diff --git a/install/ampache-install.sh b/install/ampache-install.sh new file mode 100644 index 0000000..7199b47 --- /dev/null +++ b/install/ampache-install.sh @@ -0,0 +1,91 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2024 tteck +# Author: MickLesk (Canbiz) +# License: MIT +# https://github.com/tteck/Proxmox/raw/main/LICENSE + +source /dev/stdin <<< "$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Dependencies (Patience)" +apt-get install -y \ + mariadb-server \ + apache2 \ + cron \ + flac \ + vorbis-tools \ + lame \ + ffmpeg \ + lsb-release \ + gosu \ + wget \ + curl \ + git \ + zip \ + unzip \ + sudo \ + make \ + mc + msg_ok "Installed Dependencies" + +msg_info "Setting up PHP" +sudo curl -sSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg +sudo sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list' +sudo apt update +sudo apt install -y php8.3 php8.3-{bcmath,bz2,cli,common,curl,fpm,gd,imagick,intl,mbstring,mysql,sqlite3,xml,xmlrpc,zip} +apt-get install -y \ + libapache2-mod-php \ + inotify-tools \ + libavcodec-extra \ + libev-libevent-dev \ + libmp3lame-dev \ + libtheora-dev \ + libvorbis-dev \ + libvpx-dev +msg_ok "PHP successfully setup" + +msg_info "Setting up Database" +DB_NAME=ampache2 +DB_USER=ampache2 +DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13) +sudo mysql -u root -e "CREATE DATABASE $DB_NAME;" +sudo mysql -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED WITH mysql_native_password AS PASSWORD('$DB_PASS');" +sudo mysql -u root -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;" +echo "" >>~/ampache.creds +echo -e "Ampache Database User: \e $DB_USER\e" >>~/ampache.creds +echo -e "Ampache Database Password: \e$DB_PASS\e" >>~/ampache.creds +echo -e "Ampache Database Name: \e$DB_NAME\e" >>~/ampache.creds +msg_ok "Set up database" + +msg_info "Installing Ampache(Patience)" +cd /opt +AMPACHE_VERSION=$(wget -q https://github.com/ampache/ampache/releases/latest -O - | grep "title>Release" | cut -d " " -f 4) +wget https://github.com/ampache/ampache/releases/download/${AMPACHE_VERSION}/ampache-${AMPACHE_VERSION}_all_php8.3.zip +unzip -q ampache-${AMPACHE_VERSION}_all_php8.3.zip -d ampache +rm -rf /var/www/html +ln -s /opt/ampache/public /var/www/html +sudo mv /opt/ampache/rest/.htaccess.dist /opt/ampache/rest/.htaccess +sudo mv /opt/ampache/play/.htaccess.dist /opt/ampache/play/.htaccess +sudo mv /opt/ampache/channel/.htaccess.dist /opt/ampache/channel/.htaccess +sudo cp /opt/ampache/config/ampache.cfg.php.dist /opt/ampache/config/ampache.cfg.php +sudo chmod 664 /opt/ampache/rest/.htaccess /opt/ampache/play/.htaccess +sudo sed -i 's/upload_max_filesize = .*/upload_max_filesize = 50M/' /etc/php/8.3/apache2/php.ini \ +&& sudo sed -i 's/post_max_size = .*/post_max_size = 50M/' /etc/php/8.3/apache2/php.ini \ +&& sudo sed -i 's/max_execution_time = .*/max_execution_time = 300/' /etc/php/8.3/apache2/php.ini \ +&& sudo sed -i 's/memory_limit = .*/memory_limit = 256M/' /etc/php/8.3/apache2/php.ini \ +&& sudo systemctl restart apache2 +msg_ok "Installed Ampache" + +motd_ssh +customize + +msg_info "Cleaning up" +$STD apt-get autoremove +$STD apt-get autoclean +msg_ok "Cleaned" diff --git a/install/babybuddy-install.sh b/install/babybuddy-install.sh new file mode 100644 index 0000000..087cdd0 --- /dev/null +++ b/install/babybuddy-install.sh @@ -0,0 +1,152 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2024 tteck +# Author: tteck +# Co-Author: MickLesk (Canbiz) +# License: MIT +# https://github.com/tteck/Proxmox/raw/main/LICENSE +# Source: https://github.com/AnalogJ/scrutiny + +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +# Installiere benötigte Pakete +msg_info "Installing Dependencies" +$STD apt-get install -y \ + sudo \ + curl \ + uwsgi \ + uwsgi-plugin-python3 \ + libopenjp2-7-dev \ + libpq-dev \ + git \ + nginx \ + python3 \ + python3-pip \ + python3-venv \ + pipx +msg_ok "Installed Dependencies" + +# Installiere Python3 und PipX +#msg_info "Installing Python3 & PipX" +#$STD apt-get install -y python3 python3-dev python3-dotenv python3-pip + +#source /opt/babybuddy/.venv/bin/activate +#msg_ok "Installed Python3 & PipX" + +# Variablen +INSTALL_DIR="/opt/babybuddy" +APP_DIR="$INSTALL_DIR" +DATA_DIR="$INSTALL_DIR/data" +DOMAIN="babybuddy.example.com" # Ändern, falls benötigt +SECRET_KEY=$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | cut -c1-32) + +# Babybuddy Repository installieren +msg_info "Installing Babybuddy" +cd /opt +RELEASE=$(curl -s https://api.github.com/repos/babybuddy/babybuddy/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }') +wget -q "https://github.com/babybuddy/babybuddy/archive/refs/tags/v${RELEASE}.zip" +unzip -q v${RELEASE}.zip +mv babybuddy-${RELEASE} /opt/babybuddy +cd /opt/babybuddy +source /opt/babybuddy/.venv/bin/activate +export PIPENV_VENV_IN_PROJECT=1 +pipenv install +pipenv shell +cp babybuddy/settings/production.example.py babybuddy/settings/production.py + +# Production-Settings konfigurieren +SECRET_KEY=$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | cut -c1-32) +ALLOWED_HOSTS=$(hostname -I | tr ' ' ',' | sed 's/,$//')",127.0.0.1,localhost" +sed -i \ + -e "s/^SECRET_KEY = \"\"/SECRET_KEY = \"$SECRET_KEY\"/" \ + -e "s/^ALLOWED_HOSTS = \[\"\"\]/ALLOWED_HOSTS = \[$(echo \"$ALLOWED_HOSTS\" | sed 's/,/\",\"/g')\]/" \ + babybuddy/settings/production.py + +# Django Migrationen durchführen +export DJANGO_SETTINGS_MODULE=babybuddy.settings.production +python manage.py migrate + +# Berechtigungen setzen +sudo chown -R www-data:www-data /opt/babybuddy/data +sudo chmod 640 /opt/babybuddy/data/db.sqlite3 +sudo chmod 750 /opt/babybuddy/data +msg_ok "Installed BabyBuddy WebApp" + +# Django Admin Setup +DJANGO_ADMIN_USER=admin +DJANGO_ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13) +source /opt/babybuddy/bin/activate +$STD python3 /opt/babybuddy/manage.py shell << EOF +from django.contrib.auth import get_user_model +UserModel = get_user_model() +user = UserModel.objects.create_user('$DJANGO_ADMIN_USER', password='$DJANGO_ADMIN_PASS') +user.is_superuser = True +user.is_staff = True +user.save() +EOF + +{ + echo "" + echo "Django-Credentials" + echo "Django Admin User: $DJANGO_ADMIN_USER" + echo "Django Admin Password: $DJANGO_ADMIN_PASS" +} >> ~/babybuddy.creds +msg_ok "Setup Django Admin" + +# uWSGI konfigurieren +msg_info "Configuring uWSGI" +sudo bash -c "cat > /etc/uwsgi/apps-available/babybuddy.ini" < /etc/nginx/sites-available/babybuddy" </etc/apt/sources.list.d/nodesource.list +msg_ok "Set up Node.js Repository" + +msg_info "Installing Node.js" +$STD apt-get update +$STD apt-get install -y nodejs +$STD npm install -g turbo@1.9.3 +msg_ok "Installed Node.js" + +msg_info "Setting up PostgreSQL" +DB_NAME="documenso_db" +DB_USER="documenso_user" +DB_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)" +$STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';" +$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCODING 'UTF8' TEMPLATE template0;" +$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';" +$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET default_transaction_isolation TO 'read committed';" +$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET timezone TO 'UTC'" +{ + echo "Documenso-Credentials" + echo "Database Name: $DB_NAME" + echo "Database User: $DB_USER" + echo "Database Password: $DB_PASS" +} >> ~/documenso.creds +msg_ok "Set up PostgreSQL" + +msg_info "Installing Documenso (Patience)" +cd /opt +RELEASE=$(curl -s https://api.github.com/repos/documenso/documenso/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }') +wget -q "https://github.com/documenso/documenso/archive/refs/tags/v${RELEASE}.zip" +unzip -q v${RELEASE}.zip +mv documenso-${RELEASE} /opt/documenso +cd /opt/documenso +mv .env.example .env +sed -i "s|NEXTAUTH_SECRET=.*|NEXTAUTH_SECRET='$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | cut -c1-32)'|" /opt/documenso/.env +sed -i "s|NEXT_PRIVATE_ENCRYPTION_KEY=.*|NEXT_PRIVATE_ENCRYPTION_KEY='$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | cut -c1-32)'|" /opt/documenso/.env +sed -i "s|NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY=.*|NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY='$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | cut -c1-32)'|" /opt/documenso/.env +sed -i "s|NEXT_PUBLIC_WEBAPP_URL=.*|NEXT_PUBLIC_WEBAPP_URL='http://localhost:9000'|" /opt/documenso/.env +sed -i "s|NEXT_PRIVATE_DATABASE_URL=.*|NEXT_PRIVATE_DATABASE_URL=\"postgres://$DB_USER:$DB_PASS@localhost:5432/$DB_NAME\"|" /opt/documenso/.env +sed -i "s|NEXT_PRIVATE_DIRECT_DATABASE_URL=.*|NEXT_PRIVATE_DIRECT_DATABASE_URL=\"postgres://$DB_USER:$DB_PASS@localhost:5432/$DB_NAME\"|" /opt/documenso/.env +export TURBO_CACHE=1 +export NEXT_TELEMETRY_DISABLED=1 +export CYPRESS_INSTALL_BINARY=0 +export NODE_OPTIONS="--max-old-space-size=2048" +# $STD npm ci --cache ~/.npm-cache --maxsockets=5 +# $STD npm run build +# $STD npx prisma migrate deploy --schema ./packages/prisma/schema.prisma +$STD npm ci +$STD npm run build:web +$STD npm run prisma:migrate-deploy +echo "${RELEASE}" >"/opt/${APPLICATION}_version.txt" +msg_ok "Installed Documenso" + +msg_info "Create User" +PASSWORD_HASH=$(python3 -c "import bcrypt; print(bcrypt.hashpw(b'helper-scripts', bcrypt.gensalt(rounds=12)).decode())") +sudo -u postgres psql -d documenso_db -c "INSERT INTO \"User\" (name, email, \"emailVerified\", password, \"identityProvider\", roles, \"createdAt\", \"lastSignedIn\", \"updatedAt\", \"customerId\") VALUES ('helper-scripts', 'helper-scripts@local.com', '2025-01-20 17:14:45.058', '$PASSWORD_HASH', 'DOCUMENSO', ARRAY['USER', 'ADMIN']::\"Role\"[], '2025-01-20 16:04:05.543', '2025-01-20 16:14:55.249', '2025-01-20 16:14:55.25', NULL) RETURNING id;" +$STD npm run prisma:migrate-deploy +msg_ok "User created" + +msg_info "Creating Service" +cat </etc/systemd/system/documenso.service +[Unit] +Description=Documenso Service +After=network.target postgresql.service + +[Service] +WorkingDirectory=/opt/documenso/apps/web +ExecStart=/usr/bin/next start -p 3500 +Restart=always +EnvironmentFile=/opt/documenso/.env + +[Install] +WantedBy=multi-user.target +EOF +systemctl enable -q --now documenso +msg_ok "Created Service" + +motd_ssh +customize + +msg_info "Cleaning up" +$STD apt-get -y autoremove +$STD apt-get -y autoclean +msg_ok "Cleaned" \ No newline at end of file diff --git a/install/funkwhale-install.sh b/install/funkwhale-install.sh new file mode 100644 index 0000000..78f12de --- /dev/null +++ b/install/funkwhale-install.sh @@ -0,0 +1,161 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2024 tteck +# Author: tteck (tteckster) +# License: MIT +# https://github.com/tteck/Proxmox/raw/main/LICENSE + +source /dev/stdin <<< "$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Python3" +$STD apt-get install -y --no-install-recommends \ + python3 \ + python3-dev \ + python3-setuptools \ + python3-venv +msg_ok "Installed Python3" + +msg_info "Installing Dependencies (Patience)" +$STD apt-get install -y --no-install-recommends \ + redis \ + postgresql \ + postgresql-contrib \ + postgresql-client \ + build-essential \ + gnupg \ + ffmpeg \ + libjpeg-dev \ + libpq-dev \ + libmagic-dev \ + libzbar0 \ + poppler-utils \ + automake \ + libtool \ + pkg-config \ + curl \ + libtiff-dev \ + libpng-dev \ + libleptonica-dev \ + sudo \ + make \ + mc +msg_ok "Installed Dependencies" + +msg_info "Setup Funkwhale Dependencies (Patience)" +export FUNKWHALE_VERSION=1.4.0 +$STD sudo apt install -y --no-install-recommends $(curl https://dev.funkwhale.audio/funkwhale/funkwhale/-/raw/$FUNKWHALE_VERSION/deploy/requirements.apt) +$STD sudo useradd --system --shell /bin/bash --create-home --home-dir /opt/funkwhale funkwhale +cd /opt/funkwhale +$STD sudo mkdir -p config api data/static data/media data/music front +$STD sudo chown -R funkwhale:funkwhale data +msg_ok "Initial Setup complete" + +msg_ok "Download Funkwhale API" +$STD sudo curl -L -o "api-$FUNKWHALE_VERSION.zip" "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/$FUNKWHALE_VERSION/download?job=build_api" +$STD sudo unzip -q "api-$FUNKWHALE_VERSION.zip" -d extracted +$STD sudo mv extracted/api/* api/ +$STD sudo rm -rf extracted api-$FUNKWHALE_VERSION.zip +msg_ok "Downloaded and extracted Funkwhale API" + +msg_info "Download Funkwhale Frontend" +$STD sudo curl -L -o "front-$FUNKWHALE_VERSION.zip" "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/$FUNKWHALE_VERSION/download?job=build_front" +$STD sudo unzip -q "front-$FUNKWHALE_VERSION.zip" -d extracted +$STD sudo mv extracted/front . +$STD sudo rm -rf extracted front-$FUNKWHALE_VERSION.zip +msg_ok "Downloaded and extracted Funkwhale Frontend" + +msg_info "Install Funkwhale API and DJANGO" +cd /opt/funkwhale +$STD sudo python3 -m venv venv +$STD sudo venv/bin/pip install --upgrade pip wheel +$STD sudo venv/bin/pip install --editable ./api +$STD sudo curl -L -o /opt/funkwhale/config/.env "https://dev.funkwhale.audio/funkwhale/funkwhale/raw/$FUNKWHALE_VERSION/deploy/env.prod.sample" +secret_key=$(openssl rand -base64 45 | sed 's/\//\\\//g') +sudo sed -i "s/DJANGO_SECRET_KEY=.*/DJANGO_SECRET_KEY=$secret_key/" /opt/funkwhale/config/.env +sudo sed -i 's/# CACHE_URL=redis:\/\/127.0.0.1:6379\/0/CACHE_URL=redis:\/\/127.0.0.1:6379\/0/' /opt/funkwhale/config/.env #Remove #Hashtag From Config for Debian +sudo sed -i 's/# DATABASE_URL=postgresql:\/\/funkwhale@:5432\/funkwhale/DATABASE_URL=postgresql:\/\/funkwhale@:5432\/funkwhale/' /opt/funkwhale/config/.env #Remove #Hashtag From Config for Debian +# set the paths to /opt instead of /srv +sudo sed -i 's/MEDIA_ROOT=\/srv\/funkwhale\/data\/media/MEDIA_ROOT=\/opt\/funkwhale\/data\/media/' /opt/funkwhale/config/.env +sudo sed -i 's/STATIC_ROOT=\/srv\/funkwhale\/data\/static/STATIC_ROOT=\/opt\/funkwhale\/data\/static/' /opt/funkwhale/config/.env +sudo sed -i 's/MUSIC_DIRECTORY_PATH=\/srv\/funkwhale\/data\/music/MUSIC_DIRECTORY_PATH=\/opt\/funkwhale\/data\/music/' /opt/funkwhale/config/.env +sudo sed -i 's/MUSIC_DIRECTORY_SERVE_PATH=\/srv\/funkwhale\/data\/music/MUSIC_DIRECTORY_SERVE_PATH=\/opt\/funkwhale\/data\/music/' /opt/funkwhale/config/.env +sudo sed -i 's/FUNKWHALE_FRONTEND_PATH=\/srv\/funkwhale\/front\/dist/FUNKWHALE_FRONTEND_PATH=\/opt\/funkwhale\/front\/dist/' /opt/funkwhale/config/.env +sudo chown funkwhale:funkwhale /opt/funkwhale/config/.env +sudo chmod 600 /opt/funkwhale/config/.env +msg_ok "Environment successfully set up" + +msg_info "Setting up Database" +DB_NAME=funkwhale +DB_USER=funkwhale +DB_EXTENSION_UNACCENT=unaccent +DB_EXTENSION_CITEXT=citext +DB_PASS="$(openssl rand -base64 18 | cut -c1-13)" +SECRET_KEY="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32)" +$STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';" +$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER TEMPLATE template0;" +$STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;" +echo "" >>~/funkwhale.creds +echo -e "Funkwhale Database User: \e[32m$DB_USER\e[0m" >>~/funkwhale.creds +echo -e "Funkwhale Database Password: \e[32m$DB_PASS\e[0m" >>~/funkwhale.creds +echo -e "Funkwhale Database Name: \e[32m$DB_NAME\e[0m" >>~/funkwhale.creds +$STD sudo -u postgres psql -c "CREATE EXTENSION $DB_EXTENSION_UNACCENT;" +$STD sudo -u postgres psql -c "CREATE EXTENSION $DB_EXTENSION_CITEXT;" +cd /opt/funkwhale +$STD sudo -u funkwhale venv/bin/funkwhale-manage migrate +msg_ok "Set up PostgreSQL database" + +msg_info "Setting up Funkwhale and systemd" +FUNKWHALE_USER=funkwhale_su +FUNKWHALE_MAIL=mail@example.com +FUNKWHALE_PASS="$(openssl rand -base64 18 | cut -c1-13)" +echo -e "Funkwhale Superuser: \e[32m$FUNKWHALE_USER\e[0m" >>~/funkwhale.creds +echo -e "Funkwhale Mail: \e[32m$FUNKWHALE_MAIL\e[0m" >>~/funkwhale.creds +echo -e "Funkwhale Superuser Password: \e[32m$FUNKWHALE_PASS\e[0m" >>~/funkwhale.creds +$STD sudo -u funkwhale venv/bin/funkwhale-manage fw users create --superuser --username $FUNKWHALE_USER --email $FUNKWHALE_MAIL --password $FUNKWHALE_PASS +$STD sudo venv/bin/funkwhale-manage collectstatic +$STD sudo curl -L -o "/etc/systemd/system/funkwhale.target" "https://dev.funkwhale.audio/funkwhale/funkwhale/raw/$FUNKWHALE_VERSION/deploy/funkwhale.target" +$STD sudo curl -L -o "/etc/systemd/system/funkwhale-server.service" "https://dev.funkwhale.audio/funkwhale/funkwhale/raw/$FUNKWHALE_VERSION/deploy/funkwhale-server.service" +$STD sudo curl -L -o "/etc/systemd/system/funkwhale-worker.service" "https://dev.funkwhale.audio/funkwhale/funkwhale/raw/$FUNKWHALE_VERSION/deploy/funkwhale-worker.service" +$STD sudo curl -L -o "/etc/systemd/system/funkwhale-beat.service" "https://dev.funkwhale.audio/funkwhale/funkwhale/raw/$FUNKWHALE_VERSION/deploy/funkwhale-beat.service" +$STD sudo systemctl daemon-reload +$STD sudo systemctl start funkwhale.target +$STD sudo systemctl enable --now funkwhale.target +msg_ok "Funkwhale successfully set up" + +read -r -p "Would you like to Setup Reverse Proxy (Nginx)? " prompt +if [[ "${prompt,,}" =~ ^(y|yes)$ ]]; then + msg_info "Installing NGINX" + $STD apt install -y nginx + sudo su + $STD curl -L -o /etc/nginx/funkwhale_proxy.conf "https://dev.funkwhale.audio/funkwhale/funkwhale/raw/$FUNKWHALE_VERSION/deploy/funkwhale_proxy.conf" + $STD curl -L -o /etc/nginx/sites-available/funkwhale.template "https://dev.funkwhale.audio/funkwhale/funkwhale/raw/$FUNKWHALE_VERSION/deploy/nginx.template" + $STD set -a && source /opt/funkwhale/config/.env && set +a envsubst "`env | awk -F = '{printf \" $%s\", $$1}'`" \ + < /etc/nginx/sites-available/funkwhale.template \ + > /etc/nginx/sites-available/funkwhale.conf + $STD grep '${' /etc/nginx/sites-available/funkwhale.conf + $STD ln -s /etc/nginx/sites-available/funkwhale.conf /etc/nginx/sites-enabled/ + $STD systemctl reload nginx + msg_ok "Installed Nginx" +fi + +read -r -p "Would you like to Setup TLS (Certbot)? " prompt +if [[ "${prompt,,}" =~ ^(y|yes)$ ]]; then + msg_info "Installing Certbot" + $STD apt install -y certbot python3-certbot-nginx + $STD sudo certbot --nginx -d $FUNKWHALE_HOSTNAME + msg_ok "Installed Certbot" +fi + +motd_ssh +customize + +msg_info "Cleaning up" +$STD apt-get autoremove +$STD apt-get autoclean +msg_ok "Cleaned" diff --git a/install/ghostfolio-install.sh b/install/ghostfolio-install.sh new file mode 100644 index 0000000..e834d73 --- /dev/null +++ b/install/ghostfolio-install.sh @@ -0,0 +1,179 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2024 tteck +# Author: tteck (tteckster) +# Co-Author: jcantosz +# License: MIT +# https://github.com/tteck/Proxmox/raw/main/LICENSE + +source /dev/stdin <<< "$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Dependencies" +$STD apt-get update +$STD apt-get install -y \ + curl \ + lsb-release \ + gpg \ + g++ \ + git \ + make \ + openssl \ + python3 \ + postgresql-15 \ + redis +msg_ok "Installed Dependencies" + +msg_info "Setting up Node.js Repository" +mkdir -p /etc/apt/keyrings +curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg +echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" >/etc/apt/sources.list.d/nodesource.list +msg_ok "Set up Node.js Repository" + +msg_info "Installing Node.js" +$STD apt-get update +$STD apt-get install -y --no-install-suggests nodejs +msg_info "Installed Node.js" + +msg_info "Installing Postgresql" +POSTGRES_HOST=localhost +POSTGRES_PORT=5432 +POSTGRES_DB=ghostfolio-db +POSTGRES_USER='postgres' +POSTGRES_PASSWORD="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32)" +ACCESS_TOKEN_SALT="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32)" +DATABASE_URL="postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB}?connect_timeout=300&sslmode=prefer" +JWT_SECRET_KEY="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32)" + +$STD su postgres <~/ghostfolio.creds +echo "Ghostfolio Database Credentials" >>~/ghostfolio.creds +echo "" >>~/ghostfolio.creds +echo -e "Ghostfolio Database User: \e[32m$POSTGRES_USER\e[0m" >>~/ghostfolio.creds +echo -e "Ghostfolio Database Password: \e[32m$POSTGRES_PASSWORD\e[0m" >>~/ghostfolio.creds +echo -e "Ghostfolio Database Name: \e[32m$POSTGRES_DB\e[0m" >>~/ghostfolio.creds +msg_ok "Installed Postgresql" + +msg_info "Installing Redis" +REDIS_HOST=localhost +REDIS_PORT=6379 +REDIS_PASSWORD="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32)" + +$STD redis-cli CONFIG SET requirepass "$REDIS_PASSWORD" +$STD redis-cli -a "$REDIS_PASSWORD" CONFIG REWRITE +$STD systemctl restart redis +echo "" >>~/ghostfolio.creds +echo "Ghostfolio Redis Credentials" >>~/ghostfolio.creds +echo "" >>~/ghostfolio.creds +echo -e "Ghostfolio Redis Password: \e[32m$REDIS_PASSWORD\e[0m" >>~/ghostfolio.creds +msg_ok "Installed Redis" + +msg_info "Installing Ghostfolio (Patience)" +RELEASE=$(curl -sL https://api.github.com/repos/ghostfolio/ghostfolio/releases/latest | grep '"tag_name":' | cut -d'"' -f4) +echo "${RELEASE}" >/opt/${APPLICATION}_version.txt + +cd /opt/ +$STD curl -Ls -o ghostfolio-$RELEASE.tgz https://github.com/ghostfolio/ghostfolio/archive/refs/tags/$RELEASE.tar.gz +$STD tar xzf ghostfolio-$RELEASE.tgz +$STD rm ghostfolio-$RELEASE.tgz + +cp /opt/ghostfolio-$RELEASE/package.json /opt/package.json +cp /opt/ghostfolio-$RELEASE/package-lock.json /opt/package-lock.json + +cd /opt/ghostfolio-$RELEASE +$STD npm install +$STD npm run build:production +mv /opt/package-lock.json /opt/ghostfolio-$RELEASE/package-lock.json + +cd /opt/ghostfolio-$RELEASE/dist/apps/api/ +$STD npm install +cp -r /opt/ghostfolio-$RELEASE/prisma . +mv /opt/package.json /opt/ghostfolio-$RELEASE/dist/apps/api/package.json +$STD npm run database:generate-typings + +cd /opt +mv /opt/ghostfolio-$RELEASE/dist/apps /opt/ghostfolio +mv /opt/ghostfolio-$RELEASE/docker/entrypoint.sh /opt/ghostfolio/ + +rm -rf /opt/ghostfolio-$RELEASE +msg_ok "Installed Ghostfolio" + +msg_info "Creating Service" +cat </opt/ghostfolio/api/.env +# CACHE +REDIS_HOST=$REDIS_HOST +REDIS_PORT=$REDIS_PORT +REDIS_PASSWORD=$REDIS_PASSWORD + +# POSTGRES +POSTGRES_DB=$POSTGRES_DB +POSTGRES_USER=$POSTGRES_USER +POSTGRES_PASSWORD=$POSTGRES_PASSWORD + +# VARIOUS +ACCESS_TOKEN_SALT=$ACCESS_TOKEN_SALT +DATABASE_URL="$DATABASE_URL" +JWT_SECRET_KEY=$JWT_SECRET_KEY +EOF + +cat </opt/ghostfolio/start.sh +#!/bin/bash +# Source the environment vars and export them otherwise it wont get them properly +set -a +. /opt/ghostfolio/api/.env +set +a + +# Run the docker entrypoint +/opt/ghostfolio/entrypoint.sh +EOF + +chmod +x /opt/ghostfolio/start.sh + +msg_info "Setup Service" +cat </etc/systemd/system/ghostfolio.service +[Unit] +Description=ghostfolio + +[Service] +After=postgresql.service redis.service +Require=postgresql.service redis.service + +# Start Service +ExecStart=/opt/ghostfolio/start.sh +WorkingDirectory=/opt/ghostfolio/api/ + +# Restart service after 10 seconds if node service crashes +RestartSec=10 +Restart=always + +# Output to syslog +StandardOutput=syslog +StandardError=syslog +SyslogIdentifier=ghostfolio + +[Install] +WantedBy=multi-user.target +EOF + +systemctl enable ghostfolio +systemctl start ghostfolio +msg_ok "Created Service" + +motd_ssh +customize + +msg_info "Cleaning up" +$STD apt-get -y autoremove +$STD apt-get -y autoclean +msg_ok "Cleaned" \ No newline at end of file diff --git a/install/hoodik-install.sh b/install/hoodik-install.sh new file mode 100644 index 0000000..bf40b47 --- /dev/null +++ b/install/hoodik-install.sh @@ -0,0 +1,72 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2024 community-scripts ORG +# Author: MickLesk (Canbiz) +# License: MIT +# https://github.com/tteck/Proxmox/raw/main/LICENSE +# Source: https://github.com/hudikhq/hoodik + +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Dependencies (Patience)" +$STD apt-get install -y \ + pkg-config \ + libssl-dev \ + libc6-dev \ + libpq-dev \ + clang \ + llvm \ + nettle-dev \ + build-essential \ + curl \ + sudo \ + make \ + mc +msg_ok "Installed Dependencies" + +msg_info "Installing Rust (Patience)" +$STD bash <(curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs) -y +source ~/.cargo/env +msg_ok "Installed Rust" + +msg_info "Installing Hoodik (Patience)" +cd /opt +RELEASE=$(curl -s https://api.github.com/repos/hudikhq/hoodik/releases/latest | grep "tag_name" | awk '{print substr($2, 2, length($2)-3) }') +wget -q "https://github.com/hudikhq/hoodik/archive/refs/tags/${RELEASE}.zip" +unzip -q ${RELEASE}.zip +mv "hoodik-${RELEASE:1}" hoodik +cd hoodik +cargo build -q --release +msg_ok "Installed hoodik" + +msg_info "Creating Service" +cat </etc/systemd/system/hoodik.service +[Unit] +Description=Start Hoodik Service +After=network.target + +[Service] +User=root +WorkingDirectory=/opt/hoodik +ExecStart=/root/.cargo/bin/cargo run -q --release + +[Install] +WantedBy=multi-user.target +EOF +systemctl enable -q --now hoodik.service +msg_ok "Created Service" + +motd_ssh +customize + +msg_info "Cleaning up" +rm -rf /opt/${RELEASE}.zip +$STD apt-get autoremove +$STD apt-get autoclean +msg_ok "Cleaned" diff --git a/install/koel-install.sh b/install/koel-install.sh new file mode 100644 index 0000000..ea17959 --- /dev/null +++ b/install/koel-install.sh @@ -0,0 +1,158 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2024 communtiy-scripts ORG +# Author: MickLesk (Canbiz) +# License: MIT +# https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE + +source /dev/stdin <<< "$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Dependencies (Patience)" +$STD apt-get install -y \ + postgresql \ + nginx \ + apt-transport-https \ + gnupg2 \ + lsb-release \ + ffmpeg \ + curl \ + unzip \ + sudo \ + mc \ + cron \ + libapache2-mod-xsendfile \ + libzip-dev \ + locales \ + libpng-dev \ + libjpeg62-turbo-dev \ + libpq-dev \ + libwebp-dev \ + libapache2-mod-php \ + composer + msg_ok "Installed Dependencies" + +msg_info "Setting up PSql Database" +DB_NAME=koel_db +DB_USER=koel +DB_PASS="$(openssl rand -base64 18 | cut -c1-13)" +$STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';" +$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCODING 'UTF8' TEMPLATE template0;" +$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';" +$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET default_transaction_isolation TO 'read committed';" +$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET timezone TO 'UTC'" +{ + echo "Koel-Credentials" + echo "Koel Database User: $DB_USER" + echo "Koel Database Password: $DB_PASS" + echo "Koel Database Name: $DB_NAME" +} >> ~/koel.creds +msg_ok "Set up PostgreSQL database" + +msg_info "Setting up Node.js/Yarn" +mkdir -p /etc/apt/keyrings +$STD curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg +$STD echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" >/etc/apt/sources.list.d/nodesource.list +$STD apt-get update +$STD apt-get install -y nodejs +$STD npm install -g npm@latest +$STD npm install -g yarn +msg_ok "Installed Node.js/Yarn" + +msg_info "Setting up PHP" +$STD curl -sSLo /usr/share/keyrings/deb.sury.org-php.gpg https://packages.sury.org/php/apt.gpg +$STD sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list' +$STD apt update +$STD apt install -y php8.3 php8.3-{bcmath,exif,bz2,cli,common,curl,fpm,gd,intl,sqlite3,mbstring,xml,zip,pgsql} +msg_ok "PHP successfully setup" + +msg_info "Installing Koel(Patience)" +RELEASE=$(wget -q https://github.com/koel/koel/releases/latest -O - | grep "title>Release" | cut -d " " -f 4) +cd /opt +mkdir -p /opt/koel_{media,sync} +wget -q https://github.com/koel/koel/releases/download/${RELEASE}/koel-${RELEASE}.zip +unzip -q koel-${RELEASE}.zip +chown -R :www-data /opt/* +chmod -R g+r /opt/* +chmod -R g+rw /opt/* +chown -R www-data:www-data /opt/* +chmod -R 755 /opt/* +cd /opt/koel +echo "export COMPOSER_ALLOW_SUPERUSER=1" >> ~/.bashrc +source ~/.bashrc +$STD composer update --no-interaction +$STD composer install --no-interaction +sudo sed -i -e "s/DB_CONNECTION=.*/DB_CONNECTION=pgsql/" \ + -e "s/DB_HOST=.*/DB_HOST=localhost/" \ + -e "s/DB_DATABASE=.*/DB_DATABASE=$DB_NAME/" \ + -e "s/DB_PORT=.*/DB_PORT=5432/" \ + -e "s/DB_USERNAME=.*/DB_USERNAME=$DB_USER/" \ + -e "s|DB_PASSWORD=.*|DB_PASSWORD=$DB_PASS|" \ + -e "s|MEDIA_PATH=.*|MEDIA_PATH=/opt/koel_media|" \ + -e "s|FFMPEG_PATH=/usr/local/bin/ffmpeg|FFMPEG_PATH=/usr/bin/ffmpeg|" /opt/koel/.env +sed -i -e "s/^upload_max_filesize = .*/upload_max_filesize = 200M/" \ + -e "s/^post_max_size = .*/post_max_size = 200M/" \ + -e "s/^memory_limit = .*/memory_limit = 200M/" /etc/php/8.3/fpm/php.ini +msg_ok "Installed Koel" + +msg_info "Set up web services" +cat </etc/nginx/sites-available/koel +server { + listen 6767; + server_name koel.local; + root /opt/koel/public; + index index.php; + + gzip on; + gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript application/json; + gzip_comp_level 9; + + send_timeout 3600; + client_max_body_size 200M; + + location / { + try_files \$uri \$uri/ /index.php?\$args; + } + + location /media/ { + internal; + alias /opt/koel_media; + } + + location ~ \.php$ { + try_files \$uri =404; + fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_pass unix:/run/php/php8.3-fpm.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; + fastcgi_param PATH_INFO \$fastcgi_path_info; + } +} +EOF +ln -s /etc/nginx/sites-available/koel /etc/nginx/sites-enabled/koel +systemctl restart php8.3-fpm +systemctl reload nginx +msg_ok "Created Services" + +msg_info "Adding Cronjob (Daily Midnight)" +cat </opt/koel_sync/koel_sync.cron +0 0 * * * cd /opt/koel/ && /usr/bin/php artisan koel:sync >/opt/koel_sync/koel_sync.log 2>&1 +EOF +crontab /opt/koel_sync/koel_sync.cron + +msg_ok "Cronjob successfully added" + +motd_ssh +customize + +msg_info "Cleaning up" +rm -rf /opt/koel-${RELEASE}.zip +$STD apt-get autoremove +$STD apt-get autoclean +msg_ok "Cleaned" diff --git a/install/netbootxyz-install.sh b/install/netbootxyz-install.sh new file mode 100644 index 0000000..933167c --- /dev/null +++ b/install/netbootxyz-install.sh @@ -0,0 +1,57 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2023 tteck +# Author: tteck (tteckster) +# License: MIT +# https://github.com/tteck/Proxmox/raw/main/LICENSE + +source /dev/stdin <<< "$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Dependencies" +$STD apt-get install -y ansible git apache2 +msg_ok "Installed Dependencies" + +RELEASE=$(curl -sX GET "https://api.github.com/repos/netbootxyz/netboot.xyz/releases/latest" | awk '/tag_name/{print $4;exit}' FS='[""]') +msg_info "Installing netboot.xyz ${RELEASE}" +$STD curl --silent -o ${RELEASE}.tar.gz -L "https://github.com/netbootxyz/netboot.xyz/archive/${RELEASE}.tar.gz" +$STD tar xvzf ${RELEASE}.tar.gz +VER=$(curl -s https://api.github.com/repos/netbootxyz/netboot.xyz/releases/latest | + grep "tag_name" | + awk '{print substr($2, 2, length($2)-3) }') +rm -rf ${RELEASE}.tar.gz +mv netboot.xyz-${VER} /opt/netboot.xyz +msg_ok "Installed netboot.xyz ${RELEASE}" + +msg_info "Creating Service" +service_path="/etc/systemd/system/netbootxyz.service" +echo "[Unit] +Description=netboot.xyz +After=network.target + +[Service] +Restart=always +RestartSec=5 +Type=simple +User=root +WorkingDirectory=/opt/netboot.xyz +ExecStart="ansible-playbook" -i inventory site.yml +TimeoutStopSec=30 + +[Install] +WantedBy=multi-user.target" >$service_path +$STD sudo systemctl enable --now netbootxyz.service +msg_ok "Created Service" + +motd_ssh +customize + +msg_info "Cleaning up" +$STD apt-get autoremove +$STD apt-get autoclean +msg_ok "Cleaned" diff --git a/install/nginxproxymanager-install.sh b/install/nginxproxymanager-install.sh new file mode 100644 index 0000000..0169c5d --- /dev/null +++ b/install/nginxproxymanager-install.sh @@ -0,0 +1,187 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2025 tteck +# Author: tteck (tteckster) +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://nginxproxymanager.com/ + +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Dependencies" +$STD apt-get update +$STD apt-get -y install \ + sudo \ + mc \ + curl \ + gnupg \ + make \ + gcc \ + g++ \ + ca-certificates \ + apache2-utils \ + logrotate \ + build-essential \ + git +msg_ok "Installed Dependencies" + +msg_info "Installing Python3" +$STD apt-get install -y \ + python3 \ + python3-dev \ + python3-pip \ + python3-venv \ + python3-cffi \ + python3-certbot \ + python3-certbot-dns-cloudflare +$STD pip3 install certbot-dns-multi +$STD python3 -m venv /opt/certbot/ +rm -rf /usr/lib/python3.*/EXTERNALLY-MANAGED +msg_ok "Installed Python3" + +msg_info "Installing Openresty" +VERSION="$(awk -F'=' '/^VERSION_CODENAME=/{ print $NF }' /etc/os-release)" +wget -qO - https://openresty.org/package/pubkey.gpg | gpg --dearmor -o /etc/apt/trusted.gpg.d/openresty.gpg +echo -e "deb http://openresty.org/package/debian $VERSION openresty" >/etc/apt/sources.list.d/openresty.list +$STD apt-get update +$STD apt-get -y install openresty +msg_ok "Installed Openresty" + +msg_info "Installing Node.js" +$STD bash <(curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh) +source ~/.bashrc +$STD nvm install 16.20.2 +ln -sf /root/.nvm/versions/node/v16.20.2/bin/node /usr/bin/node +msg_ok "Installed Node.js" + +msg_info "Installing pnpm" +$STD npm install -g pnpm@8.15 +msg_ok "Installed pnpm" + +msg_info "Setup Nginx Proxy Manager" +RELEASE=$(curl -s https://api.github.com/repos/NginxProxyManager/nginx-proxy-manager/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }') +wget -q https://codeload.github.com/NginxProxyManager/nginx-proxy-manager/tar.gz/v${RELEASE} -O - | tar -xz +cd ./nginx-proxy-manager-${RELEASE} +ln -sf /usr/bin/python3 /usr/bin/python +ln -sf /usr/bin/certbot /opt/certbot/bin/certbot +ln -sf /usr/local/openresty/nginx/sbin/nginx /usr/sbin/nginx +ln -sf /usr/local/openresty/nginx/ /etc/nginx +sed -i "s|\"version\": \"0.0.0\"|\"version\": \"$RELEASE\"|" backend/package.json +sed -i "s|\"version\": \"0.0.0\"|\"version\": \"$RELEASE\"|" frontend/package.json +sed -i 's+^daemon+#daemon+g' docker/rootfs/etc/nginx/nginx.conf +NGINX_CONFS=$(find "$(pwd)" -type f -name "*.conf") +for NGINX_CONF in $NGINX_CONFS; do + sed -i 's+include conf.d+include /etc/nginx/conf.d+g' "$NGINX_CONF" +done + +mkdir -p /var/www/html /etc/nginx/logs +cp -r docker/rootfs/var/www/html/* /var/www/html/ +cp -r docker/rootfs/etc/nginx/* /etc/nginx/ +cp docker/rootfs/etc/letsencrypt.ini /etc/letsencrypt.ini +cp docker/rootfs/etc/logrotate.d/nginx-proxy-manager /etc/logrotate.d/nginx-proxy-manager +ln -sf /etc/nginx/nginx.conf /etc/nginx/conf/nginx.conf +rm -f /etc/nginx/conf.d/dev.conf + +mkdir -p /tmp/nginx/body \ + /run/nginx \ + /data/nginx \ + /data/custom_ssl \ + /data/logs \ + /data/access \ + /data/nginx/default_host \ + /data/nginx/default_www \ + /data/nginx/proxy_host \ + /data/nginx/redirection_host \ + /data/nginx/stream \ + /data/nginx/dead_host \ + /data/nginx/temp \ + /var/lib/nginx/cache/public \ + /var/lib/nginx/cache/private \ + /var/cache/nginx/proxy_temp + +chmod -R 777 /var/cache/nginx +chown root /tmp/nginx + +echo resolver "$(awk 'BEGIN{ORS=" "} $1=="nameserver" {print ($2 ~ ":")? "["$2"]": $2}' /etc/resolv.conf);" >/etc/nginx/conf.d/include/resolvers.conf + +if [ ! -f /data/nginx/dummycert.pem ] || [ ! -f /data/nginx/dummykey.pem ]; then + openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -subj "/O=Nginx Proxy Manager/OU=Dummy Certificate/CN=localhost" -keyout /data/nginx/dummykey.pem -out /data/nginx/dummycert.pem &>/dev/null +fi + +mkdir -p /app/global /app/frontend/images +cp -r backend/* /app +cp -r global/* /app/global +msg_ok "Setup Nginx Proxy Manager" + +msg_info "Building Frontend" +cd ./frontend +$STD pnpm install +$STD pnpm upgrade +$STD pnpm run build +cp -r dist/* /app/frontend +cp -r app-images/* /app/frontend/images +msg_ok "Built Frontend" + +msg_info "Initializing Backend" +rm -rf /app/config/default.json +if [ ! -f /app/config/production.json ]; then + cat <<'EOF' >/app/config/production.json +{ + "database": { + "engine": "knex-native", + "knex": { + "client": "sqlite3", + "connection": { + "filename": "/data/database.sqlite" + } + } + } +} +EOF +fi +cd /app +$STD pnpm install +msg_ok "Initialized Backend" + +msg_info "Creating Service" +cat <<'EOF' >/lib/systemd/system/npm.service +[Unit] +Description=Nginx Proxy Manager +After=network.target +Wants=openresty.service + +[Service] +Type=simple +Environment=NODE_ENV=production +ExecStartPre=-mkdir -p /tmp/nginx/body /data/letsencrypt-acme-challenge +ExecStart=/usr/bin/node index.js --abort_on_uncaught_exception --max_old_space_size=250 +WorkingDirectory=/app +Restart=on-failure + +[Install] +WantedBy=multi-user.target +EOF +msg_ok "Created Service" + +motd_ssh +customize + +msg_info "Starting Services" +sed -i 's/user npm/user root/g; s/^pid/#pid/g' /usr/local/openresty/nginx/conf/nginx.conf +sed -r -i 's/^([[:space:]]*)su npm npm/\1#su npm npm/g;' /etc/logrotate.d/nginx-proxy-manager +sed -i 's/include-system-site-packages = false/include-system-site-packages = true/g' /opt/certbot/pyvenv.cfg +systemctl enable -q --now openresty +systemctl enable -q --now npm +msg_ok "Started Services" + +msg_info "Cleaning up" +rm -rf ../nginx-proxy-manager-* +systemctl restart openresty +$STD apt-get -y autoremove +$STD apt-get -y autoclean +msg_ok "Cleaned" diff --git a/install/pixelfed-install.sh b/install/pixelfed-install.sh new file mode 100644 index 0000000..0996ec3 --- /dev/null +++ b/install/pixelfed-install.sh @@ -0,0 +1,191 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2024 tteck +# Author: tteck +# Co-Author: MickLesk (Canbiz) +# License: MIT +# https://github.com/tteck/Proxmox/raw/main/LICENSE + +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Dependencies (Patience)" +$STD apt-get install -y \ + build-essential \ + gpg \ + curl \ + sudo \ + git \ + gnupg2 \ + ca-certificates \ + lsb-release \ + php8.3-{fpm,bcmath,ctype,curl,exif,gd,iconv,intl,mbstring,redis,tokenizer,xml,zip,pgsql,pdo-pgsql,bz2,sqlite3} \ + composer \ + redis \ + ffmpeg \ + jpegoptim \ + optipng \ + pngquant \ + make \ + mc +msg_ok "Installed Dependencies" + +msg_info "Configure Redis Socket" +REDIS_PASS="$(openssl rand -base64 18 | cut -c1-13)" +sed -i 's/^port .*/port 0/' /etc/redis/redis.conf +sed -i "s/^# requirepass foobared/requirepass $REDIS_PASS/" /etc/redis/redis.conf +sed -i 's|^# unixsocket .*|unixsocket /run/redis/redis.sock|' /etc/redis/redis.conf +sed -i 's/^# unixsocketperm .*/unixsocketperm 770/' /etc/redis/redis.conf +systemctl restart redis +msg_ok "Redis Socket configured" + +msg_info "Add pixelfed user" +useradd -rU -s /bin/bash pixelfed +msg_ok "Pixelfed User Added" + +msg_info "Configure PHP-FPM for Pixelfed" +cp /etc/php/8.3/fpm/pool.d/www.conf /etc/php/8.3/fpm/pool.d/pixelfed.conf +sed -i 's/\[www\]/\[pixelfed\]/' /etc/php/8.3/fpm/pool.d/pixelfed.conf +sed -i 's/^user = www-data/user = pixelfed/' /etc/php/8.3/fpm/pool.d/pixelfed.conf +sed -i 's/^group = www-data/group = pixelfed/' /etc/php/8.3/fpm/pool.d/pixelfed.conf +sed -i 's|^listen = .*|listen = /run/php-fpm/pixelfed.sock|' /etc/php/8.3/fpm/pool.d/pixelfed.conf +systemctl restart php8.3-fpm +msg_ok "successfully configured PHP-FPM" + +msg_info "Setup Postgres Database" +DB_NAME=pixelfed_db +DB_USER=pixelfed_user +DB_PASS="$(openssl rand -base64 18 | cut -c1-13)" +curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /etc/apt/trusted.gpg.d/postgresql.gpg +echo "deb https://apt.postgresql.org/pub/repos/apt bookworm-pgdg main" >/etc/apt/sources.list.d/pgdg.list +apt-get update +apt-get install -y postgresql-17 +sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';" +sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER TEMPLATE template0;" +sudo -u postgres psql -c "ALTER DATABASE $DB_NAME OWNER TO $DB_USER;" +sudo -u postgres psql -c "GRANT CREATE ON SCHEMA public TO $DB_USER;" +echo "" >>~/pixelfed.creds +echo -e "Pixelfed Database Name: $DB_NAME" >>~/pixelfed.creds +echo -e "Pixelfed Database User: $DB_USER" >>~/pixelfed.creds +echo -e "Pixelfed Database Password: $DB_PASS" >>~/pixelfed.creds +#export $(cat /opt/pixelfed/.env |grep "^[^#]" | xargs) +msg_ok "Set up PostgreSQL Database successfully" + +msg_info "Installing Pixelfed (Patience)" +RELEASE=$(curl -s https://api.github.com/repos/pixelfed/pixelfed/releases/latest | grep "tag_name" | awk '{print substr($2, 2, length($2)-3) }') +wget -q "https://github.com/pixelfed/pixelfed/archive/refs/tags/${RELEASE}.zip" +unzip -q ${RELEASE}.zip +mv pixelfed-${RELEASE:1} /opt/pixelfed +rm -R ${RELEASE}.zip +cd /opt/pixelfed +chown -R www-data:www-data /opt/pixelfed/storage +chmod -R 775 /opt/pixelfed/storage +chown -R pixelfed:pixelfed /opt/pixelfed/storage +chmod -R 775 /opt/pixelfed/storage +chown -R www-data:www-data /opt/pixelfed +chmod -R 755 /opt/pixelfed +COMPOSER_ALLOW_SUPERUSER=1 composer install --no-dev --no-ansi --no-interaction --optimize-autoloader + +msg_info "Setup envoirement & PHP Database Migration" +cp .env.example .env +sed -i "s/DB_CONNECTION=.*/DB_CONNECTION=pgsql/" .env +sed -i "s/DB_PORT=.*/DB_PORT=5432/" .env +sed -i "s/DB_DATABASE=.*/DB_DATABASE=$DB_NAME/" .env +sed -i "s/DB_USERNAME=.*/DB_USERNAME=$DB_USER/" .env +sed -i "s/DB_PASSWORD=.*/DB_PASSWORD=$DB_PASS/" .env +sed -i "s/REDIS_HOST=.*/REDIS_HOST=127.0.0.1/" .env +sed -i "s/REDIS_PASSWORD=.*/REDIS_PASSWORD=$REDIS_PASS/" .env +sed -i "s/APP_URL=.*/APP_URL=http:\/\/localhost/" .env # localhost URL + +php artisan key:generate +php artisan storage:link +php artisan migrate --force +php artisan import:cities +php artisan instance:actor +php artisan passport:keys +php artisan route:cache +php artisan view:cache +sed -i 's/^post_max_size = .*/post_max_size = 100M/' /etc/php/8.3/fpm/php.ini +sed -i 's/^upload_max_filesize = .*/upload_max_filesize = 100M/' /etc/php/8.3/fpm/php.ini +sed -i 's/^max_execution_time = .*/max_execution_time = 600/' /etc/php/8.3/fpm/php.ini +systemctl restart php8.3-fpm + +msg_ok "Pixelfed successfully set up" + +msg_info "Creating Services" +cat </etc/nginx/sites-available/pixelfed.conf +server { + listen 80; + server_name localhost; # Nutzung von localhost + root /opt/pixelfed/public; + + index index.php; + + location / { + try_files \$uri \$uri/ /index.php?\$query_string; + } + + location ~ \.php$ { + include snippets/fastcgi-php.conf; + fastcgi_pass unix:/var/run/php/php8.2-fpm.sock; + fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; + include fastcgi_params; + } + + location ~ /\.(?!well-known).* { + deny all; + } + + client_max_body_size 20M; +} +EOF + +ln -s /etc/nginx/sites-available/pixelfed.conf /etc/nginx/sites-enabled/ +nginx -t && systemctl reload nginx + +cat </etc/systemd/system/pixelfed-horizon.service +[Unit] +Description=Pixelfed Horizon +After=network.target +Requires=php8.3-fpm +Requires=redis + +[Service] +User=www-data +WorkingDirectory=/opt/pixelfed +ExecStart=/usr/bin/php /opt/pixelfed/artisan horizon +Restart=always + +[Install] +WantedBy=multi-user.target +EOF +cat </etc/systemd/system/pixelfed-scheduler.service +[Unit] +Description=Pixelfed Scheduler +After=network.target + +[Service] +User=www-data +ExecStart=/usr/bin/php /opt/pixelfed/artisan schedule:run +Restart=always + +[Install] +WantedBy=multi-user.target +EOF + +systemctl enable --now pixelfed-scheduler +systemctl enable --now pixelfed-horizon +msg_ok "Created Services" + +motd_ssh +customize + +msg_info "Cleaning up" +$STD apt-get -y autoremove +$STD apt-get -y autoclean +msg_ok "Cleaned" diff --git a/install/roundcubemail-install.sh b/install/roundcubemail-install.sh new file mode 100644 index 0000000..16c4ce6 --- /dev/null +++ b/install/roundcubemail-install.sh @@ -0,0 +1,88 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2024 tteck +# Author: tteck +# Co-Author: MickLesk (Canbiz) +# License: MIT +# https://github.com/tteck/Proxmox/raw/main/LICENSE +# Source: https://github.com/roundcube/roundcubemail + +source /dev/stdin <<< "$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Dependencies" +$STD apt-get install -y \ + curl \ + sudo \ + mc \ + postgresql \ + apache2 \ + libapache2-mod-php \ + composer \ + php8.2-{mbstring,gd,imap,mysql,ldap,curl,intl,imagick,bz2,sqlite3,zip,xml} +msg_ok "Installed Dependencies" + +msg_info "Setting up PostgreSQL" +DB_NAME=roundcube_db +DB_USER=roundcube_user +DB_PASS="$(openssl rand -base64 18 | cut -c1-13)" +$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH ENCODING 'UTF8';" +$STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';" +$STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;" +$STD sudo -u postgres psql -c "ALTER DATABASE $DB_NAME OWNER TO $DB_USER;" +$STD sudo -u postgres psql -c "ALTER USER $DB_USER WITH SUPERUSER;" +echo "" >>~/roundcubemail.creds +echo -e "Roundcubemail Database User: $DB_USER" >>~/roundcubemail.creds +echo -e "Roundcubemail Database Password: $DB_PASS" >>~/roundcubemail.creds +echo -e "Roundcubemail Database Name: $DB_NAME" >>~/roundcubemail.creds +msg_ok "Set up PostgreSQL" + +msg_info "Installing Roundcubemail (Patience)" +cd /opt +RELEASE=$(curl -s https://api.github.com/repos/roundcube/roundcubemail/releases/latest | grep "tag_name" | awk '{print substr($2, 2, length($2)-3) }') +wget -q "https://github.com/roundcube/roundcubemail/releases/download/${RELEASE}/roundcubemail-${RELEASE}-complete.tar.gz" +tar -xf roundcubemail-${RELEASE}-complete.tar.gz +mv roundcubemail-${RELEASE} /opt/roundcubemail +cd /opt/roundcubemail +COMPOSER_ALLOW_SUPERUSER=1 composer install --no-dev +cp /opt/roundcubemail/config/config.inc.php.sample /opt/roundcubemail/config/config.inc.php +sed -i "s|^\\\$config\\['db_dsnw'\\] = 'mysql://.*';|\\\$config\\['db_dsnw'\\] = 'pgsql://$DB_USER:$DB_PASS@localhost/$DB_NAME';|" /opt/roundcubemail/config/config.inc.php +chown -R www-data:www-data temp/ logs/ +echo "${RELEASE}" >"/opt/${APPLICATION}_version.txt" + +cat </etc/apache2/sites-available/roundcubemail.conf + + ServerAdmin webmaster@localhost + DocumentRoot /opt/roundcubemail/public_html + + + Options -Indexes +FollowSymLinks + AllowOverride All + Require all granted + + + ErrorLog \${APACHE_LOG_DIR}/wallos_error.log + CustomLog \${APACHE_LOG_DIR}/wallos_access.log combined + +EOF +$STD sudo a2enmod deflate +$STD sudo a2enmod expires +$STD sudo a2enmod headers +$STD a2ensite roundcubemail.conf +$STD a2dissite 000-default.conf +$STD systemctl reload apache2 +msg_ok "Installed Wallos" + +motd_ssh +customize + +msg_info "Cleaning up" +rm -rf /opt/roundcubemail-${RELEASE}-complete.tar.gz +$STD apt-get -y autoremove +$STD apt-get -y autoclean +msg_ok "Cleaned" \ No newline at end of file diff --git a/install/squirrelserversmanager-install.sh b/install/squirrelserversmanager-install.sh new file mode 100644 index 0000000..2bbda26 --- /dev/null +++ b/install/squirrelserversmanager-install.sh @@ -0,0 +1,163 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2024 tteck +# Author: tteck (tteckster) +# License: MIT +# https://github.com/tteck/Proxmox/raw/main/LICENSE +source /dev/stdin <<< "$FUNCTIONS_FILE_PATH" + +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +# Generate a random string +generate_random_string() { + local LENGTH=$1 + tr -dc A-Za-z0-9 /dev/null || true +} + +msg_info "Installing Dependencies" +$STD apk add git +$STD apk add nodejs +$STD apk add npm +$STD apk add ansible +$STD apk add nmap +$STD apk add sudo +$STD apk add openssh +$STD apk add sshpass +$STD apk add py3-pip +$STD apk add expect +$STD apk add libcurl +$STD apk add gcompat +$STD apk add curl +$STD apk add newt +$STD git --version +$STD node --version +$STD npm --version +msg_ok "Installed Dependencies" + +msg_info "Installing Redis" +$STD apk add redis +msg_ok "Installed Redis" + +msg_info "Installing Nginx" +$STD apk add nginx +rm -rf /etc/nginx/http.d/default.conf +cat <<'EOF'> /etc/nginx/http.d/default.conf +server { + listen 80; + server_name localhost; + access_log off; + error_log off; + + location /api/socket.io/ { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + + proxy_pass http://127.0.0.1:3000/socket.io/; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } + + location /api/ { + proxy_pass http://127.0.0.1:3000/; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } + + location / { + proxy_pass http://127.0.0.1:8000/; + + # WebSocket support + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + error_page 501 502 503 404 /custom.html; + location = /custom.html { + root /usr/share/nginx/html; + } + } +} + +EOF +msg_ok "Installed Nginx" + +msg_info "Installing MongoDB Database" +DB_NAME=ssm +DB_PORT=27017 +echo 'http://dl-cdn.alpinelinux.org/alpine/v3.9/main' >> /etc/apk/repositories +echo 'http://dl-cdn.alpinelinux.org/alpine/v3.9/community' >> /etc/apk/repositories +$STD apk update +$STD apk add mongodb mongodb-tools +msg_ok "Installed MongoDB Database" + +msg_info "Starting Services" +$STD rc-service redis start +$STD rc-update add redis default +$STD rc-service mongodb start +$STD rc-update add mongodb default +msg_ok "Started Services" + +msg_info "Setting Up Squirrel Servers Manager" +$STD git clone https://github.com/SquirrelCorporation/SquirrelServersManager.git /opt/squirrelserversmanager +SECRET=$(generate_random_string 32) +SALT=$(generate_random_string 16) +VAULT_PWD=$(generate_random_string 32) +cat < /opt/squirrelserversmanager/.env +# SECRETS +SECRET=$SECRET +SALT=$SALT +VAULT_PWD=$VAULT_PWD +# MONGO +DB_HOST=127.0.0.1 +DB_NAME=ssm +DB_PORT=27017 +# REDIS +REDIS_HOST=127.0.0.1 +REDIS_PORT=6379 +EOF +export NODE_ENV=production +export $(grep -v '^#' /opt/squirrelserversmanager/.env | xargs) +$STD npm install -g npm@latest +$STD npm install -g @umijs/max +$STD npm install -g typescript +$STD npm install pm2 -g +msg_ok "Squirrel Servers Manager Has Been Setup" + +msg_info "Building Squirrel Servers Manager Lib" +cd /opt/squirrelserversmanager/shared-lib +$STD npm ci +$STD npm run build +msg_ok "Squirrel Servers Manager Lib built" + +msg_info "Building & Running Squirrel Servers Manager Client" +cd /opt/squirrelserversmanager/client +$STD npm ci +$STD npm run build +$STD pm2 start --name="squirrelserversmanager-frontend" npm -- run serve +msg_ok "Squirrel Servers Manager Client Built & Ran" + +msg_info "Building & Running Squirrel Servers Manager Server" +cd /opt/squirrelserversmanager/server +$STD npm ci +$STD npm run build +$STD pm2 start --name="squirrelserversmanager-backend" node -- ./dist/src/index.js +msg_ok "Squirrel Servers Manager Server Built & Ran" + +msg_info "Starting Squirrel Servers Manager" +$STD pm2 startup +$STD pm2 save +mkdir -p /usr/share/nginx/html/ +cp /opt/squirrelserversmanager/proxy/www/index.html /usr/share/nginx/html/custom.html + +$STD rc-service nginx start +$STD rc-update add nginx default +msg_ok "Squirrel Servers Manager Started" + +motd_ssh +customize diff --git a/install/timescaledb-install.sh b/install/timescaledb-install.sh new file mode 100644 index 0000000..7e01a75 --- /dev/null +++ b/install/timescaledb-install.sh @@ -0,0 +1,163 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2025 community-scripts ORG +# Author: MickLesk (CanbiZ) +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE + +source /dev/stdin <<< "$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Dependencies" +$STD apt-get install -y \ + curl \ + sudo \ + mc \ + gnupg \ + apt-transport-https \ + lsb-release +msg_ok "Installed Dependencies" + +msg_info "Setting up PostgreSQL Repository" +VERSION="$(awk -F'=' '/^VERSION_CODENAME=/{ print $NF }' /etc/os-release)" +echo "deb http://apt.postgresql.org/pub/repos/apt ${VERSION}-pgdg main" >/etc/apt/sources.list.d/pgdg.list +curl -sSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor --output /etc/apt/trusted.gpg.d/postgresql.gpg +msg_ok "Setup PostgreSQL Repository" + +msg_info "Installing PostgreSQL" +$STD apt-get update +$STD apt-get install -y postgresql postgresql-common + +cat </etc/postgresql/17/main/pg_hba.conf +# PostgreSQL Client Authentication Configuration File +local all postgres peer +# TYPE DATABASE USER ADDRESS METHOD +# "local" is for Unix domain socket connections only +local all all md5 +# IPv4 local connections: +host all all 127.0.0.1/32 scram-sha-256 +host all all 0.0.0.0/24 md5 +# IPv6 local connections: +host all all ::1/128 scram-sha-256 +host all all 0.0.0.0/0 md5 +# Allow replication connections from localhost, by a user with the +# replication privilege. +local replication all peer +host replication all 127.0.0.1/32 scram-sha-256 +host replication all ::1/128 scram-sha-256 +EOF + +cat </etc/postgresql/17/main/postgresql.conf +# ----------------------------- +# PostgreSQL configuration file +# ----------------------------- + +#------------------------------------------------------------------------------ +# FILE LOCATIONS +#------------------------------------------------------------------------------ + +data_directory = '/var/lib/postgresql/17/main' +hba_file = '/etc/postgresql/17/main/pg_hba.conf' +ident_file = '/etc/postgresql/17/main/pg_ident.conf' +external_pid_file = '/var/run/postgresql/17-main.pid' + +#------------------------------------------------------------------------------ +# CONNECTIONS AND AUTHENTICATION +#------------------------------------------------------------------------------ + +# - Connection Settings - + +listen_addresses = '*' +port = 5432 +max_connections = 100 +unix_socket_directories = '/var/run/postgresql' + +# - SSL - + +ssl = on +ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem' +ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key' + +#------------------------------------------------------------------------------ +# RESOURCE USAGE (except WAL) +#------------------------------------------------------------------------------ + +shared_buffers = 128MB +dynamic_shared_memory_type = posix + +#------------------------------------------------------------------------------ +# WRITE-AHEAD LOG +#------------------------------------------------------------------------------ + +max_wal_size = 1GB +min_wal_size = 80MB + +#------------------------------------------------------------------------------ +# REPORTING AND LOGGING +#------------------------------------------------------------------------------ + +# - What to Log - + +log_line_prefix = '%m [%p] %q%u@%d ' +log_timezone = 'Etc/UTC' + +#------------------------------------------------------------------------------ +# PROCESS TITLE +#------------------------------------------------------------------------------ + +cluster_name = '17/main' + +#------------------------------------------------------------------------------ +# CLIENT CONNECTION DEFAULTS +#------------------------------------------------------------------------------ + +# - Locale and Formatting - + +datestyle = 'iso, mdy' +timezone = 'Etc/UTC' +lc_messages = 'C' +lc_monetary = 'C' +lc_numeric = 'C' +lc_time = 'C' +default_text_search_config = 'pg_catalog.english' + +#------------------------------------------------------------------------------ +# CONFIG FILE INCLUDES +#------------------------------------------------------------------------------ + +include_dir = 'conf.d' +EOF + +systemctl restart postgresql +msg_ok "Installed PostgreSQL" + + +msg_info "Setup TimescaleDB" +echo "deb https://packagecloud.io/timescale/timescaledb/debian/ $(lsb_release -c -s) main" | sudo tee /etc/apt/sources.list.d/timescaledb.list +wget --quiet -O - https://packagecloud.io/timescale/timescaledb/gpgkey | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/timescaledb.gpg +$STD apt-get update +$STD apt-get install timescaledb-2-postgresql-17 postgresql-client-17 +$STD timescaledb-tune --quiet --yes +$STD systemctl restart postgresql +msg_ok "Setup TimescaleDB" + +read -r -p "Would you like to add Adminer? " prompt +if [[ "${prompt,,}" =~ ^(y|yes)$ ]]; then + msg_info "Installing Adminer" + $STD apt install -y adminer + $STD a2enconf adminer + systemctl reload apache2 + msg_ok "Installed Adminer" +fi + +motd_ssh +customize + +msg_info "Cleaning up" +$STD apt-get -y autoremove +$STD apt-get -y autoclean +msg_ok "Cleaned" diff --git a/install/wallabag-install.sh b/install/wallabag-install.sh new file mode 100644 index 0000000..b9f1c5d --- /dev/null +++ b/install/wallabag-install.sh @@ -0,0 +1,133 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2025 community-scripts ORG +# Author: MickLesk (Canbiz) +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE + +source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Dependencies (Patience)" +$STD apt-get install -y \ + curl \ + git \ + unzip \ + sudo \ + make \ + php8.2 \ + php8.2-{cli,common,bcmath,intl,fpm,tidy,xml,mysql,mbstring,zip,gd,curl} \ + composer \ + apache2 \ + libapache2-mod-php \ + redis \ + mariadb-server +msg_ok "Installed Dependencies" + +msg_info "Setting up Database" +DB_NAME=wallabag_db +DB_USER=wallabag +DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13) +SECRET_KEY="$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | cut -c1-32)" +$STD mysql -u root -e "CREATE DATABASE $DB_NAME;" +$STD mysql -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';" +$STD mysql -u root -e "GRANT ALL PRIVILEGES ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;" +{ + echo "Wallabag Credentials" + echo "Database User: $DB_USER" + echo "Database Password: $DB_PASS" + echo "Database Name: $DB_NAME" +} >> ~/wallabag.creds +msg_ok "Set up Database" + +msg_info "Installing Wallabag (Patience)" +RELEASE=$(curl -s https://api.github.com/repos/wallabag/wallabag/releases/latest | grep "tag_name" | awk '{print substr($2, 2, length($2)-3) }') +wget -q "https://github.com/wallabag/wallabag/archive/refs/tags/${RELEASE}.zip" +unzip -q ${RELEASE}.zip +mv wallabag-${RELEASE} /opt/wallabag +cd /opt/wallabag +useradd -d /opt/wallabag -s /bin/bash -M wallabag +chown -R wallabag:wallabag /opt/wallabag +mv /opt/wallabag/app/config/parameters.yml.dist /opt/wallabag/app/config/parameters.yml +sed -i \ + -e 's|database_name: wallabag|database_name: wallabag_db|' \ + -e 's|database_port: ~|database_port: 3306|' \ + -e 's|database_user: root|database_user: wallabag|' \ + -e 's|database_password: ~|database_password: '"$DB_PASS"'|' \ + -e 's|secret: .*|secret: '"$SECRET_KEY"'|' \ + /opt/wallabag/app/config/parameters.yml + +export COMPOSER_ALLOW_SUPERUSER=1 +sudo -u wallabag make install --no-interaction + +export COMPOSER_ALLOW_SUPERUSER=1 +composer install --no-dev --prefer-dist --optimize-autoloader --no-interaction +msg_ok "Installed Wallabag" + +msg_info "Setting up Virtual Host" +cat </etc/nginx/conf.d/wallabag.conf +server { + root /opt/wallabag/web; + server_name $IPADDRESS; + + location / { + # try to serve file directly, fallback to app.php + try_files $uri /app.php$is_args$args; + } + location ~ ^/app\.php(/|$) { + # if, for some reason, you are still using PHP 5, + # then replace /run/php/php7.0 by /var/run/php5 + fastcgi_pass unix:/run/php/php7.0-fpm.sock; + fastcgi_split_path_info ^(.+\.php)(/.*)$; + include fastcgi_params; + # When you are using symlinks to link the document root to the + # current version of your application, you should pass the real + # application path instead of the path to the symlink to PHP + # FPM. + # Otherwise, PHP's OPcache may not properly detect changes to + # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126 + # for more information). + fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; + fastcgi_param DOCUMENT_ROOT $realpath_root; + # Prevents URIs that include the front controller. This will 404: + # http://domain.tld/app.php/some-path + # Remove the internal directive to allow URIs like this + internal; + } + + # return 404 for all other php files not matching the front controller + # this prevents access to other php files you don't want to be accessible. + location ~ \.php$ { + return 404; + } + + error_log /var/log/nginx/wallabag_error.log; + access_log /var/log/nginx/wallabag_access.log; +} +EOF + +$STD a2enmod rewrite +$STD a2ensite wallabag.conf +$STD a2dissite 000-default.conf +systemctl reload apache2 +msg_ok "Configured Virtual Host" + +msg_info "Setting Permissions" +chown -R www-data:www-data /opt/wallabag/{bin,app/config,vendor,data,var,web} +msg_ok "Set Permissions" + +msg_info "Running Wallabag Installation" +php bin/console wallabag:install --env=prod +msg_ok "Wallabag Installed" + +motd_ssh +customize + +msg_info "Cleaning up" +$STD apt-get autoremove +$STD apt-get autoclean +msg_ok "Cleaned"