Manages shell scripts, schedules jobs, and dispatches them to lightweight agents. No PostgreSQL or Gitea required — everything is stored locally in SQLite.
./tools/setup-env.sh # generates AGENT_TOKEN and SECRET_KEY automaticallyEdit .env and set your URL:
BASE_URL=http://your-server-ip:8080Then start:
docker compose up -dOpen http://your-server-ip:8080 and go to Settings to set an admin password.
Image:
ghcr.io/klimnt1/scriptwatch:latest
-
In Portainer, go to Containers → Add container (or Stacks → Add stack → Repository).
-
Set the image above.
-
Under Environment variables, click Advanced mode and paste:
AGENT_TOKEN=replace-with-random-value SECRET_KEY=replace-with-different-random-value BASE_URL=http://your-server-ip:8080 ADMIN_USERNAME=admin ADMIN_PASSWORD=
Variable Description AGENT_TOKENShared secret agents use to authenticate SECRET_KEYSigns browser session cookies BASE_URLPublic URL of your ScriptWatch instance ADMIN_USERNAMELogin username (default: admin)ADMIN_PASSWORDPassword for the web UI (leave blank to disable auth) Discord and ntfy can be configured from Settings inside the app — no env var needed.
-
Add a volume bind mount: Container
/app/data→ Host/opt/scriptwatch/data -
Deploy and open
http://your-server-ip:8080.
To generate secret values:
openssl rand -hex 32Or with Python:
python3 -c "import secrets; print(secrets.token_urlsafe(48))"Keep the same
AGENT_TOKENwhen recreating the container — changing it requires reinstalling every agent.
After the server is running, go to Settings and copy the agent install command. Run it with sudo on each target machine.
For Unraid, use the template at agent/scriptwatch-agent.xml and set SCRIPTWATCH_API_URL, SCRIPTWATCH_SERVER_NAME, and SCRIPTWATCH_AGENT_TOKEN.
Back up the data directory, not the container:
- Docker Compose:
./data - Portainer: the host path mapped to
/app/data(e.g./opt/scriptwatch/data)
Do not share your .env. Each install should have its own AGENT_TOKEN and SECRET_KEY.
#test