Update fmd-server.sh

Add fmd-server (ct)
2026-06-30 19:24:57 +02:00 · 2026-06-30 10:35:30 +02:00 · 2026-06-29 18:48:25 +00:00
80 changed files with 458 additions and 840 deletions
@@ -1,3 +1,2 @@
 ko_fi: community_scripts
 github: community_scripts
 buy_me_a_coffee: communityscripts
@@ -489,42 +489,16 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 </details>
 ## 2026-06-30
 ### 🚀 Updated Scripts
  - #### 🔧 Refactor
    - Refactor: Use heredoc when creating env files and creds/other [@tremor021](https://github.com/tremor021) ([#15469](https://github.com/community-scripts/ProxmoxVE/pull/15469))
 ### 🧰 Tools
  - #### 🐞 Bug Fixes
    - [tools/pve/*.sh] https://download.proxmox.com -> http://download.proxmox.com (PVE8 Only) [@galeksandrp](https://github.com/galeksandrp) ([#15498](https://github.com/community-scripts/ProxmoxVE/pull/15498))
 ## 2026-06-29
 ### 🆕 New Scripts
-  - Koffan ([#15467](https://github.com/community-scripts/ProxmoxVE/pull/15467))
+  - Flame ([#15464](https://github.com/community-scripts/ProxmoxVE/pull/15464))
 - Etherpad ([#15468](https://github.com/community-scripts/ProxmoxVE/pull/15468))
 - Flame ([#15464](https://github.com/community-scripts/ProxmoxVE/pull/15464))
 ### 🚀 Updated Scripts
  - chore(ct): sync snapotter defaults with PocketBase [@github-actions[bot]](https://github.com/github-actions[bot]) ([#15472](https://github.com/community-scripts/ProxmoxVE/pull/15472))
  - #### 🐞 Bug Fixes
    - feat: update nginx proxy manager to trixie [@asylumexp](https://github.com/asylumexp) ([#15457](https://github.com/community-scripts/ProxmoxVE/pull/15457))
 ### 💾 Core
  - #### ✨ New Features
    - [tools.func]: add edit_yaml_config function [@tremor021](https://github.com/tremor021) ([#15484](https://github.com/community-scripts/ProxmoxVE/pull/15484))
 ## 2026-06-28
 ### 🚀 Updated Scripts
@@ -29,63 +29,9 @@ function update_script() {
    msg_error "No ${APP} Installation Found!"
    exit
  fi
-
+  msg_info "Updating ERPNext"
-  FRAPPE_MAJOR="$(grep -oP '__version__\s*=\s*[\x27"]\K[0-9]+' /opt/frappe-bench/apps/frappe/frappe/__init__.py 2>/dev/null || echo 0)"
+  $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt/frappe-bench && bench update --reset'
-  SITE="$(ls /opt/frappe-bench/sites/*/site_config.json 2>/dev/null | head -1 | cut -d/ -f5)"
+  msg_ok "Updated ERPNext"
  [[ -z "$SITE" ]] && SITE="site1.local"
  msg_info "Stopping ERPNext service"
  $STD supervisorctl stop all
  msg_ok "Stopped ERPNext service"
  if [[ "${FRAPPE_MAJOR:-0}" -lt 16 ]] && { [[ "${PHS_SILENT:-0}" == "1" ]] || whiptail --backtitle "Proxmox VE Helper Scripts" --title "ERPNext v16 Major Upgrade" \
    --yesno "A major upgrade from Frappe/ERPNext v15 to v16 is available.\n\nUpgrade to v16 now?" 16 78; }; then
    msg_info "Backing up site ${SITE}"
    $STD sudo -u frappe bash -c "export PATH=\"\$HOME/.local/bin:/usr/local/bin:\$PATH\"; cd /opt/frappe-bench && bench --site ${SITE} backup"
    msg_ok "Backup created"
    msg_info "Installing Dependencies"
    $STD apt-get install -y pkg-config
    $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:/usr/local/bin:$PATH"; cd /opt/frappe-bench && uv python install 3.14'
    msg_ok "Installed Dependencies"
    msg_info "Migrating bench environment"
    $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:/usr/local/bin:$PATH"; cd /opt/frappe-bench && bench migrate-env "$(uv python find 3.14)"'
    msg_ok "Migrated environment"
    msg_info "Switching Frappe and ERPNext to v16 (Patience)"
    $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:/usr/local/bin:$PATH"; cd /opt/frappe-bench && bench switch-to-branch version-16 frappe erpnext --upgrade' || true
    NEW_MAJOR="$(grep -oP '__version__\s*=\s*[\x27"]\K[0-9]+' /opt/frappe-bench/apps/frappe/frappe/__init__.py 2>/dev/null || echo 0)"
    if [[ "${NEW_MAJOR:-0}" -lt 16 ]]; then
      msg_error "Failed to switch Frappe/ERPNext to v16"
      exit 250
    fi
    msg_ok "Switched to v16"
    msg_info "Running database migration (Patience)"
    for i in 1 2 3; do
      $STD sudo -u frappe bash -c "export PATH=\"\$HOME/.local/bin:/usr/local/bin:\$PATH\"; cd /opt/frappe-bench && bench --site ${SITE} migrate" && break
      [[ "$i" -eq 3 ]] && {
        msg_error "Database migration failed after 3 attempts"
        exit 253
      }
    done
    msg_ok "Database migrated"
    msg_info "Building assets"
    $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:/usr/local/bin:$PATH"; cd /opt/frappe-bench && bench build --production'
    msg_ok "Assets built"
    msg_info "Restarting ERPNext"
    $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:/usr/local/bin:$PATH"; cd /opt/frappe-bench && bench restart'
    msg_ok "Upgraded ERPNext to v16"
  else
    msg_info "Updating ERPNext"
    $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt/frappe-bench && bench update --reset'
    msg_ok "Updated ERPNext"
  fi
  msg_ok "Updated successfully!"
  exit
 }
@@ -1,65 +0,0 @@
 #!/usr/bin/env bash
 source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: John McLear (JohnMcLear)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://etherpad.org
 APP="Etherpad"
 var_tags="${var_tags:-docs;collaboration;editor}"
 var_cpu="${var_cpu:-2}"
 var_ram="${var_ram:-2048}"
 var_disk="${var_disk:-8}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_arm64="${var_arm64:-yes}"
 var_unprivileged="${var_unprivileged:-1}"
 header_info "$APP"
 variables
 color
 catch_errors
 function update_script() {
  header_info
  check_container_storage
  check_container_resources
  if [[ ! -d /opt/etherpad-lite ]]; then
    msg_error "No ${APP} Installation Found!"
    exit
  fi
  if check_for_gh_release "etherpad-lite" "ether/etherpad"; then
    msg_info "Stopping Service"
    systemctl stop etherpad
    msg_ok "Stopped Service"
    create_backup /opt/etherpad-lite/.env /opt/etherpad-lite/APIKEY.txt /opt/etherpad-lite/settings.json
    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "etherpad-lite" "ether/etherpad" "tarball"
    restore_backup
    msg_info "Rebuilding Etherpad"
    export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
    $STD corepack enable
    cd /opt/etherpad-lite
    $STD pnpm install --frozen-lockfile
    $STD pnpm run build:etherpad
    msg_ok "Rebuilt Etherpad"
    msg_info "Starting Service"
    systemctl start etherpad
    msg_ok "Started Service"
    msg_ok "Updated successfully!"
  fi
  exit
 }
 start
 build_container
 description
 msg_ok "Completed Successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Access it using the following URL:${CL}"
 echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:9001${CL}"
@@ -1,6 +0,0 @@
    ________  __                              __
   / ____/ /_/ /_  ___  _________  ____ _____/ /
  / __/ / __/ __ \/ _ \/ ___/ __ \/ __ `/ __  / 
 / /___/ /_/ / / /  __/ /  / /_/ / /_/ / /_/ /  
 /_____/\__/_/ /_/\___/_/  / .___/\__,_/\__,_/   
                         /_/                    
@@ -1,6 +0,0 @@
    __ __      ________          
   / //_/___  / __/ __/___ _____ 
  / ,< / __ \/ /_/ /_/ __ `/ __ \
 / /| / /_/ / __/ __/ /_/ / / / /
 /_/ |_\____/_/ /_/  \__,_/_/ /_/ 
@@ -1,63 +0,0 @@
 #!/usr/bin/env bash
 source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: (AminGholizad)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://github.com/PanSalut/Koffan
 APP="Koffan"
 var_tags="${var_tags:-productivity}"
 var_cpu="${var_cpu:-1}"
 var_ram="${var_ram:-1024}"
 var_disk="${var_disk:-4}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_arm64="${var_arm64:-yes}"
 var_arm64="${var_arm64:-no}"
 var_unprivileged="${var_unprivileged:-1}"
 header_info "$APP"
 variables
 color
 catch_errors
 function update_script() {
  header_info
  check_container_storage
  check_container_resources
  if [[ ! -f /opt/koffan/koffan ]]; then
    msg_error "No ${APP} Installation Found!"
    exit
  fi
  if check_for_gh_release "koffan" "PanSalut/Koffan"; then
    msg_info "Stopping Service"
    systemctl stop koffan
    msg_ok "Stopped Service"
    create_backup /opt/koffan/data
    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "koffan" "PanSalut/Koffan" "tarball"
    restore_backup
    msg_info "Rebuilding Koffan"
    cd /opt/koffan
    $STD go build -o koffan main.go
    msg_ok "Rebuild Koffan"
    msg_info "Starting Service"
    systemctl start koffan
    msg_ok "Started Service"
    msg_ok "Updated successfully!"
  fi
  exit
 }
 start
 build_container
 description
 msg_ok "Completed successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Access it using the following URL:${CL}"
 echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"
@@ -11,7 +11,7 @@ var_cpu="${var_cpu:-2}"
 var_ram="${var_ram:-2048}"
 var_disk="${var_disk:-8}"
 var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
+var_version="${var_version:-12}"
 var_arm64="${var_arm64:-yes}"
 var_unprivileged="${var_unprivileged:-1}"
@@ -60,9 +60,8 @@ function update_script() {
  fi
  $STD apt install -y build-essential "$pcre_pkg" libssl-dev zlib1g-dev
-  OPENRESTY_VERSION="1.29.2.5"
+  if check_for_gh_release "openresty" "openresty/openresty"; then
-  if [[ "$(cat ~/.openresty 2>/dev/null)" != "$OPENRESTY_VERSION" ]]; then
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "openresty" "openresty/openresty" "prebuild" "${CHECK_UPDATE_RELEASE}" "/opt/openresty" "openresty-*.tar.gz"
    CLEAN_INSTALL=1 fetch_and_deploy_from_url "https://openresty.org/download/openresty-${OPENRESTY_VERSION}.tar.gz" "/opt/openresty"
    msg_info "Building OpenResty"
    cd /opt/openresty
@@ -78,7 +77,6 @@ function update_script() {
      --with-stream_ssl_module
    $STD make -j"$(nproc)"
    $STD make install
    echo "${OPENRESTY_VERSION}" >~/.openresty
    rm -rf /opt/openresty
    cat <<'EOF' >/lib/systemd/system/openresty.service
 [Unit]
@@ -58,11 +58,12 @@ function update_script() {
        -e 's/^NODE_/APP_/' \
        -e '/^SERVER_*/d' \
        -e '/^# API*/,+2d' /opt/patchmon/.env
-      cat <<EOF >/opt/patchmon/.env
+      {
-SESSION_SECRET=$(openssl rand -hex 64)
+        echo ""
-AI_ENCRYPTION_KEY=$(openssl rand -hex 64)
+        echo "SESSION_SECRET=$(openssl rand -hex 64)"
-AGENT_BINARIES_DIR=/opt/patchmon/agents
+        echo "AI_ENCRYPTION_KEY=$(openssl rand -hex 64)"
-EOF
+        echo "AGENT_BINARIES_DIR=/opt/patchmon/agents"
      } >>/opt/patchmon/.env
      sed -i -e '\|Directory|s|/backend||' \
        -e 's|^ExecStart=.*|ExecStart=/opt/patchmon/patchmon-server|' \
        -e 's|^Environment=NODE_.*|EnvironmentFile=/opt/patchmon/.env|' \
@@ -57,11 +57,11 @@ function update_script() {
      sed -i 's/--workers 4//' /opt/wizarr/start.sh
    fi
    if ! grep -qE 'FLASK|WORKERS|VERSION' /opt/wizarr/.env; then
-      cat <<EOF >/opt/wizarr/.env
+      {
-FLASK_ENV=production
+        echo "FLASK_ENV=production"
-GUNICORN_WORKERS=4
+        echo "GUNICORN_WORKERS=4"
-APP_VERSION=$(sed 's/^20/v&/' ~/.wizarr)
+        echo "APP_VERSION=$(sed 's/^20/v&/' ~/.wizarr)"
-EOF
+      } >>/opt/wizarr/.env
    else
      sed -i "s/_VERSION=v.*$/_VERSION=v$(cat ~/.wizarr)/" /opt/wizarr/.env
    fi
@@ -86,11 +86,12 @@ user.is_superuser = True
 user.is_staff = True
 user.save()
 EOF
-cat <<EOF >~/adventurelog.creds
+{
-Django-Credentials
+  echo ""
-Django Admin User: $DJANGO_ADMIN_USER
+  echo "Django-Credentials"
-Django Admin Password: $DJANGO_ADMIN_PASS
+  echo "Django Admin User: $DJANGO_ADMIN_USER"
-EOF
+  echo "Django Admin Password: $DJANGO_ADMIN_PASS"
 } >>~/adventurelog.creds
 msg_ok "Setup Django Admin"
 msg_info "Creating Service"
@@ -25,12 +25,12 @@ mkdir -p /etc/garage
 RPC_SECRET=$(openssl rand -hex 64 | cut -c1-64)
 ADMIN_TOKEN=$(openssl rand -base64 32)
 METRICS_TOKEN=$(openssl rand -base64 32)
-cat <<EOF >~/garage.creds
+{
-Garage Tokens and Secrets
+  echo "Garage Tokens and Secrets"
-RPC Secret: $RPC_SECRET
+  echo "RPC Secret: $RPC_SECRET"
-Admin Token: $ADMIN_TOKEN
+  echo "Admin Token: $ADMIN_TOKEN"
-Metrics Token: $METRICS_TOKEN
+  echo "Metrics Token: $METRICS_TOKEN"
-EOF
+} >~/garage.creds
 echo $GITEA_RELEASE >>~/.garage
 cat <<EOF >/etc/garage.toml
 metadata_dir = "/var/lib/garage/meta"
@@ -38,10 +38,10 @@ chmod +x /usr/local/bin/ironclaw
 msg_info "Configuring Environment"
 GATEWAY_TOKEN=$(openssl rand -hex 32)
 mkdir -p /root/.ironclaw
-cat <<EOF >/root/.ironclaw/gateway.creds
+{
-Gateway-Token
+    echo "Gateway-Token"
-Token: $GATEWAY_TOKEN
+    echo "Token: $GATEWAY_TOKEN"
-EOF
+} >> /root/.ironclaw/gateway.creds
 mkdir -p /root/.ironclaw
 cat <<EOF >/root/.ironclaw/.env
@@ -27,11 +27,11 @@ $STD unzip -j "$temp_file" '*/**' -d /opt/rclone
 cd /opt/rclone
 RCLONE_PASSWORD=$(head -c 16 /dev/urandom | xxd -p -c 16)
 $STD htpasswd -cb -B /opt/login.pwd admin "$RCLONE_PASSWORD"
-cat <<EOF >~/rclone.creds
+{
-rclone-Credentials
+  echo "rclone-Credentials"
-rclone User Name: admin
+  echo "rclone User Name: admin"
-rclone Password: $RCLONE_PASSWORD
+  echo "rclone Password: $RCLONE_PASSWORD"
-EOF
+} >>~/rclone.creds
 echo "${RELEASE}" >/opt/rclone_version.txt
 rm -f "$temp_file"
 msg_ok "Installed rclone"
@@ -40,12 +40,12 @@ mv release /opt/rustdesk-api
 cd /opt/rustdesk-api
 ADMINPASS=$(head -c 16 /dev/urandom | xxd -p -c 16)
 $STD ./apimain reset-admin-pwd "$ADMINPASS"
-cat <<EOF >~/rustdesk.creds
+{
-RustDesk WebUI
+  echo "RustDesk WebUI"
-
+  echo ""
-Username: admin
+  echo "Username: admin"
-Password: $ADMINPASS
+  echo "Password: $ADMINPASS"
-EOF
+} >>~/rustdesk.creds
 echo "${APIRELEASE}" >~/.rustdesk-api
 msg_ok "Installed RustDesk API v${APIRELEASE}"
@@ -25,12 +25,13 @@ chmod 600 ~/valkey.creds
 MEMTOTAL_MB=$(free -m | grep ^Mem: | awk '{print $2}')
 MAXMEMORY_MB=$((MEMTOTAL_MB * 75 / 100))
-cat <<EOF >/etc/valkey/valkey.conf
+{
-# Memory-optimized settings for small-scale deployments
+  echo ""
-maxmemory ${MAXMEMORY_MB}mb
+  echo "# Memory-optimized settings for small-scale deployments"
-maxmemory-policy allkeys-lru
+  echo "maxmemory ${MAXMEMORY_MB}mb"
-maxmemory-samples 10
+  echo "maxmemory-policy allkeys-lru"
-EOF
+  echo "maxmemory-samples 10"
 } >>/etc/valkey/valkey.conf
 msg_ok "Installed Valkey"
 # Note: Alpine's valkey package is compiled without TLS support
@@ -16,7 +16,7 @@ update_os
 setup_mongodb
 msg_info "Configuring MongoDB Replica Set"
-cat <<EOF >/etc/mongod.conf
+cat <<EOF >>/etc/mongod.conf
 replication:
  replSetName: "rs0"
@@ -28,11 +28,11 @@ setup_deb822_repo \
  "$(get_os_info codename)" \
  "main"
 $STD apt install -y couchdb
-cat <<EOF >~/couchdb.creds
+{
-CouchDB Credentials
+  echo "CouchDB Credentials"
-CouchDB Erlang Cookie: $ERLANG_COOKIE
+  echo "CouchDB Erlang Cookie: $ERLANG_COOKIE"
-CouchDB Admin Password: $ADMIN_PASS
+  echo "CouchDB Admin Password: $ADMIN_PASS"
-EOF
+} >>~/couchdb.creds
 msg_ok "Installed Apache CouchDB"
 motd_ssh
@@ -79,13 +79,13 @@ msg_ok "Setup Apache Guacamole"
 msg_info "Importing Database Schema"
 cd ~/guacamole-auth-jdbc-"${GUAC_SERVER_VERSION}"/mysql/schema
 cat *.sql | mariadb -u root ${MARIADB_DB_NAME}
-cat <<EOF >/etc/guacamole/guacamole.properties
+{
-mysql-hostname: 127.0.0.1
+  echo "mysql-hostname: 127.0.0.1"
-mysql-port: 3306
+  echo "mysql-port: 3306"
-mysql-database: $MARIADB_DB_NAME
+  echo "mysql-database: $MARIADB_DB_NAME"
-mysql-username: $MARIADB_DB_USER
+  echo "mysql-username: $MARIADB_DB_USER"
-mysql-password: $MARIADB_DB_PASS
+  echo "mysql-password: $MARIADB_DB_PASS"
-EOF
+} >>/etc/guacamole/guacamole.properties
 rm -rf ~/guacamole-auth-jdbc-"$GUAC_SERVER_VERSION"{,.tar.gz}
 msg_ok "Imported Database Schema"
@@ -17,7 +17,7 @@ fetch_and_deploy_gh_release "autobrr" "autobrr/autobrr" "prebuild" "latest" "/us
 msg_info "Configuring Autobrr"
 mkdir -p /root/.config/autobrr
-cat <<EOF >/root/.config/autobrr/config.toml
+cat <<EOF >>/root/.config/autobrr/config.toml
 # https://autobrr.com/configuration/autobrr
 host = "0.0.0.0"
 port = 7474
@@ -51,7 +51,7 @@ mkdir -p /opt/bookorbit-data/covers /opt/bookorbit-data/book-bucket /opt/bookorb
 APP_VER=$(cat ~/.bookorbit)
 JWT_SECRET=$(openssl rand -hex 32)
 SETUP_BOOTSTRAP_TOKEN=$(openssl rand -hex 16)
-cat <<EOF >~/bookorbit.creds
+cat <<EOF >>~/bookorbit.creds
 Setup Token: ${SETUP_BOOTSTRAP_TOKEN}
 EOF
@@ -29,12 +29,12 @@ MKPASSWORD=$(openssl rand -base64 18 | tr -d '/+=' | cut -c1-16)
 echo -e "$MKPASSWORD\n$MKPASSWORD" | su - "$SITE_NAME" -c "cmk-passwd cmkadmin --stdin"
 $STD omd start "$SITE_NAME"
-cat <<EOF >~/checkmk.creds
+{
-Application-Credentials
+  echo "Application-Credentials"
-Username: cmkadmin
+  echo "Username: cmkadmin"
-Password: $MKPASSWORD
+  echo "Password: $MKPASSWORD"
-Site: $SITE_NAME
+  echo "Site: $SITE_NAME"
-EOF
+} >>~/checkmk.creds
 msg_ok "Created Service"
 cleanup_lxc
@@ -66,11 +66,11 @@ for i in $(seq 1 30); do
  sleep 2
 done
 if [[ -f "$CREDS_FILE" ]]; then
-  cat <<EOF >~/crafty-controller.creds
+  {
-Crafty-Controller-Credentials
+    echo "Crafty-Controller-Credentials"
-Username: $(grep -oP '(?<="username": ")[^"]*' "$CREDS_FILE")
+    echo "Username: $(grep -oP '(?<="username": ")[^"]*' "$CREDS_FILE")"
-Password: $(grep -oP '(?<="password": ")[^"]*' "$CREDS_FILE")
+    echo "Password: $(grep -oP '(?<="password": ")[^"]*' "$CREDS_FILE")"
-EOF
+  } >>~/crafty-controller.creds
 fi
 msg_ok "Service started"
 motd_ssh
@@ -24,10 +24,10 @@ setup_mariadb
 msg_info "Setting up Database"
 ROOT_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD mariadb -u root -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '$ROOT_PASS'; flush privileges;"
-cat <<EOF >~/dolibarr.creds
+{
-Dolibarr DB Credentials
+  echo "Dolibarr DB Credentials"
-MariaDB Root Password: $ROOT_PASS
+  echo "MariaDB Root Password: $ROOT_PASS"
-EOF
+} >>~/dolibarr.creds
 msg_ok "Set up database"
 msg_info "Setup Dolibarr"
@@ -43,11 +43,11 @@ sed -i "s|#chroot_local_user=YES|chroot_local_user=NO|g" /etc/vsftpd.conf
 systemctl restart -q vsftpd.service
-cat <<EOF >~/ftp.creds
+{
-FTP-Credentials
+  echo "FTP-Credentials"
-Username: ftpuser
+  echo "Username: ftpuser"
-Password: $FTP_PASS
+  echo "Password: $FTP_PASS"
-EOF
+} >>~/ftp.creds
 msg_ok "FTP server setup completed"
@@ -25,10 +25,10 @@ fetch_and_deploy_gh_release "duplicati" "duplicati/duplicati" "binary" "latest"
 msg_info "Configuring duplicati"
 DECRYPTKEY=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 ADMINPASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
-cat <<EOF >~/duplicati.creds
+{
-Admin password = ${ADMINPASS}
+  echo "Admin password = ${ADMINPASS}"
-Database encryption key = ${DECRYPTKEY}
+  echo "Database encryption key = ${DECRYPTKEY}"
-EOF
+} >>~/duplicati.creds
 msg_ok "Configured duplicati"
 msg_info "Creating Service"
@@ -44,7 +44,7 @@ ADMIN_PASS="$(openssl rand -base64 18 | cut -c1-13)"
 echo "enable_registration_without_verification: true" >>/etc/matrix-synapse/homeserver.yaml
 echo "registration_shared_secret: ${SECRET}" >>/etc/matrix-synapse/homeserver.yaml
-cat <<EOF >/etc/matrix-synapse/homeserver.yaml
+cat <<EOF >>/etc/matrix-synapse/homeserver.yaml
 # MatrixRTC / Element Call configuration
 experimental_features:
@@ -63,11 +63,11 @@ rc_delayed_event_mgmt:
 EOF
 systemctl enable -q --now matrix-synapse
 $STD register_new_matrix_user -a --user admin --password "$ADMIN_PASS" --config /etc/matrix-synapse/homeserver.yaml
-cat <<EOF >~/matrix.creds
+{
-Matrix-Credentials
+  echo "Matrix-Credentials"
-Admin username: admin
+  echo "Admin username: admin"
-Admin password: $ADMIN_PASS
+  echo "Admin password: $ADMIN_PASS"
-EOF
+} >>~/matrix.creds
 systemctl stop matrix-synapse
 sed -i '34d' /etc/matrix-synapse/homeserver.yaml
 systemctl start matrix-synapse
@@ -31,12 +31,11 @@ $STD apt install -y \
  libjpeg-dev \
  libmariadb-dev \
  python3-pip \
  pkg-config \
  cron
 msg_ok "Installed Dependencies"
 NODE_VERSION="24" NODE_MODULE="yarn" setup_nodejs
-UV_PYTHON="3.14" setup_uv
+UV_PYTHON="3.13" setup_uv
 setup_mariadb
 msg_info "Configuring MariaDB for ERPNext"
@@ -69,9 +68,8 @@ msg_info "Initializing Frappe Bench"
 ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 DB_ROOT_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 mysql -u root -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASS}'; FLUSH PRIVILEGES;"
-$STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; uv python install 3.14'
+$STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt && bench init --frappe-branch version-15 frappe-bench'
-$STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt && bench init --frappe-branch version-16 --python "$(uv python find 3.14)" frappe-bench'
+$STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt/frappe-bench && bench get-app erpnext --branch version-15'
 $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt/frappe-bench && bench get-app erpnext --branch version-16'
 msg_info "Starting Redis Services for Site Setup"
 $STD sudo -u frappe bash -c 'redis-server /opt/frappe-bench/config/redis_queue.conf --daemonize yes'
@@ -88,14 +86,14 @@ ADMIN_PASSWORD=${ADMIN_PASS}
 DB_ROOT_PASSWORD=${DB_ROOT_PASS}
 SITE_NAME=site1.local
 EOF
-cat <<EOF >~/erpnext.creds
+{
-ERPNext Credentials
+  echo "ERPNext Credentials"
-==================
+  echo "=================="
-Admin Username: Administrator
+  echo "Admin Username: Administrator"
-Admin Password: ${ADMIN_PASS}
+  echo "Admin Password: ${ADMIN_PASS}"
-DB Root Password: ${DB_ROOT_PASS}
+  echo "DB Root Password: ${DB_ROOT_PASS}"
-Site Name: site1.local
+  echo "Site Name: site1.local"
-EOF
+} >~/erpnext.creds
 $STD systemctl enable --now redis-server
 msg_ok "Configured ERPNext"
@@ -1,71 +0,0 @@
 #!/usr/bin/env bash
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: John McLear (JohnMcLear)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://etherpad.org
 source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
 color
 verb_ip6
 catch_errors
 setting_up_container
 network_check
 update_os
 msg_info "Installing Dependencies"
 $STD apt install -y \
  build-essential \
  pkg-config \
  libsqlite3-dev
 msg_ok "Installed Dependencies"
 NODE_VERSION="24" NODE_MODULE="corepack" setup_nodejs
 fetch_and_deploy_gh_release "etherpad-lite" "ether/etherpad" "tarball"
 msg_info "Building Etherpad"
 export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
 cd /opt/etherpad-lite
 $STD pnpm install --frozen-lockfile
 $STD pnpm run build:etherpad
 msg_ok "Built Etherpad"
 msg_info "Configuring Etherpad"
 cp /opt/etherpad-lite/settings.json.template /opt/etherpad-lite/settings.json
 mkdir -p /var/lib/etherpad
 sed -i \
  -e 's#"ip": *"127.0.0.1"#"ip": "0.0.0.0"#' \
  -e 's#"dbType" *: *"dirty"#"dbType": "sqlite"#' \
  -e 's#"filename" *: *"var/dirty.db"#"filename": "/var/lib/etherpad/etherpad.db"#' \
  /opt/etherpad-lite/settings.json
 msg_ok "Configured Etherpad"
 msg_info "Creating Service"
 cat <<EOF >/etc/systemd/system/etherpad.service
 [Unit]
 Description=Etherpad Collaborative Editor
 Documentation=https://etherpad.org/doc
 After=network.target
 [Service]
 Type=simple
 User=root
 WorkingDirectory=/opt/etherpad-lite
 Environment=NODE_ENV=production
 Environment=COREPACK_ENABLE_DOWNLOAD_PROMPT=0
 ExecStart=/usr/bin/pnpm run prod
 Restart=always
 RestartSec=5
 LimitNOFILE=65536
 StandardOutput=journal
 StandardError=journal
 [Install]
 WantedBy=multi-user.target
 EOF
 systemctl enable -q --now etherpad
 msg_ok "Created Service"
 motd_ssh
 customize
 cleanup_lxc
@@ -290,7 +290,7 @@ detect:
 EOF
 if grep -q -o -m1 -E 'avx[^ ]*|sse4_2' /proc/cpuinfo && [[ -f /openvino-model/ssdlite_mobilenet_v2.xml ]] && [[ -f /openvino-model/coco_91cl_bkgr.txt ]]; then
-  cat <<EOF >/config/config.yml
+  cat <<EOF >>/config/config.yml
 ffmpeg:
  hwaccel_args: auto
 detectors:
@@ -306,7 +306,7 @@ model:
  labelmap_path: /openvino-model/coco_91cl_bkgr.txt
 EOF
 else
-  cat <<EOF >/config/config.yml
+  cat <<EOF >>/config/config.yml
 ffmpeg:
  hwaccel_args: auto
 model:
@@ -22,12 +22,12 @@ mkdir -p /etc/garage
 RPC_SECRET=$(openssl rand -hex 32)
 ADMIN_TOKEN=$(openssl rand -base64 32)
 METRICS_TOKEN=$(openssl rand -base64 32)
-cat <<EOF >~/garage.creds
+{
-Garage Tokens and Secrets
+    echo "Garage Tokens and Secrets"
-RPC Secret: $RPC_SECRET
+    echo "RPC Secret: $RPC_SECRET"
-Admin Token: $ADMIN_TOKEN
+    echo "Admin Token: $ADMIN_TOKEN"
-Metrics Token: $METRICS_TOKEN
+    echo "Metrics Token: $METRICS_TOKEN"
-EOF
+} >>~/garage.creds
 echo $GITEA_RELEASE >>~/.garage
 cat <<EOF >/etc/garage.toml
 metadata_dir = "/var/lib/garage/meta"
@@ -29,12 +29,12 @@ PG_DB_NAME="ghostfolio" PG_DB_USER="ghostfolio" PG_DB_SCHEMA_PERMS="true" setup_
 REDIS_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 ACCESS_TOKEN_SALT=$(openssl rand -base64 32)
 JWT_SECRET_KEY=$(openssl rand -base64 32)
-cat <<EOF >~/ghostfolio.creds
+{
-Ghostfolio Credentials
+  echo "Ghostfolio Credentials"
-Redis Password: $REDIS_PASS
+  echo "Redis Password: $REDIS_PASS"
-Access Token Salt: $ACCESS_TOKEN_SALT
+  echo "Access Token Salt: $ACCESS_TOKEN_SALT"
-JWT Secret Key: $JWT_SECRET_KEY
+  echo "JWT Secret Key: $JWT_SECRET_KEY"
-EOF
+} >>~/ghostfolio.creds
 msg_ok "Set up Database"
 fetch_and_deploy_gh_release "ghostfolio" "ghostfolio/ghostfolio" "tarball" "latest" "/opt/ghostfolio"
@@ -33,12 +33,12 @@ $STD mariadb -u root -e "CREATE DATABASE $DB_NAME;"
 $STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
 $STD mariadb -u root -e "GRANT ALL PRIVILEGES ON $DB_NAME.* TO '$DB_USER'@'localhost';"
 $STD mariadb -u root -e "GRANT SELECT ON \`mysql\`.\`time_zone_name\` TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-cat <<EOF >~/glpi_db.creds
+{
-GLPI Database Credentials
+  echo "GLPI Database Credentials"
-Database: $DB_NAME
+  echo "Database: $DB_NAME"
-Username: $DB_USER
+  echo "Username: $DB_USER"
-Password: $DB_PASS
+  echo "Password: $DB_PASS"
-EOF
+} >>~/glpi_db.creds
 msg_ok "Set up database"
 msg_info "Installing GLPi"
@@ -28,11 +28,11 @@ msg_ok "Setup Graylog Data Node"
 msg_info "Setup ${APPLICATION}"
 $STD apt-get install graylog-server
 ROOT_PASSWORD=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c16)
-cat <<EOF >~/graylog.creds
+{
-${APPLICATION} Credentials
+  echo "${APPLICATION} Credentials"
-Admin User: admin
+  echo "Admin User: admin"
-Admin Password: ${ROOT_PASSWORD}
+  echo "Admin Password: ${ROOT_PASSWORD}"
-EOF
+} >>~/graylog.creds
 ROOT_PASSWORD=$(echo -n $ROOT_PASSWORD | shasum -a 256 | awk '{print $1}')
 sed -i "s/password_secret =/password_secret = $PASSWORD_SECRET/g" /etc/graylog/server/server.conf
 sed -i "s/root_password_sha2 =/root_password_sha2 = $ROOT_PASSWORD/g" /etc/graylog/server/server.conf
@@ -14,14 +14,14 @@ update_os
 msg_info "Installing Dependencies"
 $STD apt install -y \
-    gcc \
+  gcc \
-    python3 \
+  python3 \
-    python3-dev \
+  python3-dev \
-    python3-venv \
+  python3-venv \
-    libpq-dev \
+  libpq-dev \
-    libcurl4-openssl-dev \
+  libcurl4-openssl-dev \
-    libssl-dev \
+  libssl-dev \
-    caddy
+  caddy
 mkdir -p ~/.config/pip
 cat >~/.config/pip/pip.conf <<EOF
@@ -37,10 +37,10 @@ msg_info "Setup Keys (Admin / Secret)"
 SECRET_KEY="$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | cut -c1-32)"
 ADMIN_EMAIL="admin@community-scripts.org"
 ADMIN_PASSWORD="$PG_DB_PASS"
-cat <<EOF >~/healthchecks.creds
+{
-healthchecks Admin Email: $ADMIN_EMAIL
+  echo "healthchecks Admin Email: $ADMIN_EMAIL"
-healthchecks Admin Password: $ADMIN_PASSWORD
+  echo "healthchecks Admin Password: $ADMIN_PASSWORD"
-EOF
+} >>~/healthchecks.creds
 msg_ok "Set up Keys"
 fetch_and_deploy_gh_release "healthchecks" "healthchecks/healthchecks" "tarball"
@@ -46,12 +46,12 @@ ADMIN_EMAIL="admin@example.com"
 ADMIN_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)"
 ADMIN_HASH=$(php -r "echo password_hash('$ADMIN_PASS', PASSWORD_BCRYPT);")
 $STD mariadb -u root -D $MARIADB_DB_NAME -e "INSERT IGNORE INTO UserModel (name, email, password, admin) VALUES ('Admin', '$ADMIN_EMAIL', '$ADMIN_HASH', 1);"
-cat <<EOF >~/hortusfox.creds
+{
-
+  echo ""
-HortusFox-Admin-Creds:
+  echo "HortusFox-Admin-Creds:"
-E-Mail: $ADMIN_EMAIL
+  echo "E-Mail: $ADMIN_EMAIL"
-Passwort: $ADMIN_PASS
+  echo "Passwort: $ADMIN_PASS"
-EOF
+} >>~/hortusfox.creds
 $STD mariadb -u root -D $MARIADB_DB_NAME -e "INSERT IGNORE INTO LocationsModel (name, active, created_at) VALUES ('Home', 1, NOW());"
 msg_ok "Set up HortusFox"
@@ -293,13 +293,13 @@ ldconfig /usr/local/lib
 cd "$STAGING_DIR"
 rm -rf "$SOURCE"/build
 msg_ok "(5/5) Compiled libvips"
-cat <<EOF >~/.immich_library_revisions
+{
-imagemagick: $IMAGEMAGICK_REVISION
+  echo "imagemagick: $IMAGEMAGICK_REVISION"
-libheif: $LIBHEIF_REVISION
+  echo "libheif: $LIBHEIF_REVISION"
-libjxl: $LIBJXL_REVISION
+  echo "libjxl: $LIBJXL_REVISION"
-libraw: $LIBRAW_REVISION
+  echo "libraw: $LIBRAW_REVISION"
-libvips: $LIBVIPS_REVISION
+  echo "libvips: $LIBVIPS_REVISION"
-EOF
+} >~/.immich_library_revisions
 msg_ok "Custom Photo-processing Libraries Compiled Successfully"
 INSTALL_DIR="/opt/${APPLICATION}"
@@ -30,10 +30,10 @@ chmod +x /usr/local/bin/ironclaw
 msg_info "Configuring Environment"
 GATEWAY_TOKEN=$(openssl rand -hex 32)
 mkdir -p /root/.ironclaw
-cat <<EOF >/root/.ironclaw/gateway.creds
+{
-Gateway-Token
+    echo "Gateway-Token"
-Token: $GATEWAY_TOKEN
+    echo "Token: $GATEWAY_TOKEN"
-EOF
+} >> /root/.ironclaw/gateway.creds
 mkdir -p /root/.ironclaw
 cat <<EOF >/root/.ironclaw/.env
@@ -33,12 +33,12 @@ MYSQL_VERSION=$(mariadb --version | grep -oE '[0-9]+\.[0-9]+\.[0-9]+')
 $STD mariadb -e "CREATE DATABASE $DB_NAME;"
 $STD mariadb -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
 $STD mariadb -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-cat <<EOF >~/kimai.creds
+{
-Kimai-Credentials
+  echo "Kimai-Credentials"
-Kimai Database User: $DB_USER
+  echo "Kimai Database User: $DB_USER"
-Kimai Database Password: $DB_PASS
+  echo "Kimai Database Password: $DB_PASS"
-Kimai Database Name: $DB_NAME
+  echo "Kimai Database Name: $DB_NAME"
-EOF
+} >>~/kimai.creds
 msg_ok "Set up database"
 fetch_and_deploy_gh_release "kimai" "kimai/kimai" "tarball"
@@ -1,62 +0,0 @@
 #!/usr/bin/env bash
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: (AminGholizad)
 # License: MIT | https://github.com/AminGholizad/ProxmoxVED/raw/main/LICENSE
 # Source: https://github.com/PanSalut/Koffan
 source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
 color
 verb_ip6
 catch_errors
 setting_up_container
 network_check
 update_os
 msg_info "Installing Dependencies"
 $STD apt install -y build-essential
 msg_ok "Installed Dependencies"
 setup_go
 fetch_and_deploy_gh_release "koffan" "PanSalut/Koffan" "tarball"
 msg_info "Building Koffan"
 cd /opt/koffan
 $STD go build -o koffan main.go
 msg_ok "Built Koffan"
 msg_info "Configuring Koffan"
 APP_PASSWD=$(openssl rand -base64 12)
 mkdir /opt/koffan/data
 cat <<EOF >/opt/koffan/data/.env
 APP_ENV=production
 APP_PASSWORD=${APP_PASSWD}
 PORT=3000
 DB_PATH=/opt/koffan/data/shopping.db
 EOF
 cat <<EOF >~/koffan.creds
 Password: ${APP_PASSWD}
 EOF
 msg_ok "Configured Koffan"
 msg_info "Creating systemd service"
 cat <<EOF >/etc/systemd/system/koffan.service
 [Unit]
 Description=Koffan Service
 After=network.target
 [Service]
 EnvironmentFile=/opt/koffan/data/.env
 WorkingDirectory=/opt/koffan
 ExecStart=/opt/koffan/koffan
 Restart=always
 [Install]
 WantedBy=multi-user.target
 EOF
 systemctl enable -q --now koffan
 msg_ok "Created systemd service"
 motd_ssh
 customize
 cleanup_lxc
@@ -116,11 +116,11 @@ cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
 APP_PASSWORD=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 APP_USER="admin"
-cat <<EOF >~/librenms.creds
+{
-LibreNMS Credentials
+  echo "LibreNMS Credentials"
-Username: ${APP_USER}
+  echo "Username: ${APP_USER}"
-Password: ${APP_PASSWORD}
+  echo "Password: ${APP_PASSWORD}"
-EOF
+} >>~/librenms.creds
 $STD su - librenms -s /bin/bash -c "cd /opt/librenms && COMPOSER_ALLOW_SUPERUSER=1 composer install --no-dev"
 $STD su - librenms -s /bin/bash -c "cd /opt/librenms && php8.4 artisan migrate --force"
@@ -23,12 +23,12 @@ DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD mariadb -u root -e "CREATE DATABASE $DB_NAME CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
 $STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
 $STD mariadb -u root -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-cat <<EOF >~/limesurvey.creds
+{
-LimeSurvey-Credentials
+  echo "LimeSurvey-Credentials"
-LimeSurvey Database User: $DB_USER
+  echo "LimeSurvey Database User: $DB_USER"
-LimeSurvey Database Password: $DB_PASS
+  echo "LimeSurvey Database Password: $DB_PASS"
-LimeSurvey Database Name: $DB_NAME
+  echo "LimeSurvey Database Name: $DB_NAME"
-EOF
+} >>~/limesurvey.creds
 msg_ok "Configured MariaDB Database"
 msg_info "Setting up LimeSurvey"
@@ -21,12 +21,12 @@ DB_USER=listmonk
 DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)
 $STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';"
 $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER TEMPLATE template0;"
-cat <<EOF >~/listmonk.creds
+{
-listmonk-Credentials
+  echo "listmonk-Credentials"
-listmonk Database User: $DB_USER
+  echo -e "listmonk Database User: \e[32m$DB_USER\e[0m"
-listmonk Database Password: $DB_PASS
+  echo -e "listmonk Database Password: \e[32m$DB_PASS\e[0m"
-listmonk Database Name: $DB_NAME
+  echo -e "listmonk Database Name: \e[32m$DB_NAME\e[0m"
-EOF
+} >>~/listmonk.creds
 msg_ok "Configured PostgreSQL"
 fetch_and_deploy_gh_release "listmonk" "knadh/listmonk" "prebuild" "latest" "/opt/listmonk" "listmonk*linux_$(arch_resolve).tar.gz"
@@ -67,10 +67,10 @@ export ERLANG_BIN="/opt/livebook/.elixir-install/installs/otp/\${ERLANG_VERSION}
 export ELIXIR_BIN="/opt/livebook/.elixir-install/installs/elixir/\${ELIXIR_VERSION}/bin"
 export PATH="\$ESCRIPTS_BIN:\$ERLANG_BIN:\$ELIXIR_BIN:\$PATH"
 EOF
-cat <<EOF >~/livebook.creds
+{
-Livebook-Credentials
+  echo "Livebook-Credentials"
-Livebook Password: $LIVEBOOK_PASSWORD
+  echo "Livebook Password: $LIVEBOOK_PASSWORD"
-EOF
+} >>~/livebook.creds
 msg_ok "Installed Erlang $ERLANG_VERSION and Elixir $ELIXIR_VERSION"
 msg_info "Installing Livebook"
@@ -27,12 +27,12 @@ DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD mariadb -u root -e "CREATE DATABASE $DB_NAME;"
 $STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED by '$DB_PASS';"
 $STD mariadb -u root -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-cat <<EOF >~/mmdl.creds
+{
-Manage My Damn Life Credentials
+  echo "Manage My Damn Life Credentials"
-Database User: $DB_USER
+  echo "Database User: $DB_USER"
-Database Password: $DB_PASS
+  echo "Database Password: $DB_PASS"
-Database Name: $DB_NAME
+  echo "Database Name: $DB_NAME"
-EOF
+} >>~/mmdl.creds
 msg_ok "Set up Database"
 fetch_and_deploy_gh_release "mmdl" "intri-in/manage-my-damn-life-nextjs" "tarball"
@@ -35,12 +35,12 @@ $STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';"
 $STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME to $DB_USER;"
 $STD sudo -u postgres psql -c "ALTER DATABASE $DB_NAME OWNER TO $DB_USER;"
 $STD sudo -u postgres psql -c "GRANT USAGE, CREATE ON SCHEMA PUBLIC TO $DB_USER;"
-cat <<EOF >~/mattermost.creds
+{
-Mattermost Credentials
+  echo "Mattermost Credentials"
-Database User: $DB_USER
+  echo "Database User: $DB_USER"
-Database Password: $DB_PASS
+  echo "Database Password: $DB_PASS"
-Database Name: $DB_NAME
+  echo "Database Name: $DB_NAME"
-EOF
+} >>~/mattermost.creds
 msg_ok "Set up PostgreSQL"
 msg_info "Installing Mattermost"
@@ -30,12 +30,12 @@ DB_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)"
 $STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';"
 $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER TEMPLATE template0;"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
-cat <<EOF >~/mediamanager.creds
+{
-MediaManager Credentials
+  echo "MediaManager Credentials"
-MediaManager Database User: $DB_USER
+  echo "MediaManager Database User: $DB_USER"
-MediaManager Database Password: $DB_PASS
+  echo "MediaManager Database Password: $DB_PASS"
-MediaManager Database Name: $DB_NAME
+  echo "MediaManager Database Name: $DB_NAME"
-EOF
+} >>~/mediamanager.creds
 msg_ok "Set up PostgreSQL"
 fetch_and_deploy_gh_release "MediaManager" "maxdorninger/MediaManager" "tarball" "latest" "/opt/mediamanager"
@@ -28,10 +28,10 @@ ADMIN_USERNAME=$ADMIN_NAME
 ADMIN_PASSWORD=$ADMIN_PASS
 LISTEN_ADDR=0.0.0.0:8080
 EOF
-cat <<EOF >~/miniflux.creds
+{
-ADMIN_USERNAME: $ADMIN_NAME
+  echo "ADMIN_USERNAME: $ADMIN_NAME"
-ADMIN_PASSWORD: $ADMIN_PASS
+  echo "ADMIN_PASSWORD: $ADMIN_PASS"
-EOF
+} >>~/miniflux.creds
 $STD miniflux -migrate -config-file /etc/miniflux.conf
 systemctl enable -q --now miniflux
 msg_ok "Configured Miniflux"
@@ -85,12 +85,12 @@ user.is_superuser = True
 user.is_staff = True
 user.save()
 EOF
-cat <<EOF >~/netbox.creds
+{
-
+  echo ""
-Netbox-Django-Credentials
+  echo "Netbox-Django-Credentials"
-Django User: $DJANGO_USER
+  echo -e "Django User: \e[32m$DJANGO_USER\e[0m"
-Django Password: $DJANGO_PASS
+  echo -e "Django Password: \e[32m$DJANGO_PASS\e[0m"
-EOF
+} >>~/netbox.creds
 msg_ok "Setup Django Admin"
 motd_ssh
@@ -18,7 +18,7 @@ $STD apt install -y \
  apache2-utils \
  logrotate \
  build-essential \
-  libpcre2-dev \
+  libpcre3-dev \
  libssl-dev \
  zlib1g-dev \
  git \
@@ -36,8 +36,7 @@ $STD /opt/certbot/bin/pip install certbot certbot-dns-cloudflare
 ln -sf /opt/certbot/bin/certbot /usr/local/bin/certbot
 msg_ok "Set up Certbot"
-OPENRESTY_VERSION="1.29.2.5"
+fetch_and_deploy_gh_release "openresty" "openresty/openresty" "prebuild" "latest" "/opt/openresty" "openresty-*.tar.gz"
 fetch_and_deploy_from_url "https://openresty.org/download/openresty-${OPENRESTY_VERSION}.tar.gz" "/opt/openresty"
 msg_info "Building OpenResty"
 cd /opt/openresty
@@ -53,7 +52,6 @@ $STD ./configure \
  --with-stream_ssl_module
 $STD make -j"$(nproc)"
 $STD make install
 echo "${OPENRESTY_VERSION}" >~/.openresty
 rm -rf /opt/openresty
 cat <<'EOF' >/lib/systemd/system/openresty.service
@@ -59,10 +59,10 @@ EOF
 systemctl enable -q --now nightscout
 msg_ok "Created Service"
-cat <<EOF >~/nightscout.creds
+{
-Nightscout Credentials
+  echo "Nightscout Credentials"
-API_SECRET: ${API_SECRET}
+  echo "API_SECRET: ${API_SECRET}"
-EOF
+} >> ~/nightscout.creds
 motd_ssh
 customize
@@ -15,10 +15,10 @@ update_os
 msg_info "Installing Dependencies (Patience)"
 $STD apt install -y \
-    build-essential \
+  build-essential \
-    redis-server \
+  redis-server \
-    expect \
+  expect \
-    ca-certificates
+  ca-certificates
 msg_ok "Installed Dependencies"
 setup_mongodb
@@ -31,14 +31,14 @@ NODEBB_USER="nodebb"
 NODEBB_PWD="$(openssl rand -base64 18 | cut -c1-13)"
 MONGO_CONNECTION_STRING="mongodb://${NODEBB_USER}:${NODEBB_PWD}@localhost:27017/nodebb"
 NODEBB_SECRET=$(uuidgen)
-cat <<EOF >~/nodebb.creds
+{
-NodeBB-Credentials
+  echo "NodeBB-Credentials"
-Mongo Database User: $MONGO_ADMIN_USER
+  echo "Mongo Database User: $MONGO_ADMIN_USER"
-Mongo Database Password: $MONGO_ADMIN_PWD
+  echo "Mongo Database Password: $MONGO_ADMIN_PWD"
-NodeBB User: $NODEBB_USER
+  echo "NodeBB User: $NODEBB_USER"
-NodeBB Password: $NODEBB_PWD
+  echo "NodeBB Password: $NODEBB_PWD"
-NodeBB Secret: $NODEBB_SECRET
+  echo "NodeBB Secret: $NODEBB_SECRET"
-EOF
+} >>~/nodebb.creds
 $STD mongosh <<EOF
 use admin
@@ -42,12 +42,12 @@ $STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';"
 $STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;"
 $STD sudo -u postgres psql -c "ALTER DATABASE $DB_NAME OWNER TO $DB_USER;"
 $STD sudo -u postgres psql -c "ALTER USER $DB_USER WITH SUPERUSER;"
-cat <<EOF >~/odoo.creds
+{
-Odoo-Credentials
+  echo "Odoo-Credentials"
-Odoo Database User: $DB_USER
+  echo -e "Odoo Database User: $DB_USER"
-Odoo Database Password: $DB_PASS
+  echo -e "Odoo Database Password: $DB_PASS"
-Odoo Database Name: $DB_NAME
+  echo -e "Odoo Database Name: $DB_NAME"
-EOF
+} >>~/odoo.creds
 msg_ok "Setup PostgreSQL"
 msg_info "Configuring Odoo"
@@ -30,12 +30,12 @@ $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCO
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET default_transaction_isolation TO 'read committed';"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET timezone TO 'UTC'"
-cat <<EOF >~/onlyoffice.creds
+{
-ONLYOFFICE-Credentials
+  echo "ONLYOFFICE-Credentials"
-ONLYOFFICE Database User: $DB_USER
+  echo "ONLYOFFICE Database User: $DB_USER"
-ONLYOFFICE Database Password: $DB_PASS
+  echo "ONLYOFFICE Database Password: $DB_PASS"
-ONLYOFFICE Database Name: $DB_NAME
+  echo "ONLYOFFICE Database Name: $DB_NAME"
-EOF
+} >>~/onlyoffice.creds
 msg_ok "Set up Database"
 msg_info "Adding ONLYOFFICE GPG Key"
@@ -81,13 +81,16 @@ echo onlyoffice-documentserver onlyoffice/rabbitmq-pwd password $RMQ_PASS | debc
 echo onlyoffice-documentserver onlyoffice/jwt-enabled boolean true | debconf-set-selections
 echo onlyoffice-documentserver onlyoffice/jwt-secret password $JWT_SECRET | debconf-set-selections
-cat <<EOF >~/onlyoffice.creds
+echo "RabbitMQ User: $RMQ_USER" >>~/onlyoffice.creds
-
+echo "RabbitMQ Password: $RMQ_PASS" >>~/onlyoffice.creds
-ONLYOFFICE RabbitMQ Credentials
+echo "JWT Secret: $JWT_SECRET" >>~/onlyoffice.creds
-User: $RMQ_USER
+{
-Password: $RMQ_PASS
+  echo ""
-Secret: $JWT_SECRET
+  echo "ONLYOFFICE RabbitMQ Credentials"
-EOF
+  echo "User: $RMQ_USER"
  echo "Password: $RMQ_PASS"
  echo "Secret: $JWT_SECRET"
 } >>~/onlyoffice.creds
 msg_ok "Debconf Preconfiguration Done"
 msg_info "Installing ttf-mscorefonts-installer"
@@ -112,7 +112,7 @@ if grep -q 'authenticated' $PAPERCLIP_CONFIG; then
  PAPERCLIP_INVITE_URL=$(awk -F'Invite URL: ' '/Invite URL:/ {print $2; exit}' "$PAPERCLIP_BOOTSTRAP_LOG")
  PAPERCLIP_INVITE_EXPIRY=$(awk -F'Expires: ' '/Expires:/ {print $2; exit}' "$PAPERCLIP_BOOTSTRAP_LOG")
  if [[ -n "$PAPERCLIP_INVITE_URL" ]]; then
-    cat <<EOF >~/paperclip.creds
+    cat <<EOF >>~/paperclip.creds
 Paperclip Admin Invite
 Invite URL: ${PAPERCLIP_INVITE_URL}
@@ -56,12 +56,12 @@ curl -fsSL "https://raw.githubusercontent.com/paperless-ngx/paperless-ngx/main/p
 mkdir -p /opt/paperless_data/{consume,data,media,trash}
 mkdir -p /opt/paperless/static
 SECRET_KEY="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32)"
-cat <<EOF >~/paperless-ngx.creds
+{
-
+  echo ""
-Paperless-ngx Secret Key: $SECRET_KEY
+  echo "Paperless-ngx Secret Key: $SECRET_KEY"
-Paperless-ngx WebUI User: admin
+  echo "Paperless-ngx WebUI User: admin"
-Paperless-ngx WebUI Password: $PG_DB_PASS
+  echo "Paperless-ngx WebUI Password: $PG_DB_PASS"
-EOF
+} >>~/paperless-ngx.creds
 sed -i \
  -e 's|#PAPERLESS_REDIS=redis://localhost:6379|PAPERLESS_REDIS=redis://localhost:6379|' \
  -e "s|#PAPERLESS_CONSUMPTION_DIR=../consume|PAPERLESS_CONSUMPTION_DIR=/opt/paperless_data/consume|" \
@@ -30,11 +30,11 @@ $STD php bin/console cache:clear
 php bin/console doctrine:migrations:migrate -n >~/database-migration-output
 chown -R www-data:www-data /opt/partdb
 ADMIN_PASS=$(grep -oP 'The initial password for the "admin" user is: \K\w+' ~/database-migration-output)
-cat <<EOF >~/partdb.creds
+{
-
+  echo ""
-Part-DB Admin User: admin
+  echo "Part-DB Admin User: admin"
-Part-DB Admin Password: $ADMIN_PASS
+  echo "Part-DB Admin Password: $ADMIN_PASS"
-EOF
+} >>~/partdb.creds
 rm -rf ~/database-migration-output
 msg_ok "Installed Part-DB"
@@ -15,10 +15,10 @@ update_os
 msg_info "Installing Dependencies"
 $STD apt install -y \
-    git \
+  git \
-    nginx \
+  nginx \
-    redis-server \
+  redis-server \
-    cron
+  cron
 msg_ok "Installed Dependencies"
 setup_mariadb
@@ -35,12 +35,12 @@ mariadb-tzinfo-to-sql /usr/share/zoneinfo | mariadb mysql
 $STD mariadb -u root -e "CREATE DATABASE $DB_NAME;"
 $STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
 $STD mariadb -u root -e "GRANT ALL PRIVILEGES ON $DB_NAME.* TO '$DB_USER'@'localhost' WITH GRANT OPTION;"
-cat <<EOF >~/paymenter_db.creds
+{
-Paymenter Database Credentials
+  echo "Paymenter Database Credentials"
-Database: $DB_NAME
+  echo "Database: $DB_NAME"
-Username: $DB_USER
+  echo "Username: $DB_USER"
-Password: $DB_PASS
+  echo "Password: $DB_PASS"
-EOF
+} >>~/paymenter_db.creds
 cd /opt/paymenter
 cp .env.example .env
 $STD composer install --no-dev --optimize-autoloader --no-interaction
@@ -119,7 +119,7 @@ edns-packet-max=1232
 EOF
  if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
-    cat <<EOF >/etc/unbound/unbound.conf.d/pi-hole.conf
+    cat <<EOF >>/etc/unbound/unbound.conf.d/pi-hole.conf
  tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
 forward-zone:
  name: "."
@@ -15,21 +15,21 @@ update_os
 msg_info "Installing Dependencies"
 $STD apt install -y \
-    nginx \
+  nginx \
-    build-essential \
+  build-essential \
-    libpq-dev \
+  libpq-dev \
-    libxml2-dev \
+  libxml2-dev \
-    libxslt1-dev \
+  libxslt1-dev \
-    libxmlsec1-dev \
+  libxmlsec1-dev \
-    libxmlsec1-openssl \
+  libxmlsec1-openssl \
-    pkg-config \
+  pkg-config \
-    python3-dev \
+  python3-dev \
-    python3-venv \
+  python3-venv \
-    redis-server \
+  redis-server \
-    erlang-base \
+  erlang-base \
-    erlang-{asn1,crypto,eldap,ftp,inets,mnesia,os-mon,parsetools} \
+  erlang-{asn1,crypto,eldap,ftp,inets,mnesia,os-mon,parsetools} \
-    erlang-{public-key,runtime-tools,snmp,ssl,syntax-tools,tftp,tools,xmerl} \
+  erlang-{public-key,runtime-tools,snmp,ssl,syntax-tools,tftp,tools,xmerl} \
-    rabbitmq-server
+  rabbitmq-server
 msg_ok "Installed Dependencies"
 NODE_VERSION="24" NODE_MODULE="corepack" setup_nodejs
@@ -86,7 +86,7 @@ VITE_LIVE_BASE_URL=http://${LOCAL_IP}
 VITE_LIVE_BASE_PATH=/live"
 # Each Vite app needs its own .env for the build
 for app in web admin space; do
-    echo "$FRONTEND_ENV" >/opt/plane/apps/${app}/.env
+  echo "$FRONTEND_ENV" >/opt/plane/apps/${app}/.env
 done
 export NODE_OPTIONS="--max-old-space-size=4096"
 export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
@@ -271,14 +271,14 @@ WantedBy=multi-user.target
 EOF
 systemctl daemon-reload
 systemctl enable -q --now plane-api plane-worker plane-beat plane-live plane-space
-cat <<EOF >~/plane.creds
+{
-RabbitMQ User: plane
+  echo "RabbitMQ User: plane"
-RabbitMQ Password: ${RABBITMQ_PASS}
+  echo "RabbitMQ Password: ${RABBITMQ_PASS}"
-MinIO Access Key: ${MINIO_ACCESS_KEY}
+  echo "MinIO Access Key: ${MINIO_ACCESS_KEY}"
-MinIO Secret Key: ${MINIO_SECRET_KEY}
+  echo "MinIO Secret Key: ${MINIO_SECRET_KEY}"
-Secret Key: ${SECRET_KEY}
+  echo "Secret Key: ${SECRET_KEY}"
-Config: /opt/plane/apps/api/.env
+  echo "Config: /opt/plane/apps/api/.env"
-EOF
+} >>~/plane.creds
 msg_ok "Created Services and MinIO Bucket"
 msg_info "Configuring Nginx"
@@ -32,12 +32,12 @@ $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCO
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET default_transaction_isolation TO 'read committed';"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET timezone TO 'UTC'"
-cat <<EOF >~/planka.creds
+{
-PLANKA DB Credentials
+  echo "PLANKA DB Credentials"
-PLANKA Database User: $DB_USER
+  echo "PLANKA Database User: $DB_USER"
-PLANKA Database Password: $DB_PASS
+  echo "PLANKA Database Password: $DB_PASS"
-PLANKA Database Name: $DB_NAME
+  echo "PLANKA Database Name: $DB_NAME"
-EOF
+} >>~/planka.creds
 msg_ok "Set up PostgreSQL Database"
 fetch_and_deploy_gh_release "planka" "plankanban/planka" "prebuild" "latest" "/opt/planka" "planka-prebuild.zip"
@@ -67,14 +67,14 @@ echo "DEFAULT_ADMIN_NAME=$ADMIN_NAME" >>.env
 echo "DEFAULT_ADMIN_USERNAME=$ADMIN_USERNAME" >>.env
 $STD npm run db:seed
 sed -i '/# Temporary admin user creation settings/,$d' .env
-cat <<EOF >~/planka.creds
+{
-
+  echo ""
-PLANKA Admin Credentials
+  echo "PLANKA Admin Credentials"
-Admin Email: $ADMIN_EMAIL
+  echo "Admin Email: $ADMIN_EMAIL"
-Admin Password: $ADMIN_PASSWORD
+  echo "Admin Password: $ADMIN_PASSWORD"
-Admin Name: $ADMIN_NAME
+  echo "Admin Name: $ADMIN_NAME"
-Admin Username: $ADMIN_USERNAME
+  echo "Admin Username: $ADMIN_USERNAME"
-EOF
+} >>~/planka.creds
 msg_ok "Created Admin User"
 msg_info "Creating Service"
@@ -52,12 +52,12 @@ DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD mariadb -u root -e "CREATE DATABASE $DB_NAME;"
 $STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
 $STD mariadb -u root -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-cat <<EOF >~/pterodactyl-panel.creds
+{
-pterodactyl Panel-Credentials
+  echo "pterodactyl Panel-Credentials"
-pterodactyl Panel Database User: $DB_USER
+  echo "pterodactyl Panel Database User: $DB_USER"
-pterodactyl Panel Database Password: $DB_PASS
+  echo "pterodactyl Panel Database Password: $DB_PASS"
-pterodactyl Panel Database Name: $DB_NAME
+  echo "pterodactyl Panel Database Name: $DB_NAME"
-EOF
+} >>~/pterodactyl-panel.creds
 msg_ok "Set up MariaDB"
 read -p "${TAB3}Provide an email address for admin login, this should be a valid email address: " ADMIN_EMAIL
@@ -82,12 +82,12 @@ echo "* * * * * php /opt/pterodactyl-panel/artisan schedule:run >> /dev/null 2>&
 chown -R www-data:www-data /opt/pterodactyl-panel/*
 chmod -R 755 /opt/pterodactyl-panel/storage/* /opt/pterodactyl-panel/bootstrap/cache/
 ln -s /opt/pterodactyl-panel /var/www/pterodactyl
-cat <<EOF >~/pterodactyl-panel.creds
+{
-
+  echo ""
-pterodactyl Admin Username: admin
+  echo "pterodactyl Admin Username: admin"
-pterodactyl Admin Email: $ADMIN_EMAIL
+  echo "pterodactyl Admin Email: $ADMIN_EMAIL"
-pterodactyl Admin Password: $ADMIN_PASS
+  echo "pterodactyl Admin Password: $ADMIN_PASS"
-EOF
+} >>~/pterodactyl-panel.creds
 rm -rf "/opt/pterodactyl-panel/panel.tar.gz"
 rm -rf "/tmp/debsuryorg-archive-keyring.deb"
 echo "${RELEASE}" >/opt/"${APPLICATION}"_version.txt
@@ -24,11 +24,11 @@ msg_info "Setting up Radicale"
 cd /opt/radicale
 RNDPASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD htpasswd -c -b -5 /opt/radicale/users admin "$RNDPASS"
-cat <<EOF >~/radicale.creds
+{
-Radicale Credentials
+  echo "Radicale Credentials"
-Admin User: admin
+  echo "Admin User: admin"
-Admin Password: $RNDPASS
+  echo "Admin Password: $RNDPASS"
-EOF
+} >>~/radicale.creds
 mkdir -p /etc/radicale
 cat <<EOF >/etc/radicale/config
@@ -23,11 +23,11 @@ msg_info "Installing rclone"
 cd /opt/rclone
 RCLONE_PASSWORD=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD htpasswd -cb -B /opt/login.pwd admin "$RCLONE_PASSWORD"
-cat <<EOF >~/rclone.creds
+{
-rclone-Credentials
+  echo "rclone-Credentials"
-rclone User Name: admin
+  echo "rclone User Name: admin"
-rclone Password: $RCLONE_PASSWORD
+  echo "rclone Password: $RCLONE_PASSWORD"
-EOF
+} >>~/rclone.creds
 msg_ok "Installed rclone"
 msg_info "Creating Service"
@@ -27,18 +27,18 @@ while true; do
    echo -e "${TAB3}Do you accept the Splunk General Terms? (y/N): \c"
    read -r response
    case $response in
-    [Yy] | [Yy][Ee][Ss])
+        [Yy]|[Yy][Ee][Ss])
-        msg_ok "Terms accepted. Proceeding with installation..."
+            msg_ok "Terms accepted. Proceeding with installation..."
-        break
+            break
-        ;;
+            ;;
-    [Nn] | [Nn][Oo] | "")
+        [Nn]|[Nn][Oo]|"")
-        msg_error "Terms not accepted. Installation cannot proceed."
+            msg_error "Terms not accepted. Installation cannot proceed."
-        msg_error "Please review the terms and run the script again if you wish to proceed."
+            msg_error "Please review the terms and run the script again if you wish to proceed."
-        exit 254
+            exit 254
-        ;;
+            ;;
-    *)
+        *)
-        msg_error "Invalid response. Please enter 'y' for yes or 'n' for no."
+            msg_error "Invalid response. Please enter 'y' for yes or 'n' for no."
-        ;;
+            ;;
    esac
 done
@@ -59,13 +59,13 @@ msg_ok "Setup Splunk Enterprise v${RELEASE}"
 msg_info "Creating Splunk admin user"
 ADMIN_USER="admin"
 ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
-cat <<EOF >~/splunk.creds
+{
-Splunk-Credentials
+    echo "Splunk-Credentials"
-Username: $ADMIN_USER
+    echo "Username: $ADMIN_USER"
-Password: $ADMIN_PASS
+    echo "Password: $ADMIN_PASS"
-EOF
+} >> ~/splunk.creds
-cat <<EOF >"/opt/splunk/etc/system/local/user-seed.conf"
+cat << EOF > "/opt/splunk/etc/system/local/user-seed.conf"
 [user_info]
 USERNAME = $ADMIN_USER
 PASSWORD = $ADMIN_PASS
@@ -103,7 +103,7 @@ PATH=/opt/.venv/bin:/usr/lib/libreoffice/program:/usr/local/sbin:/usr/local/bin:
 EOF
 if [[ "$login_mode" == "true" ]]; then
-  cat <<EOF >/opt/Stirling-PDF/.env
+  cat <<EOF >>/opt/Stirling-PDF/.env
 # activate Login
 DISABLE_ADDITIONAL_FEATURES=false
 SECURITY_ENABLELOGIN=true
@@ -46,11 +46,11 @@ NODE_ENV=production
 NEXT_TELEMETRY_DISABLED=1
 EOF
 mkdir -p /opt/storyteller/data
-cat <<EOF >~/storyteller.creds
+{
-Storyteller Credentials
+  echo "Storyteller Credentials"
-=======================
+  echo "======================="
-Secret Key: ${STORYTELLER_SECRET_KEY}
+  echo "Secret Key: ${STORYTELLER_SECRET_KEY}"
-EOF
+} >~/storyteller.creds
 msg_ok "Set up Storyteller"
 msg_info "Building Storyteller"
@@ -106,13 +106,13 @@ TZ=UTC
 PYTHONUNBUFFERED=1
 YTDLP_PLUGIN_DIRS=/opt/yt_plugins
 EOF
-cat <<EOF >~/tubearchivist.creds
+{
-Tube Archivist Credentials
+  echo "Tube Archivist Credentials"
-==========================
+  echo "=========================="
-Username: admin
+  echo "Username: admin"
-Password: ${TA_PASSWORD}
+  echo "Password: ${TA_PASSWORD}"
-Elasticsearch Password: ${ES_PASSWORD}
+  echo "Elasticsearch Password: ${ES_PASSWORD}"
-EOF
+} >~/tubearchivist.creds
 systemctl enable -q --now redis-server
 msg_ok "Set up Tube Archivist"
@@ -38,13 +38,13 @@ $STD apt-get install -y twingate-connector
 msg_ok "Setup Twingate Connector"
 msg_info "Configure Twingate-Connector"
-cat <<EOF >/etc/twingate/connector.conf
+{
-TWINGATE_NETWORK=${network}
+  echo "TWINGATE_NETWORK=${network}"
-TWINGATE_ACCESS_TOKEN=${access_token}
+  echo "TWINGATE_ACCESS_TOKEN=${access_token}"
-TWINGATE_REFRESH_TOKEN=${refresh_token}
+  echo "TWINGATE_REFRESH_TOKEN=${refresh_token}"
-TWINGATE_LABEL_HOSTNAME=$(hostname)
+  echo "TWINGATE_LABEL_HOSTNAME=$(hostname)"
-TWINGATE_LABEL_DEPLOYED_BY=proxmox
+  echo "TWINGATE_LABEL_DEPLOYED_BY=proxmox"
-EOF
+} >/etc/twingate/connector.conf
 chmod 600 /etc/twingate/connector.conf
 msg_ok "Configured Twingate-Connector"
@@ -19,7 +19,7 @@ $STD apt install -y valkey openssl
 sed -i 's/^bind .*/bind 0.0.0.0/' /etc/valkey/valkey.conf
 PASS="$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9' | head -c32)"
-echo "requirepass $PASS" >>/etc/valkey/valkey.conf
+echo "requirepass $PASS" >> /etc/valkey/valkey.conf
 echo "$PASS" >~/valkey.creds
 chmod 600 ~/valkey.creds
@@ -27,11 +27,11 @@ MEMTOTAL_MB=$(free -m | grep ^Mem: | awk '{print $2}')
 # reserve 25% of a node type's maxmemory value for system use
 MAXMEMORY_MB=$((MEMTOTAL_MB * 75 / 100))
-echo "" >>/etc/valkey/valkey.conf
+echo "" >> /etc/valkey/valkey.conf
-echo "# Memory-optimized settings for small-scale deployments" >>/etc/valkey/valkey.conf
+echo "# Memory-optimized settings for small-scale deployments" >> /etc/valkey/valkey.conf
-echo "maxmemory ${MAXMEMORY_MB}mb" >>/etc/valkey/valkey.conf
+echo "maxmemory ${MAXMEMORY_MB}mb" >> /etc/valkey/valkey.conf
-echo "maxmemory-policy allkeys-lru" >>/etc/valkey/valkey.conf
+echo "maxmemory-policy allkeys-lru" >> /etc/valkey/valkey.conf
-echo "maxmemory-samples 10" >>/etc/valkey/valkey.conf
+echo "maxmemory-samples 10" >> /etc/valkey/valkey.conf
 msg_ok "Installed Valkey"
 echo
@@ -47,26 +47,26 @@ if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
    chown valkey:valkey "$TLS_CERT" "$TLS_KEY"
    if [[ ${tls_only,,} =~ ^(y|yes)$ ]]; then
-        cat <<EOF >/etc/valkey/valkey.conf
+    {
-
+      echo ""
-# TLS configuration generated by Proxmox VE Valkey helper-script
+      echo "# TLS configuration generated by Proxmox VE Valkey helper-script"
-port 0
+      echo "port 0"
-tls-port 6379
+      echo "tls-port 6379"
-tls-cert-file $TLS_DIR/valkey.crt
+      echo "tls-cert-file $TLS_DIR/valkey.crt"
-tls-key-file $TLS_DIR/valkey.key
+      echo "tls-key-file $TLS_DIR/valkey.key"
-tls-auth-clients no
+      echo "tls-auth-clients no"
-EOF
+    } >> /etc/valkey/valkey.conf
-        msg_ok "Enabled TLS-only mode on port 6379"
+    msg_ok "Enabled TLS-only mode on port 6379"
    else
-        cat <<EOF >/etc/valkey/valkey.conf
+    {
-
+      echo ""
-# TLS configuration generated by Proxmox VE Valkey helper-script
+      echo "# TLS configuration generated by Proxmox VE Valkey helper-script"
-tls-port 6380
+      echo "tls-port 6380"
-tls-cert-file $TLS_DIR/valkey.crt
+      echo "tls-cert-file $TLS_DIR/valkey.crt"
-tls-key-file $TLS_DIR/valkey.key
+      echo "tls-key-file $TLS_DIR/valkey.key"
-tls-auth-clients no
+      echo "tls-auth-clients no"
-EOF
+    } >> /etc/valkey/valkey.conf
-        msg_ok "Enabled TLS on port 6380 and TCP on 6379"
+    msg_ok "Enabled TLS on port 6380 and TCP on 6379"
    fi
 fi
@@ -35,14 +35,14 @@ $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_ADMIN_USER;"
 $STD sudo -u postgres psql -d "$DB_NAME" -c "GRANT USAGE ON SCHEMA public TO $DB_USER;"
 $STD sudo -u postgres psql -d "$DB_NAME" -c "GRANT CREATE ON SCHEMA public TO $DB_USER;"
 $STD sudo -u postgres psql -d "$DB_NAME" -c "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO $DB_USER;"
-cat <<EOF >~/warracker.creds
+{
-Application Credentials
+    echo "Application Credentials"
-DB_NAME: $DB_NAME
+    echo "DB_NAME: $DB_NAME"
-DB_USER: $DB_USER
+    echo "DB_USER: $DB_USER"
-DB_PASS: $DB_PASS
+    echo "DB_PASS: $DB_PASS"
-DB_ADMIN_USER: $DB_ADMIN_USER
+    echo "DB_ADMIN_USER: $DB_ADMIN_USER"
-DB_ADMIN_PASS: $DB_ADMIN_PASS
+    echo "DB_ADMIN_PASS: $DB_ADMIN_PASS"
-EOF
+} >>~/warracker.creds
 msg_ok "Setup PostgreSQL"
 fetch_and_deploy_gh_release "warracker" "sassanix/Warracker" "tarball" "latest" "/opt/warracker"
@@ -63,7 +63,7 @@ $STD sudo -u www-data php /opt/webtrees/index.php user Admin \
  --password="${WT_ADMIN_PASS}"
 $STD sudo -u www-data php /opt/webtrees/index.php user-setting Admin canadmin 1
-cat <<EOF >~/webtrees.creds
+cat <<EOF >>~/webtrees.creds
 Webtrees Admin User: Admin
 Webtrees Admin Password: ${WT_ADMIN_PASS}
@@ -24,11 +24,11 @@ msg_info "Setting up YT-DLP-WEBUI"
 mkdir -p /opt/yt-dlp-webui
 mkdir /downloads
 RPC_PASSWORD=$(openssl rand -base64 16)
-cat <<EOF >~/yt-dlp-webui.creds
+{
-yt-dlp-webui-Credentials
+  echo "yt-dlp-webui-Credentials"
-Username: admin
+  echo "Username: admin"
-Password: ${RPC_PASSWORD}
+  echo "Password: ${RPC_PASSWORD}"
-EOF
+} >>~/yt-dlp-webui.creds
 cat <<EOF >/opt/yt-dlp-webui/config.conf
 # Host where server will listen at (default: "0.0.0.0")
@@ -30,7 +30,7 @@ setup_deb822_repo \
 $STD apt install -y elasticsearch
 sed -i 's/^#\{0,2\} *-Xms[0-9]*g.*/-Xms2g/' /etc/elasticsearch/jvm.options
 sed -i 's/^#\{0,2\} *-Xmx[0-9]*g.*/-Xmx2g/' /etc/elasticsearch/jvm.options
-cat <<EOF >/etc/elasticsearch/elasticsearch.yml
+cat <<EOF >>/etc/elasticsearch/elasticsearch.yml
 discovery.type: single-node
 xpack.security.enabled: false
 bootstrap.memory_lock: false
@@ -29,14 +29,14 @@ systemctl start postgresql
 $STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';"
 $STD sudo -u postgres psql -c "CREATE USER $DB_ADMIN_USER WITH PASSWORD '$DB_ADMIN_PASS' SUPERUSER;"
 $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_ADMIN_USER;"
-cat <<EOF >~/zitadel.creds
+{
-Application Credentials
+  echo "Application Credentials"
-DB_NAME: $DB_NAME
+  echo "DB_NAME: $DB_NAME"
-DB_USER: $DB_USER
+  echo "DB_USER: $DB_USER"
-DB_PASS: $DB_PASS
+  echo "DB_PASS: $DB_PASS"
-DB_ADMIN_USER: $DB_ADMIN_USER
+  echo "DB_ADMIN_USER: $DB_ADMIN_USER"
-DB_ADMIN_PASS: $DB_ADMIN_PASS
+  echo "DB_ADMIN_PASS: $DB_ADMIN_PASS"
-EOF
+} >>~/zitadel.creds
 msg_ok "Installed PostgreSQL"
 fetch_and_deploy_gh_release "zitadel" "zitadel/zitadel" "prebuild" "latest" "/usr/local/bin" "zitadel-linux-$(arch_resolve).tar.gz"
@@ -45,10 +45,10 @@ msg_info "Setting up Zitadel Environments"
 mkdir -p /opt/zitadel
 echo "/opt/zitadel/config.yaml" >"/opt/zitadel/.config"
 head -c 32 < <(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9') >"/opt/zitadel/.masterkey"
-cat <<EOF >~/zitadel.creds
+{
-Config location: $(cat "/opt/zitadel/.config")
+  echo "Config location: $(cat "/opt/zitadel/.config")"
-Masterkey: $(cat "/opt/zitadel/.masterkey")
+  echo "Masterkey: $(cat "/opt/zitadel/.masterkey")"
-EOF
+} >>~/zitadel.creds
 cat <<EOF >/opt/zitadel/config.yaml
 Port: 8080
 ExternalPort: 8080
@@ -24,11 +24,11 @@ mkdir -p /etc/zot
 curl -fsSL https://raw.githubusercontent.com/project-zot/zot/refs/heads/main/examples/config-ui.json -o /etc/zot/config.json
 ZOTPASSWORD=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD htpasswd -b -B -c /etc/zot/htpasswd admin "$ZOTPASSWORD"
-cat <<EOF >~/zot.creds
+{
-Zot-Credentials
+  echo "Zot-Credentials"
-Zot User: admin
+  echo "Zot User: admin"
-Zot Password: $ZOTPASSWORD
+  echo "Zot Password: $ZOTPASSWORD"
-EOF
+} >>~/zot.creds
 msg_ok "Configured Zot Registry"
 msg_info "Setup Service"
@@ -266,47 +266,6 @@ download_gpg_key() {
  return 7
 }
 # ------------------------------------------------------------------------------
 # Edit a key-value pair in a YAML configuration file.
 #
 # Description:
 #   - Finds the first occurrence of the given key in the YAML file and replaces
 #     its value in-place using sed.
 #   - Handles both quoted and unquoted values on the same line.
 #   - The key is matched at the start of a line (optionally preceded by spaces),
 #     followed by a colon and optional whitespace.
 #   - If the key is not found, the function exits with a non-zero status and
 #     prints an error message.
 #
 # Usage:
 #   edit_yaml_config "/opt/myapp/config.yml" "database_host" "localhost"
 #   edit_yaml_config "/opt/myapp/config.yml" "port" "5432"
 #
 # Parameters:
 #   $1 - Path to the YAML file
 #   $2 - Key to find (e.g. "database_host")
 #   $3 - New value to set (e.g. "localhost")
 #
 # Returns: 0 on success, 1 if the file does not exist or the key is not found
 # ------------------------------------------------------------------------------
 edit_yaml_config() {
  local file="$1"
  local key="$2"
  local value="$3"
  if [[ ! -f "$file" ]]; then
    msg_error "edit_yaml_config: file not found: $file"
    return 1
  fi
  if ! grep -qE "^[[:space:]]*${key}[[:space:]]*:" "$file"; then
    msg_error "edit_yaml_config: key '${key}' not found in $file"
    return 1
  fi
  sed -i "s|^\([[:space:]]*${key}[[:space:]]*:\).*|\1 ${value}|" "$file"
 }
 # ------------------------------------------------------------------------------
 # Cache installed version to avoid repeated checks
 # ------------------------------------------------------------------------------
@@ -6164,6 +6123,7 @@ _setup_gpu_permissions() {
 #   - Requires: build-essential, libtool, libjpeg-dev, libpng-dev, etc.
 # ------------------------------------------------------------------------------
 setup_imagemagick() {
  local TMP_DIR=$(mktemp -d)
  local BINARY_PATH="/usr/local/bin/magick"
  # Get currently installed version
@@ -6194,39 +6154,51 @@ setup_imagemagick() {
    pkg-config \
    ghostscript
-  # Fetch and deploy source tarball from GitHub Releases
+  if ! CURL_TIMEOUT=180 curl_with_retry "https://imagemagick.org/archive/ImageMagick.tar.gz" "$TMP_DIR/ImageMagick.tar.gz"; then
-  fetch_and_deploy_gh_release "imagemagick" "ImageMagick/ImageMagick" "tarball" || {
+    msg_error "Failed to download ImageMagick"
-    msg_error "Failed to download ImageMagick source from GitHub"
+    msg_error "Hint: Check connectivity to imagemagick.org/archive"
-    msg_error "Hint: Check connectivity to github.com/ImageMagick/ImageMagick"
+    rm -rf "$TMP_DIR"
    return 250
  fi
  tar -xzf "$TMP_DIR/ImageMagick.tar.gz" -C "$TMP_DIR" || {
    msg_error "Failed to extract ImageMagick"
    rm -rf "$TMP_DIR"
    return 251
  }
-  cd /opt/imagemagick || {
+  cd "$TMP_DIR"/ImageMagick-* || {
-    msg_error "Failed to enter ImageMagick source directory"
+    msg_error "Source extraction failed"
    rm -rf "$TMP_DIR"
    return 251
  }
  $STD ./configure --disable-static || {
    msg_error "ImageMagick configure failed"
    rm -rf "$TMP_DIR"
    return 150
  }
  $STD make -j"$(nproc)" || {
    msg_error "ImageMagick compilation failed"
    rm -rf "$TMP_DIR"
    return 150
  }
  $STD make install || {
    msg_error "ImageMagick installation failed"
    rm -rf "$TMP_DIR"
    return 150
  }
  $STD ldconfig /usr/local/lib
  if [[ ! -x "$BINARY_PATH" ]]; then
    msg_error "ImageMagick installation failed"
    rm -rf "$TMP_DIR"
    return 150
  fi
  local FINAL_VERSION
  FINAL_VERSION=$("$BINARY_PATH" -version | awk '/^Version/ {print $3}')
  rm -rf "$TMP_DIR"
  cache_installed_version "imagemagick" "$FINAL_VERSION"
  ensure_usr_local_bin_persist
@@ -105,7 +105,7 @@ EOF
  yes)
    msg_info "Enabling 'pbs-no-subscription' repository"
    cat <<EOF >/etc/apt/sources.list.d/pbs-install-repo.list
-deb http://download.proxmox.com/debian/pbs bookworm pbs-no-subscription
+deb https://download.proxmox.com/debian/pbs bookworm pbs-no-subscription
 EOF
    msg_ok "Enabled 'pbs-no-subscription' repository"
    ;;
@@ -152,7 +152,7 @@ EOF
  yes)
    msg_info "Enabling 'pve-no-subscription' repository"
    cat <<EOF >/etc/apt/sources.list.d/pve-install-repo.list
-deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
+deb https://download.proxmox.com/debian/pve bookworm pve-no-subscription
 EOF
    msg_ok "Enabled 'pve-no-subscription' repository"
    ;;
@@ -70,7 +70,7 @@ EOF
  whiptail --backtitle "Proxmox VE Helper Scripts" --msgbox --title "PVE8-NO-SUBSCRIPTION" "The 'pve-no-subscription' repository provides access to all of the open-source components of Proxmox VE." 10 58
  msg_info "Enabling 'pve-no-subscription' repository"
  cat <<EOF >/etc/apt/sources.list.d/pve-install-repo.list
-deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
+deb https://download.proxmox.com/debian/pve bookworm pve-no-subscription
 EOF
  msg_ok "Enabled 'pve-no-subscription' repository"
Author	SHA1	Message	Date
CanbiZ (MickLesk)	5d8b0610d6	Update fmd-server.sh	2026-06-30 10:35:30 +02:00
push-app-to-main[bot]	c7b7bbcd7b	Add fmd-server (ct)	2026-06-29 18:48:25 +00:00