Remove low-install-count CT scripts and installers.

Clean up rarely used container scripts and matching install wrappers to reduce maintenance overhead. Made-with: Cursor
2026-04-12 04:55:04 +02:00 · 2026-04-07 14:04:39 +02:00
35 changed files with 289 additions and 1036 deletions
--- a/.github/changelogs/2026/04.md
+++ b/.github/changelogs/2026/04.md
@@ -1,132 +1,3 @@
 ## 2026-04-11
 ### 🚀 Updated Scripts
  - #### 🐞 Bug Fixes
    - Immich: Ensure newline before appending IMMICH_HELMET_FILE to .env [@MickLesk](https://github.com/MickLesk) ([#13667](https://github.com/community-scripts/ProxmoxVE/pull/13667))
  - #### ✨ New Features
    - BentoPDF: replace http-server with nginx to fix WASM initialization timeout [@MickLesk](https://github.com/MickLesk) ([#13625](https://github.com/community-scripts/ProxmoxVE/pull/13625))
    - Element Synapse: Add MatrixRTC configuration for Element Call support [@MickLesk](https://github.com/MickLesk) ([#13665](https://github.com/community-scripts/ProxmoxVE/pull/13665))
    - RomM: Use ROMM_BASE_PATH from .env for symlinks and nginx config [@MickLesk](https://github.com/MickLesk) ([#13666](https://github.com/community-scripts/ProxmoxVE/pull/13666))
    - Immich: Pin version to 2.7.4 [@vhsdream](https://github.com/vhsdream) ([#13661](https://github.com/community-scripts/ProxmoxVE/pull/13661))
  - #### 🔧 Refactor
    - Crafty Controller: Wait for credentials file instead of fixed sleep [@MickLesk](https://github.com/MickLesk) ([#13670](https://github.com/community-scripts/ProxmoxVE/pull/13670))
    - Refactor: Alpine-Wakapi [@tremor021](https://github.com/tremor021) ([#13656](https://github.com/community-scripts/ProxmoxVE/pull/13656))
 ## 2026-04-10
 ### 🚀 Updated Scripts
  - #### 🐞 Bug Fixes
    - fix: ensure trailing newline in redis.conf before appending bind directive [@Copilot](https://github.com/Copilot) ([#13647](https://github.com/community-scripts/ProxmoxVE/pull/13647))
  - #### ✨ New Features
    - Immich: Pin version to 2.7.3 [@vhsdream](https://github.com/vhsdream) ([#13631](https://github.com/community-scripts/ProxmoxVE/pull/13631))
    - Homarr: bind Redis to localhost only [@MickLesk](https://github.com/MickLesk) ([#13552](https://github.com/community-scripts/ProxmoxVE/pull/13552))
 ### 💾 Core
  - #### 🐞 Bug Fixes
    - tools.func: prevent script crash when entering GitHub token after rate limit [@MickLesk](https://github.com/MickLesk) ([#13638](https://github.com/community-scripts/ProxmoxVE/pull/13638))
 ### 🧰 Tools
  - #### 🔧 Refactor
    - addons: Filebrowser & Filebrowser-Quantum get warning if host install [@MickLesk](https://github.com/MickLesk) ([#13639](https://github.com/community-scripts/ProxmoxVE/pull/13639))
 ## 2026-04-09
 ### 🚀 Updated Scripts
  - #### 🐞 Bug Fixes
    - boostack: add: git [@CrazyWolf13](https://github.com/CrazyWolf13) ([#13620](https://github.com/community-scripts/ProxmoxVE/pull/13620))
  - #### ✨ New Features
    - Update OPNsense version from 25.7 to 26.1 [@tdn131](https://github.com/tdn131) ([#13626](https://github.com/community-scripts/ProxmoxVE/pull/13626))
    - CheckMK: Bump Default OS to 13 (trixie) + dynamic codename + fix RELEASE-Tag Fetching [@MickLesk](https://github.com/MickLesk) ([#13610](https://github.com/community-scripts/ProxmoxVE/pull/13610))
 ## 2026-04-08
 ### 🆕 New Scripts
  - IronClaw | Alpine-IronClaw ([#13591](https://github.com/community-scripts/ProxmoxVE/pull/13591))
 ### 🚀 Updated Scripts
  - #### 🐞 Bug Fixes
    - immich: disable upgrade-insecure-requests CSP directive [@MickLesk](https://github.com/MickLesk) ([#13600](https://github.com/community-scripts/ProxmoxVE/pull/13600))
    - Immich: v2.7.2 [@vhsdream](https://github.com/vhsdream) ([#13579](https://github.com/community-scripts/ProxmoxVE/pull/13579))
    - Update flaresolverr-install.sh [@maztheman](https://github.com/maztheman) ([#13584](https://github.com/community-scripts/ProxmoxVE/pull/13584))
  - #### ✨ New Features
    - bambuddy: add mkdir before data restore & add ffmpeg dependency [@MickLesk](https://github.com/MickLesk) ([#13601](https://github.com/community-scripts/ProxmoxVE/pull/13601))
  - #### 🔧 Refactor
    - feat: update UHF Server script to use setup_ffmpeg [@zackwithak13](https://github.com/zackwithak13) ([#13564](https://github.com/community-scripts/ProxmoxVE/pull/13564))
 ### 💾 Core
  - #### ✨ New Features
    - core: add script page badges to descriptions | change donate URL [@MickLesk](https://github.com/MickLesk) ([#13596](https://github.com/community-scripts/ProxmoxVE/pull/13596))
 ## 2026-04-07
 ### 🗑️ Deleted Scripts
  - Remove low-install-count CT scripts and installers [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#13570](https://github.com/community-scripts/ProxmoxVE/pull/13570))
 ### 💾 Core
  - #### ✨ New Features
    - core: improve resilience for top Proxmox error codes (209, 215, 118, 206) [@MickLesk](https://github.com/MickLesk) ([#13575](https://github.com/community-scripts/ProxmoxVE/pull/13575))
 ## 2026-04-06
 ### 🆕 New Scripts
  - OpenThread Border Router ([#13536](https://github.com/community-scripts/ProxmoxVE/pull/13536))
 - Homelable ([#13539](https://github.com/community-scripts/ProxmoxVE/pull/13539))
 ### 🚀 Updated Scripts
  - #### 🐞 Bug Fixes
    - Papra: check env before copy [@MickLesk](https://github.com/MickLesk) ([#13553](https://github.com/community-scripts/ProxmoxVE/pull/13553))
    - changedetection: fix: typing_extensions error [@CrazyWolf13](https://github.com/CrazyWolf13) ([#13548](https://github.com/community-scripts/ProxmoxVE/pull/13548))
    - kasm: fix: fetch latest version [@CrazyWolf13](https://github.com/CrazyWolf13) ([#13547](https://github.com/community-scripts/ProxmoxVE/pull/13547))
 ## 2026-04-05
 ### 🚀 Updated Scripts
  - #### 🐞 Bug Fixes
    - Grist: remove install:ee step (private repo, not needed for grist-core) [@MickLesk](https://github.com/MickLesk) ([#13526](https://github.com/community-scripts/ProxmoxVE/pull/13526))
    - Nginx Proxy Manager: ensure /tmp/nginx/body exists via openresty service  [@MickLesk](https://github.com/MickLesk) ([#13528](https://github.com/community-scripts/ProxmoxVE/pull/13528))
    - MotionEye: run as root to enable SMB share support [@MickLesk](https://github.com/MickLesk) ([#13527](https://github.com/community-scripts/ProxmoxVE/pull/13527))
 ### 💾 Core
  - #### 🔧 Refactor
    - core: silent() function - use return instead of exit to allow || true error handling [@MickLesk](https://github.com/MickLesk) ([#13529](https://github.com/community-scripts/ProxmoxVE/pull/13529))
 ## 2026-04-04
 ### 🧰 Tools
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -35,9 +35,6 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
@@ -51,7 +48,7 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 <details>
-<summary><h4>April (11 entries)</h4></summary>
+<summary><h4>April (4 entries)</h4></summary>
 [View April 2026 Changelog](.github/changelogs/2026/04.md)
@@ -442,106 +439,6 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 </details>
 ## 2026-04-12
 ## 2026-04-11
 ### 🚀 Updated Scripts
  - #### 🐞 Bug Fixes
    - Immich: Ensure newline before appending IMMICH_HELMET_FILE to .env [@MickLesk](https://github.com/MickLesk) ([#13667](https://github.com/community-scripts/ProxmoxVE/pull/13667))
  - #### ✨ New Features
    - BentoPDF: replace http-server with nginx to fix WASM initialization timeout [@MickLesk](https://github.com/MickLesk) ([#13625](https://github.com/community-scripts/ProxmoxVE/pull/13625))
    - Element Synapse: Add MatrixRTC configuration for Element Call support [@MickLesk](https://github.com/MickLesk) ([#13665](https://github.com/community-scripts/ProxmoxVE/pull/13665))
    - RomM: Use ROMM_BASE_PATH from .env for symlinks and nginx config [@MickLesk](https://github.com/MickLesk) ([#13666](https://github.com/community-scripts/ProxmoxVE/pull/13666))
    - Immich: Pin version to 2.7.4 [@vhsdream](https://github.com/vhsdream) ([#13661](https://github.com/community-scripts/ProxmoxVE/pull/13661))
  - #### 🔧 Refactor
    - Crafty Controller: Wait for credentials file instead of fixed sleep [@MickLesk](https://github.com/MickLesk) ([#13670](https://github.com/community-scripts/ProxmoxVE/pull/13670))
    - Refactor: Alpine-Wakapi [@tremor021](https://github.com/tremor021) ([#13656](https://github.com/community-scripts/ProxmoxVE/pull/13656))
 ## 2026-04-10
 ### 🚀 Updated Scripts
  - #### 🐞 Bug Fixes
    - fix: ensure trailing newline in redis.conf before appending bind directive [@Copilot](https://github.com/Copilot) ([#13647](https://github.com/community-scripts/ProxmoxVE/pull/13647))
  - #### ✨ New Features
    - Immich: Pin version to 2.7.3 [@vhsdream](https://github.com/vhsdream) ([#13631](https://github.com/community-scripts/ProxmoxVE/pull/13631))
    - Homarr: bind Redis to localhost only [@MickLesk](https://github.com/MickLesk) ([#13552](https://github.com/community-scripts/ProxmoxVE/pull/13552))
 ### 💾 Core
  - #### 🐞 Bug Fixes
    - tools.func: prevent script crash when entering GitHub token after rate limit [@MickLesk](https://github.com/MickLesk) ([#13638](https://github.com/community-scripts/ProxmoxVE/pull/13638))
 ### 🧰 Tools
  - #### 🔧 Refactor
    - addons: Filebrowser & Filebrowser-Quantum get warning if host install [@MickLesk](https://github.com/MickLesk) ([#13639](https://github.com/community-scripts/ProxmoxVE/pull/13639))
 ## 2026-04-09
 ### 🚀 Updated Scripts
  - #### 🐞 Bug Fixes
    - boostack: add: git [@CrazyWolf13](https://github.com/CrazyWolf13) ([#13620](https://github.com/community-scripts/ProxmoxVE/pull/13620))
  - #### ✨ New Features
    - Update OPNsense version from 25.7 to 26.1 [@tdn131](https://github.com/tdn131) ([#13626](https://github.com/community-scripts/ProxmoxVE/pull/13626))
    - CheckMK: Bump Default OS to 13 (trixie) + dynamic codename + fix RELEASE-Tag Fetching [@MickLesk](https://github.com/MickLesk) ([#13610](https://github.com/community-scripts/ProxmoxVE/pull/13610))
 ## 2026-04-08
 ### 🆕 New Scripts
  - IronClaw | Alpine-IronClaw ([#13591](https://github.com/community-scripts/ProxmoxVE/pull/13591))
 ### 🚀 Updated Scripts
  - #### 🐞 Bug Fixes
    - immich: disable upgrade-insecure-requests CSP directive [@MickLesk](https://github.com/MickLesk) ([#13600](https://github.com/community-scripts/ProxmoxVE/pull/13600))
    - Immich: v2.7.2 [@vhsdream](https://github.com/vhsdream) ([#13579](https://github.com/community-scripts/ProxmoxVE/pull/13579))
    - Update flaresolverr-install.sh [@maztheman](https://github.com/maztheman) ([#13584](https://github.com/community-scripts/ProxmoxVE/pull/13584))
  - #### ✨ New Features
    - bambuddy: add mkdir before data restore & add ffmpeg dependency [@MickLesk](https://github.com/MickLesk) ([#13601](https://github.com/community-scripts/ProxmoxVE/pull/13601))
  - #### 🔧 Refactor
    - feat: update UHF Server script to use setup_ffmpeg [@zackwithak13](https://github.com/zackwithak13) ([#13564](https://github.com/community-scripts/ProxmoxVE/pull/13564))
 ### 💾 Core
  - #### ✨ New Features
    - core: add script page badges to descriptions | change donate URL [@MickLesk](https://github.com/MickLesk) ([#13596](https://github.com/community-scripts/ProxmoxVE/pull/13596))
 ## 2026-04-07
 ### 🗑️ Deleted Scripts
  - Remove low-install-count CT scripts and installers [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#13570](https://github.com/community-scripts/ProxmoxVE/pull/13570))
 ### 💾 Core
  - #### ✨ New Features
    - core: improve resilience for top Proxmox error codes (209, 215, 118, 206) [@MickLesk](https://github.com/MickLesk) ([#13575](https://github.com/community-scripts/ProxmoxVE/pull/13575))
 ## 2026-04-06
 ### 🆕 New Scripts
@@ -1045,4 +942,173 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 ### 📚 Documentation
-  - Update: Docs/website metadata workflow [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#12858](https://github.com/community-scripts/ProxmoxVE/pull/12858))
+  - Update: Docs/website metadata workflow [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#12858](https://github.com/community-scripts/ProxmoxVE/pull/12858))
 ## 2026-03-12
 ### 🚀 Updated Scripts
  - #### 🐞 Bug Fixes
    - manyfold: fix incorrect port in upstream requests by forwarding original host [@anlopo](https://github.com/anlopo) ([#12812](https://github.com/community-scripts/ProxmoxVE/pull/12812))
    - SparkyFitness: install pnpm dependencies from workspace root [@MickLesk](https://github.com/MickLesk) ([#12792](https://github.com/community-scripts/ProxmoxVE/pull/12792))
    - n8n: add build-essential to update dependencies [@MickLesk](https://github.com/MickLesk) ([#12795](https://github.com/community-scripts/ProxmoxVE/pull/12795))
    - Frigate openvino labelmap patch [@semtex1987](https://github.com/semtex1987) ([#12751](https://github.com/community-scripts/ProxmoxVE/pull/12751))
  - #### 🔧 Refactor
    - Pin Patchmon to 1.4.2 [@vhsdream](https://github.com/vhsdream) ([#12789](https://github.com/community-scripts/ProxmoxVE/pull/12789))
 ### 💾 Core
  - #### 🐞 Bug Fixes
    - tools.func: correct PATH escaping in ROCm profile script [@MickLesk](https://github.com/MickLesk) ([#12793](https://github.com/community-scripts/ProxmoxVE/pull/12793))
  - #### ✨ New Features
    - core: add mode=generated for unattended frontend installs [@MickLesk](https://github.com/MickLesk) ([#12807](https://github.com/community-scripts/ProxmoxVE/pull/12807))
    - core: validate storage availability when loading defaults [@MickLesk](https://github.com/MickLesk) ([#12794](https://github.com/community-scripts/ProxmoxVE/pull/12794))
  - #### 🔧 Refactor
    - tools.func: support older NVIDIA driver versions with 2 segments (xxx.xxx) [@MickLesk](https://github.com/MickLesk) ([#12796](https://github.com/community-scripts/ProxmoxVE/pull/12796))
 ### 🧰 Tools
  - #### 🐞 Bug Fixes
    - Fix PBS microcode naming [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#12834](https://github.com/community-scripts/ProxmoxVE/pull/12834))
 ### 📂 Github
  - Cleanup: remove old workflow files [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#12818](https://github.com/community-scripts/ProxmoxVE/pull/12818))
 - Cleanup: remove frontend, move JSONs to json/ top-level [@MickLesk](https://github.com/MickLesk) ([#12813](https://github.com/community-scripts/ProxmoxVE/pull/12813))
 ### ❔ Uncategorized
  - Remove json files [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#12830](https://github.com/community-scripts/ProxmoxVE/pull/12830))
 ## 2026-03-11
 ### 🚀 Updated Scripts
  - #### 🐞 Bug Fixes
    - fix: Init telemetry in addon scripts [@MickLesk](https://github.com/MickLesk) ([#12777](https://github.com/community-scripts/ProxmoxVE/pull/12777))
    - Tracearr:  Increase default disk variable from 5 to 10 [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#12762](https://github.com/community-scripts/ProxmoxVE/pull/12762))
    - Fix Wireguard Dashboard update [@odin568](https://github.com/odin568) ([#12767](https://github.com/community-scripts/ProxmoxVE/pull/12767))
 ### 🧰 Tools
  - #### ✨ New Features
    - Coder-Code-Server: Check if config file exists [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#12758](https://github.com/community-scripts/ProxmoxVE/pull/12758))
 ## 2026-03-10
 ### 🚀 Updated Scripts
  - #### 🐞 Bug Fixes
    - [Fix] Immich: Pin libvips to 8.17.3 [@vhsdream](https://github.com/vhsdream) ([#12744](https://github.com/community-scripts/ProxmoxVE/pull/12744))
 ## 2026-03-09
 ### 🚀 Updated Scripts
  - Pin Opencloud to 5.2.0 [@vhsdream](https://github.com/vhsdream) ([#12721](https://github.com/community-scripts/ProxmoxVE/pull/12721))
  - #### 🐞 Bug Fixes
    - [Hotfix] qBittorrent: Disable UPnP port forwarding by default [@vhsdream](https://github.com/vhsdream) ([#12728](https://github.com/community-scripts/ProxmoxVE/pull/12728))
    - [Quickfix] Opencloud: ensure correct case for binary [@vhsdream](https://github.com/vhsdream) ([#12729](https://github.com/community-scripts/ProxmoxVE/pull/12729))
    - Omada: Bump libssl [@MickLesk](https://github.com/MickLesk) ([#12724](https://github.com/community-scripts/ProxmoxVE/pull/12724))
    - openwebui: Ensure required dependencies [@MickLesk](https://github.com/MickLesk) ([#12717](https://github.com/community-scripts/ProxmoxVE/pull/12717))
    - Frigate: try an OpenVino model build fallback [@MickLesk](https://github.com/MickLesk) ([#12704](https://github.com/community-scripts/ProxmoxVE/pull/12704))
    - Change cronjob setup to use www-data user [@opastorello](https://github.com/opastorello) ([#12695](https://github.com/community-scripts/ProxmoxVE/pull/12695))
    - RustDesk Server: Fix check_for_gh_release function call [@tremor021](https://github.com/tremor021) ([#12694](https://github.com/community-scripts/ProxmoxVE/pull/12694))
  - #### ✨ New Features
    - feat: improve zigbee2mqtt backup handler [@MickLesk](https://github.com/MickLesk) ([#12714](https://github.com/community-scripts/ProxmoxVE/pull/12714))
  - #### 💥 Breaking Changes
    - Reactive Resume: rewrite for v5 using original repo amruthpilla/reactive-resume [@MickLesk](https://github.com/MickLesk) ([#12705](https://github.com/community-scripts/ProxmoxVE/pull/12705))
 ### 💾 Core
  - #### ✨ New Features
    - tools: add Alpine (apk) support to ensure_dependencies and is_package_installed [@MickLesk](https://github.com/MickLesk) ([#12703](https://github.com/community-scripts/ProxmoxVE/pull/12703))
    - tools.func: extend hwaccel with ROCm  [@MickLesk](https://github.com/MickLesk) ([#12707](https://github.com/community-scripts/ProxmoxVE/pull/12707))
 ### 🌐 Website
  - #### ✨ New Features
    - feat: add CopycatWarningToast component for user warnings [@BramSuurdje](https://github.com/BramSuurdje) ([#12733](https://github.com/community-scripts/ProxmoxVE/pull/12733))
 ## 2026-03-08
 ### 🚀 Updated Scripts
  - #### 🐞 Bug Fixes
    - [Fix] Immich: chown install dir before machine-learning update [@vhsdream](https://github.com/vhsdream) ([#12684](https://github.com/community-scripts/ProxmoxVE/pull/12684))
    - [Fix] Scanopy: Build generate-fixtures [@vhsdream](https://github.com/vhsdream) ([#12686](https://github.com/community-scripts/ProxmoxVE/pull/12686))
    - fix: rustdeskserver: use correct repo string [@CrazyWolf13](https://github.com/CrazyWolf13) ([#12682](https://github.com/community-scripts/ProxmoxVE/pull/12682))
    - NZBGet: Fixes for RAR5 handling [@tremor021](https://github.com/tremor021) ([#12675](https://github.com/community-scripts/ProxmoxVE/pull/12675))
 ### 🌐 Website
  - #### 🐞 Bug Fixes
    - LXC-Execute: Fix slug [@tremor021](https://github.com/tremor021) ([#12681](https://github.com/community-scripts/ProxmoxVE/pull/12681))
 ## 2026-03-07
 ### 🆕 New Scripts
  - ImmichFrame ([#12653](https://github.com/community-scripts/ProxmoxVE/pull/12653))
 ### 🚀 Updated Scripts
  - #### 🐞 Bug Fixes
    - Grocy: bump PHP version from 8.3 to 8.5 [@MickLesk](https://github.com/MickLesk) ([#12651](https://github.com/community-scripts/ProxmoxVE/pull/12651))
    - Check for influxdb3 installation in update_script [@odin568](https://github.com/odin568) ([#12648](https://github.com/community-scripts/ProxmoxVE/pull/12648))
    - Update Rdtclient to dotnet 10.0 [@asylumexp](https://github.com/asylumexp) ([#12638](https://github.com/community-scripts/ProxmoxVE/pull/12638))
    - fix(immich): fix update script failing to add Debian testing repo when preferences file already exists [@Copilot](https://github.com/Copilot) ([#12631](https://github.com/community-scripts/ProxmoxVE/pull/12631))
 ### 💾 Core
  - #### ✨ New Features
    - tools: add interactive GitHub PAT prompt on rate limit / auth failure [@MickLesk](https://github.com/MickLesk) ([#12652](https://github.com/community-scripts/ProxmoxVE/pull/12652))
 ### 🌐 Website
  - #### 📝 Script Information
    - Papra: update repository URL to papra-hq/papra [@MickLesk](https://github.com/MickLesk) ([#12650](https://github.com/community-scripts/ProxmoxVE/pull/12650))
 ## 2026-03-06
 ### 🚀 Updated Scripts
  - #### 🐞 Bug Fixes
    - RustDesk Server: Fix update script [@tremor021](https://github.com/tremor021) ([#12625](https://github.com/community-scripts/ProxmoxVE/pull/12625))
    - [Node-RED] Restart service after update [@Aurelien30000](https://github.com/Aurelien30000) ([#12621](https://github.com/community-scripts/ProxmoxVE/pull/12621))
    - wealthfolio: update cors [@CrazyWolf13](https://github.com/CrazyWolf13) ([#12617](https://github.com/community-scripts/ProxmoxVE/pull/12617))
    - CryptPad: Better update handling [@tremor021](https://github.com/tremor021) ([#12611](https://github.com/community-scripts/ProxmoxVE/pull/12611))
  - #### ✨ New Features
    - RustDesk Server: Switch to updated repository [@tremor021](https://github.com/tremor021) ([#12083](https://github.com/community-scripts/ProxmoxVE/pull/12083))
  - #### 💥 Breaking Changes
    - Semaphore: Move from BoltDB to SQLite [@tremor021](https://github.com/tremor021) ([#12624](https://github.com/community-scripts/ProxmoxVE/pull/12624))
--- a/ct/alpine-ironclaw.sh
+++ b/ct/alpine-ironclaw.sh
@@ -1,71 +0,0 @@
 #!/usr/bin/env bash
 source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: MickLesk (CanbiZ)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://github.com/nearai/ironclaw
 APP="Alpine-IronClaw"
 var_tags="${var_tags:-ai;agent;alpine}"
 var_cpu="${var_cpu:-1}"
 var_ram="${var_ram:-1024}"
 var_disk="${var_disk:-8}"
 var_os="${var_os:-alpine}"
 var_version="${var_version:-3.23}"
 var_unprivileged="${var_unprivileged:-1}"
 header_info "$APP"
 variables
 color
 catch_errors
 function update_script() {
  header_info
  check_container_storage
  check_container_resources
  if [[ ! -f /usr/local/bin/ironclaw ]]; then
    msg_error "No ${APP} Installation Found!"
    exit
  fi
  if check_for_gh_release "ironclaw-bin" "nearai/ironclaw"; then
    msg_info "Stopping Service"
    rc-service ironclaw stop 2>/dev/null || true
    msg_ok "Stopped Service"
    msg_info "Backing up Configuration"
    cp /root/.ironclaw/.env /root/ironclaw.env.bak
    msg_ok "Backed up Configuration"
    fetch_and_deploy_gh_release "ironclaw-bin" "nearai/ironclaw" "prebuild" "latest" "/usr/local/bin" \
      "ironclaw-$(uname -m)-unknown-linux-musl.tar.gz"
    chmod +x /usr/local/bin/ironclaw
    msg_info "Restoring Configuration"
    cp /root/ironclaw.env.bak /root/.ironclaw/.env
    rm -f /root/ironclaw.env.bak
    msg_ok "Restored Configuration"
    msg_info "Starting Service"
    rc-service ironclaw start
    msg_ok "Started Service"
    msg_ok "Updated successfully!"
  fi
  exit
 }
 start
 build_container
 description
 msg_ok "Completed Successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Complete setup by running:${CL}"
 echo -e "${TAB}${BGN}ironclaw onboard${CL}"
 echo -e "${INFO}${YW} Then start the service:${CL}"
 echo -e "${TAB}${BGN}rc-service ironclaw start${CL}"
 echo -e "${INFO}${YW} Access the Web UI at:${CL}"
 echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"
 echo -e "${INFO}${YW} Auth token and database credentials:${CL}"
 echo -e "${TAB}${BGN}cat /root/.ironclaw/.env${CL}"
--- a/ct/alpine-wakapi.sh
+++ b/ct/alpine-wakapi.sh
@@ -44,10 +44,12 @@ function update_script() {
    cp /opt/wakapi/config.yml /opt/wakapi/wakapi_db.db /opt/wakapi-backup/
    msg_ok "Created backup"
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "wakapi" "muety/wakapi" "prebuild" "latest" "/opt/wakapi" "wakapi_linux_amd64.zip"
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "wakapi" "muety/wakapi" "tarball"
    msg_info "Configuring Wakapi"
    cd /opt/wakapi
    $STD go mod download
    $STD go build -o wakapi
    cp /opt/wakapi-backup/config.yml /opt/wakapi/
    cp /opt/wakapi-backup/wakapi_db.db /opt/wakapi/
    rm -rf /opt/wakapi-backup
--- a/ct/bambuddy.sh
+++ b/ct/bambuddy.sh
@@ -29,8 +29,6 @@ function update_script() {
    exit
  fi
  ensure_dependencies ffmpeg
  if check_for_gh_release "bambuddy" "maziggy/bambuddy"; then
    msg_info "Stopping Service"
    systemctl stop bambuddy
@@ -56,7 +54,6 @@ function update_script() {
    msg_ok "Rebuilt Frontend"
    msg_info "Restoring Configuration and Data"
    mkdir -p /opt/bambuddy/data
    cp /opt/bambuddy.env.bak /opt/bambuddy/.env
    cp -r /opt/bambuddy_data_bak/. /opt/bambuddy/data/
    rm -f /opt/bambuddy.env.bak
--- a/ct/bentopdf.sh
+++ b/ct/bentopdf.sh
@@ -42,6 +42,7 @@ function update_script() {
    msg_info "Updating BentoPDF"
    cd /opt/bentopdf
    $STD npm ci --no-audit --no-fund
    $STD npm install http-server -g
    if [[ -f /opt/production.env ]]; then
      mv /opt/production.env ./.env.production
    else
@@ -51,97 +52,15 @@ function update_script() {
    export SIMPLE_MODE=true
    export VITE_USE_CDN=true
    $STD npm run build:all
    if [[ ! -f /opt/bentopdf/dist/config.json ]]; then
      cat <<'EOF' >/opt/bentopdf/dist/config.json
 {}
 EOF
    fi
    msg_ok "Updated BentoPDF"
    msg_info "Starting Service"
-    ensure_dependencies nginx openssl
+    if grep -q '8080' /etc/systemd/system/bentopdf.service; then
-    if [[ ! -f /etc/ssl/private/bentopdf-selfsigned.key || ! -f /etc/ssl/certs/bentopdf-selfsigned.crt ]]; then
+      sed -i -e 's|/bentopdf|/bentopdf/dist|' \
-      CERT_CN="$(hostname -I | awk '{print $1}')"
+        -e 's|npx.*|npx http-server -g -b -d false -r --no-dotfiles|' \
-      $STD openssl req -x509 -nodes -newkey rsa:2048 -days 3650 \
+        /etc/systemd/system/bentopdf.service
-      -keyout /etc/ssl/private/bentopdf-selfsigned.key \
+      systemctl daemon-reload
      -out /etc/ssl/certs/bentopdf-selfsigned.crt \
      -subj "/CN=${CERT_CN}"
    fi
    cat <<'EOF' >/etc/nginx/sites-available/bentopdf
 server {
    listen 8080;
    server_name _;
    return 301 https://$host:8443$request_uri;
  }
  server {
    listen 8443 ssl;
    server_name _;
    ssl_certificate /etc/ssl/certs/bentopdf-selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/bentopdf-selfsigned.key;
    root /opt/bentopdf/dist;
    index index.html;
    # Required for LibreOffice WASM (Word/Excel/PowerPoint to PDF via SharedArrayBuffer)
    add_header Cross-Origin-Opener-Policy "same-origin" always;
    add_header Cross-Origin-Embedder-Policy "require-corp" always;
    add_header Cross-Origin-Resource-Policy "cross-origin" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    gzip_static on;
    location ~* /libreoffice-wasm/soffice\.wasm\.gz$ {
      gzip off;
      types {} default_type application/wasm;
      add_header Content-Encoding gzip;
      add_header Vary "Accept-Encoding";
      add_header Cache-Control "public, immutable";
    }
    location ~* /libreoffice-wasm/soffice\.data\.gz$ {
      gzip off;
      types {} default_type application/octet-stream;
      add_header Content-Encoding gzip;
      add_header Vary "Accept-Encoding";
      add_header Cache-Control "public, immutable";
    }
    location ~* \.wasm$ {
      types {} default_type application/wasm;
      expires 1y;
      add_header Cache-Control "public, immutable";
    }
    location ~* \.(wasm\.gz|data\.gz|data)$ {
      expires 1y;
      add_header Cache-Control "public, immutable";
    }
    location / {
        try_files $uri $uri/ $uri.html =404;
    }
    error_page 404 /404.html;
 }
 EOF
    rm -f /etc/nginx/sites-enabled/default
    ln -sf /etc/nginx/sites-available/bentopdf /etc/nginx/sites-enabled/bentopdf
    cat <<'EOF' >/etc/systemd/system/bentopdf.service
 [Unit]
 Description=BentoPDF Service
 After=network.target
 [Service]
 Type=simple
 ExecStart=/usr/sbin/nginx -g "daemon off;"
 ExecReload=/bin/kill -HUP $MAINPID
 Restart=always
 [Install]
 WantedBy=multi-user.target
 EOF
    systemctl daemon-reload
    systemctl start bentopdf
    msg_ok "Started Service"
    msg_ok "Updated successfully!"
@@ -156,4 +75,4 @@ description
 msg_ok "Completed successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}https://${IP}:8443${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080${CL}"
--- a/ct/bookstack.sh
+++ b/ct/bookstack.sh
@@ -29,7 +29,6 @@ function update_script() {
    exit
  fi
  setup_mariadb
  ensure_dependencies git
  if check_for_gh_release "bookstack" "BookStackApp/BookStack"; then
    msg_info "Stopping Apache2"
    systemctl stop apache2
--- a/ct/checkmk.sh
+++ b/ct/checkmk.sh
@@ -11,7 +11,7 @@ var_cpu="${var_cpu:-2}"
 var_ram="${var_ram:-2048}"
 var_disk="${var_disk:-6}"
 var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
+var_version="${var_version:-12}"
 var_unprivileged="${var_unprivileged:-1}"
 header_info "$APP"
@@ -29,11 +29,10 @@ function update_script() {
  fi
  RELEASE=$(curl -fsSL https://api.github.com/repos/checkmk/checkmk/tags | grep "name" | awk '{print substr($2, 3, length($2)-4) }' | tr ' ' '\n' | grep -Ev 'rc|b' | sort -V | tail -n 1)
  RELEASE="${RELEASE%%+*}"
  msg_info "Updating ${APP} to v${RELEASE}"
  $STD omd stop monitoring
  $STD omd cp monitoring monitoringbackup
-  curl -fsSL "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-raw-${RELEASE}_0.$(get_os_info codename)_amd64.deb" -o "/opt/checkmk.deb"
+  curl -fsSL "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-raw-${RELEASE}_0.bookworm_amd64.deb" -o "/opt/checkmk.deb"
  $STD apt-get install -y /opt/checkmk.deb
  $STD omd --force -V ${RELEASE}.cre update --conflict=install monitoring
  $STD omd start monitoring
--- a/ct/headers/alpine-ironclaw
+++ b/ct/headers/alpine-ironclaw
@@ -1,6 +0,0 @@
    ___    __      _                  ____                 ________              
   /   |  / /___  (_)___  ___        /  _/________  ____  / ____/ /___ __      __
  / /| | / / __ \/ / __ \/ _ \______ / // ___/ __ \/ __ \/ /   / / __ `/ | /| / /
 / ___ |/ / /_/ / / / / /  __/_____// // /  / /_/ / / / / /___/ / /_/ /| |/ |/ / 
 /_/  |_/_/ .___/_/_/ /_/\___/     /___/_/   \____/_/ /_/\____/_/\__,_/ |__/|__/  
        /_/                                                                      
--- a/ct/headers/ironclaw
+++ b/ct/headers/ironclaw
@@ -1,6 +0,0 @@
    ____                 ________              
   /  _/________  ____  / ____/ /___ __      __
   / // ___/ __ \/ __ \/ /   / / __ `/ | /| / /
 _/ // /  / /_/ / / / / /___/ / /_/ /| |/ |/ / 
 /___/_/   \____/_/ /_/\____/_/\__,_/ |__/|__/  
--- a/ct/homarr.sh
+++ b/ct/homarr.sh
@@ -65,8 +65,6 @@ EOF
    msg_info "Updating Homarr"
    cp /opt/homarr/redis.conf /etc/redis/redis.conf
    sed -i -e '$a\' /etc/redis/redis.conf
    grep -q '^bind 127.0.0.1 -::1$' /etc/redis/redis.conf || echo "bind 127.0.0.1 -::1" >> /etc/redis/redis.conf
    rm /etc/nginx/nginx.conf
    cp /opt/homarr/nginx.conf /etc/nginx/templates/nginx.conf
    msg_ok "Updated Homarr"
--- a/ct/immich.sh
+++ b/ct/immich.sh
@@ -109,7 +109,7 @@ EOF
    msg_ok "Image-processing libraries up to date"
  fi
-  RELEASE="v2.7.4"
+  RELEASE="v2.6.3"
  if check_for_gh_release "Immich" "immich-app/immich" "${RELEASE}" "each release is tested individually before the version is updated. Please do not open issues for this"; then
    if [[ $(cat ~/.immich) > "2.5.1" ]]; then
      msg_info "Enabling Maintenance Mode"
@@ -181,12 +181,6 @@ EOF
    unset SHARP_IGNORE_GLOBAL_LIBVIPS
    export SHARP_FORCE_GLOBAL_LIBVIPS=true
    $STD pnpm --filter immich --frozen-lockfile --prod --no-optional deploy "$APP_DIR"
    # Patch helmet.json: disable upgrade-insecure-requests for HTTP access
    if [[ -f "$APP_DIR/helmet.json" ]]; then
      jq '.contentSecurityPolicy.directives["upgrade-insecure-requests"] = null' "$APP_DIR/helmet.json" >"$APP_DIR/helmet.json.tmp" && mv "$APP_DIR/helmet.json.tmp" "$APP_DIR/helmet.json"
    fi
    cp "$APP_DIR"/package.json "$APP_DIR"/bin
    sed -i "s|^start|${APP_DIR}/bin/start|" "$APP_DIR"/bin/immich-admin
@@ -275,10 +269,6 @@ EOF
    if ! grep -q '^DB_HOSTNAME=' "$INSTALL_DIR"/.env; then
      sed -i '/^DB_DATABASE_NAME/a DB_HOSTNAME=127.0.0.1' "$INSTALL_DIR"/.env
    fi
    if ! grep -q 'HELMET_FILE' "$INSTALL_DIR"/.env; then
      sed -i -e '$a\' "$INSTALL_DIR"/.env
      echo "IMMICH_HELMET_FILE=true" >>"$INSTALL_DIR"/.env
    fi
    if grep -q 'ExecStart=/usr/bin/node' /etc/systemd/system/immich-web.service; then
      sed -i '/^EnvironmentFile=/d' /etc/systemd/system/immich-web.service
--- a/ct/ironclaw.sh
+++ b/ct/ironclaw.sh
@@ -1,71 +0,0 @@
 #!/usr/bin/env bash
 source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: MickLesk (CanbiZ)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://github.com/nearai/ironclaw
 APP="IronClaw"
 var_tags="${var_tags:-ai;agent;security}"
 var_cpu="${var_cpu:-2}"
 var_ram="${var_ram:-2048}"
 var_disk="${var_disk:-8}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"
 header_info "$APP"
 variables
 color
 catch_errors
 function update_script() {
  header_info
  check_container_storage
  check_container_resources
  if [[ ! -f /usr/local/bin/ironclaw ]]; then
    msg_error "No ${APP} Installation Found!"
    exit
  fi
  if check_for_gh_release "ironclaw-bin" "nearai/ironclaw"; then
    msg_info "Stopping Service"
    systemctl stop ironclaw
    msg_ok "Stopped Service"
    msg_info "Backing up Configuration"
    cp /root/.ironclaw/.env /root/ironclaw.env.bak
    msg_ok "Backed up Configuration"
    fetch_and_deploy_gh_release "ironclaw-bin" "nearai/ironclaw" "prebuild" "latest" "/usr/local/bin" \
      "ironclaw-$(uname -m)-unknown-linux-$([[ -f /etc/alpine-release ]] && echo "musl" || echo "gnu").tar.gz"
    chmod +x /usr/local/bin/ironclaw
    msg_info "Restoring Configuration"
    cp /root/ironclaw.env.bak /root/.ironclaw/.env
    rm -f /root/ironclaw.env.bak
    msg_ok "Restored Configuration"
    msg_info "Starting Service"
    systemctl start ironclaw
    msg_ok "Started Service"
    msg_ok "Updated successfully!"
  fi
  exit
 }
 start
 build_container
 description
 msg_ok "Completed Successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Complete setup by running:${CL}"
 echo -e "${TAB}${BGN}ironclaw onboard${CL}"
 echo -e "${INFO}${YW} Then start the service:${CL}"
 echo -e "${TAB}${BGN}systemctl start ironclaw${CL}"
 echo -e "${INFO}${YW} Access the Web UI at:${CL}"
 echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"
 echo -e "${INFO}${YW} Auth token and database credentials:${CL}"
 echo -e "${TAB}${BGN}cat /root/.ironclaw/.env${CL}"
--- a/ct/romm.sh
+++ b/ct/romm.sh
@@ -54,12 +54,8 @@ function update_script() {
    # Merge static assets into dist folder
    cp -rf /opt/romm/frontend/assets/* /opt/romm/frontend/dist/assets/
    mkdir -p /opt/romm/frontend/dist/assets/romm
-    ROMM_BASE=$(grep '^ROMM_BASE_PATH=' /opt/romm/.env | cut -d'=' -f2)
+    ln -sfn /var/lib/romm/resources /opt/romm/frontend/dist/assets/romm/resources
-    ROMM_BASE=${ROMM_BASE:-/var/lib/romm}
+    ln -sfn /var/lib/romm/assets /opt/romm/frontend/dist/assets/romm/assets
    ln -sfn "$ROMM_BASE"/resources /opt/romm/frontend/dist/assets/romm/resources
    ln -sfn "$ROMM_BASE"/assets /opt/romm/frontend/dist/assets/romm/assets
    sed -i "s|alias .*/library/;|alias ${ROMM_BASE}/library/;|" /etc/nginx/sites-available/romm
    systemctl reload nginx
    msg_ok "Updated ROMM"
    msg_info "Starting Services"
--- a/ct/uhf.sh
+++ b/ct/uhf.sh
@@ -38,14 +38,8 @@ function update_script() {
    $STD apt -y upgrade
    msg_ok "Updated LXC"
    msg_info "Updating UHF Server"
    if dpkg -l ffmpeg 2>&1 | grep -q "ii"; then
      apt remove ffmpeg -y && apt autoremove -y
    fi
    setup_ffmpeg
    fetch_and_deploy_gh_release "comskip" "swapplications/comskip" "prebuild" "latest" "/opt/comskip" "comskip-x64-*.zip"
    fetch_and_deploy_gh_release "uhf-server" "swapplications/uhf-server-dist" "prebuild" "latest" "/opt/uhf-server" "UHF.Server-linux-x64-*.zip"
    msg_ok "Updated UHF Server"
    msg_info "Starting Service"
    systemctl start uhf-server
--- a/install/alpine-ironclaw-install.sh
+++ b/install/alpine-ironclaw-install.sh
@@ -1,75 +0,0 @@
 #!/usr/bin/env bash
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: MickLesk (CanbiZ)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://github.com/nearai/ironclaw
 source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
 color
 verb_ip6
 catch_errors
 setting_up_container
 network_check
 update_os
 msg_info "Installing Dependencies"
 $STD apk add openssl
 msg_ok "Installed Dependencies"
 msg_info "Installing PostgreSQL"
 $STD apk add postgresql17 postgresql17-openrc postgresql-pgvector postgresql-common
 $STD rc-service postgresql setup
 $STD rc-update add postgresql default
 $STD rc-service postgresql start
 msg_ok "Installed PostgreSQL"
 msg_info "Setting up Database"
 PG_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)
 $STD su -s /bin/sh postgres -c "psql -c \"CREATE ROLE ironclaw WITH LOGIN PASSWORD '${PG_PASS}';\""
 $STD su -s /bin/sh postgres -c "psql -c \"CREATE DATABASE ironclaw WITH OWNER ironclaw;\""
 $STD su -s /bin/sh postgres -c "psql -d ironclaw -c \"CREATE EXTENSION IF NOT EXISTS vector;\""
 msg_ok "Set up Database"
 fetch_and_deploy_gh_release "ironclaw-bin" "nearai/ironclaw" "prebuild" "latest" "/usr/local/bin" \
  "ironclaw-$(uname -m)-unknown-linux-musl.tar.gz"
 chmod +x /usr/local/bin/ironclaw
 msg_info "Configuring IronClaw"
 mkdir -p /root/.ironclaw
 GATEWAY_TOKEN=$(openssl rand -hex 32)
 cat <<EOF >/root/.ironclaw/.env
 DATABASE_URL=postgresql://ironclaw:${PG_PASS}@localhost:5432/ironclaw?sslmode=disable
 GATEWAY_ENABLED=true
 GATEWAY_HOST=0.0.0.0
 GATEWAY_PORT=3000
 GATEWAY_AUTH_TOKEN=${GATEWAY_TOKEN}
 CLI_ENABLED=false
 AGENT_NAME=ironclaw
 RUST_LOG=ironclaw=info,tower_http=info
 EOF
 chmod 600 /root/.ironclaw/.env
 msg_ok "Configured IronClaw"
 msg_info "Creating Service"
 cat <<EOF >/etc/init.d/ironclaw
 #!/sbin/openrc-run
 name="IronClaw"
 description="IronClaw AI Agent"
 command="/usr/local/bin/ironclaw"
 command_background=true
 pidfile="/run/ironclaw.pid"
 directory="/root"
 supervise_daemon_args="--env-file /root/.ironclaw/.env"
 depend() {
  need net postgresql
 }
 EOF
 chmod +x /etc/init.d/ironclaw
 $STD rc-update add ironclaw default
 msg_ok "Created Service"
 motd_ssh
 customize
--- a/install/alpine-wakapi-install.sh
+++ b/install/alpine-wakapi-install.sh
@@ -18,13 +18,17 @@ $STD apk add --no-cache \
  ca-certificates \
  tzdata
 $STD update-ca-certificates
 $STD apk add --no-cache go --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community
 msg_ok "Installed Dependencies"
-fetch_and_deploy_gh_release "wakapi" "muety/wakapi" "prebuild" "latest" "/opt/wakapi" "wakapi_linux_amd64.zip"
+fetch_and_deploy_gh_release "wakapi" "muety/wakapi" "tarball"
 msg_info "Configuring Wakapi"
 LOCAL_IP=$(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1)
 cd /opt/wakapi
 $STD go mod download
 $STD go build -o wakapi
 cp config.default.yml config.yml
 sed -i 's/listen_ipv6: ::1/listen_ipv6: "-"/g' config.yml
 sed -i 's/listen_ipv4: 127.0.0.1/listen_ipv4: "0.0.0.0"/g' config.yml
 sed -i "s/public_url: http:\/\/localhost:3000/public_url: http:\/\/$LOCAL_IP:3000/g" config.yml
--- a/install/bambuddy-install.sh
+++ b/install/bambuddy-install.sh
@@ -14,7 +14,7 @@ network_check
 update_os
 msg_info "Installing Dependencies"
-$STD apt install -y libglib2.0-0 ffmpeg
+$STD apt install -y libglib2.0-0
 msg_ok "Installed Dependencies"
 PYTHON_VERSION="3.13" setup_uv
--- a/install/bentopdf-install.sh
+++ b/install/bentopdf-install.sh
@@ -13,105 +13,32 @@ setting_up_container
 network_check
 update_os
 msg_info "Installing Dependencies"
 $STD apt install -y \
  nginx \
  openssl
 msg_ok "Installed Dependencies"
 NODE_VERSION="24" setup_nodejs
 fetch_and_deploy_gh_release "bentopdf" "alam00000/bentopdf" "tarball" "latest" "/opt/bentopdf"
 msg_info "Setup BentoPDF"
 cd /opt/bentopdf
 $STD npm ci --no-audit --no-fund
 $STD npm install http-server -g
 cp ./.env.example ./.env.production
 export NODE_OPTIONS="--max-old-space-size=3072"
 export SIMPLE_MODE=true
 export VITE_USE_CDN=true
 $STD npm run build:all
 cat <<'EOF' >/opt/bentopdf/dist/config.json
 {}
 EOF
 msg_ok "Setup BentoPDF"
 msg_info "Creating Service"
-CERT_CN="$(hostname -I | awk '{print $1}')"
+cat <<EOF >/etc/systemd/system/bentopdf.service
 $STD openssl req -x509 -nodes -newkey rsa:2048 -days 3650 \
    -keyout /etc/ssl/private/bentopdf-selfsigned.key \
    -out /etc/ssl/certs/bentopdf-selfsigned.crt \
    -subj "/CN=${CERT_CN}"
 cat <<'EOF' >/etc/nginx/sites-available/bentopdf
 server {
    listen 8080;
    server_name _;
    return 301 https://$host:8443$request_uri;
 }
 server {
    listen 8443 ssl;
    server_name _;
    ssl_certificate /etc/ssl/certs/bentopdf-selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/bentopdf-selfsigned.key;
    root /opt/bentopdf/dist;
    index index.html;
    # Required for LibreOffice WASM (Word/Excel/PowerPoint to PDF via SharedArrayBuffer)
    add_header Cross-Origin-Opener-Policy "same-origin" always;
    add_header Cross-Origin-Embedder-Policy "require-corp" always;
    add_header Cross-Origin-Resource-Policy "cross-origin" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    gzip_static on;
    location ~* /libreoffice-wasm/soffice\.wasm\.gz$ {
        gzip off;
        types {} default_type application/wasm;
        add_header Content-Encoding gzip;
        add_header Vary "Accept-Encoding";
        add_header Cache-Control "public, immutable";
    }
    location ~* /libreoffice-wasm/soffice\.data\.gz$ {
        gzip off;
        types {} default_type application/octet-stream;
        add_header Content-Encoding gzip;
        add_header Vary "Accept-Encoding";
        add_header Cache-Control "public, immutable";
    }
    location ~* \.wasm$ {
        types {} default_type application/wasm;
        expires 1y;
        add_header Cache-Control "public, immutable";
    }
    location ~* \.(wasm\.gz|data\.gz|data)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
    }
    location / {
        try_files $uri $uri/ $uri.html =404;
    }
    error_page 404 /404.html;
 }
 EOF
 rm -f /etc/nginx/sites-enabled/default
 ln -sf /etc/nginx/sites-available/bentopdf /etc/nginx/sites-enabled/bentopdf
 cat <<'EOF' >/etc/systemd/system/bentopdf.service
 [Unit]
 Description=BentoPDF Service
 After=network.target
 [Service]
 Type=simple
-ExecStart=/usr/sbin/nginx -g "daemon off;"
+WorkingDirectory=/opt/bentopdf/dist
-ExecReload=/bin/kill -HUP $MAINPID
+ExecStart=/usr/bin/npx http-server -g -b -d false -r --no-dotfiles
 Restart=always
 RestartSec=10
 [Install]
 WantedBy=multi-user.target
--- a/install/bookstack-install.sh
+++ b/install/bookstack-install.sh
@@ -14,9 +14,7 @@ network_check
 update_os
 msg_info "Installing Dependencies"
-$STD apt install -y \
+$STD apt install -y make
  make \
  git
 msg_ok "Installed Dependencies"
 PHP_VERSION="8.3" PHP_APACHE="YES" PHP_FPM="YES" PHP_MODULE="ldap,tidy,mysqli" setup_php
--- a/install/checkmk-install.sh
+++ b/install/checkmk-install.sh
@@ -15,8 +15,7 @@ update_os
 msg_info "Install Checkmk"
 RELEASE=$(curl -fsSL https://api.github.com/repos/checkmk/checkmk/tags | grep "name" | awk '{print substr($2, 3, length($2)-4) }' | tr ' ' '\n' | grep -Ev 'rc|b' | sort -V | tail -n 1)
-RELEASE="${RELEASE%%+*}"
+curl -fsSL "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-raw-${RELEASE}_0.bookworm_amd64.deb" -o "/opt/checkmk.deb"
 curl -fsSL "https://download.checkmk.com/checkmk/${RELEASE}/check-mk-raw-${RELEASE}_0.$(get_os_info codename)_amd64.deb" -o "/opt/checkmk.deb"
 $STD apt-get install -y /opt/checkmk.deb
 rm -rf /opt/checkmk.deb
 echo "${RELEASE}" >"/opt/checkmk_version.txt"
--- a/install/crafty-controller-install.sh
+++ b/install/crafty-controller-install.sh
@@ -67,18 +67,12 @@ Restart=on-failure
 WantedBy=multi-user.target
 EOF
 $STD systemctl enable -q --now crafty-controller
-CREDS_FILE="/opt/crafty-controller/crafty/crafty-4/app/config/default-creds.txt"
+sleep 10
-for i in $(seq 1 30); do
+{
-  [[ -f "$CREDS_FILE" ]] && break
+  echo "Crafty-Controller-Credentials"
-  sleep 2
+  echo "Username: $(grep -oP '(?<="username": ")[^"]*' /opt/crafty-controller/crafty/crafty-4/app/config/default-creds.txt)"
-done
+  echo "Password: $(grep -oP '(?<="password": ")[^"]*' /opt/crafty-controller/crafty/crafty-4/app/config/default-creds.txt)"
-if [[ -f "$CREDS_FILE" ]]; then
+} >>~/crafty-controller.creds
  {
    echo "Crafty-Controller-Credentials"
    echo "Username: $(grep -oP '(?<="username": ")[^"]*' "$CREDS_FILE")"
    echo "Password: $(grep -oP '(?<="password": ")[^"]*' "$CREDS_FILE")"
  } >>~/crafty-controller.creds
 fi
 msg_ok "Service started"
 motd_ssh
--- a/install/elementsynapse-install.sh
+++ b/install/elementsynapse-install.sh
@@ -43,24 +43,6 @@ SECRET=$(openssl rand -hex 32)
 ADMIN_PASS="$(openssl rand -base64 18 | cut -c1-13)"
 echo "enable_registration_without_verification: true" >>/etc/matrix-synapse/homeserver.yaml
 echo "registration_shared_secret: ${SECRET}" >>/etc/matrix-synapse/homeserver.yaml
 cat <<EOF >>/etc/matrix-synapse/homeserver.yaml
 # MatrixRTC / Element Call configuration
 experimental_features:
  msc3266_enabled: true
  msc4222_enabled: true
 max_event_delay_duration: 24h
 rc_message:
  per_second: 0.5
  burst_count: 30
 rc_delayed_event_mgmt:
  per_second: 1
  burst_count: 20
 EOF
 systemctl enable -q --now matrix-synapse
 $STD register_new_matrix_user -a --user admin --password "$ADMIN_PASS" --config /etc/matrix-synapse/homeserver.yaml
 {
--- a/install/flaresolverr-install.sh
+++ b/install/flaresolverr-install.sh
@@ -29,9 +29,7 @@ setup_deb822_repo \
 $STD apt update
 $STD apt install -y google-chrome-stable
 # remove google-chrome.list added by google-chrome-stable
-if [ -f /etc/apt/sources.list.d/google-chrome.list ]; then
+rm /etc/apt/sources.list.d/google-chrome.list
  rm /etc/apt/sources.list.d/google-chrome.list
 fi
 msg_ok "Installed Chrome"
 fetch_and_deploy_gh_release "flaresolverr" "FlareSolverr/FlareSolverr" "prebuild" "latest" "/opt/flaresolverr" "flaresolverr_linux_x64.tar.gz"
--- a/install/homarr-install.sh
+++ b/install/homarr-install.sh
@@ -47,8 +47,6 @@ mkdir -p /appdata/redis
 chown -R redis:redis /appdata/redis
 chmod 744 /appdata/redis
 cp /opt/homarr/redis.conf /etc/redis/redis.conf
 sed -i -e '$a\' /etc/redis/redis.conf
 grep -q '^bind 127.0.0.1 -::1$' /etc/redis/redis.conf || echo "bind 127.0.0.1 -::1" >>/etc/redis/redis.conf
 rm /etc/nginx/nginx.conf
 mkdir -p /etc/nginx/templates
 cp /opt/homarr/nginx.conf /etc/nginx/templates/nginx.conf
@@ -82,7 +80,7 @@ chmod +x /opt/homarr/run.sh
 systemctl daemon-reload
 systemctl enable -q --now redis-server
 systemctl enable -q --now homarr
-systemctl disable -q --now nginx
+systemctl disable -q --now nginx 
 msg_ok "Created Services"
 motd_ssh
--- a/install/immich-install.sh
+++ b/install/immich-install.sh
@@ -295,7 +295,7 @@ ML_DIR="${APP_DIR}/machine-learning"
 GEO_DIR="${INSTALL_DIR}/geodata"
 mkdir -p {"${APP_DIR}","${UPLOAD_DIR}","${GEO_DIR}","${INSTALL_DIR}"/cache}
-fetch_and_deploy_gh_release "Immich" "immich-app/immich" "tarball" "v2.7.4" "$SRC_DIR"
+fetch_and_deploy_gh_release "Immich" "immich-app/immich" "tarball" "v2.6.3" "$SRC_DIR"
 PNPM_VERSION="$(jq -r '.packageManager | split("@")[1] | split("+")[0]' ${SRC_DIR}/package.json)"
 NODE_VERSION="24" NODE_MODULE="pnpm@${PNPM_VERSION}" setup_nodejs
@@ -312,12 +312,6 @@ $STD pnpm --filter immich --frozen-lockfile build
 unset SHARP_IGNORE_GLOBAL_LIBVIPS
 export SHARP_FORCE_GLOBAL_LIBVIPS=true
 $STD pnpm --filter immich --frozen-lockfile --prod --no-optional deploy "$APP_DIR"
 # Patch helmet.json: disable upgrade-insecure-requests for HTTP access
 if [[ -f "$APP_DIR/helmet.json" ]]; then
  jq '.contentSecurityPolicy.directives["upgrade-insecure-requests"] = null' "$APP_DIR/helmet.json" >"$APP_DIR/helmet.json.tmp" && mv "$APP_DIR/helmet.json.tmp" "$APP_DIR/helmet.json"
 fi
 cp "$APP_DIR"/package.json "$APP_DIR"/bin
 sed -i "s|^start|${APP_DIR}/bin/start|" "$APP_DIR"/bin/immich-admin
@@ -425,9 +419,6 @@ IMMICH_VERSION=release
 NODE_ENV=production
 IMMICH_ALLOW_SETUP=true
 ## Change to 'false' to disable CSP
 IMMICH_HELMET_FILE=true
 DB_HOSTNAME=127.0.0.1
 DB_USERNAME=${PG_DB_USER}
 DB_PASSWORD=${PG_DB_PASS}
--- a/install/ironclaw-install.sh
+++ b/install/ironclaw-install.sh
@@ -1,61 +0,0 @@
 #!/usr/bin/env bash
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: MickLesk (CanbiZ)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://github.com/nearai/ironclaw
 source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
 color
 verb_ip6
 catch_errors
 setting_up_container
 network_check
 update_os
 PG_VERSION="17" PG_MODULES="pgvector" setup_postgresql
 PG_DB_NAME="ironclaw" PG_DB_USER="ironclaw" PG_DB_EXTENSIONS="vector" setup_postgresql_db
 fetch_and_deploy_gh_release "ironclaw-bin" "nearai/ironclaw" "prebuild" "latest" "/usr/local/bin" \
  "ironclaw-$(uname -m)-unknown-linux-$([[ -f /etc/alpine-release ]] && echo "musl" || echo "gnu").tar.gz"
 chmod +x /usr/local/bin/ironclaw
 msg_info "Configuring IronClaw"
 mkdir -p /root/.ironclaw
 GATEWAY_TOKEN=$(openssl rand -hex 32)
 cat <<EOF >/root/.ironclaw/.env
 DATABASE_URL=postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}?sslmode=disable
 GATEWAY_ENABLED=true
 GATEWAY_HOST=0.0.0.0
 GATEWAY_PORT=3000
 GATEWAY_AUTH_TOKEN=${GATEWAY_TOKEN}
 CLI_ENABLED=false
 AGENT_NAME=ironclaw
 RUST_LOG=ironclaw=info,tower_http=info
 EOF
 chmod 600 /root/.ironclaw/.env
 msg_ok "Configured IronClaw"
 msg_info "Creating Service"
 cat <<EOF >/etc/systemd/system/ironclaw.service
 [Unit]
 Description=IronClaw AI Agent
 After=network.target postgresql.service
 [Service]
 Type=simple
 User=root
 WorkingDirectory=/root
 ExecStart=/usr/local/bin/ironclaw
 Restart=on-failure
 RestartSec=5
 [Install]
 WantedBy=multi-user.target
 EOF
 systemctl enable -q ironclaw
 msg_ok "Created Service"
 motd_ssh
 customize
 cleanup_lxc
--- a/install/romm-install.sh
+++ b/install/romm-install.sh
@@ -176,10 +176,8 @@ $STD npm run build
 cp -rf /opt/romm/frontend/assets/* /opt/romm/frontend/dist/assets/
 mkdir -p /opt/romm/frontend/dist/assets/romm
-ROMM_BASE=$(grep '^ROMM_BASE_PATH=' /opt/romm/.env | cut -d'=' -f2)
+ln -sfn /var/lib/romm/resources /opt/romm/frontend/dist/assets/romm/resources
-ROMM_BASE=${ROMM_BASE:-/var/lib/romm}
+ln -sfn /var/lib/romm/assets /opt/romm/frontend/dist/assets/romm/assets
 ln -sfn "$ROMM_BASE"/resources /opt/romm/frontend/dist/assets/romm/resources
 ln -sfn "$ROMM_BASE"/assets /opt/romm/frontend/dist/assets/romm/assets
 msg_ok "Set up RomM Frontend"
 msg_info "Configuring Nginx"
@@ -253,7 +251,6 @@ server {
 }
 EOF
 sed -i "s|alias /var/lib/romm/library/;|alias ${ROMM_BASE}/library/;|" /etc/nginx/sites-available/romm
 rm -f /etc/nginx/sites-enabled/default
 ln -sf /etc/nginx/sites-available/romm /etc/nginx/sites-enabled/romm
 systemctl restart nginx
--- a/install/uhf-install.sh
+++ b/install/uhf-install.sh
@@ -15,7 +15,7 @@ update_os
 setup_hwaccel
 msg_info "Installing Dependencies"
-setup_ffmpeg
+$STD apt install -y ffmpeg
 msg_ok "Installed Dependencies"
 msg_info "Setting Up UHF Server Environment"
--- a/misc/build.func
+++ b/misc/build.func
@@ -1054,7 +1054,7 @@ load_vars_file() {
  # Allowed var_* keys
  local VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_keyctl
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu var_keyctl
    var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
    var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
    var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain
@@ -1255,7 +1255,7 @@ default_var_settings() {
  # Allowed var_* keys (alphabetically sorted)
  # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
  local VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu var_keyctl
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu var_keyctl
    var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
    var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
    var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
@@ -1350,10 +1350,6 @@ var_verbose=no
 # Security (root PW) – empty => autologin
 # var_pw=
 # GitHub Personal Access Token (optional – avoids API rate limits during installs)
 # Create at https://github.com/settings/tokens – read-only public access is sufficient
 # var_github_token=ghp_your_token_here
 EOF
    # Now choose storages (always prompt unless just one exists)
@@ -1391,11 +1387,6 @@ EOF
    VERBOSE="no"
  fi
  # 4) Map var_github_token → GITHUB_TOKEN (only if not already set in environment)
  if [[ -z "${GITHUB_TOKEN:-}" && -n "${var_github_token:-}" ]]; then
    export GITHUB_TOKEN="${var_github_token}"
  fi
  # 4) Apply base settings and show summary
  METHOD="mydefaults-global"
  base_settings "$VERBOSE"
@@ -1428,7 +1419,7 @@ get_app_defaults_path() {
 if ! declare -p VAR_WHITELIST >/dev/null 2>&1; then
  # Note: Removed var_ctid (can only exist once), var_ipv6_static (static IPs are unique)
  declare -ag VAR_WHITELIST=(
-    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_github_token var_gpu
+    var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu
    var_gateway var_hostname var_ipv6_method var_mac var_mtu
    var_net var_ns var_os var_pw var_ram var_tags var_tun var_unprivileged
    var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
@@ -4027,7 +4018,7 @@ EOF
    # Wait for IP assignment (IPv4 or IPv6)
    local ip_in_lxc=""
-    for i in {1..60}; do
+    for i in {1..20}; do
      # Try IPv4 first
      ip_in_lxc=$(pct exec "$CTID" -- ip -4 addr show dev eth0 2>/dev/null | awk '/inet / {print $2}' | cut -d/ -f1)
      # Fallback to IPv6 if IPv4 not available
@@ -4035,18 +4026,11 @@ EOF
        ip_in_lxc=$(pct exec "$CTID" -- ip -6 addr show dev eth0 scope global 2>/dev/null | awk '/inet6 / {print $2}' | cut -d/ -f1 | head -n1)
      fi
      [ -n "$ip_in_lxc" ] && break
-      # Progressive backoff: 1s for first 20, 2s for next 20, 3s for last 20
+      sleep 1
      if [ "$i" -le 20 ]; then
        sleep 1
      elif [ "$i" -le 40 ]; then
        sleep 2
      else
        sleep 3
      fi
    done
    if [ -z "$ip_in_lxc" ]; then
-      msg_error "No IP assigned to CT $CTID after 60 attempts"
+      msg_error "No IP assigned to CT $CTID after 20s"
      msg_custom "🔧" "${YW}" "Troubleshooting:"
      echo "  • Verify bridge ${BRG} exists and has connectivity"
      echo "  • Check if DHCP server is reachable (if using DHCP)"
@@ -5277,10 +5261,9 @@ create_lxc_container() {
    exit 205
  }
  if qm status "$CTID" &>/dev/null || pct status "$CTID" &>/dev/null; then
-    msg_warn "Container/VM ID $CTID is already in use (detected late). Reassigning..."
+    unset CTID
-    CTID=$(get_valid_container_id "$((CTID + 1))")
+    msg_error "Cannot use ID that is already in use."
-    export CTID
+    exit 206
    msg_ok "Reassigned to container ID $CTID"
  fi
  # Report installation start to API early - captures failures in storage/template/create
@@ -5756,77 +5739,30 @@ create_lxc_container() {
  if ! pct create "$CTID" "${TEMPLATE_STORAGE}:vztmpl/${TEMPLATE}" $PCT_OPTIONS >"$LOGFILE" 2>&1; then
    msg_debug "Container creation failed on ${TEMPLATE_STORAGE}. Checking error..."
-    # Check if CTID collision (race condition: ID claimed between validation and creation)
+    # Check if template issue - retry with fresh download
-    if grep -qiE 'already exists|already in use' "$LOGFILE"; then
+    if grep -qiE 'unable to open|corrupt|invalid' "$LOGFILE"; then
-      local old_ctid="$CTID"
+      msg_info "Template may be corrupted – re-downloading"
-      CTID=$(get_valid_container_id "$((CTID + 1))")
+      rm -f "$TEMPLATE_PATH"
-      export CTID
+      pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
-      msg_warn "Container ID $old_ctid was claimed by another process. Retrying with ID $CTID"
+      msg_ok "Template re-downloaded"
-      LOGFILE="/tmp/pct_create_${CTID}_$(date +%Y%m%d_%H%M%S)_${SESSION_ID}.log"
+    fi
      if pct create "$CTID" "${TEMPLATE_STORAGE}:vztmpl/${TEMPLATE}" $PCT_OPTIONS >"$LOGFILE" 2>&1; then
        msg_ok "Container successfully created with new ID $CTID"
      else
        msg_error "Container creation failed even with new ID $CTID. See $LOGFILE"
        _flush_pct_log
        exit 209
      fi
    else
      # Not a CTID collision - check if template issue and retry with fresh download
      if grep -qiE 'unable to open|corrupt|invalid' "$LOGFILE"; then
        msg_info "Template may be corrupted – re-downloading"
        rm -f "$TEMPLATE_PATH"
        pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
        msg_ok "Template re-downloaded"
      fi
-      # Retry after repair
+    # Retry after repair
-      if ! pct create "$CTID" "${TEMPLATE_STORAGE}:vztmpl/${TEMPLATE}" $PCT_OPTIONS >>"$LOGFILE" 2>&1; then
+    if ! pct create "$CTID" "${TEMPLATE_STORAGE}:vztmpl/${TEMPLATE}" $PCT_OPTIONS >>"$LOGFILE" 2>&1; then
-        # Fallback to local storage if not already on local
+      # Fallback to local storage if not already on local
-        if [[ "$TEMPLATE_STORAGE" != "local" ]]; then
+      if [[ "$TEMPLATE_STORAGE" != "local" ]]; then
-          msg_info "Retrying container creation with fallback to local storage"
+        msg_info "Retrying container creation with fallback to local storage"
-          LOCAL_TEMPLATE_PATH="/var/lib/vz/template/cache/$TEMPLATE"
+        LOCAL_TEMPLATE_PATH="/var/lib/vz/template/cache/$TEMPLATE"
-          if [[ ! -f "$LOCAL_TEMPLATE_PATH" ]]; then
+        if [[ ! -f "$LOCAL_TEMPLATE_PATH" ]]; then
-            msg_ok "Trying local storage fallback"
+          msg_ok "Trying local storage fallback"
-            msg_info "Downloading template to local"
+          msg_info "Downloading template to local"
-            pveam download local "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
+          pveam download local "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
-            msg_ok "Template downloaded to local"
+          msg_ok "Template downloaded to local"
          else
            msg_ok "Trying local storage fallback"
          fi
          if ! pct create "$CTID" "local:vztmpl/${TEMPLATE}" $PCT_OPTIONS >>"$LOGFILE" 2>&1; then
            # Local fallback also failed - check for LXC stack version issue
            if grep -qiE 'unsupported .* version' "$LOGFILE"; then
              msg_warn "pct reported 'unsupported version' – LXC stack might be too old for this template"
              offer_lxc_stack_upgrade_and_maybe_retry "yes"
              rc=$?
              case $rc in
              0) : ;; # success - container created, continue
              2)
                msg_error "Upgrade declined. Please update and re-run: apt update && apt install --only-upgrade pve-container lxc-pve"
                _flush_pct_log
                exit 231
                ;;
              3)
                msg_error "Upgrade and/or retry failed. Please inspect: $LOGFILE"
                _flush_pct_log
                exit 231
                ;;
              esac
            else
              msg_error "Container creation failed. See $LOGFILE"
              if whiptail --yesno "pct create failed.\nDo you want to enable verbose debug mode and view detailed logs?" 12 70; then
                set -x
                pct create "$CTID" "local:vztmpl/${TEMPLATE}" $PCT_OPTIONS 2>&1 | tee -a "$LOGFILE"
                set +x
              fi
              _flush_pct_log
              exit 209
            fi
          else
            msg_ok "Container successfully created using local fallback."
          fi
        else
-          # Already on local storage and still failed - check LXC stack version
+          msg_ok "Trying local storage fallback"
        fi
        if ! pct create "$CTID" "local:vztmpl/${TEMPLATE}" $PCT_OPTIONS >>"$LOGFILE" 2>&1; then
          # Local fallback also failed - check for LXC stack version issue
          if grep -qiE 'unsupported .* version' "$LOGFILE"; then
            msg_warn "pct reported 'unsupported version' – LXC stack might be too old for this template"
            offer_lxc_stack_upgrade_and_maybe_retry "yes"
@@ -5854,28 +5790,50 @@ create_lxc_container() {
            _flush_pct_log
            exit 209
          fi
        else
          msg_ok "Container successfully created using local fallback."
        fi
      else
-        msg_ok "Container successfully created after template repair."
+        # Already on local storage and still failed - check LXC stack version
        if grep -qiE 'unsupported .* version' "$LOGFILE"; then
          msg_warn "pct reported 'unsupported version' – LXC stack might be too old for this template"
          offer_lxc_stack_upgrade_and_maybe_retry "yes"
          rc=$?
          case $rc in
          0) : ;; # success - container created, continue
          2)
            msg_error "Upgrade declined. Please update and re-run: apt update && apt install --only-upgrade pve-container lxc-pve"
            _flush_pct_log
            exit 231
            ;;
          3)
            msg_error "Upgrade and/or retry failed. Please inspect: $LOGFILE"
            _flush_pct_log
            exit 231
            ;;
          esac
        else
          msg_error "Container creation failed. See $LOGFILE"
          if whiptail --yesno "pct create failed.\nDo you want to enable verbose debug mode and view detailed logs?" 12 70; then
            set -x
            pct create "$CTID" "local:vztmpl/${TEMPLATE}" $PCT_OPTIONS 2>&1 | tee -a "$LOGFILE"
            set +x
          fi
          _flush_pct_log
          exit 209
        fi
      fi
-    fi # close CTID collision else-branch
+    else
      msg_ok "Container successfully created after template repair."
    fi
  fi
-  # Verify container exists (allow up to 10s for pmxcfs sync in clusters)
+  # Verify container exists
-  local _pct_visible=false
+  pct list | awk '{print $1}' | grep -qx "$CTID" || {
-  for _pct_check in {1..10}; do
+    msg_error "Container ID $CTID not listed in 'pct list'. See $LOGFILE"
    if pct list | awk '{print $1}' | grep -qx "$CTID"; then
      _pct_visible=true
      break
    fi
    sleep 1
  done
  if [[ "$_pct_visible" != true ]]; then
    msg_error "Container ID $CTID not listed in 'pct list' after 10s. See $LOGFILE"
    msg_custom "🔧" "${YW}" "This can happen in clusters with pmxcfs sync delays."
    _flush_pct_log
    exit 215
-  fi
+  }
  # Verify config rootfs
  grep -q '^rootfs:' "/etc/pve/lxc/$CTID.conf" || {
@@ -5915,12 +5873,6 @@ create_lxc_container() {
 # ------------------------------------------------------------------------------
 description() {
  IP=$(pct exec "$CTID" ip a s dev eth0 | awk '/inet / {print $2}' | cut -d/ -f1)
  local script_slug script_url donate_url
  script_slug="${SCRIPT_SLUG:-${NSAPP}}"
  script_slug="$(echo "$script_slug" | tr '[:upper:]' '[:lower:]' | tr ' ' '-')"
  script_url="https://community-scripts.org/scripts/${script_slug}"
  donate_url="https://community-scripts.org/donate"
  # Generate LXC Description
  DESCRIPTION=$(
@@ -5933,14 +5885,8 @@ description() {
  <h2 style='font-size: 24px; margin: 20px 0;'>${APP} LXC</h2>
  <p style='margin: 16px 0;'>
-    <a href='${donate_url}' target='_blank' rel='noopener noreferrer'>
+    <a href='https://ko-fi.com/community_scripts' target='_blank' rel='noopener noreferrer'>
-      <img src='https://img.shields.io/badge/❤️-Sponsoring%20%26%20Donations-FF5E5B' alt='Sponsoring and donations' />
+      <img src='https://img.shields.io/badge/&#x2615;-Buy us a coffee-blue' alt='spend Coffee' />
    </a>
  </p>
  <p style='margin: 12px 0;'>
    <a href='${script_url}' target='_blank' rel='noopener noreferrer'>
      <img src='https://img.shields.io/badge/📦-Open%20Script%20Page-00617f' alt='Open script page' />
    </a>
  </p>
--- a/misc/tools.func
+++ b/misc/tools.func
@@ -1117,87 +1117,15 @@ is_package_installed() {
  fi
 }
 # ------------------------------------------------------------------------------
 # validate_github_token()
 # Checks a GitHub token via the /user endpoint.
 # Prints a status message and returns:
 #   0 - token is valid
 #   1 - token is invalid / expired (HTTP 401)
 #   2 - token has no public repo scope (HTTP 200 but missing scope)
 #   3 - network/API error
 # Also reports expiry date if the token carries an x-oauth-expiry header.
 # ------------------------------------------------------------------------------
 validate_github_token() {
  local token="${1:-${GITHUB_TOKEN:-}}"
  [[ -z "$token" ]] && return 3
  local response headers http_code expiry_date scopes
  headers=$(mktemp)
  response=$(curl -sSL -w "%{http_code}" \
    -D "$headers" \
    -o /dev/null \
    -H "Authorization: Bearer $token" \
    -H "Accept: application/vnd.github+json" \
    -H "X-GitHub-Api-Version: 2022-11-28" \
    "https://api.github.com/user" 2>/dev/null) || { rm -f "$headers"; return 3; }
  http_code="$response"
  # Read expiry header (fine-grained PATs carry this)
  expiry_date=$(grep -i '^github-authentication-token-expiration:' "$headers" \
    | sed 's/.*: *//' | tr -d '\r\n' || true)
  # Read token scopes (classic PATs)
  scopes=$(grep -i '^x-oauth-scopes:' "$headers" \
    | sed 's/.*: *//' | tr -d '\r\n' || true)
  rm -f "$headers"
  case "$http_code" in
    200)
      if [[ -n "$expiry_date" ]]; then
        msg_ok "GitHub token is valid (expires: $expiry_date)."
      else
        msg_ok "GitHub token is valid (no expiry / fine-grained PAT)."
      fi
      # Warn if classic PAT has no public_repo scope
      if [[ -n "$scopes" && "$scopes" != *"public_repo"* && "$scopes" != *"repo"* ]]; then
        msg_warn "Token has no 'public_repo' scope - private repos and some release APIs may fail."
        return 2
      fi
      return 0
      ;;
    401)
      msg_error "GitHub token is invalid or expired (HTTP 401)."
      return 1
      ;;
    *)
      msg_warn "GitHub token validation returned HTTP $http_code - treating as valid."
      return 0
      ;;
  esac
 }
 # ------------------------------------------------------------------------------
 # Prompt user to enter a GitHub Personal Access Token (PAT) interactively
 # Returns 0 if a valid token was provided, 1 otherwise
 # ------------------------------------------------------------------------------
 prompt_for_github_token() {
  if [[ ! -t 0 ]]; then
    # Non-interactive: pick up var_github_token if set (from default.vars / app.vars / env)
    if [[ -z "${GITHUB_TOKEN:-}" && -n "${var_github_token:-}" ]]; then
      export GITHUB_TOKEN="${var_github_token}"
      msg_ok "GitHub token loaded from var_github_token."
      return 0
    fi
    return 1
  fi
  # Prefer var_github_token when already set and no interactive override needed
  if [[ -z "${GITHUB_TOKEN:-}" && -n "${var_github_token:-}" ]]; then
    export GITHUB_TOKEN="${var_github_token}"
    msg_ok "GitHub token loaded from var_github_token."
    validate_github_token || true
    return 0
  fi
  local reply
  read -rp "${TAB}Would you like to enter a GitHub Personal Access Token (PAT)? [y/N]: " reply
  reply="${reply:-n}"
@@ -1219,16 +1147,10 @@ prompt_for_github_token() {
      msg_warn "Token must not contain spaces. Please try again."
      continue
    fi
-    # Validate before accepting
+    break
    export GITHUB_TOKEN="$token"
    if validate_github_token "$token"; then
      break
    else
      msg_warn "Please enter a valid token, or press Ctrl+C to abort."
      unset GITHUB_TOKEN
    fi
  done
  export GITHUB_TOKEN="$token"
  msg_ok "GitHub token has been set."
  return 0
 }
@@ -2938,7 +2860,7 @@ function fetch_and_deploy_codeberg_release() {
  while ((attempt < ${#api_timeouts[@]})); do
    resp=$(curl --connect-timeout 10 --max-time "${api_timeouts[$attempt]}" -fsSL -w "%{http_code}" -o /tmp/codeberg_rel.json "$api_url") && success=true && break
-    attempt=$((attempt + 1))
+    ((attempt++))
    if ((attempt < ${#api_timeouts[@]})); then
      msg_warn "API request timed out after ${api_timeouts[$((attempt - 1))]}s, retrying... (attempt $((attempt + 1))/${#api_timeouts[@]})"
    fi
@@ -3448,8 +3370,7 @@ function fetch_and_deploy_gh_release() {
        if prompt_for_github_token; then
          header=(-H "Authorization: token $GITHUB_TOKEN")
          retry_delay=2
-          attempt=1
+          attempt=0
          continue
        fi
      fi
    else
--- a/misc/vm-core.func
+++ b/misc/vm-core.func
@@ -577,13 +577,6 @@ check_hostname_conflict() {
 }
 set_description() {
  local app_name script_slug script_url donate_url
  app_name=$(echo "${APP,,}" | tr ' ' '-')
  script_slug="${SCRIPT_SLUG:-${app_name}}"
  script_slug="$(echo "$script_slug" | tr '[:upper:]' '[:lower:]' | tr ' ' '-')"
  script_url="https://community-scripts.org/scripts/${script_slug}"
  donate_url="https://community-scripts.org/donate"
  DESCRIPTION=$(
    cat <<EOF
 <div align='center'>
@@ -594,14 +587,8 @@ set_description() {
  <h2 style='font-size: 24px; margin: 20px 0;'>${NSAPP} VM</h2>
  <p style='margin: 16px 0;'>
-    <a href='${donate_url}' target='_blank' rel='noopener noreferrer'>
+    <a href='https://ko-fi.com/community_scripts' target='_blank' rel='noopener noreferrer'>
-      <img src='https://img.shields.io/badge/❤️-Sponsoring%20%26%20Donations-FF5E5B' alt='Sponsoring and donations' />
+      <img src='https://img.shields.io/badge/&#x2615;-Buy us a coffee-blue' alt='spend Coffee' />
    </a>
  </p>
  <p style='margin: 12px 0;'>
    <a href='${script_url}' target='_blank' rel='noopener noreferrer'>
      <img src='https://img.shields.io/badge/📦-Open%20Script%20Page-00617f' alt='Open script page' />
    </a>
  </p>
--- a/tools/addon/filebrowser-quantum.sh
+++ b/tools/addon/filebrowser-quantum.sh
@@ -43,21 +43,6 @@ IP=$(ip -4 addr show "$IFACE" | awk '/inet / {print $2}' | cut -d/ -f1 | head -n
 [[ -z "$IP" ]] && IP=$(hostname -I | awk '{print $1}')
 [[ -z "$IP" ]] && IP="127.0.0.1"
 # Proxmox Host Warning
 if [[ -d "/etc/pve" ]]; then
  echo -e "${RD}⚠️  Warning: Running this addon directly on the Proxmox host is not recommended!${CL}"
  echo -e "${YW}   Only the boot disk will be visible — passthrough drives will not be indexed.${CL}"
  echo -e "${YW}   This causes incorrect disk usage stats and incomplete file browsing.${CL}"
  echo -e "${YW}   Run this addon inside an LXC or VM instead and mount your drives there.${CL}"
  echo ""
  echo -n "Continue anyway on the Proxmox host? (y/N): "
  read -r host_confirm
  if [[ ! "${host_confirm,,}" =~ ^(y|yes)$ ]]; then
    echo -e "${YW}Aborted.${CL}"
    exit 0
  fi
 fi
 # OS Detection
 if [[ -f "/etc/alpine-release" ]]; then
  OS="Alpine"
--- a/tools/addon/filebrowser.sh
+++ b/tools/addon/filebrowser.sh
@@ -41,21 +41,6 @@ IP=$(ip -4 addr show "$IFACE" | awk '/inet / {print $2}' | cut -d/ -f1 | head -n
 [[ -z "$IP" ]] && IP=$(hostname -I | awk '{print $1}')
 [[ -z "$IP" ]] && IP="127.0.0.1"
 # Proxmox Host Warning
 if [[ -d "/etc/pve" ]]; then
  echo -e "${RD}⚠️  Warning: Running this addon directly on the Proxmox host is not recommended!${CL}"
  echo -e "${YW}   Only the boot disk will be visible — passthrough drives will not be indexed.${CL}"
  echo -e "${YW}   This causes incorrect disk usage stats and incomplete file browsing.${CL}"
  echo -e "${YW}   Run this addon inside an LXC or VM instead and mount your drives there.${CL}"
  echo ""
  echo -n "Continue anyway on the Proxmox host? (y/N): "
  read -r host_confirm
  if [[ ! "${host_confirm,,}" =~ ^(y|yes)$ ]]; then
    echo -e "${YW}Aborted.${CL}"
    exit 0
  fi
 fi
 # Detect OS
 if [[ -f "/etc/alpine-release" ]]; then
  OS="Alpine"
--- a/vm/opnsense-vm.sh
+++ b/vm/opnsense-vm.sh
@@ -24,7 +24,7 @@ RANDOM_UUID="$(cat /proc/sys/kernel/random/uuid)"
 METHOD=""
 NSAPP="opnsense-vm"
 var_os="opnsense"
-var_version="26.1"
+var_version="25.7"
 #
 GEN_MAC=02:$(openssl rand -hex 5 | awk '{print toupper($0)}' | sed 's/\(..\)/\1:/g; s/.$//')
 GEN_MAC_LAN=02:$(openssl rand -hex 5 | awk '{print toupper($0)}' | sed 's/\(..\)/\1:/g; s/.$//')
@@ -797,7 +797,7 @@ if [ -n "$WAN_BRG" ]; then
  msg_ok "WAN interface added"
  sleep 5 # Brief pause after adding network interface
 fi
-send_line_to_vm "sh ./opnsense-bootstrap.sh.in -y -f -r 26.1"
+send_line_to_vm "sh ./opnsense-bootstrap.sh.in -y -f -r 25.7"
 msg_ok "OPNsense VM is being installed, do not close the terminal, or the installation will fail."
 #We need to wait for the OPNsense build proccess to finish, this takes a few minutes
 sleep 1000