diff --git a/json/helpers_cache.json b/json/helpers_cache.json index 74a6a93..9aabb4e 100644 --- a/json/helpers_cache.json +++ b/json/helpers_cache.json @@ -498,7 +498,9 @@ "categories": [ 13 ], - "notes": [], + "notes": [ + "Starting Booklore (Web UI) may take up to 2 minutes after a restart or fresh installation." + ], "type": "ct" }, { diff --git a/scripts/global/share-common.func b/scripts/global/share-common.func index 75fcf0d..7d03e34 100644 --- a/scripts/global/share-common.func +++ b/scripts/global/share-common.func @@ -138,6 +138,150 @@ pmx_ensure_host_group() { + + + + + + +pmx_choose_or_create_group_() { + local default_group="${1:-$PROXMENUX_DEFAULT_SHARE_GROUP}" + local choice group_name groups menu_args gid_min + + # Detect GID_MIN (fallback 1000) + gid_min="$(awk '/^\s*GID_MIN\s+[0-9]+/ {print $2}' /etc/login.defs 2>/dev/null | tail -n1)" + [[ -z "$gid_min" ]] && gid_min=1000 + + choice=$(whiptail --title "$(translate "Shared Group")" \ + --menu "$(translate "Choose a group policy for this shared directory:")" 18 78 6 \ + "1" "$(translate "Use default group:") $default_group $(translate "(recommended)")" \ + "2" "$(translate "Create a new group for isolation")" \ + "3" "$(translate "Select an existing group")" \ + 3>&1 1>&2 2>&3) || { echo ""; return 1; } + + case "$choice" in + 1) + # Ensure exists; auto GID >= 101000 if creation is needed + pmx_ensure_host_group "$default_group" >/dev/null || { echo ""; return 1; } + echo "$default_group" + ;; + + 2) + group_name=$(whiptail --inputbox "$(translate "Enter new group name:")" 10 70 "sharedfiles-project" \ + --title "$(translate "New Group")" 3>&1 1>&2 2>&3) || { echo ""; return 1; } + + if [[ -z "$group_name" ]]; then + msg_error "$(translate "Group name cannot be empty.")" + echo ""; return 1 + fi + # POSIX-ish validation: start with letter/_ ; then letters/digits/_/- + if ! [[ "$group_name" =~ ^[a-zA-Z_][a-zA-Z0-9_-]*$ ]]; then + msg_error "$(translate "Invalid group name. Use letters, digits, underscore or hyphen, and start with a letter or underscore.")" + echo ""; return 1 + fi + + pmx_ensure_host_group "$group_name" >/dev/null || { echo ""; return 1; } + echo "$group_name" + ;; + + 3) + # Build list of real user groups (>= GID_MIN), exclude nogroup and pve* + groups=$(getent group | awk -F: -v MIN="$gid_min" ' + $3 >= MIN && $1 != "nogroup" && $1 !~ /^pve/ {print $0} + ' | sort -t: -k1,1) + + if [[ -z "$groups" ]]; then + whiptail --title "$(translate "Groups")" --msgbox "$(translate "No user groups found.")" 8 60 + echo ""; return 1 + fi + + menu_args=() + while IFS=: read -r gname _ gid members; do + menu_args+=("$gname" "GID=$gid") + done <<< "$groups" + + group_name=$(whiptail --title "$(translate "Existing Groups")" \ + --menu "$(translate "Select an existing group:")" 20 70 12 \ + "${menu_args[@]}" 3>&1 1>&2 2>&3) || { echo ""; return 1; } + + # Ensure (no-op if exists) + pmx_ensure_host_group "$group_name" >/dev/null || { echo ""; return 1; } + echo "$group_name" + ;; + + *) + echo ""; return 1 + ;; + esac +} + + + + + + + + +pmx_ensure_host_group_() { + local group_name="$1" + local suggested_gid="${2:-}" + local base_gid=101000 + local new_gid gid + + # Si ya existe, devuelve su GID + if getent group "$group_name" >/dev/null 2>&1; then + gid="$(getent group "$group_name" | cut -d: -f3)" + echo "$gid" + return 0 + fi + + if [[ -n "$suggested_gid" ]]; then + # Verifica que el GID sugerido esté libre + if getent group "$suggested_gid" >/dev/null 2>&1; then + msg_error "$(translate "GID already in use:") $suggested_gid" + echo "" + return 1 + fi + if ! groupadd -g "$suggested_gid" "$group_name" >/dev/null 2>&1; then + msg_error "$(translate "Failed to create group:") $group_name" + echo "" + return 1 + fi + msg_ok "$(translate "Group created:") $group_name" + else + # Busca el primer GID libre >= 101000 + new_gid="$base_gid" + while getent group "$new_gid" >/dev/null 2>&1; do + new_gid=$((new_gid+1)) + done + if ! groupadd -g "$new_gid" "$group_name" >/dev/null 2>&1; then + msg_error "$(translate "Failed to create group:") $group_name" + echo "" + return 1 + fi + msg_ok "$(translate "Group created:") $group_name" + fi + + gid="$(getent group "$group_name" | cut -d: -f3)" + if [[ -z "$gid" ]]; then + msg_error "$(translate "Failed to resolve group GID for") $group_name" + echo "" + return 1 + fi + + echo "$gid" + return 0 +} + + + + + + + + + + pmx_prepare_host_shared_dir() { local dir="$1" group_name="$2" @@ -437,4 +581,4 @@ select_lxc_container() { echo "$ctid" return 0 -} \ No newline at end of file +} diff --git a/scripts/menus/share_menu.sh b/scripts/menus/share_menu.sh index c26c832..e8b5034 100644 --- a/scripts/menus/share_menu.sh +++ b/scripts/menus/share_menu.sh @@ -28,39 +28,56 @@ while true; do OPTION=$(dialog --clear --backtitle "ProxMenux" \ --title "$(translate "Network Storage Manager")" \ --menu "\n$(translate "Select an option:")" 25 80 15 \ - "1" "$(translate "Set up NFS Server in LXC")" \ - "2" "$(translate "Set up Samba Server in LXC")" \ - "3" "$(translate "Configure NFS Client in LXC")" \ - "4" "$(translate "Configure Samba Client in LXC")" \ - "5" "$(translate "Configure NFS Storage on Host (Proxmox)")" \ - "6" "$(translate "Configure Samba Storage on Host (Proxmox)")" \ - "7" "$(translate "Help & Info (commands)")" \ - "8" "$(translate "Return to Main Menu")" \ - 2>&1 >/dev/tty) - - case $OPTION in + "" "\Z4──────────── $(translate "LXC") ────────────\Zn" \ + "1" "$(translate "Mount Host Directory into LXC (Mount Manager)")" \ + "2" "$(translate "Configure NFS Client in LXC (only privileged)")" \ + "3" "$(translate "Configure Samba Client in LXC (only privileged)")" \ + "4" "$(translate "Set up NFS Server in LXC")" \ + "5" "$(translate "Set up Samba Server in LXC")" \ + "" "\Z4──────────── $(translate "HOST") ─────────────\Zn" \ + "6" "$(translate "Configure NFS share on Host")" \ + "7" "$(translate "Configure Samba share on Host")" \ + "8" "$(translate "Configure Local Shared on Host")" \ + "" "" \ + "9" "$(translate "Help & Info (commands)")" \ + "0" "$(translate "Return to Main Menu")" \ + 2>&1 >/dev/tty + ) || { exec bash <(curl -s "$REPO_URL/scripts/menus/main_menu.sh"); } + + case "$OPTION" in + + lxctitle|hosttitle) + continue + ;; + 1) - bash <(curl -s "$REPO_URL/scripts/share/nfs.sh") + bash <(curl -s "$REPO_URL/scripts/share/lxc-mount-manager.sh") ;; 2) - bash <(curl -s "$REPO_URL/scripts/share/samba.sh") - ;; - 3) bash <(curl -s "$REPO_URL/scripts/share/nfs_client.sh") ;; - 4) + 3) bash <(curl -s "$REPO_URL/scripts/share/samba_client.sh") + ;; + 4) + bash <(curl -s "$REPO_URL/scripts/share/nfs.sh") ;; 5) + bash <(curl -s "$REPO_URL/scripts/share/samba.sh") + ;; + 6) bash <(curl -s "$REPO_URL/scripts/share/nfs_host.sh") ;; - 6) + 7) bash <(curl -s "$REPO_URL/scripts/share/samba_host.sh") ;; - 7) + 8) + bash <(curl -s "$REPO_URL/scripts/share/local-shared-manager.sh") + ;; + 9) bash <(curl -s "$REPO_URL/scripts/share/commands_share.sh") ;; - 8) + 0) exec bash <(curl -s "$REPO_URL/scripts/menus/main_menu.sh") ;; *) diff --git a/scripts/post_install/auto_post_install.sh b/scripts/post_install/auto_post_install.sh index 0bd3b6d..d3dc9e9 100644 --- a/scripts/post_install/auto_post_install.sh +++ b/scripts/post_install/auto_post_install.sh @@ -479,47 +479,38 @@ apply_network_optimizations() { # Core buffers & queues net.core.netdev_max_backlog = 8192 -net.core.optmem_max = 8192 -net.core.rmem_max = 16777216 -net.core.wmem_max = 16777216 -net.core.somaxconn = 8151 +net.core.rmem_max = 16777216 +net.core.wmem_max = 16777216 +net.core.somaxconn = 8192 -# IPv4 security hardening -net.ipv4.conf.all.accept_redirects = 0 +# IPv4 +net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 -net.ipv4.conf.all.log_martians = 0 -net.ipv4.conf.all.rp_filter = 1 -net.ipv4.conf.all.secure_redirects = 0 -net.ipv4.conf.all.send_redirects = 0 +net.ipv4.conf.all.secure_redirects = 0 +net.ipv4.conf.all.send_redirects = 0 +net.ipv4.conf.all.log_martians = 1 -net.ipv4.conf.default.accept_redirects = 0 +net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.default.accept_source_route = 0 -net.ipv4.conf.default.log_martians = 0 -net.ipv4.conf.default.rp_filter = 1 -net.ipv4.conf.default.secure_redirects = 0 -net.ipv4.conf.default.send_redirects = 0 +net.ipv4.conf.default.secure_redirects = 0 +net.ipv4.conf.default.send_redirects = 0 +net.ipv4.conf.default.log_martians = 1 -# ICMP handling -net.ipv4.icmp_echo_ignore_broadcasts = 1 +# rp_filter: loose multi-homed/bridges +net.ipv4.conf.all.rp_filter = 2 +net.ipv4.conf.default.rp_filter = 2 + +# ICMP +net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 -# TCP/IP tuning +# TCP/IP net.ipv4.ip_local_port_range = 1024 65535 -net.ipv4.tcp_base_mss = 1024 -net.ipv4.tcp_fin_timeout = 10 -net.ipv4.tcp_keepalive_intvl = 30 -net.ipv4.tcp_keepalive_probes= 3 -net.ipv4.tcp_keepalive_time = 240 -net.ipv4.tcp_limit_output_bytes = 65536 -net.ipv4.tcp_max_syn_backlog = 8192 -net.ipv4.tcp_mtu_probing = 1 -net.ipv4.tcp_rfc1337 = 1 -net.ipv4.tcp_rmem = 8192 87380 16777216 -net.ipv4.tcp_sack = 1 -net.ipv4.tcp_slow_start_after_idle = 0 -net.ipv4.tcp_syn_retries = 3 -net.ipv4.tcp_synack_retries = 2 -net.ipv4.tcp_wmem = 8192 65536 16777216 +net.ipv4.tcp_mtu_probing = 1 +net.ipv4.tcp_rfc1337 = 1 +net.ipv4.tcp_sack = 1 +net.ipv4.tcp_rmem = 8192 87380 16777216 +net.ipv4.tcp_wmem = 8192 65536 16777216 # Unix sockets net.unix.max_dgram_qlen = 4096 @@ -701,7 +692,7 @@ install_log2ram_auto() { if ! command -v git >/dev/null 2>&1; then apt-get update -qq >/dev/null 2>&1 apt-get install -y git >/dev/null 2>&1 - msg_ok "$(translate "Git installed successfully")" + #msg_ok "$(translate "Git installed successfully")" fi if ! git clone https://github.com/azlux/log2ram.git /tmp/log2ram >/dev/null 2>>/tmp/log2ram_install.log; then @@ -858,7 +849,7 @@ run_complete_optimization() { configure_kernel_panic force_apt_ipv4 apply_network_optimizations - disable_rpc + #disable_rpc customize_bashrc install_log2ram_auto setup_persistent_network diff --git a/scripts/post_install/customizable_post_install.sh b/scripts/post_install/customizable_post_install.sh index 877cd16..ecefb0e 100644 --- a/scripts/post_install/customizable_post_install.sh +++ b/scripts/post_install/customizable_post_install.sh @@ -1325,47 +1325,36 @@ apply_network_optimizations() { # Core buffers & queues net.core.netdev_max_backlog = 8192 -net.core.optmem_max = 8192 -net.core.rmem_max = 16777216 -net.core.wmem_max = 16777216 -net.core.somaxconn = 8151 +net.core.rmem_max = 16777216 +net.core.wmem_max = 16777216 +net.core.somaxconn = 8192 -# IPv4 security hardening -net.ipv4.conf.all.accept_redirects = 0 +net.ipv4.conf.all.accept_redirects = 0 net.ipv4.conf.all.accept_source_route = 0 -net.ipv4.conf.all.log_martians = 0 -net.ipv4.conf.all.rp_filter = 1 -net.ipv4.conf.all.secure_redirects = 0 -net.ipv4.conf.all.send_redirects = 0 +net.ipv4.conf.all.secure_redirects = 0 +net.ipv4.conf.all.send_redirects = 0 +net.ipv4.conf.all.log_martians = 1 -net.ipv4.conf.default.accept_redirects = 0 +net.ipv4.conf.default.accept_redirects = 0 net.ipv4.conf.default.accept_source_route = 0 -net.ipv4.conf.default.log_martians = 0 -net.ipv4.conf.default.rp_filter = 1 -net.ipv4.conf.default.secure_redirects = 0 -net.ipv4.conf.default.send_redirects = 0 +net.ipv4.conf.default.secure_redirects = 0 +net.ipv4.conf.default.send_redirects = 0 +net.ipv4.conf.default.log_martians = 1 -# ICMP handling -net.ipv4.icmp_echo_ignore_broadcasts = 1 +net.ipv4.conf.all.rp_filter = 2 +net.ipv4.conf.default.rp_filter = 2 + +# ICMP +net.ipv4.icmp_echo_ignore_broadcasts = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 -# TCP/IP tuning +# TCP/IP net.ipv4.ip_local_port_range = 1024 65535 -net.ipv4.tcp_base_mss = 1024 -net.ipv4.tcp_fin_timeout = 10 -net.ipv4.tcp_keepalive_intvl = 30 -net.ipv4.tcp_keepalive_probes= 3 -net.ipv4.tcp_keepalive_time = 240 -net.ipv4.tcp_limit_output_bytes = 65536 -net.ipv4.tcp_max_syn_backlog = 8192 -net.ipv4.tcp_mtu_probing = 1 -net.ipv4.tcp_rfc1337 = 1 -net.ipv4.tcp_rmem = 8192 87380 16777216 -net.ipv4.tcp_sack = 1 -net.ipv4.tcp_slow_start_after_idle = 0 -net.ipv4.tcp_syn_retries = 3 -net.ipv4.tcp_synack_retries = 2 -net.ipv4.tcp_wmem = 8192 65536 16777216 +net.ipv4.tcp_mtu_probing = 1 +net.ipv4.tcp_rfc1337 = 1 +net.ipv4.tcp_sack = 1 +net.ipv4.tcp_rmem = 8192 87380 16777216 +net.ipv4.tcp_wmem = 8192 65536 16777216 # Unix sockets net.unix.max_dgram_qlen = 4096 diff --git a/scripts/share/lxc-mount-manager.sh b/scripts/share/lxc-mount-manager.sh index 95545e1..f710117 100644 --- a/scripts/share/lxc-mount-manager.sh +++ b/scripts/share/lxc-mount-manager.sh @@ -300,11 +300,14 @@ mount_host_directory_to_lxc() { sleep 3 msg_ok "$(translate "Container started")" else + show_proxmenux_logo + msg_title "$(translate 'Mount Host Directory to LXC Container')" msg_error "$(translate "Failed to start container")" return 1 fi fi msg_ok "$(translate 'Select LXC container')" + sleep 2 @@ -315,6 +318,7 @@ mount_host_directory_to_lxc() { return 1 fi msg_ok "$(translate 'Select Host directory')" + # Step 3: Setup group local group_name="sharedfiles" diff --git a/scripts/vm/zimaos.sh b/scripts/vm/zimaos.sh index 35838e5..253916b 100644 --- a/scripts/vm/zimaos.sh +++ b/scripts/vm/zimaos.sh @@ -315,16 +315,12 @@ function advanced_settings() { "$(translate "Select the bus type for the disks:")" 15 70 4 \ "scsi" "$(translate "SCSI (recommended for Linux)")" ON \ "sata" "$(translate "SATA (standard - high compatibility)")" OFF \ - "virtio" "$(translate "VirtIO (advanced - high performance)")" OFF \ 3>&1 1>&2 2>&3) || exit 1 case "$INTERFACE_TYPE" in "scsi"|"sata") DISCARD_OPTS=",discard=on,ssd=on" ;; - "virtio") - DISCARD_OPTS=",discard=on" - ;; esac msg_ok "$(translate "Disk interface selected:") $INTERFACE_TYPE" @@ -856,7 +852,7 @@ function select_storage_volume() { else while [ -z "${STORAGE:+x}" ]; do STORAGE=$(whiptail --backtitle "ProxMenuX" --title "Storage Pools" --radiolist \ - "$(translate "Choose the storage volume for $purpose:\n\nUse Spacebar to select.")" \ + "$(translate "Choose the storage volume for $purpose:")" \ 16 $(($MSG_MAX_LENGTH + 23)) 6 \ "${STORAGE_MENU[@]}" 3>&1 1>&2 2>&3) || exit done