#!/usr/bin/env bash # Copyright (c) 2021-2026 community-scripts ORG # Author: Hai Tran (epiHATR) # License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE # Source: https://onetimesecret.com/ | Github: https://github.com/onetimesecret/onetimesecret source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" color verb_ip6 catch_errors setting_up_container network_check update_os msg_info "Installing Dependencies" $STD apt install -y \ build-essential \ git \ libffi-dev \ libgmp-dev \ libpq-dev \ libreadline-dev \ libsqlite3-dev \ libssl-dev \ libxml2-dev \ libxslt1-dev \ libyaml-dev \ nginx \ pkg-config \ python3 \ redis-server \ zlib1g-dev msg_ok "Installed Dependencies" fetch_and_deploy_gh_release "onetimesecret" "onetimesecret/onetimesecret" "tarball" RUBY_VERSION=$(sed -n "s/^ruby '>= \([0-9.]*\)'.*/\1/p" /opt/onetimesecret/Gemfile) RUBY_VERSION="${RUBY_VERSION:-3.4.7}" setup_ruby PNPM_VERSION=$(sed -n 's/.*"packageManager": "pnpm@\([^"]*\)".*/\1/p' /opt/onetimesecret/package.json) NODE_VERSION=$(tr -d ' \n' /dev/null) NODE_VERSION="${NODE_VERSION:-25}" NODE_MODULE="pnpm@${PNPM_VERSION:-11.1.2}" setup_nodejs HOST_VALUE="${OTS_HOST:-$LOCAL_IP}" SSL_VALUE="${OTS_SSL:-false}" case "${SSL_VALUE,,}" in 1 | true | yes | on) SSL_VALUE="true" ;; 0 | false | no | off | "") SSL_VALUE="false" ;; *) msg_error "Invalid OTS_SSL value '${OTS_SSL}' (use true/false)" exit 1 ;; esac msg_info "Configuring Application" systemctl enable -q --now redis-server cd /opt/onetimesecret $STD bash ./install.sh init sed -i \ -e "s|^REDIS_URL=.*|REDIS_URL=redis://127.0.0.1:6379/0|" \ -e "s|^HOST=.*|HOST=${HOST_VALUE//&/\\&}|" \ -e "s|^SSL=.*|SSL=${SSL_VALUE}|" \ /opt/onetimesecret/.env if grep -q '^RACK_ENV=' /opt/onetimesecret/.env; then sed -i 's|^RACK_ENV=.*|RACK_ENV=production|' /opt/onetimesecret/.env else echo "RACK_ENV=production" >>/opt/onetimesecret/.env fi if grep -q '^AUTHENTICATION_MODE=' /opt/onetimesecret/.env; then sed -i 's|^AUTHENTICATION_MODE=.*|AUTHENTICATION_MODE=simple|' /opt/onetimesecret/.env else echo "AUTHENTICATION_MODE=simple" >>/opt/onetimesecret/.env fi if ! grep -q '^PORT=' /opt/onetimesecret/.env; then echo "PORT=3000" >>/opt/onetimesecret/.env fi chmod 600 /opt/onetimesecret/.env mkdir -p /opt/onetimesecret/tmp/pids /opt/onetimesecret/log msg_ok "Configured Application" msg_info "Reconciling Application" cd /opt/onetimesecret $STD bash ./install.sh reconcile msg_ok "Reconciled Application" msg_info "Building Frontend" cd /opt/onetimesecret $STD pnpm run build msg_ok "Built Frontend" msg_info "Creating Service" cat <<'EOF' >/etc/systemd/system/onetimesecret.service [Unit] Description=Onetime Secret Service After=network.target redis-server.service Requires=redis-server.service [Service] Type=simple User=root WorkingDirectory=/opt/onetimesecret Environment=HOME=/root Environment=PATH=/root/.rbenv/shims:/root/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin ExecStart=/bin/bash -lc 'source .env.sh && exec bundle exec puma -C etc/puma.rb' Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target EOF systemctl enable -q --now onetimesecret msg_ok "Created Service" msg_info "Configuring Nginx" cat <<'EOF' >/etc/nginx/sites-available/onetimesecret server { listen 80 default_server; server_name _; location / { proxy_pass http://127.0.0.1:3000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } EOF ln -sf /etc/nginx/sites-available/onetimesecret /etc/nginx/sites-enabled/onetimesecret rm -f /etc/nginx/sites-enabled/default $STD nginx -t systemctl enable -q --now nginx systemctl reload nginx msg_ok "Configured Nginx" motd_ssh customize cleanup_lxc