Add powerdns (ct)

VMs set DISK_SIZE=32G (with G suffix), but post_update_to_api used
\ directly in JSON, producing 'disk_size: 32G' which is
invalid JSON. The server rejected these with 'invalid character G'.

Now strips the G suffix and validates numeric-only before embedding.

.github/workflows/push-json-to-pocketbase.yml

@@ -0,0 +1,173 @@
+name: Push JSON changes to PocketBase
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "frontend/public/json/**"
+
+jobs:
+  push-json:
+    runs-on: self-hosted
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Get changed JSON files with slug
+        id: changed
+        run: |
+          changed=$(git diff --name-only "${{ github.event.before }}" "${{ github.event.after }}" -- frontend/public/json/ | grep '\.json$' || true)
+          with_slug=""
+          for f in $changed; do
+            [[ -f "$f" ]] || continue
+            jq -e '.slug' "$f" >/dev/null 2>&1 && with_slug="$with_slug $f"
+          done
+          with_slug=$(echo $with_slug | xargs -n1)
+          if [[ -z "$with_slug" ]]; then
+            echo "No app JSON files changed (or no files with slug)."
+            echo "count=0" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+          echo "$with_slug" > changed_app_jsons.txt
+          echo "count=$(echo "$with_slug" | wc -w)" >> "$GITHUB_OUTPUT"
+
+      - name: Push to PocketBase
+        if: steps.changed.outputs.count != '0'
+        env:
+          POCKETBASE_URL: ${{ secrets.POCKETBASE_URL }}
+          POCKETBASE_COLLECTION: ${{ secrets.POCKETBASE_COLLECTION }}
+          POCKETBASE_ADMIN_EMAIL: ${{ secrets.POCKETBASE_ADMIN_EMAIL }}
+          POCKETBASE_ADMIN_PASSWORD: ${{ secrets.POCKETBASE_ADMIN_PASSWORD }}
+        run: |
+          node << 'ENDSCRIPT'
+          (async function() {
+          const fs = require('fs');
+          const https = require('https');
+          const http = require('http');
+          const url = require('url');
+          function request(fullUrl, opts) {
+            return new Promise(function(resolve, reject) {
+              const u = url.parse(fullUrl);
+              const isHttps = u.protocol === 'https:';
+              const body = opts.body;
+              const options = {
+                hostname: u.hostname,
+                port: u.port || (isHttps ? 443 : 80),
+                path: u.path,
+                method: opts.method || 'GET',
+                headers: opts.headers || {}
+              };
+              if (body) options.headers['Content-Length'] = Buffer.byteLength(body);
+              const lib = isHttps ? https : http;
+              const req = lib.request(options, function(res) {
+                let data = '';
+                res.on('data', function(chunk) { data += chunk; });
+                res.on('end', function() {
+                  resolve({ ok: res.statusCode >= 200 && res.statusCode < 300, statusCode: res.statusCode, body: data });
+                });
+              });
+              req.on('error', reject);
+              if (body) req.write(body);
+              req.end();
+            });
+          }
+          const raw = process.env.POCKETBASE_URL.replace(/\/$/, '');
+          const apiBase = /\/api$/i.test(raw) ? raw : raw + '/api';
+          const coll = process.env.POCKETBASE_COLLECTION;
+          const files = fs.readFileSync('changed_app_jsons.txt', 'utf8').trim().split(/\s+/).filter(Boolean);
+          const authUrl = apiBase + '/collections/users/auth-with-password';
+          console.log('Auth URL: ' + authUrl);
+          const authBody = JSON.stringify({
+            identity: process.env.POCKETBASE_ADMIN_EMAIL,
+            password: process.env.POCKETBASE_ADMIN_PASSWORD
+          });
+          const authRes = await request(authUrl, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: authBody
+          });
+          if (!authRes.ok) {
+            throw new Error('Auth failed. Tried: ' + authUrl + ' - Verify POST to that URL with body {"identity":"...","password":"..."} works. Response: ' + authRes.body);
+          }
+          const token = JSON.parse(authRes.body).token;
+          const recordsUrl = apiBase + '/collections/' + encodeURIComponent(coll) + '/records';
+          let categoryIdToName = {};
+          try {
+            const metadata = JSON.parse(fs.readFileSync('frontend/public/json/metadata.json', 'utf8'));
+            (metadata.categories || []).forEach(function(cat) { categoryIdToName[cat.id] = cat.name; });
+          } catch (e) { console.warn('Could not load metadata.json:', e.message); }
+          let typeValueToId = {};
+          let categoryNameToPbId = {};
+          try {
+            const typesRes = await request(apiBase + '/collections/z_ref_script_types/records?perPage=500', { headers: { 'Authorization': token } });
+            if (typesRes.ok) {
+              const typesData = JSON.parse(typesRes.body);
+              (typesData.items || []).forEach(function(item) { if (item.type) typeValueToId[item.type] = item.id; });
+            }
+          } catch (e) { console.warn('Could not fetch z_ref_script_types:', e.message); }
+          try {
+            const catRes = await request(apiBase + '/collections/script_categories/records?perPage=500', { headers: { 'Authorization': token } });
+            if (catRes.ok) {
+              const catData = JSON.parse(catRes.body);
+              (catData.items || []).forEach(function(item) { if (item.name) categoryNameToPbId[item.name] = item.id; });
+            }
+          } catch (e) { console.warn('Could not fetch script_categories:', e.message); }
+          for (const file of files) {
+            if (!fs.existsSync(file)) continue;
+            const data = JSON.parse(fs.readFileSync(file, 'utf8'));
+            if (!data.slug) { console.log('Skipping', file, '(no slug)'); continue; }
+            var payload = {
+              name: data.name,
+              slug: data.slug,
+              script_created: data.date_created || data.script_created,
+              script_updated: data.date_created || data.script_updated,
+              updateable: data.updateable,
+              privileged: data.privileged,
+              port: data.interface_port != null ? data.interface_port : data.port,
+              documentation: data.documentation,
+              website: data.website,
+              logo: data.logo,
+              description: data.description,
+              config_path: data.config_path,
+              default_user: (data.default_credentials && data.default_credentials.username) || data.default_user,
+              default_passwd: (data.default_credentials && data.default_credentials.password) || data.default_passwd,
+              is_dev: false
+            };
+            var resolvedType = typeValueToId[data.type];
+            if (resolvedType) payload.type = resolvedType;
+            var resolvedCats = (data.categories || []).map(function(n) { return categoryNameToPbId[categoryIdToName[n]]; }).filter(Boolean);
+            if (resolvedCats.length) payload.categories = resolvedCats;
+            if (data.version !== undefined) payload.version = data.version;
+            if (data.changelog !== undefined) payload.changelog = data.changelog;
+            if (data.screenshots !== undefined) payload.screenshots = data.screenshots;
+            const filter = "(slug='" + data.slug + "')";
+            const listRes = await request(recordsUrl + '?filter=' + encodeURIComponent(filter) + '&perPage=1', {
+              headers: { 'Authorization': token }
+            });
+            const list = JSON.parse(listRes.body);
+            const existingId = list.items && list.items[0] && list.items[0].id;
+            if (existingId) {
+              console.log('Updating', file, '(slug=' + data.slug + ')');
+              const r = await request(recordsUrl + '/' + existingId, {
+                method: 'PATCH',
+                headers: { 'Authorization': token, 'Content-Type': 'application/json' },
+                body: JSON.stringify(payload)
+              });
+              if (!r.ok) throw new Error('PATCH failed: ' + r.body);
+            } else {
+              console.log('Creating', file, '(slug=' + data.slug + ')');
+              const r = await request(recordsUrl, {
+                method: 'POST',
+                headers: { 'Authorization': token, 'Content-Type': 'application/json' },
+                body: JSON.stringify(payload)
+              });
+              if (!r.ok) throw new Error('POST failed: ' + r.body);
+            }
+          }
+          console.log('Done.');
+          })().catch(e => { console.error(e); process.exit(1); });
+          ENDSCRIPT
+        shell: bash

CHANGELOG.md

@@ -418,10 +418,22 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 ### 🚀 Updated Scripts
 
+  - #### 🐞 Bug Fixes
+
+    - Tracearr: prepare for imminent v1.4.19 release [@durzo](https://github.com/durzo) ([#12413](https://github.com/community-scripts/ProxmoxVE/pull/12413))
+
+  - #### ✨ New Features
+
+    - Frigate: Bump to v0.17 [@MickLesk](https://github.com/MickLesk) ([#12474](https://github.com/community-scripts/ProxmoxVE/pull/12474))
+
   - #### 💥 Breaking Changes
 
     - Migrate: DokPloy, Komodo, Coolify, Dockge, Runtipi to Addons [@MickLesk](https://github.com/MickLesk) ([#12275](https://github.com/community-scripts/ProxmoxVE/pull/12275))
 
+  - #### 🔧 Refactor
+
+    - ref: replace generic exit 1 with specific exit codes in ct & install [@MickLesk](https://github.com/MickLesk) ([#12475](https://github.com/community-scripts/ProxmoxVE/pull/12475))
+
 ### 💾 Core
 
   - #### ✨ New Features

ct/alpine-komodo.sh

@@ -39,7 +39,7 @@ function update_script() {
     COMPOSE_FILE=$(find /opt/komodo -maxdepth 1 -type f -name '*.compose.yaml' ! -name 'compose.env' | head -n1)
     if [[ -z "$COMPOSE_FILE" ]]; then
       msg_error "No valid compose file found in /opt/komodo!"
-      exit 1
+      exit 252
     fi
     $STD docker compose -p komodo -f "$COMPOSE_FILE" --env-file /opt/komodo/compose.env pull
     $STD docker compose -p komodo -f "$COMPOSE_FILE" --env-file /opt/komodo/compose.env up -d

ct/endurain.sh

@@ -26,7 +26,7 @@ function update_script() {
 
   if [[ ! -d /opt/endurain ]]; then
     msg_error "No ${APP} installation found!"
-    exit 1
+    exit 233
   fi
   if check_for_gh_release "endurain" "endurain-project/endurain"; then
     msg_info "Stopping Service"

ct/evcc.sh

@@ -25,7 +25,7 @@ function update_script() {
   check_container_resources
   if ! command -v evcc >/dev/null 2>&1; then
     msg_error "No ${APP} Installation Found!"
-    exit 1
+    exit 233
   fi
 
   if [[ -f /etc/apt/sources.list.d/evcc-stable.list ]]; then

ct/grafana.sh

@@ -26,7 +26,7 @@ function update_script() {
 
   if ! dpkg -s grafana >/dev/null 2>&1; then
     msg_error "No ${APP} Installation Found!"
-    exit 1
+    exit 233
   fi
 
   if [[ -f /etc/apt/sources.list.d/grafana.list ]] || [[ ! -f /etc/apt/sources.list.d/grafana.sources ]]; then

ct/itsm-ng.sh

@@ -26,7 +26,7 @@ function update_script() {
 
   if [[ ! -f /etc/itsm-ng/config_db.php ]]; then
     msg_error "No ${APP} Installation Found!"
-    exit 1
+    exit 233
   fi
   setup_mariadb
 

ct/kasm.sh

@@ -45,7 +45,7 @@ function update_script() {
   
   if [[ -z "$KASM_URL" ]] || [[ -z "$KASM_VERSION" ]]; then
     msg_error "Unable to detect latest Kasm release URL."
-    exit 1
+    exit 250
   fi
   msg_info "Checked for new version"
 

ct/komodo.sh

@@ -43,7 +43,7 @@ function update_script() {
     COMPOSE_FILE=$(find /opt/komodo -maxdepth 1 -type f -name '*.compose.yaml' ! -name 'compose.env' | head -n1)
     if [[ -z "$COMPOSE_FILE" ]]; then
       msg_error "No valid compose file found in /opt/komodo!"
-      exit 1
+      exit 252
     fi
     $STD docker compose -p komodo -f "$COMPOSE_FILE" --env-file /opt/komodo/compose.env pull
     $STD docker compose -p komodo -f "$COMPOSE_FILE" --env-file /opt/komodo/compose.env up -d

ct/loki.sh

@@ -26,7 +26,7 @@ function update_script() {
 
   if ! dpkg -s loki >/dev/null 2>&1; then
     msg_error "No ${APP} Installation Found!"
-    exit 1
+    exit 233
   fi
 
   CHOICE=$(msg_menu "Loki Update Options" \

ct/paperless-ngx.sh

@@ -44,7 +44,7 @@ function update_script() {
       echo -e "${TAB}${GATEWAY}${BGN}https://github.com/community-scripts/ProxmoxVE/discussions/9223${CL}"
       echo -e ""
       msg_custom "⚠️" "Update aborted. Please migrate your data first."
-      exit 1
+      exit 253
     fi
   fi
 

ct/powerdns.sh

@@ -0,0 +1,68 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: Slaviša Arežina (tremor021)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://www.powerdns.com/
+
+APP="PowerDNS"
+var_tags="${var_tags:-dns}"
+var_cpu="${var_cpu:-1}"
+var_ram="${var_ram:-1024}"
+var_disk="${var_disk:-4}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+  if [[ ! -d /opt/poweradmin ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  msg_info "Updating PowerDNS"
+  $STD apt update
+  $STD apt install -y --only-upgrade pdns-server pdns-backend-sqlite3
+  msg_ok "Updated PowerDNS"
+
+  if check_for_gh_release "poweradmin" "poweradmin/poweradmin"; then
+    msg_info "Backing up Configuration"
+    cp /opt/poweradmin/config/settings.php /opt/poweradmin_settings.php.bak
+    cp /opt/poweradmin/powerdns.db /opt/poweradmin_powerdns.db.bak
+    msg_ok "Backed up Configuration"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "poweradmin" "poweradmin/poweradmin" "tarball"
+
+    msg_info "Updating Poweradmin"
+    cp /opt/poweradmin_settings.php.bak /opt/poweradmin/config/settings.php
+    cp /opt/poweradmin_powerdns.db.bak /opt/poweradmin/powerdns.db
+    rm -rf /opt/poweradmin/install
+    rm -f /opt/poweradmin_settings.php.bak /opt/poweradmin_powerdns.db.bak
+    chown -R www-data:www-data /opt/poweradmin
+    msg_ok "Updated Poweradmin"
+
+    msg_info "Restarting Services"
+    systemctl restart pdns apache2
+    msg_ok "Restarted Services"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}${CL}"

ct/tracearr.sh

@@ -75,10 +75,31 @@ if [ -f \$pg_config_file ]; then
     fi
 fi
 systemctl restart postgresql
+sudo -u postgres psql -c "ALTER USER tracearr WITH SUPERUSER;"
 EOF
   chmod +x /data/tracearr/prestart.sh
   msg_ok "Updated prestart script"
 
+  # check if tailscale is installed
+  if command -v tailscale >/dev/null 2>&1; then
+    # Tracearr runs tailscaled in user mode, disable the service.
+    $STD systemctl disable --now tailscaled
+    $STD systemctl stop tailscaled
+    msg_ok "Tailscale already installed"
+  else
+    msg_info "Installing tailscale"
+    setup_deb822_repo \
+      "tailscale" \
+      "https://pkgs.tailscale.com/stable/$(get_os_info id)/$(get_os_info codename).noarmor.gpg" \
+      "https://pkgs.tailscale.com/stable/$(get_os_info id)/" \
+      "$(get_os_info codename)"
+    $STD apt install -y tailscale
+    # Tracearr runs tailscaled in user mode, disable the service.
+    $STD systemctl disable --now tailscaled
+    $STD systemctl stop tailscaled
+    msg_ok "Installed tailscale"
+  fi
+
   if check_for_gh_release "tracearr" "connorgallopo/Tracearr"; then
     msg_info "Stopping Services"
     systemctl stop tracearr postgresql redis
@@ -122,6 +143,8 @@ EOF
     sed -i "s/^APP_VERSION=.*/APP_VERSION=$(cat /root/.tracearr)/" /data/tracearr/.env
     chmod 600 /data/tracearr/.env
     chown -R tracearr:tracearr /data/tracearr
+    mkdir -p /data/backup
+    chown -R tracearr:tracearr /data/backup
     msg_ok "Configured Tracearr"
 
     msg_info "Starting services"

ct/vikunja.sh

@@ -34,14 +34,14 @@ function update_script() {
     msg_warn "This requires MANUAL config changes in /etc/vikunja/config.yml."
     msg_warn "See: https://vikunja.io/changelog/whats-new-in-vikunja-1.0.0/#config-changes"
 
-    read -rp "Continue with update? (y to proceed): " -t 30 CONFIRM1 || exit 1
+    read -rp "Continue with update? (y to proceed): " -t 30 CONFIRM1 || exit 254
     [[ "$CONFIRM1" =~ ^[yY]$ ]] || exit 0
 
     echo
     msg_warn "Vikunja may not start after the update until you manually adjust the config."
     msg_warn "Details: https://vikunja.io/changelog/whats-new-in-vikunja-1.0.0/#config-changes"
 
-    read -rp "Acknowledge and continue? (y): " -t 30 CONFIRM2 || exit 1
+    read -rp "Acknowledge and continue? (y): " -t 30 CONFIRM2 || exit 254
     [[ "$CONFIRM2" =~ ^[yY]$ ]] || exit 0
   fi
 

frontend/public/json/2fauth.json

@@ -13,7 +13,7 @@
   "website": "https://2fauth.app/",
   "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/2fauth.webp",
   "config_path": "cat /opt/2fauth/.env",
-  "description": "2FAuth is a web based self-hosted alternative to One Time Passcode (OTP) generators like Google Authenticator, designed for both mobile and desktop. It aims to ease you perform your 2FA authentication steps whatever the device you handle, with a clean and suitable interface.",
+  "description": "2FAuth is a web based self-hosted alternative to One Time Passcode (OTP) generators like Google Authenticator, designed for both mobile and desktop. It aims to ease you perform your 2FA authentication steps whatever the device you handle, with a clean and suitable interface. - Workflow -  Test",
   "install_methods": [
     {
       "type": "default",

frontend/public/json/github-versions.json

@@ -1,5 +1,5 @@
 {
-  "generated": "2026-03-02T12:12:21Z",
+  "generated": "2026-03-02T13:48:26Z",
   "versions": [
     {
       "slug": "2fauth",
@@ -200,9 +200,9 @@
     {
       "slug": "cleanuparr",
       "repo": "Cleanuparr/Cleanuparr",
-      "version": "v2.7.6",
+      "version": "v2.7.7",
       "pinned": false,
-      "date": "2026-02-27T19:32:02Z"
+      "date": "2026-03-02T13:08:32Z"
     },
     {
       "slug": "cloudreve",
@@ -424,9 +424,9 @@
     {
       "slug": "frigate",
       "repo": "blakeblackshear/frigate",
-      "version": "v0.16.4",
+      "version": "v0.17.0",
       "pinned": true,
-      "date": "2026-01-29T00:42:14Z"
+      "date": "2026-02-27T03:03:01Z"
     },
     {
       "slug": "gatus",

frontend/public/json/powerdns.json

@@ -0,0 +1,40 @@
+{
+  "name": "PowerDNS",
+  "slug": "powerdns",
+  "categories": [
+    5
+  ],
+  "date_created": "2026-02-11",
+  "type": "ct",
+  "updateable": true,
+  "privileged": false,
+  "interface_port": 80,
+  "documentation": "https://doc.powerdns.com/index.html",
+  "config_path": "/opt/poweradmin/config/settings.php",
+  "website": "https://www.powerdns.com/",
+  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/powerdns.webp",
+  "description": "The PowerDNS Authoritative Server is a versatile nameserver which supports a large number of backends. These backends can either be plain zone files or be more dynamic in nature. PowerDNS has the concepts of ‘backends’. A backend is a datastore that the server will consult that contains DNS records (and some metadata). The backends range from database backends (MySQL, PostgreSQL) and BIND zone files to co-processes and JSON API’s.",
+  "install_methods": [
+    {
+      "type": "default",
+      "script": "ct/powerdns.sh",
+      "resources": {
+        "cpu": 1,
+        "ram": 1024,
+        "hdd": 4,
+        "os": "Debian",
+        "version": "13"
+      }
+    }
+  ],
+  "default_credentials": {
+    "username": null,
+    "password": null
+  },
+  "notes": [
+    {
+      "text": "For administrator credentials type: `cat ~/poweradmin.creds` inside LXC.",
+      "type": "info"
+    }
+  ]
+}

install/alpine-postgresql-install.sh

@@ -14,7 +14,7 @@ network_check
 update_os
 
 read -r -p "${TAB3}Enter PostgreSQL version (15/16/17): " ver
-[[ $ver =~ ^(15|16|17)$ ]] || { echo "Invalid version"; exit 1; }
+[[ $ver =~ ^(15|16|17)$ ]] || { echo "Invalid version"; exit 64; }
 
 msg_info "Installing PostgreSQL ${ver}"
 $STD apk add --no-cache postgresql${ver} postgresql${ver}-contrib postgresql${ver}-openrc sudo

install/apache-tomcat-install.sh

@@ -25,7 +25,7 @@ case $version in
     ;;
   *)
     msg_error "Invalid JDK version selected. Please enter 8, 11, 17 or 21."
-    exit 1
+    exit 64
     ;;
   esac
   ;;
@@ -39,7 +39,7 @@ case $version in
     ;;
   *)
     msg_error "Invalid JDK version selected. Please enter 11, 17 or 21."
-    exit 1
+    exit 64
     ;;
   esac
   ;;
@@ -53,13 +53,13 @@ case $version in
     ;;
   *)
     msg_error "Invalid JDK version selected. Please enter 17 or 21."
-    exit 1
+    exit 64
     ;;
   esac
   ;;
 *)
   msg_error "Invalid Tomcat version selected. Please enter 9, 10.1 or 11."
-  exit 1
+  exit 64
   ;;
 esac
 

install/booklore-install.sh

@@ -59,7 +59,7 @@ mkdir -p /opt/booklore/dist
 JAR_PATH=$(find /opt/booklore/booklore-api/build/libs -maxdepth 1 -type f -name "booklore-api-*.jar" ! -name "*plain*" | head -n1)
 if [[ -z "$JAR_PATH" ]]; then
   msg_error "Backend JAR not found"
-  exit 1
+  exit 153
 fi
 cp "$JAR_PATH" /opt/booklore/dist/app.jar
 msg_ok "Built Backend"

install/docker-install.sh

@@ -86,7 +86,7 @@ EOF
     msg_ok "Docker TCP socket available on $socket"
   else
     msg_error "Docker failed to restart. Check journalctl -xeu docker.service"
-    exit 1
+    exit 150
   fi
 fi
 

install/emqx-install.sh

@@ -21,7 +21,7 @@ msg_info "Fetching latest EMQX Enterprise version"
 LATEST_VERSION=$(curl -fsSL https://www.emqx.com/en/downloads/enterprise | grep -oP '/en/downloads/enterprise/v\K[0-9]+\.[0-9]+\.[0-9]+' | sort -V | tail -n1)
 if [[ -z "$LATEST_VERSION" ]]; then
   msg_error "Failed to determine latest EMQX version"
-  exit 1
+  exit 250
 fi
 msg_ok "Latest version: v$LATEST_VERSION"
 

install/frigate-install.sh

@@ -16,7 +16,7 @@ update_os
 source /etc/os-release
 if [[ "$VERSION_ID" != "12" ]]; then
   msg_error "Frigate requires Debian 12 (Bookworm) due to Python 3.11 dependencies"
-  exit 1
+  exit 238
 fi
 
 msg_info "Converting APT sources to DEB822 format"

install/kasm-install.sh

@@ -31,7 +31,7 @@ fi
 
 if [[ -z "$KASM_URL" ]] || [[ -z "$KASM_VERSION" ]]; then
   msg_error "Unable to detect latest Kasm release URL."
-  exit 1
+  exit 250
 fi
 msg_ok "Detected Kasm Workspaces version $KASM_VERSION"
 

install/npmplus-install.sh

@@ -51,7 +51,7 @@ while true; do
   attempts=$((attempts + 1))
   if [[ "$attempts" -ge 3 ]]; then
     msg_error "Maximum attempts reached. Exiting."
-    exit 1
+    exit 254
   fi
 done
 
@@ -76,11 +76,11 @@ for i in {1..60}; do
     elif [[ "$STATUS" == "unhealthy" ]]; then
       msg_error "NPMplus container is unhealthy! Check logs."
       docker logs "$CONTAINER_ID"
-      exit 1
+      exit 150
     fi
   fi
   sleep 2
-  [[ $i -eq 60 ]] && msg_error "NPMplus container did not become healthy within 120s." && docker logs "$CONTAINER_ID" && exit 1
+  [[ $i -eq 60 ]] && msg_error "NPMplus container did not become healthy within 120s." && docker logs "$CONTAINER_ID" && exit 150
 done
 msg_ok "Builded and started NPMplus"
 

install/ollama-install.sh

@@ -78,11 +78,11 @@ if curl -fL# -C - -o "$TMP_TAR" "$OLLAMA_URL"; then
     msg_ok "Installed Ollama ${RELEASE}"
   else
     msg_error "Extraction failed – archive corrupt or incomplete"
-    exit 1
+    exit 251
   fi
 else
   msg_error "Download failed – $OLLAMA_URL not reachable"
-  exit 1
+  exit 250
 fi
 
 msg_info "Creating ollama User and Group"

install/onlyoffice-install.sh

@@ -59,7 +59,7 @@ EOF
 else
   msg_error "Failed to download or verify GPG key from $KEY_URL"
   [[ -f "$TMP_KEY_CONTENT" ]] && rm -f "$TMP_KEY_CONTENT"
-  exit 1
+  exit 250
 fi
 rm -f "$TMP_KEY_CONTENT"
 

install/opencloud-install.sh

@@ -34,7 +34,7 @@ for server in "${servers[@]}"; do
   done
   if ((attempt >= MAX_ATTEMPTS)); then
     msg_error "No more attempts - aborting script!"
-    exit 1
+    exit 254
   fi
 done
 

install/postgresql-install.sh

@@ -16,7 +16,7 @@ update_os
 read -r -p "${TAB3}Enter PostgreSQL version (15/16/17/18): " ver
 [[ $ver =~ ^(15|16|17|18)$ ]] || {
   echo "Invalid version"
-  exit 1
+  exit 64
 }
 PG_VERSION=$ver setup_postgresql
 

install/powerdns-install.sh

@@ -0,0 +1,134 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: Slaviša Arežina (tremor021)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://www.powerdns.com/
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y sqlite3
+msg_ok "Installed Dependencies"
+
+PHP_VERSION="8.3" PHP_APACHE="YES" PHP_FPM="YES" PHP_MODULE="gettext,tokenizer,sqlite3,ldap" setup_php
+setup_deb822_repo \
+  "pdns" \
+  "https://repo.powerdns.com/FD380FBB-pub.asc" \
+  "http://repo.powerdns.com/debian" \
+  "trixie-auth-50"
+
+cat <<EOF >/etc/apt/preferences.d/auth-50
+Package: pdns-*
+Pin: origin repo.powerdns.com
+Pin-Priority: 600
+EOF
+
+escape_sql() {
+  printf '%s' "$1" | sed "s/'/''/g"
+}
+
+msg_info "Setting up PowerDNS"
+$STD apt install -y \
+  pdns-server \
+  pdns-backend-sqlite3
+msg_ok "Setup PowerDNS"
+
+fetch_and_deploy_gh_release "poweradmin" "poweradmin/poweradmin" "tarball"
+
+msg_info "Setting up Poweradmin"
+sqlite3 /opt/poweradmin/powerdns.db </opt/poweradmin/sql/poweradmin-sqlite-db-structure.sql
+sqlite3 /opt/poweradmin/powerdns.db </opt/poweradmin/sql/pdns/49/schema.sqlite3.sql
+PA_ADMIN_USERNAME="admin"
+PA_ADMIN_EMAIL="admin@example.com"
+PA_ADMIN_FULLNAME="Administrator"
+PA_ADMIN_PASSWORD=$(openssl rand -base64 16 | tr -d "=+/" | cut -c1-16)
+PA_SESSION_KEY=$(openssl rand -base64 75 | tr -dc 'A-Za-z0-9^@#!(){}[]%_\-+=~' | head -c 50)
+PASSWORD_HASH=$(php -r "echo password_hash(\$argv[1], PASSWORD_DEFAULT);" -- "${PA_ADMIN_PASSWORD}" 2>/dev/null)
+sqlite3 /opt/poweradmin/powerdns.db "INSERT INTO users (username, password, fullname, email, description, perm_templ, active, use_ldap) \
+  VALUES ('$(escape_sql "${PA_ADMIN_USERNAME}")', '$(escape_sql "${PASSWORD_HASH}")', '$(escape_sql "${PA_ADMIN_FULLNAME}")', \
+  '$(escape_sql "${PA_ADMIN_EMAIL}")', 'System Administrator', 1, 1, 0);"
+
+cat <<EOF >~/poweradmin.creds
+Admin Username: ${PA_ADMIN_USERNAME}
+Admin Password: ${PA_ADMIN_PASSWORD}
+EOF
+
+cat <<EOF >/opt/poweradmin/config/settings.php
+<?php
+
+/**
+ * Poweradmin Settings Configuration File
+ *
+ * Generated by the installer on 2026-02-02 21:01:40
+ */
+
+return [
+    /**
+     * Database Settings
+     */
+    'database' => [
+        'type' => 'sqlite',
+        'file' => '/opt/poweradmin/powerdns.db',
+    ],
+
+    /**
+     * Security Settings
+     */
+    'security' => [
+        'session_key' => '${PA_SESSION_KEY}',
+    ],
+
+    /**
+     * Interface Settings
+     */
+    'interface' => [
+        'language' => 'en_EN',
+    ],
+
+    /**
+     * DNS Settings
+     */
+    'dns' => [
+        'hostmaster' => 'localhost.lan',
+        'ns1' => '8.8.8.8',
+        'ns2' => '9.9.9.9',
+    ]
+];
+EOF
+rm -rf /opt/poweradmin/install
+msg_ok "Setup Poweradmin"
+
+msg_info "Creating Service"
+rm /etc/apache2/sites-enabled/000-default.conf
+cat <<EOF >/etc/apache2/sites-enabled/poweradmin.conf
+<VirtualHost *:80>
+    ServerName localhost
+    DocumentRoot /opt/poweradmin
+
+    <Directory /opt/poweradmin>
+        Options -Indexes +FollowSymLinks
+        AllowOverride All
+        Require all granted
+    </Directory>
+
+    # For DDNS update functionality
+    RewriteEngine On
+    RewriteRule ^/update(.*)\$ /dynamic_update.php [L]
+    RewriteRule ^/nic/update(.*)\$ /dynamic_update.php [L]
+</VirtualHost>
+EOF
+$STD a2enmod rewrite headers
+chown -R www-data:www-data /opt/poweradmin
+$STD systemctl restart apache2
+msg_info "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc

install/pulse-install.sh

@@ -25,7 +25,7 @@ if useradd -r -m -d /opt/pulse-home -s /usr/sbin/nologin pulse; then
   msg_ok "Created User"
 else
   msg_error "User creation failed"
-  exit 1
+  exit 71
 fi
 
 mkdir -p /etc/pulse

install/splunk-enterprise-install.sh

@@ -34,7 +34,7 @@ while true; do
         [Nn]|[Nn][Oo]|"")
             msg_error "Terms not accepted. Installation cannot proceed."
             msg_error "Please review the terms and run the script again if you wish to proceed."
-            exit 1
+            exit 254
             ;;
         *)
             msg_error "Invalid response. Please enter 'y' for yes or 'n' for no."
@@ -47,7 +47,7 @@ DOWNLOAD_URL=$(curl -s "https://www.splunk.com/en_us/download/splunk-enterprise.
 RELEASE=$(echo "$DOWNLOAD_URL" | sed 's|.*/releases/\([^/]*\)/.*|\1|')
 $STD curl -fsSL -o "splunk-enterprise.tgz" "$DOWNLOAD_URL" || {
     msg_error "Failed to download Splunk Enterprise from the provided link."
-    exit 1
+    exit 250
 }
 $STD tar -xzf "splunk-enterprise.tgz" -C /opt
 rm -f "splunk-enterprise.tgz"

install/tracearr-install.sh

@@ -44,7 +44,20 @@ $STD timescaledb-tune -yes -memory "$ram_for_tsdb"MB
 $STD systemctl restart postgresql
 msg_ok "Installed TimescaleDB"
 
-PG_DB_NAME="tracearr_db" PG_DB_USER="tracearr" PG_DB_EXTENSIONS="timescaledb,timescaledb_toolkit" setup_postgresql_db
+PG_DB_NAME="tracearr_db" PG_DB_USER="tracearr" PG_DB_EXTENSIONS="timescaledb,timescaledb_toolkit" PG_DB_GRANT_SUPERUSER="true" setup_postgresql_db
+
+msg_info "Installing tailscale"
+setup_deb822_repo \
+  "tailscale" \
+  "https://pkgs.tailscale.com/stable/$(get_os_info id)/$(get_os_info codename).noarmor.gpg" \
+  "https://pkgs.tailscale.com/stable/$(get_os_info id)/" \
+  "$(get_os_info codename)"
+$STD apt install -y tailscale
+# Tracearr runs tailscaled in user mode, disable the service.
+$STD systemctl disable --now tailscaled
+$STD systemctl stop tailscaled
+msg_ok "Installed tailscale"
+
 fetch_and_deploy_gh_release "tracearr" "connorgallopo/Tracearr" "tarball" "latest" "/opt/tracearr.build"
 
 msg_info "Building Tracearr"
@@ -75,6 +88,7 @@ msg_info "Configuring Tracearr"
 $STD useradd -r -s /bin/false -U tracearr
 $STD chown -R tracearr:tracearr /opt/tracearr
 install -d -m 750 -o tracearr -g tracearr /data/tracearr
+install -d -m 750 -o tracearr -g tracearr /data/backup
 export JWT_SECRET=$(openssl rand -hex 32)
 export COOKIE_SECRET=$(openssl rand -hex 32)
 cat <<EOF >/data/tracearr/.env
@@ -89,7 +103,6 @@ JWT_SECRET=$JWT_SECRET
 COOKIE_SECRET=$COOKIE_SECRET
 APP_VERSION=$(cat /root/.tracearr)
 #CORS_ORIGIN=http://localhost:5173
-#MOBILE_BETA_MODE=true
 EOF
 chmod 600 /data/tracearr/.env
 chown -R tracearr:tracearr /data/tracearr
@@ -140,6 +153,7 @@ if [ -f \$pg_config_file ]; then
     fi
 fi
 systemctl restart postgresql
+sudo -u postgres psql -c "ALTER USER tracearr WITH SUPERUSER;"
 EOF
 chmod +x /data/tracearr/prestart.sh
 cat <<EOF >/lib/systemd/system/tracearr.service

install/unifi-os-server-install.sh

@@ -16,13 +16,13 @@ update_os
 if [[ "${CTTYPE:-1}" != "0" ]]; then
   msg_error "UniFi OS Server requires a privileged LXC container."
   msg_error "Recreate the container with unprivileged=0."
-  exit 1
+  exit 10
 fi
 
 if [[ ! -e /dev/net/tun ]]; then
   msg_error "Missing /dev/net/tun in container."
   msg_error "Enable TUN/TAP (var_tun=yes) or add /dev/net/tun passthrough."
-  exit 1
+  exit 236
 fi
 
 msg_info "Installing dependencies"
@@ -48,7 +48,7 @@ TEMP_JSON="$(mktemp)"
 if ! curl -fsSL "$API_URL" -o "$TEMP_JSON"; then
   rm -f "$TEMP_JSON"
   msg_error "Failed to fetch data from Ubiquiti API"
-  exit 1
+  exit 250
 fi
 LATEST=$(jq -r '
   ._embedded.firmware
@@ -62,7 +62,7 @@ UOS_URL=$(echo "$LATEST" | jq -r '._links.data.href')
 rm -f "$TEMP_JSON"
 if [[ -z "$UOS_URL" || -z "$UOS_VERSION" || "$UOS_URL" == "null" ]]; then
   msg_error "Failed to parse UniFi OS Server version or download URL"
-  exit 1
+  exit 250
 fi
 msg_ok "Found UniFi OS Server ${UOS_VERSION}"
 

install/zerotier-one-install.sh

@@ -31,7 +31,7 @@ if gpg --verify /tmp/zerotier-install.sh >/dev/null 2>&1; then
   $STD bash /tmp/zerotier-install.sh
 else
   msg_warn "Could not verify signature of Zerotier-One install script. Exiting..."
-  exit 1
+  exit 250
 fi
 msg_ok "Setup Zerotier-One"
 

misc/api.func

@@ -134,6 +134,7 @@ detect_repo_source
 #   * Proxmox custom codes (200-231)
 #   * Tools & Addon Scripts (232-238)
 #   * Node.js/npm errors (239, 243, 245-249)
+#   * Application Install/Update errors (250-254)
 # - Returns description string for given exit code
 # ------------------------------------------------------------------------------
 explain_exit_code() {
@@ -322,6 +323,13 @@ explain_exit_code() {
   248) echo "Node.js: Invalid C++ addon / N-API failure" ;;
   249) echo "npm/pnpm/yarn: Unknown fatal error" ;;
 
+  # --- Application Install/Update Errors (250-254) ---
+  250) echo "App: Download failed or version not determined" ;;
+  251) echo "App: File extraction failed (corrupt or incomplete archive)" ;;
+  252) echo "App: Required file or resource not found" ;;
+  253) echo "App: Data migration required — update aborted" ;;
+  254) echo "App: User declined prompt or input timed out" ;;
+
   # --- DPKG ---
   255) echo "DPKG: Fatal internal error" ;;
 
@@ -385,6 +393,11 @@ get_error_text() {
     logfile="$BUILD_LOG"
   fi
 
+  # Try SILENT_LOGFILE as last resort (captures $STD command output)
+  if [[ -z "$logfile" || ! -s "$logfile" ]] && [[ -n "${SILENT_LOGFILE:-}" && -s "${SILENT_LOGFILE}" ]]; then
+    logfile="$SILENT_LOGFILE"
+  fi
+
   if [[ -n "$logfile" && -s "$logfile" ]]; then
     tail -n 20 "$logfile" 2>/dev/null | sed 's/\r$//' | sed 's/\x1b\[[0-9;]*[a-zA-Z]//g'
   fi
@@ -430,6 +443,13 @@ get_full_log() {
     fi
   fi
 
+  # Fall back to SILENT_LOGFILE (captures $STD command output)
+  if [[ -z "$logfile" || ! -s "$logfile" ]]; then
+    if [[ -n "${SILENT_LOGFILE:-}" && -s "${SILENT_LOGFILE}" ]]; then
+      logfile="$SILENT_LOGFILE"
+    fi
+  fi
+
   if [[ -n "$logfile" && -s "$logfile" ]]; then
     # Strip ANSI codes, carriage returns, and anonymize IP addresses (GDPR)
     sed 's/\r$//' "$logfile" 2>/dev/null |
@@ -667,18 +687,23 @@ EOF
   [[ "${DEV_MODE:-}" == "true" ]] && echo "[DEBUG] Sending to: $TELEMETRY_URL" >&2
   [[ "${DEV_MODE:-}" == "true" ]] && echo "[DEBUG] Payload: $JSON_PAYLOAD" >&2
 
-  # Fire-and-forget: never block, never fail
-  local http_code
-  if [[ "${DEV_MODE:-}" == "true" ]]; then
-    http_code=$(curl -sS -w "%{http_code}" -m "${TELEMETRY_TIMEOUT}" -X POST "${TELEMETRY_URL}" \
-      -H "Content-Type: application/json" \
-      -d "$JSON_PAYLOAD" -o /dev/stderr 2>&1) || true
-    echo "[DEBUG] HTTP response code: $http_code" >&2
-  else
-    curl -fsS -m "${TELEMETRY_TIMEOUT}" -X POST "${TELEMETRY_URL}" \
-      -H "Content-Type: application/json" \
-      -d "$JSON_PAYLOAD" &>/dev/null || true
-  fi
+  # Send initial "installing" record with retry.
+  # This record MUST exist for all subsequent updates to succeed.
+  local http_code="" attempt
+  for attempt in 1 2 3; do
+    if [[ "${DEV_MODE:-}" == "true" ]]; then
+      http_code=$(curl -sS -w "%{http_code}" -m "${TELEMETRY_TIMEOUT}" -X POST "${TELEMETRY_URL}" \
+        -H "Content-Type: application/json" \
+        -d "$JSON_PAYLOAD" -o /dev/stderr 2>&1) || http_code="000"
+      echo "[DEBUG] post_to_api attempt $attempt HTTP=$http_code" >&2
+    else
+      http_code=$(curl -sS -w "%{http_code}" -m "${TELEMETRY_TIMEOUT}" -X POST "${TELEMETRY_URL}" \
+        -H "Content-Type: application/json" \
+        -d "$JSON_PAYLOAD" -o /dev/null 2>/dev/null) || http_code="000"
+    fi
+    [[ "$http_code" =~ ^2[0-9]{2}$ ]] && break
+    [[ "$attempt" -lt 3 ]] && sleep 1
+  done
 
   POST_TO_API_DONE=true
 }
@@ -769,10 +794,15 @@ post_to_api_vm() {
 EOF
   )
 
-  # Fire-and-forget: never block, never fail
-  curl -fsS -m "${TELEMETRY_TIMEOUT}" -X POST "${TELEMETRY_URL}" \
-    -H "Content-Type: application/json" \
-    -d "$JSON_PAYLOAD" &>/dev/null || true
+  # Send initial "installing" record with retry (must succeed for updates to work)
+  local http_code="" attempt
+  for attempt in 1 2 3; do
+    http_code=$(curl -sS -w "%{http_code}" -m "${TELEMETRY_TIMEOUT}" -X POST "${TELEMETRY_URL}" \
+      -H "Content-Type: application/json" \
+      -d "$JSON_PAYLOAD" -o /dev/null 2>/dev/null) || http_code="000"
+    [[ "$http_code" =~ ^2[0-9]{2}$ ]] && break
+    [[ "$attempt" -lt 3 ]] && sleep 1
+  done
 
   POST_TO_API_DONE=true
 }
@@ -868,7 +898,7 @@ post_update_to_api() {
   esac
 
   # For failed/unknown status, resolve exit code and error description
-  local short_error=""
+  local short_error="" medium_error=""
   if [[ "$pb_status" == "failed" ]] || [[ "$pb_status" == "unknown" ]]; then
     if [[ "$raw_exit_code" =~ ^[0-9]+$ ]]; then
       exit_code="$raw_exit_code"
@@ -888,6 +918,18 @@ post_update_to_api() {
     short_error=$(json_escape "$(explain_exit_code "$exit_code")")
     error_category=$(categorize_error "$exit_code")
     [[ -z "$error" ]] && error="Unknown error"
+
+    # Build medium error for attempt 2: explanation + last 100 log lines (≤16KB)
+    # This is the critical middle ground between full 120KB log and generic-only description
+    local medium_log=""
+    medium_log=$(get_full_log 16384) || true # 16KB max
+    if [[ -z "$medium_log" ]]; then
+      medium_log=$(get_error_text) || true
+    fi
+    local medium_full
+    medium_full=$(build_error_string "$exit_code" "$medium_log")
+    medium_error=$(json_escape "$medium_full")
+    [[ -z "$medium_error" ]] && medium_error="$short_error"
   fi
 
   # Calculate duration if timer was started
@@ -904,6 +946,11 @@ post_update_to_api() {
 
   local http_code=""
 
+  # Strip 'G' suffix from disk size (VMs set DISK_SIZE=32G)
+  local DISK_SIZE_API="${DISK_SIZE:-0}"
+  DISK_SIZE_API="${DISK_SIZE_API%G}"
+  [[ ! "$DISK_SIZE_API" =~ ^[0-9]+$ ]] && DISK_SIZE_API=0
+
   # ── Attempt 1: Full payload with complete error text (includes full log) ──
   local JSON_PAYLOAD
   JSON_PAYLOAD=$(
@@ -915,7 +962,7 @@ post_update_to_api() {
     "nsapp": "${NSAPP:-unknown}",
     "status": "${pb_status}",
     "ct_type": ${CT_TYPE:-1},
-    "disk_size": ${DISK_SIZE:-0},
+    "disk_size": ${DISK_SIZE_API},
     "core_count": ${CORE_COUNT:-0},
     "ram_size": ${RAM_SIZE:-0},
     "os_type": "${var_os:-}",
@@ -946,7 +993,7 @@ EOF
     return 0
   fi
 
-  # ── Attempt 2: Short error text (no full log) ──
+  # ── Attempt 2: Medium error text (truncated log ≤16KB instead of full 120KB) ──
   sleep 1
   local RETRY_PAYLOAD
   RETRY_PAYLOAD=$(
@@ -958,7 +1005,7 @@ EOF
     "nsapp": "${NSAPP:-unknown}",
     "status": "${pb_status}",
     "ct_type": ${CT_TYPE:-1},
-    "disk_size": ${DISK_SIZE:-0},
+    "disk_size": ${DISK_SIZE_API},
     "core_count": ${CORE_COUNT:-0},
     "ram_size": ${RAM_SIZE:-0},
     "os_type": "${var_os:-}",
@@ -966,7 +1013,7 @@ EOF
     "pve_version": "${pve_version}",
     "method": "${METHOD:-default}",
     "exit_code": ${exit_code},
-    "error": "${short_error}",
+    "error": "${medium_error}",
     "error_category": "${error_category}",
     "install_duration": ${duration},
     "cpu_vendor": "${cpu_vendor}",
@@ -989,7 +1036,7 @@ EOF
     return 0
   fi
 
-  # ── Attempt 3: Minimal payload (bare minimum to set status) ──
+  # ── Attempt 3: Minimal payload with medium error (bare minimum to set status) ──
   sleep 2
   local MINIMAL_PAYLOAD
   MINIMAL_PAYLOAD=$(
@@ -1001,7 +1048,7 @@ EOF
     "nsapp": "${NSAPP:-unknown}",
     "status": "${pb_status}",
     "exit_code": ${exit_code},
-    "error": "${short_error}",
+    "error": "${medium_error}",
     "error_category": "${error_category}",
     "install_duration": ${duration}
 }

misc/error_handler.func

@@ -195,6 +195,14 @@ if ! declare -f explain_exit_code &>/dev/null; then
     247) echo "Node.js: Fatal internal error" ;;
     248) echo "Node.js: Invalid C++ addon / N-API failure" ;;
     249) echo "npm/pnpm/yarn: Unknown fatal error" ;;
+
+    # --- Application Install/Update Errors (250-254) ---
+    250) echo "App: Download failed or version not determined" ;;
+    251) echo "App: File extraction failed (corrupt or incomplete archive)" ;;
+    252) echo "App: Required file or resource not found" ;;
+    253) echo "App: Data migration required — update aborted" ;;
+    254) echo "App: User declined prompt or input timed out" ;;
+
     255) echo "DPKG: Fatal internal error" ;;
     *) echo "Unknown error" ;;
     esac
@@ -400,10 +408,29 @@ _send_abort_telemetry() {
   [[ "${DIAGNOSTICS:-no}" == "no" ]] && return 0
   [[ -z "${RANDOM_UUID:-}" ]] && return 0
 
-  # Collect last 20 log lines for error diagnosis (best-effort)
+  # Collect last 200 log lines for error diagnosis (best-effort)
+  # Container context has no get_full_log(), so we gather as much as possible
   local error_text=""
+  local logfile=""
   if [[ -n "${INSTALL_LOG:-}" && -s "${INSTALL_LOG}" ]]; then
-    error_text=$(tail -n 20 "$INSTALL_LOG" 2>/dev/null | sed 's/\x1b\[[0-9;]*[a-zA-Z]//g; s/\\/\\\\/g; s/"/\\"/g; s/\r//g' | tr '\n' '|' | sed 's/|$//' | tr -d '\000-\010\013\014\016-\037\177') || true
+    logfile="${INSTALL_LOG}"
+  elif [[ -n "${SILENT_LOGFILE:-}" && -s "${SILENT_LOGFILE}" ]]; then
+    logfile="${SILENT_LOGFILE}"
+  fi
+
+  if [[ -n "$logfile" ]]; then
+    error_text=$(tail -n 200 "$logfile" 2>/dev/null | sed 's/\x1b\[[0-9;]*[a-zA-Z]//g; s/\\/\\\\/g; s/"/\\"/g; s/\r//g' | tr '\n' '|' | sed 's/|$//' | head -c 16384 | tr -d '\000-\010\013\014\016-\037\177') || true
+  fi
+
+  # Prepend exit code explanation header (like build_error_string does on host)
+  local explanation=""
+  if declare -f explain_exit_code &>/dev/null; then
+    explanation=$(explain_exit_code "$exit_code" 2>/dev/null) || true
+  fi
+  if [[ -n "$explanation" && -n "$error_text" ]]; then
+    error_text="exit_code=${exit_code} | ${explanation}|---|${error_text}"
+  elif [[ -n "$explanation" && -z "$error_text" ]]; then
+    error_text="exit_code=${exit_code} | ${explanation}"
   fi
 
   # Calculate duration if start time is available
@@ -412,10 +439,17 @@ _send_abort_telemetry() {
     duration=$(($(date +%s) - DIAGNOSTICS_START_TIME))
   fi
 
+  # Categorize error if function is available (may not be in minimal container context)
+  local error_category=""
+  if declare -f categorize_error &>/dev/null; then
+    error_category=$(categorize_error "$exit_code" 2>/dev/null) || true
+  fi
+
   # Build JSON payload with error context
   local payload
   payload="{\"random_id\":\"${RANDOM_UUID}\",\"execution_id\":\"${EXECUTION_ID:-${RANDOM_UUID}}\",\"type\":\"${TELEMETRY_TYPE:-lxc}\",\"nsapp\":\"${NSAPP:-${app:-unknown}}\",\"status\":\"failed\",\"exit_code\":${exit_code}"
   [[ -n "$error_text" ]] && payload="${payload},\"error\":\"${error_text}\""
+  [[ -n "$error_category" ]] && payload="${payload},\"error_category\":\"${error_category}\""
   [[ -n "$duration" ]] && payload="${payload},\"duration\":${duration}"
   payload="${payload}}"