Commit Graph

401 Commits

Author SHA1 Message Date
Michel Roegl-Brunner f1680a5e6c feat(build.func): notify users when already on a pinned script version
Query PocketBase pinned_version/pin_reason during LXC updates and show an informational message when the installed version matches the pin, so users know not to open issues for missing newer updates.
2026-07-16 10:49:12 +02:00
Michel Roegl-Brunner 12949bce6c fix(build.func): parse script status without jq dependency (#15729)
Replace jq-based PocketBase status parsing with sed/grep so disabled and deleted script checks work on hosts that do not have jq installed yet.
2026-07-13 11:10:49 +02:00
Michel Roegl-Brunner 9b7f4533c6 feat(build.func): add var_ignore_disable to bypass disabled-script guard (#15544)
Allow users to set var_ignore_disable=true to continue past the 'script disabled' guard in runtime_script_status_guard(). A warning is still shown, but execution continues instead of aborting. Deleted scripts remain a hard stop.
2026-07-02 13:53:39 +02:00
CanbiZ (MickLesk) a8eedc1848 core: fix SDN vnet network parameter to use bridge instead of vnet (#15527) 2026-07-01 22:36:07 +02:00
Jamie 681924cb1a fix(build.func): set /dev/kfd GID in fix_gpu_gids for AMD ROCm (#15401)
Update LXC config and privileged-container permissions for /dev/kfd
to use the render group, matching renderD* handling and tools.func.
2026-06-26 22:06:27 +10:00
MickLesk f7acb76e80 fix typo 2026-06-24 23:44:26 +02:00
CanbiZ (MickLesk) e193adad5a core: add SDN vnet selection in advanced install (#15366)
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-24 23:21:12 +02:00
CanbiZ (MickLesk) 0b94d4f54a core: add var_http_proxy and var_http_no_proxy support (#15225)
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-24 06:58:32 +02:00
Luna e076322c0f fix: close lxc build function (#15343) 2026-06-23 07:39:36 +02:00
Copilot 52e4e5ff39 fix(build.func): remove duplicate if statement causing syntax error on container creation (#15338)
* Initial plan

* fix(build.func): remove duplicate if statement causing syntax error

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
2026-06-23 07:29:05 +02:00
l0caldadmin 89b6678d1f Fix syntax error in build function (#15337) 2026-06-23 07:25:51 +02:00
CanbiZ (MickLesk) b18e9298b1 Implement local _disable_update for conditional upgrade handling
Add a local variable to manage update disabling based on environment settings.
2026-06-23 06:31:44 +02:00
CanbiZ (MickLesk) fd1dbf2ba1 core:: skip LXC stack upgrade prompt in unattended mode (#15319) 2026-06-22 21:59:27 +02:00
CanbiZ (MickLesk) 0940119aea feat(build): add pre-install storage health checks (#15226)
Warn or block container creation when target storage is above 85% or 95% full.

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-22 21:08:09 +02:00
Sam Heinz 6ce9d8a39d [arm64] Port scripts titled between A-F to support arm64 (#15181) 2026-06-19 09:53:08 +02:00
Michel Roegl-Brunner e60c1f31c2 Stop spinner for deleted/disabled info messages
Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-16 11:11:23 +02:00
Michel Roegl-Brunner 7ee47be436 Add runtime status guard and deleted script stubs (#15125)
* Add runtime script status guard and deleted-script stubs.

Prevent disabled/deleted scripts from running updates with clear user messages, and ensure deleted ct scripts are stubbed automatically so legacy update commands no longer fail with 404.

* Delete ct/ente.sh

* Update booklore.sh
2026-06-16 10:56:29 +02:00
CanbiZ (MickLesk) 6762208d66 core: improve mirror selection and error handling (#15108) 2026-06-15 10:09:38 +02:00
CanbiZ (MickLesk) 293d4b73a1 core: implement gateway validation for DHCP and static networks (#15107) 2026-06-15 10:08:24 +02:00
Sam Heinz 10acc2f591 [arm64] remove logic for custom debian arm64 template (#15050) 2026-06-11 18:06:21 +02:00
Sam Heinz 6851a02bdc misc scripts: add support for arm64 (#12639)
* misc scripts: add support for arm64

* Replace tools.func call that checks arch

* Update misc/build.func

Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>

* Update misc/build.func

Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>

* Update misc/build.func

Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>

* Update misc/build.func

Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>

* build.func: change back to VE

* build.func: remove arm64 support for focal, bullseye

Legacy support removed since no cts use them anymore.

* Improve arm64 support and arch-specific downloads

Add clearer architecture error messages and gate arm64 usage, plus implement architecture-aware behavior across the toolkit. Changes include: update exit-code messages to reference amd64/arm64, refuse arm64 unless explicitly enabled, show architecture in summaries, and use arch-specific package lists when installing in containers. Make downloads for FFmpeg and yq choose the correct amd64/arm64 binaries, tighten template download error handling and formatting, and clean up minor whitespace/comment issues. These changes aim to make arm64 handling explicit and downloads/installations more robust for non-amd64 systems.

* remove arm64 overlay

* update ifupdown2 source

* Revert "remove arm64 overlay"

This reverts commit 231945dfa7.

* Revert changes from "Improve arm64 support and arch-specific downloads"

* Reapply "Improve arm64 support and arch-specific downloads"

This reapplies commit 7c051fb648.

* Reapply "remove arm64 overlay"

This reverts commit 866b6950c0.

* Redo template name handling

* fix template name handling change

* add ensure_whiptail function

This is required as some arm64 systems will not have whiptail installed, as it is not installed by default.

* add arm64_notice function

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* Potential fix for pull request finding

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

* fix for copilot detected bugs

---------

Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>
Co-authored-by: CanbiZ (MickLesk) <47820557+MickLesk@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
2026-06-11 08:14:32 +02:00
Nick B 79ccc8ed6b AMD IGPU support (#14944) 2026-06-05 12:40:26 +02:00
CanbiZ (MickLesk) 2fa9ae03a1 core: suppress MOTD for non-interactive shells (#14638) 2026-05-22 09:08:13 +02:00
Atahan Kucuk bc43c262a8 fix: make LXC banner OS detection dynamic via /etc/os-release (#14269)
* fix: derive LXC banner OS from os-release

Read os-release at login time for the generated LXC banner so OS display stays accurate after template changes or in-place upgrades. Prefer PRETTY_NAME with safe fallbacks to NAME, template defaults, and Unknown OS while preserving existing banner formatting.

Co-authored-by: Cursor <cursoragent@cursor.com>

* refactor: simplify dynamic LXC banner OS resolution

Reduce banner OS rendering to a minimal runtime os-release read with PRETTY_NAME/NAME fallbacks and Unknown OS default. Remove redundant OS rewrites from update_motd_ip now that OS display is resolved dynamically at login.

Co-authored-by: Cursor <cursoragent@cursor.com>

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
2026-05-22 07:46:18 +02:00
CanbiZ (MickLesk) 2448723d19 build.func: fall back to silent mode when no TTY or whiptail unavailable (#14497) 2026-05-16 00:44:27 +02:00
CanbiZ (MickLesk) ebaa526560 core: support optional POST_INSTALL_SCRIPT (var_post_install_script) hook (#14160) 2026-05-11 15:54:38 +02:00
CanbiZ (MickLesk) 3c02868add update-apps: some improvements (#14275)
* feat(update-apps): add var_continue_on_error and TERM=dumb fix

- Add var_continue_on_error=yes to skip failed containers instead
  of aborting all remaining updates. Useful for cron/unattended runs
  where one disabled or broken script should not stop others.
  Containers with backup still attempt restore on failure regardless.

- Set TERM=dumb when running pct exec to prevent whiptail from
  hanging when no TTY is available (e.g. cron jobs redirecting
  stdout/stderr). This causes whiptail to fail-fast instead of
  blocking indefinitely.

- Add var_continue_on_error to export_config_json, --help output,
  and usage examples (cron-style invocation example added).

* feat(update-apps): add var_dry_run to check updates without applying

Adds dry-run mode (var_dry_run=yes) that reports available updates for
all selected containers without modifying anything:

- Extracts GitHub source repo from the ct script header (# Source:)
- Resolves the version file name from check_for_gh_release app arg
- Reads current installed version from ~/.appname inside the container
- Queries GitHub API /releases/latest for comparison
- Outputs color-coded status: up-to-date (green), update available (yellow),
  or unknown (blue/yellow with reason)

Non-GitHub sources (Codeberg, custom URLs) are skipped with a notice.
Resource scaling is suppressed entirely during dry-run.

Example usage:
  var_container=all_running var_skip_confirm=yes var_dry_run=yes \
    bash -c "$(curl -fsSL .../update-apps.sh)"

* fix(update-apps): dry-run uses check_for_gh_release args, not Source header

The # Source: header can point to a different repo than what
check_for_gh_release actually queries (e.g. RustDesk uses
lejianwen fork, not official rustdesk repo).

Now parse both app name and source repo directly from the
check_for_gh_release call in the ct script:
  check_for_gh_release "appname" "owner/repo"

Also fix $HOME/.appname path expansion in pct exec context.

* fix issue on clear()

* feat(update-apps): add no-op clear wrapper to PATH for update scripts

Co-authored-by: Copilot <copilot@github.com>

* feat(update-apps): enhance error handling for unattended mode in resource checks

Co-authored-by: Copilot <copilot@github.com>

* feat(update-apps): implement structured logging and summary report for updates

Co-authored-by: Copilot <copilot@github.com>

* fix log issue

Co-authored-by: Copilot <copilot@github.com>

* feat(update-apps): enhance dry-run functionality and logging for container updates

Co-authored-by: Copilot <copilot@github.com>

* feat(update-apps): add dry-run completion message for better user feedback

Co-authored-by: Copilot <copilot@github.com>

---------

Co-authored-by: Copilot <copilot@github.com>
2026-05-07 15:53:22 +02:00
Michael Oultram 37eafa199d core: fix validate_bridge function (#14206) 2026-05-03 22:35:53 +02:00
CanbiZ (MickLesk) 9578c6fa91 core: prompt to also run installed addon update scripts (…/bin/update_*) after update_script (#14162) 2026-05-02 12:06:16 +02:00
CanbiZ (MickLesk) e9ae1bfde1 Add guidance when storage lacks rootdir support (#14108) 2026-04-29 22:28:08 +02:00
Mike 88397b48dc Update build.func - fixed spelling mistake (#14047) 2026-04-27 09:00:29 +02:00
CanbiZ (MickLesk) 3c38647055 core: improve system update information / lxc stack upgrade (#13970)
* fix(lxc-stack): use dist-upgrade and improve recovery prompt

When the host LXC stack is too old for a template, upgrading only
pve-container/lxc-pve can leave the Proxmox stack in an inconsistent state.
Use a full dist-upgrade instead.

Also refine the recovery prompt:
- [1] Upgrade LXC stack now
- [2] Older template fallback only when actually available
- [3] Ignore
- [4] Cancel

Do not auto-fallback to an older template after ignore/failure; honor the
user's explicit choice and stop with a clear error instead.

* chore(lxc-stack-prompt): clarify host dist-upgrade action in option 1

* Update build.func

* fix(lxc-stack): use host upgrade instead of dist-upgrade in recovery flow

* Enhance upgrade prompt with warning message

Added a warning message to inform users about the implications of running the host upgrade.

---------

Co-authored-by: Michel Roegl-Brunner <73236783+michelroegl-brunner@users.noreply.github.com>
2026-04-23 20:52:59 +02:00
CanbiZ (MickLesk) 8706cd3783 Revert "core: Add PHS_VERBOSE env var to skip verbose mode prompts (#13797)" (#13963)
This reverts commit 518b6778e2.
2026-04-23 15:30:38 +02:00
CanbiZ (MickLesk) 874d8f300c Revert "Prefer silent mode on PHS env conflict (#13951)" (#13962)
This reverts commit a37b36520c.
2026-04-23 15:30:19 +02:00
CanbiZ (MickLesk) a37b36520c Prefer silent mode on PHS env conflict (#13951)
When PHS_SILENT and PHS_VERBOSE are both set, stop falling back to interactive mode. Changes prefer silent mode to keep automation safe and avoid blocking unattended/non-TTY updates. Only show a whiptail warning when both stdin/stdout are TTYs and whiptail is present, and ignore any whiptail errors. Added a brief comment and adjusted the fallback message accordingly.
2026-04-23 09:33:40 +02:00
John Gorman 518b6778e2 core: Add PHS_VERBOSE env var to skip verbose mode prompts (#13797) 2026-04-22 14:47:44 +02:00
CanbiZ (MickLesk) 0986f485ee core: detect Perl breakage after LXC stack upgrade and improve storage validation (#13879) 2026-04-20 20:22:10 +02:00
CanbiZ (MickLesk) 453f73abcf core: fix some pct create issues (telemetry) + cleanup (#13810)
* fix(build.func): pct create audit — 5 fixes

1. Disable globbing (set -f) around pct create calls to prevent
   passwords containing * or ? from expanding to filenames.

2. Fix TAGS: use semicolons (pct format), prevent duplicate
   community-script prefix, remove trailing separator.

3. Skip keyctl dialog for unprivileged containers — pct always
   forces keyctl=1 for CT_TYPE=1, so the dialog was misleading.

4. Remove dead IPV6_STATIC variable (IPv6 is handled via
   IPV6_ADDR/IPV6_GATE which are properly wired into NET_STRING).

5. Remove dead UDHCPC_FIX variable — set and exported but never
   consumed by any install script.

* Update api.func
2026-04-17 15:19:52 +02:00
CanbiZ (MickLesk) a5fc040deb fix(build): sanitize mount_fs input — strip spaces and trailing commas (#13806)
User input like 'nfs, cifs' or 'nfs,' would produce invalid pct
features strings like 'mount=nfs; cifs' (space breaks pct argument
parsing) or 'mount=nfs;' (trailing semicolon). Fixes:

- Whiptail dialog (Step 27): normalize input immediately after entry
- load_vars_file validation: normalize before regex check, use
  stricter regex that rejects trailing/leading commas
- FEATURES construction: defensive sanitize before building the
  mount= value (strip spaces, trailing commas/semicolons)

All three layers ensure 'nfs, cifs' -> 'nfs,cifs' -> 'mount=nfs;cifs'
2026-04-17 13:04:52 +02:00
CanbiZ (MickLesk) 4e89480e8c core: wire ENABLE_MKNOD and ALLOW_MOUNT_FS into LXC features (#13796) 2026-04-16 22:23:15 +02:00
CanbiZ (MickLesk) e55fe43e2d core: remove unused TEMP_DIR mktemp leak in build_container / clean sonarqube (#13708)
* fix(core): remove unused TEMP_DIR mktemp leak in build_container

The build_container() function created a temp directory via mktemp -d and
pushd into it, but never popd or rm -rf. The directory was not used for
anything — FUNCTIONS_FILE_PATH is downloaded into a variable, not a file.

Remove the mktemp -d and pushd entirely to eliminate the leak.

* fix(sonarqube): clean up temp file after zip extraction

The SonarQube update function (ct/sonarqube.sh) never deleted the
downloaded zip file (~200-500 MB) from /tmp after extraction. On LXC
containers with 4-8 GB disks, this accumulates with every update and
can eventually fill the disk.

Also add explicit cleanup in the install script instead of relying
solely on cleanup_lxc() pattern matching.
2026-04-13 15:59:42 +02:00
CanbiZ (MickLesk) 9a82ec48b2 tools.func: prevent script crash when entering GitHub token after rate limit (#13638)
* fix(tools): prevent script crash when entering GitHub token after rate limit

fetch_and_deploy_gh_release set attempt=0 after accepting a token, then
immediately ran ((0++)) which evaluates to 0 (falsy) causing exit code 1
and killing the script under set -e.

Fix: set attempt=1 and continue to restart the retry loop cleanly,
giving the full max_retries budget with the new token.

Also fix fetch_and_deploy_codeberg_release: replace ((attempt++)) with
attempt=\ to avoid the same zero-evaluation crash on
the first connection timeout (attempt starts at 0 in that loop).

Fixes #13635

* feat(tools): add var_github_token support with token validation

- Add var_github_token to all VAR_WHITELIST arrays in build.func so the
  token can be set via default.vars, app.vars, or environment variable
- Map var_github_token -> GITHUB_TOKEN in default_var_settings() (env
  variable takes precedence over the var file value)
- Add commented var_github_token example to the default.vars template
- Add validate_github_token() to tools.func:
    * Calls GET /user to verify the token is accepted
    * Reports expiry date from x-oauth-expiry header (fine-grained PATs)
    * Warns when classic PAT is missing public_repo scope
    * Returns distinct exit codes: 0=valid, 1=invalid/expired, 2=no scope, 3=error
- Update prompt_for_github_token():
    * Non-interactive path now picks up var_github_token automatically
    * Interactive path also picks up var_github_token without prompting
    * Validates token immediately after entry; loops until valid or Ctrl+C
2026-04-10 11:28:52 +02:00
CanbiZ (MickLesk) 68b486be92 Add donate & script page badges to descriptions (#13596)
Update LXC and VM description blocks to include donation and script page badges. Introduces script_slug, script_url and donate_url variables (derived from SCRIPT_SLUG or NSAPP/APP, normalized to lowercase and dashed) and uses them to build links. Replaces the old Ko-fi "Buy us a coffee" badge with a generic donate badge and adds an "Open Script Page" badge linking to the script detail page.
2026-04-08 21:40:52 +02:00
CanbiZ (MickLesk) ac3cf75b11 core: improve resilience for top Proxmox error codes (209, 215, 118, 206) (#13575) 2026-04-07 23:10:37 +02:00
CanbiZ (MickLesk) 730176268e APT Proxy: Support full URLs (http/https with custom ports) (#13474)
* APT Proxy: Support full URLs (http/https with custom ports)

* APT Proxy: Add URL validation and update default.vars examples
2026-04-03 21:17:07 +02:00
CanbiZ (MickLesk) 8275531161 fix(build): skip empty gateway value in network config (#13442)
When var_gateway is set to an empty string, the resulting gw= token
in the comma-separated network string causes pct create to fail with
a 'missing key in comma-separated list property' error.

Closes #13421
2026-03-31 23:57:25 +02:00
CanbiZ (MickLesk) d4e20816c7 core: APT/APK Mirror Fallback for CDN Failures (#13316) 2026-03-26 16:53:04 +01:00
CanbiZ (MickLesk) fbe5b57c76 core/tools: replace generic return 1 exit_codes with more specific exit_codes (#13311) 2026-03-26 16:07:38 +01:00
CanbiZ (MickLesk) 42fbf1afc5 core: use /usr/bin/install to prevent function shadowing (#13299) 2026-03-26 10:11:47 +01:00
CanbiZ (MickLesk) 97bf744e96 fix typo (org instead of com) 2026-03-25 17:48:03 +01:00