fix(cross-seed): downgrade Node.js to v22 LTS to fix better-sqlite3 build failure

2026-06-11 18:15:15 +02:00 · 2026-06-04 11:11:18 +02:00
74 changed files with 541 additions and 2278 deletions
@@ -0,0 +1,16 @@
+# CodeGraph data files
+# These are local to each machine and should not be committed
+
+# Database
+*.db
+*.db-wal
+*.db-shm
+
+# Cache
+cache/
+
+# Logs
+*.log
+
+# Hook markers
+.dirty
@@ -1,23 +1,3 @@
-## 2026-05-31
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Manyfold: regenerate Rails credentials on update to fix encryption mimatch [@MickLesk](https://github.com/MickLesk) ([#14817](https://github.com/community-scripts/ProxmoxVE/pull/14817))
-    - OpenThread-BR: use correct ipv6 configuration [@tomfrenzel](https://github.com/tomfrenzel) ([#14829](https://github.com/community-scripts/ProxmoxVE/pull/14829))
-
-  - #### 🔧 Refactor
-
-    - Webtrees: use PHP CLI for initial setup instead of curl to setup wizard [@MickLesk](https://github.com/MickLesk) ([#14818](https://github.com/community-scripts/ProxmoxVE/pull/14818))
-    - Kima-Hub: use curl_with_retry for ML model downloads to fix possible timeout issues [@MickLesk](https://github.com/MickLesk) ([#14816](https://github.com/community-scripts/ProxmoxVE/pull/14816))
-
-### 🧰 Tools
-
-  - #### 🔧 Refactor
-
-    - PBS4-Upgrade: update current PBS3 packages before switching to Trixie repos [@MickLesk](https://github.com/MickLesk) ([#14815](https://github.com/community-scripts/ProxmoxVE/pull/14815))
-
 ## 2026-05-30

 ### 🚀 Updated Scripts
@@ -1,121 +0,0 @@
-## 2026-06-06
-
-### 🆕 New Scripts
-
-  - Spliit ([#14966](https://github.com/community-scripts/ProxmoxVE/pull/14966))
- Tolgee ([#14965](https://github.com/community-scripts/ProxmoxVE/pull/14965))
- XYOps ([#14967](https://github.com/community-scripts/ProxmoxVE/pull/14967))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Photoprism: Allow env variables with spaces [@Badintral](https://github.com/Badintral) ([#14969](https://github.com/community-scripts/ProxmoxVE/pull/14969))
-
-## 2026-06-05
-
-### 🆕 New Scripts
-
-  - MatterJS-Server ([#14951](https://github.com/community-scripts/ProxmoxVE/pull/14951))
- CyberChef ([#14952](https://github.com/community-scripts/ProxmoxVE/pull/14952))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Jackett: Create missing .env file [@tremor021](https://github.com/tremor021) ([#14959](https://github.com/community-scripts/ProxmoxVE/pull/14959))
-    - OpenThread-BR: use systemd instead of init.d [@tomfrenzel](https://github.com/tomfrenzel) ([#14942](https://github.com/community-scripts/ProxmoxVE/pull/14942))
-
-  - #### ✨ New Features
-
-    - AMD IGPU support [@Learath](https://github.com/Learath) ([#14944](https://github.com/community-scripts/ProxmoxVE/pull/14944))
-
-  - #### 💥 Breaking Changes
-
-    - update authentik to 2026.5.2 [@thieneret](https://github.com/thieneret) ([#14846](https://github.com/community-scripts/ProxmoxVE/pull/14846))
-
-## 2026-06-04
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Fix status messages for several alpine scripts [@tremor021](https://github.com/tremor021) ([#14911](https://github.com/community-scripts/ProxmoxVE/pull/14911))
-    - ReactiveResume: Fix Service Path [@MickLesk](https://github.com/MickLesk) ([#14926](https://github.com/community-scripts/ProxmoxVE/pull/14926))
-    - Jellyfin: install intel-igc deps before intel-opencl-icd to fix dependency order [@MickLesk](https://github.com/MickLesk) ([#14927](https://github.com/community-scripts/ProxmoxVE/pull/14927))
-
-  - #### 🔧 Refactor
-
-    - OpenThread-BR: use official GitHub releases [@tomfrenzel](https://github.com/tomfrenzel) ([#14916](https://github.com/community-scripts/ProxmoxVE/pull/14916))
-    - Grist: remove extra text at the end of installation [@tremor021](https://github.com/tremor021) ([#14905](https://github.com/community-scripts/ProxmoxVE/pull/14905))
-
-### ❔ Uncategorized
-
-  - chore(ct): sync sparkyfitness defaults with PocketBase [@github-actions[bot]](https://github.com/github-actions[bot]) ([#14925](https://github.com/community-scripts/ProxmoxVE/pull/14925))
-
-## 2026-06-03
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Glance: Use separate directory for configuration files [@tremor021](https://github.com/tremor021) ([#14906](https://github.com/community-scripts/ProxmoxVE/pull/14906))
-
-### 💾 Core
-
-  - #### 🐞 Bug Fixes
-
-    - [core]: Fix alignment for `msg_` functions [@tremor021](https://github.com/tremor021) ([#14908](https://github.com/community-scripts/ProxmoxVE/pull/14908))
-
-## 2026-06-02
-
-### 🆕 New Scripts
-
-  - DDNS-Updater ([#14883](https://github.com/community-scripts/ProxmoxVE/pull/14883))
- InvoiceShelf ([#14882](https://github.com/community-scripts/ProxmoxVE/pull/14882))
- Certimate ([#14881](https://github.com/community-scripts/ProxmoxVE/pull/14881))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - OpenThread-BR: preserve config during update [@tomfrenzel](https://github.com/tomfrenzel) ([#14893](https://github.com/community-scripts/ProxmoxVE/pull/14893))
-    - infisical: fix update abort due to creds field mismatch (#14868) [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#14870](https://github.com/community-scripts/ProxmoxVE/pull/14870))
-
-  - #### ✨ New Features
-
-    - feat(degoog): enable default valkey cache integration [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#14871](https://github.com/community-scripts/ProxmoxVE/pull/14871))
-
-  - #### 🔧 Refactor
-
-    - chore: bump Node version in selected scripts [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#14873](https://github.com/community-scripts/ProxmoxVE/pull/14873))
-
-### 💾 Core
-
-  - #### ✨ New Features
-
-    - tools.func: add support for Rust installation profile in setup_rust [@MickLesk](https://github.com/MickLesk) ([#14872](https://github.com/community-scripts/ProxmoxVE/pull/14872))
-
-### 📂 Github
-
-  - fix(workflow): only flag node drift when local is behind upstream [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#14874](https://github.com/community-scripts/ProxmoxVE/pull/14874))
-
-## 2026-06-01
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - fix(dispatcharr): forward nginx port for M3U URLs on new installs [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#14862](https://github.com/community-scripts/ProxmoxVE/pull/14862))
-    - Set environment paths in service for apprise-api-install.sh [@SystemIdleProcess](https://github.com/SystemIdleProcess) ([#14805](https://github.com/community-scripts/ProxmoxVE/pull/14805))
-    - fix(fireshare): rebuild client on update to fix nginx 500 [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#14848](https://github.com/community-scripts/ProxmoxVE/pull/14848))
-    - Fix Kan build failure (TS7016 nodemailer) [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#14856](https://github.com/community-scripts/ProxmoxVE/pull/14856))
-    - fix(firefly): set Data Importer APP_URL for subdirectory install [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#14847](https://github.com/community-scripts/ProxmoxVE/pull/14847))
-    - kan: extend fetch_and_deploy_gh_tag to use 'latest' tag [@MickLesk](https://github.com/MickLesk) ([#14853](https://github.com/community-scripts/ProxmoxVE/pull/14853))
-    - Glance: preserve glance.yml across updates [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#14845](https://github.com/community-scripts/ProxmoxVE/pull/14845))
-    - NginxProxymanager: set Certbot version in npm.service environment variable (2.15.0) [@MickLesk](https://github.com/MickLesk) ([#14843](https://github.com/community-scripts/ProxmoxVE/pull/14843))
-    - [FileFlows] Fix service handling by using systemctl --all with quoted glob [@adrianmusante](https://github.com/adrianmusante) ([#14838](https://github.com/community-scripts/ProxmoxVE/pull/14838))
-
-  - #### ✨ New Features
-
-    - Kometa: also update Quickstart in update_script [@MickLesk](https://github.com/MickLesk) ([#14529](https://github.com/community-scripts/ProxmoxVE/pull/14529))
@@ -59,9 +59,6 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit



-
-
-



@@ -75,14 +72,7 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit


 <details>
-<summary><h4>June (6 entries)</h4></summary>
-
-[View June 2026 Changelog](.github/changelogs/2026/06.md)
-
-</details>
-
-<details>
-<summary><h4>May (31 entries)</h4></summary>
+<summary><h4>May (30 entries)</h4></summary>

 [View May 2026 Changelog](.github/changelogs/2026/05.md)

@@ -480,136 +470,14 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit

 </details>

-## 2026-06-11
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Jotty: Fix wrong path test in config restore [@vhsdream](https://github.com/vhsdream) ([#15038](https://github.com/community-scripts/ProxmoxVE/pull/15038))
-    - Fix for cross-seed after node upgrade [@TorinFrancis](https://github.com/TorinFrancis) ([#15025](https://github.com/community-scripts/ProxmoxVE/pull/15025))
-
-### 💾 Core
-
-  - #### ✨ New Features
-
-    - misc scripts: add support for arm64 [@asylumexp](https://github.com/asylumexp) ([#12639](https://github.com/community-scripts/ProxmoxVE/pull/12639))
-
-## 2026-06-10
-
-### 🆕 New Scripts
-
-  - Baserow ([#14968](https://github.com/community-scripts/ProxmoxVE/pull/14968))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Koillection: Fix update procedure [@tremor021](https://github.com/tremor021) ([#15033](https://github.com/community-scripts/ProxmoxVE/pull/15033))
-
-## 2026-06-09
-
-### 🆕 New Scripts
-
-  - paperclip ([#14990](https://github.com/community-scripts/ProxmoxVE/pull/14990))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - endurain: Install pytz package during backend setup [@MickLesk](https://github.com/MickLesk) ([#15014](https://github.com/community-scripts/ProxmoxVE/pull/15014))
-
-  - #### 🔧 Refactor
-
-    - Refactor: Proxmox Backup Server - use deb822 [@MickLesk](https://github.com/MickLesk) ([#15013](https://github.com/community-scripts/ProxmoxVE/pull/15013))
-
-## 2026-06-08
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - security: Fix HTTP to HTTPS for all package and repository downloads [@MickLesk](https://github.com/MickLesk) ([#15009](https://github.com/community-scripts/ProxmoxVE/pull/15009))
-    - homelable: preserve MCP server config across updates [@ferr079](https://github.com/ferr079) ([#14996](https://github.com/community-scripts/ProxmoxVE/pull/14996))
-    - changedetection: migrate Python install to uv venv [@ferr079](https://github.com/ferr079) ([#14995](https://github.com/community-scripts/ProxmoxVE/pull/14995))
-
-  - #### 🔧 Refactor
-
-    - Update Flowwiseai to node 24 [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#14999](https://github.com/community-scripts/ProxmoxVE/pull/14999))
-
-### 🧰 Tools
-
-  - #### 🐞 Bug Fixes
-
-    - security: Fix MITM RCE vulnerability in microcode scripts (CVE) [@MickLesk](https://github.com/MickLesk) ([#15007](https://github.com/community-scripts/ProxmoxVE/pull/15007))
-
-## 2026-06-07
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Immich: use actual installed PostgreSQL version for vchord package [@MickLesk](https://github.com/MickLesk) ([#14989](https://github.com/community-scripts/ProxmoxVE/pull/14989))
-
-  - #### 🔧 Refactor
-
-    - Navidrome: remove genereic filebrowser addon setup [@MickLesk](https://github.com/MickLesk) ([#14991](https://github.com/community-scripts/ProxmoxVE/pull/14991))
-
-## 2026-06-06
-
-### 🆕 New Scripts
-
-  - Spliit ([#14966](https://github.com/community-scripts/ProxmoxVE/pull/14966))
- Tolgee ([#14965](https://github.com/community-scripts/ProxmoxVE/pull/14965))
- XYOps ([#14967](https://github.com/community-scripts/ProxmoxVE/pull/14967))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Photoprism: Allow env variables with spaces [@Badintral](https://github.com/Badintral) ([#14969](https://github.com/community-scripts/ProxmoxVE/pull/14969))
-
-## 2026-06-05
-
-### 🆕 New Scripts
-
-  - MatterJS-Server ([#14951](https://github.com/community-scripts/ProxmoxVE/pull/14951))
- CyberChef ([#14952](https://github.com/community-scripts/ProxmoxVE/pull/14952))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Jackett: Create missing .env file [@tremor021](https://github.com/tremor021) ([#14959](https://github.com/community-scripts/ProxmoxVE/pull/14959))
-    - OpenThread-BR: use systemd instead of init.d [@tomfrenzel](https://github.com/tomfrenzel) ([#14942](https://github.com/community-scripts/ProxmoxVE/pull/14942))
-
-  - #### ✨ New Features
-
-    - AMD IGPU support [@Learath](https://github.com/Learath) ([#14944](https://github.com/community-scripts/ProxmoxVE/pull/14944))
-
-  - #### 💥 Breaking Changes
-
-    - update authentik to 2026.5.2 [@thieneret](https://github.com/thieneret) ([#14846](https://github.com/community-scripts/ProxmoxVE/pull/14846))
-
 ## 2026-06-04

 ### 🚀 Updated Scripts

-  - #### 🐞 Bug Fixes
-
-    - Fix status messages for several alpine scripts [@tremor021](https://github.com/tremor021) ([#14911](https://github.com/community-scripts/ProxmoxVE/pull/14911))
-    - ReactiveResume: Fix Service Path [@MickLesk](https://github.com/MickLesk) ([#14926](https://github.com/community-scripts/ProxmoxVE/pull/14926))
-    - Jellyfin: install intel-igc deps before intel-opencl-icd to fix dependency order [@MickLesk](https://github.com/MickLesk) ([#14927](https://github.com/community-scripts/ProxmoxVE/pull/14927))
-
  - #### 🔧 Refactor

-    - OpenThread-BR: use official GitHub releases [@tomfrenzel](https://github.com/tomfrenzel) ([#14916](https://github.com/community-scripts/ProxmoxVE/pull/14916))
    - Grist: remove extra text at the end of installation [@tremor021](https://github.com/tremor021) ([#14905](https://github.com/community-scripts/ProxmoxVE/pull/14905))

-### ❔ Uncategorized
-
-  - chore(ct): sync sparkyfitness defaults with PocketBase [@github-actions[bot]](https://github.com/github-actions[bot]) ([#14925](https://github.com/community-scripts/ProxmoxVE/pull/14925))
-
 ## 2026-06-03

 ### 🚀 Updated Scripts
@@ -1117,4 +985,145 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit

  - #### 🐞 Bug Fixes

-    - tools.func: fix meilisearch import-dump background process handling [@MickLesk](https://github.com/MickLesk) ([#14341](https://github.com/community-scripts/ProxmoxVE/pull/14341))
+    - tools.func: fix meilisearch import-dump background process handling [@MickLesk](https://github.com/MickLesk) ([#14341](https://github.com/community-scripts/ProxmoxVE/pull/14341))
+
+## 2026-05-07
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - termix: create /tmp/nginx before nginx -t [@MickLesk](https://github.com/MickLesk) ([#14312](https://github.com/community-scripts/ProxmoxVE/pull/14312))
+    - The Lounge: Fix service not starting automaticaly [@tremor021](https://github.com/tremor021) ([#14311](https://github.com/community-scripts/ProxmoxVE/pull/14311))
+    - netbird-lxc: fix installation check [@MickLesk](https://github.com/MickLesk) ([#14309](https://github.com/community-scripts/ProxmoxVE/pull/14309))
+    - databasus: Backup and secure configuration file [@MickLesk](https://github.com/MickLesk) ([#14308](https://github.com/community-scripts/ProxmoxVE/pull/14308))
+    - vm: update disk image URL for Ubuntu 25.04 [@MickLesk](https://github.com/MickLesk) ([#14290](https://github.com/community-scripts/ProxmoxVE/pull/14290))
+
+  - #### ✨ New Features
+
+    - pangolin: bump version to 1.18.3 [@MickLesk](https://github.com/MickLesk) ([#14297](https://github.com/community-scripts/ProxmoxVE/pull/14297))
+
+### 🗑️ Deleted Scripts
+
+  - Remove: LiteLLM [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#14294](https://github.com/community-scripts/ProxmoxVE/pull/14294))
+
+### 💾 Core
+
+  - #### ✨ New Features
+
+    - update-apps: some  improvements [@MickLesk](https://github.com/MickLesk) ([#14275](https://github.com/community-scripts/ProxmoxVE/pull/14275))
+
+## 2026-05-06
+
+### 🆕 New Scripts
+
+  - Hoodik ([#14279](https://github.com/community-scripts/ProxmoxVE/pull/14279))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Pelican-Panel: create backup subdirectory before copying storage [@MickLesk](https://github.com/MickLesk) ([#14274](https://github.com/community-scripts/ProxmoxVE/pull/14274))
+    - Rustdeskserver: remove redundant else with undefined RELEASE var [@MickLesk](https://github.com/MickLesk) ([#14272](https://github.com/community-scripts/ProxmoxVE/pull/14272))
+
+### 🧰 Tools
+
+  - #### 🔧 Refactor
+
+    - AdguardHome-Sync replace ifconfig with hostname -I for IP detection [@MickLesk](https://github.com/MickLesk) ([#14273](https://github.com/community-scripts/ProxmoxVE/pull/14273))
+
+## 2026-05-05
+
+### 🆕 New Scripts
+
+  - LibreChat ([#14247](https://github.com/community-scripts/ProxmoxVE/pull/14247))
+- Matomo ([#14248](https://github.com/community-scripts/ProxmoxVE/pull/14248))
+- Storyteller ([#14122](https://github.com/community-scripts/ProxmoxVE/pull/14122))
+
+### 🧰 Tools
+
+  - Fix container count message in update-apps.sh [@Quotacious](https://github.com/Quotacious) ([#14265](https://github.com/community-scripts/ProxmoxVE/pull/14265))
+
+## 2026-05-04
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Databasus: move .env to filesystem root so service starts correctly [@Copilot](https://github.com/Copilot) ([#14252](https://github.com/community-scripts/ProxmoxVE/pull/14252))
+    - Databasus: update mongo-tools fallback to 100.16.1 and use now pnpm instead of npm ci [@MickLesk](https://github.com/MickLesk) ([#14240](https://github.com/community-scripts/ProxmoxVE/pull/14240))
+
+### 💾 Core
+
+  - #### ✨ New Features
+
+    - tools.func get_latest_gh_tag - add pagination to find prefixed tags beyond first 50 [@MickLesk](https://github.com/MickLesk) ([#14241](https://github.com/community-scripts/ProxmoxVE/pull/14241))
+    - tools.func: add GitLab release check/fetch/deploy helpers [@MickLesk](https://github.com/MickLesk) ([#14242](https://github.com/community-scripts/ProxmoxVE/pull/14242))
+
+## 2026-05-03
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Hortusfox: fix update issues [@tomfrenzel](https://github.com/tomfrenzel) ([#14214](https://github.com/community-scripts/ProxmoxVE/pull/14214))
+
+  - #### ✨ New Features
+
+    - Refactor: PeaNUT for v6 [@MickLesk](https://github.com/MickLesk) ([#14224](https://github.com/community-scripts/ProxmoxVE/pull/14224))
+    - pangolin: pin version, drop manual SQL, use upstream migrator [@MickLesk](https://github.com/MickLesk) ([#14223](https://github.com/community-scripts/ProxmoxVE/pull/14223))
+
+### 💾 Core
+
+  - #### 🐞 Bug Fixes
+
+    - core: fix validate_bridge function [@MichaelOultram](https://github.com/MichaelOultram) ([#14206](https://github.com/community-scripts/ProxmoxVE/pull/14206))
+
+### 🧰 Tools
+
+  - #### 🐞 Bug Fixes
+
+    - pve/pbs scripts: guard sed against missing /etc/apt/sources.list [@MickLesk](https://github.com/MickLesk) ([#14222](https://github.com/community-scripts/ProxmoxVE/pull/14222))
+
+## 2026-05-02
+
+### 🆕 New Scripts
+
+  - protonmail-bridge ([#14136](https://github.com/community-scripts/ProxmoxVE/pull/14136))
+- Tube Archivist ([#14123](https://github.com/community-scripts/ProxmoxVE/pull/14123))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Nagios: Ping fix [@tremor021](https://github.com/tremor021) ([#14186](https://github.com/community-scripts/ProxmoxVE/pull/14186))
+    - opnsense-vm: retry pvesm alloc on transient zfs 'got timeout' errors [@MickLesk](https://github.com/MickLesk) ([#14157](https://github.com/community-scripts/ProxmoxVE/pull/14157))
+    - ImmichFrame: fix update by reinstalling dotnet-sdk before publish [@MickLesk](https://github.com/MickLesk) ([#14158](https://github.com/community-scripts/ProxmoxVE/pull/14158))
+    - [FIX]ShelfMark: Use UV sync for shelfmark backend build; update to Python 3.14 [@vhsdream](https://github.com/vhsdream) ([#14170](https://github.com/community-scripts/ProxmoxVE/pull/14170))
+    - alpine: remove deb/ubuntu-only resource & storage checks from update-script [@MickLesk](https://github.com/MickLesk) ([#14166](https://github.com/community-scripts/ProxmoxVE/pull/14166))
+    - Threadfin: use 'threadfin-app' as app name to avoid version-file clash  [@MickLesk](https://github.com/MickLesk) ([#14159](https://github.com/community-scripts/ProxmoxVE/pull/14159))
+
+### 💾 Core
+
+  - #### ✨ New Features
+
+    - core: prompt to also run installed addon update scripts (…/bin/update_*) after update_script [@MickLesk](https://github.com/MickLesk) ([#14162](https://github.com/community-scripts/ProxmoxVE/pull/14162))
+
+## 2026-05-01
+
+### 🆕 New Scripts
+
+  - SoulSync ([#14124](https://github.com/community-scripts/ProxmoxVE/pull/14124))
+- Teable ([#14125](https://github.com/community-scripts/ProxmoxVE/pull/14125))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Step ca update [@heinemannj](https://github.com/heinemannj) ([#14058](https://github.com/community-scripts/ProxmoxVE/pull/14058))
+    - paperless-ngx: refresh NLTK data on update [@kurtislanderson](https://github.com/kurtislanderson) ([#14144](https://github.com/community-scripts/ProxmoxVE/pull/14144))
+    - [Pelican Panel] stop deleting the public storage [@LetterN](https://github.com/LetterN) ([#14145](https://github.com/community-scripts/ProxmoxVE/pull/14145))
+
+  - #### 🔧 Refactor
+
+    - Mail-Archiver: update dependencies [@tremor021](https://github.com/tremor021) ([#14152](https://github.com/community-scripts/ProxmoxVE/pull/14152))
@@ -55,6 +55,5 @@ build_container
 description

 msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW}Access it using the following URL:${CL}"
-echo -e "${GATEWAY}${BGN}http://${IP}:3000${CL}"
+echo -e "${APP} should be reachable by going to the following URL.
+         ${BL}http://${IP}:3000${CL} \n"
@@ -54,9 +54,8 @@ start
 build_container
 description

-msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW}Access it using the following URL:${CL}"
-echo -e "${GATEWAY}${BGN}http://${IP}:3100${CL}"
-echo -e "${INFO}${YW}Access Promtail using the following URL:${CL}"
-echo -e "${GATEWAY}${BGN}http://${IP}:9080${CL}"
+msg_ok "Completed Successfully!\n"
+echo -e "${APP} should be reachable by going to the following URL.
+         ${BL}http://${IP}:3100${CL} \n"
+echo -e "Promtail should be reachable by going to the following URL.
+         ${BL}http://${IP}:9080${CL} \n"
@@ -57,6 +57,5 @@ build_container
 description

 msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW}Access it using the following URL:${CL}"
-echo -e "${GATEWAY}${BGN}https://${IP}${CL}"
+echo -e "${APP} should be reachable by going to the following URL.
+         ${BL}https://${IP}${CL} \n"
@@ -58,6 +58,5 @@ build_container
 description

 msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW}Connect to Redis CLI using the following command:${CL}"
-echo -e "${GATEWAY}${BGN}redis-cli -h ${IP} -p 6379${CL}"
+echo -e "${APP} should be reachable on port 6379.
+         ${BL}redis-cli -h ${IP} -p 6379${CL} \n"
@@ -59,6 +59,5 @@ build_container
 description

 msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW}Connect to Valkey CLI using the following command:${CL}"
-echo -e "${GATEWAY}${BGN}valkey-cli -h ${IP} -p 6379${CL}"
+echo -e "${APP} should be reachable on port 6379.
+         ${BL}valkey-cli -h ${IP} -p 6379${CL} \n"
@@ -60,6 +60,5 @@ build_container
 description

 msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW}Access it using the following URL:${CL}"
-echo -e "${GATEWAY}${BGN}https://${IP}:8000${CL}"
+echo -e "${APP} should be reachable by going to the following URL.
+         ${BL}https://${IP}:8000${CL} \n"
@@ -8,7 +8,7 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV
 APP="authentik"
 var_tags="${var_tags:-auth}"
 var_cpu="${var_cpu:-4}"
-var_ram="${var_ram:-8192}"
+var_ram="${var_ram:-4096}"
 var_disk="${var_disk:-16}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
@@ -30,20 +30,12 @@ function update_script() {
    exit
  fi

-  read -r MAJOR MINOR PATCH <<< "$(sed 's/^version\///; s/\./ /g' "$HOME/.authentik")"
-
-  msg_info "Update dependencies"
-  ensure_dependencies crossbuild-essential-amd64 gcc-x86-64-linux-gnu cmake clang libunwind-18-dev
-  msg_ok "Update dependencies"
-
  NODE_VERSION="24" setup_nodejs
  setup_go
  UV_PYTHON_INSTALL_DIR="/usr/local/bin" PYTHON_VERSION="3.14.3" setup_uv
-  RUST_PROFILE="minimal" RUST_TOOLCHAIN="stable" setup_rust
-  setup_yq
+  setup_rust

-  AUTHENTIK_VERSION="version/2026.5.2"
-  # Source: https://github.com/goauthentik/fips/blob/main/Makefile#L26
+  AUTHENTIK_VERSION="version/2026.2.3"
  XMLSEC_VERSION="1.3.11"

  if check_for_gh_release "geoipupdate" "maxmind/geoipupdate"; then
@@ -79,13 +71,7 @@ function update_script() {

    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "authentik" "goauthentik/authentik" "tarball" "${AUTHENTIK_VERSION}" "/opt/authentik"

-	msg_info "Configuring rust"
-	cd /opt/authentik
-	$STD rustup install
-	$STD rustup default "$(sed -n 's/channel = "\(.*\)"/\1/p' rust-toolchain.toml)"
-	msg_ok "Configured rust"
-
-	msg_info "Updating web"
+    msg_info "Updating web"
    cd /opt/authentik/web
    export NODE_ENV="production"
    $STD npm install
@@ -103,14 +89,6 @@ function update_script() {
 	$STD go build -o /opt/authentik/radius ./cmd/radius
    msg_ok "Updated go proxy"

-	msg_info "Building worker"
-	export AWS_LC_FIPS_SYS_CC="clang"
-	cd /opt/authentik
-	$STD cargo build --package authentik --no-default-features --features core --locked --release --jobs 1
-	cp ./target/release/authentik /opt/authentik/authentik-worker
-	rm -r ./target
-	msg_ok "Built worker"
-
    msg_info "Updating python server"
    export UV_NO_BINARY_PACKAGE="cryptography lxml python-kadmin-rs xmlsec"
    export UV_COMPILE_BYTECODE="1"
@@ -122,103 +100,6 @@ function update_script() {
    $STD uv sync --frozen --no-install-project --no-dev
    chown -R authentik:authentik /opt/authentik
    msg_ok "Updated python server"
-
-    if [[ $MAJOR == 2026 && $MINOR -lt 5 ]]; then
-	  msg_info "Updating Worker and Server config"
-	  cp /etc/authentik/config.yml /etc/authentik/config.bak
-	  yq -i ".postgresql.conn_max_age = 0" /etc/authentik/config.yml
-	  yq -i ".postgresql.conn_health_checks = false" /etc/authentik/config.yml
-	  yq -i ".listen.debug_tokio = \"[::]:6669\"" /etc/authentik/config.yml
-      yq -i ".log.rust_log.console_subscriber = \"info\"" /etc/authentik/config.yml
-      yq -i ".log.rust_log.h2 = \"info\""  /etc/authentik/config.yml
-      yq -i ".log.rust_log.hyper_util = \"warn\"" /etc/authentik/config.yml
-      yq -i ".log.rust_log.mio = \"info\"" /etc/authentik/config.yml
-      yq -i ".log.rust_log.notify = \"info\"" /etc/authentik/config.yml
-	  yq -i ".log.rust_log.reqwest = \"info\"" /etc/authentik/config.yml
-      yq -i ".log.rust_log.runtime = \"info\"" /etc/authentik/config.yml
-      yq -i ".log.rust_log.rustls = \"info\"" /etc/authentik/config.yml
-      yq -i ".log.rust_log.sqlx = \"info\"" /etc/authentik/config.yml
-      yq -i ".log.rust_log.sqlx_postgres = \"info\"" /etc/authentik/config.yml
-      yq -i ".log.rust_log.tokio = \"info\"" /etc/authentik/config.yml
-      yq -i ".log.rust_log.tungstenite = \"info\"" /etc/authentik/config.yml
-	  yq -i ".web.workers = 2" /etc/authentik/config.yml
-	  mv /etc/default/authentik /etc/default/authentik.bak
-	  cat <<EOF >/etc/default/authentik-server
-TMPDIR=/dev/shm/
-UV_LINK_MODE=copy
-UV_PYTHON_DOWNLOADS=0
-UV_NATIVE_TLS=1
-VENV_PATH=/opt/authentik/.venv
-PYTHONDONTWRITEBYTECODE=1
-PYTHONUNBUFFERED=1
-PATH=/opt/authentik/lifecycle:/opt/authentik/.venv/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin:/bin
-DJANGO_SETTINGS_MODULE=authentik.root.settings
-PROMETHEUS_MULTIPROC_DIR="/tmp/authentik_prometheus_tmp"
-AUTHENTIK_LISTEN__HTTP="[::]:9000"
-AUTHENTIK_LISTEN__HTTPS="[::]:9443"
-AUTHENTIK_LISTEN__METRICS="[::]:9300"
-EOF
-	  cat <<EOF >/etc/default/authentik-worker
-TMPDIR=/dev/shm/
-UV_LINK_MODE=copy
-UV_PYTHON_DOWNLOADS=0
-UV_NATIVE_TLS=1
-VENV_PATH=/opt/authentik/.venv
-PYTHONDONTWRITEBYTECODE=1
-PYTHONUNBUFFERED=1
-PATH=/opt/authentik/lifecycle:/opt/authentik/.venv/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin:/bin
-DJANGO_SETTINGS_MODULE=authentik.root.settings
-PROMETHEUS_MULTIPROC_DIR="/tmp/authentik_prometheus_tmp"
-AUTHENTIK_LISTEN__HTTP="[::]:8000"
-AUTHENTIK_LISTEN__HTTPS="[::]:8443"
-AUTHENTIK_LISTEN__METRICS="[::]:8300"
-EOF
-	  msg_ok "Updated Worker and Server config!"
-	  msg_warn "Please check /etc/default/authentik-worker and /etc/default/authentik-server config files for port configurations!"
-
-	  msg_info "Updating services"
-	  cat <<EOF >/etc/systemd/system/authentik-server.service
-[Unit]
-Description=authentik Go Server (API Gateway)
-After=network.target
-Wants=postgresql.service
-
-[Service]
-User=authentik
-Group=authentik
-ExecStartPre=/usr/bin/mkdir -p "\${PROMETHEUS_MULTIPROC_DIR}"
-ExecStart=/opt/authentik/authentik-server
-WorkingDirectory=/opt/authentik/
-Restart=always
-RestartSec=5
-EnvironmentFile=/etc/default/authentik-server
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-	  cat <<EOF >/etc/systemd/system/authentik-worker.service
-[Unit]
-Description=authentik Worker
-After=network.target postgresql.service
-
-[Service]
-User=authentik
-Group=authentik
-Type=simple
-EnvironmentFile=/etc/default/authentik-worker
-ExecStartPre=/usr/bin/mkdir -p "\${PROMETHEUS_MULTIPROC_DIR}"
-ExecStart=/opt/authentik/authentik-worker worker
-WorkingDirectory=/opt/authentik
-Restart=always
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-	  systemctl daemon-reload
-	  msg_ok "Updated services"
-	fi
  fi

  msg_info "Starting Services"
@@ -269,5 +150,7 @@ description

 msg_ok "Completed successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}https://${IP}:9443${CL}"
+echo -e "${INFO}${YW} Initial setup URL:${CL}"
+echo -e "${GATEWAY}${BGN}http://${IP}:9000/if/flow/initial-setup/${CL}"
+echo -e "${INFO}${YW}Access it using the following URL:${CL}"
+echo -e "${GATEWAY}${BGN}http://${IP}:9000${CL}"
@@ -1,82 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/baserow/baserow
-
-APP="Baserow"
-var_tags="${var_tags:-database;nocode;spreadsheet}"
-var_cpu="${var_cpu:-4}"
-var_ram="${var_ram:-10240}"
-var_disk="${var_disk:-15}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_arm64="${var_arm64:-no}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/baserow ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "baserow" "baserow/baserow"; then
-    msg_info "Stopping Services"
-    systemctl stop baserow-backend baserow-celery baserow-celery-beat baserow-celery-export baserow-frontend
-    msg_ok "Stopped Services"
-
-    msg_info "Backing up Data"
-    cp /opt/baserow/.env /opt/baserow.env.bak
-    msg_ok "Backed up Data"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "baserow" "baserow/baserow" "tarball"
-
-    msg_info "Restoring Configuration"
-    cp /opt/baserow.env.bak /opt/baserow/.env
-    rm -f /opt/baserow.env.bak
-    msg_ok "Restored Configuration"
-
-    msg_info "Updating Backend Dependencies"
-    cd /opt/baserow/backend
-    $STD uv sync --frozen --no-dev
-    msg_ok "Updated Backend Dependencies"
-
-    msg_info "Updating Frontend"
-    cd /opt/baserow/web-frontend
-    $STD npm install
-    $STD npm run build
-    msg_ok "Updated Frontend"
-
-    msg_info "Running Migrations"
-    cd /opt/baserow/backend
-    set -a && source /opt/baserow/.env && set +a
-    export PYTHONPATH="/opt/baserow/backend/src:/opt/baserow/premium/backend/src:/opt/baserow/enterprise/backend/src"
-    $STD /opt/baserow/backend/.venv/bin/python src/baserow/manage.py migrate
-    msg_ok "Ran Migrations"
-
-    msg_info "Starting Services"
-    systemctl start baserow-backend baserow-celery baserow-celery-beat baserow-celery-export baserow-frontend
-    msg_ok "Started Services"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"
@@ -34,32 +34,13 @@ function update_script() {

  NODE_VERSION="24" setup_nodejs

-  VENV_PATH="/opt/changedetection/.venv"
-  CHANGEDETECTION_BIN="${VENV_PATH}/bin/changedetection.io"
+  msg_info "Updating ${APP}"
+  $STD pip3 install changedetection.io --upgrade --break-system-packages --ignore-installed typing_extensions
+  msg_ok "Updated ${APP}"

-  PYTHON_VERSION="3.13" setup_uv
-
-  if [[ ! -d "$VENV_PATH" || ! -x "$CHANGEDETECTION_BIN" ]]; then
-    msg_info "Migrating to uv/venv"
-    rm -rf "$VENV_PATH"
-    $STD uv venv --clear "$VENV_PATH"
-    $STD "$VENV_PATH/bin/python" -m ensurepip --upgrade
-    $STD "$VENV_PATH/bin/python" -m pip install --upgrade pip
-    $STD "$VENV_PATH/bin/python" -m pip install changedetection.io playwright
-    msg_ok "Migrated to uv/venv"
-  else
-    msg_info "Updating ${APP}"
-    $STD "$VENV_PATH/bin/python" -m pip install --upgrade changedetection.io playwright
-    msg_ok "Updated ${APP}"
-  fi
-
-  SERVICE_FILE="/etc/systemd/system/changedetection.service"
-  if ! grep -q "${VENV_PATH}/bin/changedetection.io" "$SERVICE_FILE"; then
-    msg_info "Updating systemd service"
-    sed -i "s|^ExecStart=.*|ExecStart=${VENV_PATH}/bin/changedetection.io -d /opt/changedetection -p 5000|" "$SERVICE_FILE"
-    $STD systemctl daemon-reload
-    msg_ok "Updated systemd service"
-  fi
+  msg_info "Updating Playwright"
+  $STD pip3 install playwright --upgrade --break-system-packages
+  msg_ok "Updated Playwright"

  if [[ -f /etc/systemd/system/browserless.service ]]; then
    msg_info "Updating Browserless (Patience)"
@@ -25,7 +25,7 @@ function update_script() {
  check_container_storage
  check_container_resources

-  NODE_VERSION="24" setup_nodejs
+  NODE_VERSION="26" setup_nodejs
  ensure_dependencies build-essential

  if command -v cross-seed &>/dev/null; then
@@ -1,62 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: ethan-hgwr
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/gchq/CyberChef
-
-APP="CyberChef"
-var_tags="${var_tags:-security;data;tools}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-4096}"
-var_disk="${var_disk:-4}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_arm64="${var_arm64:-no}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/cyberchef ]]; then
-      msg_error "No ${APP} Installation Found!"
-      exit
-  fi
-
-  if check_for_gh_release "cyberchef" "gchq/CyberChef"; then
-    msg_info "Stopping Service"
-    systemctl stop caddy
-    msg_ok "Stopped Service"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "cyberchef" "gchq/CyberChef" "tarball"
-
-    msg_info "Building CyberChef"
-    cd /opt/cyberchef
-    $STD npm ci --ignore-scripts
-    $STD npm run postinstall
-    $STD npm run build
-    msg_ok "Built CyberChef"
-
-    msg_info "Starting Service"
-    systemctl start caddy
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}${CL}"
@@ -64,7 +64,6 @@ function update_script() {
    $STD poetry export -f requirements.txt --output requirements.txt --without-hashes
    $STD uv venv --clear
    $STD uv pip install -r requirements.txt
-    $STD uv pip install pytz
    msg_ok "Backend Updated"

    msg_info "Starting Service"
@@ -29,7 +29,7 @@ function update_script() {
    exit
  fi

-  NODE_VERSION="24" NODE_MODULE="pnpm" setup_nodejs
+  NODE_VERSION="20" NODE_MODULE="pnpm" setup_nodejs

  msg_info "Updating FlowiseAI (this may take some time)"
  systemctl stop flowise
@@ -1,6 +0,0 @@
-    ____                                    
-   / __ )____ _________  _________ _      __
-  / __  / __ `/ ___/ _ \/ ___/ __ \ | /| / /
- / /_/ / /_/ (__  )  __/ /  / /_/ / |/ |/ / 
-/_____/\__,_/____/\___/_/   \____/|__/|__/  
-                                            
@@ -1,6 +0,0 @@
-   ______      __              ________         ____
-  / ____/_  __/ /_  ___  _____/ ____/ /_  ___  / __/
- / /   / / / / __ \/ _ \/ ___/ /   / __ \/ _ \/ /_  
-/ /___/ /_/ / /_/ /  __/ /  / /___/ / / /  __/ __/  
-\____/\__, /_.___/\___/_/   \____/_/ /_/\___/_/     
-     /____/                                         
@@ -1,6 +0,0 @@
-    __  ___      __  __                _______      _____                          
-   /  |/  /___ _/ /_/ /____  _____    / / ___/     / ___/___  ______   _____  _____
-  / /|_/ / __ `/ __/ __/ _ \/ ___/_  / /\__ \______\__ \/ _ \/ ___/ | / / _ \/ ___/
- / /  / / /_/ / /_/ /_/  __/ /  / /_/ /___/ /_____/__/ /  __/ /   | |/ /  __/ /    
-/_/  /_/\__,_/\__/\__/\___/_/   \____//____/     /____/\___/_/    |___/\___/_/     
-                                                                                   
@@ -1,6 +0,0 @@
-    ____                             ___     
-   / __ \____ _____  ___  __________/ (_)___ 
-  / /_/ / __ `/ __ \/ _ \/ ___/ ___/ / / __ \
- / ____/ /_/ / /_/ /  __/ /  / /__/ / / /_/ /
-/_/    \__,_/ .___/\___/_/   \___/_/_/ .___/ 
-           /_/                      /_/      
@@ -1,6 +0,0 @@
-   _____       ___ _ __ 
-  / ___/____  / (_|_) /_
-  \__ \/ __ \/ / / / __/
- ___/ / /_/ / / / / /_  
-/____/ .___/_/_/_/\__/  
-    /_/                 
@@ -1,6 +0,0 @@
-  ______      __              
- /_  __/___  / /___ ____  ___ 
-  / / / __ \/ / __ `/ _ \/ _ \
- / / / /_/ / / /_/ /  __/  __/
-/_/  \____/_/\__, /\___/\___/ 
-            /____/            
@@ -1,6 +0,0 @@
-               ____            
-   _  ____  __/ __ \____  _____
-  | |/_/ / / / / / / __ \/ ___/
- _>  </ /_/ / /_/ / /_/ (__  ) 
-/_/|_|\__, /\____/ .___/____/  
-     /____/     /_/            
@@ -38,9 +38,6 @@ function update_script() {
    msg_info "Backing up Configuration and Data"
    cp /opt/homelable/backend/.env /opt/homelable.env.bak
    cp -r /opt/homelable/data /opt/homelable_data_bak
-    if [[ -f /opt/homelable/mcp/.env ]]; then
-      cp -a /opt/homelable/mcp/.env /opt/homelable-mcp.env.bak
-    fi
    msg_ok "Backed up Configuration and Data"

    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "homelable" "Pouzor/homelable" "tarball" "latest" "/opt/homelable"
@@ -64,19 +61,6 @@ function update_script() {
    rm -rf /opt/homelable_data_bak
    msg_ok "Restored Configuration and Data"

-    if [[ -f /opt/homelable-mcp.env.bak ]]; then
-      msg_info "Restoring MCP Server"
-      cp -a /opt/homelable-mcp.env.bak /opt/homelable/mcp/.env
-      rm -f /opt/homelable-mcp.env.bak
-      MCP_OWNER=$(stat -c '%U' /opt/homelable/mcp/.env)
-      cd /opt/homelable/mcp
-      $STD uv venv --clear /opt/homelable/mcp/.venv
-      $STD uv pip install --python /opt/homelable/mcp/.venv/bin/python -r requirements.txt
-      chown -R "$MCP_OWNER":"$MCP_OWNER" /opt/homelable/mcp
-      systemctl restart homelable-mcp
-      msg_ok "Restored MCP Server"
-    fi
-
    msg_info "Starting Service"
    systemctl start homelable
    msg_ok "Started Service"
@@ -36,13 +36,13 @@ function update_script() {

    # Fetch compute-runtime first so /tmp/gh_rel.json is populated for IGC tag resolution
    fetch_and_deploy_gh_release "intel-libgdgmm12" "intel/compute-runtime" "binary" "latest" "" "libigdgmm12_*_amd64.deb"
+    fetch_and_deploy_gh_release "intel-opencl-icd" "intel/compute-runtime" "binary" "latest" "" "intel-opencl-icd_*_amd64.deb"

    local igc_tag
    _resolve_igc_tag igc_tag

    fetch_and_deploy_gh_release "intel-igc-core-2" "intel/intel-graphics-compiler" "binary" "$igc_tag" "" "intel-igc-core-2_*_amd64.deb"
    fetch_and_deploy_gh_release "intel-igc-opencl-2" "intel/intel-graphics-compiler" "binary" "$igc_tag" "" "intel-igc-opencl-2_*_amd64.deb"
-    fetch_and_deploy_gh_release "intel-opencl-icd" "intel/compute-runtime" "binary" "latest" "" "intel-opencl-icd_*_amd64.deb"
    msg_ok "Updated Intel Dependencies"
  fi

@@ -47,7 +47,7 @@ function update_script() {
    msg_info "Restoring configuration & data"
    mv /opt/app.env /opt/jotty/.env
    [[ -d /opt/data ]] && mv /opt/data /opt/jotty/data
-    [[ -d /opt/config ]] && cp -a /opt/config/* /opt/jotty/config && rm -rf /opt/config
+    [[ -d /opt/jotty/config ]] && cp -a /opt/config/* /opt/jotty/config && rm -rf /opt/config
    msg_ok "Restored configuration & data"

    msg_info "Starting Service"
@@ -43,9 +43,10 @@ function update_script() {
    fetch_and_deploy_gh_release "koillection" "benjaminjonard/koillection" "tarball"

    msg_info "Updating Koillection"
+    cd /opt/koillection 
    cp -r /opt/koillection-backup/.env.local /opt/koillection
    cp -r /opt/koillection-backup/public/uploads/. /opt/koillection/public/uploads/
-
+    
    # Ensure APP_RUNTIME is in .env.local for CLI commands (upgrades from older versions)
    if ! grep -q "APP_RUNTIME" /opt/koillection/.env.local 2>/dev/null; then
      # Ensure file ends with newline before appending to avoid concatenation
@@ -53,13 +54,12 @@ function update_script() {
      echo 'APP_RUNTIME="Symfony\Component\Runtime\SymfonyRuntime"' >>/opt/koillection/.env.local
    fi
    NODE_VERSION="26" NODE_MODULE="yarn" setup_nodejs
-    cd /opt/koillection
    export COMPOSER_ALLOW_SUPERUSER=1
    export APP_RUNTIME='Symfony\Component\Runtime\SymfonyRuntime'
    $STD composer install --no-dev -o --no-interaction --classmap-authoritative
    $STD php bin/console doctrine:migrations:migrate --no-interaction
    $STD php bin/console app:translations:dump
-    cd assets/
+    cd assets/ 
    $STD yarn install
    $STD yarn build
    mkdir -p /opt/koillection/public/uploads
@@ -67,7 +67,7 @@ function update_script() {
    chown -R www-data:www-data /opt/koillection/var/log
    chown -R www-data:www-data /opt/koillection/public/uploads
    rm -r /opt/koillection-backup
-
+    
    # Ensure APP_RUNTIME is set in Apache config (for upgrades from older versions)
    if ! grep -q "APP_RUNTIME" /etc/apache2/sites-available/koillection.conf 2>/dev/null; then
      sed -i '/<VirtualHost/a\    SetEnv APP_RUNTIME "Symfony\\Component\\Runtime\\SymfonyRuntime"' /etc/apache2/sites-available/koillection.conf
@@ -1,64 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/matter-js/matterjs-server
-
-APP="MatterJS-Server"
-var_tags="${var_tags:-matter;iot;smarthome;homeassistant}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-1024}"
-var_disk="${var_disk:-4}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_arm64="${var_arm64:-no}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/matter-server ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  NODE_VERSION="24" setup_nodejs
-  
-  CURRENT=$(cat /opt/matter-server/node_modules/matter-server/package.json | grep '"version"' | head -1 | sed 's/.*"\([^"]*\)".*/\1/')
-  LATEST=$(npm view matter-server version 2>/dev/null)
-  if [[ "$CURRENT" != "$LATEST" ]]; then
-    msg_info "Stopping Service"
-    systemctl stop matterjs-server
-    msg_ok "Stopped Service"
-
-    msg_info "Updating ${APP} from v${CURRENT} to v${LATEST}"
-    cd /opt/matter-server
-    $STD npm install matter-server@latest
-    msg_ok "Updated ${APP}"
-
-    msg_info "Starting Service"
-    systemctl start matterjs-server
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  else
-    msg_ok "No update required. ${APP} is already at v${LATEST}"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:5580${CL}"
@@ -31,7 +31,7 @@ function update_script() {
  fi
  ensure_dependencies python3-lxml
  if ! [[ $(dpkg -s python3-lxml-html-clean 2>/dev/null) ]]; then
-    curl -fsSL --proto '=https' "https://archive.ubuntu.com/ubuntu/pool/universe/l/lxml-html-clean/python3-lxml-html-clean_0.1.1-1_all.deb" -o /opt/python3-lxml-html-clean.deb
+    curl -fsSL "http://archive.ubuntu.com/ubuntu/pool/universe/l/lxml-html-clean/python3-lxml-html-clean_0.1.1-1_all.deb" -o /opt/python3-lxml-html-clean.deb
    $STD dpkg -i /opt/python3-lxml-html-clean.deb
    rm -f /opt/python3-lxml-html-clean.deb
  fi
@@ -2,7 +2,7 @@
 source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)

 # Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ) | Co-Author: Tom Frenzel (tomfrenzel)
+# Author: MickLesk (CanbiZ)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://openthread.io/guides/border-router

@@ -32,30 +32,29 @@ function update_script() {
    exit
  fi

-  if check_for_gh_release "openthread-br" "openthread/ot-br-posix"; then
-    msg_info "Stopping Services"
-    systemctl stop otbr-web
-    systemctl stop otbr-agent
-    msg_ok "Stopped Services"
+  cd /opt/ot-br-posix
+  LOCAL_COMMIT=$(git rev-parse HEAD)
+  $STD git fetch --depth 1 origin main
+  REMOTE_COMMIT=$(git rev-parse origin/main)

-    if [[ -f /etc/init.d/otbr-agent ]] || [[ -f /etc/init.d/otbr-web ]]; then
-      msg_info "Removing legacy services"
-      rm -f /etc/init.d/otbr-agent /etc/init.d/otbr-web
-      systemctl daemon-reload
-      msg_ok "Removed legacy services"
-    fi
+  if [[ "${LOCAL_COMMIT}" == "${REMOTE_COMMIT}" ]]; then
+    msg_ok "Already up to date (${LOCAL_COMMIT:0:7})"
+    exit
+  fi

-    msg_info "Backing up Configuration"
-    cp /etc/default/otbr-agent /etc/default/otbr-agent.bak
-    msg_ok "Backed up Configuration"
+  msg_info "Stopping Services"
+  systemctl stop otbr-web
+  systemctl stop otbr-agent
+  msg_ok "Stopped Services"

-    msg_info "Fetching GitHub release OpenThread-BR (${CHECK_UPDATE_RELEASE#v})" 
-    cd /opt/ot-br-posix
-    $STD git fetch --depth 1 origin tag "$CHECK_UPDATE_RELEASE"
-    $STD git checkout -f "$CHECK_UPDATE_RELEASE"
-    $STD git submodule update --depth 1 --init --recursive
-    echo "${CHECK_UPDATE_RELEASE#v}" > ~/.openthread-br
-    msg_ok "Deployed GitHub release OpenThread-BR (${CHECK_UPDATE_RELEASE#v})"
+  msg_info "Backing up Configuration"
+  cp /etc/default/otbr-agent /etc/default/otbr-agent.bak
+  msg_ok "Backed up Configuration"
+
+  msg_info "Updating Source"
+  $STD git reset --hard origin/main
+  $STD git submodule update --depth 1 --init --recursive
+  msg_ok "Updated Source"

  msg_info "Rebuilding OpenThread Border Router (Patience)"
  cd /opt/ot-br-posix/build
@@ -68,7 +67,6 @@ function update_script() {
    -DOTBR_WEB=ON \
    -DOTBR_BORDER_ROUTING=ON \
    -DOTBR_BACKBONE_ROUTER=ON \
-    -DOTBR_SYSTEMD_UNIT_DIR=/etc/systemd/system \
    -DOT_FIREWALL=ON \
    -DOT_POSIX_NAT64_CIDR="192.168.255.0/24" \
    ..
@@ -106,7 +104,6 @@ EOF
  systemctl start otbr-web
  msg_ok "Started Services"
  msg_ok "Updated successfully!"
-  fi
  exit
 }

@@ -1,83 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: Fabian Pulch (fpulch)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/paperclipai/paperclip
-
-APP="Paperclip"
-var_tags="${var_tags:-ai;automation;dev-tools}"
-var_cpu="${var_cpu:-4}"
-var_ram="${var_ram:-8192}"
-var_disk="${var_disk:-20}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_arm64="${var_arm64:-no}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/paperclip-ai ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "paperclip-ai" "paperclipai/paperclip"; then
-    msg_info "Stopping Service"
-    systemctl stop paperclip
-    msg_ok "Stopped Service"
-
-    msg_info "Backing up Configuration"
-    cp /opt/paperclip-ai/.env /opt/paperclip.env.bak
-    msg_ok "Backed up Configuration"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "paperclip-ai" "paperclipai/paperclip" "tarball"
-
-    msg_info "Restoring Configuration"
-    mv /opt/paperclip.env.bak /opt/paperclip-ai/.env
-    msg_ok "Restored Configuration"
-
-    msg_info "Rebuilding Paperclip"
-    cd /opt/paperclip-ai
-    export HUSKY=0
-    export NODE_OPTIONS="--max-old-space-size=8192"
-    $STD pnpm install --frozen-lockfile
-    $STD pnpm build
-    unset NODE_OPTIONS
-    msg_ok "Rebuilt Paperclip"
-
-    msg_info "Updating Agent CLIs"
-    $STD npm install -g \
-      @anthropic-ai/claude-code@latest \
-      @openai/codex@latest
-    msg_ok "Updated Agent CLIs"
-
-    msg_info "Running Database Migrations"
-    set -a && source /opt/paperclip-ai/.env && set +a
-    $STD pnpm db:migrate
-    msg_ok "Ran Database Migrations"
-
-    msg_info "Starting Service"
-    systemctl start paperclip
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3100${CL}"
@@ -37,9 +37,7 @@ function update_script() {
    if ! grep -q "photoprism/config/.env" ~/.bashrc 2>/dev/null; then
      msg_info "Adding environment export for CLI tools"
      echo '# Load PhotoPrism environment variables for CLI tools' >>~/.bashrc
-      echo 'set -a' >>~/.bashrc
-      echo 'source /opt/photoprism/config/.env' >>~/.bashrc
-      echo 'set +a' >>~/.bashrc
+      echo 'export $(grep -v "^#" /opt/photoprism/config/.env | xargs)' >>~/.bashrc
      msg_ok "Added environment export"
    fi

@@ -53,7 +53,7 @@ function update_script() {
    msg_ok "Updated Reactive Resume"

    msg_info "Updating Service"
-    sed -i 's|WorkingDirectory=/opt/reactive-resume/apps/web|WorkingDirectory=/opt/reactive-resume/apps/server|; s|ExecStart=/usr/bin/node .output/server/index.mjs|ExecStart=/usr/bin/node dist/index.mjs|' /etc/systemd/system/reactive-resume.service
+    sed -i 's|WorkingDirectory=/opt/reactive-resume$|WorkingDirectory=/opt/reactive-resume/apps/web|' /etc/systemd/system/reactive-resume.service
    systemctl daemon-reload
    msg_ok "Updated Service"

@@ -9,7 +9,7 @@ APP="SparkyFitness"
 var_tags="${var_tags:-health;fitness}"
 var_cpu="${var_cpu:-2}"
 var_ram="${var_ram:-2048}"
-var_disk="${var_disk:-7}"
+var_disk="${var_disk:-4}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_arm64="${var_arm64:-no}"
@@ -1,76 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: phof
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/spliit-app/spliit
-
-APP="Spliit"
-var_tags="${var_tags:-finance;expense-sharing}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-2048}"
-var_disk="${var_disk:-8}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_arm64="${var_arm64:-no}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/spliit ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "spliit" "spliit-app/spliit"; then
-    msg_info "Stopping Service"
-    systemctl stop spliit
-    msg_ok "Stopped Service"
-
-    msg_info "Backing up Configuration"
-    rm -f /opt/spliit.env.bak
-    cp /opt/spliit/.env /opt/spliit.env.bak
-    msg_ok "Backed up Configuration"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "spliit" "spliit-app/spliit" "tarball"
-
-    msg_info "Restoring Configuration"
-    cp /opt/spliit.env.bak /opt/spliit/.env
-    msg_ok "Restored Configuration"
-
-    msg_info "Building Application"
-    cd /opt/spliit
-    $STD npm ci --ignore-scripts
-    $STD npx prisma generate
-    $STD npm run build
-    msg_ok "Built Application"
-
-    msg_info "Running Database Migrations"
-    cd /opt/spliit
-    $STD npx prisma migrate deploy
-    msg_ok "Ran Database Migrations"
-
-    msg_info "Starting Service"
-    systemctl start spliit
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"
@@ -1,56 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/tolgee/tolgee-platform
-
-APP="Tolgee"
-var_tags="${var_tags:-localization;i18n;developer-tools}"
-var_cpu="${var_cpu:-4}"
-var_ram="${var_ram:-4096}"
-var_disk="${var_disk:-20}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_arm64="${var_arm64:-no}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/tolgee ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "tolgee" "tolgee/tolgee-platform"; then
-    msg_info "Stopping Service"
-    systemctl stop tolgee
-    msg_ok "Stopped Service"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "tolgee" "tolgee/tolgee-platform" "singlefile" "latest" "/opt/tolgee" "tolgee-*.jar"
-    find /opt/tolgee -maxdepth 1 -type f -name 'tolgee-*.jar' -exec mv {} /opt/tolgee/tolgee.jar \;
-
-    msg_info "Starting Service"
-    systemctl start tolgee
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080${CL}"
@@ -1,73 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/pixlcore/xyops
-
-APP="xyOps"
-var_tags="${var_tags:-scheduler;automation;monitoring}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-2048}"
-var_disk="${var_disk:-8}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_arm64="${var_arm64:-no}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/xyops ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "xyops" "pixlcore/xyops"; then
-    msg_info "Stopping Service"
-    systemctl stop xyops
-    msg_ok "Stopped Service"
-
-    msg_info "Backing up Data"
-    cp -r /opt/xyops/data /opt/xyops_data_backup
-    cp -r /opt/xyops/conf /opt/xyops_conf_backup
-    msg_ok "Backed up Data"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "xyops" "pixlcore/xyops" "tarball"
-
-    msg_info "Rebuilding Application"
-    cd /opt/xyops
-    $STD npm install
-    $STD node bin/build.js dist
-    chmod 644 /opt/xyops/node_modules/useragent-ng/lib/regexps.js
-    msg_ok "Rebuilt Application"
-
-    msg_info "Restoring Data"
-    cp -r /opt/xyops_data_backup/. /opt/xyops/data
-    cp -r /opt/xyops_conf_backup/. /opt/xyops/conf
-    rm -rf /opt/xyops_data_backup /opt/xyops_conf_backup
-    msg_ok "Restored Data"
-
-    msg_info "Starting Service"
-    systemctl start xyops
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:5522${CL}"
@@ -29,6 +29,8 @@ $STD apt install -y \
  libltdl-dev \
  libpq5 \
  libmaxminddb0 \
+  libkrb5-3 \
+  libkdb5-10 \
  libkadm5clnt-mit12 \
  libkadm5clnt7t64-heimdal \
  libltdl7 \
@@ -42,61 +44,49 @@ $STD apt install -y \
  libtool \
  libtool-bin \
  gcc \
-  crossbuild-essential-amd64 \
-  gcc-x86-64-linux-gnu \
-  cmake \
-  clang \
-  libunwind-18-dev \
  git
 msg_ok "Installed Dependencies"

 NODE_VERSION="24" setup_nodejs
 setup_yq
 setup_go
-RUST_PROFILE="minimal" RUST_TOOLCHAIN="stable" setup_rust
 UV_PYTHON_INSTALL_DIR="/usr/local/bin" PYTHON_VERSION="3.14.3" setup_uv
+setup_rust
 PG_VERSION="17" setup_postgresql
 PG_DB_NAME="authentik" PG_DB_USER="authentik" PG_DB_GRANT_SUPERUSER="true" setup_postgresql_db

 XMLSEC_VERSION="1.3.11"
-AUTHENTIK_VERSION="version/2026.5.2"
+AUTHENTIK_VERSION="version/2026.2.3"
 fetch_and_deploy_gh_release "xmlsec" "lsh123/xmlsec" "tarball" "${XMLSEC_VERSION}" "/opt/xmlsec"
 fetch_and_deploy_gh_release "authentik" "goauthentik/authentik" "tarball" "${AUTHENTIK_VERSION}" "/opt/authentik"
 fetch_and_deploy_gh_release "geoipupdate" "maxmind/geoipupdate" "binary"

-msg_info "Setting up xmlsec"
+msg_info "Setup xmlsec"
 cd /opt/xmlsec
 $STD ./autogen.sh
 $STD make -j $(nproc)
 $STD make check
 $STD make install
 $STD ldconfig
-msg_ok "Setup xmlsec"
+msg_ok "xmlsec installed"

-msg_info "Configuring rust"
-cd /opt/authentik
-$STD rustup install
-$STD rustup default "$(sed -n 's/channel = "\(.*\)"/\1/p' rust-toolchain.toml)"
-msg_ok "Configured rust"
-
-msg_info "Setting up web"
+msg_info "Setup web"
 cd /opt/authentik/web
 export NODE_ENV="production"
 $STD npm install
 $STD npm run build
 $STD npm run build:sfe
-msg_ok "Setup web"
+msg_ok "Web installed"

-msg_info "Setting up go proxy"
+msg_info "Setup go proxy"
 cd /opt/authentik
 export CGO_ENABLED="1"
-export CC="x86_64-linux-gnu-gcc"
 $STD go mod download
 $STD go build -o /opt/authentik/authentik-server ./cmd/server
 $STD go build -o /opt/authentik/ldap ./cmd/ldap
 $STD go build -o /opt/authentik/rac ./cmd/rac
 $STD go build -o /opt/authentik/radius ./cmd/radius
-msg_ok "Setup go proxy"
+msg_ok "Go proxy installed"

 cat <<EOF >/usr/local/etc/GeoIP.conf
 AccountID ChangeME
@@ -109,24 +99,17 @@ EOF

 echo "#39 19 * * 6,4 /usr/bin/geoipupdate -f /usr/local/etc/GeoIP.conf" | crontab -

-msg_info "Building worker"
-export AWS_LC_FIPS_SYS_CC="clang"
-cd /opt/authentik
-$STD cargo build --package authentik --no-default-features --features core --locked --release --jobs 1
-cp ./target/release/authentik /opt/authentik/authentik-worker
-rm -r ./target
-msg_ok "Built worker"
-
-msg_info "Setting up python server"
+msg_info "Setup python server"
 export UV_NO_BINARY_PACKAGE="cryptography lxml python-kadmin-rs xmlsec"
 export UV_COMPILE_BYTECODE="1"
 export UV_LINK_MODE="copy"
 export UV_NATIVE_TLS="1"
+export RUSTUP_PERMIT_COPY_RENAME="true"
 export UV_PYTHON_INSTALL_DIR="/usr/local/bin"
 cd /opt/authentik
 $STD uv sync --frozen --no-install-project --no-dev
 cp /opt/authentik/authentik/sources/kerberos/krb5.conf /etc/krb5.conf
-msg_ok "Setup python server"
+msg_ok "Installed python server"

 msg_info "Creating authentik config"
 mkdir -p /etc/authentik
@@ -142,7 +125,7 @@ yq -i ".storage.file.path = \"/opt/authentik-data\"" /etc/authentik/config.yml
 yq -i ".disable_startup_analytics = \"true\"" /etc/authentik/config.yml
 $STD useradd -U -s /usr/sbin/nologin -r -M -d /opt/authentik authentik
 chown -R authentik:authentik /opt/authentik
-cat <<EOF >/etc/default/authentik-server
+cat <<EOF >/etc/default/authentik
 TMPDIR=/dev/shm/
 UV_LINK_MODE=copy
 UV_PYTHON_DOWNLOADS=0
@@ -153,24 +136,6 @@ PYTHONUNBUFFERED=1
 PATH=/opt/authentik/lifecycle:/opt/authentik/.venv/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin:/bin
 DJANGO_SETTINGS_MODULE=authentik.root.settings
 PROMETHEUS_MULTIPROC_DIR="/tmp/authentik_prometheus_tmp"
-AUTHENTIK_LISTEN__HTTP="[::]:9000"
-AUTHENTIK_LISTEN__HTTPS="[::]:9443"
-AUTHENTIK_LISTEN__METRICS="[::]:9300"
-EOF
-cat <<EOF >/etc/default/authentik-worker
-TMPDIR=/dev/shm/
-UV_LINK_MODE=copy
-UV_PYTHON_DOWNLOADS=0
-UV_NATIVE_TLS=1
-VENV_PATH=/opt/authentik/.venv
-PYTHONDONTWRITEBYTECODE=1
-PYTHONUNBUFFERED=1
-PATH=/opt/authentik/lifecycle:/opt/authentik/.venv/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin:/bin
-DJANGO_SETTINGS_MODULE=authentik.root.settings
-PROMETHEUS_MULTIPROC_DIR="/tmp/authentik_prometheus_tmp"
-AUTHENTIK_LISTEN__HTTP="[::]:8000"
-AUTHENTIK_LISTEN__HTTPS="[::]:8443"
-AUTHENTIK_LISTEN__METRICS="[::]:8300"
 EOF
 cat <<EOF >/etc/default/authentik_ldap
 AUTHENTIK_HOST="https://127.0.0.1:9443"
@@ -187,7 +152,7 @@ AUTHENTIK_HOST="https://127.0.0.1:9443"
 AUTHENTIK_INSECURE="true"
 AUTHENTIK_TOKEN="token-generated-by-authentik"
 EOF
-msg_ok "Created authentik config"
+msg_ok "authentik config created"

 msg_info "Creating services"
 cat <<EOF >/etc/systemd/system/authentik-server.service
@@ -199,12 +164,12 @@ Wants=postgresql.service
 [Service]
 User=authentik
 Group=authentik
-EnvironmentFile=/etc/default/authentik-server
 ExecStartPre=/usr/bin/mkdir -p "\${PROMETHEUS_MULTIPROC_DIR}"
 ExecStart=/opt/authentik/authentik-server
 WorkingDirectory=/opt/authentik/
 Restart=always
 RestartSec=5
+EnvironmentFile=/etc/default/authentik

 [Install]
 WantedBy=multi-user.target
@@ -219,9 +184,8 @@ After=network.target postgresql.service
 User=authentik
 Group=authentik
 Type=simple
-EnvironmentFile=/etc/default/authentik-worker
-ExecStartPre=/usr/bin/mkdir -p "\${PROMETHEUS_MULTIPROC_DIR}"
-ExecStart=/opt/authentik/authentik-worker worker
+EnvironmentFile=/etc/default/authentik
+ExecStart=/usr/local/bin/uv run python -m manage worker --pid-file /dev/shm/authentik-worker.pid
 WorkingDirectory=/opt/authentik
 Restart=always
 RestartSec=5
@@ -286,7 +250,7 @@ EnvironmentFile=/etc/default/authentik_radius
 [Install]
 WantedBy=multi-user.target
 EOF
-msg_ok "Created services"
+msg_ok "Services created"

 motd_ssh
 customize
@@ -1,194 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/baserow/baserow
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  build-essential \
-  libpq-dev \
-  redis-server \
-  gettext \
-  xmlsec1 \
-  git \
-  libffi-dev \
-  libssl-dev \
-  zlib1g-dev \
-  libjpeg-dev \
-  libxml2-dev \
-  libxslt-dev \
-  python3-dev
-msg_ok "Installed Dependencies"
-
-PG_VERSION="16" PG_MODULES="pgvector" setup_postgresql
-PG_DB_NAME="baserow" PG_DB_USER="baserow" setup_postgresql_db
-NODE_VERSION="24" setup_nodejs
-setup_uv
-
-fetch_and_deploy_gh_release "baserow" "baserow/baserow" "tarball"
-
-msg_info "Installing Backend Dependencies"
-cd /opt/baserow/backend
-UV_LINK_MODE="copy"
-$STD uv sync --frozen --no-dev
-msg_ok "Installed Backend Dependencies"
-
-msg_info "Building Frontend"
-cd /opt/baserow/web-frontend
-NODE_OPTIONS="--max-old-space-size=4096" $STD npm install --legacy-peer-deps
-NODE_OPTIONS="--max-old-space-size=4096" $STD npm run build
-msg_ok "Built Frontend"
-
-msg_info "Configuring Baserow"
-SECRET_KEY=$(openssl rand -base64 64 | tr -dc 'a-zA-Z0-9' | head -c50)
-cat <<EOF >/opt/baserow/.env
-DATABASE_HOST=localhost
-DATABASE_PORT=5432
-DATABASE_NAME=${PG_DB_NAME}
-DATABASE_USER=${PG_DB_USER}
-DATABASE_PASSWORD=${PG_DB_PASS}
-SECRET_KEY=${SECRET_KEY}
-BASEROW_JWT_SIGNING_KEY=${SECRET_KEY}
-REDIS_HOST=localhost
-REDIS_PORT=6379
-REDIS_PASSWORD=
-REDIS_PROTOCOL=redis
-BASEROW_PUBLIC_URL=http://${LOCAL_IP}
-PUBLIC_BACKEND_URL=http://${LOCAL_IP}:8000
-PUBLIC_WEB_FRONTEND_URL=http://${LOCAL_IP}:3000
-PRIVATE_BACKEND_URL=http://localhost:8000
-PRIVATE_WEB_FRONTEND_URL=http://localhost:3000
-BASEROW_DISABLE_PUBLIC_URL_CHECK=true
-DJANGO_SETTINGS_MODULE=baserow.config.settings.base
-BASEROW_AMOUNT_OF_WORKERS=2
-MEDIA_ROOT=/opt/baserow/media
-EOF
-mkdir -p /opt/baserow/media
-msg_ok "Configured Baserow"
-
-msg_info "Running Migrations"
-cd /opt/baserow/backend
-set -a && source /opt/baserow/.env && set +a
-export PYTHONPATH="/opt/baserow/backend/src:/opt/baserow/premium/backend/src:/opt/baserow/enterprise/backend/src"
-$STD /opt/baserow/backend/.venv/bin/python src/baserow/manage.py migrate
-$STD /opt/baserow/backend/.venv/bin/python src/baserow/manage.py sync_templates
-msg_ok "Ran Migrations"
-
-msg_info "Creating Services"
-cat <<EOF >/etc/systemd/system/baserow-backend.service
-[Unit]
-Description=Baserow Backend
-After=network.target postgresql.service redis-server.service
-Requires=postgresql.service redis-server.service
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/baserow/backend
-EnvironmentFile=/opt/baserow/.env
-Environment=PYTHONPATH=/opt/baserow/backend/src:/opt/baserow/premium/backend/src:/opt/baserow/enterprise/backend/src
-ExecStart=/opt/baserow/backend/.venv/bin/gunicorn baserow.config.asgi:application -w 2 -k uvicorn.workers.UvicornWorker -b 0.0.0.0:8000
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-cat <<EOF >/etc/systemd/system/baserow-celery.service
-[Unit]
-Description=Baserow Celery Worker
-After=network.target postgresql.service redis-server.service
-Requires=postgresql.service redis-server.service
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/baserow/backend
-EnvironmentFile=/opt/baserow/.env
-Environment=PYTHONPATH=/opt/baserow/backend/src:/opt/baserow/premium/backend/src:/opt/baserow/enterprise/backend/src
-ExecStart=/opt/baserow/backend/.venv/bin/celery -A baserow worker -l INFO
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-cat <<EOF >/etc/systemd/system/baserow-celery-export.service
-[Unit]
-Description=Baserow Celery Export Worker
-After=network.target postgresql.service redis-server.service
-Requires=postgresql.service redis-server.service
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/baserow/backend
-EnvironmentFile=/opt/baserow/.env
-Environment=PYTHONPATH=/opt/baserow/backend/src:/opt/baserow/premium/backend/src:/opt/baserow/enterprise/backend/src
-ExecStart=/opt/baserow/backend/.venv/bin/celery -A baserow worker -l INFO -Q export
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-cat <<EOF >/etc/systemd/system/baserow-celery-beat.service
-[Unit]
-Description=Baserow Celery Beat Scheduler
-After=network.target postgresql.service redis-server.service
-Requires=postgresql.service redis-server.service
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/baserow/backend
-EnvironmentFile=/opt/baserow/.env
-Environment=PYTHONPATH=/opt/baserow/backend/src:/opt/baserow/premium/backend/src:/opt/baserow/enterprise/backend/src
-ExecStart=/opt/baserow/backend/.venv/bin/celery -A baserow beat -l INFO -S redbeat.RedBeatScheduler
-Restart=on-failure
-RestartSec=5
-KillSignal=SIGQUIT
-
-[Install]
-WantedBy=multi-target.target
-EOF
-
-cat <<EOF >/etc/systemd/system/baserow-frontend.service
-[Unit]
-Description=Baserow Web Frontend
-After=network.target baserow-backend.service
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/baserow/web-frontend
-EnvironmentFile=/opt/baserow/.env
-Environment=HOST=0.0.0.0
-Environment=PORT=3000
-ExecStart=/usr/bin/node --import ./env-remap.mjs .output/server/index.mjs
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-systemctl enable -q --now redis-server baserow-backend baserow-celery baserow-celery-export baserow-celery-beat baserow-frontend
-msg_ok "Created Services"
-
-motd_ssh
-customize
-cleanup_lxc
@@ -43,16 +43,19 @@ $STD apt-get install -y \
  ca-certificates
 msg_ok "Installed Dependencies"

-PYTHON_VERSION="3.13" setup_uv
+msg_info "Setup Python3"
+$STD apt-get install -y \
+  python3 \
+  python3-dev \
+  python3-pip
+rm -rf /usr/lib/python3.*/EXTERNALLY-MANAGED
+msg_ok "Setup Python3"

 NODE_VERSION="24" setup_nodejs

 msg_info "Installing Change Detection"
-mkdir -p /opt/changedetection
-$STD uv venv --clear /opt/changedetection/.venv
-$STD /opt/changedetection/.venv/bin/python -m ensurepip --upgrade
-$STD /opt/changedetection/.venv/bin/python -m pip install --upgrade pip
-$STD /opt/changedetection/.venv/bin/python -m pip install changedetection.io
+mkdir /opt/changedetection
+$STD pip3 install changedetection.io
 cat <<EOF >/opt/changedetection/.env
 WEBDRIVER_URL=http://127.0.0.1:4444/wd/hub
 PLAYWRIGHT_DRIVER_URL=ws://localhost:3000/chrome?launch=eyJkZWZhdWx0Vmlld3BvcnQiOnsiaGVpZ2h0Ijo3MjAsIndpZHRoIjoxMjgwfSwiaGVhZGxlc3MiOmZhbHNlLCJzdGVhbHRoIjp0cnVlfQ==&blockAds=true
@@ -61,7 +64,7 @@ msg_ok "Installed Change Detection"

 msg_info "Installing Browserless & Playwright"
 mkdir /opt/browserless
-$STD /opt/changedetection/.venv/bin/python -m pip install playwright
+$STD python3 -m pip install playwright
 $STD git clone https://github.com/browserless/chrome /opt/browserless
 $STD npm ci --include=optional --include=dev --prefix /opt/browserless
 $STD /opt/browserless/node_modules/playwright-core/cli.js install --with-deps &>/dev/null
@@ -118,7 +121,7 @@ Wants=browserless.service
 Type=simple
 EnvironmentFile=/opt/changedetection/.env
 WorkingDirectory=/opt/changedetection
-ExecStart=/opt/changedetection/.venv/bin/changedetection.io -d /opt/changedetection -p 5000
+ExecStart=changedetection.io -d /opt/changedetection -p 5000

 [Install]
 WantedBy=multi-user.target
@@ -17,7 +17,7 @@ msg_info "Installing Dependencies"
 $STD apt install -y build-essential
 msg_ok "Installed Dependencies"

-NODE_VERSION="24" setup_nodejs
+NODE_VERSION="22" setup_nodejs

 msg_info "Setup Cross-Seed"
 $STD npm install cross-seed@latest -g
@@ -1,43 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: ethan-hgwr
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/gchq/CyberChef
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y caddy
-msg_ok "Installed Dependencies"
-
-NODE_VERSION="24" setup_nodejs
-fetch_and_deploy_gh_release "cyberchef" "gchq/CyberChef" "tarball"
-
-msg_info "Building CyberChef (Patience)"
-cd /opt/cyberchef
-$STD npm ci --ignore-scripts
-$STD npm run postinstall
-$STD npm run build
-msg_ok "Built CyberChef"
-
-msg_info "Configuring Caddy"
-cat <<EOF >/etc/caddy/Caddyfile
-:80 {
-    root * /opt/cyberchef/build/prod
-    file_server
-}
-EOF
-systemctl enable -q --now caddy
-systemctl reload caddy
-msg_ok "Configured Caddy"
-
-motd_ssh
-customize
-cleanup_lxc
@@ -16,14 +16,14 @@ update_os
 msg_info "Setting Phoscon Repository"
 setup_deb822_repo \
  "deconz" \
-  "https://phoscon.de/apt/deconz.pub.key" \
-  "https://phoscon.de/apt/deconz" \
+  "http://phoscon.de/apt/deconz.pub.key" \
+  "http://phoscon.de/apt/deconz" \
  "generic"
 msg_ok "Setup Phoscon Repository"

 msg_info "Installing deConz"
-libssl=$(curl -fsSL --proto '=https' "https://security.ubuntu.com/ubuntu/pool/main/o/openssl/" | grep -o 'libssl1\.1_1\.1\.1f-1ubuntu2\.2[^"]*amd64\.deb' | head -n1)
-curl -fsSL --proto '=https' "https://security.ubuntu.com/ubuntu/pool/main/o/openssl/$libssl" -o "$libssl"
+libssl=$(curl -fsSL "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/" | grep -o 'libssl1\.1_1\.1\.1f-1ubuntu2\.2[^"]*amd64\.deb' | head -n1)
+curl -fsSL "http://security.ubuntu.com/ubuntu/pool/main/o/openssl/$libssl" -o "$libssl"
 $STD dpkg -i "$libssl"
 $STD apt install -y deconz
 rm -rf "$libssl"
@@ -88,7 +88,6 @@ $STD poetry self add poetry-plugin-export
 $STD poetry export -f requirements.txt --output requirements.txt --without-hashes
 $STD uv venv --clear
 $STD uv pip install -r requirements.txt
-$STD uv pip install pytz
 msg_ok "Setup Backend"

 msg_info "Creating Service"
@@ -17,7 +17,7 @@ msg_info "Installing Dependencies"
 $STD apt install -y build-essential python3-dev
 msg_ok "Installed Dependencies"

-NODE_VERSION="24" setup_nodejs
+NODE_VERSION="20" setup_nodejs

 msg_info "Installing FlowiseAI (Patience)"
 $STD npm install -g flowise \
@@ -15,7 +15,7 @@ update_os
 msg_info "Setup GlobaLeaks"
 DISTRO_CODENAME="$(awk -F= '/^VERSION_CODENAME=/{print $2}' /etc/os-release)"
 curl -fsSL https://deb.globaleaks.org/globaleaks.asc | gpg --dearmor -o /etc/apt/trusted.gpg.d/globaleaks.gpg
-echo "deb [signed-by=/etc/apt/trusted.gpg.d/globaleaks.gpg] https://deb.globaleaks.org $DISTRO_CODENAME/" >/etc/apt/sources.list.d/globaleaks.list
+echo "deb [signed-by=/etc/apt/trusted.gpg.d/globaleaks.gpg] http://deb.globaleaks.org $DISTRO_CODENAME/" >/etc/apt/sources.list.d/globaleaks.list
 echo 'APPARMOR_SANDBOXING=0' >/etc/default/globaleaks
 $STD apt update
 $STD apt -y -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold install globaleaks
@@ -149,13 +149,10 @@ msg_ok "Installed packages from Debian Testing repo"
 setup_uv
 PG_VERSION="16" PG_MODULES="pgvector" setup_postgresql

-ACTUAL_PG_VERSION=$(ls /etc/postgresql/ 2>/dev/null | sort -V | tail -1)
-ACTUAL_PG_VERSION=${ACTUAL_PG_VERSION:-16}
-
 VCHORD_RELEASE="0.5.3"
-fetch_and_deploy_gh_release "VectorChord" "tensorchord/VectorChord" "binary" "${VCHORD_RELEASE}" "/tmp" "postgresql-${ACTUAL_PG_VERSION}-vchord_*_amd64.deb"
+fetch_and_deploy_gh_release "VectorChord" "tensorchord/VectorChord" "binary" "${VCHORD_RELEASE}" "/tmp" "postgresql-16-vchord_*_amd64.deb"

-sed -i "s/^#shared_preload.*/shared_preload_libraries = 'vchord.so'/" /etc/postgresql/${ACTUAL_PG_VERSION}/main/postgresql.conf
+sed -i "s/^#shared_preload.*/shared_preload_libraries = 'vchord.so'/" /etc/postgresql/16/main/postgresql.conf
 systemctl restart postgresql.service
 PG_DB_NAME="immich" PG_DB_USER="immich" PG_DB_GRANT_SUPERUSER="true" PG_DB_SKIP_ALTER_ROLE="true" setup_postgresql_db

@@ -15,10 +15,6 @@ update_os

 fetch_and_deploy_gh_release "jackett" "Jackett/Jackett" "prebuild" "latest" "/opt/Jackett" "Jackett.Binaries.LinuxAMDx64.tar.gz"

-cat <<EOF >/opt/.env
-DisableRootWarning=true
-EOF
-
 msg_info "Creating Service"
 cat <<EOF >/etc/systemd/system/jackett.service
 [Unit]
@@ -1,58 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/matter-js/matterjs-server
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-NODE_VERSION="24" setup_nodejs
-
-msg_info "Installing MatterJS-Server"
-mkdir -p /opt/matter-server
-cd /opt/matter-server
-$STD npm install matter-server
-mkdir -p /var/lib/matterjs-server
-msg_ok "Installed MatterJS-Server"
-
-msg_info "Configuring Network"
-cat <<EOF >/etc/sysctl.d/60-ipv6-ra-rio.conf
-net.ipv6.conf.default.accept_ra=1
-net.ipv6.conf.default.accept_ra_rtr_pref=1
-net.ipv6.conf.default.accept_ra_rt_info_max_plen=64
-net.ipv6.conf.eth0.accept_ra=1
-net.ipv6.conf.eth0.accept_ra_rtr_pref=1
-net.ipv6.conf.eth0.accept_ra_rt_info_max_plen=64
-EOF
-$STD sysctl -p /etc/sysctl.d/60-ipv6-ra-rio.conf
-msg_ok "Configured Network"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/matterjs-server.service
-[Unit]
-Description=MatterJS Server
-After=network.target
-
-[Service]
-Type=simple
-User=root
-ExecStart=/usr/bin/node /opt/matter-server/node_modules/matter-server/dist/esm/MatterServer.js --storage-path /var/lib/matterjs-server
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now matterjs-server
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc
@@ -20,7 +20,7 @@ $STD apt install -y \
  mediainfo

 cat <<EOF >/etc/apt/sources.list.d/non-free.list
-deb https://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
+deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
 EOF
 $STD apt update
 $STD apt install -y unrar
@@ -23,6 +23,11 @@ msg_info "Starting Navidrome"
 systemctl enable -q --now navidrome
 msg_ok "Started Navidrome"

+read -p "${TAB3}Do you want to install filebrowser addon? (y/n) " -n 1 -r
+if [[ $REPLY =~ ^[Yy]$ ]]; then
+  bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/tools/addon/filebrowser.sh)"
+fi
+
 motd_ssh
 customize
 cleanup_lxc
@@ -15,7 +15,7 @@ update_os

 msg_info "Installing Dependencies"
 $STD apt install -y python3-lxml wkhtmltopdf
-curl -fsSL --proto '=https' "https://archive.ubuntu.com/ubuntu/pool/universe/l/lxml-html-clean/python3-lxml-html-clean_0.1.1-1_all.deb" -o /opt/python3-lxml-html-clean.deb
+curl -fsSL "http://archive.ubuntu.com/ubuntu/pool/universe/l/lxml-html-clean/python3-lxml-html-clean_0.1.1-1_all.deb" -o /opt/python3-lxml-html-clean.deb
 $STD dpkg -i /opt/python3-lxml-html-clean.deb
 msg_ok "Installed Dependencies"

@@ -69,13 +69,6 @@ if ! fetch_and_deploy_gh_release "ollama-com" "ollama/ollama" "prebuild" "latest
  msg_error "Failed to download or deploy Ollama – check network connectivity and GitHub API availability"
  exit 250
 fi
-# If /dev/kfd exists assume an AMD GPU is installed, and install ROCM support for ollama
-if [[ -e /dev/kfd ]]; then
-  if ! fetch_and_deploy_gh_release "ollama-rocm-com" "ollama/ollama" "prebuild" "latest" "$OLLAMA_INSTALL_DIR/lib" "ollama-linux-amd64-rocm.tar.zst"; then
-    msg_error "Failed to download or deploy Ollama AMD ROCM suport – check network connectivity and GitHub API availability"
-    exit 250
-  fi
-fi
 ln -sf "$OLLAMA_INSTALL_DIR/bin/ollama" "$BINDIR/ollama"
 msg_ok "Installed Ollama"

@@ -109,10 +102,6 @@ RestartSec=3
 [Install]
 WantedBy=multi-user.target
 EOF
-if [[ -e /dev/kfd ]]; then
-  sed -i '/Environment=OLLAMA_INTEL_GPU=true/a Environment=OLLAMA_IGPU_ENABLE=1' \
-      /etc/systemd/system/ollama.service
-fi
 systemctl enable -q --now ollama
 msg_ok "Created Service"

@@ -20,29 +20,13 @@ $STD apt install -y \
 msg_ok "Installed Dependencies"

 PG_VERSION="16" setup_postgresql
-
-msg_info "Setup Database"
-DB_NAME=onlyoffice
-DB_USER=onlyoffice_user
-DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)
-$STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';"
-$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCODING 'UTF8' TEMPLATE template0;"
-$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
-$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET default_transaction_isolation TO 'read committed';"
-$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET timezone TO 'UTC'"
-{
-  echo "ONLYOFFICE-Credentials"
-  echo "ONLYOFFICE Database User: $DB_USER"
-  echo "ONLYOFFICE Database Password: $DB_PASS"
-  echo "ONLYOFFICE Database Name: $DB_NAME"
-} >>~/onlyoffice.creds
-msg_ok "Set up Database"
+PG_DB_NAME="onlyoffice" PG_DB_USER="onlyoffice_user" setup_postgresql_db

 msg_info "Adding ONLYOFFICE GPG Key"
 GPG_TMP="/tmp/onlyoffice.gpg"
 KEY_URL="https://download.onlyoffice.com/GPG-KEY-ONLYOFFICE"
 TMP_KEY_CONTENT=$(mktemp)
-if curl -fsSL "$KEY_URL" -o "$TMP_KEY_CONTENT" && grep -q "BEGIN PGP PUBLIC KEY BLOCK" "$TMP_KEY_CONTENT"; then
+if curl_with_retry "$KEY_URL" "$TMP_KEY_CONTENT" && grep -q "BEGIN PGP PUBLIC KEY BLOCK" "$TMP_KEY_CONTENT"; then
  gpg --quiet --batch --yes --no-default-keyring --keyring "gnupg-ring:$GPG_TMP" --import "$TMP_KEY_CONTENT" >/dev/null 2>&1
  chmod 644 "$GPG_TMP"
  chown root:root "$GPG_TMP"
@@ -81,9 +65,6 @@ echo onlyoffice-documentserver onlyoffice/rabbitmq-pwd password $RMQ_PASS | debc
 echo onlyoffice-documentserver onlyoffice/jwt-enabled boolean true | debconf-set-selections
 echo onlyoffice-documentserver onlyoffice/jwt-secret password $JWT_SECRET | debconf-set-selections

-echo "RabbitMQ User: $RMQ_USER" >>~/onlyoffice.creds
-echo "RabbitMQ Password: $RMQ_PASS" >>~/onlyoffice.creds
-echo "JWT Secret: $JWT_SECRET" >>~/onlyoffice.creds
 {
  echo ""
  echo "ONLYOFFICE RabbitMQ Credentials"
@@ -1,7 +1,7 @@
 #!/usr/bin/env bash

 # Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ) | Co-Author: Tom Frenzel (tomfrenzel)
+# Author: MickLesk (CanbiZ)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://openthread.io/guides/border-router

@@ -39,19 +39,12 @@ msg_ok "Installed Dependencies"

 setup_nodejs

-RELEASE=$(get_latest_gh_tag "openthread/ot-br-posix")
-if [[ -z "$RELEASE" ]]; then
-  msg_error "Failed to fetch latest release tag"
-  exit 1
-fi
-
-msg_info "Fetching GitHub release OpenThread-BR (${RELEASE#v})"
+msg_info "Cloning OpenThread Border Router"
 # git clone is needed to fetch submodules, fetch_and_deploy_gh_release doesn't support this. We use --depth 1 to minimize the amount of data cloned, but it still may take a while.
-$STD git clone --depth 1 --branch "$RELEASE" https://github.com/openthread/ot-br-posix /opt/ot-br-posix
+$STD git clone --depth 1 https://github.com/openthread/ot-br-posix /opt/ot-br-posix
 cd /opt/ot-br-posix
 $STD git submodule update --depth 1 --init --recursive
-echo "${RELEASE#v}" > ~/.openthread-br
-msg_ok "Deployed GitHub release OpenThread-BR (${RELEASE#v})"
+msg_ok "Cloned OpenThread Border Router"

 msg_info "Building OpenThread Border Router (Patience)"
 mkdir -p build && cd build
@@ -64,7 +57,6 @@ $STD cmake -GNinja \
  -DOTBR_WEB=ON \
  -DOTBR_BORDER_ROUTING=ON \
  -DOTBR_BACKBONE_ROUTER=ON \
-  -DOTBR_SYSTEMD_UNIT_DIR=/etc/systemd/system \
  -DOT_FIREWALL=ON \
  -DOT_POSIX_NAT64_CIDR="192.168.255.0/24" \
  ..
@@ -1,162 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: Fabian Pulch (fpulch)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/paperclipai/paperclip
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  build-essential \
-  git \
-  ripgrep
-msg_ok "Installed Dependencies"
-
-NODE_VERSION="24" NODE_MODULE="pnpm" setup_nodejs
-PG_VERSION="17" setup_postgresql
-PG_DB_NAME="paperclip" PG_DB_USER="paperclip" setup_postgresql_db
-
-fetch_and_deploy_gh_release "paperclip-ai" "paperclipai/paperclip" "tarball"
-
-msg_info "Building Paperclip"
-cd /opt/paperclip-ai
-export HUSKY=0
-export NODE_OPTIONS="--max-old-space-size=8192"
-$STD pnpm install --frozen-lockfile
-$STD pnpm build
-unset NODE_OPTIONS
-msg_ok "Built Paperclip"
-
-msg_info "Installing Agent CLIs"
-$STD npm install -g \
-  @anthropic-ai/claude-code@latest \
-  @openai/codex@latest
-msg_ok "Installed Agent CLIs"
-
-msg_info "Configuring Paperclip"
-PAPERCLIP_HOME="/opt/paperclip-data"
-PAPERCLIP_CONFIG="${PAPERCLIP_HOME}/instances/default/config.json"
-
-mkdir -p /opt/paperclip-data
-mkdir -p /root/.claude /root/.codex
-BETTER_AUTH_SECRET=$(openssl rand -hex 32)
-cat <<EOF >/opt/paperclip-ai/.env
-DATABASE_URL=postgresql://${PG_DB_USER}:${PG_DB_PASS}@127.0.0.1:5432/${PG_DB_NAME}
-HOST=0.0.0.0
-PORT=3100
-SERVE_UI=true
-PAPERCLIP_HOME=${PAPERCLIP_HOME}
-PAPERCLIP_CONFIG=${PAPERCLIP_CONFIG}
-PAPERCLIP_INSTANCE_ID=default
-PAPERCLIP_DEPLOYMENT_MODE=authenticated
-PAPERCLIP_DEPLOYMENT_EXPOSURE=private
-PAPERCLIP_PUBLIC_URL=http://${LOCAL_IP}:3100
-BETTER_AUTH_SECRET=${BETTER_AUTH_SECRET}
-EOF
-msg_ok "Configured Paperclip"
-
-msg_info "Running Database Migrations"
-set -a && source /opt/paperclip-ai/.env && set +a
-$STD pnpm db:migrate
-msg_ok "Ran Database Migrations"
-
-msg_info "Bootstrapping Paperclip"
-PAPERCLIP_ONBOARD_LOG=/opt/paperclip-ai/paperclip-onboard.log
-PAPERCLIP_BOOTSTRAP_LOG=/opt/paperclip-ai/paperclip-bootstrap.log
-
-for PAPERCLIP_ONBOARD_CMD in \
-  "pnpm paperclipai onboard --yes --bind lan" \
-  "pnpm paperclipai onboard --yes"; do
-  rm -f "$PAPERCLIP_ONBOARD_LOG"
-  setsid env \
-    PAPERCLIP_HOME="$PAPERCLIP_HOME" \
-    PAPERCLIP_CONFIG="$PAPERCLIP_CONFIG" \
-    bash -c 'cd /opt/paperclip-ai && exec "$@"' _ $PAPERCLIP_ONBOARD_CMD \
-    >"$PAPERCLIP_ONBOARD_LOG" 2>&1 &
-  PAPERCLIP_ONBOARD_PID=$!
-  for _ in {1..60}; do
-    if [[ -f "$PAPERCLIP_CONFIG" ]]; then
-      break
-    fi
-    if ! kill -0 "$PAPERCLIP_ONBOARD_PID" 2>/dev/null; then
-      break
-    fi
-    sleep 2
-  done
-  if kill -0 "$PAPERCLIP_ONBOARD_PID" 2>/dev/null; then
-    kill -- -"${PAPERCLIP_ONBOARD_PID}" >/dev/null 2>&1 || true
-    wait "$PAPERCLIP_ONBOARD_PID" 2>/dev/null || true
-  fi
-  [[ -f "$PAPERCLIP_CONFIG" ]] && break
-  if ! grep -q "unknown option '--bind'" "$PAPERCLIP_ONBOARD_LOG"; then
-    break
-  fi
-  msg_info "Retrying Paperclip Onboarding"
-done
-
-if [[ ! -f "$PAPERCLIP_CONFIG" ]]; then
-  msg_error "Failed to bootstrap Paperclip"
-  exit 1
-fi
-
-if grep -q 'authenticated' $PAPERCLIP_CONFIG; then
-  pnpm paperclipai auth bootstrap-ceo >"$PAPERCLIP_BOOTSTRAP_LOG" 2>&1 || true
-  PAPERCLIP_INVITE_URL=$(awk -F'Invite URL: ' '/Invite URL:/ {print $2; exit}' "$PAPERCLIP_BOOTSTRAP_LOG")
-  PAPERCLIP_INVITE_EXPIRY=$(awk -F'Expires: ' '/Expires:/ {print $2; exit}' "$PAPERCLIP_BOOTSTRAP_LOG")
-  if [[ -n "$PAPERCLIP_INVITE_URL" ]]; then
-    cat <<EOF >>~/paperclip.creds
-
-Paperclip Admin Invite
-Invite URL: ${PAPERCLIP_INVITE_URL}
-Expires: ${PAPERCLIP_INVITE_EXPIRY}
-EOF
-    msg_ok "Generated Paperclip CEO Invite"
-    echo -e "${INFO}${YW} Open this invite URL to finish Paperclip admin setup:${CL}"
-    echo -e "${TAB}${GATEWAY}${BGN}${PAPERCLIP_INVITE_URL}${CL}"
-    [[ -n "$PAPERCLIP_INVITE_EXPIRY" ]] && echo -e "${TAB}${INFO}${YW}Invite expires: ${PAPERCLIP_INVITE_EXPIRY}${CL}"
-  else
-    msg_warn "Paperclip authenticated mode is enabled, but no CEO invite was generated automatically"
-  fi
-else
-  msg_info "Paperclip Bootstrapped in Local Trusted Mode"
-fi
-rm -f "$PAPERCLIP_ONBOARD_LOG" "$PAPERCLIP_BOOTSTRAP_LOG"
-msg_ok "Bootstrapped Paperclip"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/paperclip.service
-[Unit]
-Description=Paperclip
-After=network.target postgresql.service
-Requires=postgresql.service
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/paperclip-ai
-EnvironmentFile=/opt/paperclip-ai/.env
-Environment=HOME=/root
-Environment=CODEX_HOME=/root/.codex
-Environment=PATH=/root/.local/bin:/usr/local/bin:/usr/bin:/bin
-Environment=DISABLE_AUTOUPDATER=1
-ExecStart=/usr/bin/env pnpm paperclipai run
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now paperclip
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc
@@ -14,12 +14,11 @@ network_check
 update_os

 msg_info "Installing Proxmox Backup Server"
-setup_deb822_repo \
-  "proxmox-backup-server" \
-  "https://enterprise.proxmox.com/debian/proxmox-archive-keyring-trixie.gpg" \
-  "http://download.proxmox.com/debian/pbs" \
-  "trixie" \
-  "pbs-no-subscription"
+curl -fsSL "https://enterprise.proxmox.com/debian/proxmox-release-trixie.gpg" -o "/etc/apt/trusted.gpg.d/proxmox-release-trixie.gpg"
+cat <<EOF >>/etc/apt/sources.list
+deb http://download.proxmox.com/debian/pbs trixie pbs-no-subscription
+EOF
+$STD apt update
 export DEBIAN_FRONTEND=noninteractive
 export IFUPDOWN2_NO_IFRELOAD=1
 $STD apt install -y proxmox-backup-server
@@ -107,9 +107,9 @@ After=network.target postgresql.service chromium-printer.service
 Wants=postgresql.service chromium-printer.service

 [Service]
-WorkingDirectory=/opt/reactive-resume/apps/server
+WorkingDirectory=/opt/reactive-resume/apps/web
 EnvironmentFile=/opt/reactive-resume/.env
-ExecStart=/usr/bin/node dist/index.mjs
+ExecStart=/usr/bin/node .output/server/index.mjs
 Restart=always
 RestartSec=5

@@ -1,69 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: phof
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/spliit-app/spliit
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-PG_VERSION="16" setup_postgresql
-PG_DB_NAME="spliit" PG_DB_USER="spliit" setup_postgresql_db
-NODE_VERSION="22" setup_nodejs
-fetch_and_deploy_gh_release "spliit" "spliit-app/spliit" "tarball"
-
-msg_info "Configuring Application"
-cat <<EOF >/opt/spliit/.env
-POSTGRES_PRISMA_URL=postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}?schema=public
-POSTGRES_URL_NON_POOLING=postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}?schema=public
-NEXT_PUBLIC_DEFAULT_CURRENCY_CODE=
-NEXT_TELEMETRY_DISABLED=1
-NODE_ENV=production
-PORT=3000
-HOSTNAME=0.0.0.0
-EOF
-msg_ok "Configured Application"
-
-msg_info "Building Application"
-cd /opt/spliit
-$STD npm ci --ignore-scripts
-$STD npx prisma generate
-$STD npm run build
-msg_ok "Built Application"
-
-msg_info "Running Database Migrations"
-cd /opt/spliit
-$STD npx prisma migrate deploy
-msg_ok "Ran Database Migrations"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/spliit.service
-[Unit]
-Description=Spliit
-After=network.target postgresql.service
-Requires=postgresql.service
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/spliit
-EnvironmentFile=/opt/spliit/.env
-ExecStart=/usr/bin/npm run start
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now spliit
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc
@@ -1,61 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/tolgee/tolgee-platform
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-JAVA_VERSION="21" setup_java
-PG_VERSION="16" setup_postgresql
-PG_DB_NAME="tolgee" PG_DB_USER="tolgee" setup_postgresql_db
-
-fetch_and_deploy_gh_release "tolgee" "tolgee/tolgee-platform" "singlefile" "latest" "/opt/tolgee" "tolgee-*.jar"
-
-msg_info "Setting up Tolgee"
-mkdir -p /opt/tolgee_data
-find /opt/tolgee -maxdepth 1 -type f -name 'tolgee-*.jar' -exec mv {} /opt/tolgee/tolgee.jar \;
-
-cat <<EOF >/opt/tolgee_data/.env
-SERVER_PORT=8080
-TOLGEE_POSTGRES_AUTOSTART_ENABLED=false
-SPRING_DATASOURCE_URL=jdbc:postgresql://localhost:5432/${PG_DB_NAME}
-SPRING_DATASOURCE_USERNAME=${PG_DB_USER}
-SPRING_DATASOURCE_PASSWORD=${PG_DB_PASS}
-TOLGEE_AUTHENTICATION_ENABLED=true
-TOLGEE_AUTHENTICATION_INITIAL_USERNAME=admin
-TOLGEE_FILE_STORAGE_FS_DATA_PATH=/opt/tolgee_data
-EOF
-msg_ok "Set up Tolgee"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/tolgee.service
-[Unit]
-Description=Tolgee Service
-After=network.target
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/tolgee
-EnvironmentFile=/opt/tolgee_data/.env
-ExecStart=/usr/bin/java -jar /opt/tolgee/tolgee
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now tolgee
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc
@@ -1,71 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/pixlcore/xyops
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  build-essential \
-  python3 \
-  python3-setuptools \
-  pkg-config \
-  libssl-dev \
-  zlib1g-dev
-msg_ok "Installed Dependencies"
-
-NODE_VERSION="22" setup_nodejs
-
-fetch_and_deploy_gh_release "xyops" "pixlcore/xyops" "tarball"
-
-msg_info "Building Application"
-cd /opt/xyops
-$STD npm install
-$STD node bin/build.js dist
-chmod 644 /opt/xyops/node_modules/useragent-ng/lib/regexps.js
-msg_ok "Built Application"
-
-fetch_and_deploy_gh_release "xysat" "pixlcore/xysat" "tarball" "latest" "/opt/xyops/satellite"
-
-msg_info "Building xySat Satellite"
-cd /opt/xyops/satellite
-$STD npm install
-msg_ok "Built xySat Satellite"
-
-msg_info "Setting up Directories"
-mkdir -p /opt/xyops/data /opt/xyops/logs /opt/xyops/temp /opt/xyops/conf
-msg_ok "Set up Directories"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/xyops.service
-[Unit]
-Description=xyOps Task Scheduler and Server Monitor
-After=network.target
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/xyops
-Environment=XYOPS_foreground=1
-ExecStart=/usr/bin/node /opt/xyops/lib/main.js
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now xyops
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc
@@ -196,7 +196,7 @@ explain_exit_code() {
  103) echo "Validation: Shell is not Bash" ;;
  104) echo "Validation: Not running as root (or invoked via sudo)" ;;
  105) echo "Validation: Proxmox VE version not supported" ;;
-  106) echo "Validation: Unsupported architecture (requires amd64 or arm64)" ;;
+  106) echo "Validation: Architecture not supported (ARM / PiMox)" ;;
  107) echo "Validation: Kernel key parameters unreadable" ;;
  108) echo "Validation: Kernel key limits exceeded" ;;
  109) echo "Proxmox: No available container ID after max attempts" ;;
@@ -52,11 +52,6 @@ variables() {
  # as "/tmp/${NSAPP}-${CTID}-${SESSION_ID}.log" (requires CTID, not available here)
  CTTYPE="${CTTYPE:-${CT_TYPE:-1}}"

-  # ARM64 Template default variables
-  DEBIAN_DEFAULT_CODENAME="trixie"
-  UBUNTU_DEFAULT_CODENAME="noble"
-  ALPINE_DEFAULT_VERSION="3.23"
-
  # Parse dev_mode early
  parse_dev_mode

@@ -1941,7 +1936,7 @@ advanced_settings() {

    # ═══════════════════════════════════════════════════════════════════════════
    # STEP 2: Root Password
-    # ═══════════════════════════════════════════════════════════════════════════
+    # ════════════════════════════════════════���═══════════════════════════════���══
    2)
      if PW1=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
        --title "ROOT PASSWORD" \
@@ -3051,9 +3046,6 @@ echo_default() {
  echo -e "${DISKSIZE}${BOLD}${DGN}Disk Size: ${BGN}${DISK_SIZE} GB${CL}"
  echo -e "${CPUCORE}${BOLD}${DGN}CPU Cores: ${BGN}${CORE_COUNT}${CL}"
  echo -e "${RAMSIZE}${BOLD}${DGN}RAM Size: ${BGN}${RAM_SIZE} MiB${CL}"
-  if [[ "$(dpkg --print-architecture)" == "arm64" ]]; then
-    echo -e "${INFO}${BOLD}${DGN}Architecture: ${BGN}arm64${CL}"
-  fi
  if [[ -n "${var_gpu:-}" && "${var_gpu}" == "yes" ]]; then
    echo -e "${GPU}${BOLD}${DGN}GPU Passthrough: ${BGN}Enabled${CL}"
  fi
@@ -3090,9 +3082,7 @@ install_script() {
  pve_check
  shell_check
  root_check
-  ensure_whiptail
  arch_check
-  arm64_notice
  ssh_check
  maxkeys_check
  diagnostics_check
@@ -3992,7 +3982,7 @@ $PCT_OPTIONS_STRING"
      if [[ -d /dev/dri ]]; then
        # Only add if not already claimed by Intel
        if [[ ${#INTEL_DEVICES[@]} -eq 0 ]]; then
-          for d in /dev/dri/renderD* /dev/dri/card* /dev/kfd; do
+          for d in /dev/dri/renderD* /dev/dri/card*; do
            [[ -e "$d" ]] && AMD_DEVICES+=("$d")
          done
        fi
@@ -4365,23 +4355,19 @@ EOF
      msg_warn "Skipping timezone setup – zone '$tz' not found in container"
    fi

-    local _base_pkgs="sudo curl mc gnupg2 jq"
-    if [[ "${ARCH:-amd64}" == "arm64" ]]; then
-      _base_pkgs+=" openssh-server wget gcc"
-    fi
-
    # Detect broken DNS resolver (e.g. Tailscale MagicDNS) and inject public DNS
    if ! pct exec "$CTID" -- bash -c "getent hosts deb.debian.org >/dev/null 2>&1 && getent hosts archive.ubuntu.com >/dev/null 2>&1"; then
      msg_warn "APT repository DNS resolution failed in container, injecting public DNS servers"
      pct exec "$CTID" -- bash -c "echo -e 'nameserver 8.8.8.8\nnameserver 1.1.1.1' >/etc/resolv.conf"
    fi

-    pct exec "$CTID" -- bash -c "apt-get update 2>&1 && apt-get install -y ${_base_pkgs} 2>&1" >>"$BUILD_LOG" 2>&1 || {
+    pct exec "$CTID" -- bash -c "apt-get update 2>&1 && apt-get install -y sudo curl mc gnupg2 jq 2>&1" >>"$BUILD_LOG" 2>&1 || {
      local failed_mirror
      failed_mirror=$(pct exec "$CTID" -- bash -c "grep -m1 -oP '(?<=URIs: https?://)[^/]+' /etc/apt/sources.list.d/debian.sources 2>/dev/null || grep -m1 -oP '(?<=deb https?://)[^/]+' /etc/apt/sources.list 2>/dev/null" 2>/dev/null || echo "unknown")
      msg_warn "apt-get update failed (${failed_mirror}), trying alternate mirrors..."
      local mirror_exit=0
-      pct exec "$CTID" -- env APT_BASE="$_base_pkgs" bash -c '
+      pct exec "$CTID" -- bash -c '
+        APT_BASE="sudo curl mc gnupg2 jq"
        DISTRO=$(. /etc/os-release 2>/dev/null && echo "$ID" || echo "debian")

        if [ "$DISTRO" = "ubuntu" ]; then
@@ -4491,7 +4477,7 @@ EOF
              [ -f \"\$src\" ] && sed -i \"s|URIs: http[s]*://[^/]*/|URIs: http://${custom_mirror}/|g; s|deb http[s]*://[^/]*/|deb http://${custom_mirror}/|g\" \"\$src\"
            done
            rm -rf /var/lib/apt/lists/*
-            apt-get update >/dev/null 2>&1 && apt-get install -y ${_base_pkgs} >/dev/null 2>&1
+            apt-get update >/dev/null 2>&1 && apt-get install -y sudo curl mc gnupg2 jq >/dev/null 2>&1
          " && break
          msg_warn "Mirror '${custom_mirror}' also failed. Try another or type 'skip'."
        done
@@ -4531,9 +4517,7 @@ EOF
    # that sends "configuring" status AFTER the host already reported "failed"
    export CONTAINER_INSTALLING=true

-    local _install_script
-    _install_script="$(curl -fsSL "https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/install/${var_install}.sh")"
-    lxc-attach -n "$CTID" -- bash -c "$_install_script"
+    lxc-attach -n "$CTID" -- bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/install/${var_install}.sh)"
    local lxc_exit=$?

    unset CONTAINER_INSTALLING
@@ -4928,9 +4912,7 @@ EOF
          # Re-run install script in existing container (don't destroy/recreate)
          set +Eeuo pipefail
          trap - ERR
-          local _install_script
-          _install_script="$(curl -fsSL "https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/install/${var_install}.sh")"
-          lxc-attach -n "$CTID" -- bash -c "$_install_script"
+          lxc-attach -n "$CTID" -- bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/install/${var_install}.sh)"
          local apt_retry_exit=$?
          set -Eeuo pipefail
          trap 'error_handler' ERR
@@ -5688,56 +5670,6 @@ create_lxc_container() {
    esac
  }

-  ARCH="$(dpkg --print-architecture)"
-
-  # Maps OS type + version to the release variant name used by ARM64 template sources.
-  arm64_template_variant() {
-    case "$1:$2" in
-      debian:12) echo "bookworm" ;;
-      debian:13) echo "trixie" ;;
-      debian:) echo "$DEBIAN_DEFAULT_CODENAME" ;;
-
-      ubuntu:24.04) echo "noble" ;;
-      ubuntu:26.04) echo "questing" ;;
-      ubuntu:) echo "$UBUNTU_DEFAULT_CODENAME" ;;
-
-      alpine:*) echo "${2:-$ALPINE_DEFAULT_VERSION}" ;;
-
-      *) return 1 ;;
-    esac
-  }
-
-  # Downloads an ARM64 LXC rootfs template from jenkins.linuxcontainers.org.
-  download_arm64_template() {
-    local dest="$1" url
-
-    mkdir -p "$(dirname "$dest")" || {
-      msg_error "Cannot create template dir."
-      exit 207
-    }
-
-    url="https://jenkins.linuxcontainers.org/job/image-${PCT_OSTYPE}/architecture=arm64,release=${CUSTOM_TEMPLATE_VARIANT},variant=default/lastStableBuild/artifact/rootfs.tar.xz"
-
-    msg_info "Downloading ${PCT_OSTYPE^} ${CUSTOM_TEMPLATE_VARIANT} ARM64 template"
-    if ! curl -fsSL -o "$dest" "$url"; then
-      msg_error "Failed to download ARM64 template from: $url"
-      exit 208
-    fi
-    msg_ok "Downloaded ARM64 LXC template"
-  }
-
-  download_template() {
-    local dest="${1:-$TEMPLATE_PATH}"
-    if [[ "$ARCH" == "arm64" ]]; then
-      download_arm64_template "$dest"
-    else
-      pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1 || {
-        msg_error "Failed to download template '$TEMPLATE' to storage '$TEMPLATE_STORAGE'"
-        exit 222
-      }
-    fi
-  }
-
  # ------------------------------------------------------------------------------
  # Required input variables
  # ------------------------------------------------------------------------------
@@ -5904,120 +5836,153 @@ create_lxc_container() {
  # ------------------------------------------------------------------------------
  # Template discovery & validation
  # ------------------------------------------------------------------------------
-  CUSTOM_TEMPLATE_VARIANT=""
+  TEMPLATE_SEARCH="${PCT_OSTYPE}-${PCT_OSVERSION:-}"
+  case "$PCT_OSTYPE" in
+  debian | ubuntu) TEMPLATE_PATTERN="-standard_" ;;
+  alpine | fedora | rocky | centos) TEMPLATE_PATTERN="-default_" ;;
+  *) TEMPLATE_PATTERN="" ;;
+  esac

-  if [[ "$ARCH" == "arm64" ]]; then
-    # ARM64: use custom template download from linuxcontainers.org / GitHub
-    msg_info "Preparing ARM64 template"
+  msg_info "Searching for template '$TEMPLATE_SEARCH'"

-    CUSTOM_TEMPLATE_VARIANT=$(arm64_template_variant "$PCT_OSTYPE" "${PCT_OSVERSION:-}") || {
-      msg_error "No ARM64 template mapping for ${PCT_OSTYPE} ${PCT_OSVERSION:-latest}"
-      exit 207
-    }
+  # Initialize variables
+  ONLINE_TEMPLATE=""
+  ONLINE_TEMPLATES=()

-    TEMPLATE="${PCT_OSTYPE}-${CUSTOM_TEMPLATE_VARIANT}-rootfs.tar.xz"
-    TEMPLATE_SOURCE="custom-arm64"
-
-    # Resolve template path
-    TEMPLATE_PATH="$(pvesm path "${TEMPLATE_STORAGE}:vztmpl/${TEMPLATE}" 2>/dev/null || true)"
-    if [[ -z "$TEMPLATE_PATH" ]]; then
-      local _tpl_base
-      _tpl_base=$(awk -v s="$TEMPLATE_STORAGE" '
-        $0 ~ "^[^:]+:[[:space:]]*" s "$" {f=1; next}
-        f && /^[^[:space:]]/ {f=0}
-        f && $1 == "path" {print $2; exit}
-      ' /etc/pve/storage.cfg)
-      TEMPLATE_PATH="${_tpl_base:-/var/lib/vz}/template/cache/$TEMPLATE"
-    fi
-
-    # Download if missing, too small, or corrupt
-    if [[ ! -f "$TEMPLATE_PATH" ]]; then
-      download_arm64_template "$TEMPLATE_PATH"
-    elif [[ "$(stat -c%s "$TEMPLATE_PATH")" -lt 1000000 ]] || ! tar -tf "$TEMPLATE_PATH" &>/dev/null; then
-      msg_warn "Local template invalid - re-downloading."
-      rm -f "$TEMPLATE_PATH"
-      download_arm64_template "$TEMPLATE_PATH"
-    else
-      msg_ok "Template ${BL}$TEMPLATE${CL} found locally."
-    fi
+  # Step 1: Check local templates first (instant)
+  mapfile -t LOCAL_TEMPLATES < <(
+    pveam list "$TEMPLATE_STORAGE" 2>/dev/null |
+      awk -v search="${TEMPLATE_SEARCH}" -v pattern="${TEMPLATE_PATTERN}" '$1 ~ search && $1 ~ pattern {print $1}' |
+      sed 's|.*/||' | sort -t - -k 2 -V
+  )

+  # Step 2: If local template found, use it immediately (skip pveam update)
+  if [[ ${#LOCAL_TEMPLATES[@]} -gt 0 ]]; then
+    TEMPLATE="${LOCAL_TEMPLATES[-1]}"
+    TEMPLATE_SOURCE="local"
+    msg_ok "Template search completed"
  else
-    TEMPLATE_SEARCH="${PCT_OSTYPE}-${PCT_OSVERSION:-}"
-    case "$PCT_OSTYPE" in
-    debian | ubuntu) TEMPLATE_PATTERN="-standard_" ;;
-    alpine | fedora | rocky | centos) TEMPLATE_PATTERN="-default_" ;;
-    *) TEMPLATE_PATTERN="" ;;
-    esac
+    # Step 3: No local template - need to check online (this may be slow)
+    msg_info "No local template found, checking online catalog..."

-    msg_info "Searching for template '$TEMPLATE_SEARCH'"
+    # Update catalog with timeout to prevent long hangs
+    if command -v timeout &>/dev/null; then
+      if ! timeout 30 pveam update >/dev/null 2>&1; then
+        msg_warn "Template catalog update timed out (possible network/DNS issue). Run 'pveam update' manually to diagnose."
+      fi
+    else
+      pveam update >/dev/null 2>&1 || msg_warn "Could not update template catalog (pveam update failed)"
+    fi

-    # Initialize variables
-    ONLINE_TEMPLATE=""
    ONLINE_TEMPLATES=()
+    mapfile -t ONLINE_TEMPLATES < <(pveam available -section system 2>/dev/null | grep -E '\.(tar\.zst|tar\.xz|tar\.gz)$' | awk '{print $2}' | grep -E "^${TEMPLATE_SEARCH}.*${TEMPLATE_PATTERN}" | sort -t - -k 2 -V 2>/dev/null || true)
+    [[ ${#ONLINE_TEMPLATES[@]} -gt 0 ]] && ONLINE_TEMPLATE="${ONLINE_TEMPLATES[-1]}"

-    # Step 1: Check local templates first (instant)
-    mapfile -t LOCAL_TEMPLATES < <(
-      pveam list "$TEMPLATE_STORAGE" 2>/dev/null |
-        awk -v search="${TEMPLATE_SEARCH}" -v pattern="${TEMPLATE_PATTERN}" '$1 ~ search && $1 ~ pattern {print $1}' |
-        sed 's|.*/||' | sort -t - -k 2 -V
+    TEMPLATE="$ONLINE_TEMPLATE"
+    TEMPLATE_SOURCE="online"
+    msg_ok "Template search completed"
+  fi
+
+  # If still no template, try to find alternatives
+  if [[ -z "$TEMPLATE" ]]; then
+    msg_warn "No template found for ${PCT_OSTYPE} ${PCT_OSVERSION}, searching for alternatives..."
+
+    # Get all available versions for this OS type
+    AVAILABLE_VERSIONS=()
+    mapfile -t AVAILABLE_VERSIONS < <(
+      pveam available -section system 2>/dev/null |
+        grep -E '\.(tar\.zst|tar\.xz|tar\.gz)$' |
+        awk -F'\t' '{print $1}' |
+        grep "^${PCT_OSTYPE}-" |
+        sed -E "s/.*${PCT_OSTYPE}-([0-9]+(\.[0-9]+)?).*/\1/" |
+        sort -u -V 2>/dev/null
    )

-    # Step 2: If local template found, use it immediately (skip pveam update)
-    if [[ ${#LOCAL_TEMPLATES[@]} -gt 0 ]]; then
-      TEMPLATE="${LOCAL_TEMPLATES[-1]}"
-      TEMPLATE_SOURCE="local"
-      msg_ok "Template search completed"
-    else
-      # Step 3: No local template - need to check online (this may be slow)
-      msg_info "No local template found, checking online catalog..."
+    if [[ ${#AVAILABLE_VERSIONS[@]} -gt 0 ]]; then
+      echo ""
+      echo "${BL}Available ${PCT_OSTYPE} versions:${CL}"
+      for i in "${!AVAILABLE_VERSIONS[@]}"; do
+        echo "  [$((i + 1))] ${AVAILABLE_VERSIONS[$i]}"
+      done
+      echo ""
+      read -p "Select version [1-${#AVAILABLE_VERSIONS[@]}] or press Enter to cancel: " choice </dev/tty

-      # Update catalog with timeout to prevent long hangs
-      if command -v timeout &>/dev/null; then
-        if ! timeout 30 pveam update >/dev/null 2>&1; then
-          msg_warn "Template catalog update timed out (possible network/DNS issue). Run 'pveam update' manually to diagnose."
+      if [[ "$choice" =~ ^[0-9]+$ ]] && [[ "$choice" -ge 1 ]] && [[ "$choice" -le ${#AVAILABLE_VERSIONS[@]} ]]; then
+        PCT_OSVERSION="${AVAILABLE_VERSIONS[$((choice - 1))]}"
+        TEMPLATE_SEARCH="${PCT_OSTYPE}-${PCT_OSVERSION}"
+
+        ONLINE_TEMPLATES=()
+        mapfile -t ONLINE_TEMPLATES < <(
+          pveam available -section system 2>/dev/null |
+            grep -E '\.(tar\.zst|tar\.xz|tar\.gz)$' |
+            awk '{print $2}' |
+            grep -E "^${TEMPLATE_SEARCH}-.*${TEMPLATE_PATTERN}" |
+            sort -t - -k 2 -V 2>/dev/null || true
+        )
+
+        if [[ ${#ONLINE_TEMPLATES[@]} -gt 0 ]]; then
+          TEMPLATE="${ONLINE_TEMPLATES[-1]}"
+          TEMPLATE_SOURCE="online"
+        else
+          msg_error "No templates available for ${PCT_OSTYPE} ${PCT_OSVERSION}"
+          exit 225
        fi
      else
-        pveam update >/dev/null 2>&1 || msg_warn "Could not update template catalog (pveam update failed)"
+        msg_custom "🚫" "${YW}" "Installation cancelled"
+        exit 0
      fi
-
-      ONLINE_TEMPLATES=()
-      mapfile -t ONLINE_TEMPLATES < <(pveam available -section system 2>/dev/null | grep -E '\.(tar\.zst|tar\.xz|tar\.gz)$' | awk '{print $2}' | grep -E "^${TEMPLATE_SEARCH}.*${TEMPLATE_PATTERN}" | sort -t - -k 2 -V 2>/dev/null || true)
-      [[ ${#ONLINE_TEMPLATES[@]} -gt 0 ]] && ONLINE_TEMPLATE="${ONLINE_TEMPLATES[-1]}"
-
-      TEMPLATE="$ONLINE_TEMPLATE"
-      TEMPLATE_SOURCE="online"
-      msg_ok "Template search completed"
+    else
+      msg_error "No ${PCT_OSTYPE} templates available at all"
+      exit 225
    fi
+  fi

-    # If still no template, try to find alternatives
+  TEMPLATE_PATH="$(pvesm path $TEMPLATE_STORAGE:vztmpl/$TEMPLATE 2>/dev/null || true)"
+  if [[ -z "$TEMPLATE_PATH" ]]; then
+    TEMPLATE_BASE=$(awk -v s="$TEMPLATE_STORAGE" '$1==s {f=1} f && /path/ {print $2; exit}' /etc/pve/storage.cfg)
+    [[ -n "$TEMPLATE_BASE" ]] && TEMPLATE_PATH="$TEMPLATE_BASE/template/cache/$TEMPLATE"
+  fi
+
+  # If we still don't have a path but have a valid template name, construct it
+  if [[ -z "$TEMPLATE_PATH" && -n "$TEMPLATE" ]]; then
+    TEMPLATE_PATH="/var/lib/vz/template/cache/$TEMPLATE"
+  fi
+
+  [[ -n "$TEMPLATE_PATH" ]] || {
    if [[ -z "$TEMPLATE" ]]; then
-      msg_warn "No template found for ${PCT_OSTYPE} ${PCT_OSVERSION}, searching for alternatives..."
+      msg_error "Template ${PCT_OSTYPE} ${PCT_OSVERSION} not available"

-      # Get all available versions for this OS type
-      AVAILABLE_VERSIONS=()
+      # Get available versions
      mapfile -t AVAILABLE_VERSIONS < <(
        pveam available -section system 2>/dev/null |
-          grep -E '\.(tar\.zst|tar\.xz|tar\.gz)$' |
-          awk -F'\t' '{print $1}' |
          grep "^${PCT_OSTYPE}-" |
-          sed -E "s/.*${PCT_OSTYPE}-([0-9]+(\.[0-9]+)?).*/\1/" |
-          sort -u -V 2>/dev/null
+          sed -E 's/.*'"${PCT_OSTYPE}"'-([0-9]+\.[0-9]+).*/\1/' |
+          grep -E '^[0-9]+\.[0-9]+$' |
+          sort -u -V 2>/dev/null || sort -u
      )

      if [[ ${#AVAILABLE_VERSIONS[@]} -gt 0 ]]; then
-        echo ""
-        echo "${BL}Available ${PCT_OSTYPE} versions:${CL}"
+        echo -e "\n${BL}Available versions:${CL}"
        for i in "${!AVAILABLE_VERSIONS[@]}"; do
          echo "  [$((i + 1))] ${AVAILABLE_VERSIONS[$i]}"
        done
+
        echo ""
-        read -p "Select version [1-${#AVAILABLE_VERSIONS[@]}] or press Enter to cancel: " choice </dev/tty
+        read -p "Select version [1-${#AVAILABLE_VERSIONS[@]}] or Enter to exit: " choice </dev/tty

        if [[ "$choice" =~ ^[0-9]+$ ]] && [[ "$choice" -ge 1 ]] && [[ "$choice" -le ${#AVAILABLE_VERSIONS[@]} ]]; then
-          PCT_OSVERSION="${AVAILABLE_VERSIONS[$((choice - 1))]}"
-          TEMPLATE_SEARCH="${PCT_OSTYPE}-${PCT_OSVERSION}"
+          export var_version="${AVAILABLE_VERSIONS[$((choice - 1))]}"
+          export PCT_OSVERSION="$var_version"
+          msg_ok "Switched to ${PCT_OSTYPE} ${var_version}"

-          ONLINE_TEMPLATES=()
+          # Retry template search with new version
+          TEMPLATE_SEARCH="${PCT_OSTYPE}-${PCT_OSVERSION:-}"
+
+          mapfile -t LOCAL_TEMPLATES < <(
+            pveam list "$TEMPLATE_STORAGE" 2>/dev/null |
+              awk -v search="${TEMPLATE_SEARCH}-" -v pattern="${TEMPLATE_PATTERN}" '$1 ~ search && $1 ~ pattern {print $1}' |
+              sed 's|.*/||' | sort -t - -k 2 -V
+          )
          mapfile -t ONLINE_TEMPLATES < <(
            pveam available -section system 2>/dev/null |
              grep -E '\.(tar\.zst|tar\.xz|tar\.gz)$' |
@@ -6025,181 +5990,109 @@ create_lxc_container() {
              grep -E "^${TEMPLATE_SEARCH}-.*${TEMPLATE_PATTERN}" |
              sort -t - -k 2 -V 2>/dev/null || true
          )
+          ONLINE_TEMPLATE=""
+          [[ ${#ONLINE_TEMPLATES[@]} -gt 0 ]] && ONLINE_TEMPLATE="${ONLINE_TEMPLATES[-1]}"

-          if [[ ${#ONLINE_TEMPLATES[@]} -gt 0 ]]; then
-            TEMPLATE="${ONLINE_TEMPLATES[-1]}"
-            TEMPLATE_SOURCE="online"
+          if [[ ${#LOCAL_TEMPLATES[@]} -gt 0 ]]; then
+            TEMPLATE="${LOCAL_TEMPLATES[-1]}"
+            TEMPLATE_SOURCE="local"
          else
-            msg_error "No templates available for ${PCT_OSTYPE} ${PCT_OSVERSION}"
-            exit 225
+            TEMPLATE="$ONLINE_TEMPLATE"
+            TEMPLATE_SOURCE="online"
          fi
+
+          TEMPLATE_PATH="$(pvesm path $TEMPLATE_STORAGE:vztmpl/$TEMPLATE 2>/dev/null || true)"
+          if [[ -z "$TEMPLATE_PATH" ]]; then
+            TEMPLATE_BASE=$(awk -v s="$TEMPLATE_STORAGE" '$1==s {f=1} f && /path/ {print $2; exit}' /etc/pve/storage.cfg)
+            [[ -n "$TEMPLATE_BASE" ]] && TEMPLATE_PATH="$TEMPLATE_BASE/template/cache/$TEMPLATE"
+          fi
+
+          # If we still don't have a path but have a valid template name, construct it
+          if [[ -z "$TEMPLATE_PATH" && -n "$TEMPLATE" ]]; then
+            TEMPLATE_PATH="/var/lib/vz/template/cache/$TEMPLATE"
+          fi
+
+          [[ -n "$TEMPLATE_PATH" ]] || {
+            msg_error "Template still not found after version change"
+            exit 220
+          }
        else
          msg_custom "🚫" "${YW}" "Installation cancelled"
          exit 0
        fi
      else
        msg_error "No ${PCT_OSTYPE} templates available"
-        exit 225
+        exit 220
      fi
    fi
+  }

-    TEMPLATE_PATH="$(pvesm path $TEMPLATE_STORAGE:vztmpl/$TEMPLATE 2>/dev/null || true)"
-    if [[ -z "$TEMPLATE_PATH" ]]; then
-      TEMPLATE_BASE=$(awk -v s="$TEMPLATE_STORAGE" '$1==s {f=1} f && /path/ {print $2; exit}' /etc/pve/storage.cfg)
-      [[ -n "$TEMPLATE_BASE" ]] && TEMPLATE_PATH="$TEMPLATE_BASE/template/cache/$TEMPLATE"
-    fi
+  # Validate that we found a template
+  if [[ -z "$TEMPLATE" ]]; then
+    msg_error "No template found for ${PCT_OSTYPE} ${PCT_OSVERSION}"
+    msg_custom "ℹ️" "${YW}" "Please check:"
+    msg_custom "  •" "${YW}" "Is pveam catalog available? (run: pveam available -section system)"
+    msg_custom "  •" "${YW}" "Does the template exist for your OS version?"
+    exit 225
+  fi

-    # If we still don't have a path but have a valid template name, construct it
-    if [[ -z "$TEMPLATE_PATH" && -n "$TEMPLATE" ]]; then
-      TEMPLATE_PATH="/var/lib/vz/template/cache/$TEMPLATE"
-    fi
+  msg_ok "Template ${BL}$TEMPLATE${CL} [$TEMPLATE_SOURCE]"
+  msg_debug "Resolved TEMPLATE_PATH=$TEMPLATE_PATH"

-    [[ -n "$TEMPLATE_PATH" ]] || {
-      if [[ -z "$TEMPLATE" ]]; then
-        msg_error "Template ${PCT_OSTYPE} ${PCT_OSVERSION} not available"
-
-        # Get available versions
-        mapfile -t AVAILABLE_VERSIONS < <(
-          pveam available -section system 2>/dev/null |
-            grep "^${PCT_OSTYPE}-" |
-            sed -E 's/.*'"${PCT_OSTYPE}"'-([0-9]+\.[0-9]+).*/\1/' |
-            grep -E '^[0-9]+\.[0-9]+$' |
-            sort -u -V 2>/dev/null || sort -u
-        )
-
-        if [[ ${#AVAILABLE_VERSIONS[@]} -gt 0 ]]; then
-          echo -e "\n${BL}Available versions:${CL}"
-          for i in "${!AVAILABLE_VERSIONS[@]}"; do
-            echo "  [$((i + 1))] ${AVAILABLE_VERSIONS[$i]}"
-          done
-
-          echo ""
-          read -p "Select version [1-${#AVAILABLE_VERSIONS[@]}] or press Enter to exit: " choice </dev/tty
-
-          if [[ "$choice" =~ ^[0-9]+$ ]] && [[ "$choice" -ge 1 ]] && [[ "$choice" -le ${#AVAILABLE_VERSIONS[@]} ]]; then
-            export var_version="${AVAILABLE_VERSIONS[$((choice - 1))]}"
-            export PCT_OSVERSION="$var_version"
-            msg_ok "Switched to ${PCT_OSTYPE} ${var_version}"
-
-            # Retry template search with new version
-            TEMPLATE_SEARCH="${PCT_OSTYPE}-${PCT_OSVERSION:-}"
-
-            mapfile -t LOCAL_TEMPLATES < <(
-              pveam list "$TEMPLATE_STORAGE" 2>/dev/null |
-                awk -v search="${TEMPLATE_SEARCH}-" -v pattern="${TEMPLATE_PATTERN}" '$1 ~ search && $1 ~ pattern {print $1}' |
-                sed 's|.*/||' | sort -t - -k 2 -V
-            )
-            mapfile -t ONLINE_TEMPLATES < <(
-              pveam available -section system 2>/dev/null |
-                grep -E '\.(tar\.zst|tar\.xz|tar\.gz)$' |
-                awk '{print $2}' |
-                grep -E "^${TEMPLATE_SEARCH}-.*${TEMPLATE_PATTERN}" |
-                sort -t - -k 2 -V 2>/dev/null || true
-            )
-            ONLINE_TEMPLATE=""
-            [[ ${#ONLINE_TEMPLATES[@]} -gt 0 ]] && ONLINE_TEMPLATE="${ONLINE_TEMPLATES[-1]}"
-
-            if [[ ${#LOCAL_TEMPLATES[@]} -gt 0 ]]; then
-              TEMPLATE="${LOCAL_TEMPLATES[-1]}"
-              TEMPLATE_SOURCE="local"
-            else
-              TEMPLATE="$ONLINE_TEMPLATE"
-              TEMPLATE_SOURCE="online"
-            fi
-
-            TEMPLATE_PATH="$(pvesm path $TEMPLATE_STORAGE:vztmpl/$TEMPLATE 2>/dev/null || true)"
-            if [[ -z "$TEMPLATE_PATH" ]]; then
-              TEMPLATE_BASE=$(awk -v s="$TEMPLATE_STORAGE" '$1==s {f=1} f && /path/ {print $2; exit}' /etc/pve/storage.cfg)
-              [[ -n "$TEMPLATE_BASE" ]] && TEMPLATE_PATH="$TEMPLATE_BASE/template/cache/$TEMPLATE"
-            fi
-
-            # If we still don't have a path but have a valid template name, construct it
-            if [[ -z "$TEMPLATE_PATH" && -n "$TEMPLATE" ]]; then
-              TEMPLATE_PATH="/var/lib/vz/template/cache/$TEMPLATE"
-            fi
-
-            [[ -n "$TEMPLATE_PATH" ]] || {
-              msg_error "Template still not found after version change"
-              exit 220
-            }
-          else
-            msg_custom "🚫" "${YW}" "Installation cancelled"
-            exit 0
-          fi
-        else
-          msg_error "No ${PCT_OSTYPE} templates available"
-          exit 220
-        fi
-      fi
-    }
-
-    # Validate that we found a template
-    if [[ -z "$TEMPLATE" ]]; then
-      msg_error "No template found for ${PCT_OSTYPE} ${PCT_OSVERSION}"
-      msg_custom "ℹ️" "${YW}" "Please check:"
-      msg_custom "  •" "${YW}" "Is pveam catalog available? (run: pveam available -section system)"
-      msg_custom "  •" "${YW}" "Does the template exist for your OS version?"
-      exit 225
-    fi
-
-    msg_ok "Template ${BL}$TEMPLATE${CL} [$TEMPLATE_SOURCE]"
-    msg_debug "Resolved TEMPLATE_PATH=$TEMPLATE_PATH"
-
-    NEED_DOWNLOAD=0
-    if [[ ! -f "$TEMPLATE_PATH" ]]; then
-      msg_info "Template not present locally, will download it."
+  NEED_DOWNLOAD=0
+  if [[ ! -f "$TEMPLATE_PATH" ]]; then
+    msg_info "Template not present locally – will download."
+    NEED_DOWNLOAD=1
+  elif [[ ! -r "$TEMPLATE_PATH" ]]; then
+    msg_error "Template file exists but is not readable – check permissions."
+    exit 221
+  elif [[ "$(stat -c%s "$TEMPLATE_PATH")" -lt 1000000 ]]; then
+    if [[ -n "$ONLINE_TEMPLATE" ]]; then
+      msg_warn "Template file too small (<1MB) – re-downloading."
      NEED_DOWNLOAD=1
-    elif [[ ! -r "$TEMPLATE_PATH" ]]; then
-      msg_error "Template file exists but is not readable, check permissions."
-      exit 221
-    elif [[ "$(stat -c%s "$TEMPLATE_PATH")" -lt 1000000 ]]; then
-      if [[ -n "$ONLINE_TEMPLATE" ]]; then
-        msg_warn "Template file too small (<1MB), re-downloading."
-        NEED_DOWNLOAD=1
-      else
-        msg_warn "Template looks too small, but no online version exists. Keeping local file."
-      fi
-    elif ! tar -tf "$TEMPLATE_PATH" &>/dev/null; then
-      if [[ -n "$ONLINE_TEMPLATE" ]]; then
-        msg_warn "Template appears corrupted, re-downloading."
-        NEED_DOWNLOAD=1
-      else
-        msg_warn "Template appears corrupted, but no online version exists. Keeping local file."
-      fi
    else
-      $STD msg_ok "Template $TEMPLATE is present and valid."
+      msg_warn "Template looks too small, but no online version exists. Keeping local file."
    fi
+  elif ! tar -tf "$TEMPLATE_PATH" &>/dev/null; then
+    if [[ -n "$ONLINE_TEMPLATE" ]]; then
+      msg_warn "Template appears corrupted – re-downloading."
+      NEED_DOWNLOAD=1
+    else
+      msg_warn "Template appears corrupted, but no online version exists. Keeping local file."
+    fi
+  else
+    $STD msg_ok "Template $TEMPLATE is present and valid."
+  fi

-    if [[ "$TEMPLATE_SOURCE" == "local" && -n "$ONLINE_TEMPLATE" && "$TEMPLATE" != "$ONLINE_TEMPLATE" ]]; then
-      msg_warn "Local template is outdated: $TEMPLATE (latest available: $ONLINE_TEMPLATE)"
-      if whiptail --yesno "A newer template is available:\n$ONLINE_TEMPLATE\n\nDo you want to download and use it instead?" 12 70; then
-        TEMPLATE="$ONLINE_TEMPLATE"
-        NEED_DOWNLOAD=1
-      else
-        msg_custom "ℹ️" "${BL}" "Continuing with local template $TEMPLATE"
+  if [[ "$TEMPLATE_SOURCE" == "local" && -n "$ONLINE_TEMPLATE" && "$TEMPLATE" != "$ONLINE_TEMPLATE" ]]; then
+    msg_warn "Local template is outdated: $TEMPLATE (latest available: $ONLINE_TEMPLATE)"
+    if whiptail --yesno "A newer template is available:\n$ONLINE_TEMPLATE\n\nDo you want to download and use it instead?" 12 70; then
+      TEMPLATE="$ONLINE_TEMPLATE"
+      NEED_DOWNLOAD=1
+    else
+      msg_custom "ℹ️" "${BL}" "Continuing with local template $TEMPLATE"
+    fi
+  fi
+
+  if [[ "$NEED_DOWNLOAD" -eq 1 ]]; then
+    [[ -f "$TEMPLATE_PATH" ]] && rm -f "$TEMPLATE_PATH"
+    for attempt in {1..3}; do
+      msg_info "Attempt $attempt: Downloading template $TEMPLATE to $TEMPLATE_STORAGE"
+      if pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1; then
+        msg_ok "Template download successful."
+        break
      fi
-    fi
+      if [[ $attempt -eq 3 ]]; then
+        msg_error "Failed after 3 attempts. Please check network access, permissions, or manually run:\n  pveam download $TEMPLATE_STORAGE $TEMPLATE"
+        exit 222
+      fi
+      sleep $((attempt * 5))
+    done
+  fi

-    if [[ "$NEED_DOWNLOAD" -eq 1 ]]; then
-      [[ -f "$TEMPLATE_PATH" ]] && rm -f "$TEMPLATE_PATH"
-      for attempt in {1..3}; do
-        msg_info "Attempt $attempt: Downloading template $TEMPLATE to $TEMPLATE_STORAGE"
-        if pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1; then
-          msg_ok "Template download successful."
-          break
-        fi
-        if [[ $attempt -eq 3 ]]; then
-          msg_error "Failed after 3 attempts. Please check network access, permissions, or manually run:\n  pveam download $TEMPLATE_STORAGE $TEMPLATE"
-          exit 222
-        fi
-        sleep $((attempt * 5))
-      done
-    fi
-
-    if ! pveam list "$TEMPLATE_STORAGE" 2>/dev/null | grep -q "$TEMPLATE"; then
-      msg_error "Template $TEMPLATE not available in storage $TEMPLATE_STORAGE after download."
-      exit 223
-    fi
+  if ! pveam list "$TEMPLATE_STORAGE" 2>/dev/null | grep -q "$TEMPLATE"; then
+    msg_error "Template $TEMPLATE not available in storage $TEMPLATE_STORAGE after download."
+    exit 223
  fi

  # ------------------------------------------------------------------------------
@@ -6276,15 +6169,21 @@ create_lxc_container() {

  # Validate template before pct create (while holding lock)
  if [[ ! -s "$TEMPLATE_PATH" || "$(stat -c%s "$TEMPLATE_PATH" 2>/dev/null || echo 0)" -lt 1000000 ]]; then
-    msg_info "Template file missing or too small - downloading"
+    msg_info "Template file missing or too small – downloading"
    rm -f "$TEMPLATE_PATH"
-    download_template
+    pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1 || {
+      msg_error "Failed to download template '$TEMPLATE' to storage '$TEMPLATE_STORAGE'"
+      exit 222
+    }
    msg_ok "Template downloaded"
  elif ! tar -tf "$TEMPLATE_PATH" &>/dev/null; then
-    if [[ "$ARCH" == "arm64" || -n "$ONLINE_TEMPLATE" ]]; then
-      msg_info "Template appears corrupted - re-downloading"
+    if [[ -n "$ONLINE_TEMPLATE" ]]; then
+      msg_info "Template appears corrupted – re-downloading"
      rm -f "$TEMPLATE_PATH"
-      download_template
+      pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1 || {
+        msg_error "Failed to re-download template '$TEMPLATE'"
+        exit 222
+      }
      msg_ok "Template re-downloaded"
    else
      msg_warn "Template appears corrupted, but no online version exists. Skipping re-download."
@@ -6332,9 +6231,9 @@ create_lxc_container() {
    else
      # Not a CTID collision - check if template issue and retry with fresh download
      if grep -qiE 'unable to open|corrupt|invalid' "$LOGFILE"; then
-        msg_info "Template may be corrupted - re-downloading"
+        msg_info "Template may be corrupted – re-downloading"
        rm -f "$TEMPLATE_PATH"
-        download_template
+        pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
        msg_ok "Template re-downloaded"
      fi

@@ -6347,11 +6246,7 @@ create_lxc_container() {
          if [[ ! -f "$LOCAL_TEMPLATE_PATH" ]]; then
            msg_ok "Trying local storage fallback"
            msg_info "Downloading template to local"
-            if [[ "$ARCH" == "arm64" ]]; then
-              download_arm64_template "$LOCAL_TEMPLATE_PATH"
-            else
-              pveam download local "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
-            fi
+            pveam download local "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
            msg_ok "Template downloaded to local"
          else
            msg_ok "Trying local storage fallback"
@@ -346,15 +346,9 @@ pve_check() {
 # - Provides link to ARM64-compatible scripts
 # ------------------------------------------------------------------------------
 arch_check() {
-  local arch
-  arch="$(dpkg --print-architecture)"
-  if [[ "$arch" != "amd64" && "$arch" != "arm64" ]]; then
-    msg_error "This script requires amd64 or arm64 (detected: $arch)."
-    sleep 2
-    exit 106
-  fi
-  if [[ "$arch" == "arm64" && "${var_arm64:-}" != "yes" ]]; then
-    msg_error "This script does not yet support arm64."
+  if [ "$(dpkg --print-architecture)" != "amd64" ]; then
+    msg_error "This script will not work with PiMox (ARM architecture detected)."
+    msg_warn "Visit https://github.com/asylumexp/Proxmox for ARM64 support."
    sleep 2
    exit 106
  fi
@@ -1720,38 +1714,6 @@ function get_lxc_ip() {
  export LOCAL_IP
 }

-# ------------------------------------------------------------------------------
-# ensure_whiptail()
-#
-# - Ensures whiptail is installed
-# - Some ARM64 systems will not have whiptail installed
-# - Exits with error message if installation fails
-# ------------------------------------------------------------------------------
-ensure_whiptail() {
-  command -v whiptail >/dev/null 2>&1 && return 0
-
-  msg_info "Installing whiptail"
-  apt_update_safe
-  $STD apt-get install -y whiptail || {
-    msg_error "Failed to install whiptail"
-    exit 100
-  }
-  msg_ok "Installed whiptail"
-}
-
-# ------------------------------------------------------------------------------
-# arm64_notice()
-#
-# - Shows a short warning when running scripts on ARM64 systems
-# ------------------------------------------------------------------------------
-arm64_notice() {
-  [[ "$(dpkg --print-architecture)" == "arm64" ]] || return 0
-
-  whiptail --backtitle "Proxmox VE Helper Scripts" \
-    --title "ARM64 SUPPORT" \
-    --ok-button "Continue" \
-    --msgbox "ARM64 support is in active development.\n\nSome scripts, packages, or application releases may not be fully tested or working yet." 10 68
-}
 # ==============================================================================
 # SIGNAL TRAPS
 # ==============================================================================
@@ -99,7 +99,7 @@ if ! declare -f explain_exit_code &>/dev/null; then
    103) echo "Validation: Shell is not Bash" ;;
    104) echo "Validation: Not running as root (or invoked via sudo)" ;;
    105) echo "Validation: Proxmox VE version not supported" ;;
-    106) echo "Validation: Unsupported architecture (requires amd64 or arm64)" ;;
+    106) echo "Validation: Architecture not supported (ARM / PiMox)" ;;
    107) echo "Validation: Kernel key parameters unreadable" ;;
    108) echo "Validation: Kernel key limits exceeded" ;;
    109) echo "Proxmox: No available container ID after max attempts" ;;
@@ -3157,14 +3157,10 @@ fetch_and_deploy_codeberg_release() {
    # Fall back to architecture heuristic
    if [[ -z "$url_match" ]]; then
      for u in $assets; do
-        [[ "$u" =~ \.deb$ ]] || continue
-        if [[ "${arch,,}" =~ ^(amd64|x86_64)$ ]]; then
-          [[ "$u" =~ (amd64|x86_64).*\.deb$ ]] || continue
-        elif [[ "${arch,,}" =~ ^(arm64|aarch64)$ ]]; then
-          [[ "$u" =~ (arm64|aarch64).*\.deb$ ]] || continue
+        if [[ "$u" =~ ($arch|amd64|x86_64|aarch64|arm64).*\.deb$ ]]; then
+          url_match="$u"
+          break
        fi
-        url_match="$u"
-        break
      done
    fi

@@ -3461,11 +3457,7 @@ _gh_scan_older_releases() {
        done)
      fi
      if [[ "$has_match" != "true" ]]; then
-        if [[ "${arch,,}" =~ ^(amd64|x86_64)$ ]]; then
-          has_match=$(echo "$releases_list" | jq -r ".[$i].assets[].browser_download_url" | grep -qE '(amd64|x86_64).*\.deb$' && echo true)
-        elif [[ "${arch,,}" =~ ^(arm64|aarch64)$ ]]; then
-          has_match=$(echo "$releases_list" | jq -r ".[$i].assets[].browser_download_url" | grep -qE '(arm64|aarch64).*\.deb$' && echo true)
-        fi
+        has_match=$(echo "$releases_list" | jq -r ".[$i].assets[].browser_download_url" | grep -qE "($arch|amd64|x86_64|aarch64|arm64).*\.deb$" && echo true)
      fi
      if [[ "$has_match" != "true" ]]; then
        has_match=$(echo "$releases_list" | jq -r ".[$i].assets[].browser_download_url" | grep -qE '\.deb$' && echo true)
@@ -3671,14 +3663,10 @@ fetch_and_deploy_gh_release() {
    # If no match via explicit pattern, fall back to architecture heuristic
    if [[ -z "$url_match" ]]; then
      for u in $assets; do
-        [[ "$u" =~ \.deb$ ]] || continue
-        if [[ "${arch,,}" =~ ^(amd64|x86_64)$ ]]; then
-          [[ "$u" =~ (amd64|x86_64).*\.deb$ ]] || continue
-        elif [[ "${arch,,}" =~ ^(arm64|aarch64)$ ]]; then
-          [[ "$u" =~ (arm64|aarch64).*\.deb$ ]] || continue
+        if [[ "$u" =~ ($arch|amd64|x86_64|aarch64|arm64).*\.deb$ ]]; then
+          url_match="$u"
+          break
        fi
-        url_match="$u"
-        break
      done
    fi

@@ -3709,14 +3697,10 @@ fetch_and_deploy_gh_release() {
        fi
        if [[ -z "$url_match" ]]; then
          for u in $assets; do
-            [[ "$u" =~ \.deb$ ]] || continue
-            if [[ "${arch,,}" =~ ^(amd64|x86_64)$ ]]; then
-              [[ "$u" =~ (amd64|x86_64).*\.deb$ ]] || continue
-            elif [[ "${arch,,}" =~ ^(arm64|aarch64)$ ]]; then
-              [[ "$u" =~ (arm64|aarch64).*\.deb$ ]] || continue
+            if [[ "$u" =~ ($arch|amd64|x86_64|aarch64|arm64).*\.deb$ ]]; then
+              url_match="$u"
+              break
            fi
-            url_match="$u"
-            break
          done
        fi
        if [[ -z "$url_match" ]]; then
@@ -4474,12 +4458,7 @@ setup_ffmpeg() {

  # Binary fallback mode
  if [[ "$TYPE" == "binary" ]]; then
-    local ffmpeg_arch
-    case "$(dpkg --print-architecture 2>/dev/null || echo amd64)" in
-    arm64) ffmpeg_arch="arm64" ;;
-    *) ffmpeg_arch="amd64" ;;
-    esac
-    if ! CURL_TIMEOUT=300 curl_with_retry "https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-${ffmpeg_arch}-static.tar.xz" "$TMP_DIR/ffmpeg.tar.xz"; then
+    if ! CURL_TIMEOUT=300 curl_with_retry "https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz" "$TMP_DIR/ffmpeg.tar.xz"; then
      msg_error "Failed to download FFmpeg binary"
      msg_error "Hint: Check connectivity to johnvansickle.com/ffmpeg (static builds, may be slow — large file)"
      rm -rf "$TMP_DIR"
@@ -4567,17 +4546,7 @@ setup_ffmpeg() {
  # If no source download (either VERSION empty or download failed), use binary
  if [[ -z "$VERSION" ]]; then
    msg_info "Setup FFmpeg from pre-built binary"
-    local ffmpeg_arch detected_arch
-    detected_arch="$(dpkg --print-architecture 2>/dev/null || true)"
-    if [[ -z "$detected_arch" ]]; then
-      detected_arch="$(uname -m 2>/dev/null || true)"
-    fi
-    case "$detected_arch" in
-    arm64 | aarch64) ffmpeg_arch="arm64" ;;
-    amd64 | x86_64) ffmpeg_arch="amd64" ;;
-    *) ffmpeg_arch="amd64" ;;
-    esac
-    if ! CURL_TIMEOUT=300 curl_with_retry "https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-${ffmpeg_arch}-static.tar.xz" "$TMP_DIR/ffmpeg.tar.xz"; then
+    if ! CURL_TIMEOUT=300 curl_with_retry "https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz" "$TMP_DIR/ffmpeg.tar.xz"; then
      msg_error "Failed to download FFmpeg pre-built binary"
      msg_error "Hint: Check connectivity to johnvansickle.com/ffmpeg (large file, may timeout on slow connections)"
      rm -rf "$TMP_DIR"
@@ -8607,19 +8576,7 @@ setup_yq() {
    msg_info "Setup yq $LATEST_VERSION"
  fi

-  local yq_arch detected_arch
-  if command -v dpkg &>/dev/null; then
-    detected_arch="$(dpkg --print-architecture 2>/dev/null)"
-  else
-    detected_arch="$(uname -m 2>/dev/null)"
-  fi
-
-  case "$detected_arch" in
-  arm64 | aarch64) yq_arch="arm64" ;;
-  amd64 | x86_64) yq_arch="amd64" ;;
-  *) yq_arch="amd64" ;;
-  esac
-  if ! curl_with_retry "https://github.com/${GITHUB_REPO}/releases/download/v${LATEST_VERSION}/yq_linux_${yq_arch}" "$TMP_DIR/yq"; then
+  if ! curl_with_retry "https://github.com/${GITHUB_REPO}/releases/download/v${LATEST_VERSION}/yq_linux_amd64" "$TMP_DIR/yq"; then
    msg_error "Failed to download yq"
    msg_error "Hint: Check connectivity to github.com/${GITHUB_REPO} — set GITHUB_TOKEN to avoid rate-limiting"
    rm -rf "$TMP_DIR"
@@ -96,14 +96,14 @@ if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
  msg_info "Installing Hardware Acceleration (non-free)"
  pct exec "${privileged_container}" -- bash -c "cat <<EOF >/etc/apt/sources.list.d/non-free.list

-deb https://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
-deb-src https://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
+deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
+deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware

-deb https://deb.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
-deb-src https://deb.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
+deb http://deb.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware
+deb-src http://deb.debian.org/debian-security bookworm-security main contrib non-free non-free-firmware

-deb https://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
-deb-src https://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
+deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
+deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
 EOF"

  pct exec "${privileged_container}" -- bash -c "silent() { \"\$@\" >/dev/null 2>&1; } && $STD apt-get update && $STD apt-get install -y intel-media-va-driver-non-free ocl-icd-libopencl1 intel-opencl-icd vainfo intel-gpu-tools && $STD adduser \$(id -u -n) video && $STD adduser \$(id -u -n) render"
@@ -76,7 +76,7 @@ intel() {
  }

  msg_info "Downloading the Intel Processor Microcode Package $microcode"
-  curl -fsSL --proto '=https' "https://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode" -o "$microcode"
+  curl -fsSL "http://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode" -o $(basename "http://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode")
  msg_ok "Downloaded the Intel Processor Microcode Package $microcode"

  msg_info "Installing $microcode (Patience)"
@@ -90,7 +90,7 @@ intel() {
  }

  msg_info "Downloading Intel processor microcode package $microcode"
-  curl -fsSL --proto '=https' "https://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode" -o "$microcode"
+  curl -fsSL "http://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode" -o $(basename "http://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/$microcode")
  msg_ok "Downloaded Intel processor microcode package $microcode"

  msg_info "Installing $microcode (this might take a while)"
@@ -71,9 +71,9 @@ start_routines() {
  yes)
    msg_info "Changing to Proxmox Backup Server 3 Sources"
    cat <<EOF >/etc/apt/sources.list
-deb https://deb.debian.org/debian bookworm main contrib
-deb https://deb.debian.org/debian bookworm-updates main contrib
-deb https://security.debian.org/debian-security bookworm-security main contrib
+deb http://deb.debian.org/debian bookworm main contrib
+deb http://deb.debian.org/debian bookworm-updates main contrib
+deb http://security.debian.org/debian-security bookworm-security main contrib
 EOF
    msg_ok "Changed to Proxmox Backup Server 3 Sources"
    ;;
@@ -105,7 +105,7 @@ EOF
  yes)
    msg_info "Enabling 'pbs-no-subscription' repository"
    cat <<EOF >/etc/apt/sources.list.d/pbs-install-repo.list
-deb https://download.proxmox.com/debian/pbs bookworm pbs-no-subscription
+deb http://download.proxmox.com/debian/pbs bookworm pbs-no-subscription
 EOF
    msg_ok "Enabled 'pbs-no-subscription' repository"
    ;;
@@ -126,9 +126,9 @@ start_routines_3() {
  yes)
    msg_info "Correcting Debian Sources"
    cat <<EOF >/etc/apt/sources.list
-deb https://deb.debian.org/debian ${VERSION} main contrib
-deb https://deb.debian.org/debian ${VERSION}-updates main contrib
-deb https://security.debian.org/debian-security ${VERSION}-security main contrib
+deb http://deb.debian.org/debian ${VERSION} main contrib
+deb http://deb.debian.org/debian ${VERSION}-updates main contrib
+deb http://security.debian.org/debian-security ${VERSION}-security main contrib
 EOF
    msg_ok "Corrected Debian Sources"
    ;;
@@ -115,9 +115,9 @@ start_routines_8() {
  yes)
    msg_info "Correcting Proxmox VE Sources"
    cat <<EOF >/etc/apt/sources.list
-deb https://deb.debian.org/debian bookworm main contrib
-deb https://deb.debian.org/debian bookworm-updates main contrib
-deb https://security.debian.org/debian-security bookworm-security main contrib
+deb http://deb.debian.org/debian bookworm main contrib
+deb http://deb.debian.org/debian bookworm-updates main contrib
+deb http://security.debian.org/debian-security bookworm-security main contrib
 EOF
    echo 'APT::Get::Update::SourceListWarnings::NonFreeFirmware "false";' >/etc/apt/apt.conf.d/no-bookworm-firmware.conf
    msg_ok "Corrected Proxmox VE Sources"
@@ -146,7 +146,7 @@ EOF
  yes)
    msg_info "Enabling 'pve-no-subscription' repository"
    cat <<EOF >/etc/apt/sources.list.d/pve-install-repo.list
-deb https://download.proxmox.com/debian/pve bookworm pve-no-subscription
+deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
 EOF
    msg_ok "Enabled 'pve-no-subscription' repository"
    ;;
@@ -54,9 +54,9 @@ start_routines() {
  whiptail --backtitle "Proxmox VE Helper Scripts" --msgbox --title "PVE8 SOURCES" "This will set the correct sources to update and install Proxmox VE 8." 10 58
  msg_info "Changing to Proxmox VE 8 Sources"
  cat <<EOF >/etc/apt/sources.list
-deb https://ftp.debian.org/debian bookworm main contrib
-deb https://ftp.debian.org/debian bookworm-updates main contrib
-deb https://security.debian.org/debian-security bookworm-security main contrib
+deb http://ftp.debian.org/debian bookworm main contrib
+deb http://ftp.debian.org/debian bookworm-updates main contrib
+deb http://security.debian.org/debian-security bookworm-security main contrib
 EOF
  msg_ok "Changed to Proxmox VE 8 Sources"

@@ -70,7 +70,7 @@ EOF
  whiptail --backtitle "Proxmox VE Helper Scripts" --msgbox --title "PVE8-NO-SUBSCRIPTION" "The 'pve-no-subscription' repository provides access to all of the open-source components of Proxmox VE." 10 58
  msg_info "Enabling 'pve-no-subscription' repository"
  cat <<EOF >/etc/apt/sources.list.d/pve-install-repo.list
-deb https://download.proxmox.com/debian/pve bookworm pve-no-subscription
+deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
 EOF
  msg_ok "Enabled 'pve-no-subscription' repository"