josh/Vetting
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
488a0d10529ca4cb529ffc04170025b1f2ff48a3
Vetting/deploy/proxmox-install.sh
T
josh cf3a75591c
CI / Lint + build + test (push) Successful in 1m36s
Details
Release / release (push) Successful in 2m29s
Details
install: stage pxe-setup.sh at /usr/local/sbin/vetting-pxe-setup 
proxmox-install.sh tarball-extracts into a tempdir that gets wiped on
EXIT, so after the one-liner there's no pxe-setup.sh on disk for the
operator to run. Have install.sh drop the script + ipxe-shas.txt into
/usr/local/share/vetting/ and symlink it as
/usr/local/sbin/vetting-pxe-setup (in PATH).

pxe-setup.sh now readlink -f's BASH_SOURCE so the symlink resolves to
the share dir where ipxe-shas.txt lives, and gracefully handles the
case where install.sh already staged vmlinuz + initrd.img into
LIVE_DIR (no bundle live-image/ needed at that point).

Update the trailing hint in proxmox-install.sh and the operations
runbook to surface the new `sudo vetting-pxe-setup ...` command.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-18 12:10:23 -04:00

90 lines
3.2 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# proxmox-install.sh — one-shot installer for a fresh Proxmox LXC (or
# any Debian/Ubuntu host). Fetches a prebuilt release bundle from the
# Gitea package registry, extracts it, and hands off to install.sh.
#
# Usage:
# curl -fsSL https://gitea.thewrightserver.net/josh/Vetting/raw/branch/main/deploy/proxmox-install.sh | sudo bash
#
# To pin a specific build instead of "latest":
# VETTING_VERSION=sha-abc1234 curl -fsSL .../proxmox-install.sh | sudo bash
#
# Env overrides:
# REGISTRY_URL base URL of the Gitea instance hosting the package
# registry (default: https://gitea.thewrightserver.net)
# PACKAGE_OWNER Gitea owner who owns the `vetting` package
# (default: josh)
# VETTING_VERSION package version — either "latest" (rolling) or
# "sha-<short-sha>" (immutable). Default: "latest".
set -euo pipefail
REGISTRY_URL="${REGISTRY_URL:-https://gitea.thewrightserver.net}"
PACKAGE_OWNER="${PACKAGE_OWNER:-josh}"
VETTING_VERSION="${VETTING_VERSION:-latest}"
BUNDLE_URL="${REGISTRY_URL}/api/packages/${PACKAGE_OWNER}/generic/vetting/${VETTING_VERSION}/vetting-bundle.tar.gz"
if [[ $EUID -ne 0 ]]; then
echo "proxmox-install.sh must be run as root (try: sudo bash)" >&2
exit 1
fi
echo "==> installing prerequisites"
export DEBIAN_FRONTEND=noninteractive
apt-get update -qq
apt-get install -y --no-install-recommends \
curl ca-certificates
tmp="$(mktemp -d)"
trap 'rm -rf "${tmp}"' EXIT
echo "==> fetching bundle (${VETTING_VERSION}) from ${BUNDLE_URL}"
# --progress-bar (not -s) so the operator sees a live indicator —
# bundles are ~30 MB and the registry can be slow on a cold run, and
# a silent 5 s has tricked us into Ctrl-C'ing mid-download before.
# -f keeps fail-on-HTTP-error; -L still follows redirects.
curl -fL --progress-bar "${BUNDLE_URL}" -o "${tmp}/vetting-bundle.tar.gz"
bundle_size="$(du -h "${tmp}/vetting-bundle.tar.gz" | cut -f1)"
echo "==> extracting (${bundle_size})"
tar -C "${tmp}" -xzf "${tmp}/vetting-bundle.tar.gz"
# Bundle extracts to vetting-bundle-<sha>/; glob-match the single
# top-level directory.
shopt -s nullglob
candidates=( "${tmp}"/vetting-bundle-* )
shopt -u nullglob
if [[ ${#candidates[@]} -ne 1 || ! -d "${candidates[0]}" ]]; then
echo "unexpected bundle layout: expected exactly one vetting-bundle-*/ dir" >&2
exit 1
fi
bundle_dir="${candidates[0]}"
echo "==> handing off to install.sh (bundle ${bundle_dir##*/})"
cd "${bundle_dir}"
bash install.sh \
--binary "${bundle_dir}/bin/vetting-linux-amd64" \
--agent-binary "${bundle_dir}/bin/vetting-agent.linux-amd64"
cat <<EOF
vetting is installed from bundle $(cat "${bundle_dir}/VERSION" 2>/dev/null || echo unknown).
To upgrade later, just rerun this one-liner; it always pulls "latest"
unless VETTING_VERSION is set.
To pin a specific build:
VETTING_VERSION=sha-abc1234 curl -fsSL \\
${REGISTRY_URL}/${PACKAGE_OWNER}/Vetting/raw/branch/main/deploy/proxmox-install.sh \\
| sudo bash
For PXE support, run:
sudo vetting-pxe-setup \\
--interface eth0 \\
--subnet 192.168.1.0/24 \\
--orchestrator-url http://<lxc-lan-ip>:8080
See docs/operations.md for the full flow.
EOF
Reference in New Issue View Git Blame Copy Permalink