Update .app files

* Add github-runner (ct)

* Simplify runner user creation in install script

* Add author and license information to script

---------

Co-authored-by: push-app-to-main[bot] <203845782+push-app-to-main[bot]@users.noreply.github.com>
Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>

.github/changelogs/2026/04.md

@@ -1,3 +1,132 @@
+## 2026-04-11
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Immich: Ensure newline before appending IMMICH_HELMET_FILE to .env [@MickLesk](https://github.com/MickLesk) ([#13667](https://github.com/community-scripts/ProxmoxVE/pull/13667))
+
+  - #### ✨ New Features
+
+    - BentoPDF: replace http-server with nginx to fix WASM initialization timeout [@MickLesk](https://github.com/MickLesk) ([#13625](https://github.com/community-scripts/ProxmoxVE/pull/13625))
+    - Element Synapse: Add MatrixRTC configuration for Element Call support [@MickLesk](https://github.com/MickLesk) ([#13665](https://github.com/community-scripts/ProxmoxVE/pull/13665))
+    - RomM: Use ROMM_BASE_PATH from .env for symlinks and nginx config [@MickLesk](https://github.com/MickLesk) ([#13666](https://github.com/community-scripts/ProxmoxVE/pull/13666))
+    - Immich: Pin version to 2.7.4 [@vhsdream](https://github.com/vhsdream) ([#13661](https://github.com/community-scripts/ProxmoxVE/pull/13661))
+
+  - #### 🔧 Refactor
+
+    - Crafty Controller: Wait for credentials file instead of fixed sleep [@MickLesk](https://github.com/MickLesk) ([#13670](https://github.com/community-scripts/ProxmoxVE/pull/13670))
+    - Refactor: Alpine-Wakapi [@tremor021](https://github.com/tremor021) ([#13656](https://github.com/community-scripts/ProxmoxVE/pull/13656))
+
+## 2026-04-10
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - fix: ensure trailing newline in redis.conf before appending bind directive [@Copilot](https://github.com/Copilot) ([#13647](https://github.com/community-scripts/ProxmoxVE/pull/13647))
+
+  - #### ✨ New Features
+
+    - Immich: Pin version to 2.7.3 [@vhsdream](https://github.com/vhsdream) ([#13631](https://github.com/community-scripts/ProxmoxVE/pull/13631))
+    - Homarr: bind Redis to localhost only [@MickLesk](https://github.com/MickLesk) ([#13552](https://github.com/community-scripts/ProxmoxVE/pull/13552))
+
+### 💾 Core
+
+  - #### 🐞 Bug Fixes
+
+    - tools.func: prevent script crash when entering GitHub token after rate limit [@MickLesk](https://github.com/MickLesk) ([#13638](https://github.com/community-scripts/ProxmoxVE/pull/13638))
+
+### 🧰 Tools
+
+  - #### 🔧 Refactor
+
+    - addons: Filebrowser & Filebrowser-Quantum get warning if host install [@MickLesk](https://github.com/MickLesk) ([#13639](https://github.com/community-scripts/ProxmoxVE/pull/13639))
+
+## 2026-04-09
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - boostack: add: git [@CrazyWolf13](https://github.com/CrazyWolf13) ([#13620](https://github.com/community-scripts/ProxmoxVE/pull/13620))
+
+  - #### ✨ New Features
+
+    - Update OPNsense version from 25.7 to 26.1 [@tdn131](https://github.com/tdn131) ([#13626](https://github.com/community-scripts/ProxmoxVE/pull/13626))
+    - CheckMK: Bump Default OS to 13 (trixie) + dynamic codename + fix RELEASE-Tag Fetching [@MickLesk](https://github.com/MickLesk) ([#13610](https://github.com/community-scripts/ProxmoxVE/pull/13610))
+
+## 2026-04-08
+
+### 🆕 New Scripts
+
+  - IronClaw | Alpine-IronClaw ([#13591](https://github.com/community-scripts/ProxmoxVE/pull/13591))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - immich: disable upgrade-insecure-requests CSP directive [@MickLesk](https://github.com/MickLesk) ([#13600](https://github.com/community-scripts/ProxmoxVE/pull/13600))
+    - Immich: v2.7.2 [@vhsdream](https://github.com/vhsdream) ([#13579](https://github.com/community-scripts/ProxmoxVE/pull/13579))
+    - Update flaresolverr-install.sh [@maztheman](https://github.com/maztheman) ([#13584](https://github.com/community-scripts/ProxmoxVE/pull/13584))
+
+  - #### ✨ New Features
+
+    - bambuddy: add mkdir before data restore & add ffmpeg dependency [@MickLesk](https://github.com/MickLesk) ([#13601](https://github.com/community-scripts/ProxmoxVE/pull/13601))
+
+  - #### 🔧 Refactor
+
+    - feat: update UHF Server script to use setup_ffmpeg [@zackwithak13](https://github.com/zackwithak13) ([#13564](https://github.com/community-scripts/ProxmoxVE/pull/13564))
+
+### 💾 Core
+
+  - #### ✨ New Features
+
+    - core: add script page badges to descriptions | change donate URL [@MickLesk](https://github.com/MickLesk) ([#13596](https://github.com/community-scripts/ProxmoxVE/pull/13596))
+
+## 2026-04-07
+
+### 🗑️ Deleted Scripts
+
+  - Remove low-install-count CT scripts and installers [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#13570](https://github.com/community-scripts/ProxmoxVE/pull/13570))
+
+### 💾 Core
+
+  - #### ✨ New Features
+
+    - core: improve resilience for top Proxmox error codes (209, 215, 118, 206) [@MickLesk](https://github.com/MickLesk) ([#13575](https://github.com/community-scripts/ProxmoxVE/pull/13575))
+
+## 2026-04-06
+
+### 🆕 New Scripts
+
+  - OpenThread Border Router ([#13536](https://github.com/community-scripts/ProxmoxVE/pull/13536))
+- Homelable ([#13539](https://github.com/community-scripts/ProxmoxVE/pull/13539))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Papra: check env before copy [@MickLesk](https://github.com/MickLesk) ([#13553](https://github.com/community-scripts/ProxmoxVE/pull/13553))
+    - changedetection: fix: typing_extensions error [@CrazyWolf13](https://github.com/CrazyWolf13) ([#13548](https://github.com/community-scripts/ProxmoxVE/pull/13548))
+    - kasm: fix: fetch latest version [@CrazyWolf13](https://github.com/CrazyWolf13) ([#13547](https://github.com/community-scripts/ProxmoxVE/pull/13547))
+
+## 2026-04-05
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Grist: remove install:ee step (private repo, not needed for grist-core) [@MickLesk](https://github.com/MickLesk) ([#13526](https://github.com/community-scripts/ProxmoxVE/pull/13526))
+    - Nginx Proxy Manager: ensure /tmp/nginx/body exists via openresty service  [@MickLesk](https://github.com/MickLesk) ([#13528](https://github.com/community-scripts/ProxmoxVE/pull/13528))
+    - MotionEye: run as root to enable SMB share support [@MickLesk](https://github.com/MickLesk) ([#13527](https://github.com/community-scripts/ProxmoxVE/pull/13527))
+
+### 💾 Core
+
+  - #### 🔧 Refactor
+
+    - core: silent() function - use return instead of exit to allow || true error handling [@MickLesk](https://github.com/MickLesk) ([#13529](https://github.com/community-scripts/ProxmoxVE/pull/13529))
+
 ## 2026-04-04
 
 ### 🧰 Tools

.github/workflows/pocketbase-bot.yml

@@ -31,6 +31,8 @@ jobs:
           ACTOR: ${{ github.event.comment.user.login }}
           ACTOR_ASSOCIATION: ${{ github.event.comment.author_association }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          FRONTEND_URL: ${{ secrets.FRONTEND_URL }}
+          REVALIDATE_SECRET: ${{ secrets.REVALIDATE_SECRET }}
         run: |
           node << 'ENDSCRIPT'
           (async function () {
@@ -113,7 +115,6 @@ jobs:
             }
 
             // ── Permission check ───────────────────────────────────────────────
-            // author_association: OWNER = repo/org owner, MEMBER = org member (includes Contributors team)
             const association = process.env.ACTOR_ASSOCIATION;
             if (association !== 'OWNER' && association !== 'MEMBER') {
               await addReaction('-1');
@@ -128,18 +129,11 @@ jobs:
             await addReaction('eyes');
 
             // ── Parse command ──────────────────────────────────────────────────
-            // Formats (first line of comment):
-            //   /pocketbase <slug> field=value [field=value ...]    ← field updates (simple values)
-            //   /pocketbase <slug> set <field>                       ← value from code block below
-            //   /pocketbase <slug> note list|add|edit|remove ...     ← note management
-            //   /pocketbase <slug> method list                        ← list install methods
-            //   /pocketbase <slug> method <type> cpu=N ram=N hdd=N   ← edit install method resources
             const commentBody = process.env.COMMENT_BODY || '';
             const lines = commentBody.trim().split('\n');
             const firstLine = lines[0].trim();
             const withoutCmd = firstLine.replace(/^\/pocketbase\s+/, '').trim();
 
-            // Extract code block content from comment body (```...``` or ```lang\n...```)
             function extractCodeBlock(body) {
               const m = body.match(/```[^\n]*\n([\s\S]*?)```/);
               return m ? m[1].trim() : null;
@@ -147,6 +141,8 @@ jobs:
             const codeBlockValue = extractCodeBlock(commentBody);
 
             const HELP_TEXT =
+              '**Show current state:**\n' +
+              '```\n/pocketbase <slug> info\n```\n\n' +
               '**Field update (simple):** `/pocketbase <slug> field=value [field=value ...]`\n\n' +
               '**Field update (HTML/multiline) — value from code block:**\n' +
               '````\n' +
@@ -162,12 +158,16 @@ jobs:
               '/pocketbase <slug> note edit <type> "<old text>" "<new text>"\n' +
               '/pocketbase <slug> note remove <type> "<text>"\n' +
               '```\n\n' +
-              '**Install method resources:**\n' +
+              '**Install method management:**\n' +
               '```\n' +
               '/pocketbase <slug> method list\n' +
-              '/pocketbase <slug> method <type> hdd=10\n' +
               '/pocketbase <slug> method <type> cpu=4 ram=2048 hdd=20\n' +
-              '```\n\n' +
+              '/pocketbase <slug> method <type> config_path="/opt/app/.env"\n' +
+              '/pocketbase <slug> method <type> os=debian version=13\n' +
+              '/pocketbase <slug> method add <type> cpu=2 ram=2048 hdd=8 os=debian version=13\n' +
+              '/pocketbase <slug> method remove <type>\n' +
+              '```\n' +
+              'Method fields: `cpu` `ram` `hdd` `os` `version` `config_path` `script`\n\n' +
               '**Editable fields:** `name` `description` `logo` `documentation` `website` `project_url` `github` ' +
               '`config_path` `port` `default_user` `default_passwd` ' +
               '`updateable` `privileged` `has_arm` `is_dev` ' +
@@ -189,8 +189,7 @@ jobs:
               process.exit(0);
             }
 
-            // ── Allowed fields and their types ─────────────────────────────────
-            // ── PocketBase: authenticate (shared by all paths) ─────────────────
+            // ── PocketBase: authenticate ───────────────────────────────────────
             const raw = process.env.POCKETBASE_URL.replace(/\/$/, '');
             const apiBase = /\/api$/i.test(raw) ? raw : raw + '/api';
             const coll = process.env.POCKETBASE_COLLECTION;
@@ -210,7 +209,7 @@ jobs:
             }
             const token = JSON.parse(authRes.body).token;
 
-            // ── PocketBase: find record by slug (shared by all paths) ──────────
+            // ── PocketBase: find record by slug ────────────────────────────────
             const recordsUrl = apiBase + '/collections/' + encodeURIComponent(coll) + '/records';
             const filter = "(slug='" + slug.replace(/'/g, "''") + "')";
             const listRes = await request(recordsUrl + '?filter=' + encodeURIComponent(filter) + '&perPage=1', {
@@ -228,57 +227,164 @@ jobs:
               process.exit(0);
             }
 
+            // ── Shared helpers ─────────────────────────────────────────────────
+
+            // Key=value parser: handles unquoted and "quoted" values
+            function parseKVPairs(str) {
+              const fields = {};
+              let pos = 0;
+              while (pos < str.length) {
+                while (pos < str.length && /\s/.test(str[pos])) pos++;
+                if (pos >= str.length) break;
+                let keyStart = pos;
+                while (pos < str.length && str[pos] !== '=' && !/\s/.test(str[pos])) pos++;
+                const key = str.substring(keyStart, pos).trim();
+                if (!key || pos >= str.length || str[pos] !== '=') { pos++; continue; }
+                pos++;
+                let value;
+                if (pos < str.length && str[pos] === '"') {
+                  pos++;
+                  let valStart = pos;
+                  while (pos < str.length && str[pos] !== '"') {
+                    if (str[pos] === '\\') pos++;
+                    pos++;
+                  }
+                  value = str.substring(valStart, pos).replace(/\\"/g, '"');
+                  if (pos < str.length) pos++;
+                } else {
+                  let valStart = pos;
+                  while (pos < str.length && !/\s/.test(str[pos])) pos++;
+                  value = str.substring(valStart, pos);
+                }
+                fields[key] = value;
+              }
+              return fields;
+            }
+
+            // Token parser for note commands: unquoted-word OR "quoted string"
+            function parseTokens(str) {
+              const tokens = [];
+              let pos = 0;
+              while (pos < str.length) {
+                while (pos < str.length && /\s/.test(str[pos])) pos++;
+                if (pos >= str.length) break;
+                if (str[pos] === '"') {
+                  pos++;
+                  let start = pos;
+                  while (pos < str.length && str[pos] !== '"') {
+                    if (str[pos] === '\\') pos++;
+                    pos++;
+                  }
+                  tokens.push(str.substring(start, pos).replace(/\\"/g, '"'));
+                  if (pos < str.length) pos++;
+                } else {
+                  let start = pos;
+                  while (pos < str.length && !/\s/.test(str[pos])) pos++;
+                  tokens.push(str.substring(start, pos));
+                }
+              }
+              return tokens;
+            }
+
+            // Read JSON blob from record (handles parsed objects and strings)
+            function readJsonBlob(val) {
+              if (Array.isArray(val)) return val;
+              try { return JSON.parse(val || '[]'); } catch (e) { return []; }
+            }
+
+            // Frontend cache revalidation (silent, best-effort)
+            async function revalidate(s) {
+              const frontendUrl = process.env.FRONTEND_URL;
+              const secret = process.env.REVALIDATE_SECRET;
+              if (!frontendUrl || !secret) return;
+              try {
+                await request(frontendUrl.replace(/\/$/, '') + '/api/revalidate', {
+                  method: 'POST',
+                  headers: { 'Authorization': 'Bearer ' + secret, 'Content-Type': 'application/json' },
+                  body: JSON.stringify({ tags: ['scripts', 'script-' + s] })
+                });
+              } catch (e) { console.warn('Revalidation skipped:', e.message); }
+            }
+
+            // Format notes list for display
+            function formatNotesList(arr) {
+              if (arr.length === 0) return '*None*';
+              return arr.map(function (n, i) {
+                return (i + 1) + '. **`' + (n.type || '?') + '`**: ' + (n.text || '');
+              }).join('\n');
+            }
+
+            // Format install methods list for display
+            function formatMethodsList(arr) {
+              if (arr.length === 0) return '*None*';
+              return arr.map(function (im, i) {
+                const r = im.resources || {};
+                const parts = [
+                  (r.os || '?') + ' ' + (r.version || '?'),
+                  (r.cpu != null ? r.cpu : '?') + 'C / ' + (r.ram != null ? r.ram : '?') + ' MB / ' + (r.hdd != null ? r.hdd : '?') + ' GB'
+                ];
+                if (im.config_path) parts.push('config: `' + im.config_path + '`');
+                if (im.script) parts.push('script: `' + im.script + '`');
+                return (i + 1) + '. **`' + (im.type || '?') + '`** — ' + parts.join(', ');
+              }).join('\n');
+            }
+
             // ── Route: dispatch to subcommand handler ──────────────────────────
+            const infoMatch   = rest.match(/^info$/i);
             const noteMatch   = rest.match(/^note\s+(list|add|edit|remove)\b/i);
             const methodMatch = rest.match(/^method\b/i);
             const setMatch    = rest.match(/^set\s+(\S+)/i);
 
-            if (noteMatch) {
-              // ── NOTE SUBCOMMAND (reads/writes notes_json on script record) ────
+            if (infoMatch) {
+              // ── INFO SUBCOMMAND ──────────────────────────────────────────────
+              const notesArr   = readJsonBlob(record.notes_json);
+              const methodsArr = readJsonBlob(record.install_methods_json);
+
+              const out = [];
+              out.push('ℹ️ **PocketBase Bot**: Info for **`' + slug + '`**\n');
+
+              out.push('**Basic info:**');
+              out.push('- **Name:** ' + (record.name || '—'));
+              out.push('- **Slug:** `' + slug + '`');
+              out.push('- **Port:** ' + (record.port != null ? '`' + record.port + '`' : '—'));
+              out.push('- **Updateable:** ' + (record.updateable ? 'Yes' : 'No'));
+              out.push('- **Privileged:** ' + (record.privileged ? 'Yes' : 'No'));
+              out.push('- **ARM:** ' + (record.has_arm ? 'Yes' : 'No'));
+              if (record.is_dev) out.push('- **Dev:** Yes');
+              if (record.is_disabled) out.push('- **Disabled:** Yes' + (record.disable_message ? ' — ' + record.disable_message : ''));
+              if (record.is_deleted) out.push('- **Deleted:** Yes' + (record.deleted_message ? ' — ' + record.deleted_message : ''));
+              out.push('');
+
+              out.push('**Links:**');
+              out.push('- **Website:** ' + (record.website || '—'));
+              out.push('- **Docs:** ' + (record.documentation || '—'));
+              out.push('- **Logo:** ' + (record.logo ? '[link](' + record.logo + ')' : '—'));
+              out.push('- **GitHub:** ' + (record.github || '—'));
+              if (record.config_path) out.push('- **Config:** `' + record.config_path + '`');
+              out.push('');
+
+              out.push('**Credentials:**');
+              out.push('- **User:** ' + (record.default_user || '—'));
+              out.push('- **Password:** ' + (record.default_passwd ? '*(set)*' : '—'));
+              out.push('');
+
+              out.push('**Install methods** (' + methodsArr.length + '):');
+              out.push(formatMethodsList(methodsArr));
+              out.push('');
+
+              out.push('**Notes** (' + notesArr.length + '):');
+              out.push(formatNotesList(notesArr));
+
+              await addReaction('+1');
+              await postComment(out.join('\n'));
+
+            } else if (noteMatch) {
+              // ── NOTE SUBCOMMAND ──────────────────────────────────────────────
               const noteAction  = noteMatch[1].toLowerCase();
               const noteArgsStr = rest.substring(noteMatch[0].length).trim();
+              let notesArr = readJsonBlob(record.notes_json);
 
-              // Parse notes_json from the already-fetched script record
-              // PocketBase may return JSON fields as already-parsed objects
-              let notesArr = [];
-              try {
-                const rawNotes = record.notes_json;
-                notesArr = Array.isArray(rawNotes) ? rawNotes : JSON.parse(rawNotes || '[]');
-              } catch (e) { notesArr = []; }
-
-              // Token parser: unquoted-word OR "quoted string" (supports \" escapes)
-              function parseNoteTokens(str) {
-                const tokens = [];
-                let pos = 0;
-                while (pos < str.length) {
-                  while (pos < str.length && /\s/.test(str[pos])) pos++;
-                  if (pos >= str.length) break;
-                  if (str[pos] === '"') {
-                    pos++;
-                    let start = pos;
-                    while (pos < str.length && str[pos] !== '"') {
-                      if (str[pos] === '\\') pos++;
-                      pos++;
-                    }
-                    tokens.push(str.substring(start, pos).replace(/\\"/g, '"'));
-                    if (pos < str.length) pos++;
-                  } else {
-                    let start = pos;
-                    while (pos < str.length && !/\s/.test(str[pos])) pos++;
-                    tokens.push(str.substring(start, pos));
-                  }
-                }
-                return tokens;
-              }
-
-              function formatNotesList(arr) {
-                if (arr.length === 0) return '*None*';
-                return arr.map(function (n, i) {
-                  return (i + 1) + '. **`' + (n.type || '?') + '`**: ' + (n.text || '');
-                }).join('\n');
-              }
-
-              async function patchNotesJson(arr) {
+              async function patchNotes(arr) {
                 const res = await request(recordsUrl + '/' + record.id, {
                   method: 'PATCH',
                   headers: { 'Authorization': token, 'Content-Type': 'application/json' },
@@ -286,7 +392,7 @@ jobs:
                 });
                 if (!res.ok) {
                   await addReaction('-1');
-                  await postComment('❌ **PocketBase Bot**: Failed to update `notes_json`:\n```\n' + res.body + '\n```');
+                  await postComment('❌ **PocketBase Bot**: Failed to update notes:\n```\n' + res.body + '\n```');
                   process.exit(1);
                 }
               }
@@ -299,7 +405,7 @@ jobs:
                 );
 
               } else if (noteAction === 'add') {
-                const tokens = parseNoteTokens(noteArgsStr);
+                const tokens = parseTokens(noteArgsStr);
                 if (tokens.length < 2) {
                   await addReaction('-1');
                   await postComment(
@@ -311,7 +417,8 @@ jobs:
                 const noteType = tokens[0].toLowerCase();
                 const noteText = tokens.slice(1).join(' ');
                 notesArr.push({ type: noteType, text: noteText });
-                await patchNotesJson(notesArr);
+                await patchNotes(notesArr);
+                await revalidate(slug);
                 await addReaction('+1');
                 await postComment(
                   '✅ **PocketBase Bot**: Added note to **`' + slug + '`**\n\n' +
@@ -321,7 +428,7 @@ jobs:
                 );
 
               } else if (noteAction === 'edit') {
-                const tokens = parseNoteTokens(noteArgsStr);
+                const tokens = parseTokens(noteArgsStr);
                 if (tokens.length < 3) {
                   await addReaction('-1');
                   await postComment(
@@ -346,7 +453,8 @@ jobs:
                   process.exit(0);
                 }
                 notesArr[idx].text = newText;
-                await patchNotesJson(notesArr);
+                await patchNotes(notesArr);
+                await revalidate(slug);
                 await addReaction('+1');
                 await postComment(
                   '✅ **PocketBase Bot**: Edited note in **`' + slug + '`**\n\n' +
@@ -357,7 +465,7 @@ jobs:
                 );
 
               } else if (noteAction === 'remove') {
-                const tokens = parseNoteTokens(noteArgsStr);
+                const tokens = parseTokens(noteArgsStr);
                 if (tokens.length < 2) {
                   await addReaction('-1');
                   await postComment(
@@ -381,7 +489,8 @@ jobs:
                   );
                   process.exit(0);
                 }
-                await patchNotesJson(notesArr);
+                await patchNotes(notesArr);
+                await revalidate(slug);
                 await addReaction('+1');
                 await postComment(
                   '✅ **PocketBase Bot**: Removed note from **`' + slug + '`**\n\n' +
@@ -392,36 +501,36 @@ jobs:
               }
 
             } else if (methodMatch) {
-              // ── METHOD SUBCOMMAND (reads/writes install_methods_json on script record) ──
+              // ── METHOD SUBCOMMAND ────────────────────────────────────────────
               const methodArgs     = rest.replace(/^method\s*/i, '').trim();
               const methodListMode = !methodArgs || methodArgs.toLowerCase() === 'list';
+              let methodsArr = readJsonBlob(record.install_methods_json);
 
-              // Parse install_methods_json from the already-fetched script record
-              // PocketBase may return JSON fields as already-parsed objects
-              let methodsArr = [];
-              try {
-                const rawMethods = record.install_methods_json;
-                methodsArr = Array.isArray(rawMethods) ? rawMethods : JSON.parse(rawMethods || '[]');
-              } catch (e) { methodsArr = []; }
+              // Method field classification
+              const RESOURCE_KEYS = { cpu: 'number', ram: 'number', hdd: 'number', os: 'string', version: 'string' };
+              const METHOD_KEYS   = { config_path: 'string', script: 'string' };
+              const ALL_METHOD_KEYS = Object.assign({}, RESOURCE_KEYS, METHOD_KEYS);
 
-              function formatMethodsList(arr) {
-                if (arr.length === 0) return '*None*';
-                return arr.map(function (im, i) {
-                  const r = im.resources || {};
-                  return (i + 1) + '. **`' + (im.type || '?') + '`** — CPU: `' + (r.cpu != null ? r.cpu : '?') +
-                    '` · RAM: `' + (r.ram != null ? r.ram : '?') + ' MB` · HDD: `' + (r.hdd != null ? r.hdd : '?') + ' GB`';
-                }).join('\n');
+              function applyMethodChanges(method, parsed) {
+                if (!method.resources) method.resources = {};
+                for (const [k, v] of Object.entries(parsed)) {
+                  if (RESOURCE_KEYS[k]) {
+                    method.resources[k] = RESOURCE_KEYS[k] === 'number' ? parseInt(v, 10) : v;
+                  } else if (METHOD_KEYS[k]) {
+                    method[k] = v === '' ? null : v;
+                  }
+                }
               }
 
-              async function patchInstallMethodsJson(arr) {
+              async function patchMethods(arr) {
                 const res = await request(recordsUrl + '/' + record.id, {
                   method: 'PATCH',
                   headers: { 'Authorization': token, 'Content-Type': 'application/json' },
-                  body: JSON.stringify({ install_methods_json: JSON.stringify(arr) })
+                  body: JSON.stringify({ install_methods_json: arr })
                 });
                 if (!res.ok) {
                   await addReaction('-1');
-                  await postComment('❌ **PocketBase Bot**: Failed to update `install_methods_json`:\n```\n' + res.body + '\n```');
+                  await postComment('❌ **PocketBase Bot**: Failed to update install methods:\n```\n' + res.body + '\n```');
                   process.exit(1);
                 }
               }
@@ -432,70 +541,122 @@ jobs:
                   'ℹ️ **PocketBase Bot**: Install methods for **`' + slug + '`** (' + methodsArr.length + ' total)\n\n' +
                   formatMethodsList(methodsArr)
                 );
+
               } else {
-                // Parse: <type> cpu=N ram=N hdd=N
-                const methodParts = methodArgs.match(/^(\S+)\s+(.+)$/);
-                if (!methodParts) {
-                  await addReaction('-1');
+                // Check for add / remove sub-actions
+                const addMatch    = methodArgs.match(/^add\s+(\S+)(?:\s+(.+))?$/i);
+                const removeMatch = methodArgs.match(/^remove\s+(\S+)$/i);
+
+                if (addMatch) {
+                  // ── METHOD ADD ───────────────────────────────────────────────
+                  const newType = addMatch[1];
+                  if (methodsArr.some(function (im) { return (im.type || '').toLowerCase() === newType.toLowerCase(); })) {
+                    await addReaction('-1');
+                    await postComment('❌ **PocketBase Bot**: Install method `' + newType + '` already exists for `' + slug + '`.\n\nUse `/pocketbase ' + slug + ' method list` to see all methods.');
+                    process.exit(0);
+                  }
+                  const newMethod = { type: newType, resources: { cpu: 1, ram: 512, hdd: 4, os: 'debian', version: '13' } };
+                  if (addMatch[2]) {
+                    const parsed = parseKVPairs(addMatch[2]);
+                    const unknown = Object.keys(parsed).filter(function (k) { return !ALL_METHOD_KEYS[k]; });
+                    if (unknown.length > 0) {
+                      await addReaction('-1');
+                      await postComment('❌ **PocketBase Bot**: Unknown method field(s): `' + unknown.join('`, `') + '`\n\n**Allowed:** `' + Object.keys(ALL_METHOD_KEYS).join('`, `') + '`');
+                      process.exit(0);
+                    }
+                    applyMethodChanges(newMethod, parsed);
+                  }
+                  methodsArr.push(newMethod);
+                  await patchMethods(methodsArr);
+                  await revalidate(slug);
+                  await addReaction('+1');
                   await postComment(
-                    '❌ **PocketBase Bot**: Invalid `method` syntax.\n\n' +
-                    '**Usage:**\n```\n/pocketbase ' + slug + ' method list\n/pocketbase ' + slug + ' method <type> hdd=10\n/pocketbase ' + slug + ' method <type> cpu=4 ram=2048 hdd=20\n```'
+                    '✅ **PocketBase Bot**: Added install method **`' + newType + '`** to **`' + slug + '`**\n\n' +
+                    formatMethodsList([newMethod]) + '\n\n' +
+                    '*Executed by @' + actor + '*'
                   );
-                  process.exit(0);
-                }
-                const targetType   = methodParts[1].toLowerCase();
-                const resourcesStr = methodParts[2];
 
-                // Parse resource fields (only cpu/ram/hdd allowed)
-                const RESOURCE_FIELDS = { cpu: true, ram: true, hdd: true };
-                const resourceChanges = {};
-                const rePairs = /([a-z]+)=(\d+)/gi;
-                let m;
-                while ((m = rePairs.exec(resourcesStr)) !== null) {
-                  const key = m[1].toLowerCase();
-                  if (RESOURCE_FIELDS[key]) resourceChanges[key] = parseInt(m[2], 10);
-                }
-                if (Object.keys(resourceChanges).length === 0) {
-                  await addReaction('-1');
-                  await postComment('❌ **PocketBase Bot**: No valid resource fields found. Use `cpu=N`, `ram=N`, `hdd=N`.');
-                  process.exit(0);
-                }
-
-                // Find matching method by type name (case-insensitive)
-                const idx = methodsArr.findIndex(function (im) {
-                  return (im.type || '').toLowerCase() === targetType;
-                });
-                if (idx === -1) {
-                  await addReaction('-1');
-                  const availableTypes = methodsArr.map(function (im) { return im.type || '?'; });
+                } else if (removeMatch) {
+                  // ── METHOD REMOVE ────────────────────────────────────────────
+                  const removeType = removeMatch[1].toLowerCase();
+                  const removed = methodsArr.filter(function (im) { return (im.type || '').toLowerCase() === removeType; });
+                  if (removed.length === 0) {
+                    await addReaction('-1');
+                    const available = methodsArr.map(function (im) { return im.type || '?'; });
+                    await postComment('❌ **PocketBase Bot**: No install method `' + removeType + '` found.\n\n**Available:** `' + (available.length ? available.join('`, `') : '(none)') + '`');
+                    process.exit(0);
+                  }
+                  methodsArr = methodsArr.filter(function (im) { return (im.type || '').toLowerCase() !== removeType; });
+                  await patchMethods(methodsArr);
+                  await revalidate(slug);
+                  await addReaction('+1');
                   await postComment(
-                    '❌ **PocketBase Bot**: No install method with type `' + targetType + '` found for `' + slug + '`.\n\n' +
-                    '**Available types:** `' + (availableTypes.length ? availableTypes.join('`, `') : '(none)') + '`\n\n' +
-                    'Use `/pocketbase ' + slug + ' method list` to see all methods.'
+                    '✅ **PocketBase Bot**: Removed install method **`' + removed[0].type + '`** from **`' + slug + '`**\n\n' +
+                    '*Executed by @' + actor + '*'
+                  );
+
+                } else {
+                  // ── METHOD EDIT ──────────────────────────────────────────────
+                  const editParts = methodArgs.match(/^(\S+)\s+(.+)$/);
+                  if (!editParts) {
+                    await addReaction('-1');
+                    await postComment(
+                      '❌ **PocketBase Bot**: Invalid `method` syntax.\n\n' +
+                      '**Usage:**\n```\n/pocketbase ' + slug + ' method list\n' +
+                      '/pocketbase ' + slug + ' method <type> cpu=4 ram=2048 hdd=20\n' +
+                      '/pocketbase ' + slug + ' method <type> config_path="/opt/app/.env"\n' +
+                      '/pocketbase ' + slug + ' method add <type> cpu=2 ram=2048 hdd=8\n' +
+                      '/pocketbase ' + slug + ' method remove <type>\n```'
+                    );
+                    process.exit(0);
+                  }
+                  const targetType = editParts[1].toLowerCase();
+                  const parsed = parseKVPairs(editParts[2]);
+
+                  const unknown = Object.keys(parsed).filter(function (k) { return !ALL_METHOD_KEYS[k]; });
+                  if (unknown.length > 0) {
+                    await addReaction('-1');
+                    await postComment('❌ **PocketBase Bot**: Unknown method field(s): `' + unknown.join('`, `') + '`\n\n**Allowed:** `' + Object.keys(ALL_METHOD_KEYS).join('`, `') + '`');
+                    process.exit(0);
+                  }
+                  if (Object.keys(parsed).length === 0) {
+                    await addReaction('-1');
+                    await postComment('❌ **PocketBase Bot**: No valid `key=value` pairs found.\n\n**Allowed:** `' + Object.keys(ALL_METHOD_KEYS).join('`, `') + '`');
+                    process.exit(0);
+                  }
+
+                  const idx = methodsArr.findIndex(function (im) { return (im.type || '').toLowerCase() === targetType; });
+                  if (idx === -1) {
+                    await addReaction('-1');
+                    const available = methodsArr.map(function (im) { return im.type || '?'; });
+                    await postComment(
+                      '❌ **PocketBase Bot**: No install method `' + targetType + '` found for `' + slug + '`.\n\n' +
+                      '**Available:** `' + (available.length ? available.join('`, `') : '(none)') + '`\n\n' +
+                      'Use `/pocketbase ' + slug + ' method list` to see all methods.'
+                    );
+                    process.exit(0);
+                  }
+
+                  applyMethodChanges(methodsArr[idx], parsed);
+                  await patchMethods(methodsArr);
+                  await revalidate(slug);
+
+                  const changesLines = Object.entries(parsed)
+                    .map(function ([k, v]) {
+                      const unit = k === 'ram' ? ' MB' : k === 'hdd' ? ' GB' : '';
+                      return '- `' + k + '` → `' + v + unit + '`';
+                    }).join('\n');
+                  await addReaction('+1');
+                  await postComment(
+                    '✅ **PocketBase Bot**: Updated install method **`' + methodsArr[idx].type + '`** for **`' + slug + '`**\n\n' +
+                    '**Changes applied:**\n' + changesLines + '\n\n' +
+                    '*Executed by @' + actor + '*'
                   );
-                  process.exit(0);
                 }
-
-                if (!methodsArr[idx].resources) methodsArr[idx].resources = {};
-                if (resourceChanges.cpu != null) methodsArr[idx].resources.cpu = resourceChanges.cpu;
-                if (resourceChanges.ram != null) methodsArr[idx].resources.ram = resourceChanges.ram;
-                if (resourceChanges.hdd != null) methodsArr[idx].resources.hdd = resourceChanges.hdd;
-
-                await patchInstallMethodsJson(methodsArr);
-
-                const changesLines = Object.entries(resourceChanges)
-                  .map(function ([k, v]) { return '- `' + k + '` → `' + v + (k === 'ram' ? ' MB' : k === 'hdd' ? ' GB' : '') + '`'; })
-                  .join('\n');
-                await addReaction('+1');
-                await postComment(
-                  '✅ **PocketBase Bot**: Updated install method **`' + methodsArr[idx].type + '`** for **`' + slug + '`**\n\n' +
-                  '**Changes applied:**\n' + changesLines + '\n\n' +
-                  '*Executed by @' + actor + '*'
-                );
               }
 
             } else if (setMatch) {
-              // ── SET SUBCOMMAND (multi-line / HTML / special chars via code block) ──
+              // ── SET SUBCOMMAND (value from code block) ───────────────────────
               const fieldName = setMatch[1].toLowerCase();
               const SET_ALLOWED = {
                 name: 'string', description: 'string', logo: 'string',
@@ -531,6 +692,7 @@ jobs:
                 await postComment('❌ **PocketBase Bot**: PATCH failed for `' + slug + '`:\n```\n' + setPatchRes.body + '\n```');
                 process.exit(1);
               }
+              await revalidate(slug);
               const preview = codeBlockValue.length > 300 ? codeBlockValue.substring(0, 300) + '…' : codeBlockValue;
               await addReaction('+1');
               await postComment(
@@ -541,11 +703,6 @@ jobs:
 
             } else {
               // ── FIELD=VALUE PATH ─────────────────────────────────────────────
-              const fieldsStr = rest;
-
-              // Skipped: slug, script_created/updated, created (auto), categories/
-              // install_methods/notes/type (relations), github_data/install_methods_json/
-              // notes_json (auto-generated), execute_in (select relation), last_update_commit (auto)
               const ALLOWED_FIELDS = {
                 name:             'string',
                 description:      'string',
@@ -568,39 +725,7 @@ jobs:
                 deleted_message:  'string',
               };
 
-              // Field=value parser (handles quoted values and empty=null)
-              function parseFields(str) {
-                const fields = {};
-                let pos = 0;
-                while (pos < str.length) {
-                  while (pos < str.length && /\s/.test(str[pos])) pos++;
-                  if (pos >= str.length) break;
-                  let keyStart = pos;
-                  while (pos < str.length && str[pos] !== '=' && !/\s/.test(str[pos])) pos++;
-                  const key = str.substring(keyStart, pos).trim();
-                  if (!key || pos >= str.length || str[pos] !== '=') { pos++; continue; }
-                  pos++;
-                  let value;
-                  if (str[pos] === '"') {
-                    pos++;
-                    let valStart = pos;
-                    while (pos < str.length && str[pos] !== '"') {
-                      if (str[pos] === '\\') pos++;
-                      pos++;
-                    }
-                    value = str.substring(valStart, pos).replace(/\\"/g, '"');
-                    if (pos < str.length) pos++;
-                  } else {
-                    let valStart = pos;
-                    while (pos < str.length && !/\s/.test(str[pos])) pos++;
-                    value = str.substring(valStart, pos);
-                  }
-                  fields[key] = value;
-                }
-                return fields;
-              }
-
-              const parsedFields = parseFields(fieldsStr);
+              const parsedFields = parseKVPairs(rest);
 
               const unknownFields = Object.keys(parsedFields).filter(function (f) { return !ALLOWED_FIELDS[f]; });
               if (unknownFields.length > 0) {
@@ -655,6 +780,7 @@ jobs:
                 await postComment('❌ **PocketBase Bot**: PATCH failed for `' + slug + '`:\n```\n' + patchRes.body + '\n```');
                 process.exit(1);
               }
+              await revalidate(slug);
               await addReaction('+1');
               const changesLines = Object.entries(payload)
                 .map(function ([k, v]) { return '- `' + k + '` → `' + JSON.stringify(v) + '`'; })

.github/workflows/push-json-to-pocketbase.yml

@@ -170,7 +170,6 @@ jobs:
               website: data.website,
               logo: data.logo,
               description: data.description,
-              config_path: data.config_path,
               default_user: (data.default_credentials && data.default_credentials.username) || data.default_user || null,
               default_passwd: (data.default_credentials && data.default_credentials.password) || data.default_passwd || null,
               is_dev: false

CHANGELOG.md

@@ -35,6 +35,9 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 
 
+
+
+
 
 
 
@@ -48,7 +51,7 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 
 <details>
-<summary><h4>April (4 entries)</h4></summary>
+<summary><h4>April (11 entries)</h4></summary>
 
 [View April 2026 Changelog](.github/changelogs/2026/04.md)
 
@@ -439,6 +442,192 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 </details>
 
+## 2026-04-15
+
+### 🆕 New Scripts
+
+  - Revert "Remove low-install-count CT scripts and installers (#13570)" [@CrazyWolf13](https://github.com/CrazyWolf13) ([#13752](https://github.com/community-scripts/ProxmoxVE/pull/13752))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Domain Monitor: Fix file ownership after update [@tremor021](https://github.com/tremor021) ([#13759](https://github.com/community-scripts/ProxmoxVE/pull/13759))
+
+  - #### 💥 Breaking Changes
+
+    - Reitti: refactor scripts for v4 - remove RabbitMQ and Photon [@MickLesk](https://github.com/MickLesk) ([#13728](https://github.com/community-scripts/ProxmoxVE/pull/13728))
+
+## 2026-04-14
+
+### 🚀 Updated Scripts
+
+  - Immich: Pin photo-processing library revisions [@vhsdream](https://github.com/vhsdream) ([#13748](https://github.com/community-scripts/ProxmoxVE/pull/13748))
+
+  - #### 🐞 Bug Fixes
+
+    - BentoPDF: Nginx fixes [@tremor021](https://github.com/tremor021) ([#13741](https://github.com/community-scripts/ProxmoxVE/pull/13741))
+    - Zerobyte: add git to dependencies to fix bun install failure [@Copilot](https://github.com/Copilot) ([#13721](https://github.com/community-scripts/ProxmoxVE/pull/13721))
+    - alpine-nextcloud-install: do not use deprecated nginx config [@AlexanderStein](https://github.com/AlexanderStein) ([#13726](https://github.com/community-scripts/ProxmoxVE/pull/13726))
+
+  - #### ✨ New Features
+
+    - Mealie: support v3.15+ Nuxt 4 migration [@MickLesk](https://github.com/MickLesk) ([#13731](https://github.com/community-scripts/ProxmoxVE/pull/13731))
+
+  - #### 🔧 Refactor
+
+    - Lyrion: correct service name and version file in update script [@MickLesk](https://github.com/MickLesk) ([#13734](https://github.com/community-scripts/ProxmoxVE/pull/13734))
+    - Changedetection: move env vars from service file to .env [@tremor021](https://github.com/tremor021) ([#13732](https://github.com/community-scripts/ProxmoxVE/pull/13732))
+
+## 2026-04-13
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Slskd: Remove stale Soularr lock file on startup and redirect logs to stderr [@MickLesk](https://github.com/MickLesk) ([#13669](https://github.com/community-scripts/ProxmoxVE/pull/13669))
+    - Bambuddy: preserve database and archive on update [@Copilot](https://github.com/Copilot) ([#13706](https://github.com/community-scripts/ProxmoxVE/pull/13706))
+
+  - #### ✨ New Features
+
+    - Immich: Pin version to 2.7.5 [@vhsdream](https://github.com/vhsdream) ([#13715](https://github.com/community-scripts/ProxmoxVE/pull/13715))
+    - Bytestash: auto backup/restore data on update [@MickLesk](https://github.com/MickLesk) ([#13707](https://github.com/community-scripts/ProxmoxVE/pull/13707))
+    - OpenCloud: pin version to 6.0.0 [@vhsdream](https://github.com/vhsdream) ([#13691](https://github.com/community-scripts/ProxmoxVE/pull/13691))
+
+  - #### 💥 Breaking Changes
+
+    - Mealie: pin version to v3.14.0 in install and update scripts [@Copilot](https://github.com/Copilot) ([#13724](https://github.com/community-scripts/ProxmoxVE/pull/13724))
+
+  - #### 🔧 Refactor
+
+    - core: remove unused TEMP_DIR mktemp leak in build_container / clean sonarqube [@MickLesk](https://github.com/MickLesk) ([#13708](https://github.com/community-scripts/ProxmoxVE/pull/13708))
+
+## 2026-04-12
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Alpine-Wakapi: Remove container checks in update_script function [@MickLesk](https://github.com/MickLesk) ([#13694](https://github.com/community-scripts/ProxmoxVE/pull/13694))
+
+  - #### 🔧 Refactor
+
+    - IronClaw: Install keychain dependencies and launch in a DBus session [@MickLesk](https://github.com/MickLesk) ([#13692](https://github.com/community-scripts/ProxmoxVE/pull/13692))
+    - MeTube: Allow pnpm build scripts to fix ERR_PNPM_IGNORED_BUILDS [@MickLesk](https://github.com/MickLesk) ([#13668](https://github.com/community-scripts/ProxmoxVE/pull/13668))
+
+## 2026-04-11
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Immich: Ensure newline before appending IMMICH_HELMET_FILE to .env [@MickLesk](https://github.com/MickLesk) ([#13667](https://github.com/community-scripts/ProxmoxVE/pull/13667))
+
+  - #### ✨ New Features
+
+    - BentoPDF: replace http-server with nginx to fix WASM initialization timeout [@MickLesk](https://github.com/MickLesk) ([#13625](https://github.com/community-scripts/ProxmoxVE/pull/13625))
+    - Element Synapse: Add MatrixRTC configuration for Element Call support [@MickLesk](https://github.com/MickLesk) ([#13665](https://github.com/community-scripts/ProxmoxVE/pull/13665))
+    - RomM: Use ROMM_BASE_PATH from .env for symlinks and nginx config [@MickLesk](https://github.com/MickLesk) ([#13666](https://github.com/community-scripts/ProxmoxVE/pull/13666))
+    - Immich: Pin version to 2.7.4 [@vhsdream](https://github.com/vhsdream) ([#13661](https://github.com/community-scripts/ProxmoxVE/pull/13661))
+
+  - #### 🔧 Refactor
+
+    - Crafty Controller: Wait for credentials file instead of fixed sleep [@MickLesk](https://github.com/MickLesk) ([#13670](https://github.com/community-scripts/ProxmoxVE/pull/13670))
+    - Refactor: Alpine-Wakapi [@tremor021](https://github.com/tremor021) ([#13656](https://github.com/community-scripts/ProxmoxVE/pull/13656))
+
+## 2026-04-10
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - fix: ensure trailing newline in redis.conf before appending bind directive [@Copilot](https://github.com/Copilot) ([#13647](https://github.com/community-scripts/ProxmoxVE/pull/13647))
+
+  - #### ✨ New Features
+
+    - Immich: Pin version to 2.7.3 [@vhsdream](https://github.com/vhsdream) ([#13631](https://github.com/community-scripts/ProxmoxVE/pull/13631))
+    - Homarr: bind Redis to localhost only [@MickLesk](https://github.com/MickLesk) ([#13552](https://github.com/community-scripts/ProxmoxVE/pull/13552))
+
+### 💾 Core
+
+  - #### 🐞 Bug Fixes
+
+    - tools.func: prevent script crash when entering GitHub token after rate limit [@MickLesk](https://github.com/MickLesk) ([#13638](https://github.com/community-scripts/ProxmoxVE/pull/13638))
+
+### 🧰 Tools
+
+  - #### 🔧 Refactor
+
+    - addons: Filebrowser & Filebrowser-Quantum get warning if host install [@MickLesk](https://github.com/MickLesk) ([#13639](https://github.com/community-scripts/ProxmoxVE/pull/13639))
+
+## 2026-04-09
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - boostack: add: git [@CrazyWolf13](https://github.com/CrazyWolf13) ([#13620](https://github.com/community-scripts/ProxmoxVE/pull/13620))
+
+  - #### ✨ New Features
+
+    - Update OPNsense version from 25.7 to 26.1 [@tdn131](https://github.com/tdn131) ([#13626](https://github.com/community-scripts/ProxmoxVE/pull/13626))
+    - CheckMK: Bump Default OS to 13 (trixie) + dynamic codename + fix RELEASE-Tag Fetching [@MickLesk](https://github.com/MickLesk) ([#13610](https://github.com/community-scripts/ProxmoxVE/pull/13610))
+
+## 2026-04-08
+
+### 🆕 New Scripts
+
+  - IronClaw | Alpine-IronClaw ([#13591](https://github.com/community-scripts/ProxmoxVE/pull/13591))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - immich: disable upgrade-insecure-requests CSP directive [@MickLesk](https://github.com/MickLesk) ([#13600](https://github.com/community-scripts/ProxmoxVE/pull/13600))
+    - Immich: v2.7.2 [@vhsdream](https://github.com/vhsdream) ([#13579](https://github.com/community-scripts/ProxmoxVE/pull/13579))
+    - Update flaresolverr-install.sh [@maztheman](https://github.com/maztheman) ([#13584](https://github.com/community-scripts/ProxmoxVE/pull/13584))
+
+  - #### ✨ New Features
+
+    - bambuddy: add mkdir before data restore & add ffmpeg dependency [@MickLesk](https://github.com/MickLesk) ([#13601](https://github.com/community-scripts/ProxmoxVE/pull/13601))
+
+  - #### 🔧 Refactor
+
+    - feat: update UHF Server script to use setup_ffmpeg [@zackwithak13](https://github.com/zackwithak13) ([#13564](https://github.com/community-scripts/ProxmoxVE/pull/13564))
+
+### 💾 Core
+
+  - #### ✨ New Features
+
+    - core: add script page badges to descriptions | change donate URL [@MickLesk](https://github.com/MickLesk) ([#13596](https://github.com/community-scripts/ProxmoxVE/pull/13596))
+
+## 2026-04-07
+
+### 🗑️ Deleted Scripts
+
+  - Remove low-install-count CT scripts and installers [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#13570](https://github.com/community-scripts/ProxmoxVE/pull/13570))
+
+### 💾 Core
+
+  - #### ✨ New Features
+
+    - core: improve resilience for top Proxmox error codes (209, 215, 118, 206) [@MickLesk](https://github.com/MickLesk) ([#13575](https://github.com/community-scripts/ProxmoxVE/pull/13575))
+
+## 2026-04-06
+
+### 🆕 New Scripts
+
+  - OpenThread Border Router ([#13536](https://github.com/community-scripts/ProxmoxVE/pull/13536))
+- Homelable ([#13539](https://github.com/community-scripts/ProxmoxVE/pull/13539))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Papra: check env before copy [@MickLesk](https://github.com/MickLesk) ([#13553](https://github.com/community-scripts/ProxmoxVE/pull/13553))
+    - changedetection: fix: typing_extensions error [@CrazyWolf13](https://github.com/CrazyWolf13) ([#13548](https://github.com/community-scripts/ProxmoxVE/pull/13548))
+    - kasm: fix: fetch latest version [@CrazyWolf13](https://github.com/CrazyWolf13) ([#13547](https://github.com/community-scripts/ProxmoxVE/pull/13547))
+
 ## 2026-04-05
 
 ### 🚀 Updated Scripts
@@ -927,173 +1116,4 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 ### 📚 Documentation
 
-  - Update: Docs/website metadata workflow [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#12858](https://github.com/community-scripts/ProxmoxVE/pull/12858))
-
-## 2026-03-12
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - manyfold: fix incorrect port in upstream requests by forwarding original host [@anlopo](https://github.com/anlopo) ([#12812](https://github.com/community-scripts/ProxmoxVE/pull/12812))
-    - SparkyFitness: install pnpm dependencies from workspace root [@MickLesk](https://github.com/MickLesk) ([#12792](https://github.com/community-scripts/ProxmoxVE/pull/12792))
-    - n8n: add build-essential to update dependencies [@MickLesk](https://github.com/MickLesk) ([#12795](https://github.com/community-scripts/ProxmoxVE/pull/12795))
-    - Frigate openvino labelmap patch [@semtex1987](https://github.com/semtex1987) ([#12751](https://github.com/community-scripts/ProxmoxVE/pull/12751))
-
-  - #### 🔧 Refactor
-
-    - Pin Patchmon to 1.4.2 [@vhsdream](https://github.com/vhsdream) ([#12789](https://github.com/community-scripts/ProxmoxVE/pull/12789))
-
-### 💾 Core
-
-  - #### 🐞 Bug Fixes
-
-    - tools.func: correct PATH escaping in ROCm profile script [@MickLesk](https://github.com/MickLesk) ([#12793](https://github.com/community-scripts/ProxmoxVE/pull/12793))
-
-  - #### ✨ New Features
-
-    - core: add mode=generated for unattended frontend installs [@MickLesk](https://github.com/MickLesk) ([#12807](https://github.com/community-scripts/ProxmoxVE/pull/12807))
-    - core: validate storage availability when loading defaults [@MickLesk](https://github.com/MickLesk) ([#12794](https://github.com/community-scripts/ProxmoxVE/pull/12794))
-
-  - #### 🔧 Refactor
-
-    - tools.func: support older NVIDIA driver versions with 2 segments (xxx.xxx) [@MickLesk](https://github.com/MickLesk) ([#12796](https://github.com/community-scripts/ProxmoxVE/pull/12796))
-
-### 🧰 Tools
-
-  - #### 🐞 Bug Fixes
-
-    - Fix PBS microcode naming [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#12834](https://github.com/community-scripts/ProxmoxVE/pull/12834))
-
-### 📂 Github
-
-  - Cleanup: remove old workflow files [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#12818](https://github.com/community-scripts/ProxmoxVE/pull/12818))
-- Cleanup: remove frontend, move JSONs to json/ top-level [@MickLesk](https://github.com/MickLesk) ([#12813](https://github.com/community-scripts/ProxmoxVE/pull/12813))
-
-### ❔ Uncategorized
-
-  - Remove json files [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#12830](https://github.com/community-scripts/ProxmoxVE/pull/12830))
-
-## 2026-03-11
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - fix: Init telemetry in addon scripts [@MickLesk](https://github.com/MickLesk) ([#12777](https://github.com/community-scripts/ProxmoxVE/pull/12777))
-    - Tracearr:  Increase default disk variable from 5 to 10 [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#12762](https://github.com/community-scripts/ProxmoxVE/pull/12762))
-    - Fix Wireguard Dashboard update [@odin568](https://github.com/odin568) ([#12767](https://github.com/community-scripts/ProxmoxVE/pull/12767))
-
-### 🧰 Tools
-
-  - #### ✨ New Features
-
-    - Coder-Code-Server: Check if config file exists [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#12758](https://github.com/community-scripts/ProxmoxVE/pull/12758))
-
-## 2026-03-10
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - [Fix] Immich: Pin libvips to 8.17.3 [@vhsdream](https://github.com/vhsdream) ([#12744](https://github.com/community-scripts/ProxmoxVE/pull/12744))
-
-## 2026-03-09
-
-### 🚀 Updated Scripts
-
-  - Pin Opencloud to 5.2.0 [@vhsdream](https://github.com/vhsdream) ([#12721](https://github.com/community-scripts/ProxmoxVE/pull/12721))
-
-  - #### 🐞 Bug Fixes
-
-    - [Hotfix] qBittorrent: Disable UPnP port forwarding by default [@vhsdream](https://github.com/vhsdream) ([#12728](https://github.com/community-scripts/ProxmoxVE/pull/12728))
-    - [Quickfix] Opencloud: ensure correct case for binary [@vhsdream](https://github.com/vhsdream) ([#12729](https://github.com/community-scripts/ProxmoxVE/pull/12729))
-    - Omada: Bump libssl [@MickLesk](https://github.com/MickLesk) ([#12724](https://github.com/community-scripts/ProxmoxVE/pull/12724))
-    - openwebui: Ensure required dependencies [@MickLesk](https://github.com/MickLesk) ([#12717](https://github.com/community-scripts/ProxmoxVE/pull/12717))
-    - Frigate: try an OpenVino model build fallback [@MickLesk](https://github.com/MickLesk) ([#12704](https://github.com/community-scripts/ProxmoxVE/pull/12704))
-    - Change cronjob setup to use www-data user [@opastorello](https://github.com/opastorello) ([#12695](https://github.com/community-scripts/ProxmoxVE/pull/12695))
-    - RustDesk Server: Fix check_for_gh_release function call [@tremor021](https://github.com/tremor021) ([#12694](https://github.com/community-scripts/ProxmoxVE/pull/12694))
-
-  - #### ✨ New Features
-
-    - feat: improve zigbee2mqtt backup handler [@MickLesk](https://github.com/MickLesk) ([#12714](https://github.com/community-scripts/ProxmoxVE/pull/12714))
-
-  - #### 💥 Breaking Changes
-
-    - Reactive Resume: rewrite for v5 using original repo amruthpilla/reactive-resume [@MickLesk](https://github.com/MickLesk) ([#12705](https://github.com/community-scripts/ProxmoxVE/pull/12705))
-
-### 💾 Core
-
-  - #### ✨ New Features
-
-    - tools: add Alpine (apk) support to ensure_dependencies and is_package_installed [@MickLesk](https://github.com/MickLesk) ([#12703](https://github.com/community-scripts/ProxmoxVE/pull/12703))
-    - tools.func: extend hwaccel with ROCm  [@MickLesk](https://github.com/MickLesk) ([#12707](https://github.com/community-scripts/ProxmoxVE/pull/12707))
-
-### 🌐 Website
-
-  - #### ✨ New Features
-
-    - feat: add CopycatWarningToast component for user warnings [@BramSuurdje](https://github.com/BramSuurdje) ([#12733](https://github.com/community-scripts/ProxmoxVE/pull/12733))
-
-## 2026-03-08
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - [Fix] Immich: chown install dir before machine-learning update [@vhsdream](https://github.com/vhsdream) ([#12684](https://github.com/community-scripts/ProxmoxVE/pull/12684))
-    - [Fix] Scanopy: Build generate-fixtures [@vhsdream](https://github.com/vhsdream) ([#12686](https://github.com/community-scripts/ProxmoxVE/pull/12686))
-    - fix: rustdeskserver: use correct repo string [@CrazyWolf13](https://github.com/CrazyWolf13) ([#12682](https://github.com/community-scripts/ProxmoxVE/pull/12682))
-    - NZBGet: Fixes for RAR5 handling [@tremor021](https://github.com/tremor021) ([#12675](https://github.com/community-scripts/ProxmoxVE/pull/12675))
-
-### 🌐 Website
-
-  - #### 🐞 Bug Fixes
-
-    - LXC-Execute: Fix slug [@tremor021](https://github.com/tremor021) ([#12681](https://github.com/community-scripts/ProxmoxVE/pull/12681))
-
-## 2026-03-07
-
-### 🆕 New Scripts
-
-  - ImmichFrame ([#12653](https://github.com/community-scripts/ProxmoxVE/pull/12653))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Grocy: bump PHP version from 8.3 to 8.5 [@MickLesk](https://github.com/MickLesk) ([#12651](https://github.com/community-scripts/ProxmoxVE/pull/12651))
-    - Check for influxdb3 installation in update_script [@odin568](https://github.com/odin568) ([#12648](https://github.com/community-scripts/ProxmoxVE/pull/12648))
-    - Update Rdtclient to dotnet 10.0 [@asylumexp](https://github.com/asylumexp) ([#12638](https://github.com/community-scripts/ProxmoxVE/pull/12638))
-    - fix(immich): fix update script failing to add Debian testing repo when preferences file already exists [@Copilot](https://github.com/Copilot) ([#12631](https://github.com/community-scripts/ProxmoxVE/pull/12631))
-
-### 💾 Core
-
-  - #### ✨ New Features
-
-    - tools: add interactive GitHub PAT prompt on rate limit / auth failure [@MickLesk](https://github.com/MickLesk) ([#12652](https://github.com/community-scripts/ProxmoxVE/pull/12652))
-
-### 🌐 Website
-
-  - #### 📝 Script Information
-
-    - Papra: update repository URL to papra-hq/papra [@MickLesk](https://github.com/MickLesk) ([#12650](https://github.com/community-scripts/ProxmoxVE/pull/12650))
-
-## 2026-03-06
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - RustDesk Server: Fix update script [@tremor021](https://github.com/tremor021) ([#12625](https://github.com/community-scripts/ProxmoxVE/pull/12625))
-    - [Node-RED] Restart service after update [@Aurelien30000](https://github.com/Aurelien30000) ([#12621](https://github.com/community-scripts/ProxmoxVE/pull/12621))
-    - wealthfolio: update cors [@CrazyWolf13](https://github.com/CrazyWolf13) ([#12617](https://github.com/community-scripts/ProxmoxVE/pull/12617))
-    - CryptPad: Better update handling [@tremor021](https://github.com/tremor021) ([#12611](https://github.com/community-scripts/ProxmoxVE/pull/12611))
-
-  - #### ✨ New Features
-
-    - RustDesk Server: Switch to updated repository [@tremor021](https://github.com/tremor021) ([#12083](https://github.com/community-scripts/ProxmoxVE/pull/12083))
-
-  - #### 💥 Breaking Changes
-
-    - Semaphore: Move from BoltDB to SQLite [@tremor021](https://github.com/tremor021) ([#12624](https://github.com/community-scripts/ProxmoxVE/pull/12624))
+  - Update: Docs/website metadata workflow [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#12858](https://github.com/community-scripts/ProxmoxVE/pull/12858))

ct/alpine-ironclaw.sh

@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/nearai/ironclaw
+
+APP="Alpine-IronClaw"
+var_tags="${var_tags:-ai;agent;alpine}"
+var_cpu="${var_cpu:-1}"
+var_ram="${var_ram:-1024}"
+var_disk="${var_disk:-8}"
+var_os="${var_os:-alpine}"
+var_version="${var_version:-3.23}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -f /usr/local/bin/ironclaw ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "ironclaw-bin" "nearai/ironclaw"; then
+    msg_info "Stopping Service"
+    rc-service ironclaw stop 2>/dev/null || true
+    msg_ok "Stopped Service"
+
+    msg_info "Backing up Configuration"
+    cp /root/.ironclaw/.env /root/ironclaw.env.bak
+    msg_ok "Backed up Configuration"
+
+    fetch_and_deploy_gh_release "ironclaw-bin" "nearai/ironclaw" "prebuild" "latest" "/usr/local/bin" \
+      "ironclaw-$(uname -m)-unknown-linux-musl.tar.gz"
+    chmod +x /usr/local/bin/ironclaw
+
+    msg_info "Restoring Configuration"
+    cp /root/ironclaw.env.bak /root/.ironclaw/.env
+    rm -f /root/ironclaw.env.bak
+    msg_ok "Restored Configuration"
+
+    msg_info "Starting Service"
+    rc-service ironclaw start
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Complete setup by running:${CL}"
+echo -e "${TAB}${BGN}ironclaw onboard${CL}"
+echo -e "${INFO}${YW} Then start the service:${CL}"
+echo -e "${TAB}${BGN}rc-service ironclaw start${CL}"
+echo -e "${INFO}${YW} Access the Web UI at:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"
+echo -e "${INFO}${YW} Auth token and database credentials:${CL}"
+echo -e "${TAB}${BGN}cat /root/.ironclaw/.env${CL}"

ct/alpine-wakapi.sh

@@ -22,8 +22,6 @@ catch_errors
 
 function update_script() {
   header_info
-  check_container_storage
-  check_container_resources
   if [[ ! -d /opt/wakapi ]]; then
     msg_error "No ${APP} Installation Found!"
     exit
@@ -44,12 +42,10 @@ function update_script() {
     cp /opt/wakapi/config.yml /opt/wakapi/wakapi_db.db /opt/wakapi-backup/
     msg_ok "Created backup"
 
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "wakapi" "muety/wakapi" "tarball"
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "wakapi" "muety/wakapi" "prebuild" "latest" "/opt/wakapi" "wakapi_linux_amd64.zip"
 
     msg_info "Configuring Wakapi"
     cd /opt/wakapi
-    $STD go mod download
-    $STD go build -o wakapi
     cp /opt/wakapi-backup/config.yml /opt/wakapi/
     cp /opt/wakapi-backup/wakapi_db.db /opt/wakapi/
     rm -rf /opt/wakapi-backup

ct/bambuddy.sh

@@ -29,6 +29,8 @@ function update_script() {
     exit
   fi
 
+  ensure_dependencies ffmpeg
+
   if check_for_gh_release "bambuddy" "maziggy/bambuddy"; then
     msg_info "Stopping Service"
     systemctl stop bambuddy
@@ -37,6 +39,9 @@ function update_script() {
     msg_info "Backing up Configuration and Data"
     cp /opt/bambuddy/.env /opt/bambuddy.env.bak
     cp -r /opt/bambuddy/data /opt/bambuddy_data_bak
+    [[ -f /opt/bambuddy/bambuddy.db ]] && cp /opt/bambuddy/bambuddy.db /opt/bambuddy.db.bak
+    [[ -f /opt/bambuddy/bambutrack.db ]] && cp /opt/bambuddy/bambutrack.db /opt/bambutrack.db.bak
+    [[ -d /opt/bambuddy/archive ]] && cp -r /opt/bambuddy/archive /opt/bambuddy_archive_bak
     msg_ok "Backed up Configuration and Data"
 
     CLEAN_INSTALL=1 fetch_and_deploy_gh_release "bambuddy" "maziggy/bambuddy" "tarball" "latest" "/opt/bambuddy"
@@ -54,10 +59,17 @@ function update_script() {
     msg_ok "Rebuilt Frontend"
 
     msg_info "Restoring Configuration and Data"
+    mkdir -p /opt/bambuddy/data
     cp /opt/bambuddy.env.bak /opt/bambuddy/.env
     cp -r /opt/bambuddy_data_bak/. /opt/bambuddy/data/
-    rm -f /opt/bambuddy.env.bak
-    rm -rf /opt/bambuddy_data_bak
+    [[ -f /opt/bambuddy.db.bak ]] && cp /opt/bambuddy.db.bak /opt/bambuddy/bambuddy.db
+    [[ -f /opt/bambutrack.db.bak ]] && cp /opt/bambutrack.db.bak /opt/bambuddy/bambutrack.db
+    if [[ -d /opt/bambuddy_archive_bak ]]; then
+      mkdir -p /opt/bambuddy/archive
+      cp -r /opt/bambuddy_archive_bak/. /opt/bambuddy/archive/
+    fi
+    rm -f /opt/bambuddy.env.bak /opt/bambuddy.db.bak /opt/bambutrack.db.bak
+    rm -rf /opt/bambuddy_data_bak /opt/bambuddy_archive_bak
     msg_ok "Restored Configuration and Data"
 
     msg_info "Starting Service"

ct/bentopdf.sh

@@ -42,7 +42,6 @@ function update_script() {
     msg_info "Updating BentoPDF"
     cd /opt/bentopdf
     $STD npm ci --no-audit --no-fund
-    $STD npm install http-server -g
     if [[ -f /opt/production.env ]]; then
       mv /opt/production.env ./.env.production
     else
@@ -52,15 +51,97 @@ function update_script() {
     export SIMPLE_MODE=true
     export VITE_USE_CDN=true
     $STD npm run build:all
+    if [[ ! -f /opt/bentopdf/dist/config.json ]]; then
+      cat <<'EOF' >/opt/bentopdf/dist/config.json
+{}
+EOF
+    fi
     msg_ok "Updated BentoPDF"
 
     msg_info "Starting Service"
-    if grep -q '8080' /etc/systemd/system/bentopdf.service; then
-      sed -i -e 's|/bentopdf|/bentopdf/dist|' \
-        -e 's|npx.*|npx http-server -g -b -d false -r --no-dotfiles|' \
-        /etc/systemd/system/bentopdf.service
-      systemctl daemon-reload
+    ensure_dependencies nginx openssl
+    if [[ ! -f /etc/ssl/private/bentopdf-selfsigned.key || ! -f /etc/ssl/certs/bentopdf-selfsigned.crt ]]; then
+      CERT_CN="$(hostname -I | awk '{print $1}')"
+      $STD openssl req -x509 -nodes -newkey rsa:2048 -days 3650 \
+      -keyout /etc/ssl/private/bentopdf-selfsigned.key \
+      -out /etc/ssl/certs/bentopdf-selfsigned.crt \
+      -subj "/CN=${CERT_CN}"
     fi
+    cat <<'EOF' >/etc/nginx/sites-available/bentopdf
+server {
+    listen 8080;
+    server_name _;
+    return 301 https://$host:8443$request_uri;
+  }
+
+  server {
+    listen 8443 ssl;
+    server_name _;
+    ssl_certificate /etc/ssl/certs/bentopdf-selfsigned.crt;
+    ssl_certificate_key /etc/ssl/private/bentopdf-selfsigned.key;
+    root /opt/bentopdf/dist;
+    index index.html;
+
+    # Required for LibreOffice WASM (Word/Excel/PowerPoint to PDF via SharedArrayBuffer)
+    add_header Cross-Origin-Opener-Policy "same-origin" always;
+    add_header Cross-Origin-Embedder-Policy "require-corp" always;
+    add_header Cross-Origin-Resource-Policy "cross-origin" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+
+    gzip_static on;
+
+    location ~* /libreoffice-wasm/soffice\.wasm\.gz$ {
+      gzip off;
+      types {} default_type application/wasm;
+      add_header Content-Encoding gzip;
+      add_header Vary "Accept-Encoding";
+      add_header Cache-Control "public, immutable";
+    }
+
+    location ~* /libreoffice-wasm/soffice\.data\.gz$ {
+      gzip off;
+      types {} default_type application/octet-stream;
+      add_header Content-Encoding gzip;
+      add_header Vary "Accept-Encoding";
+      add_header Cache-Control "public, immutable";
+    }
+
+    location ~* \.wasm$ {
+      types {} default_type application/wasm;
+      expires 1y;
+      add_header Cache-Control "public, immutable";
+    }
+
+    location ~* \.(wasm\.gz|data\.gz|data)$ {
+      expires 1y;
+      add_header Cache-Control "public, immutable";
+    }
+
+    location / {
+        try_files $uri $uri/ $uri.html =404;
+    }
+
+    error_page 404 /404.html;
+}
+EOF
+    rm -f /etc/nginx/sites-enabled/default
+    ln -sf /etc/nginx/sites-available/bentopdf /etc/nginx/sites-enabled/bentopdf
+    cat <<'EOF' >/etc/systemd/system/bentopdf.service
+[Unit]
+Description=BentoPDF Service
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/sbin/nginx -g "daemon off;"
+ExecReload=/bin/kill -HUP $MAINPID
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+EOF
+    systemctl daemon-reload
     systemctl start bentopdf
     msg_ok "Started Service"
     msg_ok "Updated successfully!"
@@ -75,4 +156,4 @@ description
 msg_ok "Completed successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}https://${IP}:8443${CL}"

ct/bookstack.sh

@@ -29,6 +29,7 @@ function update_script() {
     exit
   fi
   setup_mariadb
+  ensure_dependencies git
   if check_for_gh_release "bookstack" "BookStackApp/BookStack"; then
     msg_info "Stopping Apache2"
     systemctl stop apache2

ct/bytestash.sh

@@ -29,28 +29,41 @@ function update_script() {
     exit
   fi
   if check_for_gh_release "bytestash" "jordan-dalby/ByteStash"; then
-    read -rp "${TAB3}Did you make a backup via application WebUI? (y/n): " backuped
-    if [[ "$backuped" =~ ^[Yy]$ ]]; then
-      msg_info "Stopping Services"
-      systemctl stop bytestash-backend bytestash-frontend
-      msg_ok "Services Stopped"
+    msg_info "Stopping Services"
+    systemctl stop bytestash-backend bytestash-frontend
+    msg_ok "Services Stopped"
 
-      CLEAN_INSTALL=1 fetch_and_deploy_gh_release "bytestash" "jordan-dalby/ByteStash" "tarball"
-
-      msg_info "Configuring ByteStash"
-      cd /opt/bytestash/server
-      $STD npm install
-      cd /opt/bytestash/client
-      $STD npm install
-      msg_ok "Updated ByteStash"
-
-      msg_info "Starting Services"
-      systemctl start bytestash-backend bytestash-frontend
-      msg_ok "Started Services"
-    else
-      msg_error "PLEASE MAKE A BACKUP FIRST!"
-      exit
+    msg_info "Backing up data"
+    tmp_dir="/opt/bytestash-data-backup"
+    mkdir -p "$tmp_dir"
+    if [[ -d /opt/bytestash/data ]]; then
+      cp -r /opt/bytestash/data "$tmp_dir"/data
+    elif [[ -d /opt/data ]]; then
+      cp -r /opt/data "$tmp_dir"/data
     fi
+    msg_ok "Data backed up"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "bytestash" "jordan-dalby/ByteStash" "tarball"
+
+    msg_info "Restoring data"
+    if [[ -d "$tmp_dir"/data ]]; then
+      mkdir -p /opt/bytestash/data
+      cp -r "$tmp_dir"/data/* /opt/bytestash/data/
+      rm -rf "$tmp_dir"
+    fi
+    msg_ok "Data restored"
+
+    msg_info "Configuring ByteStash"
+    cd /opt/bytestash/server
+    $STD npm install
+    cd /opt/bytestash/client
+    $STD npm install
+    msg_ok "Updated ByteStash"
+
+    msg_info "Starting Services"
+    systemctl start bytestash-backend bytestash-frontend
+    msg_ok "Started Services"
+
     msg_ok "Updated successfully!"
   fi
   exit

ct/changedetection.sh

@@ -34,11 +34,11 @@ function update_script() {
   NODE_VERSION="24" setup_nodejs
 
   msg_info "Updating ${APP}"
-  $STD pip3 install changedetection.io --upgrade
+  $STD pip3 install changedetection.io --upgrade --break-system-packages --ignore-installed typing_extensions
   msg_ok "Updated ${APP}"
 
   msg_info "Updating Playwright"
-  $STD pip3 install playwright --upgrade
+  $STD pip3 install playwright --upgrade --break-system-packages
   msg_ok "Updated Playwright"
 
   if [[ -f /etc/systemd/system/browserless.service ]]; then

ct/checkmk.sh

@@ -11,7 +11,7 @@ var_cpu="${var_cpu:-2}"
 var_ram="${var_ram:-2048}"
 var_disk="${var_disk:-6}"
 var_os="${var_os:-debian}"
-var_version="${var_version:-12}"
+var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"
 
 header_info "$APP"
@@ -29,10 +29,11 @@ function update_script() {
   fi
 
   RELEASE=$(curl -fsSL https://api.github.com/repos/checkmk/checkmk/tags | grep "name" | awk '{print substr($2, 3, length($2)-4) }' | tr ' ' '\n' | grep -Ev 'rc|b' | sort -V | tail -n 1)
+  RELEASE="${RELEASE%%+*}"
   msg_info "Updating ${APP} to v${RELEASE}"
   $STD omd stop monitoring
   $STD omd cp monitoring monitoringbackup
-  curl -fsSL "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-raw-${RELEASE}_0.bookworm_amd64.deb" -o "/opt/checkmk.deb"
+  curl -fsSL "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-raw-${RELEASE}_0.$(get_os_info codename)_amd64.deb" -o "/opt/checkmk.deb"
   $STD apt-get install -y /opt/checkmk.deb
   $STD omd --force -V ${RELEASE}.cre update --conflict=install monitoring
   $STD omd start monitoring

ct/daemonsync.sh

@@ -1,45 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 tteck
-# Author: tteck (tteckster)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://daemonsync.me/
-
-APP="Daemon Sync"
-var_tags="${var_tags:-sync}"
-var_cpu="${var_cpu:-1}"
-var_ram="${var_ram:-512}"
-var_disk="${var_disk:-8}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-  if [[ ! -d /var ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-  msg_info "Updating LXC"
-  $STD apt update
-  $STD apt -y upgrade
-  msg_ok "Updated LXC"
-  msg_ok "Updated successfully!"
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8084${CL}"

ct/domain-monitor.sh

@@ -34,7 +34,7 @@ function update_script() {
   fi
 
   if ! grep -Fq "www-data /usr/bin/php /opt/domain-monitor/cron/check_domains.php" /etc/crontab; then
-    echo "0 0 * * * www-data /usr/bin/php /opt/domain-monitor/cron/check_domains.php" >> /etc/crontab
+    echo "0 0 * * * www-data /usr/bin/php /opt/domain-monitor/cron/check_domains.php" >>/etc/crontab
   fi
 
   if check_for_gh_release "domain-monitor" "Hosteroid/domain-monitor"; then
@@ -52,6 +52,7 @@ function update_script() {
     msg_info "Updating Domain Monitor"
     cd /opt/domain-monitor
     $STD composer install
+    chown -R www-data:www-data /opt/domain-monitor
     msg_ok "Updated Domain Monitor"
 
     msg_info "Restoring backup"

ct/github-runner.sh

@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/actions/runner
+
+APP="GitHub-Runner"
+var_tags="${var_tags:-ci}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-2048}"
+var_disk="${var_disk:-8}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+var_nesting="${var_nesting:-1}"
+var_keyctl="${var_keyctl:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -f /opt/actions-runner/run.sh ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit 1
+  fi
+
+  if check_for_gh_release "actions-runner" "actions/runner"; then
+    msg_info "Stopping Service"
+    systemctl stop actions-runner
+    msg_ok "Stopped Service"
+
+    msg_info "Backing up runner configuration"
+    BACKUP_DIR="/opt/actions-runner.backup"
+    mkdir -p "$BACKUP_DIR"
+    for f in .runner .credentials .credentials_rsaparams .env .path; do
+      [[ -f /opt/actions-runner/$f ]] && cp -a /opt/actions-runner/$f "$BACKUP_DIR/"
+    done
+    msg_ok "Backed up configuration"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "actions-runner" "actions/runner" "prebuild" "latest" "/opt/actions-runner" "actions-runner-linux-x64-*.tar.gz"
+
+    msg_info "Restoring runner configuration"
+    for f in .runner .credentials .credentials_rsaparams .env .path; do
+      [[ -f "$BACKUP_DIR/$f" ]] && cp -a "$BACKUP_DIR/$f" /opt/actions-runner/
+    done
+    rm -rf "$BACKUP_DIR"
+    msg_ok "Restored configuration"
+
+    msg_info "Starting Service"
+    systemctl start actions-runner
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} After first boot, run config.sh with your token and start the service.${CL}"

ct/headers/alpine-ironclaw

@@ -0,0 +1,6 @@
+    ___    __      _                  ____                 ________              
+   /   |  / /___  (_)___  ___        /  _/________  ____  / ____/ /___ __      __
+  / /| | / / __ \/ / __ \/ _ \______ / // ___/ __ \/ __ \/ /   / / __ `/ | /| / /
+ / ___ |/ / /_/ / / / / /  __/_____// // /  / /_/ / / / / /___/ / /_/ /| |/ |/ / 
+/_/  |_/_/ .___/_/_/ /_/\___/     /___/_/   \____/_/ /_/\____/_/\__,_/ |__/|__/  
+        /_/                                                                      

ct/headers/daemonsync

@@ -1,6 +0,0 @@
-    ____                                      _____                 
-   / __ \____ ____  ____ ___  ____  ____     / ___/__  ______  _____
-  / / / / __ `/ _ \/ __ `__ \/ __ \/ __ \    \__ \/ / / / __ \/ ___/
- / /_/ / /_/ /  __/ / / / / / /_/ / / / /   ___/ / /_/ / / / / /__  
-/_____/\__,_/\___/_/ /_/ /_/\____/_/ /_/   /____/\__, /_/ /_/\___/  
-                                                /____/              

ct/headers/github-runner

@@ -0,0 +1,6 @@
+   _______ __  __  __      __          ____                             
+  / ____(_) /_/ / / /_  __/ /_        / __ \__  ______  ____  ___  _____
+ / / __/ / __/ /_/ / / / / __ \______/ /_/ / / / / __ \/ __ \/ _ \/ ___/
+/ /_/ / / /_/ __  / /_/ / /_/ /_____/ _, _/ /_/ / / / / / / /  __/ /    
+\____/_/\__/_/ /_/\__,_/_.___/     /_/ |_|\__,_/_/ /_/_/ /_/\___/_/     
+                                                                        

ct/headers/homelable

@@ -0,0 +1,6 @@
+    __  __                     __      __    __   
+   / / / /___  ____ ___  ___  / /___ _/ /_  / /__ 
+  / /_/ / __ \/ __ `__ \/ _ \/ / __ `/ __ \/ / _ \
+ / __  / /_/ / / / / / /  __/ / /_/ / /_/ / /  __/
+/_/ /_/\____/_/ /_/ /_/\___/_/\__,_/_.___/_/\___/ 
+                                                  

ct/headers/ironclaw

@@ -0,0 +1,6 @@
+    ____                 ________              
+   /  _/________  ____  / ____/ /___ __      __
+   / // ___/ __ \/ __ \/ /   / / __ `/ | /| / /
+ _/ // /  / /_/ / / / / /___/ / /_/ /| |/ |/ / 
+/___/_/   \____/_/ /_/\____/_/\__,_/ |__/|__/  
+                                               

ct/headers/openthread-br

@@ -0,0 +1,6 @@
+   ____                 ________                        __      ____  ____ 
+  / __ \____  ___  ____/_  __/ /_  ________  ____ _____/ /     / __ )/ __ \
+ / / / / __ \/ _ \/ __ \/ / / __ \/ ___/ _ \/ __ `/ __  /_____/ __  / /_/ /
+/ /_/ / /_/ /  __/ / / / / / / / / /  /  __/ /_/ / /_/ /_____/ /_/ / _, _/ 
+\____/ .___/\___/_/ /_/_/ /_/ /_/_/   \___/\__,_/\__,_/     /_____/_/ |_|  
+    /_/                                                                    

ct/headers/pf2etools

@@ -1,6 +0,0 @@
-    ____  _______      ______            __    
-   / __ \/ __/__ \ ___/_  __/___  ____  / /____
-  / /_/ / /_ __/ // _ \/ / / __ \/ __ \/ / ___/
- / ____/ __// __//  __/ / / /_/ / /_/ / (__  ) 
-/_/   /_/  /____/\___/_/  \____/\____/_/____/  
-                                               

ct/headers/typesense

@@ -1,6 +0,0 @@
-  ______                _____                    
- /_  __/_  ______  ___ / ___/___  ____  ________ 
-  / / / / / / __ \/ _ \\__ \/ _ \/ __ \/ ___/ _ \
- / / / /_/ / /_/ /  __/__/ /  __/ / / (__  )  __/
-/_/  \__, / .___/\___/____/\___/_/ /_/____/\___/ 
-    /____/_/                                     

ct/headers/verdaccio

@@ -1,6 +0,0 @@
- _    __              __                _     
-| |  / /__  _________/ /___ ___________(_)___ 
-| | / / _ \/ ___/ __  / __ `/ ___/ ___/ / __ \
-| |/ /  __/ /  / /_/ / /_/ / /__/ /__/ / /_/ /
-|___/\___/_/   \__,_/\__,_/\___/\___/_/\____/ 
-                                              

ct/homarr.sh

@@ -65,6 +65,8 @@ EOF
 
     msg_info "Updating Homarr"
     cp /opt/homarr/redis.conf /etc/redis/redis.conf
+    sed -i -e '$a\' /etc/redis/redis.conf
+    grep -q '^bind 127.0.0.1 -::1$' /etc/redis/redis.conf || echo "bind 127.0.0.1 -::1" >> /etc/redis/redis.conf
     rm /etc/nginx/nginx.conf
     cp /opt/homarr/nginx.conf /etc/nginx/templates/nginx.conf
     msg_ok "Updated Homarr"

ct/homelable.sh

@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/Pouzor/homelable
+
+APP="Homelable"
+var_tags="${var_tags:-monitoring;network;visualization}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-2048}"
+var_disk="${var_disk:-8}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -d /opt/homelable ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "homelable" "Pouzor/homelable"; then
+    msg_info "Stopping Service"
+    systemctl stop homelable
+    msg_ok "Stopped Service"
+
+    msg_info "Backing up Configuration and Data"
+    cp /opt/homelable/backend/.env /opt/homelable.env.bak
+    cp -r /opt/homelable/data /opt/homelable_data_bak
+    msg_ok "Backed up Configuration and Data"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "homelable" "Pouzor/homelable" "tarball" "latest" "/opt/homelable"
+
+    msg_info "Updating Python Dependencies"
+    cd /opt/homelable/backend
+    $STD uv venv /opt/homelable/backend/.venv
+    $STD uv pip install --python /opt/homelable/backend/.venv/bin/python -r requirements.txt
+    msg_ok "Updated Python Dependencies"
+
+    msg_info "Rebuilding Frontend"
+    cd /opt/homelable/frontend
+    $STD npm ci
+    $STD npm run build
+    msg_ok "Rebuilt Frontend"
+
+    msg_info "Restoring Configuration and Data"
+    cp /opt/homelable.env.bak /opt/homelable/backend/.env
+    cp -r /opt/homelable_data_bak/. /opt/homelable/data/
+    rm -f /opt/homelable.env.bak
+    rm -rf /opt/homelable_data_bak
+    msg_ok "Restored Configuration and Data"
+
+    msg_info "Starting Service"
+    systemctl start homelable
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"

ct/immich.sh

@@ -109,7 +109,7 @@ EOF
     msg_ok "Image-processing libraries up to date"
   fi
 
-  RELEASE="v2.6.3"
+  RELEASE="v2.7.5"
   if check_for_gh_release "Immich" "immich-app/immich" "${RELEASE}" "each release is tested individually before the version is updated. Please do not open issues for this"; then
     if [[ $(cat ~/.immich) > "2.5.1" ]]; then
       msg_info "Enabling Maintenance Mode"
@@ -181,6 +181,12 @@ EOF
     unset SHARP_IGNORE_GLOBAL_LIBVIPS
     export SHARP_FORCE_GLOBAL_LIBVIPS=true
     $STD pnpm --filter immich --frozen-lockfile --prod --no-optional deploy "$APP_DIR"
+
+    # Patch helmet.json: disable upgrade-insecure-requests for HTTP access
+    if [[ -f "$APP_DIR/helmet.json" ]]; then
+      jq '.contentSecurityPolicy.directives["upgrade-insecure-requests"] = null' "$APP_DIR/helmet.json" >"$APP_DIR/helmet.json.tmp" && mv "$APP_DIR/helmet.json.tmp" "$APP_DIR/helmet.json"
+    fi
+
     cp "$APP_DIR"/package.json "$APP_DIR"/bin
     sed -i "s|^start|${APP_DIR}/bin/start|" "$APP_DIR"/bin/immich-admin
 
@@ -269,6 +275,10 @@ EOF
     if ! grep -q '^DB_HOSTNAME=' "$INSTALL_DIR"/.env; then
       sed -i '/^DB_DATABASE_NAME/a DB_HOSTNAME=127.0.0.1' "$INSTALL_DIR"/.env
     fi
+    if ! grep -q 'HELMET_FILE' "$INSTALL_DIR"/.env; then
+      sed -i -e '$a\' "$INSTALL_DIR"/.env
+      echo "IMMICH_HELMET_FILE=true" >>"$INSTALL_DIR"/.env
+    fi
 
     if grep -q 'ExecStart=/usr/bin/node' /etc/systemd/system/immich-web.service; then
       sed -i '/^EnvironmentFile=/d' /etc/systemd/system/immich-web.service
@@ -299,7 +309,8 @@ function compile_libjxl() {
   SOURCE=${SOURCE_DIR}/libjxl
   JPEGLI_LIBJPEG_LIBRARY_SOVERSION="62"
   JPEGLI_LIBJPEG_LIBRARY_VERSION="62.3.0"
-  : "${LIBJXL_REVISION:=$(jq -cr '.revision' "$BASE_DIR"/server/sources/libjxl.json)}"
+  LIBJXL_REVISION="794a5dcf0d54f9f0b20d288a12e87afb91d20dfc"
+  # : "${LIBJXL_REVISION:=$(jq -cr '.revision' "$BASE_DIR"/server/sources/libjxl.json)}"
   if [[ "$LIBJXL_REVISION" != "$(grep 'libjxl' ~/.immich_library_revisions | awk '{print $2}')" ]]; then
     msg_info "Recompiling libjxl"
     [[ -d "$SOURCE" ]] && rm -rf "$SOURCE"
@@ -343,7 +354,8 @@ function compile_libjxl() {
 function compile_libheif() {
   SOURCE=${SOURCE_DIR}/libheif
   ensure_dependencies libaom-dev
-  : "${LIBHEIF_REVISION:=$(jq -cr '.revision' "$BASE_DIR"/server/sources/libheif.json)}"
+  LIBHEIF_REVISION="35dad50a9145332a7bfdf1ff6aef6801fb613d68"
+  # : "${LIBHEIF_REVISION:=$(jq -cr '.revision' "$BASE_DIR"/server/sources/libheif.json)}"
   if [[ "${update:-}" ]] || [[ "$LIBHEIF_REVISION" != "$(grep 'libheif' ~/.immich_library_revisions | awk '{print $2}')" ]]; then
     msg_info "Recompiling libheif"
     [[ -d "$SOURCE" ]] && rm -rf "$SOURCE"
@@ -374,7 +386,8 @@ function compile_libheif() {
 
 function compile_libraw() {
   SOURCE=${SOURCE_DIR}/libraw
-  : "${LIBRAW_REVISION:=$(jq -cr '.revision' "$BASE_DIR"/server/sources/libraw.json)}"
+  LIBRAW_REVISION="0b56545a4f828743f28a4345cdfdd4c49f9f9a2a"
+  # : "${LIBRAW_REVISION:=$(jq -cr '.revision' "$BASE_DIR"/server/sources/libraw.json)}"
   if [[ "$LIBRAW_REVISION" != "$(grep 'libraw' ~/.immich_library_revisions | awk '{print $2}')" ]]; then
     msg_info "Recompiling libraw"
     [[ -d "$SOURCE" ]] && rm -rf "$SOURCE"

ct/ironclaw.sh

@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/nearai/ironclaw
+
+APP="IronClaw"
+var_tags="${var_tags:-ai;agent;security}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-2048}"
+var_disk="${var_disk:-8}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -f /usr/local/bin/ironclaw ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "ironclaw-bin" "nearai/ironclaw"; then
+    msg_info "Stopping Service"
+    systemctl stop ironclaw
+    msg_ok "Stopped Service"
+
+    msg_info "Backing up Configuration"
+    cp /root/.ironclaw/.env /root/ironclaw.env.bak
+    msg_ok "Backed up Configuration"
+
+    fetch_and_deploy_gh_release "ironclaw-bin" "nearai/ironclaw" "prebuild" "latest" "/usr/local/bin" \
+      "ironclaw-$(uname -m)-unknown-linux-$([[ -f /etc/alpine-release ]] && echo "musl" || echo "gnu").tar.gz"
+    chmod +x /usr/local/bin/ironclaw
+
+    msg_info "Restoring Configuration"
+    cp /root/ironclaw.env.bak /root/.ironclaw/.env
+    rm -f /root/ironclaw.env.bak
+    msg_ok "Restored Configuration"
+
+    msg_info "Starting Service"
+    systemctl start ironclaw
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Complete setup by running:${CL}"
+echo -e "${TAB}${BGN}ironclaw onboard${CL}"
+echo -e "${INFO}${YW} Then start the service:${CL}"
+echo -e "${TAB}${BGN}systemctl start ironclaw${CL}"
+echo -e "${INFO}${YW} Access the Web UI at:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"
+echo -e "${INFO}${YW} Auth token and database credentials:${CL}"
+echo -e "${TAB}${BGN}cat /root/.ironclaw/.env${CL}"

ct/kasm.sh

@@ -15,6 +15,7 @@ var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-0}"
 var_fuse="${var_fuse:-yes}"
 var_tun="${var_tun:-yes}"
+var_kasm_version="${var_kasm_version:-}"
 
 header_info "$APP"
 variables
@@ -32,18 +33,21 @@ function update_script() {
 
   msg_info "Checking for new version"
   CURRENT_VERSION=$(readlink -f /opt/kasm/current | awk -F'/' '{print $4}')
-  KASM_URL=$(curl -fsSL "https://www.kasm.com/downloads" | tr '\n' ' ' | grep -oE 'https://kasm-static-content[^"]*kasm_release_[0-9]+\.[0-9]+\.[0-9]+\.[a-z0-9]+\.tar\.gz' | head -n 1)
-  if [[ -z "$KASM_URL" ]]; then
-    SERVICE_IMAGE_URL=$(curl -fsSL "https://www.kasm.com/downloads" | tr '\n' ' ' | grep -oE 'https://kasm-static-content[^"]*kasm_release_service_images_amd64_[0-9]+\.[0-9]+\.[0-9]+\.tar\.gz' | head -n 1)
-    if [[ -n "$SERVICE_IMAGE_URL" ]]; then
-      KASM_VERSION=$(echo "$SERVICE_IMAGE_URL" | sed -E 's/.*kasm_release_service_images_amd64_([0-9]+\.[0-9]+\.[0-9]+).*/\1/')
-      KASM_URL="https://kasm-static-content.s3.amazonaws.com/kasm_release_${KASM_VERSION}.tar.gz"
-    fi
-  else
-    KASM_VERSION=$(echo "$KASM_URL" | sed -E 's/.*kasm_release_([0-9]+\.[0-9]+\.[0-9]+).*/\1/')
-  fi
+  KASM_VERSION=$(curl -s https://kasm.com/downloads | grep -oP '<h1[^>]*>.*?</h1>' | sed -E 's/<\/?h1[^>]*>//g' | grep -oP '\d+\.\d+\.\d+')
+  KASM_URL="https://kasm-static-content.s3.amazonaws.com/kasm_release_${KASM_VERSION:-var_kasm_version}.tar.gz"
   
-  if [[ -z "$KASM_URL" ]] || [[ -z "$KASM_VERSION" ]]; then
+  # KASM_URL=$(curl -fsSL "https://www.kasm.com/downloads" | tr '\n' ' ' | grep -oE 'https://kasm-static-content[^"]*kasm_release_[0-9]+\.[0-9]+\.[0-9]+\.[a-z0-9]+\.tar\.gz' | head -n 1)
+  # if [[ -z "$KASM_URL" ]]; then
+  #   SERVICE_IMAGE_URL=$(curl -fsSL "https://www.kasm.com/downloads" | tr '\n' ' ' | grep -oE 'https://kasm-static-content[^"]*kasm_release_service_images_amd64_[0-9]+\.[0-9]+\.[0-9]+\.tar\.gz' | head -n 1)
+  #   if [[ -n "$SERVICE_IMAGE_URL" ]]; then
+  #     KASM_VERSION=$(echo "$SERVICE_IMAGE_URL" | sed -E 's/.*kasm_release_service_images_amd64_([0-9]+\.[0-9]+\.[0-9]+).*/\1/')
+  #     KASM_URL="https://kasm-static-content.s3.amazonaws.com/kasm_release_${KASM_VERSION}.tar.gz"
+  #   fi
+  # else
+  #   KASM_VERSION=$(echo "$KASM_URL" | sed -E 's/.*kasm_release_([0-9]+\.[0-9]+\.[0-9]+).*/\1/')
+  # fi
+  
+  if [[ -z "$KASM_VERSION" ]] || [[ -z "$KASM_URL" ]]; then
     msg_error "Unable to detect latest Kasm release URL."
     exit 250
   fi

ct/lyrionmusicserver.sh

@@ -30,16 +30,16 @@ function update_script() {
     exit
   fi
 
-  DEB_URL=$(curl -s 'https://lyrion.org/getting-started/' | grep -oP '<a\s[^>]*href="\K[^"]*amd64\.deb(?="[^>]*>)' | head -n 1)
+  DEB_URL=$(curl_with_retry 'https://lyrion.org/getting-started/' | grep -oP '<a\s[^>]*href="\K[^"]*amd64\.deb(?="[^>]*>)' | head -n 1)
   RELEASE=$(echo "$DEB_URL" | grep -oP 'lyrionmusicserver_\K[0-9.]+(?=_amd64\.deb)')
   DEB_FILE="/tmp/lyrionmusicserver_${RELEASE}_amd64.deb"
   if [[ ! -f /opt/lyrion_version.txt ]] || [[ "${RELEASE}" != "$(cat /opt/lyrion_version.txt)" ]]; then
     msg_info "Updating $APP to ${RELEASE}"
-    curl -fsSL -o "$DEB_FILE" "$DEB_URL"
+    curl_with_retry "$DEB_URL" "$DEB_FILE"
     $STD apt install "$DEB_FILE" -y
-    systemctl restart lyrion
-    $STD rm -f "$DEB_FILE"
-    echo "${RELEASE}" >/opt/${APP}_version.txt
+    systemctl restart lyrionmusicserver
+    rm -f "$DEB_FILE"
+    echo "${RELEASE}" >/opt/lyrion_version.txt
     msg_ok "Updated $APP to ${RELEASE}"
     msg_ok "Updated successfully!"
   else

ct/mealie.sh

@@ -40,7 +40,7 @@ function update_script() {
     cp -f /opt/mealie/mealie.env /opt/mealie.env
     msg_ok "Backup completed"
 
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "mealie" "mealie-recipes/mealie" "tarball" "latest" "/opt/mealie"
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "mealie" "mealie-recipes/mealie" "tarball"
 
     msg_info "Installing Python Dependencies with uv"
     cd /opt/mealie
@@ -49,9 +49,10 @@ function update_script() {
 
     msg_info "Building Frontend"
     MEALIE_VERSION=$(<$HOME/.mealie)
-    $STD sed -i "s|https://github.com/mealie-recipes/mealie/commit/|https://github.com/mealie-recipes/mealie/releases/tag/|g" /opt/mealie/frontend/pages/admin/site-settings.vue
-    $STD sed -i "s|value: data.buildId,|value: \"v${MEALIE_VERSION}\",|g" /opt/mealie/frontend/pages/admin/site-settings.vue
-    $STD sed -i "s|value: data.production ? i18n.t(\"about.production\") : i18n.t(\"about.development\"),|value: \"bare-metal\",|g" /opt/mealie/frontend/pages/admin/site-settings.vue
+    SITE_SETTINGS=$(find /opt/mealie/frontend -name "site-settings.vue" -path "*/admin/*" | head -1)
+    $STD sed -i "s|https://github.com/mealie-recipes/mealie/commit/|https://github.com/mealie-recipes/mealie/releases/tag/|g" "$SITE_SETTINGS"
+    $STD sed -i "s|value: data.buildId,|value: \"v${MEALIE_VERSION}\",|g" "$SITE_SETTINGS"
+    $STD sed -i "s|value: data.production ? i18n.t(\"about.production\") : i18n.t(\"about.development\"),|value: \"bare-metal\",|g" "$SITE_SETTINGS"
     export NUXT_TELEMETRY_DISABLED=1
     cd /opt/mealie/frontend
     $STD yarn install --prefer-offline --frozen-lockfile --non-interactive --production=false --network-timeout 1000000
@@ -97,4 +98,3 @@ msg_ok "Completed successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Access it using the following URL:${CL}"
 echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:9000${CL}"
-

ct/metube.sh

@@ -62,6 +62,7 @@ function update_script() {
       $STD corepack enable
       $STD corepack prepare pnpm --activate || true
     fi
+    echo 'onlyBuiltDependencies=*' >> .npmrc
     $STD pnpm install --frozen-lockfile
     $STD pnpm run build
     msg_ok "Built Frontend"

ct/opencloud.sh

@@ -29,7 +29,7 @@ function update_script() {
     exit
   fi
 
-  RELEASE="v5.2.0"
+  RELEASE="v6.0.0"
   if check_for_gh_release "OpenCloud" "opencloud-eu/opencloud" "${RELEASE}" "each release is tested individually before the version is updated. Please do not open issues for this"; then
     msg_info "Stopping services"
     systemctl stop opencloud opencloud-wopi

ct/openthread-br.sh

@@ -0,0 +1,87 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://openthread.io/guides/border-router
+
+APP="OpenThread-BR"
+var_tags="${var_tags:-thread;iot;border-router;matter}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-2048}"
+var_disk="${var_disk:-4}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-0}"
+var_tun="${var_tun:-yes}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -d /opt/ot-br-posix ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  cd /opt/ot-br-posix
+  LOCAL_COMMIT=$(git rev-parse HEAD)
+  $STD git fetch --depth 1 origin main
+  REMOTE_COMMIT=$(git rev-parse origin/main)
+
+  if [[ "${LOCAL_COMMIT}" == "${REMOTE_COMMIT}" ]]; then
+    msg_ok "Already up to date (${LOCAL_COMMIT:0:7})"
+    exit
+  fi
+
+  msg_info "Stopping Services"
+  systemctl stop otbr-web
+  systemctl stop otbr-agent
+  msg_ok "Stopped Services"
+
+  msg_info "Updating Source"
+  $STD git reset --hard origin/main
+  $STD git submodule update --depth 1 --init --recursive
+  msg_ok "Updated Source"
+
+  msg_info "Rebuilding OpenThread Border Router (Patience)"
+  cd /opt/ot-br-posix/build
+  $STD cmake -GNinja \
+    -DBUILD_TESTING=OFF \
+    -DCMAKE_INSTALL_PREFIX=/usr \
+    -DOTBR_DBUS=ON \
+    -DOTBR_MDNS=openthread \
+    -DOTBR_REST=ON \
+    -DOTBR_WEB=ON \
+    -DOTBR_BORDER_ROUTING=ON \
+    -DOTBR_BACKBONE_ROUTER=ON \
+    -DOT_FIREWALL=ON \
+    -DOT_POSIX_NAT64_CIDR="192.168.255.0/24" \
+    ..
+  $STD ninja
+  $STD ninja install
+  msg_ok "Rebuilt OpenThread Border Router"
+
+  msg_info "Starting Services"
+  systemctl start otbr-agent
+  systemctl start otbr-web
+  msg_ok "Started Services"
+  msg_ok "Updated successfully!"
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}${CL}"

ct/pf2etools.sh

@@ -1,59 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: TheRealVira
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://pf2etools.com/ | Github: https://github.com/Pf2eToolsOrg/Pf2eTools
-
-APP="Pf2eTools"
-var_tags="${var_tags:-wiki}"
-var_cpu="${var_cpu:-1}"
-var_ram="${var_ram:-512}"
-var_disk="${var_disk:-6}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d "/opt/${APP}" ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-  if check_for_gh_release "pf2etools" "Pf2eToolsOrg/Pf2eTools"; then
-    msg_info "Updating System"
-    $STD apt update
-    $STD apt -y upgrade
-    msg_ok "Updated System"
-
-    rm -rf /opt/Pf2eTools
-    fetch_and_deploy_gh_release "pf2etools" "Pf2eToolsOrg/Pf2eTools" "tarball" "latest" "/opt/Pf2eTools"
-
-    msg_info "Updating ${APP}"
-    cd /opt/Pf2eTools
-    $STD npm install
-    $STD npm run build
-    chown -R www-data: "/opt/${APP}"
-    chmod -R 755 "/opt/${APP}"
-    msg_ok "Updated ${APP}"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}${CL}"

ct/reitti.sh

@@ -37,39 +37,136 @@ function update_script() {
     fi
   fi
 
-  if [ ! -d /var/cache/nginx/tiles ]; then
-    msg_info "Installing Nginx Tile Cache"
-    mkdir -p /var/cache/nginx/tiles
-    $STD apt install -y nginx
-    cat <<EOF >/etc/nginx/nginx.conf
-user www-data;
-
-events {
-  worker_connections 1024;
-}
-http {
-  proxy_cache_path /var/cache/nginx/tiles levels=1:2 keys_zone=tiles:10m max_size=1g inactive=30d use_temp_path=off;
-  server {
-    listen 80;
-    location / {
-      proxy_pass https://tile.openstreetmap.org/;
-      proxy_set_header Host tile.openstreetmap.org;
-      proxy_set_header User-Agent "Reitti/1.0";
-      proxy_cache tiles;
-      proxy_cache_valid 200 30d;
-      proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
-    }
-  }
-}
-EOF
-    chown -R www-data:www-data /var/cache/nginx
-    chmod -R 750 /var/cache/nginx
-    systemctl restart nginx
-    echo "reitti.ui.tiles.cache.url=http://127.0.0.1" >> /opt/reitti/application.properties
-    systemctl restart reitti
-    msg_info "Installed Nginx Tile Cache"
+  # Migrate v3 -> v4: Remove RabbitMQ (no longer required) / Photon / Spring Settings
+  if systemctl is-enabled --quiet rabbitmq-server 2>/dev/null; then
+    msg_info "Migrating to v4: Removing RabbitMQ"
+    systemctl stop rabbitmq-server
+    systemctl disable rabbitmq-server
+    $STD apt-get purge -y rabbitmq-server erlang-base
+    $STD apt-get autoremove -y
+    msg_ok "Removed RabbitMQ"
   fi
-  
+
+  if systemctl is-enabled --quiet photon 2>/dev/null; then
+    msg_info "Migrating to v4: Removing Photon service"
+    systemctl stop photon
+    systemctl disable photon
+    rm -f /etc/systemd/system/photon.service
+    systemctl daemon-reload
+    msg_ok "Removed Photon service"
+  fi
+
+  if grep -q "spring.rabbitmq\|PHOTON_BASE_URL\|PROCESSING_WAIT_TIME\|DANGEROUS_LIFE" /opt/reitti/application.properties 2>/dev/null; then
+    msg_info "Migrating to v4: Rewriting application.properties"
+    local DB_URL DB_USER DB_PASS
+    DB_URL=$(grep '^spring.datasource.url=' /opt/reitti/application.properties | cut -d'=' -f2-)
+    DB_USER=$(grep '^spring.datasource.username=' /opt/reitti/application.properties | cut -d'=' -f2-)
+    DB_PASS=$(grep '^spring.datasource.password=' /opt/reitti/application.properties | cut -d'=' -f2-)
+    cp /opt/reitti/application.properties /opt/reitti/application.properties.bak
+    cat <<PROPEOF >/opt/reitti/application.properties
+# Server configuration
+server.port=8080
+server.servlet.context-path=/
+server.forward-headers-strategy=framework
+server.compression.enabled=true
+server.compression.min-response-size=1024
+server.compression.mime-types=text/plain,application/json
+
+# Logging configuration
+logging.level.root=INFO
+logging.level.org.hibernate.engine.jdbc.spi.SqlExceptionHelper=FATAL
+logging.level.com.dedicatedcode.reitti=INFO
+
+# Internationalization
+spring.messages.basename=messages
+spring.messages.encoding=UTF-8
+spring.messages.cache-duration=3600
+spring.messages.fallback-to-system-locale=false
+
+# PostgreSQL configuration
+spring.datasource.url=${DB_URL}
+spring.datasource.username=${DB_USER}
+spring.datasource.password=${DB_PASS}
+spring.datasource.hikari.maximum-pool-size=20
+
+# Redis configuration
+spring.data.redis.host=127.0.0.1
+spring.data.redis.port=6379
+spring.data.redis.username=
+spring.data.redis.password=
+spring.data.redis.database=0
+spring.cache.redis.key-prefix=
+
+spring.cache.cache-names=processed-visits,significant-places,users,magic-links,configurations,transport-mode-configs,avatarThumbnails,avatarData,user-settings
+spring.cache.redis.time-to-live=1d
+
+# Upload configuration
+spring.servlet.multipart.max-file-size=5GB
+spring.servlet.multipart.max-request-size=5GB
+server.tomcat.max-part-count=100
+
+# Rqueue configuration
+rqueue.web.enable=false
+rqueue.job.enabled=false
+rqueue.message.durability.in-terminal-state=0
+rqueue.key.prefix=\${spring.cache.redis.key-prefix}
+rqueue.message.converter.provider.class=com.dedicatedcode.reitti.config.RQueueCustomMessageConverter
+
+# Application-specific settings
+reitti.server.advertise-uri=
+
+reitti.security.local-login.disable=false
+
+# OIDC / Security Settings
+reitti.security.oidc.enabled=false
+reitti.security.oidc.registration.enabled=false
+
+reitti.import.batch-size=10000
+reitti.import.processing-idle-start-time=10
+
+reitti.geo-point-filter.max-speed-kmh=1000
+reitti.geo-point-filter.max-accuracy-meters=100
+reitti.geo-point-filter.history-lookback-hours=24
+reitti.geo-point-filter.window-size=50
+
+reitti.process-data.schedule=0 */10 * * * *
+reitti.process-data.refresh-views.schedule=0 0 4 * * *
+reitti.imports.schedule=0 5/10 * * * *
+reitti.imports.owntracks-recorder.schedule=\${reitti.imports.schedule}
+
+# Geocoding service configuration
+reitti.geocoding.max-errors=10
+reitti.geocoding.photon.base-url=
+
+# Tiles Configuration
+reitti.ui.tiles.cache.url=http://127.0.0.1
+reitti.ui.tiles.default.service=https://tile.openstreetmap.org/{z}/{x}/{y}.png
+reitti.ui.tiles.default.attribution=&copy; <a href="https://www.openstreetmap.org/copyright">OpenStreetMap</a> contributors
+
+# Data management configuration
+reitti.data-management.enabled=false
+reitti.data-management.preview-cleanup.cron=0 0 4 * * *
+
+reitti.storage.path=data/
+reitti.storage.cleanup.cron=0 0 4 * * *
+
+# Location data density normalization
+reitti.location.density.target-points-per-minute=4
+
+# Logging buffer
+reitti.logging.buffer-size=1000
+reitti.logging.max-buffer-size=10000
+
+spring.config.import=optional:oidc.properties
+PROPEOF
+    # Update reitti.service dependencies
+    if [[ -f /etc/systemd/system/reitti.service ]]; then
+      sed -i 's/ rabbitmq-server\.service//g; s/ photon\.service//g' /etc/systemd/system/reitti.service
+      systemctl daemon-reload
+    fi
+    msg_ok "Rewrote application.properties (backup: application.properties.bak)"
+  fi
+
   if check_for_gh_release "reitti" "dedicatedcode/reitti"; then
     msg_info "Stopping Service"
     systemctl stop reitti
@@ -83,55 +180,6 @@ EOF
 
     msg_info "Starting Service"
     systemctl start reitti
-    chown -R www-data:www-data /var/cache/nginx
-    chmod -R 750 /var/cache/nginx
-    systemctl restart nginx
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  
-  if check_for_gh_release "photon" "komoot/photon"; then
-    if [[ -f "$HOME/.photon" ]] && [[ "$(cat "$HOME/.photon")" == 0.7 ]]; then
-      CURRENT_VERSION="$(<"$HOME/.photon")"
-      echo
-      echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-      echo "Photon v1 upgrade detected (breaking change)"
-      echo
-      echo "Your current version: $CURRENT_VERSION"
-      echo
-      echo "Photon v1 requires a manual migration before updating."
-      echo
-      echo "You need to:"
-      echo "  1. Remove existing geocoding data (not actual reitti data):"
-      echo "     rm -rf /opt/photon_data"
-      echo
-      echo "  2. Follow the inial setup guide again:"
-      echo "     https://github.com/community-scripts/ProxmoxVE/discussions/8737"
-      echo
-      echo "  3. Re-download and import Photon data for v1"
-      echo
-      read -rp "Do you want to continue anyway? (y/N): " CONTINUE
-      echo
-        
-      if [[ ! "$CONTINUE" =~ ^[Yy]$ ]]; then
-        msg_info "Migration required. Update cancelled."
-        exit 0
-      fi
-        
-      msg_warn "Continuing without migration may break Photon in the future!"
-    fi
-  
-    msg_info "Stopping Service"
-    systemctl stop photon
-    msg_ok "Stopped Service"
-
-    rm -f /opt/photon/photon.jar
-    USE_ORIGINAL_FILENAME="true" fetch_and_deploy_gh_release "photon" "komoot/photon" "singlefile" "latest" "/opt/photon" "photon-*.jar"
-    mv /opt/photon/photon-*.jar /opt/photon/photon.jar
-
-    msg_info "Starting Service"
-    systemctl start photon
-    systemctl restart nginx
     msg_ok "Started Service"
     msg_ok "Updated successfully!"
   fi

ct/romm.sh

@@ -54,8 +54,12 @@ function update_script() {
     # Merge static assets into dist folder
     cp -rf /opt/romm/frontend/assets/* /opt/romm/frontend/dist/assets/
     mkdir -p /opt/romm/frontend/dist/assets/romm
-    ln -sfn /var/lib/romm/resources /opt/romm/frontend/dist/assets/romm/resources
-    ln -sfn /var/lib/romm/assets /opt/romm/frontend/dist/assets/romm/assets
+    ROMM_BASE=$(grep '^ROMM_BASE_PATH=' /opt/romm/.env | cut -d'=' -f2)
+    ROMM_BASE=${ROMM_BASE:-/var/lib/romm}
+    ln -sfn "$ROMM_BASE"/resources /opt/romm/frontend/dist/assets/romm/resources
+    ln -sfn "$ROMM_BASE"/assets /opt/romm/frontend/dist/assets/romm/assets
+    sed -i "s|alias .*/library/;|alias ${ROMM_BASE}/library/;|" /etc/nginx/sites-available/romm
+    systemctl reload nginx
     msg_ok "Updated ROMM"
 
     msg_info "Starting Services"

ct/sonarqube.sh

@@ -43,6 +43,7 @@ function update_script() {
     RELEASE=$(get_latest_github_release "SonarSource/sonarqube")
     curl -fsSL "https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${RELEASE}.zip" -o $temp_file
     unzip -q "$temp_file" -d /opt
+    rm -f "$temp_file"
     mv /opt/sonarqube-${RELEASE} /opt/sonarqube
     echo "${RELEASE}" > ~/.sonarqube
     msg_ok "Updated SonarQube"

ct/typesense.sh

@@ -1,46 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: tlissak | Co-Author MickLesk
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://typesense.org/
-
-APP="TypeSense"
-var_tags="${var_tags:-database}"
-var_cpu="${var_cpu:-1}"
-var_ram="${var_ram:-1024}"
-var_disk="${var_disk:-4}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-  if [[ ! -f /etc/typesense/typesense-server.ini ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-  if check_for_gh_release "typesense" "typesense/typesense"; then
-    msg_info "Updating Typesense"
-    $STD apt update
-    $STD apt -y upgrade
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following IP:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}${IP}:8108${CL}"

ct/uhf.sh

@@ -38,8 +38,14 @@ function update_script() {
     $STD apt -y upgrade
     msg_ok "Updated LXC"
 
+    msg_info "Updating UHF Server"
+    if dpkg -l ffmpeg 2>&1 | grep -q "ii"; then
+      apt remove ffmpeg -y && apt autoremove -y
+    fi
+    setup_ffmpeg
     fetch_and_deploy_gh_release "comskip" "swapplications/comskip" "prebuild" "latest" "/opt/comskip" "comskip-x64-*.zip"
     fetch_and_deploy_gh_release "uhf-server" "swapplications/uhf-server-dist" "prebuild" "latest" "/opt/uhf-server" "UHF.Server-linux-x64-*.zip"
+    msg_ok "Updated UHF Server"
 
     msg_info "Starting Service"
     systemctl start uhf-server

ct/verdaccio.sh

@@ -1,49 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: BrynnJKnight
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://verdaccio.org/ | Github: https://github.com/verdaccio/verdaccio
-
-APP="Verdaccio"
-var_tags="${var_tags:-dev-tools;npm;registry}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-2048}"
-var_disk="${var_disk:-8}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-  if [[ ! -f /etc/systemd/system/verdaccio.service ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  msg_info "Updating LXC Container"
-  $STD apt update
-  $STD apt upgrade -y
-  msg_ok "Updated LXC Container"
-
-  NODE_VERSION="24" NODE_MODULE="verdaccio" setup_nodejs
-  systemctl restart verdaccio
-  msg_ok "Updated successfully!"
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:4873${CL}"

ct/zerobyte.sh

@@ -38,6 +38,7 @@ function update_script() {
     cp /opt/zerobyte/.env /opt/zerobyte.env.bak
     msg_ok "Backed up Configuration"
     
+    ensure_dependencies git
     NODE_VERSION="24" setup_nodejs
     CLEAN_INSTALL=1 fetch_and_deploy_gh_release "zerobyte" "nicotsx/zerobyte" "tarball"
 

install/alpine-ironclaw-install.sh

@@ -0,0 +1,76 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/nearai/ironclaw
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apk add openssl dbus gnome-keyring
+msg_ok "Installed Dependencies"
+
+msg_info "Installing PostgreSQL"
+$STD apk add postgresql17 postgresql17-openrc postgresql-pgvector postgresql-common
+$STD rc-service postgresql setup
+$STD rc-update add postgresql default
+$STD rc-service postgresql start
+msg_ok "Installed PostgreSQL"
+
+msg_info "Setting up Database"
+PG_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)
+$STD su -s /bin/sh postgres -c "psql -c \"CREATE ROLE ironclaw WITH LOGIN PASSWORD '${PG_PASS}';\""
+$STD su -s /bin/sh postgres -c "psql -c \"CREATE DATABASE ironclaw WITH OWNER ironclaw;\""
+$STD su -s /bin/sh postgres -c "psql -d ironclaw -c \"CREATE EXTENSION IF NOT EXISTS vector;\""
+msg_ok "Set up Database"
+
+fetch_and_deploy_gh_release "ironclaw-bin" "nearai/ironclaw" "prebuild" "latest" "/usr/local/bin" \
+  "ironclaw-$(uname -m)-unknown-linux-musl.tar.gz"
+chmod +x /usr/local/bin/ironclaw
+
+msg_info "Configuring IronClaw"
+mkdir -p /root/.ironclaw
+GATEWAY_TOKEN=$(openssl rand -hex 32)
+cat <<EOF >/root/.ironclaw/.env
+DATABASE_URL=postgresql://ironclaw:${PG_PASS}@localhost:5432/ironclaw?sslmode=disable
+GATEWAY_ENABLED=true
+GATEWAY_HOST=0.0.0.0
+GATEWAY_PORT=3000
+GATEWAY_AUTH_TOKEN=${GATEWAY_TOKEN}
+CLI_ENABLED=false
+AGENT_NAME=ironclaw
+RUST_LOG=ironclaw=info,tower_http=info
+EOF
+chmod 600 /root/.ironclaw/.env
+msg_ok "Configured IronClaw"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/init.d/ironclaw
+#!/sbin/openrc-run
+
+name="IronClaw"
+description="IronClaw AI Agent"
+command="/usr/bin/dbus-run-session"
+command_args="/usr/local/bin/ironclaw"
+command_background=true
+pidfile="/run/ironclaw.pid"
+directory="/root"
+supervise_daemon_args="--env-file /root/.ironclaw/.env"
+
+depend() {
+  need net postgresql
+}
+EOF
+chmod +x /etc/init.d/ironclaw
+$STD rc-update add ironclaw default
+msg_ok "Created Service"
+
+motd_ssh
+customize

install/alpine-nextcloud-install.sh

@@ -102,8 +102,9 @@ server {
         fastcgi_read_timeout 120s;
 }
 server {
-        listen       443 ssl http2;
-        listen       [::]:443 ssl http2;
+        listen       443 ssl;
+        listen       [::]:443 ssl;
+        http2        on;
         server_name  localhost;
         root /usr/share/webapps/nextcloud;
         index  index.php index.html index.htm;

install/alpine-wakapi-install.sh

@@ -18,17 +18,13 @@ $STD apk add --no-cache \
   ca-certificates \
   tzdata
 $STD update-ca-certificates
-$STD apk add --no-cache go --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community
 msg_ok "Installed Dependencies"
 
-fetch_and_deploy_gh_release "wakapi" "muety/wakapi" "tarball"
+fetch_and_deploy_gh_release "wakapi" "muety/wakapi" "prebuild" "latest" "/opt/wakapi" "wakapi_linux_amd64.zip"
 
 msg_info "Configuring Wakapi"
 LOCAL_IP=$(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1)
 cd /opt/wakapi
-$STD go mod download
-$STD go build -o wakapi
-cp config.default.yml config.yml
 sed -i 's/listen_ipv6: ::1/listen_ipv6: "-"/g' config.yml
 sed -i 's/listen_ipv4: 127.0.0.1/listen_ipv4: "0.0.0.0"/g' config.yml
 sed -i "s/public_url: http:\/\/localhost:3000/public_url: http:\/\/$LOCAL_IP:3000/g" config.yml

install/bambuddy-install.sh

@@ -14,7 +14,7 @@ network_check
 update_os
 
 msg_info "Installing Dependencies"
-$STD apt install -y libglib2.0-0
+$STD apt install -y libglib2.0-0 ffmpeg
 msg_ok "Installed Dependencies"
 
 PYTHON_VERSION="3.13" setup_uv

install/bentopdf-install.sh

@@ -13,37 +13,113 @@ setting_up_container
 network_check
 update_os
 
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  nginx \
+  openssl
+msg_ok "Installed Dependencies"
+
 NODE_VERSION="24" setup_nodejs
 fetch_and_deploy_gh_release "bentopdf" "alam00000/bentopdf" "tarball" "latest" "/opt/bentopdf"
 
 msg_info "Setup BentoPDF"
 cd /opt/bentopdf
 $STD npm ci --no-audit --no-fund
-$STD npm install http-server -g
 cp ./.env.example ./.env.production
 export NODE_OPTIONS="--max-old-space-size=3072"
 export SIMPLE_MODE=true
 export VITE_USE_CDN=true
 $STD npm run build:all
+cat <<'EOF' >/opt/bentopdf/dist/config.json
+{}
+EOF
 msg_ok "Setup BentoPDF"
 
 msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/bentopdf.service
+CERT_CN="$(hostname -I | awk '{print $1}')"
+$STD openssl req -x509 -nodes -newkey rsa:2048 -days 3650 \
+  -keyout /etc/ssl/private/bentopdf-selfsigned.key \
+  -out /etc/ssl/certs/bentopdf-selfsigned.crt \
+  -subj "/CN=${CERT_CN}"
+
+cat <<'EOF' >/etc/nginx/sites-available/bentopdf
+server {
+    listen 8080;
+    server_name _;
+    return 301 https://$host:8443$request_uri;
+}
+
+server {
+    listen 8443 ssl;
+    server_name _;
+    ssl_certificate /etc/ssl/certs/bentopdf-selfsigned.crt;
+    ssl_certificate_key /etc/ssl/private/bentopdf-selfsigned.key;
+    root /opt/bentopdf/dist;
+    index index.html;
+
+    # Required for LibreOffice WASM (Word/Excel/PowerPoint to PDF via SharedArrayBuffer)
+    add_header Cross-Origin-Opener-Policy "same-origin" always;
+    add_header Cross-Origin-Embedder-Policy "require-corp" always;
+    add_header Cross-Origin-Resource-Policy "cross-origin" always;
+    add_header X-Content-Type-Options "nosniff" always;
+    add_header X-Frame-Options "SAMEORIGIN" always;
+
+    gzip_static on;
+
+    location ~* /libreoffice-wasm/soffice\.wasm\.gz$ {
+        gzip off;
+        types {} default_type application/wasm;
+        add_header Content-Encoding gzip;
+        add_header Vary "Accept-Encoding";
+        add_header Cache-Control "public, immutable";
+    }
+
+    location ~* /libreoffice-wasm/soffice\.data\.gz$ {
+        gzip off;
+        types {} default_type application/octet-stream;
+        add_header Content-Encoding gzip;
+        add_header Vary "Accept-Encoding";
+        add_header Cache-Control "public, immutable";
+    }
+
+    location ~* \.wasm$ {
+        types {} default_type application/wasm;
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+    }
+
+    location ~* \.(wasm\.gz|data\.gz|data)$ {
+        expires 1y;
+        add_header Cache-Control "public, immutable";
+    }
+
+    location / {
+        try_files $uri $uri/ $uri.html =404;
+    }
+
+    error_page 404 /404.html;
+}
+EOF
+rm -f /etc/nginx/sites-enabled/default
+ln -sf /etc/nginx/sites-available/bentopdf /etc/nginx/sites-enabled/bentopdf
+systemctl stop nginx
+systemctl disable -q nginx
+sed -i '/application\/rss+xml/a\    application\/javascript                           mjs;' /etc/nginx/mime.types
+
+cat <<'EOF' >/etc/systemd/system/bentopdf.service
 [Unit]
 Description=BentoPDF Service
 After=network.target
 
 [Service]
 Type=simple
-WorkingDirectory=/opt/bentopdf/dist
-ExecStart=/usr/bin/npx http-server -g -b -d false -r --no-dotfiles
+ExecStart=/usr/sbin/nginx -g "daemon off;"
+ExecReload=/bin/kill -HUP $MAINPID
 Restart=always
-RestartSec=10
 
 [Install]
 WantedBy=multi-user.target
 EOF
-
 systemctl enable -q --now bentopdf
 msg_ok "Created & started service"
 

install/bookstack-install.sh

@@ -14,7 +14,9 @@ network_check
 update_os
 
 msg_info "Installing Dependencies"
-$STD apt install -y make
+$STD apt install -y \
+  make \
+  git
 msg_ok "Installed Dependencies"
 
 PHP_VERSION="8.3" PHP_APACHE="YES" PHP_FPM="YES" PHP_MODULE="ldap,tidy,mysqli" setup_php

install/changedetection-install.sh

@@ -56,6 +56,10 @@ NODE_VERSION="24" setup_nodejs
 msg_info "Installing Change Detection"
 mkdir /opt/changedetection
 $STD pip3 install changedetection.io
+cat <<EOF >/opt/changedetection/.env
+WEBDRIVER_URL=http://127.0.0.1:4444/wd/hub
+PLAYWRIGHT_DRIVER_URL=ws://localhost:3000/chrome?launch=eyJkZWZhdWx0Vmlld3BvcnQiOnsiaGVpZ2h0Ijo3MjAsIndpZHRoIjoxMjgwfSwiaGVhZGxlc3MiOmZhbHNlLCJzdGVhbHRoIjp0cnVlfQ==&blockAds=true
+EOF
 msg_ok "Installed Change Detection"
 
 msg_info "Installing Browserless & Playwright"
@@ -112,12 +116,13 @@ Description=Change Detection
 After=network-online.target
 After=network.target browserless.service
 Wants=browserless.service
+
 [Service]
 Type=simple
+EnvironmentFile=/opt/changedetection/.env
 WorkingDirectory=/opt/changedetection
-Environment=WEBDRIVER_URL=http://127.0.0.1:4444/wd/hub
-Environment=PLAYWRIGHT_DRIVER_URL=ws://localhost:3000/chrome?launch=eyJkZWZhdWx0Vmlld3BvcnQiOnsiaGVpZ2h0Ijo3MjAsIndpZHRoIjoxMjgwfSwiaGVhZGxlc3MiOmZhbHNlLCJzdGVhbHRoIjp0cnVlfQ==&blockAds=true
 ExecStart=changedetection.io -d /opt/changedetection -p 5000
+
 [Install]
 WantedBy=multi-user.target
 EOF
@@ -126,15 +131,16 @@ cat <<EOF >/etc/systemd/system/browserless.service
 [Unit]
 Description=browserless service
 After=network.target
+
 [Service]
 Environment=CONNECTION_TIMEOUT=60000
 WorkingDirectory=/opt/browserless
 ExecStart=/opt/browserless/scripts/start.sh
 SyslogIdentifier=browserless
+
 [Install]
 WantedBy=default.target
 EOF
-
 systemctl enable -q --now browserless
 systemctl enable -q --now changedetection
 msg_ok "Created Services"

install/checkmk-install.sh

@@ -15,7 +15,8 @@ update_os
 
 msg_info "Install Checkmk"
 RELEASE=$(curl -fsSL https://api.github.com/repos/checkmk/checkmk/tags | grep "name" | awk '{print substr($2, 3, length($2)-4) }' | tr ' ' '\n' | grep -Ev 'rc|b' | sort -V | tail -n 1)
-curl -fsSL "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-raw-${RELEASE}_0.bookworm_amd64.deb" -o "/opt/checkmk.deb"
+RELEASE="${RELEASE%%+*}"
+curl -fsSL "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-raw-${RELEASE}_0.$(get_os_info codename)_amd64.deb" -o "/opt/checkmk.deb"
 $STD apt-get install -y /opt/checkmk.deb
 rm -rf /opt/checkmk.deb
 echo "${RELEASE}" >"/opt/checkmk_version.txt"

install/crafty-controller-install.sh

@@ -67,12 +67,18 @@ Restart=on-failure
 WantedBy=multi-user.target
 EOF
 $STD systemctl enable -q --now crafty-controller
-sleep 10
-{
-  echo "Crafty-Controller-Credentials"
-  echo "Username: $(grep -oP '(?<="username": ")[^"]*' /opt/crafty-controller/crafty/crafty-4/app/config/default-creds.txt)"
-  echo "Password: $(grep -oP '(?<="password": ")[^"]*' /opt/crafty-controller/crafty/crafty-4/app/config/default-creds.txt)"
-} >>~/crafty-controller.creds
+CREDS_FILE="/opt/crafty-controller/crafty/crafty-4/app/config/default-creds.txt"
+for i in $(seq 1 30); do
+  [[ -f "$CREDS_FILE" ]] && break
+  sleep 2
+done
+if [[ -f "$CREDS_FILE" ]]; then
+  {
+    echo "Crafty-Controller-Credentials"
+    echo "Username: $(grep -oP '(?<="username": ")[^"]*' "$CREDS_FILE")"
+    echo "Password: $(grep -oP '(?<="password": ")[^"]*' "$CREDS_FILE")"
+  } >>~/crafty-controller.creds
+fi
 msg_ok "Service started"
 
 motd_ssh

install/daemonsync-install.sh

@@ -1,28 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 tteck
-# Author: tteck (tteckster)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://daemonsync.me/
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y g++-multilib
-msg_ok "Installed Dependencies"
-
-msg_info "Installing Daemon Sync Server"
-curl -fsSL "https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/tools/addon/daemonsync_2.2.0.0059_amd64.deb" -o "daemonsync_2.2.0.0059_amd64.deb"
-$STD dpkg -i daemonsync_2.2.0.0059_amd64.deb
-rm -rf daemonsync_2.2.0.0059_amd64.deb
-msg_ok "Installed Daemon Sync Server"
-
-motd_ssh
-customize
-cleanup_lxc

install/elementsynapse-install.sh

@@ -43,6 +43,24 @@ SECRET=$(openssl rand -hex 32)
 ADMIN_PASS="$(openssl rand -base64 18 | cut -c1-13)"
 echo "enable_registration_without_verification: true" >>/etc/matrix-synapse/homeserver.yaml
 echo "registration_shared_secret: ${SECRET}" >>/etc/matrix-synapse/homeserver.yaml
+
+cat <<EOF >>/etc/matrix-synapse/homeserver.yaml
+
+# MatrixRTC / Element Call configuration
+experimental_features:
+  msc3266_enabled: true
+  msc4222_enabled: true
+
+max_event_delay_duration: 24h
+
+rc_message:
+  per_second: 0.5
+  burst_count: 30
+
+rc_delayed_event_mgmt:
+  per_second: 1
+  burst_count: 20
+EOF
 systemctl enable -q --now matrix-synapse
 $STD register_new_matrix_user -a --user admin --password "$ADMIN_PASS" --config /etc/matrix-synapse/homeserver.yaml
 {

install/flaresolverr-install.sh

@@ -29,7 +29,9 @@ setup_deb822_repo \
 $STD apt update
 $STD apt install -y google-chrome-stable
 # remove google-chrome.list added by google-chrome-stable
-rm /etc/apt/sources.list.d/google-chrome.list
+if [ -f /etc/apt/sources.list.d/google-chrome.list ]; then
+  rm /etc/apt/sources.list.d/google-chrome.list
+fi
 msg_ok "Installed Chrome"
 
 fetch_and_deploy_gh_release "flaresolverr" "FlareSolverr/FlareSolverr" "prebuild" "latest" "/opt/flaresolverr" "flaresolverr_linux_x64.tar.gz"

install/github-runner-install.sh

@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://docs.github.com/en/actions/hosting-your-own-runners
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  git \
+  gh
+msg_ok "Installed Dependencies"
+
+NODE_VERSION="24" setup_nodejs
+
+msg_info "Creating runner user (no sudo)"
+useradd -m -s /bin/bash runner
+msg_ok "Runner user ready"
+
+fetch_and_deploy_gh_release "actions-runner" "actions/runner" "prebuild" "latest" "/opt/actions-runner" "actions-runner-linux-x64-*.tar.gz"
+
+msg_info "Setting ownership for runner user"
+chown -R runner:runner /opt/actions-runner
+msg_ok "Ownership set"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/actions-runner.service
+[Unit]
+Description=GitHub Actions self-hosted runner
+Documentation=https://docs.github.com/en/actions/hosting-your-own-runners
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=runner
+WorkingDirectory=/opt/actions-runner
+ExecStart=/opt/actions-runner/run.sh
+Restart=on-failure
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q actions-runner
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc

install/homarr-install.sh

@@ -47,6 +47,8 @@ mkdir -p /appdata/redis
 chown -R redis:redis /appdata/redis
 chmod 744 /appdata/redis
 cp /opt/homarr/redis.conf /etc/redis/redis.conf
+sed -i -e '$a\' /etc/redis/redis.conf
+grep -q '^bind 127.0.0.1 -::1$' /etc/redis/redis.conf || echo "bind 127.0.0.1 -::1" >>/etc/redis/redis.conf
 rm /etc/nginx/nginx.conf
 mkdir -p /etc/nginx/templates
 cp /opt/homarr/nginx.conf /etc/nginx/templates/nginx.conf
@@ -80,7 +82,7 @@ chmod +x /opt/homarr/run.sh
 systemctl daemon-reload
 systemctl enable -q --now redis-server
 systemctl enable -q --now homarr
-systemctl disable -q --now nginx 
+systemctl disable -q --now nginx
 msg_ok "Created Services"
 
 motd_ssh

install/homelable-install.sh

@@ -0,0 +1,103 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/Pouzor/homelable
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  nmap \
+  iputils-ping \
+  caddy
+msg_ok "Installed Dependencies"
+
+UV_PYTHON="3.13" setup_uv
+NODE_VERSION="20" setup_nodejs
+fetch_and_deploy_gh_release "homelable" "Pouzor/homelable" "tarball" "latest" "/opt/homelable"
+
+msg_info "Setting up Python Backend"
+cd /opt/homelable/backend
+$STD uv venv /opt/homelable/backend/.venv
+$STD uv pip install --python /opt/homelable/backend/.venv/bin/python -r requirements.txt
+msg_ok "Set up Python Backend"
+
+msg_info "Configuring Homelable"
+mkdir -p /opt/homelable/data
+SECRET_KEY=$(openssl rand -hex 32)
+BCRYPT_HASH=$(/opt/homelable/backend/.venv/bin/python -c "from passlib.context import CryptContext; print(CryptContext(schemes=['bcrypt']).hash('admin'))")
+cat <<EOF >/opt/homelable/backend/.env
+SECRET_KEY=${SECRET_KEY}
+SQLITE_PATH=/opt/homelable/data/homelab.db
+CORS_ORIGINS=["http://localhost:3000","http://${LOCAL_IP}:3000"]
+AUTH_USERNAME=admin
+AUTH_PASSWORD_HASH='${BCRYPT_HASH}'
+SCANNER_RANGES=["192.168.1.0/24"]
+STATUS_CHECKER_INTERVAL=60
+EOF
+msg_ok "Configured Homelable"
+
+msg_info "Building Frontend"
+cd /opt/homelable/frontend
+$STD npm ci
+$STD npm run build
+msg_ok "Built Frontend"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/homelable.service
+[Unit]
+Description=Homelable Backend
+After=network.target
+
+[Service]
+Type=simple
+WorkingDirectory=/opt/homelable/backend
+EnvironmentFile=/opt/homelable/backend/.env
+ExecStart=/opt/homelable/backend/.venv/bin/uvicorn app.main:app --host 127.0.0.1 --port 8000
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now homelable
+msg_ok "Created Service"
+
+msg_info "Configuring Caddy"
+cat <<EOF >/etc/caddy/Caddyfile
+:3000 {
+    root * /opt/homelable/frontend/dist
+    file_server
+
+    @websocket path /api/v1/status/ws/*
+    handle @websocket {
+        reverse_proxy 127.0.0.1:8000
+    }
+
+    handle /ws/* {
+        reverse_proxy 127.0.0.1:8000
+    }
+
+    handle /api/* {
+        reverse_proxy 127.0.0.1:8000
+    }
+
+    handle {
+        try_files {path} {path}.html /index.html
+    }
+}
+EOF
+systemctl reload caddy
+msg_ok "Configured Caddy"
+
+motd_ssh
+customize
+cleanup_lxc

install/immich-install.sh

@@ -175,7 +175,8 @@ cd "$STAGING_DIR"
 SOURCE=${SOURCE_DIR}/libjxl
 JPEGLI_LIBJPEG_LIBRARY_SOVERSION="62"
 JPEGLI_LIBJPEG_LIBRARY_VERSION="62.3.0"
-: "${LIBJXL_REVISION:=$(jq -cr '.revision' $BASE_DIR/server/sources/libjxl.json)}"
+LIBJXL_REVISION="794a5dcf0d54f9f0b20d288a12e87afb91d20dfc"
+# : "${LIBJXL_REVISION:=$(jq -cr '.revision' $BASE_DIR/server/sources/libjxl.json)}"
 $STD git clone https://github.com/libjxl/libjxl.git "$SOURCE"
 cd "$SOURCE"
 $STD git reset --hard "$LIBJXL_REVISION"
@@ -212,7 +213,8 @@ msg_ok "(1/5) Compiled libjxl"
 
 msg_info "(2/5) Compiling libheif"
 SOURCE=${SOURCE_DIR}/libheif
-: "${LIBHEIF_REVISION:=$(jq -cr '.revision' $BASE_DIR/server/sources/libheif.json)}"
+LIBHEIF_REVISION="35dad50a9145332a7bfdf1ff6aef6801fb613d68"
+# : "${LIBHEIF_REVISION:=$(jq -cr '.revision' $BASE_DIR/server/sources/libheif.json)}"
 $STD git clone https://github.com/strukturag/libheif.git "$SOURCE"
 cd "$SOURCE"
 $STD git reset --hard "$LIBHEIF_REVISION"
@@ -237,7 +239,8 @@ msg_ok "(2/5) Compiled libheif"
 
 msg_info "(3/5) Compiling libraw"
 SOURCE=${SOURCE_DIR}/libraw
-: "${LIBRAW_REVISION:=$(jq -cr '.revision' $BASE_DIR/server/sources/libraw.json)}"
+LIBRAW_REVISION="0b56545a4f828743f28a4345cdfdd4c49f9f9a2a"
+# : "${LIBRAW_REVISION:=$(jq -cr '.revision' $BASE_DIR/server/sources/libraw.json)}"
 $STD git clone https://github.com/LibRaw/LibRaw.git "$SOURCE"
 cd "$SOURCE"
 $STD git reset --hard "$LIBRAW_REVISION"
@@ -295,7 +298,7 @@ ML_DIR="${APP_DIR}/machine-learning"
 GEO_DIR="${INSTALL_DIR}/geodata"
 mkdir -p {"${APP_DIR}","${UPLOAD_DIR}","${GEO_DIR}","${INSTALL_DIR}"/cache}
 
-fetch_and_deploy_gh_release "Immich" "immich-app/immich" "tarball" "v2.6.3" "$SRC_DIR"
+fetch_and_deploy_gh_release "Immich" "immich-app/immich" "tarball" "v2.7.5" "$SRC_DIR"
 PNPM_VERSION="$(jq -r '.packageManager | split("@")[1] | split("+")[0]' ${SRC_DIR}/package.json)"
 NODE_VERSION="24" NODE_MODULE="pnpm@${PNPM_VERSION}" setup_nodejs
 
@@ -312,6 +315,12 @@ $STD pnpm --filter immich --frozen-lockfile build
 unset SHARP_IGNORE_GLOBAL_LIBVIPS
 export SHARP_FORCE_GLOBAL_LIBVIPS=true
 $STD pnpm --filter immich --frozen-lockfile --prod --no-optional deploy "$APP_DIR"
+
+# Patch helmet.json: disable upgrade-insecure-requests for HTTP access
+if [[ -f "$APP_DIR/helmet.json" ]]; then
+  jq '.contentSecurityPolicy.directives["upgrade-insecure-requests"] = null' "$APP_DIR/helmet.json" >"$APP_DIR/helmet.json.tmp" && mv "$APP_DIR/helmet.json.tmp" "$APP_DIR/helmet.json"
+fi
+
 cp "$APP_DIR"/package.json "$APP_DIR"/bin
 sed -i "s|^start|${APP_DIR}/bin/start|" "$APP_DIR"/bin/immich-admin
 
@@ -419,6 +428,9 @@ IMMICH_VERSION=release
 NODE_ENV=production
 IMMICH_ALLOW_SETUP=true
 
+## Change to 'false' to disable CSP
+IMMICH_HELMET_FILE=true
+
 DB_HOSTNAME=127.0.0.1
 DB_USERNAME=${PG_DB_USER}
 DB_PASSWORD=${PG_DB_PASS}

install/ironclaw-install.sh

@@ -0,0 +1,69 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/nearai/ironclaw
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  dbus-user-session \
+  gnome-keyring \
+  libsecret-tools
+msg_ok "Installed Dependencies"
+
+PG_VERSION="17" PG_MODULES="pgvector" setup_postgresql
+PG_DB_NAME="ironclaw" PG_DB_USER="ironclaw" PG_DB_EXTENSIONS="vector" setup_postgresql_db
+
+fetch_and_deploy_gh_release "ironclaw-bin" "nearai/ironclaw" "prebuild" "latest" "/usr/local/bin" \
+  "ironclaw-$(uname -m)-unknown-linux-$([[ -f /etc/alpine-release ]] && echo "musl" || echo "gnu").tar.gz"
+chmod +x /usr/local/bin/ironclaw
+
+msg_info "Configuring IronClaw"
+mkdir -p /root/.ironclaw
+GATEWAY_TOKEN=$(openssl rand -hex 32)
+cat <<EOF >/root/.ironclaw/.env
+DATABASE_URL=postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}?sslmode=disable
+GATEWAY_ENABLED=true
+GATEWAY_HOST=0.0.0.0
+GATEWAY_PORT=3000
+GATEWAY_AUTH_TOKEN=${GATEWAY_TOKEN}
+CLI_ENABLED=false
+AGENT_NAME=ironclaw
+RUST_LOG=ironclaw=info,tower_http=info
+EOF
+chmod 600 /root/.ironclaw/.env
+msg_ok "Configured IronClaw"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/ironclaw.service
+[Unit]
+Description=IronClaw AI Agent
+After=network.target postgresql.service
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/root
+EnvironmentFile=/root/.ironclaw/.env
+ExecStart=/usr/bin/dbus-run-session /usr/local/bin/ironclaw
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q ironclaw
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc

install/kasm-install.sh

@@ -18,18 +18,21 @@ $STD sh <(curl -fsSL https://get.docker.com/)
 msg_ok "Installed Docker"
 
 msg_info "Detecting latest Kasm Workspaces release"
-KASM_URL=$(curl -fsSL "https://www.kasm.com/downloads" | tr '\n' ' ' | grep -oE 'https://kasm-static-content[^"]*kasm_release_[0-9]+\.[0-9]+\.[0-9]+\.[a-z0-9]+\.tar\.gz' | head -n 1)
-if [[ -z "$KASM_URL" ]]; then
-  SERVICE_IMAGE_URL=$(curl -fsSL "https://www.kasm.com/downloads" | tr '\n' ' ' | grep -oE 'https://kasm-static-content[^"]*kasm_release_service_images_amd64_[0-9]+\.[0-9]+\.[0-9]+\.tar\.gz' | head -n 1)
-  if [[ -n "$SERVICE_IMAGE_URL" ]]; then
-    KASM_VERSION=$(echo "$SERVICE_IMAGE_URL" | sed -E 's/.*kasm_release_service_images_amd64_([0-9]+\.[0-9]+\.[0-9]+).*/\1/')
-    KASM_URL="https://kasm-static-content.s3.amazonaws.com/kasm_release_${KASM_VERSION}.tar.gz"
-  fi
-else
-  KASM_VERSION=$(echo "$KASM_URL" | sed -E 's/.*kasm_release_([0-9]+\.[0-9]+\.[0-9]+).*/\1/')
-fi
+KASM_VERSION=$(curl -s https://kasm.com/downloads | grep -oP '<h1[^>]*>.*?</h1>' | sed -E 's/<\/?h1[^>]*>//g' | grep -oP '\d+\.\d+\.\d+')
+KASM_URL="https://kasm-static-content.s3.amazonaws.com/kasm_release_${KASM_VERSION:-var_kasm_version}.tar.gz"
+  
+# KASM_URL=$(curl -fsSL "https://www.kasm.com/downloads" | tr '\n' ' ' | grep -oE 'https://kasm-static-content[^"]*kasm_release_[0-9]+\.[0-9]+\.[0-9]+\.[a-z0-9]+\.tar\.gz' | head -n 1)
+# if [[ -z "$KASM_URL" ]]; then
+#   SERVICE_IMAGE_URL=$(curl -fsSL "https://www.kasm.com/downloads" | tr '\n' ' ' | grep -oE 'https://kasm-static-content[^"]*kasm_release_service_images_amd64_[0-9]+\.[0-9]+\.[0-9]+\.tar\.gz' | head -n 1)
+#   if [[ -n "$SERVICE_IMAGE_URL" ]]; then
+#     KASM_VERSION=$(echo "$SERVICE_IMAGE_URL" | sed -E 's/.*kasm_release_service_images_amd64_([0-9]+\.[0-9]+\.[0-9]+).*/\1/')
+#     KASM_URL="https://kasm-static-content.s3.amazonaws.com/kasm_release_${KASM_VERSION}.tar.gz"
+#   fi
+# else
+#   KASM_VERSION=$(echo "$KASM_URL" | sed -E 's/.*kasm_release_([0-9]+\.[0-9]+\.[0-9]+).*/\1/')
+# fi
 
-if [[ -z "$KASM_URL" ]] || [[ -z "$KASM_VERSION" ]]; then
+if [[ -z "$KASM_VERSION" ]] || [[ -z "$KASM_URL" ]]; then
   msg_error "Unable to detect latest Kasm release URL."
   exit 250
 fi

install/lyrionmusicserver-install.sh

@@ -14,10 +14,10 @@ network_check
 update_os
 
 msg_info "Setup Lyrion Music Server"
-DEB_URL=$(curl -fsSL 'https://lyrion.org/getting-started/' | grep -oP '<a\s[^>]*href="\K[^"]*amd64\.deb(?="[^>]*>)' | head -n 1)
+DEB_URL=$(curl_with_retry 'https://lyrion.org/getting-started/' | grep -oP '<a\s[^>]*href="\K[^"]*amd64\.deb(?="[^>]*>)' | head -n 1)
 RELEASE=$(echo "$DEB_URL" | grep -oP 'lyrionmusicserver_\K[0-9.]+(?=_amd64\.deb)')
 DEB_FILE="/tmp/lyrionmusicserver_${RELEASE}_amd64.deb"
-curl -fsSL -o "$DEB_FILE" "$DEB_URL"
+curl_with_retry "$DEB_URL" "$DEB_FILE"
 $STD apt install "$DEB_FILE" -y
 rm -f "$DEB_FILE"
 echo "${RELEASE}" >"/opt/lyrion_version.txt"

install/mealie-install.sh

@@ -30,7 +30,7 @@ msg_ok "Installed Dependencies"
 PYTHON_VERSION="3.12" setup_uv
 PG_VERSION="16" setup_postgresql
 NODE_MODULE="yarn" NODE_VERSION="24" setup_nodejs
-fetch_and_deploy_gh_release "mealie" "mealie-recipes/mealie" "tarball" "latest" "/opt/mealie"
+fetch_and_deploy_gh_release "mealie" "mealie-recipes/mealie" "tarball"
 PG_DB_NAME="mealie_db" PG_DB_USER="mealie_user" PG_DB_GRANT_SUPERUSER="true" setup_postgresql_db
 
 msg_info "Installing Python Dependencies with uv"
@@ -42,9 +42,10 @@ msg_info "Building Frontend"
 MEALIE_VERSION=$(<$HOME/.mealie)
 export NUXT_TELEMETRY_DISABLED=1
 cd /opt/mealie/frontend
-$STD sed -i "s|https://github.com/mealie-recipes/mealie/commit/|https://github.com/mealie-recipes/mealie/releases/tag/|g" /opt/mealie/frontend/pages/admin/site-settings.vue
-$STD sed -i "s|value: data.buildId,|value: \"v${MEALIE_VERSION}\",|g" /opt/mealie/frontend/pages/admin/site-settings.vue
-$STD sed -i "s|value: data.production ? i18n.t(\"about.production\") : i18n.t(\"about.development\"),|value: \"bare-metal\",|g" /opt/mealie/frontend/pages/admin/site-settings.vue
+SITE_SETTINGS=$(find /opt/mealie/frontend -name "site-settings.vue" -path "*/admin/*" | head -1)
+$STD sed -i "s|https://github.com/mealie-recipes/mealie/commit/|https://github.com/mealie-recipes/mealie/releases/tag/|g" "$SITE_SETTINGS"
+$STD sed -i "s|value: data.buildId,|value: \"v${MEALIE_VERSION}\",|g" "$SITE_SETTINGS"
+$STD sed -i "s|value: data.production ? i18n.t(\"about.production\") : i18n.t(\"about.development\"),|value: \"bare-metal\",|g" "$SITE_SETTINGS"
 $STD yarn install --prefer-offline --frozen-lockfile --non-interactive --production=false --network-timeout 1000000
 $STD yarn generate
 msg_ok "Built Frontend"

install/metube-install.sh

@@ -41,6 +41,7 @@ if command -v corepack >/dev/null 2>&1; then
   $STD corepack enable
   $STD corepack prepare pnpm --activate || true
 fi
+echo 'onlyBuiltDependencies=*' >> .npmrc
 $STD pnpm install --frozen-lockfile
 $STD pnpm run build
 cd /opt/metube

install/opencloud-install.sh

@@ -64,7 +64,7 @@ $STD sudo -u cool coolconfig set-admin-password --user=admin --password="$COOLPA
 echo "$COOLPASS" >~/.coolpass
 msg_ok "Installed Collabora Online"
 
-fetch_and_deploy_gh_release "OpenCloud" "opencloud-eu/opencloud" "singlefile" "v5.2.0" "/usr/bin" "opencloud-*-linux-amd64"
+fetch_and_deploy_gh_release "OpenCloud" "opencloud-eu/opencloud" "singlefile" "v6.0.0" "/usr/bin" "opencloud-*-linux-amd64"
 mv /usr/bin/OpenCloud /usr/bin/opencloud
 
 msg_info "Configuring OpenCloud"

install/openthread-br-install.sh

@@ -0,0 +1,94 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://openthread.io/guides/border-router
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  build-essential \
+  cmake \
+  ninja-build \
+  pkg-config \
+  git \
+  iproute2 \
+  libreadline-dev \
+  libncurses-dev \
+  rsyslog \
+  dbus \
+  libdbus-1-dev \
+  libjsoncpp-dev \
+  iptables \
+  ipset \
+  bind9 \
+  libnetfilter-queue1 \
+  libnetfilter-queue-dev \
+  libprotobuf-dev \
+  protobuf-compiler \
+  socat
+msg_ok "Installed Dependencies"
+
+setup_nodejs
+
+msg_info "Cloning OpenThread Border Router"
+# git clone is needed to fetch submodules, fetch_and_deploy_gh_release doesn't support this. We use --depth 1 to minimize the amount of data cloned, but it still may take a while.
+$STD git clone --depth 1 https://github.com/openthread/ot-br-posix /opt/ot-br-posix
+cd /opt/ot-br-posix
+$STD git submodule update --depth 1 --init --recursive
+msg_ok "Cloned OpenThread Border Router"
+
+msg_info "Building OpenThread Border Router (Patience)"
+mkdir -p build && cd build
+$STD cmake -GNinja \
+  -DBUILD_TESTING=OFF \
+  -DCMAKE_INSTALL_PREFIX=/usr \
+  -DOTBR_DBUS=ON \
+  -DOTBR_MDNS=openthread \
+  -DOTBR_REST=ON \
+  -DOTBR_WEB=ON \
+  -DOTBR_BORDER_ROUTING=ON \
+  -DOTBR_BACKBONE_ROUTER=ON \
+  -DOT_FIREWALL=ON \
+  -DOT_POSIX_NAT64_CIDR="192.168.255.0/24" \
+  ..
+$STD ninja
+$STD ninja install
+msg_ok "Built OpenThread Border Router"
+
+msg_info "Configuring Network"
+cat <<EOF >/etc/sysctl.d/99-otbr.conf
+net.ipv6.conf.all.forwarding=1
+net.ipv4.ip_forward=1
+EOF
+$STD sysctl -p /etc/sysctl.d/99-otbr.conf
+msg_ok "Configured Network"
+
+msg_info "Configuring Services"
+cat <<'EOF' >/etc/default/otbr-agent
+# USB example:
+#   OTBR_AGENT_OPTS="-I wpan0 -B eth0 --vendor-name OpenThread --model-name BorderRouter --rest-listen-address 0.0.0.0 --rest-listen-port 8081 spinel+hdlc+uart:///dev/ttyACM0"
+# TCP via socat (for network-attached RCP like SLZB-06/SLZB-MR3):
+
+#   OTBR_AGENT_OPTS="-I wpan0 -B eth0 --vendor-name OpenThread --model-name BorderRouter --rest-listen-address 0.0.0.0 --rest-listen-port 8081 spinel+hdlc+forkpty:///usr/bin/socat?forkpty-arg=-,rawer&forkpty-arg=tcp:IP:PORT trel://eth0"
+OTBR_AGENT_OPTS="-I wpan0 -B eth0 --vendor-name OpenThread --model-name BorderRouter --rest-listen-address 0.0.0.0 --rest-listen-port 8081 spinel+hdlc+uart:///dev/ttyACM0"
+EOF
+cat <<'EOF' >/etc/default/otbr-web
+OTBR_WEB_OPTS="-I wpan0 -a 0.0.0.0 -p 80"
+EOF
+systemctl enable -q dbus rsyslog otbr-agent otbr-web
+systemctl enable -q bind9 2>/dev/null || systemctl enable -q named 2>/dev/null || true
+systemctl start -q dbus rsyslog bind9
+msg_ok "Configured Services"
+
+motd_ssh
+customize
+cleanup_lxc

install/pf2etools-install.sh

@@ -1,47 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: TheRealVira
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://pf2etools.com/ | Github: https://github.com/Pf2eToolsOrg/Pf2eTools
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  apache2 \
-  ca-certificates \
-  git
-msg_ok "Installed Dependencies"
-
-NODE_VERSION="22" setup_nodejs
-fetch_and_deploy_gh_release "pf2etools" "Pf2eToolsOrg/Pf2eTools" "tarball" "latest" "/opt/Pf2eTools"
-
-msg_info "Configuring Pf2eTools"
-cd /opt/Pf2eTools
-$STD npm install
-$STD npm run build
-msg_ok "Configured Pf2eTools"
-
-msg_info "Creating Service"
-cat <<EOF >>/etc/apache2/apache2.conf
-<Location /server-status>
-    SetHandler server-status
-    Order deny,allow
-    Allow from all
-</Location>
-EOF
-rm -rf /var/www/html
-ln -s "/opt/Pf2eTools" /var/www/html
-chown -R www-data: "/opt/Pf2eTools"
-chmod -R 755 "/opt/Pf2eTools"
-msg_ok "Created Service"
-cleanup_lxc
-motd_ssh
-customize

install/reitti-install.sh

@@ -16,7 +16,6 @@ update_os
 msg_info "Installing Dependencies"
 $STD apt install -y \
   redis-server \
-  rabbitmq-server \
   libpq-dev \
   zstd \
   nginx
@@ -26,26 +25,8 @@ JAVA_VERSION="25" setup_java
 PG_VERSION="17" PG_MODULES="postgis" setup_postgresql
 PG_DB_NAME="reitti_db" PG_DB_USER="reitti" PG_DB_EXTENSIONS="postgis" setup_postgresql_db
 
-msg_info "Configuring RabbitMQ"
-RABBIT_USER="reitti"
-RABBIT_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)"
-RABBIT_VHOST="/"
-$STD rabbitmqctl add_user "$RABBIT_USER" "$RABBIT_PASS"
-$STD rabbitmqctl add_vhost "$RABBIT_VHOST"
-$STD rabbitmqctl set_permissions -p "$RABBIT_VHOST" "$RABBIT_USER" ".*" ".*" ".*"
-$STD rabbitmqctl set_user_tags "$RABBIT_USER" administrator
-{
-  echo ""
-  echo "Reitti Credentials"
-  echo "RabbitMQ User: $RABBIT_USER"
-  echo "RabbitMQ Password: $RABBIT_PASS"
-} >>~/reitti.creds
-msg_ok "Configured RabbitMQ"
-
 USE_ORIGINAL_FILENAME="true" fetch_and_deploy_gh_release "reitti" "dedicatedcode/reitti" "singlefile" "latest" "/opt/reitti" "reitti-app.jar"
 mv /opt/reitti/reitti-*.jar /opt/reitti/reitti.jar
-USE_ORIGINAL_FILENAME="true" fetch_and_deploy_gh_release "photon" "komoot/photon" "singlefile" "latest" "/opt/photon" "photon-*.jar"
-mv /opt/photon/photon-*.jar /opt/photon/photon.jar
 
 msg_info "Installing Nginx Tile Cache"
 mkdir -p /var/cache/nginx/tiles
@@ -73,57 +54,105 @@ EOF
 chown -R www-data:www-data /var/cache/nginx
 chmod -R 750 /var/cache/nginx
 systemctl restart nginx
-msg_info "Installed Nginx Tile Cache"
+msg_ok "Installed Nginx Tile Cache"
 
 msg_info "Creating Reitti Configuration-File"
 mkdir -p /opt/reitti/data
 cat <<EOF >/opt/reitti/application.properties
-# Reitti Server Base URI
-reitti.server.advertise-uri=http://127.0.0.1:8080
+# Server configuration
+server.port=8080
+server.servlet.context-path=/
+server.forward-headers-strategy=framework
+server.compression.enabled=true
+server.compression.min-response-size=1024
+server.compression.mime-types=text/plain,application/json
 
-# PostgreSQL Database Connection
+# Logging configuration
+logging.level.root=INFO
+logging.level.org.hibernate.engine.jdbc.spi.SqlExceptionHelper=FATAL
+logging.level.com.dedicatedcode.reitti=INFO
+
+# Internationalization
+spring.messages.basename=messages
+spring.messages.encoding=UTF-8
+spring.messages.cache-duration=3600
+spring.messages.fallback-to-system-locale=false
+
+# PostgreSQL configuration
 spring.datasource.url=jdbc:postgresql://127.0.0.1:5432/$PG_DB_NAME
 spring.datasource.username=$PG_DB_USER
 spring.datasource.password=$PG_DB_PASS
-spring.datasource.driver-class-name=org.postgresql.Driver
+spring.datasource.hikari.maximum-pool-size=20
 
-# Flyway Database Migrations
-spring.flyway.enabled=true
-spring.flyway.locations=classpath:db/migration
-spring.flyway.baseline-on-migrate=true
-
-# RabbitMQ (Message Queue)
-spring.rabbitmq.host=127.0.0.1
-spring.rabbitmq.port=5672
-spring.rabbitmq.username=$RABBIT_USER
-spring.rabbitmq.password=$RABBIT_PASS
-
-# Redis (Cache)
+# Redis configuration
 spring.data.redis.host=127.0.0.1
 spring.data.redis.port=6379
+spring.data.redis.username=
+spring.data.redis.password=
+spring.data.redis.database=0
+spring.cache.redis.key-prefix=
 
-# Server Port
-server.port=8080
+spring.cache.cache-names=processed-visits,significant-places,users,magic-links,configurations,transport-mode-configs,avatarThumbnails,avatarData,user-settings
+spring.cache.redis.time-to-live=1d
 
-# Optional: Logging & Performance
-logging.level.root=INFO
-spring.jpa.hibernate.ddl-auto=none
-spring.datasource.hikari.maximum-pool-size=10
+# Upload configuration
+spring.servlet.multipart.max-file-size=5GB
+spring.servlet.multipart.max-request-size=5GB
+server.tomcat.max-part-count=100
+
+# Rqueue configuration
+rqueue.web.enable=false
+rqueue.job.enabled=false
+rqueue.message.durability.in-terminal-state=0
+rqueue.key.prefix=\${spring.cache.redis.key-prefix}
+rqueue.message.converter.provider.class=com.dedicatedcode.reitti.config.RQueueCustomMessageConverter
+
+# Application-specific settings
+reitti.server.advertise-uri=
+
+reitti.security.local-login.disable=false
 
 # OIDC / Security Settings
+reitti.security.oidc.enabled=false
 reitti.security.oidc.registration.enabled=false
 
-# Photon (Geocoding)
-PHOTON_BASE_URL=http://127.0.0.1:2322
-PROCESSING_WAIT_TIME=15
-PROCESSING_BATCH_SIZE=1000
-PROCESSING_WORKERS_PER_QUEUE=4-16
+reitti.import.batch-size=10000
+reitti.import.processing-idle-start-time=10
 
-# Disable potentially dangerous features unless needed
-DANGEROUS_LIFE=false
+reitti.geo-point-filter.max-speed-kmh=1000
+reitti.geo-point-filter.max-accuracy-meters=100
+reitti.geo-point-filter.history-lookback-hours=24
+reitti.geo-point-filter.window-size=50
 
-# Tiles Cache
+reitti.process-data.schedule=0 */10 * * * *
+reitti.process-data.refresh-views.schedule=0 0 4 * * *
+reitti.imports.schedule=0 5/10 * * * *
+reitti.imports.owntracks-recorder.schedule=\${reitti.imports.schedule}
+
+# Geocoding service configuration
+reitti.geocoding.max-errors=10
+reitti.geocoding.photon.base-url=
+
+# Tiles Configuration
 reitti.ui.tiles.cache.url=http://127.0.0.1
+reitti.ui.tiles.default.service=https://tile.openstreetmap.org/{z}/{x}/{y}.png
+reitti.ui.tiles.default.attribution=&copy; <a href="https://www.openstreetmap.org/copyright">OpenStreetMap</a> contributors
+
+# Data management configuration
+reitti.data-management.enabled=false
+reitti.data-management.preview-cleanup.cron=0 0 4 * * *
+
+reitti.storage.path=data/
+reitti.storage.cleanup.cron=0 0 4 * * *
+
+# Location data density normalization
+reitti.location.density.target-points-per-minute=4
+
+# Logging buffer
+reitti.logging.buffer-size=1000
+reitti.logging.max-buffer-size=10000
+
+spring.config.import=optional:oidc.properties
 EOF
 msg_ok "Created Configuration-File for Reitti"
 
@@ -131,8 +160,8 @@ msg_info "Creating Services"
 cat <<EOF >/etc/systemd/system/reitti.service
 [Unit]
 Description=Reitti
-After=network.target postgresql.service redis-server.service rabbitmq-server.service photon.service
-Wants=postgresql.service redis-server.service rabbitmq-server.service photon.service
+After=network.target postgresql.service redis-server.service
+Wants=postgresql.service redis-server.service
 
 [Service]
 Type=simple
@@ -146,26 +175,6 @@ Restart=on-failure
 WantedBy=multi-user.target
 EOF
 
-cat <<EOF >/etc/systemd/system/photon.service
-[Unit]
-Description=Photon Geocoding Service (Germany, OpenSearch)
-After=network.target
-
-[Service]
-Type=simple
-WorkingDirectory=/opt/photon
-ExecStart=/usr/bin/java -Xmx4g -jar photon.jar \
-  -data-dir /opt/photon \
-  -listen-port 2322 \
-  -listen-ip 0.0.0.0 \
-  -cors-any
-Restart=on-failure
-TimeoutStopSec=20
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now photon
 systemctl enable -q --now reitti
 msg_ok "Created Services"
 

install/romm-install.sh

@@ -176,8 +176,10 @@ $STD npm run build
 cp -rf /opt/romm/frontend/assets/* /opt/romm/frontend/dist/assets/
 
 mkdir -p /opt/romm/frontend/dist/assets/romm
-ln -sfn /var/lib/romm/resources /opt/romm/frontend/dist/assets/romm/resources
-ln -sfn /var/lib/romm/assets /opt/romm/frontend/dist/assets/romm/assets
+ROMM_BASE=$(grep '^ROMM_BASE_PATH=' /opt/romm/.env | cut -d'=' -f2)
+ROMM_BASE=${ROMM_BASE:-/var/lib/romm}
+ln -sfn "$ROMM_BASE"/resources /opt/romm/frontend/dist/assets/romm/resources
+ln -sfn "$ROMM_BASE"/assets /opt/romm/frontend/dist/assets/romm/assets
 msg_ok "Set up RomM Frontend"
 
 msg_info "Configuring Nginx"
@@ -251,6 +253,7 @@ server {
 }
 EOF
 
+sed -i "s|alias /var/lib/romm/library/;|alias ${ROMM_BASE}/library/;|" /etc/nginx/sites-available/romm
 rm -f /etc/nginx/sites-enabled/default
 ln -sf /etc/nginx/sites-available/romm /etc/nginx/sites-enabled/romm
 systemctl restart nginx

install/slskd-install.sh

@@ -48,12 +48,15 @@ if [[ ${soularr,,} =~ ^(y|yes)$ ]]; then
 #!/usr/bin/env bash
 
 if ps aux | grep "[s]oularr.py" >/dev/null; then
-  echo "Soularr is already running. Exiting..."
+  echo "Soularr is already running. Exiting..." >&2
   exit 1
-else
-  source /opt/soularr/venv/bin/activate
-  uv run python3 -u /opt/soularr/soularr.py --config-dir /opt/soularr
 fi
+
+# Remove stale lock file from previous ungraceful exit
+rm -f "/opt/soularr/.soularr.lock"
+
+source /opt/soularr/venv/bin/activate
+uv run python3 -u /opt/soularr/soularr.py --config-dir /opt/soularr 2>&1
 EOF
   chmod +x /opt/soularr/run.sh
   deactivate

install/sonarqube-install.sh

@@ -21,6 +21,7 @@ temp_file=$(mktemp)
 RELEASE=$(get_latest_github_release "SonarSource/sonarqube")
 curl -fsSL "https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${RELEASE}.zip" -o $temp_file
 unzip -q "$temp_file" -d /opt
+rm -f "$temp_file"
 mv /opt/sonarqube-* /opt/sonarqube
 $STD useradd -r -m -U -d /opt/sonarqube -s /bin/bash sonarqube
 chown -R sonarqube:sonarqube /opt/sonarqube

install/typesense-install.sh

@@ -1,28 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: tlissak
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://typesense.org/
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing TypeSense"
-RELEASE=$(curl -fsSL https://api.github.com/repos/typesense/typesense/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
-cd /opt
-curl -fsSL "https://dl.typesense.org/releases/${RELEASE}/typesense-server-${RELEASE}-amd64.deb" -o "/opt/typesense-server-${RELEASE}-amd64.deb"
-$STD apt install -y /opt/typesense-server-${RELEASE}-amd64.deb
-echo 'enable-cors = true' >>/etc/typesense/typesense-server.ini
-rm -rf /opt/typesense-server-${RELEASE}-amd64.deb
-echo "${RELEASE}" >"/opt/${APPLICATION}_version.txt"
-msg_ok "Installed TypeSense"
-
-motd_ssh
-customize
-cleanup_lxc

install/uhf-install.sh

@@ -15,7 +15,7 @@ update_os
 setup_hwaccel
 
 msg_info "Installing Dependencies"
-$STD apt install -y ffmpeg
+setup_ffmpeg
 msg_ok "Installed Dependencies"
 
 msg_info "Setting Up UHF Server Environment"

install/zerobyte-install.sh

@@ -18,6 +18,7 @@ echo "davfs2 davfs2/suid_file boolean false" | debconf-set-selections
 $STD apt-get install -y \
   bzip2 \
   fuse3 \
+  git \
   sshfs \
   davfs2 \
   openssh-client

misc/build.func

@@ -1054,7 +1054,7 @@ load_vars_file() {
 
   # Allowed var_* keys
   local VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu var_keyctl
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_keyctl
     var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
     var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
     var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain
@@ -1255,7 +1255,7 @@ default_var_settings() {
   # Allowed var_* keys (alphabetically sorted)
   # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
   local VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu var_keyctl
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_keyctl
     var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
     var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
     var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
@@ -1350,6 +1350,10 @@ var_verbose=no
 
 # Security (root PW) – empty => autologin
 # var_pw=
+
+# GitHub Personal Access Token (optional – avoids API rate limits during installs)
+# Create at https://github.com/settings/tokens – read-only public access is sufficient
+# var_github_token=ghp_your_token_here
 EOF
 
     # Now choose storages (always prompt unless just one exists)
@@ -1387,6 +1391,11 @@ EOF
     VERBOSE="no"
   fi
 
+  # 4) Map var_github_token → GITHUB_TOKEN (only if not already set in environment)
+  if [[ -z "${GITHUB_TOKEN:-}" && -n "${var_github_token:-}" ]]; then
+    export GITHUB_TOKEN="${var_github_token}"
+  fi
+
   # 4) Apply base settings and show summary
   METHOD="mydefaults-global"
   base_settings "$VERBOSE"
@@ -1419,7 +1428,7 @@ get_app_defaults_path() {
 if ! declare -p VAR_WHITELIST >/dev/null 2>&1; then
   # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
   declare -ag VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu
     var_gateway var_hostname var_ipv6_method var_mac var_mtu
     var_net var_ns var_os var_pw var_ram var_tags var_tun var_unprivileged
     var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
@@ -3604,8 +3613,6 @@ build_container() {
   fi
 
   # Build PCT_OPTIONS as string for export
-  TEMP_DIR=$(mktemp -d)
-  pushd "$TEMP_DIR" >/dev/null
   local _func_url
   if [ "$var_os" == "alpine" ]; then
     _func_url="https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/alpine-install.func"
@@ -4018,7 +4025,7 @@ EOF
 
     # Wait for IP assignment (IPv4 or IPv6)
     local ip_in_lxc=""
-    for i in {1..20}; do
+    for i in {1..60}; do
       # Try IPv4 first
       ip_in_lxc=$(pct exec "$CTID" -- ip -4 addr show dev eth0 2>/dev/null | awk '/inet / {print $2}' | cut -d/ -f1)
       # Fallback to IPv6 if IPv4 not available
@@ -4026,11 +4033,18 @@ EOF
         ip_in_lxc=$(pct exec "$CTID" -- ip -6 addr show dev eth0 scope global 2>/dev/null | awk '/inet6 / {print $2}' | cut -d/ -f1 | head -n1)
       fi
       [ -n "$ip_in_lxc" ] && break
-      sleep 1
+      # Progressive backoff: 1s for first 20, 2s for next 20, 3s for last 20
+      if [ "$i" -le 20 ]; then
+        sleep 1
+      elif [ "$i" -le 40 ]; then
+        sleep 2
+      else
+        sleep 3
+      fi
     done
 
     if [ -z "$ip_in_lxc" ]; then
-      msg_error "No IP assigned to CT $CTID after 20s"
+      msg_error "No IP assigned to CT $CTID after 60 attempts"
       msg_custom "🔧" "${YW}" "Troubleshooting:"
       echo "  • Verify bridge ${BRG} exists and has connectivity"
       echo "  • Check if DHCP server is reachable (if using DHCP)"
@@ -5261,9 +5275,10 @@ create_lxc_container() {
     exit 205
   }
   if qm status "$CTID" &>/dev/null || pct status "$CTID" &>/dev/null; then
-    unset CTID
-    msg_error "Cannot use ID that is already in use."
-    exit 206
+    msg_warn "Container/VM ID $CTID is already in use (detected late). Reassigning..."
+    CTID=$(get_valid_container_id "$((CTID + 1))")
+    export CTID
+    msg_ok "Reassigned to container ID $CTID"
   fi
 
   # Report installation start to API early - captures failures in storage/template/create
@@ -5739,30 +5754,77 @@ create_lxc_container() {
   if ! pct create "$CTID" "${TEMPLATE_STORAGE}:vztmpl/${TEMPLATE}" $PCT_OPTIONS >"$LOGFILE" 2>&1; then
     msg_debug "Container creation failed on ${TEMPLATE_STORAGE}. Checking error..."
 
-    # Check if template issue - retry with fresh download
-    if grep -qiE 'unable to open|corrupt|invalid' "$LOGFILE"; then
-      msg_info "Template may be corrupted – re-downloading"
-      rm -f "$TEMPLATE_PATH"
-      pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
-      msg_ok "Template re-downloaded"
-    fi
+    # Check if CTID collision (race condition: ID claimed between validation and creation)
+    if grep -qiE 'already exists|already in use' "$LOGFILE"; then
+      local old_ctid="$CTID"
+      CTID=$(get_valid_container_id "$((CTID + 1))")
+      export CTID
+      msg_warn "Container ID $old_ctid was claimed by another process. Retrying with ID $CTID"
+      LOGFILE="/tmp/pct_create_${CTID}_$(date +%Y%m%d_%H%M%S)_${SESSION_ID}.log"
+      if pct create "$CTID" "${TEMPLATE_STORAGE}:vztmpl/${TEMPLATE}" $PCT_OPTIONS >"$LOGFILE" 2>&1; then
+        msg_ok "Container successfully created with new ID $CTID"
+      else
+        msg_error "Container creation failed even with new ID $CTID. See $LOGFILE"
+        _flush_pct_log
+        exit 209
+      fi
+    else
+      # Not a CTID collision - check if template issue and retry with fresh download
+      if grep -qiE 'unable to open|corrupt|invalid' "$LOGFILE"; then
+        msg_info "Template may be corrupted – re-downloading"
+        rm -f "$TEMPLATE_PATH"
+        pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
+        msg_ok "Template re-downloaded"
+      fi
 
-    # Retry after repair
-    if ! pct create "$CTID" "${TEMPLATE_STORAGE}:vztmpl/${TEMPLATE}" $PCT_OPTIONS >>"$LOGFILE" 2>&1; then
-      # Fallback to local storage if not already on local
-      if [[ "$TEMPLATE_STORAGE" != "local" ]]; then
-        msg_info "Retrying container creation with fallback to local storage"
-        LOCAL_TEMPLATE_PATH="/var/lib/vz/template/cache/$TEMPLATE"
-        if [[ ! -f "$LOCAL_TEMPLATE_PATH" ]]; then
-          msg_ok "Trying local storage fallback"
-          msg_info "Downloading template to local"
-          pveam download local "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
-          msg_ok "Template downloaded to local"
+      # Retry after repair
+      if ! pct create "$CTID" "${TEMPLATE_STORAGE}:vztmpl/${TEMPLATE}" $PCT_OPTIONS >>"$LOGFILE" 2>&1; then
+        # Fallback to local storage if not already on local
+        if [[ "$TEMPLATE_STORAGE" != "local" ]]; then
+          msg_info "Retrying container creation with fallback to local storage"
+          LOCAL_TEMPLATE_PATH="/var/lib/vz/template/cache/$TEMPLATE"
+          if [[ ! -f "$LOCAL_TEMPLATE_PATH" ]]; then
+            msg_ok "Trying local storage fallback"
+            msg_info "Downloading template to local"
+            pveam download local "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
+            msg_ok "Template downloaded to local"
+          else
+            msg_ok "Trying local storage fallback"
+          fi
+          if ! pct create "$CTID" "local:vztmpl/${TEMPLATE}" $PCT_OPTIONS >>"$LOGFILE" 2>&1; then
+            # Local fallback also failed - check for LXC stack version issue
+            if grep -qiE 'unsupported .* version' "$LOGFILE"; then
+              msg_warn "pct reported 'unsupported version' – LXC stack might be too old for this template"
+              offer_lxc_stack_upgrade_and_maybe_retry "yes"
+              rc=$?
+              case $rc in
+              0) : ;; # success - container created, continue
+              2)
+                msg_error "Upgrade declined. Please update and re-run: apt update && apt install --only-upgrade pve-container lxc-pve"
+                _flush_pct_log
+                exit 231
+                ;;
+              3)
+                msg_error "Upgrade and/or retry failed. Please inspect: $LOGFILE"
+                _flush_pct_log
+                exit 231
+                ;;
+              esac
+            else
+              msg_error "Container creation failed. See $LOGFILE"
+              if whiptail --yesno "pct create failed.\nDo you want to enable verbose debug mode and view detailed logs?" 12 70; then
+                set -x
+                pct create "$CTID" "local:vztmpl/${TEMPLATE}" $PCT_OPTIONS 2>&1 | tee -a "$LOGFILE"
+                set +x
+              fi
+              _flush_pct_log
+              exit 209
+            fi
+          else
+            msg_ok "Container successfully created using local fallback."
+          fi
         else
-          msg_ok "Trying local storage fallback"
-        fi
-        if ! pct create "$CTID" "local:vztmpl/${TEMPLATE}" $PCT_OPTIONS >>"$LOGFILE" 2>&1; then
-          # Local fallback also failed - check for LXC stack version issue
+          # Already on local storage and still failed - check LXC stack version
           if grep -qiE 'unsupported .* version' "$LOGFILE"; then
             msg_warn "pct reported 'unsupported version' – LXC stack might be too old for this template"
             offer_lxc_stack_upgrade_and_maybe_retry "yes"
@@ -5790,50 +5852,28 @@ create_lxc_container() {
             _flush_pct_log
             exit 209
           fi
-        else
-          msg_ok "Container successfully created using local fallback."
         fi
       else
-        # Already on local storage and still failed - check LXC stack version
-        if grep -qiE 'unsupported .* version' "$LOGFILE"; then
-          msg_warn "pct reported 'unsupported version' – LXC stack might be too old for this template"
-          offer_lxc_stack_upgrade_and_maybe_retry "yes"
-          rc=$?
-          case $rc in
-          0) : ;; # success - container created, continue
-          2)
-            msg_error "Upgrade declined. Please update and re-run: apt update && apt install --only-upgrade pve-container lxc-pve"
-            _flush_pct_log
-            exit 231
-            ;;
-          3)
-            msg_error "Upgrade and/or retry failed. Please inspect: $LOGFILE"
-            _flush_pct_log
-            exit 231
-            ;;
-          esac
-        else
-          msg_error "Container creation failed. See $LOGFILE"
-          if whiptail --yesno "pct create failed.\nDo you want to enable verbose debug mode and view detailed logs?" 12 70; then
-            set -x
-            pct create "$CTID" "local:vztmpl/${TEMPLATE}" $PCT_OPTIONS 2>&1 | tee -a "$LOGFILE"
-            set +x
-          fi
-          _flush_pct_log
-          exit 209
-        fi
+        msg_ok "Container successfully created after template repair."
       fi
-    else
-      msg_ok "Container successfully created after template repair."
-    fi
+    fi # close CTID collision else-branch
   fi
 
-  # Verify container exists
-  pct list | awk '{print $1}' | grep -qx "$CTID" || {
-    msg_error "Container ID $CTID not listed in 'pct list'. See $LOGFILE"
+  # Verify container exists (allow up to 10s for pmxcfs sync in clusters)
+  local _pct_visible=false
+  for _pct_check in {1..10}; do
+    if pct list | awk '{print $1}' | grep -qx "$CTID"; then
+      _pct_visible=true
+      break
+    fi
+    sleep 1
+  done
+  if [[ "$_pct_visible" != true ]]; then
+    msg_error "Container ID $CTID not listed in 'pct list' after 10s. See $LOGFILE"
+    msg_custom "🔧" "${YW}" "This can happen in clusters with pmxcfs sync delays."
     _flush_pct_log
     exit 215
-  }
+  fi
 
   # Verify config rootfs
   grep -q '^rootfs:' "/etc/pve/lxc/$CTID.conf" || {
@@ -5873,6 +5913,12 @@ create_lxc_container() {
 # ------------------------------------------------------------------------------
 description() {
   IP=$(pct exec "$CTID" ip a s dev eth0 | awk '/inet / {print $2}' | cut -d/ -f1)
+  local script_slug script_url donate_url
+
+  script_slug="${SCRIPT_SLUG:-${NSAPP}}"
+  script_slug="$(echo "$script_slug" | tr '[:upper:]' '[:lower:]' | tr ' ' '-')"
+  script_url="https://community-scripts.org/scripts/${script_slug}"
+  donate_url="https://community-scripts.org/donate"
 
   # Generate LXC Description
   DESCRIPTION=$(
@@ -5885,8 +5931,14 @@ description() {
   <h2 style='font-size: 24px; margin: 20px 0;'>${APP} LXC</h2>
 
   <p style='margin: 16px 0;'>
-    <a href='https://ko-fi.com/community_scripts' target='_blank' rel='noopener noreferrer'>
-      <img src='https://img.shields.io/badge/&#x2615;-Buy us a coffee-blue' alt='spend Coffee' />
+    <a href='${donate_url}' target='_blank' rel='noopener noreferrer'>
+      <img src='https://img.shields.io/badge/❤️-Sponsoring%20%26%20Donations-FF5E5B' alt='Sponsoring and donations' />
+    </a>
+  </p>
+
+  <p style='margin: 12px 0;'>
+    <a href='${script_url}' target='_blank' rel='noopener noreferrer'>
+      <img src='https://img.shields.io/badge/📦-Open%20Script%20Page-00617f' alt='Open script page' />
     </a>
   </p>
 

misc/tools.func

@@ -1117,15 +1117,87 @@ is_package_installed() {
   fi
 }
 
+# ------------------------------------------------------------------------------
+# validate_github_token()
+# Checks a GitHub token via the /user endpoint.
+# Prints a status message and returns:
+#   0 - token is valid
+#   1 - token is invalid / expired (HTTP 401)
+#   2 - token has no public repo scope (HTTP 200 but missing scope)
+#   3 - network/API error
+# Also reports expiry date if the token carries an x-oauth-expiry header.
+# ------------------------------------------------------------------------------
+validate_github_token() {
+  local token="${1:-${GITHUB_TOKEN:-}}"
+  [[ -z "$token" ]] && return 3
+
+  local response headers http_code expiry_date scopes
+  headers=$(mktemp)
+  response=$(curl -sSL -w "%{http_code}" \
+    -D "$headers" \
+    -o /dev/null \
+    -H "Authorization: Bearer $token" \
+    -H "Accept: application/vnd.github+json" \
+    -H "X-GitHub-Api-Version: 2022-11-28" \
+    "https://api.github.com/user" 2>/dev/null) || { rm -f "$headers"; return 3; }
+  http_code="$response"
+
+  # Read expiry header (fine-grained PATs carry this)
+  expiry_date=$(grep -i '^github-authentication-token-expiration:' "$headers" \
+    | sed 's/.*: *//' | tr -d '\r\n' || true)
+  # Read token scopes (classic PATs)
+  scopes=$(grep -i '^x-oauth-scopes:' "$headers" \
+    | sed 's/.*: *//' | tr -d '\r\n' || true)
+  rm -f "$headers"
+
+  case "$http_code" in
+    200)
+      if [[ -n "$expiry_date" ]]; then
+        msg_ok "GitHub token is valid (expires: $expiry_date)."
+      else
+        msg_ok "GitHub token is valid (no expiry / fine-grained PAT)."
+      fi
+      # Warn if classic PAT has no public_repo scope
+      if [[ -n "$scopes" && "$scopes" != *"public_repo"* && "$scopes" != *"repo"* ]]; then
+        msg_warn "Token has no 'public_repo' scope - private repos and some release APIs may fail."
+        return 2
+      fi
+      return 0
+      ;;
+    401)
+      msg_error "GitHub token is invalid or expired (HTTP 401)."
+      return 1
+      ;;
+    *)
+      msg_warn "GitHub token validation returned HTTP $http_code - treating as valid."
+      return 0
+      ;;
+  esac
+}
+
 # ------------------------------------------------------------------------------
 # Prompt user to enter a GitHub Personal Access Token (PAT) interactively
 # Returns 0 if a valid token was provided, 1 otherwise
 # ------------------------------------------------------------------------------
 prompt_for_github_token() {
   if [[ ! -t 0 ]]; then
+    # Non-interactive: pick up var_github_token if set (from default.vars / app.vars / env)
+    if [[ -z "${GITHUB_TOKEN:-}" && -n "${var_github_token:-}" ]]; then
+      export GITHUB_TOKEN="${var_github_token}"
+      msg_ok "GitHub token loaded from var_github_token."
+      return 0
+    fi
     return 1
   fi
 
+  # Prefer var_github_token when already set and no interactive override needed
+  if [[ -z "${GITHUB_TOKEN:-}" && -n "${var_github_token:-}" ]]; then
+    export GITHUB_TOKEN="${var_github_token}"
+    msg_ok "GitHub token loaded from var_github_token."
+    validate_github_token || true
+    return 0
+  fi
+
   local reply
   read -rp "${TAB}Would you like to enter a GitHub Personal Access Token (PAT)? [y/N]: " reply
   reply="${reply:-n}"
@@ -1147,10 +1219,16 @@ prompt_for_github_token() {
       msg_warn "Token must not contain spaces. Please try again."
       continue
     fi
-    break
+    # Validate before accepting
+    export GITHUB_TOKEN="$token"
+    if validate_github_token "$token"; then
+      break
+    else
+      msg_warn "Please enter a valid token, or press Ctrl+C to abort."
+      unset GITHUB_TOKEN
+    fi
   done
 
-  export GITHUB_TOKEN="$token"
   msg_ok "GitHub token has been set."
   return 0
 }
@@ -2860,7 +2938,7 @@ function fetch_and_deploy_codeberg_release() {
 
   while ((attempt < ${#api_timeouts[@]})); do
     resp=$(curl --connect-timeout 10 --max-time "${api_timeouts[$attempt]}" -fsSL -w "%{http_code}" -o /tmp/codeberg_rel.json "$api_url") && success=true && break
-    ((attempt++))
+    attempt=$((attempt + 1))
     if ((attempt < ${#api_timeouts[@]})); then
       msg_warn "API request timed out after ${api_timeouts[$((attempt - 1))]}s, retrying... (attempt $((attempt + 1))/${#api_timeouts[@]})"
     fi
@@ -3370,7 +3448,8 @@ function fetch_and_deploy_gh_release() {
         if prompt_for_github_token; then
           header=(-H "Authorization: token $GITHUB_TOKEN")
           retry_delay=2
-          attempt=0
+          attempt=1
+          continue
         fi
       fi
     else

misc/vm-core.func

@@ -577,6 +577,13 @@ check_hostname_conflict() {
 }
 
 set_description() {
+  local app_name script_slug script_url donate_url
+  app_name=$(echo "${APP,,}" | tr ' ' '-')
+  script_slug="${SCRIPT_SLUG:-${app_name}}"
+  script_slug="$(echo "$script_slug" | tr '[:upper:]' '[:lower:]' | tr ' ' '-')"
+  script_url="https://community-scripts.org/scripts/${script_slug}"
+  donate_url="https://community-scripts.org/donate"
+
   DESCRIPTION=$(
     cat <<EOF
 <div align='center'>
@@ -587,8 +594,14 @@ set_description() {
   <h2 style='font-size: 24px; margin: 20px 0;'>${NSAPP} VM</h2>
 
   <p style='margin: 16px 0;'>
-    <a href='https://ko-fi.com/community_scripts' target='_blank' rel='noopener noreferrer'>
-      <img src='https://img.shields.io/badge/&#x2615;-Buy us a coffee-blue' alt='spend Coffee' />
+    <a href='${donate_url}' target='_blank' rel='noopener noreferrer'>
+      <img src='https://img.shields.io/badge/❤️-Sponsoring%20%26%20Donations-FF5E5B' alt='Sponsoring and donations' />
+    </a>
+  </p>
+
+  <p style='margin: 12px 0;'>
+    <a href='${script_url}' target='_blank' rel='noopener noreferrer'>
+      <img src='https://img.shields.io/badge/📦-Open%20Script%20Page-00617f' alt='Open script page' />
     </a>
   </p>
 

tools/addon/filebrowser-quantum.sh

@@ -43,6 +43,21 @@ IP=$(ip -4 addr show "$IFACE" | awk '/inet / {print $2}' | cut -d/ -f1 | head -n
 [[ -z "$IP" ]] && IP=$(hostname -I | awk '{print $1}')
 [[ -z "$IP" ]] && IP="127.0.0.1"
 
+# Proxmox Host Warning
+if [[ -d "/etc/pve" ]]; then
+  echo -e "${RD}⚠️  Warning: Running this addon directly on the Proxmox host is not recommended!${CL}"
+  echo -e "${YW}   Only the boot disk will be visible — passthrough drives will not be indexed.${CL}"
+  echo -e "${YW}   This causes incorrect disk usage stats and incomplete file browsing.${CL}"
+  echo -e "${YW}   Run this addon inside an LXC or VM instead and mount your drives there.${CL}"
+  echo ""
+  echo -n "Continue anyway on the Proxmox host? (y/N): "
+  read -r host_confirm
+  if [[ ! "${host_confirm,,}" =~ ^(y|yes)$ ]]; then
+    echo -e "${YW}Aborted.${CL}"
+    exit 0
+  fi
+fi
+
 # OS Detection
 if [[ -f "/etc/alpine-release" ]]; then
   OS="Alpine"

tools/addon/filebrowser.sh

@@ -41,6 +41,21 @@ IP=$(ip -4 addr show "$IFACE" | awk '/inet / {print $2}' | cut -d/ -f1 | head -n
 [[ -z "$IP" ]] && IP=$(hostname -I | awk '{print $1}')
 [[ -z "$IP" ]] && IP="127.0.0.1"
 
+# Proxmox Host Warning
+if [[ -d "/etc/pve" ]]; then
+  echo -e "${RD}⚠️  Warning: Running this addon directly on the Proxmox host is not recommended!${CL}"
+  echo -e "${YW}   Only the boot disk will be visible — passthrough drives will not be indexed.${CL}"
+  echo -e "${YW}   This causes incorrect disk usage stats and incomplete file browsing.${CL}"
+  echo -e "${YW}   Run this addon inside an LXC or VM instead and mount your drives there.${CL}"
+  echo ""
+  echo -n "Continue anyway on the Proxmox host? (y/N): "
+  read -r host_confirm
+  if [[ ! "${host_confirm,,}" =~ ^(y|yes)$ ]]; then
+    echo -e "${YW}Aborted.${CL}"
+    exit 0
+  fi
+fi
+
 # Detect OS
 if [[ -f "/etc/alpine-release" ]]; then
   OS="Alpine"

vm/opnsense-vm.sh

@@ -24,7 +24,7 @@ RANDOM_UUID="$(cat /proc/sys/kernel/random/uuid)"
 METHOD=""
 NSAPP="opnsense-vm"
 var_os="opnsense"
-var_version="25.7"
+var_version="26.1"
 #
 GEN_MAC=02:$(openssl rand -hex 5 | awk '{print toupper($0)}' | sed 's/\(..\)/\1:/g; s/.$//')
 GEN_MAC_LAN=02:$(openssl rand -hex 5 | awk '{print toupper($0)}' | sed 's/\(..\)/\1:/g; s/.$//')
@@ -317,7 +317,7 @@ function default_settings() {
 
   # Determine available network modes based on bridge count
   local DEFAULT_WAN_BRG
-  DEFAULT_WAN_BRG=$(echo "$AVAILABLE_BRIDGES" | grep -v "^${BRG}$" | head -n1)
+  DEFAULT_WAN_BRG=$(echo "$AVAILABLE_BRIDGES" | grep -v "^${BRG}$" | head -n1 || true)
 
   if [ "$BRIDGE_COUNT" -ge 2 ]; then
     # Multiple bridges available - offer dual or single mode
@@ -509,7 +509,7 @@ function advanced_settings() {
 
   # Build WAN bridge selection from available bridges (excluding LAN bridge)
   local WAN_BRIDGES
-  WAN_BRIDGES=$(get_available_bridges | grep -v "^${BRG}$")
+  WAN_BRIDGES=$(get_available_bridges | grep -v "^${BRG}$" || true)
   if [ -z "$WAN_BRIDGES" ]; then
     msg_error "No additional bridge available for WAN. Only '${BRG}' exists."
     msg_error "Create a second bridge (e.g. vmbr1) in Proxmox network config first."
@@ -738,8 +738,8 @@ done
 msg_info "Creating a OPNsense VM"
 qm create $VMID -agent 1${MACHINE} -tablet 0 -localtime 1 -bios ovmf${CPU_TYPE} -cores $CORE_COUNT -memory $RAM_SIZE \
   -name $HN -tags community-script -net0 virtio,bridge=$BRG,macaddr=$MAC$VLAN$MTU -onboot 1 -ostype l26 -scsihw virtio-scsi-pci
-pvesm alloc $STORAGE $VMID $DISK0 4M 1>&/dev/null
-qm importdisk $VMID ${FILE} $STORAGE ${DISK_IMPORT:-} 1>&/dev/null
+pvesm alloc $STORAGE $VMID $DISK0 4M &>/dev/null
+qm importdisk $VMID ${FILE} $STORAGE ${DISK_IMPORT:-} &>/dev/null
 qm set $VMID \
   -efidisk0 ${DISK0_REF}${FORMAT} \
   -scsi0 ${DISK1_REF},${DISK_CACHE}${THIN}size=2G \
@@ -797,7 +797,7 @@ if [ -n "$WAN_BRG" ]; then
   msg_ok "WAN interface added"
   sleep 5 # Brief pause after adding network interface
 fi
-send_line_to_vm "sh ./opnsense-bootstrap.sh.in -y -f -r 25.7"
+send_line_to_vm "sh ./opnsense-bootstrap.sh.in -y -f -r 26.1"
 msg_ok "OPNsense VM is being installed, do not close the terminal, or the installation will fail."
 #We need to wait for the OPNsense build proccess to finish, this takes a few minutes
 sleep 1000