Compare commits

..

7 Commits

Author SHA1 Message Date
Michel Roegl-Brunner 246e4a643b feat(build.func): add var_ignore_disable to bypass disabled-script guard
Allow users to set var_ignore_disable=true to continue past the 'script disabled' guard in runtime_script_status_guard(). A warning is still shown, but execution continues instead of aborting. Deleted scripts remain a hard stop.
2026-07-02 11:17:21 +02:00
community-scripts-pr-app[bot] 6f18af08d8 Update CHANGELOG.md (#15543)
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-07-02 09:07:06 +00:00
push-app-to-main[bot] cd9c920d48 Rackula (#15465)
* Add rackula (ct)

* Update rackula.sh

* Update install/rackula-install.sh

Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>

* Update install/rackula-install.sh

Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>

* fix(rackula): install Bun outside /root so hardened service unit can exec it (#15540)

rackula-api.service ships with ProtectHome=true and
ExecStart=/usr/local/bin/bun. With BUN_INSTALL=/root/.bun the symlink
resolves into /root, which is masked in the unit's mount namespace, so
the service fails with status=203/EXEC and crash-loops. Use /opt/bun
instead, matching yubal and gitea-mirror.

Also drop the unused BUN_VERSION/BUN_VARIANT block (bun.sh/install
takes the version as a positional arg and detects avx2/baseline
itself, so the env vars were dead code) and restore the msg_ok
"Installed Bun" / msg_info "Setting up Rackula" pair.


Claude-Session: https://claude.ai/code/session_011sGajwSQGg1vd6m2AC6Byq

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>

* Refactor rackula-install.sh to streamline installation

Removed checks for security headers config file and adjusted installation steps for Bun and Rackula.

---------

Co-authored-by: push-app-to-main[bot] <203845782+push-app-to-main[bot]@users.noreply.github.com>
Co-authored-by: CanbiZ (MickLesk) <47820557+MickLesk@users.noreply.github.com>
Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>
Co-authored-by: Gareth Evans <63365672+ggfevans@users.noreply.github.com>
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 11:06:43 +02:00
community-scripts-pr-app[bot] 6a07f1bfd5 Update CHANGELOG.md (#15542)
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-07-02 07:12:27 +00:00
CanbiZ (MickLesk) 3f1b2f2180 Frigate: bump to v0.17.2 (#15536) 2026-07-02 09:11:58 +02:00
community-scripts-pr-app[bot] 0bc090abc6 Update CHANGELOG.md (#15541)
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-07-02 07:07:31 +00:00
CanbiZ (MickLesk) be29bb1538 tools.func: configure pnpm to allow all build scripts for LXC container environments (#15532) 2026-07-02 09:07:04 +02:00
7 changed files with 207 additions and 1 deletions
+18
View File
@@ -489,6 +489,24 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
</details>
## 2026-07-02
### 🆕 New Scripts
- Rackula ([#15465](https://github.com/community-scripts/ProxmoxVE/pull/15465))
### 🚀 Updated Scripts
- #### ✨ New Features
- Frigate: bump to v0.17.2 [@MickLesk](https://github.com/MickLesk) ([#15536](https://github.com/community-scripts/ProxmoxVE/pull/15536))
### 💾 Core
- #### 🐞 Bug Fixes
- tools.func: configure pnpm to allow all build scripts for environments [@MickLesk](https://github.com/MickLesk) ([#15532](https://github.com/community-scripts/ProxmoxVE/pull/15532))
## 2026-07-01
### 🆕 New Scripts
+6
View File
@@ -0,0 +1,6 @@
____ __ __
/ __ \____ ______/ /____ __/ /___ _
/ /_/ / __ `/ ___/ //_/ / / / / __ `/
/ _, _/ /_/ / /__/ ,< / /_/ / / /_/ /
/_/ |_|\__,_/\___/_/|_|\__,_/_/\__,_/
Executable
+81
View File
@@ -0,0 +1,81 @@
#!/usr/bin/env bash
source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
# Copyright (c) 2021-2026 community-scripts ORG
# Author: gVNS (ggfevans)
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://github.com/RackulaLives/Rackula
APP="Rackula"
var_tags="${var_tags:-homelab}"
var_cpu="${var_cpu:-1}"
var_ram="${var_ram:-512}"
var_disk="${var_disk:-8}"
var_os="${var_os:-debian}"
var_version="${var_version:-13}"
var_arm64="${var_arm64:-yes}"
var_unprivileged="${var_unprivileged:-1}"
header_info "$APP"
variables
color
catch_errors
function update_script() {
header_info
check_container_storage
check_container_resources
if [[ ! -d /opt/rackula ]]; then
msg_error "No ${APP} Installation Found!"
exit 1
fi
if check_for_gh_release "rackula" "RackulaLives/Rackula"; then
msg_info "Stopping Services"
systemctl stop rackula-api nginx
msg_ok "Stopped Services"
create_backup /opt/rackula/data
CLEAN_INSTALL=1 fetch_and_deploy_gh_release "rackula" "RackulaLives/Rackula" "prebuild" "latest" "/opt/rackula" "rackula-lxc-*.tar.gz"
restore_backup
msg_info "Updating Configuration"
cp /opt/rackula/config/nginx.conf /etc/nginx/sites-available/rackula
cp /opt/rackula/config/security-headers.conf /etc/nginx/snippets/security-headers.conf
cp /opt/rackula/config/rackula-api.service /etc/systemd/system/rackula-api.service
if grep -q '^User=' /etc/systemd/system/rackula-api.service; then
sed -i 's/^User=.*/User=root/' /etc/systemd/system/rackula-api.service
else
sed -i '/^\[Service\]/a User=root' /etc/systemd/system/rackula-api.service
fi
if grep -q '^Group=' /etc/systemd/system/rackula-api.service; then
sed -i 's/^Group=.*/Group=root/' /etc/systemd/system/rackula-api.service
else
sed -i '/^\[Service\]/a Group=root' /etc/systemd/system/rackula-api.service
fi
mkdir -p /etc/systemd/system/nginx.service.d
cp /opt/rackula/config/nginx.service.d-override.conf /etc/systemd/system/nginx.service.d/override.conf
chown -R root:root /opt/rackula/frontend
find /opt/rackula/frontend -type d -exec chmod 755 {} \;
find /opt/rackula/frontend -type f -exec chmod 644 {} \;
chmod 750 /opt/rackula/data
msg_ok "Updated Configuration"
msg_info "Starting Services"
$STD nginx -t
systemctl daemon-reload
systemctl start nginx rackula-api
msg_ok "Started Services"
msg_ok "Updated successfully!"
fi
exit
}
start
build_container
description
msg_ok "Completed Successfully!\n"
echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
echo -e "${INFO}${YW} Access it using the following URL:${CL}"
echo -e "${TAB}${GATEWAY}${BGN}http://${IP}${CL}"
+1 -1
View File
@@ -110,7 +110,7 @@ export AUTOGRAPH_VERBOSITY=0
export GLOG_minloglevel=3
export GLOG_logtostderr=0
fetch_and_deploy_gh_release "frigate" "blakeblackshear/frigate" "tarball" "v0.17.1" "/opt/frigate"
fetch_and_deploy_gh_release "frigate" "blakeblackshear/frigate" "tarball" "v0.17.2" "/opt/frigate"
msg_info "Building Nginx"
$STD bash /opt/frigate/docker/main/build_nginx.sh
+84
View File
@@ -0,0 +1,84 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: gVNS (ggfevans)
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://github.com/RackulaLives/Rackula
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y nginx
msg_ok "Installed Dependencies"
msg_info "Installing Bun"
export BUN_INSTALL="/opt/bun"
curl -fsSL https://bun.sh/install | $STD bash
ln -sf /opt/bun/bin/bun /usr/local/bin/bun
msg_ok "Installed Bun"
fetch_and_deploy_gh_release "rackula" "RackulaLives/Rackula" "prebuild" "latest" "/opt/rackula" "rackula-lxc-*.tar.gz"
msg_info "Setting up Rackula"
mkdir -p /opt/rackula/data /etc/nginx/snippets
SECURITY_HEADERS_SRC="/opt/rackula/config/security-headers.conf"
cp "$SECURITY_HEADERS_SRC" /etc/nginx/snippets/security-headers.conf
chown -R root:root /opt/rackula/frontend
find /opt/rackula/frontend -type d -exec chmod 755 {} \;
find /opt/rackula/frontend -type f -exec chmod 644 {} \;
chmod 750 /opt/rackula/data
API_WRITE_TOKEN=$(openssl rand -hex 32)
cat <<EOF >/opt/rackula/data/.env
RACKULA_API_WRITE_TOKEN=${API_WRITE_TOKEN}
CORS_ORIGIN=http://localhost
ALLOW_INSECURE_CORS=false
EOF
chmod 600 /opt/rackula/data/.env
cat <<EOF >/etc/nginx/snippets/rackula-api-token.conf
map \$host \$rackula_api_write_token {
default "${API_WRITE_TOKEN}";
}
map \$host \$rackula_has_api_write_token {
default 1;
}
EOF
chmod 640 /etc/nginx/snippets/rackula-api-token.conf
msg_ok "Set up Rackula"
msg_info "Configuring nginx"
cp /opt/rackula/config/nginx.conf /etc/nginx/sites-available/rackula
rm -f /etc/nginx/sites-enabled/default
ln -sf /etc/nginx/sites-available/rackula /etc/nginx/sites-enabled/rackula
$STD nginx -t
msg_ok "Configured nginx"
msg_info "Creating Services"
cp /opt/rackula/config/rackula-api.service /etc/systemd/system/rackula-api.service
if grep -q '^User=' /etc/systemd/system/rackula-api.service; then
sed -i 's/^User=.*/User=root/' /etc/systemd/system/rackula-api.service
else
sed -i '/^\[Service\]/a User=root' /etc/systemd/system/rackula-api.service
fi
if grep -q '^Group=' /etc/systemd/system/rackula-api.service; then
sed -i 's/^Group=.*/Group=root/' /etc/systemd/system/rackula-api.service
else
sed -i '/^\[Service\]/a Group=root' /etc/systemd/system/rackula-api.service
fi
mkdir -p /etc/systemd/system/nginx.service.d
cp /opt/rackula/config/nginx.service.d-override.conf /etc/systemd/system/nginx.service.d/override.conf
systemctl daemon-reload
systemctl enable -q nginx rackula-api
systemctl restart nginx rackula-api
msg_ok "Created Services"
motd_ssh
customize
cleanup_lxc
+11
View File
@@ -3788,6 +3788,17 @@ runtime_script_status_guard() {
fi
if [[ "$is_disabled" == "true" ]]; then
# Allow bypass via var_ignore_disable=true (still warn, but continue)
case "${var_ignore_disable:-}" in
1 | yes | true | on)
msg_warn "This script is currently disabled in community-scripts."
[[ -n "$disable_message" ]] && msg_warn "$disable_message"
msg_warn "Bypassing disable status via var_ignore_disable — continuing at your own risk."
msg_warn "More info: ${info_url}"
return 0
;;
esac
msg_error "This script is currently disabled in community-scripts."
[[ -n "$disable_message" ]] && msg_error "$disable_message"
[[ -z "$disable_message" ]] && msg_error "Updates and installs are temporarily disabled for this script."
+6
View File
@@ -7657,6 +7657,12 @@ setup_nodejs() {
fi
fi
# pnpm v10+ blocks dependency build scripts by default (ERR_PNPM_IGNORED_BUILDS).
# In a container environment all installed packages are trusted, so we enable builds globally.
if command -v pnpm >/dev/null 2>&1; then
pnpm config set --global dangerouslyAllowAllBuilds true >/dev/null 2>&1 || true
fi
if [[ "$NODE_COREPACK_ENABLE" == "1" ]] && ((wants_corepack)) && command -v corepack >/dev/null 2>&1; then
msg_info "Enabling corepack"
if $STD corepack enable 2>/dev/null; then