T-Gander/ProxmoxVEDHelperScripts
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity

Merge branch 'community-scripts:main' into submit/koffan

Browse Source
This commit is contained in:
Amin Gholizad
2026-05-25 09:39:27 +02:00
committed by GitHub
parent e04afa9bd0 c6e8e378f5
commit d945f8bc2b
326 changed files with 3238 additions and 5983 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
install/alpine-coredns-install.sh
View File

@@ -1,58 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: CopilotAssistant (community-scripts)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/coredns/coredns
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
ARCH=$(uname -m)
[[ "$ARCH" == "x86_64" ]] && ARCH="amd64"
[[ "$ARCH" == "aarch64" ]] && ARCH="arm64"
fetch_and_deploy_gh_release "coredns" "coredns/coredns" "prebuild" "latest" "/usr/local/bin" \
"coredns_.*_linux_${ARCH}\.tgz"
chmod +x /usr/local/bin/coredns
msg_info "Configuring CoreDNS"
mkdir -p /etc/coredns
cat <<EOF >/etc/coredns/Corefile
. {
forward . 1.1.1.1 1.0.0.1
cache 30
log
errors
health :8080
ready :8181
}
EOF
msg_ok "Configured CoreDNS"
msg_info "Creating Service"
cat <<EOF >/etc/init.d/coredns
#!/sbin/openrc-run
name="CoreDNS"
description="CoreDNS DNS Server"
command="/usr/local/bin/coredns"
command_args="-conf /etc/coredns/Corefile"
command_background=true
pidfile="/run/coredns.pid"
depend() {
need net
}
EOF
chmod +x /etc/init.d/coredns
$STD rc-update add coredns default
$STD rc-service coredns start
msg_ok "Created Service"
motd_ssh
customize

44
install/arm/adguard-install.sh
View File

@@ -1,44 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 tteck
# Author: tteck (tteckster)
# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
# Source: https://adguard.com/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
fetch_and_deploy_gh_release "AdGuardHome" "AdguardTeam/AdGuardHome" "prebuild" "latest" "/opt/AdGuardHome" "AdGuardHome_linux_arm64.tar.gz"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/AdGuardHome.service
[Unit]
Description=AdGuard Home: Network-level blocker
ConditionFileIsExecutable=/opt/AdGuardHome/AdGuardHome
After=syslog.target network-online.target
[Service]
StartLimitInterval=5
StartLimitBurst=10
ExecStart=/opt/AdGuardHome/AdGuardHome "-s" "run"
WorkingDirectory=/opt/AdGuardHome
StandardOutput=file:/var/log/AdGuardHome.out
StandardError=file:/var/log/AdGuardHome.err
Restart=always
RestartSec=10
EnvironmentFile=-/etc/sysconfig/AdGuardHome
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now AdGuardHome
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

1
install/arm/arm-test.sh
View File

@@ -1 +0,0 @@

56
install/arm/bazarr-install.sh
View File

@@ -1,56 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 tteck
# Author: tteck (tteckster)
# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
# Source: https://www.bazarr.media/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y libicu76
msg_ok "Installed Dependencies"
PYTHON_VERSION="3.12" setup_uv
fetch_and_deploy_gh_release "bazarr" "morpheus65535/bazarr" "prebuild" "latest" "/opt/bazarr" "bazarr.zip"
msg_info "Installing Bazarr"
mkdir -p /var/lib/bazarr/
chmod 775 /opt/bazarr /var/lib/bazarr/
sed -i.bak 's/--only-binary=Pillow//g' /opt/bazarr/requirements.txt
$STD uv venv --clear /opt/bazarr/venv --python 3.12
$STD uv pip install -r /opt/bazarr/requirements.txt --python /opt/bazarr/venv/bin/python3
msg_ok "Installed Bazarr"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/bazarr.service
[Unit]
Description=Bazarr Daemon
After=syslog.target network.target
[Service]
WorkingDirectory=/opt/bazarr/
UMask=0002
Restart=on-failure
RestartSec=5
Type=simple
ExecStart=/opt/bazarr/venv/bin/python3 /opt/bazarr/bazarr.py
KillSignal=SIGINT
TimeoutStopSec=20
SyslogIdentifier=bazarr
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now bazarr
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

48
install/arm/bentopdf-install.sh
View File

@@ -1,48 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: vhsdream
# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
# Source: https://github.com/alam00000/bentopdf
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
NODE_VERSION="24" setup_nodejs
fetch_and_deploy_gh_release "bentopdf" "alam00000/bentopdf" "tarball" "latest" "/opt/bentopdf"
msg_info "Setup BentoPDF"
cd /opt/bentopdf
$STD npm ci --no-audit --no-fund
export SIMPLE_MODE=true
$STD npm run build -- --mode production
msg_ok "Setup BentoPDF"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/bentopdf.service
[Unit]
Description=BentoPDF Service
After=network.target
[Service]
Type=simple
WorkingDirectory=/opt/bentopdf
ExecStart=/usr/bin/npx serve dist -p 8080
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now bentopdf
msg_ok "Created & started service"
motd_ssh
customize
cleanup_lxc

81
install/arm/homeassistant-install.sh
View File

@@ -1,81 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 tteck
# Author: tteck (tteckster)
# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
# Source: https://www.home-assistant.io/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Setup Python3"
$STD apt install -y \
python3 \
python3-dev \
python3-pip \
python3-venv
rm -rf /usr/lib/python3.*/EXTERNALLY-MANAGED
msg_ok "Setup Python3"
msg_info "Installing runlike"
$STD pip install runlike
msg_ok "Installed runlike"
get_latest_release() {
curl -fsSL https://api.github.com/repos/$1/releases/latest | grep '"tag_name":' | cut -d'"' -f4
}
DOCKER_LATEST_VERSION=$(get_latest_release "moby/moby")
CORE_LATEST_VERSION=$(get_latest_release "home-assistant/core")
PORTAINER_LATEST_VERSION=$(get_latest_release "portainer/portainer")
msg_info "Installing Docker $DOCKER_LATEST_VERSION"
DOCKER_CONFIG_PATH='/etc/docker/daemon.json'
mkdir -p $(dirname $DOCKER_CONFIG_PATH)
echo -e '{\n "log-driver": "journald"\n}' >/etc/docker/daemon.json
$STD sh <(curl -fsSL https://get.docker.com)
msg_ok "Installed Docker $DOCKER_LATEST_VERSION"
msg_info "Pulling Portainer $PORTAINER_LATEST_VERSION Image"
$STD docker pull portainer/portainer-ce:latest
msg_ok "Pulled Portainer $PORTAINER_LATEST_VERSION Image"
msg_info "Installing Portainer $PORTAINER_LATEST_VERSION"
$STD docker volume create portainer_data
$STD docker run -d \
-p 8000:8000 \
-p 9443:9443 \
--name=portainer \
--restart=always \
-v /var/run/docker.sock:/var/run/docker.sock \
-v portainer_data:/data \
portainer/portainer-ce:latest
msg_ok "Installed Portainer $PORTAINER_LATEST_VERSION"
msg_info "Pulling Home Assistant $CORE_LATEST_VERSION Image"
$STD docker pull ghcr.io/home-assistant/home-assistant:stable
msg_ok "Pulled Home Assistant $CORE_LATEST_VERSION Image"
msg_info "Installing Home Assistant $CORE_LATEST_VERSION"
$STD docker volume create hass_config
$STD docker run -d \
--name homeassistant \
--privileged \
--restart unless-stopped \
-v /var/run/docker.sock:/var/run/docker.sock \
-v /dev:/dev \
-v hass_config:/config \
-v /etc/localtime:/etc/localtime:ro \
--net=host \
ghcr.io/home-assistant/home-assistant:stable
mkdir /root/hass_config
msg_ok "Installed Home Assistant $CORE_LATEST_VERSION"
motd_ssh
customize
cleanup_lxc

67
install/arm/jellyfin-install.sh
View File

@@ -1,67 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 tteck
# Author: tteck (tteckster)
# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
# Source: https://jellyfin.org/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_custom "" "${GN}" "If NVIDIA GPU passthrough is detected, you'll be asked whether to install drivers in the container"
setup_hwaccel
msg_info "Installing Jellyfin"
VERSION="$(awk -F'=' '/^VERSION_CODENAME=/{ print $NF }' /etc/os-release)"
if ! dpkg -s libjemalloc2 >/dev/null 2>&1; then
$STD apt install -y libjemalloc2
fi
if [[ ! -f /usr/lib/libjemalloc.so ]]; then
ln -sf /usr/lib/aarch64-linux-gnu/libjemalloc.so.2 /usr/lib/libjemalloc.so
fi
if [[ ! -d /etc/apt/keyrings ]]; then
mkdir -p /etc/apt/keyrings
fi
curl -fsSL https://repo.jellyfin.org/jellyfin_team.gpg.key | gpg --dearmor --yes --output /etc/apt/keyrings/jellyfin.gpg
cat <<EOF >/etc/apt/sources.list.d/jellyfin.sources
Types: deb
URIs: https://repo.jellyfin.org/${PCT_OSTYPE}
Suites: ${VERSION}
Components: main
Architectures: arm64
Signed-By: /etc/apt/keyrings/jellyfin.gpg
EOF
$STD apt update
$STD apt install -y jellyfin
# Configure log rotation to prevent disk fill (keeps fail2ban compatibility) (PR: #1690 / Issue: #11224)
cat <<EOF >/etc/logrotate.d/jellyfin
/var/log/jellyfin/*.log {
daily
rotate 3
maxsize 100M
missingok
notifempty
compress
delaycompress
copytruncate
}
EOF
chown -R jellyfin:adm /etc/jellyfin
sleep 10
systemctl restart jellyfin
if [[ "$CTTYPE" == "0" ]]; then
sed -i -e 's/^ssl-cert:x:104:$/render:x:104:root,jellyfin/' -e 's/^render:x:108:root,jellyfin$/ssl-cert:x:108:/' /etc/group
else
sed -i -e 's/^ssl-cert:x:104:$/render:x:104:jellyfin/' -e 's/^render:x:108:jellyfin$/ssl-cert:x:108:/' /etc/group
fi
msg_ok "Installed Jellyfin"
motd_ssh
customize
cleanup_lxc

109
install/arm/kima-hub-install.sh
View File

@@ -1,109 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk
# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
# Source: https://www.kimai.org/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
apt-transport-https \
apache2 \
git \
expect
msg_ok "Installed Dependencies"
setup_mariadb
PHP_VERSION="8.4" PHP_APACHE="YES" setup_php
setup_composer
msg_info "Setting up database"
DB_NAME=kimai_db
DB_USER=kimai
DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
MYSQL_VERSION=$(mariadb --version | grep -oE '[0-9]+\.[0-9]+\.[0-9]+')
$STD mariadb -e "CREATE DATABASE $DB_NAME;"
$STD mariadb -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
$STD mariadb -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
{
echo "Kimai-Credentials"
echo "Kimai Database User: $DB_USER"
echo "Kimai Database Password: $DB_PASS"
echo "Kimai Database Name: $DB_NAME"
} >>~/kimai.creds
msg_ok "Set up database"
fetch_and_deploy_gh_release "kimai" "kimai/kimai" "tarball"
msg_info "Setup Kimai"
cd /opt/kimai
echo "export COMPOSER_ALLOW_SUPERUSER=1" >>~/.bashrc
source ~/.bashrc
$STD composer install --no-dev --optimize-autoloader --no-interaction
cp .env.dist .env
sed -i "/^DATABASE_URL=/c\DATABASE_URL=mysql://$DB_USER:$DB_PASS@127.0.0.1:3306/$DB_NAME?charset=utf8mb4&serverVersion=mariadb-$MYSQL_VERSION" /opt/kimai/.env
$STD bin/console kimai:install -n
$STD expect <<EOF
set timeout -1
log_user 0
spawn bin/console kimai:user:create admin admin@helper-scripts.com ROLE_SUPER_ADMIN
expect "Please enter the password:"
send "helper-scripts.com\r"
expect eof
EOF
$STD composer update --no-interaction
cat <<EOF >/opt/kimai/config/packages/local.yaml
kimai:
timesheet:
rounding:
default:
begin: 15
end: 15
EOF
msg_ok "Installed Kimai"
msg_info "Creating Service"
cat <<EOF >/etc/apache2/sites-available/kimai.conf
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /opt/kimai/public/
<Directory /opt/kimai/public>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
</VirtualHost>
EOF
$STD a2ensite kimai.conf
$STD a2dissite 000-default.conf
$STD systemctl reload apache2
msg_ok "Created Service"
msg_info "Setup Permissions"
chown -R :www-data /opt/*
chmod -R g+r /opt/*
chmod -R g+rw /opt/*
chown -R www-data:www-data /opt/*
chmod -R 777 /opt/*
msg_ok "Setup Permissions"
motd_ssh
customize
cleanup_lxc

51
install/arm/lubelogger-install.sh
View File

@@ -1,51 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: kristocopani
# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
# Source: https://lubelogger.com/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
fetch_and_deploy_gh_release "lubelogger" "hargata/lubelog" "prebuild" "latest" "/opt/lubelogger" "LubeLogger*linux_x64.zip"
msg_info "Configuring LubeLogger"
cd /opt/lubelogger
chmod 700 /opt/lubelogger/CarCareTracker
cp /opt/lubelogger/appsettings.json /opt/lubelogger/appsettings_bak.json
jq '.Kestrel = {"Endpoints": {"Http": {"Url": "http://0.0.0.0:5000"}}}' /opt/lubelogger/appsettings_bak.json >/opt/lubelogger/appsettings.json
rm -rf /opt/lubelogger/appsettings_bak.json
msg_ok "Configured LubeLogger"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/lubelogger.service
[Unit]
Description=LubeLogger Daemon
After=network.target
[Service]
User=root
Type=simple
WorkingDirectory=/opt/lubelogger
ExecStart=/opt/lubelogger/CarCareTracker
TimeoutStopSec=20
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now lubelogger
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

160
install/arm/pihole-install.sh
View File

@@ -1,160 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 tteck
# Author: tteck (tteckster)
# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
# Source: https://pi-hole.net/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_warn "WARNING: This script will run an external installer from a third-party source (https://pi-hole.net/)."
msg_warn "The following code is NOT maintained or audited by our repository."
msg_warn "If you have any doubts or concerns, please review the installer code before proceeding:"
msg_custom "${TAB3}${GATEWAY}${BGN}${CL}" "\e[1;34m" "→ https://install.pi-hole.net"
echo
read -r -p "${TAB3}Do you want to continue? [y/N]: " CONFIRM
if [[ ! "$CONFIRM" =~ ^([yY][eE][sS]|[yY])$ ]]; then
msg_error "Aborted by user. No changes have been made."
exit 10
fi
msg_info "Installing Dependencies"
$STD apt install -y ufw
msg_ok "Installed Dependencies"
msg_info "Installing Pi-hole"
mkdir -p /etc/pihole
touch /etc/pihole/pihole.toml
$STD bash <(curl -fsSL https://install.pi-hole.net) --unattended
sed -i -E '
/^\s*upstreams =/ s|=.*|= ["8.8.8.8", "8.8.4.4"]|
/^\s*interface =/ s|=.*|= "eth0"|
/^\s*queryLogging =/ s|=.*|= true|
/^\s*size =/ s|=.*|= 10000|
/^\s*active =/ s|=.*|= true|
/^\s*listeningMode =/ s|=.*|= "LOCAL"|
/^\s*port =/ s|=.*|= "80o,443os,[::]:80o,[::]:443os"|
/^\s*pwhash =/ s|=.*|= ""|
# DHCP Disable
/^\s*\[dhcp\]/,/^\s*\[/{s/^\s*active = true/ active = false/}
# NTP Disable
/^\s*\[ntp.ipv4\]/,/^\s*\[/{s/^\s*active = true/ active = false/}
/^\s*\[ntp.ipv6\]/,/^\s*\[/{s/^\s*active = true/ active = false/}
/^\s*\[ntp.sync\]/,/^\s*\[/{s/^\s*active = true/ active = false/}
/^\s*\[ntp.sync\]/,/^\s*\[/{s/^\s*interval = [0-9]+/ interval = 0/}
/^\s*\[ntp.sync.rtc\]/,/^\s*\[/{s/^\s*set = true/ set = false/}
# set domainNeeded und expandHosts
/^\s*domainNeeded =/ s|=.*|= true|
/^\s*expandHosts =/ s|=.*|= true|
' /etc/pihole/pihole.toml
cat <<EOF >/etc/dnsmasq.d/01-pihole.conf
server=8.8.8.8
server=8.8.4.4
EOF
$STD pihole-FTL --config ntp.sync.interval 0
systemctl restart pihole-FTL.service
msg_ok "Installed Pi-hole"
read -r -p "${TAB3}Would you like to add Unbound? <y/N> " prompt
if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
read -r -p "${TAB3}Unbound is configured as a recursive DNS server by default, would you like it to be configured as a forwarding DNS server (using DNS-over-TLS (DoT)) instead? <y/N> " prompt
msg_info "Installing Unbound"
mkdir -p /etc/unbound/unbound.conf.d
cat <<EOF >/etc/unbound/unbound.conf.d/pi-hole.conf
server:
verbosity: 0
interface: 127.0.0.1
port: 5335
do-ip6: no
do-ip4: yes
do-udp: yes
do-tcp: yes
num-threads: 1
hide-identity: yes
hide-version: yes
harden-glue: yes
harden-dnssec-stripped: yes
harden-referral-path: yes
use-caps-for-id: no
harden-algo-downgrade: no
qname-minimisation: yes
aggressive-nsec: yes
rrset-roundrobin: yes
cache-min-ttl: 300
cache-max-ttl: 14400
msg-cache-slabs: 8
rrset-cache-slabs: 8
infra-cache-slabs: 8
key-cache-slabs: 8
serve-expired: yes
serve-expired-ttl: 3600
edns-buffer-size: 1232
prefetch: yes
prefetch-key: yes
target-fetch-policy: "3 2 1 1 1"
unwanted-reply-threshold: 10000000
rrset-cache-size: 256m
msg-cache-size: 128m
so-rcvbuf: 1m
private-address: 192.168.0.0/16
private-address: 169.254.0.0/16
private-address: 172.16.0.0/12
private-address: 10.0.0.0/8
private-address: fd00::/8
private-address: fe80::/10
EOF
mkdir -p /etc/dnsmasq.d/
cat <<EOF >/etc/dnsmasq.d/99-edns.conf
edns-packet-max=1232
EOF
if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
cat <<EOF >>/etc/unbound/unbound.conf.d/pi-hole.conf
tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
forward-zone:
name: "."
forward-tls-upstream: yes
forward-first: no
forward-addr: 8.8.8.8@853#dns.google
forward-addr: 8.8.4.4@853#dns.google
forward-addr: 2001:4860:4860::8888@853#dns.google
forward-addr: 2001:4860:4860::8844@853#dns.google
#forward-addr: 1.1.1.1@853#cloudflare-dns.com
#forward-addr: 1.0.0.1@853#cloudflare-dns.com
#forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
#forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
#forward-addr: 9.9.9.9@853#dns.quad9.net
#forward-addr: 149.112.112.112@853#dns.quad9.net
#forward-addr: 2620:fe::fe@853#dns.quad9.net
#forward-addr: 2620:fe::9@853#dns.quad9.net
EOF
fi
$STD apt install -y unbound
cat <<EOF >/etc/dnsmasq.d/01-pihole.conf
server=127.0.0.1#5335
server=8.8.8.8
server=8.8.4.4
EOF
sed -i -E '/^\s*upstreams\s*=\s*\[/,/^\s*\]/c\ upstreams = [\n "127.0.0.1#5335",\n "8.8.4.4"\n ]' /etc/pihole/pihole.toml
systemctl restart unbound
systemctl restart pihole-FTL.service
msg_ok "Installed Unbound"
fi
motd_ssh
customize
cleanup_lxc

105
install/arm/vaultwarden-install.sh
View File

@@ -1,105 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 tteck
# Author: tteck (tteckster)
# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
# Source: https://github.com/dani-garcia/vaultwarden
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
build-essential \
pkgconf \
libssl-dev \
libmariadb-dev-compat \
libpq-dev \
argon2 \
ssl-cert
msg_ok "Installed Dependencies"
setup_rust
fetch_and_deploy_gh_release "vaultwarden" "dani-garcia/vaultwarden" "tarball" "latest" "/tmp/vaultwarden-src"
msg_info "Building Vaultwarden (Patience)"
cd /tmp/vaultwarden-src
VW_VERSION=$(get_latest_github_release "dani-garcia/vaultwarden")
export VW_VERSION
$STD cargo build --features "sqlite,mysql,postgresql" --release
msg_ok "Built Vaultwarden"
msg_info "Setting up Vaultwarden"
$STD addgroup --system vaultwarden
$STD adduser --system --home /opt/vaultwarden --shell /usr/sbin/nologin --no-create-home --gecos 'vaultwarden' --ingroup vaultwarden --disabled-login --disabled-password vaultwarden
mkdir -p /opt/vaultwarden/{bin,data,web-vault}
cp target/release/vaultwarden /opt/vaultwarden/bin/
cd ~ && rm -rf /tmp/vaultwarden-src
msg_ok "Set up Vaultwarden"
fetch_and_deploy_gh_release "vaultwarden_webvault" "dani-garcia/bw_web_builds" "prebuild" "latest" "/opt/vaultwarden/web-vault" "bw_web_*.tar.gz"
msg_info "Configuring Vaultwarden"
cat <<EOF >/opt/vaultwarden/.env
ADMIN_TOKEN=''
ROCKET_ADDRESS=0.0.0.0
ROCKET_TLS='{certs="/opt/vaultwarden/ssl-cert-snakeoil.pem",key="/opt/vaultwarden/ssl-cert-snakeoil.key"}'
DATA_FOLDER=/opt/vaultwarden/data
DATABASE_MAX_CONNS=10
WEB_VAULT_FOLDER=/opt/vaultwarden/web-vault
WEB_VAULT_ENABLED=true
EOF
mv /etc/ssl/certs/ssl-cert-snakeoil.pem /opt/vaultwarden/
mv /etc/ssl/private/ssl-cert-snakeoil.key /opt/vaultwarden/
chown -R vaultwarden:vaultwarden /opt/vaultwarden/
chown root:root /opt/vaultwarden/bin/vaultwarden
chmod +x /opt/vaultwarden/bin/vaultwarden
chown -R root:root /opt/vaultwarden/web-vault/
chmod +r /opt/vaultwarden/.env
msg_ok "Configured Vaultwarden"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/vaultwarden.service
[Unit]
Description=Bitwarden Server (Powered by Vaultwarden)
Documentation=https://github.com/dani-garcia/vaultwarden
After=network.target
[Service]
User=vaultwarden
Group=vaultwarden
EnvironmentFile=-/opt/vaultwarden/.env
ExecStart=/opt/vaultwarden/bin/vaultwarden
LimitNOFILE=65535
LimitNPROC=4096
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=strict
DevicePolicy=closed
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictNamespaces=yes
RestrictRealtime=yes
MemoryDenyWriteExecute=yes
LockPersonality=yes
WorkingDirectory=/opt/vaultwarden
ReadWriteDirectories=/opt/vaultwarden/data
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now vaultwarden
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

258
install/authentik-install.sh
View File

@@ -1,258 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: Thieneret
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/goauthentik/authentik
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
build-essential \
pkg-config \
libffi-dev \
libxslt-dev \
zlib1g-dev \
libpq-dev \
krb5-multidev \
libkrb5-dev \
heimdal-multidev \
libclang-dev \
libltdl-dev \
libpq5 \
libmaxminddb0 \
libkrb5-3 \
libkdb5-10 \
libkadm5clnt-mit12 \
libkadm5clnt7t64-heimdal \
libltdl7 \
libxslt1.1 \
python3-dev \
libxml2-dev \
libxml2 \
libxslt1-dev \
automake \
autoconf \
libtool \
libtool-bin \
gcc \
git
msg_ok "Installed Dependencies"
NODE_VERSION="24" setup_nodejs
setup_yq
setup_go
UV_PYTHON_INSTALL_DIR="/usr/local/bin" PYTHON_VERSION="3.14.3" setup_uv
setup_rust
PG_VERSION="17" setup_postgresql
PG_DB_NAME="authentik" PG_DB_USER="authentik" PG_DB_GRANT_SUPERUSER="true" setup_postgresql_db
XMLSEC_VERSION="1.3.11"
AUTHENTIK_VERSION="version/2026.2.2"
fetch_and_deploy_gh_release "xmlsec" "lsh123/xmlsec" "tarball" "${XMLSEC_VERSION}" "/opt/xmlsec"
fetch_and_deploy_gh_release "authentik" "goauthentik/authentik" "tarball" "${AUTHENTIK_VERSION}" "/opt/authentik"
fetch_and_deploy_gh_release "geoipupdate" "maxmind/geoipupdate" "binary"
msg_info "Setup xmlsec"
cd /opt/xmlsec
$STD ./autogen.sh
$STD make -j $(nproc)
$STD make check
$STD make install
$STD ldconfig
msg_ok "xmlsec installed"
msg_info "Setup web"
cd /opt/authentik/web
export NODE_ENV="production"
$STD npm install
$STD npm run build
$STD npm run build:sfe
msg_ok "Web installed"
msg_info "Setup go proxy"
cd /opt/authentik
export CGO_ENABLED="1"
$STD go mod download
$STD go build -o /opt/authentik/authentik-server ./cmd/server
$STD go build -o /opt/authentik/ldap ./cmd/ldap
$STD go build -o /opt/authentik/rac ./cmd/rac
$STD go build -o /opt/authentik/radius ./cmd/radius
msg_ok "Go proxy installed"
cat <<EOF >/usr/local/etc/GeoIP.conf
AccountID ChangeME
LicenseKey ChangeME
EditionIDs GeoLite2-ASN GeoLite2-City GeoLite2-Country
DatabaseDirectory /opt/authentik-data/geoip
RetryFor 5m
Parallelism 1
EOF
echo "#39 19 * * 6,4 /usr/bin/geoipupdate -f /usr/local/etc/GeoIP.conf" | crontab -
msg_info "Setup python server"
export UV_NO_BINARY_PACKAGE="cryptography lxml python-kadmin-rs xmlsec"
export UV_COMPILE_BYTECODE="1"
export UV_LINK_MODE="copy"
export UV_NATIVE_TLS="1"
export RUSTUP_PERMIT_COPY_RENAME="true"
export UV_PYTHON_INSTALL_DIR="/usr/local/bin"
cd /opt/authentik
$STD uv sync --frozen --no-install-project --no-dev
cp /opt/authentik/authentik/sources/kerberos/krb5.conf /etc/krb5.conf
msg_ok "Installed python server"
msg_info "Creating authentik config"
mkdir -p /etc/authentik
mv /opt/authentik/authentik/lib/default.yml /etc/authentik/config.yml
yq -i ".secret_key = \"$(openssl rand -base64 128 | tr -dc 'a-zA-Z0-9' | head -c64)\"" /etc/authentik/config.yml
yq -i ".postgresql.password = \"${PG_DB_PASS}\"" /etc/authentik/config.yml
yq -i ".events.context_processors.geoip = \"/opt/authentik-data/geoip/GeoLite2-City.mmdb\"" /etc/authentik/config.yml
yq -i ".events.context_processors.asn = \"/opt/authentik-data/geoip/GeoLite2-ASN.mmdb\"" /etc/authentik/config.yml
yq -i ".blueprints_dir = \"/opt/authentik/blueprints\"" /etc/authentik/config.yml
yq -i ".cert_discovery_dir = \"/opt/authentik-data/certs\"" /etc/authentik/config.yml
yq -i ".email.template_dir = \"/opt/authentik-data/templates\"" /etc/authentik/config.yml
yq -i ".storage.file.path = \"/opt/authentik-data\"" /etc/authentik/config.yml
yq -i ".disable_startup_analytics = \"true\"" /etc/authentik/config.yml
$STD useradd -U -s /usr/sbin/nologin -r -M -d /opt/authentik authentik
chown -R authentik:authentik /opt/authentik
cat <<EOF >/etc/default/authentik
TMPDIR=/dev/shm/
UV_LINK_MODE=copy
UV_PYTHON_DOWNLOADS=0
UV_NATIVE_TLS=1
VENV_PATH=/opt/authentik/.venv
PYTHONDONTWRITEBYTECODE=1
PYTHONUNBUFFERED=1
PATH=/opt/authentik/lifecycle:/opt/authentik/.venv/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin:/bin
DJANGO_SETTINGS_MODULE=authentik.root.settings
PROMETHEUS_MULTIPROC_DIR="/tmp/authentik_prometheus_tmp"
EOF
cat <<EOF >/etc/default/authentik_ldap
AUTHENTIK_HOST="https://127.0.0.1:9443"
AUTHENTIK_INSECURE="true"
AUTHENTIK_TOKEN="token-generated-by-authentik"
EOF
cat <<EOF >/etc/default/authentik_rac
AUTHENTIK_HOST="https://127.0.0.1:9443"
AUTHENTIK_INSECURE="true"
AUTHENTIK_TOKEN="token-generated-by-authentik"
EOF
cat <<EOF >/etc/default/authentik_radius
AUTHENTIK_HOST="https://127.0.0.1:9443"
AUTHENTIK_INSECURE="true"
AUTHENTIK_TOKEN="token-generated-by-authentik"
EOF
msg_ok "authentik config created"
msg_info "Creating services"
cat <<EOF >/etc/systemd/system/authentik-server.service
[Unit]
Description=authentik Go Server (API Gateway)
After=network.target
Wants=postgresql.service
[Service]
User=authentik
Group=authentik
ExecStartPre=/usr/bin/mkdir -p "\${PROMETHEUS_MULTIPROC_DIR}"
ExecStart=/opt/authentik/authentik-server
WorkingDirectory=/opt/authentik/
Restart=always
RestartSec=5
EnvironmentFile=/etc/default/authentik
[Install]
WantedBy=multi-user.target
EOF
cat <<EOF >/etc/systemd/system/authentik-worker.service
[Unit]
Description=authentik Worker
After=network.target postgresql.service
[Service]
User=authentik
Group=authentik
Type=simple
EnvironmentFile=/etc/default/authentik
ExecStart=/usr/local/bin/uv run python -m manage worker --pid-file /dev/shm/authentik-worker.pid
WorkingDirectory=/opt/authentik
Restart=always
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
cat <<EOF >/etc/systemd/system/authentik-ldap.service
[Unit]
Description=authentik LDAP Outpost
After=network.target
Wants=postgresql.service
[Service]
User=authentik
Group=authentik
ExecStart=/opt/authentik/ldap
WorkingDirectory=/opt/authentik/
Restart=always
RestartSec=5
EnvironmentFile=/etc/default/authentik_ldap
[Install]
WantedBy=multi-user.target
EOF
cat <<EOF >/etc/systemd/system/authentik-rac.service
[Unit]
Description=authentik RAC Outpost
After=network.target
Wants=postgresql.service
[Service]
User=authentik
Group=authentik
ExecStart=/opt/authentik/rac
WorkingDirectory=/opt/authentik/
Restart=always
RestartSec=5
EnvironmentFile=/etc/default/authentik_rac
[Install]
WantedBy=multi-user.target
EOF
cat <<EOF >/etc/systemd/system/authentik-radius.service
[Unit]
Description=authentik Radius Outpost
After=network.target
Wants=postgresql.service
[Service]
User=authentik
Group=authentik
ExecStart=/opt/authentik/radius
WorkingDirectory=/opt/authentik/
Restart=always
RestartSec=5
EnvironmentFile=/etc/default/authentik_radius
[Install]
WantedBy=multi-user.target
EOF
msg_ok "Services created"
motd_ssh
customize
cleanup_lxc

0
install/arm-install.sh → install/deferred/arm-install.sh
View File

0
install/godoxy-install.sh → install/deferred/godoxy-install.sh
View File

0
install/labca-install.sh → install/deferred/labca-install.sh
View File

88
install/degoog-install.sh
View File

@@ -1,88 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: vhsdream
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/fccview/degoog
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
git \
unzip
msg_ok "Installed Dependencies"
msg_info "Installing Bun"
export BUN_INSTALL="/root/.bun"
curl -fsSL https://bun.sh/install | $STD bash
ln -sf /root/.bun/bin/bun /usr/local/bin/bun
ln -sf /root/.bun/bin/bunx /usr/local/bin/bunx
msg_ok "Installed Bun"
fetch_and_deploy_gh_release "degoog" "fccview/degoog" "prebuild" "latest" "/opt/degoog" "degoog_*_prebuild.tar.gz"
msg_info "Setting up degoog"
mkdir -p /opt/degoog/data/{engines,plugins,themes,store}
cat <<EOF >/opt/degoog/.env
DEGOOG_PORT=4444
DEGOOG_ENGINES_DIR=/opt/degoog/data/engines
DEGOOG_PLUGINS_DIR=/opt/degoog/data/plugins
DEGOOG_THEMES_DIR=/opt/degoog/data/themes
DEGOOG_ALIASES_FILE=/opt/degoog/data/aliases.json
DEGOOG_PLUGIN_SETTINGS_FILE=/opt/degoog/data/plugin-settings.json
# DEGOOG_SETTINGS_PASSWORDS=changeme
# DEGOOG_PUBLIC_INSTANCE=false
# LOGGER=debug
EOF
if [[ ! -f /opt/degoog/data/aliases.json ]]; then
cat <<EOF >/opt/degoog/data/aliases.json
{}
EOF
fi
if [[ ! -f /opt/degoog/data/plugin-settings.json ]]; then
cat <<EOF >/opt/degoog/data/plugin-settings.json
{}
EOF
fi
if [[ ! -f /opt/degoog/data/repos.json ]]; then
cat <<EOF >/opt/degoog/data/repos.json
[]
EOF
fi
msg_ok "Set up degoog"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/degoog.service
[Unit]
Description=degoog
After=network.target
[Service]
Type=simple
User=root
WorkingDirectory=/opt/degoog
EnvironmentFile=/opt/degoog/.env
ExecStart=/usr/local/bin/bun run src/server/index.ts
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now degoog
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

261
install/dispatcharr-install.sh
View File

@@ -1,261 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: ekke85 | MickLesk
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/Dispatcharr/Dispatcharr
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
setup_hwaccel
msg_info "Installing Dependencies"
$STD apt install -y \
build-essential \
python3-dev \
libpq-dev \
nginx \
redis-server \
ffmpeg \
procps \
vlc-bin \
vlc-plugin-base \
streamlink
msg_ok "Installed Dependencies"
setup_uv
NODE_VERSION="24" setup_nodejs
PG_VERSION="16" setup_postgresql
PG_DB_NAME="dispatcharr_db" PG_DB_USER="dispatcharr_usr" setup_postgresql_db
fetch_and_deploy_gh_release "dispatcharr" "Dispatcharr/Dispatcharr" "tarball"
msg_info "Installing Python Dependencies"
cd /opt/dispatcharr
$STD uv venv --clear
$STD uv sync
$STD uv pip install uwsgi gevent celery redis daphne
msg_ok "Installed Python Dependencies"
msg_info "Configuring Dispatcharr"
install -d -m 755 \
/data/{logos,recordings,plugins,db} \
/data/uploads/{m3us,epgs} \
/data/{m3us,epgs}
chown -R root:root /data
DJANGO_SECRET=$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9' | cut -c1-50)
export DATABASE_URL="postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}"
export POSTGRES_DB=$PG_DB_NAME
export POSTGRES_USER=$PG_DB_USER
export POSTGRES_PASSWORD=$PG_DB_PASS
export POSTGRES_HOST=localhost
export DJANGO_SECRET_KEY=$DJANGO_SECRET
$STD uv run python manage.py migrate --noinput
$STD uv run python manage.py collectstatic --noinput
cat <<EOF >/opt/dispatcharr/.env
DATABASE_URL=postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}
POSTGRES_DB=$PG_DB_NAME
POSTGRES_USER=$PG_DB_USER
POSTGRES_PASSWORD=$PG_DB_PASS
POSTGRES_HOST=localhost
CELERY_BROKER_URL=redis://localhost:6379/0
DJANGO_SECRET_KEY=$DJANGO_SECRET
EOF
cd /opt/dispatcharr/frontend
node -e "const p=require('./package.json');p.overrides=p.overrides||{};p.overrides['webworkify-webpack']='2.1.3';require('fs').writeFileSync('package.json',JSON.stringify(p,null,2));"
rm -f package-lock.json
$STD npm install --no-audit --progress=false
$STD npm run build
msg_ok "Configured Dispatcharr"
msg_info "Configuring Nginx"
cat <<EOF >/etc/nginx/sites-available/dispatcharr.conf
server {
listen 9191;
server_name _;
client_max_body_size 100M;
location /assets/ {
alias /opt/dispatcharr/frontend/dist/assets/;
expires 30d;
add_header Cache-Control "public, immutable";
types {
text/javascript js;
text/css css;
image/png png;
image/svg+xml svg svgz;
font/woff2 woff2;
font/woff woff;
font/ttf ttf;
}
}
location /static/ {
alias /opt/dispatcharr/static/;
expires 30d;
add_header Cache-Control "public, immutable";
}
location /media/ {
alias /opt/dispatcharr/media/;
}
location /ws/ {
proxy_pass http://127.0.0.1:8001;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto \$scheme;
}
location / {
include proxy_params;
proxy_pass http://127.0.0.1:5656;
}
}
EOF
ln -sf /etc/nginx/sites-available/dispatcharr.conf /etc/nginx/sites-enabled/dispatcharr.conf
rm -f /etc/nginx/sites-enabled/default
systemctl restart nginx
msg_ok "Configured Nginx"
msg_info "Creating Services"
cat <<'EOF' >/opt/dispatcharr/start-uwsgi.sh
#!/usr/bin/env bash
cd /opt/dispatcharr
set -a
source .env
set +a
exec .venv/bin/uwsgi \
--chdir=/opt/dispatcharr \
--module=dispatcharr.wsgi:application \
--master \
--workers=4 \
--gevent=400 \
--http=0.0.0.0:5656 \
--http-keepalive=1 \
--http-timeout=600 \
--socket-timeout=600 \
--buffer-size=65536 \
--post-buffering=4096 \
--lazy-apps \
--thunder-lock \
--die-on-term \
--vacuum
EOF
chmod +x /opt/dispatcharr/start-uwsgi.sh
cat <<'EOF' >/opt/dispatcharr/start-celery.sh
#!/usr/bin/env bash
cd /opt/dispatcharr
set -a
source .env
set +a
exec uv run celery -A dispatcharr worker -l info -c 4
EOF
chmod +x /opt/dispatcharr/start-celery.sh
cat <<'EOF' >/opt/dispatcharr/start-celerybeat.sh
#!/usr/bin/env bash
cd /opt/dispatcharr
set -a
source .env
set +a
exec uv run celery -A dispatcharr beat -l info
EOF
chmod +x /opt/dispatcharr/start-celerybeat.sh
cat <<'EOF' >/opt/dispatcharr/start-daphne.sh
#!/usr/bin/env bash
cd /opt/dispatcharr
set -a
source .env
set +a
exec uv run daphne -b 0.0.0.0 -p 8001 dispatcharr.asgi:application
EOF
chmod +x /opt/dispatcharr/start-daphne.sh
cat <<EOF >/etc/systemd/system/dispatcharr.service
[Unit]
Description=Dispatcharr Web Server
After=network.target postgresql.service redis-server.service
[Service]
Type=simple
WorkingDirectory=/opt/dispatcharr
ExecStart=/opt/dispatcharr/start-uwsgi.sh
Restart=on-failure
RestartSec=10
User=root
[Install]
WantedBy=multi-user.target
EOF
cat <<EOF >/etc/systemd/system/dispatcharr-celery.service
[Unit]
Description=Dispatcharr Celery Worker
After=network.target redis-server.service
Requires=dispatcharr.service
[Service]
Type=simple
WorkingDirectory=/opt/dispatcharr
ExecStart=/opt/dispatcharr/start-celery.sh
Restart=on-failure
RestartSec=10
User=root
[Install]
WantedBy=multi-user.target
EOF
cat <<EOF >/etc/systemd/system/dispatcharr-celerybeat.service
[Unit]
Description=Dispatcharr Celery Beat Scheduler
After=network.target redis-server.service
Requires=dispatcharr.service
[Service]
Type=simple
WorkingDirectory=/opt/dispatcharr
ExecStart=/opt/dispatcharr/start-celerybeat.sh
Restart=on-failure
RestartSec=10
User=root
[Install]
WantedBy=multi-user.target
EOF
cat <<EOF >/etc/systemd/system/dispatcharr-daphne.service
[Unit]
Description=Dispatcharr WebSocket Server (Daphne)
After=network.target
Requires=dispatcharr.service
[Service]
Type=simple
WorkingDirectory=/opt/dispatcharr
ExecStart=/opt/dispatcharr/start-daphne.sh
Restart=on-failure
RestartSec=10
User=root
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now dispatcharr dispatcharr-celery dispatcharr-celerybeat dispatcharr-daphne
msg_ok "Created Services"
motd_ssh
customize
cleanup_lxc

164
install/docuseal-install.sh
View File

@@ -1,164 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://www.docuseal.com/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
build-essential \
git \
libpq-dev \
libssl-dev \
libyaml-dev \
libreadline-dev \
zlib1g-dev \
libffi-dev \
libvips42 \
libvips-dev \
libheif1 \
redis-server \
fontconfig
msg_ok "Installed Dependencies"
NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
RUBY_VERSION="4.0.1" RUBY_INSTALL_RAILS="false" setup_ruby
PG_VERSION="17" setup_postgresql
PG_DB_NAME="docuseal" PG_DB_USER="docuseal" setup_postgresql_db
msg_info "Downloading Fonts and PDFium"
mkdir -p /opt/fonts /usr/share/fonts/noto
ARCH=$(uname -m | sed 's/x86_64/x64/;s/aarch64/arm64/')
curl -fsSL -o /opt/fonts/GoNotoKurrent-Regular.ttf \
https://github.com/satbyy/go-noto-universal/releases/download/v7.0/GoNotoKurrent-Regular.ttf
curl -fsSL -o /opt/fonts/GoNotoKurrent-Bold.ttf \
https://github.com/satbyy/go-noto-universal/releases/download/v7.0/GoNotoKurrent-Bold.ttf
curl -fsSL -o /opt/fonts/DancingScript-Regular.otf \
https://github.com/impallari/DancingScript/raw/master/fonts/DancingScript-Regular.otf
ln -sf /opt/fonts/GoNotoKurrent-Regular.ttf /usr/share/fonts/noto/
ln -sf /opt/fonts/GoNotoKurrent-Bold.ttf /usr/share/fonts/noto/
$STD fc-cache -f
curl -fsSL -o /tmp/pdfium.tgz \
"https://github.com/bblanchon/pdfium-binaries/releases/latest/download/pdfium-linux-${ARCH}.tgz"
mkdir -p /tmp/pdfium && tar -xzf /tmp/pdfium.tgz -C /tmp/pdfium
cp /tmp/pdfium/lib/libpdfium.so /usr/lib/libpdfium.so
rm -rf /tmp/pdfium /tmp/pdfium.tgz
msg_ok "Downloaded Fonts and PDFium"
fetch_and_deploy_gh_release "docuseal" "docusealco/docuseal" "tarball"
msg_info "Downloading Field Detection Model"
mkdir -p /opt/docuseal/tmp
curl -fsSL -o /opt/docuseal/tmp/model.onnx \
"https://github.com/docusealco/fields-detection/releases/download/2.0.0/model_704_int8.onnx"
mkdir -p /opt/docuseal/public/fonts
ln -sf /opt/fonts/DancingScript-Regular.otf /opt/docuseal/public/fonts/DancingScript-Regular.otf
msg_ok "Downloaded Field Detection Model"
msg_info "Configuring DocuSeal"
SECRET_KEY=$(openssl rand -hex 64)
mkdir -p /opt/docuseal/data
cat <<EOF >/opt/docuseal/.env
RAILS_ENV=production
NODE_ENV=production
RAILS_LOG_TO_STDOUT=true
RAILS_SERVE_STATIC_FILES=true
SECRET_KEY_BASE=${SECRET_KEY}
DATABASE_URL=postgresql://docuseal:${PG_DB_PASS}@127.0.0.1:5432/docuseal
REDIS_URL=redis://localhost:6379/0
WORKDIR=/opt/docuseal/data
VIPS_MAX_COORD=17000
EOF
msg_ok "Configured DocuSeal"
msg_info "Building Application"
cd /opt/docuseal
export PATH="$HOME/.rbenv/bin:$HOME/.rbenv/shims:$PATH"
eval "$(rbenv init - bash)" 2>/dev/null || true
export RAILS_ENV=production
export NODE_ENV=production
export SECRET_KEY_BASE_DUMMY=1
set -a
source /opt/docuseal/.env
set +a
$STD bundle config set --local deployment 'true'
$STD bundle config set --local without 'development:test'
$STD bundle install -j"$(nproc)"
$STD yarn install --network-timeout 1000000
$STD ./bin/shakapacker
$STD bundle exec rails db:migrate
$STD bundle exec bootsnap precompile -j 1 --gemfile app/ lib/
msg_ok "Built Application"
msg_info "Enabling Redis"
systemctl enable -q --now redis-server
msg_ok "Enabled Redis"
msg_info "Creating docuseal User"
id docuseal &>/dev/null || useradd -u 2000 -M -s /usr/sbin/nologin -d /opt/docuseal docuseal
chmod o+x /root
chmod -R o+rX /root/.rbenv
chown -R docuseal:docuseal /opt/docuseal /opt/fonts
msg_ok "Created docuseal User"
msg_info "Creating Services"
cat <<EOF >/etc/systemd/system/docuseal.service
[Unit]
Description=DocuSeal Web
After=network.target postgresql.service redis-server.service
[Service]
Type=simple
User=docuseal
Group=docuseal
WorkingDirectory=/opt/docuseal
EnvironmentFile=/opt/docuseal/.env
Environment=HOME=/opt/docuseal
Environment=PATH=/root/.rbenv/shims:/root/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Environment=BUNDLE_GEMFILE=/opt/docuseal/Gemfile
Environment=BUNDLE_WITHOUT=development:test
ExecStart=/opt/docuseal/bin/bundle exec puma -C /opt/docuseal/config/puma.rb --dir /opt/docuseal -p 3000
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
cat <<EOF >/etc/systemd/system/docuseal-sidekiq.service
[Unit]
Description=DocuSeal Sidekiq
After=network.target postgresql.service redis-server.service
[Service]
Type=simple
User=docuseal
Group=docuseal
WorkingDirectory=/opt/docuseal
EnvironmentFile=/opt/docuseal/.env
Environment=HOME=/opt/docuseal
Environment=PATH=/root/.rbenv/shims:/root/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Environment=BUNDLE_GEMFILE=/opt/docuseal/Gemfile
Environment=BUNDLE_WITHOUT=development:test
ExecStart=/opt/docuseal/bin/bundle exec sidekiq
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now docuseal docuseal-sidekiq
msg_ok "Created Services"
motd_ssh
customize
cleanup_lxc

108
install/erpnext-install.sh
View File

@@ -1,108 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/frappe/erpnext
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
git \
sudo \
build-essential \
python3-dev \
libffi-dev \
libssl-dev \
redis-server \
nginx \
supervisor \
fail2ban \
xvfb \
libfontconfig1 \
libxrender1 \
fontconfig \
libjpeg-dev \
libmariadb-dev \
python3-pip
msg_ok "Installed Dependencies"
NODE_VERSION="24" NODE_MODULE="yarn" setup_nodejs
UV_PYTHON="3.13" setup_uv
setup_mariadb
msg_info "Configuring MariaDB for ERPNext"
cat <<EOF >/etc/mysql/mariadb.conf.d/50-erpnext.cnf
[mysqld]
character-set-server=utf8mb4
collation-server=utf8mb4_unicode_ci
[client]
default-character-set=utf8mb4
EOF
$STD systemctl restart mariadb
msg_ok "Configured MariaDB for ERPNext"
msg_info "Installing wkhtmltopdf"
WKHTMLTOPDF_URL="https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6.1-3/wkhtmltox_0.12.6.1-3.bookworm_amd64.deb"
$STD curl -fsSL -o /tmp/wkhtmltox.deb "$WKHTMLTOPDF_URL"
$STD apt install -y /tmp/wkhtmltox.deb
rm -f /tmp/wkhtmltox.deb
msg_ok "Installed wkhtmltopdf"
msg_info "Installing Frappe Bench"
useradd -m -s /bin/bash frappe
chown frappe:frappe /opt
echo "frappe ALL=(ALL) NOPASSWD:ALL" >/etc/sudoers.d/frappe
$STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; uv tool install frappe-bench'
msg_ok "Installed Frappe Bench"
msg_info "Initializing Frappe Bench"
ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
DB_ROOT_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
mysql -u root -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASS}'; FLUSH PRIVILEGES;"
$STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt && bench init --frappe-branch version-15 frappe-bench'
$STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt/frappe-bench && bench get-app erpnext --branch version-15'
$STD sudo -u frappe bash -c "export PATH=\"\$HOME/.local/bin:\$PATH\"; cd /opt/frappe-bench && bench new-site site1.local --db-root-username root --db-root-password \"$DB_ROOT_PASS\" --admin-password \"$ADMIN_PASS\" --install-app erpnext --set-default"
msg_ok "Initialized Frappe Bench"
msg_info "Configuring ERPNext"
cat <<EOF >/opt/frappe-bench/.env
ADMIN_PASSWORD=${ADMIN_PASS}
DB_ROOT_PASSWORD=${DB_ROOT_PASS}
SITE_NAME=site1.local
EOF
{
echo "ERPNext Credentials"
echo "=================="
echo "Admin Username: Administrator"
echo "Admin Password: ${ADMIN_PASS}"
echo "DB Root Password: ${DB_ROOT_PASS}"
echo "Site Name: site1.local"
} >~/erpnext.creds
$STD systemctl enable --now redis-server
msg_ok "Configured ERPNext"
msg_info "Setting up Production"
BENCH_PY="/home/frappe/.local/share/uv/tools/frappe-bench/bin/python"
$STD sudo -u frappe bash -c "curl -fsSL https://bootstrap.pypa.io/get-pip.py | \"${BENCH_PY}\""
$STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; uv tool install ansible'
ln -sf /home/frappe/.local/bin/ansible* /usr/local/bin/
$STD bash -c 'export PATH="/home/frappe/.local/bin:$PATH"; cd /opt/frappe-bench && bench setup production frappe --yes'
ln -sf /opt/frappe-bench/config/supervisor.conf /etc/supervisor/conf.d/frappe-bench.conf
$STD supervisorctl reread
$STD supervisorctl update
$STD systemctl enable --now supervisor
msg_ok "Set up Production"
motd_ssh
customize
cleanup_lxc

62
install/espconnect-install.sh
View File

@@ -1,62 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: John Lombardo
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/thelastoutpostworkshop/ESPConnect
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y nginx
msg_ok "Installed Dependencies"
fetch_and_deploy_gh_release "espconnect" "thelastoutpostworkshop/ESPConnect" "prebuild" "latest" "/opt/espconnect" "dist.zip"
msg_info "Configuring Nginx"
mkdir -p /etc/ssl/private
$STD openssl req -x509 -nodes -newkey rsa:2048 -days 3650 \
-keyout /etc/ssl/private/espconnect-selfsigned.key \
-out /etc/ssl/certs/espconnect-selfsigned.crt \
-subj "/CN=ESPConnect"
cat <<'EOF' >/etc/nginx/sites-available/espconnect
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/ssl/certs/espconnect-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/espconnect-selfsigned.key;
ssl_protocols TLSv1.2 TLSv1.3;
root /opt/espconnect;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
}
EOF
ln -sf /etc/nginx/sites-available/espconnect /etc/nginx/sites-enabled/espconnect
rm -f /etc/nginx/sites-enabled/default
$STD nginx -t
systemctl enable -q nginx
systemctl restart nginx
msg_ok "Configured Nginx"
motd_ssh
customize
cleanup_lxc

49
install/ezbookkeeping-install.sh Normal file
View File

@@ -0,0 +1,49 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: Slaviša Arežina (tremor021)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://ezbookkeeping.mayswind.net/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
fetch_and_deploy_gh_release "ezbookkeeping" "mayswind/ezbookkeeping" "prebuild" "latest" "/opt/ezbookkeeping" "ezbookkeeping-*-linux-amd64.tar.gz"
create_self_signed_cert
msg_info "Configuring ezBookkeeping"
SECRET_KEY=$(openssl rand -base64 64 | tr -dc 'a-zA-Z0-9' | head -c50)
sed -i "s/enable_gzip = false/enable_gzip = true/" /opt/ezbookkeeping/conf/ezbookkeeping.ini
sed -i "s/protocol = http/protocol = https/" /opt/ezbookkeeping/conf/ezbookkeeping.ini
sed -i "s/http_port = 8080/http_port = 443/" /opt/ezbookkeeping/conf/ezbookkeeping.ini
sed -i "s/cert_file =/cert_file = \/etc\/ssl\/ezbookkeeping\/ezbookkeeping.crt/" /opt/ezbookkeeping/conf/ezbookkeeping.ini
sed -i "s/cert_key_file =/cert_key_file = \/etc\/ssl\/ezbookkeeping\/ezbookkeeping.key/" /opt/ezbookkeeping/conf/ezbookkeeping.ini
sed -i "s/domain = localhost/domain = ${LOCAL_IP}/" /opt/ezbookkeeping/conf/ezbookkeeping.ini
sed -i "s/secret_key =/secret_key = ${SECRET_KEY}/" /opt/ezbookkeeping/conf/ezbookkeeping.ini
msg_ok "Configured ezBookkeeping"
msg_info "Creating service"
cat <<EOF >/etc/systemd/system/ezbookkeeping.service
[Unit]
Description=ezBookkeeping Service
After=network.target
[Service]
WorkingDirectory=/opt/ezbookkeeping
ExecStart=/opt/ezbookkeeping/ezbookkeeping server run
Restart=always
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now ezbookkeeping
msg_ok "Created service"
motd_ssh
customize
cleanup_lxc

57
install/fileflows-install.sh
View File

@@ -1,57 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: kkroboth
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://fileflows.com/
# Import Functions und Setup
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
ffmpeg \
pciutils
msg_ok "Installed Dependencies"
msg_info "Installing ASP.NET Core Runtime"
setup_deb822_repo \
"microsoft" \
"https://packages.microsoft.com/keys/microsoft-2025.asc" \
"https://packages.microsoft.com/debian/13/prod/" \
"trixie"
$STD apt install -y aspnetcore-runtime-8.0
msg_ok "Installed ASP.NET Core Runtime"
fetch_and_deploy_from_url "https://fileflows.com/downloads/zip" "/opt/fileflows"
$STD ln -svf /usr/bin/ffmpeg /usr/local/bin/ffmpeg
$STD ln -svf /usr/bin/ffprobe /usr/local/bin/ffprobe
$STD rm -rf /opt/fileflows/Server/runtimes/win-*
read -r -p "${TAB3}Do you want to install FileFlows Server or Node? (S/N): " install_server
if [[ "$install_server" =~ ^[Ss]$ ]]; then
msg_info "Installing FileFlows Server"
cd /opt/fileflows/Server
$STD dotnet FileFlows.Server.dll --systemd install --root true
systemctl enable -q --now fileflows
msg_ok "Installed FileFlows Server"
else
msg_info "Installing FileFlows Node"
cd /opt/fileflows/Node
$STD dotnet FileFlows.Node.dll
$STD dotnet FileFlows.Node.dll --systemd install --root true
systemctl enable -q --now fileflows-node
msg_ok "Installed FileFlows Node"
fi
motd_ssh
customize
cleanup_lxc

62
install/flaresolverr-install.sh Normal file
View File

@@ -0,0 +1,62 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 tteck
# Author: tteck (tteckster)
# Co-Author: remz1337
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/FlareSolverr/FlareSolverr
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt-get install -y \
apt-transport-https \
xvfb
msg_ok "Installed Dependencies"
msg_info "Installing Chrome"
setup_deb822_repo \
"google-chrome" \
"https://dl.google.com/linux/linux_signing_key.pub" \
"https://dl.google.com/linux/chrome/deb/" \
"stable"
$STD apt update
$STD apt install -y google-chrome-stable
# remove google-chrome.list added by google-chrome-stable
if [ -f /etc/apt/sources.list.d/google-chrome.list ]; then
rm /etc/apt/sources.list.d/google-chrome.list
fi
msg_ok "Installed Chrome"
fetch_and_deploy_gh_release "flaresolverr" "FlareSolverr/FlareSolverr" "prebuild" "latest" "/opt/flaresolverr" "flaresolverr_linux_x64.tar.gz"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/flaresolverr.service
[Unit]
Description=FlareSolverr
After=network.target
[Service]
SyslogIdentifier=flaresolverr
Restart=always
RestartSec=5
Type=simple
Environment="LOG_LEVEL=info"
Environment="CAPTCHA_SOLVER=none"
WorkingDirectory=/opt/flaresolverr
ExecStart=/opt/flaresolverr/flaresolverr
TimeoutStopSec=30
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now flaresolverr
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

96
install/gluetun-install.sh Normal file
View File

@@ -0,0 +1,96 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/qdm12/gluetun
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
openvpn \
wireguard-tools \
iptables
msg_ok "Installed Dependencies"
msg_info "Configuring iptables"
$STD update-alternatives --set iptables /usr/sbin/iptables-legacy
$STD update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
ln -sf /usr/sbin/openvpn /usr/sbin/openvpn2.6
msg_ok "Configured iptables"
setup_go
fetch_and_deploy_gh_release "gluetun" "qdm12/gluetun" "tarball"
msg_info "Building Gluetun"
cd /opt/gluetun
$STD go mod download
CGO_ENABLED=0 $STD go build -trimpath -ldflags="-s -w" -o /usr/local/bin/gluetun ./cmd/gluetun/
msg_ok "Built Gluetun"
msg_info "Configuring Gluetun"
mkdir -p /opt/gluetun-data
touch /etc/alpine-release
ln -sf /opt/gluetun-data /gluetun
cat <<EOF >/opt/gluetun-data/.env
VPN_SERVICE_PROVIDER=custom
VPN_TYPE=openvpn
OPENVPN_CUSTOM_CONFIG=/opt/gluetun-data/custom.ovpn
OPENVPN_USER=
OPENVPN_PASSWORD=
OPENVPN_PROCESS_USER=root
PUID=0
PGID=0
HTTP_CONTROL_SERVER_ADDRESS=:8000
HTTPPROXY=off
SHADOWSOCKS=off
PPROF_ENABLED=no
PPROF_BLOCK_PROFILE_RATE=0
PPROF_MUTEX_PROFILE_RATE=0
PPROF_HTTP_SERVER_ADDRESS=:6060
FIREWALL_ENABLED_DISABLING_IT_SHOOTS_YOU_IN_YOUR_FOOT=on
HEALTH_SERVER_ADDRESS=127.0.0.1:9999
DNS_UPSTREAM_RESOLVERS=cloudflare
LOG_LEVEL=info
STORAGE_FILEPATH=/gluetun/servers.json
PUBLICIP_FILE=/gluetun/ip
VPN_PORT_FORWARDING_STATUS_FILE=/gluetun/forwarded_port
TZ=UTC
EOF
msg_ok "Configured Gluetun"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/gluetun.service
[Unit]
Description=Gluetun VPN Client
After=network.target
[Service]
Type=simple
User=root
WorkingDirectory=/opt/gluetun-data
EnvironmentFile=/opt/gluetun-data/.env
UnsetEnvironment=USER
ExecStartPre=/bin/sh -c 'rm -f /etc/openvpn/target.ovpn'
ExecStart=/usr/local/bin/gluetun
Restart=on-failure
RestartSec=5
AmbientCapabilities=CAP_NET_ADMIN
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now gluetun
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

18
install/hermesagent-install.sh
View File

@@ -93,10 +93,26 @@ EOF
systemctl enable -q --now hermes-dashboard
msg_ok "Created Dashboard Service"
msg_info "Creating Setup Helper"
cat <<'SETUP' >/usr/bin/hermes-setup
#!/usr/bin/env bash
set -a; source /etc/default/hermes; set +a
/home/hermes/.local/bin/hermes setup
chown -R hermes:hermes /home/hermes
chmod 750 /home/hermes
chmod 700 /home/hermes/.hermes
if [[ -f /home/hermes/.config/systemd/user/hermes-gateway.service ]]; then
su - hermes -c 'systemctl --user enable --now hermes-gateway'
fi
echo "Hermes setup complete. File permissions restored."
SETUP
chmod +x /usr/bin/hermes-setup
msg_ok "Created Setup Helper"
msg_info "Configuring Login Hints"
cat <<'HINT' >/etc/profile.d/hermes-hint.sh
if [[ "$(id -u)" -eq 0 ]]; then
echo " Use 'su - hermes' to switch to the hermes user for running Hermes Agent."
echo " Run 'hermes-setup' to configure your model provider and gateway server."
fi
HINT
msg_ok "Configured Login Hints"

139
install/librechat-install.sh
View File

@@ -1,139 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/danny-avila/LibreChat
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
MONGO_VERSION="8.0" setup_mongodb
setup_meilisearch
PG_VERSION="17" PG_MODULES="pgvector" setup_postgresql
PG_DB_NAME="ragapi" PG_DB_USER="ragapi" PG_DB_EXTENSIONS="vector" setup_postgresql_db
NODE_VERSION="24" setup_nodejs
UV_PYTHON="3.12" setup_uv
fetch_and_deploy_gh_tag "librechat" "danny-avila/LibreChat"
fetch_and_deploy_gh_release "rag-api" "danny-avila/rag_api" "tarball"
msg_info "Installing LibreChat Dependencies"
cd /opt/librechat
$STD npm ci
msg_ok "Installed LibreChat Dependencies"
msg_info "Building Frontend"
$STD npm run frontend
$STD npm prune --production
$STD npm cache clean --force
msg_ok "Built Frontend"
msg_info "Installing RAG API Dependencies"
cd /opt/rag-api
$STD uv venv --python 3.12 --seed .venv
$STD .venv/bin/pip install -r requirements.lite.txt
mkdir -p /opt/rag-api/uploads
msg_ok "Installed RAG API Dependencies"
msg_info "Configuring LibreChat"
JWT_SECRET=$(openssl rand -hex 32)
JWT_REFRESH_SECRET=$(openssl rand -hex 32)
CREDS_KEY=$(openssl rand -hex 32)
CREDS_IV=$(openssl rand -hex 16)
cat <<EOF >/opt/librechat/.env
HOST=0.0.0.0
PORT=3080
MONGO_URI=mongodb://127.0.0.1:27017/LibreChat
DOMAIN_CLIENT=http://${LOCAL_IP}:3080
DOMAIN_SERVER=http://${LOCAL_IP}:3080
NO_INDEX=true
TRUST_PROXY=1
JWT_SECRET=${JWT_SECRET}
JWT_REFRESH_SECRET=${JWT_REFRESH_SECRET}
SESSION_EXPIRY=1000 * 60 * 15
REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7
CREDS_KEY=${CREDS_KEY}
CREDS_IV=${CREDS_IV}
ALLOW_EMAIL_LOGIN=true
ALLOW_REGISTRATION=true
ALLOW_SOCIAL_LOGIN=false
ALLOW_SOCIAL_REGISTRATION=false
ALLOW_PASSWORD_RESET=false
ALLOW_UNVERIFIED_EMAIL_LOGIN=true
SEARCH=true
MEILI_NO_ANALYTICS=true
MEILI_HOST=http://127.0.0.1:7700
MEILI_MASTER_KEY=${MEILISEARCH_MASTER_KEY}
RAG_PORT=8000
RAG_API_URL=http://127.0.0.1:8000
APP_TITLE=LibreChat
ENDPOINTS=openAI,agents,assistants,anthropic,google
# OPENAI_API_KEY=your-key-here
# OPENAI_MODELS=
# ANTHROPIC_API_KEY=your-key-here
# GOOGLE_KEY=your-key-here
EOF
msg_ok "Configured LibreChat"
msg_info "Configuring RAG API"
cat <<EOF >/opt/rag-api/.env
VECTOR_DB_TYPE=pgvector
DB_HOST=127.0.0.1
DB_PORT=5432
POSTGRES_DB=${PG_DB_NAME}
POSTGRES_USER=${PG_DB_USER}
POSTGRES_PASSWORD=${PG_DB_PASS}
RAG_HOST=0.0.0.0
RAG_PORT=8000
JWT_SECRET=${JWT_SECRET}
RAG_UPLOAD_DIR=/opt/rag-api/uploads/
EOF
msg_ok "Configured RAG API"
msg_info "Creating Services"
cat <<EOF >/etc/systemd/system/librechat.service
[Unit]
Description=LibreChat
After=network.target mongod.service meilisearch.service rag-api.service
[Service]
Type=simple
User=root
WorkingDirectory=/opt/librechat
EnvironmentFile=/opt/librechat/.env
ExecStart=/usr/bin/npm run backend
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
cat <<EOF >/etc/systemd/system/rag-api.service
[Unit]
Description=LibreChat RAG API
After=network.target postgresql.service
[Service]
Type=simple
User=root
WorkingDirectory=/opt/rag-api
EnvironmentFile=/opt/rag-api/.env
ExecStart=/opt/rag-api/.venv/bin/uvicorn main:app --host 0.0.0.0 --port 8000
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now rag-api librechat
msg_ok "Created Services"
motd_ssh
customize
cleanup_lxc

53
install/lidarr-install.sh Normal file
View File

@@ -0,0 +1,53 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 tteck
# Author: tteck (tteckster)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://lidarr.audio/ | Github: https://github.com/Lidarr/Lidarr
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
sqlite3 \
libchromaprint-tools \
mediainfo
msg_ok "Installed Dependencies"
fetch_and_deploy_gh_release "lidarr" "Lidarr/Lidarr" "prebuild" "latest" "/opt/Lidarr" "Lidarr.master*linux-core-x64.tar.gz"
msg_info "Configuring Lidarr"
mkdir -p /var/lib/lidarr/
chmod 775 /var/lib/lidarr/
chmod 775 /opt/Lidarr
msg_ok "Configured Lidarr"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/lidarr.service
[Unit]
Description=Lidarr Daemon
After=syslog.target network.target
[Service]
UMask=0002
Type=simple
ExecStart=/opt/Lidarr/Lidarr -nobrowser -data=/var/lib/lidarr/
TimeoutStopSec=20
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now lidarr
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

101
install/lobehub-install.sh
View File

@@ -1,101 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/lobehub/lobehub
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y build-essential
msg_ok "Installed Dependencies"
PG_VERSION="17" PG_MODULES="pgvector" setup_postgresql
CODENAME=$(. /etc/os-release && echo "${VERSION_CODENAME:-bookworm}")
fetch_and_deploy_gh_release "paradedb" "paradedb/paradedb" "binary" "latest" "" "postgresql-17-pg-search_*-1PARADEDB-${CODENAME}_$(dpkg --print-architecture).deb"
msg_info "Configuring pg_search preload library"
if ! grep -q "shared_preload_libraries.*pg_search" /etc/postgresql/17/main/postgresql.conf; then
echo "shared_preload_libraries = 'pg_search'" >>/etc/postgresql/17/main/postgresql.conf
fi
systemctl restart postgresql
msg_ok "Configured pg_search preload library"
PG_DB_NAME="lobehub" PG_DB_USER="lobehub" PG_DB_EXTENSIONS="vector,pg_search" setup_postgresql_db
NODE_VERSION="24" NODE_MODULE="pnpm" setup_nodejs
fetch_and_deploy_gh_release "lobehub" "lobehub/lobehub" "tarball"
msg_info "Building Application"
cd /opt/lobehub
export DATABASE_URL="postgres://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}"
export DATABASE_DRIVER="node"
export KEY_VAULTS_SECRET="$(openssl rand -base64 32)"
export AUTH_SECRET="$(openssl rand -base64 32)"
export APP_URL="http://localhost:3210"
$STD pnpm install
$STD pnpm run build:docker
msg_ok "Built Application"
msg_info "Configuring Application"
KEY_VAULTS_SECRET=$(openssl rand -base64 32)
AUTH_SECRET=$(openssl rand -base64 32)
cat <<EOF >/opt/lobehub/.env
DATABASE_URL=postgres://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}
DATABASE_DRIVER=node
KEY_VAULTS_SECRET=${KEY_VAULTS_SECRET}
AUTH_SECRET=${AUTH_SECRET}
APP_URL=http://${LOCAL_IP}:3210
HOSTNAME=0.0.0.0
PORT=3210
NODE_ENV=production
EOF
msg_ok "Configured Application"
msg_info "Setting Up Standalone"
cp -r /opt/lobehub/.next/static /opt/lobehub/.next/standalone/.next/static
cp -r /opt/lobehub/public /opt/lobehub/.next/standalone/public
cp -r /opt/lobehub/scripts/migrateServerDB/* /opt/lobehub/.next/standalone/
cp -r /opt/lobehub/packages/database/migrations /opt/lobehub/.next/standalone/migrations
msg_ok "Set Up Standalone"
msg_info "Running Database Migrations"
cd /opt/lobehub/.next/standalone
set -a && source /opt/lobehub/.env && set +a
$STD node /opt/lobehub/.next/standalone/docker.cjs
msg_ok "Ran Database Migrations"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/lobehub.service
[Unit]
Description=LobeHub
After=network.target postgresql.service
Requires=postgresql.service
[Service]
Type=simple
User=root
WorkingDirectory=/opt/lobehub/.next/standalone
EnvironmentFile=/opt/lobehub/.env
ExecStart=/usr/bin/node /opt/lobehub/.next/standalone/server.js
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now lobehub
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

77
install/lychee-install.sh
View File

@@ -1,77 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/LycheeOrg/Lychee
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
caddy \
libimage-exiftool-perl \
jpegoptim
msg_ok "Installed Dependencies"
PHP_VERSION="8.4" PHP_FPM="YES" PHP_MODULE="bcmath,ldap,exif,gd,intl,imagick,redis,zip,pdo_pgsql,pcntl" setup_php
setup_ffmpeg
setup_imagemagick
PG_VERSION="16" setup_postgresql
PG_DB_NAME="lychee" PG_DB_USER="lychee" setup_postgresql_db
fetch_and_deploy_gh_release "lychee" "LycheeOrg/Lychee" "prebuild" "latest" "/opt/lychee" "Lychee.zip"
msg_info "Configuring Application"
cd /opt/lychee
cp .env.example .env
APP_KEY=$($STD php artisan key:generate --show)
sed -i "s|^APP_KEY=.*|APP_KEY=${APP_KEY}|" .env
sed -i "s|^APP_ENV=.*|APP_ENV=production|" .env
sed -i "s|^APP_DEBUG=.*|APP_DEBUG=false|" .env
sed -i "s|^APP_URL=.*|APP_URL=http://${LOCAL_IP}|" .env
sed -i "s|^DB_CONNECTION=.*|DB_CONNECTION=pgsql|" .env
sed -i "s|^DB_HOST=.*|DB_HOST=127.0.0.1|" .env
sed -i "s|^DB_PORT=.*|DB_PORT=5432|" .env
sed -i "s|^#\?DB_DATABASE=.*|DB_DATABASE=${PG_DB_NAME}|" .env
sed -i "s|^DB_USERNAME=.*|DB_USERNAME=${PG_DB_USER}|" .env
sed -i "s|^DB_PASSWORD=.*|DB_PASSWORD=${PG_DB_PASS}|" .env
mkdir -p storage/framework/{cache,sessions,views} storage/logs bootstrap/cache public/dist public/uploads public/sym
touch public/dist/user.css public/dist/custom.js
chmod -R 775 storage bootstrap/cache public/dist public/uploads public/sym
msg_ok "Configured Application"
msg_info "Running Database Migrations"
cd /opt/lychee
$STD php artisan migrate --force
msg_ok "Ran Database Migrations"
chown -R www-data:www-data /opt/lychee
msg_info "Configuring Caddy"
PHP_VER=$(php -r 'echo PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION;')
cat <<EOF >/etc/caddy/Caddyfile
:80 {
root * /opt/lychee/public
php_fastcgi unix//run/php/php${PHP_VER}-fpm.sock
file_server
encode gzip
}
EOF
usermod -aG www-data caddy
msg_ok "Configured Caddy"
systemctl enable -q --now php${PHP_VER}-fpm
systemctl restart caddy
motd_ssh
customize
cleanup_lxc

66
install/matomo-install.sh
View File

@@ -1,66 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://matomo.org/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y caddy
msg_ok "Installed Dependencies"
mkdir -p /opt/matomo
PHP_VERSION="8.3" PHP_FPM="YES" PHP_MODULES="pdo_mysql,gd,mbstring,xml,curl,intl,zip,ldap" setup_php
setup_mariadb
MARIADB_DB_NAME="matomo" MARIADB_DB_USER="matomo" setup_mariadb_db
msg_info "Allowing Local TCP Database Access"
$STD mariadb -u root -e "CREATE USER IF NOT EXISTS '$MARIADB_DB_USER'@'127.0.0.1' IDENTIFIED BY '$MARIADB_DB_PASS';"
$STD mariadb -u root -e "ALTER USER '$MARIADB_DB_USER'@'127.0.0.1' IDENTIFIED BY '$MARIADB_DB_PASS';"
$STD mariadb -u root -e "GRANT ALL ON \`$MARIADB_DB_NAME\`.* TO '$MARIADB_DB_USER'@'127.0.0.1';"
$STD mariadb -u root -e "FLUSH PRIVILEGES;"
msg_ok "Allowed Local TCP Database Access"
fetch_and_deploy_gh_release "matomo" "matomo-org/matomo" "prebuild" "latest" "/opt/matomo" "matomo-*.zip"
msg_info "Setting up Matomo"
if [[ -d /opt/matomo/matomo ]]; then
rm -rf /opt/matomo/tmp "/opt/matomo/How to install Matomo.html"
find /opt/matomo/matomo -mindepth 1 -maxdepth 1 -exec mv -t /opt/matomo {} +
rm -rf /opt/matomo/matomo
fi
mkdir -p /opt/matomo/tmp
chown -R www-data:www-data /opt/matomo
chmod -R 755 /opt/matomo/tmp
msg_ok "Set up Matomo"
msg_info "Configuring Caddy"
PHP_VER=$(php -r 'echo PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION;')
cat <<EOF >/etc/caddy/Caddyfile
:80 {
root * /opt/matomo
@blocked path /config /config/* /tmp /tmp/* /.* /.*/*
respond @blocked 403
php_fastcgi unix//run/php/php${PHP_VER}-fpm.sock
file_server
encode gzip
}
EOF
usermod -aG www-data caddy
msg_ok "Configured Caddy"
systemctl enable -q --now php${PHP_VER}-fpm
systemctl restart caddy
motd_ssh
customize
cleanup_lxc

56
install/matterjs-server-install.sh Normal file
View File

@@ -0,0 +1,56 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/matter-js/matterjs-server
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
NODE_VERSION="22" setup_nodejs
msg_info "Installing MatterJS-Server"
mkdir -p /opt/matter-server
cd /opt/matter-server
$STD npm install matter-server
mkdir -p /var/lib/matterjs-server
msg_ok "Installed MatterJS-Server"
msg_info "Configuring Network"
cat <<EOF >/etc/sysctl.d/60-ipv6-ra-rio.conf
net.ipv6.conf.default.accept_ra_rtr_pref=1
net.ipv6.conf.default.accept_ra_rt_info_max_plen=128
net.ipv6.conf.eth0.accept_ra_rtr_pref=1
net.ipv6.conf.eth0.accept_ra_rt_info_max_plen=128
EOF
$STD sysctl -p /etc/sysctl.d/60-ipv6-ra-rio.conf
msg_ok "Configured Network"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/matterjs-server.service
[Unit]
Description=MatterJS Server
After=network.target
[Service]
Type=simple
User=root
ExecStart=/usr/bin/node /opt/matter-server/node_modules/matter-server/dist/esm/MatterServer.js --storage-path /var/lib/matterjs-server
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now matterjs-server
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

59
install/musicseerr-install.sh Normal file
View File

@@ -0,0 +1,59 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: Michel Roegl-Brunner
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://musicseerr.com/ | Github: https://github.com/HabiRabbu/Musicseerr
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
PYTHON_VERSION="3.13" setup_uv
fetch_and_deploy_gh_release "musicseerr" "HabiRabbu/Musicseerr" "tarball"
NODE_VERSION="22" NODE_MODULE="pnpm@10.33.0" setup_nodejs
msg_info "Building Frontend"
cd /opt/musicseerr/frontend
export NODE_OPTIONS="--max-old-space-size=3072"
$STD pnpm install --frozen-lockfile
$STD pnpm run build
msg_ok "Built Frontend"
msg_info "Setting up Application"
mkdir -p /opt/musicseerr/backend/config /opt/musicseerr/backend/cache
$STD uv venv /opt/musicseerr/venv
$STD uv pip install -r /opt/musicseerr/backend/requirements.txt --python=/opt/musicseerr/venv/bin/python
rm -rf /opt/musicseerr/backend/static
cp -r /opt/musicseerr/frontend/build /opt/musicseerr/backend/static
msg_ok "Set up Application"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/musicseerr.service
[Unit]
Description=MusicSeerr Service
After=network.target
[Service]
Type=simple
User=root
WorkingDirectory=/opt/musicseerr/backend
Environment=ROOT_APP_DIR=/opt/musicseerr/backend
Environment=PORT=8688
ExecStart=/opt/musicseerr/venv/bin/uvicorn main:app --host 0.0.0.0 --port 8688 --loop uvloop --http httptools --workers 1
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now musicseerr
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

78
install/nagios-install.sh
View File

@@ -1,78 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/NagiosEnterprises/nagioscore
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
autoconf \
automake \
build-essential \
bc \
dc \
gawk \
gettext \
gperf \
libgd-dev \
libmcrypt-dev \
libnet-snmp-perl \
libssl-dev \
snmp \
apache2 \
apache2-utils
msg_ok "Installed Dependencies"
PHP_APACHE="YES" setup_php
fetch_and_deploy_gh_release "nagios" "NagiosEnterprises/nagioscore" "tarball"
msg_info "Building Nagios Core"
cd /opt/nagios
$STD ./configure --with-httpd-conf=/etc/apache2/sites-enabled
$STD make all
$STD make install-groups-users
usermod -a -G nagios www-data
$STD make install
$STD make install-daemoninit
$STD make install-commandmode
$STD make install-config
$STD make install-webconf
$STD a2enmod rewrite
$STD a2enmod cgi
msg_ok "Built Nagios Core"
fetch_and_deploy_gh_release "nagios-plugins" "nagios-plugins/nagios-plugins" "tarball"
msg_info "Building Nagios Plugins"
cd /opt/nagios-plugins
$STD ./tools/setup
$STD ./configure
$STD make
$STD make install
msg_ok "Built Nagios Plugins"
msg_info "Configuring Web Authentication"
$STD htpasswd -bc /usr/local/nagios/etc/htpasswd.users nagiosadmin nagiosadmin
chown root:www-data /usr/local/nagios/etc/htpasswd.users
chmod 640 /usr/local/nagios/etc/htpasswd.users
msg_ok "Configured Web Authentication"
msg_info "Starting Services"
systemctl enable -q apache2
systemctl restart apache2
systemctl enable -q --now nagios
msg_ok "Started Services"
motd_ssh
customize
cleanup_lxc

255
install/neko-install.sh
View File

@@ -1,255 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: CanbiZ (MickLesk)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://neko.m1k1o.net/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
supervisor \
pulseaudio \
dbus-x11 \
xserver-xorg-video-dummy \
xdotool \
xclip \
libgtk-3-0 \
gstreamer1.0-plugins-base \
gstreamer1.0-plugins-good \
gstreamer1.0-plugins-bad \
gstreamer1.0-plugins-ugly \
gstreamer1.0-pulseaudio \
openbox \
firefox-esr \
fonts-noto-color-emoji \
fonts-wqy-zenhei
msg_ok "Installed Dependencies"
systemctl disable -q --now supervisor
msg_info "Installing Build Dependencies"
$STD apt install -y \
build-essential \
pkg-config \
libx11-dev \
libxrandr-dev \
libxtst-dev \
libgtk-3-dev \
libxcvt-dev \
libgstreamer1.0-dev \
libgstreamer-plugins-base1.0-dev
msg_ok "Installed Build Dependencies"
NODE_VERSION="22" setup_nodejs
setup_go
fetch_and_deploy_gh_release "neko" "m1k1o/neko" "tarball"
msg_info "Building Client"
cd /opt/neko/client
$STD npm install
$STD npm run build
mkdir -p /var/www
cp -r /opt/neko/client/dist/* /var/www/
msg_ok "Built Client"
msg_info "Building Server"
cd /opt/neko/server
$STD ./build
cp /opt/neko/server/bin/neko /usr/bin/neko
mkdir -p /etc/neko/plugins
cp -r /opt/neko/server/bin/plugins/* /etc/neko/plugins/ 2>/dev/null || true
msg_ok "Built Server"
msg_info "Setting up Runtime"
useradd -m -s /bin/bash neko
usermod -aG audio,video neko
mkdir -p /etc/neko/supervisord /var/www /var/log/neko /tmp/.X11-unix /tmp/runtime-neko /home/neko/.config/pulse /home/neko/.local/share/xorg
chmod 1777 /tmp/.X11-unix
chmod 1777 /var/log/neko
chmod 0700 /tmp/runtime-neko
chown neko /tmp/.X11-unix /var/log/neko /tmp/runtime-neko
chown -R neko:neko /home/neko
cp /opt/neko/runtime/xorg.conf /etc/neko/xorg.conf
# Remove the dummy_touchscreen InputDevice section (requires custom "neko" Xorg driver not available bare-metal)
sed -i '/Section "InputDevice"/{N;/dummy_touchscreen/{:l;N;/EndSection/!bl;d}}' /etc/neko/xorg.conf
sed -i '/dummy_touchscreen/d' /etc/neko/xorg.conf
sed -i 's/InputDevice "dummy_mouse"/InputDevice "dummy_mouse" "CorePointer"/' /etc/neko/xorg.conf
cp /opt/neko/runtime/default.pa /etc/pulse/default.pa
cat <<EOF >/etc/neko/supervisord.conf
[supervisord]
nodaemon=true
user=root
pidfile=/var/run/supervisord.pid
logfile=/dev/null
logfile_maxbytes=0
loglevel=debug
[include]
files=/etc/neko/supervisord/*.conf
[program:x-server]
environment=HOME="/home/neko",USER="neko"
command=/usr/bin/X :99.0 -config /etc/neko/xorg.conf -noreset -nolisten tcp
autorestart=true
priority=300
user=neko
stdout_logfile=/var/log/neko/xorg.log
stdout_logfile_maxbytes=100MB
stdout_logfile_backups=10
redirect_stderr=true
[program:pulseaudio]
environment=HOME="/home/neko",USER="neko",DISPLAY=":99.0"
command=/usr/bin/pulseaudio --log-level=error --disallow-module-loading --disallow-exit --exit-idle-time=-1
autorestart=true
priority=300
user=neko
stdout_logfile=/var/log/neko/pulseaudio.log
stdout_logfile_maxbytes=100MB
stdout_logfile_backups=10
redirect_stderr=true
[program:neko]
environment=HOME="/home/neko",USER="neko",DISPLAY=":99.0"
command=/usr/bin/neko serve --server.static "/var/www"
stopsignal=INT
stopwaitsecs=3
autorestart=true
priority=800
user=neko
stdout_logfile=/var/log/neko/neko.log
stdout_logfile_maxbytes=100MB
stdout_logfile_backups=10
redirect_stderr=true
[unix_http_server]
file=/var/run/supervisor.sock
chmod=0770
chown=root:neko
[supervisorctl]
serverurl=unix:///var/run/supervisor.sock
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
EOF
cat <<EOF >/etc/neko/supervisord/firefox.conf
[program:firefox]
environment=HOME="/home/neko",USER="neko",DISPLAY=":99.0"
command=/usr/bin/firefox-esr --no-remote --display=:99.0 -width 1280 -height 720
stopsignal=INT
autorestart=true
priority=800
user=neko
stdout_logfile=/var/log/neko/firefox.log
stdout_logfile_maxbytes=100MB
stdout_logfile_backups=10
redirect_stderr=true
[program:openbox]
environment=HOME="/home/neko",USER="neko",DISPLAY=":99.0"
command=/usr/bin/openbox --config-file /etc/neko/openbox.xml
autorestart=true
priority=300
user=neko
stdout_logfile=/var/log/neko/openbox.log
stdout_logfile_maxbytes=100MB
stdout_logfile_backups=10
redirect_stderr=true
EOF
cat <<'EOF' >/etc/neko/openbox.xml
<?xml version="1.0" encoding="UTF-8"?>
<openbox_config xmlns="http://openbox.org/3.4/rc" xmlns:xi="http://www.w3.org/2001/XInclude">
<applications>
<application class="firefox" name="Navigator" role="browser">
<decor>no</decor>
<maximized>true</maximized>
<focus>yes</focus>
<layer>normal</layer>
</application>
</applications>
<focus>
<focusNew>yes</focusNew>
<followMouse>no</followMouse>
<focusLast>yes</focusLast>
<underMouse>no</underMouse>
<focusDelay>200</focusDelay>
<raiseOnFocus>no</raiseOnFocus>
</focus>
<placement>
<policy>Smart</policy>
<center>yes</center>
</placement>
<desktops>
<number>1</number>
<firstdesk>1</firstdesk>
<popupTime>0</popupTime>
</desktops>
</openbox_config>
EOF
cat <<EOF >/etc/neko/neko.yaml
server:
bind: "0.0.0.0:8080"
static: "/var/www"
session:
cookie:
enabled: false
webrtc:
icelite: true
nat1to1:
- "${LOCAL_IP}"
epr: "59000-59100"
desktop:
input:
enabled: false
member:
provider: "multiuser"
multiuser:
admin_password: "admin"
user_password: "neko"
EOF
msg_ok "Set up Runtime"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/neko.service
[Unit]
Description=Neko Virtual Browser
After=network.target
[Service]
Type=simple
User=root
Environment=USER=neko
Environment=DISPLAY=:99.0
Environment=PULSE_SERVER=unix:/tmp/pulseaudio.socket
Environment=XDG_RUNTIME_DIR=/tmp/runtime-neko
Environment=NEKO_PLUGINS_ENABLED=true
Environment=NEKO_PLUGINS_DIR=/etc/neko/plugins/
Environment=NEKO_CONFIG=/etc/neko/neko.yaml
ExecStart=/usr/bin/supervisord -c /etc/neko/supervisord.conf -n
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now neko
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

29
install/netbird-install.sh
View File

@@ -1,29 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://netbird.io
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing NetBird Client"
curl -sSL https://pkgs.netbird.io/debian/public.key | gpg --dearmor --output /usr/share/keyrings/netbird-archive-keyring.gpg
echo 'deb [signed-by=/usr/share/keyrings/netbird-archive-keyring.gpg] https://pkgs.netbird.io/debian stable main' >/etc/apt/sources.list.d/netbird.list
$STD apt update
$STD apt install -y netbird
msg_ok "Installed NetBird Client"
msg_info "Enabling Service"
systemctl enable -q --now netbird
msg_ok "Enabled Service"
motd_ssh
customize
cleanup_lxc

2
install/paperclip-install.sh
View File

@@ -25,7 +25,7 @@ NODE_VERSION="24" NODE_MODULE="pnpm" setup_nodejs
PG_VERSION="17" setup_postgresql
PG_DB_NAME="paperclip" PG_DB_USER="paperclip" setup_postgresql_db
fetch_and_deploy_gh_release "paperclip" "paperclipai/paperclip" "tarball"
fetch_and_deploy_gh_release "paperclip-ai" "paperclipai/paperclip" "tarball"
msg_info "Building Paperclip"
cd /opt/paperclip

49
install/prowlarr-install.sh Normal file
View File

@@ -0,0 +1,49 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 tteck
# Author: tteck (tteckster)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://prowlarr.com/ | Github: https://github.com/Prowlarr/Prowlarr
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y sqlite3
msg_ok "Installed Dependencies"
fetch_and_deploy_gh_release "prowlarr" "Prowlarr/Prowlarr" "prebuild" "latest" "/opt/Prowlarr" "Prowlarr.master*linux-core-x64.tar.gz"
msg_info "Configuring Prowlarr"
mkdir -p /var/lib/prowlarr/
chmod 775 /var/lib/prowlarr/ /opt/Prowlarr
msg_ok "Configured Prowlarr"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/prowlarr.service
[Unit]
Description=Prowlarr Daemon
After=syslog.target network.target
[Service]
UMask=0002
Type=simple
ExecStart=/opt/Prowlarr/Prowlarr -nobrowser -data=/var/lib/prowlarr/
TimeoutStopSec=20
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now prowlarr
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

56
install/qbittorrent-install.sh Normal file
View File

@@ -0,0 +1,56 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: tteck (tteckster) | Co-Author: Slaviša Arežina (tremor021)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://www.qbittorrent.org/ | Github: https://github.com/qbittorrent/qBittorrent
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
fetch_and_deploy_gh_release "qbittorrent" "userdocs/qbittorrent-nox-static" "singlefile" "latest" "/opt/qbittorrent" "x86_64-qbittorrent-nox"
msg_info "Setup qBittorrent-nox"
mv /opt/qbittorrent/qbittorrent /opt/qbittorrent/qbittorrent-nox
mkdir -p ~/.config/qBittorrent/
cat <<EOF >~/.config/qBittorrent/qBittorrent.conf
[LegalNotice]
Accepted=true
[Preferences]
WebUI\Password_PBKDF2="@ByteArray(amjeuVrF3xRbgzqWQmes5A==:XK3/Ra9jUmqUc4RwzCtrhrkQIcYczBl90DJw2rT8DFVTss4nxpoRhvyxhCf87ahVE3SzD8K9lyPdpyUCfmVsUg==)"
WebUI\Port=8090
WebUI\UseUPnP=false
WebUI\Username=admin
[Network]
PortForwardingEnabled=false
EOF
msg_ok "Setup qBittorrent-nox"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/qbittorrent-nox.service
[Unit]
Description=qBittorrent client
After=network.target
[Service]
Type=simple
User=root
ExecStart=/opt/qbittorrent/qbittorrent-nox
Restart=always
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now qbittorrent-nox
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

49
install/radarr-install.sh Normal file
View File

@@ -0,0 +1,49 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 tteck
# Author: tteck (tteckster)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://radarr.video/ | Github: https://github.com/Radarr/Radarr
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y sqlite3
msg_ok "Installed Dependencies"
fetch_and_deploy_gh_release "Radarr" "Radarr/Radarr" "prebuild" "latest" "/opt/Radarr" "Radarr.master*linux-core-x64.tar.gz"
msg_info "Configuring Radarr"
mkdir -p /var/lib/radarr/
chmod 775 /var/lib/radarr/ /opt/Radarr/
msg_ok "Configured Radarr"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/radarr.service
[Unit]
Description=Radarr Daemon
After=syslog.target network.target
[Service]
UMask=0002
Type=simple
ExecStart=/opt/Radarr/Radarr -nobrowser -data=/var/lib/radarr/
TimeoutStopSec=20
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now radarr
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

25
install/arm/rdtclient-install.sh → install/rdtclient-install.sh
View File

@@ -2,7 +2,7 @@
# Copyright (c) 2021-2026 tteck
# Author: tteck (tteckster)
# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/rogerfar/rdt-client
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
@@ -14,25 +14,14 @@ network_check
update_os
msg_info "Installing Dependencies"
$STD apt-get install -y unzip
setup_deb822_repo \
"microsoft" \
"https://packages.microsoft.com/keys/microsoft-2025.asc" \
"https://packages.microsoft.com/debian/13/prod/" \
"trixie"
$STD apt install -y aspnetcore-runtime-10.0
msg_ok "Installed Dependencies"
msg_info "Installing ASP.NET Core Runtime"
$STD apt-get install -y libc6
$STD apt-get install -y libgcc1
$STD apt-get install -y libgssapi-krb5-2
$STD apt-get install -y libicu72
$STD apt-get install -y liblttng-ust1
$STD apt-get install -y libssl3
$STD apt-get install -y libstdc++6
$STD apt-get install -y zlib1g
curl -SL -o dotnet.tar.gz https://download.visualstudio.microsoft.com/download/pr/6f79d99b-dc38-4c44-a549-32329419bb9f/a411ec38fb374e3a4676647b236ba021/dotnet-sdk-9.0.100-linux-arm64.tar.gz
mkdir -p /usr/share/dotnet
$STD tar -zxf dotnet.tar.gz -C /usr/share/dotnet
$STD ln -s /usr/share/dotnet/dotnet /usr/bin/dotnet
msg_ok "Installed ASP.NET Core Runtime"
fetch_and_deploy_gh_release "rdt-client" "rogerfar/rdt-client" "prebuild" "latest" "/opt/rdtc" "RealDebridClient.zip"
msg_info "Setting up rdtclient"

69
install/sabnzbd-install.sh Normal file
View File

@@ -0,0 +1,69 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 tteck
# Author: tteck (tteckster) | Co-Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://sabnzbd.org/ | Github: https://github.com/sabnzbd/sabnzbd
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
par2 \
p7zip-full
msg_ok "Installed Dependencies"
PYTHON_VERSION="3.13" setup_uv
msg_info "Setup Unrar"
cat <<EOF >/etc/apt/sources.list.d/non-free.sources
Types: deb
URIs: http://deb.debian.org/debian/
Suites: trixie
Components: non-free
Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
EOF
$STD apt update
$STD apt install -y unrar
msg_ok "Setup Unrar"
fetch_and_deploy_gh_release "sabnzbd-org" "sabnzbd/sabnzbd" "prebuild" "latest" "/opt/sabnzbd" "SABnzbd-*-src.tar.gz"
msg_info "Installing SABnzbd"
$STD uv venv --clear /opt/sabnzbd/venv
$STD uv pip install -r /opt/sabnzbd/requirements.txt --python=/opt/sabnzbd/venv/bin/python
msg_ok "Installed SABnzbd"
read -r -p "Would you like to install par2cmdline-turbo? <y/N> " prompt
if [[ "${prompt,,}" =~ ^(y|yes)$ ]]; then
mv /usr/bin/par2 /usr/bin/par2.old
fetch_and_deploy_gh_release "par2cmdline-turbo" "animetosho/par2cmdline-turbo" "prebuild" "latest" "/usr/bin/" "*-linux-amd64.zip"
fi
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/sabnzbd.service
[Unit]
Description=SABnzbd
After=network.target
[Service]
WorkingDirectory=/opt/sabnzbd
ExecStart=/opt/sabnzbd/venv/bin/python SABnzbd.py -s 0.0.0.0:7777
Restart=always
User=root
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now sabnzbd
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

69
install/seerr-install.sh Normal file
View File

@@ -0,0 +1,69 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: CrazyWolf13
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://docs.seerr.dev/ | Github: https://github.com/seerr-team/seerr
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
build-essential \
python3-setuptools
msg_ok "Installed Dependencies"
fetch_and_deploy_gh_release "seerr" "seerr-team/seerr" "tarball"
pnpm_desired=$(grep -Po '"pnpm":\s*"\K[^"]+' /opt/seerr/package.json)
NODE_VERSION="22" NODE_MODULE="pnpm@$pnpm_desired" setup_nodejs
msg_info "Installing Seerr (Patience)"
export CYPRESS_INSTALL_BINARY=0
cd /opt/seerr
$STD pnpm install --frozen-lockfile
export NODE_OPTIONS="--max-old-space-size=3072"
$STD pnpm build
mkdir -p /etc/seerr/
cat <<EOF >/etc/seerr/seerr.conf
## Seerr's default port is 5055, if you want to use both, change this.
## specify on which port to listen
PORT=5055
## specify on which interface to listen, by default seerr listens on all interfaces
HOST=0.0.0.0
## Uncomment if you want to force Node.js to resolve IPv4 before IPv6 (advanced users only)
# FORCE_IPV4_FIRST=true
EOF
msg_ok "Installed Seerr"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/seerr.service
[Unit]
Description=Seerr Service
Wants=network-online.target
After=network-online.target
[Service]
EnvironmentFile=/etc/seerr/seerr.conf
Environment=NODE_ENV=production
Type=exec
Restart=on-failure
WorkingDirectory=/opt/seerr
ExecStart=/usr/bin/node dist/index.js
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now seerr
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

119
install/slskd-install.sh Normal file
View File

@@ -0,0 +1,119 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: vhsdream
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/slskd/slskd/, https://github.com/mrusse/soularr
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
fetch_and_deploy_gh_release "Slskd" "slskd/slskd" "prebuild" "latest" "/opt/slskd" "slskd-*-linux-x64.zip"
msg_info "Configuring Slskd"
JWT_KEY=$(openssl rand -base64 44)
SLSKD_API_KEY=$(openssl rand -base64 44)
cp /opt/slskd/config/slskd.example.yml /opt/slskd/config/slskd.yml
sed -i \
-e '/web:/,/cidr/s/^# //' \
-e '/https:/,/port: 5031/s/false/true/' \
-e '/port: 5030/,/socket/s/,.*$//' \
-e '/content_path:/,/authentication/s/false/true/' \
-e "\|api_keys|,\|cidr|s|<some.*$|$SLSKD_API_KEY|; \
s|role: readonly|role: readwrite|; \
s|0.0.0.0/0,::/0|& # Replace this with your subnet|" \
-e "\|jwt:|,\|ttl|s|key: ~|key: $JWT_KEY|" \
-e '/soulseek/,/write_queue/s/^# //' \
-e 's/^.*picture/#&/' /opt/slskd/config/slskd.yml
msg_ok "Configured Slskd"
read -rp "${TAB3}Do you want to install Soularr? y/N " soularr
if [[ ${soularr,,} =~ ^(y|yes)$ ]]; then
PYTHON_VERSION="3.11" setup_uv
fetch_and_deploy_gh_release "Soularr" "mrusse/soularr" "tarball" "latest" "/opt/soularr"
cd /opt/soularr
$STD uv venv venv
$STD source venv/bin/activate
$STD uv pip install -r requirements.txt
sed -i \
-e "\|[Slskd]|,\|host_url|s|yourslskdapikeygoeshere|$SLSKD_API_KEY|" \
-e "/host_url/s/slskd/localhost/" \
/opt/soularr/config.ini
cat <<EOF >/opt/soularr/run.sh
#!/usr/bin/env bash
if ps aux | grep "[s]oularr.py" >/dev/null; then
echo "Soularr is already running. Exiting..." >&2
exit 1
fi
# Remove stale lock file from previous ungraceful exit
rm -f "/opt/soularr/.soularr.lock"
source /opt/soularr/venv/bin/activate
uv run python3 -u /opt/soularr/soularr.py --config-dir /opt/soularr 2>&1
EOF
chmod +x /opt/soularr/run.sh
deactivate
msg_ok "Installed Soularr"
fi
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/slskd.service
[Unit]
Description=Slskd Service
After=network.target
Wants=network.target
[Service]
WorkingDirectory=/opt/slskd
ExecStart=/opt/slskd/slskd --config /opt/slskd/config/slskd.yml
Restart=always
[Install]
WantedBy=multi-user.target
EOF
if [[ -d /opt/soularr ]]; then
cat <<EOF >/etc/systemd/system/soularr.timer
[Unit]
Description=Soularr service timer
RefuseManualStart=no
RefuseManualStop=no
[Timer]
Persistent=true
# run every 10 minutes
OnCalendar=*-*-* *:0/10:00
Unit=soularr.service
[Install]
WantedBy=timers.target
EOF
cat <<EOF >/etc/systemd/system/soularr.service
[Unit]
Description=Soularr service
After=network.target slskd.service
[Service]
Type=simple
WorkingDirectory=/opt/soularr
ExecStart=/bin/bash -c /opt/soularr/run.sh
[Install]
WantedBy=multi-user.target
EOF
msg_warn "Add your Lidarr API key to Soularr in '/opt/soularr/config.ini', then run 'systemctl enable --now soularr.timer'"
fi
systemctl enable -q --now slskd
msg_ok "Created Services"
motd_ssh
customize
cleanup_lxc

87
install/solidtime-install.sh
View File

@@ -1,87 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://www.solidtime.io/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y caddy
msg_ok "Installed Dependencies"
PHP_VERSION="8.3" PHP_FPM="YES" PHP_MODULES="bcmath,gd,intl,xml,zip,pdo_pgsql,redis,mbstring,curl" setup_php
setup_composer
NODE_VERSION="22" setup_nodejs
PG_VERSION="16" setup_postgresql
PG_DB_NAME="solidtime" PG_DB_USER="solidtime" setup_postgresql_db
fetch_and_deploy_gh_release "solidtime" "solidtime-io/solidtime" "tarball"
msg_info "Setting up SolidTime"
cd /opt/solidtime
cp .env.example .env
sed -i "s|^APP_ENV=.*|APP_ENV=production|" .env
sed -i "s|^APP_DEBUG=.*|APP_DEBUG=false|" .env
sed -i "s|^APP_URL=.*|APP_URL=http://${LOCAL_IP}|" .env
sed -i "s|^APP_ENABLE_REGISTRATION=.*|APP_ENABLE_REGISTRATION=true|" .env
sed -i "s|^DB_CONNECTION=.*|DB_CONNECTION=pgsql|" .env
sed -i "s|^DB_HOST=.*|DB_HOST=127.0.0.1|" .env
sed -i "s|^DB_PORT=.*|DB_PORT=5432|" .env
sed -i "s|^DB_DATABASE=.*|DB_DATABASE=${PG_DB_NAME}|" .env
sed -i "s|^DB_USERNAME=.*|DB_USERNAME=${PG_DB_USER}|" .env
sed -i "s|^DB_PASSWORD=.*|DB_PASSWORD=${PG_DB_PASS}|" .env
sed -i "s|^FILESYSTEM_DISK=.*|FILESYSTEM_DISK=local|" .env
sed -i "s|^PUBLIC_FILESYSTEM_DISK=.*|PUBLIC_FILESYSTEM_DISK=public|" .env
sed -i "s|^MAIL_MAILER=.*|MAIL_MAILER=log|" .env
sed -i "s|^SESSION_SECURE_COOKIE=.*|SESSION_SECURE_COOKIE=false|" .env
grep -q "^SESSION_SECURE_COOKIE=" .env || echo "SESSION_SECURE_COOKIE=false" >>.env
sed -i "s|^APP_FORCE_HTTPS=.*|APP_FORCE_HTTPS=false|" .env
grep -q "^APP_FORCE_HTTPS=" .env || echo "APP_FORCE_HTTPS=false" >>.env
$STD composer install --no-dev --optimize-autoloader
php artisan self-host:generate-keys >/tmp/solidtime.keys 2>/dev/null
while IFS= read -r line; do
KEY="${line%%=*}"
[[ -z "$KEY" || "${KEY:0:1}" == "#" ]] && continue
sed -i "/^${KEY}=/d" .env
echo "$line" >>.env
done </tmp/solidtime.keys
rm -f /tmp/solidtime.keys
$STD npm install
$STD npm run build
rm -rf node_modules
mkdir -p storage/framework/{cache,sessions,views} storage/logs bootstrap/cache
chown -R www-data:www-data /opt/solidtime
chmod -R 775 storage bootstrap/cache
$STD php artisan storage:link
$STD php artisan migrate --force
$STD php artisan passport:client --personal --name="API" -n
$STD php artisan optimize:clear
msg_ok "Set up SolidTime"
msg_info "Configuring Caddy"
PHP_VER=$(php -r 'echo PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION;')
cat <<EOF >/etc/caddy/Caddyfile
:80 {
root * /opt/solidtime/public
php_fastcgi unix//run/php/php${PHP_VER}-fpm.sock
file_server
encode gzip
}
EOF
usermod -aG www-data caddy
msg_ok "Configured Caddy"
systemctl enable -q --now php${PHP_VER}-fpm
systemctl restart caddy
motd_ssh
customize
cleanup_lxc

45
install/sonarr-install.sh Normal file
View File

@@ -0,0 +1,45 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 tteck
# Author: tteck (tteckster)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://sonarr.tv/ | Github: https://github.com/Sonarr/Sonarr
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y sqlite3
msg_ok "Installed Dependencies"
fetch_and_deploy_gh_release "Sonarr" "Sonarr/Sonarr" "prebuild" "latest" "/opt/Sonarr" "Sonarr.main.*.linux-x64.tar.gz"
mkdir -p /var/lib/sonarr/
chmod 775 /var/lib/sonarr/
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/sonarr.service
[Unit]
Description=Sonarr Daemon
After=syslog.target network.target
[Service]
Type=simple
ExecStart=/opt/Sonarr/Sonarr -nobrowser -data=/var/lib/sonarr/
TimeoutStopSec=20
KillMode=process
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now sonarr
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

59
install/soulsync-install.sh
View File

@@ -1,59 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/Nezreka/SoulSync
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
gcc \
libffi-dev \
libssl-dev \
libchromaprint-tools \
ffmpeg
msg_ok "Installed Dependencies"
UV_PYTHON="3.11" setup_uv
fetch_and_deploy_gh_release "soulsync" "Nezreka/SoulSync" "tarball"
msg_info "Setting up Application"
cd /opt/soulsync
$STD uv venv /opt/soulsync/.venv --python 3.11
$STD uv pip install -r requirements.txt --python /opt/soulsync/.venv/bin/python
mkdir -p /opt/soulsync/{config,data,logs}
msg_ok "Set up Application"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/soulsync.service
[Unit]
Description=SoulSync Music Discovery
After=network.target
[Service]
Type=simple
User=root
WorkingDirectory=/opt/soulsync
ExecStart=/opt/soulsync/.venv/bin/python web_server.py
Environment=PYTHONPATH=/opt/soulsync PYTHONUNBUFFERED=1 DATABASE_PATH=/opt/soulsync/data/music_library.db
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now soulsync
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

98
install/storyteller-install.sh
View File

@@ -1,98 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://gitlab.com/storyteller-platform/storyteller
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
build-essential \
git \
pkg-config \
libsqlite3-dev \
sqlite3 \
python3-setuptools \
ffmpeg
msg_ok "Installed Dependencies"
NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
fetch_and_deploy_gh_release "readium" "readium/cli" "prebuild" "latest" "/opt/readium" "readium_linux_x86_64.tar.gz"
ln -sf /opt/readium/readium /usr/local/bin/readium
fetch_and_deploy_gl_release "storyteller" "storyteller-platform/storyteller" "tarball" "latest" "/opt/storyteller"
msg_info "Setting up Storyteller"
cd /opt/storyteller
$STD yarn install --network-timeout 600000
$STD gcc -g -fPIC -rdynamic -shared web/sqlite/uuid.c -o web/sqlite/uuid.c.so
STORYTELLER_SECRET_KEY=$(openssl rand -base64 32)
cat <<EOF >/opt/storyteller/.env
STORYTELLER_SECRET_KEY=${STORYTELLER_SECRET_KEY}
STORYTELLER_DATA_DIR=/opt/storyteller/data
PORT=8001
HOSTNAME=0.0.0.0
READIUM_PORT=9000
NODE_ENV=production
NEXT_TELEMETRY_DISABLED=1
EOF
mkdir -p /opt/storyteller/data
{
echo "Storyteller Credentials"
echo "======================="
echo "Secret Key: ${STORYTELLER_SECRET_KEY}"
} >~/storyteller.creds
msg_ok "Set up Storyteller"
msg_info "Building Storyteller"
cd /opt/storyteller
export CI=1
export NODE_ENV=production
export NEXT_TELEMETRY_DISABLED=1
export SQLITE_NATIVE_BINDING=/opt/storyteller/node_modules/better-sqlite3/build/Release/better_sqlite3.node
$STD yarn workspaces foreach -Rpt --from @storyteller-platform/web --exclude @storyteller-platform/eslint run build
mkdir -p /opt/storyteller/web/.next/standalone/web/.next/static
cp -rT /opt/storyteller/web/.next/static /opt/storyteller/web/.next/standalone/web/.next/static
if [[ -d /opt/storyteller/web/public ]]; then
mkdir -p /opt/storyteller/web/.next/standalone/web/public
cp -rT /opt/storyteller/web/public /opt/storyteller/web/.next/standalone/web/public
fi
mkdir -p /opt/storyteller/web/.next/standalone/web/migrations
cp -rT /opt/storyteller/web/migrations /opt/storyteller/web/.next/standalone/web/migrations
mkdir -p /opt/storyteller/web/.next/standalone/web/sqlite
cp -rT /opt/storyteller/web/sqlite /opt/storyteller/web/.next/standalone/web/sqlite
ln -sf /opt/storyteller/.env /opt/storyteller/web/.next/standalone/web/.env
msg_ok "Built Storyteller"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/storyteller.service
[Unit]
Description=Storyteller
After=network.target
[Service]
Type=simple
User=root
WorkingDirectory=/opt/storyteller/web/.next/standalone/web
EnvironmentFile=/opt/storyteller/.env
ExecStart=/usr/bin/node --enable-source-maps server.js
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now storyteller
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

94
install/teable-install.sh
View File

@@ -1,94 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/teableio/teable
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
build-essential \
python3 \
git
msg_ok "Installed Dependencies"
NODE_VERSION="24" NODE_MODULE="pnpm" setup_nodejs
PG_VERSION="16" setup_postgresql
PG_DB_NAME="teable" PG_DB_USER="teable" setup_postgresql_db
fetch_and_deploy_gh_release "teable" "teableio/teable" "tarball"
msg_info "Setting up Teable"
cd /opt/teable
TEABLE_VERSION=$(cat ~/.teable)
echo "NEXT_PUBLIC_BUILD_VERSION=\"${TEABLE_VERSION}\"" >>apps/nextjs-app/.env
export HUSKY=0
export NODE_OPTIONS="--max-old-space-size=8192"
$STD pnpm install --frozen-lockfile
$STD pnpm -F @teable/db-main-prisma prisma-generate --schema ./prisma/postgres/schema.prisma
msg_ok "Set up Teable"
msg_info "Building Teable"
NODE_ENV=production NEXT_BUILD_ENV_TYPECHECK=false \
$STD pnpm -r --filter '!playground' run build
msg_ok "Built Teable"
msg_info "Running Database Migrations"
PRISMA_DATABASE_URL="postgresql://teable:${PG_DB_PASS}@localhost:5432/teable?schema=public" \
$STD pnpm -F @teable/db-main-prisma prisma-migrate deploy --schema ./prisma/postgres/schema.prisma
msg_ok "Ran Database Migrations"
msg_info "Configuring Teable"
mkdir -p /opt/teable/.assets /opt/teable/.temporary
SECRET_KEY=$(openssl rand -base64 32)
cat <<EOF >/opt/teable/.env
PRISMA_DATABASE_URL=postgresql://teable:${PG_DB_PASS}@localhost:5432/teable?schema=public&statement_cache_size=1
PUBLIC_ORIGIN=http://${LOCAL_IP}:3000
SECRET_KEY=${SECRET_KEY}
PORT=3000
NODE_ENV=production
NEXT_TELEMETRY_DISABLED=1
BACKEND_CACHE_PROVIDER=sqlite
BACKEND_CACHE_SQLITE_URI=sqlite:///opt/teable/.assets/.cache.db
NEXTJS_DIR=apps/nextjs-app
EOF
ln -sf /opt/teable /app
rm -rf /opt/teable/static
if [ -d "/opt/teable/apps/nestjs-backend/static/static" ]; then
ln -sf /opt/teable/apps/nestjs-backend/static/static /opt/teable/static
else
ln -sf /opt/teable/apps/nestjs-backend/static /opt/teable/static
fi
msg_ok "Configured Teable"
msg_info "Creating Service"
cat <<EOF >/etc/systemd/system/teable.service
[Unit]
Description=Teable
After=network.target postgresql.service
[Service]
Type=simple
WorkingDirectory=/opt/teable
EnvironmentFile=/opt/teable/.env
ExecStart=/usr/bin/node apps/nestjs-backend/dist/index.js
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now teable
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

10
install/tolgee-install.sh
View File

@@ -20,10 +20,10 @@ PG_DB_NAME="tolgee" PG_DB_USER="tolgee" setup_postgresql_db
fetch_and_deploy_gh_release "tolgee" "tolgee/tolgee-platform" "singlefile" "latest" "/opt/tolgee" "tolgee-*.jar"
msg_info "Setting up Tolgee"
mkdir -p /opt/tolgee/data
mkdir -p /opt/tolgee_data
find /opt/tolgee -maxdepth 1 -type f -name 'tolgee-*.jar' -exec mv {} /opt/tolgee/tolgee.jar \;
cat <<EOF >/opt/tolgee/.env
cat <<EOF >/opt/tolgee_data/.env
SERVER_PORT=8080
TOLGEE_POSTGRES_AUTOSTART_ENABLED=false
SPRING_DATASOURCE_URL=jdbc:postgresql://localhost:5432/${PG_DB_NAME}
@@ -31,7 +31,7 @@ SPRING_DATASOURCE_USERNAME=${PG_DB_USER}
SPRING_DATASOURCE_PASSWORD=${PG_DB_PASS}
TOLGEE_AUTHENTICATION_ENABLED=true
TOLGEE_AUTHENTICATION_INITIAL_USERNAME=admin
TOLGEE_FILE_STORAGE_FS_DATA_PATH=/opt/tolgee/data/
TOLGEE_FILE_STORAGE_FS_DATA_PATH=/opt/tolgee_data
EOF
msg_ok "Set up Tolgee"
@@ -45,8 +45,8 @@ After=network.target
Type=simple
User=root
WorkingDirectory=/opt/tolgee
EnvironmentFile=/opt/tolgee/.env
ExecStart=/usr/bin/java -jar /opt/tolgee/tolgee.jar
EnvironmentFile=/opt/tolgee_data/.env
ExecStart=/usr/bin/java -jar /opt/tolgee/tolgee
Restart=on-failure
RestartSec=5

289
install/tubearchivist-install.sh
View File

@@ -1,289 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://github.com/tubearchivist/tubearchivist
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
build-essential \
git \
nginx \
redis-server \
atomicparsley \
python3-dev \
libldap2-dev \
libsasl2-dev \
libssl-dev \
sqlite3 \
ffmpeg
msg_ok "Installed Dependencies"
UV_PYTHON="3.13" setup_uv
NODE_VERSION="24" setup_nodejs
fetch_and_deploy_gh_release "deno" "denoland/deno" "prebuild" "latest" "/usr/local/bin" "deno-x86_64-unknown-linux-gnu.zip"
msg_info "Installing ElasticSearch"
setup_deb822_repo "elastic-8.x" "https://artifacts.elastic.co/GPG-KEY-elasticsearch" "https://artifacts.elastic.co/packages/8.x/apt" "stable" "main"
ES_JAVA_OPTS="-Xms1g -Xmx1g" $STD apt install -y elasticsearch
msg_ok "Installed ElasticSearch"
msg_info "Configuring ElasticSearch"
cat <<EOF >/etc/elasticsearch/elasticsearch.yml
cluster.name: tubearchivist
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
path.repo: ["/var/lib/elasticsearch/snapshot"]
network.host: 127.0.0.1
xpack.security.enabled: false
xpack.security.transport.ssl.enabled: false
xpack.security.http.ssl.enabled: false
EOF
mkdir -p /var/lib/elasticsearch/snapshot
chown -R elasticsearch:elasticsearch /var/lib/elasticsearch/snapshot
cat <<EOF >/etc/elasticsearch/jvm.options.d/heap.options
-Xms1g
-Xmx1g
EOF
sysctl -w vm.max_map_count=262144 2>/dev/null || true
cat <<EOF >/etc/sysctl.d/99-elasticsearch.conf
vm.max_map_count=262144
EOF
systemctl enable -q --now elasticsearch
msg_ok "Configured ElasticSearch"
fetch_and_deploy_gh_release "tubearchivist" "tubearchivist/tubearchivist" "tarball" "latest" "/opt/tubearchivist"
msg_info "Building Frontend"
cd /opt/tubearchivist/frontend
$STD npm install
$STD npm run build:deploy
mkdir -p /opt/tubearchivist/backend/static
cp -r /opt/tubearchivist/frontend/dist/* /opt/tubearchivist/backend/static/
msg_ok "Built Frontend"
msg_info "Setting up Tube Archivist"
cp /opt/tubearchivist/docker_assets/backend_start.py /opt/tubearchivist/backend/
$STD uv venv /opt/tubearchivist/.venv
$STD uv pip install --python /opt/tubearchivist/.venv/bin/python -r /opt/tubearchivist/backend/requirements.txt
if [[ -f /opt/tubearchivist/backend/requirements.plugins.txt ]]; then
mkdir -p /opt/yt_plugins/bgutil
$STD uv pip install --python /opt/tubearchivist/.venv/bin/python --target /opt/yt_plugins/bgutil -r /opt/tubearchivist/backend/requirements.plugins.txt
fi
TA_PASSWORD=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
ES_PASSWORD=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
mkdir -p /opt/tubearchivist/{cache,media}
ln -sf /opt/tubearchivist/cache /cache
ln -sf /opt/tubearchivist/media /youtube
cat <<EOF >/opt/tubearchivist/.env
TA_HOST=http://${LOCAL_IP}:8000
TA_USERNAME=admin
TA_PASSWORD=${TA_PASSWORD}
TA_BACKEND_PORT=8080
TA_APP_DIR=/opt/tubearchivist/backend
TA_CACHE_DIR=/cache
TA_MEDIA_DIR=/youtube
ES_SNAPSHOT_DIR=/var/lib/elasticsearch/snapshot
ELASTIC_PASSWORD=${ES_PASSWORD}
REDIS_CON=redis://localhost:6379
ES_URL=http://localhost:9200
TZ=UTC
PYTHONUNBUFFERED=1
YTDLP_PLUGIN_DIRS=/opt/yt_plugins
EOF
{
echo "Tube Archivist Credentials"
echo "=========================="
echo "Username: admin"
echo "Password: ${TA_PASSWORD}"
echo "Elasticsearch Password: ${ES_PASSWORD}"
} >~/tubearchivist.creds
$STD systemctl enable --now redis-server
msg_ok "Set up Tube Archivist"
msg_info "Configuring Nginx"
sed -i 's/^user www-data;$/user root;/' /etc/nginx/nginx.conf
cat <<'EOF' >/etc/nginx/sites-available/default
server {
listen 8000;
location = /_auth {
internal;
proxy_pass http://localhost:8080/api/ping/;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
proxy_set_header Host $http_host;
proxy_set_header Cookie $http_cookie;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /cache/videos/ {
auth_request /_auth;
alias /cache/videos/;
}
location /cache/channels/ {
auth_request /_auth;
alias /cache/channels/;
}
location /cache/playlists/ {
auth_request /_auth;
alias /cache/playlists/;
}
location /media/ {
auth_request /_auth;
alias /youtube/;
types {
text/vtt vtt;
}
}
location /youtube/ {
auth_request /_auth;
alias /youtube/;
types {
video/mp4 mp4;
}
}
location /api {
include proxy_params;
proxy_pass http://localhost:8080;
}
location /admin {
include proxy_params;
proxy_pass http://localhost:8080;
}
location /static/ {
alias /opt/tubearchivist/backend/staticfiles/;
}
root /opt/tubearchivist/backend/static;
index index.html;
location ~* ^/(?!static/|cache/).*\.(?:css|js|png|jpg|jpeg|gif|ico|svg|woff2?)$ {
try_files $uri $uri/ /index.html =404;
}
location = /index.html {
add_header Cache-Control "no-store, no-cache, must-revalidate";
add_header Pragma "no-cache";
expires 0;
}
location / {
add_header Cache-Control "no-store, no-cache, must-revalidate";
add_header Pragma "no-cache";
expires 0;
try_files $uri $uri/ /index.html =404;
}
}
EOF
systemctl enable -q nginx
systemctl restart nginx
msg_ok "Configured Nginx"
msg_info "Creating Services"
cat <<'RUNEOF' >/opt/tubearchivist/backend/run.sh
#!/bin/bash
set -e
cd /opt/tubearchivist/backend
set -a
source /opt/tubearchivist/.env
set +a
PYTHON=/opt/tubearchivist/.venv/bin/python
echo "Waiting for ElasticSearch..."
for i in $(seq 1 30); do
if curl -sf http://localhost:9200/_cluster/health >/dev/null 2>&1; then
break
fi
sleep 2
done
$PYTHON manage.py migrate
$PYTHON manage.py collectstatic --noinput -c
$PYTHON manage.py ta_envcheck
$PYTHON manage.py ta_connection
$PYTHON manage.py ta_startup
exec $PYTHON backend_start.py
RUNEOF
chmod +x /opt/tubearchivist/backend/run.sh
ln -sf /opt/tubearchivist/.env /opt/tubearchivist/backend/.env
cat <<EOF >/etc/systemd/system/tubearchivist.service
[Unit]
Description=Tube Archivist Backend
After=network.target elasticsearch.service redis-server.service
[Service]
Type=simple
User=root
WorkingDirectory=/opt/tubearchivist/backend
EnvironmentFile=/opt/tubearchivist/.env
Environment=PATH=/opt/tubearchivist/.venv/bin:/usr/local/bin:/usr/bin:/bin
ExecStart=/opt/tubearchivist/backend/run.sh
Restart=on-failure
RestartSec=10
[Install]
WantedBy=multi-user.target
EOF
cat <<EOF >/etc/systemd/system/tubearchivist-celery.service
[Unit]
Description=Tube Archivist Celery Worker
After=tubearchivist.service redis-server.service elasticsearch.service
[Service]
Type=simple
User=root
WorkingDirectory=/opt/tubearchivist/backend
EnvironmentFile=/opt/tubearchivist/.env
Environment=PATH=/opt/tubearchivist/.venv/bin:/usr/local/bin:/usr/bin:/bin
ExecStart=/opt/tubearchivist/.venv/bin/celery -A task worker --loglevel=error --concurrency=4 --max-tasks-per-child=5 --max-memory-per-child=150000
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
EOF
cat <<EOF >/etc/systemd/system/tubearchivist-beat.service
[Unit]
Description=Tube Archivist Celery Beat
After=tubearchivist.service redis-server.service
[Service]
Type=simple
User=root
WorkingDirectory=/opt/tubearchivist/backend
EnvironmentFile=/opt/tubearchivist/.env
Environment=PATH=/opt/tubearchivist/.venv/bin:/usr/local/bin:/usr/bin:/bin
ExecStartPre=/bin/bash -c 'for i in \$(seq 1 60); do sqlite3 /cache/db.sqlite3 "SELECT 1 FROM django_celery_beat_crontabschedule LIMIT 1" 2>/dev/null && exit 0; sleep 2; done; exit 1'
ExecStart=/opt/tubearchivist/.venv/bin/celery -A task beat --loglevel=error --scheduler django_celery_beat.schedulers:DatabaseScheduler
Restart=always
RestartSec=5
RuntimeMaxSec=3600
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now tubearchivist tubearchivist-celery tubearchivist-beat
msg_ok "Created Services"
motd_ssh
customize
cleanup_lxc

140
install/web-check-install.sh
View File

@@ -1,140 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: CrazyWolf13
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://github.com/lissy93/web-check
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
export DEBIAN_FRONTEND=noninteractive
$STD apt -y install --no-install-recommends \
git \
traceroute \
make \
g++ \
traceroute \
xvfb \
dbus \
xorg \
xvfb \
gtk2-engines-pixbuf \
dbus-x11 \
xfonts-base \
xfonts-100dpi \
xfonts-75dpi \
xfonts-scalable \
imagemagick \
x11-apps
msg_ok "Installed Dependencies"
NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
msg_info "Setup Python3"
$STD apt install -y python3
rm -rf /usr/lib/python3.*/EXTERNALLY-MANAGED
msg_ok "Setup Python3"
msg_info "Installing Chromium"
curl -fsSL https://dl-ssl.google.com/linux/linux_signing_key.pub | gpg --dearmor -o /usr/share/keyrings/google-chrome-keyring.gpg
cat <<EOF | sudo tee /etc/apt/sources.list.d/google-chrome.sources >/dev/null
Types: deb
URIs: http://dl.google.com/linux/chrome/deb/
Suites: stable
Components: main
Architectures: amd64
Signed-By: /usr/share/keyrings/google-chrome-keyring.gpg
EOF
$STD apt update
$STD apt -y install \
chromium \
libxss1 \
lsb-release
msg_ok "Installed Chromium"
msg_info "Setting up Chromium"
/usr/bin/chromium --no-sandbox --version >/etc/chromium-version
chmod 755 /usr/bin/chromium
msg_ok "Setup Chromium"
fetch_and_deploy_gh_release "web-check" "Lissy93/web-check" "tarball"
msg_info "Installing Web-Check (Patience)"
cd /opt/web-check
cat <<'EOF' >/opt/web-check/.env
CHROME_PATH=/usr/bin/chromium
PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium
HEADLESS=true
GOOGLE_CLOUD_API_KEY=''
REACT_APP_SHODAN_API_KEY=''
REACT_APP_WHO_API_KEY=''
SECURITY_TRAILS_API_KEY=''
CLOUDMERSIVE_API_KEY=''
TRANCO_USERNAME=''
TRANCO_API_KEY=''
URL_SCAN_API_KEY=''
BUILT_WITH_API_KEY=''
TORRENT_IP_API_KEY=''
PORT='3000'
DISABLE_GUI='false'
API_TIMEOUT_LIMIT='10000'
API_CORS_ORIGIN='*'
API_ENABLE_RATE_LIMIT='false'
REACT_APP_API_ENDPOINT='/api'
ENABLE_ANALYTICS='false'
EOF
$STD yarn install --frozen-lockfile --network-timeout 100000
msg_ok "Installed Web-Check"
msg_info "Building Web-Check"
$STD yarn build --production
msg_ok "Built Web-Check"
msg_info "Creating Service"
cat <<'EOF' >/opt/run_web-check.sh
#!/bin/bash
SCREEN_RESOLUTION="1280x1024x24"
if ! systemctl is-active --quiet dbus; then
echo "Warning: dbus service is not running. Some features may not work properly."
fi
[[ -z "${DISPLAY}" ]] && export DISPLAY=":99"
Xvfb "${DISPLAY}" -screen 0 "${SCREEN_RESOLUTION}" &
XVFB_PID=$!
sleep 2
cd /opt/web-check
exec yarn start
EOF
chmod +x /opt/run_web-check.sh
cat <<'EOF' >/etc/systemd/system/web-check.service
[Unit]
Description=Web Check Service
After=network.target
[Service]
Type=simple
User=root
Group=root
WorkingDirectory=/opt/web-check
EnvironmentFile=/opt/web-check/.env
ExecStartPre=/bin/bash -c "service dbus start || true"
ExecStartPre=/bin/bash -c "if ! pgrep -f 'Xvfb.*:99' > /dev/null; then Xvfb :99 -screen 0 1280x1024x24 & fi"
ExecStart=/opt/run_web-check.sh
Restart=on-failure
Environment=DISPLAY=:99
[Install]
WantedBy=multi-user.target
EOF
systemctl enable -q --now web-check
msg_ok "Created Service"
motd_ssh
customize
cleanup_lxc

77
install/webtrees-install.sh
View File

@@ -1,77 +0,0 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: sudofly
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
# Source: https://webtrees.net/
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y \
caddy \
unzip
msg_ok "Installed Dependencies"
PHP_VERSION="8.3" PHP_FPM="YES" PHP_MODULES="bcmath,gd,intl,xml,zip,pdo_mysql,mbstring,curl" setup_php
setup_mariadb
MARIADB_DB_NAME="webtrees" MARIADB_DB_USER="webtrees" setup_mariadb_db
$STD mariadb -u root -e "GRANT ALL ON \`webtrees\`.* TO 'webtrees'@'127.0.0.1' IDENTIFIED BY '${MARIADB_DB_PASS}'; FLUSH PRIVILEGES;"
fetch_and_deploy_gh_release "webtrees" "fisharebest/webtrees" "prebuild" "latest" "/opt/webtrees" "webtrees-*.zip"
msg_info "Setting up Webtrees"
chown -R www-data:www-data /opt/webtrees
msg_ok "Set up Webtrees"
msg_info "Configuring Caddy"
PHP_VER=$(php -r 'echo PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION;')
cat <<EOF >/etc/caddy/Caddyfile
:80 {
root * /opt/webtrees
php_fastcgi unix//run/php/php${PHP_VER}-fpm.sock
file_server
encode gzip
}
EOF
usermod -aG www-data caddy
msg_ok "Configured Caddy"
systemctl enable -q --now php${PHP_VER}-fpm
systemctl restart caddy
msg_info "Automating Webtrees Setup"
sleep 5
WT_ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c15)
curl -sS -X POST "http://127.0.0.1/" \
-d "step=6" \
--data-urlencode "baseurl=http://${LOCAL_IP}" \
-d "lang=en-US" \
-d "dbtype=mysql" \
-d "dbhost=127.0.0.1" \
-d "dbport=3306" \
-d "dbuser=webtrees" \
--data-urlencode "dbpass=${MARIADB_DB_PASS}" \
-d "dbname=webtrees" \
-d "tblpfx=wt_" \
-d "wtname=Administrator" \
-d "wtuser=Admin" \
--data-urlencode "wtpass=${WT_ADMIN_PASS}" \
-d "wtemail=admin@example.com" >/dev/null
cat <<EOF >>~/webtrees.creds
Webtrees Admin User: Admin
Webtrees Admin Password: ${WT_ADMIN_PASS}
EOF
msg_ok "Webtrees Setup Automated"
motd_ssh
customize
cleanup_lxc