remove temporary arm64 files
This commit is contained in:
Sam Heinz
@@ -1,44 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Copyright (c) 2021-2026 tteck
|
||||
# Author: tteck (tteckster)
|
||||
# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
|
||||
# Source: https://adguard.com/
|
||||
|
||||
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
||||
color
|
||||
verb_ip6
|
||||
catch_errors
|
||||
setting_up_container
|
||||
network_check
|
||||
update_os
|
||||
|
||||
fetch_and_deploy_gh_release "AdGuardHome" "AdguardTeam/AdGuardHome" "prebuild" "latest" "/opt/AdGuardHome" "AdGuardHome_linux_arm64.tar.gz"
|
||||
|
||||
msg_info "Creating Service"
|
||||
cat <<EOF >/etc/systemd/system/AdGuardHome.service
|
||||
[Unit]
|
||||
Description=AdGuard Home: Network-level blocker
|
||||
ConditionFileIsExecutable=/opt/AdGuardHome/AdGuardHome
|
||||
After=syslog.target network-online.target
|
||||
|
||||
[Service]
|
||||
StartLimitInterval=5
|
||||
StartLimitBurst=10
|
||||
ExecStart=/opt/AdGuardHome/AdGuardHome "-s" "run"
|
||||
WorkingDirectory=/opt/AdGuardHome
|
||||
StandardOutput=file:/var/log/AdGuardHome.out
|
||||
StandardError=file:/var/log/AdGuardHome.err
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
EnvironmentFile=-/etc/sysconfig/AdGuardHome
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
systemctl enable -q --now AdGuardHome
|
||||
msg_ok "Created Service"
|
||||
|
||||
motd_ssh
|
||||
customize
|
||||
cleanup_lxc
|
||||
@@ -1 +0,0 @@
|
||||
|
||||
@@ -1,56 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Copyright (c) 2021-2026 tteck
|
||||
# Author: tteck (tteckster)
|
||||
# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
|
||||
# Source: https://www.bazarr.media/
|
||||
|
||||
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
||||
color
|
||||
verb_ip6
|
||||
catch_errors
|
||||
setting_up_container
|
||||
network_check
|
||||
update_os
|
||||
|
||||
msg_info "Installing Dependencies"
|
||||
$STD apt install -y libicu76
|
||||
msg_ok "Installed Dependencies"
|
||||
|
||||
PYTHON_VERSION="3.12" setup_uv
|
||||
fetch_and_deploy_gh_release "bazarr" "morpheus65535/bazarr" "prebuild" "latest" "/opt/bazarr" "bazarr.zip"
|
||||
|
||||
msg_info "Installing Bazarr"
|
||||
mkdir -p /var/lib/bazarr/
|
||||
chmod 775 /opt/bazarr /var/lib/bazarr/
|
||||
sed -i.bak 's/--only-binary=Pillow//g' /opt/bazarr/requirements.txt
|
||||
$STD uv venv --clear /opt/bazarr/venv --python 3.12
|
||||
$STD uv pip install -r /opt/bazarr/requirements.txt --python /opt/bazarr/venv/bin/python3
|
||||
msg_ok "Installed Bazarr"
|
||||
|
||||
msg_info "Creating Service"
|
||||
cat <<EOF >/etc/systemd/system/bazarr.service
|
||||
[Unit]
|
||||
Description=Bazarr Daemon
|
||||
After=syslog.target network.target
|
||||
|
||||
[Service]
|
||||
WorkingDirectory=/opt/bazarr/
|
||||
UMask=0002
|
||||
Restart=on-failure
|
||||
RestartSec=5
|
||||
Type=simple
|
||||
ExecStart=/opt/bazarr/venv/bin/python3 /opt/bazarr/bazarr.py
|
||||
KillSignal=SIGINT
|
||||
TimeoutStopSec=20
|
||||
SyslogIdentifier=bazarr
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
systemctl enable -q --now bazarr
|
||||
msg_ok "Created Service"
|
||||
|
||||
motd_ssh
|
||||
customize
|
||||
cleanup_lxc
|
||||
@@ -1,48 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Copyright (c) 2021-2026 community-scripts ORG
|
||||
# Author: vhsdream
|
||||
# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
|
||||
# Source: https://github.com/alam00000/bentopdf
|
||||
|
||||
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
||||
color
|
||||
verb_ip6
|
||||
catch_errors
|
||||
setting_up_container
|
||||
network_check
|
||||
update_os
|
||||
|
||||
NODE_VERSION="24" setup_nodejs
|
||||
fetch_and_deploy_gh_release "bentopdf" "alam00000/bentopdf" "tarball" "latest" "/opt/bentopdf"
|
||||
|
||||
msg_info "Setup BentoPDF"
|
||||
cd /opt/bentopdf
|
||||
$STD npm ci --no-audit --no-fund
|
||||
export SIMPLE_MODE=true
|
||||
$STD npm run build -- --mode production
|
||||
msg_ok "Setup BentoPDF"
|
||||
|
||||
msg_info "Creating Service"
|
||||
cat <<EOF >/etc/systemd/system/bentopdf.service
|
||||
[Unit]
|
||||
Description=BentoPDF Service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
WorkingDirectory=/opt/bentopdf
|
||||
ExecStart=/usr/bin/npx serve dist -p 8080
|
||||
Restart=always
|
||||
RestartSec=10
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
systemctl enable -q --now bentopdf
|
||||
msg_ok "Created & started service"
|
||||
|
||||
motd_ssh
|
||||
customize
|
||||
cleanup_lxc
|
||||
@@ -1,81 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Copyright (c) 2021-2026 tteck
|
||||
# Author: tteck (tteckster)
|
||||
# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
|
||||
# Source: https://www.home-assistant.io/
|
||||
|
||||
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
||||
color
|
||||
verb_ip6
|
||||
catch_errors
|
||||
setting_up_container
|
||||
network_check
|
||||
update_os
|
||||
|
||||
msg_info "Setup Python3"
|
||||
$STD apt install -y \
|
||||
python3 \
|
||||
python3-dev \
|
||||
python3-pip \
|
||||
python3-venv
|
||||
rm -rf /usr/lib/python3.*/EXTERNALLY-MANAGED
|
||||
msg_ok "Setup Python3"
|
||||
|
||||
msg_info "Installing runlike"
|
||||
$STD pip install runlike
|
||||
msg_ok "Installed runlike"
|
||||
|
||||
get_latest_release() {
|
||||
curl -fsSL https://api.github.com/repos/$1/releases/latest | grep '"tag_name":' | cut -d'"' -f4
|
||||
}
|
||||
|
||||
DOCKER_LATEST_VERSION=$(get_latest_release "moby/moby")
|
||||
CORE_LATEST_VERSION=$(get_latest_release "home-assistant/core")
|
||||
PORTAINER_LATEST_VERSION=$(get_latest_release "portainer/portainer")
|
||||
|
||||
msg_info "Installing Docker $DOCKER_LATEST_VERSION"
|
||||
DOCKER_CONFIG_PATH='/etc/docker/daemon.json'
|
||||
mkdir -p $(dirname $DOCKER_CONFIG_PATH)
|
||||
echo -e '{\n "log-driver": "journald"\n}' >/etc/docker/daemon.json
|
||||
$STD sh <(curl -fsSL https://get.docker.com)
|
||||
msg_ok "Installed Docker $DOCKER_LATEST_VERSION"
|
||||
|
||||
msg_info "Pulling Portainer $PORTAINER_LATEST_VERSION Image"
|
||||
$STD docker pull portainer/portainer-ce:latest
|
||||
msg_ok "Pulled Portainer $PORTAINER_LATEST_VERSION Image"
|
||||
|
||||
msg_info "Installing Portainer $PORTAINER_LATEST_VERSION"
|
||||
$STD docker volume create portainer_data
|
||||
$STD docker run -d \
|
||||
-p 8000:8000 \
|
||||
-p 9443:9443 \
|
||||
--name=portainer \
|
||||
--restart=always \
|
||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||
-v portainer_data:/data \
|
||||
portainer/portainer-ce:latest
|
||||
msg_ok "Installed Portainer $PORTAINER_LATEST_VERSION"
|
||||
|
||||
msg_info "Pulling Home Assistant $CORE_LATEST_VERSION Image"
|
||||
$STD docker pull ghcr.io/home-assistant/home-assistant:stable
|
||||
msg_ok "Pulled Home Assistant $CORE_LATEST_VERSION Image"
|
||||
|
||||
msg_info "Installing Home Assistant $CORE_LATEST_VERSION"
|
||||
$STD docker volume create hass_config
|
||||
$STD docker run -d \
|
||||
--name homeassistant \
|
||||
--privileged \
|
||||
--restart unless-stopped \
|
||||
-v /var/run/docker.sock:/var/run/docker.sock \
|
||||
-v /dev:/dev \
|
||||
-v hass_config:/config \
|
||||
-v /etc/localtime:/etc/localtime:ro \
|
||||
--net=host \
|
||||
ghcr.io/home-assistant/home-assistant:stable
|
||||
mkdir /root/hass_config
|
||||
msg_ok "Installed Home Assistant $CORE_LATEST_VERSION"
|
||||
|
||||
motd_ssh
|
||||
customize
|
||||
cleanup_lxc
|
||||
@@ -1,67 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Copyright (c) 2021-2026 tteck
|
||||
# Author: tteck (tteckster)
|
||||
# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
|
||||
# Source: https://jellyfin.org/
|
||||
|
||||
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
||||
color
|
||||
verb_ip6
|
||||
catch_errors
|
||||
setting_up_container
|
||||
network_check
|
||||
update_os
|
||||
|
||||
msg_custom "ℹ️" "${GN}" "If NVIDIA GPU passthrough is detected, you'll be asked whether to install drivers in the container"
|
||||
setup_hwaccel
|
||||
|
||||
msg_info "Installing Jellyfin"
|
||||
VERSION="$(awk -F'=' '/^VERSION_CODENAME=/{ print $NF }' /etc/os-release)"
|
||||
if ! dpkg -s libjemalloc2 >/dev/null 2>&1; then
|
||||
$STD apt install -y libjemalloc2
|
||||
fi
|
||||
if [[ ! -f /usr/lib/libjemalloc.so ]]; then
|
||||
ln -sf /usr/lib/aarch64-linux-gnu/libjemalloc.so.2 /usr/lib/libjemalloc.so
|
||||
fi
|
||||
if [[ ! -d /etc/apt/keyrings ]]; then
|
||||
mkdir -p /etc/apt/keyrings
|
||||
fi
|
||||
curl -fsSL https://repo.jellyfin.org/jellyfin_team.gpg.key | gpg --dearmor --yes --output /etc/apt/keyrings/jellyfin.gpg
|
||||
cat <<EOF >/etc/apt/sources.list.d/jellyfin.sources
|
||||
Types: deb
|
||||
URIs: https://repo.jellyfin.org/${PCT_OSTYPE}
|
||||
Suites: ${VERSION}
|
||||
Components: main
|
||||
Architectures: arm64
|
||||
Signed-By: /etc/apt/keyrings/jellyfin.gpg
|
||||
EOF
|
||||
|
||||
$STD apt update
|
||||
$STD apt install -y jellyfin
|
||||
# Configure log rotation to prevent disk fill (keeps fail2ban compatibility) (PR: #1690 / Issue: #11224)
|
||||
cat <<EOF >/etc/logrotate.d/jellyfin
|
||||
/var/log/jellyfin/*.log {
|
||||
daily
|
||||
rotate 3
|
||||
maxsize 100M
|
||||
missingok
|
||||
notifempty
|
||||
compress
|
||||
delaycompress
|
||||
copytruncate
|
||||
}
|
||||
EOF
|
||||
chown -R jellyfin:adm /etc/jellyfin
|
||||
sleep 10
|
||||
systemctl restart jellyfin
|
||||
if [[ "$CTTYPE" == "0" ]]; then
|
||||
sed -i -e 's/^ssl-cert:x:104:$/render:x:104:root,jellyfin/' -e 's/^render:x:108:root,jellyfin$/ssl-cert:x:108:/' /etc/group
|
||||
else
|
||||
sed -i -e 's/^ssl-cert:x:104:$/render:x:104:jellyfin/' -e 's/^render:x:108:jellyfin$/ssl-cert:x:108:/' /etc/group
|
||||
fi
|
||||
msg_ok "Installed Jellyfin"
|
||||
|
||||
motd_ssh
|
||||
customize
|
||||
cleanup_lxc
|
||||
@@ -1,109 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Copyright (c) 2021-2026 community-scripts ORG
|
||||
# Author: MickLesk
|
||||
# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
|
||||
# Source: https://www.kimai.org/
|
||||
|
||||
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
||||
color
|
||||
verb_ip6
|
||||
catch_errors
|
||||
setting_up_container
|
||||
network_check
|
||||
update_os
|
||||
|
||||
msg_info "Installing Dependencies"
|
||||
$STD apt install -y \
|
||||
apt-transport-https \
|
||||
apache2 \
|
||||
git \
|
||||
expect
|
||||
msg_ok "Installed Dependencies"
|
||||
|
||||
setup_mariadb
|
||||
PHP_VERSION="8.4" PHP_APACHE="YES" setup_php
|
||||
setup_composer
|
||||
|
||||
msg_info "Setting up database"
|
||||
DB_NAME=kimai_db
|
||||
DB_USER=kimai
|
||||
DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
|
||||
MYSQL_VERSION=$(mariadb --version | grep -oE '[0-9]+\.[0-9]+\.[0-9]+')
|
||||
$STD mariadb -e "CREATE DATABASE $DB_NAME;"
|
||||
$STD mariadb -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
|
||||
$STD mariadb -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
|
||||
{
|
||||
echo "Kimai-Credentials"
|
||||
echo "Kimai Database User: $DB_USER"
|
||||
echo "Kimai Database Password: $DB_PASS"
|
||||
echo "Kimai Database Name: $DB_NAME"
|
||||
} >>~/kimai.creds
|
||||
msg_ok "Set up database"
|
||||
|
||||
fetch_and_deploy_gh_release "kimai" "kimai/kimai" "tarball"
|
||||
|
||||
msg_info "Setup Kimai"
|
||||
cd /opt/kimai
|
||||
echo "export COMPOSER_ALLOW_SUPERUSER=1" >>~/.bashrc
|
||||
source ~/.bashrc
|
||||
$STD composer install --no-dev --optimize-autoloader --no-interaction
|
||||
cp .env.dist .env
|
||||
sed -i "/^DATABASE_URL=/c\DATABASE_URL=mysql://$DB_USER:$DB_PASS@127.0.0.1:3306/$DB_NAME?charset=utf8mb4&serverVersion=mariadb-$MYSQL_VERSION" /opt/kimai/.env
|
||||
$STD bin/console kimai:install -n
|
||||
$STD expect <<EOF
|
||||
set timeout -1
|
||||
log_user 0
|
||||
|
||||
spawn bin/console kimai:user:create admin admin@helper-scripts.com ROLE_SUPER_ADMIN
|
||||
|
||||
expect "Please enter the password:"
|
||||
send "helper-scripts.com\r"
|
||||
|
||||
expect eof
|
||||
EOF
|
||||
$STD composer update --no-interaction
|
||||
cat <<EOF >/opt/kimai/config/packages/local.yaml
|
||||
kimai:
|
||||
timesheet:
|
||||
rounding:
|
||||
default:
|
||||
begin: 15
|
||||
end: 15
|
||||
|
||||
EOF
|
||||
msg_ok "Installed Kimai"
|
||||
|
||||
msg_info "Creating Service"
|
||||
cat <<EOF >/etc/apache2/sites-available/kimai.conf
|
||||
<VirtualHost *:80>
|
||||
ServerAdmin webmaster@localhost
|
||||
DocumentRoot /opt/kimai/public/
|
||||
|
||||
<Directory /opt/kimai/public>
|
||||
Options FollowSymLinks
|
||||
AllowOverride All
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
ErrorLog /var/log/apache2/error.log
|
||||
CustomLog /var/log/apache2/access.log combined
|
||||
|
||||
</VirtualHost>
|
||||
EOF
|
||||
$STD a2ensite kimai.conf
|
||||
$STD a2dissite 000-default.conf
|
||||
$STD systemctl reload apache2
|
||||
msg_ok "Created Service"
|
||||
|
||||
msg_info "Setup Permissions"
|
||||
chown -R :www-data /opt/*
|
||||
chmod -R g+r /opt/*
|
||||
chmod -R g+rw /opt/*
|
||||
chown -R www-data:www-data /opt/*
|
||||
chmod -R 777 /opt/*
|
||||
msg_ok "Setup Permissions"
|
||||
|
||||
motd_ssh
|
||||
customize
|
||||
cleanup_lxc
|
||||
@@ -1,51 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Copyright (c) 2021-2026 community-scripts ORG
|
||||
# Author: kristocopani
|
||||
# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
|
||||
# Source: https://lubelogger.com/
|
||||
|
||||
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
||||
color
|
||||
verb_ip6
|
||||
catch_errors
|
||||
setting_up_container
|
||||
network_check
|
||||
update_os
|
||||
|
||||
fetch_and_deploy_gh_release "lubelogger" "hargata/lubelog" "prebuild" "latest" "/opt/lubelogger" "LubeLogger*linux_x64.zip"
|
||||
|
||||
msg_info "Configuring LubeLogger"
|
||||
cd /opt/lubelogger
|
||||
chmod 700 /opt/lubelogger/CarCareTracker
|
||||
cp /opt/lubelogger/appsettings.json /opt/lubelogger/appsettings_bak.json
|
||||
jq '.Kestrel = {"Endpoints": {"Http": {"Url": "http://0.0.0.0:5000"}}}' /opt/lubelogger/appsettings_bak.json >/opt/lubelogger/appsettings.json
|
||||
rm -rf /opt/lubelogger/appsettings_bak.json
|
||||
msg_ok "Configured LubeLogger"
|
||||
|
||||
msg_info "Creating Service"
|
||||
cat <<EOF >/etc/systemd/system/lubelogger.service
|
||||
[Unit]
|
||||
Description=LubeLogger Daemon
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User=root
|
||||
|
||||
Type=simple
|
||||
WorkingDirectory=/opt/lubelogger
|
||||
ExecStart=/opt/lubelogger/CarCareTracker
|
||||
TimeoutStopSec=20
|
||||
KillMode=process
|
||||
Restart=on-failure
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
|
||||
systemctl enable -q --now lubelogger
|
||||
msg_ok "Created Service"
|
||||
|
||||
motd_ssh
|
||||
customize
|
||||
cleanup_lxc
|
||||
@@ -1,160 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Copyright (c) 2021-2026 tteck
|
||||
# Author: tteck (tteckster)
|
||||
# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
|
||||
# Source: https://pi-hole.net/
|
||||
|
||||
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
||||
color
|
||||
verb_ip6
|
||||
catch_errors
|
||||
setting_up_container
|
||||
network_check
|
||||
update_os
|
||||
|
||||
msg_warn "WARNING: This script will run an external installer from a third-party source (https://pi-hole.net/)."
|
||||
msg_warn "The following code is NOT maintained or audited by our repository."
|
||||
msg_warn "If you have any doubts or concerns, please review the installer code before proceeding:"
|
||||
msg_custom "${TAB3}${GATEWAY}${BGN}${CL}" "\e[1;34m" "→ https://install.pi-hole.net"
|
||||
echo
|
||||
read -r -p "${TAB3}Do you want to continue? [y/N]: " CONFIRM
|
||||
if [[ ! "$CONFIRM" =~ ^([yY][eE][sS]|[yY])$ ]]; then
|
||||
msg_error "Aborted by user. No changes have been made."
|
||||
exit 10
|
||||
fi
|
||||
|
||||
msg_info "Installing Dependencies"
|
||||
$STD apt install -y ufw
|
||||
msg_ok "Installed Dependencies"
|
||||
|
||||
msg_info "Installing Pi-hole"
|
||||
mkdir -p /etc/pihole
|
||||
touch /etc/pihole/pihole.toml
|
||||
$STD bash <(curl -fsSL https://install.pi-hole.net) --unattended
|
||||
sed -i -E '
|
||||
/^\s*upstreams =/ s|=.*|= ["8.8.8.8", "8.8.4.4"]|
|
||||
/^\s*interface =/ s|=.*|= "eth0"|
|
||||
/^\s*queryLogging =/ s|=.*|= true|
|
||||
/^\s*size =/ s|=.*|= 10000|
|
||||
/^\s*active =/ s|=.*|= true|
|
||||
/^\s*listeningMode =/ s|=.*|= "LOCAL"|
|
||||
/^\s*port =/ s|=.*|= "80o,443os,[::]:80o,[::]:443os"|
|
||||
/^\s*pwhash =/ s|=.*|= ""|
|
||||
|
||||
# DHCP Disable
|
||||
/^\s*\[dhcp\]/,/^\s*\[/{s/^\s*active = true/ active = false/}
|
||||
|
||||
# NTP Disable
|
||||
/^\s*\[ntp.ipv4\]/,/^\s*\[/{s/^\s*active = true/ active = false/}
|
||||
/^\s*\[ntp.ipv6\]/,/^\s*\[/{s/^\s*active = true/ active = false/}
|
||||
/^\s*\[ntp.sync\]/,/^\s*\[/{s/^\s*active = true/ active = false/}
|
||||
/^\s*\[ntp.sync\]/,/^\s*\[/{s/^\s*interval = [0-9]+/ interval = 0/}
|
||||
/^\s*\[ntp.sync.rtc\]/,/^\s*\[/{s/^\s*set = true/ set = false/}
|
||||
|
||||
# set domainNeeded und expandHosts
|
||||
/^\s*domainNeeded =/ s|=.*|= true|
|
||||
/^\s*expandHosts =/ s|=.*|= true|
|
||||
' /etc/pihole/pihole.toml
|
||||
|
||||
cat <<EOF >/etc/dnsmasq.d/01-pihole.conf
|
||||
server=8.8.8.8
|
||||
server=8.8.4.4
|
||||
EOF
|
||||
$STD pihole-FTL --config ntp.sync.interval 0
|
||||
systemctl restart pihole-FTL.service
|
||||
msg_ok "Installed Pi-hole"
|
||||
|
||||
read -r -p "${TAB3}Would you like to add Unbound? <y/N> " prompt
|
||||
if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
|
||||
read -r -p "${TAB3}Unbound is configured as a recursive DNS server by default, would you like it to be configured as a forwarding DNS server (using DNS-over-TLS (DoT)) instead? <y/N> " prompt
|
||||
msg_info "Installing Unbound"
|
||||
mkdir -p /etc/unbound/unbound.conf.d
|
||||
cat <<EOF >/etc/unbound/unbound.conf.d/pi-hole.conf
|
||||
server:
|
||||
verbosity: 0
|
||||
interface: 127.0.0.1
|
||||
port: 5335
|
||||
do-ip6: no
|
||||
do-ip4: yes
|
||||
do-udp: yes
|
||||
do-tcp: yes
|
||||
num-threads: 1
|
||||
hide-identity: yes
|
||||
hide-version: yes
|
||||
harden-glue: yes
|
||||
harden-dnssec-stripped: yes
|
||||
harden-referral-path: yes
|
||||
use-caps-for-id: no
|
||||
harden-algo-downgrade: no
|
||||
qname-minimisation: yes
|
||||
aggressive-nsec: yes
|
||||
rrset-roundrobin: yes
|
||||
cache-min-ttl: 300
|
||||
cache-max-ttl: 14400
|
||||
msg-cache-slabs: 8
|
||||
rrset-cache-slabs: 8
|
||||
infra-cache-slabs: 8
|
||||
key-cache-slabs: 8
|
||||
serve-expired: yes
|
||||
serve-expired-ttl: 3600
|
||||
edns-buffer-size: 1232
|
||||
prefetch: yes
|
||||
prefetch-key: yes
|
||||
target-fetch-policy: "3 2 1 1 1"
|
||||
unwanted-reply-threshold: 10000000
|
||||
rrset-cache-size: 256m
|
||||
msg-cache-size: 128m
|
||||
so-rcvbuf: 1m
|
||||
private-address: 192.168.0.0/16
|
||||
private-address: 169.254.0.0/16
|
||||
private-address: 172.16.0.0/12
|
||||
private-address: 10.0.0.0/8
|
||||
private-address: fd00::/8
|
||||
private-address: fe80::/10
|
||||
EOF
|
||||
mkdir -p /etc/dnsmasq.d/
|
||||
cat <<EOF >/etc/dnsmasq.d/99-edns.conf
|
||||
edns-packet-max=1232
|
||||
EOF
|
||||
|
||||
if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
|
||||
cat <<EOF >>/etc/unbound/unbound.conf.d/pi-hole.conf
|
||||
tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
|
||||
forward-zone:
|
||||
name: "."
|
||||
forward-tls-upstream: yes
|
||||
forward-first: no
|
||||
|
||||
forward-addr: 8.8.8.8@853#dns.google
|
||||
forward-addr: 8.8.4.4@853#dns.google
|
||||
forward-addr: 2001:4860:4860::8888@853#dns.google
|
||||
forward-addr: 2001:4860:4860::8844@853#dns.google
|
||||
|
||||
#forward-addr: 1.1.1.1@853#cloudflare-dns.com
|
||||
#forward-addr: 1.0.0.1@853#cloudflare-dns.com
|
||||
#forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
|
||||
#forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
|
||||
|
||||
#forward-addr: 9.9.9.9@853#dns.quad9.net
|
||||
#forward-addr: 149.112.112.112@853#dns.quad9.net
|
||||
#forward-addr: 2620:fe::fe@853#dns.quad9.net
|
||||
#forward-addr: 2620:fe::9@853#dns.quad9.net
|
||||
EOF
|
||||
fi
|
||||
$STD apt install -y unbound
|
||||
cat <<EOF >/etc/dnsmasq.d/01-pihole.conf
|
||||
server=127.0.0.1#5335
|
||||
server=8.8.8.8
|
||||
server=8.8.4.4
|
||||
EOF
|
||||
|
||||
sed -i -E '/^\s*upstreams\s*=\s*\[/,/^\s*\]/c\ upstreams = [\n "127.0.0.1#5335",\n "8.8.4.4"\n ]' /etc/pihole/pihole.toml
|
||||
systemctl restart unbound
|
||||
systemctl restart pihole-FTL.service
|
||||
msg_ok "Installed Unbound"
|
||||
fi
|
||||
|
||||
motd_ssh
|
||||
customize
|
||||
cleanup_lxc
|
||||
@@ -1,63 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Copyright (c) 2021-2026 tteck
|
||||
# Author: tteck (tteckster)
|
||||
# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
|
||||
# Source: https://github.com/rogerfar/rdt-client
|
||||
|
||||
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
||||
color
|
||||
verb_ip6
|
||||
catch_errors
|
||||
setting_up_container
|
||||
network_check
|
||||
update_os
|
||||
|
||||
msg_info "Installing Dependencies"
|
||||
$STD apt-get install -y unzip
|
||||
msg_ok "Installed Dependencies"
|
||||
|
||||
msg_info "Installing ASP.NET Core Runtime"
|
||||
$STD apt-get install -y libc6
|
||||
$STD apt-get install -y libgcc1
|
||||
$STD apt-get install -y libgssapi-krb5-2
|
||||
$STD apt-get install -y libicu72
|
||||
$STD apt-get install -y liblttng-ust1
|
||||
$STD apt-get install -y libssl3
|
||||
$STD apt-get install -y libstdc++6
|
||||
$STD apt-get install -y zlib1g
|
||||
|
||||
curl -SL -o dotnet.tar.gz https://download.visualstudio.microsoft.com/download/pr/6f79d99b-dc38-4c44-a549-32329419bb9f/a411ec38fb374e3a4676647b236ba021/dotnet-sdk-9.0.100-linux-arm64.tar.gz
|
||||
mkdir -p /usr/share/dotnet
|
||||
$STD tar -zxf dotnet.tar.gz -C /usr/share/dotnet
|
||||
$STD ln -s /usr/share/dotnet/dotnet /usr/bin/dotnet
|
||||
msg_ok "Installed ASP.NET Core Runtime"
|
||||
|
||||
fetch_and_deploy_gh_release "rdt-client" "rogerfar/rdt-client" "prebuild" "latest" "/opt/rdtc" "RealDebridClient.zip"
|
||||
|
||||
msg_info "Setting up rdtclient"
|
||||
cd /opt/rdtc
|
||||
mkdir -p data/{db,downloads}
|
||||
sed -i 's#/data/db/#/opt/rdtc&#g' /opt/rdtc/appsettings.json
|
||||
msg_ok "Configured rdtclient"
|
||||
|
||||
msg_info "Creating Service"
|
||||
cat <<EOF >/etc/systemd/system/rdtc.service
|
||||
[Unit]
|
||||
Description=RdtClient Service
|
||||
|
||||
[Service]
|
||||
WorkingDirectory=/opt/rdtc
|
||||
ExecStart=/usr/bin/dotnet RdtClient.Web.dll
|
||||
SyslogIdentifier=RdtClient
|
||||
User=root
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
systemctl enable -q --now rdtc
|
||||
msg_ok "Created Service"
|
||||
|
||||
motd_ssh
|
||||
customize
|
||||
cleanup_lxc
|
||||
@@ -1,105 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Copyright (c) 2021-2026 tteck
|
||||
# Author: tteck (tteckster)
|
||||
# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
|
||||
# Source: https://github.com/dani-garcia/vaultwarden
|
||||
|
||||
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
||||
color
|
||||
verb_ip6
|
||||
catch_errors
|
||||
setting_up_container
|
||||
network_check
|
||||
update_os
|
||||
|
||||
msg_info "Installing Dependencies"
|
||||
$STD apt install -y \
|
||||
build-essential \
|
||||
pkgconf \
|
||||
libssl-dev \
|
||||
libmariadb-dev-compat \
|
||||
libpq-dev \
|
||||
argon2 \
|
||||
ssl-cert
|
||||
msg_ok "Installed Dependencies"
|
||||
|
||||
setup_rust
|
||||
fetch_and_deploy_gh_release "vaultwarden" "dani-garcia/vaultwarden" "tarball" "latest" "/tmp/vaultwarden-src"
|
||||
|
||||
msg_info "Building Vaultwarden (Patience)"
|
||||
cd /tmp/vaultwarden-src
|
||||
VW_VERSION=$(get_latest_github_release "dani-garcia/vaultwarden")
|
||||
export VW_VERSION
|
||||
$STD cargo build --features "sqlite,mysql,postgresql" --release
|
||||
msg_ok "Built Vaultwarden"
|
||||
|
||||
msg_info "Setting up Vaultwarden"
|
||||
$STD addgroup --system vaultwarden
|
||||
$STD adduser --system --home /opt/vaultwarden --shell /usr/sbin/nologin --no-create-home --gecos 'vaultwarden' --ingroup vaultwarden --disabled-login --disabled-password vaultwarden
|
||||
mkdir -p /opt/vaultwarden/{bin,data,web-vault}
|
||||
cp target/release/vaultwarden /opt/vaultwarden/bin/
|
||||
cd ~ && rm -rf /tmp/vaultwarden-src
|
||||
msg_ok "Set up Vaultwarden"
|
||||
|
||||
fetch_and_deploy_gh_release "vaultwarden_webvault" "dani-garcia/bw_web_builds" "prebuild" "latest" "/opt/vaultwarden/web-vault" "bw_web_*.tar.gz"
|
||||
|
||||
msg_info "Configuring Vaultwarden"
|
||||
cat <<EOF >/opt/vaultwarden/.env
|
||||
ADMIN_TOKEN=''
|
||||
ROCKET_ADDRESS=0.0.0.0
|
||||
ROCKET_TLS='{certs="/opt/vaultwarden/ssl-cert-snakeoil.pem",key="/opt/vaultwarden/ssl-cert-snakeoil.key"}'
|
||||
DATA_FOLDER=/opt/vaultwarden/data
|
||||
DATABASE_MAX_CONNS=10
|
||||
WEB_VAULT_FOLDER=/opt/vaultwarden/web-vault
|
||||
WEB_VAULT_ENABLED=true
|
||||
EOF
|
||||
mv /etc/ssl/certs/ssl-cert-snakeoil.pem /opt/vaultwarden/
|
||||
mv /etc/ssl/private/ssl-cert-snakeoil.key /opt/vaultwarden/
|
||||
|
||||
chown -R vaultwarden:vaultwarden /opt/vaultwarden/
|
||||
chown root:root /opt/vaultwarden/bin/vaultwarden
|
||||
chmod +x /opt/vaultwarden/bin/vaultwarden
|
||||
chown -R root:root /opt/vaultwarden/web-vault/
|
||||
chmod +r /opt/vaultwarden/.env
|
||||
msg_ok "Configured Vaultwarden"
|
||||
|
||||
msg_info "Creating Service"
|
||||
cat <<EOF >/etc/systemd/system/vaultwarden.service
|
||||
[Unit]
|
||||
Description=Bitwarden Server (Powered by Vaultwarden)
|
||||
Documentation=https://github.com/dani-garcia/vaultwarden
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
User=vaultwarden
|
||||
Group=vaultwarden
|
||||
EnvironmentFile=-/opt/vaultwarden/.env
|
||||
ExecStart=/opt/vaultwarden/bin/vaultwarden
|
||||
LimitNOFILE=65535
|
||||
LimitNPROC=4096
|
||||
PrivateTmp=true
|
||||
PrivateDevices=true
|
||||
ProtectHome=true
|
||||
ProtectSystem=strict
|
||||
DevicePolicy=closed
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
LockPersonality=yes
|
||||
WorkingDirectory=/opt/vaultwarden
|
||||
ReadWriteDirectories=/opt/vaultwarden/data
|
||||
AmbientCapabilities=CAP_NET_BIND_SERVICE
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
systemctl enable -q --now vaultwarden
|
||||
msg_ok "Created Service"
|
||||
|
||||
motd_ssh
|
||||
customize
|
||||
cleanup_lxc
|
||||
Reference in New Issue
Block a user