Proxmox/ProxmoxVE
1
0
Fork 1
mirror of https://github.com/community-scripts/ProxmoxVE.git synced 2026-05-13 12:04:56 +02:00
Code Issues Packages Projects Releases Wiki Activity
16,132 Commits 52 Branches 524 Tags
16ac4407e28273b8cf81d1d10260ece2821f5ddc
Commit Graph

229 Commits

Author SHA1 Message Date
Sam Heinz
16ac4407e2 Potential fix for pull request finding 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
 2026-05-13 00:45:53 +10:00
Sam Heinz
39c514a1e3 Merge branch 'main' into arm64-build-support 2026-05-12 15:54:18 +10:00
Slaviša Arežina
5be86d4fdf pin pnpm version (#14386) 2026-05-10 20:05:03 +02:00
CanbiZ (MickLesk)
d996b5a719 fix(tools.func): fix meilisearch import-dump background process handling (#14341) 2026-05-08 23:32:48 +02:00
CanbiZ (MickLesk)
02eaf288bf tools.func: add setup_nltk as new function (#14314) 2026-05-08 15:39:20 +02:00
CanbiZ (MickLesk)
26b41d74ee tools.func get_latest_gh_tag - add pagination to find prefixed tags beyond first 50 (#14241) 
Co-authored-by: MickLesk <mickey.leskowitz@levelbuild.com>
 2026-05-04 22:13:49 +02:00
CanbiZ (MickLesk)
75c5aa3d5d tools.func: add GitLab release check/fetch/deploy helpers (#14242) 2026-05-04 20:32:15 +02:00
Michel Roegl-Brunner
4d163aa8f8 Revert "tools.func: add GitLab release check/fetch/deploy helpers (#14133)" (#14202) 
This reverts commit 9503db319c.
 2026-05-02 23:59:09 +02:00
CanbiZ (MickLesk)
9503db319c tools.func: add GitLab release check/fetch/deploy helpers (#14133) 2026-05-02 23:43:26 +02:00
Slaviša Arežina
564aaf5a9c tools.func: Manage minor versions for MongoDB 8.x (#14131) 2026-04-30 13:34:45 +02:00
CanbiZ (MickLesk)
ca915da8c1 Fix: Correct deb822 repository flat path detection (#14037) 
The setup_deb822_repo function was only checking for the literal './'
suite value, but should reject any suite ending with '/', which
indicates a flat repository that must not include Components in the
DEB822 format.

This fix aligns ProxmoxVE with the correct behavior already present
in ProxmoxVED.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-04-26 22:12:20 +02:00
CanbiZ (MickLesk)
fecad57187 fix dep 2026-04-24 14:29:55 +02:00
CanbiZ (MickLesk)
bb7b612d5f fix ffmpeg path 2026-04-24 14:21:16 +02:00
CanbiZ (MickLesk)
fdab25b098 core: auto-size NODE_OPTIONS heap (#13960) 
* feat(nodejs): auto-size NODE_OPTIONS heap and apply in Termix updates

- setup_nodejs now sets NODE_OPTIONS only when not already set
- Heap size is auto-derived from NODE_MAX_OLD_SPACE_SIZE, var_ram, or MemTotal
- Auto heap is clamped to 1024..4096 MB to avoid too-small or too-large defaults
- Termix update path now calls setup_nodejs before frontend/backend builds so
  Node heap defaults are applied consistently during updates

* feat(error-handler): add actionable Node.js heap OOM guidance

Detect probable Node.js heap out-of-memory failures from log patterns and
common build exit codes, then print targeted remediation hints instead of
only a generic SIGABRT/SIGKILL message.

- Detect OOM patterns in last log lines (Reached heap limit, JS heap OOM)
- Treat node build contexts with exit 134/137/243 as likely heap issues
- Suggest computed --max-old-space-size based on NODE_OPTIONS, var_ram,
  or MemTotal (clamped to 1024..4096 MB)
- Recommend calling setup_nodejs before build steps so defaults apply

* refactor(node-heap): raise auto cap to 12GB and simplify OOM hint

- Increase setup_nodejs auto heap clamp from 4GB to 12GB for heavy frontend builds
- Keep lower bound at 1GB and preserve user override precedence
- Simplify error_handler Node OOM output to a single concise hint
- Align error_handler heap suggestion clamp to 12GB
 2026-04-23 22:17:25 +02:00
CanbiZ (MickLesk)
9f50496f8b fix(tools.func): upgrade Node.js minor/patch on same major version (#13957) 
In setup_nodejs() Scenario 1 (major version already matches), only npm
was refreshed - apt never upgraded the nodejs package itself. This left
existing LXCs stuck on older minor releases (e.g. 22.13.1) even though
NodeSource ships newer ones (e.g. 22.19+).

Fix: add pt-get install -y --only-upgrade nodejs before the npm pin
so the latest minor/patch from the already-configured NodeSource repo is
always installed.

Fixes: seerr update failing with ERR_PNPM_UNSUPPORTED_ENGINE because
seerr 3.2.0 requires Node >=22.19.0 but installed was v22.13.1 (#13955)
 2026-04-23 15:49:54 +02:00
CanbiZ (MickLesk)
02c174c4a2 fix(gpu): pin IGC version to compute-runtime compatible tag (#13814) 2026-04-17 21:58:31 +02:00
CanbiZ (MickLesk)
9a82ec48b2 tools.func: prevent script crash when entering GitHub token after rate limit (#13638) 
* fix(tools): prevent script crash when entering GitHub token after rate limit

fetch_and_deploy_gh_release set attempt=0 after accepting a token, then
immediately ran ((0++)) which evaluates to 0 (falsy) causing exit code 1
and killing the script under set -e.

Fix: set attempt=1 and continue to restart the retry loop cleanly,
giving the full max_retries budget with the new token.

Also fix fetch_and_deploy_codeberg_release: replace ((attempt++)) with
attempt=\ to avoid the same zero-evaluation crash on
the first connection timeout (attempt starts at 0 in that loop).

Fixes #13635

* feat(tools): add var_github_token support with token validation

- Add var_github_token to all VAR_WHITELIST arrays in build.func so the
  token can be set via default.vars, app.vars, or environment variable
- Map var_github_token -> GITHUB_TOKEN in default_var_settings() (env
  variable takes precedence over the var file value)
- Add commented var_github_token example to the default.vars template
- Add validate_github_token() to tools.func:
    * Calls GET /user to verify the token is accepted
    * Reports expiry date from x-oauth-expiry header (fine-grained PATs)
    * Warns when classic PAT is missing public_repo scope
    * Returns distinct exit codes: 0=valid, 1=invalid/expired, 2=no scope, 3=error
- Update prompt_for_github_token():
    * Non-interactive path now picks up var_github_token automatically
    * Interactive path also picks up var_github_token without prompting
    * Validates token immediately after entry; loops until valid or Ctrl+C
 2026-04-10 11:28:52 +02:00
CanbiZ (MickLesk)
fbe5b57c76 core/tools: replace generic return 1 exit_codes with more specific exit_codes (#13311) 2026-03-26 16:07:38 +01:00
CanbiZ (MickLesk)
b9a39db667 fix(tools.func): pin npm to 11.11.0 to work around Node.js 22.22.2 regression (#13296) 
Node.js 22.22.2 ships with a broken npm self-upgrade path where 'npm install -g npm@latest' fails with MODULE_NOT_FOUND for promise-retry. Pin to npm@11.11.0 as a known-good version until the upstream issue is resolved. Ref: nodejs/node#62425, npm/cli#9151
 2026-03-26 10:04:00 +01:00
CanbiZ (MickLesk)
4eecca8aea fix(tools.func): use absolute path for install in setup_uv 
Using bare 'install' command gets shadowed when scripts define their own install() function, causing setup_uv to hang. Use /usr/bin/install instead.
 2026-03-26 09:54:17 +01:00
CanbiZ (MickLesk)
53bc492fdb Make shell command substitutions safe with || true (#13279) 
Add defensive fallbacks (|| true) to multiple command substitutions to prevent non-zero exits when commands produce no output or are unavailable. Changes touch misc/api.func, misc/build.func and misc/tools.func and cover places like lspci, /proc/cpuinfo parsing, /etc/os-release reads, hostname -I usage, grep reads from vars files and maps, pct config parsing, storage/template lookups, tool version detection, NVIDIA driver version extraction, and MeiliSearch config parsing. These edits do not change functional behavior aside from ensuring the scripts continue running (variables will be empty) instead of failing in stricter shells or when commands return non-zero status.
 2026-03-25 13:06:21 +01:00
CanbiZ (MickLesk)
c8606e9fcc core: harden shell scripts against injection and insecure permissions (#13239) 2026-03-23 22:22:23 +01:00
CanbiZ (MickLesk)
8c35c68c9c tools.func: display pin reason in release-check messages (#13095) 
* Display pin reason in release-check messages

Add an optional pin_reason parameter to check_for_gh_release and check_for_codeberg_release and update the no-update messaging to show the provided reason. If no reason is supplied, show a default message indicating the update is temporarily held back due to issues with newer releases. This improves user feedback when versions are intentionally pinned.

* Add informational args to release checks

Pass extra informational strings to check_for_gh_release calls to surface release-specific notes. Updated ct/immich.sh (notes for Immich and VectorChord releases), ct/opencloud.sh (note for OpenCloud), and ct/plant-it.sh (note about web frontend presence). These messages clarify testing/compatibility expectations when checking/releases.
 2026-03-19 22:18:27 +01:00
CanbiZ (MickLesk)
245433f535 tools.func: use dpkg-query for reliable JDK version detection (#13101) 2026-03-19 21:55:58 +01:00
CanbiZ (MickLesk)
ba01175bc6 core: reorder hwaccel setup and adjust GPU group usermod (#13072) 
* fix(tdarr): use curl_with_retry and verify binaries before enabling service

Tdarr_Updater downloads the actual server/node binaries from tdarr.io at
runtime. If tdarr.io is blocked by local DNS (e.g. OPNsense OISD blocklists),
the updater exits silently with code 0, leaving no binaries on disk. The
subsequent systemctl enable then fails with 'Operation not permitted' (exit 1)
because the ExecStart paths don't exist.

Changes:
- Replace bare curl with curl_with_retry for versions.json and Tdarr_Updater.zip
  downloads to gain retry logic, DNS pre-check and exponential backoff
- Add msg_info before Tdarr_Updater run so users see this step in the log
- Check that Tdarr_Server and Tdarr_Node binaries exist after the updater
  runs; fail immediately with a clear message pointing to tdarr.io connectivity
  instead of letting systemctl fail with a confusing 'Operation not permitted'

Fixes: #13030

* Improve Tdarr installer error handling

Refine post-update validation and failure behavior in tdarr-install.sh: remove a redundant status message, simplify the updater check to only require the Tdarr_Server binary, and replace the previous fatal path with msg_error plus an explicit exit 250. This makes failures (for example when tdarr.io is blocked by local DNS) clearer and avoids false negatives from the Tdarr_Node existence check.

* Use curl_with_retry and handle updater failure

Replace direct curl calls with curl_with_retry for fetching versions.json and downloading Tdarr_Updater.zip to improve network reliability. Add a post-update check that verifies /opt/tdarr/Tdarr_Server/Tdarr_Server exists; if missing, log an error suggesting possible DNS blocking and exit with code 250. Minor cleanup of updater artifacts remains unchanged.

* Reorder hwaccel setup and adjust GPU group usermod

Move setup_hwaccel invocations in emby, jellyfin, ollama, and plex installers to occur after package installation/configuration so GPU drivers/repos are present before enabling hardware acceleration. Update _setup_gpu_permissions to call usermod directly (remove $STD wrapper) when adding service users to render/video groups. Includes minor whitespace/ordering cleanups in the installer scripts.
 2026-03-19 06:55:56 +01:00
CanbiZ (MickLesk)
e20fed1a2d tools.func Implement pg_cron setup for setup_postgresql (#13053) 
* tools.func Implement PostgreSQL setup and upgrade function

Added setup_postgresql function to install or upgrade PostgreSQL, including optional modules and backup restoration.

* correct diff

* Update tools.func

* Update tools.func

* Update tools.func

* Update tools.func
 2026-03-18 16:45:11 +01:00
CanbiZ (MickLesk)
bd91c4d07f tools: Centralize GPU group setup via setup_hwaccel (#13044) 
improve hardware-acceleration setup to centralize service user group management. Install scripts (emby, plex, ollama, channels) now pass a service user to setup_hwaccel (or no user for channels) and have had inline /etc/group sed/usermod tweaks removed. misc/tools.func updated: setup_hwaccel accepts an optional service_user and forwards it to _setup_gpu_permissions, which now adds the service user to render and video groups if provided. This consolidates GPU permission changes in one place and removes duplicated per-service group edits.
 2026-03-18 11:56:32 +01:00
CanbiZ (MickLesk)
0f4bfc0b5a add missing func? 2026-03-18 11:15:02 +01:00
CanbiZ (MickLesk)
48afb6c017 tools.func: Implement check_for_gh_tag function (#12998) 
* tools.func Implement check_for_gh_tag function

Adds a function to check for new GitHub tags for repositories without releases. (needed for termix / guacd-server)

* Update documentation for check_for_gh_tag function
 2026-03-18 08:00:33 +01:00
CanbiZ (MickLesk)
7c62147a00 tools.func: Implement fetch_and_deploy_gh_tag function (#13000) 
* tools.func: Implement fetch_and_deploy_gh_tag function

Adds function to fetch and deploy GitHub tag-based source tarballs.

* Refactor fetch_and_deploy_gh_tag function and comments

Updated the function to fetch and deploy GitHub tags, enhancing its description and usage instructions.

* cleanuo
 2026-03-18 07:44:13 +01:00
Slaviša Arežina
9df9a2831e Update (#13008) 2026-03-17 21:19:36 +01:00
CanbiZ (MickLesk)
6747f0c340 fix broken rocm setup 2026-03-17 08:31:42 +01:00
CanbiZ (MickLesk)
5ee3ad2702 fix(hwaccel): remove ROCm install from AMD APU setup (#12958) 
AMD APUs (Radeon 780M/760M/740M and similar integrated graphics) do not
benefit from the full ROCm compute stack in LXC containers. ROCm is a
multi-GB GPGPU framework primarily designed for discrete AMD GPUs and
ML/AI workloads, not for video transcoding with integrated graphics.

For APUs the Mesa VA-API drivers (mesa-va-drivers, mesa-opencl-icd) and
firmware (firmware-amd-graphics) provide all the hardware acceleration
needed for media tasks. Installing ROCm on top adds ~4GB of packages
that frequently fail or time out for this class of hardware.

Discrete AMD GPUs (GPU_TYPE=AMD) are unaffected and still receive ROCm.
 2026-03-16 11:36:38 +01:00
CanbiZ (MickLesk)
fd9039e849 fix: unify RELEASE variable for check_for_gh_release and fetch_and_deploy_gh_release (#12917) 2026-03-15 20:08:15 +01:00
CanbiZ (MickLesk)
7ba3e9fe5e core: retry downloads with exponential backoff (#12896) 2026-03-15 10:00:37 +01:00
CanbiZ (MickLesk)
005260df87 fix(hwaccel): don't abort on AMD repo apt update failure (#12890) 
When repo.radeon.com has broken metadata, apt update fails with
exit code 100 and kills the entire install. Make it non-fatal so
the script can continue with cached packages or skip ROCm gracefully.

Fixes #12879
 2026-03-15 00:05:31 +01:00
CanbiZ (MickLesk)
cc95ef2987 tools.func: support older NVIDIA driver versions with 2 segments (xxx.xxx) (#12796) 2026-03-12 09:07:49 +01:00
CanbiZ (MickLesk)
38c9421493 tools.func: correct PATH escaping in ROCm profile script (#12793) 2026-03-12 09:07:33 +01:00
CanbiZ (MickLesk)
4ab3a24d03 Merge branch 'main' into arm64-build-support 2026-03-11 14:27:14 +01:00
CanbiZ (MickLesk)
7c051fb648 Improve arm64 support and arch-specific downloads 
Add clearer architecture error messages and gate arm64 usage, plus implement architecture-aware behavior across the toolkit. Changes include: update exit-code messages to reference amd64/arm64, refuse arm64 unless explicitly enabled, show architecture in summaries, and use arch-specific package lists when installing in containers. Make downloads for FFmpeg and yq choose the correct amd64/arm64 binaries, tighten template download error handling and formatting, and clean up minor whitespace/comment issues. These changes aim to make arm64 handling explicit and downloads/installations more robust for non-amd64 systems.
 2026-03-11 14:23:56 +01:00
CanbiZ (MickLesk)
e7f551dab6 fix(hwaccel): install ROCm runtime only, reduce disk resize to +4GB 
The full 'rocm' meta-package includes 15GB+ of dev tools (compilers,
debuggers, dev headers) which are unnecessary in LXC containers.
Install only runtime packages: rocm-opencl-runtime, rocm-hip-runtime,
rocm-smi-lib. Reduce disk resize from +8GB to +4GB accordingly.
 2026-03-09 11:14:26 +01:00
CanbiZ (MickLesk)
b20bf9c658 tools: add Alpine (apk) support to ensure_dependencies and is_package_installed (#12703) 2026-03-09 10:03:04 +01:00
CanbiZ (MickLesk)
8c5e340ad0 fix(hwaccel): use amdgpu/latest/ubuntu instead of versioned URL 2026-03-09 09:57:28 +01:00
CanbiZ (MickLesk)
2afc25d51f tools.func: extend hwaccel with ROCm (#12707) 2026-03-09 09:37:26 +01:00
Slaviša Arežina
8be52ab1ad Fixes (#12675) 2026-03-08 13:25:24 +01:00
CanbiZ (MickLesk)
148f0121df fix: add interactive GitHub PAT prompt on rate limit / auth failure (#12652) 
When a GitHub API call fails with HTTP 401 (invalid token) or HTTP 403
(rate limit exceeded), the user is now prompted interactively to enter a
GitHub Personal Access Token (PAT). The token is validated (no empty
input, no whitespace) before being set and the API call is retried.

This applies to both github_api_call() and fetch_and_deploy_gh_release().

Closes #12615
 2026-03-07 22:14:18 +01:00
Sam Heinz
6f62656c96 Replace tools.func call that checks arch 2026-03-07 15:55:21 +10:00
Sam Heinz
087f817bf6 misc scripts: add support for arm64 2026-03-07 15:44:44 +10:00
CanbiZ (MickLesk)
eb848fd70f databasus: make fetch_and_deploy_from_url accept empty dir 
Pass an explicit empty second argument when downloading MongoDB tools and update fetch_and_deploy_from_url to default the directory parameter to an empty string. This avoids unset/ambiguous directory handling at the call site and ensures the function has a defined directory variable even when none is provided.
 2026-03-06 14:11:57 +01:00
CanbiZ (MickLesk)
783ba03e92 fix(postgresql): fall back to distro packages instead of bookworm-pgdg on Trixie (#12524) (#12542) 2026-03-04 08:39:33 +01:00