Switch development builds to production and harden install/update steps across several apps.
- Akaunting: use `npm run production` instead of `npm run dev` in both install and update scripts to produce production assets.
- Blinko: make bun installs run with `--unsafe-perm`, run `bun run build:web` and `bun run build:seed`, copy built public assets into `/opt/blinko/server/public`, run prisma migrations, and execute the generated seed script. Add PORT and NEXT_PUBLIC_BASE_URL to the .env. Update the systemd service to use WorkingDirectory `/opt/blinko/server` and start the app with `node /opt/blinko/dist/index.js`.
- InvoiceShelf & SolidTime: stop capturing APP_KEY via `php artisan key:generate --show` + sed; instead run `php artisan key:generate` during install after composer install. SolidTime also runs `php artisan storage:link` after build. These changes simplify key generation and ensure proper storage linking.
Overall these updates ensure production-ready builds, proper artifact placement, and correct runtime configuration for services.
Replace the generic ${APP} placeholder with explicit, consistently capitalized application names in install scripts to produce clearer log output. Affected scripts: install/{akaunting,blinko,dagu,gogs,invoiceshelf,matomo,papermark,rss-bridge,solidtime}-install.sh. Changes update msg_info and msg_ok messages only.
Install Bun during setup and replace npm/npx calls with bun/bunx. Added Bun install (sets BUN_INSTALL, runs bun install script, and symlinks bun and bunx to /usr/local/bin) in install/blinko-install.sh. Updated ct/blinko.sh and install/blinko-install.sh to use `bun install`, `bunx prisma ...`, and `bun run build` instead of npm/npx commands for dependency install, Prisma generate/migrate, and build steps.
Add new ProxmoxVED container templates (ct/*.sh), install scripts (install/*.sh) and metadata (json/*.json) for multiple applications: Akaunting, Blinko, Certimate, Dagu, Gogs, InvoiceShelf, Matomo, Papermark, RSS-Bridge, SolidTime and WhoDB. Each ct script includes update logic and deployment helpers; install scripts handle dependency installation, service creation (systemd), DB setup, and Caddy/PHP/Node/Postgres configuration where applicable. JSON entries provide UI metadata, resource defaults and access ports for each app.
Refactor ente-install.sh to make first-time setup more robust: update ente-get-verification to use a new log pattern and broader fallback, add run_psql and run_psql_exec helpers for consistent sudo-psql usage, implement a retry loop when polling for the verification code, and improve prompts/error messages. Switch admin whitelisting to use the numeric user_id (and verify existence) instead of email in museum.yaml. Simplify and harden subscription upgrade logic to use the new DB helpers and ensure inserts/updates run under the postgres user. Miscellaneous messaging and minor formatting tweaks.
Remove non-portable dummy_touchscreen InputDevice from Xorg config and adjust dummy_mouse entry. Hardcode supervisord environment/user/display to 'neko' and :99.0 for X, PulseAudio, Firefox, Openbox and the Neko server to simplify runtime on bare-metal. Update /etc/neko/neko.yaml to disable session cookies, enable WebRTC icelite, add nat1to1 mapping with ${LOCAL_IP}, set EPR port range 59000-59100, and disable desktop input. Update json/neko.json to clear the default username (null) and clarify the password-only login note. These changes make the packaged runtime compatible without the custom Xorg driver and streamline defaults for deployment.
Introduce Neko container template with installer and metadata. Adds ct/neko.sh (container install entrypoint and update routine), install/neko-install.sh (detailed install/build steps: fetch GitHub release m1k1o/neko, build client/server, configure supervisord, systemd service, runtime users, plugins, and default neko.yaml), and json/neko.json (app metadata, resources, port 8080, default credentials and notes). Enables automated provisioning of the Neko WebRTC virtual browser on Debian 12 with default CPU/RAM/disk values.
Add a new .github agent (pve-script-creator.agent.md) with workflow and strict rules for generating CT/install/json files. Remove legacy CT/install/json artifacts for alpine-ironclaw and openthread-br (ct/, install/, json/ entries deleted). Also adjust mqttx update logic: set CLEAN_INSTALL=1 and move the update msg_info after fetch_and_deploy_gh_release to ensure a clean deployment before reporting/updating and then run yarn build in the app web dir.
MQTTX Web is a static browser-based MQTT client with no backend.
Makes more sense as an addon installable into any existing container
than as a dedicated LXC.
Addon installs into /opt/mqttx, builds web/ with yarn, serves via
Nginx on configurable port (default 8095). Supports install/update/uninstall.
Add NEXT_PUBLIC_ALLOW_CREDENTIALS=true to .env and export it during
build. Without this, only magic-link login is available which requires
SMTP configuration. Email+password auth allows registration without
any mail server.
Fleet requires Redis for live queries, async jobs, and distributed
locking. Without it the fleet serve process fails on startup.
- Install redis-server package
- Add FLEET_REDIS_ADDRESS=127.0.0.1:6379 to .env
- Add redis-server.service to systemd After/Requires
- Enable redis-server alongside fleet service
Puter: protocol was missing from config.json, causing origin to be
computed as 'undefined://IP:4100'. All API/WebSocket URLs inherited
this broken value, making the frontend unable to load.
Fleet: MySQL APT repo requires Debian 12 (Bookworm), not 13.
Puter requires services.database.engine in config.json. When the
config file is auto-generated it includes this, but our custom config
was missing it, causing: 'Must specify engine for service database'
and cascade failure of all services depending on the DB.
Next.js pre-renders pages during build. With POSTGRES_URL exported,
Server Components try to query DB tables that don't exist yet
(migrations run after build), causing the build to hang indefinitely.
Docker build does NOT set POSTGRES_URL and sets CI=true to skip env
validation. Match that behavior.
MariaDB fails on migration 20240905200000_UninstallPackages due to
SQL syntax incompatibility (MODIFY COLUMN ... NULL). Use real MySQL
with manual DB setup instead of setup_mariadb_db.
- Fix event_store.yaml migration path for LXC environment
- Add doctrine:database:create for both connections
- Run separate migrations for read_model and event_store entity managers
- Add messenger:setup-transports to create messenger_messages table
- Use $STD for all console commands
- Fix admin email in creds file
The single quotes around the spinel+hdlc+forkpty URL in the comment
example become part of the value when users copy it into the
double-quoted OTBR_AGENT_OPTS string, causing 'spinel interface name
is not supported' error.
- slink: APP_ENV and APP_SECRET not present in .env.example, sed patterns
never matched → Symfony defaulted to dev mode → WebProfilerBundle crash
(not installed with --no-dev). Now appends APP_ENV=prod + APP_SECRET.
- fleet: use setup_mariadb_db helper instead of manual SQL, reference
MARIADB_DB_PASS, depend on mariadb.service
Lychee's .env.example has '#DB_DATABASE=' (commented out). The sed
pattern '^DB_DATABASE=' didn't match, so Laravel fell back to the
default database name 'forge'. Use '^#\?DB_DATABASE=' to match both
commented and uncommented lines.
- fleet: use setup_mariadb instead of setup_mysql (MariaDB works fine for
Fleet and avoids MySQL repo complexity on trixie)
- tools.func: add missing mysql) case block to manage_tool_repository
(was causing 'Unknown tool repository: mysql' error)
- kan: write .env before build, source it + export for build-time validation
instead of inline exports (cleaner, consistent with codebase pattern)
- puter: set domain to container IP + experimental_no_subdomain so Puter
accepts Host header when accessed via raw IP (default puter.localhost
rejects all non-matching hosts)
- openthread-br: add socat dep for TCP adapters, add --vendor-name/--model-name
(mandatory), bind REST API to 0.0.0.0:8081, configure otbr-web to listen on
all interfaces, update TCP example with socat forkpty pattern
- kan: export BETTER_AUTH_SECRET and POSTGRES_URL before build (required by
@t3-oss/env-nextjs zod validation at build time)
- mysql: remove MariaDB-on-trixie workaround (MySQL repo now has trixie packages),
update GPG key from RPM-GPG-KEY-mysql-2023 to RPM-GPG-KEY-mysql-2025
puter: create config.json with allow_nipio_domains to fix 'Invalid Host Header' on LAN
slink: replace $STD with plain redirects on fallible console commands (silent() hard-exits before || true)
slink: add ORIGIN env var via EnvironmentFile for SvelteKit CSRF to allow LAN login
- Set ADMIN_EMAIL/ADMIN_PASSWORD so admin user is created on first boot
- Generate JWT keypair for authentication to work
- Run doctrine:migrations:migrate for DB schema
- Save credentials to ~/slink.creds
- nginx: add exact-match location for /uploads (no trailing slash)
to handle S3 presigned POST URLs from Plane's storage backend
- ct: fix curl -s to curl -fsSL for consistency with other scripts
