUTH_SECRET=${BETTER_AUTH_SECRET}
DATABASE_URL=file:/opt/papra_data/db/db.sqlite
DOCUMENT_STORAGE_FILESYSTEM_ROOT=/opt/papra_data/documents
PAPRA_CONFIG_DIR=/opt/papra_data
AUTH_SECRET=$(cat /opt/papra_data/.secret)
BETTER_AUTH_SECRET=$(cat /opt/papra_data/.secret)
BETTER_AUTH_TELEMETRY=0
# Application Configuration
CLIENT_BASE_URL=http://${CONTAINER_IP}:1221
# Email Configuration (dry-run mode)
CLIENT_BASE_URL=http://${LOCAL_IP}:1221
EMAILS_DRY_RUN=true
# Ingestion Folder
INGESTION_FOLDER_ROOT=./ingestion
INGESTION_FOLDER_ROOT=/opt/papra_data/ingestion
EOF
mkdir -p /opt/papra/ingestion
chown -R root:root /opt/papra
msg_ok "Configured Papra"
msg_info "Creating Papra Service"
cat >/etc/systemd/system/papra.service <<EOF
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/papra.service
[Unit]
Description=Papra Document Management
After=network.target
[Service]
Type=simple
User=root
WorkingDirectory=/opt/papra/apps/papra-server
EnvironmentFile=/opt/papra/.env
Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ExecStartPre=/usr/bin/corepack pnpm --silent run migration:apply
ExecStart=/usr/bin/corepack pnpm --silent run start
Restart=on-failure
RestartSec=10
EnvironmentFile=/opt/papra/apps/papra-server/.env
ExecStartPre=/usr/bin/pnpm run migrate:up
ExecStart=/usr/bin/node dist/index.js
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now papra
echo "${RELEASE}" >/opt/Papra_version.txt
msg_ok "Created and Started Papra Service"
msg_ok "Created Service"
motd_ssh
customize

2
install/piler-install.sh
View File

@@ -30,7 +30,7 @@ $STD apt install -y \
gnupg
msg_ok "Installed Dependencies"
import_local_ip
setup_mariadb
MARIADB_DB_NAME="piler" MARIADB_DB_USER="piler" setup_mariadb_db
PHP_VERSION="8.3" PHP_FPM="YES" PHP_MODULE="ldap,gd,memcached,pdo,mysql,curl,zip" setup_php

2
install/pixelfed-install.sh
View File

@@ -29,7 +29,7 @@ useradd -rU -s /bin/bash pixelfed
usermod -aG redis pixelfed
msg_ok "Created Pixelfed User"
import_local_ip
PG_VERSION="17" setup_postgresql
PG_DB_NAME="pixelfed" PG_DB_USER="pixelfed" setup_postgresql_db
PHP_VERSION="8.4" PHP_FPM="YES" PHP_MODULE="bcmath,ctype,exif,imagick,pgsql,redis,tokenizer" PHP_UPLOAD_MAX_FILESIZE="500M" PHP_POST_MAX_SIZE="500M" PHP_MAX_EXECUTION_TIME="600" setup_php

61
install/romm-install.sh
View File

@@ -15,13 +15,11 @@ setting_up_container
network_check
update_os
msg_info "Installing dependencies"
$STD apt-get install -y \
msg_info "Installing Dependencies"
$STD apt install -y \
acl \
git \
build-essential \
gcc \
g++ \
make \
libssl-dev \
libffi-dev \
libmagic-dev \
@@ -43,9 +41,9 @@ $STD apt-get install -y \
p7zip-full \
tzdata \
nginx
msg_ok "Installed dependencies"
msg_ok "Installed Dependencies"
UV_VERSION="0.7.19" PYTHON_VERSION="3.13" setup_uv
PYTHON_VERSION="3.13" setup_uv
NODE_VERSION="22" setup_nodejs
setup_mariadb
MARIADB_DB_NAME="romm" MARIADB_DB_USER="romm" setup_mariadb_db
@@ -60,7 +58,7 @@ mkdir -p /opt/romm \
msg_ok "Created directories"
msg_info "Creating configuration file"
cat >/var/lib/romm/config/config.yml <<'CONFIGEOF'
cat <<'EOF' >/var/lib/romm/config/config.yml
# RomM Configuration File
# Documentation: https://docs.romm.app/latest/Getting-Started/Configuration-File/
# Only uncomment the lines you want to use/modify
@@ -116,15 +114,13 @@ cat >/var/lib/romm/config/config.yml <<'CONFIGEOF'
# emulatorjs:
# debug: false
# cache_limit: null
CONFIGEOF
EOF
chmod 644 /var/lib/romm/config/config.yml
msg_ok "Created configuration file"
msg_info "Installing RAHasher (RetroAchievements)"
fetch_and_deploy_gh_release "RetroAchievements" "RetroAchievements/RALibretro" "prebuild" "latest" "/opt/RALibretro" "RAHasher-x64-Linux-*.zip"
fetch_and_deploy_gh_release "RAHasher" "RetroAchievements/RALibretro" "prebuild" "latest" "/opt/RALibretro" "RAHasher-x64-Linux-*.zip"
cp /opt/RALibretro/RAHasher /usr/bin/RAHasher
chmod +x /usr/bin/RAHasher
msg_ok "Installed RAHasher"
fetch_and_deploy_gh_release "romm" "rommapp/romm"
@@ -134,7 +130,7 @@ systemctl restart redis-server
systemctl enable -q --now redis-server
AUTH_SECRET_KEY=$(openssl rand -hex 32)
cat >/opt/romm/.env <<EOF
cat <<EOF >/opt/romm/.env
ROMM_BASE_PATH=/var/lib/romm
ROMM_CONFIG_PATH=/var/lib/romm/config/config.yml
WEB_CONCURRENCY=4
@@ -166,24 +162,25 @@ EOF
chmod 600 /opt/romm/.env
msg_ok "Created environment file"
msg_info "Setup Romm backend"
msg_info "Setting up RomM Backend"
cd /opt/romm
export UV_CONCURRENT_DOWNLOADS=1
$STD uv sync --all-extras
cd /opt/romm/backend
$STD uv run alembic upgrade head
msg_ok "Installed backend"
msg_ok "Set up RomM Backend"
msg_info "Setup Romm frontend"
msg_info "Setting up RomM Frontend"
cd /opt/romm/frontend
$STD npm install
$STD npm run build
mkdir -p /opt/romm/frontend/dist/assets/romm
ln -sfn /var/lib/romm/resources /opt/romm/frontend/dist/assets/romm/resources
ln -sfn /var/lib/romm/assets /opt/romm/frontend/dist/assets/romm/assets
msg_ok "Setup Romm frontend"
msg_info "Configuring nginx"
cat >/etc/nginx/sites-available/romm <<'EOF'
msg_ok "Set up RomM Frontend"
msg_info "Configuring Nginx"
cat <<'EOF' >/etc/nginx/sites-available/romm
upstream romm_backend {
server 127.0.0.1:5000;
}
@@ -204,6 +201,14 @@ server {
try_files $uri $uri/ /index.html;
}
# Static assets
location /assets {
alias /opt/romm/frontend/dist/assets;
try_files $uri $uri/ =404;
expires 1y;
add_header Cache-Control "public, immutable";
}
# EmulatorJS player - requires COOP/COEP headers for SharedArrayBuffer
location ~ ^/rom/.*/ejs$ {
add_header Cross-Origin-Embedder-Policy "require-corp";
@@ -247,13 +252,12 @@ EOF
rm -f /etc/nginx/sites-enabled/default
ln -sf /etc/nginx/sites-available/romm /etc/nginx/sites-enabled/romm
$STD nginx -t
systemctl restart nginx
systemctl enable -q nginx
msg_ok "Configured nginx"
systemctl enable -q --now nginx
msg_ok "Configured Nginx"
msg_info "Creating services"
cat >/etc/systemd/system/romm-backend.service <<EOF
msg_info "Creating Services"
cat <<EOF >/etc/systemd/system/romm-backend.service
[Unit]
Description=RomM Backend
After=network.target mariadb.service redis-server.service
@@ -272,7 +276,7 @@ RestartSec=5
WantedBy=multi-user.target
EOF
cat >/etc/systemd/system/romm-worker.service <<EOF
cat <<EOF >/etc/systemd/system/romm-worker.service
[Unit]
Description=RomM RQ Worker
After=network.target mariadb.service redis-server.service romm-backend.service
@@ -291,7 +295,7 @@ RestartSec=5
WantedBy=multi-user.target
EOF
cat >/etc/systemd/system/romm-scheduler.service <<EOF
cat <<EOF >/etc/systemd/system/romm-scheduler.service
[Unit]
Description=RomM RQ Scheduler
After=network.target mariadb.service redis-server.service romm-backend.service
@@ -312,7 +316,7 @@ RestartSec=5
WantedBy=multi-user.target
EOF
cat >/etc/systemd/system/romm-watcher.service <<EOF
cat <<EOF >/etc/systemd/system/romm-watcher.service
[Unit]
Description=RomM Filesystem Watcher
After=network.target romm-backend.service
@@ -331,9 +335,8 @@ RestartSec=5
WantedBy=multi-user.target
EOF
systemctl daemon-reload
systemctl enable -q --now romm-backend romm-worker romm-scheduler romm-watcher
msg_ok "Created services"
msg_ok "Created Services"
motd_ssh
customize

5
install/rustypaste-install.sh
View File

@@ -14,11 +14,12 @@ network_check
update_os
fetch_and_deploy_gh_release "rustypaste" "orhun/rustypaste" "prebuild" "latest" "/opt/rustypaste" "*x86_64-unknown-linux-gnu.tar.gz"
fetch_and_deploy_gh_release "rustypaste-cli" "orhun/rustypaste-cli" "prebuild" "latest" "/usr/local/bin" "*x86_64-unknown-linux-gnu.tar.gz"
msg_info "Setting up rustypaste"
msg_info "Setting up RustyPaste"
cd /opt/rustypaste
sed -i 's|^address = ".*"|address = "0.0.0.0:8000"|' config.toml
msg_ok "Set up rustypaste"
msg_ok "Set up RustyPaste"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/rustypaste.service

217
install/shelfmark-install.sh Normal file
View File

@@ -0,0 +1,217 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: vhsdream
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/calibrain/shelfmark
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
unrar-free
ln -sf /usr/bin/unrar-free /usr/bin/unrar
msg_ok "Installed Dependencies"
mkdir -p /etc/shelfmark
cat <<EOF >/etc/shelfmark/.env
DOCKERMODE=false
CONFIG_DIR=/etc/shelfmark
TMP_DIR=/tmp/shelfmark
ENABLE_LOGGING=true
FLASK_HOST=0.0.0.0
FLASK_PORT=8084
# SESSION_COOKIES_SECURE=true
# CWA_DB_PATH=
USE_CF_BYPASS=true
USING_EXTERNAL_BYPASSER=false
# EXT_BYPASSER_URL=
# EXT_BYPASSER_PATH=/v1
EOF
echo ""
echo ""
echo -e "${BL}Shelfmark Deployment Type${CL}"
echo "─────────────────────────────────────────"
echo "Please choose your deployment type:"
echo ""
echo " 1) Use Shelfmark's internal captcha bypasser (default)"
echo " 2) Install FlareSolverr in this LXC"
echo " 3) Use an existing Flaresolverr/Byparr LXC"
echo " 4) Disable captcha bypassing altogether (not recommended)"
echo ""
read -r -p "${TAB3}Select deployment type [1]: " DEPLOYMENT_TYPE
DEPLOYMENT_TYPE="${DEPLOYMENT_TYPE:-1}"
case "$DEPLOYMENT_TYPE" in
1)
msg_ok "Using Shelfmark's internal captcha bypasser"
;;
2)
msg_ok "Proceeding with FlareSolverr installation"
;;
3)
echo ""
echo -e "${BL}Use an existing FlareSolverr/Byparr LXC${CL}"
echo "─────────────────────────────────────────"
echo "Enter the URL/IP address with port of your Flaresolverr/Byparr instance"
echo "Example: http://flaresoverr.homelab.lan:8191 or"
echo "http://192.168.10.99:8191"
echo ""
read -r -p "FlareSolverr/Byparr URL: " BYPASSER_URL
if [[ -z "$BYPASSER_URL" ]]; then
msg_warn "No Flaresolverr/Byparr URL provided. Falling back to Shelfmark's internal bypasser."
else
BYPASSER_URL="${BYPASSER_URL%/}"
msg_ok "FlareSolverr/Byparr URL: ${BYPASSER_URL}"
fi
;;
4)
msg_warn "Disabling captcha bypass. This may cause the majority of searches and downloads to fail."
;;
*)
msg_warn "Invalid selection. Reverting to default (internal bypasser)!"
;;
esac
if [[ "$DEPLOYMENT_TYPE" == "2" ]]; then
fetch_and_deploy_gh_release "flaresolverr" "FlareSolverr/FlareSolverr" "prebuild" "latest" "/opt/flaresolverr" "flaresolverr_linux_x64.tar.gz"
msg_info "Installing FlareSolverr (please wait)"
$STD apt install -y xvfb
setup_deb822_repo \
"google-chrome" \
"https://dl.google.com/linux/linux_signing_key.pub" \
"https://dl.google.com/linux/chrome/deb/" \
"stable"
$STD apt update
$STD apt install -y google-chrome-stable
# remove google-chrome.list added by google-chrome-stable
rm /etc/apt/sources.list.d/google-chrome.list
sed -i -e '/BYPASSER=/s/false/true/' \
-e 's/^# EXT_/EXT_/' \
-e "s|_URL=.*|_URL=http://localhost:8191|" /etc/shelfmark/.env
msg_ok "Installed FlareSolverr"
elif [[ "$DEPLOYMENT_TYPE" == "3" ]]; then
sed -i -e '/BYPASSER=/s/false/true/' \
-e 's/^# EXT_/EXT_/' \
-e "s|_URL=.*|_URL=${BYPASSER_URL}|" /etc/shelfmark/.env
elif [[ "$DEPLOYMENT_TYPE" == "4" ]]; then
sed -i '/_BYPASS=/s/true/false/' /etc/shelfmark/.env
else
DEPLOYMENT_TYPE="1"
msg_info "Installing internal bypasser dependencies"
$STD apt install -y --no-install-recommends \
xvfb \
ffmpeg \
chromium-common=143.0.7499.169-1~deb13u1 \
chromium=143.0.7499.169-1~deb13u1 \
chromium-driver=143.0.7499.169-1~deb13u1 \
python3-tk
msg_ok "Installed internal bypasser dependencies"
fi
NODE_VERSION="22" setup_nodejs
PYTHON_VERSION="3.12" setup_uv
fetch_and_deploy_gh_release "shelfmark" "calibrain/shelfmark" "tarball" "latest" "/opt/shelfmark"
RELEASE_VERSION=$(cat "$HOME/.shelfmark")
msg_info "Building Shelfmark frontend"
cd /opt/shelfmark/src/frontend
echo "RELEASE_VERSION=${RELEASE_VERSION}" >>/etc/shelfmark/.env
$STD npm ci
$STD npm run build
mv /opt/shelfmark/src/frontend/dist /opt/shelfmark/frontend-dist
msg_ok "Built Shelfmark frontend"
msg_info "Configuring Shelfmark"
cd /opt/shelfmark
$STD uv venv ./venv
$STD source ./venv/bin/activate
$STD uv pip install -r ./requirements-base.txt
[[ "$DEPLOYMENT_TYPE" == "1" ]] && $STD uv pip install -r ./requirements-shelfmark.txt
mkdir -p {/var/log/shelfmark,/tmp/shelfmark}
msg_ok "Configured Shelfmark"
msg_info "Creating Services and start script"
cat <<EOF >/etc/systemd/system/shelfmark.service
[Unit]
Description=Shelfmark server
After=network.target
[Service]
Type=simple
WorkingDirectory=/opt/shelfmark
EnvironmentFile=/etc/shelfmark/.env
ExecStart=/usr/bin/bash /opt/shelfmark/start.sh
Restart=always
RestartSec=10
KillMode=mixed
[Install]
WantedBy=multi-user.target
EOF
if [[ "$DEPLOYMENT_TYPE" == "1" ]]; then
cat <<EOF >/etc/systemd/system/chromium.service
[Unit]
Description=karakeep Headless Browser
After=network.target
[Service]
User=root
ExecStart=/usr/bin/chromium --headless --no-sandbox --disable-gpu --disable-dev-shm-usage --remote-debugging-address=127.0.0.1 --remote-debugging-port=9222 --hide-scrollbars
Restart=always
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now chromium
fi
if [[ "$DEPLOYMENT_TYPE" == "2" ]]; then
cat <<EOF >/etc/systemd/system/flaresolverr.service
[Unit]
Description=FlareSolverr
After=network.target
[Service]
SyslogIdentifier=flaresolverr
Restart=always
RestartSec=5
Type=simple
Environment="LOG_LEVEL=info"
Environment="CAPTCHA_SOLVER=none"
WorkingDirectory=/opt/flaresolverr
ExecStart=/opt/flaresolverr/flaresolverr
TimeoutStopSec=30
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now flaresolverr
fi
cat <<EOF >/opt/shelfmark/start.sh
#!/usr/bin/env bash
source /opt/shelfmark/venv/bin/activate
set -a
source /etc/shelfmark/.env
set +a
gunicorn --worker-class geventwebsocket.gunicorn.workers.GeventWebSocketWorker --workers 1 -t 300 -b 0.0.0.0:8084 shelfmark.main:app
EOF
chmod +x /opt/shelfmark/start.sh
systemctl enable -q --now shelfmark
msg_ok "Created Services and start script"
motd_ssh
customize
cleanup_lxc

151
install/tracearr-install.sh
View File

@@ -1,151 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2025 community-scripts ORG
# Author: durzo
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://github.com/connorgallopo/Tracearr
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y redis-server
msg_ok "Installed Dependencies"
PNPM_VERSION="$(curl -fsSL "https://raw.githubusercontent.com/connorgallopo/Tracearr/refs/heads/main/package.json" | jq -r '.packageManager | split("@")[1]')"
NODE_VERSION="22" NODE_MODULE="pnpm@${PNPM_VERSION}" setup_nodejs
PG_VERSION="18" setup_postgresql
msg_info "Installing TimescaleDB"
setup_deb822_repo \
"timescaledb" \
"https://packagecloud.io/timescale/timescaledb/gpgkey" \
"https://packagecloud.io/timescale/timescaledb/debian" \
"$(get_os_info codename)" \
"main"
$STD apt install -y \
timescaledb-2-postgresql-18 \
timescaledb-tools \
timescaledb-toolkit-postgresql-18
total_ram_kb=$(grep MemTotal /proc/meminfo | awk '{print $2}')
ram_for_tsdb=$((total_ram_kb / 1024 / 2))
$STD timescaledb-tune -yes -memory "$ram_for_tsdb"MB
$STD systemctl restart postgresql
msg_ok "Installed TimescaleDB"
msg_info "Creating PostgreSQL Database"
PG_DB_NAME="tracearr" PG_DB_USER="tracearr" PG_DB_EXTENSIONS="timescaledb,timescaledb_toolkit" setup_postgresql_db
msg_ok "Created PostgreSQL Database"
fetch_and_deploy_gh_release "tracearr" "connorgallopo/Tracearr" "tarball" "latest" "/opt/tracearr.build"
msg_info "Building Tracearr"
export TZ=$(cat /etc/timezone)
cd /opt/tracearr.build
$STD pnpm install --frozen-lockfile --force
$STD pnpm turbo telemetry disable
$STD pnpm turbo run build --no-daemon --filter=@tracearr/shared --filter=@tracearr/server --filter=@tracearr/web
mkdir -p /opt/tracearr/{packages/shared,apps/server,apps/web,apps/server/src/db}
cp -rf package.json /opt/tracearr/
cp -rf pnpm-workspace.yaml /opt/tracearr/
cp -rf pnpm-lock.yaml /opt/tracearr/
cp -rf apps/server/package.json /opt/tracearr/apps/server/
cp -rf apps/server/dist /opt/tracearr/apps/server/dist
cp -rf apps/web/dist /opt/tracearr/apps/web/dist
cp -rf packages/shared/package.json /opt/tracearr/packages/shared/
cp -rf packages/shared/dist /opt/tracearr/packages/shared/dist
cp -rf apps/server/src/db/migrations /opt/tracearr/apps/server/src/db/migrations
cp -rf data /opt/tracearr/data
mkdir -p /opt/tracearr/data/image-cache
rm -rf /opt/tracearr.build
cd /opt/tracearr
$STD pnpm install --prod --frozen-lockfile --ignore-scripts
msg_ok "Built Tracearr"
msg_info "Configuring Tracearr"
$STD useradd -r -s /bin/false -U tracearr
$STD chown -R tracearr:tracearr /opt/tracearr
install -d -m 750 -o tracearr -g tracearr /data/tracearr
export JWT_SECRET=$(openssl rand -hex 32)
export COOKIE_SECRET=$(openssl rand -hex 32)
cat <<EOF >/data/tracearr/.env
DATABASE_URL=postgresql://${PG_DB_USER}:${PG_DB_PASS}@127.0.0.1:5432/${PG_DB_NAME}
REDIS_URL=redis://127.0.0.1:6379
PORT=3000
HOST=0.0.0.0
NODE_ENV=production
TZ=${TZ}
LOG_LEVEL=info
JWT_SECRET=$JWT_SECRET
COOKIE_SECRET=$COOKIE_SECRET
APP_VERSION=$(cat /root/.tracearr)
#CORS_ORIGIN=http://localhost:5173
#MOBILE_BETA_MODE=true
EOF
chmod 600 /data/tracearr/.env
chown -R tracearr:tracearr /data/tracearr
msg_ok "Configured Tracearr"
msg_info "Creating Services"
cat <<EOF >/data/tracearr/prestart.sh
#!/usr/bin/env bash
# =============================================================================
# Tune PostgreSQL for available resources (runs every startup)
# =============================================================================
# timescaledb-tune automatically optimizes PostgreSQL settings based on
# available RAM and CPU. Safe to run repeatedly - recalculates if resources change.
if command -v timescaledb-tune &> /dev/null; then
total_ram_kb=\$(grep MemTotal /proc/meminfo | awk '{print \$2}')
ram_for_tsdb=\$((total_ram_kb / 1024 / 2))
timescaledb-tune -yes -memory "\$ram_for_tsdb"MB --quiet 2>/dev/null \
|| echo "Warning: timescaledb-tune failed (non-fatal)"
fi
# =============================================================================
# Ensure TimescaleDB decompression limit is set (for existing databases)
# =============================================================================
# This setting allows migrations to modify compressed hypertable data.
# Without it, bulk UPDATEs on compressed sessions will fail with
# "tuple decompression limit exceeded" errors.
pg_config_file="/etc/postgresql/18/main/postgresql.conf"
if [ -f \$pg_config_file ]; then
if ! grep -q "max_tuples_decompressed_per_dml_transaction" \$pg_config_file; then
echo "" >> \$pg_config_file
echo "# Allow unlimited tuple decompression for migrations on compressed hypertables" >> \$pg_config_file
echo "timescaledb.max_tuples_decompressed_per_dml_transaction = 0" >> \$pg_config_file
fi
fi
systemctl restart postgresql
EOF
chmod +x /data/tracearr/prestart.sh
cat <<EOF >/lib/systemd/system/tracearr.service
[Unit]
Description=Tracearr Web Server
After=network.target postgresql.service redis-server.service
[Service]
Type=simple
KillMode=control-group
EnvironmentFile=/data/tracearr/.env
WorkingDirectory=/opt/tracearr
ExecStartPre=+/data/tracearr/prestart.sh
ExecStart=node /opt/tracearr/apps/server/dist/index.js
Restart=on-failure
RestartSec=10
User=tracearr
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now postgresql
systemctl enable -q --now redis-server
systemctl enable -q --now tracearr
msg_ok "Created Services"
motd_ssh
customize
cleanup_lxc

27
install/vikunja-install.sh Normal file
View File

@@ -0,0 +1,27 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (Canbiz) | Co-Author: CrazyWolf13
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://vikunja.io/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
fetch_and_deploy_gh_release "vikunja" "go-vikunja/vikunja" "binary"
msg_info "Setting up Vikunja"
sed -i 's|^# \(service:\)|\1|' /etc/vikunja/config.yml
sed -i "s|^ # \(publicurl: \).*| \1\"http://$LOCAL_IP\"|" /etc/vikunja/config.yml
sed -i "0,/^ # \(timezone: \).*/s|| \1${tz}|" /etc/vikunja/config.yml
systemctl enable -q --now vikunja
msg_ok "Set up Vikunja"
motd_ssh
customize
cleanup_lxc

121
install/wger-install.sh Normal file
View File

@@ -0,0 +1,121 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: Slaviša Arežina (tremor021)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/wger-project/wger
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt-get install -y \
apache2 \
libapache2-mod-wsgi-py3 \
libpq-dev
msg_ok "Installed Dependencies"
NODE_VERSION="22" NODE_MODULE="sass" setup_nodejs
setup_uv
PG_VERSION="16" setup_postgresql
PG_DB_NAME="wger" PG_DB_USER="wger" setup_postgresql_db
fetch_and_deploy_gh_release "wger" "wger-project/wger" "tarball" "latest" "/opt/wger"
msg_info "Setting up wger"
mkdir -p /opt/wger/{static,media}
chmod o+w /opt/wger/media
cd /opt/wger
$STD corepack enable
$STD npm install
$STD npm run build:css:sass
$STD uv venv
$STD uv pip install .
SECRET_KEY=$(openssl rand -base64 40)
cat <<EOF >/opt/wger/.env
DJANGO_DB_ENGINE=django.db.backends.postgresql
DJANGO_DB_DATABASE=${PG_DB_NAME}
DJANGO_DB_USER=${PG_DB_USER}
DJANGO_DB_PASSWORD=${PG_DB_PASS}
DJANGO_DB_HOST=localhost
DJANGO_DB_PORT=5432
DJANGO_MEDIA_ROOT=/opt/wger/media
DJANGO_STATIC_ROOT=/opt/wger/static
SECRET_KEY=${SECRET_KEY}
EOF
cat <<'WSGI' >/opt/wger/wsgi_wrapper.py
import os
from pathlib import Path
env_file = Path('/opt/wger/.env')
if env_file.exists():
for line in env_file.read_text().splitlines():
if line.strip() and not line.startswith('#') and '=' in line:
key, value = line.split('=', 1)
os.environ.setdefault(key.strip(), value.strip())
os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'settings.main')
from wger.wsgi import application
WSGI
set -a && source /opt/wger/.env && set +a
export DJANGO_SETTINGS_MODULE=settings.main
$STD uv run python manage.py migrate
$STD uv run python manage.py loaddata languages
$STD uv run python manage.py loaddata gym_config
$STD uv run python manage.py loaddata groups
$STD uv run python manage.py loaddata site
$STD uv run python manage.py collectstatic --no-input
cat <<EOF | uv run python manage.py shell
from django.contrib.auth import get_user_model
UserModel = get_user_model()
user = UserModel.objects.create_user('admin', email='admin@localhost', password='${PG_DB_PASS}')
user.is_superuser = True
user.is_staff = True
user.save()
EOF
msg_ok "Set up wger"
msg_info "Creating Service"
cat <<EOF >/etc/apache2/sites-available/wger.conf
<Directory /opt/wger>
<Files wsgi_wrapper.py>
Require all granted
</Files>
</Directory>
<VirtualHost *:80>
WSGIApplicationGroup %{GLOBAL}
WSGIDaemonProcess wger python-path=/opt/wger python-home=/opt/wger/.venv
WSGIProcessGroup wger
WSGIScriptAlias / /opt/wger/wsgi_wrapper.py
WSGIPassAuthorization On
Alias /static/ /opt/wger/static/
<Directory /opt/wger/static>
Require all granted
</Directory>
Alias /media/ /opt/wger/media/
<Directory /opt/wger/media>
Require all granted
</Directory>
ErrorLog /var/log/apache2/wger-error.log
CustomLog /var/log/apache2/wger-access.log combined
</VirtualHost>
EOF
$STD a2dissite 000-default.conf
$STD a2ensite wger
systemctl restart apache2
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

2
install/wishlist-install.sh
View File

@@ -24,7 +24,7 @@ msg_ok "Installed dependencies"
NODE_VERSION="24" NODE_MODULE="pnpm" setup_nodejs
fetch_and_deploy_gh_release "wishlist" "cmintey/wishlist" "tarball"
LATEST_APP_VERSION=$(get_latest_github_release "cmintey/wishlist" false)
import_local_ip
msg_info "Installing Wishlist"
cd /opt/wishlist