Compare commits

..

1 Commits

Author SHA1 Message Date
CanbiZ (MickLesk) 829704e09e pve-tool: storage share helper script for Proxmox
This script provides a menu-driven interface for managing various storage types in Proxmox, including SMB, NFS, and iSCSI. It includes functions for testing mounts, adding storage, and managing LXC mountpoints.
2026-07-18 09:45:56 +02:00
8 changed files with 996 additions and 571 deletions
-170
View File
@@ -1,173 +1,3 @@
## 2026-07-18
### 💾 Core
- #### ✨ New Features
- core: add configurable host CA inheritance during bootstrap [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15840](https://github.com/community-scripts/ProxmoxVE/pull/15840))
- #### 🔧 Refactor
- tools.func: Safe Delete Directorys & Update PYTHON_VERSION with setup_uv [@MickLesk](https://github.com/MickLesk) ([#15870](https://github.com/community-scripts/ProxmoxVE/pull/15870))
### 🧰 Tools
- #### ✨ New Features
- [tools.update-lxcs] feat: optional reporting success/failures to heathchecks.io (or others) [@sir106](https://github.com/sir106) ([#15701](https://github.com/community-scripts/ProxmoxVE/pull/15701))
## 2026-07-17
### 🆕 New Scripts
- Invidious ([#15824](https://github.com/community-scripts/ProxmoxVE/pull/15824))
- OxiCloud ([#15823](https://github.com/community-scripts/ProxmoxVE/pull/15823))
### 🚀 Updated Scripts
- #### 🐞 Bug Fixes
- webtrees: initialize database schema before admin user creation [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15837](https://github.com/community-scripts/ProxmoxVE/pull/15837))
- Fix DocuSeal missing Leptonica deps on install and update [@Copilot](https://github.com/Copilot) ([#15858](https://github.com/community-scripts/ProxmoxVE/pull/15858))
- apache-guacamole: detect installed extensions during update [@TowyTowy](https://github.com/TowyTowy) ([#15841](https://github.com/community-scripts/ProxmoxVE/pull/15841))
- CLIProxyAPI: fix update deleting config.yaml [@austinpilz](https://github.com/austinpilz) ([#15834](https://github.com/community-scripts/ProxmoxVE/pull/15834))
- esphome: install libusb-1.0-0 for ESP-IDF native builds [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15838](https://github.com/community-scripts/ProxmoxVE/pull/15838))
- #### ✨ New Features
- AFFiNE: Bump to 0.27.0 [@MickLesk](https://github.com/MickLesk) ([#15848](https://github.com/community-scripts/ProxmoxVE/pull/15848))
- n8n: unpin / use latest release [@MickLesk](https://github.com/MickLesk) ([#15817](https://github.com/community-scripts/ProxmoxVE/pull/15817))
- Pin Opencloud to v7.3.0 [@vhsdream](https://github.com/vhsdream) ([#15826](https://github.com/community-scripts/ProxmoxVE/pull/15826))
- #### 🔧 Refactor
- SFTPGo: Update APT Repo & Re-Enable Script [@MickLesk](https://github.com/MickLesk) ([#15829](https://github.com/community-scripts/ProxmoxVE/pull/15829))
### 💾 Core
- #### ✨ New Features
- tools.func: enhance rbenv with profile updates / bundle in bashrc [@MickLesk](https://github.com/MickLesk) ([#15822](https://github.com/community-scripts/ProxmoxVE/pull/15822))
- feat(build.func): notify users when already on a pinned script version [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15819](https://github.com/community-scripts/ProxmoxVE/pull/15819))
- #### 💥 Breaking Changes
- MongoDB: Implement kernel version check and patch [@MickLesk](https://github.com/MickLesk) ([#15821](https://github.com/community-scripts/ProxmoxVE/pull/15821))
### 🧰 Tools
- #### ✨ New Features
- update-lxc: autoremove and autoclean after apt full-upgrade [@soupy-boy](https://github.com/soupy-boy) ([#15831](https://github.com/community-scripts/ProxmoxVE/pull/15831))
## 2026-07-16
### 🆕 New Scripts
- Sync-In ([#15812](https://github.com/community-scripts/ProxmoxVE/pull/15812))
- Beaverhabits ([#15813](https://github.com/community-scripts/ProxmoxVE/pull/15813))
- Notediscovery ([#15811](https://github.com/community-scripts/ProxmoxVE/pull/15811))
### 🚀 Updated Scripts
- #### 🐞 Bug Fixes
- Pin Immich to v3.0.3 [@vhsdream](https://github.com/vhsdream) ([#15790](https://github.com/community-scripts/ProxmoxVE/pull/15790))
## 2026-07-15
### 🆕 New Scripts
- Nexterm ([#15688](https://github.com/community-scripts/ProxmoxVE/pull/15688))
### 🚀 Updated Scripts
- #### 🐞 Bug Fixes
- 2fauth: minor fixes for 8.0.0 [@MickLesk](https://github.com/MickLesk) ([#15795](https://github.com/community-scripts/ProxmoxVE/pull/15795))
- SnapOtter: refactor update process to prebuild [@MickLesk](https://github.com/MickLesk) ([#15797](https://github.com/community-scripts/ProxmoxVE/pull/15797))
### 💾 Core
- #### 🔧 Refactor
- tools.func: default Docker setup to official repo [@MickLesk](https://github.com/MickLesk) ([#15794](https://github.com/community-scripts/ProxmoxVE/pull/15794))
## 2026-07-14
### 🆕 New Scripts
- Grav ([#15773](https://github.com/community-scripts/ProxmoxVE/pull/15773))
- Yuvomi ([#15772](https://github.com/community-scripts/ProxmoxVE/pull/15772))
### 🚀 Updated Scripts
- #### 🐞 Bug Fixes
- Lychee: Preserve uploads and ownership during update [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15768](https://github.com/community-scripts/ProxmoxVE/pull/15768))
- Wanderer: Clean deploy and install plugins for v0.20.0 update [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15759](https://github.com/community-scripts/ProxmoxVE/pull/15759))
- FileFlows: Handle update API 401, force update, and Node install [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15766](https://github.com/community-scripts/ProxmoxVE/pull/15766))
- BirdNET-Go: Match new upstream release asset naming [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15758](https://github.com/community-scripts/ProxmoxVE/pull/15758))
- [Upstream Fix] Immich: Fix loader priority [@vhsdream](https://github.com/vhsdream) ([#15755](https://github.com/community-scripts/ProxmoxVE/pull/15755))
- #### ✨ New Features
- Bump OpenCloud version to v7.2.2 [@MickLesk](https://github.com/MickLesk) ([#15769](https://github.com/community-scripts/ProxmoxVE/pull/15769))
- Silverbullet: Add optional Runtime API install via Chromium [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15761](https://github.com/community-scripts/ProxmoxVE/pull/15761))
- #### 💥 Breaking Changes
- Pangolin: Bump to 1.20.0 | BREAKING: Switch to PostgreSQL [@MickLesk](https://github.com/MickLesk) ([#15682](https://github.com/community-scripts/ProxmoxVE/pull/15682))
- #### 🔧 Refactor
- AFFiNE: Pin to v0.26.3 [@MickLesk](https://github.com/MickLesk) ([#15782](https://github.com/community-scripts/ProxmoxVE/pull/15782))
## 2026-07-13
### 🆕 New Scripts
- LeafWiki ([#15748](https://github.com/community-scripts/ProxmoxVE/pull/15748))
### 🚀 Updated Scripts
- #### 🐞 Bug Fixes
- fix(hyperion): keep service running after container reboot [@TowyTowy](https://github.com/TowyTowy) ([#15653](https://github.com/community-scripts/ProxmoxVE/pull/15653))
- Change sign-in URL to admin URL in affine.sh [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15741](https://github.com/community-scripts/ProxmoxVE/pull/15741))
- immich: use actual PostgreSQL version for VectorChord package lookup [@mnavon](https://github.com/mnavon) ([#15705](https://github.com/community-scripts/ProxmoxVE/pull/15705))
- fix storyteller release selection for stable web tags [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15736](https://github.com/community-scripts/ProxmoxVE/pull/15736))
- Docmost: Fix update procedure [@MickLesk](https://github.com/MickLesk) ([#15732](https://github.com/community-scripts/ProxmoxVE/pull/15732))
- fix(shinobi): remove obsolete --unsafe-perm npm flag [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15730](https://github.com/community-scripts/ProxmoxVE/pull/15730))
- #### 💥 Breaking Changes
- reitti: update to v5 [@CrazyWolf13](https://github.com/CrazyWolf13) ([#15635](https://github.com/community-scripts/ProxmoxVE/pull/15635))
### 💾 Core
- #### 🐞 Bug Fixes
- fix(build.func): parse script status without jq dependency [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15729](https://github.com/community-scripts/ProxmoxVE/pull/15729))
- #### 🔧 Refactor
- tools.func: some improvements (sql injection / command injection / guard) [@MickLesk](https://github.com/MickLesk) ([#15661](https://github.com/community-scripts/ProxmoxVE/pull/15661))
## 2026-07-12
### 🆕 New Scripts
- AFFiNE ([#15690](https://github.com/community-scripts/ProxmoxVE/pull/15690))
### 🚀 Updated Scripts
- Immich: Bump version to 3.0.2 [@vhsdream](https://github.com/vhsdream) ([#15668](https://github.com/community-scripts/ProxmoxVE/pull/15668))
### ❔ Uncategorized
- fix(immich): correct Python indentation error in ct/immich.sh heredoc patch [@Copilot](https://github.com/Copilot) ([#15723](https://github.com/community-scripts/ProxmoxVE/pull/15723))
## 2026-07-11 ## 2026-07-11
### 🆕 New Scripts ### 🆕 New Scripts
+126 -25
View File
@@ -77,9 +77,6 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
@@ -93,7 +90,7 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
<details> <details>
<summary><h4>July (18 entries)</h4></summary> <summary><h4>July (11 entries)</h4></summary>
[View July 2026 Changelog](.github/changelogs/2026/07.md) [View July 2026 Changelog](.github/changelogs/2026/07.md)
@@ -505,26 +502,6 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
</details> </details>
## 2026-07-19
## 2026-07-18
### 💾 Core
- #### ✨ New Features
- core: add configurable host CA inheritance during bootstrap [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15840](https://github.com/community-scripts/ProxmoxVE/pull/15840))
- #### 🔧 Refactor
- tools.func: Safe Delete Directorys & Update PYTHON_VERSION with setup_uv [@MickLesk](https://github.com/MickLesk) ([#15870](https://github.com/community-scripts/ProxmoxVE/pull/15870))
### 🧰 Tools
- #### ✨ New Features
- [tools.update-lxcs] feat: optional reporting success/failures to heathchecks.io (or others) [@sir106](https://github.com/sir106) ([#15701](https://github.com/community-scripts/ProxmoxVE/pull/15701))
## 2026-07-17 ## 2026-07-17
### 🆕 New Scripts ### 🆕 New Scripts
@@ -1158,4 +1135,128 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
- chore(ct): sync coredns defaults with PocketBase [@github-actions[bot]](https://github.com/github-actions[bot]) ([#15182](https://github.com/community-scripts/ProxmoxVE/pull/15182)) - chore(ct): sync coredns defaults with PocketBase [@github-actions[bot]](https://github.com/github-actions[bot]) ([#15182](https://github.com/community-scripts/ProxmoxVE/pull/15182))
- chore(ct): sync gatus defaults with PocketBase [@github-actions[bot]](https://github.com/github-actions[bot]) ([#15184](https://github.com/community-scripts/ProxmoxVE/pull/15184)) - chore(ct): sync gatus defaults with PocketBase [@github-actions[bot]](https://github.com/github-actions[bot]) ([#15184](https://github.com/community-scripts/ProxmoxVE/pull/15184))
- chore(ct): sync bitmagnet defaults with PocketBase [@github-actions[bot]](https://github.com/github-actions[bot]) ([#15183](https://github.com/community-scripts/ProxmoxVE/pull/15183)) - chore(ct): sync bitmagnet defaults with PocketBase [@github-actions[bot]](https://github.com/github-actions[bot]) ([#15183](https://github.com/community-scripts/ProxmoxVE/pull/15183))
## 2026-06-18
### 🚀 Updated Scripts
- #### 🐞 Bug Fixes
- flowise: add deps / uv / python 3.11 [@MickLesk](https://github.com/MickLesk) ([#15177](https://github.com/community-scripts/ProxmoxVE/pull/15177))
- #### 💥 Breaking Changes
- refactor: crafty-controller [@CrazyWolf13](https://github.com/CrazyWolf13) ([#15178](https://github.com/community-scripts/ProxmoxVE/pull/15178))
## 2026-06-17
### 🚀 Updated Scripts
- #### 🐞 Bug Fixes
- kasm: fix release detection [@CrazyWolf13](https://github.com/CrazyWolf13) ([#15151](https://github.com/community-scripts/ProxmoxVE/pull/15151))
- #### ✨ New Features
- trek: update install and upgrade workflow for v3.1.0 [@MickLesk](https://github.com/MickLesk) ([#15165](https://github.com/community-scripts/ProxmoxVE/pull/15165))
- #### 💥 Breaking Changes
- TREK: Pin version [@tremor021](https://github.com/tremor021) ([#15156](https://github.com/community-scripts/ProxmoxVE/pull/15156))
- #### 🔧 Refactor
- chore(paperless-ngx): pin version to prevent v3 update [@tomfrenzel](https://github.com/tomfrenzel) ([#15171](https://github.com/community-scripts/ProxmoxVE/pull/15171))
### 🧰 Tools
- #### 🐞 Bug Fixes
- immich public proxy: replace npm install with npm ci for consistent dependency installation [@MickLesk](https://github.com/MickLesk) ([#15166](https://github.com/community-scripts/ProxmoxVE/pull/15166))
## 2026-06-16
### 🆕 New Scripts
- Feishin ([#15130](https://github.com/community-scripts/ProxmoxVE/pull/15130))
- Kiwix ([#15131](https://github.com/community-scripts/ProxmoxVE/pull/15131))
- Add runtime status guard and deleted script stubs [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15125](https://github.com/community-scripts/ProxmoxVE/pull/15125))
### 🚀 Updated Scripts
- #### 🐞 Bug Fixes
- fix(degoog): use localhost for valkey url [@ethan-hgwr](https://github.com/ethan-hgwr) ([#15149](https://github.com/community-scripts/ProxmoxVE/pull/15149))
- Fix InvoiceShelf install/update Yarn package manager mismatch [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15141](https://github.com/community-scripts/ProxmoxVE/pull/15141))
- fix storyteller install failure with yarn 4 corepack [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15140](https://github.com/community-scripts/ProxmoxVE/pull/15140))
- fix: generate policy-compliant OpenObserve root password [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15137](https://github.com/community-scripts/ProxmoxVE/pull/15137))
## 2026-06-15
### 🚀 Updated Scripts
- #### 🐞 Bug Fixes
- Watcharr: Clean install on update [@tremor021](https://github.com/tremor021) ([#15119](https://github.com/community-scripts/ProxmoxVE/pull/15119))
- Vaultwarden: extend version check for VaultWarden update [@MickLesk](https://github.com/MickLesk) ([#15105](https://github.com/community-scripts/ProxmoxVE/pull/15105))
- #### ✨ New Features
- degoog: add curl-impersonate to script [@MickLesk](https://github.com/MickLesk) ([#15117](https://github.com/community-scripts/ProxmoxVE/pull/15117))
### 💾 Core
- #### ✨ New Features
- tools.func: extend mesa-vulkan-drivers and vulkan-tools to installation for ARC GPU's [@MickLesk](https://github.com/MickLesk) ([#15106](https://github.com/community-scripts/ProxmoxVE/pull/15106))
- #### 🔧 Refactor
- core: improve mirror selection and error handling [@MickLesk](https://github.com/MickLesk) ([#15108](https://github.com/community-scripts/ProxmoxVE/pull/15108))
- core: implement gateway validation for DHCP and static networks [@MickLesk](https://github.com/MickLesk) ([#15107](https://github.com/community-scripts/ProxmoxVE/pull/15107))
## 2026-06-14
### 🚀 Updated Scripts
- #### 🐞 Bug Fixes
- Iinvoiceninja: fix nginx setup assets port [@MickLesk](https://github.com/MickLesk) ([#15090](https://github.com/community-scripts/ProxmoxVE/pull/15090))
- CheckMK: remove stale backup site before creating new backup during update [@MickLesk](https://github.com/MickLesk) ([#15088](https://github.com/community-scripts/ProxmoxVE/pull/15088))
- #### 🔧 Refactor
- Refactor: Implement backup functions for scripts C-D [@tremor021](https://github.com/tremor021) ([#15096](https://github.com/community-scripts/ProxmoxVE/pull/15096))
## 2026-06-13
### 🆕 New Scripts
- BookOrbit ([#15080](https://github.com/community-scripts/ProxmoxVE/pull/15080))
### 🚀 Updated Scripts
- Update authentik version to 2026.5.3 [@thieneret](https://github.com/thieneret) ([#15093](https://github.com/community-scripts/ProxmoxVE/pull/15093))
- #### 🐞 Bug Fixes
- Immich: Update image-processing libraries [@vhsdream](https://github.com/vhsdream) ([#15082](https://github.com/community-scripts/ProxmoxVE/pull/15082))
- HomeBox: Support v0.26.0 [@tomfrenzel](https://github.com/tomfrenzel) ([#15086](https://github.com/community-scripts/ProxmoxVE/pull/15086))
- #### 🔧 Refactor
- Refactor: Implement backup functions for scripts A-B [@tremor021](https://github.com/tremor021) ([#15075](https://github.com/community-scripts/ProxmoxVE/pull/15075))
## 2026-06-12
### 🆕 New Scripts
- Twenty ([#15047](https://github.com/community-scripts/ProxmoxVE/pull/15047))
- Alpine-Cinny ([#15044](https://github.com/community-scripts/ProxmoxVE/pull/15044))
### 💾 Core
- #### ✨ New Features
- [core] Implement backup and restore functions [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15067](https://github.com/community-scripts/ProxmoxVE/pull/15067))
+1 -2
View File
@@ -31,14 +31,13 @@ NODE_VERSION="24" NODE_MODULE="corepack,yarn" setup_nodejs
fetch_and_deploy_gh_release "manyfold" "manyfold3d/manyfold" "tarball" "latest" "/opt/manyfold/app" fetch_and_deploy_gh_release "manyfold" "manyfold3d/manyfold" "tarball" "latest" "/opt/manyfold/app"
useradd -m -s /usr/bin/bash manyfold
RUBY_INSTALL_VERSION=$(cat /opt/manyfold/app/.ruby-version) RUBY_INSTALL_VERSION=$(cat /opt/manyfold/app/.ruby-version)
RUBY_VERSION=${RUBY_INSTALL_VERSION} RUBY_INSTALL_RAILS="true" HOME=/home/manyfold setup_ruby RUBY_VERSION=${RUBY_INSTALL_VERSION} RUBY_INSTALL_RAILS="true" HOME=/home/manyfold setup_ruby
msg_info "Configuring Manyfold" msg_info "Configuring Manyfold"
YARN_VERSION=$(grep '"packageManager":' /opt/manyfold/app/package.json | sed -E 's/.*"(yarn@[0-9\.]+)".*/\1/') YARN_VERSION=$(grep '"packageManager":' /opt/manyfold/app/package.json | sed -E 's/.*"(yarn@[0-9\.]+)".*/\1/')
RELEASE=$(get_latest_github_release "manyfold3d/manyfold") RELEASE=$(get_latest_github_release "manyfold3d/manyfold")
useradd -m -s /usr/bin/bash manyfold
cat <<EOF >/opt/manyfold/.env cat <<EOF >/opt/manyfold/.env
export APP_VERSION=${RELEASE} export APP_VERSION=${RELEASE}
export GUID=1002 export GUID=1002
+7 -136
View File
@@ -1009,7 +1009,6 @@ base_settings() {
APT_CACHER=${var_apt_cacher:-""} APT_CACHER=${var_apt_cacher:-""}
APT_CACHER_IP=${var_apt_cacher_ip:-""} APT_CACHER_IP=${var_apt_cacher_ip:-""}
INHERIT_HOST_CA="${var_inherit_host_ca:-auto}"
# Runtime check: Verify APT cacher is reachable if configured # Runtime check: Verify APT cacher is reachable if configured
if [[ -n "$APT_CACHER_IP" && "$APT_CACHER" == "yes" ]]; then if [[ -n "$APT_CACHER_IP" && "$APT_CACHER" == "yes" ]]; then
@@ -1089,7 +1088,7 @@ load_vars_file() {
# Allowed var_* keys # Allowed var_* keys
local VAR_WHITELIST=( local VAR_WHITELIST=(
var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_inherit_host_ca var_keyctl var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_keyctl
var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain
@@ -1286,12 +1285,6 @@ load_vars_file() {
continue continue
fi fi
;; ;;
var_inherit_host_ca)
if [[ "$var_val" != "yes" && "$var_val" != "no" && "$var_val" != "auto" ]]; then
msg_warn "Invalid host CA inheritance value '$var_val' in $file (must be yes/no/auto), ignoring"
continue
fi
;;
var_container_storage | var_template_storage) var_container_storage | var_template_storage)
# Validate that the storage exists and is active on the current node # Validate that the storage exists and is active on the current node
local _storage_status local _storage_status
@@ -1331,7 +1324,7 @@ default_var_settings() {
# Allowed var_* keys (alphabetically sorted) # Allowed var_* keys (alphabetically sorted)
# Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique) # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
local VAR_WHITELIST=( local VAR_WHITELIST=(
var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_inherit_host_ca var_keyctl var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_keyctl
var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
@@ -1414,7 +1407,6 @@ var_ssh=no
# HTTP/HTTPS proxy (optional - for networks requiring a proxy) # HTTP/HTTPS proxy (optional - for networks requiring a proxy)
# var_http_proxy=http://proxy.local:8080 # var_http_proxy=http://proxy.local:8080
# var_http_no_proxy=localhost,127.0.0.1,.local # var_http_no_proxy=localhost,127.0.0.1,.local
# var_inherit_host_ca=auto
# Features/Tags/verbosity # Features/Tags/verbosity
var_fuse=no var_fuse=no
@@ -1515,7 +1507,7 @@ get_app_defaults_path() {
if ! declare -p VAR_WHITELIST >/dev/null 2>&1; then if ! declare -p VAR_WHITELIST >/dev/null 2>&1; then
# Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique) # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
declare -ag VAR_WHITELIST=( declare -ag VAR_WHITELIST=(
var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_inherit_host_ca var_keyctl var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_keyctl
var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain
@@ -1665,7 +1657,6 @@ _build_current_app_vars_tmp() {
_apt_cacher_ip="${APT_CACHER_IP:-}" _apt_cacher_ip="${APT_CACHER_IP:-}"
_http_proxy="${HTTP_PROXY:-${var_http_proxy:-}}" _http_proxy="${HTTP_PROXY:-${var_http_proxy:-}}"
_http_no_proxy="${HTTP_NO_PROXY:-${var_http_no_proxy:-}}" _http_no_proxy="${HTTP_NO_PROXY:-${var_http_no_proxy:-}}"
_inherit_host_ca="${INHERIT_HOST_CA:-${var_inherit_host_ca:-auto}}"
_fuse="${ENABLE_FUSE:-no}" _fuse="${ENABLE_FUSE:-no}"
_tun="${ENABLE_TUN:-no}" _tun="${ENABLE_TUN:-no}"
_gpu="${ENABLE_GPU:-no}" _gpu="${ENABLE_GPU:-no}"
@@ -1719,7 +1710,6 @@ _build_current_app_vars_tmp() {
[ -n "$_apt_cacher_ip" ] && echo "var_apt_cacher_ip=$(_sanitize_value "$_apt_cacher_ip")" [ -n "$_apt_cacher_ip" ] && echo "var_apt_cacher_ip=$(_sanitize_value "$_apt_cacher_ip")"
[ -n "$_http_proxy" ] && echo "var_http_proxy=$(_sanitize_value "$_http_proxy")" [ -n "$_http_proxy" ] && echo "var_http_proxy=$(_sanitize_value "$_http_proxy")"
[ -n "$_http_no_proxy" ] && echo "var_http_no_proxy=$(_sanitize_value "$_http_no_proxy")" [ -n "$_http_no_proxy" ] && echo "var_http_no_proxy=$(_sanitize_value "$_http_no_proxy")"
[ -n "$_inherit_host_ca" ] && echo "var_inherit_host_ca=$(_sanitize_value "$_inherit_host_ca")"
[ -n "$_fuse" ] && echo "var_fuse=$(_sanitize_value "$_fuse")" [ -n "$_fuse" ] && echo "var_fuse=$(_sanitize_value "$_fuse")"
[ -n "$_tun" ] && echo "var_tun=$(_sanitize_value "$_tun")" [ -n "$_tun" ] && echo "var_tun=$(_sanitize_value "$_tun")"
@@ -1884,7 +1874,7 @@ advanced_settings() {
TAGS="community-script${var_tags:+;${var_tags}}" TAGS="community-script${var_tags:+;${var_tags}}"
fi fi
local STEP=1 local STEP=1
local MAX_STEP=31 local MAX_STEP=30
# Store values for back navigation - inherit from var_* app defaults # Store values for back navigation - inherit from var_* app defaults
local _ct_type="${var_unprivileged:-1}" local _ct_type="${var_unprivileged:-1}"
@@ -1906,7 +1896,6 @@ advanced_settings() {
local _apt_cacher_ip="${var_apt_cacher_ip:-}" local _apt_cacher_ip="${var_apt_cacher_ip:-}"
local _http_proxy="${var_http_proxy:-}" local _http_proxy="${var_http_proxy:-}"
local _http_no_proxy="${var_http_no_proxy:-}" local _http_no_proxy="${var_http_no_proxy:-}"
local _inherit_host_ca="${var_inherit_host_ca:-auto}"
local _mtu="${var_mtu:-}" local _mtu="${var_mtu:-}"
local _sd="${var_searchdomain:-}" local _sd="${var_searchdomain:-}"
local _ns="${var_ns:-}" local _ns="${var_ns:-}"
@@ -2736,47 +2725,9 @@ advanced_settings() {
;; ;;
# ═══════════════════════════════════════════════════════════════════════════ # ═══════════════════════════════════════════════════════════════════════════
# STEP 25: Host CA Inheritance # STEP 25: Container Timezone
# ═══════════════════════════════════════════════════════════════════════════ # ═══════════════════════════════════════════════════════════════════════════
25) 25)
local host_ca_count=0
local host_ca_dir="/usr/local/share/ca-certificates"
local cert
shopt -s nullglob
for cert in "$host_ca_dir"/*.crt; do
host_ca_count=$((host_ca_count + 1))
done
shopt -u nullglob
if [[ $host_ca_count -eq 0 ]]; then
_inherit_host_ca="auto"
((STEP++))
continue
fi
local host_ca_default_flag=""
[[ "$_inherit_host_ca" == "no" ]] && host_ca_default_flag="--defaultno"
if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
--title "HOST CA INHERITANCE" \
--ok-button "Next" --cancel-button "Back" \
$host_ca_default_flag \
--yesno "\nInherit host CA certificates into this container?\n\nDetected on host: ${host_ca_count} certificate(s) in:\n${host_ca_dir}\n\nRecommended for private PKI / TLS-inspection environments.\n\n(App default: ${var_inherit_host_ca:-auto})" 16 72; then
_inherit_host_ca="yes"
else
if [ $? -eq 1 ]; then
_inherit_host_ca="no"
else
((STEP--))
continue
fi
fi
((STEP++))
;;
# ═══════════════════════════════════════════════════════════════════════════
# STEP 26: Container Timezone
# ═══════════════════════════════════════════════════════════════════════════
26)
local tz_hint="$_ct_timezone" local tz_hint="$_ct_timezone"
[[ -z "$tz_hint" ]] && tz_hint="(empty - will use host timezone)" [[ -z "$tz_hint" ]] && tz_hint="(empty - will use host timezone)"
@@ -2799,9 +2750,9 @@ advanced_settings() {
;; ;;
# ═══════════════════════════════════════════════════════════════════════════ # ═══════════════════════════════════════════════════════════════════════════
# STEP 27: Container Protection # STEP 26: Container Protection
# ═══════════════════════════════════════════════════════════════════════════ # ═══════════════════════════════════════════════════════════════════════════
27) 26)
local protect_default_flag="--defaultno" local protect_default_flag="--defaultno"
[[ "$_protect_ct" == "yes" || "$_protect_ct" == "1" ]] && protect_default_flag="" [[ "$_protect_ct" == "yes" || "$_protect_ct" == "1" ]] && protect_default_flag=""
@@ -2953,7 +2904,6 @@ Leave empty to skip."
local apt_display="${_apt_cacher:-no}" local apt_display="${_apt_cacher:-no}"
[[ "$_apt_cacher" == "yes" && -n "$_apt_cacher_ip" ]] && apt_display="$_apt_cacher_ip" [[ "$_apt_cacher" == "yes" && -n "$_apt_cacher_ip" ]] && apt_display="$_apt_cacher_ip"
local http_proxy_display="${_http_proxy:-(none)}" local http_proxy_display="${_http_proxy:-(none)}"
local inherit_ca_display="${_inherit_host_ca:-auto}"
local post_install_display="${_post_install:-(none)}" local post_install_display="${_post_install:-(none)}"
local post_install_warn="" local post_install_warn=""
@@ -2984,7 +2934,6 @@ Advanced:
Timezone: $tz_display Timezone: $tz_display
APT Cacher: $apt_display APT Cacher: $apt_display
HTTP Proxy: $http_proxy_display HTTP Proxy: $http_proxy_display
Inherit Host CAs: $inherit_ca_display
Verbose: $_verbose Verbose: $_verbose
Post-Install Script: ${post_install_display}${post_install_warn}" Post-Install Script: ${post_install_display}${post_install_warn}"
@@ -3030,7 +2979,6 @@ Advanced:
APT_CACHER_IP="$_apt_cacher_ip" APT_CACHER_IP="$_apt_cacher_ip"
HTTP_PROXY="$_http_proxy" HTTP_PROXY="$_http_proxy"
HTTP_NO_PROXY="$_http_no_proxy" HTTP_NO_PROXY="$_http_no_proxy"
INHERIT_HOST_CA="$_inherit_host_ca"
VERBOSE="$_verbose" VERBOSE="$_verbose"
var_post_install="$_post_install" var_post_install="$_post_install"
@@ -3049,7 +2997,6 @@ Advanced:
var_sdn_vnet="$_sdn_vnet" var_sdn_vnet="$_sdn_vnet"
var_http_proxy="$_http_proxy" var_http_proxy="$_http_proxy"
var_http_no_proxy="$_http_no_proxy" var_http_no_proxy="$_http_no_proxy"
var_inherit_host_ca="$_inherit_host_ca"
# Format optional values # Format optional values
[[ -n "$_mtu" ]] && MTU=",mtu=$_mtu" || MTU="" [[ -n "$_mtu" ]] && MTU=",mtu=$_mtu" || MTU=""
@@ -3998,81 +3945,6 @@ EOF
msg_ok "Applied HTTP proxy in container" msg_ok "Applied HTTP proxy in container"
} }
# ------------------------------------------------------------------------------
# _apply_host_ca_certs_in_container()
#
# - Copies administrator-provided CA certificates from the Proxmox host into the
# container before base package bootstrap
# - Source: /usr/local/share/ca-certificates/*.crt (Debian convention)
# - Refreshes the container trust store when update-ca-certificates is available
# - No-op when no host certificates are present; failures are non-fatal
# ------------------------------------------------------------------------------
_apply_host_ca_certs_in_container() {
local host_ca_dir="/usr/local/share/ca-certificates"
[[ -z "${CTID:-}" ]] && return 0
local inherit_host_ca="${INHERIT_HOST_CA:-${var_inherit_host_ca:-auto}}"
local -a host_certs=()
local cert
shopt -s nullglob
for cert in "$host_ca_dir"/*.crt; do
host_certs+=("$cert")
done
shopt -u nullglob
[[ ${#host_certs[@]} -eq 0 ]] && return 0
case "${inherit_host_ca,,}" in
no | false | 0 | off)
msg_info "Skipping host CA inheritance by configuration"
return 0
;;
esac
msg_info "Inheriting host CA certificates into container"
local found=${#host_certs[@]}
local copied=0
local skipped=0
local cert_name
pct exec "$CTID" -- mkdir -p /usr/local/share/ca-certificates >/dev/null 2>&1 || {
msg_warn "Failed to create CA certificate directory in container"
return 0
}
for cert in "${host_certs[@]}"; do
cert_name="$(basename "$cert")"
if [[ ! -r "$cert" || "$cert_name" != *.crt ]]; then
msg_warn "Skipping invalid or unreadable host CA certificate: ${cert_name}"
skipped=$((skipped + 1))
continue
fi
if pct push "$CTID" "$cert" "/usr/local/share/ca-certificates/${cert_name}" >/dev/null 2>&1; then
pct exec "$CTID" -- chmod 644 "/usr/local/share/ca-certificates/${cert_name}" >/dev/null 2>&1 || true
copied=$((copied + 1))
else
msg_warn "Failed to push host CA certificate: ${cert_name}"
skipped=$((skipped + 1))
fi
done
if [[ $copied -eq 0 ]]; then
msg_warn "No host CA certificates were copied (${found} found, ${skipped} skipped)"
return 0
fi
local refresh_shell="bash"
[[ "$var_os" == "alpine" ]] && refresh_shell="ash"
if pct exec "$CTID" -- "$refresh_shell" -c 'command -v update-ca-certificates >/dev/null 2>&1 && update-ca-certificates' >/dev/null 2>&1; then
msg_ok "Inherited ${copied} host CA certificate(s) and updated trust store (${skipped} skipped)"
else
msg_warn "Copied ${copied} host CA certificate(s), but trust store update failed or update-ca-certificates is unavailable (${skipped} skipped)"
fi
}
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# build_container() # build_container()
# #
@@ -4693,7 +4565,6 @@ EOF
local install_exit_code=0 local install_exit_code=0
_apply_http_proxy_in_container _apply_http_proxy_in_container
_apply_host_ca_certs_in_container
# Continue with standard container setup # Continue with standard container setup
if [ "$var_os" == "alpine" ]; then if [ "$var_os" == "alpine" ]; then
+337 -187
View File
@@ -2483,150 +2483,6 @@ verify_gpg_fingerprint() {
return 65 return 65
} }
# ------------------------------------------------------------------------------
# _download_source_tarball <url> <dest> [curl args...]
#
# Downloads a source .tar.gz to <dest> and verifies the gzip stream is complete
# before returning. Source forges (GitHub/GitLab/Codeberg) build these archives
# on the fly; for large repos the response is occasionally a truncated-but-
# cleanly-closed gzip that curl accepts as success (HTTP 200) and which then
# fails at extraction time. We validate with `gzip -t` and re-download on
# failure, and abort stalled transfers (--speed-time) so a hung generation
# retries instead of blocking for minutes. Extra args pass through to curl
# (e.g. auth headers like -H "PRIVATE-TOKEN: ...").
#
# Returns: 0 on success, 250 on persistent failure.
# ------------------------------------------------------------------------------
_download_source_tarball() {
local url="$1" dest="$2"
shift 2
local attempt max=3
for ((attempt = 1; attempt <= max; attempt++)); do
if curl --connect-timeout 15 --max-time 900 --speed-limit 1024 --speed-time 60 \
-fsSL "$@" -o "$dest" "$url" && gzip -t "$dest" 2>/dev/null; then
return 0
fi
rm -f "$dest"
((attempt < max)) && {
msg_warn "Source archive download failed or incomplete (attempt ${attempt}/${max}), retrying..."
sleep $((attempt * 3))
}
done
return 250
}
# ------------------------------------------------------------------------------
# _deploy_source_tarball <tarball_path> <target> <workdir>
#
# Shared tail for the *source tarball* modes of the fetch_and_deploy_* helpers
# (GitHub/GitLab/Codeberg archive tarballs that contain a single top-level
# directory). Extracts <tarball_path> into <workdir>, then copies the contents
# of that top-level directory into <target>.
#
# - Honors CLEAN_INSTALL=1 (wipes <target> first, dotfiles included).
# - Does NOT own <workdir>: the caller creates it and is responsible for its
# cleanup (typically via a RETURN trap on its tmpdir).
# - cp failures are non-fatal here, matching the previous inline behavior.
#
# Returns: 0 on success (or non-fatal cp failure), 251 on extraction failure.
# ------------------------------------------------------------------------------
_deploy_source_tarball() {
local tarball="$1" target="$2" workdir="$3"
mkdir -p "$target"
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
find "${target:?}" -mindepth 1 -delete
fi
tar --no-same-owner -xzf "$tarball" -C "$workdir" || {
msg_error "Failed to extract tarball"
return 251
}
local unpack_dir
unpack_dir=$(find "$workdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
shopt -s dotglob nullglob
cp -r "$unpack_dir"/* "$target/"
shopt -u dotglob nullglob
return 0
}
# ------------------------------------------------------------------------------
# _deploy_unpacked_archive <archive_path> <target> <workdir>
#
# Shared tail for the *prebuild* modes of the fetch_and_deploy_*_release helpers
# (release assets shipped as .zip / .tar.* / .tgz / .txz). Extracts the archive
# into <workdir>, then copies its payload into <target>. If the archive contains
# a single top-level directory, that directory is stripped (its contents land
# directly in <target>); otherwise the archive contents are copied as-is.
#
# - Honors CLEAN_INSTALL=1 (wipes <target> first, dotfiles included).
# - Does NOT own <workdir>: the caller creates it and cleans it up.
#
# Returns: 0 on success, 65 on unsupported format, 251 on extraction failure,
# 252 on copy failure / empty archive.
# ------------------------------------------------------------------------------
_deploy_unpacked_archive() {
local archive="$1" target="$2" workdir="$3"
local filename="${archive##*/}"
mkdir -p "$target"
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
find "${target:?}" -mindepth 1 -delete
fi
if [[ "$filename" == *.zip ]]; then
ensure_dependencies unzip
unzip -q "$archive" -d "$workdir" || {
msg_error "Failed to extract ZIP archive"
return 251
}
elif [[ "$filename" == *.tar.* || "$filename" == *.tgz || "$filename" == *.txz ]]; then
tar --no-same-owner -xf "$archive" -C "$workdir" || {
msg_error "Failed to extract TAR archive"
return 251
}
else
msg_error "Unsupported archive format: $filename"
return 65
fi
local top_entries inner_dir
top_entries=$(find "$workdir" -mindepth 1 -maxdepth 1)
if [[ "$(echo "$top_entries" | wc -l)" -eq 1 && -d "$top_entries" ]]; then
inner_dir="$top_entries"
shopt -s dotglob nullglob
if compgen -G "$inner_dir/*" >/dev/null; then
cp -r "$inner_dir"/* "$target/" || {
msg_error "Failed to copy contents from $inner_dir to $target"
shopt -u dotglob nullglob
return 252
}
else
msg_error "Inner directory is empty: $inner_dir"
shopt -u dotglob nullglob
return 252
fi
shopt -u dotglob nullglob
else
shopt -s dotglob nullglob
if compgen -G "$workdir/*" >/dev/null; then
cp -r "$workdir"/* "$target/" || {
msg_error "Failed to copy contents to $target"
shopt -u dotglob nullglob
return 252
}
else
msg_error "Unpacked archive is empty"
shopt -u dotglob nullglob
return 252
fi
shopt -u dotglob nullglob
fi
return 0
}
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Fetches and deploys a GitHub tag-based source tarball. # Fetches and deploys a GitHub tag-based source tarball.
# #
@@ -2675,19 +2531,36 @@ fetch_and_deploy_gh_tag() {
local tmpdir local tmpdir
tmpdir=$(mktemp -d) || return 1 tmpdir=$(mktemp -d) || return 1
trap 'rm -rf "$tmpdir"' RETURN
local tarball_url="https://github.com/${repo}/archive/refs/tags/${version}.tar.gz" local tarball_url="https://github.com/${repo}/archive/refs/tags/${version}.tar.gz"
local filename="${app_lc}-${version}.tar.gz" local filename="${app_lc}-${version}.tar.gz"
msg_info "Fetching GitHub tag: ${app} (${version})" msg_info "Fetching GitHub tag: ${app} (${version})"
_download_source_tarball "$tarball_url" "$tmpdir/$filename" || { download_file "$tarball_url" "$tmpdir/$filename" || {
msg_error "Download failed: $tarball_url" msg_error "Download failed: $tarball_url"
rm -rf "$tmpdir"
return 7 return 7
} }
_deploy_source_tarball "$tmpdir/$filename" "$target" "$tmpdir" || return 251 mkdir -p "$target"
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
rm -rf "${target:?}/"*
fi
tar --no-same-owner -xzf "$tmpdir/$filename" -C "$tmpdir" || {
msg_error "Failed to extract tarball"
rm -rf "$tmpdir"
return 251
}
local unpack_dir
unpack_dir=$(find "$tmpdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
shopt -s dotglob nullglob
cp -r "$unpack_dir"/* "$target/"
shopt -u dotglob nullglob
rm -rf "$tmpdir"
echo "$version" >"$version_file" echo "$version" >"$version_file"
msg_ok "Deployed ${app} ${version} to ${target}" msg_ok "Deployed ${app} ${version} to ${target}"
return 0 return 0
@@ -2852,18 +2725,35 @@ fetch_and_deploy_gl_tag() {
local tmpdir local tmpdir
tmpdir=$(mktemp -d) || return 1 tmpdir=$(mktemp -d) || return 1
trap 'rm -rf "$tmpdir"' RETURN
local filename="${app_lc}-${version_safe}.tar.gz" local filename="${app_lc}-${version_safe}.tar.gz"
msg_info "Fetching GitLab tag: ${app} (${resolved_tag})" msg_info "Fetching GitLab tag: ${app} (${resolved_tag})"
_download_source_tarball "$tarball_url" "$tmpdir/$filename" "${header[@]}" || { curl $download_timeout -fsSL "${header[@]}" -o "$tmpdir/$filename" "$tarball_url" || {
msg_error "Download failed: $tarball_url" msg_error "Download failed: $tarball_url"
rm -rf "$tmpdir"
return 7 return 7
} }
_deploy_source_tarball "$tmpdir/$filename" "$target" "$tmpdir" || return 251 mkdir -p "$target"
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
rm -rf "${target:?}/"*
fi
tar --no-same-owner -xzf "$tmpdir/$filename" -C "$tmpdir" || {
msg_error "Failed to extract tarball"
rm -rf "$tmpdir"
return 251
}
local unpack_dir
unpack_dir=$(find "$tmpdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
shopt -s dotglob nullglob
cp -r "$unpack_dir"/* "$target/"
shopt -u dotglob nullglob
rm -rf "$tmpdir"
echo "$resolved_tag" >"$version_file" echo "$resolved_tag" >"$version_file"
msg_ok "Deployed ${app} ${resolved_tag} to ${target}" msg_ok "Deployed ${app} ${resolved_tag} to ${target}"
return 0 return 0
@@ -3560,7 +3450,6 @@ fetch_and_deploy_codeberg_release() {
local tmpdir local tmpdir
tmpdir=$(mktemp -d) || return 252 tmpdir=$(mktemp -d) || return 252
trap 'rm -rf "$tmpdir"' RETURN
msg_info "Fetching Codeberg tag: $app ($tag_name)" msg_info "Fetching Codeberg tag: $app ($tag_name)"
@@ -3571,19 +3460,37 @@ fetch_and_deploy_codeberg_release() {
# Codeberg archive URL format: https://codeberg.org/{owner}/{repo}/archive/{tag}.tar.gz # Codeberg archive URL format: https://codeberg.org/{owner}/{repo}/archive/{tag}.tar.gz
local archive_url="https://codeberg.org/$repo/archive/${tag_name}.tar.gz" local archive_url="https://codeberg.org/$repo/archive/${tag_name}.tar.gz"
if _download_source_tarball "$archive_url" "$tmpdir/$filename"; then if curl_download "$tmpdir/$filename" "$archive_url"; then
download_success=true download_success=true
fi fi
if [[ "$download_success" != "true" ]]; then if [[ "$download_success" != "true" ]]; then
msg_error "Download failed for $app ($tag_name)" msg_error "Download failed for $app ($tag_name)"
rm -rf "$tmpdir"
return 250 return 250
fi fi
_deploy_source_tarball "$tmpdir/$filename" "$target" "$tmpdir" || return 251 mkdir -p "$target"
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
rm -rf "${target:?}/"*
fi
tar --no-same-owner -xzf "$tmpdir/$filename" -C "$tmpdir" || {
msg_error "Failed to extract tarball"
rm -rf "$tmpdir"
return 251
}
local unpack_dir
unpack_dir=$(find "$tmpdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
shopt -s dotglob nullglob
cp -r "$unpack_dir"/* "$target/"
shopt -u dotglob nullglob
echo "$version" >"$version_file" echo "$version" >"$version_file"
msg_ok "Deployed: $app ($version)" msg_ok "Deployed: $app ($version)"
rm -rf "$tmpdir"
return 0 return 0
fi fi
@@ -3602,7 +3509,7 @@ fetch_and_deploy_codeberg_release() {
local codeberg_rel_json local codeberg_rel_json
codeberg_rel_json=$(mktemp /tmp/tools-codeberg-rel-XXXXXX) || return 73 codeberg_rel_json=$(mktemp /tmp/tools-codeberg-rel-XXXXXX) || return 73
trap 'rm -f "$codeberg_rel_json"; rm -rf "${tmpdir:-}" "${unpack_tmp:-}"' RETURN trap 'rm -f "$codeberg_rel_json"' RETURN
local attempt=0 success=false resp http_code local attempt=0 success=false resp http_code
@@ -3656,16 +3563,32 @@ fetch_and_deploy_codeberg_release() {
# Codeberg archive URL format # Codeberg archive URL format
local archive_url="https://codeberg.org/$repo/archive/${tag_name}.tar.gz" local archive_url="https://codeberg.org/$repo/archive/${tag_name}.tar.gz"
if _download_source_tarball "$archive_url" "$tmpdir/$filename"; then if curl_download "$tmpdir/$filename" "$archive_url"; then
download_success=true download_success=true
fi fi
if [[ "$download_success" != "true" ]]; then if [[ "$download_success" != "true" ]]; then
msg_error "Download failed for $app ($tag_name)" msg_error "Download failed for $app ($tag_name)"
rm -rf "$tmpdir"
return 250 return 250
fi fi
_deploy_source_tarball "$tmpdir/$filename" "$target" "$tmpdir" || return 251 mkdir -p "$target"
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
rm -rf "${target:?}/"*
fi
tar --no-same-owner -xzf "$tmpdir/$filename" -C "$tmpdir" || {
msg_error "Failed to extract tarball"
rm -rf "$tmpdir"
return 251
}
local unpack_dir
unpack_dir=$(find "$tmpdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
shopt -s dotglob nullglob
cp -r "$unpack_dir"/* "$target/"
shopt -u dotglob nullglob
### Binary Mode ### ### Binary Mode ###
elif [[ "$mode" == "binary" ]]; then elif [[ "$mode" == "binary" ]]; then
@@ -3713,12 +3636,14 @@ fetch_and_deploy_codeberg_release() {
if [[ -z "$url_match" ]]; then if [[ -z "$url_match" ]]; then
msg_error "No suitable .deb asset found for $app" msg_error "No suitable .deb asset found for $app"
rm -rf "$tmpdir"
return 252 return 252
fi fi
filename="${url_match##*/}" filename="${url_match##*/}"
curl_download "$tmpdir/$filename" "$url_match" || { curl_download "$tmpdir/$filename" "$url_match" || {
msg_error "Download failed: $url_match" msg_error "Download failed: $url_match"
rm -rf "$tmpdir"
return 250 return 250
} }
@@ -3726,6 +3651,7 @@ fetch_and_deploy_codeberg_release() {
$STD apt install -y "$tmpdir/$filename" || { $STD apt install -y "$tmpdir/$filename" || {
$STD dpkg -i "$tmpdir/$filename" || { $STD dpkg -i "$tmpdir/$filename" || {
_diagnose_deb_failure "$tmpdir/$filename" _diagnose_deb_failure "$tmpdir/$filename"
rm -rf "$tmpdir"
return 100 return 100
} }
} }
@@ -3736,6 +3662,7 @@ fetch_and_deploy_codeberg_release() {
pattern="${pattern#\"}" pattern="${pattern#\"}"
[[ -z "$pattern" ]] && { [[ -z "$pattern" ]] && {
msg_error "Mode 'prebuild' requires 6th parameter (asset filename pattern)" msg_error "Mode 'prebuild' requires 6th parameter (asset filename pattern)"
rm -rf "$tmpdir"
return 65 return 65
} }
@@ -3752,18 +3679,77 @@ fetch_and_deploy_codeberg_release() {
[[ -z "$asset_url" ]] && { [[ -z "$asset_url" ]] && {
msg_error "No asset matching '$pattern' found" msg_error "No asset matching '$pattern' found"
rm -rf "$tmpdir"
return 252 return 252
} }
filename="${asset_url##*/}" filename="${asset_url##*/}"
curl_download "$tmpdir/$filename" "$asset_url" || { curl_download "$tmpdir/$filename" "$asset_url" || {
msg_error "Download failed: $asset_url" msg_error "Download failed: $asset_url"
rm -rf "$tmpdir"
return 250 return 250
} }
local unpack_tmp local unpack_tmp
unpack_tmp=$(mktemp -d) unpack_tmp=$(mktemp -d)
_deploy_unpacked_archive "$tmpdir/$filename" "$target" "$unpack_tmp" || return mkdir -p "$target"
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
rm -rf "${target:?}/"*
fi
if [[ "$filename" == *.zip ]]; then
ensure_dependencies unzip
unzip -q "$tmpdir/$filename" -d "$unpack_tmp" || {
msg_error "Failed to extract ZIP archive"
rm -rf "$tmpdir" "$unpack_tmp"
return 251
}
elif [[ "$filename" == *.tar.* || "$filename" == *.tgz ]]; then
tar --no-same-owner -xf "$tmpdir/$filename" -C "$unpack_tmp" || {
msg_error "Failed to extract TAR archive"
rm -rf "$tmpdir" "$unpack_tmp"
return 251
}
else
msg_error "Unsupported archive format: $filename"
rm -rf "$tmpdir" "$unpack_tmp"
return 251
fi
local top_dirs
top_dirs=$(find "$unpack_tmp" -mindepth 1 -maxdepth 1 -type d | wc -l)
local top_entries inner_dir
top_entries=$(find "$unpack_tmp" -mindepth 1 -maxdepth 1)
if [[ "$(echo "$top_entries" | wc -l)" -eq 1 && -d "$top_entries" ]]; then
inner_dir="$top_entries"
shopt -s dotglob nullglob
if compgen -G "$inner_dir/*" >/dev/null; then
cp -r "$inner_dir"/* "$target/" || {
msg_error "Failed to copy contents from $inner_dir to $target"
rm -rf "$tmpdir" "$unpack_tmp"
return 252
}
else
msg_error "Inner directory is empty: $inner_dir"
rm -rf "$tmpdir" "$unpack_tmp"
return 252
fi
shopt -u dotglob nullglob
else
shopt -s dotglob nullglob
if compgen -G "$unpack_tmp/*" >/dev/null; then
cp -r "$unpack_tmp"/* "$target/" || {
msg_error "Failed to copy contents to $target"
rm -rf "$tmpdir" "$unpack_tmp"
return 252
}
else
msg_error "Unpacked archive is empty"
rm -rf "$tmpdir" "$unpack_tmp"
return 252
fi
shopt -u dotglob nullglob
fi
### Singlefile Mode ### ### Singlefile Mode ###
elif [[ "$mode" == "singlefile" ]]; then elif [[ "$mode" == "singlefile" ]]; then
@@ -3771,6 +3757,7 @@ fetch_and_deploy_codeberg_release() {
pattern="${pattern#\"}" pattern="${pattern#\"}"
[[ -z "$pattern" ]] && { [[ -z "$pattern" ]] && {
msg_error "Mode 'singlefile' requires 6th parameter (asset filename pattern)" msg_error "Mode 'singlefile' requires 6th parameter (asset filename pattern)"
rm -rf "$tmpdir"
return 65 return 65
} }
@@ -3787,6 +3774,7 @@ fetch_and_deploy_codeberg_release() {
[[ -z "$asset_url" ]] && { [[ -z "$asset_url" ]] && {
msg_error "No asset matching '$pattern' found" msg_error "No asset matching '$pattern' found"
rm -rf "$tmpdir"
return 252 return 252
} }
@@ -3799,6 +3787,7 @@ fetch_and_deploy_codeberg_release() {
curl_download "$target/$target_file" "$asset_url" || { curl_download "$target/$target_file" "$asset_url" || {
msg_error "Download failed: $asset_url" msg_error "Download failed: $asset_url"
rm -rf "$tmpdir"
return 250 return 250
} }
@@ -3808,11 +3797,13 @@ fetch_and_deploy_codeberg_release() {
else else
msg_error "Unknown mode: $mode" msg_error "Unknown mode: $mode"
rm -rf "$tmpdir"
return 65 return 65
fi fi
echo "$version" >"$version_file" echo "$version" >"$version_file"
msg_ok "Deployed: $app ($version)" msg_ok "Deployed: $app ($version)"
rm -rf "$tmpdir"
} }
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@@ -4099,7 +4090,6 @@ fetch_and_deploy_gh_release() {
local tmpdir local tmpdir
tmpdir=$(mktemp -d) || return 1 tmpdir=$(mktemp -d) || return 1
trap 'rm -rf "$tmpdir" "${unpack_tmp:-}"' RETURN
local filename="" url="" local filename="" url=""
msg_info "Fetching GitHub release: $app ($version)" msg_info "Fetching GitHub release: $app ($version)"
@@ -4114,12 +4104,28 @@ fetch_and_deploy_gh_release() {
local direct_tarball_url="https://github.com/$repo/archive/refs/tags/$tag_name.tar.gz" local direct_tarball_url="https://github.com/$repo/archive/refs/tags/$tag_name.tar.gz"
filename="${app_lc}-${version_safe}.tar.gz" filename="${app_lc}-${version_safe}.tar.gz"
_download_source_tarball "$direct_tarball_url" "$tmpdir/$filename" || { curl_download "$tmpdir/$filename" "$direct_tarball_url" || {
msg_error "Download failed: $direct_tarball_url" msg_error "Download failed: $direct_tarball_url"
rm -rf "$tmpdir"
return 250 return 250
} }
_deploy_source_tarball "$tmpdir/$filename" "$target" "$tmpdir" || return 251 mkdir -p "$target"
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
rm -rf "${target:?}/"*
fi
tar --no-same-owner -xzf "$tmpdir/$filename" -C "$tmpdir" || {
msg_error "Failed to extract tarball"
rm -rf "$tmpdir"
return 251
}
local unpack_dir
unpack_dir=$(find "$tmpdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
shopt -s dotglob nullglob
cp -r "$unpack_dir"/* "$target/"
shopt -u dotglob nullglob
### Binary Mode ### ### Binary Mode ###
elif [[ "$mode" == "binary" ]]; then elif [[ "$mode" == "binary" ]]; then
@@ -4204,12 +4210,14 @@ fetch_and_deploy_gh_release() {
if [[ -z "$url_match" ]]; then if [[ -z "$url_match" ]]; then
msg_error "No suitable .deb asset found for $app" msg_error "No suitable .deb asset found for $app"
rm -rf "$tmpdir"
return 252 return 252
fi fi
filename="${url_match##*/}" filename="${url_match##*/}"
curl_download "$tmpdir/$filename" "$url_match" || { curl_download "$tmpdir/$filename" "$url_match" || {
msg_error "Download failed: $url_match" msg_error "Download failed: $url_match"
rm -rf "$tmpdir"
return 250 return 250
} }
@@ -4222,6 +4230,7 @@ fetch_and_deploy_gh_release() {
DEBIAN_FRONTEND=noninteractive SYSTEMD_OFFLINE=1 $STD apt install -y $dpkg_opts "$tmpdir/$filename" || { DEBIAN_FRONTEND=noninteractive SYSTEMD_OFFLINE=1 $STD apt install -y $dpkg_opts "$tmpdir/$filename" || {
SYSTEMD_OFFLINE=1 $STD dpkg -i "$tmpdir/$filename" || { SYSTEMD_OFFLINE=1 $STD dpkg -i "$tmpdir/$filename" || {
_diagnose_deb_failure "$tmpdir/$filename" _diagnose_deb_failure "$tmpdir/$filename"
rm -rf "$tmpdir"
return 100 return 100
} }
} }
@@ -4232,6 +4241,7 @@ fetch_and_deploy_gh_release() {
pattern="${pattern#\"}" pattern="${pattern#\"}"
[[ -z "$pattern" ]] && { [[ -z "$pattern" ]] && {
msg_error "Mode 'prebuild' requires 6th parameter (asset filename pattern)" msg_error "Mode 'prebuild' requires 6th parameter (asset filename pattern)"
rm -rf "$tmpdir"
return 65 return 65
} }
@@ -4267,18 +4277,79 @@ fetch_and_deploy_gh_release() {
[[ -z "$asset_url" ]] && { [[ -z "$asset_url" ]] && {
msg_error "No asset matching '$pattern' found" msg_error "No asset matching '$pattern' found"
rm -rf "$tmpdir"
return 252 return 252
} }
filename="${asset_url##*/}" filename="${asset_url##*/}"
curl_download "$tmpdir/$filename" "$asset_url" || { curl_download "$tmpdir/$filename" "$asset_url" || {
msg_error "Download failed: $asset_url" msg_error "Download failed: $asset_url"
rm -rf "$tmpdir"
return 250 return 250
} }
local unpack_tmp local unpack_tmp
unpack_tmp=$(mktemp -d) unpack_tmp=$(mktemp -d)
_deploy_unpacked_archive "$tmpdir/$filename" "$target" "$unpack_tmp" || return mkdir -p "$target"
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
rm -rf "${target:?}/"*
fi
if [[ "$filename" == *.zip ]]; then
ensure_dependencies unzip
unzip -q "$tmpdir/$filename" -d "$unpack_tmp" || {
msg_error "Failed to extract ZIP archive"
rm -rf "$tmpdir" "$unpack_tmp"
return 251
}
elif [[ "$filename" == *.tar.* || "$filename" == *.tgz || "$filename" == *.txz ]]; then
tar --no-same-owner -xf "$tmpdir/$filename" -C "$unpack_tmp" || {
msg_error "Failed to extract TAR archive"
rm -rf "$tmpdir" "$unpack_tmp"
return 251
}
else
msg_error "Unsupported archive format: $filename"
rm -rf "$tmpdir" "$unpack_tmp"
return 65
fi
local top_dirs
top_dirs=$(find "$unpack_tmp" -mindepth 1 -maxdepth 1 -type d | wc -l)
local top_entries inner_dir
top_entries=$(find "$unpack_tmp" -mindepth 1 -maxdepth 1)
if [[ "$(echo "$top_entries" | wc -l)" -eq 1 && -d "$top_entries" ]]; then
# Strip leading folder
inner_dir="$top_entries"
shopt -s dotglob nullglob
if compgen -G "$inner_dir/*" >/dev/null; then
cp -r "$inner_dir"/* "$target/" || {
msg_error "Failed to copy contents from $inner_dir to $target"
rm -rf "$tmpdir" "$unpack_tmp"
return 252
}
else
msg_error "Inner directory is empty: $inner_dir"
rm -rf "$tmpdir" "$unpack_tmp"
return 252
fi
shopt -u dotglob nullglob
else
# Copy all contents
shopt -s dotglob nullglob
if compgen -G "$unpack_tmp/*" >/dev/null; then
cp -r "$unpack_tmp"/* "$target/" || {
msg_error "Failed to copy contents to $target"
rm -rf "$tmpdir" "$unpack_tmp"
return 252
}
else
msg_error "Unpacked archive is empty"
rm -rf "$tmpdir" "$unpack_tmp"
return 252
fi
shopt -u dotglob nullglob
fi
### Singlefile Mode ### ### Singlefile Mode ###
elif [[ "$mode" == "singlefile" ]]; then elif [[ "$mode" == "singlefile" ]]; then
@@ -4286,6 +4357,7 @@ fetch_and_deploy_gh_release() {
pattern="${pattern#\"}" pattern="${pattern#\"}"
[[ -z "$pattern" ]] && { [[ -z "$pattern" ]] && {
msg_error "Mode 'singlefile' requires 6th parameter (asset filename pattern)" msg_error "Mode 'singlefile' requires 6th parameter (asset filename pattern)"
rm -rf "$tmpdir"
return 65 return 65
} }
@@ -4320,6 +4392,7 @@ fetch_and_deploy_gh_release() {
fi fi
[[ -z "$asset_url" ]] && { [[ -z "$asset_url" ]] && {
msg_error "No asset matching '$pattern' found" msg_error "No asset matching '$pattern' found"
rm -rf "$tmpdir"
return 252 return 252
} }
@@ -4332,6 +4405,7 @@ fetch_and_deploy_gh_release() {
curl_download "$target/$target_file" "$asset_url" || { curl_download "$target/$target_file" "$asset_url" || {
msg_error "Download failed: $asset_url" msg_error "Download failed: $asset_url"
rm -rf "$tmpdir"
return 250 return 250
} }
@@ -4341,11 +4415,13 @@ fetch_and_deploy_gh_release() {
else else
msg_error "Unknown mode: $mode" msg_error "Unknown mode: $mode"
rm -rf "$tmpdir"
return 65 return 65
fi fi
echo "$version" >"$version_file" echo "$version" >"$version_file"
msg_ok "Deployed: $app ($version)" msg_ok "Deployed: $app ($version)"
rm -rf "$tmpdir"
} }
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@@ -7081,7 +7157,7 @@ setup_meilisearch() {
MEILI_DB_PATH="${MEILI_DB_PATH:-/var/lib/meilisearch/data}" MEILI_DB_PATH="${MEILI_DB_PATH:-/var/lib/meilisearch/data}"
msg_info "Removing old MeiliSearch database for migration" msg_info "Removing old MeiliSearch database for migration"
find "${MEILI_DB_PATH:?}" -mindepth 1 -delete rm -rf "${MEILI_DB_PATH:?}"/*
# Import dump using CLI flag (this is the supported method) # Import dump using CLI flag (this is the supported method)
local DUMP_FILE="${MEILI_DUMP_DIR}/${DUMP_UID}.dump" local DUMP_FILE="${MEILI_DUMP_DIR}/${DUMP_UID}.dump"
@@ -8637,11 +8713,6 @@ setup_ruby() {
local BASHRC_FILE="$HOME/.bashrc" local BASHRC_FILE="$HOME/.bashrc"
local TMP_DIR=$(mktemp -d) local TMP_DIR=$(mktemp -d)
# Ensure HOME exists: callers may pass a not-yet-created home (e.g. a service
# user that is created later in the install), so the profile writes below do
# not fail on a missing directory.
mkdir -p "$HOME"
if ! grep -q 'rbenv init' "$PROFILE_FILE" 2>/dev/null; then if ! grep -q 'rbenv init' "$PROFILE_FILE" 2>/dev/null; then
cat <<'EOF' >>"$PROFILE_FILE" cat <<'EOF' >>"$PROFILE_FILE"
export PATH="$HOME/.rbenv/bin:$PATH" export PATH="$HOME/.rbenv/bin:$PATH"
@@ -9060,16 +9131,6 @@ setup_uv() {
msg_ok "uvx wrapper installed" msg_ok "uvx wrapper installed"
fi fi
# Install specific Python version if requested (even when uv is already up to date)
if [[ -n "${PYTHON_VERSION:-}" ]]; then
msg_info "Installing Python $PYTHON_VERSION via uv"
$STD uv python install "$PYTHON_VERSION" || {
msg_error "Failed to install Python $PYTHON_VERSION"
return 150
}
msg_ok "Python $PYTHON_VERSION installed"
fi
return 0 return 0
fi fi
@@ -9272,10 +9333,10 @@ fetch_and_deploy_from_url() {
msg_error "Failed to create temporary directory" msg_error "Failed to create temporary directory"
return 252 return 252
} }
trap 'rm -rf "$tmpdir" "${unpack_tmp:-}"' RETURN
curl -fsSL -o "$tmpdir/$filename" "$url" || { curl -fsSL -o "$tmpdir/$filename" "$url" || {
msg_error "Download failed: $url" msg_error "Download failed: $url"
rm -rf "$tmpdir"
return 250 return 250
} }
@@ -9295,6 +9356,7 @@ fetch_and_deploy_from_url() {
archive_type="tar" archive_type="tar"
else else
msg_error "Unsupported or unknown archive type: $file_desc" msg_error "Unsupported or unknown archive type: $file_desc"
rm -rf "$tmpdir"
return 65 return 65
fi fi
@@ -9307,16 +9369,19 @@ fetch_and_deploy_from_url() {
$STD apt install -y "$tmpdir/$filename" || { $STD apt install -y "$tmpdir/$filename" || {
$STD dpkg -i "$tmpdir/$filename" || { $STD dpkg -i "$tmpdir/$filename" || {
_diagnose_deb_failure "$tmpdir/$filename" _diagnose_deb_failure "$tmpdir/$filename"
rm -rf "$tmpdir"
return 100 return 100
} }
} }
rm -rf "$tmpdir"
msg_ok "Successfully installed .deb package" msg_ok "Successfully installed .deb package"
return 0 return 0
fi fi
if [[ -z "$directory" ]]; then if [[ -z "$directory" ]]; then
msg_error "Directory parameter is required for archive extraction" msg_error "Directory parameter is required for archive extraction"
rm -rf "$tmpdir"
return 65 return 65
fi fi
@@ -9325,7 +9390,7 @@ fetch_and_deploy_from_url() {
mkdir -p "$directory" mkdir -p "$directory"
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
find "${directory:?}" -mindepth 1 -delete rm -rf "${directory:?}/"*
fi fi
local unpack_tmp local unpack_tmp
@@ -9335,11 +9400,13 @@ fetch_and_deploy_from_url() {
ensure_dependencies unzip ensure_dependencies unzip
unzip -q "$tmpdir/$filename" -d "$unpack_tmp" || { unzip -q "$tmpdir/$filename" -d "$unpack_tmp" || {
msg_error "Failed to extract ZIP archive" msg_error "Failed to extract ZIP archive"
rm -rf "$tmpdir" "$unpack_tmp"
return 251 return 251
} }
elif [[ "$archive_type" == "tar" ]]; then elif [[ "$archive_type" == "tar" ]]; then
tar --no-same-owner -xf "$tmpdir/$filename" -C "$unpack_tmp" || { tar --no-same-owner -xf "$tmpdir/$filename" -C "$unpack_tmp" || {
msg_error "Failed to extract TAR archive" msg_error "Failed to extract TAR archive"
rm -rf "$tmpdir" "$unpack_tmp"
return 251 return 251
} }
fi fi
@@ -9353,12 +9420,12 @@ fetch_and_deploy_from_url() {
if compgen -G "$inner_dir/*" >/dev/null; then if compgen -G "$inner_dir/*" >/dev/null; then
cp -r "$inner_dir"/* "$directory/" || { cp -r "$inner_dir"/* "$directory/" || {
msg_error "Failed to copy contents from $inner_dir to $directory" msg_error "Failed to copy contents from $inner_dir to $directory"
shopt -u dotglob nullglob rm -rf "$tmpdir" "$unpack_tmp"
return 252 return 252
} }
else else
msg_error "Inner directory is empty: $inner_dir" msg_error "Inner directory is empty: $inner_dir"
shopt -u dotglob nullglob rm -rf "$tmpdir" "$unpack_tmp"
return 252 return 252
fi fi
shopt -u dotglob nullglob shopt -u dotglob nullglob
@@ -9367,17 +9434,18 @@ fetch_and_deploy_from_url() {
if compgen -G "$unpack_tmp/*" >/dev/null; then if compgen -G "$unpack_tmp/*" >/dev/null; then
cp -r "$unpack_tmp"/* "$directory/" || { cp -r "$unpack_tmp"/* "$directory/" || {
msg_error "Failed to copy contents to $directory" msg_error "Failed to copy contents to $directory"
shopt -u dotglob nullglob rm -rf "$tmpdir" "$unpack_tmp"
return 252 return 252
} }
else else
msg_error "Unpacked archive is empty" msg_error "Unpacked archive is empty"
shopt -u dotglob nullglob rm -rf "$tmpdir" "$unpack_tmp"
return 252 return 252
fi fi
shopt -u dotglob nullglob shopt -u dotglob nullglob
fi fi
rm -rf "$tmpdir" "$unpack_tmp"
msg_ok "Successfully deployed archive to $directory" msg_ok "Successfully deployed archive to $directory"
return 0 return 0
} }
@@ -9778,7 +9846,7 @@ fetch_and_deploy_gl_release() {
local gl_rel_json local gl_rel_json
gl_rel_json=$(mktemp /tmp/tools-gl-rel-XXXXXX) || return 73 gl_rel_json=$(mktemp /tmp/tools-gl-rel-XXXXXX) || return 73
trap 'rm -f "$gl_rel_json"; rm -rf "${tmpdir:-}" "${unpack_tmp:-}"' RETURN trap 'rm -f "$gl_rel_json"' RETURN
local repo_encoded local repo_encoded
repo_encoded=$(printf '%s' "$repo" | sed 's|/|%2F|g') repo_encoded=$(printf '%s' "$repo" | sed 's|/|%2F|g')
@@ -9890,12 +9958,28 @@ fetch_and_deploy_gl_release() {
local direct_tarball_url="https://gitlab.com/$repo/-/archive/$tag_name/${app_lc}-${version_safe}.tar.gz" local direct_tarball_url="https://gitlab.com/$repo/-/archive/$tag_name/${app_lc}-${version_safe}.tar.gz"
filename="${app_lc}-${version_safe}.tar.gz" filename="${app_lc}-${version_safe}.tar.gz"
_download_source_tarball "$direct_tarball_url" "$tmpdir/$filename" "${header[@]}" || { curl $download_timeout -fsSL "${header[@]}" -o "$tmpdir/$filename" "$direct_tarball_url" || {
msg_error "Download failed: $direct_tarball_url" msg_error "Download failed: $direct_tarball_url"
rm -rf "$tmpdir"
return 1 return 1
} }
_deploy_source_tarball "$tmpdir/$filename" "$target" "$tmpdir" || return 1 mkdir -p "$target"
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
rm -rf "${target:?}/"*
fi
tar --no-same-owner -xzf "$tmpdir/$filename" -C "$tmpdir" || {
msg_error "Failed to extract tarball"
rm -rf "$tmpdir"
return 1
}
local unpack_dir
unpack_dir=$(find "$tmpdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
shopt -s dotglob nullglob
cp -r "$unpack_dir"/* "$target/"
shopt -u dotglob nullglob
### Binary Mode ### ### Binary Mode ###
elif [[ "$mode" == "binary" ]]; then elif [[ "$mode" == "binary" ]]; then
@@ -9965,12 +10049,14 @@ fetch_and_deploy_gl_release() {
if [[ -z "$url_match" ]]; then if [[ -z "$url_match" ]]; then
msg_error "No suitable .deb asset found for $app" msg_error "No suitable .deb asset found for $app"
rm -rf "$tmpdir"
return 1 return 1
fi fi
filename="${url_match##*/}" filename="${url_match##*/}"
curl $download_timeout -fsSL "${header[@]}" -o "$tmpdir/$filename" "$url_match" || { curl $download_timeout -fsSL "${header[@]}" -o "$tmpdir/$filename" "$url_match" || {
msg_error "Download failed: $url_match" msg_error "Download failed: $url_match"
rm -rf "$tmpdir"
return 1 return 1
} }
@@ -9981,6 +10067,7 @@ fetch_and_deploy_gl_release() {
DEBIAN_FRONTEND=noninteractive SYSTEMD_OFFLINE=1 $STD apt install -y $dpkg_opts "$tmpdir/$filename" || { DEBIAN_FRONTEND=noninteractive SYSTEMD_OFFLINE=1 $STD apt install -y $dpkg_opts "$tmpdir/$filename" || {
SYSTEMD_OFFLINE=1 $STD dpkg -i "$tmpdir/$filename" || { SYSTEMD_OFFLINE=1 $STD dpkg -i "$tmpdir/$filename" || {
_diagnose_deb_failure "$tmpdir/$filename" _diagnose_deb_failure "$tmpdir/$filename"
rm -rf "$tmpdir"
return 1 return 1
} }
} }
@@ -9991,6 +10078,7 @@ fetch_and_deploy_gl_release() {
pattern="${pattern#\"}" pattern="${pattern#\"}"
[[ -z "$pattern" ]] && { [[ -z "$pattern" ]] && {
msg_error "Mode 'prebuild' requires 6th parameter (asset filename pattern)" msg_error "Mode 'prebuild' requires 6th parameter (asset filename pattern)"
rm -rf "$tmpdir"
return 1 return 1
} }
@@ -10025,18 +10113,75 @@ fetch_and_deploy_gl_release() {
[[ -z "$asset_url" ]] && { [[ -z "$asset_url" ]] && {
msg_error "No asset matching '$pattern' found" msg_error "No asset matching '$pattern' found"
rm -rf "$tmpdir"
return 1 return 1
} }
filename="${asset_url##*/}" filename="${asset_url##*/}"
curl $download_timeout -fsSL "${header[@]}" -o "$tmpdir/$filename" "$asset_url" || { curl $download_timeout -fsSL "${header[@]}" -o "$tmpdir/$filename" "$asset_url" || {
msg_error "Download failed: $asset_url" msg_error "Download failed: $asset_url"
rm -rf "$tmpdir"
return 1 return 1
} }
local unpack_tmp local unpack_tmp
unpack_tmp=$(mktemp -d) unpack_tmp=$(mktemp -d)
_deploy_unpacked_archive "$tmpdir/$filename" "$target" "$unpack_tmp" || return mkdir -p "$target"
if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
rm -rf "${target:?}/"*
fi
if [[ "$filename" == *.zip ]]; then
ensure_dependencies unzip
unzip -q "$tmpdir/$filename" -d "$unpack_tmp" || {
msg_error "Failed to extract ZIP archive"
rm -rf "$tmpdir" "$unpack_tmp"
return 1
}
elif [[ "$filename" == *.tar.* || "$filename" == *.tgz || "$filename" == *.txz ]]; then
tar --no-same-owner -xf "$tmpdir/$filename" -C "$unpack_tmp" || {
msg_error "Failed to extract TAR archive"
rm -rf "$tmpdir" "$unpack_tmp"
return 1
}
else
msg_error "Unsupported archive format: $filename"
rm -rf "$tmpdir" "$unpack_tmp"
return 1
fi
local top_entries inner_dir
top_entries=$(find "$unpack_tmp" -mindepth 1 -maxdepth 1)
if [[ "$(echo "$top_entries" | wc -l)" -eq 1 && -d "$top_entries" ]]; then
inner_dir="$top_entries"
shopt -s dotglob nullglob
if compgen -G "$inner_dir/*" >/dev/null; then
cp -r "$inner_dir"/* "$target/" || {
msg_error "Failed to copy contents from $inner_dir to $target"
rm -rf "$tmpdir" "$unpack_tmp"
return 1
}
else
msg_error "Inner directory is empty: $inner_dir"
rm -rf "$tmpdir" "$unpack_tmp"
return 1
fi
shopt -u dotglob nullglob
else
shopt -s dotglob nullglob
if compgen -G "$unpack_tmp/*" >/dev/null; then
cp -r "$unpack_tmp"/* "$target/" || {
msg_error "Failed to copy contents to $target"
rm -rf "$tmpdir" "$unpack_tmp"
return 1
}
else
msg_error "Unpacked archive is empty"
rm -rf "$tmpdir" "$unpack_tmp"
return 1
fi
shopt -u dotglob nullglob
fi
### Singlefile Mode ### ### Singlefile Mode ###
elif [[ "$mode" == "singlefile" ]]; then elif [[ "$mode" == "singlefile" ]]; then
@@ -10044,6 +10189,7 @@ fetch_and_deploy_gl_release() {
pattern="${pattern#\"}" pattern="${pattern#\"}"
[[ -z "$pattern" ]] && { [[ -z "$pattern" ]] && {
msg_error "Mode 'singlefile' requires 6th parameter (asset filename pattern)" msg_error "Mode 'singlefile' requires 6th parameter (asset filename pattern)"
rm -rf "$tmpdir"
return 1 return 1
} }
@@ -10078,6 +10224,7 @@ fetch_and_deploy_gl_release() {
[[ -z "$asset_url" ]] && { [[ -z "$asset_url" ]] && {
msg_error "No asset matching '$pattern' found" msg_error "No asset matching '$pattern' found"
rm -rf "$tmpdir"
return 1 return 1
} }
@@ -10090,6 +10237,7 @@ fetch_and_deploy_gl_release() {
curl $download_timeout -fsSL "${header[@]}" -o "$target/$target_file" "$asset_url" || { curl $download_timeout -fsSL "${header[@]}" -o "$target/$target_file" "$asset_url" || {
msg_error "Download failed: $asset_url" msg_error "Download failed: $asset_url"
rm -rf "$tmpdir"
return 1 return 1
} }
@@ -10099,11 +10247,13 @@ fetch_and_deploy_gl_release() {
else else
msg_error "Unknown mode: $mode" msg_error "Unknown mode: $mode"
rm -rf "$tmpdir"
return 1 return 1
fi fi
echo "$version" >"$version_file" echo "$version" >"$version_file"
msg_ok "Deployed: $app ($version)" msg_ok "Deployed: $app ($version)"
rm -rf "$tmpdir"
} }
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
+2 -9
View File
@@ -116,9 +116,6 @@ add() {
# Add container IDs to exclude from updates (comma-separated): # Add container IDs to exclude from updates (comma-separated):
# EXCLUDE=100,101,102 # EXCLUDE=100,101,102
EXCLUDE= EXCLUDE=
# Healthchecks.io Ping URL (optional)
# PING_URL=
CONF CONF
ok "Created config ${CONF_FILE}" ok "Created config ${CONF_FILE}"
fi fi
@@ -238,11 +235,9 @@ view_cron_config() {
fi fi
if [[ -f "$CONF_FILE" ]]; then if [[ -f "$CONF_FILE" ]]; then
echo -e " \e[36mConfig file:\e[0m ${CONF_FILE}" echo -e " \e[36mConfig file:\e[0m ${CONF_FILE}"
local excludes ping_url local excludes
excludes=$(grep -oP '^\s*EXCLUDE\s*=\s*\K.*' "$CONF_FILE" 2>/dev/null || true) excludes=$(grep -oP '^\s*EXCLUDE\s*=\s*\K.*' "$CONF_FILE" 2>/dev/null || true)
ping_url=$(grep -oP '^\s*PING_URL\s*=\s*\K.*' "$CONF_FILE" 2>/dev/null | tr -d '"' | tr -d "'" || true)
echo -e " \e[36mExcluded:\e[0m ${excludes:-(none)}" echo -e " \e[36mExcluded:\e[0m ${excludes:-(none)}"
echo -e " \e[36mPing URL:\e[0m ${ping_url:-(none)}"
echo "" echo ""
echo -e " \e[90m--- ${CONF_FILE} ---\e[0m" echo -e " \e[90m--- ${CONF_FILE} ---\e[0m"
cat "$CONF_FILE" cat "$CONF_FILE"
@@ -289,11 +284,9 @@ show_status() {
fi fi
if [[ -f "$CONF_FILE" ]]; then if [[ -f "$CONF_FILE" ]]; then
local excludes ping_url local excludes
excludes=$(grep -oP '^\s*EXCLUDE\s*=\s*\K.*' "$CONF_FILE" 2>/dev/null || echo "(none)") excludes=$(grep -oP '^\s*EXCLUDE\s*=\s*\K.*' "$CONF_FILE" 2>/dev/null || echo "(none)")
ping_url=$(grep -oP '^\s*PING_URL\s*=\s*\K.*' "$CONF_FILE" 2>/dev/null | tr -d '"' | tr -d "'" || echo "(none)")
echo -e " \e[36mExcluded:\e[0m ${excludes:-"(none)"}" echo -e " \e[36mExcluded:\e[0m ${excludes:-"(none)"}"
echo -e " \e[36mPing URL:\e[0m ${ping_url:-"(none)"}"
fi fi
if [[ -f "$LOG_FILE" ]]; then if [[ -f "$LOG_FILE" ]]; then
+517
View File
@@ -0,0 +1,517 @@
#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: MickLesk (CanbiZ)
# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
set -eEuo pipefail
function header_info() {
clear
cat <<"EOF"
_____ __ ___ _________
/ ___// /_____ _________ _____ ____ / | / _/ __ \
\__ \/ __/ __ \/ ___/ __ `/ __ `/ _ \ / /| | / // / / /
___/ / /_/ /_/ / / / /_/ / /_/ / __/ / ___ |_/ // /_/ /
/____/\__/\____/_/ \__,_/\__, /\___/ /_/ |_/___/_____/
/____/
Proxmox Storage Allrounder
SMB | NFS | iSCSI | LVM-on-iSCSI | LXC Mountpoints | Host Shares
EOF
}
YW="\033[33m"
BL="\033[36m"
GN="\033[1;92m"
RD="\033[01;31m"
CL="\033[m"
msg_info() { echo -e "${BL}[INFO]${CL} ${YW}$1${CL}"; }
msg_ok() { echo -e "${GN}[OK]${CL} $1"; }
msg_warn() { echo -e "${YW}[WARN]${CL} $1"; }
msg_error() { echo -e "${RD}[ERROR]${CL} $1"; }
pause() {
read -r -p "Press Enter to continue..." _
}
require_root() {
if [[ $EUID -ne 0 ]]; then
msg_error "Run this script as root."
exit 1
fi
}
require_pve() {
if ! command -v pct >/dev/null 2>&1 || ! command -v pvesm >/dev/null 2>&1; then
msg_error "This script must run on a Proxmox VE host (pct/pvesm missing)."
exit 1
fi
}
ensure_packages() {
local packages=()
command -v whiptail >/dev/null 2>&1 || packages+=("whiptail")
command -v mount.cifs >/dev/null 2>&1 || packages+=("cifs-utils")
command -v showmount >/dev/null 2>&1 || packages+=("nfs-common")
command -v iscsiadm >/dev/null 2>&1 || packages+=("open-iscsi")
if [[ ${#packages[@]} -gt 0 ]]; then
msg_info "Installing required packages: ${packages[*]}"
apt update >/dev/null 2>&1
apt install -y "${packages[@]}" >/dev/null 2>&1
msg_ok "Dependencies installed"
fi
}
confirm_start() {
whiptail --backtitle "Proxmox VE Helper Scripts" --title "Storage Share Allrounder" \
--yesno "This AIO wizard can test and configure SMB/NFS/iSCSI, create/remove Proxmox storages, manage LXC mountpoints and optionally create host shares. Proceed?" 12 96
}
read_input() {
local title="$1"
local prompt="$2"
local default_value="${3:-}"
whiptail --backtitle "Proxmox VE Helper Scripts" --title "$title" \
--inputbox "$prompt" 11 84 "$default_value" 3>&1 1>&2 2>&3
}
read_password() {
local title="$1"
local prompt="$2"
whiptail --backtitle "Proxmox VE Helper Scripts" --title "$title" \
--passwordbox "$prompt" 11 84 3>&1 1>&2 2>&3
}
confirm_yes_no() {
local title="$1"
local prompt="$2"
whiptail --backtitle "Proxmox VE Helper Scripts" --title "$title" \
--yesno "$prompt" 11 84
}
manual_smb_test() {
header_info
local server share username password domain vers mount_dir mount_opts
server=$(read_input "SMB Test" "SMB server/IP (e.g. 10.0.1.9)") || return
share=$(read_input "SMB Test" "Share name (without leading //)" "Proxmox") || return
username=$(read_input "SMB Test" "Username" "proxmox") || return
password=$(read_password "SMB Test" "Password for ${username}") || return
domain=$(read_input "SMB Test" "Domain/Workgroup (optional, leave empty if not needed)") || return
vers=$(read_input "SMB Test" "SMB version (e.g. 3.0, 3.1.1)" "3.1.1") || return
mount_dir="/mnt/test-smb"
mkdir -p "$mount_dir"
mount_opts="username=${username},password=${password},vers=${vers},sec=ntlmssp"
if [[ -n "$domain" ]]; then
mount_opts+=";domain=${domain}"
fi
msg_info "Testing SMB mount on ${mount_dir}"
if mount -t cifs "//${server}/${share}" "$mount_dir" -o "${mount_opts//;/,}" >/dev/null 2>&1; then
touch "${mount_dir}/smb-test-$(date +%s)" >/dev/null 2>&1 || true
umount "$mount_dir" >/dev/null 2>&1 || true
msg_ok "SMB test successful"
else
msg_error "SMB test failed. Check network/firewall/credentials/share permissions."
fi
pause
}
manual_nfs_test() {
header_info
local server export_path mount_dir
server=$(read_input "NFS Test" "NFS server/IP (e.g. 10.0.6.159)") || return
export_path=$(read_input "NFS Test" "NFS export path (e.g. /srv/proxmox-nfs)") || return
mount_dir="/mnt/test-nfs"
mkdir -p "$mount_dir"
msg_info "Testing NFS mount on ${mount_dir}"
if mount -t nfs "${server}:${export_path}" "$mount_dir" >/dev/null 2>&1; then
touch "${mount_dir}/nfs-test-$(date +%s)" >/dev/null 2>&1 || true
umount "$mount_dir" >/dev/null 2>&1 || true
msg_ok "NFS test successful"
else
msg_error "NFS test failed. Check export/firewall/network permissions."
fi
pause
}
manual_iscsi_discovery() {
header_info
local portal
portal=$(read_input "iSCSI Discovery" "iSCSI portal IP/FQDN (e.g. 10.0.1.20)") || return
msg_info "Running iSCSI target discovery on ${portal}"
if iscsiadm -m discovery -t sendtargets -p "$portal"; then
msg_ok "iSCSI discovery completed"
else
msg_error "iSCSI discovery failed"
fi
pause
}
add_smb_storage() {
header_info
local storage_id server share username password content nodes options
storage_id=$(read_input "Add SMB/CIFS Storage" "Storage ID (unique, e.g. smb-media)") || return
server=$(read_input "Add SMB/CIFS Storage" "SMB server/IP") || return
share=$(read_input "Add SMB/CIFS Storage" "Share name (without //)") || return
username=$(read_input "Add SMB/CIFS Storage" "Username") || return
password=$(read_password "Add SMB/CIFS Storage" "Password for ${username}") || return
content=$(read_input "Add SMB/CIFS Storage" "Content types (comma separated)" "backup,iso,vztmpl,snippets") || return
nodes=$(read_input "Add SMB/CIFS Storage" "Nodes (optional, comma separated)") || return
options=$(read_input "Add SMB/CIFS Storage" "Mount options (optional, e.g. vers=3.1.1,domain=WORKGROUP)") || return
local cmd=(pvesm add cifs "$storage_id" --server "$server" --share "$share" --username "$username" --password "$password" --content "$content")
[[ -n "$nodes" ]] && cmd+=(--nodes "$nodes")
[[ -n "$options" ]] && cmd+=(--options "$options")
if "${cmd[@]}" >/dev/null 2>&1; then
msg_ok "SMB storage '${storage_id}' added"
else
msg_error "Failed to add SMB storage '${storage_id}'"
fi
pause
}
add_nfs_storage() {
header_info
local storage_id server export_path content nodes options
storage_id=$(read_input "Add NFS Storage" "Storage ID (unique, e.g. nfs-vmdata)") || return
server=$(read_input "Add NFS Storage" "NFS server/IP") || return
export_path=$(read_input "Add NFS Storage" "Export path") || return
content=$(read_input "Add NFS Storage" "Content types (comma separated)" "images,rootdir") || return
nodes=$(read_input "Add NFS Storage" "Nodes (optional, comma separated)") || return
options=$(read_input "Add NFS Storage" "Mount options (optional)") || return
local cmd=(pvesm add nfs "$storage_id" --server "$server" --export "$export_path" --content "$content")
[[ -n "$nodes" ]] && cmd+=(--nodes "$nodes")
[[ -n "$options" ]] && cmd+=(--options "$options")
if "${cmd[@]}" >/dev/null 2>&1; then
msg_ok "NFS storage '${storage_id}' added"
else
msg_error "Failed to add NFS storage '${storage_id}'"
fi
pause
}
add_iscsi_storage() {
header_info
local storage_id portal target nodes
storage_id=$(read_input "Add iSCSI Storage" "Storage ID (unique, e.g. iscsi-synology)") || return
portal=$(read_input "Add iSCSI Storage" "Portal IP/FQDN") || return
target=$(read_input "Add iSCSI Storage" "Target IQN (e.g. iqn.2000-01.com.synology:...)") || return
nodes=$(read_input "Add iSCSI Storage" "Nodes (optional, comma separated)") || return
local cmd=(pvesm add iscsi "$storage_id" --portal "$portal" --target "$target")
[[ -n "$nodes" ]] && cmd+=(--nodes "$nodes")
if "${cmd[@]}" >/dev/null 2>&1; then
msg_ok "iSCSI storage '${storage_id}' added"
else
msg_error "Failed to add iSCSI storage '${storage_id}'"
fi
pause
}
add_lvm_on_base_storage() {
header_info
local storage_id base_storage vgname content shared
storage_id=$(read_input "Add LVM Storage" "LVM Storage ID (unique, e.g. lvm-iscsi01)") || return
base_storage=$(read_input "Add LVM Storage" "Base storage ID (usually iSCSI storage ID)") || return
vgname=$(read_input "Add LVM Storage" "Volume Group name on target") || return
content=$(read_input "Add LVM Storage" "Content types (comma separated)" "images,rootdir") || return
shared=$(read_input "Add LVM Storage" "Shared across nodes? 1=yes, 0=no" "1") || return
local cmd=(pvesm add lvm "$storage_id" --base "$base_storage" --vgname "$vgname" --content "$content" --shared "$shared")
if "${cmd[@]}" >/dev/null 2>&1; then
msg_ok "LVM storage '${storage_id}' added"
else
msg_error "Failed to add LVM storage '${storage_id}'"
fi
pause
}
remove_storage() {
header_info
local storage_id
storage_id=$(read_input "Remove Storage" "Storage ID to remove") || return
confirm_yes_no "Remove Storage" "Really remove storage '${storage_id}' from Proxmox config?" || return
if pvesm remove "$storage_id" >/dev/null 2>&1; then
msg_ok "Storage '${storage_id}' removed"
else
msg_error "Failed to remove storage '${storage_id}'"
fi
pause
}
find_next_mp_slot() {
local ctid="$1"
local used
used=$(pct config "$ctid" | awk -F: '/^mp[0-9]+:/ {gsub("mp", "", $1); print $1}')
for i in $(seq 0 255); do
if ! grep -qx "$i" <<<"$used"; then
echo "$i"
return
fi
done
echo ""
}
add_lxc_mountpoint() {
header_info
local ctid host_path ct_path mp_slot
ctid=$(read_input "LXC Mountpoint" "Container ID (CTID)") || return
host_path=$(read_input "LXC Mountpoint" "Host path (must exist, e.g. /mnt/pve/smb-media)") || return
ct_path=$(read_input "LXC Mountpoint" "Container path (e.g. /mnt/media)") || return
if ! pct config "$ctid" >/dev/null 2>&1; then
msg_error "Container ${ctid} not found"
pause
return
fi
if [[ ! -d "$host_path" ]]; then
msg_error "Host path does not exist: ${host_path}"
pause
return
fi
mp_slot=$(find_next_mp_slot "$ctid")
if [[ -z "$mp_slot" ]]; then
msg_error "No free mp slot available for container ${ctid}"
pause
return
fi
if pct set "$ctid" -mp"$mp_slot" "$host_path",mp="$ct_path" >/dev/null 2>&1; then
msg_ok "Added mp${mp_slot}: ${host_path} -> ${ct_path} on CT ${ctid}"
msg_warn "If CT is unprivileged, ensure UID/GID mapping and filesystem permissions fit your workload."
else
msg_error "Failed to add mountpoint to CT ${ctid}"
fi
pause
}
remove_lxc_mountpoint() {
header_info
local ctid mp_key
ctid=$(read_input "Remove LXC Mountpoint" "Container ID (CTID)") || return
mp_key=$(read_input "Remove LXC Mountpoint" "Mountpoint key (e.g. mp0, mp1)") || return
if ! pct config "$ctid" >/dev/null 2>&1; then
msg_error "Container ${ctid} not found"
pause
return
fi
if pct set "$ctid" -delete "$mp_key" >/dev/null 2>&1; then
msg_ok "Removed ${mp_key} from CT ${ctid}"
else
msg_error "Failed to remove ${mp_key} from CT ${ctid}"
fi
pause
}
list_lxc_mountpoints() {
header_info
local ctid
ctid=$(read_input "List LXC Mountpoints" "Container ID (CTID)") || return
if ! pct config "$ctid" >/dev/null 2>&1; then
msg_error "Container ${ctid} not found"
pause
return
fi
echo -e "${BL}Mountpoints for CT ${ctid}${CL}\n"
pct config "$ctid" | awk '/^mp[0-9]+:/{print}'
echo
pause
}
host_create_samba_share() {
header_info
local share_name share_path user_name user_pass
share_name=$(read_input "Host Samba Share" "Share name (e.g. data)") || return
share_path=$(read_input "Host Samba Share" "Share path on host (e.g. /srv/samba/data)" "/srv/samba/${share_name}") || return
user_name=$(read_input "Host Samba Share" "Linux/Samba username") || return
user_pass=$(read_password "Host Samba Share" "Password for ${user_name}") || return
msg_info "Installing Samba on host if needed"
apt update >/dev/null 2>&1
apt install -y samba >/dev/null 2>&1
mkdir -p "$share_path"
getent group sambashare >/dev/null 2>&1 || groupadd sambashare
id "$user_name" >/dev/null 2>&1 || useradd -M -s /usr/sbin/nologin -G sambashare "$user_name"
usermod -aG sambashare "$user_name"
chown -R root:sambashare "$share_path"
chmod 2775 "$share_path"
if ! (
echo "$user_pass"
echo "$user_pass"
) | smbpasswd -s -a "$user_name" >/dev/null 2>&1; then
msg_error "Failed to set Samba password for ${user_name}"
pause
return
fi
if ! grep -q "^\[${share_name}\]" /etc/samba/smb.conf; then
cat <<EOF >>/etc/samba/smb.conf
[${share_name}]
comment = Proxmox Host Share (${share_name})
path = ${share_path}
browseable = yes
read only = no
guest ok = no
create mask = 0664
directory mask = 2775
valid users = @sambashare
EOF
fi
testparm -s >/dev/null 2>&1 || {
msg_error "Samba config validation failed (testparm). Check /etc/samba/smb.conf"
pause
return
}
systemctl enable --now smbd nmbd >/dev/null 2>&1
systemctl restart smbd nmbd >/dev/null 2>&1
msg_ok "Host SMB share created: //$(hostname -I | awk '{print $1}')/${share_name}"
msg_warn "Best practice: prefer running Samba in a dedicated LXC/VM for cleaner host separation."
pause
}
host_create_nfs_export() {
header_info
local export_path subnet options
export_path=$(read_input "Host NFS Export" "Export path on host (e.g. /srv/proxmox-nfs)" "/srv/proxmox-nfs") || return
subnet=$(read_input "Host NFS Export" "Allowed subnet/CIDR (e.g. 10.0.0.0/16)") || return
options=$(read_input "Host NFS Export" "Export options" "rw,sync,no_subtree_check,no_root_squash") || return
msg_info "Installing NFS server on host if needed"
apt update >/dev/null 2>&1
apt install -y nfs-kernel-server >/dev/null 2>&1
mkdir -p "$export_path"
chmod 0770 "$export_path"
if ! grep -qE "^${export_path//\//\/}[[:space:]]+${subnet//\//\/}\(" /etc/exports; then
echo "${export_path} ${subnet}(${options})" >>/etc/exports
fi
exportfs -ra >/dev/null 2>&1
systemctl enable --now nfs-kernel-server >/dev/null 2>&1
msg_ok "Host NFS export created: ${export_path} ${subnet}(${options})"
msg_warn "Best practice: use host exports carefully; dedicated storage VM/LXC is often cleaner."
pause
}
show_status() {
header_info
echo -e "${BL}pvesm status${CL}"
pvesm status || true
echo
echo -e "${BL}Mounted /mnt/pve paths${CL}"
mount | grep /mnt/pve || true
echo
echo -e "${BL}Mounted CIFS/NFS/iSCSI related paths${CL}"
mount | grep -E ' type (cifs|nfs|nfs4)' || true
echo
echo -e "${BL}iSCSI sessions${CL}"
iscsiadm -m session 2>/dev/null || true
echo
pause
}
main_menu() {
while true; do
local choice
choice=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Storage Share Allrounder" \
--menu "Select action:" 30 110 20 \
"1" "SMB: manual mount test" \
"2" "NFS: manual mount test" \
"3" "iSCSI: discovery test" \
"4" "Proxmox: add SMB/CIFS storage" \
"5" "Proxmox: add NFS storage" \
"6" "Proxmox: add iSCSI storage" \
"7" "Proxmox: add LVM on base storage (e.g. iSCSI)" \
"8" "Proxmox: remove storage definition" \
"9" "LXC: add bind mountpoint (pct set -mpX)" \
"10" "LXC: remove mountpoint (pct set -delete mpX)" \
"11" "LXC: list mountpoints" \
"12" "Host: install Samba + create SMB share" \
"13" "Host: install NFS server + create export" \
"14" "Show storage/mount/iSCSI status" \
"0" "Exit" 3>&1 1>&2 2>&3) || break
case "$choice" in
1) manual_smb_test ;;
2) manual_nfs_test ;;
3) manual_iscsi_discovery ;;
4) add_smb_storage ;;
5) add_nfs_storage ;;
6) add_iscsi_storage ;;
7) add_lvm_on_base_storage ;;
8) remove_storage ;;
9) add_lxc_mountpoint ;;
10) remove_lxc_mountpoint ;;
11) list_lxc_mountpoints ;;
12) host_create_samba_share ;;
13) host_create_nfs_export ;;
14) show_status ;;
0) break ;;
*) ;;
esac
done
}
header_info
require_root
require_pve
ensure_packages
confirm_start || exit 0
main_menu
header_info
msg_ok "Finished."
+6 -42
View File
@@ -11,15 +11,14 @@
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
CONF_FILE="/etc/update-lxcs.conf" CONF_FILE="/etc/update-lxcs.conf"
LOG_FILE="/var/log/update-lxcs-cron.log"
PING_URL="" echo -e "\n $(date)"
# Collect excluded containers from arguments # Collect excluded containers from arguments
excluded_containers=("$@") excluded_containers=("$@")
# Merge exclusions and healthchecks URL from config file if it exists # Merge exclusions from config file if it exists
if [[ -f "$CONF_FILE" ]]; then if [[ -f "$CONF_FILE" ]]; then
PING_URL=$(grep -oP '^\s*PING_URL\s*=\s*\K.+' "$CONF_FILE" 2>/dev/null | tr -d '"' | tr -d "'" || true)
conf_exclude=$(grep -oP '^\s*EXCLUDE\s*=\s*\K[0-9,]+' "$CONF_FILE" 2>/dev/null || true) conf_exclude=$(grep -oP '^\s*EXCLUDE\s*=\s*\K[0-9,]+' "$CONF_FILE" 2>/dev/null || true)
IFS=',' read -ra conf_ids <<<"$conf_exclude" IFS=',' read -ra conf_ids <<<"$conf_exclude"
for id in "${conf_ids[@]}"; do for id in "${conf_ids[@]}"; do
@@ -28,17 +27,6 @@ if [[ -f "$CONF_FILE" ]]; then
done done
fi fi
# Overwrite logfile on each run when healthchecks is used
if [[ -n "$PING_URL" ]]; then
true > "$LOG_FILE"
fi
if [[ -n "$PING_URL" ]]; then
curl -fsS -m 10 --retry 5 "${PING_URL}/start" -o /dev/null 2>/dev/null || true
fi
echo -e "\n $(date)"
function update_container() { function update_container() {
local container=$1 local container=$1
local name local name
@@ -50,36 +38,12 @@ function update_container() {
alpine) pct exec "$container" -- ash -c "apk -U upgrade" ;; alpine) pct exec "$container" -- ash -c "apk -U upgrade" ;;
archlinux) pct exec "$container" -- bash -c "pacman -Syyu --noconfirm" ;; archlinux) pct exec "$container" -- bash -c "pacman -Syyu --noconfirm" ;;
fedora | rocky | centos | alma) pct exec "$container" -- bash -c "dnf -y update && dnf -y upgrade" ;; fedora | rocky | centos | alma) pct exec "$container" -- bash -c "dnf -y update && dnf -y upgrade" ;;
ubuntu | debian | devuan) pct exec "$container" -- bash -c "apt-get update; DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::='--force-confold' dist-upgrade -y; status=\$?; rm -rf /usr/lib/python3.*/EXTERNALLY-MANAGED || true; exit \$status" ;; ubuntu | debian | devuan) pct exec "$container" -- bash -c "apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::='--force-confold' dist-upgrade -y; rm -rf /usr/lib/python3.*/EXTERNALLY-MANAGED" ;;
opensuse) pct exec "$container" -- bash -c "zypper ref && zypper --non-interactive dup" ;; opensuse) pct exec "$container" -- bash -c "zypper ref && zypper --non-interactive dup" ;;
*) echo " [Warn] Unknown OS type '$os' for container $container, skipping" ;; *) echo " [Warn] Unknown OS type '$os' for container $container, skipping" ;;
esac esac
} }
update_status=0
# Define exit handler to send healthchecks.io status (with logfile on failure/success)
function exit_handler() {
local exit_code=$?
if [[ -n "$PING_URL" ]]; then
sync
if [[ $exit_code -ne 0 || $update_status -ne 0 ]]; then
if [[ -f "$LOG_FILE" ]]; then
curl -fsS -m 10 --retry 5 --data-binary @"$LOG_FILE" "${PING_URL}/fail" -o /dev/null 2>/dev/null || true
else
curl -fsS -m 10 --retry 5 "${PING_URL}/fail" -o /dev/null 2>/dev/null || true
fi
else
if [[ -f "$LOG_FILE" ]]; then
curl -fsS -m 10 --retry 5 --data-binary @"$LOG_FILE" "$PING_URL" -o /dev/null 2>/dev/null || true
else
curl -fsS -m 10 --retry 5 "$PING_URL" -o /dev/null 2>/dev/null || true
fi
fi
fi
}
trap exit_handler EXIT
for container in $(pct list | awk '{if(NR>1) print $1}'); do for container in $(pct list | awk '{if(NR>1) print $1}'); do
excluded=false excluded=false
for excluded_container in "${excluded_containers[@]}"; do for excluded_container in "${excluded_containers[@]}"; do
@@ -101,7 +65,7 @@ for container in $(pct list | awk '{if(NR>1) print $1}'); do
echo -e "[Info] Starting $container" echo -e "[Info] Starting $container"
pct start "$container" pct start "$container"
sleep 5 sleep 5
update_container "$container" || { echo " [Error] Update failed for $container"; update_status=1; } update_container "$container" || echo " [Error] Update failed for $container"
# check if patchmon agent is present in container and run a report if found # check if patchmon agent is present in container and run a report if found
if pct exec "$container" -- [ -e "/usr/local/bin/patchmon-agent" ]; then if pct exec "$container" -- [ -e "/usr/local/bin/patchmon-agent" ]; then
echo -e "${BL}[Info]${GN} patchmon-agent found in ${BL} $container ${CL}, triggering report. \n" echo -e "${BL}[Info]${GN} patchmon-agent found in ${BL} $container ${CL}, triggering report. \n"
@@ -110,7 +74,7 @@ for container in $(pct list | awk '{if(NR>1) print $1}'); do
echo -e "[Info] Shutting down $container" echo -e "[Info] Shutting down $container"
pct shutdown "$container" --timeout 60 & pct shutdown "$container" --timeout 60 &
elif [ "$status" == "status: running" ]; then elif [ "$status" == "status: running" ]; then
update_container "$container" || { echo " [Error] Update failed for $container"; update_status=1; } update_container "$container" || echo " [Error] Update failed for $container"
# check if patchmon agent is present in container and run a report if found # check if patchmon agent is present in container and run a report if found
if pct exec "$container" -- [ -e "/usr/local/bin/patchmon-agent" ]; then if pct exec "$container" -- [ -e "/usr/local/bin/patchmon-agent" ]; then
echo -e "${BL}[Info]${GN} patchmon-agent found in ${BL} $container ${CL}, triggering report. \n" echo -e "${BL}[Info]${GN} patchmon-agent found in ${BL} $container ${CL}, triggering report. \n"