* Pangolin: Bump to 1.20.0 and harden SQLite migrations
Bump the default Pangolin version to 1.20.0 in both CT and install scripts. Update the CT upgrade path to validate required 1.20.0 schema objects, clear stale versionMigrations markers when needed, retry migrations once, and abort with a clear error if the schema is still incomplete to avoid a broken runtime.
* extend migration check...
* another try...
* bump pangolin to PSQL
* remove migration paths
* remove old migrations
* use create_backup and restore_backup
* Block Pangolin SQLite upgrades
Update the Pangolin CT upgrade path to fail fast when PostgreSQL is not installed. The script now explains that upgrades to Pangolin 1.20.0+ require PostgreSQL and that SQLite data cannot be migrated automatically.
* fix env
* Update pangolin.sh
* Update pangolin-install.sh
Use CLEAN_INSTALL with create_backup/restore_backup so stale v0.19.x source files no longer break go build after the integrations migration. Also set up the plugins directory and install official WASM bundles.
* fix(fileflows): handle update API failures and fix Node install
Server updates no longer abort on 401 or unreachable API; users can force deploy when security is enabled or the app is down. Node installs now pass --server during systemd setup, and Node updates skip the server-only API.
* Update fileflows.sh
Adds an install-time prompt to optionally enable Silverbullet's Runtime API by installing Chromium and configuring SB_CHROME_PATH / SB_CHROME_DATA_DIR.
Upstream BirdNET-Go releases now suffix tarball names with the release date (e.g. birdnet-go-linux-amd64-20260713.tar.gz). Use a wildcard pattern so install and update can fetch the latest release without falling back to older nightlies.
Fixes#15753
Server updates no longer abort on 401 or unreachable API; users can force deploy when security is enabled or the app is down. Node installs now pass --server during systemd setup, and Node updates skip the server-only API.
Add optional tag prefix filtering to GitHub/GitLab release helpers and use web-v2 for Storyteller install/update so latest non-web tags no longer break deployment.
* fix(hyperion): keep service running after container reboot
The packaged hyperion@.service declares "Requisite=network.target" but is
not ordered After=network.target. Inside an LXC the unit's start job can be
evaluated before network.target is active, and because Requisite= is stricter
than Requires= (it does not pull the unit in or wait for it) the job fails
with "Dependency failed", so Hyperion does not start after a reboot.
Add a systemd drop-in that clears Requisite=; ordering is still provided by
the base unit's Wants=/After=network-online.target.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* Fix Hyperion service startup issue in LXC
Remove Requisite from Hyperion service to ensure it starts correctly in LXC environments.
---------
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
Co-authored-by: CanbiZ (MickLesk) <47820557+MickLesk@users.noreply.github.com>
* fix(fileflows): install .NET 10 ASP.NET Core Runtime to match current release
FileFlows now ships its server/node binaries targeting .NET 10
(Microsoft.NETCore.App 10.0.0), but the install script still installs the
ASP.NET Core Runtime 8.0. On a fresh install the app therefore cannot start:
You must install or update .NET to run this application.
Framework: 'Microsoft.NETCore.App', version '10.0.0' (x64)
The following frameworks were found:
8.0.28 at [/usr/share/dotnet/shared/Microsoft.NETCore.App]
so "dotnet FileFlows.Server.dll --systemd install" fails with exit code 150
(service failed to start) and the container aborts (issue #15686).
Bump the runtime to 10.0 on both branches: aspnetcore-runtime-10.0 from
packages.microsoft.com on amd64 (the same repo and package already used by
igotify, rdtclient and technitiumdns) and dotnet-install --channel 10.0 on
arm64.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
* fix(fileflows): ensure current .NET runtime on update too
An existing install set up under an older .NET (e.g. aspnetcore-runtime-8.0)
would download a newer FileFlows on update but keep the old runtime, failing to
start with the same framework-not-found error. Mirror the runtime handling used
by technitiumdns/rdtclient in update_script.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
---------
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
AdventureLog's frontend install runs a bare `pnpm i`. On pnpm v10+, build
scripts of dependencies (esbuild, es5-ext, svelte-preprocess) are ignored by
default and pnpm aborts with ERR_PNPM_IGNORED_BUILDS (exit 1), so the install
never reaches `pnpm build`. The shipped frontend/pnpm-workspace.yaml already
pins esbuild, so those builds are expected to run.
Enable the builds for this app only by appending `dangerouslyAllowAllBuilds:
true` to the frontend's pnpm-workspace.yaml before `pnpm i`, in both the install
and update paths. The change is guarded so it is not duplicated on re-run, and
it is scoped to AdventureLog (which ships no onlyBuiltDependencies) to avoid the
global config conflict that a repo-wide setting would cause.
Fixes#15670
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
When the optional Unbound install is chosen with DoT forwarding, the script
truncated (>) /etc/unbound/unbound.conf.d/pi-hole.conf and rewrote it starting
with an indented "tls-cert-bundle:" option that has no "server:" section header.
unbound-checkconf rejects this ("syntax error, is there no section start"), so
"systemctl restart unbound" exits 1 and the install aborts (line 153). The
overwrite also dropped the interface/port 5335 settings Pi-hole forwards to.
Append (>>) the DoT additions to the existing recursive server block instead,
under a proper "server:" section (unbound merges multiple server: clauses), so
the tls-cert-bundle and forward-zone are valid and the resolver keeps listening
on 127.0.0.1:5335. Recursive (non-DoT) mode is unchanged.
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
* Add rackula (ct)
* Update rackula.sh
* Update install/rackula-install.sh
Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>
* Update install/rackula-install.sh
Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>
* fix(rackula): install Bun outside /root so hardened service unit can exec it (#15540)
rackula-api.service ships with ProtectHome=true and
ExecStart=/usr/local/bin/bun. With BUN_INSTALL=/root/.bun the symlink
resolves into /root, which is masked in the unit's mount namespace, so
the service fails with status=203/EXEC and crash-loops. Use /opt/bun
instead, matching yubal and gitea-mirror.
Also drop the unused BUN_VERSION/BUN_VARIANT block (bun.sh/install
takes the version as a positional arg and detects avx2/baseline
itself, so the env vars were dead code) and restore the msg_ok
"Installed Bun" / msg_info "Setting up Rackula" pair.
Claude-Session: https://claude.ai/code/session_011sGajwSQGg1vd6m2AC6Byq
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
* Refactor rackula-install.sh to streamline installation
Removed checks for security headers config file and adjusted installation steps for Bun and Rackula.
---------
Co-authored-by: push-app-to-main[bot] <203845782+push-app-to-main[bot]@users.noreply.github.com>
Co-authored-by: CanbiZ (MickLesk) <47820557+MickLesk@users.noreply.github.com>
Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>
Co-authored-by: Gareth Evans <63365672+ggfevans@users.noreply.github.com>
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>