Update CHANGELOG.md

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

.github/FUNDING.yml

@@ -1,2 +1,3 @@
 ko_fi: community_scripts
 github: community_scripts
+buy_me_a_coffee: communityscripts

CHANGELOG.md

@@ -489,6 +489,20 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 </details>
 
+## 2026-06-30
+
+### 🚀 Updated Scripts
+
+  - #### 🔧 Refactor
+
+    - Refactor: Use heredoc when creating env files and creds/other [@tremor021](https://github.com/tremor021) ([#15469](https://github.com/community-scripts/ProxmoxVE/pull/15469))
+
+### 🧰 Tools
+
+  - #### 🐞 Bug Fixes
+
+    - [tools/pve/*.sh] https://download.proxmox.com -> http://download.proxmox.com (PVE8 Only) [@galeksandrp](https://github.com/galeksandrp) ([#15498](https://github.com/community-scripts/ProxmoxVE/pull/15498))
+
 ## 2026-06-29
 
 ### 🆕 New Scripts

ct/erpnext.sh

@@ -29,9 +29,63 @@ function update_script() {
     msg_error "No ${APP} Installation Found!"
     exit
   fi
-  msg_info "Updating ERPNext"
+
-  $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt/frappe-bench && bench update --reset'
+  FRAPPE_MAJOR="$(grep -oP '__version__\s*=\s*[\x27"]\K[0-9]+' /opt/frappe-bench/apps/frappe/frappe/__init__.py 2>/dev/null || echo 0)"
-  msg_ok "Updated ERPNext"
+  SITE="$(ls /opt/frappe-bench/sites/*/site_config.json 2>/dev/null | head -1 | cut -d/ -f5)"
+  [[ -z "$SITE" ]] && SITE="site1.local"
+
+  msg_info "Stopping ERPNext service"
+  $STD supervisorctl stop all
+  msg_ok "Stopped ERPNext service"
+
+  if [[ "${FRAPPE_MAJOR:-0}" -lt 16 ]] && { [[ "${PHS_SILENT:-0}" == "1" ]] || whiptail --backtitle "Proxmox VE Helper Scripts" --title "ERPNext v16 Major Upgrade" \
+    --yesno "A major upgrade from Frappe/ERPNext v15 to v16 is available.\n\nUpgrade to v16 now?" 16 78; }; then
+
+    msg_info "Backing up site ${SITE}"
+    $STD sudo -u frappe bash -c "export PATH=\"\$HOME/.local/bin:/usr/local/bin:\$PATH\"; cd /opt/frappe-bench && bench --site ${SITE} backup"
+    msg_ok "Backup created"
+
+    msg_info "Installing Dependencies"
+    $STD apt-get install -y pkg-config
+    $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:/usr/local/bin:$PATH"; cd /opt/frappe-bench && uv python install 3.14'
+    msg_ok "Installed Dependencies"
+
+    msg_info "Migrating bench environment"
+    $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:/usr/local/bin:$PATH"; cd /opt/frappe-bench && bench migrate-env "$(uv python find 3.14)"'
+    msg_ok "Migrated environment"
+
+    msg_info "Switching Frappe and ERPNext to v16 (Patience)"
+    $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:/usr/local/bin:$PATH"; cd /opt/frappe-bench && bench switch-to-branch version-16 frappe erpnext --upgrade' || true
+    NEW_MAJOR="$(grep -oP '__version__\s*=\s*[\x27"]\K[0-9]+' /opt/frappe-bench/apps/frappe/frappe/__init__.py 2>/dev/null || echo 0)"
+    if [[ "${NEW_MAJOR:-0}" -lt 16 ]]; then
+      msg_error "Failed to switch Frappe/ERPNext to v16"
+      exit 250
+    fi
+    msg_ok "Switched to v16"
+
+    msg_info "Running database migration (Patience)"
+    for i in 1 2 3; do
+      $STD sudo -u frappe bash -c "export PATH=\"\$HOME/.local/bin:/usr/local/bin:\$PATH\"; cd /opt/frappe-bench && bench --site ${SITE} migrate" && break
+      [[ "$i" -eq 3 ]] && {
+        msg_error "Database migration failed after 3 attempts"
+        exit 253
+      }
+    done
+    msg_ok "Database migrated"
+
+    msg_info "Building assets"
+    $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:/usr/local/bin:$PATH"; cd /opt/frappe-bench && bench build --production'
+    msg_ok "Assets built"
+
+    msg_info "Restarting ERPNext"
+    $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:/usr/local/bin:$PATH"; cd /opt/frappe-bench && bench restart'
+    msg_ok "Upgraded ERPNext to v16"
+  else
+    msg_info "Updating ERPNext"
+    $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt/frappe-bench && bench update --reset'
+    msg_ok "Updated ERPNext"
+  fi
+  msg_ok "Updated successfully!"
   exit
 }
 

ct/fmd-server.sh

@@ -0,0 +1,64 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: Slaviša Arežina (tremor021)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://gitlab.com/fmd-foss/fmd-server
+
+APP="FMD-Server"
+var_tags="${var_tags:-FMD}"
+var_cpu="${var_cpu:-1}"
+var_ram="${var_ram:-512}"
+var_disk="${var_disk:-4}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_arm64="${var_arm64:-yes}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+  if [[ ! -d /opt/fmd-server ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gl_release "fmd-server" "fmd-foss/fmd-server"; then
+    msg_info "Stopping Service"
+    systemctl stop fmd-server
+    msg_ok "Stopped Service"
+
+    create_backup /opt/fmd-server/config.yml /opt/fmd-server/db
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gl_release "fmd-server" "fmd-foss/fmd-server" "prebuild" "latest" "/opt/fmd-server" "fmd-server-*.zip"
+
+    msg_info "Configuring FMD-Server"
+    cd /opt/fmd-server
+    chmod +x fmd-server-*
+    msg_ok "Configured FMD-Server"
+
+    restore_backup
+
+    msg_info "Starting Service"
+    systemctl start fmd-server
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}https://${IP}:8443${CL}"

ct/headers/fmd-server

@@ -0,0 +1,6 @@
+    ________  _______       _____                          
+   / ____/  |/  / __ \     / ___/___  ______   _____  _____
+  / /_  / /|_/ / / / /_____\__ \/ _ \/ ___/ | / / _ \/ ___/
+ / __/ / /  / / /_/ /_____/__/ /  __/ /   | |/ /  __/ /    
+/_/   /_/  /_/_____/     /____/\___/_/    |___/\___/_/     
+                                                           

ct/patchmon.sh

@@ -58,12 +58,11 @@ function update_script() {
         -e 's/^NODE_/APP_/' \
         -e '/^SERVER_*/d' \
         -e '/^# API*/,+2d' /opt/patchmon/.env
-      {
+      cat <<EOF >/opt/patchmon/.env
-        echo ""
+SESSION_SECRET=$(openssl rand -hex 64)
-        echo "SESSION_SECRET=$(openssl rand -hex 64)"
+AI_ENCRYPTION_KEY=$(openssl rand -hex 64)
-        echo "AI_ENCRYPTION_KEY=$(openssl rand -hex 64)"
+AGENT_BINARIES_DIR=/opt/patchmon/agents
-        echo "AGENT_BINARIES_DIR=/opt/patchmon/agents"
+EOF
-      } >>/opt/patchmon/.env
       sed -i -e '\|Directory|s|/backend||' \
         -e 's|^ExecStart=.*|ExecStart=/opt/patchmon/patchmon-server|' \
         -e 's|^Environment=NODE_.*|EnvironmentFile=/opt/patchmon/.env|' \

ct/wizarr.sh

@@ -57,11 +57,11 @@ function update_script() {
       sed -i 's/--workers 4//' /opt/wizarr/start.sh
     fi
     if ! grep -qE 'FLASK|WORKERS|VERSION' /opt/wizarr/.env; then
-      {
+      cat <<EOF >/opt/wizarr/.env
-        echo "FLASK_ENV=production"
+FLASK_ENV=production
-        echo "GUNICORN_WORKERS=4"
+GUNICORN_WORKERS=4
-        echo "APP_VERSION=$(sed 's/^20/v&/' ~/.wizarr)"
+APP_VERSION=$(sed 's/^20/v&/' ~/.wizarr)
-      } >>/opt/wizarr/.env
+EOF
     else
       sed -i "s/_VERSION=v.*$/_VERSION=v$(cat ~/.wizarr)/" /opt/wizarr/.env
     fi

install/adventurelog-install.sh

@@ -86,12 +86,11 @@ user.is_superuser = True
 user.is_staff = True
 user.save()
 EOF
-{
+cat <<EOF >~/adventurelog.creds
-  echo ""
+Django-Credentials
-  echo "Django-Credentials"
+Django Admin User: $DJANGO_ADMIN_USER
-  echo "Django Admin User: $DJANGO_ADMIN_USER"
+Django Admin Password: $DJANGO_ADMIN_PASS
-  echo "Django Admin Password: $DJANGO_ADMIN_PASS"
+EOF
-} >>~/adventurelog.creds
 msg_ok "Setup Django Admin"
 
 msg_info "Creating Service"

install/alpine-garage-install.sh

@@ -25,12 +25,12 @@ mkdir -p /etc/garage
 RPC_SECRET=$(openssl rand -hex 64 | cut -c1-64)
 ADMIN_TOKEN=$(openssl rand -base64 32)
 METRICS_TOKEN=$(openssl rand -base64 32)
-{
+cat <<EOF >~/garage.creds
-  echo "Garage Tokens and Secrets"
+Garage Tokens and Secrets
-  echo "RPC Secret: $RPC_SECRET"
+RPC Secret: $RPC_SECRET
-  echo "Admin Token: $ADMIN_TOKEN"
+Admin Token: $ADMIN_TOKEN
-  echo "Metrics Token: $METRICS_TOKEN"
+Metrics Token: $METRICS_TOKEN
-} >~/garage.creds
+EOF
 echo $GITEA_RELEASE >>~/.garage
 cat <<EOF >/etc/garage.toml
 metadata_dir = "/var/lib/garage/meta"

install/alpine-ironclaw-install.sh

@@ -38,10 +38,10 @@ chmod +x /usr/local/bin/ironclaw
 msg_info "Configuring Environment"
 GATEWAY_TOKEN=$(openssl rand -hex 32)
 mkdir -p /root/.ironclaw
-{
+cat <<EOF >/root/.ironclaw/gateway.creds
-    echo "Gateway-Token"
+Gateway-Token
-    echo "Token: $GATEWAY_TOKEN"
+Token: $GATEWAY_TOKEN
-} >> /root/.ironclaw/gateway.creds
+EOF
 
 mkdir -p /root/.ironclaw
 cat <<EOF >/root/.ironclaw/.env

install/alpine-rclone-install.sh

@@ -27,11 +27,11 @@ $STD unzip -j "$temp_file" '*/**' -d /opt/rclone
 cd /opt/rclone
 RCLONE_PASSWORD=$(head -c 16 /dev/urandom | xxd -p -c 16)
 $STD htpasswd -cb -B /opt/login.pwd admin "$RCLONE_PASSWORD"
-{
+cat <<EOF >~/rclone.creds
-  echo "rclone-Credentials"
+rclone-Credentials
-  echo "rclone User Name: admin"
+rclone User Name: admin
-  echo "rclone Password: $RCLONE_PASSWORD"
+rclone Password: $RCLONE_PASSWORD
-} >>~/rclone.creds
+EOF
 echo "${RELEASE}" >/opt/rclone_version.txt
 rm -f "$temp_file"
 msg_ok "Installed rclone"

install/alpine-rustdeskserver-install.sh

@@ -40,12 +40,12 @@ mv release /opt/rustdesk-api
 cd /opt/rustdesk-api
 ADMINPASS=$(head -c 16 /dev/urandom | xxd -p -c 16)
 $STD ./apimain reset-admin-pwd "$ADMINPASS"
-{
+cat <<EOF >~/rustdesk.creds
-  echo "RustDesk WebUI"
+RustDesk WebUI
-  echo ""
+
-  echo "Username: admin"
+Username: admin
-  echo "Password: $ADMINPASS"
+Password: $ADMINPASS
-} >>~/rustdesk.creds
+EOF
 echo "${APIRELEASE}" >~/.rustdesk-api
 msg_ok "Installed RustDesk API v${APIRELEASE}"
 

install/alpine-valkey-install.sh

@@ -25,13 +25,12 @@ chmod 600 ~/valkey.creds
 MEMTOTAL_MB=$(free -m | grep ^Mem: | awk '{print $2}')
 MAXMEMORY_MB=$((MEMTOTAL_MB * 75 / 100))
 
-{
+cat <<EOF >/etc/valkey/valkey.conf
-  echo ""
+# Memory-optimized settings for small-scale deployments
-  echo "# Memory-optimized settings for small-scale deployments"
+maxmemory ${MAXMEMORY_MB}mb
-  echo "maxmemory ${MAXMEMORY_MB}mb"
+maxmemory-policy allkeys-lru
-  echo "maxmemory-policy allkeys-lru"
+maxmemory-samples 10
-  echo "maxmemory-samples 10"
+EOF
-} >>/etc/valkey/valkey.conf
 msg_ok "Installed Valkey"
 
 # Note: Alpine's valkey package is compiled without TLS support

install/anytype-server-install.sh

@@ -16,7 +16,7 @@ update_os
 setup_mongodb
 
 msg_info "Configuring MongoDB Replica Set"
-cat <<EOF >>/etc/mongod.conf
+cat <<EOF >/etc/mongod.conf
 
 replication:
   replSetName: "rs0"

install/apache-couchdb-install.sh

@@ -28,11 +28,11 @@ setup_deb822_repo \
   "$(get_os_info codename)" \
   "main"
 $STD apt install -y couchdb
-{
+cat <<EOF >~/couchdb.creds
-  echo "CouchDB Credentials"
+CouchDB Credentials
-  echo "CouchDB Erlang Cookie: $ERLANG_COOKIE"
+CouchDB Erlang Cookie: $ERLANG_COOKIE
-  echo "CouchDB Admin Password: $ADMIN_PASS"
+CouchDB Admin Password: $ADMIN_PASS
-} >>~/couchdb.creds
+EOF
 msg_ok "Installed Apache CouchDB"
 
 motd_ssh

install/apache-guacamole-install.sh

@@ -79,13 +79,13 @@ msg_ok "Setup Apache Guacamole"
 msg_info "Importing Database Schema"
 cd ~/guacamole-auth-jdbc-"${GUAC_SERVER_VERSION}"/mysql/schema
 cat *.sql | mariadb -u root ${MARIADB_DB_NAME}
-{
+cat <<EOF >/etc/guacamole/guacamole.properties
-  echo "mysql-hostname: 127.0.0.1"
+mysql-hostname: 127.0.0.1
-  echo "mysql-port: 3306"
+mysql-port: 3306
-  echo "mysql-database: $MARIADB_DB_NAME"
+mysql-database: $MARIADB_DB_NAME
-  echo "mysql-username: $MARIADB_DB_USER"
+mysql-username: $MARIADB_DB_USER
-  echo "mysql-password: $MARIADB_DB_PASS"
+mysql-password: $MARIADB_DB_PASS
-} >>/etc/guacamole/guacamole.properties
+EOF
 rm -rf ~/guacamole-auth-jdbc-"$GUAC_SERVER_VERSION"{,.tar.gz}
 msg_ok "Imported Database Schema"
 

install/autobrr-install.sh

@@ -17,7 +17,7 @@ fetch_and_deploy_gh_release "autobrr" "autobrr/autobrr" "prebuild" "latest" "/us
 
 msg_info "Configuring Autobrr"
 mkdir -p /root/.config/autobrr
-cat <<EOF >>/root/.config/autobrr/config.toml
+cat <<EOF >/root/.config/autobrr/config.toml
 # https://autobrr.com/configuration/autobrr
 host = "0.0.0.0"
 port = 7474

install/bookorbit-install.sh

@@ -51,7 +51,7 @@ mkdir -p /opt/bookorbit-data/covers /opt/bookorbit-data/book-bucket /opt/bookorb
 APP_VER=$(cat ~/.bookorbit)
 JWT_SECRET=$(openssl rand -hex 32)
 SETUP_BOOTSTRAP_TOKEN=$(openssl rand -hex 16)
-cat <<EOF >>~/bookorbit.creds
+cat <<EOF >~/bookorbit.creds
 
 Setup Token: ${SETUP_BOOTSTRAP_TOKEN}
 EOF

install/checkmk-install.sh

@@ -29,12 +29,12 @@ MKPASSWORD=$(openssl rand -base64 18 | tr -d '/+=' | cut -c1-16)
 
 echo -e "$MKPASSWORD\n$MKPASSWORD" | su - "$SITE_NAME" -c "cmk-passwd cmkadmin --stdin"
 $STD omd start "$SITE_NAME"
-{
+cat <<EOF >~/checkmk.creds
-  echo "Application-Credentials"
+Application-Credentials
-  echo "Username: cmkadmin"
+Username: cmkadmin
-  echo "Password: $MKPASSWORD"
+Password: $MKPASSWORD
-  echo "Site: $SITE_NAME"
+Site: $SITE_NAME
-} >>~/checkmk.creds
+EOF
 msg_ok "Created Service"
 
 cleanup_lxc

install/crafty-controller-install.sh

@@ -66,11 +66,11 @@ for i in $(seq 1 30); do
   sleep 2
 done
 if [[ -f "$CREDS_FILE" ]]; then
-  {
+  cat <<EOF >~/crafty-controller.creds
-    echo "Crafty-Controller-Credentials"
+Crafty-Controller-Credentials
-    echo "Username: $(grep -oP '(?<="username": ")[^"]*' "$CREDS_FILE")"
+Username: $(grep -oP '(?<="username": ")[^"]*' "$CREDS_FILE")
-    echo "Password: $(grep -oP '(?<="password": ")[^"]*' "$CREDS_FILE")"
+Password: $(grep -oP '(?<="password": ")[^"]*' "$CREDS_FILE")
-  } >>~/crafty-controller.creds
+EOF
 fi
 msg_ok "Service started"
 motd_ssh

install/dolibarr-install.sh

@@ -24,10 +24,10 @@ setup_mariadb
 msg_info "Setting up Database"
 ROOT_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD mariadb -u root -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '$ROOT_PASS'; flush privileges;"
-{
+cat <<EOF >~/dolibarr.creds
-  echo "Dolibarr DB Credentials"
+Dolibarr DB Credentials
-  echo "MariaDB Root Password: $ROOT_PASS"
+MariaDB Root Password: $ROOT_PASS
-} >>~/dolibarr.creds
+EOF
 msg_ok "Set up database"
 
 msg_info "Setup Dolibarr"

install/dotnetaspwebapi-install.sh

@@ -43,11 +43,11 @@ sed -i "s|#chroot_local_user=YES|chroot_local_user=NO|g" /etc/vsftpd.conf
 
 systemctl restart -q vsftpd.service
 
-{
+cat <<EOF >~/ftp.creds
-  echo "FTP-Credentials"
+FTP-Credentials
-  echo "Username: ftpuser"
+Username: ftpuser
-  echo "Password: $FTP_PASS"
+Password: $FTP_PASS
-} >>~/ftp.creds
+EOF
 
 msg_ok "FTP server setup completed"
 

install/duplicati-install.sh

@@ -25,10 +25,10 @@ fetch_and_deploy_gh_release "duplicati" "duplicati/duplicati" "binary" "latest"
 msg_info "Configuring duplicati"
 DECRYPTKEY=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 ADMINPASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
-{
+cat <<EOF >~/duplicati.creds
-  echo "Admin password = ${ADMINPASS}"
+Admin password = ${ADMINPASS}
-  echo "Database encryption key = ${DECRYPTKEY}"
+Database encryption key = ${DECRYPTKEY}
-} >>~/duplicati.creds
+EOF
 msg_ok "Configured duplicati"
 
 msg_info "Creating Service"

install/elementsynapse-install.sh

@@ -44,7 +44,7 @@ ADMIN_PASS="$(openssl rand -base64 18 | cut -c1-13)"
 echo "enable_registration_without_verification: true" >>/etc/matrix-synapse/homeserver.yaml
 echo "registration_shared_secret: ${SECRET}" >>/etc/matrix-synapse/homeserver.yaml
 
-cat <<EOF >>/etc/matrix-synapse/homeserver.yaml
+cat <<EOF >/etc/matrix-synapse/homeserver.yaml
 
 # MatrixRTC / Element Call configuration
 experimental_features:
@@ -63,11 +63,11 @@ rc_delayed_event_mgmt:
 EOF
 systemctl enable -q --now matrix-synapse
 $STD register_new_matrix_user -a --user admin --password "$ADMIN_PASS" --config /etc/matrix-synapse/homeserver.yaml
-{
+cat <<EOF >~/matrix.creds
-  echo "Matrix-Credentials"
+Matrix-Credentials
-  echo "Admin username: admin"
+Admin username: admin
-  echo "Admin password: $ADMIN_PASS"
+Admin password: $ADMIN_PASS
-} >>~/matrix.creds
+EOF
 systemctl stop matrix-synapse
 sed -i '34d' /etc/matrix-synapse/homeserver.yaml
 systemctl start matrix-synapse

install/erpnext-install.sh

@@ -31,11 +31,12 @@ $STD apt install -y \
   libjpeg-dev \
   libmariadb-dev \
   python3-pip \
+  pkg-config \
   cron
 msg_ok "Installed Dependencies"
 
 NODE_VERSION="24" NODE_MODULE="yarn" setup_nodejs
-UV_PYTHON="3.13" setup_uv
+UV_PYTHON="3.14" setup_uv
 setup_mariadb
 
 msg_info "Configuring MariaDB for ERPNext"
@@ -68,8 +69,9 @@ msg_info "Initializing Frappe Bench"
 ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 DB_ROOT_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 mysql -u root -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASS}'; FLUSH PRIVILEGES;"
-$STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt && bench init --frappe-branch version-15 frappe-bench'
+$STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; uv python install 3.14'
-$STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt/frappe-bench && bench get-app erpnext --branch version-15'
+$STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt && bench init --frappe-branch version-16 --python "$(uv python find 3.14)" frappe-bench'
+$STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt/frappe-bench && bench get-app erpnext --branch version-16'
 
 msg_info "Starting Redis Services for Site Setup"
 $STD sudo -u frappe bash -c 'redis-server /opt/frappe-bench/config/redis_queue.conf --daemonize yes'
@@ -86,14 +88,14 @@ ADMIN_PASSWORD=${ADMIN_PASS}
 DB_ROOT_PASSWORD=${DB_ROOT_PASS}
 SITE_NAME=site1.local
 EOF
-{
+cat <<EOF >~/erpnext.creds
-  echo "ERPNext Credentials"
+ERPNext Credentials
-  echo "=================="
+==================
-  echo "Admin Username: Administrator"
+Admin Username: Administrator
-  echo "Admin Password: ${ADMIN_PASS}"
+Admin Password: ${ADMIN_PASS}
-  echo "DB Root Password: ${DB_ROOT_PASS}"
+DB Root Password: ${DB_ROOT_PASS}
-  echo "Site Name: site1.local"
+Site Name: site1.local
-} >~/erpnext.creds
+EOF
 $STD systemctl enable --now redis-server
 msg_ok "Configured ERPNext"
 

install/fmd-server-install.sh

@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: Slaviša Arežina (tremor021)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://gitlab.com/fmd-foss/fmd-server
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+fetch_and_deploy_gl_release "fmd-server" "fmd-foss/fmd-server" "prebuild" "latest" "/opt/fmd-server" "fmd-server-*.zip"
+create_self_signed_cert
+
+msg_info "Configuring fmd-server"
+cd /opt/fmd-server
+chmod +x fmd-server-*
+cp config.example.yml config.yml
+edit_yaml_config config.yml "WebDir" '"/opt/fmd-server/web/dist/"'
+edit_yaml_config config.yml "DatabaseDir" '"/opt/fmd-server/db/"'
+edit_yaml_config config.yml "ServerCrt" '"/etc/ssl/fmd-server/fmd-server.crt"'
+edit_yaml_config config.yml "ServerKey" '"/etc/ssl/fmd-server/fmd-server.key"'
+msg_ok "Configured fmd-server"
+
+msg_info "Creating services"
+cat <<EOF >/etc/systemd/system/fmd-server.service
+[Unit]
+Description=fmd-server Service
+After=network.target
+
+[Service]
+WorkingDirectory=/opt/fmd-server
+ExecStart=/opt/fmd-server/fmd-server-$(arch_resolve) serve
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now fmd-server
+msg_ok "Created services"
+
+motd_ssh
+customize
+cleanup_lxc

install/frigate-install.sh

@@ -290,7 +290,7 @@ detect:
 EOF
 
 if grep -q -o -m1 -E 'avx[^ ]*|sse4_2' /proc/cpuinfo && [[ -f /openvino-model/ssdlite_mobilenet_v2.xml ]] && [[ -f /openvino-model/coco_91cl_bkgr.txt ]]; then
-  cat <<EOF >>/config/config.yml
+  cat <<EOF >/config/config.yml
 ffmpeg:
   hwaccel_args: auto
 detectors:
@@ -306,7 +306,7 @@ model:
   labelmap_path: /openvino-model/coco_91cl_bkgr.txt
 EOF
 else
-  cat <<EOF >>/config/config.yml
+  cat <<EOF >/config/config.yml
 ffmpeg:
   hwaccel_args: auto
 model:

install/garage-install.sh

@@ -22,12 +22,12 @@ mkdir -p /etc/garage
 RPC_SECRET=$(openssl rand -hex 32)
 ADMIN_TOKEN=$(openssl rand -base64 32)
 METRICS_TOKEN=$(openssl rand -base64 32)
-{
+cat <<EOF >~/garage.creds
-    echo "Garage Tokens and Secrets"
+Garage Tokens and Secrets
-    echo "RPC Secret: $RPC_SECRET"
+RPC Secret: $RPC_SECRET
-    echo "Admin Token: $ADMIN_TOKEN"
+Admin Token: $ADMIN_TOKEN
-    echo "Metrics Token: $METRICS_TOKEN"
+Metrics Token: $METRICS_TOKEN
-} >>~/garage.creds
+EOF
 echo $GITEA_RELEASE >>~/.garage
 cat <<EOF >/etc/garage.toml
 metadata_dir = "/var/lib/garage/meta"

install/ghostfolio-install.sh

@@ -29,12 +29,12 @@ PG_DB_NAME="ghostfolio" PG_DB_USER="ghostfolio" PG_DB_SCHEMA_PERMS="true" setup_
 REDIS_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 ACCESS_TOKEN_SALT=$(openssl rand -base64 32)
 JWT_SECRET_KEY=$(openssl rand -base64 32)
-{
+cat <<EOF >~/ghostfolio.creds
-  echo "Ghostfolio Credentials"
+Ghostfolio Credentials
-  echo "Redis Password: $REDIS_PASS"
+Redis Password: $REDIS_PASS
-  echo "Access Token Salt: $ACCESS_TOKEN_SALT"
+Access Token Salt: $ACCESS_TOKEN_SALT
-  echo "JWT Secret Key: $JWT_SECRET_KEY"
+JWT Secret Key: $JWT_SECRET_KEY
-} >>~/ghostfolio.creds
+EOF
 msg_ok "Set up Database"
 
 fetch_and_deploy_gh_release "ghostfolio" "ghostfolio/ghostfolio" "tarball" "latest" "/opt/ghostfolio"

install/glpi-install.sh

@@ -33,12 +33,12 @@ $STD mariadb -u root -e "CREATE DATABASE $DB_NAME;"
 $STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
 $STD mariadb -u root -e "GRANT ALL PRIVILEGES ON $DB_NAME.* TO '$DB_USER'@'localhost';"
 $STD mariadb -u root -e "GRANT SELECT ON \`mysql\`.\`time_zone_name\` TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-{
+cat <<EOF >~/glpi_db.creds
-  echo "GLPI Database Credentials"
+GLPI Database Credentials
-  echo "Database: $DB_NAME"
+Database: $DB_NAME
-  echo "Username: $DB_USER"
+Username: $DB_USER
-  echo "Password: $DB_PASS"
+Password: $DB_PASS
-} >>~/glpi_db.creds
+EOF
 msg_ok "Set up database"
 
 msg_info "Installing GLPi"

install/graylog-install.sh

@@ -28,11 +28,11 @@ msg_ok "Setup Graylog Data Node"
 msg_info "Setup ${APPLICATION}"
 $STD apt-get install graylog-server
 ROOT_PASSWORD=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c16)
-{
+cat <<EOF >~/graylog.creds
-  echo "${APPLICATION} Credentials"
+${APPLICATION} Credentials
-  echo "Admin User: admin"
+Admin User: admin
-  echo "Admin Password: ${ROOT_PASSWORD}"
+Admin Password: ${ROOT_PASSWORD}
-} >>~/graylog.creds
+EOF
 ROOT_PASSWORD=$(echo -n $ROOT_PASSWORD | shasum -a 256 | awk '{print $1}')
 sed -i "s/password_secret =/password_secret = $PASSWORD_SECRET/g" /etc/graylog/server/server.conf
 sed -i "s/root_password_sha2 =/root_password_sha2 = $ROOT_PASSWORD/g" /etc/graylog/server/server.conf

install/healthchecks-install.sh

@@ -14,14 +14,14 @@ update_os
 
 msg_info "Installing Dependencies"
 $STD apt install -y \
-  gcc \
+    gcc \
-  python3 \
+    python3 \
-  python3-dev \
+    python3-dev \
-  python3-venv \
+    python3-venv \
-  libpq-dev \
+    libpq-dev \
-  libcurl4-openssl-dev \
+    libcurl4-openssl-dev \
-  libssl-dev \
+    libssl-dev \
-  caddy
+    caddy
 
 mkdir -p ~/.config/pip
 cat >~/.config/pip/pip.conf <<EOF
@@ -37,10 +37,10 @@ msg_info "Setup Keys (Admin / Secret)"
 SECRET_KEY="$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | cut -c1-32)"
 ADMIN_EMAIL="admin@community-scripts.org"
 ADMIN_PASSWORD="$PG_DB_PASS"
-{
+cat <<EOF >~/healthchecks.creds
-  echo "healthchecks Admin Email: $ADMIN_EMAIL"
+healthchecks Admin Email: $ADMIN_EMAIL
-  echo "healthchecks Admin Password: $ADMIN_PASSWORD"
+healthchecks Admin Password: $ADMIN_PASSWORD
-} >>~/healthchecks.creds
+EOF
 msg_ok "Set up Keys"
 
 fetch_and_deploy_gh_release "healthchecks" "healthchecks/healthchecks" "tarball"

install/hortusfox-install.sh

@@ -46,12 +46,12 @@ ADMIN_EMAIL="admin@example.com"
 ADMIN_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)"
 ADMIN_HASH=$(php -r "echo password_hash('$ADMIN_PASS', PASSWORD_BCRYPT);")
 $STD mariadb -u root -D $MARIADB_DB_NAME -e "INSERT IGNORE INTO UserModel (name, email, password, admin) VALUES ('Admin', '$ADMIN_EMAIL', '$ADMIN_HASH', 1);"
-{
+cat <<EOF >~/hortusfox.creds
-  echo ""
+
-  echo "HortusFox-Admin-Creds:"
+HortusFox-Admin-Creds:
-  echo "E-Mail: $ADMIN_EMAIL"
+E-Mail: $ADMIN_EMAIL
-  echo "Passwort: $ADMIN_PASS"
+Passwort: $ADMIN_PASS
-} >>~/hortusfox.creds
+EOF
 $STD mariadb -u root -D $MARIADB_DB_NAME -e "INSERT IGNORE INTO LocationsModel (name, active, created_at) VALUES ('Home', 1, NOW());"
 msg_ok "Set up HortusFox"
 

install/immich-install.sh

@@ -293,13 +293,13 @@ ldconfig /usr/local/lib
 cd "$STAGING_DIR"
 rm -rf "$SOURCE"/build
 msg_ok "(5/5) Compiled libvips"
-{
+cat <<EOF >~/.immich_library_revisions
-  echo "imagemagick: $IMAGEMAGICK_REVISION"
+imagemagick: $IMAGEMAGICK_REVISION
-  echo "libheif: $LIBHEIF_REVISION"
+libheif: $LIBHEIF_REVISION
-  echo "libjxl: $LIBJXL_REVISION"
+libjxl: $LIBJXL_REVISION
-  echo "libraw: $LIBRAW_REVISION"
+libraw: $LIBRAW_REVISION
-  echo "libvips: $LIBVIPS_REVISION"
+libvips: $LIBVIPS_REVISION
-} >~/.immich_library_revisions
+EOF
 msg_ok "Custom Photo-processing Libraries Compiled Successfully"
 
 INSTALL_DIR="/opt/${APPLICATION}"

install/ironclaw-install.sh

@@ -30,10 +30,10 @@ chmod +x /usr/local/bin/ironclaw
 msg_info "Configuring Environment"
 GATEWAY_TOKEN=$(openssl rand -hex 32)
 mkdir -p /root/.ironclaw
-{
+cat <<EOF >/root/.ironclaw/gateway.creds
-    echo "Gateway-Token"
+Gateway-Token
-    echo "Token: $GATEWAY_TOKEN"
+Token: $GATEWAY_TOKEN
-} >> /root/.ironclaw/gateway.creds
+EOF
 
 mkdir -p /root/.ironclaw
 cat <<EOF >/root/.ironclaw/.env

install/kimai-install.sh

@@ -33,12 +33,12 @@ MYSQL_VERSION=$(mariadb --version | grep -oE '[0-9]+\.[0-9]+\.[0-9]+')
 $STD mariadb -e "CREATE DATABASE $DB_NAME;"
 $STD mariadb -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
 $STD mariadb -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-{
+cat <<EOF >~/kimai.creds
-  echo "Kimai-Credentials"
+Kimai-Credentials
-  echo "Kimai Database User: $DB_USER"
+Kimai Database User: $DB_USER
-  echo "Kimai Database Password: $DB_PASS"
+Kimai Database Password: $DB_PASS
-  echo "Kimai Database Name: $DB_NAME"
+Kimai Database Name: $DB_NAME
-} >>~/kimai.creds
+EOF
 msg_ok "Set up database"
 
 fetch_and_deploy_gh_release "kimai" "kimai/kimai" "tarball"

install/librenms-install.sh

@@ -116,11 +116,11 @@ cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf
 
 APP_PASSWORD=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 APP_USER="admin"
-{
+cat <<EOF >~/librenms.creds
-  echo "LibreNMS Credentials"
+LibreNMS Credentials
-  echo "Username: ${APP_USER}"
+Username: ${APP_USER}
-  echo "Password: ${APP_PASSWORD}"
+Password: ${APP_PASSWORD}
-} >>~/librenms.creds
+EOF
 
 $STD su - librenms -s /bin/bash -c "cd /opt/librenms && COMPOSER_ALLOW_SUPERUSER=1 composer install --no-dev"
 $STD su - librenms -s /bin/bash -c "cd /opt/librenms && php8.4 artisan migrate --force"

install/limesurvey-install.sh

@@ -23,12 +23,12 @@ DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD mariadb -u root -e "CREATE DATABASE $DB_NAME CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
 $STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
 $STD mariadb -u root -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-{
+cat <<EOF >~/limesurvey.creds
-  echo "LimeSurvey-Credentials"
+LimeSurvey-Credentials
-  echo "LimeSurvey Database User: $DB_USER"
+LimeSurvey Database User: $DB_USER
-  echo "LimeSurvey Database Password: $DB_PASS"
+LimeSurvey Database Password: $DB_PASS
-  echo "LimeSurvey Database Name: $DB_NAME"
+LimeSurvey Database Name: $DB_NAME
-} >>~/limesurvey.creds
+EOF
 msg_ok "Configured MariaDB Database"
 
 msg_info "Setting up LimeSurvey"

install/listmonk-install.sh

@@ -21,12 +21,12 @@ DB_USER=listmonk
 DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)
 $STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';"
 $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER TEMPLATE template0;"
-{
+cat <<EOF >~/listmonk.creds
-  echo "listmonk-Credentials"
+listmonk-Credentials
-  echo -e "listmonk Database User: \e[32m$DB_USER\e[0m"
+listmonk Database User: $DB_USER
-  echo -e "listmonk Database Password: \e[32m$DB_PASS\e[0m"
+listmonk Database Password: $DB_PASS
-  echo -e "listmonk Database Name: \e[32m$DB_NAME\e[0m"
+listmonk Database Name: $DB_NAME
-} >>~/listmonk.creds
+EOF
 msg_ok "Configured PostgreSQL"
 
 fetch_and_deploy_gh_release "listmonk" "knadh/listmonk" "prebuild" "latest" "/opt/listmonk" "listmonk*linux_$(arch_resolve).tar.gz"

install/livebook-install.sh

@@ -67,10 +67,10 @@ export ERLANG_BIN="/opt/livebook/.elixir-install/installs/otp/\${ERLANG_VERSION}
 export ELIXIR_BIN="/opt/livebook/.elixir-install/installs/elixir/\${ELIXIR_VERSION}/bin"
 export PATH="\$ESCRIPTS_BIN:\$ERLANG_BIN:\$ELIXIR_BIN:\$PATH"
 EOF
-{
+cat <<EOF >~/livebook.creds
-  echo "Livebook-Credentials"
+Livebook-Credentials
-  echo "Livebook Password: $LIVEBOOK_PASSWORD"
+Livebook Password: $LIVEBOOK_PASSWORD
-} >>~/livebook.creds
+EOF
 msg_ok "Installed Erlang $ERLANG_VERSION and Elixir $ELIXIR_VERSION"
 
 msg_info "Installing Livebook"

install/managemydamnlife-install.sh

@@ -27,12 +27,12 @@ DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD mariadb -u root -e "CREATE DATABASE $DB_NAME;"
 $STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED by '$DB_PASS';"
 $STD mariadb -u root -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-{
+cat <<EOF >~/mmdl.creds
-  echo "Manage My Damn Life Credentials"
+Manage My Damn Life Credentials
-  echo "Database User: $DB_USER"
+Database User: $DB_USER
-  echo "Database Password: $DB_PASS"
+Database Password: $DB_PASS
-  echo "Database Name: $DB_NAME"
+Database Name: $DB_NAME
-} >>~/mmdl.creds
+EOF
 msg_ok "Set up Database"
 
 fetch_and_deploy_gh_release "mmdl" "intri-in/manage-my-damn-life-nextjs" "tarball"

install/mattermost-install.sh

@@ -35,12 +35,12 @@ $STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';"
 $STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME to $DB_USER;"
 $STD sudo -u postgres psql -c "ALTER DATABASE $DB_NAME OWNER TO $DB_USER;"
 $STD sudo -u postgres psql -c "GRANT USAGE, CREATE ON SCHEMA PUBLIC TO $DB_USER;"
-{
+cat <<EOF >~/mattermost.creds
-  echo "Mattermost Credentials"
+Mattermost Credentials
-  echo "Database User: $DB_USER"
+Database User: $DB_USER
-  echo "Database Password: $DB_PASS"
+Database Password: $DB_PASS
-  echo "Database Name: $DB_NAME"
+Database Name: $DB_NAME
-} >>~/mattermost.creds
+EOF
 msg_ok "Set up PostgreSQL"
 
 msg_info "Installing Mattermost"

install/mediamanager-install.sh

@@ -30,12 +30,12 @@ DB_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)"
 $STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';"
 $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER TEMPLATE template0;"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
-{
+cat <<EOF >~/mediamanager.creds
-  echo "MediaManager Credentials"
+MediaManager Credentials
-  echo "MediaManager Database User: $DB_USER"
+MediaManager Database User: $DB_USER
-  echo "MediaManager Database Password: $DB_PASS"
+MediaManager Database Password: $DB_PASS
-  echo "MediaManager Database Name: $DB_NAME"
+MediaManager Database Name: $DB_NAME
-} >>~/mediamanager.creds
+EOF
 msg_ok "Set up PostgreSQL"
 
 fetch_and_deploy_gh_release "MediaManager" "maxdorninger/MediaManager" "tarball" "latest" "/opt/mediamanager"

install/miniflux-install.sh

@@ -28,10 +28,10 @@ ADMIN_USERNAME=$ADMIN_NAME
 ADMIN_PASSWORD=$ADMIN_PASS
 LISTEN_ADDR=0.0.0.0:8080
 EOF
-{
+cat <<EOF >~/miniflux.creds
-  echo "ADMIN_USERNAME: $ADMIN_NAME"
+ADMIN_USERNAME: $ADMIN_NAME
-  echo "ADMIN_PASSWORD: $ADMIN_PASS"
+ADMIN_PASSWORD: $ADMIN_PASS
-} >>~/miniflux.creds
+EOF
 $STD miniflux -migrate -config-file /etc/miniflux.conf
 systemctl enable -q --now miniflux
 msg_ok "Configured Miniflux"

install/netbox-install.sh

@@ -85,12 +85,12 @@ user.is_superuser = True
 user.is_staff = True
 user.save()
 EOF
-{
+cat <<EOF >~/netbox.creds
-  echo ""
+
-  echo "Netbox-Django-Credentials"
+Netbox-Django-Credentials
-  echo -e "Django User: \e[32m$DJANGO_USER\e[0m"
+Django User: $DJANGO_USER
-  echo -e "Django Password: \e[32m$DJANGO_PASS\e[0m"
+Django Password: $DJANGO_PASS
-} >>~/netbox.creds
+EOF
 msg_ok "Setup Django Admin"
 
 motd_ssh

install/nightscout-install.sh

@@ -59,10 +59,10 @@ EOF
 systemctl enable -q --now nightscout
 msg_ok "Created Service"
 
-{
+cat <<EOF >~/nightscout.creds
-  echo "Nightscout Credentials"
+Nightscout Credentials
-  echo "API_SECRET: ${API_SECRET}"
+API_SECRET: ${API_SECRET}
-} >> ~/nightscout.creds
+EOF
 
 motd_ssh
 customize

install/nodebb-install.sh

@@ -15,10 +15,10 @@ update_os
 
 msg_info "Installing Dependencies (Patience)"
 $STD apt install -y \
-  build-essential \
+    build-essential \
-  redis-server \
+    redis-server \
-  expect \
+    expect \
-  ca-certificates
+    ca-certificates
 msg_ok "Installed Dependencies"
 
 setup_mongodb
@@ -31,14 +31,14 @@ NODEBB_USER="nodebb"
 NODEBB_PWD="$(openssl rand -base64 18 | cut -c1-13)"
 MONGO_CONNECTION_STRING="mongodb://${NODEBB_USER}:${NODEBB_PWD}@localhost:27017/nodebb"
 NODEBB_SECRET=$(uuidgen)
-{
+cat <<EOF >~/nodebb.creds
-  echo "NodeBB-Credentials"
+NodeBB-Credentials
-  echo "Mongo Database User: $MONGO_ADMIN_USER"
+Mongo Database User: $MONGO_ADMIN_USER
-  echo "Mongo Database Password: $MONGO_ADMIN_PWD"
+Mongo Database Password: $MONGO_ADMIN_PWD
-  echo "NodeBB User: $NODEBB_USER"
+NodeBB User: $NODEBB_USER
-  echo "NodeBB Password: $NODEBB_PWD"
+NodeBB Password: $NODEBB_PWD
-  echo "NodeBB Secret: $NODEBB_SECRET"
+NodeBB Secret: $NODEBB_SECRET
-} >>~/nodebb.creds
+EOF
 
 $STD mongosh <<EOF
 use admin

install/odoo-install.sh

@@ -42,12 +42,12 @@ $STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';"
 $STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;"
 $STD sudo -u postgres psql -c "ALTER DATABASE $DB_NAME OWNER TO $DB_USER;"
 $STD sudo -u postgres psql -c "ALTER USER $DB_USER WITH SUPERUSER;"
-{
+cat <<EOF >~/odoo.creds
-  echo "Odoo-Credentials"
+Odoo-Credentials
-  echo -e "Odoo Database User: $DB_USER"
+Odoo Database User: $DB_USER
-  echo -e "Odoo Database Password: $DB_PASS"
+Odoo Database Password: $DB_PASS
-  echo -e "Odoo Database Name: $DB_NAME"
+Odoo Database Name: $DB_NAME
-} >>~/odoo.creds
+EOF
 msg_ok "Setup PostgreSQL"
 
 msg_info "Configuring Odoo"

install/onlyoffice-install.sh

@@ -30,12 +30,12 @@ $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCO
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET default_transaction_isolation TO 'read committed';"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET timezone TO 'UTC'"
-{
+cat <<EOF >~/onlyoffice.creds
-  echo "ONLYOFFICE-Credentials"
+ONLYOFFICE-Credentials
-  echo "ONLYOFFICE Database User: $DB_USER"
+ONLYOFFICE Database User: $DB_USER
-  echo "ONLYOFFICE Database Password: $DB_PASS"
+ONLYOFFICE Database Password: $DB_PASS
-  echo "ONLYOFFICE Database Name: $DB_NAME"
+ONLYOFFICE Database Name: $DB_NAME
-} >>~/onlyoffice.creds
+EOF
 msg_ok "Set up Database"
 
 msg_info "Adding ONLYOFFICE GPG Key"
@@ -81,16 +81,13 @@ echo onlyoffice-documentserver onlyoffice/rabbitmq-pwd password $RMQ_PASS | debc
 echo onlyoffice-documentserver onlyoffice/jwt-enabled boolean true | debconf-set-selections
 echo onlyoffice-documentserver onlyoffice/jwt-secret password $JWT_SECRET | debconf-set-selections
 
-echo "RabbitMQ User: $RMQ_USER" >>~/onlyoffice.creds
+cat <<EOF >~/onlyoffice.creds
-echo "RabbitMQ Password: $RMQ_PASS" >>~/onlyoffice.creds
+
-echo "JWT Secret: $JWT_SECRET" >>~/onlyoffice.creds
+ONLYOFFICE RabbitMQ Credentials
-{
+User: $RMQ_USER
-  echo ""
+Password: $RMQ_PASS
-  echo "ONLYOFFICE RabbitMQ Credentials"
+Secret: $JWT_SECRET
-  echo "User: $RMQ_USER"
+EOF
-  echo "Password: $RMQ_PASS"
-  echo "Secret: $JWT_SECRET"
-} >>~/onlyoffice.creds
 msg_ok "Debconf Preconfiguration Done"
 
 msg_info "Installing ttf-mscorefonts-installer"

install/paperclip-install.sh

@@ -112,7 +112,7 @@ if grep -q 'authenticated' $PAPERCLIP_CONFIG; then
   PAPERCLIP_INVITE_URL=$(awk -F'Invite URL: ' '/Invite URL:/ {print $2; exit}' "$PAPERCLIP_BOOTSTRAP_LOG")
   PAPERCLIP_INVITE_EXPIRY=$(awk -F'Expires: ' '/Expires:/ {print $2; exit}' "$PAPERCLIP_BOOTSTRAP_LOG")
   if [[ -n "$PAPERCLIP_INVITE_URL" ]]; then
-    cat <<EOF >>~/paperclip.creds
+    cat <<EOF >~/paperclip.creds
 
 Paperclip Admin Invite
 Invite URL: ${PAPERCLIP_INVITE_URL}

install/paperless-ngx-install.sh

@@ -56,12 +56,12 @@ curl -fsSL "https://raw.githubusercontent.com/paperless-ngx/paperless-ngx/main/p
 mkdir -p /opt/paperless_data/{consume,data,media,trash}
 mkdir -p /opt/paperless/static
 SECRET_KEY="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32)"
-{
+cat <<EOF >~/paperless-ngx.creds
-  echo ""
+
-  echo "Paperless-ngx Secret Key: $SECRET_KEY"
+Paperless-ngx Secret Key: $SECRET_KEY
-  echo "Paperless-ngx WebUI User: admin"
+Paperless-ngx WebUI User: admin
-  echo "Paperless-ngx WebUI Password: $PG_DB_PASS"
+Paperless-ngx WebUI Password: $PG_DB_PASS
-} >>~/paperless-ngx.creds
+EOF
 sed -i \
   -e 's|#PAPERLESS_REDIS=redis://localhost:6379|PAPERLESS_REDIS=redis://localhost:6379|' \
   -e "s|#PAPERLESS_CONSUMPTION_DIR=../consume|PAPERLESS_CONSUMPTION_DIR=/opt/paperless_data/consume|" \

install/part-db-install.sh

@@ -30,11 +30,11 @@ $STD php bin/console cache:clear
 php bin/console doctrine:migrations:migrate -n >~/database-migration-output
 chown -R www-data:www-data /opt/partdb
 ADMIN_PASS=$(grep -oP 'The initial password for the "admin" user is: \K\w+' ~/database-migration-output)
-{
+cat <<EOF >~/partdb.creds
-  echo ""
+
-  echo "Part-DB Admin User: admin"
+Part-DB Admin User: admin
-  echo "Part-DB Admin Password: $ADMIN_PASS"
+Part-DB Admin Password: $ADMIN_PASS
-} >>~/partdb.creds
+EOF
 rm -rf ~/database-migration-output
 msg_ok "Installed Part-DB"
 

install/paymenter-install.sh

@@ -15,10 +15,10 @@ update_os
 
 msg_info "Installing Dependencies"
 $STD apt install -y \
-  git \
+    git \
-  nginx \
+    nginx \
-  redis-server \
+    redis-server \
-  cron
+    cron
 msg_ok "Installed Dependencies"
 
 setup_mariadb
@@ -35,12 +35,12 @@ mariadb-tzinfo-to-sql /usr/share/zoneinfo | mariadb mysql
 $STD mariadb -u root -e "CREATE DATABASE $DB_NAME;"
 $STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
 $STD mariadb -u root -e "GRANT ALL PRIVILEGES ON $DB_NAME.* TO '$DB_USER'@'localhost' WITH GRANT OPTION;"
-{
+cat <<EOF >~/paymenter_db.creds
-  echo "Paymenter Database Credentials"
+Paymenter Database Credentials
-  echo "Database: $DB_NAME"
+Database: $DB_NAME
-  echo "Username: $DB_USER"
+Username: $DB_USER
-  echo "Password: $DB_PASS"
+Password: $DB_PASS
-} >>~/paymenter_db.creds
+EOF
 cd /opt/paymenter
 cp .env.example .env
 $STD composer install --no-dev --optimize-autoloader --no-interaction

install/pihole-install.sh

@@ -119,7 +119,7 @@ edns-packet-max=1232
 EOF
 
   if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
-    cat <<EOF >>/etc/unbound/unbound.conf.d/pi-hole.conf
+    cat <<EOF >/etc/unbound/unbound.conf.d/pi-hole.conf
   tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
 forward-zone:
   name: "."

install/plane-install.sh

@@ -15,21 +15,21 @@ update_os
 
 msg_info "Installing Dependencies"
 $STD apt install -y \
-  nginx \
+    nginx \
-  build-essential \
+    build-essential \
-  libpq-dev \
+    libpq-dev \
-  libxml2-dev \
+    libxml2-dev \
-  libxslt1-dev \
+    libxslt1-dev \
-  libxmlsec1-dev \
+    libxmlsec1-dev \
-  libxmlsec1-openssl \
+    libxmlsec1-openssl \
-  pkg-config \
+    pkg-config \
-  python3-dev \
+    python3-dev \
-  python3-venv \
+    python3-venv \
-  redis-server \
+    redis-server \
-  erlang-base \
+    erlang-base \
-  erlang-{asn1,crypto,eldap,ftp,inets,mnesia,os-mon,parsetools} \
+    erlang-{asn1,crypto,eldap,ftp,inets,mnesia,os-mon,parsetools} \
-  erlang-{public-key,runtime-tools,snmp,ssl,syntax-tools,tftp,tools,xmerl} \
+    erlang-{public-key,runtime-tools,snmp,ssl,syntax-tools,tftp,tools,xmerl} \
-  rabbitmq-server
+    rabbitmq-server
 msg_ok "Installed Dependencies"
 
 NODE_VERSION="24" NODE_MODULE="corepack" setup_nodejs
@@ -86,7 +86,7 @@ VITE_LIVE_BASE_URL=http://${LOCAL_IP}
 VITE_LIVE_BASE_PATH=/live"
 # Each Vite app needs its own .env for the build
 for app in web admin space; do
-  echo "$FRONTEND_ENV" >/opt/plane/apps/${app}/.env
+    echo "$FRONTEND_ENV" >/opt/plane/apps/${app}/.env
 done
 export NODE_OPTIONS="--max-old-space-size=4096"
 export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
@@ -271,14 +271,14 @@ WantedBy=multi-user.target
 EOF
 systemctl daemon-reload
 systemctl enable -q --now plane-api plane-worker plane-beat plane-live plane-space
-{
+cat <<EOF >~/plane.creds
-  echo "RabbitMQ User: plane"
+RabbitMQ User: plane
-  echo "RabbitMQ Password: ${RABBITMQ_PASS}"
+RabbitMQ Password: ${RABBITMQ_PASS}
-  echo "MinIO Access Key: ${MINIO_ACCESS_KEY}"
+MinIO Access Key: ${MINIO_ACCESS_KEY}
-  echo "MinIO Secret Key: ${MINIO_SECRET_KEY}"
+MinIO Secret Key: ${MINIO_SECRET_KEY}
-  echo "Secret Key: ${SECRET_KEY}"
+Secret Key: ${SECRET_KEY}
-  echo "Config: /opt/plane/apps/api/.env"
+Config: /opt/plane/apps/api/.env
-} >>~/plane.creds
+EOF
 msg_ok "Created Services and MinIO Bucket"
 
 msg_info "Configuring Nginx"

install/planka-install.sh

@@ -32,12 +32,12 @@ $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCO
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET default_transaction_isolation TO 'read committed';"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET timezone TO 'UTC'"
-{
+cat <<EOF >~/planka.creds
-  echo "PLANKA DB Credentials"
+PLANKA DB Credentials
-  echo "PLANKA Database User: $DB_USER"
+PLANKA Database User: $DB_USER
-  echo "PLANKA Database Password: $DB_PASS"
+PLANKA Database Password: $DB_PASS
-  echo "PLANKA Database Name: $DB_NAME"
+PLANKA Database Name: $DB_NAME
-} >>~/planka.creds
+EOF
 msg_ok "Set up PostgreSQL Database"
 
 fetch_and_deploy_gh_release "planka" "plankanban/planka" "prebuild" "latest" "/opt/planka" "planka-prebuild.zip"
@@ -67,14 +67,14 @@ echo "DEFAULT_ADMIN_NAME=$ADMIN_NAME" >>.env
 echo "DEFAULT_ADMIN_USERNAME=$ADMIN_USERNAME" >>.env
 $STD npm run db:seed
 sed -i '/# Temporary admin user creation settings/,$d' .env
-{
+cat <<EOF >~/planka.creds
-  echo ""
+
-  echo "PLANKA Admin Credentials"
+PLANKA Admin Credentials
-  echo "Admin Email: $ADMIN_EMAIL"
+Admin Email: $ADMIN_EMAIL
-  echo "Admin Password: $ADMIN_PASSWORD"
+Admin Password: $ADMIN_PASSWORD
-  echo "Admin Name: $ADMIN_NAME"
+Admin Name: $ADMIN_NAME
-  echo "Admin Username: $ADMIN_USERNAME"
+Admin Username: $ADMIN_USERNAME
-} >>~/planka.creds
+EOF
 msg_ok "Created Admin User"
 
 msg_info "Creating Service"

install/pterodactyl-panel-install.sh

@@ -52,12 +52,12 @@ DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD mariadb -u root -e "CREATE DATABASE $DB_NAME;"
 $STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
 $STD mariadb -u root -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-{
+cat <<EOF >~/pterodactyl-panel.creds
-  echo "pterodactyl Panel-Credentials"
+pterodactyl Panel-Credentials
-  echo "pterodactyl Panel Database User: $DB_USER"
+pterodactyl Panel Database User: $DB_USER
-  echo "pterodactyl Panel Database Password: $DB_PASS"
+pterodactyl Panel Database Password: $DB_PASS
-  echo "pterodactyl Panel Database Name: $DB_NAME"
+pterodactyl Panel Database Name: $DB_NAME
-} >>~/pterodactyl-panel.creds
+EOF
 msg_ok "Set up MariaDB"
 
 read -p "${TAB3}Provide an email address for admin login, this should be a valid email address: " ADMIN_EMAIL
@@ -82,12 +82,12 @@ echo "* * * * * php /opt/pterodactyl-panel/artisan schedule:run >> /dev/null 2>&
 chown -R www-data:www-data /opt/pterodactyl-panel/*
 chmod -R 755 /opt/pterodactyl-panel/storage/* /opt/pterodactyl-panel/bootstrap/cache/
 ln -s /opt/pterodactyl-panel /var/www/pterodactyl
-{
+cat <<EOF >~/pterodactyl-panel.creds
-  echo ""
+
-  echo "pterodactyl Admin Username: admin"
+pterodactyl Admin Username: admin
-  echo "pterodactyl Admin Email: $ADMIN_EMAIL"
+pterodactyl Admin Email: $ADMIN_EMAIL
-  echo "pterodactyl Admin Password: $ADMIN_PASS"
+pterodactyl Admin Password: $ADMIN_PASS
-} >>~/pterodactyl-panel.creds
+EOF
 rm -rf "/opt/pterodactyl-panel/panel.tar.gz"
 rm -rf "/tmp/debsuryorg-archive-keyring.deb"
 echo "${RELEASE}" >/opt/"${APPLICATION}"_version.txt

install/radicale-install.sh

@@ -24,11 +24,11 @@ msg_info "Setting up Radicale"
 cd /opt/radicale
 RNDPASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD htpasswd -c -b -5 /opt/radicale/users admin "$RNDPASS"
-{
+cat <<EOF >~/radicale.creds
-  echo "Radicale Credentials"
+Radicale Credentials
-  echo "Admin User: admin"
+Admin User: admin
-  echo "Admin Password: $RNDPASS"
+Admin Password: $RNDPASS
-} >>~/radicale.creds
+EOF
 
 mkdir -p /etc/radicale
 cat <<EOF >/etc/radicale/config

install/rclone-install.sh

@@ -23,11 +23,11 @@ msg_info "Installing rclone"
 cd /opt/rclone
 RCLONE_PASSWORD=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD htpasswd -cb -B /opt/login.pwd admin "$RCLONE_PASSWORD"
-{
+cat <<EOF >~/rclone.creds
-  echo "rclone-Credentials"
+rclone-Credentials
-  echo "rclone User Name: admin"
+rclone User Name: admin
-  echo "rclone Password: $RCLONE_PASSWORD"
+rclone Password: $RCLONE_PASSWORD
-} >>~/rclone.creds
+EOF
 msg_ok "Installed rclone"
 
 msg_info "Creating Service"

install/splunk-enterprise-install.sh

@@ -27,18 +27,18 @@ while true; do
     echo -e "${TAB3}Do you accept the Splunk General Terms? (y/N): \c"
     read -r response
     case $response in
-        [Yy]|[Yy][Ee][Ss])
+    [Yy] | [Yy][Ee][Ss])
-            msg_ok "Terms accepted. Proceeding with installation..."
+        msg_ok "Terms accepted. Proceeding with installation..."
-            break
+        break
-            ;;
+        ;;
-        [Nn]|[Nn][Oo]|"")
+    [Nn] | [Nn][Oo] | "")
-            msg_error "Terms not accepted. Installation cannot proceed."
+        msg_error "Terms not accepted. Installation cannot proceed."
-            msg_error "Please review the terms and run the script again if you wish to proceed."
+        msg_error "Please review the terms and run the script again if you wish to proceed."
-            exit 254
+        exit 254
-            ;;
+        ;;
-        *)
+    *)
-            msg_error "Invalid response. Please enter 'y' for yes or 'n' for no."
+        msg_error "Invalid response. Please enter 'y' for yes or 'n' for no."
-            ;;
+        ;;
     esac
 done
 
@@ -59,13 +59,13 @@ msg_ok "Setup Splunk Enterprise v${RELEASE}"
 msg_info "Creating Splunk admin user"
 ADMIN_USER="admin"
 ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
-{
+cat <<EOF >~/splunk.creds
-    echo "Splunk-Credentials"
+Splunk-Credentials
-    echo "Username: $ADMIN_USER"
+Username: $ADMIN_USER
-    echo "Password: $ADMIN_PASS"
+Password: $ADMIN_PASS
-} >> ~/splunk.creds
+EOF
 
-cat << EOF > "/opt/splunk/etc/system/local/user-seed.conf"
+cat <<EOF >"/opt/splunk/etc/system/local/user-seed.conf"
 [user_info]
 USERNAME = $ADMIN_USER
 PASSWORD = $ADMIN_PASS

install/stirling-pdf-install.sh

@@ -103,7 +103,7 @@ PATH=/opt/.venv/bin:/usr/lib/libreoffice/program:/usr/local/sbin:/usr/local/bin:
 EOF
 
 if [[ "$login_mode" == "true" ]]; then
-  cat <<EOF >>/opt/Stirling-PDF/.env
+  cat <<EOF >/opt/Stirling-PDF/.env
 # activate Login
 DISABLE_ADDITIONAL_FEATURES=false
 SECURITY_ENABLELOGIN=true

install/storyteller-install.sh

@@ -46,11 +46,11 @@ NODE_ENV=production
 NEXT_TELEMETRY_DISABLED=1
 EOF
 mkdir -p /opt/storyteller/data
-{
+cat <<EOF >~/storyteller.creds
-  echo "Storyteller Credentials"
+Storyteller Credentials
-  echo "======================="
+=======================
-  echo "Secret Key: ${STORYTELLER_SECRET_KEY}"
+Secret Key: ${STORYTELLER_SECRET_KEY}
-} >~/storyteller.creds
+EOF
 msg_ok "Set up Storyteller"
 
 msg_info "Building Storyteller"

install/tubearchivist-install.sh

@@ -106,13 +106,13 @@ TZ=UTC
 PYTHONUNBUFFERED=1
 YTDLP_PLUGIN_DIRS=/opt/yt_plugins
 EOF
-{
+cat <<EOF >~/tubearchivist.creds
-  echo "Tube Archivist Credentials"
+Tube Archivist Credentials
-  echo "=========================="
+==========================
-  echo "Username: admin"
+Username: admin
-  echo "Password: ${TA_PASSWORD}"
+Password: ${TA_PASSWORD}
-  echo "Elasticsearch Password: ${ES_PASSWORD}"
+Elasticsearch Password: ${ES_PASSWORD}
-} >~/tubearchivist.creds
+EOF
 systemctl enable -q --now redis-server
 msg_ok "Set up Tube Archivist"
 

install/twingate-connector-install.sh

@@ -38,13 +38,13 @@ $STD apt-get install -y twingate-connector
 msg_ok "Setup Twingate Connector"
 
 msg_info "Configure Twingate-Connector"
-{
+cat <<EOF >/etc/twingate/connector.conf
-  echo "TWINGATE_NETWORK=${network}"
+TWINGATE_NETWORK=${network}
-  echo "TWINGATE_ACCESS_TOKEN=${access_token}"
+TWINGATE_ACCESS_TOKEN=${access_token}
-  echo "TWINGATE_REFRESH_TOKEN=${refresh_token}"
+TWINGATE_REFRESH_TOKEN=${refresh_token}
-  echo "TWINGATE_LABEL_HOSTNAME=$(hostname)"
+TWINGATE_LABEL_HOSTNAME=$(hostname)
-  echo "TWINGATE_LABEL_DEPLOYED_BY=proxmox"
+TWINGATE_LABEL_DEPLOYED_BY=proxmox
-} >/etc/twingate/connector.conf
+EOF
 chmod 600 /etc/twingate/connector.conf
 msg_ok "Configured Twingate-Connector"
 

install/valkey-install.sh

@@ -19,7 +19,7 @@ $STD apt install -y valkey openssl
 sed -i 's/^bind .*/bind 0.0.0.0/' /etc/valkey/valkey.conf
 
 PASS="$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9' | head -c32)"
-echo "requirepass $PASS" >> /etc/valkey/valkey.conf
+echo "requirepass $PASS" >>/etc/valkey/valkey.conf
 echo "$PASS" >~/valkey.creds
 chmod 600 ~/valkey.creds
 
@@ -27,11 +27,11 @@ MEMTOTAL_MB=$(free -m | grep ^Mem: | awk '{print $2}')
 # reserve 25% of a node type's maxmemory value for system use
 MAXMEMORY_MB=$((MEMTOTAL_MB * 75 / 100))
 
-echo "" >> /etc/valkey/valkey.conf
+echo "" >>/etc/valkey/valkey.conf
-echo "# Memory-optimized settings for small-scale deployments" >> /etc/valkey/valkey.conf
+echo "# Memory-optimized settings for small-scale deployments" >>/etc/valkey/valkey.conf
-echo "maxmemory ${MAXMEMORY_MB}mb" >> /etc/valkey/valkey.conf
+echo "maxmemory ${MAXMEMORY_MB}mb" >>/etc/valkey/valkey.conf
-echo "maxmemory-policy allkeys-lru" >> /etc/valkey/valkey.conf
+echo "maxmemory-policy allkeys-lru" >>/etc/valkey/valkey.conf
-echo "maxmemory-samples 10" >> /etc/valkey/valkey.conf
+echo "maxmemory-samples 10" >>/etc/valkey/valkey.conf
 msg_ok "Installed Valkey"
 
 echo
@@ -47,26 +47,26 @@ if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
     chown valkey:valkey "$TLS_CERT" "$TLS_KEY"
 
     if [[ ${tls_only,,} =~ ^(y|yes)$ ]]; then
-    {
+        cat <<EOF >/etc/valkey/valkey.conf
-      echo ""
+
-      echo "# TLS configuration generated by Proxmox VE Valkey helper-script"
+# TLS configuration generated by Proxmox VE Valkey helper-script
-      echo "port 0"
+port 0
-      echo "tls-port 6379"
+tls-port 6379
-      echo "tls-cert-file $TLS_DIR/valkey.crt"
+tls-cert-file $TLS_DIR/valkey.crt
-      echo "tls-key-file $TLS_DIR/valkey.key"
+tls-key-file $TLS_DIR/valkey.key
-      echo "tls-auth-clients no"
+tls-auth-clients no
-    } >> /etc/valkey/valkey.conf
+EOF
-    msg_ok "Enabled TLS-only mode on port 6379"
+        msg_ok "Enabled TLS-only mode on port 6379"
     else
-    {
+        cat <<EOF >/etc/valkey/valkey.conf
-      echo ""
+
-      echo "# TLS configuration generated by Proxmox VE Valkey helper-script"
+# TLS configuration generated by Proxmox VE Valkey helper-script
-      echo "tls-port 6380"
+tls-port 6380
-      echo "tls-cert-file $TLS_DIR/valkey.crt"
+tls-cert-file $TLS_DIR/valkey.crt
-      echo "tls-key-file $TLS_DIR/valkey.key"
+tls-key-file $TLS_DIR/valkey.key
-      echo "tls-auth-clients no"
+tls-auth-clients no
-    } >> /etc/valkey/valkey.conf
+EOF
-    msg_ok "Enabled TLS on port 6380 and TCP on 6379"
+        msg_ok "Enabled TLS on port 6380 and TCP on 6379"
     fi
 fi
 

install/warracker-install.sh

@@ -35,14 +35,14 @@ $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_ADMIN_USER;"
 $STD sudo -u postgres psql -d "$DB_NAME" -c "GRANT USAGE ON SCHEMA public TO $DB_USER;"
 $STD sudo -u postgres psql -d "$DB_NAME" -c "GRANT CREATE ON SCHEMA public TO $DB_USER;"
 $STD sudo -u postgres psql -d "$DB_NAME" -c "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO $DB_USER;"
-{
+cat <<EOF >~/warracker.creds
-    echo "Application Credentials"
+Application Credentials
-    echo "DB_NAME: $DB_NAME"
+DB_NAME: $DB_NAME
-    echo "DB_USER: $DB_USER"
+DB_USER: $DB_USER
-    echo "DB_PASS: $DB_PASS"
+DB_PASS: $DB_PASS
-    echo "DB_ADMIN_USER: $DB_ADMIN_USER"
+DB_ADMIN_USER: $DB_ADMIN_USER
-    echo "DB_ADMIN_PASS: $DB_ADMIN_PASS"
+DB_ADMIN_PASS: $DB_ADMIN_PASS
-} >>~/warracker.creds
+EOF
 msg_ok "Setup PostgreSQL"
 
 fetch_and_deploy_gh_release "warracker" "sassanix/Warracker" "tarball" "latest" "/opt/warracker"

install/webtrees-install.sh

@@ -63,7 +63,7 @@ $STD sudo -u www-data php /opt/webtrees/index.php user Admin \
   --password="${WT_ADMIN_PASS}"
 $STD sudo -u www-data php /opt/webtrees/index.php user-setting Admin canadmin 1
 
-cat <<EOF >>~/webtrees.creds
+cat <<EOF >~/webtrees.creds
 
 Webtrees Admin User: Admin
 Webtrees Admin Password: ${WT_ADMIN_PASS}

install/yt-dlp-webui-install.sh

@@ -24,11 +24,11 @@ msg_info "Setting up YT-DLP-WEBUI"
 mkdir -p /opt/yt-dlp-webui
 mkdir /downloads
 RPC_PASSWORD=$(openssl rand -base64 16)
-{
+cat <<EOF >~/yt-dlp-webui.creds
-  echo "yt-dlp-webui-Credentials"
+yt-dlp-webui-Credentials
-  echo "Username: admin"
+Username: admin
-  echo "Password: ${RPC_PASSWORD}"
+Password: ${RPC_PASSWORD}
-} >>~/yt-dlp-webui.creds
+EOF
 
 cat <<EOF >/opt/yt-dlp-webui/config.conf
 # Host where server will listen at (default: "0.0.0.0")

install/zammad-install.sh

@@ -30,7 +30,7 @@ setup_deb822_repo \
 $STD apt install -y elasticsearch
 sed -i 's/^#\{0,2\} *-Xms[0-9]*g.*/-Xms2g/' /etc/elasticsearch/jvm.options
 sed -i 's/^#\{0,2\} *-Xmx[0-9]*g.*/-Xmx2g/' /etc/elasticsearch/jvm.options
-cat <<EOF >>/etc/elasticsearch/elasticsearch.yml
+cat <<EOF >/etc/elasticsearch/elasticsearch.yml
 discovery.type: single-node
 xpack.security.enabled: false
 bootstrap.memory_lock: false

install/zitadel-install.sh

@@ -29,14 +29,14 @@ systemctl start postgresql
 $STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';"
 $STD sudo -u postgres psql -c "CREATE USER $DB_ADMIN_USER WITH PASSWORD '$DB_ADMIN_PASS' SUPERUSER;"
 $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_ADMIN_USER;"
-{
+cat <<EOF >~/zitadel.creds
-  echo "Application Credentials"
+Application Credentials
-  echo "DB_NAME: $DB_NAME"
+DB_NAME: $DB_NAME
-  echo "DB_USER: $DB_USER"
+DB_USER: $DB_USER
-  echo "DB_PASS: $DB_PASS"
+DB_PASS: $DB_PASS
-  echo "DB_ADMIN_USER: $DB_ADMIN_USER"
+DB_ADMIN_USER: $DB_ADMIN_USER
-  echo "DB_ADMIN_PASS: $DB_ADMIN_PASS"
+DB_ADMIN_PASS: $DB_ADMIN_PASS
-} >>~/zitadel.creds
+EOF
 msg_ok "Installed PostgreSQL"
 
 fetch_and_deploy_gh_release "zitadel" "zitadel/zitadel" "prebuild" "latest" "/usr/local/bin" "zitadel-linux-$(arch_resolve).tar.gz"
@@ -45,10 +45,10 @@ msg_info "Setting up Zitadel Environments"
 mkdir -p /opt/zitadel
 echo "/opt/zitadel/config.yaml" >"/opt/zitadel/.config"
 head -c 32 < <(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9') >"/opt/zitadel/.masterkey"
-{
+cat <<EOF >~/zitadel.creds
-  echo "Config location: $(cat "/opt/zitadel/.config")"
+Config location: $(cat "/opt/zitadel/.config")
-  echo "Masterkey: $(cat "/opt/zitadel/.masterkey")"
+Masterkey: $(cat "/opt/zitadel/.masterkey")
-} >>~/zitadel.creds
+EOF
 cat <<EOF >/opt/zitadel/config.yaml
 Port: 8080
 ExternalPort: 8080

install/zot-registry-install.sh

@@ -24,11 +24,11 @@ mkdir -p /etc/zot
 curl -fsSL https://raw.githubusercontent.com/project-zot/zot/refs/heads/main/examples/config-ui.json -o /etc/zot/config.json
 ZOTPASSWORD=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD htpasswd -b -B -c /etc/zot/htpasswd admin "$ZOTPASSWORD"
-{
+cat <<EOF >~/zot.creds
-  echo "Zot-Credentials"
+Zot-Credentials
-  echo "Zot User: admin"
+Zot User: admin
-  echo "Zot Password: $ZOTPASSWORD"
+Zot Password: $ZOTPASSWORD
-} >>~/zot.creds
+EOF
 msg_ok "Configured Zot Registry"
 
 msg_info "Setup Service"

misc/tools.func

@@ -6164,7 +6164,6 @@ _setup_gpu_permissions() {
 #   - Requires: build-essential, libtool, libjpeg-dev, libpng-dev, etc.
 # ------------------------------------------------------------------------------
 setup_imagemagick() {
-  local TMP_DIR=$(mktemp -d)
   local BINARY_PATH="/usr/local/bin/magick"
 
   # Get currently installed version
@@ -6195,51 +6194,39 @@ setup_imagemagick() {
     pkg-config \
     ghostscript
 
-  if ! CURL_TIMEOUT=180 curl_with_retry "https://imagemagick.org/archive/ImageMagick.tar.gz" "$TMP_DIR/ImageMagick.tar.gz"; then
+  # Fetch and deploy source tarball from GitHub Releases
-    msg_error "Failed to download ImageMagick"
+  fetch_and_deploy_gh_release "imagemagick" "ImageMagick/ImageMagick" "tarball" || {
-    msg_error "Hint: Check connectivity to imagemagick.org/archive"
+    msg_error "Failed to download ImageMagick source from GitHub"
-    rm -rf "$TMP_DIR"
+    msg_error "Hint: Check connectivity to github.com/ImageMagick/ImageMagick"
     return 250
-  fi
-
-  tar -xzf "$TMP_DIR/ImageMagick.tar.gz" -C "$TMP_DIR" || {
-    msg_error "Failed to extract ImageMagick"
-    rm -rf "$TMP_DIR"
-    return 251
   }
 
-  cd "$TMP_DIR"/ImageMagick-* || {
+  cd /opt/imagemagick || {
-    msg_error "Source extraction failed"
+    msg_error "Failed to enter ImageMagick source directory"
-    rm -rf "$TMP_DIR"
     return 251
   }
 
   $STD ./configure --disable-static || {
     msg_error "ImageMagick configure failed"
-    rm -rf "$TMP_DIR"
     return 150
   }
   $STD make -j"$(nproc)" || {
     msg_error "ImageMagick compilation failed"
-    rm -rf "$TMP_DIR"
     return 150
   }
   $STD make install || {
     msg_error "ImageMagick installation failed"
-    rm -rf "$TMP_DIR"
     return 150
   }
   $STD ldconfig /usr/local/lib
 
   if [[ ! -x "$BINARY_PATH" ]]; then
     msg_error "ImageMagick installation failed"
-    rm -rf "$TMP_DIR"
     return 150
   fi
 
   local FINAL_VERSION
   FINAL_VERSION=$("$BINARY_PATH" -version | awk '/^Version/ {print $3}')
-  rm -rf "$TMP_DIR"
   cache_installed_version "imagemagick" "$FINAL_VERSION"
   ensure_usr_local_bin_persist
 

tools/pve/pbs3-upgrade.sh

@@ -105,7 +105,7 @@ EOF
   yes)
     msg_info "Enabling 'pbs-no-subscription' repository"
     cat <<EOF >/etc/apt/sources.list.d/pbs-install-repo.list
-deb https://download.proxmox.com/debian/pbs bookworm pbs-no-subscription
+deb http://download.proxmox.com/debian/pbs bookworm pbs-no-subscription
 EOF
     msg_ok "Enabled 'pbs-no-subscription' repository"
     ;;

tools/pve/post-pve-install.sh

@@ -152,7 +152,7 @@ EOF
   yes)
     msg_info "Enabling 'pve-no-subscription' repository"
     cat <<EOF >/etc/apt/sources.list.d/pve-install-repo.list
-deb https://download.proxmox.com/debian/pve bookworm pve-no-subscription
+deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
 EOF
     msg_ok "Enabled 'pve-no-subscription' repository"
     ;;

tools/pve/pve8-upgrade.sh

@@ -70,7 +70,7 @@ EOF
   whiptail --backtitle "Proxmox VE Helper Scripts" --msgbox --title "PVE8-NO-SUBSCRIPTION" "The 'pve-no-subscription' repository provides access to all of the open-source components of Proxmox VE." 10 58
   msg_info "Enabling 'pve-no-subscription' repository"
   cat <<EOF >/etc/apt/sources.list.d/pve-install-repo.list
-deb https://download.proxmox.com/debian/pve bookworm pve-no-subscription
+deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
 EOF
   msg_ok "Enabled 'pve-no-subscription' repository"