fix: pre-fill timezone with host timezone in advanced settings

feat: complete advanced settings with all var_* options
Advanced Settings Wizard (28 steps): - Step 18: FUSE Support (inherits var_fuse) - Step 19: TUN/TAP Support (inherits var_tun) - Step 20: Nesting Support (inherits var_nesting) - Step 21: GPU Passthrough (inherits var_gpu) - Step 22: Keyctl Support (inherits var_keyctl) - Step 23: APT Cacher Proxy (inherits var_apt_cacher/var_apt_cacher_ip) - Step 24: Container Timezone (inherits var_timezone) - Step 25: Container Protection (inherits var_protection) - Step 26: Device Node Creation (inherits var_mknod) - Step 27: Mount Filesystems (inherits var_mount_fs) - Step 28: Verbose Mode & Confirmation All var_* from CT scripts now pre-populate wizard fields with '(App default: X)' hints. Documentation: - New BUILD_FUNC_ADVANCED_SETTINGS.md with full wizard reference - Updated BUILD_FUNC_ENVIRONMENT_VARIABLES.md with all feature flags - Updated README.md with new documentation link
2025-12-15 11:43:31 +01:00 · 2025-12-08 14:51:57 +01:00 · 2025-12-08 14:41:48 +01:00 · 2025-12-08 14:36:44 +01:00 · 2025-12-08 13:20:30 +00:00 · 2025-12-08 14:20:05 +01:00
23 changed files with 997 additions and 336 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -12,6 +12,20 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 ## 2025-12-08
 ### 🚀 Updated Scripts
  - typo: tandoor instead of trandoor [@Neonize](https://github.com/Neonize) ([#9771](https://github.com/community-scripts/ProxmoxVE/pull/9771))
  - #### ✨ New Features
    - feat: Add var_gpu flag for GPU passthrough configuration [@MickLesk](https://github.com/MickLesk) ([#9764](https://github.com/community-scripts/ProxmoxVE/pull/9764))
 ### 💾 Core
  - #### 🐞 Bug Fixes
    - fix: always show SSH access dialog in advanced settings [@MickLesk](https://github.com/MickLesk) ([#9765](https://github.com/community-scripts/ProxmoxVE/pull/9765))
 ## 2025-12-07
 ### 🚀 Updated Scripts
--- a/ct/channels.sh
+++ b/ct/channels.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-8}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-12}"
 var_unprivileged="${var_unprivileged:-0}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
@ -38,4 +39,4 @@ description
 msg_ok "Completed Successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8089${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8089${CL}"
--- a/ct/emby.sh
+++ b/ct/emby.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-8}"
 var_os="${var_os:-ubuntu}"
 var_version="${var_version:-24.04}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/ersatztv.sh
+++ b/ct/ersatztv.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-5}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-12}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/fileflows.sh
+++ b/ct/fileflows.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-8}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-12}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/frigate.sh
+++ b/ct/frigate.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-20}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-11}"
 var_unprivileged="${var_unprivileged:-0}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
@ -38,4 +39,4 @@ description
 msg_ok "Completed Successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:5000${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:5000${CL}"
--- a/ct/immich.sh
+++ b/ct/immich.sh
@ -13,6 +13,7 @@ var_ram="${var_ram:-4096}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/jellyfin.sh
+++ b/ct/jellyfin.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-16}"
 var_os="${var_os:-ubuntu}"
 var_version="${var_version:-24.04}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/ollama.sh
+++ b/ct/ollama.sh
@ -12,6 +12,7 @@ var_ram="${var_ram:-4096}"
 var_disk="${var_disk:-35}"
 var_os="${var_os:-ubuntu}"
 var_version="${var_version:-24.04}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/openwebui.sh
+++ b/ct/openwebui.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-25}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/plex.sh
+++ b/ct/plex.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-8}"
 var_os="${var_os:-ubuntu}"
 var_version="${var_version:-24.04}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
@ -23,8 +24,8 @@ function update_script() {
  header_info
  check_container_storage
  check_container_resources
-  if [[ ! -f /etc/apt/sources.list.d/plexmediaserver.list ]] \
+  if [[ ! -f /etc/apt/sources.list.d/plexmediaserver.list ]] &&
-   && [[ ! -f /etc/apt/sources.list.d/plexmediaserver.sources ]]; then
+    [[ ! -f /etc/apt/sources.list.d/plexmediaserver.sources ]]; then
    msg_error "No ${APP} Installation Found!"
    exit
  fi
--- a/ct/tandoor.sh
+++ b/ct/tandoor.sh
@ -65,7 +65,7 @@ EOF
    $STD /opt/tandoor/.venv/bin/python manage.py migrate
    $STD /opt/tandoor/.venv/bin/python manage.py collectstatic --no-input
    rm -rf /opt/tandoor.bak
-    msg_ok "Updated Trandoor"
+    msg_ok "Updated Tandoor"
    msg_info "Starting Service"
    systemctl start tandoor
--- a/ct/tdarr.sh
+++ b/ct/tdarr.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-4}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/tunarr.sh
+++ b/ct/tunarr.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-5}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/ct/unmanic.sh
+++ b/ct/unmanic.sh
@ -13,6 +13,7 @@ var_disk="${var_disk:-4}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-0}"
 var_gpu="${var_gpu:-yes}"
 header_info "$APP"
 variables
--- a/docs/TECHNICAL_REFERENCE.md
+++ b/docs/TECHNICAL_REFERENCE.md
@ -1,8 +1,8 @@
 # Technical Reference: Configuration System Architecture
 > **For Developers and Advanced Users**
-> 
+>
-> *Deep dive into how the defaults and configuration system works*
+> _Deep dive into how the defaults and configuration system works_
 ---
@ -123,13 +123,13 @@ VAR_VALUE  := [^\n]*  # Any printable characters except newline
 **Constraints**:
-| Constraint | Value |
+| Constraint        | Value                    |
-|-----------|-------|
+| ----------------- | ------------------------ |
-| Max file size | 64 KB |
+| Max file size     | 64 KB                    |
-| Max line length | 1024 bytes |
+| Max line length   | 1024 bytes               |
-| Max variables | 100 |
+| Max variables     | 100                      |
-| Allowed var names | `var_[a-z_]+` |
+| Allowed var names | `var_[a-z_]+`            |
-| Value validation | Whitelist + Sanitization |
+| Value validation  | Whitelist + Sanitization |
 **Example Valid File**:
@ -206,21 +206,24 @@ var_tags=dns,pihole
 **Purpose**: Safely load variables from .vars files without using `source` or `eval`
 **Signature**:
 ```bash
 load_vars_file(filepath)
 ```
 **Parameters**:
-| Param | Type | Required | Example |
+| Param    | Type   | Required | Example                                     |
-|-------|------|----------|---------|
+| -------- | ------ | -------- | ------------------------------------------- |
-| filepath | String | Yes | `/usr/local/community-scripts/default.vars` |
+| filepath | String | Yes      | `/usr/local/community-scripts/default.vars` |
 **Returns**:
 - `0` on success
 - `1` on error (file missing, parse error, etc.)
 **Environment Side Effects**:
 - Sets all parsed `var_*` variables as shell variables
 - Does NOT unset variables if file missing (safe)
 - Does NOT affect other variables
@ -230,25 +233,25 @@ load_vars_file(filepath)
 ```bash
 load_vars_file() {
  local file="$1"
-  
+
  # File must exist
  [ -f "$file" ] || return 0
-  
+
  # Parse line by line (not with source/eval)
  local line key val
  while IFS='=' read -r key val || [ -n "$key" ]; do
    # Skip comments and empty lines
    [[ "$key" =~ ^[[:space:]]*# ]] && continue
    [[ -z "$key" ]] && continue
-    
+
    # Validate key is in whitelist
    _is_whitelisted_key "$key" || continue
-    
+
    # Sanitize and export value
    val="$(_sanitize_value "$val")"
    [ $? -eq 0 ] && export "$key=$val"
  done < "$file"
-  
+
  return 0
 }
 ```
@ -281,6 +284,7 @@ echo "Allocating ${var_ram} MB RAM"
 **Purpose**: Get the full path for app-specific defaults file
 **Signature**:
 ```bash
 get_app_defaults_path()
 ```
@ -288,6 +292,7 @@ get_app_defaults_path()
 **Parameters**: None
 **Returns**:
 - String: Full path to app defaults file
 **Implementation**:
@ -322,6 +327,7 @@ load_vars_file "$(get_app_defaults_path)"
 **Purpose**: Load and display user global defaults
 **Signature**:
 ```bash
 default_var_settings()
 ```
@ -329,6 +335,7 @@ default_var_settings()
 **Parameters**: None
 **Returns**:
 - `0` on success
 - `1` on error
@ -337,15 +344,15 @@ default_var_settings()
 ```
 1. Find default.vars location
   (usually /usr/local/community-scripts/default.vars)
-   
+
 2. Create if missing
-   
+
 3. Load variables from file
-   
+
 4. Map var_verbose → VERBOSE variable
-   
+
 5. Call base_settings (apply to container config)
-   
+
 6. Call echo_default (display summary)
 ```
@ -354,20 +361,20 @@ default_var_settings()
 ```bash
 default_var_settings() {
  local VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu
    var_gateway var_hostname var_ipv6_method var_mac var_mtu
    var_net var_ns var_pw var_ram var_tags var_tun var_unprivileged
    var_verbose var_vlan var_ssh var_ssh_authorized_key
    var_container_storage var_template_storage
  )
-  
+
  # Ensure file exists
  _ensure_default_vars
-  
+
  # Find and load
  local dv="$(_find_default_vars)"
  load_vars_file "$dv"
-  
+
  # Map verbose flag
  if [[ -n "${var_verbose:-}" ]]; then
    case "${var_verbose,,}" in
@ -375,7 +382,7 @@ default_var_settings() {
      *) VERBOSE="${var_verbose}" ;;
    esac
  fi
-  
+
  # Apply and display
  base_settings "$VERBOSE"
  echo_default
@ -389,6 +396,7 @@ default_var_settings() {
 **Purpose**: Offer to save current settings as app-specific defaults
 **Signature**:
 ```bash
 maybe_offer_save_app_defaults()
 ```
@ -413,10 +421,10 @@ maybe_offer_save_app_defaults()
 ```bash
 maybe_offer_save_app_defaults() {
  local app_vars_path="$(get_app_defaults_path)"
-  
+
  # Build current settings from memory
  local new_tmp="$(_build_current_app_vars_tmp)"
-  
+
  # Check if already exists
  if [ -f "$app_vars_path" ]; then
    # Show diff and ask: Update? Keep? View Diff?
@ -438,29 +446,31 @@ maybe_offer_save_app_defaults() {
 **Purpose**: Remove dangerous characters/patterns from configuration values
 **Signature**:
 ```bash
 _sanitize_value(value)
 ```
 **Parameters**:
-| Param | Type | Required |
+| Param | Type   | Required |
-|-------|------|----------|
+| ----- | ------ | -------- |
-| value | String | Yes |
+| value | String | Yes      |
 **Returns**:
 - `0` (success) + sanitized value on stdout
 - `1` (failure) + nothing if dangerous
 **Dangerous Patterns**:
-| Pattern | Threat | Example |
+| Pattern   | Threat               | Example              |
-|---------|--------|---------|
+| --------- | -------------------- | -------------------- |
-| `$(...)` | Command substitution | `$(rm -rf /)` |
+| `$(...)`  | Command substitution | `$(rm -rf /)`        |
-| `` ` ` `` | Command substitution | `` `whoami` `` |
+| `` ` ` `` | Command substitution | `` `whoami` ``       |
-| `;` | Command separator | `value; rm -rf /` |
+| `;`       | Command separator    | `value; rm -rf /`    |
-| `&` | Background execution | `value & malicious` |
+| `&`       | Background execution | `value & malicious`  |
-| `<(` | Process substitution | `<(cat /etc/passwd)` |
+| `<(`      | Process substitution | `<(cat /etc/passwd)` |
 **Implementation**:
@ -501,17 +511,19 @@ fi
 **Purpose**: Check if variable name is in allowed whitelist
 **Signature**:
 ```bash
 _is_whitelisted_key(key)
 ```
 **Parameters**:
-| Param | Type | Required | Example |
+| Param | Type   | Required | Example   |
-|-------|------|----------|---------|
+| ----- | ------ | -------- | --------- |
-| key | String | Yes | `var_cpu` |
+| key   | String | Yes      | `var_cpu` |
 **Returns**:
 - `0` if key is whitelisted
 - `1` if key is NOT whitelisted
@ -573,6 +585,7 @@ Step 4: Use BUILT-IN DEFAULTS
 ### Precedence Examples
 **Example 1: Environment Variable Wins**
 ```bash
 # Shell environment has highest priority
 $ export var_cpu=16
@ -583,6 +596,7 @@ $ bash pihole-install.sh
 ```
 **Example 2: App Defaults Override User Defaults**
 ```bash
 # User Defaults: var_cpu=4
 # App Defaults: var_cpu=2
@ -593,6 +607,7 @@ $ bash pihole-install.sh
 ```
 **Example 3: All Defaults Missing (Built-ins Used)**
 ```bash
 # No environment variables set
 # No app defaults file
@ -611,21 +626,21 @@ $ bash pihole-install.sh
 base_settings() {
  # Priority 1: Environment variables (already set if export used)
  CT_TYPE=${var_unprivileged:-"1"}          # Use existing or default
-  
+
  # Priority 2: Load app defaults (may override above)
  if [ -f "$(get_app_defaults_path)" ]; then
    load_vars_file "$(get_app_defaults_path)"
  fi
-  
+
  # Priority 3: Load user defaults
  if [ -f "/usr/local/community-scripts/default.vars" ]; then
    load_vars_file "/usr/local/community-scripts/default.vars"
  fi
-  
+
  # Priority 4: Apply built-in defaults (lowest)
  CORE_COUNT=${var_cpu:-"${APP_CPU_DEFAULT:-2}"}
  RAM_SIZE=${var_ram:-"${APP_RAM_DEFAULT:-1024}"}
-  
+
  # Result: var_cpu has been set through precedence chain
 }
 ```
@ -734,14 +749,14 @@ CONTAINER CREATION STARTED
 ### Threat Model
-| Threat | Mitigation |
+| Threat                       | Mitigation                                        |
-|--------|-----------|
+| ---------------------------- | ------------------------------------------------- |
-| **Arbitrary Code Execution** | No `source` or `eval`; manual parsing only |
+| **Arbitrary Code Execution** | No `source` or `eval`; manual parsing only        |
-| **Variable Injection** | Whitelist of allowed variable names |
+| **Variable Injection**       | Whitelist of allowed variable names               |
-| **Command Substitution** | `_sanitize_value()` blocks `$()`, backticks, etc. |
+| **Command Substitution**     | `_sanitize_value()` blocks `$()`, backticks, etc. |
-| **Path Traversal** | Files locked to `/usr/local/community-scripts/` |
+| **Path Traversal**           | Files locked to `/usr/local/community-scripts/`   |
-| **Permission Escalation** | Files created with restricted permissions |
+| **Permission Escalation**    | Files created with restricted permissions         |
-| **Information Disclosure** | Sensitive variables not logged |
+| **Information Disclosure**   | Sensitive variables not logged                    |
 ### Security Controls
@ -798,6 +813,7 @@ fi
 ### Module: `build.func`
 **Load Order** (in actual scripts):
 1. `#!/usr/bin/env bash` - Shebang
 2. `source /dev/stdin <<<$(curl ... api.func)` - API functions
 3. `source /dev/stdin <<<$(curl ... build.func)` - Build functions
@ -832,17 +848,17 @@ fi
 # Section 6: Installation Flow
 - install_script()         # Main entry point
- advanced_settings()      # 19-step wizard
+- advanced_settings()      # 20-step wizard
 ```
 ### Regex Patterns Used
-| Pattern | Purpose | Example Match |
+| Pattern                | Purpose               | Example Match           |
-|---------|---------|---|
+| ---------------------- | --------------------- | ----------------------- |
-| `^[0-9]+([.][0-9]+)?$` | Integer validation | `4`, `192.168` |
+| `^[0-9]+([.][0-9]+)?$` | Integer validation    | `4`, `192.168`          |
-| `^var_[a-z_]+$` | Variable name | `var_cpu`, `var_ssh` |
+| `^var_[a-z_]+$`        | Variable name         | `var_cpu`, `var_ssh`    |
-| `*'$('*` | Command substitution | `$(whoami)` |
+| `*'$('*`               | Command substitution  | `$(whoami)`             |
-| `*\`*` | Backtick substitution | `` `cat /etc/passwd` `` |
+| `*\`\*`                | Backtick substitution | `` `cat /etc/passwd` `` |
 ---
@ -869,12 +885,12 @@ fi
 ### Function Mapping
-| Old | New | Location |
+| Old              | New                               | Location   |
-|-----|-----|----------|
+| ---------------- | --------------------------------- | ---------- |
-| `read_config()` | `load_vars_file()` | build.func |
+| `read_config()`  | `load_vars_file()`                | build.func |
-| `write_config()` | `_build_current_app_vars_tmp()` | build.func |
+| `write_config()` | `_build_current_app_vars_tmp()`   | build.func |
-| None | `maybe_offer_save_app_defaults()` | build.func |
+| None             | `maybe_offer_save_app_defaults()` | build.func |
-| None | `get_app_defaults_path()` | build.func |
+| None             | `get_app_defaults_path()`         | build.func |
 ---
--- a/docs/misc/build.func/BUILD_FUNC_ADVANCED_SETTINGS.md
+++ b/docs/misc/build.func/BUILD_FUNC_ADVANCED_SETTINGS.md
@ -0,0 +1,164 @@
 # Advanced Settings Wizard Reference
 ## Overview
 The Advanced Settings wizard provides a 28-step interactive configuration for LXC container creation. It allows users to customize every aspect of the container while inheriting sensible defaults from the CT script.
 ## Key Features
 - **Inherit App Defaults**: All `var_*` values from CT scripts pre-populate wizard fields
 - **Back Navigation**: Press Cancel/Back to return to previous step
 - **App Default Hints**: Each dialog shows `(App default: X)` to indicate script defaults
 - **Full Customization**: Every configurable option is accessible
 ## Wizard Steps
 | Step | Title                    | Variable(s)                       | Description                                           |
 | ---- | ------------------------ | --------------------------------- | ----------------------------------------------------- |
 | 1    | Container Type           | `var_unprivileged`                | Privileged (0) or Unprivileged (1) container          |
 | 2    | Root Password            | `var_pw`                          | Set password or use automatic login                   |
 | 3    | Container ID             | `var_ctid`                        | Unique container ID (auto-suggested)                  |
 | 4    | Hostname                 | `var_hostname`                    | Container hostname                                    |
 | 5    | Disk Size                | `var_disk`                        | Disk size in GB                                       |
 | 6    | CPU Cores                | `var_cpu`                         | Number of CPU cores                                   |
 | 7    | RAM Size                 | `var_ram`                         | RAM size in MiB                                       |
 | 8    | Network Bridge           | `var_brg`                         | Network bridge (vmbr0, etc.)                          |
 | 9    | IPv4 Configuration       | `var_net`, `var_gateway`          | DHCP or static IP with gateway                        |
 | 10   | IPv6 Configuration       | `var_ipv6_method`                 | Auto, DHCP, Static, or None                           |
 | 11   | MTU Size                 | `var_mtu`                         | Network MTU (default: 1500)                           |
 | 12   | DNS Search Domain        | `var_searchdomain`                | DNS search domain                                     |
 | 13   | DNS Server               | `var_ns`                          | Custom DNS server IP                                  |
 | 14   | MAC Address              | `var_mac`                         | Custom MAC address (auto-generated if empty)          |
 | 15   | VLAN Tag                 | `var_vlan`                        | VLAN tag ID                                           |
 | 16   | Tags                     | `var_tags`                        | Container tags (comma/semicolon separated)            |
 | 17   | SSH Settings             | `var_ssh`                         | SSH key selection and root access                     |
 | 18   | FUSE Support             | `var_fuse`                        | Enable FUSE for rclone, mergerfs, AppImage            |
 | 19   | TUN/TAP Support          | `var_tun`                         | Enable for VPN apps (WireGuard, OpenVPN, Tailscale)   |
 | 20   | Nesting Support          | `var_nesting`                     | Enable for Docker, LXC in LXC, Podman                 |
 | 21   | GPU Passthrough          | `var_gpu`                         | Auto-detect and pass through Intel/AMD/NVIDIA GPUs    |
 | 22   | Keyctl Support           | `var_keyctl`                      | Enable for Docker, systemd-networkd                   |
 | 23   | APT Cacher Proxy         | `var_apt_cacher`, `var_apt_cacher_ip` | Use apt-cacher-ng for faster downloads            |
 | 24   | Container Timezone       | `var_timezone`                    | Set timezone (e.g., Europe/Berlin)                    |
 | 25   | Container Protection     | `var_protection`                  | Prevent accidental deletion                           |
 | 26   | Device Node Creation     | `var_mknod`                       | Allow mknod (experimental, kernel 5.3+)               |
 | 27   | Mount Filesystems        | `var_mount_fs`                    | Allow specific mounts: nfs, cifs, fuse, etc.          |
 | 28   | Verbose Mode & Confirm   | `var_verbose`                     | Enable verbose output + final confirmation            |
 ## Default Value Inheritance
 The wizard inherits defaults from multiple sources:
 ```text
 CT Script (var_*) → default.vars → app.vars → User Input
 ```
 ### Example: VPN Container (alpine-wireguard.sh)
 ```bash
 # CT script sets:
 var_tun="${var_tun:-1}"  # TUN enabled by default
 # In Advanced Settings Step 19:
 # Dialog shows: "(App default: 1)" and pre-selects "Yes"
 ```
 ### Example: Media Server (jellyfin.sh)
 ```bash
 # CT script sets:
 var_gpu="${var_gpu:-yes}"  # GPU enabled by default
 # In Advanced Settings Step 21:
 # Dialog shows: "(App default: yes)" and pre-selects "Yes"
 ```
 ## Feature Matrix
 | Feature           | Variable         | When to Enable                                      |
 | ----------------- | ---------------- | --------------------------------------------------- |
 | FUSE              | `var_fuse`       | rclone, mergerfs, AppImage, SSHFS                   |
 | TUN/TAP           | `var_tun`        | WireGuard, OpenVPN, Tailscale, VPN containers       |
 | Nesting           | `var_nesting`    | Docker, Podman, LXC-in-LXC, systemd-nspawn          |
 | GPU Passthrough   | `var_gpu`        | Plex, Jellyfin, Emby, Frigate, Ollama, ComfyUI      |
 | Keyctl            | `var_keyctl`     | Docker (unprivileged), systemd-networkd             |
 | Protection        | `var_protection` | Production containers, prevent accidental deletion  |
 | Mknod             | `var_mknod`      | Device node creation (experimental)                 |
 | Mount FS          | `var_mount_fs`   | NFS mounts, CIFS shares, custom filesystems         |
 | APT Cacher        | `var_apt_cacher` | Speed up downloads with local apt-cacher-ng         |
 ## Confirmation Summary
 Step 28 displays a comprehensive summary before creation:
 ```text
 Container Type: Unprivileged
 Container ID: 100
 Hostname: jellyfin
 Resources:
  Disk: 8 GB
  CPU: 2 cores
  RAM: 2048 MiB
 Network:
  Bridge: vmbr0
  IPv4: dhcp
  IPv6: auto
 Features:
  FUSE: no | TUN: no
  Nesting: Enabled | Keyctl: Disabled
  GPU: yes | Protection: No
 Advanced:
  Timezone: Europe/Berlin
  APT Cacher: no
  Verbose: no
 ```
 ## Usage Examples
 ### Skip to Advanced Settings
 ```bash
 # Run script, select "Advanced" from menu
 bash -c "$(curl -fsSL https://...jellyfin.sh)"
 # Then select option 3 "Advanced"
 ```
 ### Pre-set Defaults via Environment
 ```bash
 # Set defaults before running
 export var_cpu=4
 export var_ram=4096
 export var_gpu=yes
 bash -c "$(curl -fsSL https://...jellyfin.sh)"
 # Advanced settings will inherit these values
 ```
 ### Non-Interactive with All Options
 ```bash
 # Set all variables for fully automated deployment
 export var_unprivileged=1
 export var_cpu=2
 export var_ram=2048
 export var_disk=8
 export var_net=dhcp
 export var_fuse=no
 export var_tun=no
 export var_gpu=yes
 export var_nesting=1
 export var_protection=no
 export var_verbose=no
 bash -c "$(curl -fsSL https://...jellyfin.sh)"
 ```
 ## Notes
 - **Cancel at Step 1**: Exits the script entirely
 - **Cancel at Steps 2-28**: Goes back to previous step
 - **Empty fields**: Use default value
 - **Keyctl**: Automatically enabled for unprivileged containers
 - **Nesting**: Enabled by default (required for many apps)
--- a/docs/misc/build.func/BUILD_FUNC_ENVIRONMENT_VARIABLES.md
+++ b/docs/misc/build.func/BUILD_FUNC_ENVIRONMENT_VARIABLES.md
@ -8,103 +8,142 @@ This document provides a comprehensive reference of all environment variables us
 ### Core Container Variables
-| Variable | Description | Default | Set In | Used In |
+| Variable  | Description                                  | Default   | Set In      | Used In            |
-|----------|-------------|---------|---------|---------|
+| --------- | -------------------------------------------- | --------- | ----------- | ------------------ |
-| `APP` | Application name (e.g., "plex", "nextcloud") | - | Environment | Throughout |
+| `APP`     | Application name (e.g., "plex", "nextcloud") | -         | Environment | Throughout         |
-| `NSAPP` | Namespace application name | `$APP` | Environment | Throughout |
+| `NSAPP`   | Namespace application name                   | `$APP`    | Environment | Throughout         |
-| `CTID` | Container ID | - | Environment | Container creation |
+| `CTID`    | Container ID                                 | -         | Environment | Container creation |
-| `CT_TYPE` | Container type ("install" or "update") | "install" | Environment | Entry point |
+| `CT_TYPE` | Container type ("install" or "update")       | "install" | Environment | Entry point        |
-| `CT_NAME` | Container name | `$APP` | Environment | Container creation |
+| `CT_NAME` | Container name                               | `$APP`    | Environment | Container creation |
 ### Operating System Variables
-| Variable | Description | Default | Set In | Used In |
+| Variable       | Description                | Default        | Set In          | Used In            |
-|----------|-------------|---------|---------|---------|
+| -------------- | -------------------------- | -------------- | --------------- | ------------------ |
-| `var_os` | Operating system selection | "debian" | base_settings() | OS selection |
+| `var_os`       | Operating system selection | "debian"       | base_settings() | OS selection       |
-| `var_version` | OS version | "12" | base_settings() | Template selection |
+| `var_version`  | OS version                 | "12"           | base_settings() | Template selection |
-| `var_template` | Template name | Auto-generated | base_settings() | Template download |
+| `var_template` | Template name              | Auto-generated | base_settings() | Template download  |
 ### Resource Configuration Variables
-| Variable | Description | Default | Set In | Used In |
+| Variable     | Description             | Default     | Set In          | Used In            |
-|----------|-------------|---------|---------|---------|
+| ------------ | ----------------------- | ----------- | --------------- | ------------------ |
-| `var_cpu` | CPU cores | "2" | base_settings() | Container creation |
+| `var_cpu`    | CPU cores               | "2"         | base_settings() | Container creation |
-| `var_ram` | RAM in MB | "2048" | base_settings() | Container creation |
+| `var_ram`    | RAM in MB               | "2048"      | base_settings() | Container creation |
-| `var_disk` | Disk size in GB | "8" | base_settings() | Container creation |
+| `var_disk`   | Disk size in GB         | "8"         | base_settings() | Container creation |
-| `DISK_SIZE` | Disk size (alternative) | `$var_disk` | Environment | Container creation |
+| `DISK_SIZE`  | Disk size (alternative) | `$var_disk` | Environment     | Container creation |
-| `CORE_COUNT` | CPU cores (alternative) | `$var_cpu` | Environment | Container creation |
+| `CORE_COUNT` | CPU cores (alternative) | `$var_cpu`  | Environment     | Container creation |
-| `RAM_SIZE` | RAM size (alternative) | `$var_ram` | Environment | Container creation |
+| `RAM_SIZE`   | RAM size (alternative)  | `$var_ram`  | Environment     | Container creation |
 ### Network Configuration Variables
-| Variable | Description | Default | Set In | Used In |
+| Variable      | Description                     | Default        | Set In          | Used In        |
-|----------|-------------|---------|---------|---------|
+| ------------- | ------------------------------- | -------------- | --------------- | -------------- |
-| `var_net` | Network interface | "vmbr0" | base_settings() | Network config |
+| `var_net`     | Network interface               | "vmbr0"        | base_settings() | Network config |
-| `var_bridge` | Bridge interface | "vmbr0" | base_settings() | Network config |
+| `var_bridge`  | Bridge interface                | "vmbr0"        | base_settings() | Network config |
-| `var_gateway` | Gateway IP | "192.168.1.1" | base_settings() | Network config |
+| `var_gateway` | Gateway IP                      | "192.168.1.1"  | base_settings() | Network config |
-| `var_ip` | Container IP address | - | User input | Network config |
+| `var_ip`      | Container IP address            | -              | User input      | Network config |
-| `var_ipv6` | IPv6 address | - | User input | Network config |
+| `var_ipv6`    | IPv6 address                    | -              | User input      | Network config |
-| `var_vlan` | VLAN ID | - | User input | Network config |
+| `var_vlan`    | VLAN ID                         | -              | User input      | Network config |
-| `var_mtu` | MTU size | "1500" | base_settings() | Network config |
+| `var_mtu`     | MTU size                        | "1500"         | base_settings() | Network config |
-| `var_mac` | MAC address | Auto-generated | base_settings() | Network config |
+| `var_mac`     | MAC address                     | Auto-generated | base_settings() | Network config |
-| `NET` | Network interface (alternative) | `$var_net` | Environment | Network config |
+| `NET`         | Network interface (alternative) | `$var_net`     | Environment     | Network config |
-| `BRG` | Bridge interface (alternative) | `$var_bridge` | Environment | Network config |
+| `BRG`         | Bridge interface (alternative)  | `$var_bridge`  | Environment     | Network config |
-| `GATE` | Gateway IP (alternative) | `$var_gateway` | Environment | Network config |
+| `GATE`        | Gateway IP (alternative)        | `$var_gateway` | Environment     | Network config |
-| `IPV6_METHOD` | IPv6 configuration method | "none" | Environment | Network config |
+| `IPV6_METHOD` | IPv6 configuration method       | "none"         | Environment     | Network config |
-| `VLAN` | VLAN ID (alternative) | `$var_vlan` | Environment | Network config |
+| `VLAN`        | VLAN ID (alternative)           | `$var_vlan`    | Environment     | Network config |
-| `MTU` | MTU size (alternative) | `$var_mtu` | Environment | Network config |
+| `MTU`         | MTU size (alternative)          | `$var_mtu`     | Environment     | Network config |
-| `MAC` | MAC address (alternative) | `$var_mac` | Environment | Network config |
+| `MAC`         | MAC address (alternative)       | `$var_mac`     | Environment     | Network config |
 ### Storage Configuration Variables
-| Variable | Description | Default | Set In | Used In |
+| Variable                | Description                     | Default                  | Set In           | Used In           |
-|----------|-------------|---------|---------|---------|
+| ----------------------- | ------------------------------- | ------------------------ | ---------------- | ----------------- |
-| `var_template_storage` | Storage for templates | - | select_storage() | Template storage |
+| `var_template_storage`  | Storage for templates           | -                        | select_storage() | Template storage  |
-| `var_container_storage` | Storage for container disks | - | select_storage() | Container storage |
+| `var_container_storage` | Storage for container disks     | -                        | select_storage() | Container storage |
-| `TEMPLATE_STORAGE` | Template storage (alternative) | `$var_template_storage` | Environment | Template storage |
+| `TEMPLATE_STORAGE`      | Template storage (alternative)  | `$var_template_storage`  | Environment      | Template storage  |
-| `CONTAINER_STORAGE` | Container storage (alternative) | `$var_container_storage` | Environment | Container storage |
+| `CONTAINER_STORAGE`     | Container storage (alternative) | `$var_container_storage` | Environment      | Container storage |
 ### Feature Flags
-| Variable | Description | Default | Set In | Used In |
+| Variable         | Description                    | Default | Set In                          | Used In            |
-|----------|-------------|---------|---------|---------|
+| ---------------- | ------------------------------ | ------- | ------------------------------- | ------------------ |
-| `ENABLE_FUSE` | Enable FUSE support | "true" | base_settings() | Container features |
+| `var_fuse`       | Enable FUSE support            | "no"    | CT script / Advanced Settings   | Container features |
-| `ENABLE_TUN` | Enable TUN/TAP support | "true" | base_settings() | Container features |
+| `var_tun`        | Enable TUN/TAP support         | "no"    | CT script / Advanced Settings   | Container features |
-| `ENABLE_KEYCTL` | Enable keyctl support | "true" | base_settings() | Container features |
+| `var_nesting`    | Enable nesting support         | "1"     | CT script / Advanced Settings   | Container features |
-| `ENABLE_MOUNT` | Enable mount support | "true" | base_settings() | Container features |
+| `var_keyctl`     | Enable keyctl support          | "0"     | CT script / Advanced Settings   | Container features |
-| `ENABLE_NESTING` | Enable nesting support | "false" | base_settings() | Container features |
+| `var_mknod`      | Allow device node creation     | "0"     | CT script / Advanced Settings   | Container features |
-| `ENABLE_PRIVILEGED` | Enable privileged mode | "false" | base_settings() | Container features |
+| `var_mount_fs`   | Allowed filesystem mounts      | ""      | CT script / Advanced Settings   | Container features |
-| `ENABLE_UNPRIVILEGED` | Enable unprivileged mode | "true" | base_settings() | Container features |
+| `var_protection` | Enable container protection    | "no"    | CT script / Advanced Settings   | Container creation |
-| `VERBOSE` | Enable verbose output | "false" | Environment | Logging |
+| `var_timezone`   | Container timezone             | ""      | CT script / Advanced Settings   | Container creation |
-| `SSH` | Enable SSH key provisioning | "true" | base_settings() | SSH setup |
+| `var_verbose`    | Enable verbose output          | "no"    | Environment / Advanced Settings | Logging            |
 | `var_ssh`        | Enable SSH key provisioning    | "no"    | CT script / Advanced Settings   | SSH setup          |
 | `ENABLE_FUSE`    | FUSE flag (internal)           | "no"    | Advanced Settings               | Container creation |
 | `ENABLE_TUN`     | TUN/TAP flag (internal)        | "no"    | Advanced Settings               | Container creation |
 | `ENABLE_NESTING` | Nesting flag (internal)        | "1"     | Advanced Settings               | Container creation |
 | `ENABLE_KEYCTL`  | Keyctl flag (internal)         | "0"     | Advanced Settings               | Container creation |
 | `ENABLE_MKNOD`   | Mknod flag (internal)          | "0"     | Advanced Settings               | Container creation |
 | `PROTECT_CT`     | Protection flag (internal)     | "no"    | Advanced Settings               | Container creation |
 | `CT_TIMEZONE`    | Timezone setting (internal)    | ""      | Advanced Settings               | Container creation |
 | `VERBOSE`        | Verbose mode flag              | "no"    | Environment                     | Logging            |
 | `SSH`            | SSH access flag                | "no"    | Advanced Settings               | SSH setup          |
 ### APT Cacher Configuration
 | Variable           | Description              | Default | Set In                        | Used In             |
 | ------------------ | ------------------------ | ------- | ----------------------------- | ------------------- |
 | `var_apt_cacher`   | Enable APT cacher proxy  | "no"    | CT script / Advanced Settings | Package management  |
 | `var_apt_cacher_ip`| APT cacher server IP     | ""      | CT script / Advanced Settings | Package management  |
 | `APT_CACHER`       | APT cacher flag          | "no"    | Advanced Settings             | Container creation  |
 | `APT_CACHER_IP`    | APT cacher IP (internal) | ""      | Advanced Settings             | Container creation  |
 ### GPU Passthrough Variables
-| Variable | Description | Default | Set In | Used In |
+| Variable     | Description                     | Default | Set In                                      | Used In            |
-|----------|-------------|---------|---------|---------|
+| ------------ | ------------------------------- | ------- | ------------------------------------------- | ------------------ |
-| `GPU_APPS` | List of apps that support GPU | - | Environment | GPU detection |
+| `var_gpu`    | Enable GPU passthrough          | "no"    | CT script / Environment / Advanced Settings | GPU passthrough    |
-| `var_gpu` | GPU selection | - | User input | GPU passthrough |
+| `ENABLE_GPU` | GPU passthrough flag (internal) | "no"    | Advanced Settings                           | Container creation |
-| `var_gpu_type` | GPU type (intel/amd/nvidia) | - | detect_gpu_devices() | GPU passthrough |
+
-| `var_gpu_devices` | GPU device list | - | detect_gpu_devices() | GPU passthrough |
+**Note**: GPU passthrough is controlled via `var_gpu`. Apps that benefit from GPU acceleration (media servers, AI/ML, transcoding) have `var_gpu=yes` as default in their CT scripts.
 **Apps with GPU enabled by default**:
 - Media: jellyfin, plex, emby, channels, ersatztv, tunarr, immich
 - Transcoding: tdarr, unmanic, fileflows
 - AI/ML: ollama, openwebui
 - NVR: frigate
 **Usage Examples**:
 ```bash
 # Disable GPU for a specific installation
 var_gpu=no bash -c "$(curl -fsSL https://...jellyfin.sh)"
 # Enable GPU for apps without default GPU support
 var_gpu=yes bash -c "$(curl -fsSL https://...debian.sh)"
 # Set in default.vars for all apps
 echo "var_gpu=yes" >> /usr/local/community-scripts/default.vars
 ```
 ### API and Diagnostics Variables
-| Variable | Description | Default | Set In | Used In |
+| Variable      | Description              | Default   | Set In      | Used In           |
-|----------|-------------|---------|---------|---------|
+| ------------- | ------------------------ | --------- | ----------- | ----------------- |
-| `DIAGNOSTICS` | Enable diagnostics mode | "false" | Environment | Diagnostics |
+| `DIAGNOSTICS` | Enable diagnostics mode  | "false"   | Environment | Diagnostics       |
-| `METHOD` | Installation method | "install" | Environment | Installation flow |
+| `METHOD`      | Installation method      | "install" | Environment | Installation flow |
-| `RANDOM_UUID` | Random UUID for tracking | - | Environment | Logging |
+| `RANDOM_UUID` | Random UUID for tracking | -         | Environment | Logging           |
-| `API_TOKEN` | Proxmox API token | - | Environment | API calls |
+| `API_TOKEN`   | Proxmox API token        | -         | Environment | API calls         |
-| `API_USER` | Proxmox API user | - | Environment | API calls |
+| `API_USER`    | Proxmox API user         | -         | Environment | API calls         |
 ### Settings Persistence Variables
-| Variable | Description | Default | Set In | Used In |
+| Variable            | Description                | Default                                           | Set In      | Used In              |
-|----------|-------------|---------|---------|---------|
+| ------------------- | -------------------------- | ------------------------------------------------- | ----------- | -------------------- |
-| `SAVE_DEFAULTS` | Save settings as defaults | "false" | User input | Settings persistence |
+| `SAVE_DEFAULTS`     | Save settings as defaults  | "false"                                           | User input  | Settings persistence |
-| `SAVE_APP_DEFAULTS` | Save app-specific defaults | "false" | User input | Settings persistence |
+| `SAVE_APP_DEFAULTS` | Save app-specific defaults | "false"                                           | User input  | Settings persistence |
-| `DEFAULT_VARS_FILE` | Path to default.vars | "/usr/local/community-scripts/default.vars" | Environment | Settings persistence |
+| `DEFAULT_VARS_FILE` | Path to default.vars       | "/usr/local/community-scripts/default.vars"       | Environment | Settings persistence |
-| `APP_DEFAULTS_FILE` | Path to app.vars | "/usr/local/community-scripts/defaults/$APP.vars" | Environment | Settings persistence |
+| `APP_DEFAULTS_FILE` | Path to app.vars           | "/usr/local/community-scripts/defaults/$APP.vars" | Environment | Settings persistence |
 ## Variable Precedence Chain
@ -152,6 +191,7 @@ export SSH="true"
 ## Environment Variable Usage Patterns
 ### 1. Container Creation
 ```bash
 # Basic container creation
 export APP="nextcloud"
@ -170,6 +210,7 @@ export var_container_storage="local"
 ```
 ### 2. GPU Passthrough
 ```bash
 # Enable GPU passthrough
 export GPU_APPS="plex,jellyfin,emby"
@ -178,6 +219,7 @@ export ENABLE_PRIVILEGED="true"
 ```
 ### 3. Advanced Network Configuration
 ```bash
 # VLAN and IPv6 configuration
 export var_vlan="100"
@ -187,6 +229,7 @@ export var_mtu="9000"
 ```
 ### 4. Storage Configuration
 ```bash
 # Custom storage locations
 export var_template_storage="nfs-storage"
@ -206,6 +249,7 @@ The script validates variables at several points:
 ## Common Variable Combinations
 ### Development Container
 ```bash
 export APP="dev-container"
 export CTID="200"
@ -220,6 +264,7 @@ export ENABLE_PRIVILEGED="true"
 ```
 ### Media Server with GPU
 ```bash
 export APP="plex"
 export CTID="300"
@ -235,6 +280,7 @@ export ENABLE_PRIVILEGED="true"
 ```
 ### Lightweight Service
 ```bash
 export APP="nginx"
 export CTID="400"
--- a/docs/misc/build.func/BUILD_FUNC_FUNCTIONS_REFERENCE.md
+++ b/docs/misc/build.func/BUILD_FUNC_FUNCTIONS_REFERENCE.md
@ -9,30 +9,35 @@ This document provides a comprehensive reference of all functions in `build.func
 ### Initialization Functions
 #### `start()`
 **Purpose**: Main entry point when build.func is sourced or executed
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Detects execution context (Proxmox host vs container)
 - Captures hard environment variables
 - Sets CT_TYPE based on context
 - Routes to appropriate workflow (install_script or update_script)
-**Dependencies**: None
+  **Dependencies**: None
-**Environment Variables Used**: `CT_TYPE`, `APP`, `CTID`
+  **Environment Variables Used**: `CT_TYPE`, `APP`, `CTID`
 #### `variables()`
 **Purpose**: Load and resolve all configuration variables using precedence chain
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Loads app-specific .vars file
 - Loads global default.vars file
 - Applies variable precedence chain
 - Sets all configuration variables
-**Dependencies**: `base_settings()`
+  **Dependencies**: `base_settings()`
-**Environment Variables Used**: All configuration variables
+  **Environment Variables Used**: All configuration variables
 #### `base_settings()`
 **Purpose**: Set built-in default values for all configuration variables
 **Parameters**: None
 **Returns**: None
@ -43,28 +48,33 @@ This document provides a comprehensive reference of all functions in `build.func
 ### UI and Menu Functions
 #### `install_script()`
 **Purpose**: Main installation workflow coordinator
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Displays installation mode selection menu
 - Coordinates the entire installation process
 - Handles user interaction and validation
-**Dependencies**: `variables()`, `build_container()`, `default_var_settings()`
+  **Dependencies**: `variables()`, `build_container()`, `default_var_settings()`
-**Environment Variables Used**: `APP`, `CTID`, `var_hostname`
+  **Environment Variables Used**: `APP`, `CTID`, `var_hostname`
 #### `advanced_settings()`
 **Purpose**: Provide advanced configuration options via whiptail menus
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Displays whiptail menus for configuration
 - Updates configuration variables based on user input
 - Validates user selections
-**Dependencies**: `select_storage()`, `detect_gpu_devices()`
+  **Dependencies**: `select_storage()`, `detect_gpu_devices()`
-**Environment Variables Used**: All configuration variables
+  **Environment Variables Used**: All configuration variables
 #### `settings_menu()`
 **Purpose**: Display and handle settings configuration menu
 **Parameters**: None
 **Returns**: None
@ -75,58 +85,68 @@ This document provides a comprehensive reference of all functions in `build.func
 ### Storage Functions
 #### `select_storage()`
 **Purpose**: Handle storage selection for templates and containers
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Resolves storage preselection
 - Prompts user for storage selection if needed
 - Validates storage availability
 - Sets var_template_storage and var_container_storage
-**Dependencies**: `resolve_storage_preselect()`, `choose_and_set_storage_for_file()`
+  **Dependencies**: `resolve_storage_preselect()`, `choose_and_set_storage_for_file()`
-**Environment Variables Used**: `var_template_storage`, `var_container_storage`, `TEMPLATE_STORAGE`, `CONTAINER_STORAGE`
+  **Environment Variables Used**: `var_template_storage`, `var_container_storage`, `TEMPLATE_STORAGE`, `CONTAINER_STORAGE`
 #### `resolve_storage_preselect()`
 **Purpose**: Resolve preselected storage options
 **Parameters**:
 - `storage_type`: Type of storage (template or container)
-**Returns**: Storage name if valid, empty if invalid
+  **Returns**: Storage name if valid, empty if invalid
-**Side Effects**: Validates storage availability
+  **Side Effects**: Validates storage availability
-**Dependencies**: None
+  **Dependencies**: None
-**Environment Variables Used**: `var_template_storage`, `var_container_storage`
+  **Environment Variables Used**: `var_template_storage`, `var_container_storage`
 #### `choose_and_set_storage_for_file()`
 **Purpose**: Interactive storage selection via whiptail
 **Parameters**:
 - `storage_type`: Type of storage (template or container)
 - `content_type`: Content type (vztmpl or rootdir)
-**Returns**: None
+  **Returns**: None
-**Side Effects**:
+  **Side Effects**:
 - Displays whiptail menu
 - Updates storage variables
 - Validates selection
-**Dependencies**: None
+  **Dependencies**: None
-**Environment Variables Used**: `var_template_storage`, `var_container_storage`
+  **Environment Variables Used**: `var_template_storage`, `var_container_storage`
 ### Container Creation Functions
 #### `build_container()`
 **Purpose**: Validate settings and prepare container creation
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Validates all configuration
 - Checks for conflicts
 - Prepares container configuration
 - Calls create_lxc_container()
-**Dependencies**: `create_lxc_container()`
+  **Dependencies**: `create_lxc_container()`
-**Environment Variables Used**: All configuration variables
+  **Environment Variables Used**: All configuration variables
 #### `create_lxc_container()`
 **Purpose**: Create the actual LXC container
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Creates LXC container with basic configuration
 - Configures network settings
 - Sets up storage and mount points
@ -134,108 +154,176 @@ This document provides a comprehensive reference of all functions in `build.func
 - Sets resource limits
 - Configures startup options
 - Starts container
-**Dependencies**: `configure_gpu_passthrough()`, `fix_gpu_gids()`
+  **Dependencies**: `configure_gpu_passthrough()`, `fix_gpu_gids()`
-**Environment Variables Used**: All configuration variables
+  **Environment Variables Used**: All configuration variables
 ### GPU and Hardware Functions
 #### `detect_gpu_devices()`
 **Purpose**: Detect available GPU hardware on the system
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Scans for Intel, AMD, and NVIDIA GPUs
 - Updates var_gpu_type and var_gpu_devices
 - Determines GPU capabilities
-**Dependencies**: None
+  **Dependencies**: None
-**Environment Variables Used**: `var_gpu_type`, `var_gpu_devices`, `GPU_APPS`
+  **Environment Variables Used**: `var_gpu_type`, `var_gpu_devices`, `GPU_APPS`
 #### `configure_gpu_passthrough()`
 **Purpose**: Configure GPU passthrough for the container
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Adds GPU device entries to container config
 - Configures proper device permissions
 - Sets up device mapping
 - Updates /etc/pve/lxc/<ctid>.conf
-**Dependencies**: `detect_gpu_devices()`
+  **Dependencies**: `detect_gpu_devices()`
-**Environment Variables Used**: `var_gpu`, `var_gpu_type`, `var_gpu_devices`, `CTID`
+  **Environment Variables Used**: `var_gpu`, `var_gpu_type`, `var_gpu_devices`, `CTID`
 #### `fix_gpu_gids()`
 **Purpose**: Fix GPU group IDs after container creation
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Updates GPU group IDs in container
 - Ensures proper GPU access permissions
 - Configures video and render groups
-**Dependencies**: `configure_gpu_passthrough()`
+  **Dependencies**: `configure_gpu_passthrough()`
-**Environment Variables Used**: `CTID`, `var_gpu_type`
+  **Environment Variables Used**: `CTID`, `var_gpu_type`
 ### SSH Configuration Functions
 #### `configure_ssh_settings()`
 **Purpose**: Interactive SSH key and access configuration wizard
 **Parameters**:
 - `step_info` (optional): Step indicator string (e.g., "Step 17/19") for consistent dialog headers
  **Returns**: None
  **Side Effects**:
 - Creates temporary file for SSH keys
 - Discovers and presents available SSH keys from host
 - Allows manual key entry or folder/glob scanning
 - Sets `SSH` variable to "yes" or "no" based on user selection
 - Sets `SSH_AUTHORIZED_KEY` if manual key provided
 - Populates `SSH_KEYS_FILE` with selected keys
  **Dependencies**: `ssh_discover_default_files()`, `ssh_build_choices_from_files()`
  **Environment Variables Used**: `SSH`, `SSH_AUTHORIZED_KEY`, `SSH_KEYS_FILE`
 **SSH Key Source Options**:
 1. `found` - Select from auto-detected host keys
 2. `manual` - Paste a single public key
 3. `folder` - Scan custom folder or glob pattern
 4. `none` - No SSH keys
 **Note**: The "Enable root SSH access?" dialog is always shown, regardless of whether SSH keys or password are configured. This ensures users can always enable SSH access even with automatic login.
 #### `ssh_discover_default_files()`
 **Purpose**: Discover SSH public key files on the host system
 **Parameters**: None
 **Returns**: Array of discovered key file paths
 **Side Effects**: Scans common SSH key locations
 **Dependencies**: None
 **Environment Variables Used**: `var_ssh_import_glob`
 #### `ssh_build_choices_from_files()`
 **Purpose**: Build whiptail checklist choices from SSH key files
 **Parameters**:
 - Array of file paths to process
  **Returns**: None
  **Side Effects**:
 - Sets `CHOICES` array for whiptail checklist
 - Sets `COUNT` variable with number of keys found
 - Creates `MAPFILE` for key tag to content mapping
  **Dependencies**: None
  **Environment Variables Used**: `CHOICES`, `COUNT`, `MAPFILE`
 ### Settings Persistence Functions
 #### `default_var_settings()`
 **Purpose**: Offer to save current settings as defaults
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Prompts user to save settings
 - Saves to default.vars file
 - Saves to app-specific .vars file
-**Dependencies**: `maybe_offer_save_app_defaults()`
+  **Dependencies**: `maybe_offer_save_app_defaults()`
-**Environment Variables Used**: All configuration variables
+  **Environment Variables Used**: All configuration variables
 #### `maybe_offer_save_app_defaults()`
 **Purpose**: Offer to save app-specific defaults
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Prompts user to save app-specific settings
 - Saves to app.vars file
 - Updates app-specific configuration
-**Dependencies**: None
+  **Dependencies**: None
-**Environment Variables Used**: `APP`, `SAVE_APP_DEFAULTS`
+  **Environment Variables Used**: `APP`, `SAVE_APP_DEFAULTS`
 ### Utility Functions
 #### `validate_settings()`
 **Purpose**: Validate all configuration settings
 **Parameters**: None
 **Returns**: 0 if valid, 1 if invalid
 **Side Effects**:
 - Checks for configuration conflicts
 - Validates resource limits
 - Validates network configuration
 - Validates storage configuration
-**Dependencies**: None
+  **Dependencies**: None
-**Environment Variables Used**: All configuration variables
+  **Environment Variables Used**: All configuration variables
 #### `check_conflicts()`
 **Purpose**: Check for configuration conflicts
 **Parameters**: None
 **Returns**: 0 if no conflicts, 1 if conflicts found
 **Side Effects**:
 - Checks for conflicting settings
 - Validates resource allocation
 - Checks network configuration
-**Dependencies**: None
+  **Dependencies**: None
-**Environment Variables Used**: All configuration variables
+  **Environment Variables Used**: All configuration variables
 #### `cleanup_on_error()`
 **Purpose**: Clean up resources on error
 **Parameters**: None
 **Returns**: None
 **Side Effects**:
 - Removes partially created containers
 - Cleans up temporary files
 - Resets configuration
-**Dependencies**: None
+  **Dependencies**: None
-**Environment Variables Used**: `CTID`
+  **Environment Variables Used**: `CTID`
 ## Function Call Flow
 ### Main Installation Flow
 ```
 start()
 ├── variables()
@ -259,6 +347,7 @@ start()
 ```
 ### Error Handling Flow
 ```
 Error Detection
 ├── validate_settings()
@ -271,24 +360,29 @@ Error Detection
 ## Function Dependencies
 ### Core Dependencies
 - `start()` → `install_script()` → `build_container()` → `create_lxc_container()`
 - `variables()` → `base_settings()`
 - `advanced_settings()` → `select_storage()` → `detect_gpu_devices()`
 ### Storage Dependencies
 - `select_storage()` → `resolve_storage_preselect()`
 - `select_storage()` → `choose_and_set_storage_for_file()`
 ### GPU Dependencies
 - `configure_gpu_passthrough()` → `detect_gpu_devices()`
 - `fix_gpu_gids()` → `configure_gpu_passthrough()`
 ### Settings Dependencies
 - `default_var_settings()` → `maybe_offer_save_app_defaults()`
 ## Function Usage Examples
 ### Basic Container Creation
 ```bash
 # Set required variables
 export APP="plex"
@ -304,6 +398,7 @@ start()  # Entry point
 ```
 ### Advanced Configuration
 ```bash
 # Set advanced variables
 export var_os="debian"
@ -319,6 +414,7 @@ advanced_settings()  # Interactive configuration
 ```
 ### GPU Passthrough
 ```bash
 # Enable GPU passthrough
 export GPU_APPS="plex"
@ -331,6 +427,7 @@ fix_gpu_gids()  # Fix permissions
 ```
 ### Settings Persistence
 ```bash
 # Save settings as defaults
 export SAVE_DEFAULTS="true"
@ -344,15 +441,18 @@ maybe_offer_save_app_defaults()  # Save app defaults
 ## Function Error Handling
 ### Validation Functions
 - `validate_settings()`: Returns 0 for valid, 1 for invalid
 - `check_conflicts()`: Returns 0 for no conflicts, 1 for conflicts
 ### Error Recovery
 - `cleanup_on_error()`: Cleans up on any error
 - Error codes are propagated up the call stack
 - Critical errors cause script termination
 ### Error Types
 1. **Configuration Errors**: Invalid settings or conflicts
 2. **Resource Errors**: Insufficient resources or conflicts
 3. **Network Errors**: Invalid network configuration
--- a/docs/misc/build.func/README.md
+++ b/docs/misc/build.func/README.md
@ -6,6 +6,16 @@ This directory contains comprehensive documentation for the `build.func` script,
 ## Documentation Files
 ### 🎛️ [BUILD_FUNC_ADVANCED_SETTINGS.md](./BUILD_FUNC_ADVANCED_SETTINGS.md)
 Complete reference for the 28-step Advanced Settings wizard, including all configurable options and their inheritance behavior.
 **Contents:**
 - All 28 wizard steps explained
 - Default value inheritance
 - Feature matrix (when to enable each feature)
 - Confirmation summary format
 - Usage examples
 ### 📊 [BUILD_FUNC_FLOWCHART.md](./BUILD_FUNC_FLOWCHART.md)
 Visual ASCII flowchart showing the main execution flow, decision trees, and key decision points in the build.func script.
--- a/frontend/public/json/versions.json
+++ b/frontend/public/json/versions.json
@ -1,4 +1,79 @@
 [
  {
    "name": "openobserve/openobserve",
    "version": "v0.30.0-rc1",
    "date": "2025-12-08T11:46:24Z"
  },
  {
    "name": "ventoy/Ventoy",
    "version": "v1.1.08",
    "date": "2025-12-08T10:13:51Z"
  },
  {
    "name": "zitadel/zitadel",
    "version": "v4.7.1",
    "date": "2025-12-08T10:05:21Z"
  },
  {
    "name": "meilisearch/meilisearch",
    "version": "latest",
    "date": "2025-12-08T09:36:54Z"
  },
  {
    "name": "WGDashboard/WGDashboard",
    "version": "v4.3.0.2",
    "date": "2025-12-08T09:01:37Z"
  },
  {
    "name": "mattermost/mattermost",
    "version": "v10.11.8",
    "date": "2025-11-21T17:06:07Z"
  },
  {
    "name": "nzbgetcom/nzbget",
    "version": "v25.4",
    "date": "2025-10-09T10:27:01Z"
  },
  {
    "name": "morpheus65535/bazarr",
    "version": "v1.5.3",
    "date": "2025-09-20T12:12:33Z"
  },
  {
    "name": "Jackett/Jackett",
    "version": "v0.24.420",
    "date": "2025-12-08T05:55:34Z"
  },
  {
    "name": "firefly-iii/firefly-iii",
    "version": "v6.4.9",
    "date": "2025-11-28T20:36:20Z"
  },
  {
    "name": "documenso/documenso",
    "version": "v2.2.0",
    "date": "2025-12-08T03:33:34Z"
  },
  {
    "name": "chrisbenincasa/tunarr",
    "version": "v0.23.0-alpha.31",
    "date": "2025-12-08T02:39:59Z"
  },
  {
    "name": "jeedom/core",
    "version": "4.5",
    "date": "2025-12-08T00:27:05Z"
  },
  {
    "name": "steveiliop56/tinyauth",
    "version": "v4.1.0",
    "date": "2025-11-23T12:13:34Z"
  },
  {
    "name": "maxdorninger/MediaManager",
    "version": "v1.10.0",
    "date": "2025-12-07T23:41:51Z"
  },
  {
    "name": "Part-DB/Part-DB-server",
    "version": "v2.3.0",
@ -10,9 +85,9 @@
    "date": "2025-12-07T19:19:08Z"
  },
  {
-    "name": "firefly-iii/firefly-iii",
+    "name": "keycloak/keycloak",
-    "version": "v6.4.9",
+    "version": "26.4.7",
-    "date": "2025-11-28T20:36:20Z"
+    "date": "2025-12-01T08:14:11Z"
  },
  {
    "name": "seerr-team/seerr",
@ -24,16 +99,6 @@
    "version": "v1.15.5",
    "date": "2025-12-07T12:24:21Z"
  },
  {
    "name": "morpheus65535/bazarr",
    "version": "v1.5.3",
    "date": "2025-09-20T12:12:33Z"
  },
  {
    "name": "Jackett/Jackett",
    "version": "v0.24.415",
    "date": "2025-12-07T05:56:32Z"
  },
  {
    "name": "BerriAI/litellm",
    "version": "v1.80.8.rc.1",
@ -44,26 +109,11 @@
    "version": "v2.20.1",
    "date": "2025-12-07T01:14:23Z"
  },
  {
    "name": "steveiliop56/tinyauth",
    "version": "v4.1.0",
    "date": "2025-11-23T12:13:34Z"
  },
  {
    "name": "jeedom/core",
    "version": "4.5",
    "date": "2025-12-07T00:27:06Z"
  },
  {
    "name": "sysadminsmedia/homebox",
    "version": "v0.22.0-rc.2",
    "date": "2025-12-06T21:24:28Z"
  },
  {
    "name": "keycloak/keycloak",
    "version": "26.4.7",
    "date": "2025-12-01T08:14:11Z"
  },
  {
    "name": "Koenkk/zigbee2mqtt",
    "version": "2.7.1",
@ -134,11 +184,6 @@
    "version": "v2.1.1",
    "date": "2025-12-05T23:48:08Z"
  },
  {
    "name": "chrisbenincasa/tunarr",
    "version": "v0.23.0-alpha.30",
    "date": "2025-12-05T21:23:38Z"
  },
  {
    "name": "home-assistant/core",
    "version": "2025.12.1",
@ -199,11 +244,6 @@
    "version": "2025.11.4",
    "date": "2025-12-05T03:54:58Z"
  },
  {
    "name": "documenso/documenso",
    "version": "v2.2.4",
    "date": "2025-12-05T01:23:23Z"
  },
  {
    "name": "transmission/transmission",
    "version": "4.0.1-beta.1",
@ -299,11 +339,6 @@
    "version": "v25.11.5",
    "date": "2025-12-03T14:51:03Z"
  },
  {
    "name": "meilisearch/meilisearch",
    "version": "latest",
    "date": "2025-12-03T14:19:01Z"
  },
  {
    "name": "Graylog2/graylog2-server",
    "version": "6.2.10",
@ -319,16 +354,6 @@
    "version": "v0.104.0",
    "date": "2025-12-03T06:48:38Z"
  },
  {
    "name": "mattermost/mattermost",
    "version": "v10.11.8",
    "date": "2025-11-21T17:06:07Z"
  },
  {
    "name": "openobserve/openobserve",
    "version": "v0.20.2",
    "date": "2025-12-03T02:20:57Z"
  },
  {
    "name": "hyperion-project/hyperion.ng",
    "version": "2.1.1",
@ -389,11 +414,6 @@
    "version": "jenkins-2.540",
    "date": "2025-12-02T16:56:49Z"
  },
  {
    "name": "nzbgetcom/nzbget",
    "version": "v25.4",
    "date": "2025-10-09T10:27:01Z"
  },
  {
    "name": "docker/compose",
    "version": "v5.0.0",
@ -869,11 +889,6 @@
    "version": "4.10.1",
    "date": "2025-11-15T04:36:48Z"
  },
  {
    "name": "zitadel/zitadel",
    "version": "v4.7.0",
    "date": "2025-11-14T09:45:13Z"
  },
  {
    "name": "runtipi/runtipi",
    "version": "v4.6.5",
@ -999,11 +1014,6 @@
    "version": "v3.0.9",
    "date": "2025-11-04T07:28:45Z"
  },
  {
    "name": "maxdorninger/MediaManager",
    "version": "v1.9.1",
    "date": "2025-11-02T21:14:50Z"
  },
  {
    "name": "motioneye-project/motioneye",
    "version": "0.42.1",
@ -1179,11 +1189,6 @@
    "version": "v0.23.0",
    "date": "2025-09-17T10:15:51Z"
  },
  {
    "name": "WGDashboard/WGDashboard",
    "version": "v4.3.0.1",
    "date": "2025-09-17T08:50:39Z"
  },
  {
    "name": "Checkmk/checkmk",
    "version": "v2.4.0p12",
@ -1249,11 +1254,6 @@
    "version": "0.6.25",
    "date": "2025-08-24T08:51:55Z"
  },
  {
    "name": "ventoy/Ventoy",
    "version": "v1.1.07",
    "date": "2025-08-18T16:13:54Z"
  },
  {
    "name": "lldap/lldap",
    "version": "v0.6.2",
--- a/misc/build.func
+++ b/misc/build.func
@ -453,7 +453,7 @@ load_vars_file() {
  # Allowed var_* keys
  local VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_keyctl
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu var_keyctl
    var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
    var_net var_nesting var_ns var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
    var_verbose var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
@ -505,7 +505,7 @@ default_var_settings() {
  # Allowed var_* keys (alphabetically sorted)
  # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
  local VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_keyctl
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu var_keyctl
    var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
    var_net var_nesting var_ns var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
    var_verbose var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
@ -667,7 +667,7 @@ get_app_defaults_path() {
 if ! declare -p VAR_WHITELIST >/dev/null 2>&1; then
  # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
  declare -ag VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu
    var_gateway var_hostname var_ipv6_method var_mac var_mtu
    var_net var_ns var_pw var_ram var_tags var_tun var_unprivileged
    var_verbose var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
@ -816,6 +816,7 @@ _build_current_app_vars_tmp() {
  _apt_cacher_ip="${APT_CACHER_IP:-}"
  _fuse="${ENABLE_FUSE:-no}"
  _tun="${ENABLE_TUN:-no}"
  _gpu="${ENABLE_GPU:-no}"
  _nesting="${ENABLE_NESTING:-1}"
  _keyctl="${ENABLE_KEYCTL:-0}"
  _mknod="${ENABLE_MKNOD:-0}"
@ -865,6 +866,7 @@ _build_current_app_vars_tmp() {
    [ -n "$_fuse" ] && echo "var_fuse=$(_sanitize_value "$_fuse")"
    [ -n "$_tun" ] && echo "var_tun=$(_sanitize_value "$_tun")"
    [ -n "$_gpu" ] && echo "var_gpu=$(_sanitize_value "$_gpu")"
    [ -n "$_nesting" ] && echo "var_nesting=$(_sanitize_value "$_nesting")"
    [ -n "$_keyctl" ] && echo "var_keyctl=$(_sanitize_value "$_keyctl")"
    [ -n "$_mknod" ] && echo "var_mknod=$(_sanitize_value "$_mknod")"
@ -1011,37 +1013,49 @@ advanced_settings() {
  # Initialize defaults
  TAGS="community-script;${var_tags:-}"
  local STEP=1
-  local MAX_STEP=19
+  local MAX_STEP=28
-  # Store values for back navigation
+  # Store values for back navigation - inherit from var_* app defaults
-  local _ct_type="${CT_TYPE:-1}"
+  local _ct_type="${var_unprivileged:-1}"
  local _pw=""
  local _pw_display="Automatic Login"
  local _ct_id="$NEXTID"
  local _hostname="$NSAPP"
-  local _disk_size="$var_disk"
+  local _disk_size="${var_disk:-4}"
-  local _core_count="$var_cpu"
+  local _core_count="${var_cpu:-1}"
-  local _ram_size="$var_ram"
+  local _ram_size="${var_ram:-1024}"
-  local _bridge="vmbr0"
+  local _bridge="${var_brg:-vmbr0}"
-  local _net="dhcp"
+  local _net="${var_net:-dhcp}"
-  local _gate=""
+  local _gate="${var_gateway:-}"
-  local _ipv6_method="auto"
+  local _ipv6_method="${var_ipv6_method:-auto}"
  local _ipv6_addr=""
  local _ipv6_gate=""
-  local _apt_cacher_ip=""
+  local _apt_cacher="${var_apt_cacher:-no}"
-  local _mtu=""
+  local _apt_cacher_ip="${var_apt_cacher_ip:-}"
-  local _sd=""
+  local _mtu="${var_mtu:-}"
-  local _ns=""
+  local _sd="${var_searchdomain:-}"
-  local _mac=""
+  local _ns="${var_ns:-}"
-  local _vlan=""
+  local _mac="${var_mac:-}"
  local _vlan="${var_vlan:-}"
  local _tags="$TAGS"
-  local _enable_fuse="no"
+  local _enable_fuse="${var_fuse:-no}"
-  local _verbose="no"
+  local _enable_tun="${var_tun:-no}"
-  local _enable_keyctl="0"
+  local _enable_gpu="${var_gpu:-no}"
-  local _enable_mknod="0"
+  local _enable_nesting="${var_nesting:-1}"
-  local _mount_fs=""
+  local _verbose="${var_verbose:-no}"
-  local _protect_ct="no"
+  local _enable_keyctl="${var_keyctl:-0}"
-  local _ct_timezone=""
+  local _enable_mknod="${var_mknod:-0}"
  local _mount_fs="${var_mount_fs:-}"
  local _protect_ct="${var_protection:-no}"
  # Detect host timezone for default (if not set via var_timezone)
  local _host_timezone=""
  if command -v timedatectl >/dev/null 2>&1; then
    _host_timezone=$(timedatectl show --value --property=Timezone 2>/dev/null || echo "")
  elif [ -f /etc/timezone ]; then
    _host_timezone=$(cat /etc/timezone 2>/dev/null || echo "")
  fi
  local _ct_timezone="${var_timezone:-$_host_timezone}"
  # Helper to show current progress
  show_progress() {
@ -1491,20 +1505,23 @@ advanced_settings() {
    # STEP 17: SSH Settings
    # ═══════════════════════════════════════════════════════════════════════════
    17)
-      configure_ssh_settings
+      configure_ssh_settings "Step $STEP/$MAX_STEP"
      # configure_ssh_settings handles its own flow, always advance
      ((STEP++))
      ;;
    # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 18: FUSE & Verbose Mode
+    # STEP 18: FUSE Support
    # ═══════════════════════════════════════════════════════════════════════════
    18)
      local fuse_default_flag="--defaultno"
      [[ "$_enable_fuse" == "yes" || "$_enable_fuse" == "1" ]] && fuse_default_flag=""
      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
        --title "FUSE SUPPORT" \
        --ok-button "Next" --cancel-button "Back" \
-        --defaultno \
+        $fuse_default_flag \
-        --yesno "\nEnable FUSE support?\n\nRequired for: rclone, mergerfs, AppImage, etc." 12 58; then
+        --yesno "\nEnable FUSE support?\n\nRequired for: rclone, mergerfs, AppImage, etc.\n\n(App default: ${var_fuse:-no})" 14 58; then
        _enable_fuse="yes"
      else
        if [ $? -eq 1 ]; then
@ -1514,26 +1531,255 @@ advanced_settings() {
          continue
        fi
      fi
      ((STEP++))
      ;;
    # ═══════════════════════════════════════════════════════════════════════════
    # STEP 19: TUN/TAP Support
    # ═══════════════════════════════════════════════════════════════════════════
    19)
      local tun_default_flag="--defaultno"
      [[ "$_enable_tun" == "yes" || "$_enable_tun" == "1" ]] && tun_default_flag=""
      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
-        --title "VERBOSE MODE" \
+        --title "TUN/TAP SUPPORT" \
-        --defaultno \
+        --ok-button "Next" --cancel-button "Back" \
-        --yesno "\nEnable Verbose Mode?\n\nShows detailed output during installation." 12 58; then
+        $tun_default_flag \
-        _verbose="yes"
+        --yesno "\nEnable TUN/TAP device support?\n\nRequired for: VPN apps (WireGuard, OpenVPN, Tailscale),\nnetwork tunneling, and containerized networking.\n\n(App default: ${var_tun:-no})" 14 62; then
        _enable_tun="yes"
      else
-        _verbose="no"
+        if [ $? -eq 1 ]; then
          _enable_tun="no"
        else
          ((STEP--))
          continue
        fi
      fi
      ((STEP++))
      ;;
    # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 19: Confirmation
+    # STEP 20: Nesting Support
    # ═══════════════════════════════════════════════════════════════════════════
-    19)
+    20)
      local nesting_default_flag=""
      [[ "$_enable_nesting" == "0" || "$_enable_nesting" == "no" ]] && nesting_default_flag="--defaultno"
      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
        --title "NESTING SUPPORT" \
        --ok-button "Next" --cancel-button "Back" \
        $nesting_default_flag \
        --yesno "\nEnable Nesting?\n\nRequired for: Docker, LXC inside LXC, Podman,\nand other containerization tools.\n\n(App default: ${var_nesting:-1})" 14 58; then
        _enable_nesting="1"
      else
        if [ $? -eq 1 ]; then
          _enable_nesting="0"
        else
          ((STEP--))
          continue
        fi
      fi
      ((STEP++))
      ;;
    # ═══════════════════════════════════════════════════════════════════════════
    # STEP 21: GPU Passthrough
    # ═══════════════════════════════════════════════════════════════════════════
    21)
      local gpu_default_flag="--defaultno"
      [[ "$_enable_gpu" == "yes" ]] && gpu_default_flag=""
      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
        --title "GPU PASSTHROUGH" \
        --ok-button "Next" --cancel-button "Back" \
        $gpu_default_flag \
        --yesno "\nEnable GPU Passthrough?\n\nAutomatically detects and passes through available GPUs\n(Intel/AMD/NVIDIA) for hardware acceleration.\n\nRecommended for: Media servers, AI/ML, Transcoding\n\n(App default: ${var_gpu:-no})" 16 62; then
        _enable_gpu="yes"
      else
        if [ $? -eq 1 ]; then
          _enable_gpu="no"
        else
          ((STEP--))
          continue
        fi
      fi
      ((STEP++))
      ;;
    # ═══════════════════════════════════════════════════════════════════════════
    # STEP 22: Keyctl Support (Docker/systemd)
    # ═══════════════════════════════════════════════════════════════════════════
    22)
      local keyctl_default_flag="--defaultno"
      [[ "$_enable_keyctl" == "1" ]] && keyctl_default_flag=""
      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
        --title "KEYCTL SUPPORT" \
        --ok-button "Next" --cancel-button "Back" \
        $keyctl_default_flag \
        --yesno "\nEnable Keyctl support?\n\nRequired for: Docker containers, systemd-networkd,\nand kernel keyring operations.\n\nNote: Automatically enabled for unprivileged containers.\n\n(App default: ${var_keyctl:-0})" 16 62; then
        _enable_keyctl="1"
      else
        if [ $? -eq 1 ]; then
          _enable_keyctl="0"
        else
          ((STEP--))
          continue
        fi
      fi
      ((STEP++))
      ;;
    # ═══════════════════════════════════════════════════════════════════════════
    # STEP 23: APT Cacher Proxy
    # ═══════════════════════════════════════════════════════════════════════════
    23)
      local apt_cacher_default_flag="--defaultno"
      [[ "$_apt_cacher" == "yes" ]] && apt_cacher_default_flag=""
      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
        --title "APT CACHER PROXY" \
        --ok-button "Next" --cancel-button "Back" \
        $apt_cacher_default_flag \
        --yesno "\nUse APT Cacher-NG proxy?\n\nSpeeds up package downloads by caching them locally.\nRequires apt-cacher-ng running on your network.\n\n(App default: ${var_apt_cacher:-no})" 14 62; then
        _apt_cacher="yes"
        # Ask for IP if enabled
        if result=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
          --title "APT CACHER IP" \
          --inputbox "\nEnter APT Cacher-NG server IP address:" 10 58 "$_apt_cacher_ip" \
          3>&1 1>&2 2>&3); then
          _apt_cacher_ip="$result"
        fi
      else
        if [ $? -eq 1 ]; then
          _apt_cacher="no"
          _apt_cacher_ip=""
        else
          ((STEP--))
          continue
        fi
      fi
      ((STEP++))
      ;;
    # ═══════════════════════════════════════════════════════════════════════════
    # STEP 24: Container Timezone
    # ═══════════════════════════════════════════════════════════════════════════
    24)
      local tz_hint="$_ct_timezone"
      [[ -z "$tz_hint" ]] && tz_hint="(empty - will use host timezone)"
      if result=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
        --title "CONTAINER TIMEZONE" \
        --ok-button "Next" --cancel-button "Back" \
        --inputbox "\nSet container timezone.\n\nExamples: Europe/Berlin, America/New_York, Asia/Tokyo\n\nHost timezone: ${_host_timezone:-unknown}\n\nLeave empty to inherit from host." 16 62 "$_ct_timezone" \
        3>&1 1>&2 2>&3); then
        _ct_timezone="$result"
        ((STEP++))
      else
        ((STEP--))
      fi
      ;;
    # ═══════════════════════════════════════════════════════════════════════════
    # STEP 25: Container Protection
    # ═══════════════════════════════════════════════════════════════════════════
    25)
      local protect_default_flag="--defaultno"
      [[ "$_protect_ct" == "yes" || "$_protect_ct" == "1" ]] && protect_default_flag=""
      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
        --title "CONTAINER PROTECTION" \
        --ok-button "Next" --cancel-button "Back" \
        $protect_default_flag \
        --yesno "\nEnable Container Protection?\n\nPrevents accidental deletion of this container.\nYou must disable protection before removing.\n\n(App default: ${var_protection:-no})" 14 62; then
        _protect_ct="yes"
      else
        if [ $? -eq 1 ]; then
          _protect_ct="no"
        else
          ((STEP--))
          continue
        fi
      fi
      ((STEP++))
      ;;
    # ═══════════════════════════════════════════════════════════════════════════
    # STEP 26: Device Node Creation (mknod)
    # ═══════════════════════════════════════════════════════════════════════════
    26)
      local mknod_default_flag="--defaultno"
      [[ "$_enable_mknod" == "1" ]] && mknod_default_flag=""
      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
        --title "DEVICE NODE CREATION" \
        --ok-button "Next" --cancel-button "Back" \
        $mknod_default_flag \
        --yesno "\nAllow device node creation (mknod)?\n\nRequired for: Creating device files inside container.\nExperimental feature (requires kernel 5.3+).\n\n(App default: ${var_mknod:-0})" 14 62; then
        _enable_mknod="1"
      else
        if [ $? -eq 1 ]; then
          _enable_mknod="0"
        else
          ((STEP--))
          continue
        fi
      fi
      ((STEP++))
      ;;
    # ═══════════════════════════════════════════════════════════════════════════
    # STEP 27: Mount Filesystems
    # ═══════════════════════════════════════════════════════════════════════════
    27)
      local mount_hint=""
      [[ -n "$_mount_fs" ]] && mount_hint="$_mount_fs" || mount_hint="(none)"
      if result=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
        --title "MOUNT FILESYSTEMS" \
        --ok-button "Next" --cancel-button "Back" \
        --inputbox "\nAllow specific filesystem mounts.\n\nComma-separated list: nfs, cifs, fuse, ext4, etc.\nLeave empty for defaults (none).\n\nCurrent: $mount_hint" 14 62 "$_mount_fs" \
        3>&1 1>&2 2>&3); then
        _mount_fs="$result"
        ((STEP++))
      else
        ((STEP--))
      fi
      ;;
    # ═══════════════════════════════════════════════════════════════════════════
    # STEP 28: Verbose Mode & Confirmation
    # ═══════════════════════════════════════════════════════════════════════════
    28)
      local verbose_default_flag="--defaultno"
      [[ "$_verbose" == "yes" ]] && verbose_default_flag=""
      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
        --title "VERBOSE MODE" \
        $verbose_default_flag \
        --yesno "\nEnable Verbose Mode?\n\nShows detailed output during installation." 12 58; then
        _verbose="yes"
      else
        _verbose="no"
      fi
      # Build summary
      local ct_type_desc="Unprivileged"
      [[ "$_ct_type" == "0" ]] && ct_type_desc="Privileged"
      local nesting_desc="Disabled"
      [[ "$_enable_nesting" == "1" ]] && nesting_desc="Enabled"
      local keyctl_desc="Disabled"
      [[ "$_enable_keyctl" == "1" ]] && keyctl_desc="Enabled"
      local protect_desc="No"
      [[ "$_protect_ct" == "yes" || "$_protect_ct" == "1" ]] && protect_desc="Yes"
      local tz_display="${_ct_timezone:-Host TZ}"
      local apt_display="${_apt_cacher:-no}"
      [[ "$_apt_cacher" == "yes" && -n "$_apt_cacher_ip" ]] && apt_display="$_apt_cacher_ip"
      local summary="Container Type: $ct_type_desc
 Container ID: $_ct_id
 Hostname: $_hostname
@ -1548,14 +1794,20 @@ Network:
  IPv4: $_net
  IPv6: $_ipv6_method
-Options:
+Features:
-  FUSE: $_enable_fuse
+  FUSE: $_enable_fuse | TUN: $_enable_tun
  Nesting: $nesting_desc | Keyctl: $keyctl_desc
  GPU: $_enable_gpu | Protection: $protect_desc
 Advanced:
  Timezone: $tz_display
  APT Cacher: $apt_display
  Verbose: $_verbose"
      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
        --title "CONFIRM SETTINGS" \
        --ok-button "Create LXC" --cancel-button "Back" \
-        --yesno "$summary\n\nCreate ${APP} LXC with these settings?" 26 58; then
+        --yesno "$summary\n\nCreate ${APP} LXC with these settings?" 32 62; then
        ((STEP++))
      else
        ((STEP--))
@ -1582,8 +1834,31 @@ Options:
  IPV6_GATE="$_ipv6_gate"
  TAGS="$_tags"
  ENABLE_FUSE="$_enable_fuse"
  ENABLE_TUN="$_enable_tun"
  ENABLE_GPU="$_enable_gpu"
  ENABLE_NESTING="$_enable_nesting"
  ENABLE_KEYCTL="$_enable_keyctl"
  ENABLE_MKNOD="$_enable_mknod"
  ALLOW_MOUNT_FS="$_mount_fs"
  PROTECT_CT="$_protect_ct"
  CT_TIMEZONE="$_ct_timezone"
  APT_CACHER="$_apt_cacher"
  APT_CACHER_IP="$_apt_cacher_ip"
  VERBOSE="$_verbose"
  # Update var_* based on user choice (for functions that check these)
  var_gpu="$_enable_gpu"
  var_fuse="$_enable_fuse"
  var_tun="$_enable_tun"
  var_nesting="$_enable_nesting"
  var_keyctl="$_enable_keyctl"
  var_mknod="$_enable_mknod"
  var_mount_fs="$_mount_fs"
  var_protection="$_protect_ct"
  var_timezone="$_ct_timezone"
  var_apt_cacher="$_apt_cacher"
  var_apt_cacher_ip="$_apt_cacher_ip"
  # Format optional values
  [[ -n "$_mtu" ]] && MTU=",mtu=$_mtu" || MTU=""
  [[ -n "$_sd" ]] && SD="-searchdomain=$_sd" || SD=""
@ -1600,6 +1875,10 @@ Options:
  export UDHCPC_FIX
  export SSH_KEYS_FILE
  # Exit alternate screen buffer before showing summary (so output remains visible)
  tput rmcup 2>/dev/null || true
  trap - RETURN
  # Display final summary
  echo -e "\n${INFO}${BOLD}${DGN}PVE Version ${PVEVERSION} (Kernel: ${KERNEL_VERSION})${CL}"
  echo -e "${OS}${BOLD}${DGN}Operating System: ${BGN}$var_os${CL}"
@ -1614,6 +1893,13 @@ Options:
  echo -e "${NETWORK}${BOLD}${DGN}IPv4: ${BGN}$NET${CL}"
  echo -e "${NETWORK}${BOLD}${DGN}IPv6: ${BGN}$IPV6_METHOD${CL}"
  echo -e "${FUSE}${BOLD}${DGN}FUSE Support: ${BGN}$ENABLE_FUSE${CL}"
  [[ "$ENABLE_TUN" == "yes" ]] && echo -e "${NETWORK}${BOLD}${DGN}TUN/TAP Support: ${BGN}$ENABLE_TUN${CL}"
  echo -e "${CONTAINERTYPE}${BOLD}${DGN}Nesting: ${BGN}$([ "$ENABLE_NESTING" == "1" ] && echo "Enabled" || echo "Disabled")${CL}"
  [[ "$ENABLE_KEYCTL" == "1" ]] && echo -e "${CONTAINERTYPE}${BOLD}${DGN}Keyctl: ${BGN}Enabled${CL}"
  echo -e "${GPU}${BOLD}${DGN}GPU Passthrough: ${BGN}$ENABLE_GPU${CL}"
  [[ "$PROTECT_CT" == "yes" || "$PROTECT_CT" == "1" ]] && echo -e "${CONTAINERTYPE}${BOLD}${DGN}Protection: ${BGN}Enabled${CL}"
  [[ -n "$CT_TIMEZONE" ]] && echo -e "${INFO}${BOLD}${DGN}Timezone: ${BGN}$CT_TIMEZONE${CL}"
  [[ "$APT_CACHER" == "yes" ]] && echo -e "${INFO}${BOLD}${DGN}APT Cacher: ${BGN}$APT_CACHER_IP${CL}"
  echo -e "${SEARCH}${BOLD}${DGN}Verbose Mode: ${BGN}$VERBOSE${CL}"
  echo -e "${CREATING}${BOLD}${RD}Creating a ${APP} LXC using the above advanced settings${CL}"
 }
@ -1736,6 +2022,9 @@ echo_default() {
  echo -e "${DISKSIZE}${BOLD}${DGN}Disk Size: ${BGN}${DISK_SIZE} GB${CL}"
  echo -e "${CPUCORE}${BOLD}${DGN}CPU Cores: ${BGN}${CORE_COUNT}${CL}"
  echo -e "${RAMSIZE}${BOLD}${DGN}RAM Size: ${BGN}${RAM_SIZE} MiB${CL}"
  if [[ -n "${var_gpu:-}" && "${var_gpu}" == "yes" ]]; then
    echo -e "${GPU}${BOLD}${DGN}GPU Passthrough: ${BGN}Enabled${CL}"
  fi
  if [ "$VERBOSE" == "yes" ]; then
    echo -e "${SEARCH}${BOLD}${DGN}Verbose Mode: ${BGN}Enabled${CL}"
  fi
@ -2076,6 +2365,10 @@ ssh_discover_default_files() {
 }
 configure_ssh_settings() {
  local step_info="${1:-}"
  local backtitle="Proxmox VE Helper Scripts"
  [[ -n "$step_info" ]] && backtitle="Proxmox VE Helper Scripts [${step_info}]"
  SSH_KEYS_FILE="$(mktemp)"
  : >"$SSH_KEYS_FILE"
@ -2085,14 +2378,14 @@ configure_ssh_settings() {
  local ssh_key_mode
  if [[ "$default_key_count" -gt 0 ]]; then
-    ssh_key_mode=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "SSH KEY SOURCE" --menu \
+    ssh_key_mode=$(whiptail --backtitle "$backtitle" --title "SSH KEY SOURCE" --menu \
      "Provision SSH keys for root:" 14 72 4 \
      "found" "Select from detected keys (${default_key_count})" \
      "manual" "Paste a single public key" \
      "folder" "Scan another folder (path or glob)" \
      "none" "No keys" 3>&1 1>&2 2>&3) || exit_script
  else
-    ssh_key_mode=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "SSH KEY SOURCE" --menu \
+    ssh_key_mode=$(whiptail --backtitle "$backtitle" --title "SSH KEY SOURCE" --menu \
      "No host keys detected; choose manual/none:" 12 72 2 \
      "manual" "Paste a single public key" \
      "none" "No keys" 3>&1 1>&2 2>&3) || exit_script
@ -2101,7 +2394,7 @@ configure_ssh_settings() {
  case "$ssh_key_mode" in
  found)
    local selection
-    selection=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "SELECT HOST KEYS" \
+    selection=$(whiptail --backtitle "$backtitle" --title "SELECT HOST KEYS" \
      --checklist "Select one or more keys to import:" 20 140 10 "${CHOICES[@]}" 3>&1 1>&2 2>&3) || exit_script
    for tag in $selection; do
      tag="${tag%\"}"
@ -2112,13 +2405,13 @@ configure_ssh_settings() {
    done
    ;;
  manual)
-    SSH_AUTHORIZED_KEY="$(whiptail --backtitle "Proxmox VE Helper Scripts" \
+    SSH_AUTHORIZED_KEY="$(whiptail --backtitle "$backtitle" \
      --inputbox "Paste one SSH public key line (ssh-ed25519/ssh-rsa/...)" 10 72 --title "SSH Public Key" 3>&1 1>&2 2>&3)"
    [[ -n "$SSH_AUTHORIZED_KEY" ]] && printf '%s\n' "$SSH_AUTHORIZED_KEY" >>"$SSH_KEYS_FILE"
    ;;
  folder)
    local glob_path
-    glob_path=$(whiptail --backtitle "Proxmox VE Helper Scripts" \
+    glob_path=$(whiptail --backtitle "$backtitle" \
      --inputbox "Enter a folder or glob to scan (e.g. /root/.ssh/*.pub)" 10 72 --title "Scan Folder/Glob" 3>&1 1>&2 2>&3)
    if [[ -n "$glob_path" ]]; then
      shopt -s nullglob
@ -2128,7 +2421,7 @@ configure_ssh_settings() {
        ssh_build_choices_from_files "${_scan_files[@]}"
        if [[ "$COUNT" -gt 0 ]]; then
          local folder_selection
-          folder_selection=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "SELECT FOLDER KEYS" \
+          folder_selection=$(whiptail --backtitle "$backtitle" --title "SELECT FOLDER KEYS" \
            --checklist "Select key(s) to import:" 20 78 10 "${CHOICES[@]}" 3>&1 1>&2 2>&3) || exit_script
          for tag in $folder_selection; do
            tag="${tag%\"}"
@ -2138,10 +2431,10 @@ configure_ssh_settings() {
            [[ -n "$line" ]] && printf '%s\n' "$line" >>"$SSH_KEYS_FILE"
          done
        else
-          whiptail --backtitle "Proxmox VE Helper Scripts" --msgbox "No keys found in: $glob_path" 8 60
+          whiptail --backtitle "$backtitle" --msgbox "No keys found in: $glob_path" 8 60
        fi
      else
-        whiptail --backtitle "Proxmox VE Helper Scripts" --msgbox "Path/glob returned no files." 8 60
+        whiptail --backtitle "$backtitle" --msgbox "Path/glob returned no files." 8 60
      fi
    fi
    ;;
@ -2155,12 +2448,9 @@ configure_ssh_settings() {
    printf '\n' >>"$SSH_KEYS_FILE"
  fi
-  if [[ -s "$SSH_KEYS_FILE" || "$PW" == -password* ]]; then
+  # Always show SSH access dialog - user should be able to enable SSH even without keys
-    if (whiptail --backtitle "Proxmox VE Helper Scripts" --defaultno --title "SSH ACCESS" --yesno "Enable root SSH access?" 10 58); then
+  if (whiptail --backtitle "$backtitle" --defaultno --title "SSH ACCESS" --yesno "Enable root SSH access?" 10 58); then
-      SSH="yes"
+    SSH="yes"
    else
      SSH="no"
    fi
  else
    SSH="no"
  fi
@ -2278,15 +2568,23 @@ build_container() {
  none) ;;
  esac
-  # Build FEATURES string
+  # Build FEATURES string based on container type and user choices
-  if [ "$CT_TYPE" == "1" ]; then
+  FEATURES=""
-    FEATURES="keyctl=1,nesting=1"
+
-  else
+  # Nesting support (user configurable, default enabled)
  if [ "${ENABLE_NESTING:-1}" == "1" ]; then
    FEATURES="nesting=1"
  fi
  # Keyctl for unprivileged containers (needed for Docker)
  if [ "$CT_TYPE" == "1" ]; then
    [ -n "$FEATURES" ] && FEATURES="$FEATURES,"
    FEATURES="${FEATURES}keyctl=1"
  fi
  if [ "$ENABLE_FUSE" == "yes" ]; then
-    FEATURES="$FEATURES,fuse=1"
+    [ -n "$FEATURES" ] && FEATURES="$FEATURES,"
    FEATURES="${FEATURES}fuse=1"
  fi
  # Build PCT_OPTIONS as string for export
@ -2387,21 +2685,15 @@ build_container() {
  # GPU/USB PASSTHROUGH CONFIGURATION
  # ============================================================================
-  # List of applications that benefit from GPU acceleration
+  # Check if GPU passthrough is enabled
-  GPU_APPS=(
+  # Returns true only if var_gpu is explicitly set to "yes"
-    "immich" "channels" "emby" "ersatztv" "frigate"
+  # Can be set via:
-    "jellyfin" "plex" "scrypted" "tdarr" "unmanic"
+  #   - Environment variable: var_gpu=yes bash -c "..."
-    "ollama" "fileflows" "open-webui" "tunarr"
+  #   - CT script default: var_gpu="${var_gpu:-no}"
-    "handbrake" "sunshine" "moonlight" "kodi" "stremio"
+  #   - Advanced settings wizard
-    "viseron"
+  #   - App defaults file: /usr/local/community-scripts/defaults/<app>.vars
  )
  # Check if app needs GPU
  is_gpu_app() {
-    local app="${1,,}"
+    [[ "${var_gpu:-no}" == "yes" ]] && return 0
    for gpu_app in "${GPU_APPS[@]}"; do
      [[ "$app" == "${gpu_app,,}" ]] && return 0
    done
    return 1
  }
@ -2491,8 +2783,13 @@ EOF
  # Configure GPU passthrough
  configure_gpu_passthrough() {
-    # Skip if not a GPU app and not privileged
+    # Skip if:
-    if [[ "$CT_TYPE" != "0" ]] && ! is_gpu_app "$APP"; then
+    # GPU passthrough is enabled when var_gpu="yes":
    # - Set via environment variable: var_gpu=yes bash -c "..."
    # - Set in CT script: var_gpu="${var_gpu:-no}"
    # - Enabled in advanced_settings wizard
    # - Configured in app defaults file
    if ! is_gpu_app "$APP"; then
      return 0
    fi
--- a/misc/core.func
+++ b/misc/core.func
@ -123,6 +123,7 @@ icons() {
  CREATING="${TAB}🚀${TAB}${CL}"
  ADVANCED="${TAB}🧩${TAB}${CL}"
  FUSE="${TAB}🗂️${TAB}${CL}"
  GPU="${TAB}🎮${TAB}${CL}"
  HOURGLASS="${TAB}⏳${TAB}"
 }
Author	SHA1	Message	Date
CanbiZ	b83ac2b7a5	fix: pre-fill timezone with host timezone in advanced settings	2025-12-08 14:51:57 +01:00
CanbiZ	6bf6da09c5	feat: complete advanced settings with all var_* options Advanced Settings Wizard (28 steps): - Step 18: FUSE Support (inherits var_fuse) - Step 19: TUN/TAP Support (inherits var_tun) - Step 20: Nesting Support (inherits var_nesting) - Step 21: GPU Passthrough (inherits var_gpu) - Step 22: Keyctl Support (inherits var_keyctl) - Step 23: APT Cacher Proxy (inherits var_apt_cacher/var_apt_cacher_ip) - Step 24: Container Timezone (inherits var_timezone) - Step 25: Container Protection (inherits var_protection) - Step 26: Device Node Creation (inherits var_mknod) - Step 27: Mount Filesystems (inherits var_mount_fs) - Step 28: Verbose Mode & Confirmation All var_* from CT scripts now pre-populate wizard fields with '(App default: X)' hints. Documentation: - New BUILD_FUNC_ADVANCED_SETTINGS.md with full wizard reference - Updated BUILD_FUNC_ENVIRONMENT_VARIABLES.md with all feature flags - Updated README.md with new documentation link	2025-12-08 14:41:48 +01:00
CanbiZ	8b94082ece	feat: inherit app defaults in advanced settings wizard - All var_* values from CT scripts now pre-populate wizard fields - Added TUN/TAP support step (Step 19) with var_tun default - Added Nesting support step (Step 20) with var_nesting default - FUSE, GPU, Verbose now show '(App default: X)' hints - Nesting feature now user-configurable (was hardcoded) - MAX_STEP increased from 20 to 22 - All feature flags (FUSE, TUN, GPU, Nesting) saved to app defaults - Summary shows all features including TUN and Nesting status	2025-12-08 14:36:44 +01:00
community-scripts-pr-app[bot]	f95cc5a7ad	Update CHANGELOG.md (#9775 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2025-12-08 13:20:30 +00:00
CanbiZ	3fb9d02f36	fix: always show SSH access dialog in advanced settings (#9765 ) - SSH access dialog is now always displayed regardless of password or SSH keys - Added step indicator to SSH settings dialogs for consistency - configure_ssh_settings() now accepts optional step_info parameter - Updated documentation for SSH configuration functions Fixes #9753	2025-12-08 14:20:05 +01:00
community-scripts-pr-app[bot]	a748be9a1f	Update CHANGELOG.md (#9774 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2025-12-08 12:52:51 +00:00
CanbiZ	4d4ced6b63	feat: Add var_gpu flag for GPU passthrough configuration (#9764 ) * feat: Add var_gpu flag for GPU passthrough configuration Changes: - Add var_gpu variable to CT scripts for explicit GPU control - Remove hardcoded GPU_APPS list - GPU detection now uses var_gpu flag - Add var_gpu to VAR_WHITELIST for persistence in default.vars and app.vars - Add GPU Passthrough option (Step 19) to advanced_settings wizard (now 20 steps) - Update documentation Apps with var_gpu=yes (GPU enabled by default): - Media: jellyfin, plex, emby, channels, ersatztv, tunarr - Transcoding: tdarr, unmanic, fileflows - AI/ML: ollama, openwebui - NVR: frigate, immich Usage: - Disable GPU: var_gpu=no bash -c '$(curl -fsSL ...jellyfin.sh)' - Enable GPU: var_gpu=yes bash -c '$(curl -fsSL ...debian.sh)' - Via default.vars: echo 'var_gpu=yes' >> /usr/local/community-scripts/default.vars - Via advanced settings wizard (Step 19) * fix: tput rmcup timing, GPU line indentation, echo_default GPU display * style: add GPU icon variable for consistent formatting	2025-12-08 13:52:30 +01:00
community-scripts-pr-app[bot]	a5d017c83b	Update versions.json (#9773 ) Co-authored-by: GitHub Actions[bot] <github-actions[bot]@users.noreply.github.com>	2025-12-08 13:06:10 +01:00
community-scripts-pr-app[bot]	5378d822f8	Update CHANGELOG.md (#9772 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2025-12-08 10:38:33 +00:00
Vincent Martens	243cb34d47	tandoor instead of trandoor (#9771 )	2025-12-08 11:38:08 +01:00