Update CHANGELOG.md (#9637)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

CHANGELOG.md

@@ -10,8 +10,74 @@
 > [!CAUTION]
 Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit the project's popularity for potentially malicious purposes.
 
+## 2025-12-04
+
+## 2025-12-03
+
+### 🚀 Updated Scripts
+
+  - fix(opnsense-vm): improve script  and add single-interface mode [@AlphaLawless](https://github.com/AlphaLawless) ([#9614](https://github.com/community-scripts/ProxmoxVE/pull/9614))
+
+  - #### 🐞 Bug Fixes
+
+    - Fix Homebridge update detection for Debian 13 DEB822 format [@Copilot](https://github.com/Copilot) ([#9629](https://github.com/community-scripts/ProxmoxVE/pull/9629))
+    - go2rtc: Add WorkingDirectory to go2rtc service configuration [@tremor021](https://github.com/tremor021) ([#9618](https://github.com/community-scripts/ProxmoxVE/pull/9618))
+
+  - #### 🔧 Refactor
+
+    - explicit node versions [@CrazyWolf13](https://github.com/CrazyWolf13) ([#9594](https://github.com/community-scripts/ProxmoxVE/pull/9594))
+
+### 🌐 Website
+
+  - Bump next from 15.5.2 to 15.5.7 in /frontend in the npm_and_yarn group across 1 directory [@dependabot[bot]](https://github.com/dependabot[bot]) ([#9632](https://github.com/community-scripts/ProxmoxVE/pull/9632))
+
+  - #### 📝 Script Information
+
+    - Update logo URL in swizzin.json [@MickLesk](https://github.com/MickLesk) ([#9627](https://github.com/community-scripts/ProxmoxVE/pull/9627))
+
 ## 2025-12-02
 
+### 🆕 New Scripts
+
+  - Snowshare ([#9578](https://github.com/community-scripts/ProxmoxVE/pull/9578))
+
+### 🚀 Updated Scripts
+
+  - NetVisor: patch systemd file to fix new OIDC config [@vhsdream](https://github.com/vhsdream) ([#9562](https://github.com/community-scripts/ProxmoxVE/pull/9562))
+- Refactor: BookStack [@tremor021](https://github.com/tremor021) ([#9567](https://github.com/community-scripts/ProxmoxVE/pull/9567))
+
+  - #### 🐞 Bug Fixes
+
+    - Matterbridge: Fix ExecStart command in service install script to allow childbridge mode [@jonalbr](https://github.com/jonalbr) ([#9603](https://github.com/community-scripts/ProxmoxVE/pull/9603))
+    - Open-webui add .env backup and restore functionality from older versions [@DrDonoso](https://github.com/DrDonoso) ([#9592](https://github.com/community-scripts/ProxmoxVE/pull/9592))
+    - Booklore: Downgrad Java from 25 to 21 [@Pr0mises](https://github.com/Pr0mises) ([#9566](https://github.com/community-scripts/ProxmoxVE/pull/9566))
+
+  - #### ✨ New Features
+
+    - Set Valkey memory and eviction defaults [@pshankinclarke](https://github.com/pshankinclarke) ([#9602](https://github.com/community-scripts/ProxmoxVE/pull/9602))
+    - Add auth via requirepass to Valkey [@pshankinclarke](https://github.com/pshankinclarke) ([#9570](https://github.com/community-scripts/ProxmoxVE/pull/9570))
+
+  - #### 🔧 Refactor
+
+    - Refactor: 2FAuth [@tremor021](https://github.com/tremor021) ([#9582](https://github.com/community-scripts/ProxmoxVE/pull/9582))
+    - Refactor: Paperless-AI [@MickLesk](https://github.com/MickLesk) ([#9588](https://github.com/community-scripts/ProxmoxVE/pull/9588))
+    - Refactor: AdventureLog [@tremor021](https://github.com/tremor021) ([#9583](https://github.com/community-scripts/ProxmoxVE/pull/9583))
+    - CommaFeed: Bump Java and service file [@tremor021](https://github.com/tremor021) ([#9564](https://github.com/community-scripts/ProxmoxVE/pull/9564))
+    - Refactor: Docmost [@tremor021](https://github.com/tremor021) ([#9563](https://github.com/community-scripts/ProxmoxVE/pull/9563))
+    - Cloudflared: Add repo via helper function [@tremor021](https://github.com/tremor021) ([#9565](https://github.com/community-scripts/ProxmoxVE/pull/9565))
+
+### 🧰 Maintenance
+
+  - #### 📝 Documentation
+
+    - add configuration and deployment guides to docs [@MickLesk](https://github.com/MickLesk) ([#9591](https://github.com/community-scripts/ProxmoxVE/pull/9591))
+
+### 🌐 Website
+
+  - #### 📝 Script Information
+
+    - Update category for "Wanderer" [@Lorondos](https://github.com/Lorondos) ([#9607](https://github.com/community-scripts/ProxmoxVE/pull/9607))
+
 ## 2025-12-01
 
 ### 🆕 New Scripts

ct/2fauth.sh

@@ -40,10 +40,7 @@ function update_script() {
     msg_ok "Backup Created"
 
     if ! dpkg -l | grep -q 'php8.3'; then
-      $STD apt-get install -y \
-        lsb-release \
-        gnupg2
-      PHP_VERSION="8.3" PHP_MODULE="common,ctype,fileinfo,mysql,cli" PHP_FPM="YES" setup_php
+      PHP_VERSION="8.3" PHP_MODULE="common,ctype,fileinfo,mysql,cli,tokenizer,dom,redis,session,openssl" PHP_FPM="YES" setup_php
       sed -i 's/php8.2/php8.3/g' /etc/nginx/conf.d/2fauth.conf
     fi
     fetch_and_deploy_gh_release "2fauth" "Bubka/2FAuth"

ct/adventurelog.sh

@@ -48,7 +48,7 @@ function update_script() {
     msg_info "Updating ${APP}"
     cp /opt/adventurelog-backup/backend/server/.env /opt/adventurelog/backend/server/.env
     cp -r /opt/adventurelog-backup/backend/server/media /opt/adventurelog/backend/server/media
-    cd /opt/adventurelog/backend/server || exit
+    cd /opt/adventurelog/backend/server
     if [[ ! -x .venv/bin/python ]]; then
       $STD uv venv .venv
       $STD .venv/bin/python -m ensurepip --upgrade
@@ -59,7 +59,7 @@ function update_script() {
     $STD .venv/bin/python -m manage migrate
 
     cp /opt/adventurelog-backup/frontend/.env /opt/adventurelog/frontend/.env
-    cd /opt/adventurelog/frontend || exit
+    cd /opt/adventurelog/frontend
     $STD pnpm i
     $STD pnpm build
     rm -rf /opt/adventurelog-backup

ct/booklore.sh

@@ -45,7 +45,7 @@ function update_script() {
     $STD npm run build --configuration=production
     msg_ok "Built Frontend"
 
-    JAVA_VERSION="25" setup_java
+    JAVA_VERSION="21" setup_java
 
     msg_info "Building Backend"
     cd /opt/booklore/booklore-api

ct/bookstack.sh

@@ -11,7 +11,7 @@ var_cpu="${var_cpu:-1}"
 var_ram="${var_ram:-1024}"
 var_disk="${var_disk:-4}"
 var_os="${var_os:-debian}"
-var_version="${var_version:-12}"
+var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"
 
 header_info "$APP"

ct/commafeed.sh

@@ -28,6 +28,9 @@ function update_script() {
     msg_error "No ${APP} Installation Found!"
     exit
   fi
+
+  JAVA_VERSION="25" setup_java
+
   if check_for_gh_release "commafeed" "Athou/commafeed"; then
     msg_info "Stopping Service"
     systemctl stop commafeed

ct/domain-locker.sh

@@ -34,7 +34,7 @@ function update_script() {
         msg_info "Service stopped"
 
         PG_VERSION="17" setup_postgresql
-        setup_nodejs
+        NODE_VERSION="22" setup_nodejs
         CLEAN_INSTALL=1 fetch_and_deploy_gh_release "domain-locker" "Lissy93/domain-locker"
 
         msg_info "Installing Modules (patience)"

ct/headers/snowshare

@@ -0,0 +1,6 @@
+   _____                     _____ __                  
+  / ___/____  ____ _      __/ ___// /_  ____ _________ 
+  \__ \/ __ \/ __ \ | /| / /\__ \/ __ \/ __ `/ ___/ _ \
+ ___/ / / / / /_/ / |/ |/ /___/ / / / / /_/ / /  /  __/
+/____/_/ /_/\____/|__/|__//____/_/ /_/\__,_/_/   \___/ 
+                                                       

ct/homebridge.sh

@@ -23,7 +23,7 @@ function update_script() {
   header_info
   check_container_storage
   check_container_resources
-  if [[ ! -f /etc/apt/sources.list.d/homebridge.list ]]; then
+  if ! dpkg -s homebridge >/dev/null 2>&1; then
     msg_error "No ${APP} Installation Found!"
     exit
   fi

ct/librespeed-rust.sh

@@ -30,13 +30,13 @@ function update_script() {
 
   if check_for_gh_release "librespeed-rust" "librespeed/speedtest-rust"; then
     msg_info "Stopping Services"
-    systemctl stop librespeed_rs
+    systemctl stop librespeed-rs
     msg_ok "Services Stopped"
 
     fetch_and_deploy_gh_release "librespeed-rust" "librespeed/speedtest-rust" "binary" "latest" "/opt/librespeed-rust" "librespeed-rs-x86_64-unknown-linux-gnu.deb"
 
     msg_info "Starting Service"
-    systemctl start librespeed_rs
+    systemctl start librespeed-rs
     msg_ok "Started Service"
     msg_ok "Updated successfully!"
   fi

ct/netvisor.sh

@@ -79,6 +79,9 @@ function update_script() {
       -e 's| --server-port |:|' \
       /etc/systemd/system/netvisor-daemon.service
     sed -i '/^  \"server_target.*$/d' /root/.config/daemon/config.json
+    if ! grep -q "WorkingD" /etc/systemd/system/netvisor-server.service; then
+      sed -i '\|simple$|a\WorkingDirectory=/opt/netvisor/backend' /etc/systemd/system/netvisor-server.service
+    fi
     systemctl daemon-reload
 
     msg_info "Starting services"

ct/openwebui.sh

@@ -33,6 +33,7 @@ function update_script() {
     msg_info "Creating Backup"
     mkdir -p /opt/open-webui-backup
     cp -a /opt/open-webui/backend/data /opt/open-webui-backup/data || true
+    cp -a /opt/open-webui/.env /opt/open-webui-backup/.env || true
     msg_ok "Created Backup"
 
     msg_info "Removing legacy installation"
@@ -48,6 +49,7 @@ function update_script() {
     msg_info "Restoring data"
     mkdir -p /root/.open-webui
     cp -a /opt/open-webui-backup/data/* /root/.open-webui/ || true
+    cp -a /opt/open-webui-backup/.env /root/.env || true
     rm -rf /opt/open-webui-backup || true
     msg_ok "Restored data"
 

ct/paperless-ai.sh

@@ -27,58 +27,33 @@ function update_script() {
     msg_error "No ${APP} Installation Found!"
     exit
   fi
-  if ! dpkg -s python3-pip >/dev/null 2>&1; then
-    $STD apt install -y python3-pip
-  fi
-  RELEASE=$(curl -fsSL https://api.github.com/repos/clusterzx/paperless-ai/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
-  if [[ "${RELEASE}" != "$(cat /opt/${APP}_version.txt)" ]] || [[ ! -f /opt/${APP}_version.txt ]]; then
+
+  if check_for_gh_release "paperless-ai" "clusterzx/paperless-ai"; then
     msg_info "Stopping Service"
-    systemctl stop paperless-ai
-    msg_info "Stopped Service"
+    systemctl stop paperless-ai paperless-rag
+    msg_ok "Stopped Service"
 
-    msg_info "Updating $APP to v${RELEASE}"
-    cd /opt
-    mv /opt/paperless-ai /opt/paperless-ai_bak
-    curl -fsSL "https://github.com/clusterzx/paperless-ai/archive/refs/tags/v${RELEASE}.zip" -o $(basename "https://github.com/clusterzx/paperless-ai/archive/refs/tags/v${RELEASE}.zip")
-    $STD unzip v${RELEASE}.zip
-    mv paperless-ai-${RELEASE} /opt/paperless-ai
-    mkdir -p /opt/paperless-ai/data
-    cp -a /opt/paperless-ai_bak/data/. /opt/paperless-ai/data/
+    fetch_and_deploy_gh_release "paperless-ai" "clusterzx/paperless-ai"
+
+    msg_info "Updating Paperless-AI"
     cd /opt/paperless-ai
-    if [[ ! -f /etc/systemd/system/paperless-rag.service ]]; then
-      cat <<EOF >/etc/systemd/system/paperless-rag.service
-[Unit]
-Description=PaperlessAI-RAG Service
-After=network.target
-
-[Service]
-WorkingDirectory=/opt/paperless-ai
-ExecStart=/usr/bin/python3 main.py --host 0.0.0.0 --port 8000 --initialize
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
-EOF
-      echo "RAG_SERVICE_URL=http://localhost:8000" >>/opt/paperless-ai/data/.env
-      echo "RAG_SERVICE_ENABLED=true" >>/opt/paperless-ai/data/.env
-    fi
+    source /opt/paperless-ai/venv/bin/activate
+    $STD pip install --upgrade pip
     $STD pip install --no-cache-dir -r requirements.txt
     mkdir -p data/chromadb
-    $STD npm install
-    rm -rf /opt/v${RELEASE}.zip
-    rm -rf /opt/paperless-ai_bak
-    echo "${RELEASE}" >/opt/${APP}_version.txt
-    msg_ok "Updated $APP to v${RELEASE}"
+    $STD npm ci --only=production
+    msg_ok "Updated Paperless-AI"
 
     msg_info "Starting Service"
+    systemctl start paperless-rag
+    sleep 3
     systemctl start paperless-ai
     msg_ok "Started Service"
     msg_ok "Updated successfully!"
-  else
-    msg_ok "No update required. ${APP} is already at v${RELEASE}"
   fi
   exit
 }
+
 start
 build_container
 description

ct/snowshare.sh

@@ -0,0 +1,60 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2025 community-scripts ORG
+# Author: TuroYT
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/TuroYT/snowshare
+
+APP="SnowShare"
+var_tags="${var_tags:-file-sharing}"
+var_cpu="${var_cpu:-1}"
+var_ram="${var_ram:-1024}"
+var_disk="${var_disk:-5}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+  if [[ ! -d /opt/snowshare ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "snowshare" "TuroYT/snowshare"; then
+    msg_info "Stopping Service"
+    systemctl stop snowshare
+    msg_ok "Stopped Service"
+
+    fetch_and_deploy_gh_release "snowshare" "TuroYT/snowshare"
+
+    msg_info "Updating Snowshare"
+    cd /opt/snowshare
+    $STD npm ci
+    $STD npx prisma generate
+    $STD npm run build
+    msg_ok "Updated Snowshare"
+
+    msg_info "Starting Service"
+    systemctl start snowshare
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"

ct/tracktor.sh

@@ -65,7 +65,7 @@ EOF
     fi
     msg_ok "Corrected Services"
 
-    setup_nodejs
+    NODE_VERSION="22" setup_nodejs
     CLEAN_INSTALL=1 fetch_and_deploy_gh_release "tracktor" "javedh-dev/tracktor" "tarball" "latest" "/opt/tracktor"
 
     msg_info "Updating tracktor"

docs/README.md

@@ -22,7 +22,10 @@ Complete guide to all ProxmoxVE documentation - quickly find what you need.
 → See also: [misc/error_handler.func/](misc/error_handler.func/)
 
 **Configure system defaults**
-→ Read: [DEFAULTS_SYSTEM_GUIDE.md](DEFAULTS_SYSTEM_GUIDE.md)
+→ Read: [guides/DEFAULTS_SYSTEM_GUIDE.md](guides/DEFAULTS_SYSTEM_GUIDE.md)
+
+**Deploy containers automatically**
+→ Read: [guides/UNATTENDED_DEPLOYMENTS.md](guides/UNATTENDED_DEPLOYMENTS.md)
 
 **Develop a function library**
 → Study: [misc/](misc/) documentation
@@ -61,7 +64,8 @@ Complete guide to all ProxmoxVE documentation - quickly find what you need.
 
 **System Operator**
 → Start: [EXIT_CODES.md](EXIT_CODES.md)
-→ Then: [DEFAULTS_SYSTEM_GUIDE.md](DEFAULTS_SYSTEM_GUIDE.md)
+→ Then: [guides/DEFAULTS_SYSTEM_GUIDE.md](guides/DEFAULTS_SYSTEM_GUIDE.md)
+→ Automate: [guides/UNATTENDED_DEPLOYMENTS.md](guides/UNATTENDED_DEPLOYMENTS.md)
 → Debug: [DEV_MODE.md](DEV_MODE.md)
 
 **Architect**
@@ -83,7 +87,8 @@ ProxmoxVE/
 ├─ vm/                ↔ docs/vm/ (README.md)
 ├─ tools/            ↔ docs/tools/ (README.md)
 ├─ api/              ↔ docs/api/ (README.md)
-└─ misc/             ↔ docs/misc/ (9 function libraries)
+├─ misc/             ↔ docs/misc/ (9 function libraries)
+└─ [system-wide]     ↔ docs/guides/ (configuration & deployment guides)
 ```
 
 ### Core Documentation
@@ -94,7 +99,9 @@ ProxmoxVE/
 | [ct/DETAILED_GUIDE.md](ct/DETAILED_GUIDE.md) | Create ct scripts | Container developers |
 | [install/DETAILED_GUIDE.md](install/DETAILED_GUIDE.md) | Create install scripts | Installation developers |
 | [TECHNICAL_REFERENCE.md](TECHNICAL_REFERENCE.md) | Architecture deep-dive | Architects, advanced users |
-| [DEFAULTS_SYSTEM_GUIDE.md](DEFAULTS_SYSTEM_GUIDE.md) | Configuration system | Operators, power users |
+| [guides/DEFAULTS_SYSTEM_GUIDE.md](guides/DEFAULTS_SYSTEM_GUIDE.md) | Configuration system | Operators, power users |
+| [guides/CONFIGURATION_REFERENCE.md](guides/CONFIGURATION_REFERENCE.md) | Configuration options reference | Advanced users |
+| [guides/UNATTENDED_DEPLOYMENTS.md](guides/UNATTENDED_DEPLOYMENTS.md) | Automated deployments | DevOps, automation |
 | [EXIT_CODES.md](EXIT_CODES.md) | Exit code reference | Troubleshooters |
 | [DEV_MODE.md](DEV_MODE.md) | Debugging tools | Developers |
 
@@ -190,7 +197,7 @@ Documentation for `/misc` - 9 core function libraries with complete references.
 
 1. All of Intermediate Path
 2. Study all 9 function libraries in depth
-3. [DEFAULTS_SYSTEM_GUIDE.md](DEFAULTS_SYSTEM_GUIDE.md) - Configuration system
+3. [guides/DEFAULTS_SYSTEM_GUIDE.md](guides/DEFAULTS_SYSTEM_GUIDE.md) - Configuration system
 4. [DEV_MODE.md](DEV_MODE.md) - Debugging and development
 5. Design new features or function libraries
 
@@ -234,7 +241,8 @@ Documentation for `/misc` - 9 core function libraries with complete references.
 
 ### By Role
 - **Contributor** → [contribution/README.md](contribution/README.md)
-- **Operator** → [DEFAULTS_SYSTEM_GUIDE.md](DEFAULTS_SYSTEM_GUIDE.md)
+- **Operator** → [guides/DEFAULTS_SYSTEM_GUIDE.md](guides/DEFAULTS_SYSTEM_GUIDE.md)
+- **Automation** → [guides/UNATTENDED_DEPLOYMENTS.md](guides/UNATTENDED_DEPLOYMENTS.md)
 - **Developer** → [TECHNICAL_REFERENCE.md](TECHNICAL_REFERENCE.md)
 - **Architect** → [misc/README.md](misc/README.md)
 

docs/guides/CONFIGURATION_REFERENCE.md

@@ -0,0 +1,840 @@
+# Configuration Reference
+
+**Complete reference for all configuration variables and options in community-scripts for Proxmox VE.**
+
+---
+
+## Table of Contents
+
+1. [Variable Naming Convention](#variable-naming-convention)
+2. [Complete Variable Reference](#complete-variable-reference)
+3. [Resource Configuration](#resource-configuration)
+4. [Network Configuration](#network-configuration)
+5. [IPv6 Configuration](#ipv6-configuration)
+6. [SSH Configuration](#ssh-configuration)
+7. [Container Features](#container-features)
+8. [Storage Configuration](#storage-configuration)
+9. [Security Settings](#security-settings)
+10. [Advanced Options](#advanced-options)
+11. [Quick Reference Table](#quick-reference-table)
+
+---
+
+## Variable Naming Convention
+
+All configuration variables follow a consistent pattern:
+
+```
+var_<setting>=<value>
+```
+
+**Rules:**
+- ✅ Always starts with `var_`
+- ✅ Lowercase letters only
+- ✅ Underscores for word separation
+- ✅ No spaces around `=`
+- ✅ Values can be quoted if needed
+
+**Examples:**
+```bash
+# ✓ Correct
+var_cpu=4
+var_hostname=myserver
+var_ssh_authorized_key=ssh-rsa AAAA...
+
+# ✗ Wrong
+CPU=4                    # Missing var_ prefix
+var_CPU=4                # Uppercase not allowed
+var_cpu = 4              # Spaces around =
+var-cpu=4                # Hyphens not allowed
+```
+
+---
+
+## Complete Variable Reference
+
+### var_unprivileged
+
+**Type:** Boolean (0 or 1)
+**Default:** `1` (unprivileged)
+**Description:** Determines if container runs unprivileged (recommended) or privileged.
+
+```bash
+var_unprivileged=1    # Unprivileged (safer, recommended)
+var_unprivileged=0    # Privileged (less secure, more features)
+```
+
+**When to use privileged (0):**
+- Hardware access required
+- Certain kernel modules needed
+- Legacy applications
+- Nested virtualization with full features
+
+**Security Impact:**
+- Unprivileged: Container root is mapped to unprivileged user on host
+- Privileged: Container root = host root (security risk)
+
+---
+
+### var_cpu
+
+**Type:** Integer
+**Default:** Varies by app (usually 1-4)
+**Range:** 1 to host CPU count
+**Description:** Number of CPU cores allocated to container.
+
+```bash
+var_cpu=1     # Single core (minimal)
+var_cpu=2     # Dual core (typical)
+var_cpu=4     # Quad core (recommended for apps)
+var_cpu=8     # High performance
+```
+
+**Best Practices:**
+- Start with 2 cores for most applications
+- Monitor usage with `pct exec <id> -- htop`
+- Can be changed after creation
+- Consider host CPU count (don't over-allocate)
+
+---
+
+### var_ram
+
+**Type:** Integer (MB)
+**Default:** Varies by app (usually 512-2048)
+**Range:** 512 MB to host RAM
+**Description:** Amount of RAM in megabytes.
+
+```bash
+var_ram=512      # 512 MB (minimal)
+var_ram=1024     # 1 GB (typical)
+var_ram=2048     # 2 GB (comfortable)
+var_ram=4096     # 4 GB (recommended for databases)
+var_ram=8192     # 8 GB (high memory apps)
+```
+
+**Conversion Guide:**
+```
+512 MB   = 0.5 GB
+1024 MB  = 1 GB
+2048 MB  = 2 GB
+4096 MB  = 4 GB
+8192 MB  = 8 GB
+16384 MB = 16 GB
+```
+
+**Best Practices:**
+- Minimum 512 MB for basic Linux
+- 1 GB for typical applications
+- 2-4 GB for web servers, databases
+- Monitor with `free -h` inside container
+
+---
+
+### var_disk
+
+**Type:** Integer (GB)
+**Default:** Varies by app (usually 2-8)
+**Range:** 0.001 GB to storage capacity
+**Description:** Root disk size in gigabytes.
+
+```bash
+var_disk=2      # 2 GB (minimal OS only)
+var_disk=4      # 4 GB (typical)
+var_disk=8      # 8 GB (comfortable)
+var_disk=20     # 20 GB (recommended for apps)
+var_disk=50     # 50 GB (large applications)
+var_disk=100    # 100 GB (databases, media)
+```
+
+**Important Notes:**
+- Can be expanded after creation (not reduced)
+- Actual space depends on storage type
+- Thin provisioning supported on most storage
+- Plan for logs, data, updates
+
+**Recommended Sizes by Use Case:**
+```
+Basic Linux container:     4 GB
+Web server (Nginx/Apache): 8 GB
+Application server:        10-20 GB
+Database server:          20-50 GB
+Docker host:              30-100 GB
+Media server:             100+ GB
+```
+
+---
+
+### var_hostname
+
+**Type:** String
+**Default:** Application name
+**Max Length:** 63 characters
+**Description:** Container hostname (FQDN format allowed).
+
+```bash
+var_hostname=myserver
+var_hostname=pihole
+var_hostname=docker-01
+var_hostname=web.example.com
+```
+
+**Rules:**
+- Lowercase letters, numbers, hyphens
+- Cannot start or end with hyphen
+- No underscores allowed
+- No spaces
+
+**Best Practices:**
+```bash
+# ✓ Good
+var_hostname=web-server
+var_hostname=db-primary
+var_hostname=app.domain.com
+
+# ✗ Avoid
+var_hostname=Web_Server    # Uppercase, underscore
+var_hostname=-server       # Starts with hyphen
+var_hostname=my server     # Contains space
+```
+
+---
+
+### var_brg
+
+**Type:** String
+**Default:** `vmbr0`
+**Description:** Network bridge interface.
+
+```bash
+var_brg=vmbr0    # Default Proxmox bridge
+var_brg=vmbr1    # Custom bridge
+var_brg=vmbr2    # Isolated network
+```
+
+**Common Setups:**
+```
+vmbr0 → Main network (LAN)
+vmbr1 → Guest network
+vmbr2 → DMZ
+vmbr3 → Management
+vmbr4 → Storage network
+```
+
+**Check available bridges:**
+```bash
+ip link show | grep vmbr
+# or
+brctl show
+```
+
+---
+
+### var_net
+
+**Type:** String
+**Options:** `dhcp` or `static`
+**Default:** `dhcp`
+**Description:** IPv4 network configuration method.
+
+```bash
+var_net=dhcp     # Automatic IP via DHCP
+var_net=static   # Manual IP configuration
+```
+
+**DHCP Mode:**
+- Automatic IP assignment
+- Easy setup
+- Good for development
+- Requires DHCP server on network
+
+**Static Mode:**
+- Fixed IP address
+- Requires gateway configuration
+- Better for servers
+- Configure via advanced settings or after creation
+
+---
+
+### var_gateway
+
+**Type:** IPv4 Address
+**Default:** Auto-detected from host
+**Description:** Network gateway IP address.
+
+```bash
+var_gateway=192.168.1.1
+var_gateway=10.0.0.1
+var_gateway=172.16.0.1
+```
+
+**Auto-detection:**
+If not specified, system detects gateway from host:
+```bash
+ip route | grep default
+```
+
+**When to specify:**
+- Multiple gateways available
+- Custom routing setup
+- Different network segment
+
+---
+
+### var_vlan
+
+**Type:** Integer
+**Range:** 1-4094
+**Default:** None
+**Description:** VLAN tag for network isolation.
+
+```bash
+var_vlan=10      # VLAN 10
+var_vlan=100     # VLAN 100
+var_vlan=200     # VLAN 200
+```
+
+**Common VLAN Schemes:**
+```
+VLAN 10  → Management
+VLAN 20  → Servers
+VLAN 30  → Desktops
+VLAN 40  → Guest WiFi
+VLAN 50  → IoT devices
+VLAN 99  → DMZ
+```
+
+**Requirements:**
+- Switch must support VLANs
+- Proxmox bridge configured for VLAN aware
+- Gateway on same VLAN
+
+---
+
+### var_mtu
+
+**Type:** Integer
+**Default:** `1500`
+**Range:** 68-9000
+**Description:** Maximum Transmission Unit size.
+
+```bash
+var_mtu=1500     # Standard Ethernet
+var_mtu=1492     # PPPoE
+var_mtu=9000     # Jumbo frames
+```
+
+**Common Values:**
+```
+1500 → Standard Ethernet (default)
+1492 → PPPoE connections
+1400 → Some VPN setups
+9000 → Jumbo frames (10GbE networks)
+```
+
+**When to change:**
+- Jumbo frames for performance on 10GbE
+- PPPoE internet connections
+- VPN tunnels with overhead
+- Specific network requirements
+
+---
+
+### var_mac
+
+**Type:** MAC Address
+**Format:** `XX:XX:XX:XX:XX:XX`
+**Default:** Auto-generated
+**Description:** Container MAC address.
+
+```bash
+var_mac=02:00:00:00:00:01
+var_mac=DE:AD:BE:EF:00:01
+```
+
+**When to specify:**
+- MAC-based licensing
+- Static DHCP reservations
+- Network access control
+- Cloning configurations
+
+**Best Practices:**
+- Use locally administered addresses (2nd bit set)
+- Start with `02:`, `06:`, `0A:`, `0E:`
+- Avoid vendor OUIs
+- Document custom MACs
+
+---
+
+### var_ipv6_method
+
+**Type:** String
+**Options:** `auto`, `dhcp`, `static`, `none`, `disable`
+**Default:** `none`
+**Description:** IPv6 configuration method.
+
+```bash
+var_ipv6_method=auto      # SLAAC (auto-configuration)
+var_ipv6_method=dhcp      # DHCPv6
+var_ipv6_method=static    # Manual configuration
+var_ipv6_method=none      # IPv6 enabled but not configured
+var_ipv6_method=disable   # IPv6 completely disabled
+```
+
+**Detailed Options:**
+
+**auto (SLAAC)**
+- Stateless Address Auto-Configuration
+- Router advertisements
+- No DHCPv6 server needed
+- Recommended for most cases
+
+**dhcp (DHCPv6)**
+- Stateful configuration
+- Requires DHCPv6 server
+- More control over addressing
+
+**static**
+- Manual IPv6 address
+- Manual gateway
+- Full control
+
+**none**
+- IPv6 stack active
+- No address configured
+- Can configure later
+
+**disable**
+- IPv6 completely disabled at kernel level
+- Use when IPv6 causes issues
+- Sets `net.ipv6.conf.all.disable_ipv6=1`
+
+---
+
+### var_ns
+
+**Type:** IP Address
+**Default:** Auto (from host)
+**Description:** DNS nameserver IP.
+
+```bash
+var_ns=8.8.8.8           # Google DNS
+var_ns=1.1.1.1           # Cloudflare DNS
+var_ns=9.9.9.9           # Quad9 DNS
+var_ns=192.168.1.1       # Local DNS
+```
+
+**Common DNS Servers:**
+```
+8.8.8.8, 8.8.4.4         → Google Public DNS
+1.1.1.1, 1.0.0.1         → Cloudflare DNS
+9.9.9.9, 149.112.112.112 → Quad9 DNS
+208.67.222.222           → OpenDNS
+192.168.1.1              → Local router/Pi-hole
+```
+
+---
+
+### var_ssh
+
+**Type:** Boolean
+**Options:** `yes` or `no`
+**Default:** `no`
+**Description:** Enable SSH server in container.
+
+```bash
+var_ssh=yes      # SSH server enabled
+var_ssh=no       # SSH server disabled (console only)
+```
+
+**When enabled:**
+- OpenSSH server installed
+- Started on boot
+- Port 22 open
+- Root login allowed
+
+**Security Considerations:**
+- Disable if not needed
+- Use SSH keys instead of passwords
+- Consider non-standard port
+- Firewall rules recommended
+
+---
+
+### var_ssh_authorized_key
+
+**Type:** String (SSH public key)
+**Default:** None
+**Description:** SSH public key for root user.
+
+```bash
+var_ssh_authorized_key=ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC... user@host
+var_ssh_authorized_key=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAA... user@host
+```
+
+**Supported Key Types:**
+- RSA (2048-4096 bits)
+- Ed25519 (recommended)
+- ECDSA
+- DSA (deprecated)
+
+**How to get your public key:**
+```bash
+cat ~/.ssh/id_rsa.pub
+# or
+cat ~/.ssh/id_ed25519.pub
+```
+
+**Multiple keys:**
+Separate with newlines (in file) or use multiple deployments.
+
+---
+
+### var_pw
+
+**Type:** String
+**Default:** Empty (auto-login)
+**Description:** Root password.
+
+```bash
+var_pw=SecurePassword123!    # Set password
+var_pw=                      # Auto-login (empty)
+```
+
+**Auto-login behavior:**
+- No password required for console
+- Automatic login on console access
+- SSH still requires key if enabled
+- Suitable for development
+
+**Password best practices:**
+- Minimum 12 characters
+- Mix upper/lower/numbers/symbols
+- Use password manager
+- Rotate regularly
+
+---
+
+### var_nesting
+
+**Type:** Boolean (0 or 1)
+**Default:** `1`
+**Description:** Allow nested containers (required for Docker).
+
+```bash
+var_nesting=1    # Nested containers allowed
+var_nesting=0    # Nested containers disabled
+```
+
+**Required for:**
+- Docker
+- LXC inside LXC
+- Systemd features
+- Container orchestration
+
+**Security Impact:**
+- Slightly reduced isolation
+- Required for container platforms
+- Generally safe when unprivileged
+
+---
+
+### var_keyctl
+
+**Type:** Boolean (0 or 1)
+**Default:** `0`
+**Description:** Enable keyctl system call.
+
+```bash
+var_keyctl=1     # Keyctl enabled
+var_keyctl=0     # Keyctl disabled
+```
+
+**Required for:**
+- Docker in some configurations
+- Systemd keyring features
+- Encryption key management
+- Some authentication systems
+
+---
+
+### var_fuse
+
+**Type:** Boolean (0 or 1)
+**Default:** `0`
+**Description:** Enable FUSE filesystem support.
+
+```bash
+var_fuse=1       # FUSE enabled
+var_fuse=0       # FUSE disabled
+```
+
+**Required for:**
+- sshfs
+- AppImage
+- Some backup tools
+- User-space filesystems
+
+---
+
+### var_mknod
+
+**Type:** Boolean (0 or 1)
+**Default:** `0`
+**Description:** Allow device node creation.
+
+```bash
+var_mknod=1      # Device nodes allowed
+var_mknod=0      # Device nodes disabled
+```
+
+**Requires:**
+- Kernel 5.3+
+- Experimental feature
+- Use with caution
+
+---
+
+### var_mount_fs
+
+**Type:** String (comma-separated)
+**Default:** Empty
+**Description:** Allowed mountable filesystems.
+
+```bash
+var_mount_fs=nfs
+var_mount_fs=nfs,cifs
+var_mount_fs=ext4,xfs,nfs
+```
+
+**Common Options:**
+```
+nfs      → NFS network shares
+cifs     → SMB/CIFS shares
+ext4     → Ext4 filesystems
+xfs      → XFS filesystems
+btrfs    → Btrfs filesystems
+```
+
+---
+
+### var_protection
+
+**Type:** Boolean
+**Options:** `yes` or `no`
+**Default:** `no`
+**Description:** Prevent accidental deletion.
+
+```bash
+var_protection=yes    # Protected from deletion
+var_protection=no     # Can be deleted normally
+```
+
+**When protected:**
+- Cannot delete via GUI
+- Cannot delete via `pct destroy`
+- Must disable protection first
+- Good for production containers
+
+---
+
+### var_tags
+
+**Type:** String (comma-separated)
+**Default:** `community-script`
+**Description:** Container tags for organization.
+
+```bash
+var_tags=production
+var_tags=production,webserver
+var_tags=dev,testing,temporary
+```
+
+**Best Practices:**
+```bash
+# Environment tags
+var_tags=production
+var_tags=development
+var_tags=staging
+
+# Function tags
+var_tags=webserver,nginx
+var_tags=database,postgresql
+var_tags=cache,redis
+
+# Project tags
+var_tags=project-alpha,frontend
+var_tags=customer-xyz,billing
+
+# Combined
+var_tags=production,webserver,project-alpha
+```
+
+---
+
+### var_timezone
+
+**Type:** String (TZ database format)
+**Default:** Host timezone
+**Description:** Container timezone.
+
+```bash
+var_timezone=Europe/Berlin
+var_timezone=America/New_York
+var_timezone=Asia/Tokyo
+```
+
+**Common Timezones:**
+```
+Europe/London
+Europe/Berlin
+Europe/Paris
+America/New_York
+America/Chicago
+America/Los_Angeles
+Asia/Tokyo
+Asia/Singapore
+Australia/Sydney
+UTC
+```
+
+**List all timezones:**
+```bash
+timedatectl list-timezones
+```
+
+---
+
+### var_verbose
+
+**Type:** Boolean
+**Options:** `yes` or `no`
+**Default:** `no`
+**Description:** Enable verbose output.
+
+```bash
+var_verbose=yes    # Show all commands
+var_verbose=no     # Silent mode
+```
+
+**When enabled:**
+- Shows all executed commands
+- Displays detailed progress
+- Useful for debugging
+- More log output
+
+---
+
+### var_apt_cacher
+
+**Type:** Boolean
+**Options:** `yes` or `no`
+**Default:** `no`
+**Description:** Use APT caching proxy.
+
+```bash
+var_apt_cacher=yes
+var_apt_cacher=no
+```
+
+**Benefits:**
+- Faster package installs
+- Reduced bandwidth
+- Offline package cache
+- Speeds up multiple containers
+
+---
+
+### var_apt_cacher_ip
+
+**Type:** IP Address
+**Default:** None
+**Description:** APT cacher proxy IP.
+
+```bash
+var_apt_cacher=yes
+var_apt_cacher_ip=192.168.1.100
+```
+
+**Setup apt-cacher-ng:**
+```bash
+apt install apt-cacher-ng
+# Runs on port 3142
+```
+
+---
+
+### var_container_storage
+
+**Type:** String
+**Default:** Auto-detected
+**Description:** Storage for container.
+
+```bash
+var_container_storage=local
+var_container_storage=local-zfs
+var_container_storage=pve-storage
+```
+
+**List available storage:**
+```bash
+pvesm status
+```
+
+---
+
+### var_template_storage
+
+**Type:** String
+**Default:** Auto-detected
+**Description:** Storage for templates.
+
+```bash
+var_template_storage=local
+var_template_storage=nfs-templates
+```
+
+---
+
+## Quick Reference Table
+
+| Variable | Type | Default | Example |
+|----------|------|---------|---------|
+| `var_unprivileged` | 0/1 | 1 | `var_unprivileged=1` |
+| `var_cpu` | int | varies | `var_cpu=4` |
+| `var_ram` | int (MB) | varies | `var_ram=4096` |
+| `var_disk` | int (GB) | varies | `var_disk=20` |
+| `var_hostname` | string | app name | `var_hostname=server` |
+| `var_brg` | string | vmbr0 | `var_brg=vmbr1` |
+| `var_net` | dhcp/static | dhcp | `var_net=dhcp` |
+| `var_gateway` | IP | auto | `var_gateway=192.168.1.1` |
+| `var_ipv6_method` | string | none | `var_ipv6_method=disable` |
+| `var_vlan` | int | - | `var_vlan=100` |
+| `var_mtu` | int | 1500 | `var_mtu=9000` |
+| `var_mac` | MAC | auto | `var_mac=02:00:00:00:00:01` |
+| `var_ns` | IP | auto | `var_ns=8.8.8.8` |
+| `var_ssh` | yes/no | no | `var_ssh=yes` |
+| `var_ssh_authorized_key` | string | - | `var_ssh_authorized_key=ssh-rsa...` |
+| `var_pw` | string | empty | `var_pw=password` |
+| `var_nesting` | 0/1 | 1 | `var_nesting=1` |
+| `var_keyctl` | 0/1 | 0 | `var_keyctl=1` |
+| `var_fuse` | 0/1 | 0 | `var_fuse=1` |
+| `var_mknod` | 0/1 | 0 | `var_mknod=1` |
+| `var_mount_fs` | string | - | `var_mount_fs=nfs,cifs` |
+| `var_protection` | yes/no | no | `var_protection=yes` |
+| `var_tags` | string | community-script | `var_tags=prod,web` |
+| `var_timezone` | string | host TZ | `var_timezone=Europe/Berlin` |
+| `var_verbose` | yes/no | no | `var_verbose=yes` |
+| `var_apt_cacher` | yes/no | no | `var_apt_cacher=yes` |
+| `var_apt_cacher_ip` | IP | - | `var_apt_cacher_ip=192.168.1.10` |
+| `var_container_storage` | string | auto | `var_container_storage=local-zfs` |
+| `var_template_storage` | string | auto | `var_template_storage=local` |
+
+---
+
+## See Also
+
+- [Defaults System Guide](DEFAULTS_GUIDE.md)
+- [Unattended Deployments](UNATTENDED_DEPLOYMENTS.md)
+- [Security Best Practices](SECURITY_GUIDE.md)
+- [Network Configuration](NETWORK_GUIDE.md)

docs/guides/README.md

@@ -0,0 +1,58 @@
+# Configuration & Deployment Guides
+
+This directory contains comprehensive guides for configuring and deploying Proxmox VE containers using community-scripts.
+
+## 📚 Available Guides
+
+### [Configuration Reference](CONFIGURATION_REFERENCE.md)
+
+Complete reference for all configuration options, environment variables, and advanced settings available in the build system.
+
+**Topics covered:**
+
+- Container specifications (CPU, RAM, Disk)
+- Network configuration (IPv4/IPv6, VLAN, MTU)
+- Storage selection and management
+- Privilege modes and features
+- OS selection and versions
+
+### [Defaults System Guide](DEFAULTS_SYSTEM_GUIDE.md)
+
+Understanding and customizing default settings for container deployments.
+
+**Topics covered:**
+
+- Default system settings
+- Per-script overrides
+- Custom defaults configuration
+- Environment variable precedence
+
+### [Unattended Deployments](UNATTENDED_DEPLOYMENTS.md)
+
+Automating container deployments without user interaction.
+
+**Topics covered:**
+
+- Environment variable configuration
+- Batch deployments
+- CI/CD integration
+- Scripted installations
+- Pre-configured templates
+
+## 🔗 Related Documentation
+
+- **[CT Scripts Guide](../ct/)** - Container script structure and usage
+- **[Install Scripts Guide](../install/)** - Installation script internals
+- **[API Documentation](../api/)** - API integration and endpoints
+- **[Build Functions](../misc/build.func/)** - Build system functions reference
+- **[Tools Functions](../misc/tools.func/)** - Utility functions reference
+
+## 💡 Quick Start
+
+For most users, start with the **Unattended Deployments** guide to learn how to automate your container setups.
+
+For advanced configuration options, refer to the **Configuration Reference**.
+
+## 🤝 Contributing
+
+If you'd like to improve these guides or add new ones, please see our [Contribution Guide](../contribution/).

docs/guides/UNATTENDED_DEPLOYMENTS.md

@@ -0,0 +1,963 @@
+# Unattended Deployments Guide
+
+Complete guide for automated, zero-interaction container deployments using community-scripts for Proxmox VE.
+
+---
+
+## 🎯 What You'll Learn
+
+This comprehensive guide covers:
+- ✅ Complete automation of container deployments
+- ✅ Zero-interaction installations
+- ✅ Batch deployments (multiple containers)
+- ✅ Infrastructure as Code (Ansible, Terraform)
+- ✅ CI/CD pipeline integration
+- ✅ Error handling and rollback strategies
+- ✅ Production-ready deployment scripts
+- ✅ Security best practices
+
+---
+
+## Table of Contents
+
+1. [Overview](#overview)
+2. [Prerequisites](#prerequisites)
+3. [Deployment Methods](#deployment-methods)
+4. [Single Container Deployment](#single-container-deployment)
+5. [Batch Deployments](#batch-deployments)
+6. [Infrastructure as Code](#infrastructure-as-code)
+7. [CI/CD Integration](#cicd-integration)
+8. [Error Handling](#error-handling)
+9. [Security Considerations](#security-considerations)
+
+---
+
+## Overview
+
+Unattended deployments allow you to:
+- ✅ Deploy containers without manual interaction
+- ✅ Automate infrastructure provisioning
+- ✅ Integrate with CI/CD pipelines
+- ✅ Maintain consistent configurations
+- ✅ Scale deployments across multiple nodes
+
+---
+
+## Prerequisites
+
+### 1. Proxmox VE Access
+```bash
+# Verify you have root access
+whoami  # Should return: root
+
+# Check Proxmox version (8.0+ or 9.0-9.1 required)
+pveversion
+```
+
+### 2. Network Connectivity
+```bash
+# Test GitHub access
+curl -I https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/ct/debian.sh
+
+# Test internet connectivity
+ping -c 1 1.1.1.1
+```
+
+### 3. Storage Available
+```bash
+# List available storage
+pvesm status
+
+# Check free space
+df -h
+```
+
+---
+
+## Deployment Methods
+
+### Method Comparison
+
+| Method | Use Case | Complexity | Flexibility |
+|--------|----------|------------|-------------|
+| **Environment Variables** | Quick one-offs | Low | High |
+| **App Defaults** | Repeat deployments | Low | Medium |
+| **Shell Scripts** | Batch operations | Medium | High |
+| **Ansible** | Infrastructure as Code | High | Very High |
+| **Terraform** | Cloud-native IaC | High | Very High |
+
+---
+
+## Single Container Deployment
+
+### Basic Unattended Deployment
+
+**Simplest form:**
+```bash
+var_hostname=myserver bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/debian.sh)"
+```
+
+### Complete Configuration Example
+
+```bash
+#!/bin/bash
+# deploy-single.sh - Deploy a single container with full configuration
+
+var_unprivileged=1 \
+var_cpu=4 \
+var_ram=4096 \
+var_disk=30 \
+var_hostname=production-app \
+var_brg=vmbr0 \
+var_net=dhcp \
+var_ipv6_method=none \
+var_ssh=yes \
+var_ssh_authorized_key="ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQ... admin@workstation" \
+var_nesting=1 \
+var_tags=production,automated \
+var_protection=yes \
+var_verbose=no \
+  bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/ct/debian.sh)"
+
+echo "✓ Container deployed successfully"
+```
+
+### Using App Defaults
+
+**Step 1: Create defaults once (interactive)**
+```bash
+bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/ct/pihole.sh)"
+# Select "Advanced Settings" → Configure → Save as "App Defaults"
+```
+
+**Step 2: Deploy unattended (uses saved defaults)**
+```bash
+#!/bin/bash
+# deploy-with-defaults.sh
+
+# App defaults are loaded automatically
+bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/ct/pihole.sh)"
+# Script will use /usr/local/community-scripts/defaults/pihole.vars
+```
+
+---
+
+## Batch Deployments
+
+### Deploy Multiple Containers
+
+#### Simple Loop
+
+```bash
+#!/bin/bash
+# batch-deploy-simple.sh
+
+apps=("debian" "ubuntu" "alpine")
+
+for app in "${apps[@]}"; do
+  echo "Deploying $app..."
+  var_hostname="$app-container" \
+  var_cpu=2 \
+  var_ram=2048 \
+    bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/ct/${app}.sh)"
+
+  echo "✓ $app deployed"
+  sleep 5  # Wait between deployments
+done
+```
+
+#### Advanced with Configuration Array
+
+```bash
+#!/bin/bash
+# batch-deploy-advanced.sh - Deploy multiple containers with individual configs
+
+declare -A CONTAINERS=(
+  ["pihole"]="2:1024:8:vmbr0:dns,network"
+  ["homeassistant"]="4:4096:20:vmbr0:automation,ha"
+  ["docker"]="6:8192:50:vmbr1:containers,docker"
+  ["nginx"]="2:2048:10:vmbr0:webserver,proxy"
+)
+
+for app in "${!CONTAINERS[@]}"; do
+  # Parse configuration
+  IFS=':' read -r cpu ram disk bridge tags <<< "${CONTAINERS[$app]}"
+
+  echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+  echo "Deploying: $app"
+  echo "  CPU: $cpu cores"
+  echo "  RAM: $ram MB"
+  echo "  Disk: $disk GB"
+  echo "  Bridge: $bridge"
+  echo "  Tags: $tags"
+  echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+
+  # Deploy container
+  var_unprivileged=1 \
+  var_cpu="$cpu" \
+  var_ram="$ram" \
+  var_disk="$disk" \
+  var_hostname="$app" \
+  var_brg="$bridge" \
+  var_net=dhcp \
+  var_ipv6_method=none \
+  var_ssh=yes \
+  var_tags="$tags,automated" \
+    bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/ct/${app}.sh)" 2>&1 | tee "deploy-${app}.log"
+
+  if [ $? -eq 0 ]; then
+    echo "✓ $app deployed successfully"
+  else
+    echo "✗ $app deployment failed - check deploy-${app}.log"
+  fi
+
+  sleep 5
+done
+
+echo ""
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo "Batch deployment complete!"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+```
+
+#### Parallel Deployment
+
+```bash
+#!/bin/bash
+# parallel-deploy.sh - Deploy multiple containers in parallel
+
+deploy_container() {
+  local app="$1"
+  local cpu="$2"
+  local ram="$3"
+  local disk="$4"
+
+  echo "[$app] Starting deployment..."
+  var_cpu="$cpu" \
+  var_ram="$ram" \
+  var_disk="$disk" \
+  var_hostname="$app" \
+  var_net=dhcp \
+    bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/ct/${app}.sh)" \
+    &> "deploy-${app}.log"
+
+  echo "[$app] ✓ Completed"
+}
+
+# Export function for parallel execution
+export -f deploy_container
+
+# Deploy in parallel (max 3 at a time)
+parallel -j 3 deploy_container ::: \
+  "debian 2 2048 10" \
+  "ubuntu 2 2048 10" \
+  "alpine 1 1024 5" \
+  "pihole 2 1024 8" \
+  "docker 4 4096 30"
+
+echo "All deployments complete!"
+```
+
+---
+
+## Infrastructure as Code
+
+### Ansible Playbook
+
+#### Basic Playbook
+
+```yaml
+---
+# playbook-proxmox.yml
+- name: Deploy ProxmoxVED Containers
+  hosts: proxmox_hosts
+  become: yes
+  tasks:
+    - name: Deploy Debian Container
+      shell: |
+        var_unprivileged=1 \
+        var_cpu=2 \
+        var_ram=2048 \
+        var_disk=10 \
+        var_hostname=debian-{{ inventory_hostname }} \
+        var_net=dhcp \
+        var_ssh=yes \
+        var_tags=ansible,automated \
+        bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/ct/debian.sh)"
+      args:
+        executable: /bin/bash
+      register: deploy_result
+
+    - name: Display deployment result
+      debug:
+        var: deploy_result.stdout_lines
+```
+
+#### Advanced Playbook with Variables
+
+```yaml
+---
+# advanced-playbook.yml
+- name: Deploy Multiple Container Types
+  hosts: proxmox
+  vars:
+    containers:
+      - name: pihole
+        cpu: 2
+        ram: 1024
+        disk: 8
+        tags: "dns,network"
+      - name: homeassistant
+        cpu: 4
+        ram: 4096
+        disk: 20
+        tags: "automation,ha"
+      - name: docker
+        cpu: 6
+        ram: 8192
+        disk: 50
+        tags: "containers,docker"
+
+    ssh_key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
+
+  tasks:
+    - name: Ensure community-scripts directory exists
+      file:
+        path: /usr/local/community-scripts/defaults
+        state: directory
+        mode: '0755'
+
+    - name: Deploy containers
+      shell: |
+        var_unprivileged=1 \
+        var_cpu={{ item.cpu }} \
+        var_ram={{ item.ram }} \
+        var_disk={{ item.disk }} \
+        var_hostname={{ item.name }} \
+        var_brg=vmbr0 \
+        var_net=dhcp \
+        var_ipv6_method=none \
+        var_ssh=yes \
+        var_ssh_authorized_key="{{ ssh_key }}" \
+        var_tags="{{ item.tags }},ansible" \
+        bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/ct/{{ item.name }}.sh)"
+      args:
+        executable: /bin/bash
+      loop: "{{ containers }}"
+      register: deployment_results
+
+    - name: Wait for containers to be ready
+      wait_for:
+        timeout: 60
+
+    - name: Report deployment status
+      debug:
+        msg: "Deployed {{ item.item.name }} - Status: {{ 'Success' if item.rc == 0 else 'Failed' }}"
+      loop: "{{ deployment_results.results }}"
+```
+
+Run with:
+```bash
+ansible-playbook -i inventory.ini advanced-playbook.yml
+```
+
+### Terraform Integration
+
+```hcl
+# main.tf - Deploy containers via Terraform
+
+terraform {
+  required_providers {
+    proxmox = {
+      source = "telmate/proxmox"
+      version = "2.9.14"
+    }
+  }
+}
+
+provider "proxmox" {
+  pm_api_url = "https://proxmox.example.com:8006/api2/json"
+  pm_api_token_id = "terraform@pam!terraform"
+  pm_api_token_secret = var.proxmox_token
+}
+
+resource "null_resource" "deploy_container" {
+  for_each = var.containers
+
+  provisioner "remote-exec" {
+    inline = [
+      "var_unprivileged=1",
+      "var_cpu=${each.value.cpu}",
+      "var_ram=${each.value.ram}",
+      "var_disk=${each.value.disk}",
+      "var_hostname=${each.key}",
+      "var_net=dhcp",
+      "bash -c \"$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/ct/${each.value.template}.sh)\""
+    ]
+
+    connection {
+      type = "ssh"
+      host = var.proxmox_host
+      user = "root"
+      private_key = file("~/.ssh/id_rsa")
+    }
+  }
+}
+
+variable "containers" {
+  type = map(object({
+    template = string
+    cpu = number
+    ram = number
+    disk = number
+  }))
+
+  default = {
+    "pihole" = {
+      template = "pihole"
+      cpu = 2
+      ram = 1024
+      disk = 8
+    }
+    "homeassistant" = {
+      template = "homeassistant"
+      cpu = 4
+      ram = 4096
+      disk = 20
+    }
+  }
+}
+```
+
+---
+
+## CI/CD Integration
+
+### GitHub Actions
+
+```yaml
+# .github/workflows/deploy-container.yml
+name: Deploy Container to Proxmox
+
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+    inputs:
+      container_type:
+        description: 'Container type to deploy'
+        required: true
+        type: choice
+        options:
+          - debian
+          - ubuntu
+          - docker
+          - pihole
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Deploy to Proxmox
+        uses: appleboy/ssh-action@v0.1.10
+        with:
+          host: ${{ secrets.PROXMOX_HOST }}
+          username: root
+          key: ${{ secrets.SSH_PRIVATE_KEY }}
+          script: |
+            var_unprivileged=1 \
+            var_cpu=4 \
+            var_ram=4096 \
+            var_disk=30 \
+            var_hostname=${{ github.event.inputs.container_type }}-ci \
+            var_net=dhcp \
+            var_ssh=yes \
+            var_tags=ci-cd,automated \
+            bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/ct/${{ github.event.inputs.container_type }}.sh)"
+
+      - name: Notify deployment status
+        if: success()
+        run: echo "✓ Container deployed successfully"
+```
+
+### GitLab CI
+
+```yaml
+# .gitlab-ci.yml
+stages:
+  - deploy
+
+deploy_container:
+  stage: deploy
+  image: alpine:latest
+  before_script:
+    - apk add --no-cache openssh-client curl bash
+    - eval $(ssh-agent -s)
+    - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
+    - mkdir -p ~/.ssh
+    - chmod 700 ~/.ssh
+    - ssh-keyscan $PROXMOX_HOST >> ~/.ssh/known_hosts
+  script:
+    - |
+      ssh root@$PROXMOX_HOST << 'EOF'
+        var_unprivileged=1 \
+        var_cpu=4 \
+        var_ram=4096 \
+        var_disk=30 \
+        var_hostname=gitlab-ci-container \
+        var_net=dhcp \
+        var_tags=gitlab-ci,automated \
+        bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/ct/debian.sh)"
+      EOF
+  only:
+    - main
+  when: manual
+```
+
+---
+
+## Error Handling
+
+### Deployment Verification Script
+
+```bash
+#!/bin/bash
+# deploy-with-verification.sh
+
+APP="debian"
+HOSTNAME="production-server"
+MAX_RETRIES=3
+RETRY_COUNT=0
+
+deploy_container() {
+  echo "Attempting deployment (Try $((RETRY_COUNT + 1))/$MAX_RETRIES)..."
+
+  var_unprivileged=1 \
+  var_cpu=4 \
+  var_ram=4096 \
+  var_disk=30 \
+  var_hostname="$HOSTNAME" \
+  var_net=dhcp \
+  var_ssh=yes \
+    bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/ct/${APP}.sh)" 2>&1 | tee deploy.log
+
+  return ${PIPESTATUS[0]}
+}
+
+verify_deployment() {
+  echo "Verifying deployment..."
+
+  # Check if container exists
+  if ! pct list | grep -q "$HOSTNAME"; then
+    echo "✗ Container not found in pct list"
+    return 1
+  fi
+
+  # Check if container is running
+  CTID=$(pct list | grep "$HOSTNAME" | awk '{print $1}')
+  STATUS=$(pct status "$CTID" | awk '{print $2}')
+
+  if [ "$STATUS" != "running" ]; then
+    echo "✗ Container not running (Status: $STATUS)"
+    return 1
+  fi
+
+  # Check network connectivity
+  if ! pct exec "$CTID" -- ping -c 1 1.1.1.1 &>/dev/null; then
+    echo "⚠ Warning: No internet connectivity"
+  fi
+
+  echo "✓ Deployment verified successfully"
+  echo "  Container ID: $CTID"
+  echo "  Status: $STATUS"
+  echo "  IP: $(pct exec "$CTID" -- hostname -I)"
+
+  return 0
+}
+
+# Main deployment loop with retry
+while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do
+  if deploy_container; then
+    if verify_deployment; then
+      echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+      echo "✓ Deployment successful!"
+      echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+      exit 0
+    else
+      echo "✗ Deployment verification failed"
+    fi
+  else
+    echo "✗ Deployment failed"
+  fi
+
+  RETRY_COUNT=$((RETRY_COUNT + 1))
+
+  if [ $RETRY_COUNT -lt $MAX_RETRIES ]; then
+    echo "Retrying in 10 seconds..."
+    sleep 10
+  fi
+done
+
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+echo "✗ Deployment failed after $MAX_RETRIES attempts"
+echo "Check deploy.log for details"
+echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+exit 1
+```
+
+### Rollback on Failure
+
+```bash
+#!/bin/bash
+# deploy-with-rollback.sh
+
+APP="debian"
+HOSTNAME="test-server"
+SNAPSHOT_NAME="pre-deployment"
+
+# Take snapshot of existing container (if exists)
+backup_existing() {
+  EXISTING_CTID=$(pct list | grep "$HOSTNAME" | awk '{print $1}')
+  if [ -n "$EXISTING_CTID" ]; then
+    echo "Creating snapshot of existing container..."
+    pct snapshot "$EXISTING_CTID" "$SNAPSHOT_NAME" --description "Pre-deployment backup"
+    return 0
+  fi
+  return 1
+}
+
+# Deploy new container
+deploy() {
+  var_hostname="$HOSTNAME" \
+  var_cpu=4 \
+  var_ram=4096 \
+    bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/ct/${APP}.sh)"
+  return $?
+}
+
+# Rollback to snapshot
+rollback() {
+  local ctid="$1"
+  echo "Rolling back to snapshot..."
+  pct rollback "$ctid" "$SNAPSHOT_NAME"
+  pct delsnapshot "$ctid" "$SNAPSHOT_NAME"
+}
+
+# Main execution
+backup_existing
+HAD_BACKUP=$?
+
+if deploy; then
+  echo "✓ Deployment successful"
+  [ $HAD_BACKUP -eq 0 ] && echo "You can remove the snapshot with: pct delsnapshot <CTID> $SNAPSHOT_NAME"
+else
+  echo "✗ Deployment failed"
+  if [ $HAD_BACKUP -eq 0 ]; then
+    read -p "Rollback to previous version? (y/N) " -n 1 -r
+    echo
+    if [[ $REPLY =~ ^[Yy]$ ]]; then
+      rollback "$EXISTING_CTID"
+      echo "✓ Rolled back successfully"
+    fi
+  fi
+  exit 1
+fi
+```
+
+---
+
+## Security Considerations
+
+### Secure Deployment Script
+
+```bash
+#!/bin/bash
+# secure-deploy.sh - Production-ready secure deployment
+
+set -euo pipefail  # Exit on error, undefined vars, pipe failures
+
+# Configuration
+readonly APP="debian"
+readonly HOSTNAME="secure-server"
+readonly SSH_KEY_PATH="/root/.ssh/id_rsa.pub"
+readonly LOG_FILE="/var/log/container-deployments.log"
+
+# Logging function
+log() {
+  echo "[$(date +'%Y-%m-%d %H:%M:%S')] $*" | tee -a "$LOG_FILE"
+}
+
+# Validate prerequisites
+validate_environment() {
+  log "Validating environment..."
+
+  # Check if running as root
+  if [ "$EUID" -ne 0 ]; then
+    log "ERROR: Must run as root"
+    exit 1
+  fi
+
+  # Check SSH key exists
+  if [ ! -f "$SSH_KEY_PATH" ]; then
+    log "ERROR: SSH key not found at $SSH_KEY_PATH"
+    exit 1
+  fi
+
+  # Check internet connectivity
+  if ! curl -s --max-time 5 https://github.com &>/dev/null; then
+    log "ERROR: No internet connectivity"
+    exit 1
+  fi
+
+  log "✓ Environment validated"
+}
+
+# Secure deployment
+deploy_secure() {
+  log "Starting secure deployment for $HOSTNAME..."
+
+  SSH_KEY=$(cat "$SSH_KEY_PATH")
+
+  var_unprivileged=1 \
+  var_cpu=4 \
+  var_ram=4096 \
+  var_disk=30 \
+  var_hostname="$HOSTNAME" \
+  var_brg=vmbr0 \
+  var_net=dhcp \
+  var_ipv6_method=disable \
+  var_ssh=yes \
+  var_ssh_authorized_key="$SSH_KEY" \
+  var_nesting=0 \
+  var_keyctl=0 \
+  var_fuse=0 \
+  var_protection=yes \
+  var_tags=production,secure,automated \
+  var_verbose=no \
+    bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/ct/${APP}.sh)" 2>&1 | tee -a "$LOG_FILE"
+
+  if [ ${PIPESTATUS[0]} -eq 0 ]; then
+    log "✓ Deployment successful"
+    return 0
+  else
+    log "✗ Deployment failed"
+    return 1
+  fi
+}
+
+# Main execution
+main() {
+  validate_environment
+
+  if deploy_secure; then
+    log "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    log "Secure deployment completed successfully"
+    log "Container: $HOSTNAME"
+    log "Features: Unprivileged, SSH-only, Protected"
+    log "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    exit 0
+  else
+    log "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    log "Deployment failed - check logs at $LOG_FILE"
+    log "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+    exit 1
+  fi
+}
+
+main "$@"
+```
+
+### SSH Key Management
+
+```bash
+#!/bin/bash
+# deploy-with-ssh-keys.sh - Secure SSH key deployment
+
+# Load SSH keys from multiple sources
+load_ssh_keys() {
+  local keys=()
+
+  # Personal key
+  if [ -f ~/.ssh/id_rsa.pub ]; then
+    keys+=("$(cat ~/.ssh/id_rsa.pub)")
+  fi
+
+  # Team keys
+  if [ -f /etc/ssh/authorized_keys.d/team ]; then
+    while IFS= read -r key; do
+      [ -n "$key" ] && keys+=("$key")
+    done < /etc/ssh/authorized_keys.d/team
+  fi
+
+  # Join keys with newline
+  printf "%s\n" "${keys[@]}"
+}
+
+# Deploy with multiple SSH keys
+SSH_KEYS=$(load_ssh_keys)
+
+var_ssh=yes \
+var_ssh_authorized_key="$SSH_KEYS" \
+var_hostname=multi-key-server \
+  bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/ct/debian.sh)"
+```
+
+---
+
+## Complete Production Example
+
+```bash
+#!/bin/bash
+# production-deploy.sh - Complete production deployment system
+
+set -euo pipefail
+
+#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+# Configuration
+#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+readonly LOG_DIR="/var/log/proxmox-deployments"
+readonly CONFIG_FILE="$SCRIPT_DIR/deployment-config.json"
+
+#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+# Functions
+#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+setup_logging() {
+  mkdir -p "$LOG_DIR"
+  exec 1> >(tee -a "$LOG_DIR/deployment-$(date +%Y%m%d-%H%M%S).log")
+  exec 2>&1
+}
+
+log_info() { echo "[INFO] $(date +'%H:%M:%S') - $*"; }
+log_error() { echo "[ERROR] $(date +'%H:%M:%S') - $*" >&2; }
+log_success() { echo "[SUCCESS] $(date +'%H:%M:%S') - $*"; }
+
+validate_prerequisites() {
+  log_info "Validating prerequisites..."
+
+  [ "$EUID" -eq 0 ] || { log_error "Must run as root"; exit 1; }
+  command -v jq >/dev/null 2>&1 || { log_error "jq not installed"; exit 1; }
+  command -v curl >/dev/null 2>&1 || { log_error "curl not installed"; exit 1; }
+
+  log_success "Prerequisites validated"
+}
+
+deploy_from_config() {
+  local config_file="$1"
+
+  if [ ! -f "$config_file" ]; then
+    log_error "Config file not found: $config_file"
+    return 1
+  fi
+
+  local container_count
+  container_count=$(jq '.containers | length' "$config_file")
+
+  log_info "Deploying $container_count containers from config..."
+
+  for i in $(seq 0 $((container_count - 1))); do
+    local name cpu ram disk app tags
+
+    name=$(jq -r ".containers[$i].name" "$config_file")
+    cpu=$(jq -r ".containers[$i].cpu" "$config_file")
+    ram=$(jq -r ".containers[$i].ram" "$config_file")
+    disk=$(jq -r ".containers[$i].disk" "$config_file")
+    app=$(jq -r ".containers[$i].app" "$config_file")
+    tags=$(jq -r ".containers[$i].tags" "$config_file")
+
+    log_info "Deploying container: $name ($app)"
+
+    var_unprivileged=1 \
+    var_cpu="$cpu" \
+    var_ram="$ram" \
+    var_disk="$disk" \
+    var_hostname="$name" \
+    var_net=dhcp \
+    var_ssh=yes \
+    var_tags="$tags,automated" \
+    var_protection=yes \
+      bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/ct/${app}.sh)"
+
+    if [ $? -eq 0 ]; then
+      log_success "Deployed: $name"
+    else
+      log_error "Failed to deploy: $name"
+    fi
+
+    sleep 5
+  done
+}
+
+generate_report() {
+  log_info "Generating deployment report..."
+
+  echo ""
+  echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+  echo "DEPLOYMENT REPORT"
+  echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+  echo "Time: $(date)"
+  echo ""
+  pct list
+  echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+}
+
+#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+# Main
+#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+main() {
+  setup_logging
+  log_info "Starting production deployment system"
+
+  validate_prerequisites
+  deploy_from_config "$CONFIG_FILE"
+  generate_report
+
+  log_success "Production deployment complete"
+}
+
+main "$@"
+```
+
+**Example config file (deployment-config.json):**
+```json
+{
+  "containers": [
+    {
+      "name": "pihole",
+      "app": "pihole",
+      "cpu": 2,
+      "ram": 1024,
+      "disk": 8,
+      "tags": "dns,network,production"
+    },
+    {
+      "name": "homeassistant",
+      "app": "homeassistant",
+      "cpu": 4,
+      "ram": 4096,
+      "disk": 20,
+      "tags": "automation,ha,production"
+    },
+    {
+      "name": "docker-host",
+      "app": "docker",
+      "cpu": 8,
+      "ram": 16384,
+      "disk": 100,
+      "tags": "containers,docker,production"
+    }
+  ]
+}
+```
+
+---
+
+## See Also
+
+- [Defaults System Guide](DEFAULTS_GUIDE.md)
+- [Configuration Reference](CONFIGURATION_REFERENCE.md)
+- [Security Best Practices](SECURITY_GUIDE.md)
+- [Network Configuration](NETWORK_GUIDE.md)

frontend/package.json

@@ -43,7 +43,7 @@
     "lucide-react": "^0.554.0",
     "mini-svg-data-uri": "^1.4.4",
     "motion": "^12.23.12",
-    "next": "15.5.2",
+    "next": "15.5.7",
     "next-themes": "^0.4.4",
     "nuqs": "^2.4.1",
     "prettier-plugin-organize-imports": "^4.1.0",

frontend/public/json/bookstack.json

@@ -23,7 +23,7 @@
         "ram": 1024,
         "hdd": 4,
         "os": "debian",
-        "version": "12"
+        "version": "13"
       }
     }
   ],
@@ -33,8 +33,12 @@
   },
   "notes": [
     {
-      "text": "Bookstack works only with static ip. If you Change the IP of your LXC, you Need to edit the .env File `nano /opt/bookstack/.env`",
+      "text": "Bookstack works only with static IP. If you change the IP of your LXC, you need to edit the .env file",
       "type": "warning"
+    },
+    {
+      "text": "To see database credentials, type `cat ~/bookstack.creds` in LXC console",
+      "type": "info"
     }
   ]
 }

frontend/public/json/netvisor.json

@@ -10,7 +10,7 @@
   "privileged": false,
   "interface_port": 60072,
   "documentation": "https://github.com/mayanayza/netvisor",
-  "config_path": "/opt/netvisor/.env",
+  "config_path": "/opt/netvisor/.env, OIDC: /opt/netvisor/oidc.toml",
   "website": "https://github.com/mayanayza/netvisor",
   "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons/png/netvisor.png",
   "description": "Automatically discover and visually document network infrastructure",

frontend/public/json/opnsense-vm.json

@@ -15,7 +15,7 @@
   "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@master/webp/opnsense.webp",
   "config_path": "",
   "description": "OPNsense is an open-source firewall and routing platform based on FreeBSD. It provides advanced security features, including intrusion detection, VPN support, traffic shaping, and web filtering, with an intuitive web interface for easy management. Known for its reliability and regular updates, OPNsense is a popular choice for both businesses and home networks.",
-  "disable": true,
+  "disable": false,
   "disable_description": "This script has been temporarily disabled due to installation failures. The OPNsense bootstrap process was not completing successfully, resulting in a plain FreeBSD VM instead of a functional OPNsense installation. The issue is being investigated and the script will be re-enabled once resolved. For more details, see: https://github.com/community-scripts/ProxmoxVE/issues/6183",
   "install_methods": [
     {

frontend/public/json/snowshare.json

@@ -0,0 +1,35 @@
+{
+  "name": "SnowShare",
+  "slug": "snowshare",
+  "categories": [
+    11
+  ],
+  "date_created": "2025-12-02",
+  "type": "ct",
+  "updateable": true,
+  "privileged": false,
+  "interface_port": 3000,
+  "documentation": "https://github.com/TuroYT/snowshare",
+  "config_path": "/opt/snowshare/.env",
+  "website": "https://github.com/TuroYT/snowshare",
+  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@master/png/snowshare.png",
+  "description": "A modern, secure file and link sharing platform built with Next.js, Prisma, and NextAuth. Share URLs, code snippets, and files with customizable expiration, privacy, and QR codes.",
+  "install_methods": [
+    {
+      "type": "default",
+      "script": "ct/snowshare.sh",
+      "resources": {
+        "cpu": 1,
+        "ram": 1024,
+        "hdd": 5,
+        "os": "Debian",
+        "version": "13"
+      }
+    }
+  ],
+  "default_credentials": {
+    "username": null,
+    "password": null
+  },
+  "notes": []
+}

frontend/public/json/swizzin.json

@@ -12,7 +12,7 @@
   "documentation": "https://swizzin.ltd/getting-started",
   "config_path": "/etc/swizzin/",
   "website": "https://swizzin.ltd/",
-  "logo": "https://swizzin.ltd/img/logo-sm.png",
+  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@master/webp/swizzin.webp",
   "description": "Swizzin is a light-weight, modular, and user-friendly seedbox solution for Debian-based servers. It allows for the easy installation and management of a wide variety of applications commonly used for torrenting and media management, such as rTorrent, Sonarr, Radarr, and Plex, all accessible through a command-line utility or a web-based dashboard.",
   "install_methods": [
     {

frontend/public/json/valkey.json

@@ -31,5 +31,10 @@
     "username": null,
     "password": null
   },
-  "notes": []
+  "notes": [
+    {
+      "text": "Show Login Credentials, type `cat ~/valkey.creds` in the LXC console",
+      "type": "info"
+    }
+  ]
 }

frontend/public/json/versions.json

@@ -1,4 +1,289 @@
 [
+  {
+    "name": "LibreTranslate/LibreTranslate",
+    "version": "v1.8.1",
+    "date": "2025-12-03T22:46:51Z"
+  },
+  {
+    "name": "rcourtman/Pulse",
+    "version": "v4.36.2",
+    "date": "2025-12-03T22:46:29Z"
+  },
+  {
+    "name": "HabitRPG/habitica",
+    "version": "v5.42.1",
+    "date": "2025-12-03T22:42:22Z"
+  },
+  {
+    "name": "BerriAI/litellm",
+    "version": "v1.80.5-stable",
+    "date": "2025-12-03T22:09:03Z"
+  },
+  {
+    "name": "Stirling-Tools/Stirling-PDF",
+    "version": "v2.1.0",
+    "date": "2025-12-03T21:29:10Z"
+  },
+  {
+    "name": "danielbrendel/hortusfox-web",
+    "version": "v5.5",
+    "date": "2025-12-03T21:20:30Z"
+  },
+  {
+    "name": "chrisbenincasa/tunarr",
+    "version": "v0.23.0-alpha.28",
+    "date": "2025-12-03T20:32:43Z"
+  },
+  {
+    "name": "gelbphoenix/autocaliweb",
+    "version": "v0.11.1",
+    "date": "2025-12-03T18:24:51Z"
+  },
+  {
+    "name": "home-assistant/core",
+    "version": "2025.12.0",
+    "date": "2025-12-03T18:07:51Z"
+  },
+  {
+    "name": "actualbudget/actual",
+    "version": "v25.12.0",
+    "date": "2025-12-03T17:45:09Z"
+  },
+  {
+    "name": "homarr-labs/homarr",
+    "version": "v1.45.1",
+    "date": "2025-12-03T17:43:51Z"
+  },
+  {
+    "name": "caddyserver/caddy",
+    "version": "v2.11.0-beta.1",
+    "date": "2025-12-03T17:23:02Z"
+  },
+  {
+    "name": "karakeep-app/karakeep",
+    "version": "v0.29.1",
+    "date": "2025-12-03T16:56:18Z"
+  },
+  {
+    "name": "esphome/esphome",
+    "version": "2025.11.3",
+    "date": "2025-12-03T16:37:01Z"
+  },
+  {
+    "name": "AdguardTeam/AdGuardHome",
+    "version": "v0.107.70",
+    "date": "2025-12-03T16:12:15Z"
+  },
+  {
+    "name": "node-red/node-red",
+    "version": "4.1.2",
+    "date": "2025-12-03T16:12:05Z"
+  },
+  {
+    "name": "BookStackApp/BookStack",
+    "version": "v25.11.5",
+    "date": "2025-12-03T14:51:03Z"
+  },
+  {
+    "name": "meilisearch/meilisearch",
+    "version": "latest",
+    "date": "2025-12-03T14:19:01Z"
+  },
+  {
+    "name": "Graylog2/graylog2-server",
+    "version": "6.2.10",
+    "date": "2025-12-03T13:58:32Z"
+  },
+  {
+    "name": "n8n-io/n8n",
+    "version": "n8n@1.121.3",
+    "date": "2025-11-26T14:58:48Z"
+  },
+  {
+    "name": "documenso/documenso",
+    "version": "v2.2.0",
+    "date": "2025-12-03T13:31:11Z"
+  },
+  {
+    "name": "crowdsecurity/crowdsec",
+    "version": "v1.7.3",
+    "date": "2025-10-24T10:51:12Z"
+  },
+  {
+    "name": "kyantech/Palmr",
+    "version": "v3.3.0-beta",
+    "date": "2025-12-03T12:59:19Z"
+  },
+  {
+    "name": "glpi-project/glpi",
+    "version": "11.0.3",
+    "date": "2025-12-03T12:00:17Z"
+  },
+  {
+    "name": "laurent22/joplin",
+    "version": "server-v3.5.1",
+    "date": "2025-12-03T11:56:50Z"
+  },
+  {
+    "name": "SigNoz/signoz",
+    "version": "v0.104.0",
+    "date": "2025-12-03T06:48:38Z"
+  },
+  {
+    "name": "mattermost/mattermost",
+    "version": "v10.11.8",
+    "date": "2025-11-21T17:06:07Z"
+  },
+  {
+    "name": "Jackett/Jackett",
+    "version": "v0.24.399",
+    "date": "2025-12-03T05:55:33Z"
+  },
+  {
+    "name": "openobserve/openobserve",
+    "version": "v0.20.2",
+    "date": "2025-12-03T02:20:57Z"
+  },
+  {
+    "name": "hyperion-project/hyperion.ng",
+    "version": "2.1.1",
+    "date": "2025-06-14T17:45:06Z"
+  },
+  {
+    "name": "jeedom/core",
+    "version": "4.5",
+    "date": "2025-12-03T00:27:06Z"
+  },
+  {
+    "name": "steveiliop56/tinyauth",
+    "version": "v4.1.0",
+    "date": "2025-11-23T12:13:34Z"
+  },
+  {
+    "name": "henrygd/beszel",
+    "version": "v0.17.0",
+    "date": "2025-12-03T00:15:51Z"
+  },
+  {
+    "name": "mealie-recipes/mealie",
+    "version": "v3.6.1",
+    "date": "2025-12-02T23:08:41Z"
+  },
+  {
+    "name": "apache/tomcat",
+    "version": "10.1.50",
+    "date": "2025-12-02T22:59:59Z"
+  },
+  {
+    "name": "open-webui/open-webui",
+    "version": "v0.6.41",
+    "date": "2025-12-02T22:28:58Z"
+  },
+  {
+    "name": "element-hq/synapse",
+    "version": "v1.143.0",
+    "date": "2025-11-25T16:49:54Z"
+  },
+  {
+    "name": "9001/copyparty",
+    "version": "v1.19.21",
+    "date": "2025-12-02T21:48:12Z"
+  },
+  {
+    "name": "globaleaks/globaleaks-whistleblowing-software",
+    "version": "v5.0.86-docker",
+    "date": "2025-12-02T21:16:02Z"
+  },
+  {
+    "name": "influxdata/influxdb",
+    "version": "v2.8.0",
+    "date": "2025-12-02T20:22:32Z"
+  },
+  {
+    "name": "keycloak/keycloak",
+    "version": "26.4.7",
+    "date": "2025-12-01T08:14:11Z"
+  },
+  {
+    "name": "ollama/ollama",
+    "version": "v0.13.1-rc2",
+    "date": "2025-12-02T17:28:41Z"
+  },
+  {
+    "name": "pocketbase/pocketbase",
+    "version": "v0.34.1",
+    "date": "2025-12-02T18:43:50Z"
+  },
+  {
+    "name": "WordPress/WordPress",
+    "version": "6.9",
+    "date": "2025-12-02T18:36:17Z"
+  },
+  {
+    "name": "verdaccio/verdaccio",
+    "version": "v6.2.4",
+    "date": "2025-12-02T17:47:52Z"
+  },
+  {
+    "name": "jenkinsci/jenkins",
+    "version": "jenkins-2.540",
+    "date": "2025-12-02T16:56:49Z"
+  },
+  {
+    "name": "fuma-nama/fumadocs",
+    "version": "fumadocs-ui@16.2.2",
+    "date": "2025-12-02T16:17:30Z"
+  },
+  {
+    "name": "nzbgetcom/nzbget",
+    "version": "v25.4",
+    "date": "2025-10-09T10:27:01Z"
+  },
+  {
+    "name": "gtsteffaniak/filebrowser",
+    "version": "v1.0.3-stable",
+    "date": "2025-12-02T15:21:13Z"
+  },
+  {
+    "name": "Brandawg93/PeaNUT",
+    "version": "v5.19.0",
+    "date": "2025-12-02T14:58:59Z"
+  },
+  {
+    "name": "wazuh/wazuh",
+    "version": "coverity-w49-4.14.2",
+    "date": "2025-12-02T14:01:48Z"
+  },
+  {
+    "name": "tobychui/zoraxy",
+    "version": "v3.3.0-rc3",
+    "date": "2025-12-02T13:45:13Z"
+  },
+  {
+    "name": "docker/compose",
+    "version": "v5.0.0",
+    "date": "2025-12-02T10:33:31Z"
+  },
+  {
+    "name": "prometheus/prometheus",
+    "version": "v3.8.0",
+    "date": "2025-12-02T10:11:05Z"
+  },
+  {
+    "name": "syncthing/syncthing",
+    "version": "v2.0.12",
+    "date": "2025-12-02T08:11:24Z"
+  },
+  {
+    "name": "morpheus65535/bazarr",
+    "version": "v1.5.3",
+    "date": "2025-09-20T12:12:33Z"
+  },
+  {
+    "name": "booklore-app/booklore",
+    "version": "v1.13.1",
+    "date": "2025-12-02T03:59:00Z"
+  },
   {
     "name": "advplyr/audiobookshelf",
     "version": "v2.31.0",
@@ -7,12 +292,7 @@
   {
     "name": "OliveTin/OliveTin",
     "version": "3000.7.0",
-    "date": "2025-12-01T23:18:20Z"
-  },
-  {
-    "name": "rcourtman/Pulse",
-    "version": "v4.36.0",
-    "date": "2025-12-01T23:16:54Z"
+    "date": "2025-12-01T23:29:47Z"
   },
   {
     "name": "paperless-ngx/paperless-ngx",
@@ -29,16 +309,6 @@
     "version": "v0.16.0",
     "date": "2025-12-01T21:35:19Z"
   },
-  {
-    "name": "booklore-app/booklore",
-    "version": "v1.13.0",
-    "date": "2025-12-01T21:04:41Z"
-  },
-  {
-    "name": "n8n-io/n8n",
-    "version": "n8n@1.121.3",
-    "date": "2025-11-26T14:58:48Z"
-  },
   {
     "name": "Koenkk/zigbee2mqtt",
     "version": "2.7.0",
@@ -49,11 +319,6 @@
     "version": "0.24.1",
     "date": "2025-12-01T19:33:30Z"
   },
-  {
-    "name": "home-assistant/core",
-    "version": "2025.11.3",
-    "date": "2025-11-21T17:03:22Z"
-  },
   {
     "name": "prometheus-pve/prometheus-pve-exporter",
     "version": "v3.6.0",
@@ -74,16 +339,6 @@
     "version": "v1.6.6",
     "date": "2025-11-24T15:30:21Z"
   },
-  {
-    "name": "meilisearch/meilisearch",
-    "version": "latest",
-    "date": "2025-12-01T15:53:30Z"
-  },
-  {
-    "name": "Graylog2/graylog2-server",
-    "version": "7.1.0-alpha.1",
-    "date": "2025-12-01T13:04:18Z"
-  },
   {
     "name": "OctoPrint/OctoPrint",
     "version": "1.11.5",
@@ -104,31 +359,11 @@
     "version": "310.6",
     "date": "2025-12-01T09:04:51Z"
   },
-  {
-    "name": "keycloak/keycloak",
-    "version": "26.4.7",
-    "date": "2025-12-01T08:14:11Z"
-  },
-  {
-    "name": "morpheus65535/bazarr",
-    "version": "v1.5.3",
-    "date": "2025-09-20T12:12:33Z"
-  },
-  {
-    "name": "Jackett/Jackett",
-    "version": "v0.24.387",
-    "date": "2025-12-01T05:55:41Z"
-  },
   {
     "name": "photoprism/photoprism",
     "version": "251130-b3068414c",
     "date": "2025-12-01T05:07:31Z"
   },
-  {
-    "name": "openobserve/openobserve",
-    "version": "v0.20.1",
-    "date": "2025-12-01T03:44:13Z"
-  },
   {
     "name": "firefly-iii/firefly-iii",
     "version": "v6.4.9",
@@ -139,16 +374,6 @@
     "version": "v10.11.4",
     "date": "2025-12-01T02:33:37Z"
   },
-  {
-    "name": "steveiliop56/tinyauth",
-    "version": "v4.1.0",
-    "date": "2025-11-23T12:13:34Z"
-  },
-  {
-    "name": "jeedom/core",
-    "version": "4.5",
-    "date": "2025-12-01T00:27:05Z"
-  },
   {
     "name": "recyclarr/recyclarr",
     "version": "v7.5.2",
@@ -159,11 +384,6 @@
     "version": "v2.4.7",
     "date": "2025-11-30T20:59:51Z"
   },
-  {
-    "name": "laurent22/joplin",
-    "version": "server-v3.4.4",
-    "date": "2025-09-25T13:19:26Z"
-  },
   {
     "name": "juanfont/headscale",
     "version": "v0.27.1",
@@ -189,21 +409,6 @@
     "version": "5.1.0.M3",
     "date": "2025-11-30T14:36:37Z"
   },
-  {
-    "name": "chrisbenincasa/tunarr",
-    "version": "v0.23.0-alpha.27",
-    "date": "2025-11-30T14:09:31Z"
-  },
-  {
-    "name": "gtsteffaniak/filebrowser",
-    "version": "v1.1.2-experimental-sqlite-indexing-v2",
-    "date": "2025-11-30T14:08:49Z"
-  },
-  {
-    "name": "fuma-nama/fumadocs",
-    "version": "fumadocs-core@16.2.1",
-    "date": "2025-11-30T11:36:45Z"
-  },
   {
     "name": "healthchecks/healthchecks",
     "version": "v3.13",
@@ -224,16 +429,6 @@
     "version": "4.9.1.90",
     "date": "2025-11-11T01:00:32Z"
   },
-  {
-    "name": "Stirling-Tools/Stirling-PDF",
-    "version": "v2.0.2",
-    "date": "2025-11-29T19:49:03Z"
-  },
-  {
-    "name": "karakeep-app/karakeep",
-    "version": "sdk/v0.29.0",
-    "date": "2025-11-29T18:53:44Z"
-  },
   {
     "name": "ErsatzTV/ErsatzTV",
     "version": "v25.9.0",
@@ -264,11 +459,6 @@
     "version": "v3.4.6",
     "date": "2025-11-29T02:43:00Z"
   },
-  {
-    "name": "homarr-labs/homarr",
-    "version": "v1.45.0",
-    "date": "2025-11-28T19:15:52Z"
-  },
   {
     "name": "Paymenter/Paymenter",
     "version": "v1.4.6",
@@ -289,16 +479,6 @@
     "version": "1.23.6",
     "date": "2025-11-28T03:52:50Z"
   },
-  {
-    "name": "BerriAI/litellm",
-    "version": "v1.80.7-nightly",
-    "date": "2025-11-27T23:19:40Z"
-  },
-  {
-    "name": "esphome/esphome",
-    "version": "2025.11.2",
-    "date": "2025-11-27T23:19:08Z"
-  },
   {
     "name": "go-vikunja/vikunja",
     "version": "v1.0.0-rc0",
@@ -309,51 +489,26 @@
     "version": "v1.7.4",
     "date": "2025-11-27T18:53:28Z"
   },
-  {
-    "name": "verdaccio/verdaccio",
-    "version": "v6.2.3",
-    "date": "2025-11-27T18:25:56Z"
-  },
   {
     "name": "pi-hole/pi-hole",
     "version": "v6.3",
     "date": "2025-11-27T18:12:22Z"
   },
-  {
-    "name": "Brandawg93/PeaNUT",
-    "version": "v5.18.0",
-    "date": "2025-11-27T18:04:51Z"
-  },
   {
     "name": "theonedev/onedev",
     "version": "v13.1.2",
     "date": "2025-11-27T12:48:22Z"
   },
-  {
-    "name": "crowdsecurity/crowdsec",
-    "version": "v1.7.3",
-    "date": "2025-10-24T10:51:12Z"
-  },
   {
     "name": "ipfs/kubo",
     "version": "v0.39.0",
     "date": "2025-11-27T03:47:38Z"
   },
-  {
-    "name": "ollama/ollama",
-    "version": "v0.13.0",
-    "date": "2025-11-19T14:16:07Z"
-  },
   {
     "name": "YunoHost/yunohost",
     "version": "debian/12.1.36",
     "date": "2025-11-27T00:33:48Z"
   },
-  {
-    "name": "jenkinsci/jenkins",
-    "version": "jenkins-2.539",
-    "date": "2025-11-25T16:05:32Z"
-  },
   {
     "name": "gristlabs/grist-core",
     "version": "v1.7.8",
@@ -389,36 +544,11 @@
     "version": "1.1.6",
     "date": "2025-11-26T11:42:59Z"
   },
-  {
-    "name": "tobychui/zoraxy",
-    "version": "v3.3.0-rc2",
-    "date": "2025-11-26T11:42:11Z"
-  },
   {
     "name": "NLnetLabs/unbound",
     "version": "release-1.24.2",
     "date": "2025-11-26T11:22:30Z"
   },
-  {
-    "name": "wazuh/wazuh",
-    "version": "coverity-w48-4.14.2",
-    "date": "2025-11-26T07:57:00Z"
-  },
-  {
-    "name": "SigNoz/signoz",
-    "version": "v0.103.0",
-    "date": "2025-11-26T06:51:12Z"
-  },
-  {
-    "name": "HabitRPG/habitica",
-    "version": "v5.42.0",
-    "date": "2025-11-26T02:01:01Z"
-  },
-  {
-    "name": "BookStackApp/BookStack",
-    "version": "v25.11.4",
-    "date": "2025-11-25T22:26:51Z"
-  },
   {
     "name": "seerr-team/seerr",
     "version": "preview-test-fix-subscriptions",
@@ -444,41 +574,11 @@
     "version": "22.0.3",
     "date": "2025-11-25T17:25:41Z"
   },
-  {
-    "name": "element-hq/synapse",
-    "version": "v1.143.0",
-    "date": "2025-11-25T16:49:54Z"
-  },
   {
     "name": "usememos/memos",
     "version": "v0.25.3",
     "date": "2025-11-25T15:40:41Z"
   },
-  {
-    "name": "open-webui/open-webui",
-    "version": "v0.6.40",
-    "date": "2025-11-25T11:01:46Z"
-  },
-  {
-    "name": "documenso/documenso",
-    "version": "v2.1.0",
-    "date": "2025-11-25T09:48:39Z"
-  },
-  {
-    "name": "mattermost/mattermost",
-    "version": "v10.11.8",
-    "date": "2025-11-21T17:06:07Z"
-  },
-  {
-    "name": "syncthing/syncthing",
-    "version": "v2.0.11",
-    "date": "2025-11-04T08:51:05Z"
-  },
-  {
-    "name": "prometheus/prometheus",
-    "version": "v0.308.0-rc.1",
-    "date": "2025-11-24T19:46:25Z"
-  },
   {
     "name": "TandoorRecipes/recipes",
     "version": "2.3.6",
@@ -519,41 +619,21 @@
     "version": "v4.6.1",
     "date": "2025-11-23T16:42:50Z"
   },
-  {
-    "name": "hyperion-project/hyperion.ng",
-    "version": "2.1.1",
-    "date": "2025-06-14T17:45:06Z"
-  },
   {
     "name": "go-gitea/gitea",
     "version": "v1.25.2",
     "date": "2025-11-22T19:37:02Z"
   },
-  {
-    "name": "nzbgetcom/nzbget",
-    "version": "v25.4",
-    "date": "2025-10-09T10:27:01Z"
-  },
   {
     "name": "TechnitiumSoftware/DnsServer",
     "version": "v14.2.0",
     "date": "2025-11-22T12:54:08Z"
   },
-  {
-    "name": "pocketbase/pocketbase",
-    "version": "v0.34.0",
-    "date": "2025-11-22T09:18:14Z"
-  },
   {
     "name": "TwiN/gatus",
     "version": "v5.33.0",
     "date": "2025-11-21T22:54:49Z"
   },
-  {
-    "name": "gelbphoenix/autocaliweb",
-    "version": "v0.11.0",
-    "date": "2025-11-21T18:42:15Z"
-  },
   {
     "name": "rclone/rclone",
     "version": "v1.72.0",
@@ -644,11 +724,6 @@
     "version": "release-5.1.4",
     "date": "2025-11-19T20:25:37Z"
   },
-  {
-    "name": "influxdata/influxdb",
-    "version": "v2.7.12",
-    "date": "2025-05-29T17:08:26Z"
-  },
   {
     "name": "grafana/grafana",
     "version": "v12.3.0",
@@ -664,11 +739,6 @@
     "version": "2025.5",
     "date": "2025-11-19T14:48:47Z"
   },
-  {
-    "name": "AdguardTeam/AdGuardHome",
-    "version": "v0.107.69",
-    "date": "2025-10-30T15:31:50Z"
-  },
   {
     "name": "jupyter/notebook",
     "version": "v7.5.0",
@@ -744,11 +814,6 @@
     "version": "v1.9.12",
     "date": "2025-11-16T16:14:55Z"
   },
-  {
-    "name": "LibreTranslate/LibreTranslate",
-    "version": "v1.8.0",
-    "date": "2025-11-16T15:54:50Z"
-  },
   {
     "name": "outline/outline",
     "version": "v1.1.0",
@@ -769,16 +834,6 @@
     "version": "4.10.1",
     "date": "2025-11-15T04:36:48Z"
   },
-  {
-    "name": "henrygd/beszel",
-    "version": "v0.16.1",
-    "date": "2025-11-14T22:50:06Z"
-  },
-  {
-    "name": "mealie-recipes/mealie",
-    "version": "v3.5.0",
-    "date": "2025-11-14T16:23:33Z"
-  },
   {
     "name": "zitadel/zitadel",
     "version": "v4.7.0",
@@ -794,11 +849,6 @@
     "version": "1.7.9",
     "date": "2025-11-13T10:26:37Z"
   },
-  {
-    "name": "docker/compose",
-    "version": "v2.40.3",
-    "date": "2025-10-30T09:35:37Z"
-  },
   {
     "name": "pymedusa/Medusa",
     "version": "v1.0.25",
@@ -869,11 +919,6 @@
     "version": "4.0.1-beta.1",
     "date": "2024-12-13T00:16:24Z"
   },
-  {
-    "name": "apache/tomcat",
-    "version": "9.0.112",
-    "date": "2025-11-06T07:49:59Z"
-  },
   {
     "name": "Notifiarr/notifiarr",
     "version": "v0.9.1",
@@ -899,11 +944,6 @@
     "version": "1.5.0",
     "date": "2025-11-05T11:10:20Z"
   },
-  {
-    "name": "glpi-project/glpi",
-    "version": "11.0.2",
-    "date": "2025-11-05T09:55:05Z"
-  },
   {
     "name": "nicolargo/glances",
     "version": "v4.4.1",
@@ -934,21 +974,11 @@
     "version": "v3.0.9",
     "date": "2025-11-04T07:28:45Z"
   },
-  {
-    "name": "actualbudget/actual",
-    "version": "v25.11.0",
-    "date": "2025-11-04T00:32:21Z"
-  },
   {
     "name": "maxdorninger/MediaManager",
     "version": "v1.9.1",
     "date": "2025-11-02T21:14:50Z"
   },
-  {
-    "name": "9001/copyparty",
-    "version": "v1.19.20",
-    "date": "2025-11-02T01:27:38Z"
-  },
   {
     "name": "motioneye-project/motioneye",
     "version": "0.42.1",
@@ -979,11 +1009,6 @@
     "version": "1.0.2",
     "date": "2025-10-30T18:23:23Z"
   },
-  {
-    "name": "danielbrendel/hortusfox-web",
-    "version": "v5.4",
-    "date": "2025-10-30T14:25:23Z"
-  },
   {
     "name": "homebridge/homebridge",
     "version": "v1.11.1",
@@ -1019,11 +1044,6 @@
     "version": "2.0.2",
     "date": "2025-10-22T17:03:54Z"
   },
-  {
-    "name": "kyantech/Palmr",
-    "version": "v3.2.5-beta",
-    "date": "2025-10-21T16:49:14Z"
-  },
   {
     "name": "Part-DB/Part-DB-server",
     "version": "v2.2.1",
@@ -1064,16 +1084,6 @@
     "version": "v2.0.119",
     "date": "2025-10-13T23:15:11Z"
   },
-  {
-    "name": "node-red/node-red",
-    "version": "4.1.1",
-    "date": "2025-10-13T14:23:53Z"
-  },
-  {
-    "name": "globaleaks/globaleaks-whistleblowing-software",
-    "version": "v5.0.85",
-    "date": "2025-10-12T19:55:18Z"
-  },
   {
     "name": "projectsend/projectsend",
     "version": "r1945",
@@ -1094,11 +1104,6 @@
     "version": "v1.5.9",
     "date": "2025-10-06T08:34:01Z"
   },
-  {
-    "name": "WordPress/WordPress",
-    "version": "4.7.31",
-    "date": "2025-09-30T18:00:06Z"
-  },
   {
     "name": "MagicMirrorOrg/MagicMirror",
     "version": "v2.33.0",
@@ -1234,11 +1239,6 @@
     "version": "0.6.25",
     "date": "2025-08-24T08:51:55Z"
   },
-  {
-    "name": "caddyserver/caddy",
-    "version": "v2.10.2",
-    "date": "2025-08-23T03:10:31Z"
-  },
   {
     "name": "ventoy/Ventoy",
     "version": "v1.1.07",

frontend/public/json/wanderer.json

@@ -2,7 +2,7 @@
   "name": "Wanderer",
   "slug": "wanderer",
   "categories": [
-    0
+    24
   ],
   "date_created": "2025-12-01",
   "type": "ct",

install/2fauth-install.sh

@@ -14,43 +14,26 @@ network_check
 update_os
 
 msg_info "Installing Dependencies"
-$STD apt install -y \
-        lsb-release \
-        nginx
+$STD apt install -y nginx
 msg_ok "Installed Dependencies"
 
-PHP_VERSION="8.3" PHP_MODULE="common,ctype,fileinfo,mysql,cli" PHP_FPM="YES" setup_php
+PHP_VERSION="8.3" PHP_MODULE="common,ctype,fileinfo,mysql,cli,tokenizer,dom,redis,session,openssl" PHP_FPM="YES" setup_php
 setup_composer
 setup_mariadb
-
-msg_info "Setting up Database"
-DB_NAME=2fauth_db
-DB_USER=2fauth
-DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
-$STD mariadb -u root -e "CREATE DATABASE $DB_NAME;"
-$STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
-$STD mariadb -u root -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-{
-        echo "2FAuth Credentials"
-        echo "Database User: $DB_USER"
-        echo "Database Password: $DB_PASS"
-        echo "Database Name: $DB_NAME"
-} >>~/2FAuth.creds
-msg_ok "Set up Database"
-
+MARIADB_DB_NAME="2fauth_db" MARIADB_DB_USER="2fauth" setup_mariadb_db
+import_local_ip
 fetch_and_deploy_gh_release "2fauth" "Bubka/2FAuth"
 
 msg_info "Setup 2FAuth"
-cd /opt/2fauth || exit
+cd /opt/2fauth
 cp .env.example .env
-IPADDRESS=$(hostname -I | awk '{print $1}')
-sed -i -e "s|^APP_URL=.*|APP_URL=http://$IPADDRESS|" \
-        -e "s|^DB_CONNECTION=$|DB_CONNECTION=mysql|" \
-        -e "s|^DB_DATABASE=$|DB_DATABASE=$DB_NAME|" \
-        -e "s|^DB_HOST=$|DB_HOST=127.0.0.1|" \
-        -e "s|^DB_PORT=$|DB_PORT=3306|" \
-        -e "s|^DB_USERNAME=$|DB_USERNAME=$DB_USER|" \
-        -e "s|^DB_PASSWORD=$|DB_PASSWORD=$DB_PASS|" .env
+sed -i -e "s|^APP_URL=.*|APP_URL=http://$LOCAL_IP|" \
+  -e "s|^DB_CONNECTION=$|DB_CONNECTION=mysql|" \
+  -e "s|^DB_DATABASE=$|DB_DATABASE=$MARIADB_DB_NAME|" \
+  -e "s|^DB_HOST=$|DB_HOST=127.0.0.1|" \
+  -e "s|^DB_PORT=$|DB_PORT=3306|" \
+  -e "s|^DB_USERNAME=$|DB_USERNAME=$MARIADB_DB_USER|" \
+  -e "s|^DB_PASSWORD=$|DB_PASSWORD=$MARIADB_DB_PASS|" .env
 export COMPOSER_ALLOW_SUPERUSER=1
 $STD composer update --no-plugins --no-scripts
 $STD composer install --no-dev --prefer-dist --no-plugins --no-scripts
@@ -68,7 +51,7 @@ cat <<EOF >/etc/nginx/conf.d/2fauth.conf
 server {
         listen 80;
         root /opt/2fauth/public;
-        server_name $IPADDRESS;
+        server_name $LOCAL_IP;
         index index.php;
         charset utf-8;
 

install/adventurelog-install.sh

@@ -25,38 +25,20 @@ msg_ok "Installed Dependencies"
 PYTHON_VERSION="3.13" setup_uv
 NODE_VERSION="22" NODE_MODULE="pnpm@latest" setup_nodejs
 PG_VERSION="17" PG_MODULES="postgis" setup_postgresql
-
-msg_info "Set up PostgreSQL Database"
-DB_NAME="adventurelog_db"
-DB_USER="adventurelog_user"
-DB_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)"
-SECRET_KEY="$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | cut -c1-32)"
-$STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';"
-$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCODING 'UTF8' TEMPLATE template0;"
-$STD sudo -u postgres psql -c "CREATE EXTENSION IF NOT EXISTS postgis;" $DB_NAME
-$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
-$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET default_transaction_isolation TO 'read committed';"
-$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET timezone TO 'UTC';"
-{
-  echo "AdventureLog-Credentials"
-  echo "AdventureLog Database User: $DB_USER"
-  echo "AdventureLog Database Password: $DB_PASS"
-  echo "AdventureLog Database Name: $DB_NAME"
-  echo "AdventureLog Secret: $SECRET_KEY"
-} >>~/adventurelog.creds
-msg_ok "Set up PostgreSQL"
-
+PG_DB_NAME="adventurelog_db" PG_DB_USER="adventurelog_user" setup_postgresql_db
 fetch_and_deploy_gh_release "adventurelog" "seanmorley15/adventurelog"
+import_local_ip
 
 msg_info "Installing AdventureLog (Patience)"
+SECRET_KEY="$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | cut -c1-32)"
+echo "AdventureLog Secret: $SECRET_KEY" >>~/adventurelog.creds
 DJANGO_ADMIN_USER="djangoadmin"
 DJANGO_ADMIN_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)"
-LOCAL_IP="$(hostname -I | awk '{print $1}')"
 cat <<EOF >/opt/adventurelog/backend/server/.env
 PGHOST='localhost'
-PGDATABASE='${DB_NAME}'
-PGUSER='${DB_USER}'
-PGPASSWORD='${DB_PASS}'
+PGDATABASE='${PG_DB_NAME}'
+PGUSER='${PG_DB_USER}'
+PGPASSWORD='${PG_DB_PASS}'
 SECRET_KEY='${SECRET_KEY}'
 PUBLIC_URL='http://$LOCAL_IP:8000'
 DEBUG=True
@@ -74,7 +56,7 @@ DISABLE_REGISTRATION=False
 # EMAIL_HOST_PASSWORD='password'
 # DEFAULT_FROM_EMAIL='user@example.com'
 EOF
-cd /opt/adventurelog/backend/server || exit
+cd /opt/adventurelog/backend/server
 mkdir -p /opt/adventurelog/backend/server/media
 $STD uv venv /opt/adventurelog/backend/server/.venv
 $STD /opt/adventurelog/backend/server/.venv/bin/python -m ensurepip --upgrade
@@ -88,13 +70,13 @@ PUBLIC_SERVER_URL=http://$LOCAL_IP:8000
 BODY_SIZE_LIMIT=Infinity
 ORIGIN='http://$LOCAL_IP:3000'
 EOF
-cd /opt/adventurelog/frontend || exit
+cd /opt/adventurelog/frontend
 $STD pnpm i
 $STD pnpm build
 msg_ok "Installed AdventureLog"
 
 msg_info "Setting up Django Admin"
-cd /opt/adventurelog/backend/server || exit
+cd /opt/adventurelog/backend/server
 $STD .venv/bin/python -m manage shell <<EOF
 from django.contrib.auth import get_user_model
 UserModel = get_user_model()

install/booklore-install.sh

@@ -18,7 +18,7 @@ $STD apt-get install -y nginx
 msg_ok "Installed Dependencies"
 
 fetch_and_deploy_gh_release "booklore" "booklore-app/BookLore"
-JAVA_VERSION="25" setup_java
+JAVA_VERSION="21" setup_java
 NODE_VERSION="22" setup_nodejs
 setup_mariadb
 setup_yq

install/bookstack-install.sh

@@ -13,42 +13,24 @@ setting_up_container
 network_check
 update_os
 
-msg_info "Installing Dependencies (Patience)"
-$STD apt-get install -y \
-  apache2 \
-  make
+msg_info "Installing Dependencies"
+$STD apt install -y make
 msg_ok "Installed Dependencies"
 
 PHP_MODULE="ldap,tidy,bz2,mysqli" PHP_FPM="YES" PHP_APACHE="YES" PHP_VERSION="8.3" setup_php
-
 setup_composer
 setup_mariadb
-
-msg_info "Setting up Database"
-DB_NAME=bookstack
-DB_USER=bookstack
-DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
-$STD mariadb -u root -e "CREATE DATABASE $DB_NAME;"
-$STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
-$STD mariadb -u root -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-{
-  echo "Bookstack-Credentials"
-  echo "Bookstack Database User: $DB_USER"
-  echo "Bookstack Database Password: $DB_PASS"
-  echo "Bookstack Database Name: $DB_NAME"
-} >>~/bookstack.creds
-msg_ok "Set up database"
-
+MARIADB_DB_NAME="bookstack_db" MARIADB_DB_USER="bookstack_user" setup_mariadb_db
 fetch_and_deploy_gh_release "bookstack" "BookStackApp/BookStack"
-LOCAL_IP="$(hostname -I | awk '{print $1}')"
+import_local_ip
 
 msg_info "Configuring Bookstack (Patience)"
 cd /opt/bookstack
 cp .env.example .env
 sudo sed -i "s|APP_URL=.*|APP_URL=http://$LOCAL_IP|g" /opt/bookstack/.env
-sudo sed -i "s/DB_DATABASE=.*/DB_DATABASE=$DB_NAME/" /opt/bookstack/.env
-sudo sed -i "s/DB_USERNAME=.*/DB_USERNAME=$DB_USER/" /opt/bookstack/.env
-sudo sed -i "s/DB_PASSWORD=.*/DB_PASSWORD=$DB_PASS/" /opt/bookstack/.env
+sudo sed -i "s/DB_DATABASE=.*/DB_DATABASE=$MARIADB_DB_NAME/" /opt/bookstack/.env
+sudo sed -i "s/DB_USERNAME=.*/DB_USERNAME=$MARIADB_DB_USER/" /opt/bookstack/.env
+sudo sed -i "s/DB_PASSWORD=.*/DB_PASSWORD=$MARIADB_DB_PASS/" /opt/bookstack/.env
 $STD composer install --no-dev --no-plugins --no-interaction
 $STD php artisan key:generate --no-interaction --force
 $STD php artisan migrate --no-interaction --force

install/cloudflared-install.sh

@@ -14,16 +14,12 @@ network_check
 update_os
 
 msg_info "Installing Cloudflared"
-mkdir -p --mode=0755 /usr/share/keyrings
-curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg >/usr/share/keyrings/cloudflare-main.gpg
-cat <<EOF >/etc/apt/sources.list.d/cloudflared.sources
-Types: deb
-URIs: https://pkg.cloudflare.com/cloudflared/
-Suites: any
-Components: main
-Signed-By: /usr/share/keyrings/cloudflare-main.gpg
-EOF
-$STD apt update
+setup_deb822_repo \
+  "cloudflared" \
+  "https://pkg.cloudflare.com/cloudflare-main.gpg" \
+  "https://pkg.cloudflare.com/cloudflared/" \
+  "any" \
+  "main"
 $STD apt install -y cloudflared
 msg_ok "Installed Cloudflared"
 

install/commafeed-install.sh

@@ -17,7 +17,7 @@ msg_info "Installing Dependencies"
 $STD apt-get install -y rsync
 msg_ok "Installed Dependencies"
 
-JAVA_VERSION="17" setup_java
+JAVA_VERSION="25" setup_java
 fetch_and_deploy_gh_release "commafeed" "Athou/commafeed" "prebuild" "latest" "/opt/commafeed" "commafeed-*-h2-jvm.zip"
 
 msg_info "Creating Service"
@@ -27,7 +27,7 @@ Description=CommaFeed Service
 After=network.target
 
 [Service]
-ExecStart=java -jar quarkus-run.jar
+ExecStart=java -Xminf0.05 -Xmaxf0.1 -jar quarkus-run.jar
 WorkingDirectory=/opt/commafeed/
 Restart=always
 

install/docmost-install.sh

@@ -16,42 +16,25 @@ update_os
 msg_info "Installing Dependencies"
 $STD apt install -y \
   redis \
-  jq \
   make
 msg_ok "Installed Dependencies"
 
-HOST_IP=$(hostname -I | awk '{print $1}')
 NODE_VERSION="22" NODE_MODULE="pnpm@$(curl -s https://raw.githubusercontent.com/docmost/docmost/main/package.json | jq -r '.packageManager | split("@")[1]')" setup_nodejs
 PG_VERSION="16" setup_postgresql
+PG_DB_NAME="docmost_db" PG_DB_USER="docmost_user" setup_postgresql_db
+import_local_ip
 fetch_and_deploy_gh_release "docmost" "docmost/docmost"
 
-msg_info "Setting up PostgreSQL"
-DB_NAME="docmost_db"
-DB_USER="docmost_user"
-DB_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)"
-$STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';"
-$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCODING 'UTF8' TEMPLATE template0;"
-$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
-$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET default_transaction_isolation TO 'read committed';"
-$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET timezone TO 'UTC'"
-{
-  echo "Docmost-Credentials"
-  echo "Database Name: $DB_NAME"
-  echo "Database User: $DB_USER"
-  echo "Database Password: $DB_PASS"
-} >>~/docmost.creds
-msg_ok "Set up PostgreSQL"
-
 msg_info "Configuring Docmost (Patience)"
 cd /opt/docmost
 mv .env.example .env
 mkdir data
 sed -i -e "s|APP_SECRET=.*|APP_SECRET=$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | cut -c1-32)|" \
-  -e "s|DATABASE_URL=.*|DATABASE_URL=postgres://$DB_USER:$DB_PASS@localhost:5432/$DB_NAME|" \
+  -e "s|DATABASE_URL=.*|DATABASE_URL=\"postgres://$PG_DB_USER:$PG_DB_PASS@localhost:5432/$PG_DB_NAME?schema=public\"|" \
   -e "s|FILE_UPLOAD_SIZE_LIMIT=.*|FILE_UPLOAD_SIZE_LIMIT=50mb|" \
   -e "s|DRAWIO_URL=.*|DRAWIO_URL=https://embed.diagrams.net|" \
   -e "s|DISABLE_TELEMETRY=.*|DISABLE_TELEMETRY=true|" \
-  -e "s|APP_URL=.*|APP_URL=http://$HOST_IP:3000|" \
+  -e "s|APP_URL=.*|APP_URL=http://$LOCAL_IP:3000|" \
   /opt/docmost/.env
 export NODE_OPTIONS="--max-old-space-size=2048"
 $STD pnpm install

install/go2rtc-install.sh

@@ -24,6 +24,7 @@ After=network.target
 [Service]
 Type=simple
 User=root
+WorkingDirectory=/opt/go2rtc
 ExecStart=/opt/go2rtc/go2rtc_linux_amd64
 
 [Install]

install/librespeed-rust-install.sh

@@ -16,7 +16,7 @@ update_os
 fetch_and_deploy_gh_release "librespeed-rust" "librespeed/speedtest-rust" "binary" "latest" "/opt/librespeed-rust" "librespeed-rs-x86_64-unknown-linux-gnu.deb"
 
 msg_info "Enabling Service"
-systemctl enable -q --now speedtest_rs
+systemctl enable -q --now librespeed-rs
 msg_ok "Enabled Service"
 
 motd_ssh

install/matterbridge-install.sh

@@ -15,9 +15,7 @@ update_os
 
 msg_info "Install Matterbridge"
 mkdir -p /root/Matterbridge
-NODE_VERSION="22"
-NODE_MODULE="matterbridge"
-setup_nodejs
+NODE_VERSION="22" NODE_MODULE="matterbridge" setup_nodejs
 msg_ok "Installed Matterbridge"
 
 msg_info "Creating Service"
@@ -28,7 +26,7 @@ After=network-online.target
 
 [Service]
 Type=simple
-ExecStart=matterbridge -bridge -service
+ExecStart=matterbridge -service
 WorkingDirectory=/root/Matterbridge
 StandardOutput=inherit
 StandardError=inherit

install/netvisor-install.sh

@@ -62,15 +62,9 @@ NETVISOR_INTEGRATED_DAEMON_URL=http://127.0.0.1:60073
 # NETVISOR_DISABLE_REGISTRATION=true
 ## - uncomment when using TLS
 # NETVISOR_USE_SECURE_SESSION_COOKIES=true
-
-### - OIDC (optional)
-# NETVISOR_OIDC_ISSUER_URL=
-# NETVISOR_OIDC_CLIENT_ID=
-# NETVISOR_OIDC_CLIENT_SECRET=
-# NETVISOR_OIDC_PROVIDER_NAME=
-# NETVISOR_OIDC_REDIRECT_URL=
-## - Callback URL for reference
-# http://your-netvisor-domain:60072/api/auth/oidc/callback
+## - see https://github.com/imbolc/axum-client-ip?tab=readme-ov-file#configurable-vs-specific-extractors
+## - before uncommenting the below
+# NETVISOR_CLIENT_IP_SOURCE=
 
 ### - SMTP (password reset and notifications - optional)
 # NETVISOR_SMTP_RELAY=smtp.gmail.com:587
@@ -83,6 +77,8 @@ NETVISOR_SERVER_URL=http://127.0.0.1:60072
 NETVISOR_BIND_ADDRESS=0.0.0.0
 NETVISOR_NAME="netvisor-daemon"
 NETVISOR_HEARTBEAT_INTERVAL=30
+
+### - see https://github.com/mayanayza/netvisor/blob/main/docs/CONFIGURATION.md for more options
 EOF
 
 cat <<EOF >/etc/systemd/system/netvisor-server.service
@@ -92,6 +88,7 @@ After=network.target postgresql.service
 
 [Service]
 Type=simple
+WorkingDirectory=/opt/netvisor/backend
 EnvironmentFile=/opt/netvisor/.env
 ExecStart=/usr/bin/netvisor-server
 Restart=always

install/paperless-ai-install.sh

@@ -20,21 +20,27 @@ msg_ok "Installed Dependencies"
 
 msg_info "Installing Python3"
 $STD apt install -y \
-  python3-pip
+  python3-pip \
+  python3-dev \
+  python3-venv
+mkdir -p ~/.config/pip
+cat >~/.config/pip/pip.conf <<EOF
+[global]
+break-system-packages = true
+EOF
 msg_ok "Installed Python3"
 
-setup_nodejs
+NODE_VERSION="22" setup_nodejs
+fetch_and_deploy_gh_release "paperless-ai" "clusterzx/paperless-ai"
 
 msg_info "Setup Paperless-AI"
-cd /opt
-RELEASE=$(curl -fsSL https://api.github.com/repos/clusterzx/paperless-ai/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
-curl -fsSL "https://github.com/clusterzx/paperless-ai/archive/refs/tags/v${RELEASE}.zip" -o "v${RELEASE}.zip"
-$STD unzip v${RELEASE}.zip
-mv paperless-ai-${RELEASE} /opt/paperless-ai
 cd /opt/paperless-ai
+$STD python3 -m venv /opt/paperless-ai/venv
+source /opt/paperless-ai/venv/bin/activate
+$STD pip install --upgrade pip
 $STD pip install --no-cache-dir -r requirements.txt
 mkdir -p data/chromadb
-$STD npm install
+$STD npm ci --only=production
 mkdir -p /opt/paperless-ai/data
 cat <<EOF >/opt/paperless-ai/data/.env
 PAPERLESS_API_URL=
@@ -61,8 +67,6 @@ CUSTOM_MODEL=
 RAG_SERVICE_URL=http://localhost:8000
 RAG_SERVICE_ENABLED=true
 EOF
-rm -rf v${RELEASE}.zip
-echo "${RELEASE}" >"/opt/${APPLICATION}_version.txt"
 msg_ok "Setup Paperless-AI"
 
 msg_info "Creating Service"
@@ -74,7 +78,9 @@ Requires=paperless-rag.service
 
 [Service]
 WorkingDirectory=/opt/paperless-ai
-ExecStart=/usr/bin/npm start
+Environment="NODE_ENV=production"
+EnvironmentFile=/opt/paperless-ai/data/.env
+ExecStart=/usr/bin/node server.js
 Restart=always
 
 [Install]
@@ -88,7 +94,8 @@ After=network.target
 
 [Service]
 WorkingDirectory=/opt/paperless-ai
-ExecStart=/usr/bin/python3 main.py --host 0.0.0.0 --port 8000 --initialize
+EnvironmentFile=/opt/paperless-ai/data/.env
+ExecStart=/opt/paperless-ai/venv/bin/python3 main.py --host 0.0.0.0 --port 8000 --initialize
 Restart=always
 
 [Install]

install/snowshare-install.sh

@@ -0,0 +1,65 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2025 community-scripts ORG
+# Author: TuroYT
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/TuroYT/snowshare
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+NODE_VERSION="22" setup_nodejs
+PG_VERSION="17" setup_postgresql
+PG_DB_USER="snowshare" PG_DB_NAME="snowshare" setup_postgresql_db
+fetch_and_deploy_gh_release "snowshare" "TuroYT/snowshare"
+
+msg_info "Installing SnowShare"
+cd /opt/snowshare
+$STD npm ci
+cat <<EOF >/opt/snowshare.env
+DATABASE_URL="postgresql://$PG_DB_USER:$PG_DB_PASS@localhost:5432/$PG_DB_NAME"
+NEXTAUTH_URL="http://localhost:3000"
+NEXTAUTH_SECRET="$(openssl rand -base64 32)"
+ALLOW_SIGNUP=true
+NODE_ENV=production
+EOF
+set -a
+source /opt/snowshare.env
+set +a
+$STD npx prisma generate
+$STD npx prisma migrate deploy
+$STD npm run build
+cat <<EOF >/etc/systemd/system/snowshare.service
+[Unit]
+Description=SnowShare - Modern File Sharing Platform
+After=network.target postgresql.service
+Requires=postgresql.service
+
+[Service]
+Type=simple
+WorkingDirectory=/opt/snowshare
+EnvironmentFile=/opt/snowshare.env
+ExecStart=/usr/bin/npm start
+Restart=on-failure
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now snowshare
+msg_ok "Installed SnowShare"
+
+msg_info "Setting up Cleanup Cron Job"
+cat <<EOF >/etc/cron.d/snowshare-cleanup
+0 2 * * * root cd /opt/snowshare && /usr/bin/npm run cleanup:expired >> /var/log/snowshare-cleanup.log 2>&1
+EOF
+msg_ok "Set up Cleanup Cron Job"
+
+motd_ssh
+customize
+cleanup_lxc

install/tracktor-install.sh

@@ -13,7 +13,7 @@ setting_up_container
 network_check
 update_os
 
-setup_nodejs
+NODE_VERSION="22" setup_nodejs
 fetch_and_deploy_gh_release "tracktor" "javedh-dev/tracktor" "tarball" "latest" "/opt/tracktor"
 
 msg_info "Configuring Tracktor"

install/valkey-install.sh

@@ -15,8 +15,24 @@ update_os
 
 msg_info "Installing Valkey"
 $STD apt update
-$STD apt install -y valkey
+$STD apt install -y valkey openssl
 sed -i 's/^bind .*/bind 0.0.0.0/' /etc/valkey/valkey.conf
+
+PASS="$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9' | head -c32)"
+echo "requirepass $PASS" >> /etc/valkey/valkey.conf
+echo "$PASS" >~/valkey.creds
+chmod 600 ~/valkey.creds
+
+MEMTOTAL_MB=$(free -m | grep ^Mem: | awk '{print $2}')
+# reserve 25% of a node type's maxmemory value for system use
+MAXMEMORY_MB=$((MEMTOTAL_MB * 75 / 100))
+
+echo "" >> /etc/valkey/valkey.conf
+echo "# Memory-optimized settings for small-scale deployments" >> /etc/valkey/valkey.conf
+echo "maxmemory ${MAXMEMORY_MB}mb" >> /etc/valkey/valkey.conf
+echo "maxmemory-policy allkeys-lru" >> /etc/valkey/valkey.conf
+echo "maxmemory-samples 10" >> /etc/valkey/valkey.conf
+
 systemctl enable -q --now valkey-server
 systemctl restart valkey-server
 msg_ok "Installed Valkey"

vm/opnsense-vm.sh

@@ -9,12 +9,12 @@ source /dev/stdin <<<$(curl -fsSL https://raw.githubusercontent.com/community-sc
 function header_info {
   clear
   cat <<"EOF"
-   ____  ____  _   __                        
-  / __ \/ __ \/ | / /_______  ____  ________ 
+   ____  ____  _   __
+  / __ \/ __ \/ | / /_______  ____  ________
  / / / / /_/ /  |/ / ___/ _ \/ __ \/ ___/ _ \
 / /_/ / ____/ /|  (__  )  __/ / / (__  )  __/
-\____/_/   /_/ |_/____/\___/_/ /_/____/\___/ 
-                                                                         
+\____/_/   /_/ |_/____/\___/_/ /_/____/\___/
+
 EOF
 }
 header_info
@@ -137,7 +137,7 @@ function send_line_to_vm() {
     "U") character="shift-u" ;;
     "V") character="shift-v" ;;
     "W") character="shift-w" ;;
-    "X") character="shift=x" ;;
+    "X") character="shift-x" ;;
     "Y") character="shift-y" ;;
     "Z") character="shift-z" ;;
     "!") character="shift-1" ;;
@@ -156,9 +156,6 @@ function send_line_to_vm() {
   qm sendkey $VMID ret
 }
 
-TEMP_DIR=$(mktemp -d)
-pushd $TEMP_DIR >/dev/null
-
 if (whiptail --backtitle "Proxmox VE Helper Scripts" --title "OPNsense VM" --yesno "This will create a New OPNsense VM. Proceed?" 10 58); then
   :
 else
@@ -278,12 +275,27 @@ function default_settings() {
   fi
   echo -e "${DGN}Using LAN VLAN: ${BGN}Default${CL}"
   echo -e "${DGN}Using LAN MAC Address: ${BGN}${MAC}${CL}"
-  echo -e "${DGN}Using WAN MAC Address: ${BGN}${WAN_MAC}${CL}"
-  if ! grep -q "^iface ${WAN_BRG}" /etc/network/interfaces; then
-    msg_error "Bridge '${WAN_BRG}' does not exist in /etc/network/interfaces"
-    exit
+
+  if NETWORK_MODE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "NETWORK CONFIGURATION" --radiolist --cancel-button Exit-Script \
+    "Choose network setup mode for OPNsense:\n" 14 70 2 \
+    "dual" "Dual Interface (Traditional Firewall/Router)" ON \
+    "single" "Single Interface (Proxy/VPN/IDS Server)" OFF \
+    3>&1 1>&2 2>&3); then
+    if [ "$NETWORK_MODE" = "dual" ]; then
+      echo -e "${DGN}Network Mode: ${BGN}Dual Interface (Firewall)${CL}"
+      echo -e "${DGN}Using WAN MAC Address: ${BGN}${WAN_MAC}${CL}"
+      if ! grep -q "^iface ${WAN_BRG}" /etc/network/interfaces; then
+        msg_error "Bridge '${WAN_BRG}' does not exist in /etc/network/interfaces"
+        exit
+      else
+        echo -e "${DGN}Using WAN Bridge: ${BGN}${WAN_BRG}${CL}"
+      fi
+    else
+      echo -e "${DGN}Network Mode: ${BGN}Single Interface (Proxy/VPN/IDS)${CL}"
+      WAN_BRG=""
+    fi
   else
-    echo -e "${DGN}Using WAN Bridge: ${BGN}${WAN_BRG}${CL}"
+    exit-script
   fi
   echo -e "${DGN}Using Interface MTU Size: ${BGN}Default${CL}"
   echo -e "${DGN}Start VM when completed: ${BGN}yes${CL}"
@@ -359,7 +371,7 @@ function advanced_settings() {
   fi
 
   if VM_NAME=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Set Hostname" 8 58 OPNsense --title "HOSTNAME" --cancel-button Exit-Script 3>&1 1>&2 2>&3); then
-    if [ -z $VM_NAME ]; then
+    if [ -z "$VM_NAME" ]; then
       HN="OPNsense"
     else
       HN=$(echo ${VM_NAME,,} | tr -d ' ')
@@ -370,7 +382,7 @@ function advanced_settings() {
   fi
 
   if CORE_COUNT=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Allocate CPU Cores" 8 58 4 --title "CORE COUNT" --cancel-button Exit-Script 3>&1 1>&2 2>&3); then
-    if [ -z $CORE_COUNT ]; then
+    if [ -z "$CORE_COUNT" ]; then
       CORE_COUNT="2"
     fi
     echo -e "${DGN}Allocated Cores: ${BGN}$CORE_COUNT${CL}"
@@ -566,12 +578,11 @@ fi
 msg_ok "Using ${CL}${BL}$STORAGE${CL} ${GN}for Storage Location."
 msg_ok "Virtual Machine ID is ${CL}${BL}$VMID${CL}."
 msg_info "Retrieving the URL for the OPNsense Qcow2 Disk Image"
-URL=https://download.freebsd.org/releases/VM-IMAGES/14.2-RELEASE/amd64/Latest/FreeBSD-14.2-RELEASE-amd64.qcow2.xz
-sleep 2
-msg_ok "${CL}${BL}${URL}${CL}"
+URL="https://download.freebsd.org/releases/VM-IMAGES/14.2-RELEASE/amd64/Latest/FreeBSD-14.2-RELEASE-amd64.qcow2.xz"
+msg_ok "Download URL: ${CL}${BL}${URL}${CL}"
 curl -f#SL -o "$(basename "$URL")" "$URL"
 echo -en "\e[1A\e[0K"
-FILE=Fressbsd.qcow2
+FILE=FreeBSD.qcow2
 unxz -cv $(basename $URL) >${FILE}
 msg_ok "Downloaded ${CL}${BL}${FILE}${CL}"
 
@@ -623,7 +634,7 @@ DESCRIPTION=$(
       <img src='https://img.shields.io/badge/&#x2615;-Buy us a coffee-blue' alt='spend Coffee' />
     </a>
   </p>
-  
+
   <span style='margin: 0 10px;'>
     <i class="fa fa-github fa-fw" style="color: #f5f5f5;"></i>
     <a href='https://github.com/community-scripts/ProxmoxVE' target='_blank' rel='noopener noreferrer' style='text-decoration: none; color: #00617f;'>GitHub</a>
@@ -652,9 +663,13 @@ qm start $VMID
 sleep 90
 send_line_to_vm "root"
 send_line_to_vm "fetch https://raw.githubusercontent.com/opnsense/update/master/src/bootstrap/opnsense-bootstrap.sh.in"
-qm set $VMID \
-  -net1 virtio,bridge=${WAN_BRG},macaddr=${WAN_MAC} &>/dev/null
-sleep 10
+if [ -n "$WAN_BRG" ]; then
+  msg_info "Adding WAN interface"
+  qm set $VMID \
+    -net1 virtio,bridge=${WAN_BRG},macaddr=${WAN_MAC} &>/dev/null
+  msg_ok "WAN interface added"
+  sleep 5  # Brief pause after adding network interface
+fi
 send_line_to_vm "sh ./opnsense-bootstrap.sh.in -y -f -r 25.1"
 msg_ok "OPNsense VM is being installed, do not close the terminal, or the installation will fail."
 #We need to wait for the OPNsense build proccess to finish, this takes a few minutes
@@ -689,9 +704,9 @@ else
   send_line_to_vm "n"
   send_line_to_vm "n"
 fi
-#we need to wait for the Config changes to be saved
+#Wait for config changes to be saved
 sleep 20
-if [ "$WAN_IP_ADDR" != "" ]; then
+if [ -n "$WAN_BRG" ] && [ "$WAN_IP_ADDR" != "" ]; then
   send_line_to_vm "2"
   send_line_to_vm "2"
   send_line_to_vm "n"