fix(termix): fix nginx pid path and log paths on update (#14410 )

- Replace outdated 'pid /app/nginx' deletion with proper replacement of 'pid /tmp/nginx/nginx.pid;' -> 'pid /run/nginx.pid;' - Add sed to redirect error_log from /tmp/nginx/ to /var/log/nginx/ - Add sed to redirect access_log from /tmp/nginx/ to /var/log/nginx/ Fixes: nginx: open() '/tmp/nginx/nginx.pid' failed (2: No such file or directory)
Update CHANGELOG.md (#14408 )
2026-05-15 13:04:56 +02:00 · 2026-05-11 20:14:12 +02:00 · 2026-05-11 13:55:20 +00:00 · 2026-05-11 15:54:38 +02:00 · 2026-05-11 08:18:12 +00:00 · 2026-05-11 10:17:50 +02:00
121 changed files with 5962 additions and 970 deletions
--- a/.github/changelogs/2026/04.md
+++ b/.github/changelogs/2026/04.md
@@ -1,3 +1,110 @@
+## 2026-04-30
+
+### 🆕 New Scripts
+
+  - Nagios ([#14126](https://github.com/community-scripts/ProxmoxVE/pull/14126))
+- Neko ([#14121](https://github.com/community-scripts/ProxmoxVE/pull/14121))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - alpine-docker: install openssl as core dependency | alpine-komodo: check & install openssl if missing [@MickLesk](https://github.com/MickLesk) ([#14134](https://github.com/community-scripts/ProxmoxVE/pull/14134))
+    - endurain: update source references to Codeberg [@MickLesk](https://github.com/MickLesk) ([#14128](https://github.com/community-scripts/ProxmoxVE/pull/14128))
+
+### 💾 Core
+
+  - #### 🔧 Refactor
+
+    - tools.func: Manage minor versions for MongoDB 8.x [@tremor021](https://github.com/tremor021) ([#14131](https://github.com/community-scripts/ProxmoxVE/pull/14131))
+
+## 2026-04-29
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - GrayLog: MongoDB update to 8.2.x [@tremor021](https://github.com/tremor021) ([#14114](https://github.com/community-scripts/ProxmoxVE/pull/14114))
+    - Graylog: Better information in the log file [@tremor021](https://github.com/tremor021) ([#14110](https://github.com/community-scripts/ProxmoxVE/pull/14110))
+
+  - #### 🔧 Refactor
+
+    - Refactor: checkMK [@MickLesk](https://github.com/MickLesk) ([#14105](https://github.com/community-scripts/ProxmoxVE/pull/14105))
+    - PatchMon: Unpin release [@tremor021](https://github.com/tremor021) ([#14097](https://github.com/community-scripts/ProxmoxVE/pull/14097))
+
+### 💾 Core
+
+  - #### 🔧 Refactor
+
+    - core: add guidance when storage lacks rootdir support [@MickLesk](https://github.com/MickLesk) ([#14108](https://github.com/community-scripts/ProxmoxVE/pull/14108))
+
+## 2026-04-28
+
+### 🆕 New Scripts
+
+  - StoryBook ([#14081](https://github.com/community-scripts/ProxmoxVE/pull/14081))
+- CoreDNS ([#14082](https://github.com/community-scripts/ProxmoxVE/pull/14082))
+
+### 🚀 Updated Scripts
+
+  - Fix Dawarich Install/Update [@Jerry1098](https://github.com/Jerry1098) ([#14078](https://github.com/community-scripts/ProxmoxVE/pull/14078))
+
+  - #### ✨ New Features
+
+    - PatchMon Version 2.0.2 Script update [@9technologygroup](https://github.com/9technologygroup) ([#14095](https://github.com/community-scripts/ProxmoxVE/pull/14095))
+
+## 2026-04-27
+
+### 🚀 Updated Scripts
+
+  - Add pamUsername column to userOrgs table [@JVKeller](https://github.com/JVKeller) ([#14075](https://github.com/community-scripts/ProxmoxVE/pull/14075))
+
+  - #### 🐞 Bug Fixes
+
+    - Dawarich: run db:migrate before assets:precompile [@MickLesk](https://github.com/MickLesk) ([#14051](https://github.com/community-scripts/ProxmoxVE/pull/14051))
+    - TechnitiumDNS: always install .NET 10 if not already present [@MickLesk](https://github.com/MickLesk) ([#14049](https://github.com/community-scripts/ProxmoxVE/pull/14049))
+
+  - #### 💥 Breaking Changes
+
+    - PatchMon: v2.0.0 migration [@vhsdream](https://github.com/vhsdream) ([#14015](https://github.com/community-scripts/ProxmoxVE/pull/14015))
+
+### 💾 Core
+
+  - #### 🔧 Refactor
+
+    - Update build.func - fixed spelling mistake [@m1ckywill](https://github.com/m1ckywill) ([#14047](https://github.com/community-scripts/ProxmoxVE/pull/14047))
+
+### 🧰 Tools
+
+  - #### 🐞 Bug Fixes
+
+    - update-lxcs/apps: avoid pct exec on containers mid-shutdown [@MickLesk](https://github.com/MickLesk) ([#14050](https://github.com/community-scripts/ProxmoxVE/pull/14050))
+
+  - #### ✨ New Features
+
+    - Add patchmon-agent report execution in update script [@heinemannj](https://github.com/heinemannj) ([#14054](https://github.com/community-scripts/ProxmoxVE/pull/14054))
+
+## 2026-04-26
+
+### 🆕 New Scripts
+
+  - TREK ([#14017](https://github.com/community-scripts/ProxmoxVE/pull/14017))
+
+### 🚀 Updated Scripts
+
+  - fix(2fauth): handle stale backup directory on update [@omertahaoztop](https://github.com/omertahaoztop) ([#14018](https://github.com/community-scripts/ProxmoxVE/pull/14018))
+
+  - #### 🐞 Bug Fixes
+
+    -  Increase Frigate default CPU cores from 4 to 8 [@MickLesk](https://github.com/MickLesk) ([#14039](https://github.com/community-scripts/ProxmoxVE/pull/14039))
+    - Technitium DNS: Ensure directories exist before running service [@tremor021](https://github.com/tremor021) ([#14030](https://github.com/community-scripts/ProxmoxVE/pull/14030))
+
+### 💾 Core
+
+  - #### 🐞 Bug Fixes
+
+    - core: Correct deb822 repository flat path detection [@MickLesk](https://github.com/MickLesk) ([#14037](https://github.com/community-scripts/ProxmoxVE/pull/14037))
+
 ## 2026-04-25

 ### 🚀 Updated Scripts
--- a/.github/changelogs/2026/05.md
+++ b/.github/changelogs/2026/05.md
@@ -0,0 +1,173 @@
+## 2026-05-09
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - FlowiseAI: Migrate to pnpm [@MickLesk](https://github.com/MickLesk) ([#14344](https://github.com/community-scripts/ProxmoxVE/pull/14344))
+    - Purge openresty [@lucacome](https://github.com/lucacome) ([#14353](https://github.com/community-scripts/ProxmoxVE/pull/14353))
+    - Check for release for Sonarr [@lucacome](https://github.com/lucacome) ([#14354](https://github.com/community-scripts/ProxmoxVE/pull/14354))
+    - fix(termix-install.sh): add tmpfiles.d persistence and systemd PIDFile path [@runnylogan](https://github.com/runnylogan) ([#14350](https://github.com/community-scripts/ProxmoxVE/pull/14350))
+    - ERPNext: start bench Redis services before bench new-site [@MickLesk](https://github.com/MickLesk) ([#14343](https://github.com/community-scripts/ProxmoxVE/pull/14343))
+    - [Hotfix]Jotty: use absolute path when creating data dir [@vhsdream](https://github.com/vhsdream) ([#14355](https://github.com/community-scripts/ProxmoxVE/pull/14355))
+
+## 2026-05-08
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - wishlist: pin pnpm to v10 to match engine requirements [@MickLesk](https://github.com/MickLesk) ([#14342](https://github.com/community-scripts/ProxmoxVE/pull/14342))
+    - [pelican] fix env copy regression [@LetterN](https://github.com/LetterN) ([#14328](https://github.com/community-scripts/ProxmoxVE/pull/14328))
+    - fix(homepage): fix ERR_PNPM_IGNORED_BUILDS error [@Sergih28](https://github.com/Sergih28) ([#14315](https://github.com/community-scripts/ProxmoxVE/pull/14315))
+
+  - #### ✨ New Features
+
+    - tools.func: add setup_nltk as new function [@MickLesk](https://github.com/MickLesk) ([#14314](https://github.com/community-scripts/ProxmoxVE/pull/14314))
+
+### 💾 Core
+
+  - #### 🐞 Bug Fixes
+
+    - tools.func: fix meilisearch import-dump background process handling [@MickLesk](https://github.com/MickLesk) ([#14341](https://github.com/community-scripts/ProxmoxVE/pull/14341))
+
+## 2026-05-07
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - termix: create /tmp/nginx before nginx -t [@MickLesk](https://github.com/MickLesk) ([#14312](https://github.com/community-scripts/ProxmoxVE/pull/14312))
+    - The Lounge: Fix service not starting automaticaly [@tremor021](https://github.com/tremor021) ([#14311](https://github.com/community-scripts/ProxmoxVE/pull/14311))
+    - netbird-lxc: fix installation check [@MickLesk](https://github.com/MickLesk) ([#14309](https://github.com/community-scripts/ProxmoxVE/pull/14309))
+    - databasus: Backup and secure configuration file [@MickLesk](https://github.com/MickLesk) ([#14308](https://github.com/community-scripts/ProxmoxVE/pull/14308))
+    - vm: update disk image URL for Ubuntu 25.04 [@MickLesk](https://github.com/MickLesk) ([#14290](https://github.com/community-scripts/ProxmoxVE/pull/14290))
+
+  - #### ✨ New Features
+
+    - pangolin: bump version to 1.18.3 [@MickLesk](https://github.com/MickLesk) ([#14297](https://github.com/community-scripts/ProxmoxVE/pull/14297))
+
+### 🗑️ Deleted Scripts
+
+  - Remove: LiteLLM [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#14294](https://github.com/community-scripts/ProxmoxVE/pull/14294))
+
+### 💾 Core
+
+  - #### ✨ New Features
+
+    - update-apps: some  improvements [@MickLesk](https://github.com/MickLesk) ([#14275](https://github.com/community-scripts/ProxmoxVE/pull/14275))
+
+## 2026-05-06
+
+### 🆕 New Scripts
+
+  - Hoodik ([#14279](https://github.com/community-scripts/ProxmoxVE/pull/14279))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Pelican-Panel: create backup subdirectory before copying storage [@MickLesk](https://github.com/MickLesk) ([#14274](https://github.com/community-scripts/ProxmoxVE/pull/14274))
+    - Rustdeskserver: remove redundant else with undefined RELEASE var [@MickLesk](https://github.com/MickLesk) ([#14272](https://github.com/community-scripts/ProxmoxVE/pull/14272))
+
+### 🧰 Tools
+
+  - #### 🔧 Refactor
+
+    - AdguardHome-Sync replace ifconfig with hostname -I for IP detection [@MickLesk](https://github.com/MickLesk) ([#14273](https://github.com/community-scripts/ProxmoxVE/pull/14273))
+
+## 2026-05-05
+
+### 🆕 New Scripts
+
+  - LibreChat ([#14247](https://github.com/community-scripts/ProxmoxVE/pull/14247))
+- Matomo ([#14248](https://github.com/community-scripts/ProxmoxVE/pull/14248))
+- Storyteller ([#14122](https://github.com/community-scripts/ProxmoxVE/pull/14122))
+
+### 🧰 Tools
+
+  - Fix container count message in update-apps.sh [@Quotacious](https://github.com/Quotacious) ([#14265](https://github.com/community-scripts/ProxmoxVE/pull/14265))
+
+## 2026-05-04
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Databasus: move .env to filesystem root so service starts correctly [@Copilot](https://github.com/Copilot) ([#14252](https://github.com/community-scripts/ProxmoxVE/pull/14252))
+    - Databasus: update mongo-tools fallback to 100.16.1 and use now pnpm instead of npm ci [@MickLesk](https://github.com/MickLesk) ([#14240](https://github.com/community-scripts/ProxmoxVE/pull/14240))
+
+### 💾 Core
+
+  - #### ✨ New Features
+
+    - tools.func get_latest_gh_tag - add pagination to find prefixed tags beyond first 50 [@MickLesk](https://github.com/MickLesk) ([#14241](https://github.com/community-scripts/ProxmoxVE/pull/14241))
+    - tools.func: add GitLab release check/fetch/deploy helpers [@MickLesk](https://github.com/MickLesk) ([#14242](https://github.com/community-scripts/ProxmoxVE/pull/14242))
+
+## 2026-05-03
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Hortusfox: fix update issues [@tomfrenzel](https://github.com/tomfrenzel) ([#14214](https://github.com/community-scripts/ProxmoxVE/pull/14214))
+
+  - #### ✨ New Features
+
+    - Refactor: PeaNUT for v6 [@MickLesk](https://github.com/MickLesk) ([#14224](https://github.com/community-scripts/ProxmoxVE/pull/14224))
+    - pangolin: pin version, drop manual SQL, use upstream migrator [@MickLesk](https://github.com/MickLesk) ([#14223](https://github.com/community-scripts/ProxmoxVE/pull/14223))
+
+### 💾 Core
+
+  - #### 🐞 Bug Fixes
+
+    - core: fix validate_bridge function [@MichaelOultram](https://github.com/MichaelOultram) ([#14206](https://github.com/community-scripts/ProxmoxVE/pull/14206))
+
+### 🧰 Tools
+
+  - #### 🐞 Bug Fixes
+
+    - pve/pbs scripts: guard sed against missing /etc/apt/sources.list [@MickLesk](https://github.com/MickLesk) ([#14222](https://github.com/community-scripts/ProxmoxVE/pull/14222))
+
+## 2026-05-02
+
+### 🆕 New Scripts
+
+  - protonmail-bridge ([#14136](https://github.com/community-scripts/ProxmoxVE/pull/14136))
+- Tube Archivist ([#14123](https://github.com/community-scripts/ProxmoxVE/pull/14123))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Nagios: Ping fix [@tremor021](https://github.com/tremor021) ([#14186](https://github.com/community-scripts/ProxmoxVE/pull/14186))
+    - opnsense-vm: retry pvesm alloc on transient zfs 'got timeout' errors [@MickLesk](https://github.com/MickLesk) ([#14157](https://github.com/community-scripts/ProxmoxVE/pull/14157))
+    - ImmichFrame: fix update by reinstalling dotnet-sdk before publish [@MickLesk](https://github.com/MickLesk) ([#14158](https://github.com/community-scripts/ProxmoxVE/pull/14158))
+    - [FIX]ShelfMark: Use UV sync for shelfmark backend build; update to Python 3.14 [@vhsdream](https://github.com/vhsdream) ([#14170](https://github.com/community-scripts/ProxmoxVE/pull/14170))
+    - alpine: remove deb/ubuntu-only resource & storage checks from update-script [@MickLesk](https://github.com/MickLesk) ([#14166](https://github.com/community-scripts/ProxmoxVE/pull/14166))
+    - Threadfin: use 'threadfin-app' as app name to avoid version-file clash  [@MickLesk](https://github.com/MickLesk) ([#14159](https://github.com/community-scripts/ProxmoxVE/pull/14159))
+
+### 💾 Core
+
+  - #### ✨ New Features
+
+    - core: prompt to also run installed addon update scripts (…/bin/update_*) after update_script [@MickLesk](https://github.com/MickLesk) ([#14162](https://github.com/community-scripts/ProxmoxVE/pull/14162))
+
+## 2026-05-01
+
+### 🆕 New Scripts
+
+  - SoulSync ([#14124](https://github.com/community-scripts/ProxmoxVE/pull/14124))
+- Teable ([#14125](https://github.com/community-scripts/ProxmoxVE/pull/14125))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Step ca update [@heinemannj](https://github.com/heinemannj) ([#14058](https://github.com/community-scripts/ProxmoxVE/pull/14058))
+    - paperless-ngx: refresh NLTK data on update [@kurtislanderson](https://github.com/kurtislanderson) ([#14144](https://github.com/community-scripts/ProxmoxVE/pull/14144))
+    - [Pelican Panel] stop deleting the public storage [@LetterN](https://github.com/LetterN) ([#14145](https://github.com/community-scripts/ProxmoxVE/pull/14145))
+
+  - #### 🔧 Refactor
+
+    - Mail-Archiver: update dependencies [@tremor021](https://github.com/tremor021) ([#14152](https://github.com/community-scripts/ProxmoxVE/pull/14152))
--- a/.github/workflows/close_issue_in_dev.yaml
+++ b/.github/workflows/close_issue_in_dev.yaml
@@ -62,10 +62,10 @@ jobs:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          issues=$(gh issue list --repo community-scripts/ProxmoxVED --json number,title --jq '.[] | {number, title}')
-          
+
          best_match_score=0
          best_match_number=0
-          
+
          for issue in $(echo "$issues" | jq -r '. | @base64'); do
            _jq() {
              echo ${issue} | base64 --decode | jq -r ${1}
@@ -113,7 +113,8 @@ jobs:
            const http = require('http');
            const url = require('url');

-            function request(fullUrl, opts) {
+            function request(fullUrl, opts, redirectsLeft) {
+              if (redirectsLeft === undefined) redirectsLeft = 5;
              return new Promise(function(resolve, reject) {
                const u = url.parse(fullUrl);
                const isHttps = u.protocol === 'https:';
@@ -128,6 +129,19 @@ jobs:
                if (body) options.headers['Content-Length'] = Buffer.byteLength(body);
                const lib = isHttps ? https : http;
                const req = lib.request(options, function(res) {
+                  // Follow redirects (301/302/307/308)
+                  if ([301, 302, 307, 308].indexOf(res.statusCode) !== -1 && res.headers.location && redirectsLeft > 0) {
+                    res.resume();
+                    const nextUrl = url.resolve(fullUrl, res.headers.location);
+                    // For 301/302, browsers historically downgrade to GET; preserve method for 307/308.
+                    const nextOpts = Object.assign({}, opts);
+                    if (res.statusCode === 301 || res.statusCode === 302) {
+                      nextOpts.method = 'GET';
+                      delete nextOpts.body;
+                    }
+                    resolve(request(nextUrl, nextOpts, redirectsLeft - 1));
+                    return;
+                  }
                  let data = '';
                  res.on('data', function(chunk) { data += chunk; });
                  res.on('end', function() {
--- a/.github/workflows/pocketbase-bot.yml
+++ b/.github/workflows/pocketbase-bot.yml
@@ -7,7 +7,7 @@ on:
 permissions:
  issues: write
  pull-requests: write
-  contents: read
+  contents: write

 jobs:
  pocketbase-bot:
@@ -95,6 +95,149 @@ jobs:
              return request('https://api.github.com' + path, { method: method || 'GET', headers, body: bodyStr });
            }

+            function encodeContentPath(filePath) {
+              return filePath.split('/').map(encodeURIComponent).join('/');
+            }
+
+            function decodeGitHubContent(content) {
+              return Buffer.from((content || '').replace(/\n/g, ''), 'base64').toString('utf8');
+            }
+
+            function sanitizeBranchPart(value) {
+              return (value || '')
+                .toLowerCase()
+                .replace(/[^a-z0-9._/-]+/g, '-')
+                .replace(/\/+/g, '/')
+                .replace(/^-+|-+$/g, '');
+            }
+
+            function applyCtDefaultChanges(scriptText, varChanges) {
+              let nextText = scriptText;
+              const updatedVars = [];
+              const unchangedVars = [];
+              for (const [varName, rawValue] of Object.entries(varChanges)) {
+                const newValue = String(rawValue);
+                const pattern = new RegExp('(^\\s*' + varName + '="\\$\\{' + varName + ':-)([^"}]*)(\\}"\\s*$)', 'm');
+                const match = nextText.match(pattern);
+                if (!match) continue;
+                if (match[2] === newValue) {
+                  unchangedVars.push(varName);
+                  continue;
+                }
+                nextText = nextText.replace(pattern, '$1' + newValue + '$3');
+                updatedVars.push(varName);
+              }
+              return { nextText, updatedVars, unchangedVars };
+            }
+
+            async function ensureBranch(defaultBranch, branchName) {
+              const branchRefRes = await ghRequest('/repos/' + owner + '/' + repo + '/git/ref/heads/' + encodeURIComponent(branchName));
+              if (branchRefRes.ok) return;
+
+              const defaultRefRes = await ghRequest('/repos/' + owner + '/' + repo + '/git/ref/heads/' + encodeURIComponent(defaultBranch));
+              if (!defaultRefRes.ok) {
+                throw new Error('Could not read default branch ref: ' + defaultRefRes.body);
+              }
+              const defaultRef = JSON.parse(defaultRefRes.body);
+              const createBranchRes = await ghRequest('/repos/' + owner + '/' + repo + '/git/refs', 'POST', {
+                ref: 'refs/heads/' + branchName,
+                sha: defaultRef.object.sha
+              });
+              if (!createBranchRes.ok) {
+                throw new Error('Could not create branch: ' + createBranchRes.body);
+              }
+            }
+
+            async function upsertCtDefaultsPr(slugValue, varChanges) {
+              const wantedEntries = Object.entries(varChanges || {}).filter(function ([, v]) {
+                return v !== undefined && v !== null && String(v) !== '';
+              });
+              if (wantedEntries.length === 0) {
+                return { status: 'skipped', reason: 'No mapped CT defaults changed.' };
+              }
+
+              const repoRes = await ghRequest('/repos/' + owner + '/' + repo);
+              if (!repoRes.ok) {
+                throw new Error('Could not read repository metadata: ' + repoRes.body);
+              }
+              const repoInfo = JSON.parse(repoRes.body);
+              const defaultBranch = repoInfo.default_branch;
+
+              const ctPath = 'ct/' + slugValue + '.sh';
+              const encodedCtPath = encodeContentPath(ctPath);
+              const defaultFileRes = await ghRequest('/repos/' + owner + '/' + repo + '/contents/' + encodedCtPath + '?ref=' + encodeURIComponent(defaultBranch));
+              if (defaultFileRes.statusCode === 404) {
+                return { status: 'skipped', reason: 'No matching CT file found at `' + ctPath + '`.' };
+              }
+              if (!defaultFileRes.ok) {
+                throw new Error('Could not read CT file from default branch: ' + defaultFileRes.body);
+              }
+
+              const branchName = 'pocketbase-sync/' + sanitizeBranchPart(slugValue || 'unknown');
+              await ensureBranch(defaultBranch, branchName);
+
+              const branchFileRes = await ghRequest('/repos/' + owner + '/' + repo + '/contents/' + encodedCtPath + '?ref=' + encodeURIComponent(branchName));
+              if (!branchFileRes.ok) {
+                throw new Error('Could not read CT file from sync branch: ' + branchFileRes.body);
+              }
+              const branchFile = JSON.parse(branchFileRes.body);
+              const currentBranchText = decodeGitHubContent(branchFile.content);
+
+              const updateResult = applyCtDefaultChanges(currentBranchText, Object.fromEntries(wantedEntries));
+              if (updateResult.updatedVars.length === 0) {
+                return { status: 'skipped', reason: 'CT defaults already up to date.', unchangedVars: updateResult.unchangedVars };
+              }
+
+              const commitMessage = 'chore(ct): sync ' + slugValue + ' defaults from PocketBase';
+              const putRes = await ghRequest('/repos/' + owner + '/' + repo + '/contents/' + encodedCtPath, 'PUT', {
+                message: commitMessage,
+                content: Buffer.from(updateResult.nextText, 'utf8').toString('base64'),
+                sha: branchFile.sha,
+                branch: branchName
+              });
+              if (!putRes.ok) {
+                throw new Error('Could not update CT file: ' + putRes.body);
+              }
+
+              const openPrRes = await ghRequest(
+                '/repos/' + owner + '/' + repo + '/pulls?state=open&head=' + encodeURIComponent(owner + ':' + branchName) + '&base=' + encodeURIComponent(defaultBranch)
+              );
+              if (!openPrRes.ok) {
+                throw new Error('Could not query existing PRs: ' + openPrRes.body);
+              }
+              const openPrs = JSON.parse(openPrRes.body);
+              if (openPrs.length > 0) {
+                return { status: 'updated', prUrl: openPrs[0].html_url, updatedVars: updateResult.updatedVars };
+              }
+
+              const prTitle = 'chore(ct): sync ' + slugValue + ' defaults with PocketBase';
+              const prBody =
+                '## Summary\n' +
+                '- Sync default CT variables for `' + slugValue + '` after `/pocketbase` update.\n' +
+                '- Updated vars: `' + updateResult.updatedVars.join('`, `') + '`.\n\n' +
+                '## Source\n' +
+                '- Triggered by @' + actor + ' via PocketBase bot.\n';
+              const createPrRes = await ghRequest('/repos/' + owner + '/' + repo + '/pulls', 'POST', {
+                title: prTitle,
+                body: prBody,
+                head: branchName,
+                base: defaultBranch
+              });
+              if (!createPrRes.ok) {
+                throw new Error('Could not create PR: ' + createPrRes.body);
+              }
+              const pr = JSON.parse(createPrRes.body);
+              return { status: 'created', prUrl: pr.html_url, updatedVars: updateResult.updatedVars };
+            }
+
+            function formatCtSyncResult(syncResult) {
+              if (!syncResult) return '';
+              if (syncResult.status === 'created') return '\n\n**CT sync PR:** ' + syncResult.prUrl;
+              if (syncResult.status === 'updated') return '\n\n**CT sync PR updated:** ' + syncResult.prUrl;
+              if (syncResult.status === 'skipped') return '\n\n**CT sync skipped:** ' + syncResult.reason;
+              return '';
+            }
+
            async function addReaction(content) {
              try {
                await ghRequest(
@@ -510,6 +653,7 @@ jobs:
              const RESOURCE_KEYS = { cpu: 'number', ram: 'number', hdd: 'number', os: 'string', version: 'string' };
              const METHOD_KEYS   = { config_path: 'string', script: 'string' };
              const ALL_METHOD_KEYS = Object.assign({}, RESOURCE_KEYS, METHOD_KEYS);
+              const RESOURCE_TO_CT_VAR = { cpu: 'var_cpu', ram: 'var_ram', hdd: 'var_disk', os: 'var_os', version: 'var_version' };

              function applyMethodChanges(method, parsed) {
                if (!method.resources) method.resources = {};
@@ -550,6 +694,7 @@ jobs:
                if (addMatch) {
                  // ── METHOD ADD ───────────────────────────────────────────────
                  const newType = addMatch[1];
+                  const parsed = addMatch[2] ? parseKVPairs(addMatch[2]) : {};
                  if (methodsArr.some(function (im) { return (im.type || '').toLowerCase() === newType.toLowerCase(); })) {
                    await addReaction('-1');
                    await postComment('❌ **PocketBase Bot**: Install method `' + newType + '` already exists for `' + slug + '`.\n\nUse `/pocketbase ' + slug + ' method list` to see all methods.');
@@ -557,7 +702,6 @@ jobs:
                  }
                  const newMethod = { type: newType, resources: { cpu: 1, ram: 512, hdd: 4, os: 'debian', version: '13' } };
                  if (addMatch[2]) {
-                    const parsed = parseKVPairs(addMatch[2]);
                    const unknown = Object.keys(parsed).filter(function (k) { return !ALL_METHOD_KEYS[k]; });
                    if (unknown.length > 0) {
                      await addReaction('-1');
@@ -569,10 +713,21 @@ jobs:
                  methodsArr.push(newMethod);
                  await patchMethods(methodsArr);
                  await revalidate(slug);
+                  const addCtChanges = {};
+                  for (const [k, v] of Object.entries(parsed)) {
+                    if (RESOURCE_TO_CT_VAR[k]) addCtChanges[RESOURCE_TO_CT_VAR[k]] = v;
+                  }
+                  let addCtSync = null;
+                  try {
+                    addCtSync = await upsertCtDefaultsPr(slug, addCtChanges);
+                  } catch (e) {
+                    addCtSync = { status: 'skipped', reason: 'CT sync failed: ' + e.message };
+                  }
                  await addReaction('+1');
                  await postComment(
                    '✅ **PocketBase Bot**: Added install method **`' + newType + '`** to **`' + slug + '`**\n\n' +
                    formatMethodsList([newMethod]) + '\n\n' +
+                    formatCtSyncResult(addCtSync) + '\n\n' +
                    '*Executed by @' + actor + '*'
                  );

@@ -640,6 +795,16 @@ jobs:
                  applyMethodChanges(methodsArr[idx], parsed);
                  await patchMethods(methodsArr);
                  await revalidate(slug);
+                  const editCtChanges = {};
+                  for (const [k, v] of Object.entries(parsed)) {
+                    if (RESOURCE_TO_CT_VAR[k]) editCtChanges[RESOURCE_TO_CT_VAR[k]] = v;
+                  }
+                  let editCtSync = null;
+                  try {
+                    editCtSync = await upsertCtDefaultsPr(slug, editCtChanges);
+                  } catch (e) {
+                    editCtSync = { status: 'skipped', reason: 'CT sync failed: ' + e.message };
+                  }

                  const changesLines = Object.entries(parsed)
                    .map(function ([k, v]) {
@@ -650,6 +815,7 @@ jobs:
                  await postComment(
                    '✅ **PocketBase Bot**: Updated install method **`' + methodsArr[idx].type + '`** for **`' + slug + '`**\n\n' +
                    '**Changes applied:**\n' + changesLines + '\n\n' +
+                    formatCtSyncResult(editCtSync) + '\n\n' +
                    '*Executed by @' + actor + '*'
                  );
                }
@@ -712,9 +878,11 @@ jobs:
                project_url:      'string',
                github:           'string',
                config_path:      'string',
+                tags:             'string',
                port:             'number',
                default_user:     'nullable_string',
                default_passwd:   'nullable_string',
+                unprivileged:     'number',
                updateable:       'boolean',
                privileged:       'boolean',
                has_arm:          'boolean',
@@ -781,6 +949,17 @@ jobs:
                process.exit(1);
              }
              await revalidate(slug);
+              const FIELD_TO_CT_VAR = { tags: 'var_tags', unprivileged: 'var_unprivileged' };
+              const fieldCtChanges = {};
+              for (const [k, v] of Object.entries(payload)) {
+                if (FIELD_TO_CT_VAR[k]) fieldCtChanges[FIELD_TO_CT_VAR[k]] = v;
+              }
+              let fieldCtSync = null;
+              try {
+                fieldCtSync = await upsertCtDefaultsPr(slug, fieldCtChanges);
+              } catch (e) {
+                fieldCtSync = { status: 'skipped', reason: 'CT sync failed: ' + e.message };
+              }
              await addReaction('+1');
              const changesLines = Object.entries(payload)
                .map(function ([k, v]) { return '- `' + k + '` → `' + JSON.stringify(v) + '`'; })
@@ -788,6 +967,7 @@ jobs:
              await postComment(
                '✅ **PocketBase Bot**: Updated **`' + slug + '`** successfully!\n\n' +
                '**Changes applied:**\n' + changesLines + '\n\n' +
+                formatCtSyncResult(fieldCtSync) + '\n\n' +
                '*Executed by @' + actor + '*'
              );
            }
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -41,6 +41,12 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit



+
+
+
+
+
+



@@ -57,7 +63,14 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit


 <details>
-<summary><h4>April (25 entries)</h4></summary>
+<summary><h4>May (9 entries)</h4></summary>
+
+[View May 2026 Changelog](.github/changelogs/2026/05.md)
+
+</details>
+
+<details>
+<summary><h4>April (30 entries)</h4></summary>

 [View April 2026 Changelog](.github/changelogs/2026/04.md)

@@ -448,6 +461,297 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit

 </details>

+## 2026-05-11
+
+### 🆕 New Scripts
+
+  - solidtime ([#14392](https://github.com/community-scripts/ProxmoxVE/pull/14392))
+- shlink ([#14393](https://github.com/community-scripts/ProxmoxVE/pull/14393))
+
+### 💾 Core
+
+  - core: support optional POST_INSTALL_SCRIPT (var_post_install_script) hook  [@MickLesk](https://github.com/MickLesk) ([#14160](https://github.com/community-scripts/ProxmoxVE/pull/14160))
+
+## 2026-05-10
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Save Beszel version [@lucacome](https://github.com/lucacome) ([#14389](https://github.com/community-scripts/ProxmoxVE/pull/14389))
+    - karakeep: Fix SERVER_VERSION update [@MickLesk](https://github.com/MickLesk) ([#14378](https://github.com/community-scripts/ProxmoxVE/pull/14378))
+    - inspIRCd: Fix service not autostarting [@tremor021](https://github.com/tremor021) ([#14368](https://github.com/community-scripts/ProxmoxVE/pull/14368))
+
+  - #### 🔧 Refactor
+
+    - refactor: webcheck [@CrazyWolf13](https://github.com/CrazyWolf13) ([#14391](https://github.com/community-scripts/ProxmoxVE/pull/14391))
+
+### 💾 Core
+
+  - #### 🐞 Bug Fixes
+
+    - [tools.func]: Pin `pnpm` version [@tremor021](https://github.com/tremor021) ([#14386](https://github.com/community-scripts/ProxmoxVE/pull/14386))
+
+## 2026-05-09
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - FlowiseAI: Migrate to pnpm [@MickLesk](https://github.com/MickLesk) ([#14344](https://github.com/community-scripts/ProxmoxVE/pull/14344))
+    - Purge openresty [@lucacome](https://github.com/lucacome) ([#14353](https://github.com/community-scripts/ProxmoxVE/pull/14353))
+    - Check for release for Sonarr [@lucacome](https://github.com/lucacome) ([#14354](https://github.com/community-scripts/ProxmoxVE/pull/14354))
+    - fix(termix-install.sh): add tmpfiles.d persistence and systemd PIDFile path [@runnylogan](https://github.com/runnylogan) ([#14350](https://github.com/community-scripts/ProxmoxVE/pull/14350))
+    - ERPNext: start bench Redis services before bench new-site [@MickLesk](https://github.com/MickLesk) ([#14343](https://github.com/community-scripts/ProxmoxVE/pull/14343))
+    - [Hotfix]Jotty: use absolute path when creating data dir [@vhsdream](https://github.com/vhsdream) ([#14355](https://github.com/community-scripts/ProxmoxVE/pull/14355))
+
+## 2026-05-08
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - wishlist: pin pnpm to v10 to match engine requirements [@MickLesk](https://github.com/MickLesk) ([#14342](https://github.com/community-scripts/ProxmoxVE/pull/14342))
+    - [pelican] fix env copy regression [@LetterN](https://github.com/LetterN) ([#14328](https://github.com/community-scripts/ProxmoxVE/pull/14328))
+    - fix(homepage): fix ERR_PNPM_IGNORED_BUILDS error [@Sergih28](https://github.com/Sergih28) ([#14315](https://github.com/community-scripts/ProxmoxVE/pull/14315))
+
+  - #### ✨ New Features
+
+    - tools.func: add setup_nltk as new function [@MickLesk](https://github.com/MickLesk) ([#14314](https://github.com/community-scripts/ProxmoxVE/pull/14314))
+
+### 💾 Core
+
+  - #### 🐞 Bug Fixes
+
+    - tools.func: fix meilisearch import-dump background process handling [@MickLesk](https://github.com/MickLesk) ([#14341](https://github.com/community-scripts/ProxmoxVE/pull/14341))
+
+## 2026-05-07
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - termix: create /tmp/nginx before nginx -t [@MickLesk](https://github.com/MickLesk) ([#14312](https://github.com/community-scripts/ProxmoxVE/pull/14312))
+    - The Lounge: Fix service not starting automaticaly [@tremor021](https://github.com/tremor021) ([#14311](https://github.com/community-scripts/ProxmoxVE/pull/14311))
+    - netbird-lxc: fix installation check [@MickLesk](https://github.com/MickLesk) ([#14309](https://github.com/community-scripts/ProxmoxVE/pull/14309))
+    - databasus: Backup and secure configuration file [@MickLesk](https://github.com/MickLesk) ([#14308](https://github.com/community-scripts/ProxmoxVE/pull/14308))
+    - vm: update disk image URL for Ubuntu 25.04 [@MickLesk](https://github.com/MickLesk) ([#14290](https://github.com/community-scripts/ProxmoxVE/pull/14290))
+
+  - #### ✨ New Features
+
+    - pangolin: bump version to 1.18.3 [@MickLesk](https://github.com/MickLesk) ([#14297](https://github.com/community-scripts/ProxmoxVE/pull/14297))
+
+### 🗑️ Deleted Scripts
+
+  - Remove: LiteLLM [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#14294](https://github.com/community-scripts/ProxmoxVE/pull/14294))
+
+### 💾 Core
+
+  - #### ✨ New Features
+
+    - update-apps: some  improvements [@MickLesk](https://github.com/MickLesk) ([#14275](https://github.com/community-scripts/ProxmoxVE/pull/14275))
+
+## 2026-05-06
+
+### 🆕 New Scripts
+
+  - Hoodik ([#14279](https://github.com/community-scripts/ProxmoxVE/pull/14279))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Pelican-Panel: create backup subdirectory before copying storage [@MickLesk](https://github.com/MickLesk) ([#14274](https://github.com/community-scripts/ProxmoxVE/pull/14274))
+    - Rustdeskserver: remove redundant else with undefined RELEASE var [@MickLesk](https://github.com/MickLesk) ([#14272](https://github.com/community-scripts/ProxmoxVE/pull/14272))
+
+### 🧰 Tools
+
+  - #### 🔧 Refactor
+
+    - AdguardHome-Sync replace ifconfig with hostname -I for IP detection [@MickLesk](https://github.com/MickLesk) ([#14273](https://github.com/community-scripts/ProxmoxVE/pull/14273))
+
+## 2026-05-05
+
+### 🆕 New Scripts
+
+  - LibreChat ([#14247](https://github.com/community-scripts/ProxmoxVE/pull/14247))
+- Matomo ([#14248](https://github.com/community-scripts/ProxmoxVE/pull/14248))
+- Storyteller ([#14122](https://github.com/community-scripts/ProxmoxVE/pull/14122))
+
+### 🧰 Tools
+
+  - Fix container count message in update-apps.sh [@Quotacious](https://github.com/Quotacious) ([#14265](https://github.com/community-scripts/ProxmoxVE/pull/14265))
+
+## 2026-05-04
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Databasus: move .env to filesystem root so service starts correctly [@Copilot](https://github.com/Copilot) ([#14252](https://github.com/community-scripts/ProxmoxVE/pull/14252))
+    - Databasus: update mongo-tools fallback to 100.16.1 and use now pnpm instead of npm ci [@MickLesk](https://github.com/MickLesk) ([#14240](https://github.com/community-scripts/ProxmoxVE/pull/14240))
+
+### 💾 Core
+
+  - #### ✨ New Features
+
+    - tools.func get_latest_gh_tag - add pagination to find prefixed tags beyond first 50 [@MickLesk](https://github.com/MickLesk) ([#14241](https://github.com/community-scripts/ProxmoxVE/pull/14241))
+    - tools.func: add GitLab release check/fetch/deploy helpers [@MickLesk](https://github.com/MickLesk) ([#14242](https://github.com/community-scripts/ProxmoxVE/pull/14242))
+
+## 2026-05-03
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Hortusfox: fix update issues [@tomfrenzel](https://github.com/tomfrenzel) ([#14214](https://github.com/community-scripts/ProxmoxVE/pull/14214))
+
+  - #### ✨ New Features
+
+    - Refactor: PeaNUT for v6 [@MickLesk](https://github.com/MickLesk) ([#14224](https://github.com/community-scripts/ProxmoxVE/pull/14224))
+    - pangolin: pin version, drop manual SQL, use upstream migrator [@MickLesk](https://github.com/MickLesk) ([#14223](https://github.com/community-scripts/ProxmoxVE/pull/14223))
+
+### 💾 Core
+
+  - #### 🐞 Bug Fixes
+
+    - core: fix validate_bridge function [@MichaelOultram](https://github.com/MichaelOultram) ([#14206](https://github.com/community-scripts/ProxmoxVE/pull/14206))
+
+### 🧰 Tools
+
+  - #### 🐞 Bug Fixes
+
+    - pve/pbs scripts: guard sed against missing /etc/apt/sources.list [@MickLesk](https://github.com/MickLesk) ([#14222](https://github.com/community-scripts/ProxmoxVE/pull/14222))
+
+## 2026-05-02
+
+### 🆕 New Scripts
+
+  - protonmail-bridge ([#14136](https://github.com/community-scripts/ProxmoxVE/pull/14136))
+- Tube Archivist ([#14123](https://github.com/community-scripts/ProxmoxVE/pull/14123))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Nagios: Ping fix [@tremor021](https://github.com/tremor021) ([#14186](https://github.com/community-scripts/ProxmoxVE/pull/14186))
+    - opnsense-vm: retry pvesm alloc on transient zfs 'got timeout' errors [@MickLesk](https://github.com/MickLesk) ([#14157](https://github.com/community-scripts/ProxmoxVE/pull/14157))
+    - ImmichFrame: fix update by reinstalling dotnet-sdk before publish [@MickLesk](https://github.com/MickLesk) ([#14158](https://github.com/community-scripts/ProxmoxVE/pull/14158))
+    - [FIX]ShelfMark: Use UV sync for shelfmark backend build; update to Python 3.14 [@vhsdream](https://github.com/vhsdream) ([#14170](https://github.com/community-scripts/ProxmoxVE/pull/14170))
+    - alpine: remove deb/ubuntu-only resource & storage checks from update-script [@MickLesk](https://github.com/MickLesk) ([#14166](https://github.com/community-scripts/ProxmoxVE/pull/14166))
+    - Threadfin: use 'threadfin-app' as app name to avoid version-file clash  [@MickLesk](https://github.com/MickLesk) ([#14159](https://github.com/community-scripts/ProxmoxVE/pull/14159))
+
+### 💾 Core
+
+  - #### ✨ New Features
+
+    - core: prompt to also run installed addon update scripts (…/bin/update_*) after update_script [@MickLesk](https://github.com/MickLesk) ([#14162](https://github.com/community-scripts/ProxmoxVE/pull/14162))
+
+## 2026-05-01
+
+### 🆕 New Scripts
+
+  - SoulSync ([#14124](https://github.com/community-scripts/ProxmoxVE/pull/14124))
+- Teable ([#14125](https://github.com/community-scripts/ProxmoxVE/pull/14125))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Step ca update [@heinemannj](https://github.com/heinemannj) ([#14058](https://github.com/community-scripts/ProxmoxVE/pull/14058))
+    - paperless-ngx: refresh NLTK data on update [@kurtislanderson](https://github.com/kurtislanderson) ([#14144](https://github.com/community-scripts/ProxmoxVE/pull/14144))
+    - [Pelican Panel] stop deleting the public storage [@LetterN](https://github.com/LetterN) ([#14145](https://github.com/community-scripts/ProxmoxVE/pull/14145))
+
+  - #### 🔧 Refactor
+
+    - Mail-Archiver: update dependencies [@tremor021](https://github.com/tremor021) ([#14152](https://github.com/community-scripts/ProxmoxVE/pull/14152))
+
+## 2026-04-30
+
+### 🆕 New Scripts
+
+  - Nagios ([#14126](https://github.com/community-scripts/ProxmoxVE/pull/14126))
+- Neko ([#14121](https://github.com/community-scripts/ProxmoxVE/pull/14121))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - alpine-docker: install openssl as core dependency | alpine-komodo: check & install openssl if missing [@MickLesk](https://github.com/MickLesk) ([#14134](https://github.com/community-scripts/ProxmoxVE/pull/14134))
+    - endurain: update source references to Codeberg [@MickLesk](https://github.com/MickLesk) ([#14128](https://github.com/community-scripts/ProxmoxVE/pull/14128))
+
+### 💾 Core
+
+  - #### 🔧 Refactor
+
+    - tools.func: Manage minor versions for MongoDB 8.x [@tremor021](https://github.com/tremor021) ([#14131](https://github.com/community-scripts/ProxmoxVE/pull/14131))
+
+## 2026-04-29
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - GrayLog: MongoDB update to 8.2.x [@tremor021](https://github.com/tremor021) ([#14114](https://github.com/community-scripts/ProxmoxVE/pull/14114))
+    - Graylog: Better information in the log file [@tremor021](https://github.com/tremor021) ([#14110](https://github.com/community-scripts/ProxmoxVE/pull/14110))
+
+  - #### 🔧 Refactor
+
+    - Refactor: checkMK [@MickLesk](https://github.com/MickLesk) ([#14105](https://github.com/community-scripts/ProxmoxVE/pull/14105))
+    - PatchMon: Unpin release [@tremor021](https://github.com/tremor021) ([#14097](https://github.com/community-scripts/ProxmoxVE/pull/14097))
+
+### 💾 Core
+
+  - #### 🔧 Refactor
+
+    - core: add guidance when storage lacks rootdir support [@MickLesk](https://github.com/MickLesk) ([#14108](https://github.com/community-scripts/ProxmoxVE/pull/14108))
+
+## 2026-04-28
+
+### 🆕 New Scripts
+
+  - StoryBook ([#14081](https://github.com/community-scripts/ProxmoxVE/pull/14081))
+- CoreDNS ([#14082](https://github.com/community-scripts/ProxmoxVE/pull/14082))
+
+### 🚀 Updated Scripts
+
+  - Fix Dawarich Install/Update [@Jerry1098](https://github.com/Jerry1098) ([#14078](https://github.com/community-scripts/ProxmoxVE/pull/14078))
+
+  - #### ✨ New Features
+
+    - PatchMon Version 2.0.2 Script update [@9technologygroup](https://github.com/9technologygroup) ([#14095](https://github.com/community-scripts/ProxmoxVE/pull/14095))
+
+## 2026-04-27
+
+### 🚀 Updated Scripts
+
+  - Add pamUsername column to userOrgs table [@JVKeller](https://github.com/JVKeller) ([#14075](https://github.com/community-scripts/ProxmoxVE/pull/14075))
+
+  - #### 🐞 Bug Fixes
+
+    - Dawarich: run db:migrate before assets:precompile [@MickLesk](https://github.com/MickLesk) ([#14051](https://github.com/community-scripts/ProxmoxVE/pull/14051))
+    - TechnitiumDNS: always install .NET 10 if not already present [@MickLesk](https://github.com/MickLesk) ([#14049](https://github.com/community-scripts/ProxmoxVE/pull/14049))
+
+  - #### 💥 Breaking Changes
+
+    - PatchMon: v2.0.0 migration [@vhsdream](https://github.com/vhsdream) ([#14015](https://github.com/community-scripts/ProxmoxVE/pull/14015))
+
+### 💾 Core
+
+  - #### 🔧 Refactor
+
+    - Update build.func - fixed spelling mistake [@m1ckywill](https://github.com/m1ckywill) ([#14047](https://github.com/community-scripts/ProxmoxVE/pull/14047))
+
+### 🧰 Tools
+
+  - #### 🐞 Bug Fixes
+
+    - update-lxcs/apps: avoid pct exec on containers mid-shutdown [@MickLesk](https://github.com/MickLesk) ([#14050](https://github.com/community-scripts/ProxmoxVE/pull/14050))
+
+  - #### ✨ New Features
+
+    - Add patchmon-agent report execution in update script [@heinemannj](https://github.com/heinemannj) ([#14054](https://github.com/community-scripts/ProxmoxVE/pull/14054))
+
 ## 2026-04-26

 ### 🆕 New Scripts
@@ -798,237 +1102,4 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit

  - #### 🔧 Refactor

-    - addons: Filebrowser & Filebrowser-Quantum get warning if host install [@MickLesk](https://github.com/MickLesk) ([#13639](https://github.com/community-scripts/ProxmoxVE/pull/13639))
-
-## 2026-04-09
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - boostack: add: git [@CrazyWolf13](https://github.com/CrazyWolf13) ([#13620](https://github.com/community-scripts/ProxmoxVE/pull/13620))
-
-  - #### ✨ New Features
-
-    - Update OPNsense version from 25.7 to 26.1 [@tdn131](https://github.com/tdn131) ([#13626](https://github.com/community-scripts/ProxmoxVE/pull/13626))
-    - CheckMK: Bump Default OS to 13 (trixie) + dynamic codename + fix RELEASE-Tag Fetching [@MickLesk](https://github.com/MickLesk) ([#13610](https://github.com/community-scripts/ProxmoxVE/pull/13610))
-
-## 2026-04-08
-
-### 🆕 New Scripts
-
-  - IronClaw | Alpine-IronClaw ([#13591](https://github.com/community-scripts/ProxmoxVE/pull/13591))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - immich: disable upgrade-insecure-requests CSP directive [@MickLesk](https://github.com/MickLesk) ([#13600](https://github.com/community-scripts/ProxmoxVE/pull/13600))
-    - Immich: v2.7.2 [@vhsdream](https://github.com/vhsdream) ([#13579](https://github.com/community-scripts/ProxmoxVE/pull/13579))
-    - Update flaresolverr-install.sh [@maztheman](https://github.com/maztheman) ([#13584](https://github.com/community-scripts/ProxmoxVE/pull/13584))
-
-  - #### ✨ New Features
-
-    - bambuddy: add mkdir before data restore & add ffmpeg dependency [@MickLesk](https://github.com/MickLesk) ([#13601](https://github.com/community-scripts/ProxmoxVE/pull/13601))
-
-  - #### 🔧 Refactor
-
-    - feat: update UHF Server script to use setup_ffmpeg [@zackwithak13](https://github.com/zackwithak13) ([#13564](https://github.com/community-scripts/ProxmoxVE/pull/13564))
-
-### 💾 Core
-
-  - #### ✨ New Features
-
-    - core: add script page badges to descriptions | change donate URL [@MickLesk](https://github.com/MickLesk) ([#13596](https://github.com/community-scripts/ProxmoxVE/pull/13596))
-
-## 2026-04-07
-
-### 🗑️ Deleted Scripts
-
-  - Remove low-install-count CT scripts and installers [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#13570](https://github.com/community-scripts/ProxmoxVE/pull/13570))
-
-### 💾 Core
-
-  - #### ✨ New Features
-
-    - core: improve resilience for top Proxmox error codes (209, 215, 118, 206) [@MickLesk](https://github.com/MickLesk) ([#13575](https://github.com/community-scripts/ProxmoxVE/pull/13575))
-
-## 2026-04-06
-
-### 🆕 New Scripts
-
-  - OpenThread Border Router ([#13536](https://github.com/community-scripts/ProxmoxVE/pull/13536))
- Homelable ([#13539](https://github.com/community-scripts/ProxmoxVE/pull/13539))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Papra: check env before copy [@MickLesk](https://github.com/MickLesk) ([#13553](https://github.com/community-scripts/ProxmoxVE/pull/13553))
-    - changedetection: fix: typing_extensions error [@CrazyWolf13](https://github.com/CrazyWolf13) ([#13548](https://github.com/community-scripts/ProxmoxVE/pull/13548))
-    - kasm: fix: fetch latest version [@CrazyWolf13](https://github.com/CrazyWolf13) ([#13547](https://github.com/community-scripts/ProxmoxVE/pull/13547))
-
-## 2026-04-05
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Grist: remove install:ee step (private repo, not needed for grist-core) [@MickLesk](https://github.com/MickLesk) ([#13526](https://github.com/community-scripts/ProxmoxVE/pull/13526))
-    - Nginx Proxy Manager: ensure /tmp/nginx/body exists via openresty service  [@MickLesk](https://github.com/MickLesk) ([#13528](https://github.com/community-scripts/ProxmoxVE/pull/13528))
-    - MotionEye: run as root to enable SMB share support [@MickLesk](https://github.com/MickLesk) ([#13527](https://github.com/community-scripts/ProxmoxVE/pull/13527))
-
-### 💾 Core
-
-  - #### 🔧 Refactor
-
-    - core: silent() function - use return instead of exit to allow || true error handling [@MickLesk](https://github.com/MickLesk) ([#13529](https://github.com/community-scripts/ProxmoxVE/pull/13529))
-
-## 2026-04-04
-
-### 🧰 Tools
-
-  - #### 🐞 Bug Fixes
-
-    - komodo: set `PERIPHERY_CORE_PUBLIC_KEYS` to default value if absent [@4ndv](https://github.com/4ndv) ([#13519](https://github.com/community-scripts/ProxmoxVE/pull/13519))
-
-## 2026-04-03
-
-### 🆕 New Scripts
-
-  - netboot.xyz ([#13480](https://github.com/community-scripts/ProxmoxVE/pull/13480))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - OpenWRT-VM: use poweroff instead of halt to properly stop VM [@MickLesk](https://github.com/MickLesk) ([#13504](https://github.com/community-scripts/ProxmoxVE/pull/13504))
-    - NginxProxyManager: fix openresty restart by setting user root before reload [@MickLesk](https://github.com/MickLesk) ([#13500](https://github.com/community-scripts/ProxmoxVE/pull/13500))
-
-  - #### ✨ New Features
-
-    - Crafty Controller: add Java 25 for Minecraft 1.26.1+ [@MickLesk](https://github.com/MickLesk) ([#13502](https://github.com/community-scripts/ProxmoxVE/pull/13502))
-    - Wealthfolio: update to v3.2.1 and Node.js 24 [@afadil](https://github.com/afadil) ([#13486](https://github.com/community-scripts/ProxmoxVE/pull/13486))
-
-### 💾 Core
-
-  - #### 🐞 Bug Fixes
-
-    - core.func: prevent profile.d scripts from aborting on non-zero exit [@MickLesk](https://github.com/MickLesk) ([#13503](https://github.com/community-scripts/ProxmoxVE/pull/13503))
-
-  - #### ✨ New Features
-
-    - APT Proxy: Support full URLs (http/https with custom ports) [@MickLesk](https://github.com/MickLesk) ([#13474](https://github.com/community-scripts/ProxmoxVE/pull/13474))
-
-### 🧰 Tools
-
-  - #### 🐞 Bug Fixes
-
-    - PVE LXC-Updater: pipe apt list through cat to prevent pager hang [@MickLesk](https://github.com/MickLesk) ([#13501](https://github.com/community-scripts/ProxmoxVE/pull/13501))
-
-## 2026-04-02
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Grist: Guard backup restore for empty docs/db files [@MickLesk](https://github.com/MickLesk) ([#13472](https://github.com/community-scripts/ProxmoxVE/pull/13472))
-    - fix(zigbee2mqtt): suppress grep error when pnpm-workspace.yaml is absent on update [@Copilot](https://github.com/Copilot) ([#13476](https://github.com/community-scripts/ProxmoxVE/pull/13476))
-
-### 🧰 Tools
-
-  - #### 🐞 Bug Fixes
-
-    - Cron LXC Updater: Add full PATH for cron environment [@MickLesk](https://github.com/MickLesk) ([#13473](https://github.com/community-scripts/ProxmoxVE/pull/13473))
-
-## 2026-04-01
-
-### 🆕 New Scripts
-
-  - DrawDB ([#13454](https://github.com/community-scripts/ProxmoxVE/pull/13454))
-
-### 🧰 Tools
-
-  - #### 🐞 Bug Fixes
-
-    - Filebrowser: make noauth setup use correct database [@MickLesk](https://github.com/MickLesk) ([#13457](https://github.com/community-scripts/ProxmoxVE/pull/13457))
-
-## 2026-03-31
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Graylog: set vm.max_map_count on host for OpenSearch [@MickLesk](https://github.com/MickLesk) ([#13441](https://github.com/community-scripts/ProxmoxVE/pull/13441))
-    - Koillection: ensure newline before appending to .env.local [@MickLesk](https://github.com/MickLesk) ([#13440](https://github.com/community-scripts/ProxmoxVE/pull/13440))
-
-### 💾 Core
-
-  - #### 🔧 Refactor
-
-    - core: skip empty gateway value in network config [@MickLesk](https://github.com/MickLesk) ([#13442](https://github.com/community-scripts/ProxmoxVE/pull/13442))
-
-## 2026-03-30
-
-### 🆕 New Scripts
-
-  - Bambuddy ([#13411](https://github.com/community-scripts/ProxmoxVE/pull/13411))
-
-### 🚀 Updated Scripts
-
-  - #### 💥 Breaking Changes
-
-    - Rename: BirdNET > BirdNET-Go [@MickLesk](https://github.com/MickLesk) ([#13410](https://github.com/community-scripts/ProxmoxVE/pull/13410))
-
-## 2026-03-29
-
-### 🆕 New Scripts
-
-  - YOURLS ([#13379](https://github.com/community-scripts/ProxmoxVE/pull/13379))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - fix(victoriametrics): use jq to filter releases [@Joery-M](https://github.com/Joery-M) ([#13393](https://github.com/community-scripts/ProxmoxVE/pull/13393))
-    - Ollama: add error handling for Intel GPG key imports [@MickLesk](https://github.com/MickLesk) ([#13397](https://github.com/community-scripts/ProxmoxVE/pull/13397))
-    - Immich: ignore Redis connection error on maintenance mode disable [@MickLesk](https://github.com/MickLesk) ([#13398](https://github.com/community-scripts/ProxmoxVE/pull/13398))
-    - NPM: unmask openresty after migration from package [@MickLesk](https://github.com/MickLesk) ([#13399](https://github.com/community-scripts/ProxmoxVE/pull/13399))
-
-## 2026-03-28
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Fix: Update gokapi binary name for v2.2.4+ and add migration step [@krazos](https://github.com/krazos) ([#13377](https://github.com/community-scripts/ProxmoxVE/pull/13377))
-    - Fix: update gokapi asset matching for v2.2.4+ naming convention [@krazos](https://github.com/krazos) ([#13369](https://github.com/community-scripts/ProxmoxVE/pull/13369))
-    - Tandoor Recipes: Add missing env variable [@tremor021](https://github.com/tremor021) ([#13365](https://github.com/community-scripts/ProxmoxVE/pull/13365))
-
-  - #### ✨ New Features
-
-    - FileFlows: add option to install Node [@tremor021](https://github.com/tremor021) ([#13368](https://github.com/community-scripts/ProxmoxVE/pull/13368))
-
-## 2026-03-27
-
-### 🆕 New Scripts
-
-  - Matter-Server ([#13355](https://github.com/community-scripts/ProxmoxVE/pull/13355))
- GeoPulse ([#13320](https://github.com/community-scripts/ProxmoxVE/pull/13320))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - RevealJS: Switch from gulp to vite [@tremor021](https://github.com/tremor021) ([#13336](https://github.com/community-scripts/ProxmoxVE/pull/13336))
-
-  - #### ✨ New Features
-
-    - Dispatcharr add custom Postgres port support for upgrade [@MickLesk](https://github.com/MickLesk) ([#13347](https://github.com/community-scripts/ProxmoxVE/pull/13347))
-    - Immich: bump to v2.6.3 [@MickLesk](https://github.com/MickLesk) ([#13324](https://github.com/community-scripts/ProxmoxVE/pull/13324))
-
-### 🧰 Tools
-
-  - #### ✨ New Features
-
-    - Refactor/Feature-Bump/Security: Update-Cron-LXCs (Now Local Mode!) [@MickLesk](https://github.com/MickLesk) ([#13339](https://github.com/community-scripts/ProxmoxVE/pull/13339))
+    - addons: Filebrowser & Filebrowser-Quantum get warning if host install [@MickLesk](https://github.com/MickLesk) ([#13639](https://github.com/community-scripts/ProxmoxVE/pull/13639))
--- a/ct/alpine-ironclaw.sh
+++ b/ct/alpine-ironclaw.sh
@@ -21,8 +21,6 @@ catch_errors

 function update_script() {
  header_info
-  check_container_storage
-  check_container_resources

  if [[ ! -f /usr/local/bin/ironclaw ]]; then
    msg_error "No ${APP} Installation Found!"
--- a/ct/alpine-ntfy.sh
+++ b/ct/alpine-ntfy.sh
@@ -22,8 +22,6 @@ catch_errors

 function update_script() {
  header_info
-  check_container_storage
-  check_container_resources
  if [[ ! -d /etc/ntfy ]]; then
    msg_error "No ${APP} Installation Found!"
    exit
--- a/ct/alpine-redlib.sh
+++ b/ct/alpine-redlib.sh
@@ -21,7 +21,6 @@ catch_errors

 function update_script() {
  header_info
-  check_container_resources

  if [[ ! -d /opt/redlib ]]; then
    msg_error "No ${APP} Installation Found!"
--- a/ct/alpine-rustypaste.sh
+++ b/ct/alpine-rustypaste.sh
@@ -21,8 +21,6 @@ catch_errors

 function update_script() {
  header_info
-  check_container_storage
-  check_container_resources

  if ! apk info -e rustypaste >/dev/null 2>&1; then
    msg_error "No ${APP} Installation Found!"
--- a/ct/beszel.sh
+++ b/ct/beszel.sh
@@ -36,7 +36,9 @@ function update_script() {
    msg_info "Updating Beszel"
    $STD /opt/beszel/beszel update
    sleep 2 && chmod +x /opt/beszel/beszel
-    msg_ok "Updated Beszel"
+    VERSION=$(/opt/beszel/beszel -v | awk '{print $3}')
+    echo "${VERSION}" >$HOME/.beszel
+    msg_ok "Updated Beszel to ${VERSION}"

    msg_info "Starting Service"
    systemctl start beszel-hub
--- a/ct/checkmk.sh
+++ b/ct/checkmk.sh
@@ -23,26 +23,25 @@ function update_script() {
  header_info
  check_container_storage
  check_container_resources
-  if [[ ! -f /opt/checkmk_version.txt ]]; then
+  if ! command -v omd &>/dev/null; then
    msg_error "No ${APP} Installation Found!"
    exit
  fi

-  RELEASE=$(curl -fsSL https://api.github.com/repos/checkmk/checkmk/tags | grep "name" | awk '{print substr($2, 3, length($2)-4) }' | tr ' ' '\n' | grep -Ev 'rc|b' | sort -V | tail -n 1)
+  RELEASE=$(curl_with_retry "https://api.github.com/repos/checkmk/checkmk/tags" "-" | grep "name" | awk '{print substr($2, 3, length($2)-4) }' | tr ' ' '\n' | grep -Ev 'rc|b' | sort -V | tail -n 1)
  RELEASE="${RELEASE%%+*}"
-  msg_info "Updating ${APP} to v${RELEASE}"
+  msg_info "Updating checkmk"
  $STD omd stop monitoring
  $STD omd cp monitoring monitoringbackup
-  curl -fsSL "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-raw-${RELEASE}_0.$(get_os_info codename)_amd64.deb" -o "/opt/checkmk.deb"
-  $STD apt-get install -y /opt/checkmk.deb
+  curl_with_retry "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-community-${RELEASE}_0.$(get_os_info codename)_amd64.deb" "/opt/checkmk.deb"
+  $STD apt install -y /opt/checkmk.deb
  $STD omd --force -V ${RELEASE}.cre update --conflict=install monitoring
  $STD omd start monitoring
  $STD omd -f rm monitoringbackup
  $STD omd cleanup
  rm -rf /opt/checkmk.deb
-  msg_ok "Updated ${APP}"
+  msg_ok "Updated checkmk"
  msg_ok "Updated successfully!"
-
  exit
 }

--- a/ct/coredns.sh
+++ b/ct/coredns.sh
@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/coredns/coredns
+
+APP="CoreDNS"
+var_tags="${var_tags:-dns;network}"
+var_cpu="${var_cpu:-1}"
+var_ram="${var_ram:-256}"
+var_disk="${var_disk:-1}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -f /usr/local/bin/coredns ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "coredns" "coredns/coredns"; then
+    msg_info "Stopping Service"
+    systemctl stop coredns
+    msg_ok "Stopped Service"
+
+    fetch_and_deploy_gh_release "coredns" "coredns/coredns" "prebuild" "latest" "/usr/local/bin" \
+      "coredns_*_linux_$(dpkg --print-architecture).tgz"
+    chmod +x /usr/local/bin/coredns
+
+    msg_info "Starting Service"
+    systemctl start coredns
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} CoreDNS is listening on port 53 (DNS)${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}dns://${IP}${CL}"
--- a/ct/databasus.sh
+++ b/ct/databasus.sh
@@ -35,7 +35,10 @@ function update_script() {
    msg_ok "Stopped Databasus"

    msg_info "Backing up Configuration"
-    cp /opt/databasus/.env /opt/databasus.env.bak
+    [[ ! -f /.env && -f /opt/databasus/.env ]] && cp /opt/databasus/.env /.env
+    chmod 600 /.env
+    cp /.env /opt/databasus.env.bak
+    chmod 600 /opt/databasus.env.bak
    msg_ok "Backed up Configuration"

    msg_info "Ensuring Database Clients"
@@ -46,7 +49,7 @@ function update_script() {
    # Install MongoDB Database Tools via direct .deb (no APT repo for Debian 13)
    if ! command -v mongodump &>/dev/null; then
      [[ "$(get_os_info id)" == "ubuntu" ]] && MONGO_DIST="ubuntu2204" || MONGO_DIST="debian12"
-      fetch_and_deploy_from_url "https://fastdl.mongodb.org/tools/db/mongodb-database-tools-${MONGO_DIST}-x86_64-100.14.1.deb"
+      fetch_and_deploy_from_url "https://fastdl.mongodb.org/tools/db/mongodb-database-tools-${MONGO_DIST}-x86_64-100.16.1.deb"
    fi
    [[ -f /usr/bin/mongodump ]] && ln -sf /usr/bin/mongodump /usr/local/mongodb-database-tools/bin/mongodump
    [[ -f /usr/bin/mongorestore ]] && ln -sf /usr/bin/mongorestore /usr/local/mongodb-database-tools/bin/mongorestore
@@ -66,9 +69,12 @@ function update_script() {
    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "databasus" "databasus/databasus" "tarball" "latest" "/opt/databasus"

    msg_info "Updating Databasus"
+    export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
    cd /opt/databasus/frontend
-    $STD npm ci
-    $STD npm run build
+    $STD corepack enable
+    $STD corepack prepare pnpm@latest --activate
+    $STD pnpm install --frozen-lockfile
+    $STD pnpm run build
    cd /opt/databasus/backend
    $STD go mod download
    $STD /root/go/bin/swag init -g cmd/main.go -o swagger
@@ -81,11 +87,18 @@ function update_script() {
    msg_ok "Updated Databasus"

    msg_info "Restoring Configuration"
-    cp /opt/databasus.env.bak /opt/databasus/.env
+    cp /opt/databasus.env.bak /.env
    rm -f /opt/databasus.env.bak
-    chown postgres:postgres /opt/databasus/.env
+    chmod 600 /.env
    msg_ok "Restored Configuration"

+    if ! grep -q "EnvironmentFile=/.env" /etc/systemd/system/databasus.service; then
+      msg_info "Updating Service"
+      sed -i 's|EnvironmentFile=.*|EnvironmentFile=/.env|' /etc/systemd/system/databasus.service
+      $STD systemctl daemon-reload
+      msg_ok "Updated Service"
+    fi
+
    msg_info "Starting Databasus"
    $STD systemctl start databasus
    msg_ok "Started Databasus"
--- a/ct/dawarich.sh
+++ b/ct/dawarich.sh
@@ -53,6 +53,18 @@ function update_script() {
    export PATH="/root/.rbenv/shims:/root/.rbenv/bin:$PATH"
    eval "$(/root/.rbenv/bin/rbenv init - bash)"

+    if ! grep -q "OTP_ENCRYPTION_PRIMARY_KEY" /opt/dawarich/.env; then
+      echo "OTP_ENCRYPTION_PRIMARY_KEY=$(openssl rand -hex 64)" >>/opt/dawarich/.env
+    fi
+
+    if ! grep -q "OTP_ENCRYPTION_DETERMINISTIC_KEY" /opt/dawarich/.env; then
+      echo "OTP_ENCRYPTION_DETERMINISTIC_KEY=$(openssl rand -hex 64)" >>/opt/dawarich/.env
+    fi
+
+    if ! grep -q "OTP_ENCRYPTION_KEY_DERIVATION_SALT" /opt/dawarich/.env; then
+      echo "OTP_ENCRYPTION_KEY_DERIVATION_SALT=$(openssl rand -hex 64)" >>/opt/dawarich/.env
+    fi
+
    set -a && source /opt/dawarich/.env && set +a

    $STD bundle config set --local deployment 'true'
@@ -67,8 +79,8 @@ function update_script() {
      $STD npm install
    fi

-    $STD bundle exec rake assets:precompile
    $STD bundle exec rails db:migrate
+    $STD bundle exec rake assets:precompile
    $STD bundle exec rake data:migrate
    msg_ok "Ran Migrations"

--- a/ct/endurain.sh
+++ b/ct/endurain.sh
@@ -3,7 +3,7 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: johanngrobe
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/joaovitoriasilva/endurain
+# Source: https://codeberg.org/endurain-project/endurain

 APP="Endurain"
 var_tags="${var_tags:-sport;social-media}"
@@ -28,7 +28,7 @@ function update_script() {
    msg_error "No ${APP} installation found!"
    exit 233
  fi
-  if check_for_gh_release "endurain" "endurain-project/endurain"; then
+  if check_for_codeberg_release "endurain" "endurain-project/endurain"; then
    msg_info "Stopping Service"
    systemctl stop endurain
    msg_ok "Stopped Service"
@@ -38,7 +38,7 @@ function update_script() {
    cp /opt/endurain/frontend/app/dist/env.js /opt/endurain.env.js
    msg_ok "Created Backup"

-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "endurain" "endurain-project/endurain" "tarball" "latest" "/opt/endurain"
+    CLEAN_INSTALL=1 fetch_and_deploy_codeberg_release "endurain" "endurain-project/endurain" "tarball" "latest" "/opt/endurain"

    msg_info "Preparing Update"
    cd /opt/endurain
--- a/ct/flowiseai.sh
+++ b/ct/flowiseai.sh
@@ -27,9 +27,16 @@ function update_script() {
    msg_error "No ${APP} Installation Found!"
    exit
  fi
+
+  NODE_VERSION="20" NODE_MODULE="pnpm" setup_nodejs
+
  msg_info "Updating FlowiseAI (this may take some time)"
  systemctl stop flowise
-  $STD npm install -g flowise --upgrade
+  $STD pnpm add -g flowise
+  if grep -q 'ExecStart=npx flowise start' /etc/systemd/system/flowise.service; then
+    sed -i 's|ExecStart=npx flowise start|ExecStart=flowise start|' /etc/systemd/system/flowise.service
+    systemctl daemon-reload
+  fi
  systemctl start flowise
  msg_ok "Updated FlowiseAI"
  msg_ok "Updated successfully!"
--- a/ct/graylog.sh
+++ b/ct/graylog.sh
@@ -37,7 +37,7 @@ function update_script() {
  CURRENT_VERSION=$(apt list --installed 2>/dev/null | grep graylog-server | grep -oP '\d+\.\d+\.\d+')

  if dpkg --compare-versions "$CURRENT_VERSION" lt "6.3"; then
-    MONGO_VERSION="8.0" setup_mongodb
+    MONGO_VERSION="8.2" setup_mongodb

    msg_info "Updating Graylog"
    $STD apt update
--- a/ct/headers/coredns
+++ b/ct/headers/coredns
@@ -0,0 +1,6 @@
+   ______                ____  _   _______
+  / ____/___  ________  / __ \/ | / / ___/
+ / /   / __ \/ ___/ _ \/ / / /  |/ /\__ \ 
+/ /___/ /_/ / /  /  __/ /_/ / /|  /___/ / 
+\____/\____/_/   \___/_____/_/ |_//____/  
+                                          
--- a/ct/headers/hoodik
+++ b/ct/headers/hoodik
@@ -0,0 +1,6 @@
+    __  __                ___ __  
+   / / / /___  ____  ____/ (_) /__
+  / /_/ / __ \/ __ \/ __  / / //_/
+ / __  / /_/ / /_/ / /_/ / / ,<   
+/_/ /_/\____/\____/\__,_/_/_/|_|  
+                                  
--- a/ct/headers/librechat
+++ b/ct/headers/librechat
@@ -0,0 +1,6 @@
+    __    _ __              ________          __ 
+   / /   (_) /_  ________  / ____/ /_  ____ _/ /_
+  / /   / / __ \/ ___/ _ \/ /   / __ \/ __ `/ __/
+ / /___/ / /_/ / /  /  __/ /___/ / / / /_/ / /_  
+/_____/_/_.___/_/   \___/\____/_/ /_/\__,_/\__/  
+                                                 
--- a/ct/headers/litellm
+++ b/ct/headers/litellm
@@ -1,6 +0,0 @@
-    __    _ __       __    __    __  ___
-   / /   (_) /____  / /   / /   /  |/  /
-  / /   / / __/ _ \/ /   / /   / /|_/ / 
- / /___/ / /_/  __/ /___/ /___/ /  / /  
-/_____/_/\__/\___/_____/_____/_/  /_/   
-                                        
--- a/ct/headers/matomo
+++ b/ct/headers/matomo
@@ -0,0 +1,6 @@
+    __  ___      __                      
+   /  |/  /___ _/ /_____  ____ ___  ____ 
+  / /|_/ / __ `/ __/ __ \/ __ `__ \/ __ \
+ / /  / / /_/ / /_/ /_/ / / / / / / /_/ /
+/_/  /_/\__,_/\__/\____/_/ /_/ /_/\____/ 
+                                         
--- a/ct/headers/nagios
+++ b/ct/headers/nagios
@@ -0,0 +1,6 @@
+    _   __            _           
+   / | / /___ _____ _(_)___  _____
+  /  |/ / __ `/ __ `/ / __ \/ ___/
+ / /|  / /_/ / /_/ / / /_/ (__  ) 
+/_/ |_/\__,_/\__, /_/\____/____/  
+            /____/                
--- a/ct/headers/neko
+++ b/ct/headers/neko
@@ -0,0 +1,6 @@
+    _   __     __       
+   / | / /__  / /______ 
+  /  |/ / _ \/ //_/ __ \
+ / /|  /  __/ ,< / /_/ /
+/_/ |_/\___/_/|_|\____/ 
+                        
--- a/ct/headers/protonmail-bridge
+++ b/ct/headers/protonmail-bridge
@@ -0,0 +1,6 @@
+    ____             __              __  ___      _ __      ____       _     __         
+   / __ \_________  / /_____  ____  /  |/  /___ _(_) /     / __ )_____(_)___/ /___ ____ 
+  / /_/ / ___/ __ \/ __/ __ \/ __ \/ /|_/ / __ `/ / /_____/ __  / ___/ / __  / __ `/ _ \
+ / ____/ /  / /_/ / /_/ /_/ / / / / /  / / /_/ / / /_____/ /_/ / /  / / /_/ / /_/ /  __/
+/_/   /_/   \____/\__/\____/_/ /_/_/  /_/\__,_/_/_/     /_____/_/  /_/\__,_/\__, /\___/ 
+                                                                           /____/       
--- a/ct/headers/shlink
+++ b/ct/headers/shlink
@@ -0,0 +1,6 @@
+   _____ __    ___       __  
+  / ___// /_  / (_)___  / /__
+  \__ \/ __ \/ / / __ \/ //_/
+ ___/ / / / / / / / / / ,<   
+/____/_/ /_/_/_/_/ /_/_/|_|  
+                             
--- a/ct/headers/solidtime
+++ b/ct/headers/solidtime
@@ -0,0 +1,6 @@
+   _____       ___     _________              
+  / ___/____  / (_)___/ /_  __(_)___ ___  ___ 
+  \__ \/ __ \/ / / __  / / / / / __ `__ \/ _ \
+ ___/ / /_/ / / / /_/ / / / / / / / / / /  __/
+/____/\____/_/_/\__,_/ /_/ /_/_/ /_/ /_/\___/ 
+                                              
--- a/ct/headers/soulsync
+++ b/ct/headers/soulsync
@@ -0,0 +1,6 @@
+   _____             _______                 
+  / ___/____  __  __/ / ___/__  ______  _____
+  \__ \/ __ \/ / / / /\__ \/ / / / __ \/ ___/
+ ___/ / /_/ / /_/ / /___/ / /_/ / / / / /__  
+/____/\____/\__,_/_//____/\__, /_/ /_/\___/  
+                         /____/              
--- a/ct/headers/storybook
+++ b/ct/headers/storybook
@@ -0,0 +1,6 @@
+   _____ __                   __                __  
+  / ___// /_____  _______  __/ /_  ____  ____  / /__
+  \__ \/ __/ __ \/ ___/ / / / __ \/ __ \/ __ \/ //_/
+ ___/ / /_/ /_/ / /  / /_/ / /_/ / /_/ / /_/ / ,<   
+/____/\__/\____/_/   \__, /_.___/\____/\____/_/|_|  
+                    /____/                          
--- a/ct/headers/storyteller
+++ b/ct/headers/storyteller
@@ -0,0 +1,6 @@
+   _____ __                   __       ____         
+  / ___// /_____  _______  __/ /____  / / /__  _____
+  \__ \/ __/ __ \/ ___/ / / / __/ _ \/ / / _ \/ ___/
+ ___/ / /_/ /_/ / /  / /_/ / /_/  __/ / /  __/ /    
+/____/\__/\____/_/   \__, /\__/\___/_/_/\___/_/     
+                    /____/                          
--- a/ct/headers/teable
+++ b/ct/headers/teable
@@ -0,0 +1,6 @@
+  ______           __    __   
+ /_  __/__  ____ _/ /_  / /__ 
+  / / / _ \/ __ `/ __ \/ / _ \
+ / / /  __/ /_/ / /_/ / /  __/
+/_/  \___/\__,_/_.___/_/\___/ 
+                              
--- a/ct/headers/tubearchivist
+++ b/ct/headers/tubearchivist
@@ -0,0 +1,6 @@
+  ______      __            ___              __    _       _      __ 
+ /_  __/_  __/ /_  ___     /   |  __________/ /_  (_)   __(_)____/ /_
+  / / / / / / __ \/ _ \   / /| | / ___/ ___/ __ \/ / | / / / ___/ __/
+ / / / /_/ / /_/ /  __/  / ___ |/ /  / /__/ / / / /| |/ / (__  ) /_  
+/_/  \__,_/_.___/\___/  /_/  |_/_/   \___/_/ /_/_/ |___/_/____/\__/  
+                                                                     
--- a/ct/homepage.sh
+++ b/ct/homepage.sh
@@ -54,6 +54,7 @@ function update_script() {
    msg_info "Updating Homepage (Patience)"
    RELEASE=$(get_latest_github_release "gethomepage/homepage")
    cd /opt/homepage
+    echo 'onlyBuiltDependencies=*' >> .npmrc
    $STD pnpm install
    $STD pnpm update --no-save caniuse-lite
    export NEXT_PUBLIC_VERSION="v$RELEASE"
--- a/ct/hoodik.sh
+++ b/ct/hoodik.sh
@@ -0,0 +1,64 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/hudikhq/hoodik
+
+APP="Hoodik"
+var_tags="${var_tags:-cloud;storage}"
+var_cpu="${var_cpu:-1}"
+var_ram="${var_ram:-1024}"
+var_disk="${var_disk:-5}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -f /opt/hoodik/hoodik ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "hoodik" "hudikhq/hoodik"; then
+    msg_info "Stopping Service"
+    systemctl stop hoodik
+    msg_ok "Stopped Service"
+
+    msg_info "Backing up Configuration"
+    cp /opt/hoodik/.env /opt/hoodik.env.bak
+    msg_ok "Backed up Configuration"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "hoodik" "hudikhq/hoodik" "prebuild" "latest" "/opt/hoodik" "*x86_64.tar.gz"
+
+    msg_info "Restoring Configuration"
+    cp /opt/hoodik.env.bak /opt/hoodik/.env
+    rm -f /opt/hoodik.env.bak
+    msg_ok "Restored Configuration"
+
+    msg_info "Starting Service"
+    systemctl start hoodik
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:5443/auth/register${CL}"
--- a/ct/hortusfox.sh
+++ b/ct/hortusfox.sh
@@ -38,13 +38,15 @@ function update_script() {
    mv /opt/hortusfox/ /opt/hortusfox-backup
    msg_ok "Backed up current HortusFox installation"

-    fetch_and_deploy_gh_release "hortusfox" "danielbrendel/hortusfox-web" "tarball"
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "hortusfox" "danielbrendel/hortusfox-web" "tarball"

    msg_info "Updating HortusFox"
    cd /opt/hortusfox
-    mv /opt/hortusfox-backup/.env /opt/hortusfox/.env
+    cp /opt/hortusfox-backup/.env /opt/hortusfox/.env
+    cp -a /opt/hortusfox-backup/public/img/. /opt/hortusfox/public/img/
+    export COMPOSER_ALLOW_SUPERUSER=1
    $STD composer install --no-dev --optimize-autoloader
-    $STD php asatru migrate --no-interaction
+    $STD php asatru migrate:upgrade
    $STD php asatru plants:attributes
    $STD php asatru calendar:classes
    chown -R www-data:www-data /opt/hortusfox
--- a/ct/karakeep.sh
+++ b/ct/karakeep.sh
@@ -59,6 +59,7 @@ function update_script() {
    if command -v corepack >/dev/null; then
      $STD corepack disable
    fi
+    sed -i "s/^SERVER_VERSION=.*$/SERVER_VERSION=${CHECK_UPDATE_RELEASE#v}/" /etc/karakeep/karakeep.env
    MODULE_VERSION="$(jq -r '.packageManager | split("@")[1]' /opt/karakeep/package.json)"
    NODE_VERSION="24" NODE_MODULE="pnpm@${MODULE_VERSION}" setup_nodejs
    setup_meilisearch
@@ -83,7 +84,6 @@ function update_script() {
    cd /opt/karakeep/packages/db 
    $STD pnpm migrate
    $STD pnpm store prune
-    sed -i "s/^SERVER_VERSION=.*$/SERVER_VERSION=${CHECK_UPDATE_RELEASE#v}/" /etc/karakeep/karakeep.env
    msg_ok "Updated Karakeep"

    msg_info "Starting Services"
--- a/ct/librechat.sh
+++ b/ct/librechat.sh
@@ -0,0 +1,101 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/danny-avila/LibreChat
+
+APP="LibreChat"
+var_tags="${var_tags:-ai;chat}"
+var_cpu="${var_cpu:-4}"
+var_ram="${var_ram:-6144}"
+var_disk="${var_disk:-20}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -d /opt/librechat ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_tag "librechat" "danny-avila/LibreChat" "v"; then
+    msg_info "Stopping Services"
+    systemctl stop librechat rag-api
+    msg_ok "Stopped Services"
+
+    msg_info "Backing up Configuration"
+    cp /opt/librechat/.env /opt/librechat.env.bak
+    msg_ok "Backed up Configuration"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_tag "librechat" "danny-avila/LibreChat"
+
+    msg_info "Installing Dependencies"
+    cd /opt/librechat
+    $STD npm ci
+    msg_ok "Installed Dependencies"
+
+    msg_info "Building Frontend"
+    $STD npm run frontend
+    $STD npm prune --production
+    $STD npm cache clean --force
+    msg_ok "Built Frontend"
+
+    msg_info "Restoring Configuration"
+    cp /opt/librechat.env.bak /opt/librechat/.env
+    rm -f /opt/librechat.env.bak
+    msg_ok "Restored Configuration"
+
+    msg_info "Starting Services"
+    systemctl start rag-api librechat
+    msg_ok "Started Services"
+    msg_ok "Updated LibreChat Successfully!"
+  fi
+
+  if check_for_gh_release "rag-api" "danny-avila/rag_api"; then
+    msg_info "Stopping RAG API"
+    systemctl stop rag-api
+    msg_ok "Stopped RAG API"
+
+    msg_info "Backing up RAG API Configuration"
+    cp /opt/rag-api/.env /opt/rag-api.env.bak
+    msg_ok "Backed up RAG API Configuration"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "rag-api" "danny-avila/rag_api" "tarball"
+
+    msg_info "Updating RAG API Dependencies"
+    cd /opt/rag-api
+    $STD .venv/bin/pip install -r requirements.lite.txt
+    msg_ok "Updated RAG API Dependencies"
+
+    msg_info "Restoring RAG API Configuration"
+    cp /opt/rag-api.env.bak /opt/rag-api/.env
+    rm -f /opt/rag-api.env.bak
+    msg_ok "Restored RAG API Configuration"
+
+    msg_info "Starting RAG API"
+    systemctl start rag-api
+    msg_ok "Started RAG API"
+    msg_ok "Updated RAG API Successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3080${CL}"
--- a/ct/litellm.sh
+++ b/ct/litellm.sh
@@ -1,67 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: stout01
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/BerriAI/litellm
-
-APP="LiteLLM"
-var_tags="${var_tags:-ai;interface}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-2048}"
-var_disk="${var_disk:-4}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -f /etc/systemd/system/litellm.service ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  msg_info "Stopping Service"
-  systemctl stop litellm
-  msg_ok "Stopped Service"
-
-  VENV_PATH="/opt/litellm/.venv"
-  PYTHON_VERSION="3.13" USE_UVX="YES" setup_uv
-
-  msg_info "Updating LiteLLM"
-  $STD "$VENV_PATH/bin/python" -m pip install --upgrade litellm[proxy] prisma
-  $STD "$VENV_PATH/bin/prisma" generate
-  msg_ok "LiteLLM updated"
-
-  msg_info "Updating DB Schema"
-  $STD /opt/litellm/.venv/bin/litellm --config /opt/litellm/litellm.yaml --use_prisma_db_push --skip_server_startup
-  msg_ok "DB Schema Updated"
-
-  msg_info "Updating Service"
-  sed -i 's|ExecStart=uv --directory=/opt/litellm run litellm|ExecStart=/opt/litellm/.venv/bin/litellm|' /etc/systemd/system/litellm.service
-  systemctl daemon-reload
-  msg_ok "Updated Service"
-
-  msg_info "Starting Service"
-  systemctl start litellm
-  msg_ok "Started Service"
-  msg_ok "Updated successfully!"
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:4000${CL}"
--- a/ct/mail-archiver.sh
+++ b/ct/mail-archiver.sh
@@ -28,6 +28,8 @@ function update_script() {
    exit
  fi

+  ensure_dependencies libgssapi-krb5-2
+
  if check_for_gh_release "mail-archiver" "s1t5/mail-archiver"; then
    msg_info "Stopping Mail-Archiver"
    systemctl stop mail-archiver
--- a/ct/matomo.sh
+++ b/ct/matomo.sh
@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://matomo.org/
+
+APP="Matomo"
+var_tags="${var_tags:-analytics;tracking;privacy}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-2048}"
+var_disk="${var_disk:-16}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -d /opt/matomo ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "matomo" "matomo-org/matomo"; then
+    msg_info "Stopping Services"
+    systemctl stop caddy
+    msg_ok "Stopped Services"
+
+    msg_info "Backing up Data"
+    [[ -f /opt/matomo/config/config.ini.php ]] && cp /opt/matomo/config/config.ini.php /opt/matomo_config.bak
+    [[ -d /opt/matomo/misc/user ]] && cp -r /opt/matomo/misc/user /opt/matomo_user_backup
+    [[ -f /root/matomo.creds ]] && cp /root/matomo.creds /opt/matomo_db_creds.bak
+    msg_ok "Backed up Data"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "matomo" "matomo-org/matomo" "prebuild" "latest" "/opt/matomo" "matomo-*.zip"
+
+    msg_info "Restoring Data"
+    if [[ -f /opt/matomo_config.bak ]]; then
+      mkdir -p /opt/matomo/config
+      cp /opt/matomo_config.bak /opt/matomo/config/config.ini.php
+    fi
+    if [[ -d /opt/matomo_user_backup ]]; then
+      mkdir -p /opt/matomo/misc/user
+      cp -r /opt/matomo_user_backup/. /opt/matomo/misc/user
+    fi
+    [[ -f /opt/matomo_db_creds.bak ]] && cp /opt/matomo_db_creds.bak /root/matomo.creds
+    rm -f /opt/matomo_config.bak /opt/matomo_db_creds.bak
+    rm -rf /opt/matomo_user_backup
+    chown -R www-data:www-data /opt/matomo
+    msg_ok "Restored Data"
+
+    msg_info "Starting Services"
+    systemctl start caddy
+    msg_ok "Started Services"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}${CL}"
--- a/ct/mealie.sh
+++ b/ct/mealie.sh
@@ -81,11 +81,7 @@ STARTEOF
    cp -r /opt/mealie/frontend/dist/* /opt/mealie/mealie/frontend/
    msg_ok "Copied Frontend"

-    msg_info "Updating NLTK Data"
-    mkdir -p /nltk_data/
-    cd /opt/mealie
-    $STD uv run python -m nltk.downloader -d /nltk_data averaged_perceptron_tagger_eng
-    msg_ok "Updated NLTK Data"
+    setup_nltk "averaged_perceptron_tagger_eng" "/nltk_data"

    msg_info "Starting Service"
    systemctl start mealie
--- a/ct/nagios.sh
+++ b/ct/nagios.sh
@@ -0,0 +1,91 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: CanbiZ (MickLesk)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/NagiosEnterprises/nagioscore
+
+APP="Nagios"
+var_tags="${var_tags:-monitoring;alerts;infrastructure}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-2048}"
+var_disk="${var_disk:-20}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -f /usr/local/nagios/etc/nagios.cfg ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  msg_info "Backing up Configuration"
+  cp -a /usr/local/nagios/etc /opt/nagios-etc-backup
+  msg_ok "Backed up Configuration"
+
+  if check_for_gh_release "nagios" "NagiosEnterprises/nagioscore"; then
+    msg_info "Stopping Nagios"
+    systemctl stop nagios
+    msg_ok "Stopped Nagios"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "nagios" "NagiosEnterprises/nagioscore" "tarball"
+
+    msg_info "Building Nagios Core"
+    cd /opt/nagios
+    $STD ./configure --with-httpd-conf=/etc/apache2/sites-enabled
+    $STD make all
+    $STD make install-groups-users
+    usermod -a -G nagios www-data
+    $STD make install
+    $STD make install-daemoninit
+    $STD make install-commandmode
+    $STD make install-webconf
+    $STD a2enmod rewrite
+    $STD a2enmod cgi
+    setcap cap_net_raw+p /bin/ping
+    msg_ok "Built Nagios Core"
+
+    msg_info "Starting Nagios"
+    systemctl restart apache2
+    systemctl start nagios
+    msg_ok "Started Nagios"
+  fi
+
+  if check_for_gh_release "nagios-plugins" "nagios-plugins/nagios-plugins"; then
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "nagios-plugins" "nagios-plugins/nagios-plugins" "tarball"
+    msg_info "Building Nagios Plugins"
+    cd /opt/nagios-plugins
+    $STD ./tools/setup
+    $STD ./configure
+    $STD make
+    $STD make install
+    msg_ok "Built Nagios Plugins"
+  fi
+
+  msg_info "Restoring Configuration"
+  rm -rf /usr/local/nagios/etc
+  cp -a /opt/nagios-etc-backup /usr/local/nagios/etc
+  rm -rf /opt/nagios-etc-backup
+  msg_ok "Restored Configuration"
+  msg_ok "Updated successfully!"
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}/nagios${CL}"
--- a/ct/neko.sh
+++ b/ct/neko.sh
@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: CanbiZ (MickLesk)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://neko.m1k1o.net/
+
+APP="Neko"
+var_tags="${var_tags:-virtual-browser;webrtc;streaming}"
+var_cpu="${var_cpu:-4}"
+var_ram="${var_ram:-4096}"
+var_disk="${var_disk:-12}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-12}"
+var_unprivileged="${var_unprivileged:-1}"
+var_gpu="${var_gpu:-yes}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -d /opt/neko ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "neko" "m1k1o/neko"; then
+    msg_info "Stopping Service"
+    systemctl stop neko
+    msg_ok "Stopped Service"
+
+    msg_info "Backing up Data"
+    cp /etc/neko/neko.yaml /opt/neko.yaml.bak
+    msg_ok "Backed up Data"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "neko" "m1k1o/neko" "tarball"
+
+    msg_info "Building Client"
+    cd /opt/neko/client
+    $STD npm install
+    $STD npm run build
+    cp -r /opt/neko/client/dist/* /var/www/
+    msg_ok "Built Client"
+
+    msg_info "Building Server"
+    cd /opt/neko/server
+    $STD ./build
+    cp /opt/neko/server/bin/neko /usr/bin/neko
+    cp -r /opt/neko/server/bin/plugins/* /etc/neko/plugins/ 2>/dev/null || true
+    msg_ok "Built Server"
+
+    msg_info "Restoring Data"
+    cp /opt/neko.yaml.bak /etc/neko/neko.yaml
+    rm -f /opt/neko.yaml.bak
+    msg_ok "Restored Data"
+
+    msg_info "Starting Service"
+    systemctl start neko
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080${CL}"
--- a/ct/netbird.sh
+++ b/ct/netbird.sh
@@ -25,7 +25,7 @@ function update_script() {
  check_container_storage
  check_container_resources

-  if [[ ! -f /etc/netbird/config.json ]]; then
+  if [[ ! -d /var/lib/netbird/ ]]; then
    msg_error "No ${APP} Installation Found!"
    exit
  fi
--- a/ct/nginxproxymanager.sh
+++ b/ct/nginxproxymanager.sh
@@ -28,7 +28,6 @@ function update_script() {
    exit
  fi

-
  if command -v node &>/dev/null; then
    CURRENT_NODE_VERSION=$(node --version | cut -d'v' -f2 | cut -d'.' -f1)
    if [[ "$CURRENT_NODE_VERSION" != "22" ]]; then
@@ -48,7 +47,7 @@ function update_script() {
    msg_info "Migrating from packaged OpenResty to source"
    rm -f /etc/apt/trusted.gpg.d/openresty-archive-keyring.gpg /etc/apt/trusted.gpg.d/openresty.gpg
    rm -f /etc/apt/sources.list.d/openresty.list /etc/apt/sources.list.d/openresty.sources
-    $STD apt remove -y openresty
+    $STD apt purge -y openresty
    $STD apt autoremove -y
    rm -f ~/.openresty
    msg_ok "Migrated from packaged OpenResty to source"
--- a/ct/pangolin.sh
+++ b/ct/pangolin.sh
@@ -6,6 +6,7 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV
 # Source: https://pangolin.net/ | Github: https://github.com/fosrl/pangolin

 APP="Pangolin"
+PANGOLIN_VERSION="${PANGOLIN_VERSION:-1.18.3}"
 var_tags="${var_tags:-proxy}"
 var_cpu="${var_cpu:-2}"
 var_ram="${var_ram:-4096}"
@@ -33,7 +34,7 @@ function update_script() {

  NODE_VERSION="24" setup_nodejs

-  if check_for_gh_release "pangolin" "fosrl/pangolin"; then
+  if check_for_gh_release "pangolin" "fosrl/pangolin" "$PANGOLIN_VERSION" "Pinned to a tested release because Pangolin's schema changes have repeatedly broken unattended updates. To try a newer version at your own risk, run: 'export PANGOLIN_VERSION=<tag>' and re-run update. If it breaks, please open an issue at https://github.com/community-scripts/ProxmoxVE/issues with the error log."; then
    msg_info "Stopping Service"
    systemctl stop pangolin
    systemctl stop gerbil
@@ -41,9 +42,13 @@ function update_script() {

    msg_info "Creating backup"
    tar -czf /opt/pangolin_config_backup.tar.gz -C /opt/pangolin config
+    if [[ -f /opt/pangolin/config/db/db.sqlite ]]; then
+      cp -a /opt/pangolin/config/db/db.sqlite \
+        "/opt/pangolin/config/db/db.sqlite.pre-${PANGOLIN_VERSION}-$(date +%Y%m%d-%H%M%S).bak"
+    fi
    msg_ok "Created backup"

-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "pangolin" "fosrl/pangolin" "tarball"
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "pangolin" "fosrl/pangolin" "tarball" "$PANGOLIN_VERSION"
    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "gerbil" "fosrl/gerbil" "singlefile" "latest" "/usr/bin" "gerbil_linux_amd64"

    msg_info "Updating Pangolin"
@@ -67,35 +72,16 @@ function update_script() {
    rm -f /opt/pangolin_config_backup.tar.gz
    msg_ok "Restored config"

-    msg_info "Running database migrations"
-    cd /opt/pangolin
-
-    # Pre-apply potentially destructive schema changes safely so drizzle-kit
-    # does not recreate tables (which would delete all rows).
-    local DB="/opt/pangolin/config/db/db.sqlite"
-    if [[ -f "$DB" ]]; then
-      sqlite3 "$DB" "ALTER TABLE 'orgs' ADD COLUMN 'settingsLogRetentionDaysConnection' integer DEFAULT 0 NOT NULL;" 2>/dev/null || true
-      sqlite3 "$DB" "ALTER TABLE 'clientSitesAssociationsCache' ADD COLUMN 'isJitMode' integer DEFAULT 0 NOT NULL;" 2>/dev/null || true
-
-      # Create new role-mapping tables and migrate data before drizzle-kit
-      # drops the roleId columns from userOrgs and userInvites.
-      sqlite3 "$DB" "CREATE TABLE IF NOT EXISTS 'userOrgRoles' (
-        'userId' text NOT NULL REFERENCES 'user'('id') ON DELETE CASCADE,
-        'orgId' text NOT NULL REFERENCES 'orgs'('orgId') ON DELETE CASCADE,
-        'roleId' integer NOT NULL REFERENCES 'roles'('roleId') ON DELETE CASCADE,
-        UNIQUE('userId', 'orgId', 'roleId')
-      );" 2>/dev/null || true
-      sqlite3 "$DB" "INSERT OR IGNORE INTO 'userOrgRoles' (userId, orgId, roleId) SELECT userId, orgId, roleId FROM 'userOrgs' WHERE roleId IS NOT NULL;" 2>/dev/null || true
-
-      sqlite3 "$DB" "CREATE TABLE IF NOT EXISTS 'userInviteRoles' (
-        'inviteId' text NOT NULL REFERENCES 'userInvites'('inviteId') ON DELETE CASCADE,
-        'roleId' integer NOT NULL REFERENCES 'roles'('roleId') ON DELETE CASCADE,
-        PRIMARY KEY('inviteId', 'roleId')
-      );" 2>/dev/null || true
-      sqlite3 "$DB" "INSERT OR IGNORE INTO 'userInviteRoles' (inviteId, roleId) SELECT inviteId, roleId FROM 'userInvites' WHERE roleId IS NOT NULL;" 2>/dev/null || true
+    if ! grep -q '^ExecStartPre=/usr/bin/node dist/migrations.mjs' /etc/systemd/system/pangolin.service 2>/dev/null; then
+      msg_info "Adding migration step to pangolin.service"
+      sed -i '/^ExecStart=\/usr\/bin\/node --enable-source-maps dist\/server.mjs/i ExecStartPre=/usr/bin/node dist/migrations.mjs' /etc/systemd/system/pangolin.service
+      systemctl daemon-reload
+      msg_ok "Updated pangolin.service"
    fi

-    ENVIRONMENT=prod $STD npx drizzle-kit push --force --config drizzle.sqlite.config.ts
+    msg_info "Running database migrations"
+    cd /opt/pangolin
+    ENVIRONMENT=prod $STD node dist/migrations.mjs
    msg_ok "Ran database migrations"

    msg_info "Updating Badger plugin version"
--- a/ct/paperless-ngx.sh
+++ b/ct/paperless-ngx.sh
@@ -164,6 +164,8 @@ function update_script() {
      fi
    fi

+    setup_nltk "snowball_data stopwords punkt_tab" "/usr/share/nltk_data"
+
    msg_info "Starting all Paperless-ngx Services"
    systemctl start paperless-consumer paperless-webserver paperless-scheduler paperless-task-queue
    sleep 1
--- a/ct/patchmon.sh
+++ b/ct/patchmon.sh
@@ -3,7 +3,7 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: vhsdream
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/PatcMmon/PatchMon
+# Source: https://github.com/PatchMon/PatchMon

 APP="PatchMon"
 var_tags="${var_tags:-monitoring}"
@@ -29,63 +29,75 @@ function update_script() {
    exit
  fi

-  if ! grep -q "PORT=3001" /opt/patchmon/backend/.env; then
-    msg_warn "⚠️ The next PatchMon update will include breaking changes (port changes)."
-    msg_warn "See details here: https://github.com/community-scripts/ProxmoxVE/pull/11888"
-    msg_warn "Press Enter to continue with the update, or Ctrl+C to abort..."
-    read -r
-  fi
-
-  RELEASE="v1.4.2"
-  NODE_VERSION="24" setup_nodejs
-  if check_for_gh_release "PatchMon" "PatchMon/PatchMon" "${RELEASE}"; then
+  if check_for_gh_release "PatchMon" "PatchMon/PatchMon"; then
    msg_info "Stopping Service"
    systemctl stop patchmon-server
    msg_ok "Stopped Service"

-    msg_info "Creating Backup"
-    cp /opt/patchmon/backend/.env /opt/backend.env
-    cp /opt/patchmon/frontend/.env /opt/frontend.env
-    msg_ok "Backup Created"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "PatchMon" "PatchMon/PatchMon" "tarball" "${RELEASE}" "/opt/patchmon"
-
-    msg_info "Updating PatchMon"
-    VERSION=$(get_latest_github_release "PatchMon/PatchMon")
-    SERVER_PORT="$(sed -n '/SERVER_PORT/s/[^=]*=//p' /opt/backend.env)"
-    sed -i 's/PORT=3399/PORT=3001/' /opt/backend.env
-    sed -i -e "s/VERSION=.*/VERSION=$VERSION/" \
-      -e '/^VITE_API_URL/d' /opt/frontend.env
-    export NODE_ENV=production
-    cd /opt/patchmon
-    $STD npm install --no-audit --no-fund --no-save --ignore-scripts
-    cd /opt/patchmon/frontend
-    mv /opt/frontend.env /opt/patchmon/frontend/.env
-    $STD npm install --no-audit --no-fund --no-save --ignore-scripts --include=dev
-    $STD npm run build
-    cd /opt/patchmon/backend
-    mv /opt/backend.env /opt/patchmon/backend/.env
-    $STD npm run db:generate
-    $STD npx prisma migrate deploy
-    cp /opt/patchmon/docker/nginx.conf.template /etc/nginx/sites-available/patchmon.conf
-    sed -i -e 's|proxy_pass .*|proxy_pass http://127.0.0.1:3001;|' \
-      -e '\|try_files |i\        root /opt/patchmon/frontend/dist;' \
-      -e 's|alias.*|alias /opt/patchmon/frontend/dist/assets;|' \
-      -e '\|expires 1y|i\        root /opt/patchmon/frontend/dist;' /etc/nginx/sites-available/patchmon.conf
-    if [[ -n "$SERVER_PORT" ]] && [[ "$SERVER_PORT" != "443" ]]; then
-      sed -i "s/listen [[:digit:]].*/listen ${SERVER_PORT};/" /etc/nginx/sites-available/patchmon.conf
+    if [[ -d /opt/patchmon/backend ]]; then
+      msg_info "Legacy install detected - creating full backup, please wait..."
+      $STD tar czf ~/patchmon_legacy.tar.gz /opt/patchmon
+      cp /opt/patchmon/backend/.env /opt/legacy.env
+      msg_ok "Full backup saved in /root"
+      msg_info "Starting migration to PatchMon v2.x.x"
+      systemctl disable -q --now nginx
+      $STD npm cache clean --force
+      $STD apt autoremove --purge -y {nginx,nodejs}
+      if [[ -f /etc/apt/sources.list.d/nodesource.sources ]]; then
+        cp /etc/apt/sources.list.d/nodesource.sources /etc/apt/sources.list.d/nodesource.sources.bak
+        rm -f /etc/apt/sources.list.d/nodesource.sources
+      elif [[ -f /etc/apt/sources.list.d/nodesource.list ]]; then
+        cp /etc/apt/sources.list.d/nodesource.list /etc/apt/sources.list.d/nodesource.list.bak
+        rm -f /etc/apt/sources.list.d/nodesource.list
+      fi
+      rm -rf /opt/patchmon
+      mkdir -p /opt/patchmon/agents
+      cp /opt/legacy.env /opt/patchmon/.env
+      sed -i -e 's/^PORT=.*/PORT=3000/' \
+        -e 's/^NODE_/APP_/' \
+        -e '/^SERVER_*/d' \
+        -e '/^# API*/,+2d' /opt/patchmon/.env
+      {
+        echo ""
+        echo "SESSION_SECRET=$(openssl rand -hex 64)"
+        echo "AI_ENCRYPTION_KEY=$(openssl rand -hex 64)"
+        echo "AGENT_BINARIES_DIR=/opt/patchmon/agents"
+      } >>/opt/patchmon/.env
+      sed -i -e '\|Directory|s|/backend||' \
+        -e 's|^ExecStart=.*|ExecStart=/opt/patchmon/patchmon-server|' \
+        -e 's|^Environment=NODE_.*|EnvironmentFile=/opt/patchmon/.env|' \
+        /etc/systemd/system/patchmon-server.service
+      systemctl daemon-reload
+      rm /opt/legacy.env
+      msg_ok "Migration complete!"
    fi
-    ln -sf /etc/nginx/sites-available/patchmon.conf /etc/nginx/sites-enabled/
-    rm -f /etc/nginx/sites-enabled/default
-    $STD nginx -t
-    systemctl restart nginx
-    msg_ok "Updated PatchMon"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "PatchMon" "PatchMon/PatchMon" "singlefile" "latest" "/opt/patchmon" "patchmon-server-linux-amd64"
+    mv /opt/patchmon/PatchMon /opt/patchmon/patchmon-server
+
+    msg_info "Fetching PatchMon agent binaries"
+    RELEASE=$(get_latest_github_release "PatchMon/PatchMon")
+    [[ ! -d /opt/patchmon/agents ]] && mkdir -p /opt/patchmon/agents
+    FILE_URL="https://github.com/PatchMon/PatchMon/releases/download/v${RELEASE}/patchmon-agent-"
+    AGENT_NAME=(
+      "linux-amd64"
+      "linux-arm64"
+      "linux-arm"
+      "linux-386"
+      "freebsd-amd64"
+      "freebsd-arm64"
+      "freebsd-arm"
+      "freebsd-386"
+      "windows-amd64.exe"
+      "windows-arm64.exe"
+    )
+    for arch in "${AGENT_NAME[@]}"; do
+      curl_with_retry "${FILE_URL}${arch}" "/opt/patchmon/agents/patchmon-agent-${arch}"
+      [[ "${arch}" != *.exe ]] && chmod 755 "/opt/patchmon/agents/patchmon-agent-${arch}"
+    done
+    msg_ok "Fetched PatchMon agent binaries"

    msg_info "Starting Service"
-    if grep -q '/usr/bin/node' /etc/systemd/system/patchmon-server.service; then
-      sed -i 's|ExecStart=.*|ExecStart=/usr/bin/npm run start|' /etc/systemd/system/patchmon-server.service
-      systemctl daemon-reload
-    fi
    systemctl start patchmon-server
    msg_ok "Started Service"
    msg_ok "Updated successfully!"
--- a/ct/peanut.sh
+++ b/ct/peanut.sh
@@ -45,6 +45,33 @@ function update_script() {
      msg_ok "Fixed entrypoint"
    fi

+    if [[ ! -f /etc/peanut/peanut.env ]]; then
+      msg_info "Migrating service to EnvironmentFile"
+      mkdir -p /etc/peanut
+      cat <<EOF >/etc/peanut/peanut.env
+NODE_ENV=production
+
+#WEB_HOST=0.0.0.0
+#WEB_PORT=8080
+#NUT_HOST=localhost
+#NUT_PORT=3493
+
+# Disable auth entirely:
+#AUTH_DISABLED=true
+
+# Bootstrap initial account on first start (ignored afterwards):
+#WEB_USERNAME=admin
+#WEB_PASSWORD=changeme
+EOF
+      chmod 600 /etc/peanut/peanut.env
+      sed -i '/^Environment=/d' /etc/systemd/system/peanut.service
+      if ! grep -q '^EnvironmentFile=/etc/peanut/peanut.env' /etc/systemd/system/peanut.service; then
+        sed -i '/^Type=simple/a EnvironmentFile=/etc/peanut/peanut.env' /etc/systemd/system/peanut.service
+      fi
+      systemctl daemon-reload
+      msg_ok "Migrated to /etc/peanut/peanut.env"
+    fi
+
    msg_info "Updating PeaNUT"
    cd /opt/peanut
    $STD pnpm i
--- a/ct/pelican-panel.sh
+++ b/ct/pelican-panel.sh
@@ -45,15 +45,23 @@ function update_script() {
    $STD php artisan down
    msg_ok "Stopped Service"

-    cp -r /opt/pelican-panel/.env /opt/
+    mkdir -p /opt/backup
+    cp -a /opt/pelican-panel/.env /opt/backup
+    mkdir -p /opt/backup/storage/app/
+    cp -a /opt/pelican-panel/storage/app/public /opt/backup/storage/app/
+    
    SQLITE_INSTALL=$(ls /opt/pelican-panel/database/*.sqlite 1>/dev/null 2>&1 && echo "true" || echo "false")
-    $SQLITE_INSTALL && cp -r /opt/pelican-panel/database/*.sqlite /opt/
-    rm -rf * .*
+    $SQLITE_INSTALL && cp -r /opt/pelican-panel/database/*.sqlite /opt/backup
+    
+    find /opt/pelican-panel -mindepth 1 -maxdepth 1 ! -name 'backup' ! -name 'plugins' -exec rm -rf {} +
+    
    fetch_and_deploy_gh_release "pelican-panel" "pelican-dev/panel" "prebuild" "latest" "/opt/pelican-panel" "panel.tar.gz"

    msg_info "Updating Pelican Panel"
-    mv /opt/.env /opt/pelican-panel/
-    $SQLITE_INSTALL && mv /opt/*.sqlite /opt/pelican-panel/database/
+    cp -a /opt/backup/.env /opt/pelican-panel/
+    $SQLITE_INSTALL && mv /opt/backup/*.sqlite /opt/pelican-panel/database/
+    cp -a /opt/backup/storage/app/public /opt/pelican-panel/storage/app/
+
    $STD composer install --no-dev --optimize-autoloader --no-interaction
    $STD php artisan p:environment:setup
    $STD php artisan view:clear
--- a/ct/protonmail-bridge.sh
+++ b/ct/protonmail-bridge.sh
@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: Stephen Chin (steveonjava)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/ProtonMail/proton-bridge
+
+APP="ProtonMail-Bridge"
+var_tags="${var_tags:-mail;proton}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-1024}"
+var_disk="${var_disk:-8}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -x /usr/bin/protonmail-bridge ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit 1
+  fi
+
+  if check_for_gh_release "protonmail-bridge" "ProtonMail/proton-bridge"; then
+    local -a bridge_units=(
+      protonmail-bridge
+      protonmail-bridge-imap.socket
+      protonmail-bridge-smtp.socket
+      protonmail-bridge-imap-proxy
+      protonmail-bridge-smtp-proxy
+    )
+    local unit
+    declare -A was_active
+    for unit in "${bridge_units[@]}"; do
+      if systemctl is-active --quiet "$unit" 2>/dev/null; then
+        was_active["$unit"]=1
+      else
+        was_active["$unit"]=0
+      fi
+    done
+
+    msg_info "Stopping Services"
+    systemctl stop protonmail-bridge-imap.socket protonmail-bridge-smtp.socket protonmail-bridge-imap-proxy protonmail-bridge-smtp-proxy protonmail-bridge
+    msg_ok "Stopped Services"
+
+    fetch_and_deploy_gh_release "protonmail-bridge" "ProtonMail/proton-bridge" "binary"
+
+    if [[ -f /home/protonbridge/.protonmailbridge-initialized ]]; then
+      msg_info "Starting Services"
+      for unit in "${bridge_units[@]}"; do
+        if [[ "${was_active[$unit]:-0}" == "1" ]]; then
+          systemctl start "$unit"
+        fi
+      done
+      msg_ok "Started Services"
+    else
+      msg_ok "Initialization not completed. Services remain disabled."
+    fi
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW}One-time configuration is required before Bridge services are enabled.${CL}"
+echo -e "${INFO}${YW}Run this command in the container: protonmailbridge-configure${CL}"
--- a/ct/rustdeskserver.sh
+++ b/ct/rustdeskserver.sh
@@ -48,8 +48,6 @@ function update_script() {
    msg_ok "Services started"

    msg_ok "Updated successfully!"
-  else
-    msg_ok "No update required. ${APP} is already at v${RELEASE}"
  fi
  exit
 }
--- a/ct/shelfmark.sh
+++ b/ct/shelfmark.sh
@@ -30,7 +30,7 @@ function update_script() {
  fi

  NODE_VERSION="24" setup_nodejs
-  PYTHON_VERSION="3.12" setup_uv
+  PYTHON_VERSION="3.14" setup_uv

  if check_for_gh_release "shelfmark" "calibrain/shelfmark"; then
    msg_info "Stopping Service(s)"
@@ -59,6 +59,7 @@ function update_script() {
    RELEASE_VERSION=$(cat "$HOME/.shelfmark")

    msg_info "Updating Shelfmark"
+    export VIRTUAL_ENV=/opt/shelfmark/venv
    sed -i "s/^RELEASE_VERSION=.*/RELEASE_VERSION=$RELEASE_VERSION/" /etc/shelfmark/.env
    cd /opt/shelfmark/src/frontend
    $STD npm ci
@@ -67,9 +68,10 @@ function update_script() {
    cd /opt/shelfmark
    $STD uv venv -c ./venv
    $STD source ./venv/bin/activate
-    $STD uv pip install -r ./requirements-base.txt
    if [[ $(sed -n '/_BYPASS=/s/[^=]*=//p' /etc/shelfmark/.env) == "true" ]] && [[ $(sed -n '/BYPASSER=/s/[^=]*=//p' /etc/shelfmark/.env) == "false" ]]; then
-      $STD uv pip install -r ./requirements-shelfmark.txt
+      $STD uv sync --active --locked --no-default-groups --extra browser
+    else
+      $STD uv sync --active --locked --no-default-groups
    fi
    mv /opt/start.sh.bak /opt/shelfmark/start.sh
    msg_ok "Updated Shelfmark"
--- a/ct/shlink.sh
+++ b/ct/shlink.sh
@@ -0,0 +1,85 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://shlink.io/
+
+APP="Shlink"
+var_tags="${var_tags:-url-shortener;analytics;php}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-2048}"
+var_disk="${var_disk:-4}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -d /opt/shlink ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "shlink" "shlinkio/shlink"; then
+    msg_info "Stopping Service"
+    systemctl stop shlink
+    msg_ok "Stopped Service"
+
+    msg_info "Backing up Data"
+    cp /opt/shlink/.env /opt/shlink.env.bak
+    cp -r /opt/shlink/data /opt/shlink_data_backup
+    msg_ok "Backed up Data"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "shlink" "shlinkio/shlink" "prebuild" "latest" "/opt/shlink" "shlink*_php8.5_dist.zip"
+
+    msg_info "Restoring Data"
+    cp /opt/shlink.env.bak /opt/shlink/.env
+    rm -f /opt/shlink.env.bak
+    cp -r /opt/shlink_data_backup/. /opt/shlink/data
+    rm -rf /opt/shlink_data_backup
+    msg_ok "Restored Data"
+
+    msg_info "Updating Application"
+    cd /opt/shlink
+    $STD php ./vendor/bin/rr get --no-interaction --location bin/
+    chmod +x bin/rr
+    set -a
+    source /opt/shlink/.env
+    set +a
+    $STD php vendor/bin/shlink-installer init --no-interaction --clear-db-cache --skip-download-geolite
+    msg_ok "Updated Application"
+
+    msg_info "Starting Service"
+    systemctl start shlink
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+
+  if [[ -d /opt/shlink-web-client ]]; then
+    if check_for_gh_release "shlink-web-client" "shlinkio/shlink-web-client"; then
+      CLEAN_INSTALL=1 fetch_and_deploy_gh_release "shlink-web-client" "shlinkio/shlink-web-client" "prebuild" "latest" "/opt/shlink-web-client" "shlink-web-client_*_dist.zip"
+      msg_ok "Updated Web Client"
+    fi
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access Shlink Web Client using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"
+echo -e "${INFO}${YW} Shlink HTTP API:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080${CL}"
--- a/ct/solidtime.sh
+++ b/ct/solidtime.sh
@@ -0,0 +1,77 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://www.solidtime.io/
+
+APP="SolidTime"
+var_tags="${var_tags:-time-tracking;productivity;business}"
+var_cpu="${var_cpu:-4}"
+var_ram="${var_ram:-4096}"
+var_disk="${var_disk:-8}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -d /opt/solidtime ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "solidtime" "solidtime-io/solidtime"; then
+    msg_info "Stopping Services"
+    systemctl stop caddy
+    msg_ok "Stopped Services"
+
+    msg_info "Backing up Data"
+    cp /opt/solidtime/.env /opt/solidtime.env.bak
+    cp -r /opt/solidtime/storage /opt/solidtime_storage_backup
+    msg_ok "Backed up Data"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "solidtime" "solidtime-io/solidtime" "tarball"
+
+    msg_info "Restoring Data"
+    cp /opt/solidtime.env.bak /opt/solidtime/.env
+    rm -f /opt/solidtime.env.bak
+    cp -r /opt/solidtime_storage_backup/. /opt/solidtime/storage
+    rm -rf /opt/solidtime_storage_backup
+    msg_ok "Restored Data"
+
+    msg_info "Updating Application"
+    cd /opt/solidtime
+    $STD composer install --no-dev --optimize-autoloader
+    $STD npm install
+    $STD npm run build
+    $STD php artisan migrate --force
+    $STD php artisan optimize:clear
+    chown -R www-data:www-data /opt/solidtime
+    msg_ok "Updated Application"
+
+    msg_info "Starting Services"
+    systemctl start caddy
+    msg_ok "Started Services"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}${CL}"
+echo -e "${INFO}${YW}HTTPS is not enabled by default (use domain + reverse proxy/TLS if needed).${CL}"
--- a/ct/sonarr.sh
+++ b/ct/sonarr.sh
@@ -23,21 +23,24 @@ function update_script() {
  header_info
  check_container_storage
  check_container_resources
+
  if [[ ! -d /var/lib/sonarr/ ]]; then
    msg_error "No ${APP} Installation Found!"
    exit
  fi

-  msg_info "Stopping Service"
-  systemctl stop sonarr
-  msg_ok "Stopped Service"
+  if check_for_gh_release "Sonarr" "Sonarr/Sonarr"; then
+    msg_info "Stopping Service"
+    systemctl stop sonarr
+    msg_ok "Stopped Service"

-  CLEAN_INSTALL=1 fetch_and_deploy_gh_release "Sonarr" "Sonarr/Sonarr" "prebuild" "latest" "/opt/Sonarr" "Sonarr.main.*.linux-x64.tar.gz"
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "Sonarr" "Sonarr/Sonarr" "prebuild" "latest" "/opt/Sonarr" "Sonarr.main.*.linux-x64.tar.gz"

-  msg_info "Starting Service"
-  systemctl start sonarr
-  msg_ok "Started Service"
-  msg_ok "Updated successfully!"
+    msg_info "Starting Service"
+    systemctl start sonarr
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
  exit
 }

--- a/ct/soulsync.sh
+++ b/ct/soulsync.sh
@@ -0,0 +1,68 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/Nezreka/SoulSync
+
+APP="SoulSync"
+var_tags="${var_tags:-music;automation;media}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-2048}"
+var_disk="${var_disk:-8}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -f ~/.soulsync ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "soulsync" "Nezreka/SoulSync"; then
+    msg_info "Stopping Service"
+    systemctl stop soulsync
+    msg_ok "Stopped Service"
+
+    msg_info "Backing up Data"
+    mv /opt/soulsync/config /opt/soulsync-config.bak
+    mv /opt/soulsync/data /opt/soulsync-data.bak
+    msg_ok "Backed up Data"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "soulsync" "Nezreka/SoulSync" "tarball"
+
+    msg_info "Updating Python Dependencies"
+    cd /opt/soulsync
+    $STD uv venv --clear /opt/soulsync/.venv --python 3.11
+    $STD /opt/soulsync/.venv/bin/pip install -r requirements.txt
+    msg_ok "Updated Python Dependencies"
+
+    mv /opt/soulsync-config.bak /opt/soulsync/config
+    mv /opt/soulsync-data.bak /opt/soulsync/data
+
+    msg_info "Starting Service"
+    systemctl start soulsync
+    msg_ok "Started Service"
+    msg_ok "Updated ${APP}"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8008${CL}"
--- a/ct/step-ca.sh
+++ b/ct/step-ca.sh
@@ -30,6 +30,12 @@ function update_script() {
  msg_info "Updating step-ca and step-cli"
  $STD apt update
  $STD apt upgrade -y step-ca step-cli
+
+  # Patch for making $STD happy (/usr/bin/step is a symlink to /usr/bin/step-cli)
+  STEPBIN="$(which step)"
+  rm -f "$STEPBIN"
+  cp -f "$(which step-cli)" "$STEPBIN"
+
  $STD systemctl restart step-ca
  msg_ok "Updated step-ca and step-cli"

--- a/ct/storybook.sh
+++ b/ct/storybook.sh
@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/storybookjs/storybook
+
+APP="Storybook"
+var_tags="${var_tags:-dev-tools;frontend;ui}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-2048}"
+var_disk="${var_disk:-8}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -f /opt/storybook/.projectpath ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  PROJECT_PATH=$(cat /opt/storybook/.projectpath)
+
+  if [[ ! -d "$PROJECT_PATH" ]]; then
+    msg_error "Project directory not found: $PROJECT_PATH"
+    exit
+  fi
+
+  msg_info "Updating Storybook"
+  cd "$PROJECT_PATH"
+  $STD npx storybook@latest upgrade --yes
+  msg_ok "Updated Storybook"
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:6006${CL}"
--- a/ct/storyteller.sh
+++ b/ct/storyteller.sh
@@ -0,0 +1,85 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://gitlab.com/storyteller-platform/storyteller
+
+APP="Storyteller"
+var_tags="${var_tags:-media;ebook;audiobook}"
+var_cpu="${var_cpu:-4}"
+var_ram="${var_ram:-10240}"
+var_disk="${var_disk:-20}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -d /opt/storyteller ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gl_release "storyteller" "storyteller-platform/storyteller"; then
+    msg_info "Stopping Service"
+    systemctl stop storyteller
+    msg_ok "Stopped Service"
+
+    msg_info "Backing up Data"
+    cp /opt/storyteller/.env /opt/storyteller_env.bak
+    msg_ok "Backed up Data"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gl_release "storyteller" "storyteller-platform/storyteller" "tarball" "latest" "/opt/storyteller"
+
+    msg_info "Restoring Configuration"
+    mv /opt/storyteller_env.bak /opt/storyteller/.env
+    msg_ok "Restored Configuration"
+
+    msg_info "Rebuilding Storyteller"
+    cd /opt/storyteller
+    export NODE_OPTIONS="--max-old-space-size=4096"
+    $STD yarn install --network-timeout 600000
+    $STD gcc -g -fPIC -rdynamic -shared web/sqlite/uuid.c -o web/sqlite/uuid.c.so
+    export CI=1
+    export NODE_ENV=production
+    export NEXT_TELEMETRY_DISABLED=1
+    export SQLITE_NATIVE_BINDING=/opt/storyteller/node_modules/better-sqlite3/build/Release/better_sqlite3.node
+    $STD yarn workspaces foreach -Rpt --from @storyteller-platform/web --exclude @storyteller-platform/eslint run build
+    mkdir -p /opt/storyteller/web/.next/standalone/web/.next/static
+    cp -rT /opt/storyteller/web/.next/static /opt/storyteller/web/.next/standalone/web/.next/static
+    if [[ -d /opt/storyteller/web/public ]]; then
+      mkdir -p /opt/storyteller/web/.next/standalone/web/public
+      cp -rT /opt/storyteller/web/public /opt/storyteller/web/.next/standalone/web/public
+    fi
+    mkdir -p /opt/storyteller/web/.next/standalone/web/migrations
+    cp -rT /opt/storyteller/web/migrations /opt/storyteller/web/.next/standalone/web/migrations
+    mkdir -p /opt/storyteller/web/.next/standalone/web/sqlite
+    cp -rT /opt/storyteller/web/sqlite /opt/storyteller/web/.next/standalone/web/sqlite
+    ln -sf /opt/storyteller/.env /opt/storyteller/web/.next/standalone/web/.env
+    msg_ok "Rebuilt Storyteller"
+
+    msg_info "Starting Service"
+    systemctl start storyteller
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8001${CL}"
--- a/ct/teable.sh
+++ b/ct/teable.sh
@@ -0,0 +1,82 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/teableio/teable
+
+APP="Teable"
+var_tags="${var_tags:-database;no-code;spreadsheet}"
+var_cpu="${var_cpu:-4}"
+var_ram="${var_ram:-10240}"
+var_disk="${var_disk:-25}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -d /opt/teable ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "teable" "teableio/teable"; then
+    msg_info "Stopping Service"
+    systemctl stop teable
+    msg_ok "Stopped Service"
+
+    msg_info "Backing up Configuration"
+    cp /opt/teable/.env /opt/teable.env.bak
+    msg_ok "Backed up Configuration"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "teable" "teableio/teable" "tarball"
+
+    msg_info "Restoring Configuration"
+    mv /opt/teable.env.bak /opt/teable/.env
+    msg_ok "Restored Configuration"
+
+    msg_info "Rebuilding Teable"
+    cd /opt/teable
+    TEABLE_VERSION=$(cat ~/.teable)
+    echo "NEXT_PUBLIC_BUILD_VERSION=\"${TEABLE_VERSION}\"" >>apps/nextjs-app/.env
+    export HUSKY=0
+    export NODE_OPTIONS="--max-old-space-size=8192"
+    $STD pnpm install --frozen-lockfile
+    $STD pnpm -F @teable/db-main-prisma prisma-generate --schema ./prisma/postgres/schema.prisma
+    NODE_ENV=production NEXT_BUILD_ENV_TYPECHECK=false \
+      $STD pnpm -r --filter '!playground' run build
+    msg_ok "Rebuilt Teable"
+
+    msg_info "Running Database Migrations"
+    source /opt/teable/.env
+    $STD pnpm -F @teable/db-main-prisma prisma-migrate deploy --schema ./prisma/postgres/schema.prisma
+    msg_ok "Ran Database Migrations"
+
+    msg_info "Starting Service"
+    systemctl start teable
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  else
+    msg_ok "No update available."
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"
--- a/ct/technitiumdns.sh
+++ b/ct/technitiumdns.sh
@@ -32,8 +32,8 @@ function update_script() {
    systemctl daemon-reload
    systemctl enable -q --now technitium
  fi
-  if is_package_installed "aspnetcore-runtime-8.0" || is_package_installed "aspnetcore-runtime-9.0"; then
-    $STD apt remove -y aspnetcore-runtime-*
+  if ! is_package_installed "aspnetcore-runtime-10.0"; then
+    $STD apt remove -y aspnetcore-runtime-8.0 aspnetcore-runtime-9.0 2>/dev/null || true
    [ -f /etc/apt/sources.list.d/microsoft-prod.list ] && rm -f /etc/apt/sources.list.d/microsoft-prod.list
    [ -f /usr/share/keyrings/microsoft-prod.gpg ] && rm -f /usr/share/keyrings/microsoft-prod.gpg
    setup_deb822_repo \
--- a/ct/termix.sh
+++ b/ct/termix.sh
@@ -199,7 +199,9 @@ EOF
      cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
      curl -fsSL "https://raw.githubusercontent.com/Termix-SSH/Termix/main/docker/nginx.conf" -o /etc/nginx/nginx.conf
      sed -i '/^master_process/d' /etc/nginx/nginx.conf
-      sed -i '/^pid \/app\/nginx/d' /etc/nginx/nginx.conf
+      sed -i 's|pid /tmp/nginx/nginx.pid;|pid /run/nginx.pid;|' /etc/nginx/nginx.conf
+      sed -i 's|error_log /tmp/nginx/error.log|error_log /var/log/nginx/error.log|' /etc/nginx/nginx.conf
+      sed -i 's|access_log /tmp/nginx/access.log|access_log /var/log/nginx/access.log|' /etc/nginx/nginx.conf
      sed -i 's|/app/html|/opt/termix/html|g' /etc/nginx/nginx.conf
      sed -i 's|/app/nginx|/opt/termix/nginx|g' /etc/nginx/nginx.conf
      sed -i 's|listen ${PORT};|listen 80;|g' /etc/nginx/nginx.conf
--- a/ct/threadfin.sh
+++ b/ct/threadfin.sh
@@ -29,12 +29,13 @@ function update_script() {
    exit
  fi

-  if check_for_gh_release "threadfin" "threadfin/threadfin"; then
+  if check_for_gh_release "threadfin-app" "threadfin/threadfin"; then
    msg_info "Stopping Service"
    systemctl stop threadfin
    msg_ok "Stopped Service"

-    fetch_and_deploy_gh_release "threadfin" "threadfin/threadfin" "singlefile" "latest" "/opt/threadfin" "Threadfin_linux_amd64"
+    fetch_and_deploy_gh_release "threadfin-app" "threadfin/threadfin" "singlefile" "latest" "/opt/threadfin" "Threadfin_linux_amd64"
+    mv /opt/threadfin/threadfin-app /opt/threadfin/threadfin

    msg_info "Starting Service"
    systemctl start threadfin
--- a/ct/tubearchivist.sh
+++ b/ct/tubearchivist.sh
@@ -0,0 +1,83 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/tubearchivist/tubearchivist
+
+APP="Tube Archivist"
+var_tags="${var_tags:-media;youtube;archiving}"
+var_cpu="${var_cpu:-4}"
+var_ram="${var_ram:-6144}"
+var_disk="${var_disk:-30}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -d /opt/tubearchivist ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "tubearchivist" "tubearchivist/tubearchivist"; then
+    msg_info "Stopping Services"
+    systemctl stop tubearchivist tubearchivist-celery tubearchivist-beat
+    msg_ok "Stopped Services"
+
+    msg_info "Backing up Data"
+    cp /opt/tubearchivist/.env /opt/tubearchivist_env.bak
+    msg_ok "Backed up Data"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "tubearchivist" "tubearchivist/tubearchivist" "tarball"
+
+    msg_info "Rebuilding Tube Archivist"
+    cd /opt/tubearchivist/frontend
+    $STD npm install
+    $STD npm run build:deploy
+    mkdir -p /opt/tubearchivist/backend/static
+    cp -r /opt/tubearchivist/frontend/dist/* /opt/tubearchivist/backend/static/
+    cp /opt/tubearchivist/docker_assets/backend_start.py /opt/tubearchivist/backend/
+    $STD uv pip install --python /opt/tubearchivist/.venv/bin/python -r /opt/tubearchivist/backend/requirements.txt
+    if [[ -f /opt/tubearchivist/backend/requirements.plugins.txt ]]; then
+      mkdir -p /opt/yt_plugins/bgutil
+      $STD uv pip install --python /opt/tubearchivist/.venv/bin/python --target /opt/yt_plugins/bgutil -r /opt/tubearchivist/backend/requirements.plugins.txt
+    fi
+    msg_ok "Rebuilt Tube Archivist"
+
+    msg_info "Restoring Configuration"
+    mv /opt/tubearchivist_env.bak /opt/tubearchivist/.env
+    sed -i 's|^TA_APP_DIR=/opt/tubearchivist$|TA_APP_DIR=/opt/tubearchivist/backend|' /opt/tubearchivist/.env
+    sed -i 's|^TA_CACHE_DIR=/opt/tubearchivist/cache$|TA_CACHE_DIR=/cache|' /opt/tubearchivist/.env
+    sed -i 's|^TA_MEDIA_DIR=/opt/tubearchivist/media$|TA_MEDIA_DIR=/youtube|' /opt/tubearchivist/.env
+    ln -sf /opt/tubearchivist/cache /cache
+    ln -sf /opt/tubearchivist/media /youtube
+    ln -sf /opt/tubearchivist/.env /opt/tubearchivist/backend/.env
+    msg_ok "Restored Configuration"
+
+    msg_info "Starting Services"
+    systemctl start tubearchivist tubearchivist-celery tubearchivist-beat
+    systemctl reload nginx
+    msg_ok "Started Services"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8000${CL}"
--- a/ct/web-check.sh
+++ b/ct/web-check.sh
@@ -28,7 +28,7 @@ function update_script() {
    exit
  fi

-  if check_for_gh_release "web-check" "CrazyWolf13/web-check"; then
+  if check_for_gh_release "web-check" "Lissy93/web-check"; then
    msg_info "Stopping Service"
    systemctl stop web-check
    msg_ok "Stopped Service"
@@ -38,7 +38,7 @@ function update_script() {
    msg_ok "Created backup"

    NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "web-check" "CrazyWolf13/web-check" "tarball"
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "web-check" "Lissy93/web-check" "tarball"

    msg_info "Restoring backup"
    mv /opt/.env /opt/web-check
--- a/install/alpine-docker-install.sh
+++ b/install/alpine-docker-install.sh
@@ -14,7 +14,7 @@ network_check
 update_os

 msg_info "Installing Dependencies"
-$STD apk add tzdata
+$STD apk add tzdata openssl
 msg_ok "Installed Dependencies"

 msg_info "Installing Docker"
--- a/install/checkmk-install.sh
+++ b/install/checkmk-install.sh
@@ -14,10 +14,10 @@ network_check
 update_os

 msg_info "Install Checkmk"
-RELEASE=$(curl -fsSL https://api.github.com/repos/checkmk/checkmk/tags | grep "name" | awk '{print substr($2, 3, length($2)-4) }' | tr ' ' '\n' | grep -Ev 'rc|b' | sort -V | tail -n 1)
+RELEASE=$(curl_with_retry "https://api.github.com/repos/checkmk/checkmk/tags" "-" | grep "name" | awk '{print substr($2, 3, length($2)-4) }' | tr ' ' '\n' | grep -Ev 'rc|b' | sort -V | tail -n 1)
 RELEASE="${RELEASE%%+*}"
-curl -fsSL "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-raw-${RELEASE}_0.$(get_os_info codename)_amd64.deb" -o "/opt/checkmk.deb"
-$STD apt-get install -y /opt/checkmk.deb
+curl_with_retry "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-community-${RELEASE}_0.$(get_os_info codename)_amd64.deb" "/opt/checkmk.deb"
+$STD apt install -y /opt/checkmk.deb
 rm -rf /opt/checkmk.deb
 echo "${RELEASE}" >"/opt/checkmk_version.txt"
 msg_ok "Installed Checkmk"
@@ -29,14 +29,12 @@ MKPASSWORD=$(openssl rand -base64 18 | tr -d '/+=' | cut -c1-16)

 echo -e "$MKPASSWORD\n$MKPASSWORD" | su - "$SITE_NAME" -c "cmk-passwd cmkadmin --stdin"
 $STD omd start "$SITE_NAME"
-
 {
  echo "Application-Credentials"
  echo "Username: cmkadmin"
  echo "Password: $MKPASSWORD"
  echo "Site: $SITE_NAME"
 } >>~/checkmk.creds
-
 msg_ok "Created Service"

 cleanup_lxc
--- a/install/coredns-install.sh
+++ b/install/coredns-install.sh
@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/coredns/coredns
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+fetch_and_deploy_gh_release "coredns" "coredns/coredns" "prebuild" "latest" "/usr/local/bin" \
+  "coredns_*_linux_$(dpkg --print-architecture).tgz"
+chmod +x /usr/local/bin/coredns
+
+msg_info "Configuring CoreDNS"
+mkdir -p /etc/coredns
+cat <<EOF >/etc/coredns/Corefile
+. {
+    forward . 1.1.1.1 1.0.0.1
+    cache 30
+    log
+    errors
+    health :8080
+    ready :8181
+}
+EOF
+msg_ok "Configured CoreDNS"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/coredns.service
+[Unit]
+Description=CoreDNS DNS Server
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/coredns -conf /etc/coredns/Corefile
+Restart=on-failure
+RestartSec=5
+LimitNOFILE=1048576
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now coredns
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/databasus-install.sh
+++ b/install/databasus-install.sh
@@ -32,7 +32,7 @@ for v in 12 13 14 15 16 18; do
 done
 # Install MongoDB Database Tools via direct .deb (no APT repo for Debian 13)
 [[ "$(get_os_info id)" == "ubuntu" ]] && MONGO_DIST="ubuntu2204" || MONGO_DIST="debian12"
-MONGO_VERSION=$(get_latest_gh_tag "mongodb/mongo-tools" "100." || echo "100.14.1")
+MONGO_VERSION=$(get_latest_gh_tag "mongodb/mongo-tools" "100." || echo "100.16.1")
 fetch_and_deploy_from_url "https://fastdl.mongodb.org/tools/db/mongodb-database-tools-${MONGO_DIST}-x86_64-${MONGO_VERSION}.deb" ""
 mkdir -p /usr/local/mongodb-database-tools/bin
 [[ -f /usr/bin/mongodump ]] && ln -sf /usr/bin/mongodump /usr/local/mongodb-database-tools/bin/mongodump
@@ -52,9 +52,12 @@ msg_ok "Installed Database Clients"
 fetch_and_deploy_gh_release "databasus" "databasus/databasus" "tarball" "latest" "/opt/databasus"

 msg_info "Building Databasus (Patience)"
+export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
 cd /opt/databasus/frontend
-$STD npm ci
-$STD npm run build
+$STD corepack enable
+$STD corepack prepare pnpm@latest --activate
+$STD pnpm install --frozen-lockfile
+$STD pnpm run build
 cd /opt/databasus/backend
 $STD go mod tidy
 $STD go mod download
@@ -76,7 +79,7 @@ ENCRYPTION_KEY=$(openssl rand -hex 32)
 # Install goose for migrations
 $STD go install github.com/pressly/goose/v3/cmd/goose@latest
 ln -sf /root/go/bin/goose /usr/local/bin/goose
-cat <<EOF >/opt/databasus/.env
+cat <<EOF >/.env
 # Environment
 ENV_MODE=production

@@ -106,8 +109,7 @@ DATA_DIR=/databasus-data/data
 BACKUP_DIR=/databasus-data/backups
 LOG_DIR=/databasus-data/logs
 EOF
-chown postgres:postgres /opt/databasus/.env
-chmod 600 /opt/databasus/.env
+chmod 600 /.env
 msg_ok "Configured Databasus"

 msg_info "Configuring Valkey"
@@ -145,7 +147,7 @@ Requires=postgresql.service valkey.service
 [Service]
 Type=simple
 WorkingDirectory=/opt/databasus
-EnvironmentFile=/opt/databasus/.env
+EnvironmentFile=/.env
 ExecStart=/opt/databasus/databasus
 Restart=always
 RestartSec=5
--- a/install/dawarich-install.sh
+++ b/install/dawarich-install.sh
@@ -46,10 +46,16 @@ msg_ok "Set up Directories"

 msg_info "Configuring Environment"
 SECRET_KEY_BASE=$(openssl rand -hex 64)
+OTP_ENCRYPTION_PRIMARY_KEY=$(openssl rand -hex 64)
+OTP_ENCRYPTION_DETERMINISTIC_KEY=$(openssl rand -hex 64)
+OTP_ENCRYPTION_KEY_DERIVATION_SALT=$(openssl rand -hex 64)
 RELEASE=$(get_latest_github_release "Freika/dawarich")
 cat <<EOF >/opt/dawarich/.env
 RAILS_ENV=production
 SECRET_KEY_BASE=${SECRET_KEY_BASE}
+OTP_ENCRYPTION_PRIMARY_KEY=${OTP_ENCRYPTION_PRIMARY_KEY}
+OTP_ENCRYPTION_DETERMINISTIC_KEY=${OTP_ENCRYPTION_DETERMINISTIC_KEY}
+OTP_ENCRYPTION_KEY_DERIVATION_SALT=${OTP_ENCRYPTION_KEY_DERIVATION_SALT}
 DATABASE_HOST=localhost
 DATABASE_USERNAME=${PG_DB_USER}
 DATABASE_PASSWORD=${PG_DB_PASS}
--- a/install/endurain-install.sh
+++ b/install/endurain-install.sh
@@ -3,7 +3,7 @@
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: johanngrobe
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/joaovitoriasilva/endurain
+# Source: https://codeberg.org/endurain-project/endurain

 source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
 color
@@ -21,7 +21,7 @@ PYTHON_VERSION="3.13" setup_uv
 NODE_VERSION="24" setup_nodejs
 PG_VERSION="17" PG_MODULES="postgis" setup_postgresql
 PG_DB_NAME="enduraindb" PG_DB_USER="endurain" setup_postgresql_db
-fetch_and_deploy_gh_release "endurain" "endurain-project/endurain" "tarball" "latest" "/opt/endurain"
+fetch_and_deploy_codeberg_release "endurain" "endurain-project/endurain" "tarball" "latest" "/opt/endurain"

 msg_info "Setting up Endurain"
 cd /opt/endurain
--- a/install/erpnext-install.sh
+++ b/install/erpnext-install.sh
@@ -69,6 +69,13 @@ DB_ROOT_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 mysql -u root -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASS}'; FLUSH PRIVILEGES;"
 $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt && bench init --frappe-branch version-15 frappe-bench'
 $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt/frappe-bench && bench get-app erpnext --branch version-15'
+
+msg_info "Starting Redis Services for Site Setup"
+$STD sudo -u frappe bash -c 'redis-server /opt/frappe-bench/config/redis_queue.conf --daemonize yes'
+$STD sudo -u frappe bash -c 'redis-server /opt/frappe-bench/config/redis_cache.conf --daemonize yes'
+sleep 3
+msg_ok "Started Redis Services for Site Setup"
+
 $STD sudo -u frappe bash -c "export PATH=\"\$HOME/.local/bin:\$PATH\"; cd /opt/frappe-bench && bench new-site site1.local --db-root-username root --db-root-password \"$DB_ROOT_PASS\" --admin-password \"$ADMIN_PASS\" --install-app erpnext --set-default"
 msg_ok "Initialized Frappe Bench"

--- a/install/flowiseai-install.sh
+++ b/install/flowiseai-install.sh
@@ -13,10 +13,10 @@ setting_up_container
 network_check
 update_os

-NODE_VERSION="20" setup_nodejs
+NODE_VERSION="20" NODE_MODULE="pnpm" setup_nodejs

 msg_info "Installing FlowiseAI (Patience)"
-$STD npm install -g flowise \
+$STD pnpm add -g flowise \
  @opentelemetry/exporter-trace-otlp-grpc \
  @opentelemetry/exporter-trace-otlp-proto \
  @opentelemetry/sdk-trace-node \
@@ -33,7 +33,7 @@ After=network.target

 [Service]
 EnvironmentFile=/opt/flowiseai/.env
-ExecStart=npx flowise start
+ExecStart=flowise start
 Restart=always

 [Install]
--- a/install/graylog-install.sh
+++ b/install/graylog-install.sh
@@ -13,7 +13,7 @@ setting_up_container
 network_check
 update_os

-MONGO_VERSION="8.0" setup_mongodb
+MONGO_VERSION="8.2" setup_mongodb

 msg_info "Setup Graylog Data Node"
 PASSWORD_SECRET=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c16)
@@ -38,6 +38,8 @@ sed -i "s/password_secret =/password_secret = $PASSWORD_SECRET/g" /etc/graylog/s
 sed -i "s/root_password_sha2 =/root_password_sha2 = $ROOT_PASSWORD/g" /etc/graylog/server/server.conf
 sed -i 's/#http_bind_address = 127.0.0.1.*/http_bind_address = 0.0.0.0:9000/g' /etc/graylog/server/server.conf
 systemctl enable -q --now graylog-server
+sleep 5
+sed -i "s/0\.0\.0\.0:9000/$LOCAL_IP:9000/g" /var/log/graylog-server/server.log
 msg_ok "Setup ${APPLICATION}"

 motd_ssh
--- a/install/homepage-install.sh
+++ b/install/homepage-install.sh
@@ -25,6 +25,7 @@ msg_info "Installing Homepage (Patience)"
 mkdir -p /opt/homepage/config
 cd /opt/homepage
 cp /opt/homepage/src/skeleton/* /opt/homepage/config
+echo 'onlyBuiltDependencies=*' >> .npmrc
 $STD pnpm install
 export NEXT_PUBLIC_VERSION="v$RELEASE"
 export NEXT_PUBLIC_REVISION="source"
--- a/install/hoodik-install.sh
+++ b/install/hoodik-install.sh
@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/hudikhq/hoodik
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+fetch_and_deploy_gh_release "hoodik" "hudikhq/hoodik" "prebuild" "latest" "/opt/hoodik" "*x86_64.tar.gz"
+
+msg_info "Configuring Hoodik"
+mkdir -p /opt/hoodik_data
+JWT_SECRET=$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | cut -c1-32)
+cat <<EOF >/opt/hoodik/.env
+DATA_DIR=/opt/hoodik_data
+HTTP_PORT=5443
+HTTP_ADDRESS=0.0.0.0
+JWT_SECRET=${JWT_SECRET}
+APP_URL=http://${LOCAL_IP}:5443
+SSL_DISABLED=true
+COOKIE_SECURE=false
+COOKIE_HTTP_ONLY=false
+MAILER_TYPE=none
+RUST_LOG=hoodik=info,error=info
+EOF
+msg_ok "Configured Hoodik"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/hoodik.service
+[Unit]
+Description=Hoodik - Encrypted File Storage
+After=network.target
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/opt/hoodik_data
+EnvironmentFile=/opt/hoodik/.env
+ExecStart=/opt/hoodik/hoodik
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now hoodik
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/immichframe-install.sh
+++ b/install/immichframe-install.sh
@@ -43,8 +43,6 @@ cd /tmp/immichframe/immichFrame.Web
 $STD npm ci
 $STD npm run build
 cp -r build/* /opt/immichframe/wwwroot
-$STD apt remove -y dotnet-sdk-8.0
-$STD apt autoremove -y
 rm -rf /tmp/immichframe
 mkdir -p /opt/immichframe/Config
 curl -fsSL "https://raw.githubusercontent.com/immichFrame/ImmichFrame/main/docker/Settings.example.yml" -o /opt/immichframe/Config/Settings.yml
--- a/install/inspircd-install.sh
+++ b/install/inspircd-install.sh
@@ -30,6 +30,7 @@ cat <<EOF >/etc/inspircd/inspircd.conf
       email="irc@&networkDomain;">
 <bind address="" port="6667" type="clients">
 EOF
+systemctl enable -q --now inspircd
 msg_ok "Installed InspIRCd"

 motd_ssh
--- a/install/jotty-install.sh
+++ b/install/jotty-install.sh
@@ -17,7 +17,7 @@ NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
 fetch_and_deploy_gh_release "jotty" "fccview/jotty" "prebuild" "latest" "/opt/jotty" "jotty_*_prebuild.tar.gz"

 msg_info "Setup jotty"
-mkdir -p data/{users,checklists,notes}
+mkdir -p /opt/jotty/data/{users,checklists,notes}

 cat <<EOF >/opt/jotty/.env
 NODE_ENV=production
--- a/install/kitchenowl-install.sh
+++ b/install/kitchenowl-install.sh
@@ -47,8 +47,7 @@ msg_info "Setting up KitchenOwl"
 cd /opt/kitchenowl/backend
 $STD uv sync --no-dev
 sed -i 's/default=True/default=False/' /opt/kitchenowl/backend/wsgi.py
-mkdir -p /nltk_data
-$STD uv run python -m nltk.downloader -d /nltk_data averaged_perceptron_tagger_eng
+setup_nltk "averaged_perceptron_tagger_eng" "/nltk_data"
 JWT_SECRET=$(openssl rand -hex 32)
 mkdir -p /opt/kitchenowl/data
 cat <<EOF >/opt/kitchenowl/kitchenowl.env
--- a/install/librechat-install.sh
+++ b/install/librechat-install.sh
@@ -0,0 +1,139 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/danny-avila/LibreChat
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+MONGO_VERSION="8.0" setup_mongodb
+setup_meilisearch
+PG_VERSION="17" PG_MODULES="pgvector" setup_postgresql
+PG_DB_NAME="ragapi" PG_DB_USER="ragapi" PG_DB_EXTENSIONS="vector" setup_postgresql_db
+NODE_VERSION="24" setup_nodejs
+UV_PYTHON="3.12" setup_uv
+
+fetch_and_deploy_gh_tag "librechat" "danny-avila/LibreChat"
+fetch_and_deploy_gh_release "rag-api" "danny-avila/rag_api" "tarball"
+
+msg_info "Installing LibreChat Dependencies"
+cd /opt/librechat
+$STD npm ci
+msg_ok "Installed LibreChat Dependencies"
+
+msg_info "Building Frontend"
+$STD npm run frontend
+$STD npm prune --production
+$STD npm cache clean --force
+msg_ok "Built Frontend"
+
+msg_info "Installing RAG API Dependencies"
+cd /opt/rag-api
+$STD uv venv --python 3.12 --seed .venv
+$STD .venv/bin/pip install -r requirements.lite.txt
+mkdir -p /opt/rag-api/uploads
+msg_ok "Installed RAG API Dependencies"
+
+msg_info "Configuring LibreChat"
+JWT_SECRET=$(openssl rand -hex 32)
+JWT_REFRESH_SECRET=$(openssl rand -hex 32)
+CREDS_KEY=$(openssl rand -hex 32)
+CREDS_IV=$(openssl rand -hex 16)
+cat <<EOF >/opt/librechat/.env
+HOST=0.0.0.0
+PORT=3080
+MONGO_URI=mongodb://127.0.0.1:27017/LibreChat
+DOMAIN_CLIENT=http://${LOCAL_IP}:3080
+DOMAIN_SERVER=http://${LOCAL_IP}:3080
+NO_INDEX=true
+TRUST_PROXY=1
+JWT_SECRET=${JWT_SECRET}
+JWT_REFRESH_SECRET=${JWT_REFRESH_SECRET}
+SESSION_EXPIRY=1000 * 60 * 15
+REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7
+CREDS_KEY=${CREDS_KEY}
+CREDS_IV=${CREDS_IV}
+ALLOW_EMAIL_LOGIN=true
+ALLOW_REGISTRATION=true
+ALLOW_SOCIAL_LOGIN=false
+ALLOW_SOCIAL_REGISTRATION=false
+ALLOW_PASSWORD_RESET=false
+ALLOW_UNVERIFIED_EMAIL_LOGIN=true
+SEARCH=true
+MEILI_NO_ANALYTICS=true
+MEILI_HOST=http://127.0.0.1:7700
+MEILI_MASTER_KEY=${MEILISEARCH_MASTER_KEY}
+RAG_PORT=8000
+RAG_API_URL=http://127.0.0.1:8000
+APP_TITLE=LibreChat
+ENDPOINTS=openAI,agents,assistants,anthropic,google
+# OPENAI_API_KEY=your-key-here
+# OPENAI_MODELS=
+# ANTHROPIC_API_KEY=your-key-here
+# GOOGLE_KEY=your-key-here
+EOF
+msg_ok "Configured LibreChat"
+
+msg_info "Configuring RAG API"
+cat <<EOF >/opt/rag-api/.env
+VECTOR_DB_TYPE=pgvector
+DB_HOST=127.0.0.1
+DB_PORT=5432
+POSTGRES_DB=${PG_DB_NAME}
+POSTGRES_USER=${PG_DB_USER}
+POSTGRES_PASSWORD=${PG_DB_PASS} 
+RAG_HOST=0.0.0.0
+RAG_PORT=8000
+JWT_SECRET=${JWT_SECRET}
+RAG_UPLOAD_DIR=/opt/rag-api/uploads/
+EOF
+msg_ok "Configured RAG API"
+
+msg_info "Creating Services"
+cat <<EOF >/etc/systemd/system/librechat.service
+[Unit]
+Description=LibreChat
+After=network.target mongod.service meilisearch.service rag-api.service
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/opt/librechat
+EnvironmentFile=/opt/librechat/.env
+ExecStart=/usr/bin/npm run backend
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+cat <<EOF >/etc/systemd/system/rag-api.service
+[Unit]
+Description=LibreChat RAG API
+After=network.target postgresql.service
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/opt/rag-api
+EnvironmentFile=/opt/rag-api/.env
+ExecStart=/opt/rag-api/.venv/bin/uvicorn main:app --host 0.0.0.0 --port 8000
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now rag-api librechat
+msg_ok "Created Services"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/litellm-install.sh
+++ b/install/litellm-install.sh
@@ -1,65 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: stout01
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/BerriAI/litellm
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  build-essential \
-  python3-dev
-msg_ok "Installed Dependencies"
-
-PG_VERSION="17" setup_postgresql
-PG_DB_NAME="litellm_db" PG_DB_USER="litellm" setup_postgresql_db
-PYTHON_VERSION="3.13" USE_UVX="YES" setup_uv
-
-msg_info "Setting up Virtual Environment"
-mkdir -p /opt/litellm
-cd /opt/litellm
-$STD uv venv --clear /opt/litellm/.venv
-$STD /opt/litellm/.venv/bin/python -m ensurepip --upgrade
-$STD /opt/litellm/.venv/bin/python -m pip install --upgrade pip
-$STD /opt/litellm/.venv/bin/python -m pip install litellm[proxy] prisma
-$STD /opt/litellm/.venv/bin/prisma generate
-msg_ok "Installed LiteLLM"
-
-msg_info "Configuring LiteLLM"
-mkdir -p /opt
-cat <<EOF >/opt/litellm/litellm.yaml
-general_settings:
-  master_key: sk-1234
-  database_url: postgresql://$PG_DB_USER:$PG_DB_PASS@127.0.0.1:5432/$PG_DB_NAME
-  store_model_in_db: true
-EOF
-$STD /opt/litellm/.venv/bin/litellm --config /opt/litellm/litellm.yaml --use_prisma_db_push --skip_server_startup
-msg_ok "Configured LiteLLM"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/litellm.service
-[Unit]
-Description=LiteLLM
-
-[Service]
-Type=simple
-ExecStart=/opt/litellm/.venv/bin/litellm --config /opt/litellm/litellm.yaml
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now litellm
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc
--- a/install/mail-archiver-install.sh
+++ b/install/mail-archiver-install.sh
@@ -22,7 +22,8 @@ setup_deb822_repo \
  "main"
 $STD apt install -y \
  dotnet-sdk-10.0 \
-  aspnetcore-runtime-8.0
+  aspnetcore-runtime-8.0 \
+  libgssapi-krb5-2
 msg_ok "Installed Dependencies"

 PG_VERSION="17" setup_postgresql
--- a/install/matomo-install.sh
+++ b/install/matomo-install.sh
@@ -0,0 +1,66 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://matomo.org/
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y caddy
+msg_ok "Installed Dependencies"
+
+mkdir -p /opt/matomo
+
+PHP_VERSION="8.3" PHP_FPM="YES" PHP_MODULES="pdo_mysql,gd,mbstring,xml,curl,intl,zip,ldap" setup_php
+setup_mariadb
+MARIADB_DB_NAME="matomo" MARIADB_DB_USER="matomo" setup_mariadb_db
+
+msg_info "Allowing Local TCP Database Access"
+$STD mariadb -u root -e "CREATE USER IF NOT EXISTS '$MARIADB_DB_USER'@'127.0.0.1' IDENTIFIED BY '$MARIADB_DB_PASS';"
+$STD mariadb -u root -e "ALTER USER '$MARIADB_DB_USER'@'127.0.0.1' IDENTIFIED BY '$MARIADB_DB_PASS';"
+$STD mariadb -u root -e "GRANT ALL ON \`$MARIADB_DB_NAME\`.* TO '$MARIADB_DB_USER'@'127.0.0.1';"
+$STD mariadb -u root -e "FLUSH PRIVILEGES;"
+msg_ok "Allowed Local TCP Database Access"
+
+fetch_and_deploy_gh_release "matomo" "matomo-org/matomo" "prebuild" "latest" "/opt/matomo" "matomo-*.zip"
+
+msg_info "Setting up Matomo"
+if [[ -d /opt/matomo/matomo ]]; then
+  rm -rf /opt/matomo/tmp "/opt/matomo/How to install Matomo.html"
+  find /opt/matomo/matomo -mindepth 1 -maxdepth 1 -exec mv -t /opt/matomo {} +
+  rm -rf /opt/matomo/matomo
+fi
+mkdir -p /opt/matomo/tmp
+chown -R www-data:www-data /opt/matomo
+chmod -R 755 /opt/matomo/tmp
+msg_ok "Set up Matomo"
+
+msg_info "Configuring Caddy"
+PHP_VER=$(php -r 'echo PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION;')
+cat <<EOF >/etc/caddy/Caddyfile
+:80 {
+    root * /opt/matomo
+    @blocked path /config /config/* /tmp /tmp/* /.* /.*/*
+    respond @blocked 403
+    php_fastcgi unix//run/php/php${PHP_VER}-fpm.sock
+    file_server
+    encode gzip
+}
+EOF
+usermod -aG www-data caddy
+msg_ok "Configured Caddy"
+
+systemctl enable -q --now php${PHP_VER}-fpm
+systemctl restart caddy
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/mealie-install.sh
+++ b/install/mealie-install.sh
@@ -55,11 +55,7 @@ mkdir -p /opt/mealie/mealie/frontend
 cp -r /opt/mealie/frontend/dist/* /opt/mealie/mealie/frontend/
 msg_ok "Copied Frontend"

-msg_info "Downloading NLTK Data"
-mkdir -p /nltk_data/
-cd /opt/mealie
-$STD uv run python -m nltk.downloader -d /nltk_data averaged_perceptron_tagger_eng
-msg_ok "Downloaded NLTK Data"
+setup_nltk "averaged_perceptron_tagger_eng" "/nltk_data"

 msg_info "Writing Environment File"
 SECRET=$(openssl rand -hex 32)
--- a/install/nagios-install.sh
+++ b/install/nagios-install.sh
@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: CanbiZ (MickLesk)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/NagiosEnterprises/nagioscore
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  autoconf \
+  automake \
+  build-essential \
+  bc \
+  dc \
+  gawk \
+  gettext \
+  gperf \
+  libgd-dev \
+  libmcrypt-dev \
+  libnet-snmp-perl \
+  libssl-dev \
+  snmp \
+  apache2 \
+  apache2-utils
+msg_ok "Installed Dependencies"
+
+PHP_APACHE="YES" setup_php
+
+fetch_and_deploy_gh_release "nagios" "NagiosEnterprises/nagioscore" "tarball"
+
+msg_info "Building Nagios Core"
+cd /opt/nagios
+$STD ./configure --with-httpd-conf=/etc/apache2/sites-enabled
+$STD make all
+$STD make install-groups-users
+usermod -a -G nagios www-data
+$STD make install
+$STD make install-daemoninit
+$STD make install-commandmode
+$STD make install-config
+$STD make install-webconf
+$STD a2enmod rewrite
+$STD a2enmod cgi
+msg_ok "Built Nagios Core"
+
+fetch_and_deploy_gh_release "nagios-plugins" "nagios-plugins/nagios-plugins" "tarball"
+
+msg_info "Building Nagios Plugins"
+cd /opt/nagios-plugins
+$STD ./tools/setup
+$STD ./configure
+$STD make
+$STD make install
+setcap cap_net_raw+p /bin/ping
+msg_ok "Built Nagios Plugins"
+
+msg_info "Configuring Web Authentication"
+$STD htpasswd -bc /usr/local/nagios/etc/htpasswd.users nagiosadmin nagiosadmin
+chown root:www-data /usr/local/nagios/etc/htpasswd.users
+chmod 640 /usr/local/nagios/etc/htpasswd.users
+msg_ok "Configured Web Authentication"
+
+msg_info "Starting Services"
+systemctl enable -q apache2
+systemctl restart apache2
+systemctl enable -q --now nagios
+msg_ok "Started Services"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/neko-install.sh
+++ b/install/neko-install.sh
@@ -0,0 +1,255 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: CanbiZ (MickLesk)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://neko.m1k1o.net/
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  supervisor \
+  pulseaudio \
+  dbus-x11 \
+  xserver-xorg-video-dummy \
+  xdotool \
+  xclip \
+  libgtk-3-0 \
+  gstreamer1.0-plugins-base \
+  gstreamer1.0-plugins-good \
+  gstreamer1.0-plugins-bad \
+  gstreamer1.0-plugins-ugly \
+  gstreamer1.0-pulseaudio \
+  openbox \
+  firefox-esr \
+  fonts-noto-color-emoji \
+  fonts-wqy-zenhei
+msg_ok "Installed Dependencies"
+systemctl disable -q --now supervisor
+
+msg_info "Installing Build Dependencies"
+$STD apt install -y \
+  build-essential \
+  pkg-config \
+  libx11-dev \
+  libxrandr-dev \
+  libxtst-dev \
+  libgtk-3-dev \
+  libxcvt-dev \
+  libgstreamer1.0-dev \
+  libgstreamer-plugins-base1.0-dev
+msg_ok "Installed Build Dependencies"
+
+NODE_VERSION="22" setup_nodejs
+setup_go
+
+fetch_and_deploy_gh_release "neko" "m1k1o/neko" "tarball"
+
+msg_info "Building Client"
+cd /opt/neko/client
+$STD npm install
+$STD npm run build
+mkdir -p /var/www
+cp -r /opt/neko/client/dist/* /var/www/
+msg_ok "Built Client"
+
+msg_info "Building Server"
+cd /opt/neko/server
+$STD ./build
+cp /opt/neko/server/bin/neko /usr/bin/neko
+mkdir -p /etc/neko/plugins
+cp -r /opt/neko/server/bin/plugins/* /etc/neko/plugins/ 2>/dev/null || true
+msg_ok "Built Server"
+
+msg_info "Setting up Runtime"
+useradd -m -s /bin/bash neko
+usermod -aG audio,video neko
+
+mkdir -p /etc/neko/supervisord /var/www /var/log/neko /tmp/.X11-unix /tmp/runtime-neko /home/neko/.config/pulse /home/neko/.local/share/xorg
+chmod 1777 /tmp/.X11-unix
+chmod 1777 /var/log/neko
+chmod 0700 /tmp/runtime-neko
+chown neko /tmp/.X11-unix /var/log/neko /tmp/runtime-neko
+chown -R neko:neko /home/neko
+
+cp /opt/neko/runtime/xorg.conf /etc/neko/xorg.conf
+# Remove the dummy_touchscreen InputDevice section (requires custom "neko" Xorg driver not available bare-metal)
+sed -i '/Section "InputDevice"/{N;/dummy_touchscreen/{:l;N;/EndSection/!bl;d}}' /etc/neko/xorg.conf
+sed -i '/dummy_touchscreen/d' /etc/neko/xorg.conf
+sed -i 's/InputDevice  "dummy_mouse"/InputDevice  "dummy_mouse" "CorePointer"/' /etc/neko/xorg.conf
+cp /opt/neko/runtime/default.pa /etc/pulse/default.pa
+
+cat <<EOF >/etc/neko/supervisord.conf
+[supervisord]
+nodaemon=true
+user=root
+pidfile=/var/run/supervisord.pid
+logfile=/dev/null
+logfile_maxbytes=0
+loglevel=debug
+
+[include]
+files=/etc/neko/supervisord/*.conf
+
+[program:x-server]
+environment=HOME="/home/neko",USER="neko"
+command=/usr/bin/X :99.0 -config /etc/neko/xorg.conf -noreset -nolisten tcp
+autorestart=true
+priority=300
+user=neko
+stdout_logfile=/var/log/neko/xorg.log
+stdout_logfile_maxbytes=100MB
+stdout_logfile_backups=10
+redirect_stderr=true
+
+[program:pulseaudio]
+environment=HOME="/home/neko",USER="neko",DISPLAY=":99.0"
+command=/usr/bin/pulseaudio --log-level=error --disallow-module-loading --disallow-exit --exit-idle-time=-1
+autorestart=true
+priority=300
+user=neko
+stdout_logfile=/var/log/neko/pulseaudio.log
+stdout_logfile_maxbytes=100MB
+stdout_logfile_backups=10
+redirect_stderr=true
+
+[program:neko]
+environment=HOME="/home/neko",USER="neko",DISPLAY=":99.0"
+command=/usr/bin/neko serve --server.static "/var/www"
+stopsignal=INT
+stopwaitsecs=3
+autorestart=true
+priority=800
+user=neko
+stdout_logfile=/var/log/neko/neko.log
+stdout_logfile_maxbytes=100MB
+stdout_logfile_backups=10
+redirect_stderr=true
+
+[unix_http_server]
+file=/var/run/supervisor.sock
+chmod=0770
+chown=root:neko
+
+[supervisorctl]
+serverurl=unix:///var/run/supervisor.sock
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+EOF
+
+cat <<EOF >/etc/neko/supervisord/firefox.conf
+[program:firefox]
+environment=HOME="/home/neko",USER="neko",DISPLAY=":99.0"
+command=/usr/bin/firefox-esr --no-remote --display=:99.0 -width 1280 -height 720
+stopsignal=INT
+autorestart=true
+priority=800
+user=neko
+stdout_logfile=/var/log/neko/firefox.log
+stdout_logfile_maxbytes=100MB
+stdout_logfile_backups=10
+redirect_stderr=true
+
+[program:openbox]
+environment=HOME="/home/neko",USER="neko",DISPLAY=":99.0"
+command=/usr/bin/openbox --config-file /etc/neko/openbox.xml
+autorestart=true
+priority=300
+user=neko
+stdout_logfile=/var/log/neko/openbox.log
+stdout_logfile_maxbytes=100MB
+stdout_logfile_backups=10
+redirect_stderr=true
+EOF
+
+cat <<'EOF' >/etc/neko/openbox.xml
+<?xml version="1.0" encoding="UTF-8"?>
+<openbox_config xmlns="http://openbox.org/3.4/rc" xmlns:xi="http://www.w3.org/2001/XInclude">
+<applications>
+    <application class="firefox" name="Navigator" role="browser">
+      <decor>no</decor>
+      <maximized>true</maximized>
+      <focus>yes</focus>
+      <layer>normal</layer>
+    </application>
+</applications>
+<focus>
+  <focusNew>yes</focusNew>
+  <followMouse>no</followMouse>
+  <focusLast>yes</focusLast>
+  <underMouse>no</underMouse>
+  <focusDelay>200</focusDelay>
+  <raiseOnFocus>no</raiseOnFocus>
+</focus>
+<placement>
+  <policy>Smart</policy>
+  <center>yes</center>
+</placement>
+<desktops>
+  <number>1</number>
+  <firstdesk>1</firstdesk>
+  <popupTime>0</popupTime>
+</desktops>
+</openbox_config>
+EOF
+
+cat <<EOF >/etc/neko/neko.yaml
+server:
+  bind: "0.0.0.0:8080"
+  static: "/var/www"
+session:
+  cookie:
+    enabled: false
+webrtc:
+  icelite: true
+  nat1to1:
+    - "${LOCAL_IP}"
+  epr: "59000-59100"
+desktop:
+  input:
+    enabled: false
+member:
+  provider: "multiuser"
+  multiuser:
+    admin_password: "admin"
+    user_password: "neko"
+EOF
+msg_ok "Set up Runtime"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/neko.service
+[Unit]
+Description=Neko Virtual Browser
+After=network.target
+
+[Service]
+Type=simple
+User=root
+Environment=USER=neko
+Environment=DISPLAY=:99.0
+Environment=PULSE_SERVER=unix:/tmp/pulseaudio.socket
+Environment=XDG_RUNTIME_DIR=/tmp/runtime-neko
+Environment=NEKO_PLUGINS_ENABLED=true
+Environment=NEKO_PLUGINS_DIR=/etc/neko/plugins/
+Environment=NEKO_CONFIG=/etc/neko/neko.yaml
+ExecStart=/usr/bin/supervisord -c /etc/neko/supervisord.conf -n
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now neko
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/pangolin-install.sh
+++ b/install/pangolin-install.sh
@@ -22,7 +22,8 @@ $STD apt install -y \
 msg_ok "Installed Dependencies"

 NODE_VERSION="24" setup_nodejs
-fetch_and_deploy_gh_release "pangolin" "fosrl/pangolin" "tarball"
+PANGOLIN_VERSION="${PANGOLIN_VERSION:-1.18.3}"
+fetch_and_deploy_gh_release "pangolin" "fosrl/pangolin" "tarball" "$PANGOLIN_VERSION"
 fetch_and_deploy_gh_release "gerbil" "fosrl/gerbil" "singlefile" "latest" "/usr/bin" "gerbil_linux_amd64"
 fetch_and_deploy_gh_release "traefik" "traefik/traefik" "prebuild" "latest" "/usr/bin" "traefik_v*_linux_amd64.tar.gz"

@@ -204,6 +205,7 @@ User=root
 Environment=NODE_ENV=production
 Environment=ENVIRONMENT=prod
 WorkingDirectory=/opt/pangolin
+ExecStartPre=/usr/bin/node dist/migrations.mjs
 ExecStart=/usr/bin/node --enable-source-maps dist/server.mjs
 Restart=always
 RestartSec=10
--- a/install/paperless-ngx-install.sh
+++ b/install/paperless-ngx-install.sh
@@ -94,18 +94,12 @@ user.save()
 EOF
 msg_ok "Set up admin Paperless-ngx User & Password"

-msg_info "Installing Natural Language Toolkit (Patience)"
-cd /opt/paperless
-$STD uv run python -m nltk.downloader -d /usr/share/nltk_data snowball_data
-$STD uv run python -m nltk.downloader -d /usr/share/nltk_data stopwords
-$STD uv run python -m nltk.downloader -d /usr/share/nltk_data punkt_tab ||
-  $STD uv run python -m nltk.downloader -d /usr/share/nltk_data punkt
+setup_nltk "snowball_data stopwords punkt_tab" "/usr/share/nltk_data"
 for policy_file in /etc/ImageMagick-6/policy.xml /etc/ImageMagick-7/policy.xml; do
  if [[ -f "$policy_file" ]]; then
    sed -i -e 's/rights="none" pattern="PDF"/rights="read|write" pattern="PDF"/' "$policy_file"
  fi
 done
-msg_ok "Installed Natural Language Toolkit"

 msg_info "Creating Services"
 cat <<EOF >/etc/systemd/system/paperless-scheduler.service
--- a/install/patchmon-install.sh
+++ b/install/patchmon-install.sh
@@ -14,74 +14,91 @@ network_check
 update_os

 msg_info "Installing Dependencies"
-$STD apt install -y \
-  build-essential \
-  nginx \
-  redis-server
+$STD apt install -y redis-server
 msg_ok "Installed Dependencies"

-NODE_VERSION="24" setup_nodejs
 PG_VERSION="17" setup_postgresql
 PG_DB_NAME="patchmon_db" PG_DB_USER="patchmon_usr" setup_postgresql_db

-fetch_and_deploy_gh_release "PatchMon" "PatchMon/PatchMon" "tarball" "v1.4.2" "/opt/patchmon"
+RELEASE="v2.0.2"
+fetch_and_deploy_gh_release "PatchMon" "PatchMon/PatchMon" "singlefile" "latest" "/opt/patchmon" "patchmon-server-linux-amd64"
+mv /opt/patchmon/PatchMon /opt/patchmon/patchmon-server

 msg_info "Configuring PatchMon"
-VERSION=$(get_latest_github_release "PatchMon/PatchMon")
-export NODE_ENV=production
-cd /opt/patchmon
-$STD npm install --no-audit --no-fund --no-save --ignore-scripts
-
-cd /opt/patchmon/frontend
-cat <<EOF >./.env
-VITE_APP_NAME=PatchMon
-VITE_APP_VERSION=${VERSION}
-EOF
-$STD npm install --no-audit --no-fund --no-save --ignore-scripts --include=dev
-$STD npm run build
-
+cat <<EOF >/opt/patchmon/.env
+DATABASE_URL="postgresql://$PG_DB_USER:$PG_DB_PASS@localhost:5432/$PG_DB_NAME"
 JWT_SECRET="$(openssl rand -hex 64)"
-mv /opt/patchmon/backend/env.example /opt/patchmon/backend/.env
-sed -i -e "s|DATABASE_URL=.*|DATABASE_URL=\"postgresql://$PG_DB_USER:$PG_DB_PASS@localhost:5432/$PG_DB_NAME\"|" \
-  -e "/JWT_SECRET/s/[=$].*/=$JWT_SECRET/" \
-  -e "\|CORS_ORIGIN|s|localhost|$LOCAL_IP|" \
-  -e "/PORT=3001/aSERVER_PROTOCOL=http \\
-  SERVER_HOST=$LOCAL_IP \\
-  SERVER_PORT=3000" \
-  -e '/_ENV=production/aTRUST_PROXY=1' \
-  -e '/REDIS_USER=.*/,+1d' /opt/patchmon/backend/.env
+SESSION_SECRET="$(openssl rand -hex 64)"
+AI_ENCRYPTION_KEY="$(openssl rand -hex 64)"
+CORS_ORIGIN=http://${LOCAL_IP}:3000
+PORT=3000
+APP_ENV=production

-cd /opt/patchmon/backend
-$STD npm run db:generate
-$STD npx prisma migrate deploy
+# Redis
+REDIS_HOST=localhost
+REDIS_PORT=6379
+
+## OIDC / SSO (when OIDC_ENABLED=true, issuer/client/secret/redirect required)
+# OIDC_ENABLED=false
+# OIDC_ISSUER_URL=
+# OIDC_CLIENT_ID=
+# OIDC_CLIENT_SECRET=
+# OIDC_REDIRECT_URI=
+# OIDC_SCOPES=openid email profile groups
+# OIDC_AUTO_CREATE_USERS=false
+# OIDC_DEFAULT_ROLE=user
+# OIDC_DISABLE_LOCAL_AUTH=false
+# OIDC_BUTTON_TEXT=Login with SSO
+# OIDC_SESSION_TTL=600
+# OIDC_POST_LOGOUT_URI=
+# OIDC_SYNC_ROLES=false
+# OIDC_ADMIN_GROUP=
+# OIDC_SUPERADMIN_GROUP=
+# OIDC_HOST_MANAGER_GROUP=
+# OIDC_READONLY_GROUP=
+# OIDC_USER_GROUP=
+# OIDC_ENFORCE_HTTPS=true
+
+AGENT_BINARIES_DIR=/opt/patchmon/agents
+EOF
 msg_ok "Configured PatchMon"

-msg_info "Configuring Nginx"
-cp /opt/patchmon/docker/nginx.conf.template /etc/nginx/sites-available/patchmon.conf
-sed -i -e 's|proxy_pass .*|proxy_pass http://127.0.0.1:3001;|' \
-  -e '\|try_files |i\        root /opt/patchmon/frontend/dist;' \
-  -e 's|alias.*|alias /opt/patchmon/frontend/dist/assets;|' \
-  -e '\|expires 1y|i\        root /opt/patchmon/frontend/dist;' /etc/nginx/sites-available/patchmon.conf
-ln -sf /etc/nginx/sites-available/patchmon.conf /etc/nginx/sites-enabled/
-rm -f /etc/nginx/sites-enabled/default
-$STD nginx -t
-systemctl restart nginx
-msg_ok "Configured Nginx"
+msg_info "Fetching PatchMon agent binaries"
+RELEASE=$(get_latest_github_release "PatchMon/PatchMon")
+mkdir -p /opt/patchmon/agents
+FILE_URL="https://github.com/PatchMon/PatchMon/releases/download/v${RELEASE}/patchmon-agent-"
+AGENT_NAME=(
+  "linux-amd64"
+  "linux-arm64"
+  "linux-arm"
+  "linux-386"
+  "freebsd-amd64"
+  "freebsd-arm64"
+  "freebsd-arm"
+  "freebsd-386"
+  "windows-amd64.exe"
+  "windows-arm64.exe"
+)
+for arch in "${AGENT_NAME[@]}"; do
+  curl_with_retry "${FILE_URL}${arch}" "/opt/patchmon/agents/patchmon-agent-${arch}"
+  [[ "${arch}" != *.exe ]] && chmod 755 "/opt/patchmon/agents/patchmon-agent-${arch}"
+done
+msg_ok "Fetched PatchMon agent binaries"

 msg_info "Creating service"
 cat <<EOF >/etc/systemd/system/patchmon-server.service
 [Unit]
-Description=PatchMon Service
+Description=PatchMon Server
 After=network.target postgresql.service

 [Service]
 Type=simple
-WorkingDirectory=/opt/patchmon/backend
-ExecStart=/usr/bin/npm run start
+WorkingDirectory=/opt/patchmon
+ExecStart=/opt/patchmon/patchmon-server
 Restart=always
 RestartSec=10
-Environment=NODE_ENV=production
 Environment=PATH=/usr/bin:/usr/local/bin
+EnvironmentFile=/opt/patchmon/.env
 NoNewPrivileges=true
 PrivateTmp=true
 ProtectSystem=strict
--- a/install/peanut-install.sh
+++ b/install/peanut-install.sh
@@ -29,13 +29,28 @@ cp -r .next/static .next/standalone/.next/
 mkdir -p /opt/peanut/.next/standalone/config
 mkdir -p /etc/peanut/
 ln -sf .next/standalone/server.js server.js
-cat <<EOF >/etc/peanut/settings.yml
-WEB_HOST: 0.0.0.0
-WEB_PORT: 8080
-NUT_HOST: 0.0.0.0
-NUT_PORT: 3493
+if [[ ! -f /etc/peanut/settings.yml ]]; then
+  cat <<EOF >/etc/peanut/settings.yml
+NUT_SERVERS: []
 EOF
+fi
 ln -sf /etc/peanut/settings.yml /opt/peanut/.next/standalone/config/settings.yml
+cat <<EOF >/etc/peanut/peanut.env
+NODE_ENV=production
+
+#WEB_HOST=0.0.0.0
+#WEB_PORT=8080
+#NUT_HOST=localhost
+#NUT_PORT=3493
+
+# Disable auth entirely:
+#AUTH_DISABLED=true
+
+# Bootstrap initial account on first start (ignored afterwards):
+#WEB_USERNAME=admin
+#WEB_PASSWORD=changeme
+EOF
+chmod 600 /etc/peanut/peanut.env
 msg_ok "Setup Peanut"

 msg_info "Creating Service"
@@ -48,11 +63,7 @@ SyslogIdentifier=peanut
 Restart=always
 RestartSec=5
 Type=simple
-Environment="NODE_ENV=production"
-#Environment="NUT_HOST=localhost"
-#Environment="NUT_PORT=3493"
-#Environment="WEB_HOST=0.0.0.0"
-#Environment="WEB_PORT=8080"
+EnvironmentFile=/etc/peanut/peanut.env
 WorkingDirectory=/opt/peanut
 ExecStart=node /opt/peanut/entrypoint.mjs
 TimeoutStopSec=30
--- a/install/protonmail-bridge-install.sh
+++ b/install/protonmail-bridge-install.sh
@@ -0,0 +1,192 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: Stephen Chin (steveonjava)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/ProtonMail/proton-bridge
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y pass
+msg_ok "Installed Dependencies"
+
+msg_info "Creating Service User"
+useradd -r -m -d /home/protonbridge -s /usr/sbin/nologin protonbridge
+install -d -m 0750 -o protonbridge -g protonbridge /home/protonbridge
+msg_ok "Created Service User"
+
+fetch_and_deploy_gh_release "protonmail-bridge" "ProtonMail/proton-bridge" "binary"
+
+msg_info "Creating Services"
+cat <<EOF >/etc/systemd/system/protonmail-bridge.service
+[Unit]
+Description=Proton Mail Bridge (noninteractive)
+After=network-online.target
+Wants=network-online.target
+ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized
+
+[Service]
+Type=simple
+User=protonbridge
+Group=protonbridge
+WorkingDirectory=/home/protonbridge
+Environment=HOME=/home/protonbridge
+ExecStart=/usr/bin/protonmail-bridge --noninteractive
+Restart=always
+RestartSec=3
+NoNewPrivileges=yes
+PrivateTmp=yes
+ProtectSystem=full
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectControlGroups=yes
+
+[Install]
+WantedBy=multi-user.target
+EOF
+cat <<'EOF' >/etc/systemd/system/protonmail-bridge-imap.socket
+[Unit]
+Description=Proton Mail Bridge IMAP Socket (143)
+ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized
+
+[Socket]
+ListenStream=143
+Accept=no
+Service=protonmail-bridge-imap-proxy.service
+
+[Install]
+WantedBy=sockets.target
+EOF
+cat <<'EOF' >/etc/systemd/system/protonmail-bridge-imap-proxy.service
+[Unit]
+Description=Proton Mail Bridge IMAP Proxy (143 -> 127.0.0.1:1143)
+After=protonmail-bridge.service
+Requires=protonmail-bridge.service
+ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized
+
+[Service]
+Type=simple
+Sockets=protonmail-bridge-imap.socket
+ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:1143
+NoNewPrivileges=yes
+PrivateTmp=yes
+EOF
+cat <<'EOF' >/etc/systemd/system/protonmail-bridge-smtp.socket
+[Unit]
+Description=Proton Mail Bridge SMTP Socket (587)
+ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized
+
+[Socket]
+ListenStream=587
+Accept=no
+Service=protonmail-bridge-smtp-proxy.service
+
+[Install]
+WantedBy=sockets.target
+EOF
+cat <<'EOF' >/etc/systemd/system/protonmail-bridge-smtp-proxy.service
+[Unit]
+Description=Proton Mail Bridge SMTP Proxy (587 -> 127.0.0.1:1025)
+After=protonmail-bridge.service
+Requires=protonmail-bridge.service
+ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized
+
+[Service]
+Type=simple
+Sockets=protonmail-bridge-smtp.socket
+ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:1025
+NoNewPrivileges=yes
+PrivateTmp=yes
+EOF
+msg_ok "Created Services"
+
+msg_info "Creating Helper Commands"
+
+cat <<'EOF' >/usr/local/bin/protonmailbridge-configure
+#!/usr/bin/env bash
+set -euo pipefail
+
+BRIDGE_USER="protonbridge"
+BRIDGE_HOME="/home/${BRIDGE_USER}"
+GNUPG_HOME="${BRIDGE_HOME}/.gnupg"
+MARKER="${BRIDGE_HOME}/.protonmailbridge-initialized"
+
+FIRST_TIME=0
+if [[ ! -f "${MARKER}" ]]; then
+  FIRST_TIME=1
+fi
+
+# Stop sockets/proxies/bridge daemon before configuration
+systemctl stop protonmail-bridge-imap.socket protonmail-bridge-smtp.socket
+systemctl stop protonmail-bridge-imap-proxy protonmail-bridge-smtp-proxy protonmail-bridge
+
+if [[ "${FIRST_TIME}" == "1" ]]; then
+  echo "First-time setup: initializing pass keychain for ${BRIDGE_USER} (required by Proton Mail Bridge on Linux)."
+
+  install -d -m 0700 -o "${BRIDGE_USER}" -g "${BRIDGE_USER}" "${GNUPG_HOME}"
+
+  FPR="$(runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \
+    gpg --list-secret-keys --with-colons 2>/dev/null | awk -F: '$1=="fpr"{print $10; exit}')"
+
+  if [[ -z "${FPR}" ]]; then
+    runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \
+      gpg --batch --pinentry-mode loopback --passphrase '' \
+      --quick-gen-key 'ProtonMail Bridge' default default never
+
+    FPR="$(runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \
+      gpg --list-secret-keys --with-colons 2>/dev/null | awk -F: '$1=="fpr"{print $10; exit}')"
+  fi
+
+  if [[ -z "${FPR}" ]]; then
+    echo "Failed to detect a GPG key fingerprint for ${BRIDGE_USER}." >&2
+    exit 1
+  fi
+
+  runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \
+    pass init "${FPR}"
+
+  echo
+  echo "To do initial configuration of the Proton Mail Bridge:"
+  echo "Run: login"
+  echo "Run: info"
+  echo "Run: exit"
+  echo
+else
+  echo
+  echo "Launching Proton Mail Bridge CLI for configuration."
+  echo "External access is disabled until you exit."
+  echo "Run: exit"
+  echo
+fi
+
+runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" \
+  protonmail-bridge -c
+
+if [[ "${FIRST_TIME}" == "1" ]]; then
+  touch "${MARKER}"
+  chown "${BRIDGE_USER}:${BRIDGE_USER}" "${MARKER}"
+  chmod 0644 "${MARKER}"
+fi
+
+systemctl enable -q --now protonmail-bridge.service protonmail-bridge-imap.socket protonmail-bridge-smtp.socket
+
+if [[ "${FIRST_TIME}" == "1" ]]; then
+  echo "Initialization complete. Services enabled and started."
+else
+  echo "Configuration complete. Services enabled and started."
+fi
+EOF
+chmod +x /usr/local/bin/protonmailbridge-configure
+ln -sf /usr/local/bin/protonmailbridge-configure /usr/bin/protonmailbridge-configure
+msg_ok "Created Helper Commands"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/shelfmark-install.sh
+++ b/install/shelfmark-install.sh
@@ -116,7 +116,7 @@ else
 fi

 NODE_VERSION="24" setup_nodejs
-PYTHON_VERSION="3.12" setup_uv
+PYTHON_VERSION="3.14" setup_uv

 fetch_and_deploy_gh_release "shelfmark" "calibrain/shelfmark" "tarball" "latest" "/opt/shelfmark"
 RELEASE_VERSION=$(cat "$HOME/.shelfmark")
@@ -130,11 +130,15 @@ mv /opt/shelfmark/src/frontend/dist /opt/shelfmark/frontend-dist
 msg_ok "Built Shelfmark frontend"

 msg_info "Configuring Shelfmark"
+export VIRTUAL_ENV=/opt/shelfmark/venv
 cd /opt/shelfmark
 $STD uv venv --clear ./venv
 $STD source ./venv/bin/activate
-$STD uv pip install -r ./requirements-base.txt
-[[ "$DEPLOYMENT_TYPE" == "1" ]] && $STD uv pip install -r ./requirements-shelfmark.txt
+if [[ "$DEPLOYMENT_TYPE" == "1" ]]; then
+  $STD uv sync --active --locked --no-default-groups --extra browser
+else
+  $STD uv sync --active --locked --no-default-groups
+fi
 mkdir -p {/var/log/shelfmark,/tmp/shelfmark}
 msg_ok "Configured Shelfmark"

--- a/install/shlink-install.sh
+++ b/install/shlink-install.sh
@@ -0,0 +1,126 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://shlink.io/
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+PHP_VERSION="8.5" setup_php
+setup_mariadb
+MARIADB_DB_NAME="shlink" MARIADB_DB_USER="shlink" setup_mariadb_db
+
+fetch_and_deploy_gh_release "shlink" "shlinkio/shlink" "prebuild" "latest" "/opt/shlink" "shlink*_php8.5_dist.zip"
+
+msg_info "Setting up Application"
+cd /opt/shlink
+$STD php ./vendor/bin/rr get --no-interaction --location bin/
+chmod +x bin/rr
+mkdir -p data/cache data/locks data/log data/proxies data/temp-geolite
+chmod -R 775 data
+cat <<EOF >/opt/shlink/.env
+DEFAULT_DOMAIN=${LOCAL_IP}:8080
+IS_HTTPS_ENABLED=false
+DB_DRIVER=maria
+DB_NAME=${MARIADB_DB_NAME}
+DB_USER=${MARIADB_DB_USER}
+DB_PASSWORD=${MARIADB_DB_PASS}
+DB_HOST=127.0.0.1
+DB_PORT=3306
+EOF
+set -a
+source /opt/shlink/.env
+set +a
+$STD php vendor/bin/shlink-installer init --no-interaction --clear-db-cache --skip-download-geolite
+API_OUTPUT=$(php bin/cli api-key:generate --name=default 2>&1)
+INITIAL_API_KEY=$(echo "$API_OUTPUT" | sed -n 's/.*Generated API key: "\([^"]*\)".*/\1/p')
+if [[ -n "$INITIAL_API_KEY" ]]; then
+  echo "INITIAL_API_KEY=${INITIAL_API_KEY}" >>/opt/shlink/.env
+fi
+msg_ok "Set up Application"
+
+if prompt_confirm "Install Shlink Web Client?" "y" 60; then
+  msg_info "Installing Dependencies"
+  $STD apt install -y nginx
+  msg_ok "Installed Dependencies"
+
+  fetch_and_deploy_gh_release "shlink-web-client" "shlinkio/shlink-web-client" "prebuild" "latest" "/opt/shlink-web-client" "shlink-web-client_*_dist.zip"
+
+  msg_info "Setting up Web Client"
+  cat <<EOF >/opt/shlink-web-client/servers.json
+[
+  {
+    "name": "Shlink",
+    "url": "http://${LOCAL_IP}:8080",
+    "apiKey": "${INITIAL_API_KEY}"
+  }
+]
+EOF
+  cat <<'EOF' >/etc/nginx/sites-available/shlink-web-client
+server {
+    listen 3000 default_server;
+    charset utf-8;
+    root /opt/shlink-web-client;
+    index index.html;
+
+    location ~* \.(?:manifest|appcache|html?|xml|json)$ {
+        expires -1;
+    }
+
+    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
+        expires 1M;
+        add_header Cache-Control "public";
+    }
+
+    location ~* \.(?:css|js)$ {
+        expires 1y;
+        add_header Cache-Control "public";
+    }
+
+    location = /servers.json {
+        try_files /servers.json /conf.d/servers.json;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.html$is_args$args;
+    }
+}
+EOF
+  ln -sf /etc/nginx/sites-available/shlink-web-client /etc/nginx/sites-enabled/shlink-web-client
+  rm -f /etc/nginx/sites-enabled/default
+  systemctl enable -q nginx
+  $STD systemctl restart nginx
+  msg_ok "Set up Web Client"
+fi
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/shlink.service
+[Unit]
+Description=Shlink URL Shortener
+After=network.target mariadb.service
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/opt/shlink
+EnvironmentFile=/opt/shlink/.env
+ExecStart=/opt/shlink/bin/rr serve -c config/roadrunner/.rr.yml
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now shlink
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/solidtime-install.sh
+++ b/install/solidtime-install.sh
@@ -0,0 +1,86 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://www.solidtime.io/
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y caddy
+msg_ok "Installed Dependencies"
+
+PHP_VERSION="8.3" PHP_FPM="YES" PHP_MODULES="bcmath,gd,intl,xml,zip,pdo_pgsql,redis,mbstring,curl" setup_php
+setup_composer
+NODE_VERSION="22" setup_nodejs
+PG_VERSION="16" setup_postgresql
+PG_DB_NAME="solidtime" PG_DB_USER="solidtime" setup_postgresql_db
+
+fetch_and_deploy_gh_release "solidtime" "solidtime-io/solidtime" "tarball"
+
+msg_info "Setting up SolidTime"
+cd /opt/solidtime
+cp .env.example .env
+sed -i "s|^APP_ENV=.*|APP_ENV=production|" .env
+sed -i "s|^APP_DEBUG=.*|APP_DEBUG=false|" .env
+sed -i "s|^APP_URL=.*|APP_URL=http://${LOCAL_IP}|" .env
+sed -i "s|^APP_ENABLE_REGISTRATION=.*|APP_ENABLE_REGISTRATION=true|" .env
+sed -i "s|^DB_CONNECTION=.*|DB_CONNECTION=pgsql|" .env
+sed -i "s|^DB_HOST=.*|DB_HOST=127.0.0.1|" .env
+sed -i "s|^DB_PORT=.*|DB_PORT=5432|" .env
+sed -i "s|^DB_DATABASE=.*|DB_DATABASE=${PG_DB_NAME}|" .env
+sed -i "s|^DB_USERNAME=.*|DB_USERNAME=${PG_DB_USER}|" .env
+sed -i "s|^DB_PASSWORD=.*|DB_PASSWORD=${PG_DB_PASS}|" .env
+sed -i "s|^FILESYSTEM_DISK=.*|FILESYSTEM_DISK=local|" .env
+sed -i "s|^PUBLIC_FILESYSTEM_DISK=.*|PUBLIC_FILESYSTEM_DISK=public|" .env
+sed -i "s|^MAIL_MAILER=.*|MAIL_MAILER=log|" .env
+sed -i "s|^SESSION_SECURE_COOKIE=.*|SESSION_SECURE_COOKIE=false|" .env
+grep -q "^SESSION_SECURE_COOKIE=" .env || echo "SESSION_SECURE_COOKIE=false" >>.env
+sed -i "s|^APP_FORCE_HTTPS=.*|APP_FORCE_HTTPS=false|" .env
+grep -q "^APP_FORCE_HTTPS=" .env || echo "APP_FORCE_HTTPS=false" >>.env
+$STD composer install --no-dev --optimize-autoloader
+php artisan self-host:generate-keys >/tmp/solidtime.keys 2>/dev/null
+while IFS= read -r line; do
+  KEY="${line%%=*}"
+  [[ -z "$KEY" || "${KEY:0:1}" == "#" ]] && continue
+  sed -i "/^${KEY}=/d" .env
+  echo "$line" >>.env
+done </tmp/solidtime.keys
+rm -f /tmp/solidtime.keys
+$STD npm install
+$STD npm run build
+rm -rf node_modules
+mkdir -p storage/framework/{cache,sessions,views} storage/logs bootstrap/cache
+chown -R www-data:www-data /opt/solidtime
+chmod -R 775 storage bootstrap/cache
+$STD php artisan storage:link
+$STD php artisan migrate --force
+$STD php artisan passport:client --personal --name="API" -n
+$STD php artisan optimize:clear
+msg_ok "Set up SolidTime"
+
+msg_info "Configuring Caddy"
+PHP_VER=$(php -r 'echo PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION;')
+cat <<EOF >/etc/caddy/Caddyfile
+:80 {
+    root * /opt/solidtime/public
+    php_fastcgi unix//run/php/php${PHP_VER}-fpm.sock
+    file_server
+    encode gzip
+}
+EOF
+usermod -aG www-data caddy
+systemctl enable -q --now php${PHP_VER}-fpm
+systemctl restart caddy
+msg_ok "Configured Caddy"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/soulsync-install.sh
+++ b/install/soulsync-install.sh
@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/Nezreka/SoulSync
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  gcc \
+  libffi-dev \
+  libssl-dev \
+  libchromaprint-tools \
+  ffmpeg
+msg_ok "Installed Dependencies"
+
+UV_PYTHON="3.11" setup_uv
+
+fetch_and_deploy_gh_release "soulsync" "Nezreka/SoulSync" "tarball"
+
+msg_info "Setting up Application"
+cd /opt/soulsync
+$STD uv venv /opt/soulsync/.venv --python 3.11
+$STD uv pip install -r requirements.txt --python /opt/soulsync/.venv/bin/python
+mkdir -p /opt/soulsync/{config,data,logs}
+msg_ok "Set up Application"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/soulsync.service
+[Unit]
+Description=SoulSync Music Discovery
+After=network.target
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/opt/soulsync
+ExecStart=/opt/soulsync/.venv/bin/python web_server.py
+Environment=PYTHONPATH=/opt/soulsync PYTHONUNBUFFERED=1 DATABASE_PATH=/opt/soulsync/data/music_library.db
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now soulsync
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/step-ca-install.sh
+++ b/install/step-ca-install.sh
@@ -23,21 +23,34 @@ setup_deb822_repo \
 msg_info "Installing step-ca and step-cli"
 $STD apt install -y step-ca step-cli

-STEPHOME="/root/.step"
-export STEPPATH=/etc/step-ca
+STEPPATH="/etc/step-ca"
+STEPHOME="/etc/step"
+
+export STEPPATH=$STEPPATH
+echo "export STEPPATH=${STEPPATH}" >> /etc/profile
 export STEPHOME=$STEPHOME
+echo "export STEPHOME=${STEPHOME}" >> /etc/profile

-sed  -i '1i export STEPPATH=/etc/step-ca' /etc/profile
-sed  -i '1i export STEPHOME=/root/.step' /etc/profile
+mkdir -p "$STEPHOME"

-setcap CAP_NET_BIND_SERVICE=+eip $(which step-ca)
+# Patch for making $STD happy (/usr/bin/step is a symlink to /usr/bin/step-cli)
+STEPBIN="$(which step)"
+rm -f "$STEPBIN"
+cp -f "$(which step-cli)" "$STEPBIN"

-$STD useradd --user-group --system --home $(step path) --shell /bin/false step
+# Low port-binding capabilities (ports < 1024)
+# - Default step-ca listener port: 443
+setcap CAP_NET_BIND_SERVICE=+eip "$(which step-ca)"
+
+# Service User used by systemd step-ca.service
+$STD useradd --user-group --system --home "$(step path)" --shell /bin/false step
 msg_ok "Installed step-ca and step-cli"

 DomainName="$(hostname -d)"

 PKIName="$(prompt_input "Enter PKIName" "MyHomePKI" 30)"
+PKICountry="$(prompt_input "Enter PKICountry" "DE" 30)"
+PKIOrganizationalUnit="$(prompt_input "Enter PKIOrganizationalUnit" "MyHomeLab" 30)"
 PKIProvisioner="$(prompt_input "Enter PKIProvisioner" "pki@$DomainName" 30)"
 AcmeProvisioner="$(prompt_input "Enter AcmeProvisioner" "acme@$DomainName" 30)"
 X509MinDur="$(prompt_input "Enter X509MinDur" "48h" 30)"
@@ -45,11 +58,15 @@ X509MaxDur="$(prompt_input "Enter X509MaxDur" "87600h" 30)"
 X509DefaultDur="$(prompt_input "Enter X509DefaultDur" "168h" 30)"

 msg_info "Initializing step-ca"
+
+# Initialize step-ca
 DeploymentType="standalone"
 FQDN="$(hostname -f)"
 IP="${LOCAL_IP}"
 LISTENER=":443"
+LISTENER_INSECURE=":80"

+# Set different signing CA and Provisioner Passwords
 EncryptionPwdDir="$(step path)/encryption"
 PwdFile="$EncryptionPwdDir/ca.pwd"
 ProvisionerPwdFile="$EncryptionPwdDir/provisioner.pwd"
@@ -57,19 +74,208 @@ mkdir -p "$EncryptionPwdDir"
 gpg -q --gen-random --armor 2 32 >"$PwdFile"
 gpg -q --gen-random --armor 2 32 >"$ProvisionerPwdFile"

-$STD step ca init --deployment-type="$DeploymentType" --ssh --name="$PKIName" --dns="$FQDN" --dns="$IP" --address="$LISTENER" --provisioner="$PKIProvisioner" --password-file="$PwdFile" --provisioner-password-file="$ProvisionerPwdFile"
-
+# Used by systemd step-ca.service
 ln -s "$PwdFile" "$(step path)/password.txt"
-chown -R step:step $(step path)
-chmod -R 700 $(step path)
-$STD step ca provisioner add "$AcmeProvisioner" --type ACME --admin-name "$AcmeProvisioner"
-$STD step ca provisioner update "$PKIProvisioner" --x509-min-dur="$X509MinDur" --x509-max-dur="$X509MaxDur" --x509-default-dur="$X509DefaultDur" --allow-renewal-after-expiry
-$STD step ca provisioner update "$AcmeProvisioner" --x509-min-dur="$X509MinDur" --x509-max-dur="$X509MaxDur" --x509-default-dur="$X509DefaultDur" --allow-renewal-after-expiry
-$STD step certificate install --all $(step path)/certs/root_ca.crt
+
+# Usage of:
+# - SSH feature of step-ca
+# - BadgerDB (badgerv2) => Default DB backend of step-ca
+# - badgerFileLoadingMode: FileIO (instead of MemoryMap) for LXC with low RAM
+$STD step ca init \
+  --deployment-type="$DeploymentType" \
+  --ssh \
+  --name="$PKIName" \
+  --dns="$FQDN" \
+  --dns="$IP" \
+  --address="$LISTENER" \
+  --provisioner="$PKIProvisioner" \
+  --password-file="$PwdFile" \
+  --provisioner-password-file="$ProvisionerPwdFile"
+
+# Define enhanced x509 CA and Certificate Templates
+mkdir -p "$(step path)/templates/ca"
+mkdir -p "$(step path)/templates/x509"
+
+CARootTemplate="$(step path)/templates/ca/root.tpl"
+CAIntermediateTemplate="$(step path)/templates/ca/intermediate.tpl"
+X509LeafTemplate="$(step path)/templates/x509/leaf.tpl"
+X509LeafTemplateData="$(step path)/templates/x509/leaf_data.tpl"
+
+cat <<'EOF' >"$CARootTemplate"
+{
+	"subject": {
+		"country": {{ toJson .Insecure.User.country }},
+		"organization": {{ toJson .Insecure.User.organization }},
+		"organizationalUnit": {{ toJson .Insecure.User.organizationalUnit }},
+		"commonName": {{ toJson .Subject.CommonName }}
+	},
+  "issuer": {{ toJson .Subject }},
+	"keyUsage": ["certSign", "crlSign"],
+	"basicConstraints": {
+		"isCA": true,
+		"maxPathLen": 1
+	},
+	"issuingCertificateURL": [{{ toJson .Insecure.User.issuingCertificateURL }}],
+	"crlDistributionPoints": [{{ toJson .Insecure.User.crlDistributionPoints }}]
+}
+EOF
+
+cat <<'EOF' >"$CAIntermediateTemplate"
+{
+	"subject": {
+		"country": {{ toJson .Insecure.User.country }},
+		"organization": {{ toJson .Insecure.User.organization }},
+		"organizationalUnit": {{ toJson .Insecure.User.organizationalUnit }},
+		"commonName": {{ toJson .Subject.CommonName }}
+	},
+	"keyUsage": ["certSign", "crlSign"],
+	"basicConstraints": {
+		"isCA": true,
+		"maxPathLen": 0
+	},
+	"issuingCertificateURL": [{{ toJson .Insecure.User.issuingCertificateURL }}],
+	"crlDistributionPoints": [{{ toJson .Insecure.User.crlDistributionPoints }}]
+}
+EOF
+
+cat <<'EOF' >"$X509LeafTemplate"
+{
+	"subject": {
+{{- if .Insecure.User.Country }}
+		"country": {{ toJson .Insecure.User.country }},
+{{- else }}
+		"country": {{ toJson .country }},
+{{- end }}
+{{- if .Insecure.User.organization }}
+		"organization": {{ toJson .Insecure.User.organization }},
+{{- else }}
+		"organization": {{ toJson .organization }},
+{{- end }}
+{{- if .Insecure.User.organizationalUnit }}
+		"organizationalUnit": {{ toJson .Insecure.User.organizationalUnit }},
+{{- else }}
+		"organizationalUnit": {{ toJson .organizationalUnit }},
+{{- end }}
+		"commonName": {{ toJson .Subject.CommonName }}
+	},
+	"sans": {{ toJson .SANs }},
+{{- if typeIs "*rsa.PublicKey" .Insecure.CR.PublicKey }}
+	"keyUsage": ["keyEncipherment", "digitalSignature"],
+{{- else }}
+	"keyUsage": ["digitalSignature"],
+{{- end }}
+	"extKeyUsage": ["serverAuth", "clientAuth"],
+{{- if .Insecure.User.issuingCertificateURL }}
+	"issuingCertificateURL": [{{ toJson .Insecure.User.issuingCertificateURL }}],
+{{- else }}
+	"issuingCertificateURL": [{{ toJson .issuingCertificateURL }}],
+{{- end }}
+{{- if .Insecure.User.crlDistributionPoints }}
+	"crlDistributionPoints": [{{ toJson .Insecure.User.crlDistributionPoints }}]
+{{- else }}
+	"crlDistributionPoints": [{{ toJson .crlDistributionPoints }}]
+{{- end }}
+}
+EOF
+
+cat <<EOF >"$X509LeafTemplateData"
+{
+	"country": "${PKICountry}",
+	"organization": "${PKIName}",
+	"organizationalUnit": "${PKIOrganizationalUnit}",
+	"issuingCertificateURL": ["https://${FQDN}${LISTENER}/intermediates.pem"],
+	"crlDistributionPoints": ["https://${FQDN}${LISTENER}/crl"]
+}
+EOF
+
+# Configure CA Provisioners, DB and CRL settings
+$STD step ca provisioner add "$AcmeProvisioner" \
+  --type ACME \
+  --admin-name "$AcmeProvisioner"
+
+$STD step ca provisioner update "$PKIProvisioner" \
+  --x509-min-dur="$X509MinDur" \
+  --x509-max-dur="$X509MaxDur" \
+  --x509-default-dur="$X509DefaultDur" \
+  --x509-template="$X509LeafTemplate" \
+  --x509-template-data="$X509LeafTemplateData" \
+  --allow-renewal-after-expiry
+
+$STD step ca provisioner update "$AcmeProvisioner" \
+  --x509-min-dur="$X509MinDur" \
+  --x509-max-dur="$X509MaxDur" \
+  --x509-default-dur="$X509DefaultDur" \
+  --x509-template="$X509LeafTemplate" \
+  --x509-template-data="$X509LeafTemplateData" \
+  --allow-renewal-after-expiry
+
+CAConfig="$(step path)/config/ca.json"
+jq --arg a "${PKICountry}" '.country = $a' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
+jq --arg a "${PKIName}" '.organization = $a' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
+jq --arg a "${PKIOrganizationalUnit}" '.organizationalUnit = $a' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
+jq --arg a "${PKIName} Online CA" '.commonName = $a' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
+jq '.db.badgerFileLoadingMode = "FileIO"' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
+jq '.crl.enabled = true' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
+jq '.crl.generateOnRevoke = true' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
+jq '.crl.cacheDuration = "24h0m0s"' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
+jq '.crl.renewPeriod = "16h0m0s"' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
+jq --arg a "https://${FQDN}${LISTENER}/crl" '.crl.idpURL = $a' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
+jq --arg a "$LISTENER_INSECURE" '.insecureAddress = $a' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
+
+# Generate Root CA Certificate and Key
+# - Validity: 219168h (~25 Years)
+# - maxPathLen: 1 (Root -> Intermediate -> Leaf) => Only one Intermediate CA allowed below Root CA
+# - Active revocation on Intermediate CA and Leaf Certificates by the usage of build-in Certificate Revocation List (CRL)
+FLAGS=(--force
+  --template="${CARootTemplate}"
+  --not-after="219168h"
+  --password-file="${PwdFile}"
+  --set country="${PKICountry}"
+  --set organization="${PKIName}"
+  --set organizationalUnit="${PKIOrganizationalUnit}"
+  --set issuingCertificateURL="https://${FQDN}${LISTENER}/roots.pem"
+  --set crlDistributionPoints="https://${FQDN}${LISTENER}/crl")
+
+$STD step certificate create "${PKIName} Root CA" \
+  "$(step path)/certs/root_ca.crt" \
+  "$(step path)/secrets/root_ca_key" \
+  "${FLAGS[@]}"
+
+# Generate Intermediate CA Certificate Bundle and Key
+# - Validity: 175368h (~20 Years)
+# - maxPathLen: 0 (Root -> Intermediate -> Leaf) => Intermediate CA is only allowed to issue Leaf Certificates
+# - Active revocation on Leaf Certificates by the usage of build-in Certificate Revocation List (CRL)
+# - Bundle: Certificate Chain (including Root CA Certificate)
+FLAGS=(--force
+  --template="${CAIntermediateTemplate}"
+  --ca="$(step path)/certs/root_ca.crt"
+  --ca-key="$(step path)/secrets/root_ca_key"
+  --not-after="175368h"
+  --ca-password-file="${PwdFile}"
+  --password-file="${PwdFile}"
+  --bundle
+  --set country="${PKICountry}"
+  --set organization="${PKIName}"
+  --set organizationalUnit="${PKIOrganizationalUnit}"
+  --set issuingCertificateURL="https://${FQDN}${LISTENER}/roots.pem"
+  --set crlDistributionPoints="https://${FQDN}${LISTENER}/crl")
+
+$STD step certificate create "${PKIName} Intermediate CA" \
+  "$(step path)/certs/intermediate_ca.crt" \
+  "$(step path)/secrets/intermediate_ca_key" \
+  "${FLAGS[@]}"
+
+# Install Root CA Certificate to System Trust Store
+$STD step certificate install --all "$(step path)/certs/root_ca.crt"
 $STD update-ca-certificates
+
+chown -R step:step "$(step path)"
+chmod -R 700 "$(step path)"
 msg_ok "Initialized step-ca"

 msg_info "Start step-ca as a Daemon"
+
+# https://smallstep.com/docs/step-ca/certificate-authority-server-production/#running-step-ca-as-a-daemon
 cat <<'EOF' >/etc/systemd/system/step-ca.service
 [Unit]
 Description=step-ca service
@@ -130,271 +336,6 @@ msg_ok "Started step-ca as a Daemon"
 fetch_and_deploy_gh_release "step-badger" "lukasz-lobocki/step-badger" "prebuild" "latest" "/opt/step-badger" "step-badger_Linux_x86_64.tar.gz"
 ln -s /opt/step-badger/step-badger /usr/local/bin/step-badger

-msg_info "Install step-ca Admin script"
-mkdir -p "$STEPHOME"
-cat <<'ADDON_EOF' >"$STEPHOME/step-ca-admin.sh"
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: Joerg Heinemann (heinemannj)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-
-function header_info() {
-  clear
-  cat <<"EOF"
-         __                                 ___       __          _     
-   _____/ /____  ____        _________ _   /   | ____/ /___ ___  (_)___ 
-  / ___/ __/ _ \/ __ \______/ ___/ __ `/  / /| |/ __  / __ `__ \/ / __ \
- (__  ) /_/  __/ /_/ /_____/ /__/ /_/ /  / ___ / /_/ / / / / / / / / / /
-/____/\__/\___/ .___/      \___/\__,_/  /_/  |_\__,_/_/ /_/ /_/_/_/ /_/ 
-             /_/                                                            
-
-EOF
-}
-
-function die() {
-  echo -e "\n${BL}[ERROR]${GN} ${RD}${1}${CL}\n"
-  exit
-}
-
-function success() {
-  echo -e "${BL}[SUCCESS]${GN} ${1}${CL}\n"
-  exit
-}
-
-function whiptail_menu() {
-  MENU_ARRAY=()
-  MSG_MAX_LENGTH=0
-  while read -r TAG ITEM; do
-    OFFSET=2
-    ((${#ITEM} + OFFSET > MSG_MAX_LENGTH)) && MSG_MAX_LENGTH=${#ITEM}+OFFSET
-    MENU_ARRAY+=("$TAG" "$ITEM " "OFF")
-  done < <(echo "$1")
-}
-
-function x509_list() {
-  CERT_LIST=""
-  cp --recursive --force "$(step path)/db/"* "$STEPHOME/db-copy/"
-  cp --recursive --force "$(step path)/certs/"* "$STEPHOME/certs/ca/"
-  if [[ $(step-badger x509Certs "${STEPHOME}/db-copy" 2>/dev/null) ]]; then
-    CERT_LIST=$(step-badger x509Certs ${STEPHOME}/db-copy 2>/dev/null)
-  fi
-}
-
-function ssh_list() {
-  CERT_LIST=""
-  cp --recursive --force "$(step path)/db/"* "$STEPHOME/db-copy/"
-  cp --recursive --force "$(step path)/certs/"* "$STEPHOME/certs/ca/"
-  if [[ $(step-badger sshCerts "${STEPHOME}/db-copy" 2>/dev/null) ]]; then
-    CERT_LIST=$(step-badgersshCerts ${STEPHOME}/db-copy 2>/dev/null)
-  fi
-}
-
-function x509_serial_to_cn() {
-  x509_list
-  CN="$(echo "${CERT_LIST}" | grep "${SERIAL_NUMBER}" | awk '{print $2}' | sed 's/CN=//g')"
-  CRT="$STEPHOME/certs/x509/$CN.crt"
-  KEY="$STEPHOME/certs/x509/$CN.key"
-  if ! [[ -f ${CRT} ]]; then
-    die "Certificate ${CRT} not found!"
-  elif ! [[ -f ${KEY} ]]; then
-    die "Private Key ${KEY} not found!"
-  fi
-}
-
-function x509_revoke() {
-  # shellcheck disable=SC2206
-  SERIAL_NUMBER_ARRAY=(${CERT_SERIAL_NUMBERS})
-  for SERIAL_NUMBER in "${SERIAL_NUMBER_ARRAY[@]}"; do
-    echo -e "${BL}[Info]${GN} Revoke x509 Certificate with Serial Number ${BL}${SERIAL_NUMBER}${GN}:${CL}"
-    echo
-    TOKEN=$(step ca token --provisioner="$PROVISIONER" --provisioner-password-file="$PROVISIONER_PASSWORD" --revoke "${SERIAL_NUMBER}")
-    step ca revoke --token "$TOKEN" "${SERIAL_NUMBER}" || die "Failed to revoke certificate!"
-    echo
-  done
-  success "Finished."
-}
-
-function x509_renew() {
-  # shellcheck disable=SC2206
-  SERIAL_NUMBER_ARRAY=(${CERT_SERIAL_NUMBERS})
-  for SERIAL_NUMBER in "${SERIAL_NUMBER_ARRAY[@]}"; do
-    echo -e "${BL}[Info]${GN} Renew x509 Certificate with Serial Number ${BL}${SERIAL_NUMBER}${GN}:${CL}"
-    echo
-    x509_serial_to_cn
-    step ca renew "${CRT}" "${KEY}" --force || die "Failed to renew certificate!"
-    echo
-  done
-  success "Finished."
-}
-
-function x509_inspect() {
-  # shellcheck disable=SC2206
-  SERIAL_NUMBER_ARRAY=(${CERT_SERIAL_NUMBERS})
-  for SERIAL_NUMBER in "${SERIAL_NUMBER_ARRAY[@]}"; do
-    echo -e "${BL}[Info]${GN} Inspect x509 Certificate with Serial Number ${BL}${SERIAL_NUMBER}${GN}:${CL}\n"
-    x509_serial_to_cn
-    step certificate inspect "${CRT}" || die "Failed to inspect certificate!"
-    if ! [[ $(step certificate inspect "${CRT}" | grep "${SERIAL_NUMBER}") ]]; then
-      die "Serial Number ${SERIAL_NUMBER} mismatch!"
-    fi
-    echo -e "\n${BL}[Info]${GN} Public Key:${CL}\n"
-    cat "${CRT}"
-    echo -e "\n${BL}[Info]${GN} Private Key:${CL}\n"
-    cat "${KEY}"
-    echo
-  done
-  success "Finished."
-}
-
-function x509_request() {
-  FQDN=""
-  SAN=""
-
-  while true; do
-    FQDN=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Certificate Signing Request (CSR)" --inputbox '\nFQDN (e.g. MyLXC.example.com)' 10 50 "$FQDN" 3>&1 1>&2 2>&3)
-    IP=$(dig +short "$FQDN")
-    if [[ -z "$IP" ]]; then
-      die "Resolution failed for $FQDN!"
-    fi
-    HOST=$(echo "$FQDN" | awk -F'.' '{print $1}')
-    IP=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Certificate Signing Request (CSR)" --inputbox '\nIP Address (e.g. x.x.x.x)' 10 50 "$IP" 3>&1 1>&2 2>&3)
-    HOST=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Certificate Signing Request (CSR)" --inputbox '\nHostname (e.g. MyHostName)' 10 50 "$HOST" 3>&1 1>&2 2>&3)
-    SAN=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Certificate Signing Request (CSR)" --inputbox '\nSubject Alternative Name(s) (SAN) (e.g. myapp-1.example.com, myapp-2.example.com)' 10 50 "$SAN" 3>&1 1>&2 2>&3)
-    VALID_TO=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Certificate Signing Request (CSR)" --inputbox '\nValidity (e.g. 2034-01-31T00:00:00Z)' 10 50 "2034-01-31T00:00:00Z" 3>&1 1>&2 2>&3)
-
-    # shellcheck disable=SC2034
-    if whiptail_yesno=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Certificate Signing Request (CSR)" --yesno "Continue with below?\n
-      FQDN: $FQDN
-      Hostname: $HOST
-      IP Address: $IP
-      Subject Alternative Name(s) (SAN): $SAN
-      Validity: $VALID_TO" --no-button "Change" --yes-button "Continue" 15 70 3>&1 1>&2 2>&3); then
-      break
-    fi
-  done
-
-  echo -e "${BL}[Info]${GN} Request x509 Certificate with subject ${BL}${FQDN}${GN}:${CL}"
-  echo
-  CRT="$STEPHOME/certs/x509/$FQDN.crt"
-  KEY="$STEPHOME/certs/x509/$FQDN.key"
-
-  SAN="$FQDN, $HOST, $IP, $SAN"
-
-  IFS=', ' read -r -a array <<< "$SAN"
-  for element in "${array[@]}"
-  do
-    SAN_ARRAY+=(--san "$element")
-  done
-
-  step ca certificate "$FQDN" "$CRT" "$KEY" \
-    --provisioner="$PROVISIONER" \
-    --provisioner-password-file="$PROVISIONER_PASSWORD" \
-    --not-after="$VALID_TO" \
-    "${SAN_ARRAY[@]}" \
-  || die "Failed to request certificate!"
-
-  echo -e "\n${BL}[Info]${GN} Inspect Certificate:${CL}\n"
-  step certificate inspect "${CRT}" || die "Failed to inspect certificate!"
-  echo -e "\n${BL}[Info]${GN} Public Key:${CL}\n"
-  cat "${CRT}"
-  echo -e "\n${BL}[Info]${GN} Private Key:${CL}\n"
-  cat "${KEY}"
-  echo
-  success "Finished."
-}
-
-set -eEuo pipefail
-# shellcheck disable=SC2034
-# shellcheck disable=SC2116
-# shellcheck disable=SC2028
-YW=$(echo "\033[33m")
-# shellcheck disable=SC2116
-# shellcheck disable=SC2028
-BL=$(echo "\033[36m")
-# shellcheck disable=SC2116
-# shellcheck disable=SC2028
-RD=$(echo "\033[01;31m")
-# shellcheck disable=SC2034
-CM='\xE2\x9C\x94\033'
-# shellcheck disable=SC2116
-# shellcheck disable=SC2028
-GN=$(echo "\033[1;92m")
-# shellcheck disable=SC2116
-# shellcheck disable=SC2028
-CL=$(echo "\033[m")
-
-# Telemetry
-# shellcheck disable=SC1090
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/api.func) 2>/dev/null || true
-declare -f init_tool_telemetry &>/dev/null && init_tool_telemetry "step-ca-admin" "step-ca"
-
-header_info
-
-mkdir --parents "$STEPHOME/db-copy/"
-mkdir --parents "$STEPHOME/certs/ca/_archive/"
-mkdir --parents "$STEPHOME/certs/ssh/_archive/"
-mkdir --parents "$STEPHOME/certs/x509/_archive/"
-
-PROVISIONER=$(jq '.authority.provisioners.[] | select(.type=="JWK") | .name' "$(step path)"/config/ca.json)
-PROVISIONER="${PROVISIONER#\"}"
-PROVISIONER="${PROVISIONER%\"}"
-PROVISIONER_PASSWORD=$(step path)/encryption/provisioner.pwd
-
-whiptail --backtitle "Proxmox VE Helper Scripts" --title "step-ca Admin" --yesno "This will maintain step-ca issued x509 and ssh Certificates. Proceed?" 10 58
-
-MENU_ARRAY=("x509" "Maintain x509 Certificates." "ON")
-MENU_ARRAY+=("ssh" "Maintain ssh Certificates." "OFF")
-CERT_TYPE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "step-ca Admin" --radiolist "\nSelect Certificate Type:" 16 48 6 "${MENU_ARRAY[@]}" 3>&1 1>&2 2>&3 | tr -d '"')
-
-[[ -z ${CERT_TYPE} ]] && die "No Certificate Type selected!"
-
-case ${CERT_TYPE} in
-("x509")
-  x509_list
-  CERT_LIST=$(echo "$CERT_LIST" | awk 'NR>1 {print $1 " " $2 "|" $3 "|" $4 "|" $5}')
-  if [[ $CERT_LIST ]]; then
-    whiptail_menu "$CERT_LIST"
-  else
-    MENU_ARRAY=()
-    MSG_MAX_LENGTH=2
-  fi
-  MENU_ARRAY+=("" "Create a new Certificate" "OFF")
-  CERT_SERIAL_NUMBERS=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Certificates on $(hostname)" --checklist "\nSelect Certificate(s) to maintain:\n" 16 $((MSG_MAX_LENGTH + 55)) 6 "${MENU_ARRAY[@]}" 3>&1 1>&2 2>&3 | tr -d '"')
-
-  [[ -z ${CERT_SERIAL_NUMBERS} ]] && x509_request
-  
-  MENU_ARRAY=("Renew" "Renew x509 Certificates." "ON")
-  MENU_ARRAY+=("Revoke" "Revoke x509 Certificates." "OFF")
-  MENU_ARRAY+=("Inspect" "Inspect x509 Certificates." "OFF")
-  CERT_MAINTENANCE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "step-ca Admin" --radiolist "\nSelect Maintenance Type:" 16 48 6 "${MENU_ARRAY[@]}" 3>&1 1>&2 2>&3 | tr -d '"')
-
-  case ${CERT_MAINTENANCE} in
-  ("Renew")
-    x509_renew "${CERT_SERIAL_NUMBERS[@]}"
-    ;;
-  ("Revoke")
-    x509_revoke "${CERT_SERIAL_NUMBERS[@]}"
-    ;;
-  ("Inspect")
-    x509_inspect "${CERT_SERIAL_NUMBERS[@]}"
-    ;;
-  *)
-    die "Unsupported CERT_MAINTENANCE Option!"
-    ;;
-  esac
-  ;;
-("ssh")
-  die "Maintain ssh Certificates - To be implemented in future"
-  ;;
-*)
-  die "Unsupported CERT_TYPE Option!"
-  ;;
-esac
-ADDON_EOF
-chmod 700 "$STEPHOME/step-ca-admin.sh"
-msg_ok "Installed step-ca Admin script"
-
 motd_ssh
 customize
 cleanup_lxc
--- a/install/storybook-install.sh
+++ b/install/storybook-install.sh
@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/storybookjs/storybook
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+NODE_VERSION="24" NODE_MODULE="pnpm" setup_nodejs
+
+msg_info "Preparing Storybook"
+mkdir -p /opt/storybook
+cd /opt/storybook
+msg_ok "Important: Interactive configuration will start now."
+
+npx -y storybook@latest init --yes --no-dev
+PROJECT_PATH=$(find /opt/storybook -maxdepth 2 -name ".storybook" -type d 2>/dev/null | head -n1 | xargs dirname)
+
+if [[ -z "$PROJECT_PATH" ]]; then
+  PROJECT_PATH="/opt/storybook"
+fi
+
+cd "$PROJECT_PATH"
+echo "$PROJECT_PATH" >/opt/storybook/.projectpath
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/storybook.service
+[Unit]
+Description=Storybook Dev Server
+After=network.target
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=${PROJECT_PATH}
+ExecStart=/usr/bin/npx storybook dev --host 0.0.0.0 --port 6006 --no-open
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now storybook
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/storyteller-install.sh
+++ b/install/storyteller-install.sh
@@ -0,0 +1,98 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://gitlab.com/storyteller-platform/storyteller
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  build-essential \
+  git \
+  pkg-config \
+  libsqlite3-dev \
+  sqlite3 \
+  python3-setuptools \
+  ffmpeg
+msg_ok "Installed Dependencies"
+
+NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
+
+fetch_and_deploy_gh_release "readium" "readium/cli" "prebuild" "latest" "/opt/readium" "readium_linux_x86_64.tar.gz"
+ln -sf /opt/readium/readium /usr/local/bin/readium
+fetch_and_deploy_gl_release "storyteller" "storyteller-platform/storyteller" "tarball" "latest" "/opt/storyteller"
+
+msg_info "Setting up Storyteller"
+cd /opt/storyteller
+$STD yarn install --network-timeout 600000
+$STD gcc -g -fPIC -rdynamic -shared web/sqlite/uuid.c -o web/sqlite/uuid.c.so
+STORYTELLER_SECRET_KEY=$(openssl rand -base64 32)
+cat <<EOF >/opt/storyteller/.env
+STORYTELLER_SECRET_KEY=${STORYTELLER_SECRET_KEY}
+STORYTELLER_DATA_DIR=/opt/storyteller/data
+PORT=8001
+HOSTNAME=0.0.0.0
+READIUM_PORT=9000
+NODE_ENV=production
+NEXT_TELEMETRY_DISABLED=1
+EOF
+mkdir -p /opt/storyteller/data
+{
+  echo "Storyteller Credentials"
+  echo "======================="
+  echo "Secret Key: ${STORYTELLER_SECRET_KEY}"
+} >~/storyteller.creds
+msg_ok "Set up Storyteller"
+
+msg_info "Building Storyteller"
+cd /opt/storyteller
+export CI=1
+export NODE_ENV=production
+export NEXT_TELEMETRY_DISABLED=1
+export SQLITE_NATIVE_BINDING=/opt/storyteller/node_modules/better-sqlite3/build/Release/better_sqlite3.node
+$STD yarn workspaces foreach -Rpt --from @storyteller-platform/web --exclude @storyteller-platform/eslint run build
+mkdir -p /opt/storyteller/web/.next/standalone/web/.next/static
+cp -rT /opt/storyteller/web/.next/static /opt/storyteller/web/.next/standalone/web/.next/static
+if [[ -d /opt/storyteller/web/public ]]; then
+  mkdir -p /opt/storyteller/web/.next/standalone/web/public
+  cp -rT /opt/storyteller/web/public /opt/storyteller/web/.next/standalone/web/public
+fi
+mkdir -p /opt/storyteller/web/.next/standalone/web/migrations
+cp -rT /opt/storyteller/web/migrations /opt/storyteller/web/.next/standalone/web/migrations
+mkdir -p /opt/storyteller/web/.next/standalone/web/sqlite
+cp -rT /opt/storyteller/web/sqlite /opt/storyteller/web/.next/standalone/web/sqlite
+ln -sf /opt/storyteller/.env /opt/storyteller/web/.next/standalone/web/.env
+msg_ok "Built Storyteller"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/storyteller.service
+[Unit]
+Description=Storyteller
+After=network.target
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/opt/storyteller/web/.next/standalone/web
+EnvironmentFile=/opt/storyteller/.env
+ExecStart=/usr/bin/node --enable-source-maps server.js
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now storyteller
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/Show More
+++ b/Show More