community-scripts/ProxmoxVED
1
0
Fork 0
mirror of https://github.com/community-scripts/ProxmoxVED.git synced 2026-02-25 05:57:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into garmin-grafana

Browse Source
This commit is contained in:
CanbiZ (MickLesk)
2026-02-02 10:09:08 +01:00
committed by GitHub
parent 40e6eb59c7 07090f4bb9
commit ab19162dc4
105 changed files with 6528 additions and 2898 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
install/affine-install.sh
View File

@@ -29,7 +29,7 @@ PG_VERSION="16" PG_MODULES="pgvector" setup_postgresql
PG_DB_NAME="affine" PG_DB_USER="affine" setup_postgresql_db
NODE_VERSION="22" setup_nodejs
setup_rust
import_local_ip
fetch_and_deploy_gh_release "affine_app" "toeverything/AFFiNE" "tarball" "latest" "/opt/affine"

34
install/alpine-powerdns-install.sh Normal file
View File

@@ -0,0 +1,34 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: Slaviša Arežina (tremor021)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://www.powerdns.com/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing PowerDNS"
$STD apk add --no-cache pdns pdns-backend-sqlite3 pdns-doc
msg_ok "Installed PowerDNS"
msg_info "Configuring PowerDNS"
sed -i '/^# launch=$/c\launch=gsqlite3\ngsqlite3-database=/var/lib/powerdns/pdns.sqlite3' /etc/pdns/pdns.conf
mkdir /var/lib/powerdns
sqlite3 /var/lib/powerdns/pdns.sqlite3 < /usr/share/doc/pdns/schema.sqlite3.sql
chown -R pdns:pdns /var/lib/powerdns
msg_ok "Configured PowerDNS"
msg_info "Creating Service"
$STD rc-update add pdns default
$STD rc-service pdns start
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

32
install/alpine-rustypaste-install.sh
View File

@@ -1,32 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/orhun/rustypaste
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing RustyPaste"
$STD apk add --no-cache rustypaste --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community
msg_ok "Installed RustyPaste"
msg_info "Configuring RustyPaste"
mkdir -p /var/lib/rustypaste
sed -i 's|^address = ".*"|address = "0.0.0.0:8000"|' /etc/rustypaste/config.toml
msg_ok "Configured RustyPaste"
msg_info "Creating Service"
$STD rc-update add rustypaste default
$STD rc-service rustypaste start
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

24
install/alpine-valkey-install.sh
View File

@@ -1,24 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: pshankinclarke (lazarillo)
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://valkey.io/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Valkey"
$STD apk add valkey valkey-openrc valkey-cli
$STD sed -i 's/^bind .*/bind 0.0.0.0/' /etc/valkey/valkey.conf
$STD rc-update add valkey default
$STD rc-service valkey start
msg_ok "Installed Valkey"
motd_ssh
customize

68
install/ampache-install.sh
View File

@@ -1,68 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (Canbiz)
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://github.com/ampache/ampache
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
flac \
vorbis-tools \
lame \
ffmpeg \
inotify-tools \
libavcodec-extra \
libmp3lame-dev \
libtheora-dev \
libvorbis-dev \
libvpx-dev
msg_ok "Installed Dependencies"
PHP_VERSION=8.4 PHP_MODULE=bcmath,bz2,curl,gd,imagick,intl,mbstring,mysql,sqlite3,xml,xmlrpc,zip PHP_APACHE=YES setup_php
setup_mariadb
MARIADB_DB_USER=ampache MARIADB_DB_NAME=ampache setup_mariadb_db
fetch_and_deploy_gh_release "ampache" "ampache/ampache" "prebuild" "latest" "/opt/ampache" "ampache-*_all_php8.4.zip"
msg_info "Setup Ampache"
rm -rf /var/www/html
ln -s /opt/ampache/public /var/www/html
mv /opt/ampache/public/rest/.htaccess.dist /opt/ampache/public/rest/.htaccess
mv /opt/ampache/public/play/.htaccess.dist /opt/ampache/public/play/.htaccess
cp /opt/ampache/config/ampache.cfg.php.dist /opt/ampache/config/ampache.cfg.php
chmod 664 /opt/ampache/public/rest/.htaccess /opt/ampache/public/play/.htaccess
msg_ok "Set up Ampache"
msg_info "Configuring Database Connection"
sed -i 's|^database_hostname = .*|database_hostname = "localhost"|' /opt/ampache/config/ampache.cfg.php
sed -i 's|^database_name = .*|database_name = "ampache"|' /opt/ampache/config/ampache.cfg.php
sed -i 's|^database_username = .*|database_username = "ampache"|' /opt/ampache/config/ampache.cfg.php
sed -i "s|^database_password = .*|database_password = \"${MARIADB_DB_PASS}\"|" /opt/ampache/config/ampache.cfg.php
chown -R www-data:www-data /opt/ampache
msg_ok "Configured Database Connection"
msg_info "Importing Database Schema"
mariadb -u ampache -p"${MARIADB_DB_PASS}" ampache </opt/ampache/resources/sql/ampache.sql
msg_ok "Imported Database Schema"
msg_info "Configuring PHP"
sed -i 's/upload_max_filesize = .*/upload_max_filesize = 100M/' /etc/php/8.4/apache2/php.ini
sed -i 's/post_max_size = .*/post_max_size = 100M/' /etc/php/8.4/apache2/php.ini
sed -i 's/max_execution_time = .*/max_execution_time = 600/' /etc/php/8.4/apache2/php.ini
sed -i 's/memory_limit = .*/memory_limit = 512M/' /etc/php/8.4/apache2/php.ini
$STD a2enmod rewrite
$STD systemctl restart apache2
msg_ok "Configured PHP"
motd_ssh
customize
cleanup_lxc

82
install/anytype-install.sh Normal file
View File

@@ -0,0 +1,82 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://anytype.io
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
setup_mongodb
msg_info "Configuring MongoDB Replica Set"
cat <<EOF >>/etc/mongod.conf
replication:
replSetName: "rs0"
EOF
systemctl restart mongod
sleep 3
$STD mongosh --eval 'rs.initiate({_id: "rs0", members: [{_id: 0, host: "127.0.0.1:27017"}]})'
msg_ok "Configured MongoDB Replica Set"
msg_info "Installing Redis Stack"
setup_deb822_repo \
"redis-stack" \
"https://packages.redis.io/gpg" \
"https://packages.redis.io/deb" \
"jammy" \
"main"
$STD apt-get install -y \
redis-stack-server
systemctl enable -q --now redis-stack-server
msg_ok "Installed Redis Stack"
fetch_and_deploy_gh_release "anytype" "grishy/any-sync-bundle" "prebuild" "latest" "/opt/anytype" "any-sync-bundle_*_linux_amd64.tar.gz"
chmod +x /opt/anytype/any-sync-bundle
msg_info "Configuring Anytype"
mkdir -p /opt/anytype/data/storage
cat <<EOF >/opt/anytype/.env
ANY_SYNC_BUNDLE_CONFIG=/opt/anytype/data/bundle-config.yml
ANY_SYNC_BUNDLE_CLIENT_CONFIG=/opt/anytype/data/client-config.yml
ANY_SYNC_BUNDLE_INIT_STORAGE=/opt/anytype/data/storage/
ANY_SYNC_BUNDLE_INIT_EXTERNAL_ADDRS=${LOCAL_IP}
ANY_SYNC_BUNDLE_INIT_MONGO_URI=mongodb://127.0.0.1:27017/
ANY_SYNC_BUNDLE_INIT_REDIS_URI=redis://127.0.0.1:6379/
ANY_SYNC_BUNDLE_LOG_LEVEL=info
EOF
msg_ok "Configured Anytype"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/anytype.service
[Unit]
Description=Anytype Sync Server (any-sync-bundle)
After=network-online.target mongod.service redis-stack-server.service
Wants=network-online.target
Requires=mongod.service redis-stack-server.service
[Service]
Type=simple
User=root
WorkingDirectory=/opt/anytype
EnvironmentFile=/opt/anytype/.env
ExecStart=/opt/anytype/any-sync-bundle start-bundle
Restart=on-failure
RestartSec=10
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now anytype
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

107
install/authelia-install.sh Normal file
View File

@@ -0,0 +1,107 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: thost96 (thost96)
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://www.authelia.com/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
fetch_and_deploy_gh_release "authelia" "authelia/authelia" "binary"
MAX_ATTEMPTS=3
attempt=0
while true; do
attempt=$((attempt + 1))
read -rp "${TAB3}Enter your domain or IP (ex. example.com or 192.168.1.100): " DOMAIN
if [[ -z "$DOMAIN" ]]; then
if ((attempt >= MAX_ATTEMPTS)); then
DOMAIN="${LOCAL_IP:-localhost}"
msg_warn "Using fallback: $DOMAIN"
break
fi
msg_warn "Domain cannot be empty! (Attempt $attempt/$MAX_ATTEMPTS)"
elif [[ "$DOMAIN" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
valid_ip=true
IFS='.' read -ra octets <<< "$DOMAIN"
for octet in "${octets[@]}"; do
if ((octet > 255)); then
valid_ip=false
break
fi
done
if $valid_ip; then
break
else
msg_warn "Invalid IP address!"
fi
elif [[ "$DOMAIN" =~ ^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*\.[a-zA-Z]{2,}$ ]]; then
break
else
msg_warn "Invalid domain format!"
fi
done
msg_info "Setting Authelia up"
touch /etc/authelia/emails.txt
JWT_SECRET=$(openssl rand -hex 64)
SESSION_SECRET=$(openssl rand -hex 64)
STORAGE_KEY=$(openssl rand -hex 64)
if [[ "$DOMAIN" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
AUTHELIA_URL="https://${DOMAIN}:9091"
else
AUTHELIA_URL="https://auth.${DOMAIN}"
fi
echo "$AUTHELIA_URL" > /etc/authelia/.authelia_url
cat <<EOF >/etc/authelia/users.yml
users:
authelia:
disabled: false
displayname: "Authelia Admin"
password: "\$argon2id\$v=19\$m=65536,t=3,p=4\$ZBopMzXrzhHXPEZxRDVT2w\$SxWm96DwhOsZyn34DLocwQEIb4kCDsk632PuiMdZnig"
groups: []
EOF
cat <<EOF >/etc/authelia/configuration.yml
authentication_backend:
file:
path: /etc/authelia/users.yml
access_control:
default_policy: one_factor
session:
secret: "${SESSION_SECRET}"
name: 'authelia_session'
same_site: 'lax'
inactivity: '5m'
expiration: '1h'
remember_me: '1M'
cookies:
- domain: "${DOMAIN}"
authelia_url: "${AUTHELIA_URL}"
storage:
encryption_key: "${STORAGE_KEY}"
local:
path: /etc/authelia/db.sqlite
identity_validation:
reset_password:
jwt_secret: "${JWT_SECRET}"
jwt_lifespan: '5 minutes'
jwt_algorithm: 'HS256'
notifier:
filesystem:
filename: /etc/authelia/emails.txt
EOF
touch /etc/authelia/emails.txt
chown -R authelia:authelia /etc/authelia
systemctl enable -q --now authelia
msg_ok "Authelia Setup completed"
motd_ssh
customize
cleanup_lxc

93
install/checkmate-install.sh Normal file
View File

@@ -0,0 +1,93 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/bluewave-labs/Checkmate
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt-get install -y \
build-essential \
openssl
msg_ok "Installed Dependencies"
MONGO_VERSION="8.0" setup_mongodb
NODE_VERSION="22" setup_nodejs
fetch_and_deploy_gh_release "checkmate" "bluewave-labs/Checkmate"
msg_info "Installing Checkmate Server"
cd /opt/checkmate/server
$STD npm install
msg_ok "Installed Checkmate Server"
msg_info "Installing Checkmate Client"
cd /opt/checkmate/client
$STD npm install
$STD npm run build
msg_ok "Installed Checkmate Client"
msg_info "Configuring Checkmate"
JWT_SECRET="$(openssl rand -hex 32)"
cat <<EOF >/opt/checkmate/server/.env
CLIENT_HOST="http://${LOCAL_IP}:5173"
JWT_SECRET="${JWT_SECRET}"
DB_CONNECTION_STRING="mongodb://localhost:27017/checkmate_db"
TOKEN_TTL="99d"
ORIGIN="${LOCAL_IP}"
LOG_LEVEL="info"
EOF
cat <<EOF >/opt/checkmate/client/.env
VITE_APP_API_BASE_URL="http://${LOCAL_IP}:52345/api/v1"
VITE_APP_LOG_LEVEL="warn"
EOF
msg_ok "Configured Checkmate"
msg_info "Creating Services"
cat <<EOF >/etc/systemd/system/checkmate-server.service
[Unit]
Description=Checkmate Server
After=network.target mongod.service
[Service]
Type=simple
WorkingDirectory=/opt/checkmate/server
EnvironmentFile=/opt/checkmate/server/.env
ExecStart=/usr/bin/npm start
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
cat <<EOF >/etc/systemd/system/checkmate-client.service
[Unit]
Description=Checkmate Client
After=network.target checkmate-server.service
[Service]
Type=simple
WorkingDirectory=/opt/checkmate/client
EnvironmentFile=/opt/checkmate/client/.env
ExecStart=/usr/bin/npm run preview -- --host 0.0.0.0 --port 5173
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now checkmate-server checkmate-client
msg_ok "Created Services"
motd_ssh
customize
cleanup_lxc

31
install/clawdbot-install.sh Normal file
View File

@@ -0,0 +1,31 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: michelroegl-brunner
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/clawdbot/clawdbot
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
build-essential \
git
msg_ok "Installed Dependencies"
NODE_VERSION="24" NODE_MODULE="pnpm@latest" setup_nodejs
curl -fsSL https://clawd.bot/install.sh | bash
motd_ssh
customize
cleanup_lxc

79
install/databasus-install.sh
View File

@@ -14,12 +14,12 @@ network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y nginx
$STD apt install -y \
nginx \
valkey
msg_ok "Installed Dependencies"
import_local_ip
PG_VERSION="17" setup_postgresql
PG_DB_NAME="databasus" PG_DB_USER="databasus" setup_postgresql_db
setup_go
NODE_VERSION="24" setup_nodejs
@@ -36,19 +36,17 @@ $STD go install github.com/swaggo/swag/cmd/swag@latest
$STD /root/go/bin/swag init -g cmd/main.go -o swagger
$STD env CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o databasus ./cmd/main.go
mv /opt/databasus/backend/databasus /opt/databasus/databasus
mkdir -p /opt/databasus_data/{data,backups,logs}
mkdir -p /databasus-data/temp
mkdir -p /databasus-data/{pgdata,temp,backups,data,logs}
mkdir -p /opt/databasus/ui/build
mkdir -p /opt/databasus/migrations
cp -r /opt/databasus/frontend/dist/* /opt/databasus/ui/build/
cp -r /opt/databasus/backend/migrations /opt/databasus/
chown -R postgres:postgres /opt/databasus
chown -R postgres:postgres /opt/databasus_data
cp -r /opt/databasus/backend/migrations/* /opt/databasus/migrations/
chown -R postgres:postgres /databasus-data
msg_ok "Built Databasus"
msg_info "Configuring Databasus"
ADMIN_PASS=$(openssl rand -base64 12)
JWT_SECRET=$(openssl rand -hex 32)
ENCRYPTION_KEY=$(openssl rand -hex 32)
# Create PostgreSQL version symlinks for compatibility
for v in 12 13 14 15 16 18; do
@@ -67,50 +65,67 @@ ENV_MODE=production
SERVER_PORT=4005
SERVER_HOST=0.0.0.0
# Database (Internal PostgreSQL for app data)
DATABASE_DSN=host=localhost user=${PG_DB_USER} password=${PG_DB_PASS} dbname=${PG_DB_NAME} port=5432 sslmode=disable
DATABASE_URL=postgres://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}?sslmode=disable
# Database
DATABASE_DSN=host=localhost user=postgres password=postgres dbname=databasus port=5432 sslmode=disable
DATABASE_URL=postgres://postgres:postgres@localhost:5432/databasus?sslmode=disable
# Migrations
GOOSE_DRIVER=postgres
GOOSE_DBSTRING=postgres://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}?sslmode=disable
GOOSE_DBSTRING=postgres://postgres:postgres@localhost:5432/databasus?sslmode=disable
GOOSE_MIGRATION_DIR=/opt/databasus/migrations
# Valkey (Redis-compatible cache)
VALKEY_HOST=localhost
VALKEY_PORT=6379
# Security
JWT_SECRET=${JWT_SECRET}
ENCRYPTION_KEY=$(openssl rand -hex 32)
# Admin User
ADMIN_EMAIL=admin@localhost
ADMIN_PASSWORD=${ADMIN_PASS}
ENCRYPTION_KEY=${ENCRYPTION_KEY}
# Paths
DATA_DIR=/opt/databasus_data/data
BACKUP_DIR=/opt/databasus_data/backups
LOG_DIR=/opt/databasus_data/logs
# PostgreSQL Tools (for creating backups)
PG_DUMP_PATH=/usr/lib/postgresql/17/bin/pg_dump
PG_RESTORE_PATH=/usr/lib/postgresql/17/bin/pg_restore
PSQL_PATH=/usr/lib/postgresql/17/bin/psql
DATA_DIR=/databasus-data/data
BACKUP_DIR=/databasus-data/backups
LOG_DIR=/databasus-data/logs
EOF
chown postgres:postgres /opt/databasus/.env
chmod 600 /opt/databasus/.env
msg_ok "Configured Databasus"
msg_info "Configuring Valkey"
cat >/etc/valkey/valkey.conf <<EOF
port 6379
bind 127.0.0.1
protected-mode yes
save ""
maxmemory 256mb
maxmemory-policy allkeys-lru
EOF
systemctl enable -q --now valkey-server
systemctl restart valkey-server
msg_ok "Configured Valkey"
msg_info "Creating Database"
# Configure PostgreSQL to allow local password auth for databasus
PG_HBA="/etc/postgresql/17/main/pg_hba.conf"
if ! grep -q "databasus" "$PG_HBA"; then
sed -i '/^local\s*all\s*all/i local databasus postgres trust' "$PG_HBA"
sed -i '/^host\s*all\s*all\s*127/i host databasus postgres 127.0.0.1/32 trust' "$PG_HBA"
systemctl reload postgresql
fi
$STD sudo -u postgres psql -c "CREATE DATABASE databasus;" 2>/dev/null || true
$STD sudo -u postgres psql -c "ALTER USER postgres WITH SUPERUSER CREATEROLE CREATEDB;" 2>/dev/null || true
msg_ok "Created Database"
msg_info "Creating Databasus Service"
cat <<EOF >/etc/systemd/system/databasus.service
[Unit]
Description=Databasus - PostgreSQL Backup Management
After=network.target postgresql.service
Requires=postgresql.service
Description=Databasus - Database Backup Management
After=network.target postgresql.service valkey.service
Requires=postgresql.service valkey.service
[Service]
Type=simple
User=postgres
Group=postgres
WorkingDirectory=/opt/databasus
Environment="PATH=/usr/local/bin:/usr/bin:/bin"
EnvironmentFile=/opt/databasus/.env
ExecStart=/opt/databasus/databasus
Restart=always

173
install/dawarich-install.sh
View File

@@ -1,173 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/Freika/dawarich
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
build-essential \
git \
libpq-dev \
libgeos-dev \
libyaml-dev \
libffi-dev \
libssl-dev \
libjemalloc2 \
imagemagick \
libmagickwand-dev \
libvips-dev \
cmake \
redis-server \
nginx
msg_ok "Installed Dependencies"
PG_VERSION="17" PG_MODULES="postgis-3" setup_postgresql
PG_DB_NAME="dawarich_db" PG_DB_USER="dawarich" PG_DB_EXTENSIONS="postgis" setup_postgresql_db
fetch_and_deploy_gh_release "dawarich" "Freika/dawarich" "tarball" "latest" "/opt/dawarich/app"
msg_info "Setting up Directories"
mkdir -p /opt/dawarich/app/{storage,log,tmp/pids,tmp/cache,tmp/sockets}
msg_ok "Set up Directories"
msg_info "Configuring Environment"
SECRET_KEY_BASE=$(openssl rand -hex 64)
RELEASE=$(get_latest_github_release "Freika/dawarich")
cat <<EOF >/opt/dawarich/.env
RAILS_ENV=production
SECRET_KEY_BASE=${SECRET_KEY_BASE}
DATABASE_HOST=localhost
DATABASE_USERNAME=${PG_DB_USER}
DATABASE_PASSWORD=${PG_DB_PASS}
DATABASE_NAME=${PG_DB_NAME}
REDIS_URL=redis://127.0.0.1:6379/0
BACKGROUND_PROCESSING_CONCURRENCY=10
APPLICATION_HOST=${LOCAL_IP}
APPLICATION_HOSTS=${LOCAL_IP},localhost
TIME_ZONE=UTC
DISABLE_TELEMETRY=true
APP_VERSION=${RELEASE}
EOF
msg_ok "Configured Environment"
NODE_VERSION="22" setup_nodejs
RUBY_VERSION=$(cat /opt/dawarich/app/.ruby-version 2>/dev/null || echo "3.4.6")
RUBY_VERSION=${RUBY_VERSION} RUBY_INSTALL_RAILS="false" setup_ruby
msg_info "Installing Dawarich"
cd /opt/dawarich/app
source /root/.profile
export PATH="/root/.rbenv/shims:/root/.rbenv/bin:$PATH"
eval "$(/root/.rbenv/bin/rbenv init - bash)"
set -a && source /opt/dawarich/.env && set +a
$STD gem install bundler
$STD bundle config set --local deployment 'true'
$STD bundle config set --local without 'development test'
$STD bundle install
if [[ -f /opt/dawarich/package.json ]]; then
cd /opt/dawarich
$STD npm install
cd /opt/dawarich/app
elif [[ -f /opt/dawarich/app/package.json ]]; then
$STD npm install
fi
$STD bundle exec rake assets:precompile
$STD bundle exec rails db:prepare
$STD bundle exec rake data:migrate
msg_ok "Installed Dawarich"
msg_info "Creating Services"
cat <<EOF >/etc/systemd/system/dawarich-web.service
[Unit]
Description=Dawarich Web Server
After=network.target postgresql.service redis-server.service
Requires=postgresql.service redis-server.service
[Service]
Type=simple
WorkingDirectory=/opt/dawarich/app
EnvironmentFile=/opt/dawarich/.env
ExecStart=/root/.rbenv/shims/bundle exec puma -C config/puma.rb
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
cat <<EOF >/etc/systemd/system/dawarich-worker.service
[Unit]
Description=Dawarich Sidekiq Worker
After=network.target postgresql.service redis-server.service
Requires=postgresql.service redis-server.service
[Service]
Type=simple
WorkingDirectory=/opt/dawarich/app
EnvironmentFile=/opt/dawarich/.env
ExecStart=/root/.rbenv/shims/bundle exec sidekiq -C config/sidekiq.yml
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now redis-server dawarich-web dawarich-worker
msg_ok "Created Services"
msg_info "Configuring Nginx"
cat <<EOF >/etc/nginx/sites-available/dawarich.conf
upstream dawarich {
server 127.0.0.1:3000;
}
server {
listen 80;
server_name _;
root /opt/dawarich/app/public;
client_max_body_size 100M;
location ~ ^/(assets|packs)/ {
expires max;
add_header Cache-Control "public, immutable";
try_files \$uri =404;
}
location / {
try_files \$uri @rails;
}
location @rails {
proxy_pass http://dawarich;
proxy_http_version 1.1;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "upgrade";
proxy_redirect off;
proxy_buffering off;
}
}
EOF
ln -sf /etc/nginx/sites-available/dawarich.conf /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default
systemctl enable -q --now nginx
msg_ok "Configured Nginx"
motd_ssh
customize
cleanup_lxc

2
install/deferred/docspell-install.sh
View File

@@ -14,7 +14,7 @@ update_os
msg_info "Setup Functions"
setup_local_ip_helper
import_local_ip
msg_ok "Setup Functions"
msg_info "Installing Dependencies (Patience)"

30
install/ebusd-install.sh Normal file
View File

@@ -0,0 +1,30 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: Joerg Heinemann (heinemannj)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/john30/ebusd
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
setup_deb822_repo \
"ebusd" \
"https://raw.githubusercontent.com/john30/ebusd-debian/master/ebusd.gpg" \
"https://repo.ebusd.eu/apt/default/bookworm/" \
"bookworm" \
"main"
msg_info "Installing ebusd"
$STD apt install -y ebusd
systemctl enable -q ebusd
msg_ok "Installed ebusd"
motd_ssh
customize
cleanup_lxc

2
install/ente-install.sh
View File

@@ -28,7 +28,7 @@ setup_go
NODE_VERSION="24" NODE_MODULE="yarn" setup_nodejs
RUST_CRATES="wasm-pack" setup_rust
$STD rustup target add wasm32-unknown-unknown
import_local_ip
ENTE_CLI_VERSION=$(curl -s https://api.github.com/repos/ente-io/ente/releases | jq -r '[.[] | select(.tag_name | startswith("cli-v"))][0].tag_name')
fetch_and_deploy_gh_release "ente-server" "ente-io/ente" "tarball" "latest" "/opt/ente"

27
install/forgejo-runner-install.sh
View File

@@ -12,19 +12,19 @@ setting_up_container
network_check
update_os
if [[ -z "$var_forgejo_instance" ]]; then
read -rp "Forgejo Instance URL (e.g. https://code.forgejo.org): " var_forgejo_instance
fi
# Get required configuration with sensible fallbacks for unattended mode
# These will show a warning if defaults are used
var_forgejo_instance=$(prompt_input_required \
"Forgejo Instance URL:" \
"${var_forgejo_instance:-https://codeberg.org}" \
120 \
"var_forgejo_instance")
if [[ -z "$var_forgejo_runner_token" ]]; then
read -rp "Forgejo Runner Registration Token: " var_forgejo_runner_token
echo
fi
if [[ -z "$var_forgejo_instance" || -z "$var_forgejo_runner_token" ]]; then
echo "❌ Forgejo instance URL and runner token are required."
exit 1
fi
var_forgejo_runner_token=$(prompt_input_required \
"Forgejo Runner Registration Token:" \
"${var_forgejo_runner_token:-REPLACE_WITH_YOUR_TOKEN}" \
120 \
"var_forgejo_runner_token")
export FORGEJO_INSTANCE="$var_forgejo_instance"
export FORGEJO_RUNNER_TOKEN="$var_forgejo_runner_token"
@@ -78,6 +78,9 @@ EOF
systemctl enable -q --now forgejo-runner
msg_ok "Created Services"
# Show warning if any required values used fallbacks
show_missing_values_warning
motd_ssh
customize
cleanup_lxc

247
install/frigate-install.sh
View File

@@ -7,7 +7,6 @@
# Source: https://frigate.video/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
set +e
color
verb_ip6
catch_errors
@@ -15,48 +14,80 @@ setting_up_container
network_check
update_os
cat <<'EOF' >/etc/apt/sources.list.d/debian.sources
Types: deb deb-src
URIs: http://deb.debian.org/debian
Suites: bookworm
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb deb-src
URIs: http://deb.debian.org/debian
Suites: bookworm-updates
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
Types: deb deb-src
URIs: http://security.debian.org
Suites: bookworm-security
Components: main contrib non-free non-free-firmware
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
EOF
rm -f /etc/apt/sources.list
msg_info "Installing system dependencies"
$STD apt-get install -y jq wget xz-utils python3 python3-dev python3-pip gcc pkg-config libhdf5-dev unzip build-essential automake libtool ccache libusb-1.0-0-dev apt-transport-https cmake git libgtk-3-dev libavcodec-dev libavformat-dev libswscale-dev libv4l-dev libxvidcore-dev libx264-dev libjpeg-dev libpng-dev libtiff-dev gfortran openexr libssl-dev libtbbmalloc2 libtbb-dev libdc1394-dev libopenexr-dev libgstreamer-plugins-base1.0-dev libgstreamer1.0-dev tclsh libopenblas-dev liblapack-dev make moreutils
msg_ok "System dependencies installed"
setup_hwaccel
if [[ "$CTTYPE" == "0" ]]; then
msg_info "Configuring render group for privileged container"
sed -i -e 's/^kvm:x:104:$/render:x:104:root,frigate/' -e 's/^render:x:105:root$/kvm:x:105:/' /etc/group
msg_ok "Privileged container GPU access configured"
else
msg_info "Configuring render group for unprivileged container"
sed -i -e 's/^kvm:x:104:$/render:x:104:frigate/' -e 's/^render:x:105:$/kvm:x:105:/' /etc/group
msg_ok "Unprivileged container GPU access configured"
source /etc/os-release
if [[ "$VERSION_ID" != "12" ]]; then
msg_error "Frigate requires Debian 12 (Bookworm) due to Python 3.11 dependencies"
exit 1
fi
msg_info "Installing Dependencies"
$STD apt-get install -y \
jq \
wget \
xz-utils \
python3 \
python3-dev \
python3-pip \
gcc \
pkg-config \
libhdf5-dev \
unzip \
build-essential \
automake \
libtool \
ccache \
libusb-1.0-0-dev \
apt-transport-https \
cmake \
git \
libgtk-3-dev \
libavcodec-dev \
libavformat-dev \
libswscale-dev \
libv4l-dev \
libxvidcore-dev \
libx264-dev \
libjpeg-dev \
libpng-dev \
libtiff-dev \
gfortran \
openexr \
libssl-dev \
libtbbmalloc2 \
libtbb-dev \
libdc1394-dev \
libopenexr-dev \
libgstreamer-plugins-base1.0-dev \
libgstreamer1.0-dev \
tclsh \
libopenblas-dev \
liblapack-dev \
make \
moreutils
msg_ok "Installed Dependencies"
msg_info "Setting Up Hardware Acceleration"
# Use Debian 12 native packages instead of setup_hwaccel (Intel Arc latest drivers require Debian 13)
$STD apt-get install -y \
vainfo \
intel-media-va-driver-non-free \
intel-gpu-tools \
mesa-va-drivers \
mesa-vulkan-drivers || true
msg_ok "Set Up Hardware Acceleration"
msg_info "Configuring GPU Access"
if [[ "$CTTYPE" == "0" ]]; then
sed -i -e 's/^kvm:x:104:$/render:x:104:root,frigate/' -e 's/^render:x:105:root$/kvm:x:105:/' /etc/group
else
sed -i -e 's/^kvm:x:104:$/render:x:104:frigate/' -e 's/^render:x:105:$/kvm:x:105:/' /etc/group
fi
msg_ok "Configured GPU Access"
export TARGETARCH="amd64"
export CCACHE_DIR=/root/.ccache
export CCACHE_MAXSIZE=2G
export APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=DontWarn
export DEBIAN_FRONTEND=noninteractive
export PIP_BREAK_SYSTEM_PACKAGES=1
export NVIDIA_VISIBLE_DEVICES=all
export NVIDIA_DRIVER_CAPABILITIES="compute,video,utility"
@@ -67,91 +98,73 @@ export HAILORT_LOGGER_PATH=NONE
fetch_and_deploy_gh_release "frigate" "blakeblackshear/frigate" "tarball" "latest" "/opt/frigate"
msg_info "Building Nginx with custom modules"
#sed -i 's|if.*"$VERSION_ID" == "12".*|if [[ "$VERSION_ID" =~ ^(12|13)$ ]]; then|g' /opt/frigate/docker/main/build_nginx.sh
msg_info "Building Nginx"
$STD bash /opt/frigate/docker/main/build_nginx.sh
sed -e '/s6-notifyoncheck/ s/^#*/#/' -i /opt/frigate/docker/main/rootfs/etc/s6-overlay/s6-rc.d/nginx/run
ln -sf /usr/local/nginx/sbin/nginx /usr/local/bin/nginx
msg_ok "Nginx built successfully"
msg_ok "Built Nginx"
msg_info "Building SQLite with custom modules"
#sed -i 's|if.*"$VERSION_ID" == "12".*|if [[ "$VERSION_ID" =~ ^(12|13)$ ]]; then|g' /opt/frigate/docker/main/build_sqlite_vec.sh
msg_info "Building SQLite Extensions"
$STD bash /opt/frigate/docker/main/build_sqlite_vec.sh
msg_ok "SQLite built successfully"
msg_ok "Built SQLite Extensions"
fetch_and_deploy_gh_release "go2rtc" "AlexxIT/go2rtc" "singlefile" "latest" "/usr/local/go2rtc/bin" "go2rtc_linux_amd64"
msg_info "Installing tempio"
export TARGETARCH=amd64
msg_info "Installing Tempio"
sed -i 's|/rootfs/usr/local|/usr/local|g' /opt/frigate/docker/main/install_tempio.sh
$STD bash /opt/frigate/docker/main/install_tempio.sh
ln -sf /usr/local/tempio/bin/tempio /usr/local/bin/tempio
msg_ok "tempio installed"
msg_ok "Installed Tempio"
msg_info "Building libUSB without udev"
msg_info "Building libUSB"
cd /opt
wget -q https://github.com/libusb/libusb/archive/v1.0.26.zip -O v1.0.26.zip
$STD unzip -q v1.0.26.zip
wget -q https://github.com/libusb/libusb/archive/v1.0.26.zip -O libusb.zip
$STD unzip -q libusb.zip
cd libusb-1.0.26
$STD ./bootstrap.sh
$STD ./configure CC='ccache gcc' CCX='ccache g++' --disable-udev --enable-shared
$STD make -j $(nproc --all)
$STD make -j "$(nproc)"
cd /opt/libusb-1.0.26/libusb
mkdir -p '/usr/local/lib'
$STD bash ../libtool --mode=install /usr/bin/install -c libusb-1.0.la '/usr/local/lib'
mkdir -p '/usr/local/include/libusb-1.0'
$STD install -c -m 644 libusb.h '/usr/local/include/libusb-1.0'
mkdir -p '/usr/local/lib/pkgconfig'
mkdir -p /usr/local/lib /usr/local/include/libusb-1.0 /usr/local/lib/pkgconfig
$STD bash ../libtool --mode=install /usr/bin/install -c libusb-1.0.la /usr/local/lib
install -c -m 644 libusb.h /usr/local/include/libusb-1.0
cd /opt/libusb-1.0.26/
$STD install -c -m 644 libusb-1.0.pc '/usr/local/lib/pkgconfig'
install -c -m 644 libusb-1.0.pc /usr/local/lib/pkgconfig
ldconfig
msg_ok "libUSB built successfully"
msg_ok "Built libUSB"
#msg_info "Setting up Python"
#$STD update-alternatives --install /usr/bin/python3 python3 /usr/bin/python3 1
#msg_ok "Python configured"
#msg_info "Initializing pip"
#wget -q https://bootstrap.pypa.io/get-pip.py -O /tmp/get-pip.py
#sed -i 's/args.append("setuptools")/args.append("setuptools==77.0.3")/' /tmp/get-pip.py
#$STD python3 /tmp/get-pip.py "pip"
#msg_ok "Pip initialized"
msg_info "Installing Python dependencies from requirements"
msg_info "Installing Python Dependencies"
$STD pip3 install -r /opt/frigate/docker/main/requirements.txt
msg_ok "Python dependencies installed"
msg_ok "Installed Python Dependencies"
msg_info "Building pysqlite3"
msg_info "Building Python Wheels (Patience)"
mkdir -p /wheels
sed -i 's|^SQLITE3_VERSION=.*|SQLITE3_VERSION="version-3.46.0"|g' /opt/frigate/docker/main/build_pysqlite3.sh
$STD bash /opt/frigate/docker/main/build_pysqlite3.sh
mkdir -p /wheels
for i in {1..3}; do
msg_info "Building wheels (attempt $i/3)..."
pip3 wheel --wheel-dir=/wheels -r /opt/frigate/docker/main/requirements-wheels.txt --default-timeout=300 --retries=3 && break
if [[ $i -lt 3 ]]; then sleep 10; fi
$STD pip3 wheel --wheel-dir=/wheels -r /opt/frigate/docker/main/requirements-wheels.txt --default-timeout=300 --retries=3 && break
[[ $i -lt 3 ]] && sleep 10
done
msg_ok "pysqlite3 built successfully"
msg_ok "Built Python Wheels"
NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
msg_info "Downloading inference models"
msg_info "Downloading Inference Models"
mkdir -p /models /openvino-model
wget -q -O edgetpu_model.tflite https://github.com/google-coral/test_data/raw/release-frogfish/ssdlite_mobiledet_coco_qat_postprocess_edgetpu.tflite
cd /models
wget -q -O cpu_model.tflite https://github.com/google-coral/test_data/raw/release-frogfish/ssdlite_mobiledet_coco_qat_postprocess.tflite
wget -q -O /models/cpu_model.tflite https://github.com/google-coral/test_data/raw/release-frogfish/ssdlite_mobiledet_coco_qat_postprocess.tflite
cp /opt/frigate/labelmap.txt /labelmap.txt
msg_ok "Inference models downloaded"
msg_ok "Downloaded Inference Models"
msg_info "Downloading audio classification model"
cd /
wget -q -O yamnet-tflite.tar.gz https://www.kaggle.com/api/v1/models/google/yamnet/tfLite/classification-tflite/1/download
$STD tar xzf yamnet-tflite.tar.gz
mv 1.tflite cpu_audio_model.tflite
msg_info "Downloading Audio Model"
wget -q -O /tmp/yamnet.tar.gz https://www.kaggle.com/api/v1/models/google/yamnet/tfLite/classification-tflite/1/download
$STD tar xzf /tmp/yamnet.tar.gz -C /
mv /1.tflite /cpu_audio_model.tflite
cp /opt/frigate/audio-labelmap.txt /audio-labelmap.txt
rm -f yamnet-tflite.tar.gz
msg_ok "Audio model prepared"
rm -f /tmp/yamnet.tar.gz
msg_ok "Downloaded Audio Model"
msg_info "Building HailoRT runtime"
msg_info "Installing HailoRT Runtime"
$STD bash /opt/frigate/docker/main/install_hailort.sh
cp -a /opt/frigate/docker/main/rootfs/. /
sed -i '/^.*unset DEBIAN_FRONTEND.*$/d' /opt/frigate/docker/main/install_deps.sh
@@ -160,25 +173,24 @@ echo "libedgetpu1-max libedgetpu/install-confirm-max boolean true" | debconf-set
$STD bash /opt/frigate/docker/main/install_deps.sh
$STD pip3 install -U /wheels/*.whl
ldconfig
$STD pip3 install -U /wheels/*.whl
msg_ok "HailoRT runtime built"
msg_ok "Installed HailoRT Runtime"
msg_info "Installing OpenVino runtime and libraries"
msg_info "Installing OpenVino"
$STD pip3 install -r /opt/frigate/docker/main/requirements-ov.txt
msg_ok "OpenVino installed"
msg_ok "Installed OpenVino"
msg_info "Preparing OpenVino inference model"
msg_info "Building OpenVino Model"
cd /models
wget -q http://download.tensorflow.org/models/object_detection/ssdlite_mobilenet_v2_coco_2018_05_09.tar.gz
$STD tar -zxf ssdlite_mobilenet_v2_coco_2018_05_09.tar.gz --no-same-owner
$STD python3 /opt/frigate/docker/main/build_ov_model.py
cp -r /models/ssdlite_mobilenet_v2.xml /openvino-model/
cp -r /models/ssdlite_mobilenet_v2.bin /openvino-model/
cp /models/ssdlite_mobilenet_v2.xml /openvino-model/
cp /models/ssdlite_mobilenet_v2.bin /openvino-model/
wget -q https://github.com/openvinotoolkit/open_model_zoo/raw/master/data/dataset_classes/coco_91cl_bkgr.txt -O /openvino-model/coco_91cl_bkgr.txt
sed -i 's/truck/car/g' /openvino-model/coco_91cl_bkgr.txt
msg_ok "OpenVino model prepared"
msg_ok "Built OpenVino Model"
msg_info "Building Frigate application"
msg_info "Building Frigate Application (Patience)"
cd /opt/frigate
$STD pip3 install -r /opt/frigate/docker/main/requirements-dev.txt
$STD bash /opt/frigate/.devcontainer/initialize.sh
@@ -187,31 +199,22 @@ cd /opt/frigate/web
$STD npm install
$STD npm run build
cp -r /opt/frigate/web/dist/* /opt/frigate/web/
cd /opt/frigate
sed -i '/^s6-svc -O \.$/s/^/#/' /opt/frigate/docker/main/rootfs/etc/s6-overlay/s6-rc.d/frigate/run
msg_ok "Frigate application built"
msg_ok "Built Frigate Application"
msg_info "Preparing configuration directories"
msg_info "Configuring Frigate"
mkdir -p /config /media/frigate
cp -r /opt/frigate/config/. /config
msg_ok "Configuration directories prepared"
msg_info "Setting up sample video"
curl -fsSL "https://github.com/intel-iot-devkit/sample-videos/raw/master/person-bicycle-car-detection.mp4" -o "/media/frigate/person-bicycle-car-detection.mp4"
msg_ok "Sample video downloaded"
msg_info "Configuring tmpfs cache"
echo "tmpfs /tmp/cache tmpfs defaults 0 0" >>/etc/fstab
msg_ok "Cache tmpfs configured"
msg_info "Creating environment configuration"
cat <<EOF >/etc/frigate.env
DEFAULT_FFMPEG_VERSION="7.0"
INCLUDED_FFMPEG_VERSIONS="7.0:5.0"
EOF
msg_ok "Environment file created"
msg_info "Creating base Frigate configuration"
cat <<EOF >/config/config.yml
mqtt:
enabled: false
@@ -233,12 +236,8 @@ auth:
detect:
enabled: false
EOF
msg_ok "Base Frigate configuration created"
msg_info "Configuring object detection model"
if grep -q -o -m1 -E 'avx[^ ]* | sse4_2' /proc/cpuinfo; then
msg_ok "AVX or SSE 4.2 support detected"
msg_info "Configuring hardware-accelerated OpenVino model"
if grep -q -o -m1 -E 'avx[^ ]*|sse4_2' /proc/cpuinfo; then
cat <<EOF >>/config/config.yml
ffmpeg:
hwaccel_args: auto
@@ -253,19 +252,17 @@ model:
path: /openvino-model/ssdlite_mobilenet_v2.xml
labelmap_path: /openvino-model/coco_91cl_bkgr.txt
EOF
msg_ok "OpenVino model configured"
else
msg_info "Configuring CPU-only object detection model"
cat <<EOF >>/config/config.yml
ffmpeg:
hwaccel_args: auto
model:
path: /cpu_model.tflite
EOF
msg_ok "CPU model configured"
fi
msg_ok "Configured Frigate"
msg_info "Creating systemd services"
msg_info "Creating Services"
cat <<EOF >/etc/systemd/system/create_directories.service
[Unit]
Description=Create necessary directories for Frigate logs
@@ -291,7 +288,7 @@ Restart=always
RestartSec=1
User=root
EnvironmentFile=/etc/frigate.env
ExecStartPre=+rm /dev/shm/logs/go2rtc/current
ExecStartPre=+rm -f /dev/shm/logs/go2rtc/current
ExecStart=/bin/bash -c "bash /opt/frigate/docker/main/rootfs/etc/s6-overlay/s6-rc.d/go2rtc/run 2> >(/usr/bin/ts '%%Y-%%m-%%d %%H:%%M:%%.S ' >&2) | /usr/bin/ts '%%Y-%%m-%%d %%H:%%M:%%.S '"
StandardOutput=file:/dev/shm/logs/go2rtc/current
StandardError=file:/dev/shm/logs/go2rtc/current
@@ -312,7 +309,7 @@ Restart=always
RestartSec=1
User=root
EnvironmentFile=/etc/frigate.env
ExecStartPre=+rm /dev/shm/logs/frigate/current
ExecStartPre=+rm -f /dev/shm/logs/frigate/current
ExecStart=/bin/bash -c "bash /opt/frigate/docker/main/rootfs/etc/s6-overlay/s6-rc.d/frigate/run 2> >(/usr/bin/ts '%%Y-%%m-%%d %%H:%%M:%%.S ' >&2) | /usr/bin/ts '%%Y-%%m-%%d %%H:%%M:%%.S '"
StandardOutput=file:/dev/shm/logs/frigate/current
StandardError=file:/dev/shm/logs/frigate/current
@@ -332,7 +329,7 @@ Type=simple
Restart=always
RestartSec=1
User=root
ExecStartPre=+rm /dev/shm/logs/nginx/current
ExecStartPre=+rm -f /dev/shm/logs/nginx/current
ExecStart=/bin/bash -c "bash /opt/frigate/docker/main/rootfs/etc/s6-overlay/s6-rc.d/nginx/run 2> >(/usr/bin/ts '%%Y-%%m-%%d %%H:%%M:%%.S ' >&2) | /usr/bin/ts '%%Y-%%m-%%d %%H:%%M:%%.S '"
StandardOutput=file:/dev/shm/logs/nginx/current
StandardError=file:/dev/shm/logs/nginx/current
@@ -341,7 +338,7 @@ StandardError=file:/dev/shm/logs/nginx/current
WantedBy=multi-user.target
EOF
$STD systemctl daemon-reload
systemctl daemon-reload
systemctl enable -q --now create_directories
sleep 2
systemctl enable -q --now go2rtc
@@ -349,13 +346,11 @@ sleep 2
systemctl enable -q --now frigate
sleep 2
systemctl enable -q --now nginx
msg_ok "Systemd services created and enabled"
msg_ok "Created Services"
msg_info "Cleaning up temporary files and caches"
rm -rf /opt/v*.zip /opt/libusb-1.0.26 /tmp/get-pip.py
$STD apt-get -y autoremove
$STD apt-get -y autoclean
msg_ok "Cleanup completed"
msg_info "Cleaning Up"
rm -rf /opt/libusb.zip /opt/libusb-1.0.26 /wheels /models/*.tar.gz
msg_ok "Cleaned Up"
motd_ssh
customize

45
install/ghost-install.sh Normal file
View File

@@ -0,0 +1,45 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: fabrice1236
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://ghost.org/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
nginx \
ca-certificates \
libjemalloc2 \
git
msg_ok "Installed Dependencies"
setup_mariadb
MARIADB_DB_NAME="ghost" MARIADB_DB_USER="ghostuser" setup_mariadb_db
NODE_VERSION="22" setup_nodejs
msg_info "Installing Ghost CLI"
$STD npm install ghost-cli@latest -g
msg_ok "Installed Ghost CLI"
msg_info "Creating Service"
$STD adduser --disabled-password --gecos "Ghost user" ghost-user
$STD usermod -aG sudo ghost-user
echo "ghost-user ALL=(ALL) NOPASSWD:ALL" | tee /etc/sudoers.d/ghost-user
mkdir -p /var/www/ghost
chown -R ghost-user:ghost-user /var/www/ghost
chmod 775 /var/www/ghost
$STD sudo -u ghost-user -H sh -c "cd /var/www/ghost && ghost install --db=mysql --dbhost=localhost --dbuser=$MARIADB_DB_USER --dbpass=$MARIADB_DB_PASS --dbname=$MARIADB_DB_NAME --url=http://localhost:2368 --no-prompt --no-setup-nginx --no-setup-ssl --no-setup-mysql --enable --start --ip 0.0.0.0"
rm /etc/sudoers.d/ghost-user
msg_ok "Creating Service"
motd_ssh
customize
cleanup_lxc

488
install/immich-install.sh Normal file
View File

@@ -0,0 +1,488 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: vhsdream
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://immich.app
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
echo ""
echo ""
echo -e "🤖 ${BL}Immich Machine Learning Options${CL}"
echo "─────────────────────────────────────────"
echo "Please choose your machine-learning type:"
echo ""
echo " 1) CPU only (default)"
echo " 2) Intel OpenVINO (requires GPU passthrough)"
echo ""
read -r -p "${TAB3}Select machine-learning type [1]: " ML_TYPE
ML_TYPE="${ML_TYPE:-1}"
if [[ "$ML_TYPE" == "2" ]]; then
msg_info "Installing OpenVINO dependencies"
touch ~/.openvino
$STD apt install -y --no-install-recommends patchelf
tmp_dir=$(mktemp -d)
$STD pushd "$tmp_dir"
curl -fsSLO https://raw.githubusercontent.com/immich-app/base-images/refs/heads/main/server/Dockerfile
readarray -t INTEL_URLS < <(
sed -n "/intel-[igc|opencl]/p" ./Dockerfile | awk '{print $2}'
sed -n "/libigdgmm12/p" ./Dockerfile | awk '{print $3}'
)
for url in "${INTEL_URLS[@]}"; do
curl -fsSLO "$url"
done
$STD apt install -y ./libigdgmm12*.deb
rm ./libigdgmm12*.deb
$STD apt install -y ./*.deb
$STD apt-mark hold libigdgmm12
$STD popd
rm -rf "$tmp_dir"
dpkg-query -W -f='${Version}\n' intel-opencl-icd >~/.intel_version
msg_ok "Installed OpenVINO dependencies"
fi
setup_uv
msg_info "Installing dependencies"
$STD apt install --no-install-recommends -y \
git \
redis \
autoconf \
build-essential \
python3-dev \
automake \
cmake \
jq \
libtool \
libltdl-dev \
libgdk-pixbuf-2.0-dev \
libbrotli-dev \
libexif-dev \
libexpat1-dev \
libglib2.0-dev \
libgsf-1-dev \
libjpeg62-turbo-dev \
libspng-dev \
liblcms2-dev \
libopenexr-dev \
libgif-dev \
librsvg2-dev \
libexpat1 \
libgcc-s1 \
libgomp1 \
liblqr-1-0 \
libltdl7 \
libopenjp2-7 \
meson \
ninja-build \
pkg-config \
mesa-utils \
mesa-va-drivers \
mesa-vulkan-drivers \
ocl-icd-libopencl1 \
tini \
zlib1g \
libio-compress-brotli-perl \
libwebp7 \
libwebpdemux2 \
libwebpmux3 \
libhwy1t64 \
libdav1d-dev \
libhwy-dev \
libwebp-dev \
libaom-dev \
ccache
setup_deb822_repo \
"jellyfin" \
"https://repo.jellyfin.org/jellyfin_team.gpg.key" \
"https://repo.jellyfin.org/debian" \
"$(get_os_info codename)"
$STD apt install -y jellyfin-ffmpeg7
ln -sf /usr/lib/jellyfin-ffmpeg/ffmpeg /usr/bin/ffmpeg
ln -sf /usr/lib/jellyfin-ffmpeg/ffprobe /usr/bin/ffprobe
# Set permissions for /dev/dri (only in privileged containers and if /dev/dri exists)
if [[ "$CTTYPE" == "0" && -d /dev/dri ]]; then
chgrp video /dev/dri 2>/dev/null || true
chmod 755 /dev/dri 2>/dev/null || true
chmod 660 /dev/dri/* 2>/dev/null || true
$STD adduser "$(id -u -n)" video 2>/dev/null || true
$STD adduser "$(id -u -n)" render 2>/dev/null || true
fi
msg_ok "Dependencies Installed"
msg_info "Installing Mise"
curl -fSs https://mise.jdx.dev/gpg-key.pub | tee /etc/apt/keyrings/mise-archive-keyring.pub 1>/dev/null
echo "deb [signed-by=/etc/apt/keyrings/mise-archive-keyring.pub arch=amd64] https://mise.jdx.dev/deb stable main" >/etc/apt/sources.list.d/mise.list
$STD apt update
$STD apt install -y mise
msg_ok "Installed Mise"
msg_info "Configuring Debian Testing Repo"
sed -i 's/ trixie-updates/ trixie-updates testing/g' /etc/apt/sources.list.d/debian.sources
cat <<EOF >/etc/apt/preferences.d/preferences
Package: *
Pin: release a=unstable
Pin-Priority: 450
Package: *
Pin:release a=testing
Pin-Priority: 450
EOF
$STD apt update
msg_ok "Configured Debian Testing repo"
msg_info "Installing packages from Debian Testing repo"
$STD apt install -t testing --no-install-recommends -yqq libmimalloc3 libde265-dev
msg_ok "Installed packages from Debian Testing repo"
PNPM_VERSION="$(curl -fsSL "https://raw.githubusercontent.com/immich-app/immich/refs/heads/main/package.json" | jq -r '.packageManager | split("@")[1]')"
NODE_VERSION="24" NODE_MODULE="pnpm@${PNPM_VERSION}" setup_nodejs
PG_VERSION="16" PG_MODULES="pgvector" setup_postgresql
VCHORD_RELEASE="0.5.3"
msg_info "Installing Vectorchord v${VCHORD_RELEASE}"
curl -fsSL "https://github.com/tensorchord/VectorChord/releases/download/${VCHORD_RELEASE}/postgresql-16-vchord_${VCHORD_RELEASE}-1_amd64.deb" -o vchord.deb
$STD apt install -y ./vchord.deb
rm vchord.deb
echo "$VCHORD_RELEASE" >~/.vchord_version
msg_ok "Installed Vectorchord v${VCHORD_RELEASE}"
sed -i -e "/^#shared_preload/s/^#//;/^shared_preload/s/''/'vchord.so'/" /etc/postgresql/16/main/postgresql.conf
systemctl restart postgresql.service
PG_DB_NAME="immich" PG_DB_USER="immich" PG_DB_GRANT_SUPERUSER="true" PG_DB_SKIP_ALTER_ROLE="true" setup_postgresql_db
msg_info "Compiling Custom Photo-processing Library (extreme patience)"
LD_LIBRARY_PATH=/usr/local/lib
export LD_RUN_PATH=/usr/local/lib
STAGING_DIR=/opt/staging
BASE_REPO="https://github.com/immich-app/base-images"
BASE_DIR=${STAGING_DIR}/base-images
SOURCE_DIR=${STAGING_DIR}/image-source
$STD git clone -b main "$BASE_REPO" "$BASE_DIR"
mkdir -p "$SOURCE_DIR"
msg_info "(1/5) Compiling libjxl"
cd "$STAGING_DIR"
SOURCE=${SOURCE_DIR}/libjxl
JPEGLI_LIBJPEG_LIBRARY_SOVERSION="62"
JPEGLI_LIBJPEG_LIBRARY_VERSION="62.3.0"
: "${LIBJXL_REVISION:=$(jq -cr '.revision' $BASE_DIR/server/sources/libjxl.json)}"
$STD git clone https://github.com/libjxl/libjxl.git "$SOURCE"
cd "$SOURCE"
$STD git reset --hard "$LIBJXL_REVISION"
$STD git submodule update --init --recursive --depth 1 --recommend-shallow
$STD git apply "$BASE_DIR"/server/sources/libjxl-patches/jpegli-empty-dht-marker.patch
$STD git apply "$BASE_DIR"/server/sources/libjxl-patches/jpegli-icc-warning.patch
mkdir build
cd build
$STD cmake \
-DCMAKE_BUILD_TYPE=Release \
-DBUILD_TESTING=OFF \
-DJPEGXL_ENABLE_DOXYGEN=OFF \
-DJPEGXL_ENABLE_MANPAGES=OFF \
-DJPEGXL_ENABLE_PLUGIN_GIMP210=OFF \
-DJPEGXL_ENABLE_BENCHMARK=OFF \
-DJPEGXL_ENABLE_EXAMPLES=OFF \
-DJPEGXL_FORCE_SYSTEM_BROTLI=ON \
-DJPEGXL_FORCE_SYSTEM_HWY=ON \
-DJPEGXL_ENABLE_JPEGLI=ON \
-DJPEGXL_ENABLE_JPEGLI_LIBJPEG=ON \
-DJPEGXL_INSTALL_JPEGLI_LIBJPEG=ON \
-DJPEGXL_ENABLE_PLUGINS=ON \
-DJPEGLI_LIBJPEG_LIBRARY_SOVERSION="$JPEGLI_LIBJPEG_LIBRARY_SOVERSION" \
-DJPEGLI_LIBJPEG_LIBRARY_VERSION="$JPEGLI_LIBJPEG_LIBRARY_VERSION" \
-DLIBJPEG_TURBO_VERSION_NUMBER=2001005 \
..
$STD cmake --build . -- -j"$(nproc)"
$STD cmake --install .
ldconfig /usr/local/lib
$STD make clean
cd "$STAGING_DIR"
rm -rf "$SOURCE"/{build,third_party}
msg_ok "(1/5) Compiled libjxl"
msg_info "(2/5) Compiling libheif"
SOURCE=${SOURCE_DIR}/libheif
: "${LIBHEIF_REVISION:=$(jq -cr '.revision' $BASE_DIR/server/sources/libheif.json)}"
$STD git clone https://github.com/strukturag/libheif.git "$SOURCE"
cd "$SOURCE"
$STD git reset --hard "$LIBHEIF_REVISION"
mkdir build
cd build
$STD cmake --preset=release-noplugins \
-DWITH_DAV1D=ON \
-DENABLE_PARALLEL_TILE_DECODING=ON \
-DWITH_LIBSHARPYUV=ON \
-DWITH_LIBDE265=ON \
-DWITH_AOM_DECODER=OFF \
-DWITH_AOM_ENCODER=ON \
-DWITH_X265=OFF \
-DWITH_EXAMPLES=OFF \
..
$STD make install -j "$(nproc)"
ldconfig /usr/local/lib
$STD make clean
cd "$STAGING_DIR"
rm -rf "$SOURCE"/build
msg_ok "(2/5) Compiled libheif"
msg_info "(3/5) Compiling libraw"
SOURCE=${SOURCE_DIR}/libraw
: "${LIBRAW_REVISION:=$(jq -cr '.revision' $BASE_DIR/server/sources/libraw.json)}"
$STD git clone https://github.com/libraw/libraw.git "$SOURCE"
cd "$SOURCE"
$STD git reset --hard "$LIBRAW_REVISION"
$STD autoreconf --install
$STD ./configure --disable-examples
$STD make -j"$(nproc)"
$STD make install
ldconfig /usr/local/lib
$STD make clean
cd "$STAGING_DIR"
msg_ok "(3/5) Compiled libraw"
msg_info "(4/5) Compiling imagemagick"
SOURCE=$SOURCE_DIR/imagemagick
: "${IMAGEMAGICK_REVISION:=$(jq -cr '.revision' $BASE_DIR/server/sources/imagemagick.json)}"
$STD git clone https://github.com/ImageMagick/ImageMagick.git "$SOURCE"
cd "$SOURCE"
$STD git reset --hard "$IMAGEMAGICK_REVISION"
$STD ./configure --with-modules CPPFLAGS="-DMAGICK_LIBRAW_VERSION_TAIL=202502"
$STD make -j"$(nproc)"
$STD make install
ldconfig /usr/local/lib
$STD make clean
cd "$STAGING_DIR"
msg_ok "(4/5) Compiled imagemagick"
msg_info "(5/5) Compiling libvips"
SOURCE=$SOURCE_DIR/libvips
: "${LIBVIPS_REVISION:=$(jq -cr '.revision' $BASE_DIR/server/sources/libvips.json)}"
$STD git clone https://github.com/libvips/libvips.git "$SOURCE"
cd "$SOURCE"
$STD git reset --hard "$LIBVIPS_REVISION"
$STD meson setup build --buildtype=release --libdir=lib -Dintrospection=disabled -Dtiff=disabled
cd build
$STD ninja install
ldconfig /usr/local/lib
cd "$STAGING_DIR"
rm -rf "$SOURCE"/build
msg_ok "(5/5) Compiled libvips"
{
echo "imagemagick: $IMAGEMAGICK_REVISION"
echo "libheif: $LIBHEIF_REVISION"
echo "libjxl: $LIBJXL_REVISION"
echo "libraw: $LIBRAW_REVISION"
echo "libvips: $LIBVIPS_REVISION"
} >~/.immich_library_revisions
msg_ok "Custom Photo-processing Libraries Compiled Successfully"
INSTALL_DIR="/opt/${APPLICATION}"
UPLOAD_DIR="${INSTALL_DIR}/upload"
SRC_DIR="${INSTALL_DIR}/source"
APP_DIR="${INSTALL_DIR}/app"
PLUGIN_DIR="${APP_DIR}/corePlugin"
ML_DIR="${APP_DIR}/machine-learning"
GEO_DIR="${INSTALL_DIR}/geodata"
mkdir -p "$INSTALL_DIR"
mkdir -p {"${APP_DIR}","${UPLOAD_DIR}","${GEO_DIR}","${INSTALL_DIR}"/cache}
fetch_and_deploy_gh_release "immich" "immich-app/immich" "tag" "v2.5.2" "$SRC_DIR"
msg_info "Installing Immich (patience)"
cd "$SRC_DIR"/server
export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
export CI=1
corepack enable
# server build
export SHARP_IGNORE_GLOBAL_LIBVIPS=true
$STD pnpm --filter immich --frozen-lockfile build
unset SHARP_IGNORE_GLOBAL_LIBVIPS
export SHARP_FORCE_GLOBAL_LIBVIPS=true
$STD pnpm --filter immich --frozen-lockfile --prod --no-optional deploy "$APP_DIR"
cp "$APP_DIR"/package.json "$APP_DIR"/bin
sed -i 's|^start|./start|' "$APP_DIR"/bin/immich-admin
# openapi & web build
cd "$SRC_DIR"
echo "packageImportMethod: hardlink" >>./pnpm-workspace.yaml
$STD pnpm --filter @immich/sdk --filter immich-web --frozen-lockfile --force install
unset SHARP_FORCE_GLOBAL_LIBVIPS
export SHARP_IGNORE_GLOBAL_LIBVIPS=true
$STD pnpm --filter @immich/sdk --filter immich-web build
cp -a web/build "$APP_DIR"/www
cp LICENSE "$APP_DIR"
# cli build
$STD pnpm --filter @immich/sdk --filter @immich/cli --frozen-lockfile install
$STD pnpm --filter @immich/sdk --filter @immich/cli build
$STD pnpm --filter @immich/cli --prod --no-optional deploy "$APP_DIR"/cli
# plugins
cd "$SRC_DIR"
$STD mise trust --ignore ./mise.toml
$STD mise trust ./plugins/mise.toml
cd plugins
$STD mise install
$STD mise run build
mkdir -p "$PLUGIN_DIR"
cp -r ./dist "$PLUGIN_DIR"/dist
cp ./manifest.json "$PLUGIN_DIR"
msg_ok "Installed Immich Server, Web and Plugin Components"
cd "$SRC_DIR"/machine-learning
$STD useradd -U -s /usr/sbin/nologin -r -M -d "$INSTALL_DIR" immich
mkdir -p "$ML_DIR" && chown -R immich:immich "$INSTALL_DIR"
export VIRTUAL_ENV="${ML_DIR}/ml-venv"
if [[ -f ~/.openvino ]]; then
msg_info "Installing HW-accelerated machine-learning"
$STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv sync --extra openvino --no-dev --active --link-mode copy -n -p python3.13 --managed-python
patchelf --clear-execstack "${VIRTUAL_ENV}/lib/python3.13/site-packages/onnxruntime/capi/onnxruntime_pybind11_state.cpython-313-x86_64-linux-gnu.so"
msg_ok "Installed HW-accelerated machine-learning"
else
msg_info "Installing machine-learning"
$STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv sync --extra cpu --no-dev --active --link-mode copy -n -p python3.11 --managed-python
msg_ok "Installed machine-learning"
fi
cd "$SRC_DIR"
cp -a machine-learning/{ann,immich_ml} "$ML_DIR"
if [[ -f ~/.openvino ]]; then
sed -i "/intra_op/s/int = 0/int = os.cpu_count() or 0/" "$ML_DIR"/immich_ml/config.py
fi
ln -sf "$APP_DIR"/resources "$INSTALL_DIR"
cd "$APP_DIR"
grep -rl /usr/src | xargs -n1 sed -i "s|\/usr/src|$INSTALL_DIR|g"
grep -rlE "'/build'" | xargs -n1 sed -i "s|'/build'|'$APP_DIR'|g"
sed -i "s@\"/cache\"@\"$INSTALL_DIR/cache\"@g" "$ML_DIR"/immich_ml/config.py
ln -s "$UPLOAD_DIR" "$APP_DIR"/upload
ln -s "$UPLOAD_DIR" "$ML_DIR"/upload
msg_info "Installing GeoNames data"
cd "$GEO_DIR"
curl -fsSLZ -O "https://download.geonames.org/export/dump/admin1CodesASCII.txt" \
-O "https://download.geonames.org/export/dump/admin2Codes.txt" \
-O "https://download.geonames.org/export/dump/cities500.zip" \
-O "https://raw.githubusercontent.com/nvkelso/natural-earth-vector/v5.1.2/geojson/ne_10m_admin_0_countries.geojson"
unzip -q cities500.zip
date --iso-8601=seconds | tr -d "\n" >geodata-date.txt
rm cities500.zip
cd "$INSTALL_DIR"
ln -s "$GEO_DIR" "$APP_DIR"
msg_ok "Installed GeoNames data"
mkdir -p /var/log/immich
touch /var/log/immich/{web.log,ml.log}
msg_ok "Installed Immich"
msg_info "Modifying user, creating env file, scripts & services"
usermod -aG video,render immich
cat <<EOF >"${INSTALL_DIR}"/.env
TZ=$(cat /etc/timezone)
IMMICH_VERSION=release
NODE_ENV=production
IMMICH_ALLOW_SETUP=true
DB_HOSTNAME=127.0.0.1
DB_USERNAME=${PG_DB_USER}
DB_PASSWORD=${PG_DB_PASS}
DB_DATABASE_NAME=${PG_DB_NAME}
DB_VECTOR_EXTENSION=vectorchord
REDIS_HOSTNAME=127.0.0.1
IMMICH_MACHINE_LEARNING_URL=http://127.0.0.1:3003
MACHINE_LEARNING_CACHE_FOLDER=${INSTALL_DIR}/cache
## - For OpenVINO only - workaround for onnxruntime-openvino 1.23.x crash
## - See: https://github.com/immich-app/immich/pull/11240
MACHINE_LEARNING_OPENVINO_NUM_THREADS=$(nproc)
## - Uncomment below to increase inference speed while reducing accuracy
# MACHINE_LEARNING_OPENVINO_PRECISION=FP16
IMMICH_MEDIA_LOCATION=${UPLOAD_DIR}
EOF
cat <<EOF >"${ML_DIR}"/ml_start.sh
#!/usr/bin/env bash
cd ${ML_DIR}
. ${VIRTUAL_ENV}/bin/activate
set -a
. ${INSTALL_DIR}/.env
set +a
python3 -m immich_ml
EOF
cat <<EOF >"$APP_DIR"/bin/start.sh
#!/usr/bin/env bash
set -a
. ${INSTALL_DIR}/.env
set +a
/usr/bin/node ${APP_DIR}/dist/main.js "\$@"
EOF
chmod +x "$ML_DIR"/ml_start.sh "$APP_DIR"/bin/start.sh
cat <<EOF >/etc/systemd/system/"${APPLICATION}"-web.service
[Unit]
Description=${APPLICATION} Web Service
After=network.target
Requires=redis-server.service
Requires=postgresql.service
Requires=immich-ml.service
[Service]
Type=simple
User=immich
Group=immich
UMask=0077
WorkingDirectory=${APP_DIR}
EnvironmentFile=${INSTALL_DIR}/.env
ExecStart=/usr/bin/node ${APP_DIR}/dist/main
Restart=on-failure
SyslogIdentifier=immich-web
StandardOutput=append:/var/log/immich/web.log
StandardError=append:/var/log/immich/web.log
[Install]
WantedBy=multi-user.target
EOF
cat <<EOF >/etc/systemd/system/"${APPLICATION}"-ml.service
[Unit]
Description=${APPLICATION} Machine-Learning
After=network.target
[Service]
Type=simple
UMask=0077
User=immich
Group=immich
WorkingDirectory=${APP_DIR}
EnvironmentFile=${INSTALL_DIR}/.env
ExecStart=${ML_DIR}/ml_start.sh
Restart=on-failure
SyslogIdentifier=immich-machine-learning
StandardOutput=append:/var/log/immich/ml.log
StandardError=append:/var/log/immich/ml.log
[Install]
WantedBy=multi-user.target
EOF
chown -R immich:immich "$INSTALL_DIR" /var/log/immich
systemctl enable -q --now "$APPLICATION"-ml.service "$APPLICATION"-web.service
msg_ok "Modified user, created env file, scripts and services"
motd_ssh
customize
cleanup_lxc

97
install/isponsorblocktv-install.sh Normal file
View File

@@ -0,0 +1,97 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: Matthew Stern (sternma)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/dmunozv04/iSponsorBlockTV
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
INSTALL_DIR="/opt/isponsorblocktv"
DATA_DIR="/var/lib/isponsorblocktv"
msg_info "Installing Dependencies"
$STD apt install -y \
python3 \
python3-venv \
python3-pip
msg_ok "Installed Dependencies"
fetch_and_deploy_gh_release "isponsorblocktv" "dmunozv04/iSponsorBlockTV"
msg_info "Setting up iSponsorBlockTV"
$STD python3 -m venv "$INSTALL_DIR/venv"
$STD "$INSTALL_DIR/venv/bin/pip" install --upgrade pip
$STD "$INSTALL_DIR/venv/bin/pip" install "$INSTALL_DIR"
msg_ok "Set up iSponsorBlockTV"
msg_info "Creating data directory"
install -d "$DATA_DIR"
msg_ok "Created data directory"
msg_info "Creating Service"
cat <<EOT >/etc/systemd/system/isponsorblocktv.service
[Unit]
Description=iSponsorBlockTV
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
User=root
Group=root
WorkingDirectory=$INSTALL_DIR
Environment=iSPBTV_data_dir=$DATA_DIR
ExecStart=$INSTALL_DIR/venv/bin/iSponsorBlockTV
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOT
systemctl enable -q --now isponsorblocktv
msg_ok "Created Service"
msg_info "Creating CLI wrapper"
install -d /usr/local/bin
cat <<'EOT' >/usr/local/bin/iSponsorBlockTV
#!/usr/bin/env bash
export iSPBTV_data_dir="/var/lib/isponsorblocktv"
set +e
/opt/isponsorblocktv/venv/bin/iSponsorBlockTV "$@"
status=$?
set -e
case "${1:-}" in
setup|setup-cli)
systemctl restart isponsorblocktv >/dev/null 2>&1 || true
;;
esac
exit $status
EOT
chmod +x /usr/local/bin/iSponsorBlockTV
ln -sf /usr/local/bin/iSponsorBlockTV /usr/bin/iSponsorBlockTV
msg_ok "Created CLI wrapper"
msg_info "Setting default data dir for shells"
cat <<'EOT' >/etc/profile.d/isponsorblocktv.sh
export iSPBTV_data_dir="/var/lib/isponsorblocktv"
EOT
if ! grep -q '^iSPBTV_data_dir=' /etc/environment 2>/dev/null; then
cat <<'EOT' >>/etc/environment
iSPBTV_data_dir=/var/lib/isponsorblocktv
EOT
fi
msg_ok "Set default data dir for shells"
motd_ssh
customize
cleanup_lxc

34
install/jotty-install.sh
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: vhsdream
# Author: vhsdream | MickLesk
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://github.com/fccview/jotty
@@ -14,37 +14,16 @@ network_check
update_os
NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
#fetch_and_deploy_gh_release "jotty" "fccview/jotty" "tarball" "latest" "/opt/jotty"
fetch_and_deploy_gh_release "jotty" "fccview/jotty" "prebuild" "latest" "/opt/jotty" "jotty_*_prebuild.tar.gz"
msg_info "Setup jotty"
mkdir -p /opt/jotty
wget -q https://github.com/fccview/jotty/releases/download/develop/jotty-prebuild-develop.tar.gz -O /opt/jotty.tar.gz
cd /opt
tar -xzf jotty.tar.gz
cd /opt/jotty
# unset NODE_OPTIONS
# export NODE_OPTIONS="--max-old-space-size=3072"
# # $STD yarn --frozen-lockfiled
# # $STD yarn next telemetry disable
# # $STD yarn build
# [ -d "public" ] && cp -r public .next/standalone/
# [ -d "howto" ] && cp -r howto .next/standalone/
# mkdir -p .next/standalone/.next
# cp -r .next/static .next/standalone/.next/
# mv .next/standalone /tmp/jotty_standalone
# rm -rf ./* .next .git .gitignore .yarn
# mv /tmp/jotty_standalone/* .
# mv /tmp/jotty_standalone/.[!.]* . 2>/dev/null || true
# rm -rf /tmp/jotty_standalone
mkdir -p data/{users,checklists,notes}
cat <<EOF >/opt/jotty/.env
NODE_ENV=production
# --- Uncomment to enable
# APP_URL=https://your-jotty-domain.com
# INTERNAL_API_URL=http://localhost:3000
# HTTPS=true
# SERVE_PUBLIC_IMAGES=yes
# SERVE_PUBLIC_FILES=yes
@@ -57,12 +36,11 @@ NODE_ENV=production
# SSO_MODE=oidc
# OIDC_ISSUER=<your-oidc-issuer-url>
# OIDC_CLIENT_ID=<oidc-client-id>
# APP_URL=<https://app.domain.tld>
# SSO_FALLBACK_LOCAL=yes
# OIDC_CLIENT_SECRET=your_client_secret
# OIDC_ADMIN_GROUPS=admins
EOF
msg_ok "Installed ${APPLICATION}"
msg_ok "Setup jotty"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/jotty.service

131
install/kitchenowl-install.sh
View File

@@ -1,131 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2025 community-scripts ORG
# Author: snazzybean
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://github.com/TomBursch/kitchenowl
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
nginx \
build-essential \
libpq-dev \
libffi-dev \
libssl-dev
msg_ok "Installed Dependencies"
PYTHON_VERSION="3.14" setup_uv
import_local_ip
fetch_and_deploy_gh_release "kitchenowl" "TomBursch/kitchenowl" "tarball" "latest" "/opt/kitchenowl"
rm -rf /opt/kitchenowl/web
fetch_and_deploy_gh_release "kitchenowl-web" "TomBursch/kitchenowl" "prebuild" "latest" "/opt/kitchenowl/web" "kitchenowl_Web.tar.gz"
msg_info "Setting up KitchenOwl"
cd /opt/kitchenowl/backend
#rm -f uv.lock
$STD uv sync --frozen
sed -i 's/default=True/default=False/' /opt/kitchenowl/backend/wsgi.py
mkdir -p /nltk_data
$STD uv run python -m nltk.downloader -d /nltk_data averaged_perceptron_tagger_eng punkt_tab
JWT_SECRET=$(openssl rand -hex 32)
mkdir -p /opt/kitchenowl/data
cat <<EOF >/opt/kitchenowl/kitchenowl.env
STORAGE_PATH=/opt/kitchenowl/data
JWT_SECRET_KEY=${JWT_SECRET}
NLTK_DATA=/nltk_data
FRONT_URL=http://${LOCAL_IP}
FLASK_APP=wsgi.py
FLASK_ENV=production
EOF
set -a
source /opt/kitchenowl/kitchenowl.env
set +a
$STD uv run flask db upgrade
msg_ok "Set up KitchenOwl"
msg_info "Creating Systemd Service"
cat <<EOF >/etc/systemd/system/kitchenowl.service
[Unit]
Description=KitchenOwl Backend
After=network.target
[Service]
Type=simple
User=root
WorkingDirectory=/opt/kitchenowl/backend
EnvironmentFile=/opt/kitchenowl/kitchenowl.env
ExecStart=/usr/local/bin/uv run wsgi.py
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now kitchenowl
msg_ok "Created and Started Service"
msg_info "Configuring Nginx"
rm -f /etc/nginx/sites-enabled/default
cat <<'EOF' >/etc/nginx/sites-available/kitchenowl.conf
server {
listen 80;
server_name _;
root /opt/kitchenowl/web;
index index.html;
client_max_body_size 100M;
# Security Headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
location / {
try_files $uri $uri/ /index.html;
}
location /api {
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
location /socket.io {
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# WebSocket Timeouts - allow long-lived connections
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
}
}
EOF
ln -sf /etc/nginx/sites-available/kitchenowl.conf /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default
$STD systemctl reload nginx
msg_ok "Configured Nginx"
motd_ssh
customize
cleanup_lxc

84
install/languagetool-install.sh
View File

@@ -1,84 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: Slaviša Arežina (tremor021)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://languagetool.org/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing dependencies"
$STD apt install -y fasttext
msg_ok "Installed dependencies"
JAVA_VERSION="21" setup_java
msg_info "Setting up LanguageTool"
RELEASE=$(curl -fsSL https://languagetool.org/download/ | grep -oP 'LanguageTool-\K[0-9]+\.[0-9]+(\.[0-9]+)?(?=\.zip)' | sort -V | tail -n1)
download_file "https://languagetool.org/download/LanguageTool-stable.zip" /tmp/LanguageTool-stable.zip
unzip -q /tmp/LanguageTool-stable.zip -d /opt
mv /opt/LanguageTool-*/ /opt/LanguageTool/
download_file "https://dl.fbaipublicfiles.com/fasttext/supervised-models/lid.176.bin" /opt/lid.176.bin
read -r -p "${TAB3}Enter language code (en, de, es, fr, nl) to download ngrams or press ENTER to skip: " lang_code
ngram_dir=""
if [[ -n "$lang_code" ]]; then
if [[ "$lang_code" =~ ^(en|de|es|fr|nl)$ ]]; then
msg_info "Searching for $lang_code ngrams..."
filename=$(curl -fsSL https://languagetool.org/download/ngram-data/ | grep -oP "ngrams-${lang_code}-[0-9]+\.zip" | sort -uV | tail -n1)
if [[ -n "$filename" ]]; then
msg_info "Downloading $filename"
download_file "https://languagetool.org/download/ngram-data/${filename}" "/tmp/${filename}"
mkdir -p /opt/ngrams
msg_info "Extracting $lang_code ngrams to /opt/ngrams"
unzip -q "/tmp/${filename}" -d /opt/ngrams
rm "/tmp/${filename}"
ngram_dir="/opt/ngrams"
msg_ok "Installed $lang_code ngrams"
else
msg_info "No ngram file found for ${lang_code}"
fi
else
msg_error "Invalid language code: $lang_code"
fi
fi
cat <<EOF >/opt/LanguageTool/server.properties
fasttextModel=/opt/lid.176.bin
fasttextBinary=/usr/bin/fasttext
EOF
if [[ -n "$ngram_dir" ]]; then
echo "languageModel=/opt/ngrams" >> /opt/LanguageTool/server.properties
fi
echo "${RELEASE}" >~/.languagetool
msg_ok "Setup LanguageTool"
msg_info "Creating Service"
cat <<'EOF' >/etc/systemd/system/language-tool.service
[Unit]
Description=LanguageTool Service
After=network.target
[Service]
WorkingDirectory=/opt/LanguageTool
ExecStart=java -cp languagetool-server.jar org.languagetool.server.HTTPServer --config server.properties --public --allow-origin "*"
Restart=always
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now language-tool
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

2
install/linkwarden-install.sh
View File

@@ -22,7 +22,7 @@ PG_VERSION="16" setup_postgresql
PG_DB_NAME="linkwardendb" PG_DB_USER="linkwarden" setup_postgresql_db
RUST_CRATES="monolith" setup_rust
fetch_and_deploy_gh_release "linkwarden" "linkwarden/linkwarden"
import_local_ip
read -r -p "${TAB3}Would you like to add Adminer? <y/N> " prompt
if [[ "${prompt,,}" =~ ^(y|yes)$ ]]; then

47
install/minthcm-install.sh
View File

@@ -12,14 +12,12 @@ catch_errors
setting_up_container
network_check
update_os
PHP_VERSION="8.2"
PHP_APACHE="YES" PHP_MODULE="mysql,cli,redis" PHP_FPM="YES" setup_php
setup_composer
msg_info "Enabling Apache modules (rewrite, headers)"
$STD a2enmod rewrite
$STD a2enmod headers
msg_ok "Enabled Apache modules (rewrite, headers)"
PHP_VERSION="8.2"
PHP_APACHE="YES" PHP_MODULE="mysql,redis" PHP_FPM="YES" setup_php
setup_composer
setup_mariadb
$STD mariadb -u root -e "SET GLOBAL sql_mode='STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION'";
fetch_and_deploy_gh_release "MintHCM" "minthcm/minthcm" "tarball" "latest" "/var/www/MintHCM"
@@ -37,19 +35,17 @@ mkdir -p /var/www/script
cp /var/www/MintHCM/docker/script/generate_config.php /var/www/script/generate_config.php
cp /var/www/MintHCM/docker/.env /var/www/script/.env
chown -R www-data:www-data /var/www/script
msg_ok "Configured MintHCM"
msg_info "Restarting Apache2"
$STD a2enmod rewrite
$STD a2enmod headers
$STD systemctl restart apache2
msg_ok "Restarted Apache2"
msg_ok "Configured MintHCM"
msg_info "Setting up Elasticsearch"
setup_deb822_repo \
"elasticsearch" \
"https://artifacts.elastic.co/GPG-KEY-elasticsearch" \
"https://artifacts.elastic.co/packages/7.x/apt" \
"stable" \
"main"
"stable"
$STD apt install -y elasticsearch
echo "-Xms2g" >>/etc/elasticsearch/jvm.options
echo "-Xmx2g" >>/etc/elasticsearch/jvm.options
@@ -57,35 +53,26 @@ $STD /usr/share/elasticsearch/bin/elasticsearch-plugin install ingest-attachment
systemctl enable -q --now elasticsearch
msg_ok "Set up Elasticsearch"
setup_mariadb
msg_info "Setting up MariaDB"
$STD mariadb -u root -e "SET GLOBAL sql_mode='STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION'";
msg_ok "Set up MariaDB"
msg_info "Configuring Database"
DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
$STD mariadb -u root -e "CREATE USER 'minthcm'@'localhost' IDENTIFIED BY '${DB_PASS}';"
$STD mariadb -u root -e "GRANT ALL ON *.* TO 'minthcm'@'localhost'; FLUSH PRIVILEGES;"
sed -i 's/^DB_HOST=.*/DB_HOST=localhost/' /var/www/script/.env
sed -i 's/^DB_USER=.*/DB_USER=minthcm/' /var/www/script/.env
sed -i "s/^DB_PASS=.*/DB_PASS=${DB_PASS}/" /var/www/script/.env
sed -i 's/^ELASTICSEARCH_HOST=.*/ELASTICSEARCH_HOST=localhost/' /var/www/script/.env
msg_ok "Configured MariaDB"
{
echo "MintHCM DB Credentials"
echo "MariaDB User: minthcm"
echo "MariaDB Password: $DB_PASS"
} >>~/minthcm.creds
sed -i "s/^DB_HOST=.*/DB_HOST=localhost/" /var/www/script/.env
sed -i "s/^DB_USER=.*/DB_USER=minthcm/" /var/www/script/.env
sed -i "s/^DB_PASS=.*/DB_PASS=$DB_PASS/" /var/www/script/.env
sed -i "s/^ELASTICSEARCH_HOST=.*/ELASTICSEARCH_HOST=localhost/" /var/www/script/.env
msg_ok "Configured Database"
msg_info "Generating configuration file"
set -a
source /var/www/script/.env
set +a
php /var/www/script/generate_config.php
$STD php /var/www/script/generate_config.php
msg_ok "Generated configuration file"
msg_info "Installing MintHCM"
cd /var/www/MintHCM && su -s /bin/bash -c 'php /var/www/MintHCM/MintCLI install < /var/www/MintHCM/configMint4' www-data
cd /var/www/MintHCM
$STD sudo -u www-data php MintCLI install < /var/www/MintHCM/configMint4
printf "* * * * * cd /var/www/MintHCM/legacy; php -f cron.php > /dev/null 2>&1\n" > /var/spool/cron/crontabs/www-data
service cron start
rm -f /var/www/MintHCM/configMint4

46
install/nodecast-tv-install.sh
View File

@@ -1,46 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: luismco
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/technomancer702/nodecast-tv
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
fetch_and_deploy_gh_release "nodecast-tv" "technomancer702/nodecast-tv"
setup_nodejs
msg_info "Installing Modules"
cd /opt/nodecast-tv
$STD npm install
msg_ok "Installed Modules"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/nodecast-tv.service
[Unit]
Description=nodecast-tv
After=network.target
Wants=network.target
[Service]
Type=simple
WorkingDirectory=/opt/nodecast-tv
ExecStart=/bin/npm run dev
Restart=on-failure
RestartSec=10
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now nodecast-tv
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

2
install/opencloud-install.sh
View File

@@ -57,7 +57,7 @@ echo "$COOLPASS" >~/.coolpass
msg_ok "Installed Collabora Online"
# OpenCloud
fetch_and_deploy_gh_release "opencloud" "opencloud-eu/opencloud" "singlefile" "v4.1.0" "/usr/bin" "opencloud-*-linux-amd64"
fetch_and_deploy_gh_release "opencloud" "opencloud-eu/opencloud" "singlefile" "v5.0.1" "/usr/bin" "opencloud-*-linux-amd64"
msg_info "Configuring OpenCloud"
DATA_DIR="/var/lib/opencloud/"

4
install/papra-install.sh
View File

@@ -48,8 +48,10 @@ AUTH_SECRET=$(cat /opt/papra_data/.secret)
BETTER_AUTH_SECRET=$(cat /opt/papra_data/.secret)
BETTER_AUTH_TELEMETRY=0
CLIENT_BASE_URL=http://${LOCAL_IP}:1221
SERVER_BASE_URL=http://${LOCAL_IP}:1221
EMAILS_DRY_RUN=true
INGESTION_FOLDER_ROOT=/opt/papra_data/ingestion
INGESTION_FOLDER_IS_ENABLED=true
INGESTION_FOLDER_ROOT_PATH=/opt/papra_data/ingestion
EOF
msg_ok "Configured Papra"

16
install/piler-install.sh
View File

@@ -30,7 +30,7 @@ $STD apt install -y \
gnupg
msg_ok "Installed Dependencies"
import_local_ip
setup_mariadb
MARIADB_DB_NAME="piler" MARIADB_DB_USER="piler" setup_mariadb_db
PHP_VERSION="8.3" PHP_FPM="YES" PHP_MODULE="ldap,gd,memcached,pdo,mysql,curl,zip" setup_php
@@ -179,8 +179,8 @@ msg_ok "Configured PHP-FPM Pool"
msg_info "Configuring Piler Web GUI"
# Check if config-site.php already exists (created by .deb package)
if [ ! -f /var/www/piler/config-site.php ]; then
cat <<EOF >/var/www/piler/config-site.php
if [ ! -f /var/piler/www/config-site.php ]; then
cat <<EOF >/var/piler/www/config-site.php
<?php
\$config['SITE_NAME'] = 'Piler Email Archive';
\$config['SITE_URL'] = 'http://${LOCAL_IP}';
@@ -208,7 +208,7 @@ if [ ! -f /var/www/piler/config-site.php ]; then
\$config['MEMCACHED_PREFIX'] = 'piler';
\$config['MEMCACHED_TTL'] = 3600;
\$config['DIR_BASE'] = '/var/www/piler';
\$config['DIR_BASE'] = '/var/piler/www';
\$config['DIR_ATTACHMENT'] = '/var/piler/store';
\$config['ENCRYPTION_KEY'] = '${PILER_KEY}';
@@ -227,16 +227,16 @@ if [ ! -f /var/www/piler/config-site.php ]; then
EOF
fi
chown -R piler:piler /var/www/piler
chmod 755 /var/www/piler
msg_ok "Installed Piler Web GUI"
chown -R piler:piler /var/piler/www
chmod 755 /var/piler/www
msg_ok "Configured Piler Web GUI"
msg_info "Configuring Nginx"
cat <<EOF >/etc/nginx/sites-available/piler
server {
listen 80;
server_name _;
root /var/www/piler;
root /var/piler/www;
index index.php;
access_log /var/log/nginx/piler-access.log;

153
install/pixelfed-install.sh
View File

@@ -14,14 +14,15 @@ network_check
update_os
msg_info "Installing Dependencies"
$STD apt-get install -y \
$STD apt install -y \
nginx \
redis-server \
ffmpeg \
jpegoptim \
optipng \
pngquant \
gifsicle
gifsicle \
libvips42
msg_ok "Installed Dependencies"
msg_info "Creating Pixelfed User"
@@ -29,10 +30,10 @@ useradd -rU -s /bin/bash pixelfed
usermod -aG redis pixelfed
msg_ok "Created Pixelfed User"
import_local_ip
PG_VERSION="17" setup_postgresql
PG_DB_NAME="pixelfed" PG_DB_USER="pixelfed" setup_postgresql_db
PHP_VERSION="8.4" PHP_FPM="YES" PHP_MODULE="bcmath,ctype,exif,imagick,pgsql,redis,tokenizer" PHP_UPLOAD_MAX_FILESIZE="500M" PHP_POST_MAX_SIZE="500M" PHP_MAX_EXECUTION_TIME="600" setup_php
PHP_VERSION="8.4" PHP_FPM="YES" PHP_MODULE="bcmath,ctype,curl,exif,gd,imagick,intl,mbstring,pgsql,redis,xml,zip" PHP_UPLOAD_MAX_FILESIZE="500M" PHP_POST_MAX_SIZE="500M" PHP_MAX_EXECUTION_TIME="600" setup_php
setup_composer
msg_info "Configuring Redis"
@@ -40,7 +41,7 @@ REDIS_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
sed -i "s/^# requirepass foobared/requirepass $REDIS_PASS/" /etc/redis/redis.conf
sed -i "s/^requirepass .*/requirepass $REDIS_PASS/" /etc/redis/redis.conf
systemctl restart redis-server
msg_ok "Redis configured"
msg_ok "Configured Redis"
msg_info "Configuring PHP-FPM Pool"
cp /etc/php/8.4/fpm/pool.d/www.conf /etc/php/8.4/fpm/pool.d/pixelfed.conf
@@ -51,50 +52,95 @@ sed -i 's|^listen = .*|listen = /run/php/php8.4-fpm-pixelfed.sock|' /etc/php/8.4
sed -i 's/^listen.owner = .*/listen.owner = www-data/' /etc/php/8.4/fpm/pool.d/pixelfed.conf
sed -i 's/^listen.group = .*/listen.group = www-data/' /etc/php/8.4/fpm/pool.d/pixelfed.conf
systemctl restart php8.4-fpm
msg_ok "PHP-FPM Pool configured"
msg_ok "Configured PHP-FPM Pool"
fetch_and_deploy_gh_release "pixelfed" "pixelfed/pixelfed" "tarball" "latest" "/opt/pixelfed"
msg_info "Installing Pixelfed (Patience)"
cd /opt/pixelfed
cp .env.example .env
sed -i "s|APP_URL=.*|APP_URL=http://${LOCAL_IP}|" .env
sed -i "s|APP_DOMAIN=.*|APP_DOMAIN=${LOCAL_IP}|" .env
sed -i "s|ADMIN_DOMAIN=.*|ADMIN_DOMAIN=${LOCAL_IP}|" .env
sed -i "s|SESSION_DOMAIN=.*|SESSION_DOMAIN=${LOCAL_IP}|" .env
sed -i "s|DB_CONNECTION=.*|DB_CONNECTION=pgsql|" .env
sed -i "s|DB_HOST=.*|DB_HOST=127.0.0.1|" .env
sed -i "s|DB_PORT=.*|DB_PORT=5432|" .env
sed -i "s|DB_DATABASE=.*|DB_DATABASE=${PG_DB_NAME}|" .env
sed -i "s|DB_USERNAME=.*|DB_USERNAME=${PG_DB_USER}|" .env
sed -i "s|DB_PASSWORD=.*|DB_PASSWORD=${PG_DB_PASS}|" .env
sed -i "s|REDIS_HOST=.*|REDIS_HOST=127.0.0.1|" .env
sed -i "s|REDIS_PASSWORD=.*|REDIS_PASSWORD=${REDIS_PASS}|" .env
sed -i "s|REDIS_PORT=.*|REDIS_PORT=6379|" .env
sed -i "s|ACTIVITY_PUB=.*|ACTIVITY_PUB=true|" .env
sed -i "s|AP_REMOTE_FOLLOW=.*|AP_REMOTE_FOLLOW=true|" .env
sed -i "s|OAUTH_ENABLED=.*|OAUTH_ENABLED=true|" .env
echo "SESSION_SECURE_COOKIE=false" >>.env
cat <<EOF >/opt/pixelfed/.env
APP_NAME="Pixelfed"
APP_ENV="production"
APP_KEY=
APP_DEBUG="false"
APP_URL=http://${LOCAL_IP}
APP_DOMAIN=${LOCAL_IP}
ADMIN_DOMAIN=${LOCAL_IP}
SESSION_DOMAIN=${LOCAL_IP}
TRUST_PROXIES="*"
FORCE_HTTPS_URLS="false"
chown -R pixelfed:pixelfed /opt/pixelfed
OPEN_REGISTRATION="false"
ENFORCE_EMAIL_VERIFICATION="false"
PF_MAX_USERS="1000"
OAUTH_ENABLED="true"
ENABLE_CONFIG_CACHE="true"
INSTANCE_DISCOVER_PUBLIC="true"
PF_OPTIMIZE_IMAGES="true"
IMAGE_QUALITY="80"
MAX_PHOTO_SIZE="15000"
MAX_CAPTION_LENGTH="500"
MAX_ALBUM_LENGTH="4"
DB_CONNECTION="pgsql"
DB_HOST="127.0.0.1"
DB_PORT="5432"
DB_DATABASE="${PG_DB_NAME}"
DB_USERNAME="${PG_DB_USER}"
DB_PASSWORD="${PG_DB_PASS}"
REDIS_CLIENT="predis"
REDIS_SCHEME="tcp"
REDIS_HOST="127.0.0.1"
REDIS_PASSWORD="${REDIS_PASS}"
REDIS_PORT="6379"
SESSION_DRIVER="database"
CACHE_DRIVER="redis"
QUEUE_DRIVER="redis"
BROADCAST_DRIVER="log"
LOG_CHANNEL="stack"
HORIZON_PREFIX="horizon-"
ACTIVITY_PUB="true"
AP_REMOTE_FOLLOW="true"
AP_INBOX="true"
AP_OUTBOX="true"
AP_SHAREDINBOX="true"
EXP_EMC="true"
MAIL_DRIVER="log"
MAIL_HOST="smtp.mailtrap.io"
MAIL_PORT="2525"
MAIL_USERNAME="null"
MAIL_PASSWORD="null"
MAIL_ENCRYPTION="null"
MAIL_FROM_ADDRESS="pixelfed@example.com"
MAIL_FROM_NAME="Pixelfed"
PF_ENABLE_CLOUD="false"
FILESYSTEM_CLOUD="s3"
SESSION_SECURE_COOKIE="false"
HTTPS="false"
EOF
chmod -R 755 /opt/pixelfed
chmod -R 775 /opt/pixelfed/storage /opt/pixelfed/bootstrap/cache
export COMPOSER_ALLOW_SUPERUSER=1
cd /opt/pixelfed
$STD composer install --no-dev --no-ansi --no-interaction --optimize-autoloader
sudo -u pixelfed php artisan key:generate
sudo -u pixelfed php artisan storage:link
$STD sudo -u pixelfed php artisan migrate --force
$STD sudo -u pixelfed php artisan import:cities
$STD sudo -u pixelfed php artisan passport:keys
$STD sudo -u pixelfed php artisan route:cache
$STD sudo -u pixelfed php artisan view:cache
$STD sudo -u pixelfed php artisan config:cache
$STD sudo -u pixelfed php artisan instance:actor
$STD sudo -u pixelfed php artisan horizon:install
msg_ok "Pixelfed installed"
$STD php artisan key:generate --force
$STD php artisan storage:link
$STD php artisan migrate --force
$STD php artisan import:cities
$STD php artisan passport:keys
$STD php artisan route:cache
$STD php artisan view:cache
$STD php artisan config:cache
$STD php artisan instance:actor
$STD php artisan horizon:install
chown -R pixelfed:pixelfed /opt/pixelfed
msg_ok "Installed Pixelfed"
msg_info "Configuring Nginx"
cat <<'EOF' >/etc/nginx/sites-available/pixelfed
@@ -136,8 +182,8 @@ EOF
ln -sf /etc/nginx/sites-available/pixelfed /etc/nginx/sites-enabled/pixelfed
rm -f /etc/nginx/sites-enabled/default
$STD nginx -t
systemctl enable -q --now nginx
msg_ok "Nginx configured"
systemctl reload nginx
msg_ok "Configured Nginx"
msg_info "Creating Services"
cat <<'EOF' >/etc/systemd/system/pixelfed-horizon.service
@@ -181,30 +227,9 @@ Persistent=true
[Install]
WantedBy=timers.target
EOF
systemctl enable -q --now pixelfed-horizon pixelfed-scheduler.timer
msg_ok "Created Services"
systemctl daemon-reload
systemctl enable -q --now pixelfed-horizon
systemctl enable -q --now pixelfed-scheduler.timer
msg_ok "Services created"
msg_info "Saving Credentials"
CREDS_FILE="/root/pixelfed.creds"
{
echo "Pixelfed Credentials"
echo ""
echo "PostgreSQL"
echo " Database: ${PG_DB_NAME}"
echo " User: ${PG_DB_USER}"
echo " Password: ${PG_DB_PASS}"
echo ""
echo "Redis"
echo " Host: 127.0.0.1:6379"
echo " Password: ${REDIS_PASS}"
echo ""
echo "Web Interface: http://${LOCAL_IP}"
echo "Config: /opt/pixelfed/.env"
} >"$CREDS_FILE"
msg_ok "Credentials saved to ${CREDS_FILE}"
motd_ssh
customize

43
install/rustypaste-install.sh
View File

@@ -1,43 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: GoldenSpringness | MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/orhun/rustypaste
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
fetch_and_deploy_gh_release "rustypaste" "orhun/rustypaste" "prebuild" "latest" "/opt/rustypaste" "*x86_64-unknown-linux-gnu.tar.gz"
fetch_and_deploy_gh_release "rustypaste-cli" "orhun/rustypaste-cli" "prebuild" "latest" "/usr/local/bin" "*x86_64-unknown-linux-gnu.tar.gz"
msg_info "Setting up RustyPaste"
cd /opt/rustypaste
sed -i 's|^address = ".*"|address = "0.0.0.0:8000"|' config.toml
msg_ok "Set up RustyPaste"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/rustypaste.service
[Unit]
Description=rustypaste Service
After=network.target
[Service]
WorkingDirectory=/opt/rustypaste
ExecStart=/opt/rustypaste/rustypaste
Restart=always
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now rustypaste
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

90
install/shelfmark-install.sh
View File

@@ -1,90 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: vhsdream
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/calibrain/shelfmark
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
unrar-free
msg_ok "Installed Dependencies"
NODE_VERSION="22" setup_nodejs
PYTHON_VERSION="3.12" setup_uv
fetch_and_deploy_gh_release "shelfmark" "calibrain/shelfmark" "tarball" "latest" "/opt/shelfmark"
msg_info "Building Shelfmark frontend"
cd /opt/shelfmark/src/frontend
$STD npm ci
$STD npm run build
mv /opt/shelfmark/src/frontend/dist /opt/shelfmark/frontend-dist
msg_ok "Built Shelfmark frontend"
msg_info "Configuring Shelfmark"
cd /opt/shelfmark
$STD uv venv ./venv
$STD source ./venv/bin/activate
$STD uv pip install -r requirements-base.txt
mkdir -p {/var/log/shelfmark,/tmp/shelfmark,/etc/shelfmark}
cat <<EOF >/etc/shelfmark/.env
DOCKERMODE=false
CONFIG_DIR=/etc/shelfmark
TMP_DIR=/tmp/shelfmark
ENABLE_LOGGING=true
FLASK_HOST=0.0.0.0
FLASK_PORT=8084
# SESSION_COOKIES_SECURE=true
# CWA_DB_PATH=
# USE_CF_BYPASS=true
# USING_EXTERNAL_BYPASSER=true
# EXT_BYPASSER_URL=
# EXT_BYPASSER_PATH=
EOF
msg_ok "Configured Shelfmark"
msg_info "Creating Service and start script"
cat <<EOF >/etc/systemd/system/shelfmark.service
[Unit]
Description=Shelfmark server
After=network.target
[Service]
Type=simple
WorkingDirectory=/opt/shelfmark
EnvironmentFile=/etc/shelfmark/.env
ExecStart=/usr/bin/bash /opt/shelfmark/start.sh
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
EOF
cat <<EOF >/opt/shelfmark/start.sh
#!/usr/bin/env bash
source /opt/shelfmark/venv/bin/activate
set -a
source /etc/shelfmark/.env
set +a
gunicorn --worker-class geventwebsocket.gunicorn.workers.GeventWebSocketWorker --workers 1 -t 300 -b 0.0.0.0:8084 shelfmark.main:app
EOF
chmod +x /opt/shelfmark/start.sh
systemctl enable -q --now shelfmark
msg_ok "Created Services and start script"
motd_ssh
customize
cleanup_lxc

51
install/sonobarr-install.sh Normal file
View File

@@ -0,0 +1,51 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: GoldenSpringness
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/Dodelidoo-Labs/sonobarr
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
fetch_and_deploy_gh_release "sonobarr" "Dodelidoo-Labs/sonobarr" "tarball"
PYTHON_VERSION="3.12" setup_uv
msg_info "Setting up sonobarr"
source /opt/sonobarr/venv/bin/activate
$STD uv pip install --no-cache-dir -r /opt/sonobarr/requirements.txt
mkdir -p /etc/sonobarr
mv /opt/sonobarr/.sample-env /etc/sonobarr/.env
sed -i "s/^secret_key=.*/secret_key=$(openssl rand -hex 16)/" /etc/sonobarr/.env
sed -i "s/^sonobarr_superadmin_password=.*/sonobarr_superadmin_password=$(openssl rand -hex 16)/" /etc/sonobarr/.env
echo "release_version=$(cat ~/.sonobarr)" >>/etc/sonobarr/.env
echo "sonobarr_config_dir=/etc/sonobarr" >>/etc/sonobarr.env
msg_ok "Set up sonobarr"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/sonobarr.service
[Unit]
Description=sonobarr Service
After=network.target
[Service]
WorkingDirectory=/opt/sonobarr/src
EnvironmentFile=/etc/sonobarr/.env
Environment="PATH=/opt/sonobarr/venv/bin"
ExecStart=/bin/bash -c 'gunicorn Sonobarr:app -c ../gunicorn_config.py'
Restart=always
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now sonobarr
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

100
install/vaultwarden-install.sh Normal file
View File

@@ -0,0 +1,100 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 tteck
# Author: tteck (tteckster)
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://github.com/dani-garcia/vaultwarden
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
build-essential \
pkgconf \
libssl-dev \
libmariadb-dev-compat \
libpq-dev \
argon2 \
ssl-cert
msg_ok "Installed Dependencies"
setup_rust
fetch_and_deploy_gh_release "vaultwarden" "dani-garcia/vaultwarden" "tarball" "latest" "/tmp/vaultwarden-src"
msg_info "Building Vaultwarden (Patience)"
cd /tmp/vaultwarden-src
$STD cargo build --features "sqlite,mysql,postgresql" --release
msg_ok "Built Vaultwarden"
$STD addgroup --system vaultwarden
$STD adduser --system --home /opt/vaultwarden --shell /usr/sbin/nologin --no-create-home --gecos 'vaultwarden' --ingroup vaultwarden --disabled-login --disabled-password vaultwarden
mkdir -p /opt/vaultwarden/{bin,data,web-vault}
cp target/release/vaultwarden /opt/vaultwarden/bin/
cd ~ && rm -rf /tmp/vaultwarden-src
fetch_and_deploy_gh_release "vaultwarden_webvault" "dani-garcia/bw_web_builds" "prebuild" "latest" "/opt/vaultwarden/web-vault" "bw_web_*.tar.gz"
cat <<EOF >/opt/vaultwarden/.env
ADMIN_TOKEN=''
ROCKET_ADDRESS=0.0.0.0
ROCKET_TLS='{certs="/opt/vaultwarden/ssl-cert-snakeoil.pem",key="/opt/vaultwarden/ssl-cert-snakeoil.key"}'
DATA_FOLDER=/opt/vaultwarden/data
DATABASE_MAX_CONNS=10
WEB_VAULT_FOLDER=/opt/vaultwarden/web-vault
WEB_VAULT_ENABLED=true
EOF
mv /etc/ssl/certs/ssl-cert-snakeoil.pem /opt/vaultwarden/
mv /etc/ssl/private/ssl-cert-snakeoil.key /opt/vaultwarden/
msg_info "Creating Service"
chown -R vaultwarden:vaultwarden /opt/vaultwarden/
chown root:root /opt/vaultwarden/bin/vaultwarden
chmod +x /opt/vaultwarden/bin/vaultwarden
chown -R root:root /opt/vaultwarden/web-vault/
chmod +r /opt/vaultwarden/.env
cat <<'EOF' >/etc/systemd/system/vaultwarden.service
[Unit]
Description=Bitwarden Server (Powered by Vaultwarden)
Documentation=https://github.com/dani-garcia/vaultwarden
After=network.target
[Service]
User=vaultwarden
Group=vaultwarden
EnvironmentFile=-/opt/vaultwarden/.env
ExecStart=/opt/vaultwarden/bin/vaultwarden
LimitNOFILE=65535
LimitNPROC=4096
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
DevicePolicy=closed
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictNamespaces=yes
RestrictRealtime=yes
MemoryDenyWriteExecute=yes
LockPersonality=yes
WorkingDirectory=/opt/vaultwarden
ReadWriteDirectories=/opt/vaultwarden/data
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
EOF
systemctl enable --q -now vaultwarden
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

27
install/vikunja-install.sh Normal file
View File

@@ -0,0 +1,27 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (Canbiz) | Co-Author: CrazyWolf13
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://vikunja.io/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
fetch_and_deploy_gh_release "vikunja" "go-vikunja/vikunja" "binary"
msg_info "Setting up Vikunja"
sed -i 's|^# \(service:\)|\1|' /etc/vikunja/config.yml
sed -i "s|^ # \(publicurl: \).*| \1\"http://$LOCAL_IP\"|" /etc/vikunja/config.yml
sed -i "0,/^ # \(timezone: \).*/s|| \1${tz}|" /etc/vikunja/config.yml
systemctl enable -q --now vikunja
msg_ok "Set up Vikunja"
motd_ssh
customize
cleanup_lxc

2
install/wishlist-install.sh
View File

@@ -24,7 +24,7 @@ msg_ok "Installed dependencies"
NODE_VERSION="24" NODE_MODULE="pnpm" setup_nodejs
fetch_and_deploy_gh_release "wishlist" "cmintey/wishlist" "tarball"
LATEST_APP_VERSION=$(get_latest_github_release "cmintey/wishlist" false)
import_local_ip
msg_info "Installing Wishlist"
cd /opt/wishlist

71
install/writefreely-install.sh Normal file
View File

@@ -0,0 +1,71 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: StellaeAlis
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://github.com/writefreely/writefreely
# Import Functions and Setup
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y crudini
msg_ok "Installed Dependencies"
setup_mariadb
MARIADB_DB_NAME="writefreely" MARIADB_DB_USER="writefreely" setup_mariadb_db
get_lxc_ip
fetch_and_deploy_gh_release "writefreely" "writefreely/writefreely" "prebuild" "latest" "/opt/writefreely" "writefreely_*_linux_amd64.tar.gz"
msg_info "Setting up WriteFreely"
cd /opt/writefreely
$STD ./writefreely config generate
$STD ./writefreely keys generate
msg_ok "Setup WriteFreely"
msg_info "Configuring WriteFreely"
$STD crudini --set config.ini server port 80
$STD crudini --set config.ini server bind $LOCAL_IP
$STD crudini --set config.ini database username $MARIADB_DB_USER
$STD crudini --set config.ini database password $MARIADB_DB_PASS
$STD crudini --set config.ini database database $MARIADB_DB_NAME
$STD crudini --set config.ini app host http://$LOCAL_IP:80
$STD ./writefreely db init
msg_ok "Configured WriteFreely"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/writefreely.service
[Unit]
Description=WriteFreely Service
After=syslog.target network.target
[Service]
Type=simple
User=root
WorkingDirectory=/opt/writefreely
ExecStart=/opt/writefreely/writefreely
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now writefreely
msg_ok "Created Service"
msg_info "Cleaning up"
$STD rm ~/writefreely.creds
msg_ok "Cleaned up"
motd_ssh
customize
cleanup_lxc