Update CHANGELOG.md (#8641)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

CHANGELOG.md

@@ -10,8 +10,14 @@
 > [!CAUTION]
 Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit the project's popularity for potentially malicious purposes.
 
+## 2025-10-26
+
 ## 2025-10-25
 
+### 🆕 New Scripts
+
+  - PatchMon ([#8632](https://github.com/community-scripts/ProxmoxVE/pull/8632))
+
 ### 🚀 Updated Scripts
 
   - #### 🐞 Bug Fixes

ct/headers/patchmon

@@ -0,0 +1,6 @@
+    ____        __       __    __  ___          
+   / __ \____ _/ /______/ /_  /  |/  /___  ____ 
+  / /_/ / __ `/ __/ ___/ __ \/ /|_/ / __ \/ __ \
+ / ____/ /_/ / /_/ /__/ / / / /  / / /_/ / / / /
+/_/    \__,_/\__/\___/_/ /_/_/  /_/\____/_/ /_/ 
+                                                

ct/patchmon.sh

@@ -0,0 +1,76 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2025 community-scripts ORG
+# Author: vhsdream
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/PatchMon/PatchMon
+
+APP="PatchMon"
+var_tags="${var_tags:-monitoring}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-2048}"
+var_disk="${var_disk:-4}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -d "/opt/patchmon" ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  NODE_VERSION="24" setup_nodejs
+  if check_for_gh_release "PatchMon" "PatchMon/PatchMon"; then
+    msg_info "Stopping Service"
+    systemctl stop patchmon-server
+    msg_ok "Stopped Service"
+
+    msg_info "Creating Backup"
+    cp /opt/patchmon/backend/.env /opt/backend.env
+    cp /opt/patchmon/frontend/.env /opt/frontend.env
+    msg_ok "Backup Created"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "PatchMon" "PatchMon/PatchMon" "tarball" "latest" "/opt/patchmon"
+
+    msg_info "Updating PatchMon"
+    cd /opt/patchmon
+    export NODE_ENV=production
+    $STD npm install --no-audit --no-fund --no-save --ignore-scripts
+    cd /opt/patchmon/backend
+    $STD npm install --no-audit --no-fund --no-save --ignore-scripts
+    cd /opt/patchmon/frontend
+    $STD npm install --include=dev --no-audit --no-fund --no-save --ignore-scripts
+    $STD npm run build
+    cd /opt/patchmon/backend
+    mv /opt/backend.env /opt/patchmon/backend/.env
+    mv /opt/frontend.env /opt/patchmon/frontend/.env
+    $STD npx prisma migrate deploy
+    $STD npx prisma generate
+    msg_ok "Updated PatchMon"
+
+    msg_info "Starting Service"
+    systemctl start patchmon-server
+    msg_ok "Started Service"
+    msg_ok "Updated Successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}${CL}"

frontend/public/json/patchmon.json

@@ -0,0 +1,35 @@
+{
+  "name": "PatchMon",
+  "slug": "patchmon",
+  "categories": [
+    9
+  ],
+  "date_created": "2025-10-25",
+  "type": "ct",
+  "updateable": true,
+  "privileged": false,
+  "interface_port": 3399,
+  "documentation": "https://docs.patchmon.net",
+  "website": "https://patchmon.net",
+  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons/webp/patchmon.webp",
+  "config_path": "/opt/patchmon/backend/.env, /opt/patchmon/frontend/.env",
+  "description": "Monitor Linux patches across all your hosts with real-time visibility, security update tracking, and comprehensive package management.",
+  "install_methods": [
+    {
+      "type": "default",
+      "script": "ct/patchmon.sh",
+      "resources": {
+        "cpu": 2,
+        "ram": 2048,
+        "hdd": 4,
+        "os": "debian",
+        "version": "13"
+      }
+    }
+  ],
+  "default_credentials": {
+    "username": null,
+    "password": null
+  },
+  "notes": []
+}

frontend/public/json/versions.json

@@ -1,19 +1,64 @@
 [
   {
-    "name": "dgtlmoon/changedetection.io",
+    "name": "TwiN/gatus",
-    "version": "0.50.31",
+    "version": "v5.29.0",
-    "date": "2025-10-25T11:14:22Z"
+    "date": "2025-10-25T19:49:18Z"
   },
   {
-    "name": "pi-hole/pi-hole",
+    "name": "Prowlarr/Prowlarr",
-    "version": "v6.2.1",
+    "version": "v2.1.5.5216",
-    "date": "2025-10-25T10:39:32Z"
+    "date": "2025-10-25T19:41:59Z"
+  },
+  {
+    "name": "9001/copyparty",
+    "version": "v1.19.19",
+    "date": "2025-10-25T19:39:58Z"
+  },
+  {
+    "name": "BerriAI/litellm",
+    "version": "v1.78.0-stable",
+    "date": "2025-10-25T18:30:23Z"
+  },
+  {
+    "name": "dgtlmoon/changedetection.io",
+    "version": "0.50.32",
+    "date": "2025-10-25T17:29:19Z"
+  },
+  {
+    "name": "cross-seed/cross-seed",
+    "version": "v6.13.5",
+    "date": "2025-09-27T01:10:59Z"
+  },
+  {
+    "name": "fuma-nama/fumadocs",
+    "version": "fumadocs-core@16.0.3",
+    "date": "2025-10-25T16:44:33Z"
+  },
+  {
+    "name": "sassanix/Warracker",
+    "version": "1.0.0",
+    "date": "2025-10-25T14:25:06Z"
+  },
+  {
+    "name": "danielbrendel/hortusfox-web",
+    "version": "v5.3",
+    "date": "2025-10-25T13:50:31Z"
+  },
+  {
+    "name": "runtipi/runtipi",
+    "version": "v4.5.3",
+    "date": "2025-10-25T13:27:34Z"
   },
   {
     "name": "firefly-iii/firefly-iii",
     "version": "v6.4.2",
     "date": "2025-10-07T08:11:58Z"
   },
+  {
+    "name": "pi-hole/pi-hole",
+    "version": "v6.2.1",
+    "date": "2025-10-25T10:39:32Z"
+  },
   {
     "name": "Jackett/Jackett",
     "version": "v0.24.185",
@@ -44,11 +89,6 @@
     "version": "r7.0.26-rc0",
     "date": "2025-10-24T22:33:52Z"
   },
-  {
-    "name": "runtipi/runtipi",
-    "version": "v4.5.2",
-    "date": "2025-10-24T21:42:54Z"
-  },
   {
     "name": "msgbyte/tianji",
     "version": "v1.30.3",
@@ -109,11 +149,6 @@
     "version": "4.5.5",
     "date": "2025-10-24T11:12:22Z"
   },
-  {
-    "name": "fuma-nama/fumadocs",
-    "version": "fumadocs-openapi@9.6.3",
-    "date": "2025-10-24T11:08:15Z"
-  },
   {
     "name": "crowdsecurity/crowdsec",
     "version": "v1.7.3",
@@ -179,11 +214,6 @@
     "version": "v4.4.0",
     "date": "2025-10-16T07:20:34Z"
   },
-  {
-    "name": "TwiN/gatus",
-    "version": "v5.28.0",
-    "date": "2025-10-23T16:16:04Z"
-  },
   {
     "name": "juanfont/headscale",
     "version": "v0.26.1",
@@ -214,11 +244,6 @@
     "version": "v2.2.0.0_stable_2025-10-23",
     "date": "2025-10-23T11:48:25Z"
   },
-  {
-    "name": "BerriAI/litellm",
-    "version": "v1.78.7-nightly",
-    "date": "2025-10-22T22:33:31Z"
-  },
   {
     "name": "jhuckaby/Cronicle",
     "version": "v0.9.99",
@@ -419,11 +444,6 @@
     "version": "v13.0.0",
     "date": "2025-10-19T10:03:18Z"
   },
-  {
-    "name": "Prowlarr/Prowlarr",
-    "version": "v2.0.5.5160",
-    "date": "2025-08-23T21:23:11Z"
-  },
   {
     "name": "Lidarr/Lidarr",
     "version": "v2.14.5.4836",
@@ -469,11 +489,6 @@
     "version": "v25.4",
     "date": "2025-10-09T10:27:01Z"
   },
-  {
-    "name": "9001/copyparty",
-    "version": "v1.19.17",
-    "date": "2025-10-17T23:40:02Z"
-  },
   {
     "name": "forgejo/forgejo",
     "version": "v13.0.1",
@@ -516,8 +531,8 @@
   },
   {
     "name": "ollama/ollama",
-    "version": "v0.12.6-rc1",
+    "version": "v0.12.6",
-    "date": "2025-10-16T16:36:25Z"
+    "date": "2025-10-16T20:07:41Z"
   },
   {
     "name": "minio/minio",
@@ -769,11 +784,6 @@
     "version": "v0.15.1",
     "date": "2025-10-07T20:30:56Z"
   },
-  {
-    "name": "sassanix/Warracker",
-    "version": "0.10.1.14",
-    "date": "2025-10-06T23:35:16Z"
-  },
   {
     "name": "Radarr/Radarr",
     "version": "v5.28.0.10274",
@@ -899,11 +909,6 @@
     "version": "22.0.2",
     "date": "2025-09-27T01:43:20Z"
   },
-  {
-    "name": "cross-seed/cross-seed",
-    "version": "v6.13.5",
-    "date": "2025-09-27T01:10:59Z"
-  },
   {
     "name": "traefik/traefik",
     "version": "v3.5.3",
@@ -1184,11 +1189,6 @@
     "version": "v2.1.1867",
     "date": "2025-07-31T18:08:43Z"
   },
-  {
-    "name": "danielbrendel/hortusfox-web",
-    "version": "v5.2",
-    "date": "2025-07-30T10:40:00Z"
-  },
   {
     "name": "dani-garcia/vaultwarden",
     "version": "1.34.3",

install/patchmon-install.sh

@@ -0,0 +1,287 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2025 community-scripts ORG
+# Author: vhsdream
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/PatcMmon/PatchMon
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  build-essential \
+  nginx \
+  redis-server
+msg_ok "Installed Dependencies"
+
+NODE_VERSION="24" setup_nodejs
+PG_VERSION="17" setup_postgresql
+
+msg_info "Setup PostgreSQL Database"
+DB_NAME=patchmon_db
+DB_USER=patchmon_usr
+DB_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)"
+$STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';"
+$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCODING 'UTF8' TEMPLATE template0;"
+$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
+$STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;"
+{
+  echo "PatchMon Credentials"
+  echo "PatchMon Database Name: $DB_NAME"
+  echo "PatchMon Database User: $DB_USER"
+  echo "PatchMon Database Password: $DB_PASS"
+} >>~/patchmon.creds
+msg_ok "Setup PostgreSQL Database"
+
+fetch_and_deploy_gh_release "PatchMon" "PatchMon/PatchMon" "tarball" "latest" "/opt/patchmon"
+
+msg_info "Configuring PatchMon"
+cd /opt/patchmon
+export NODE_ENV=production
+$STD npm install --no-audit --no-fund --no-save --ignore-scripts
+cd /opt/patchmon/backend
+$STD npm install --no-audit --no-fund --no-save --ignore-scripts
+cd /opt/patchmon/frontend
+$STD npm install --include=dev --no-audit --no-fund --no-save --ignore-scripts
+$STD npm run build
+
+JWT_SECRET="$(openssl rand -base64 64 | tr -d "=+/" | cut -c1-50)"
+LOCAL_IP="$(hostname -I | awk '{print $1}')"
+cat <<EOF >/opt/patchmon/backend/.env
+# Database Configuration
+DATABASE_URL="postgresql://$DB_USER:$DB_PASS@localhost:5432/$DB_NAME"
+PY_THRESHOLD=3M_DB_CONN_MAX_ATTEMPTS=30
+PM_DB_CONN_WAIT_INTERVAL=2
+
+# JWT Configuration
+JWT_SECRET="$JWT_SECRET"
+JWT_EXPIRES_IN=1h
+JWT_REFRESH_EXPIRES_IN=7d
+
+# Server Configuration
+PORT=3399
+NODE_ENV=production
+
+# API Configuration
+API_VERSION=v1
+
+# CORS Configuration
+CORS_ORIGIN="http://$LOCAL_IP"
+
+# Session Configuration
+SESSION_INACTIVITY_TIMEOUT_MINUTES=30
+
+# User Configuration
+DEFAULT_USER_ROLE=user
+
+# Rate Limiting (times in milliseconds)
+RATE_LIMIT_WINDOW_MS=900000
+RATE_LIMIT_MAX=5000
+AUTH_RATE_LIMIT_WINDOW_MS=600000
+AUTH_RATE_LIMIT_MAX=500
+AGENT_RATE_LIMIT_WINDOW_MS=60000
+AGENT_RATE_LIMIT_MAX=1000
+
+# Redis Configuration
+REDIS_HOST=localhost
+REDIS_PORT=6379
+
+# Logging
+LOG_LEVEL=info
+ENABLE_LOGGING=true
+
+# TFA Configuration
+TFA_REMEMBER_ME_EXPIRES_IN=30d
+TFA_MAX_REMEMBER_SESSIONS=5
+TFA_SUSPICIOUS_ACTIVITY_THRESHOLD=3
+EOF
+
+cat <<EOF >/opt/patchmon/frontend/.env
+VITE_API_URL=http://$LOCAL_IP/api/v1
+VITE_APP_NAME=PatchMon
+VITE_APP_VERSION=1.3.0
+EOF
+
+cd /opt/patchmon/backend
+$STD npx prisma migrate deploy
+$STD npx prisma generate
+msg_ok "Configured PatchMon"
+
+msg_info "Configuring Nginx"
+cat <<EOF >/etc/nginx/sites-available/patchmon.conf
+server {
+    listen 80;
+    server_name $LOCAL_IP;
+
+    # Security headers
+    add_header X-Frame-Options DENY always;
+    add_header X-Content-Type-Options nosniff always;
+    add_header X-XSS-Protection "1; mode=block" always;
+    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
+
+    # Frontend
+    location / {
+        root /opt/patchmon/frontend/dist;
+        try_files \$uri \$uri/ /index.html;
+    }
+
+    # Bull Board proxy
+    location /bullboard {
+        proxy_pass http://127.0.0.1:3399;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade \$http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+        proxy_set_header X-Forwarded-Host \$host;
+        proxy_set_header Cookie \$http_cookie;
+        proxy_cache_bypass \$http_upgrade;
+        proxy_read_timeout 300s;
+        proxy_connect_timeout 75s;
+ 
+        # Enable cookie passthrough
+        proxy_pass_header Set-Cookie;
+        proxy_cookie_path / /;
+ 
+        # Preserve original client IP
+        proxy_set_header X-Original-Forwarded-For \$http_x_forwarded_for;
+        if (\$request_method = 'OPTIONS') {
+            return 204;
+        }
+    }
+
+    # API proxy
+    location /api/ {
+        proxy_pass http://127.0.0.1:3399;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade \$http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_set_header Host \$host;
+        proxy_set_header X-Real-IP \$remote_addr;
+        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto \$scheme;
+        proxy_cache_bypass \$http_upgrade;
+        proxy_read_timeout 300s;
+        proxy_connect_timeout 75s;
+ 
+        # Preserve original client IP
+        proxy_set_header X-Original-Forwarded-For \$http_x_forwarded_for;
+        if (\$request_method = 'OPTIONS') {
+            return 204;
+        }
+    }
+
+    # Static assets caching (exclude Bull Board assets)
+    location ~* ^/(?!bullboard).*\.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
+        root /opt/patchmon/frontend/dist;
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+    }
+ 
+    # Health check endpoint
+    location /health {
+        proxy_pass http://127.0.0.1:3399/health;
+        access_log off;
+    }
+}
+EOF
+ln -sf /etc/nginx/sites-available/patchmon.conf /etc/nginx/sites-enabled/
+rm -f /etc/nginx/sites-enabled/default
+$STD nginx -t
+systemctl restart nginx
+msg_ok "Configured Nginx"
+
+msg_info "Creating service"
+cat <<EOF >/etc/systemd/system/patchmon-server.service
+[Unit]
+Description=PatchMon Service
+After=network.target postgresql.service
+
+[Service]
+Type=simple
+WorkingDirectory=/opt/patchmon/backend
+ExecStart=/usr/bin/node src/server.js
+Restart=always
+RestartSec=10
+Environment=NODE_ENV=production
+Environment=PATH=/usr/bin:/usr/local/bin
+NoNewPrivileges=true
+PrivateTmp=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/opt/patchmon
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now patchmon-server
+msg_ok "Created and started service"
+
+msg_info "Updating settings"
+cat <<EOF >/opt/patchmon/backend/update-settings.js
+const { PrismaClient } = require('@prisma/client');
+const { v4: uuidv4 } = require('uuid');
+const prisma = new PrismaClient();
+
+async function updateSettings() {
+  try {
+    const existingSettings = await prisma.settings.findFirst();
+
+    const settingsData = {
+      id: uuidv4(),
+      server_url: 'http://$LOCAL_IP',
+      server_protocol: 'http',
+      server_host: '$LOCAL_IP',
+      server_port: 3399,
+      update_interval: 60,
+      auto_update: true,
+      signup_enabled: false,
+      ignore_ssl_self_signed: false,
+      updated_at: new Date()
+    };
+
+  if (existingSettings) {
+    // Update existing settings
+    await prisma.settings.update({
+      where: { id: existingSettings.id },
+      data: settingsData
+    });
+  } else {
+    // Create new settings record
+    await prisma.settings.create({
+      data: settingsData
+    });
+  }
+
+  console.log('✅ Database settings updated successfully');
+  } catch (error) {
+    console.error('❌ Error updating settings:', error.message);
+    process.exit(1);
+  } finally {
+    await prisma.\$disconnect();
+  }
+}
+
+updateSettings();
+EOF
+
+cd /opt/patchmon/backend
+$STD node update-settings.js
+msg_ok "Settings updated successfully"
+
+motd_ssh
+customize
+
+msg_info "Cleaning up"
+$STD apt -y autoremove
+$STD apt -y autoclean
+$STD apt -y clean
+msg_ok "Cleaned"