feat(build): add SDN vnet selection in advanced install

List Proxmox SDN vnets in the bridge step and use pct vnet= when selected.

Co-authored-by: Cursor <cursoragent@cursor.com>

ct/apache-airflow.sh

@@ -1,75 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/apache/airflow
-
-APP="Apache-Airflow"
-var_tags="${var_tags:-workflow;scheduler;automation}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-4096}"
-var_disk="${var_disk:-16}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_arm64="${var_arm64:-no}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/airflow ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  INSTALLED=$(cat ~/.airflow 2>/dev/null || echo "0")
-  LATEST=$(curl -fsSL "https://pypi.org/pypi/apache-airflow/json" | jq -r '.info.version')
-
-  if [[ "$INSTALLED" == "$LATEST" ]]; then
-    msg_ok "Already on the latest version (${LATEST})"
-    exit
-  fi
-
-  msg_info "Stopping Services"
-  systemctl stop airflow-api-server airflow-scheduler airflow-dag-processor airflow-triggerer
-  msg_ok "Stopped Services"
-
-  create_backup /opt/airflow/.env
-
-  msg_info "Updating Apache Airflow to ${LATEST}"
-  $STD uv pip install --python /opt/airflow/.venv/bin/python \
-    "apache-airflow[postgres,fab]==${LATEST}" \
-    --constraint "https://raw.githubusercontent.com/apache/airflow/constraints-${LATEST}/constraints-3.12.txt"
-  echo "${LATEST}" >~/.airflow
-  msg_ok "Updated Apache Airflow to ${LATEST}"
-
-  restore_backup
-
-  msg_info "Running Database Migrations"
-  set -a && source /opt/airflow/.env && set +a
-  $STD /opt/airflow/.venv/bin/airflow db migrate
-  msg_ok "Ran Database Migrations"
-
-  msg_info "Starting Services"
-  systemctl start airflow-api-server airflow-scheduler airflow-dag-processor airflow-triggerer
-  msg_ok "Started Services"
-  msg_ok "Updated successfully!"
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080${CL}"

ct/headers/apache-airflow

@@ -1,6 +0,0 @@
-    ___                     __               ___    _      ______             
-   /   |  ____  ____ ______/ /_  ___        /   |  (_)____/ __/ /___ _      __
-  / /| | / __ \/ __ `/ ___/ __ \/ _ \______/ /| | / / ___/ /_/ / __ \ | /| / /
- / ___ |/ /_/ / /_/ / /__/ / / /  __/_____/ ___ |/ / /  / __/ / /_/ / |/ |/ / 
-/_/  |_/ .___/\__,_/\___/_/ /_/\___/     /_/  |_/_/_/  /_/ /_/\____/|__/|__/  
-      /_/                                                                     

install/apache-airflow-install.sh

@@ -1,141 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/apache/airflow
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  build-essential \
-  libpq-dev \
-  libssl-dev \
-  libffi-dev \
-  python3-dev
-msg_ok "Installed Dependencies"
-
-UV_PYTHON="3.12" setup_uv
-PG_VERSION="16" setup_postgresql
-PG_DB_NAME="airflow" PG_DB_USER="airflow" setup_postgresql_db
-
-msg_info "Installing Apache Airflow"
-AIRFLOW_VERSION="3.2.1"
-mkdir -p /opt/airflow/{dags,logs,plugins}
-cd /opt/airflow
-$STD uv venv --python 3.12
-$STD uv pip install --python /opt/airflow/.venv/bin/python \
-  "apache-airflow[postgres,fab]==${AIRFLOW_VERSION}" \
-  --constraint "https://raw.githubusercontent.com/apache/airflow/constraints-${AIRFLOW_VERSION}/constraints-3.12.txt"
-echo "${AIRFLOW_VERSION}" >~/.airflow
-msg_ok "Installed Apache Airflow"
-
-msg_info "Configuring Application"
-FERNET_KEY=$(/opt/airflow/.venv/bin/python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())")
-SECRET_KEY=$(openssl rand -hex 32)
-ADMIN_PASS=$(openssl rand -base64 12 | tr -dc 'a-zA-Z0-9' | cut -c1-12)
-cat <<EOF >/opt/airflow/.env
-AIRFLOW_HOME=/opt/airflow
-AIRFLOW__DATABASE__SQL_ALCHEMY_CONN=postgresql+psycopg2://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}
-AIRFLOW__CORE__EXECUTOR=LocalExecutor
-AIRFLOW__CORE__FERNET_KEY=${FERNET_KEY}
-AIRFLOW__CORE__DAGS_FOLDER=/opt/airflow/dags
-AIRFLOW__CORE__LOAD_EXAMPLES=false
-AIRFLOW__CORE__AUTH_MANAGER=airflow.providers.fab.auth_manager.fab_auth_manager.FabAuthManager
-AIRFLOW__API__AUTH_BACKENDS=airflow.api.auth.backend.basic_auth,airflow.api.auth.backend.session
-AIRFLOW__WEBSERVER__SECRET_KEY=${SECRET_KEY}
-AIRFLOW__WEBSERVER__BASE_URL=http://${LOCAL_IP}:8080
-AIRFLOW_ADMIN_PASSWORD=${ADMIN_PASS}
-EOF
-set -a && source /opt/airflow/.env && set +a
-$STD /opt/airflow/.venv/bin/airflow db migrate
-$STD /opt/airflow/.venv/bin/airflow users create \
-  --username admin \
-  --firstname Admin \
-  --lastname User \
-  --role Admin \
-  --email admin@example.com \
-  --password "${ADMIN_PASS}"
-msg_ok "Configured Application"
-
-msg_info "Creating Services"
-cat <<EOF >/etc/systemd/system/airflow-api-server.service
-[Unit]
-Description=Apache Airflow API Server
-After=network.target postgresql.service
-
-[Service]
-Type=simple
-User=root
-EnvironmentFile=/opt/airflow/.env
-ExecStart=/opt/airflow/.venv/bin/airflow api-server --port 8080
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-cat <<EOF >/etc/systemd/system/airflow-scheduler.service
-[Unit]
-Description=Apache Airflow Scheduler
-After=network.target postgresql.service
-
-[Service]
-Type=simple
-User=root
-EnvironmentFile=/opt/airflow/.env
-ExecStart=/opt/airflow/.venv/bin/airflow scheduler
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-cat <<EOF >/etc/systemd/system/airflow-dag-processor.service
-[Unit]
-Description=Apache Airflow DAG Processor
-After=network.target postgresql.service
-
-[Service]
-Type=simple
-User=root
-EnvironmentFile=/opt/airflow/.env
-ExecStart=/opt/airflow/.venv/bin/airflow dag-processor
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-cat <<EOF >/etc/systemd/system/airflow-triggerer.service
-[Unit]
-Description=Apache Airflow Triggerer
-After=network.target postgresql.service
-
-[Service]
-Type=simple
-User=root
-EnvironmentFile=/opt/airflow/.env
-ExecStart=/opt/airflow/.venv/bin/airflow triggerer
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now airflow-api-server airflow-scheduler airflow-dag-processor airflow-triggerer
-msg_ok "Created Services"
-
-motd_ssh
-customize
-cleanup_lxc

misc/build.func

@@ -519,6 +519,19 @@ validate_bridge() {
   return 0
 }
 
+# ------------------------------------------------------------------------------
+# validate_sdn_vnet()
+#
+# - Validates that an SDN vnet exists in the cluster config
+# ------------------------------------------------------------------------------
+validate_sdn_vnet() {
+  local vnet="$1"
+  [[ -z "$vnet" ]] && return 1
+  [[ -f /etc/pve/sdn/vnets.cfg ]] && grep -qE "^vnet:[[:space:]]*${vnet}([[:space:]]|$)" /etc/pve/sdn/vnets.cfg && return 0
+  command -v pvesh &>/dev/null && pvesh get "/cluster/sdn/vnets/${vnet}" &>/dev/null && return 0
+  return 1
+}
+
 # ------------------------------------------------------------------------------
 # validate_gateway_in_subnet()
 #
@@ -964,6 +977,7 @@ base_settings() {
   HN="$requested_hostname"
 
   BRG=${var_brg:-"vmbr0"}
+  SDN_VNET=${var_sdn_vnet:-""}
   NET=${var_net:-"dhcp"}
 
   # Resolve IP range if NET contains a range (e.g., 192.168.1.100/24-192.168.1.200/24)
@@ -1075,7 +1089,7 @@ load_vars_file() {
     var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
     var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
     var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain
-    var_post_install
+    var_post_install var_sdn_vnet
   )
 
   # Whitelist check helper
@@ -1250,6 +1264,12 @@ load_vars_file() {
             continue
           fi
           ;;
+        var_sdn_vnet)
+          if [[ -n "$var_val" ]] && ! validate_sdn_vnet "$var_val"; then
+            msg_warn "SDN vnet '$var_val' from $file not found, ignoring"
+            continue
+          fi
+          ;;
         var_container_storage | var_template_storage)
           # Validate that the storage exists and is active on the current node
           local _storage_status
@@ -1293,7 +1313,7 @@ default_var_settings() {
     var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
     var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
     var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
-    var_post_install
+    var_post_install var_sdn_vnet
   )
 
   # Snapshot: environment variables (highest precedence)
@@ -1472,7 +1492,7 @@ if ! declare -p VAR_WHITELIST >/dev/null 2>&1; then
     var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
     var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
     var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain
-    var_post_install
+    var_post_install var_sdn_vnet
   )
 fi
 
@@ -1682,6 +1702,7 @@ _build_current_app_vars_tmp() {
 
     [ -n "$_hostname" ] && echo "var_hostname=$(_sanitize_value "$_hostname")"
     [ -n "$_searchdomain" ] && echo "var_searchdomain=$(_sanitize_value "$_searchdomain")"
+    [ -n "${var_sdn_vnet:-}" ] && echo "var_sdn_vnet=$(_sanitize_value "${var_sdn_vnet}")"
 
     [ -n "$_tpl_storage" ] && echo "var_template_storage=$(_sanitize_value "$_tpl_storage")"
     [ -n "$_ct_storage" ] && echo "var_container_storage=$(_sanitize_value "$_ct_storage")"
@@ -1842,6 +1863,7 @@ advanced_settings() {
   local _core_count="${var_cpu:-1}"
   local _ram_size="${var_ram:-1024}"
   local _bridge="${var_brg:-vmbr0}"
+  local _sdn_vnet="${var_sdn_vnet:-}"
   local _net="${var_net:-dhcp}"
   local _gate="${var_gateway:-}"
   local _ipv6_method="${var_ipv6_method:-auto}"
@@ -1921,6 +1943,11 @@ advanced_settings() {
         fi
       done <<<"$BRIDGES"
     fi
+    if [[ -f /etc/pve/sdn/vnets.cfg ]]; then
+      while IFS= read -r vnet; do
+        [[ -n "$vnet" ]] && BRIDGE_MENU_OPTIONS+=("sdn:${vnet}" "[SDN] ${vnet}")
+      done < <(awk '/^vnet:/{print $2}' /etc/pve/sdn/vnets.cfg 2>/dev/null)
+    fi
   }
   _detect_bridges
 
@@ -2153,8 +2180,18 @@ advanced_settings() {
           if [[ "$bridge_test" == "__other__" || "$bridge_test" == -* ]]; then
             continue
           fi
-          if validate_bridge "$bridge_test"; then
+          if [[ "$bridge_test" == sdn:* ]]; then
+            local vnet_test="${bridge_test#sdn:}"
+            if validate_sdn_vnet "$vnet_test"; then
+              _sdn_vnet="$vnet_test"
+              _bridge="${var_brg:-vmbr0}"
+              ((STEP++))
+            else
+              whiptail --msgbox "SDN vnet '$vnet_test' is not configured on this cluster." 8 58
+            fi
+          elif validate_bridge "$bridge_test"; then
             _bridge="$bridge_test"
+            _sdn_vnet=""
             ((STEP++))
           else
             whiptail --msgbox "Bridge '$bridge_test' is not available or not active." 8 58
@@ -2891,6 +2928,7 @@ Advanced:
   var_timezone="$_ct_timezone"
   var_apt_cacher="$_apt_cacher"
   var_apt_cacher_ip="$_apt_cacher_ip"
+  var_sdn_vnet="$_sdn_vnet"
 
   # Format optional values
   [[ -n "$_mtu" ]] && MTU=",mtu=$_mtu" || MTU=""
@@ -3782,6 +3820,9 @@ build_container() {
   #  if [ "$VERBOSE" == "yes" ]; then set -x; fi
 
   NET_STRING="-net0 name=eth0,bridge=${BRG:-vmbr0}"
+  if [[ -n "${var_sdn_vnet:-${SDN_VNET:-}}" ]]; then
+    NET_STRING="-net0 name=eth0,vnet=${var_sdn_vnet:-$SDN_VNET}"
+  fi
 
   # MAC
   if [[ -n "$MAC" ]]; then