The update was failing with 'mv: cannot stat /opt/2fauth-backup/.env:
No such file or directory' on a system where a previous run had left
/opt/2fauth-backup behind. mv would then nest /opt/2fauth inside the
existing backup directory (as /opt/2fauth-backup/2fauth/), so the
restore step looked at the wrong path.
After fixing that, the app returned a 500 ('Key path
file:///opt/2fauth/storage/oauth-public.key does not exist or is not
readable') because chown/chmod ran before composer install and
php artisan 2fauth:install, leaving vendor/, bootstrap/cache/* and
the regenerated oauth keys owned by root and unreadable by www-data.
- Remove any stale /opt/2fauth-backup before creating the backup, and
remove it again at the end so the next run starts clean
- Use cp instead of mv when restoring .env/storage so the backup is
preserved until the update completes
- Move chown/chmod to AFTER composer + artisan, matching the order in
install/2fauth-install.sh
- Restart php8.4-fpm in addition to nginx so opcache picks up the new
cached config
- Drop redundant quotes around literal paths to match the rest of the
codebase
Stop vmagent and vmalert services (if present) before deploying the
vmutils tarball during updates, and restart them afterward. Running
vmutils daemons (vmagent-prod, vmalert-prod) cause cp to fail with
ETXTBSY when their binaries are overwritten in /opt/victoriametrics.
Fixes#14014
* feat(nodejs): auto-size NODE_OPTIONS heap and apply in Termix updates
- setup_nodejs now sets NODE_OPTIONS only when not already set
- Heap size is auto-derived from NODE_MAX_OLD_SPACE_SIZE, var_ram, or MemTotal
- Auto heap is clamped to 1024..4096 MB to avoid too-small or too-large defaults
- Termix update path now calls setup_nodejs before frontend/backend builds so
Node heap defaults are applied consistently during updates
* feat(error-handler): add actionable Node.js heap OOM guidance
Detect probable Node.js heap out-of-memory failures from log patterns and
common build exit codes, then print targeted remediation hints instead of
only a generic SIGABRT/SIGKILL message.
- Detect OOM patterns in last log lines (Reached heap limit, JS heap OOM)
- Treat node build contexts with exit 134/137/243 as likely heap issues
- Suggest computed --max-old-space-size based on NODE_OPTIONS, var_ram,
or MemTotal (clamped to 1024..4096 MB)
- Recommend calling setup_nodejs before build steps so defaults apply
* refactor(node-heap): raise auto cap to 12GB and simplify OOM hint
- Increase setup_nodejs auto heap clamp from 4GB to 12GB for heavy frontend builds
- Keep lower bound at 1GB and preserve user override precedence
- Simplify error_handler Node OOM output to a single concise hint
- Align error_handler heap suggestion clamp to 12GB
* fix(mealie): restore start.sh before build steps to prevent broken container
When CLEAN_INSTALL=1 wipes /opt/mealie/* and a subsequent build step fails
(uv sync, yarn install, yarn generate - e.g. due to OOM or network error),
start.sh was never written because it was created at the very end of the
update function. On the next reboot systemd could not find the ExecStart
binary and the container was left in a permanently broken state.
Fix: move mealie.env restore and start.sh creation to immediately after
fetch_and_deploy_gh_release, before any build steps that can fail. This
ensures the service entry point is always present even if the build is
interrupted, allowing uv to self-heal on next startup.
Fixes: #13945
* fix(mealie): backup and restore start.sh alongside mealie.env
Instead of recreating start.sh from a heredoc after CLEAN_INSTALL wipes
/opt/mealie/*, simply back it up before the wipe and restore it together
with mealie.env. Simpler and avoids any drift between the hardcoded
heredoc and what was actually installed.
* fix(mealie): fallback heredoc if start.sh missing before backup
* fix(twingate-connector): perform real apt upgrade during update flow
The update path used ensure_dependencies, which only installs missing
packages and does not upgrade already installed ones. As a result, users
could see 'Updated successfully' even when a newer twingate-connector
version was available.
Switch update_script to a real package update flow:
- ensure apt is healthy
- refresh apt metadata
- install/upgrade twingate-connector via retry helper
- restart service
This aligns behavior with Twingate's documented upgrade process.
* Update twingate-connector.sh
The previous migration fix attempted to INSERT INTO 'userOrgRoles' before
that table existed (it is new in 1.17.1). The error was silently ignored,
so no role data was migrated. When drizzle-kit then dropped roleId from
userOrgs, all user-role associations were permanently lost.
- CREATE TABLE IF NOT EXISTS for userOrgRoles before migrating data
- Same treatment for userInviteRoles (also new in 1.17.1)
Fixescommunity-scripts/ProxmoxVE#13857
* fix(node): align Node.js versions with upstream for 5 scripts
Update scripts where upstream requires a newer Node.js version:
- iobroker: 22 → 24 (upstream .nvmrc)
- kima-hub: 20 → 22 (upstream Dockerfile)
- myip: 22 → 24 (upstream Dockerfile)
- outline: 22 → 24 (upstream Dockerfile)
- shelfmark: 22 → 24 (upstream Dockerfile)
Skipped 15 scripts where our version is already newer than upstream.
Ref: community-scripts/ProxmoxVE#13870
* fix(node): add setup_nodejs to update scripts for iobroker, kima-hub, myip
These three scripts had NODE_VERSION in install but not in update,
so running an update would not upgrade Node.js to the correct version.
- iobroker: add NODE_VERSION=24
- kima-hub: add NODE_VERSION=22
- myip: add NODE_VERSION=24
