Cut IP-Tag CPU usage by avoiding per-guest pct/qm status calls

The periodic check spawned one `pct status` per container and one
`qm status` per VM each cycle. Both are heavy Perl tools (~hundreds of ms
CPU per invocation), so on hosts with many guests the 5-minute run caused
a noticeable CPU spike.

- Derive LXC status from the single `pct list` call that is already made
  for enumeration.
- Add one `qm list` call to collect all VM statuses at once.
- Store both in a per-cycle STATUS_CACHE and read from it instead of
  calling `pct status` / `qm status` per guest (with a fallback for direct
  calls outside the cycle).

CHANGELOG.md

@@ -494,28 +494,15 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
   - #### 🐞 Bug Fixes
 
-    - Docuseal: use real SECRET_KEY_BASE for db:migrate on update [@MickLesk](https://github.com/MickLesk) ([#15411](https://github.com/community-scripts/ProxmoxVE/pull/15411))
-    - bun: correct install for degoog [@MickLesk](https://github.com/MickLesk) ([#15412](https://github.com/community-scripts/ProxmoxVE/pull/15412))
     - fix databasus update/install errors [@asylumexp](https://github.com/asylumexp) ([#15403](https://github.com/community-scripts/ProxmoxVE/pull/15403))
 
 ### 💾 Core
 
   - #### 🐞 Bug Fixes
 
-    - tools.func: fix setup_docker - don't abort update on docker pull failure [@MickLesk](https://github.com/MickLesk) ([#15410](https://github.com/community-scripts/ProxmoxVE/pull/15410))
     - fix(build.func): set /dev/kfd GID in fix_gpu_gids for AMD ROCm [@jamiej](https://github.com/jamiej) ([#15401](https://github.com/community-scripts/ProxmoxVE/pull/15401))
     - fix alpine mktmp error [@asylumexp](https://github.com/asylumexp) ([#15398](https://github.com/community-scripts/ProxmoxVE/pull/15398))
 
-### 🧰 Tools
-
-  - #### 🔧 Refactor
-
-    - Refactor: reduce IP-Tag resource usage and clean up ShellCheck findings [@MickLesk](https://github.com/MickLesk) ([#15418](https://github.com/community-scripts/ProxmoxVE/pull/15418))
-    - QoL: kernel-clean: Validate kernel selection input [@MickLesk](https://github.com/MickLesk) ([#15414](https://github.com/community-scripts/ProxmoxVE/pull/15414))
-    - QoL: clean-lxcs exclude matching and set -e cancel handling [@MickLesk](https://github.com/MickLesk) ([#15413](https://github.com/community-scripts/ProxmoxVE/pull/15413))
-    - QoL: Harden microcode download/install in microcode and pbs-microcode [@MickLesk](https://github.com/MickLesk) ([#15415](https://github.com/community-scripts/ProxmoxVE/pull/15415))
-    - QoL: scaling-governor extend selection and guard missing cpufreq [@MickLesk](https://github.com/MickLesk) ([#15416](https://github.com/community-scripts/ProxmoxVE/pull/15416))
-
 ## 2026-06-25
 
 ### 🆕 New Scripts

ct/degoog.sh

@@ -38,7 +38,7 @@ function update_script() {
     create_backup /opt/degoog/.env \
       /opt/degoog/data
 
-    if [[ ! -x /root/.bun/bin/bun ]]; then
+    if ! command -v bun >/dev/null 2>&1; then
       msg_info "Installing Bun"
       export BUN_INSTALL="/root/.bun"
       curl -fsSL https://bun.sh/install | $STD bash
@@ -52,7 +52,7 @@ function update_script() {
     msg_ok "Updated Valkey"
 
     CLEAN_INSTALL=1 fetch_and_deploy_gh_release "degoog" "fccview/degoog" "prebuild" "latest" "/opt/degoog" "degoog_*_prebuild.tar.gz"
-    fetch_and_deploy_gh_release "curl-impersonate" "lexiforest/curl-impersonate" "prebuild" "latest" "/usr/local/bin" "curl-impersonate-v*.$(uname -m)-linux-gnu.tar.gz"
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "curl-impersonate" "lexiforest/curl-impersonate" "prebuild" "latest" "/usr/local/bin" "curl-impersonate-v*.$(uname -m)-linux-gnu.tar.gz"
 
     restore_backup
 

ct/docuseal.sh

@@ -55,7 +55,7 @@ function update_script() {
     eval "$(rbenv init - bash)" 2>/dev/null || true
     export RAILS_ENV=production
     export NODE_ENV=production
-    mkdir -p /opt/docuseal/tmp
+    export SECRET_KEY_BASE_DUMMY=1
     set -a
     source /opt/docuseal/.env
     set +a

ct/endurain.sh

@@ -63,7 +63,10 @@ function update_script() {
     cd /opt/endurain/backend
     UV_VERSION=$(grep -Po 'required-version\s*=\s*"\K[^"]+' pyproject.toml 2>/dev/null || echo "0.11.18")
     UV_VERSION="$UV_VERSION" setup_uv
-    $STD uv sync --frozen --no-dev
+    $STD poetry export -f requirements.txt --output requirements.txt --without-hashes
+    $STD uv venv --clear
+    $STD uv pip install -r requirements.txt
+    $STD uv pip install pytz
     msg_ok "Backend Updated"
 
     msg_info "Starting Service"

install/endurain-install.sh

@@ -83,7 +83,14 @@ msg_info "Setting up Backend"
 cd /opt/endurain/backend
 UV_VERSION=$(grep -Po 'required-version\s*=\s*"\K[^"]+' pyproject.toml 2>/dev/null || echo "0.11.18")
 UV_VERSION="$UV_VERSION" setup_uv
-$STD uv sync --frozen --no-dev
+$STD uv tool install poetry
+$STD uv tool update-shell
+export PATH="/root/.local/bin:$PATH"
+$STD poetry self add poetry-plugin-export
+$STD poetry export -f requirements.txt --output requirements.txt --without-hashes
+$STD uv venv --clear
+$STD uv pip install -r requirements.txt
+$STD uv pip install pytz
 msg_ok "Setup Backend"
 
 msg_info "Creating Service"

misc/tools.func

@@ -4614,11 +4614,11 @@ EOF
       local image=$(echo "$container" | awk '{print $2}')
       local current_digest=$(docker inspect "$name" --format='{{.Image}}' 2>/dev/null | cut -d':' -f2 | cut -c1-12)
 
-      # Pull latest image digest (ignore failures, e.g. local-only images or registry/permission issues)
-      docker pull "$image" >/dev/null 2>&1 || true
+      # Pull latest image digest
+      docker pull "$image" >/dev/null 2>&1
       local latest_digest=$(docker inspect "$image" --format='{{.Id}}' 2>/dev/null | cut -d':' -f2 | cut -c1-12)
 
-      if [ -n "$latest_digest" ] && [ "$current_digest" != "$latest_digest" ]; then
+      if [ "$current_digest" != "$latest_digest" ]; then
         containers_with_updates+=("$name")
         container_info+=("${index}) ${name} (${image})")
         ((index++))
@@ -7561,8 +7561,8 @@ setup_nodejs() {
   }
 
   # Install global Node modules
-  if [[ -n "$NODE_MODULE" ]] || ((node_major >= 25)); then
-    if ((node_major >= 25)) && [[ ",${NODE_MODULE}," != *",corepack,"* ]] && [[ "$NODE_MODULE" != corepack* ]]; then
+  if [[ -n "$NODE_MODULE" ]] || (( node_major >= 25 )); then
+    if (( node_major >= 25 )) && [[ ",${NODE_MODULE}," != *",corepack,"* ]] && [[ "$NODE_MODULE" != corepack* ]]; then
       NODE_MODULE="${NODE_MODULE:+$NODE_MODULE,}corepack"
     fi
 
@@ -7624,12 +7624,12 @@ setup_nodejs() {
         fi
       fi
     done
-    if ((failed_modules > 0)); then
+    if (( failed_modules > 0 )); then
       msg_warn "$failed_modules Node.js module(s) failed: $NODE_MODULE"
     fi
   fi
 
-  if [[ "$NODE_COREPACK_ENABLE" == "1" ]] && ((wants_corepack)) && command -v corepack >/dev/null 2>&1; then
+  if [[ "$NODE_COREPACK_ENABLE" == "1" ]] && (( wants_corepack )) && command -v corepack >/dev/null 2>&1; then
     msg_info "Enabling corepack"
     if $STD corepack enable 2>/dev/null; then
       msg_ok "Enabled corepack"

tools/pve/clean-lxcs.sh

@@ -30,7 +30,7 @@ declare -f init_tool_telemetry &>/dev/null && init_tool_telemetry "clean-lxcs" "
 header_info
 echo "Loading..."
 
-whiptail --backtitle "Proxmox VE Helper Scripts" --title "Proxmox VE LXC Updater" --yesno "This will clean logs, cache and update package lists on selected LXC Containers. Proceed?" 10 58 || exit 0
+whiptail --backtitle "Proxmox VE Helper Scripts" --title "Proxmox VE LXC Updater" --yesno "This will clean logs, cache and update package lists on selected LXC Containers. Proceed?" 10 58
 
 NODE=$(hostname)
 EXCLUDE_MENU=()
@@ -42,17 +42,17 @@ while read -r TAG ITEM; do
   EXCLUDE_MENU+=("$TAG" "$ITEM " "OFF")
 done < <(pct list | awk 'NR>1')
 
-# Capture the selection; abort cleanly if the user cancels the dialog
-# (set -e would otherwise terminate on the failing command substitution).
-if ! excluded_containers=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Containers on $NODE" --checklist "\nSelect containers to skip from cleaning:\n" \
-  16 $((MSG_MAX_LENGTH + 23)) 6 "${EXCLUDE_MENU[@]}" 3>&1 1>&2 2>&3 | tr -d '"'); then
-  exit 0
+excluded_containers=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Containers on $NODE" --checklist "\nSelect containers to skip from cleaning:\n" \
+  16 $((MSG_MAX_LENGTH + 23)) 6 "${EXCLUDE_MENU[@]}" 3>&1 1>&2 2>&3 | tr -d '"')
+
+if [ $? -ne 0 ]; then
+  exit
 fi
 
 function run_lxc_clean() {
   local container=$1
   header_info
-  name=$(pct exec "$container" -- hostname)
+  name=$(pct exec "$container" hostname)
 
   pct exec "$container" -- bash -c '
     BL="\033[36m"; GN="\033[1;92m"; CL="\033[m"
@@ -84,14 +84,7 @@ function run_lxc_clean() {
 }
 
 for container in $(pct list | awk '{if(NR>1) print $1}'); do
-  excluded=0
-  for ex in $excluded_containers; do
-    if [[ "$ex" == "$container" ]]; then
-      excluded=1
-      break
-    fi
-  done
-  if [[ "$excluded" -eq 1 ]]; then
+  if [[ " ${excluded_containers[@]} " =~ " $container " ]]; then
     header_info
     echo -e "${BL}[Info]${GN} Skipping ${BL}$container${CL}"
     sleep 1

tools/pve/kernel-clean.sh

@@ -55,23 +55,12 @@ read -r selected
 selected_indices=()
 IFS=',' read -r -a tokens <<<"$selected"
 for token in "${tokens[@]}"; do
-  # Strip surrounding whitespace and skip empty tokens
-  token="${token//[[:space:]]/}"
-  [ -z "$token" ] && continue
   if [[ "$token" =~ ^([0-9]+)-([0-9]+)$ ]]; then
-    start=${BASH_REMATCH[1]}
-    end=${BASH_REMATCH[2]}
-    if ((start > end)); then
-      echo -e "${RD}Ignoring invalid range '${token}' (start greater than end).${CL}"
-      continue
-    fi
-    for ((i = start; i <= end; i++)); do
+    for ((i = BASH_REMATCH[1]; i <= BASH_REMATCH[2]; i++)); do
       selected_indices+=("$i")
     done
-  elif [[ "$token" =~ ^[0-9]+$ ]]; then
-    selected_indices+=("$token")
   else
-    echo -e "${RD}Ignoring invalid selection '${token}'.${CL}"
+    selected_indices+=("$token")
   fi
 done
 
@@ -112,7 +101,8 @@ for kernel in "${kernels_to_remove[@]}"; do
     remaining=$(dpkg --list |
       awk '/^ii/ {print $2}' |
       grep -E "^proxmox-kernel-${minor_version}\." |
-      grep -cv "^${kernel}$")
+      grep -v "^${kernel}$" |
+      wc -l)
     if [ "$remaining" -eq 0 ]; then
       pkgs_to_remove+=("$meta")
     fi

tools/pve/microcode.sh

@@ -16,10 +16,10 @@ function header_info {
 EOF
 }
 
-RD="\033[01;31m"
-YW="\033[33m"
-GN="\033[1;92m"
-CL="\033[m"
+RD=$(echo "\033[01;31m")
+YW=$(echo "\033[33m")
+GN=$(echo "\033[1;92m")
+CL=$(echo "\033[m")
 BFR="\\r\\033[K"
 HOLD="-"
 CM="${GN}✓${CL}"
@@ -47,7 +47,7 @@ intel() {
     sleep 1
   fi
 
-  intel_microcode=$(curl -fsSL "https://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode/" | grep -o 'href="[^"]*amd64.deb"' | sed 's/href="//;s/"//')
+  intel_microcode=$(curl -fsSL "https://ftp.debian.org/debian/pool/non-free-firmware/i/intel-microcode//" | grep -o 'href="[^"]*amd64.deb"' | sed 's/href="//;s/"//')
   [ -z "$intel_microcode" ] && {
     whiptail --backtitle "Proxmox VE Helper Scripts" --title "No Microcode Found" --msgbox "It appears there were no microcode packages found\n Try again later." 10 68
     msg_info "Exiting"
@@ -80,17 +80,17 @@ intel() {
   msg_ok "Downloaded the Intel Processor Microcode Package $microcode"
 
   msg_info "Installing $microcode (Patience)"
-  dpkg -i "$microcode" &>/dev/null
+  dpkg -i $microcode &>/dev/null
   msg_ok "Installed $microcode"
 
   msg_info "Cleaning up"
-  rm -f "$microcode"
+  rm $microcode
   msg_ok "Cleaned"
   echo -e "\nIn order to apply the changes, a system reboot will be necessary.\n"
 }
 
 amd() {
-  amd_microcode=$(curl -fsSL "https://ftp.debian.org/debian/pool/non-free-firmware/a/amd64-microcode/" | grep -o 'href="[^"]*amd64.deb"' | sed 's/href="//;s/"//')
+  amd_microcode=$(curl -fsSL "https://ftp.debian.org/debian/pool/non-free-firmware/a/amd64-microcode///" | grep -o 'href="[^"]*amd64.deb"' | sed 's/href="//;s/"//')
 
   [ -z "$amd_microcode" ] && {
     whiptail --backtitle "Proxmox VE Helper Scripts" --title "No Microcode Found" --msgbox "It appears there were no microcode packages found\n Try again later." 10 68
@@ -120,15 +120,15 @@ amd() {
   }
 
   msg_info "Downloading the AMD Processor Microcode Package $microcode"
-  curl -fsSL --proto '=https' "https://ftp.debian.org/debian/pool/non-free-firmware/a/amd64-microcode/$microcode" -o "$microcode"
+  curl -fsSL "https://ftp.debian.org/debian/pool/non-free-firmware/a/amd64-microcode/$microcode" -o $(basename "https://ftp.debian.org/debian/pool/non-free-firmware/a/amd64-microcode/$microcode")
   msg_ok "Downloaded the AMD Processor Microcode Package $microcode"
 
   msg_info "Installing $microcode (Patience)"
-  dpkg -i "$microcode" &>/dev/null
+  dpkg -i $microcode &>/dev/null
   msg_ok "Installed $microcode"
 
   msg_info "Cleaning up"
-  rm -f "$microcode"
+  rm $microcode
   msg_ok "Cleaned"
   echo -e "\nIn order to apply the changes, a system reboot will be necessary.\n"
 }

tools/pve/pbs-microcode.sh

@@ -18,10 +18,10 @@ EOF
 }
 
 # Color definitions
-RD="\033[01;31m"
-YW="\033[33m"
-GN="\033[1;92m"
-CL="\033[m"
+RD=$(echo "\033[01;31m")
+YW=$(echo "\033[33m")
+GN=$(echo "\033[1;92m")
+CL=$(echo "\033[m")
 BFR="\\r\\033[K"
 HOLD="-"
 CM="${GN}✓${CL}"
@@ -94,11 +94,11 @@ intel() {
   msg_ok "Downloaded Intel processor microcode package $microcode"
 
   msg_info "Installing $microcode (this might take a while)"
-  dpkg -i "$microcode" &>/dev/null
+  dpkg -i $microcode &>/dev/null
   msg_ok "Installed $microcode"
 
   msg_info "Cleaning up"
-  rm -f "$microcode"
+  rm $microcode
   msg_ok "Clean up complete"
   echo -e "\nA system reboot is required to apply the changes.\n"
 }
@@ -137,15 +137,15 @@ amd() {
   }
 
   msg_info "Downloading AMD processor microcode package $microcode"
-  curl -fsSL --proto '=https' "https://ftp.debian.org/debian/pool/non-free-firmware/a/amd64-microcode/$microcode" -o "$microcode"
+  curl -fsSL "https://ftp.debian.org/debian/pool/non-free-firmware/a/amd64-microcode/$microcode" -o $(basename "https://ftp.debian.org/debian/pool/non-free-firmware/a/amd64-microcode/$microcode")
   msg_ok "Downloaded AMD processor microcode package $microcode"
 
   msg_info "Installing $microcode (this might take a while)"
-  dpkg -i "$microcode" &>/dev/null
+  dpkg -i $microcode &>/dev/null
   msg_ok "Installed $microcode"
 
   msg_info "Cleaning up"
-  rm -f "$microcode"
+  rm $microcode
   msg_ok "Clean up complete"
   echo -e "\nA system reboot is required to apply the changes.\n"
 }

tools/pve/scaling-governor.sh

@@ -20,26 +20,16 @@ header_info() {
 EOF
 }
 header_info
-whiptail --backtitle "Proxmox VE Helper Scripts" --title "CPU Scaling Governors" --yesno "View/Change CPU Scaling Governors. Proceed?" 10 58 || exit 0
-
-GOV_BASE="/sys/devices/system/cpu/cpu0/cpufreq"
-if [[ ! -r "$GOV_BASE/scaling_governor" || ! -r "$GOV_BASE/scaling_available_governors" ]]; then
-  whiptail --backtitle "Proxmox VE Helper Scripts" --title "CPU Scaling Not Available" \
-    --msgbox "CPU frequency scaling is not available on this system.\n\nThis is normal when no cpufreq driver is active (e.g. CPU power management handled by the BIOS, or certain virtualized hosts)." 12 70
-  clear
-  exit 0
-fi
-
-current_governor=$(cat "$GOV_BASE/scaling_governor")
+whiptail --backtitle "Proxmox VE Helper Scripts" --title "CPU Scaling Governors" --yesno "View/Change CPU Scaling Governors. Proceed?" 10 58
+current_governor=$(cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_governor)
 GOVERNORS_MENU=()
 MSG_MAX_LENGTH=0
 while read -r TAG ITEM; do
   OFFSET=2
   ((${#ITEM} + OFFSET > MSG_MAX_LENGTH)) && MSG_MAX_LENGTH=${#ITEM}+OFFSET
   GOVERNORS_MENU+=("$TAG" "$ITEM " "OFF")
-done < <(tr ' ' '\n' <"$GOV_BASE/scaling_available_governors" | sed '/^$/d' | grep -vxF "$current_governor")
-# A radiolist is used on purpose: only a single governor can be active at a time.
-scaling_governor=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Current CPU Scaling Governor is set to $current_governor" --radiolist "\nSelect the Scaling Governor to use:\n" 16 $((MSG_MAX_LENGTH + 58)) 6 "${GOVERNORS_MENU[@]}" 3>&1 1>&2 2>&3 | tr -d '"')
+done < <(cat /sys/devices/system/cpu/cpu0/cpufreq/scaling_available_governors | tr ' ' '\n' | grep -v "$current_governor")
+scaling_governor=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Current CPU Scaling Governor is set to $current_governor" --checklist "\nSelect the Scaling Governor to use:\n" 16 $((MSG_MAX_LENGTH + 58)) 6 "${GOVERNORS_MENU[@]}" 3>&1 1>&2 2>&3 | tr -d '"')
 [ -z "$scaling_governor" ] && {
   whiptail --backtitle "Proxmox VE Helper Scripts" --title "No CPU Scaling Governor Selected" --msgbox "It appears that no CPU Scaling Governor was selected" 10 68
   clear
@@ -59,7 +49,7 @@ yes)
   EXISTING_CRONTAB=$(crontab -l 2>/dev/null)
   if [[ -n "$EXISTING_CRONTAB" ]]; then
     TEMP_CRONTAB_FILE=$(mktemp)
-    echo "$EXISTING_CRONTAB" | grep -vF "@reboot (sleep 60 && echo" >"$TEMP_CRONTAB_FILE"
+    echo "$EXISTING_CRONTAB" | grep -v "@reboot (sleep 60 && echo*" >"$TEMP_CRONTAB_FILE"
     crontab "$TEMP_CRONTAB_FILE"
     rm "$TEMP_CRONTAB_FILE"
   fi