added dynamically generated post-install tasks file

2026-03-09 08:49:55 +01:00
parent c3de90989b
commit 2cbe05318d
1 changed files with 680 additions and 40 deletions
--- a/deploy.sh
+++ b/deploy.sh
@@ -161,9 +161,39 @@ cyan='\033[0;36m'
 cyanbold='\033[1;36m'
 greenbold='\033[1;32m'
 nc='\033[0m'
-underline='\033[4;0m'
+underline='\033[4m'
 # Public IP (tries multiple services)
 publicip="$(curl -fsS https://api.ipify.org || curl -fsS https://ifconfig.me || echo "UNKNOWN")"
 # Local IP (first non-loopback)
 localip="$(hostname -I | awk '{print $1}')"
 # request all install parameters needed from user
 # Selection menu for external access method
 echo "--------------------------------------------------------"
 echo -e "${cyan}Select your external access method:${nc}"
 echo ""
 echo "1. Public DNS - You will need to purchase a domain name from a DNS provider and configure it."
 echo "2. Local DNS, Local IP - All local devices must use $localip as their DNS. Remote devices must use WireGuard VPN."
 echo "3. Local DNS, Public IP - All local devices must use $localip as their DNS. Remote devices must use $publicip as their DNS, you must forward port 53 to $localip"
 echo ""
 while true; do
    read -p "Enter your choice (1-3): " external_access_method
    case "$external_access_method" in
        1|2|3)
            echo "Selected option: $external_access_method"
            break
            ;;
        *)
            echo "Invalid choice. Please enter 1, 2, or 3."
            ;;
    esac
 done
 # ---- User input ----
 read -rp "Admin email: " adminemail < /dev/tty
 read -rsp "Admin password: " adminpass < /dev/tty
@@ -171,6 +201,8 @@ echo
 read -rp "Timezone (e.g. Europe/Amsterdam): " timezone < /dev/tty
 read -rp "Domain (e.g. example.com): " domain < /dev/tty
 # Prompt the user to set the pause behavior (defaults to true)
 echo -e "${cyan}pause prompts${nc} will ask you to finish configuration for each application as the script goes."
 echo "disabling these means you'll have to do this after the script finishes, but allows you to run the script unattended."
@@ -182,22 +214,66 @@ else
    SHOULD_PAUSE=true
 fi
 # Public IP (tries multiple services)
 publicip="$(curl -fsS https://api.ipify.org || curl -fsS https://ifconfig.me || echo "UNKNOWN")"
 # Local IP (first non-loopback)
 localip="$(hostname -I | awk '{print $1}')"
 echo "--------------------------------------------------------"
 echo -e "please double-check your ${cyan}DNS records${nc} to ensure they are set. the following dns records need to be set:"
 echo ""
 echo "|name         |type       |value      "
 echo "|@            |A          |$publicip  "
 echo "|*            |CNAME      |@          "
 echo ""
 echo -e "once you've done this, press any key to ${underline}continue${nc}"
 pause_if_enabled
 if ["$external_access_method" -eq 1]; then
    # Verify DNS records
    echo -e "${cyan}Verifying DNS records...${nc}"
    echo ""
    # Check A record
    echo -e "${cyan}Checking A record for @...${nc}"
    a_record_check=$(dig +short A "$domain" @8.8.8.8 | grep -c "^$publicip$")
    if [ "$a_record_check" -eq 0 ]; then
        echo -e "${cyan}⚠️ Warning: A record for @ is not set or not pointing to $publicip${nc}"
    else
        echo -e "${cyan}✅ A record for @ is correctly set to $publicip${nc}"
    fi
    # Check CNAME record
    echo -e "${cyan}Checking CNAME record for *...${nc}"
    cname_record_check=$(dig +short CNAME "*.$domain" @8.8.8.8 | grep -c "$domain\.$")
    if [ "$cname_record_check" -eq 0 ]; then
        echo -e "${cyan}⚠️ Warning: CNAME record for * is not set or not pointing to @${nc}"
    else
        echo -e "${cyan}✅ CNAME record for * is correctly set to @${nc}"
    fi
    echo "--------------------------------------------------------"
    echo -e "please double-check your ${cyan}DNS records${nc} to ensure they are set. the following dns records need to be set:"
    echo ""
    echo "|name         |type       |value      "
    echo "|@            |A          |$publicip  "
    echo "|*            |CNAME      |@          "
    echo ""
    echo -e "once you've done this, press any key to ${underline}continue${nc}"
    pause_if_enabled
 fi
 # Ask about static public IP if using public DNS
 if [ "$external_access_method" -eq 1 ]; then
    while true; do
        read -p "Do you have a static public IP address? (yes/no): " static_ip_answer
        case "$static_ip_answer" in
            ([yY]|[yY][eE][sS])
                static_public_ip="yes"
                break
                ;;
            ([nN]|[nN][oO])
                static_public_ip="no"
                break
                ;;
            (*)
                echo "Please answer with 'yes' or 'no'."
                ;;
        esac
    done
    # Store this information for later use
    echo "Static public IP setting: $static_public_ip"
 fi
@@ -488,36 +564,600 @@ site.$domain
 Add any other subdomains you want to use.
 EOF
-cat >/opt/stacks/pihole/dns/02-wildcard.conf <<EOF
+# Write PiHole config (only for options 2 and 3)
-address=/$domain/$localip
+if [ "$external_access_method" -eq 2 ] || [ "$external_access_method" -eq 3 ]; then
-address=/.$domain/$localip
+    echo "Writing PiHole configuration..."
    # Use public IP for option 3, local IP for option 2
    if [ "$external_access_method" -eq 3 ]; then
        dns_ip="$publicip"
    else
        dns_ip="$localip"
    fi
    cat >/opt/stacks/pihole/dns/02-wildcard.conf <<EOF
 address=/$domain/$dns_ip
 address=/.$domain/$dns_ip
 EOF
    chmod -R 775 /opt
    docker exec pihole pihole-FTL --config misc.etc_dnsmasq_d true
    docker restart pihole
 fi
 # Enable DHCP on PiHole for options 2 and 3
 if [ "$external_access_method" -eq 2 ] || [ "$external_access_method" -eq 3 ]; then
    echo "Configuring DHCP on PiHole..."
    # Get network information
    gateway=$(ip route | awk '/default/ {print $3}')
    interface=$(ip route | awk '/default/ {print $5}')
    netmask=$(ifconfig $interface | awk '/netmask/ {print $4}')
    localip=$(hostname -I | awk '{print $1}')
    # Function to convert IP to binary string
    ip_to_bin() {
        local ip=$1
        local a b c d
        IFS=. read -r a b c d <<< "$ip"
        printf "%08d%08d%08d%08d" "$(echo "obase=2; $a" | bc)" "$(echo "obase=2; $b" | bc)" "$(echo "obase=2; $c" | bc)" "$(echo "obase=2; $d" | bc)"
    }
    # Function to convert binary string to IP
    bin_to_ip() {
        local bin=$1
        local octet1=${bin:0:8}
        local octet2=${bin:8:8}
        local octet3=${bin:16:8}
        local octet4=${bin:24:8}
        echo "$(echo "ibase=2; $octet1" | bc).$(echo "ibase=2; $octet2" | bc).$(echo "ibase=2; $octet3" | bc).$(echo "ibase=2; $octet4" | bc)"
    }
    # Calculate network and broadcast addresses using binary operations
    gateway_bin=$(ip_to_bin "$gateway")
    netmask_bin=$(ip_to_bin "$netmask")
    localip_bin=$(ip_to_bin "$localip")
    # Calculate network address (bitwise AND of gateway and netmask)
    network_bin=""
    for i in {0..31}; do
        if [ "${gateway_bin:$i:1}" = "1" ] && [ "${netmask_bin:$i:1}" = "1" ]; then
            network_bin="${network_bin}1"
        else
            network_bin="${network_bin}0"
        fi
    done
    # Calculate broadcast address (bitwise OR of network and inverted netmask)
    broadcast_bin=""
    for i in {0..31}; do
        if [ "${netmask_bin:$i:1}" = "0" ]; then
            broadcast_bin="${broadcast_bin}1"
        else
            broadcast_bin="${broadcast_bin}${network_bin:$i:1}"
        fi
    done
    network_address=$(bin_to_ip "$network_bin")
    broadcast_address=$(bin_to_ip "$broadcast_bin")
    # Calculate DHCP range
    # Convert network address to decimal for arithmetic
    IFS=. read -r n1 n2 n3 n4 <<< "$network_address"
    network_dec=$((n1 * 256**3 + n2 * 256**2 + n3 * 256 + n4))
    # Convert broadcast address to decimal
    IFS=. read -r b1 b2 b3 b4 <<< "$broadcast_address"
    broadcast_dec=$((b1 * 256**3 + b2 * 256**2 + b3 * 256 + b4))
    # Convert gateway to decimal
    IFS=. read -r g1 g2 g3 g4 <<< "$gateway"
    gateway_dec=$((g1 * 256**3 + g2 * 256**2 + g3 * 256 + g4))
    # Convert local IP to decimal
    IFS=. read -r l1 l2 l3 l4 <<< "$localip"
    localip_dec=$((l1 * 256**3 + l2 * 256**2 + l3 * 256 + l4))
    # Start DHCP 10 IPs after the gateway (but not before network+1)
    dhcp_start_dec=$((gateway_dec + 10))
    if [ $dhcp_start_dec -le $network_dec ]; then
        dhcp_start_dec=$((network_dec + 1))
    fi
    # End DHCP 100 IPs after start (but not after broadcast-1)
    dhcp_end_dec=$((dhcp_start_dec + 100))
    if [ $dhcp_end_dec -ge $broadcast_dec ]; then
        dhcp_end_dec=$((broadcast_dec - 1))
    fi
    # Ensure we don't include the local IP in the DHCP range
    if [ $localip_dec -ge $dhcp_start_dec ] && [ $localip_dec -le $dhcp_end_dec ]; then
        # If local IP is in the range, adjust the range
        if [ $((localip_dec - dhcp_start_dec)) -lt $((dhcp_end_dec - localip_dec)) ]; then
            dhcp_start_dec=$((localip_dec + 1))
        else
            dhcp_end_dec=$((localip_dec - 1))
        fi
    fi
    # Convert back to IP format
    dhcp_start=$(bin_to_ip "$(ip_to_bin "$(dec_to_ip $dhcp_start_dec)")")
    dhcp_end=$(bin_to_ip "$(ip_to_bin "$(dec_to_ip $dhcp_end_dec)")")
    # Helper function to convert decimal to IP (used above)
    dec_to_ip() {
        local dec=$1
        echo "$(( (dec >> 24) & 0xFF )).$(( (dec >> 16) & 0xFF )).$(( (dec >> 8) & 0xFF )).$(( dec & 0xFF ))"
    }
    docker exec pihole pihole-FTL --config dhcp.active true
    docker exec pihole pihole-FTL --config dhcp.start $dhcp_start
    docker exec pihole pihole-FTL --config dhcp.end $dhcp_end
    docker exec pihole pihole-FTL --config dhcp.router $gateway
    docker exec pihole pihole-FTL --config dhcp.netmask $netmask
    # Apply the DHCP configuration
    docker restart pihole
    echo "DHCP configuration applied:"
    echo "  Network: $network_address"
    echo "  Broadcast: $broadcast_address"
    echo "  Range: $dhcp_start to $dhcp_end"
    echo "  Router: $gateway"
    echo "  Netmask: $netmask"
    echo "  Domain: $domain"
 fi
 # Generate post-install tasks file
 echo "Generating post-install tasks file..."
 tasks_file="/opt/files/post-install.txt"
 # Start with common header
 cat > "$tasks_file" <<EOF
 POST-INSTALL TASKS FOR YOUR HOME CLOUD
 =====================================
 Generated: $(date)
 Timezone: $timezone
 Local IP: $localip
 Public IP: $publicip
 Domain: $domain
 IMPORTANT: Follow these tasks in order as some services depend on others being configured first.
 EOF
-chmod -R 775 /opt 
+# Initialize section counter
-docker exec pihole pihole-FTL --config misc.etc_dnsmasq_d true
+section=1
 docker restart pihole
 # 1. DDNS Configuration (only for public DNS with non-static IP)
 if [ "$external_access_method" -eq 1 ] && [ "$static_public_ip" != "yes" ]; then
    cat >> "$tasks_file" <<EOF
 $section. CONFIGURE DDNS
 ------------------------
 RECOMMENDED FREE DDNS PROVIDERS
 1. DuckDNS (https://www.duckdns.org) - Simple and free
 2. No-IP (https://www.noip.com) - Free tier with monthly confirmation
 3. Dynu (https://www.dynu.com) - Free with multiple domain options
 4. FreeDNS (https://freedns.afraid.org) - Free subdomains available
 IMPORTANT NOTES
 1. Ensure your router has a public IP address (not behind CGNAT)
 2. For Linux systems, verify ddclient is running properly
 3. For routers, check the DDNS status in the admin panel
 4. Test your configuration by pinging your new DDNS hostname
 5. Some providers require periodic confirmation to maintain free service
 --------------------------------------------------------------------------------
 OPTION 1: CONFIGURING DDNS ON HOME ROUTERS
 --------------------------------------------------------------------------------
 ASUS ROUTERS
 ------------
 1. Log in to your router's admin panel at http://$gateway
 2. Navigate to WAN > DDNS
 3. Select your DDNS provider (No-IP or ASUS DDNS)
 4. Enter your DDNS hostname
 5. Provide your DDNS credentials
 6. Click Apply to save settings
 TP-LINK ROUTERS
 ---------------
 1. Log in to your router's admin panel at http://$gateway
 2. Navigate to Advanced > Network > Dynamic DNS
 3. Select your DDNS provider (No-IP or TP-Link DDNS)
 4. Enter your DDNS hostname
 5. Provide your DDNS credentials
 6. Click Save to apply settings
 --------------------------------------------------------------------------------
 OPTION 2: CONFIGURING DDNS ON YOUR SERVER USING DDCLIENT
 --------------------------------------------------------------------------------
 1. INSTALL DDCLIENT
 -------------------
  sudo apt update && sudo apt install ddclient
 2. CONFIGURE DDCLIENT
 ----------------------
 Edit the configuration file:
  sudo nano /etc/ddclient/ddclient.conf
 For DuckDNS:
  protocol=duckdns
  use=web
  server=www.duckdns.org
  login=your_duckdns_token
  password=
  yourDDNSdomain.duckdns.org
 For No-IP:
  protocol=noip
  use=web
  server=dynupdate.no-ip.com
  login=your_noip_username
  password=your_noip_password
  yourDDNSdomain.ddns.net
 3. RESTART DDCLIENT
 -------------------
  sudo systemctl restart ddclient
  sudo systemctl enable ddclient
 4. VERIFY CONFIGURATION
 -----------------------
  sudo tail -n 20 /var/log/syslog | grep ddclient
 EOF
    section=$((section + 1))
 fi
 # 2. PiHole Configuration (for local DNS methods)
 if [ "$external_access_method" -eq 2 ] || [ "$external_access_method" -eq 3 ]; then
    cat >> "$tasks_file" <<EOF
 $section. CONFIGURE PIHOLE
 --------------------------
 --------------------------------------------------------------------------------
 1. DISABLING DHCP ON YOUR ROUTER
 --------------------------------------------------------------------------------
 your pihole is configured as a DHCP server, because of this, we want to disable the router's internal DHCP server.
 ASUS ROUTERS:
 -------------
 1. Log in to router admin (http://$gateway)
 2. Navigate to LAN > DHCP Server
 3. Set "Enable the DHCP Server" to "No"
 4. Click "Apply" to save changes
 TP-LINK ROUTERS:
 ---------------
 1. Log in to router admin (http://$gateway)
 2. Go to Advanced > Network > DHCP Server
 3. Toggle DHCP Server to "Disable"
 4. Click "Save" to apply
 --------------------------------------------------------------------------------
 2. CONFIGURING STATIC IPS WITH CUSTOM DNS ($localip or $publicip)
 --------------------------------------------------------------------------------
 use $publicip if you are forwarding port 53, or $localip if not.
 if you use $localip, the device will not have DNS outside of your local network.
 you only need to do this for devices that have a static ip address, devices that get their ip assigned via DHCP (which is default for most devices, especially wireless ones) get their DNS address from the router.
 WINDOWS:
 --------
 1. Open Network Settings (Win+I > Network & Internet)
 2. Select your connection (Wi-Fi/Ethernet)
 3. Click "Hardware properties" > "Edit" next to DNS
 4. Set manual DNS to $localip or $publicip
 5. Save changes
 MACOS:
 ------
 1. Open System Preferences > Network
 2. Select your connection
 3. Click "Advanced" > DNS tab
 4. Add $localip or $publicip to DNS servers
 5. Click "OK" > "Apply"
 LINUX (NETWORK MANAGER):
 ------------------------
 1. Edit connection settings:
   nm-connection-editor
 2. Select your connection
 3. Go to IPv4/IPv6 settings
 4. Set DNS to $localip or $publicip
 5. Save and restart connection
 ANDROID:
 --------
 1. Open Wi-Fi settings
 2. Long-press your network > Modify network
 3. Enable "Advanced options"
 4. Set IP to static
 5. Enter DNS as $localip or $publicip
 IOS:
 ----
 1. Open Wi-Fi settings
 2. Tap (i) next to your network
 3. Configure DNS > Manual
 4. Add $localip or $publicip
 5. Save changes
 EOF
    section=$((section + 1))
 fi
 # 5. Router Configuration (for public DNS)
 if [ "$external_access_method" -eq 1 ]; then
    cat >> "$tasks_file" <<EOF
 $section. CONFIGURE PIHOLE IN YOUR ROUTER
 -----------------------------------------
 ASUS ROUTERS:
 -------------
 1. Log in to router admin (http://$gateway)
 2. Navigate to LAN > DHCP Server
 3. Under "DNS Server", enter $localip
 4. Click "Apply" to save
 TP-LINK ROUTERS:
 ---------------
 1. Log in to router admin (http://$gateway)
 2. Go to Advanced > Network > DHCP Server
 3. Set "Primary DNS" to $localip
 4. Click "Save" to apply
 GENERAL NOTES:
 --------------
 - Changes affect all DHCP clients
 - Some routers allow multiple DNS servers (comma-separated)
 - Restart devices to receive new DNS settings
 - after waiting up to 4 hours for changes to propagate: Verify DNS propagation with: nslookup $domain
 EOF
    section=$((section + 1))
 fi
 # 3. Nginx and Dockge Pre-Configuration
 cat >> "$tasks_file" <<EOF
 $section. NGINX AND DOCKGE PRE-CONFIGURATION
 -------------------------------------------
 NGINX:
 ------
 go to http://$localip:81 and make the admin account
 DOCKGE:
 -------
 go to http://$localip:5001 and make  the admin account
 FILEBROWSER:
 ------------
 log into http://$localip:5001, go to the "browser" stack, in the console output, it should list the randomly generated admin password
 log into http://browser.$domain using username "admin" and the randomly generated password
 reset the password to your own password and change the username if desired.
 EOF
 section=$((section + 1))
 # 4. Certificate Configuration
 if [ "$external_access_method" -eq 1 ]; then
    # Public DNS method - Let's Encrypt
    cat >> "$tasks_file" <<EOF
 $section. CONFIGURE CERTIFICATES USING LET'S ENCRYPT
 ---------------------------------------------------
 Make sure your DNS records are properly configured before proceeding.
 # Step 1:
 go to proxy.?domain? and log in with your admin account
 # Step 2:
 go to the "Certificates" tab and click Add Certificate > Let's Encrypt via HTTP
 # Step 3: 
 copy the contents of the "npmcertlist.txt" file into the domain names field.
 copy one line at a time if using ctrl+c/ctrl+v, be sure to press enter between each line.
 if you make use of clickpaste (or any tool that allows you to paste by simulating keyboard input), you can use that to paste the entire list in one go
 or you can type the entire list manually
 # Step 4:
 hit "save" and wait.
 # Step 5:
 go to the Hosts > proxy hosts tab and go through each of the hosts
 # Step 6: 
 repeat for each host: 
 >go to the SSL tab
 >select your certificate
 >enable force SSL
 in the case of owncloud you may also want to enable HTTP/2 
 then hit save.
 once you've done this for all your sites, your entire cloud is now running with SSL encryption.
 EOF
 else
    # Local DNS methods - Self-signed certs
    cat >> "$tasks_file" <<EOF
 $section. CONFIGURE CERTIFICATES USING GENCERTS.SH
 ------------------------------------------------
 run the gencerts.sh script, this will generate the certs for you and put them in a folder inside browser.$domain which should now be reachable over http
 on http://$localip:81, log in, go to certificates > add certificate > custom
 fill in your main domain as the Name
 for the certificate key, use the wildcard.key file
 for the certificate, use the wildcard.crt file
 for the intermediate certificate, use the intermediate.crt file
 because this certificate is not backed by a public certificate authority like letsencrypt, you have to manually trust the root cert on each device you want to use the cloud on, or deal with "certificate untrusted" warnings.
 below are guides for doing this:
 windows:
 download and double-click rootCA.pfx
 select "Local Machine" and click next, password is empty.
 choose "place all certificates in the following store" and choose "Trusted Root Certification Authorities"
 click finish and confirm with "yes" if prompted.
 macOS:
 download and double-click rootCA.pfx
 if prompted for a password, leave it blank and click yes
 open Keychain Access (applications/utilities/keychain access)
 locate the imported rootCA.pfx certificate in the login or system keychains.
 double-click the certificate, expand the "trust" section and set "When using this certificate" to "always trust"
 Linux:
 download the rootCA.crt file
 copy rootCA.crt to /usr/local/share/ca-certificates/ using the following command from the directory rootCA.crt is in, or by using your file manager.
 sudo cp rootCA.crt /usr/local/share/ca-certificates/
 then update the CA store by rebooting or running the following command:
 sudo update-ca-certificates
 android:
 download rootCA.crt to your device
 open settings > security > encryption & credentials > install a certificate
 select rootCA.crt and set a Name
 reboot if prompted
 IOS:
 download rootCA.crt to your device
 open the file in safari and tap "install"
 go to settings > general > VPN & Device management > configuration profile and install the certificate
 enable full trust in settings > general > about > certificate trust settings
 now that you've set your DNS correctly and trusted the cert, you should be able to visit all of your sites via https://dash.$domain 
 the certificate is valid for 10 years, after which you can generate a new one with gencerts.sh
 EOF
 fi
 section=$((section + 1))
 # 6. Service Configurations
 cat >> "$tasks_file" <<EOF
 $section. CONFIGURE SERVICES
 ---------------------------
 Complete the initial setup for these services:
 JELLYFIN:
 log into https://video.$domain and run through the first-time setup.
 BOOKSTACK:
 <include_content_here: instructions for initial BookStack setup including admin account creation>
 EOF
 section=$((section + 1))
 # 7. Uptime Kuma Configuration (last since it depends on DNS and HTTPS)
 cat >> "$tasks_file" <<EOF
 $section. CONFIGURE UPTIME KUMA
 ---------------------------
 MONITORING:
 -----------
 # Step 1:
 head to status.?domain? and log in.
 # Step 2:
 click on "Add New Monitor"
 # Step 2.5 (optional):
 Set monitor type to "Group", friendly name to the group name and retries to 10. 
 repeat this for any groups you want, for example: Frontend and Backend
 # Step 3:
 use the following settings:
 type: HTTP(s)
 Friendly Name: Name of your service (for example: Cloud)
 url: the URL for the site (for example: https://cloud.?domain?)
 Retries: 10
 certificate expiry notification: on
 cachebuster: on
 group: optionally set this to the group you want
 leave all the other settings as default
 # Step 4:
 repeat step 3 for every service, for an easy list of URLs, go to proxy.?domain? and log in, you can see the list of proxy hosts which is also all of your URLs. 
 # Step 5 (optional):
 make a status page, instructions in Uptime Kuma - status page.txt
 STATUS PAGE:
 ------------
 # Step 1: 
 log in to status.?domain and click on "Status Pages" in the top right.
 # Step 2:
 make a new status page, Name it whatever you want and use slug "default"
 # Step 3: add all of the monitors you want to the page.
 # step 4: add a description if you'd like. 
 this status page is available at status.?domain?/status
 any other status pages you make are available at status.?domain?/status/<slug>
 EOF
 # Add footer with additional information
 cat >> "$tasks_file" <<EOF
 ADDITIONAL INFORMATION
 ======================
 ACCESS URLs:
 - PiHole Admin: http://$localip/admin
 - Nginx Proxy Manager: http://$localip:81
 <include_content_here: list all other service URLs>
 IMPORTANT NOTES:
 - Your local network is: $network_address/$netmask
 - Your broadcast address is: $broadcast_address
 <include_content_here: any other important notes>
 EOF
 # Output success message
 echo "Post-install tasks file generated: $tasks_file"
 echo "Please follow the tasks in order as some services depend on others!"
 echo "if you are using public DNS with a static ip, you can also already access this from http://browser.$domain, if you are using local DNS, you will need to do additional configuration"
 echo "you can open this file on this machine using the command 'sudo nano $tasks_file'"
 echo ""
-echo ""
+echo "for your convenience, the tasks file will be copied to the current user's home directory"
-echo ""
+cp $tasks_file ~/post-install.txt
 echo -e "you can now access the dockge GUI interface at $localip:5001 and the proxy interface at $localip:81 once you start it from Dockge. be sure to forward ports 80, 443 and 51820 to $localip in your router settings"
 echo -e "to use ${green}pihole${nc} as your DNS provider, set your DNS to $localip in your router for DHCP and on your device for any device with a static ip. Currently, the DNS is configured to use the joindns4.eu DNS, which also has built-in adblocking."
 echo ""
 echo -e "reminder, configure the following services if you have not done so already:"
 echo "(this is only needed if you did not enable pause prompts or did not follow the pause prompts)"
 echo -e "${cyan}uptime kuma${nc} has been launched from http://status.$domain, perform the initial setup, choosing embedded mariaDB"
 echo -e "${cyan}jellyfin${nc} has launched from http://video.$domain, perform the initial setup"
 echo -e "${cyan}filebrowser${nc} has been launched from http://browser.$domain, head to dockge (http://docker.$domain), open the filebrowser stack and check the logs for the initial admin password. make sure to change this in filebrowser's config"
 echo -e "${cyan}bookstack${nc} has been launched from http://docs.$domain, log in with email 'admin@admin.com' and password 'password', then reset this account to use $adminemail and your password."
 echo -e "${cyan}Nginx Proxy Manager${nc} has been installed and launched. go to http://proxy.$domain and configure your username and password"
 echo -e "${cyan}Dockge${nc} has been installed and launched. go to http://docker.$domain and configure your username and password"
 echo ""
 echo "you may have to go to settings > additional in owncloud and click "save" for the onlyoffice server settings."
 echo ""
 echo "-------------------------------"
 echo -e "the following set up steps must still be completed, you can find them in the "setup" folder at http://browser.$domain, this is required for vaultwarden to work"
 echo -e "${cyan}Nginx Proxy Manager${nc}: lets-encrypt certificate needs to be set up"
 echo -e "${cyan}Uptime Kuma${nc}: Monitoring and status page configuration"
 # Capture the end time (Unix timestamp)
 END_TIME=$(date +%s)