mirror of
https://github.com/community-scripts/ProxmoxVE.git
synced 2026-07-02 12:12:14 +02:00
cd9c920d48
* Add rackula (ct) * Update rackula.sh * Update install/rackula-install.sh Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com> * Update install/rackula-install.sh Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com> * fix(rackula): install Bun outside /root so hardened service unit can exec it (#15540) rackula-api.service ships with ProtectHome=true and ExecStart=/usr/local/bin/bun. With BUN_INSTALL=/root/.bun the symlink resolves into /root, which is masked in the unit's mount namespace, so the service fails with status=203/EXEC and crash-loops. Use /opt/bun instead, matching yubal and gitea-mirror. Also drop the unused BUN_VERSION/BUN_VARIANT block (bun.sh/install takes the version as a positional arg and detects avx2/baseline itself, so the env vars were dead code) and restore the msg_ok "Installed Bun" / msg_info "Setting up Rackula" pair. Claude-Session: https://claude.ai/code/session_011sGajwSQGg1vd6m2AC6Byq Co-authored-by: Claude Fable 5 <noreply@anthropic.com> * Refactor rackula-install.sh to streamline installation Removed checks for security headers config file and adjusted installation steps for Bun and Rackula. --------- Co-authored-by: push-app-to-main[bot] <203845782+push-app-to-main[bot]@users.noreply.github.com> Co-authored-by: CanbiZ (MickLesk) <47820557+MickLesk@users.noreply.github.com> Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com> Co-authored-by: Gareth Evans <63365672+ggfevans@users.noreply.github.com> Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
85 lines
2.7 KiB
Bash
Executable File
85 lines
2.7 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# Copyright (c) 2021-2026 community-scripts ORG
|
|
# Author: gVNS (ggfevans)
|
|
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
|
|
# Source: https://github.com/RackulaLives/Rackula
|
|
|
|
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
|
color
|
|
verb_ip6
|
|
catch_errors
|
|
setting_up_container
|
|
network_check
|
|
update_os
|
|
|
|
msg_info "Installing Dependencies"
|
|
$STD apt install -y nginx
|
|
msg_ok "Installed Dependencies"
|
|
|
|
msg_info "Installing Bun"
|
|
export BUN_INSTALL="/opt/bun"
|
|
curl -fsSL https://bun.sh/install | $STD bash
|
|
ln -sf /opt/bun/bin/bun /usr/local/bin/bun
|
|
msg_ok "Installed Bun"
|
|
|
|
fetch_and_deploy_gh_release "rackula" "RackulaLives/Rackula" "prebuild" "latest" "/opt/rackula" "rackula-lxc-*.tar.gz"
|
|
|
|
msg_info "Setting up Rackula"
|
|
mkdir -p /opt/rackula/data /etc/nginx/snippets
|
|
SECURITY_HEADERS_SRC="/opt/rackula/config/security-headers.conf"
|
|
cp "$SECURITY_HEADERS_SRC" /etc/nginx/snippets/security-headers.conf
|
|
chown -R root:root /opt/rackula/frontend
|
|
find /opt/rackula/frontend -type d -exec chmod 755 {} \;
|
|
find /opt/rackula/frontend -type f -exec chmod 644 {} \;
|
|
chmod 750 /opt/rackula/data
|
|
|
|
API_WRITE_TOKEN=$(openssl rand -hex 32)
|
|
cat <<EOF >/opt/rackula/data/.env
|
|
RACKULA_API_WRITE_TOKEN=${API_WRITE_TOKEN}
|
|
CORS_ORIGIN=http://localhost
|
|
ALLOW_INSECURE_CORS=false
|
|
EOF
|
|
chmod 600 /opt/rackula/data/.env
|
|
|
|
cat <<EOF >/etc/nginx/snippets/rackula-api-token.conf
|
|
map \$host \$rackula_api_write_token {
|
|
default "${API_WRITE_TOKEN}";
|
|
}
|
|
map \$host \$rackula_has_api_write_token {
|
|
default 1;
|
|
}
|
|
EOF
|
|
chmod 640 /etc/nginx/snippets/rackula-api-token.conf
|
|
msg_ok "Set up Rackula"
|
|
|
|
msg_info "Configuring nginx"
|
|
cp /opt/rackula/config/nginx.conf /etc/nginx/sites-available/rackula
|
|
rm -f /etc/nginx/sites-enabled/default
|
|
ln -sf /etc/nginx/sites-available/rackula /etc/nginx/sites-enabled/rackula
|
|
$STD nginx -t
|
|
msg_ok "Configured nginx"
|
|
|
|
msg_info "Creating Services"
|
|
cp /opt/rackula/config/rackula-api.service /etc/systemd/system/rackula-api.service
|
|
if grep -q '^User=' /etc/systemd/system/rackula-api.service; then
|
|
sed -i 's/^User=.*/User=root/' /etc/systemd/system/rackula-api.service
|
|
else
|
|
sed -i '/^\[Service\]/a User=root' /etc/systemd/system/rackula-api.service
|
|
fi
|
|
if grep -q '^Group=' /etc/systemd/system/rackula-api.service; then
|
|
sed -i 's/^Group=.*/Group=root/' /etc/systemd/system/rackula-api.service
|
|
else
|
|
sed -i '/^\[Service\]/a Group=root' /etc/systemd/system/rackula-api.service
|
|
fi
|
|
mkdir -p /etc/systemd/system/nginx.service.d
|
|
cp /opt/rackula/config/nginx.service.d-override.conf /etc/systemd/system/nginx.service.d/override.conf
|
|
systemctl daemon-reload
|
|
systemctl enable -q nginx rackula-api
|
|
systemctl restart nginx rackula-api
|
|
msg_ok "Created Services"
|
|
|
|
motd_ssh
|
|
customize
|
|
cleanup_lxc
|