feat(build): optional vzdump backup after install

Add advanced settings and host-side vzdump once the container is provisioned. Co-authored-by: Cursor <cursoragent@cursor.com>
2026-06-20 06:21:19 +02:00 · 2026-06-19 22:49:18 +02:00
4 changed files with 109 additions and 187 deletions
@@ -138,7 +138,6 @@ network_check() {
 # This function updates the Container OS by running apk upgrade with mirror fallback
 update_os() {
  msg_info "Updating Container OS"
-  configure_http_proxy
  if ! $STD apk -U upgrade; then
    msg_warn "apk update failed (dl-cdn.alpinelinux.org), trying alternate mirrors..."
    local alpine_mirrors="mirror.init7.net ftp.halifax.rwth-aachen.de mirrors.edge.kernel.org alpine.mirror.wearetriple.com mirror.leaseweb.com uk.alpinelinux.org dl-2.alpinelinux.org dl-4.alpinelinux.org"
@@ -244,7 +243,7 @@ EOF
    msg_ok "Customized Container"
  fi

-  echo 'set -a; [ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh; set +a; bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/'"${app}"'.sh)"' >/usr/bin/update
+  echo "bash -c \"\$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/${app}.sh)\"" >/usr/bin/update
  chmod +x /usr/bin/update
  post_progress_to_api
 }
@@ -1018,9 +1018,6 @@ base_settings() {
    fi
  fi

-  HTTP_PROXY="${var_http_proxy:-}"
-  HTTP_NO_PROXY="${var_http_no_proxy:-}"
-
  MTU=${var_mtu:-""}
  _sd_val="${var_searchdomain:-""}"
  [[ -n "$_sd_val" ]] && SD="-searchdomain=$_sd_val" || SD=""
@@ -1074,11 +1071,11 @@ load_vars_file() {

  # Allowed var_* keys
  local VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_keyctl
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_keyctl
    var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
    var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
    var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain
-    var_post_install
+    var_post_install var_vzdump_after_install var_vzdump_storage
  )

  # Whitelist check helper
@@ -1253,15 +1250,17 @@ load_vars_file() {
            continue
          fi
          ;;
-        var_http_proxy)
-          if [[ -n "$var_val" ]] && ! [[ "$var_val" =~ ^https?://[^[:space:]]+(:[0-9]+)?/?$ ]]; then
-            msg_warn "Invalid HTTP proxy URL '$var_val' in $file, ignoring"
+        var_vzdump_after_install)
+          if [[ "$var_val" != "yes" && "$var_val" != "no" ]]; then
+            msg_warn "Invalid vzdump_after_install '$var_val' in $file (must be yes/no), ignoring"
            continue
          fi
          ;;
-        var_http_no_proxy)
-          if [[ -n "$var_val" ]] && [[ ! "$var_val" =~ ^[a-zA-Z0-9.*_:/-]+(,[a-zA-Z0-9.*_:/-]+)*$ ]]; then
-            msg_warn "Invalid no_proxy value '$var_val' in $file, ignoring"
+        var_vzdump_storage)
+          local _vz_storage_status
+          _vz_storage_status=$(pvesm status 2>/dev/null | awk -v s="$var_val" '$1 == s { print $3 }')
+          if [[ -n "$var_val" && -z "$_vz_storage_status" ]]; then
+            msg_warn "Storage '$var_val' from $file not found on this node, ignoring"
            continue
          fi
          ;;
@@ -1304,11 +1303,11 @@ default_var_settings() {
  # Allowed var_* keys (alphabetically sorted)
  # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
  local VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_keyctl
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_keyctl
    var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
    var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
    var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
-    var_post_install
+    var_post_install var_vzdump_after_install var_vzdump_storage
  )

  # Snapshot: environment variables (highest precedence)
@@ -1384,10 +1383,6 @@ var_ssh=no
 # var_apt_cacher_ip=http://proxy.local
 # var_apt_cacher_ip=https://proxy.local:443

-# HTTP/HTTPS proxy (optional - for networks requiring a proxy)
-# var_http_proxy=http://proxy.local:8080
-# var_http_no_proxy=localhost,127.0.0.1,.local
-
 # Features/Tags/verbosity
 var_fuse=no
 var_tun=no
@@ -1413,6 +1408,10 @@ var_verbose=no
 # Runs ON THE HOST after the container is fully provisioned.
 # Available env vars: APP, NSAPP, CTID, IP, HN, STORAGE, BRG
 # var_post_install=/opt/post-install/myhook.sh
+
+# Optional vzdump backup after successful install (Proxmox host)
+# var_vzdump_after_install=yes
+# var_vzdump_storage=local
 EOF

    # Now choose storages (always prompt unless just one exists)
@@ -1487,11 +1486,11 @@ get_app_defaults_path() {
 if ! declare -p VAR_WHITELIST >/dev/null 2>&1; then
  # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
  declare -ag VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_http_no_proxy var_http_proxy var_keyctl
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_keyctl
    var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
    var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
    var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain
-    var_post_install
+    var_post_install var_vzdump_after_install var_vzdump_storage
  )
 fi

@@ -1635,8 +1634,6 @@ _build_current_app_vars_tmp() {
  _ssh_auth="${SSH_AUTHORIZED_KEY:-}"
  _apt_cacher="${APT_CACHER:-}"
  _apt_cacher_ip="${APT_CACHER_IP:-}"
-  _http_proxy="${HTTP_PROXY:-${var_http_proxy:-}}"
-  _http_no_proxy="${HTTP_NO_PROXY:-${var_http_no_proxy:-}}"
  _fuse="${ENABLE_FUSE:-no}"
  _tun="${ENABLE_TUN:-no}"
  _gpu="${ENABLE_GPU:-no}"
@@ -1688,8 +1685,6 @@ _build_current_app_vars_tmp() {

    [ -n "$_apt_cacher" ] && echo "var_apt_cacher=$(_sanitize_value "$_apt_cacher")"
    [ -n "$_apt_cacher_ip" ] && echo "var_apt_cacher_ip=$(_sanitize_value "$_apt_cacher_ip")"
-    [ -n "$_http_proxy" ] && echo "var_http_proxy=$(_sanitize_value "$_http_proxy")"
-    [ -n "$_http_no_proxy" ] && echo "var_http_no_proxy=$(_sanitize_value "$_http_no_proxy")"

    [ -n "$_fuse" ] && echo "var_fuse=$(_sanitize_value "$_fuse")"
    [ -n "$_tun" ] && echo "var_tun=$(_sanitize_value "$_tun")"
@@ -1709,6 +1704,8 @@ _build_current_app_vars_tmp() {
    [ -n "$_tpl_storage" ] && echo "var_template_storage=$(_sanitize_value "$_tpl_storage")"
    [ -n "$_ct_storage" ] && echo "var_container_storage=$(_sanitize_value "$_ct_storage")"
    [ -n "${var_post_install:-}" ] && echo "var_post_install=$(_sanitize_value "${var_post_install}")"
+    [ -n "${var_vzdump_after_install:-}" ] && echo "var_vzdump_after_install=$(_sanitize_value "${var_vzdump_after_install}")"
+    [ -n "${var_vzdump_storage:-}" ] && echo "var_vzdump_storage=$(_sanitize_value "${var_vzdump_storage}")"
  } >"$tmpf"

  echo "$tmpf"
@@ -1872,8 +1869,6 @@ advanced_settings() {
  local _ipv6_gate=""
  local _apt_cacher="${var_apt_cacher:-no}"
  local _apt_cacher_ip="${var_apt_cacher_ip:-}"
-  local _http_proxy="${var_http_proxy:-}"
-  local _http_no_proxy="${var_http_no_proxy:-}"
  local _mtu="${var_mtu:-}"
  local _sd="${var_searchdomain:-}"
  local _ns="${var_ns:-}"
@@ -1890,6 +1885,8 @@ advanced_settings() {
  local _mount_fs="${var_mount_fs:-}"
  local _protect_ct="${var_protection:-no}"
  local _post_install="${var_post_install:-}"
+  local _vzdump="${var_vzdump_after_install:-no}"
+  local _vzdump_storage="${var_vzdump_storage:-}"

  # Detect host timezone for default (if not set via var_timezone)
  local _host_timezone=""
@@ -2651,46 +2648,9 @@ advanced_settings() {
      ;;

    # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 24: HTTP/HTTPS Proxy
+    # STEP 24: Container Timezone
    # ═══════════════════════════════════════════════════════════════════════════
    24)
-      local http_proxy_default_flag="--defaultno"
-      [[ -n "$_http_proxy" ]] && http_proxy_default_flag=""
-
-      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
-        --title "HTTP/HTTPS PROXY" \
-        --ok-button "Next" --cancel-button "Back" \
-        $http_proxy_default_flag \
-        --yesno "\nUse HTTP/HTTPS proxy?\n\nRequired when internet access must go through a proxy server.\n(e.g. corporate networks)\n\n(App default: ${var_http_proxy:-none})" 14 62; then
-        if result=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
-          --title "HTTP PROXY URL" \
-          --inputbox "\nEnter HTTP proxy URL:\n(e.g. http://proxy.local:8080)" 12 62 "$_http_proxy" \
-          3>&1 1>&2 2>&3); then
-          _http_proxy="$result"
-          local _no_proxy_default="${_http_no_proxy:-localhost,127.0.0.1,.local}"
-          if result=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
-            --title "NO_PROXY EXCEPTIONS" \
-            --inputbox "\nEnter NO_PROXY exceptions (comma-separated):\nLeave empty for defaults." 12 62 "$_no_proxy_default" \
-            3>&1 1>&2 2>&3); then
-            _http_no_proxy="$result"
-          fi
-        fi
-      else
-        if [ $? -eq 1 ]; then
-          _http_proxy=""
-          _http_no_proxy=""
-        else
-          ((STEP--))
-          continue
-        fi
-      fi
-      ((STEP++))
-      ;;
-
-    # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 25: Container Timezone
-    # ═══════════════════════════════════════════════════════════════════════════
-    25)
      local tz_hint="$_ct_timezone"
      [[ -z "$tz_hint" ]] && tz_hint="(empty - will use host timezone)"

@@ -2713,9 +2673,9 @@ advanced_settings() {
      ;;

    # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 26: Container Protection
+    # STEP 25: Container Protection
    # ═══════════════════════════════════════════════════════════════════════════
-    26)
+    25)
      local protect_default_flag="--defaultno"
      [[ "$_protect_ct" == "yes" || "$_protect_ct" == "1" ]] && protect_default_flag=""

@@ -2737,9 +2697,9 @@ advanced_settings() {
      ;;

    # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 27: Device Node Creation (mknod)
+    # STEP 26: Device Node Creation (mknod)
    # ═══════════════════════════════════════════════════════════════════════════
-    27)
+    26)
      local mknod_default_flag="--defaultno"
      [[ "$_enable_mknod" == "1" ]] && mknod_default_flag=""

@@ -2761,9 +2721,9 @@ advanced_settings() {
      ;;

    # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 28: Mount Filesystems
+    # STEP 27: Mount Filesystems
    # ═══════════════════════════════════════════════════════════════════════════
-    28)
+    27)
      local mount_hint=""
      [[ -n "$_mount_fs" ]] && mount_hint="$_mount_fs" || mount_hint="(none)"

@@ -2784,9 +2744,9 @@ advanced_settings() {
      ;;

    # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 29: Optional host-side post-install hook (path on the Proxmox HOST)
+    # STEP 28: Optional host-side post-install hook (path on the Proxmox HOST)
    # ═══════════════════════════════════════════════════════════════════════════
-    29)
+    28)
      local _hook_prompt="Optional: absolute path to a *.sh file ON THE PROXMOX HOST.

 It runs as root on the HOST (NOT in the LXC) after the container
@@ -2835,6 +2795,55 @@ Leave empty to skip."
      done
      ;;

+    # ═══════════════════════════════════════════════════════════════════════════
+    # STEP 29: Optional vzdump backup after install
+    # ═══════════════════════════════════════════════════════════════════════════
+    29)
+      local vzdump_default_flag="--defaultno"
+      [[ "$_vzdump" == "yes" ]] && vzdump_default_flag=""
+
+      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
+        --title "POST-INSTALL VZDUMP" \
+        --ok-button "Next" --cancel-button "Back" \
+        $vzdump_default_flag \
+        --yesno "\nCreate a vzdump backup after successful install?\n\nRuns on the Proxmox host once the container is ready.\n\n(App default: ${var_vzdump_after_install:-no})" 14 62; then
+        _vzdump="yes"
+        local _storages _menu_items=() _s
+        _storages=$(awk '
+/^[a-z]+:/ { if (name != "") { if (has_backup || (!has_content && type == "dir")) print name }
+  split($0,a,":"); type=a[1]; name=a[2]; gsub(/^[ \t]+|[ \t]+$/, "", name); has_content=0; has_backup=0 }
+/^[ \t]*content/ { has_content=1; if ($0 ~ /backup/) has_backup=1 }
+END { if (name != "") { if (has_backup || (!has_content && type == "dir")) print name } }
+' /etc/pve/storage.cfg 2>/dev/null)
+        if [[ -n "$_storages" ]]; then
+          while IFS= read -r _s; do
+            [[ -n "$_s" ]] && _menu_items+=("$_s" " ")
+          done <<<"$_storages"
+          if result=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
+            --title "VZDUMP STORAGE" \
+            --ok-button "Next" --cancel-button "Back" \
+            --menu "\nSelect backup storage:" 16 58 8 \
+            "${_menu_items[@]}" \
+            3>&1 1>&2 2>&3); then
+            _vzdump_storage="$result"
+          fi
+        else
+          whiptail --msgbox "No backup-capable storage found.\n\nConfigure storage with 'backup' content in Proxmox first." 10 58
+          _vzdump="no"
+          _vzdump_storage=""
+        fi
+      else
+        if [ $? -eq 1 ]; then
+          _vzdump="no"
+          _vzdump_storage=""
+        else
+          ((STEP--))
+          continue
+        fi
+      fi
+      ((STEP++))
+      ;;
+
    # ═══════════════════════════════════════════════════════════════════════════
    # STEP 30: Verbose Mode & Confirmation
    # ═══════════════════════════════════════════════════════════════════════════
@@ -2866,7 +2875,6 @@ Leave empty to skip."
      local tz_display="${_ct_timezone:-Host TZ}"
      local apt_display="${_apt_cacher:-no}"
      [[ "$_apt_cacher" == "yes" && -n "$_apt_cacher_ip" ]] && apt_display="$_apt_cacher_ip"
-      local http_proxy_display="${_http_proxy:-(none)}"

      local post_install_display="${_post_install:-(none)}"
      local post_install_warn=""
@@ -2896,7 +2904,6 @@ Features:
 Advanced:
  Timezone: $tz_display
  APT Cacher: $apt_display
-  HTTP Proxy: $http_proxy_display
  Verbose: $_verbose
  Post-Install Script: ${post_install_display}${post_install_warn}"

@@ -2940,10 +2947,10 @@ Advanced:
  CT_TIMEZONE="$_ct_timezone"
  APT_CACHER="$_apt_cacher"
  APT_CACHER_IP="$_apt_cacher_ip"
-  HTTP_PROXY="$_http_proxy"
-  HTTP_NO_PROXY="$_http_no_proxy"
  VERBOSE="$_verbose"
  var_post_install="$_post_install"
+  var_vzdump_after_install="$_vzdump"
+  var_vzdump_storage="$_vzdump_storage"

  # Update var_* based on user choice (for functions that check these)
  var_gpu="$_enable_gpu"
@@ -2957,8 +2964,6 @@ Advanced:
  var_timezone="$_ct_timezone"
  var_apt_cacher="$_apt_cacher"
  var_apt_cacher_ip="$_apt_cacher_ip"
-  var_http_proxy="$_http_proxy"
-  var_http_no_proxy="$_http_no_proxy"

  # Format optional values
  [[ -n "$_mtu" ]] && MTU=",mtu=$_mtu" || MTU=""
@@ -2996,7 +3001,6 @@ Advanced:
  [[ "${PROTECT_CT:-no}" == "yes" || "${PROTECT_CT:-no}" == "1" ]] && echo -e "${CONTAINERTYPE}${BOLD}${DGN}Protection: ${BGN}Enabled${CL}"
  [[ -n "${CT_TIMEZONE:-}" ]] && echo -e "${INFO}${BOLD}${DGN}Timezone: ${BGN}$CT_TIMEZONE${CL}"
  [[ "$APT_CACHER" == "yes" ]] && echo -e "${INFO}${BOLD}${DGN}APT Cacher: ${BGN}$APT_CACHER_IP${CL}"
-  [[ -n "${HTTP_PROXY:-}" ]] && echo -e "${INFO}${BOLD}${DGN}HTTP Proxy: ${BGN}$HTTP_PROXY${CL}"
  echo -e "${SEARCH}${BOLD}${DGN}Verbose Mode: ${BGN}$VERBOSE${CL}"
  echo -e "${CREATING}${BOLD}${RD}Creating an LXC of ${APP} using the above advanced settings${CL}"

@@ -3834,47 +3838,6 @@ start() {
 # SECTION 8: CONTAINER CREATION & DEPLOYMENT
 # ==============================================================================

-# ------------------------------------------------------------------------------
-# _apply_http_proxy_in_container()
-#
-# - Writes persistent proxy settings into the LXC before base package install
-# - Ensures apt/apk/curl work behind corporate proxies during early setup
-# ------------------------------------------------------------------------------
-_apply_http_proxy_in_container() {
-  local proxy="${HTTP_PROXY:-}"
-  local noproxy="${HTTP_NO_PROXY:-}"
-  [[ -z "$proxy" || -z "${CTID:-}" ]] && return 0
-  [[ -z "$noproxy" ]] && noproxy="localhost,127.0.0.1,.local"
-
-  msg_info "Applying HTTP proxy in container"
-  local tmpf
-  tmpf="$(mktemp)"
-  cat >"$tmpf" <<EOF
-export http_proxy="$proxy"
-export https_proxy="$proxy"
-export HTTP_PROXY="$proxy"
-export HTTPS_PROXY="$proxy"
-export no_proxy="$noproxy"
-export NO_PROXY="$noproxy"
-EOF
-  pct push "$CTID" "$tmpf" /etc/profile.d/90-http-proxy.sh >/dev/null 2>&1 || {
-    rm -f "$tmpf"
-    msg_warn "Failed to push HTTP proxy profile into container"
-    return 0
-  }
-  pct exec "$CTID" -- chmod 644 /etc/profile.d/90-http-proxy.sh >/dev/null 2>&1 || true
-
-  if [[ "$var_os" != "alpine" && "${APT_CACHER:-}" != "yes" ]]; then
-    cat >"$tmpf" <<EOF
-Acquire::http::Proxy "$proxy";
-Acquire::https::Proxy "$proxy";
-EOF
-    pct push "$CTID" "$tmpf" /etc/apt/apt.conf.d/95http-proxy >/dev/null 2>&1 || true
-  fi
-  rm -f "$tmpf"
-  msg_ok "Applied HTTP proxy in container"
-}
-
 # ------------------------------------------------------------------------------
 # build_container()
 #
@@ -4001,12 +3964,6 @@ build_container() {
  export SESSION_ID="$SESSION_ID"
  export CACHER="$APT_CACHER"
  export CACHER_IP="$APT_CACHER_IP"
-  if [[ -n "${HTTP_PROXY:-}" ]]; then
-    export HTTP_PROXY HTTPS_PROXY="$HTTP_PROXY" http_proxy="$HTTP_PROXY" https_proxy="$HTTP_PROXY"
-    export NO_PROXY="${HTTP_NO_PROXY:-}" no_proxy="${HTTP_NO_PROXY:-}"
-    export var_http_proxy="$HTTP_PROXY"
-    export var_http_no_proxy="${HTTP_NO_PROXY:-}"
-  fi
  export tz="$timezone"
  export APPLICATION="$APP"
  export app="$NSAPP"
@@ -4490,8 +4447,6 @@ EOF

  local install_exit_code=0

-  _apply_http_proxy_in_container
-
  # Continue with standard container setup
  if [ "$var_os" == "alpine" ]; then
    sleep 3
@@ -4499,13 +4454,10 @@ EOF
 https://dl-cdn.alpinelinux.org/alpine/latest-stable/main
 https://dl-cdn.alpinelinux.org/alpine/latest-stable/community
 EOF'
-    pct exec "$CTID" -- ash -c 'set -a; [ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh; set +a; apk add bash newt curl openssh nano mc ncurses jq' >>"$BUILD_LOG" 2>&1 || {
+    pct exec "$CTID" -- ash -c "apk add bash newt curl openssh nano mc ncurses jq" >>"$BUILD_LOG" 2>&1 || {
      msg_warn "apk install failed (dl-cdn.alpinelinux.org), trying alternate mirrors..."
      local alpine_exit=0
      pct exec "$CTID" -- ash -c '
-        set -a
-        [ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh
-        set +a
        ALPINE_MIRRORS="mirror.init7.net ftp.halifax.rwth-aachen.de mirrors.edge.kernel.org alpine.mirror.wearetriple.com mirror.leaseweb.com uk.alpinelinux.org dl-2.alpinelinux.org dl-4.alpinelinux.org"
        for m in $(printf "%s\n" $ALPINE_MIRRORS | shuf); do
          if wget -q --spider --timeout=2 "http://$m/alpine/latest-stable/main/" 2>/dev/null; then
@@ -4564,16 +4516,13 @@ EOF
      pct exec "$CTID" -- bash -c "echo -e 'nameserver 8.8.8.8\nnameserver 1.1.1.1' >/etc/resolv.conf"
    fi

-    pct exec "$CTID" -- bash -c "set -a; [ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh; set +a; apt-get update 2>&1 && apt-get install -y ${_base_pkgs} 2>&1" >>"$BUILD_LOG" 2>&1 || {
+    pct exec "$CTID" -- bash -c "apt-get update 2>&1 && apt-get install -y ${_base_pkgs} 2>&1" >>"$BUILD_LOG" 2>&1 || {
      local failed_mirror
      failed_mirror=$(pct exec "$CTID" -- bash -c "grep -m1 -oP '(?<=URIs: https?://)[^/]+' /etc/apt/sources.list.d/debian.sources 2>/dev/null || grep -m1 -oP '(?<=deb https?://)[^/]+' /etc/apt/sources.list 2>/dev/null" 2>/dev/null || echo "unknown")
      msg_warn "apt-get update failed (${failed_mirror})."
      msg_custom "ℹ️" "${YW}" "Probing alternate mirrors (this can take 1-2 minutes on network issues)"
      local mirror_exit=0
      pct exec "$CTID" -- env APT_BASE="$_base_pkgs" bash -c '
-        set -a
-        [ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh
-        set +a
        DISTRO=$(. /etc/os-release 2>/dev/null && echo "$ID" || echo "debian")
        echo "  Mirror fallback for distro: $DISTRO"

@@ -6709,6 +6658,26 @@ create_lxc_container() {
 # SECTION 9: POST-INSTALLATION & FINALIZATION
 # ==============================================================================

+# ------------------------------------------------------------------------------
+# _run_post_install_vzdump()
+#
+# - Optional vzdump on the Proxmox host after a successful install
+# - Controlled by var_vzdump_after_install / var_vzdump_storage
+# ------------------------------------------------------------------------------
+_run_post_install_vzdump() {
+  [[ "${var_vzdump_after_install:-no}" != "yes" ]] && return 0
+  [[ -z "${CTID:-}" ]] && return 0
+
+  local storage="${var_vzdump_storage:-${CONTAINER_STORAGE:-local}}"
+  msg_info "Creating post-install vzdump backup (CT ${CTID} → ${storage})"
+  if vzdump "$CTID" --mode snapshot --compress zstd --storage "$storage" \
+    --notes-template "community-scripts post-install - ${APP:-LXC}" >>"${BUILD_LOG:-/dev/null}" 2>&1; then
+    msg_ok "Post-install vzdump created on ${storage}"
+  else
+    msg_warn "Post-install vzdump failed (storage: ${storage})"
+  fi
+}
+
 # ------------------------------------------------------------------------------
 # description()
 #
@@ -6807,6 +6776,8 @@ EOF
    fi
  fi

+  _run_post_install_vzdump
+
  INSTALL_COMPLETE=true
  post_update_to_api "done" "none"
 }
@@ -970,53 +970,6 @@ is_verbose_mode() {
  [[ "$verbose" != "no" ]]
 }

-# ------------------------------------------------------------------------------
-# configure_http_proxy()
-#
-# - Applies var_http_proxy / var_http_no_proxy inside the container
-# - Persists proxy env for login shells, systemd, and package managers
-# - Skips APT proxy config when APT Cacher-NG is active
-# ------------------------------------------------------------------------------
-configure_http_proxy() {
-  local proxy="${HTTP_PROXY:-${http_proxy:-${var_http_proxy:-}}}"
-  local noproxy="${HTTP_NO_PROXY:-${no_proxy:-${var_http_no_proxy:-}}}"
-  [[ -z "$proxy" ]] && return 0
-  [[ -z "$noproxy" ]] && noproxy="localhost,127.0.0.1,.local"
-
-  msg_info "Configuring HTTP proxy"
-  cat >/etc/profile.d/90-http-proxy.sh <<EOF
-export http_proxy="$proxy"
-export https_proxy="$proxy"
-export HTTP_PROXY="$proxy"
-export HTTPS_PROXY="$proxy"
-export no_proxy="$noproxy"
-export NO_PROXY="$noproxy"
-EOF
-  chmod 644 /etc/profile.d/90-http-proxy.sh
-
-  if ! grep -q '^http_proxy=' /etc/environment 2>/dev/null; then
-    cat >>/etc/environment <<EOF
-http_proxy=$proxy
-https_proxy=$proxy
-HTTP_PROXY=$proxy
-HTTPS_PROXY=$proxy
-no_proxy=$noproxy
-NO_PROXY=$noproxy
-EOF
-  fi
-
-  if [[ "${CACHER:-}" != "yes" && -d /etc/apt/apt.conf.d ]]; then
-    cat >/etc/apt/apt.conf.d/95http-proxy <<EOF
-Acquire::http::Proxy "$proxy";
-Acquire::https::Proxy "$proxy";
-EOF
-  fi
-
-  export http_proxy="$proxy" https_proxy="$proxy" HTTP_PROXY="$proxy" HTTPS_PROXY="$proxy"
-  export no_proxy="$noproxy" NO_PROXY="$noproxy"
-  msg_ok "Configured HTTP proxy"
-}
-
 # ------------------------------------------------------------------------------
 # is_unattended()
 #
@@ -388,8 +388,7 @@ apt_update_safe() {
 # ------------------------------------------------------------------------------
 update_os() {
  msg_info "Updating Container OS"
-  configure_http_proxy
-  if [[ "$CACHER" == "yes" && -z "${HTTP_PROXY:-${http_proxy:-}}" ]]; then
+  if [[ "$CACHER" == "yes" ]]; then
    echo 'Acquire::http::Proxy-Auto-Detect "/usr/local/bin/apt-proxy-detect.sh";' >/etc/apt/apt.conf.d/00aptproxy
    local _proxy_raw="${CACHER_IP}"
    local _proxy_host _proxy_port _proxy_url
@@ -510,7 +509,7 @@ EOF
    systemctl restart "$(basename "$(dirname "$GETTY_OVERRIDE")" | sed 's/\.d//')"
    msg_ok "Customized Container"
  fi
-  echo 'set -a; [ -f /etc/profile.d/90-http-proxy.sh ] && . /etc/profile.d/90-http-proxy.sh; set +a; bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/'"${app}"'.sh)"' >/usr/bin/update
+  echo "bash -c \"\$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/${app}.sh)\"" >/usr/bin/update
  chmod +x /usr/bin/update

  if [[ -n "${SSH_AUTHORIZED_KEY}" ]]; then