GitHub - joevizcara/terraform-proxmox
github.com
Contribute to joevizcara/terraform-proxmox development by creating an account on GitHub.
    • Fuzzypyro@lemmy.worldEnglish
      11 months

      Agreed. Just point them to the repository. Cloning the repo and running the script is the barrier to entry here. If they can’t do that then reading it would do them no good either which means they have some learning to do.

      • atzanteol@sh.itjust.worksEnglish
        11 months

        No - you shouldn’t be putting bash <(curl ...) into a post and telling people to run it at all. It’s bad and shouldn’t be normalized in any way. Take. It. Down.

        • Fiery@lemmy.dbzer0.comEnglish
          11 months

          Especially dangerous because the script can change. So this stays up, gets indexed and put in the search results for people looking to do this… And then poof suddenly the script is an info stealer.

          Might not even be the original poster doing this, maybe their account gets hacked and the link gets every so slightly edited.

          Just bad practice.

          Though I must admit I do use proxmox helper scripts… But at least that’s a somewhat trusted repo.

          • MysteriousSophon21@lemmy.world
            English
            10 months

            100% this - at the very least do a curl URL | less to inspect the script before piping it to bash, or better yet download it, review it thoroghly, then run it locally.

  • Pika@sh.itjust.worksEnglish
    11 months

    I think my only real complaint about the deployment of this, is from a security standpoint. The password is hardcoded as “changeme” for the GitLab Runner container. which when run from an automated script like this the script itself doesn’t make the user aware of that. Like the script itself mentions that you should move credentials.txt but it never makes you aware of the hardcoded password.

    it would be nice if it prompted for a password, or used a randomly generated one instead of that hardcode