From 1f9db7d927c4590fae2983341fcc0bba8eacaed2 Mon Sep 17 00:00:00 2001
From: vhsdream <punk.sand7393@fastmail.com>
Date: Mon, 4 Aug 2025 12:55:46 -0400
Subject: [PATCH 1/3] Palmr: run services under low-priv user

- installing older version to test DB operations during upgrade
---
 ct/palmr.sh              |  3 ++-
 install/palmr-install.sh | 18 ++++++++++--------
 2 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/ct/palmr.sh b/ct/palmr.sh
index 5872f971..ba94de6f 100644
--- a/ct/palmr.sh
+++ b/ct/palmr.sh
@@ -34,10 +34,10 @@ function update_script() {
     systemctl stop palmr-frontend palmr-backend
     msg_ok "Stopped Services"
 
-    msg_info "Updating ${APP}"
     cp /opt/palmr/apps/server/.env /opt/palmr.env
     rm -rf /opt/palmr
     fetch_and_deploy_gh_release "Palmr" "kyantech/Palmr" "tarball" "latest" "/opt/palmr"
+    msg_info "Updating ${APP}"
     PNPM="$(jq -r '.packageManager' /opt/palmr/package.json)"
     NODE_VERSION="20" NODE_MODULE="$PNPM" setup_nodejs
     cd /opt/palmr/apps/server
@@ -55,6 +55,7 @@ function update_script() {
     mv ./.env.example ./.env
     $STD pnpm install
     $STD pnpm build
+    chown -R palmr:palmr "$PALMR_DIR" /opt/palmr
     msg_ok "Updated $APP"
 
     msg_info "Starting Services"
diff --git a/install/palmr-install.sh b/install/palmr-install.sh
index 9d1d87c0..73c1ea56 100644
--- a/install/palmr-install.sh
+++ b/install/palmr-install.sh
@@ -13,11 +13,7 @@ setting_up_container
 network_check
 update_os
 
-msg_info "Installing dependencies"
-$STD apt-get install -y yq
-msg_ok "Installed dependencies"
-
-fetch_and_deploy_gh_release "Palmr" "kyantech/Palmr" "tarball" "latest" "/opt/palmr"
+fetch_and_deploy_gh_release "Palmr" "kyantech/Palmr" "tarball" "v3.14-beta" "/opt/palmr"
 PNPM="$(jq -r '.packageManager' /opt/palmr/package.json)"
 NODE_VERSION="20" NODE_MODULE="$PNPM" setup_nodejs
 
@@ -32,7 +28,7 @@ sed -e 's/_ENCRYPTION=true/_ENCRYPTION=false/' \
   -e "s/ENCRYPTION_KEY=.*$/ENCRYPTION_KEY=$PALMR_KEY/" \
   -e "s|file:.*$|file:$PALMR_DB\"|" \
   -e '/db"$/a\# Uncomment below when using reverse proxy\
-  # SECURE_SITE=true' \
+# SECURE_SITE=true' \
   .env.example >./.env
 $STD pnpm install
 $STD pnpm dlx prisma generate
@@ -51,7 +47,9 @@ $STD pnpm install
 $STD pnpm build
 msg_ok "Configured palmr frontend"
 
-msg_info "Creating service files"
+msg_info "Creating user & services"
+useradd -d "$PALMR_DIR" -M -s /usr/sbin/nologin -U palmr
+chown -R palmr:palmr "$PALMR_DIR" /opt/palmr
 cat <<EOF >/etc/systemd/system/palmr-backend.service
 [Unit]
 Description=palmr Backend Service
@@ -59,6 +57,8 @@ After=network.target
 
 [Service]
 Type=simple
+User=palmr
+Group=palmr
 WorkingDirectory=/opt/palmr_data
 ExecStart=/usr/bin/node /opt/palmr/apps/server/dist/server.js
 
@@ -73,6 +73,8 @@ After=network.target palmr-backend.service
 
 [Service]
 Type=simple
+User=palmr
+Group=palmr
 WorkingDirectory=/opt/palmr/apps/web
 ExecStart=/usr/bin/pnpm start
 
@@ -80,7 +82,7 @@ ExecStart=/usr/bin/pnpm start
 WantedBy=multi-user.target
 EOF
 systemctl enable -q --now palmr-backend palmr-frontend
-msg_ok "Created services"
+msg_ok "Created user & services"
 
 motd_ssh
 customize

From 970596be400bb81728a2a429dd52e6c097401895 Mon Sep 17 00:00:00 2001
From: vhsdream <punk.sand7393@fastmail.com>
Date: Mon, 4 Aug 2025 12:59:51 -0400
Subject: [PATCH 2/3] fix repo tag

---
 install/palmr-install.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install/palmr-install.sh b/install/palmr-install.sh
index 73c1ea56..37ab3e3d 100644
--- a/install/palmr-install.sh
+++ b/install/palmr-install.sh
@@ -13,7 +13,7 @@ setting_up_container
 network_check
 update_os
 
-fetch_and_deploy_gh_release "Palmr" "kyantech/Palmr" "tarball" "v3.14-beta" "/opt/palmr"
+fetch_and_deploy_gh_release "Palmr" "kyantech/Palmr" "tarball" "v3.1.4-beta" "/opt/palmr"
 PNPM="$(jq -r '.packageManager' /opt/palmr/package.json)"
 NODE_VERSION="20" NODE_MODULE="$PNPM" setup_nodejs
 

From 64b5e2f2b79b90289b2f152877a70fafa4b33b45 Mon Sep 17 00:00:00 2001
From: vhsdream <punk.sand7393@fastmail.com>
Date: Mon, 4 Aug 2025 18:11:30 -0400
Subject: [PATCH 3/3] Update palmr

---
 ct/palmr.sh                     |  2 +-
 frontend/public/json/palmr.json | 10 +++++++---
 install/palmr-install.sh        |  6 +++++-
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/ct/palmr.sh b/ct/palmr.sh
index ba94de6f..06014b5b 100644
--- a/ct/palmr.sh
+++ b/ct/palmr.sh
@@ -42,11 +42,11 @@ function update_script() {
     NODE_VERSION="20" NODE_MODULE="$PNPM" setup_nodejs
     cd /opt/palmr/apps/server
     PALMR_DIR="/opt/palmr_data"
-    # export PALMR_DB="${PALMR_DIR}/palmr.db"
     $STD pnpm install
     mv /opt/palmr.env ./.env
     $STD pnpm dlx prisma generate
     $STD pnpm dlx prisma migrate deploy
+    $STD pnpm dlx prisma db push
     $STD pnpm build
 
     cd /opt/palmr/apps/web
diff --git a/frontend/public/json/palmr.json b/frontend/public/json/palmr.json
index 2f577118..0f5fffd2 100644
--- a/frontend/public/json/palmr.json
+++ b/frontend/public/json/palmr.json
@@ -10,7 +10,7 @@
   "privileged": false,
   "interface_port": 3000,
   "documentation": "https://palmr.kyantech.com.br/docs/3.1-beta",
-  "config_path": "/opt/palmr/backend.env, /opt/palmr/frontend.env",
+  "config_path": "/opt/palmr/apps/server/.env, /opt/palmr/apps/web/.env",
   "website": "https://palmr.kyantech.com.br/",
   "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons/webp/palmr.webp",
   "description": "Palmr is a fast and secure platform for sharing files, built with performance and privacy in mind.",
@@ -19,7 +19,7 @@
       "type": "default",
       "script": "ct/palmr.sh",
       "resources": {
-        "cpu": 2,
+        "cpu": 4,
         "ram": 4096,
         "hdd": 6,
         "os": "Debian",
@@ -33,7 +33,11 @@
   },
   "notes": [
     {
-      "text": "Info here",
+      "text": "To use a bind mount for storage, create symlinks to your mount for both `uploads` and `temp-uploads` in `/opt/palmr_data`",
+      "type": "info"
+    },
+    {
+      "text": "To use Palmr with a reverse proxy, uncomment `SECURE_SITE` in `/opt/palmr/apps/server/.env`",
       "type": "info"
     }
   ]
diff --git a/install/palmr-install.sh b/install/palmr-install.sh
index 37ab3e3d..30759aa2 100644
--- a/install/palmr-install.sh
+++ b/install/palmr-install.sh
@@ -13,7 +13,11 @@ setting_up_container
 network_check
 update_os
 
-fetch_and_deploy_gh_release "Palmr" "kyantech/Palmr" "tarball" "v3.1.4-beta" "/opt/palmr"
+msg_info "Installing dependencies"
+$STD apt-get install yq -y
+msg_ok "Installed dependencies"
+
+fetch_and_deploy_gh_release "Palmr" "kyantech/Palmr" "tarball" "latest" "/opt/palmr"
 PNPM="$(jq -r '.packageManager' /opt/palmr/package.json)"
 NODE_VERSION="20" NODE_MODULE="$PNPM" setup_nodejs