From b4af893e66a47a6a82b9d3186360a16d54651e33 Mon Sep 17 00:00:00 2001
From: "CanbiZ (MickLesk)" <47820557+MickLesk@users.noreply.github.com>
Date: Thu, 29 Jan 2026 12:25:01 +0100
Subject: [PATCH] add features to valkey

---
 install/alpine-valkey-install.sh | 58 ++++++++++++++++++++++++++++++--
 1 file changed, 55 insertions(+), 3 deletions(-)

diff --git a/install/alpine-valkey-install.sh b/install/alpine-valkey-install.sh
index 66501b3eb..5e09e7d1c 100644
--- a/install/alpine-valkey-install.sh
+++ b/install/alpine-valkey-install.sh
@@ -14,11 +14,63 @@ network_check
 update_os
 
 msg_info "Installing Valkey"
-$STD apk add valkey valkey-openrc valkey-cli
-$STD sed -i 's/^bind .*/bind 0.0.0.0/' /etc/valkey/valkey.conf
+$STD apk add valkey valkey-openrc valkey-cli openssl
+sed -i 's/^bind .*/bind 0.0.0.0/' /etc/valkey/valkey.conf
+
+PASS="$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9' | head -c32)"
+echo "requirepass $PASS" >>/etc/valkey/valkey.conf
+echo "$PASS" >~/valkey.creds
+chmod 600 ~/valkey.creds
+
+MEMTOTAL_MB=$(free -m | grep ^Mem: | awk '{print $2}')
+MAXMEMORY_MB=$((MEMTOTAL_MB * 75 / 100))
+
+{
+  echo ""
+  echo "# Memory-optimized settings for small-scale deployments"
+  echo "maxmemory ${MAXMEMORY_MB}mb"
+  echo "maxmemory-policy allkeys-lru"
+  echo "maxmemory-samples 10"
+} >>/etc/valkey/valkey.conf
+msg_ok "Installed Valkey"
+
+echo
+read -r -p "${TAB3}Enable TLS for Valkey (Sentinel mode not supported)? [y/N]: " prompt
+if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
+  read -r -p "${TAB3}Use TLS-only mode (disable TCP port 6379)? [y/N]: " tls_only
+  msg_info "Configuring TLS for Valkey..."
+
+  create_self_signed_cert "Valkey"
+  TLS_DIR="/etc/ssl/valkey"
+  chown valkey:valkey "$TLS_DIR/valkey.crt" "$TLS_DIR/valkey.key"
+
+  if [[ ${tls_only,,} =~ ^(y|yes)$ ]]; then
+    {
+      echo ""
+      echo "# TLS configuration generated by Proxmox VE Valkey helper-script"
+      echo "port 0"
+      echo "tls-port 6379"
+      echo "tls-cert-file $TLS_DIR/valkey.crt"
+      echo "tls-key-file $TLS_DIR/valkey.key"
+      echo "tls-auth-clients no"
+    } >>/etc/valkey/valkey.conf
+    msg_ok "Enabled TLS-only mode on port 6379"
+  else
+    {
+      echo ""
+      echo "# TLS configuration generated by Proxmox VE Valkey helper-script"
+      echo "tls-port 6380"
+      echo "tls-cert-file $TLS_DIR/valkey.crt"
+      echo "tls-key-file $TLS_DIR/valkey.key"
+      echo "tls-auth-clients no"
+    } >>/etc/valkey/valkey.conf
+    msg_ok "Enabled TLS on port 6380 and TCP on 6379"
+  fi
+fi
+
 $STD rc-update add valkey default
 $STD rc-service valkey start
-msg_ok "Installed Valkey"
 
 motd_ssh
 customize
+cleanup_lxc