fix(plex): restart service after update to apply new version

After apt install updates the plexmediaserver package, the running service needs an explicit restart so the new version is loaded. Without this, users see the update succeed but Plex still shows the old version in the web interface. Ref #12993
2026-03-18 07:53:01 +01:00 · 2026-03-17 20:44:40 +01:00
5 changed files with 90 additions and 97 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -423,29 +423,8 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit

 </details>

-## 2026-03-18
-
-### 💾 Core
-
-  - #### ✨ New Features
-
-    - tools.func: Implement fetch_and_deploy_gh_tag function [@MickLesk](https://github.com/MickLesk) ([#13000](https://github.com/community-scripts/ProxmoxVE/pull/13000))
-
 ## 2026-03-17

-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Gluetun: add OpenVPN process user and cleanup stale config [@MickLesk](https://github.com/MickLesk) ([#13016](https://github.com/community-scripts/ProxmoxVE/pull/13016))
-    - Frigate: check OpenVino model files exist before configuring detector and use curl_with_retry instead of default wget [@MickLesk](https://github.com/MickLesk) ([#13019](https://github.com/community-scripts/ProxmoxVE/pull/13019))
-
-### 💾 Core
-
-  - #### 🔧 Refactor
-
-    - tools.func: Update `create_self_signed_cert()` [@tremor021](https://github.com/tremor021) ([#13008](https://github.com/community-scripts/ProxmoxVE/pull/13008))
-
 ## 2026-03-16

 ### 🆕 New Scripts
--- a/ct/plex.sh
+++ b/ct/plex.sh
@@ -79,6 +79,11 @@ function update_script() {
  $STD apt update
  $STD apt install -y plexmediaserver
  msg_ok "Updated Plex Media Server"
+
+  msg_info "Restarting Plex Media Server"
+  systemctl restart plexmediaserver
+  msg_ok "Restarted Plex Media Server"
+
  msg_ok "Updated successfully!"
  exit
 }
--- a/install/frigate-install.sh
+++ b/install/frigate-install.sh
@@ -146,7 +146,7 @@ ldconfig
 msg_ok "Built libUSB"

 msg_info "Bootstrapping pip"
-curl_with_retry "https://bootstrap.pypa.io/get-pip.py" "/tmp/get-pip.py"
+wget -q https://bootstrap.pypa.io/get-pip.py -O /tmp/get-pip.py
 sed -i 's/args.append("setuptools")/args.append("setuptools==77.0.3")/' /tmp/get-pip.py
 $STD python3 /tmp/get-pip.py "pip"
 rm -f /tmp/get-pip.py
@@ -169,13 +169,13 @@ NODE_VERSION="20" setup_nodejs

 msg_info "Downloading Inference Models"
 mkdir -p /models /openvino-model
-curl_with_retry "https://github.com/google-coral/test_data/raw/release-frogfish/ssdlite_mobiledet_coco_qat_postprocess_edgetpu.tflite" "/edgetpu_model.tflite"
-curl_with_retry "https://github.com/google-coral/test_data/raw/release-frogfish/ssdlite_mobiledet_coco_qat_postprocess.tflite" "/models/cpu_model.tflite"
+wget -q -O /edgetpu_model.tflite https://github.com/google-coral/test_data/raw/release-frogfish/ssdlite_mobiledet_coco_qat_postprocess_edgetpu.tflite
+wget -q -O /models/cpu_model.tflite https://github.com/google-coral/test_data/raw/release-frogfish/ssdlite_mobiledet_coco_qat_postprocess.tflite
 cp /opt/frigate/labelmap.txt /labelmap.txt
 msg_ok "Downloaded Inference Models"

 msg_info "Downloading Audio Model"
-curl_with_retry "https://www.kaggle.com/api/v1/models/google/yamnet/tfLite/classification-tflite/1/download" "/tmp/yamnet.tar.gz"
+wget -q -O /tmp/yamnet.tar.gz https://www.kaggle.com/api/v1/models/google/yamnet/tfLite/classification-tflite/1/download
 $STD tar xzf /tmp/yamnet.tar.gz -C /
 mv /1.tflite /cpu_audio_model.tflite
 cp /opt/frigate/audio-labelmap.txt /audio-labelmap.txt
@@ -205,7 +205,7 @@ msg_ok "Installed OpenVino"

 msg_info "Building OpenVino Model"
 cd /models
-curl_with_retry "http://download.tensorflow.org/models/object_detection/ssdlite_mobilenet_v2_coco_2018_05_09.tar.gz" "ssdlite_mobilenet_v2_coco_2018_05_09.tar.gz"
+wget -q http://download.tensorflow.org/models/object_detection/ssdlite_mobilenet_v2_coco_2018_05_09.tar.gz
 $STD tar -zxf ssdlite_mobilenet_v2_coco_2018_05_09.tar.gz --no-same-owner
 if python3 /opt/frigate/docker/main/build_ov_model.py &>/dev/null; then
  mkdir -p /openvino-model
@@ -219,7 +219,7 @@ if python3 /opt/frigate/docker/main/build_ov_model.py &>/dev/null; then
    if [[ -n "$OV_LABELS" ]]; then
      ln -sf "$OV_LABELS" /openvino-model/coco_91cl_bkgr.txt
    else
-      curl_with_retry "https://raw.githubusercontent.com/openvinotoolkit/open_model_zoo/master/data/dataset_classes/coco_91cl_bkgr.txt" "/openvino-model/coco_91cl_bkgr.txt"
+      wget -q "https://raw.githubusercontent.com/openvinotoolkit/open_model_zoo/master/data/dataset_classes/coco_91cl_bkgr.txt" -O /openvino-model/coco_91cl_bkgr.txt
    fi
  fi
  sed -i 's/truck/car/g' /openvino-model/coco_91cl_bkgr.txt
@@ -246,7 +246,7 @@ msg_info "Configuring Frigate"
 mkdir -p /config /media/frigate
 cp -r /opt/frigate/config/. /config

-curl_with_retry "https://github.com/intel-iot-devkit/sample-videos/raw/master/person-bicycle-car-detection.mp4" "/media/frigate/person-bicycle-car-detection.mp4"
+curl -fsSL "https://github.com/intel-iot-devkit/sample-videos/raw/master/person-bicycle-car-detection.mp4" -o "/media/frigate/person-bicycle-car-detection.mp4"

 echo "tmpfs   /tmp/cache      tmpfs   defaults        0       0" >>/etc/fstab

@@ -289,7 +289,7 @@ detect:
  enabled: false
 EOF

-if grep -q -o -m1 -E 'avx[^ ]*|sse4_2' /proc/cpuinfo && [[ -f /openvino-model/ssdlite_mobilenet_v2.xml ]] && [[ -f /openvino-model/coco_91cl_bkgr.txt ]]; then
+if grep -q -o -m1 -E 'avx[^ ]*|sse4_2' /proc/cpuinfo; then
  cat <<EOF >>/config/config.yml
 ffmpeg:
  hwaccel_args: auto
--- a/install/gluetun-install.sh
+++ b/install/gluetun-install.sh
@@ -46,9 +46,6 @@ VPN_TYPE=openvpn
 OPENVPN_CUSTOM_CONFIG=/opt/gluetun-data/custom.ovpn
 OPENVPN_USER=
 OPENVPN_PASSWORD=
-OPENVPN_PROCESS_USER=root
-PUID=0
-PGID=0
 HTTP_CONTROL_SERVER_ADDRESS=:8000
 HTTPPROXY=off
 SHADOWSOCKS=off
@@ -79,7 +76,6 @@ User=root
 WorkingDirectory=/opt/gluetun-data
 EnvironmentFile=/opt/gluetun-data/.env
 UnsetEnvironment=USER
-ExecStartPre=/bin/sh -c 'rm -f /etc/openvpn/target.ovpn'
 ExecStart=/usr/local/bin/gluetun
 Restart=on-failure
 RestartSec=5
--- a/misc/tools.func
+++ b/misc/tools.func
@@ -2077,85 +2077,100 @@ verify_gpg_fingerprint() {
 }

 # ------------------------------------------------------------------------------
-# Fetches and deploys a GitHub tag-based source tarball.
+# Get latest GitHub tag for a repository.
 #
 # Description:
-#   - Downloads the source tarball for a given tag from GitHub
-#   - Extracts to the target directory
-#   - Writes the version to ~/.<app>
+#   - Queries the GitHub API for tags (not releases)
+#   - Useful for repos that only create tags, not full releases
+#   - Supports optional prefix filter and version-only extraction
+#   - Returns the latest tag name (printed to stdout)
 #
 # Usage:
-#     fetch_and_deploy_gh_tag "guacd" "apache/guacamole-server"
-#     fetch_and_deploy_gh_tag "guacd" "apache/guacamole-server" "latest" "/opt/guacamole-server"
+#   MONGO_VERSION=$(get_latest_gh_tag "mongodb/mongo-tools")
+#   LATEST=$(get_latest_gh_tag "owner/repo" "v")          # only tags starting with "v"
+#   LATEST=$(get_latest_gh_tag "owner/repo" "" "true")     # strip leading "v"
 #
 # Arguments:
-#   $1 - App name (used for version file ~/.<app>)
-#   $2 - GitHub repo (owner/repo)
-#   $3 - Tag version (default: "latest" → auto-detect via get_latest_gh_tag)
-#   $4 - Target directory (default: /opt/$app)
+#   $1 - GitHub repo (owner/repo)
+#   $2 - Tag prefix filter (optional, e.g. "v" or "100.")
+#   $3 - Strip prefix from result (optional, "true" to strip $2 prefix)
+#
+# Returns:
+#   0 on success (tag printed to stdout), 1 on failure
 #
 # Notes:
-#   - Supports CLEAN_INSTALL=1 to wipe target before extracting
-#   - For repos that only publish tags, not GitHub Releases
+#   - Skips tags containing "rc", "alpha", "beta", "dev", "test"
+#   - Sorts by version number (sort -V) to find the latest
+#   - Respects GITHUB_TOKEN for rate limiting
 # ------------------------------------------------------------------------------
-fetch_and_deploy_gh_tag() {
-  local app="$1"
-  local repo="$2"
-  local version="${3:-latest}"
-  local target="${4:-/opt/$app}"
-  local app_lc=""
-  app_lc="$(echo "${app,,}" | tr -d ' ')"
-  local version_file="$HOME/.${app_lc}"
+get_latest_gh_tag() {
+  local repo="$1"
+  local prefix="${2:-}"
+  local strip_prefix="${3:-false}"

-  if [[ "$version" == "latest" ]]; then
-    version=$(get_latest_gh_tag "$repo") || {
-      msg_error "Failed to determine latest tag for ${repo}"
-      return 1
-    }
-  fi
+  local header_args=()
+  [[ -n "${GITHUB_TOKEN:-}" ]] && header_args=(-H "Authorization: Bearer $GITHUB_TOKEN")

-  local current_version=""
-  [[ -f "$version_file" ]] && current_version=$(<"$version_file")
+  local http_code=""
+  http_code=$(curl -sSL --max-time 20 -w "%{http_code}" -o /tmp/gh_tags.json \
+    -H 'Accept: application/vnd.github+json' \
+    -H 'X-GitHub-Api-Version: 2022-11-28' \
+    "${header_args[@]}" \
+    "https://api.github.com/repos/${repo}/tags?per_page=100" 2>/dev/null) || true

-  if [[ "$current_version" == "$version" ]]; then
-    msg_ok "$app is already up-to-date ($version)"
-    return 0
-  fi
-
-  local tmpdir
-  tmpdir=$(mktemp -d) || return 1
-  local tarball_url="https://github.com/${repo}/archive/refs/tags/${version}.tar.gz"
-  local filename="${app_lc}-${version}.tar.gz"
-
-  msg_info "Fetching GitHub tag: ${app} (${version})"
-
-  download_file "$tarball_url" "$tmpdir/$filename" || {
-    msg_error "Download failed: $tarball_url"
-    rm -rf "$tmpdir"
+  if [[ "$http_code" == "401" ]]; then
+    msg_error "GitHub API authentication failed (HTTP 401)."
+    if [[ -n "${GITHUB_TOKEN:-}" ]]; then
+      msg_error "Your GITHUB_TOKEN appears to be invalid or expired."
+    else
+      msg_error "The repository may require authentication. Try: export GITHUB_TOKEN=\"ghp_your_token\""
+    fi
+    rm -f /tmp/gh_tags.json
    return 1
-  }
-
-  mkdir -p "$target"
-  if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
-    rm -rf "${target:?}/"*
  fi

-  tar --no-same-owner -xzf "$tmpdir/$filename" -C "$tmpdir" || {
-    msg_error "Failed to extract tarball"
-    rm -rf "$tmpdir"
+  if [[ "$http_code" == "403" ]]; then
+    msg_error "GitHub API rate limit exceeded (HTTP 403)."
+    msg_error "To increase the limit, export a GitHub token before running the script:"
+    msg_error "  export GITHUB_TOKEN=\"ghp_your_token_here\""
+    rm -f /tmp/gh_tags.json
    return 1
-  }
+  fi

-  local unpack_dir
-  unpack_dir=$(find "$tmpdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
+  if [[ "$http_code" == "000" || -z "$http_code" ]]; then
+    msg_error "GitHub API connection failed (no response)."
+    msg_error "Check your network/DNS: curl -sSL https://api.github.com/rate_limit"
+    rm -f /tmp/gh_tags.json
+    return 1
+  fi

-  shopt -s dotglob nullglob
-  cp -r "$unpack_dir"/* "$target/"
-  shopt -u dotglob nullglob
+  if [[ "$http_code" != "200" ]] || [[ ! -s /tmp/gh_tags.json ]]; then
+    msg_error "Unable to fetch tags for ${repo} (HTTP ${http_code})"
+    rm -f /tmp/gh_tags.json
+    return 1
+  fi

-  rm -rf "$tmpdir"
-  echo "$version" >"$version_file"
-  msg_ok "Deployed ${app} ${version} to ${target}"
+  local tags_json
+  tags_json=$(</tmp/gh_tags.json)
+  rm -f /tmp/gh_tags.json
+
+  # Extract tag names, filter by prefix, exclude pre-release patterns, sort by version
+  local latest=""
+  latest=$(echo "$tags_json" | grep -oP '"name":\s*"\K[^"]+' |
+    { [[ -n "$prefix" ]] && grep "^${prefix}" || cat; } |
+    grep -viE '(rc|alpha|beta|dev|test|preview|snapshot)' |
+    sort -V | tail -n1)
+
+  if [[ -z "$latest" ]]; then
+    msg_warn "No matching tags found for ${repo}${prefix:+ (prefix: $prefix)}"
+    return 1
+  fi
+
+  if [[ "$strip_prefix" == "true" && -n "$prefix" ]]; then
+    latest="${latest#"$prefix"}"
+  fi
+
+  echo "$latest"
  return 0
 }

@@ -2504,8 +2519,6 @@ check_for_codeberg_release() {
 # ------------------------------------------------------------------------------
 create_self_signed_cert() {
  local APP_NAME="${1:-${APPLICATION}}"
-  local HOSTNAME="$(hostname -f)"
-  local IP="$(hostname -I | awk '{print $1}')"
  local APP_NAME_LC=$(echo "${APP_NAME,,}" | tr -d ' ')
  local CERT_DIR="/etc/ssl/${APP_NAME_LC}"
  local CERT_KEY="${CERT_DIR}/${APP_NAME_LC}.key"
@@ -2523,8 +2536,8 @@ create_self_signed_cert() {

  mkdir -p "$CERT_DIR"
  $STD openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 \
-    -subj "/CN=${HOSTNAME}" \
-    -addext "subjectAltName=DNS:${HOSTNAME},DNS:localhost,IP:${IP},IP:127.0.0.1" \
+    -subj "/CN=${APP_NAME}" \
+    -addext "subjectAltName=DNS:${APP_NAME}" \
    -keyout "$CERT_KEY" \
    -out "$CERT_CRT" || {
    msg_error "Failed to create self-signed certificate"