Add protonmail-bridge (ct)

CHANGELOG.md

@@ -455,13 +455,6 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
   - Nagios ([#14126](https://github.com/community-scripts/ProxmoxVE/pull/14126))
 - Neko ([#14121](https://github.com/community-scripts/ProxmoxVE/pull/14121))
 
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - alpine-docker: install openssl as core dependency | alpine-komodo: check & install openssl if missing [@MickLesk](https://github.com/MickLesk) ([#14134](https://github.com/community-scripts/ProxmoxVE/pull/14134))
-    - endurain: update source references to Codeberg [@MickLesk](https://github.com/MickLesk) ([#14128](https://github.com/community-scripts/ProxmoxVE/pull/14128))
-
 ### 💾 Core
 
   - #### 🔧 Refactor

ct/endurain.sh

@@ -3,7 +3,7 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: johanngrobe
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://codeberg.org/endurain-project/endurain
+# Source: https://github.com/joaovitoriasilva/endurain
 
 APP="Endurain"
 var_tags="${var_tags:-sport;social-media}"
@@ -28,7 +28,7 @@ function update_script() {
     msg_error "No ${APP} installation found!"
     exit 233
   fi
-  if check_for_codeberg_release "endurain" "endurain-project/endurain"; then
+  if check_for_gh_release "endurain" "endurain-project/endurain"; then
     msg_info "Stopping Service"
     systemctl stop endurain
     msg_ok "Stopped Service"
@@ -38,7 +38,7 @@ function update_script() {
     cp /opt/endurain/frontend/app/dist/env.js /opt/endurain.env.js
     msg_ok "Created Backup"
 
-    CLEAN_INSTALL=1 fetch_and_deploy_codeberg_release "endurain" "endurain-project/endurain" "tarball" "latest" "/opt/endurain"
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "endurain" "endurain-project/endurain" "tarball" "latest" "/opt/endurain"
 
     msg_info "Preparing Update"
     cd /opt/endurain

ct/headers/protonmail-bridge

@@ -0,0 +1,6 @@
+    ____             __              __  ___      _ __      ____       _     __         
+   / __ \_________  / /_____  ____  /  |/  /___ _(_) /     / __ )_____(_)___/ /___ ____ 
+  / /_/ / ___/ __ \/ __/ __ \/ __ \/ /|_/ / __ `/ / /_____/ __  / ___/ / __  / __ `/ _ \
+ / ____/ /  / /_/ / /_/ /_/ / / / / /  / / /_/ / / /_____/ /_/ / /  / / /_/ / /_/ /  __/
+/_/   /_/   \____/\__/\____/_/ /_/_/  /_/\__,_/_/_/     /_____/_/  /_/\__,_/\__, /\___/ 
+                                                                           /____/       

ct/protonmail-bridge.sh

@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: Stephen Chin (steveonjava)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/ProtonMail/proton-bridge
+
+APP="ProtonMail-Bridge"
+var_tags="${var_tags:-mail;proton}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-1024}"
+var_disk="${var_disk:-8}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -x /usr/bin/protonmail-bridge ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit 1
+  fi
+
+  if check_for_gh_release "protonmail-bridge" "ProtonMail/proton-bridge"; then
+    local -a bridge_units=(
+      protonmail-bridge
+      protonmail-bridge-imap.socket
+      protonmail-bridge-smtp.socket
+      protonmail-bridge-imap-proxy
+      protonmail-bridge-smtp-proxy
+    )
+    local unit
+    declare -A was_active
+    for unit in "${bridge_units[@]}"; do
+      if systemctl is-active --quiet "$unit" 2>/dev/null; then
+        was_active["$unit"]=1
+      else
+        was_active["$unit"]=0
+      fi
+    done
+
+    msg_info "Stopping Services"
+    systemctl stop protonmail-bridge-imap.socket protonmail-bridge-smtp.socket protonmail-bridge-imap-proxy protonmail-bridge-smtp-proxy protonmail-bridge
+    msg_ok "Stopped Services"
+
+    fetch_and_deploy_gh_release "protonmail-bridge" "ProtonMail/proton-bridge" "binary"
+
+    if [[ -f /home/protonbridge/.protonmailbridge-initialized ]]; then
+      msg_info "Starting Services"
+      for unit in "${bridge_units[@]}"; do
+        if [[ "${was_active[$unit]:-0}" == "1" ]]; then
+          systemctl start "$unit"
+        fi
+      done
+      msg_ok "Started Services"
+    else
+      msg_ok "Initialization not completed. Services remain disabled."
+    fi
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW}One-time configuration is required before Bridge services are enabled.${CL}"
+echo -e "${INFO}${YW}Run this command in the container: protonmailbridge-configure${CL}"

install/alpine-docker-install.sh

@@ -14,7 +14,7 @@ network_check
 update_os
 
 msg_info "Installing Dependencies"
-$STD apk add tzdata openssl
+$STD apk add tzdata
 msg_ok "Installed Dependencies"
 
 msg_info "Installing Docker"

install/endurain-install.sh

@@ -3,7 +3,7 @@
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: johanngrobe
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://codeberg.org/endurain-project/endurain
+# Source: https://github.com/joaovitoriasilva/endurain
 
 source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
 color
@@ -21,7 +21,7 @@ PYTHON_VERSION="3.13" setup_uv
 NODE_VERSION="24" setup_nodejs
 PG_VERSION="17" PG_MODULES="postgis" setup_postgresql
 PG_DB_NAME="enduraindb" PG_DB_USER="endurain" setup_postgresql_db
-fetch_and_deploy_codeberg_release "endurain" "endurain-project/endurain" "tarball" "latest" "/opt/endurain"
+fetch_and_deploy_gh_release "endurain" "endurain-project/endurain" "tarball" "latest" "/opt/endurain"
 
 msg_info "Setting up Endurain"
 cd /opt/endurain

install/protonmail-bridge-install.sh

@@ -0,0 +1,192 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: Stephen Chin (steveonjava)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/ProtonMail/proton-bridge
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y pass
+msg_ok "Installed Dependencies"
+
+msg_info "Creating Service User"
+useradd -r -m -d /home/protonbridge -s /usr/sbin/nologin protonbridge
+install -d -m 0750 -o protonbridge -g protonbridge /home/protonbridge
+msg_ok "Created Service User"
+
+fetch_and_deploy_gh_release "protonmail-bridge" "ProtonMail/proton-bridge" "binary"
+
+msg_info "Creating Services"
+cat <<EOF >/etc/systemd/system/protonmail-bridge.service
+[Unit]
+Description=Proton Mail Bridge (noninteractive)
+After=network-online.target
+Wants=network-online.target
+ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized
+
+[Service]
+Type=simple
+User=protonbridge
+Group=protonbridge
+WorkingDirectory=/home/protonbridge
+Environment=HOME=/home/protonbridge
+ExecStart=/usr/bin/protonmail-bridge --noninteractive
+Restart=always
+RestartSec=3
+NoNewPrivileges=yes
+PrivateTmp=yes
+ProtectSystem=full
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectControlGroups=yes
+
+[Install]
+WantedBy=multi-user.target
+EOF
+cat <<'EOF' >/etc/systemd/system/protonmail-bridge-imap.socket
+[Unit]
+Description=Proton Mail Bridge IMAP Socket (143)
+ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized
+
+[Socket]
+ListenStream=143
+Accept=no
+Service=protonmail-bridge-imap-proxy.service
+
+[Install]
+WantedBy=sockets.target
+EOF
+cat <<'EOF' >/etc/systemd/system/protonmail-bridge-imap-proxy.service
+[Unit]
+Description=Proton Mail Bridge IMAP Proxy (143 -> 127.0.0.1:1143)
+After=protonmail-bridge.service
+Requires=protonmail-bridge.service
+ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized
+
+[Service]
+Type=simple
+Sockets=protonmail-bridge-imap.socket
+ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:1143
+NoNewPrivileges=yes
+PrivateTmp=yes
+EOF
+cat <<'EOF' >/etc/systemd/system/protonmail-bridge-smtp.socket
+[Unit]
+Description=Proton Mail Bridge SMTP Socket (587)
+ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized
+
+[Socket]
+ListenStream=587
+Accept=no
+Service=protonmail-bridge-smtp-proxy.service
+
+[Install]
+WantedBy=sockets.target
+EOF
+cat <<'EOF' >/etc/systemd/system/protonmail-bridge-smtp-proxy.service
+[Unit]
+Description=Proton Mail Bridge SMTP Proxy (587 -> 127.0.0.1:1025)
+After=protonmail-bridge.service
+Requires=protonmail-bridge.service
+ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized
+
+[Service]
+Type=simple
+Sockets=protonmail-bridge-smtp.socket
+ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:1025
+NoNewPrivileges=yes
+PrivateTmp=yes
+EOF
+msg_ok "Created Services"
+
+msg_info "Creating Helper Commands"
+
+cat <<'EOF' >/usr/local/bin/protonmailbridge-configure
+#!/usr/bin/env bash
+set -euo pipefail
+
+BRIDGE_USER="protonbridge"
+BRIDGE_HOME="/home/${BRIDGE_USER}"
+GNUPG_HOME="${BRIDGE_HOME}/.gnupg"
+MARKER="${BRIDGE_HOME}/.protonmailbridge-initialized"
+
+FIRST_TIME=0
+if [[ ! -f "${MARKER}" ]]; then
+  FIRST_TIME=1
+fi
+
+# Stop sockets/proxies/bridge daemon before configuration
+systemctl stop protonmail-bridge-imap.socket protonmail-bridge-smtp.socket
+systemctl stop protonmail-bridge-imap-proxy protonmail-bridge-smtp-proxy protonmail-bridge
+
+if [[ "${FIRST_TIME}" == "1" ]]; then
+  echo "First-time setup: initializing pass keychain for ${BRIDGE_USER} (required by Proton Mail Bridge on Linux)."
+
+  install -d -m 0700 -o "${BRIDGE_USER}" -g "${BRIDGE_USER}" "${GNUPG_HOME}"
+
+  FPR="$(runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \
+    gpg --list-secret-keys --with-colons 2>/dev/null | awk -F: '$1=="fpr"{print $10; exit}')"
+
+  if [[ -z "${FPR}" ]]; then
+    runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \
+      gpg --batch --pinentry-mode loopback --passphrase '' \
+      --quick-gen-key 'ProtonMail Bridge' default default never
+
+    FPR="$(runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \
+      gpg --list-secret-keys --with-colons 2>/dev/null | awk -F: '$1=="fpr"{print $10; exit}')"
+  fi
+
+  if [[ -z "${FPR}" ]]; then
+    echo "Failed to detect a GPG key fingerprint for ${BRIDGE_USER}." >&2
+    exit 1
+  fi
+
+  runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \
+    pass init "${FPR}"
+
+  echo
+  echo "To do initial configuration of the Proton Mail Bridge:"
+  echo "Run: login"
+  echo "Run: info"
+  echo "Run: exit"
+  echo
+else
+  echo
+  echo "Launching Proton Mail Bridge CLI for configuration."
+  echo "External access is disabled until you exit."
+  echo "Run: exit"
+  echo
+fi
+
+runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" \
+  protonmail-bridge -c
+
+if [[ "${FIRST_TIME}" == "1" ]]; then
+  touch "${MARKER}"
+  chown "${BRIDGE_USER}:${BRIDGE_USER}" "${MARKER}"
+  chmod 0644 "${MARKER}"
+fi
+
+systemctl enable -q --now protonmail-bridge.service protonmail-bridge-imap.socket protonmail-bridge-smtp.socket
+
+if [[ "${FIRST_TIME}" == "1" ]]; then
+  echo "Initialization complete. Services enabled and started."
+else
+  echo "Configuration complete. Services enabled and started."
+fi
+EOF
+chmod +x /usr/local/bin/protonmailbridge-configure
+ln -sf /usr/local/bin/protonmailbridge-configure /usr/bin/protonmailbridge-configure
+msg_ok "Created Helper Commands"
+
+motd_ssh
+customize
+cleanup_lxc

tools/addon/komodo.sh

@@ -151,23 +151,6 @@ function check_proxmox_host() {
 # ==============================================================================
 # CHECK / INSTALL DOCKER
 # ==============================================================================
-function ensure_openssl() {
-  if command -v openssl &>/dev/null; then
-    return
-  fi
-  msg_info "Installing openssl"
-  if [[ -f /etc/alpine-release ]]; then
-    $STD apk add openssl
-  elif command -v apt-get &>/dev/null; then
-    $STD apt-get update
-    $STD apt-get install -y openssl
-  else
-    msg_error "openssl is required but could not be installed automatically."
-    exit 10
-  fi
-  msg_ok "Installed openssl"
-}
-
 function check_or_install_docker() {
   if command -v docker &>/dev/null; then
     msg_ok "Docker $(docker --version | cut -d' ' -f3 | tr -d ',') is available"
@@ -177,7 +160,6 @@ function check_or_install_docker() {
       msg_error "Docker Compose plugin is not available. Please install it."
       exit 10
     fi
-    ensure_openssl
     return
   fi
 
@@ -201,8 +183,6 @@ function check_or_install_docker() {
     $STD sh <(curl -fsSL https://get.docker.com)
   fi
   msg_ok "Installed Docker"
-
-  ensure_openssl
 }
 
 # ==============================================================================