From b8a0f4991f4438c5c521ec13e1243808c71e7193 Mon Sep 17 00:00:00 2001 From: hazzuk Date: Wed, 17 Jun 2026 03:51:44 +0100 Subject: [PATCH 1/4] refactor(preseed): split up key command Meaning there is less room for user error when entering the SSH key. --- debian/server/d-i/trixie/preseed.cfg | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/server/d-i/trixie/preseed.cfg b/debian/server/d-i/trixie/preseed.cfg index f52a515..a4432d0 100644 --- a/debian/server/d-i/trixie/preseed.cfg +++ b/debian/server/d-i/trixie/preseed.cfg @@ -108,6 +108,7 @@ d-i preseed/late_command string in-target /bin/bash -c "\ /home/karo/.local \ /home/karo/.local/bin \ /srv/karo && \ - echo '' > /tmp/karo_key && \ + echo '' \ + > /tmp/karo_key && \ install -m 0600 -o karo -g karo /tmp/karo_key /home/karo/.ssh/authorized_keys && \ chage -d 0 karo" From 81e109e8f0ec9960b9ba354da27ee97d3e567e08 Mon Sep 17 00:00:00 2001 From: hazzuk Date: Wed, 17 Jun 2026 03:53:23 +0100 Subject: [PATCH 2/4] docs(readme): use static shields.io badge for license --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0baa7c2..2c525bf 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ **An open-source toolkit for creating a declarative Linux homeserver** [![GitHub Release](https://img.shields.io/github/v/release/hazzuk/karo-stack?display_name=tag&cacheSeconds=7200)](https://github.com/hazzuk/karo-stack/releases) -[![License](https://img.shields.io/github/license/hazzuk/karo-stack.svg?cacheSeconds=604800)](https://github.com/hazzuk/karo-stack/blob/main/LICENSE) +[![License](https://img.shields.io/badge/license-AGPL--3.0-orange)](https://github.com/hazzuk/karo-stack/blob/main/LICENSE) [![GitHub repo size](https://img.shields.io/github/repo-size/hazzuk/karo-stack?cacheSeconds=604800)](https://github.com/hazzuk/karo-stack) [![Developed by Humans, Not by AI](not-by-ai.png)](https://notbyai.fyi/) From dffb3720bd51d5a52ffccd0dff00bbc2403597f8 Mon Sep 17 00:00:00 2001 From: hazzuk Date: Wed, 17 Jun 2026 04:05:52 +0100 Subject: [PATCH 3/4] chore: remove jellyfin discovery port --- roles/karo-compose/templates/extra/jellyfin/compose.yml.j2 | 2 -- roles/karo-nftables/templates/nftables.conf.j2 | 5 ----- 2 files changed, 7 deletions(-) diff --git a/roles/karo-compose/templates/extra/jellyfin/compose.yml.j2 b/roles/karo-compose/templates/extra/jellyfin/compose.yml.j2 index 31dd697..357a0b5 100644 --- a/roles/karo-compose/templates/extra/jellyfin/compose.yml.j2 +++ b/roles/karo-compose/templates/extra/jellyfin/compose.yml.j2 @@ -12,8 +12,6 @@ services: image: {{ karo_compose_jellyfin_image }}:{{ karo_compose_jellyfin_version }} container_name: jellyfin restart: {{ karo_compose_restart_policy }} - ports: - - "0.0.0.0:7359:7359/udp" # client discovery networks: - egress_jellyfin - frontend diff --git a/roles/karo-nftables/templates/nftables.conf.j2 b/roles/karo-nftables/templates/nftables.conf.j2 index 5865b3d..91af916 100644 --- a/roles/karo-nftables/templates/nftables.conf.j2 +++ b/roles/karo-nftables/templates/nftables.conf.j2 @@ -37,11 +37,6 @@ table inet filter { udp dport 443 accept {% endif %} -{% if karo_compose_jellyfin_enabled | default(false) %} - - # allow jellyfin discovery port - udp dport 7359 accept -{% endif %} {% if karo_compose_proxy_client_enabled | default(false) %} # allow wireguard proxyserver traffic From 9f6d6a1903481fd67af98a78a465a386382086a8 Mon Sep 17 00:00:00 2001 From: hazzuk Date: Wed, 17 Jun 2026 05:21:44 +0100 Subject: [PATCH 4/4] feat(compose): new volume for traefik acme staging Otherwise Traefik can avoid needing to get a live cert when switching from staging. --- roles/karo-compose/templates/core/traefik/compose.yml.j2 | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/roles/karo-compose/templates/core/traefik/compose.yml.j2 b/roles/karo-compose/templates/core/traefik/compose.yml.j2 index beaca74..f6e4492 100644 --- a/roles/karo-compose/templates/core/traefik/compose.yml.j2 +++ b/roles/karo-compose/templates/core/traefik/compose.yml.j2 @@ -4,6 +4,7 @@ # https://docs.karolabs.dev/stacks/core/traefik +{% set traefik_acme_volume = "traefik_acme_staging" if karo_compose_traefik_acme_staging_enabled else "traefik_acme" %} --- name: traefik services: @@ -29,7 +30,7 @@ services: target: /etc/traefik/traefik.yml read_only: true - type: volume - source: traefik_acme + source: {{ traefik_acme_volume }} target: /etc/traefik/acme labels: - traefik.enable=true @@ -144,8 +145,8 @@ networks: gateway: 172.18.0.1 volumes: - traefik_acme: - name: traefik_acme + {{ traefik_acme_volume }}: + name: {{ traefik_acme_volume }} secrets: traefik_acme_zone_api_token: