Add openclaw (ct)

CHANGELOG.md

@@ -405,24 +405,12 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
   - Wishlist ([#11527](https://github.com/community-scripts/ProxmoxVE/pull/11527))
 - WriteFreely ([#11524](https://github.com/community-scripts/ProxmoxVE/pull/11524))
 
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Immich: pin version to 2.5.3 [@vhsdream](https://github.com/vhsdream) ([#11515](https://github.com/community-scripts/ProxmoxVE/pull/11515))
-
 ### 💾 Core
 
   - #### ✨ New Features
 
     - core: create vm-core.func from dev [@MickLesk](https://github.com/MickLesk) ([#11528](https://github.com/community-scripts/ProxmoxVE/pull/11528))
 
-### 🧰 Tools
-
-  - #### ✨ New Features
-
-    - [ADDON] Immich Public Proxy addon [@vhsdream](https://github.com/vhsdream) ([#11518](https://github.com/community-scripts/ProxmoxVE/pull/11518))
-
 ### 🌐 Website
 
   - #### 🐞 Bug Fixes

ct/immich.sh

@@ -36,6 +36,10 @@ function update_script() {
     exit
   fi
 
+  setup_uv
+  PNPM_VERSION="$(curl -fsSL "https://raw.githubusercontent.com/immich-app/immich/refs/heads/main/package.json" | jq -r '.packageManager | split("@")[1]')"
+  NODE_VERSION="24" NODE_MODULE="pnpm@${PNPM_VERSION}" setup_nodejs
+
   if [[ ! -f /etc/apt/preferences.d/preferences ]]; then
     msg_info "Adding Debian Testing repo"
     sed -i 's/ trixie-updates/ trixie-updates testing/g' /etc/apt/sources.list.d/debian.sources
@@ -105,7 +109,7 @@ EOF
     msg_ok "Image-processing libraries up to date"
   fi
 
-  RELEASE="2.5.3"
+  RELEASE="2.5.2"
   if check_for_gh_release "immich" "immich-app/immich" "${RELEASE}"; then
     if [[ $(cat ~/.immich) > "2.5.1" ]]; then
       msg_info "Enabling Maintenance Mode"
@@ -160,10 +164,7 @@ EOF
       rm -rf "${APP_DIR:?}"/*
     )
 
-    setup_uv
     CLEAN_INSTALL=1 fetch_and_deploy_gh_release "immich" "immich-app/immich" "tarball" "v${RELEASE}" "$SRC_DIR"
-    PNPM_VERSION="$(jq -r '.packageManager | split("@")[1]' ${SRC_DIR}/package.json)"
-    NODE_VERSION="24" NODE_MODULE="pnpm@${PNPM_VERSION}" setup_nodejs
 
     msg_info "Updating Immich web and microservices"
     cd "$SRC_DIR"/server

ct/openclaw.sh

@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: pfassina
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/openclaw/openclaw
+
+APP="OpenClaw"
+var_tags="${var_tags:-ai-assistant;chatops}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-2048}"
+var_disk="${var_disk:-4}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+  if [[ ! -f /etc/systemd/system/openclaw.service ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+  msg_info "Stopping Service"
+  systemctl stop openclaw
+  msg_ok "Stopped Service"
+
+  NODE_VERSION="22" NODE_MODULE="openclaw" setup_nodejs
+  msg_info "Starting Service"
+  systemctl start openclaw
+  msg_ok "Started Service"
+  msg_ok "Updated successfully!"
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Run 'openclaw onboard' inside the container to complete setup${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:18789${CL}"

frontend/public/json/github-versions.json

@@ -1,5 +1,5 @@
 {
-  "generated": "2026-02-04T18:17:33Z",
+  "generated": "2026-02-04T12:11:53Z",
   "versions": [
     {
       "slug": "2fauth",
@@ -256,9 +256,9 @@
     {
       "slug": "docmost",
       "repo": "docmost/docmost",
-      "version": "v0.25.1",
+      "version": "v0.25.0",
       "pinned": false,
-      "date": "2026-02-04T15:19:51Z"
+      "date": "2026-02-04T00:33:45Z"
     },
     {
       "slug": "domain-locker",
@@ -515,9 +515,9 @@
     {
       "slug": "huntarr",
       "repo": "plexguide/Huntarr.io",
-      "version": "9.1.12",
+      "version": "9.1.11",
       "pinned": false,
-      "date": "2026-02-04T14:28:36Z"
+      "date": "2026-02-04T11:30:25Z"
     },
     {
       "slug": "inspircd",
@@ -1096,9 +1096,9 @@
     {
       "slug": "pulse",
       "repo": "rcourtman/Pulse",
-      "version": "v5.1.0",
+      "version": "v5.0.17",
       "pinned": false,
-      "date": "2026-02-04T17:43:59Z"
+      "date": "2026-01-20T19:07:30Z"
     },
     {
       "slug": "pve-scripts-local",
@@ -1271,9 +1271,9 @@
     {
       "slug": "speedtest-tracker",
       "repo": "alexjustesen/speedtest-tracker",
-      "version": "v1.13.7",
+      "version": "v1.13.6",
       "pinned": false,
-      "date": "2026-02-04T16:47:42Z"
+      "date": "2026-02-03T21:20:51Z"
     },
     {
       "slug": "spoolman",
@@ -1369,9 +1369,9 @@
     {
       "slug": "tianji",
       "repo": "msgbyte/tianji",
-      "version": "v1.31.10",
+      "version": "v1.31.9",
       "pinned": false,
-      "date": "2026-02-04T17:21:04Z"
+      "date": "2026-01-31T18:22:40Z"
     },
     {
       "slug": "traccar",
@@ -1411,9 +1411,9 @@
     {
       "slug": "trip",
       "repo": "itskovacs/TRIP",
-      "version": "1.38.1",
+      "version": "1.38.0",
       "pinned": false,
-      "date": "2026-02-04T18:10:15Z"
+      "date": "2026-01-31T15:56:30Z"
     },
     {
       "slug": "tududi",

frontend/public/json/immich-public-proxy.json

@@ -1,44 +0,0 @@
-{
-  "name": "Immich Public Proxy",
-  "slug": "immich-public-proxy",
-  "categories": [
-    21
-  ],
-  "date_created": "2026-02-04",
-  "type": "addon",
-  "updateable": true,
-  "privileged": false,
-  "interface_port": 3000,
-  "documentation": "https://github.com/alangrainger/immich-public-proxy/docs",
-  "website": "https://github.com/alangrainger/immich-public-proxy",
-  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/immich-public-proxy.webp",
-  "config_path": "/opt/immich-proxy/app/.env",
-  "description": "Share your Immich photos and albums in a safe way without exposing your Immich instance to the public.",
-  "install_methods": [
-    {
-      "type": "default",
-      "script": "tools/addon/immich-public-proxy.sh",
-      "resources": {
-        "cpu": null,
-        "ram": null,
-        "hdd": null,
-        "os": null,
-        "version": null
-      }
-    }
-  ],
-  "default_credentials": {
-    "username": null,
-    "password": null
-  },
-  "notes": [
-    {
-      "text": "Requires Node.js 24+",
-      "type": "info"
-    },
-    {
-      "text": "Update with: update_immich-public-proxy",
-      "type": "info"
-    }
-  ]
-}

frontend/public/json/openclaw.json

@@ -0,0 +1,49 @@
+{
+  "name": "OpenClaw",
+  "slug": "openclaw",
+  "categories": [
+    22,
+    20
+  ],
+  "date_created": "2026-02-03",
+  "type": "ct",
+  "updateable": true,
+  "privileged": false,
+  "interface_port": 18789,
+  "documentation": "https://docs.openclaw.ai",
+  "website": "https://openclaw.ai",
+  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/openclaw.webp",
+  "config_path": "/root/.openclaw/openclaw.json",
+  "description": "OpenClaw is a personal AI assistant that runs locally and integrates with messaging platforms like WhatsApp, Telegram, Discord, and Slack.",
+  "install_methods": [
+    {
+      "type": "default",
+      "script": "ct/openclaw.sh",
+      "resources": {
+        "cpu": 2,
+        "ram": 2048,
+        "hdd": 4,
+        "os": "debian",
+        "version": "13"
+      }
+    }
+  ],
+  "default_credentials": {
+    "username": null,
+    "password": null
+  },
+  "notes": [
+    {
+      "text": "After installation, run 'openclaw onboard' inside the container to configure AI providers.",
+      "type": "info"
+    },
+    {
+      "text": "After onboarding, start the gateway with 'systemctl start openclaw'.",
+      "type": "info"
+    },
+    {
+      "text": "The Control UI requires a secure context (HTTPS or localhost). Either use a reverse proxy with HTTPS, or connect via SSH port forwarding: ssh -L 18789:localhost:18789 root@<container-ip>, then open http://localhost:18789 in your browser.",
+      "type": "warning"
+    }
+  ]
+}

install/immich-install.sh

@@ -13,44 +13,44 @@ setting_up_container
 network_check
 update_os
 
-if [ -d /dev/dri ]; then
-  echo ""
-  echo ""
-  echo -e "🤖 ${BL}Immich Machine Learning Options${CL}"
-  echo "─────────────────────────────────────────"
-  echo "Please choose your machine-learning type:"
-  echo ""
-  echo " 1) CPU only (default)"
-  echo " 2) Intel OpenVINO (requires GPU passthrough)"
-  echo ""
+echo ""
+echo ""
+echo -e "🤖 ${BL}Immich Machine Learning Options${CL}"
+echo "─────────────────────────────────────────"
+echo "Please choose your machine-learning type:"
+echo ""
+echo " 1) CPU only (default)"
+echo " 2) Intel OpenVINO (requires GPU passthrough)"
+echo ""
 
-  read -r -p "${TAB3}Select machine-learning type [1]: " ML_TYPE
-  ML_TYPE="${ML_TYPE:-1}"
-  if [[ "$ML_TYPE" == "2" ]]; then
-    msg_info "Installing OpenVINO dependencies"
-    touch ~/.openvino
-    $STD apt install -y --no-install-recommends patchelf
-    tmp_dir=$(mktemp -d)
-    $STD pushd "$tmp_dir"
-    curl -fsSLO https://raw.githubusercontent.com/immich-app/base-images/refs/heads/main/server/Dockerfile
-    readarray -t INTEL_URLS < <(
-      sed -n "/intel-[igc|opencl]/p" ./Dockerfile | awk '{print $2}'
-      sed -n "/libigdgmm12/p" ./Dockerfile | awk '{print $3}'
-    )
-    for url in "${INTEL_URLS[@]}"; do
-      curl -fsSLO "$url"
-    done
-    $STD apt install -y ./libigdgmm12*.deb
-    rm ./libigdgmm12*.deb
-    $STD apt install -y ./*.deb
-    $STD apt-mark hold libigdgmm12
-    $STD popd
-    rm -rf "$tmp_dir"
-    dpkg-query -W -f='${Version}\n' intel-opencl-icd >~/.intel_version
-    msg_ok "Installed OpenVINO dependencies"
-  fi
+read -r -p "${TAB3}Select machine-learning type [1]: " ML_TYPE
+ML_TYPE="${ML_TYPE:-1}"
+if [[ "$ML_TYPE" == "2" ]]; then
+  msg_info "Installing OpenVINO dependencies"
+  touch ~/.openvino
+  $STD apt install -y --no-install-recommends patchelf
+  tmp_dir=$(mktemp -d)
+  $STD pushd "$tmp_dir"
+  curl -fsSLO https://raw.githubusercontent.com/immich-app/base-images/refs/heads/main/server/Dockerfile
+  readarray -t INTEL_URLS < <(
+    sed -n "/intel-[igc|opencl]/p" ./Dockerfile | awk '{print $2}'
+    sed -n "/libigdgmm12/p" ./Dockerfile | awk '{print $3}'
+  )
+  for url in "${INTEL_URLS[@]}"; do
+    curl -fsSLO "$url"
+  done
+  $STD apt install -y ./libigdgmm12*.deb
+  rm ./libigdgmm12*.deb
+  $STD apt install -y ./*.deb
+  $STD apt-mark hold libigdgmm12
+  $STD popd
+  rm -rf "$tmp_dir"
+  dpkg-query -W -f='${Version}\n' intel-opencl-icd >~/.intel_version
+  msg_ok "Installed OpenVINO dependencies"
 fi
 
+setup_uv
+
 msg_info "Installing dependencies"
 $STD apt install --no-install-recommends -y \
   git \
@@ -144,7 +144,8 @@ msg_info "Installing packages from Debian Testing repo"
 $STD apt install -t testing --no-install-recommends -yqq libmimalloc3 libde265-dev
 msg_ok "Installed packages from Debian Testing repo"
 
-setup_uv
+PNPM_VERSION="$(curl -fsSL "https://raw.githubusercontent.com/immich-app/immich/refs/heads/main/package.json" | jq -r '.packageManager | split("@")[1]')"
+NODE_VERSION="24" NODE_MODULE="pnpm@${PNPM_VERSION}" setup_nodejs
 PG_VERSION="16" PG_MODULES="pgvector" setup_postgresql
 
 VCHORD_RELEASE="0.5.3"
@@ -289,9 +290,7 @@ ML_DIR="${APP_DIR}/machine-learning"
 GEO_DIR="${INSTALL_DIR}/geodata"
 mkdir -p {"${APP_DIR}","${UPLOAD_DIR}","${GEO_DIR}","${INSTALL_DIR}"/cache}
 
-fetch_and_deploy_gh_release "immich" "immich-app/immich" "tarball" "v2.5.3" "$SRC_DIR"
-PNPM_VERSION="$(jq -r '.packageManager | split("@")[1]' ${SRC_DIR}/package.json)"
-NODE_VERSION="24" NODE_MODULE="pnpm@${PNPM_VERSION}" setup_nodejs
+fetch_and_deploy_gh_release "immich" "immich-app/immich" "tarball" "v2.5.2" "$SRC_DIR"
 
 msg_info "Installing Immich (patience)"
 

install/openclaw-install.sh

@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: pfassina
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/openclaw/openclaw
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y git
+msg_ok "Installed Dependencies"
+
+NODE_VERSION="22" NODE_MODULE="openclaw" setup_nodejs
+
+msg_info "Setup OpenClaw"
+mkdir -p /root/.openclaw
+cat <<CONF >/root/.openclaw/openclaw.json
+{
+  "gateway": {
+    "bind": "lan",
+    "port": 18789
+  }
+}
+CONF
+msg_ok "Setup OpenClaw"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/openclaw.service
+[Unit]
+Description=OpenClaw Gateway
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/openclaw gateway --allow-unconfigured --port 18789 --bind lan
+Restart=always
+RestartSec=10
+Environment=NODE_ENV=production
+Environment=PATH=/usr/bin:/usr/local/bin:/bin
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q openclaw
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc

misc/cloud-init.func

@@ -28,210 +28,13 @@
 # ==============================================================================
 # These can be overridden before sourcing this library
 
-# Disable 'unbound variable' errors for this library (restored at end)
-_OLD_SET_STATE=$(set +o | grep -E 'set -(e|u|o)')
-set +u
-
 CLOUDINIT_DEFAULT_USER="${CLOUDINIT_DEFAULT_USER:-root}"
 CLOUDINIT_DNS_SERVERS="${CLOUDINIT_DNS_SERVERS:-1.1.1.1 8.8.8.8}"
 CLOUDINIT_SEARCH_DOMAIN="${CLOUDINIT_SEARCH_DOMAIN:-local}"
-CLOUDINIT_SSH_KEYS="${CLOUDINIT_SSH_KEYS:-}" # Empty by default - user must explicitly provide keys
+CLOUDINIT_SSH_KEYS="${CLOUDINIT_SSH_KEYS:-/root/.ssh/authorized_keys}"
 
 # ==============================================================================
-# SECTION 2: SSH KEY DISCOVERY AND SELECTION
-# ==============================================================================
-
-# ------------------------------------------------------------------------------
-# _ci_ssh_extract_keys_from_file - Extracts valid SSH public keys from a file
-# ------------------------------------------------------------------------------
-function _ci_ssh_extract_keys_from_file() {
-  local file="$1"
-  [[ -f "$file" && -r "$file" ]] || return 0
-  grep -E '^(ssh-(rsa|ed25519|dss|ecdsa)|ecdsa-sha2-)' "$file" 2>/dev/null || true
-}
-
-# ------------------------------------------------------------------------------
-# _ci_ssh_discover_files - Scans standard paths for SSH keys
-# ------------------------------------------------------------------------------
-function _ci_ssh_discover_files() {
-  local -a cand=()
-  shopt -s nullglob
-  cand+=(/root/.ssh/authorized_keys /root/.ssh/authorized_keys2)
-  cand+=(/root/.ssh/*.pub)
-  cand+=(/etc/ssh/authorized_keys /etc/ssh/authorized_keys.d/*)
-  shopt -u nullglob
-  printf '%s\0' "${cand[@]}"
-}
-
-# ------------------------------------------------------------------------------
-# _ci_ssh_build_choices - Builds whiptail checklist from SSH key files
-#
-# Sets: CI_SSH_CHOICES (array), CI_SSH_COUNT (int), CI_SSH_MAPFILE (path)
-# ------------------------------------------------------------------------------
-function _ci_ssh_build_choices() {
-  local -a files=("$@")
-  CI_SSH_CHOICES=()
-  CI_SSH_COUNT=0
-  CI_SSH_MAPFILE="$(mktemp)"
-  local id key typ fp cmt base
-
-  for f in "${files[@]}"; do
-    [[ -f "$f" && -r "$f" ]] || continue
-    base="$(basename -- "$f")"
-    # Skip known_hosts and private keys
-    case "$base" in
-    known_hosts | known_hosts.* | config) continue ;;
-    id_*) [[ "$f" != *.pub ]] && continue ;;
-    esac
-
-    while IFS= read -r key; do
-      [[ -n "$key" ]] || continue
-
-      typ=""
-      fp=""
-      cmt=""
-      read -r _typ _b64 _cmt <<<"$key"
-      typ="${_typ:-key}"
-      cmt="${_cmt:-}"
-
-      # Get fingerprint via ssh-keygen if available
-      if command -v ssh-keygen >/dev/null 2>&1; then
-        fp="$(printf '%s\n' "$key" | ssh-keygen -lf - 2>/dev/null | awk '{print $2}')"
-      fi
-
-      # Shorten long comments
-      [[ ${#cmt} -gt 40 ]] && cmt="${cmt:0:37}..."
-
-      CI_SSH_COUNT=$((CI_SSH_COUNT + 1))
-      id="K${CI_SSH_COUNT}"
-      echo "${id}|${key}" >>"$CI_SSH_MAPFILE"
-      CI_SSH_CHOICES+=("$id" "[$typ] ${fp:+$fp }${cmt:+$cmt }— ${base}" "OFF")
-    done < <(_ci_ssh_extract_keys_from_file "$f")
-  done
-}
-
-# ------------------------------------------------------------------------------
-# configure_cloudinit_ssh_keys - Interactive SSH key selection for Cloud-Init
-#
-# Usage: configure_cloudinit_ssh_keys
-# Sets: CLOUDINIT_SSH_KEYS (path to temporary file with selected keys)
-# ------------------------------------------------------------------------------
-function configure_cloudinit_ssh_keys() {
-  local backtitle="Proxmox VE Helper Scripts"
-  local ssh_key_mode
-
-  # Create temp file for selected keys
-  CLOUDINIT_SSH_KEYS_TEMP="$(mktemp)"
-  : >"$CLOUDINIT_SSH_KEYS_TEMP"
-
-  # Discover keys and build choices
-  IFS=$'\0' read -r -d '' -a _def_files < <(_ci_ssh_discover_files && printf '\0')
-  _ci_ssh_build_choices "${_def_files[@]}"
-  local default_key_count="$CI_SSH_COUNT"
-
-  if [[ "$default_key_count" -gt 0 ]]; then
-    ssh_key_mode=$(whiptail --backtitle "$backtitle" --title "SSH KEY SOURCE" --menu \
-      "Provision SSH keys for Cloud-Init VM:" 14 72 4 \
-      "found" "Select from detected keys (${default_key_count})" \
-      "manual" "Paste a single public key" \
-      "folder" "Scan another folder (path or glob)" \
-      "none" "No SSH keys (password auth only)" 3>&1 1>&2 2>&3) || return 1
-  else
-    ssh_key_mode=$(whiptail --backtitle "$backtitle" --title "SSH KEY SOURCE" --menu \
-      "No host keys detected. Choose:" 12 72 3 \
-      "manual" "Paste a single public key" \
-      "folder" "Scan another folder (path or glob)" \
-      "none" "No SSH keys (password auth only)" 3>&1 1>&2 2>&3) || return 1
-  fi
-
-  case "$ssh_key_mode" in
-  found)
-    # Show checklist with individual keys
-    local selection
-    selection=$(whiptail --backtitle "$backtitle" --title "SELECT SSH KEYS" \
-      --checklist "Select one or more keys to import:" 20 140 10 "${CI_SSH_CHOICES[@]}" 3>&1 1>&2 2>&3) || return 1
-
-    for tag in $selection; do
-      tag="${tag%\"}"
-      tag="${tag#\"}"
-      local line
-      line=$(grep -E "^${tag}\|" "$CI_SSH_MAPFILE" | head -n1 | cut -d'|' -f2-)
-      [[ -n "$line" ]] && printf '%s\n' "$line" >>"$CLOUDINIT_SSH_KEYS_TEMP"
-    done
-    local imported
-    imported=$(wc -l <"$CLOUDINIT_SSH_KEYS_TEMP")
-    echo -e "${ROOTSSH:-  🔑  }${BOLD}${DGN}SSH Keys: ${BGN}${imported} key(s) selected${CL}"
-    ;;
-  manual)
-    local pubkey
-    pubkey=$(whiptail --backtitle "$backtitle" --title "PASTE SSH PUBLIC KEY" \
-      --inputbox "Paste your SSH public key (ssh-rsa, ssh-ed25519, etc.):" 10 76 3>&1 1>&2 2>&3) || return 1
-    if [[ -n "$pubkey" ]]; then
-      echo "$pubkey" >"$CLOUDINIT_SSH_KEYS_TEMP"
-      echo -e "${ROOTSSH:-  🔑  }${BOLD}${DGN}SSH Keys: ${BGN}1 key added manually${CL}"
-    else
-      echo -e "${ROOTSSH:-  🔑  }${BOLD}${DGN}SSH Keys: ${BGN}none (empty input)${CL}"
-      CLOUDINIT_SSH_KEYS=""
-      rm -f "$CLOUDINIT_SSH_KEYS_TEMP" "$CI_SSH_MAPFILE" 2>/dev/null
-      return 0
-    fi
-    ;;
-  folder)
-    local glob_path
-    glob_path=$(whiptail --backtitle "$backtitle" --title "SCAN FOLDER/GLOB" \
-      --inputbox "Enter a folder or glob to scan (e.g. /root/.ssh/*.pub):" 10 72 3>&1 1>&2 2>&3) || return 1
-    if [[ -n "$glob_path" ]]; then
-      shopt -s nullglob
-      local -a _scan_files=($glob_path)
-      shopt -u nullglob
-      if [[ "${#_scan_files[@]}" -gt 0 ]]; then
-        _ci_ssh_build_choices "${_scan_files[@]}"
-        if [[ "$CI_SSH_COUNT" -gt 0 ]]; then
-          local folder_selection
-          folder_selection=$(whiptail --backtitle "$backtitle" --title "SELECT FOLDER KEYS" \
-            --checklist "Select key(s) to import:" 20 140 10 "${CI_SSH_CHOICES[@]}" 3>&1 1>&2 2>&3) || return 1
-          for tag in $folder_selection; do
-            tag="${tag%\"}"
-            tag="${tag#\"}"
-            local line
-            line=$(grep -E "^${tag}\|" "$CI_SSH_MAPFILE" | head -n1 | cut -d'|' -f2-)
-            [[ -n "$line" ]] && printf '%s\n' "$line" >>"$CLOUDINIT_SSH_KEYS_TEMP"
-          done
-          local imported
-          imported=$(wc -l <"$CLOUDINIT_SSH_KEYS_TEMP")
-          echo -e "${ROOTSSH:-  🔑  }${BOLD}${DGN}SSH Keys: ${BGN}${imported} key(s) from folder${CL}"
-        else
-          whiptail --backtitle "$backtitle" --msgbox "No keys found in: $glob_path" 8 60
-        fi
-      else
-        whiptail --backtitle "$backtitle" --msgbox "Path/glob returned no files." 8 60
-      fi
-    fi
-    ;;
-  none | *)
-    echo -e "${ROOTSSH:-  🔑  }${BOLD}${DGN}SSH Keys: ${BGN}none (password auth only)${CL}"
-    CLOUDINIT_SSH_KEYS=""
-    rm -f "$CLOUDINIT_SSH_KEYS_TEMP" "$CI_SSH_MAPFILE" 2>/dev/null
-    return 0
-    ;;
-  esac
-
-  # Cleanup mapfile
-  rm -f "$CI_SSH_MAPFILE" 2>/dev/null
-
-  # Set the variable for setup_cloud_init to use
-  if [[ -s "$CLOUDINIT_SSH_KEYS_TEMP" ]]; then
-    CLOUDINIT_SSH_KEYS="$CLOUDINIT_SSH_KEYS_TEMP"
-  else
-    CLOUDINIT_SSH_KEYS=""
-    rm -f "$CLOUDINIT_SSH_KEYS_TEMP"
-  fi
-
-  return 0
-}
-
-# ==============================================================================
-# SECTION 3: HELPER FUNCTIONS
+# SECTION 2: HELPER FUNCTIONS
 # ==============================================================================
 
 # ------------------------------------------------------------------------------
@@ -341,10 +144,9 @@ function setup_cloud_init() {
   local cipassword=$(openssl rand -base64 16)
   qm set "$vmid" --cipassword "$cipassword" >/dev/null
 
-  # Add SSH keys only if explicitly provided (not auto-imported from host)
-  if [ -n "${CLOUDINIT_SSH_KEYS:-}" ] && [ -f "$CLOUDINIT_SSH_KEYS" ]; then
+  # Add SSH keys if available
+  if [ -f "$CLOUDINIT_SSH_KEYS" ]; then
     qm set "$vmid" --sshkeys "$CLOUDINIT_SSH_KEYS" >/dev/null 2>&1 || true
-    _ci_msg_info "SSH keys imported from: $CLOUDINIT_SSH_KEYS"
   fi
 
   # Configure network
@@ -657,11 +459,6 @@ export -f wait_for_cloud_init 2>/dev/null || true
 export -f validate_ip_cidr 2>/dev/null || true
 export -f validate_ip 2>/dev/null || true
 
-# Restore previous shell options if they were saved
-if [ -n "${_OLD_SET_STATE:-}" ]; then
-  eval "$_OLD_SET_STATE"
-fi
-
 # ==============================================================================
 # SECTION 7: EXAMPLES & DOCUMENTATION
 # ==============================================================================

tools/addon/immich-public-proxy.sh

@@ -1,264 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: vhsdream
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/alangrainger/immich-public-proxy
-
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/core.func)
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/tools.func)
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/error_handler.func)
-
-# Enable error handling
-set -Eeuo pipefail
-trap 'error_handler' ERR
-
-# ==============================================================================
-# CONFIGURATION
-# ==============================================================================
-APP="Immich Public Proxy"
-APP_TYPE="addon"
-INSTALL_PATH="/opt/immich-proxy"
-CONFIG_PATH="/opt/immich-proxy/app"
-DEFAULT_PORT=3000
-
-# Initialize all core functions (colors, formatting, icons, STD mode)
-load_functions
-
-# ==============================================================================
-# HEADER
-# ==============================================================================
-function header_info {
-  clear
-  cat <<"EOF"
-    ____                    _      __          ____
-   /  _/___ ___  ____ ___  (_)____/ /_        / __ \_________  _  ____  __
-   / // __ `__ \/ __ `__ \/ / ___/ __ \______/ /_/ / ___/ __ \| |/_/ / / /
- _/ // / / / / / / / / / / / /__/ / / /_____/ ____/ /  / /_/ />  </ /_/ /
-/___/_/ /_/ /_/_/ /_/ /_/_/\___/_/ /_/     /_/   /_/   \____/_/|_|\__, /
-                                                                 /____/
-EOF
-}
-
-# ==============================================================================
-# OS DETECTION
-# ==============================================================================
-if [[ -f "/etc/alpine-release" ]]; then
-  msg_error "Alpine is not supported for ${APP}. Use Debian."
-  exit 1
-elif [[ -f "/etc/debian_version" ]]; then
-  OS="Debian"
-  SERVICE_PATH="/etc/systemd/system/immich-proxy.service"
-else
-  echo -e "${CROSS} Unsupported OS detected. Exiting."
-  exit 1
-fi
-
-# ==============================================================================
-# UNINSTALL
-# ==============================================================================
-function uninstall() {
-  msg_info "Uninstalling ${APP}"
-  systemctl disable --now immich-proxy.service &>/dev/null || true
-  rm -f "$SERVICE_PATH"
-  rm -rf "$INSTALL_PATH"
-  rm -f "/usr/local/bin/update_immich-public-proxy"
-  rm -f "$HOME/.immichpublicproxy"
-  msg_ok "${APP} has been uninstalled"
-}
-
-# ==============================================================================
-# UPDATE
-# ==============================================================================
-function update() {
-  if check_for_gh_release "Immich Public Proxy" "alangrainger/immich-public-proxy"; then
-    msg_info "Stopping service"
-    systemctl stop immich-proxy.service &>/dev/null || true
-    msg_ok "Stopped service"
-
-    msg_info "Backing up configuration"
-    cp "$CONFIG_PATH"/.env /tmp/ipp.env.bak 2>/dev/null || true
-    cp "$CONFIG_PATH"/config.json /tmp/ipp.config.json.bak 2>/dev/null || true
-    msg_ok "Backed up configuration"
-
-    NODE_VERSION="24" setup_nodejs
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "Immich Public Proxy" "alangrainger/immich-public-proxy" "tarball" "latest" "$INSTALL_PATH"
-
-    msg_info "Restoring configuration"
-    cp /tmp/ipp.env.bak "$CONFIG_PATH"/.env 2>/dev/null || true
-    cp /tmp/ipp.config.json.bak "$CONFIG_PATH"/config.json 2>/dev/null || true
-    rm -f /tmp/ipp.*.bak
-    msg_ok "Restored configuration"
-
-    msg_info "Installing dependencies"
-    cd "$CONFIG_PATH"
-    $STD npm install
-    msg_ok "Installed dependencies"
-
-    msg_info "Building ${APP}"
-    $STD npm run build
-    msg_ok "Built ${APP}"
-
-    msg_info "Starting service"
-    systemctl start immich-proxy
-    msg_ok "Started service"
-    msg_ok "Updated successfully"
-    exit
-  fi
-}
-
-# ==============================================================================
-# INSTALL
-# ==============================================================================
-function install() {
-  NODE_VERSION="24" setup_nodejs
-
-  # Force fresh download by removing version cache
-  rm -f "$HOME/.immichpublicproxy"
-  fetch_and_deploy_gh_release "Immich Public Proxy" "alangrainger/immich-public-proxy" "tarball" "latest" "$INSTALL_PATH"
-
-  msg_info "Installing dependencies"
-  cd "$CONFIG_PATH"
-  $STD npm install
-  msg_ok "Installed dependencies"
-
-  msg_info "Building ${APP}"
-  $STD npm run build
-  msg_ok "Built ${APP}"
-
-  MAX_ATTEMPTS=3
-  attempt=0
-  while true; do
-    attempt=$((attempt + 1))
-    read -rp "${TAB3}Enter your LOCAL Immich IP or domain (ex. 192.168.1.100 or immich.local.lan): " DOMAIN
-    if [[ -z "$DOMAIN" ]]; then
-      if ((attempt >= MAX_ATTEMPTS)); then
-        DOMAIN="${LOCAL_IP:-localhost}"
-        msg_warn "Using fallback: $DOMAIN"
-        break
-      fi
-      msg_warn "Domain cannot be empty! (Attempt $attempt/$MAX_ATTEMPTS)"
-    elif [[ "$DOMAIN" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}$ ]]; then
-      valid_ip=true
-      IFS='.' read -ra octets <<<"$DOMAIN"
-      for octet in "${octets[@]}"; do
-        if ((octet > 255)); then
-          valid_ip=false
-          break
-        fi
-      done
-      if $valid_ip; then
-        break
-      else
-        msg_warn "Invalid IP address!"
-      fi
-    elif [[ "$DOMAIN" =~ ^[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?(\.[a-zA-Z0-9]([a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*\.[a-zA-Z]{2,}$ || "$DOMAIN" == "localhost" ]]; then
-      break
-    else
-      msg_warn "Invalid domain format!"
-    fi
-  done
-
-  msg_info "Creating configuration"
-  cat <<EOF >"$CONFIG_PATH"/.env
-NODE_ENV=production
-IMMICH_URL=http://${DOMAIN}:2283
-EOF
-  chmod 600 "$CONFIG_PATH"/.env
-  msg_ok "Created configuration"
-
-  msg_info "Creating service"
-  cat <<EOF >"$SERVICE_PATH"
-[Unit]
-Description=Immich Public Proxy
-After=network.target
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=${INSTALL_PATH}
-EnvironmentFile=${CONFIG_PATH}/.env
-ExecStart=/usr/bin/node ${INSTALL_PATH}/app/server.js
-Restart=always
-RestartSec=10
-
-[Install]
-WantedBy=multi-user.target
-EOF
-  systemctl enable -q --now immich-proxy
-  msg_ok "Created and started service"
-
-  # Create update script (simple wrapper that calls this addon with type=update)
-  msg_info "Creating update script"
-  cat <<'UPDATEEOF' >/usr/local/bin/update_immich-public-proxy
-#!/usr/bin/env bash
-# Immich Public Proxy Update Script
-type=update bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/tools/addon/immich-public-proxy.sh)"
-UPDATEEOF
-  chmod +x /usr/local/bin/update_immich-public-proxy
-  msg_ok "Created update script (/usr/local/bin/update_immich-public-proxy)"
-
-  echo ""
-  msg_ok "${APP} is reachable at: ${BL}http://${LOCAL_IP}:${DEFAULT_PORT}${CL}"
-  echo ""
-  msg_warn "Additional configuration is available at '/opt/immich-proxy/app/config.json'"
-}
-
-# ==============================================================================
-# MAIN
-# ==============================================================================
-
-# Handle type=update (called from update script)
-if [[ "${type:-}" == "update" ]]; then
-  header_info
-  if [[ -d "$INSTALL_PATH" && -f "$SERVICE_PATH" ]]; then
-    update
-  else
-    msg_error "${APP} is not installed. Nothing to update."
-    exit 1
-  fi
-  exit 0
-fi
-
-header_info
-get_lxc_ip
-
-# Check if already installed
-if [[ -d "$INSTALL_PATH" && -f "$SERVICE_PATH" ]]; then
-  msg_warn "${APP} is already installed."
-  echo ""
-
-  echo -n "${TAB}Uninstall ${APP}? (y/N): "
-  read -r uninstall_prompt
-  if [[ "${uninstall_prompt,,}" =~ ^(y|yes)$ ]]; then
-    uninstall
-    exit 0
-  fi
-
-  echo -n "${TAB}Update ${APP}? (y/N): "
-  read -r update_prompt
-  if [[ "${update_prompt,,}" =~ ^(y|yes)$ ]]; then
-    update
-    exit 0
-  fi
-
-  msg_warn "No action selected. Exiting."
-  exit 0
-fi
-
-# Fresh installation
-msg_warn "${APP} is not installed."
-echo ""
-echo -e "${TAB}${INFO} This will install:"
-echo -e "${TAB}  - Node.js 24"
-echo -e "${TAB}  - Immich Public Proxy"
-echo ""
-
-echo -n "${TAB}Install ${APP}? (y/N): "
-read -r install_prompt
-if [[ "${install_prompt,,}" =~ ^(y|yes)$ ]]; then
-  install
-else
-  msg_warn "Installation cancelled. Exiting."
-  exit 0
-fi