fix(mealie): fallback heredoc if start.sh missing before backup

Instead of recreating start.sh from a heredoc after CLEAN_INSTALL wipes
/opt/mealie/*, simply back it up before the wipe and restore it together
with mealie.env. Simpler and avoids any drift between the hardcoded
heredoc and what was actually installed.

.github/changelogs/2026/04.md

@@ -1,250 +1,3 @@
-## 2026-04-30
-
-### 🆕 New Scripts
-
-  - Nagios ([#14126](https://github.com/community-scripts/ProxmoxVE/pull/14126))
-- Neko ([#14121](https://github.com/community-scripts/ProxmoxVE/pull/14121))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - alpine-docker: install openssl as core dependency | alpine-komodo: check & install openssl if missing [@MickLesk](https://github.com/MickLesk) ([#14134](https://github.com/community-scripts/ProxmoxVE/pull/14134))
-    - endurain: update source references to Codeberg [@MickLesk](https://github.com/MickLesk) ([#14128](https://github.com/community-scripts/ProxmoxVE/pull/14128))
-
-### 💾 Core
-
-  - #### 🔧 Refactor
-
-    - tools.func: Manage minor versions for MongoDB 8.x [@tremor021](https://github.com/tremor021) ([#14131](https://github.com/community-scripts/ProxmoxVE/pull/14131))
-
-## 2026-04-29
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - GrayLog: MongoDB update to 8.2.x [@tremor021](https://github.com/tremor021) ([#14114](https://github.com/community-scripts/ProxmoxVE/pull/14114))
-    - Graylog: Better information in the log file [@tremor021](https://github.com/tremor021) ([#14110](https://github.com/community-scripts/ProxmoxVE/pull/14110))
-
-  - #### 🔧 Refactor
-
-    - Refactor: checkMK [@MickLesk](https://github.com/MickLesk) ([#14105](https://github.com/community-scripts/ProxmoxVE/pull/14105))
-    - PatchMon: Unpin release [@tremor021](https://github.com/tremor021) ([#14097](https://github.com/community-scripts/ProxmoxVE/pull/14097))
-
-### 💾 Core
-
-  - #### 🔧 Refactor
-
-    - core: add guidance when storage lacks rootdir support [@MickLesk](https://github.com/MickLesk) ([#14108](https://github.com/community-scripts/ProxmoxVE/pull/14108))
-
-## 2026-04-28
-
-### 🆕 New Scripts
-
-  - StoryBook ([#14081](https://github.com/community-scripts/ProxmoxVE/pull/14081))
-- CoreDNS ([#14082](https://github.com/community-scripts/ProxmoxVE/pull/14082))
-
-### 🚀 Updated Scripts
-
-  - Fix Dawarich Install/Update [@Jerry1098](https://github.com/Jerry1098) ([#14078](https://github.com/community-scripts/ProxmoxVE/pull/14078))
-
-  - #### ✨ New Features
-
-    - PatchMon Version 2.0.2 Script update [@9technologygroup](https://github.com/9technologygroup) ([#14095](https://github.com/community-scripts/ProxmoxVE/pull/14095))
-
-## 2026-04-27
-
-### 🚀 Updated Scripts
-
-  - Add pamUsername column to userOrgs table [@JVKeller](https://github.com/JVKeller) ([#14075](https://github.com/community-scripts/ProxmoxVE/pull/14075))
-
-  - #### 🐞 Bug Fixes
-
-    - Dawarich: run db:migrate before assets:precompile [@MickLesk](https://github.com/MickLesk) ([#14051](https://github.com/community-scripts/ProxmoxVE/pull/14051))
-    - TechnitiumDNS: always install .NET 10 if not already present [@MickLesk](https://github.com/MickLesk) ([#14049](https://github.com/community-scripts/ProxmoxVE/pull/14049))
-
-  - #### 💥 Breaking Changes
-
-    - PatchMon: v2.0.0 migration [@vhsdream](https://github.com/vhsdream) ([#14015](https://github.com/community-scripts/ProxmoxVE/pull/14015))
-
-### 💾 Core
-
-  - #### 🔧 Refactor
-
-    - Update build.func - fixed spelling mistake [@m1ckywill](https://github.com/m1ckywill) ([#14047](https://github.com/community-scripts/ProxmoxVE/pull/14047))
-
-### 🧰 Tools
-
-  - #### 🐞 Bug Fixes
-
-    - update-lxcs/apps: avoid pct exec on containers mid-shutdown [@MickLesk](https://github.com/MickLesk) ([#14050](https://github.com/community-scripts/ProxmoxVE/pull/14050))
-
-  - #### ✨ New Features
-
-    - Add patchmon-agent report execution in update script [@heinemannj](https://github.com/heinemannj) ([#14054](https://github.com/community-scripts/ProxmoxVE/pull/14054))
-
-## 2026-04-26
-
-### 🆕 New Scripts
-
-  - TREK ([#14017](https://github.com/community-scripts/ProxmoxVE/pull/14017))
-
-### 🚀 Updated Scripts
-
-  - fix(2fauth): handle stale backup directory on update [@omertahaoztop](https://github.com/omertahaoztop) ([#14018](https://github.com/community-scripts/ProxmoxVE/pull/14018))
-
-  - #### 🐞 Bug Fixes
-
-    -  Increase Frigate default CPU cores from 4 to 8 [@MickLesk](https://github.com/MickLesk) ([#14039](https://github.com/community-scripts/ProxmoxVE/pull/14039))
-    - Technitium DNS: Ensure directories exist before running service [@tremor021](https://github.com/tremor021) ([#14030](https://github.com/community-scripts/ProxmoxVE/pull/14030))
-
-### 💾 Core
-
-  - #### 🐞 Bug Fixes
-
-    - core: Correct deb822 repository flat path detection [@MickLesk](https://github.com/MickLesk) ([#14037](https://github.com/community-scripts/ProxmoxVE/pull/14037))
-
-## 2026-04-25
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - VictoriaMetrics: Stop vmagent/vmalert before update [@irishpadres](https://github.com/irishpadres) ([#14016](https://github.com/community-scripts/ProxmoxVE/pull/14016))
-    - Domain-Monitor: start apache2 after stop instead of reload [@omertahaoztop](https://github.com/omertahaoztop) ([#14019](https://github.com/community-scripts/ProxmoxVE/pull/14019))
-    - Transmute: Fix ffmpeg detection [@tremor021](https://github.com/tremor021) ([#14008](https://github.com/community-scripts/ProxmoxVE/pull/14008))
-
-  - #### 🔧 Refactor
-
-    - Refactor: Technitium DNS [@tremor021](https://github.com/tremor021) ([#14013](https://github.com/community-scripts/ProxmoxVE/pull/14013))
-
-## 2026-04-24
-
-### 🆕 New Scripts
-
-  - Apprise-API ([#13934](https://github.com/community-scripts/ProxmoxVE/pull/13934))
-- fireshare ([#13995](https://github.com/community-scripts/ProxmoxVE/pull/13995))
-- Transmute ([#13935](https://github.com/community-scripts/ProxmoxVE/pull/13935))
-- Jitsi-Meet ([#13897](https://github.com/community-scripts/ProxmoxVE/pull/13897))
-
-### 🚀 Updated Scripts
-
-  - Update wger.sh [@Soppster1029](https://github.com/Soppster1029) ([#13977](https://github.com/community-scripts/ProxmoxVE/pull/13977))
-
-  - #### 🔧 Refactor
-
-    - Refactor: Ghostfolio [@MickLesk](https://github.com/MickLesk) ([#13990](https://github.com/community-scripts/ProxmoxVE/pull/13990))
-
-## 2026-04-23
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - mealie: start.sh missing after failed update [@MickLesk](https://github.com/MickLesk) ([#13958](https://github.com/community-scripts/ProxmoxVE/pull/13958))
-    - twingate-connector: perform real apt upgrade during update flow [@MickLesk](https://github.com/MickLesk) ([#13959](https://github.com/community-scripts/ProxmoxVE/pull/13959))
-
-  - #### ✨ New Features
-
-    - core: auto-size NODE_OPTIONS heap [@MickLesk](https://github.com/MickLesk) ([#13960](https://github.com/community-scripts/ProxmoxVE/pull/13960))
-
-  - #### 🔧 Refactor
-
-    - Update scripts to match standard [@tremor021](https://github.com/tremor021) ([#13956](https://github.com/community-scripts/ProxmoxVE/pull/13956))
-
-### 💾 Core
-
-  - #### 🐞 Bug Fixes
-
-    - tools.func: upgrade Node.js minor/patch on same major version [@MickLesk](https://github.com/MickLesk) ([#13957](https://github.com/community-scripts/ProxmoxVE/pull/13957))
-    - core: hotfix - prefer silent mode on PHS env conflict [@MickLesk](https://github.com/MickLesk) ([#13951](https://github.com/community-scripts/ProxmoxVE/pull/13951))
-
-  - #### 🔧 Refactor
-
-    - core: improve system update information / lxc stack upgrade [@MickLesk](https://github.com/MickLesk) ([#13970](https://github.com/community-scripts/ProxmoxVE/pull/13970))
-
-## 2026-04-22
-
-### 🆕 New Scripts
-
-  - Dashy ([#13817](https://github.com/community-scripts/ProxmoxVE/pull/13817))
-- Mini-QR ([#13902](https://github.com/community-scripts/ProxmoxVE/pull/13902))
-- ownfoil ([#13904](https://github.com/community-scripts/ProxmoxVE/pull/13904))
-- ERPNext ([#13921](https://github.com/community-scripts/ProxmoxVE/pull/13921))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - add --clear to uv venv in update_script() to prevent interactive prompt [@MickLesk](https://github.com/MickLesk) ([#13926](https://github.com/community-scripts/ProxmoxVE/pull/13926))
-
-### 💾 Core
-
-  - #### ✨ New Features
-
-    - core: Add PHS_VERBOSE env var to skip verbose mode prompts [@gormanity](https://github.com/gormanity) ([#13797](https://github.com/community-scripts/ProxmoxVE/pull/13797))
-
-## 2026-04-21
-
-### 🆕 New Scripts
-
-  - gogs ([#13896](https://github.com/community-scripts/ProxmoxVE/pull/13896))
-- anchor ([#13895](https://github.com/community-scripts/ProxmoxVE/pull/13895))
-- minthcm ([#13903](https://github.com/community-scripts/ProxmoxVE/pull/13903))
-- foldergram ([#13900](https://github.com/community-scripts/ProxmoxVE/pull/13900))
-
-### 🚀 Updated Scripts
-
-  - OpenCloud: Pin version to 6.1.0 [@vhsdream](https://github.com/vhsdream) ([#13890](https://github.com/community-scripts/ProxmoxVE/pull/13890))
-
-  - #### 🐞 Bug Fixes
-
-    - Domain-Locker: Update dependencies [@tremor021](https://github.com/tremor021) ([#13901](https://github.com/community-scripts/ProxmoxVE/pull/13901))
-    - homelable: fix install failure by correcting password-reset chmod target [@Copilot](https://github.com/Copilot) ([#13894](https://github.com/community-scripts/ProxmoxVE/pull/13894))
-
-  - #### ✨ New Features
-
-    - FileFlows: Update dependencies [@tremor021](https://github.com/tremor021) ([#13917](https://github.com/community-scripts/ProxmoxVE/pull/13917))
-
-## 2026-04-20
-
-### 🆕 New Scripts
-
-  - WhoDB ([#13880](https://github.com/community-scripts/ProxmoxVE/pull/13880))
-
-### 🚀 Updated Scripts
-
-  - pangolin: create migration tables before data transfer to prevent role loss [@MickLesk](https://github.com/MickLesk) ([#13874](https://github.com/community-scripts/ProxmoxVE/pull/13874))
-
-  - #### 🐞 Bug Fixes
-
-    - Pangolin: pre-apply schema migrations to prevent data loss [@MickLesk](https://github.com/MickLesk) ([#13861](https://github.com/community-scripts/ProxmoxVE/pull/13861))
-    - ActualBudget: change migration messages to warnings [@MickLesk](https://github.com/MickLesk) ([#13860](https://github.com/community-scripts/ProxmoxVE/pull/13860))
-    - slskd: migrate config keys for 0.25.0 breaking change [@MickLesk](https://github.com/MickLesk) ([#13862](https://github.com/community-scripts/ProxmoxVE/pull/13862))
-
-  - #### ✨ New Features
-
-    - Wanderer: add pocketbase CLI wrapper with env [@MickLesk](https://github.com/MickLesk) ([#13863](https://github.com/community-scripts/ProxmoxVE/pull/13863))
-    - feat(homelable): add password reset utility script [@davidsoncabista](https://github.com/davidsoncabista) ([#13798](https://github.com/community-scripts/ProxmoxVE/pull/13798))
-
-  - #### 🔧 Refactor
-
-    - Several Scripts: Bump NodeJS to align Node.js versions with upstream for 5 scripts [@MickLesk](https://github.com/MickLesk) ([#13875](https://github.com/community-scripts/ProxmoxVE/pull/13875))
-    - Refactor: PMG Post Install [@MickLesk](https://github.com/MickLesk) ([#13693](https://github.com/community-scripts/ProxmoxVE/pull/13693))
-
-### 💾 Core
-
-  - #### 🐞 Bug Fixes
-
-    - core: detect Perl breakage after LXC stack upgrade and improve storage validation [@MickLesk](https://github.com/MickLesk) ([#13879](https://github.com/community-scripts/ProxmoxVE/pull/13879))
-
-## 2026-04-19
-
-### 🆕 New Scripts
-
-  - nametag ([#13849](https://github.com/community-scripts/ProxmoxVE/pull/13849))
-
 ## 2026-04-18
 
 ### 🆕 New Scripts

.github/changelogs/2026/05.md

@@ -1,42 +0,0 @@
-## 2026-05-02
-
-### 🆕 New Scripts
-
-  - protonmail-bridge ([#14136](https://github.com/community-scripts/ProxmoxVE/pull/14136))
-- Tube Archivist ([#14123](https://github.com/community-scripts/ProxmoxVE/pull/14123))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Nagios: Ping fix [@tremor021](https://github.com/tremor021) ([#14186](https://github.com/community-scripts/ProxmoxVE/pull/14186))
-    - opnsense-vm: retry pvesm alloc on transient zfs 'got timeout' errors [@MickLesk](https://github.com/MickLesk) ([#14157](https://github.com/community-scripts/ProxmoxVE/pull/14157))
-    - ImmichFrame: fix update by reinstalling dotnet-sdk before publish [@MickLesk](https://github.com/MickLesk) ([#14158](https://github.com/community-scripts/ProxmoxVE/pull/14158))
-    - [FIX]ShelfMark: Use UV sync for shelfmark backend build; update to Python 3.14 [@vhsdream](https://github.com/vhsdream) ([#14170](https://github.com/community-scripts/ProxmoxVE/pull/14170))
-    - alpine: remove deb/ubuntu-only resource & storage checks from update-script [@MickLesk](https://github.com/MickLesk) ([#14166](https://github.com/community-scripts/ProxmoxVE/pull/14166))
-    - Threadfin: use 'threadfin-app' as app name to avoid version-file clash  [@MickLesk](https://github.com/MickLesk) ([#14159](https://github.com/community-scripts/ProxmoxVE/pull/14159))
-
-### 💾 Core
-
-  - #### ✨ New Features
-
-    - core: prompt to also run installed addon update scripts (…/bin/update_*) after update_script [@MickLesk](https://github.com/MickLesk) ([#14162](https://github.com/community-scripts/ProxmoxVE/pull/14162))
-
-## 2026-05-01
-
-### 🆕 New Scripts
-
-  - SoulSync ([#14124](https://github.com/community-scripts/ProxmoxVE/pull/14124))
-- Teable ([#14125](https://github.com/community-scripts/ProxmoxVE/pull/14125))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Step ca update [@heinemannj](https://github.com/heinemannj) ([#14058](https://github.com/community-scripts/ProxmoxVE/pull/14058))
-    - paperless-ngx: refresh NLTK data on update [@kurtislanderson](https://github.com/kurtislanderson) ([#14144](https://github.com/community-scripts/ProxmoxVE/pull/14144))
-    - [Pelican Panel] stop deleting the public storage [@LetterN](https://github.com/LetterN) ([#14145](https://github.com/community-scripts/ProxmoxVE/pull/14145))
-
-  - #### 🔧 Refactor
-
-    - Mail-Archiver: update dependencies [@tremor021](https://github.com/tremor021) ([#14152](https://github.com/community-scripts/ProxmoxVE/pull/14152))

.github/workflows/close_issue_in_dev.yaml

@@ -62,10 +62,10 @@ jobs:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           issues=$(gh issue list --repo community-scripts/ProxmoxVED --json number,title --jq '.[] | {number, title}')
-
+          
           best_match_score=0
           best_match_number=0
-
+          
           for issue in $(echo "$issues" | jq -r '. | @base64'); do
             _jq() {
               echo ${issue} | base64 --decode | jq -r ${1}
@@ -113,8 +113,7 @@ jobs:
             const http = require('http');
             const url = require('url');
 
-            function request(fullUrl, opts, redirectsLeft) {
-              if (redirectsLeft === undefined) redirectsLeft = 5;
+            function request(fullUrl, opts) {
               return new Promise(function(resolve, reject) {
                 const u = url.parse(fullUrl);
                 const isHttps = u.protocol === 'https:';
@@ -129,19 +128,6 @@ jobs:
                 if (body) options.headers['Content-Length'] = Buffer.byteLength(body);
                 const lib = isHttps ? https : http;
                 const req = lib.request(options, function(res) {
-                  // Follow redirects (301/302/307/308)
-                  if ([301, 302, 307, 308].indexOf(res.statusCode) !== -1 && res.headers.location && redirectsLeft > 0) {
-                    res.resume();
-                    const nextUrl = url.resolve(fullUrl, res.headers.location);
-                    // For 301/302, browsers historically downgrade to GET; preserve method for 307/308.
-                    const nextOpts = Object.assign({}, opts);
-                    if (res.statusCode === 301 || res.statusCode === 302) {
-                      nextOpts.method = 'GET';
-                      delete nextOpts.body;
-                    }
-                    resolve(request(nextUrl, nextOpts, redirectsLeft - 1));
-                    return;
-                  }
                   let data = '';
                   res.on('data', function(chunk) { data += chunk; });
                   res.on('end', function() {

.github/workflows/pocketbase-bot.yml

@@ -7,7 +7,7 @@ on:
 permissions:
   issues: write
   pull-requests: write
-  contents: write
+  contents: read
 
 jobs:
   pocketbase-bot:
@@ -95,149 +95,6 @@ jobs:
               return request('https://api.github.com' + path, { method: method || 'GET', headers, body: bodyStr });
             }
 
-            function encodeContentPath(filePath) {
-              return filePath.split('/').map(encodeURIComponent).join('/');
-            }
-
-            function decodeGitHubContent(content) {
-              return Buffer.from((content || '').replace(/\n/g, ''), 'base64').toString('utf8');
-            }
-
-            function sanitizeBranchPart(value) {
-              return (value || '')
-                .toLowerCase()
-                .replace(/[^a-z0-9._/-]+/g, '-')
-                .replace(/\/+/g, '/')
-                .replace(/^-+|-+$/g, '');
-            }
-
-            function applyCtDefaultChanges(scriptText, varChanges) {
-              let nextText = scriptText;
-              const updatedVars = [];
-              const unchangedVars = [];
-              for (const [varName, rawValue] of Object.entries(varChanges)) {
-                const newValue = String(rawValue);
-                const pattern = new RegExp('(^\\s*' + varName + '="\\$\\{' + varName + ':-)([^"}]*)(\\}"\\s*$)', 'm');
-                const match = nextText.match(pattern);
-                if (!match) continue;
-                if (match[2] === newValue) {
-                  unchangedVars.push(varName);
-                  continue;
-                }
-                nextText = nextText.replace(pattern, '$1' + newValue + '$3');
-                updatedVars.push(varName);
-              }
-              return { nextText, updatedVars, unchangedVars };
-            }
-
-            async function ensureBranch(defaultBranch, branchName) {
-              const branchRefRes = await ghRequest('/repos/' + owner + '/' + repo + '/git/ref/heads/' + encodeURIComponent(branchName));
-              if (branchRefRes.ok) return;
-
-              const defaultRefRes = await ghRequest('/repos/' + owner + '/' + repo + '/git/ref/heads/' + encodeURIComponent(defaultBranch));
-              if (!defaultRefRes.ok) {
-                throw new Error('Could not read default branch ref: ' + defaultRefRes.body);
-              }
-              const defaultRef = JSON.parse(defaultRefRes.body);
-              const createBranchRes = await ghRequest('/repos/' + owner + '/' + repo + '/git/refs', 'POST', {
-                ref: 'refs/heads/' + branchName,
-                sha: defaultRef.object.sha
-              });
-              if (!createBranchRes.ok) {
-                throw new Error('Could not create branch: ' + createBranchRes.body);
-              }
-            }
-
-            async function upsertCtDefaultsPr(slugValue, varChanges) {
-              const wantedEntries = Object.entries(varChanges || {}).filter(function ([, v]) {
-                return v !== undefined && v !== null && String(v) !== '';
-              });
-              if (wantedEntries.length === 0) {
-                return { status: 'skipped', reason: 'No mapped CT defaults changed.' };
-              }
-
-              const repoRes = await ghRequest('/repos/' + owner + '/' + repo);
-              if (!repoRes.ok) {
-                throw new Error('Could not read repository metadata: ' + repoRes.body);
-              }
-              const repoInfo = JSON.parse(repoRes.body);
-              const defaultBranch = repoInfo.default_branch;
-
-              const ctPath = 'ct/' + slugValue + '.sh';
-              const encodedCtPath = encodeContentPath(ctPath);
-              const defaultFileRes = await ghRequest('/repos/' + owner + '/' + repo + '/contents/' + encodedCtPath + '?ref=' + encodeURIComponent(defaultBranch));
-              if (defaultFileRes.statusCode === 404) {
-                return { status: 'skipped', reason: 'No matching CT file found at `' + ctPath + '`.' };
-              }
-              if (!defaultFileRes.ok) {
-                throw new Error('Could not read CT file from default branch: ' + defaultFileRes.body);
-              }
-
-              const branchName = 'pocketbase-sync/' + sanitizeBranchPart(slugValue || 'unknown');
-              await ensureBranch(defaultBranch, branchName);
-
-              const branchFileRes = await ghRequest('/repos/' + owner + '/' + repo + '/contents/' + encodedCtPath + '?ref=' + encodeURIComponent(branchName));
-              if (!branchFileRes.ok) {
-                throw new Error('Could not read CT file from sync branch: ' + branchFileRes.body);
-              }
-              const branchFile = JSON.parse(branchFileRes.body);
-              const currentBranchText = decodeGitHubContent(branchFile.content);
-
-              const updateResult = applyCtDefaultChanges(currentBranchText, Object.fromEntries(wantedEntries));
-              if (updateResult.updatedVars.length === 0) {
-                return { status: 'skipped', reason: 'CT defaults already up to date.', unchangedVars: updateResult.unchangedVars };
-              }
-
-              const commitMessage = 'chore(ct): sync ' + slugValue + ' defaults from PocketBase';
-              const putRes = await ghRequest('/repos/' + owner + '/' + repo + '/contents/' + encodedCtPath, 'PUT', {
-                message: commitMessage,
-                content: Buffer.from(updateResult.nextText, 'utf8').toString('base64'),
-                sha: branchFile.sha,
-                branch: branchName
-              });
-              if (!putRes.ok) {
-                throw new Error('Could not update CT file: ' + putRes.body);
-              }
-
-              const openPrRes = await ghRequest(
-                '/repos/' + owner + '/' + repo + '/pulls?state=open&head=' + encodeURIComponent(owner + ':' + branchName) + '&base=' + encodeURIComponent(defaultBranch)
-              );
-              if (!openPrRes.ok) {
-                throw new Error('Could not query existing PRs: ' + openPrRes.body);
-              }
-              const openPrs = JSON.parse(openPrRes.body);
-              if (openPrs.length > 0) {
-                return { status: 'updated', prUrl: openPrs[0].html_url, updatedVars: updateResult.updatedVars };
-              }
-
-              const prTitle = 'chore(ct): sync ' + slugValue + ' defaults with PocketBase';
-              const prBody =
-                '## Summary\n' +
-                '- Sync default CT variables for `' + slugValue + '` after `/pocketbase` update.\n' +
-                '- Updated vars: `' + updateResult.updatedVars.join('`, `') + '`.\n\n' +
-                '## Source\n' +
-                '- Triggered by @' + actor + ' via PocketBase bot.\n';
-              const createPrRes = await ghRequest('/repos/' + owner + '/' + repo + '/pulls', 'POST', {
-                title: prTitle,
-                body: prBody,
-                head: branchName,
-                base: defaultBranch
-              });
-              if (!createPrRes.ok) {
-                throw new Error('Could not create PR: ' + createPrRes.body);
-              }
-              const pr = JSON.parse(createPrRes.body);
-              return { status: 'created', prUrl: pr.html_url, updatedVars: updateResult.updatedVars };
-            }
-
-            function formatCtSyncResult(syncResult) {
-              if (!syncResult) return '';
-              if (syncResult.status === 'created') return '\n\n**CT sync PR:** ' + syncResult.prUrl;
-              if (syncResult.status === 'updated') return '\n\n**CT sync PR updated:** ' + syncResult.prUrl;
-              if (syncResult.status === 'skipped') return '\n\n**CT sync skipped:** ' + syncResult.reason;
-              return '';
-            }
-
             async function addReaction(content) {
               try {
                 await ghRequest(
@@ -653,7 +510,6 @@ jobs:
               const RESOURCE_KEYS = { cpu: 'number', ram: 'number', hdd: 'number', os: 'string', version: 'string' };
               const METHOD_KEYS   = { config_path: 'string', script: 'string' };
               const ALL_METHOD_KEYS = Object.assign({}, RESOURCE_KEYS, METHOD_KEYS);
-              const RESOURCE_TO_CT_VAR = { cpu: 'var_cpu', ram: 'var_ram', hdd: 'var_disk', os: 'var_os', version: 'var_version' };
 
               function applyMethodChanges(method, parsed) {
                 if (!method.resources) method.resources = {};
@@ -694,7 +550,6 @@ jobs:
                 if (addMatch) {
                   // ── METHOD ADD ───────────────────────────────────────────────
                   const newType = addMatch[1];
-                  const parsed = addMatch[2] ? parseKVPairs(addMatch[2]) : {};
                   if (methodsArr.some(function (im) { return (im.type || '').toLowerCase() === newType.toLowerCase(); })) {
                     await addReaction('-1');
                     await postComment('❌ **PocketBase Bot**: Install method `' + newType + '` already exists for `' + slug + '`.\n\nUse `/pocketbase ' + slug + ' method list` to see all methods.');
@@ -702,6 +557,7 @@ jobs:
                   }
                   const newMethod = { type: newType, resources: { cpu: 1, ram: 512, hdd: 4, os: 'debian', version: '13' } };
                   if (addMatch[2]) {
+                    const parsed = parseKVPairs(addMatch[2]);
                     const unknown = Object.keys(parsed).filter(function (k) { return !ALL_METHOD_KEYS[k]; });
                     if (unknown.length > 0) {
                       await addReaction('-1');
@@ -713,21 +569,10 @@ jobs:
                   methodsArr.push(newMethod);
                   await patchMethods(methodsArr);
                   await revalidate(slug);
-                  const addCtChanges = {};
-                  for (const [k, v] of Object.entries(parsed)) {
-                    if (RESOURCE_TO_CT_VAR[k]) addCtChanges[RESOURCE_TO_CT_VAR[k]] = v;
-                  }
-                  let addCtSync = null;
-                  try {
-                    addCtSync = await upsertCtDefaultsPr(slug, addCtChanges);
-                  } catch (e) {
-                    addCtSync = { status: 'skipped', reason: 'CT sync failed: ' + e.message };
-                  }
                   await addReaction('+1');
                   await postComment(
                     '✅ **PocketBase Bot**: Added install method **`' + newType + '`** to **`' + slug + '`**\n\n' +
                     formatMethodsList([newMethod]) + '\n\n' +
-                    formatCtSyncResult(addCtSync) + '\n\n' +
                     '*Executed by @' + actor + '*'
                   );
 
@@ -795,16 +640,6 @@ jobs:
                   applyMethodChanges(methodsArr[idx], parsed);
                   await patchMethods(methodsArr);
                   await revalidate(slug);
-                  const editCtChanges = {};
-                  for (const [k, v] of Object.entries(parsed)) {
-                    if (RESOURCE_TO_CT_VAR[k]) editCtChanges[RESOURCE_TO_CT_VAR[k]] = v;
-                  }
-                  let editCtSync = null;
-                  try {
-                    editCtSync = await upsertCtDefaultsPr(slug, editCtChanges);
-                  } catch (e) {
-                    editCtSync = { status: 'skipped', reason: 'CT sync failed: ' + e.message };
-                  }
 
                   const changesLines = Object.entries(parsed)
                     .map(function ([k, v]) {
@@ -815,7 +650,6 @@ jobs:
                   await postComment(
                     '✅ **PocketBase Bot**: Updated install method **`' + methodsArr[idx].type + '`** for **`' + slug + '`**\n\n' +
                     '**Changes applied:**\n' + changesLines + '\n\n' +
-                    formatCtSyncResult(editCtSync) + '\n\n' +
                     '*Executed by @' + actor + '*'
                   );
                 }
@@ -878,11 +712,9 @@ jobs:
                 project_url:      'string',
                 github:           'string',
                 config_path:      'string',
-                tags:             'string',
                 port:             'number',
                 default_user:     'nullable_string',
                 default_passwd:   'nullable_string',
-                unprivileged:     'number',
                 updateable:       'boolean',
                 privileged:       'boolean',
                 has_arm:          'boolean',
@@ -949,17 +781,6 @@ jobs:
                 process.exit(1);
               }
               await revalidate(slug);
-              const FIELD_TO_CT_VAR = { tags: 'var_tags', unprivileged: 'var_unprivileged' };
-              const fieldCtChanges = {};
-              for (const [k, v] of Object.entries(payload)) {
-                if (FIELD_TO_CT_VAR[k]) fieldCtChanges[FIELD_TO_CT_VAR[k]] = v;
-              }
-              let fieldCtSync = null;
-              try {
-                fieldCtSync = await upsertCtDefaultsPr(slug, fieldCtChanges);
-              } catch (e) {
-                fieldCtSync = { status: 'skipped', reason: 'CT sync failed: ' + e.message };
-              }
               await addReaction('+1');
               const changesLines = Object.entries(payload)
                 .map(function ([k, v]) { return '- `' + k + '` → `' + JSON.stringify(v) + '`'; })
@@ -967,7 +788,6 @@ jobs:
               await postComment(
                 '✅ **PocketBase Bot**: Updated **`' + slug + '`** successfully!\n\n' +
                 '**Changes applied:**\n' + changesLines + '\n\n' +
-                formatCtSyncResult(fieldCtSync) + '\n\n' +
                 '*Executed by @' + actor + '*'
               );
             }

CHANGELOG.md

@@ -38,12 +38,6 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 
 
-
-
-
-
-
-
 
 
 
@@ -60,14 +54,7 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 
 <details>
-<summary><h4>May (2 entries)</h4></summary>
-
-[View May 2026 Changelog](.github/changelogs/2026/05.md)
-
-</details>
-
-<details>
-<summary><h4>April (30 entries)</h4></summary>
+<summary><h4>April (18 entries)</h4></summary>
 
 [View April 2026 Changelog](.github/changelogs/2026/04.md)
 
@@ -458,268 +445,14 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 </details>
 
-## 2026-05-05
-
-### 🆕 New Scripts
-
-  - LibreChat ([#14247](https://github.com/community-scripts/ProxmoxVE/pull/14247))
-- Matomo ([#14248](https://github.com/community-scripts/ProxmoxVE/pull/14248))
-- Storyteller ([#14122](https://github.com/community-scripts/ProxmoxVE/pull/14122))
-
-### 🧰 Tools
-
-  - Fix container count message in update-apps.sh [@Quotacious](https://github.com/Quotacious) ([#14265](https://github.com/community-scripts/ProxmoxVE/pull/14265))
-
-## 2026-05-04
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Databasus: move .env to filesystem root so service starts correctly [@Copilot](https://github.com/Copilot) ([#14252](https://github.com/community-scripts/ProxmoxVE/pull/14252))
-    - Databasus: update mongo-tools fallback to 100.16.1 and use now pnpm instead of npm ci [@MickLesk](https://github.com/MickLesk) ([#14240](https://github.com/community-scripts/ProxmoxVE/pull/14240))
-
-### 💾 Core
-
-  - #### ✨ New Features
-
-    - tools.func get_latest_gh_tag - add pagination to find prefixed tags beyond first 50 [@MickLesk](https://github.com/MickLesk) ([#14241](https://github.com/community-scripts/ProxmoxVE/pull/14241))
-    - tools.func: add GitLab release check/fetch/deploy helpers [@MickLesk](https://github.com/MickLesk) ([#14242](https://github.com/community-scripts/ProxmoxVE/pull/14242))
-
-## 2026-05-03
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Hortusfox: fix update issues [@tomfrenzel](https://github.com/tomfrenzel) ([#14214](https://github.com/community-scripts/ProxmoxVE/pull/14214))
-
-  - #### ✨ New Features
-
-    - Refactor: PeaNUT for v6 [@MickLesk](https://github.com/MickLesk) ([#14224](https://github.com/community-scripts/ProxmoxVE/pull/14224))
-    - pangolin: pin version, drop manual SQL, use upstream migrator [@MickLesk](https://github.com/MickLesk) ([#14223](https://github.com/community-scripts/ProxmoxVE/pull/14223))
-
-### 💾 Core
-
-  - #### 🐞 Bug Fixes
-
-    - core: fix validate_bridge function [@MichaelOultram](https://github.com/MichaelOultram) ([#14206](https://github.com/community-scripts/ProxmoxVE/pull/14206))
-
-### 🧰 Tools
-
-  - #### 🐞 Bug Fixes
-
-    - pve/pbs scripts: guard sed against missing /etc/apt/sources.list [@MickLesk](https://github.com/MickLesk) ([#14222](https://github.com/community-scripts/ProxmoxVE/pull/14222))
-
-## 2026-05-02
-
-### 🆕 New Scripts
-
-  - protonmail-bridge ([#14136](https://github.com/community-scripts/ProxmoxVE/pull/14136))
-- Tube Archivist ([#14123](https://github.com/community-scripts/ProxmoxVE/pull/14123))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Nagios: Ping fix [@tremor021](https://github.com/tremor021) ([#14186](https://github.com/community-scripts/ProxmoxVE/pull/14186))
-    - opnsense-vm: retry pvesm alloc on transient zfs 'got timeout' errors [@MickLesk](https://github.com/MickLesk) ([#14157](https://github.com/community-scripts/ProxmoxVE/pull/14157))
-    - ImmichFrame: fix update by reinstalling dotnet-sdk before publish [@MickLesk](https://github.com/MickLesk) ([#14158](https://github.com/community-scripts/ProxmoxVE/pull/14158))
-    - [FIX]ShelfMark: Use UV sync for shelfmark backend build; update to Python 3.14 [@vhsdream](https://github.com/vhsdream) ([#14170](https://github.com/community-scripts/ProxmoxVE/pull/14170))
-    - alpine: remove deb/ubuntu-only resource & storage checks from update-script [@MickLesk](https://github.com/MickLesk) ([#14166](https://github.com/community-scripts/ProxmoxVE/pull/14166))
-    - Threadfin: use 'threadfin-app' as app name to avoid version-file clash  [@MickLesk](https://github.com/MickLesk) ([#14159](https://github.com/community-scripts/ProxmoxVE/pull/14159))
-
-### 💾 Core
-
-  - #### ✨ New Features
-
-    - core: prompt to also run installed addon update scripts (…/bin/update_*) after update_script [@MickLesk](https://github.com/MickLesk) ([#14162](https://github.com/community-scripts/ProxmoxVE/pull/14162))
-
-## 2026-05-01
-
-### 🆕 New Scripts
-
-  - SoulSync ([#14124](https://github.com/community-scripts/ProxmoxVE/pull/14124))
-- Teable ([#14125](https://github.com/community-scripts/ProxmoxVE/pull/14125))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Step ca update [@heinemannj](https://github.com/heinemannj) ([#14058](https://github.com/community-scripts/ProxmoxVE/pull/14058))
-    - paperless-ngx: refresh NLTK data on update [@kurtislanderson](https://github.com/kurtislanderson) ([#14144](https://github.com/community-scripts/ProxmoxVE/pull/14144))
-    - [Pelican Panel] stop deleting the public storage [@LetterN](https://github.com/LetterN) ([#14145](https://github.com/community-scripts/ProxmoxVE/pull/14145))
-
-  - #### 🔧 Refactor
-
-    - Mail-Archiver: update dependencies [@tremor021](https://github.com/tremor021) ([#14152](https://github.com/community-scripts/ProxmoxVE/pull/14152))
-
-## 2026-04-30
-
-### 🆕 New Scripts
-
-  - Nagios ([#14126](https://github.com/community-scripts/ProxmoxVE/pull/14126))
-- Neko ([#14121](https://github.com/community-scripts/ProxmoxVE/pull/14121))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - alpine-docker: install openssl as core dependency | alpine-komodo: check & install openssl if missing [@MickLesk](https://github.com/MickLesk) ([#14134](https://github.com/community-scripts/ProxmoxVE/pull/14134))
-    - endurain: update source references to Codeberg [@MickLesk](https://github.com/MickLesk) ([#14128](https://github.com/community-scripts/ProxmoxVE/pull/14128))
-
-### 💾 Core
-
-  - #### 🔧 Refactor
-
-    - tools.func: Manage minor versions for MongoDB 8.x [@tremor021](https://github.com/tremor021) ([#14131](https://github.com/community-scripts/ProxmoxVE/pull/14131))
-
-## 2026-04-29
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - GrayLog: MongoDB update to 8.2.x [@tremor021](https://github.com/tremor021) ([#14114](https://github.com/community-scripts/ProxmoxVE/pull/14114))
-    - Graylog: Better information in the log file [@tremor021](https://github.com/tremor021) ([#14110](https://github.com/community-scripts/ProxmoxVE/pull/14110))
-
-  - #### 🔧 Refactor
-
-    - Refactor: checkMK [@MickLesk](https://github.com/MickLesk) ([#14105](https://github.com/community-scripts/ProxmoxVE/pull/14105))
-    - PatchMon: Unpin release [@tremor021](https://github.com/tremor021) ([#14097](https://github.com/community-scripts/ProxmoxVE/pull/14097))
-
-### 💾 Core
-
-  - #### 🔧 Refactor
-
-    - core: add guidance when storage lacks rootdir support [@MickLesk](https://github.com/MickLesk) ([#14108](https://github.com/community-scripts/ProxmoxVE/pull/14108))
-
-## 2026-04-28
-
-### 🆕 New Scripts
-
-  - StoryBook ([#14081](https://github.com/community-scripts/ProxmoxVE/pull/14081))
-- CoreDNS ([#14082](https://github.com/community-scripts/ProxmoxVE/pull/14082))
-
-### 🚀 Updated Scripts
-
-  - Fix Dawarich Install/Update [@Jerry1098](https://github.com/Jerry1098) ([#14078](https://github.com/community-scripts/ProxmoxVE/pull/14078))
-
-  - #### ✨ New Features
-
-    - PatchMon Version 2.0.2 Script update [@9technologygroup](https://github.com/9technologygroup) ([#14095](https://github.com/community-scripts/ProxmoxVE/pull/14095))
-
-## 2026-04-27
-
-### 🚀 Updated Scripts
-
-  - Add pamUsername column to userOrgs table [@JVKeller](https://github.com/JVKeller) ([#14075](https://github.com/community-scripts/ProxmoxVE/pull/14075))
-
-  - #### 🐞 Bug Fixes
-
-    - Dawarich: run db:migrate before assets:precompile [@MickLesk](https://github.com/MickLesk) ([#14051](https://github.com/community-scripts/ProxmoxVE/pull/14051))
-    - TechnitiumDNS: always install .NET 10 if not already present [@MickLesk](https://github.com/MickLesk) ([#14049](https://github.com/community-scripts/ProxmoxVE/pull/14049))
-
-  - #### 💥 Breaking Changes
-
-    - PatchMon: v2.0.0 migration [@vhsdream](https://github.com/vhsdream) ([#14015](https://github.com/community-scripts/ProxmoxVE/pull/14015))
-
-### 💾 Core
-
-  - #### 🔧 Refactor
-
-    - Update build.func - fixed spelling mistake [@m1ckywill](https://github.com/m1ckywill) ([#14047](https://github.com/community-scripts/ProxmoxVE/pull/14047))
-
-### 🧰 Tools
-
-  - #### 🐞 Bug Fixes
-
-    - update-lxcs/apps: avoid pct exec on containers mid-shutdown [@MickLesk](https://github.com/MickLesk) ([#14050](https://github.com/community-scripts/ProxmoxVE/pull/14050))
-
-  - #### ✨ New Features
-
-    - Add patchmon-agent report execution in update script [@heinemannj](https://github.com/heinemannj) ([#14054](https://github.com/community-scripts/ProxmoxVE/pull/14054))
-
-## 2026-04-26
-
-### 🆕 New Scripts
-
-  - TREK ([#14017](https://github.com/community-scripts/ProxmoxVE/pull/14017))
-
-### 🚀 Updated Scripts
-
-  - fix(2fauth): handle stale backup directory on update [@omertahaoztop](https://github.com/omertahaoztop) ([#14018](https://github.com/community-scripts/ProxmoxVE/pull/14018))
-
-  - #### 🐞 Bug Fixes
-
-    -  Increase Frigate default CPU cores from 4 to 8 [@MickLesk](https://github.com/MickLesk) ([#14039](https://github.com/community-scripts/ProxmoxVE/pull/14039))
-    - Technitium DNS: Ensure directories exist before running service [@tremor021](https://github.com/tremor021) ([#14030](https://github.com/community-scripts/ProxmoxVE/pull/14030))
-
-### 💾 Core
-
-  - #### 🐞 Bug Fixes
-
-    - core: Correct deb822 repository flat path detection [@MickLesk](https://github.com/MickLesk) ([#14037](https://github.com/community-scripts/ProxmoxVE/pull/14037))
-
-## 2026-04-25
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - VictoriaMetrics: Stop vmagent/vmalert before update [@irishpadres](https://github.com/irishpadres) ([#14016](https://github.com/community-scripts/ProxmoxVE/pull/14016))
-    - Domain-Monitor: start apache2 after stop instead of reload [@omertahaoztop](https://github.com/omertahaoztop) ([#14019](https://github.com/community-scripts/ProxmoxVE/pull/14019))
-    - Transmute: Fix ffmpeg detection [@tremor021](https://github.com/tremor021) ([#14008](https://github.com/community-scripts/ProxmoxVE/pull/14008))
-
-  - #### 🔧 Refactor
-
-    - Refactor: Technitium DNS [@tremor021](https://github.com/tremor021) ([#14013](https://github.com/community-scripts/ProxmoxVE/pull/14013))
-
-## 2026-04-24
-
-### 🆕 New Scripts
-
-  - Apprise-API ([#13934](https://github.com/community-scripts/ProxmoxVE/pull/13934))
-- fireshare ([#13995](https://github.com/community-scripts/ProxmoxVE/pull/13995))
-- Transmute ([#13935](https://github.com/community-scripts/ProxmoxVE/pull/13935))
-- Jitsi-Meet ([#13897](https://github.com/community-scripts/ProxmoxVE/pull/13897))
-
-### 🚀 Updated Scripts
-
-  - Update wger.sh [@Soppster1029](https://github.com/Soppster1029) ([#13977](https://github.com/community-scripts/ProxmoxVE/pull/13977))
-
-  - #### 🔧 Refactor
-
-    - Refactor: Ghostfolio [@MickLesk](https://github.com/MickLesk) ([#13990](https://github.com/community-scripts/ProxmoxVE/pull/13990))
-
 ## 2026-04-23
 
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - mealie: start.sh missing after failed update [@MickLesk](https://github.com/MickLesk) ([#13958](https://github.com/community-scripts/ProxmoxVE/pull/13958))
-    - twingate-connector: perform real apt upgrade during update flow [@MickLesk](https://github.com/MickLesk) ([#13959](https://github.com/community-scripts/ProxmoxVE/pull/13959))
-
-  - #### ✨ New Features
-
-    - core: auto-size NODE_OPTIONS heap [@MickLesk](https://github.com/MickLesk) ([#13960](https://github.com/community-scripts/ProxmoxVE/pull/13960))
-
-  - #### 🔧 Refactor
-
-    - Update scripts to match standard [@tremor021](https://github.com/tremor021) ([#13956](https://github.com/community-scripts/ProxmoxVE/pull/13956))
-
 ### 💾 Core
 
   - #### 🐞 Bug Fixes
 
-    - tools.func: upgrade Node.js minor/patch on same major version [@MickLesk](https://github.com/MickLesk) ([#13957](https://github.com/community-scripts/ProxmoxVE/pull/13957))
     - core: hotfix - prefer silent mode on PHS env conflict [@MickLesk](https://github.com/MickLesk) ([#13951](https://github.com/community-scripts/ProxmoxVE/pull/13951))
 
-  - #### 🔧 Refactor
-
-    - core: improve system update information / lxc stack upgrade [@MickLesk](https://github.com/MickLesk) ([#13970](https://github.com/community-scripts/ProxmoxVE/pull/13970))
-
 ## 2026-04-22
 
 ### 🆕 New Scripts
@@ -1116,4 +849,265 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
   - #### 🐞 Bug Fixes
 
-    - PVE LXC-Updater: pipe apt list through cat to prevent pager hang [@MickLesk](https://github.com/MickLesk) ([#13501](https://github.com/community-scripts/ProxmoxVE/pull/13501))
+    - PVE LXC-Updater: pipe apt list through cat to prevent pager hang [@MickLesk](https://github.com/MickLesk) ([#13501](https://github.com/community-scripts/ProxmoxVE/pull/13501))
+
+## 2026-04-02
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Grist: Guard backup restore for empty docs/db files [@MickLesk](https://github.com/MickLesk) ([#13472](https://github.com/community-scripts/ProxmoxVE/pull/13472))
+    - fix(zigbee2mqtt): suppress grep error when pnpm-workspace.yaml is absent on update [@Copilot](https://github.com/Copilot) ([#13476](https://github.com/community-scripts/ProxmoxVE/pull/13476))
+
+### 🧰 Tools
+
+  - #### 🐞 Bug Fixes
+
+    - Cron LXC Updater: Add full PATH for cron environment [@MickLesk](https://github.com/MickLesk) ([#13473](https://github.com/community-scripts/ProxmoxVE/pull/13473))
+
+## 2026-04-01
+
+### 🆕 New Scripts
+
+  - DrawDB ([#13454](https://github.com/community-scripts/ProxmoxVE/pull/13454))
+
+### 🧰 Tools
+
+  - #### 🐞 Bug Fixes
+
+    - Filebrowser: make noauth setup use correct database [@MickLesk](https://github.com/MickLesk) ([#13457](https://github.com/community-scripts/ProxmoxVE/pull/13457))
+
+## 2026-03-31
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Graylog: set vm.max_map_count on host for OpenSearch [@MickLesk](https://github.com/MickLesk) ([#13441](https://github.com/community-scripts/ProxmoxVE/pull/13441))
+    - Koillection: ensure newline before appending to .env.local [@MickLesk](https://github.com/MickLesk) ([#13440](https://github.com/community-scripts/ProxmoxVE/pull/13440))
+
+### 💾 Core
+
+  - #### 🔧 Refactor
+
+    - core: skip empty gateway value in network config [@MickLesk](https://github.com/MickLesk) ([#13442](https://github.com/community-scripts/ProxmoxVE/pull/13442))
+
+## 2026-03-30
+
+### 🆕 New Scripts
+
+  - Bambuddy ([#13411](https://github.com/community-scripts/ProxmoxVE/pull/13411))
+
+### 🚀 Updated Scripts
+
+  - #### 💥 Breaking Changes
+
+    - Rename: BirdNET > BirdNET-Go [@MickLesk](https://github.com/MickLesk) ([#13410](https://github.com/community-scripts/ProxmoxVE/pull/13410))
+
+## 2026-03-29
+
+### 🆕 New Scripts
+
+  - YOURLS ([#13379](https://github.com/community-scripts/ProxmoxVE/pull/13379))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - fix(victoriametrics): use jq to filter releases [@Joery-M](https://github.com/Joery-M) ([#13393](https://github.com/community-scripts/ProxmoxVE/pull/13393))
+    - Ollama: add error handling for Intel GPG key imports [@MickLesk](https://github.com/MickLesk) ([#13397](https://github.com/community-scripts/ProxmoxVE/pull/13397))
+    - Immich: ignore Redis connection error on maintenance mode disable [@MickLesk](https://github.com/MickLesk) ([#13398](https://github.com/community-scripts/ProxmoxVE/pull/13398))
+    - NPM: unmask openresty after migration from package [@MickLesk](https://github.com/MickLesk) ([#13399](https://github.com/community-scripts/ProxmoxVE/pull/13399))
+
+## 2026-03-28
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Fix: Update gokapi binary name for v2.2.4+ and add migration step [@krazos](https://github.com/krazos) ([#13377](https://github.com/community-scripts/ProxmoxVE/pull/13377))
+    - Fix: update gokapi asset matching for v2.2.4+ naming convention [@krazos](https://github.com/krazos) ([#13369](https://github.com/community-scripts/ProxmoxVE/pull/13369))
+    - Tandoor Recipes: Add missing env variable [@tremor021](https://github.com/tremor021) ([#13365](https://github.com/community-scripts/ProxmoxVE/pull/13365))
+
+  - #### ✨ New Features
+
+    - FileFlows: add option to install Node [@tremor021](https://github.com/tremor021) ([#13368](https://github.com/community-scripts/ProxmoxVE/pull/13368))
+
+## 2026-03-27
+
+### 🆕 New Scripts
+
+  - Matter-Server ([#13355](https://github.com/community-scripts/ProxmoxVE/pull/13355))
+- GeoPulse ([#13320](https://github.com/community-scripts/ProxmoxVE/pull/13320))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - RevealJS: Switch from gulp to vite [@tremor021](https://github.com/tremor021) ([#13336](https://github.com/community-scripts/ProxmoxVE/pull/13336))
+
+  - #### ✨ New Features
+
+    - Dispatcharr add custom Postgres port support for upgrade [@MickLesk](https://github.com/MickLesk) ([#13347](https://github.com/community-scripts/ProxmoxVE/pull/13347))
+    - Immich: bump to v2.6.3 [@MickLesk](https://github.com/MickLesk) ([#13324](https://github.com/community-scripts/ProxmoxVE/pull/13324))
+
+### 🧰 Tools
+
+  - #### ✨ New Features
+
+    - Refactor/Feature-Bump/Security: Update-Cron-LXCs (Now Local Mode!) [@MickLesk](https://github.com/MickLesk) ([#13339](https://github.com/community-scripts/ProxmoxVE/pull/13339))
+
+## 2026-03-26
+
+### 🆕 New Scripts
+
+  - BirdNET ([#13313](https://github.com/community-scripts/ProxmoxVE/pull/13313))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Immich: Bump to 2.6.2 | use start.sh in service, ensure DB_HOSTNAME in .env | Fix Rights Issue with ZFS Shares [@MickLesk](https://github.com/MickLesk) ([#13199](https://github.com/community-scripts/ProxmoxVE/pull/13199))
+
+  - #### ✨ New Features
+
+    - SparkyFitness: add garmin microservice as addon [@tomfrenzel](https://github.com/tomfrenzel) ([#12642](https://github.com/community-scripts/ProxmoxVE/pull/12642))
+    - Frigate: bump to v0.17.1 & change build order [@MickLesk](https://github.com/MickLesk) ([#13304](https://github.com/community-scripts/ProxmoxVE/pull/13304))
+
+### 💾 Core
+
+  - #### 🐞 Bug Fixes
+
+    - tools.func: pin npm to 11.11.0 to work around Node.js 22.22.2 regression [@MickLesk](https://github.com/MickLesk) ([#13296](https://github.com/community-scripts/ProxmoxVE/pull/13296))
+
+  - #### ✨ New Features
+
+    - core: APT/APK Mirror Fallback for CDN Failures [@MickLesk](https://github.com/MickLesk) ([#13316](https://github.com/community-scripts/ProxmoxVE/pull/13316))
+    - core/tools: replace generic return 1 exit_codes with more specific exit_codes [@MickLesk](https://github.com/MickLesk) ([#13311](https://github.com/community-scripts/ProxmoxVE/pull/13311))
+
+  - #### 🔧 Refactor
+
+    - core: use /usr/bin/install to prevent function shadowing [@MickLesk](https://github.com/MickLesk) ([#13299](https://github.com/community-scripts/ProxmoxVE/pull/13299))
+
+### 🧰 Tools
+
+  - #### 🐞 Bug Fixes
+
+    - SparkyFitness-Garmin: fix app name [@tomfrenzel](https://github.com/tomfrenzel) ([#13325](https://github.com/community-scripts/ProxmoxVE/pull/13325))
+
+## 2026-03-25
+
+### 🚀 Updated Scripts
+
+  - #### ✨ New Features
+
+    - Komodo v2: migrate env vars to v2 and update source [@MickLesk](https://github.com/MickLesk) ([#13262](https://github.com/community-scripts/ProxmoxVE/pull/13262))
+
+### 💾 Core
+
+  - #### 🔧 Refactor
+
+    - core: make shell command substitutions safe with || true [@MickLesk](https://github.com/MickLesk) ([#13279](https://github.com/community-scripts/ProxmoxVE/pull/13279))
+
+## 2026-03-24
+
+### 🆕 New Scripts
+
+  - Homebrew (Addon) ([#13249](https://github.com/community-scripts/ProxmoxVE/pull/13249))
+- NextExplorer ([#13252](https://github.com/community-scripts/ProxmoxVE/pull/13252))
+
+### 🚀 Updated Scripts
+
+  - #### ✨ New Features
+
+    - Turnkey: modernize turnkey.sh with shared libraries  [@MickLesk](https://github.com/MickLesk) ([#13242](https://github.com/community-scripts/ProxmoxVE/pull/13242))
+
+  - #### 🔧 Refactor
+
+    - chore: replace helper-scripts.com with community-scripts.com [@MickLesk](https://github.com/MickLesk) ([#13244](https://github.com/community-scripts/ProxmoxVE/pull/13244))
+
+### 🗑️ Deleted Scripts
+
+  - Remove: Booklore [@MickLesk](https://github.com/MickLesk) ([#13265](https://github.com/community-scripts/ProxmoxVE/pull/13265))
+
+## 2026-03-23
+
+### 🚀 Updated Scripts
+
+  - #### 🔧 Refactor
+
+    - core: harden shell scripts against injection and insecure permissions [@MickLesk](https://github.com/MickLesk) ([#13239](https://github.com/community-scripts/ProxmoxVE/pull/13239))
+
+## 2026-03-22
+
+### 🆕 New Scripts
+
+  - versitygw ([#13180](https://github.com/community-scripts/ProxmoxVE/pull/13180))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Adventurelog: pin DRF <3.15 to fix coreapi module removal [@MickLesk](https://github.com/MickLesk) ([#13194](https://github.com/community-scripts/ProxmoxVE/pull/13194))
+
+  - #### ✨ New Features
+
+    - ConvertX: add libreoffice-writer for ODT/document conversions [@MickLesk](https://github.com/MickLesk) ([#13196](https://github.com/community-scripts/ProxmoxVE/pull/13196))
+
+  - #### 🔧 Refactor
+
+    - iSponsorblockTV: add AVX CPU check before installation [@MickLesk](https://github.com/MickLesk) ([#13197](https://github.com/community-scripts/ProxmoxVE/pull/13197))
+
+### 💾 Core
+
+  - #### 🐞 Bug Fixes
+
+    - core: guard against empty IPv6 address in static mode [@MickLesk](https://github.com/MickLesk) ([#13195](https://github.com/community-scripts/ProxmoxVE/pull/13195))
+
+## 2026-03-21
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Anytype-server: wait for MongoDB readiness before rs.initiate() [@MickLesk](https://github.com/MickLesk) ([#13165](https://github.com/community-scripts/ProxmoxVE/pull/13165))
+    - Frigate: use correct CPU model fallback path [@MickLesk](https://github.com/MickLesk) ([#13164](https://github.com/community-scripts/ProxmoxVE/pull/13164))
+    - iSponsorBlockTV: Fix release fetching  [@tremor021](https://github.com/tremor021) ([#13157](https://github.com/community-scripts/ProxmoxVE/pull/13157))
+    - Isponsorblocktv: use quoted heredoc to prevent unbound variable error during CLI wrapper creation [@Copilot](https://github.com/Copilot) ([#13146](https://github.com/community-scripts/ProxmoxVE/pull/13146))
+
+  - #### ✨ New Features
+
+    - Headscale: Enable TUN [@tremor021](https://github.com/tremor021) ([#13158](https://github.com/community-scripts/ProxmoxVE/pull/13158))
+
+### 💾 Core
+
+  - #### 🐞 Bug Fixes
+
+    - core: add missing -searchdomain/-nameserver prefix in base_settings [@MickLesk](https://github.com/MickLesk) ([#13166](https://github.com/community-scripts/ProxmoxVE/pull/13166))
+
+## 2026-03-20
+
+### 🆕 New Scripts
+
+  - iSponsorBlockTV ([#13123](https://github.com/community-scripts/ProxmoxVE/pull/13123))
+- Alpine-Wakapi ([#13119](https://github.com/community-scripts/ProxmoxVE/pull/13119))
+- teleport ([#13086](https://github.com/community-scripts/ProxmoxVE/pull/13086))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Reactive-Resume: add git dependency for v5.0.13+ [@MickLesk](https://github.com/MickLesk) ([#13133](https://github.com/community-scripts/ProxmoxVE/pull/13133))
+    - Scanopy: increase default CPU, RAM, and HDD to prevent OOM during Rust build [@Copilot](https://github.com/Copilot) ([#13130](https://github.com/community-scripts/ProxmoxVE/pull/13130))
+
+  - #### ✨ New Features
+
+    - Immich: v2.6.1 [@vhsdream](https://github.com/vhsdream) ([#13111](https://github.com/community-scripts/ProxmoxVE/pull/13111))
+    - VM's: add input validation and hostname sanitization to all VM scripts [@MickLesk](https://github.com/MickLesk) ([#12973](https://github.com/community-scripts/ProxmoxVE/pull/12973))
+
+### 🧰 Tools
+
+  - #### 🔧 Refactor
+
+    - Harden code-server addon install script [@MickLesk](https://github.com/MickLesk) ([#13116](https://github.com/community-scripts/ProxmoxVE/pull/13116))

ct/2fauth.sh

@@ -24,7 +24,7 @@ function update_script() {
   check_container_storage
   check_container_resources
 
-  if [[ ! -d /opt/2fauth ]]; then
+  if [[ ! -d "/opt/2fauth" ]]; then
     msg_error "No ${APP} Installation Found!"
     exit
   fi
@@ -34,8 +34,7 @@ function update_script() {
     $STD apt -y upgrade
 
     msg_info "Creating Backup"
-    rm -rf /opt/2fauth-backup
-    mv /opt/2fauth /opt/2fauth-backup
+    mv "/opt/2fauth" "/opt/2fauth-backup"
     if ! dpkg -l | grep -q 'php8.4'; then
       cp /etc/nginx/conf.d/2fauth.conf /etc/nginx/conf.d/2fauth.conf.bak
     fi
@@ -47,17 +46,15 @@ function update_script() {
     fi
     fetch_and_deploy_gh_release "2fauth" "Bubka/2FAuth" "tarball"
     setup_composer
-    cp /opt/2fauth-backup/.env /opt/2fauth/.env
-    cp -r /opt/2fauth-backup/storage /opt/2fauth/storage
-    cd /opt/2fauth || return
+    mv "/opt/2fauth-backup/.env" "/opt/2fauth/.env"
+    mv "/opt/2fauth-backup/storage" "/opt/2fauth/storage"
+    cd "/opt/2fauth" || return
+    chown -R www-data: "/opt/2fauth"
+    chmod -R 755 "/opt/2fauth"
     export COMPOSER_ALLOW_SUPERUSER=1
     $STD composer install --no-dev --prefer-dist
     php artisan 2fauth:install
-    chown -R www-data: /opt/2fauth
-    chmod -R 755 /opt/2fauth
-    $STD systemctl restart php8.4-fpm
     $STD systemctl restart nginx
-    rm -rf /opt/2fauth-backup
     msg_ok "Updated successfully!"
   fi
   exit

ct/alpine-ironclaw.sh

@@ -21,6 +21,8 @@ catch_errors
 
 function update_script() {
   header_info
+  check_container_storage
+  check_container_resources
 
   if [[ ! -f /usr/local/bin/ironclaw ]]; then
     msg_error "No ${APP} Installation Found!"

ct/alpine-ntfy.sh

@@ -22,6 +22,8 @@ catch_errors
 
 function update_script() {
   header_info
+  check_container_storage
+  check_container_resources
   if [[ ! -d /etc/ntfy ]]; then
     msg_error "No ${APP} Installation Found!"
     exit

ct/alpine-redlib.sh

@@ -21,6 +21,7 @@ catch_errors
 
 function update_script() {
   header_info
+  check_container_resources
 
   if [[ ! -d /opt/redlib ]]; then
     msg_error "No ${APP} Installation Found!"

ct/alpine-rustypaste.sh

@@ -21,6 +21,8 @@ catch_errors
 
 function update_script() {
   header_info
+  check_container_storage
+  check_container_resources
 
   if ! apk info -e rustypaste >/dev/null 2>&1; then
     msg_error "No ${APP} Installation Found!"

ct/apprise-api.sh

@@ -1,75 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: SystemIdleProcess
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/caronc/apprise-api
-
-APP="Apprise-API"
-var_tags="${var_tags:-notification}"
-var_cpu="${var_cpu:-1}"
-var_ram="${var_ram:-512}"
-var_disk="${var_disk:-2}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d "/opt/apprise" ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-  if check_for_gh_release "apprise" "caronc/apprise-api"; then
-    msg_info "Stopping Service"
-    systemctl stop apprise-api
-    msg_ok "Stopped Service"
-
-    PYTHON_VERSION="3.12" setup_uv
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "apprise" "caronc/apprise-api" "tarball"
-
-    msg_info "Updating Apprise-API"
-    cd /opt/apprise
-    cp ./requirements.txt /etc/requirements.txt
-    $STD apt install -y nginx git
-    $STD uv pip install -r requirements.txt gunicorn supervisor --system
-    cp -fr apprise_api/static /usr/share/nginx/html/s/
-    mv apprise_api/ webapp
-    touch /etc/nginx/server-override.conf
-    touch /etc/nginx/location-override.conf
-    mkdir -p /config/store /attach /plugin /tmp/apprise /opt/apprise/logs
-    chmod 1777 /tmp/apprise && chmod 777 /config /config/store /attach /plugin /opt/apprise/logs
-    sed -i \
-      -e '/[[]program:nginx]/,/^[[]/ s|stdout_logfile=/dev/stdout|stdout_logfile=/opt/apprise/logs/nginx.log|' \
-      -e '/[[]program:nginx]/,/^[[]/ s|stderr_logfile=/dev/stderr|stderr_logfile=/opt/apprise/logs/nginx_error.log|' \
-      -e '/[[]program:gunicorn]/,/^[[]/ s|stdout_logfile=/dev/stdout|stdout_logfile=/opt/apprise/logs/gunicorn.log|' \
-      -e '/[[]program:gunicorn]/,/^[[]/ s|stderr_logfile=/dev/stderr|stderr_logfile=/opt/apprise/logs/gunicorn_error.log|' \
-      -e '/[[]supervisord]/,/^[[]/ s|logfile=/dev/null|logfile=/opt/apprise/logs/supervisor.log|' \
-      -e 's|_maxbytes=0|_maxbytes=10485760|g' \
-      /opt/apprise/webapp/etc/supervisord.conf
-    msg_ok "Updated Apprise-API"
-
-    msg_info "Starting Service"
-    systemctl start apprise-api
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8000${CL}"

ct/checkmate.sh

@@ -39,7 +39,7 @@ function update_script() {
     [ -f /opt/checkmate/client/.env.local ] && cp /opt/checkmate/client/.env.local /opt/checkmate_client.env.local.bak
     msg_ok "Backed up Data"
 
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "checkmate" "bluewave-labs/Checkmate" "tarball"
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "checkmate" "bluewave-labs/Checkmate"
 
     msg_info "Updating Checkmate Server"
     cd /opt/checkmate/server

ct/checkmk.sh

@@ -23,25 +23,26 @@ function update_script() {
   header_info
   check_container_storage
   check_container_resources
-  if ! command -v omd &>/dev/null; then
+  if [[ ! -f /opt/checkmk_version.txt ]]; then
     msg_error "No ${APP} Installation Found!"
     exit
   fi
 
-  RELEASE=$(curl_with_retry "https://api.github.com/repos/checkmk/checkmk/tags" "-" | grep "name" | awk '{print substr($2, 3, length($2)-4) }' | tr ' ' '\n' | grep -Ev 'rc|b' | sort -V | tail -n 1)
+  RELEASE=$(curl -fsSL https://api.github.com/repos/checkmk/checkmk/tags | grep "name" | awk '{print substr($2, 3, length($2)-4) }' | tr ' ' '\n' | grep -Ev 'rc|b' | sort -V | tail -n 1)
   RELEASE="${RELEASE%%+*}"
-  msg_info "Updating checkmk"
+  msg_info "Updating ${APP} to v${RELEASE}"
   $STD omd stop monitoring
   $STD omd cp monitoring monitoringbackup
-  curl_with_retry "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-community-${RELEASE}_0.$(get_os_info codename)_amd64.deb" "/opt/checkmk.deb"
-  $STD apt install -y /opt/checkmk.deb
+  curl -fsSL "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-raw-${RELEASE}_0.$(get_os_info codename)_amd64.deb" -o "/opt/checkmk.deb"
+  $STD apt-get install -y /opt/checkmk.deb
   $STD omd --force -V ${RELEASE}.cre update --conflict=install monitoring
   $STD omd start monitoring
   $STD omd -f rm monitoringbackup
   $STD omd cleanup
   rm -rf /opt/checkmk.deb
-  msg_ok "Updated checkmk"
+  msg_ok "Updated ${APP}"
   msg_ok "Updated successfully!"
+
   exit
 }
 

ct/coredns.sh

@@ -1,56 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/coredns/coredns
-
-APP="CoreDNS"
-var_tags="${var_tags:-dns;network}"
-var_cpu="${var_cpu:-1}"
-var_ram="${var_ram:-256}"
-var_disk="${var_disk:-1}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -f /usr/local/bin/coredns ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "coredns" "coredns/coredns"; then
-    msg_info "Stopping Service"
-    systemctl stop coredns
-    msg_ok "Stopped Service"
-
-    fetch_and_deploy_gh_release "coredns" "coredns/coredns" "prebuild" "latest" "/usr/local/bin" \
-      "coredns_*_linux_$(dpkg --print-architecture).tgz"
-    chmod +x /usr/local/bin/coredns
-
-    msg_info "Starting Service"
-    systemctl start coredns
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} CoreDNS is listening on port 53 (DNS)${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}dns://${IP}${CL}"

ct/databasus.sh

@@ -35,8 +35,7 @@ function update_script() {
     msg_ok "Stopped Databasus"
 
     msg_info "Backing up Configuration"
-    cp /.env /opt/databasus.env.bak
-    chmod 600 /opt/databasus.env.bak
+    cp /opt/databasus/.env /opt/databasus.env.bak
     msg_ok "Backed up Configuration"
 
     msg_info "Ensuring Database Clients"
@@ -47,7 +46,7 @@ function update_script() {
     # Install MongoDB Database Tools via direct .deb (no APT repo for Debian 13)
     if ! command -v mongodump &>/dev/null; then
       [[ "$(get_os_info id)" == "ubuntu" ]] && MONGO_DIST="ubuntu2204" || MONGO_DIST="debian12"
-      fetch_and_deploy_from_url "https://fastdl.mongodb.org/tools/db/mongodb-database-tools-${MONGO_DIST}-x86_64-100.16.1.deb"
+      fetch_and_deploy_from_url "https://fastdl.mongodb.org/tools/db/mongodb-database-tools-${MONGO_DIST}-x86_64-100.14.1.deb"
     fi
     [[ -f /usr/bin/mongodump ]] && ln -sf /usr/bin/mongodump /usr/local/mongodb-database-tools/bin/mongodump
     [[ -f /usr/bin/mongorestore ]] && ln -sf /usr/bin/mongorestore /usr/local/mongodb-database-tools/bin/mongorestore
@@ -67,12 +66,9 @@ function update_script() {
     CLEAN_INSTALL=1 fetch_and_deploy_gh_release "databasus" "databasus/databasus" "tarball" "latest" "/opt/databasus"
 
     msg_info "Updating Databasus"
-    export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
     cd /opt/databasus/frontend
-    $STD corepack enable
-    $STD corepack prepare pnpm@latest --activate
-    $STD pnpm install --frozen-lockfile
-    $STD pnpm run build
+    $STD npm ci
+    $STD npm run build
     cd /opt/databasus/backend
     $STD go mod download
     $STD /root/go/bin/swag init -g cmd/main.go -o swagger
@@ -85,18 +81,11 @@ function update_script() {
     msg_ok "Updated Databasus"
 
     msg_info "Restoring Configuration"
-    cp /opt/databasus.env.bak /.env
+    cp /opt/databasus.env.bak /opt/databasus/.env
     rm -f /opt/databasus.env.bak
-    chmod 600 /.env
+    chown postgres:postgres /opt/databasus/.env
     msg_ok "Restored Configuration"
 
-    if ! grep -q "EnvironmentFile=/.env" /etc/systemd/system/databasus.service; then
-      msg_info "Updating Service"
-      sed -i 's|EnvironmentFile=.*|EnvironmentFile=/.env|' /etc/systemd/system/databasus.service
-      $STD systemctl daemon-reload
-      msg_ok "Updated Service"
-    fi
-
     msg_info "Starting Databasus"
     $STD systemctl start databasus
     msg_ok "Started Databasus"

ct/dawarich.sh

@@ -53,18 +53,6 @@ function update_script() {
     export PATH="/root/.rbenv/shims:/root/.rbenv/bin:$PATH"
     eval "$(/root/.rbenv/bin/rbenv init - bash)"
 
-    if ! grep -q "OTP_ENCRYPTION_PRIMARY_KEY" /opt/dawarich/.env; then
-      echo "OTP_ENCRYPTION_PRIMARY_KEY=$(openssl rand -hex 64)" >>/opt/dawarich/.env
-    fi
-
-    if ! grep -q "OTP_ENCRYPTION_DETERMINISTIC_KEY" /opt/dawarich/.env; then
-      echo "OTP_ENCRYPTION_DETERMINISTIC_KEY=$(openssl rand -hex 64)" >>/opt/dawarich/.env
-    fi
-
-    if ! grep -q "OTP_ENCRYPTION_KEY_DERIVATION_SALT" /opt/dawarich/.env; then
-      echo "OTP_ENCRYPTION_KEY_DERIVATION_SALT=$(openssl rand -hex 64)" >>/opt/dawarich/.env
-    fi
-
     set -a && source /opt/dawarich/.env && set +a
 
     $STD bundle config set --local deployment 'true'
@@ -79,8 +67,8 @@ function update_script() {
       $STD npm install
     fi
 
-    $STD bundle exec rails db:migrate
     $STD bundle exec rake assets:precompile
+    $STD bundle exec rails db:migrate
     $STD bundle exec rake data:migrate
     msg_ok "Ran Migrations"
 

ct/domain-monitor.sh

@@ -60,7 +60,7 @@ function update_script() {
     msg_ok "Restored backup"
 
     msg_info "Restarting Services"
-    systemctl start apache2
+    systemctl reload apache2
     msg_ok "Restarted Services"
     msg_ok "Updated successfully!"
   fi

ct/endurain.sh

@@ -3,7 +3,7 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: johanngrobe
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://codeberg.org/endurain-project/endurain
+# Source: https://github.com/joaovitoriasilva/endurain
 
 APP="Endurain"
 var_tags="${var_tags:-sport;social-media}"
@@ -28,7 +28,7 @@ function update_script() {
     msg_error "No ${APP} installation found!"
     exit 233
   fi
-  if check_for_codeberg_release "endurain" "endurain-project/endurain"; then
+  if check_for_gh_release "endurain" "endurain-project/endurain"; then
     msg_info "Stopping Service"
     systemctl stop endurain
     msg_ok "Stopped Service"
@@ -38,7 +38,7 @@ function update_script() {
     cp /opt/endurain/frontend/app/dist/env.js /opt/endurain.env.js
     msg_ok "Created Backup"
 
-    CLEAN_INSTALL=1 fetch_and_deploy_codeberg_release "endurain" "endurain-project/endurain" "tarball" "latest" "/opt/endurain"
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "endurain" "endurain-project/endurain" "tarball" "latest" "/opt/endurain"
 
     msg_info "Preparing Update"
     cd /opt/endurain

ct/fireshare.sh

@@ -1,74 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: Slaviša Arežina (tremor021)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/ShaneIsrael/fireshare
-
-APP="Fireshare"
-var_tags="${var_tags:-sharing;video}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-2048}"
-var_disk="${var_disk:-10}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-  if [[ ! -d /opt/fireshare ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "fireshare" "ShaneIsrael/fireshare"; then
-    msg_info "Stopping Service"
-    systemctl stop fireshare
-    msg_ok "Stopped Service"
-
-    mv /opt/fireshare/fireshare.env /opt
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "fireshare" "ShaneIsrael/fireshare" "tarball"
-    mv /opt/fireshare.env /opt/fireshare
-    rm -f /usr/local/bin/fireshare
-
-    msg_info "Updating Fireshare"
-    cd /opt/fireshare
-    $STD uv venv --clear
-    $STD .venv/bin/python -m ensurepip --upgrade
-    $STD .venv/bin/python -m pip install --upgrade --break-system-packages pip
-    $STD .venv/bin/python -m pip install --no-cache-dir --break-system-packages --ignore-installed app/server
-    cp .venv/bin/fireshare /usr/local/bin/fireshare
-    export FLASK_APP="/opt/fireshare/app/server/fireshare:create_app()"
-    export DATA_DIRECTORY=/opt/fireshare-data
-    export IMAGE_DIRECTORY=/opt/fireshare-images
-    export VIDEO_DIRECTORY=/opt/fireshare-videos
-    export PROCESSED_DIRECTORY=/opt/fireshare-processed
-    $STD uv run flask db upgrade
-    msg_ok "Updated Fireshare"
-
-    msg_info "Starting Service"
-    systemctl start fireshare
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  cleanup_lxc
-
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}${CL}"

ct/flatnotes.sh

@@ -38,7 +38,7 @@ function update_script() {
     cp -r /opt/flatnotes/data /opt/flatnotes_data_backup
     msg_ok "Backed up Configuration and Data"
 
-    fetch_and_deploy_gh_release "flatnotes" "dullage/flatnotes" "tarball"
+    fetch_and_deploy_gh_release "flatnotes" "dullage/flatnotes"
 
     msg_info "Updating Flatnotes"
     cd /opt/flatnotes/client

ct/frigate.sh

@@ -7,7 +7,7 @@ source <(curl -fsSL https://git.community-scripts.org/community-scripts/ProxmoxV
 
 APP="Frigate"
 var_tags="${var_tags:-nvr}"
-var_cpu="${var_cpu:-8}"
+var_cpu="${var_cpu:-4}"
 var_ram="${var_ram:-4096}"
 var_disk="${var_disk:-20}"
 var_os="${var_os:-debian}"

ct/ghostfolio.sh

@@ -47,7 +47,6 @@ function update_script() {
 
     msg_info "Updating Ghostfolio"
     mv /opt/env.backup /opt/ghostfolio/.env
-    sed -i -E '/^DATABASE_URL=/ s/[?&]sslmode=prefer//g' /opt/ghostfolio/.env
     cd /opt/ghostfolio
     $STD npm ci
     $STD npm run build:production

ct/graylog.sh

@@ -37,7 +37,7 @@ function update_script() {
   CURRENT_VERSION=$(apt list --installed 2>/dev/null | grep graylog-server | grep -oP '\d+\.\d+\.\d+')
 
   if dpkg --compare-versions "$CURRENT_VERSION" lt "6.3"; then
-    MONGO_VERSION="8.2" setup_mongodb
+    MONGO_VERSION="8.0" setup_mongodb
 
     msg_info "Updating Graylog"
     $STD apt update

ct/headers/apprise-api

@@ -1,6 +0,0 @@
-    ___                     _                 ___    ____  ____
-   /   |  ____  ____  _____(_)_______        /   |  / __ \/  _/
-  / /| | / __ \/ __ \/ ___/ / ___/ _ \______/ /| | / /_/ // /  
- / ___ |/ /_/ / /_/ / /  / (__  )  __/_____/ ___ |/ ____// /   
-/_/  |_/ .___/ .___/_/  /_/____/\___/     /_/  |_/_/   /___/   
-      /_/   /_/                                                

ct/headers/coredns

@@ -1,6 +0,0 @@
-   ______                ____  _   _______
-  / ____/___  ________  / __ \/ | / / ___/
- / /   / __ \/ ___/ _ \/ / / /  |/ /\__ \ 
-/ /___/ /_/ / /  /  __/ /_/ / /|  /___/ / 
-\____/\____/_/   \___/_____/_/ |_//____/  
-                                          

ct/headers/fireshare

@@ -1,6 +0,0 @@
-    _______                __                  
-   / ____(_)_______  _____/ /_  ____ _________ 
-  / /_  / / ___/ _ \/ ___/ __ \/ __ `/ ___/ _ \
- / __/ / / /  /  __(__  ) / / / /_/ / /  /  __/
-/_/   /_/_/   \___/____/_/ /_/\__,_/_/   \___/ 
-                                               

ct/headers/jitsi-meet

@@ -1,6 +0,0 @@
-       ___ __       _       __  ___          __ 
-      / (_) /______(_)     /  |/  /__  ___  / /_
- __  / / / __/ ___/ /_____/ /|_/ / _ \/ _ \/ __/
-/ /_/ / / /_(__  ) /_____/ /  / /  __/  __/ /_  
-\____/_/\__/____/_/     /_/  /_/\___/\___/\__/  
-                                                

ct/headers/librechat

@@ -1,6 +0,0 @@
-    __    _ __              ________          __ 
-   / /   (_) /_  ________  / ____/ /_  ____ _/ /_
-  / /   / / __ \/ ___/ _ \/ /   / __ \/ __ `/ __/
- / /___/ / /_/ / /  /  __/ /___/ / / / /_/ / /_  
-/_____/_/_.___/_/   \___/\____/_/ /_/\__,_/\__/  
-                                                 

ct/headers/matomo

@@ -1,6 +0,0 @@
-    __  ___      __                      
-   /  |/  /___ _/ /_____  ____ ___  ____ 
-  / /|_/ / __ `/ __/ __ \/ __ `__ \/ __ \
- / /  / / /_/ / /_/ /_/ / / / / / / /_/ /
-/_/  /_/\__,_/\__/\____/_/ /_/ /_/\____/ 
-                                         

ct/headers/nagios

@@ -1,6 +0,0 @@
-    _   __            _           
-   / | / /___ _____ _(_)___  _____
-  /  |/ / __ `/ __ `/ / __ \/ ___/
- / /|  / /_/ / /_/ / / /_/ (__  ) 
-/_/ |_/\__,_/\__, /_/\____/____/  
-            /____/                

ct/headers/neko

@@ -1,6 +0,0 @@
-    _   __     __       
-   / | / /__  / /______ 
-  /  |/ / _ \/ //_/ __ \
- / /|  /  __/ ,< / /_/ /
-/_/ |_/\___/_/|_|\____/ 
-                        

ct/headers/protonmail-bridge

@@ -1,6 +0,0 @@
-    ____             __              __  ___      _ __      ____       _     __         
-   / __ \_________  / /_____  ____  /  |/  /___ _(_) /     / __ )_____(_)___/ /___ ____ 
-  / /_/ / ___/ __ \/ __/ __ \/ __ \/ /|_/ / __ `/ / /_____/ __  / ___/ / __  / __ `/ _ \
- / ____/ /  / /_/ / /_/ /_/ / / / / /  / / /_/ / / /_____/ /_/ / /  / / /_/ / /_/ /  __/
-/_/   /_/   \____/\__/\____/_/ /_/_/  /_/\__,_/_/_/     /_____/_/  /_/\__,_/\__, /\___/ 
-                                                                           /____/       

ct/headers/soulsync

@@ -1,6 +0,0 @@
-   _____             _______                 
-  / ___/____  __  __/ / ___/__  ______  _____
-  \__ \/ __ \/ / / / /\__ \/ / / / __ \/ ___/
- ___/ / /_/ / /_/ / /___/ / /_/ / / / / /__  
-/____/\____/\__,_/_//____/\__, /_/ /_/\___/  
-                         /____/              

ct/headers/storybook

@@ -1,6 +0,0 @@
-   _____ __                   __                __  
-  / ___// /_____  _______  __/ /_  ____  ____  / /__
-  \__ \/ __/ __ \/ ___/ / / / __ \/ __ \/ __ \/ //_/
- ___/ / /_/ /_/ / /  / /_/ / /_/ / /_/ / /_/ / ,<   
-/____/\__/\____/_/   \__, /_.___/\____/\____/_/|_|  
-                    /____/                          

ct/headers/storyteller

@@ -1,6 +0,0 @@
-   _____ __                   __       ____         
-  / ___// /_____  _______  __/ /____  / / /__  _____
-  \__ \/ __/ __ \/ ___/ / / / __/ _ \/ / / _ \/ ___/
- ___/ / /_/ /_/ / /  / /_/ / /_/  __/ / /  __/ /    
-/____/\__/\____/_/   \__, /\__/\___/_/_/\___/_/     
-                    /____/                          

ct/headers/teable

@@ -1,6 +0,0 @@
-  ______           __    __   
- /_  __/__  ____ _/ /_  / /__ 
-  / / / _ \/ __ `/ __ \/ / _ \
- / / /  __/ /_/ / /_/ / /  __/
-/_/  \___/\__,_/_.___/_/\___/ 
-                              

ct/headers/transmute

@@ -1,6 +0,0 @@
-  ______                                      __     
- /_  __/________ _____  _________ ___  __  __/ /____ 
-  / / / ___/ __ `/ __ \/ ___/ __ `__ \/ / / / __/ _ \
- / / / /  / /_/ / / / (__  ) / / / / / /_/ / /_/  __/
-/_/ /_/   \__,_/_/ /_/____/_/ /_/ /_/\__,_/\__/\___/ 
-                                                     

ct/headers/trek

@@ -1,6 +0,0 @@
-  __________  ________ __
- /_  __/ __ \/ ____/ //_/
-  / / / /_/ / __/ / ,<   
- / / / _, _/ /___/ /| |  
-/_/ /_/ |_/_____/_/ |_|  
-                         

ct/headers/tubearchivist

@@ -1,6 +0,0 @@
-  ______      __            ___              __    _       _      __ 
- /_  __/_  __/ /_  ___     /   |  __________/ /_  (_)   __(_)____/ /_
-  / / / / / / __ \/ _ \   / /| | / ___/ ___/ __ \/ / | / / / ___/ __/
- / / / /_/ / /_/ /  __/  / ___ |/ /  / /__/ / / / /| |/ / (__  ) /_  
-/_/  \__,_/_.___/\___/  /_/  |_/_/   \___/_/ /_/_/ |___/_/____/\__/  
-                                                                     

ct/hortusfox.sh

@@ -38,15 +38,13 @@ function update_script() {
     mv /opt/hortusfox/ /opt/hortusfox-backup
     msg_ok "Backed up current HortusFox installation"
 
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "hortusfox" "danielbrendel/hortusfox-web" "tarball"
+    fetch_and_deploy_gh_release "hortusfox" "danielbrendel/hortusfox-web" "tarball"
 
     msg_info "Updating HortusFox"
     cd /opt/hortusfox
-    cp /opt/hortusfox-backup/.env /opt/hortusfox/.env
-    cp -a /opt/hortusfox-backup/public/img/. /opt/hortusfox/public/img/
-    export COMPOSER_ALLOW_SUPERUSER=1
+    mv /opt/hortusfox-backup/.env /opt/hortusfox/.env
     $STD composer install --no-dev --optimize-autoloader
-    $STD php asatru migrate:upgrade
+    $STD php asatru migrate --no-interaction
     $STD php asatru plants:attributes
     $STD php asatru calendar:classes
     chown -R www-data:www-data /opt/hortusfox

ct/jitsi-meet.sh

@@ -1,50 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://jitsi.org/
-
-APP="Jitsi-Meet"
-var_tags="${var_tags:-video;conference;communication}"
-var_cpu="${var_cpu:-4}"
-var_ram="${var_ram:-4096}"
-var_disk="${var_disk:-12}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-12}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /etc/jitsi ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  msg_info "Updating Jitsi Meet"
-  $STD apt update
-  $STD apt install -y --only-upgrade \
-    jitsi-meet \
-    jicofo \
-    jitsi-videobridge2 \
-    prosody
-  msg_ok "Updated Jitsi Meet"
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}https://${IP}${CL}"

ct/librechat.sh

@@ -1,101 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/danny-avila/LibreChat
-
-APP="LibreChat"
-var_tags="${var_tags:-ai;chat}"
-var_cpu="${var_cpu:-4}"
-var_ram="${var_ram:-6144}"
-var_disk="${var_disk:-20}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/librechat ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_tag "librechat" "danny-avila/LibreChat" "v"; then
-    msg_info "Stopping Services"
-    systemctl stop librechat rag-api
-    msg_ok "Stopped Services"
-
-    msg_info "Backing up Configuration"
-    cp /opt/librechat/.env /opt/librechat.env.bak
-    msg_ok "Backed up Configuration"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_tag "librechat" "danny-avila/LibreChat"
-
-    msg_info "Installing Dependencies"
-    cd /opt/librechat
-    $STD npm ci
-    msg_ok "Installed Dependencies"
-
-    msg_info "Building Frontend"
-    $STD npm run frontend
-    $STD npm prune --production
-    $STD npm cache clean --force
-    msg_ok "Built Frontend"
-
-    msg_info "Restoring Configuration"
-    cp /opt/librechat.env.bak /opt/librechat/.env
-    rm -f /opt/librechat.env.bak
-    msg_ok "Restored Configuration"
-
-    msg_info "Starting Services"
-    systemctl start rag-api librechat
-    msg_ok "Started Services"
-    msg_ok "Updated LibreChat Successfully!"
-  fi
-
-  if check_for_gh_release "rag-api" "danny-avila/rag_api"; then
-    msg_info "Stopping RAG API"
-    systemctl stop rag-api
-    msg_ok "Stopped RAG API"
-
-    msg_info "Backing up RAG API Configuration"
-    cp /opt/rag-api/.env /opt/rag-api.env.bak
-    msg_ok "Backed up RAG API Configuration"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "rag-api" "danny-avila/rag_api" "tarball"
-
-    msg_info "Updating RAG API Dependencies"
-    cd /opt/rag-api
-    $STD .venv/bin/pip install -r requirements.lite.txt
-    msg_ok "Updated RAG API Dependencies"
-
-    msg_info "Restoring RAG API Configuration"
-    cp /opt/rag-api.env.bak /opt/rag-api/.env
-    rm -f /opt/rag-api.env.bak
-    msg_ok "Restored RAG API Configuration"
-
-    msg_info "Starting RAG API"
-    systemctl start rag-api
-    msg_ok "Started RAG API"
-    msg_ok "Updated RAG API Successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3080${CL}"

ct/linkding.sh

@@ -39,7 +39,7 @@ function update_script() {
     cp /opt/linkding/.env /opt/linkding_env_backup
     msg_ok "Backed up Data"
 
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "linkding" "sissbruecker/linkding" "tarball"
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "linkding" "sissbruecker/linkding"
 
     msg_info "Restoring Data"
     cp -r /opt/linkding_data_backup/. /opt/linkding/data

ct/mail-archiver.sh

@@ -28,8 +28,6 @@ function update_script() {
     exit
   fi
 
-  ensure_dependencies libgssapi-krb5-2
-
   if check_for_gh_release "mail-archiver" "s1t5/mail-archiver"; then
     msg_info "Stopping Mail-Archiver"
     systemctl stop mail-archiver

ct/matomo.sh

@@ -1,75 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://matomo.org/
-
-APP="Matomo"
-var_tags="${var_tags:-analytics;tracking;privacy}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-2048}"
-var_disk="${var_disk:-16}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/matomo ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "matomo" "matomo-org/matomo"; then
-    msg_info "Stopping Services"
-    systemctl stop caddy
-    msg_ok "Stopped Services"
-
-    msg_info "Backing up Data"
-    [[ -f /opt/matomo/config/config.ini.php ]] && cp /opt/matomo/config/config.ini.php /opt/matomo_config.bak
-    [[ -d /opt/matomo/misc/user ]] && cp -r /opt/matomo/misc/user /opt/matomo_user_backup
-    [[ -f /root/matomo.creds ]] && cp /root/matomo.creds /opt/matomo_db_creds.bak
-    msg_ok "Backed up Data"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "matomo" "matomo-org/matomo" "prebuild" "latest" "/opt/matomo" "matomo-*.zip"
-
-    msg_info "Restoring Data"
-    if [[ -f /opt/matomo_config.bak ]]; then
-      mkdir -p /opt/matomo/config
-      cp /opt/matomo_config.bak /opt/matomo/config/config.ini.php
-    fi
-    if [[ -d /opt/matomo_user_backup ]]; then
-      mkdir -p /opt/matomo/misc/user
-      cp -r /opt/matomo_user_backup/. /opt/matomo/misc/user
-    fi
-    [[ -f /opt/matomo_db_creds.bak ]] && cp /opt/matomo_db_creds.bak /root/matomo.creds
-    rm -f /opt/matomo_config.bak /opt/matomo_db_creds.bak
-    rm -rf /opt/matomo_user_backup
-    chown -R www-data:www-data /opt/matomo
-    msg_ok "Restored Data"
-
-    msg_info "Starting Services"
-    systemctl start caddy
-    msg_ok "Started Services"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}${CL}"

ct/nagios.sh

@@ -1,91 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: CanbiZ (MickLesk)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/NagiosEnterprises/nagioscore
-
-APP="Nagios"
-var_tags="${var_tags:-monitoring;alerts;infrastructure}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-2048}"
-var_disk="${var_disk:-20}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -f /usr/local/nagios/etc/nagios.cfg ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  msg_info "Backing up Configuration"
-  cp -a /usr/local/nagios/etc /opt/nagios-etc-backup
-  msg_ok "Backed up Configuration"
-
-  if check_for_gh_release "nagios" "NagiosEnterprises/nagioscore"; then
-    msg_info "Stopping Nagios"
-    systemctl stop nagios
-    msg_ok "Stopped Nagios"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "nagios" "NagiosEnterprises/nagioscore" "tarball"
-
-    msg_info "Building Nagios Core"
-    cd /opt/nagios
-    $STD ./configure --with-httpd-conf=/etc/apache2/sites-enabled
-    $STD make all
-    $STD make install-groups-users
-    usermod -a -G nagios www-data
-    $STD make install
-    $STD make install-daemoninit
-    $STD make install-commandmode
-    $STD make install-webconf
-    $STD a2enmod rewrite
-    $STD a2enmod cgi
-    setcap cap_net_raw+p /bin/ping
-    msg_ok "Built Nagios Core"
-
-    msg_info "Starting Nagios"
-    systemctl restart apache2
-    systemctl start nagios
-    msg_ok "Started Nagios"
-  fi
-
-  if check_for_gh_release "nagios-plugins" "nagios-plugins/nagios-plugins"; then
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "nagios-plugins" "nagios-plugins/nagios-plugins" "tarball"
-    msg_info "Building Nagios Plugins"
-    cd /opt/nagios-plugins
-    $STD ./tools/setup
-    $STD ./configure
-    $STD make
-    $STD make install
-    msg_ok "Built Nagios Plugins"
-  fi
-
-  msg_info "Restoring Configuration"
-  rm -rf /usr/local/nagios/etc
-  cp -a /opt/nagios-etc-backup /usr/local/nagios/etc
-  rm -rf /opt/nagios-etc-backup
-  msg_ok "Restored Configuration"
-  msg_ok "Updated successfully!"
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}/nagios${CL}"

ct/neko.sh

@@ -1,78 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: CanbiZ (MickLesk)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://neko.m1k1o.net/
-
-APP="Neko"
-var_tags="${var_tags:-virtual-browser;webrtc;streaming}"
-var_cpu="${var_cpu:-4}"
-var_ram="${var_ram:-4096}"
-var_disk="${var_disk:-12}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-12}"
-var_unprivileged="${var_unprivileged:-1}"
-var_gpu="${var_gpu:-yes}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/neko ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "neko" "m1k1o/neko"; then
-    msg_info "Stopping Service"
-    systemctl stop neko
-    msg_ok "Stopped Service"
-
-    msg_info "Backing up Data"
-    cp /etc/neko/neko.yaml /opt/neko.yaml.bak
-    msg_ok "Backed up Data"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "neko" "m1k1o/neko" "tarball"
-
-    msg_info "Building Client"
-    cd /opt/neko/client
-    $STD npm install
-    $STD npm run build
-    cp -r /opt/neko/client/dist/* /var/www/
-    msg_ok "Built Client"
-
-    msg_info "Building Server"
-    cd /opt/neko/server
-    $STD ./build
-    cp /opt/neko/server/bin/neko /usr/bin/neko
-    cp -r /opt/neko/server/bin/plugins/* /etc/neko/plugins/ 2>/dev/null || true
-    msg_ok "Built Server"
-
-    msg_info "Restoring Data"
-    cp /opt/neko.yaml.bak /etc/neko/neko.yaml
-    rm -f /opt/neko.yaml.bak
-    msg_ok "Restored Data"
-
-    msg_info "Starting Service"
-    systemctl start neko
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080${CL}"

ct/nodecast-tv.sh

@@ -34,7 +34,7 @@ function update_script() {
     systemctl stop nodecast-tv
     msg_ok "Stopped Service"
 
-    fetch_and_deploy_gh_release "nodecast-tv" "technomancer702/nodecast-tv" "tarball"
+    fetch_and_deploy_gh_release "nodecast-tv" "technomancer702/nodecast-tv"
 
     msg_info "Updating Modules"
     cd /opt/nodecast-tv

ct/pangolin.sh

@@ -6,7 +6,6 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV
 # Source: https://pangolin.net/ | Github: https://github.com/fosrl/pangolin
 
 APP="Pangolin"
-PANGOLIN_VERSION="${PANGOLIN_VERSION:-1.18.2}"
 var_tags="${var_tags:-proxy}"
 var_cpu="${var_cpu:-2}"
 var_ram="${var_ram:-4096}"
@@ -34,7 +33,7 @@ function update_script() {
 
   NODE_VERSION="24" setup_nodejs
 
-  if check_for_gh_release "pangolin" "fosrl/pangolin" "$PANGOLIN_VERSION" "Pinned to a tested release because Pangolin's schema changes have repeatedly broken unattended updates. To try a newer version at your own risk, run: 'export PANGOLIN_VERSION=<tag>' and re-run update. If it breaks, please open an issue at https://github.com/community-scripts/ProxmoxVE/issues with the error log."; then
+  if check_for_gh_release "pangolin" "fosrl/pangolin"; then
     msg_info "Stopping Service"
     systemctl stop pangolin
     systemctl stop gerbil
@@ -42,13 +41,9 @@ function update_script() {
 
     msg_info "Creating backup"
     tar -czf /opt/pangolin_config_backup.tar.gz -C /opt/pangolin config
-    if [[ -f /opt/pangolin/config/db/db.sqlite ]]; then
-      cp -a /opt/pangolin/config/db/db.sqlite \
-        "/opt/pangolin/config/db/db.sqlite.pre-${PANGOLIN_VERSION}-$(date +%Y%m%d-%H%M%S).bak"
-    fi
     msg_ok "Created backup"
 
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "pangolin" "fosrl/pangolin" "tarball" "$PANGOLIN_VERSION"
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "pangolin" "fosrl/pangolin" "tarball"
     CLEAN_INSTALL=1 fetch_and_deploy_gh_release "gerbil" "fosrl/gerbil" "singlefile" "latest" "/usr/bin" "gerbil_linux_amd64"
 
     msg_info "Updating Pangolin"
@@ -72,16 +67,35 @@ function update_script() {
     rm -f /opt/pangolin_config_backup.tar.gz
     msg_ok "Restored config"
 
-    if ! grep -q '^ExecStartPre=/usr/bin/node dist/migrations.mjs' /etc/systemd/system/pangolin.service 2>/dev/null; then
-      msg_info "Adding migration step to pangolin.service"
-      sed -i '/^ExecStart=\/usr\/bin\/node --enable-source-maps dist\/server.mjs/i ExecStartPre=/usr/bin/node dist/migrations.mjs' /etc/systemd/system/pangolin.service
-      systemctl daemon-reload
-      msg_ok "Updated pangolin.service"
-    fi
-
     msg_info "Running database migrations"
     cd /opt/pangolin
-    ENVIRONMENT=prod $STD node dist/migrations.mjs
+
+    # Pre-apply potentially destructive schema changes safely so drizzle-kit
+    # does not recreate tables (which would delete all rows).
+    local DB="/opt/pangolin/config/db/db.sqlite"
+    if [[ -f "$DB" ]]; then
+      sqlite3 "$DB" "ALTER TABLE 'orgs' ADD COLUMN 'settingsLogRetentionDaysConnection' integer DEFAULT 0 NOT NULL;" 2>/dev/null || true
+      sqlite3 "$DB" "ALTER TABLE 'clientSitesAssociationsCache' ADD COLUMN 'isJitMode' integer DEFAULT 0 NOT NULL;" 2>/dev/null || true
+
+      # Create new role-mapping tables and migrate data before drizzle-kit
+      # drops the roleId columns from userOrgs and userInvites.
+      sqlite3 "$DB" "CREATE TABLE IF NOT EXISTS 'userOrgRoles' (
+        'userId' text NOT NULL REFERENCES 'user'('id') ON DELETE CASCADE,
+        'orgId' text NOT NULL REFERENCES 'orgs'('orgId') ON DELETE CASCADE,
+        'roleId' integer NOT NULL REFERENCES 'roles'('roleId') ON DELETE CASCADE,
+        UNIQUE('userId', 'orgId', 'roleId')
+      );" 2>/dev/null || true
+      sqlite3 "$DB" "INSERT OR IGNORE INTO 'userOrgRoles' (userId, orgId, roleId) SELECT userId, orgId, roleId FROM 'userOrgs' WHERE roleId IS NOT NULL;" 2>/dev/null || true
+
+      sqlite3 "$DB" "CREATE TABLE IF NOT EXISTS 'userInviteRoles' (
+        'inviteId' text NOT NULL REFERENCES 'userInvites'('inviteId') ON DELETE CASCADE,
+        'roleId' integer NOT NULL REFERENCES 'roles'('roleId') ON DELETE CASCADE,
+        PRIMARY KEY('inviteId', 'roleId')
+      );" 2>/dev/null || true
+      sqlite3 "$DB" "INSERT OR IGNORE INTO 'userInviteRoles' (inviteId, roleId) SELECT inviteId, roleId FROM 'userInvites' WHERE roleId IS NOT NULL;" 2>/dev/null || true
+    fi
+
+    ENVIRONMENT=prod $STD npx drizzle-kit push --force --config drizzle.sqlite.config.ts
     msg_ok "Ran database migrations"
 
     msg_info "Updating Badger plugin version"

ct/paperless-ngx.sh

@@ -164,14 +164,6 @@ function update_script() {
       fi
     fi
 
-    msg_info "Updating NLTK Data"
-    cd /opt/paperless
-    $STD uv run python -m nltk.downloader -d /usr/share/nltk_data snowball_data
-    $STD uv run python -m nltk.downloader -d /usr/share/nltk_data stopwords
-    $STD uv run python -m nltk.downloader -d /usr/share/nltk_data punkt_tab ||
-      $STD uv run python -m nltk.downloader -d /usr/share/nltk_data punkt
-    msg_ok "Updated NLTK Data"
-
     msg_info "Starting all Paperless-ngx Services"
     systemctl start paperless-consumer paperless-webserver paperless-scheduler paperless-task-queue
     sleep 1

ct/patchmon.sh

@@ -3,7 +3,7 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: vhsdream
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/PatchMon/PatchMon
+# Source: https://github.com/PatcMmon/PatchMon
 
 APP="PatchMon"
 var_tags="${var_tags:-monitoring}"
@@ -29,75 +29,63 @@ function update_script() {
     exit
   fi
 
-  if check_for_gh_release "PatchMon" "PatchMon/PatchMon"; then
+  if ! grep -q "PORT=3001" /opt/patchmon/backend/.env; then
+    msg_warn "⚠️ The next PatchMon update will include breaking changes (port changes)."
+    msg_warn "See details here: https://github.com/community-scripts/ProxmoxVE/pull/11888"
+    msg_warn "Press Enter to continue with the update, or Ctrl+C to abort..."
+    read -r
+  fi
+
+  RELEASE="v1.4.2"
+  NODE_VERSION="24" setup_nodejs
+  if check_for_gh_release "PatchMon" "PatchMon/PatchMon" "${RELEASE}"; then
     msg_info "Stopping Service"
     systemctl stop patchmon-server
     msg_ok "Stopped Service"
 
-    if [[ -d /opt/patchmon/backend ]]; then
-      msg_info "Legacy install detected - creating full backup, please wait..."
-      $STD tar czf ~/patchmon_legacy.tar.gz /opt/patchmon
-      cp /opt/patchmon/backend/.env /opt/legacy.env
-      msg_ok "Full backup saved in /root"
-      msg_info "Starting migration to PatchMon v2.x.x"
-      systemctl disable -q --now nginx
-      $STD npm cache clean --force
-      $STD apt autoremove --purge -y {nginx,nodejs}
-      if [[ -f /etc/apt/sources.list.d/nodesource.sources ]]; then
-        cp /etc/apt/sources.list.d/nodesource.sources /etc/apt/sources.list.d/nodesource.sources.bak
-        rm -f /etc/apt/sources.list.d/nodesource.sources
-      elif [[ -f /etc/apt/sources.list.d/nodesource.list ]]; then
-        cp /etc/apt/sources.list.d/nodesource.list /etc/apt/sources.list.d/nodesource.list.bak
-        rm -f /etc/apt/sources.list.d/nodesource.list
-      fi
-      rm -rf /opt/patchmon
-      mkdir -p /opt/patchmon/agents
-      cp /opt/legacy.env /opt/patchmon/.env
-      sed -i -e 's/^PORT=.*/PORT=3000/' \
-        -e 's/^NODE_/APP_/' \
-        -e '/^SERVER_*/d' \
-        -e '/^# API*/,+2d' /opt/patchmon/.env
-      {
-        echo ""
-        echo "SESSION_SECRET=$(openssl rand -hex 64)"
-        echo "AI_ENCRYPTION_KEY=$(openssl rand -hex 64)"
-        echo "AGENT_BINARIES_DIR=/opt/patchmon/agents"
-      } >>/opt/patchmon/.env
-      sed -i -e '\|Directory|s|/backend||' \
-        -e 's|^ExecStart=.*|ExecStart=/opt/patchmon/patchmon-server|' \
-        -e 's|^Environment=NODE_.*|EnvironmentFile=/opt/patchmon/.env|' \
-        /etc/systemd/system/patchmon-server.service
-      systemctl daemon-reload
-      rm /opt/legacy.env
-      msg_ok "Migration complete!"
+    msg_info "Creating Backup"
+    cp /opt/patchmon/backend/.env /opt/backend.env
+    cp /opt/patchmon/frontend/.env /opt/frontend.env
+    msg_ok "Backup Created"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "PatchMon" "PatchMon/PatchMon" "tarball" "${RELEASE}" "/opt/patchmon"
+
+    msg_info "Updating PatchMon"
+    VERSION=$(get_latest_github_release "PatchMon/PatchMon")
+    SERVER_PORT="$(sed -n '/SERVER_PORT/s/[^=]*=//p' /opt/backend.env)"
+    sed -i 's/PORT=3399/PORT=3001/' /opt/backend.env
+    sed -i -e "s/VERSION=.*/VERSION=$VERSION/" \
+      -e '/^VITE_API_URL/d' /opt/frontend.env
+    export NODE_ENV=production
+    cd /opt/patchmon
+    $STD npm install --no-audit --no-fund --no-save --ignore-scripts
+    cd /opt/patchmon/frontend
+    mv /opt/frontend.env /opt/patchmon/frontend/.env
+    $STD npm install --no-audit --no-fund --no-save --ignore-scripts --include=dev
+    $STD npm run build
+    cd /opt/patchmon/backend
+    mv /opt/backend.env /opt/patchmon/backend/.env
+    $STD npm run db:generate
+    $STD npx prisma migrate deploy
+    cp /opt/patchmon/docker/nginx.conf.template /etc/nginx/sites-available/patchmon.conf
+    sed -i -e 's|proxy_pass .*|proxy_pass http://127.0.0.1:3001;|' \
+      -e '\|try_files |i\        root /opt/patchmon/frontend/dist;' \
+      -e 's|alias.*|alias /opt/patchmon/frontend/dist/assets;|' \
+      -e '\|expires 1y|i\        root /opt/patchmon/frontend/dist;' /etc/nginx/sites-available/patchmon.conf
+    if [[ -n "$SERVER_PORT" ]] && [[ "$SERVER_PORT" != "443" ]]; then
+      sed -i "s/listen [[:digit:]].*/listen ${SERVER_PORT};/" /etc/nginx/sites-available/patchmon.conf
     fi
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "PatchMon" "PatchMon/PatchMon" "singlefile" "latest" "/opt/patchmon" "patchmon-server-linux-amd64"
-    mv /opt/patchmon/PatchMon /opt/patchmon/patchmon-server
-
-    msg_info "Fetching PatchMon agent binaries"
-    RELEASE=$(get_latest_github_release "PatchMon/PatchMon")
-    [[ ! -d /opt/patchmon/agents ]] && mkdir -p /opt/patchmon/agents
-    FILE_URL="https://github.com/PatchMon/PatchMon/releases/download/v${RELEASE}/patchmon-agent-"
-    AGENT_NAME=(
-      "linux-amd64"
-      "linux-arm64"
-      "linux-arm"
-      "linux-386"
-      "freebsd-amd64"
-      "freebsd-arm64"
-      "freebsd-arm"
-      "freebsd-386"
-      "windows-amd64.exe"
-      "windows-arm64.exe"
-    )
-    for arch in "${AGENT_NAME[@]}"; do
-      curl_with_retry "${FILE_URL}${arch}" "/opt/patchmon/agents/patchmon-agent-${arch}"
-      [[ "${arch}" != *.exe ]] && chmod 755 "/opt/patchmon/agents/patchmon-agent-${arch}"
-    done
-    msg_ok "Fetched PatchMon agent binaries"
+    ln -sf /etc/nginx/sites-available/patchmon.conf /etc/nginx/sites-enabled/
+    rm -f /etc/nginx/sites-enabled/default
+    $STD nginx -t
+    systemctl restart nginx
+    msg_ok "Updated PatchMon"
 
     msg_info "Starting Service"
+    if grep -q '/usr/bin/node' /etc/systemd/system/patchmon-server.service; then
+      sed -i 's|ExecStart=.*|ExecStart=/usr/bin/npm run start|' /etc/systemd/system/patchmon-server.service
+      systemctl daemon-reload
+    fi
     systemctl start patchmon-server
     msg_ok "Started Service"
     msg_ok "Updated successfully!"

ct/peanut.sh

@@ -45,33 +45,6 @@ function update_script() {
       msg_ok "Fixed entrypoint"
     fi
 
-    if [[ ! -f /etc/peanut/peanut.env ]]; then
-      msg_info "Migrating service to EnvironmentFile"
-      mkdir -p /etc/peanut
-      cat <<EOF >/etc/peanut/peanut.env
-NODE_ENV=production
-
-#WEB_HOST=0.0.0.0
-#WEB_PORT=8080
-#NUT_HOST=localhost
-#NUT_PORT=3493
-
-# Disable auth entirely:
-#AUTH_DISABLED=true
-
-# Bootstrap initial account on first start (ignored afterwards):
-#WEB_USERNAME=admin
-#WEB_PASSWORD=changeme
-EOF
-      chmod 600 /etc/peanut/peanut.env
-      sed -i '/^Environment=/d' /etc/systemd/system/peanut.service
-      if ! grep -q '^EnvironmentFile=/etc/peanut/peanut.env' /etc/systemd/system/peanut.service; then
-        sed -i '/^Type=simple/a EnvironmentFile=/etc/peanut/peanut.env' /etc/systemd/system/peanut.service
-      fi
-      systemctl daemon-reload
-      msg_ok "Migrated to /etc/peanut/peanut.env"
-    fi
-
     msg_info "Updating PeaNUT"
     cd /opt/peanut
     $STD pnpm i

ct/pelican-panel.sh

@@ -45,21 +45,15 @@ function update_script() {
     $STD php artisan down
     msg_ok "Stopped Service"
 
-    cp -a /opt/pelican-panel/.env /opt/backup
-    cp -a /opt/pelican-panel/storage/app/public /opt/backup/storage/app/
-    
+    cp -r /opt/pelican-panel/.env /opt/
     SQLITE_INSTALL=$(ls /opt/pelican-panel/database/*.sqlite 1>/dev/null 2>&1 && echo "true" || echo "false")
-    $SQLITE_INSTALL && cp -r /opt/pelican-panel/database/*.sqlite /opt/backup
-    
-    find /opt/pelican-panel -mindepth 1 -maxdepth 1 ! -name 'backup' ! -name 'plugins' -exec rm -rf {} +
-    
+    $SQLITE_INSTALL && cp -r /opt/pelican-panel/database/*.sqlite /opt/
+    rm -rf * .*
     fetch_and_deploy_gh_release "pelican-panel" "pelican-dev/panel" "prebuild" "latest" "/opt/pelican-panel" "panel.tar.gz"
 
     msg_info "Updating Pelican Panel"
-    cp -a /opt/backup/.env /opt/pelican-panel/
-    $SQLITE_INSTALL && mv /opt/backup/*.sqlite /opt/pelican-panel/database/
-    cp -a /opt/backup/storage/app/public /opt/pelican-panel/storage/app/
-
+    mv /opt/.env /opt/pelican-panel/
+    $SQLITE_INSTALL && mv /opt/*.sqlite /opt/pelican-panel/database/
     $STD composer install --no-dev --optimize-autoloader --no-interaction
     $STD php artisan p:environment:setup
     $STD php artisan view:clear

ct/protonmail-bridge.sh

@@ -1,79 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: Stephen Chin (steveonjava)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/ProtonMail/proton-bridge
-
-APP="ProtonMail-Bridge"
-var_tags="${var_tags:-mail;proton}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-1024}"
-var_disk="${var_disk:-8}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -x /usr/bin/protonmail-bridge ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit 1
-  fi
-
-  if check_for_gh_release "protonmail-bridge" "ProtonMail/proton-bridge"; then
-    local -a bridge_units=(
-      protonmail-bridge
-      protonmail-bridge-imap.socket
-      protonmail-bridge-smtp.socket
-      protonmail-bridge-imap-proxy
-      protonmail-bridge-smtp-proxy
-    )
-    local unit
-    declare -A was_active
-    for unit in "${bridge_units[@]}"; do
-      if systemctl is-active --quiet "$unit" 2>/dev/null; then
-        was_active["$unit"]=1
-      else
-        was_active["$unit"]=0
-      fi
-    done
-
-    msg_info "Stopping Services"
-    systemctl stop protonmail-bridge-imap.socket protonmail-bridge-smtp.socket protonmail-bridge-imap-proxy protonmail-bridge-smtp-proxy protonmail-bridge
-    msg_ok "Stopped Services"
-
-    fetch_and_deploy_gh_release "protonmail-bridge" "ProtonMail/proton-bridge" "binary"
-
-    if [[ -f /home/protonbridge/.protonmailbridge-initialized ]]; then
-      msg_info "Starting Services"
-      for unit in "${bridge_units[@]}"; do
-        if [[ "${was_active[$unit]:-0}" == "1" ]]; then
-          systemctl start "$unit"
-        fi
-      done
-      msg_ok "Started Services"
-    else
-      msg_ok "Initialization not completed. Services remain disabled."
-    fi
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW}One-time configuration is required before Bridge services are enabled.${CL}"
-echo -e "${INFO}${YW}Run this command in the container: protonmailbridge-configure${CL}"

ct/rustdeskserver.sh

@@ -48,6 +48,8 @@ function update_script() {
     msg_ok "Services started"
 
     msg_ok "Updated successfully!"
+  else
+    msg_ok "No update required. ${APP} is already at v${RELEASE}"
   fi
   exit
 }

ct/shelfmark.sh

@@ -30,7 +30,7 @@ function update_script() {
   fi
 
   NODE_VERSION="24" setup_nodejs
-  PYTHON_VERSION="3.14" setup_uv
+  PYTHON_VERSION="3.12" setup_uv
 
   if check_for_gh_release "shelfmark" "calibrain/shelfmark"; then
     msg_info "Stopping Service(s)"
@@ -59,7 +59,6 @@ function update_script() {
     RELEASE_VERSION=$(cat "$HOME/.shelfmark")
 
     msg_info "Updating Shelfmark"
-    export VIRTUAL_ENV=/opt/shelfmark/venv
     sed -i "s/^RELEASE_VERSION=.*/RELEASE_VERSION=$RELEASE_VERSION/" /etc/shelfmark/.env
     cd /opt/shelfmark/src/frontend
     $STD npm ci
@@ -68,10 +67,9 @@ function update_script() {
     cd /opt/shelfmark
     $STD uv venv -c ./venv
     $STD source ./venv/bin/activate
+    $STD uv pip install -r ./requirements-base.txt
     if [[ $(sed -n '/_BYPASS=/s/[^=]*=//p' /etc/shelfmark/.env) == "true" ]] && [[ $(sed -n '/BYPASSER=/s/[^=]*=//p' /etc/shelfmark/.env) == "false" ]]; then
-      $STD uv sync --active --locked --no-default-groups --extra browser
-    else
-      $STD uv sync --active --locked --no-default-groups
+      $STD uv pip install -r ./requirements-shelfmark.txt
     fi
     mv /opt/start.sh.bak /opt/shelfmark/start.sh
     msg_ok "Updated Shelfmark"

ct/soulsync.sh

@@ -1,68 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/Nezreka/SoulSync
-
-APP="SoulSync"
-var_tags="${var_tags:-music;automation;media}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-2048}"
-var_disk="${var_disk:-8}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -f ~/.soulsync ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "soulsync" "Nezreka/SoulSync"; then
-    msg_info "Stopping Service"
-    systemctl stop soulsync
-    msg_ok "Stopped Service"
-
-    msg_info "Backing up Data"
-    mv /opt/soulsync/config /opt/soulsync-config.bak
-    mv /opt/soulsync/data /opt/soulsync-data.bak
-    msg_ok "Backed up Data"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "soulsync" "Nezreka/SoulSync" "tarball"
-
-    msg_info "Updating Python Dependencies"
-    cd /opt/soulsync
-    $STD uv venv --clear /opt/soulsync/.venv --python 3.11
-    $STD /opt/soulsync/.venv/bin/pip install -r requirements.txt
-    msg_ok "Updated Python Dependencies"
-
-    mv /opt/soulsync-config.bak /opt/soulsync/config
-    mv /opt/soulsync-data.bak /opt/soulsync/data
-
-    msg_info "Starting Service"
-    systemctl start soulsync
-    msg_ok "Started Service"
-    msg_ok "Updated ${APP}"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8008${CL}"

ct/step-ca.sh

@@ -30,12 +30,6 @@ function update_script() {
   msg_info "Updating step-ca and step-cli"
   $STD apt update
   $STD apt upgrade -y step-ca step-cli
-
-  # Patch for making $STD happy (/usr/bin/step is a symlink to /usr/bin/step-cli)
-  STEPBIN="$(which step)"
-  rm -f "$STEPBIN"
-  cp -f "$(which step-cli)" "$STEPBIN"
-
   $STD systemctl restart step-ca
   msg_ok "Updated step-ca and step-cli"
 

ct/storybook.sh

@@ -1,54 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/storybookjs/storybook
-
-APP="Storybook"
-var_tags="${var_tags:-dev-tools;frontend;ui}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-2048}"
-var_disk="${var_disk:-8}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -f /opt/storybook/.projectpath ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  PROJECT_PATH=$(cat /opt/storybook/.projectpath)
-
-  if [[ ! -d "$PROJECT_PATH" ]]; then
-    msg_error "Project directory not found: $PROJECT_PATH"
-    exit
-  fi
-
-  msg_info "Updating Storybook"
-  cd "$PROJECT_PATH"
-  $STD npx storybook@latest upgrade --yes
-  msg_ok "Updated Storybook"
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:6006${CL}"

ct/storyteller.sh

@@ -1,85 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://gitlab.com/storyteller-platform/storyteller
-
-APP="Storyteller"
-var_tags="${var_tags:-media;ebook;audiobook}"
-var_cpu="${var_cpu:-4}"
-var_ram="${var_ram:-10240}"
-var_disk="${var_disk:-20}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/storyteller ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gl_release "storyteller" "storyteller-platform/storyteller"; then
-    msg_info "Stopping Service"
-    systemctl stop storyteller
-    msg_ok "Stopped Service"
-
-    msg_info "Backing up Data"
-    cp /opt/storyteller/.env /opt/storyteller_env.bak
-    msg_ok "Backed up Data"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gl_release "storyteller" "storyteller-platform/storyteller" "tarball" "latest" "/opt/storyteller"
-
-    msg_info "Restoring Configuration"
-    mv /opt/storyteller_env.bak /opt/storyteller/.env
-    msg_ok "Restored Configuration"
-
-    msg_info "Rebuilding Storyteller"
-    cd /opt/storyteller
-    export NODE_OPTIONS="--max-old-space-size=4096"
-    $STD yarn install --network-timeout 600000
-    $STD gcc -g -fPIC -rdynamic -shared web/sqlite/uuid.c -o web/sqlite/uuid.c.so
-    export CI=1
-    export NODE_ENV=production
-    export NEXT_TELEMETRY_DISABLED=1
-    export SQLITE_NATIVE_BINDING=/opt/storyteller/node_modules/better-sqlite3/build/Release/better_sqlite3.node
-    $STD yarn workspaces foreach -Rpt --from @storyteller-platform/web --exclude @storyteller-platform/eslint run build
-    mkdir -p /opt/storyteller/web/.next/standalone/web/.next/static
-    cp -rT /opt/storyteller/web/.next/static /opt/storyteller/web/.next/standalone/web/.next/static
-    if [[ -d /opt/storyteller/web/public ]]; then
-      mkdir -p /opt/storyteller/web/.next/standalone/web/public
-      cp -rT /opt/storyteller/web/public /opt/storyteller/web/.next/standalone/web/public
-    fi
-    mkdir -p /opt/storyteller/web/.next/standalone/web/migrations
-    cp -rT /opt/storyteller/web/migrations /opt/storyteller/web/.next/standalone/web/migrations
-    mkdir -p /opt/storyteller/web/.next/standalone/web/sqlite
-    cp -rT /opt/storyteller/web/sqlite /opt/storyteller/web/.next/standalone/web/sqlite
-    ln -sf /opt/storyteller/.env /opt/storyteller/web/.next/standalone/web/.env
-    msg_ok "Rebuilt Storyteller"
-
-    msg_info "Starting Service"
-    systemctl start storyteller
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8001${CL}"

ct/teable.sh

@@ -1,82 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/teableio/teable
-
-APP="Teable"
-var_tags="${var_tags:-database;no-code;spreadsheet}"
-var_cpu="${var_cpu:-4}"
-var_ram="${var_ram:-10240}"
-var_disk="${var_disk:-25}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/teable ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "teable" "teableio/teable"; then
-    msg_info "Stopping Service"
-    systemctl stop teable
-    msg_ok "Stopped Service"
-
-    msg_info "Backing up Configuration"
-    cp /opt/teable/.env /opt/teable.env.bak
-    msg_ok "Backed up Configuration"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "teable" "teableio/teable" "tarball"
-
-    msg_info "Restoring Configuration"
-    mv /opt/teable.env.bak /opt/teable/.env
-    msg_ok "Restored Configuration"
-
-    msg_info "Rebuilding Teable"
-    cd /opt/teable
-    TEABLE_VERSION=$(cat ~/.teable)
-    echo "NEXT_PUBLIC_BUILD_VERSION=\"${TEABLE_VERSION}\"" >>apps/nextjs-app/.env
-    export HUSKY=0
-    export NODE_OPTIONS="--max-old-space-size=8192"
-    $STD pnpm install --frozen-lockfile
-    $STD pnpm -F @teable/db-main-prisma prisma-generate --schema ./prisma/postgres/schema.prisma
-    NODE_ENV=production NEXT_BUILD_ENV_TYPECHECK=false \
-      $STD pnpm -r --filter '!playground' run build
-    msg_ok "Rebuilt Teable"
-
-    msg_info "Running Database Migrations"
-    source /opt/teable/.env
-    $STD pnpm -F @teable/db-main-prisma prisma-migrate deploy --schema ./prisma/postgres/schema.prisma
-    msg_ok "Ran Database Migrations"
-
-    msg_info "Starting Service"
-    systemctl start teable
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  else
-    msg_ok "No update available."
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"

ct/technitiumdns.sh

@@ -32,8 +32,8 @@ function update_script() {
     systemctl daemon-reload
     systemctl enable -q --now technitium
   fi
-  if ! is_package_installed "aspnetcore-runtime-10.0"; then
-    $STD apt remove -y aspnetcore-runtime-8.0 aspnetcore-runtime-9.0 2>/dev/null || true
+  if is_package_installed "aspnetcore-runtime-8.0"; then
+    $STD apt remove -y aspnetcore-runtime-8.0
     [ -f /etc/apt/sources.list.d/microsoft-prod.list ] && rm -f /etc/apt/sources.list.d/microsoft-prod.list
     [ -f /usr/share/keyrings/microsoft-prod.gpg ] && rm -f /usr/share/keyrings/microsoft-prod.gpg
     setup_deb822_repo \
@@ -42,15 +42,18 @@ function update_script() {
       "https://packages.microsoft.com/debian/13/prod/" \
       "trixie" \
       "main"
-    $STD apt install -y aspnetcore-runtime-10.0
+    $STD apt install -y aspnetcore-runtime-9.0
   fi
 
   RELEASE=$(curl -fsSL https://technitium.com/dns/ | grep -oP 'Version \K[\d.]+')
-  if [[ ! -f ~/.technitium || ${RELEASE} != "$(cat ~/.technitium 2>/dev/null)" ]]; then
-    systemctl stop technitium
-    fetch_and_deploy_from_url "https://download.technitium.com/dns/DnsServerPortable.tar.gz" /opt/technitium/dns
+  if [[ ! -f ~/.technitium || ${RELEASE} != "$(cat ~/.technitium)" ]]; then
+    msg_info "Updating Technitium DNS"
+    curl -fsSL "https://download.technitium.com/dns/DnsServerPortable.tar.gz" -o /opt/DnsServerPortable.tar.gz
+    $STD tar zxvf /opt/DnsServerPortable.tar.gz -C /opt/technitium/dns/
+    rm -f /opt/DnsServerPortable.tar.gz
     echo "${RELEASE}" >~/.technitium
-    systemctl start technitium
+    systemctl restart technitium
+    msg_ok "Updated Technitium DNS"
     msg_ok "Updated successfully!"
   else
     msg_ok "No update required.  Technitium DNS is already at v${RELEASE}."

ct/termix.sh

@@ -145,7 +145,7 @@ EOF
     cp -r /opt/termix/uploads /opt/termix_uploads_backup
     msg_ok "Backed up Data"
 
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "termix" "Termix-SSH/Termix" "tarball"
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "termix" "Termix-SSH/Termix"
 
     msg_info "Recreating Directories"
     mkdir -p /opt/termix/html \
@@ -155,8 +155,6 @@ EOF
       /opt/termix/nginx/client_body
     msg_ok "Recreated Directories"
 
-    NODE_VERSION="24" setup_nodejs
-
     msg_info "Building Frontend"
     cd /opt/termix
     export COREPACK_ENABLE_DOWNLOAD_PROMPT=0

ct/threadfin.sh

@@ -29,12 +29,12 @@ function update_script() {
     exit
   fi
 
-  if check_for_gh_release "threadfin-app" "threadfin/threadfin"; then
+  if check_for_gh_release "threadfin" "threadfin/threadfin"; then
     msg_info "Stopping Service"
     systemctl stop threadfin
     msg_ok "Stopped Service"
 
-    fetch_and_deploy_gh_release "threadfin-app" "threadfin/threadfin" "singlefile" "latest" "/opt/threadfin" "Threadfin_linux_amd64"
+    fetch_and_deploy_gh_release "threadfin" "threadfin/threadfin" "singlefile" "latest" "/opt/threadfin" "Threadfin_linux_amd64"
 
     msg_info "Starting Service"
     systemctl start threadfin

ct/transmute.sh

@@ -1,83 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/transmute-app/transmute
-
-APP="Transmute"
-var_tags="${var_tags:-files;converter}"
-var_cpu="${var_cpu:-4}"
-var_ram="${var_ram:-4096}"
-var_disk="${var_disk:-16}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/transmute ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  fetch_and_deploy_gh_release "calibre" "kovidgoyal/calibre" "prebuild" "latest" "/opt/calibre" "calibre-*-x86_64.txz"
-  ln -sf /opt/calibre/ebook-convert /usr/bin/ebook-convert
-  fetch_and_deploy_gh_release "drawio" "jgraph/drawio-desktop" "binary" "latest" "" "drawio-amd64-*.deb"
-  fetch_and_deploy_gh_release "pandoc" "jgm/pandoc" "binary" "latest" "" "pandoc-*-amd64.deb"
-
-  if check_for_gh_release "transmute" "transmute-app/transmute"; then
-    msg_info "Stopping Service"
-    systemctl stop transmute
-    msg_ok "Stopped Service"
-
-    msg_info "Backing up Data"
-    cp /opt/transmute/backend/.env /opt/transmute.env.bak
-    cp -r /opt/transmute/data /opt/transmute_data_bak
-    msg_ok "Backed up Data"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "transmute" "transmute-app/transmute" "tarball"
-
-    msg_info "Updating Python Dependencies"
-    cd /opt/transmute
-    $STD uv venv --clear /opt/transmute/.venv
-    $STD uv pip install --python /opt/transmute/.venv/bin/python -r requirements.txt
-    msg_ok "Updated Python Dependencies"
-
-    msg_info "Rebuilding Frontend"
-    cd /opt/transmute/frontend
-    $STD npm ci
-    $STD npm run build
-    msg_ok "Rebuilt Frontend"
-
-    msg_info "Restoring Data"
-    cp /opt/transmute.env.bak /opt/transmute/backend/.env
-    cp -r /opt/transmute_data_bak/. /opt/transmute/data/
-    rm -f /opt/transmute.env.bak
-    rm -rf /opt/transmute_data_bak
-    msg_ok "Restored Data"
-
-    msg_info "Starting Service"
-    systemctl start transmute
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3313${CL}"

ct/trek.sh

@@ -1,84 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/mauriceboe/TREK
-
-APP="TREK"
-var_tags="${var_tags:-travel;planning;collaboration}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-2048}"
-var_disk="${var_disk:-8}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/trek ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "trek" "mauriceboe/TREK"; then
-    msg_info "Stopping Service"
-    systemctl stop trek
-    msg_ok "Stopped Service"
-
-    msg_info "Backing up Data"
-    cp /opt/trek/server/.env /opt/trek.env.bak
-    mv /opt/trek/data /opt/trek-data.bak
-    mv /opt/trek/uploads /opt/trek-uploads.bak
-    msg_ok "Backed up Data"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "trek" "mauriceboe/TREK" "tarball"
-
-    msg_info "Building Client"
-    cd /opt/trek/client
-    $STD npm ci
-    $STD npm run build
-    mkdir -p /opt/trek/server/public
-    cp -r /opt/trek/client/dist/* /opt/trek/server/public/
-    cp -r /opt/trek/client/public/fonts /opt/trek/server/public/fonts 2>/dev/null || true
-    msg_ok "Built Client"
-
-    msg_info "Installing Server Dependencies"
-    cd /opt/trek/server
-    $STD npm ci
-    msg_ok "Installed Server Dependencies"
-
-    msg_info "Restoring Data"
-    mv /opt/trek-data.bak /opt/trek/data
-    mv /opt/trek-uploads.bak /opt/trek/uploads
-    rm -rf /opt/trek/server/data /opt/trek/server/uploads
-    ln -s /opt/trek/data /opt/trek/server/data
-    ln -s /opt/trek/uploads /opt/trek/server/uploads
-    cp /opt/trek.env.bak /opt/trek/server/.env
-    rm -f /opt/trek.env.bak
-    msg_ok "Restored Data"
-
-    msg_info "Starting Service"
-    systemctl start trek
-    msg_ok "Started Service"
-    msg_ok "Updated Successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"

ct/tubearchivist.sh

@@ -1,83 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/tubearchivist/tubearchivist
-
-APP="Tube Archivist"
-var_tags="${var_tags:-media;youtube;archiving}"
-var_cpu="${var_cpu:-4}"
-var_ram="${var_ram:-6144}"
-var_disk="${var_disk:-30}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/tubearchivist ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "tubearchivist" "tubearchivist/tubearchivist"; then
-    msg_info "Stopping Services"
-    systemctl stop tubearchivist tubearchivist-celery tubearchivist-beat
-    msg_ok "Stopped Services"
-
-    msg_info "Backing up Data"
-    cp /opt/tubearchivist/.env /opt/tubearchivist_env.bak
-    msg_ok "Backed up Data"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "tubearchivist" "tubearchivist/tubearchivist" "tarball"
-
-    msg_info "Rebuilding Tube Archivist"
-    cd /opt/tubearchivist/frontend
-    $STD npm install
-    $STD npm run build:deploy
-    mkdir -p /opt/tubearchivist/backend/static
-    cp -r /opt/tubearchivist/frontend/dist/* /opt/tubearchivist/backend/static/
-    cp /opt/tubearchivist/docker_assets/backend_start.py /opt/tubearchivist/backend/
-    $STD uv pip install --python /opt/tubearchivist/.venv/bin/python -r /opt/tubearchivist/backend/requirements.txt
-    if [[ -f /opt/tubearchivist/backend/requirements.plugins.txt ]]; then
-      mkdir -p /opt/yt_plugins/bgutil
-      $STD uv pip install --python /opt/tubearchivist/.venv/bin/python --target /opt/yt_plugins/bgutil -r /opt/tubearchivist/backend/requirements.plugins.txt
-    fi
-    msg_ok "Rebuilt Tube Archivist"
-
-    msg_info "Restoring Configuration"
-    mv /opt/tubearchivist_env.bak /opt/tubearchivist/.env
-    sed -i 's|^TA_APP_DIR=/opt/tubearchivist$|TA_APP_DIR=/opt/tubearchivist/backend|' /opt/tubearchivist/.env
-    sed -i 's|^TA_CACHE_DIR=/opt/tubearchivist/cache$|TA_CACHE_DIR=/cache|' /opt/tubearchivist/.env
-    sed -i 's|^TA_MEDIA_DIR=/opt/tubearchivist/media$|TA_MEDIA_DIR=/youtube|' /opt/tubearchivist/.env
-    ln -sf /opt/tubearchivist/cache /cache
-    ln -sf /opt/tubearchivist/media /youtube
-    ln -sf /opt/tubearchivist/.env /opt/tubearchivist/backend/.env
-    msg_ok "Restored Configuration"
-
-    msg_info "Starting Services"
-    systemctl start tubearchivist tubearchivist-celery tubearchivist-beat
-    systemctl reload nginx
-    msg_ok "Started Services"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8000${CL}"

ct/twingate-connector.sh

@@ -29,9 +29,8 @@ function update_script() {
     exit
   fi
 
-  msg_info "Updating Twingate Connector"
-  $STD apt update
-  $STD apt install -y --only-upgrade twingate-connector
+  msg_info "Updating ${APP}"
+  ensure_dependencies twingate-connector
   $STD systemctl restart twingate-connector
   msg_ok "Updated successfully!"
   exit

ct/victoriametrics.sh

@@ -32,8 +32,6 @@ function update_script() {
     msg_info "Stopping Service"
     systemctl stop victoriametrics
     [[ -f /etc/systemd/system/victoriametrics-logs.service ]] && systemctl stop victoriametrics-logs
-    [[ -f /etc/systemd/system/vmagent.service ]] && systemctl stop vmagent
-    [[ -f /etc/systemd/system/vmalert.service ]] && systemctl stop vmalert
     msg_ok "Stopped Service"
 
     victoriametrics_release=$(curl -fsSL "https://api.github.com/repos/VictoriaMetrics/VictoriaMetrics/releases" |
@@ -64,8 +62,6 @@ function update_script() {
     msg_info "Starting Service"
     systemctl start victoriametrics
     [[ -f /etc/systemd/system/victoriametrics-logs.service ]] && systemctl start victoriametrics-logs
-    [[ -f /etc/systemd/system/vmagent.service ]] && systemctl start vmagent
-    [[ -f /etc/systemd/system/vmalert.service ]] && systemctl start vmalert
     msg_ok "Started Service"
     msg_ok "Updated successfully!"
   fi

ct/wger.sh

@@ -53,8 +53,6 @@ function update_script() {
     set -a && source /opt/wger/.env && set +a
     export DJANGO_SETTINGS_MODULE=settings.main
     $STD uv pip install .
-    $STD npm install
-    $STD npm run build:css:sass
     $STD uv run python manage.py migrate
     $STD uv run python manage.py collectstatic --no-input
     msg_ok "Updated wger"

install/alpine-docker-install.sh

@@ -14,7 +14,7 @@ network_check
 update_os
 
 msg_info "Installing Dependencies"
-$STD apk add tzdata openssl
+$STD apk add tzdata
 msg_ok "Installed Dependencies"
 
 msg_info "Installing Docker"

install/apprise-api-install.sh

@@ -1,66 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: SystemIdleProcess
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/caronc/apprise-api
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  nginx \
-  git
-msg_ok "Installed Dependencies" 
-
-PYTHON_VERSION="3.12" setup_uv
-fetch_and_deploy_gh_release "apprise" "caronc/apprise-api" "tarball"
-
-msg_info "Setup Apprise-API"
-cd /opt/apprise
-cp ./requirements.txt /etc/requirements.txt
-$STD uv pip install -r requirements.txt gunicorn supervisor --system
-cp -fr apprise_api/static /usr/share/nginx/html/s/
-mv apprise_api/ webapp
-touch /etc/nginx/server-override.conf
-touch /etc/nginx/location-override.conf
-mkdir -p /config/store /attach /plugin /tmp/apprise /opt/apprise/logs
-chmod 1777 /tmp/apprise && chmod 777 /config /config/store /attach /plugin /opt/apprise/logs
-sed -i \
-  -e '/[[]program:nginx]/,/^[[]/ s|stdout_logfile=/dev/stdout|stdout_logfile=/opt/apprise/logs/nginx.log|' \
-  -e '/[[]program:nginx]/,/^[[]/ s|stderr_logfile=/dev/stderr|stderr_logfile=/opt/apprise/logs/nginx_error.log|' \
-  -e '/[[]program:gunicorn]/,/^[[]/ s|stdout_logfile=/dev/stdout|stdout_logfile=/opt/apprise/logs/gunicorn.log|' \
-  -e '/[[]program:gunicorn]/,/^[[]/ s|stderr_logfile=/dev/stderr|stderr_logfile=/opt/apprise/logs/gunicorn_error.log|' \
-  -e '/[[]supervisord]/,/^[[]/ s|logfile=/dev/null|logfile=/opt/apprise/logs/supervisor.log|' \
-  -e 's|_maxbytes=0|_maxbytes=10485760|g' \
-  /opt/apprise/webapp/etc/supervisord.conf
-msg_ok "Setup Apprise-API"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/apprise-api.service
-[Unit]
-Description=Apprise-API Service
-After=network-online.target
-
-[Service]
-Type=simple
-WorkingDirectory=/opt/apprise
-ExecStart=/opt/apprise/webapp/supervisord-startup
-Restart=always
-RestartSec=30
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now apprise-api
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc

install/checkmate-install.sh

@@ -22,7 +22,7 @@ msg_ok "Installed Dependencies"
 
 MONGO_VERSION="8.0" setup_mongodb
 NODE_VERSION="22" setup_nodejs
-fetch_and_deploy_gh_release "checkmate" "bluewave-labs/Checkmate" "tarball"
+fetch_and_deploy_gh_release "checkmate" "bluewave-labs/Checkmate"
 
 msg_info "Configuring Checkmate"
 JWT_SECRET="$(openssl rand -hex 32)"

install/checkmk-install.sh

@@ -14,10 +14,10 @@ network_check
 update_os
 
 msg_info "Install Checkmk"
-RELEASE=$(curl_with_retry "https://api.github.com/repos/checkmk/checkmk/tags" "-" | grep "name" | awk '{print substr($2, 3, length($2)-4) }' | tr ' ' '\n' | grep -Ev 'rc|b' | sort -V | tail -n 1)
+RELEASE=$(curl -fsSL https://api.github.com/repos/checkmk/checkmk/tags | grep "name" | awk '{print substr($2, 3, length($2)-4) }' | tr ' ' '\n' | grep -Ev 'rc|b' | sort -V | tail -n 1)
 RELEASE="${RELEASE%%+*}"
-curl_with_retry "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-community-${RELEASE}_0.$(get_os_info codename)_amd64.deb" "/opt/checkmk.deb"
-$STD apt install -y /opt/checkmk.deb
+curl -fsSL "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-raw-${RELEASE}_0.$(get_os_info codename)_amd64.deb" -o "/opt/checkmk.deb"
+$STD apt-get install -y /opt/checkmk.deb
 rm -rf /opt/checkmk.deb
 echo "${RELEASE}" >"/opt/checkmk_version.txt"
 msg_ok "Installed Checkmk"
@@ -29,12 +29,14 @@ MKPASSWORD=$(openssl rand -base64 18 | tr -d '/+=' | cut -c1-16)
 
 echo -e "$MKPASSWORD\n$MKPASSWORD" | su - "$SITE_NAME" -c "cmk-passwd cmkadmin --stdin"
 $STD omd start "$SITE_NAME"
+
 {
   echo "Application-Credentials"
   echo "Username: cmkadmin"
   echo "Password: $MKPASSWORD"
   echo "Site: $SITE_NAME"
 } >>~/checkmk.creds
+
 msg_ok "Created Service"
 
 cleanup_lxc

install/coredns-install.sh

@@ -1,55 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/coredns/coredns
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-fetch_and_deploy_gh_release "coredns" "coredns/coredns" "prebuild" "latest" "/usr/local/bin" \
-  "coredns_*_linux_$(dpkg --print-architecture).tgz"
-chmod +x /usr/local/bin/coredns
-
-msg_info "Configuring CoreDNS"
-mkdir -p /etc/coredns
-cat <<EOF >/etc/coredns/Corefile
-. {
-    forward . 1.1.1.1 1.0.0.1
-    cache 30
-    log
-    errors
-    health :8080
-    ready :8181
-}
-EOF
-msg_ok "Configured CoreDNS"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/coredns.service
-[Unit]
-Description=CoreDNS DNS Server
-After=network.target
-
-[Service]
-Type=simple
-ExecStart=/usr/local/bin/coredns -conf /etc/coredns/Corefile
-Restart=on-failure
-RestartSec=5
-LimitNOFILE=1048576
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now coredns
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc

install/databasus-install.sh

@@ -32,7 +32,7 @@ for v in 12 13 14 15 16 18; do
 done
 # Install MongoDB Database Tools via direct .deb (no APT repo for Debian 13)
 [[ "$(get_os_info id)" == "ubuntu" ]] && MONGO_DIST="ubuntu2204" || MONGO_DIST="debian12"
-MONGO_VERSION=$(get_latest_gh_tag "mongodb/mongo-tools" "100." || echo "100.16.1")
+MONGO_VERSION=$(get_latest_gh_tag "mongodb/mongo-tools" "100." || echo "100.14.1")
 fetch_and_deploy_from_url "https://fastdl.mongodb.org/tools/db/mongodb-database-tools-${MONGO_DIST}-x86_64-${MONGO_VERSION}.deb" ""
 mkdir -p /usr/local/mongodb-database-tools/bin
 [[ -f /usr/bin/mongodump ]] && ln -sf /usr/bin/mongodump /usr/local/mongodb-database-tools/bin/mongodump
@@ -52,12 +52,9 @@ msg_ok "Installed Database Clients"
 fetch_and_deploy_gh_release "databasus" "databasus/databasus" "tarball" "latest" "/opt/databasus"
 
 msg_info "Building Databasus (Patience)"
-export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
 cd /opt/databasus/frontend
-$STD corepack enable
-$STD corepack prepare pnpm@latest --activate
-$STD pnpm install --frozen-lockfile
-$STD pnpm run build
+$STD npm ci
+$STD npm run build
 cd /opt/databasus/backend
 $STD go mod tidy
 $STD go mod download
@@ -79,7 +76,7 @@ ENCRYPTION_KEY=$(openssl rand -hex 32)
 # Install goose for migrations
 $STD go install github.com/pressly/goose/v3/cmd/goose@latest
 ln -sf /root/go/bin/goose /usr/local/bin/goose
-cat <<EOF >/.env
+cat <<EOF >/opt/databasus/.env
 # Environment
 ENV_MODE=production
 
@@ -109,7 +106,8 @@ DATA_DIR=/databasus-data/data
 BACKUP_DIR=/databasus-data/backups
 LOG_DIR=/databasus-data/logs
 EOF
-chmod 600 /.env
+chown postgres:postgres /opt/databasus/.env
+chmod 600 /opt/databasus/.env
 msg_ok "Configured Databasus"
 
 msg_info "Configuring Valkey"
@@ -147,7 +145,7 @@ Requires=postgresql.service valkey.service
 [Service]
 Type=simple
 WorkingDirectory=/opt/databasus
-EnvironmentFile=/.env
+EnvironmentFile=/opt/databasus/.env
 ExecStart=/opt/databasus/databasus
 Restart=always
 RestartSec=5

install/dawarich-install.sh

@@ -46,16 +46,10 @@ msg_ok "Set up Directories"
 
 msg_info "Configuring Environment"
 SECRET_KEY_BASE=$(openssl rand -hex 64)
-OTP_ENCRYPTION_PRIMARY_KEY=$(openssl rand -hex 64)
-OTP_ENCRYPTION_DETERMINISTIC_KEY=$(openssl rand -hex 64)
-OTP_ENCRYPTION_KEY_DERIVATION_SALT=$(openssl rand -hex 64)
 RELEASE=$(get_latest_github_release "Freika/dawarich")
 cat <<EOF >/opt/dawarich/.env
 RAILS_ENV=production
 SECRET_KEY_BASE=${SECRET_KEY_BASE}
-OTP_ENCRYPTION_PRIMARY_KEY=${OTP_ENCRYPTION_PRIMARY_KEY}
-OTP_ENCRYPTION_DETERMINISTIC_KEY=${OTP_ENCRYPTION_DETERMINISTIC_KEY}
-OTP_ENCRYPTION_KEY_DERIVATION_SALT=${OTP_ENCRYPTION_KEY_DERIVATION_SALT}
 DATABASE_HOST=localhost
 DATABASE_USERNAME=${PG_DB_USER}
 DATABASE_PASSWORD=${PG_DB_PASS}

install/endurain-install.sh

@@ -3,7 +3,7 @@
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: johanngrobe
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://codeberg.org/endurain-project/endurain
+# Source: https://github.com/joaovitoriasilva/endurain
 
 source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
 color
@@ -21,7 +21,7 @@ PYTHON_VERSION="3.13" setup_uv
 NODE_VERSION="24" setup_nodejs
 PG_VERSION="17" PG_MODULES="postgis" setup_postgresql
 PG_DB_NAME="enduraindb" PG_DB_USER="endurain" setup_postgresql_db
-fetch_and_deploy_codeberg_release "endurain" "endurain-project/endurain" "tarball" "latest" "/opt/endurain"
+fetch_and_deploy_gh_release "endurain" "endurain-project/endurain" "tarball" "latest" "/opt/endurain"
 
 msg_info "Setting up Endurain"
 cd /opt/endurain

install/fireshare-install.sh

@@ -1,174 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: Slaviša Arežina (tremor021)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/ShaneIsrael/fireshare
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-setup_hwaccel
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  git \
-  build-essential \
-  cmake \
-  pkg-config \
-  yasm \
-  nasm \
-  libx264-dev \
-  libx265-dev \
-  libvpx-dev \
-  libaom-dev \
-  libopus-dev \
-  libvorbis-dev \
-  libass-dev \
-  libfreetype6-dev \
-  libmp3lame-dev \
-  nginx-extras \
-  supervisor \
-  libldap2-dev \
-  libsasl2-dev \
-  libssl-dev \
-  libffi-dev \
-  libc-dev
-msg_ok "Installed Dependencies"
-
-NODE_VERSION=24 setup_nodejs
-PYTHON_VERSION=3.14 setup_uv
-
-fetch_and_deploy_gh_release "fireshare" "ShaneIsrael/fireshare" "tarball"
-
-msg_info "Compiling SVT-AV1 (Patience)"
-cd /tmp
-$STD git clone --depth 1 --branch v1.8.0 https://gitlab.com/AOMediaCodec/SVT-AV1.git
-cd SVT-AV1/Build
-$STD cmake .. -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release
-$STD make -j$(nproc)
-$STD make install
-msg_ok "Compiled SVT-AV1"
-
-msg_info "Installing NVDEC headers"
-cd /tmp
-$STD git clone --depth 1 --branch n12.1.14.0 https://github.com/FFmpeg/nv-codec-headers.git
-cd nv-codec-headers
-$STD make install
-$STD ldconfig
-msg_ok "Installed NVDEC headers"
-
-msg_info "Compiling ffmpeg (Patience)"
-cd /tmp
-curl -fsSL https://ffmpeg.org/releases/ffmpeg-6.1.tar.xz -o "ffmpeg-6.1.tar.xz"
-$STD tar -xf ffmpeg-6.1.tar.xz
-cd ffmpeg-6.1
-$STD ./configure \
-  --prefix=/usr/local \
-  --enable-gpl \
-  --enable-version3 \
-  --enable-nonfree \
-  --enable-ffnvcodec \
-  --enable-libx264 \
-  --enable-libx265 \
-  --enable-libvpx \
-  --enable-libaom \
-  --enable-libopus \
-  --enable-libvorbis \
-  --enable-libmp3lame \
-  --enable-libass \
-  --enable-libfreetype \
-  --enable-libsvtav1 \
-  --disable-debug \
-  --disable-doc
-$STD make -j$(nproc)
-$STD make install
-$STD ldconfig
-msg_ok "Compiled ffmpeg"
-
-msg_info "Configuring Fireshare (Patience)"
-ADMIN_PASSWORD=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
-SECRET=$(openssl rand -base64 48)
-mkdir -p /opt/fireshare-{data,videos,images,processed}
-cd /opt/fireshare
-$STD uv venv
-$STD .venv/bin/python -m ensurepip --upgrade
-$STD .venv/bin/python -m pip install --upgrade --break-system-packages pip
-ln -sf /usr/local/bin/ffmpeg /usr/bin/ffmpeg
-ln -sf /usr/local/bin/ffprobe /usr/bin/ffprobe
-echo "/usr/local/lib" >/etc/ld.so.conf.d/usr-local.conf
-echo "/usr/local/cuda/lib64" >>/etc/ld.so.conf.d/usr-local.conf
-echo "/usr/local/nvidia/lib" >>/etc/ld.so.conf.d/nvidia.conf
-echo "/usr/local/nvidia/lib64" >>/etc/ld.so.conf.d/nvidia.conf
-ldconfig
-$STD .venv/bin/python -m pip install --no-cache-dir --break-system-packages --ignore-installed app/server
-cp .venv/bin/fireshare /usr/local/bin/fireshare
-export FLASK_APP="/opt/fireshare/app/server/fireshare:create_app()"
-export DATA_DIRECTORY=/opt/fireshare-data
-export IMAGE_DIRECTORY=/opt/fireshare-images
-export VIDEO_DIRECTORY=/opt/fireshare-videos
-export PROCESSED_DIRECTORY=/opt/fireshare-processed
-$STD uv run flask db upgrade
-
-cat <<EOF >/opt/fireshare/fireshare.env
-FLASK_APP="/opt/fireshare/app/server/fireshare:create_app()"
-DOMAIN=
-ENVIRONMENT=production
-DATA_DIRECTORY=/opt/fireshare-data
-IMAGE_DIRECTORY=/opt/fireshare-images
-VIDEO_DIRECTORY=/opt/fireshare-videos
-PROCESSED_DIRECTORY=/opt/fireshare-processed
-TEMPLATE_PATH=/opt/fireshare/app/server/fireshare/templates
-SECRET_KEY=${SECRET}
-ADMIN_PASSWORD=${ADMIN_PASSWORD}
-TZ=UTC
-LD_LIBRARY_PATH=/usr/local/nvidia/lib:/usr/local/nvidia/lib64:/usr/local/lib:/usr/local/cuda/lib64:\$LD_LIBRARY_PATH
-PATH=/usr/local/bin:$PATH
-ENABLE_TRANSCODING=
-TRANSCODE_GPU=
-NVIDIA_DRIVER_CAPABILITIES=
-EOF
-
-cd /opt/fireshare/app/client
-$STD npm install
-$STD npm run build
-systemctl stop nginx
-cp /opt/fireshare/app/nginx/prod.conf /etc/nginx/nginx.conf
-sed -i 's|root /processed/|root /opt/fireshare-processed/|g' /etc/nginx/nginx.conf
-sed -i 's/^user[[:space:]]\+nginx;/user  root;/' /etc/nginx/nginx.conf
-sed -i 's|root[[:space:]]\+/app/build;|root /opt/fireshare/app/client/build;|' /etc/nginx/nginx.conf
-systemctl start nginx
-
-cat <<EOF >~/fireshare.creds
-Fireshare Admin Credentials
-========================
-Username: admin
-Password: ${ADMIN_PASSWORD}
-EOF
-msg_ok "Configured Fireshare"
-
-msg_info "Creating services"
-cat <<EOF >/etc/systemd/system/fireshare.service
-[Unit]
-Description=Fireshare Service
-After=network.target
-
-[Service]
-WorkingDirectory=/opt/fireshare/app/server
-ExecStart=/opt/fireshare/.venv/bin/gunicorn --bind=127.0.0.1:5000 "fireshare:create_app(init_schedule=True)" --workers 3 --threads 3 --preload
-Restart=always
-EnvironmentFile=/opt/fireshare/fireshare.env
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now fireshare
-msg_ok "Created services"
-
-motd_ssh
-customize
-cleanup_lxc

install/ghostfolio-install.sh

@@ -25,12 +25,25 @@ PG_VERSION="17" setup_postgresql
 NODE_VERSION="24" setup_nodejs
 
 msg_info "Setting up Database"
-PG_DB_NAME="ghostfolio" PG_DB_USER="ghostfolio" PG_DB_SCHEMA_PERMS="true" setup_postgresql_db
+DB_NAME=ghostfolio
+DB_USER=ghostfolio
+DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 REDIS_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 ACCESS_TOKEN_SALT=$(openssl rand -base64 32)
 JWT_SECRET_KEY=$(openssl rand -base64 32)
+$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME;"
+$STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH ENCRYPTED PASSWORD '$DB_PASS';"
+$STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;"
+$STD sudo -u postgres psql -c "ALTER USER $DB_USER CREATEDB;"
+$STD sudo -u postgres psql -d $DB_NAME -c "GRANT ALL ON SCHEMA public TO $DB_USER;"
+$STD sudo -u postgres psql -d $DB_NAME -c "GRANT CREATE ON SCHEMA public TO $DB_USER;"
+$STD sudo -u postgres psql -d $DB_NAME -c "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO $DB_USER;"
+$STD sudo -u postgres psql -d $DB_NAME -c "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO $DB_USER;"
 {
   echo "Ghostfolio Credentials"
+  echo "Database User: $DB_USER"
+  echo "Database Password: $DB_PASS"
+  echo "Database Name: $DB_NAME"
   echo "Redis Password: $REDIS_PASS"
   echo "Access Token Salt: $ACCESS_TOKEN_SALT"
   echo "JWT Secret Key: $JWT_SECRET_KEY"
@@ -56,7 +69,7 @@ read -rp "${TAB3}CoinGecko Pro API key (press Enter to skip): " COINGECKO_PRO_KE
 
 msg_info "Setting up Environment"
 cat <<EOF >/opt/ghostfolio/.env
-DATABASE_URL=postgresql://$PG_DB_USER:$PG_DB_PASS@localhost:5432/$PG_DB_NAME?connect_timeout=300
+DATABASE_URL=postgresql://$DB_USER:$DB_PASS@localhost:5432/$DB_NAME?connect_timeout=300&sslmode=prefer
 REDIS_HOST=localhost
 REDIS_PORT=6379
 REDIS_PASSWORD=$REDIS_PASS

install/graylog-install.sh

@@ -13,7 +13,7 @@ setting_up_container
 network_check
 update_os
 
-MONGO_VERSION="8.2" setup_mongodb
+MONGO_VERSION="8.0" setup_mongodb
 
 msg_info "Setup Graylog Data Node"
 PASSWORD_SECRET=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c16)
@@ -38,8 +38,6 @@ sed -i "s/password_secret =/password_secret = $PASSWORD_SECRET/g" /etc/graylog/s
 sed -i "s/root_password_sha2 =/root_password_sha2 = $ROOT_PASSWORD/g" /etc/graylog/server/server.conf
 sed -i 's/#http_bind_address = 127.0.0.1.*/http_bind_address = 0.0.0.0:9000/g' /etc/graylog/server/server.conf
 systemctl enable -q --now graylog-server
-sleep 5
-sed -i "s/0\.0\.0\.0:9000/$LOCAL_IP:9000/g" /var/log/graylog-server/server.log
 msg_ok "Setup ${APPLICATION}"
 
 motd_ssh

install/immichframe-install.sh

@@ -43,6 +43,8 @@ cd /tmp/immichframe/immichFrame.Web
 $STD npm ci
 $STD npm run build
 cp -r build/* /opt/immichframe/wwwroot
+$STD apt remove -y dotnet-sdk-8.0
+$STD apt autoremove -y
 rm -rf /tmp/immichframe
 mkdir -p /opt/immichframe/Config
 curl -fsSL "https://raw.githubusercontent.com/immichFrame/ImmichFrame/main/docker/Settings.example.yml" -o /opt/immichframe/Config/Settings.yml

install/jitsi-meet-install.sh

@@ -1,35 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://jitsi.org/
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y nginx
-msg_ok "Installed Dependencies"
-
-source /etc/os-release
-setup_deb822_repo "jitsi" \
-  "https://download.jitsi.org/jitsi-key.gpg.key" \
-  "https://download.jitsi.org" \
-  "stable/" \
-  ""
-
-msg_info "Installing Jitsi Meet"
-echo "jitsi-videobridge2 jitsi-videobridge/jvb-hostname string ${LOCAL_IP}" | debconf-set-selections
-echo "jitsi-meet-web-config jitsi-meet/cert-choice select Generate a new self-signed certificate" | debconf-set-selections
-DEBIAN_FRONTEND=noninteractive $STD apt install -y jitsi-meet
-msg_ok "Installed Jitsi Meet"
-
-motd_ssh
-customize
-cleanup_lxc

install/librechat-install.sh

@@ -1,139 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/danny-avila/LibreChat
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-MONGO_VERSION="8.0" setup_mongodb
-setup_meilisearch
-PG_VERSION="17" PG_MODULES="pgvector" setup_postgresql
-PG_DB_NAME="ragapi" PG_DB_USER="ragapi" PG_DB_EXTENSIONS="vector" setup_postgresql_db
-NODE_VERSION="24" setup_nodejs
-UV_PYTHON="3.12" setup_uv
-
-fetch_and_deploy_gh_tag "librechat" "danny-avila/LibreChat"
-fetch_and_deploy_gh_release "rag-api" "danny-avila/rag_api" "tarball"
-
-msg_info "Installing LibreChat Dependencies"
-cd /opt/librechat
-$STD npm ci
-msg_ok "Installed LibreChat Dependencies"
-
-msg_info "Building Frontend"
-$STD npm run frontend
-$STD npm prune --production
-$STD npm cache clean --force
-msg_ok "Built Frontend"
-
-msg_info "Installing RAG API Dependencies"
-cd /opt/rag-api
-$STD uv venv --python 3.12 --seed .venv
-$STD .venv/bin/pip install -r requirements.lite.txt
-mkdir -p /opt/rag-api/uploads
-msg_ok "Installed RAG API Dependencies"
-
-msg_info "Configuring LibreChat"
-JWT_SECRET=$(openssl rand -hex 32)
-JWT_REFRESH_SECRET=$(openssl rand -hex 32)
-CREDS_KEY=$(openssl rand -hex 32)
-CREDS_IV=$(openssl rand -hex 16)
-cat <<EOF >/opt/librechat/.env
-HOST=0.0.0.0
-PORT=3080
-MONGO_URI=mongodb://127.0.0.1:27017/LibreChat
-DOMAIN_CLIENT=http://${LOCAL_IP}:3080
-DOMAIN_SERVER=http://${LOCAL_IP}:3080
-NO_INDEX=true
-TRUST_PROXY=1
-JWT_SECRET=${JWT_SECRET}
-JWT_REFRESH_SECRET=${JWT_REFRESH_SECRET}
-SESSION_EXPIRY=1000 * 60 * 15
-REFRESH_TOKEN_EXPIRY=(1000 * 60 * 60 * 24) * 7
-CREDS_KEY=${CREDS_KEY}
-CREDS_IV=${CREDS_IV}
-ALLOW_EMAIL_LOGIN=true
-ALLOW_REGISTRATION=true
-ALLOW_SOCIAL_LOGIN=false
-ALLOW_SOCIAL_REGISTRATION=false
-ALLOW_PASSWORD_RESET=false
-ALLOW_UNVERIFIED_EMAIL_LOGIN=true
-SEARCH=true
-MEILI_NO_ANALYTICS=true
-MEILI_HOST=http://127.0.0.1:7700
-MEILI_MASTER_KEY=${MEILISEARCH_MASTER_KEY}
-RAG_PORT=8000
-RAG_API_URL=http://127.0.0.1:8000
-APP_TITLE=LibreChat
-ENDPOINTS=openAI,agents,assistants,anthropic,google
-# OPENAI_API_KEY=your-key-here
-# OPENAI_MODELS=
-# ANTHROPIC_API_KEY=your-key-here
-# GOOGLE_KEY=your-key-here
-EOF
-msg_ok "Configured LibreChat"
-
-msg_info "Configuring RAG API"
-cat <<EOF >/opt/rag-api/.env
-VECTOR_DB_TYPE=pgvector
-DB_HOST=127.0.0.1
-DB_PORT=5432
-POSTGRES_DB=${PG_DB_NAME}
-POSTGRES_USER=${PG_DB_USER}
-POSTGRES_PASSWORD=${PG_DB_PASS} 
-RAG_HOST=0.0.0.0
-RAG_PORT=8000
-JWT_SECRET=${JWT_SECRET}
-RAG_UPLOAD_DIR=/opt/rag-api/uploads/
-EOF
-msg_ok "Configured RAG API"
-
-msg_info "Creating Services"
-cat <<EOF >/etc/systemd/system/librechat.service
-[Unit]
-Description=LibreChat
-After=network.target mongod.service meilisearch.service rag-api.service
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/librechat
-EnvironmentFile=/opt/librechat/.env
-ExecStart=/usr/bin/npm run backend
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-cat <<EOF >/etc/systemd/system/rag-api.service
-[Unit]
-Description=LibreChat RAG API
-After=network.target postgresql.service
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/rag-api
-EnvironmentFile=/opt/rag-api/.env
-ExecStart=/opt/rag-api/.venv/bin/uvicorn main:app --host 0.0.0.0 --port 8000
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now rag-api librechat
-msg_ok "Created Services"
-
-motd_ssh
-customize
-cleanup_lxc

install/linkding-install.sh

@@ -27,7 +27,7 @@ msg_ok "Installed Dependencies"
 
 NODE_VERSION="22" setup_nodejs
 setup_uv
-fetch_and_deploy_gh_release "linkding" "sissbruecker/linkding" "tarball"
+fetch_and_deploy_gh_release "linkding" "sissbruecker/linkding"
 
 msg_info "Building Frontend"
 cd /opt/linkding

install/mail-archiver-install.sh

@@ -22,8 +22,7 @@ setup_deb822_repo \
   "main"
 $STD apt install -y \
   dotnet-sdk-10.0 \
-  aspnetcore-runtime-8.0 \
-  libgssapi-krb5-2
+  aspnetcore-runtime-8.0
 msg_ok "Installed Dependencies"
 
 PG_VERSION="17" setup_postgresql

install/matomo-install.sh

@@ -1,66 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://matomo.org/
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y caddy
-msg_ok "Installed Dependencies"
-
-mkdir -p /opt/matomo
-
-PHP_VERSION="8.3" PHP_FPM="YES" PHP_MODULES="pdo_mysql,gd,mbstring,xml,curl,intl,zip,ldap" setup_php
-setup_mariadb
-MARIADB_DB_NAME="matomo" MARIADB_DB_USER="matomo" setup_mariadb_db
-
-msg_info "Allowing Local TCP Database Access"
-$STD mariadb -u root -e "CREATE USER IF NOT EXISTS '$MARIADB_DB_USER'@'127.0.0.1' IDENTIFIED BY '$MARIADB_DB_PASS';"
-$STD mariadb -u root -e "ALTER USER '$MARIADB_DB_USER'@'127.0.0.1' IDENTIFIED BY '$MARIADB_DB_PASS';"
-$STD mariadb -u root -e "GRANT ALL ON \`$MARIADB_DB_NAME\`.* TO '$MARIADB_DB_USER'@'127.0.0.1';"
-$STD mariadb -u root -e "FLUSH PRIVILEGES;"
-msg_ok "Allowed Local TCP Database Access"
-
-fetch_and_deploy_gh_release "matomo" "matomo-org/matomo" "prebuild" "latest" "/opt/matomo" "matomo-*.zip"
-
-msg_info "Setting up Matomo"
-if [[ -d /opt/matomo/matomo ]]; then
-  rm -rf /opt/matomo/tmp "/opt/matomo/How to install Matomo.html"
-  find /opt/matomo/matomo -mindepth 1 -maxdepth 1 -exec mv -t /opt/matomo {} +
-  rm -rf /opt/matomo/matomo
-fi
-mkdir -p /opt/matomo/tmp
-chown -R www-data:www-data /opt/matomo
-chmod -R 755 /opt/matomo/tmp
-msg_ok "Set up Matomo"
-
-msg_info "Configuring Caddy"
-PHP_VER=$(php -r 'echo PHP_MAJOR_VERSION . "." . PHP_MINOR_VERSION;')
-cat <<EOF >/etc/caddy/Caddyfile
-:80 {
-    root * /opt/matomo
-    @blocked path /config /config/* /tmp /tmp/* /.* /.*/*
-    respond @blocked 403
-    php_fastcgi unix//run/php/php${PHP_VER}-fpm.sock
-    file_server
-    encode gzip
-}
-EOF
-usermod -aG www-data caddy
-msg_ok "Configured Caddy"
-
-systemctl enable -q --now php${PHP_VER}-fpm
-systemctl restart caddy
-
-motd_ssh
-customize
-cleanup_lxc

install/nagios-install.sh

@@ -1,79 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: CanbiZ (MickLesk)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/NagiosEnterprises/nagioscore
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  autoconf \
-  automake \
-  build-essential \
-  bc \
-  dc \
-  gawk \
-  gettext \
-  gperf \
-  libgd-dev \
-  libmcrypt-dev \
-  libnet-snmp-perl \
-  libssl-dev \
-  snmp \
-  apache2 \
-  apache2-utils
-msg_ok "Installed Dependencies"
-
-PHP_APACHE="YES" setup_php
-
-fetch_and_deploy_gh_release "nagios" "NagiosEnterprises/nagioscore" "tarball"
-
-msg_info "Building Nagios Core"
-cd /opt/nagios
-$STD ./configure --with-httpd-conf=/etc/apache2/sites-enabled
-$STD make all
-$STD make install-groups-users
-usermod -a -G nagios www-data
-$STD make install
-$STD make install-daemoninit
-$STD make install-commandmode
-$STD make install-config
-$STD make install-webconf
-$STD a2enmod rewrite
-$STD a2enmod cgi
-msg_ok "Built Nagios Core"
-
-fetch_and_deploy_gh_release "nagios-plugins" "nagios-plugins/nagios-plugins" "tarball"
-
-msg_info "Building Nagios Plugins"
-cd /opt/nagios-plugins
-$STD ./tools/setup
-$STD ./configure
-$STD make
-$STD make install
-setcap cap_net_raw+p /bin/ping
-msg_ok "Built Nagios Plugins"
-
-msg_info "Configuring Web Authentication"
-$STD htpasswd -bc /usr/local/nagios/etc/htpasswd.users nagiosadmin nagiosadmin
-chown root:www-data /usr/local/nagios/etc/htpasswd.users
-chmod 640 /usr/local/nagios/etc/htpasswd.users
-msg_ok "Configured Web Authentication"
-
-msg_info "Starting Services"
-systemctl enable -q apache2
-systemctl restart apache2
-systemctl enable -q --now nagios
-msg_ok "Started Services"
-
-motd_ssh
-customize
-cleanup_lxc

install/neko-install.sh

@@ -1,255 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: CanbiZ (MickLesk)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://neko.m1k1o.net/
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  supervisor \
-  pulseaudio \
-  dbus-x11 \
-  xserver-xorg-video-dummy \
-  xdotool \
-  xclip \
-  libgtk-3-0 \
-  gstreamer1.0-plugins-base \
-  gstreamer1.0-plugins-good \
-  gstreamer1.0-plugins-bad \
-  gstreamer1.0-plugins-ugly \
-  gstreamer1.0-pulseaudio \
-  openbox \
-  firefox-esr \
-  fonts-noto-color-emoji \
-  fonts-wqy-zenhei
-msg_ok "Installed Dependencies"
-systemctl disable -q --now supervisor
-
-msg_info "Installing Build Dependencies"
-$STD apt install -y \
-  build-essential \
-  pkg-config \
-  libx11-dev \
-  libxrandr-dev \
-  libxtst-dev \
-  libgtk-3-dev \
-  libxcvt-dev \
-  libgstreamer1.0-dev \
-  libgstreamer-plugins-base1.0-dev
-msg_ok "Installed Build Dependencies"
-
-NODE_VERSION="22" setup_nodejs
-setup_go
-
-fetch_and_deploy_gh_release "neko" "m1k1o/neko" "tarball"
-
-msg_info "Building Client"
-cd /opt/neko/client
-$STD npm install
-$STD npm run build
-mkdir -p /var/www
-cp -r /opt/neko/client/dist/* /var/www/
-msg_ok "Built Client"
-
-msg_info "Building Server"
-cd /opt/neko/server
-$STD ./build
-cp /opt/neko/server/bin/neko /usr/bin/neko
-mkdir -p /etc/neko/plugins
-cp -r /opt/neko/server/bin/plugins/* /etc/neko/plugins/ 2>/dev/null || true
-msg_ok "Built Server"
-
-msg_info "Setting up Runtime"
-useradd -m -s /bin/bash neko
-usermod -aG audio,video neko
-
-mkdir -p /etc/neko/supervisord /var/www /var/log/neko /tmp/.X11-unix /tmp/runtime-neko /home/neko/.config/pulse /home/neko/.local/share/xorg
-chmod 1777 /tmp/.X11-unix
-chmod 1777 /var/log/neko
-chmod 0700 /tmp/runtime-neko
-chown neko /tmp/.X11-unix /var/log/neko /tmp/runtime-neko
-chown -R neko:neko /home/neko
-
-cp /opt/neko/runtime/xorg.conf /etc/neko/xorg.conf
-# Remove the dummy_touchscreen InputDevice section (requires custom "neko" Xorg driver not available bare-metal)
-sed -i '/Section "InputDevice"/{N;/dummy_touchscreen/{:l;N;/EndSection/!bl;d}}' /etc/neko/xorg.conf
-sed -i '/dummy_touchscreen/d' /etc/neko/xorg.conf
-sed -i 's/InputDevice  "dummy_mouse"/InputDevice  "dummy_mouse" "CorePointer"/' /etc/neko/xorg.conf
-cp /opt/neko/runtime/default.pa /etc/pulse/default.pa
-
-cat <<EOF >/etc/neko/supervisord.conf
-[supervisord]
-nodaemon=true
-user=root
-pidfile=/var/run/supervisord.pid
-logfile=/dev/null
-logfile_maxbytes=0
-loglevel=debug
-
-[include]
-files=/etc/neko/supervisord/*.conf
-
-[program:x-server]
-environment=HOME="/home/neko",USER="neko"
-command=/usr/bin/X :99.0 -config /etc/neko/xorg.conf -noreset -nolisten tcp
-autorestart=true
-priority=300
-user=neko
-stdout_logfile=/var/log/neko/xorg.log
-stdout_logfile_maxbytes=100MB
-stdout_logfile_backups=10
-redirect_stderr=true
-
-[program:pulseaudio]
-environment=HOME="/home/neko",USER="neko",DISPLAY=":99.0"
-command=/usr/bin/pulseaudio --log-level=error --disallow-module-loading --disallow-exit --exit-idle-time=-1
-autorestart=true
-priority=300
-user=neko
-stdout_logfile=/var/log/neko/pulseaudio.log
-stdout_logfile_maxbytes=100MB
-stdout_logfile_backups=10
-redirect_stderr=true
-
-[program:neko]
-environment=HOME="/home/neko",USER="neko",DISPLAY=":99.0"
-command=/usr/bin/neko serve --server.static "/var/www"
-stopsignal=INT
-stopwaitsecs=3
-autorestart=true
-priority=800
-user=neko
-stdout_logfile=/var/log/neko/neko.log
-stdout_logfile_maxbytes=100MB
-stdout_logfile_backups=10
-redirect_stderr=true
-
-[unix_http_server]
-file=/var/run/supervisor.sock
-chmod=0770
-chown=root:neko
-
-[supervisorctl]
-serverurl=unix:///var/run/supervisor.sock
-
-[rpcinterface:supervisor]
-supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
-EOF
-
-cat <<EOF >/etc/neko/supervisord/firefox.conf
-[program:firefox]
-environment=HOME="/home/neko",USER="neko",DISPLAY=":99.0"
-command=/usr/bin/firefox-esr --no-remote --display=:99.0 -width 1280 -height 720
-stopsignal=INT
-autorestart=true
-priority=800
-user=neko
-stdout_logfile=/var/log/neko/firefox.log
-stdout_logfile_maxbytes=100MB
-stdout_logfile_backups=10
-redirect_stderr=true
-
-[program:openbox]
-environment=HOME="/home/neko",USER="neko",DISPLAY=":99.0"
-command=/usr/bin/openbox --config-file /etc/neko/openbox.xml
-autorestart=true
-priority=300
-user=neko
-stdout_logfile=/var/log/neko/openbox.log
-stdout_logfile_maxbytes=100MB
-stdout_logfile_backups=10
-redirect_stderr=true
-EOF
-
-cat <<'EOF' >/etc/neko/openbox.xml
-<?xml version="1.0" encoding="UTF-8"?>
-<openbox_config xmlns="http://openbox.org/3.4/rc" xmlns:xi="http://www.w3.org/2001/XInclude">
-<applications>
-    <application class="firefox" name="Navigator" role="browser">
-      <decor>no</decor>
-      <maximized>true</maximized>
-      <focus>yes</focus>
-      <layer>normal</layer>
-    </application>
-</applications>
-<focus>
-  <focusNew>yes</focusNew>
-  <followMouse>no</followMouse>
-  <focusLast>yes</focusLast>
-  <underMouse>no</underMouse>
-  <focusDelay>200</focusDelay>
-  <raiseOnFocus>no</raiseOnFocus>
-</focus>
-<placement>
-  <policy>Smart</policy>
-  <center>yes</center>
-</placement>
-<desktops>
-  <number>1</number>
-  <firstdesk>1</firstdesk>
-  <popupTime>0</popupTime>
-</desktops>
-</openbox_config>
-EOF
-
-cat <<EOF >/etc/neko/neko.yaml
-server:
-  bind: "0.0.0.0:8080"
-  static: "/var/www"
-session:
-  cookie:
-    enabled: false
-webrtc:
-  icelite: true
-  nat1to1:
-    - "${LOCAL_IP}"
-  epr: "59000-59100"
-desktop:
-  input:
-    enabled: false
-member:
-  provider: "multiuser"
-  multiuser:
-    admin_password: "admin"
-    user_password: "neko"
-EOF
-msg_ok "Set up Runtime"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/neko.service
-[Unit]
-Description=Neko Virtual Browser
-After=network.target
-
-[Service]
-Type=simple
-User=root
-Environment=USER=neko
-Environment=DISPLAY=:99.0
-Environment=PULSE_SERVER=unix:/tmp/pulseaudio.socket
-Environment=XDG_RUNTIME_DIR=/tmp/runtime-neko
-Environment=NEKO_PLUGINS_ENABLED=true
-Environment=NEKO_PLUGINS_DIR=/etc/neko/plugins/
-Environment=NEKO_CONFIG=/etc/neko/neko.yaml
-ExecStart=/usr/bin/supervisord -c /etc/neko/supervisord.conf -n
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now neko
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc

install/nodecast-tv-install.sh

@@ -13,7 +13,7 @@ setting_up_container
 network_check
 update_os
 
-fetch_and_deploy_gh_release "nodecast-tv" "technomancer702/nodecast-tv" "tarball"
+fetch_and_deploy_gh_release "nodecast-tv" "technomancer702/nodecast-tv"
 NODE_VERSION="20" setup_nodejs
 
 msg_info "Installing Dependencies"

install/pangolin-install.sh

@@ -22,8 +22,7 @@ $STD apt install -y \
 msg_ok "Installed Dependencies"
 
 NODE_VERSION="24" setup_nodejs
-PANGOLIN_VERSION="${PANGOLIN_VERSION:-1.18.2}"
-fetch_and_deploy_gh_release "pangolin" "fosrl/pangolin" "tarball" "$PANGOLIN_VERSION"
+fetch_and_deploy_gh_release "pangolin" "fosrl/pangolin" "tarball"
 fetch_and_deploy_gh_release "gerbil" "fosrl/gerbil" "singlefile" "latest" "/usr/bin" "gerbil_linux_amd64"
 fetch_and_deploy_gh_release "traefik" "traefik/traefik" "prebuild" "latest" "/usr/bin" "traefik_v*_linux_amd64.tar.gz"
 
@@ -205,7 +204,6 @@ User=root
 Environment=NODE_ENV=production
 Environment=ENVIRONMENT=prod
 WorkingDirectory=/opt/pangolin
-ExecStartPre=/usr/bin/node dist/migrations.mjs
 ExecStart=/usr/bin/node --enable-source-maps dist/server.mjs
 Restart=always
 RestartSec=10

install/patchmon-install.sh

@@ -14,91 +14,74 @@ network_check
 update_os
 
 msg_info "Installing Dependencies"
-$STD apt install -y redis-server
+$STD apt install -y \
+  build-essential \
+  nginx \
+  redis-server
 msg_ok "Installed Dependencies"
 
+NODE_VERSION="24" setup_nodejs
 PG_VERSION="17" setup_postgresql
 PG_DB_NAME="patchmon_db" PG_DB_USER="patchmon_usr" setup_postgresql_db
 
-RELEASE="v2.0.2"
-fetch_and_deploy_gh_release "PatchMon" "PatchMon/PatchMon" "singlefile" "latest" "/opt/patchmon" "patchmon-server-linux-amd64"
-mv /opt/patchmon/PatchMon /opt/patchmon/patchmon-server
+fetch_and_deploy_gh_release "PatchMon" "PatchMon/PatchMon" "tarball" "v1.4.2" "/opt/patchmon"
 
 msg_info "Configuring PatchMon"
-cat <<EOF >/opt/patchmon/.env
-DATABASE_URL="postgresql://$PG_DB_USER:$PG_DB_PASS@localhost:5432/$PG_DB_NAME"
-JWT_SECRET="$(openssl rand -hex 64)"
-SESSION_SECRET="$(openssl rand -hex 64)"
-AI_ENCRYPTION_KEY="$(openssl rand -hex 64)"
-CORS_ORIGIN=http://${LOCAL_IP}:3000
-PORT=3000
-APP_ENV=production
+VERSION=$(get_latest_github_release "PatchMon/PatchMon")
+export NODE_ENV=production
+cd /opt/patchmon
+$STD npm install --no-audit --no-fund --no-save --ignore-scripts
 
-# Redis
-REDIS_HOST=localhost
-REDIS_PORT=6379
-
-## OIDC / SSO (when OIDC_ENABLED=true, issuer/client/secret/redirect required)
-# OIDC_ENABLED=false
-# OIDC_ISSUER_URL=
-# OIDC_CLIENT_ID=
-# OIDC_CLIENT_SECRET=
-# OIDC_REDIRECT_URI=
-# OIDC_SCOPES=openid email profile groups
-# OIDC_AUTO_CREATE_USERS=false
-# OIDC_DEFAULT_ROLE=user
-# OIDC_DISABLE_LOCAL_AUTH=false
-# OIDC_BUTTON_TEXT=Login with SSO
-# OIDC_SESSION_TTL=600
-# OIDC_POST_LOGOUT_URI=
-# OIDC_SYNC_ROLES=false
-# OIDC_ADMIN_GROUP=
-# OIDC_SUPERADMIN_GROUP=
-# OIDC_HOST_MANAGER_GROUP=
-# OIDC_READONLY_GROUP=
-# OIDC_USER_GROUP=
-# OIDC_ENFORCE_HTTPS=true
-
-AGENT_BINARIES_DIR=/opt/patchmon/agents
+cd /opt/patchmon/frontend
+cat <<EOF >./.env
+VITE_APP_NAME=PatchMon
+VITE_APP_VERSION=${VERSION}
 EOF
+$STD npm install --no-audit --no-fund --no-save --ignore-scripts --include=dev
+$STD npm run build
+
+JWT_SECRET="$(openssl rand -hex 64)"
+mv /opt/patchmon/backend/env.example /opt/patchmon/backend/.env
+sed -i -e "s|DATABASE_URL=.*|DATABASE_URL=\"postgresql://$PG_DB_USER:$PG_DB_PASS@localhost:5432/$PG_DB_NAME\"|" \
+  -e "/JWT_SECRET/s/[=$].*/=$JWT_SECRET/" \
+  -e "\|CORS_ORIGIN|s|localhost|$LOCAL_IP|" \
+  -e "/PORT=3001/aSERVER_PROTOCOL=http \\
+  SERVER_HOST=$LOCAL_IP \\
+  SERVER_PORT=3000" \
+  -e '/_ENV=production/aTRUST_PROXY=1' \
+  -e '/REDIS_USER=.*/,+1d' /opt/patchmon/backend/.env
+
+cd /opt/patchmon/backend
+$STD npm run db:generate
+$STD npx prisma migrate deploy
 msg_ok "Configured PatchMon"
 
-msg_info "Fetching PatchMon agent binaries"
-RELEASE=$(get_latest_github_release "PatchMon/PatchMon")
-mkdir -p /opt/patchmon/agents
-FILE_URL="https://github.com/PatchMon/PatchMon/releases/download/v${RELEASE}/patchmon-agent-"
-AGENT_NAME=(
-  "linux-amd64"
-  "linux-arm64"
-  "linux-arm"
-  "linux-386"
-  "freebsd-amd64"
-  "freebsd-arm64"
-  "freebsd-arm"
-  "freebsd-386"
-  "windows-amd64.exe"
-  "windows-arm64.exe"
-)
-for arch in "${AGENT_NAME[@]}"; do
-  curl_with_retry "${FILE_URL}${arch}" "/opt/patchmon/agents/patchmon-agent-${arch}"
-  [[ "${arch}" != *.exe ]] && chmod 755 "/opt/patchmon/agents/patchmon-agent-${arch}"
-done
-msg_ok "Fetched PatchMon agent binaries"
+msg_info "Configuring Nginx"
+cp /opt/patchmon/docker/nginx.conf.template /etc/nginx/sites-available/patchmon.conf
+sed -i -e 's|proxy_pass .*|proxy_pass http://127.0.0.1:3001;|' \
+  -e '\|try_files |i\        root /opt/patchmon/frontend/dist;' \
+  -e 's|alias.*|alias /opt/patchmon/frontend/dist/assets;|' \
+  -e '\|expires 1y|i\        root /opt/patchmon/frontend/dist;' /etc/nginx/sites-available/patchmon.conf
+ln -sf /etc/nginx/sites-available/patchmon.conf /etc/nginx/sites-enabled/
+rm -f /etc/nginx/sites-enabled/default
+$STD nginx -t
+systemctl restart nginx
+msg_ok "Configured Nginx"
 
 msg_info "Creating service"
 cat <<EOF >/etc/systemd/system/patchmon-server.service
 [Unit]
-Description=PatchMon Server
+Description=PatchMon Service
 After=network.target postgresql.service
 
 [Service]
 Type=simple
-WorkingDirectory=/opt/patchmon
-ExecStart=/opt/patchmon/patchmon-server
+WorkingDirectory=/opt/patchmon/backend
+ExecStart=/usr/bin/npm run start
 Restart=always
 RestartSec=10
+Environment=NODE_ENV=production
 Environment=PATH=/usr/bin:/usr/local/bin
-EnvironmentFile=/opt/patchmon/.env
 NoNewPrivileges=true
 PrivateTmp=true
 ProtectSystem=strict

install/peanut-install.sh

@@ -29,28 +29,13 @@ cp -r .next/static .next/standalone/.next/
 mkdir -p /opt/peanut/.next/standalone/config
 mkdir -p /etc/peanut/
 ln -sf .next/standalone/server.js server.js
-if [[ ! -f /etc/peanut/settings.yml ]]; then
-  cat <<EOF >/etc/peanut/settings.yml
-NUT_SERVERS: []
+cat <<EOF >/etc/peanut/settings.yml
+WEB_HOST: 0.0.0.0
+WEB_PORT: 8080
+NUT_HOST: 0.0.0.0
+NUT_PORT: 3493
 EOF
-fi
 ln -sf /etc/peanut/settings.yml /opt/peanut/.next/standalone/config/settings.yml
-cat <<EOF >/etc/peanut/peanut.env
-NODE_ENV=production
-
-#WEB_HOST=0.0.0.0
-#WEB_PORT=8080
-#NUT_HOST=localhost
-#NUT_PORT=3493
-
-# Disable auth entirely:
-#AUTH_DISABLED=true
-
-# Bootstrap initial account on first start (ignored afterwards):
-#WEB_USERNAME=admin
-#WEB_PASSWORD=changeme
-EOF
-chmod 600 /etc/peanut/peanut.env
 msg_ok "Setup Peanut"
 
 msg_info "Creating Service"
@@ -63,7 +48,11 @@ SyslogIdentifier=peanut
 Restart=always
 RestartSec=5
 Type=simple
-EnvironmentFile=/etc/peanut/peanut.env
+Environment="NODE_ENV=production"
+#Environment="NUT_HOST=localhost"
+#Environment="NUT_PORT=3493"
+#Environment="WEB_HOST=0.0.0.0"
+#Environment="WEB_PORT=8080"
 WorkingDirectory=/opt/peanut
 ExecStart=node /opt/peanut/entrypoint.mjs
 TimeoutStopSec=30

install/protonmail-bridge-install.sh

@@ -1,192 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: Stephen Chin (steveonjava)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/ProtonMail/proton-bridge
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y pass
-msg_ok "Installed Dependencies"
-
-msg_info "Creating Service User"
-useradd -r -m -d /home/protonbridge -s /usr/sbin/nologin protonbridge
-install -d -m 0750 -o protonbridge -g protonbridge /home/protonbridge
-msg_ok "Created Service User"
-
-fetch_and_deploy_gh_release "protonmail-bridge" "ProtonMail/proton-bridge" "binary"
-
-msg_info "Creating Services"
-cat <<EOF >/etc/systemd/system/protonmail-bridge.service
-[Unit]
-Description=Proton Mail Bridge (noninteractive)
-After=network-online.target
-Wants=network-online.target
-ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized
-
-[Service]
-Type=simple
-User=protonbridge
-Group=protonbridge
-WorkingDirectory=/home/protonbridge
-Environment=HOME=/home/protonbridge
-ExecStart=/usr/bin/protonmail-bridge --noninteractive
-Restart=always
-RestartSec=3
-NoNewPrivileges=yes
-PrivateTmp=yes
-ProtectSystem=full
-ProtectKernelTunables=yes
-ProtectKernelModules=yes
-ProtectControlGroups=yes
-
-[Install]
-WantedBy=multi-user.target
-EOF
-cat <<'EOF' >/etc/systemd/system/protonmail-bridge-imap.socket
-[Unit]
-Description=Proton Mail Bridge IMAP Socket (143)
-ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized
-
-[Socket]
-ListenStream=143
-Accept=no
-Service=protonmail-bridge-imap-proxy.service
-
-[Install]
-WantedBy=sockets.target
-EOF
-cat <<'EOF' >/etc/systemd/system/protonmail-bridge-imap-proxy.service
-[Unit]
-Description=Proton Mail Bridge IMAP Proxy (143 -> 127.0.0.1:1143)
-After=protonmail-bridge.service
-Requires=protonmail-bridge.service
-ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized
-
-[Service]
-Type=simple
-Sockets=protonmail-bridge-imap.socket
-ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:1143
-NoNewPrivileges=yes
-PrivateTmp=yes
-EOF
-cat <<'EOF' >/etc/systemd/system/protonmail-bridge-smtp.socket
-[Unit]
-Description=Proton Mail Bridge SMTP Socket (587)
-ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized
-
-[Socket]
-ListenStream=587
-Accept=no
-Service=protonmail-bridge-smtp-proxy.service
-
-[Install]
-WantedBy=sockets.target
-EOF
-cat <<'EOF' >/etc/systemd/system/protonmail-bridge-smtp-proxy.service
-[Unit]
-Description=Proton Mail Bridge SMTP Proxy (587 -> 127.0.0.1:1025)
-After=protonmail-bridge.service
-Requires=protonmail-bridge.service
-ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized
-
-[Service]
-Type=simple
-Sockets=protonmail-bridge-smtp.socket
-ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:1025
-NoNewPrivileges=yes
-PrivateTmp=yes
-EOF
-msg_ok "Created Services"
-
-msg_info "Creating Helper Commands"
-
-cat <<'EOF' >/usr/local/bin/protonmailbridge-configure
-#!/usr/bin/env bash
-set -euo pipefail
-
-BRIDGE_USER="protonbridge"
-BRIDGE_HOME="/home/${BRIDGE_USER}"
-GNUPG_HOME="${BRIDGE_HOME}/.gnupg"
-MARKER="${BRIDGE_HOME}/.protonmailbridge-initialized"
-
-FIRST_TIME=0
-if [[ ! -f "${MARKER}" ]]; then
-  FIRST_TIME=1
-fi
-
-# Stop sockets/proxies/bridge daemon before configuration
-systemctl stop protonmail-bridge-imap.socket protonmail-bridge-smtp.socket
-systemctl stop protonmail-bridge-imap-proxy protonmail-bridge-smtp-proxy protonmail-bridge
-
-if [[ "${FIRST_TIME}" == "1" ]]; then
-  echo "First-time setup: initializing pass keychain for ${BRIDGE_USER} (required by Proton Mail Bridge on Linux)."
-
-  install -d -m 0700 -o "${BRIDGE_USER}" -g "${BRIDGE_USER}" "${GNUPG_HOME}"
-
-  FPR="$(runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \
-    gpg --list-secret-keys --with-colons 2>/dev/null | awk -F: '$1=="fpr"{print $10; exit}')"
-
-  if [[ -z "${FPR}" ]]; then
-    runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \
-      gpg --batch --pinentry-mode loopback --passphrase '' \
-      --quick-gen-key 'ProtonMail Bridge' default default never
-
-    FPR="$(runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \
-      gpg --list-secret-keys --with-colons 2>/dev/null | awk -F: '$1=="fpr"{print $10; exit}')"
-  fi
-
-  if [[ -z "${FPR}" ]]; then
-    echo "Failed to detect a GPG key fingerprint for ${BRIDGE_USER}." >&2
-    exit 1
-  fi
-
-  runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \
-    pass init "${FPR}"
-
-  echo
-  echo "To do initial configuration of the Proton Mail Bridge:"
-  echo "Run: login"
-  echo "Run: info"
-  echo "Run: exit"
-  echo
-else
-  echo
-  echo "Launching Proton Mail Bridge CLI for configuration."
-  echo "External access is disabled until you exit."
-  echo "Run: exit"
-  echo
-fi
-
-runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" \
-  protonmail-bridge -c
-
-if [[ "${FIRST_TIME}" == "1" ]]; then
-  touch "${MARKER}"
-  chown "${BRIDGE_USER}:${BRIDGE_USER}" "${MARKER}"
-  chmod 0644 "${MARKER}"
-fi
-
-systemctl enable -q --now protonmail-bridge.service protonmail-bridge-imap.socket protonmail-bridge-smtp.socket
-
-if [[ "${FIRST_TIME}" == "1" ]]; then
-  echo "Initialization complete. Services enabled and started."
-else
-  echo "Configuration complete. Services enabled and started."
-fi
-EOF
-chmod +x /usr/local/bin/protonmailbridge-configure
-ln -sf /usr/local/bin/protonmailbridge-configure /usr/bin/protonmailbridge-configure
-msg_ok "Created Helper Commands"
-
-motd_ssh
-customize
-cleanup_lxc

install/romm-install.sh

@@ -120,7 +120,7 @@ fetch_and_deploy_gh_release "RAHasher" "RetroAchievements/RALibretro" "prebuild"
 cp /opt/RALibretro/RAHasher /usr/bin/RAHasher
 chmod +x /usr/bin/RAHasher
 
-fetch_and_deploy_gh_release "romm" "rommapp/romm" "tarball"
+fetch_and_deploy_gh_release "romm" "rommapp/romm"
 
 msg_info "Creating environment file"
 sed -i 's/^supervised no/supervised systemd/' /etc/redis/redis.conf

install/shelfmark-install.sh

@@ -116,7 +116,7 @@ else
 fi
 
 NODE_VERSION="24" setup_nodejs
-PYTHON_VERSION="3.14" setup_uv
+PYTHON_VERSION="3.12" setup_uv
 
 fetch_and_deploy_gh_release "shelfmark" "calibrain/shelfmark" "tarball" "latest" "/opt/shelfmark"
 RELEASE_VERSION=$(cat "$HOME/.shelfmark")
@@ -130,15 +130,11 @@ mv /opt/shelfmark/src/frontend/dist /opt/shelfmark/frontend-dist
 msg_ok "Built Shelfmark frontend"
 
 msg_info "Configuring Shelfmark"
-export VIRTUAL_ENV=/opt/shelfmark/venv
 cd /opt/shelfmark
 $STD uv venv --clear ./venv
 $STD source ./venv/bin/activate
-if [[ "$DEPLOYMENT_TYPE" == "1" ]]; then
-  $STD uv sync --active --locked --no-default-groups --extra browser
-else
-  $STD uv sync --active --locked --no-default-groups
-fi
+$STD uv pip install -r ./requirements-base.txt
+[[ "$DEPLOYMENT_TYPE" == "1" ]] && $STD uv pip install -r ./requirements-shelfmark.txt
 mkdir -p {/var/log/shelfmark,/tmp/shelfmark}
 msg_ok "Configured Shelfmark"
 

install/soulsync-install.sh

@@ -1,59 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/Nezreka/SoulSync
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  gcc \
-  libffi-dev \
-  libssl-dev \
-  libchromaprint-tools \
-  ffmpeg
-msg_ok "Installed Dependencies"
-
-UV_PYTHON="3.11" setup_uv
-
-fetch_and_deploy_gh_release "soulsync" "Nezreka/SoulSync" "tarball"
-
-msg_info "Setting up Application"
-cd /opt/soulsync
-$STD uv venv /opt/soulsync/.venv --python 3.11
-$STD uv pip install -r requirements.txt --python /opt/soulsync/.venv/bin/python
-mkdir -p /opt/soulsync/{config,data,logs}
-msg_ok "Set up Application"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/soulsync.service
-[Unit]
-Description=SoulSync Music Discovery
-After=network.target
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/soulsync
-ExecStart=/opt/soulsync/.venv/bin/python web_server.py
-Environment=PYTHONPATH=/opt/soulsync PYTHONUNBUFFERED=1 DATABASE_PATH=/opt/soulsync/data/music_library.db
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now soulsync
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc

install/step-ca-install.sh

@@ -23,34 +23,21 @@ setup_deb822_repo \
 msg_info "Installing step-ca and step-cli"
 $STD apt install -y step-ca step-cli
 
-STEPPATH="/etc/step-ca"
-STEPHOME="/etc/step"
-
-export STEPPATH=$STEPPATH
-echo "export STEPPATH=${STEPPATH}" >> /etc/profile
+STEPHOME="/root/.step"
+export STEPPATH=/etc/step-ca
 export STEPHOME=$STEPHOME
-echo "export STEPHOME=${STEPHOME}" >> /etc/profile
 
-mkdir -p "$STEPHOME"
+sed  -i '1i export STEPPATH=/etc/step-ca' /etc/profile
+sed  -i '1i export STEPHOME=/root/.step' /etc/profile
 
-# Patch for making $STD happy (/usr/bin/step is a symlink to /usr/bin/step-cli)
-STEPBIN="$(which step)"
-rm -f "$STEPBIN"
-cp -f "$(which step-cli)" "$STEPBIN"
+setcap CAP_NET_BIND_SERVICE=+eip $(which step-ca)
 
-# Low port-binding capabilities (ports < 1024)
-# - Default step-ca listener port: 443
-setcap CAP_NET_BIND_SERVICE=+eip "$(which step-ca)"
-
-# Service User used by systemd step-ca.service
-$STD useradd --user-group --system --home "$(step path)" --shell /bin/false step
+$STD useradd --user-group --system --home $(step path) --shell /bin/false step
 msg_ok "Installed step-ca and step-cli"
 
 DomainName="$(hostname -d)"
 
 PKIName="$(prompt_input "Enter PKIName" "MyHomePKI" 30)"
-PKICountry="$(prompt_input "Enter PKICountry" "DE" 30)"
-PKIOrganizationalUnit="$(prompt_input "Enter PKIOrganizationalUnit" "MyHomeLab" 30)"
 PKIProvisioner="$(prompt_input "Enter PKIProvisioner" "pki@$DomainName" 30)"
 AcmeProvisioner="$(prompt_input "Enter AcmeProvisioner" "acme@$DomainName" 30)"
 X509MinDur="$(prompt_input "Enter X509MinDur" "48h" 30)"
@@ -58,15 +45,11 @@ X509MaxDur="$(prompt_input "Enter X509MaxDur" "87600h" 30)"
 X509DefaultDur="$(prompt_input "Enter X509DefaultDur" "168h" 30)"
 
 msg_info "Initializing step-ca"
-
-# Initialize step-ca
 DeploymentType="standalone"
 FQDN="$(hostname -f)"
 IP="${LOCAL_IP}"
 LISTENER=":443"
-LISTENER_INSECURE=":80"
 
-# Set different signing CA and Provisioner Passwords
 EncryptionPwdDir="$(step path)/encryption"
 PwdFile="$EncryptionPwdDir/ca.pwd"
 ProvisionerPwdFile="$EncryptionPwdDir/provisioner.pwd"
@@ -74,208 +57,19 @@ mkdir -p "$EncryptionPwdDir"
 gpg -q --gen-random --armor 2 32 >"$PwdFile"
 gpg -q --gen-random --armor 2 32 >"$ProvisionerPwdFile"
 
-# Used by systemd step-ca.service
+$STD step ca init --deployment-type="$DeploymentType" --ssh --name="$PKIName" --dns="$FQDN" --dns="$IP" --address="$LISTENER" --provisioner="$PKIProvisioner" --password-file="$PwdFile" --provisioner-password-file="$ProvisionerPwdFile"
+
 ln -s "$PwdFile" "$(step path)/password.txt"
-
-# Usage of:
-# - SSH feature of step-ca
-# - BadgerDB (badgerv2) => Default DB backend of step-ca
-# - badgerFileLoadingMode: FileIO (instead of MemoryMap) for LXC with low RAM
-$STD step ca init \
-  --deployment-type="$DeploymentType" \
-  --ssh \
-  --name="$PKIName" \
-  --dns="$FQDN" \
-  --dns="$IP" \
-  --address="$LISTENER" \
-  --provisioner="$PKIProvisioner" \
-  --password-file="$PwdFile" \
-  --provisioner-password-file="$ProvisionerPwdFile"
-
-# Define enhanced x509 CA and Certificate Templates
-mkdir -p "$(step path)/templates/ca"
-mkdir -p "$(step path)/templates/x509"
-
-CARootTemplate="$(step path)/templates/ca/root.tpl"
-CAIntermediateTemplate="$(step path)/templates/ca/intermediate.tpl"
-X509LeafTemplate="$(step path)/templates/x509/leaf.tpl"
-X509LeafTemplateData="$(step path)/templates/x509/leaf_data.tpl"
-
-cat <<'EOF' >"$CARootTemplate"
-{
-	"subject": {
-		"country": {{ toJson .Insecure.User.country }},
-		"organization": {{ toJson .Insecure.User.organization }},
-		"organizationalUnit": {{ toJson .Insecure.User.organizationalUnit }},
-		"commonName": {{ toJson .Subject.CommonName }}
-	},
-  "issuer": {{ toJson .Subject }},
-	"keyUsage": ["certSign", "crlSign"],
-	"basicConstraints": {
-		"isCA": true,
-		"maxPathLen": 1
-	},
-	"issuingCertificateURL": [{{ toJson .Insecure.User.issuingCertificateURL }}],
-	"crlDistributionPoints": [{{ toJson .Insecure.User.crlDistributionPoints }}]
-}
-EOF
-
-cat <<'EOF' >"$CAIntermediateTemplate"
-{
-	"subject": {
-		"country": {{ toJson .Insecure.User.country }},
-		"organization": {{ toJson .Insecure.User.organization }},
-		"organizationalUnit": {{ toJson .Insecure.User.organizationalUnit }},
-		"commonName": {{ toJson .Subject.CommonName }}
-	},
-	"keyUsage": ["certSign", "crlSign"],
-	"basicConstraints": {
-		"isCA": true,
-		"maxPathLen": 0
-	},
-	"issuingCertificateURL": [{{ toJson .Insecure.User.issuingCertificateURL }}],
-	"crlDistributionPoints": [{{ toJson .Insecure.User.crlDistributionPoints }}]
-}
-EOF
-
-cat <<'EOF' >"$X509LeafTemplate"
-{
-	"subject": {
-{{- if .Insecure.User.Country }}
-		"country": {{ toJson .Insecure.User.country }},
-{{- else }}
-		"country": {{ toJson .country }},
-{{- end }}
-{{- if .Insecure.User.organization }}
-		"organization": {{ toJson .Insecure.User.organization }},
-{{- else }}
-		"organization": {{ toJson .organization }},
-{{- end }}
-{{- if .Insecure.User.organizationalUnit }}
-		"organizationalUnit": {{ toJson .Insecure.User.organizationalUnit }},
-{{- else }}
-		"organizationalUnit": {{ toJson .organizationalUnit }},
-{{- end }}
-		"commonName": {{ toJson .Subject.CommonName }}
-	},
-	"sans": {{ toJson .SANs }},
-{{- if typeIs "*rsa.PublicKey" .Insecure.CR.PublicKey }}
-	"keyUsage": ["keyEncipherment", "digitalSignature"],
-{{- else }}
-	"keyUsage": ["digitalSignature"],
-{{- end }}
-	"extKeyUsage": ["serverAuth", "clientAuth"],
-{{- if .Insecure.User.issuingCertificateURL }}
-	"issuingCertificateURL": [{{ toJson .Insecure.User.issuingCertificateURL }}],
-{{- else }}
-	"issuingCertificateURL": [{{ toJson .issuingCertificateURL }}],
-{{- end }}
-{{- if .Insecure.User.crlDistributionPoints }}
-	"crlDistributionPoints": [{{ toJson .Insecure.User.crlDistributionPoints }}]
-{{- else }}
-	"crlDistributionPoints": [{{ toJson .crlDistributionPoints }}]
-{{- end }}
-}
-EOF
-
-cat <<EOF >"$X509LeafTemplateData"
-{
-	"country": "${PKICountry}",
-	"organization": "${PKIName}",
-	"organizationalUnit": "${PKIOrganizationalUnit}",
-	"issuingCertificateURL": ["https://${FQDN}${LISTENER}/intermediates.pem"],
-	"crlDistributionPoints": ["https://${FQDN}${LISTENER}/crl"]
-}
-EOF
-
-# Configure CA Provisioners, DB and CRL settings
-$STD step ca provisioner add "$AcmeProvisioner" \
-  --type ACME \
-  --admin-name "$AcmeProvisioner"
-
-$STD step ca provisioner update "$PKIProvisioner" \
-  --x509-min-dur="$X509MinDur" \
-  --x509-max-dur="$X509MaxDur" \
-  --x509-default-dur="$X509DefaultDur" \
-  --x509-template="$X509LeafTemplate" \
-  --x509-template-data="$X509LeafTemplateData" \
-  --allow-renewal-after-expiry
-
-$STD step ca provisioner update "$AcmeProvisioner" \
-  --x509-min-dur="$X509MinDur" \
-  --x509-max-dur="$X509MaxDur" \
-  --x509-default-dur="$X509DefaultDur" \
-  --x509-template="$X509LeafTemplate" \
-  --x509-template-data="$X509LeafTemplateData" \
-  --allow-renewal-after-expiry
-
-CAConfig="$(step path)/config/ca.json"
-jq --arg a "${PKICountry}" '.country = $a' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
-jq --arg a "${PKIName}" '.organization = $a' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
-jq --arg a "${PKIOrganizationalUnit}" '.organizationalUnit = $a' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
-jq --arg a "${PKIName} Online CA" '.commonName = $a' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
-jq '.db.badgerFileLoadingMode = "FileIO"' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
-jq '.crl.enabled = true' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
-jq '.crl.generateOnRevoke = true' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
-jq '.crl.cacheDuration = "24h0m0s"' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
-jq '.crl.renewPeriod = "16h0m0s"' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
-jq --arg a "https://${FQDN}${LISTENER}/crl" '.crl.idpURL = $a' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
-jq --arg a "$LISTENER_INSECURE" '.insecureAddress = $a' "${CAConfig}" > "${CAConfig}_tmp" && mv "${CAConfig}_tmp" "${CAConfig}"
-
-# Generate Root CA Certificate and Key
-# - Validity: 219168h (~25 Years)
-# - maxPathLen: 1 (Root -> Intermediate -> Leaf) => Only one Intermediate CA allowed below Root CA
-# - Active revocation on Intermediate CA and Leaf Certificates by the usage of build-in Certificate Revocation List (CRL)
-FLAGS=(--force
-  --template="${CARootTemplate}"
-  --not-after="219168h"
-  --password-file="${PwdFile}"
-  --set country="${PKICountry}"
-  --set organization="${PKIName}"
-  --set organizationalUnit="${PKIOrganizationalUnit}"
-  --set issuingCertificateURL="https://${FQDN}${LISTENER}/roots.pem"
-  --set crlDistributionPoints="https://${FQDN}${LISTENER}/crl")
-
-$STD step certificate create "${PKIName} Root CA" \
-  "$(step path)/certs/root_ca.crt" \
-  "$(step path)/secrets/root_ca_key" \
-  "${FLAGS[@]}"
-
-# Generate Intermediate CA Certificate Bundle and Key
-# - Validity: 175368h (~20 Years)
-# - maxPathLen: 0 (Root -> Intermediate -> Leaf) => Intermediate CA is only allowed to issue Leaf Certificates
-# - Active revocation on Leaf Certificates by the usage of build-in Certificate Revocation List (CRL)
-# - Bundle: Certificate Chain (including Root CA Certificate)
-FLAGS=(--force
-  --template="${CAIntermediateTemplate}"
-  --ca="$(step path)/certs/root_ca.crt"
-  --ca-key="$(step path)/secrets/root_ca_key"
-  --not-after="175368h"
-  --ca-password-file="${PwdFile}"
-  --password-file="${PwdFile}"
-  --bundle
-  --set country="${PKICountry}"
-  --set organization="${PKIName}"
-  --set organizationalUnit="${PKIOrganizationalUnit}"
-  --set issuingCertificateURL="https://${FQDN}${LISTENER}/roots.pem"
-  --set crlDistributionPoints="https://${FQDN}${LISTENER}/crl")
-
-$STD step certificate create "${PKIName} Intermediate CA" \
-  "$(step path)/certs/intermediate_ca.crt" \
-  "$(step path)/secrets/intermediate_ca_key" \
-  "${FLAGS[@]}"
-
-# Install Root CA Certificate to System Trust Store
-$STD step certificate install --all "$(step path)/certs/root_ca.crt"
+chown -R step:step $(step path)
+chmod -R 700 $(step path)
+$STD step ca provisioner add "$AcmeProvisioner" --type ACME --admin-name "$AcmeProvisioner"
+$STD step ca provisioner update "$PKIProvisioner" --x509-min-dur="$X509MinDur" --x509-max-dur="$X509MaxDur" --x509-default-dur="$X509DefaultDur" --allow-renewal-after-expiry
+$STD step ca provisioner update "$AcmeProvisioner" --x509-min-dur="$X509MinDur" --x509-max-dur="$X509MaxDur" --x509-default-dur="$X509DefaultDur" --allow-renewal-after-expiry
+$STD step certificate install --all $(step path)/certs/root_ca.crt
 $STD update-ca-certificates
-
-chown -R step:step "$(step path)"
-chmod -R 700 "$(step path)"
 msg_ok "Initialized step-ca"
 
 msg_info "Start step-ca as a Daemon"
-
-# https://smallstep.com/docs/step-ca/certificate-authority-server-production/#running-step-ca-as-a-daemon
 cat <<'EOF' >/etc/systemd/system/step-ca.service
 [Unit]
 Description=step-ca service
@@ -336,6 +130,271 @@ msg_ok "Started step-ca as a Daemon"
 fetch_and_deploy_gh_release "step-badger" "lukasz-lobocki/step-badger" "prebuild" "latest" "/opt/step-badger" "step-badger_Linux_x86_64.tar.gz"
 ln -s /opt/step-badger/step-badger /usr/local/bin/step-badger
 
+msg_info "Install step-ca Admin script"
+mkdir -p "$STEPHOME"
+cat <<'ADDON_EOF' >"$STEPHOME/step-ca-admin.sh"
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: Joerg Heinemann (heinemannj)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+
+function header_info() {
+  clear
+  cat <<"EOF"
+         __                                 ___       __          _     
+   _____/ /____  ____        _________ _   /   | ____/ /___ ___  (_)___ 
+  / ___/ __/ _ \/ __ \______/ ___/ __ `/  / /| |/ __  / __ `__ \/ / __ \
+ (__  ) /_/  __/ /_/ /_____/ /__/ /_/ /  / ___ / /_/ / / / / / / / / / /
+/____/\__/\___/ .___/      \___/\__,_/  /_/  |_\__,_/_/ /_/ /_/_/_/ /_/ 
+             /_/                                                            
+
+EOF
+}
+
+function die() {
+  echo -e "\n${BL}[ERROR]${GN} ${RD}${1}${CL}\n"
+  exit
+}
+
+function success() {
+  echo -e "${BL}[SUCCESS]${GN} ${1}${CL}\n"
+  exit
+}
+
+function whiptail_menu() {
+  MENU_ARRAY=()
+  MSG_MAX_LENGTH=0
+  while read -r TAG ITEM; do
+    OFFSET=2
+    ((${#ITEM} + OFFSET > MSG_MAX_LENGTH)) && MSG_MAX_LENGTH=${#ITEM}+OFFSET
+    MENU_ARRAY+=("$TAG" "$ITEM " "OFF")
+  done < <(echo "$1")
+}
+
+function x509_list() {
+  CERT_LIST=""
+  cp --recursive --force "$(step path)/db/"* "$STEPHOME/db-copy/"
+  cp --recursive --force "$(step path)/certs/"* "$STEPHOME/certs/ca/"
+  if [[ $(step-badger x509Certs "${STEPHOME}/db-copy" 2>/dev/null) ]]; then
+    CERT_LIST=$(step-badger x509Certs ${STEPHOME}/db-copy 2>/dev/null)
+  fi
+}
+
+function ssh_list() {
+  CERT_LIST=""
+  cp --recursive --force "$(step path)/db/"* "$STEPHOME/db-copy/"
+  cp --recursive --force "$(step path)/certs/"* "$STEPHOME/certs/ca/"
+  if [[ $(step-badger sshCerts "${STEPHOME}/db-copy" 2>/dev/null) ]]; then
+    CERT_LIST=$(step-badgersshCerts ${STEPHOME}/db-copy 2>/dev/null)
+  fi
+}
+
+function x509_serial_to_cn() {
+  x509_list
+  CN="$(echo "${CERT_LIST}" | grep "${SERIAL_NUMBER}" | awk '{print $2}' | sed 's/CN=//g')"
+  CRT="$STEPHOME/certs/x509/$CN.crt"
+  KEY="$STEPHOME/certs/x509/$CN.key"
+  if ! [[ -f ${CRT} ]]; then
+    die "Certificate ${CRT} not found!"
+  elif ! [[ -f ${KEY} ]]; then
+    die "Private Key ${KEY} not found!"
+  fi
+}
+
+function x509_revoke() {
+  # shellcheck disable=SC2206
+  SERIAL_NUMBER_ARRAY=(${CERT_SERIAL_NUMBERS})
+  for SERIAL_NUMBER in "${SERIAL_NUMBER_ARRAY[@]}"; do
+    echo -e "${BL}[Info]${GN} Revoke x509 Certificate with Serial Number ${BL}${SERIAL_NUMBER}${GN}:${CL}"
+    echo
+    TOKEN=$(step ca token --provisioner="$PROVISIONER" --provisioner-password-file="$PROVISIONER_PASSWORD" --revoke "${SERIAL_NUMBER}")
+    step ca revoke --token "$TOKEN" "${SERIAL_NUMBER}" || die "Failed to revoke certificate!"
+    echo
+  done
+  success "Finished."
+}
+
+function x509_renew() {
+  # shellcheck disable=SC2206
+  SERIAL_NUMBER_ARRAY=(${CERT_SERIAL_NUMBERS})
+  for SERIAL_NUMBER in "${SERIAL_NUMBER_ARRAY[@]}"; do
+    echo -e "${BL}[Info]${GN} Renew x509 Certificate with Serial Number ${BL}${SERIAL_NUMBER}${GN}:${CL}"
+    echo
+    x509_serial_to_cn
+    step ca renew "${CRT}" "${KEY}" --force || die "Failed to renew certificate!"
+    echo
+  done
+  success "Finished."
+}
+
+function x509_inspect() {
+  # shellcheck disable=SC2206
+  SERIAL_NUMBER_ARRAY=(${CERT_SERIAL_NUMBERS})
+  for SERIAL_NUMBER in "${SERIAL_NUMBER_ARRAY[@]}"; do
+    echo -e "${BL}[Info]${GN} Inspect x509 Certificate with Serial Number ${BL}${SERIAL_NUMBER}${GN}:${CL}\n"
+    x509_serial_to_cn
+    step certificate inspect "${CRT}" || die "Failed to inspect certificate!"
+    if ! [[ $(step certificate inspect "${CRT}" | grep "${SERIAL_NUMBER}") ]]; then
+      die "Serial Number ${SERIAL_NUMBER} mismatch!"
+    fi
+    echo -e "\n${BL}[Info]${GN} Public Key:${CL}\n"
+    cat "${CRT}"
+    echo -e "\n${BL}[Info]${GN} Private Key:${CL}\n"
+    cat "${KEY}"
+    echo
+  done
+  success "Finished."
+}
+
+function x509_request() {
+  FQDN=""
+  SAN=""
+
+  while true; do
+    FQDN=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Certificate Signing Request (CSR)" --inputbox '\nFQDN (e.g. MyLXC.example.com)' 10 50 "$FQDN" 3>&1 1>&2 2>&3)
+    IP=$(dig +short "$FQDN")
+    if [[ -z "$IP" ]]; then
+      die "Resolution failed for $FQDN!"
+    fi
+    HOST=$(echo "$FQDN" | awk -F'.' '{print $1}')
+    IP=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Certificate Signing Request (CSR)" --inputbox '\nIP Address (e.g. x.x.x.x)' 10 50 "$IP" 3>&1 1>&2 2>&3)
+    HOST=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Certificate Signing Request (CSR)" --inputbox '\nHostname (e.g. MyHostName)' 10 50 "$HOST" 3>&1 1>&2 2>&3)
+    SAN=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Certificate Signing Request (CSR)" --inputbox '\nSubject Alternative Name(s) (SAN) (e.g. myapp-1.example.com, myapp-2.example.com)' 10 50 "$SAN" 3>&1 1>&2 2>&3)
+    VALID_TO=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Certificate Signing Request (CSR)" --inputbox '\nValidity (e.g. 2034-01-31T00:00:00Z)' 10 50 "2034-01-31T00:00:00Z" 3>&1 1>&2 2>&3)
+
+    # shellcheck disable=SC2034
+    if whiptail_yesno=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Certificate Signing Request (CSR)" --yesno "Continue with below?\n
+      FQDN: $FQDN
+      Hostname: $HOST
+      IP Address: $IP
+      Subject Alternative Name(s) (SAN): $SAN
+      Validity: $VALID_TO" --no-button "Change" --yes-button "Continue" 15 70 3>&1 1>&2 2>&3); then
+      break
+    fi
+  done
+
+  echo -e "${BL}[Info]${GN} Request x509 Certificate with subject ${BL}${FQDN}${GN}:${CL}"
+  echo
+  CRT="$STEPHOME/certs/x509/$FQDN.crt"
+  KEY="$STEPHOME/certs/x509/$FQDN.key"
+
+  SAN="$FQDN, $HOST, $IP, $SAN"
+
+  IFS=', ' read -r -a array <<< "$SAN"
+  for element in "${array[@]}"
+  do
+    SAN_ARRAY+=(--san "$element")
+  done
+
+  step ca certificate "$FQDN" "$CRT" "$KEY" \
+    --provisioner="$PROVISIONER" \
+    --provisioner-password-file="$PROVISIONER_PASSWORD" \
+    --not-after="$VALID_TO" \
+    "${SAN_ARRAY[@]}" \
+  || die "Failed to request certificate!"
+
+  echo -e "\n${BL}[Info]${GN} Inspect Certificate:${CL}\n"
+  step certificate inspect "${CRT}" || die "Failed to inspect certificate!"
+  echo -e "\n${BL}[Info]${GN} Public Key:${CL}\n"
+  cat "${CRT}"
+  echo -e "\n${BL}[Info]${GN} Private Key:${CL}\n"
+  cat "${KEY}"
+  echo
+  success "Finished."
+}
+
+set -eEuo pipefail
+# shellcheck disable=SC2034
+# shellcheck disable=SC2116
+# shellcheck disable=SC2028
+YW=$(echo "\033[33m")
+# shellcheck disable=SC2116
+# shellcheck disable=SC2028
+BL=$(echo "\033[36m")
+# shellcheck disable=SC2116
+# shellcheck disable=SC2028
+RD=$(echo "\033[01;31m")
+# shellcheck disable=SC2034
+CM='\xE2\x9C\x94\033'
+# shellcheck disable=SC2116
+# shellcheck disable=SC2028
+GN=$(echo "\033[1;92m")
+# shellcheck disable=SC2116
+# shellcheck disable=SC2028
+CL=$(echo "\033[m")
+
+# Telemetry
+# shellcheck disable=SC1090
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/api.func) 2>/dev/null || true
+declare -f init_tool_telemetry &>/dev/null && init_tool_telemetry "step-ca-admin" "step-ca"
+
+header_info
+
+mkdir --parents "$STEPHOME/db-copy/"
+mkdir --parents "$STEPHOME/certs/ca/_archive/"
+mkdir --parents "$STEPHOME/certs/ssh/_archive/"
+mkdir --parents "$STEPHOME/certs/x509/_archive/"
+
+PROVISIONER=$(jq '.authority.provisioners.[] | select(.type=="JWK") | .name' "$(step path)"/config/ca.json)
+PROVISIONER="${PROVISIONER#\"}"
+PROVISIONER="${PROVISIONER%\"}"
+PROVISIONER_PASSWORD=$(step path)/encryption/provisioner.pwd
+
+whiptail --backtitle "Proxmox VE Helper Scripts" --title "step-ca Admin" --yesno "This will maintain step-ca issued x509 and ssh Certificates. Proceed?" 10 58
+
+MENU_ARRAY=("x509" "Maintain x509 Certificates." "ON")
+MENU_ARRAY+=("ssh" "Maintain ssh Certificates." "OFF")
+CERT_TYPE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "step-ca Admin" --radiolist "\nSelect Certificate Type:" 16 48 6 "${MENU_ARRAY[@]}" 3>&1 1>&2 2>&3 | tr -d '"')
+
+[[ -z ${CERT_TYPE} ]] && die "No Certificate Type selected!"
+
+case ${CERT_TYPE} in
+("x509")
+  x509_list
+  CERT_LIST=$(echo "$CERT_LIST" | awk 'NR>1 {print $1 " " $2 "|" $3 "|" $4 "|" $5}')
+  if [[ $CERT_LIST ]]; then
+    whiptail_menu "$CERT_LIST"
+  else
+    MENU_ARRAY=()
+    MSG_MAX_LENGTH=2
+  fi
+  MENU_ARRAY+=("" "Create a new Certificate" "OFF")
+  CERT_SERIAL_NUMBERS=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "Certificates on $(hostname)" --checklist "\nSelect Certificate(s) to maintain:\n" 16 $((MSG_MAX_LENGTH + 55)) 6 "${MENU_ARRAY[@]}" 3>&1 1>&2 2>&3 | tr -d '"')
+
+  [[ -z ${CERT_SERIAL_NUMBERS} ]] && x509_request
+  
+  MENU_ARRAY=("Renew" "Renew x509 Certificates." "ON")
+  MENU_ARRAY+=("Revoke" "Revoke x509 Certificates." "OFF")
+  MENU_ARRAY+=("Inspect" "Inspect x509 Certificates." "OFF")
+  CERT_MAINTENANCE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "step-ca Admin" --radiolist "\nSelect Maintenance Type:" 16 48 6 "${MENU_ARRAY[@]}" 3>&1 1>&2 2>&3 | tr -d '"')
+
+  case ${CERT_MAINTENANCE} in
+  ("Renew")
+    x509_renew "${CERT_SERIAL_NUMBERS[@]}"
+    ;;
+  ("Revoke")
+    x509_revoke "${CERT_SERIAL_NUMBERS[@]}"
+    ;;
+  ("Inspect")
+    x509_inspect "${CERT_SERIAL_NUMBERS[@]}"
+    ;;
+  *)
+    die "Unsupported CERT_MAINTENANCE Option!"
+    ;;
+  esac
+  ;;
+("ssh")
+  die "Maintain ssh Certificates - To be implemented in future"
+  ;;
+*)
+  die "Unsupported CERT_TYPE Option!"
+  ;;
+esac
+ADDON_EOF
+chmod 700 "$STEPHOME/step-ca-admin.sh"
+msg_ok "Installed step-ca Admin script"
+
 motd_ssh
 customize
 cleanup_lxc

install/storybook-install.sh

@@ -1,55 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/storybookjs/storybook
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-NODE_VERSION="24" NODE_MODULE="pnpm" setup_nodejs
-
-msg_info "Preparing Storybook"
-mkdir -p /opt/storybook
-cd /opt/storybook
-msg_ok "Important: Interactive configuration will start now."
-
-npx -y storybook@latest init --yes --no-dev
-PROJECT_PATH=$(find /opt/storybook -maxdepth 2 -name ".storybook" -type d 2>/dev/null | head -n1 | xargs dirname)
-
-if [[ -z "$PROJECT_PATH" ]]; then
-  PROJECT_PATH="/opt/storybook"
-fi
-
-cd "$PROJECT_PATH"
-echo "$PROJECT_PATH" >/opt/storybook/.projectpath
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/storybook.service
-[Unit]
-Description=Storybook Dev Server
-After=network.target
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=${PROJECT_PATH}
-ExecStart=/usr/bin/npx storybook dev --host 0.0.0.0 --port 6006 --no-open
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now storybook
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc

install/storyteller-install.sh

@@ -1,98 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://gitlab.com/storyteller-platform/storyteller
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  build-essential \
-  git \
-  pkg-config \
-  libsqlite3-dev \
-  sqlite3 \
-  python3-setuptools \
-  ffmpeg
-msg_ok "Installed Dependencies"
-
-NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
-
-fetch_and_deploy_gh_release "readium" "readium/cli" "prebuild" "latest" "/opt/readium" "readium_linux_x86_64.tar.gz"
-ln -sf /opt/readium/readium /usr/local/bin/readium
-fetch_and_deploy_gl_release "storyteller" "storyteller-platform/storyteller" "tarball" "latest" "/opt/storyteller"
-
-msg_info "Setting up Storyteller"
-cd /opt/storyteller
-$STD yarn install --network-timeout 600000
-$STD gcc -g -fPIC -rdynamic -shared web/sqlite/uuid.c -o web/sqlite/uuid.c.so
-STORYTELLER_SECRET_KEY=$(openssl rand -base64 32)
-cat <<EOF >/opt/storyteller/.env
-STORYTELLER_SECRET_KEY=${STORYTELLER_SECRET_KEY}
-STORYTELLER_DATA_DIR=/opt/storyteller/data
-PORT=8001
-HOSTNAME=0.0.0.0
-READIUM_PORT=9000
-NODE_ENV=production
-NEXT_TELEMETRY_DISABLED=1
-EOF
-mkdir -p /opt/storyteller/data
-{
-  echo "Storyteller Credentials"
-  echo "======================="
-  echo "Secret Key: ${STORYTELLER_SECRET_KEY}"
-} >~/storyteller.creds
-msg_ok "Set up Storyteller"
-
-msg_info "Building Storyteller"
-cd /opt/storyteller
-export CI=1
-export NODE_ENV=production
-export NEXT_TELEMETRY_DISABLED=1
-export SQLITE_NATIVE_BINDING=/opt/storyteller/node_modules/better-sqlite3/build/Release/better_sqlite3.node
-$STD yarn workspaces foreach -Rpt --from @storyteller-platform/web --exclude @storyteller-platform/eslint run build
-mkdir -p /opt/storyteller/web/.next/standalone/web/.next/static
-cp -rT /opt/storyteller/web/.next/static /opt/storyteller/web/.next/standalone/web/.next/static
-if [[ -d /opt/storyteller/web/public ]]; then
-  mkdir -p /opt/storyteller/web/.next/standalone/web/public
-  cp -rT /opt/storyteller/web/public /opt/storyteller/web/.next/standalone/web/public
-fi
-mkdir -p /opt/storyteller/web/.next/standalone/web/migrations
-cp -rT /opt/storyteller/web/migrations /opt/storyteller/web/.next/standalone/web/migrations
-mkdir -p /opt/storyteller/web/.next/standalone/web/sqlite
-cp -rT /opt/storyteller/web/sqlite /opt/storyteller/web/.next/standalone/web/sqlite
-ln -sf /opt/storyteller/.env /opt/storyteller/web/.next/standalone/web/.env
-msg_ok "Built Storyteller"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/storyteller.service
-[Unit]
-Description=Storyteller
-After=network.target
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/storyteller/web/.next/standalone/web
-EnvironmentFile=/opt/storyteller/.env
-ExecStart=/usr/bin/node --enable-source-maps server.js
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now storyteller
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc