Add dokploy (ct)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

CHANGELOG.md

@@ -10,12 +10,18 @@
 > [!CAUTION]
 Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit the project's popularity for potentially malicious purposes.
 
+## 2025-12-09
+
 ## 2025-12-08
 
 ### 🚀 Updated Scripts
 
   - typo: tandoor instead of trandoor [@Neonize](https://github.com/Neonize) ([#9771](https://github.com/community-scripts/ProxmoxVE/pull/9771))
 
+  - #### 🐞 Bug Fixes
+
+    - Tandoor: Remove postgres17-contrib package [@tremor021](https://github.com/tremor021) ([#9781](https://github.com/community-scripts/ProxmoxVE/pull/9781))
+
   - #### ✨ New Features
 
     - feat: Add var_gpu flag for GPU passthrough configuration [@MickLesk](https://github.com/MickLesk) ([#9764](https://github.com/community-scripts/ProxmoxVE/pull/9764))

ct/dokploy.sh

@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2025 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://dokploy.com/
+
+APP="Dokploy"
+var_tags="${var_tags:-docker;paas}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-2048}"
+var_disk="${var_disk:-10}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -d /etc/dokploy ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  msg_info "Updating Dokploy"
+  $STD bash <(curl -sSL https://dokploy.com/install.sh)
+  msg_ok "Updated Dokploy"
+  msg_ok "Updated successfully!"
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"

ct/tandoor.sh

@@ -55,7 +55,7 @@ function update_script() {
     cd /opt/tandoor/vue3
     $STD yarn install
     $STD yarn build
-    TANDOOR_VERSION="$(curl -fsSL https://api.github.com/repos/TandoorRecipes/recipes/releases/latest | jq -r .tag_name)"
+    TANDOOR_VERSION=$(get_latest_github_release "TandoorRecipes/recipes")
     cat <<EOF >/opt/tandoor/cookbook/version_info.py
 TANDOOR_VERSION = "$TANDOOR_VERSION"
 TANDOOR_REF = "bare-metal"

docs/misc/build.func/BUILD_FUNC_ADVANCED_SETTINGS.md

@@ -1,164 +0,0 @@
-# Advanced Settings Wizard Reference
-
-## Overview
-
-The Advanced Settings wizard provides a 28-step interactive configuration for LXC container creation. It allows users to customize every aspect of the container while inheriting sensible defaults from the CT script.
-
-## Key Features
-
-- **Inherit App Defaults**: All `var_*` values from CT scripts pre-populate wizard fields
-- **Back Navigation**: Press Cancel/Back to return to previous step
-- **App Default Hints**: Each dialog shows `(App default: X)` to indicate script defaults
-- **Full Customization**: Every configurable option is accessible
-
-## Wizard Steps
-
-| Step | Title                    | Variable(s)                       | Description                                           |
-| ---- | ------------------------ | --------------------------------- | ----------------------------------------------------- |
-| 1    | Container Type           | `var_unprivileged`                | Privileged (0) or Unprivileged (1) container          |
-| 2    | Root Password            | `var_pw`                          | Set password or use automatic login                   |
-| 3    | Container ID             | `var_ctid`                        | Unique container ID (auto-suggested)                  |
-| 4    | Hostname                 | `var_hostname`                    | Container hostname                                    |
-| 5    | Disk Size                | `var_disk`                        | Disk size in GB                                       |
-| 6    | CPU Cores                | `var_cpu`                         | Number of CPU cores                                   |
-| 7    | RAM Size                 | `var_ram`                         | RAM size in MiB                                       |
-| 8    | Network Bridge           | `var_brg`                         | Network bridge (vmbr0, etc.)                          |
-| 9    | IPv4 Configuration       | `var_net`, `var_gateway`          | DHCP or static IP with gateway                        |
-| 10   | IPv6 Configuration       | `var_ipv6_method`                 | Auto, DHCP, Static, or None                           |
-| 11   | MTU Size                 | `var_mtu`                         | Network MTU (default: 1500)                           |
-| 12   | DNS Search Domain        | `var_searchdomain`                | DNS search domain                                     |
-| 13   | DNS Server               | `var_ns`                          | Custom DNS server IP                                  |
-| 14   | MAC Address              | `var_mac`                         | Custom MAC address (auto-generated if empty)          |
-| 15   | VLAN Tag                 | `var_vlan`                        | VLAN tag ID                                           |
-| 16   | Tags                     | `var_tags`                        | Container tags (comma/semicolon separated)            |
-| 17   | SSH Settings             | `var_ssh`                         | SSH key selection and root access                     |
-| 18   | FUSE Support             | `var_fuse`                        | Enable FUSE for rclone, mergerfs, AppImage            |
-| 19   | TUN/TAP Support          | `var_tun`                         | Enable for VPN apps (WireGuard, OpenVPN, Tailscale)   |
-| 20   | Nesting Support          | `var_nesting`                     | Enable for Docker, LXC in LXC, Podman                 |
-| 21   | GPU Passthrough          | `var_gpu`                         | Auto-detect and pass through Intel/AMD/NVIDIA GPUs    |
-| 22   | Keyctl Support           | `var_keyctl`                      | Enable for Docker, systemd-networkd                   |
-| 23   | APT Cacher Proxy         | `var_apt_cacher`, `var_apt_cacher_ip` | Use apt-cacher-ng for faster downloads            |
-| 24   | Container Timezone       | `var_timezone`                    | Set timezone (e.g., Europe/Berlin)                    |
-| 25   | Container Protection     | `var_protection`                  | Prevent accidental deletion                           |
-| 26   | Device Node Creation     | `var_mknod`                       | Allow mknod (experimental, kernel 5.3+)               |
-| 27   | Mount Filesystems        | `var_mount_fs`                    | Allow specific mounts: nfs, cifs, fuse, etc.          |
-| 28   | Verbose Mode & Confirm   | `var_verbose`                     | Enable verbose output + final confirmation            |
-
-## Default Value Inheritance
-
-The wizard inherits defaults from multiple sources:
-
-```text
-CT Script (var_*) → default.vars → app.vars → User Input
-```
-
-### Example: VPN Container (alpine-wireguard.sh)
-
-```bash
-# CT script sets:
-var_tun="${var_tun:-1}"  # TUN enabled by default
-
-# In Advanced Settings Step 19:
-# Dialog shows: "(App default: 1)" and pre-selects "Yes"
-```
-
-### Example: Media Server (jellyfin.sh)
-
-```bash
-# CT script sets:
-var_gpu="${var_gpu:-yes}"  # GPU enabled by default
-
-# In Advanced Settings Step 21:
-# Dialog shows: "(App default: yes)" and pre-selects "Yes"
-```
-
-## Feature Matrix
-
-| Feature           | Variable         | When to Enable                                      |
-| ----------------- | ---------------- | --------------------------------------------------- |
-| FUSE              | `var_fuse`       | rclone, mergerfs, AppImage, SSHFS                   |
-| TUN/TAP           | `var_tun`        | WireGuard, OpenVPN, Tailscale, VPN containers       |
-| Nesting           | `var_nesting`    | Docker, Podman, LXC-in-LXC, systemd-nspawn          |
-| GPU Passthrough   | `var_gpu`        | Plex, Jellyfin, Emby, Frigate, Ollama, ComfyUI      |
-| Keyctl            | `var_keyctl`     | Docker (unprivileged), systemd-networkd             |
-| Protection        | `var_protection` | Production containers, prevent accidental deletion  |
-| Mknod             | `var_mknod`      | Device node creation (experimental)                 |
-| Mount FS          | `var_mount_fs`   | NFS mounts, CIFS shares, custom filesystems         |
-| APT Cacher        | `var_apt_cacher` | Speed up downloads with local apt-cacher-ng         |
-
-## Confirmation Summary
-
-Step 28 displays a comprehensive summary before creation:
-
-```text
-Container Type: Unprivileged
-Container ID: 100
-Hostname: jellyfin
-
-Resources:
-  Disk: 8 GB
-  CPU: 2 cores
-  RAM: 2048 MiB
-
-Network:
-  Bridge: vmbr0
-  IPv4: dhcp
-  IPv6: auto
-
-Features:
-  FUSE: no | TUN: no
-  Nesting: Enabled | Keyctl: Disabled
-  GPU: yes | Protection: No
-
-Advanced:
-  Timezone: Europe/Berlin
-  APT Cacher: no
-  Verbose: no
-```
-
-## Usage Examples
-
-### Skip to Advanced Settings
-
-```bash
-# Run script, select "Advanced" from menu
-bash -c "$(curl -fsSL https://...jellyfin.sh)"
-# Then select option 3 "Advanced"
-```
-
-### Pre-set Defaults via Environment
-
-```bash
-# Set defaults before running
-export var_cpu=4
-export var_ram=4096
-export var_gpu=yes
-bash -c "$(curl -fsSL https://...jellyfin.sh)"
-# Advanced settings will inherit these values
-```
-
-### Non-Interactive with All Options
-
-```bash
-# Set all variables for fully automated deployment
-export var_unprivileged=1
-export var_cpu=2
-export var_ram=2048
-export var_disk=8
-export var_net=dhcp
-export var_fuse=no
-export var_tun=no
-export var_gpu=yes
-export var_nesting=1
-export var_protection=no
-export var_verbose=no
-bash -c "$(curl -fsSL https://...jellyfin.sh)"
-```
-
-## Notes
-
-- **Cancel at Step 1**: Exits the script entirely
-- **Cancel at Steps 2-28**: Goes back to previous step
-- **Empty fields**: Use default value
-- **Keyctl**: Automatically enabled for unprivileged containers
-- **Nesting**: Enabled by default (required for many apps)

docs/misc/build.func/BUILD_FUNC_ENVIRONMENT_VARIABLES.md

@@ -67,35 +67,16 @@ This document provides a comprehensive reference of all environment variables us
 ### Feature Flags
 
 | Variable              | Description                 | Default | Set In          | Used In            |
-| ---------------- | ------------------------------ | ------- | ------------------------------- | ------------------ |
-| `var_fuse`       | Enable FUSE support            | "no"    | CT script / Advanced Settings   | Container features |
-| `var_tun`        | Enable TUN/TAP support         | "no"    | CT script / Advanced Settings   | Container features |
-| `var_nesting`    | Enable nesting support         | "1"     | CT script / Advanced Settings   | Container features |
-| `var_keyctl`     | Enable keyctl support          | "0"     | CT script / Advanced Settings   | Container features |
-| `var_mknod`      | Allow device node creation     | "0"     | CT script / Advanced Settings   | Container features |
-| `var_mount_fs`   | Allowed filesystem mounts      | ""      | CT script / Advanced Settings   | Container features |
-| `var_protection` | Enable container protection    | "no"    | CT script / Advanced Settings   | Container creation |
-| `var_timezone`   | Container timezone             | ""      | CT script / Advanced Settings   | Container creation |
-| `var_verbose`    | Enable verbose output          | "no"    | Environment / Advanced Settings | Logging            |
-| `var_ssh`        | Enable SSH key provisioning    | "no"    | CT script / Advanced Settings   | SSH setup          |
-| `ENABLE_FUSE`    | FUSE flag (internal)           | "no"    | Advanced Settings               | Container creation |
-| `ENABLE_TUN`     | TUN/TAP flag (internal)        | "no"    | Advanced Settings               | Container creation |
-| `ENABLE_NESTING` | Nesting flag (internal)        | "1"     | Advanced Settings               | Container creation |
-| `ENABLE_KEYCTL`  | Keyctl flag (internal)         | "0"     | Advanced Settings               | Container creation |
-| `ENABLE_MKNOD`   | Mknod flag (internal)          | "0"     | Advanced Settings               | Container creation |
-| `PROTECT_CT`     | Protection flag (internal)     | "no"    | Advanced Settings               | Container creation |
-| `CT_TIMEZONE`    | Timezone setting (internal)    | ""      | Advanced Settings               | Container creation |
-| `VERBOSE`        | Verbose mode flag              | "no"    | Environment                     | Logging            |
-| `SSH`            | SSH access flag                | "no"    | Advanced Settings               | SSH setup          |
-
-### APT Cacher Configuration
-
-| Variable           | Description              | Default | Set In                        | Used In             |
-| ------------------ | ------------------------ | ------- | ----------------------------- | ------------------- |
-| `var_apt_cacher`   | Enable APT cacher proxy  | "no"    | CT script / Advanced Settings | Package management  |
-| `var_apt_cacher_ip`| APT cacher server IP     | ""      | CT script / Advanced Settings | Package management  |
-| `APT_CACHER`       | APT cacher flag          | "no"    | Advanced Settings             | Container creation  |
-| `APT_CACHER_IP`    | APT cacher IP (internal) | ""      | Advanced Settings             | Container creation  |
+| --------------------- | --------------------------- | ------- | --------------- | ------------------ |
+| `ENABLE_FUSE`         | Enable FUSE support         | "true"  | base_settings() | Container features |
+| `ENABLE_TUN`          | Enable TUN/TAP support      | "true"  | base_settings() | Container features |
+| `ENABLE_KEYCTL`       | Enable keyctl support       | "true"  | base_settings() | Container features |
+| `ENABLE_MOUNT`        | Enable mount support        | "true"  | base_settings() | Container features |
+| `ENABLE_NESTING`      | Enable nesting support      | "false" | base_settings() | Container features |
+| `ENABLE_PRIVILEGED`   | Enable privileged mode      | "false" | base_settings() | Container features |
+| `ENABLE_UNPRIVILEGED` | Enable unprivileged mode    | "true"  | base_settings() | Container features |
+| `VERBOSE`             | Enable verbose output       | "false" | Environment     | Logging            |
+| `SSH`                 | Enable SSH key provisioning | "true"  | base_settings() | SSH setup          |
 
 ### GPU Passthrough Variables
 

docs/misc/build.func/README.md

@@ -6,16 +6,6 @@ This directory contains comprehensive documentation for the `build.func` script,
 
 ## Documentation Files
 
-### 🎛️ [BUILD_FUNC_ADVANCED_SETTINGS.md](./BUILD_FUNC_ADVANCED_SETTINGS.md)
-Complete reference for the 28-step Advanced Settings wizard, including all configurable options and their inheritance behavior.
-
-**Contents:**
-- All 28 wizard steps explained
-- Default value inheritance
-- Feature matrix (when to enable each feature)
-- Confirmation summary format
-- Usage examples
-
 ### 📊 [BUILD_FUNC_FLOWCHART.md](./BUILD_FUNC_FLOWCHART.md)
 Visual ASCII flowchart showing the main execution flow, decision trees, and key decision points in the build.func script.
 

frontend/public/json/dokploy.json

@@ -0,0 +1,48 @@
+{
+    "name": "Dokploy",
+    "slug": "dokploy",
+    "categories": [
+        6
+    ],
+    "date_created": "2025-12-09",
+    "type": "ct",
+    "updateable": true,
+    "privileged": false,
+    "interface_port": 3000,
+    "documentation": "https://docs.dokploy.com/",
+    "config_path": "/etc/dokploy",
+    "website": "https://dokploy.com/",
+    "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons/png/dokploy.png",
+    "description": "Dokploy is a free, self-hostable Platform as a Service (PaaS) that simplifies the deployment and management of applications and databases. Built with Docker and Traefik, it offers features like automatic SSL, Docker Compose support, database backups, and a real-time monitoring dashboard.",
+    "install_methods": [
+        {
+            "type": "default",
+            "script": "ct/dokploy.sh",
+            "resources": {
+                "cpu": 2,
+                "ram": 2048,
+                "hdd": 10,
+                "os": "Debian",
+                "version": "13"
+            }
+        }
+    ],
+    "default_credentials": {
+        "username": null,
+        "password": null
+    },
+    "notes": [
+        {
+            "text": "Initial setup will be done via the web interface on first access.",
+            "type": "info"
+        },
+        {
+            "text": "Dokploy has built-in auto-updates via the web interface.",
+            "type": "info"
+        },
+        {
+            "text": "This container uses Docker-in-Docker (nesting) for application deployments.",
+            "type": "warning"
+        }
+    ]
+}

frontend/public/json/versions.json

@@ -1,8 +1,73 @@
 [
+  {
+    "name": "sabnzbd/sabnzbd",
+    "version": "4.5.5",
+    "date": "2025-10-24T11:12:22Z"
+  },
+  {
+    "name": "home-assistant/core",
+    "version": "2025.12.2",
+    "date": "2025-12-08T21:36:42Z"
+  },
+  {
+    "name": "BerriAI/litellm",
+    "version": "v1.80.9-nightly",
+    "date": "2025-12-08T21:21:07Z"
+  },
+  {
+    "name": "seerr-team/seerr",
+    "version": "preview-test-fix-subscriptions",
+    "date": "2025-12-08T21:16:05Z"
+  },
+  {
+    "name": "hansmi/prometheus-paperless-exporter",
+    "version": "v0.0.9",
+    "date": "2025-12-08T20:37:45Z"
+  },
+  {
+    "name": "influxdata/telegraf",
+    "version": "v1.37.0",
+    "date": "2025-12-08T20:36:16Z"
+  },
+  {
+    "name": "pommee/goaway",
+    "version": "v0.62.23",
+    "date": "2025-12-08T20:30:54Z"
+  },
+  {
+    "name": "n8n-io/n8n",
+    "version": "n8n@1.123.4",
+    "date": "2025-12-08T13:30:40Z"
+  },
+  {
+    "name": "steveiliop56/tinyauth",
+    "version": "v4.1.0",
+    "date": "2025-11-23T12:13:34Z"
+  },
+  {
+    "name": "homarr-labs/homarr",
+    "version": "v1.45.3",
+    "date": "2025-12-08T16:11:16Z"
+  },
+  {
+    "name": "AdguardTeam/AdGuardHome",
+    "version": "v0.107.71",
+    "date": "2025-12-08T14:34:55Z"
+  },
+  {
+    "name": "chrisbenincasa/tunarr",
+    "version": "v0.22.18",
+    "date": "2025-12-08T14:26:24Z"
+  },
   {
     "name": "openobserve/openobserve",
     "version": "v0.30.0-rc1",
-    "date": "2025-12-08T11:46:24Z"
+    "date": "2025-12-08T13:29:14Z"
+  },
+  {
+    "name": "wavelog/wavelog",
+    "version": "2.2.1",
+    "date": "2025-12-08T12:01:34Z"
   },
   {
     "name": "ventoy/Ventoy",
@@ -44,6 +109,11 @@
     "version": "v0.24.420",
     "date": "2025-12-08T05:55:34Z"
   },
+  {
+    "name": "ollama/ollama",
+    "version": "v0.13.2-rc2",
+    "date": "2025-12-06T00:10:33Z"
+  },
   {
     "name": "firefly-iii/firefly-iii",
     "version": "v6.4.9",
@@ -54,21 +124,11 @@
     "version": "v2.2.0",
     "date": "2025-12-08T03:33:34Z"
   },
-  {
-    "name": "chrisbenincasa/tunarr",
-    "version": "v0.23.0-alpha.31",
-    "date": "2025-12-08T02:39:59Z"
-  },
   {
     "name": "jeedom/core",
     "version": "4.5",
     "date": "2025-12-08T00:27:05Z"
   },
-  {
-    "name": "steveiliop56/tinyauth",
-    "version": "v4.1.0",
-    "date": "2025-11-23T12:13:34Z"
-  },
   {
     "name": "maxdorninger/MediaManager",
     "version": "v1.10.0",
@@ -89,21 +149,11 @@
     "version": "26.4.7",
     "date": "2025-12-01T08:14:11Z"
   },
-  {
-    "name": "seerr-team/seerr",
-    "version": "preview-test-fix-subscriptions",
-    "date": "2025-12-07T14:31:55Z"
-  },
   {
     "name": "bluenviron/mediamtx",
     "version": "v1.15.5",
     "date": "2025-12-07T12:24:21Z"
   },
-  {
-    "name": "BerriAI/litellm",
-    "version": "v1.80.8.rc.1",
-    "date": "2025-12-07T01:36:40Z"
-  },
   {
     "name": "umami-software/umami",
     "version": "v2.20.1",
@@ -174,31 +224,11 @@
     "version": "v13.1.3",
     "date": "2025-12-06T04:40:09Z"
   },
-  {
-    "name": "ollama/ollama",
-    "version": "v0.13.2-rc1",
-    "date": "2025-12-04T23:19:06Z"
-  },
   {
     "name": "Stirling-Tools/Stirling-PDF",
     "version": "v2.1.1",
     "date": "2025-12-05T23:48:08Z"
   },
-  {
-    "name": "home-assistant/core",
-    "version": "2025.12.1",
-    "date": "2025-12-05T21:10:31Z"
-  },
-  {
-    "name": "n8n-io/n8n",
-    "version": "n8n@1.122.5",
-    "date": "2025-12-04T14:09:39Z"
-  },
-  {
-    "name": "homarr-labs/homarr",
-    "version": "v1.45.2",
-    "date": "2025-12-05T19:17:09Z"
-  },
   {
     "name": "booklore-app/booklore",
     "version": "v1.13.2",
@@ -264,11 +294,6 @@
     "version": "v1.30.20",
     "date": "2025-12-04T18:17:47Z"
   },
-  {
-    "name": "AdguardTeam/AdGuardHome",
-    "version": "v0.107.70",
-    "date": "2025-12-03T16:12:15Z"
-  },
   {
     "name": "wazuh/wazuh",
     "version": "coverity-w49-4.14.2",
@@ -367,7 +392,7 @@
   {
     "name": "mealie-recipes/mealie",
     "version": "v3.6.1",
-    "date": "2025-12-02T22:54:10Z"
+    "date": "2025-12-02T23:08:41Z"
   },
   {
     "name": "apache/tomcat",
@@ -539,11 +564,6 @@
     "version": "v11.8.2",
     "date": "2025-11-30T08:39:28Z"
   },
-  {
-    "name": "pommee/goaway",
-    "version": "v0.62.20",
-    "date": "2025-11-30T06:51:31Z"
-  },
   {
     "name": "MediaBrowser/Emby.Releases",
     "version": "4.9.1.90",
@@ -699,11 +719,6 @@
     "version": "v1.18.0",
     "date": "2025-11-23T17:42:53Z"
   },
-  {
-    "name": "wavelog/wavelog",
-    "version": "2.2",
-    "date": "2025-11-23T17:32:38Z"
-  },
   {
     "name": "crafty-controller/crafty-4",
     "version": "v4.6.1",
@@ -744,11 +759,6 @@
     "version": "5.2.4",
     "date": "2025-11-21T10:25:05Z"
   },
-  {
-    "name": "sabnzbd/sabnzbd",
-    "version": "4.5.5",
-    "date": "2025-10-24T11:12:22Z"
-  },
   {
     "name": "MariaDB/server",
     "version": "mariadb-12.1.2",
@@ -839,11 +849,6 @@
     "version": "v0.28.2",
     "date": "2025-11-18T05:51:46Z"
   },
-  {
-    "name": "influxdata/telegraf",
-    "version": "v1.36.4",
-    "date": "2025-11-17T17:15:29Z"
-  },
   {
     "name": "rabbitmq/rabbitmq-server",
     "version": "v4.2.1",
@@ -1364,11 +1369,6 @@
     "version": "v1.13.0",
     "date": "2025-05-25T20:21:13Z"
   },
-  {
-    "name": "hansmi/prometheus-paperless-exporter",
-    "version": "v0.0.8",
-    "date": "2025-05-18T11:37:31Z"
-  },
   {
     "name": "stackblitz-labs/bolt.diy",
     "version": "1.0.0",

install/dokploy-install.sh

@@ -0,0 +1,39 @@
+#!/bin/bash
+
+# Copyright (c) 2021-2025 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://dokploy.com/
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt-get install -y \
+  git \
+  openssl
+msg_ok "Installed Dependencies"
+
+msg_warn "WARNING: This script will run an external installer from a third-party source (https://dokploy.com/)."
+msg_warn "The following code is NOT maintained or audited by our repository."
+msg_warn "If you have any doubts or concerns, please review the installer code before proceeding:"
+msg_custom "${TAB3}${GATEWAY}${BGN}${CL}" "\e[1;34m" "→  https://dokploy.com/install.sh"
+echo
+read -r -p "${TAB3}Do you want to continue? [y/N]: " CONFIRM
+if [[ ! "$CONFIRM" =~ ^([yY][eE][sS]|[yY])$ ]]; then
+  msg_error "Aborted by user. No changes have been made."
+  exit 10
+fi
+
+msg_info "Installing Dokploy (Patience - this installs Docker and pulls containers)"
+$STD bash <(curl -sSL https://dokploy.com/install.sh)
+msg_ok "Installed Dokploy"
+
+motd_ssh
+customize
+cleanup_lxc

install/tandoor-install.sh

@@ -32,28 +32,10 @@ msg_ok "Installed Dependencies"
 
 NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
 fetch_and_deploy_gh_release "tandoor" "TandoorRecipes/recipes" "tarball" "latest" "/opt/tandoor"
-PG_VERSION="17" PG_MODULES="contrib" setup_postgresql
+PG_VERSION="17" setup_postgresql
 PYTHON_VERSION="3.13" setup_uv
-
-msg_info "Set up PostgreSQL Database"
-DB_NAME=db_recipes
-DB_USER=tandoor
+PG_DB_USER="tandoor" PG_DB_NAME="db_recipes" PG_DB_EXTENSIONS="unaccent,pg_trgm" setup_postgresql_db
 SECRET_KEY=$(openssl rand -base64 45 | sed 's/\//\\\//g')
-DB_PASS="$(openssl rand -base64 18 | cut -c1-13)"
-$STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';"
-$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER TEMPLATE template0;"
-$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
-$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET default_transaction_isolation TO 'read committed';"
-$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET timezone TO 'UTC'"
-$STD sudo -u postgres psql -d "$DB_NAME" -c "CREATE EXTENSION IF NOT EXISTS unaccent;"
-$STD sudo -u postgres psql -d "$DB_NAME" -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;"
-{
-  echo "Tandoor-Credentials"
-  echo "Tandoor Database Name: $DB_NAME"
-  echo "Tandoor Database User: $DB_USER"
-  echo "Tandoor Database Password: $DB_PASS"
-} >>~/tandoor.creds
-msg_ok "Set up PostgreSQL Database"
 
 msg_info "Setup Tandoor"
 mkdir -p /opt/tandoor/{config,api,mediafiles,staticfiles}
@@ -69,16 +51,16 @@ TZ=Europe/Berlin
 
 DB_ENGINE=django.db.backends.postgresql
 POSTGRES_HOST=localhost
-POSTGRES_DB=$DB_NAME
+POSTGRES_DB=$PG_DB_NAME
 POSTGRES_PORT=5432
-POSTGRES_USER=$DB_USER
-POSTGRES_PASSWORD=$DB_PASS
+POSTGRES_USER=$PG_DB_USER
+POSTGRES_PASSWORD=$PG_DB_PASS
 
 STATIC_URL=/staticfiles/
 MEDIA_URL=/media/
 EOF
 
-TANDOOR_VERSION="$(curl -s https://api.github.com/repos/TandoorRecipes/recipes/releases/latest | jq -r .tag_name)"
+TANDOOR_VERSION=$(get_latest_github_release "TandoorRecipes/recipes")
 cat <<EOF >/opt/tandoor/cookbook/version_info.py
 TANDOOR_VERSION = "$TANDOOR_VERSION"
 TANDOOR_REF = "bare-metal"

misc/build.func

@@ -816,7 +816,6 @@ _build_current_app_vars_tmp() {
   _apt_cacher_ip="${APT_CACHER_IP:-}"
   _fuse="${ENABLE_FUSE:-no}"
   _tun="${ENABLE_TUN:-no}"
-  _gpu="${ENABLE_GPU:-no}"
   _nesting="${ENABLE_NESTING:-1}"
   _keyctl="${ENABLE_KEYCTL:-0}"
   _mknod="${ENABLE_MKNOD:-0}"
@@ -866,7 +865,6 @@ _build_current_app_vars_tmp() {
 
     [ -n "$_fuse" ] && echo "var_fuse=$(_sanitize_value "$_fuse")"
     [ -n "$_tun" ] && echo "var_tun=$(_sanitize_value "$_tun")"
-    [ -n "$_gpu" ] && echo "var_gpu=$(_sanitize_value "$_gpu")"
     [ -n "$_nesting" ] && echo "var_nesting=$(_sanitize_value "$_nesting")"
     [ -n "$_keyctl" ] && echo "var_keyctl=$(_sanitize_value "$_keyctl")"
     [ -n "$_mknod" ] && echo "var_mknod=$(_sanitize_value "$_mknod")"
@@ -1013,49 +1011,38 @@ advanced_settings() {
   # Initialize defaults
   TAGS="community-script;${var_tags:-}"
   local STEP=1
-  local MAX_STEP=28
+  local MAX_STEP=20
 
-  # Store values for back navigation - inherit from var_* app defaults
-  local _ct_type="${var_unprivileged:-1}"
+  # Store values for back navigation
+  local _ct_type="${CT_TYPE:-1}"
   local _pw=""
   local _pw_display="Automatic Login"
   local _ct_id="$NEXTID"
   local _hostname="$NSAPP"
-  local _disk_size="${var_disk:-4}"
-  local _core_count="${var_cpu:-1}"
-  local _ram_size="${var_ram:-1024}"
-  local _bridge="${var_brg:-vmbr0}"
-  local _net="${var_net:-dhcp}"
-  local _gate="${var_gateway:-}"
-  local _ipv6_method="${var_ipv6_method:-auto}"
+  local _disk_size="$var_disk"
+  local _core_count="$var_cpu"
+  local _ram_size="$var_ram"
+  local _bridge="vmbr0"
+  local _net="dhcp"
+  local _gate=""
+  local _ipv6_method="auto"
   local _ipv6_addr=""
   local _ipv6_gate=""
-  local _apt_cacher="${var_apt_cacher:-no}"
-  local _apt_cacher_ip="${var_apt_cacher_ip:-}"
-  local _mtu="${var_mtu:-}"
-  local _sd="${var_searchdomain:-}"
-  local _ns="${var_ns:-}"
-  local _mac="${var_mac:-}"
-  local _vlan="${var_vlan:-}"
+  local _apt_cacher_ip=""
+  local _mtu=""
+  local _sd=""
+  local _ns=""
+  local _mac=""
+  local _vlan=""
   local _tags="$TAGS"
-  local _enable_fuse="${var_fuse:-no}"
-  local _enable_tun="${var_tun:-no}"
+  local _enable_fuse="no"
   local _enable_gpu="${var_gpu:-no}"
-  local _enable_nesting="${var_nesting:-1}"
-  local _verbose="${var_verbose:-no}"
-  local _enable_keyctl="${var_keyctl:-0}"
-  local _enable_mknod="${var_mknod:-0}"
-  local _mount_fs="${var_mount_fs:-}"
-  local _protect_ct="${var_protection:-no}"
-  
-  # Detect host timezone for default (if not set via var_timezone)
-  local _host_timezone=""
-  if command -v timedatectl >/dev/null 2>&1; then
-    _host_timezone=$(timedatectl show --value --property=Timezone 2>/dev/null || echo "")
-  elif [ -f /etc/timezone ]; then
-    _host_timezone=$(cat /etc/timezone 2>/dev/null || echo "")
-  fi
-  local _ct_timezone="${var_timezone:-$_host_timezone}"
+  local _verbose="no"
+  local _enable_keyctl="0"
+  local _enable_mknod="0"
+  local _mount_fs=""
+  local _protect_ct="no"
+  local _ct_timezone=""
 
   # Helper to show current progress
   show_progress() {
@@ -1511,17 +1498,14 @@ advanced_settings() {
       ;;
 
     # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 18: FUSE Support
+    # STEP 18: FUSE & Verbose Mode
     # ═══════════════════════════════════════════════════════════════════════════
     18)
-      local fuse_default_flag="--defaultno"
-      [[ "$_enable_fuse" == "yes" || "$_enable_fuse" == "1" ]] && fuse_default_flag=""
-
       if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
         --title "FUSE SUPPORT" \
         --ok-button "Next" --cancel-button "Back" \
-        $fuse_default_flag \
-        --yesno "\nEnable FUSE support?\n\nRequired for: rclone, mergerfs, AppImage, etc.\n\n(App default: ${var_fuse:-no})" 14 58; then
+        --defaultno \
+        --yesno "\nEnable FUSE support?\n\nRequired for: rclone, mergerfs, AppImage, etc." 12 58; then
         _enable_fuse="yes"
       else
         if [ $? -eq 1 ]; then
@@ -1531,69 +1515,30 @@ advanced_settings() {
           continue
         fi
       fi
+
+      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
+        --title "VERBOSE MODE" \
+        --defaultno \
+        --yesno "\nEnable Verbose Mode?\n\nShows detailed output during installation." 12 58; then
+        _verbose="yes"
+      else
+        _verbose="no"
+      fi
       ((STEP++))
       ;;
 
     # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 19: TUN/TAP Support
+    # STEP 19: GPU Passthrough
     # ═══════════════════════════════════════════════════════════════════════════
     19)
-      local tun_default_flag="--defaultno"
-      [[ "$_enable_tun" == "yes" || "$_enable_tun" == "1" ]] && tun_default_flag=""
-
-      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
-        --title "TUN/TAP SUPPORT" \
-        --ok-button "Next" --cancel-button "Back" \
-        $tun_default_flag \
-        --yesno "\nEnable TUN/TAP device support?\n\nRequired for: VPN apps (WireGuard, OpenVPN, Tailscale),\nnetwork tunneling, and containerized networking.\n\n(App default: ${var_tun:-no})" 14 62; then
-        _enable_tun="yes"
-      else
-        if [ $? -eq 1 ]; then
-          _enable_tun="no"
-        else
-          ((STEP--))
-          continue
-        fi
-      fi
-      ((STEP++))
-      ;;
-
-    # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 20: Nesting Support
-    # ═══════════════════════════════════════════════════════════════════════════
-    20)
-      local nesting_default_flag=""
-      [[ "$_enable_nesting" == "0" || "$_enable_nesting" == "no" ]] && nesting_default_flag="--defaultno"
-
-      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
-        --title "NESTING SUPPORT" \
-        --ok-button "Next" --cancel-button "Back" \
-        $nesting_default_flag \
-        --yesno "\nEnable Nesting?\n\nRequired for: Docker, LXC inside LXC, Podman,\nand other containerization tools.\n\n(App default: ${var_nesting:-1})" 14 58; then
-        _enable_nesting="1"
-      else
-        if [ $? -eq 1 ]; then
-          _enable_nesting="0"
-        else
-          ((STEP--))
-          continue
-        fi
-      fi
-      ((STEP++))
-      ;;
-
-    # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 21: GPU Passthrough
-    # ═══════════════════════════════════════════════════════════════════════════
-    21)
-      local gpu_default_flag="--defaultno"
-      [[ "$_enable_gpu" == "yes" ]] && gpu_default_flag=""
+      local gpu_default="OFF"
+      [[ "$_enable_gpu" == "yes" ]] && gpu_default="ON"
 
       if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
         --title "GPU PASSTHROUGH" \
         --ok-button "Next" --cancel-button "Back" \
-        $gpu_default_flag \
-        --yesno "\nEnable GPU Passthrough?\n\nAutomatically detects and passes through available GPUs\n(Intel/AMD/NVIDIA) for hardware acceleration.\n\nRecommended for: Media servers, AI/ML, Transcoding\n\n(App default: ${var_gpu:-no})" 16 62; then
+        --defaultno \
+        --yesno "\nEnable GPU Passthrough?\n\nAutomatically detects and passes through available GPUs\n(Intel/AMD/NVIDIA) for hardware acceleration.\n\nRecommended for: Media servers, AI/ML, Transcoding" 14 62; then
         _enable_gpu="yes"
       else
         if [ $? -eq 1 ]; then
@@ -1607,179 +1552,13 @@ advanced_settings() {
       ;;
 
     # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 22: Keyctl Support (Docker/systemd)
+    # STEP 20: Confirmation
     # ═══════════════════════════════════════════════════════════════════════════
-    22)
-      local keyctl_default_flag="--defaultno"
-      [[ "$_enable_keyctl" == "1" ]] && keyctl_default_flag=""
-
-      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
-        --title "KEYCTL SUPPORT" \
-        --ok-button "Next" --cancel-button "Back" \
-        $keyctl_default_flag \
-        --yesno "\nEnable Keyctl support?\n\nRequired for: Docker containers, systemd-networkd,\nand kernel keyring operations.\n\nNote: Automatically enabled for unprivileged containers.\n\n(App default: ${var_keyctl:-0})" 16 62; then
-        _enable_keyctl="1"
-      else
-        if [ $? -eq 1 ]; then
-          _enable_keyctl="0"
-        else
-          ((STEP--))
-          continue
-        fi
-      fi
-      ((STEP++))
-      ;;
-
-    # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 23: APT Cacher Proxy
-    # ═══════════════════════════════════════════════════════════════════════════
-    23)
-      local apt_cacher_default_flag="--defaultno"
-      [[ "$_apt_cacher" == "yes" ]] && apt_cacher_default_flag=""
-
-      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
-        --title "APT CACHER PROXY" \
-        --ok-button "Next" --cancel-button "Back" \
-        $apt_cacher_default_flag \
-        --yesno "\nUse APT Cacher-NG proxy?\n\nSpeeds up package downloads by caching them locally.\nRequires apt-cacher-ng running on your network.\n\n(App default: ${var_apt_cacher:-no})" 14 62; then
-        _apt_cacher="yes"
-        # Ask for IP if enabled
-        if result=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
-          --title "APT CACHER IP" \
-          --inputbox "\nEnter APT Cacher-NG server IP address:" 10 58 "$_apt_cacher_ip" \
-          3>&1 1>&2 2>&3); then
-          _apt_cacher_ip="$result"
-        fi
-      else
-        if [ $? -eq 1 ]; then
-          _apt_cacher="no"
-          _apt_cacher_ip=""
-        else
-          ((STEP--))
-          continue
-        fi
-      fi
-      ((STEP++))
-      ;;
-
-    # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 24: Container Timezone
-    # ═══════════════════════════════════════════════════════════════════════════
-    24)
-      local tz_hint="$_ct_timezone"
-      [[ -z "$tz_hint" ]] && tz_hint="(empty - will use host timezone)"
-
-      if result=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
-        --title "CONTAINER TIMEZONE" \
-        --ok-button "Next" --cancel-button "Back" \
-        --inputbox "\nSet container timezone.\n\nExamples: Europe/Berlin, America/New_York, Asia/Tokyo\n\nHost timezone: ${_host_timezone:-unknown}\n\nLeave empty to inherit from host." 16 62 "$_ct_timezone" \
-        3>&1 1>&2 2>&3); then
-        _ct_timezone="$result"
-        ((STEP++))
-      else
-        ((STEP--))
-      fi
-      ;;
-
-    # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 25: Container Protection
-    # ═══════════════════════════════════════════════════════════════════════════
-    25)
-      local protect_default_flag="--defaultno"
-      [[ "$_protect_ct" == "yes" || "$_protect_ct" == "1" ]] && protect_default_flag=""
-
-      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
-        --title "CONTAINER PROTECTION" \
-        --ok-button "Next" --cancel-button "Back" \
-        $protect_default_flag \
-        --yesno "\nEnable Container Protection?\n\nPrevents accidental deletion of this container.\nYou must disable protection before removing.\n\n(App default: ${var_protection:-no})" 14 62; then
-        _protect_ct="yes"
-      else
-        if [ $? -eq 1 ]; then
-          _protect_ct="no"
-        else
-          ((STEP--))
-          continue
-        fi
-      fi
-      ((STEP++))
-      ;;
-
-    # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 26: Device Node Creation (mknod)
-    # ═══════════════════════════════════════════════════════════════════════════
-    26)
-      local mknod_default_flag="--defaultno"
-      [[ "$_enable_mknod" == "1" ]] && mknod_default_flag=""
-
-      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
-        --title "DEVICE NODE CREATION" \
-        --ok-button "Next" --cancel-button "Back" \
-        $mknod_default_flag \
-        --yesno "\nAllow device node creation (mknod)?\n\nRequired for: Creating device files inside container.\nExperimental feature (requires kernel 5.3+).\n\n(App default: ${var_mknod:-0})" 14 62; then
-        _enable_mknod="1"
-      else
-        if [ $? -eq 1 ]; then
-          _enable_mknod="0"
-        else
-          ((STEP--))
-          continue
-        fi
-      fi
-      ((STEP++))
-      ;;
-
-    # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 27: Mount Filesystems
-    # ═══════════════════════════════════════════════════════════════════════════
-    27)
-      local mount_hint=""
-      [[ -n "$_mount_fs" ]] && mount_hint="$_mount_fs" || mount_hint="(none)"
-
-      if result=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
-        --title "MOUNT FILESYSTEMS" \
-        --ok-button "Next" --cancel-button "Back" \
-        --inputbox "\nAllow specific filesystem mounts.\n\nComma-separated list: nfs, cifs, fuse, ext4, etc.\nLeave empty for defaults (none).\n\nCurrent: $mount_hint" 14 62 "$_mount_fs" \
-        3>&1 1>&2 2>&3); then
-        _mount_fs="$result"
-        ((STEP++))
-      else
-        ((STEP--))
-      fi
-      ;;
-
-    # ═══════════════════════════════════════════════════════════════════════════
-    # STEP 28: Verbose Mode & Confirmation
-    # ═══════════════════════════════════════════════════════════════════════════
-    28)
-      local verbose_default_flag="--defaultno"
-      [[ "$_verbose" == "yes" ]] && verbose_default_flag=""
-
-      if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
-        --title "VERBOSE MODE" \
-        $verbose_default_flag \
-        --yesno "\nEnable Verbose Mode?\n\nShows detailed output during installation." 12 58; then
-        _verbose="yes"
-      else
-        _verbose="no"
-      fi
+    20)
       # Build summary
       local ct_type_desc="Unprivileged"
       [[ "$_ct_type" == "0" ]] && ct_type_desc="Privileged"
 
-      local nesting_desc="Disabled"
-      [[ "$_enable_nesting" == "1" ]] && nesting_desc="Enabled"
-
-      local keyctl_desc="Disabled"
-      [[ "$_enable_keyctl" == "1" ]] && keyctl_desc="Enabled"
-
-      local protect_desc="No"
-      [[ "$_protect_ct" == "yes" || "$_protect_ct" == "1" ]] && protect_desc="Yes"
-
-      local tz_display="${_ct_timezone:-Host TZ}"
-      local apt_display="${_apt_cacher:-no}"
-      [[ "$_apt_cacher" == "yes" && -n "$_apt_cacher_ip" ]] && apt_display="$_apt_cacher_ip"
-
       local summary="Container Type: $ct_type_desc
 Container ID: $_ct_id
 Hostname: $_hostname
@@ -1794,20 +1573,15 @@ Network:
   IPv4: $_net
   IPv6: $_ipv6_method
 
-Features:
-  FUSE: $_enable_fuse | TUN: $_enable_tun
-  Nesting: $nesting_desc | Keyctl: $keyctl_desc
-  GPU: $_enable_gpu | Protection: $protect_desc
-
-Advanced:
-  Timezone: $tz_display
-  APT Cacher: $apt_display
+Options:
+  FUSE: $_enable_fuse
+  GPU Passthrough: $_enable_gpu
   Verbose: $_verbose"
 
       if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
         --title "CONFIRM SETTINGS" \
         --ok-button "Create LXC" --cancel-button "Back" \
-        --yesno "$summary\n\nCreate ${APP} LXC with these settings?" 32 62; then
+        --yesno "$summary\n\nCreate ${APP} LXC with these settings?" 28 58; then
         ((STEP++))
       else
         ((STEP--))
@@ -1834,30 +1608,11 @@ Advanced:
   IPV6_GATE="$_ipv6_gate"
   TAGS="$_tags"
   ENABLE_FUSE="$_enable_fuse"
-  ENABLE_TUN="$_enable_tun"
   ENABLE_GPU="$_enable_gpu"
-  ENABLE_NESTING="$_enable_nesting"
-  ENABLE_KEYCTL="$_enable_keyctl"
-  ENABLE_MKNOD="$_enable_mknod"
-  ALLOW_MOUNT_FS="$_mount_fs"
-  PROTECT_CT="$_protect_ct"
-  CT_TIMEZONE="$_ct_timezone"
-  APT_CACHER="$_apt_cacher"
-  APT_CACHER_IP="$_apt_cacher_ip"
   VERBOSE="$_verbose"
 
-  # Update var_* based on user choice (for functions that check these)
+  # Update var_gpu based on user choice (for is_gpu_app function)
   var_gpu="$_enable_gpu"
-  var_fuse="$_enable_fuse"
-  var_tun="$_enable_tun"
-  var_nesting="$_enable_nesting"
-  var_keyctl="$_enable_keyctl"
-  var_mknod="$_enable_mknod"
-  var_mount_fs="$_mount_fs"
-  var_protection="$_protect_ct"
-  var_timezone="$_ct_timezone"
-  var_apt_cacher="$_apt_cacher"
-  var_apt_cacher_ip="$_apt_cacher_ip"
 
   # Format optional values
   [[ -n "$_mtu" ]] && MTU=",mtu=$_mtu" || MTU=""
@@ -1893,13 +1648,7 @@ Advanced:
   echo -e "${NETWORK}${BOLD}${DGN}IPv4: ${BGN}$NET${CL}"
   echo -e "${NETWORK}${BOLD}${DGN}IPv6: ${BGN}$IPV6_METHOD${CL}"
   echo -e "${FUSE}${BOLD}${DGN}FUSE Support: ${BGN}$ENABLE_FUSE${CL}"
-  [[ "$ENABLE_TUN" == "yes" ]] && echo -e "${NETWORK}${BOLD}${DGN}TUN/TAP Support: ${BGN}$ENABLE_TUN${CL}"
-  echo -e "${CONTAINERTYPE}${BOLD}${DGN}Nesting: ${BGN}$([ "$ENABLE_NESTING" == "1" ] && echo "Enabled" || echo "Disabled")${CL}"
-  [[ "$ENABLE_KEYCTL" == "1" ]] && echo -e "${CONTAINERTYPE}${BOLD}${DGN}Keyctl: ${BGN}Enabled${CL}"
   echo -e "${GPU}${BOLD}${DGN}GPU Passthrough: ${BGN}$ENABLE_GPU${CL}"
-  [[ "$PROTECT_CT" == "yes" || "$PROTECT_CT" == "1" ]] && echo -e "${CONTAINERTYPE}${BOLD}${DGN}Protection: ${BGN}Enabled${CL}"
-  [[ -n "$CT_TIMEZONE" ]] && echo -e "${INFO}${BOLD}${DGN}Timezone: ${BGN}$CT_TIMEZONE${CL}"
-  [[ "$APT_CACHER" == "yes" ]] && echo -e "${INFO}${BOLD}${DGN}APT Cacher: ${BGN}$APT_CACHER_IP${CL}"
   echo -e "${SEARCH}${BOLD}${DGN}Verbose Mode: ${BGN}$VERBOSE${CL}"
   echo -e "${CREATING}${BOLD}${RD}Creating a ${APP} LXC using the above advanced settings${CL}"
 }
@@ -2568,23 +2317,15 @@ build_container() {
   none) ;;
   esac
 
-  # Build FEATURES string based on container type and user choices
-  FEATURES=""
-
-  # Nesting support (user configurable, default enabled)
-  if [ "${ENABLE_NESTING:-1}" == "1" ]; then
+  # Build FEATURES string
+  if [ "$CT_TYPE" == "1" ]; then
+    FEATURES="keyctl=1,nesting=1"
+  else
     FEATURES="nesting=1"
   fi
 
-  # Keyctl for unprivileged containers (needed for Docker)
-  if [ "$CT_TYPE" == "1" ]; then
-    [ -n "$FEATURES" ] && FEATURES="$FEATURES,"
-    FEATURES="${FEATURES}keyctl=1"
-  fi
-
   if [ "$ENABLE_FUSE" == "yes" ]; then
-    [ -n "$FEATURES" ] && FEATURES="$FEATURES,"
-    FEATURES="${FEATURES}fuse=1"
+    FEATURES="$FEATURES,fuse=1"
   fi
 
   # Build PCT_OPTIONS as string for export