Replace Node.js usage with bun across install and control scripts: run /opt/blinko/dist/seed.js with bun during install and update, and start the service with bun using --env-file. Also remove the hardcoded PORT from the generated .env. These changes unify the runtime, ensure migrations and seeding use bun, and load environment variables directly when starting the service.
Switch development builds to production and harden install/update steps across several apps.
- Akaunting: use `npm run production` instead of `npm run dev` in both install and update scripts to produce production assets.
- Blinko: make bun installs run with `--unsafe-perm`, run `bun run build:web` and `bun run build:seed`, copy built public assets into `/opt/blinko/server/public`, run prisma migrations, and execute the generated seed script. Add PORT and NEXT_PUBLIC_BASE_URL to the .env. Update the systemd service to use WorkingDirectory `/opt/blinko/server` and start the app with `node /opt/blinko/dist/index.js`.
- InvoiceShelf & SolidTime: stop capturing APP_KEY via `php artisan key:generate --show` + sed; instead run `php artisan key:generate` during install after composer install. SolidTime also runs `php artisan storage:link` after build. These changes simplify key generation and ensure proper storage linking.
Overall these updates ensure production-ready builds, proper artifact placement, and correct runtime configuration for services.
Replace the generic ${APP} placeholder with explicit, consistently capitalized application names in install scripts to produce clearer log output. Affected scripts: install/{akaunting,blinko,dagu,gogs,invoiceshelf,matomo,papermark,rss-bridge,solidtime}-install.sh. Changes update msg_info and msg_ok messages only.
Install Bun during setup and replace npm/npx calls with bun/bunx. Added Bun install (sets BUN_INSTALL, runs bun install script, and symlinks bun and bunx to /usr/local/bin) in install/blinko-install.sh. Updated ct/blinko.sh and install/blinko-install.sh to use `bun install`, `bunx prisma ...`, and `bun run build` instead of npm/npx commands for dependency install, Prisma generate/migrate, and build steps.
Add new ProxmoxVED container templates (ct/*.sh), install scripts (install/*.sh) and metadata (json/*.json) for multiple applications: Akaunting, Blinko, Certimate, Dagu, Gogs, InvoiceShelf, Matomo, Papermark, RSS-Bridge, SolidTime and WhoDB. Each ct script includes update logic and deployment helpers; install scripts handle dependency installation, service creation (systemd), DB setup, and Caddy/PHP/Node/Postgres configuration where applicable. JSON entries provide UI metadata, resource defaults and access ports for each app.
Refactor ente-install.sh to make first-time setup more robust: update ente-get-verification to use a new log pattern and broader fallback, add run_psql and run_psql_exec helpers for consistent sudo-psql usage, implement a retry loop when polling for the verification code, and improve prompts/error messages. Switch admin whitelisting to use the numeric user_id (and verify existence) instead of email in museum.yaml. Simplify and harden subscription upgrade logic to use the new DB helpers and ensure inserts/updates run under the postgres user. Miscellaneous messaging and minor formatting tweaks.
Remove non-portable dummy_touchscreen InputDevice from Xorg config and adjust dummy_mouse entry. Hardcode supervisord environment/user/display to 'neko' and :99.0 for X, PulseAudio, Firefox, Openbox and the Neko server to simplify runtime on bare-metal. Update /etc/neko/neko.yaml to disable session cookies, enable WebRTC icelite, add nat1to1 mapping with ${LOCAL_IP}, set EPR port range 59000-59100, and disable desktop input. Update json/neko.json to clear the default username (null) and clarify the password-only login note. These changes make the packaged runtime compatible without the custom Xorg driver and streamline defaults for deployment.
Introduce Neko container template with installer and metadata. Adds ct/neko.sh (container install entrypoint and update routine), install/neko-install.sh (detailed install/build steps: fetch GitHub release m1k1o/neko, build client/server, configure supervisord, systemd service, runtime users, plugins, and default neko.yaml), and json/neko.json (app metadata, resources, port 8080, default credentials and notes). Enables automated provisioning of the Neko WebRTC virtual browser on Debian 12 with default CPU/RAM/disk values.
Add a new .github agent (pve-script-creator.agent.md) with workflow and strict rules for generating CT/install/json files. Remove legacy CT/install/json artifacts for alpine-ironclaw and openthread-br (ct/, install/, json/ entries deleted). Also adjust mqttx update logic: set CLEAN_INSTALL=1 and move the update msg_info after fetch_and_deploy_gh_release to ensure a clean deployment before reporting/updating and then run yarn build in the app web dir.
MQTTX Web is a static browser-based MQTT client with no backend.
Makes more sense as an addon installable into any existing container
than as a dedicated LXC.
Addon installs into /opt/mqttx, builds web/ with yarn, serves via
Nginx on configurable port (default 8095). Supports install/update/uninstall.
Add NEXT_PUBLIC_ALLOW_CREDENTIALS=true to .env and export it during
build. Without this, only magic-link login is available which requires
SMTP configuration. Email+password auth allows registration without
any mail server.
Fleet requires Redis for live queries, async jobs, and distributed
locking. Without it the fleet serve process fails on startup.
- Install redis-server package
- Add FLEET_REDIS_ADDRESS=127.0.0.1:6379 to .env
- Add redis-server.service to systemd After/Requires
- Enable redis-server alongside fleet service
Puter: protocol was missing from config.json, causing origin to be
computed as 'undefined://IP:4100'. All API/WebSocket URLs inherited
this broken value, making the frontend unable to load.
Fleet: MySQL APT repo requires Debian 12 (Bookworm), not 13.
Puter requires services.database.engine in config.json. When the
config file is auto-generated it includes this, but our custom config
was missing it, causing: 'Must specify engine for service database'
and cascade failure of all services depending on the DB.
Next.js pre-renders pages during build. With POSTGRES_URL exported,
Server Components try to query DB tables that don't exist yet
(migrations run after build), causing the build to hang indefinitely.
Docker build does NOT set POSTGRES_URL and sets CI=true to skip env
validation. Match that behavior.
MariaDB fails on migration 20240905200000_UninstallPackages due to
SQL syntax incompatibility (MODIFY COLUMN ... NULL). Use real MySQL
with manual DB setup instead of setup_mariadb_db.
- Fix event_store.yaml migration path for LXC environment
- Add doctrine:database:create for both connections
- Run separate migrations for read_model and event_store entity managers
- Add messenger:setup-transports to create messenger_messages table
- Use $STD for all console commands
- Fix admin email in creds file
The single quotes around the spinel+hdlc+forkpty URL in the comment
example become part of the value when users copy it into the
double-quoted OTBR_AGENT_OPTS string, causing 'spinel interface name
is not supported' error.
- slink: APP_ENV and APP_SECRET not present in .env.example, sed patterns
never matched → Symfony defaulted to dev mode → WebProfilerBundle crash
(not installed with --no-dev). Now appends APP_ENV=prod + APP_SECRET.
- fleet: use setup_mariadb_db helper instead of manual SQL, reference
MARIADB_DB_PASS, depend on mariadb.service
Lychee's .env.example has '#DB_DATABASE=' (commented out). The sed
pattern '^DB_DATABASE=' didn't match, so Laravel fell back to the
default database name 'forge'. Use '^#\?DB_DATABASE=' to match both
commented and uncommented lines.
- fleet: use setup_mariadb instead of setup_mysql (MariaDB works fine for
Fleet and avoids MySQL repo complexity on trixie)
- tools.func: add missing mysql) case block to manage_tool_repository
(was causing 'Unknown tool repository: mysql' error)
- kan: write .env before build, source it + export for build-time validation
instead of inline exports (cleaner, consistent with codebase pattern)
- puter: set domain to container IP + experimental_no_subdomain so Puter
accepts Host header when accessed via raw IP (default puter.localhost
rejects all non-matching hosts)
- openthread-br: add socat dep for TCP adapters, add --vendor-name/--model-name
(mandatory), bind REST API to 0.0.0.0:8081, configure otbr-web to listen on
all interfaces, update TCP example with socat forkpty pattern
- kan: export BETTER_AUTH_SECRET and POSTGRES_URL before build (required by
@t3-oss/env-nextjs zod validation at build time)
- mysql: remove MariaDB-on-trixie workaround (MySQL repo now has trixie packages),
update GPG key from RPM-GPG-KEY-mysql-2023 to RPM-GPG-KEY-mysql-2025
puter: create config.json with allow_nipio_domains to fix 'Invalid Host Header' on LAN
slink: replace $STD with plain redirects on fallible console commands (silent() hard-exits before || true)
slink: add ORIGIN env var via EnvironmentFile for SvelteKit CSRF to allow LAN login
