Merge branch 'main' of https://github.com/community-scripts/ProxmoxVED

install/hermesagent-install.sh

@@ -0,0 +1,106 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: Stephen Chin (steveonjava)
+# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
+# Source: https://hermes-agent.nousresearch.com/
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y git
+msg_ok "Installed Dependencies"
+
+NODE_VERSION="22" setup_nodejs
+
+msg_info "Creating Hermes User"
+useradd -m -s /bin/bash hermes
+loginctl enable-linger hermes
+echo 'export XDG_RUNTIME_DIR="${XDG_RUNTIME_DIR:-/run/user/$(id -u)}"' >>/home/hermes/.profile
+msg_ok "Created Hermes User"
+
+msg_info "Configuring Service Environment"
+cat <<EOF >/etc/default/hermes
+HOME=/home/hermes
+PATH=/home/hermes/.local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+NODE_OPTIONS=${NODE_OPTIONS}
+EOF
+msg_ok "Configured Service Environment"
+
+msg_warn "WARNING: This script will run an external installer from a third-party source (https://hermes-agent.nousresearch.com/)."
+msg_warn "The following code is NOT maintained or audited by our repository."
+msg_warn "If you have any doubts or concerns, please review the installer code before proceeding:"
+msg_custom "${TAB3}${GATEWAY}${BGN}${CL}" "\e[1;34m" "→  https://hermes-agent.nousresearch.com/install.sh"
+echo
+read -r -p "${TAB3}Do you want to continue? [y/N]: " CONFIRM
+if [[ ! "$CONFIRM" =~ ^([yY][eE][sS]|[yY])$ ]]; then
+  msg_error "Aborted by user. No changes have been made."
+  exit 10
+fi
+
+msg_info "Installing Hermes Agent"
+$STD setsid --wait bash -c '
+  set -a; source /etc/default/hermes; set +a
+  bash <(curl -fsSL https://hermes-agent.nousresearch.com/install.sh) --skip-setup --hermes-home /home/hermes/.hermes --dir /home/hermes/.hermes/hermes-agent
+'
+chown -R hermes:hermes /home/hermes
+chmod 750 /home/hermes
+chmod 700 /home/hermes/.hermes
+git config --system --add safe.directory /home/hermes/.hermes/hermes-agent 2>/dev/null || true
+msg_ok "Installed Hermes Agent"
+
+msg_info "Configuring API Server"
+API_SERVER_KEY=$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | cut -c1-32)
+mkdir -p /home/hermes/.hermes
+cat <<EOF >/home/hermes/.hermes/.env
+API_SERVER_ENABLED=true
+API_SERVER_HOST=0.0.0.0
+API_SERVER_PORT=8642
+API_SERVER_KEY=${API_SERVER_KEY}
+EOF
+chmod 600 /home/hermes/.hermes/.env
+msg_ok "Configured API Server"
+
+msg_info "Creating Dashboard Service"
+cat <<EOF >/etc/systemd/system/hermes-dashboard.service
+[Unit]
+Description=Hermes Agent Web Dashboard
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=hermes
+Group=hermes
+UMask=0077
+WorkingDirectory=/home/hermes
+ExecStart=/home/hermes/.local/bin/hermes dashboard --host 127.0.0.1 --port 9119 --no-open
+EnvironmentFile=/etc/default/hermes
+Restart=on-failure
+RestartSec=5
+ProtectProc=invisible
+ProcSubset=pid
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now hermes-dashboard
+msg_ok "Created Dashboard Service"
+
+msg_info "Configuring Login Hints"
+cat <<'HINT' >/etc/profile.d/hermes-hint.sh
+if [[ "$(id -u)" -eq 0 ]]; then
+  echo "  Use 'su - hermes' to switch to the hermes user for running Hermes Agent."
+fi
+HINT
+msg_ok "Configured Login Hints"
+
+motd_ssh
+customize
+cleanup_lxc

install/squid-install.sh

@@ -0,0 +1,88 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: 007hacky007
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://www.squid-cache.org/
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Configuring Squid"
+mkdir -p /etc/squid
+cat <<EOF >/etc/squid/squid.conf
+acl localnet src 0.0.0.1-0.255.255.255
+acl localnet src 10.0.0.0/8
+acl localnet src 100.64.0.0/10
+acl localnet src 169.254.0.0/16
+acl localnet src 172.16.0.0/12
+acl localnet src 192.168.0.0/16
+acl localnet src fc00::/7
+acl localnet src fe80::/10
+
+acl SSL_ports port 443
+acl Safe_ports port 80
+acl Safe_ports port 21
+acl Safe_ports port 443
+acl Safe_ports port 70
+acl Safe_ports port 210
+acl Safe_ports port 1025-65535
+acl Safe_ports port 280
+acl Safe_ports port 488
+acl Safe_ports port 591
+acl Safe_ports port 777
+acl CONNECT method CONNECT
+
+http_access deny !Safe_ports
+http_access deny CONNECT !SSL_ports
+http_access allow localhost manager
+http_access deny manager
+
+auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwords
+auth_param basic realm proxy
+acl authenticated proxy_auth REQUIRED
+http_access allow authenticated
+http_access deny all
+
+http_port 3128
+
+coredump_dir /var/spool/squid
+
+refresh_pattern ^ftp:        1440    20%    10080
+refresh_pattern ^gopher:     1440    0%     1440
+refresh_pattern -i (/cgi-bin/|\\?) 0  0%     0
+refresh_pattern .            0       20%    4320
+
+# Privacy / hardening
+httpd_suppress_version_string on
+visible_hostname $(hostname)
+forwarded_for delete
+request_header_access X-Forwarded-For deny all
+EOF
+msg_ok "Configured Squid"
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  squid \
+  apache2-utils
+msg_ok "Installed Dependencies"
+
+msg_info "Configuring Squid Authentication"
+touch /etc/squid/passwords
+chown proxy:proxy /etc/squid/passwords
+chmod 640 /etc/squid/passwords
+$STD squid -k parse
+msg_ok "Configured Squid Authentication"
+
+msg_info "Starting Service"
+systemctl enable -q --now squid
+msg_ok "Started Service"
+
+motd_ssh
+customize
+cleanup_lxc