Add donate & script page badges to descriptions

Update LXC and VM description blocks to include donation and script page badges. Introduces script_slug, script_url and donate_url variables (derived from SCRIPT_SLUG or NSAPP/APP, normalized to lowercase and dashed) and uses them to build links. Replaces the old Ko-fi "Buy us a coffee" badge with a generic donate badge and adds an "Open Script Page" badge linking to the script detail page.
2026-04-10 20:15:05 +02:00 · 2026-04-08 16:05:13 +02:00
24 changed files with 19 additions and 509 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -439,68 +439,14 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit

 </details>

-## 2026-04-10
-
-### 🚀 Updated Scripts
-
-  - Immich: Pin version to 2.7.3 [@vhsdream](https://github.com/vhsdream) ([#13631](https://github.com/community-scripts/ProxmoxVE/pull/13631))
-
-  - #### ✨ New Features
-
-    - Homarr: bind Redis to localhost only [@MickLesk](https://github.com/MickLesk) ([#13552](https://github.com/community-scripts/ProxmoxVE/pull/13552))
-
-### 💾 Core
-
-  - #### 🐞 Bug Fixes
-
-    - tools.func: prevent script crash when entering GitHub token after rate limit [@MickLesk](https://github.com/MickLesk) ([#13638](https://github.com/community-scripts/ProxmoxVE/pull/13638))
-
-### 🧰 Tools
-
-  - #### 🔧 Refactor
-
-    - addons: Filebrowser & Filebrowser-Quantum get warning if host install [@MickLesk](https://github.com/MickLesk) ([#13639](https://github.com/community-scripts/ProxmoxVE/pull/13639))
-
-## 2026-04-09
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - boostack: add: git [@CrazyWolf13](https://github.com/CrazyWolf13) ([#13620](https://github.com/community-scripts/ProxmoxVE/pull/13620))
-
-  - #### ✨ New Features
-
-    - Update OPNsense version from 25.7 to 26.1 [@tdn131](https://github.com/tdn131) ([#13626](https://github.com/community-scripts/ProxmoxVE/pull/13626))
-    - CheckMK: Bump Default OS to 13 (trixie) + dynamic codename + fix RELEASE-Tag Fetching [@MickLesk](https://github.com/MickLesk) ([#13610](https://github.com/community-scripts/ProxmoxVE/pull/13610))
-
 ## 2026-04-08

-### 🆕 New Scripts
-
-  - IronClaw | Alpine-IronClaw ([#13591](https://github.com/community-scripts/ProxmoxVE/pull/13591))
-
 ### 🚀 Updated Scripts

  - #### 🐞 Bug Fixes

-    - immich: disable upgrade-insecure-requests CSP directive [@MickLesk](https://github.com/MickLesk) ([#13600](https://github.com/community-scripts/ProxmoxVE/pull/13600))
-    - Immich: v2.7.2 [@vhsdream](https://github.com/vhsdream) ([#13579](https://github.com/community-scripts/ProxmoxVE/pull/13579))
    - Update flaresolverr-install.sh [@maztheman](https://github.com/maztheman) ([#13584](https://github.com/community-scripts/ProxmoxVE/pull/13584))
-
-  - #### ✨ New Features
-
-    - bambuddy: add mkdir before data restore & add ffmpeg dependency [@MickLesk](https://github.com/MickLesk) ([#13601](https://github.com/community-scripts/ProxmoxVE/pull/13601))
-
-  - #### 🔧 Refactor
-
-    - feat: update UHF Server script to use setup_ffmpeg [@zackwithak13](https://github.com/zackwithak13) ([#13564](https://github.com/community-scripts/ProxmoxVE/pull/13564))
-
-### 💾 Core
-
-  - #### ✨ New Features
-
-    - core: add script page badges to descriptions | change donate URL [@MickLesk](https://github.com/MickLesk) ([#13596](https://github.com/community-scripts/ProxmoxVE/pull/13596))
+    - Immich: v2.7.2 [@vhsdream](https://github.com/vhsdream) ([#13579](https://github.com/community-scripts/ProxmoxVE/pull/13579))

 ## 2026-04-07

--- a/ct/alpine-ironclaw.sh
+++ b/ct/alpine-ironclaw.sh
@@ -1,71 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/nearai/ironclaw
-
-APP="Alpine-IronClaw"
-var_tags="${var_tags:-ai;agent;alpine}"
-var_cpu="${var_cpu:-1}"
-var_ram="${var_ram:-1024}"
-var_disk="${var_disk:-8}"
-var_os="${var_os:-alpine}"
-var_version="${var_version:-3.23}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -f /usr/local/bin/ironclaw ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "ironclaw-bin" "nearai/ironclaw"; then
-    msg_info "Stopping Service"
-    rc-service ironclaw stop 2>/dev/null || true
-    msg_ok "Stopped Service"
-
-    msg_info "Backing up Configuration"
-    cp /root/.ironclaw/.env /root/ironclaw.env.bak
-    msg_ok "Backed up Configuration"
-
-    fetch_and_deploy_gh_release "ironclaw-bin" "nearai/ironclaw" "prebuild" "latest" "/usr/local/bin" \
-      "ironclaw-$(uname -m)-unknown-linux-musl.tar.gz"
-    chmod +x /usr/local/bin/ironclaw
-
-    msg_info "Restoring Configuration"
-    cp /root/ironclaw.env.bak /root/.ironclaw/.env
-    rm -f /root/ironclaw.env.bak
-    msg_ok "Restored Configuration"
-
-    msg_info "Starting Service"
-    rc-service ironclaw start
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Complete setup by running:${CL}"
-echo -e "${TAB}${BGN}ironclaw onboard${CL}"
-echo -e "${INFO}${YW} Then start the service:${CL}"
-echo -e "${TAB}${BGN}rc-service ironclaw start${CL}"
-echo -e "${INFO}${YW} Access the Web UI at:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"
-echo -e "${INFO}${YW} Auth token and database credentials:${CL}"
-echo -e "${TAB}${BGN}cat /root/.ironclaw/.env${CL}"
--- a/ct/bambuddy.sh
+++ b/ct/bambuddy.sh
@@ -29,8 +29,6 @@ function update_script() {
    exit
  fi

-  ensure_dependencies ffmpeg
-
  if check_for_gh_release "bambuddy" "maziggy/bambuddy"; then
    msg_info "Stopping Service"
    systemctl stop bambuddy
@@ -56,7 +54,6 @@ function update_script() {
    msg_ok "Rebuilt Frontend"

    msg_info "Restoring Configuration and Data"
-    mkdir -p /opt/bambuddy/data
    cp /opt/bambuddy.env.bak /opt/bambuddy/.env
    cp -r /opt/bambuddy_data_bak/. /opt/bambuddy/data/
    rm -f /opt/bambuddy.env.bak
--- a/ct/bookstack.sh
+++ b/ct/bookstack.sh
@@ -29,7 +29,6 @@ function update_script() {
    exit
  fi
  setup_mariadb
-  ensure_dependencies git
  if check_for_gh_release "bookstack" "BookStackApp/BookStack"; then
    msg_info "Stopping Apache2"
    systemctl stop apache2
--- a/ct/checkmk.sh
+++ b/ct/checkmk.sh
@@ -11,7 +11,7 @@ var_cpu="${var_cpu:-2}"
 var_ram="${var_ram:-2048}"
 var_disk="${var_disk:-6}"
 var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
+var_version="${var_version:-12}"
 var_unprivileged="${var_unprivileged:-1}"

 header_info "$APP"
@@ -29,11 +29,10 @@ function update_script() {
  fi

  RELEASE=$(curl -fsSL https://api.github.com/repos/checkmk/checkmk/tags | grep "name" | awk '{print substr($2, 3, length($2)-4) }' | tr ' ' '\n' | grep -Ev 'rc|b' | sort -V | tail -n 1)
-  RELEASE="${RELEASE%%+*}"
  msg_info "Updating ${APP} to v${RELEASE}"
  $STD omd stop monitoring
  $STD omd cp monitoring monitoringbackup
-  curl -fsSL "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-raw-${RELEASE}_0.$(get_os_info codename)_amd64.deb" -o "/opt/checkmk.deb"
+  curl -fsSL "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-raw-${RELEASE}_0.bookworm_amd64.deb" -o "/opt/checkmk.deb"
  $STD apt-get install -y /opt/checkmk.deb
  $STD omd --force -V ${RELEASE}.cre update --conflict=install monitoring
  $STD omd start monitoring
--- a/ct/headers/alpine-ironclaw
+++ b/ct/headers/alpine-ironclaw
@@ -1,6 +0,0 @@
-    ___    __      _                  ____                 ________              
-   /   |  / /___  (_)___  ___        /  _/________  ____  / ____/ /___ __      __
-  / /| | / / __ \/ / __ \/ _ \______ / // ___/ __ \/ __ \/ /   / / __ `/ | /| / /
- / ___ |/ / /_/ / / / / /  __/_____// // /  / /_/ / / / / /___/ / /_/ /| |/ |/ / 
-/_/  |_/_/ .___/_/_/ /_/\___/     /___/_/   \____/_/ /_/\____/_/\__,_/ |__/|__/  
-        /_/                                                                      
--- a/ct/headers/ironclaw
+++ b/ct/headers/ironclaw
@@ -1,6 +0,0 @@
-    ____                 ________              
-   /  _/________  ____  / ____/ /___ __      __
-   / // ___/ __ \/ __ \/ /   / / __ `/ | /| / /
- _/ // /  / /_/ / / / / /___/ / /_/ /| |/ |/ / 
-/___/_/   \____/_/ /_/\____/_/\__,_/ |__/|__/  
-                                               
--- a/ct/homarr.sh
+++ b/ct/homarr.sh
@@ -65,7 +65,6 @@ EOF

    msg_info "Updating Homarr"
    cp /opt/homarr/redis.conf /etc/redis/redis.conf
-    grep -q '^bind 127.0.0.1 -::1$' /etc/redis/redis.conf || echo "bind 127.0.0.1 -::1" >> /etc/redis/redis.conf
    rm /etc/nginx/nginx.conf
    cp /opt/homarr/nginx.conf /etc/nginx/templates/nginx.conf
    msg_ok "Updated Homarr"
--- a/ct/immich.sh
+++ b/ct/immich.sh
@@ -109,7 +109,7 @@ EOF
    msg_ok "Image-processing libraries up to date"
  fi

-  RELEASE="v2.7.3"
+  RELEASE="v2.7.2"
  if check_for_gh_release "Immich" "immich-app/immich" "${RELEASE}" "each release is tested individually before the version is updated. Please do not open issues for this"; then
    if [[ $(cat ~/.immich) > "2.5.1" ]]; then
      msg_info "Enabling Maintenance Mode"
@@ -181,12 +181,6 @@ EOF
    unset SHARP_IGNORE_GLOBAL_LIBVIPS
    export SHARP_FORCE_GLOBAL_LIBVIPS=true
    $STD pnpm --filter immich --frozen-lockfile --prod --no-optional deploy "$APP_DIR"
-
-    # Patch helmet.json: disable upgrade-insecure-requests for HTTP access
-    if [[ -f "$APP_DIR/helmet.json" ]]; then
-      jq '.contentSecurityPolicy.directives["upgrade-insecure-requests"] = null' "$APP_DIR/helmet.json" >"$APP_DIR/helmet.json.tmp" && mv "$APP_DIR/helmet.json.tmp" "$APP_DIR/helmet.json"
-    fi
-
    cp "$APP_DIR"/package.json "$APP_DIR"/bin
    sed -i "s|^start|${APP_DIR}/bin/start|" "$APP_DIR"/bin/immich-admin

--- a/ct/ironclaw.sh
+++ b/ct/ironclaw.sh
@@ -1,71 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/nearai/ironclaw
-
-APP="IronClaw"
-var_tags="${var_tags:-ai;agent;security}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-2048}"
-var_disk="${var_disk:-8}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -f /usr/local/bin/ironclaw ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "ironclaw-bin" "nearai/ironclaw"; then
-    msg_info "Stopping Service"
-    systemctl stop ironclaw
-    msg_ok "Stopped Service"
-
-    msg_info "Backing up Configuration"
-    cp /root/.ironclaw/.env /root/ironclaw.env.bak
-    msg_ok "Backed up Configuration"
-
-    fetch_and_deploy_gh_release "ironclaw-bin" "nearai/ironclaw" "prebuild" "latest" "/usr/local/bin" \
-      "ironclaw-$(uname -m)-unknown-linux-$([[ -f /etc/alpine-release ]] && echo "musl" || echo "gnu").tar.gz"
-    chmod +x /usr/local/bin/ironclaw
-
-    msg_info "Restoring Configuration"
-    cp /root/ironclaw.env.bak /root/.ironclaw/.env
-    rm -f /root/ironclaw.env.bak
-    msg_ok "Restored Configuration"
-
-    msg_info "Starting Service"
-    systemctl start ironclaw
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Complete setup by running:${CL}"
-echo -e "${TAB}${BGN}ironclaw onboard${CL}"
-echo -e "${INFO}${YW} Then start the service:${CL}"
-echo -e "${TAB}${BGN}systemctl start ironclaw${CL}"
-echo -e "${INFO}${YW} Access the Web UI at:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"
-echo -e "${INFO}${YW} Auth token and database credentials:${CL}"
-echo -e "${TAB}${BGN}cat /root/.ironclaw/.env${CL}"
--- a/ct/uhf.sh
+++ b/ct/uhf.sh
@@ -38,14 +38,8 @@ function update_script() {
    $STD apt -y upgrade
    msg_ok "Updated LXC"

-    msg_info "Updating UHF Server"
-    if dpkg -l ffmpeg 2>&1 | grep -q "ii"; then
-      apt remove ffmpeg -y && apt autoremove -y
-    fi
-    setup_ffmpeg
    fetch_and_deploy_gh_release "comskip" "swapplications/comskip" "prebuild" "latest" "/opt/comskip" "comskip-x64-*.zip"
    fetch_and_deploy_gh_release "uhf-server" "swapplications/uhf-server-dist" "prebuild" "latest" "/opt/uhf-server" "UHF.Server-linux-x64-*.zip"
-    msg_ok "Updated UHF Server"

    msg_info "Starting Service"
    systemctl start uhf-server
--- a/install/alpine-ironclaw-install.sh
+++ b/install/alpine-ironclaw-install.sh
@@ -1,75 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/nearai/ironclaw
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apk add openssl
-msg_ok "Installed Dependencies"
-
-msg_info "Installing PostgreSQL"
-$STD apk add postgresql17 postgresql17-openrc postgresql-pgvector postgresql-common
-$STD rc-service postgresql setup
-$STD rc-update add postgresql default
-$STD rc-service postgresql start
-msg_ok "Installed PostgreSQL"
-
-msg_info "Setting up Database"
-PG_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)
-$STD su -s /bin/sh postgres -c "psql -c \"CREATE ROLE ironclaw WITH LOGIN PASSWORD '${PG_PASS}';\""
-$STD su -s /bin/sh postgres -c "psql -c \"CREATE DATABASE ironclaw WITH OWNER ironclaw;\""
-$STD su -s /bin/sh postgres -c "psql -d ironclaw -c \"CREATE EXTENSION IF NOT EXISTS vector;\""
-msg_ok "Set up Database"
-
-fetch_and_deploy_gh_release "ironclaw-bin" "nearai/ironclaw" "prebuild" "latest" "/usr/local/bin" \
-  "ironclaw-$(uname -m)-unknown-linux-musl.tar.gz"
-chmod +x /usr/local/bin/ironclaw
-
-msg_info "Configuring IronClaw"
-mkdir -p /root/.ironclaw
-GATEWAY_TOKEN=$(openssl rand -hex 32)
-cat <<EOF >/root/.ironclaw/.env
-DATABASE_URL=postgresql://ironclaw:${PG_PASS}@localhost:5432/ironclaw?sslmode=disable
-GATEWAY_ENABLED=true
-GATEWAY_HOST=0.0.0.0
-GATEWAY_PORT=3000
-GATEWAY_AUTH_TOKEN=${GATEWAY_TOKEN}
-CLI_ENABLED=false
-AGENT_NAME=ironclaw
-RUST_LOG=ironclaw=info,tower_http=info
-EOF
-chmod 600 /root/.ironclaw/.env
-msg_ok "Configured IronClaw"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/init.d/ironclaw
-#!/sbin/openrc-run
-
-name="IronClaw"
-description="IronClaw AI Agent"
-command="/usr/local/bin/ironclaw"
-command_background=true
-pidfile="/run/ironclaw.pid"
-directory="/root"
-supervise_daemon_args="--env-file /root/.ironclaw/.env"
-
-depend() {
-  need net postgresql
-}
-EOF
-chmod +x /etc/init.d/ironclaw
-$STD rc-update add ironclaw default
-msg_ok "Created Service"
-
-motd_ssh
-customize
--- a/install/bambuddy-install.sh
+++ b/install/bambuddy-install.sh
@@ -14,7 +14,7 @@ network_check
 update_os

 msg_info "Installing Dependencies"
-$STD apt install -y libglib2.0-0 ffmpeg
+$STD apt install -y libglib2.0-0
 msg_ok "Installed Dependencies"

 PYTHON_VERSION="3.13" setup_uv
--- a/install/bookstack-install.sh
+++ b/install/bookstack-install.sh
@@ -14,9 +14,7 @@ network_check
 update_os

 msg_info "Installing Dependencies"
-$STD apt install -y \
-  make \
-  git
+$STD apt install -y make
 msg_ok "Installed Dependencies"

 PHP_VERSION="8.3" PHP_APACHE="YES" PHP_FPM="YES" PHP_MODULE="ldap,tidy,mysqli" setup_php
--- a/install/checkmk-install.sh
+++ b/install/checkmk-install.sh
@@ -15,8 +15,7 @@ update_os

 msg_info "Install Checkmk"
 RELEASE=$(curl -fsSL https://api.github.com/repos/checkmk/checkmk/tags | grep "name" | awk '{print substr($2, 3, length($2)-4) }' | tr ' ' '\n' | grep -Ev 'rc|b' | sort -V | tail -n 1)
-RELEASE="${RELEASE%%+*}"
-curl -fsSL "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-raw-${RELEASE}_0.$(get_os_info codename)_amd64.deb" -o "/opt/checkmk.deb"
+curl -fsSL "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-raw-${RELEASE}_0.bookworm_amd64.deb" -o "/opt/checkmk.deb"
 $STD apt-get install -y /opt/checkmk.deb
 rm -rf /opt/checkmk.deb
 echo "${RELEASE}" >"/opt/checkmk_version.txt"
--- a/install/homarr-install.sh
+++ b/install/homarr-install.sh
@@ -47,7 +47,6 @@ mkdir -p /appdata/redis
 chown -R redis:redis /appdata/redis
 chmod 744 /appdata/redis
 cp /opt/homarr/redis.conf /etc/redis/redis.conf
-grep -q '^bind 127.0.0.1 -::1$' /etc/redis/redis.conf || echo "bind 127.0.0.1 -::1" >>/etc/redis/redis.conf
 rm /etc/nginx/nginx.conf
 mkdir -p /etc/nginx/templates
 cp /opt/homarr/nginx.conf /etc/nginx/templates/nginx.conf
@@ -81,7 +80,7 @@ chmod +x /opt/homarr/run.sh
 systemctl daemon-reload
 systemctl enable -q --now redis-server
 systemctl enable -q --now homarr
-systemctl disable -q --now nginx
+systemctl disable -q --now nginx 
 msg_ok "Created Services"

 motd_ssh
--- a/install/immich-install.sh
+++ b/install/immich-install.sh
@@ -295,7 +295,7 @@ ML_DIR="${APP_DIR}/machine-learning"
 GEO_DIR="${INSTALL_DIR}/geodata"
 mkdir -p {"${APP_DIR}","${UPLOAD_DIR}","${GEO_DIR}","${INSTALL_DIR}"/cache}

-fetch_and_deploy_gh_release "Immich" "immich-app/immich" "tarball" "v2.7.3" "$SRC_DIR"
+fetch_and_deploy_gh_release "Immich" "immich-app/immich" "tarball" "v2.7.2" "$SRC_DIR"
 PNPM_VERSION="$(jq -r '.packageManager | split("@")[1] | split("+")[0]' ${SRC_DIR}/package.json)"
 NODE_VERSION="24" NODE_MODULE="pnpm@${PNPM_VERSION}" setup_nodejs

@@ -312,12 +312,6 @@ $STD pnpm --filter immich --frozen-lockfile build
 unset SHARP_IGNORE_GLOBAL_LIBVIPS
 export SHARP_FORCE_GLOBAL_LIBVIPS=true
 $STD pnpm --filter immich --frozen-lockfile --prod --no-optional deploy "$APP_DIR"
-
-# Patch helmet.json: disable upgrade-insecure-requests for HTTP access
-if [[ -f "$APP_DIR/helmet.json" ]]; then
-  jq '.contentSecurityPolicy.directives["upgrade-insecure-requests"] = null' "$APP_DIR/helmet.json" >"$APP_DIR/helmet.json.tmp" && mv "$APP_DIR/helmet.json.tmp" "$APP_DIR/helmet.json"
-fi
-
 cp "$APP_DIR"/package.json "$APP_DIR"/bin
 sed -i "s|^start|${APP_DIR}/bin/start|" "$APP_DIR"/bin/immich-admin

--- a/install/ironclaw-install.sh
+++ b/install/ironclaw-install.sh
@@ -1,61 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/nearai/ironclaw
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-PG_VERSION="17" PG_MODULES="pgvector" setup_postgresql
-PG_DB_NAME="ironclaw" PG_DB_USER="ironclaw" PG_DB_EXTENSIONS="vector" setup_postgresql_db
-
-fetch_and_deploy_gh_release "ironclaw-bin" "nearai/ironclaw" "prebuild" "latest" "/usr/local/bin" \
-  "ironclaw-$(uname -m)-unknown-linux-$([[ -f /etc/alpine-release ]] && echo "musl" || echo "gnu").tar.gz"
-chmod +x /usr/local/bin/ironclaw
-
-msg_info "Configuring IronClaw"
-mkdir -p /root/.ironclaw
-GATEWAY_TOKEN=$(openssl rand -hex 32)
-cat <<EOF >/root/.ironclaw/.env
-DATABASE_URL=postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}?sslmode=disable
-GATEWAY_ENABLED=true
-GATEWAY_HOST=0.0.0.0
-GATEWAY_PORT=3000
-GATEWAY_AUTH_TOKEN=${GATEWAY_TOKEN}
-CLI_ENABLED=false
-AGENT_NAME=ironclaw
-RUST_LOG=ironclaw=info,tower_http=info
-EOF
-chmod 600 /root/.ironclaw/.env
-msg_ok "Configured IronClaw"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/ironclaw.service
-[Unit]
-Description=IronClaw AI Agent
-After=network.target postgresql.service
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/root
-ExecStart=/usr/local/bin/ironclaw
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q ironclaw
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc
--- a/install/uhf-install.sh
+++ b/install/uhf-install.sh
@@ -15,7 +15,7 @@ update_os
 setup_hwaccel

 msg_info "Installing Dependencies"
-setup_ffmpeg
+$STD apt install -y ffmpeg
 msg_ok "Installed Dependencies"

 msg_info "Setting Up UHF Server Environment"
--- a/misc/build.func
+++ b/misc/build.func
@@ -1054,7 +1054,7 @@ load_vars_file() {

  # Allowed var_* keys
  local VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_keyctl
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu var_keyctl
    var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
    var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
    var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain
@@ -1255,7 +1255,7 @@ default_var_settings() {
  # Allowed var_* keys (alphabetically sorted)
  # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
  local VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_keyctl
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu var_keyctl
    var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
    var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
    var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
@@ -1350,10 +1350,6 @@ var_verbose=no

 # Security (root PW) – empty => autologin
 # var_pw=
-
-# GitHub Personal Access Token (optional – avoids API rate limits during installs)
-# Create at https://github.com/settings/tokens – read-only public access is sufficient
-# var_github_token=ghp_your_token_here
 EOF

    # Now choose storages (always prompt unless just one exists)
@@ -1391,11 +1387,6 @@ EOF
    VERBOSE="no"
  fi

-  # 4) Map var_github_token → GITHUB_TOKEN (only if not already set in environment)
-  if [[ -z "${GITHUB_TOKEN:-}" && -n "${var_github_token:-}" ]]; then
-    export GITHUB_TOKEN="${var_github_token}"
-  fi
-
  # 4) Apply base settings and show summary
  METHOD="mydefaults-global"
  base_settings "$VERBOSE"
@@ -1428,7 +1419,7 @@ get_app_defaults_path() {
 if ! declare -p VAR_WHITELIST >/dev/null 2>&1; then
  # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
  declare -ag VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu
    var_gateway var_hostname var_ipv6_method var_mac var_mtu
    var_net var_ns var_os var_pw var_ram var_tags var_tun var_unprivileged
    var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
--- a/misc/tools.func
+++ b/misc/tools.func
@@ -1117,87 +1117,15 @@ is_package_installed() {
  fi
 }

-# ------------------------------------------------------------------------------
-# validate_github_token()
-# Checks a GitHub token via the /user endpoint.
-# Prints a status message and returns:
-#   0 - token is valid
-#   1 - token is invalid / expired (HTTP 401)
-#   2 - token has no public repo scope (HTTP 200 but missing scope)
-#   3 - network/API error
-# Also reports expiry date if the token carries an x-oauth-expiry header.
-# ------------------------------------------------------------------------------
-validate_github_token() {
-  local token="${1:-${GITHUB_TOKEN:-}}"
-  [[ -z "$token" ]] && return 3
-
-  local response headers http_code expiry_date scopes
-  headers=$(mktemp)
-  response=$(curl -sSL -w "%{http_code}" \
-    -D "$headers" \
-    -o /dev/null \
-    -H "Authorization: Bearer $token" \
-    -H "Accept: application/vnd.github+json" \
-    -H "X-GitHub-Api-Version: 2022-11-28" \
-    "https://api.github.com/user" 2>/dev/null) || { rm -f "$headers"; return 3; }
-  http_code="$response"
-
-  # Read expiry header (fine-grained PATs carry this)
-  expiry_date=$(grep -i '^github-authentication-token-expiration:' "$headers" \
-    | sed 's/.*: *//' | tr -d '\r\n' || true)
-  # Read token scopes (classic PATs)
-  scopes=$(grep -i '^x-oauth-scopes:' "$headers" \
-    | sed 's/.*: *//' | tr -d '\r\n' || true)
-  rm -f "$headers"
-
-  case "$http_code" in
-    200)
-      if [[ -n "$expiry_date" ]]; then
-        msg_ok "GitHub token is valid (expires: $expiry_date)."
-      else
-        msg_ok "GitHub token is valid (no expiry / fine-grained PAT)."
-      fi
-      # Warn if classic PAT has no public_repo scope
-      if [[ -n "$scopes" && "$scopes" != *"public_repo"* && "$scopes" != *"repo"* ]]; then
-        msg_warn "Token has no 'public_repo' scope - private repos and some release APIs may fail."
-        return 2
-      fi
-      return 0
-      ;;
-    401)
-      msg_error "GitHub token is invalid or expired (HTTP 401)."
-      return 1
-      ;;
-    *)
-      msg_warn "GitHub token validation returned HTTP $http_code - treating as valid."
-      return 0
-      ;;
-  esac
-}
-
 # ------------------------------------------------------------------------------
 # Prompt user to enter a GitHub Personal Access Token (PAT) interactively
 # Returns 0 if a valid token was provided, 1 otherwise
 # ------------------------------------------------------------------------------
 prompt_for_github_token() {
  if [[ ! -t 0 ]]; then
-    # Non-interactive: pick up var_github_token if set (from default.vars / app.vars / env)
-    if [[ -z "${GITHUB_TOKEN:-}" && -n "${var_github_token:-}" ]]; then
-      export GITHUB_TOKEN="${var_github_token}"
-      msg_ok "GitHub token loaded from var_github_token."
-      return 0
-    fi
    return 1
  fi

-  # Prefer var_github_token when already set and no interactive override needed
-  if [[ -z "${GITHUB_TOKEN:-}" && -n "${var_github_token:-}" ]]; then
-    export GITHUB_TOKEN="${var_github_token}"
-    msg_ok "GitHub token loaded from var_github_token."
-    validate_github_token || true
-    return 0
-  fi
-
  local reply
  read -rp "${TAB}Would you like to enter a GitHub Personal Access Token (PAT)? [y/N]: " reply
  reply="${reply:-n}"
@@ -1219,16 +1147,10 @@ prompt_for_github_token() {
      msg_warn "Token must not contain spaces. Please try again."
      continue
    fi
-    # Validate before accepting
-    export GITHUB_TOKEN="$token"
-    if validate_github_token "$token"; then
-      break
-    else
-      msg_warn "Please enter a valid token, or press Ctrl+C to abort."
-      unset GITHUB_TOKEN
-    fi
+    break
  done

+  export GITHUB_TOKEN="$token"
  msg_ok "GitHub token has been set."
  return 0
 }
@@ -2938,7 +2860,7 @@ function fetch_and_deploy_codeberg_release() {

  while ((attempt < ${#api_timeouts[@]})); do
    resp=$(curl --connect-timeout 10 --max-time "${api_timeouts[$attempt]}" -fsSL -w "%{http_code}" -o /tmp/codeberg_rel.json "$api_url") && success=true && break
-    attempt=$((attempt + 1))
+    ((attempt++))
    if ((attempt < ${#api_timeouts[@]})); then
      msg_warn "API request timed out after ${api_timeouts[$((attempt - 1))]}s, retrying... (attempt $((attempt + 1))/${#api_timeouts[@]})"
    fi
@@ -3448,8 +3370,7 @@ function fetch_and_deploy_gh_release() {
        if prompt_for_github_token; then
          header=(-H "Authorization: token $GITHUB_TOKEN")
          retry_delay=2
-          attempt=1
-          continue
+          attempt=0
        fi
      fi
    else
--- a/tools/addon/filebrowser-quantum.sh
+++ b/tools/addon/filebrowser-quantum.sh
@@ -43,21 +43,6 @@ IP=$(ip -4 addr show "$IFACE" | awk '/inet / {print $2}' | cut -d/ -f1 | head -n
 [[ -z "$IP" ]] && IP=$(hostname -I | awk '{print $1}')
 [[ -z "$IP" ]] && IP="127.0.0.1"

-# Proxmox Host Warning
-if [[ -d "/etc/pve" ]]; then
-  echo -e "${RD}⚠️  Warning: Running this addon directly on the Proxmox host is not recommended!${CL}"
-  echo -e "${YW}   Only the boot disk will be visible — passthrough drives will not be indexed.${CL}"
-  echo -e "${YW}   This causes incorrect disk usage stats and incomplete file browsing.${CL}"
-  echo -e "${YW}   Run this addon inside an LXC or VM instead and mount your drives there.${CL}"
-  echo ""
-  echo -n "Continue anyway on the Proxmox host? (y/N): "
-  read -r host_confirm
-  if [[ ! "${host_confirm,,}" =~ ^(y|yes)$ ]]; then
-    echo -e "${YW}Aborted.${CL}"
-    exit 0
-  fi
-fi
-
 # OS Detection
 if [[ -f "/etc/alpine-release" ]]; then
  OS="Alpine"
--- a/tools/addon/filebrowser.sh
+++ b/tools/addon/filebrowser.sh
@@ -41,21 +41,6 @@ IP=$(ip -4 addr show "$IFACE" | awk '/inet / {print $2}' | cut -d/ -f1 | head -n
 [[ -z "$IP" ]] && IP=$(hostname -I | awk '{print $1}')
 [[ -z "$IP" ]] && IP="127.0.0.1"

-# Proxmox Host Warning
-if [[ -d "/etc/pve" ]]; then
-  echo -e "${RD}⚠️  Warning: Running this addon directly on the Proxmox host is not recommended!${CL}"
-  echo -e "${YW}   Only the boot disk will be visible — passthrough drives will not be indexed.${CL}"
-  echo -e "${YW}   This causes incorrect disk usage stats and incomplete file browsing.${CL}"
-  echo -e "${YW}   Run this addon inside an LXC or VM instead and mount your drives there.${CL}"
-  echo ""
-  echo -n "Continue anyway on the Proxmox host? (y/N): "
-  read -r host_confirm
-  if [[ ! "${host_confirm,,}" =~ ^(y|yes)$ ]]; then
-    echo -e "${YW}Aborted.${CL}"
-    exit 0
-  fi
-fi
-
 # Detect OS
 if [[ -f "/etc/alpine-release" ]]; then
  OS="Alpine"
--- a/vm/opnsense-vm.sh
+++ b/vm/opnsense-vm.sh
@@ -24,7 +24,7 @@ RANDOM_UUID="$(cat /proc/sys/kernel/random/uuid)"
 METHOD=""
 NSAPP="opnsense-vm"
 var_os="opnsense"
-var_version="26.1"
+var_version="25.7"
 #
 GEN_MAC=02:$(openssl rand -hex 5 | awk '{print toupper($0)}' | sed 's/\(..\)/\1:/g; s/.$//')
 GEN_MAC_LAN=02:$(openssl rand -hex 5 | awk '{print toupper($0)}' | sed 's/\(..\)/\1:/g; s/.$//')
@@ -797,7 +797,7 @@ if [ -n "$WAN_BRG" ]; then
  msg_ok "WAN interface added"
  sleep 5 # Brief pause after adding network interface
 fi
-send_line_to_vm "sh ./opnsense-bootstrap.sh.in -y -f -r 26.1"
+send_line_to_vm "sh ./opnsense-bootstrap.sh.in -y -f -r 25.7"
 msg_ok "OPNsense VM is being installed, do not close the terminal, or the installation will fail."
 #We need to wait for the OPNsense build proccess to finish, this takes a few minutes
 sleep 1000