Block dotfile access, remove custom CSS, fix cron npm install

- nginx: deny all requests to hidden files (/.git/config was publicly readable)
- nginx: remove CSS injection and /custom/ static file serving
- cron: install script deps at build time into /opt to avoid ro mount conflict
- docker-compose: widen cron build context for package.json COPY
- Delete unused theme/ghost-guild.css

cron/Dockerfile

@@ -11,8 +11,13 @@ RUN apk add --no-cache \
 
 WORKDIR /app
 
-COPY crontab /etc/crontabs/root
+# Install script dependencies at build time (into /opt so the ro volume mount doesn't shadow them)
-COPY entrypoint.sh /entrypoint.sh
+COPY scripts/package*.json /opt/scripts-deps/
+RUN cd /opt/scripts-deps && npm install --omit=dev
+ENV NODE_PATH=/opt/scripts-deps/node_modules
+
+COPY cron/crontab /etc/crontabs/root
+COPY cron/entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 
 ENTRYPOINT ["/entrypoint.sh"]

cron/entrypoint.sh

@@ -1,12 +1,6 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-# Install node dependencies for export script
-cd /app
-if [ -f scripts/package.json ]; then
-  cd scripts && npm install --production && cd ..
-fi
-
 # Configure git for automated commits
 git config --global --add safe.directory /app
 git config --global user.email "wiki-bot@ghostguild.org"

docker-compose.yml

@@ -7,7 +7,6 @@ services:
       - outline
     volumes:
       - ./nginx.conf:/etc/nginx/nginx.conf:ro
-      - ./theme:/opt/ghost-guild-wiki-theme:ro
     networks:
       - default
       - dokploy-network
@@ -70,7 +69,8 @@ services:
 
   cron:
     build:
-      context: ./cron
+      context: .
+      dockerfile: cron/Dockerfile
 
     restart: unless-stopped
     depends_on:

nginx.conf

@@ -40,13 +40,6 @@ http {
         listen [::]:3200 default_server;
         server_name wiki.ghostguild.org;
 
-        # Serve custom theme files
-        location /custom/ {
-            alias /opt/ghost-guild-wiki-theme/;
-            expires 1h;
-            add_header Cache-Control "public";
-        }
-
         # Block access to hidden files (especially .git)
         location ~ /\. {
             deny all;
@@ -76,9 +69,6 @@ http {
             # OG tags after <head> so they appear before Outline's own tags
             sub_filter '<head>' '<head><meta property="og:title" content="Ghost Guild Wiki" /><meta property="og:description" content="A living knowledge base for Baby Ghosts &amp; Ghost Guild." /><meta property="og:type" content="website" /><meta property="og:url" content="https://wiki.ghostguild.org" /><meta name="twitter:card" content="summary" /><meta name="twitter:title" content="Ghost Guild Wiki" /><meta name="twitter:description" content="A living knowledge base for Baby Ghosts &amp; Ghost Guild." />';
 
-            # CSS injection (must redeclare; sub_filter doesn't inherit across location blocks)
-            sub_filter '</head>' '<link rel="stylesheet" href="/custom/ghost-guild.css" /></head>';
-
             sub_filter_once on;
             sub_filter_types text/html;
         }
@@ -101,10 +91,6 @@ http {
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection "upgrade";
 
-            # Inject custom CSS before </head>
-            sub_filter '</head>' '<link rel="stylesheet" href="/custom/ghost-guild.css" /></head>';
-            sub_filter_once on;
-            sub_filter_types text/html;
         }
     }
 }

theme/ghost-guild.css

@@ -1,61 +0,0 @@
-/*
- * Ghost Guild — Outline Wiki Custom Theme
- *
- * Injected via nginx sub_filter into every Outline page.
- * Served from /custom/ghost-guild.css.
- *
- * NOTE: Outline's internal class names and DOM structure may change between
- * versions. After upgrading Outline, verify these selectors still work.
- */
-
-/* ---------------------------------------------------------------------------
-   Brand color overrides
-   --------------------------------------------------------------------------- */
-:root {
-  --ghost-guild-primary: #2563eb;
-  --ghost-guild-bg: #fafafa;
-  --ghost-guild-text: #1a1a2e;
-}
-
-/* ---------------------------------------------------------------------------
-   Hide Outline branding
-   --------------------------------------------------------------------------- */
-
-/* "Built with Outline" footer link */
-a[href="https://www.getoutline.com"] {
-  display: none !important;
-}
-
-/* Outline logo in sidebar */
-[data-testid="sidebar-logo"],
-a[href="/"] > svg {
-  /* Replace with Ghost Guild logo via background-image if desired:
-     background-image: url(/custom/logo.svg);
-     background-size: contain;
-     background-repeat: no-repeat;
-  */
-}
-
-/* ---------------------------------------------------------------------------
-   Typography
-   --------------------------------------------------------------------------- */
-
-/* Placeholder: uncomment and update with Ghost Guild fonts
-@font-face {
-  font-family: "GhostGuild";
-  src: url("/custom/fonts/ghost-guild.woff2") format("woff2");
-  font-weight: 400;
-  font-style: normal;
-  font-display: swap;
-}
-*/
-
-/* ---------------------------------------------------------------------------
-   Layout adjustments
-   --------------------------------------------------------------------------- */
-
-/* Widen the document area slightly */
-.document-editor,
-[class*="DocumentEditor"] {
-  max-width: 48rem;
-}