Ubuntu 24 Installer rewrite

[ingoratsdorf]

setup.sh and start.sh combined into a single script netalertx now starts and runs via systemd unit, can be started, stopped and restarted systemctl start netalertx
systemctl stop netalertx
systemctl status netalertx
etc
Logs to journalctl and output can be followed with journalctl -f

Amalgamated chmods
tuned chmods based on earlier feedback and discussion

install script accepts command line parameter:

• 'install' to continue and DELETE ALL!
• 'update' to just update from GIT (keeps your db and settings)
• 'start' to do nothing, leave install as-is (just run the start script, set up services etc)

Please have a look, comments welcome :-)

Summary by CodeRabbit

• New Features
  • Streamlined one-step installer for Ubuntu 24 that automates full setup, dependency installation, web server configuration, and environment settings.
  • Adds a system service for automatic start/stop and easier management.
  • Supports configurable port and listen address, with clear status and access guidance during install.
• Chores
  • Bundled Python dependencies to ensure consistent installation.
• Refactor
  • Consolidated and replaced legacy Ubuntu 24 install/start scripts with a unified installer for a simpler, safer workflow.

[coderabbitai]

Walkthrough

Introduces a new Ubuntu 24 installer at install/ubuntu24/install.sh, adds a systemd unit and Python requirements file, and removes legacy install/start scripts. The new script handles install/update/start flows, dependency setup, web server configuration, filesystem prep, environment persistence, and service management.

Changes

Cohort / File(s)	Summary of changes
Ubuntu24 installer replacement install/ubuntu24/install.sh, install/ubuntu24/install.ubuntu24.sh, install/ubuntu24/start.ubuntu24.sh	Added consolidated installer handling install/update/start, environment setup, dependency installation, NGINX/PHP-FPM config, permissions, and service orchestration. Removed legacy interactive install and startup scripts.
Systemd service install/ubuntu24/netalertx.service	Added systemd unit loading env from /etc/default/netalertx and starting the Python server with restart policy.
Python dependencies install/ubuntu24/requirements.txt	Added Python package list, including a VCS dependency, for installer-driven virtualenv setup.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor User
    participant InstallScript as install/ubuntu24/install.sh
    participant APT as apt/apt-get
    participant Py as Python venv/pip
    participant Nginx as NGINX
    participant PHP as PHP-FPM
    participant Sysd as systemd (netalertx.service)
    participant Server as NetAlertX server

    User->>InstallScript: Run with mode (install | update | start)
    InstallScript->>APT: Install system deps (nginx, php-*, etc.)
    InstallScript->>Py: Create venv + pip install -r requirements.txt
    InstallScript->>Nginx: Configure site, port, listen addr
    InstallScript->>PHP: Ensure enabled/started
    InstallScript->>InstallScript: Prepare dirs, tmpfs, permissions, configs
    InstallScript->>Sysd: Write /etc/default/netalertx + enable/start unit
    Sysd->>Server: ExecStart python3 ${INSTALL_DIR}/server
    Server-->>Nginx: Serves UI/API via configured port
    Note over InstallScript,Sysd: Modes control whether repo is cloned, updated, or just started

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Possibly related PRs

• Installer rework #1174 — Overlaps on tmpfs log/api mounting and log/permission handling introduced in the new Ubuntu24 installer.
• Bare metal Installer rework #1173 — Related restructuring of Ubuntu24 installer, including script consolidation and service/nginx handling.

Poem

I hop through scripts with whiskers bright,
New service hums to greet the night.
NGINX purrs, PHP’s in line,
Pip installs make cables shine.
With one swift run, I set the stage—
NetAlertX, now turn the page! 🐇✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title accurately and concisely captures the pull request’s primary change—rewriting the Ubuntu 24 installer—and aligns directly with the consolidation of scripts and systemd integration described in the PR.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

install/ubuntu24/requirements.txt (1)

25-25: Pin the aiofreepybox VCS dependency to a stable revision.

Installing straight from the HEAD of foreign-sub/aiofreepybox makes every installer run non‑deterministic and can suddenly break builds if that repo changes or disappears. Please lock it to a tag or commit SHA so that updates happen on your schedule.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3dd5c4b and 246777a.

📒 Files selected for processing (5)

• install/ubuntu24/install.sh (1 hunks)
• install/ubuntu24/install.ubuntu24.sh (0 hunks)
• install/ubuntu24/netalertx.service (1 hunks)
• install/ubuntu24/requirements.txt (1 hunks)
• install/ubuntu24/start.ubuntu24.sh (0 hunks)

💤 Files with no reviewable changes (2)

• install/ubuntu24/install.ubuntu24.sh
• install/ubuntu24/start.ubuntu24.sh

🧰 Additional context used

🪛 Shellcheck (0.11.0)

install/ubuntu24/install.sh

[warning] 24-24: SCRIPT_DIR appears unused. Verify use (or export if used externally).

(SC2034)

---

[warning] 120-120: Use "${var:?}" to ensure this never expands to /* .

(SC2115)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: docker_dev

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Fix the custom listen address/port rewriting to handle IPv6 safely.

install/ubuntu24/netalertx.conf ships with both listen 20211; and listen [::]:20211;. The current sed commands only touch the IPv4 directive, so a custom PORT leaves the IPv6 listener on 20211. Worse, when LISTEN_ADDR is set, the second sed rewrites the IPv6 line into listen <addr>:[::]:<port>, making nginx -t fail and aborting the installer. Please rewrite the substitutions so they update the IPv4 and IPv6 ports separately and only inject the custom address into the IPv4 listener.

Apply this diff:

 # Use user-supplied port if set
 if [ -n "${PORT}" ]; then
   echo "[INSTALL] Setting webserver to user-supplied port (${PORT})"
-  sed -i 's/listen 20211/listen '"${PORT}"'/g' "${NGINX_CONFIG_FILE}"
+  sed -i -E 's/^(\s*listen\s+)20211(.*)$/\1'"${PORT}"'\2/' "${NGINX_CONFIG_FILE}"
+  sed -i -E 's/^(\s*listen\s+)\[::\]:20211(.*)$/\1[::]:'"${PORT}"'\2/' "${NGINX_CONFIG_FILE}"
 else
   PORT=20211
 fi
 
 # Change web interface address if set
 if [ -n "${LISTEN_ADDR}" ]; then
   echo "[INSTALL] Setting webserver to user-supplied address (${LISTEN_ADDR})"
-  sed -i -e 's/listen /listen '"${LISTEN_ADDR}":'/g' "${NGINX_CONFIG_FILE}"
+  sed -i -E 's/^(\s*listen\s+)[0-9]+(.*)$/\1'"${LISTEN_ADDR}:${PORT}"'\2/' "${NGINX_CONFIG_FILE}"
 else
   LISTEN_ADDR="0.0.0.0"
 fi

🤖 Prompt for AI Agents

In install/ubuntu24/install.sh around lines 217 to 228, the current sed
replacements modify listen directives too broadly causing the IPv6 line to be
left on the old port or to be mangled when LISTEN_ADDR is set; update the script
so: when PORT is provided, replace the exact "listen 20211;" and the exact
"listen [::]:20211;" separately so both IPv4 and IPv6 ports are updated; when
LISTEN_ADDR is provided, only replace the IPv4 directive "listen 20211;" with
"listen <LISTEN_ADDR>:<PORT>;" (do not prepend the address to the IPv6 "[::]"
line), and ensure sed patterns match the semicolon and brackets exactly and
properly quote/escape variables to avoid injecting into the IPv6 listener.

[ingoratsdorf]

Sorry, only ships with listen 20211 so I'd say this is irrelevant.

[ingoratsdorf]

No further comments :-)

[jokob-sk]

Really appreciate the help here @ingoratsdorf 🙏 going thru some private stuff still so energy is limited - can't say how happy it makes me seeing you and others help out 🙇

[ingoratsdorf]

Really appreciate the help here @ingoratsdorf 🙏 going thru some private stuff still so energy is limited - can't say how happy it makes me seeing you and others help out 🙇

No problem at all. We all benefit from your work so it's just fair to contribute and give back.

On a more personal note, having gone through a few dark phases in my life myself, please do reach out to someone where appropriate. There's no shame in it, most if not everyone carries their bag of sorrows and issues. You cannot pile it up too much, it will get too heavy eventually.
Next month is mental health awareness month in NZ and I have done a few presentations, talks and events over the years. Talking is the first step.

[jokob-sk]

Thank you very much for your message. I do talk to a professional. 🙏