diff --git a/ct/patchmon.sh b/ct/patchmon.sh new file mode 100644 index 00000000..9ea0f5a5 --- /dev/null +++ b/ct/patchmon.sh @@ -0,0 +1,79 @@ +#!/usr/bin/env bash +source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/build.func) +# Copyright (c) 2021-2025 community-scripts ORG +# Author: vhsdream +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://github.com/PatchMon/PatchMon + +APP="PatchMon" +APP_NAME=${APP,,} +var_tags="${var_tags:-monitoring}" +var_cpu="${var_cpu:-2}" +var_ram="${var_ram:-2048}" +var_disk="${var_disk:-4}" +var_os="${var_os:-debian}" +var_version="${var_version:-13}" +var_unprivileged="${var_unprivileged:-1}" + +header_info "$APP" +variables +color +catch_errors + +function update_script() { + header_info + check_container_storage + check_container_resources + + if [[ ! -d "/opt/patchmon" ]]; then + msg_error "No ${APP} Installation Found!" + exit + fi + + if check_for_gh_release "PatchMon" "PatchMon/PatchMon"; then + + msg_info "Stopping $APP" + systemctl stop patchmon-server + msg_ok "Stopped $APP" + + msg_info "Creating Backup" + cp /opt/patchmon/backend/.env /opt/backend.env + cp /opt/patchmon/frontend/.env /opt/frontend.env + msg_ok "Backup Created" + + rm -rf /opt/patchmon + fetch_and_deploy_gh_release "PatchMon" "PatchMon/PatchMon" "tarball" "latest" "/opt/patchmon" + + msg_info "Updating ${APP}" + cd /opt/patchmon + export NODE_ENV=production + export NPM_CONFIG_CACHE=/opt/patchmon/.npm + export NPM_CONFIG_PREFIX=/opt/patchmon/.npm-global + export NPM_CONFIG_TMP=/opt/patchmon/.npm/tmp + $STD npm install --omit=dev --no-audit --no-fund --no-save --ignore-scripts + cd /opt/patchmon/backend + $STD npm install --omit=dev --no-audit --no-fund --no-save --ignore-scripts + cd /opt/patchmon/frontend + $STD npm install --no-audit --no-fund --no-save --ignore-scripts + $STD npm run build + cd /opt/patchmon/backend + $STD npx prisma migrate deploy + mv /opt/backend.env /opt/patchmon/backend/.env + mv /opt/frontend.env /opt/patchmon/frontend/.env + msg_ok "Updated ${APP}" + + msg_info "Starting $APP" + systemctl start patchmon-server + msg_ok "Started $APP" + fi + exit +} + +start +build_container +description + +msg_ok "Completed Successfully!\n" +echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" +echo -e "${INFO}${YW} Access it using the following URL:${CL}" +echo -e "${TAB}${GATEWAY}${BGN}http://${IP}${CL}" diff --git a/frontend/public/json/patchmon.json b/frontend/public/json/patchmon.json new file mode 100644 index 00000000..039a359a --- /dev/null +++ b/frontend/public/json/patchmon.json @@ -0,0 +1,35 @@ +{ + "name": "PatchMon", + "slug": "patchmon", + "categories": [ + 9 + ], + "date_created": "2025-10-23", + "type": "ct", + "updateable": true, + "privileged": false, + "interface_port": 3399, + "documentation": "https://docs.patchmon.net", + "website": "https://patchmon.net", + "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons/webp/patchmon.webp", + "config_path": "", + "description": "Monitor Linux patches across all your hosts with real-time visibility, security update tracking, and comprehensive package management.", + "install_methods": [ + { + "type": "default", + "script": "ct/patchmon.sh", + "resources": { + "cpu": 2, + "ram": 2048, + "hdd": 4, + "os": "debian", + "version": "13" + } + } + ], + "default_credentials": { + "username": null, + "password": null + }, + "notes": [] +} diff --git a/install/patchmon-install.sh b/install/patchmon-install.sh new file mode 100644 index 00000000..d6f69b6b --- /dev/null +++ b/install/patchmon-install.sh @@ -0,0 +1,289 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2025 community-scripts ORG +# Author: vhsdream +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://github.com/PatcMmon/PatchMon + +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Dependencies" +$STD apt install -y \ + build-essential \ + gcc \ + nginx \ + redis-server +msg_ok "Installed Dependencies" + +NODE_VERSION="22" setup_nodejs +PG_VERSION="17" setup_postgresql + +msg_info "Creating PostgreSQL Database" +DB_NAME=patchmon_db +DB_USER=patchmon_usr +DB_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)" +$STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';" +$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCODING 'UTF8' TEMPLATE template0;" +$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';" +$STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;" + +cat <~/patchmon.creds +PatchMon Credentials +PatchMon Database Name: $DB_NAME +PatchMon Database User: $DB_USER +PatchMon Database Password: $DB_PASS +EOF +msg_ok "Created PostgreSQL Database" + +fetch_and_deploy_gh_release "PatchMon" "PatchMon/PatchMon" "tarball" "latest" "/opt/patchmon" + +msg_info "Configuring PatchMon" +cd /opt/patchmon +export NODE_ENV=production +export NPM_CONFIG_CACHE=/opt/patchmon/.npm +export NPM_CONFIG_PREFIX=/opt/patchmon/.npm-global +export NPM_CONFIG_TMP=/opt/patchmon/.npm/tmp +$STD npm install --omit=dev --no-audit --no-fund --no-save --ignore-scripts +cd /opt/patchmon/backend +$STD npm install --omit=dev --no-audit --no-fund --no-save --ignore-scripts +cd /opt/patchmon/frontend +$STD npm install --no-audit --no-fund --no-save --ignore-scripts +$STD npm run build +msg_ok "Configured PatchMon" + +msg_info "Creating env files" +JWT_SECRET="$(openssl rand -base64 64 | tr -d "=+/" | cut -c1-50)" +LOCAL_IP="$(hostname -I | awk '{print $1}')" +cat </opt/patchmon/backend/.env +# Database Configuration +DATABASE_URL="postgresql://$DB_USER:$DB_PASS@localhost:5432/$DB_NAME" +PY_THRESHOLD=3M_DB_CONN_MAX_ATTEMPTS=30 +PM_DB_CONN_WAIT_INTERVAL=2 + +# JWT Configuration +JWT_SECRET="$JWT_SECRET" +JWT_EXPIRES_IN=1h +JWT_REFRESH_EXPIRES_IN=7d + +# Server Configuration +PORT=3399 +NODE_ENV=production + +# API Configuration +API_VERSION=v1 + +# CORS Configuration +CORS_ORIGIN="http://$LOCAL_IP" + +# Session Configuration +SESSION_INACTIVITY_TIMEOUT_MINUTES=30 + +# User Configuration +DEFAULT_USER_ROLE=user + +# Rate Limiting (times in milliseconds) +RATE_LIMIT_WINDOW_MS=900000 +RATE_LIMIT_MAX=5000 +AUTH_RATE_LIMIT_WINDOW_MS=600000 +AUTH_RATE_LIMIT_MAX=500 +AGENT_RATE_LIMIT_WINDOW_MS=60000 +AGENT_RATE_LIMIT_MAX=1000 + +# Redis Configuration +REDIS_HOST=localhost +REDIS_PORT=6379 + +# Logging +LOG_LEVEL=info +ENABLE_LOGGING=true + +# TFA Configuration +TFA_REMEMBER_ME_EXPIRES_IN=30d +TFA_MAX_REMEMBER_SESSIONS=5 +TFA_SUSPICIOUS_ACTIVITY_THRESHOLD=3 +EOF + +cat </opt/patchmon/frontend/.env +VITE_API_URL=http://$LOCAL_IP/api/v1 +VITE_APP_NAME=PatchMon +VITE_APP_VERSION=1.3.0 +EOF +msg_ok "Created env files" + +msg_info "Running database migrations" +cd /opt/patchmon/backend +$STD npx prisma migrate deploy +$STD npx prisma generate +msg_ok "Database migrations complete" + +msg_info "Configuring Nginx" +cat </etc/nginx/sites-available/patchmon.conf +server { + listen 80; + server_name $LOCAL_IP; + + # Security headers + add_header X-Frame-Options DENY always; + add_header X-Content-Type-Options nosniff always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "strict-origin-when-cross-origin" always; + + # Frontend + location / { + root /opt/patchmon/frontend/dist; + try_files \$uri \$uri/ /index.html; + } + + # Bull Board proxy + location /bullboard { + proxy_pass http://127.0.0.1:3399; + proxy_http_version 1.1; + proxy_set_header Upgrade \$http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + proxy_set_header X-Forwarded-Host \$host; + proxy_set_header Cookie \$http_cookie; + proxy_cache_bypass \$http_upgrade; + proxy_read_timeout 300s; + proxy_connect_timeout 75s; + + # Enable cookie passthrough + proxy_pass_header Set-Cookie; + proxy_cookie_path / /; + + # Preserve original client IP + proxy_set_header X-Original-Forwarded-For \$http_x_forwarded_for; + if (\$request_method = 'OPTIONS') { + return 204; + } + } + + # API proxy + location /api/ { + proxy_pass http://127.0.0.1:3399; + proxy_http_version 1.1; + proxy_set_header Upgrade \$http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + proxy_cache_bypass \$http_upgrade; + proxy_read_timeout 300s; + proxy_connect_timeout 75s; + + # Preserve original client IP + proxy_set_header X-Original-Forwarded-For \$http_x_forwarded_for; + if (\$request_method = 'OPTIONS') { + return 204; + } + } + + # Static assets caching (exclude Bull Board assets) + location ~* ^/(?!bullboard).*\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ { + root /opt/patchmon/frontend/dist; + expires 1y; + add_header Cache-Control "public, immutable"; + } + + # Health check endpoint + location /health { + proxy_pass http://127.0.0.1:3399/health; + access_log off; + } +} +EOF +ln -sf /etc/nginx/sites-available/patchmon.conf /etc/nginx/sites-enabled/ +rm -f /etc/nginx/sites-enabled/default +$STD nginx -t +systemctl restart nginx +msg_ok "Configured Nginx" + +msg_info "Creating service" +cat </etc/systemd/system/patchmon-server.service +[Unit] +Description=PatchMon Service +After=network.target postgresql.service + +[Service] +Type=simple +WorkingDirectory=/opt/patchmon/backend +ExecStart=/usr/bin/node src/server.js +Restart=always +RestartSec=10 +Environment=NODE_ENV=production +Environment=PATH=/usr/bin:/usr/local/bin +NoNewPrivileges=true +PrivateTmp=true +ProtectSystem=strict +ProtectHome=true +ReadWritePaths=/opt/patchmon + +[Install] +WantedBy=multi-user.target +EOF +systemctl enable -q --now patchmon-server +msg_ok "Created and started service" + +msg_info "Populating server settings in DB" +cat </opt/patchmon/backend/update-settings.js +const { PrismaClient } = require('@prisma/client'); +const prisma = new PrismaClient(); + +async function updateSettings() { + try { + const settingsData = { + server_url: 'http://$LOCAL_IP', + server_protocol: 'http', + server_host: '$LOCAL_IP', + server_port: 3399, + update_interval: 60, + auto_update: true + }; + + if (existingSettings) { + // Update existing settings + await prisma.settings.update({ + where: { id: existingSettings.id }, + data: settingsData + }); + } else { + // Create new settings record + await prisma.settings.create({ + data: settingsData + }); + } + + console.log('✅ Database settings updated successfully'); + } catch (error) { + console.error('❌ Error updating settings:', error.message); + process.exit(1); + } finally { + await prisma.\$disconnect(); + } +} + +updateSettings(); +EOF + +cd /opt/patchmon/backend +$STD node update-settings.js +msg_ok "Server settings populated successfully" + +motd_ssh +customize + +msg_info "Cleaning up" +$STD apt -y autoremove +$STD apt -y autoclean +$STD apt -y clean +msg_ok "Cleaned"