Seed a default admin account and harden the installer; update symlink behavior and LXC hook argument handling.
- Install: downgrade Node setup to 22, write ADMIN_EMAIL/ADMIN_PASSWORD into /opt/trek/server/.env for initial boot, chmod the file, wait for app health, then remove plaintext creds from the env and print the default admin credentials. Remove previous DB patching script and credentials file generation. Add health-check failure handling.
- ct/trek.sh: check for /opt/trek instead of ~/.trek, run npm ci without --production, and recreate server data/uploads by removing any existing dirs and creating explicit symlinks.
- Installer: mirror symlink strategy used in the container (rm then ln -s) and ensure generated ENCRYPTION_KEY note; add ADMIN_EMAIL default.
- json: set default username to admin@trek.local, update notes about seeded admin, ENCRYPTION_KEY storage, and APP_URL recommendation.
- tools/pve/lxc-prehook.sh: fix append_unique_line_in_ct to pass positional arguments into the bash -c snippet safely (avoid parent-shell expansion).
These changes ensure a reproducible default admin creation flow without leaving plaintext credentials, improve symlink handling, and fix a bug in the LXC prehook.
Change Foldergram installation to store media and config under /opt/foldergram_media (create media dir, write env file there, update systemd EnvironmentFile). Update ct/foldergram.sh to remove temporary backup/restore during updates. Update json/foldergram.json config_path and add an info note about where to place media. Add tools/pve/ct-batch-create.sh — a new Proxmox CT batch-creator script (interactive/unattended modes, caching, storage selection) to download and deploy multiple community-scripts CTs.
- Replace manual tag lookup + git clone/checkout with
fetch_and_deploy_gh_release (tarball mode) for both install and update
paths, matching repo convention (see ct/clickhouse.sh).
- Drop git, curl, ca-certificates from apt deps — base image ships them
and the helper no longer needs git.
- Remove the id -u etherpad guard; fresh LXC will not have the user.
- Bump Debian from 12 to 13 (trixie).
- Switch logo to selfh.st/icons webp.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Add optional Shlink Web Client installation and update workflow, switch init to use shlink-installer, and expose the web UI on port 3000. Changes include: use vendor/bin/shlink-installer init (sourcing /opt/shlink/.env) instead of direct db:migrate/create; create data directories (cache, locks, logs, proxies, temp-geolite); add interactive prompt to install the web client, fetch and deploy shlink-web-client GitHub releases, generate /opt/shlink-web-client/servers.json with the initial API key, and configure an nginx site serving the client on port 3000. The ct update script now also checks for and updates the web client release. Update metadata (json/shlink.json) to set interface_port to 3000 and add an info note about API (8080) vs Web Client (3000). Also print the 3000 URL on completion.
- Replace custom git clone + version tracking with fetch_and_deploy_gh_release tarball mode
- Replace manual version comparison with check_for_gh_release in update script
- Remove git from dependencies (no longer needed for tarball download)
- Version file ~/.clickstack now managed by tools.func
- Switch tag format from hyperdx@* to @hyperdx/app@* (v2.x releases)
- Remove @types/hyperdx__lucene workaround (fixed in v2.x)
- Fix API build path: dist/index.js -> build/index.js
- Use next start instead of standalone server for app
- Add IS_LOCAL_APP_MODE for auth-free local deployment
- Add DEFAULT_SOURCES/DEFAULT_CONNECTIONS for auto-provisioning
- Update script: fresh clone approach for major version changes
- Add corepack setup to update script for yarn version changes
Yarn Berry caches resolution descriptors in yarn.lock in a multi-line
block format that sed line-deletion cannot properly handle. The
@types/hyperdx__lucene -> npm:@types/lucene alias persists across all
partial cleanup attempts. Deleting yarn.lock forces a fresh resolution
from package.json only, which is safe for a build-from-source install.
- Use sed to remove all lines referencing the alias from yarn.lock
(both block headers and inline workspace dependency refs)
- Also strip @types/lucene resolution target (package doesn't exist)
- Remove .yarn/install-state.gz to clear Yarn Berry cached state
- Keep node -e for package.json cleanup (devDeps + resolutions)
Removing from packages/app/package.json devDependencies alone is not
enough — Yarn Berry still resolves the alias from yarn.lock entries.
sed removes all yarn.lock lines referencing the broken package.
- Event store migrations use PostgreSQL-specific SQL (SERIAL, UUID) that
fails on SQLite — replaced with doctrine:schema:update --force
- Run messenger:setup-transports BEFORE event_store schema to avoid
messenger_messages table conflict
- Read model migrations (--em=read_model) include role seeding (ROLE_USER,
ROLE_ADMIN) which doctrine:schema:create skips
- Fix default_credentials in json to match script (admin@slink.local)
- apt auto-starts caddy with default config (port 80); systemctl enable --now
is a no-op if already running, so new Caddyfile (:8080) was never loaded
- client falls back to http://localhost:8080 without explicit API_URL; add
API_URL=http://127.0.0.1:8080 to /etc/default/slink-client
v1.10.1 packages/app/package.json contains '@types/hyperdx__lucene': 'npm:@types/lucene'
but @types/lucene does not exist on npm (404), causing yarn install --immutable to fail.
Remove the devDependency via node patch before install and drop --immutable flag.
isCustomDomain() in middleware.ts treats any non-localhost/papermark.*/vercel
host as a custom domain in production, causing DomainMiddleware to redirect
/ to https://www.papermark.com when no Redis entry exists.
Fix: patch middleware.ts before build to exclude IP addresses from custom
domain detection.
- HANKO_API_KEY and NEXT_PUBLIC_HANKO_TENANT_ID are required at build time
(module throws hard error if unset during page data collection)
- QSTASH_TOKEN, NEXT_PRIVATE_DOCUMENT_PASSWORD_KEY, NEXT_PRIVATE_VERIFICATION_SECRET
added as placeholders/random values
- NODE_OPTIONS=--max-old-space-size=3584 for npm run build (Next.js OOM fix)
- RAM raised from 2048 to 4096 (Next.js build requires ~3.5GB heap)
- matomo: move creds to /root/matomo.creds (out of webroot), keep tests/ dir,
block dotfiles in Caddy (@blocked /.* pattern)
- papermark: add NEXT_PUBLIC_APP_BASE_HOST and NEXT_PUBLIC_WEBHOOK_BASE_HOST
placeholder env vars to prevent undefined 'value' in has:host routes
causing Next.js build failure
- slink: replace doctrine:database:create with touch for SQLite (getCreateDatabaseSQL
not supported by SQLitePlatform)
Stop removing /opt/matomo/node_modules in Matomo install/upgrade scripts (leave tests removal intact). For SolidTime, set SESSION_SECURE_COOKIE=false and APP_FORCE_HTTPS=false in the generated .env (and append them if missing) to ease non-HTTPS/local installs. Also add a warning message in the SolidTime UI JSON instructing admins to verify new accounts via: php /opt/solidtime/artisan admin:user:verify YOUR@EMAIL.
