merge: resolve conflicts with main branch

2025-12-14 11:13:27 +01:00 · 2025-12-08 13:56:41 +01:00
parent 38ea7dbba2 a748be9a1f
commit 737e28d223
20 changed files with 289 additions and 192 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -10,6 +10,16 @@
 > [!CAUTION]
 Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit the project's popularity for potentially malicious purposes.
 ## 2025-12-08
 ### 🚀 Updated Scripts
  - typo: tandoor instead of trandoor [@Neonize](https://github.com/Neonize) ([#9771](https://github.com/community-scripts/ProxmoxVE/pull/9771))
  - #### ✨ New Features
    - feat: Add var_gpu flag for GPU passthrough configuration [@MickLesk](https://github.com/MickLesk) ([#9764](https://github.com/community-scripts/ProxmoxVE/pull/9764))
 ## 2025-12-07
 ### 🚀 Updated Scripts
--- a/ct/channels.sh
+++ b/ct/channels.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-8}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-12}"
 var_unprivileged="${var_unprivileged:-0}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
@ -38,4 +39,4 @@ description
 msg_ok "Completed Successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8089${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8089${CL}"
--- a/ct/emby.sh
+++ b/ct/emby.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-8}"
 var_os="${var_os:-ubuntu}"
 var_version="${var_version:-24.04}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/ersatztv.sh
+++ b/ct/ersatztv.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-5}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-12}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/fileflows.sh
+++ b/ct/fileflows.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-8}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-12}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/frigate.sh
+++ b/ct/frigate.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-20}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-11}"
 var_unprivileged="${var_unprivileged:-0}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
@ -38,4 +39,4 @@ description
 msg_ok "Completed Successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:5000${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:5000${CL}"
--- a/ct/immich.sh
+++ b/ct/immich.sh
@ -13,6 +13,7 @@ var_ram="${var_ram:-4096}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/jellyfin.sh
+++ b/ct/jellyfin.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-16}"
 var_os="${var_os:-ubuntu}"
 var_version="${var_version:-24.04}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/ollama.sh
+++ b/ct/ollama.sh
@ -12,6 +12,7 @@ var_ram="${var_ram:-4096}"
 var_disk="${var_disk:-35}"
 var_os="${var_os:-ubuntu}"
 var_version="${var_version:-24.04}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/openwebui.sh
+++ b/ct/openwebui.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-25}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/plex.sh
+++ b/ct/plex.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-8}"
 var_os="${var_os:-ubuntu}"
 var_version="${var_version:-24.04}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
@ -23,8 +24,8 @@ function update_script() {
  header_info
  check_container_storage
  check_container_resources
-  if [[ ! -f /etc/apt/sources.list.d/plexmediaserver.list ]] \
+  if [[ ! -f /etc/apt/sources.list.d/plexmediaserver.list ]] &&
-   && [[ ! -f /etc/apt/sources.list.d/plexmediaserver.sources ]]; then
+    [[ ! -f /etc/apt/sources.list.d/plexmediaserver.sources ]]; then
    msg_error "No ${APP} Installation Found!"
    exit
  fi
--- a/ct/tandoor.sh
+++ b/ct/tandoor.sh
@ -65,7 +65,7 @@ EOF
    $STD /opt/tandoor/.venv/bin/python manage.py migrate
    $STD /opt/tandoor/.venv/bin/python manage.py collectstatic --no-input
    rm -rf /opt/tandoor.bak
-    msg_ok "Updated Trandoor"
+    msg_ok "Updated Tandoor"
    msg_info "Starting Service"
    systemctl start tandoor
--- a/ct/tdarr.sh
+++ b/ct/tdarr.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-4}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/tunarr.sh
+++ b/ct/tunarr.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-5}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/unmanic.sh
+++ b/ct/unmanic.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-4}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-0}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/docs/TECHNICAL_REFERENCE.md
+++ b/docs/TECHNICAL_REFERENCE.md
@ -1,8 +1,8 @@
 # Technical Reference: Configuration System Architecture
 > **For Developers and Advanced Users**
-> 
+>
-> *Deep dive into how the defaults and configuration system works*
+> _Deep dive into how the defaults and configuration system works_
 ---
@ -123,13 +123,13 @@ VAR_VALUE  := [^\n]*  # Any printable characters except newline
 **Constraints**:
-| Constraint | Value |
+| Constraint        | Value                    |
-|-----------|-------|
+| ----------------- | ------------------------ |
-| Max file size | 64 KB |
+| Max file size     | 64 KB                    |
-| Max line length | 1024 bytes |
+| Max line length   | 1024 bytes               |
-| Max variables | 100 |
+| Max variables     | 100                      |
-| Allowed var names | `var_[a-z_]+` |
+| Allowed var names | `var_[a-z_]+`            |
-| Value validation | Whitelist + Sanitization |
+| Value validation  | Whitelist + Sanitization |
 **Example Valid File**:
@ -206,21 +206,24 @@ var_tags=dns,pihole
 **Purpose**: Safely load variables from .vars files without using `source` or `eval`
 **Signature**:
 ```bash
 load_vars_file(filepath)
 ```
 **Parameters**:
-| Param | Type | Required | Example |
+| Param    | Type   | Required | Example                                     |
-|-------|------|----------|---------|
+| -------- | ------ | -------- | ------------------------------------------- |
-| filepath | String | Yes | `/usr/local/community-scripts/default.vars` |
+| filepath | String | Yes      | `/usr/local/community-scripts/default.vars` |
 **Returns**:
 - `0` on success
 - `1` on error (file missing, parse error, etc.)
 **Environment Side Effects**:
 - Sets all parsed `var_*` variables as shell variables
 - Does NOT unset variables if file missing (safe)
 - Does NOT affect other variables
@ -230,25 +233,25 @@ load_vars_file(filepath)
 ```bash
 load_vars_file() {
  local file="$1"
-  
+
  # File must exist
  [ -f "$file" ] || return 0
-  
+
  # Parse line by line (not with source/eval)
  local line key val
  while IFS='=' read -r key val || [ -n "$key" ]; do
    # Skip comments and empty lines
    [[ "$key" =~ ^[[:space:]]*# ]] && continue
    [[ -z "$key" ]] && continue
-    
+
    # Validate key is in whitelist
    _is_whitelisted_key "$key" || continue
-    
+
    # Sanitize and export value
    val="$(_sanitize_value "$val")"
    [ $? -eq 0 ] && export "$key=$val"
  done < "$file"
-  
+
  return 0
 }
 ```
@ -281,6 +284,7 @@ echo "Allocating ${var_ram} MB RAM"
 **Purpose**: Get the full path for app-specific defaults file
 **Signature**:
 ```bash
 get_app_defaults_path()
 ```
@ -288,6 +292,7 @@ get_app_defaults_path()
 **Parameters**: None
 **Returns**:
 - String: Full path to app defaults file
 **Implementation**:
@ -322,6 +327,7 @@ load_vars_file "$(get_app_defaults_path)"
 **Purpose**: Load and display user global defaults
 **Signature**:
 ```bash
 default_var_settings()
 ```
@ -329,6 +335,7 @@ default_var_settings()
 **Parameters**: None
 **Returns**:
 - `0` on success
 - `1` on error
@ -337,15 +344,15 @@ default_var_settings()
 ```
 1. Find default.vars location
   (usually /usr/local/community-scripts/default.vars)
-   
+
 2. Create if missing
-   
+
 3. Load variables from file
-   
+
 4. Map var_verbose → VERBOSE variable
-   
+
 5. Call base_settings (apply to container config)
-   
+
 6. Call echo_default (display summary)
 ```
@ -354,20 +361,20 @@ default_var_settings()
 ```bash
 default_var_settings() {
  local VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu
    var_gateway var_hostname var_ipv6_method var_mac var_mtu
    var_net var_ns var_pw var_ram var_tags var_tun var_unprivileged
    var_verbose var_vlan var_ssh var_ssh_authorized_key
    var_container_storage var_template_storage
  )
-  
+
  # Ensure file exists
  _ensure_default_vars
-  
+
  # Find and load
  local dv="$(_find_default_vars)"
  load_vars_file "$dv"
-  
+
  # Map verbose flag
  if [[ -n "${var_verbose:-}" ]]; then
    case "${var_verbose,,}" in
@ -375,7 +382,7 @@ default_var_settings() {
      *) VERBOSE="${var_verbose}" ;;
    esac
  fi
-  
+
  # Apply and display
  base_settings "$VERBOSE"
  echo_default
@ -389,6 +396,7 @@ default_var_settings() {
 **Purpose**: Offer to save current settings as app-specific defaults
 **Signature**:
 ```bash
 maybe_offer_save_app_defaults()
 ```
@ -413,10 +421,10 @@ maybe_offer_save_app_defaults()
 ```bash
 maybe_offer_save_app_defaults() {
  local app_vars_path="$(get_app_defaults_path)"
-  
+
  # Build current settings from memory
  local new_tmp="$(_build_current_app_vars_tmp)"
-  
+
  # Check if already exists
  if [ -f "$app_vars_path" ]; then
    # Show diff and ask: Update? Keep? View Diff?
@ -438,29 +446,31 @@ maybe_offer_save_app_defaults() {
 **Purpose**: Remove dangerous characters/patterns from configuration values
 **Signature**:
 ```bash
 _sanitize_value(value)
 ```
 **Parameters**:
-| Param | Type | Required |
+| Param | Type   | Required |
-|-------|------|----------|
+| ----- | ------ | -------- |
-| value | String | Yes |
+| value | String | Yes      |
 **Returns**:
 - `0` (success) + sanitized value on stdout
 - `1` (failure) + nothing if dangerous
 **Dangerous Patterns**:
-| Pattern | Threat | Example |
+| Pattern   | Threat               | Example              |
-|---------|--------|---------|
+| --------- | -------------------- | -------------------- |
-| `$(...)` | Command substitution | `$(rm -rf /)` |
+| `$(...)`  | Command substitution | `$(rm -rf /)`        |
-| `` ` ` `` | Command substitution | `` `whoami` `` |
+| `` ` ` `` | Command substitution | `` `whoami` ``       |
-| `;` | Command separator | `value; rm -rf /` |
+| `;`       | Command separator    | `value; rm -rf /`    |
-| `&` | Background execution | `value & malicious` |
+| `&`       | Background execution | `value & malicious`  |
-| `<(` | Process substitution | `<(cat /etc/passwd)` |
+| `<(`      | Process substitution | `<(cat /etc/passwd)` |
 **Implementation**:
@ -501,17 +511,19 @@ fi
 **Purpose**: Check if variable name is in allowed whitelist
 **Signature**:
 ```bash
 _is_whitelisted_key(key)
 ```
 **Parameters**:
-| Param | Type | Required | Example |
+| Param | Type   | Required | Example   |
-|-------|------|----------|---------|
+| ----- | ------ | -------- | --------- |
-| key | String | Yes | `var_cpu` |
+| key   | String | Yes      | `var_cpu` |
 **Returns**:
 - `0` if key is whitelisted
 - `1` if key is NOT whitelisted
@ -573,6 +585,7 @@ Step 4: Use BUILT-IN DEFAULTS
 ### Precedence Examples
 **Example 1: Environment Variable Wins**
 ```bash
 # Shell environment has highest priority
 $ export var_cpu=16
@ -583,6 +596,7 @@ $ bash pihole-install.sh
 ```
 **Example 2: App Defaults Override User Defaults**
 ```bash
 # User Defaults: var_cpu=4
 # App Defaults: var_cpu=2
@ -593,6 +607,7 @@ $ bash pihole-install.sh
 ```
 **Example 3: All Defaults Missing (Built-ins Used)**
 ```bash
 # No environment variables set
 # No app defaults file
@ -611,21 +626,21 @@ $ bash pihole-install.sh
 base_settings() {
  # Priority 1: Environment variables (already set if export used)
  CT_TYPE=${var_unprivileged:-"1"}          # Use existing or default
-  
+
  # Priority 2: Load app defaults (may override above)
  if [ -f "$(get_app_defaults_path)" ]; then
    load_vars_file "$(get_app_defaults_path)"
  fi
-  
+
  # Priority 3: Load user defaults
  if [ -f "/usr/local/community-scripts/default.vars" ]; then
    load_vars_file "/usr/local/community-scripts/default.vars"
  fi
-  
+
  # Priority 4: Apply built-in defaults (lowest)
  CORE_COUNT=${var_cpu:-"${APP_CPU_DEFAULT:-2}"}
  RAM_SIZE=${var_ram:-"${APP_RAM_DEFAULT:-1024}"}
-  
+
  # Result: var_cpu has been set through precedence chain
 }
 ```
@ -734,14 +749,14 @@ CONTAINER CREATION STARTED
 ### Threat Model
-| Threat | Mitigation |
+| Threat                       | Mitigation                                        |
-|--------|-----------|
+| ---------------------------- | ------------------------------------------------- |
-| **Arbitrary Code Execution** | No `source` or `eval`; manual parsing only |
+| **Arbitrary Code Execution** | No `source` or `eval`; manual parsing only        |
-| **Variable Injection** | Whitelist of allowed variable names |
+| **Variable Injection**       | Whitelist of allowed variable names               |
-| **Command Substitution** | `_sanitize_value()` blocks `$()`, backticks, etc. |
+| **Command Substitution**     | `_sanitize_value()` blocks `$()`, backticks, etc. |
-| **Path Traversal** | Files locked to `/usr/local/community-scripts/` |
+| **Path Traversal**           | Files locked to `/usr/local/community-scripts/`   |
-| **Permission Escalation** | Files created with restricted permissions |
+| **Permission Escalation**    | Files created with restricted permissions         |
-| **Information Disclosure** | Sensitive variables not logged |
+| **Information Disclosure**   | Sensitive variables not logged                    |
 ### Security Controls
@ -798,6 +813,7 @@ fi
 ### Module: `build.func`
 **Load Order** (in actual scripts):
 1. `#!/usr/bin/env bash` - Shebang
 2. `source /dev/stdin <<<$(curl ... api.func)` - API functions
 3. `source /dev/stdin <<<$(curl ... build.func)` - Build functions
@ -832,17 +848,17 @@ fi
 # Section 6: Installation Flow
 - install_script()         # Main entry point
- advanced_settings()      # 19-step wizard
+- advanced_settings()      # 20-step wizard
 ```
 ### Regex Patterns Used
-| Pattern | Purpose | Example Match |
+| Pattern                | Purpose               | Example Match           |
-|---------|---------|---|
+| ---------------------- | --------------------- | ----------------------- |
-| `^[0-9]+([.][0-9]+)?$` | Integer validation | `4`, `192.168` |
+| `^[0-9]+([.][0-9]+)?$` | Integer validation    | `4`, `192.168`          |
-| `^var_[a-z_]+$` | Variable name | `var_cpu`, `var_ssh` |
+| `^var_[a-z_]+$`        | Variable name         | `var_cpu`, `var_ssh`    |
-| `*'$('*` | Command substitution | `$(whoami)` |
+| `*'$('*`               | Command substitution  | `$(whoami)`             |
-| `*\`*` | Backtick substitution | `` `cat /etc/passwd` `` |
+| `*\`\*`                | Backtick substitution | `` `cat /etc/passwd` `` |
 ---
@ -869,12 +885,12 @@ fi
 ### Function Mapping
-| Old | New | Location |
+| Old              | New                               | Location   |
-|-----|-----|----------|
+| ---------------- | --------------------------------- | ---------- |
-| `read_config()` | `load_vars_file()` | build.func |
+| `read_config()`  | `load_vars_file()`                | build.func |
-| `write_config()` | `_build_current_app_vars_tmp()` | build.func |
+| `write_config()` | `_build_current_app_vars_tmp()`   | build.func |
-| None | `maybe_offer_save_app_defaults()` | build.func |
+| None             | `maybe_offer_save_app_defaults()` | build.func |
-| None | `get_app_defaults_path()` | build.func |
+| None             | `get_app_defaults_path()`         | build.func |
 ---
--- a/docs/misc/build.func/BUILD_FUNC_ENVIRONMENT_VARIABLES.md
+++ b/docs/misc/build.func/BUILD_FUNC_ENVIRONMENT_VARIABLES.md
@ -80,12 +80,32 @@ This document provides a comprehensive reference of all environment variables us
 ### GPU Passthrough Variables
-| Variable          | Description                   | Default | Set In               | Used In         |
+| Variable     | Description                     | Default | Set In                                      | Used In            |
-| ----------------- | ----------------------------- | ------- | -------------------- | --------------- |
+| ------------ | ------------------------------- | ------- | ------------------------------------------- | ------------------ |
-| `GPU_APPS`        | List of apps that support GPU | -       | Environment          | GPU detection   |
+| `var_gpu`    | Enable GPU passthrough          | "no"    | CT script / Environment / Advanced Settings | GPU passthrough    |
-| `var_gpu`         | GPU selection                 | -       | User input           | GPU passthrough |
+| `ENABLE_GPU` | GPU passthrough flag (internal) | "no"    | Advanced Settings                           | Container creation |
-| `var_gpu_type`    | GPU type (intel/amd/nvidia)   | -       | detect_gpu_devices() | GPU passthrough |
+
-| `var_gpu_devices` | GPU device list               | -       | detect_gpu_devices() | GPU passthrough |
+**Note**: GPU passthrough is controlled via `var_gpu`. Apps that benefit from GPU acceleration (media servers, AI/ML, transcoding) have `var_gpu=yes` as default in their CT scripts.
 **Apps with GPU enabled by default**:
 - Media: jellyfin, plex, emby, channels, ersatztv, tunarr, immich
 - Transcoding: tdarr, unmanic, fileflows
 - AI/ML: ollama, openwebui
 - NVR: frigate
 **Usage Examples**:
 ```bash
 # Disable GPU for a specific installation
 var_gpu=no bash -c "$(curl -fsSL https://...jellyfin.sh)"
 # Enable GPU for apps without default GPU support
 var_gpu=yes bash -c "$(curl -fsSL https://...debian.sh)"
 # Set in default.vars for all apps
 echo "var_gpu=yes" >> /usr/local/community-scripts/default.vars
 ```
 ### API and Diagnostics Variables
--- a/frontend/public/json/versions.json
+++ b/frontend/public/json/versions.json
@ -1,4 +1,39 @@
 [
  {
    "name": "openobserve/openobserve",
    "version": "v0.30.0-rc1",
    "date": "2025-12-08T11:46:24Z"
  },
  {
    "name": "ventoy/Ventoy",
    "version": "v1.1.08",
    "date": "2025-12-08T10:13:51Z"
  },
  {
    "name": "zitadel/zitadel",
    "version": "v4.7.1",
    "date": "2025-12-08T10:05:21Z"
  },
  {
    "name": "meilisearch/meilisearch",
    "version": "latest",
    "date": "2025-12-08T09:36:54Z"
  },
  {
    "name": "WGDashboard/WGDashboard",
    "version": "v4.3.0.2",
    "date": "2025-12-08T09:01:37Z"
  },
  {
    "name": "mattermost/mattermost",
    "version": "v10.11.8",
    "date": "2025-11-21T17:06:07Z"
  },
  {
    "name": "nzbgetcom/nzbget",
    "version": "v25.4",
    "date": "2025-10-09T10:27:01Z"
  },
  {
    "name": "morpheus65535/bazarr",
    "version": "v1.5.3",
@ -6,8 +41,63 @@
  },
  {
    "name": "Jackett/Jackett",
-    "version": "v0.24.415",
+    "version": "v0.24.420",
-    "date": "2025-12-07T05:56:32Z"
+    "date": "2025-12-08T05:55:34Z"
  },
  {
    "name": "firefly-iii/firefly-iii",
    "version": "v6.4.9",
    "date": "2025-11-28T20:36:20Z"
  },
  {
    "name": "documenso/documenso",
    "version": "v2.2.0",
    "date": "2025-12-08T03:33:34Z"
  },
  {
    "name": "chrisbenincasa/tunarr",
    "version": "v0.23.0-alpha.31",
    "date": "2025-12-08T02:39:59Z"
  },
  {
    "name": "jeedom/core",
    "version": "4.5",
    "date": "2025-12-08T00:27:05Z"
  },
  {
    "name": "steveiliop56/tinyauth",
    "version": "v4.1.0",
    "date": "2025-11-23T12:13:34Z"
  },
  {
    "name": "maxdorninger/MediaManager",
    "version": "v1.10.0",
    "date": "2025-12-07T23:41:51Z"
  },
  {
    "name": "Part-DB/Part-DB-server",
    "version": "v2.3.0",
    "date": "2025-12-07T21:58:43Z"
  },
  {
    "name": "traccar/traccar",
    "version": "v6.11.1",
    "date": "2025-12-07T19:19:08Z"
  },
  {
    "name": "keycloak/keycloak",
    "version": "26.4.7",
    "date": "2025-12-01T08:14:11Z"
  },
  {
    "name": "seerr-team/seerr",
    "version": "preview-test-fix-subscriptions",
    "date": "2025-12-07T14:31:55Z"
  },
  {
    "name": "bluenviron/mediamtx",
    "version": "v1.15.5",
    "date": "2025-12-07T12:24:21Z"
  },
  {
    "name": "BerriAI/litellm",
@ -19,31 +109,11 @@
    "version": "v2.20.1",
    "date": "2025-12-07T01:14:23Z"
  },
  {
    "name": "steveiliop56/tinyauth",
    "version": "v4.1.0",
    "date": "2025-11-23T12:13:34Z"
  },
  {
    "name": "jeedom/core",
    "version": "4.5",
    "date": "2025-12-07T00:27:06Z"
  },
  {
    "name": "seerr-team/seerr",
    "version": "preview-test-fix-subscriptions",
    "date": "2025-12-06T22:36:36Z"
  },
  {
    "name": "sysadminsmedia/homebox",
    "version": "v0.22.0-rc.2",
    "date": "2025-12-06T21:24:28Z"
  },
  {
    "name": "keycloak/keycloak",
    "version": "26.4.7",
    "date": "2025-12-01T08:14:11Z"
  },
  {
    "name": "Koenkk/zigbee2mqtt",
    "version": "2.7.1",
@ -94,11 +164,6 @@
    "version": "v0.87",
    "date": "2025-12-06T07:36:26Z"
  },
  {
    "name": "firefly-iii/firefly-iii",
    "version": "v6.4.9",
    "date": "2025-11-28T20:36:20Z"
  },
  {
    "name": "tobychui/zoraxy",
    "version": "v3.3.0",
@ -119,11 +184,6 @@
    "version": "v2.1.1",
    "date": "2025-12-05T23:48:08Z"
  },
  {
    "name": "chrisbenincasa/tunarr",
    "version": "v0.23.0-alpha.30",
    "date": "2025-12-05T21:23:38Z"
  },
  {
    "name": "home-assistant/core",
    "version": "2025.12.1",
@ -184,11 +244,6 @@
    "version": "2025.11.4",
    "date": "2025-12-05T03:54:58Z"
  },
  {
    "name": "documenso/documenso",
    "version": "v2.2.4",
    "date": "2025-12-05T01:23:23Z"
  },
  {
    "name": "transmission/transmission",
    "version": "4.0.1-beta.1",
@ -284,11 +339,6 @@
    "version": "v25.11.5",
    "date": "2025-12-03T14:51:03Z"
  },
  {
    "name": "meilisearch/meilisearch",
    "version": "latest",
    "date": "2025-12-03T14:19:01Z"
  },
  {
    "name": "Graylog2/graylog2-server",
    "version": "6.2.10",
@ -304,16 +354,6 @@
    "version": "v0.104.0",
    "date": "2025-12-03T06:48:38Z"
  },
  {
    "name": "mattermost/mattermost",
    "version": "v10.11.8",
    "date": "2025-11-21T17:06:07Z"
  },
  {
    "name": "openobserve/openobserve",
    "version": "v0.20.2",
    "date": "2025-12-03T02:20:57Z"
  },
  {
    "name": "hyperion-project/hyperion.ng",
    "version": "2.1.1",
@ -374,11 +414,6 @@
    "version": "jenkins-2.540",
    "date": "2025-12-02T16:56:49Z"
  },
  {
    "name": "nzbgetcom/nzbget",
    "version": "v25.4",
    "date": "2025-10-09T10:27:01Z"
  },
  {
    "name": "docker/compose",
    "version": "v5.0.0",
@ -719,11 +754,6 @@
    "version": "mariadb-12.1.2",
    "date": "2025-11-18T15:16:21Z"
  },
  {
    "name": "bluenviron/mediamtx",
    "version": "v1.15.4",
    "date": "2025-11-21T01:21:03Z"
  },
  {
    "name": "TasmoAdmin/TasmoAdmin",
    "version": "v4.3.2",
@ -859,11 +889,6 @@
    "version": "4.10.1",
    "date": "2025-11-15T04:36:48Z"
  },
  {
    "name": "zitadel/zitadel",
    "version": "v4.7.0",
    "date": "2025-11-14T09:45:13Z"
  },
  {
    "name": "runtipi/runtipi",
    "version": "v4.6.5",
@ -989,11 +1014,6 @@
    "version": "v3.0.9",
    "date": "2025-11-04T07:28:45Z"
  },
  {
    "name": "maxdorninger/MediaManager",
    "version": "v1.9.1",
    "date": "2025-11-02T21:14:50Z"
  },
  {
    "name": "motioneye-project/motioneye",
    "version": "0.42.1",
@ -1059,11 +1079,6 @@
    "version": "2.0.2",
    "date": "2025-10-22T17:03:54Z"
  },
  {
    "name": "Part-DB/Part-DB-server",
    "version": "v2.2.1",
    "date": "2025-10-19T14:30:11Z"
  },
  {
    "name": "benzino77/tasmocompiler",
    "version": "v13.0.0",
@ -1154,11 +1169,6 @@
    "version": "v2.7.3",
    "date": "2025-09-21T12:07:19Z"
  },
  {
    "name": "traccar/traccar",
    "version": "v6.10.0",
    "date": "2025-09-20T15:40:36Z"
  },
  {
    "name": "mmastrac/stylus",
    "version": "v0.17.0",
@ -1179,11 +1189,6 @@
    "version": "v0.23.0",
    "date": "2025-09-17T10:15:51Z"
  },
  {
    "name": "WGDashboard/WGDashboard",
    "version": "v4.3.0.1",
    "date": "2025-09-17T08:50:39Z"
  },
  {
    "name": "Checkmk/checkmk",
    "version": "v2.4.0p12",
@ -1249,11 +1254,6 @@
    "version": "0.6.25",
    "date": "2025-08-24T08:51:55Z"
  },
  {
    "name": "ventoy/Ventoy",
    "version": "v1.1.07",
    "date": "2025-08-18T16:13:54Z"
  },
  {
    "name": "lldap/lldap",
    "version": "v0.6.2",
--- a/misc/build.func
+++ b/misc/build.func
@ -453,7 +453,7 @@ load_vars_file() {
  # Allowed var_* keys
  local VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_keyctl
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu var_keyctl
    var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
    var_net var_nesting var_ns var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
    var_verbose var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
@ -505,7 +505,7 @@ default_var_settings() {
  # Allowed var_* keys (alphabetically sorted)
  # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
  local VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_keyctl
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu var_keyctl
    var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
    var_net var_nesting var_ns var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
    var_verbose var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
@ -667,7 +667,7 @@ get_app_defaults_path() {
 if ! declare -p VAR_WHITELIST >/dev/null 2>&1; then
  # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
  declare -ag VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu
    var_gateway var_hostname var_ipv6_method var_mac var_mtu
    var_net var_ns var_pw var_ram var_tags var_tun var_unprivileged
    var_verbose var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
@ -1011,7 +1011,7 @@ advanced_settings() {
  # Initialize defaults
  TAGS="community-script;${var_tags:-}"
  local STEP=1
-  local MAX_STEP=19
+  local MAX_STEP=20
  # Store values for back navigation
  local _ct_type="${CT_TYPE:-1}"
@ -1036,6 +1036,7 @@ advanced_settings() {
  local _vlan=""
  local _tags="$TAGS"
  local _enable_fuse="no"
  local _enable_gpu="${var_gpu:-no}"
  local _verbose="no"
  local _enable_keyctl="0"
  local _enable_mknod="0"
@ -1527,9 +1528,33 @@ advanced_settings() {
      ;;
    # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 19: Confirmation
+    # STEP 19: GPU Passthrough
    # ═══════════════════════════════════════════════════════════════════════════
    19)
      local gpu_default="OFF"
      [[ "$_enable_gpu" == "yes" ]] && gpu_default="ON"
      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
        --title "GPU PASSTHROUGH" \
        --ok-button "Next" --cancel-button "Back" \
        --defaultno \
        --yesno "\nEnable GPU Passthrough?\n\nAutomatically detects and passes through available GPUs\n(Intel/AMD/NVIDIA) for hardware acceleration.\n\nRecommended for: Media servers, AI/ML, Transcoding" 14 62; then
        _enable_gpu="yes"
      else
        if [ $? -eq 1 ]; then
          _enable_gpu="no"
        else
          ((STEP--))
          continue
        fi
      fi
      ((STEP++))
      ;;
    # ═══════════════════════════════════════════════════════════════════════════
    # STEP 20: Confirmation
    # ═══════════════════════════════════════════════════════════════════════════
    20)
      # Build summary
      local ct_type_desc="Unprivileged"
      [[ "$_ct_type" == "0" ]] && ct_type_desc="Privileged"
@ -1550,12 +1575,13 @@ Network:
 Options:
  FUSE: $_enable_fuse
  GPU Passthrough: $_enable_gpu
  Verbose: $_verbose"
      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
        --title "CONFIRM SETTINGS" \
        --ok-button "Create LXC" --cancel-button "Back" \
-        --yesno "$summary\n\nCreate ${APP} LXC with these settings?" 26 58; then
+        --yesno "$summary\n\nCreate ${APP} LXC with these settings?" 28 58; then
        ((STEP++))
      else
        ((STEP--))
@ -1582,8 +1608,12 @@ Options:
  IPV6_GATE="$_ipv6_gate"
  TAGS="$_tags"
  ENABLE_FUSE="$_enable_fuse"
  ENABLE_GPU="$_enable_gpu"
  VERBOSE="$_verbose"
  # Update var_gpu based on user choice (for is_gpu_app function)
  var_gpu="$_enable_gpu"
  # Format optional values
  [[ -n "$_mtu" ]] && MTU=",mtu=$_mtu" || MTU=""
  [[ -n "$_sd" ]] && SD="-searchdomain=$_sd" || SD=""
@ -1600,6 +1630,10 @@ Options:
  export UDHCPC_FIX
  export SSH_KEYS_FILE
  # Exit alternate screen buffer before showing summary (so output remains visible)
  tput rmcup 2>/dev/null || true
  trap - RETURN
  # Display final summary
  echo -e "\n${INFO}${BOLD}${DGN}PVE Version ${PVEVERSION} (Kernel: ${KERNEL_VERSION})${CL}"
  echo -e "${OS}${BOLD}${DGN}Operating System: ${BGN}$var_os${CL}"
@ -1614,6 +1648,7 @@ Options:
  echo -e "${NETWORK}${BOLD}${DGN}IPv4: ${BGN}$NET${CL}"
  echo -e "${NETWORK}${BOLD}${DGN}IPv6: ${BGN}$IPV6_METHOD${CL}"
  echo -e "${FUSE}${BOLD}${DGN}FUSE Support: ${BGN}$ENABLE_FUSE${CL}"
  echo -e "${GPU}${BOLD}${DGN}GPU Passthrough: ${BGN}$ENABLE_GPU${CL}"
  echo -e "${SEARCH}${BOLD}${DGN}Verbose Mode: ${BGN}$VERBOSE${CL}"
  echo -e "${CREATING}${BOLD}${RD}Creating a ${APP} LXC using the above advanced settings${CL}"
 }
@ -1736,6 +1771,9 @@ echo_default() {
  echo -e "${DISKSIZE}${BOLD}${DGN}Disk Size: ${BGN}${DISK_SIZE} GB${CL}"
  echo -e "${CPUCORE}${BOLD}${DGN}CPU Cores: ${BGN}${CORE_COUNT}${CL}"
  echo -e "${RAMSIZE}${BOLD}${DGN}RAM Size: ${BGN}${RAM_SIZE} MiB${CL}"
  if [[ -n "${var_gpu:-}" && "${var_gpu}" == "yes" ]]; then
    echo -e "${GPU}${BOLD}${DGN}GPU Passthrough: ${BGN}Enabled${CL}"
  fi
  if [ "$VERBOSE" == "yes" ]; then
    echo -e "${SEARCH}${BOLD}${DGN}Verbose Mode: ${BGN}Enabled${CL}"
  fi
@ -2388,21 +2426,15 @@ build_container() {
  # GPU/USB PASSTHROUGH CONFIGURATION
  # ============================================================================
-  # List of applications that benefit from GPU acceleration
+  # Check if GPU passthrough is enabled
-  GPU_APPS=(
+  # Returns true only if var_gpu is explicitly set to "yes"
-    "immich" "channels" "emby" "ersatztv" "frigate"
+  # Can be set via:
-    "jellyfin" "plex" "scrypted" "tdarr" "unmanic"
+  #   - Environment variable: var_gpu=yes bash -c "..."
-    "ollama" "fileflows" "open-webui" "tunarr"
+  #   - CT script default: var_gpu="${var_gpu:-no}"
-    "handbrake" "sunshine" "moonlight" "kodi" "stremio"
+  #   - Advanced settings wizard
-    "viseron"
+  #   - App defaults file: /usr/local/community-scripts/defaults/<app>.vars
  )
  # Check if app needs GPU
  is_gpu_app() {
-    local app="${1,,}"
+    [[ "${var_gpu:-no}" == "yes" ]] && return 0
    for gpu_app in "${GPU_APPS[@]}"; do
      [[ "$app" == "${gpu_app,,}" ]] && return 0
    done
    return 1
  }
@ -2492,8 +2524,13 @@ EOF
  # Configure GPU passthrough
  configure_gpu_passthrough() {
-    # Skip if not a GPU app and not privileged
+    # Skip if:
-    if [[ "$CT_TYPE" != "0" ]] && ! is_gpu_app "$APP"; then
+    # GPU passthrough is enabled when var_gpu="yes":
    # - Set via environment variable: var_gpu=yes bash -c "..."
    # - Set in CT script: var_gpu="${var_gpu:-no}"
    # - Enabled in advanced_settings wizard
    # - Configured in app defaults file
    if ! is_gpu_app "$APP"; then
      return 0
    fi
--- a/misc/core.func
+++ b/misc/core.func
@ -123,6 +123,7 @@ icons() {
  CREATING="${TAB}🚀${TAB}${CL}"
  ADVANCED="${TAB}🧩${TAB}${CL}"
  FUSE="${TAB}🗂️${TAB}${CL}"
  GPU="${TAB}🎮${TAB}${CL}"
  HOURGLASS="${TAB}⏳${TAB}"
 }