From ebaa526560efa83aeed8a03343d29260fa94fedf Mon Sep 17 00:00:00 2001 From: "CanbiZ (MickLesk)" <47820557+MickLesk@users.noreply.github.com> Date: Mon, 11 May 2026 15:54:38 +0200 Subject: [PATCH] core: support optional POST_INSTALL_SCRIPT (var_post_install_script) hook (#14160) --- misc/build.func | 109 +++++- tools/pve/post-install-hook-examples.sh | 436 ++++++++++++++++++++++++ 2 files changed, 542 insertions(+), 3 deletions(-) create mode 100644 tools/pve/post-install-hook-examples.sh diff --git a/misc/build.func b/misc/build.func index 6354fd83e..ef8fde3b6 100644 --- a/misc/build.func +++ b/misc/build.func @@ -1062,6 +1062,7 @@ load_vars_file() { var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain + var_post_install ) # Whitelist check helper @@ -1279,6 +1280,7 @@ default_var_settings() { var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage + var_post_install ) # Snapshot: environment variables (highest precedence) @@ -1374,6 +1376,11 @@ var_verbose=no # GitHub Personal Access Token (optional – avoids API rate limits during installs) # Create at https://github.com/settings/tokens – read-only public access is sufficient # var_github_token=ghp_your_token_here + +# Optional post-install script (host-side path to a *.sh on the Proxmox host) +# Runs ON THE HOST after the container is fully provisioned. +# Available env vars: APP, NSAPP, CTID, IP, HN, STORAGE, BRG +# var_post_install=/opt/post-install/myhook.sh EOF # Now choose storages (always prompt unless just one exists) @@ -1452,6 +1459,7 @@ if ! declare -p VAR_WHITELIST >/dev/null 2>&1; then var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain + var_post_install ) fi @@ -1664,6 +1672,7 @@ _build_current_app_vars_tmp() { [ -n "$_tpl_storage" ] && echo "var_template_storage=$(_sanitize_value "$_tpl_storage")" [ -n "$_ct_storage" ] && echo "var_container_storage=$(_sanitize_value "$_ct_storage")" + [ -n "${var_post_install:-}" ] && echo "var_post_install=$(_sanitize_value "${var_post_install}")" } >"$tmpf" echo "$tmpf" @@ -1808,7 +1817,7 @@ advanced_settings() { TAGS="community-script${var_tags:+;${var_tags}}" fi local STEP=1 - local MAX_STEP=28 + local MAX_STEP=29 # Store values for back navigation - inherit from var_* app defaults local _ct_type="${var_unprivileged:-1}" @@ -1842,6 +1851,7 @@ advanced_settings() { local _enable_mknod="${var_mknod:-0}" local _mount_fs="${var_mount_fs:-}" local _protect_ct="${var_protection:-no}" + local _post_install="${var_post_install:-}" # Detect host timezone for default (if not set via var_timezone) local _host_timezone="" @@ -2699,9 +2709,61 @@ advanced_settings() { ;; # ═══════════════════════════════════════════════════════════════════════════ - # STEP 28: Verbose Mode & Confirmation + # STEP 28: Optional host-side post-install hook (path on the Proxmox HOST) # ═══════════════════════════════════════════════════════════════════════════ 28) + local _hook_prompt="Optional: absolute path to a *.sh file ON THE PROXMOX HOST. + +It runs as root on the HOST (NOT in the LXC) after the container +is fully provisioned and started. + +Available env vars: APP, NSAPP, CTID, IP, HN, STORAGE, BRG. + +Leave empty to skip." + while true; do + if result=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \ + --title "POST-INSTALL HOOK (HOST)" \ + --ok-button "Next" --cancel-button "Back" \ + --inputbox "$_hook_prompt" 16 70 "${_post_install}" \ + 3>&1 1>&2 2>&3); then + # Normalize: strip surrounding whitespace + result="$(printf '%s' "$result" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')" + if [[ -z "$result" ]]; then + _post_install="" + ((STEP++)) + break + fi + # Reject obvious shell-meta sneaking through + if [[ "$result" == *';'* || "$result" == *'$('* || "$result" == *'`'* || "$result" == *'&&'* || "$result" == *'||'* ]]; then + whiptail --backtitle "Proxmox VE Helper Scripts" --title "INVALID PATH" \ + --msgbox "Path contains shell metacharacters. Please provide a plain absolute file path." 10 70 + continue + fi + if [[ "$result" != /* ]]; then + whiptail --backtitle "Proxmox VE Helper Scripts" --title "INVALID PATH" \ + --msgbox "Path must be absolute (start with /).\n\nGot: $result" 10 70 + continue + fi + if [[ ! -f "$result" ]]; then + if ! whiptail --backtitle "Proxmox VE Helper Scripts" --title "FILE NOT FOUND" \ + --yesno "File does not exist on host:\n\n$result\n\nKeep this path anyway?" 12 70; then + continue + fi + fi + _post_install="$result" + ((STEP++)) + break + else + ((STEP--)) + break + fi + done + ;; + + # ═══════════════════════════════════════════════════════════════════════════ + # STEP 29: Verbose Mode & Confirmation + # ═══════════════════════════════════════════════════════════════════════════ + 29) local verbose_default_flag="--defaultno" [[ "$_verbose" == "yes" ]] && verbose_default_flag="" @@ -2730,6 +2792,11 @@ advanced_settings() { local apt_display="${_apt_cacher:-no}" [[ "$_apt_cacher" == "yes" && -n "$_apt_cacher_ip" ]] && apt_display="$_apt_cacher_ip" + local post_install_display="${_post_install:-(none)}" + local post_install_warn="" + [[ -n "$_post_install" ]] && post_install_warn=" + ⚠ Hook runs as root on Proxmox HOST (not in LXC)" + local summary="Container Type: $ct_type_desc Container ID: $_ct_id Hostname: $_hostname @@ -2753,7 +2820,8 @@ Features: Advanced: Timezone: $tz_display APT Cacher: $apt_display - Verbose: $_verbose" + Verbose: $_verbose + Post-Install Script: ${post_install_display}${post_install_warn}" if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \ --title "CONFIRM SETTINGS" \ @@ -2796,6 +2864,7 @@ Advanced: APT_CACHER="$_apt_cacher" APT_CACHER_IP="$_apt_cacher_ip" VERBOSE="$_verbose" + var_post_install="$_post_install" # Update var_* based on user choice (for functions that check these) var_gpu="$_enable_gpu" @@ -6361,6 +6430,40 @@ EOF systemctl start ping-instances.service fi + # Optional host-side post-install hook + # Path comes from var_post_install (default.vars / app.vars / advanced settings). + # Runs ON THE PROXMOX HOST after the container is up and configured. + # Exposed env vars: APP, NSAPP, CTID, IP, HN, STORAGE, BRG. + # Output (stdout/stderr) is captured to /var/log/community-scripts/post-install-.log + if [[ -n "${var_post_install:-}" ]]; then + local _hook_log_dir="/var/log/community-scripts" + local _hook_log="${_hook_log_dir}/post-install-${CTID}.log" + mkdir -p "$_hook_log_dir" 2>/dev/null || true + + if [[ ! -f "${var_post_install}" ]]; then + msg_error "Post-install hook not found on host: ${var_post_install}" + whiptail --backtitle "Proxmox VE Helper Scripts" \ + --title "POST-INSTALL HOOK FAILED" \ + --msgbox "The configured post-install hook was not found on the Proxmox host:\n\n${var_post_install}\n\nThe LXC was created successfully, but the hook did NOT run." 14 72 || true + else + msg_info "Running post-install hook: ${var_post_install}" + local _hook_rc=0 + APP="$APP" NSAPP="${NSAPP:-}" CTID="$CTID" IP="$IP" HN="${HN:-}" \ + STORAGE="${STORAGE:-}" BRG="${BRG:-}" \ + bash "${var_post_install}" >"${_hook_log}" 2>&1 || _hook_rc=$? + if [[ $_hook_rc -eq 0 ]]; then + msg_ok "Post-install hook completed (log: ${_hook_log})" + else + msg_error "Post-install hook failed (rc=${_hook_rc}) – see ${_hook_log}" + local _hook_tail="" + _hook_tail="$(tail -n 15 "${_hook_log}" 2>/dev/null || true)" + whiptail --backtitle "Proxmox VE Helper Scripts" \ + --title "POST-INSTALL HOOK FAILED" \ + --msgbox "Hook exited with code ${_hook_rc}.\n\nScript: ${var_post_install}\nLog: ${_hook_log}\n\n--- Last log lines ---\n${_hook_tail}\n\nThe LXC itself was created successfully." 22 78 || true + fi + fi + fi + INSTALL_COMPLETE=true post_update_to_api "done" "none" } diff --git a/tools/pve/post-install-hook-examples.sh b/tools/pve/post-install-hook-examples.sh new file mode 100644 index 000000000..9964c577e --- /dev/null +++ b/tools/pve/post-install-hook-examples.sh @@ -0,0 +1,436 @@ +#!/usr/bin/env bash +# ============================================================================ +# Community-Scripts ProxmoxVE — Post-Install Hook: Example Library +# ---------------------------------------------------------------------------- +# This file is NOT meant to be executed as-is. +# It is a collection of complete, copy-pasteable example hooks for the +# optional `var_post_install` feature in build.func. +# +# HOW IT WORKS +# ------------ +# In the ct/*.sh CT scripts (or via Advanced Settings → Step 28) you can +# point `var_post_install` to an absolute path on the Proxmox HOST, e.g.: +# +# # in /root/.community-scripts/default.vars +# var_post_install=/opt/community-scripts/hooks/notify.sh +# +# # OR per-app, in app.vars +# var_post_install=/opt/community-scripts/hooks/vaultwarden-postprovision.sh +# +# # OR interactively in the Advanced Settings whiptail (Step 28). +# +# The hook runs ON THE PROXMOX HOST (NOT inside the LXC) as root, +# AFTER the container is fully provisioned, started and the description +# is set. stdout/stderr is captured to: +# +# /var/log/community-scripts/post-install-.log +# +# AVAILABLE ENV VARIABLES +# ----------------------- +# APP - Pretty name (e.g. "Vaultwarden") +# NSAPP - Slug / lowercase (e.g. "vaultwarden") +# CTID - Numeric container ID (e.g. "103") +# IP - IPv4 address of the LXC (e.g. "192.168.1.50") +# HN - Hostname (e.g. "vaultwarden") +# STORAGE - Storage where the rootfs lives (e.g. "local-lvm") +# BRG - Bridge (e.g. "vmbr0") +# +# GENERAL TIPS +# ------------ +# - Use `set -euo pipefail` so failures actually surface. +# - Use `|| true` on best-effort steps you do not want to abort the hook. +# - The file just needs to be a valid script. `+x` is optional — it is +# invoked via `bash `. Shebang is honored only if you call it +# yourself; otherwise the shebang line is purely cosmetic. +# - If the hook exits non-zero, the user gets a whiptail popup with the +# last 15 log lines. The LXC creation itself is NOT rolled back. +# - Keep hooks idempotent — they may be re-run if you recreate a CT. +# +# HOW TO USE THIS FILE +# -------------------- +# 1. Copy ONE example block (between the BEGIN/END markers) into a new +# file on the Proxmox host, e.g. /opt/community-scripts/hooks/notify.sh +# 2. chmod +x /opt/community-scripts/hooks/notify.sh (optional) +# 3. Set var_post_install in default.vars / app.vars or pick the path +# in Advanced Settings. +# ============================================================================ + +# ============================================================================ +# ▼▼▼ EXAMPLE 1 — BEGIN ▼▼▼ +# ---------------------------------------------------------------------------- +# Name : minimal-logger.sh +# Purpose : Append every newly created LXC to a single CSV-ish log. +# Difficulty : ⭐ Beginner +# Side effects: Writes to /var/log/community-scripts/created-lxcs.log +# Use case : You just want a paper trail of "what got created when". +# ============================================================================ +#!/usr/bin/env bash +set -euo pipefail + +LOG_DIR="/var/log/community-scripts" +LOG_FILE="${LOG_DIR}/created-lxcs.log" + +mkdir -p "$LOG_DIR" + +# Header on first use +if [[ ! -s "$LOG_FILE" ]]; then + echo "timestamp;ctid;app;hostname;ip;bridge;storage" >"$LOG_FILE" +fi + +printf '%s;%s;%s;%s;%s;%s;%s\n' \ + "$(date -Iseconds)" \ + "${CTID}" \ + "${APP}" \ + "${HN}" \ + "${IP}" \ + "${BRG}" \ + "${STORAGE}" \ + >>"$LOG_FILE" + +echo "Logged ${APP} (CTID=${CTID}) to ${LOG_FILE}" +# ▲▲▲ EXAMPLE 1 — END ▲▲▲ + +# ============================================================================ +# ▼▼▼ EXAMPLE 2 — BEGIN ▼▼▼ +# ---------------------------------------------------------------------------- +# Name : discord-gotify-notify.sh +# Purpose : Send a rich Discord embed AND a Gotify push notification +# whenever a new LXC is provisioned. +# Difficulty : ⭐⭐ Intermediate +# Requires : curl on the host (default), reachable webhook URLs. +# Side effects: Outbound HTTPS to Discord + your Gotify server. +# ============================================================================ +#!/usr/bin/env bash +set -euo pipefail + +# --- CONFIG (edit me) ------------------------------------------------------- +DISCORD_WEBHOOK="https://discord.com/api/webhooks/XXXXXXXX/YYYYYYYY" +GOTIFY_URL="https://gotify.example.com" +GOTIFY_TOKEN="AbCdEfGhIjKlMnO" +GOTIFY_PRIORITY=5 +# ---------------------------------------------------------------------------- + +# Resolve the Proxmox node's hostname for context +NODE="$(hostname -s)" +TS="$(date -Iseconds)" + +# --- Discord embed ---------------------------------------------------------- +read -r -d '' DISCORD_PAYLOAD </dev/null || + echo "WARN: Discord webhook failed (non-fatal)" + +# --- Gotify push ------------------------------------------------------------ +curl -fsS --max-time 10 \ + -H "X-Gotify-Key: ${GOTIFY_TOKEN}" \ + -F "title=Proxmox: ${APP} LXC created" \ + -F "message=CTID=${CTID} IP=${IP} HN=${HN} on ${NODE}" \ + -F "priority=${GOTIFY_PRIORITY}" \ + "${GOTIFY_URL}/message" \ + >/dev/null || + echo "WARN: Gotify push failed (non-fatal)" + +echo "Notifications dispatched for CTID=${CTID}" +# ▲▲▲ EXAMPLE 2 — END ▲▲▲ + +# ============================================================================ +# ▼▼▼ EXAMPLE 3 — BEGIN ▼▼▼ +# ---------------------------------------------------------------------------- +# Name : auto-pool-tags-backup.sh +# Purpose : Add the new LXC to a Proxmox pool, append cluster-wide tags, +# register a DNS record in pi-hole, and trigger an immediate +# snapshot backup to a configured storage. +# Difficulty : ⭐⭐⭐ Advanced +# Requires : pvesh, pct, vzdump (host-side; available by default on PVE), +# a reachable pi-hole admin API. +# ============================================================================ +#!/usr/bin/env bash +set -euo pipefail + +# --- CONFIG (edit me) ------------------------------------------------------- +TARGET_POOL="auto-lxc" +EXTRA_TAGS=("auto-provisioned" "${NSAPP}") # community-script tag is set by build.func +BACKUP_STORAGE="pbs-main" # set to "" to skip initial backup +PIHOLE_HOST="192.168.1.5" +PIHOLE_PASSWORD="changeme" # web-UI password +DNS_DOMAIN="lan" # FQDN will be ${HN}.${DNS_DOMAIN} +# ---------------------------------------------------------------------------- + +# 1) Ensure the pool exists, then attach the CT +if ! pvesh get "/pools/${TARGET_POOL}" >/dev/null 2>&1; then + echo "Creating pool: ${TARGET_POOL}" + pvesh create /pools --poolid "${TARGET_POOL}" --comment "Auto-created by post-install hook" || true +fi +echo "Adding CTID=${CTID} to pool=${TARGET_POOL}" +pvesh set "/pools/${TARGET_POOL}" --vms "${CTID}" || echo "WARN: pool attach failed (non-fatal)" + +# 2) Merge new tags with existing ones (preserve community-script etc.) +CURRENT_TAGS="$(pct config "${CTID}" | awk -F': ' '/^tags:/{print $2}')" +declare -A TAG_SET +IFS=';' read -r -a CUR_ARR <<<"${CURRENT_TAGS:-}" +for t in "${CUR_ARR[@]}"; do [[ -n "$t" ]] && TAG_SET["$t"]=1; done +for t in "${EXTRA_TAGS[@]}"; do [[ -n "$t" ]] && TAG_SET["$t"]=1; done +NEW_TAGS="$( + IFS=';' + echo "${!TAG_SET[*]}" +)" +echo "Setting tags: ${NEW_TAGS}" +pct set "${CTID}" --tags "${NEW_TAGS}" || echo "WARN: tag update failed (non-fatal)" + +# 3) Register DNS in pi-hole (custom DNS record) +FQDN="${HN}.${DNS_DOMAIN}" +echo "Registering DNS: ${FQDN} → ${IP} on pi-hole ${PIHOLE_HOST}" +SID="$(curl -fsS --max-time 5 \ + -d "pw=${PIHOLE_PASSWORD}" \ + "http://${PIHOLE_HOST}/api/auth" 2>/dev/null | + sed -nE 's/.*"sid":"([^"]+)".*/\1/p' || true)" + +if [[ -n "${SID}" ]]; then + curl -fsS --max-time 5 -X PUT \ + -H "Content-Type: application/json" \ + -H "sid: ${SID}" \ + -d "{\"hosts\":[\"${IP} ${FQDN}\"]}" \ + "http://${PIHOLE_HOST}/api/config/dns/hosts" >/dev/null || + echo "WARN: pi-hole DNS update failed (non-fatal)" + curl -fsS --max-time 5 -X DELETE -H "sid: ${SID}" "http://${PIHOLE_HOST}/api/auth" >/dev/null || true +else + echo "WARN: could not obtain pi-hole session (skipping DNS)" +fi + +# 4) Initial backup (best-effort, can take a few minutes) +if [[ -n "${BACKUP_STORAGE}" ]]; then + if pvesh get "/storage/${BACKUP_STORAGE}" >/dev/null 2>&1; then + echo "Triggering initial backup of CTID=${CTID} to ${BACKUP_STORAGE}" + vzdump "${CTID}" \ + --storage "${BACKUP_STORAGE}" \ + --mode snapshot \ + --compress zstd \ + --notes-template "Initial backup of ${APP} (CTID=${CTID})" \ + --notification-mode auto || + echo "WARN: initial backup failed (non-fatal)" + else + echo "Backup storage '${BACKUP_STORAGE}' not found — skipping." + fi +fi + +echo "Post-provision routine complete for ${APP} (CTID=${CTID})" +# ▲▲▲ EXAMPLE 3 — END ▲▲▲ + +# ============================================================================ +# ▼▼▼ EXAMPLE 4 — BEGIN ▼▼▼ +# ---------------------------------------------------------------------------- +# Name : inject-ssh-and-monitoring.sh +# Purpose : Push the host's admin SSH key into the new LXC, install the +# Beszel monitoring agent inside the container, and register +# an Uptime-Kuma HTTP push monitor for the LXC's IP. +# Difficulty : ⭐⭐⭐ Advanced +# Requires : pct (host), curl (inside LXC), reachable Beszel hub + +# Uptime-Kuma push URL. +# ============================================================================ +#!/usr/bin/env bash +set -euo pipefail + +# --- CONFIG (edit me) ------------------------------------------------------- +ADMIN_KEY="/root/.ssh/admin_ed25519.pub" +BESZEL_HUB_URL="http://192.168.1.10:8090" +BESZEL_AGENT_KEY="ssh-ed25519 AAAA... beszel@hub" # public key of the hub +UPTIME_KUMA_PUSH_BASE="http://uptime.lan/api/push/abc123" +# ---------------------------------------------------------------------------- + +# 1) Inject the admin SSH key +if [[ -f "${ADMIN_KEY}" ]]; then + echo "Pushing admin SSH key into CTID=${CTID}" + pct exec "${CTID}" -- mkdir -p /root/.ssh + pct exec "${CTID}" -- chmod 700 /root/.ssh + pct push "${CTID}" "${ADMIN_KEY}" /root/.ssh/authorized_keys + pct exec "${CTID}" -- chmod 600 /root/.ssh/authorized_keys +else + echo "WARN: ${ADMIN_KEY} not found on host — skipping SSH key injection" +fi + +# 2) Wait for outbound networking inside the CT (max 30 s) +echo "Waiting for network inside CTID=${CTID}…" +for _ in $(seq 1 30); do + if pct exec "${CTID}" -- bash -c 'getent hosts deb.debian.org >/dev/null 2>&1'; then + break + fi + sleep 1 +done + +# 3) Install Beszel agent inside the LXC +echo "Installing Beszel agent inside CTID=${CTID}" +pct exec "${CTID}" -- bash -s <<'AGENT_INSTALL' || echo "WARN: Beszel install failed" +set -euo pipefail +ARCH="$(uname -m)" +case "$ARCH" in + x86_64) ARCH_TAG=amd64 ;; + aarch64) ARCH_TAG=arm64 ;; + *) echo "Unsupported arch: $ARCH"; exit 1 ;; +esac +TMP=$(mktemp -d) +cd "$TMP" +curl -fsSL "https://github.com/henrygd/beszel/releases/latest/download/beszel-agent_linux_${ARCH_TAG}.tar.gz" \ + | tar -xz +install -m 0755 beszel-agent /usr/local/bin/beszel-agent + +cat >/etc/systemd/system/beszel-agent.service </dev/null || + echo "WARN: Uptime-Kuma push failed (non-fatal)" + +echo "Provisioned monitoring for ${APP} (CTID=${CTID}, IP=${IP})" +# ▲▲▲ EXAMPLE 4 — END ▲▲▲ + +# ============================================================================ +# ▼▼▼ EXAMPLE 5 — BEGIN ▼▼▼ +# ---------------------------------------------------------------------------- +# Name : per-app-router.sh +# Purpose : Single dispatcher hook that runs different actions +# depending on the app being installed (NSAPP). Useful when +# you want ONE hook for the whole cluster but distinct +# behavior for, e.g., databases vs media services. +# Difficulty : ⭐⭐⭐ Advanced +# ============================================================================ +#!/usr/bin/env bash +set -euo pipefail + +# --- CONFIG (edit me) ------------------------------------------------------- +DEFAULT_DNS_SUFFIX="lan" +PROM_FILE_SD_DIR="/etc/prometheus/file_sd" # on the host that runs Prometheus +# ---------------------------------------------------------------------------- + +log() { printf '[%s] %s\n' "$(date +%H:%M:%S)" "$*"; } + +# ---------- shared helpers -------------------------------------------------- +register_prometheus_target() { + local job="$1" port="$2" + local file="${PROM_FILE_SD_DIR}/${job}.json" + mkdir -p "${PROM_FILE_SD_DIR}" + if [[ ! -f "$file" ]]; then echo "[]" >"$file"; fi + python3 - "$file" "${IP}:${port}" "${HN}" "${NSAPP}" <<'PY' +import json, sys +path, target, hn, app = sys.argv[1:5] +data = json.load(open(path)) +# Avoid duplicates +data = [b for b in data if target not in b.get("targets", [])] +data.append({"targets": [target], "labels": {"hostname": hn, "app": app}}) +json.dump(data, open(path, "w"), indent=2) +PY + log "Registered Prometheus target ${IP}:${port} in ${file}" +} + +set_ct_options() { + local cores="$1" mem="$2" desc="$3" + pct set "${CTID}" --cores "${cores}" --memory "${mem}" || true + pct set "${CTID}" --description "${desc}" || true +} + +# ---------- per-app dispatch ------------------------------------------------ +log "Dispatching post-install for NSAPP=${NSAPP} CTID=${CTID}" + +case "${NSAPP}" in + +# ------ Databases --------------------------------------------------------- +postgresql | mariadb | mongodb | redis | valkey) + log "Database role: bumping resources & adding to backup-critical pool" + set_ct_options 4 4096 "DB: ${APP}" + pvesh set /pools/db-critical --vms "${CTID}" 2>/dev/null || true + register_prometheus_target "${NSAPP}-exporter" 9187 + ;; + +# ------ *arr media stack -------------------------------------------------- +sonarr | radarr | prowlarr | lidarr | readarr | bazarr) + log "Media-arr role: tagging + Sonarr/Radarr API webhook" + pct set "${CTID}" --tags "community-script;media;arr-stack" || true + curl -fsS --max-time 5 -X POST \ + "http://media-hub.${DEFAULT_DNS_SUFFIX}/hooks/arr-added" \ + -H "Content-Type: application/json" \ + -d "{\"app\":\"${NSAPP}\",\"ctid\":${CTID},\"ip\":\"${IP}\"}" \ + >/dev/null || log "WARN: media-hub webhook failed" + ;; + +# ------ Web apps that should sit behind NPM/Traefik ---------------------- +vaultwarden | paperless-ngx | nextcloud | immich | bookstack) + log "Web app role: registering reverse-proxy entry" + curl -fsS --max-time 5 -X POST \ + "http://traefik.${DEFAULT_DNS_SUFFIX}/api/dynamic-add" \ + -H "Content-Type: application/json" \ + -d "$( + cat </dev/null || log "WARN: traefik registration failed" + register_prometheus_target "blackbox-http" 80 + ;; + +# ------ Default fallback -------------------------------------------------- +*) + log "No special handling for ${NSAPP} — applying generic defaults" + register_prometheus_target "node-exporter" 9100 + ;; +esac + +log "Finished dispatcher for ${APP} (CTID=${CTID})" +# ▲▲▲ EXAMPLE 5 — END ▲▲▲ + +# ============================================================================ +# END OF EXAMPLES +# ============================================================================