fix for copilot detected bugs

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

.github/changelogs/2026/05.md

@@ -1,128 +1,3 @@
-## 2026-05-16
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Homelable: replace passlib with bcrypt for password hashing [@MickLesk](https://github.com/MickLesk) ([#14530](https://github.com/community-scripts/ProxmoxVE/pull/14530))
-    - dashy: fix: restore [@CrazyWolf13](https://github.com/CrazyWolf13) ([#14527](https://github.com/community-scripts/ProxmoxVE/pull/14527))
-    - Update Tinyauth source URL in installation script [@MehrunesSky](https://github.com/MehrunesSky) ([#14483](https://github.com/community-scripts/ProxmoxVE/pull/14483))
-    - Excalidraw: Fix build [@tremor021](https://github.com/tremor021) ([#14509](https://github.com/community-scripts/ProxmoxVE/pull/14509))
-
-  - #### ✨ New Features
-
-    - Update authentik version to 2026.2.3 [@thieneret](https://github.com/thieneret) ([#14517](https://github.com/community-scripts/ProxmoxVE/pull/14517))
-
-## 2026-05-15
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - OPNsense: replace undefined msg_warn with inline echo in alloc retry [@MickLesk](https://github.com/MickLesk) ([#14500](https://github.com/community-scripts/ProxmoxVE/pull/14500))
-    - Checkmk: detect OMD version suffix dynamically on update [@MickLesk](https://github.com/MickLesk) ([#14496](https://github.com/community-scripts/ProxmoxVE/pull/14496))
-
-  - #### ✨ New Features
-
-    - SearXNG: enable JSON format by default for API integrations [@MickLesk](https://github.com/MickLesk) ([#14498](https://github.com/community-scripts/ProxmoxVE/pull/14498))
-
-  - #### 🔧 Refactor
-
-    - Refactor: Ollama use tools.func [@MickLesk](https://github.com/MickLesk) ([#14501](https://github.com/community-scripts/ProxmoxVE/pull/14501))
-
-### 💾 Core
-
-  - #### 🐞 Bug Fixes
-
-    - core: fall back to silent mode when no TTY or whiptail unavailable [@MickLesk](https://github.com/MickLesk) ([#14497](https://github.com/community-scripts/ProxmoxVE/pull/14497))
-
-## 2026-05-14
-
-### 🆕 New Scripts
-
-  - CLIProxyAPI ([#14443](https://github.com/community-scripts/ProxmoxVE/pull/14443))
-
-## 2026-05-13
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Fix: Broken Manifold update [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#14468](https://github.com/community-scripts/ProxmoxVE/pull/14468))
-    - SoulSync: Fix update function [@tremor021](https://github.com/tremor021) ([#14465](https://github.com/community-scripts/ProxmoxVE/pull/14465))
-    - Reactive-Resume: fix PDF generation timeout in LXC containers [@MickLesk](https://github.com/MickLesk) ([#14416](https://github.com/community-scripts/ProxmoxVE/pull/14416))
-    - (calibre-web) Add --no-sandbox for PDF conversion [@jamesmyatt](https://github.com/jamesmyatt) ([#14461](https://github.com/community-scripts/ProxmoxVE/pull/14461))
-
-### 💾 Core
-
-  - #### 🔧 Refactor
-
-    - tools.func: encode GitHub tag, refine pin logic, add Codeberg [@MickLesk](https://github.com/MickLesk) ([#14473](https://github.com/community-scripts/ProxmoxVE/pull/14473))
-
-## 2026-05-12
-
-### 🆕 New Scripts
-
-  - DocuSeal ([#14445](https://github.com/community-scripts/ProxmoxVE/pull/14445))
-- Authentik ([#14440](https://github.com/community-scripts/ProxmoxVE/pull/14440))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Save Omada version [@lucacome](https://github.com/lucacome) ([#14433](https://github.com/community-scripts/ProxmoxVE/pull/14433))
-
-  - #### ✨ New Features
-
-    - OpenCloud: bump version to 6.2.0 [@vhsdream](https://github.com/vhsdream) ([#14451](https://github.com/community-scripts/ProxmoxVE/pull/14451))
-
-  - #### 🔧 Refactor
-
-    - misc: bump node versions [@CrazyWolf13](https://github.com/CrazyWolf13) ([#14447](https://github.com/community-scripts/ProxmoxVE/pull/14447))
-
-## 2026-05-11
-
-### 🆕 New Scripts
-
-  - Lychee ([#14424](https://github.com/community-scripts/ProxmoxVE/pull/14424))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Termix: fix nginx pid path and log paths on update (#) [@MickLesk](https://github.com/MickLesk) ([#14419](https://github.com/community-scripts/ProxmoxVE/pull/14419))
-    - Nginxproxymanager: restore NPM nginx.conf after OpenResty rebuid [@MickLesk](https://github.com/MickLesk) ([#14421](https://github.com/community-scripts/ProxmoxVE/pull/14421))
-
-  - #### 🔧 Refactor
-
-    - InvestBrain: add commented reverse proxy config hints to .env [@MickLesk](https://github.com/MickLesk) ([#14422](https://github.com/community-scripts/ProxmoxVE/pull/14422))
-
-### 🧰 Tools
-
-  - #### 🐞 Bug Fixes
-
-    - Cronmaster: fix unexpected EOF in update_cronmaster script [@MickLesk](https://github.com/MickLesk) ([#14420](https://github.com/community-scripts/ProxmoxVE/pull/14420))
-
-## 2026-05-10
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Save Beszel version [@lucacome](https://github.com/lucacome) ([#14389](https://github.com/community-scripts/ProxmoxVE/pull/14389))
-    - karakeep: Fix SERVER_VERSION update [@MickLesk](https://github.com/MickLesk) ([#14378](https://github.com/community-scripts/ProxmoxVE/pull/14378))
-    - inspIRCd: Fix service not autostarting [@tremor021](https://github.com/tremor021) ([#14368](https://github.com/community-scripts/ProxmoxVE/pull/14368))
-
-  - #### 🔧 Refactor
-
-    - refactor: webcheck [@CrazyWolf13](https://github.com/CrazyWolf13) ([#14391](https://github.com/community-scripts/ProxmoxVE/pull/14391))
-
-### 💾 Core
-
-  - #### 🐞 Bug Fixes
-
-    - [tools.func]: Pin `pnpm` version [@tremor021](https://github.com/tremor021) ([#14386](https://github.com/community-scripts/ProxmoxVE/pull/14386))
-
 ## 2026-05-09
 
 ### 🚀 Updated Scripts

CHANGELOG.md

@@ -50,9 +50,6 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 
 
-
-
-
 
 
 
@@ -66,7 +63,7 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 
 <details>
-<summary><h4>May (16 entries)</h4></summary>
+<summary><h4>May (9 entries)</h4></summary>
 
 [View May 2026 Changelog](.github/changelogs/2026/05.md)
 
@@ -464,118 +461,6 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 </details>
 
-## 2026-05-18
-
-### 🆕 New Scripts
-
-  - ESPconnect ([#14444](https://github.com/community-scripts/ProxmoxVE/pull/14444))
-- degoog ([#14533](https://github.com/community-scripts/ProxmoxVE/pull/14533))
-- Webtrees ([#14532](https://github.com/community-scripts/ProxmoxVE/pull/14532))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Bichon: Support v1 migration [@tomfrenzel](https://github.com/tomfrenzel) ([#14524](https://github.com/community-scripts/ProxmoxVE/pull/14524))
-
-  - #### ✨ New Features
-
-    - Pangolin: bump to 1.18.4, fix missing statusHistory migration [@MickLesk](https://github.com/MickLesk) ([#14566](https://github.com/community-scripts/ProxmoxVE/pull/14566))
-
-## 2026-05-17
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - dashy: fix yarn-missing on update and back up full user-data [@lissy93](https://github.com/lissy93) ([#14548](https://github.com/community-scripts/ProxmoxVE/pull/14548))
-
-  - #### ✨ New Features
-
-    - tools.func: replace max-time with speed-limit stall detection in curl_download [@MickLesk](https://github.com/MickLesk) ([#14545](https://github.com/community-scripts/ProxmoxVE/pull/14545))
-
-## 2026-05-16
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Homelable: replace passlib with bcrypt for password hashing [@MickLesk](https://github.com/MickLesk) ([#14530](https://github.com/community-scripts/ProxmoxVE/pull/14530))
-    - dashy: fix: restore [@CrazyWolf13](https://github.com/CrazyWolf13) ([#14527](https://github.com/community-scripts/ProxmoxVE/pull/14527))
-    - Update Tinyauth source URL in installation script [@MehrunesSky](https://github.com/MehrunesSky) ([#14483](https://github.com/community-scripts/ProxmoxVE/pull/14483))
-    - Excalidraw: Fix build [@tremor021](https://github.com/tremor021) ([#14509](https://github.com/community-scripts/ProxmoxVE/pull/14509))
-
-  - #### ✨ New Features
-
-    - Update authentik version to 2026.2.3 [@thieneret](https://github.com/thieneret) ([#14517](https://github.com/community-scripts/ProxmoxVE/pull/14517))
-
-## 2026-05-15
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - OPNsense: replace undefined msg_warn with inline echo in alloc retry [@MickLesk](https://github.com/MickLesk) ([#14500](https://github.com/community-scripts/ProxmoxVE/pull/14500))
-    - Checkmk: detect OMD version suffix dynamically on update [@MickLesk](https://github.com/MickLesk) ([#14496](https://github.com/community-scripts/ProxmoxVE/pull/14496))
-
-  - #### ✨ New Features
-
-    - SearXNG: enable JSON format by default for API integrations [@MickLesk](https://github.com/MickLesk) ([#14498](https://github.com/community-scripts/ProxmoxVE/pull/14498))
-
-  - #### 🔧 Refactor
-
-    - Refactor: Ollama use tools.func [@MickLesk](https://github.com/MickLesk) ([#14501](https://github.com/community-scripts/ProxmoxVE/pull/14501))
-
-### 💾 Core
-
-  - #### 🐞 Bug Fixes
-
-    - core: fall back to silent mode when no TTY or whiptail unavailable [@MickLesk](https://github.com/MickLesk) ([#14497](https://github.com/community-scripts/ProxmoxVE/pull/14497))
-
-## 2026-05-14
-
-### 🆕 New Scripts
-
-  - CLIProxyAPI ([#14443](https://github.com/community-scripts/ProxmoxVE/pull/14443))
-
-## 2026-05-13
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Fix: Broken Manifold update [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#14468](https://github.com/community-scripts/ProxmoxVE/pull/14468))
-    - SoulSync: Fix update function [@tremor021](https://github.com/tremor021) ([#14465](https://github.com/community-scripts/ProxmoxVE/pull/14465))
-    - Reactive-Resume: fix PDF generation timeout in LXC containers [@MickLesk](https://github.com/MickLesk) ([#14416](https://github.com/community-scripts/ProxmoxVE/pull/14416))
-    - (calibre-web) Add --no-sandbox for PDF conversion [@jamesmyatt](https://github.com/jamesmyatt) ([#14461](https://github.com/community-scripts/ProxmoxVE/pull/14461))
-
-### 💾 Core
-
-  - #### 🔧 Refactor
-
-    - tools.func: encode GitHub tag, refine pin logic, add Codeberg [@MickLesk](https://github.com/MickLesk) ([#14473](https://github.com/community-scripts/ProxmoxVE/pull/14473))
-
-## 2026-05-12
-
-### 🆕 New Scripts
-
-  - DocuSeal ([#14445](https://github.com/community-scripts/ProxmoxVE/pull/14445))
-- Authentik ([#14440](https://github.com/community-scripts/ProxmoxVE/pull/14440))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Save Omada version [@lucacome](https://github.com/lucacome) ([#14433](https://github.com/community-scripts/ProxmoxVE/pull/14433))
-
-  - #### ✨ New Features
-
-    - OpenCloud: bump version to 6.2.0 [@vhsdream](https://github.com/vhsdream) ([#14451](https://github.com/community-scripts/ProxmoxVE/pull/14451))
-
-  - #### 🔧 Refactor
-
-    - misc: bump node versions [@CrazyWolf13](https://github.com/CrazyWolf13) ([#14447](https://github.com/community-scripts/ProxmoxVE/pull/14447))
-
 ## 2026-05-11
 
 ### 🆕 New Scripts
@@ -1086,4 +971,147 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
   - #### 🔧 Refactor
 
-    - core: fix some pct create issues (telemetry) + cleanup [@MickLesk](https://github.com/MickLesk) ([#13810](https://github.com/community-scripts/ProxmoxVE/pull/13810))
+    - core: fix some pct create issues (telemetry) + cleanup [@MickLesk](https://github.com/MickLesk) ([#13810](https://github.com/community-scripts/ProxmoxVE/pull/13810))
+
+## 2026-04-16
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Add pnpm as a dependency to ghost-cli install [@YourFavoriteKyle](https://github.com/YourFavoriteKyle) ([#13789](https://github.com/community-scripts/ProxmoxVE/pull/13789))
+
+### 💾 Core
+
+  - #### ✨ New Features
+
+    - core: wire ENABLE_MKNOD and ALLOW_MOUNT_FS into LXC features [@MickLesk](https://github.com/MickLesk) ([#13796](https://github.com/community-scripts/ProxmoxVE/pull/13796))
+
+## 2026-04-15
+
+### 🆕 New Scripts
+
+  - iGotify ([#13773](https://github.com/community-scripts/ProxmoxVE/pull/13773))
+- GitHub-Runner ([#13709](https://github.com/community-scripts/ProxmoxVE/pull/13709))
+- Revert "Remove low-install-count CT scripts and installers (#13570)" [@CrazyWolf13](https://github.com/CrazyWolf13) ([#13752](https://github.com/community-scripts/ProxmoxVE/pull/13752))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - [alpine-nextcloud] Update Nginx MIME types to support .mjs files [@GuiltyFox](https://github.com/GuiltyFox) ([#13771](https://github.com/community-scripts/ProxmoxVE/pull/13771))
+    - Domain Monitor: Fix file ownership after update [@tremor021](https://github.com/tremor021) ([#13759](https://github.com/community-scripts/ProxmoxVE/pull/13759))
+
+  - #### 💥 Breaking Changes
+
+    - Reitti: refactor scripts for v4 - remove RabbitMQ and Photon [@MickLesk](https://github.com/MickLesk) ([#13728](https://github.com/community-scripts/ProxmoxVE/pull/13728))
+
+  - #### 🔧 Refactor
+
+    - Semaphore: add BoltDB to SQLite migration [@tremor021](https://github.com/tremor021) ([#13779](https://github.com/community-scripts/ProxmoxVE/pull/13779))
+
+### 📚 Documentation
+
+  - cleanup: remove docs/, update README & CONTRIBUTING, fix repo config [@MickLesk](https://github.com/MickLesk) ([#13770](https://github.com/community-scripts/ProxmoxVE/pull/13770))
+
+## 2026-04-14
+
+### 🚀 Updated Scripts
+
+  - Immich: Pin photo-processing library revisions [@vhsdream](https://github.com/vhsdream) ([#13748](https://github.com/community-scripts/ProxmoxVE/pull/13748))
+
+  - #### 🐞 Bug Fixes
+
+    - BentoPDF: Nginx fixes [@tremor021](https://github.com/tremor021) ([#13741](https://github.com/community-scripts/ProxmoxVE/pull/13741))
+    - Zerobyte: add git to dependencies to fix bun install failure [@Copilot](https://github.com/Copilot) ([#13721](https://github.com/community-scripts/ProxmoxVE/pull/13721))
+    - alpine-nextcloud-install: do not use deprecated nginx config [@AlexanderStein](https://github.com/AlexanderStein) ([#13726](https://github.com/community-scripts/ProxmoxVE/pull/13726))
+
+  - #### ✨ New Features
+
+    - Mealie: support v3.15+ Nuxt 4 migration [@MickLesk](https://github.com/MickLesk) ([#13731](https://github.com/community-scripts/ProxmoxVE/pull/13731))
+
+  - #### 🔧 Refactor
+
+    - Lyrion: correct service name and version file in update script [@MickLesk](https://github.com/MickLesk) ([#13734](https://github.com/community-scripts/ProxmoxVE/pull/13734))
+    - Changedetection: move env vars from service file to .env [@tremor021](https://github.com/tremor021) ([#13732](https://github.com/community-scripts/ProxmoxVE/pull/13732))
+
+## 2026-04-13
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Slskd: Remove stale Soularr lock file on startup and redirect logs to stderr [@MickLesk](https://github.com/MickLesk) ([#13669](https://github.com/community-scripts/ProxmoxVE/pull/13669))
+    - Bambuddy: preserve database and archive on update [@Copilot](https://github.com/Copilot) ([#13706](https://github.com/community-scripts/ProxmoxVE/pull/13706))
+
+  - #### ✨ New Features
+
+    - Immich: Pin version to 2.7.5 [@vhsdream](https://github.com/vhsdream) ([#13715](https://github.com/community-scripts/ProxmoxVE/pull/13715))
+    - Bytestash: auto backup/restore data on update [@MickLesk](https://github.com/MickLesk) ([#13707](https://github.com/community-scripts/ProxmoxVE/pull/13707))
+    - OpenCloud: pin version to 6.0.0 [@vhsdream](https://github.com/vhsdream) ([#13691](https://github.com/community-scripts/ProxmoxVE/pull/13691))
+
+  - #### 💥 Breaking Changes
+
+    - Mealie: pin version to v3.14.0 in install and update scripts [@Copilot](https://github.com/Copilot) ([#13724](https://github.com/community-scripts/ProxmoxVE/pull/13724))
+
+  - #### 🔧 Refactor
+
+    - core: remove unused TEMP_DIR mktemp leak in build_container / clean sonarqube [@MickLesk](https://github.com/MickLesk) ([#13708](https://github.com/community-scripts/ProxmoxVE/pull/13708))
+
+## 2026-04-12
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Alpine-Wakapi: Remove container checks in update_script function [@MickLesk](https://github.com/MickLesk) ([#13694](https://github.com/community-scripts/ProxmoxVE/pull/13694))
+
+  - #### 🔧 Refactor
+
+    - IronClaw: Install keychain dependencies and launch in a DBus session [@MickLesk](https://github.com/MickLesk) ([#13692](https://github.com/community-scripts/ProxmoxVE/pull/13692))
+    - MeTube: Allow pnpm build scripts to fix ERR_PNPM_IGNORED_BUILDS [@MickLesk](https://github.com/MickLesk) ([#13668](https://github.com/community-scripts/ProxmoxVE/pull/13668))
+
+## 2026-04-11
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Immich: Ensure newline before appending IMMICH_HELMET_FILE to .env [@MickLesk](https://github.com/MickLesk) ([#13667](https://github.com/community-scripts/ProxmoxVE/pull/13667))
+
+  - #### ✨ New Features
+
+    - BentoPDF: replace http-server with nginx to fix WASM initialization timeout [@MickLesk](https://github.com/MickLesk) ([#13625](https://github.com/community-scripts/ProxmoxVE/pull/13625))
+    - Element Synapse: Add MatrixRTC configuration for Element Call support [@MickLesk](https://github.com/MickLesk) ([#13665](https://github.com/community-scripts/ProxmoxVE/pull/13665))
+    - RomM: Use ROMM_BASE_PATH from .env for symlinks and nginx config [@MickLesk](https://github.com/MickLesk) ([#13666](https://github.com/community-scripts/ProxmoxVE/pull/13666))
+    - Immich: Pin version to 2.7.4 [@vhsdream](https://github.com/vhsdream) ([#13661](https://github.com/community-scripts/ProxmoxVE/pull/13661))
+
+  - #### 🔧 Refactor
+
+    - Crafty Controller: Wait for credentials file instead of fixed sleep [@MickLesk](https://github.com/MickLesk) ([#13670](https://github.com/community-scripts/ProxmoxVE/pull/13670))
+    - Refactor: Alpine-Wakapi [@tremor021](https://github.com/tremor021) ([#13656](https://github.com/community-scripts/ProxmoxVE/pull/13656))
+
+## 2026-04-10
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - fix: ensure trailing newline in redis.conf before appending bind directive [@Copilot](https://github.com/Copilot) ([#13647](https://github.com/community-scripts/ProxmoxVE/pull/13647))
+
+  - #### ✨ New Features
+
+    - Immich: Pin version to 2.7.3 [@vhsdream](https://github.com/vhsdream) ([#13631](https://github.com/community-scripts/ProxmoxVE/pull/13631))
+    - Homarr: bind Redis to localhost only [@MickLesk](https://github.com/MickLesk) ([#13552](https://github.com/community-scripts/ProxmoxVE/pull/13552))
+
+### 💾 Core
+
+  - #### 🐞 Bug Fixes
+
+    - tools.func: prevent script crash when entering GitHub token after rate limit [@MickLesk](https://github.com/MickLesk) ([#13638](https://github.com/community-scripts/ProxmoxVE/pull/13638))
+
+### 🧰 Tools
+
+  - #### 🔧 Refactor
+
+    - addons: Filebrowser & Filebrowser-Quantum get warning if host install [@MickLesk](https://github.com/MickLesk) ([#13639](https://github.com/community-scripts/ProxmoxVE/pull/13639))

ct/alpine-tinyauth.sh

@@ -3,7 +3,7 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: Slaviša Arežina (tremor021) | Co-Author: Stavros (steveiliop56)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/tinyauthapp/tinyauth
+# Source: https://github.com/steveiliop56/tinyauth
 
 APP="Alpine-Tinyauth"
 var_tags="${var_tags:-alpine;auth}"
@@ -29,7 +29,7 @@ function update_script() {
   $STD apk -U upgrade
   msg_ok "Updated packages"
 
-  RELEASE=$(curl -s https://api.github.com/repos/tinyauthapp/tinyauth/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
+  RELEASE=$(curl -s https://api.github.com/repos/steveiliop56/tinyauth/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
   if [ "${RELEASE}" != "$(cat ~/.tinyauth 2>/dev/null)" ] || [ ! -f ~/.tinyauth ]; then
     msg_info "Stopping Service"
     $STD service tinyauth stop
@@ -51,7 +51,7 @@ function update_script() {
 
     msg_info "Updating Tinyauth"
     rm -f /opt/tinyauth/tinyauth
-    curl -fsSL "https://github.com/tinyauthapp/tinyauth/releases/download/v${RELEASE}/tinyauth-amd64" -o /opt/tinyauth/tinyauth
+    curl -fsSL "https://github.com/steveiliop56/tinyauth/releases/download/v${RELEASE}/tinyauth-amd64" -o /opt/tinyauth/tinyauth
     chmod +x /opt/tinyauth/tinyauth
     echo "${RELEASE}" >~/.tinyauth
     msg_ok "Updated Tinyauth"

ct/apache-guacamole.sh

@@ -89,7 +89,7 @@ function update_script() {
     # Auth JDBC follows server version
     msg_info "Updating Guacamole Auth JDBC"
     rm -f /etc/guacamole/extensions/guacamole-auth-jdbc-mysql-*.jar
-    curl_download "/tmp/guacamole-auth-jdbc.tar.gz" "https://downloads.apache.org/guacamole/${LATEST_SERVER}/binary/guacamole-auth-jdbc-${LATEST_SERVER}.tar.gz"
+    curl -fsSL "https://downloads.apache.org/guacamole/${LATEST_SERVER}/binary/guacamole-auth-jdbc-${LATEST_SERVER}.tar.gz" -o "/tmp/guacamole-auth-jdbc.tar.gz"
     $STD tar -xf /tmp/guacamole-auth-jdbc.tar.gz -C /tmp
     mv /tmp/guacamole-auth-jdbc-"${LATEST_SERVER}"/mysql/guacamole-auth-jdbc-mysql-"${LATEST_SERVER}".jar /etc/guacamole/extensions/
     echo "${LATEST_SERVER}" >~/.guacamole_auth_jdbc
@@ -101,7 +101,7 @@ function update_script() {
   # Update Guacamole Client
   if [[ "$CURRENT_CLIENT" != "$LATEST_CLIENT" ]]; then
     msg_info "Updating Guacamole Client (${CURRENT_CLIENT} → ${LATEST_CLIENT})"
-    curl_download "/opt/apache-guacamole/tomcat9/webapps/guacamole.war" "https://downloads.apache.org/guacamole/${LATEST_CLIENT}/binary/guacamole-${LATEST_CLIENT}.war"
+    curl -fsSL "https://downloads.apache.org/guacamole/${LATEST_CLIENT}/binary/guacamole-${LATEST_CLIENT}.war" -o "/opt/apache-guacamole/tomcat9/webapps/guacamole.war"
     echo "${LATEST_CLIENT}" >~/.guacamole_client
     msg_ok "Updated Guacamole Client"
   else
@@ -111,7 +111,7 @@ function update_script() {
   # Update MySQL Connector
   if [[ "$CURRENT_MYSQL_CONNECTOR" != "$LATEST_MYSQL_CONNECTOR" ]]; then
     msg_info "Updating MySQL Connector (${CURRENT_MYSQL_CONNECTOR} → ${LATEST_MYSQL_CONNECTOR})"
-    curl_download "/etc/guacamole/lib/mysql-connector-j.jar" "https://repo1.maven.org/maven2/com/mysql/mysql-connector-j/${LATEST_MYSQL_CONNECTOR}/mysql-connector-j-${LATEST_MYSQL_CONNECTOR}.jar"
+    curl -fsSL "https://repo1.maven.org/maven2/com/mysql/mysql-connector-j/${LATEST_MYSQL_CONNECTOR}/mysql-connector-j-${LATEST_MYSQL_CONNECTOR}.jar" -o "/etc/guacamole/lib/mysql-connector-j.jar"
     echo "${LATEST_MYSQL_CONNECTOR}" >~/.guacamole_mysql_connector
     msg_ok "Updated MySQL Connector"
   else
@@ -148,7 +148,7 @@ function update_script() {
   if [[ -f /etc/guacamole/extensions/guacamole-auth-totp-*.jar ]]; then
     msg_info "Updating TOTP Extension"
     rm -f /etc/guacamole/extensions/guacamole-auth-totp-*.jar
-    curl_download "/tmp/guacamole-auth-totp.tar.gz" "https://downloads.apache.org/guacamole/${LATEST_SERVER}/binary/guacamole-auth-totp-${LATEST_SERVER}.tar.gz"
+    curl -fsSL "https://downloads.apache.org/guacamole/${LATEST_SERVER}/binary/guacamole-auth-totp-${LATEST_SERVER}.tar.gz" -o "/tmp/guacamole-auth-totp.tar.gz"
     $STD tar -xf /tmp/guacamole-auth-totp.tar.gz -C /tmp
     mv /tmp/guacamole-auth-totp-"${LATEST_SERVER}"/guacamole-auth-totp-"${LATEST_SERVER}".jar /etc/guacamole/extensions/
     chmod 664 /etc/guacamole/extensions/guacamole-auth-totp-"${LATEST_SERVER}".jar
@@ -160,7 +160,7 @@ function update_script() {
   if [[ -f /etc/guacamole/extensions/guacamole-auth-duo-*.jar ]]; then
     msg_info "Updating DUO Extension"
     rm -f /etc/guacamole/extensions/guacamole-auth-duo-*.jar
-    curl_download "/tmp/guacamole-auth-duo.tar.gz" "https://downloads.apache.org/guacamole/${LATEST_SERVER}/binary/guacamole-auth-duo-${LATEST_SERVER}.tar.gz"
+    curl -fsSL "https://downloads.apache.org/guacamole/${LATEST_SERVER}/binary/guacamole-auth-duo-${LATEST_SERVER}.tar.gz" -o "/tmp/guacamole-auth-duo.tar.gz"
     $STD tar -xf /tmp/guacamole-auth-duo.tar.gz -C /tmp
     mv /tmp/guacamole-auth-duo-"${LATEST_SERVER}"/guacamole-auth-duo-"${LATEST_SERVER}".jar /etc/guacamole/extensions/
     chmod 664 /etc/guacamole/extensions/guacamole-auth-duo-"${LATEST_SERVER}".jar
@@ -172,7 +172,7 @@ function update_script() {
   if [[ -f /etc/guacamole/extensions/guacamole-auth-ldap-*.jar ]]; then
     msg_info "Updating LDAP Extension"
     rm -f /etc/guacamole/extensions/guacamole-auth-ldap-*.jar
-    curl_download "/tmp/guacamole-auth-ldap.tar.gz" "https://downloads.apache.org/guacamole/${LATEST_SERVER}/binary/guacamole-auth-ldap-${LATEST_SERVER}.tar.gz"
+    curl -fsSL "https://downloads.apache.org/guacamole/${LATEST_SERVER}/binary/guacamole-auth-ldap-${LATEST_SERVER}.tar.gz" -o "/tmp/guacamole-auth-ldap.tar.gz"
     $STD tar -xf /tmp/guacamole-auth-ldap.tar.gz -C /tmp
     mv /tmp/guacamole-auth-ldap-"${LATEST_SERVER}"/guacamole-auth-ldap-"${LATEST_SERVER}".jar /etc/guacamole/extensions/
     chmod 664 /etc/guacamole/extensions/guacamole-auth-ldap-"${LATEST_SERVER}".jar
@@ -184,7 +184,7 @@ function update_script() {
   if [[ -f /etc/guacamole/extensions/guacamole-auth-quickconnect-*.jar ]]; then
     msg_info "Updating Quick Connect Extension"
     rm -f /etc/guacamole/extensions/guacamole-auth-quickconnect-*.jar
-    curl_download "/tmp/guacamole-auth-quickconnect.tar.gz" "https://downloads.apache.org/guacamole/${LATEST_SERVER}/binary/guacamole-auth-quickconnect-${LATEST_SERVER}.tar.gz"
+    curl -fsSL "https://downloads.apache.org/guacamole/${LATEST_SERVER}/binary/guacamole-auth-quickconnect-${LATEST_SERVER}.tar.gz" -o "/tmp/guacamole-auth-quickconnect.tar.gz"
     $STD tar -xf /tmp/guacamole-auth-quickconnect.tar.gz -C /tmp
     mv /tmp/guacamole-auth-quickconnect-"${LATEST_SERVER}"/guacamole-auth-quickconnect-"${LATEST_SERVER}".jar /etc/guacamole/extensions/
     chmod 664 /etc/guacamole/extensions/guacamole-auth-quickconnect-"${LATEST_SERVER}".jar
@@ -196,7 +196,7 @@ function update_script() {
   if [[ -f /etc/guacamole/extensions/guacamole-history-recording-storage-*.jar ]]; then
     msg_info "Updating History Recording Storage Extension"
     rm -f /etc/guacamole/extensions/guacamole-history-recording-storage-*.jar
-    curl_download "/tmp/guacamole-history-recording-storage.tar.gz" "https://downloads.apache.org/guacamole/${LATEST_SERVER}/binary/guacamole-history-recording-storage-${LATEST_SERVER}.tar.gz"
+    curl -fsSL "https://downloads.apache.org/guacamole/${LATEST_SERVER}/binary/guacamole-history-recording-storage-${LATEST_SERVER}.tar.gz" -o "/tmp/guacamole-history-recording-storage.tar.gz"
     $STD tar -xf /tmp/guacamole-history-recording-storage.tar.gz -C /tmp
     mv /tmp/guacamole-history-recording-storage-"${LATEST_SERVER}"/guacamole-history-recording-storage-"${LATEST_SERVER}".jar /etc/guacamole/extensions/
     chmod 664 /etc/guacamole/extensions/guacamole-history-recording-storage-"${LATEST_SERVER}".jar

ct/authentik.sh

@@ -1,155 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: Thieneret
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/goauthentik/authentik
-
-APP="authentik"
-var_tags="${var_tags:-auth}"
-var_cpu="${var_cpu:-4}"
-var_ram="${var_ram:-4096}"
-var_disk="${var_disk:-16}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/authentik ]]; then
-    msg_error "No authentik Installation Found!"
-    exit
-  fi
-
-  NODE_VERSION="24" setup_nodejs
-  setup_go
-  UV_PYTHON_INSTALL_DIR="/usr/local/bin" PYTHON_VERSION="3.14.3" setup_uv
-  setup_rust
-
-  AUTHENTIK_VERSION="version/2026.2.3"
-  XMLSEC_VERSION="1.3.11"
-
-  if check_for_gh_release "geoipupdate" "maxmind/geoipupdate"; then
-    fetch_and_deploy_gh_release "geoipupdate" "maxmind/geoipupdate" "binary"
-  fi
-
-  if check_for_gh_release "xmlsec" "lsh123/xmlsec" "${XMLSEC_VERSION}"; then
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "xmlsec" "lsh123/xmlsec" "tarball" "${XMLSEC_VERSION}" "/opt/xmlsec"
-
-    msg_info "Updating xmlsec"
-    cd /opt/xmlsec
-    $STD ./autogen.sh
-    $STD make -j $(nproc)
-    $STD make check
-    $STD make install
-    $STD ldconfig
-    msg_ok "Updated xmlsec"
-  fi
-
-  if check_for_gh_release "authentik" "goauthentik/authentik" "${AUTHENTIK_VERSION}"; then
-    msg_info "Stopping Services"
-    systemctl stop authentik-server authentik-worker
-	if [[ $(systemctl is-active authentik-ldap) == active ]]; then
-		systemctl stop authentik-ldap
-	fi
-	if [[ $(systemctl is-active authentik-rac) == active ]]; then
-		systemctl stop authentik-rac
-	fi
-	if [[ $(systemctl is-active authentik-radius) == active ]]; then
-		systemctl stop authentik-radius
-	fi
-    msg_ok "Stopped Services"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "authentik" "goauthentik/authentik" "tarball" "${AUTHENTIK_VERSION}" "/opt/authentik"
-
-    msg_info "Updating web"
-    cd /opt/authentik/web
-    export NODE_ENV="production"
-    $STD npm install
-    $STD npm run build
-    $STD npm run build:sfe
-    msg_ok "Updated web"
-
-    msg_info "Updating go proxy"
-    cd /opt/authentik
-    export CGO_ENABLED="1"
-    $STD go mod download
-    $STD go build -o /opt/authentik/authentik-server ./cmd/server
-	$STD go build -o /opt/authentik/ldap ./cmd/ldap
-	$STD go build -o /opt/authentik/rac ./cmd/rac
-	$STD go build -o /opt/authentik/radius ./cmd/radius
-    msg_ok "Updated go proxy"
-
-    msg_info "Updating python server"
-    export UV_NO_BINARY_PACKAGE="cryptography lxml python-kadmin-rs xmlsec"
-    export UV_COMPILE_BYTECODE="1"
-    export UV_LINK_MODE="copy"
-    export UV_NATIVE_TLS="1"
-    export RUSTUP_PERMIT_COPY_RENAME="true"
-    export UV_PYTHON_INSTALL_DIR="/usr/local/bin"
-    cd /opt/authentik
-    $STD uv sync --frozen --no-install-project --no-dev
-    chown -R authentik:authentik /opt/authentik
-    msg_ok "Updated python server"
-  fi
-
-  msg_info "Starting Services"
-  systemctl start authentik-server authentik-worker
-  if [[ $(systemctl is-enabled authentik-ldap) == enabled ]]; then
-  	systemctl start authentik-ldap
-  fi
-  if [[ $(systemctl is-enabled authentik-rac) == enabled ]]; then
-  	systemctl start authentik-rac
-  fi
-  if [[ $(systemctl is-enabled authentik-radius) == enabled ]]; then
-  	systemctl start authentik-radius
-  fi
-  msg_ok "Started Services"
-  msg_ok "Updated successfully!"
-  exit
-}
-
-start
-build_container
-
-msg_info "Attaching data storage volume"
-$STD pct stop "$CTID"
-if [ "${PROTECT_CT:-}" == "1" ] || [ "${PROTECT_CT:-}" == "yes" ]; then
-  $STD pct set "$CTID" --protection 0
-  $STD pct set "$CTID" -mp0 "${CONTAINER_STORAGE}":1,mp=/opt/authentik-data,backup=1
-  $STD pct set "$CTID" --protection 1
-else
-  $STD pct set "$CTID" -mp0 "${CONTAINER_STORAGE}":1,mp=/opt/authentik-data,backup=1
-fi
-$STD pct start "$CTID"
-for i in {1..10}; do
-  pct status "$CTID" | grep -q "status: running" && break
-  sleep 1
-done
-$STD pct exec "$CTID" -- bash -c "mkdir -p /opt/authentik-data/{certs,media,geoip,templates}; \
-  cp /opt/authentik/tests/GeoLite2-ASN-Test.mmdb /opt/authentik-data/geoip/GeoLite2-ASN.mmdb; \
-  cp /opt/authentik/tests/GeoLite2-City-Test.mmdb /opt/authentik-data/geoip/GeoLite2-City.mmdb; \
-  chown authentik:authentik /opt/authentik-data; \
-  chown -R authentik:authentik /opt/authentik-data/{certs,media,geoip,templates}"
-msg_ok "Attached data storage volume"
-
-msg_info "Starting Services"
-pct exec "$CTID" -- systemctl enable -q --now authentik-server authentik-worker
-msg_ok "Started Services"
-
-description
-
-msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Initial setup URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:9000/if/flow/initial-setup/${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:9000${CL}"

ct/bichon.sh

@@ -28,95 +28,15 @@ function update_script() {
     exit
   fi
 
-  CURRENT_VERSION="unknown"
-  if [[ -f /root/.bichon ]]; then
-    CURRENT_VERSION=$(cat /root/.bichon)
-  fi
-
-  MIGRATE_V1=0
-  if [[ "$CURRENT_VERSION" == 0.* ]]; then
-    MIGRATE_V1=1
-    DISK_USAGE=$(df / | awk 'NR==2 {print $5}' | sed 's/%//')
-    if [ "$DISK_USAGE" -gt 50 ]; then
-      echo -e "\n${RD}Warning: Less than 50% free storage remaining on the root disk.${CL}"
-      echo -e "${RD}Bichon v1 data migration temporarily duplicates data and requires free space for it.${CL}"
-      read -r -p "Are you sure you want to proceed with the update? (y/N): " proceed
-      if [[ ! "$proceed" =~ ^[Yy]$ ]]; then
-        msg_error "Update cancelled by user."
-        exit
-      fi
-    fi
-
-    RAM_TOTAL=$(free -m | awk '/^Mem:/{print $2}')
-    if [ "$RAM_TOTAL" -lt 2000 ]; then
-      echo -e "\n${RD}Warning: LXC has less than 2GB of RAM allocated (${RAM_TOTAL}MB).${CL}"
-      echo -e "${RD}Bichon v1 data migration consumes significant memory and may crash if insufficient.${CL}"
-      read -r -p "Are you sure you want to proceed with the update? (y/N): " proceed_ram
-      if [[ ! "$proceed_ram" =~ ^[Yy]$ ]]; then
-        msg_error "Update cancelled by user."
-        exit
-      fi
-    fi
-  fi
-
   if check_for_gh_release "bichon" "rustmailer/bichon"; then
     msg_info "Stopping service"
     systemctl stop bichon
     msg_ok "Stopped service"
 
     cp /opt/bichon/bichon.env /tmp/bichon.env.backup
-
-    if [ "$MIGRATE_V1" -eq 1 ] && [ "$CURRENT_VERSION" != "0.3.7" ]; then
-      msg_info "Updating to intermediate version v0.3.7"
-      CLEAN_INSTALL=1 fetch_and_deploy_gh_release "bichon" "rustmailer/bichon" "prebuild" "v0.3.7" "/opt/bichon" "bichon-*-x86_64-unknown-linux-gnu.tar.gz"
-      cp /tmp/bichon.env.backup /opt/bichon/bichon.env
-      systemctl start bichon
-      sleep 30
-      systemctl stop bichon
-      msg_ok "Intermediate update completed"
-    fi
-
     CLEAN_INSTALL=1 fetch_and_deploy_gh_release "bichon" "rustmailer/bichon" "prebuild" "latest" "/opt/bichon" "bichon-*-x86_64-unknown-linux-gnu.tar.gz"
     cp /tmp/bichon.env.backup /opt/bichon/bichon.env
 
-    if [ "$MIGRATE_V1" -eq 1 ]; then
-      msg_info "Running Bichon v1 Data Migration (patience)"
-      $STD apt install -y expect
-      $STD expect <<'EOF'
-set timeout -1
-spawn /opt/bichon/bichon-admin
-expect "*Select an operation*"
-send "\033\[B\r"
-expect "*--bichon-root-dir*"
-send "/opt/bichon-data\r"
-expect "*--bichon-index-dir*"
-send "\r"
-expect "*--bichon-data-dir*"
-send "\r"
-expect "*Ready to migrate?*"
-send "y"
-expect "*Enter batch size*"
-send "1000\r"
-expect eof
-catch wait
-EOF
-      $STD apt remove --purge expect -y
-      $STD apt autoremove -y
-      msg_ok "Migration completed"
-
-      msg_info "Cleaning up legacy Bichon v0.x storage files"
-      rm -rf /opt/bichon-data/envelope
-      rm -rf /opt/bichon-data/eml
-      rm -f /opt/bichon-data/mailbox.db
-      rm -f /opt/bichon-data/meta.db
-      msg_ok "Cleanup completed"
-
-      msg_info "Updating Bichon service for v1"
-      sed -i 's|ExecStart=/opt/bichon/bichon|ExecStart=/opt/bichon/bichon-server|g; s|RestartSec=5|RestartSec=5\n\nLimitNOFILE=65536|g' /etc/systemd/system/bichon.service
-      systemctl daemon-reload
-      msg_ok "Service updated"
-    fi
-
     msg_info "Starting service"
     systemctl start bichon
     msg_ok "Service started"

ct/checkmk.sh

@@ -33,14 +33,9 @@ function update_script() {
   msg_info "Updating checkmk"
   $STD omd stop monitoring
   $STD omd cp monitoring monitoringbackup
-  curl_download "/opt/checkmk.deb" "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-community-${RELEASE}_0.$(get_os_info codename)_amd64.deb"
+  curl_with_retry "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-community-${RELEASE}_0.$(get_os_info codename)_amd64.deb" "/opt/checkmk.deb"
   $STD apt install -y /opt/checkmk.deb
-  OMD_VERSION=$(omd versions 2>/dev/null | grep "^${RELEASE}" | awk '{print $1}')
-  if [[ -z "${OMD_VERSION}" ]]; then
-    msg_error "Could not find installed OMD version for release ${RELEASE}"
-    exit 1
-  fi
-  $STD omd --force -V "${OMD_VERSION}" update --conflict=install monitoring
+  $STD omd --force -V ${RELEASE}.cre update --conflict=install monitoring
   $STD omd start monitoring
   $STD omd -f rm monitoringbackup
   $STD omd cleanup

ct/cliproxyapi.sh

@@ -1,55 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: mathiasnagler
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/router-for-me/CLIProxyAPI
-
-APP="CLIProxyAPI"
-var_tags="${var_tags:-ai;proxy}"
-var_cpu="${var_cpu:-1}"
-var_ram="${var_ram:-512}"
-var_disk="${var_disk:-2}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/cliproxyapi ]]; then
-    msg_error "No CLIProxyAPI Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "cliproxyapi" "router-for-me/CLIProxyAPI"; then
-    msg_info "Stopping CLIProxyAPI"
-    systemctl stop cliproxyapi
-    msg_ok "Stopped CLIProxyAPI"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "cliproxyapi" "router-for-me/CLIProxyAPI" "prebuild" "latest" "/opt/cliproxyapi" "CLIProxyAPI_*_linux_amd64.tar.gz"
-
-    msg_info "Starting CLIProxyAPI"
-    systemctl start cliproxyapi
-    msg_ok "Started CLIProxyAPI"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8317${CL}"

ct/dashy.sh

@@ -23,34 +23,37 @@ function update_script() {
   header_info
   check_container_storage
   check_container_resources
-  if [[ ! -d /opt/dashy ]]; then
+  if [[ ! -d /opt/dashy/public/ ]]; then
     msg_error "No ${APP} Installation Found!"
     exit
   fi
-
-  NODE_VERSION="24" NODE_MODULE="yarn" setup_nodejs
-
   if check_for_gh_release "dashy" "Lissy93/dashy"; then
     msg_info "Stopping Service"
     systemctl stop dashy
     msg_ok "Stopped Service"
 
-    msg_info "Backing up user-data"
-    rm -rf /opt/dashy_user_data_backup
-    cp -r /opt/dashy/user-data /opt/dashy_user_data_backup
-    msg_ok "Backed up user-data"
+    msg_info "Backing up conf.yml"
+    if [[ -f /opt/dashy/public/conf.yml ]]; then
+      cp -R /opt/dashy/public/conf.yml /opt/dashy_conf_backup.yml
+    else
+      cp -R /opt/dashy/user-data/conf.yml /opt/dashy_conf_backup.yml
+    fi
+    msg_ok "Backed up conf.yml"
 
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "dashy" "lissy93/dashy" "prebuild" "latest" "/opt/dashy" "dashy-*.tar.gz"
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "dashy" "Lissy93/dashy" "prebuild" "latest" "/opt/dashy" "dashy-*.tar.gz"
 
     msg_info "Updating Dashy"
     cd /opt/dashy
     $STD yarn install --ignore-engines --network-timeout 300000
     msg_ok "Updated Dashy"
 
-    msg_info "Restoring user-data"
-    cp -r /opt/dashy_user_data_backup/. /opt/dashy/user-data/
-    rm -rf /opt/dashy_user_data_backup
-    msg_ok "Restored user-data"
+    msg_info "Restoring conf.yml"
+    cp -R /opt/dashy_conf_backup.yml /opt/dashy/user-data
+    msg_ok "Restored conf.yml"
+
+    msg_info "Cleaning"
+    rm -rf /opt/dashy_conf_backup.yml /opt/dashy/public/conf.yml
+    msg_ok "Cleaned"
 
     msg_info "Starting Dashy"
     systemctl start dashy

ct/dawarich.sh

@@ -45,12 +45,12 @@ function update_script() {
     CLEAN_INSTALL=1 fetch_and_deploy_gh_release "dawarich" "Freika/dawarich" "tarball" "latest" "/opt/dawarich/app"
 
     RUBY_VERSION=$(cat /opt/dawarich/app/.ruby-version 2>/dev/null || echo "3.4.6")
-    RUBY_VERSION=${RUBY_VERSION} RUBY_INSTALL_RAILS="false" HOME=/root setup_ruby
+    RUBY_VERSION=${RUBY_VERSION} RUBY_INSTALL_RAILS="false" setup_ruby
 
     msg_info "Running Migrations"
     cd /opt/dawarich/app
     source /root/.profile
-    export PATH="/root/.rbenv/shims:/root/.rbenv/bin:${PATH}"
+    export PATH="/root/.rbenv/shims:/root/.rbenv/bin:$PATH"
     eval "$(/root/.rbenv/bin/rbenv init - bash)"
 
     if ! grep -q "OTP_ENCRYPTION_PRIMARY_KEY" /opt/dawarich/.env; then

ct/degoog.sh

@@ -1,73 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/fccview/degoog
-
-APP="degoog"
-var_tags="${var_tags:-search;privacy}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-2048}"
-var_disk="${var_disk:-6}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/degoog ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "degoog" "fccview/degoog"; then
-    msg_info "Stopping Service"
-    systemctl stop degoog
-    msg_ok "Stopped Service"
-
-    msg_info "Backing up Configuration & Data"
-    [[ -f /opt/degoog/.env ]] && cp /opt/degoog/.env /opt/degoog.env.bak
-    [[ -d /opt/degoog/data ]] && mv /opt/degoog/data /opt/degoog_data_backup
-    msg_ok "Backed up Configuration & Data"
-
-    if ! command -v bun >/dev/null 2>&1; then
-      msg_info "Installing Bun"
-      export BUN_INSTALL="/root/.bun"
-      curl -fsSL https://bun.sh/install | $STD bash
-      ln -sf /root/.bun/bin/bun /usr/local/bin/bun
-      ln -sf /root/.bun/bin/bunx /usr/local/bin/bunx
-      msg_ok "Installed Bun"
-    fi
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "degoog" "fccview/degoog" "prebuild" "latest" "/opt/degoog" "degoog_*_prebuild.tar.gz"
-
-    msg_info "Restoring Configuration & Data"
-    [[ -f /opt/degoog.env.bak ]] && mv /opt/degoog.env.bak /opt/degoog/.env
-    [[ -d /opt/degoog_data_backup ]] && mv /opt/degoog_data_backup /opt/degoog/data
-    msg_ok "Restored Configuration & Data"
-
-    msg_info "Starting Service"
-    systemctl start degoog
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:4444${CL}"

ct/docuseal.sh

@@ -1,84 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://www.docuseal.com/
-
-APP="DocuSeal"
-var_tags="${var_tags:-document;esignature;pdf}"
-var_cpu="${var_cpu:-4}"
-var_ram="${var_ram:-4096}"
-var_disk="${var_disk:-10}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/docuseal ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "docuseal" "docusealco/docuseal"; then
-    msg_info "Stopping Services"
-    systemctl stop docuseal docuseal-sidekiq
-    msg_ok "Stopped Services"
-
-    msg_info "Backing up Data"
-    cp /opt/docuseal/.env /opt/docuseal.env.bak
-    [[ -d /opt/docuseal/data ]] && mv /opt/docuseal/data /opt/docuseal_data.bak
-    msg_ok "Backed up Data"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "docuseal" "docusealco/docuseal" "tarball"
-
-    msg_info "Restoring Data"
-    mv /opt/docuseal.env.bak /opt/docuseal/.env
-    [[ -d /opt/docuseal_data.bak ]] && mv /opt/docuseal_data.bak /opt/docuseal/data
-    msg_ok "Restored Data"
-
-    msg_info "Building Application"
-    cd /opt/docuseal
-    export PATH="/root/.rbenv/bin:/root/.rbenv/shims:${PATH}"
-    eval "$(rbenv init - bash)" 2>/dev/null || true
-    export RAILS_ENV=production
-    export NODE_ENV=production
-    export SECRET_KEY_BASE_DUMMY=1
-    set -a
-    source /opt/docuseal/.env
-    set +a
-    $STD bundle config set --local deployment 'true'
-    $STD bundle config set --local without 'development:test'
-    $STD bundle install -j"$(nproc)"
-    $STD yarn install --network-timeout 1000000
-    $STD ./bin/shakapacker
-    $STD bundle exec rails db:migrate
-    $STD bundle exec bootsnap precompile -j 1 --gemfile app/ lib/
-    chown -R docuseal:docuseal /opt/docuseal
-    msg_ok "Built Application"
-
-    msg_info "Starting Services"
-    systemctl start docuseal docuseal-sidekiq
-    msg_ok "Started Services"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"

ct/espconnect.sh

@@ -1,54 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: John Lombardo (programbo) 
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/thelastoutpostworkshop/ESPConnect
-
-APP="ESPConnect"
-var_tags="${var_tags:-iot;esp32;flash}"
-var_cpu="${var_cpu:-1}"
-var_ram="${var_ram:-512}"
-var_disk="${var_disk:-4}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/espconnect ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "espconnect" "thelastoutpostworkshop/ESPConnect"; then
-    msg_info "Stopping Nginx"
-    systemctl stop nginx
-    msg_ok "Stopped Nginx"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "espconnect" "thelastoutpostworkshop/ESPConnect" "prebuild" "latest" "/opt/espconnect" "dist.zip"
-
-    msg_info "Starting Nginx"
-    systemctl start nginx
-    msg_ok "Started Nginx"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}https://${IP}${CL}"

ct/excalidraw.sh

@@ -28,9 +28,6 @@ function update_script() {
     msg_error "No ${APP} Installation Found!"
     exit
   fi
-
-  NODE_VERSION="24" NODE_MODULE="yarn" setup_nodejs
-
   if check_for_gh_release "excalidraw" "excalidraw/excalidraw"; then
     msg_info "Stopping Service"
     systemctl stop excalidraw
@@ -40,7 +37,6 @@ function update_script() {
 
     msg_info "Updating Excalidraw"
     cd /opt/excalidraw
-    $STD yarn config set ignore-engines true
     $STD yarn
     msg_ok "Updated Excalidraw"
 

ct/headers/authentik

@@ -1,6 +0,0 @@
-               __  __               __  _ __  
-  ____ ___  __/ /_/ /_  ___  ____  / /_(_) /__
- / __ `/ / / / __/ __ \/ _ \/ __ \/ __/ / //_/
-/ /_/ / /_/ / /_/ / / /  __/ / / / /_/ / ,<   
-\__,_/\__,_/\__/_/ /_/\___/_/ /_/\__/_/_/|_|  
-                                              

ct/headers/cliproxyapi

@@ -1,6 +0,0 @@
-   ________    ________                        ___    ____  ____
-  / ____/ /   /  _/ __ \_________  _  ____  __/   |  / __ \/  _/
- / /   / /    / // /_/ / ___/ __ \| |/_/ / / / /| | / /_/ // /  
-/ /___/ /____/ // ____/ /  / /_/ />  </ /_/ / ___ |/ ____// /   
-\____/_____/___/_/   /_/   \____/_/|_|\__, /_/  |_/_/   /___/   
-                                     /____/                     

ct/headers/degoog

@@ -1,6 +0,0 @@
-       __                            
-  ____/ /__  ____ _____  ____  ____ _
- / __  / _ \/ __ `/ __ \/ __ \/ __ `/
-/ /_/ /  __/ /_/ / /_/ / /_/ / /_/ / 
-\__,_/\___/\__, /\____/\____/\__, /  
-          /____/            /____/   

ct/headers/docuseal

@@ -1,6 +0,0 @@
-    ____                   _____            __
-   / __ \____  _______  __/ ___/___  ____ _/ /
-  / / / / __ \/ ___/ / / /\__ \/ _ \/ __ `/ / 
- / /_/ / /_/ / /__/ /_/ /___/ /  __/ /_/ / /  
-/_____/\____/\___/\__,_//____/\___/\__,_/_/   
-                                              

ct/headers/espconnect

@@ -1,6 +0,0 @@
-    ___________ ____  ______                            __ 
-   / ____/ ___// __ \/ ____/___  ____  ____  ___  _____/ /_
-  / __/  \__ \/ /_/ / /   / __ \/ __ \/ __ \/ _ \/ ___/ __/
- / /___ ___/ / ____/ /___/ /_/ / / / / / / /  __/ /__/ /_  
-/_____//____/_/    \____/\____/_/ /_/_/ /_/\___/\___/\__/  
-                                                           

ct/headers/webtrees

@@ -1,6 +0,0 @@
- _       __     __    __                     
-| |     / /__  / /_  / /_________  ___  _____
-| | /| / / _ \/ __ \/ __/ ___/ _ \/ _ \/ ___/
-| |/ |/ /  __/ /_/ / /_/ /  /  __/  __(__  ) 
-|__/|__/\___/_.___/\__/_/   \___/\___/____/  
-                                             

ct/kasm.sh

@@ -35,7 +35,7 @@ function update_script() {
   CURRENT_VERSION=$(readlink -f /opt/kasm/current | awk -F'/' '{print $4}')
   KASM_VERSION=$(curl -s https://kasm.com/downloads | grep -oP '<h1[^>]*>.*?</h1>' | sed -E 's/<\/?h1[^>]*>//g' | grep -oP '\d+\.\d+\.\d+')
   KASM_URL="https://kasm-static-content.s3.amazonaws.com/kasm_release_${KASM_VERSION:-var_kasm_version}.tar.gz"
-
+  
   # KASM_URL=$(curl -fsSL "https://www.kasm.com/downloads" | tr '\n' ' ' | grep -oE 'https://kasm-static-content[^"]*kasm_release_[0-9]+\.[0-9]+\.[0-9]+\.[a-z0-9]+\.tar\.gz' | head -n 1)
   # if [[ -z "$KASM_URL" ]]; then
   #   SERVICE_IMAGE_URL=$(curl -fsSL "https://www.kasm.com/downloads" | tr '\n' ' ' | grep -oE 'https://kasm-static-content[^"]*kasm_release_service_images_amd64_[0-9]+\.[0-9]+\.[0-9]+\.tar\.gz' | head -n 1)
@@ -46,7 +46,7 @@ function update_script() {
   # else
   #   KASM_VERSION=$(echo "$KASM_URL" | sed -E 's/.*kasm_release_([0-9]+\.[0-9]+\.[0-9]+).*/\1/')
   # fi
-
+  
   if [[ -z "$KASM_VERSION" ]] || [[ -z "$KASM_URL" ]]; then
     msg_error "Unable to detect latest Kasm release URL."
     exit 250
@@ -56,10 +56,10 @@ function update_script() {
   msg_info "Removing outdated docker-compose plugin"
   [ -f ~/.docker/cli-plugins/docker-compose ] && rm -rf ~/.docker/cli-plugins/docker-compose
   msg_ok "Removed outdated docker-compose plugin"
-
+  
   if [[ -z "$CURRENT_VERSION" ]] || [[ "$KASM_VERSION" != "$CURRENT_VERSION" ]]; then
     msg_info "Updating Kasm"
-    cd /tmp
+    cd /tmp 
 
     msg_warn "WARNING: This script will run an external installer from a third-party source (https://www.kasmweb.com/)."
     msg_warn "The following code is NOT maintained or audited by our repository."
@@ -71,17 +71,17 @@ function update_script() {
       msg_error "Aborted by user. No changes have been made."
       exit 10
     fi
-    curl_download "/tmp/kasm_release_${KASM_VERSION}.tar.gz" "$KASM_URL"
+    curl -fsSL -o "/tmp/kasm_release_${KASM_VERSION}.tar.gz" "$KASM_URL"
     tar -xf "kasm_release_${KASM_VERSION}.tar.gz"
     chmod +x /tmp/kasm_release/install.sh
     rm -f /tmp/kasm_release_"${KASM_VERSION}".tar.gz
-
+  
     bash /tmp/kasm_release/upgrade.sh --proxy-port 443
     rm -rf /tmp/kasm_release
     msg_ok "Updated successfully!"
   else
     msg_ok "No update required. Kasm is already at v${KASM_VERSION}"
-
+  
   fi
   exit
 }

ct/manyfold.sh

@@ -55,20 +55,9 @@ function update_script() {
 
     RUBY_VERSION=${RUBY_INSTALL_VERSION} RUBY_INSTALL_RAILS="true" HOME=/home/manyfold setup_ruby
 
-    msg_info "Restoring Data"
-    rm -rf /opt/manyfold/app/{storage,tmp,config/credentials.yml.enc,config/master.key}
-    cp -r /opt/manyfold_storage_backup /opt/manyfold/app/storage 2>/dev/null || true
-    cp -r /opt/manyfold_tmp_backup /opt/manyfold/app/tmp 2>/dev/null || true
-    cp /opt/manyfold_credentials.yml.enc /opt/manyfold/app/config/credentials.yml.enc 2>/dev/null || true
-    cp /opt/manyfold_master.key /opt/manyfold/app/config/master.key 2>/dev/null || true
-    chown -R manyfold:manyfold {/home/manyfold,/opt/manyfold}
-    chown -R manyfold:manyfold /opt/manyfold/app/storage /opt/manyfold/app/tmp /opt/manyfold/app/config
-    rm -rf /opt/manyfold_storage_backup /opt/manyfold_tmp_backup /opt/manyfold_credentials.yml.enc /opt/manyfold_master.key
-    msg_ok "Restored Data"
-
     msg_info "Installing Manyfold"
-    $STD npm install --global corepack
-    $STD corepack enable yarn
+    chown -R manyfold:manyfold {/home/manyfold,/opt/manyfold}
+    chown -R manyfold:manyfold /opt/manyfold
 
     sudo -u manyfold bash -c '
             source /opt/manyfold/.env
@@ -77,6 +66,7 @@ function update_script() {
             cd /opt/manyfold/app
             gem install bundler sidekiq foreman
             bundle install
+            corepack enable yarn
             corepack prepare '"$YARN_VERSION"' --activate
             corepack use '"$YARN_VERSION"'
             bin/rails db:migrate
@@ -84,6 +74,16 @@ function update_script() {
         '
     msg_ok "Installed Manyfold"
 
+    msg_info "Restoring Data"
+    rm -rf /opt/manyfold/app/{storage,tmp,config/credentials.yml.enc,config/master.key}
+    cp -r /opt/manyfold_storage_backup /opt/manyfold/app/storage 2>/dev/null || true
+    cp -r /opt/manyfold_tmp_backup /opt/manyfold/app/tmp 2>/dev/null || true
+    cp /opt/manyfold_credentials.yml.enc /opt/manyfold/app/config/credentials.yml.enc 2>/dev/null || true
+    cp /opt/manyfold_master.key /opt/manyfold/app/config/master.key 2>/dev/null || true
+    chown -R manyfold:manyfold /opt/manyfold/app/storage /opt/manyfold/app/tmp /opt/manyfold/app/config
+    rm -rf /opt/manyfold_storage_backup /opt/manyfold_tmp_backup /opt/manyfold_credentials.yml.enc /opt/manyfold_master.key
+    msg_ok "Restored Data"
+
     msg_info "Restarting Services"
     source /opt/manyfold/.env
     export PATH="/home/manyfold/.rbenv/shims:/home/manyfold/.rbenv/bin:$PATH"

ct/ollama.sh

@@ -27,26 +27,34 @@ function update_script() {
     msg_error "No Ollama Installation Found!"
     exit
   fi
-  if check_for_gh_release "ollama" "ollama/ollama"; then
+  RELEASE=$(curl -fsSL https://api.github.com/repos/ollama/ollama/releases/latest | grep "tag_name" | awk -F '"' '{print $4}')
+  if [[ ! -f /opt/Ollama_version.txt ]] || [[ "${RELEASE}" != "$(cat /opt/Ollama_version.txt)" ]]; then
+    if [[ ! -f /opt/Ollama_version.txt ]]; then
+      touch /opt/Ollama_version.txt
+    fi
     ensure_dependencies zstd
     msg_info "Stopping Services"
     systemctl stop ollama
     msg_ok "Services Stopped"
 
-    OLLAMA_INSTALL_DIR="/usr/local/lib/ollama"
-    rm -rf "$OLLAMA_INSTALL_DIR" /usr/local/bin/ollama
-    mkdir -p "$OLLAMA_INSTALL_DIR"
-    if ! fetch_and_deploy_gh_release "ollama" "ollama/ollama" "prebuild" "latest" "$OLLAMA_INSTALL_DIR" "ollama-linux-amd64.tar.zst"; then
-      msg_error "Download or deployment failed – check network connectivity and GitHub API availability"
-      exit 250
-    fi
-    ln -sf "$OLLAMA_INSTALL_DIR/bin/ollama" /usr/local/bin/ollama
-    msg_ok "Updated Ollama"
+    TMP_TAR=$(mktemp --suffix=.tar.zst)
+    curl -fL# -C - -o "${TMP_TAR}" "https://github.com/ollama/ollama/releases/download/${RELEASE}/ollama-linux-amd64.tar.zst"
+    msg_info "Updating Ollama to ${RELEASE}"
+    rm -rf /usr/local/lib/ollama
+    rm -rf /usr/local/bin/ollama
+    mkdir -p /usr/local/lib/ollama
+    tar --zstd -xf "${TMP_TAR}" -C /usr/local/lib/ollama
+    ln -sf /usr/local/lib/ollama/bin/ollama /usr/local/bin/ollama
+    rm -f "${TMP_TAR}"
+    echo "${RELEASE}" >/opt/Ollama_version.txt
+    msg_ok "Updated Ollama to ${RELEASE}"
 
     msg_info "Starting Services"
     systemctl start ollama
     msg_ok "Started Services"
     msg_ok "Updated successfully!"
+  else
+    msg_ok "No update required. Ollama is already at ${RELEASE}"
   fi
   exit
 }

ct/omada.sh

@@ -38,32 +38,20 @@ function update_script() {
 
   JAVA_VERSION="21" setup_java
 
+  msg_info "Updating Omada Controller"
   OMADA_URL=$(curl -fsSL "https://support.omadanetworks.com/en/download/software/omada-controller/" |
     grep -o 'https://static\.tp-link\.com/upload/software/[^"]*linux_x64[^"]*\.deb' |
     head -n1)
-  OMADA_PKG=$(basename "${OMADA_URL}")
-  VERSION=$(sed -n 's/.*_v\([0-9.]*\)_.*_\([0-9]\{14\}\)\.deb$/\1-\2/p' <<<"${OMADA_PKG}")
-
-  CURRENT_VERSION=$(cat $HOME/.omada 2>/dev/null || echo "0")
-
-  if dpkg --compare-versions "${VERSION}" gt "${CURRENT_VERSION}"; then
-
-    msg_info "Updating Omada Controller"
-
-    if [ -z "${OMADA_PKG}" ]; then
-      msg_error "Could not retrieve Omada package – server may be down."
-      exit
-    fi
-    curl -fsSL "${OMADA_URL}" -o "${OMADA_PKG}"
-    export DEBIAN_FRONTEND=noninteractive
-    $STD dpkg -i "${OMADA_PKG}"
-    rm -f "${OMADA_PKG}"
-    echo "${VERSION}" >$HOME/.omada
-    msg_ok "Updated Omada Controller to ${VERSION}"
-    msg_ok "Updated successfully!"
-  else
-    msg_ok "No update available: ${APP} (${CURRENT_VERSION})"
+  OMADA_PKG=$(basename "$OMADA_URL")
+  if [ -z "$OMADA_PKG" ]; then
+    msg_error "Could not retrieve Omada package – server may be down."
+    exit
   fi
+  curl -fsSL "$OMADA_URL" -o "$OMADA_PKG"
+  export DEBIAN_FRONTEND=noninteractive
+  $STD dpkg -i "$OMADA_PKG"
+  rm -f "$OMADA_PKG"
+  msg_ok "Updated successfully!"
   exit
 }
 

ct/opencloud.sh

@@ -29,7 +29,7 @@ function update_script() {
     exit
   fi
 
-  RELEASE="v6.2.0"
+  RELEASE="v6.1.0"
   if check_for_gh_release "OpenCloud" "opencloud-eu/opencloud" "${RELEASE}" "each release is tested individually before the version is updated. Please do not open issues for this"; then
     msg_info "Stopping services"
     systemctl stop opencloud opencloud-wopi

ct/openwebui.sh

@@ -91,22 +91,37 @@ EOF
 
   if [ -x "/usr/bin/ollama" ]; then
     msg_info "Checking for Ollama Update"
-    if check_for_gh_release "ollama" "ollama/ollama"; then
-      msg_info "Stopping Ollama Service"
-      systemctl stop ollama
-      msg_ok "Stopped Service"
+    OLLAMA_VERSION=$(ollama -v | awk '{print $NF}')
+    RELEASE=$(curl -s https://api.github.com/repos/ollama/ollama/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4)}')
+    if [ "$OLLAMA_VERSION" != "$RELEASE" ]; then
+      msg_info "Ollama update available: v$OLLAMA_VERSION -> v$RELEASE"
+      msg_info "Downloading Ollama v$RELEASE \n"
+      curl -fS#LO https://github.com/ollama/ollama/releases/download/v${RELEASE}/ollama-linux-amd64.tar.zst
+      msg_ok "Download Complete"
 
-      rm -rf /usr/lib/ollama /usr/bin/ollama
-      if ! fetch_and_deploy_gh_release "ollama" "ollama/ollama" "prebuild" "latest" "/usr/lib/ollama" "ollama-linux-amd64.tar.zst"; then
-        msg_error "Ollama download or deployment failed – check network connectivity and GitHub API availability"
+      if [ -f "ollama-linux-amd64.tar.zst" ]; then
+
+        msg_info "Stopping Ollama Service"
+        systemctl stop ollama
+        msg_ok "Stopped Service"
+
+        msg_info "Installing Ollama"
+        rm -rf /usr/lib/ollama
+        rm -rf /usr/bin/ollama
+        tar --zstd -C /usr -xf ollama-linux-amd64.tar.zst
+        rm -rf ollama-linux-amd64.tar.zst
+        msg_ok "Installed Ollama"
+
+        msg_info "Starting Ollama Service"
+        systemctl start ollama
+        msg_ok "Started Service"
+
+        msg_ok "Ollama updated to version $RELEASE"
       else
-        ln -sf /usr/lib/ollama/bin/ollama /usr/bin/ollama
-        msg_ok "Updated Ollama to ${CHECK_UPDATE_RELEASE}"
+        msg_error "Ollama download failed. Aborting update."
       fi
-
-      msg_info "Starting Ollama Service"
-      systemctl start ollama
-      msg_ok "Started Service"
+    else
+      msg_ok "Ollama is already up to date."
     fi
   fi
 

ct/pangolin.sh

@@ -6,7 +6,7 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV
 # Source: https://pangolin.net/ | Github: https://github.com/fosrl/pangolin
 
 APP="Pangolin"
-PANGOLIN_VERSION="${PANGOLIN_VERSION:-1.18.4}"
+PANGOLIN_VERSION="${PANGOLIN_VERSION:-1.18.3}"
 var_tags="${var_tags:-proxy}"
 var_cpu="${var_cpu:-2}"
 var_ram="${var_ram:-4096}"
@@ -81,12 +81,6 @@ function update_script() {
 
     msg_info "Running database migrations"
     cd /opt/pangolin
-    SQLITE_DB="/opt/pangolin/config/db/db.sqlite"
-    if [[ -f "$SQLITE_DB" ]]; then
-      if ! sqlite3 "$SQLITE_DB" ".tables" 2>/dev/null | tr ' ' '\n' | grep -qx "statusHistory"; then
-        sqlite3 "$SQLITE_DB" "DELETE FROM versionMigrations;" 2>/dev/null || true
-      fi
-    fi
     ENVIRONMENT=prod $STD node dist/migrations.mjs
     msg_ok "Ran database migrations"
 

ct/profilarr.sh

@@ -8,7 +8,7 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV
 APP="Profilarr"
 var_tags="${var_tags:-arr;radarr;sonarr;config}"
 var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-4096}"
+var_ram="${var_ram:-2048}"
 var_disk="${var_disk:-8}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
@@ -29,70 +29,43 @@ function update_script() {
     exit
   fi
 
-  if [[ -d /opt/profilarr/backend ]]; then
-    msg_error "Profilarr v1 detected!"
-    echo -e "\nProfilarr v2 is a complete rewrite and is NOT compatible with v1."
-    echo -e "There is no migration path. Please create a new LXC container for v2.\n"
-    exit
-  fi
-
   if check_for_gh_release "profilarr" "Dictionarry-Hub/profilarr"; then
     msg_info "Stopping Service"
     systemctl stop profilarr
     msg_ok "Stopped Service"
 
+    msg_info "Backing up Data"
+    if [[ -d /config ]]; then
+      cp -r /config /opt/profilarr_config_backup
+    fi
+    msg_ok "Backed up Data"
+
     CLEAN_INSTALL=1 fetch_and_deploy_gh_release "profilarr" "Dictionarry-Hub/profilarr" "tarball"
-    PROFILARR_VERSION=$(curl -fsSL "https://api.github.com/repos/Dictionarry-Hub/profilarr/releases/latest" | grep '"tag_name"' | sed 's/.*"v\([^"]*\)".*/\1/')
 
-    msg_info "Building Profilarr v${PROFILARR_VERSION} (Patience)"
-    cd /opt/profilarr
-    ARCH=$(uname -m)
-    cat >src/lib/shared/build.ts <<EOF
-// Generated at update time. Do not hand-edit.
-export type Channel = 'stable' | 'develop' | 'dev';
+    msg_info "Installing Python Dependencies"
+    cd /opt/profilarr/backend
+    $STD uv venv --clear /opt/profilarr/backend/.venv
+    sed 's/==/>=/g' requirements.txt >requirements-relaxed.txt
+    $STD uv pip install --python /opt/profilarr/backend/.venv/bin/python -r requirements-relaxed.txt
+    rm -f requirements-relaxed.txt
+    msg_ok "Installed Python Dependencies"
 
-export interface BuildInfo {
-	readonly version: string;
-	readonly channel: Channel;
-	readonly commit: string | null;
-	readonly builtAt: string | null;
-}
+    msg_info "Building Frontend"
+    if [[ -d /opt/profilarr/frontend ]]; then
+      cd /opt/profilarr/frontend
+      $STD npm install
+      $STD npm run build
+      cp -r dist /opt/profilarr/backend/app/static
+    fi
+    msg_ok "Built Frontend"
 
-export const build: BuildInfo = {
-	version: '${PROFILARR_VERSION}',
-	channel: 'stable',
-	commit: null,
-	builtAt: '$(date -u +"%Y-%m-%dT%H:%M:%SZ")'
-};
-EOF
-    $STD deno install --node-modules-dir
-    export APP_BASE_PATH=/opt/profilarr/dist/build
-    export VITE_CHANNEL=stable
-    $STD deno run -A npm:vite build
-    case "$ARCH" in
-    aarch64) DENO_TARGET="aarch64-unknown-linux-gnu" ;;
-    *) DENO_TARGET="x86_64-unknown-linux-gnu" ;;
-    esac
-    $STD deno compile \
-      --no-check \
-      --allow-net \
-      --allow-read \
-      --allow-write \
-      --allow-env \
-      --allow-ffi \
-      --allow-run \
-      --allow-sys \
-      --target "$DENO_TARGET" \
-      --output dist/build/profilarr \
-      dist/build/mod.ts
-    msg_ok "Built Profilarr"
-
-    msg_info "Updating Profilarr"
-    cp dist/build/profilarr /opt/profilarr/app/profilarr
-    cp dist/build/server.js /opt/profilarr/app/server.js
-    cp -r dist/build/static /opt/profilarr/app/static
-    chmod +x /opt/profilarr/app/profilarr
-    msg_ok "Updated Profilarr"
+    msg_info "Restoring Data"
+    if [[ -d /opt/profilarr_config_backup ]]; then
+      mkdir -p /config
+      cp -r /opt/profilarr_config_backup/. /config/
+      rm -rf /opt/profilarr_config_backup
+    fi
+    msg_ok "Restored Data"
 
     msg_info "Starting Service"
     systemctl start profilarr

ct/soulsync.sh

@@ -44,7 +44,7 @@ function update_script() {
     msg_info "Updating Python Dependencies"
     cd /opt/soulsync
     $STD uv venv --clear /opt/soulsync/.venv --python 3.11
-    $STD uv pip install -r requirements.txt
+    $STD /opt/soulsync/.venv/bin/pip install -r requirements.txt
     msg_ok "Updated Python Dependencies"
 
     mv /opt/soulsync-config.bak /opt/soulsync/config

ct/sure.sh

@@ -64,7 +64,7 @@ EOF
     fi
 
     CLEAN_INSTALL=1 fetch_and_deploy_gh_release "Sure" "we-promise/sure" "tarball" "latest" "/opt/sure"
-    RUBY_VERSION="$(cat /opt/sure/.ruby-version)" RUBY_INSTALL_RAILS=false HOME=/root setup_ruby
+    RUBY_VERSION="$(cat /opt/sure/.ruby-version)" RUBY_INSTALL_RAILS=false setup_ruby
 
     msg_info "Updating Sure"
     source ~/.profile

ct/termix.sh

@@ -29,8 +29,6 @@ function update_script() {
     exit
   fi
 
-  NODE_VERSION="24" setup_nodejs
-
   if check_for_gh_tag "guacd" "apache/guacamole-server"; then
     msg_info "Stopping guacd"
     systemctl stop guacd 2>/dev/null || true
@@ -157,6 +155,8 @@ EOF
       /opt/termix/nginx/client_body
     msg_ok "Recreated Directories"
 
+    NODE_VERSION="24" setup_nodejs
+
     msg_info "Building Frontend"
     cd /opt/termix
     export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
@@ -206,10 +206,7 @@ EOF
       sed -i 's|/app/nginx|/opt/termix/nginx|g' /etc/nginx/nginx.conf
       sed -i 's|listen ${PORT};|listen 80;|g' /etc/nginx/nginx.conf
 
-      rm -f /etc/systemd/system/nginx.service.d/pidfile.conf
-      rm -f /etc/tmpfiles.d/nginx-termix.conf
-      systemctl daemon-reload
-      nginx -t && systemctl restart nginx
+      nginx -t && systemctl reload nginx
       msg_ok "Updated Nginx Configuration"
     else
       msg_warn "Nginx configuration not updated. If Termix doesn't work, restore from backup or update manually."

ct/tinyauth.sh

@@ -3,7 +3,7 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: MickLesk (CanbiZ)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/tinyauthapp/tinyauth
+# Source: https://github.com/steveiliop56/tinyauth
 
 APP="Tinyauth"
 var_tags="${var_tags:-auth}"
@@ -28,12 +28,12 @@ function update_script() {
     exit
   fi
 
-  if check_for_gh_release "tinyauth" "tinyauthapp/tinyauth"; then
+  if check_for_gh_release "tinyauth" "steveiliop56/tinyauth"; then
     msg_info "Stopping Service"
     systemctl stop tinyauth
     msg_ok "Stopped Service"
 
-    fetch_and_deploy_gh_release "tinyauth" "tinyauthapp/tinyauth" "singlefile" "latest" "/opt/tinyauth" "tinyauth-amd64"
+    fetch_and_deploy_gh_release "tinyauth" "steveiliop56/tinyauth" "singlefile" "latest" "/opt/tinyauth" "tinyauth-amd64"
 
     msg_info "Starting Service"
     systemctl start tinyauth

ct/trek.sh

@@ -29,8 +29,6 @@ function update_script() {
     exit
   fi
 
-  NODE_VERSION="24" setup_nodejs
-
   if check_for_gh_release "trek" "mauriceboe/TREK"; then
     msg_info "Stopping Service"
     systemctl stop trek

ct/wallabag.sh

@@ -28,10 +28,7 @@ function update_script() {
     msg_error "No ${APP} Installation Found!"
     exit
   fi
-
-  NODE_VERSION="24" setup_nodejs
   setup_mariadb
-  
   if check_for_gh_release "wallabag" "wallabag/wallabag"; then
     msg_info "Stopping Services"
     systemctl stop nginx php8.3-fpm

ct/webtrees.sh

@@ -1,65 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: sudofly
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://webtrees.net/
-
-APP="Webtrees"
-var_tags="${var_tags:-genealogy;cms}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-2048}"
-var_disk="${var_disk:-8}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/webtrees ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "webtrees" "fisharebest/webtrees"; then
-    msg_info "Stopping Service"
-    PHP_VER=$(php -r 'echo PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION;')
-    systemctl stop caddy php${PHP_VER}-fpm
-    msg_ok "Stopped Service"
-
-    msg_info "Backing up Data"
-    cp -r /opt/webtrees/data /opt/webtrees_data_backup
-    msg_ok "Backed up Data"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "webtrees" "fisharebest/webtrees" "prebuild" "latest" "/opt/webtrees" "webtrees-*.zip"
-
-    msg_info "Restoring Data"
-    cp -r /opt/webtrees_data_backup/. /opt/webtrees/data
-    rm -rf /opt/webtrees_data_backup
-    chown -R www-data:www-data /opt/webtrees
-    msg_ok "Restored Data"
-
-    msg_info "Starting Service"
-    systemctl start caddy php${PHP_VER}-fpm
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}${CL}"

ct/wikijs.sh

@@ -28,7 +28,7 @@ function update_script() {
     exit
   fi
 
-  NODE_VERSION="24" NODE_MODULE="yarn,node-gyp" setup_nodejs
+  NODE_VERSION="22" NODE_MODULE="yarn,node-gyp" setup_nodejs
 
   if check_for_gh_release "wikijs" "requarks/wiki"; then
     msg_info "Verifying whether ${APP}' new release is v3.x+ and current install uses SQLite."

install/alpine-tinyauth-install.sh

@@ -3,7 +3,7 @@
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: Slaviša Arežina (tremor021) | Co-Author: Stavros (steveiliop56)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/tinyauthapp/tinyauth
+# Source: https://github.com/steveiliop56/tinyauth
 
 source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
 color
@@ -19,8 +19,8 @@ msg_ok "Installed Dependencies"
 
 msg_info "Installing Tinyauth"
 mkdir -p /opt/tinyauth
-RELEASE=$(curl -s https://api.github.com/repos/tinyauthapp/tinyauth/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
-curl -fsSL "https://github.com/tinyauthapp/tinyauth/releases/download/v${RELEASE}/tinyauth-amd64" -o /opt/tinyauth/tinyauth
+RELEASE=$(curl -s https://api.github.com/repos/steveiliop56/tinyauth/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
+curl -fsSL "https://github.com/steveiliop56/tinyauth/releases/download/v${RELEASE}/tinyauth-amd64" -o /opt/tinyauth/tinyauth
 chmod +x /opt/tinyauth/tinyauth
 PASS=$(openssl rand -base64 8 | tr -dc 'a-zA-Z0-9' | head -c 8)
 USER=$(htpasswd -Bbn "tinyauth" "${PASS}")

install/apache-guacamole-install.sh

@@ -65,12 +65,12 @@ $STD make
 $STD make install
 $STD ldconfig
 echo "${GUAC_SERVER_VERSION}" >~/.guacamole_server
-curl_download "/opt/apache-guacamole/tomcat9/webapps/guacamole.war" "https://downloads.apache.org/guacamole/${GUAC_CLIENT_VERSION}/binary/guacamole-${GUAC_CLIENT_VERSION}.war"
+curl -fsSL "https://downloads.apache.org/guacamole/${GUAC_CLIENT_VERSION}/binary/guacamole-${GUAC_CLIENT_VERSION}.war" -o "/opt/apache-guacamole/tomcat9/webapps/guacamole.war"
 echo "${GUAC_CLIENT_VERSION}" >~/.guacamole_client
-curl_download "/etc/guacamole/lib/mysql-connector-j.jar" "https://repo1.maven.org/maven2/com/mysql/mysql-connector-j/${MYSQL_CONNECTOR_VERSION}/mysql-connector-j-${MYSQL_CONNECTOR_VERSION}.jar"
+curl -fsSL "https://repo1.maven.org/maven2/com/mysql/mysql-connector-j/${MYSQL_CONNECTOR_VERSION}/mysql-connector-j-${MYSQL_CONNECTOR_VERSION}.jar" -o "/etc/guacamole/lib/mysql-connector-j.jar"
 echo "${MYSQL_CONNECTOR_VERSION}" >~/.guacamole_mysql_connector
 cd /root
-curl_download "/root/guacamole-auth-jdbc-${GUAC_SERVER_VERSION}.tar.gz" "https://downloads.apache.org/guacamole/${GUAC_SERVER_VERSION}/binary/guacamole-auth-jdbc-${GUAC_SERVER_VERSION}.tar.gz"
+curl -fsSL "https://downloads.apache.org/guacamole/${GUAC_SERVER_VERSION}/binary/guacamole-auth-jdbc-${GUAC_SERVER_VERSION}.tar.gz" -o "/root/guacamole-auth-jdbc-${GUAC_SERVER_VERSION}.tar.gz"
 $STD tar -xf ~/guacamole-auth-jdbc-"$GUAC_SERVER_VERSION".tar.gz
 mv ~/guacamole-auth-jdbc-"$GUAC_SERVER_VERSION"/mysql/guacamole-auth-jdbc-mysql-"$GUAC_SERVER_VERSION".jar /etc/guacamole/extensions/
 echo "${GUAC_SERVER_VERSION}" >~/.guacamole_auth_jdbc

install/apache-tomcat-install.sh

@@ -66,7 +66,7 @@ esac
 msg_info "Installing Tomcat $TOMCAT_VERSION"
 LATEST_VERSION=$(curl -fsSL "https://dlcdn.apache.org/tomcat/tomcat-$TOMCAT_VERSION/" | grep -oP 'v[0-9]+\.[0-9]+\.[0-9]+(-M[0-9]+)?/' | sort -V | tail -n 1 | sed 's/\/$//; s/v//')
 TOMCAT_URL="https://dlcdn.apache.org/tomcat/tomcat-$TOMCAT_VERSION/v$LATEST_VERSION/bin/apache-tomcat-$LATEST_VERSION.tar.gz"
-curl_download "/tmp/tomcat.tar.gz" "$TOMCAT_URL"
+curl -fsSL "$TOMCAT_URL" -o "/tmp/tomcat.tar.gz"
 mkdir -p /opt/tomcat-$TOMCAT_VERSION
 tar --strip-components=1 -xzf /tmp/tomcat.tar.gz -C /opt/tomcat-$TOMCAT_VERSION
 chown -R root:root /opt/tomcat-$TOMCAT_VERSION

install/authentik-install.sh

@@ -1,257 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: Thieneret
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/goauthentik/authentik
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  build-essential \
-  pkg-config \
-  libffi-dev \
-  libxslt-dev \
-  zlib1g-dev \
-  libpq-dev \
-  krb5-multidev \
-  libkrb5-dev \
-  heimdal-multidev \
-  libclang-dev \
-  libltdl-dev \
-  libpq5 \
-  libmaxminddb0 \
-  libkrb5-3 \
-  libkdb5-10 \
-  libkadm5clnt-mit12 \
-  libkadm5clnt7t64-heimdal \
-  libltdl7 \
-  libxslt1.1 \
-  python3-dev \
-  libxml2-dev \
-  libxml2 \
-  libxslt1-dev \
-  automake \
-  autoconf \
-  libtool \
-  libtool-bin \
-  gcc \
-  git
-msg_ok "Installed Dependencies"
-
-NODE_VERSION="24" setup_nodejs
-setup_yq
-setup_go
-UV_PYTHON_INSTALL_DIR="/usr/local/bin" PYTHON_VERSION="3.14.3" setup_uv
-setup_rust
-PG_VERSION="17" setup_postgresql
-PG_DB_NAME="authentik" PG_DB_USER="authentik" PG_DB_GRANT_SUPERUSER="true" setup_postgresql_db
-
-XMLSEC_VERSION="1.3.11"
-AUTHENTIK_VERSION="version/2026.2.3"
-fetch_and_deploy_gh_release "xmlsec" "lsh123/xmlsec" "tarball" "${XMLSEC_VERSION}" "/opt/xmlsec"
-fetch_and_deploy_gh_release "authentik" "goauthentik/authentik" "tarball" "${AUTHENTIK_VERSION}" "/opt/authentik"
-fetch_and_deploy_gh_release "geoipupdate" "maxmind/geoipupdate" "binary"
-
-msg_info "Setup xmlsec"
-cd /opt/xmlsec
-$STD ./autogen.sh
-$STD make -j $(nproc)
-$STD make check
-$STD make install
-$STD ldconfig
-msg_ok "xmlsec installed"
-
-msg_info "Setup web"
-cd /opt/authentik/web
-export NODE_ENV="production"
-$STD npm install
-$STD npm run build
-$STD npm run build:sfe
-msg_ok "Web installed"
-
-msg_info "Setup go proxy"
-cd /opt/authentik
-export CGO_ENABLED="1"
-$STD go mod download
-$STD go build -o /opt/authentik/authentik-server ./cmd/server
-$STD go build -o /opt/authentik/ldap ./cmd/ldap
-$STD go build -o /opt/authentik/rac ./cmd/rac
-$STD go build -o /opt/authentik/radius ./cmd/radius
-msg_ok "Go proxy installed"
-
-cat <<EOF >/usr/local/etc/GeoIP.conf
-AccountID ChangeME
-LicenseKey ChangeME
-EditionIDs GeoLite2-ASN GeoLite2-City GeoLite2-Country
-DatabaseDirectory /opt/authentik-data/geoip
-RetryFor 5m
-Parallelism 1
-EOF
-
-echo "#39 19 * * 6,4 /usr/bin/geoipupdate -f /usr/local/etc/GeoIP.conf" | crontab -
-
-msg_info "Setup python server"
-export UV_NO_BINARY_PACKAGE="cryptography lxml python-kadmin-rs xmlsec"
-export UV_COMPILE_BYTECODE="1"
-export UV_LINK_MODE="copy"
-export UV_NATIVE_TLS="1"
-export RUSTUP_PERMIT_COPY_RENAME="true"
-export UV_PYTHON_INSTALL_DIR="/usr/local/bin"
-cd /opt/authentik
-$STD uv sync --frozen --no-install-project --no-dev
-cp /opt/authentik/authentik/sources/kerberos/krb5.conf /etc/krb5.conf
-msg_ok "Installed python server"
-
-msg_info "Creating authentik config"
-mkdir -p /etc/authentik
-mv /opt/authentik/authentik/lib/default.yml /etc/authentik/config.yml
-yq -i ".secret_key = \"$(openssl rand -base64 128 | tr -dc 'a-zA-Z0-9' | head -c64)\"" /etc/authentik/config.yml
-yq -i ".postgresql.password = \"${PG_DB_PASS}\"" /etc/authentik/config.yml
-yq -i ".events.context_processors.geoip = \"/opt/authentik-data/geoip/GeoLite2-City.mmdb\"" /etc/authentik/config.yml
-yq -i ".events.context_processors.asn = \"/opt/authentik-data/geoip/GeoLite2-ASN.mmdb\"" /etc/authentik/config.yml
-yq -i ".blueprints_dir = \"/opt/authentik/blueprints\"" /etc/authentik/config.yml
-yq -i ".cert_discovery_dir = \"/opt/authentik-data/certs\"" /etc/authentik/config.yml
-yq -i ".email.template_dir = \"/opt/authentik-data/templates\"" /etc/authentik/config.yml
-yq -i ".storage.file.path = \"/opt/authentik-data\"" /etc/authentik/config.yml
-yq -i ".disable_startup_analytics = \"true\"" /etc/authentik/config.yml
-$STD useradd -U -s /usr/sbin/nologin -r -M -d /opt/authentik authentik
-chown -R authentik:authentik /opt/authentik
-cat <<EOF >/etc/default/authentik
-TMPDIR=/dev/shm/
-UV_LINK_MODE=copy
-UV_PYTHON_DOWNLOADS=0
-UV_NATIVE_TLS=1
-VENV_PATH=/opt/authentik/.venv
-PYTHONDONTWRITEBYTECODE=1
-PYTHONUNBUFFERED=1
-PATH=/opt/authentik/lifecycle:/opt/authentik/.venv/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin:/bin
-DJANGO_SETTINGS_MODULE=authentik.root.settings
-PROMETHEUS_MULTIPROC_DIR="/tmp/authentik_prometheus_tmp"
-EOF
-cat <<EOF >/etc/default/authentik_ldap
-AUTHENTIK_HOST="https://127.0.0.1:9443"
-AUTHENTIK_INSECURE="true"
-AUTHENTIK_TOKEN="token-generated-by-authentik"
-EOF
-cat <<EOF >/etc/default/authentik_rac
-AUTHENTIK_HOST="https://127.0.0.1:9443"
-AUTHENTIK_INSECURE="true"
-AUTHENTIK_TOKEN="token-generated-by-authentik"
-EOF
-cat <<EOF >/etc/default/authentik_radius
-AUTHENTIK_HOST="https://127.0.0.1:9443"
-AUTHENTIK_INSECURE="true"
-AUTHENTIK_TOKEN="token-generated-by-authentik"
-EOF
-msg_ok "authentik config created"
-
-msg_info "Creating services"
-cat <<EOF >/etc/systemd/system/authentik-server.service
-[Unit]
-Description=authentik Go Server (API Gateway)
-After=network.target
-Wants=postgresql.service
-
-[Service]
-User=authentik
-Group=authentik
-ExecStartPre=/usr/bin/mkdir -p "\${PROMETHEUS_MULTIPROC_DIR}"
-ExecStart=/opt/authentik/authentik-server
-WorkingDirectory=/opt/authentik/
-Restart=always
-RestartSec=5
-EnvironmentFile=/etc/default/authentik
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-cat <<EOF >/etc/systemd/system/authentik-worker.service
-[Unit]
-Description=authentik Worker
-After=network.target postgresql.service
-
-[Service]
-User=authentik
-Group=authentik
-Type=simple
-EnvironmentFile=/etc/default/authentik
-ExecStart=/usr/local/bin/uv run python -m manage worker --pid-file /dev/shm/authentik-worker.pid
-WorkingDirectory=/opt/authentik
-Restart=always
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-cat <<EOF >/etc/systemd/system/authentik-ldap.service
-[Unit]
-Description=authentik LDAP Outpost
-After=network.target
-Wants=postgresql.service
-
-[Service]
-User=authentik
-Group=authentik
-ExecStart=/opt/authentik/ldap
-WorkingDirectory=/opt/authentik/
-Restart=always
-RestartSec=5
-EnvironmentFile=/etc/default/authentik_ldap
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-cat <<EOF >/etc/systemd/system/authentik-rac.service
-[Unit]
-Description=authentik RAC Outpost
-After=network.target
-Wants=postgresql.service
-
-[Service]
-User=authentik
-Group=authentik
-ExecStart=/opt/authentik/rac
-WorkingDirectory=/opt/authentik/
-Restart=always
-RestartSec=5
-EnvironmentFile=/etc/default/authentik_rac
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-cat <<EOF >/etc/systemd/system/authentik-radius.service
-[Unit]
-Description=authentik Radius Outpost
-After=network.target
-Wants=postgresql.service
-
-[Service]
-User=authentik
-Group=authentik
-ExecStart=/opt/authentik/radius
-WorkingDirectory=/opt/authentik/
-Restart=always
-RestartSec=5
-EnvironmentFile=/etc/default/authentik_radius
-
-[Install]
-WantedBy=multi-user.target
-EOF
-msg_ok "Services created"
-
-motd_ssh
-customize
-cleanup_lxc

install/bichon-install.sh

@@ -50,12 +50,10 @@ Type=simple
 User=root
 EnvironmentFile=/opt/bichon/bichon.env
 WorkingDirectory=/opt/bichon
-ExecStart=/opt/bichon/bichon-server
+ExecStart=/opt/bichon/bichon
 Restart=on-failure
 RestartSec=5
 
-LimitNOFILE=65536
-
 [Install]
 WantedBy=multi-user.target
 EOF

install/calibre-web-install.sh

@@ -52,7 +52,6 @@ After=network.target
 [Service]
 Type=simple
 User=root
-Environment="QTWEBENGINE_CHROMIUM_FLAGS=--no-sandbox"
 WorkingDirectory=/opt/calibre-web
 ExecStart=/opt/calibre-web/.venv/bin/python /opt/calibre-web/cps.py
 Restart=on-failure

install/checkmk-install.sh

@@ -16,7 +16,7 @@ update_os
 msg_info "Install Checkmk"
 RELEASE=$(curl_with_retry "https://api.github.com/repos/checkmk/checkmk/tags" "-" | grep "name" | awk '{print substr($2, 3, length($2)-4) }' | tr ' ' '\n' | grep -Ev 'rc|b' | sort -V | tail -n 1)
 RELEASE="${RELEASE%%+*}"
-curl_download "/opt/checkmk.deb" "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-community-${RELEASE}_0.$(get_os_info codename)_amd64.deb"
+curl_with_retry "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-community-${RELEASE}_0.$(get_os_info codename)_amd64.deb" "/opt/checkmk.deb"
 $STD apt install -y /opt/checkmk.deb
 rm -rf /opt/checkmk.deb
 echo "${RELEASE}" >"/opt/checkmk_version.txt"

install/cliproxyapi-install.sh

@@ -1,64 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: mathiasnagler
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/router-for-me/CLIProxyAPI
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y openssl
-msg_ok "Installed Dependencies"
-
-fetch_and_deploy_gh_release "cliproxyapi" "router-for-me/CLIProxyAPI" "prebuild" "latest" "/opt/cliproxyapi" "CLIProxyAPI_*_linux_amd64.tar.gz"
-
-msg_info "Configuring CLIProxyAPI"
-MANAGEMENT_PASSWORD=$(openssl rand -hex 32)
-API_KEY="sk-$(openssl rand -hex 16)"
-cat <<EOF >/opt/cliproxyapi/config.yaml
-host: ""
-port: 8317
-auth-dir: "/root/.cli-proxy-api"
-remote-management:
-  allow-remote: true
-  secret-key: "${MANAGEMENT_PASSWORD}"
-api-keys:
-  - "${API_KEY}"
-request-retry: 3
-quota-exceeded:
-  switch-project: true
-  switch-preview-model: true
-routing:
-  strategy: "round-robin"
-EOF
-msg_ok "Configured CLIProxyAPI"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/cliproxyapi.service
-[Unit]
-Description=CLIProxyAPI
-After=network.target
-
-[Service]
-Type=simple
-WorkingDirectory=/opt/cliproxyapi
-ExecStart=/opt/cliproxyapi/cli-proxy-api
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now cliproxyapi
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc

install/dashy-install.sh

@@ -29,6 +29,7 @@ Description=dashy
 [Service]
 Type=simple
 WorkingDirectory=/opt/dashy
+Environment=NODE_OPTIONS=--openssl-legacy-provider
 ExecStart=/usr/bin/node server.js
 [Install]
 WantedBy=multi-user.target

install/dawarich-install.sh

@@ -72,12 +72,12 @@ msg_ok "Configured Environment"
 
 NODE_VERSION="22" setup_nodejs
 RUBY_VERSION=$(cat /opt/dawarich/app/.ruby-version 2>/dev/null || echo "3.4.6")
-RUBY_VERSION=${RUBY_VERSION} RUBY_INSTALL_RAILS="false" HOME=/root setup_ruby
+RUBY_VERSION=${RUBY_VERSION} RUBY_INSTALL_RAILS="false" setup_ruby
 
 msg_info "Installing Dawarich"
 cd /opt/dawarich/app
 source /root/.profile
-export PATH="/root/.rbenv/shims:/root/.rbenv/bin:${PATH}"
+export PATH="/root/.rbenv/shims:/root/.rbenv/bin:$PATH"
 eval "$(/root/.rbenv/bin/rbenv init - bash)"
 set -a && source /opt/dawarich/.env && set +a
 $STD gem install bundler

install/degoog-install.sh

@@ -1,88 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/fccview/degoog
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  git \
-  unzip
-msg_ok "Installed Dependencies"
-
-msg_info "Installing Bun"
-export BUN_INSTALL="/root/.bun"
-curl -fsSL https://bun.sh/install | $STD bash
-ln -sf /root/.bun/bin/bun /usr/local/bin/bun
-ln -sf /root/.bun/bin/bunx /usr/local/bin/bunx
-msg_ok "Installed Bun"
-
-fetch_and_deploy_gh_release "degoog" "fccview/degoog" "prebuild" "latest" "/opt/degoog" "degoog_*_prebuild.tar.gz"
-
-msg_info "Setting up degoog"
-mkdir -p /opt/degoog/data/{engines,plugins,themes,store}
-
-cat <<EOF >/opt/degoog/.env
-DEGOOG_PORT=4444
-DEGOOG_ENGINES_DIR=/opt/degoog/data/engines
-DEGOOG_PLUGINS_DIR=/opt/degoog/data/plugins
-DEGOOG_THEMES_DIR=/opt/degoog/data/themes
-DEGOOG_ALIASES_FILE=/opt/degoog/data/aliases.json
-DEGOOG_PLUGIN_SETTINGS_FILE=/opt/degoog/data/plugin-settings.json
-# DEGOOG_SETTINGS_PASSWORDS=changeme
-# DEGOOG_PUBLIC_INSTANCE=false
-# LOGGER=debug
-EOF
-
-if [[ ! -f /opt/degoog/data/aliases.json ]]; then
-  cat <<EOF >/opt/degoog/data/aliases.json
-{}
-EOF
-fi
-
-if [[ ! -f /opt/degoog/data/plugin-settings.json ]]; then
-  cat <<EOF >/opt/degoog/data/plugin-settings.json
-{}
-EOF
-fi
-
-if [[ ! -f /opt/degoog/data/repos.json ]]; then
-  cat <<EOF >/opt/degoog/data/repos.json
-[]
-EOF
-fi
-msg_ok "Set up degoog"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/degoog.service
-[Unit]
-Description=degoog
-After=network.target
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/degoog
-EnvironmentFile=/opt/degoog/.env
-ExecStart=/usr/local/bin/bun run src/server/index.ts
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now degoog
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc

install/docuseal-install.sh

@@ -1,164 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://www.docuseal.com/
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  build-essential \
-  git \
-  libpq-dev \
-  libssl-dev \
-  libyaml-dev \
-  libreadline-dev \
-  zlib1g-dev \
-  libffi-dev \
-  libvips42 \
-  libvips-dev \
-  libheif1 \
-  redis-server \
-  fontconfig
-msg_ok "Installed Dependencies"
-
-NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
-RUBY_VERSION="4.0.1" RUBY_INSTALL_RAILS="false" HOME=/root setup_ruby
-PG_VERSION="17" setup_postgresql
-PG_DB_NAME="docuseal" PG_DB_USER="docuseal" setup_postgresql_db
-
-msg_info "Downloading Fonts and PDFium"
-mkdir -p /opt/fonts /usr/share/fonts/noto
-ARCH=$(uname -m | sed 's/x86_64/x64/;s/aarch64/arm64/')
-curl -fsSL -o /opt/fonts/GoNotoKurrent-Regular.ttf \
-  https://github.com/satbyy/go-noto-universal/releases/download/v7.0/GoNotoKurrent-Regular.ttf
-curl -fsSL -o /opt/fonts/GoNotoKurrent-Bold.ttf \
-  https://github.com/satbyy/go-noto-universal/releases/download/v7.0/GoNotoKurrent-Bold.ttf
-curl -fsSL -o /opt/fonts/DancingScript-Regular.otf \
-  https://github.com/impallari/DancingScript/raw/master/fonts/DancingScript-Regular.otf
-ln -sf /opt/fonts/GoNotoKurrent-Regular.ttf /usr/share/fonts/noto/
-ln -sf /opt/fonts/GoNotoKurrent-Bold.ttf /usr/share/fonts/noto/
-$STD fc-cache -f
-curl -fsSL -o /tmp/pdfium.tgz \
-  "https://github.com/bblanchon/pdfium-binaries/releases/latest/download/pdfium-linux-${ARCH}.tgz"
-mkdir -p /tmp/pdfium && tar -xzf /tmp/pdfium.tgz -C /tmp/pdfium
-cp /tmp/pdfium/lib/libpdfium.so /usr/lib/libpdfium.so
-rm -rf /tmp/pdfium /tmp/pdfium.tgz
-msg_ok "Downloaded Fonts and PDFium"
-
-fetch_and_deploy_gh_release "docuseal" "docusealco/docuseal" "tarball"
-
-msg_info "Downloading Field Detection Model"
-mkdir -p /opt/docuseal/tmp
-curl -fsSL -o /opt/docuseal/tmp/model.onnx \
-  "https://github.com/docusealco/fields-detection/releases/download/2.0.0/model_704_int8.onnx"
-mkdir -p /opt/docuseal/public/fonts
-ln -sf /opt/fonts/DancingScript-Regular.otf /opt/docuseal/public/fonts/DancingScript-Regular.otf
-msg_ok "Downloaded Field Detection Model"
-
-msg_info "Configuring DocuSeal"
-SECRET_KEY=$(openssl rand -hex 64)
-mkdir -p /opt/docuseal/data
-cat <<EOF >/opt/docuseal/.env
-RAILS_ENV=production
-NODE_ENV=production
-RAILS_LOG_TO_STDOUT=true
-RAILS_SERVE_STATIC_FILES=true
-SECRET_KEY_BASE=${SECRET_KEY}
-DATABASE_URL=postgresql://docuseal:${PG_DB_PASS}@127.0.0.1:5432/docuseal
-REDIS_URL=redis://localhost:6379/0
-WORKDIR=/opt/docuseal/data
-VIPS_MAX_COORD=17000
-EOF
-msg_ok "Configured DocuSeal"
-
-msg_info "Building Application"
-cd /opt/docuseal
-export PATH="/root/.rbenv/bin:/root/.rbenv/shims:${PATH}"
-eval "$(rbenv init - bash)" 2>/dev/null || true
-export RAILS_ENV=production
-export NODE_ENV=production
-export SECRET_KEY_BASE_DUMMY=1
-set -a
-source /opt/docuseal/.env
-set +a
-$STD bundle config set --local deployment 'true'
-$STD bundle config set --local without 'development:test'
-$STD bundle install -j"$(nproc)"
-$STD yarn install --network-timeout 1000000
-$STD ./bin/shakapacker
-$STD bundle exec rails db:migrate
-$STD bundle exec bootsnap precompile -j 1 --gemfile app/ lib/
-msg_ok "Built Application"
-
-msg_info "Enabling Redis"
-systemctl enable -q --now redis-server
-msg_ok "Enabled Redis"
-
-msg_info "Creating docuseal User"
-id docuseal &>/dev/null || useradd -u 2000 -M -s /usr/sbin/nologin -d /opt/docuseal docuseal
-chmod o+x /root
-chmod -R o+rX /root/.rbenv
-chown -R docuseal:docuseal /opt/docuseal /opt/fonts
-msg_ok "Created docuseal User"
-
-msg_info "Creating Services"
-cat <<EOF >/etc/systemd/system/docuseal.service
-[Unit]
-Description=DocuSeal Web
-After=network.target postgresql.service redis-server.service
-
-[Service]
-Type=simple
-User=docuseal
-Group=docuseal
-WorkingDirectory=/opt/docuseal
-EnvironmentFile=/opt/docuseal/.env
-Environment=HOME=/opt/docuseal
-Environment=PATH=/root/.rbenv/shims:/root/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-Environment=BUNDLE_GEMFILE=/opt/docuseal/Gemfile
-Environment=BUNDLE_WITHOUT=development:test
-ExecStart=/opt/docuseal/bin/bundle exec puma -C /opt/docuseal/config/puma.rb --dir /opt/docuseal -p 3000
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-cat <<EOF >/etc/systemd/system/docuseal-sidekiq.service
-[Unit]
-Description=DocuSeal Sidekiq
-After=network.target postgresql.service redis-server.service
-
-[Service]
-Type=simple
-User=docuseal
-Group=docuseal
-WorkingDirectory=/opt/docuseal
-EnvironmentFile=/opt/docuseal/.env
-Environment=HOME=/opt/docuseal
-Environment=PATH=/root/.rbenv/shims:/root/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-Environment=BUNDLE_GEMFILE=/opt/docuseal/Gemfile
-Environment=BUNDLE_WITHOUT=development:test
-ExecStart=/opt/docuseal/bin/bundle exec sidekiq
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now docuseal docuseal-sidekiq
-msg_ok "Created Services"
-
-motd_ssh
-customize
-cleanup_lxc

install/espconnect-install.sh

@@ -1,58 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: John Lombardo (programbo)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/thelastoutpostworkshop/ESPConnect
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y nginx
-msg_ok "Installed Dependencies"
-
-fetch_and_deploy_gh_release "espconnect" "thelastoutpostworkshop/ESPConnect" "prebuild" "latest" "/opt/espconnect" "dist.zip"
-create_self_signed_cert
-
-msg_info "Configuring Nginx"
-mkdir -p /etc/ssl/private
-cat <<'EOF' >/etc/nginx/sites-available/espconnect
-server {
-    listen 80 default_server;
-    listen [::]:80 default_server;
-
-    return 301 https://$host$request_uri;
-}
-
-server {
-    listen 443 ssl default_server;
-    listen [::]:443 ssl default_server;
-
-    ssl_certificate /etc/ssl/certs/espconnect-selfsigned.crt;
-    ssl_certificate_key /etc/ssl/private/espconnect-selfsigned.key;
-    ssl_protocols TLSv1.2 TLSv1.3;
-
-    root /opt/espconnect;
-    index index.html;
-
-    location / {
-        try_files $uri $uri/ /index.html;
-    }
-}
-EOF
-ln -sf /etc/nginx/sites-available/espconnect /etc/nginx/sites-enabled/espconnect
-rm -f /etc/nginx/sites-enabled/default
-$STD nginx -t
-systemctl enable -q nginx
-systemctl restart nginx
-msg_ok "Configured Nginx"
-
-motd_ssh
-customize
-cleanup_lxc

install/excalidraw-install.sh

@@ -17,12 +17,11 @@ msg_info "Installing Dependencies"
 $STD apt install -y xdg-utils
 msg_ok "Installed Dependencies"
 
-NODE_VERSION="24" NODE_MODULE="yarn" setup_nodejs
+NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
 fetch_and_deploy_gh_release "excalidraw" "excalidraw/excalidraw" "tarball"
 
 msg_info "Configuring Excalidraw"
 cd /opt/excalidraw
-$STD yarn config set ignore-engines true
 $STD yarn
 msg_ok "Setup Excalidraw"
 

install/frigate-install.sh

@@ -169,13 +169,13 @@ NODE_VERSION="20" setup_nodejs
 
 msg_info "Downloading Inference Models"
 mkdir -p /models /openvino-model
-curl_download "/edgetpu_model.tflite" "https://github.com/google-coral/test_data/raw/release-frogfish/ssdlite_mobiledet_coco_qat_postprocess_edgetpu.tflite"
-curl_download "/models/cpu_model.tflite" "https://github.com/google-coral/test_data/raw/release-frogfish/ssdlite_mobiledet_coco_qat_postprocess.tflite"
+curl_with_retry "https://github.com/google-coral/test_data/raw/release-frogfish/ssdlite_mobiledet_coco_qat_postprocess_edgetpu.tflite" "/edgetpu_model.tflite"
+curl_with_retry "https://github.com/google-coral/test_data/raw/release-frogfish/ssdlite_mobiledet_coco_qat_postprocess.tflite" "/models/cpu_model.tflite"
 cp /opt/frigate/labelmap.txt /labelmap.txt
 msg_ok "Downloaded Inference Models"
 
 msg_info "Downloading Audio Model"
-curl_download "/tmp/yamnet.tar.gz" "https://www.kaggle.com/api/v1/models/google/yamnet/tfLite/classification-tflite/1/download"
+curl_with_retry "https://www.kaggle.com/api/v1/models/google/yamnet/tfLite/classification-tflite/1/download" "/tmp/yamnet.tar.gz"
 $STD tar xzf /tmp/yamnet.tar.gz -C /
 mv /1.tflite /cpu_audio_model.tflite
 cp /opt/frigate/audio-labelmap.txt /audio-labelmap.txt
@@ -188,7 +188,7 @@ msg_ok "Installed OpenVino"
 
 msg_info "Building OpenVino Model"
 cd /models
-curl_download "ssdlite_mobilenet_v2_coco_2018_05_09.tar.gz" "http://download.tensorflow.org/models/object_detection/ssdlite_mobilenet_v2_coco_2018_05_09.tar.gz"
+curl_with_retry "http://download.tensorflow.org/models/object_detection/ssdlite_mobilenet_v2_coco_2018_05_09.tar.gz" "ssdlite_mobilenet_v2_coco_2018_05_09.tar.gz"
 $STD tar -zxf ssdlite_mobilenet_v2_coco_2018_05_09.tar.gz --no-same-owner
 if python3 /opt/frigate/docker/main/build_ov_model.py &>/dev/null; then
   mkdir -p /openvino-model
@@ -246,7 +246,7 @@ msg_info "Configuring Frigate"
 mkdir -p /config /media/frigate
 cp -r /opt/frigate/config/. /config
 
-curl_download "/media/frigate/person-bicycle-car-detection.mp4" "https://github.com/intel-iot-devkit/sample-videos/raw/master/person-bicycle-car-detection.mp4"
+curl_with_retry "https://github.com/intel-iot-devkit/sample-videos/raw/master/person-bicycle-car-detection.mp4" "/media/frigate/person-bicycle-car-detection.mp4"
 
 echo "tmpfs   /tmp/cache      tmpfs   defaults        0       0" >>/etc/fstab
 

install/homelable-install.sh

@@ -33,7 +33,7 @@ msg_ok "Set up Python Backend"
 msg_info "Configuring Homelable"
 mkdir -p /opt/homelable/data
 SECRET_KEY=$(openssl rand -hex 32)
-BCRYPT_HASH=$(/opt/homelable/backend/.venv/bin/python -c "import bcrypt; print(bcrypt.hashpw(b'admin', bcrypt.gensalt()).decode())")
+BCRYPT_HASH=$(/opt/homelable/backend/.venv/bin/python -c "from passlib.context import CryptContext; print(CryptContext(schemes=['bcrypt']).hash('admin'))")
 cat <<EOF >/opt/homelable/backend/.env
 SECRET_KEY=${SECRET_KEY}
 SQLITE_PATH=/opt/homelable/data/homelab.db
@@ -59,7 +59,7 @@ while [[ -z "$NEW_PASS" ]]; do
     fi
 done
 
-HASH=$(/opt/homelable/backend/.venv/bin/python -c "import bcrypt; print(bcrypt.hashpw('${NEW_PASS}'.encode(), bcrypt.gensalt()).decode())")
+HASH=$(/opt/homelable/backend/.venv/bin/python -c "from passlib.context import CryptContext; print(CryptContext(schemes=['bcrypt']).hash('${NEW_PASS}'))")
 
 sed -i "s|^AUTH_PASSWORD_HASH=.*|AUTH_PASSWORD_HASH='${HASH}'|" /opt/homelable/backend/.env
 

install/kasm-install.sh

@@ -20,7 +20,7 @@ msg_ok "Installed Docker"
 msg_info "Detecting latest Kasm Workspaces release"
 KASM_VERSION=$(curl -s https://kasm.com/downloads | grep -oP '<h1[^>]*>.*?</h1>' | sed -E 's/<\/?h1[^>]*>//g' | grep -oP '\d+\.\d+\.\d+')
 KASM_URL="https://kasm-static-content.s3.amazonaws.com/kasm_release_${KASM_VERSION:-var_kasm_version}.tar.gz"
-
+  
 # KASM_URL=$(curl -fsSL "https://www.kasm.com/downloads" | tr '\n' ' ' | grep -oE 'https://kasm-static-content[^"]*kasm_release_[0-9]+\.[0-9]+\.[0-9]+\.[a-z0-9]+\.tar\.gz' | head -n 1)
 # if [[ -z "$KASM_URL" ]]; then
 #   SERVICE_IMAGE_URL=$(curl -fsSL "https://www.kasm.com/downloads" | tr '\n' ' ' | grep -oE 'https://kasm-static-content[^"]*kasm_release_service_images_amd64_[0-9]+\.[0-9]+\.[0-9]+\.tar\.gz' | head -n 1)
@@ -50,7 +50,7 @@ if [[ ! "$CONFIRM" =~ ^([yY][eE][sS]|[yY])$ ]]; then
 fi
 
 msg_info "Installing Kasm Workspaces"
-curl_download "/opt/kasm_release_${KASM_VERSION}.tar.gz" "$KASM_URL"
+curl -fsSL -o "/opt/kasm_release_${KASM_VERSION}.tar.gz" "$KASM_URL"
 cd /opt
 tar -xf "kasm_release_${KASM_VERSION}.tar.gz"
 chmod +x /opt/kasm_release/install.sh

install/nextpvr-install.sh

@@ -30,7 +30,7 @@ msg_ok "Installed Dependencies"
 
 msg_info "Setup NextPVR (Patience)"
 cd /opt
-curl_download "/opt/nextpvr-helper.deb" "https://nextpvr.com/nextpvr-helper.deb"
+curl -fsSL "https://nextpvr.com/nextpvr-helper.deb" -o "/opt/nextpvr-helper.deb"
 $STD dpkg -i nextpvr-helper.deb
 rm -rf /opt/nextpvr-helper.deb
 msg_ok "Installed NextPVR"

install/ollama-install.sh

@@ -62,15 +62,26 @@ $STD apt install -y --no-install-recommends intel-basekit-2024.1
 msg_ok "Installed Intel® oneAPI Base Toolkit"
 
 msg_info "Installing Ollama (Patience)"
+RELEASE=$(curl -fsSL https://api.github.com/repos/ollama/ollama/releases/latest | grep "tag_name" | awk -F '"' '{print $4}')
 OLLAMA_INSTALL_DIR="/usr/local/lib/ollama"
 BINDIR="/usr/local/bin"
-mkdir -p "$OLLAMA_INSTALL_DIR"
-if ! fetch_and_deploy_gh_release "ollama" "ollama/ollama" "prebuild" "latest" "$OLLAMA_INSTALL_DIR" "ollama-linux-amd64.tar.zst"; then
-  msg_error "Failed to download or deploy Ollama – check network connectivity and GitHub API availability"
+mkdir -p $OLLAMA_INSTALL_DIR
+OLLAMA_URL="https://github.com/ollama/ollama/releases/download/${RELEASE}/ollama-linux-amd64.tar.zst"
+TMP_TAR="/tmp/ollama.tar.zst"
+echo -e "\n"
+if curl -fL# -C - -o "$TMP_TAR" "$OLLAMA_URL"; then
+  if tar --zstd -xf "$TMP_TAR" -C "$OLLAMA_INSTALL_DIR"; then
+    ln -sf "$OLLAMA_INSTALL_DIR/bin/ollama" "$BINDIR/ollama"
+    echo "${RELEASE}" >/opt/Ollama_version.txt
+    msg_ok "Installed Ollama ${RELEASE}"
+  else
+    msg_error "Extraction failed – archive corrupt or incomplete"
+    exit 251
+  fi
+else
+  msg_error "Download failed – $OLLAMA_URL not reachable"
   exit 250
 fi
-ln -sf "$OLLAMA_INSTALL_DIR/bin/ollama" "$BINDIR/ollama"
-msg_ok "Installed Ollama"
 
 msg_info "Creating ollama User and Group"
 if ! id ollama >/dev/null 2>&1; then

install/omada-install.sh

@@ -28,7 +28,7 @@ fi
 
 if ! dpkg -l | grep -q 'libssl1.1'; then
   msg_info "Installing libssl (if needed)"
-  curl_download "/tmp/libssl.deb" "https://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl1.1_1.1.1w-0+deb11u5_amd64.deb"
+  curl -fsSL "https://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl1.1_1.1.1w-0+deb11u5_amd64.deb" -o "/tmp/libssl.deb"
   $STD dpkg -i /tmp/libssl.deb
   rm -f /tmp/libssl.deb
   msg_ok "Installed libssl1.1"
@@ -38,12 +38,10 @@ msg_info "Installing Omada Controller"
 OMADA_URL=$(curl -fsSL "https://support.omadanetworks.com/en/download/software/omada-controller/" |
   grep -o 'https://static\.tp-link\.com/upload/software/[^"]*linux_x64[^"]*\.deb' |
   head -n1)
-OMADA_PKG=$(basename "${OMADA_URL}")
-curl_download "${OMADA_PKG}" "${OMADA_URL}"
-$STD dpkg -i "${OMADA_PKG}"
-rm -rf "${OMADA_PKG}"
-VERSION=$(sed -n 's/.*_v\([0-9.]*\)_.*_\([0-9]\{14\}\)\.deb$/\1-\2/p' <<<"${OMADA_PKG}")
-echo "${VERSION}" >$HOME/.omada
+OMADA_PKG=$(basename "$OMADA_URL")
+curl -fsSL "$OMADA_URL" -o "$OMADA_PKG"
+$STD dpkg -i "$OMADA_PKG"
+rm -rf "$OMADA_PKG"
 msg_ok "Installed Omada Controller"
 
 motd_ssh

install/opencloud-install.sh

@@ -64,7 +64,7 @@ $STD sudo -u cool coolconfig set-admin-password --user=admin --password="$COOLPA
 echo "$COOLPASS" >~/.coolpass
 msg_ok "Installed Collabora Online"
 
-fetch_and_deploy_gh_release "OpenCloud" "opencloud-eu/opencloud" "singlefile" "v6.2.0" "/usr/bin" "opencloud-*-linux-amd64"
+fetch_and_deploy_gh_release "OpenCloud" "opencloud-eu/opencloud" "singlefile" "v6.1.0" "/usr/bin" "opencloud-*-linux-amd64"
 mv /usr/bin/OpenCloud /usr/bin/opencloud
 
 msg_info "Configuring OpenCloud"

install/openwebui-install.sh

@@ -73,11 +73,11 @@ EOF
   msg_ok "Installed Intel® oneAPI Base Toolkit"
 
   msg_info "Installing Ollama"
-  if ! fetch_and_deploy_gh_release "ollama" "ollama/ollama" "prebuild" "latest" "/usr/lib/ollama" "ollama-linux-amd64.tar.zst"; then
-    msg_error "Failed to download or deploy Ollama – check network connectivity and GitHub API availability"
-  else
-    ln -sf /usr/lib/ollama/bin/ollama /usr/bin/ollama
-    cat <<EOF >/etc/systemd/system/ollama.service
+  OLLAMA_RELEASE=$(curl -fsSL https://api.github.com/repos/ollama/ollama/releases/latest | grep "tag_name" | awk -F '"' '{print $4}')
+  curl -fsSLO -C - https://github.com/ollama/ollama/releases/download/${OLLAMA_RELEASE}/ollama-linux-amd64.tar.zst
+  tar --zstd -C /usr -xf ollama-linux-amd64.tar.zst
+  rm -rf ollama-linux-amd64.tar.zst
+  cat <<EOF >/etc/systemd/system/ollama.service
 [Unit]
 Description=Ollama Service
 After=network-online.target
@@ -93,10 +93,9 @@ RestartSec=3
 [Install]
 WantedBy=multi-user.target
 EOF
-    systemctl enable -q --now ollama
-    echo "ENABLE_OLLAMA_API=true" >/root/.env
-    msg_ok "Installed Ollama"
-  fi
+  systemctl enable -q --now ollama
+  echo "ENABLE_OLLAMA_API=true" >/root/.env
+  msg_ok "Installed Ollama"
 fi
 
 msg_info "Creating Service"

install/pangolin-install.sh

@@ -22,7 +22,7 @@ $STD apt install -y \
 msg_ok "Installed Dependencies"
 
 NODE_VERSION="24" setup_nodejs
-PANGOLIN_VERSION="${PANGOLIN_VERSION:-1.18.4}"
+PANGOLIN_VERSION="${PANGOLIN_VERSION:-1.18.3}"
 fetch_and_deploy_gh_release "pangolin" "fosrl/pangolin" "tarball" "$PANGOLIN_VERSION"
 fetch_and_deploy_gh_release "gerbil" "fosrl/gerbil" "singlefile" "latest" "/usr/bin" "gerbil_linux_amd64"
 fetch_and_deploy_gh_release "traefik" "traefik/traefik" "prebuild" "latest" "/usr/bin" "traefik_v*_linux_amd64.tar.gz"

install/profilarr-install.sh

@@ -15,94 +15,52 @@ update_os
 
 msg_info "Installing Dependencies"
 $STD apt install -y \
-  unzip \
-  git \
-  libsqlite3-0
+  build-essential \
+  python3-dev \
+  libffi-dev \
+  libssl-dev \
+  git
 msg_ok "Installed Dependencies"
 
-msg_info "Installing Deno"
-DENO_VERSION=$(curl -fsSL "https://api.github.com/repos/denoland/deno/releases/latest" | grep '"tag_name"' | sed 's/.*"v\([^"]*\)".*/\1/')
-ARCH=$(uname -m)
-case "$ARCH" in
-aarch64) DENO_FILE="deno-aarch64-unknown-linux-gnu.zip" ;;
-*) DENO_FILE="deno-x86_64-unknown-linux-gnu.zip" ;;
-esac
-curl -fsSL "https://github.com/denoland/deno/releases/download/v${DENO_VERSION}/${DENO_FILE}" -o /tmp/deno.zip
-$STD unzip -qo /tmp/deno.zip -d /usr/local/bin/
-rm /tmp/deno.zip
-chmod +x /usr/local/bin/deno
-msg_ok "Installed Deno v${DENO_VERSION}"
+PYTHON_VERSION="3.12" setup_uv
+NODE_VERSION="22" setup_nodejs
+
+msg_info "Creating directories"
+mkdir -p /opt/profilarr \
+  /config
+msg_ok "Created directories"
 
 fetch_and_deploy_gh_release "profilarr" "Dictionarry-Hub/profilarr" "tarball"
-PROFILARR_VERSION=$(curl -fsSL "https://api.github.com/repos/Dictionarry-Hub/profilarr/releases/latest" | grep '"tag_name"' | sed 's/.*"v\([^"]*\)".*/\1/')
 
-msg_info "Building Profilarr v${PROFILARR_VERSION} (Patience)"
-cd /opt/profilarr
-cat >src/lib/shared/build.ts <<EOF
-// Generated at install time. Do not hand-edit.
-export type Channel = 'stable' | 'develop' | 'dev';
+msg_info "Installing Python Dependencies"
+cd /opt/profilarr/backend
+$STD uv venv /opt/profilarr/backend/.venv
+sed 's/==/>=/g' requirements.txt >requirements-relaxed.txt
+$STD uv pip install --python /opt/profilarr/backend/.venv/bin/python -r requirements-relaxed.txt
+rm -f requirements-relaxed.txt
+msg_ok "Installed Python Dependencies"
 
-export interface BuildInfo {
-	readonly version: string;
-	readonly channel: Channel;
-	readonly commit: string | null;
-	readonly builtAt: string | null;
-}
-
-export const build: BuildInfo = {
-	version: '${PROFILARR_VERSION}',
-	channel: 'stable',
-	commit: null,
-	builtAt: '$(date -u +"%Y-%m-%dT%H:%M:%SZ")'
-};
-EOF
-$STD deno install --node-modules-dir
-export APP_BASE_PATH=/opt/profilarr/dist/build
-export VITE_CHANNEL=stable
-$STD deno run -A npm:vite build
-case "$ARCH" in
-aarch64) DENO_TARGET="aarch64-unknown-linux-gnu" ;;
-*) DENO_TARGET="x86_64-unknown-linux-gnu" ;;
-esac
-$STD deno compile \
-  --no-check \
-  --allow-net \
-  --allow-read \
-  --allow-write \
-  --allow-env \
-  --allow-ffi \
-  --allow-run \
-  --allow-sys \
-  --target "$DENO_TARGET" \
-  --output dist/build/profilarr \
-  dist/build/mod.ts
-msg_ok "Built Profilarr"
-
-msg_info "Installing Profilarr"
-mkdir -p /opt/profilarr/app
-cp dist/build/profilarr /opt/profilarr/app/profilarr
-cp dist/build/server.js /opt/profilarr/app/server.js
-cp -r dist/build/static /opt/profilarr/app/static
-chmod +x /opt/profilarr/app/profilarr
-mkdir -p /var/lib/profilarr/{data,logs,backups,databases}
-msg_ok "Installed Profilarr"
+msg_info "Building Frontend"
+cd /opt/profilarr/frontend
+$STD npm install
+$STD npm run build
+cp -r dist /opt/profilarr/backend/app/static
+msg_ok "Built Frontend"
 
 msg_info "Creating Service"
-SQLITE_PATH="/usr/lib/${ARCH}-linux-gnu/libsqlite3.so.0"
 cat <<EOF >/etc/systemd/system/profilarr.service
 [Unit]
-Description=Profilarr - Configuration Management for Radarr/Sonarr
+Description=Profilarr - Configuration Management Platform for Radarr/Sonarr
 After=network.target
 
 [Service]
 Type=simple
-WorkingDirectory=/opt/profilarr/app
-Environment="PORT=6868"
-Environment="HOST=0.0.0.0"
-Environment="APP_BASE_PATH=/var/lib/profilarr"
-Environment="DENO_SQLITE_PATH=${SQLITE_PATH}"
-ExecStart=/opt/profilarr/app/profilarr
-Restart=always
+User=root
+WorkingDirectory=/opt/profilarr/backend
+Environment="PATH=/opt/profilarr/backend/.venv/bin:/usr/local/bin:/usr/bin:/bin"
+Environment="PYTHONPATH=/opt/profilarr/backend"
+ExecStart=/opt/profilarr/backend/.venv/bin/gunicorn --bind 0.0.0.0:6868 --timeout 600 app.main:create_app()
+Restart=on-failure
 RestartSec=5
 
 [Install]

install/reactive-resume-install.sh

@@ -55,7 +55,7 @@ DATABASE_URL=postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAM
 AUTH_SECRET=${AUTH_SECRET}
 
 # Printer (headless Chromium for PDF generation)
-PRINTER_ENDPOINT=http://127.0.0.1:9222
+PRINTER_ENDPOINT=http://localhost:9222
 
 # Storage: uses local filesystem (/opt/reactive-resume/data) when S3 is not configured
 # S3_ACCESS_KEY_ID=
@@ -92,7 +92,7 @@ After=network.target
 
 [Service]
 Type=simple
-ExecStart=/usr/bin/chromium --headless --disable-gpu --no-sandbox --no-zygote --disable-dev-shm-usage --remote-debugging-address=127.0.0.1 --remote-debugging-port=9222
+ExecStart=/usr/bin/chromium --headless --disable-gpu --no-sandbox --disable-dev-shm-usage --remote-debugging-address=127.0.0.1 --remote-debugging-port=9222
 Restart=always
 RestartSec=5
 

install/searxng-install.sh

@@ -75,9 +75,6 @@ enabled_plugins:
 search:
   safe_search: 2
   autocomplete: 'google'
-  formats:
-    - html
-    - json
 engines:
   - name: google
     engine: google

install/sure-install.sh

@@ -26,7 +26,7 @@ fetch_and_deploy_gh_release "Sure" "we-promise/sure" "tarball" "latest" "/opt/su
 
 PG_VERSION="$(sed -n '/postgres:/s/[^[:digit:]]*//p' /opt/sure/compose.example.yml)" setup_postgresql
 PG_DB_NAME=sure_production PG_DB_USER=sure_user setup_postgresql_db
-RUBY_VERSION="$(cat /opt/sure/.ruby-version)" RUBY_INSTALL_RAILS=false HOME=/root setup_ruby
+RUBY_VERSION="$(cat /opt/sure/.ruby-version)" RUBY_INSTALL_RAILS=false setup_ruby
 
 msg_info "Building Sure"
 cd /opt/sure
@@ -73,7 +73,6 @@ ExecStartPre=/opt/sure/bin/rails db:prepare
 ExecStart=/opt/sure/bin/rails server
 Restart=always
 RestartSec=5
-TimeoutStartSec=300
 StandardOutput=journal
 StandardError=journal
 

install/tasmocompiler-install.sh

@@ -29,7 +29,7 @@ msg_ok "Setup Platformio"
 msg_info "Setup TasmoCompiler"
 mkdir /tmp/Tasmota
 RELEASE=$(curl -fsSL https://api.github.com/repos/benzino77/tasmocompiler/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
-curl_download "/tmp/v${RELEASE}.tar.gz" "https://github.com/benzino77/tasmocompiler/archive/refs/tags/v${RELEASE}.tar.gz"
+curl -fsSL "https://github.com/benzino77/tasmocompiler/archive/refs/tags/v${RELEASE}.tar.gz" -o "/tmp/v${RELEASE}.tar.gz"
 cd /tmp
 tar xzf /tmp/v${RELEASE}.tar.gz
 mv tasmocompiler-${RELEASE}/ /opt/tasmocompiler/

install/termix-install.sh

@@ -54,7 +54,7 @@ cd /opt
 rm -rf /opt/guacamole-server
 msg_ok "Built Guacamole Server (guacd)"
 
-NODE_VERSION="24" setup_nodejs
+NODE_VERSION="22" setup_nodejs
 fetch_and_deploy_gh_release "termix" "Termix-SSH/Termix" "tarball"
 
 msg_info "Building Frontend"
@@ -101,17 +101,16 @@ sed -i 's|/app/nginx|/opt/termix/nginx|g' /etc/nginx/nginx.conf
 sed -i 's|listen ${PORT};|listen 80;|g' /etc/nginx/nginx.conf
 
 mkdir -p /tmp/nginx
-echo "d /tmp/nginx 0755 nobody nogroup -" >/etc/tmpfiles.d/nginx-termix.conf
+echo "d /tmp/nginx 0755 nobody nobody -" > /etc/tmpfiles.d/nginx-termix.conf
 mkdir -p /etc/systemd/system/nginx.service.d/
-cat >/etc/systemd/system/nginx.service.d/pidfile.conf <<EOF
+cat > /etc/systemd/system/nginx.service.d/pidfile.conf << EOF
 [Service]
 PIDFile=/tmp/nginx/nginx.pid
 EOF
 systemctl daemon-reload
 rm -f /etc/nginx/sites-enabled/default
 nginx -t
-systemctl enable nginx
-systemctl restart nginx
+systemctl reload nginx
 msg_ok "Configured Nginx"
 
 msg_info "Creating Service"

install/trek-install.sh

@@ -17,7 +17,7 @@ msg_info "Installing Dependencies"
 $STD apt install -y build-essential
 msg_ok "Installed Dependencies"
 
-NODE_VERSION="24" setup_nodejs
+NODE_VERSION="22" setup_nodejs
 fetch_and_deploy_gh_release "trek" "mauriceboe/TREK" "tarball"
 
 msg_info "Building Client"

install/wallabag-install.sh

@@ -24,7 +24,7 @@ setup_mariadb
 MARIADB_DB_NAME="wallabag" MARIADB_DB_USER="wallabag" setup_mariadb_db
 PHP_VERSION="8.3" PHP_FPM="YES" PHP_MODULE="tidy" setup_php
 setup_composer
-NODE_VERSION="24" setup_nodejs
+NODE_VERSION="22" setup_nodejs
 fetch_and_deploy_gh_release "wallabag" "wallabag/wallabag" "prebuild" "latest" "/opt/wallabag" "wallabag-*.tar.gz"
 
 msg_info "Configuring Wallabag"

install/webtrees-install.sh

@@ -1,77 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: sudofly
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://webtrees.net/
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  caddy \
-  unzip
-msg_ok "Installed Dependencies"
-
-PHP_VERSION="8.3" PHP_FPM="YES" PHP_MODULES="bcmath,gd,intl,xml,zip,pdo_mysql,mbstring,curl" setup_php
-setup_mariadb
-MARIADB_DB_NAME="webtrees" MARIADB_DB_USER="webtrees" setup_mariadb_db
-$STD mariadb -u root -e "GRANT ALL ON \`webtrees\`.* TO 'webtrees'@'127.0.0.1' IDENTIFIED BY '${MARIADB_DB_PASS}'; FLUSH PRIVILEGES;"
-
-fetch_and_deploy_gh_release "webtrees" "fisharebest/webtrees" "prebuild" "latest" "/opt/webtrees" "webtrees-*.zip"
-
-msg_info "Setting up Webtrees"
-chown -R www-data:www-data /opt/webtrees
-msg_ok "Set up Webtrees"
-
-msg_info "Configuring Caddy"
-PHP_VER=$(php -r 'echo PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION;')
-cat <<EOF >/etc/caddy/Caddyfile
-:80 {
-    root * /opt/webtrees
-    php_fastcgi unix//run/php/php${PHP_VER}-fpm.sock
-    file_server
-    encode gzip
-}
-EOF
-usermod -aG www-data caddy
-msg_ok "Configured Caddy"
-
-systemctl enable -q --now php${PHP_VER}-fpm
-systemctl restart caddy
-
-msg_info "Automating Webtrees Setup"
-sleep 5
-WT_ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c15)
-curl -sS -X POST "http://127.0.0.1/" \
-  -d "step=6" \
-  --data-urlencode "baseurl=http://${LOCAL_IP}" \
-  -d "lang=en-US" \
-  -d "dbtype=mysql" \
-  -d "dbhost=127.0.0.1" \
-  -d "dbport=3306" \
-  -d "dbuser=webtrees" \
-  --data-urlencode "dbpass=${MARIADB_DB_PASS}" \
-  -d "dbname=webtrees" \
-  -d "tblpfx=wt_" \
-  -d "wtname=Administrator" \
-  -d "wtuser=Admin" \
-  --data-urlencode "wtpass=${WT_ADMIN_PASS}" \
-  -d "wtemail=admin@example.com" >/dev/null
-
-cat <<EOF >>~/webtrees.creds
-
-Webtrees Admin User: Admin
-Webtrees Admin Password: ${WT_ADMIN_PASS}
-EOF
-msg_ok "Webtrees Setup Automated"
-
-motd_ssh
-customize
-cleanup_lxc

install/wikijs-install.sh

@@ -17,7 +17,7 @@ msg_info "Installing Dependencies"
 $STD apt install -y git
 msg_ok "Installed Dependencies"
 
-NODE_VERSION="24" NODE_MODULE="yarn,node-gyp" setup_nodejs
+NODE_VERSION="22" NODE_MODULE="yarn,node-gyp" setup_nodejs
 PG_VERSION="17" setup_postgresql
 PG_DB_NAME="wiki" PG_DB_USER="wikijs_user" PG_DB_EXTENSIONS="pg_trgm" setup_postgresql_db
 fetch_and_deploy_gh_release "wikijs" "requarks/wiki" "prebuild" "latest" "/opt/wikijs" "wiki-js.tar.gz"

misc/api.func

@@ -196,7 +196,7 @@ explain_exit_code() {
   103) echo "Validation: Shell is not Bash" ;;
   104) echo "Validation: Not running as root (or invoked via sudo)" ;;
   105) echo "Validation: Proxmox VE version not supported" ;;
-  106) echo "Validation: Architecture not supported (ARM / PiMox)" ;;
+  106) echo "Validation: Unsupported architecture (requires amd64 or arm64)" ;;
   107) echo "Validation: Kernel key parameters unreadable" ;;
   108) echo "Validation: Kernel key limits exceeded" ;;
   109) echo "Proxmox: No available container ID after max attempts" ;;

misc/build.func

@@ -52,6 +52,11 @@ variables() {
   # as "/tmp/${NSAPP}-${CTID}-${SESSION_ID}.log" (requires CTID, not available here)
   CTTYPE="${CTTYPE:-${CT_TYPE:-1}}"
 
+  # ARM64 Template default variables
+  DEBIAN_DEFAULT_CODENAME="trixie"
+  UBUNTU_DEFAULT_CODENAME="noble"
+  ALPINE_DEFAULT_VERSION="3.23"
+
   # Parse dev_mode early
   parse_dev_mode
 
@@ -1942,7 +1947,7 @@ advanced_settings() {
 
     # ═══════════════════════════════════════════════════════════════════════════
     # STEP 2: Root Password
-    # ════════════════════════════════════════<EFBFBD><EFBFBD><EFBFBD>═══════════════════════════════<EFBFBD><EFBFBD><EFBFBD>══
+    # ═══════════════════════════════════════════════════════════════════════════
     2)
       if PW1=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
         --title "ROOT PASSWORD" \
@@ -3052,6 +3057,9 @@ echo_default() {
   echo -e "${DISKSIZE}${BOLD}${DGN}Disk Size: ${BGN}${DISK_SIZE} GB${CL}"
   echo -e "${CPUCORE}${BOLD}${DGN}CPU Cores: ${BGN}${CORE_COUNT}${CL}"
   echo -e "${RAMSIZE}${BOLD}${DGN}RAM Size: ${BGN}${RAM_SIZE} MiB${CL}"
+  if [[ "$(dpkg --print-architecture)" == "arm64" ]]; then
+    echo -e "${INFO}${BOLD}${DGN}Architecture: ${BGN}arm64${CL}"
+  fi
   if [[ -n "${var_gpu:-}" && "${var_gpu}" == "yes" ]]; then
     echo -e "${GPU}${BOLD}${DGN}GPU Passthrough: ${BGN}Enabled${CL}"
   fi
@@ -3088,7 +3096,9 @@ install_script() {
   pve_check
   shell_check
   root_check
+  ensure_whiptail
   arch_check
+  arm64_notice
   ssh_check
   maxkeys_check
   diagnostics_check
@@ -3649,16 +3659,6 @@ start() {
     run_addon_updates
     update_motd_ip
     cleanup_lxc
-  elif ! command -v whiptail &>/dev/null || ! [ -t 0 ]; then
-    msg_info "No interactive terminal detected – defaulting to silent update mode"
-    VERBOSE="no"
-    set_std_mode
-    ensure_profile_loaded
-    get_lxc_ip
-    update_script
-    run_addon_updates
-    update_motd_ip
-    cleanup_lxc
   else
     CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "${APP} LXC Update/Setting" --menu \
       "Support/Update functions for ${APP} LXC. Choose an option:" \
@@ -4361,19 +4361,23 @@ EOF
       msg_warn "Skipping timezone setup – zone '$tz' not found in container"
     fi
 
+    local _base_pkgs="sudo curl mc gnupg2 jq"
+    if [[ "${ARCH:-amd64}" == "arm64" ]]; then
+      _base_pkgs+=" openssh-server wget gcc"
+    fi
+
     # Detect broken DNS resolver (e.g. Tailscale MagicDNS) and inject public DNS
     if ! pct exec "$CTID" -- bash -c "getent hosts deb.debian.org >/dev/null 2>&1 && getent hosts archive.ubuntu.com >/dev/null 2>&1"; then
       msg_warn "APT repository DNS resolution failed in container, injecting public DNS servers"
       pct exec "$CTID" -- bash -c "echo -e 'nameserver 8.8.8.8\nnameserver 1.1.1.1' >/etc/resolv.conf"
     fi
 
-    pct exec "$CTID" -- bash -c "apt-get update 2>&1 && apt-get install -y sudo curl mc gnupg2 jq 2>&1" >>"$BUILD_LOG" 2>&1 || {
+    pct exec "$CTID" -- bash -c "apt-get update 2>&1 && apt-get install -y ${_base_pkgs} 2>&1" >>"$BUILD_LOG" 2>&1 || {
       local failed_mirror
       failed_mirror=$(pct exec "$CTID" -- bash -c "grep -m1 -oP '(?<=URIs: https?://)[^/]+' /etc/apt/sources.list.d/debian.sources 2>/dev/null || grep -m1 -oP '(?<=deb https?://)[^/]+' /etc/apt/sources.list 2>/dev/null" 2>/dev/null || echo "unknown")
       msg_warn "apt-get update failed (${failed_mirror}), trying alternate mirrors..."
       local mirror_exit=0
-      pct exec "$CTID" -- bash -c '
-        APT_BASE="sudo curl mc gnupg2 jq"
+      pct exec "$CTID" -- env APT_BASE="$_base_pkgs" bash -c '
         DISTRO=$(. /etc/os-release 2>/dev/null && echo "$ID" || echo "debian")
 
         if [ "$DISTRO" = "ubuntu" ]; then
@@ -4483,7 +4487,7 @@ EOF
               [ -f \"\$src\" ] && sed -i \"s|URIs: http[s]*://[^/]*/|URIs: http://${custom_mirror}/|g; s|deb http[s]*://[^/]*/|deb http://${custom_mirror}/|g\" \"\$src\"
             done
             rm -rf /var/lib/apt/lists/*
-            apt-get update >/dev/null 2>&1 && apt-get install -y sudo curl mc gnupg2 jq >/dev/null 2>&1
+            apt-get update >/dev/null 2>&1 && apt-get install -y ${_base_pkgs} >/dev/null 2>&1
           " && break
           msg_warn "Mirror '${custom_mirror}' also failed. Try another or type 'skip'."
         done
@@ -4523,7 +4527,9 @@ EOF
     # that sends "configuring" status AFTER the host already reported "failed"
     export CONTAINER_INSTALLING=true
 
-    lxc-attach -n "$CTID" -- bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/install/${var_install}.sh)"
+    local _install_script
+    _install_script="$(curl -fsSL "https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/install/${var_install}.sh")"
+    lxc-attach -n "$CTID" -- bash -c "$_install_script"
     local lxc_exit=$?
 
     unset CONTAINER_INSTALLING
@@ -4918,7 +4924,9 @@ EOF
           # Re-run install script in existing container (don't destroy/recreate)
           set +Eeuo pipefail
           trap - ERR
-          lxc-attach -n "$CTID" -- bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/install/${var_install}.sh)"
+          local _install_script
+          _install_script="$(curl -fsSL "https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/install/${var_install}.sh")"
+          lxc-attach -n "$CTID" -- bash -c "$_install_script"
           local apt_retry_exit=$?
           set -Eeuo pipefail
           trap 'error_handler' ERR
@@ -5676,6 +5684,72 @@ create_lxc_container() {
     esac
   }
 
+  ARCH="$(dpkg --print-architecture)"
+
+  # Maps OS type + version to the release variant name used by ARM64 template sources.
+  arm64_template_variant() {
+    case "$1:$2" in
+      debian:12) echo "bookworm" ;;
+      debian:13) echo "trixie" ;;
+      debian:) echo "$DEBIAN_DEFAULT_CODENAME" ;;
+
+      ubuntu:24.04) echo "noble" ;;
+      ubuntu:26.04) echo "questing" ;;
+      ubuntu:) echo "$UBUNTU_DEFAULT_CODENAME" ;;
+
+      alpine:*) echo "${2:-$ALPINE_DEFAULT_VERSION}" ;;
+
+      *) return 1 ;;
+    esac
+  }
+
+  # Downloads an ARM64 LXC rootfs template to $1.
+  # Debian: fetches latest release from community-scripts/debian-arm64-lxc on GitHub.
+  # Others: fetches from jenkins.linuxcontainers.org.
+  download_arm64_template() {
+    local dest="$1" url
+
+    mkdir -p "$(dirname "$dest")" || {
+      msg_error "Cannot create template dir."
+      exit 207
+    }
+
+    if [[ "$PCT_OSTYPE" == "debian" ]]; then
+      url=$(
+        curl -fsSL "https://api.github.com/repos/community-scripts/debian-arm64-lxc/releases/latest" |
+          jq -r --arg v "$CUSTOM_TEMPLATE_VARIANT" \
+            '.assets[].browser_download_url | select(test("debian-" + $v + "-arm64-rootfs\\.tar\\.xz$"))' |
+          head -n1
+      )
+
+      [[ -n "$url" ]] || {
+        msg_error "Could not find Debian ${CUSTOM_TEMPLATE_VARIANT} ARM64 template URL."
+        exit 207
+      }
+    else
+      url="https://jenkins.linuxcontainers.org/job/image-${PCT_OSTYPE}/architecture=arm64,release=${CUSTOM_TEMPLATE_VARIANT},variant=default/lastStableBuild/artifact/rootfs.tar.xz"
+    fi
+
+    msg_info "Downloading ${PCT_OSTYPE^} ${CUSTOM_TEMPLATE_VARIANT} ARM64 template"
+    if ! curl -fsSL -o "$dest" "$url"; then
+      msg_error "Failed to download ARM64 template from: $url"
+      exit 208
+    fi
+    msg_ok "Downloaded ARM64 LXC template"
+  }
+
+  download_template() {
+    local dest="${1:-$TEMPLATE_PATH}"
+    if [[ "$ARCH" == "arm64" ]]; then
+      download_arm64_template "$dest"
+    else
+      pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1 || {
+        msg_error "Failed to download template '$TEMPLATE' to storage '$TEMPLATE_STORAGE'"
+        exit 222
+      }
+    fi
+  }
+
   # ------------------------------------------------------------------------------
   # Required input variables
   # ------------------------------------------------------------------------------
@@ -5842,153 +5916,120 @@ create_lxc_container() {
   # ------------------------------------------------------------------------------
   # Template discovery & validation
   # ------------------------------------------------------------------------------
-  TEMPLATE_SEARCH="${PCT_OSTYPE}-${PCT_OSVERSION:-}"
-  case "$PCT_OSTYPE" in
-  debian | ubuntu) TEMPLATE_PATTERN="-standard_" ;;
-  alpine | fedora | rocky | centos) TEMPLATE_PATTERN="-default_" ;;
-  *) TEMPLATE_PATTERN="" ;;
-  esac
+  CUSTOM_TEMPLATE_VARIANT=""
 
-  msg_info "Searching for template '$TEMPLATE_SEARCH'"
+  if [[ "$ARCH" == "arm64" ]]; then
+    # ARM64: use custom template download from linuxcontainers.org / GitHub
+    msg_info "Preparing ARM64 template"
 
-  # Initialize variables
-  ONLINE_TEMPLATE=""
-  ONLINE_TEMPLATES=()
+    CUSTOM_TEMPLATE_VARIANT=$(arm64_template_variant "$PCT_OSTYPE" "${PCT_OSVERSION:-}") || {
+      msg_error "No ARM64 template mapping for ${PCT_OSTYPE} ${PCT_OSVERSION:-latest}"
+      exit 207
+    }
 
-  # Step 1: Check local templates first (instant)
-  mapfile -t LOCAL_TEMPLATES < <(
-    pveam list "$TEMPLATE_STORAGE" 2>/dev/null |
-      awk -v search="${TEMPLATE_SEARCH}" -v pattern="${TEMPLATE_PATTERN}" '$1 ~ search && $1 ~ pattern {print $1}' |
-      sed 's|.*/||' | sort -t - -k 2 -V
-  )
+    TEMPLATE="${PCT_OSTYPE}-${CUSTOM_TEMPLATE_VARIANT}-rootfs.tar.xz"
+    TEMPLATE_SOURCE="custom-arm64"
 
-  # Step 2: If local template found, use it immediately (skip pveam update)
-  if [[ ${#LOCAL_TEMPLATES[@]} -gt 0 ]]; then
-    TEMPLATE="${LOCAL_TEMPLATES[-1]}"
-    TEMPLATE_SOURCE="local"
-    msg_ok "Template search completed"
-  else
-    # Step 3: No local template - need to check online (this may be slow)
-    msg_info "No local template found, checking online catalog..."
-
-    # Update catalog with timeout to prevent long hangs
-    if command -v timeout &>/dev/null; then
-      if ! timeout 30 pveam update >/dev/null 2>&1; then
-        msg_warn "Template catalog update timed out (possible network/DNS issue). Run 'pveam update' manually to diagnose."
-      fi
-    else
-      pveam update >/dev/null 2>&1 || msg_warn "Could not update template catalog (pveam update failed)"
+    # Resolve template path
+    TEMPLATE_PATH="$(pvesm path "${TEMPLATE_STORAGE}:vztmpl/${TEMPLATE}" 2>/dev/null || true)"
+    if [[ -z "$TEMPLATE_PATH" ]]; then
+      local _tpl_base
+      _tpl_base=$(awk -v s="$TEMPLATE_STORAGE" '
+        $0 ~ "^[^:]+:[[:space:]]*" s "$" {f=1; next}
+        f && /^[^[:space:]]/ {f=0}
+        f && $1 == "path" {print $2; exit}
+      ' /etc/pve/storage.cfg)
+      TEMPLATE_PATH="${_tpl_base:-/var/lib/vz}/template/cache/$TEMPLATE"
     fi
 
+    # Download if missing, too small, or corrupt
+    if [[ ! -f "$TEMPLATE_PATH" ]]; then
+      download_arm64_template "$TEMPLATE_PATH"
+    elif [[ "$(stat -c%s "$TEMPLATE_PATH")" -lt 1000000 ]] || ! tar -tf "$TEMPLATE_PATH" &>/dev/null; then
+      msg_warn "Local template invalid - re-downloading."
+      rm -f "$TEMPLATE_PATH"
+      download_arm64_template "$TEMPLATE_PATH"
+    else
+      msg_ok "Template ${BL}$TEMPLATE${CL} found locally."
+    fi
+
+  else
+    TEMPLATE_SEARCH="${PCT_OSTYPE}-${PCT_OSVERSION:-}"
+    case "$PCT_OSTYPE" in
+    debian | ubuntu) TEMPLATE_PATTERN="-standard_" ;;
+    alpine | fedora | rocky | centos) TEMPLATE_PATTERN="-default_" ;;
+    *) TEMPLATE_PATTERN="" ;;
+    esac
+
+    msg_info "Searching for template '$TEMPLATE_SEARCH'"
+
+    # Initialize variables
+    ONLINE_TEMPLATE=""
     ONLINE_TEMPLATES=()
-    mapfile -t ONLINE_TEMPLATES < <(pveam available -section system 2>/dev/null | grep -E '\.(tar\.zst|tar\.xz|tar\.gz)$' | awk '{print $2}' | grep -E "^${TEMPLATE_SEARCH}.*${TEMPLATE_PATTERN}" | sort -t - -k 2 -V 2>/dev/null || true)
-    [[ ${#ONLINE_TEMPLATES[@]} -gt 0 ]] && ONLINE_TEMPLATE="${ONLINE_TEMPLATES[-1]}"
 
-    TEMPLATE="$ONLINE_TEMPLATE"
-    TEMPLATE_SOURCE="online"
-    msg_ok "Template search completed"
-  fi
-
-  # If still no template, try to find alternatives
-  if [[ -z "$TEMPLATE" ]]; then
-    msg_warn "No template found for ${PCT_OSTYPE} ${PCT_OSVERSION}, searching for alternatives..."
-
-    # Get all available versions for this OS type
-    AVAILABLE_VERSIONS=()
-    mapfile -t AVAILABLE_VERSIONS < <(
-      pveam available -section system 2>/dev/null |
-        grep -E '\.(tar\.zst|tar\.xz|tar\.gz)$' |
-        awk -F'\t' '{print $1}' |
-        grep "^${PCT_OSTYPE}-" |
-        sed -E "s/.*${PCT_OSTYPE}-([0-9]+(\.[0-9]+)?).*/\1/" |
-        sort -u -V 2>/dev/null
+    # Step 1: Check local templates first (instant)
+    mapfile -t LOCAL_TEMPLATES < <(
+      pveam list "$TEMPLATE_STORAGE" 2>/dev/null |
+        awk -v search="${TEMPLATE_SEARCH}" -v pattern="${TEMPLATE_PATTERN}" '$1 ~ search && $1 ~ pattern {print $1}' |
+        sed 's|.*/||' | sort -t - -k 2 -V
     )
 
-    if [[ ${#AVAILABLE_VERSIONS[@]} -gt 0 ]]; then
-      echo ""
-      echo "${BL}Available ${PCT_OSTYPE} versions:${CL}"
-      for i in "${!AVAILABLE_VERSIONS[@]}"; do
-        echo "  [$((i + 1))] ${AVAILABLE_VERSIONS[$i]}"
-      done
-      echo ""
-      read -p "Select version [1-${#AVAILABLE_VERSIONS[@]}] or press Enter to cancel: " choice </dev/tty
+    # Step 2: If local template found, use it immediately (skip pveam update)
+    if [[ ${#LOCAL_TEMPLATES[@]} -gt 0 ]]; then
+      TEMPLATE="${LOCAL_TEMPLATES[-1]}"
+      TEMPLATE_SOURCE="local"
+      msg_ok "Template search completed"
+    else
+      # Step 3: No local template - need to check online (this may be slow)
+      msg_info "No local template found, checking online catalog..."
 
-      if [[ "$choice" =~ ^[0-9]+$ ]] && [[ "$choice" -ge 1 ]] && [[ "$choice" -le ${#AVAILABLE_VERSIONS[@]} ]]; then
-        PCT_OSVERSION="${AVAILABLE_VERSIONS[$((choice - 1))]}"
-        TEMPLATE_SEARCH="${PCT_OSTYPE}-${PCT_OSVERSION}"
-
-        ONLINE_TEMPLATES=()
-        mapfile -t ONLINE_TEMPLATES < <(
-          pveam available -section system 2>/dev/null |
-            grep -E '\.(tar\.zst|tar\.xz|tar\.gz)$' |
-            awk '{print $2}' |
-            grep -E "^${TEMPLATE_SEARCH}-.*${TEMPLATE_PATTERN}" |
-            sort -t - -k 2 -V 2>/dev/null || true
-        )
-
-        if [[ ${#ONLINE_TEMPLATES[@]} -gt 0 ]]; then
-          TEMPLATE="${ONLINE_TEMPLATES[-1]}"
-          TEMPLATE_SOURCE="online"
-        else
-          msg_error "No templates available for ${PCT_OSTYPE} ${PCT_OSVERSION}"
-          exit 225
+      # Update catalog with timeout to prevent long hangs
+      if command -v timeout &>/dev/null; then
+        if ! timeout 30 pveam update >/dev/null 2>&1; then
+          msg_warn "Template catalog update timed out (possible network/DNS issue). Run 'pveam update' manually to diagnose."
         fi
       else
-        msg_custom "🚫" "${YW}" "Installation cancelled"
-        exit 0
+        pveam update >/dev/null 2>&1 || msg_warn "Could not update template catalog (pveam update failed)"
       fi
-    else
-      msg_error "No ${PCT_OSTYPE} templates available at all"
-      exit 225
+
+      ONLINE_TEMPLATES=()
+      mapfile -t ONLINE_TEMPLATES < <(pveam available -section system 2>/dev/null | grep -E '\.(tar\.zst|tar\.xz|tar\.gz)$' | awk '{print $2}' | grep -E "^${TEMPLATE_SEARCH}.*${TEMPLATE_PATTERN}" | sort -t - -k 2 -V 2>/dev/null || true)
+      [[ ${#ONLINE_TEMPLATES[@]} -gt 0 ]] && ONLINE_TEMPLATE="${ONLINE_TEMPLATES[-1]}"
+
+      TEMPLATE="$ONLINE_TEMPLATE"
+      TEMPLATE_SOURCE="online"
+      msg_ok "Template search completed"
     fi
-  fi
 
-  TEMPLATE_PATH="$(pvesm path $TEMPLATE_STORAGE:vztmpl/$TEMPLATE 2>/dev/null || true)"
-  if [[ -z "$TEMPLATE_PATH" ]]; then
-    TEMPLATE_BASE=$(awk -v s="$TEMPLATE_STORAGE" '$1==s {f=1} f && /path/ {print $2; exit}' /etc/pve/storage.cfg)
-    [[ -n "$TEMPLATE_BASE" ]] && TEMPLATE_PATH="$TEMPLATE_BASE/template/cache/$TEMPLATE"
-  fi
-
-  # If we still don't have a path but have a valid template name, construct it
-  if [[ -z "$TEMPLATE_PATH" && -n "$TEMPLATE" ]]; then
-    TEMPLATE_PATH="/var/lib/vz/template/cache/$TEMPLATE"
-  fi
-
-  [[ -n "$TEMPLATE_PATH" ]] || {
+    # If still no template, try to find alternatives
     if [[ -z "$TEMPLATE" ]]; then
-      msg_error "Template ${PCT_OSTYPE} ${PCT_OSVERSION} not available"
+      msg_warn "No template found for ${PCT_OSTYPE} ${PCT_OSVERSION}, searching for alternatives..."
 
-      # Get available versions
+      # Get all available versions for this OS type
+      AVAILABLE_VERSIONS=()
       mapfile -t AVAILABLE_VERSIONS < <(
         pveam available -section system 2>/dev/null |
+          grep -E '\.(tar\.zst|tar\.xz|tar\.gz)$' |
+          awk -F'\t' '{print $1}' |
           grep "^${PCT_OSTYPE}-" |
-          sed -E 's/.*'"${PCT_OSTYPE}"'-([0-9]+\.[0-9]+).*/\1/' |
-          grep -E '^[0-9]+\.[0-9]+$' |
-          sort -u -V 2>/dev/null || sort -u
+          sed -E "s/.*${PCT_OSTYPE}-([0-9]+(\.[0-9]+)?).*/\1/" |
+          sort -u -V 2>/dev/null
       )
 
       if [[ ${#AVAILABLE_VERSIONS[@]} -gt 0 ]]; then
-        echo -e "\n${BL}Available versions:${CL}"
+        echo ""
+        echo "${BL}Available ${PCT_OSTYPE} versions:${CL}"
         for i in "${!AVAILABLE_VERSIONS[@]}"; do
           echo "  [$((i + 1))] ${AVAILABLE_VERSIONS[$i]}"
         done
-
         echo ""
-        read -p "Select version [1-${#AVAILABLE_VERSIONS[@]}] or Enter to exit: " choice </dev/tty
+        read -p "Select version [1-${#AVAILABLE_VERSIONS[@]}] or press Enter to cancel: " choice </dev/tty
 
         if [[ "$choice" =~ ^[0-9]+$ ]] && [[ "$choice" -ge 1 ]] && [[ "$choice" -le ${#AVAILABLE_VERSIONS[@]} ]]; then
-          export var_version="${AVAILABLE_VERSIONS[$((choice - 1))]}"
-          export PCT_OSVERSION="$var_version"
-          msg_ok "Switched to ${PCT_OSTYPE} ${var_version}"
+          PCT_OSVERSION="${AVAILABLE_VERSIONS[$((choice - 1))]}"
+          TEMPLATE_SEARCH="${PCT_OSTYPE}-${PCT_OSVERSION}"
 
-          # Retry template search with new version
-          TEMPLATE_SEARCH="${PCT_OSTYPE}-${PCT_OSVERSION:-}"
-
-          mapfile -t LOCAL_TEMPLATES < <(
-            pveam list "$TEMPLATE_STORAGE" 2>/dev/null |
-              awk -v search="${TEMPLATE_SEARCH}-" -v pattern="${TEMPLATE_PATTERN}" '$1 ~ search && $1 ~ pattern {print $1}' |
-              sed 's|.*/||' | sort -t - -k 2 -V
-          )
+          ONLINE_TEMPLATES=()
           mapfile -t ONLINE_TEMPLATES < <(
             pveam available -section system 2>/dev/null |
               grep -E '\.(tar\.zst|tar\.xz|tar\.gz)$' |
@@ -5996,109 +6037,181 @@ create_lxc_container() {
               grep -E "^${TEMPLATE_SEARCH}-.*${TEMPLATE_PATTERN}" |
               sort -t - -k 2 -V 2>/dev/null || true
           )
-          ONLINE_TEMPLATE=""
-          [[ ${#ONLINE_TEMPLATES[@]} -gt 0 ]] && ONLINE_TEMPLATE="${ONLINE_TEMPLATES[-1]}"
 
-          if [[ ${#LOCAL_TEMPLATES[@]} -gt 0 ]]; then
-            TEMPLATE="${LOCAL_TEMPLATES[-1]}"
-            TEMPLATE_SOURCE="local"
-          else
-            TEMPLATE="$ONLINE_TEMPLATE"
+          if [[ ${#ONLINE_TEMPLATES[@]} -gt 0 ]]; then
+            TEMPLATE="${ONLINE_TEMPLATES[-1]}"
             TEMPLATE_SOURCE="online"
+          else
+            msg_error "No templates available for ${PCT_OSTYPE} ${PCT_OSVERSION}"
+            exit 225
           fi
-
-          TEMPLATE_PATH="$(pvesm path $TEMPLATE_STORAGE:vztmpl/$TEMPLATE 2>/dev/null || true)"
-          if [[ -z "$TEMPLATE_PATH" ]]; then
-            TEMPLATE_BASE=$(awk -v s="$TEMPLATE_STORAGE" '$1==s {f=1} f && /path/ {print $2; exit}' /etc/pve/storage.cfg)
-            [[ -n "$TEMPLATE_BASE" ]] && TEMPLATE_PATH="$TEMPLATE_BASE/template/cache/$TEMPLATE"
-          fi
-
-          # If we still don't have a path but have a valid template name, construct it
-          if [[ -z "$TEMPLATE_PATH" && -n "$TEMPLATE" ]]; then
-            TEMPLATE_PATH="/var/lib/vz/template/cache/$TEMPLATE"
-          fi
-
-          [[ -n "$TEMPLATE_PATH" ]] || {
-            msg_error "Template still not found after version change"
-            exit 220
-          }
         else
           msg_custom "🚫" "${YW}" "Installation cancelled"
           exit 0
         fi
       else
         msg_error "No ${PCT_OSTYPE} templates available"
-        exit 220
+        exit 225
       fi
     fi
-  }
 
-  # Validate that we found a template
-  if [[ -z "$TEMPLATE" ]]; then
-    msg_error "No template found for ${PCT_OSTYPE} ${PCT_OSVERSION}"
-    msg_custom "ℹ️" "${YW}" "Please check:"
-    msg_custom "  •" "${YW}" "Is pveam catalog available? (run: pveam available -section system)"
-    msg_custom "  •" "${YW}" "Does the template exist for your OS version?"
-    exit 225
-  fi
-
-  msg_ok "Template ${BL}$TEMPLATE${CL} [$TEMPLATE_SOURCE]"
-  msg_debug "Resolved TEMPLATE_PATH=$TEMPLATE_PATH"
-
-  NEED_DOWNLOAD=0
-  if [[ ! -f "$TEMPLATE_PATH" ]]; then
-    msg_info "Template not present locally – will download."
-    NEED_DOWNLOAD=1
-  elif [[ ! -r "$TEMPLATE_PATH" ]]; then
-    msg_error "Template file exists but is not readable – check permissions."
-    exit 221
-  elif [[ "$(stat -c%s "$TEMPLATE_PATH")" -lt 1000000 ]]; then
-    if [[ -n "$ONLINE_TEMPLATE" ]]; then
-      msg_warn "Template file too small (<1MB) – re-downloading."
-      NEED_DOWNLOAD=1
-    else
-      msg_warn "Template looks too small, but no online version exists. Keeping local file."
+    TEMPLATE_PATH="$(pvesm path $TEMPLATE_STORAGE:vztmpl/$TEMPLATE 2>/dev/null || true)"
+    if [[ -z "$TEMPLATE_PATH" ]]; then
+      TEMPLATE_BASE=$(awk -v s="$TEMPLATE_STORAGE" '$1==s {f=1} f && /path/ {print $2; exit}' /etc/pve/storage.cfg)
+      [[ -n "$TEMPLATE_BASE" ]] && TEMPLATE_PATH="$TEMPLATE_BASE/template/cache/$TEMPLATE"
     fi
-  elif ! tar -tf "$TEMPLATE_PATH" &>/dev/null; then
-    if [[ -n "$ONLINE_TEMPLATE" ]]; then
-      msg_warn "Template appears corrupted – re-downloading."
-      NEED_DOWNLOAD=1
-    else
-      msg_warn "Template appears corrupted, but no online version exists. Keeping local file."
-    fi
-  else
-    $STD msg_ok "Template $TEMPLATE is present and valid."
-  fi
 
-  if [[ "$TEMPLATE_SOURCE" == "local" && -n "$ONLINE_TEMPLATE" && "$TEMPLATE" != "$ONLINE_TEMPLATE" ]]; then
-    msg_warn "Local template is outdated: $TEMPLATE (latest available: $ONLINE_TEMPLATE)"
-    if whiptail --yesno "A newer template is available:\n$ONLINE_TEMPLATE\n\nDo you want to download and use it instead?" 12 70; then
-      TEMPLATE="$ONLINE_TEMPLATE"
-      NEED_DOWNLOAD=1
-    else
-      msg_custom "ℹ️" "${BL}" "Continuing with local template $TEMPLATE"
+    # If we still don't have a path but have a valid template name, construct it
+    if [[ -z "$TEMPLATE_PATH" && -n "$TEMPLATE" ]]; then
+      TEMPLATE_PATH="/var/lib/vz/template/cache/$TEMPLATE"
     fi
-  fi
 
-  if [[ "$NEED_DOWNLOAD" -eq 1 ]]; then
-    [[ -f "$TEMPLATE_PATH" ]] && rm -f "$TEMPLATE_PATH"
-    for attempt in {1..3}; do
-      msg_info "Attempt $attempt: Downloading template $TEMPLATE to $TEMPLATE_STORAGE"
-      if pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1; then
-        msg_ok "Template download successful."
-        break
+    [[ -n "$TEMPLATE_PATH" ]] || {
+      if [[ -z "$TEMPLATE" ]]; then
+        msg_error "Template ${PCT_OSTYPE} ${PCT_OSVERSION} not available"
+
+        # Get available versions
+        mapfile -t AVAILABLE_VERSIONS < <(
+          pveam available -section system 2>/dev/null |
+            grep "^${PCT_OSTYPE}-" |
+            sed -E 's/.*'"${PCT_OSTYPE}"'-([0-9]+\.[0-9]+).*/\1/' |
+            grep -E '^[0-9]+\.[0-9]+$' |
+            sort -u -V 2>/dev/null || sort -u
+        )
+
+        if [[ ${#AVAILABLE_VERSIONS[@]} -gt 0 ]]; then
+          echo -e "\n${BL}Available versions:${CL}"
+          for i in "${!AVAILABLE_VERSIONS[@]}"; do
+            echo "  [$((i + 1))] ${AVAILABLE_VERSIONS[$i]}"
+          done
+
+          echo ""
+          read -p "Select version [1-${#AVAILABLE_VERSIONS[@]}] or press Enter to exit: " choice </dev/tty
+
+          if [[ "$choice" =~ ^[0-9]+$ ]] && [[ "$choice" -ge 1 ]] && [[ "$choice" -le ${#AVAILABLE_VERSIONS[@]} ]]; then
+            export var_version="${AVAILABLE_VERSIONS[$((choice - 1))]}"
+            export PCT_OSVERSION="$var_version"
+            msg_ok "Switched to ${PCT_OSTYPE} ${var_version}"
+
+            # Retry template search with new version
+            TEMPLATE_SEARCH="${PCT_OSTYPE}-${PCT_OSVERSION:-}"
+
+            mapfile -t LOCAL_TEMPLATES < <(
+              pveam list "$TEMPLATE_STORAGE" 2>/dev/null |
+                awk -v search="${TEMPLATE_SEARCH}-" -v pattern="${TEMPLATE_PATTERN}" '$1 ~ search && $1 ~ pattern {print $1}' |
+                sed 's|.*/||' | sort -t - -k 2 -V
+            )
+            mapfile -t ONLINE_TEMPLATES < <(
+              pveam available -section system 2>/dev/null |
+                grep -E '\.(tar\.zst|tar\.xz|tar\.gz)$' |
+                awk '{print $2}' |
+                grep -E "^${TEMPLATE_SEARCH}-.*${TEMPLATE_PATTERN}" |
+                sort -t - -k 2 -V 2>/dev/null || true
+            )
+            ONLINE_TEMPLATE=""
+            [[ ${#ONLINE_TEMPLATES[@]} -gt 0 ]] && ONLINE_TEMPLATE="${ONLINE_TEMPLATES[-1]}"
+
+            if [[ ${#LOCAL_TEMPLATES[@]} -gt 0 ]]; then
+              TEMPLATE="${LOCAL_TEMPLATES[-1]}"
+              TEMPLATE_SOURCE="local"
+            else
+              TEMPLATE="$ONLINE_TEMPLATE"
+              TEMPLATE_SOURCE="online"
+            fi
+
+            TEMPLATE_PATH="$(pvesm path $TEMPLATE_STORAGE:vztmpl/$TEMPLATE 2>/dev/null || true)"
+            if [[ -z "$TEMPLATE_PATH" ]]; then
+              TEMPLATE_BASE=$(awk -v s="$TEMPLATE_STORAGE" '$1==s {f=1} f && /path/ {print $2; exit}' /etc/pve/storage.cfg)
+              [[ -n "$TEMPLATE_BASE" ]] && TEMPLATE_PATH="$TEMPLATE_BASE/template/cache/$TEMPLATE"
+            fi
+
+            # If we still don't have a path but have a valid template name, construct it
+            if [[ -z "$TEMPLATE_PATH" && -n "$TEMPLATE" ]]; then
+              TEMPLATE_PATH="/var/lib/vz/template/cache/$TEMPLATE"
+            fi
+
+            [[ -n "$TEMPLATE_PATH" ]] || {
+              msg_error "Template still not found after version change"
+              exit 220
+            }
+          else
+            msg_custom "🚫" "${YW}" "Installation cancelled"
+            exit 0
+          fi
+        else
+          msg_error "No ${PCT_OSTYPE} templates available"
+          exit 220
+        fi
       fi
-      if [[ $attempt -eq 3 ]]; then
-        msg_error "Failed after 3 attempts. Please check network access, permissions, or manually run:\n  pveam download $TEMPLATE_STORAGE $TEMPLATE"
-        exit 222
-      fi
-      sleep $((attempt * 5))
-    done
-  fi
+    }
 
-  if ! pveam list "$TEMPLATE_STORAGE" 2>/dev/null | grep -q "$TEMPLATE"; then
-    msg_error "Template $TEMPLATE not available in storage $TEMPLATE_STORAGE after download."
-    exit 223
+    # Validate that we found a template
+    if [[ -z "$TEMPLATE" ]]; then
+      msg_error "No template found for ${PCT_OSTYPE} ${PCT_OSVERSION}"
+      msg_custom "ℹ️" "${YW}" "Please check:"
+      msg_custom "  •" "${YW}" "Is pveam catalog available? (run: pveam available -section system)"
+      msg_custom "  •" "${YW}" "Does the template exist for your OS version?"
+      exit 225
+    fi
+
+    msg_ok "Template ${BL}$TEMPLATE${CL} [$TEMPLATE_SOURCE]"
+    msg_debug "Resolved TEMPLATE_PATH=$TEMPLATE_PATH"
+
+    NEED_DOWNLOAD=0
+    if [[ ! -f "$TEMPLATE_PATH" ]]; then
+      msg_info "Template not present locally, will download it."
+      NEED_DOWNLOAD=1
+    elif [[ ! -r "$TEMPLATE_PATH" ]]; then
+      msg_error "Template file exists but is not readable, check permissions."
+      exit 221
+    elif [[ "$(stat -c%s "$TEMPLATE_PATH")" -lt 1000000 ]]; then
+      if [[ -n "$ONLINE_TEMPLATE" ]]; then
+        msg_warn "Template file too small (<1MB), re-downloading."
+        NEED_DOWNLOAD=1
+      else
+        msg_warn "Template looks too small, but no online version exists. Keeping local file."
+      fi
+    elif ! tar -tf "$TEMPLATE_PATH" &>/dev/null; then
+      if [[ -n "$ONLINE_TEMPLATE" ]]; then
+        msg_warn "Template appears corrupted, re-downloading."
+        NEED_DOWNLOAD=1
+      else
+        msg_warn "Template appears corrupted, but no online version exists. Keeping local file."
+      fi
+    else
+      $STD msg_ok "Template $TEMPLATE is present and valid."
+    fi
+
+    if [[ "$TEMPLATE_SOURCE" == "local" && -n "$ONLINE_TEMPLATE" && "$TEMPLATE" != "$ONLINE_TEMPLATE" ]]; then
+      msg_warn "Local template is outdated: $TEMPLATE (latest available: $ONLINE_TEMPLATE)"
+      if whiptail --yesno "A newer template is available:\n$ONLINE_TEMPLATE\n\nDo you want to download and use it instead?" 12 70; then
+        TEMPLATE="$ONLINE_TEMPLATE"
+        NEED_DOWNLOAD=1
+      else
+        msg_custom "ℹ️" "${BL}" "Continuing with local template $TEMPLATE"
+      fi
+    fi
+
+    if [[ "$NEED_DOWNLOAD" -eq 1 ]]; then
+      [[ -f "$TEMPLATE_PATH" ]] && rm -f "$TEMPLATE_PATH"
+      for attempt in {1..3}; do
+        msg_info "Attempt $attempt: Downloading template $TEMPLATE to $TEMPLATE_STORAGE"
+        if pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1; then
+          msg_ok "Template download successful."
+          break
+        fi
+        if [[ $attempt -eq 3 ]]; then
+          msg_error "Failed after 3 attempts. Please check network access, permissions, or manually run:\n  pveam download $TEMPLATE_STORAGE $TEMPLATE"
+          exit 222
+        fi
+        sleep $((attempt * 5))
+      done
+    fi
+
+    if ! pveam list "$TEMPLATE_STORAGE" 2>/dev/null | grep -q "$TEMPLATE"; then
+      msg_error "Template $TEMPLATE not available in storage $TEMPLATE_STORAGE after download."
+      exit 223
+    fi
   fi
 
   # ------------------------------------------------------------------------------
@@ -6175,21 +6288,15 @@ create_lxc_container() {
 
   # Validate template before pct create (while holding lock)
   if [[ ! -s "$TEMPLATE_PATH" || "$(stat -c%s "$TEMPLATE_PATH" 2>/dev/null || echo 0)" -lt 1000000 ]]; then
-    msg_info "Template file missing or too small – downloading"
+    msg_info "Template file missing or too small - downloading"
     rm -f "$TEMPLATE_PATH"
-    pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1 || {
-      msg_error "Failed to download template '$TEMPLATE' to storage '$TEMPLATE_STORAGE'"
-      exit 222
-    }
+    download_template
     msg_ok "Template downloaded"
   elif ! tar -tf "$TEMPLATE_PATH" &>/dev/null; then
-    if [[ -n "$ONLINE_TEMPLATE" ]]; then
-      msg_info "Template appears corrupted – re-downloading"
+    if [[ "$ARCH" == "arm64" || -n "$ONLINE_TEMPLATE" ]]; then
+      msg_info "Template appears corrupted - re-downloading"
       rm -f "$TEMPLATE_PATH"
-      pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1 || {
-        msg_error "Failed to re-download template '$TEMPLATE'"
-        exit 222
-      }
+      download_template
       msg_ok "Template re-downloaded"
     else
       msg_warn "Template appears corrupted, but no online version exists. Skipping re-download."
@@ -6237,9 +6344,9 @@ create_lxc_container() {
     else
       # Not a CTID collision - check if template issue and retry with fresh download
       if grep -qiE 'unable to open|corrupt|invalid' "$LOGFILE"; then
-        msg_info "Template may be corrupted – re-downloading"
+        msg_info "Template may be corrupted - re-downloading"
         rm -f "$TEMPLATE_PATH"
-        pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
+        download_template
         msg_ok "Template re-downloaded"
       fi
 
@@ -6252,7 +6359,11 @@ create_lxc_container() {
           if [[ ! -f "$LOCAL_TEMPLATE_PATH" ]]; then
             msg_ok "Trying local storage fallback"
             msg_info "Downloading template to local"
-            pveam download local "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
+            if [[ "$ARCH" == "arm64" ]]; then
+              download_arm64_template "$LOCAL_TEMPLATE_PATH"
+            else
+              pveam download local "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
+            fi
             msg_ok "Template downloaded to local"
           else
             msg_ok "Trying local storage fallback"

misc/core.func

@@ -344,9 +344,15 @@ pve_check() {
 # - Provides link to ARM64-compatible scripts
 # ------------------------------------------------------------------------------
 arch_check() {
-  if [ "$(dpkg --print-architecture)" != "amd64" ]; then
-    msg_error "This script will not work with PiMox (ARM architecture detected)."
-    msg_warn "Visit https://github.com/asylumexp/Proxmox for ARM64 support."
+  local arch
+  arch="$(dpkg --print-architecture)"
+  if [[ "$arch" != "amd64" && "$arch" != "arm64" ]]; then
+    msg_error "This script requires amd64 or arm64 (detected: $arch)."
+    sleep 2
+    exit 106
+  fi
+  if [[ "$arch" == "arm64" && "${var_arm64:-}" != "yes" ]]; then
+    msg_error "This script does not yet support arm64."
     sleep 2
     exit 106
   fi
@@ -1712,6 +1718,38 @@ function get_lxc_ip() {
   export LOCAL_IP
 }
 
+# ------------------------------------------------------------------------------
+# ensure_whiptail()
+#
+# - Ensures whiptail is installed
+# - Some ARM64 systems will not have whiptail installed
+# - Exits with error message if installation fails
+# ------------------------------------------------------------------------------
+ensure_whiptail() {
+  command -v whiptail >/dev/null 2>&1 && return 0
+
+  msg_info "Installing whiptail"
+  apt_update_safe
+  $STD apt-get install -y whiptail || {
+    msg_error "Failed to install whiptail"
+    exit 100
+  }
+  msg_ok "Installed whiptail"
+}
+
+# ------------------------------------------------------------------------------
+# arm64_notice()
+#
+# - Shows a short warning when running scripts on ARM64 systems
+# ------------------------------------------------------------------------------
+arm64_notice() {
+  [[ "$(dpkg --print-architecture)" == "arm64" ]] || return 0
+
+  whiptail --backtitle "Proxmox VE Helper Scripts" \
+    --title "ARM64 SUPPORT" \
+    --ok-button "Continue" \
+    --msgbox "ARM64 support is in active development.\n\nSome scripts, packages, or application releases may not be fully tested or working yet." 10 68
+}
 # ==============================================================================
 # SIGNAL TRAPS
 # ==============================================================================

misc/error_handler.func

@@ -99,7 +99,7 @@ if ! declare -f explain_exit_code &>/dev/null; then
     103) echo "Validation: Shell is not Bash" ;;
     104) echo "Validation: Not running as root (or invoked via sudo)" ;;
     105) echo "Validation: Proxmox VE version not supported" ;;
-    106) echo "Validation: Architecture not supported (ARM / PiMox)" ;;
+    106) echo "Validation: Unsupported architecture (requires amd64 or arm64)" ;;
     107) echo "Validation: Kernel key parameters unreadable" ;;
     108) echo "Validation: Kernel key limits exceeded" ;;
     109) echo "Proxmox: No available container ID after max attempts" ;;

misc/tools.func

@@ -2394,12 +2394,11 @@ check_for_gh_release() {
 
   # For pinned versions, query the specific release tag directly
   if [[ -n "$pinned_version_in" ]]; then
-    local pinned_version_encoded="${pinned_version_in//\//%2F}"
     http_code=$(curl -sSL --max-time 20 -w "%{http_code}" -o /tmp/gh_check.json \
       -H 'Accept: application/vnd.github+json' \
       -H 'X-GitHub-Api-Version: 2022-11-28' \
       "${header_args[@]}" \
-      "https://api.github.com/repos/${source}/releases/tags/${pinned_version_encoded}" 2>/dev/null) || true
+      "https://api.github.com/repos/${source}/releases/tags/${pinned_version_in}" 2>/dev/null) || true
 
     if [[ "$http_code" == "200" ]] && [[ -s /tmp/gh_check.json ]]; then
       releases_json="[$(</tmp/gh_check.json)]"
@@ -2521,18 +2520,11 @@ check_for_gh_release() {
       rm -f "${legacy_files[0]}"
     fi
   fi
-  if [[ "$current" =~ ^v[0-9] ]]; then
-    current="${current:1}"
-  fi
+  current="${current#v}"
 
   # Pinned version handling
   if [[ -n "$pinned_version_in" ]]; then
-    local pin_clean
-    if [[ "$pinned_version_in" =~ ^v[0-9] ]]; then
-      pin_clean="${pinned_version_in:1}"
-    else
-      pin_clean="$pinned_version_in"
-    fi
+    local pin_clean="${pinned_version_in#v}"
     local match_raw=""
     for i in "${!clean_tags[@]}"; do
       if [[ "${clean_tags[$i]}" == "$pin_clean" ]]; then
@@ -2570,6 +2562,7 @@ check_for_gh_release() {
   msg_ok "No update available: ${app} (${latest_clean})"
   return 1
 }
+
 # ------------------------------------------------------------------------------
 # Checks for new Codeberg release (latest tag).
 #
@@ -2795,34 +2788,25 @@ function ensure_usr_local_bin_persist() {
 }
 
 # ------------------------------------------------------------------------------
-# curl_download - Downloads a file with stall detection and retry.
+# curl_download - Downloads a file with automatic retry and exponential backoff.
 #
 # Usage: curl_download <output_file> <url>
 #
-# Uses --speed-limit / --speed-time instead of a hard --max-time cap so that
-# slow but progressing downloads (e.g. large .deb files from slow mirrors) are
-# never aborted mid-transfer.  Only aborts when throughput drops below 1 KB/s
-# for 60 consecutive seconds (i.e. a genuine stall or dead connection).
-# Retries up to 3 times on failure.
-# Returns 0 on success, 7 if all attempts fail.
+# Retries up to 5 times with increasing --max-time (60/120/240/480/960s).
+# Returns 0 on success, 1 if all attempts fail.
 # ------------------------------------------------------------------------------
 function curl_download() {
   local output="$1"
   local url="$2"
-  local retries=3
-  local attempt=1
+  local timeouts=(60 120 240 480 960)
 
-  while ((attempt <= retries)); do
-    if curl --connect-timeout 15 \
-      --speed-limit 1024 \
-      --speed-time 60 \
-      -fsSL -o "$output" "$url"; then
+  for i in "${!timeouts[@]}"; do
+    if curl --connect-timeout 15 --max-time "${timeouts[$i]}" -fsSL -o "$output" "$url"; then
       return 0
     fi
-    if ((attempt < retries)); then
-      msg_warn "Download failed or stalled (attempt ${attempt}/${retries}), retrying..."
+    if ((i < ${#timeouts[@]} - 1)); then
+      msg_warn "Download timed out after ${timeouts[$i]}s, retrying... (attempt $((i + 2))/${#timeouts[@]})"
     fi
-    ((attempt++))
   done
   return 7
 }
@@ -3076,10 +3060,14 @@ function fetch_and_deploy_codeberg_release() {
     # Fall back to architecture heuristic
     if [[ -z "$url_match" ]]; then
       for u in $assets; do
-        if [[ "$u" =~ ($arch|amd64|x86_64|aarch64|arm64).*\.deb$ ]]; then
-          url_match="$u"
-          break
+        [[ "$u" =~ \.deb$ ]] || continue
+        if [[ "${arch,,}" =~ ^(amd64|x86_64)$ ]]; then
+          [[ "$u" =~ (amd64|x86_64).*\.deb$ ]] || continue
+        elif [[ "${arch,,}" =~ ^(arm64|aarch64)$ ]]; then
+          [[ "$u" =~ (arm64|aarch64).*\.deb$ ]] || continue
         fi
+        url_match="$u"
+        break
       done
     fi
 
@@ -3376,7 +3364,11 @@ _gh_scan_older_releases() {
         done)
       fi
       if [[ "$has_match" != "true" ]]; then
-        has_match=$(echo "$releases_list" | jq -r ".[$i].assets[].browser_download_url" | grep -qE "($arch|amd64|x86_64|aarch64|arm64).*\.deb$" && echo true)
+        if [[ "${arch,,}" =~ ^(amd64|x86_64)$ ]]; then
+          has_match=$(echo "$releases_list" | jq -r ".[$i].assets[].browser_download_url" | grep -qE '(amd64|x86_64).*\.deb$' && echo true)
+        elif [[ "${arch,,}" =~ ^(arm64|aarch64)$ ]]; then
+          has_match=$(echo "$releases_list" | jq -r ".[$i].assets[].browser_download_url" | grep -qE '(arm64|aarch64).*\.deb$' && echo true)
+        fi
       fi
       if [[ "$has_match" != "true" ]]; then
         has_match=$(echo "$releases_list" | jq -r ".[$i].assets[].browser_download_url" | grep -qE '\.deb$' && echo true)
@@ -3582,10 +3574,14 @@ function fetch_and_deploy_gh_release() {
     # If no match via explicit pattern, fall back to architecture heuristic
     if [[ -z "$url_match" ]]; then
       for u in $assets; do
-        if [[ "$u" =~ ($arch|amd64|x86_64|aarch64|arm64).*\.deb$ ]]; then
-          url_match="$u"
-          break
+        [[ "$u" =~ \.deb$ ]] || continue
+        if [[ "${arch,,}" =~ ^(amd64|x86_64)$ ]]; then
+          [[ "$u" =~ (amd64|x86_64).*\.deb$ ]] || continue
+        elif [[ "${arch,,}" =~ ^(arm64|aarch64)$ ]]; then
+          [[ "$u" =~ (arm64|aarch64).*\.deb$ ]] || continue
         fi
+        url_match="$u"
+        break
       done
     fi
 
@@ -3616,10 +3612,14 @@ function fetch_and_deploy_gh_release() {
         fi
         if [[ -z "$url_match" ]]; then
           for u in $assets; do
-            if [[ "$u" =~ ($arch|amd64|x86_64|aarch64|arm64).*\.deb$ ]]; then
-              url_match="$u"
-              break
+            [[ "$u" =~ \.deb$ ]] || continue
+            if [[ "${arch,,}" =~ ^(amd64|x86_64)$ ]]; then
+              [[ "$u" =~ (amd64|x86_64).*\.deb$ ]] || continue
+            elif [[ "${arch,,}" =~ ^(arm64|aarch64)$ ]]; then
+              [[ "$u" =~ (arm64|aarch64).*\.deb$ ]] || continue
             fi
+            url_match="$u"
+            break
           done
         fi
         if [[ -z "$url_match" ]]; then
@@ -3987,7 +3987,12 @@ function setup_ffmpeg() {
 
   # Binary fallback mode
   if [[ "$TYPE" == "binary" ]]; then
-    if ! CURL_TIMEOUT=300 curl_with_retry "https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz" "$TMP_DIR/ffmpeg.tar.xz"; then
+    local ffmpeg_arch
+    case "$(dpkg --print-architecture 2>/dev/null || echo amd64)" in
+    arm64) ffmpeg_arch="arm64" ;;
+    *) ffmpeg_arch="amd64" ;;
+    esac
+    if ! CURL_TIMEOUT=300 curl_with_retry "https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-${ffmpeg_arch}-static.tar.xz" "$TMP_DIR/ffmpeg.tar.xz"; then
       msg_error "Failed to download FFmpeg binary"
       rm -rf "$TMP_DIR"
       return 250
@@ -4074,7 +4079,17 @@ function setup_ffmpeg() {
   # If no source download (either VERSION empty or download failed), use binary
   if [[ -z "$VERSION" ]]; then
     msg_info "Setup FFmpeg from pre-built binary"
-    if ! CURL_TIMEOUT=300 curl_with_retry "https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz" "$TMP_DIR/ffmpeg.tar.xz"; then
+    local ffmpeg_arch detected_arch
+    detected_arch="$(dpkg --print-architecture 2>/dev/null || true)"
+    if [[ -z "$detected_arch" ]]; then
+      detected_arch="$(uname -m 2>/dev/null || true)"
+    fi
+    case "$detected_arch" in
+    arm64 | aarch64) ffmpeg_arch="arm64" ;;
+    amd64 | x86_64) ffmpeg_arch="amd64" ;;
+    *) ffmpeg_arch="amd64" ;;
+    esac
+    if ! CURL_TIMEOUT=300 curl_with_retry "https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-${ffmpeg_arch}-static.tar.xz" "$TMP_DIR/ffmpeg.tar.xz"; then
       msg_error "Failed to download FFmpeg pre-built binary"
       rm -rf "$TMP_DIR"
       return 250
@@ -8250,7 +8265,19 @@ function setup_yq() {
     msg_info "Setup yq $LATEST_VERSION"
   fi
 
-  if ! curl_with_retry "https://github.com/${GITHUB_REPO}/releases/download/v${LATEST_VERSION}/yq_linux_amd64" "$TMP_DIR/yq"; then
+  local yq_arch detected_arch
+  if command -v dpkg &>/dev/null; then
+    detected_arch="$(dpkg --print-architecture 2>/dev/null)"
+  else
+    detected_arch="$(uname -m 2>/dev/null)"
+  fi
+
+  case "$detected_arch" in
+  arm64 | aarch64) yq_arch="arm64" ;;
+  amd64 | x86_64) yq_arch="amd64" ;;
+  *) yq_arch="amd64" ;;
+  esac
+  if ! curl_with_retry "https://github.com/${GITHUB_REPO}/releases/download/v${LATEST_VERSION}/yq_linux_${yq_arch}" "$TMP_DIR/yq"; then
     msg_error "Failed to download yq"
     rm -rf "$TMP_DIR"
     return 250

vm/opnsense-vm.sh

@@ -746,7 +746,7 @@ alloc_delay=5
 while :; do
   alloc_err=$(pvesm alloc $STORAGE $VMID $DISK0 4M 2>&1 >/dev/null) && break
   if [[ "$alloc_err" == *"got timeout"* && $alloc_attempt -lt $alloc_max ]]; then
-    echo -e "${YW}[WARN]${CL} pvesm alloc hit zfs timeout (attempt $alloc_attempt/$alloc_max), retrying in ${alloc_delay}s..."
+    msg_warn "pvesm alloc hit zfs timeout (attempt $alloc_attempt/$alloc_max), retrying in ${alloc_delay}s..."
     pvesm free "${DISK0_REF}" &>/dev/null || true
     sleep "$alloc_delay"
     alloc_attempt=$((alloc_attempt + 1))