fix(plex): restart service after update to apply new version

After apt install updates the plexmediaserver package, the running
service needs an explicit restart so the new version is loaded.
Without this, users see the update succeed but Plex still shows
the old version in the web interface.

Ref #12993

CHANGELOG.md

@@ -423,6 +423,30 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 </details>
 
+## 2026-03-17
+
+## 2026-03-16
+
+### 🆕 New Scripts
+
+  - Gluetun ([#12976](https://github.com/community-scripts/ProxmoxVE/pull/12976))
+- Anytype-Server ([#12974](https://github.com/community-scripts/ProxmoxVE/pull/12974))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Immich: use gcc-13 for compilation & add uv python pre-install with retry logic [@MickLesk](https://github.com/MickLesk) ([#12935](https://github.com/community-scripts/ProxmoxVE/pull/12935))
+    - Tautulli: add setuptools<81 constraint to update script [@MickLesk](https://github.com/MickLesk) ([#12959](https://github.com/community-scripts/ProxmoxVE/pull/12959))
+    - Seerr: add missing build deps [@MickLesk](https://github.com/MickLesk) ([#12960](https://github.com/community-scripts/ProxmoxVE/pull/12960))
+    - fix: yubal update [@CrazyWolf13](https://github.com/CrazyWolf13) ([#12961](https://github.com/community-scripts/ProxmoxVE/pull/12961))
+
+### 💾 Core
+
+  - #### 🐞 Bug Fixes
+
+    - hwaccel: remove ROCm install from AMD APU setup [@MickLesk](https://github.com/MickLesk) ([#12958](https://github.com/community-scripts/ProxmoxVE/pull/12958))
+
 ## 2026-03-15
 
 ### 🆕 New Scripts

ct/anytype-server.sh

@@ -0,0 +1,67 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://anytype.io
+
+APP="Anytype-Server"
+var_tags="${var_tags:-notes;productivity;sync}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-4096}"
+var_disk="${var_disk:-16}"
+var_os="${var_os:-ubuntu}"
+var_version="${var_version:-24.04}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -f /opt/anytype/any-sync-bundle ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "anytype" "grishy/any-sync-bundle"; then
+    msg_info "Stopping Service"
+    systemctl stop anytype
+    msg_ok "Stopped Service"
+
+    msg_info "Backing up Data"
+    cp -r /opt/anytype/data /opt/anytype_data_backup
+    msg_ok "Backed up Data"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "anytype" "grishy/any-sync-bundle" "prebuild" "latest" "/opt/anytype" "any-sync-bundle_*_linux_amd64.tar.gz"
+    chmod +x /opt/anytype/any-sync-bundle
+
+    msg_info "Restoring Data"
+    cp -r /opt/anytype_data_backup/. /opt/anytype/data
+    rm -rf /opt/anytype_data_backup
+    msg_ok "Restored Data"
+
+    msg_info "Starting Service"
+    systemctl start anytype
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:33010${CL}"
+echo -e "${INFO}${YW} Client config file:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}/opt/anytype/data/client-config.yml${CL}"

ct/gluetun.sh

@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/qdm12/gluetun
+
+APP="Gluetun"
+var_tags="${var_tags:-vpn;wireguard;openvpn}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-2048}"
+var_disk="${var_disk:-8}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+var_tun="${var_tun:-yes}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -f /usr/local/bin/gluetun ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "gluetun" "qdm12/gluetun"; then
+    msg_info "Stopping Service"
+    systemctl stop gluetun
+    msg_ok "Stopped Service"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "gluetun" "qdm12/gluetun" "tarball"
+
+    msg_info "Building Gluetun"
+    cd /opt/gluetun
+    $STD go mod download
+    CGO_ENABLED=0 $STD go build -trimpath -ldflags="-s -w" -o /usr/local/bin/gluetun ./cmd/gluetun/
+    msg_ok "Built Gluetun"
+
+    msg_info "Starting Service"
+    systemctl start gluetun
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8000${CL}"

ct/headers/anytype-server

@@ -0,0 +1,6 @@
+    ___                __                        _____                          
+   /   |  ____  __  __/ /___  ______  ___       / ___/___  ______   _____  _____
+  / /| | / __ \/ / / / __/ / / / __ \/ _ \______\__ \/ _ \/ ___/ | / / _ \/ ___/
+ / ___ |/ / / / /_/ / /_/ /_/ / /_/ /  __/_____/__/ /  __/ /   | |/ /  __/ /    
+/_/  |_/_/ /_/\__, /\__/\__, / .___/\___/     /____/\___/_/    |___/\___/_/     
+             /____/    /____/_/                                                 

ct/headers/gluetun

@@ -0,0 +1,6 @@
+   ________           __            
+  / ____/ /_  _____  / /___  ______ 
+ / / __/ / / / / _ \/ __/ / / / __ \
+/ /_/ / / /_/ /  __/ /_/ /_/ / / / /
+\____/_/\__,_/\___/\__/\__,_/_/ /_/ 
+                                    

ct/immich.sh

@@ -76,7 +76,7 @@ EOF
   SOURCE_DIR=${STAGING_DIR}/image-source
   cd /tmp
   if [[ -f ~/.intel_version ]]; then
-    curl -fsSLO https://raw.githubusercontent.com/immich-app/immich/refs/heads/main/machine-learning/Dockerfile
+    curl_with_retry "https://raw.githubusercontent.com/immich-app/immich/refs/heads/main/machine-learning/Dockerfile" "Dockerfile"
     readarray -t INTEL_URLS < <(
       sed -n "/intel-[igc|opencl]/p" ./Dockerfile | awk '{print $3}'
       sed -n "/libigdgmm12/p" ./Dockerfile | awk '{print $3}'
@@ -85,7 +85,7 @@ EOF
     if [[ "$INTEL_RELEASE" != "$(cat ~/.intel_version)" ]]; then
       msg_info "Updating Intel iGPU dependencies"
       for url in "${INTEL_URLS[@]}"; do
-        curl -fsSLO "$url"
+        curl_with_retry "$url" "$(basename "$url")"
       done
       $STD apt-mark unhold libigdgmm12
       $STD apt install -y --allow-downgrades ./libigdgmm12*.deb
@@ -133,7 +133,7 @@ EOF
       $STD sudo -u postgres psql -d immich -c "REINDEX INDEX face_index;"
       $STD sudo -u postgres psql -d immich -c "REINDEX INDEX clip_index;"
     fi
-    ensure_dependencies ccache
+    ensure_dependencies ccache gcc-13 g++-13
 
     INSTALL_DIR="/opt/${APP}"
     UPLOAD_DIR="$(sed -n '/^IMMICH_MEDIA_LOCATION/s/[^=]*=//p' /opt/immich/.env)"
@@ -166,7 +166,7 @@ EOF
 
     setup_uv
     CLEAN_INSTALL=1 fetch_and_deploy_gh_release "Immich" "immich-app/immich" "tarball" "${RELEASE}" "$SRC_DIR"
-    PNPM_VERSION="$(jq -r '.packageManager | split("@")[1]' ${SRC_DIR}/package.json)"
+    PNPM_VERSION="$(jq -r '.packageManager | split("@")[1] | split("+")[0]' ${SRC_DIR}/package.json)"
     NODE_VERSION="24" NODE_MODULE="pnpm@${PNPM_VERSION}" setup_nodejs
 
     msg_info "Updating Immich web and microservices"
@@ -217,15 +217,36 @@ EOF
     chown -R immich:immich "$INSTALL_DIR"
     chown immich:immich ./uv.lock
     export VIRTUAL_ENV="${ML_DIR}"/ml-venv
+    export UV_HTTP_TIMEOUT=300
     if [[ -f ~/.openvino ]]; then
+      ML_PYTHON="python3.13"
+      msg_info "Pre-installing Python ${ML_PYTHON} for machine-learning"
+      for attempt in $(seq 1 3); do
+        $STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv python install "${ML_PYTHON}" && break
+        [[ $attempt -lt 3 ]] && msg_warn "Python download attempt $attempt failed, retrying..." && sleep 5
+      done
+      msg_ok "Pre-installed Python ${ML_PYTHON}"
       msg_info "Updating HW-accelerated machine-learning"
-      $STD uv add --no-sync --optional openvino onnxruntime-openvino==1.24.1 --active -n -p python3.13 --managed-python
-      $STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv sync --extra openvino --no-dev --active --link-mode copy -n -p python3.13 --managed-python
+      $STD uv add --no-sync --optional openvino onnxruntime-openvino==1.24.1 --active -n -p "${ML_PYTHON}" --managed-python
+      for attempt in $(seq 1 3); do
+        $STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -nu immich uv sync --extra openvino --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
+        [[ $attempt -lt 3 ]] && msg_warn "uv sync attempt $attempt failed, retrying..." && sleep 10
+      done
       patchelf --clear-execstack "${VIRTUAL_ENV}/lib/python3.13/site-packages/onnxruntime/capi/onnxruntime_pybind11_state.cpython-313-x86_64-linux-gnu.so"
       msg_ok "Updated HW-accelerated machine-learning"
     else
+      ML_PYTHON="python3.11"
+      msg_info "Pre-installing Python ${ML_PYTHON} for machine-learning"
+      for attempt in $(seq 1 3); do
+        $STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv python install "${ML_PYTHON}" && break
+        [[ $attempt -lt 3 ]] && msg_warn "Python download attempt $attempt failed, retrying..." && sleep 5
+      done
+      msg_ok "Pre-installed Python ${ML_PYTHON}"
       msg_info "Updating machine-learning"
-      $STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv sync --extra cpu --no-dev --active --link-mode copy -n -p python3.11 --managed-python
+      for attempt in $(seq 1 3); do
+        $STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -nu immich uv sync --extra cpu --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
+        [[ $attempt -lt 3 ]] && msg_warn "uv sync attempt $attempt failed, retrying..." && sleep 10
+      done
       msg_ok "Updated machine-learning"
     fi
     cd "$SRC_DIR"

ct/plex.sh

@@ -79,6 +79,11 @@ function update_script() {
   $STD apt update
   $STD apt install -y plexmediaserver
   msg_ok "Updated Plex Media Server"
+
+  msg_info "Restarting Plex Media Server"
+  systemctl restart plexmediaserver
+  msg_ok "Restarted Plex Media Server"
+
   msg_ok "Updated successfully!"
   exit
 }

ct/seerr.sh

@@ -128,6 +128,8 @@ EOF
 
     CLEAN_INSTALL=1 fetch_and_deploy_gh_release "seerr" "seerr-team/seerr" "tarball"
 
+    ensure_dependencies build-essential python3-setuptools
+
     msg_info "Updating PNPM Version"
     pnpm_desired=$(grep -Po '"pnpm":\s*"\K[^"]+' /opt/seerr/package.json)
     NODE_VERSION="22" NODE_MODULE="pnpm@$pnpm_desired" setup_nodejs

ct/tautulli.sh

@@ -51,6 +51,7 @@ function update_script() {
     $STD source /opt/Tautulli/.venv/bin/activate
     $STD uv pip install -r requirements.txt
     $STD uv pip install pyopenssl
+    $STD uv pip install "setuptools<81"
     msg_ok "Updated Tautulli"
 
     msg_info "Restoring config and database"

ct/yubal.sh

@@ -47,7 +47,7 @@ function update_script() {
 
     msg_info "Installing Python Dependencies"
     cd /opt/yubal
-    $STD uv sync --no-dev --frozen
+    $STD uv sync --package yubal-api --no-dev --frozen
     msg_ok "Installed Python Dependencies"
 
     msg_info "Starting Services"

install/anytype-server-install.sh

@@ -0,0 +1,81 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://anytype.io
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+setup_mongodb
+
+msg_info "Configuring MongoDB Replica Set"
+cat <<EOF >>/etc/mongod.conf
+
+replication:
+  replSetName: "rs0"
+EOF
+systemctl restart mongod
+sleep 3
+$STD mongosh --eval 'rs.initiate({_id: "rs0", members: [{_id: 0, host: "127.0.0.1:27017"}]})'
+msg_ok "Configured MongoDB Replica Set"
+
+msg_info "Installing Redis Stack"
+setup_deb822_repo \
+  "redis-stack" \
+  "https://packages.redis.io/gpg" \
+  "https://packages.redis.io/deb" \
+  "jammy" \
+  "main"
+$STD apt install -y redis-stack-server
+systemctl enable -q --now redis-stack-server
+msg_ok "Installed Redis Stack"
+
+fetch_and_deploy_gh_release "anytype" "grishy/any-sync-bundle" "prebuild" "latest" "/opt/anytype" "any-sync-bundle_*_linux_amd64.tar.gz"
+chmod +x /opt/anytype/any-sync-bundle
+
+msg_info "Configuring Anytype"
+mkdir -p /opt/anytype/data/storage
+cat <<EOF >/opt/anytype/.env
+ANY_SYNC_BUNDLE_CONFIG=/opt/anytype/data/bundle-config.yml
+ANY_SYNC_BUNDLE_CLIENT_CONFIG=/opt/anytype/data/client-config.yml
+ANY_SYNC_BUNDLE_INIT_STORAGE=/opt/anytype/data/storage/
+ANY_SYNC_BUNDLE_INIT_EXTERNAL_ADDRS=${LOCAL_IP}
+ANY_SYNC_BUNDLE_INIT_MONGO_URI=mongodb://127.0.0.1:27017/
+ANY_SYNC_BUNDLE_INIT_REDIS_URI=redis://127.0.0.1:6379/
+ANY_SYNC_BUNDLE_LOG_LEVEL=info
+EOF
+msg_ok "Configured Anytype"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/anytype.service
+[Unit]
+Description=Anytype Sync Server (any-sync-bundle)
+After=network-online.target mongod.service redis-stack-server.service
+Wants=network-online.target
+Requires=mongod.service redis-stack-server.service
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/opt/anytype
+EnvironmentFile=/opt/anytype/.env
+ExecStart=/opt/anytype/any-sync-bundle start-bundle
+Restart=on-failure
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now anytype
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc

install/gluetun-install.sh

@@ -0,0 +1,92 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/qdm12/gluetun
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  openvpn \
+  wireguard-tools \
+  iptables
+msg_ok "Installed Dependencies"
+
+msg_info "Configuring iptables"
+$STD update-alternatives --set iptables /usr/sbin/iptables-legacy
+$STD update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
+ln -sf /usr/sbin/openvpn /usr/sbin/openvpn2.6
+msg_ok "Configured iptables"
+
+setup_go
+
+fetch_and_deploy_gh_release "gluetun" "qdm12/gluetun" "tarball"
+
+msg_info "Building Gluetun"
+cd /opt/gluetun
+$STD go mod download
+CGO_ENABLED=0 $STD go build -trimpath -ldflags="-s -w" -o /usr/local/bin/gluetun ./cmd/gluetun/
+msg_ok "Built Gluetun"
+
+msg_info "Configuring Gluetun"
+mkdir -p /opt/gluetun-data
+touch /etc/alpine-release
+ln -sf /opt/gluetun-data /gluetun
+cat <<EOF >/opt/gluetun-data/.env
+VPN_SERVICE_PROVIDER=custom
+VPN_TYPE=openvpn
+OPENVPN_CUSTOM_CONFIG=/opt/gluetun-data/custom.ovpn
+OPENVPN_USER=
+OPENVPN_PASSWORD=
+HTTP_CONTROL_SERVER_ADDRESS=:8000
+HTTPPROXY=off
+SHADOWSOCKS=off
+PPROF_ENABLED=no
+PPROF_BLOCK_PROFILE_RATE=0
+PPROF_MUTEX_PROFILE_RATE=0
+PPROF_HTTP_SERVER_ADDRESS=:6060
+FIREWALL_ENABLED_DISABLING_IT_SHOOTS_YOU_IN_YOUR_FOOT=on
+HEALTH_SERVER_ADDRESS=127.0.0.1:9999
+DNS_UPSTREAM_RESOLVERS=cloudflare
+LOG_LEVEL=info
+STORAGE_FILEPATH=/gluetun/servers.json
+PUBLICIP_FILE=/gluetun/ip
+VPN_PORT_FORWARDING_STATUS_FILE=/gluetun/forwarded_port
+TZ=UTC
+EOF
+msg_ok "Configured Gluetun"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/gluetun.service
+[Unit]
+Description=Gluetun VPN Client
+After=network.target
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/opt/gluetun-data
+EnvironmentFile=/opt/gluetun-data/.env
+UnsetEnvironment=USER
+ExecStart=/usr/local/bin/gluetun
+Restart=on-failure
+RestartSec=5
+AmbientCapabilities=CAP_NET_ADMIN
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now gluetun
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc

install/immich-install.sh

@@ -32,13 +32,13 @@ if [ -d /dev/dri ]; then
     $STD apt install -y --no-install-recommends patchelf
     tmp_dir=$(mktemp -d)
     $STD pushd "$tmp_dir"
-    curl -fsSLO https://raw.githubusercontent.com/immich-app/immich/refs/heads/main/machine-learning/Dockerfile
+    curl_with_retry "https://raw.githubusercontent.com/immich-app/immich/refs/heads/main/machine-learning/Dockerfile" "Dockerfile"
     readarray -t INTEL_URLS < <(
       sed -n "/intel-[igc|opencl]/p" ./Dockerfile | awk '{print $3}'
       sed -n "/libigdgmm12/p" ./Dockerfile | awk '{print $3}'
     )
     for url in "${INTEL_URLS[@]}"; do
-      curl -fsSLO "$url"
+      curl_with_retry "$url" "$(basename "$url")"
     done
     $STD apt install -y ./libigdgmm12*.deb
     rm ./libigdgmm12*.deb
@@ -154,6 +154,10 @@ sed -i "s/^#shared_preload.*/shared_preload_libraries = 'vchord.so'/" /etc/postg
 systemctl restart postgresql.service
 PG_DB_NAME="immich" PG_DB_USER="immich" PG_DB_GRANT_SUPERUSER="true" PG_DB_SKIP_ALTER_ROLE="true" setup_postgresql_db
 
+msg_info "Installing GCC-13 (available as fallback compiler)"
+$STD apt install -y gcc-13 g++-13
+msg_ok "Installed GCC-13"
+
 msg_warn "Compiling Custom Photo-processing Libraries (can take anywhere from 15min to 2h)"
 LD_LIBRARY_PATH=/usr/local/lib
 export LD_RUN_PATH=/usr/local/lib
@@ -290,7 +294,7 @@ GEO_DIR="${INSTALL_DIR}/geodata"
 mkdir -p {"${APP_DIR}","${UPLOAD_DIR}","${GEO_DIR}","${INSTALL_DIR}"/cache}
 
 fetch_and_deploy_gh_release "Immich" "immich-app/immich" "tarball" "v2.5.6" "$SRC_DIR"
-PNPM_VERSION="$(jq -r '.packageManager | split("@")[1]' ${SRC_DIR}/package.json)"
+PNPM_VERSION="$(jq -r '.packageManager | split("@")[1] | split("+")[0]' ${SRC_DIR}/package.json)"
 NODE_VERSION="24" NODE_MODULE="pnpm@${PNPM_VERSION}" setup_nodejs
 
 msg_info "Installing Immich (patience)"
@@ -340,15 +344,36 @@ cd "$SRC_DIR"/machine-learning
 $STD useradd -U -s /usr/sbin/nologin -r -M -d "$INSTALL_DIR" immich
 mkdir -p "$ML_DIR" && chown -R immich:immich "$INSTALL_DIR"
 export VIRTUAL_ENV="${ML_DIR}/ml-venv"
+export UV_HTTP_TIMEOUT=300
 if [[ -f ~/.openvino ]]; then
+  ML_PYTHON="python3.13"
+  msg_info "Pre-installing Python ${ML_PYTHON} for machine-learning"
+  for attempt in $(seq 1 3); do
+    $STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv python install "${ML_PYTHON}" && break
+    [[ $attempt -lt 3 ]] && msg_warn "Python download attempt $attempt failed, retrying..." && sleep 5
+  done
+  msg_ok "Pre-installed Python ${ML_PYTHON}"
   msg_info "Installing HW-accelerated machine-learning"
-  $STD uv add --no-sync --optional openvino onnxruntime-openvino==1.24.1 --active -n -p python3.13 --managed-python
-  $STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv sync --extra openvino --no-dev --active --link-mode copy -n -p python3.13 --managed-python
+  $STD uv add --no-sync --optional openvino onnxruntime-openvino==1.24.1 --active -n -p "${ML_PYTHON}" --managed-python
+  for attempt in $(seq 1 3); do
+    $STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -nu immich uv sync --extra openvino --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
+    [[ $attempt -lt 3 ]] && msg_warn "uv sync attempt $attempt failed, retrying..." && sleep 10
+  done
   patchelf --clear-execstack "${VIRTUAL_ENV}/lib/python3.13/site-packages/onnxruntime/capi/onnxruntime_pybind11_state.cpython-313-x86_64-linux-gnu.so"
   msg_ok "Installed HW-accelerated machine-learning"
 else
+  ML_PYTHON="python3.11"
+  msg_info "Pre-installing Python ${ML_PYTHON} for machine-learning"
+  for attempt in $(seq 1 3); do
+    $STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv python install "${ML_PYTHON}" && break
+    [[ $attempt -lt 3 ]] && msg_warn "Python download attempt $attempt failed, retrying..." && sleep 5
+  done
+  msg_ok "Pre-installed Python ${ML_PYTHON}"
   msg_info "Installing machine-learning"
-  $STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv sync --extra cpu --no-dev --active --link-mode copy -n -p python3.11 --managed-python
+  for attempt in $(seq 1 3); do
+    $STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -nu immich uv sync --extra cpu --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
+    [[ $attempt -lt 3 ]] && msg_warn "uv sync attempt $attempt failed, retrying..." && sleep 10
+  done
   msg_ok "Installed machine-learning"
 fi
 cd "$SRC_DIR"
@@ -365,10 +390,10 @@ ln -s "$UPLOAD_DIR" "$ML_DIR"/upload
 
 msg_info "Installing GeoNames data"
 cd "$GEO_DIR"
-curl -fsSLZ -O "https://download.geonames.org/export/dump/admin1CodesASCII.txt" \
-  -O "https://download.geonames.org/export/dump/admin2Codes.txt" \
-  -O "https://download.geonames.org/export/dump/cities500.zip" \
-  -O "https://raw.githubusercontent.com/nvkelso/natural-earth-vector/v5.1.2/geojson/ne_10m_admin_0_countries.geojson"
+curl_with_retry "https://download.geonames.org/export/dump/admin1CodesASCII.txt" "admin1CodesASCII.txt"
+curl_with_retry "https://download.geonames.org/export/dump/admin2Codes.txt" "admin2Codes.txt"
+curl_with_retry "https://download.geonames.org/export/dump/cities500.zip" "cities500.zip"
+curl_with_retry "https://raw.githubusercontent.com/nvkelso/natural-earth-vector/v5.1.2/geojson/ne_10m_admin_0_countries.geojson" "ne_10m_admin_0_countries.geojson"
 unzip -q cities500.zip
 date --iso-8601=seconds | tr -d "\n" >geodata-date.txt
 rm cities500.zip

install/seerr-install.sh

@@ -14,7 +14,9 @@ network_check
 update_os
 
 msg_info "Installing Dependencies"
-$STD apt-get install -y build-essential
+$STD apt install -y \
+  build-essential \
+  python3-setuptools
 msg_ok "Installed Dependencies"
 
 fetch_and_deploy_gh_release "seerr" "seerr-team/seerr" "tarball"

misc/tools.func

@@ -4629,9 +4629,6 @@ _setup_amd_apu() {
     $STD apt -y install firmware-amd-graphics 2>/dev/null || true
   fi
 
-  # ROCm compute stack (OpenCL + HIP) - also works for many APUs
-  _setup_rocm "$os_id" "$os_codename"
-
   msg_ok "AMD APU configured"
 }
 
@@ -4679,16 +4676,9 @@ _setup_rocm() {
     return 0
   }
 
-  # AMDGPU driver repository (append to same keyring)
-  {
-    echo ""
-    echo "Types: deb"
-    echo "URIs: https://repo.radeon.com/amdgpu/latest/ubuntu"
-    echo "Suites: ${ROCM_REPO_CODENAME}"
-    echo "Components: main"
-    echo "Architectures: amd64"
-    echo "Signed-By: /etc/apt/keyrings/rocm.gpg"
-  } >>/etc/apt/sources.list.d/rocm.sources
+  # Note: The amdgpu/latest/ubuntu repo (kernel driver packages) is intentionally
+  # omitted — kernel drivers are managed by the Proxmox host, not the LXC container.
+  # Only the ROCm userspace compute stack is needed inside the container.
 
   # Pin ROCm packages to prefer radeon repo
   cat <<EOF >/etc/apt/preferences.d/rocm-pin-600
@@ -4697,7 +4687,26 @@ Pin: release o=repo.radeon.com
 Pin-Priority: 600
 EOF
 
-  $STD apt update || msg_warn "apt update failed (AMD repo may be temporarily unavailable) — continuing anyway"
+  # apt update with retry — repo.radeon.com CDN can be mid-sync (transient size mismatches).
+  # Run with ERR trap disabled so a transient failure does not abort the entire install.
+  local _apt_ok=0
+  for _attempt in 1 2 3; do
+    if (
+      set +e
+      apt-get update -qq 2>&1
+      exit $?
+    ) 2>/dev/null; then
+      _apt_ok=1
+      break
+    fi
+    msg_warn "apt update failed (attempt ${_attempt}/3) — AMD repo may be temporarily unavailable, retrying in 30s…"
+    sleep 30
+  done
+  if [[ $_apt_ok -eq 0 ]]; then
+    msg_warn "apt update still failing after 3 attempts — skipping ROCm install"
+    return 0
+  fi
+
   # Install only runtime packages — full 'rocm' meta-package includes 15GB+ dev tools
   $STD apt install -y rocm-opencl-runtime rocm-hip-runtime rocm-smi-lib 2>/dev/null || {
     msg_warn "ROCm runtime install failed — trying minimal set"