npm - @calltelemetry/cli - Versions diffs - 0.6.11 → 0.6.13 - Mend

@calltelemetry/cli 0.6.11 → 0.6.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (103) hide show

package/dist/commands/appliance.d.ts +3 -0
package/dist/commands/appliance.d.ts.map +1 -0
package/dist/commands/appliance.js +99 -0
package/dist/commands/appliance.js.map +1 -0
package/dist/commands/update.d.ts.map +1 -1
package/dist/commands/update.js +19 -17
package/dist/commands/update.js.map +1 -1
package/dist/index.js +2 -0
package/dist/index.js.map +1 -1
package/dist/lib/bundle.d.ts.map +1 -1
package/dist/lib/bundle.js +12 -1
package/dist/lib/bundle.js.map +1 -1
package/dist/lib/migration-001-cgnat.d.ts +2 -0
package/dist/lib/migration-001-cgnat.d.ts.map +1 -0
package/dist/lib/migration-001-cgnat.js +59 -0
package/dist/lib/migration-001-cgnat.js.map +1 -0
package/dist/lib/migration-002-swap.d.ts +12 -0
package/dist/lib/migration-002-swap.d.ts.map +1 -0
package/dist/lib/migration-002-swap.js +103 -0
package/dist/lib/migration-002-swap.js.map +1 -0
package/dist/lib/migration-003-nm-heal.d.ts +12 -0
package/dist/lib/migration-003-nm-heal.d.ts.map +1 -0
package/dist/lib/migration-003-nm-heal.js +75 -0
package/dist/lib/migration-003-nm-heal.js.map +1 -0
package/dist/lib/migration-004-systemd-docker.d.ts +13 -0
package/dist/lib/migration-004-systemd-docker.d.ts.map +1 -0
package/dist/lib/migration-004-systemd-docker.js +48 -0
package/dist/lib/migration-004-systemd-docker.js.map +1 -0
package/dist/lib/migration-005-ssh-keys.d.ts +13 -0
package/dist/lib/migration-005-ssh-keys.d.ts.map +1 -0
package/dist/lib/migration-005-ssh-keys.js +49 -0
package/dist/lib/migration-005-ssh-keys.js.map +1 -0
package/dist/lib/migration-006-console-loglevel.d.ts +10 -0
package/dist/lib/migration-006-console-loglevel.d.ts.map +1 -0
package/dist/lib/migration-006-console-loglevel.js +27 -0
package/dist/lib/migration-006-console-loglevel.js.map +1 -0
package/dist/lib/migration-007-nm-keyfile.d.ts +10 -0
package/dist/lib/migration-007-nm-keyfile.d.ts.map +1 -0
package/dist/lib/migration-007-nm-keyfile.js +30 -0
package/dist/lib/migration-007-nm-keyfile.js.map +1 -0
package/dist/lib/migration-008-systemd-restart.d.ts +13 -0
package/dist/lib/migration-008-systemd-restart.d.ts.map +1 -0
package/dist/lib/migration-008-systemd-restart.js +41 -0
package/dist/lib/migration-008-systemd-restart.js.map +1 -0
package/dist/lib/migration-009-bind-mount-files.d.ts +11 -0
package/dist/lib/migration-009-bind-mount-files.d.ts.map +1 -0
package/dist/lib/migration-009-bind-mount-files.js +86 -0
package/dist/lib/migration-009-bind-mount-files.js.map +1 -0
package/dist/lib/migration-010-jtapi-state.d.ts +11 -0
package/dist/lib/migration-010-jtapi-state.d.ts.map +1 -0
package/dist/lib/migration-010-jtapi-state.js +61 -0
package/dist/lib/migration-010-jtapi-state.js.map +1 -0
package/dist/lib/migration-011-docker-memory-limit.d.ts +13 -0
package/dist/lib/migration-011-docker-memory-limit.d.ts.map +1 -0
package/dist/lib/migration-011-docker-memory-limit.js +45 -0
package/dist/lib/migration-011-docker-memory-limit.js.map +1 -0
package/dist/lib/migration-012-db-pool-sizes.d.ts +12 -0
package/dist/lib/migration-012-db-pool-sizes.d.ts.map +1 -0
package/dist/lib/migration-012-db-pool-sizes.js +64 -0
package/dist/lib/migration-012-db-pool-sizes.js.map +1 -0
package/dist/lib/migrations.d.ts +34 -0
package/dist/lib/migrations.d.ts.map +1 -0
package/dist/lib/migrations.js +179 -0
package/dist/lib/migrations.js.map +1 -0
package/dist/lib/update-steps.d.ts.map +1 -1
package/dist/lib/update-steps.js +12 -0
package/dist/lib/update-steps.js.map +1 -1
package/dist/lib/version.d.ts +1 -1
package/dist/lib/version.js +1 -1
package/dist/shell/commands/appliance-performance.d.ts +36 -0
package/dist/shell/commands/appliance-performance.d.ts.map +1 -0
package/dist/shell/commands/appliance-performance.js +221 -0
package/dist/shell/commands/appliance-performance.js.map +1 -0
package/dist/shell/commands/registry.d.ts.map +1 -1
package/dist/shell/commands/registry.js +19 -0
package/dist/shell/commands/registry.js.map +1 -1
package/dist/shell/commands/users.d.ts.map +1 -1
package/dist/shell/commands/users.js +42 -1
package/dist/shell/commands/users.js.map +1 -1
package/dist/shell/network-onboarding.d.ts +29 -7
package/dist/shell/network-onboarding.d.ts.map +1 -1
package/dist/shell/network-onboarding.js +332 -81
package/dist/shell/network-onboarding.js.map +1 -1
package/dist/ui/views/JtapiDisableView.d.ts +6 -0
package/dist/ui/views/JtapiDisableView.d.ts.map +1 -0
package/dist/ui/views/JtapiDisableView.js +52 -0
package/dist/ui/views/JtapiDisableView.js.map +1 -0
package/dist/ui/views/JtapiEnableView.d.ts +6 -0
package/dist/ui/views/JtapiEnableView.d.ts.map +1 -0
package/dist/ui/views/JtapiEnableView.js +40 -0
package/dist/ui/views/JtapiEnableView.js.map +1 -0
package/dist/ui/views/JtapiStatusView.d.ts +6 -0
package/dist/ui/views/JtapiStatusView.d.ts.map +1 -0
package/dist/ui/views/JtapiStatusView.js +11 -0
package/dist/ui/views/JtapiStatusView.js.map +1 -0
package/dist/ui/views/JtapiTroubleshootView.d.ts +6 -0
package/dist/ui/views/JtapiTroubleshootView.d.ts.map +1 -0
package/dist/ui/views/JtapiTroubleshootView.js +114 -0
package/dist/ui/views/JtapiTroubleshootView.js.map +1 -0
package/dist/ui/views/MainMenu.d.ts.map +1 -1
package/dist/ui/views/MainMenu.js +11 -0
package/dist/ui/views/MainMenu.js.map +1 -1
package/package.json +1 -1

package/dist/lib/migration-003-nm-heal.js ADDED Viewed

@@ -0,0 +1,75 @@
+/**
+ * Migration 003: Fix NetworkManager connection profiles.
+ *
+ * OVA images sometimes ship with `permissions=user:root:;` or
+ * `autoconnect=false` in NM connection profiles, which prevents
+ * auto-connect on boot and breaks DNS resolution after reboot.
+ *
+ * Previously a self-healing check in cli.sh that ran on every invocation.
+ * Now a one-time migration.
+ */
+import { existsSync, readdirSync, readFileSync } from 'node:fs';
+import { spawnSync } from 'node:child_process';
+import { join } from 'node:path';
+const NM_CONNECTIONS_DIR = '/etc/NetworkManager/system-connections';
+const NM_DOCKER_CONF = '/etc/NetworkManager/conf.d/docker-unmanaged.conf';
+export async function migrateNmHeal() {
+    // Skip if NetworkManager isn't installed
+    try {
+        const which = spawnSync('which', ['nmcli'], { stdio: 'pipe' });
+        if (which.status !== 0)
+            return false;
+    }
+    catch {
+        return false;
+    }
+    let changed = false;
+    // Fix 1: Remove `permissions=user:root:;` and fix `autoconnect=false`
+    if (existsSync(NM_CONNECTIONS_DIR)) {
+        try {
+            const files = readdirSync(NM_CONNECTIONS_DIR).filter(f => f.endsWith('.nmconnection'));
+            for (const file of files) {
+                const path = join(NM_CONNECTIONS_DIR, file);
+                try {
+                    const content = readFileSync(path, 'utf-8');
+                    if (content.includes('permissions=user:root:;') || content.includes('autoconnect=false')) {
+                        let patched = content
+                            .replace(/permissions=user:root:;\n?/g, '')
+                            .replace(/autoconnect=false/g, 'autoconnect=true');
+                        // Write via sudo
+                        const tmp = `/tmp/ct-nm-fix-${Date.now()}.nmconnection`;
+                        require('node:fs').writeFileSync(tmp, patched);
+                        spawnSync('sudo', ['cp', tmp, path], { stdio: 'pipe' });
+                        spawnSync('sudo', ['chmod', '600', path], { stdio: 'pipe' });
+                        try {
+                            require('node:fs').unlinkSync(tmp);
+                        }
+                        catch { /* ignore */ }
+                        changed = true;
+                    }
+                }
+                catch { /* skip unreadable files */ }
+            }
+        }
+        catch { /* dir not readable */ }
+    }
+    // Fix 2: Add Docker bridge unmanaged-devices rule
+    if (!existsSync(NM_DOCKER_CONF)) {
+        const content = '[keyfile]\nunmanaged-devices=interface-name:docker*;interface-name:br-*;interface-name:veth*\n';
+        const tmp = `/tmp/ct-nm-docker-${Date.now()}.conf`;
+        require('node:fs').writeFileSync(tmp, content);
+        spawnSync('sudo', ['mkdir', '-p', '/etc/NetworkManager/conf.d'], { stdio: 'pipe' });
+        spawnSync('sudo', ['cp', tmp, NM_DOCKER_CONF], { stdio: 'pipe' });
+        try {
+            require('node:fs').unlinkSync(tmp);
+        }
+        catch { /* ignore */ }
+        changed = true;
+    }
+    // Reload NM if anything changed
+    if (changed) {
+        spawnSync('sudo', ['nmcli', 'connection', 'reload'], { stdio: 'pipe' });
+    }
+    return changed;
+}
+//# sourceMappingURL=migration-003-nm-heal.js.map

package/dist/lib/migration-003-nm-heal.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"migration-003-nm-heal.js","sourceRoot":"","sources":["../../src/lib/migration-003-nm-heal.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAChE,OAAO,EAAE,SAAS,EAAY,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,MAAM,kBAAkB,GAAG,wCAAwC,CAAC;AACpE,MAAM,cAAc,GAAG,kDAAkD,CAAC;AAE1E,MAAM,CAAC,KAAK,UAAU,aAAa;IACjC,yCAAyC;IACzC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QAC/D,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,OAAO,GAAG,KAAK,CAAC;IAEpB,sEAAsE;IACtE,IAAI,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACnC,IAAI,CAAC;YACH,MAAM,KAAK,GAAG,WAAW,CAAC,kBAAkB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,CAAC;YAEvF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,MAAM,IAAI,GAAG,IAAI,CAAC,kBAAkB,EAAE,IAAI,CAAC,CAAC;gBAC5C,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;oBAE5C,IAAI,OAAO,CAAC,QAAQ,CAAC,yBAAyB,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;wBACzF,IAAI,OAAO,GAAG,OAAO;6BAClB,OAAO,CAAC,6BAA6B,EAAE,EAAE,CAAC;6BAC1C,OAAO,CAAC,oBAAoB,EAAE,kBAAkB,CAAC,CAAC;wBAErD,iBAAiB;wBACjB,MAAM,GAAG,GAAG,kBAAkB,IAAI,CAAC,GAAG,EAAE,eAAe,CAAC;wBACxD,OAAO,CAAC,SAAS,CAAC,CAAC,aAAa,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;wBAC/C,SAAS,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;wBACxD,SAAS,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;wBAC7D,IAAI,CAAC;4BAAC,OAAO,CAAC,SAAS,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;wBAAC,CAAC;wBAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;wBAClE,OAAO,GAAG,IAAI,CAAC;oBACjB,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC,CAAC,2BAA2B,CAAC,CAAC;YACzC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,sBAAsB,CAAC,CAAC;IACpC,CAAC;IAED,kDAAkD;IAClD,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,EAAE,CAAC;QAChC,MAAM,OAAO,GAAG,gGAAgG,CAAC;QACjH,MAAM,GAAG,GAAG,qBAAqB,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;QACnD,OAAO,CAAC,SAAS,CAAC,CAAC,aAAa,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;QAC/C,SAAS,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,4BAA4B,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QACpF,SAAS,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,cAAc,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QAClE,IAAI,CAAC;YAAC,OAAO,CAAC,SAAS,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAAC,CAAC;QAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;QAClE,OAAO,GAAG,IAAI,CAAC;IACjB,CAAC;IAED,gCAAgC;IAChC,IAAI,OAAO,EAAE,CAAC;QACZ,SAAS,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE,YAAY,EAAE,QAAQ,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IAC1E,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/lib/migration-004-systemd-docker.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * Migration 004: Harden Docker systemd boot ordering.
+ *
+ * Ensures Docker starts AFTER firewalld is fully ready. Without this,
+ * Docker races firewalld at boot and gets ZONE_CONFLICT errors, which
+ * can cause container networking to fail until manual restart.
+ *
+ * Creates /etc/systemd/system/docker.service.d/override.conf with:
+ *   After=network-online.target firewalld.service
+ *   Wants=network-online.target
+ */
+export declare function migrateSystemdDocker(): Promise<boolean>;
+//# sourceMappingURL=migration-004-systemd-docker.d.ts.map

package/dist/lib/migration-004-systemd-docker.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"migration-004-systemd-docker.d.ts","sourceRoot":"","sources":["../../src/lib/migration-004-systemd-docker.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAYH,wBAAsB,oBAAoB,IAAI,OAAO,CAAC,OAAO,CAAC,CA4B7D"}

package/dist/lib/migration-004-systemd-docker.js ADDED Viewed

@@ -0,0 +1,48 @@
+/**
+ * Migration 004: Harden Docker systemd boot ordering.
+ *
+ * Ensures Docker starts AFTER firewalld is fully ready. Without this,
+ * Docker races firewalld at boot and gets ZONE_CONFLICT errors, which
+ * can cause container networking to fail until manual restart.
+ *
+ * Creates /etc/systemd/system/docker.service.d/override.conf with:
+ *   After=network-online.target firewalld.service
+ *   Wants=network-online.target
+ */
+import { existsSync, readFileSync } from 'node:fs';
+import { spawnSync } from 'node:child_process';
+const OVERRIDE_DIR = '/etc/systemd/system/docker.service.d';
+const OVERRIDE_FILE = `${OVERRIDE_DIR}/override.conf`;
+const EXPECTED_CONTENT = `[Unit]
+After=network-online.target firewalld.service
+Wants=network-online.target
+`;
+export async function migrateSystemdDocker() {
+    // Check if override already exists with correct content
+    if (existsSync(OVERRIDE_FILE)) {
+        try {
+            const current = readFileSync(OVERRIDE_FILE, 'utf-8');
+            if (current.includes('firewalld.service')) {
+                return false; // Already correct
+            }
+        }
+        catch { /* unreadable — recreate */ }
+    }
+    // Create override directory
+    spawnSync('sudo', ['mkdir', '-p', OVERRIDE_DIR], { stdio: 'pipe' });
+    // Write override file via sudo
+    const tmp = `/tmp/ct-systemd-override-${Date.now()}.conf`;
+    require('node:fs').writeFileSync(tmp, EXPECTED_CONTENT);
+    const cp = spawnSync('sudo', ['cp', tmp, OVERRIDE_FILE], { stdio: 'pipe' });
+    try {
+        require('node:fs').unlinkSync(tmp);
+    }
+    catch { /* ignore */ }
+    if (cp.status !== 0) {
+        throw new Error(`Failed to write ${OVERRIDE_FILE}`);
+    }
+    // Reload systemd
+    spawnSync('sudo', ['systemctl', 'daemon-reload'], { stdio: 'pipe' });
+    return true;
+}
+//# sourceMappingURL=migration-004-systemd-docker.js.map

package/dist/lib/migration-004-systemd-docker.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"migration-004-systemd-docker.js","sourceRoot":"","sources":["../../src/lib/migration-004-systemd-docker.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAE/C,MAAM,YAAY,GAAG,sCAAsC,CAAC;AAC5D,MAAM,aAAa,GAAG,GAAG,YAAY,gBAAgB,CAAC;AACtD,MAAM,gBAAgB,GAAG;;;CAGxB,CAAC;AAEF,MAAM,CAAC,KAAK,UAAU,oBAAoB;IACxC,wDAAwD;IACxD,IAAI,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,YAAY,CAAC,aAAa,EAAE,OAAO,CAAC,CAAC;YACrD,IAAI,OAAO,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;gBAC1C,OAAO,KAAK,CAAC,CAAC,kBAAkB;YAClC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC,CAAC,2BAA2B,CAAC,CAAC;IACzC,CAAC;IAED,4BAA4B;IAC5B,SAAS,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE,IAAI,EAAE,YAAY,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IAEpE,+BAA+B;IAC/B,MAAM,GAAG,GAAG,4BAA4B,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC;IAC1D,OAAO,CAAC,SAAS,CAAC,CAAC,aAAa,CAAC,GAAG,EAAE,gBAAgB,CAAC,CAAC;IACxD,MAAM,EAAE,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,aAAa,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IAC5E,IAAI,CAAC;QAAC,OAAO,CAAC,SAAS,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;IAElE,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACpB,MAAM,IAAI,KAAK,CAAC,mBAAmB,aAAa,EAAE,CAAC,CAAC;IACtD,CAAC;IAED,iBAAiB;IACjB,SAAS,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,eAAe,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IAErE,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/lib/migration-005-ssh-keys.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * Migration 005: Regenerate SSH host keys.
+ *
+ * OVA clones share the same SSH host keys from the template build,
+ * enabling MITM attacks between appliances. This migration regenerates
+ * unique host keys for each appliance.
+ *
+ * Only runs if the key fingerprint matches a known OVA template
+ * fingerprint, or if a sentinel file indicates keys haven't been
+ * regenerated since OVA deployment.
+ */
+export declare function migrateSshKeys(): Promise<boolean>;
+//# sourceMappingURL=migration-005-ssh-keys.d.ts.map

package/dist/lib/migration-005-ssh-keys.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"migration-005-ssh-keys.d.ts","sourceRoot":"","sources":["../../src/lib/migration-005-ssh-keys.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAOH,wBAAsB,cAAc,IAAI,OAAO,CAAC,OAAO,CAAC,CAmCvD"}

package/dist/lib/migration-005-ssh-keys.js ADDED Viewed

@@ -0,0 +1,49 @@
+/**
+ * Migration 005: Regenerate SSH host keys.
+ *
+ * OVA clones share the same SSH host keys from the template build,
+ * enabling MITM attacks between appliances. This migration regenerates
+ * unique host keys for each appliance.
+ *
+ * Only runs if the key fingerprint matches a known OVA template
+ * fingerprint, or if a sentinel file indicates keys haven't been
+ * regenerated since OVA deployment.
+ */
+import { existsSync } from 'node:fs';
+import { spawnSync } from 'node:child_process';
+const SSH_REGEN_SENTINEL = '/etc/ct-ssh-keys-regenerated';
+export async function migrateSshKeys() {
+    // If sentinel exists, keys were already regenerated
+    if (existsSync(SSH_REGEN_SENTINEL)) {
+        return false;
+    }
+    // Check if SSH host keys exist at all
+    const hasKeys = existsSync('/etc/ssh/ssh_host_ed25519_key') ||
+        existsSync('/etc/ssh/ssh_host_rsa_key');
+    if (!hasKeys) {
+        // No keys at all — generate fresh ones
+        spawnSync('sudo', ['ssh-keygen', '-A'], { stdio: 'pipe' });
+    }
+    else {
+        // Keys exist but may be from OVA template — regenerate
+        // Remove old keys
+        spawnSync('sudo', ['bash', '-c', 'rm -f /etc/ssh/ssh_host_*_key*'], { stdio: 'pipe' });
+        // Generate new keys
+        const keygen = spawnSync('sudo', ['ssh-keygen', '-A'], { stdio: 'pipe' });
+        if (keygen.status !== 0) {
+            throw new Error('ssh-keygen -A failed');
+        }
+    }
+    // Write sentinel so this never runs again
+    const tmp = `/tmp/ct-ssh-sentinel-${Date.now()}`;
+    require('node:fs').writeFileSync(tmp, new Date().toISOString());
+    spawnSync('sudo', ['cp', tmp, SSH_REGEN_SENTINEL], { stdio: 'pipe' });
+    try {
+        require('node:fs').unlinkSync(tmp);
+    }
+    catch { /* ignore */ }
+    // Reload sshd to pick up new keys (don't restart — would kill current session)
+    spawnSync('sudo', ['systemctl', 'reload', 'sshd'], { stdio: 'pipe' });
+    return true;
+}
+//# sourceMappingURL=migration-005-ssh-keys.js.map

package/dist/lib/migration-005-ssh-keys.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"migration-005-ssh-keys.js","sourceRoot":"","sources":["../../src/lib/migration-005-ssh-keys.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,SAAS,EAAY,MAAM,oBAAoB,CAAC;AAEzD,MAAM,kBAAkB,GAAG,8BAA8B,CAAC;AAE1D,MAAM,CAAC,KAAK,UAAU,cAAc;IAClC,oDAAoD;IACpD,IAAI,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACnC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,sCAAsC;IACtC,MAAM,OAAO,GAAG,UAAU,CAAC,+BAA+B,CAAC;QAC3C,UAAU,CAAC,2BAA2B,CAAC,CAAC;IAExD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,uCAAuC;QACvC,SAAS,CAAC,MAAM,EAAE,CAAC,YAAY,EAAE,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IAC7D,CAAC;SAAM,CAAC;QACN,uDAAuD;QACvD,kBAAkB;QAClB,SAAS,CAAC,MAAM,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,gCAAgC,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QAEvF,oBAAoB;QACpB,MAAM,MAAM,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,YAAY,EAAE,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QAC1E,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxB,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;IACH,CAAC;IAED,0CAA0C;IAC1C,MAAM,GAAG,GAAG,wBAAwB,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;IACjD,OAAO,CAAC,SAAS,CAAC,CAAC,aAAa,CAAC,GAAG,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;IAChE,SAAS,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,kBAAkB,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IACtE,IAAI,CAAC;QAAC,OAAO,CAAC,SAAS,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;IAElE,+EAA+E;IAC/E,SAAS,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,QAAQ,EAAE,MAAM,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IAEtE,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/lib/migration-006-console-loglevel.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/**
+ * Migration 006: Suppress noisy kernel console warnings.
+ *
+ * Docker/firewalld loads nft_compat and ip_set kernel modules which emit
+ * KERN_WARNING (level 4) messages to the console. These clutter the TTY
+ * and alarm users. The kernel cmdline loglevel=3 set during OVA build
+ * gets reset by systemd on boot; a sysctl.d drop-in persists it.
+ */
+export declare function migrateConsoleLoglevel(): Promise<boolean>;
+//# sourceMappingURL=migration-006-console-loglevel.d.ts.map

package/dist/lib/migration-006-console-loglevel.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"migration-006-console-loglevel.d.ts","sourceRoot":"","sources":["../../src/lib/migration-006-console-loglevel.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAOH,wBAAsB,sBAAsB,IAAI,OAAO,CAAC,OAAO,CAAC,CAc/D"}

package/dist/lib/migration-006-console-loglevel.js ADDED Viewed

@@ -0,0 +1,27 @@
+/**
+ * Migration 006: Suppress noisy kernel console warnings.
+ *
+ * Docker/firewalld loads nft_compat and ip_set kernel modules which emit
+ * KERN_WARNING (level 4) messages to the console. These clutter the TTY
+ * and alarm users. The kernel cmdline loglevel=3 set during OVA build
+ * gets reset by systemd on boot; a sysctl.d drop-in persists it.
+ */
+import { existsSync, writeFileSync, unlinkSync } from 'node:fs';
+import { spawnSync } from 'node:child_process';
+const SYSCTL_FILE = '/etc/sysctl.d/99-console-loglevel.conf';
+export async function migrateConsoleLoglevel() {
+    if (existsSync(SYSCTL_FILE)) {
+        return false;
+    }
+    const content = 'kernel.printk = 3 4 1 3\n';
+    const tmp = `/tmp/ct-loglevel-${Date.now()}`;
+    writeFileSync(tmp, content);
+    spawnSync('sudo', ['cp', tmp, SYSCTL_FILE], { stdio: 'pipe' });
+    try {
+        unlinkSync(tmp);
+    }
+    catch { /* ignore */ }
+    spawnSync('sudo', ['sysctl', '-p', SYSCTL_FILE], { stdio: 'pipe' });
+    return true;
+}
+//# sourceMappingURL=migration-006-console-loglevel.js.map

package/dist/lib/migration-006-console-loglevel.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"migration-006-console-loglevel.js","sourceRoot":"","sources":["../../src/lib/migration-006-console-loglevel.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAChE,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAE/C,MAAM,WAAW,GAAG,wCAAwC,CAAC;AAE7D,MAAM,CAAC,KAAK,UAAU,sBAAsB;IAC1C,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC5B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,OAAO,GAAG,2BAA2B,CAAC;IAC5C,MAAM,GAAG,GAAG,oBAAoB,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;IAC7C,aAAa,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAC5B,SAAS,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,WAAW,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IAC/D,IAAI,CAAC;QAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAAC,CAAC;IAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC;IAE/C,SAAS,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,IAAI,EAAE,WAAW,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IAEpE,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/lib/migration-007-nm-keyfile.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+/**
+ * Migration 007: Migrate legacy ifcfg network configs to NM keyfile format.
+ *
+ * RHEL 9 / AlmaLinux 9 deprecated the ifcfg backend for NetworkManager.
+ * Connections still using ifcfg-rh files emit deprecation warnings in logs
+ * and will stop working in future RHEL releases. `nmcli connection migrate`
+ * converts them to the native keyfile format in /etc/NetworkManager/system-connections/.
+ */
+export declare function migrateNmKeyfile(): Promise<boolean>;
+//# sourceMappingURL=migration-007-nm-keyfile.d.ts.map

package/dist/lib/migration-007-nm-keyfile.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"migration-007-nm-keyfile.d.ts","sourceRoot":"","sources":["../../src/lib/migration-007-nm-keyfile.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAIH,wBAAsB,gBAAgB,IAAI,OAAO,CAAC,OAAO,CAAC,CAuBzD"}

package/dist/lib/migration-007-nm-keyfile.js ADDED Viewed

@@ -0,0 +1,30 @@
+/**
+ * Migration 007: Migrate legacy ifcfg network configs to NM keyfile format.
+ *
+ * RHEL 9 / AlmaLinux 9 deprecated the ifcfg backend for NetworkManager.
+ * Connections still using ifcfg-rh files emit deprecation warnings in logs
+ * and will stop working in future RHEL releases. `nmcli connection migrate`
+ * converts them to the native keyfile format in /etc/NetworkManager/system-connections/.
+ */
+import { spawnSync } from 'node:child_process';
+export async function migrateNmKeyfile() {
+    // Check if nmcli is available
+    const check = spawnSync('command', ['-v', 'nmcli'], { shell: true, stdio: 'pipe' });
+    if (check.status !== 0) {
+        return false;
+    }
+    // Count connections still using ifcfg backend
+    const list = spawnSync('nmcli', ['-t', '-f', 'FILENAME', 'connection', 'show'], { stdio: 'pipe' });
+    const output = list.stdout?.toString() ?? '';
+    const ifcfgCount = output.split('\n').filter((line) => line.includes('ifcfg')).length;
+    if (ifcfgCount === 0) {
+        return false;
+    }
+    // Migrate all ifcfg connections to keyfile format
+    const migrate = spawnSync('sudo', ['nmcli', 'connection', 'migrate'], { stdio: 'pipe' });
+    if (migrate.status !== 0) {
+        throw new Error(`nmcli connection migrate failed: ${migrate.stderr?.toString()}`);
+    }
+    return true;
+}
+//# sourceMappingURL=migration-007-nm-keyfile.js.map

package/dist/lib/migration-007-nm-keyfile.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"migration-007-nm-keyfile.js","sourceRoot":"","sources":["../../src/lib/migration-007-nm-keyfile.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAE/C,MAAM,CAAC,KAAK,UAAU,gBAAgB;IACpC,8BAA8B;IAC9B,MAAM,KAAK,GAAG,SAAS,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IACpF,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,8CAA8C;IAC9C,MAAM,IAAI,GAAG,SAAS,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IACnG,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC7C,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC;IAEtF,IAAI,UAAU,KAAK,CAAC,EAAE,CAAC;QACrB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,kDAAkD;IAClD,MAAM,OAAO,GAAG,SAAS,CAAC,MAAM,EAAE,CAAC,OAAO,EAAE,YAAY,EAAE,SAAS,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IACzF,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,oCAAoC,OAAO,CAAC,MAAM,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;IACpF,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/lib/migration-008-systemd-restart.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * Migration 008: Add restart-on-failure policy to docker-compose-app.service.
+ *
+ * Without Restart=on-failure, a container crash or OOM kill leaves the
+ * appliance down until someone manually restarts. This migration adds:
+ *   Restart=on-failure
+ *   RestartSec=60
+ *
+ * Also ensures network-online.target dependency exists for boot on
+ * isolated LANs where DNS/DHCP may be slow.
+ */
+export declare function migrateSystemdRestart(): Promise<boolean>;
+//# sourceMappingURL=migration-008-systemd-restart.d.ts.map

package/dist/lib/migration-008-systemd-restart.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"migration-008-systemd-restart.d.ts","sourceRoot":"","sources":["../../src/lib/migration-008-systemd-restart.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAOH,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,OAAO,CAAC,CA6B9D"}

package/dist/lib/migration-008-systemd-restart.js ADDED Viewed

@@ -0,0 +1,41 @@
+/**
+ * Migration 008: Add restart-on-failure policy to docker-compose-app.service.
+ *
+ * Without Restart=on-failure, a container crash or OOM kill leaves the
+ * appliance down until someone manually restarts. This migration adds:
+ *   Restart=on-failure
+ *   RestartSec=60
+ *
+ * Also ensures network-online.target dependency exists for boot on
+ * isolated LANs where DNS/DHCP may be slow.
+ */
+import { existsSync, readFileSync } from 'node:fs';
+import { spawnSync } from 'node:child_process';
+const SERVICE_FILE = '/etc/systemd/system/docker-compose-app.service';
+export async function migrateSystemdRestart() {
+    if (!existsSync(SERVICE_FILE)) {
+        return false;
+    }
+    const content = readFileSync(SERVICE_FILE, 'utf-8');
+    let changed = false;
+    // Add Restart=on-failure if missing
+    if (!content.includes('Restart=')) {
+        if (content.includes('TimeoutStartSec=')) {
+            spawnSync('sudo', ['sed', '-i', '/^TimeoutStartSec=/a Restart=on-failure\\nRestartSec=60', SERVICE_FILE], { stdio: 'pipe' });
+        }
+        else {
+            spawnSync('sudo', ['sed', '-i', '/^\\[Install\\]/i Restart=on-failure\\nRestartSec=60', SERVICE_FILE], { stdio: 'pipe' });
+        }
+        changed = true;
+    }
+    // Add network-online.target dependency if missing
+    if (!content.includes('network-online.target')) {
+        spawnSync('sudo', ['sed', '-i', '/^After=docker.service/a Wants=network-online.target\\nAfter=network-online.target', SERVICE_FILE], { stdio: 'pipe' });
+        changed = true;
+    }
+    if (changed) {
+        spawnSync('sudo', ['systemctl', 'daemon-reload'], { stdio: 'pipe' });
+    }
+    return changed;
+}
+//# sourceMappingURL=migration-008-systemd-restart.js.map

package/dist/lib/migration-008-systemd-restart.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"migration-008-systemd-restart.js","sourceRoot":"","sources":["../../src/lib/migration-008-systemd-restart.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAE/C,MAAM,YAAY,GAAG,gDAAgD,CAAC;AAEtE,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAC9B,OAAO,KAAK,CAAC;IACf,CAAC;IAED,MAAM,OAAO,GAAG,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;IACpD,IAAI,OAAO,GAAG,KAAK,CAAC;IAEpB,oCAAoC;IACpC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,CAAC;QAClC,IAAI,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;YACzC,SAAS,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,yDAAyD,EAAE,YAAY,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QAC/H,CAAC;aAAM,CAAC;YACN,SAAS,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,sDAAsD,EAAE,YAAY,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QAC5H,CAAC;QACD,OAAO,GAAG,IAAI,CAAC;IACjB,CAAC;IAED,kDAAkD;IAClD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC,EAAE,CAAC;QAC/C,SAAS,CAAC,MAAM,EAAE,CAAC,KAAK,EAAE,IAAI,EAAE,oFAAoF,EAAE,YAAY,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;QACxJ,OAAO,GAAG,IAAI,CAAC;IACjB,CAAC;IAED,IAAI,OAAO,EAAE,CAAC;QACZ,SAAS,CAAC,MAAM,EAAE,CAAC,WAAW,EAAE,eAAe,CAAC,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC;IACvE,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}

package/dist/lib/migration-009-bind-mount-files.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+/**
+ * Migration 009: Fix Docker bind-mount directory-vs-file confusion.
+ *
+ * Docker auto-creates missing bind-mount targets as DIRECTORIES.
+ * If alertmanager.yml or tempo.yaml were created as directories
+ * (from a `docker compose up` before the files existed), the services
+ * fail to start. This migration removes the bogus directories and
+ * creates the correct config files.
+ */
+export declare function migrateBindMountFiles(): Promise<boolean>;
+//# sourceMappingURL=migration-009-bind-mount-files.d.ts.map

package/dist/lib/migration-009-bind-mount-files.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"migration-009-bind-mount-files.d.ts","sourceRoot":"","sources":["../../src/lib/migration-009-bind-mount-files.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAkFH,wBAAsB,qBAAqB,IAAI,OAAO,CAAC,OAAO,CAAC,CAI9D"}

package/dist/lib/migration-009-bind-mount-files.js ADDED Viewed

@@ -0,0 +1,86 @@
+/**
+ * Migration 009: Fix Docker bind-mount directory-vs-file confusion.
+ *
+ * Docker auto-creates missing bind-mount targets as DIRECTORIES.
+ * If alertmanager.yml or tempo.yaml were created as directories
+ * (from a `docker compose up` before the files existed), the services
+ * fail to start. This migration removes the bogus directories and
+ * creates the correct config files.
+ */
+import { existsSync, statSync, mkdirSync, writeFileSync, rmSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+const INSTALL_DIR = join(homedir(), '');
+const ALERTMANAGER_DIR = join(INSTALL_DIR, 'alertmanager');
+const ALERTMANAGER_FILE = join(ALERTMANAGER_DIR, 'alertmanager.yml');
+const ALERTMANAGER_CONTENT = `global:
+  resolve_timeout: 5m
+route:
+  receiver: 'default'
+  group_wait: 30s
+  group_interval: 5m
+  repeat_interval: 4h
+receivers:
+  - name: 'default'
+`;
+const TEMPO_DIR = join(INSTALL_DIR, 'tempo');
+const TEMPO_FILE = join(TEMPO_DIR, 'tempo.yaml');
+const TEMPO_CONTENT = `server:
+  http_listen_port: 3200
+distributor:
+  receivers:
+    otlp:
+      protocols:
+        grpc:
+          endpoint: 0.0.0.0:4317
+        http:
+          endpoint: 0.0.0.0:4318
+ingester:
+  max_block_duration: 5m
+compactor:
+  compaction:
+    block_retention: 72h    # Keep traces for 3 days
+storage:
+  trace:
+    backend: local
+    local:
+      path: /var/tempo/blocks
+    wal:
+      path: /var/tempo/wal
+metrics_generator:
+  registry:
+    external_labels:
+      source: tempo
+  storage:
+    path: /var/tempo/generator/wal
+    remote_write:
+      - url: http://prometheus:9090/api/v1/write
+        send_exemplars: true
+`;
+function fixBindMount(dir, filePath, content) {
+    let changed = false;
+    // If the file path is a directory (Docker bind-mount bug), remove it
+    if (existsSync(filePath) && statSync(filePath).isDirectory()) {
+        rmSync(filePath, { recursive: true, force: true });
+        changed = true;
+    }
+    // Ensure parent directory exists
+    mkdirSync(dir, { recursive: true });
+    // Create the file if it doesn't exist
+    if (!existsSync(filePath)) {
+        writeFileSync(filePath, content);
+        changed = true;
+    }
+    return changed;
+}
+export async function migrateBindMountFiles() {
+    const a = fixBindMount(ALERTMANAGER_DIR, ALERTMANAGER_FILE, ALERTMANAGER_CONTENT);
+    const b = fixBindMount(TEMPO_DIR, TEMPO_FILE, TEMPO_CONTENT);
+    return a || b;
+}
+//# sourceMappingURL=migration-009-bind-mount-files.js.map

package/dist/lib/migration-009-bind-mount-files.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"migration-009-bind-mount-files.js","sourceRoot":"","sources":["../../src/lib/migration-009-bind-mount-files.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjF,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC;AAExC,MAAM,gBAAgB,GAAG,IAAI,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC;AAC3D,MAAM,iBAAiB,GAAG,IAAI,CAAC,gBAAgB,EAAE,kBAAkB,CAAC,CAAC;AACrE,MAAM,oBAAoB,GAAG;;;;;;;;;CAS5B,CAAC;AAEF,MAAM,SAAS,GAAG,IAAI,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;AAC7C,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,YAAY,CAAC,CAAC;AACjD,MAAM,aAAa,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAoCrB,CAAC;AAEF,SAAS,YAAY,CAAC,GAAW,EAAE,QAAgB,EAAE,OAAe;IAClE,IAAI,OAAO,GAAG,KAAK,CAAC;IAEpB,qEAAqE;IACrE,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC;QAC7D,MAAM,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QACnD,OAAO,GAAG,IAAI,CAAC;IACjB,CAAC;IAED,iCAAiC;IACjC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAEpC,sCAAsC;IACtC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjC,OAAO,GAAG,IAAI,CAAC;IACjB,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB;IACzC,MAAM,CAAC,GAAG,YAAY,CAAC,gBAAgB,EAAE,iBAAiB,EAAE,oBAAoB,CAAC,CAAC;IAClF,MAAM,CAAC,GAAG,YAAY,CAAC,SAAS,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;IAC7D,OAAO,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC"}

package/dist/lib/migration-010-jtapi-state.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+/**
+ * Migration 010: Migrate legacy .jtapi-enabled file to .env COMPOSE_PROFILES.
+ *
+ * Older appliances used a `.jtapi-enabled` sentinel file to track whether
+ * JTAPI was enabled. The compose stack now uses COMPOSE_PROFILES=jtapi
+ * in .env to conditionally include the jtapi-sidecar and ct-media services.
+ * This migration reads the old flag, sets the appropriate .env vars, and
+ * removes the sentinel file.
+ */
+export declare function migrateJtapiState(): Promise<boolean>;
+//# sourceMappingURL=migration-010-jtapi-state.d.ts.map

package/dist/lib/migration-010-jtapi-state.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"migration-010-jtapi-state.d.ts","sourceRoot":"","sources":["../../src/lib/migration-010-jtapi-state.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AA+BH,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,OAAO,CAAC,CAsB1D"}

package/dist/lib/migration-010-jtapi-state.js ADDED Viewed

@@ -0,0 +1,61 @@
+/**
+ * Migration 010: Migrate legacy .jtapi-enabled file to .env COMPOSE_PROFILES.
+ *
+ * Older appliances used a `.jtapi-enabled` sentinel file to track whether
+ * JTAPI was enabled. The compose stack now uses COMPOSE_PROFILES=jtapi
+ * in .env to conditionally include the jtapi-sidecar and ct-media services.
+ * This migration reads the old flag, sets the appropriate .env vars, and
+ * removes the sentinel file.
+ */
+import { existsSync, readFileSync, writeFileSync, unlinkSync } from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+const INSTALL_DIR = homedir();
+const ENV_FILE = join(INSTALL_DIR, '.env');
+const JTAPI_STATE_FILE = join(INSTALL_DIR, '.jtapi-enabled');
+function envGet(key) {
+    if (!existsSync(ENV_FILE))
+        return '';
+    const content = readFileSync(ENV_FILE, 'utf-8');
+    const match = content.match(new RegExp(`^${key}=(.*)$`, 'm'));
+    return match?.[1] ?? '';
+}
+function envSet(key, value) {
+    if (!existsSync(ENV_FILE)) {
+        writeFileSync(ENV_FILE, `${key}=${value}\n`);
+        return;
+    }
+    const content = readFileSync(ENV_FILE, 'utf-8');
+    const regex = new RegExp(`^${key}=.*$`, 'm');
+    if (regex.test(content)) {
+        writeFileSync(ENV_FILE, content.replace(regex, `${key}=${value}`));
+    }
+    else {
+        writeFileSync(ENV_FILE, content.trimEnd() + `\n${key}=${value}\n`);
+    }
+}
+export async function migrateJtapiState() {
+    if (!existsSync(JTAPI_STATE_FILE)) {
+        return false;
+    }
+    // Add jtapi to COMPOSE_PROFILES if not already there
+    const profiles = envGet('COMPOSE_PROFILES');
+    if (!profiles.includes('jtapi')) {
+        envSet('COMPOSE_PROFILES', profiles ? `${profiles},jtapi` : 'jtapi');
+    }
+    // Set JTAPI env vars if not already present
+    if (!envGet('JTAPI_MODE'))
+        envSet('JTAPI_MODE', 'direct');
+    if (!envGet('JTAPI_SIDECAR_ENDPOINT'))
+        envSet('JTAPI_SIDECAR_ENDPOINT', 'jtapi-sidecar:50051');
+    if (!envGet('JTAPI_SIDECAR_URL'))
+        envSet('JTAPI_SIDECAR_URL', 'http://jtapi-sidecar:8080');
+    if (!envGet('S3_ENABLED'))
+        envSet('S3_ENABLED', 'true');
+    if (!envGet('CT_MEDIA_ENDPOINT'))
+        envSet('CT_MEDIA_ENDPOINT', 'ct-media:50053');
+    // Remove the legacy sentinel file
+    unlinkSync(JTAPI_STATE_FILE);
+    return true;
+}
+//# sourceMappingURL=migration-010-jtapi-state.js.map

package/dist/lib/migration-010-jtapi-state.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"migration-010-jtapi-state.js","sourceRoot":"","sources":["../../src/lib/migration-010-jtapi-state.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AAC9E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAElC,MAAM,WAAW,GAAG,OAAO,EAAE,CAAC;AAC9B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;AAC3C,MAAM,gBAAgB,GAAG,IAAI,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;AAE7D,SAAS,MAAM,CAAC,GAAW;IACzB,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;QAAE,OAAO,EAAE,CAAC;IACrC,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAChD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,IAAI,GAAG,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC;IAC9D,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;AAC1B,CAAC;AAED,SAAS,MAAM,CAAC,GAAW,EAAE,KAAa;IACxC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC1B,aAAa,CAAC,QAAQ,EAAE,GAAG,GAAG,IAAI,KAAK,IAAI,CAAC,CAAC;QAC7C,OAAO;IACT,CAAC;IACD,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IAChD,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,GAAG,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7C,IAAI,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,GAAG,IAAI,KAAK,EAAE,CAAC,CAAC,CAAC;IACrE,CAAC;SAAM,CAAC;QACN,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,OAAO,EAAE,GAAG,KAAK,GAAG,IAAI,KAAK,IAAI,CAAC,CAAC;IACrE,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,iBAAiB;IACrC,IAAI,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;QAClC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,qDAAqD;IACrD,MAAM,QAAQ,GAAG,MAAM,CAAC,kBAAkB,CAAC,CAAC;IAC5C,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAChC,MAAM,CAAC,kBAAkB,EAAE,QAAQ,CAAC,CAAC,CAAC,GAAG,QAAQ,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;IACvE,CAAC;IAED,4CAA4C;IAC5C,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;QAAE,MAAM,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC;IAC1D,IAAI,CAAC,MAAM,CAAC,wBAAwB,CAAC;QAAE,MAAM,CAAC,wBAAwB,EAAE,qBAAqB,CAAC,CAAC;IAC/F,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC;QAAE,MAAM,CAAC,mBAAmB,EAAE,2BAA2B,CAAC,CAAC;IAC3F,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;QAAE,MAAM,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;IACxD,IAAI,CAAC,MAAM,CAAC,mBAAmB,CAAC;QAAE,MAAM,CAAC,mBAAmB,EAAE,gBAAgB,CAAC,CAAC;IAEhF,kCAAkC;IAClC,UAAU,CAAC,gBAAgB,CAAC,CAAC;IAE7B,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/lib/migration-011-docker-memory-limit.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/**
+ * Migration 011: Cap Docker daemon memory at 90% of system RAM.
+ *
+ * On a single-purpose Docker Compose appliance, containers can consume
+ * all available RAM, starving the OS (kernel, systemd, sshd, NM) and
+ * triggering the OOM killer. This migration creates a systemd drop-in
+ * that limits the Docker daemon + all containers to 90% of total RAM,
+ * guaranteeing 10% for the OS.
+ *
+ * Also updates existing 80% limit to 90% (previous default was too conservative).
+ */
+export declare function migrateDockerMemoryLimit(): Promise<boolean>;
+//# sourceMappingURL=migration-011-docker-memory-limit.d.ts.map

package/dist/lib/migration-011-docker-memory-limit.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"migration-011-docker-memory-limit.d.ts","sourceRoot":"","sources":["../../src/lib/migration-011-docker-memory-limit.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAQH,wBAAsB,wBAAwB,IAAI,OAAO,CAAC,OAAO,CAAC,CA8BjE"}