Merge pull request #1865 from epiHATR/main

Add OneTimeSecret

ct/headers/onetimesecret

@@ -0,0 +1,6 @@
+   ____              __  _                    _____                          __
+  / __ \____  ___   / /_(_)___ ___  ___     / ___/___  _____________  ____  / /_
+ / / / / __ \/ _ \ / __/ / __ `__ \/ _ \    \__ \/ _ \/ ___/ ___/ _ \/ __ \/ __/
+/ /_/ / / / /  __// /_/ / / / / / /  __/   ___/ /  __/ /__/ /  /  __/ /_/ / /_
+\____/_/ /_/\___/ \__/_/_/ /_/ /_/\___/   /____/\___/\___/_/   \___/\____/\__/
+

ct/onetimesecret.sh

@@ -0,0 +1,136 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: Hai Tran (epiHATR)
+# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
+# Source: https://onetimesecret.com/ | Github: https://github.com/onetimesecret/onetimesecret
+
+APP="OneTimeSecret"
+var_tags="${var_tags:-security;privacy;secrets}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-4096}"
+var_disk="${var_disk:-10}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_arm64="${var_arm64:-no}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  SSL_VALUE="${OTS_SSL:-}"
+  if [[ -n "${SSL_VALUE}" ]]; then
+    case "${SSL_VALUE,,}" in
+    1 | true | yes | on) SSL_VALUE="true" ;;
+    0 | false | no | off) SSL_VALUE="false" ;;
+    *)
+      msg_error "Invalid OTS_SSL value '${OTS_SSL}' (use true/false)"
+      exit 1
+      ;;
+    esac
+  fi
+
+  if [[ ! -d /opt/onetimesecret ]] || [[ ! -f /opt/onetimesecret/.env ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "onetimesecret" "onetimesecret/onetimesecret"; then
+    msg_info "Stopping Service"
+    systemctl stop onetimesecret
+    msg_ok "Stopped Service"
+
+    msg_info "Backing up Configuration"
+    cp /opt/onetimesecret/.env /opt/onetimesecret.env.bak
+    mkdir -p /opt/onetimesecret_etc_backup
+    for FILE in auth.yaml config.yaml logging.yaml puma.rb; do
+      [[ -f /opt/onetimesecret/etc/${FILE} ]] && cp "/opt/onetimesecret/etc/${FILE}" "/opt/onetimesecret_etc_backup/${FILE}"
+    done
+    msg_ok "Backed up Configuration"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "onetimesecret" "onetimesecret/onetimesecret" "tarball"
+
+    RUBY_VERSION=$(sed -n "s/^ruby '>= \([0-9.]*\)'.*/\1/p" /opt/onetimesecret/Gemfile)
+    RUBY_VERSION="${RUBY_VERSION:-3.4.7}" setup_ruby
+
+    PNPM_VERSION=$(sed -n 's/.*"packageManager": "pnpm@\([^"]*\)".*/\1/p' /opt/onetimesecret/package.json)
+    NODE_VERSION=$(tr -d ' \n' </opt/onetimesecret/.nvmrc 2>/dev/null)
+    NODE_VERSION="${NODE_VERSION:-25}" NODE_MODULE="pnpm@${PNPM_VERSION:-11.1.2}" setup_nodejs
+
+    msg_info "Restoring Configuration"
+    cp /opt/onetimesecret.env.bak /opt/onetimesecret/.env
+    mkdir -p /opt/onetimesecret/etc
+    for FILE in auth.yaml config.yaml logging.yaml puma.rb; do
+      [[ -f /opt/onetimesecret_etc_backup/${FILE} ]] && cp "/opt/onetimesecret_etc_backup/${FILE}" "/opt/onetimesecret/etc/${FILE}"
+    done
+    if [[ -n "${OTS_HOST:-}" ]]; then
+      sed -i "s|^HOST=.*|HOST=${OTS_HOST//&/\\&}|" /opt/onetimesecret/.env
+    fi
+    if [[ -n "${SSL_VALUE}" ]]; then
+      sed -i "s|^SSL=.*|SSL=${SSL_VALUE}|" /opt/onetimesecret/.env
+    fi
+    if grep -q '^RACK_ENV=' /opt/onetimesecret/.env; then
+      sed -i 's|^RACK_ENV=.*|RACK_ENV=production|' /opt/onetimesecret/.env
+    else
+      echo "RACK_ENV=production" >>/opt/onetimesecret/.env
+    fi
+    if grep -q '^AUTHENTICATION_MODE=' /opt/onetimesecret/.env; then
+      sed -i 's|^AUTHENTICATION_MODE=.*|AUTHENTICATION_MODE=simple|' /opt/onetimesecret/.env
+    else
+      echo "AUTHENTICATION_MODE=simple" >>/opt/onetimesecret/.env
+    fi
+    if ! grep -q '^PORT=' /opt/onetimesecret/.env; then
+      echo "PORT=3000" >>/opt/onetimesecret/.env
+    fi
+    chmod 600 /opt/onetimesecret/.env
+    rm -f /opt/onetimesecret.env.bak
+    rm -rf /opt/onetimesecret_etc_backup
+    msg_ok "Restored Configuration"
+
+    msg_info "Reconciling Application"
+    systemctl enable -q --now redis-server
+    cd /opt/onetimesecret
+    mkdir -p tmp/pids log
+    $STD bash ./install.sh reconcile
+    msg_ok "Reconciled Application"
+
+    msg_info "Building Frontend"
+    cd /opt/onetimesecret
+    $STD pnpm run build
+    msg_ok "Built Frontend"
+
+    msg_info "Starting Service"
+    systemctl start onetimesecret
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+DISPLAY_HOST="${OTS_HOST:-$IP}"
+case "${OTS_SSL:-false,,}" in
+1 | true | yes | on)
+  DISPLAY_SCHEME="https"
+  ;;
+*)
+  DISPLAY_SCHEME="http"
+  ;;
+esac
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}${DISPLAY_SCHEME}://${DISPLAY_HOST}${CL}"
+echo -e "${INFO}${YW} Configure hostname, TLS, and SMTP settings in:${CL}"
+echo -e "${TAB}${BGN}/opt/onetimesecret/.env${CL}"

install/onetimesecret-install.sh

@@ -0,0 +1,142 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: Hai Tran (epiHATR)
+# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
+# Source: https://onetimesecret.com/ | Github: https://github.com/onetimesecret/onetimesecret
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  build-essential \
+  git \
+  libffi-dev \
+  libgmp-dev \
+  libpq-dev \
+  libreadline-dev \
+  libsqlite3-dev \
+  libssl-dev \
+  libxml2-dev \
+  libxslt1-dev \
+  libyaml-dev \
+  nginx \
+  pkg-config \
+  python3 \
+  redis-server \
+  zlib1g-dev
+msg_ok "Installed Dependencies"
+
+fetch_and_deploy_gh_release "onetimesecret" "onetimesecret/onetimesecret" "tarball"
+
+RUBY_VERSION=$(sed -n "s/^ruby '>= \([0-9.]*\)'.*/\1/p" /opt/onetimesecret/Gemfile)
+RUBY_VERSION="${RUBY_VERSION:-3.4.7}" setup_ruby
+
+PNPM_VERSION=$(sed -n 's/.*"packageManager": "pnpm@\([^"]*\)".*/\1/p' /opt/onetimesecret/package.json)
+NODE_VERSION=$(tr -d ' \n' </opt/onetimesecret/.nvmrc 2>/dev/null)
+NODE_VERSION="${NODE_VERSION:-25}" NODE_MODULE="pnpm@${PNPM_VERSION:-11.1.2}" setup_nodejs
+
+HOST_VALUE="${OTS_HOST:-$LOCAL_IP}"
+SSL_VALUE="${OTS_SSL:-false}"
+case "${SSL_VALUE,,}" in
+1 | true | yes | on) SSL_VALUE="true" ;;
+0 | false | no | off | "") SSL_VALUE="false" ;;
+*)
+  msg_error "Invalid OTS_SSL value '${OTS_SSL}' (use true/false)"
+  exit 1
+  ;;
+esac
+
+msg_info "Configuring Application"
+systemctl enable -q --now redis-server
+cd /opt/onetimesecret
+$STD bash ./install.sh init
+sed -i \
+  -e "s|^REDIS_URL=.*|REDIS_URL=redis://127.0.0.1:6379/0|" \
+  -e "s|^HOST=.*|HOST=${HOST_VALUE//&/\\&}|" \
+  -e "s|^SSL=.*|SSL=${SSL_VALUE}|" \
+  /opt/onetimesecret/.env
+if grep -q '^RACK_ENV=' /opt/onetimesecret/.env; then
+  sed -i 's|^RACK_ENV=.*|RACK_ENV=production|' /opt/onetimesecret/.env
+else
+  echo "RACK_ENV=production" >>/opt/onetimesecret/.env
+fi
+if grep -q '^AUTHENTICATION_MODE=' /opt/onetimesecret/.env; then
+  sed -i 's|^AUTHENTICATION_MODE=.*|AUTHENTICATION_MODE=simple|' /opt/onetimesecret/.env
+else
+  echo "AUTHENTICATION_MODE=simple" >>/opt/onetimesecret/.env
+fi
+if ! grep -q '^PORT=' /opt/onetimesecret/.env; then
+  echo "PORT=3000" >>/opt/onetimesecret/.env
+fi
+chmod 600 /opt/onetimesecret/.env
+mkdir -p /opt/onetimesecret/tmp/pids /opt/onetimesecret/log
+msg_ok "Configured Application"
+
+msg_info "Reconciling Application"
+cd /opt/onetimesecret
+$STD bash ./install.sh reconcile
+msg_ok "Reconciled Application"
+
+msg_info "Building Frontend"
+cd /opt/onetimesecret
+$STD pnpm run build
+msg_ok "Built Frontend"
+
+msg_info "Creating Service"
+cat <<'EOF' >/etc/systemd/system/onetimesecret.service
+[Unit]
+Description=Onetime Secret Service
+After=network.target redis-server.service
+Requires=redis-server.service
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/opt/onetimesecret
+Environment=HOME=/root
+Environment=PATH=/root/.rbenv/shims:/root/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ExecStart=/bin/bash -lc 'source .env.sh && exec bundle exec puma -C etc/puma.rb'
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now onetimesecret
+msg_ok "Created Service"
+
+msg_info "Configuring Nginx"
+cat <<'EOF' >/etc/nginx/sites-available/onetimesecret
+server {
+  listen 80 default_server;
+  server_name _;
+
+  location / {
+    proxy_pass http://127.0.0.1:3000;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+  }
+}
+EOF
+ln -sf /etc/nginx/sites-available/onetimesecret /etc/nginx/sites-enabled/onetimesecret
+rm -f /etc/nginx/sites-enabled/default
+$STD nginx -t
+systemctl enable -q --now nginx
+systemctl reload nginx
+msg_ok "Configured Nginx"
+
+motd_ssh
+customize
+cleanup_lxc

json/onetimesecret.json

@@ -0,0 +1,47 @@
+{
+  "name": "Onetime Secret",
+  "slug": "onetimesecret",
+  "categories": [6],
+  "date_created": "2026-05-26",
+  "type": "ct",
+  "updateable": true,
+  "privileged": false,
+  "has_arm": false,
+  "interface_port": 80,
+  "documentation": "https://docs.onetimesecret.com/en/self-hosting/installation/",
+  "website": "https://onetimesecret.com/",
+  "logo": "https://onetimesecret.com/favicon.svg",
+  "description": "Onetime Secret is a self-hosted secret sharing app that creates self-destructing links for passwords, API keys, and other sensitive text.",
+  "install_methods": [
+    {
+      "type": "default",
+      "script": "ct/onetimesecret.sh",
+      "config_path": "/opt/onetimesecret/.env",
+      "resources": {
+        "cpu": 2,
+        "ram": 4096,
+        "hdd": 10,
+        "os": "Debian",
+        "version": "13"
+      }
+    }
+  ],
+  "default_credentials": {
+    "username": null,
+    "password": null
+  },
+  "notes": [
+    {
+      "text": "Update HOST and set SSL=true in /opt/onetimesecret/.env when using a domain or TLS-terminating reverse proxy.",
+      "type": "warning"
+    },
+    {
+      "text": "Configure SMTP settings in /opt/onetimesecret/.env if you want email notifications or account verification features.",
+      "type": "info"
+    },
+    {
+      "text": "Back up /opt/onetimesecret/.env because it contains the root SECRET used to derive the app's other cryptographic keys.",
+      "type": "warning"
+    }
+  ]
+}