npm - @simplehomelab/deployrr - Versions diffs - 6.0.23 → 6.0.25 - Mend

@simplehomelab/deployrr 6.0.23 → 6.0.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/apps/official/ddns-updater/files/pre-install.sh CHANGED Viewed

@@ -13,6 +13,6 @@ sudo cp "$APP_DIR/files/config.json" "$DOCKER_FOLDER/appdata/ddns-updater/config
 CF_ZONE_ID=$(sudo cat "$DOCKER_FOLDER/secrets/cf_zone_identifier")
 CF_API_TOKEN=$(sudo cat "$DOCKER_FOLDER/secrets/cf_dns_api_token")
-sudo sed -i "s|CLOUDFLARE-ZONE-IDENTIFIER-PLACEHOLDER|${CF_ZONE_ID}|g" "$DOCKER_FOLDER/appdata/ddns-updater/config.json"
-sudo sed -i "s|CLOUDFLARE-DOMAIN-PLACEHOLDER|${DOMAINNAME_1}|g" "$DOCKER_FOLDER/appdata/ddns-updater/config.json"
-sudo sed -i "s|CLOUDFLARE-API-TOKEN-PLACEHOLDER|${CF_API_TOKEN}|g" "$DOCKER_FOLDER/appdata/ddns-updater/config.json"
+f_safe_sed "s|CLOUDFLARE-ZONE-IDENTIFIER-PLACEHOLDER|${CF_ZONE_ID}|g" "$DOCKER_FOLDER/appdata/ddns-updater/config.json"
+f_safe_sed "s|CLOUDFLARE-DOMAIN-PLACEHOLDER|${DOMAINNAME_1}|g" "$DOCKER_FOLDER/appdata/ddns-updater/config.json"
+f_safe_sed "s|CLOUDFLARE-API-TOKEN-PLACEHOLDER|${CF_API_TOKEN}|g" "$DOCKER_FOLDER/appdata/ddns-updater/config.json"

package/apps/official/langfuse/files/pre-install.sh CHANGED Viewed

@@ -32,53 +32,53 @@ f_print_substep "Injecting secrets into Langfuse compose files..."
 # --- Inject into main compose (langfuse-web) ---
 local web_compose="$COMPOSE_DIR/langfuse.yml"
 if [[ -f "$web_compose" ]]; then
-    sudo sed -i "s|POSTGRESQL-PASSWORD-PLACEHOLDER|$POSTGRESQL_PASSWORD|g" "$web_compose"
-    sudo sed -i "s|REDIS-PASSWORD-PLACEHOLDER|$REDIS_PASSWORD|g" "$web_compose"
-    sudo sed -i "s|CLICKHOUSE-PASSWORD-PLACEHOLDER|$CLICKHOUSE_PASSWORD|g" "$web_compose"
-    sudo sed -i "s|MINIO-PASSWORD-PLACEHOLDER|$MINIO_PASSWORD|g" "$web_compose"
-    sudo sed -i "s|NEXTAUTH-SECRET-PLACEHOLDER|$NEXTAUTH_SECRET|g" "$web_compose"
-    sudo sed -i "s|SALT-PLACEHOLDER|$SALT|g" "$web_compose"
-    sudo sed -i "s|ENCRYPTION-KEY-PLACEHOLDER|$ENCRYPTION_KEY|g" "$web_compose"
+    f_safe_sed "s|POSTGRESQL-PASSWORD-PLACEHOLDER|$POSTGRESQL_PASSWORD|g" "$web_compose"
+    f_safe_sed "s|REDIS-PASSWORD-PLACEHOLDER|$REDIS_PASSWORD|g" "$web_compose"
+    f_safe_sed "s|CLICKHOUSE-PASSWORD-PLACEHOLDER|$CLICKHOUSE_PASSWORD|g" "$web_compose"
+    f_safe_sed "s|MINIO-PASSWORD-PLACEHOLDER|$MINIO_PASSWORD|g" "$web_compose"
+    f_safe_sed "s|NEXTAUTH-SECRET-PLACEHOLDER|$NEXTAUTH_SECRET|g" "$web_compose"
+    f_safe_sed "s|SALT-PLACEHOLDER|$SALT|g" "$web_compose"
+    f_safe_sed "s|ENCRYPTION-KEY-PLACEHOLDER|$ENCRYPTION_KEY|g" "$web_compose"
     log_info "langfuse" "Injected secrets into langfuse.yml"
 fi
 # --- Inject into worker compose ---
 local worker_compose="$COMPOSE_DIR/langfuse-worker.yml"
 if [[ -f "$worker_compose" ]]; then
-    sudo sed -i "s|POSTGRESQL-PASSWORD-PLACEHOLDER|$POSTGRESQL_PASSWORD|g" "$worker_compose"
-    sudo sed -i "s|REDIS-PASSWORD-PLACEHOLDER|$REDIS_PASSWORD|g" "$worker_compose"
-    sudo sed -i "s|CLICKHOUSE-PASSWORD-PLACEHOLDER|$CLICKHOUSE_PASSWORD|g" "$worker_compose"
-    sudo sed -i "s|MINIO-PASSWORD-PLACEHOLDER|$MINIO_PASSWORD|g" "$worker_compose"
-    sudo sed -i "s|SALT-PLACEHOLDER|$SALT|g" "$worker_compose"
-    sudo sed -i "s|ENCRYPTION-KEY-PLACEHOLDER|$ENCRYPTION_KEY|g" "$worker_compose"
+    f_safe_sed "s|POSTGRESQL-PASSWORD-PLACEHOLDER|$POSTGRESQL_PASSWORD|g" "$worker_compose"
+    f_safe_sed "s|REDIS-PASSWORD-PLACEHOLDER|$REDIS_PASSWORD|g" "$worker_compose"
+    f_safe_sed "s|CLICKHOUSE-PASSWORD-PLACEHOLDER|$CLICKHOUSE_PASSWORD|g" "$worker_compose"
+    f_safe_sed "s|MINIO-PASSWORD-PLACEHOLDER|$MINIO_PASSWORD|g" "$worker_compose"
+    f_safe_sed "s|SALT-PLACEHOLDER|$SALT|g" "$worker_compose"
+    f_safe_sed "s|ENCRYPTION-KEY-PLACEHOLDER|$ENCRYPTION_KEY|g" "$worker_compose"
     log_info "langfuse" "Injected secrets into langfuse-worker.yml"
 fi
 # --- Inject into PostgreSQL compose ---
 local pg_compose="$COMPOSE_DIR/langfuse-postgresql.yml"
 if [[ -f "$pg_compose" ]]; then
-    sudo sed -i "s|POSTGRESQL-PASSWORD-PLACEHOLDER|$POSTGRESQL_PASSWORD|g" "$pg_compose"
+    f_safe_sed "s|POSTGRESQL-PASSWORD-PLACEHOLDER|$POSTGRESQL_PASSWORD|g" "$pg_compose"
     log_info "langfuse" "Injected secrets into langfuse-postgresql.yml"
 fi
 # --- Inject into Redis compose ---
 local redis_compose="$COMPOSE_DIR/langfuse-redis.yml"
 if [[ -f "$redis_compose" ]]; then
-    sudo sed -i "s|REDIS-PASSWORD-PLACEHOLDER|$REDIS_PASSWORD|g" "$redis_compose"
+    f_safe_sed "s|REDIS-PASSWORD-PLACEHOLDER|$REDIS_PASSWORD|g" "$redis_compose"
     log_info "langfuse" "Injected secrets into langfuse-redis.yml"
 fi
 # --- Inject into ClickHouse compose ---
 local ch_compose="$COMPOSE_DIR/langfuse-clickhouse.yml"
 if [[ -f "$ch_compose" ]]; then
-    sudo sed -i "s|CLICKHOUSE-PASSWORD-PLACEHOLDER|$CLICKHOUSE_PASSWORD|g" "$ch_compose"
+    f_safe_sed "s|CLICKHOUSE-PASSWORD-PLACEHOLDER|$CLICKHOUSE_PASSWORD|g" "$ch_compose"
     log_info "langfuse" "Injected secrets into langfuse-clickhouse.yml"
 fi
 # --- Inject into MinIO compose ---
 local minio_compose="$COMPOSE_DIR/langfuse-minio.yml"
 if [[ -f "$minio_compose" ]]; then
-    sudo sed -i "s|MINIO-PASSWORD-PLACEHOLDER|$MINIO_PASSWORD|g" "$minio_compose"
+    f_safe_sed "s|MINIO-PASSWORD-PLACEHOLDER|$MINIO_PASSWORD|g" "$minio_compose"
     log_info "langfuse" "Injected secrets into langfuse-minio.yml"
 fi
@@ -158,20 +158,20 @@ if [[ "$headless_choice" == "1" ]]; then
     # --- Inject headless init values ---
     f_print_substep "Configuring headless initialization..."
-    sudo sed -i "s|HEADLESS-ORG-PLACEHOLDER|$org_id|g" "$web_compose"
-    sudo sed -i "s|HEADLESS-ORGNAME-PLACEHOLDER|$org_name|g" "$web_compose"
-    sudo sed -i "s|HEADLESS-PROJECT-PLACEHOLDER|$project_id|g" "$web_compose"
-    sudo sed -i "s|HEADLESS-PROJECTNAME-PLACEHOLDER|$project_name|g" "$web_compose"
-    sudo sed -i "s|HEADLESS-EMAIL-PLACEHOLDER|$user_email|g" "$web_compose"
-    sudo sed -i "s|HEADLESS-USERNAME-PLACEHOLDER|$basic_user|g" "$web_compose"
-    sudo sed -i "s|HEADLESS-PASSWORD-PLACEHOLDER|$basic_pass|g" "$web_compose"
+    f_safe_sed "s|HEADLESS-ORG-PLACEHOLDER|$org_id|g" "$web_compose"
+    f_safe_sed "s|HEADLESS-ORGNAME-PLACEHOLDER|$org_name|g" "$web_compose"
+    f_safe_sed "s|HEADLESS-PROJECT-PLACEHOLDER|$project_id|g" "$web_compose"
+    f_safe_sed "s|HEADLESS-PROJECTNAME-PLACEHOLDER|$project_name|g" "$web_compose"
+    f_safe_sed "s|HEADLESS-EMAIL-PLACEHOLDER|$user_email|g" "$web_compose"
+    f_safe_sed "s|HEADLESS-USERNAME-PLACEHOLDER|$basic_user|g" "$web_compose"
+    f_safe_sed "s|HEADLESS-PASSWORD-PLACEHOLDER|$basic_pass|g" "$web_compose"
     f_print_success "Admin account will be created on first startup"
     log_info "langfuse" "Headless init configured: user=$basic_user email=$user_email"
 else
     # --- Remove headless init placeholders ---
     if [[ -f "$web_compose" ]]; then
-        sudo sed -i "/HEADLESS-.*-PLACEHOLDER/d" "$web_compose"
+        f_safe_sed "/HEADLESS-.*-PLACEHOLDER/d" "$web_compose"
         log_info "langfuse" "Headless init skipped - placeholders removed"
     fi
     f_print_substep "Manual account setup selected - create your account via the web UI"

package/apps/official/n8n/files/pre-install.sh CHANGED Viewed

@@ -19,7 +19,7 @@ fi
 local n8n_compose="$COMPOSE_DIR/n8n.yml"
 if [[ -f "$n8n_compose" ]]; then
     f_print_substep "Injecting database password into n8n compose..."
-    sudo sed -i "s|N8N-POSTGRESQL-PASSWORD-PLACEHOLDER|$POSTGRESQL_PASSWORD|g" "$n8n_compose"
+    f_safe_sed "s|N8N-POSTGRESQL-PASSWORD-PLACEHOLDER|$POSTGRESQL_PASSWORD|g" "$n8n_compose"
     log_info "n8n" "Injected PostgreSQL password into n8n.yml"
 fi

package/apps/official/pdfding/files/post-install.sh CHANGED Viewed

@@ -26,7 +26,7 @@ if [[ -n "$TRAEFIK_RUNNING" && -f "$TRAEFIK_PRODUCTION_STATUS" && -f "$FILE_PROV
     f_print_substep "Adding hostname: $PDFDING_HOSTNAME"
     if [[ -f "$APP_COMPOSE_FILE" ]]; then
-        sudo sed -i "s|PDFDING_HOSTNAME_PLACEHOLDER|$PDFDING_HOSTNAME|g" "$APP_COMPOSE_FILE"
+        f_safe_sed "s|PDFDING_HOSTNAME_PLACEHOLDER|$PDFDING_HOSTNAME|g" "$APP_COMPOSE_FILE"
         f_print_substep "Updated HOST_NAME in: $APP_COMPOSE_FILE"
         f_print_substep "HOST_NAME set to: \$SERVER_LAN_IP,$PDFDING_HOSTNAME"
     else
@@ -38,7 +38,7 @@ else
     f_print_substep "Using SERVER_LAN_IP only for HOST_NAME"
     if [[ -f "$APP_COMPOSE_FILE" ]]; then
-        sudo sed -i "s|,PDFDING_HOSTNAME_PLACEHOLDER||g" "$APP_COMPOSE_FILE"
+        f_safe_sed "s|,PDFDING_HOSTNAME_PLACEHOLDER||g" "$APP_COMPOSE_FILE"
         f_print_substep "Updated HOST_NAME in: $APP_COMPOSE_FILE"
     else
         f_print_warning "Compose file not found: $APP_COMPOSE_FILE"

package/apps/official/plex/files/pre-install.sh CHANGED Viewed

@@ -12,11 +12,11 @@ if [[ -z "$PLEX_CLAIM" ]]; then
     f_print_substep "No Plex claim token provided, skipping claim configuration"
     # Comment out PLEX_CLAIM_FILE environment variable
-    sed -i 's|      PLEX_CLAIM_FILE: /run/secrets/plex_claim|      # PLEX_CLAIM_FILE: /run/secrets/plex_claim|' "$APP_COMPOSE_FILE"
+    f_safe_sed 's|      PLEX_CLAIM_FILE: /run/secrets/plex_claim|      # PLEX_CLAIM_FILE: /run/secrets/plex_claim|' "$APP_COMPOSE_FILE"
     # Comment out secrets section
-    sed -i 's|    secrets:|    # secrets:|' "$APP_COMPOSE_FILE"
-    sed -i 's|      - plex_claim|      # - plex_claim|' "$APP_COMPOSE_FILE"
+    f_safe_sed 's|    secrets:|    # secrets:|' "$APP_COMPOSE_FILE"
+    f_safe_sed 's|      - plex_claim|      # - plex_claim|' "$APP_COMPOSE_FILE"
     f_print_substep "Secrets section commented out in: $APP_COMPOSE_FILE"
 else

package/apps/official/qbittorrent-vpn/files/post-install.sh CHANGED Viewed

@@ -22,17 +22,17 @@ else
     # Uncomment the ports section if commented
     if grep -q "^\s*#\s*ports:" "$GLUETUN_COMPOSE" 2>/dev/null; then
         f_print_substep "Enabling ports section in Gluetun"
-        sudo sed -i 's/^\(\s*\)#\s*ports:/\1ports:/' "$GLUETUN_COMPOSE"
+        f_safe_sed 's/^\(\s*\)#\s*ports:/\1ports:/' "$GLUETUN_COMPOSE"
     fi
     # Uncomment the qbittorrent-vpn port if it exists commented
     if grep -q "^\s*#.*\$QBITTORRENTVPN_PORT:8080" "$GLUETUN_COMPOSE" 2>/dev/null; then
         f_print_substep "Enabling qBittorrent VPN port mapping"
-        sudo sed -i 's/^\(\s*\)#\s*-\s*\$QBITTORRENTVPN_PORT:8080/\1- \$QBITTORRENTVPN_PORT:8080/' "$GLUETUN_COMPOSE"
+        f_safe_sed 's/^\(\s*\)#\s*-\s*\$QBITTORRENTVPN_PORT:8080/\1- \$QBITTORRENTVPN_PORT:8080/' "$GLUETUN_COMPOSE"
     elif ! grep -q "QBITTORRENTVPN_PORT:8080" "$GLUETUN_COMPOSE" 2>/dev/null; then
         # Port mapping doesn't exist, add it after the ports: line
         f_print_substep "Adding qBittorrent VPN port mapping to Gluetun"
-        sudo sed -i '/^\s*ports:/a\      - $QBITTORRENTVPN_PORT:8080 # qBittorrent VPN' "$GLUETUN_COMPOSE"
+        f_safe_sed '/^\s*ports:/a\      - $QBITTORRENTVPN_PORT:8080 # qBittorrent VPN' "$GLUETUN_COMPOSE"
     fi
 fi
 echo

package/apps/official/sabnzbd/files/post-install.sh CHANGED Viewed

@@ -23,7 +23,7 @@ if [[ -n "$SABNZBD_CONTAINER_ID" && -f "$INI_FILE" ]]; then
     f_print_substep "Adding to whitelist: ${FILE_PROVIDER_APP_SUBDOMAIN}.${DOMAINNAME_1}"
     f_print_substep "Editing: $INI_FILE"
     # Add domain and app name to the whitelist (host_whitelist line)
-    sudo sed -i "s/${SABNZBD_CONTAINER_ID},/${SABNZBD_CONTAINER_ID},${FILE_PROVIDER_APP_SUBDOMAIN}.${DOMAINNAME_1},${APP_SNAME}/g" "$INI_FILE"
+    f_safe_sed "s/${SABNZBD_CONTAINER_ID},/${SABNZBD_CONTAINER_ID},${FILE_PROVIDER_APP_SUBDOMAIN}.${DOMAINNAME_1},${APP_SNAME}/g" "$INI_FILE"
 else
     f_print_substep "Container ID or config file not found, skipping whitelist update"
 fi

package/apps/official/searxng/files/pre-install.sh CHANGED Viewed

@@ -19,7 +19,7 @@ sudo mkdir -p "$DOCKER_FOLDER/appdata/searxng/cache"
 # Copy preconfigured settings.yml and substitute secret key placeholder
 f_print_substep "Deploying $APP_PNAME configuration files..."
 sudo cp "$APP_DIR/files/settings.yml" "$DOCKER_FOLDER/appdata/searxng/settings/settings.yml"
-sudo sed -i "s|SEARXNG-SECRET-KEY-PLACEHOLDER|$SEARXNG_SECRET_VALUE|g" "$DOCKER_FOLDER/appdata/searxng/settings/settings.yml"
+f_safe_sed "s|SEARXNG-SECRET-KEY-PLACEHOLDER|$SEARXNG_SECRET_VALUE|g" "$DOCKER_FOLDER/appdata/searxng/settings/settings.yml"
 # Copy limiter.toml for bot detection
 sudo cp "$APP_DIR/files/limiter.toml" "$DOCKER_FOLDER/appdata/searxng/settings/limiter.toml"

package/apps/official/supabase/files/pre-install.sh CHANGED Viewed

@@ -163,38 +163,38 @@ for composeFile in "${COMPOSE_FILES[@]}"; do
     [[ ! -f "$filePath" ]] && continue
     # Postgres password
-    sudo sed -i "s|POSTGRES-PASSWORD-PLACEHOLDER|${POSTGRES_PASSWORD}|g" "$filePath"
+    f_safe_sed "s|POSTGRES-PASSWORD-PLACEHOLDER|${POSTGRES_PASSWORD}|g" "$filePath"
     # JWT secret
-    sudo sed -i "s|JWT-SECRET-PLACEHOLDER|${JWT_SECRET}|g" "$filePath"
+    f_safe_sed "s|JWT-SECRET-PLACEHOLDER|${JWT_SECRET}|g" "$filePath"
     # JWT tokens (ANON + SERVICE_ROLE)
-    sudo sed -i "s|ANON-KEY-PLACEHOLDER|${ANON_KEY}|g" "$filePath"
-    sudo sed -i "s|SERVICE-ROLE-KEY-PLACEHOLDER|${SERVICE_ROLE_KEY}|g" "$filePath"
+    f_safe_sed "s|ANON-KEY-PLACEHOLDER|${ANON_KEY}|g" "$filePath"
+    f_safe_sed "s|SERVICE-ROLE-KEY-PLACEHOLDER|${SERVICE_ROLE_KEY}|g" "$filePath"
     # Dashboard credentials
-    sudo sed -i "s|DASHBOARD-USERNAME-PLACEHOLDER|${DASHBOARD_USERNAME}|g" "$filePath"
-    sudo sed -i "s|DASHBOARD-PASSWORD-PLACEHOLDER|${DASHBOARD_PASSWORD}|g" "$filePath"
+    f_safe_sed "s|DASHBOARD-USERNAME-PLACEHOLDER|${DASHBOARD_USERNAME}|g" "$filePath"
+    f_safe_sed "s|DASHBOARD-PASSWORD-PLACEHOLDER|${DASHBOARD_PASSWORD}|g" "$filePath"
     # Secret key base (Realtime + Supavisor)
-    sudo sed -i "s|SECRET-KEY-BASE-PLACEHOLDER|${SECRET_KEY_BASE}|g" "$filePath"
+    f_safe_sed "s|SECRET-KEY-BASE-PLACEHOLDER|${SECRET_KEY_BASE}|g" "$filePath"
     # Vault encryption key (Supavisor)
-    sudo sed -i "s|VAULT-ENC-KEY-PLACEHOLDER|${VAULT_ENC_KEY}|g" "$filePath"
+    f_safe_sed "s|VAULT-ENC-KEY-PLACEHOLDER|${VAULT_ENC_KEY}|g" "$filePath"
     # PG Meta crypto key
-    sudo sed -i "s|PG-META-CRYPTO-KEY-PLACEHOLDER|${PG_META_CRYPTO_KEY}|g" "$filePath"
+    f_safe_sed "s|PG-META-CRYPTO-KEY-PLACEHOLDER|${PG_META_CRYPTO_KEY}|g" "$filePath"
     # Logflare tokens
-    sudo sed -i "s|LOGFLARE-PUBLIC-TOKEN-PLACEHOLDER|${LOGFLARE_PUBLIC_TOKEN}|g" "$filePath"
-    sudo sed -i "s|LOGFLARE-PRIVATE-TOKEN-PLACEHOLDER|${LOGFLARE_PRIVATE_TOKEN}|g" "$filePath"
+    f_safe_sed "s|LOGFLARE-PUBLIC-TOKEN-PLACEHOLDER|${LOGFLARE_PUBLIC_TOKEN}|g" "$filePath"
+    f_safe_sed "s|LOGFLARE-PRIVATE-TOKEN-PLACEHOLDER|${LOGFLARE_PRIVATE_TOKEN}|g" "$filePath"
     # Storage S3 credentials
-    sudo sed -i "s|S3-ACCESS-KEY-ID-PLACEHOLDER|${S3_ACCESS_KEY_ID}|g" "$filePath"
-    sudo sed -i "s|S3-ACCESS-KEY-SECRET-PLACEHOLDER|${S3_ACCESS_KEY_SECRET}|g" "$filePath"
+    f_safe_sed "s|S3-ACCESS-KEY-ID-PLACEHOLDER|${S3_ACCESS_KEY_ID}|g" "$filePath"
+    f_safe_sed "s|S3-ACCESS-KEY-SECRET-PLACEHOLDER|${S3_ACCESS_KEY_SECRET}|g" "$filePath"
     # Pooler tenant ID
-    sudo sed -i "s|POOLER-TENANT-ID-PLACEHOLDER|${POOLER_TENANT_ID}|g" "$filePath"
+    f_safe_sed "s|POOLER-TENANT-ID-PLACEHOLDER|${POOLER_TENANT_ID}|g" "$filePath"
 done
 f_print_success "Supabase secrets configured"

package/apps/official/vaultwarden/files/pre-install.sh CHANGED Viewed

@@ -15,13 +15,13 @@ f_print_substep "Admin token created"
 # Uncomment ADMIN_TOKEN line in compose
 f_print_substep "Updating compose file: $APP_COMPOSE_FILE"
-sed -i 's|# - ADMIN_TOKEN=|- ADMIN_TOKEN=|' "$APP_COMPOSE_FILE"
+f_safe_sed 's|# - ADMIN_TOKEN=|- ADMIN_TOKEN=|' "$APP_COMPOSE_FILE"
 sleep 1
 # Replace placeholder with hashed token
-sed -i "s|ADMIN-TOKEN-PLACEHOLDER|$VAULTWARDEN_ADMIN_TOKEN|" "$APP_COMPOSE_FILE"
+f_safe_sed "s|ADMIN-TOKEN-PLACEHOLDER|$VAULTWARDEN_ADMIN_TOKEN|" "$APP_COMPOSE_FILE"
 sleep 1
 # Escape $ signs for Docker Compose (argon2 hash contains $ characters)
-sed -i '/.*ADMIN_TOKEN.*/s/\$/\$\$/g' "$APP_COMPOSE_FILE"
+f_safe_sed '/.*ADMIN_TOKEN.*/s/\$/\$\$/g' "$APP_COMPOSE_FILE"
 f_print_substep "Admin token added to compose file"

package/apps/official/wg-easy/files/post-install.sh CHANGED Viewed

@@ -18,11 +18,11 @@ echo
 f_print_step "3/3" "Updating compose file with password hash..."
 # Replace placeholder with hashed password
-sudo sed -i "s|WG-EASY-PASSWORD-HASH-PLACEHOLDER|$WGEASY_PASSWORD_HASH|g" "$APP_COMPOSE_FILE"
+f_safe_sed "s|WG-EASY-PASSWORD-HASH-PLACEHOLDER|$WGEASY_PASSWORD_HASH|g" "$APP_COMPOSE_FILE"
 # Escape $ signs for Docker Compose (bcrypt hashes contain $ characters)
 if ! grep -q 'PASSWORD_HASH=\$\$' "$APP_COMPOSE_FILE"; then
     f_print_substep "Escaping special characters in password hash"
-    sudo sed -i '/.*PASSWORD_HASH.*/s/\$/\$\$/g' "$APP_COMPOSE_FILE"
+    f_safe_sed '/.*PASSWORD_HASH.*/s/\$/\$\$/g' "$APP_COMPOSE_FILE"
 fi
 echo

package/apps/unofficial/9router/files/pre-install.sh CHANGED Viewed

@@ -54,7 +54,7 @@ f_print_substep "Configuring 9Router secrets..."
 JWT_SECRET=$(sudo cat "$DOCKER_FOLDER/secrets/ninerouter_jwt_secret" 2>/dev/null)
 if [[ -n "$JWT_SECRET" ]]; then
-	sudo sed -i "s|JWT-SECRET-PLACEHOLDER|$JWT_SECRET|" "$APP_COMPOSE_FILE"
+	f_safe_sed "s|JWT-SECRET-PLACEHOLDER|$JWT_SECRET|" "$APP_COMPOSE_FILE"
 	f_print_substep "JWT secret injected into compose file"
 else
 	f_print_error "JWT secret not found in secrets"
@@ -63,7 +63,7 @@ fi
 INITIAL_PASSWORD=$(sudo cat "$DOCKER_FOLDER/secrets/ninerouter_password" 2>/dev/null)
 if [[ -n "$INITIAL_PASSWORD" ]]; then
-	sudo sed -i "s|INITIAL-PASSWORD-PLACEHOLDER|$INITIAL_PASSWORD|" "$APP_COMPOSE_FILE"
+	f_safe_sed "s|INITIAL-PASSWORD-PLACEHOLDER|$INITIAL_PASSWORD|" "$APP_COMPOSE_FILE"
 	export INITIAL_PASSWORD  # Export so envsubst can substitute in post-install messages
 	f_print_substep "Initial password injected into compose file"
 else
@@ -74,8 +74,8 @@ fi
 # Generate unique API key secret and machine ID salt
 API_KEY_SECRET=$(openssl rand -hex 16 2>/dev/null || head -c 32 /dev/urandom | xxd -p | head -c 32)
 MACHINE_ID_SALT=$(openssl rand -hex 16 2>/dev/null || head -c 32 /dev/urandom | xxd -p | head -c 32)
-sudo sed -i "s|API-KEY-SECRET-PLACEHOLDER|$API_KEY_SECRET|" "$APP_COMPOSE_FILE"
-sudo sed -i "s|MACHINE-ID-SALT-PLACEHOLDER|$MACHINE_ID_SALT|" "$APP_COMPOSE_FILE"
+f_safe_sed "s|API-KEY-SECRET-PLACEHOLDER|$API_KEY_SECRET|" "$APP_COMPOSE_FILE"
+f_safe_sed "s|MACHINE-ID-SALT-PLACEHOLDER|$MACHINE_ID_SALT|" "$APP_COMPOSE_FILE"
 f_print_substep "API key secret and machine ID salt generated"
 # Step 5: Set ownership of ALL volume-mounted directories

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@simplehomelab/deployrr",
-  "version": "6.0.23",
+  "version": "6.0.25",
   "description": "Deployrr - Docker homelab deployment manager",
   "bin": {
     "deployrr": "./bin/deployrr-init.sh"