Version 121

• Massive Update!
• Reworked the entire host networking setup to allow for DHCP interfaces and adaptive firewall rules
• Implemented capability to add multiple host interfaces with a corresponding reverse proxy and distinct firewall rules
• Split the encrypted configuration file into 3 different files - encrypted config, plaintext config that requires root privileges, and plaintext config the requires regular user privileges
• Changed the HSHQOpen status from a file lock to a mkdir check, as it is an atomic operation and much safer
• Shrunk the reserved Docker networking range to 172.16.0.0/15 with 24 as the default size which allows for 512 disjoint /24 networks
• Modified firewall initialization to take place before networking is up - much safer
• Split the boot scripts into before networking and after docker
• Modified caddy-home instances to reflect the name of the interface to which it is attached
• Modified WireGuard vpn interface names to have vpn- at beginning of name rather than end (to be consistent with the caddy-home naming convention)
• Added numerous editing functions for HomeServer host interfaces
• Added functions for managing the HomeServer firewall
• Added capability to route HomeServer host internet-bound traffic via a WireGuard interface
• Added cronjobs to monitor host interface IP changes and update IP tables
• Many other related updates

Version 120

• Added support for Ubuntu 24.04 (Noble Numbat)
• Added support for Debian 12 (Bookworm)
• Added support for Linux Mint 22 (Wilma)
• Refactored the Docker version variables
• A few changes to RelayServer nuke script
• Added some dependencies and modifications to RelayServer installation for supporting other distros
• Added more suggested security updates
• Ensure needrestart is removed
• Ensure logrotate is installed on both servers
• Update RelayServer with logrotate config
• Added generic function for running update scripts on RelayServer
• Fixed a few items in the restore process
• Changed the name of a startup script and modified it to restart caddy stacks on boot
• Clean up Wazuh installation on CPU arch failure
• Provide user the option to bypass RelayServer login on updates, in case they no longer have access to the server
• Change python version in HomeAssistant root certificate volume mapping from 3.11 to 3.12
• Numerous other minor updates

Version 116

• Changed Immich certificates from hshq to le
• Changed the SSH client extension in Code-Server
• Modified a few settings in immich.json
• Call outputAllScriptServerScripts after every update, since Script-server descriptions are modified on a regular basis
• Fixed VW credentials for Immich
• Modified 02 Install All Available Services function description in Script-server
• Disable internet access for Immich containers, just for that added peace of mind
• Fixed a permissions bug with ClamAV in Mailu stack
• Fixed an issue with Nextcloud installation (on failure), as it was erroneously reporting the wrong info
• Increased the success rate of Nextcloud installation when their servers are slow and/or on heavy load (it mostly has to do with downloading the apps manifest, apps.json)
• Fixed a small bug in wgDockInternet.sh, only need to check for hostname resolution on up and status
• Modified the URL where UptimeKuma performs status checks on networked HomeServers. Instead of subdomain home, which points to heimdall, a new simple response from hshqstatus, which is significantly lighter and decreases the load on all servers
• Changed all instances of home subdomain to SUB_HSHQHOME variable
• Modify services installation defaults
• Added a few validation checks for password creation during installation
• Create a backup of the encrypted configuration file on successful decryption
• Some other minor refactorings/updates

Version 108

• Added Immich
• Added Homarr
• Updated Authelia to allow for OIDC
• Integrated FreshRSS, Linkwarden, and Paperless into Authelia OIDC SSO - these services will need to be reinstalled in order to (easily) implement these integrations
• Added password auth to Wazuh manager for agent enrollment
• A minor update to VW credentials function
• Fixed a bug on the RelayServer transfer function - need to make the WireGuard server config a hard link as it was on the initial install (Thank you Teri!)
• Some minor Script-server function description updates
• Moved some functions to the Services Functions section for better access when adding a new service

Version 105

• Added EspoCRM
• Add any new configuration variable at the beginning of the update process (in case multiple updates are being applied at the same time)
• Also moved checkAddVarsToServiceConfig function calls
• Added initServicesCredentials to update
• Fixed bug(s) in most recent update to Bar Assistant
• Reverting Dozzle due to heavy increase of CPU usage at idle
• Some minor refactoring with the HSHQ_ADMIN_NAME variable
• Reordered a few steps in the TransferRelayServer function
• Changed a default in Roundcube that defaults to replying below a message rather than above it
• A few other minor fixes and updates

Version 99

• Added Penpot
• Fixed bug with Mastodon streaming container

Version 98

• Force wget to use IPV4
• Fixed a bug in RelayServer installation script, in case the VPS provider doesn't use netplan.
• Added some more output to network join function
• Added DNS records output when creating RelayServer outside of the initial installation
• Modified RelayServer installation instructions to inform user to log in with correct username (Thank you Andy!)
• Modified nuke script for RelayServer to not delete the setup/install scripts, in case it needs to be re-ran
• Modified messaging on initial install when choosing to setup RelayServer later, to provide user additional information about network/firewall
• Added function to Script-server that will send the admin username/passwords to email admin account in human-readable format, this email will also be sent upon initial installation
• Another small fix to RelayServer installer script - ensure script is not being ran as root user
• Need to output performUpdateHSHQ.sh then move it instead of overwriting it, since this causes issues when it is replaced WHILE running it
• Fixed a bug when the connecting IP is not detected on the RelayServer install
• Added netplan as a required util on the HomeServer
• Added resolved.conf to RelayServer nuke script, in case netplan is not used
• Also check if the connecting IP is valid
• Fixed bug with PreSharedKey in WireGuard config introduced in Version 85
• Added container/stack updates for all available
• Refactored some stack functions
• Added reminder to backup data before upgrading
• A minor fix to the waitForStack function
• Refactored default interface function
• Numerous other minor updates

Version 91

• Added port forwarding from RelayServer to an internal host
• Added active response (firewall-drop) on brute-force ssh attacks to Wazuh
• Some minor refactoring and magic number replacements

Version 90

• Slight modifications to disabled services logic
• A minor environment variable update to Bar-Assistant

Version 89

• Some updates to the host RPDB
• Fixed a few minor issues with restore process
• Move paperless redis backup to nonbackup directory
• A few updates/bugfixes to the handling of HOMENET_ADDITIONAL_IPS in iptables (it really only occurs when transferring the RelayServer on a HomeServer with a public IP)
• Fixed some permission issues when performing a RelayServer transfer
• Some other touchups to the Transfer RelayServer process
• A couple of fixes/updates to uploadVPNInstallScripts function