From ea756dc87e445ab8a1fa8a1b35698c40d2b7f579 Mon Sep 17 00:00:00 2001 From: "push-app-to-main[bot]" <203845782+push-app-to-main[bot]@users.noreply.github.com> Date: Fri, 7 Nov 2025 09:40:08 +0100 Subject: [PATCH] infisical (#8926) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * 'Add new script' * Update infisical.sh * Update Infisical installation script with dynamic keys * Remove cleanup commands from install script Removed cleanup commands from the Infisical installation script. * Refactor Infisical repository setup process * Update date_created to 2025-11-07 --------- Co-authored-by: push-app-to-main[bot] <203845782+push-app-to-main[bot]@users.noreply.github.com> Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com> Co-authored-by: CanbiZ <47820557+MickLesk@users.noreply.github.com> --- ct/headers/infisical | 6 +++ ct/infisical.sh | 60 +++++++++++++++++++++++++ frontend/public/json/infisical.json | 35 +++++++++++++++ install/infisical-install.sh | 68 +++++++++++++++++++++++++++++ 4 files changed, 169 insertions(+) create mode 100644 ct/headers/infisical create mode 100644 ct/infisical.sh create mode 100644 frontend/public/json/infisical.json create mode 100644 install/infisical-install.sh diff --git a/ct/headers/infisical b/ct/headers/infisical new file mode 100644 index 000000000..d378f9dcb --- /dev/null +++ b/ct/headers/infisical @@ -0,0 +1,6 @@ + ____ _____ _ __ + / _/___ / __(_)____(_)________ _/ / + / // __ \/ /_/ / ___/ / ___/ __ `/ / + _/ // / / / __/ (__ ) / /__/ /_/ / / +/___/_/ /_/_/ /_/____/_/\___/\__,_/_/ + diff --git a/ct/infisical.sh b/ct/infisical.sh new file mode 100644 index 000000000..aafed8116 --- /dev/null +++ b/ct/infisical.sh @@ -0,0 +1,60 @@ +#!/usr/bin/env bash +source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func) +# Copyright (c) 2021-2025 community-scripts ORG +# Author: Slaviša Arežina (tremor021) +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://infisical.com/ + +APP="Infisical" +var_tags="${var_tags:-auth}" +var_cpu="${var_cpu:-2}" +var_ram="${var_ram:-2048}" +var_disk="${var_disk:-6}" +var_os="${var_os:-debian}" +var_version="${var_version:-13}" +var_unprivileged="${var_unprivileged:-1}" + +header_info "$APP" +variables +color +catch_errors + +function update_script() { + header_info + check_container_storage + check_container_resources + if [[ ! -d /etc/infisical ]]; then + msg_error "No ${APP} Installation Found!" + exit + fi + + msg_info "Stopping service" + $STD infisical-ctl stop + msg_ok "Service stopped" + + msg_info "Creating backup" + DB_PASS=$(grep -Po '(?<=^Database Password:\s).*' ~/infisical.creds | head -n1) + PGPASSWORD=$DB_PASS pg_dump -U infisical -h localhost -d infisical_db > /opt/infisical_backup.sql + msg_ok "Created backup" + + msg_info "Updating Infisical" + $STD apt update + $STD apt install -y infisical-core + $STD infisical-ctl reconfigure + msg_ok "Updated Infisical" + + msg_info "Starting service" + infisical-ctl start + msg_ok "Started service" + msg_ok "Updated successfully" + exit +} + +start +build_container +description + +msg_ok "Completed Successfully!\n" +echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}" +echo -e "${INFO}${YW} Access it using the following URL:${CL}" +echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080${CL}" diff --git a/frontend/public/json/infisical.json b/frontend/public/json/infisical.json new file mode 100644 index 000000000..5c8d439fd --- /dev/null +++ b/frontend/public/json/infisical.json @@ -0,0 +1,35 @@ +{ + "name": "Infisical", + "slug": "infisical", + "categories": [ + 6 + ], + "date_created": "2025-11-07", + "type": "ct", + "updateable": true, + "privileged": false, + "interface_port": 8080, + "documentation": "https://infisical.com/docs/documentation/getting-started/overview", + "config_path": "/etc/infisical/infisical.rb", + "website": "https://infisical.com/", + "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons/webp/infisical.webp", + "description": "Secrets, certificates, and access management on autopilot. All-in-one platform to securely manage application secrets, certificates, SSH keys, and configurations across your team and infrastructure.", + "install_methods": [ + { + "type": "default", + "script": "ct/infisical.sh", + "resources": { + "cpu": 2, + "ram": 2048, + "hdd": 6, + "os": "Debian", + "version": "13" + } + } + ], + "default_credentials": { + "username": null, + "password": null + }, + "notes": [] +} diff --git a/install/infisical-install.sh b/install/infisical-install.sh new file mode 100644 index 000000000..8203d7c6f --- /dev/null +++ b/install/infisical-install.sh @@ -0,0 +1,68 @@ +#!/usr/bin/env bash + +# Copyright (c) 2021-2025 community-scripts ORG +# Author: Slaviša Arežina (tremor021) +# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE +# Source: https://infisical.com/ + +source /dev/stdin <<<"$FUNCTIONS_FILE_PATH" +color +verb_ip6 +catch_errors +setting_up_container +network_check +update_os + +msg_info "Installing Dependencies" +$STD apt install -y \ + apt-transport-https \ + ca-certificates \ + redis +msg_ok "Installed Dependencies" + +PG_VERSION="17" setup_postgresql + +msg_info "Setting up Infisical Repository" +setup_deb822_repo \ + "infisical" \ + "https://artifacts-infisical-core.infisical.com/infisical.gpg" \ + "https://artifacts-infisical-core.infisical.com/deb" \ + "stable" +msg_ok "Setup Infisical repository" + +msg_info "Configuring PostgreSQL" +DB_NAME="infisical_db" +DB_USER="infisical" +DB_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)" +$STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';" +$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCODING 'UTF8' TEMPLATE template0;" +$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';" +$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET default_transaction_isolation TO 'read committed';" +$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET timezone TO 'UTC';" +{ + echo "Infiscal Credentials" + echo "Database Name: $DB_NAME" + echo "Database User: $DB_USER" + echo "Database Password: $DB_PASS" +} >>~/infisical.creds +msg_ok "Configured PostgreSQL" + +msg_info "Setting up Infisical" +AUTH_SECRET="$(openssl rand -base64 32 | tr -d '\n')" +ENC_KEY="$(openssl rand -hex 16 | tr -d '\n')" +IP_ADDR=$(hostname -I | awk '{print $1}') +$STD apt install -y infisical-core +mkdir -p /etc/infisical +cat </etc/infisical/infisical.rb +infisical_core['ENCRYPTION_KEY'] = '$ENC_KEY' +infisical_core['AUTH_SECRET'] = '$AUTH_SECRET' +infisical_core['HOST'] = '$IP_ADDR' +infisical_core['DB_CONNECTION_URI'] = 'postgres://${DB_USER}:${DB_PASS}@localhost:5432/${DB_NAME}' +infisical_core['REDIS_URL'] = 'redis://localhost:6379' +EOF +$STD infisical-ctl reconfigure +msg_ok "Setup Infisical" + +motd_ssh +customize +cleanup_lxc