Add workflow to close unauthorized new-script PRs

Add a GitHub Actions workflow that runs on pull_request_target (opened, labeled) for main and automatically closes PRs labeled "new script" when the author is not an allowed bot or a member of the "contributor" team. The workflow comments explaining that new scripts must be submitted to the ProxmoxVED testing repo, closes the PR, and adds a "not a script issue" label. It scopes execution to the community-scripts/ProxmoxVE repo, uses a coolify-runner, and requires pull-requests: write and contents: read permissions.
2026-03-02 17:05:55 +01:00 · 2026-02-26 14:05:54 +01:00
7 changed files with 94 additions and 191 deletions
--- a/.github/workflows/check-node-versions.yml
+++ b/.github/workflows/check-node-versions.yml
@@ -214,12 +214,11 @@ jobs:
            total=$((total + 1))
            slug=$(basename "$script" | sed 's/-install\.sh$//')
-            # Extract Source URL (GitHub only) from the "# Source:" line
+            # Extract Source URL (GitHub only)
            # Supports both:
            #   # Source: https://github.com/owner/repo
            #   # Source: https://example.com | Github: https://github.com/owner/repo
-            # NOTE: Must filter for "# Source:" line first to avoid matching the License URL
+            source_url=$(head -20 "$script" | grep -oP 'https://github\.com/[^\s|]+' | head -1 || echo "")
            source_url=$(head -20 "$script" | grep -i '# Source:' | grep -oP 'https://github\.com/[^\s|]+' | head -1 || echo "")
            if [[ -z "$source_url" ]]; then
              report_lines+=("| \`$slug\` | — | — | — | — | ⏭️ No GitHub source |")
              continue
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -415,18 +415,10 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 ### 🚀 Updated Scripts
  - #### 🐞 Bug Fixes
    - hotfix: overseer version [@CrazyWolf13](https://github.com/CrazyWolf13) ([#12366](https://github.com/community-scripts/ProxmoxVE/pull/12366))
  - #### ✨ New Features
    - [QOL] Immich: add warning regarding library compilation time [@vhsdream](https://github.com/vhsdream) ([#12345](https://github.com/community-scripts/ProxmoxVE/pull/12345))
 ### 📂 Github
  - github: add workflow to autom. close unauthorized new-script PRs [@MickLesk](https://github.com/MickLesk) ([#12356](https://github.com/community-scripts/ProxmoxVE/pull/12356))
 ## 2026-02-25
 ### 🆕 New Scripts
--- a/ct/overseerr.sh
+++ b/ct/overseerr.sh
@@ -28,7 +28,7 @@ function update_script() {
    exit
  fi
-  if [[ -f "$HOME/.overseerr" ]] && [[ "$(printf '%s\n' "1.35.0" "$(cat "$HOME/.overseerr")" | sort -V | head -n1)" == "1.35.0" ]]; then
+  if [[ -f "$HOME/.overseerr" ]] && [[ "$(printf '%s\n' "1.34.0" "$(cat "$HOME/.overseerr")" | sort -V | head -n1)" == "1.35.0" ]]; then
    echo
    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
    echo "Overseerr v1.34.0 detected."
--- a/frontend/public/json/github-versions.json
+++ b/frontend/public/json/github-versions.json
@@ -1,5 +1,5 @@
 {
-  "generated": "2026-02-26T18:16:20Z",
+  "generated": "2026-02-26T12:14:56Z",
  "versions": [
    {
      "slug": "2fauth",
@@ -830,9 +830,9 @@
    {
      "slug": "manyfold",
      "repo": "manyfold3d/manyfold",
-      "version": "v0.133.1",
+      "version": "v0.133.0",
      "pinned": false,
-      "date": "2026-02-26T15:50:34Z"
+      "date": "2026-02-25T10:40:26Z"
    },
    {
      "slug": "mealie",
@@ -970,9 +970,9 @@
    {
      "slug": "oauth2-proxy",
      "repo": "oauth2-proxy/oauth2-proxy",
-      "version": "v7.14.3",
+      "version": "v7.14.2",
      "pinned": false,
-      "date": "2026-02-26T14:10:21Z"
+      "date": "2026-01-18T00:26:09Z"
    },
    {
      "slug": "ombi",
@@ -1061,9 +1061,9 @@
    {
      "slug": "paperless-gpt",
      "repo": "icereed/paperless-gpt",
-      "version": "v0.25.1",
+      "version": "v0.25.0",
      "pinned": false,
-      "date": "2026-02-26T14:50:11Z"
+      "date": "2026-02-16T08:31:48Z"
    },
    {
      "slug": "paperless-ngx",
--- a/misc/build.func
+++ b/misc/build.func
@@ -118,7 +118,7 @@ maxkeys_check() {
  # Exit if kernel parameters are unavailable
  if [[ "$per_user_maxkeys" -eq 0 || "$per_user_maxbytes" -eq 0 ]]; then
-    msg_error "Unable to read kernel key parameters. Ensure proper permissions."
+    echo -e "${CROSS}${RD} Error: Unable to read kernel parameters. Ensure proper permissions.${CL}"
    exit 1
  fi
@@ -135,19 +135,19 @@ maxkeys_check() {
  # Check if key or byte usage is near limits
  failure=0
  if [[ "$used_lxc_keys" -gt "$threshold_keys" ]]; then
-    msg_warn "Key usage is near the limit (${used_lxc_keys}/${per_user_maxkeys})"
+    echo -e "${CROSS}${RD} Warning: Key usage is near the limit (${used_lxc_keys}/${per_user_maxkeys}).${CL}"
    echo -e "${INFO} Suggested action: Set ${GN}kernel.keys.maxkeys=${new_limit_keys}${CL} in ${BOLD}/etc/sysctl.d/98-community-scripts.conf${CL}."
    failure=1
  fi
  if [[ "$used_lxc_bytes" -gt "$threshold_bytes" ]]; then
-    msg_warn "Key byte usage is near the limit (${used_lxc_bytes}/${per_user_maxbytes})"
+    echo -e "${CROSS}${RD} Warning: Key byte usage is near the limit (${used_lxc_bytes}/${per_user_maxbytes}).${CL}"
    echo -e "${INFO} Suggested action: Set ${GN}kernel.keys.maxbytes=${new_limit_bytes}${CL} in ${BOLD}/etc/sysctl.d/98-community-scripts.conf${CL}."
    failure=1
  fi
  # Provide next steps if issues are detected
  if [[ "$failure" -eq 1 ]]; then
-    msg_error "Kernel key limits exceeded - see suggestions above"
+    echo -e "${INFO} To apply changes, run: ${BOLD}service procps force-reload${CL}"
    exit 1
  fi
@@ -2034,7 +2034,6 @@ advanced_settings() {
          ((STEP++))
        else
          whiptail --msgbox "Default bridge 'vmbr0' not found!\n\nPlease configure a network bridge in Proxmox first." 10 58
          msg_error "Default bridge 'vmbr0' not found"
          exit 1
        fi
      else
@@ -3050,7 +3049,7 @@ install_script() {
      CHOICE=""
      ;;
    *)
-      msg_error "Invalid option: $CHOICE"
+      echo -e "${CROSS}${RD}Invalid option: $CHOICE${CL}"
      exit 1
      ;;
    esac
@@ -3129,12 +3128,12 @@ check_container_resources() {
  current_cpu=$(nproc)
  if [[ "$current_ram" -lt "$var_ram" ]] || [[ "$current_cpu" -lt "$var_cpu" ]]; then
-    msg_warn "Under-provisioned: Required ${var_cpu} CPU/${var_ram}MB RAM, Current ${current_cpu} CPU/${current_ram}MB RAM"
+    echo -e "\n${INFO}${HOLD} ${GN}Required: ${var_cpu} CPU, ${var_ram}MB RAM ${CL}| ${RD}Current: ${current_cpu} CPU, ${current_ram}MB RAM${CL}"
    echo -e "${YWB}Please ensure that the ${APP} LXC is configured with at least ${var_cpu} vCPU and ${var_ram} MB RAM for the build process.${CL}\n"
    echo -ne "${INFO}${HOLD} May cause data loss! ${INFO} Continue update with under-provisioned LXC? <yes/No>  "
    read -r prompt
    if [[ ! ${prompt,,} =~ ^(yes)$ ]]; then
-      msg_error "Aborted: under-provisioned LXC (${current_cpu} CPU/${current_ram}MB RAM < ${var_cpu} CPU/${var_ram}MB RAM)"
+      echo -e "${CROSS}${HOLD} ${YWB}Exiting based on user input.${CL}"
      exit 1
    fi
  else
@@ -3153,11 +3152,11 @@ check_container_storage() {
  local used_size=$(df /boot --output=used | tail -n 1)
  usage=$((100 * used_size / total_size))
  if ((usage > 80)); then
-    msg_warn "Storage is dangerously low (${usage}% used on /boot)"
+    echo -e "${INFO}${HOLD} ${YWB}Warning: Storage is dangerously low (${usage}%).${CL}"
    echo -ne "Continue anyway? <y/N>  "
    read -r prompt
    if [[ ! ${prompt,,} =~ ^(y|yes)$ ]]; then
-      msg_error "Aborted: storage too low (${usage}% used)"
+      echo -e "${CROSS}${HOLD}${YWB}Exiting based on user input.${CL}"
      exit 1
    fi
  fi
@@ -3547,16 +3546,10 @@ build_container() {
  # Build PCT_OPTIONS as string for export
  TEMP_DIR=$(mktemp -d)
  pushd "$TEMP_DIR" >/dev/null
  local _func_url
  if [ "$var_os" == "alpine" ]; then
-    _func_url="https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/alpine-install.func"
+    export FUNCTIONS_FILE_PATH="$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/alpine-install.func)"
  else
-    _func_url="https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/install.func"
+    export FUNCTIONS_FILE_PATH="$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/install.func)"
  fi
  export FUNCTIONS_FILE_PATH="$(curl -fsSL "$_func_url")"
  if [[ -z "$FUNCTIONS_FILE_PATH" || ${#FUNCTIONS_FILE_PATH} -lt 100 ]]; then
    msg_error "Failed to download install functions from: $_func_url"
    exit 1
  fi
  # Core exports for install.func
@@ -3927,9 +3920,7 @@ EOF
    fi
    sleep 1
    if [ "$i" -eq 10 ]; then
-      local ct_status
+      msg_error "LXC Container did not reach running state"
      ct_status=$(pct status "$CTID" 2>/dev/null || echo "unknown")
      msg_error "LXC Container did not reach running state (status: ${ct_status})"
      exit 1
    fi
  done
@@ -3953,7 +3944,7 @@ EOF
    if [ -z "$ip_in_lxc" ]; then
      msg_error "No IP assigned to CT $CTID after 20s"
-      msg_custom "🔧" "${YW}" "Troubleshooting:"
+      echo -e "${YW}Troubleshooting:${CL}"
      echo "  • Verify bridge ${BRG} exists and has connectivity"
      echo "  • Check if DHCP server is reachable (if using DHCP)"
      echo "  • Verify static IP configuration (if using static IP)"
@@ -3975,7 +3966,8 @@ EOF
    done
    if [ "$ping_success" = false ]; then
-      msg_warn "Network configured (IP: $ip_in_lxc) but connectivity test failed - installation will continue"
+      msg_warn "Network configured (IP: $ip_in_lxc) but connectivity test failed"
      echo -e "${YW}Container may have limited internet access. Installation will continue...${CL}"
    else
      msg_ok "Network in LXC is reachable (ping)"
    fi
@@ -4019,10 +4011,7 @@ EOF
 http://dl-cdn.alpinelinux.org/alpine/latest-stable/main
 http://dl-cdn.alpinelinux.org/alpine/latest-stable/community
 EOF'
-    pct exec "$CTID" -- ash -c "apk add bash newt curl openssh nano mc ncurses jq >/dev/null" || {
+    pct exec "$CTID" -- ash -c "apk add bash newt curl openssh nano mc ncurses jq >/dev/null"
      msg_error "Failed to install base packages in Alpine container"
      exit 1
    }
  else
    sleep 3
    LANG=${LANG:-en_US.UTF-8}
@@ -4919,7 +4908,8 @@ create_lxc_container() {
      return 0
    fi
-    msg_info "An update for the Proxmox LXC stack is available"
+    echo
    echo "An update for the Proxmox LXC stack is available:"
    echo "  pve-container: installed=${_pvec_i:-n/a}  candidate=${_pvec_c:-n/a}"
    echo "  lxc-pve     : installed=${_lxcp_i:-n/a}  candidate=${_lxcp_c:-n/a}"
    echo
@@ -4971,6 +4961,7 @@ create_lxc_container() {
    exit 205
  }
  if qm status "$CTID" &>/dev/null || pct status "$CTID" &>/dev/null; then
    echo -e "ID '$CTID' is already in use."
    unset CTID
    msg_error "Cannot use ID that is already in use."
    exit 206
@@ -5028,40 +5019,17 @@ create_lxc_container() {
  msg_info "Validating storage '$CONTAINER_STORAGE'"
  STORAGE_TYPE=$(grep -E "^[^:]+: $CONTAINER_STORAGE$" /etc/pve/storage.cfg | cut -d: -f1 | head -1)
  if [[ -z "$STORAGE_TYPE" ]]; then
    msg_error "Storage '$CONTAINER_STORAGE' not found in /etc/pve/storage.cfg"
    exit 213
  fi
  case "$STORAGE_TYPE" in
-  iscsidirect)
+  iscsidirect) exit 212 ;;
-    msg_error "Storage '$CONTAINER_STORAGE' uses iSCSI-direct which does not support container rootfs."
+  iscsi | zfs) exit 213 ;;
-    exit 212
+  cephfs) exit 219 ;;
-    ;;
+  pbs) exit 224 ;;
  iscsi | zfs)
    msg_error "Storage '$CONTAINER_STORAGE' ($STORAGE_TYPE) does not support container rootdir content."
    exit 213
    ;;
  cephfs)
    msg_error "Storage '$CONTAINER_STORAGE' uses CephFS which is not supported for LXC rootfs."
    exit 219
    ;;
  pbs)
    msg_error "Storage '$CONTAINER_STORAGE' is a Proxmox Backup Server — cannot be used for containers."
    exit 224
    ;;
  linstor | rbd | nfs | cifs)
-    if ! pvesm status -storage "$CONTAINER_STORAGE" &>/dev/null; then
+    pvesm status -storage "$CONTAINER_STORAGE" &>/dev/null || exit 217
      msg_error "Storage '$CONTAINER_STORAGE' ($STORAGE_TYPE) is not accessible or inactive."
      exit 217
    fi
    ;;
  esac
-  if ! pvesm status -content rootdir 2>/dev/null | awk 'NR>1{print $1}' | grep -qx "$CONTAINER_STORAGE"; then
+  pvesm status -content rootdir 2>/dev/null | awk 'NR>1{print $1}' | grep -qx "$CONTAINER_STORAGE" || exit 213
    msg_error "Storage '$CONTAINER_STORAGE' ($STORAGE_TYPE) does not support 'rootdir' content."
    exit 213
  fi
  msg_ok "Storage '$CONTAINER_STORAGE' ($STORAGE_TYPE) validated"
  msg_info "Validating template storage '$TEMPLATE_STORAGE'"
@@ -5134,7 +5102,8 @@ create_lxc_container() {
  # If still no template, try to find alternatives
  if [[ -z "$TEMPLATE" ]]; then
-    msg_warn "No template found for ${PCT_OSTYPE} ${PCT_OSVERSION}, searching for alternatives..."
+    echo ""
    echo "[DEBUG] No template found for ${PCT_OSTYPE} ${PCT_OSVERSION}, searching for alternatives..."
    # Get all available versions for this OS type
    AVAILABLE_VERSIONS=()
@@ -5408,19 +5377,13 @@ create_lxc_container() {
  if [[ ! -s "$TEMPLATE_PATH" || "$(stat -c%s "$TEMPLATE_PATH" 2>/dev/null || echo 0)" -lt 1000000 ]]; then
    msg_info "Template file missing or too small – downloading"
    rm -f "$TEMPLATE_PATH"
-    pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >/dev/null 2>&1 || {
+    pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >/dev/null 2>&1
      msg_error "Failed to download template '$TEMPLATE' to storage '$TEMPLATE_STORAGE'"
      exit 222
    }
    msg_ok "Template downloaded"
  elif ! tar -tf "$TEMPLATE_PATH" &>/dev/null; then
    if [[ -n "$ONLINE_TEMPLATE" ]]; then
      msg_info "Template appears corrupted – re-downloading"
      rm -f "$TEMPLATE_PATH"
-      pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >/dev/null 2>&1 || {
+      pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >/dev/null 2>&1
        msg_error "Failed to re-download template '$TEMPLATE'"
        exit 222
      }
      msg_ok "Template re-downloaded"
    else
      msg_warn "Template appears corrupted, but no online version exists. Skipping re-download."
@@ -5462,17 +5425,20 @@ create_lxc_container() {
        if ! pct create "$CTID" "local:vztmpl/${TEMPLATE}" $PCT_OPTIONS >>"$LOGFILE" 2>&1; then
          # Local fallback also failed - check for LXC stack version issue
          if grep -qiE 'unsupported .* version' "$LOGFILE"; then
-            msg_warn "pct reported 'unsupported version' – LXC stack might be too old for this template"
+            echo
            echo "pct reported 'unsupported ... version' – your LXC stack might be too old for this template."
            echo "We can try to upgrade 'pve-container' and 'lxc-pve' now and retry automatically."
            offer_lxc_stack_upgrade_and_maybe_retry "yes"
            rc=$?
            case $rc in
            0) : ;; # success - container created, continue
            2)
-              msg_error "Upgrade declined. Please update and re-run: apt update && apt install --only-upgrade pve-container lxc-pve"
+              echo "Upgrade was declined. Please update and re-run:
  apt update && apt install --only-upgrade pve-container lxc-pve"
              exit 231
              ;;
            3)
-              msg_error "Upgrade and/or retry failed. Please inspect: $LOGFILE"
+              echo "Upgrade and/or retry failed. Please inspect: $LOGFILE"
              exit 231
              ;;
            esac
@@ -5491,17 +5457,20 @@ create_lxc_container() {
      else
        # Already on local storage and still failed - check LXC stack version
        if grep -qiE 'unsupported .* version' "$LOGFILE"; then
-          msg_warn "pct reported 'unsupported version' – LXC stack might be too old for this template"
+          echo
          echo "pct reported 'unsupported ... version' – your LXC stack might be too old for this template."
          echo "We can try to upgrade 'pve-container' and 'lxc-pve' now and retry automatically."
          offer_lxc_stack_upgrade_and_maybe_retry "yes"
          rc=$?
          case $rc in
          0) : ;; # success - container created, continue
          2)
-            msg_error "Upgrade declined. Please update and re-run: apt update && apt install --only-upgrade pve-container lxc-pve"
+            echo "Upgrade was declined. Please update and re-run:
  apt update && apt install --only-upgrade pve-container lxc-pve"
            exit 231
            ;;
          3)
-            msg_error "Upgrade and/or retry failed. Please inspect: $LOGFILE"
+            echo "Upgrade and/or retry failed. Please inspect: $LOGFILE"
            exit 231
            ;;
          esac
--- a/misc/core.func
+++ b/misc/core.func
@@ -276,7 +276,7 @@ shell_check() {
    msg_error "Your default shell is currently not set to Bash. To use these scripts, please switch to the Bash shell."
    echo -e "\nExiting..."
    sleep 2
-    exit 1
+    exit
  fi
 }
@@ -293,7 +293,7 @@ root_check() {
    msg_error "Please run this script as root."
    echo -e "\nExiting..."
    sleep 2
-    exit 1
+    exit
  fi
 }
@@ -345,10 +345,11 @@ pve_check() {
 # ------------------------------------------------------------------------------
 arch_check() {
  if [ "$(dpkg --print-architecture)" != "amd64" ]; then
-    msg_error "This script will not work with PiMox (ARM architecture detected)."
+    echo -e "\n ${INFO}${YWB}This script will not work with PiMox! \n"
-    msg_warn "Visit https://github.com/asylumexp/Proxmox for ARM64 support."
+    echo -e "\n ${YWB}Visit https://github.com/asylumexp/Proxmox for ARM64 support. \n"
    echo -e "Exiting..."
    sleep 2
-    exit 1
+    exit
  fi
 }
@@ -529,9 +530,7 @@ silent() {
  if [[ $rc -ne 0 ]]; then
    # Source explain_exit_code if needed
    if ! declare -f explain_exit_code >/dev/null 2>&1; then
-      if ! source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/error_handler.func); then
+      source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/error_handler.func)
        explain_exit_code() { echo "unknown (error_handler.func download failed)"; }
      fi
    fi
    local explanation
@@ -786,8 +785,8 @@ fatal() {
 # ------------------------------------------------------------------------------
 exit_script() {
  clear
-  msg_error "User exited script"
+  echo -e "\n${CROSS}${RD}User exited script${CL}\n"
-  exit 0
+  exit
 }
 # ------------------------------------------------------------------------------
@@ -808,7 +807,6 @@ get_header() {
  if [ ! -s "$local_header_path" ]; then
    if ! curl -fsSL "$header_url" -o "$local_header_path"; then
      msg_warn "Failed to download header: $header_url"
      return 1
    fi
  fi
@@ -849,10 +847,10 @@ header_info() {
 ensure_tput() {
  if ! command -v tput >/dev/null 2>&1; then
    if grep -qi 'alpine' /etc/os-release; then
-      apk add --no-cache ncurses >/dev/null 2>&1 || msg_warn "Failed to install ncurses (tput may be unavailable)"
+      apk add --no-cache ncurses >/dev/null 2>&1
    elif command -v apt-get >/dev/null 2>&1; then
      apt-get update -qq >/dev/null
-      apt-get install -y -qq ncurses-bin >/dev/null 2>&1 || msg_warn "Failed to install ncurses-bin (tput may be unavailable)"
+      apt-get install -y -qq ncurses-bin >/dev/null 2>&1
    fi
  fi
 }
@@ -1312,7 +1310,6 @@ prompt_select() {
  # Validate options
  if [[ $num_options -eq 0 ]]; then
    msg_warn "prompt_select called with no options"
    echo "" >&2
    return 1
  fi
@@ -1555,30 +1552,22 @@ check_or_create_swap() {
  local swap_size_mb
  swap_size_mb=$(prompt_input "Enter swap size in MB (e.g., 2048 for 2GB):" "2048" 60)
  if ! [[ "$swap_size_mb" =~ ^[0-9]+$ ]]; then
-    msg_error "Invalid swap size: '${swap_size_mb}' (must be a number in MB)"
+    msg_error "Invalid size input. Aborting."
    return 1
  fi
  local swap_file="/swapfile"
  msg_info "Creating ${swap_size_mb}MB swap file at $swap_file"
-  if ! dd if=/dev/zero of="$swap_file" bs=1M count="$swap_size_mb" status=progress; then
+  if dd if=/dev/zero of="$swap_file" bs=1M count="$swap_size_mb" status=progress &&
-    msg_error "Failed to allocate swap file (dd failed)"
+    chmod 600 "$swap_file" &&
    mkswap "$swap_file" &&
    swapon "$swap_file"; then
    msg_ok "Swap file created and activated successfully"
  else
    msg_error "Failed to create or activate swap"
    return 1
  fi
  if ! chmod 600 "$swap_file"; then
    msg_error "Failed to set permissions on $swap_file"
    return 1
  fi
  if ! mkswap "$swap_file"; then
    msg_error "Failed to format swap file (mkswap failed)"
    return 1
  fi
  if ! swapon "$swap_file"; then
    msg_error "Failed to activate swap (swapon failed)"
    return 1
  fi
  msg_ok "Swap file created and activated successfully"
 }
 # ------------------------------------------------------------------------------
@@ -1660,7 +1649,7 @@ function get_lxc_ip() {
    LOCAL_IP="$(get_current_ip || true)"
    if [[ -z "$LOCAL_IP" ]]; then
-      msg_error "Could not determine LOCAL_IP (checked: eth0, hostname -I, ip route, IPv6 targets)"
+      msg_error "Could not determine LOCAL_IP"
      return 1
    fi
  fi
--- a/misc/tools.func
+++ b/misc/tools.func
@@ -201,7 +201,6 @@ install_packages_with_retry() {
    fi
  done
  msg_error "Failed to install packages after $((max_retries + 1)) attempts: ${packages[*]}"
  return 1
 }
@@ -232,7 +231,6 @@ upgrade_packages_with_retry() {
    fi
  done
  msg_error "Failed to upgrade packages after $((max_retries + 1)) attempts: ${packages[*]}"
  return 1
 }
@@ -677,7 +675,6 @@ verify_repo_available() {
  if curl -fsSL --max-time 10 "${repo_url}/dists/${suite}/Release" &>/dev/null; then
    return 0
  fi
  msg_warn "Repository not available: ${repo_url} (suite: ${suite})"
  return 1
 }
@@ -842,7 +839,6 @@ github_api_call() {
    esac
  done
  msg_error "GitHub API call failed after ${max_retries} attempts: ${url}"
  return 1
 }
@@ -904,7 +900,6 @@ codeberg_api_call() {
    esac
  done
  msg_error "Codeberg API call failed after ${max_retries} attempts: ${url}"
  return 1
 }
@@ -1374,9 +1369,7 @@ setup_deb822_repo() {
    [[ -n "$enabled" ]] && echo "Enabled: $enabled"
  } >/etc/apt/sources.list.d/${name}.sources
-  $STD apt update || {
+  $STD apt update
    msg_warn "apt update failed after adding repository: ${name}"
  }
 }
 # ------------------------------------------------------------------------------
@@ -1384,16 +1377,12 @@ setup_deb822_repo() {
 # ------------------------------------------------------------------------------
 hold_package_version() {
  local package="$1"
-  $STD apt-mark hold "$package" || {
+  $STD apt-mark hold "$package"
    msg_warn "Failed to hold package version: ${package}"
  }
 }
 unhold_package_version() {
  local package="$1"
-  $STD apt-mark unhold "$package" || {
+  $STD apt-mark unhold "$package"
    msg_warn "Failed to unhold package version: ${package}"
  }
 }
 # ------------------------------------------------------------------------------
@@ -1423,7 +1412,6 @@ enable_and_start_service() {
  local service="$1"
  if ! systemctl enable "$service" &>/dev/null; then
    msg_error "Failed to enable service: $service"
    return 1
  fi
@@ -1466,7 +1454,6 @@ extract_version_from_json() {
  version=$(echo "$json" | jq -r ".${field} // empty")
  if [[ -z "$version" ]]; then
    msg_warn "JSON field '${field}' is empty in API response"
    return 1
  fi
@@ -1486,9 +1473,8 @@ get_latest_github_release() {
  local temp_file=$(mktemp)
  if ! github_api_call "https://api.github.com/repos/${repo}/releases/latest" "$temp_file"; then
    msg_warn "GitHub API call failed for ${repo}"
    rm -f "$temp_file"
-    return 1
+    return 0
  fi
  local version
@@ -1497,7 +1483,7 @@ get_latest_github_release() {
  if [[ -z "$version" ]]; then
    msg_error "Could not determine latest version for ${repo}"
-    return 1
+    return 0
  fi
  echo "$version"
@@ -1513,9 +1499,8 @@ get_latest_codeberg_release() {
  # Codeberg API: get all releases and pick the first non-draft/non-prerelease
  if ! codeberg_api_call "https://codeberg.org/api/v1/repos/${repo}/releases" "$temp_file"; then
    msg_warn "Codeberg API call failed for ${repo}"
    rm -f "$temp_file"
-    return 1
+    return 0
  fi
  local version
@@ -1530,7 +1515,7 @@ get_latest_codeberg_release() {
  if [[ -z "$version" ]]; then
    msg_error "Could not determine latest version for ${repo}"
-    return 1
+    return 0
  fi
  echo "$version"
@@ -1661,7 +1646,6 @@ get_latest_gh_tag() {
    sort -V | tail -n1)
  if [[ -z "$latest" ]]; then
    msg_warn "No matching tags found for ${repo}${prefix:+ (prefix: $prefix)}"
    return 1
  fi
@@ -1897,7 +1881,7 @@ check_for_codeberg_release() {
  releases_json=$(curl -fsSL --max-time 20 \
    -H 'Accept: application/json' \
    "https://codeberg.org/api/v1/repos/${source}/releases" 2>/dev/null) || {
-    msg_error "Unable to fetch releases for ${app} (codeberg.org/api/v1/repos/${source}/releases)"
+    msg_error "Unable to fetch releases for ${app}"
    return 1
  }
@@ -2030,12 +2014,12 @@ function download_with_progress() {
  if [[ -z "$content_length" ]]; then
    if ! curl -fL# -o "$output" "$url"; then
-      msg_error "Download failed: $url"
+      msg_error "Download failed"
      return 1
    fi
  else
    if ! curl -fsSL "$url" | pv -s "$content_length" >"$output"; then
-      msg_error "Download failed: $url"
+      msg_error "Download failed"
      return 1
    fi
  fi
@@ -2578,10 +2562,7 @@ _gh_scan_older_releases() {
    -H 'Accept: application/vnd.github+json' \
    -H 'X-GitHub-Api-Version: 2022-11-28' \
    "${header[@]}" \
-    "https://api.github.com/repos/${repo}/releases?per_page=15" 2>/dev/null) || {
+    "https://api.github.com/repos/${repo}/releases?per_page=15" 2>/dev/null) || return 1
    msg_warn "Failed to fetch older releases for ${repo}"
    return 1
  }
  local count
  count=$(echo "$releases_list" | jq 'length')
@@ -3123,9 +3104,7 @@ function setup_composer() {
  # Scenario 1: Already installed - just self-update
  if [[ -n "$INSTALLED_VERSION" ]]; then
    msg_info "Update Composer $INSTALLED_VERSION"
-    $STD "$COMPOSER_BIN" self-update --no-interaction || {
+    $STD "$COMPOSER_BIN" self-update --no-interaction || true
      msg_warn "Composer self-update failed, continuing with current version"
    }
    local UPDATED_VERSION
    UPDATED_VERSION=$("$COMPOSER_BIN" --version 2>/dev/null | awk '{print $3}')
    cache_installed_version "composer" "$UPDATED_VERSION"
@@ -3161,9 +3140,7 @@ function setup_composer() {
  fi
  chmod +x "$COMPOSER_BIN"
-  $STD "$COMPOSER_BIN" self-update --no-interaction || {
+  $STD "$COMPOSER_BIN" self-update --no-interaction || true
    msg_warn "Composer self-update failed after fresh install"
  }
  local FINAL_VERSION
  FINAL_VERSION=$("$COMPOSER_BIN" --version 2>/dev/null | awk '{print $3}')
@@ -5234,9 +5211,7 @@ function setup_mysql() {
    ensure_apt_working || return 1
    # Perform upgrade with retry logic (non-fatal if fails)
-    upgrade_packages_with_retry "mysql-server" "mysql-client" || {
+    upgrade_packages_with_retry "mysql-server" "mysql-client" || true
      msg_warn "MySQL package upgrade had issues, continuing with current version"
    }
    cache_installed_version "mysql" "$MYSQL_VERSION"
    msg_ok "Update MySQL $MYSQL_VERSION"
@@ -5426,9 +5401,7 @@ function setup_nodejs() {
    }
    # Force APT cache refresh after repository setup
-    $STD apt update || {
+    $STD apt update
      msg_warn "apt update failed after Node.js repository setup"
    }
    ensure_dependencies curl ca-certificates gnupg
@@ -5671,10 +5644,7 @@ EOF
  if [[ "$DISTRO_ID" == "ubuntu" ]]; then
    # Ubuntu: Use ondrej/php PPA
    msg_info "Adding ondrej/php PPA for Ubuntu"
-    $STD apt install -y software-properties-common || {
+    $STD apt install -y software-properties-common
      msg_error "Failed to install software-properties-common"
      return 1
    }
    # Don't use $STD for add-apt-repository as it uses background processes
    add-apt-repository -y ppa:ondrej/php >>"$(get_active_logfile)" 2>&1
  else
@@ -5685,9 +5655,7 @@ EOF
    }
  fi
  ensure_apt_working || return 1
-  $STD apt update || {
+  $STD apt update
    msg_warn "apt update failed after PHP repository setup"
  }
  # Get available PHP version from repository
  local AVAILABLE_PHP_VERSION=""
@@ -5982,9 +5950,7 @@ function setup_postgresql() {
    }
  fi
-  $STD systemctl enable --now postgresql 2>/dev/null || {
+  $STD systemctl enable --now postgresql 2>/dev/null || true
    msg_warn "Failed to enable/start PostgreSQL service"
  }
  # Add PostgreSQL binaries to PATH
  if ! grep -q '/usr/lib/postgresql' /etc/environment 2>/dev/null; then
@@ -5998,9 +5964,7 @@ function setup_postgresql() {
  if [[ -n "$PG_MODULES" ]]; then
    IFS=',' read -ra MODULES <<<"$PG_MODULES"
    for module in "${MODULES[@]}"; do
-      $STD apt install -y "postgresql-${PG_VERSION}-${module}" 2>/dev/null || {
+      $STD apt install -y "postgresql-${PG_VERSION}-${module}" 2>/dev/null || true
        msg_warn "Failed to install PostgreSQL module: ${module}"
      }
    done
  fi
 }
@@ -6659,9 +6623,7 @@ function setup_clickhouse() {
    ensure_apt_working || return 1
    # Perform upgrade with retry logic (non-fatal if fails)
-    upgrade_packages_with_retry "clickhouse-server" "clickhouse-client" || {
+    upgrade_packages_with_retry "clickhouse-server" "clickhouse-client" || true
      msg_warn "ClickHouse package upgrade had issues, continuing with current version"
    }
    cache_installed_version "clickhouse" "$CLICKHOUSE_VERSION"
    msg_ok "Update ClickHouse $CLICKHOUSE_VERSION"
    return 0
@@ -6796,9 +6758,7 @@ function setup_rust() {
    }
    # Update to latest patch version
-    $STD rustup update "$RUST_TOOLCHAIN" </dev/null || {
+    $STD rustup update "$RUST_TOOLCHAIN" </dev/null || true
      msg_warn "Rust toolchain update had issues"
    }
    # Ensure PATH is updated for current shell session
    export PATH="$CARGO_BIN:$PATH"
@@ -7200,10 +7160,7 @@ function setup_docker() {
        docker-ce-cli \
        containerd.io \
        docker-buildx-plugin \
-        docker-compose-plugin || {
+        docker-compose-plugin
        msg_error "Failed to update Docker packages"
        return 1
      }
      msg_ok "Updated Docker to $DOCKER_LATEST_VERSION"
    else
      msg_ok "Docker is up-to-date ($DOCKER_CURRENT_VERSION)"
@@ -7215,10 +7172,7 @@ function setup_docker() {
      docker-ce-cli \
      containerd.io \
      docker-buildx-plugin \
-      docker-compose-plugin || {
+      docker-compose-plugin
      msg_error "Failed to install Docker packages"
      return 1
    }
    DOCKER_CURRENT_VERSION=$(docker --version | grep -oP '\d+\.\d+\.\d+' | head -1)
    msg_ok "Installed Docker $DOCKER_CURRENT_VERSION"