CanbiZ (MickLesk)
142
install/onetimesecret-install.sh
Normal file
142
install/onetimesecret-install.sh
Normal file
@@ -0,0 +1,142 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Copyright (c) 2021-2026 community-scripts ORG
|
||||
# Author: Hai Tran (epiHATR)
|
||||
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
|
||||
# Source: https://onetimesecret.com/ | Github: https://github.com/onetimesecret/onetimesecret
|
||||
|
||||
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
||||
color
|
||||
verb_ip6
|
||||
catch_errors
|
||||
setting_up_container
|
||||
network_check
|
||||
update_os
|
||||
|
||||
msg_info "Installing Dependencies"
|
||||
$STD apt install -y \
|
||||
build-essential \
|
||||
git \
|
||||
libffi-dev \
|
||||
libgmp-dev \
|
||||
libpq-dev \
|
||||
libreadline-dev \
|
||||
libsqlite3-dev \
|
||||
libssl-dev \
|
||||
libxml2-dev \
|
||||
libxslt1-dev \
|
||||
libyaml-dev \
|
||||
nginx \
|
||||
pkg-config \
|
||||
python3 \
|
||||
redis-server \
|
||||
zlib1g-dev
|
||||
msg_ok "Installed Dependencies"
|
||||
|
||||
fetch_and_deploy_gh_release "onetimesecret" "onetimesecret/onetimesecret" "tarball"
|
||||
|
||||
RUBY_VERSION=$(sed -n "s/^ruby '>= \([0-9.]*\)'.*/\1/p" /opt/onetimesecret/Gemfile)
|
||||
RUBY_VERSION="${RUBY_VERSION:-3.4.7}" setup_ruby
|
||||
|
||||
PNPM_VERSION=$(sed -n 's/.*"packageManager": "pnpm@\([^"]*\)".*/\1/p' /opt/onetimesecret/package.json)
|
||||
NODE_VERSION=$(tr -d ' \n' </opt/onetimesecret/.nvmrc 2>/dev/null)
|
||||
NODE_VERSION="${NODE_VERSION:-25}" NODE_MODULE="pnpm@${PNPM_VERSION:-11.1.2}" setup_nodejs
|
||||
|
||||
HOST_VALUE="${OTS_HOST:-$LOCAL_IP}"
|
||||
SSL_VALUE="${OTS_SSL:-false}"
|
||||
case "${SSL_VALUE,,}" in
|
||||
1 | true | yes | on) SSL_VALUE="true" ;;
|
||||
0 | false | no | off | "") SSL_VALUE="false" ;;
|
||||
*)
|
||||
msg_error "Invalid OTS_SSL value '${OTS_SSL}' (use true/false)"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
msg_info "Configuring Application"
|
||||
systemctl enable -q --now redis-server
|
||||
cd /opt/onetimesecret
|
||||
$STD bash ./install.sh init
|
||||
sed -i \
|
||||
-e "s|^REDIS_URL=.*|REDIS_URL=redis://127.0.0.1:6379/0|" \
|
||||
-e "s|^HOST=.*|HOST=${HOST_VALUE//&/\\&}|" \
|
||||
-e "s|^SSL=.*|SSL=${SSL_VALUE}|" \
|
||||
/opt/onetimesecret/.env
|
||||
if grep -q '^RACK_ENV=' /opt/onetimesecret/.env; then
|
||||
sed -i 's|^RACK_ENV=.*|RACK_ENV=production|' /opt/onetimesecret/.env
|
||||
else
|
||||
echo "RACK_ENV=production" >>/opt/onetimesecret/.env
|
||||
fi
|
||||
if grep -q '^AUTHENTICATION_MODE=' /opt/onetimesecret/.env; then
|
||||
sed -i 's|^AUTHENTICATION_MODE=.*|AUTHENTICATION_MODE=simple|' /opt/onetimesecret/.env
|
||||
else
|
||||
echo "AUTHENTICATION_MODE=simple" >>/opt/onetimesecret/.env
|
||||
fi
|
||||
if ! grep -q '^PORT=' /opt/onetimesecret/.env; then
|
||||
echo "PORT=3000" >>/opt/onetimesecret/.env
|
||||
fi
|
||||
chmod 600 /opt/onetimesecret/.env
|
||||
mkdir -p /opt/onetimesecret/tmp/pids /opt/onetimesecret/log
|
||||
msg_ok "Configured Application"
|
||||
|
||||
msg_info "Reconciling Application"
|
||||
cd /opt/onetimesecret
|
||||
$STD bash ./install.sh reconcile
|
||||
msg_ok "Reconciled Application"
|
||||
|
||||
msg_info "Building Frontend"
|
||||
cd /opt/onetimesecret
|
||||
$STD pnpm run build
|
||||
msg_ok "Built Frontend"
|
||||
|
||||
msg_info "Creating Service"
|
||||
cat <<'EOF' >/etc/systemd/system/onetimesecret.service
|
||||
[Unit]
|
||||
Description=Onetime Secret Service
|
||||
After=network.target redis-server.service
|
||||
Requires=redis-server.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=root
|
||||
WorkingDirectory=/opt/onetimesecret
|
||||
Environment=HOME=/root
|
||||
Environment=PATH=/root/.rbenv/shims:/root/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
ExecStart=/bin/bash -lc 'source .env.sh && exec bundle exec puma -C etc/puma.rb'
|
||||
Restart=on-failure
|
||||
RestartSec=5
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
EOF
|
||||
systemctl enable -q --now onetimesecret
|
||||
msg_ok "Created Service"
|
||||
|
||||
msg_info "Configuring Nginx"
|
||||
cat <<'EOF' >/etc/nginx/sites-available/onetimesecret
|
||||
server {
|
||||
listen 80 default_server;
|
||||
server_name _;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:3000;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
}
|
||||
EOF
|
||||
ln -sf /etc/nginx/sites-available/onetimesecret /etc/nginx/sites-enabled/onetimesecret
|
||||
rm -f /etc/nginx/sites-enabled/default
|
||||
$STD nginx -t
|
||||
systemctl enable -q --now nginx
|
||||
systemctl reload nginx
|
||||
msg_ok "Configured Nginx"
|
||||
|
||||
motd_ssh
|
||||
customize
|
||||
cleanup_lxc
|
||||
Reference in New Issue
Block a user