Refactor: Use heredoc when creating env files and creds/other (#15469)

* Use heredoc * Fixes
2026-06-30 19:24:57 +02:00 · 2026-06-30 13:01:18 +02:00
parent 02bbb774c9
commit 4d56173394
65 changed files with 418 additions and 424 deletions
@@ -58,12 +58,11 @@ function update_script() {
        -e 's/^NODE_/APP_/' \
        -e '/^SERVER_*/d' \
        -e '/^# API*/,+2d' /opt/patchmon/.env
-      {
-        echo ""
-        echo "SESSION_SECRET=$(openssl rand -hex 64)"
-        echo "AI_ENCRYPTION_KEY=$(openssl rand -hex 64)"
-        echo "AGENT_BINARIES_DIR=/opt/patchmon/agents"
-      } >>/opt/patchmon/.env
+      cat <<EOF >/opt/patchmon/.env
+SESSION_SECRET=$(openssl rand -hex 64)
+AI_ENCRYPTION_KEY=$(openssl rand -hex 64)
+AGENT_BINARIES_DIR=/opt/patchmon/agents
+EOF
      sed -i -e '\|Directory|s|/backend||' \
        -e 's|^ExecStart=.*|ExecStart=/opt/patchmon/patchmon-server|' \
        -e 's|^Environment=NODE_.*|EnvironmentFile=/opt/patchmon/.env|' \
@@ -57,11 +57,11 @@ function update_script() {
      sed -i 's/--workers 4//' /opt/wizarr/start.sh
    fi
    if ! grep -qE 'FLASK|WORKERS|VERSION' /opt/wizarr/.env; then
-      {
-        echo "FLASK_ENV=production"
-        echo "GUNICORN_WORKERS=4"
-        echo "APP_VERSION=$(sed 's/^20/v&/' ~/.wizarr)"
-      } >>/opt/wizarr/.env
+      cat <<EOF >/opt/wizarr/.env
+FLASK_ENV=production
+GUNICORN_WORKERS=4
+APP_VERSION=$(sed 's/^20/v&/' ~/.wizarr)
+EOF
    else
      sed -i "s/_VERSION=v.*$/_VERSION=v$(cat ~/.wizarr)/" /opt/wizarr/.env
    fi
@@ -86,12 +86,11 @@ user.is_superuser = True
 user.is_staff = True
 user.save()
 EOF
-{
-  echo ""
-  echo "Django-Credentials"
-  echo "Django Admin User: $DJANGO_ADMIN_USER"
-  echo "Django Admin Password: $DJANGO_ADMIN_PASS"
-} >>~/adventurelog.creds
+cat <<EOF >~/adventurelog.creds
+Django-Credentials
+Django Admin User: $DJANGO_ADMIN_USER
+Django Admin Password: $DJANGO_ADMIN_PASS
+EOF
 msg_ok "Setup Django Admin"

 msg_info "Creating Service"
@@ -25,12 +25,12 @@ mkdir -p /etc/garage
 RPC_SECRET=$(openssl rand -hex 64 | cut -c1-64)
 ADMIN_TOKEN=$(openssl rand -base64 32)
 METRICS_TOKEN=$(openssl rand -base64 32)
-{
-  echo "Garage Tokens and Secrets"
-  echo "RPC Secret: $RPC_SECRET"
-  echo "Admin Token: $ADMIN_TOKEN"
-  echo "Metrics Token: $METRICS_TOKEN"
-} >~/garage.creds
+cat <<EOF >~/garage.creds
+Garage Tokens and Secrets
+RPC Secret: $RPC_SECRET
+Admin Token: $ADMIN_TOKEN
+Metrics Token: $METRICS_TOKEN
+EOF
 echo $GITEA_RELEASE >>~/.garage
 cat <<EOF >/etc/garage.toml
 metadata_dir = "/var/lib/garage/meta"
@@ -38,10 +38,10 @@ chmod +x /usr/local/bin/ironclaw
 msg_info "Configuring Environment"
 GATEWAY_TOKEN=$(openssl rand -hex 32)
 mkdir -p /root/.ironclaw
-{
-    echo "Gateway-Token"
-    echo "Token: $GATEWAY_TOKEN"
-} >> /root/.ironclaw/gateway.creds
+cat <<EOF >/root/.ironclaw/gateway.creds
+Gateway-Token
+Token: $GATEWAY_TOKEN
+EOF

 mkdir -p /root/.ironclaw
 cat <<EOF >/root/.ironclaw/.env
@@ -27,11 +27,11 @@ $STD unzip -j "$temp_file" '*/**' -d /opt/rclone
 cd /opt/rclone
 RCLONE_PASSWORD=$(head -c 16 /dev/urandom | xxd -p -c 16)
 $STD htpasswd -cb -B /opt/login.pwd admin "$RCLONE_PASSWORD"
-{
-  echo "rclone-Credentials"
-  echo "rclone User Name: admin"
-  echo "rclone Password: $RCLONE_PASSWORD"
-} >>~/rclone.creds
+cat <<EOF >~/rclone.creds
+rclone-Credentials
+rclone User Name: admin
+rclone Password: $RCLONE_PASSWORD
+EOF
 echo "${RELEASE}" >/opt/rclone_version.txt
 rm -f "$temp_file"
 msg_ok "Installed rclone"
@@ -40,12 +40,12 @@ mv release /opt/rustdesk-api
 cd /opt/rustdesk-api
 ADMINPASS=$(head -c 16 /dev/urandom | xxd -p -c 16)
 $STD ./apimain reset-admin-pwd "$ADMINPASS"
-{
-  echo "RustDesk WebUI"
-  echo ""
-  echo "Username: admin"
-  echo "Password: $ADMINPASS"
-} >>~/rustdesk.creds
+cat <<EOF >~/rustdesk.creds
+RustDesk WebUI
+
+Username: admin
+Password: $ADMINPASS
+EOF
 echo "${APIRELEASE}" >~/.rustdesk-api
 msg_ok "Installed RustDesk API v${APIRELEASE}"

@@ -25,13 +25,12 @@ chmod 600 ~/valkey.creds
 MEMTOTAL_MB=$(free -m | grep ^Mem: | awk '{print $2}')
 MAXMEMORY_MB=$((MEMTOTAL_MB * 75 / 100))

-{
-  echo ""
-  echo "# Memory-optimized settings for small-scale deployments"
-  echo "maxmemory ${MAXMEMORY_MB}mb"
-  echo "maxmemory-policy allkeys-lru"
-  echo "maxmemory-samples 10"
-} >>/etc/valkey/valkey.conf
+cat <<EOF >/etc/valkey/valkey.conf
+# Memory-optimized settings for small-scale deployments
+maxmemory ${MAXMEMORY_MB}mb
+maxmemory-policy allkeys-lru
+maxmemory-samples 10
+EOF
 msg_ok "Installed Valkey"

 # Note: Alpine's valkey package is compiled without TLS support
@@ -16,7 +16,7 @@ update_os
 setup_mongodb

 msg_info "Configuring MongoDB Replica Set"
-cat <<EOF >>/etc/mongod.conf
+cat <<EOF >/etc/mongod.conf

 replication:
  replSetName: "rs0"
@@ -28,11 +28,11 @@ setup_deb822_repo \
  "$(get_os_info codename)" \
  "main"
 $STD apt install -y couchdb
-{
-  echo "CouchDB Credentials"
-  echo "CouchDB Erlang Cookie: $ERLANG_COOKIE"
-  echo "CouchDB Admin Password: $ADMIN_PASS"
-} >>~/couchdb.creds
+cat <<EOF >~/couchdb.creds
+CouchDB Credentials
+CouchDB Erlang Cookie: $ERLANG_COOKIE
+CouchDB Admin Password: $ADMIN_PASS
+EOF
 msg_ok "Installed Apache CouchDB"

 motd_ssh
@@ -79,13 +79,13 @@ msg_ok "Setup Apache Guacamole"
 msg_info "Importing Database Schema"
 cd ~/guacamole-auth-jdbc-"${GUAC_SERVER_VERSION}"/mysql/schema
 cat *.sql | mariadb -u root ${MARIADB_DB_NAME}
-{
-  echo "mysql-hostname: 127.0.0.1"
-  echo "mysql-port: 3306"
-  echo "mysql-database: $MARIADB_DB_NAME"
-  echo "mysql-username: $MARIADB_DB_USER"
-  echo "mysql-password: $MARIADB_DB_PASS"
-} >>/etc/guacamole/guacamole.properties
+cat <<EOF >/etc/guacamole/guacamole.properties
+mysql-hostname: 127.0.0.1
+mysql-port: 3306
+mysql-database: $MARIADB_DB_NAME
+mysql-username: $MARIADB_DB_USER
+mysql-password: $MARIADB_DB_PASS
+EOF
 rm -rf ~/guacamole-auth-jdbc-"$GUAC_SERVER_VERSION"{,.tar.gz}
 msg_ok "Imported Database Schema"

@@ -17,7 +17,7 @@ fetch_and_deploy_gh_release "autobrr" "autobrr/autobrr" "prebuild" "latest" "/us

 msg_info "Configuring Autobrr"
 mkdir -p /root/.config/autobrr
-cat <<EOF >>/root/.config/autobrr/config.toml
+cat <<EOF >/root/.config/autobrr/config.toml
 # https://autobrr.com/configuration/autobrr
 host = "0.0.0.0"
 port = 7474
@@ -51,7 +51,7 @@ mkdir -p /opt/bookorbit-data/covers /opt/bookorbit-data/book-bucket /opt/bookorb
 APP_VER=$(cat ~/.bookorbit)
 JWT_SECRET=$(openssl rand -hex 32)
 SETUP_BOOTSTRAP_TOKEN=$(openssl rand -hex 16)
-cat <<EOF >>~/bookorbit.creds
+cat <<EOF >~/bookorbit.creds

 Setup Token: ${SETUP_BOOTSTRAP_TOKEN}
 EOF
@@ -29,12 +29,12 @@ MKPASSWORD=$(openssl rand -base64 18 | tr -d '/+=' | cut -c1-16)

 echo -e "$MKPASSWORD\n$MKPASSWORD" | su - "$SITE_NAME" -c "cmk-passwd cmkadmin --stdin"
 $STD omd start "$SITE_NAME"
-{
-  echo "Application-Credentials"
-  echo "Username: cmkadmin"
-  echo "Password: $MKPASSWORD"
-  echo "Site: $SITE_NAME"
-} >>~/checkmk.creds
+cat <<EOF >~/checkmk.creds
+Application-Credentials
+Username: cmkadmin
+Password: $MKPASSWORD
+Site: $SITE_NAME
+EOF
 msg_ok "Created Service"

 cleanup_lxc
@@ -66,13 +66,13 @@ for i in $(seq 1 30); do
  sleep 2
 done
 if [[ -f "$CREDS_FILE" ]]; then
-  {
-    echo "Crafty-Controller-Credentials"
-    echo "Username: $(grep -oP '(?<="username": ")[^"]*' "$CREDS_FILE")"
-    echo "Password: $(grep -oP '(?<="password": ")[^"]*' "$CREDS_FILE")"
-  } >>~/crafty-controller.creds
+  cat <<EOF >~/crafty-controller.creds
+Crafty-Controller-Credentials
+Username: $(grep -oP '(?<="username": ")[^"]*' "$CREDS_FILE")
+Password: $(grep -oP '(?<="password": ")[^"]*' "$CREDS_FILE")
+EOF
 fi
 msg_ok "Service started"
 motd_ssh
 customize
-cleanup_lxc
+cleanup_lxc
@@ -24,10 +24,10 @@ setup_mariadb
 msg_info "Setting up Database"
 ROOT_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD mariadb -u root -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '$ROOT_PASS'; flush privileges;"
-{
-  echo "Dolibarr DB Credentials"
-  echo "MariaDB Root Password: $ROOT_PASS"
-} >>~/dolibarr.creds
+cat <<EOF >~/dolibarr.creds
+Dolibarr DB Credentials
+MariaDB Root Password: $ROOT_PASS
+EOF
 msg_ok "Set up database"

 msg_info "Setup Dolibarr"
@@ -43,11 +43,11 @@ sed -i "s|#chroot_local_user=YES|chroot_local_user=NO|g" /etc/vsftpd.conf

 systemctl restart -q vsftpd.service

-{
-  echo "FTP-Credentials"
-  echo "Username: ftpuser"
-  echo "Password: $FTP_PASS"
-} >>~/ftp.creds
+cat <<EOF >~/ftp.creds
+FTP-Credentials
+Username: ftpuser
+Password: $FTP_PASS
+EOF

 msg_ok "FTP server setup completed"

@@ -25,10 +25,10 @@ fetch_and_deploy_gh_release "duplicati" "duplicati/duplicati" "binary" "latest"
 msg_info "Configuring duplicati"
 DECRYPTKEY=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 ADMINPASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
-{
-  echo "Admin password = ${ADMINPASS}"
-  echo "Database encryption key = ${DECRYPTKEY}"
-} >>~/duplicati.creds
+cat <<EOF >~/duplicati.creds
+Admin password = ${ADMINPASS}
+Database encryption key = ${DECRYPTKEY}
+EOF
 msg_ok "Configured duplicati"

 msg_info "Creating Service"
@@ -44,7 +44,7 @@ ADMIN_PASS="$(openssl rand -base64 18 | cut -c1-13)"
 echo "enable_registration_without_verification: true" >>/etc/matrix-synapse/homeserver.yaml
 echo "registration_shared_secret: ${SECRET}" >>/etc/matrix-synapse/homeserver.yaml

-cat <<EOF >>/etc/matrix-synapse/homeserver.yaml
+cat <<EOF >/etc/matrix-synapse/homeserver.yaml

 # MatrixRTC / Element Call configuration
 experimental_features:
@@ -63,11 +63,11 @@ rc_delayed_event_mgmt:
 EOF
 systemctl enable -q --now matrix-synapse
 $STD register_new_matrix_user -a --user admin --password "$ADMIN_PASS" --config /etc/matrix-synapse/homeserver.yaml
-{
-  echo "Matrix-Credentials"
-  echo "Admin username: admin"
-  echo "Admin password: $ADMIN_PASS"
-} >>~/matrix.creds
+cat <<EOF >~/matrix.creds
+Matrix-Credentials
+Admin username: admin
+Admin password: $ADMIN_PASS
+EOF
 systemctl stop matrix-synapse
 sed -i '34d' /etc/matrix-synapse/homeserver.yaml
 systemctl start matrix-synapse
@@ -86,14 +86,14 @@ ADMIN_PASSWORD=${ADMIN_PASS}
 DB_ROOT_PASSWORD=${DB_ROOT_PASS}
 SITE_NAME=site1.local
 EOF
-{
-  echo "ERPNext Credentials"
-  echo "=================="
-  echo "Admin Username: Administrator"
-  echo "Admin Password: ${ADMIN_PASS}"
-  echo "DB Root Password: ${DB_ROOT_PASS}"
-  echo "Site Name: site1.local"
-} >~/erpnext.creds
+cat <<EOF >~/erpnext.creds
+ERPNext Credentials
+==================
+Admin Username: Administrator
+Admin Password: ${ADMIN_PASS}
+DB Root Password: ${DB_ROOT_PASS}
+Site Name: site1.local
+EOF
 $STD systemctl enable --now redis-server
 msg_ok "Configured ERPNext"

@@ -290,7 +290,7 @@ detect:
 EOF

 if grep -q -o -m1 -E 'avx[^ ]*|sse4_2' /proc/cpuinfo && [[ -f /openvino-model/ssdlite_mobilenet_v2.xml ]] && [[ -f /openvino-model/coco_91cl_bkgr.txt ]]; then
-  cat <<EOF >>/config/config.yml
+  cat <<EOF >/config/config.yml
 ffmpeg:
  hwaccel_args: auto
 detectors:
@@ -306,7 +306,7 @@ model:
  labelmap_path: /openvino-model/coco_91cl_bkgr.txt
 EOF
 else
-  cat <<EOF >>/config/config.yml
+  cat <<EOF >/config/config.yml
 ffmpeg:
  hwaccel_args: auto
 model:
@@ -22,12 +22,12 @@ mkdir -p /etc/garage
 RPC_SECRET=$(openssl rand -hex 32)
 ADMIN_TOKEN=$(openssl rand -base64 32)
 METRICS_TOKEN=$(openssl rand -base64 32)
-{
-    echo "Garage Tokens and Secrets"
-    echo "RPC Secret: $RPC_SECRET"
-    echo "Admin Token: $ADMIN_TOKEN"
-    echo "Metrics Token: $METRICS_TOKEN"
-} >>~/garage.creds
+cat <<EOF >~/garage.creds
+Garage Tokens and Secrets
+RPC Secret: $RPC_SECRET
+Admin Token: $ADMIN_TOKEN
+Metrics Token: $METRICS_TOKEN
+EOF
 echo $GITEA_RELEASE >>~/.garage
 cat <<EOF >/etc/garage.toml
 metadata_dir = "/var/lib/garage/meta"
@@ -29,12 +29,12 @@ PG_DB_NAME="ghostfolio" PG_DB_USER="ghostfolio" PG_DB_SCHEMA_PERMS="true" setup_
 REDIS_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 ACCESS_TOKEN_SALT=$(openssl rand -base64 32)
 JWT_SECRET_KEY=$(openssl rand -base64 32)
-{
-  echo "Ghostfolio Credentials"
-  echo "Redis Password: $REDIS_PASS"
-  echo "Access Token Salt: $ACCESS_TOKEN_SALT"
-  echo "JWT Secret Key: $JWT_SECRET_KEY"
-} >>~/ghostfolio.creds
+cat <<EOF >~/ghostfolio.creds
+Ghostfolio Credentials
+Redis Password: $REDIS_PASS
+Access Token Salt: $ACCESS_TOKEN_SALT
+JWT Secret Key: $JWT_SECRET_KEY
+EOF
 msg_ok "Set up Database"

 fetch_and_deploy_gh_release "ghostfolio" "ghostfolio/ghostfolio" "tarball" "latest" "/opt/ghostfolio"
@@ -33,12 +33,12 @@ $STD mariadb -u root -e "CREATE DATABASE $DB_NAME;"
 $STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
 $STD mariadb -u root -e "GRANT ALL PRIVILEGES ON $DB_NAME.* TO '$DB_USER'@'localhost';"
 $STD mariadb -u root -e "GRANT SELECT ON \`mysql\`.\`time_zone_name\` TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-{
-  echo "GLPI Database Credentials"
-  echo "Database: $DB_NAME"
-  echo "Username: $DB_USER"
-  echo "Password: $DB_PASS"
-} >>~/glpi_db.creds
+cat <<EOF >~/glpi_db.creds
+GLPI Database Credentials
+Database: $DB_NAME
+Username: $DB_USER
+Password: $DB_PASS
+EOF
 msg_ok "Set up database"

 msg_info "Installing GLPi"
@@ -28,11 +28,11 @@ msg_ok "Setup Graylog Data Node"
 msg_info "Setup ${APPLICATION}"
 $STD apt-get install graylog-server
 ROOT_PASSWORD=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c16)
-{
-  echo "${APPLICATION} Credentials"
-  echo "Admin User: admin"
-  echo "Admin Password: ${ROOT_PASSWORD}"
-} >>~/graylog.creds
+cat <<EOF >~/graylog.creds
+${APPLICATION} Credentials
+Admin User: admin
+Admin Password: ${ROOT_PASSWORD}
+EOF
 ROOT_PASSWORD=$(echo -n $ROOT_PASSWORD | shasum -a 256 | awk '{print $1}')
 sed -i "s/password_secret =/password_secret = $PASSWORD_SECRET/g" /etc/graylog/server/server.conf
 sed -i "s/root_password_sha2 =/root_password_sha2 = $ROOT_PASSWORD/g" /etc/graylog/server/server.conf
@@ -14,14 +14,14 @@ update_os

 msg_info "Installing Dependencies"
 $STD apt install -y \
-  gcc \
-  python3 \
-  python3-dev \
-  python3-venv \
-  libpq-dev \
-  libcurl4-openssl-dev \
-  libssl-dev \
-  caddy
+    gcc \
+    python3 \
+    python3-dev \
+    python3-venv \
+    libpq-dev \
+    libcurl4-openssl-dev \
+    libssl-dev \
+    caddy

 mkdir -p ~/.config/pip
 cat >~/.config/pip/pip.conf <<EOF
@@ -37,10 +37,10 @@ msg_info "Setup Keys (Admin / Secret)"
 SECRET_KEY="$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | cut -c1-32)"
 ADMIN_EMAIL="admin@community-scripts.org"
 ADMIN_PASSWORD="$PG_DB_PASS"
-{
-  echo "healthchecks Admin Email: $ADMIN_EMAIL"
-  echo "healthchecks Admin Password: $ADMIN_PASSWORD"
-} >>~/healthchecks.creds
+cat <<EOF >~/healthchecks.creds
+healthchecks Admin Email: $ADMIN_EMAIL
+healthchecks Admin Password: $ADMIN_PASSWORD
+EOF
 msg_ok "Set up Keys"

 fetch_and_deploy_gh_release "healthchecks" "healthchecks/healthchecks" "tarball"
@@ -46,12 +46,12 @@ ADMIN_EMAIL="admin@example.com"
 ADMIN_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)"
 ADMIN_HASH=$(php -r "echo password_hash('$ADMIN_PASS', PASSWORD_BCRYPT);")
 $STD mariadb -u root -D $MARIADB_DB_NAME -e "INSERT IGNORE INTO UserModel (name, email, password, admin) VALUES ('Admin', '$ADMIN_EMAIL', '$ADMIN_HASH', 1);"
-{
-  echo ""
-  echo "HortusFox-Admin-Creds:"
-  echo "E-Mail: $ADMIN_EMAIL"
-  echo "Passwort: $ADMIN_PASS"
-} >>~/hortusfox.creds
+cat <<EOF >~/hortusfox.creds
+
+HortusFox-Admin-Creds:
+E-Mail: $ADMIN_EMAIL
+Passwort: $ADMIN_PASS
+EOF
 $STD mariadb -u root -D $MARIADB_DB_NAME -e "INSERT IGNORE INTO LocationsModel (name, active, created_at) VALUES ('Home', 1, NOW());"
 msg_ok "Set up HortusFox"

@@ -293,13 +293,13 @@ ldconfig /usr/local/lib
 cd "$STAGING_DIR"
 rm -rf "$SOURCE"/build
 msg_ok "(5/5) Compiled libvips"
-{
-  echo "imagemagick: $IMAGEMAGICK_REVISION"
-  echo "libheif: $LIBHEIF_REVISION"
-  echo "libjxl: $LIBJXL_REVISION"
-  echo "libraw: $LIBRAW_REVISION"
-  echo "libvips: $LIBVIPS_REVISION"
-} >~/.immich_library_revisions
+cat <<EOF >~/.immich_library_revisions
+imagemagick: $IMAGEMAGICK_REVISION
+libheif: $LIBHEIF_REVISION
+libjxl: $LIBJXL_REVISION
+libraw: $LIBRAW_REVISION
+libvips: $LIBVIPS_REVISION
+EOF
 msg_ok "Custom Photo-processing Libraries Compiled Successfully"

 INSTALL_DIR="/opt/${APPLICATION}"
@@ -30,10 +30,10 @@ chmod +x /usr/local/bin/ironclaw
 msg_info "Configuring Environment"
 GATEWAY_TOKEN=$(openssl rand -hex 32)
 mkdir -p /root/.ironclaw
-{
-    echo "Gateway-Token"
-    echo "Token: $GATEWAY_TOKEN"
-} >> /root/.ironclaw/gateway.creds
+cat <<EOF >/root/.ironclaw/gateway.creds
+Gateway-Token
+Token: $GATEWAY_TOKEN
+EOF

 mkdir -p /root/.ironclaw
 cat <<EOF >/root/.ironclaw/.env
@@ -33,12 +33,12 @@ MYSQL_VERSION=$(mariadb --version | grep -oE '[0-9]+\.[0-9]+\.[0-9]+')
 $STD mariadb -e "CREATE DATABASE $DB_NAME;"
 $STD mariadb -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
 $STD mariadb -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-{
-  echo "Kimai-Credentials"
-  echo "Kimai Database User: $DB_USER"
-  echo "Kimai Database Password: $DB_PASS"
-  echo "Kimai Database Name: $DB_NAME"
-} >>~/kimai.creds
+cat <<EOF >~/kimai.creds
+Kimai-Credentials
+Kimai Database User: $DB_USER
+Kimai Database Password: $DB_PASS
+Kimai Database Name: $DB_NAME
+EOF
 msg_ok "Set up database"

 fetch_and_deploy_gh_release "kimai" "kimai/kimai" "tarball"
@@ -116,11 +116,11 @@ cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf

 APP_PASSWORD=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 APP_USER="admin"
-{
-  echo "LibreNMS Credentials"
-  echo "Username: ${APP_USER}"
-  echo "Password: ${APP_PASSWORD}"
-} >>~/librenms.creds
+cat <<EOF >~/librenms.creds
+LibreNMS Credentials
+Username: ${APP_USER}
+Password: ${APP_PASSWORD}
+EOF

 $STD su - librenms -s /bin/bash -c "cd /opt/librenms && COMPOSER_ALLOW_SUPERUSER=1 composer install --no-dev"
 $STD su - librenms -s /bin/bash -c "cd /opt/librenms && php8.4 artisan migrate --force"
@@ -23,12 +23,12 @@ DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD mariadb -u root -e "CREATE DATABASE $DB_NAME CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
 $STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
 $STD mariadb -u root -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-{
-  echo "LimeSurvey-Credentials"
-  echo "LimeSurvey Database User: $DB_USER"
-  echo "LimeSurvey Database Password: $DB_PASS"
-  echo "LimeSurvey Database Name: $DB_NAME"
-} >>~/limesurvey.creds
+cat <<EOF >~/limesurvey.creds
+LimeSurvey-Credentials
+LimeSurvey Database User: $DB_USER
+LimeSurvey Database Password: $DB_PASS
+LimeSurvey Database Name: $DB_NAME
+EOF
 msg_ok "Configured MariaDB Database"

 msg_info "Setting up LimeSurvey"
@@ -21,12 +21,12 @@ DB_USER=listmonk
 DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)
 $STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';"
 $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER TEMPLATE template0;"
-{
-  echo "listmonk-Credentials"
-  echo -e "listmonk Database User: \e[32m$DB_USER\e[0m"
-  echo -e "listmonk Database Password: \e[32m$DB_PASS\e[0m"
-  echo -e "listmonk Database Name: \e[32m$DB_NAME\e[0m"
-} >>~/listmonk.creds
+cat <<EOF >~/listmonk.creds
+listmonk-Credentials
+listmonk Database User: $DB_USER
+listmonk Database Password: $DB_PASS
+listmonk Database Name: $DB_NAME
+EOF
 msg_ok "Configured PostgreSQL"

 fetch_and_deploy_gh_release "listmonk" "knadh/listmonk" "prebuild" "latest" "/opt/listmonk" "listmonk*linux_$(arch_resolve).tar.gz"
@@ -67,10 +67,10 @@ export ERLANG_BIN="/opt/livebook/.elixir-install/installs/otp/\${ERLANG_VERSION}
 export ELIXIR_BIN="/opt/livebook/.elixir-install/installs/elixir/\${ELIXIR_VERSION}/bin"
 export PATH="\$ESCRIPTS_BIN:\$ERLANG_BIN:\$ELIXIR_BIN:\$PATH"
 EOF
-{
-  echo "Livebook-Credentials"
-  echo "Livebook Password: $LIVEBOOK_PASSWORD"
-} >>~/livebook.creds
+cat <<EOF >~/livebook.creds
+Livebook-Credentials
+Livebook Password: $LIVEBOOK_PASSWORD
+EOF
 msg_ok "Installed Erlang $ERLANG_VERSION and Elixir $ELIXIR_VERSION"

 msg_info "Installing Livebook"
@@ -27,12 +27,12 @@ DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD mariadb -u root -e "CREATE DATABASE $DB_NAME;"
 $STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED by '$DB_PASS';"
 $STD mariadb -u root -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-{
-  echo "Manage My Damn Life Credentials"
-  echo "Database User: $DB_USER"
-  echo "Database Password: $DB_PASS"
-  echo "Database Name: $DB_NAME"
-} >>~/mmdl.creds
+cat <<EOF >~/mmdl.creds
+Manage My Damn Life Credentials
+Database User: $DB_USER
+Database Password: $DB_PASS
+Database Name: $DB_NAME
+EOF
 msg_ok "Set up Database"

 fetch_and_deploy_gh_release "mmdl" "intri-in/manage-my-damn-life-nextjs" "tarball"
@@ -35,12 +35,12 @@ $STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';"
 $STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME to $DB_USER;"
 $STD sudo -u postgres psql -c "ALTER DATABASE $DB_NAME OWNER TO $DB_USER;"
 $STD sudo -u postgres psql -c "GRANT USAGE, CREATE ON SCHEMA PUBLIC TO $DB_USER;"
-{
-  echo "Mattermost Credentials"
-  echo "Database User: $DB_USER"
-  echo "Database Password: $DB_PASS"
-  echo "Database Name: $DB_NAME"
-} >>~/mattermost.creds
+cat <<EOF >~/mattermost.creds
+Mattermost Credentials
+Database User: $DB_USER
+Database Password: $DB_PASS
+Database Name: $DB_NAME
+EOF
 msg_ok "Set up PostgreSQL"

 msg_info "Installing Mattermost"
@@ -30,12 +30,12 @@ DB_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)"
 $STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';"
 $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER TEMPLATE template0;"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
-{
-  echo "MediaManager Credentials"
-  echo "MediaManager Database User: $DB_USER"
-  echo "MediaManager Database Password: $DB_PASS"
-  echo "MediaManager Database Name: $DB_NAME"
-} >>~/mediamanager.creds
+cat <<EOF >~/mediamanager.creds
+MediaManager Credentials
+MediaManager Database User: $DB_USER
+MediaManager Database Password: $DB_PASS
+MediaManager Database Name: $DB_NAME
+EOF
 msg_ok "Set up PostgreSQL"

 fetch_and_deploy_gh_release "MediaManager" "maxdorninger/MediaManager" "tarball" "latest" "/opt/mediamanager"
@@ -28,10 +28,10 @@ ADMIN_USERNAME=$ADMIN_NAME
 ADMIN_PASSWORD=$ADMIN_PASS
 LISTEN_ADDR=0.0.0.0:8080
 EOF
-{
-  echo "ADMIN_USERNAME: $ADMIN_NAME"
-  echo "ADMIN_PASSWORD: $ADMIN_PASS"
-} >>~/miniflux.creds
+cat <<EOF >~/miniflux.creds
+ADMIN_USERNAME: $ADMIN_NAME
+ADMIN_PASSWORD: $ADMIN_PASS
+EOF
 $STD miniflux -migrate -config-file /etc/miniflux.conf
 systemctl enable -q --now miniflux
 msg_ok "Configured Miniflux"
@@ -85,12 +85,12 @@ user.is_superuser = True
 user.is_staff = True
 user.save()
 EOF
-{
-  echo ""
-  echo "Netbox-Django-Credentials"
-  echo -e "Django User: \e[32m$DJANGO_USER\e[0m"
-  echo -e "Django Password: \e[32m$DJANGO_PASS\e[0m"
-} >>~/netbox.creds
+cat <<EOF >~/netbox.creds
+
+Netbox-Django-Credentials
+Django User: $DJANGO_USER
+Django Password: $DJANGO_PASS
+EOF
 msg_ok "Setup Django Admin"

 motd_ssh
@@ -59,10 +59,10 @@ EOF
 systemctl enable -q --now nightscout
 msg_ok "Created Service"

-{
-  echo "Nightscout Credentials"
-  echo "API_SECRET: ${API_SECRET}"
-} >> ~/nightscout.creds
+cat <<EOF >~/nightscout.creds
+Nightscout Credentials
+API_SECRET: ${API_SECRET}
+EOF

 motd_ssh
 customize
@@ -15,10 +15,10 @@ update_os

 msg_info "Installing Dependencies (Patience)"
 $STD apt install -y \
-  build-essential \
-  redis-server \
-  expect \
-  ca-certificates
+    build-essential \
+    redis-server \
+    expect \
+    ca-certificates
 msg_ok "Installed Dependencies"

 setup_mongodb
@@ -31,14 +31,14 @@ NODEBB_USER="nodebb"
 NODEBB_PWD="$(openssl rand -base64 18 | cut -c1-13)"
 MONGO_CONNECTION_STRING="mongodb://${NODEBB_USER}:${NODEBB_PWD}@localhost:27017/nodebb"
 NODEBB_SECRET=$(uuidgen)
-{
-  echo "NodeBB-Credentials"
-  echo "Mongo Database User: $MONGO_ADMIN_USER"
-  echo "Mongo Database Password: $MONGO_ADMIN_PWD"
-  echo "NodeBB User: $NODEBB_USER"
-  echo "NodeBB Password: $NODEBB_PWD"
-  echo "NodeBB Secret: $NODEBB_SECRET"
-} >>~/nodebb.creds
+cat <<EOF >~/nodebb.creds
+NodeBB-Credentials
+Mongo Database User: $MONGO_ADMIN_USER
+Mongo Database Password: $MONGO_ADMIN_PWD
+NodeBB User: $NODEBB_USER
+NodeBB Password: $NODEBB_PWD
+NodeBB Secret: $NODEBB_SECRET
+EOF

 $STD mongosh <<EOF
 use admin
@@ -42,12 +42,12 @@ $STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';"
 $STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;"
 $STD sudo -u postgres psql -c "ALTER DATABASE $DB_NAME OWNER TO $DB_USER;"
 $STD sudo -u postgres psql -c "ALTER USER $DB_USER WITH SUPERUSER;"
-{
-  echo "Odoo-Credentials"
-  echo -e "Odoo Database User: $DB_USER"
-  echo -e "Odoo Database Password: $DB_PASS"
-  echo -e "Odoo Database Name: $DB_NAME"
-} >>~/odoo.creds
+cat <<EOF >~/odoo.creds
+Odoo-Credentials
+Odoo Database User: $DB_USER
+Odoo Database Password: $DB_PASS
+Odoo Database Name: $DB_NAME
+EOF
 msg_ok "Setup PostgreSQL"

 msg_info "Configuring Odoo"
@@ -30,12 +30,12 @@ $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCO
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET default_transaction_isolation TO 'read committed';"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET timezone TO 'UTC'"
-{
-  echo "ONLYOFFICE-Credentials"
-  echo "ONLYOFFICE Database User: $DB_USER"
-  echo "ONLYOFFICE Database Password: $DB_PASS"
-  echo "ONLYOFFICE Database Name: $DB_NAME"
-} >>~/onlyoffice.creds
+cat <<EOF >~/onlyoffice.creds
+ONLYOFFICE-Credentials
+ONLYOFFICE Database User: $DB_USER
+ONLYOFFICE Database Password: $DB_PASS
+ONLYOFFICE Database Name: $DB_NAME
+EOF
 msg_ok "Set up Database"

 msg_info "Adding ONLYOFFICE GPG Key"
@@ -81,16 +81,13 @@ echo onlyoffice-documentserver onlyoffice/rabbitmq-pwd password $RMQ_PASS | debc
 echo onlyoffice-documentserver onlyoffice/jwt-enabled boolean true | debconf-set-selections
 echo onlyoffice-documentserver onlyoffice/jwt-secret password $JWT_SECRET | debconf-set-selections

-echo "RabbitMQ User: $RMQ_USER" >>~/onlyoffice.creds
-echo "RabbitMQ Password: $RMQ_PASS" >>~/onlyoffice.creds
-echo "JWT Secret: $JWT_SECRET" >>~/onlyoffice.creds
-{
-  echo ""
-  echo "ONLYOFFICE RabbitMQ Credentials"
-  echo "User: $RMQ_USER"
-  echo "Password: $RMQ_PASS"
-  echo "Secret: $JWT_SECRET"
-} >>~/onlyoffice.creds
+cat <<EOF >~/onlyoffice.creds
+
+ONLYOFFICE RabbitMQ Credentials
+User: $RMQ_USER
+Password: $RMQ_PASS
+Secret: $JWT_SECRET
+EOF
 msg_ok "Debconf Preconfiguration Done"

 msg_info "Installing ttf-mscorefonts-installer"
@@ -112,7 +112,7 @@ if grep -q 'authenticated' $PAPERCLIP_CONFIG; then
  PAPERCLIP_INVITE_URL=$(awk -F'Invite URL: ' '/Invite URL:/ {print $2; exit}' "$PAPERCLIP_BOOTSTRAP_LOG")
  PAPERCLIP_INVITE_EXPIRY=$(awk -F'Expires: ' '/Expires:/ {print $2; exit}' "$PAPERCLIP_BOOTSTRAP_LOG")
  if [[ -n "$PAPERCLIP_INVITE_URL" ]]; then
-    cat <<EOF >>~/paperclip.creds
+    cat <<EOF >~/paperclip.creds

 Paperclip Admin Invite
 Invite URL: ${PAPERCLIP_INVITE_URL}
@@ -56,12 +56,12 @@ curl -fsSL "https://raw.githubusercontent.com/paperless-ngx/paperless-ngx/main/p
 mkdir -p /opt/paperless_data/{consume,data,media,trash}
 mkdir -p /opt/paperless/static
 SECRET_KEY="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32)"
-{
-  echo ""
-  echo "Paperless-ngx Secret Key: $SECRET_KEY"
-  echo "Paperless-ngx WebUI User: admin"
-  echo "Paperless-ngx WebUI Password: $PG_DB_PASS"
-} >>~/paperless-ngx.creds
+cat <<EOF >~/paperless-ngx.creds
+
+Paperless-ngx Secret Key: $SECRET_KEY
+Paperless-ngx WebUI User: admin
+Paperless-ngx WebUI Password: $PG_DB_PASS
+EOF
 sed -i \
  -e 's|#PAPERLESS_REDIS=redis://localhost:6379|PAPERLESS_REDIS=redis://localhost:6379|' \
  -e "s|#PAPERLESS_CONSUMPTION_DIR=../consume|PAPERLESS_CONSUMPTION_DIR=/opt/paperless_data/consume|" \
@@ -30,11 +30,11 @@ $STD php bin/console cache:clear
 php bin/console doctrine:migrations:migrate -n >~/database-migration-output
 chown -R www-data:www-data /opt/partdb
 ADMIN_PASS=$(grep -oP 'The initial password for the "admin" user is: \K\w+' ~/database-migration-output)
-{
-  echo ""
-  echo "Part-DB Admin User: admin"
-  echo "Part-DB Admin Password: $ADMIN_PASS"
-} >>~/partdb.creds
+cat <<EOF >~/partdb.creds
+
+Part-DB Admin User: admin
+Part-DB Admin Password: $ADMIN_PASS
+EOF
 rm -rf ~/database-migration-output
 msg_ok "Installed Part-DB"

@@ -15,10 +15,10 @@ update_os

 msg_info "Installing Dependencies"
 $STD apt install -y \
-  git \
-  nginx \
-  redis-server \
-  cron
+    git \
+    nginx \
+    redis-server \
+    cron
 msg_ok "Installed Dependencies"

 setup_mariadb
@@ -35,12 +35,12 @@ mariadb-tzinfo-to-sql /usr/share/zoneinfo | mariadb mysql
 $STD mariadb -u root -e "CREATE DATABASE $DB_NAME;"
 $STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
 $STD mariadb -u root -e "GRANT ALL PRIVILEGES ON $DB_NAME.* TO '$DB_USER'@'localhost' WITH GRANT OPTION;"
-{
-  echo "Paymenter Database Credentials"
-  echo "Database: $DB_NAME"
-  echo "Username: $DB_USER"
-  echo "Password: $DB_PASS"
-} >>~/paymenter_db.creds
+cat <<EOF >~/paymenter_db.creds
+Paymenter Database Credentials
+Database: $DB_NAME
+Username: $DB_USER
+Password: $DB_PASS
+EOF
 cd /opt/paymenter
 cp .env.example .env
 $STD composer install --no-dev --optimize-autoloader --no-interaction
@@ -119,7 +119,7 @@ edns-packet-max=1232
 EOF

  if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
-    cat <<EOF >>/etc/unbound/unbound.conf.d/pi-hole.conf
+    cat <<EOF >/etc/unbound/unbound.conf.d/pi-hole.conf
  tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
 forward-zone:
  name: "."
@@ -15,21 +15,21 @@ update_os

 msg_info "Installing Dependencies"
 $STD apt install -y \
-  nginx \
-  build-essential \
-  libpq-dev \
-  libxml2-dev \
-  libxslt1-dev \
-  libxmlsec1-dev \
-  libxmlsec1-openssl \
-  pkg-config \
-  python3-dev \
-  python3-venv \
-  redis-server \
-  erlang-base \
-  erlang-{asn1,crypto,eldap,ftp,inets,mnesia,os-mon,parsetools} \
-  erlang-{public-key,runtime-tools,snmp,ssl,syntax-tools,tftp,tools,xmerl} \
-  rabbitmq-server
+    nginx \
+    build-essential \
+    libpq-dev \
+    libxml2-dev \
+    libxslt1-dev \
+    libxmlsec1-dev \
+    libxmlsec1-openssl \
+    pkg-config \
+    python3-dev \
+    python3-venv \
+    redis-server \
+    erlang-base \
+    erlang-{asn1,crypto,eldap,ftp,inets,mnesia,os-mon,parsetools} \
+    erlang-{public-key,runtime-tools,snmp,ssl,syntax-tools,tftp,tools,xmerl} \
+    rabbitmq-server
 msg_ok "Installed Dependencies"

 NODE_VERSION="24" NODE_MODULE="corepack" setup_nodejs
@@ -86,7 +86,7 @@ VITE_LIVE_BASE_URL=http://${LOCAL_IP}
 VITE_LIVE_BASE_PATH=/live"
 # Each Vite app needs its own .env for the build
 for app in web admin space; do
-  echo "$FRONTEND_ENV" >/opt/plane/apps/${app}/.env
+    echo "$FRONTEND_ENV" >/opt/plane/apps/${app}/.env
 done
 export NODE_OPTIONS="--max-old-space-size=4096"
 export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
@@ -271,14 +271,14 @@ WantedBy=multi-user.target
 EOF
 systemctl daemon-reload
 systemctl enable -q --now plane-api plane-worker plane-beat plane-live plane-space
-{
-  echo "RabbitMQ User: plane"
-  echo "RabbitMQ Password: ${RABBITMQ_PASS}"
-  echo "MinIO Access Key: ${MINIO_ACCESS_KEY}"
-  echo "MinIO Secret Key: ${MINIO_SECRET_KEY}"
-  echo "Secret Key: ${SECRET_KEY}"
-  echo "Config: /opt/plane/apps/api/.env"
-} >>~/plane.creds
+cat <<EOF >~/plane.creds
+RabbitMQ User: plane
+RabbitMQ Password: ${RABBITMQ_PASS}
+MinIO Access Key: ${MINIO_ACCESS_KEY}
+MinIO Secret Key: ${MINIO_SECRET_KEY}
+Secret Key: ${SECRET_KEY}
+Config: /opt/plane/apps/api/.env
+EOF
 msg_ok "Created Services and MinIO Bucket"

 msg_info "Configuring Nginx"
@@ -32,12 +32,12 @@ $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCO
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET default_transaction_isolation TO 'read committed';"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET timezone TO 'UTC'"
-{
-  echo "PLANKA DB Credentials"
-  echo "PLANKA Database User: $DB_USER"
-  echo "PLANKA Database Password: $DB_PASS"
-  echo "PLANKA Database Name: $DB_NAME"
-} >>~/planka.creds
+cat <<EOF >~/planka.creds
+PLANKA DB Credentials
+PLANKA Database User: $DB_USER
+PLANKA Database Password: $DB_PASS
+PLANKA Database Name: $DB_NAME
+EOF
 msg_ok "Set up PostgreSQL Database"

 fetch_and_deploy_gh_release "planka" "plankanban/planka" "prebuild" "latest" "/opt/planka" "planka-prebuild.zip"
@@ -67,14 +67,14 @@ echo "DEFAULT_ADMIN_NAME=$ADMIN_NAME" >>.env
 echo "DEFAULT_ADMIN_USERNAME=$ADMIN_USERNAME" >>.env
 $STD npm run db:seed
 sed -i '/# Temporary admin user creation settings/,$d' .env
-{
-  echo ""
-  echo "PLANKA Admin Credentials"
-  echo "Admin Email: $ADMIN_EMAIL"
-  echo "Admin Password: $ADMIN_PASSWORD"
-  echo "Admin Name: $ADMIN_NAME"
-  echo "Admin Username: $ADMIN_USERNAME"
-} >>~/planka.creds
+cat <<EOF >~/planka.creds
+
+PLANKA Admin Credentials
+Admin Email: $ADMIN_EMAIL
+Admin Password: $ADMIN_PASSWORD
+Admin Name: $ADMIN_NAME
+Admin Username: $ADMIN_USERNAME
+EOF
 msg_ok "Created Admin User"

 msg_info "Creating Service"
@@ -52,12 +52,12 @@ DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD mariadb -u root -e "CREATE DATABASE $DB_NAME;"
 $STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
 $STD mariadb -u root -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-{
-  echo "pterodactyl Panel-Credentials"
-  echo "pterodactyl Panel Database User: $DB_USER"
-  echo "pterodactyl Panel Database Password: $DB_PASS"
-  echo "pterodactyl Panel Database Name: $DB_NAME"
-} >>~/pterodactyl-panel.creds
+cat <<EOF >~/pterodactyl-panel.creds
+pterodactyl Panel-Credentials
+pterodactyl Panel Database User: $DB_USER
+pterodactyl Panel Database Password: $DB_PASS
+pterodactyl Panel Database Name: $DB_NAME
+EOF
 msg_ok "Set up MariaDB"

 read -p "${TAB3}Provide an email address for admin login, this should be a valid email address: " ADMIN_EMAIL
@@ -82,12 +82,12 @@ echo "* * * * * php /opt/pterodactyl-panel/artisan schedule:run >> /dev/null 2>&
 chown -R www-data:www-data /opt/pterodactyl-panel/*
 chmod -R 755 /opt/pterodactyl-panel/storage/* /opt/pterodactyl-panel/bootstrap/cache/
 ln -s /opt/pterodactyl-panel /var/www/pterodactyl
-{
-  echo ""
-  echo "pterodactyl Admin Username: admin"
-  echo "pterodactyl Admin Email: $ADMIN_EMAIL"
-  echo "pterodactyl Admin Password: $ADMIN_PASS"
-} >>~/pterodactyl-panel.creds
+cat <<EOF >~/pterodactyl-panel.creds
+
+pterodactyl Admin Username: admin
+pterodactyl Admin Email: $ADMIN_EMAIL
+pterodactyl Admin Password: $ADMIN_PASS
+EOF
 rm -rf "/opt/pterodactyl-panel/panel.tar.gz"
 rm -rf "/tmp/debsuryorg-archive-keyring.deb"
 echo "${RELEASE}" >/opt/"${APPLICATION}"_version.txt
@@ -24,11 +24,11 @@ msg_info "Setting up Radicale"
 cd /opt/radicale
 RNDPASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD htpasswd -c -b -5 /opt/radicale/users admin "$RNDPASS"
-{
-  echo "Radicale Credentials"
-  echo "Admin User: admin"
-  echo "Admin Password: $RNDPASS"
-} >>~/radicale.creds
+cat <<EOF >~/radicale.creds
+Radicale Credentials
+Admin User: admin
+Admin Password: $RNDPASS
+EOF

 mkdir -p /etc/radicale
 cat <<EOF >/etc/radicale/config
@@ -23,11 +23,11 @@ msg_info "Installing rclone"
 cd /opt/rclone
 RCLONE_PASSWORD=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD htpasswd -cb -B /opt/login.pwd admin "$RCLONE_PASSWORD"
-{
-  echo "rclone-Credentials"
-  echo "rclone User Name: admin"
-  echo "rclone Password: $RCLONE_PASSWORD"
-} >>~/rclone.creds
+cat <<EOF >~/rclone.creds
+rclone-Credentials
+rclone User Name: admin
+rclone Password: $RCLONE_PASSWORD
+EOF
 msg_ok "Installed rclone"

 msg_info "Creating Service"
@@ -27,18 +27,18 @@ while true; do
    echo -e "${TAB3}Do you accept the Splunk General Terms? (y/N): \c"
    read -r response
    case $response in
-        [Yy]|[Yy][Ee][Ss])
-            msg_ok "Terms accepted. Proceeding with installation..."
-            break
-            ;;
-        [Nn]|[Nn][Oo]|"")
-            msg_error "Terms not accepted. Installation cannot proceed."
-            msg_error "Please review the terms and run the script again if you wish to proceed."
-            exit 254
-            ;;
-        *)
-            msg_error "Invalid response. Please enter 'y' for yes or 'n' for no."
-            ;;
+    [Yy] | [Yy][Ee][Ss])
+        msg_ok "Terms accepted. Proceeding with installation..."
+        break
+        ;;
+    [Nn] | [Nn][Oo] | "")
+        msg_error "Terms not accepted. Installation cannot proceed."
+        msg_error "Please review the terms and run the script again if you wish to proceed."
+        exit 254
+        ;;
+    *)
+        msg_error "Invalid response. Please enter 'y' for yes or 'n' for no."
+        ;;
    esac
 done

@@ -59,13 +59,13 @@ msg_ok "Setup Splunk Enterprise v${RELEASE}"
 msg_info "Creating Splunk admin user"
 ADMIN_USER="admin"
 ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
-{
-    echo "Splunk-Credentials"
-    echo "Username: $ADMIN_USER"
-    echo "Password: $ADMIN_PASS"
-} >> ~/splunk.creds
+cat <<EOF >~/splunk.creds
+Splunk-Credentials
+Username: $ADMIN_USER
+Password: $ADMIN_PASS
+EOF

-cat << EOF > "/opt/splunk/etc/system/local/user-seed.conf"
+cat <<EOF >"/opt/splunk/etc/system/local/user-seed.conf"
 [user_info]
 USERNAME = $ADMIN_USER
 PASSWORD = $ADMIN_PASS
@@ -103,7 +103,7 @@ PATH=/opt/.venv/bin:/usr/lib/libreoffice/program:/usr/local/sbin:/usr/local/bin:
 EOF

 if [[ "$login_mode" == "true" ]]; then
-  cat <<EOF >>/opt/Stirling-PDF/.env
+  cat <<EOF >/opt/Stirling-PDF/.env
 # activate Login
 DISABLE_ADDITIONAL_FEATURES=false
 SECURITY_ENABLELOGIN=true
@@ -46,11 +46,11 @@ NODE_ENV=production
 NEXT_TELEMETRY_DISABLED=1
 EOF
 mkdir -p /opt/storyteller/data
-{
-  echo "Storyteller Credentials"
-  echo "======================="
-  echo "Secret Key: ${STORYTELLER_SECRET_KEY}"
-} >~/storyteller.creds
+cat <<EOF >~/storyteller.creds
+Storyteller Credentials
+=======================
+Secret Key: ${STORYTELLER_SECRET_KEY}
+EOF
 msg_ok "Set up Storyteller"

 msg_info "Building Storyteller"
@@ -106,13 +106,13 @@ TZ=UTC
 PYTHONUNBUFFERED=1
 YTDLP_PLUGIN_DIRS=/opt/yt_plugins
 EOF
-{
-  echo "Tube Archivist Credentials"
-  echo "=========================="
-  echo "Username: admin"
-  echo "Password: ${TA_PASSWORD}"
-  echo "Elasticsearch Password: ${ES_PASSWORD}"
-} >~/tubearchivist.creds
+cat <<EOF >~/tubearchivist.creds
+Tube Archivist Credentials
+==========================
+Username: admin
+Password: ${TA_PASSWORD}
+Elasticsearch Password: ${ES_PASSWORD}
+EOF
 systemctl enable -q --now redis-server
 msg_ok "Set up Tube Archivist"

@@ -38,13 +38,13 @@ $STD apt-get install -y twingate-connector
 msg_ok "Setup Twingate Connector"

 msg_info "Configure Twingate-Connector"
-{
-  echo "TWINGATE_NETWORK=${network}"
-  echo "TWINGATE_ACCESS_TOKEN=${access_token}"
-  echo "TWINGATE_REFRESH_TOKEN=${refresh_token}"
-  echo "TWINGATE_LABEL_HOSTNAME=$(hostname)"
-  echo "TWINGATE_LABEL_DEPLOYED_BY=proxmox"
-} >/etc/twingate/connector.conf
+cat <<EOF >/etc/twingate/connector.conf
+TWINGATE_NETWORK=${network}
+TWINGATE_ACCESS_TOKEN=${access_token}
+TWINGATE_REFRESH_TOKEN=${refresh_token}
+TWINGATE_LABEL_HOSTNAME=$(hostname)
+TWINGATE_LABEL_DEPLOYED_BY=proxmox
+EOF
 chmod 600 /etc/twingate/connector.conf
 msg_ok "Configured Twingate-Connector"

@@ -19,7 +19,7 @@ $STD apt install -y valkey openssl
 sed -i 's/^bind .*/bind 0.0.0.0/' /etc/valkey/valkey.conf

 PASS="$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9' | head -c32)"
-echo "requirepass $PASS" >> /etc/valkey/valkey.conf
+echo "requirepass $PASS" >>/etc/valkey/valkey.conf
 echo "$PASS" >~/valkey.creds
 chmod 600 ~/valkey.creds

@@ -27,11 +27,11 @@ MEMTOTAL_MB=$(free -m | grep ^Mem: | awk '{print $2}')
 # reserve 25% of a node type's maxmemory value for system use
 MAXMEMORY_MB=$((MEMTOTAL_MB * 75 / 100))

-echo "" >> /etc/valkey/valkey.conf
-echo "# Memory-optimized settings for small-scale deployments" >> /etc/valkey/valkey.conf
-echo "maxmemory ${MAXMEMORY_MB}mb" >> /etc/valkey/valkey.conf
-echo "maxmemory-policy allkeys-lru" >> /etc/valkey/valkey.conf
-echo "maxmemory-samples 10" >> /etc/valkey/valkey.conf
+echo "" >>/etc/valkey/valkey.conf
+echo "# Memory-optimized settings for small-scale deployments" >>/etc/valkey/valkey.conf
+echo "maxmemory ${MAXMEMORY_MB}mb" >>/etc/valkey/valkey.conf
+echo "maxmemory-policy allkeys-lru" >>/etc/valkey/valkey.conf
+echo "maxmemory-samples 10" >>/etc/valkey/valkey.conf
 msg_ok "Installed Valkey"

 echo
@@ -47,26 +47,26 @@ if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
    chown valkey:valkey "$TLS_CERT" "$TLS_KEY"

    if [[ ${tls_only,,} =~ ^(y|yes)$ ]]; then
-    {
-      echo ""
-      echo "# TLS configuration generated by Proxmox VE Valkey helper-script"
-      echo "port 0"
-      echo "tls-port 6379"
-      echo "tls-cert-file $TLS_DIR/valkey.crt"
-      echo "tls-key-file $TLS_DIR/valkey.key"
-      echo "tls-auth-clients no"
-    } >> /etc/valkey/valkey.conf
-    msg_ok "Enabled TLS-only mode on port 6379"
+        cat <<EOF >/etc/valkey/valkey.conf
+
+# TLS configuration generated by Proxmox VE Valkey helper-script
+port 0
+tls-port 6379
+tls-cert-file $TLS_DIR/valkey.crt
+tls-key-file $TLS_DIR/valkey.key
+tls-auth-clients no
+EOF
+        msg_ok "Enabled TLS-only mode on port 6379"
    else
-    {
-      echo ""
-      echo "# TLS configuration generated by Proxmox VE Valkey helper-script"
-      echo "tls-port 6380"
-      echo "tls-cert-file $TLS_DIR/valkey.crt"
-      echo "tls-key-file $TLS_DIR/valkey.key"
-      echo "tls-auth-clients no"
-    } >> /etc/valkey/valkey.conf
-    msg_ok "Enabled TLS on port 6380 and TCP on 6379"
+        cat <<EOF >/etc/valkey/valkey.conf
+
+# TLS configuration generated by Proxmox VE Valkey helper-script
+tls-port 6380
+tls-cert-file $TLS_DIR/valkey.crt
+tls-key-file $TLS_DIR/valkey.key
+tls-auth-clients no
+EOF
+        msg_ok "Enabled TLS on port 6380 and TCP on 6379"
    fi
 fi

@@ -35,14 +35,14 @@ $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_ADMIN_USER;"
 $STD sudo -u postgres psql -d "$DB_NAME" -c "GRANT USAGE ON SCHEMA public TO $DB_USER;"
 $STD sudo -u postgres psql -d "$DB_NAME" -c "GRANT CREATE ON SCHEMA public TO $DB_USER;"
 $STD sudo -u postgres psql -d "$DB_NAME" -c "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO $DB_USER;"
-{
-    echo "Application Credentials"
-    echo "DB_NAME: $DB_NAME"
-    echo "DB_USER: $DB_USER"
-    echo "DB_PASS: $DB_PASS"
-    echo "DB_ADMIN_USER: $DB_ADMIN_USER"
-    echo "DB_ADMIN_PASS: $DB_ADMIN_PASS"
-} >>~/warracker.creds
+cat <<EOF >~/warracker.creds
+Application Credentials
+DB_NAME: $DB_NAME
+DB_USER: $DB_USER
+DB_PASS: $DB_PASS
+DB_ADMIN_USER: $DB_ADMIN_USER
+DB_ADMIN_PASS: $DB_ADMIN_PASS
+EOF
 msg_ok "Setup PostgreSQL"

 fetch_and_deploy_gh_release "warracker" "sassanix/Warracker" "tarball" "latest" "/opt/warracker"
@@ -63,7 +63,7 @@ $STD sudo -u www-data php /opt/webtrees/index.php user Admin \
  --password="${WT_ADMIN_PASS}"
 $STD sudo -u www-data php /opt/webtrees/index.php user-setting Admin canadmin 1

-cat <<EOF >>~/webtrees.creds
+cat <<EOF >~/webtrees.creds

 Webtrees Admin User: Admin
 Webtrees Admin Password: ${WT_ADMIN_PASS}
@@ -24,11 +24,11 @@ msg_info "Setting up YT-DLP-WEBUI"
 mkdir -p /opt/yt-dlp-webui
 mkdir /downloads
 RPC_PASSWORD=$(openssl rand -base64 16)
-{
-  echo "yt-dlp-webui-Credentials"
-  echo "Username: admin"
-  echo "Password: ${RPC_PASSWORD}"
-} >>~/yt-dlp-webui.creds
+cat <<EOF >~/yt-dlp-webui.creds
+yt-dlp-webui-Credentials
+Username: admin
+Password: ${RPC_PASSWORD}
+EOF

 cat <<EOF >/opt/yt-dlp-webui/config.conf
 # Host where server will listen at (default: "0.0.0.0")
@@ -30,7 +30,7 @@ setup_deb822_repo \
 $STD apt install -y elasticsearch
 sed -i 's/^#\{0,2\} *-Xms[0-9]*g.*/-Xms2g/' /etc/elasticsearch/jvm.options
 sed -i 's/^#\{0,2\} *-Xmx[0-9]*g.*/-Xmx2g/' /etc/elasticsearch/jvm.options
-cat <<EOF >>/etc/elasticsearch/elasticsearch.yml
+cat <<EOF >/etc/elasticsearch/elasticsearch.yml
 discovery.type: single-node
 xpack.security.enabled: false
 bootstrap.memory_lock: false
@@ -29,14 +29,14 @@ systemctl start postgresql
 $STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';"
 $STD sudo -u postgres psql -c "CREATE USER $DB_ADMIN_USER WITH PASSWORD '$DB_ADMIN_PASS' SUPERUSER;"
 $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_ADMIN_USER;"
-{
-  echo "Application Credentials"
-  echo "DB_NAME: $DB_NAME"
-  echo "DB_USER: $DB_USER"
-  echo "DB_PASS: $DB_PASS"
-  echo "DB_ADMIN_USER: $DB_ADMIN_USER"
-  echo "DB_ADMIN_PASS: $DB_ADMIN_PASS"
-} >>~/zitadel.creds
+cat <<EOF >~/zitadel.creds
+Application Credentials
+DB_NAME: $DB_NAME
+DB_USER: $DB_USER
+DB_PASS: $DB_PASS
+DB_ADMIN_USER: $DB_ADMIN_USER
+DB_ADMIN_PASS: $DB_ADMIN_PASS
+EOF
 msg_ok "Installed PostgreSQL"

 fetch_and_deploy_gh_release "zitadel" "zitadel/zitadel" "prebuild" "latest" "/usr/local/bin" "zitadel-linux-$(arch_resolve).tar.gz"
@@ -45,10 +45,10 @@ msg_info "Setting up Zitadel Environments"
 mkdir -p /opt/zitadel
 echo "/opt/zitadel/config.yaml" >"/opt/zitadel/.config"
 head -c 32 < <(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9') >"/opt/zitadel/.masterkey"
-{
-  echo "Config location: $(cat "/opt/zitadel/.config")"
-  echo "Masterkey: $(cat "/opt/zitadel/.masterkey")"
-} >>~/zitadel.creds
+cat <<EOF >~/zitadel.creds
+Config location: $(cat "/opt/zitadel/.config")
+Masterkey: $(cat "/opt/zitadel/.masterkey")
+EOF
 cat <<EOF >/opt/zitadel/config.yaml
 Port: 8080
 ExternalPort: 8080
@@ -24,11 +24,11 @@ mkdir -p /etc/zot
 curl -fsSL https://raw.githubusercontent.com/project-zot/zot/refs/heads/main/examples/config-ui.json -o /etc/zot/config.json
 ZOTPASSWORD=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD htpasswd -b -B -c /etc/zot/htpasswd admin "$ZOTPASSWORD"
-{
-  echo "Zot-Credentials"
-  echo "Zot User: admin"
-  echo "Zot Password: $ZOTPASSWORD"
-} >>~/zot.creds
+cat <<EOF >~/zot.creds
+Zot-Credentials
+Zot User: admin
+Zot Password: $ZOTPASSWORD
+EOF
 msg_ok "Configured Zot Registry"

 msg_info "Setup Service"