From cd9c920d4898121d47776c7e79f47aca2dfcee57 Mon Sep 17 00:00:00 2001 From: "push-app-to-main[bot]" <203845782+push-app-to-main[bot]@users.noreply.github.com> Date: Thu, 2 Jul 2026 11:06:43 +0200 Subject: [PATCH] Rackula (#15465) * Add rackula (ct) * Update rackula.sh * Update install/rackula-install.sh Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com> * Update install/rackula-install.sh Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com> * fix(rackula): install Bun outside /root so hardened service unit can exec it (#15540) rackula-api.service ships with ProtectHome=true and ExecStart=/usr/local/bin/bun. With BUN_INSTALL=/root/.bun the symlink resolves into /root, which is masked in the unit's mount namespace, so the service fails with status=203/EXEC and crash-loops. Use /opt/bun instead, matching yubal and gitea-mirror. Also drop the unused BUN_VERSION/BUN_VARIANT block (bun.sh/install takes the version as a positional arg and detects avx2/baseline itself, so the env vars were dead code) and restore the msg_ok "Installed Bun" / msg_info "Setting up Rackula" pair. Claude-Session: https://claude.ai/code/session_011sGajwSQGg1vd6m2AC6Byq Co-authored-by: Claude Fable 5 * Refactor rackula-install.sh to streamline installation Removed checks for security headers config file and adjusted installation steps for Bun and Rackula. --------- Co-authored-by: push-app-to-main[bot] <203845782+push-app-to-main[bot]@users.noreply.github.com> Co-authored-by: CanbiZ (MickLesk) <47820557+MickLesk@users.noreply.github.com> Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com> Co-authored-by: Gareth Evans <63365672+ggfevans@users.noreply.github.com> Co-authored-by: Claude Fable 5 --- ct/headers/rackula | 6 +++ ct/rackula.sh | 81 ++++++++++++++++++++++++++++++++++++ install/rackula-install.sh | 84 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 171 insertions(+) create mode 100644 ct/headers/rackula create mode 100755 ct/rackula.sh create mode 100755 install/rackula-install.sh diff --git a/ct/headers/rackula b/ct/headers/rackula new file mode 100644 index 000000000..42c4cd548 --- /dev/null +++ b/ct/headers/rackula @@ -0,0 +1,6 @@ + ____ __ __ + / __ \____ ______/ /____ __/ /___ _ + / /_/ / __ `/ ___/ //_/ / / / / __ `/ + / _, _/ /_/ / /__/ ,< / /_/ / / /_/ / +/_/ |_|\__,_/\___/_/|_|\__,_/_/\__,_/ + diff --git a/ct/rackula.sh b/ct/rackula.sh new file mode 100755 index 000000000..74f453c55 --- /dev/null +++ b/ct/rackula.sh @@ -0,0 +1,81 @@ +#!/usr/bin/env bash +source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) +# Copyright (c) 2021-2026 community-scripts ORG +# Author: gVNS (ggfevans) +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://github.com/RackulaLives/Rackula + +APP="Rackula" +var_tags="${var_tags:-homelab}" +var_cpu="${var_cpu:-1}" +var_ram="${var_ram:-512}" +var_disk="${var_disk:-8}" +var_os="${var_os:-debian}" +var_version="${var_version:-13}" +var_arm64="${var_arm64:-yes}" +var_unprivileged="${var_unprivileged:-1}" + +header_info "$APP" +variables +color +catch_errors + +function update_script() { + header_info + check_container_storage + check_container_resources + + if [[ ! -d /opt/rackula ]]; then + msg_error "No ${APP} Installation Found!" + exit 1 + fi + + if check_for_gh_release "rackula" "RackulaLives/Rackula"; then + msg_info "Stopping Services" + systemctl stop rackula-api nginx + msg_ok "Stopped Services" + + create_backup /opt/rackula/data + CLEAN_INSTALL=1 fetch_and_deploy_gh_release "rackula" "RackulaLives/Rackula" "prebuild" "latest" "/opt/rackula" "rackula-lxc-*.tar.gz" + restore_backup + + msg_info "Updating Configuration" + cp /opt/rackula/config/nginx.conf /etc/nginx/sites-available/rackula + cp /opt/rackula/config/security-headers.conf /etc/nginx/snippets/security-headers.conf + cp /opt/rackula/config/rackula-api.service /etc/systemd/system/rackula-api.service + if grep -q '^User=' /etc/systemd/system/rackula-api.service; then + sed -i 's/^User=.*/User=root/' /etc/systemd/system/rackula-api.service + else + sed -i '/^\[Service\]/a User=root' /etc/systemd/system/rackula-api.service + fi + if grep -q '^Group=' /etc/systemd/system/rackula-api.service; then + sed -i 's/^Group=.*/Group=root/' /etc/systemd/system/rackula-api.service + else + sed -i '/^\[Service\]/a Group=root' /etc/systemd/system/rackula-api.service + fi + mkdir -p /etc/systemd/system/nginx.service.d + cp /opt/rackula/config/nginx.service.d-override.conf /etc/systemd/system/nginx.service.d/override.conf + chown -R root:root /opt/rackula/frontend + find /opt/rackula/frontend -type d -exec chmod 755 {} \; + find /opt/rackula/frontend -type f -exec chmod 644 {} \; + chmod 750 /opt/rackula/data + msg_ok "Updated Configuration" + + msg_info "Starting Services" + $STD nginx -t + systemctl daemon-reload + systemctl start nginx rackula-api + msg_ok "Started Services" + msg_ok "Updated successfully!" + fi + exit +} + +start +build_container +description + +msg_ok "Completed Successfully!\n" +echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" +echo -e "${INFO}${YW} Access it using the following URL:${CL}" +echo -e "${TAB}${GATEWAY}${BGN}http://${IP}${CL}" diff --git a/install/rackula-install.sh b/install/rackula-install.sh new file mode 100755 index 000000000..ff4046526 --- /dev/null +++ b/install/rackula-install.sh @@ -0,0 +1,84 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2026 community-scripts ORG +# Author: gVNS (ggfevans) +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://github.com/RackulaLives/Rackula + +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Dependencies" +$STD apt install -y nginx +msg_ok "Installed Dependencies" + +msg_info "Installing Bun" +export BUN_INSTALL="/opt/bun" +curl -fsSL https://bun.sh/install | $STD bash +ln -sf /opt/bun/bin/bun /usr/local/bin/bun +msg_ok "Installed Bun" + +fetch_and_deploy_gh_release "rackula" "RackulaLives/Rackula" "prebuild" "latest" "/opt/rackula" "rackula-lxc-*.tar.gz" + +msg_info "Setting up Rackula" +mkdir -p /opt/rackula/data /etc/nginx/snippets +SECURITY_HEADERS_SRC="/opt/rackula/config/security-headers.conf" +cp "$SECURITY_HEADERS_SRC" /etc/nginx/snippets/security-headers.conf +chown -R root:root /opt/rackula/frontend +find /opt/rackula/frontend -type d -exec chmod 755 {} \; +find /opt/rackula/frontend -type f -exec chmod 644 {} \; +chmod 750 /opt/rackula/data + +API_WRITE_TOKEN=$(openssl rand -hex 32) +cat </opt/rackula/data/.env +RACKULA_API_WRITE_TOKEN=${API_WRITE_TOKEN} +CORS_ORIGIN=http://localhost +ALLOW_INSECURE_CORS=false +EOF +chmod 600 /opt/rackula/data/.env + +cat </etc/nginx/snippets/rackula-api-token.conf +map \$host \$rackula_api_write_token { + default "${API_WRITE_TOKEN}"; +} +map \$host \$rackula_has_api_write_token { + default 1; +} +EOF +chmod 640 /etc/nginx/snippets/rackula-api-token.conf +msg_ok "Set up Rackula" + +msg_info "Configuring nginx" +cp /opt/rackula/config/nginx.conf /etc/nginx/sites-available/rackula +rm -f /etc/nginx/sites-enabled/default +ln -sf /etc/nginx/sites-available/rackula /etc/nginx/sites-enabled/rackula +$STD nginx -t +msg_ok "Configured nginx" + +msg_info "Creating Services" +cp /opt/rackula/config/rackula-api.service /etc/systemd/system/rackula-api.service +if grep -q '^User=' /etc/systemd/system/rackula-api.service; then + sed -i 's/^User=.*/User=root/' /etc/systemd/system/rackula-api.service +else + sed -i '/^\[Service\]/a User=root' /etc/systemd/system/rackula-api.service +fi +if grep -q '^Group=' /etc/systemd/system/rackula-api.service; then + sed -i 's/^Group=.*/Group=root/' /etc/systemd/system/rackula-api.service +else + sed -i '/^\[Service\]/a Group=root' /etc/systemd/system/rackula-api.service +fi +mkdir -p /etc/systemd/system/nginx.service.d +cp /opt/rackula/config/nginx.service.d-override.conf /etc/systemd/system/nginx.service.d/override.conf +systemctl daemon-reload +systemctl enable -q nginx rackula-api +systemctl restart nginx rackula-api +msg_ok "Created Services" + +motd_ssh +customize +cleanup_lxc