mirror of
https://github.com/community-scripts/ProxmoxVE.git
synced 2026-07-03 04:32:15 +02:00
Compare commits
27 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 43c2766181 | |||
| 4adb74e304 | |||
| 20ee92cc32 | |||
| b3cdbc1582 | |||
| 52168aac12 | |||
| d610a35b34 | |||
| a76225aba6 | |||
| 0c9d77973e | |||
| 9b7f4533c6 | |||
| 70f8118198 | |||
| ace936085e | |||
| 6f18af08d8 | |||
| cd9c920d48 | |||
| 6a07f1bfd5 | |||
| 3f1b2f2180 | |||
| 0bc090abc6 | |||
| be29bb1538 | |||
| 8f3d439daa | |||
| 88458c5837 | |||
| ce11015489 | |||
| f156e761e0 | |||
| 7493a7f003 | |||
| a8eedc1848 | |||
| be21f7517a | |||
| 4c10c0d98f | |||
| 17d18e70c8 | |||
| 80af66e864 |
@@ -489,6 +489,36 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
|
||||
|
||||
</details>
|
||||
|
||||
## 2026-07-02
|
||||
|
||||
### 🆕 New Scripts
|
||||
|
||||
- Rackula ([#15465](https://github.com/community-scripts/ProxmoxVE/pull/15465))
|
||||
|
||||
### 🚀 Updated Scripts
|
||||
|
||||
- #### 🐞 Bug Fixes
|
||||
|
||||
- typo: fix npm update to npm install for n8n [@MickLesk](https://github.com/MickLesk) ([#15545](https://github.com/community-scripts/ProxmoxVE/pull/15545))
|
||||
|
||||
- #### ✨ New Features
|
||||
|
||||
- Frigate: bump to v0.17.2 [@MickLesk](https://github.com/MickLesk) ([#15536](https://github.com/community-scripts/ProxmoxVE/pull/15536))
|
||||
|
||||
- #### 💥 Breaking Changes
|
||||
|
||||
- Immich v3.0.0 [@vhsdream](https://github.com/vhsdream) ([#15153](https://github.com/community-scripts/ProxmoxVE/pull/15153))
|
||||
|
||||
### 💾 Core
|
||||
|
||||
- #### 🐞 Bug Fixes
|
||||
|
||||
- tools.func: configure pnpm to allow all build scripts for environments [@MickLesk](https://github.com/MickLesk) ([#15532](https://github.com/community-scripts/ProxmoxVE/pull/15532))
|
||||
|
||||
- #### ✨ New Features
|
||||
|
||||
- feat(build.func): add var_ignore_disable to bypass disabled-script guard [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#15544](https://github.com/community-scripts/ProxmoxVE/pull/15544))
|
||||
|
||||
## 2026-07-01
|
||||
|
||||
### 🆕 New Scripts
|
||||
@@ -499,6 +529,9 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
|
||||
|
||||
- #### 🐞 Bug Fixes
|
||||
|
||||
- Stirling-PDF: patch libicudata execstack flag for LXC container compatibility [@MickLesk](https://github.com/MickLesk) ([#15531](https://github.com/community-scripts/ProxmoxVE/pull/15531))
|
||||
- FlowiseAI: align install to use pnpm instead of npm to fix missing dependencies [@MickLesk](https://github.com/MickLesk) ([#15530](https://github.com/community-scripts/ProxmoxVE/pull/15530))
|
||||
- Vaultwarden: handle version detection failure gracefully in update [@MickLesk](https://github.com/MickLesk) ([#15526](https://github.com/community-scripts/ProxmoxVE/pull/15526))
|
||||
- homarr: fix: update-fail [@CrazyWolf13](https://github.com/CrazyWolf13) ([#15512](https://github.com/community-scripts/ProxmoxVE/pull/15512))
|
||||
- n8n: pin version to 2.27.5 [@tremor021](https://github.com/tremor021) ([#15516](https://github.com/community-scripts/ProxmoxVE/pull/15516))
|
||||
|
||||
@@ -506,6 +539,13 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
|
||||
|
||||
- [arm64] feat: iventory arm64 support [@asylumexp](https://github.com/asylumexp) ([#15521](https://github.com/community-scripts/ProxmoxVE/pull/15521))
|
||||
|
||||
### 💾 Core
|
||||
|
||||
- #### 🐞 Bug Fixes
|
||||
|
||||
- core: fix SDN vnet network parameter to use bridge instead of vnet [@MickLesk](https://github.com/MickLesk) ([#15527](https://github.com/community-scripts/ProxmoxVE/pull/15527))
|
||||
- tools.func: use safe variable expansion in check_for_gh_release RETURN trap [@MickLesk](https://github.com/MickLesk) ([#15529](https://github.com/community-scripts/ProxmoxVE/pull/15529))
|
||||
|
||||
## 2026-06-30
|
||||
|
||||
### 🚀 Updated Scripts
|
||||
|
||||
@@ -0,0 +1,6 @@
|
||||
____ __ __
|
||||
/ __ \____ ______/ /____ __/ /___ _
|
||||
/ /_/ / __ `/ ___/ //_/ / / / / __ `/
|
||||
/ _, _/ /_/ / /__/ ,< / /_/ / / /_/ /
|
||||
/_/ |_|\__,_/\___/_/|_|\__,_/_/\__,_/
|
||||
|
||||
+40
-24
@@ -110,7 +110,7 @@ EOF
|
||||
msg_ok "Image-processing libraries up to date"
|
||||
fi
|
||||
|
||||
RELEASE="v2.7.5"
|
||||
RELEASE="v3.0.1"
|
||||
if check_for_gh_release "Immich" "immich-app/immich" "${RELEASE}" "each release is tested individually before the version is updated. Please do not open issues for this"; then
|
||||
if [[ $(cat ~/.immich) > "2.5.1" ]]; then
|
||||
msg_info "Enabling Maintenance Mode"
|
||||
@@ -124,7 +124,7 @@ EOF
|
||||
systemctl stop immich-web
|
||||
systemctl stop immich-ml
|
||||
msg_ok "Stopped Services"
|
||||
VCHORD_RELEASE="0.5.3"
|
||||
VCHORD_RELEASE="1.0.0"
|
||||
[[ -f ~/.vchord_version ]] && mv ~/.vchord_version ~/.vectorchord
|
||||
if check_for_gh_release "VectorChord" "tensorchord/VectorChord" "${VCHORD_RELEASE}" "updated together with Immich after testing"; then
|
||||
fetch_and_deploy_gh_release "VectorChord" "tensorchord/VectorChord" "binary" "${VCHORD_RELEASE}" "/tmp" "postgresql-16-vchord_*_$(arch_resolve).deb"
|
||||
@@ -140,7 +140,7 @@ EOF
|
||||
UPLOAD_DIR="$(sed -n '/^IMMICH_MEDIA_LOCATION/s/[^=]*=//p' /opt/immich/.env)"
|
||||
SRC_DIR="${INSTALL_DIR}/source"
|
||||
APP_DIR="${INSTALL_DIR}/app"
|
||||
PLUGIN_DIR="${APP_DIR}/corePlugin"
|
||||
PLUGIN_DIR="${APP_DIR}/plugins/immich-plugin-core"
|
||||
ML_DIR="${APP_DIR}/machine-learning"
|
||||
GEO_DIR="${INSTALL_DIR}/geodata"
|
||||
|
||||
@@ -177,10 +177,10 @@ EOF
|
||||
|
||||
# server build
|
||||
export SHARP_IGNORE_GLOBAL_LIBVIPS=true
|
||||
$STD pnpm --filter immich --frozen-lockfile build
|
||||
$STD pnpm --filter @immich/sdk --filter @immich/plugin-sdk --filter immich build
|
||||
unset SHARP_IGNORE_GLOBAL_LIBVIPS
|
||||
export SHARP_FORCE_GLOBAL_LIBVIPS=true
|
||||
$STD pnpm --filter immich --frozen-lockfile --prod --no-optional deploy "$APP_DIR"
|
||||
$STD pnpm --filter immich --prod --no-optional deploy "$APP_DIR"
|
||||
|
||||
# Patch helmet.json: disable upgrade-insecure-requests for HTTP access
|
||||
if [[ -f "$APP_DIR/helmet.json" ]]; then
|
||||
@@ -190,32 +190,31 @@ EOF
|
||||
cp "$APP_DIR"/package.json "$APP_DIR"/bin
|
||||
sed -i "s|^start|${APP_DIR}/bin/start|" "$APP_DIR"/bin/immich-admin
|
||||
|
||||
# openapi & web build
|
||||
# sdk, cli & web build
|
||||
cd "$SRC_DIR"
|
||||
echo "packageImportMethod: hardlink" >>./pnpm-workspace.yaml
|
||||
$STD pnpm --filter @immich/sdk --filter immich-web --frozen-lockfile --force install
|
||||
unset SHARP_FORCE_GLOBAL_LIBVIPS
|
||||
export SHARP_IGNORE_GLOBAL_LIBVIPS=true
|
||||
$STD pnpm --filter @immich/sdk --filter immich-web build
|
||||
$STD pnpm --filter @immich/sdk --filter immich-web --filter @immich/cli build
|
||||
$STD pnpm --filter @immich/cli --prod --no-optional deploy "$APP_DIR"/cli
|
||||
cp -a web/build "$APP_DIR"/www
|
||||
cp LICENSE "$APP_DIR"
|
||||
|
||||
# cli build
|
||||
$STD pnpm --filter @immich/sdk --filter @immich/cli --frozen-lockfile install
|
||||
$STD pnpm --filter @immich/sdk --filter @immich/cli build
|
||||
$STD pnpm --filter @immich/cli --prod --no-optional deploy "$APP_DIR"/cli
|
||||
[[ -f "$INSTALL_DIR"/start.sh ]] && mv "$INSTALL_DIR"/start.sh "$APP_DIR"/bin
|
||||
|
||||
# plugins
|
||||
# Build the plugin(s) directly instead of via the `mise //:plugins` monorepo task path,
|
||||
# which repeatedly breaks across mise releases (experimental/monorepo_root setting churn).
|
||||
# mise is used only to provide the build tools (extism-js, wasm-opt, etc.) via `mise install`
|
||||
# and `mise exec`, both of which are stable and do not depend on the monorepo feature.
|
||||
cd "$SRC_DIR"
|
||||
$STD mise trust --ignore ./mise.toml
|
||||
$STD mise trust ./plugins/mise.toml
|
||||
cd plugins
|
||||
export MISE_TRUSTED_CONFIG_PATHS="$SRC_DIR"/mise.toml
|
||||
export MISE_DISABLE_TOOLS=github:jellyfin/jellyfin-ffmpeg
|
||||
$STD mise install
|
||||
$STD mise run build
|
||||
$STD mise exec -- pnpm --filter @immich/sdk --filter @immich/plugin-sdk --filter @immich/plugin-core install --frozen-lockfile
|
||||
$STD mise exec -- pnpm --filter @immich/sdk --filter @immich/plugin-sdk --filter @immich/plugin-core build
|
||||
mkdir -p "$PLUGIN_DIR"
|
||||
cp -r ./dist "$PLUGIN_DIR"/dist
|
||||
cp ./manifest.json "$PLUGIN_DIR"
|
||||
cp -r ./packages/plugin-core/dist "$PLUGIN_DIR"/dist
|
||||
cp ./packages/plugin-core/manifest.json "$PLUGIN_DIR"
|
||||
msg_ok "Updated Immich server, web, cli and plugins"
|
||||
|
||||
cd "$SRC_DIR"/machine-learning
|
||||
@@ -231,13 +230,13 @@ EOF
|
||||
ML_PYTHON="python3.13"
|
||||
msg_info "Pre-installing Python ${ML_PYTHON} for machine-learning"
|
||||
for attempt in $(seq 1 3); do
|
||||
$STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv python install "${ML_PYTHON}" && break
|
||||
$STD sudo --preserve-env=VIRTUAL_ENV -Pnu immich uv python install "${ML_PYTHON}" && break
|
||||
[[ $attempt -lt 3 ]] && msg_warn "Python download attempt $attempt failed, retrying..." && sleep 5
|
||||
done
|
||||
msg_ok "Pre-installed Python ${ML_PYTHON}"
|
||||
msg_info "Updating Intel OpenVINO machine-learning"
|
||||
for attempt in $(seq 1 3); do
|
||||
$STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -nu immich uv sync --extra openvino --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
|
||||
$STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -Pnu immich uv sync --extra openvino --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
|
||||
[[ $attempt -lt 3 ]] && msg_warn "uv sync attempt $attempt failed, retrying..." && sleep 10
|
||||
done
|
||||
patchelf --clear-execstack "${VIRTUAL_ENV}/lib/python3.13/site-packages/onnxruntime/capi/onnxruntime_pybind11_state.cpython-313-$(arch_resolve "x86_64" "aarch64")-linux-gnu.so"
|
||||
@@ -246,13 +245,13 @@ EOF
|
||||
ML_PYTHON="python3.11"
|
||||
msg_info "Pre-installing Python ${ML_PYTHON} for machine-learning"
|
||||
for attempt in $(seq 1 3); do
|
||||
$STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv python install "${ML_PYTHON}" && break
|
||||
$STD sudo --preserve-env=VIRTUAL_ENV -Pnu immich uv python install "${ML_PYTHON}" && break
|
||||
[[ $attempt -lt 3 ]] && msg_warn "Python download attempt $attempt failed, retrying..." && sleep 5
|
||||
done
|
||||
msg_ok "Pre-installed Python ${ML_PYTHON}"
|
||||
msg_info "Updating machine-learning"
|
||||
for attempt in $(seq 1 3); do
|
||||
$STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -nu immich uv sync --extra cpu --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
|
||||
$STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -Pnu immich uv sync --extra cpu --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
|
||||
[[ $attempt -lt 3 ]] && msg_warn "uv sync attempt $attempt failed, retrying..." && sleep 10
|
||||
done
|
||||
msg_ok "Updated machine-learning"
|
||||
@@ -260,6 +259,23 @@ EOF
|
||||
cd "$SRC_DIR"
|
||||
cp -a machine-learning/{ann,immich_ml} "$ML_DIR"
|
||||
[[ -f "$INSTALL_DIR"/ml_start.sh ]] && mv "$INSTALL_DIR"/ml_start.sh "$ML_DIR"
|
||||
# Regenerate ml_start.sh if it is missing (e.g. lost by a previously interrupted update),
|
||||
# otherwise immich-ml.service fails to start with status=203/EXEC
|
||||
if [[ ! -f "$ML_DIR"/ml_start.sh ]]; then
|
||||
cat <<EOF >"$ML_DIR"/ml_start.sh
|
||||
#!/usr/bin/env bash
|
||||
|
||||
cd ${ML_DIR}
|
||||
. ${VIRTUAL_ENV}/bin/activate
|
||||
|
||||
set -a
|
||||
. ${INSTALL_DIR}/.env
|
||||
set +a
|
||||
|
||||
python3 -m immich_ml
|
||||
EOF
|
||||
chmod +x "$ML_DIR"/ml_start.sh
|
||||
fi
|
||||
[[ -f ~/.openvino ]] && sed -i "/intra_op/s/int = 0/int = os.cpu_count() or 0/" "$ML_DIR"/immich_ml/config.py
|
||||
ln -sf "$APP_DIR"/resources "$INSTALL_DIR"
|
||||
cd "$APP_DIR"
|
||||
@@ -429,7 +445,7 @@ function compile_imagemagick() {
|
||||
|
||||
function compile_libvips() {
|
||||
SOURCE=$SOURCE_DIR/libvips
|
||||
LIBVIPS_REVISION="17ad2f62dda7e39985955da189183e594683d45e"
|
||||
LIBVIPS_REVISION="3664cfc5dc2c5661288f5bf5a85ccc51c64c1626"
|
||||
if [[ "$LIBVIPS_REVISION" != "$(grep 'libvips' ~/.immich_library_revisions | awk '{print $2}')" ]]; then
|
||||
msg_info "Recompiling libvips"
|
||||
[[ -d "$SOURCE" ]] && rm -rf "$SOURCE"
|
||||
|
||||
@@ -45,7 +45,7 @@ EOF
|
||||
systemctl daemon-reload
|
||||
fi
|
||||
|
||||
$STD npm update -g n8n@2.27.5
|
||||
$STD npm install -g n8n@2.27.5
|
||||
systemctl restart n8n
|
||||
msg_ok "Updated n8n"
|
||||
msg_ok "Updated successfully!"
|
||||
|
||||
Executable
+81
@@ -0,0 +1,81 @@
|
||||
#!/usr/bin/env bash
|
||||
source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
|
||||
# Copyright (c) 2021-2026 community-scripts ORG
|
||||
# Author: gVNS (ggfevans)
|
||||
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
|
||||
# Source: https://github.com/RackulaLives/Rackula
|
||||
|
||||
APP="Rackula"
|
||||
var_tags="${var_tags:-homelab}"
|
||||
var_cpu="${var_cpu:-1}"
|
||||
var_ram="${var_ram:-512}"
|
||||
var_disk="${var_disk:-8}"
|
||||
var_os="${var_os:-debian}"
|
||||
var_version="${var_version:-13}"
|
||||
var_arm64="${var_arm64:-yes}"
|
||||
var_unprivileged="${var_unprivileged:-1}"
|
||||
|
||||
header_info "$APP"
|
||||
variables
|
||||
color
|
||||
catch_errors
|
||||
|
||||
function update_script() {
|
||||
header_info
|
||||
check_container_storage
|
||||
check_container_resources
|
||||
|
||||
if [[ ! -d /opt/rackula ]]; then
|
||||
msg_error "No ${APP} Installation Found!"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if check_for_gh_release "rackula" "RackulaLives/Rackula"; then
|
||||
msg_info "Stopping Services"
|
||||
systemctl stop rackula-api nginx
|
||||
msg_ok "Stopped Services"
|
||||
|
||||
create_backup /opt/rackula/data
|
||||
CLEAN_INSTALL=1 fetch_and_deploy_gh_release "rackula" "RackulaLives/Rackula" "prebuild" "latest" "/opt/rackula" "rackula-lxc-*.tar.gz"
|
||||
restore_backup
|
||||
|
||||
msg_info "Updating Configuration"
|
||||
cp /opt/rackula/config/nginx.conf /etc/nginx/sites-available/rackula
|
||||
cp /opt/rackula/config/security-headers.conf /etc/nginx/snippets/security-headers.conf
|
||||
cp /opt/rackula/config/rackula-api.service /etc/systemd/system/rackula-api.service
|
||||
if grep -q '^User=' /etc/systemd/system/rackula-api.service; then
|
||||
sed -i 's/^User=.*/User=root/' /etc/systemd/system/rackula-api.service
|
||||
else
|
||||
sed -i '/^\[Service\]/a User=root' /etc/systemd/system/rackula-api.service
|
||||
fi
|
||||
if grep -q '^Group=' /etc/systemd/system/rackula-api.service; then
|
||||
sed -i 's/^Group=.*/Group=root/' /etc/systemd/system/rackula-api.service
|
||||
else
|
||||
sed -i '/^\[Service\]/a Group=root' /etc/systemd/system/rackula-api.service
|
||||
fi
|
||||
mkdir -p /etc/systemd/system/nginx.service.d
|
||||
cp /opt/rackula/config/nginx.service.d-override.conf /etc/systemd/system/nginx.service.d/override.conf
|
||||
chown -R root:root /opt/rackula/frontend
|
||||
find /opt/rackula/frontend -type d -exec chmod 755 {} \;
|
||||
find /opt/rackula/frontend -type f -exec chmod 644 {} \;
|
||||
chmod 750 /opt/rackula/data
|
||||
msg_ok "Updated Configuration"
|
||||
|
||||
msg_info "Starting Services"
|
||||
$STD nginx -t
|
||||
systemctl daemon-reload
|
||||
systemctl start nginx rackula-api
|
||||
msg_ok "Started Services"
|
||||
msg_ok "Updated successfully!"
|
||||
fi
|
||||
exit
|
||||
}
|
||||
|
||||
start
|
||||
build_container
|
||||
description
|
||||
|
||||
msg_ok "Completed Successfully!\n"
|
||||
echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
|
||||
echo -e "${INFO}${YW} Access it using the following URL:${CL}"
|
||||
echo -e "${TAB}${GATEWAY}${BGN}http://${IP}${CL}"
|
||||
@@ -38,6 +38,11 @@ function update_script() {
|
||||
PYTHON_VERSION="3.12" setup_uv
|
||||
JAVA_VERSION="25" setup_java
|
||||
|
||||
msg_info "Patching Native Libraries for LXC Compatibility"
|
||||
ensure_dependencies patchelf
|
||||
find /usr/lib -name "libicudata.so.*" -exec patchelf --clear-execstack {} \; || true
|
||||
msg_ok "Patched Native Libraries"
|
||||
|
||||
msg_info "Stopping Services"
|
||||
systemctl stop stirlingpdf libreoffice-listener unoserver
|
||||
msg_ok "Stopped Services"
|
||||
|
||||
+1
-1
@@ -37,7 +37,7 @@ function update_script() {
|
||||
"2" "Set Admin Token")
|
||||
|
||||
if [ "$UPD" == "1" ]; then
|
||||
INSTALLED_VERSION="$(/opt/vaultwarden/bin/vaultwarden --version 2>/dev/null | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -n1)"
|
||||
INSTALLED_VERSION="$(/opt/vaultwarden/bin/vaultwarden --version 2>/dev/null | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | head -n1 || true)"
|
||||
if [[ -n "$INSTALLED_VERSION" ]] &&
|
||||
! grep -qxF "$INSTALLED_VERSION" "$HOME/.vaultwarden" 2>/dev/null; then
|
||||
printf '%s\n' "$INSTALLED_VERSION" >"$HOME/.vaultwarden"
|
||||
|
||||
@@ -20,16 +20,12 @@ $STD apt install -y \
|
||||
msg_ok "Installed Dependencies"
|
||||
|
||||
PYTHON_VERSION="3.11" setup_uv
|
||||
NODE_VERSION="22" setup_nodejs #needed because better-sql break
|
||||
NODE_VERSION="22" NODE_MODULE="pnpm" setup_nodejs
|
||||
|
||||
msg_info "Installing FlowiseAI (Patience)"
|
||||
PYTHON_BIN="$(uv python find 3.11)"
|
||||
export npm_config_python="$PYTHON_BIN"
|
||||
$STD npm install -g flowise \
|
||||
@opentelemetry/exporter-trace-otlp-grpc \
|
||||
@opentelemetry/exporter-trace-otlp-proto \
|
||||
@opentelemetry/sdk-trace-node \
|
||||
langchainhub
|
||||
$STD pnpm add -g flowise
|
||||
mkdir -p /opt/flowiseai
|
||||
curl -fsSL "https://raw.githubusercontent.com/FlowiseAI/Flowise/main/packages/server/.env.example" -o "/opt/flowiseai/.env"
|
||||
msg_ok "Installed FlowiseAI"
|
||||
|
||||
@@ -110,7 +110,7 @@ export AUTOGRAPH_VERBOSITY=0
|
||||
export GLOG_minloglevel=3
|
||||
export GLOG_logtostderr=0
|
||||
|
||||
fetch_and_deploy_gh_release "frigate" "blakeblackshear/frigate" "tarball" "v0.17.1" "/opt/frigate"
|
||||
fetch_and_deploy_gh_release "frigate" "blakeblackshear/frigate" "tarball" "v0.17.2" "/opt/frigate"
|
||||
|
||||
msg_info "Building Nginx"
|
||||
$STD bash /opt/frigate/docker/main/build_nginx.sh
|
||||
|
||||
+23
-24
@@ -162,7 +162,7 @@ PG_VERSION="16" PG_MODULES="pgvector" setup_postgresql
|
||||
ACTUAL_PG_VERSION=$(ls /etc/postgresql/ 2>/dev/null | sort -V | tail -1)
|
||||
ACTUAL_PG_VERSION=${ACTUAL_PG_VERSION:-16}
|
||||
|
||||
VCHORD_RELEASE="0.5.3"
|
||||
VCHORD_RELEASE="1.0.0"
|
||||
fetch_and_deploy_gh_release "VectorChord" "tensorchord/VectorChord" "binary" "${VCHORD_RELEASE}" "/tmp" "postgresql-${ACTUAL_PG_VERSION}-vchord_*_$(arch_resolve).deb"
|
||||
|
||||
sed -i "s/^#shared_preload.*/shared_preload_libraries = 'vchord.so'/" /etc/postgresql/${ACTUAL_PG_VERSION}/main/postgresql.conf
|
||||
@@ -282,7 +282,7 @@ msg_ok "(4/5) Compiled imagemagick"
|
||||
|
||||
msg_info "(5/5) Compiling libvips"
|
||||
SOURCE=$SOURCE_DIR/libvips
|
||||
LIBVIPS_REVISION="17ad2f62dda7e39985955da189183e594683d45e"
|
||||
LIBVIPS_REVISION="3664cfc5dc2c5661288f5bf5a85ccc51c64c1626"
|
||||
$STD git clone https://github.com/libvips/libvips.git "$SOURCE"
|
||||
cd "$SOURCE"
|
||||
$STD git reset --hard "$LIBVIPS_REVISION"
|
||||
@@ -306,12 +306,12 @@ INSTALL_DIR="/opt/${APPLICATION}"
|
||||
UPLOAD_DIR="${INSTALL_DIR}/upload"
|
||||
SRC_DIR="${INSTALL_DIR}/source"
|
||||
APP_DIR="${INSTALL_DIR}/app"
|
||||
PLUGIN_DIR="${APP_DIR}/corePlugin"
|
||||
PLUGIN_DIR="${APP_DIR}/plugins/immich-plugin-core"
|
||||
ML_DIR="${APP_DIR}/machine-learning"
|
||||
GEO_DIR="${INSTALL_DIR}/geodata"
|
||||
mkdir -p {"${APP_DIR}","${UPLOAD_DIR}","${GEO_DIR}","${INSTALL_DIR}"/cache}
|
||||
|
||||
fetch_and_deploy_gh_release "Immich" "immich-app/immich" "tarball" "v2.7.5" "$SRC_DIR"
|
||||
fetch_and_deploy_gh_release "Immich" "immich-app/immich" "tarball" "v3.0.1" "$SRC_DIR"
|
||||
PNPM_VERSION="$(jq -r '.packageManager | split("@")[1] | split("+")[0]' ${SRC_DIR}/package.json)"
|
||||
NODE_VERSION="24" NODE_MODULE="corepack,pnpm@${PNPM_VERSION}" setup_nodejs
|
||||
|
||||
@@ -323,10 +323,10 @@ export CI=1
|
||||
|
||||
# server build
|
||||
export SHARP_IGNORE_GLOBAL_LIBVIPS=true
|
||||
$STD pnpm --filter immich --frozen-lockfile build
|
||||
$STD pnpm --filter @immich/sdk --filter @immich/plugin-sdk --filter immich build
|
||||
unset SHARP_IGNORE_GLOBAL_LIBVIPS
|
||||
export SHARP_FORCE_GLOBAL_LIBVIPS=true
|
||||
$STD pnpm --filter immich --frozen-lockfile --prod --no-optional deploy "$APP_DIR"
|
||||
$STD pnpm --filter immich --prod --no-optional deploy "$APP_DIR"
|
||||
|
||||
# Patch helmet.json: disable upgrade-insecure-requests for HTTP access
|
||||
if [[ -f "$APP_DIR/helmet.json" ]]; then
|
||||
@@ -336,31 +336,30 @@ fi
|
||||
cp "$APP_DIR"/package.json "$APP_DIR"/bin
|
||||
sed -i "s|^start|${APP_DIR}/bin/start|" "$APP_DIR"/bin/immich-admin
|
||||
|
||||
# openapi & web build
|
||||
# sdk, cli & web build
|
||||
cd "$SRC_DIR"
|
||||
echo "packageImportMethod: hardlink" >>./pnpm-workspace.yaml
|
||||
$STD pnpm --filter @immich/sdk --filter immich-web --frozen-lockfile --force install
|
||||
unset SHARP_FORCE_GLOBAL_LIBVIPS
|
||||
export SHARP_IGNORE_GLOBAL_LIBVIPS=true
|
||||
$STD pnpm --filter @immich/sdk --filter immich-web build
|
||||
$STD pnpm --filter @immich/sdk --filter immich-web --filter @immich/cli build
|
||||
$STD pnpm --filter @immich/cli --prod --no-optional deploy "$APP_DIR"/cli
|
||||
cp -a web/build "$APP_DIR"/www
|
||||
cp LICENSE "$APP_DIR"
|
||||
|
||||
# cli build
|
||||
$STD pnpm --filter @immich/sdk --filter @immich/cli --frozen-lockfile install
|
||||
$STD pnpm --filter @immich/sdk --filter @immich/cli build
|
||||
$STD pnpm --filter @immich/cli --prod --no-optional deploy "$APP_DIR"/cli
|
||||
|
||||
# plugins
|
||||
# Build the plugin(s) directly instead of via the `mise //:plugins` monorepo task path,
|
||||
# which repeatedly breaks across mise releases (experimental/monorepo_root setting churn).
|
||||
# mise is used only to provide the build tools (extism-js, wasm-opt, etc.) via `mise install`
|
||||
# and `mise exec`, both of which are stable and do not depend on the monorepo feature.
|
||||
cd "$SRC_DIR"
|
||||
$STD mise trust --ignore ./mise.toml
|
||||
$STD mise trust ./plugins/mise.toml
|
||||
cd plugins
|
||||
export MISE_TRUSTED_CONFIG_PATHS="$SRC_DIR"/mise.toml
|
||||
export MISE_DISABLE_TOOLS=github:jellyfin/jellyfin-ffmpeg
|
||||
$STD mise install
|
||||
$STD mise run build
|
||||
$STD mise exec -- pnpm --filter @immich/sdk --filter @immich/plugin-sdk --filter @immich/plugin-core install --frozen-lockfile
|
||||
$STD mise exec -- pnpm --filter @immich/sdk --filter @immich/plugin-sdk --filter @immich/plugin-core build
|
||||
mkdir -p "$PLUGIN_DIR"
|
||||
cp -r ./dist "$PLUGIN_DIR"/dist
|
||||
cp ./manifest.json "$PLUGIN_DIR"
|
||||
cp -r ./packages/plugin-core/dist "$PLUGIN_DIR"/dist
|
||||
cp ./packages/plugin-core/manifest.json "$PLUGIN_DIR"
|
||||
msg_ok "Installed Immich Server, Web and Plugin Components"
|
||||
|
||||
cd "$SRC_DIR"/machine-learning
|
||||
@@ -376,13 +375,13 @@ if [[ -f ~/.openvino ]]; then
|
||||
ML_PYTHON="python3.13"
|
||||
msg_info "Pre-installing Python ${ML_PYTHON} for machine-learning"
|
||||
for attempt in $(seq 1 3); do
|
||||
$STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv python install "${ML_PYTHON}" && break
|
||||
$STD sudo --preserve-env=VIRTUAL_ENV -Pnu immich uv python install "${ML_PYTHON}" && break
|
||||
[[ $attempt -lt 3 ]] && msg_warn "Python download attempt $attempt failed, retrying..." && sleep 5
|
||||
done
|
||||
msg_ok "Pre-installed Python ${ML_PYTHON}"
|
||||
msg_info "Installing Intel OpenVINO machine-learning"
|
||||
for attempt in $(seq 1 3); do
|
||||
$STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -nu immich uv sync --extra openvino --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
|
||||
$STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -Pnu immich uv sync --extra openvino --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
|
||||
[[ $attempt -lt 3 ]] && msg_warn "uv sync attempt $attempt failed, retrying..." && sleep 10
|
||||
done
|
||||
patchelf --clear-execstack "${VIRTUAL_ENV}/lib/python3.13/site-packages/onnxruntime/capi/onnxruntime_pybind11_state.cpython-313-$(arch_resolve "x86_64" "aarch64")-linux-gnu.so"
|
||||
@@ -391,13 +390,13 @@ else
|
||||
ML_PYTHON="python3.11"
|
||||
msg_info "Pre-installing Python ${ML_PYTHON} for machine-learning"
|
||||
for attempt in $(seq 1 3); do
|
||||
$STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv python install "${ML_PYTHON}" && break
|
||||
$STD sudo --preserve-env=VIRTUAL_ENV -Pnu immich uv python install "${ML_PYTHON}" && break
|
||||
[[ $attempt -lt 3 ]] && msg_warn "Python download attempt $attempt failed, retrying..." && sleep 5
|
||||
done
|
||||
msg_ok "Pre-installed Python ${ML_PYTHON}"
|
||||
msg_info "Installing machine-learning"
|
||||
for attempt in $(seq 1 3); do
|
||||
$STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -nu immich uv sync --extra cpu --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
|
||||
$STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -Pnu immich uv sync --extra cpu --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
|
||||
[[ $attempt -lt 3 ]] && msg_warn "uv sync attempt $attempt failed, retrying..." && sleep 10
|
||||
done
|
||||
msg_ok "Installed machine-learning"
|
||||
|
||||
Executable
+84
@@ -0,0 +1,84 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Copyright (c) 2021-2026 community-scripts ORG
|
||||
# Author: gVNS (ggfevans)
|
||||
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
|
||||
# Source: https://github.com/RackulaLives/Rackula
|
||||
|
||||
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
||||
color
|
||||
verb_ip6
|
||||
catch_errors
|
||||
setting_up_container
|
||||
network_check
|
||||
update_os
|
||||
|
||||
msg_info "Installing Dependencies"
|
||||
$STD apt install -y nginx
|
||||
msg_ok "Installed Dependencies"
|
||||
|
||||
msg_info "Installing Bun"
|
||||
export BUN_INSTALL="/opt/bun"
|
||||
curl -fsSL https://bun.sh/install | $STD bash
|
||||
ln -sf /opt/bun/bin/bun /usr/local/bin/bun
|
||||
msg_ok "Installed Bun"
|
||||
|
||||
fetch_and_deploy_gh_release "rackula" "RackulaLives/Rackula" "prebuild" "latest" "/opt/rackula" "rackula-lxc-*.tar.gz"
|
||||
|
||||
msg_info "Setting up Rackula"
|
||||
mkdir -p /opt/rackula/data /etc/nginx/snippets
|
||||
SECURITY_HEADERS_SRC="/opt/rackula/config/security-headers.conf"
|
||||
cp "$SECURITY_HEADERS_SRC" /etc/nginx/snippets/security-headers.conf
|
||||
chown -R root:root /opt/rackula/frontend
|
||||
find /opt/rackula/frontend -type d -exec chmod 755 {} \;
|
||||
find /opt/rackula/frontend -type f -exec chmod 644 {} \;
|
||||
chmod 750 /opt/rackula/data
|
||||
|
||||
API_WRITE_TOKEN=$(openssl rand -hex 32)
|
||||
cat <<EOF >/opt/rackula/data/.env
|
||||
RACKULA_API_WRITE_TOKEN=${API_WRITE_TOKEN}
|
||||
CORS_ORIGIN=http://localhost
|
||||
ALLOW_INSECURE_CORS=false
|
||||
EOF
|
||||
chmod 600 /opt/rackula/data/.env
|
||||
|
||||
cat <<EOF >/etc/nginx/snippets/rackula-api-token.conf
|
||||
map \$host \$rackula_api_write_token {
|
||||
default "${API_WRITE_TOKEN}";
|
||||
}
|
||||
map \$host \$rackula_has_api_write_token {
|
||||
default 1;
|
||||
}
|
||||
EOF
|
||||
chmod 640 /etc/nginx/snippets/rackula-api-token.conf
|
||||
msg_ok "Set up Rackula"
|
||||
|
||||
msg_info "Configuring nginx"
|
||||
cp /opt/rackula/config/nginx.conf /etc/nginx/sites-available/rackula
|
||||
rm -f /etc/nginx/sites-enabled/default
|
||||
ln -sf /etc/nginx/sites-available/rackula /etc/nginx/sites-enabled/rackula
|
||||
$STD nginx -t
|
||||
msg_ok "Configured nginx"
|
||||
|
||||
msg_info "Creating Services"
|
||||
cp /opt/rackula/config/rackula-api.service /etc/systemd/system/rackula-api.service
|
||||
if grep -q '^User=' /etc/systemd/system/rackula-api.service; then
|
||||
sed -i 's/^User=.*/User=root/' /etc/systemd/system/rackula-api.service
|
||||
else
|
||||
sed -i '/^\[Service\]/a User=root' /etc/systemd/system/rackula-api.service
|
||||
fi
|
||||
if grep -q '^Group=' /etc/systemd/system/rackula-api.service; then
|
||||
sed -i 's/^Group=.*/Group=root/' /etc/systemd/system/rackula-api.service
|
||||
else
|
||||
sed -i '/^\[Service\]/a Group=root' /etc/systemd/system/rackula-api.service
|
||||
fi
|
||||
mkdir -p /etc/systemd/system/nginx.service.d
|
||||
cp /opt/rackula/config/nginx.service.d-override.conf /etc/systemd/system/nginx.service.d/override.conf
|
||||
systemctl daemon-reload
|
||||
systemctl enable -q nginx rackula-api
|
||||
systemctl restart nginx rackula-api
|
||||
msg_ok "Created Services"
|
||||
|
||||
motd_ssh
|
||||
customize
|
||||
cleanup_lxc
|
||||
@@ -27,7 +27,8 @@ $STD apt install -y \
|
||||
fonts-urw-base35 \
|
||||
qpdf \
|
||||
poppler-utils \
|
||||
jbig2
|
||||
jbig2 \
|
||||
patchelf
|
||||
msg_ok "Installed Dependencies"
|
||||
|
||||
PYTHON_VERSION="3.12" setup_uv
|
||||
@@ -115,6 +116,10 @@ EOF
|
||||
fi
|
||||
msg_ok "Created Environment Variables"
|
||||
|
||||
msg_info "Patching Native Libraries for LXC Compatibility"
|
||||
find /usr/lib -name "libicudata.so.*" -exec patchelf --clear-execstack {} \; || true
|
||||
msg_ok "Patched Native Libraries"
|
||||
|
||||
msg_info "Refreshing Font Cache"
|
||||
$STD fc-cache -fv
|
||||
msg_ok "Font Cache Updated"
|
||||
|
||||
+12
-1
@@ -3788,6 +3788,17 @@ runtime_script_status_guard() {
|
||||
fi
|
||||
|
||||
if [[ "$is_disabled" == "true" ]]; then
|
||||
# Allow bypass via var_ignore_disable=true (still warn, but continue)
|
||||
case "${var_ignore_disable:-}" in
|
||||
1 | yes | true | on)
|
||||
msg_warn "This script is currently disabled in community-scripts."
|
||||
[[ -n "$disable_message" ]] && msg_warn "$disable_message"
|
||||
msg_warn "Bypassing disable status via var_ignore_disable — continuing at your own risk."
|
||||
msg_warn "More info: ${info_url}"
|
||||
return 0
|
||||
;;
|
||||
esac
|
||||
|
||||
msg_error "This script is currently disabled in community-scripts."
|
||||
[[ -n "$disable_message" ]] && msg_error "$disable_message"
|
||||
[[ -z "$disable_message" ]] && msg_error "Updates and installs are temporarily disabled for this script."
|
||||
@@ -3930,7 +3941,7 @@ build_container() {
|
||||
|
||||
NET_STRING="-net0 name=eth0,bridge=${BRG:-vmbr0}"
|
||||
if [[ -n "${var_sdn_vnet:-${SDN_VNET:-}}" ]]; then
|
||||
NET_STRING="-net0 name=eth0,vnet=${var_sdn_vnet:-$SDN_VNET}"
|
||||
NET_STRING="-net0 name=eth0,bridge=${var_sdn_vnet:-$SDN_VNET}"
|
||||
fi
|
||||
|
||||
# MAC
|
||||
|
||||
+18
-5
@@ -2647,9 +2647,9 @@ check_for_gh_release() {
|
||||
|
||||
ensure_dependencies jq
|
||||
|
||||
local gh_check_json
|
||||
local gh_check_json=""
|
||||
gh_check_json=$(mktemp /tmp/tools-gh-check-XXXXXX) || return 73
|
||||
trap 'rm -f "$gh_check_json"' RETURN
|
||||
trap 'rm -f "${gh_check_json:-}"' RETURN
|
||||
|
||||
# Build auth header if token is available
|
||||
local header_args=()
|
||||
@@ -7627,7 +7627,10 @@ setup_nodejs() {
|
||||
MODULE_INSTALLED_VERSION="$(npm list -g --depth=0 "$MODULE_NAME" 2>&1 | grep "$MODULE_NAME@" | awk -F@ '{print $2}' 2>/dev/null | tr -d '[:space:]' || echo '')"
|
||||
if [[ "$MODULE_REQ_VERSION" != "latest" && "$MODULE_REQ_VERSION" != "$MODULE_INSTALLED_VERSION" ]]; then
|
||||
msg_info "Updating $MODULE_NAME to v$MODULE_REQ_VERSION"
|
||||
if $STD npm install -g "${MODULE_NAME}@${MODULE_REQ_VERSION}" 2>/dev/null; then
|
||||
# Retry with --force to overwrite corepack-provided shims (pnpm/yarn), which now
|
||||
# ship with recent corepack and cause EEXIST on /usr/bin/<tool>
|
||||
if $STD npm install -g "${MODULE_NAME}@${MODULE_REQ_VERSION}" 2>/dev/null ||
|
||||
$STD npm install -g --force "${MODULE_NAME}@${MODULE_REQ_VERSION}" 2>/dev/null; then
|
||||
msg_ok "Updated $MODULE_NAME"
|
||||
else
|
||||
msg_warn "Failed to update $MODULE_NAME to version $MODULE_REQ_VERSION"
|
||||
@@ -7635,7 +7638,8 @@ setup_nodejs() {
|
||||
fi
|
||||
elif [[ "$MODULE_REQ_VERSION" == "latest" ]]; then
|
||||
msg_info "Updating $MODULE_NAME to latest version"
|
||||
if $STD npm install -g "${MODULE_NAME}@latest" 2>/dev/null; then
|
||||
if $STD npm install -g "${MODULE_NAME}@latest" 2>/dev/null ||
|
||||
$STD npm install -g --force "${MODULE_NAME}@latest" 2>/dev/null; then
|
||||
msg_ok "Updated $MODULE_NAME"
|
||||
else
|
||||
msg_warn "Failed to update $MODULE_NAME to latest version"
|
||||
@@ -7644,7 +7648,10 @@ setup_nodejs() {
|
||||
fi
|
||||
else
|
||||
msg_info "Installing $MODULE_NAME@$MODULE_REQ_VERSION"
|
||||
if $STD npm install -g "${MODULE_NAME}@${MODULE_REQ_VERSION}" 2>/dev/null; then
|
||||
# Retry with --force to overwrite corepack-provided shims (pnpm/yarn), which now
|
||||
# ship with recent corepack and cause EEXIST on /usr/bin/<tool>
|
||||
if $STD npm install -g "${MODULE_NAME}@${MODULE_REQ_VERSION}" 2>/dev/null ||
|
||||
$STD npm install -g --force "${MODULE_NAME}@${MODULE_REQ_VERSION}" 2>/dev/null; then
|
||||
msg_ok "Installed $MODULE_NAME"
|
||||
else
|
||||
msg_warn "Failed to install $MODULE_NAME@$MODULE_REQ_VERSION"
|
||||
@@ -7657,6 +7664,12 @@ setup_nodejs() {
|
||||
fi
|
||||
fi
|
||||
|
||||
# pnpm v10+ blocks dependency build scripts by default (ERR_PNPM_IGNORED_BUILDS).
|
||||
# In a container environment all installed packages are trusted, so we enable builds globally.
|
||||
if command -v pnpm >/dev/null 2>&1; then
|
||||
pnpm config set --global dangerouslyAllowAllBuilds true >/dev/null 2>&1 || true
|
||||
fi
|
||||
|
||||
if [[ "$NODE_COREPACK_ENABLE" == "1" ]] && ((wants_corepack)) && command -v corepack >/dev/null 2>&1; then
|
||||
msg_info "Enabling corepack"
|
||||
if $STD corepack enable 2>/dev/null; then
|
||||
|
||||
Reference in New Issue
Block a user