sudoers and fixes

npm_install.py

@@ -418,6 +418,14 @@ def ensure_user_and_dirs():
         run(["chown","-R","npm:npm","/opt/npm","/data"])
     ensure_angie_runtime_perms()
 
+def create_sudoers_for_npm():
+    with step("Configuring sudoers for npm -> angie"):
+        content = """User_Alias NPMUSERS = npm
+NPMUSERS ALL=(root) NOPASSWD: /usr/sbin/angie
+"""
+        path = Path("/etc/sudoers.d/npm")
+        write_file(path, content, 0o440)
+        run(["bash","-lc", f"command -v visudo >/dev/null 2>&1 && visudo -cf {path} || true"], check=False)
 
 def adjust_nginx_like_paths_in_tree(root: Path):
     for p in root.rglob("*.conf"):
@@ -472,8 +480,8 @@ def patch_npm_backend_commands():
             txt = p.read_text(encoding="utf-8")
         except Exception:
             continue
-        new = re.sub(r'\\blogrotate\\b', '/usr/local/bin/logrotate-npm', txt)
-        new = re.sub(r'(?<!/usr/sbin/)\\bnginx\\b', '/usr/sbin/nginx', new)
+        new = re.sub(r'\blogrotate\b', '/usr/local/bin/logrotate-npm', txt)
+        new = re.sub(r'(?<!/usr/sbin/)\bnginx\b', '/usr/sbin/nginx', new)
         if new != txt:
             p.write_text(new, encoding="utf-8")
 
@@ -619,28 +627,33 @@ exec /usr/sbin/logrotate -s {state_file} "$@"
 """
         write_file(helper, helper_content, 0o755)
 
-
-def create_systemd_units():
+def create_systemd_units(ipv6_enabled: bool):
     with step("Creating and starting systemd services (angie, npm)"):
-        unit = """[Unit]
-Description=Nginx Proxy Manager (backend)
-After=network.target angie.service
-Wants=angie.service
-
-[Service]
-User=npm
-Group=npm
-WorkingDirectory=/opt/npm
-Environment=DISABLE_IPV6=true
-Environment=NODE_ENV=production
-ExecStart=/usr/bin/node /opt/npm/index.js
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-"""
-        write_file(Path("/etc/systemd/system/npm.service"), unit, 0o644)
+        unit_lines = [
+            "[Unit]",
+            "Description=Nginx Proxy Manager (backend)",
+            "After=network.target angie.service",
+            "Wants=angie.service",
+            "",
+            "[Service]",
+            "User=npm",
+            "Group=npm",
+            "WorkingDirectory=/opt/npm",
+            "Environment=NODE_ENV=production",
+            # Environment=DISABLE_IPV6=true -> dodawane tylko gdy IPv6 NIE jest włączony flagą
+        ]
+        if not ipv6_enabled:
+            unit_lines.append("Environment=DISABLE_IPV6=true")
+        unit_lines += [
+            "ExecStart=/usr/bin/node /opt/npm/index.js",
+            "Restart=on-failure",
+            "RestartSec=5",
+            "",
+            "[Install]",
+            "WantedBy=multi-user.target",
+            ""
+        ]
+        write_file(Path("/etc/systemd/system/npm.service"), "\n".join(unit_lines), 0o644)
         write_file(Path("/etc/systemd/system/angie.service"), ANGIE_UNIT, 0o644)
 
         run(["systemctl","daemon-reload"])
@@ -706,7 +719,7 @@ def print_summary(info, ipv6_enabled, dark_enabled, update_mode):
 
 # ========== UPDATE-ONLY ==========
 
-def update_only(node_pkg: str, npm_version_override: str | None, apply_dark: bool, dark_env: dict):
+def update_only(node_pkg: str, npm_version_override: str | None, apply_dark: bool, dark_env: dict, ipv6_enabled: bool):
     apt_update_upgrade()
     install_node_and_yarn(node_pkg)
 
@@ -747,6 +760,9 @@ def update_only(node_pkg: str, npm_version_override: str | None, apply_dark: boo
         os.chdir("/opt/npm")
         run(["yarn", "install"])
 
+    patch_npm_backend_commands()
+    create_systemd_units(ipv6_enabled=ipv6_enabled)
+
     with step("Setting owners"):
         run(["chown","-R","npm:npm","/opt/npm"])
 
@@ -856,7 +872,8 @@ def main():
                 TP_COMMUNITY_THEME=args.tp_community_theme,
                 TP_SCHEME=args.tp_scheme,
                 TP_THEME=args.tp_theme,
-            )
+            ),
+            ipv6_enabled=args.enable_ipv6,
         )
         info = gather_versions(version)
         update_motd(args.motd == "yes", info, ipv6_enabled=args.enable_ipv6)
@@ -865,13 +882,15 @@ def main():
 
     apt_update_upgrade()
     apt_purge(["nginx","openresty","nodejs","npm","yarn","certbot","rustc","cargo"])
-    apt_install(["ca-certificates","curl","gnupg","openssl","apache2-utils","logrotate",
+    apt_install(["ca-certificates","curl","gnupg","openssl","apache2-utils","logrotate","sudo",
                  "python3","python3-venv","sqlite3","build-essential"])
 
     setup_angie()
     install_certbot_with_dns_plugins()
     install_node_and_yarn(args.nodejs_pkg)
     ensure_user_and_dirs()
+    create_sudoers_for_npm()
+
     npm_app_version = deploy_npm_app(args.npm_version)
 
     if not args.enable_ipv6:
@@ -886,7 +905,7 @@ def main():
                         TP_SCHEME=args.tp_scheme,
                         TP_THEME=args.tp_theme)
 
-    create_systemd_units()
+    create_systemd_units(ipv6_enabled=args.enable_ipv6)
 
     ensure_nginx_symlink()
     install_logrotate_for_data_logs()