- Remove rabbitmq-server from install dependencies
- Remove RabbitMQ configuration block from install script
- Remove Photon JAR download and photon.service from install script
- Remove RabbitMQ and Photon config from application.properties
- Update reitti.service After/Wants to drop rabbitmq and photon deps
- Add v3->v4 migration in update_script: purge RabbitMQ, disable Photon
service, clean up application.properties and service unit file
- Remove orphaned nginx tile cache migration block from update_script
Refs: https://www.dedicatedcode.com/projects/reitti/4.0/upgrade/
* fix(core): remove unused TEMP_DIR mktemp leak in build_container
The build_container() function created a temp directory via mktemp -d and
pushd into it, but never popd or rm -rf. The directory was not used for
anything — FUNCTIONS_FILE_PATH is downloaded into a variable, not a file.
Remove the mktemp -d and pushd entirely to eliminate the leak.
* fix(sonarqube): clean up temp file after zip extraction
The SonarQube update function (ct/sonarqube.sh) never deleted the
downloaded zip file (~200-500 MB) from /tmp after extraction. On LXC
containers with 4-8 GB disks, this accumulates with every update and
can eventually fill the disk.
Also add explicit cleanup in the install script instead of relying
solely on cleanup_lxc() pattern matching.
* Homarr: bind Redis to localhost only
* fix(homarr): make Redis bind directive idempotent
Replace unconditional append with grep guard to prevent duplicate
'bind 127.0.0.1 -::1' entries on repeated updates.
* Fix whitespace in homarr install script
Clean up minor whitespace issues in install/homarr-install.sh: remove an extra space before the here-path in the Redis config append (>>/etc/redis/redis.conf) and strip a trailing space after the nginx service name in the systemctl disable call. These are whitespace-only edits to keep the script tidy and avoid passing unintended whitespace to commands.
Helmet's useDefaults adds upgrade-insecure-requests to the CSP,
which forces browsers to upgrade all HTTP requests to HTTPS.
Since most LXC users access Immich directly via HTTP, this breaks
the web UI completely (CORS errors, spinning logo).
Patch helmet.json after deploy to explicitly null out the directive,
keeping CSP benefits while allowing HTTP access.
Fixes#13597
* Rename gokapi binary and update service
Change the installed binary name from pre-v2.2.4 `gokapi-linux_amd64` to v2.2.4+ `gokapi` and update service configuration accordingly. Add a migration step to remove any legacy `gokapi-linux_amd64` binary file, update binary reference in existing `gokapi.service`, and reload systemd before starting the service.
* Update comment for binary name migration
---------
Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>
