Proxmox/ProxmoxVE
1
0
Fork 1
mirror of https://github.com/community-scripts/ProxmoxVE.git synced 2026-04-25 19:35:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
15,889 Commits 199 Branches 506 Tags
2c22e03774da24ce425f2c42a202e4e2d4dfb70d
Commit Graph

1550 Commits

Author SHA1 Message Date
CanbiZ (MickLesk)
fdab25b098 core: auto-size NODE_OPTIONS heap (#13960) 
* feat(nodejs): auto-size NODE_OPTIONS heap and apply in Termix updates

- setup_nodejs now sets NODE_OPTIONS only when not already set
- Heap size is auto-derived from NODE_MAX_OLD_SPACE_SIZE, var_ram, or MemTotal
- Auto heap is clamped to 1024..4096 MB to avoid too-small or too-large defaults
- Termix update path now calls setup_nodejs before frontend/backend builds so
  Node heap defaults are applied consistently during updates

* feat(error-handler): add actionable Node.js heap OOM guidance

Detect probable Node.js heap out-of-memory failures from log patterns and
common build exit codes, then print targeted remediation hints instead of
only a generic SIGABRT/SIGKILL message.

- Detect OOM patterns in last log lines (Reached heap limit, JS heap OOM)
- Treat node build contexts with exit 134/137/243 as likely heap issues
- Suggest computed --max-old-space-size based on NODE_OPTIONS, var_ram,
  or MemTotal (clamped to 1024..4096 MB)
- Recommend calling setup_nodejs before build steps so defaults apply

* refactor(node-heap): raise auto cap to 12GB and simplify OOM hint

- Increase setup_nodejs auto heap clamp from 4GB to 12GB for heavy frontend builds
- Keep lower bound at 1GB and preserve user override precedence
- Simplify error_handler Node OOM output to a single concise hint
- Align error_handler heap suggestion clamp to 12GB
 2026-04-23 22:17:25 +02:00
CanbiZ (MickLesk)
3c38647055 core: improve system update information / lxc stack upgrade (#13970) 
* fix(lxc-stack): use dist-upgrade and improve recovery prompt

When the host LXC stack is too old for a template, upgrading only
pve-container/lxc-pve can leave the Proxmox stack in an inconsistent state.
Use a full dist-upgrade instead.

Also refine the recovery prompt:
- [1] Upgrade LXC stack now
- [2] Older template fallback only when actually available
- [3] Ignore
- [4] Cancel

Do not auto-fallback to an older template after ignore/failure; honor the
user's explicit choice and stop with a clear error instead.

* chore(lxc-stack-prompt): clarify host dist-upgrade action in option 1

* Update build.func

* fix(lxc-stack): use host upgrade instead of dist-upgrade in recovery flow

* Enhance upgrade prompt with warning message

Added a warning message to inform users about the implications of running the host upgrade.

---------

Co-authored-by: Michel Roegl-Brunner <73236783+michelroegl-brunner@users.noreply.github.com>
 2026-04-23 20:52:59 +02:00
CanbiZ (MickLesk)
9f50496f8b fix(tools.func): upgrade Node.js minor/patch on same major version (#13957) 
In setup_nodejs() Scenario 1 (major version already matches), only npm
was refreshed - apt never upgraded the nodejs package itself. This left
existing LXCs stuck on older minor releases (e.g. 22.13.1) even though
NodeSource ships newer ones (e.g. 22.19+).

Fix: add pt-get install -y --only-upgrade nodejs before the npm pin
so the latest minor/patch from the already-configured NodeSource repo is
always installed.

Fixes: seerr update failing with ERR_PNPM_UNSUPPORTED_ENGINE because
seerr 3.2.0 requires Node >=22.19.0 but installed was v22.13.1 (#13955)
 2026-04-23 15:49:54 +02:00
CanbiZ (MickLesk)
8706cd3783 Revert "core: Add PHS_VERBOSE env var to skip verbose mode prompts (#13797)" (#13963) 
This reverts commit 518b6778e2.
 2026-04-23 15:30:38 +02:00
CanbiZ (MickLesk)
874d8f300c Revert "Prefer silent mode on PHS env conflict (#13951)" (#13962) 
This reverts commit a37b36520c.
 2026-04-23 15:30:19 +02:00
CanbiZ (MickLesk)
a37b36520c Prefer silent mode on PHS env conflict (#13951) 
When PHS_SILENT and PHS_VERBOSE are both set, stop falling back to interactive mode. Changes prefer silent mode to keep automation safe and avoid blocking unattended/non-TTY updates. Only show a whiptail warning when both stdin/stdout are TTYs and whiptail is present, and ignore any whiptail errors. Added a brief comment and adjusted the fallback message accordingly.
 2026-04-23 09:33:40 +02:00
John Gorman
518b6778e2 core: Add PHS_VERBOSE env var to skip verbose mode prompts (#13797) 2026-04-22 14:47:44 +02:00
CanbiZ (MickLesk)
0986f485ee core: detect Perl breakage after LXC stack upgrade and improve storage validation (#13879) 2026-04-20 20:22:10 +02:00
CanbiZ (MickLesk)
02c174c4a2 fix(gpu): pin IGC version to compute-runtime compatible tag (#13814) 2026-04-17 21:58:31 +02:00
CanbiZ (MickLesk)
453f73abcf core: fix some pct create issues (telemetry) + cleanup (#13810) 
* fix(build.func): pct create audit — 5 fixes

1. Disable globbing (set -f) around pct create calls to prevent
   passwords containing * or ? from expanding to filenames.

2. Fix TAGS: use semicolons (pct format), prevent duplicate
   community-script prefix, remove trailing separator.

3. Skip keyctl dialog for unprivileged containers — pct always
   forces keyctl=1 for CT_TYPE=1, so the dialog was misleading.

4. Remove dead IPV6_STATIC variable (IPv6 is handled via
   IPV6_ADDR/IPV6_GATE which are properly wired into NET_STRING).

5. Remove dead UDHCPC_FIX variable — set and exported but never
   consumed by any install script.

* Update api.func
 2026-04-17 15:19:52 +02:00
CanbiZ (MickLesk)
a5fc040deb fix(build): sanitize mount_fs input — strip spaces and trailing commas (#13806) 
User input like 'nfs, cifs' or 'nfs,' would produce invalid pct
features strings like 'mount=nfs; cifs' (space breaks pct argument
parsing) or 'mount=nfs;' (trailing semicolon). Fixes:

- Whiptail dialog (Step 27): normalize input immediately after entry
- load_vars_file validation: normalize before regex check, use
  stricter regex that rejects trailing/leading commas
- FEATURES construction: defensive sanitize before building the
  mount= value (strip spaces, trailing commas/semicolons)

All three layers ensure 'nfs, cifs' -> 'nfs,cifs' -> 'mount=nfs;cifs'
 2026-04-17 13:04:52 +02:00
CanbiZ (MickLesk)
4e89480e8c core: wire ENABLE_MKNOD and ALLOW_MOUNT_FS into LXC features (#13796) 2026-04-16 22:23:15 +02:00
CanbiZ (MickLesk)
e55fe43e2d core: remove unused TEMP_DIR mktemp leak in build_container / clean sonarqube (#13708) 
* fix(core): remove unused TEMP_DIR mktemp leak in build_container

The build_container() function created a temp directory via mktemp -d and
pushd into it, but never popd or rm -rf. The directory was not used for
anything — FUNCTIONS_FILE_PATH is downloaded into a variable, not a file.

Remove the mktemp -d and pushd entirely to eliminate the leak.

* fix(sonarqube): clean up temp file after zip extraction

The SonarQube update function (ct/sonarqube.sh) never deleted the
downloaded zip file (~200-500 MB) from /tmp after extraction. On LXC
containers with 4-8 GB disks, this accumulates with every update and
can eventually fill the disk.

Also add explicit cleanup in the install script instead of relying
solely on cleanup_lxc() pattern matching.
 2026-04-13 15:59:42 +02:00
CanbiZ (MickLesk)
9a82ec48b2 tools.func: prevent script crash when entering GitHub token after rate limit (#13638) 
* fix(tools): prevent script crash when entering GitHub token after rate limit

fetch_and_deploy_gh_release set attempt=0 after accepting a token, then
immediately ran ((0++)) which evaluates to 0 (falsy) causing exit code 1
and killing the script under set -e.

Fix: set attempt=1 and continue to restart the retry loop cleanly,
giving the full max_retries budget with the new token.

Also fix fetch_and_deploy_codeberg_release: replace ((attempt++)) with
attempt=\ to avoid the same zero-evaluation crash on
the first connection timeout (attempt starts at 0 in that loop).

Fixes #13635

* feat(tools): add var_github_token support with token validation

- Add var_github_token to all VAR_WHITELIST arrays in build.func so the
  token can be set via default.vars, app.vars, or environment variable
- Map var_github_token -> GITHUB_TOKEN in default_var_settings() (env
  variable takes precedence over the var file value)
- Add commented var_github_token example to the default.vars template
- Add validate_github_token() to tools.func:
    * Calls GET /user to verify the token is accepted
    * Reports expiry date from x-oauth-expiry header (fine-grained PATs)
    * Warns when classic PAT is missing public_repo scope
    * Returns distinct exit codes: 0=valid, 1=invalid/expired, 2=no scope, 3=error
- Update prompt_for_github_token():
    * Non-interactive path now picks up var_github_token automatically
    * Interactive path also picks up var_github_token without prompting
    * Validates token immediately after entry; loops until valid or Ctrl+C
 2026-04-10 11:28:52 +02:00
CanbiZ (MickLesk)
68b486be92 Add donate & script page badges to descriptions (#13596) 
Update LXC and VM description blocks to include donation and script page badges. Introduces script_slug, script_url and donate_url variables (derived from SCRIPT_SLUG or NSAPP/APP, normalized to lowercase and dashed) and uses them to build links. Replaces the old Ko-fi "Buy us a coffee" badge with a generic donate badge and adds an "Open Script Page" badge linking to the script detail page.
 2026-04-08 21:40:52 +02:00
CanbiZ (MickLesk)
ac3cf75b11 core: improve resilience for top Proxmox error codes (209, 215, 118, 206) (#13575) 2026-04-07 23:10:37 +02:00
CanbiZ (MickLesk)
59c0052bc8 core: silent() function - use return instead of exit to allow || true error handling (#13529) 2026-04-05 21:02:56 +02:00
CanbiZ (MickLesk)
730176268e APT Proxy: Support full URLs (http/https with custom ports) (#13474) 
* APT Proxy: Support full URLs (http/https with custom ports)

* APT Proxy: Add URL validation and update default.vars examples
 2026-04-03 21:17:07 +02:00
CanbiZ (MickLesk)
f3a881e6f7 core.func: prevent profile.d scripts from aborting on non-zero exit (#13503) 2026-04-03 21:15:16 +02:00
CanbiZ (MickLesk)
8275531161 fix(build): skip empty gateway value in network config (#13442) 
When var_gateway is set to an empty string, the resulting gw= token
in the comma-separated network string causes pct create to fail with
a 'missing key in comma-separated list property' error.

Closes #13421
 2026-03-31 23:57:25 +02:00
CanbiZ (MickLesk)
d4e20816c7 core: APT/APK Mirror Fallback for CDN Failures (#13316) 2026-03-26 16:53:04 +01:00
CanbiZ (MickLesk)
fbe5b57c76 core/tools: replace generic return 1 exit_codes with more specific exit_codes (#13311) 2026-03-26 16:07:38 +01:00
CanbiZ (MickLesk)
42fbf1afc5 core: use /usr/bin/install to prevent function shadowing (#13299) 2026-03-26 10:11:47 +01:00
CanbiZ (MickLesk)
b9a39db667 fix(tools.func): pin npm to 11.11.0 to work around Node.js 22.22.2 regression (#13296) 
Node.js 22.22.2 ships with a broken npm self-upgrade path where 'npm install -g npm@latest' fails with MODULE_NOT_FOUND for promise-retry. Pin to npm@11.11.0 as a known-good version until the upstream issue is resolved. Ref: nodejs/node#62425, npm/cli#9151
 2026-03-26 10:04:00 +01:00
CanbiZ (MickLesk)
4eecca8aea fix(tools.func): use absolute path for install in setup_uv 
Using bare 'install' command gets shadowed when scripts define their own install() function, causing setup_uv to hang. Use /usr/bin/install instead.
 2026-03-26 09:54:17 +01:00
CanbiZ (MickLesk)
97bf744e96 fix typo (org instead of com) 2026-03-25 17:48:03 +01:00
CanbiZ (MickLesk)
53bc492fdb Make shell command substitutions safe with || true (#13279) 
Add defensive fallbacks (|| true) to multiple command substitutions to prevent non-zero exits when commands produce no output or are unavailable. Changes touch misc/api.func, misc/build.func and misc/tools.func and cover places like lspci, /proc/cpuinfo parsing, /etc/os-release reads, hostname -I usage, grep reads from vars files and maps, pct config parsing, storage/template lookups, tool version detection, NVIDIA driver version extraction, and MeiliSearch config parsing. These edits do not change functional behavior aside from ensuring the scripts continue running (variables will be empty) instead of failing in stricter shells or when commands return non-zero status.
 2026-03-25 13:06:21 +01:00
CanbiZ (MickLesk)
caf03fe274 chore: replace helper-scripts.com with community-scripts.com (#13244) 2026-03-24 20:50:40 +01:00
CanbiZ (MickLesk)
1c3c223e51 Turnkey: modernize turnkey.sh with shared libraries (#13242) 
* refactor(turnkey): modernize turnkey.sh with shared libraries and telemetry

- Source core.func, error_handler.func, api.func instead of custom error/msg functions
- Replace custom error_exit/warn/info/msg with msg_info/msg_ok/msg_error/msg_warn
- Upgrade validate_container_id to cluster-aware (pvesh + all-node config check)
- Add diagnostics_check() and telemetry (post_to_api / post_update_to_api)
- Add pve_check, shell_check, root_check for environment validation
- Use proper EXIT trap for cleanup (destroy container on error, restart monitor)
- Improve quoting throughout (PCT_OPTIONS as array, quoted variables)
- Secure credentials file with chmod 600
- Use exit_script for user cancellations (consistent with other scripts)

* fix(turnkey): replace diagnostics_check with inline config read

diagnostics_check() is defined in build.func which is not sourced.
Read the diagnostics config file directly instead — respects existing
user preference without prompting (turnkey has no settings menu).

* bump hardcoded names to dynamic list

* Preserve telemetry type and report failures

Respect a pre-set TELEMETRY_TYPE in misc/api.func and use it in the API payload instead of the hardcoded "lxc". In turnkey/turnkey.sh, set TELEMETRY_TYPE="turnkey" for turnkey installs and enhance turnkey_cleanup() to report failed installs to telemetry (calls post_update_to_api "failed" with the exit code when POST_TO_API_DONE is true and POST_UPDATE_DONE is not), then destroy the failed container. These changes ensure correct telemetry type propagation and that failed turnkey deployments are reported.

---------

Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com>
 2026-03-24 15:54:01 +01:00
CanbiZ (MickLesk)
86c658909a Classify exit-1 errors & guard telemetry 
Analyze logs for generic exit code 1 and export an ERROR_CATEGORY_OVERRIDE so telemetry receives a more accurate error category (apt, oom, network, storage, dependency). Preserve any existing TELEMETRY_TYPE when posting updates. Add defense-in-depth by disabling strict error traps before running grep/sed log analysis to avoid spurious error_handler invocations. Mark successful installs with INSTALL_COMPLETE and update the error handler to only report a successful "done" telemetry state when INSTALL_COMPLETE is explicitly set, preventing false-positive success reports from early zero-exit exits.
 2026-03-24 09:57:43 +01:00
CanbiZ (MickLesk)
c8606e9fcc core: harden shell scripts against injection and insecure permissions (#13239) 2026-03-23 22:22:23 +01:00
CanbiZ (MickLesk)
a2616ee258 Improve network connectivity and DNS checks (#13222) 2026-03-23 20:43:48 +01:00
CanbiZ (MickLesk)
f29606ae87 fix(build): allow /31 and /32 CIDR with out-of-subnet gateway (#13231) 2026-03-23 20:41:55 +01:00
CanbiZ (MickLesk)
791981ba68 qf msg_warn lxc stack update 2026-03-23 14:44:24 +01:00
CanbiZ (MickLesk)
2922ecdcbb core: guard against empty IPv6 address in static mode (#13195) 2026-03-22 22:48:19 +01:00
CanbiZ (MickLesk)
55324dbb98 core: add missing -searchdomain/-nameserver prefix in base_settings (#13166) 2026-03-21 21:13:15 +01:00
CanbiZ (MickLesk)
8c35c68c9c tools.func: display pin reason in release-check messages (#13095) 
* Display pin reason in release-check messages

Add an optional pin_reason parameter to check_for_gh_release and check_for_codeberg_release and update the no-update messaging to show the provided reason. If no reason is supplied, show a default message indicating the update is temporarily held back due to issues with newer releases. This improves user feedback when versions are intentionally pinned.

* Add informational args to release checks

Pass extra informational strings to check_for_gh_release calls to surface release-specific notes. Updated ct/immich.sh (notes for Immich and VectorChord releases), ct/opencloud.sh (note for OpenCloud), and ct/plant-it.sh (note about web frontend presence). These messages clarify testing/compatibility expectations when checking/releases.
 2026-03-19 22:18:27 +01:00
CanbiZ (MickLesk)
245433f535 tools.func: use dpkg-query for reliable JDK version detection (#13101) 2026-03-19 21:55:58 +01:00
CanbiZ (MickLesk)
ba01175bc6 core: reorder hwaccel setup and adjust GPU group usermod (#13072) 
* fix(tdarr): use curl_with_retry and verify binaries before enabling service

Tdarr_Updater downloads the actual server/node binaries from tdarr.io at
runtime. If tdarr.io is blocked by local DNS (e.g. OPNsense OISD blocklists),
the updater exits silently with code 0, leaving no binaries on disk. The
subsequent systemctl enable then fails with 'Operation not permitted' (exit 1)
because the ExecStart paths don't exist.

Changes:
- Replace bare curl with curl_with_retry for versions.json and Tdarr_Updater.zip
  downloads to gain retry logic, DNS pre-check and exponential backoff
- Add msg_info before Tdarr_Updater run so users see this step in the log
- Check that Tdarr_Server and Tdarr_Node binaries exist after the updater
  runs; fail immediately with a clear message pointing to tdarr.io connectivity
  instead of letting systemctl fail with a confusing 'Operation not permitted'

Fixes: #13030

* Improve Tdarr installer error handling

Refine post-update validation and failure behavior in tdarr-install.sh: remove a redundant status message, simplify the updater check to only require the Tdarr_Server binary, and replace the previous fatal path with msg_error plus an explicit exit 250. This makes failures (for example when tdarr.io is blocked by local DNS) clearer and avoids false negatives from the Tdarr_Node existence check.

* Use curl_with_retry and handle updater failure

Replace direct curl calls with curl_with_retry for fetching versions.json and downloading Tdarr_Updater.zip to improve network reliability. Add a post-update check that verifies /opt/tdarr/Tdarr_Server/Tdarr_Server exists; if missing, log an error suggesting possible DNS blocking and exit with code 250. Minor cleanup of updater artifacts remains unchanged.

* Reorder hwaccel setup and adjust GPU group usermod

Move setup_hwaccel invocations in emby, jellyfin, ollama, and plex installers to occur after package installation/configuration so GPU drivers/repos are present before enabling hardware acceleration. Update _setup_gpu_permissions to call usermod directly (remove $STD wrapper) when adding service users to render/video groups. Includes minor whitespace/ordering cleanups in the installer scripts.
 2026-03-19 06:55:56 +01:00
CanbiZ (MickLesk)
e20fed1a2d tools.func Implement pg_cron setup for setup_postgresql (#13053) 
* tools.func Implement PostgreSQL setup and upgrade function

Added setup_postgresql function to install or upgrade PostgreSQL, including optional modules and backup restoration.

* correct diff

* Update tools.func

* Update tools.func

* Update tools.func

* Update tools.func
 2026-03-18 16:45:11 +01:00
CanbiZ (MickLesk)
bd91c4d07f tools: Centralize GPU group setup via setup_hwaccel (#13044) 
improve hardware-acceleration setup to centralize service user group management. Install scripts (emby, plex, ollama, channels) now pass a service user to setup_hwaccel (or no user for channels) and have had inline /etc/group sed/usermod tweaks removed. misc/tools.func updated: setup_hwaccel accepts an optional service_user and forwards it to _setup_gpu_permissions, which now adds the service user to render and video groups if provided. This consolidates GPU permission changes in one place and removes duplicated per-service group edits.
 2026-03-18 11:56:32 +01:00
CanbiZ (MickLesk)
0f4bfc0b5a add missing func? 2026-03-18 11:15:02 +01:00
CanbiZ (MickLesk)
48afb6c017 tools.func: Implement check_for_gh_tag function (#12998) 
* tools.func Implement check_for_gh_tag function

Adds a function to check for new GitHub tags for repositories without releases. (needed for termix / guacd-server)

* Update documentation for check_for_gh_tag function
 2026-03-18 08:00:33 +01:00
CanbiZ (MickLesk)
7c62147a00 tools.func: Implement fetch_and_deploy_gh_tag function (#13000) 
* tools.func: Implement fetch_and_deploy_gh_tag function

Adds function to fetch and deploy GitHub tag-based source tarballs.

* Refactor fetch_and_deploy_gh_tag function and comments

Updated the function to fetch and deploy GitHub tags, enhancing its description and usage instructions.

* cleanuo
 2026-03-18 07:44:13 +01:00
Slaviša Arežina
9df9a2831e Update (#13008) 2026-03-17 21:19:36 +01:00
CanbiZ (MickLesk)
6747f0c340 fix broken rocm setup 2026-03-17 08:31:42 +01:00
CanbiZ (MickLesk)
5ee3ad2702 fix(hwaccel): remove ROCm install from AMD APU setup (#12958) 
AMD APUs (Radeon 780M/760M/740M and similar integrated graphics) do not
benefit from the full ROCm compute stack in LXC containers. ROCm is a
multi-GB GPGPU framework primarily designed for discrete AMD GPUs and
ML/AI workloads, not for video transcoding with integrated graphics.

For APUs the Mesa VA-API drivers (mesa-va-drivers, mesa-opencl-icd) and
firmware (firmware-amd-graphics) provide all the hardware acceleration
needed for media tasks. Installing ROCm on top adds ~4GB of packages
that frequently fail or time out for this class of hardware.

Discrete AMD GPUs (GPU_TYPE=AMD) are unaffected and still receive ROCm.
 2026-03-16 11:36:38 +01:00
CanbiZ (MickLesk)
fd9039e849 fix: unify RELEASE variable for check_for_gh_release and fetch_and_deploy_gh_release (#12917) 2026-03-15 20:08:15 +01:00
CanbiZ (MickLesk)
7ba3e9fe5e core: retry downloads with exponential backoff (#12896) 2026-03-15 10:00:37 +01:00
CanbiZ (MickLesk)
005260df87 fix(hwaccel): don't abort on AMD repo apt update failure (#12890) 
When repo.radeon.com has broken metadata, apt update fails with
exit code 100 and kills the entire install. Make it non-fatal so
the script can continue with cached packages or skip ROCm gracefully.

Fixes #12879
 2026-03-15 00:05:31 +01:00