fix(matomo,papermark,slink): fix db access, creds path, build env, sqlite create

- matomo: move creds to /root/matomo.creds (out of webroot), keep tests/ dir,
  block dotfiles in Caddy (@blocked /.* pattern)
- papermark: add NEXT_PUBLIC_APP_BASE_HOST and NEXT_PUBLIC_WEBHOOK_BASE_HOST
  placeholder env vars to prevent undefined 'value' in has:host routes
  causing Next.js build failure
- slink: replace doctrine:database:create with touch for SQLite (getCreateDatabaseSQL
  not supported by SQLitePlatform)

ct/matomo.sh

@@ -28,7 +28,6 @@ function flatten_matomo_layout() {
     msg_ok "Migrated Legacy Layout"
   fi
 
-  rm -rf /opt/matomo/tests
 }
 
 function update_script() {
@@ -51,11 +50,7 @@ function update_script() {
     msg_info "Backing up Data"
     [[ -f /opt/matomo/config/config.ini.php ]] && cp /opt/matomo/config/config.ini.php /opt/matomo_config.bak
     [[ -d /opt/matomo/misc/user ]] && cp -r /opt/matomo/misc/user /opt/matomo_user_backup
-    if [[ -f /opt/matomo/.mariadb-creds ]]; then
-      cp /opt/matomo/.mariadb-creds /opt/matomo_db_creds.bak
-    elif [[ -f /root/matomo.creds ]]; then
-      cp /root/matomo.creds /opt/matomo_db_creds.bak
-    fi
+    [[ -f /root/matomo.creds ]] && cp /root/matomo.creds /opt/matomo_db_creds.bak
     msg_ok "Backed up Data"
 
     CLEAN_INSTALL=1 fetch_and_deploy_gh_release "matomo" "matomo-org/matomo" "prebuild" "latest" "/opt/matomo" "matomo-*.zip"
@@ -71,18 +66,10 @@ function update_script() {
       mkdir -p /opt/matomo/misc/user
       cp -r /opt/matomo_user_backup/. /opt/matomo/misc/user
     fi
-    if [[ -f /opt/matomo_db_creds.bak ]]; then
-      cp /opt/matomo_db_creds.bak /opt/matomo/.mariadb-creds
-    fi
-    rm -f /opt/matomo_config.bak
-    rm -f /opt/matomo_db_creds.bak
+    [[ -f /opt/matomo_db_creds.bak ]] && cp /opt/matomo_db_creds.bak /root/matomo.creds
+    rm -f /opt/matomo_config.bak /opt/matomo_db_creds.bak
     rm -rf /opt/matomo_user_backup
     chown -R www-data:www-data /opt/matomo
-    if [[ -f /opt/matomo/.mariadb-creds ]]; then
-      chown root:root /opt/matomo/.mariadb-creds
-      chmod 600 /opt/matomo/.mariadb-creds
-    fi
-    rm -f /root/matomo.creds
     msg_ok "Restored Data"
 
     msg_info "Starting Services"

install/matomo-install.sh

@@ -21,7 +21,7 @@ mkdir -p /opt/matomo
 
 PHP_VERSION="8.3" PHP_FPM="YES" PHP_MODULES="pdo_mysql,gd,mbstring,xml,curl,intl,zip,ldap" setup_php
 setup_mariadb
-MARIADB_DB_CREDS_FILE="/opt/matomo/.mariadb-creds" MARIADB_DB_NAME="matomo" MARIADB_DB_USER="matomo" setup_mariadb_db
+MARIADB_DB_NAME="matomo" MARIADB_DB_USER="matomo" setup_mariadb_db
 
 msg_info "Allowing Local TCP Database Access"
 $STD mariadb -u root -e "CREATE USER IF NOT EXISTS '$MARIADB_DB_USER'@'127.0.0.1' IDENTIFIED BY '$MARIADB_DB_PASS';"
@@ -38,14 +38,9 @@ if [[ -d /opt/matomo/matomo ]]; then
   find /opt/matomo/matomo -mindepth 1 -maxdepth 1 -exec mv -t /opt/matomo {} +
   rm -rf /opt/matomo/matomo
 fi
-rm -rf /opt/matomo/tests
 mkdir -p /opt/matomo/tmp
 chown -R www-data:www-data /opt/matomo
 chmod -R 755 /opt/matomo/tmp
-if [[ -f /opt/matomo/.mariadb-creds ]]; then
-  chown root:root /opt/matomo/.mariadb-creds
-  chmod 600 /opt/matomo/.mariadb-creds
-fi
 msg_ok "Set up Matomo"
 
 msg_info "Configuring Caddy"
@@ -53,7 +48,7 @@ PHP_VER=$(php -r 'echo PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION;')
 cat <<EOF >/etc/caddy/Caddyfile
 :80 {
     root * /opt/matomo
-    @blocked path /config /config/* /tmp /tmp/*
+    @blocked path /config /config/* /tmp /tmp/* /.* /.*/*
     respond @blocked 403
     php_fastcgi unix//run/php/php${PHP_VER}-fpm.sock
     file_server

install/papermark-install.sh

@@ -29,14 +29,13 @@ POSTGRES_PRISMA_URL_NON_POOLING=${DB_URL}
 NEXTAUTH_SECRET=$(openssl rand -base64 32)
 NEXTAUTH_URL=http://${LOCAL_IP}:3000
 NEXT_PUBLIC_BASE_URL=http://${LOCAL_IP}:3000
+NEXT_PUBLIC_APP_BASE_HOST=app.example.local
+NEXT_PUBLIC_WEBHOOK_BASE_HOST=webhooks.example.local
 NODE_ENV=production
 EOF
 $STD npm install
 $STD npx prisma generate
 $STD npx prisma migrate deploy
-for f in next.config.js next.config.mjs next.config.ts; do
-  [[ -f "/opt/papermark/$f" ]] && sed -i 's/{"type":"host"}/{"type":"host","value":".*"}/g' "/opt/papermark/$f"
-done
 $STD npm run build
 msg_ok "Set up Papermark"
 

install/slink-install.sh

@@ -60,8 +60,8 @@ $STD composer install --no-dev --optimize-autoloader --no-interaction
 mkdir -p /opt/slink/{data,images}
 sed -i "s|'/services/api/|'/opt/slink/services/api/|" config/migrations/event_store.yaml
 php bin/console lexik:jwt:generate-keypair --skip-if-exists >/dev/null 2>&1 || true
-$STD php bin/console doctrine:database:create --connection=event_store --no-interaction
-$STD php bin/console doctrine:database:create --connection=read_model --no-interaction
+touch /opt/slink/services/api/var/data/slink_store.db
+touch /opt/slink/services/api/var/data/slink.db
 $STD php bin/console doctrine:migrations:migrate --no-interaction --em=read_model
 $STD php bin/console doctrine:migrations:migrate --no-interaction --configuration=config/migrations/event_store.yaml --em=event_store
 $STD php bin/console messenger:setup-transports --no-interaction