Update CHANGELOG.md (#10577)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

CHANGELOG.md

@@ -10,14 +10,36 @@
 > [!CAUTION]
 Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit the project's popularity for potentially malicious purposes.
 
+## 2026-01-06
+
 ## 2026-01-05
 
 ### 🚀 Updated Scripts
 
+  - #### 🐞 Bug Fixes
+
+    - reitti: add postgis extension to PostgreSQL DB setup [@MickLesk](https://github.com/MickLesk) ([#10555](https://github.com/community-scripts/ProxmoxVE/pull/10555))
+    - openWRT: separate disk attachment and resizing in VM setup [@MickLesk](https://github.com/MickLesk) ([#10557](https://github.com/community-scripts/ProxmoxVE/pull/10557))
+    - paperless-ai: Set TMPDIR for pip to use disk during install [@MickLesk](https://github.com/MickLesk) ([#10559](https://github.com/community-scripts/ProxmoxVE/pull/10559))
+
   - #### 🔧 Refactor
 
+    - Refactor: Monica [@tremor021](https://github.com/tremor021) ([#10552](https://github.com/community-scripts/ProxmoxVE/pull/10552))
+    - Upgrade Wazuh LXC Container to Debian 13 [@heinemannj](https://github.com/heinemannj) ([#10551](https://github.com/community-scripts/ProxmoxVE/pull/10551))
     - Upgrade evcc LXC to Debian 13 [@heinemannj](https://github.com/heinemannj) ([#10548](https://github.com/community-scripts/ProxmoxVE/pull/10548))
 
+### 💾 Core
+
+  - #### 🔧 Refactor
+
+    - Harden setup_hwaccel for old Intel GPUs [@MickLesk](https://github.com/MickLesk) ([#10556](https://github.com/community-scripts/ProxmoxVE/pull/10556))
+
+### 🧰 Tools
+
+  - #### 🔧 Refactor
+
+    - Refactor: IP-Tag (Multiple IP / Performance / Execution Time)  [@MickLesk](https://github.com/MickLesk) ([#10558](https://github.com/community-scripts/ProxmoxVE/pull/10558))
+
 ## 2026-01-04
 
 ### 🚀 Updated Scripts

ct/monica.sh

@@ -27,10 +27,15 @@ function update_script() {
     msg_error "No ${APP} Installation Found!"
     exit
   fi
-  setup_mariadb
 
+  setup_mariadb
   NODE_VERSION="22" NODE_MODULE="yarn@latest" setup_nodejs
 
+  # Fix for previous versions not having cronjob
+  if ! grep -Fq 'php /opt/monica/artisan schedule:run' /etc/crontab; then
+    echo '* * * * * root php /opt/monica/artisan schedule:run >> /dev/null 2>&1' >>/etc/crontab
+  fi
+
   if check_for_gh_release "monica" "monicahq/monica"; then
     msg_info "Stopping Service"
     systemctl stop apache2

ct/reitti.sh

@@ -28,6 +28,15 @@ function update_script() {
     exit
   fi
 
+  # Enable PostGIS extension if not already enabled
+  if systemctl is-active --quiet postgresql; then
+    if ! sudo -u postgres psql -d reitti_db -tAc "SELECT 1 FROM pg_extension WHERE extname='postgis'" 2>/dev/null | grep -q 1; then
+      msg_info "Enabling PostGIS extension"
+      sudo -u postgres psql -d reitti_db -c "CREATE EXTENSION IF NOT EXISTS postgis;" &>/dev/null
+      msg_ok "Enabled PostGIS extension"
+    fi
+  fi
+
   if [ ! -d /var/cache/nginx/tiles ]; then
     msg_info "Installing Nginx Tile Cache"
     mkdir -p /var/cache/nginx/tiles

ct/wazuh.sh

@@ -11,7 +11,7 @@ var_cpu="${var_cpu:-4}"
 var_ram="${var_ram:-4096}"
 var_disk="${var_disk:-25}"
 var_os="${var_os:-debian}"
-var_version="${var_version:-12}"
+var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"
 
 header_info "$APP"
@@ -27,10 +27,10 @@ function update_script() {
     msg_error "No ${APP} Installation Found!"
     exit
   fi
-  msg_info "Updating ${APP} LXC"
-  $STD apt-get update
-  $STD apt-get -y upgrade
-  msg_ok "Updated ${APP} LXC"
+  msg_info "Updating Wazuh LXC"
+  $STD apt update
+  $STD apt upgrade -y
+  msg_ok "Updated Wazuh LXC"
   msg_ok "Updated successfully!"
   exit
 }

frontend/public/json/versions.json

@@ -1,4 +1,64 @@
 [
+  {
+    "name": "chrisbenincasa/tunarr",
+    "version": "v1.1.0-dev.2",
+    "date": "2026-01-05T21:58:55Z"
+  },
+  {
+    "name": "ZoeyVid/NPMplus",
+    "version": "2025-05-07-r1",
+    "date": "2025-05-07T12:18:42Z"
+  },
+  {
+    "name": "livebook-dev/livebook",
+    "version": "nightly",
+    "date": "2026-01-05T18:49:45Z"
+  },
+  {
+    "name": "VictoriaMetrics/VictoriaMetrics",
+    "version": "pmm-6401-v1.133.0",
+    "date": "2026-01-05T18:31:47Z"
+  },
+  {
+    "name": "zitadel/zitadel",
+    "version": "v4.8.1",
+    "date": "2026-01-05T18:12:51Z"
+  },
+  {
+    "name": "leiweibau/Pi.Alert",
+    "version": "v2026-01-04",
+    "date": "2026-01-05T17:52:56Z"
+  },
+  {
+    "name": "msgbyte/tianji",
+    "version": "v1.31.2",
+    "date": "2026-01-05T17:26:50Z"
+  },
+  {
+    "name": "fosrl/pangolin",
+    "version": "1.14.1-s.1",
+    "date": "2026-01-05T16:31:29Z"
+  },
+  {
+    "name": "home-assistant/core",
+    "version": "2025.12.5",
+    "date": "2025-12-29T12:55:22Z"
+  },
+  {
+    "name": "n8n-io/n8n",
+    "version": "n8n@2.2.3",
+    "date": "2026-01-05T15:11:22Z"
+  },
+  {
+    "name": "Infisical/infisical",
+    "version": "v0.155.0",
+    "date": "2026-01-05T15:04:03Z"
+  },
+  {
+    "name": "keycloak/keycloak",
+    "version": "26.4.7",
+    "date": "2025-12-01T08:14:11Z"
+  },
   {
     "name": "theonedev/onedev",
     "version": "v14.0.2",
@@ -9,6 +69,11 @@
     "version": "v11.1.2",
     "date": "2025-12-17T09:26:24Z"
   },
+  {
+    "name": "metabase/metabase",
+    "version": "v0.57.x",
+    "date": "2026-01-05T10:22:27Z"
+  },
   {
     "name": "maxdorninger/MediaManager",
     "version": "v1.12.1",
@@ -94,11 +159,6 @@
     "version": "1.15.2",
     "date": "2026-01-04T13:04:02Z"
   },
-  {
-    "name": "chrisbenincasa/tunarr",
-    "version": "v1.0.13",
-    "date": "2026-01-04T12:59:19Z"
-  },
   {
     "name": "tobychui/zoraxy",
     "version": "v3.3.1-rc1",
@@ -119,11 +179,6 @@
     "version": "2.228.0",
     "date": "2026-01-03T16:38:36Z"
   },
-  {
-    "name": "ZoeyVid/NPMplus",
-    "version": "2025-05-07-r1",
-    "date": "2025-05-07T12:18:42Z"
-  },
   {
     "name": "homarr-labs/homarr",
     "version": "v1.49.1",
@@ -164,15 +219,10 @@
     "version": "3.4.6",
     "date": "2026-01-02T22:20:47Z"
   },
-  {
-    "name": "keycloak/keycloak",
-    "version": "26.4.7",
-    "date": "2025-12-01T08:14:11Z"
-  },
   {
     "name": "mealie-recipes/mealie",
     "version": "v3.9.2",
-    "date": "2026-01-02T19:40:09Z"
+    "date": "2026-01-02T19:40:19Z"
   },
   {
     "name": "Dokploy/dokploy",
@@ -184,26 +234,11 @@
     "version": "v1.15.4",
     "date": "2026-01-02T16:20:33Z"
   },
-  {
-    "name": "metabase/metabase",
-    "version": "v0.57.x",
-    "date": "2026-01-02T15:44:38Z"
-  },
-  {
-    "name": "livebook-dev/livebook",
-    "version": "v0.18.2",
-    "date": "2025-12-15T19:17:42Z"
-  },
   {
     "name": "gotify/server",
     "version": "v2.8.0",
     "date": "2026-01-02T11:56:16Z"
   },
-  {
-    "name": "n8n-io/n8n",
-    "version": "n8n@2.1.5",
-    "date": "2026-01-02T09:10:15Z"
-  },
   {
     "name": "alexta69/metube",
     "version": "2026.01.02",
@@ -234,11 +269,6 @@
     "version": "2.2.2",
     "date": "2025-12-31T16:53:34Z"
   },
-  {
-    "name": "home-assistant/core",
-    "version": "2025.12.5",
-    "date": "2025-12-29T12:55:22Z"
-  },
   {
     "name": "emqx/emqx",
     "version": "e5.8.9",
@@ -294,11 +324,6 @@
     "version": "1.35.1",
     "date": "2025-12-30T14:21:05Z"
   },
-  {
-    "name": "zitadel/zitadel",
-    "version": "v4.8.0",
-    "date": "2025-12-30T12:16:28Z"
-  },
   {
     "name": "openobserve/openobserve",
     "version": "v0.40.0",
@@ -319,11 +344,6 @@
     "version": "v5.11.2",
     "date": "2025-12-29T21:09:41Z"
   },
-  {
-    "name": "msgbyte/tianji",
-    "version": "v1.31.1",
-    "date": "2025-12-29T16:50:03Z"
-  },
   {
     "name": "traefik/traefik",
     "version": "v3.6.6",
@@ -419,11 +439,6 @@
     "version": "5.2.5",
     "date": "2025-12-25T09:23:10Z"
   },
-  {
-    "name": "fosrl/pangolin",
-    "version": "1.14.1",
-    "date": "2025-12-24T21:33:56Z"
-  },
   {
     "name": "FreshRSS/FreshRSS",
     "version": "1.28.0",
@@ -764,11 +779,6 @@
     "version": "353.1",
     "date": "2025-12-15T10:29:34Z"
   },
-  {
-    "name": "VictoriaMetrics/VictoriaMetrics",
-    "version": "pmm-6401-v1.132.0",
-    "date": "2025-12-15T09:38:46Z"
-  },
   {
     "name": "Prowlarr/Prowlarr",
     "version": "v2.3.0.5236",
@@ -819,11 +829,6 @@
     "version": "v4.4.0",
     "date": "2025-12-13T22:49:07Z"
   },
-  {
-    "name": "leiweibau/Pi.Alert",
-    "version": "v2025-12-14",
-    "date": "2025-12-13T16:39:17Z"
-  },
   {
     "name": "WGDashboard/WGDashboard",
     "version": "v4.3.1",
@@ -884,11 +889,6 @@
     "version": "9.0.1",
     "date": "2025-12-09T18:13:25Z"
   },
-  {
-    "name": "Infisical/infisical",
-    "version": "v0.154.6",
-    "date": "2025-12-09T16:36:25Z"
-  },
   {
     "name": "element-hq/synapse",
     "version": "v1.144.0",

frontend/public/json/wazuh.json

@@ -23,7 +23,7 @@
         "ram": 4096,
         "hdd": 25,
         "os": "debian",
-        "version": "12"
+        "version": "13"
       }
     }
   ],

install/monica-install.sh

@@ -16,23 +16,8 @@ update_os
 PHP_VERSION="8.2" PHP_APACHE="YES" PHP_MODULE="dom,gmp,iconv,mysqli,pdo-mysql,redis,tokenizer" setup_php
 setup_composer
 setup_mariadb
+MARIADB_DB_NAME="monica" MARIADB_DB_USER="monica" setup_mariadb_db
 NODE_VERSION="22" NODE_MODULE="yarn@latest" setup_nodejs
-
-msg_info "Setting up MariaDB"
-DB_NAME=monica
-DB_USER=monica
-DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
-$STD mariadb -u root -e "CREATE DATABASE $DB_NAME;"
-$STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
-$STD mariadb -u root -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-{
-  echo "monica-Credentials"
-  echo "monica Database User: $DB_USER"
-  echo "monica Database Password: $DB_PASS"
-  echo "monica Database Name: $DB_NAME"
-} >>~/monica.creds
-msg_ok "Set up MariaDB"
-
 fetch_and_deploy_gh_release "monica" "monicahq/monica" "prebuild" "latest" "/opt/monica" "monica-v*.tar.bz2"
 
 msg_info "Configuring monica"
@@ -51,6 +36,7 @@ $STD php artisan key:generate
 $STD php artisan setup:production --email=admin@helper-scripts.com --password=helper-scripts.com --force
 chown -R www-data:www-data /opt/monica
 chmod -R 775 /opt/monica/storage
+echo "* * * * * root php /opt/monica/artisan schedule:run >> /dev/null 2>&1" >>/etc/crontab
 msg_ok "Configured monica"
 
 msg_info "Creating Service"

install/paperless-ai-install.sh

@@ -37,8 +37,12 @@ msg_info "Setup Paperless-AI"
 cd /opt/paperless-ai
 $STD python3 -m venv /opt/paperless-ai/venv
 source /opt/paperless-ai/venv/bin/activate
+# TMPDIR to use container disk instead of tmpfs for large pip downloads (https://github.com/community-scripts/ProxmoxVE/issues/10338)
+export TMPDIR=/opt/paperless-ai/tmp
+mkdir -p "$TMPDIR"
 $STD pip install --upgrade pip
 $STD pip install --no-cache-dir -r requirements.txt
+rm -rf "$TMPDIR"
 mkdir -p data/chromadb
 $STD npm ci --only=production
 mkdir -p /opt/paperless-ai/data

install/reitti-install.sh

@@ -24,7 +24,7 @@ msg_ok "Installed Dependencies"
 
 JAVA_VERSION="25" setup_java
 PG_VERSION="17" PG_MODULES="postgis" setup_postgresql
-PG_DB_NAME="reitti_db" PG_DB_USER="reitti" setup_postgresql_db
+PG_DB_NAME="reitti_db" PG_DB_USER="reitti" PG_DB_EXTENSIONS="postgis" setup_postgresql_db
 
 msg_info "Configuring RabbitMQ"
 RABBIT_USER="reitti"

misc/tools.func

@@ -2571,6 +2571,12 @@ function setup_gs() {
 #   - Some things are fetched from intel repositories due to not being in debian repositories.
 # ------------------------------------------------------------------------------
 function setup_hwaccel() {
+  # Check if user explicitly disabled GPU in advanced settings
+  if [[ "${var_gpu:-no}" == "no" ]]; then
+    msg_info "GPU acceleration disabled by user (var_gpu=no) - skipping setup"
+    return 0
+  fi
+
   # Check if GPU passthrough is enabled (device nodes must exist)
   # /dev/dri = Intel iGPU, AMD GPU (open-source drivers)
   # /dev/nvidia* = NVIDIA proprietary drivers
@@ -2583,14 +2589,14 @@ function setup_hwaccel() {
   msg_info "Setup Hardware Acceleration"
 
   if ! command -v lspci &>/dev/null; then
-    $STD apt -y update || {
-      msg_error "Failed to update package list"
-      return 1
-    }
-    $STD apt -y install pciutils || {
-      msg_error "Failed to install pciutils"
-      return 1
-    }
+    if ! $STD apt -y update; then
+      msg_warn "Failed to update package list - skipping hardware acceleration setup"
+      return 0
+    fi
+    if ! $STD apt -y install pciutils; then
+      msg_warn "Failed to install pciutils - skipping hardware acceleration setup"
+      return 0
+    fi
   fi
 
   # Detect GPU vendor (Intel, AMD, NVIDIA)
@@ -2622,34 +2628,76 @@ function setup_hwaccel() {
   case "$gpu_vendor" in
   Intel)
     # Detect Intel GPU generation for driver selection
-    # Gen 9+ (Skylake and newer) benefit from non-free drivers
+    # Gen 9+ (Skylake 2015 and newer): UHD, Iris, Arc - benefit from latest drivers
+    # Gen 7-8 (Haswell 2013-Broadwell 2014): HD 4xxx-5xxx - use repo drivers only
+    # Gen 6 and older (Sandy Bridge 2011 and earlier): HD 2xxx-3xxx - basic repo support
     local intel_gen=""
+    local use_repo_only=false
     local needs_nonfree=false
 
-    # Check for specific Intel GPU models that need non-free drivers
-    if echo "$gpu_info" | grep -Ei 'HD Graphics [56][0-9]{2}|UHD Graphics|Iris|Arc|DG[12]' &>/dev/null; then
+    # Detect older Intel GPUs (Gen 6-8: HD 2xxx through HD 5xxx series)
+    # These should ONLY use repository packages, not latest GitHub releases
+    if echo "$gpu_info" | grep -Ei 'HD Graphics [2-5][0-9]{3}' &>/dev/null; then
+      use_repo_only=true
+      intel_gen="gen6-8"
+      msg_info "Detected older Intel GPU (HD 2000-5999) - using stable repository drivers only"
+    # Detect newer Intel GPUs (Gen 9+: HD 6xxx+, UHD, Iris, Arc)
+    elif echo "$gpu_info" | grep -Ei 'HD Graphics [6-9][0-9]{2,3}|UHD Graphics|Iris|Arc|DG[12]' &>/dev/null; then
       needs_nonfree=true
       intel_gen="gen9+"
+      msg_info "Detected newer Intel GPU (Gen 9+) - installing latest drivers"
+    else
+      # Unknown Intel GPU - play it safe with repo only
+      use_repo_only=true
+      intel_gen="unknown"
+      msg_warn "Unknown Intel GPU detected - using stable repository drivers only"
     fi
 
     if [[ "$os_id" == "ubuntu" ]]; then
       # Ubuntu: Use packages from Ubuntu repos
-      $STD apt -y install \
+      if ! $STD apt -y install \
         va-driver-all \
         ocl-icd-libopencl1 \
-        intel-opencl-icd \
         vainfo \
-        libmfx-gen1.2 \
-        intel-gpu-tools || {
-        msg_error "Failed to install Intel GPU dependencies"
-        return 1
-      }
-      # Try to install intel-media-va-driver for newer GPUs
-      $STD apt -y install intel-media-va-driver 2>/dev/null || true
+        intel-gpu-tools; then
+        msg_warn "Failed to install Intel GPU dependencies - skipping hardware acceleration"
+        return 0
+      fi
+      # Try newer packages that may not be available on all versions
+      $STD apt -y install intel-opencl-icd 2>/dev/null || msg_warn "intel-opencl-icd not available, skipping"
+      $STD apt -y install libmfx-gen1.2 2>/dev/null || msg_warn "libmfx-gen1.2 not available, skipping"
+      $STD apt -y install intel-media-va-driver 2>/dev/null || msg_warn "intel-media-va-driver not available, skipping"
 
     elif [[ "$os_id" == "debian" ]]; then
-      # Debian: Check version and install appropriate drivers
-      if [[ "$needs_nonfree" == true ]]; then
+      # For older GPUs or when we want repo-only packages
+      if [[ "$use_repo_only" == true ]]; then
+        msg_info "Installing Intel GPU drivers from Debian repositories"
+
+        # Fix any broken packages first
+        $STD apt --fix-broken install -y 2>/dev/null || true
+
+        # Install base VA-API and tools (these should always work)
+        if ! $STD apt -y install \
+          va-driver-all \
+          i965-va-driver \
+          vainfo \
+          intel-gpu-tools \
+          ocl-icd-libopencl1; then
+          msg_warn "Failed to install base Intel GPU support - skipping hardware acceleration"
+          return 0
+        fi
+
+        # Try to install additional packages that might help but aren't critical
+        $STD apt -y install mesa-va-drivers 2>/dev/null || msg_warn "mesa-va-drivers not available"
+        # Skip intel-opencl-icd on Debian 12 (Bookworm) - causes dependency issues with old GPUs
+        if [[ "$os_codename" != "bookworm" ]]; then
+          $STD apt -y install intel-opencl-icd 2>/dev/null || msg_warn "OpenCL support not available from repositories"
+        fi
+
+        msg_ok "Installed Intel GPU drivers from Debian repositories (stable)"
+
+      # For newer GPUs, try non-free drivers first, then fallback
+      elif [[ "$needs_nonfree" == true ]]; then
         # Add non-free repo for intel-media-va-driver-non-free
         if [[ "$os_codename" == "bookworm" ]]; then
           # Debian 12 Bookworm
@@ -2662,16 +2710,37 @@ Components: non-free non-free-firmware
 EOF
             $STD apt update
           fi
-          $STD apt -y install \
+
+          # Fetch Intel IGC packages from GitHub - not available in Debian 12 repos
+          # intel-opencl-icd and libigdgmm12 are available, so we install those via apt
+          msg_info "Installing Intel IGC packages from GitHub releases"
+
+          fetch_and_deploy_gh_release "intel-igc-core" "intel/intel-graphics-compiler" "binary" "latest" "" "intel-igc-core_*_amd64.deb" || {
+            msg_warn "Failed to deploy Intel IGC core"
+          }
+
+          fetch_and_deploy_gh_release "intel-graphics-compiler" "intel/intel-graphics-compiler" "binary" "latest" "" "intel-graphics-compiler_*_amd64.deb" || {
+            msg_warn "Failed to deploy Intel graphics compiler"
+          }
+
+          fetch_and_deploy_gh_release "intel-igc-opencl" "intel/intel-graphics-compiler" "binary" "latest" "" "intel-igc-opencl_*_amd64.deb" || {
+            msg_warn "Failed to deploy Intel IGC OpenCL"
+          }
+
+          # Try installing non-free drivers for newer Intel GPUs
+          if $STD apt -y install \
             intel-media-va-driver-non-free \
-            ocl-icd-libopencl1 \
             intel-opencl-icd \
+            libigdgmm12 \
+            ocl-icd-libopencl1 \
             vainfo \
             libmfx-gen1.2 \
-            intel-gpu-tools || {
-            msg_warn "Non-free driver install failed, falling back to open drivers"
-            needs_nonfree=false
-          }
+            intel-gpu-tools; then
+            msg_ok "Installed Intel non-free drivers for Gen 9+ GPU"
+          else
+            msg_warn "Non-free driver install failed, falling back to repository drivers"
+            use_repo_only=true
+          fi
 
         elif [[ "$os_codename" == "trixie" || "$os_codename" == "sid" ]]; then
           # Debian 13 Trixie / Sid
@@ -2689,62 +2758,88 @@ Components: non-free non-free-firmware
 EOF
             $STD apt update
           fi
-          $STD apt -y install \
+
+          # Fetch Intel packages from GitHub - not available in Debian 13 repos
+          # libigdgmm12 is available in trixie, but intel-opencl-icd is missing
+          msg_info "Installing Intel packages from GitHub releases"
+
+          fetch_and_deploy_gh_release "intel-igc-core" "intel/intel-graphics-compiler" "binary" "latest" "" "intel-igc-core_*_amd64.deb" || {
+            msg_warn "Failed to deploy Intel IGC core"
+          }
+
+          fetch_and_deploy_gh_release "intel-graphics-compiler" "intel/intel-graphics-compiler" "binary" "latest" "" "intel-graphics-compiler_*_amd64.deb" || {
+            msg_warn "Failed to deploy Intel graphics compiler"
+          }
+
+          fetch_and_deploy_gh_release "intel-igc-opencl" "intel/intel-graphics-compiler" "binary" "latest" "" "intel-igc-opencl_*_amd64.deb" || {
+            msg_warn "Failed to deploy Intel IGC OpenCL"
+          }
+
+          fetch_and_deploy_gh_release "intel-opencl-icd" "intel/compute-runtime" "binary" "latest" "" "intel-opencl-icd_*_amd64.deb" || {
+            msg_warn "Failed to deploy Intel OpenCL ICD (missing from trixie repos)"
+          }
+
+          # Try installing packages for Debian 13
+          if $STD apt -y install \
             intel-media-va-driver-non-free \
+            libigdgmm12 \
             ocl-icd-libopencl1 \
             mesa-opencl-icd \
             mesa-va-drivers \
             libvpl2 \
             vainfo \
             libmfx-gen1.2 \
-            intel-gpu-tools 2>/dev/null || {
-            msg_warn "Non-free driver install failed, falling back to open drivers"
-            needs_nonfree=false
-          }
+            intel-gpu-tools 2>/dev/null; then
+            msg_ok "Installed Intel drivers for Gen 9+ GPU (Debian 13)"
+          else
+            msg_warn "Advanced driver install failed, falling back to repository drivers"
+            use_repo_only=true
+          fi
+        else
+          # Unknown Debian version - use repo only
+          use_repo_only=true
         fi
       fi
 
-      # Fallback to open drivers or older Intel GPUs
-      if [[ "$needs_nonfree" == false ]]; then
-        # Fetch latest Intel drivers from GitHub for Debian
-        fetch_and_deploy_gh_release "intel-igc-core" "intel/intel-graphics-compiler" "binary" "latest" "" "intel-igc-core-2_*_amd64.deb" || {
-          msg_warn "Failed to deploy Intel IGC core 2"
-        }
-        fetch_and_deploy_gh_release "intel-igc-opencl" "intel/intel-graphics-compiler" "binary" "latest" "" "intel-igc-opencl-2_*_amd64.deb" || {
-          msg_warn "Failed to deploy Intel IGC OpenCL 2"
-        }
-        fetch_and_deploy_gh_release "libigdgmm12" "intel/compute-runtime" "binary" "latest" "" "libigdgmm12_*_amd64.deb" || {
-          msg_warn "Failed to deploy Intel GDGMM12"
-        }
-        fetch_and_deploy_gh_release "intel-opencl-icd" "intel/compute-runtime" "binary" "latest" "" "intel-opencl-icd_*_amd64.deb" || {
-          msg_warn "Failed to deploy Intel OpenCL ICD"
-        }
+      # Fallback: If we set use_repo_only during error handling above
+      if [[ "$use_repo_only" == true && "$needs_nonfree" == true ]]; then
+        msg_info "Installing fallback Intel GPU drivers from repositories"
 
-        $STD apt -y install \
+        # Fix any broken packages from failed install attempts
+        $STD apt --fix-broken install -y 2>/dev/null || true
+        $STD apt -y autoremove 2>/dev/null || true
+
+        # Remove any partially installed packages that are causing issues
+        dpkg -l | grep -E 'intel-igc|libigdgmm|intel-opencl-icd' | awk '{print $2}' | xargs -r dpkg --purge 2>/dev/null || true
+
+        # Clean install of stable repository packages
+        if ! $STD apt -y install \
           va-driver-all \
+          i965-va-driver \
           ocl-icd-libopencl1 \
           mesa-opencl-icd \
           mesa-va-drivers \
           vainfo \
-          intel-gpu-tools || {
-          msg_error "Failed to install Intel GPU dependencies"
-          return 1
-        }
+          intel-gpu-tools; then
+          msg_warn "Failed to install fallback Intel GPU dependencies - skipping hardware acceleration"
+          return 0
+        fi
+        msg_ok "Installed fallback Intel GPU drivers from repositories"
       fi
     fi
     ;;
 
   AMD)
-    $STD apt -y install \
+    if ! $STD apt -y install \
       mesa-va-drivers \
       mesa-vdpau-drivers \
       mesa-opencl-icd \
       ocl-icd-libopencl1 \
       vainfo \
-      clinfo 2>/dev/null || {
-      msg_error "Failed to install AMD GPU dependencies"
-      return 1
-    }
+      clinfo 2>/dev/null; then
+      msg_warn "Failed to install AMD GPU dependencies - skipping hardware acceleration"
+      return 0
+    fi
 
     # For AMD GPUs, firmware-amd-graphics requires non-free repositories
     if [[ "$os_id" == "debian" ]]; then
@@ -2819,19 +2914,33 @@ EOF
 
   # Set permissions for /dev/dri (only in privileged containers and if /dev/dri exists)
   if [[ "$in_ct" == "0" && -d /dev/dri ]]; then
-    chgrp video /dev/dri 2>/dev/null || true
-    chmod 755 /dev/dri 2>/dev/null || true
-    chmod 660 /dev/dri/* 2>/dev/null || true
-    $STD adduser "$(id -u -n)" video 2>/dev/null || true
-    $STD adduser "$(id -u -n)" render 2>/dev/null || true
+    # Verify /dev/dri contains actual device nodes
+    if ls /dev/dri/card* /dev/dri/renderD* &>/dev/null; then
+      chgrp video /dev/dri 2>/dev/null || true
+      chmod 755 /dev/dri 2>/dev/null || true
+      chmod 660 /dev/dri/* 2>/dev/null || true
+      $STD adduser "$(id -u -n)" video 2>/dev/null || true
+      $STD adduser "$(id -u -n)" render 2>/dev/null || true
 
-    # Sync GID for video/render groups between host and container
-    local host_video_gid host_render_gid
-    host_video_gid=$(getent group video | cut -d: -f3)
-    host_render_gid=$(getent group render | cut -d: -f3)
-    if [[ -n "$host_video_gid" && -n "$host_render_gid" ]]; then
-      sed -i "s/^video:x:[0-9]*:/video:x:$host_video_gid:/" /etc/group 2>/dev/null || true
-      sed -i "s/^render:x:[0-9]*:/render:x:$host_render_gid:/" /etc/group 2>/dev/null || true
+      # Sync GID for video/render groups between host and container
+      local host_video_gid host_render_gid
+      host_video_gid=$(getent group video | cut -d: -f3)
+      host_render_gid=$(getent group render | cut -d: -f3)
+      if [[ -n "$host_video_gid" && -n "$host_render_gid" ]]; then
+        sed -i "s/^video:x:[0-9]*:/video:x:$host_video_gid:/" /etc/group 2>/dev/null || true
+        sed -i "s/^render:x:[0-9]*:/render:x:$host_render_gid:/" /etc/group 2>/dev/null || true
+      fi
+
+      # Basic GPU functionality test
+      if command -v vainfo &>/dev/null; then
+        if vainfo &>/dev/null; then
+          msg_info "GPU hardware acceleration verified and working"
+        else
+          msg_warn "GPU drivers installed but vainfo test failed - check host GPU passthrough configuration"
+        fi
+      fi
+    else
+      msg_warn "/dev/dri exists but contains no device nodes - GPU passthrough may not be configured correctly"
     fi
   fi
 
@@ -3264,12 +3373,12 @@ setup_mariadb() {
   # Configure tmpfiles.d to ensure /run/mysqld directory is created on boot
   # This fixes the issue where MariaDB fails to start after container reboot
   msg_info "Configuring MariaDB runtime directory persistence"
-  
+
   # Create tmpfiles.d configuration with error handling
-  if ! printf '# Ensure /run/mysqld directory exists with correct permissions for MariaDB\nd /run/mysqld 0755 mysql mysql -\n' > /etc/tmpfiles.d/mariadb.conf; then
+  if ! printf '# Ensure /run/mysqld directory exists with correct permissions for MariaDB\nd /run/mysqld 0755 mysql mysql -\n' >/etc/tmpfiles.d/mariadb.conf; then
     msg_warn "Failed to create /etc/tmpfiles.d/mariadb.conf - runtime directory may not persist on reboot"
   fi
-  
+
   # Create the directory now if it doesn't exist
   # Verify mysql user exists before attempting ownership change
   if [[ ! -d /run/mysqld ]]; then
@@ -3283,7 +3392,7 @@ setup_mariadb() {
       msg_warn "mysql user not found - directory created with correct permissions but ownership not set"
     fi
   fi
-  
+
   msg_ok "Configured MariaDB runtime directory persistence"
 
   cache_installed_version "mariadb" "$MARIADB_VERSION"

tools/pve/add-iptag.sh

@@ -57,7 +57,7 @@ spinner() {
   local frames=('⠋' '⠙' '⠹' '⠸' '⠼' '⠴' '⠦' '⠧' '⠇' '⠏')
   local spin_i=0
   local interval=0.1
-  
+
   trap 'exit 0' TERM INT
   printf "\e[?25l" 2>/dev/null
 
@@ -107,7 +107,6 @@ migrate_config() {
   fi
 }
 
-
 # Update existing installation
 update_installation() {
   msg_info "Updating IP-Tag Scripts"
@@ -179,7 +178,7 @@ EOF
   systemctl daemon-reload &>/dev/null
   systemctl enable -q --now iptag.service &>/dev/null
   msg_ok "Updated IP-Tag Scripts"
-  
+
   # Show configuration information after update
   show_post_install_info
 }
@@ -187,7 +186,7 @@ EOF
 # Install only command without service
 install_command_only() {
   msg_info "Installing IP-Tag Command Only"
-  
+
   # Create directory if it doesn't exist
   if [[ ! -d "/opt/iptag" ]]; then
     mkdir -p /opt/iptag
@@ -207,15 +206,15 @@ install_command_only() {
     echo -e "\n${YW}Configuration file already exists.${CL}"
     read -p "Do you want to reconfigure tag format? (y/n): " reconfigure
     case $reconfigure in
-      [Yy]*)
-        interactive_config_setup_command
-        msg_info "Updating Configuration"
-        generate_config >/opt/iptag/iptag.conf
-        msg_ok "Updated configuration file"
-        ;;
-      *)
-        msg_ok "Keeping existing configuration file"
-        ;;
+    [Yy]*)
+      interactive_config_setup_command
+      msg_info "Updating Configuration"
+      generate_config >/opt/iptag/iptag.conf
+      msg_ok "Updated configuration file"
+      ;;
+    *)
+      msg_ok "Keeping existing configuration file"
+      ;;
     esac
   fi
 
@@ -240,7 +239,7 @@ exec "$SCRIPT_FILE"
 EOF
   chmod +x /usr/local/bin/iptag-run
   msg_ok "Created iptag-run command"
-  
+
   msg_ok "IP-Tag Command installed successfully! Use 'iptag-run' to run manually."
 }
 
@@ -248,14 +247,14 @@ EOF
 show_post_install_info() {
   stop_spinner
   echo -e "\n${YW}=== Next Steps ===${CL}"
-  
+
   # Show usage information
   if command -v iptag-run >/dev/null 2>&1; then
     echo -e "${YW}Run IP tagging manually: ${GN}iptag-run${CL}"
     echo -e "${YW}Add to cron for scheduled execution if needed${CL}"
     echo -e ""
   fi
-  
+
   echo -e "${RD}IMPORTANT: Configure your network subnets!${CL}"
   echo -e ""
   echo -e "${YW}Configuration file: ${GN}/opt/iptag/iptag.conf${CL}"
@@ -274,37 +273,37 @@ show_post_install_info() {
 # Interactive configuration setup for command-only (TAG_FORMAT only)
 interactive_config_setup_command() {
   echo -e "\n${YW}=== Configuration Setup ===${CL}"
-  
+
   # TAG_FORMAT configuration
   echo -e "\n${YW}Select tag format:${CL}"
   echo -e "${GN}1)${CL} last_two_octets - Show last two octets (e.g., 0.100) [Default]"
   echo -e "${GN}2)${CL} last_octet - Show only last octet (e.g., 100)"
   echo -e "${GN}3)${CL} full - Show full IP address (e.g., 192.168.0.100)"
-  
+
   while true; do
     read -p "Enter your choice (1-3) [1]: " tag_choice
     case ${tag_choice:-1} in
-      1)
-        TAG_FORMAT="last_two_octets"
-        echo -e "${GN}✓ Selected: last_two_octets${CL}"
-        break
-        ;;
-      2)
-        TAG_FORMAT="last_octet"
-        echo -e "${GN}✓ Selected: last_octet${CL}"
-        break
-        ;;
-      3)
-        TAG_FORMAT="full"
-        echo -e "${GN}✓ Selected: full${CL}"
-        break
-        ;;
-      *)
-        echo -e "${RD}Please enter 1, 2, or 3.${CL}"
-        ;;
+    1)
+      TAG_FORMAT="last_two_octets"
+      echo -e "${GN}✓ Selected: last_two_octets${CL}"
+      break
+      ;;
+    2)
+      TAG_FORMAT="last_octet"
+      echo -e "${GN}✓ Selected: last_octet${CL}"
+      break
+      ;;
+    3)
+      TAG_FORMAT="full"
+      echo -e "${GN}✓ Selected: full${CL}"
+      break
+      ;;
+    *)
+      echo -e "${RD}Please enter 1, 2, or 3.${CL}"
+      ;;
     esac
   done
-  
+
   # Set default LOOP_INTERVAL for command mode
   LOOP_INTERVAL=300
 }
@@ -312,46 +311,46 @@ interactive_config_setup_command() {
 # Interactive configuration setup for service (TAG_FORMAT + LOOP_INTERVAL)
 interactive_config_setup() {
   echo -e "\n${YW}=== Configuration Setup ===${CL}"
-  
+
   # TAG_FORMAT configuration
   echo -e "\n${YW}Select tag format:${CL}"
   echo -e "${GN}1)${CL} last_two_octets - Show last two octets (e.g., 0.100) [Default]"
   echo -e "${GN}2)${CL} last_octet - Show only last octet (e.g., 100)"
   echo -e "${GN}3)${CL} full - Show full IP address (e.g., 192.168.0.100)"
-  
+
   while true; do
     read -p "Enter your choice (1-3) [1]: " tag_choice
     case ${tag_choice:-1} in
-      1)
-        TAG_FORMAT="last_two_octets"
-        echo -e "${GN}✓ Selected: last_two_octets${CL}"
-        break
-        ;;
-      2)
-        TAG_FORMAT="last_octet"
-        echo -e "${GN}✓ Selected: last_octet${CL}"
-        break
-        ;;
-      3)
-        TAG_FORMAT="full"
-        echo -e "${GN}✓ Selected: full${CL}"
-        break
-        ;;
-      *)
-        echo -e "${RD}Please enter 1, 2, or 3.${CL}"
-        ;;
+    1)
+      TAG_FORMAT="last_two_octets"
+      echo -e "${GN}✓ Selected: last_two_octets${CL}"
+      break
+      ;;
+    2)
+      TAG_FORMAT="last_octet"
+      echo -e "${GN}✓ Selected: last_octet${CL}"
+      break
+      ;;
+    3)
+      TAG_FORMAT="full"
+      echo -e "${GN}✓ Selected: full${CL}"
+      break
+      ;;
+    *)
+      echo -e "${RD}Please enter 1, 2, or 3.${CL}"
+      ;;
     esac
   done
-  
+
   # LOOP_INTERVAL configuration
   echo -e "\n${YW}Set check interval (in seconds):${CL}"
   echo -e "${YW}Default: 300 seconds (5 minutes)${CL}"
   echo -e "${YW}Recommended range: 300-3600 seconds${CL}"
-  
+
   while true; do
     read -p "Enter interval in seconds [300]: " interval_input
     interval_input=${interval_input:-300}
-    
+
     if [[ $interval_input =~ ^[0-9]+$ ]] && [ $interval_input -ge 300 ] && [ $interval_input -le 7200 ]; then
       LOOP_INTERVAL=$interval_input
       echo -e "${GN}✓ Selected: ${LOOP_INTERVAL} seconds${CL}"
@@ -646,21 +645,40 @@ get_vm_ips() {
     echo "$unique_ips"
 }
 
+# Cache for configs to avoid repeated reads
+declare -A CONFIG_CACHE
+declare -A IP_CACHE
+
 # Update tags for container or VM
 update_tags() {
     local type="$1" vmid="$2"
     local current_ips_full
+    local current_tags_raw=""
 
-    if [[ "$type" == "lxc" ]]; then
-        current_ips_full=$(get_lxc_ips "${vmid}")
-        while IFS= read -r line; do
-          [[ "$line" == tags:* ]] && current_tags_raw="${line#tags: }" && break
-        done < <(pct config "$vmid" 2>/dev/null)
+    # Get IPs with caching
+    local cache_key="${type}_${vmid}"
+    if [[ -n "${IP_CACHE[$cache_key]:-}" ]]; then
+        current_ips_full="${IP_CACHE[$cache_key]}"
+        debug_log "$type $vmid: using cached IPs"
+    else
+        if [[ "$type" == "lxc" ]]; then
+            current_ips_full=$(get_lxc_ips "${vmid}")
+        else
+            current_ips_full=$(get_vm_ips "${vmid}")
+        fi
+        IP_CACHE[$cache_key]="$current_ips_full"
+    fi
+
+    # Get current tags (optimized file reading)
+    if [[ "$type" == "lxc" ]]; then
+        local config_file="/etc/pve/lxc/${vmid}.conf"
+        if [[ -f "$config_file" ]]; then
+            current_tags_raw=$(grep "^tags:" "$config_file" 2>/dev/null | cut -d: -f2 | sed 's/^[[:space:]]*//')
+        fi
     else
-        current_ips_full=$(get_vm_ips "${vmid}")
         local vm_config="/etc/pve/qemu-server/${vmid}.conf"
         if [[ -f "$vm_config" ]]; then
-            local current_tags_raw=$(grep "^tags:" "$vm_config" 2>/dev/null | cut -d: -f2 | sed 's/^[[:space:]]*//')
+            current_tags_raw=$(grep "^tags:" "$vm_config" 2>/dev/null | cut -d: -f2 | sed 's/^[[:space:]]*//')
         fi
     fi
 
@@ -818,11 +836,15 @@ update_tags() {
 update_all_tags() {
     local type="$1" vmids count=0
     
+    # Get list of all containers/VMs
     if [[ "$type" == "lxc" ]]; then
         vmids=($(pct list 2>/dev/null | grep -v VMID | awk '{print $1}'))
     else
-        local all_vm_configs=($(ls /etc/pve/qemu-server/*.conf 2>/dev/null | sed 's/.*\/\([0-9]*\)\.conf/\1/' | sort -n))
-        vmids=("${all_vm_configs[@]}")
+        # More efficient: direct file listing instead of ls+sed
+        vmids=()
+        for conf in /etc/pve/qemu-server/*.conf 2>/dev/null; do
+            [[ -f "$conf" ]] && vmids+=("${conf##*/}" | sed 's/\.conf$//')
+        done
     fi
     
     count=${#vmids[@]}
@@ -830,14 +852,16 @@ update_all_tags() {
     
     # Display processing header with color
     if [[ "$type" == "lxc" ]]; then
-        log_info "Processing ${WHITE}${count}${NC} LXC container(s) sequentially"
+        log_info "Processing ${WHITE}${count}${NC} LXC container(s)"
     else
-        log_info "Processing ${WHITE}${count}${NC} virtual machine(s) sequentially"
+        log_info "Processing ${WHITE}${count}${NC} virtual machine(s)"
     fi
     
-    # Process each VM/LXC container sequentially
+    # Process each VM/LXC container
+    local processed=0
     for vmid in "${vmids[@]}"; do
         update_tags "$type" "$vmid"
+        ((processed++))
     done
     
     # Add completion message
@@ -848,32 +872,25 @@ update_all_tags() {
     fi
 }
 
-# Check if status changed
-check_status_changed() {
-    local type="$1" current
-    case "$type" in
-        "lxc") current=$(pct list 2>/dev/null | grep -v VMID) ;;
-        "vm")  current=$(ls -la /etc/pve/qemu-server/*.conf 2>/dev/null) ;;
-        "fw")  current=$(ip link show type bridge 2>/dev/null) ;;
-    esac
-    local last_var="last_${type}_status"
-    [[ "${!last_var}" == "$current" ]] && return 1
-    eval "$last_var='$current'"
-    return 0
-}
-
 # Main check function
 check() {
-    local current_time=$(date +%s)
+    local start_time=$(date +%s)
     
-    # Simple periodic check - always update both LXC and VM every loop
     log_info "Starting periodic check"
     
+    # Clear caches before each run
+    CONFIG_CACHE=()
+    IP_CACHE=()
+    
     # Update LXC containers
     update_all_tags "lxc"
     
     # Update VMs  
     update_all_tags "vm"
+    
+    local end_time=$(date +%s)
+    local duration=$((end_time - start_time))
+    log_success "Check completed in ${WHITE}${duration}${NC} seconds"
 }
 
 # Main loop
@@ -917,40 +934,54 @@ get_lxc_ips() {
     
     local ips=""
     
-    # Method 1: Check Proxmox config for static IP
+    # Method 1: Check Proxmox config for ALL static IPs (multiple interfaces)
     local pve_lxc_config="/etc/pve/lxc/${vmid}.conf"
     if [[ -f "$pve_lxc_config" ]]; then
-        local static_ip=$(grep -E "^net[0-9]+:" "$pve_lxc_config" 2>/dev/null | grep -oE 'ip=([0-9]{1,3}\.){3}[0-9]{1,3}' | cut -d'=' -f2 | head -1)
-        if [[ -n "$static_ip" && "$static_ip" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
-            debug_log "lxc $vmid: found static IP $static_ip in config"
-            ips="$static_ip"
+        local static_ips=$(grep -E "^net[0-9]+:" "$pve_lxc_config" 2>/dev/null | grep -oE 'ip=([0-9]{1,3}\.){3}[0-9]{1,3}' | cut -d'=' -f2)
+        if [[ -n "$static_ips" ]]; then
+            while IFS= read -r ip; do
+                if [[ "$ip" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
+                    debug_log "lxc $vmid: found static IP $ip in config"
+                    ips="${ips}${ips:+ }${ip}"
+                fi
+            done <<< "$static_ips"
         fi
     fi
     
-    # Method 2: ARP table lookup if no static IP
+    # Method 2: ARP table lookup for ALL MAC addresses if no static IPs found
     if [[ -z "$ips" && -f "$pve_lxc_config" ]]; then
-        local mac_addr=$(grep -Eo 'hwaddr=([0-9A-Fa-f]{2}:){5}[0-9A-Fa-f]{2}' "$pve_lxc_config" | head -1 | cut -d'=' -f2)
-        if [[ -n "$mac_addr" ]]; then
-            local bridge_name=$(grep -Eo 'bridge=[^,]+' "$pve_lxc_config" | head -1 | cut -d'=' -f2)
-            local arp_ip=$(ip neighbor show | grep "$mac_addr" | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' | head -1)
-            if [[ -n "$arp_ip" && "$arp_ip" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
-                debug_log "lxc $vmid: found IP $arp_ip via ARP table"
-                ips="$arp_ip"
-            fi
+        local mac_addrs=$(grep -Eo 'hwaddr=([0-9A-Fa-f]{2}:){5}[0-9A-Fa-f]{2}' "$pve_lxc_config" | cut -d'=' -f2)
+        if [[ -n "$mac_addrs" ]]; then
+            while IFS= read -r mac_addr; do
+                [[ -z "$mac_addr" ]] && continue
+                local arp_ip=$(ip neighbor show | grep -i "$mac_addr" | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' | head -1)
+                if [[ -n "$arp_ip" && "$arp_ip" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
+                    debug_log "lxc $vmid: found IP $arp_ip via ARP table for MAC $mac_addr"
+                    ips="${ips}${ips:+ }${arp_ip}"
+                fi
+            done <<< "$mac_addrs"
         fi
     fi
     
-    # Method 3: Direct container command if ARP failed
+    # Method 3: Direct container command to get ALL IPs if previous methods failed
     if [[ -z "$ips" ]]; then
-        local container_ip=$(timeout 5s pct exec "$vmid" -- ip -4 addr show 2>/dev/null | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' | grep -v '127.0.0.1' | head -1)
-        if [[ -n "$container_ip" ]] && is_valid_ipv4 "$container_ip"; then
-            debug_log "lxc $vmid: found IP $container_ip via pct exec"
-            ips="$container_ip"
+        local container_ips=$(timeout 5s pct exec "$vmid" -- ip -4 addr show 2>/dev/null | grep -oE 'inet ([0-9]{1,3}\.){3}[0-9]{1,3}' | awk '{print $2}' | grep -v '127.0.0.1')
+        if [[ -n "$container_ips" ]]; then
+            while IFS= read -r ip; do
+                if is_valid_ipv4 "$ip"; then
+                    debug_log "lxc $vmid: found IP $ip via pct exec"
+                    ips="${ips}${ips:+ }${ip}"
+                fi
+            done <<< "$container_ips"
         fi
     fi
     
-    debug_log "lxc $vmid: final IPs: '$ips'"
-    echo "$ips"
+    # Remove duplicates and clean up
+    local unique_ips=$(echo "$ips" | tr ' ' '\n' | sort -u | tr '\n' ' ')
+    unique_ips="${unique_ips% }"
+    
+    debug_log "lxc $vmid: final IPs: '$unique_ips'"
+    echo "$unique_ips"
 }
 
 main
@@ -967,28 +998,28 @@ echo -e "${RD}4)${CL} Cancel"
 while true; do
   read -p "Enter your choice (1-4): " choice
   case $choice in
-    1)
-      INSTALL_MODE="service"
-      echo -e "${GN}✓ Selected: Service installation${CL}"
-      break
-      ;;
-    2)
-      INSTALL_MODE="command"
-      echo -e "${GN}✓ Selected: Command-only installation${CL}"
-      break
-      ;;
-    3)
-      echo -e "${GN}✓ Selected: Update installation${CL}"
-      update_installation
-      exit 0
-      ;;
-    4)
-      msg_error "Action cancelled."
-      exit 0
-      ;;
-    *)
-      msg_error "Please enter 1, 2, 3, or 4."
-      ;;
+  1)
+    INSTALL_MODE="service"
+    echo -e "${GN}✓ Selected: Service installation${CL}"
+    break
+    ;;
+  2)
+    INSTALL_MODE="command"
+    echo -e "${GN}✓ Selected: Command-only installation${CL}"
+    break
+    ;;
+  3)
+    echo -e "${GN}✓ Selected: Update installation${CL}"
+    update_installation
+    exit 0
+    ;;
+  4)
+    msg_error "Action cancelled."
+    exit 0
+    ;;
+  *)
+    msg_error "Please enter 1, 2, 3, or 4."
+    ;;
   esac
 done
 
@@ -1043,15 +1074,15 @@ if [[ "$INSTALL_MODE" == "service" ]]; then
     echo -e "\n${YW}Configuration file already exists.${CL}"
     read -p "Do you want to reconfigure tag format and loop interval? (y/n): " reconfigure
     case $reconfigure in
-      [Yy]*)
-        interactive_config_setup
-        msg_info "Updating Configuration"
-        generate_config >/opt/iptag/iptag.conf
-        msg_ok "Updated configuration file"
-        ;;
-      *)
-        msg_ok "Keeping existing configuration file"
-        ;;
+    [Yy]*)
+      interactive_config_setup
+      msg_info "Updating Configuration"
+      generate_config >/opt/iptag/iptag.conf
+      msg_ok "Updated configuration file"
+      ;;
+    *)
+      msg_ok "Keeping existing configuration file"
+      ;;
     esac
   fi
 
@@ -1083,21 +1114,21 @@ exec "$SCRIPT_FILE"
 EOF
   chmod +x /usr/local/bin/iptag-run
   msg_ok "Created iptag-run command"
-  
+
   echo -e "\n${GN}${APP} service installation completed successfully! ${CL}"
   echo -e "${YW}The service is now running automatically.${CL}"
   echo -e "${YW}You can also run it manually with: ${GN}iptag-run${CL}\n"
-  
+
   # Show configuration information
   show_post_install_info
-  
+
 elif [[ "$INSTALL_MODE" == "command" ]]; then
   # Command-only installation
   install_command_only
-  
+
   stop_spinner
   echo -e "\n${GN}${APP} command installation completed successfully! ${CL}"
-  
+
   # Show configuration information
   show_post_install_info
 fi

vm/openwrt-vm.sh

@@ -552,10 +552,14 @@ fi
 
 qm set "$VMID" \
   -efidisk0 "${STORAGE}:0,efitype=4m,size=4M" \
-  -scsi0 "${DISK_REF},size=${DISK_SIZE}" \
+  -scsi0 "${DISK_REF}" \
   -boot order=scsi0 \
   -tags community-script >/dev/null
-msg_ok "Attached disk (${DISK_SIZE})"
+msg_ok "Attached disk"
+
+msg_info "Resizing disk to ${DISK_SIZE}"
+qm disk resize "$VMID" scsi0 "${DISK_SIZE}" >/dev/null
+msg_ok "Resized disk to ${DISK_SIZE}"
 
 DESCRIPTION=$(
   cat <<EOF