From c044fdb34bbcf2ec6e4d8c586803f8ba7cf09a07 Mon Sep 17 00:00:00 2001 From: rellek Date: Thu, 5 Feb 2026 20:44:50 +0000 Subject: [PATCH 1/5] feat: add NetAlertX ProxmoxVE helper scripts --- install/proxmox/INSTALLATION_GUIDE.md | 159 +++++++++ install/proxmox/README.md | 9 +- install/proxmox/ct/netalertx.sh | 148 ++++++++ install/proxmox/install/netalertx-install.sh | 335 +++++++++++++++++++ install/proxmox/netalertx.conf | 7 + install/proxmox/proxmox-install-netalertx.sh | 74 ++-- install/proxmox/requirements.txt | 1 + 7 files changed, 694 insertions(+), 39 deletions(-) create mode 100644 install/proxmox/INSTALLATION_GUIDE.md create mode 100644 install/proxmox/ct/netalertx.sh create mode 100644 install/proxmox/install/netalertx-install.sh diff --git a/install/proxmox/INSTALLATION_GUIDE.md b/install/proxmox/INSTALLATION_GUIDE.md new file mode 100644 index 000000000..caa0ab739 --- /dev/null +++ b/install/proxmox/INSTALLATION_GUIDE.md @@ -0,0 +1,159 @@ +# NetAlertX Installation Guide for Proxmox VE + +## Quick Start (ProxmoxVE LXC Container) + +To create a NetAlertX LXC container on Proxmox VE, run this command on your Proxmox host: + +```bash +bash -c "$(wget -qLO - https://github.com/community-scripts/ProxmoxVE/raw/main/ct/netalertx.sh)" +``` + +This will: +- Create a Debian 13 LXC container +- Install all dependencies automatically +- Configure NetAlertX with NGINX on port 20211 +- Start the service automatically + +### Update Existing Installation + +To update an existing NetAlertX container: + +```bash +bash -c "$(wget -qLO - https://github.com/community-scripts/ProxmoxVE/raw/main/ct/netalertx.sh)" -s update +``` + +--- + +## Installation Process Overview + +### 1. **System Preparation** +- Updates system packages + +### 2. **Dependency Installation** +- Installs NGINX web server +- Installs Python 3 and development tools +- Installs network scanning tools (nmap, arp-scan, fping, etc.) +- Installs system utilities (sqlite3, dnsutils, avahi-daemon, etc.) + +### 3. **Application Setup** +- Clones NetAlertX repository to `/app` +- Creates Python virtual environment at `/opt/netalertx-env` +- Installs Python dependencies from requirements.txt +- Configures NGINX with default port 20211 + +### 4. **File Structure Creation** +- Creates persistent directories for `/app/log` and `/app/api` +- Creates log files and plugin directories +- Copies initial database and configuration files +- Sets secure file permissions (www-data user/group) +- Configures systemd RuntimeDirectory (`/run/netalertx`) for volatile service files + +### 5. **Service Configuration** +- Creates startup script at `/app/start.netalertx.sh` +- Installs systemd service (`netalertx.service`) +- Enables auto-start on boot +- Starts NetAlertX and NGINX services + +### 6. **Hardware Vendor Database** +- Updates IEEE OUI database for MAC address vendor identification (if not present) + +--- + +## Post-Installation + +### Accessing NetAlertX + +After successful installation, access the web interface at: + +``` +http://YOUR_SERVER_IP:YOUR_PORT +``` + +**Default port**: 20211 + +To find your server IP: +```bash +ip -4 route get 1.1.1.1 | awk '{for(i=1;i<=NF;i++) if ($i=="src") {print $(i+1); exit}}' +``` + +### Service Management + +```bash +# Check service status +systemctl status netalertx.service + +# View real-time logs +journalctl -u netalertx.service -f + +# Restart service +systemctl restart netalertx.service + +# Stop service +systemctl stop netalertx.service +``` + +--- + +## Important File Locations + +| Component | Location | +|-----------|----------| +| Installation Directory | `/app` | +| Configuration File | `/app/config/app.conf` | +| Database File | `/app/db/app.db` | +| NGINX Configuration | `/etc/nginx/conf.d/netalertx.conf` | +| Web UI (symlink) | `/var/www/html/netalertx` → `/app/front` | +| Python Virtual Env | `/opt/netalertx-env` | +| Systemd Service | `/etc/systemd/system/netalertx.service` | +| Startup Script | `/app/start.netalertx.sh` | +| Application Logs | `/app/log/` (persistent) | +| API Files | `/app/api/` (persistent) | +| Service Runtime | `/run/netalertx/` (tmpfs, systemd-managed) | + +### Storage Strategy (Hybrid Approach) + +**Persistent Storage** (survives reboots): +- `/app/log/app.log` - Main application log +- `/app/log/execution_queue.log` - Task execution log +- `/app/log/app_front.log` - Frontend log +- `/app/log/app.php_errors.log` - PHP error log +- `/app/log/stderr.log` - Standard error output +- `/app/log/stdout.log` - Standard output +- `/app/log/db_is_locked.log` - Database lock log +- `/app/api/user_notifications.json` - User notification data + +**Volatile Storage** (tmpfs, cleared on reboot): +- `/run/netalertx/` - Systemd-managed runtime directory for service temporary files + +Systemd service logs are always available via: `journalctl -u netalertx.service` + +--- + +## Environment Variables + +The installation script supports the following environment variables: + +| Variable | Description | Default | +|----------|-------------|---------| +| `NETALERTX_ASSUME_YES` | Skip all interactive prompts | (not set) | +| `ASSUME_YES` | Alternative to NETALERTX_ASSUME_YES | (not set) | +| `PORT` | HTTP port for web interface | 20211 | +| `NETALERTX_FORCE` | Force installation without prompts | (not set) | + +--- + +## Security Considerations + +- **Runtime directory**: Systemd manages `/run/netalertx/` as tmpfs with `noexec,nosuid,nodev` flags +- **File permissions**: Application files restricted to `www-data` user/group only (mode 0750) +- **Service isolation**: Runs as unprivileged `www-data` user +- **Automatic restart**: Service configured to restart on failure +- **Persistent logs**: Application logs survive reboots for debugging and audit trails + +--- + +## Additional Resources + +- **GitHub Repository**: https://github.com/jokob-sk/NetAlertX +- **Issue Tracker**: https://github.com/jokob-sk/NetAlertX/issues +- **Documentation**: `/app/docs/` directory diff --git a/install/proxmox/README.md b/install/proxmox/README.md index dfca219cc..8041801c0 100755 --- a/install/proxmox/README.md +++ b/install/proxmox/README.md @@ -11,7 +11,14 @@ An installer script for deploying NetAlertX on Proxmox VE (Debian-based) system ### Installation -## Download and run the installer +#### Proxmox VE Helper Script (Recommended) +This is the easiest way to deploy NetAlertX on Proxmox. Run this command on your Proxmox host: +```bash +bash -c "$(wget -qLO - https://github.com/JVKeller/NetAlertX/raw/proxmox-baremetal-installer/install/proxmox/ct/netalertx.sh)" +``` + +#### Standalone Script (Inside existing LXC/VM) +Download and run the installer inside a fresh Debian/Ubuntu system: ```bash wget https://raw.githubusercontent.com/jokob-sk/NetAlertX/refs/heads/main/install/proxmox/proxmox-install-netalertx.sh -O proxmox-install-netalertx.sh && chmod +x proxmox-install-netalertx.sh && ./proxmox-install-netalertx.sh ``` diff --git a/install/proxmox/ct/netalertx.sh b/install/proxmox/ct/netalertx.sh new file mode 100644 index 000000000..3bf320769 --- /dev/null +++ b/install/proxmox/ct/netalertx.sh @@ -0,0 +1,148 @@ +#!/usr/bin/env bash +# Copyright (c) 2021-2026 community-scripts ORG +# Author: jokob-sk +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://github.com/netalertx/NetAlertX + +# Import main orchestrator +source <(curl -fsSL https://github.com/community-scripts/ProxmoxVE/raw/main/misc/build.func) + +# Application Configuration +APP="NetAlertX" +var_tags="network;monitoring;security" +var_cpu="2" +var_ram="2048" +var_disk="10" +# Container Type & OS +var_os="debian" +var_version="13" +var_unprivileged="1" +# var_password="root" # Uncomment if you want to hardcode a password for testing + +# Standard initialization +header_info "$APP" +variables +color +catch_errors + +# Support running from a mirror +if [[ -n "${REPOS_URL}" ]]; then + # Only show info message in verbose mode to avoid UI overlap + if [[ "${VERBOSE:-no}" == "yes" ]]; then + msg_info "Using custom repository: ${REPOS_URL}" + fi + # Override build_container to use the custom repo URL + original_func=$(declare -f build_container) + # Map official ProxmoxVE path to NetAlertX fork path - EXTREMELY SURGICAL to avoid core breakages + eval "$(echo "$original_func" | sed "s|https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/install/\${var_install}.sh|${REPOS_URL}/install/proxmox/install/\${var_install}.sh|g")" +fi + +# Define local installer path for testing +LOCAL_INSTALLER="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/../../install/${NSAPP:-netalertx}-install.sh" + +# Override build_container to use local install script if available +if [[ -f "$LOCAL_INSTALLER" ]]; then + msg_info "Using local installer from $LOCAL_INSTALLER" + original_func=$(declare -f build_container) + replacement="pct push \"\$CTID\" \"$LOCAL_INSTALLER\" /root/install.sh && lxc-attach -n \"\$CTID\" -- bash /root/install.sh" + eval "$(echo "$original_func" | sed "s|lxc-attach.*install/\${var_install}.sh.*|$replacement|")" +fi + +# Export variables to ensure they're passed to the installation script +export NSAPP APP var_os var_version var_cpu var_ram var_disk var_unprivileged PORT VERBOSE REPO_URL + +# Support verbose logging +if [[ "${VERBOSE:-no}" == "yes" ]]; then + set -x + STD="" +fi + +# Automatically detect bridge if vmbr0 is missing +if ! ip link show vmbr0 >/dev/null 2>&1 || [[ "$(cat /sys/class/net/vmbr0/bridge/bridge_id 2>/dev/null)" == "" ]]; then + # Get List of Bridges using multiple methods + # shellcheck disable=SC2207,SC2010 # Working pattern for bridge detection + BRIDGES=($(ip -o link show type bridge | awk -F': ' '{print $2}') $(ls /sys/class/net | grep vmbr | grep -v "vmbr0")) + # Remove duplicates + # shellcheck disable=SC2207 # Working pattern for deduplication + BRIDGES=($(echo "${BRIDGES[@]}" | tr ' ' '\n' | sort -u | tr '\n' ' ')) + + if [ ${#BRIDGES[@]} -eq 0 ]; then + # Fallback to pvesh if available + if command -v pvesh >/dev/null 2>&1; then + # shellcheck disable=SC2207,SC2046 # Working pattern for pvesh output + BRIDGES=($(pvesh get /nodes/$(hostname)/network --type bridge --output-format json | grep -oP '"iface":"\K[^"]+')) + fi + fi + + if [ ${#BRIDGES[@]} -eq 0 ]; then + msg_error "No network bridges (vmbr) detected. Please create a Linux Bridge in Proxmox first." + exit 1 + elif [ ${#BRIDGES[@]} -eq 1 ]; then + export var_bridge="${BRIDGES[0]}" + msg_info "Using detected bridge: ${var_bridge}" + else + # Multiple bridges found, let the user pick + BRIDGE_MENU=() + for b in "${BRIDGES[@]}"; do + BRIDGE_MENU+=("$b" "Network Bridge") + done + # shellcheck disable=SC2155 # Standard whiptail pattern + export var_bridge=$(whiptail --title "Select Network Bridge" --menu "vmbr0 not found. Please select a valid bridge:" 15 60 5 "${BRIDGE_MENU[@]}" 3>&1 1>&2 2>&3) + if [ -z "$var_bridge" ]; then + msg_error "No bridge selected. Aborting." + exit 1 + fi + fi +fi + +function update_script() { + header_info + check_container_storage + check_container_resources + + if [[ ! -d /app ]]; then + msg_error "No ${APP} Installation Found!" + exit + fi + + msg_info "Stopping ${APP} Service" + systemctl stop netalertx.service + msg_ok "Stopped ${APP} Service" + + msg_info "Updating ${APP}" + cd /app || exit + git pull + msg_ok "Updated ${APP}" + + msg_info "Updating Python Dependencies" + # shellcheck disable=SC1091 # venv activation script + source /opt/netalertx-env/bin/activate + pip install -r install/proxmox/requirements.txt + deactivate + msg_ok "Updated Python Dependencies" + + msg_info "Starting ${APP} Service" + systemctl start netalertx.service + msg_ok "Started ${APP} Service" + + msg_ok "Update Complete" + exit +} + +# Start the container creation workflow +start + +# Build the container with selected configuration +build_container + +# Set container description/notes in Proxmox UI +description + +# Display success message +msg_ok "Completed successfully!\n" + +echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" +echo -e "${INFO}${YW} Access it using the following URL:${CL}" +echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:${PORT:-20211}${CL}" +echo -e "${INFO}${YW} Service Management:${CL}" +echo -e "${TAB}systemctl status netalertx.service${CL}" diff --git a/install/proxmox/install/netalertx-install.sh b/install/proxmox/install/netalertx-install.sh new file mode 100644 index 000000000..33a937f9e --- /dev/null +++ b/install/proxmox/install/netalertx-install.sh @@ -0,0 +1,335 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2026 community-scripts ORG +# Author: jokob-sk +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://github.com/netalertx/NetAlertX + +# shellcheck disable=SC1091 # FUNCTIONS_FILE_PATH is provided by build.func + +# Load all available functions (from core.func + tools.func) +# shellcheck disable=SC1090 +source /dev/stdin <<< "$FUNCTIONS_FILE_PATH" + +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +# ============================================================================ +msg_info "Installing Dependencies" +$STD apt-get install -y \ + nginx \ + sqlite3 \ + dnsutils \ + net-tools \ + mtr \ + python3 \ + python3-dev \ + python3-pip \ + python3-venv \ + iproute2 \ + nmap \ + fping \ + zip \ + usbutils \ + traceroute \ + nbtscan \ + avahi-daemon \ + avahi-utils \ + build-essential \ + git \ + curl \ + wget \ + arp-scan \ + perl \ + libwww-perl \ + apt-utils \ + cron \ + sudo \ + ca-certificates \ + tini \ + snmp \ + libcap2-bin \ + gettext-base +msg_ok "Installed Dependencies" + +msg_info "Setting up PHP 8.4" +PHP_VERSION="8.4" PHP_MODULE="cgi,fpm,sqlite3,curl,gd,mbstring,xml,intl,zip" setup_php +msg_ok "PHP 8.4 setup complete" + +# ============================================================================ +msg_info "Cloning NetAlertX Repository" +INSTALL_DIR="/app" +# Default repository if not specified +REPO_URL="${REPO_URL:-https://github.com/netalertx/NetAlertX.git}" +# Ensure directory is empty +rm -rf "$INSTALL_DIR" +git clone "$REPO_URL" "$INSTALL_DIR/" --quiet +cd "$INSTALL_DIR" || exit + +# Remove symlink placeholders from the repository to ensure they become persistent directories +rm -rf api log db config + +# Create a /data symlink as a fail-safe for application hardcoded paths +if [ ! -e /data ]; then + ln -s /app /data +fi + +# Create buildtimestamp if it doesn't exist +if [ ! -f "$INSTALL_DIR/front/buildtimestamp.txt" ]; then + date +%s > "$INSTALL_DIR/front/buildtimestamp.txt" +fi +msg_ok "Cloned NetAlertX Repository" + +# ============================================================================ +msg_info "Installing Python Dependencies" +# Python venv creation +python3 -m venv /opt/netalertx-env +# shellcheck disable=SC1091 +source /opt/netalertx-env/bin/activate +$STD python -m pip install --upgrade pip +if [ -f "${INSTALL_DIR:-/app}/install/proxmox/requirements.txt" ]; then + $STD python -m pip install -r "${INSTALL_DIR:-/app}/install/proxmox/requirements.txt" +fi +deactivate +msg_ok "Installed Python Dependencies" + +# ============================================================================ +msg_info "Applying Security Capabilities" +# Dynamically find binary paths as they can vary between /usr/bin and /usr/sbin +BINARY_NMAP=$(command -v nmap) +BINARY_ARPSCAN=$(command -v arp-scan) +BINARY_NBTSCAN=$(command -v nbtscan) +BINARY_TRACEROUTE=$(command -v traceroute) +BINARY_PYTHON=$(readlink -f /opt/netalertx-env/bin/python) + +[[ -n "$BINARY_NMAP" ]] && setcap cap_net_raw,cap_net_admin+eip "$BINARY_NMAP" || true +[[ -n "$BINARY_ARPSCAN" ]] && setcap cap_net_raw,cap_net_admin+eip "$BINARY_ARPSCAN" || true +[[ -n "$BINARY_NBTSCAN" ]] && setcap cap_net_raw,cap_net_admin,cap_net_bind_service+eip "$BINARY_NBTSCAN" || true +[[ -n "$BINARY_TRACEROUTE" ]] && setcap cap_net_raw,cap_net_admin+eip "$BINARY_TRACEROUTE" || true +[[ -n "$BINARY_PYTHON" ]] && setcap cap_net_raw,cap_net_admin+eip "$BINARY_PYTHON" || true +msg_ok "Security capabilities applied" +msg_ok "Installed Python Dependencies" + +# ============================================================================ +msg_info "Configuring NGINX" + +# Set default port +PORT="${PORT:-20211}" + +# Remove default NGINX site +if [ -L /etc/nginx/sites-enabled/default ]; then + rm /etc/nginx/sites-enabled/default +elif [ -f /etc/nginx/sites-enabled/default ]; then + mv /etc/nginx/sites-enabled/default /etc/nginx/sites-available/default.bkp_netalertx +fi + +# Create web directory and symbolic link +mkdir -p /var/www/html +ln -sfn "${INSTALL_DIR}/front" /var/www/html/netalertx + +# Create symlinks in /tmp as well for double fail-safe (some PHP modules use /tmp/api) +mkdir -p /app/api /app/log +ln -sfn /app/api /tmp/api +ln -sfn /app/log /tmp/log + +# Copy and configure NGINX config +mkdir -p "${INSTALL_DIR}/config" +cp "${INSTALL_DIR}/install/proxmox/netalertx.conf" "${INSTALL_DIR}/config/netalertx.conf" + +# Update port in NGINX config +sed -i "s/listen 20211;/listen ${PORT};/g" "${INSTALL_DIR}/config/netalertx.conf" + +# Create symbolic link to NGINX configuration +ln -sfn "${INSTALL_DIR}/config/netalertx.conf" /etc/nginx/conf.d/netalertx.conf + +# Detect PHP-FPM socket and update NGINX config +PHP_FPM_SOCKET=$(find /run/php/ -name "php*-fpm.sock" | head -n 1) +if [[ -n "$PHP_FPM_SOCKET" ]]; then + msg_info "Detected PHP-FPM socket: $PHP_FPM_SOCKET" + sed -i "s|unix:/var/run/php/php-fpm.sock;|unix:$PHP_FPM_SOCKET;|g" /etc/nginx/conf.d/netalertx.conf +else + msg_warn "Could not detect PHP-FPM socket path automatically" +fi + +# Enable and start NGINX +systemctl enable nginx +systemctl restart nginx +msg_ok "Configured NGINX" + +# ============================================================================ +msg_info "Creating Directory Structure" + +# Create persistent directories +mkdir -p "${INSTALL_DIR}/log/plugins" "${INSTALL_DIR}/api" + +# Set permissions FIRST so www-data can create files (Fixes Turn 499) +chown -R www-data:www-data "${INSTALL_DIR}/log" "${INSTALL_DIR}/api" +chmod -R ug+rwX "${INSTALL_DIR}/log" "${INSTALL_DIR}/api" + +# Create log and API files as www-data user +sudo -u www-data touch ${INSTALL_DIR}/log/{app.log,execution_queue.log,app_front.log,app.php_errors.log,stderr.log,stdout.log,db_is_locked.log} +sudo -u www-data touch ${INSTALL_DIR}/api/user_notifications.json + +msg_ok "Created Directory Structure" + +# Create missing __init__.py files for Python package recognition +touch "${INSTALL_DIR}/front/__init__.py" +touch "${INSTALL_DIR}/front/plugins/__init__.py" + +# ============================================================================ +msg_info "Setting up Database and Configuration" + +# Copy starter database and config files +mkdir -p "${INSTALL_DIR}/config" "${INSTALL_DIR}/db" +cp -u "${INSTALL_DIR}/back/app.conf" "${INSTALL_DIR}/config/app.conf" +cp -u "${INSTALL_DIR}/back/app.db" "${INSTALL_DIR}/db/app.db" + +# Sync timezone from system +LXC_TZ=$(timedatectl show --property=Timezone --value 2>/dev/null || cat /etc/timezone 2>/dev/null || echo "UTC") +if [[ -n "$LXC_TZ" ]]; then + msg_info "Syncing Timezone: $LXC_TZ" + sed -i "s|TIMEZONE.*=.*|TIMEZONE = '$LXC_TZ'|g" "${INSTALL_DIR}/config/app.conf" + # Also update PHP's fallbacks if necessary (NetAlertX uses the one from app.conf mostly) +fi + +# Set permissions +chgrp -R www-data "$INSTALL_DIR" +# NetAlertX needs write access to front/ for some features, and broad access to /app +chmod -R a+rwx "$INSTALL_DIR" +chown -R www-data:www-data "${INSTALL_DIR}/db/app.db" + +# Configure sudoers for www-data (Needed for Init Checks & Tools) +msg_info "Configuring Sudoers" +cat > /etc/sudoers.d/netalertx < "$INSTALL_DIR/start.netalertx.sh" < /etc/systemd/system/netalertx.service </dev/null || true; umount "${INSTALL_DIR}/api" 2>/dev/null || true' EXIT # Making sure the system is clean if [ -d "$INSTALL_DIR" ]; then @@ -204,10 +202,10 @@ pkill -f "^python(3)?\s+.*${INSTALL_DIR}/server/?$" 2>/dev/null || true printf "%b\n" "--------------------------------------------------------------------------" printf "%b\n" "${GREEN}[INSTALLING] ${RESET}Setting up Python environment" printf "%b\n" "--------------------------------------------------------------------------" -python3 -m venv /opt/myenv +python3 -m venv /opt/netalertx-env # Shell check doesn't recognize source command because it's not in the repo, it is in the system at runtime # shellcheck disable=SC1091 -source /opt/myenv/bin/activate +source /opt/netalertx-env/bin/activate python -m pip install --upgrade pip python -m pip install -r "${INSTALLER_DIR}/requirements.txt" @@ -283,46 +281,19 @@ else fi fi -# Create empty log files and plugin folders +# Create persistent log and API directories printf "%b\n" "--------------------------------------------------------------------------" -printf "%b\n" "${GREEN}[INSTALLING] ${RESET}Creating mounts and file structure" +printf "%b\n" "${GREEN}[INSTALLING] ${RESET}Creating persistent log and API directories" printf "%b\n" "--------------------------------------------------------------------------" -printf "%b\n" "Cleaning up old mounts if any" -umount "${INSTALL_DIR}/log" 2>/dev/null || true -umount "${INSTALL_DIR}/api" 2>/dev/null || true +# Create directory structure +mkdir -p "${INSTALL_DIR}/log/plugins" "${INSTALL_DIR}/api" -printf "%b\n" "Creating log api folders if they don't exist" -mkdir -p "${INSTALL_DIR}/log" "${INSTALL_DIR}/api" - -printf "%b\n" "--------------------------------------------------------------------------" -printf "%b\n" "${GREEN}[INSTALLING] ${RESET}Mounting log and api folders as tmpfs" -printf "%b\n" "--------------------------------------------------------------------------" -mountpoint -q "${INSTALL_DIR}/log" || mount -t tmpfs -o noexec,nosuid,nodev tmpfs "${INSTALL_DIR}/log" -mountpoint -q "${INSTALL_DIR}/api" || mount -t tmpfs -o noexec,nosuid,nodev tmpfs "${INSTALL_DIR}/api" -chown -R www-data:www-data "${INSTALL_DIR}/log" "${INSTALL_DIR}/api" - -# Ensure plugins directory exists within the tmpfs mount -mkdir -p "${INSTALL_DIR}"/log/plugins -chown -R www-data:www-data "${INSTALL_DIR}"/log/plugins - -# Create the execution_queue.log file if it doesn't exist -touch ${INSTALL_DIR}/log/{app.log,execution_queue.log,app_front.log,app.php_errors.log,stderr.log,stdout.log,db_is_locked.log} -touch ${INSTALL_DIR}/api/user_notifications.json -chown -R www-data:www-data "${INSTALL_DIR}"/log "${INSTALL_DIR}"/api -chmod -R ug+rwX "${INSTALL_DIR}"/log "${INSTALL_DIR}"/api - -# Set ownership of the tmpfs mountpoints first. -chown www-data:www-data "${INSTALL_DIR}/log" "${INSTALL_DIR}/api" - -# Ensure plugins directory exists within the tmpfs mount -mkdir -p "${INSTALL_DIR}/log/plugins" - -# Create log and api files directly as the www-data user to ensure correct ownership from the start. +# Create log and API files as www-data user to ensure correct ownership sudo -u www-data touch ${INSTALL_DIR}/log/{app.log,execution_queue.log,app_front.log,app.php_errors.log,stderr.log,stdout.log,db_is_locked.log} sudo -u www-data touch ${INSTALL_DIR}/api/user_notifications.json -# Set final permissions for all created files and directories. +# Set final permissions for all created files and directories chown -R www-data:www-data "${INSTALL_DIR}/log" "${INSTALL_DIR}/api" chmod -R ug+rwX "${INSTALL_DIR}/log" "${INSTALL_DIR}/api" @@ -360,14 +331,28 @@ nginx -t || { cat > "$INSTALL_DIR/start.netalertx.sh" << EOF #!/usr/bin/env bash +# NetAlertX environment variables +export NETALERTX_CONFIG=/app/config +export NETALERTX_LOG=/app/log +export NETALERTX_DATA=/app +export NETALERTX_API=/app/api +export NETALERTX_TMP=/app +export PORT=${PORT} +export PYTHONPATH=/app + +# Ensure package structure exists (Self-healing) +touch /app/front/__init__.py +touch /app/front/plugins/__init__.py + # Activate the virtual python environment -source /opt/myenv/bin/activate +source /opt/netalertx-env/bin/activate echo -e "--------------------------------------------------------------------------" echo -e "Starting NetAlertX - navigate to http://${SERVER_IP}:${PORT}" echo -e "--------------------------------------------------------------------------" # Start the NetAlertX python script +cd /app python server/ EOF @@ -396,6 +381,19 @@ RestartSec=5 StandardOutput=journal StandardError=journal +# NetAlertX environment variables +Environment=NETALERTX_CONFIG=/app/config +Environment=NETALERTX_LOG=/app/log +Environment=NETALERTX_DATA=/app +Environment=NETALERTX_API=/app/api +Environment=NETALERTX_TMP=/app +Environment=PORT=${PORT} +Environment=PYTHONPATH=/app + +# Create runtime directory in tmpfs for systemd-managed volatile files +RuntimeDirectory=netalertx +RuntimeDirectoryMode=0750 + [Install] WantedBy=multi-user.target EOF diff --git a/install/proxmox/requirements.txt b/install/proxmox/requirements.txt index fdd30017a..01392609b 100755 --- a/install/proxmox/requirements.txt +++ b/install/proxmox/requirements.txt @@ -24,3 +24,4 @@ librouteros yattag zeroconf git+https://github.com/foreign-sub/aiofreepybox.git +pydantic From b48a83fe22286757eb3ce92079a3a61dd80b3fd9 Mon Sep 17 00:00:00 2001 From: rellek Date: Thu, 5 Feb 2026 21:02:54 +0000 Subject: [PATCH 2/5] fix: address CodeRabbit review regarding directory permissions and touch sequence --- install/proxmox/proxmox-install-netalertx.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/install/proxmox/proxmox-install-netalertx.sh b/install/proxmox/proxmox-install-netalertx.sh index b7d803636..05ce43c2c 100755 --- a/install/proxmox/proxmox-install-netalertx.sh +++ b/install/proxmox/proxmox-install-netalertx.sh @@ -289,12 +289,14 @@ printf "%b\n" "----------------------------------------------------------------- # Create directory structure mkdir -p "${INSTALL_DIR}/log/plugins" "${INSTALL_DIR}/api" +# Set ownership FIRST so www-data can create files +chown -R www-data:www-data "${INSTALL_DIR}/log" "${INSTALL_DIR}/api" + # Create log and API files as www-data user to ensure correct ownership -sudo -u www-data touch ${INSTALL_DIR}/log/{app.log,execution_queue.log,app_front.log,app.php_errors.log,stderr.log,stdout.log,db_is_locked.log} sudo -u www-data touch ${INSTALL_DIR}/api/user_notifications.json +sudo -u www-data touch ${INSTALL_DIR}/log/{app.log,execution_queue.log,app_front.log,app.php_errors.log,stderr.log,stdout.log,db_is_locked.log} -# Set final permissions for all created files and directories -chown -R www-data:www-data "${INSTALL_DIR}/log" "${INSTALL_DIR}/api" +# Set final permissions chmod -R ug+rwX "${INSTALL_DIR}/log" "${INSTALL_DIR}/api" printf "%b\n" "--------------------------------------------------------------------------" From e51c265f7f8550b97c1bd3f1f58e305584fbdc12 Mon Sep 17 00:00:00 2001 From: rellek Date: Thu, 5 Feb 2026 21:03:42 +0000 Subject: [PATCH 3/5] docs: update repository references to official NetAlertX organization and fix permissions in legacy script --- install/proxmox/INSTALLATION_GUIDE.md | 4 ++-- install/proxmox/README.md | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/install/proxmox/INSTALLATION_GUIDE.md b/install/proxmox/INSTALLATION_GUIDE.md index caa0ab739..7bb6e1d56 100644 --- a/install/proxmox/INSTALLATION_GUIDE.md +++ b/install/proxmox/INSTALLATION_GUIDE.md @@ -154,6 +154,6 @@ The installation script supports the following environment variables: ## Additional Resources -- **GitHub Repository**: https://github.com/jokob-sk/NetAlertX -- **Issue Tracker**: https://github.com/jokob-sk/NetAlertX/issues +- **GitHub Repository**: https://github.com/netalertx/NetAlertX +- **Issue Tracker**: https://github.com/netalertx/NetAlertX/issues - **Documentation**: `/app/docs/` directory diff --git a/install/proxmox/README.md b/install/proxmox/README.md index 8041801c0..fe45fec8f 100755 --- a/install/proxmox/README.md +++ b/install/proxmox/README.md @@ -14,13 +14,13 @@ An installer script for deploying NetAlertX on Proxmox VE (Debian-based) system #### Proxmox VE Helper Script (Recommended) This is the easiest way to deploy NetAlertX on Proxmox. Run this command on your Proxmox host: ```bash -bash -c "$(wget -qLO - https://github.com/JVKeller/NetAlertX/raw/proxmox-baremetal-installer/install/proxmox/ct/netalertx.sh)" +bash -c "$(wget -qLO - https://github.com/netalertx/NetAlertX/raw/main/install/proxmox/ct/netalertx.sh)" ``` #### Standalone Script (Inside existing LXC/VM) Download and run the installer inside a fresh Debian/Ubuntu system: ```bash -wget https://raw.githubusercontent.com/jokob-sk/NetAlertX/refs/heads/main/install/proxmox/proxmox-install-netalertx.sh -O proxmox-install-netalertx.sh && chmod +x proxmox-install-netalertx.sh && ./proxmox-install-netalertx.sh +wget https://raw.githubusercontent.com/netalertx/NetAlertX/main/install/proxmox/proxmox-install-netalertx.sh -O proxmox-install-netalertx.sh && chmod +x proxmox-install-netalertx.sh && ./proxmox-install-netalertx.sh ``` ## 📋 What This Installer Does From a3ed98efdc4f7b3cb50ebdde58b009c8c2f8aab9 Mon Sep 17 00:00:00 2001 From: rellek Date: Fri, 6 Feb 2026 17:00:54 +0000 Subject: [PATCH 4/5] update comments --- install/proxmox/ct/netalertx.sh | 9 +++++++-- install/proxmox/install/netalertx-install.sh | 9 +++++---- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/install/proxmox/ct/netalertx.sh b/install/proxmox/ct/netalertx.sh index 3bf320769..6c6347cda 100644 --- a/install/proxmox/ct/netalertx.sh +++ b/install/proxmox/ct/netalertx.sh @@ -1,9 +1,14 @@ #!/usr/bin/env bash + # Copyright (c) 2021-2026 community-scripts ORG -# Author: jokob-sk -# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Author: JVKeller + +# License: GPL 3.0 | NetAlertX | https://github.com/netalertx/NetAlertX/blob/main/LICENSE.txt # Source: https://github.com/netalertx/NetAlertX +# License: MIT | ProxmoxVE | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://github.com/ProxmoxVE + # Import main orchestrator source <(curl -fsSL https://github.com/community-scripts/ProxmoxVE/raw/main/misc/build.func) diff --git a/install/proxmox/install/netalertx-install.sh b/install/proxmox/install/netalertx-install.sh index 33a937f9e..271b4194a 100644 --- a/install/proxmox/install/netalertx-install.sh +++ b/install/proxmox/install/netalertx-install.sh @@ -1,14 +1,15 @@ #!/usr/bin/env bash # Copyright (c) 2021-2026 community-scripts ORG -# Author: jokob-sk -# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Author: JVKeller +# License: GPL 3.0 | NetAlertX | https://github.com/netalertx/NetAlertX/blob/main/LICENSE.txt # Source: https://github.com/netalertx/NetAlertX +# License: MIT | ProxmoxVE | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://github.com/ProxmoxVE + # shellcheck disable=SC1091 # FUNCTIONS_FILE_PATH is provided by build.func -# Load all available functions (from core.func + tools.func) -# shellcheck disable=SC1090 source /dev/stdin <<< "$FUNCTIONS_FILE_PATH" color From 2fb44e654be361dc58a842ff02608b80ddd5cbb8 Mon Sep 17 00:00:00 2001 From: rellek Date: Fri, 6 Feb 2026 17:05:53 +0000 Subject: [PATCH 5/5] Add link to docs --- install/proxmox/INSTALLATION_GUIDE.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/install/proxmox/INSTALLATION_GUIDE.md b/install/proxmox/INSTALLATION_GUIDE.md index 7bb6e1d56..9a87a8d4a 100644 --- a/install/proxmox/INSTALLATION_GUIDE.md +++ b/install/proxmox/INSTALLATION_GUIDE.md @@ -17,7 +17,8 @@ This will: ### Update Existing Installation To update an existing NetAlertX container: - +- Type ```update``` in the NetAlertX LXC Console +- Or run this command on your Proxmox host: ```bash bash -c "$(wget -qLO - https://github.com/community-scripts/ProxmoxVE/raw/main/ct/netalertx.sh)" -s update ``` @@ -156,4 +157,4 @@ The installation script supports the following environment variables: - **GitHub Repository**: https://github.com/netalertx/NetAlertX - **Issue Tracker**: https://github.com/netalertx/NetAlertX/issues -- **Documentation**: `/app/docs/` directory +- **Documentation**: https://docs.netalertx.com