* Homarr: bind Redis to localhost only
* fix(homarr): make Redis bind directive idempotent
Replace unconditional append with grep guard to prevent duplicate
'bind 127.0.0.1 -::1' entries on repeated updates.
* Fix whitespace in homarr install script
Clean up minor whitespace issues in install/homarr-install.sh: remove an extra space before the here-path in the Redis config append (>>/etc/redis/redis.conf) and strip a trailing space after the nginx service name in the systemctl disable call. These are whitespace-only edits to keep the script tidy and avoid passing unintended whitespace to commands.
Helmet's useDefaults adds upgrade-insecure-requests to the CSP,
which forces browsers to upgrade all HTTP requests to HTTPS.
Since most LXC users access Immich directly via HTTP, this breaks
the web UI completely (CORS errors, spinning logo).
Patch helmet.json after deploy to explicitly null out the directive,
keeping CSP benefits while allowing HTTP access.
Fixes#13597
* Rename gokapi binary and update service
Change the installed binary name from pre-v2.2.4 `gokapi-linux_amd64` to v2.2.4+ `gokapi` and update service configuration accordingly. Add a migration step to remove any legacy `gokapi-linux_amd64` binary file, update binary reference in existing `gokapi.service`, and reload systemd before starting the service.
* Update comment for binary name migration
---------
Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>
* fix(immich): use start.sh in service, ensure DB_HOSTNAME in .env
* Bump Immich to v2.6.2 and adjust chown handling
Update Immich release references from v2.6.1 to v2.6.2 in ct/immich.sh and install/immich-install.sh. Replace broad recursive chown -R on the install dir with a safer approach that avoids recursing into the upload directory (which may be a mounted volume with restricted permissions): set ownership on the install dir itself, chown each top-level entry except 'upload', and attempt to chown the upload path while ignoring errors. Also adjust ordering for /var/log/immich chown to avoid permission issues when enabling services.
* fix(nginxproxymanager): build OpenResty from source via GitHub releases
Replace the unreliable openresty.org apt repository with building
OpenResty from source. Uses fetch_and_deploy_gh_release to download
from github.com/openresty/openresty/releases, then compiles locally.
The apt mirror frequently has sync issues (mismatched file sizes/hashes)
causing 'apt update' to fail with exit code 100.
Changes:
- Use fetch_and_deploy_gh_release for OpenResty source download
- Compile with configure/make/make install
- Add build dependencies (libpcre3-dev, libssl-dev, zlib1g-dev)
- Create systemd service unit for source-built OpenResty
- Update script: remove old apt repo, migrate to source build
* Fix installation command syntax for dependencies
* bump from ved testing
* fix(kometa): fix config.yml sed patterns, add Quickstart integration
- Fix sed commands for plex token and tmdb apikey (empty values in template, not hash placeholders)
- Use section-aware sed to avoid replacing wrong token/apikey fields
- Add Kometa Quickstart web UI on port 7171
* Enhance kometa-install.sh for virtualenv and services
Updated the installation script to include a virtual environment setup and modified service enabling commands.
* Update install/kometa-install.sh
Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>
---------
Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com>
Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>
