Files
ProxmoxVE/install/rackula-install.sh
T
push-app-to-main[bot] cd9c920d48 Rackula (#15465)
* Add rackula (ct)

* Update rackula.sh

* Update install/rackula-install.sh

Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>

* Update install/rackula-install.sh

Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>

* fix(rackula): install Bun outside /root so hardened service unit can exec it (#15540)

rackula-api.service ships with ProtectHome=true and
ExecStart=/usr/local/bin/bun. With BUN_INSTALL=/root/.bun the symlink
resolves into /root, which is masked in the unit's mount namespace, so
the service fails with status=203/EXEC and crash-loops. Use /opt/bun
instead, matching yubal and gitea-mirror.

Also drop the unused BUN_VERSION/BUN_VARIANT block (bun.sh/install
takes the version as a positional arg and detects avx2/baseline
itself, so the env vars were dead code) and restore the msg_ok
"Installed Bun" / msg_info "Setting up Rackula" pair.


Claude-Session: https://claude.ai/code/session_011sGajwSQGg1vd6m2AC6Byq

Co-authored-by: Claude Fable 5 <noreply@anthropic.com>

* Refactor rackula-install.sh to streamline installation

Removed checks for security headers config file and adjusted installation steps for Bun and Rackula.

---------

Co-authored-by: push-app-to-main[bot] <203845782+push-app-to-main[bot]@users.noreply.github.com>
Co-authored-by: CanbiZ (MickLesk) <47820557+MickLesk@users.noreply.github.com>
Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>
Co-authored-by: Gareth Evans <63365672+ggfevans@users.noreply.github.com>
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 11:06:43 +02:00

85 lines
2.7 KiB
Bash
Executable File

#!/usr/bin/env bash
# Copyright (c) 2021-2026 community-scripts ORG
# Author: gVNS (ggfevans)
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
# Source: https://github.com/RackulaLives/Rackula
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
color
verb_ip6
catch_errors
setting_up_container
network_check
update_os
msg_info "Installing Dependencies"
$STD apt install -y nginx
msg_ok "Installed Dependencies"
msg_info "Installing Bun"
export BUN_INSTALL="/opt/bun"
curl -fsSL https://bun.sh/install | $STD bash
ln -sf /opt/bun/bin/bun /usr/local/bin/bun
msg_ok "Installed Bun"
fetch_and_deploy_gh_release "rackula" "RackulaLives/Rackula" "prebuild" "latest" "/opt/rackula" "rackula-lxc-*.tar.gz"
msg_info "Setting up Rackula"
mkdir -p /opt/rackula/data /etc/nginx/snippets
SECURITY_HEADERS_SRC="/opt/rackula/config/security-headers.conf"
cp "$SECURITY_HEADERS_SRC" /etc/nginx/snippets/security-headers.conf
chown -R root:root /opt/rackula/frontend
find /opt/rackula/frontend -type d -exec chmod 755 {} \;
find /opt/rackula/frontend -type f -exec chmod 644 {} \;
chmod 750 /opt/rackula/data
API_WRITE_TOKEN=$(openssl rand -hex 32)
cat <<EOF >/opt/rackula/data/.env
RACKULA_API_WRITE_TOKEN=${API_WRITE_TOKEN}
CORS_ORIGIN=http://localhost
ALLOW_INSECURE_CORS=false
EOF
chmod 600 /opt/rackula/data/.env
cat <<EOF >/etc/nginx/snippets/rackula-api-token.conf
map \$host \$rackula_api_write_token {
default "${API_WRITE_TOKEN}";
}
map \$host \$rackula_has_api_write_token {
default 1;
}
EOF
chmod 640 /etc/nginx/snippets/rackula-api-token.conf
msg_ok "Set up Rackula"
msg_info "Configuring nginx"
cp /opt/rackula/config/nginx.conf /etc/nginx/sites-available/rackula
rm -f /etc/nginx/sites-enabled/default
ln -sf /etc/nginx/sites-available/rackula /etc/nginx/sites-enabled/rackula
$STD nginx -t
msg_ok "Configured nginx"
msg_info "Creating Services"
cp /opt/rackula/config/rackula-api.service /etc/systemd/system/rackula-api.service
if grep -q '^User=' /etc/systemd/system/rackula-api.service; then
sed -i 's/^User=.*/User=root/' /etc/systemd/system/rackula-api.service
else
sed -i '/^\[Service\]/a User=root' /etc/systemd/system/rackula-api.service
fi
if grep -q '^Group=' /etc/systemd/system/rackula-api.service; then
sed -i 's/^Group=.*/Group=root/' /etc/systemd/system/rackula-api.service
else
sed -i '/^\[Service\]/a Group=root' /etc/systemd/system/rackula-api.service
fi
mkdir -p /etc/systemd/system/nginx.service.d
cp /opt/rackula/config/nginx.service.d-override.conf /etc/systemd/system/nginx.service.d/override.conf
systemctl daemon-reload
systemctl enable -q nginx rackula-api
systemctl restart nginx rackula-api
msg_ok "Created Services"
motd_ssh
customize
cleanup_lxc