Update .app files

CHANGELOG.md

@@ -427,23 +427,15 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 ### 🆕 New Scripts
 
-  - iSponsorBlockTV ([#13123](https://github.com/community-scripts/ProxmoxVE/pull/13123))
-- Alpine-Wakapi ([#13119](https://github.com/community-scripts/ProxmoxVE/pull/13119))
+  - Alpine-Wakapi ([#13119](https://github.com/community-scripts/ProxmoxVE/pull/13119))
 - teleport ([#13086](https://github.com/community-scripts/ProxmoxVE/pull/13086))
 
 ### 🚀 Updated Scripts
 
   - #### ✨ New Features
 
-    - Immich: v2.6.1 [@vhsdream](https://github.com/vhsdream) ([#13111](https://github.com/community-scripts/ProxmoxVE/pull/13111))
     - VM's: add input validation and hostname sanitization to all VM scripts [@MickLesk](https://github.com/MickLesk) ([#12973](https://github.com/community-scripts/ProxmoxVE/pull/12973))
 
-### 🧰 Tools
-
-  - #### 🔧 Refactor
-
-    - Harden code-server addon install script [@MickLesk](https://github.com/MickLesk) ([#13116](https://github.com/community-scripts/ProxmoxVE/pull/13116))
-
 ## 2026-03-19
 
 ### 🚀 Updated Scripts

ct/immich.sh

@@ -83,7 +83,7 @@ EOF
     )
     INTEL_RELEASE="$(grep "intel-opencl-icd_" ./Dockerfile | awk -F '_' '{print $2}')"
     if [[ "$INTEL_RELEASE" != "$(cat ~/.intel_version)" ]]; then
-      msg_info "Updating Intel OpenVINO dependencies"
+      msg_info "Updating Intel iGPU dependencies"
       for url in "${INTEL_URLS[@]}"; do
         curl_with_retry "$url" "$(basename "$url")"
       done
@@ -94,9 +94,9 @@ EOF
       rm ./*.deb
       $STD apt-mark hold libigdgmm12
       dpkg-query -W -f='${Version}\n' intel-opencl-icd >~/.intel_version
-      rm -f ./Dockerfile
-      msg_ok "Updated Intel OpenVINO dependencies"
+      msg_ok "Intel iGPU dependencies updated"
     fi
+    rm ./Dockerfile
   fi
   if [[ -f ~/.immich_library_revisions ]]; then
     libraries=("libjxl" "libheif" "libraw" "imagemagick" "libvips")
@@ -109,7 +109,7 @@ EOF
     msg_ok "Image-processing libraries up to date"
   fi
 
-  RELEASE="v2.6.1"
+  RELEASE="v2.5.6"
   if check_for_gh_release "Immich" "immich-app/immich" "${RELEASE}" "each release is tested individually before the version is updated. Please do not open issues for this"; then
     if [[ $(cat ~/.immich) > "2.5.1" ]]; then
       msg_info "Enabling Maintenance Mode"
@@ -226,13 +226,14 @@ EOF
         [[ $attempt -lt 3 ]] && msg_warn "Python download attempt $attempt failed, retrying..." && sleep 5
       done
       msg_ok "Pre-installed Python ${ML_PYTHON}"
-      msg_info "Updating Intel OpenVINO machine-learning"
+      msg_info "Updating HW-accelerated machine-learning"
+      $STD uv add --no-sync --optional openvino onnxruntime-openvino==1.24.1 --active -n -p "${ML_PYTHON}" --managed-python
       for attempt in $(seq 1 3); do
         $STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -nu immich uv sync --extra openvino --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
         [[ $attempt -lt 3 ]] && msg_warn "uv sync attempt $attempt failed, retrying..." && sleep 10
       done
       patchelf --clear-execstack "${VIRTUAL_ENV}/lib/python3.13/site-packages/onnxruntime/capi/onnxruntime_pybind11_state.cpython-313-x86_64-linux-gnu.so"
-      msg_ok "Updated Intel OpenVINO machine-learning"
+      msg_ok "Updated HW-accelerated machine-learning"
     else
       ML_PYTHON="python3.11"
       msg_info "Pre-installing Python ${ML_PYTHON} for machine-learning"

ct/nginxproxymanager.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
 # Copyright (c) 2021-2026 community-scripts ORG
-# Author: tteck (tteckster) | Co-Author: CrazyWolf13, MickLesk (CanbiZ)
+# Author: tteck (tteckster) | Co-Author: CrazyWolf13
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://nginxproxymanager.com/ | Github: https://github.com/NginxProxyManager/nginx-proxy-manager
 
@@ -38,8 +38,8 @@ function update_script() {
     CURRENT_NODE_VERSION=$(node --version | cut -d'v' -f2 | cut -d'.' -f1)
     if [[ "$CURRENT_NODE_VERSION" != "22" ]]; then
       systemctl stop openresty
-      $STD apt purge -y nodejs npm
-      $STD apt autoremove -y
+      apt-get purge -y nodejs npm
+      apt-get autoremove -y
       rm -rf /usr/local/bin/node /usr/local/bin/npm
       rm -rf /usr/local/lib/node_modules
       rm -rf ~/.npm
@@ -49,10 +49,12 @@ function update_script() {
 
   NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
 
-  RELEASE=$(get_latest_github_release "NginxProxyManager/nginx-proxy-manager")
+  RELEASE=$(curl -fsSL https://api.github.com/repos/NginxProxyManager/nginx-proxy-manager/releases/latest |
+    grep "tag_name" |
+    awk '{print substr($2, 3, length($2)-4) }')
 
   CLEAN_INSTALL=1 fetch_and_deploy_gh_release "nginxproxymanager" "NginxProxyManager/nginx-proxy-manager" "tarball" "v${RELEASE}" "/opt/nginxproxymanager"
-
+  
   msg_info "Stopping Services"
   systemctl stop openresty
   systemctl stop npm
@@ -67,56 +69,12 @@ function update_script() {
     /var/cache/nginx
   msg_ok "Cleaned old files"
 
-  msg_info "Migrating to OpenResty from source"
-  rm -f /etc/apt/trusted.gpg.d/openresty-archive-keyring.gpg /etc/apt/trusted.gpg.d/openresty.gpg
-  rm -f /etc/apt/sources.list.d/openresty.list /etc/apt/sources.list.d/openresty.sources
-  if dpkg -l openresty &>/dev/null; then
-    $STD apt remove -y openresty
-    $STD apt autoremove -y
-  fi
-  $STD apt install -y build-essential libpcre3-dev libssl-dev zlib1g-dev
-  msg_ok "Migrated to OpenResty from source"
-
-  CLEAN_INSTALL=1 fetch_and_deploy_gh_release "openresty" "openresty/openresty" "prebuild" "latest" "/opt/openresty" "openresty-*.tar.gz"
-
-  msg_info "Building OpenResty"
-  cd /opt/openresty
-  $STD ./configure \
-    --with-http_v2_module \
-    --with-http_realip_module \
-    --with-http_stub_status_module \
-    --with-http_ssl_module \
-    --with-http_sub_module \
-    --with-http_auth_request_module \
-    --with-pcre-jit \
-    --with-stream \
-    --with-stream_ssl_module
-  $STD make -j"$(nproc)"
-  $STD make install
-  rm -rf /opt/openresty
-  cat <<'EOF' >/lib/systemd/system/openresty.service
-[Unit]
-Description=The OpenResty Application Platform
-After=syslog.target network-online.target remote-fs.target nss-lookup.target
-Wants=network-online.target
-
-[Service]
-Type=simple
-ExecStartPre=/usr/local/openresty/nginx/sbin/nginx -t
-ExecStart=/usr/local/openresty/nginx/sbin/nginx -g 'daemon off;'
-
-[Install]
-WantedBy=multi-user.target
-EOF
-  systemctl daemon-reload
-  msg_ok "Built OpenResty"
-
   msg_info "Setting up Environment"
   ln -sf /usr/bin/python3 /usr/bin/python
   ln -sf /usr/local/openresty/nginx/sbin/nginx /usr/sbin/nginx
   ln -sf /usr/local/openresty/nginx/ /etc/nginx
-  sed -i "0,/\"version\": \"[^\"]*\"/s|\"version\": \"[^\"]*\"|\"version\": \"$RELEASE\"|" /opt/nginxproxymanager/backend/package.json
-  sed -i "0,/\"version\": \"[^\"]*\"/s|\"version\": \"[^\"]*\"|\"version\": \"$RELEASE\"|" /opt/nginxproxymanager/frontend/package.json
+  sed -i "s|\"version\": \"2.0.0\"|\"version\": \"$RELEASE\"|" /opt/nginxproxymanager/backend/package.json
+  sed -i "s|\"version\": \"2.0.0\"|\"version\": \"$RELEASE\"|" /opt/nginxproxymanager/frontend/package.json
   sed -i 's+^daemon+#daemon+g' /opt/nginxproxymanager/docker/rootfs/etc/nginx/nginx.conf
   NGINX_CONFS=$(find /opt/nginxproxymanager -type f -name "*.conf")
   for NGINX_CONF in $NGINX_CONFS; do
@@ -192,11 +150,23 @@ EOF
 EOF
   fi
   sed -i 's/"client": "sqlite3"/"client": "better-sqlite3"/' /app/config/production.json
-  cd /app
+  cd /app 
   $STD yarn install --network-timeout 600000
   msg_ok "Initialized Backend"
 
   msg_info "Updating Certbot"
+  [ -f /etc/apt/trusted.gpg.d/openresty-archive-keyring.gpg ] && rm -f /etc/apt/trusted.gpg.d/openresty-archive-keyring.gpg
+  [ -f /etc/apt/sources.list.d/openresty.list ] && rm -f /etc/apt/sources.list.d/openresty.list
+  [ ! -f /etc/apt/trusted.gpg.d/openresty.gpg ] && curl -fsSL https://openresty.org/package/pubkey.gpg | gpg --dearmor --yes -o /etc/apt/trusted.gpg.d/openresty.gpg
+  [ ! -f /etc/apt/sources.list.d/openresty.sources ] && cat <<'EOF' >/etc/apt/sources.list.d/openresty.sources
+Types: deb
+URIs: http://openresty.org/package/debian/
+Suites: bookworm
+Components: openresty
+Signed-By: /etc/apt/trusted.gpg.d/openresty.gpg
+EOF
+  $STD apt update
+  $STD apt -y install openresty
   if [ -d /opt/certbot ]; then
     $STD /opt/certbot/bin/pip install --upgrade pip setuptools wheel
     $STD /opt/certbot/bin/pip install --upgrade certbot certbot-dns-cloudflare
@@ -206,9 +176,9 @@ EOF
   msg_info "Starting Services"
   sed -i 's/user npm/user root/g; s/^pid/#pid/g' /usr/local/openresty/nginx/conf/nginx.conf
   sed -r -i 's/^([[:space:]]*)su npm npm/\1#su npm npm/g;' /etc/logrotate.d/nginx-proxy-manager
-  systemctl daemon-reload
   systemctl enable -q --now openresty
   systemctl enable -q --now npm
+  systemctl restart openresty
   msg_ok "Started Services"
 
   msg_ok "Updated successfully!"

install/immich-install.sh

@@ -13,43 +13,41 @@ setting_up_container
 network_check
 update_os
 
-if lscpu | grep -q 'GenuineIntel'; then
+if [ -d /dev/dri ]; then
   echo ""
   echo ""
-  echo -e "🤖 ${BL}Immich Machine-Learning Options${CL}"
+  echo -e "🤖 ${BL}Immich Machine Learning Options${CL}"
   echo "─────────────────────────────────────────"
   echo "Please choose your machine-learning type:"
   echo ""
   echo " 1) CPU only (default)"
-  echo " 2) **NEW** Intel OpenVINO CPU or iGPU"
+  echo " 2) Intel OpenVINO (requires GPU passthrough)"
   echo ""
 
   read -r -p "${TAB3}Select machine-learning type [1]: " ML_TYPE
   ML_TYPE="${ML_TYPE:-1}"
   if [[ "$ML_TYPE" == "2" ]]; then
+    msg_info "Installing OpenVINO dependencies"
     touch ~/.openvino
     $STD apt install -y --no-install-recommends patchelf
-    if [[ -d /dev/dri ]]; then
-      msg_info "Installing Intel OpenVINO dependencies"
-      tmp_dir=$(mktemp -d)
-      $STD pushd "$tmp_dir"
-      curl_with_retry "https://raw.githubusercontent.com/immich-app/immich/refs/heads/main/machine-learning/Dockerfile" "Dockerfile"
-      readarray -t INTEL_URLS < <(
-        sed -n "/intel-[igc|opencl]/p" ./Dockerfile | awk '{print $3}'
-        sed -n "/libigdgmm12/p" ./Dockerfile | awk '{print $3}'
-      )
-      for url in "${INTEL_URLS[@]}"; do
-        curl_with_retry "$url" "$(basename "$url")"
-      done
-      $STD apt install -y ./libigdgmm12*.deb
-      rm ./libigdgmm12*.deb
-      $STD apt install -y ./*.deb
-      $STD apt-mark hold libigdgmm12
-      $STD popd
-      rm -rf "$tmp_dir"
-      dpkg-query -W -f='${Version}\n' intel-opencl-icd >~/.intel_version
-      msg_ok "Installed Intel OpenVINO dependencies"
-    fi
+    tmp_dir=$(mktemp -d)
+    $STD pushd "$tmp_dir"
+    curl_with_retry "https://raw.githubusercontent.com/immich-app/immich/refs/heads/main/machine-learning/Dockerfile" "Dockerfile"
+    readarray -t INTEL_URLS < <(
+      sed -n "/intel-[igc|opencl]/p" ./Dockerfile | awk '{print $3}'
+      sed -n "/libigdgmm12/p" ./Dockerfile | awk '{print $3}'
+    )
+    for url in "${INTEL_URLS[@]}"; do
+      curl_with_retry "$url" "$(basename "$url")"
+    done
+    $STD apt install -y ./libigdgmm12*.deb
+    rm ./libigdgmm12*.deb
+    $STD apt install -y ./*.deb
+    $STD apt-mark hold libigdgmm12
+    $STD popd
+    rm -rf "$tmp_dir"
+    dpkg-query -W -f='${Version}\n' intel-opencl-icd >~/.intel_version
+    msg_ok "Installed OpenVINO dependencies"
   fi
 fi
 
@@ -295,7 +293,7 @@ ML_DIR="${APP_DIR}/machine-learning"
 GEO_DIR="${INSTALL_DIR}/geodata"
 mkdir -p {"${APP_DIR}","${UPLOAD_DIR}","${GEO_DIR}","${INSTALL_DIR}"/cache}
 
-fetch_and_deploy_gh_release "Immich" "immich-app/immich" "tarball" "v2.6.1" "$SRC_DIR"
+fetch_and_deploy_gh_release "Immich" "immich-app/immich" "tarball" "v2.5.6" "$SRC_DIR"
 PNPM_VERSION="$(jq -r '.packageManager | split("@")[1] | split("+")[0]' ${SRC_DIR}/package.json)"
 NODE_VERSION="24" NODE_MODULE="pnpm@${PNPM_VERSION}" setup_nodejs
 
@@ -355,13 +353,14 @@ if [[ -f ~/.openvino ]]; then
     [[ $attempt -lt 3 ]] && msg_warn "Python download attempt $attempt failed, retrying..." && sleep 5
   done
   msg_ok "Pre-installed Python ${ML_PYTHON}"
-  msg_info "Installing Intel OpenVINO machine-learning"
+  msg_info "Installing HW-accelerated machine-learning"
+  $STD uv add --no-sync --optional openvino onnxruntime-openvino==1.24.1 --active -n -p "${ML_PYTHON}" --managed-python
   for attempt in $(seq 1 3); do
     $STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -nu immich uv sync --extra openvino --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
     [[ $attempt -lt 3 ]] && msg_warn "uv sync attempt $attempt failed, retrying..." && sleep 10
   done
   patchelf --clear-execstack "${VIRTUAL_ENV}/lib/python3.13/site-packages/onnxruntime/capi/onnxruntime_pybind11_state.cpython-313-x86_64-linux-gnu.so"
-  msg_ok "Installed Intel OpenVINO machine-learning"
+  msg_ok "Installed HW-accelerated machine-learning"
 else
   ML_PYTHON="python3.11"
   msg_info "Pre-installing Python ${ML_PYTHON} for machine-learning"

install/nginxproxymanager-install.sh

@@ -14,20 +14,23 @@ network_check
 update_os
 
 msg_info "Installing Dependencies"
-$STD apt install -y \
+$STD apt update
+$STD apt -y install \
+  ca-certificates \
   apache2-utils \
   logrotate \
   build-essential \
-  libpcre3-dev \
-  libssl-dev \
-  zlib1g-dev \
-  git \
+  git
+msg_ok "Installed Dependencies"
+
+msg_info "Installing Python Dependencies"
+$STD apt install -y \
   python3 \
   python3-dev \
   python3-pip \
   python3-venv \
   python3-cffi
-msg_ok "Installed Dependencies"
+msg_ok "Installed Python Dependencies"
 
 msg_info "Setting up Certbot"
 $STD python3 -m venv /opt/certbot
@@ -36,50 +39,33 @@ $STD /opt/certbot/bin/pip install certbot certbot-dns-cloudflare
 ln -sf /opt/certbot/bin/certbot /usr/local/bin/certbot
 msg_ok "Set up Certbot"
 
-fetch_and_deploy_gh_release "openresty" "openresty/openresty" "prebuild" "latest" "/opt/openresty" "openresty-*.tar.gz"
-
-msg_info "Building OpenResty"
-cd /opt/openresty
-$STD ./configure \
-  --with-http_v2_module \
-  --with-http_realip_module \
-  --with-http_stub_status_module \
-  --with-http_ssl_module \
-  --with-http_sub_module \
-  --with-http_auth_request_module \
-  --with-pcre-jit \
-  --with-stream \
-  --with-stream_ssl_module
-$STD make -j"$(nproc)"
-$STD make install
-rm -rf /opt/openresty
-
-cat <<'EOF' >/lib/systemd/system/openresty.service
-[Unit]
-Description=The OpenResty Application Platform
-After=syslog.target network-online.target remote-fs.target nss-lookup.target
-Wants=network-online.target
-
-[Service]
-Type=simple
-ExecStartPre=/usr/local/openresty/nginx/sbin/nginx -t
-ExecStart=/usr/local/openresty/nginx/sbin/nginx -g 'daemon off;'
-
-[Install]
-WantedBy=multi-user.target
+msg_info "Installing Openresty"
+curl -fsSL "https://openresty.org/package/pubkey.gpg" | gpg --dearmor -o /etc/apt/trusted.gpg.d/openresty.gpg
+cat <<'EOF' >/etc/apt/sources.list.d/openresty.sources
+Types: deb
+URIs: http://openresty.org/package/debian/
+Suites: bookworm
+Components: openresty
+Signed-By: /etc/apt/trusted.gpg.d/openresty.gpg
 EOF
-msg_ok "Built OpenResty"
+$STD apt update
+$STD apt -y install openresty
+msg_ok "Installed Openresty"
 
 NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
-RELEASE=$(get_latest_github_release "NginxProxyManager/nginx-proxy-manager")
+
+RELEASE=$(curl -fsSL https://api.github.com/repos/NginxProxyManager/nginx-proxy-manager/releases/latest |
+  grep "tag_name" |
+  awk '{print substr($2, 3, length($2)-4) }')
+
 fetch_and_deploy_gh_release "nginxproxymanager" "NginxProxyManager/nginx-proxy-manager" "tarball" "v${RELEASE}"
 
 msg_info "Setting up Environment"
 ln -sf /usr/bin/python3 /usr/bin/python
 ln -sf /usr/local/openresty/nginx/sbin/nginx /usr/sbin/nginx
 ln -sf /usr/local/openresty/nginx/ /etc/nginx
-sed -i "0,/\"version\": \"[^\"]*\"/s|\"version\": \"[^\"]*\"|\"version\": \"$RELEASE\"|" /opt/nginxproxymanager/backend/package.json
-sed -i "0,/\"version\": \"[^\"]*\"/s|\"version\": \"[^\"]*\"|\"version\": \"$RELEASE\"|" /opt/nginxproxymanager/frontend/package.json
+sed -i "s|\"version\": \"2.0.0\"|\"version\": \"$RELEASE\"|" /opt/nginxproxymanager/backend/package.json
+sed -i "s|\"version\": \"2.0.0\"|\"version\": \"$RELEASE\"|" /opt/nginxproxymanager/frontend/package.json
 sed -i 's+^daemon+#daemon+g' /opt/nginxproxymanager/docker/rootfs/etc/nginx/nginx.conf
 NGINX_CONFS=$(find /opt/nginxproxymanager -type f -name "*.conf")
 for NGINX_CONF in $NGINX_CONFS; do
@@ -183,6 +169,7 @@ sed -i 's/user npm/user root/g; s/^pid/#pid/g' /usr/local/openresty/nginx/conf/n
 sed -r -i 's/^([[:space:]]*)su npm npm/\1#su npm npm/g;' /etc/logrotate.d/nginx-proxy-manager
 systemctl enable -q --now openresty
 systemctl enable -q --now npm
+systemctl restart openresty
 msg_ok "Started Services"
 
 motd_ssh

tools/addon/coder-code-server.sh

@@ -89,31 +89,26 @@ VERSION=$(curl -fsSL https://api.github.com/repos/coder/code-server/releases/lat
   awk '{print substr($2, 3, length($2)-4) }')
 
 msg_info "Installing Code-Server v${VERSION}"
-config_path="${HOME}/.config/code-server/config.yaml"
-preexisting_config=false
 
-if [ -f "$config_path" ]; then
-  preexisting_config=true
+if [ -f ~/.config/code-server/config.yaml ]; then
+  existing_config=true
 fi
 
 curl -fOL https://github.com/coder/code-server/releases/download/v"$VERSION"/code-server_"${VERSION}"_amd64.deb &>/dev/null
 dpkg -i code-server_"${VERSION}"_amd64.deb &>/dev/null
 rm -rf code-server_"${VERSION}"_amd64.deb
-mkdir -p "${HOME}/.config/code-server/"
+mkdir -p ~/.config/code-server/
+systemctl enable -q --now code-server@"$USER"
 
-if [ "$preexisting_config" = false ]; then
-cat <<EOF >"$config_path"
+if [ $existing_config = false ]; then
+cat <<EOF >~/.config/code-server/config.yaml
 bind-addr: 0.0.0.0:8680
 auth: none
 password: 
 cert: false
 EOF
 fi
-systemctl enable -q --now code-server@"$USER"
 systemctl restart code-server@"$USER"
-if ! systemctl is-active --quiet code-server@"$USER"; then
-  error_exit "code-server service failed to start."
-fi
 msg_ok "Installed Code-Server v${VERSION} on $hostname"
 
 echo -e "${APP} should be reachable by going to the following URL.