From 2f6f0880ac04b085cf6114e276f14608ea49cd82 Mon Sep 17 00:00:00 2001 From: "push-app-to-main[bot]" <203845782+push-app-to-main[bot]@users.noreply.github.com> Date: Sun, 26 Apr 2026 08:48:46 +0200 Subject: [PATCH 01/25] TREK (#14017) * Add trek (ct) * Update success message in trek.sh * Simplify TREK installation script Removed initialization wait and health check for TREK. --------- Co-authored-by: push-app-to-main[bot] <203845782+push-app-to-main[bot]@users.noreply.github.com> Co-authored-by: CanbiZ (MickLesk) <47820557+MickLesk@users.noreply.github.com> --- ct/headers/trek | 6 +++ ct/trek.sh | 84 +++++++++++++++++++++++++++++++++++++++++ install/trek-install.sh | 79 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 169 insertions(+) create mode 100644 ct/headers/trek create mode 100644 ct/trek.sh create mode 100644 install/trek-install.sh diff --git a/ct/headers/trek b/ct/headers/trek new file mode 100644 index 000000000..f02f11b4e --- /dev/null +++ b/ct/headers/trek @@ -0,0 +1,6 @@ + __________ ________ __ + /_ __/ __ \/ ____/ //_/ + / / / /_/ / __/ / ,< + / / / _, _/ /___/ /| | +/_/ /_/ |_/_____/_/ |_| + diff --git a/ct/trek.sh b/ct/trek.sh new file mode 100644 index 000000000..0e3f679a9 --- /dev/null +++ b/ct/trek.sh @@ -0,0 +1,84 @@ +#!/usr/bin/env bash +source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) +# Copyright (c) 2021-2026 community-scripts ORG +# Author: MickLesk (CanbiZ) +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://github.com/mauriceboe/TREK + +APP="TREK" +var_tags="${var_tags:-travel;planning;collaboration}" +var_cpu="${var_cpu:-2}" +var_ram="${var_ram:-2048}" +var_disk="${var_disk:-8}" +var_os="${var_os:-debian}" +var_version="${var_version:-13}" +var_unprivileged="${var_unprivileged:-1}" + +header_info "$APP" +variables +color +catch_errors + +function update_script() { + header_info + check_container_storage + check_container_resources + + if [[ ! -d /opt/trek ]]; then + msg_error "No ${APP} Installation Found!" + exit + fi + + if check_for_gh_release "trek" "mauriceboe/TREK"; then + msg_info "Stopping Service" + systemctl stop trek + msg_ok "Stopped Service" + + msg_info "Backing up Data" + cp /opt/trek/server/.env /opt/trek.env.bak + mv /opt/trek/data /opt/trek-data.bak + mv /opt/trek/uploads /opt/trek-uploads.bak + msg_ok "Backed up Data" + + CLEAN_INSTALL=1 fetch_and_deploy_gh_release "trek" "mauriceboe/TREK" "tarball" + + msg_info "Building Client" + cd /opt/trek/client + $STD npm ci + $STD npm run build + mkdir -p /opt/trek/server/public + cp -r /opt/trek/client/dist/* /opt/trek/server/public/ + cp -r /opt/trek/client/public/fonts /opt/trek/server/public/fonts 2>/dev/null || true + msg_ok "Built Client" + + msg_info "Installing Server Dependencies" + cd /opt/trek/server + $STD npm ci + msg_ok "Installed Server Dependencies" + + msg_info "Restoring Data" + mv /opt/trek-data.bak /opt/trek/data + mv /opt/trek-uploads.bak /opt/trek/uploads + rm -rf /opt/trek/server/data /opt/trek/server/uploads + ln -s /opt/trek/data /opt/trek/server/data + ln -s /opt/trek/uploads /opt/trek/server/uploads + cp /opt/trek.env.bak /opt/trek/server/.env + rm -f /opt/trek.env.bak + msg_ok "Restored Data" + + msg_info "Starting Service" + systemctl start trek + msg_ok "Started Service" + msg_ok "Updated Successfully!" + fi + exit +} + +start +build_container +description + +msg_ok "Completed Successfully!\n" +echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" +echo -e "${INFO}${YW} Access it using the following URL:${CL}" +echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}" diff --git a/install/trek-install.sh b/install/trek-install.sh new file mode 100644 index 000000000..535597f8a --- /dev/null +++ b/install/trek-install.sh @@ -0,0 +1,79 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2026 community-scripts ORG +# Author: MickLesk (CanbiZ) +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://github.com/mauriceboe/TREK + +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Dependencies" +$STD apt install -y build-essential +msg_ok "Installed Dependencies" + +NODE_VERSION="22" setup_nodejs +fetch_and_deploy_gh_release "trek" "mauriceboe/TREK" "tarball" + +msg_info "Building Client" +cd /opt/trek/client +$STD npm ci +$STD npm run build +msg_ok "Built Client" + +msg_info "Setting up Server" +cd /opt/trek/server +$STD npm ci +mkdir -p /opt/trek/server/public +cp -r /opt/trek/client/dist/* /opt/trek/server/public/ +cp -r /opt/trek/client/public/fonts /opt/trek/server/public/fonts 2>/dev/null || true +mkdir -p /opt/trek/{data/logs,uploads/{files,covers,avatars,photos}} +rm -rf /opt/trek/server/data /opt/trek/server/uploads +ln -s /opt/trek/data /opt/trek/server/data +ln -s /opt/trek/uploads /opt/trek/server/uploads +ENCRYPTION_KEY=$(openssl rand -hex 32) +ADMIN_EMAIL="admin@trek.local" +ADMIN_PASSWORD=$(openssl rand -base64 18 | tr -dc 'A-Za-z0-9' | head -c 16) +cat </opt/trek/server/.env +NODE_ENV=production +PORT=3000 +ENCRYPTION_KEY=${ENCRYPTION_KEY} +ADMIN_EMAIL=${ADMIN_EMAIL} +ADMIN_PASSWORD=${ADMIN_PASSWORD} +COOKIE_SECURE=false +FORCE_HTTPS=false +LOG_LEVEL=info +TZ=UTC +EOF +chmod 600 /opt/trek/server/.env +msg_ok "Set up Server" + +msg_info "Creating Service" +cat </etc/systemd/system/trek.service +[Unit] +Description=TREK Travel Planner +After=network.target + +[Service] +Type=simple +User=root +WorkingDirectory=/opt/trek/server +EnvironmentFile=/opt/trek/server/.env +ExecStart=/usr/bin/node --import tsx src/index.ts +Restart=on-failure +RestartSec=5 + +[Install] +WantedBy=multi-user.target +EOF +systemctl enable -q --now trek +msg_ok "Created Service" + +motd_ssh +customize +cleanup_lxc From 799f3bf0fb1f8e4452a3a0c74ca2b374e1109974 Mon Sep 17 00:00:00 2001 From: "community-scripts-pr-app[bot]" <189241966+community-scripts-pr-app[bot]@users.noreply.github.com> Date: Sun, 26 Apr 2026 06:49:13 +0000 Subject: [PATCH 02/25] Update CHANGELOG.md (#14028) Co-authored-by: github-actions[bot] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0b11ea650..6fbdcdfd0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -450,6 +450,10 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit ## 2026-04-26 +### 🆕 New Scripts + + - TREK ([#14017](https://github.com/community-scripts/ProxmoxVE/pull/14017)) + ## 2026-04-25 ### 🚀 Updated Scripts From 4963385bf9406b5d1bce49c6fe0d6e206277f49f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=96mer=20Taha=20=C3=96ztop?= Date: Sun, 26 Apr 2026 09:51:33 +0300 Subject: [PATCH 03/25] fix(2fauth): make update_script idempotent and preserve ownership (#14018) The update was failing with 'mv: cannot stat /opt/2fauth-backup/.env: No such file or directory' on a system where a previous run had left /opt/2fauth-backup behind. mv would then nest /opt/2fauth inside the existing backup directory (as /opt/2fauth-backup/2fauth/), so the restore step looked at the wrong path. After fixing that, the app returned a 500 ('Key path file:///opt/2fauth/storage/oauth-public.key does not exist or is not readable') because chown/chmod ran before composer install and php artisan 2fauth:install, leaving vendor/, bootstrap/cache/* and the regenerated oauth keys owned by root and unreadable by www-data. - Remove any stale /opt/2fauth-backup before creating the backup, and remove it again at the end so the next run starts clean - Use cp instead of mv when restoring .env/storage so the backup is preserved until the update completes - Move chown/chmod to AFTER composer + artisan, matching the order in install/2fauth-install.sh - Restart php8.4-fpm in addition to nginx so opcache picks up the new cached config - Drop redundant quotes around literal paths to match the rest of the codebase --- ct/2fauth.sh | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/ct/2fauth.sh b/ct/2fauth.sh index deee15371..2d984da37 100644 --- a/ct/2fauth.sh +++ b/ct/2fauth.sh @@ -24,7 +24,7 @@ function update_script() { check_container_storage check_container_resources - if [[ ! -d "/opt/2fauth" ]]; then + if [[ ! -d /opt/2fauth ]]; then msg_error "No ${APP} Installation Found!" exit fi @@ -34,7 +34,8 @@ function update_script() { $STD apt -y upgrade msg_info "Creating Backup" - mv "/opt/2fauth" "/opt/2fauth-backup" + rm -rf /opt/2fauth-backup + mv /opt/2fauth /opt/2fauth-backup if ! dpkg -l | grep -q 'php8.4'; then cp /etc/nginx/conf.d/2fauth.conf /etc/nginx/conf.d/2fauth.conf.bak fi @@ -46,15 +47,17 @@ function update_script() { fi fetch_and_deploy_gh_release "2fauth" "Bubka/2FAuth" "tarball" setup_composer - mv "/opt/2fauth-backup/.env" "/opt/2fauth/.env" - mv "/opt/2fauth-backup/storage" "/opt/2fauth/storage" - cd "/opt/2fauth" || return - chown -R www-data: "/opt/2fauth" - chmod -R 755 "/opt/2fauth" + cp /opt/2fauth-backup/.env /opt/2fauth/.env + cp -r /opt/2fauth-backup/storage /opt/2fauth/storage + cd /opt/2fauth || return export COMPOSER_ALLOW_SUPERUSER=1 $STD composer install --no-dev --prefer-dist php artisan 2fauth:install + chown -R www-data: /opt/2fauth + chmod -R 755 /opt/2fauth + $STD systemctl restart php8.4-fpm $STD systemctl restart nginx + rm -rf /opt/2fauth-backup msg_ok "Updated successfully!" fi exit From b78cdb4008af0b91e96e6f5c1dc2f39c18f9b6a7 Mon Sep 17 00:00:00 2001 From: "community-scripts-pr-app[bot]" <189241966+community-scripts-pr-app[bot]@users.noreply.github.com> Date: Sun, 26 Apr 2026 06:52:00 +0000 Subject: [PATCH 04/25] Update CHANGELOG.md (#14029) Co-authored-by: github-actions[bot] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6fbdcdfd0..5361cae90 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -454,6 +454,10 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit - TREK ([#14017](https://github.com/community-scripts/ProxmoxVE/pull/14017)) +### 🚀 Updated Scripts + + - fix(2fauth): handle stale backup directory on update [@omertahaoztop](https://github.com/omertahaoztop) ([#14018](https://github.com/community-scripts/ProxmoxVE/pull/14018)) + ## 2026-04-25 ### 🚀 Updated Scripts From 13bd09532ac444e6465d397afd4dfbcb66649e6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Slavi=C5=A1a=20Are=C5=BEina?= <58952836+tremor021@users.noreply.github.com> Date: Sun, 26 Apr 2026 21:04:28 +0200 Subject: [PATCH 05/25] Set up directories and enable Technitium DNS service (#14030) Create necessary directories for Technitium DNS service and update systemd service file. --- install/technitiumdns-install.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install/technitiumdns-install.sh b/install/technitiumdns-install.sh index f0cac6ee0..f38de6cae 100644 --- a/install/technitiumdns-install.sh +++ b/install/technitiumdns-install.sh @@ -28,6 +28,7 @@ fetch_and_deploy_from_url "https://download.technitium.com/dns/DnsServerPortable echo "${RELEASE}" >~/.technitium msg_info "Creating service" +mkdir -p /etc/dns /var/log/technitium/dns sed -i '/^User=/d;/^Group=/d' /opt/technitium/dns/systemd.service cp /opt/technitium/dns/systemd.service /etc/systemd/system/technitium.service systemctl enable -q --now technitium From 1e1e96b68e74a35cc602ac28464d8982547eebf1 Mon Sep 17 00:00:00 2001 From: "community-scripts-pr-app[bot]" <189241966+community-scripts-pr-app[bot]@users.noreply.github.com> Date: Sun, 26 Apr 2026 19:04:56 +0000 Subject: [PATCH 06/25] Update CHANGELOG.md (#14040) Co-authored-by: github-actions[bot] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5361cae90..6559b2151 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -458,6 +458,10 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit - fix(2fauth): handle stale backup directory on update [@omertahaoztop](https://github.com/omertahaoztop) ([#14018](https://github.com/community-scripts/ProxmoxVE/pull/14018)) + - #### 🐞 Bug Fixes + + - Technitium DNS: Ensure directories exist before running service [@tremor021](https://github.com/tremor021) ([#14030](https://github.com/community-scripts/ProxmoxVE/pull/14030)) + ## 2026-04-25 ### 🚀 Updated Scripts From df9fa394b82cfb1543ca57e57db0382ef91dc307 Mon Sep 17 00:00:00 2001 From: "CanbiZ (MickLesk)" <47820557+MickLesk@users.noreply.github.com> Date: Sun, 26 Apr 2026 21:22:00 +0200 Subject: [PATCH 07/25] Increase Frigate default CPU cores from 4 to 8 (#14039) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- ct/frigate.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ct/frigate.sh b/ct/frigate.sh index 99a3c9184..229722e79 100644 --- a/ct/frigate.sh +++ b/ct/frigate.sh @@ -7,7 +7,7 @@ source <(curl -fsSL https://git.community-scripts.org/community-scripts/ProxmoxV APP="Frigate" var_tags="${var_tags:-nvr}" -var_cpu="${var_cpu:-4}" +var_cpu="${var_cpu:-8}" var_ram="${var_ram:-4096}" var_disk="${var_disk:-20}" var_os="${var_os:-debian}" From 95f2d24f53b6b46e935f7027a5ed68bd8dd45f86 Mon Sep 17 00:00:00 2001 From: "community-scripts-pr-app[bot]" <189241966+community-scripts-pr-app[bot]@users.noreply.github.com> Date: Sun, 26 Apr 2026 19:22:27 +0000 Subject: [PATCH 08/25] Update CHANGELOG.md (#14042) Co-authored-by: github-actions[bot] --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6559b2151..c52872a69 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -460,6 +460,7 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit - #### 🐞 Bug Fixes + - Increase Frigate default CPU cores from 4 to 8 [@MickLesk](https://github.com/MickLesk) ([#14039](https://github.com/community-scripts/ProxmoxVE/pull/14039)) - Technitium DNS: Ensure directories exist before running service [@tremor021](https://github.com/tremor021) ([#14030](https://github.com/community-scripts/ProxmoxVE/pull/14030)) ## 2026-04-25 From ca915da8c17a6da96f3a35625dbdd999da665e18 Mon Sep 17 00:00:00 2001 From: "CanbiZ (MickLesk)" <47820557+MickLesk@users.noreply.github.com> Date: Sun, 26 Apr 2026 22:12:20 +0200 Subject: [PATCH 09/25] Fix: Correct deb822 repository flat path detection (#14037) The setup_deb822_repo function was only checking for the literal './' suite value, but should reject any suite ending with '/', which indicates a flat repository that must not include Components in the DEB822 format. This fix aligns ProxmoxVE with the correct behavior already present in ProxmoxVED. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- misc/tools.func | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/misc/tools.func b/misc/tools.func index ea8efaddc..8c2139c4c 100644 --- a/misc/tools.func +++ b/misc/tools.func @@ -1924,8 +1924,8 @@ setup_deb822_repo() { echo "Types: deb" echo "URIs: $repo_url" echo "Suites: $suite" - # Flat repositories (suite="./" or absolute path) must not have Components - if [[ "$suite" != "./" && -n "$component" ]]; then + # Flat repositories (suite ending with "/" or "./") must not have Components + if [[ "$suite" != *"/" && -n "$component" ]]; then echo "Components: $component" fi [[ -n "$architectures" ]] && echo "Architectures: $architectures" From 91b03574e4626efd4291252953a48783d6ab8128 Mon Sep 17 00:00:00 2001 From: "community-scripts-pr-app[bot]" <189241966+community-scripts-pr-app[bot]@users.noreply.github.com> Date: Sun, 26 Apr 2026 20:12:47 +0000 Subject: [PATCH 10/25] Update CHANGELOG.md (#14044) Co-authored-by: github-actions[bot] --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index c52872a69..fae574d68 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -463,6 +463,12 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit - Increase Frigate default CPU cores from 4 to 8 [@MickLesk](https://github.com/MickLesk) ([#14039](https://github.com/community-scripts/ProxmoxVE/pull/14039)) - Technitium DNS: Ensure directories exist before running service [@tremor021](https://github.com/tremor021) ([#14030](https://github.com/community-scripts/ProxmoxVE/pull/14030)) +### 💾 Core + + - #### 🐞 Bug Fixes + + - core: Correct deb822 repository flat path detection [@MickLesk](https://github.com/MickLesk) ([#14037](https://github.com/community-scripts/ProxmoxVE/pull/14037)) + ## 2026-04-25 ### 🚀 Updated Scripts From 88397b48dc1ad044bdc78a24e06f06dd3b7009d4 Mon Sep 17 00:00:00 2001 From: Mike <49700735+m1ckywill@users.noreply.github.com> Date: Mon, 27 Apr 2026 17:00:29 +1000 Subject: [PATCH 11/25] Update build.func - fixed spelling mistake (#14047) --- misc/build.func | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/misc/build.func b/misc/build.func index 272dc1f66..20cd33489 100644 --- a/misc/build.func +++ b/misc/build.func @@ -5456,14 +5456,14 @@ create_lxc_container() { local _has_fallback_option=false if [[ "$do_retry" == "yes" ]] && has_previous_os_version_template; then _has_fallback_option=true - echo " [1] Run host upgrade now (recommended). WARNING: this runs apt upgrade and updates all Packeages on your host!" + echo " [1] Run host upgrade now (recommended). WARNING: this runs apt upgrade and updates all Packages on your host!" echo " [2] Use an older ${PCT_OSTYPE} template instead (may not work with all scripts)" echo " [3] Ignore" echo " [4] Cancel" echo read -rp "Select option [1/2/3/4]: " _ans Date: Mon, 27 Apr 2026 07:00:57 +0000 Subject: [PATCH 12/25] Update CHANGELOG.md (#14052) Co-authored-by: github-actions[bot] --- CHANGELOG.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index fae574d68..df3f7cca2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -448,6 +448,14 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit +## 2026-04-27 + +### 💾 Core + + - #### 🔧 Refactor + + - Update build.func - fixed spelling mistake [@m1ckywill](https://github.com/m1ckywill) ([#14047](https://github.com/community-scripts/ProxmoxVE/pull/14047)) + ## 2026-04-26 ### 🆕 New Scripts From 1c169fc7e2632e7d7a4a7358f9f502dc2227d520 Mon Sep 17 00:00:00 2001 From: Joerg Heinemann Date: Mon, 27 Apr 2026 10:17:05 +0200 Subject: [PATCH 13/25] Add patchmon-agent report execution in update script (#14054) --- tools/pve/update-lxcs-cron.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/tools/pve/update-lxcs-cron.sh b/tools/pve/update-lxcs-cron.sh index 15ca40540..d7abc4cae 100644 --- a/tools/pve/update-lxcs-cron.sh +++ b/tools/pve/update-lxcs-cron.sh @@ -66,10 +66,20 @@ for container in $(pct list | awk '{if(NR>1) print $1}'); do pct start "$container" sleep 5 update_container "$container" || echo " [Error] Update failed for $container" + # check if patchmon agent is present in container and run a report if found + if pct exec "$container" -- [ -e "/usr/local/bin/patchmon-agent" ]; then + echo -e "${BL}[Info]${GN} patchmon-agent found in ${BL} $container ${CL}, triggering report. \n" + pct exec "$container" -- "/usr/local/bin/patchmon-agent" "report" + fi echo -e "[Info] Shutting down $container" pct shutdown "$container" --timeout 60 & elif [ "$status" == "status: running" ]; then update_container "$container" || echo " [Error] Update failed for $container" + # check if patchmon agent is present in container and run a report if found + if pct exec "$container" -- [ -e "/usr/local/bin/patchmon-agent" ]; then + echo -e "${BL}[Info]${GN} patchmon-agent found in ${BL} $container ${CL}, triggering report. \n" + pct exec "$container" -- "/usr/local/bin/patchmon-agent" "report" + fi fi fi done From 9b8129abd32c59e585df12a6e62f0f8acfc628f4 Mon Sep 17 00:00:00 2001 From: "community-scripts-pr-app[bot]" <189241966+community-scripts-pr-app[bot]@users.noreply.github.com> Date: Mon, 27 Apr 2026 08:17:35 +0000 Subject: [PATCH 14/25] Update CHANGELOG.md (#14055) Co-authored-by: github-actions[bot] --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index df3f7cca2..b0c555234 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -456,6 +456,12 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit - Update build.func - fixed spelling mistake [@m1ckywill](https://github.com/m1ckywill) ([#14047](https://github.com/community-scripts/ProxmoxVE/pull/14047)) +### 🧰 Tools + + - #### ✨ New Features + + - Add patchmon-agent report execution in update script [@heinemannj](https://github.com/heinemannj) ([#14054](https://github.com/community-scripts/ProxmoxVE/pull/14054)) + ## 2026-04-26 ### 🆕 New Scripts From 782420b4e42ad42dc3bc11ad352d9e8b92df9047 Mon Sep 17 00:00:00 2001 From: Chris Date: Mon, 27 Apr 2026 06:06:16 -0400 Subject: [PATCH 15/25] PatchMon: v2.0.0 migration (#14015) Co-authored-by: CanbiZ (MickLesk) <47820557+MickLesk@users.noreply.github.com> --- ct/patchmon.sh | 110 ++++++++++++++++++++---------------- install/patchmon-install.sh | 108 ++++++++++++++++++++--------------- 2 files changed, 123 insertions(+), 95 deletions(-) diff --git a/ct/patchmon.sh b/ct/patchmon.sh index e49324495..99511aaa9 100644 --- a/ct/patchmon.sh +++ b/ct/patchmon.sh @@ -29,63 +29,75 @@ function update_script() { exit fi - if ! grep -q "PORT=3001" /opt/patchmon/backend/.env; then - msg_warn "⚠️ The next PatchMon update will include breaking changes (port changes)." - msg_warn "See details here: https://github.com/community-scripts/ProxmoxVE/pull/11888" - msg_warn "Press Enter to continue with the update, or Ctrl+C to abort..." - read -r - fi - - RELEASE="v1.4.2" - NODE_VERSION="24" setup_nodejs + RELEASE="v2.0.1" if check_for_gh_release "PatchMon" "PatchMon/PatchMon" "${RELEASE}"; then msg_info "Stopping Service" systemctl stop patchmon-server msg_ok "Stopped Service" - msg_info "Creating Backup" - cp /opt/patchmon/backend/.env /opt/backend.env - cp /opt/patchmon/frontend/.env /opt/frontend.env - msg_ok "Backup Created" - - CLEAN_INSTALL=1 fetch_and_deploy_gh_release "PatchMon" "PatchMon/PatchMon" "tarball" "${RELEASE}" "/opt/patchmon" - - msg_info "Updating PatchMon" - VERSION=$(get_latest_github_release "PatchMon/PatchMon") - SERVER_PORT="$(sed -n '/SERVER_PORT/s/[^=]*=//p' /opt/backend.env)" - sed -i 's/PORT=3399/PORT=3001/' /opt/backend.env - sed -i -e "s/VERSION=.*/VERSION=$VERSION/" \ - -e '/^VITE_API_URL/d' /opt/frontend.env - export NODE_ENV=production - cd /opt/patchmon - $STD npm install --no-audit --no-fund --no-save --ignore-scripts - cd /opt/patchmon/frontend - mv /opt/frontend.env /opt/patchmon/frontend/.env - $STD npm install --no-audit --no-fund --no-save --ignore-scripts --include=dev - $STD npm run build - cd /opt/patchmon/backend - mv /opt/backend.env /opt/patchmon/backend/.env - $STD npm run db:generate - $STD npx prisma migrate deploy - cp /opt/patchmon/docker/nginx.conf.template /etc/nginx/sites-available/patchmon.conf - sed -i -e 's|proxy_pass .*|proxy_pass http://127.0.0.1:3001;|' \ - -e '\|try_files |i\ root /opt/patchmon/frontend/dist;' \ - -e 's|alias.*|alias /opt/patchmon/frontend/dist/assets;|' \ - -e '\|expires 1y|i\ root /opt/patchmon/frontend/dist;' /etc/nginx/sites-available/patchmon.conf - if [[ -n "$SERVER_PORT" ]] && [[ "$SERVER_PORT" != "443" ]]; then - sed -i "s/listen [[:digit:]].*/listen ${SERVER_PORT};/" /etc/nginx/sites-available/patchmon.conf + if [[ -d /opt/patchmon/backend ]]; then + msg_info "Legacy install detected - creating full backup, please wait..." + $STD tar czf ~/patchmon_legacy.tar.gz /opt/patchmon + cp /opt/patchmon/backend/.env /opt/legacy.env + msg_ok "Full backup saved in /root" + msg_info "Starting migration to PatchMon v2.x.x" + systemctl disable -q --now nginx + $STD npm cache clean --force + $STD apt autoremove --purge -y {nginx,nodejs} + if [[ -f /etc/apt/sources.list.d/nodesource.sources ]]; then + cp /etc/apt/sources.list.d/nodesource.sources /etc/apt/sources.list.d/nodesource.sources.bak + rm -f /etc/apt/sources.list.d/nodesource.sources + elif [[ -f /etc/apt/sources.list.d/nodesource.list ]]; then + cp /etc/apt/sources.list.d/nodesource.list /etc/apt/sources.list.d/nodesource.list.bak + rm -f /etc/apt/sources.list.d/nodesource.list + fi + rm -rf /opt/patchmon + mkdir -p /opt/patchmon/agents + cp /opt/legacy.env /opt/patchmon/.env + sed -i -e 's/^PORT=.*/PORT=3000/' \ + -e 's/^NODE_/APP_/' \ + -e '/^SERVER_*/d' \ + -e '/^# API*/,+2d' /opt/patchmon/.env + { + echo "" + echo "SESSION_SECRET=$(openssl rand -hex 64)" + echo "AI_ENCRYPTION_KEY=$(openssl rand -hex 64)" + echo "AGENT_BINARIES_DIR=/opt/patchmon/agents" + } >>/opt/patchmon/.env + sed -i -e '\|Directory|s|/backend||' \ + -e 's|^ExecStart=.*|ExecStart=/opt/patchmon/patchmon-server|' \ + -e 's|^Environment=NODE_.*|EnvironmentFile=/opt/patchmon/.env|' \ + /etc/systemd/system/patchmon-server.service + systemctl daemon-reload + rm /opt/legacy.env + msg_ok "Migration complete!" fi - ln -sf /etc/nginx/sites-available/patchmon.conf /etc/nginx/sites-enabled/ - rm -f /etc/nginx/sites-enabled/default - $STD nginx -t - systemctl restart nginx - msg_ok "Updated PatchMon" + + CLEAN_INSTALL=1 fetch_and_deploy_gh_release "PatchMon" "PatchMon/PatchMon" "singlefile" "${RELEASE}" "/opt/patchmon" "patchmon-server-linux-amd64" + mv /opt/patchmon/PatchMon /opt/patchmon/patchmon-server + + msg_info "Fetching PatchMon agent binaries" + [[ ! -d /opt/patchmon/agents ]] && mkdir -p /opt/patchmon/agents + FILE_URL="https://github.com/PatchMon/PatchMon/releases/download/${RELEASE}/patchmon-agent-" + AGENT_NAME=( + "linux-amd64" + "linux-arm64" + "linux-arm" + "linux-386" + "freebsd-amd64" + "freebsd-arm64" + "freebsd-arm" + "freebsd-386" + "windows-amd64.exe" + "windows-arm64.exe" + ) + for arch in "${AGENT_NAME[@]}"; do + curl_with_retry "${FILE_URL}${arch}" "/opt/patchmon/agents/patchmon-agent-${arch}" + [[ "${arch}" != *.exe ]] && chmod 755 "/opt/patchmon/agents/patchmon-agent-${arch}" + done + msg_ok "Fetched PatchMon agent binaries" msg_info "Starting Service" - if grep -q '/usr/bin/node' /etc/systemd/system/patchmon-server.service; then - sed -i 's|ExecStart=.*|ExecStart=/usr/bin/npm run start|' /etc/systemd/system/patchmon-server.service - systemctl daemon-reload - fi systemctl start patchmon-server msg_ok "Started Service" msg_ok "Updated successfully!" diff --git a/install/patchmon-install.sh b/install/patchmon-install.sh index eb9911591..914591719 100644 --- a/install/patchmon-install.sh +++ b/install/patchmon-install.sh @@ -14,74 +14,90 @@ network_check update_os msg_info "Installing Dependencies" -$STD apt install -y \ - build-essential \ - nginx \ - redis-server +$STD apt install -y redis-server msg_ok "Installed Dependencies" -NODE_VERSION="24" setup_nodejs PG_VERSION="17" setup_postgresql PG_DB_NAME="patchmon_db" PG_DB_USER="patchmon_usr" setup_postgresql_db -fetch_and_deploy_gh_release "PatchMon" "PatchMon/PatchMon" "tarball" "v1.4.2" "/opt/patchmon" +RELEASE="v2.0.1" +fetch_and_deploy_gh_release "PatchMon" "PatchMon/PatchMon" "singlefile" "$RELEASE" "/opt/patchmon" "patchmon-server-linux-amd64" +mv /opt/patchmon/PatchMon /opt/patchmon/patchmon-server msg_info "Configuring PatchMon" -VERSION=$(get_latest_github_release "PatchMon/PatchMon") -export NODE_ENV=production -cd /opt/patchmon -$STD npm install --no-audit --no-fund --no-save --ignore-scripts - -cd /opt/patchmon/frontend -cat <./.env -VITE_APP_NAME=PatchMon -VITE_APP_VERSION=${VERSION} -EOF -$STD npm install --no-audit --no-fund --no-save --ignore-scripts --include=dev -$STD npm run build - +cat </opt/patchmon/.env +DATABASE_URL="postgresql://$PG_DB_USER:$PG_DB_PASS@localhost:5432/$PG_DB_NAME" JWT_SECRET="$(openssl rand -hex 64)" -mv /opt/patchmon/backend/env.example /opt/patchmon/backend/.env -sed -i -e "s|DATABASE_URL=.*|DATABASE_URL=\"postgresql://$PG_DB_USER:$PG_DB_PASS@localhost:5432/$PG_DB_NAME\"|" \ - -e "/JWT_SECRET/s/[=$].*/=$JWT_SECRET/" \ - -e "\|CORS_ORIGIN|s|localhost|$LOCAL_IP|" \ - -e "/PORT=3001/aSERVER_PROTOCOL=http \\ - SERVER_HOST=$LOCAL_IP \\ - SERVER_PORT=3000" \ - -e '/_ENV=production/aTRUST_PROXY=1' \ - -e '/REDIS_USER=.*/,+1d' /opt/patchmon/backend/.env +SESSION_SECRET="$(openssl rand -hex 64)" +AI_ENCRYPTION_KEY="$(openssl rand -hex 64)" +CORS_ORIGIN=http://${LOCAL_IP}:3000 +PORT=3000 +APP_ENV=production -cd /opt/patchmon/backend -$STD npm run db:generate -$STD npx prisma migrate deploy +# Redis +REDIS_HOST=localhost +REDIS_PORT=6379 + +## OIDC / SSO (when OIDC_ENABLED=true, issuer/client/secret/redirect required) +# OIDC_ENABLED=false +# OIDC_ISSUER_URL= +# OIDC_CLIENT_ID= +# OIDC_CLIENT_SECRET= +# OIDC_REDIRECT_URI= +# OIDC_SCOPES=openid email profile groups +# OIDC_AUTO_CREATE_USERS=false +# OIDC_DEFAULT_ROLE=user +# OIDC_DISABLE_LOCAL_AUTH=false +# OIDC_BUTTON_TEXT=Login with SSO +# OIDC_SESSION_TTL=600 +# OIDC_POST_LOGOUT_URI= +# OIDC_SYNC_ROLES=false +# OIDC_ADMIN_GROUP= +# OIDC_SUPERADMIN_GROUP= +# OIDC_HOST_MANAGER_GROUP= +# OIDC_READONLY_GROUP= +# OIDC_USER_GROUP= +# OIDC_ENFORCE_HTTPS=true + +AGENT_BINARIES_DIR=/opt/patchmon/agents +EOF msg_ok "Configured PatchMon" -msg_info "Configuring Nginx" -cp /opt/patchmon/docker/nginx.conf.template /etc/nginx/sites-available/patchmon.conf -sed -i -e 's|proxy_pass .*|proxy_pass http://127.0.0.1:3001;|' \ - -e '\|try_files |i\ root /opt/patchmon/frontend/dist;' \ - -e 's|alias.*|alias /opt/patchmon/frontend/dist/assets;|' \ - -e '\|expires 1y|i\ root /opt/patchmon/frontend/dist;' /etc/nginx/sites-available/patchmon.conf -ln -sf /etc/nginx/sites-available/patchmon.conf /etc/nginx/sites-enabled/ -rm -f /etc/nginx/sites-enabled/default -$STD nginx -t -systemctl restart nginx -msg_ok "Configured Nginx" +msg_info "Fetching PatchMon agent binaries" +mkdir -p /opt/patchmon/agents +FILE_URL="https://github.com/PatchMon/PatchMon/releases/download/${RELEASE}/patchmon-agent-" +AGENT_NAME=( + "linux-amd64" + "linux-arm64" + "linux-arm" + "linux-386" + "freebsd-amd64" + "freebsd-arm64" + "freebsd-arm" + "freebsd-386" + "windows-amd64.exe" + "windows-arm64.exe" +) +for arch in "${AGENT_NAME[@]}"; do + curl_with_retry "${FILE_URL}${arch}" "/opt/patchmon/agents/patchmon-agent-${arch}" + [[ "${arch}" != *.exe ]] && chmod 755 "/opt/patchmon/agents/patchmon-agent-${arch}" +done +msg_ok "Fetched PatchMon agent binaries" msg_info "Creating service" cat </etc/systemd/system/patchmon-server.service [Unit] -Description=PatchMon Service +Description=PatchMon Server After=network.target postgresql.service [Service] Type=simple -WorkingDirectory=/opt/patchmon/backend -ExecStart=/usr/bin/npm run start +WorkingDirectory=/opt/patchmon +ExecStart=/opt/patchmon/patchmon-server Restart=always RestartSec=10 -Environment=NODE_ENV=production Environment=PATH=/usr/bin:/usr/local/bin +EnvironmentFile=/opt/patchmon/.env NoNewPrivileges=true PrivateTmp=true ProtectSystem=strict From 424575d8c1b9df970b9dd2814dbc9cb578ec255a Mon Sep 17 00:00:00 2001 From: "community-scripts-pr-app[bot]" <189241966+community-scripts-pr-app[bot]@users.noreply.github.com> Date: Mon, 27 Apr 2026 10:06:41 +0000 Subject: [PATCH 16/25] Update CHANGELOG.md (#14060) Co-authored-by: github-actions[bot] --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index b0c555234..0973ae514 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -450,6 +450,12 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit ## 2026-04-27 +### 🚀 Updated Scripts + + - #### 💥 Breaking Changes + + - PatchMon: v2.0.0 migration [@vhsdream](https://github.com/vhsdream) ([#14015](https://github.com/community-scripts/ProxmoxVE/pull/14015)) + ### 💾 Core - #### 🔧 Refactor From c32ca537f1d1cd182434b9c4378fcd27c1ea0707 Mon Sep 17 00:00:00 2001 From: "CanbiZ (MickLesk)" <47820557+MickLesk@users.noreply.github.com> Date: Mon, 27 Apr 2026 13:29:57 +0200 Subject: [PATCH 17/25] fix(technitiumdns): always install .NET 10 if not already present (#14049) Previously the update script only upgraded .NET when aspnetcore-runtime-8.0 or 9.0 was detected via is_package_installed. Containers where detection failed would silently skip the upgrade block, leaving Technitium v15 (requires .NET 10) starting against .NET 8/9 and immediately failing. Changed condition to: install .NET 10 unless it is already installed. Old 8.0/9.0 packages are removed with || true to avoid errors on clean installs. Fixes #14045 --- ct/technitiumdns.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ct/technitiumdns.sh b/ct/technitiumdns.sh index 531fb8b03..6375c8462 100644 --- a/ct/technitiumdns.sh +++ b/ct/technitiumdns.sh @@ -32,8 +32,8 @@ function update_script() { systemctl daemon-reload systemctl enable -q --now technitium fi - if is_package_installed "aspnetcore-runtime-8.0" || is_package_installed "aspnetcore-runtime-9.0"; then - $STD apt remove -y aspnetcore-runtime-* + if ! is_package_installed "aspnetcore-runtime-10.0"; then + $STD apt remove -y aspnetcore-runtime-8.0 aspnetcore-runtime-9.0 2>/dev/null || true [ -f /etc/apt/sources.list.d/microsoft-prod.list ] && rm -f /etc/apt/sources.list.d/microsoft-prod.list [ -f /usr/share/keyrings/microsoft-prod.gpg ] && rm -f /usr/share/keyrings/microsoft-prod.gpg setup_deb822_repo \ From 585de1ba0cb4e64177787e99ec0af9c179202e2e Mon Sep 17 00:00:00 2001 From: "CanbiZ (MickLesk)" <47820557+MickLesk@users.noreply.github.com> Date: Mon, 27 Apr 2026 13:30:20 +0200 Subject: [PATCH 18/25] fix(update-lxcs/apps): avoid pct exec on containers mid-shutdown (#14050) Both update-lxcs.sh and update-apps.sh backgrounded pct shutdown and then immediately called pct exec on the same container, causing 'Error: unexpected status' which terminated the loop after the first container. update-lxcs.sh: wrapped reboot-required and patchmon-agent checks in a guard that only runs them when the container was already running (not one that was started and is now being shut down). update-apps.sh: moved pct set (resource reset) and the pct exec reboot-required check to run before pct shutdown is issued. Fixes #14027 --- tools/pve/update-apps.sh | 10 +++++----- tools/pve/update-lxcs.sh | 20 +++++++++++--------- 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/tools/pve/update-apps.sh b/tools/pve/update-apps.sh index 4bb668be3..129420f9e 100644 --- a/tools/pve/update-apps.sh +++ b/tools/pve/update-apps.sh @@ -405,11 +405,6 @@ for container in $CHOICE; do esac exit_code=$? - if [ "$template" == "false" ] && [ "$status" == "status: stopped" ]; then - echo -e "${BL}[Info]${GN} Shutting down${BL} $container ${CL} \n" - pct shutdown $container & - fi - #5) if build resources are different than run resources, then: if [ "$UPDATE_BUILD_RESOURCES" -eq "1" ]; then pct set "$container" --cores "$run_cpu" --memory "$run_ram" @@ -421,6 +416,11 @@ for container in $CHOICE; do containers_needing_reboot+=("$container ($container_hostname)") fi + if [ "$template" == "false" ] && [ "$status" == "status: stopped" ]; then + echo -e "${BL}[Info]${GN} Shutting down${BL} $container ${CL} \n" + pct shutdown $container &>/dev/null & + fi + if [ $exit_code -eq 0 ]; then msg_ok "Updated container $container" elif [ $exit_code -eq 75 ]; then diff --git a/tools/pve/update-lxcs.sh b/tools/pve/update-lxcs.sh index 66edcd0e9..52e9d2528 100644 --- a/tools/pve/update-lxcs.sh +++ b/tools/pve/update-lxcs.sh @@ -110,15 +110,17 @@ for container in $(pct list | awk '{if(NR>1) print $1}'); do elif [ "$status" == "status: running" ]; then update_container $container fi - if pct exec "$container" -- [ -e "/var/run/reboot-required" ]; then - # Get the container's hostname and add it to the list - container_hostname=$(pct exec "$container" hostname) - containers_needing_reboot+=("$container ($container_hostname)") - fi - # check if patchmon agent is present in container and run a report if found - if pct exec "$container" -- [ -e "/usr/local/bin/patchmon-agent" ]; then - echo -e "${BL}[Info]${GN} patchmon-agent found in ${BL} $container ${CL}, triggering report. \n" - pct exec "$container" -- "/usr/local/bin/patchmon-agent" "report" + if [ "$status" == "status: running" ]; then + if pct exec "$container" -- [ -e "/var/run/reboot-required" ]; then + # Get the container's hostname and add it to the list + container_hostname=$(pct exec "$container" hostname) + containers_needing_reboot+=("$container ($container_hostname)") + fi + # check if patchmon agent is present in container and run a report if found + if pct exec "$container" -- [ -e "/usr/local/bin/patchmon-agent" ]; then + echo -e "${BL}[Info]${GN} patchmon-agent found in ${BL} $container ${CL}, triggering report. \n" + pct exec "$container" -- "/usr/local/bin/patchmon-agent" "report" + fi fi fi done From 5cab784bcb983d295e63bf7143157ca2c356f6f4 Mon Sep 17 00:00:00 2001 From: "community-scripts-pr-app[bot]" <189241966+community-scripts-pr-app[bot]@users.noreply.github.com> Date: Mon, 27 Apr 2026 11:30:22 +0000 Subject: [PATCH 19/25] Update CHANGELOG.md (#14063) Co-authored-by: github-actions[bot] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0973ae514..93e55527e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -452,6 +452,10 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit ### 🚀 Updated Scripts + - #### 🐞 Bug Fixes + + - TechnitiumDNS: always install .NET 10 if not already present [@MickLesk](https://github.com/MickLesk) ([#14049](https://github.com/community-scripts/ProxmoxVE/pull/14049)) + - #### 💥 Breaking Changes - PatchMon: v2.0.0 migration [@vhsdream](https://github.com/vhsdream) ([#14015](https://github.com/community-scripts/ProxmoxVE/pull/14015)) From 93a53fe16edf3e4ce1e523bbd75e7cc90c54c11f Mon Sep 17 00:00:00 2001 From: "community-scripts-pr-app[bot]" <189241966+community-scripts-pr-app[bot]@users.noreply.github.com> Date: Mon, 27 Apr 2026 11:30:48 +0000 Subject: [PATCH 20/25] Update CHANGELOG.md (#14064) Co-authored-by: github-actions[bot] --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 93e55527e..9bb726b15 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -468,6 +468,10 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit ### 🧰 Tools + - #### 🐞 Bug Fixes + + - update-lxcs/apps: avoid pct exec on containers mid-shutdown [@MickLesk](https://github.com/MickLesk) ([#14050](https://github.com/community-scripts/ProxmoxVE/pull/14050)) + - #### ✨ New Features - Add patchmon-agent report execution in update script [@heinemannj](https://github.com/heinemannj) ([#14054](https://github.com/community-scripts/ProxmoxVE/pull/14054)) From 6044637f123dfe07b742932788aec616a6bf7263 Mon Sep 17 00:00:00 2001 From: "CanbiZ (MickLesk)" <47820557+MickLesk@users.noreply.github.com> Date: Mon, 27 Apr 2026 13:31:02 +0200 Subject: [PATCH 21/25] Dawarich: run db:migrate before assets:precompile (#14051) * fix(dawarich): run db:migrate before assets:precompile In Rails production, eager loading during assets:precompile can execute DB queries. Dawarich 1.7.0 adds new tables (monthly digest email preferences, S3 storage settings). Running precompile before migrate causes 'Operation not permitted' / exit code 1 when those tables do not exist yet. Reordered to: db:migrate -> assets:precompile -> data:migrate, which is the correct Rails deployment sequence. Fixes #14048 * add otp key --- ct/dawarich.sh | 6 +++++- install/dawarich-install.sh | 2 ++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ct/dawarich.sh b/ct/dawarich.sh index d2d260998..3d1ca7e02 100644 --- a/ct/dawarich.sh +++ b/ct/dawarich.sh @@ -53,6 +53,10 @@ function update_script() { export PATH="/root/.rbenv/shims:/root/.rbenv/bin:$PATH" eval "$(/root/.rbenv/bin/rbenv init - bash)" + if ! grep -q "OTP_ENCRYPTION_PRIMARY_KEY" /opt/dawarich/.env; then + echo "OTP_ENCRYPTION_PRIMARY_KEY=$(openssl rand -hex 32)" >>/opt/dawarich/.env + fi + set -a && source /opt/dawarich/.env && set +a $STD bundle config set --local deployment 'true' @@ -67,8 +71,8 @@ function update_script() { $STD npm install fi - $STD bundle exec rake assets:precompile $STD bundle exec rails db:migrate + $STD bundle exec rake assets:precompile $STD bundle exec rake data:migrate msg_ok "Ran Migrations" diff --git a/install/dawarich-install.sh b/install/dawarich-install.sh index 9edf3a296..34e58ded7 100644 --- a/install/dawarich-install.sh +++ b/install/dawarich-install.sh @@ -46,10 +46,12 @@ msg_ok "Set up Directories" msg_info "Configuring Environment" SECRET_KEY_BASE=$(openssl rand -hex 64) +OTP_ENCRYPTION_PRIMARY_KEY=$(openssl rand -hex 32) RELEASE=$(get_latest_github_release "Freika/dawarich") cat </opt/dawarich/.env RAILS_ENV=production SECRET_KEY_BASE=${SECRET_KEY_BASE} +OTP_ENCRYPTION_PRIMARY_KEY=${OTP_ENCRYPTION_PRIMARY_KEY} DATABASE_HOST=localhost DATABASE_USERNAME=${PG_DB_USER} DATABASE_PASSWORD=${PG_DB_PASS} From 6ab9737137fdb9c575b8bdc9d456f6c63d260892 Mon Sep 17 00:00:00 2001 From: "community-scripts-pr-app[bot]" <189241966+community-scripts-pr-app[bot]@users.noreply.github.com> Date: Mon, 27 Apr 2026 11:31:18 +0000 Subject: [PATCH 22/25] Update CHANGELOG.md (#14065) Co-authored-by: github-actions[bot] --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9bb726b15..6ba678ebb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -454,6 +454,7 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit - #### 🐞 Bug Fixes + - Dawarich: run db:migrate before assets:precompile [@MickLesk](https://github.com/MickLesk) ([#14051](https://github.com/community-scripts/ProxmoxVE/pull/14051)) - TechnitiumDNS: always install .NET 10 if not already present [@MickLesk](https://github.com/MickLesk) ([#14049](https://github.com/community-scripts/ProxmoxVE/pull/14049)) - #### 💥 Breaking Changes From b226c87a00c0a0bafa47844f700c8f57b88d3ed2 Mon Sep 17 00:00:00 2001 From: rellek Date: Mon, 27 Apr 2026 17:14:24 -0400 Subject: [PATCH 24/25] Add pamUsername column to userOrgs table (#14075) --- ct/pangolin.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/ct/pangolin.sh b/ct/pangolin.sh index 765649083..c135645dd 100644 --- a/ct/pangolin.sh +++ b/ct/pangolin.sh @@ -76,6 +76,7 @@ function update_script() { if [[ -f "$DB" ]]; then sqlite3 "$DB" "ALTER TABLE 'orgs' ADD COLUMN 'settingsLogRetentionDaysConnection' integer DEFAULT 0 NOT NULL;" 2>/dev/null || true sqlite3 "$DB" "ALTER TABLE 'clientSitesAssociationsCache' ADD COLUMN 'isJitMode' integer DEFAULT 0 NOT NULL;" 2>/dev/null || true + sqlite3 "$DB" "ALTER TABLE 'userOrgs' ADD COLUMN 'pamUsername' text;" 2>/dev/null || true # Create new role-mapping tables and migrate data before drizzle-kit # drops the roleId columns from userOrgs and userInvites. From a7b8259022a972c01690fbca9ed0a7247cbc1b30 Mon Sep 17 00:00:00 2001 From: "community-scripts-pr-app[bot]" <189241966+community-scripts-pr-app[bot]@users.noreply.github.com> Date: Mon, 27 Apr 2026 21:14:53 +0000 Subject: [PATCH 25/25] Update CHANGELOG.md (#14077) Co-authored-by: github-actions[bot] --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6ba678ebb..d9bef7e12 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -452,6 +452,8 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit ### 🚀 Updated Scripts + - Add pamUsername column to userOrgs table [@JVKeller](https://github.com/JVKeller) ([#14075](https://github.com/community-scripts/ProxmoxVE/pull/14075)) + - #### 🐞 Bug Fixes - Dawarich: run db:migrate before assets:precompile [@MickLesk](https://github.com/MickLesk) ([#14051](https://github.com/community-scripts/ProxmoxVE/pull/14051))