Merge branch 'main' of https://github.com/MacRimi/ProxMenux

2025-10-01 23:56:18 +00:00 · 2025-09-01 17:21:41 +02:00
parent ce25a167f1 1c44969580
commit 5d1338e485
7 changed files with 237 additions and 94 deletions
--- a/json/helpers_cache.json
+++ b/json/helpers_cache.json
@@ -498,7 +498,9 @@
    "categories": [
      13
    ],
-    "notes": [],
+    "notes": [
+      "Starting Booklore (Web UI) may take up to 2 minutes after a restart or fresh installation."
+    ],
    "type": "ct"
  },
  {
--- a/scripts/global/share-common.func
+++ b/scripts/global/share-common.func
@@ -138,6 +138,150 @@ pmx_ensure_host_group() {



+
+
+
+
+
+
+pmx_choose_or_create_group_() {
+    local default_group="${1:-$PROXMENUX_DEFAULT_SHARE_GROUP}"
+    local choice group_name groups menu_args gid_min
+
+    # Detect GID_MIN (fallback 1000)
+    gid_min="$(awk '/^\s*GID_MIN\s+[0-9]+/ {print $2}' /etc/login.defs 2>/dev/null | tail -n1)"
+    [[ -z "$gid_min" ]] && gid_min=1000
+
+    choice=$(whiptail --title "$(translate "Shared Group")" \
+        --menu "$(translate "Choose a group policy for this shared directory:")" 18 78 6 \
+        "1"  "$(translate "Use default group:") $default_group $(translate "(recommended)")" \
+        "2"  "$(translate "Create a new group for isolation")" \
+        "3"  "$(translate "Select an existing group")" \
+        3>&1 1>&2 2>&3) || { echo ""; return 1; }
+
+    case "$choice" in
+        1)
+            # Ensure exists; auto GID >= 101000 if creation is needed
+            pmx_ensure_host_group "$default_group" >/dev/null || { echo ""; return 1; }
+            echo "$default_group"
+            ;;
+
+        2)
+            group_name=$(whiptail --inputbox "$(translate "Enter new group name:")" 10 70 "sharedfiles-project" \
+                --title "$(translate "New Group")" 3>&1 1>&2 2>&3) || { echo ""; return 1; }
+
+            if [[ -z "$group_name" ]]; then
+                msg_error "$(translate "Group name cannot be empty.")"
+                echo ""; return 1
+            fi
+            # POSIX-ish validation: start with letter/_ ; then letters/digits/_/-
+            if ! [[ "$group_name" =~ ^[a-zA-Z_][a-zA-Z0-9_-]*$ ]]; then
+                msg_error "$(translate "Invalid group name. Use letters, digits, underscore or hyphen, and start with a letter or underscore.")"
+                echo ""; return 1
+            fi
+
+            pmx_ensure_host_group "$group_name" >/dev/null || { echo ""; return 1; }
+            echo "$group_name"
+            ;;
+
+        3)
+            # Build list of real user groups (>= GID_MIN), exclude nogroup and pve*
+            groups=$(getent group | awk -F: -v MIN="$gid_min" '
+                $3 >= MIN && $1 != "nogroup" && $1 !~ /^pve/ {print $0}
+            ' | sort -t: -k1,1)
+
+            if [[ -z "$groups" ]]; then
+                whiptail --title "$(translate "Groups")" --msgbox "$(translate "No user groups found.")" 8 60
+                echo ""; return 1
+            fi
+
+            menu_args=()
+            while IFS=: read -r gname _ gid members; do
+                menu_args+=("$gname" "GID=$gid")
+            done <<< "$groups"
+
+            group_name=$(whiptail --title "$(translate "Existing Groups")" \
+                --menu "$(translate "Select an existing group:")" 20 70 12 \
+                "${menu_args[@]}" 3>&1 1>&2 2>&3) || { echo ""; return 1; }
+
+            # Ensure (no-op if exists)
+            pmx_ensure_host_group "$group_name" >/dev/null || { echo ""; return 1; }
+            echo "$group_name"
+            ;;
+
+        *)
+            echo ""; return 1
+            ;;
+    esac
+}
+
+
+
+
+
+
+
+
+pmx_ensure_host_group_() {
+    local group_name="$1"
+    local suggested_gid="${2:-}"
+    local base_gid=101000
+    local new_gid gid
+
+    # Si ya existe, devuelve su GID
+    if getent group "$group_name" >/dev/null 2>&1; then
+        gid="$(getent group "$group_name" | cut -d: -f3)"
+        echo "$gid"
+        return 0
+    fi
+
+    if [[ -n "$suggested_gid" ]]; then
+        # Verifica que el GID sugerido esté libre
+        if getent group "$suggested_gid" >/dev/null 2>&1; then
+            msg_error "$(translate "GID already in use:") $suggested_gid"
+            echo ""
+            return 1
+        fi
+        if ! groupadd -g "$suggested_gid" "$group_name" >/dev/null 2>&1; then
+            msg_error "$(translate "Failed to create group:") $group_name"
+            echo ""
+            return 1
+        fi
+        msg_ok "$(translate "Group created:") $group_name"
+    else
+        # Busca el primer GID libre >= 101000
+        new_gid="$base_gid"
+        while getent group "$new_gid" >/dev/null 2>&1; do
+            new_gid=$((new_gid+1))
+        done
+        if ! groupadd -g "$new_gid" "$group_name" >/dev/null 2>&1; then
+            msg_error "$(translate "Failed to create group:") $group_name"
+            echo ""
+            return 1
+        fi
+        msg_ok "$(translate "Group created:") $group_name"
+    fi
+
+    gid="$(getent group "$group_name" | cut -d: -f3)"
+    if [[ -z "$gid" ]]; then
+        msg_error "$(translate "Failed to resolve group GID for") $group_name"
+        echo ""
+        return 1
+    fi
+
+    echo "$gid"
+    return 0
+}
+
+
+
+
+
+
+
+
+
+
 pmx_prepare_host_shared_dir() {

    local dir="$1" group_name="$2"
@@ -437,4 +581,4 @@ select_lxc_container() {

    echo "$ctid"
    return 0
-}
+}
--- a/scripts/menus/share_menu.sh
+++ b/scripts/menus/share_menu.sh
@@ -28,39 +28,56 @@ while true; do
    OPTION=$(dialog --clear --backtitle "ProxMenux" \
        --title "$(translate "Network Storage Manager")" \
        --menu "\n$(translate "Select an option:")" 25 80 15 \
-        "1" "$(translate "Set up NFS Server in LXC")" \
-        "2" "$(translate "Set up Samba Server in LXC")" \
-        "3" "$(translate "Configure NFS Client in LXC")" \
-        "4" "$(translate "Configure Samba Client in LXC")" \
-        "5" "$(translate "Configure NFS Storage on Host (Proxmox)")" \
-        "6" "$(translate "Configure Samba Storage on Host (Proxmox)")" \
-        "7" "$(translate "Help & Info (commands)")" \
-        "8" "$(translate "Return to Main Menu")" \
-        2>&1 >/dev/tty)
-    
-    case $OPTION in
+            ""  "\Z4──────────── $(translate "LXC") ────────────\Zn" \
+            "1"         "$(translate "Mount Host Directory into LXC (Mount Manager)")" \
+            "2"         "$(translate "Configure NFS Client in LXC (only privileged)")" \
+            "3"         "$(translate "Configure Samba Client in LXC (only privileged)")" \
+            "4"         "$(translate "Set up NFS Server in LXC")" \
+            "5"         "$(translate "Set up Samba Server in LXC")" \
+            "" "\Z4──────────── $(translate "HOST") ─────────────\Zn" \
+            "6"         "$(translate "Configure NFS share on Host")" \
+            "7"         "$(translate "Configure Samba share on Host")" \
+            "8"         "$(translate "Configure Local Shared on Host")" \
+            ""          "" \
+            "9"         "$(translate "Help & Info (commands)")" \
+            "0"         "$(translate "Return to Main Menu")" \
+            2>&1 >/dev/tty
+    ) || { exec bash <(curl -s "$REPO_URL/scripts/menus/main_menu.sh"); }
+
+    case "$OPTION" in
+
+        lxctitle|hosttitle)
+            continue
+            ;;
+
        1)
-            bash <(curl -s "$REPO_URL/scripts/share/nfs.sh")
+            bash <(curl -s "$REPO_URL/scripts/share/lxc-mount-manager.sh")
            ;;
        2)
-            bash <(curl -s "$REPO_URL/scripts/share/samba.sh")
-            ;;
-        3)
            bash <(curl -s "$REPO_URL/scripts/share/nfs_client.sh")
            ;;
-        4)
+        3)
            bash <(curl -s "$REPO_URL/scripts/share/samba_client.sh")
+            ;;    
+        4)
+            bash <(curl -s "$REPO_URL/scripts/share/nfs.sh")
            ;;
        5)
+            bash <(curl -s "$REPO_URL/scripts/share/samba.sh")
+            ;;    
+        6)
            bash <(curl -s "$REPO_URL/scripts/share/nfs_host.sh")
            ;;
-        6)
+        7)
            bash <(curl -s "$REPO_URL/scripts/share/samba_host.sh")
            ;;
-        7)
+        8)  
+            bash <(curl -s "$REPO_URL/scripts/share/local-shared-manager.sh")
+            ;;
+        9)
            bash <(curl -s "$REPO_URL/scripts/share/commands_share.sh")
            ;;
-        8)
+        0)
            exec bash <(curl -s "$REPO_URL/scripts/menus/main_menu.sh")
            ;;
        *)
--- a/scripts/post_install/auto_post_install.sh
+++ b/scripts/post_install/auto_post_install.sh
@@ -479,47 +479,38 @@ apply_network_optimizations() {

 # Core buffers & queues
 net.core.netdev_max_backlog = 8192
-net.core.optmem_max        = 8192
-net.core.rmem_max          = 16777216
-net.core.wmem_max          = 16777216
-net.core.somaxconn         = 8151
+net.core.rmem_max = 16777216
+net.core.wmem_max = 16777216
+net.core.somaxconn = 8192

-# IPv4 security hardening
-net.ipv4.conf.all.accept_redirects    = 0
+# IPv4
+net.ipv4.conf.all.accept_redirects = 0
 net.ipv4.conf.all.accept_source_route = 0
-net.ipv4.conf.all.log_martians        = 0
-net.ipv4.conf.all.rp_filter           = 1
-net.ipv4.conf.all.secure_redirects    = 0
-net.ipv4.conf.all.send_redirects      = 0
+net.ipv4.conf.all.secure_redirects = 0
+net.ipv4.conf.all.send_redirects = 0
+net.ipv4.conf.all.log_martians = 1

-net.ipv4.conf.default.accept_redirects    = 0
+net.ipv4.conf.default.accept_redirects = 0
 net.ipv4.conf.default.accept_source_route = 0
-net.ipv4.conf.default.log_martians        = 0
-net.ipv4.conf.default.rp_filter           = 1
-net.ipv4.conf.default.secure_redirects    = 0
-net.ipv4.conf.default.send_redirects      = 0
+net.ipv4.conf.default.secure_redirects = 0
+net.ipv4.conf.default.send_redirects = 0
+net.ipv4.conf.default.log_martians = 1

-# ICMP handling
-net.ipv4.icmp_echo_ignore_broadcasts   = 1
+# rp_filter: loose multi-homed/bridges
+net.ipv4.conf.all.rp_filter = 2
+net.ipv4.conf.default.rp_filter = 2
+
+# ICMP
+net.ipv4.icmp_echo_ignore_broadcasts = 1
 net.ipv4.icmp_ignore_bogus_error_responses = 1

-# TCP/IP tuning
+# TCP/IP
 net.ipv4.ip_local_port_range = 1024 65535
-net.ipv4.tcp_base_mss        = 1024
-net.ipv4.tcp_fin_timeout     = 10
-net.ipv4.tcp_keepalive_intvl = 30
-net.ipv4.tcp_keepalive_probes= 3
-net.ipv4.tcp_keepalive_time  = 240
-net.ipv4.tcp_limit_output_bytes = 65536
-net.ipv4.tcp_max_syn_backlog = 8192
-net.ipv4.tcp_mtu_probing     = 1
-net.ipv4.tcp_rfc1337         = 1
-net.ipv4.tcp_rmem            = 8192 87380 16777216
-net.ipv4.tcp_sack            = 1
-net.ipv4.tcp_slow_start_after_idle = 0
-net.ipv4.tcp_syn_retries     = 3
-net.ipv4.tcp_synack_retries  = 2
-net.ipv4.tcp_wmem            = 8192 65536 16777216
+net.ipv4.tcp_mtu_probing = 1
+net.ipv4.tcp_rfc1337 = 1
+net.ipv4.tcp_sack = 1
+net.ipv4.tcp_rmem = 8192 87380 16777216
+net.ipv4.tcp_wmem = 8192 65536 16777216

 # Unix sockets
 net.unix.max_dgram_qlen = 4096
@@ -701,7 +692,7 @@ install_log2ram_auto() {
    if ! command -v git >/dev/null 2>&1; then
        apt-get update -qq >/dev/null 2>&1
        apt-get install -y git >/dev/null 2>&1
-        msg_ok "$(translate "Git installed successfully")"
+        #msg_ok "$(translate "Git installed successfully")"
    fi
    
    if ! git clone https://github.com/azlux/log2ram.git /tmp/log2ram >/dev/null 2>>/tmp/log2ram_install.log; then
@@ -858,7 +849,7 @@ run_complete_optimization() {
    configure_kernel_panic
    force_apt_ipv4
    apply_network_optimizations
-    disable_rpc
+    #disable_rpc
    customize_bashrc
    install_log2ram_auto
    setup_persistent_network
--- a/scripts/post_install/customizable_post_install.sh
+++ b/scripts/post_install/customizable_post_install.sh
@@ -1325,47 +1325,36 @@ apply_network_optimizations() {

 # Core buffers & queues
 net.core.netdev_max_backlog = 8192
-net.core.optmem_max        = 8192
-net.core.rmem_max          = 16777216
-net.core.wmem_max          = 16777216
-net.core.somaxconn         = 8151
+net.core.rmem_max = 16777216
+net.core.wmem_max = 16777216
+net.core.somaxconn = 8192

-# IPv4 security hardening
-net.ipv4.conf.all.accept_redirects    = 0
+net.ipv4.conf.all.accept_redirects = 0
 net.ipv4.conf.all.accept_source_route = 0
-net.ipv4.conf.all.log_martians        = 0
-net.ipv4.conf.all.rp_filter           = 1
-net.ipv4.conf.all.secure_redirects    = 0
-net.ipv4.conf.all.send_redirects      = 0
+net.ipv4.conf.all.secure_redirects = 0
+net.ipv4.conf.all.send_redirects = 0
+net.ipv4.conf.all.log_martians = 1

-net.ipv4.conf.default.accept_redirects    = 0
+net.ipv4.conf.default.accept_redirects = 0
 net.ipv4.conf.default.accept_source_route = 0
-net.ipv4.conf.default.log_martians        = 0
-net.ipv4.conf.default.rp_filter           = 1
-net.ipv4.conf.default.secure_redirects    = 0
-net.ipv4.conf.default.send_redirects      = 0
+net.ipv4.conf.default.secure_redirects = 0
+net.ipv4.conf.default.send_redirects = 0
+net.ipv4.conf.default.log_martians = 1

-# ICMP handling
-net.ipv4.icmp_echo_ignore_broadcasts   = 1
+net.ipv4.conf.all.rp_filter = 2
+net.ipv4.conf.default.rp_filter = 2
+
+# ICMP
+net.ipv4.icmp_echo_ignore_broadcasts = 1
 net.ipv4.icmp_ignore_bogus_error_responses = 1

-# TCP/IP tuning
+# TCP/IP
 net.ipv4.ip_local_port_range = 1024 65535
-net.ipv4.tcp_base_mss        = 1024
-net.ipv4.tcp_fin_timeout     = 10
-net.ipv4.tcp_keepalive_intvl = 30
-net.ipv4.tcp_keepalive_probes= 3
-net.ipv4.tcp_keepalive_time  = 240
-net.ipv4.tcp_limit_output_bytes = 65536
-net.ipv4.tcp_max_syn_backlog = 8192
-net.ipv4.tcp_mtu_probing     = 1
-net.ipv4.tcp_rfc1337         = 1
-net.ipv4.tcp_rmem            = 8192 87380 16777216
-net.ipv4.tcp_sack            = 1
-net.ipv4.tcp_slow_start_after_idle = 0
-net.ipv4.tcp_syn_retries     = 3
-net.ipv4.tcp_synack_retries  = 2
-net.ipv4.tcp_wmem            = 8192 65536 16777216
+net.ipv4.tcp_mtu_probing = 1
+net.ipv4.tcp_rfc1337 = 1
+net.ipv4.tcp_sack = 1
+net.ipv4.tcp_rmem = 8192 87380 16777216
+net.ipv4.tcp_wmem = 8192 65536 16777216

 # Unix sockets
 net.unix.max_dgram_qlen = 4096
--- a/scripts/share/lxc-mount-manager.sh
+++ b/scripts/share/lxc-mount-manager.sh
@@ -300,11 +300,14 @@ mount_host_directory_to_lxc() {
            sleep 3
            msg_ok "$(translate "Container started")"
        else
+            show_proxmenux_logo
+            msg_title "$(translate 'Mount Host Directory to LXC Container')"
            msg_error "$(translate "Failed to start container")"
            return 1
        fi
    fi
    msg_ok "$(translate 'Select LXC container')"
+    sleep 2



@@ -315,6 +318,7 @@ mount_host_directory_to_lxc() {
        return 1
    fi
    msg_ok "$(translate 'Select Host directory')"
+    

    # Step 3: Setup group
    local group_name="sharedfiles"
--- a/scripts/vm/zimaos.sh
+++ b/scripts/vm/zimaos.sh
@@ -315,16 +315,12 @@ function advanced_settings() {
    "$(translate "Select the bus type for the disks:")" 15 70 4 \
    "scsi"    "$(translate "SCSI   (recommended for Linux)")" ON \
    "sata"    "$(translate "SATA   (standard - high compatibility)")" OFF \
-    "virtio"  "$(translate "VirtIO (advanced - high performance)")" OFF \
    3>&1 1>&2 2>&3) || exit 1

  case "$INTERFACE_TYPE" in
    "scsi"|"sata")
      DISCARD_OPTS=",discard=on,ssd=on"
      ;;
-    "virtio")
-      DISCARD_OPTS=",discard=on"
-      ;;
  esac

  msg_ok "$(translate "Disk interface selected:") $INTERFACE_TYPE"
@@ -856,7 +852,7 @@ function select_storage_volume() {
  else
    while [ -z "${STORAGE:+x}" ]; do
      STORAGE=$(whiptail --backtitle "ProxMenuX" --title "Storage Pools" --radiolist \
-        "$(translate "Choose the storage volume for $purpose:\n\nUse Spacebar to select.")" \
+        "$(translate "Choose the storage volume for $purpose:")" \
        16 $(($MSG_MAX_LENGTH + 23)) 6 \
        "${STORAGE_MENU[@]}" 3>&1 1>&2 2>&3) || exit
    done