mirror of
https://github.com/community-scripts/ProxmoxVE.git
synced 2026-04-27 20:35:05 +02:00
116 lines
2.9 KiB
Bash
116 lines
2.9 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
# Copyright (c) 2021-2026 community-scripts ORG
|
|
# Author: vhsdream
|
|
# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
|
|
# Source: https://github.com/PatcMmon/PatchMon
|
|
|
|
source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
|
|
color
|
|
verb_ip6
|
|
catch_errors
|
|
setting_up_container
|
|
network_check
|
|
update_os
|
|
|
|
msg_info "Installing Dependencies"
|
|
$STD apt install -y redis-server
|
|
msg_ok "Installed Dependencies"
|
|
|
|
PG_VERSION="17" setup_postgresql
|
|
PG_DB_NAME="patchmon_db" PG_DB_USER="patchmon_usr" setup_postgresql_db
|
|
|
|
RELEASE="v2.0.1"
|
|
fetch_and_deploy_gh_release "PatchMon" "PatchMon/PatchMon" "singlefile" "$RELEASE" "/opt/patchmon" "patchmon-server-linux-amd64"
|
|
mv /opt/patchmon/PatchMon /opt/patchmon/patchmon-server
|
|
|
|
msg_info "Configuring PatchMon"
|
|
cat <<EOF >/opt/patchmon/.env
|
|
DATABASE_URL="postgresql://$PG_DB_USER:$PG_DB_PASS@localhost:5432/$PG_DB_NAME"
|
|
JWT_SECRET="$(openssl rand -hex 64)"
|
|
SESSION_SECRET="$(openssl rand -hex 64)"
|
|
AI_ENCRYPTION_KEY="$(openssl rand -hex 64)"
|
|
CORS_ORIGIN=http://${LOCAL_IP}:3000
|
|
PORT=3000
|
|
APP_ENV=production
|
|
|
|
# Redis
|
|
REDIS_HOST=localhost
|
|
REDIS_PORT=6379
|
|
|
|
## OIDC / SSO (when OIDC_ENABLED=true, issuer/client/secret/redirect required)
|
|
# OIDC_ENABLED=false
|
|
# OIDC_ISSUER_URL=
|
|
# OIDC_CLIENT_ID=
|
|
# OIDC_CLIENT_SECRET=
|
|
# OIDC_REDIRECT_URI=
|
|
# OIDC_SCOPES=openid email profile groups
|
|
# OIDC_AUTO_CREATE_USERS=false
|
|
# OIDC_DEFAULT_ROLE=user
|
|
# OIDC_DISABLE_LOCAL_AUTH=false
|
|
# OIDC_BUTTON_TEXT=Login with SSO
|
|
# OIDC_SESSION_TTL=600
|
|
# OIDC_POST_LOGOUT_URI=
|
|
# OIDC_SYNC_ROLES=false
|
|
# OIDC_ADMIN_GROUP=
|
|
# OIDC_SUPERADMIN_GROUP=
|
|
# OIDC_HOST_MANAGER_GROUP=
|
|
# OIDC_READONLY_GROUP=
|
|
# OIDC_USER_GROUP=
|
|
# OIDC_ENFORCE_HTTPS=true
|
|
|
|
AGENT_BINARIES_DIR=/opt/patchmon/agents
|
|
EOF
|
|
msg_ok "Configured PatchMon"
|
|
|
|
msg_info "Fetching PatchMon agent binaries"
|
|
mkdir -p /opt/patchmon/agents
|
|
FILE_URL="https://github.com/PatchMon/PatchMon/releases/download/${RELEASE}/patchmon-agent-"
|
|
AGENT_NAME=(
|
|
"linux-amd64"
|
|
"linux-arm64"
|
|
"linux-arm"
|
|
"linux-386"
|
|
"freebsd-amd64"
|
|
"freebsd-arm64"
|
|
"freebsd-arm"
|
|
"freebsd-386"
|
|
"windows-amd64.exe"
|
|
"windows-arm64.exe"
|
|
)
|
|
for arch in "${AGENT_NAME[@]}"; do
|
|
curl_with_retry "${FILE_URL}${arch}" "/opt/patchmon/agents/patchmon-agent-${arch}"
|
|
[[ "${arch}" != *.exe ]] && chmod 755 "/opt/patchmon/agents/patchmon-agent-${arch}"
|
|
done
|
|
msg_ok "Fetched PatchMon agent binaries"
|
|
|
|
msg_info "Creating service"
|
|
cat <<EOF >/etc/systemd/system/patchmon-server.service
|
|
[Unit]
|
|
Description=PatchMon Server
|
|
After=network.target postgresql.service
|
|
|
|
[Service]
|
|
Type=simple
|
|
WorkingDirectory=/opt/patchmon
|
|
ExecStart=/opt/patchmon/patchmon-server
|
|
Restart=always
|
|
RestartSec=10
|
|
Environment=PATH=/usr/bin:/usr/local/bin
|
|
EnvironmentFile=/opt/patchmon/.env
|
|
NoNewPrivileges=true
|
|
PrivateTmp=true
|
|
ProtectSystem=strict
|
|
ProtectHome=true
|
|
ReadWritePaths=/opt/patchmon
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
systemctl enable -q --now patchmon-server
|
|
msg_ok "Created and started service"
|
|
|
|
motd_ssh
|
|
customize
|
|
cleanup_lxc
|