Update logo URL to use WebP format

Add coolify (ct)
Update CHANGELOG.md (#9788 )
2025-12-15 03:33:31 +01:00 · 2025-12-09 09:19:14 +01:00 · 2025-12-09 08:17:46 +00:00 · 2025-12-09 00:13:26 +00:00 · 2025-12-09 01:13:01 +01:00 · 2025-12-08 18:36:34 +00:00
25 changed files with 718 additions and 384 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -10,8 +10,28 @@
 > [!CAUTION]
 Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit the project's popularity for potentially malicious purposes.
 ## 2025-12-09
 ## 2025-12-08
 ### 🚀 Updated Scripts
  - typo: tandoor instead of trandoor [@Neonize](https://github.com/Neonize) ([#9771](https://github.com/community-scripts/ProxmoxVE/pull/9771))
  - #### 🐞 Bug Fixes
    - Tandoor: Remove postgres17-contrib package [@tremor021](https://github.com/tremor021) ([#9781](https://github.com/community-scripts/ProxmoxVE/pull/9781))
  - #### ✨ New Features
    - feat: Add var_gpu flag for GPU passthrough configuration [@MickLesk](https://github.com/MickLesk) ([#9764](https://github.com/community-scripts/ProxmoxVE/pull/9764))
 ### 💾 Core
  - #### 🐞 Bug Fixes
    - fix: always show SSH access dialog in advanced settings [@MickLesk](https://github.com/MickLesk) ([#9765](https://github.com/community-scripts/ProxmoxVE/pull/9765))
 ## 2025-12-07
 ### 🚀 Updated Scripts
--- a/ct/channels.sh
+++ b/ct/channels.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-8}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-12}"
 var_unprivileged="${var_unprivileged:-0}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
@ -38,4 +39,4 @@ description
 msg_ok "Completed Successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8089${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8089${CL}"
--- a/ct/coolify.sh
+++ b/ct/coolify.sh
@ -0,0 +1,46 @@
 #!/usr/bin/env bash
 source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
 # Copyright (c) 2021-2025 community-scripts ORG
 # Author: MickLesk (CanbiZ)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://coolify.io/
 APP="Coolify"
 var_tags="${var_tags:-docker;paas}"
 var_cpu="${var_cpu:-2}"
 var_ram="${var_ram:-4096}"
 var_disk="${var_disk:-30}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"
 header_info "$APP"
 variables
 color
 catch_errors
 function update_script() {
  header_info
  check_container_storage
  check_container_resources
  if [[ ! -d /data/coolify ]]; then
    msg_error "No ${APP} Installation Found!"
    exit
  fi
  msg_info "Updating Coolify"
  $STD bash <(curl -fsSL https://cdn.coollabs.io/coolify/install.sh)
  msg_ok "Updated Coolify"
  msg_ok "Updated successfully!"
  exit
 }
 start
 build_container
 description
 msg_ok "Completed Successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Access it using the following URL:${CL}"
 echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8000${CL}"
--- a/ct/emby.sh
+++ b/ct/emby.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-8}"
 var_os="${var_os:-ubuntu}"
 var_version="${var_version:-24.04}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/ersatztv.sh
+++ b/ct/ersatztv.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-5}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-12}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/fileflows.sh
+++ b/ct/fileflows.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-8}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-12}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/frigate.sh
+++ b/ct/frigate.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-20}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-11}"
 var_unprivileged="${var_unprivileged:-0}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
@ -38,4 +39,4 @@ description
 msg_ok "Completed Successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:5000${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:5000${CL}"
--- a/ct/immich.sh
+++ b/ct/immich.sh
@ -13,6 +13,7 @@ var_ram="${var_ram:-4096}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/jellyfin.sh
+++ b/ct/jellyfin.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-16}"
 var_os="${var_os:-ubuntu}"
 var_version="${var_version:-24.04}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/ollama.sh
+++ b/ct/ollama.sh
@ -12,6 +12,7 @@ var_ram="${var_ram:-4096}"
 var_disk="${var_disk:-35}"
 var_os="${var_os:-ubuntu}"
 var_version="${var_version:-24.04}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/openwebui.sh
+++ b/ct/openwebui.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-25}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/plex.sh
+++ b/ct/plex.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-8}"
 var_os="${var_os:-ubuntu}"
 var_version="${var_version:-24.04}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
@ -23,8 +24,8 @@ function update_script() {
  header_info
  check_container_storage
  check_container_resources
-  if [[ ! -f /etc/apt/sources.list.d/plexmediaserver.list ]] \
+  if [[ ! -f /etc/apt/sources.list.d/plexmediaserver.list ]] &&
-   && [[ ! -f /etc/apt/sources.list.d/plexmediaserver.sources ]]; then
+    [[ ! -f /etc/apt/sources.list.d/plexmediaserver.sources ]]; then
    msg_error "No ${APP} Installation Found!"
    exit
  fi
--- a/ct/tandoor.sh
+++ b/ct/tandoor.sh
@ -55,7 +55,7 @@ function update_script() {
    cd /opt/tandoor/vue3
    $STD yarn install
    $STD yarn build
-    TANDOOR_VERSION="$(curl -fsSL https://api.github.com/repos/TandoorRecipes/recipes/releases/latest | jq -r .tag_name)"
+    TANDOOR_VERSION=$(get_latest_github_release "TandoorRecipes/recipes")
    cat <<EOF >/opt/tandoor/cookbook/version_info.py
 TANDOOR_VERSION = "$TANDOOR_VERSION"
 TANDOOR_REF = "bare-metal"
@ -65,7 +65,7 @@ EOF
    $STD /opt/tandoor/.venv/bin/python manage.py migrate
    $STD /opt/tandoor/.venv/bin/python manage.py collectstatic --no-input
    rm -rf /opt/tandoor.bak
-    msg_ok "Updated Trandoor"
+    msg_ok "Updated Tandoor"
    msg_info "Starting Service"
    systemctl start tandoor
--- a/ct/tdarr.sh
+++ b/ct/tdarr.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-4}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/tunarr.sh
+++ b/ct/tunarr.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-5}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/unmanic.sh
+++ b/ct/unmanic.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-4}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-0}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/docs/TECHNICAL_REFERENCE.md
+++ b/docs/TECHNICAL_REFERENCE.md
@ -1,8 +1,8 @@
 # Technical Reference: Configuration System Architecture
 > **For Developers and Advanced Users**
-> 
+>
-> *Deep dive into how the defaults and configuration system works*
+> _Deep dive into how the defaults and configuration system works_
 ---
@ -123,13 +123,13 @@ VAR_VALUE  := [^\n]*  # Any printable characters except newline
 **Constraints**:
-| Constraint | Value |
+| Constraint        | Value                    |
-|-----------|-------|
+| ----------------- | ------------------------ |
-| Max file size | 64 KB |
+| Max file size     | 64 KB                    |
-| Max line length | 1024 bytes |
+| Max line length   | 1024 bytes               |
-| Max variables | 100 |
+| Max variables     | 100                      |
-| Allowed var names | `var_[a-z_]+` |
+| Allowed var names | `var_[a-z_]+`            |
-| Value validation | Whitelist + Sanitization |
+| Value validation  | Whitelist + Sanitization |
 **Example Valid File**:
@ -206,21 +206,24 @@ var_tags=dns,pihole
 **Purpose**: Safely load variables from .vars files without using `source` or `eval`
 **Signature**:
 ```bash
 load_vars_file(filepath)
 ```
 **Parameters**:
-| Param | Type | Required | Example |
+| Param    | Type   | Required | Example                                     |
-|-------|------|----------|---------|
+| -------- | ------ | -------- | ------------------------------------------- |
-| filepath | String | Yes | `/usr/local/community-scripts/default.vars` |
+| filepath | String | Yes      | `/usr/local/community-scripts/default.vars` |
 **Returns**:
 - `0` on success
 - `1` on error (file missing, parse error, etc.)
 **Environment Side Effects**:
 - Sets all parsed `var_*` variables as shell variables
 - Does NOT unset variables if file missing (safe)
 - Does NOT affect other variables
@ -230,25 +233,25 @@ load_vars_file(filepath)
 ```bash
 load_vars_file() {
  local file="$1"
-  
+
  # File must exist
  [ -f "$file" ] || return 0
-  
+
  # Parse line by line (not with source/eval)
  local line key val
  while IFS='=' read -r key val || [ -n "$key" ]; do
    # Skip comments and empty lines
    [[ "$key" =~ ^[[:space:]]*# ]] && continue
    [[ -z "$key" ]] && continue
-    
+
    # Validate key is in whitelist
    _is_whitelisted_key "$key" || continue
-    
+
    # Sanitize and export value
    val="$(_sanitize_value "$val")"
    [ $? -eq 0 ] && export "$key=$val"
  done < "$file"
-  
+
  return 0
 }
 ```
@ -281,6 +284,7 @@ echo "Allocating ${var_ram} MB RAM"
 **Purpose**: Get the full path for app-specific defaults file
 **Signature**:
 ```bash
 get_app_defaults_path()
 ```
@ -288,6 +292,7 @@ get_app_defaults_path()
 **Parameters**: None
 **Returns**:
 - String: Full path to app defaults file
 **Implementation**:
@ -322,6 +327,7 @@ load_vars_file "$(get_app_defaults_path)"
 **Purpose**: Load and display user global defaults
 **Signature**:
 ```bash
 default_var_settings()
 ```
@ -329,6 +335,7 @@ default_var_settings()
 **Parameters**: None
 **Returns**:
 - `0` on success
 - `1` on error
@ -337,15 +344,15 @@ default_var_settings()
 ```
 1. Find default.vars location
   (usually /usr/local/community-scripts/default.vars)
-   
+
 2. Create if missing
-   
+
 3. Load variables from file
-   
+
 4. Map var_verbose → VERBOSE variable
-   
+
 5. Call base_settings (apply to container config)
-   
+
 6. Call echo_default (display summary)
 ```
@ -354,20 +361,20 @@ default_var_settings()
 ```bash
 default_var_settings() {
  local VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu
    var_gateway var_hostname var_ipv6_method var_mac var_mtu
    var_net var_ns var_pw var_ram var_tags var_tun var_unprivileged
    var_verbose var_vlan var_ssh var_ssh_authorized_key
    var_container_storage var_template_storage
  )
-  
+
  # Ensure file exists
  _ensure_default_vars
-  
+
  # Find and load
  local dv="$(_find_default_vars)"
  load_vars_file "$dv"
-  
+
  # Map verbose flag
  if [[ -n "${var_verbose:-}" ]]; then
    case "${var_verbose,,}" in
@ -375,7 +382,7 @@ default_var_settings() {
      *) VERBOSE="${var_verbose}" ;;
    esac
  fi
-  
+
  # Apply and display
  base_settings "$VERBOSE"
  echo_default
@ -389,6 +396,7 @@ default_var_settings() {
 **Purpose**: Offer to save current settings as app-specific defaults
 **Signature**:
 ```bash
 maybe_offer_save_app_defaults()
 ```
@ -413,10 +421,10 @@ maybe_offer_save_app_defaults()
 ```bash
 maybe_offer_save_app_defaults() {
  local app_vars_path="$(get_app_defaults_path)"
-  
+
  # Build current settings from memory
  local new_tmp="$(_build_current_app_vars_tmp)"
-  
+
  # Check if already exists
  if [ -f "$app_vars_path" ]; then
    # Show diff and ask: Update? Keep? View Diff?
@ -438,29 +446,31 @@ maybe_offer_save_app_defaults() {
 **Purpose**: Remove dangerous characters/patterns from configuration values
 **Signature**:
 ```bash
 _sanitize_value(value)
 ```
 **Parameters**:
-| Param | Type | Required |
+| Param | Type   | Required |
-|-------|------|----------|
+| ----- | ------ | -------- |
-| value | String | Yes |
+| value | String | Yes      |
 **Returns**:
 - `0` (success) + sanitized value on stdout
 - `1` (failure) + nothing if dangerous
 **Dangerous Patterns**:
-| Pattern | Threat | Example |
+| Pattern   | Threat               | Example              |
-|---------|--------|---------|
+| --------- | -------------------- | -------------------- |
-| `$(...)` | Command substitution | `$(rm -rf /)` |
+| `$(...)`  | Command substitution | `$(rm -rf /)`        |
-| `` ` ` `` | Command substitution | `` `whoami` `` |
+| `` ` ` `` | Command substitution | `` `whoami` ``       |
-| `;` | Command separator | `value; rm -rf /` |
+| `;`       | Command separator    | `value; rm -rf /`    |
-| `&` | Background execution | `value & malicious` |
+| `&`       | Background execution | `value & malicious`  |
-| `<(` | Process substitution | `<(cat /etc/passwd)` |
+| `<(`      | Process substitution | `<(cat /etc/passwd)` |
 **Implementation**:
@ -501,17 +511,19 @@ fi
 **Purpose**: Check if variable name is in allowed whitelist
 **Signature**:
 ```bash
 _is_whitelisted_key(key)
 ```
 **Parameters**:
-| Param | Type | Required | Example |
+| Param | Type   | Required | Example   |
-|-------|------|----------|---------|
+| ----- | ------ | -------- | --------- |
-| key | String | Yes | `var_cpu` |
+| key   | String | Yes      | `var_cpu` |
 **Returns**:
 - `0` if key is whitelisted
 - `1` if key is NOT whitelisted
@ -573,6 +585,7 @@ Step 4: Use BUILT-IN DEFAULTS
 ### Precedence Examples
 **Example 1: Environment Variable Wins**
 ```bash
 # Shell environment has highest priority
 $ export var_cpu=16
@ -583,6 +596,7 @@ $ bash pihole-install.sh
 ```
 **Example 2: App Defaults Override User Defaults**
 ```bash
 # User Defaults: var_cpu=4
 # App Defaults: var_cpu=2
@ -593,6 +607,7 @@ $ bash pihole-install.sh
 ```
 **Example 3: All Defaults Missing (Built-ins Used)**
 ```bash
 # No environment variables set
 # No app defaults file
@ -611,21 +626,21 @@ $ bash pihole-install.sh
 base_settings() {
  # Priority 1: Environment variables (already set if export used)
  CT_TYPE=${var_unprivileged:-"1"}          # Use existing or default
-  
+
  # Priority 2: Load app defaults (may override above)
  if [ -f "$(get_app_defaults_path)" ]; then
    load_vars_file "$(get_app_defaults_path)"
  fi
-  
+
  # Priority 3: Load user defaults
  if [ -f "/usr/local/community-scripts/default.vars" ]; then
    load_vars_file "/usr/local/community-scripts/default.vars"
  fi
-  
+
  # Priority 4: Apply built-in defaults (lowest)
  CORE_COUNT=${var_cpu:-"${APP_CPU_DEFAULT:-2}"}
  RAM_SIZE=${var_ram:-"${APP_RAM_DEFAULT:-1024}"}
-  
+
  # Result: var_cpu has been set through precedence chain
 }
 ```
@ -734,14 +749,14 @@ CONTAINER CREATION STARTED
 ### Threat Model
-| Threat | Mitigation |
+| Threat                       | Mitigation                                        |
-|--------|-----------|
+| ---------------------------- | ------------------------------------------------- |
-| **Arbitrary Code Execution** | No `source` or `eval`; manual parsing only |
+| **Arbitrary Code Execution** | No `source` or `eval`; manual parsing only        |
-| **Variable Injection** | Whitelist of allowed variable names |
+| **Variable Injection**       | Whitelist of allowed variable names               |
-| **Command Substitution** | `_sanitize_value()` blocks `$()`, backticks, etc. |
+| **Command Substitution**     | `_sanitize_value()` blocks `$()`, backticks, etc. |
-| **Path Traversal** | Files locked to `/usr/local/community-scripts/` |
+| **Path Traversal**           | Files locked to `/usr/local/community-scripts/`   |
-| **Permission Escalation** | Files created with restricted permissions |
+| **Permission Escalation**    | Files created with restricted permissions         |
-| **Information Disclosure** | Sensitive variables not logged |
+| **Information Disclosure**   | Sensitive variables not logged                    |
 ### Security Controls
@ -798,6 +813,7 @@ fi
 ### Module: `build.func`
 **Load Order** (in actual scripts):
 1. `#!/usr/bin/env bash` - Shebang
 2. `source /dev/stdin <<<$(curl ... api.func)` - API functions
 3. `source /dev/stdin <<<$(curl ... build.func)` - Build functions
@ -832,17 +848,17 @@ fi
 # Section 6: Installation Flow
 - install_script()         # Main entry point
- advanced_settings()      # 19-step wizard
+- advanced_settings()      # 20-step wizard
 ```
 ### Regex Patterns Used
-| Pattern | Purpose | Example Match |
+| Pattern                | Purpose               | Example Match           |
-|---------|---------|---|
+| ---------------------- | --------------------- | ----------------------- |
-| `^[0-9]+([.][0-9]+)?$` | Integer validation | `4`, `192.168` |
+| `^[0-9]+([.][0-9]+)?$` | Integer validation    | `4`, `192.168`          |
-| `^var_[a-z_]+$` | Variable name | `var_cpu`, `var_ssh` |
+| `^var_[a-z_]+$`        | Variable name         | `var_cpu`, `var_ssh`    |
-| `*'$('*` | Command substitution | `$(whoami)` |
+| `*'$('*`               | Command substitution  | `$(whoami)`             |
-| `*\`*` | Backtick substitution | `` `cat /etc/passwd` `` |
+| `*\`\*`                | Backtick substitution | `` `cat /etc/passwd` `` |
 ---
@ -869,12 +885,12 @@ fi
 ### Function Mapping
-| Old | New | Location |
+| Old              | New                               | Location   |
-|-----|-----|----------|
+| ---------------- | --------------------------------- | ---------- |
-| `read_config()` | `load_vars_file()` | build.func |
+| `read_config()`  | `load_vars_file()`                | build.func |
-| `write_config()` | `_build_current_app_vars_tmp()` | build.func |
+| `write_config()` | `_build_current_app_vars_tmp()`   | build.func |
-| None | `maybe_offer_save_app_defaults()` | build.func |
+| None             | `maybe_offer_save_app_defaults()` | build.func |
-| None | `get_app_defaults_path()` | build.func |
+| None             | `get_app_defaults_path()`         | build.func |
 ---
--- a/docs/misc/build.func/BUILD_FUNC_ENVIRONMENT_VARIABLES.md
+++ b/docs/misc/build.func/BUILD_FUNC_ENVIRONMENT_VARIABLES.md
@ -8,103 +8,123 @@ This document provides a comprehensive reference of all environment variables us
 ### Core Container Variables
-| Variable | Description | Default | Set In | Used In |
+| Variable  | Description                                  | Default   | Set In      | Used In            |
-|----------|-------------|---------|---------|---------|
+| --------- | -------------------------------------------- | --------- | ----------- | ------------------ |
-| `APP` | Application name (e.g., "plex", "nextcloud") | - | Environment | Throughout |
+| `APP`     | Application name (e.g., "plex", "nextcloud") | -         | Environment | Throughout         |
-| `NSAPP` | Namespace application name | `$APP` | Environment | Throughout |
+| `NSAPP`   | Namespace application name                   | `$APP`    | Environment | Throughout         |
-| `CTID` | Container ID | - | Environment | Container creation |
+| `CTID`    | Container ID                                 | -         | Environment | Container creation |
-| `CT_TYPE` | Container type ("install" or "update") | "install" | Environment | Entry point |
+| `CT_TYPE` | Container type ("install" or "update")       | "install" | Environment | Entry point        |
-| `CT_NAME` | Container name | `$APP` | Environment | Container creation |
+| `CT_NAME` | Container name                               | `$APP`    | Environment | Container creation |
 ### Operating System Variables
-| Variable | Description | Default | Set In | Used In |
+| Variable       | Description                | Default        | Set In          | Used In            |
-|----------|-------------|---------|---------|---------|
+| -------------- | -------------------------- | -------------- | --------------- | ------------------ |
-| `var_os` | Operating system selection | "debian" | base_settings() | OS selection |
+| `var_os`       | Operating system selection | "debian"       | base_settings() | OS selection       |
-| `var_version` | OS version | "12" | base_settings() | Template selection |
+| `var_version`  | OS version                 | "12"           | base_settings() | Template selection |
-| `var_template` | Template name | Auto-generated | base_settings() | Template download |
+| `var_template` | Template name              | Auto-generated | base_settings() | Template download  |
 ### Resource Configuration Variables
-| Variable | Description | Default | Set In | Used In |
+| Variable     | Description             | Default     | Set In          | Used In            |
-|----------|-------------|---------|---------|---------|
+| ------------ | ----------------------- | ----------- | --------------- | ------------------ |
-| `var_cpu` | CPU cores | "2" | base_settings() | Container creation |
+| `var_cpu`    | CPU cores               | "2"         | base_settings() | Container creation |
-| `var_ram` | RAM in MB | "2048" | base_settings() | Container creation |
+| `var_ram`    | RAM in MB               | "2048"      | base_settings() | Container creation |
-| `var_disk` | Disk size in GB | "8" | base_settings() | Container creation |
+| `var_disk`   | Disk size in GB         | "8"         | base_settings() | Container creation |
-| `DISK_SIZE` | Disk size (alternative) | `$var_disk` | Environment | Container creation |
+| `DISK_SIZE`  | Disk size (alternative) | `$var_disk` | Environment     | Container creation |
-| `CORE_COUNT` | CPU cores (alternative) | `$var_cpu` | Environment | Container creation |
+| `CORE_COUNT` | CPU cores (alternative) | `$var_cpu`  | Environment     | Container creation |
-| `RAM_SIZE` | RAM size (alternative) | `$var_ram` | Environment | Container creation |
+| `RAM_SIZE`   | RAM size (alternative)  | `$var_ram`  | Environment     | Container creation |
 ### Network Configuration Variables
-| Variable | Description | Default | Set In | Used In |
+| Variable      | Description                     | Default        | Set In          | Used In        |
-|----------|-------------|---------|---------|---------|
+| ------------- | ------------------------------- | -------------- | --------------- | -------------- |
-| `var_net` | Network interface | "vmbr0" | base_settings() | Network config |
+| `var_net`     | Network interface               | "vmbr0"        | base_settings() | Network config |
-| `var_bridge` | Bridge interface | "vmbr0" | base_settings() | Network config |
+| `var_bridge`  | Bridge interface                | "vmbr0"        | base_settings() | Network config |
-| `var_gateway` | Gateway IP | "192.168.1.1" | base_settings() | Network config |
+| `var_gateway` | Gateway IP                      | "192.168.1.1"  | base_settings() | Network config |
-| `var_ip` | Container IP address | - | User input | Network config |
+| `var_ip`      | Container IP address            | -              | User input      | Network config |
-| `var_ipv6` | IPv6 address | - | User input | Network config |
+| `var_ipv6`    | IPv6 address                    | -              | User input      | Network config |
-| `var_vlan` | VLAN ID | - | User input | Network config |
+| `var_vlan`    | VLAN ID                         | -              | User input      | Network config |
-| `var_mtu` | MTU size | "1500" | base_settings() | Network config |
+| `var_mtu`     | MTU size                        | "1500"         | base_settings() | Network config |
-| `var_mac` | MAC address | Auto-generated | base_settings() | Network config |
+| `var_mac`     | MAC address                     | Auto-generated | base_settings() | Network config |
-| `NET` | Network interface (alternative) | `$var_net` | Environment | Network config |
+| `NET`         | Network interface (alternative) | `$var_net`     | Environment     | Network config |
-| `BRG` | Bridge interface (alternative) | `$var_bridge` | Environment | Network config |
+| `BRG`         | Bridge interface (alternative)  | `$var_bridge`  | Environment     | Network config |
-| `GATE` | Gateway IP (alternative) | `$var_gateway` | Environment | Network config |
+| `GATE`        | Gateway IP (alternative)        | `$var_gateway` | Environment     | Network config |
-| `IPV6_METHOD` | IPv6 configuration method | "none" | Environment | Network config |
+| `IPV6_METHOD` | IPv6 configuration method       | "none"         | Environment     | Network config |
-| `VLAN` | VLAN ID (alternative) | `$var_vlan` | Environment | Network config |
+| `VLAN`        | VLAN ID (alternative)           | `$var_vlan`    | Environment     | Network config |
-| `MTU` | MTU size (alternative) | `$var_mtu` | Environment | Network config |
+| `MTU`         | MTU size (alternative)          | `$var_mtu`     | Environment     | Network config |
-| `MAC` | MAC address (alternative) | `$var_mac` | Environment | Network config |
+| `MAC`         | MAC address (alternative)       | `$var_mac`     | Environment     | Network config |
 ### Storage Configuration Variables
-| Variable | Description | Default | Set In | Used In |
+| Variable                | Description                     | Default                  | Set In           | Used In           |
-|----------|-------------|---------|---------|---------|
+| ----------------------- | ------------------------------- | ------------------------ | ---------------- | ----------------- |
-| `var_template_storage` | Storage for templates | - | select_storage() | Template storage |
+| `var_template_storage`  | Storage for templates           | -                        | select_storage() | Template storage  |
-| `var_container_storage` | Storage for container disks | - | select_storage() | Container storage |
+| `var_container_storage` | Storage for container disks     | -                        | select_storage() | Container storage |
-| `TEMPLATE_STORAGE` | Template storage (alternative) | `$var_template_storage` | Environment | Template storage |
+| `TEMPLATE_STORAGE`      | Template storage (alternative)  | `$var_template_storage`  | Environment      | Template storage  |
-| `CONTAINER_STORAGE` | Container storage (alternative) | `$var_container_storage` | Environment | Container storage |
+| `CONTAINER_STORAGE`     | Container storage (alternative) | `$var_container_storage` | Environment      | Container storage |
 ### Feature Flags
-| Variable | Description | Default | Set In | Used In |
+| Variable              | Description                 | Default | Set In          | Used In            |
-|----------|-------------|---------|---------|---------|
+| --------------------- | --------------------------- | ------- | --------------- | ------------------ |
-| `ENABLE_FUSE` | Enable FUSE support | "true" | base_settings() | Container features |
+| `ENABLE_FUSE`         | Enable FUSE support         | "true"  | base_settings() | Container features |
-| `ENABLE_TUN` | Enable TUN/TAP support | "true" | base_settings() | Container features |
+| `ENABLE_TUN`          | Enable TUN/TAP support      | "true"  | base_settings() | Container features |
-| `ENABLE_KEYCTL` | Enable keyctl support | "true" | base_settings() | Container features |
+| `ENABLE_KEYCTL`       | Enable keyctl support       | "true"  | base_settings() | Container features |
-| `ENABLE_MOUNT` | Enable mount support | "true" | base_settings() | Container features |
+| `ENABLE_MOUNT`        | Enable mount support        | "true"  | base_settings() | Container features |
-| `ENABLE_NESTING` | Enable nesting support | "false" | base_settings() | Container features |
+| `ENABLE_NESTING`      | Enable nesting support      | "false" | base_settings() | Container features |
-| `ENABLE_PRIVILEGED` | Enable privileged mode | "false" | base_settings() | Container features |
+| `ENABLE_PRIVILEGED`   | Enable privileged mode      | "false" | base_settings() | Container features |
-| `ENABLE_UNPRIVILEGED` | Enable unprivileged mode | "true" | base_settings() | Container features |
+| `ENABLE_UNPRIVILEGED` | Enable unprivileged mode    | "true"  | base_settings() | Container features |
-| `VERBOSE` | Enable verbose output | "false" | Environment | Logging |
+| `VERBOSE`             | Enable verbose output       | "false" | Environment     | Logging            |
-| `SSH` | Enable SSH key provisioning | "true" | base_settings() | SSH setup |
+| `SSH`                 | Enable SSH key provisioning | "true"  | base_settings() | SSH setup          |
 ### GPU Passthrough Variables
-| Variable | Description | Default | Set In | Used In |
+| Variable     | Description                     | Default | Set In                                      | Used In            |
-|----------|-------------|---------|---------|---------|
+| ------------ | ------------------------------- | ------- | ------------------------------------------- | ------------------ |
-| `GPU_APPS` | List of apps that support GPU | - | Environment | GPU detection |
+| `var_gpu`    | Enable GPU passthrough          | "no"    | CT script / Environment / Advanced Settings | GPU passthrough    |
-| `var_gpu` | GPU selection | - | User input | GPU passthrough |
+| `ENABLE_GPU` | GPU passthrough flag (internal) | "no"    | Advanced Settings                           | Container creation |
-| `var_gpu_type` | GPU type (intel/amd/nvidia) | - | detect_gpu_devices() | GPU passthrough |
+
-| `var_gpu_devices` | GPU device list | - | detect_gpu_devices() | GPU passthrough |
+**Note**: GPU passthrough is controlled via `var_gpu`. Apps that benefit from GPU acceleration (media servers, AI/ML, transcoding) have `var_gpu=yes` as default in their CT scripts.
 **Apps with GPU enabled by default**:
 - Media: jellyfin, plex, emby, channels, ersatztv, tunarr, immich
 - Transcoding: tdarr, unmanic, fileflows
 - AI/ML: ollama, openwebui
 - NVR: frigate
 **Usage Examples**:
 ```bash
 # Disable GPU for a specific installation
 var_gpu=no bash -c "$(curl -fsSL https://...jellyfin.sh)"
 # Enable GPU for apps without default GPU support
 var_gpu=yes bash -c "$(curl -fsSL https://...debian.sh)"
 # Set in default.vars for all apps
 echo "var_gpu=yes" >> /usr/local/community-scripts/default.vars
 ```
 ### API and Diagnostics Variables
-| Variable | Description | Default | Set In | Used In |
+| Variable      | Description              | Default   | Set In      | Used In           |
-|----------|-------------|---------|---------|---------|
+| ------------- | ------------------------ | --------- | ----------- | ----------------- |
-| `DIAGNOSTICS` | Enable diagnostics mode | "false" | Environment | Diagnostics |
+| `DIAGNOSTICS` | Enable diagnostics mode  | "false"   | Environment | Diagnostics       |
-| `METHOD` | Installation method | "install" | Environment | Installation flow |
+| `METHOD`      | Installation method      | "install" | Environment | Installation flow |
-| `RANDOM_UUID` | Random UUID for tracking | - | Environment | Logging |
+| `RANDOM_UUID` | Random UUID for tracking | -         | Environment | Logging           |
-| `API_TOKEN` | Proxmox API token | - | Environment | API calls |
+| `API_TOKEN`   | Proxmox API token        | -         | Environment | API calls         |
-| `API_USER` | Proxmox API user | - | Environment | API calls |
+| `API_USER`    | Proxmox API user         | -         | Environment | API calls         |
 ### Settings Persistence Variables
-| Variable | Description | Default | Set In | Used In |
+| Variable            | Description                | Default                                           | Set In      | Used In              |
-|----------|-------------|---------|---------|---------|
+| ------------------- | -------------------------- | ------------------------------------------------- | ----------- | -------------------- |
-| `SAVE_DEFAULTS` | Save settings as defaults | "false" | User input | Settings persistence |
+| `SAVE_DEFAULTS`     | Save settings as defaults  | "false"                                           | User input  | Settings persistence |
-| `SAVE_APP_DEFAULTS` | Save app-specific defaults | "false" | User input | Settings persistence |
+| `SAVE_APP_DEFAULTS` | Save app-specific defaults | "false"                                           | User input  | Settings persistence |
-| `DEFAULT_VARS_FILE` | Path to default.vars | "/usr/local/community-scripts/default.vars" | Environment | Settings persistence |
+| `DEFAULT_VARS_FILE` | Path to default.vars       | "/usr/local/community-scripts/default.vars"       | Environment | Settings persistence |
-| `APP_DEFAULTS_FILE` | Path to app.vars | "/usr/local/community-scripts/defaults/$APP.vars" | Environment | Settings persistence |
+| `APP_DEFAULTS_FILE` | Path to app.vars           | "/usr/local/community-scripts/defaults/$APP.vars" | Environment | Settings persistence |
 ## Variable Precedence Chain
@ -152,6 +172,7 @@ export SSH="true"
 ## Environment Variable Usage Patterns
 ### 1. Container Creation
 ```bash
 # Basic container creation
 export APP="nextcloud"
@ -170,6 +191,7 @@ export var_container_storage="local"
 ```
 ### 2. GPU Passthrough
 ```bash
 # Enable GPU passthrough
 export GPU_APPS="plex,jellyfin,emby"
@ -178,6 +200,7 @@ export ENABLE_PRIVILEGED="true"
 ```
 ### 3. Advanced Network Configuration
 ```bash
 # VLAN and IPv6 configuration
 export var_vlan="100"
@ -187,6 +210,7 @@ export var_mtu="9000"
 ```
 ### 4. Storage Configuration
 ```bash
 # Custom storage locations
 export var_template_storage="nfs-storage"
@ -206,6 +230,7 @@ The script validates variables at several points:
 ## Common Variable Combinations
 ### Development Container
 ```bash
 export APP="dev-container"
 export CTID="200"
@ -220,6 +245,7 @@ export ENABLE_PRIVILEGED="true"
 ```
 ### Media Server with GPU
 ```bash
 export APP="plex"
 export CTID="300"
@ -235,6 +261,7 @@ export ENABLE_PRIVILEGED="true"
 ```
 ### Lightweight Service
 ```bash
 export APP="nginx"
 export CTID="400"
--- a/docs/misc/build.func/BUILD_FUNC_FUNCTIONS_REFERENCE.md
+++ b/docs/misc/build.func/BUILD_FUNC_FUNCTIONS_REFERENCE.md
@ -9,30 +9,35 @@ This document provides a comprehensive reference of all functions in `build.func
 ### Initialization Functions
 #### `start()`
 **Purpose**: Main entry point when build.func is sourced or executed
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Detects execution context (Proxmox host vs container)
 - Captures hard environment variables
 - Sets CT_TYPE based on context
 - Routes to appropriate workflow (install_script or update_script)
-**Dependencies**: None
+  **Dependencies**: None
-**Environment Variables Used**: `CT_TYPE`, `APP`, `CTID`
+  **Environment Variables Used**: `CT_TYPE`, `APP`, `CTID`
 #### `variables()`
 **Purpose**: Load and resolve all configuration variables using precedence chain
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Loads app-specific .vars file
 - Loads global default.vars file
 - Applies variable precedence chain
 - Sets all configuration variables
-**Dependencies**: `base_settings()`
+  **Dependencies**: `base_settings()`
-**Environment Variables Used**: All configuration variables
+  **Environment Variables Used**: All configuration variables
 #### `base_settings()`
 **Purpose**: Set built-in default values for all configuration variables
 **Parameters**: None
 **Returns**: None
@ -43,28 +48,33 @@ This document provides a comprehensive reference of all functions in `build.func
 ### UI and Menu Functions
 #### `install_script()`
 **Purpose**: Main installation workflow coordinator
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Displays installation mode selection menu
 - Coordinates the entire installation process
 - Handles user interaction and validation
-**Dependencies**: `variables()`, `build_container()`, `default_var_settings()`
+  **Dependencies**: `variables()`, `build_container()`, `default_var_settings()`
-**Environment Variables Used**: `APP`, `CTID`, `var_hostname`
+  **Environment Variables Used**: `APP`, `CTID`, `var_hostname`
 #### `advanced_settings()`
 **Purpose**: Provide advanced configuration options via whiptail menus
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Displays whiptail menus for configuration
 - Updates configuration variables based on user input
 - Validates user selections
-**Dependencies**: `select_storage()`, `detect_gpu_devices()`
+  **Dependencies**: `select_storage()`, `detect_gpu_devices()`
-**Environment Variables Used**: All configuration variables
+  **Environment Variables Used**: All configuration variables
 #### `settings_menu()`
 **Purpose**: Display and handle settings configuration menu
 **Parameters**: None
 **Returns**: None
@ -75,58 +85,68 @@ This document provides a comprehensive reference of all functions in `build.func
 ### Storage Functions
 #### `select_storage()`
 **Purpose**: Handle storage selection for templates and containers
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Resolves storage preselection
 - Prompts user for storage selection if needed
 - Validates storage availability
 - Sets var_template_storage and var_container_storage
-**Dependencies**: `resolve_storage_preselect()`, `choose_and_set_storage_for_file()`
+  **Dependencies**: `resolve_storage_preselect()`, `choose_and_set_storage_for_file()`
-**Environment Variables Used**: `var_template_storage`, `var_container_storage`, `TEMPLATE_STORAGE`, `CONTAINER_STORAGE`
+  **Environment Variables Used**: `var_template_storage`, `var_container_storage`, `TEMPLATE_STORAGE`, `CONTAINER_STORAGE`
 #### `resolve_storage_preselect()`
 **Purpose**: Resolve preselected storage options
 **Parameters**:
 - `storage_type`: Type of storage (template or container)
-**Returns**: Storage name if valid, empty if invalid
+  **Returns**: Storage name if valid, empty if invalid
-**Side Effects**: Validates storage availability
+  **Side Effects**: Validates storage availability
-**Dependencies**: None
+  **Dependencies**: None
-**Environment Variables Used**: `var_template_storage`, `var_container_storage`
+  **Environment Variables Used**: `var_template_storage`, `var_container_storage`
 #### `choose_and_set_storage_for_file()`
 **Purpose**: Interactive storage selection via whiptail
 **Parameters**:
 - `storage_type`: Type of storage (template or container)
 - `content_type`: Content type (vztmpl or rootdir)
-**Returns**: None
+  **Returns**: None
-**Side Effects**:
+  **Side Effects**:
 - Displays whiptail menu
 - Updates storage variables
 - Validates selection
-**Dependencies**: None
+  **Dependencies**: None
-**Environment Variables Used**: `var_template_storage`, `var_container_storage`
+  **Environment Variables Used**: `var_template_storage`, `var_container_storage`
 ### Container Creation Functions
 #### `build_container()`
 **Purpose**: Validate settings and prepare container creation
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Validates all configuration
 - Checks for conflicts
 - Prepares container configuration
 - Calls create_lxc_container()
-**Dependencies**: `create_lxc_container()`
+  **Dependencies**: `create_lxc_container()`
-**Environment Variables Used**: All configuration variables
+  **Environment Variables Used**: All configuration variables
 #### `create_lxc_container()`
 **Purpose**: Create the actual LXC container
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Creates LXC container with basic configuration
 - Configures network settings
 - Sets up storage and mount points
@ -134,108 +154,176 @@ This document provides a comprehensive reference of all functions in `build.func
 - Sets resource limits
 - Configures startup options
 - Starts container
-**Dependencies**: `configure_gpu_passthrough()`, `fix_gpu_gids()`
+  **Dependencies**: `configure_gpu_passthrough()`, `fix_gpu_gids()`
-**Environment Variables Used**: All configuration variables
+  **Environment Variables Used**: All configuration variables
 ### GPU and Hardware Functions
 #### `detect_gpu_devices()`
 **Purpose**: Detect available GPU hardware on the system
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Scans for Intel, AMD, and NVIDIA GPUs
 - Updates var_gpu_type and var_gpu_devices
 - Determines GPU capabilities
-**Dependencies**: None
+  **Dependencies**: None
-**Environment Variables Used**: `var_gpu_type`, `var_gpu_devices`, `GPU_APPS`
+  **Environment Variables Used**: `var_gpu_type`, `var_gpu_devices`, `GPU_APPS`
 #### `configure_gpu_passthrough()`
 **Purpose**: Configure GPU passthrough for the container
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Adds GPU device entries to container config
 - Configures proper device permissions
 - Sets up device mapping
 - Updates /etc/pve/lxc/<ctid>.conf
-**Dependencies**: `detect_gpu_devices()`
+  **Dependencies**: `detect_gpu_devices()`
-**Environment Variables Used**: `var_gpu`, `var_gpu_type`, `var_gpu_devices`, `CTID`
+  **Environment Variables Used**: `var_gpu`, `var_gpu_type`, `var_gpu_devices`, `CTID`
 #### `fix_gpu_gids()`
 **Purpose**: Fix GPU group IDs after container creation
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Updates GPU group IDs in container
 - Ensures proper GPU access permissions
 - Configures video and render groups
-**Dependencies**: `configure_gpu_passthrough()`
+  **Dependencies**: `configure_gpu_passthrough()`
-**Environment Variables Used**: `CTID`, `var_gpu_type`
+  **Environment Variables Used**: `CTID`, `var_gpu_type`
 ### SSH Configuration Functions
 #### `configure_ssh_settings()`
 **Purpose**: Interactive SSH key and access configuration wizard
 **Parameters**:
 - `step_info` (optional): Step indicator string (e.g., "Step 17/19") for consistent dialog headers
  **Returns**: None
  **Side Effects**:
 - Creates temporary file for SSH keys
 - Discovers and presents available SSH keys from host
 - Allows manual key entry or folder/glob scanning
 - Sets `SSH` variable to "yes" or "no" based on user selection
 - Sets `SSH_AUTHORIZED_KEY` if manual key provided
 - Populates `SSH_KEYS_FILE` with selected keys
  **Dependencies**: `ssh_discover_default_files()`, `ssh_build_choices_from_files()`
  **Environment Variables Used**: `SSH`, `SSH_AUTHORIZED_KEY`, `SSH_KEYS_FILE`
 **SSH Key Source Options**:
 1. `found` - Select from auto-detected host keys
 2. `manual` - Paste a single public key
 3. `folder` - Scan custom folder or glob pattern
 4. `none` - No SSH keys
 **Note**: The "Enable root SSH access?" dialog is always shown, regardless of whether SSH keys or password are configured. This ensures users can always enable SSH access even with automatic login.
 #### `ssh_discover_default_files()`
 **Purpose**: Discover SSH public key files on the host system
 **Parameters**: None
 **Returns**: Array of discovered key file paths
 **Side Effects**: Scans common SSH key locations
 **Dependencies**: None
 **Environment Variables Used**: `var_ssh_import_glob`
 #### `ssh_build_choices_from_files()`
 **Purpose**: Build whiptail checklist choices from SSH key files
 **Parameters**:
 - Array of file paths to process
  **Returns**: None
  **Side Effects**:
 - Sets `CHOICES` array for whiptail checklist
 - Sets `COUNT` variable with number of keys found
 - Creates `MAPFILE` for key tag to content mapping
  **Dependencies**: None
  **Environment Variables Used**: `CHOICES`, `COUNT`, `MAPFILE`
 ### Settings Persistence Functions
 #### `default_var_settings()`
 **Purpose**: Offer to save current settings as defaults
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Prompts user to save settings
 - Saves to default.vars file
 - Saves to app-specific .vars file
-**Dependencies**: `maybe_offer_save_app_defaults()`
+  **Dependencies**: `maybe_offer_save_app_defaults()`
-**Environment Variables Used**: All configuration variables
+  **Environment Variables Used**: All configuration variables
 #### `maybe_offer_save_app_defaults()`
 **Purpose**: Offer to save app-specific defaults
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Prompts user to save app-specific settings
 - Saves to app.vars file
 - Updates app-specific configuration
-**Dependencies**: None
+  **Dependencies**: None
-**Environment Variables Used**: `APP`, `SAVE_APP_DEFAULTS`
+  **Environment Variables Used**: `APP`, `SAVE_APP_DEFAULTS`
 ### Utility Functions
 #### `validate_settings()`
 **Purpose**: Validate all configuration settings
 **Parameters**: None
 **Returns**: 0 if valid, 1 if invalid
 **Side Effects**:
 - Checks for configuration conflicts
 - Validates resource limits
 - Validates network configuration
 - Validates storage configuration
-**Dependencies**: None
+  **Dependencies**: None
-**Environment Variables Used**: All configuration variables
+  **Environment Variables Used**: All configuration variables
 #### `check_conflicts()`
 **Purpose**: Check for configuration conflicts
 **Parameters**: None
 **Returns**: 0 if no conflicts, 1 if conflicts found
 **Side Effects**:
 - Checks for conflicting settings
 - Validates resource allocation
 - Checks network configuration
-**Dependencies**: None
+  **Dependencies**: None
-**Environment Variables Used**: All configuration variables
+  **Environment Variables Used**: All configuration variables
 #### `cleanup_on_error()`
 **Purpose**: Clean up resources on error
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Removes partially created containers
 - Cleans up temporary files
 - Resets configuration
-**Dependencies**: None
+  **Dependencies**: None
-**Environment Variables Used**: `CTID`
+  **Environment Variables Used**: `CTID`
 ## Function Call Flow
 ### Main Installation Flow
 ```
 start()
 ├── variables()
@ -259,6 +347,7 @@ start()
 ```
 ### Error Handling Flow
 ```
 Error Detection
 ├── validate_settings()
@ -271,24 +360,29 @@ Error Detection
 ## Function Dependencies
 ### Core Dependencies
 - `start()` → `install_script()` → `build_container()` → `create_lxc_container()`
 - `variables()` → `base_settings()`
 - `advanced_settings()` → `select_storage()` → `detect_gpu_devices()`
 ### Storage Dependencies
 - `select_storage()` → `resolve_storage_preselect()`
 - `select_storage()` → `choose_and_set_storage_for_file()`
 ### GPU Dependencies
 - `configure_gpu_passthrough()` → `detect_gpu_devices()`
 - `fix_gpu_gids()` → `configure_gpu_passthrough()`
 ### Settings Dependencies
 - `default_var_settings()` → `maybe_offer_save_app_defaults()`
 ## Function Usage Examples
 ### Basic Container Creation
 ```bash
 # Set required variables
 export APP="plex"
@ -304,6 +398,7 @@ start()  # Entry point
 ```
 ### Advanced Configuration
 ```bash
 # Set advanced variables
 export var_os="debian"
@ -319,6 +414,7 @@ advanced_settings()  # Interactive configuration
 ```
 ### GPU Passthrough
 ```bash
 # Enable GPU passthrough
 export GPU_APPS="plex"
@ -331,6 +427,7 @@ fix_gpu_gids()  # Fix permissions
 ```
 ### Settings Persistence
 ```bash
 # Save settings as defaults
 export SAVE_DEFAULTS="true"
@ -344,15 +441,18 @@ maybe_offer_save_app_defaults()  # Save app defaults
 ## Function Error Handling
 ### Validation Functions
 - `validate_settings()`: Returns 0 for valid, 1 for invalid
 - `check_conflicts()`: Returns 0 for no conflicts, 1 for conflicts
 ### Error Recovery
 - `cleanup_on_error()`: Cleans up on any error
 - Error codes are propagated up the call stack
 - Critical errors cause script termination
 ### Error Types
 1. **Configuration Errors**: Invalid settings or conflicts
 2. **Resource Errors**: Insufficient resources or conflicts
 3. **Network Errors**: Invalid network configuration
--- a/frontend/public/json/coolify.json
+++ b/frontend/public/json/coolify.json
@ -0,0 +1,52 @@
 {
    "name": "Coolify",
    "slug": "coolify",
    "categories": [
        6
    ],
    "date_created": "2025-12-09",
    "type": "ct",
    "updateable": true,
    "privileged": false,
    "interface_port": 8000,
    "documentation": "https://coolify.io/docs",
    "config_path": "/data/coolify",
    "website": "https://coolify.io/",
    "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/coolify.webp",
    "description": "Coolify is an open-source & self-hostable alternative to Heroku, Netlify, and Vercel. It helps you manage your servers, applications, and databases on your own hardware with Docker. Deploy any application from Git repositories, Docker images, or use pre-built templates.",
    "install_methods": [
        {
            "type": "default",
            "script": "ct/coolify.sh",
            "resources": {
                "cpu": 2,
                "ram": 4096,
                "hdd": 30,
                "os": "Debian",
                "version": "13"
            }
        }
    ],
    "default_credentials": {
        "username": null,
        "password": null
    },
    "notes": [
        {
            "text": "Initial setup will be done via the web interface on first access.",
            "type": "info"
        },
        {
            "text": "Coolify has built-in auto-updates. You can configure update frequency in Settings.",
            "type": "info"
        },
        {
            "text": "Coolify requires SSH access to manage deployments. SSH is enabled automatically.",
            "type": "info"
        },
        {
            "text": "This container uses Docker-in-Docker (nesting) for application deployments.",
            "type": "warning"
        }
    ]
 }
--- a/frontend/public/json/versions.json
+++ b/frontend/public/json/versions.json
@ -1,4 +1,139 @@
 [
  {
    "name": "sabnzbd/sabnzbd",
    "version": "4.5.5",
    "date": "2025-10-24T11:12:22Z"
  },
  {
    "name": "home-assistant/core",
    "version": "2025.12.2",
    "date": "2025-12-08T21:36:42Z"
  },
  {
    "name": "BerriAI/litellm",
    "version": "v1.80.9-nightly",
    "date": "2025-12-08T21:21:07Z"
  },
  {
    "name": "seerr-team/seerr",
    "version": "preview-test-fix-subscriptions",
    "date": "2025-12-08T21:16:05Z"
  },
  {
    "name": "hansmi/prometheus-paperless-exporter",
    "version": "v0.0.9",
    "date": "2025-12-08T20:37:45Z"
  },
  {
    "name": "influxdata/telegraf",
    "version": "v1.37.0",
    "date": "2025-12-08T20:36:16Z"
  },
  {
    "name": "pommee/goaway",
    "version": "v0.62.23",
    "date": "2025-12-08T20:30:54Z"
  },
  {
    "name": "n8n-io/n8n",
    "version": "n8n@1.123.4",
    "date": "2025-12-08T13:30:40Z"
  },
  {
    "name": "steveiliop56/tinyauth",
    "version": "v4.1.0",
    "date": "2025-11-23T12:13:34Z"
  },
  {
    "name": "homarr-labs/homarr",
    "version": "v1.45.3",
    "date": "2025-12-08T16:11:16Z"
  },
  {
    "name": "AdguardTeam/AdGuardHome",
    "version": "v0.107.71",
    "date": "2025-12-08T14:34:55Z"
  },
  {
    "name": "chrisbenincasa/tunarr",
    "version": "v0.22.18",
    "date": "2025-12-08T14:26:24Z"
  },
  {
    "name": "openobserve/openobserve",
    "version": "v0.30.0-rc1",
    "date": "2025-12-08T13:29:14Z"
  },
  {
    "name": "wavelog/wavelog",
    "version": "2.2.1",
    "date": "2025-12-08T12:01:34Z"
  },
  {
    "name": "ventoy/Ventoy",
    "version": "v1.1.08",
    "date": "2025-12-08T10:13:51Z"
  },
  {
    "name": "zitadel/zitadel",
    "version": "v4.7.1",
    "date": "2025-12-08T10:05:21Z"
  },
  {
    "name": "meilisearch/meilisearch",
    "version": "latest",
    "date": "2025-12-08T09:36:54Z"
  },
  {
    "name": "WGDashboard/WGDashboard",
    "version": "v4.3.0.2",
    "date": "2025-12-08T09:01:37Z"
  },
  {
    "name": "mattermost/mattermost",
    "version": "v10.11.8",
    "date": "2025-11-21T17:06:07Z"
  },
  {
    "name": "nzbgetcom/nzbget",
    "version": "v25.4",
    "date": "2025-10-09T10:27:01Z"
  },
  {
    "name": "morpheus65535/bazarr",
    "version": "v1.5.3",
    "date": "2025-09-20T12:12:33Z"
  },
  {
    "name": "Jackett/Jackett",
    "version": "v0.24.420",
    "date": "2025-12-08T05:55:34Z"
  },
  {
    "name": "ollama/ollama",
    "version": "v0.13.2-rc2",
    "date": "2025-12-06T00:10:33Z"
  },
  {
    "name": "firefly-iii/firefly-iii",
    "version": "v6.4.9",
    "date": "2025-11-28T20:36:20Z"
  },
  {
    "name": "documenso/documenso",
    "version": "v2.2.0",
    "date": "2025-12-08T03:33:34Z"
  },
  {
    "name": "jeedom/core",
    "version": "4.5",
    "date": "2025-12-08T00:27:05Z"
  },
  {
    "name": "maxdorninger/MediaManager",
    "version": "v1.10.0",
    "date": "2025-12-07T23:41:51Z"
  },
  {
    "name": "Part-DB/Part-DB-server",
    "version": "v2.3.0",
@ -10,60 +145,25 @@
    "date": "2025-12-07T19:19:08Z"
  },
  {
-    "name": "firefly-iii/firefly-iii",
+    "name": "keycloak/keycloak",
-    "version": "v6.4.9",
+    "version": "26.4.7",
-    "date": "2025-11-28T20:36:20Z"
+    "date": "2025-12-01T08:14:11Z"
  },
  {
    "name": "seerr-team/seerr",
    "version": "preview-test-fix-subscriptions",
    "date": "2025-12-07T14:31:55Z"
  },
  {
    "name": "bluenviron/mediamtx",
    "version": "v1.15.5",
    "date": "2025-12-07T12:24:21Z"
  },
  {
    "name": "morpheus65535/bazarr",
    "version": "v1.5.3",
    "date": "2025-09-20T12:12:33Z"
  },
  {
    "name": "Jackett/Jackett",
    "version": "v0.24.415",
    "date": "2025-12-07T05:56:32Z"
  },
  {
    "name": "BerriAI/litellm",
    "version": "v1.80.8.rc.1",
    "date": "2025-12-07T01:36:40Z"
  },
  {
    "name": "umami-software/umami",
    "version": "v2.20.1",
    "date": "2025-12-07T01:14:23Z"
  },
  {
    "name": "steveiliop56/tinyauth",
    "version": "v4.1.0",
    "date": "2025-11-23T12:13:34Z"
  },
  {
    "name": "jeedom/core",
    "version": "4.5",
    "date": "2025-12-07T00:27:06Z"
  },
  {
    "name": "sysadminsmedia/homebox",
    "version": "v0.22.0-rc.2",
    "date": "2025-12-06T21:24:28Z"
  },
  {
    "name": "keycloak/keycloak",
    "version": "26.4.7",
    "date": "2025-12-01T08:14:11Z"
  },
  {
    "name": "Koenkk/zigbee2mqtt",
    "version": "2.7.1",
@ -124,36 +224,11 @@
    "version": "v13.1.3",
    "date": "2025-12-06T04:40:09Z"
  },
  {
    "name": "ollama/ollama",
    "version": "v0.13.2-rc1",
    "date": "2025-12-04T23:19:06Z"
  },
  {
    "name": "Stirling-Tools/Stirling-PDF",
    "version": "v2.1.1",
    "date": "2025-12-05T23:48:08Z"
  },
  {
    "name": "chrisbenincasa/tunarr",
    "version": "v0.23.0-alpha.30",
    "date": "2025-12-05T21:23:38Z"
  },
  {
    "name": "home-assistant/core",
    "version": "2025.12.1",
    "date": "2025-12-05T21:10:31Z"
  },
  {
    "name": "n8n-io/n8n",
    "version": "n8n@1.122.5",
    "date": "2025-12-04T14:09:39Z"
  },
  {
    "name": "homarr-labs/homarr",
    "version": "v1.45.2",
    "date": "2025-12-05T19:17:09Z"
  },
  {
    "name": "booklore-app/booklore",
    "version": "v1.13.2",
@ -199,11 +274,6 @@
    "version": "2025.11.4",
    "date": "2025-12-05T03:54:58Z"
  },
  {
    "name": "documenso/documenso",
    "version": "v2.2.4",
    "date": "2025-12-05T01:23:23Z"
  },
  {
    "name": "transmission/transmission",
    "version": "4.0.1-beta.1",
@ -224,11 +294,6 @@
    "version": "v1.30.20",
    "date": "2025-12-04T18:17:47Z"
  },
  {
    "name": "AdguardTeam/AdGuardHome",
    "version": "v0.107.70",
    "date": "2025-12-03T16:12:15Z"
  },
  {
    "name": "wazuh/wazuh",
    "version": "coverity-w49-4.14.2",
@ -299,11 +364,6 @@
    "version": "v25.11.5",
    "date": "2025-12-03T14:51:03Z"
  },
  {
    "name": "meilisearch/meilisearch",
    "version": "latest",
    "date": "2025-12-03T14:19:01Z"
  },
  {
    "name": "Graylog2/graylog2-server",
    "version": "6.2.10",
@ -319,16 +379,6 @@
    "version": "v0.104.0",
    "date": "2025-12-03T06:48:38Z"
  },
  {
    "name": "mattermost/mattermost",
    "version": "v10.11.8",
    "date": "2025-11-21T17:06:07Z"
  },
  {
    "name": "openobserve/openobserve",
    "version": "v0.20.2",
    "date": "2025-12-03T02:20:57Z"
  },
  {
    "name": "hyperion-project/hyperion.ng",
    "version": "2.1.1",
@ -342,7 +392,7 @@
  {
    "name": "mealie-recipes/mealie",
    "version": "v3.6.1",
-    "date": "2025-12-02T22:54:10Z"
+    "date": "2025-12-02T23:08:41Z"
  },
  {
    "name": "apache/tomcat",
@ -389,11 +439,6 @@
    "version": "jenkins-2.540",
    "date": "2025-12-02T16:56:49Z"
  },
  {
    "name": "nzbgetcom/nzbget",
    "version": "v25.4",
    "date": "2025-10-09T10:27:01Z"
  },
  {
    "name": "docker/compose",
    "version": "v5.0.0",
@ -519,11 +564,6 @@
    "version": "v11.8.2",
    "date": "2025-11-30T08:39:28Z"
  },
  {
    "name": "pommee/goaway",
    "version": "v0.62.20",
    "date": "2025-11-30T06:51:31Z"
  },
  {
    "name": "MediaBrowser/Emby.Releases",
    "version": "4.9.1.90",
@ -679,11 +719,6 @@
    "version": "v1.18.0",
    "date": "2025-11-23T17:42:53Z"
  },
  {
    "name": "wavelog/wavelog",
    "version": "2.2",
    "date": "2025-11-23T17:32:38Z"
  },
  {
    "name": "crafty-controller/crafty-4",
    "version": "v4.6.1",
@ -724,11 +759,6 @@
    "version": "5.2.4",
    "date": "2025-11-21T10:25:05Z"
  },
  {
    "name": "sabnzbd/sabnzbd",
    "version": "4.5.5",
    "date": "2025-10-24T11:12:22Z"
  },
  {
    "name": "MariaDB/server",
    "version": "mariadb-12.1.2",
@ -819,11 +849,6 @@
    "version": "v0.28.2",
    "date": "2025-11-18T05:51:46Z"
  },
  {
    "name": "influxdata/telegraf",
    "version": "v1.36.4",
    "date": "2025-11-17T17:15:29Z"
  },
  {
    "name": "rabbitmq/rabbitmq-server",
    "version": "v4.2.1",
@ -869,11 +894,6 @@
    "version": "4.10.1",
    "date": "2025-11-15T04:36:48Z"
  },
  {
    "name": "zitadel/zitadel",
    "version": "v4.7.0",
    "date": "2025-11-14T09:45:13Z"
  },
  {
    "name": "runtipi/runtipi",
    "version": "v4.6.5",
@ -999,11 +1019,6 @@
    "version": "v3.0.9",
    "date": "2025-11-04T07:28:45Z"
  },
  {
    "name": "maxdorninger/MediaManager",
    "version": "v1.9.1",
    "date": "2025-11-02T21:14:50Z"
  },
  {
    "name": "motioneye-project/motioneye",
    "version": "0.42.1",
@ -1179,11 +1194,6 @@
    "version": "v0.23.0",
    "date": "2025-09-17T10:15:51Z"
  },
  {
    "name": "WGDashboard/WGDashboard",
    "version": "v4.3.0.1",
    "date": "2025-09-17T08:50:39Z"
  },
  {
    "name": "Checkmk/checkmk",
    "version": "v2.4.0p12",
@ -1249,11 +1259,6 @@
    "version": "0.6.25",
    "date": "2025-08-24T08:51:55Z"
  },
  {
    "name": "ventoy/Ventoy",
    "version": "v1.1.07",
    "date": "2025-08-18T16:13:54Z"
  },
  {
    "name": "lldap/lldap",
    "version": "v0.6.2",
@ -1364,11 +1369,6 @@
    "version": "v1.13.0",
    "date": "2025-05-25T20:21:13Z"
  },
  {
    "name": "hansmi/prometheus-paperless-exporter",
    "version": "v0.0.8",
    "date": "2025-05-18T11:37:31Z"
  },
  {
    "name": "stackblitz-labs/bolt.diy",
    "version": "1.0.0",
--- a/install/coolify-install.sh
+++ b/install/coolify-install.sh
@ -0,0 +1,39 @@
 #!/bin/bash
 # Copyright (c) 2021-2025 community-scripts ORG
 # Author: MickLesk (CanbiZ)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://coolify.io/
 source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
 color
 verb_ip6
 catch_errors
 setting_up_container
 network_check
 update_os
 msg_info "Installing Dependencies"
 $STD apt install -y \
  git \
  openssl
 msg_ok "Installed Dependencies"
 msg_warn "WARNING: This script will run an external installer from a third-party source (https://coolify.io/)."
 msg_warn "The following code is NOT maintained or audited by our repository."
 msg_warn "If you have any doubts or concerns, please review the installer code before proceeding:"
 msg_custom "${TAB3}${GATEWAY}${BGN}${CL}" "\e[1;34m" "→  https://cdn.coollabs.io/coolify/install.sh"
 echo
 read -r -p "${TAB3}Do you want to continue? [y/N]: " CONFIRM
 if [[ ! "$CONFIRM" =~ ^([yY][eE][sS]|[yY])$ ]]; then
  msg_error "Aborted by user. No changes have been made."
  exit 10
 fi
 msg_info "Installing Coolify (Patience - this installs Docker and pulls containers)"
 $STD bash <(curl -fsSL https://cdn.coollabs.io/coolify/install.sh)
 msg_ok "Installed Coolify"
 motd_ssh
 customize
 cleanup_lxc
--- a/install/tandoor-install.sh
+++ b/install/tandoor-install.sh
@ -32,28 +32,10 @@ msg_ok "Installed Dependencies"
 NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
 fetch_and_deploy_gh_release "tandoor" "TandoorRecipes/recipes" "tarball" "latest" "/opt/tandoor"
-PG_VERSION="17" PG_MODULES="contrib" setup_postgresql
+PG_VERSION="17" setup_postgresql
 PYTHON_VERSION="3.13" setup_uv
-
+PG_DB_USER="tandoor" PG_DB_NAME="db_recipes" PG_DB_EXTENSIONS="unaccent,pg_trgm" setup_postgresql_db
 msg_info "Set up PostgreSQL Database"
 DB_NAME=db_recipes
 DB_USER=tandoor
 SECRET_KEY=$(openssl rand -base64 45 | sed 's/\//\\\//g')
 DB_PASS="$(openssl rand -base64 18 | cut -c1-13)"
 $STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';"
 $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER TEMPLATE template0;"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET default_transaction_isolation TO 'read committed';"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET timezone TO 'UTC'"
 $STD sudo -u postgres psql -d "$DB_NAME" -c "CREATE EXTENSION IF NOT EXISTS unaccent;"
 $STD sudo -u postgres psql -d "$DB_NAME" -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
 {
  echo "Tandoor-Credentials"
  echo "Tandoor Database Name: $DB_NAME"
  echo "Tandoor Database User: $DB_USER"
  echo "Tandoor Database Password: $DB_PASS"
 } >>~/tandoor.creds
 msg_ok "Set up PostgreSQL Database"
 msg_info "Setup Tandoor"
 mkdir -p /opt/tandoor/{config,api,mediafiles,staticfiles}
@ -69,16 +51,16 @@ TZ=Europe/Berlin
 DB_ENGINE=django.db.backends.postgresql
 POSTGRES_HOST=localhost
-POSTGRES_DB=$DB_NAME
+POSTGRES_DB=$PG_DB_NAME
 POSTGRES_PORT=5432
-POSTGRES_USER=$DB_USER
+POSTGRES_USER=$PG_DB_USER
-POSTGRES_PASSWORD=$DB_PASS
+POSTGRES_PASSWORD=$PG_DB_PASS
 STATIC_URL=/staticfiles/
 MEDIA_URL=/media/
 EOF
-TANDOOR_VERSION="$(curl -s https://api.github.com/repos/TandoorRecipes/recipes/releases/latest | jq -r .tag_name)"
+TANDOOR_VERSION=$(get_latest_github_release "TandoorRecipes/recipes")
 cat <<EOF >/opt/tandoor/cookbook/version_info.py
 TANDOOR_VERSION = "$TANDOOR_VERSION"
 TANDOOR_REF = "bare-metal"
--- a/misc/build.func
+++ b/misc/build.func
@ -453,7 +453,7 @@ load_vars_file() {
  # Allowed var_* keys
  local VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_keyctl
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu var_keyctl
    var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
    var_net var_nesting var_ns var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
    var_verbose var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
@ -505,7 +505,7 @@ default_var_settings() {
  # Allowed var_* keys (alphabetically sorted)
  # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
  local VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_keyctl
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu var_keyctl
    var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
    var_net var_nesting var_ns var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
    var_verbose var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
@ -667,7 +667,7 @@ get_app_defaults_path() {
 if ! declare -p VAR_WHITELIST >/dev/null 2>&1; then
  # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
  declare -ag VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu
    var_gateway var_hostname var_ipv6_method var_mac var_mtu
    var_net var_ns var_pw var_ram var_tags var_tun var_unprivileged
    var_verbose var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
@ -1011,7 +1011,7 @@ advanced_settings() {
  # Initialize defaults
  TAGS="community-script;${var_tags:-}"
  local STEP=1
-  local MAX_STEP=19
+  local MAX_STEP=20
  # Store values for back navigation
  local _ct_type="${CT_TYPE:-1}"
@ -1036,6 +1036,7 @@ advanced_settings() {
  local _vlan=""
  local _tags="$TAGS"
  local _enable_fuse="no"
  local _enable_gpu="${var_gpu:-no}"
  local _verbose="no"
  local _enable_keyctl="0"
  local _enable_mknod="0"
@ -1491,7 +1492,7 @@ advanced_settings() {
    # STEP 17: SSH Settings
    # ═══════════════════════════════════════════════════════════════════════════
    17)
-      configure_ssh_settings
+      configure_ssh_settings "Step $STEP/$MAX_STEP"
      # configure_ssh_settings handles its own flow, always advance
      ((STEP++))
      ;;
@ -1527,9 +1528,33 @@ advanced_settings() {
      ;;
    # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 19: Confirmation
+    # STEP 19: GPU Passthrough
    # ═══════════════════════════════════════════════════════════════════════════
    19)
      local gpu_default="OFF"
      [[ "$_enable_gpu" == "yes" ]] && gpu_default="ON"
      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
        --title "GPU PASSTHROUGH" \
        --ok-button "Next" --cancel-button "Back" \
        --defaultno \
        --yesno "\nEnable GPU Passthrough?\n\nAutomatically detects and passes through available GPUs\n(Intel/AMD/NVIDIA) for hardware acceleration.\n\nRecommended for: Media servers, AI/ML, Transcoding" 14 62; then
        _enable_gpu="yes"
      else
        if [ $? -eq 1 ]; then
          _enable_gpu="no"
        else
          ((STEP--))
          continue
        fi
      fi
      ((STEP++))
      ;;
    # ═══════════════════════════════════════════════════════════════════════════
    # STEP 20: Confirmation
    # ═══════════════════════════════════════════════════════════════════════════
    20)
      # Build summary
      local ct_type_desc="Unprivileged"
      [[ "$_ct_type" == "0" ]] && ct_type_desc="Privileged"
@ -1550,12 +1575,13 @@ Network:
 Options:
  FUSE: $_enable_fuse
  GPU Passthrough: $_enable_gpu
  Verbose: $_verbose"
      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
        --title "CONFIRM SETTINGS" \
        --ok-button "Create LXC" --cancel-button "Back" \
-        --yesno "$summary\n\nCreate ${APP} LXC with these settings?" 26 58; then
+        --yesno "$summary\n\nCreate ${APP} LXC with these settings?" 28 58; then
        ((STEP++))
      else
        ((STEP--))
@ -1582,8 +1608,12 @@ Options:
  IPV6_GATE="$_ipv6_gate"
  TAGS="$_tags"
  ENABLE_FUSE="$_enable_fuse"
  ENABLE_GPU="$_enable_gpu"
  VERBOSE="$_verbose"
  # Update var_gpu based on user choice (for is_gpu_app function)
  var_gpu="$_enable_gpu"
  # Format optional values
  [[ -n "$_mtu" ]] && MTU=",mtu=$_mtu" || MTU=""
  [[ -n "$_sd" ]] && SD="-searchdomain=$_sd" || SD=""
@ -1600,6 +1630,10 @@ Options:
  export UDHCPC_FIX
  export SSH_KEYS_FILE
  # Exit alternate screen buffer before showing summary (so output remains visible)
  tput rmcup 2>/dev/null || true
  trap - RETURN
  # Display final summary
  echo -e "\n${INFO}${BOLD}${DGN}PVE Version ${PVEVERSION} (Kernel: ${KERNEL_VERSION})${CL}"
  echo -e "${OS}${BOLD}${DGN}Operating System: ${BGN}$var_os${CL}"
@ -1614,6 +1648,7 @@ Options:
  echo -e "${NETWORK}${BOLD}${DGN}IPv4: ${BGN}$NET${CL}"
  echo -e "${NETWORK}${BOLD}${DGN}IPv6: ${BGN}$IPV6_METHOD${CL}"
  echo -e "${FUSE}${BOLD}${DGN}FUSE Support: ${BGN}$ENABLE_FUSE${CL}"
  echo -e "${GPU}${BOLD}${DGN}GPU Passthrough: ${BGN}$ENABLE_GPU${CL}"
  echo -e "${SEARCH}${BOLD}${DGN}Verbose Mode: ${BGN}$VERBOSE${CL}"
  echo -e "${CREATING}${BOLD}${RD}Creating a ${APP} LXC using the above advanced settings${CL}"
 }
@ -1736,6 +1771,9 @@ echo_default() {
  echo -e "${DISKSIZE}${BOLD}${DGN}Disk Size: ${BGN}${DISK_SIZE} GB${CL}"
  echo -e "${CPUCORE}${BOLD}${DGN}CPU Cores: ${BGN}${CORE_COUNT}${CL}"
  echo -e "${RAMSIZE}${BOLD}${DGN}RAM Size: ${BGN}${RAM_SIZE} MiB${CL}"
  if [[ -n "${var_gpu:-}" && "${var_gpu}" == "yes" ]]; then
    echo -e "${GPU}${BOLD}${DGN}GPU Passthrough: ${BGN}Enabled${CL}"
  fi
  if [ "$VERBOSE" == "yes" ]; then
    echo -e "${SEARCH}${BOLD}${DGN}Verbose Mode: ${BGN}Enabled${CL}"
  fi
@ -2076,6 +2114,10 @@ ssh_discover_default_files() {
 }
 configure_ssh_settings() {
  local step_info="${1:-}"
  local backtitle="Proxmox VE Helper Scripts"
  [[ -n "$step_info" ]] && backtitle="Proxmox VE Helper Scripts [${step_info}]"
  SSH_KEYS_FILE="$(mktemp)"
  : >"$SSH_KEYS_FILE"
@ -2085,14 +2127,14 @@ configure_ssh_settings() {
  local ssh_key_mode
  if [[ "$default_key_count" -gt 0 ]]; then
-    ssh_key_mode=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "SSH KEY SOURCE" --menu \
+    ssh_key_mode=$(whiptail --backtitle "$backtitle" --title "SSH KEY SOURCE" --menu \
      "Provision SSH keys for root:" 14 72 4 \
      "found" "Select from detected keys (${default_key_count})" \
      "manual" "Paste a single public key" \
      "folder" "Scan another folder (path or glob)" \
      "none" "No keys" 3>&1 1>&2 2>&3) || exit_script
  else
-    ssh_key_mode=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "SSH KEY SOURCE" --menu \
+    ssh_key_mode=$(whiptail --backtitle "$backtitle" --title "SSH KEY SOURCE" --menu \
      "No host keys detected; choose manual/none:" 12 72 2 \
      "manual" "Paste a single public key" \
      "none" "No keys" 3>&1 1>&2 2>&3) || exit_script
@ -2101,7 +2143,7 @@ configure_ssh_settings() {
  case "$ssh_key_mode" in
  found)
    local selection
-    selection=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "SELECT HOST KEYS" \
+    selection=$(whiptail --backtitle "$backtitle" --title "SELECT HOST KEYS" \
      --checklist "Select one or more keys to import:" 20 140 10 "${CHOICES[@]}" 3>&1 1>&2 2>&3) || exit_script
    for tag in $selection; do
      tag="${tag%\"}"
@ -2112,13 +2154,13 @@ configure_ssh_settings() {
    done
    ;;
  manual)
-    SSH_AUTHORIZED_KEY="$(whiptail --backtitle "Proxmox VE Helper Scripts" \
+    SSH_AUTHORIZED_KEY="$(whiptail --backtitle "$backtitle" \
      --inputbox "Paste one SSH public key line (ssh-ed25519/ssh-rsa/...)" 10 72 --title "SSH Public Key" 3>&1 1>&2 2>&3)"
    [[ -n "$SSH_AUTHORIZED_KEY" ]] && printf '%s\n' "$SSH_AUTHORIZED_KEY" >>"$SSH_KEYS_FILE"
    ;;
  folder)
    local glob_path
-    glob_path=$(whiptail --backtitle "Proxmox VE Helper Scripts" \
+    glob_path=$(whiptail --backtitle "$backtitle" \
      --inputbox "Enter a folder or glob to scan (e.g. /root/.ssh/*.pub)" 10 72 --title "Scan Folder/Glob" 3>&1 1>&2 2>&3)
    if [[ -n "$glob_path" ]]; then
      shopt -s nullglob
@ -2128,7 +2170,7 @@ configure_ssh_settings() {
        ssh_build_choices_from_files "${_scan_files[@]}"
        if [[ "$COUNT" -gt 0 ]]; then
          local folder_selection
-          folder_selection=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "SELECT FOLDER KEYS" \
+          folder_selection=$(whiptail --backtitle "$backtitle" --title "SELECT FOLDER KEYS" \
            --checklist "Select key(s) to import:" 20 78 10 "${CHOICES[@]}" 3>&1 1>&2 2>&3) || exit_script
          for tag in $folder_selection; do
            tag="${tag%\"}"
@ -2138,10 +2180,10 @@ configure_ssh_settings() {
            [[ -n "$line" ]] && printf '%s\n' "$line" >>"$SSH_KEYS_FILE"
          done
        else
-          whiptail --backtitle "Proxmox VE Helper Scripts" --msgbox "No keys found in: $glob_path" 8 60
+          whiptail --backtitle "$backtitle" --msgbox "No keys found in: $glob_path" 8 60
        fi
      else
-        whiptail --backtitle "Proxmox VE Helper Scripts" --msgbox "Path/glob returned no files." 8 60
+        whiptail --backtitle "$backtitle" --msgbox "Path/glob returned no files." 8 60
      fi
    fi
    ;;
@ -2155,12 +2197,9 @@ configure_ssh_settings() {
    printf '\n' >>"$SSH_KEYS_FILE"
  fi
-  if [[ -s "$SSH_KEYS_FILE" || "$PW" == -password* ]]; then
+  # Always show SSH access dialog - user should be able to enable SSH even without keys
-    if (whiptail --backtitle "Proxmox VE Helper Scripts" --defaultno --title "SSH ACCESS" --yesno "Enable root SSH access?" 10 58); then
+  if (whiptail --backtitle "$backtitle" --defaultno --title "SSH ACCESS" --yesno "Enable root SSH access?" 10 58); then
-      SSH="yes"
+    SSH="yes"
    else
      SSH="no"
    fi
  else
    SSH="no"
  fi
@ -2387,21 +2426,15 @@ build_container() {
  # GPU/USB PASSTHROUGH CONFIGURATION
  # ============================================================================
-  # List of applications that benefit from GPU acceleration
+  # Check if GPU passthrough is enabled
-  GPU_APPS=(
+  # Returns true only if var_gpu is explicitly set to "yes"
-    "immich" "channels" "emby" "ersatztv" "frigate"
+  # Can be set via:
-    "jellyfin" "plex" "scrypted" "tdarr" "unmanic"
+  #   - Environment variable: var_gpu=yes bash -c "..."
-    "ollama" "fileflows" "open-webui" "tunarr"
+  #   - CT script default: var_gpu="${var_gpu:-no}"
-    "handbrake" "sunshine" "moonlight" "kodi" "stremio"
+  #   - Advanced settings wizard
-    "viseron"
+  #   - App defaults file: /usr/local/community-scripts/defaults/<app>.vars
  )
  # Check if app needs GPU
  is_gpu_app() {
-    local app="${1,,}"
+    [[ "${var_gpu:-no}" == "yes" ]] && return 0
    for gpu_app in "${GPU_APPS[@]}"; do
      [[ "$app" == "${gpu_app,,}" ]] && return 0
    done
    return 1
  }
@ -2491,8 +2524,13 @@ EOF
  # Configure GPU passthrough
  configure_gpu_passthrough() {
-    # Skip if not a GPU app and not privileged
+    # Skip if:
-    if [[ "$CT_TYPE" != "0" ]] && ! is_gpu_app "$APP"; then
+    # GPU passthrough is enabled when var_gpu="yes":
    # - Set via environment variable: var_gpu=yes bash -c "..."
    # - Set in CT script: var_gpu="${var_gpu:-no}"
    # - Enabled in advanced_settings wizard
    # - Configured in app defaults file
    if ! is_gpu_app "$APP"; then
      return 0
    fi
--- a/misc/core.func
+++ b/misc/core.func
@ -123,6 +123,7 @@ icons() {
  CREATING="${TAB}🚀${TAB}${CL}"
  ADVANCED="${TAB}🧩${TAB}${CL}"
  FUSE="${TAB}🗂️${TAB}${CL}"
  GPU="${TAB}🎮${TAB}${CL}"
  HOURGLASS="${TAB}⏳${TAB}"
 }
Author	SHA1	Message	Date
CanbiZ	29de8ba5f6	Update logo URL to use WebP format	2025-12-09 09:19:14 +01:00
push-app-to-main[bot]	e5d5615465	Add coolify (ct)	2025-12-09 08:17:46 +00:00
community-scripts-pr-app[bot]	31c19bed09	Update CHANGELOG.md (#9788 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2025-12-09 00:13:26 +00:00
community-scripts-pr-app[bot]	bff0650d72	Update versions.json (#9787 ) Co-authored-by: GitHub Actions[bot] <github-actions[bot]@users.noreply.github.com>	2025-12-09 01:13:01 +01:00
community-scripts-pr-app[bot]	d9b05882a3	Update CHANGELOG.md (#9782 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2025-12-08 18:36:34 +00:00
Slaviša Arežina	31dbf2554c	Tandoor: Remove postgres17-contrib package (#9781 ) * Remove contrib * Update * Update * Upda	2025-12-08 19:36:06 +01:00
community-scripts-pr-app[bot]	f95cc5a7ad	Update CHANGELOG.md (#9775 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2025-12-08 13:20:30 +00:00
CanbiZ	3fb9d02f36	fix: always show SSH access dialog in advanced settings (#9765 ) - SSH access dialog is now always displayed regardless of password or SSH keys - Added step indicator to SSH settings dialogs for consistency - configure_ssh_settings() now accepts optional step_info parameter - Updated documentation for SSH configuration functions Fixes #9753	2025-12-08 14:20:05 +01:00
community-scripts-pr-app[bot]	a748be9a1f	Update CHANGELOG.md (#9774 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2025-12-08 12:52:51 +00:00
CanbiZ	4d4ced6b63	feat: Add var_gpu flag for GPU passthrough configuration (#9764 ) * feat: Add var_gpu flag for GPU passthrough configuration Changes: - Add var_gpu variable to CT scripts for explicit GPU control - Remove hardcoded GPU_APPS list - GPU detection now uses var_gpu flag - Add var_gpu to VAR_WHITELIST for persistence in default.vars and app.vars - Add GPU Passthrough option (Step 19) to advanced_settings wizard (now 20 steps) - Update documentation Apps with var_gpu=yes (GPU enabled by default): - Media: jellyfin, plex, emby, channels, ersatztv, tunarr - Transcoding: tdarr, unmanic, fileflows - AI/ML: ollama, openwebui - NVR: frigate, immich Usage: - Disable GPU: var_gpu=no bash -c '$(curl -fsSL ...jellyfin.sh)' - Enable GPU: var_gpu=yes bash -c '$(curl -fsSL ...debian.sh)' - Via default.vars: echo 'var_gpu=yes' >> /usr/local/community-scripts/default.vars - Via advanced settings wizard (Step 19) * fix: tput rmcup timing, GPU line indentation, echo_default GPU display * style: add GPU icon variable for consistent formatting	2025-12-08 13:52:30 +01:00
community-scripts-pr-app[bot]	a5d017c83b	Update versions.json (#9773 ) Co-authored-by: GitHub Actions[bot] <github-actions[bot]@users.noreply.github.com>	2025-12-08 13:06:10 +01:00
community-scripts-pr-app[bot]	5378d822f8	Update CHANGELOG.md (#9772 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2025-12-08 10:38:33 +00:00
Vincent Martens	243cb34d47	tandoor instead of trandoor (#9771 )	2025-12-08 11:38:08 +01:00