Update install/rackula-install.sh

Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>
2026-06-30 19:24:57 +02:00 · 2026-06-29 09:32:39 +02:00 · 2026-06-29 09:32:29 +02:00 · 2026-06-29 09:06:10 +02:00 · 2026-06-29 07:03:50 +00:00
91 changed files with 641 additions and 1110 deletions
@@ -1,3 +1,2 @@
 ko_fi: community_scripts
 github: community_scripts
-buy_me_a_coffee: communityscripts
@@ -489,42 +489,6 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit

 </details>

-## 2026-06-30
-
-### 🚀 Updated Scripts
-
-  - #### 🔧 Refactor
-
-    - Refactor: Use heredoc when creating env files and creds/other [@tremor021](https://github.com/tremor021) ([#15469](https://github.com/community-scripts/ProxmoxVE/pull/15469))
-
-### 🧰 Tools
-
-  - #### 🐞 Bug Fixes
-
-    - [tools/pve/*.sh] https://download.proxmox.com -> http://download.proxmox.com (PVE8 Only) [@galeksandrp](https://github.com/galeksandrp) ([#15498](https://github.com/community-scripts/ProxmoxVE/pull/15498))
-
-## 2026-06-29
-
-### 🆕 New Scripts
-
-  - Koffan ([#15467](https://github.com/community-scripts/ProxmoxVE/pull/15467))
- Etherpad ([#15468](https://github.com/community-scripts/ProxmoxVE/pull/15468))
- Flame ([#15464](https://github.com/community-scripts/ProxmoxVE/pull/15464))
-
-### 🚀 Updated Scripts
-
-  - chore(ct): sync snapotter defaults with PocketBase [@github-actions[bot]](https://github.com/github-actions[bot]) ([#15472](https://github.com/community-scripts/ProxmoxVE/pull/15472))
-
-  - #### 🐞 Bug Fixes
-
-    - feat: update nginx proxy manager to trixie [@asylumexp](https://github.com/asylumexp) ([#15457](https://github.com/community-scripts/ProxmoxVE/pull/15457))
-
-### 💾 Core
-
-  - #### ✨ New Features
-
-    - [tools.func]: add edit_yaml_config function [@tremor021](https://github.com/tremor021) ([#15484](https://github.com/community-scripts/ProxmoxVE/pull/15484))
-
 ## 2026-06-28

 ### 🚀 Updated Scripts
@@ -29,63 +29,9 @@ function update_script() {
    msg_error "No ${APP} Installation Found!"
    exit
  fi
-
-  FRAPPE_MAJOR="$(grep -oP '__version__\s*=\s*[\x27"]\K[0-9]+' /opt/frappe-bench/apps/frappe/frappe/__init__.py 2>/dev/null || echo 0)"
-  SITE="$(ls /opt/frappe-bench/sites/*/site_config.json 2>/dev/null | head -1 | cut -d/ -f5)"
-  [[ -z "$SITE" ]] && SITE="site1.local"
-
-  msg_info "Stopping ERPNext service"
-  $STD supervisorctl stop all
-  msg_ok "Stopped ERPNext service"
-
-  if [[ "${FRAPPE_MAJOR:-0}" -lt 16 ]] && { [[ "${PHS_SILENT:-0}" == "1" ]] || whiptail --backtitle "Proxmox VE Helper Scripts" --title "ERPNext v16 Major Upgrade" \
-    --yesno "A major upgrade from Frappe/ERPNext v15 to v16 is available.\n\nUpgrade to v16 now?" 16 78; }; then
-
-    msg_info "Backing up site ${SITE}"
-    $STD sudo -u frappe bash -c "export PATH=\"\$HOME/.local/bin:/usr/local/bin:\$PATH\"; cd /opt/frappe-bench && bench --site ${SITE} backup"
-    msg_ok "Backup created"
-
-    msg_info "Installing Dependencies"
-    $STD apt-get install -y pkg-config
-    $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:/usr/local/bin:$PATH"; cd /opt/frappe-bench && uv python install 3.14'
-    msg_ok "Installed Dependencies"
-
-    msg_info "Migrating bench environment"
-    $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:/usr/local/bin:$PATH"; cd /opt/frappe-bench && bench migrate-env "$(uv python find 3.14)"'
-    msg_ok "Migrated environment"
-
-    msg_info "Switching Frappe and ERPNext to v16 (Patience)"
-    $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:/usr/local/bin:$PATH"; cd /opt/frappe-bench && bench switch-to-branch version-16 frappe erpnext --upgrade' || true
-    NEW_MAJOR="$(grep -oP '__version__\s*=\s*[\x27"]\K[0-9]+' /opt/frappe-bench/apps/frappe/frappe/__init__.py 2>/dev/null || echo 0)"
-    if [[ "${NEW_MAJOR:-0}" -lt 16 ]]; then
-      msg_error "Failed to switch Frappe/ERPNext to v16"
-      exit 250
-    fi
-    msg_ok "Switched to v16"
-
-    msg_info "Running database migration (Patience)"
-    for i in 1 2 3; do
-      $STD sudo -u frappe bash -c "export PATH=\"\$HOME/.local/bin:/usr/local/bin:\$PATH\"; cd /opt/frappe-bench && bench --site ${SITE} migrate" && break
-      [[ "$i" -eq 3 ]] && {
-        msg_error "Database migration failed after 3 attempts"
-        exit 253
-      }
-    done
-    msg_ok "Database migrated"
-
-    msg_info "Building assets"
-    $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:/usr/local/bin:$PATH"; cd /opt/frappe-bench && bench build --production'
-    msg_ok "Assets built"
-
-    msg_info "Restarting ERPNext"
-    $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:/usr/local/bin:$PATH"; cd /opt/frappe-bench && bench restart'
-    msg_ok "Upgraded ERPNext to v16"
-  else
-    msg_info "Updating ERPNext"
-    $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt/frappe-bench && bench update --reset'
-    msg_ok "Updated ERPNext"
-  fi
-  msg_ok "Updated successfully!"
+  msg_info "Updating ERPNext"
+  $STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt/frappe-bench && bench update --reset'
+  msg_ok "Updated ERPNext"
  exit
 }

@@ -1,65 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: John McLear (JohnMcLear)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://etherpad.org
-
-APP="Etherpad"
-var_tags="${var_tags:-docs;collaboration;editor}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-2048}"
-var_disk="${var_disk:-8}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_arm64="${var_arm64:-yes}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/etherpad-lite ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "etherpad-lite" "ether/etherpad"; then
-    msg_info "Stopping Service"
-    systemctl stop etherpad
-    msg_ok "Stopped Service"
-
-    create_backup /opt/etherpad-lite/.env /opt/etherpad-lite/APIKEY.txt /opt/etherpad-lite/settings.json
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "etherpad-lite" "ether/etherpad" "tarball"
-    restore_backup
-
-    msg_info "Rebuilding Etherpad"
-    export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
-    $STD corepack enable
-    cd /opt/etherpad-lite
-    $STD pnpm install --frozen-lockfile
-    $STD pnpm run build:etherpad
-    msg_ok "Rebuilt Etherpad"
-
-    msg_info "Starting Service"
-    systemctl start etherpad
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:9001${CL}"
@@ -1,69 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: CrazyWolf13
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/pawelmalak/flame
-
-APP="Flame"
-var_tags="${var_tags:-dashboard;startpage}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-2048}"
-var_disk="${var_disk:-4}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_arm64="${var_arm64:-yes}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/flame ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "flame" "pawelmalak/flame"; then
-    msg_info "Stopping Service"
-    systemctl stop flame
-    msg_ok "Stopped Service"
-
-    create_backup /opt/flame/.env \
-                  /opt/flame/data
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "flame" "pawelmalak/flame" "tarball"
-    restore_backup
-
-    msg_info "Rebuilding Application"
-    cd /opt/flame
-    mkdir -p data public
-    $STD npm install --production
-    cd /opt/flame/client
-    $STD npm install --production
-    $STD npm run build
-    cd /opt/flame
-    cp -r client/build/. public/
-    msg_ok "Rebuilt Application"
-
-    msg_info "Starting Service"
-    systemctl start flame
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:5005${CL}"
@@ -1,64 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: Slaviša Arežina (tremor021)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://gitlab.com/fmd-foss/fmd-server
-
-APP="FMD-Server"
-var_tags="${var_tags:-FMD}"
-var_cpu="${var_cpu:-1}"
-var_ram="${var_ram:-512}"
-var_disk="${var_disk:-4}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_arm64="${var_arm64:-yes}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-  if [[ ! -d /opt/fmd-server ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gl_release "fmd-server" "fmd-foss/fmd-server"; then
-    msg_info "Stopping Service"
-    systemctl stop fmd-server
-    msg_ok "Stopped Service"
-
-    create_backup /opt/fmd-server/config.yml /opt/fmd-server/db
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gl_release "fmd-server" "fmd-foss/fmd-server" "prebuild" "latest" "/opt/fmd-server" "fmd-server-*.zip"
-
-    msg_info "Configuring FMD-Server"
-    cd /opt/fmd-server
-    chmod +x fmd-server-*
-    msg_ok "Configured FMD-Server"
-
-    restore_backup
-
-    msg_info "Starting Service"
-    systemctl start fmd-server
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}https://${IP}:8443${CL}"
@@ -1,6 +0,0 @@
-    ________  __                              __
-   / ____/ /_/ /_  ___  _________  ____ _____/ /
-  / __/ / __/ __ \/ _ \/ ___/ __ \/ __ `/ __  / 
- / /___/ /_/ / / /  __/ /  / /_/ / /_/ / /_/ /  
-/_____/\__/_/ /_/\___/_/  / .___/\__,_/\__,_/   
-                         /_/                    
@@ -1,6 +0,0 @@
-    ________                   
-   / ____/ /___ _____ ___  ___ 
-  / /_  / / __ `/ __ `__ \/ _ \
- / __/ / / /_/ / / / / / /  __/
-/_/   /_/\__,_/_/ /_/ /_/\___/ 
-                               
@@ -1,6 +0,0 @@
-    ________  _______       _____                          
-   / ____/  |/  / __ \     / ___/___  ______   _____  _____
-  / /_  / /|_/ / / / /_____\__ \/ _ \/ ___/ | / / _ \/ ___/
- / __/ / /  / / /_/ /_____/__/ /  __/ /   | |/ /  __/ /    
-/_/   /_/  /_/_____/     /____/\___/_/    |___/\___/_/     
-                                                           
@@ -1,6 +0,0 @@
-    __ __      ________          
-   / //_/___  / __/ __/___ _____ 
-  / ,< / __ \/ /_/ /_/ __ `/ __ \
- / /| / /_/ / __/ __/ /_/ / / / /
-/_/ |_\____/_/ /_/  \__,_/_/ /_/ 
-                                 
@@ -0,0 +1,6 @@
+    ____             __         __     
+   / __ \____ ______/ /____  __/ /___ _
+  / /_/ / __ `/ ___/ //_/ / / / / __ `/
+ / _, _/ /_/ / /__/ ,< / /_/ / / /_/ / 
+/_/ |_|\__,_/\___/_/|_|\__,_/_/\__,_/  
+                                       
@@ -1,63 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: (AminGholizad)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/PanSalut/Koffan
-
-APP="Koffan"
-var_tags="${var_tags:-productivity}"
-var_cpu="${var_cpu:-1}"
-var_ram="${var_ram:-1024}"
-var_disk="${var_disk:-4}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_arm64="${var_arm64:-yes}"
-var_arm64="${var_arm64:-no}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -f /opt/koffan/koffan ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "koffan" "PanSalut/Koffan"; then
-    msg_info "Stopping Service"
-    systemctl stop koffan
-    msg_ok "Stopped Service"
-
-    create_backup /opt/koffan/data
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "koffan" "PanSalut/Koffan" "tarball"
-    restore_backup
-
-    msg_info "Rebuilding Koffan"
-    cd /opt/koffan
-    $STD go build -o koffan main.go
-    msg_ok "Rebuild Koffan"
-
-    msg_info "Starting Service"
-    systemctl start koffan
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"
@@ -11,7 +11,7 @@ var_cpu="${var_cpu:-2}"
 var_ram="${var_ram:-2048}"
 var_disk="${var_disk:-8}"
 var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
+var_version="${var_version:-12}"
 var_arm64="${var_arm64:-yes}"
 var_unprivileged="${var_unprivileged:-1}"

@@ -60,9 +60,8 @@ function update_script() {
  fi
  $STD apt install -y build-essential "$pcre_pkg" libssl-dev zlib1g-dev

-  OPENRESTY_VERSION="1.29.2.5"
-  if [[ "$(cat ~/.openresty 2>/dev/null)" != "$OPENRESTY_VERSION" ]]; then
-    CLEAN_INSTALL=1 fetch_and_deploy_from_url "https://openresty.org/download/openresty-${OPENRESTY_VERSION}.tar.gz" "/opt/openresty"
+  if check_for_gh_release "openresty" "openresty/openresty"; then
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "openresty" "openresty/openresty" "prebuild" "${CHECK_UPDATE_RELEASE}" "/opt/openresty" "openresty-*.tar.gz"

    msg_info "Building OpenResty"
    cd /opt/openresty
@@ -78,7 +77,6 @@ function update_script() {
      --with-stream_ssl_module
    $STD make -j"$(nproc)"
    $STD make install
-    echo "${OPENRESTY_VERSION}" >~/.openresty
    rm -rf /opt/openresty
    cat <<'EOF' >/lib/systemd/system/openresty.service
 [Unit]
@@ -58,11 +58,12 @@ function update_script() {
        -e 's/^NODE_/APP_/' \
        -e '/^SERVER_*/d' \
        -e '/^# API*/,+2d' /opt/patchmon/.env
-      cat <<EOF >/opt/patchmon/.env
-SESSION_SECRET=$(openssl rand -hex 64)
-AI_ENCRYPTION_KEY=$(openssl rand -hex 64)
-AGENT_BINARIES_DIR=/opt/patchmon/agents
-EOF
+      {
+        echo ""
+        echo "SESSION_SECRET=$(openssl rand -hex 64)"
+        echo "AI_ENCRYPTION_KEY=$(openssl rand -hex 64)"
+        echo "AGENT_BINARIES_DIR=/opt/patchmon/agents"
+      } >>/opt/patchmon/.env
      sed -i -e '\|Directory|s|/backend||' \
        -e 's|^ExecStart=.*|ExecStart=/opt/patchmon/patchmon-server|' \
        -e 's|^Environment=NODE_.*|EnvironmentFile=/opt/patchmon/.env|' \
@@ -0,0 +1,81 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: gVNS (ggfevans)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/RackulaLives/Rackula
+
+APP="Rackula"
+var_tags="${var_tags:-homelab}"
+var_cpu="${var_cpu:-1}"
+var_ram="${var_ram:-512}"
+var_disk="${var_disk:-8}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_arm64="${var_arm64:-yes}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -d /opt/rackula ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit 1
+  fi
+
+  if check_for_gh_release "rackula" "RackulaLives/Rackula"; then
+    msg_info "Stopping Services"
+    systemctl stop rackula-api nginx
+    msg_ok "Stopped Services"
+
+    create_backup /opt/rackula/data
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "rackula" "RackulaLives/Rackula" "prebuild" "latest" "/opt/rackula" "rackula-lxc-*.tar.gz"
+    restore_backup
+
+    msg_info "Updating Configuration"
+    cp /opt/rackula/config/nginx.conf /etc/nginx/sites-available/rackula
+    cp /opt/rackula/config/security-headers.conf /etc/nginx/snippets/security-headers.conf
+    cp /opt/rackula/config/rackula-api.service /etc/systemd/system/rackula-api.service
+    if grep -q '^User=' /etc/systemd/system/rackula-api.service; then
+      sed -i 's/^User=.*/User=root/' /etc/systemd/system/rackula-api.service
+    else
+      sed -i '/^\[Service\]/a User=root' /etc/systemd/system/rackula-api.service
+    fi
+    if grep -q '^Group=' /etc/systemd/system/rackula-api.service; then
+      sed -i 's/^Group=.*/Group=root/' /etc/systemd/system/rackula-api.service
+    else
+      sed -i '/^\[Service\]/a Group=root' /etc/systemd/system/rackula-api.service
+    fi
+    mkdir -p /etc/systemd/system/nginx.service.d
+    cp /opt/rackula/config/nginx.service.d-override.conf /etc/systemd/system/nginx.service.d/override.conf
+    chown -R root:root /opt/rackula/frontend
+    find /opt/rackula/frontend -type d -exec chmod 755 {} \;
+    find /opt/rackula/frontend -type f -exec chmod 644 {} \;
+    chmod 750 /opt/rackula/data
+    msg_ok "Updated Configuration"
+
+    msg_info "Starting Services"
+    $STD nginx -t
+    systemctl daemon-reload
+    systemctl start nginx rackula-api
+    msg_ok "Started Services"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}${CL}"
@@ -8,7 +8,7 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV
 APP="SnapOtter"
 var_tags="${var_tags:-media;image}"
 var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-4096}"
+var_ram="${var_ram:-2048}"
 var_disk="${var_disk:-20}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
@@ -57,11 +57,11 @@ function update_script() {
      sed -i 's/--workers 4//' /opt/wizarr/start.sh
    fi
    if ! grep -qE 'FLASK|WORKERS|VERSION' /opt/wizarr/.env; then
-      cat <<EOF >/opt/wizarr/.env
-FLASK_ENV=production
-GUNICORN_WORKERS=4
-APP_VERSION=$(sed 's/^20/v&/' ~/.wizarr)
-EOF
+      {
+        echo "FLASK_ENV=production"
+        echo "GUNICORN_WORKERS=4"
+        echo "APP_VERSION=$(sed 's/^20/v&/' ~/.wizarr)"
+      } >>/opt/wizarr/.env
    else
      sed -i "s/_VERSION=v.*$/_VERSION=v$(cat ~/.wizarr)/" /opt/wizarr/.env
    fi
@@ -86,11 +86,12 @@ user.is_superuser = True
 user.is_staff = True
 user.save()
 EOF
-cat <<EOF >~/adventurelog.creds
-Django-Credentials
-Django Admin User: $DJANGO_ADMIN_USER
-Django Admin Password: $DJANGO_ADMIN_PASS
-EOF
+{
+  echo ""
+  echo "Django-Credentials"
+  echo "Django Admin User: $DJANGO_ADMIN_USER"
+  echo "Django Admin Password: $DJANGO_ADMIN_PASS"
+} >>~/adventurelog.creds
 msg_ok "Setup Django Admin"

 msg_info "Creating Service"
@@ -25,12 +25,12 @@ mkdir -p /etc/garage
 RPC_SECRET=$(openssl rand -hex 64 | cut -c1-64)
 ADMIN_TOKEN=$(openssl rand -base64 32)
 METRICS_TOKEN=$(openssl rand -base64 32)
-cat <<EOF >~/garage.creds
-Garage Tokens and Secrets
-RPC Secret: $RPC_SECRET
-Admin Token: $ADMIN_TOKEN
-Metrics Token: $METRICS_TOKEN
-EOF
+{
+  echo "Garage Tokens and Secrets"
+  echo "RPC Secret: $RPC_SECRET"
+  echo "Admin Token: $ADMIN_TOKEN"
+  echo "Metrics Token: $METRICS_TOKEN"
+} >~/garage.creds
 echo $GITEA_RELEASE >>~/.garage
 cat <<EOF >/etc/garage.toml
 metadata_dir = "/var/lib/garage/meta"
@@ -38,10 +38,10 @@ chmod +x /usr/local/bin/ironclaw
 msg_info "Configuring Environment"
 GATEWAY_TOKEN=$(openssl rand -hex 32)
 mkdir -p /root/.ironclaw
-cat <<EOF >/root/.ironclaw/gateway.creds
-Gateway-Token
-Token: $GATEWAY_TOKEN
-EOF
+{
+    echo "Gateway-Token"
+    echo "Token: $GATEWAY_TOKEN"
+} >> /root/.ironclaw/gateway.creds

 mkdir -p /root/.ironclaw
 cat <<EOF >/root/.ironclaw/.env
@@ -27,11 +27,11 @@ $STD unzip -j "$temp_file" '*/**' -d /opt/rclone
 cd /opt/rclone
 RCLONE_PASSWORD=$(head -c 16 /dev/urandom | xxd -p -c 16)
 $STD htpasswd -cb -B /opt/login.pwd admin "$RCLONE_PASSWORD"
-cat <<EOF >~/rclone.creds
-rclone-Credentials
-rclone User Name: admin
-rclone Password: $RCLONE_PASSWORD
-EOF
+{
+  echo "rclone-Credentials"
+  echo "rclone User Name: admin"
+  echo "rclone Password: $RCLONE_PASSWORD"
+} >>~/rclone.creds
 echo "${RELEASE}" >/opt/rclone_version.txt
 rm -f "$temp_file"
 msg_ok "Installed rclone"
@@ -40,12 +40,12 @@ mv release /opt/rustdesk-api
 cd /opt/rustdesk-api
 ADMINPASS=$(head -c 16 /dev/urandom | xxd -p -c 16)
 $STD ./apimain reset-admin-pwd "$ADMINPASS"
-cat <<EOF >~/rustdesk.creds
-RustDesk WebUI
-
-Username: admin
-Password: $ADMINPASS
-EOF
+{
+  echo "RustDesk WebUI"
+  echo ""
+  echo "Username: admin"
+  echo "Password: $ADMINPASS"
+} >>~/rustdesk.creds
 echo "${APIRELEASE}" >~/.rustdesk-api
 msg_ok "Installed RustDesk API v${APIRELEASE}"

@@ -25,12 +25,13 @@ chmod 600 ~/valkey.creds
 MEMTOTAL_MB=$(free -m | grep ^Mem: | awk '{print $2}')
 MAXMEMORY_MB=$((MEMTOTAL_MB * 75 / 100))

-cat <<EOF >/etc/valkey/valkey.conf
-# Memory-optimized settings for small-scale deployments
-maxmemory ${MAXMEMORY_MB}mb
-maxmemory-policy allkeys-lru
-maxmemory-samples 10
-EOF
+{
+  echo ""
+  echo "# Memory-optimized settings for small-scale deployments"
+  echo "maxmemory ${MAXMEMORY_MB}mb"
+  echo "maxmemory-policy allkeys-lru"
+  echo "maxmemory-samples 10"
+} >>/etc/valkey/valkey.conf
 msg_ok "Installed Valkey"

 # Note: Alpine's valkey package is compiled without TLS support
@@ -16,7 +16,7 @@ update_os
 setup_mongodb

 msg_info "Configuring MongoDB Replica Set"
-cat <<EOF >/etc/mongod.conf
+cat <<EOF >>/etc/mongod.conf

 replication:
  replSetName: "rs0"
@@ -28,11 +28,11 @@ setup_deb822_repo \
  "$(get_os_info codename)" \
  "main"
 $STD apt install -y couchdb
-cat <<EOF >~/couchdb.creds
-CouchDB Credentials
-CouchDB Erlang Cookie: $ERLANG_COOKIE
-CouchDB Admin Password: $ADMIN_PASS
-EOF
+{
+  echo "CouchDB Credentials"
+  echo "CouchDB Erlang Cookie: $ERLANG_COOKIE"
+  echo "CouchDB Admin Password: $ADMIN_PASS"
+} >>~/couchdb.creds
 msg_ok "Installed Apache CouchDB"

 motd_ssh
@@ -79,13 +79,13 @@ msg_ok "Setup Apache Guacamole"
 msg_info "Importing Database Schema"
 cd ~/guacamole-auth-jdbc-"${GUAC_SERVER_VERSION}"/mysql/schema
 cat *.sql | mariadb -u root ${MARIADB_DB_NAME}
-cat <<EOF >/etc/guacamole/guacamole.properties
-mysql-hostname: 127.0.0.1
-mysql-port: 3306
-mysql-database: $MARIADB_DB_NAME
-mysql-username: $MARIADB_DB_USER
-mysql-password: $MARIADB_DB_PASS
-EOF
+{
+  echo "mysql-hostname: 127.0.0.1"
+  echo "mysql-port: 3306"
+  echo "mysql-database: $MARIADB_DB_NAME"
+  echo "mysql-username: $MARIADB_DB_USER"
+  echo "mysql-password: $MARIADB_DB_PASS"
+} >>/etc/guacamole/guacamole.properties
 rm -rf ~/guacamole-auth-jdbc-"$GUAC_SERVER_VERSION"{,.tar.gz}
 msg_ok "Imported Database Schema"

@@ -17,7 +17,7 @@ fetch_and_deploy_gh_release "autobrr" "autobrr/autobrr" "prebuild" "latest" "/us

 msg_info "Configuring Autobrr"
 mkdir -p /root/.config/autobrr
-cat <<EOF >/root/.config/autobrr/config.toml
+cat <<EOF >>/root/.config/autobrr/config.toml
 # https://autobrr.com/configuration/autobrr
 host = "0.0.0.0"
 port = 7474
@@ -51,7 +51,7 @@ mkdir -p /opt/bookorbit-data/covers /opt/bookorbit-data/book-bucket /opt/bookorb
 APP_VER=$(cat ~/.bookorbit)
 JWT_SECRET=$(openssl rand -hex 32)
 SETUP_BOOTSTRAP_TOKEN=$(openssl rand -hex 16)
-cat <<EOF >~/bookorbit.creds
+cat <<EOF >>~/bookorbit.creds

 Setup Token: ${SETUP_BOOTSTRAP_TOKEN}
 EOF
@@ -29,12 +29,12 @@ MKPASSWORD=$(openssl rand -base64 18 | tr -d '/+=' | cut -c1-16)

 echo -e "$MKPASSWORD\n$MKPASSWORD" | su - "$SITE_NAME" -c "cmk-passwd cmkadmin --stdin"
 $STD omd start "$SITE_NAME"
-cat <<EOF >~/checkmk.creds
-Application-Credentials
-Username: cmkadmin
-Password: $MKPASSWORD
-Site: $SITE_NAME
-EOF
+{
+  echo "Application-Credentials"
+  echo "Username: cmkadmin"
+  echo "Password: $MKPASSWORD"
+  echo "Site: $SITE_NAME"
+} >>~/checkmk.creds
 msg_ok "Created Service"

 cleanup_lxc
@@ -66,13 +66,13 @@ for i in $(seq 1 30); do
  sleep 2
 done
 if [[ -f "$CREDS_FILE" ]]; then
-  cat <<EOF >~/crafty-controller.creds
-Crafty-Controller-Credentials
-Username: $(grep -oP '(?<="username": ")[^"]*' "$CREDS_FILE")
-Password: $(grep -oP '(?<="password": ")[^"]*' "$CREDS_FILE")
-EOF
+  {
+    echo "Crafty-Controller-Credentials"
+    echo "Username: $(grep -oP '(?<="username": ")[^"]*' "$CREDS_FILE")"
+    echo "Password: $(grep -oP '(?<="password": ")[^"]*' "$CREDS_FILE")"
+  } >>~/crafty-controller.creds
 fi
 msg_ok "Service started"
 motd_ssh
 customize
-cleanup_lxc
+cleanup_lxc
@@ -24,10 +24,10 @@ setup_mariadb
 msg_info "Setting up Database"
 ROOT_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD mariadb -u root -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '$ROOT_PASS'; flush privileges;"
-cat <<EOF >~/dolibarr.creds
-Dolibarr DB Credentials
-MariaDB Root Password: $ROOT_PASS
-EOF
+{
+  echo "Dolibarr DB Credentials"
+  echo "MariaDB Root Password: $ROOT_PASS"
+} >>~/dolibarr.creds
 msg_ok "Set up database"

 msg_info "Setup Dolibarr"
@@ -43,11 +43,11 @@ sed -i "s|#chroot_local_user=YES|chroot_local_user=NO|g" /etc/vsftpd.conf

 systemctl restart -q vsftpd.service

-cat <<EOF >~/ftp.creds
-FTP-Credentials
-Username: ftpuser
-Password: $FTP_PASS
-EOF
+{
+  echo "FTP-Credentials"
+  echo "Username: ftpuser"
+  echo "Password: $FTP_PASS"
+} >>~/ftp.creds

 msg_ok "FTP server setup completed"

@@ -25,10 +25,10 @@ fetch_and_deploy_gh_release "duplicati" "duplicati/duplicati" "binary" "latest"
 msg_info "Configuring duplicati"
 DECRYPTKEY=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 ADMINPASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
-cat <<EOF >~/duplicati.creds
-Admin password = ${ADMINPASS}
-Database encryption key = ${DECRYPTKEY}
-EOF
+{
+  echo "Admin password = ${ADMINPASS}"
+  echo "Database encryption key = ${DECRYPTKEY}"
+} >>~/duplicati.creds
 msg_ok "Configured duplicati"

 msg_info "Creating Service"
@@ -44,7 +44,7 @@ ADMIN_PASS="$(openssl rand -base64 18 | cut -c1-13)"
 echo "enable_registration_without_verification: true" >>/etc/matrix-synapse/homeserver.yaml
 echo "registration_shared_secret: ${SECRET}" >>/etc/matrix-synapse/homeserver.yaml

-cat <<EOF >/etc/matrix-synapse/homeserver.yaml
+cat <<EOF >>/etc/matrix-synapse/homeserver.yaml

 # MatrixRTC / Element Call configuration
 experimental_features:
@@ -63,11 +63,11 @@ rc_delayed_event_mgmt:
 EOF
 systemctl enable -q --now matrix-synapse
 $STD register_new_matrix_user -a --user admin --password "$ADMIN_PASS" --config /etc/matrix-synapse/homeserver.yaml
-cat <<EOF >~/matrix.creds
-Matrix-Credentials
-Admin username: admin
-Admin password: $ADMIN_PASS
-EOF
+{
+  echo "Matrix-Credentials"
+  echo "Admin username: admin"
+  echo "Admin password: $ADMIN_PASS"
+} >>~/matrix.creds
 systemctl stop matrix-synapse
 sed -i '34d' /etc/matrix-synapse/homeserver.yaml
 systemctl start matrix-synapse
@@ -31,12 +31,11 @@ $STD apt install -y \
  libjpeg-dev \
  libmariadb-dev \
  python3-pip \
-  pkg-config \
  cron
 msg_ok "Installed Dependencies"

 NODE_VERSION="24" NODE_MODULE="yarn" setup_nodejs
-UV_PYTHON="3.14" setup_uv
+UV_PYTHON="3.13" setup_uv
 setup_mariadb

 msg_info "Configuring MariaDB for ERPNext"
@@ -69,9 +68,8 @@ msg_info "Initializing Frappe Bench"
 ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 DB_ROOT_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 mysql -u root -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '${DB_ROOT_PASS}'; FLUSH PRIVILEGES;"
-$STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; uv python install 3.14'
-$STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt && bench init --frappe-branch version-16 --python "$(uv python find 3.14)" frappe-bench'
-$STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt/frappe-bench && bench get-app erpnext --branch version-16'
+$STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt && bench init --frappe-branch version-15 frappe-bench'
+$STD sudo -u frappe bash -c 'export PATH="$HOME/.local/bin:$PATH"; cd /opt/frappe-bench && bench get-app erpnext --branch version-15'

 msg_info "Starting Redis Services for Site Setup"
 $STD sudo -u frappe bash -c 'redis-server /opt/frappe-bench/config/redis_queue.conf --daemonize yes'
@@ -88,14 +86,14 @@ ADMIN_PASSWORD=${ADMIN_PASS}
 DB_ROOT_PASSWORD=${DB_ROOT_PASS}
 SITE_NAME=site1.local
 EOF
-cat <<EOF >~/erpnext.creds
-ERPNext Credentials
-==================
-Admin Username: Administrator
-Admin Password: ${ADMIN_PASS}
-DB Root Password: ${DB_ROOT_PASS}
-Site Name: site1.local
-EOF
+{
+  echo "ERPNext Credentials"
+  echo "=================="
+  echo "Admin Username: Administrator"
+  echo "Admin Password: ${ADMIN_PASS}"
+  echo "DB Root Password: ${DB_ROOT_PASS}"
+  echo "Site Name: site1.local"
+} >~/erpnext.creds
 $STD systemctl enable --now redis-server
 msg_ok "Configured ERPNext"

@@ -1,71 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: John McLear (JohnMcLear)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://etherpad.org
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  build-essential \
-  pkg-config \
-  libsqlite3-dev
-msg_ok "Installed Dependencies"
-
-NODE_VERSION="24" NODE_MODULE="corepack" setup_nodejs
-fetch_and_deploy_gh_release "etherpad-lite" "ether/etherpad" "tarball"
-
-msg_info "Building Etherpad"
-export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
-cd /opt/etherpad-lite
-$STD pnpm install --frozen-lockfile
-$STD pnpm run build:etherpad
-msg_ok "Built Etherpad"
-
-msg_info "Configuring Etherpad"
-cp /opt/etherpad-lite/settings.json.template /opt/etherpad-lite/settings.json
-mkdir -p /var/lib/etherpad
-sed -i \
-  -e 's#"ip": *"127.0.0.1"#"ip": "0.0.0.0"#' \
-  -e 's#"dbType" *: *"dirty"#"dbType": "sqlite"#' \
-  -e 's#"filename" *: *"var/dirty.db"#"filename": "/var/lib/etherpad/etherpad.db"#' \
-  /opt/etherpad-lite/settings.json
-msg_ok "Configured Etherpad"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/etherpad.service
-[Unit]
-Description=Etherpad Collaborative Editor
-Documentation=https://etherpad.org/doc
-After=network.target
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/etherpad-lite
-Environment=NODE_ENV=production
-Environment=COREPACK_ENABLE_DOWNLOAD_PROMPT=0
-ExecStart=/usr/bin/pnpm run prod
-Restart=always
-RestartSec=5
-LimitNOFILE=65536
-StandardOutput=journal
-StandardError=journal
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now etherpad
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc
@@ -1,62 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: CrazyWolf13
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/pawelmalak/flame
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y build-essential
-msg_ok "Installed Dependencies"
-
-NODE_VERSION="22" setup_nodejs
-fetch_and_deploy_gh_release "flame" "pawelmalak/flame" "tarball"
-
-msg_info "Setting up Flame"
-cd /opt/flame
-mkdir -p data public
-$STD npm install --production
-cd /opt/flame/client
-$STD npm install --production
-$STD npm run build
-cd /opt/flame
-cp -r client/build/. public/
-FLAME_VERSION=$(cat ~/.flame)
-cat <<EOF >/opt/flame/.env
-NODE_ENV=production
-VERSION=${FLAME_VERSION}
-PASSWORD=
-EOF
-msg_ok "Set up Flame"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/flame.service
-[Unit]
-Description=Flame Startpage
-After=network.target
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/flame
-ExecStart=/usr/bin/node server.js
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now flame
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc
@@ -1,48 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: Slaviša Arežina (tremor021)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://gitlab.com/fmd-foss/fmd-server
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-fetch_and_deploy_gl_release "fmd-server" "fmd-foss/fmd-server" "prebuild" "latest" "/opt/fmd-server" "fmd-server-*.zip"
-create_self_signed_cert
-
-msg_info "Configuring fmd-server"
-cd /opt/fmd-server
-chmod +x fmd-server-*
-cp config.example.yml config.yml
-edit_yaml_config config.yml "WebDir" '"/opt/fmd-server/web/dist/"'
-edit_yaml_config config.yml "DatabaseDir" '"/opt/fmd-server/db/"'
-edit_yaml_config config.yml "ServerCrt" '"/etc/ssl/fmd-server/fmd-server.crt"'
-edit_yaml_config config.yml "ServerKey" '"/etc/ssl/fmd-server/fmd-server.key"'
-msg_ok "Configured fmd-server"
-
-msg_info "Creating services"
-cat <<EOF >/etc/systemd/system/fmd-server.service
-[Unit]
-Description=fmd-server Service
-After=network.target
-
-[Service]
-WorkingDirectory=/opt/fmd-server
-ExecStart=/opt/fmd-server/fmd-server-$(arch_resolve) serve
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now fmd-server
-msg_ok "Created services"
-
-motd_ssh
-customize
-cleanup_lxc
@@ -290,7 +290,7 @@ detect:
 EOF

 if grep -q -o -m1 -E 'avx[^ ]*|sse4_2' /proc/cpuinfo && [[ -f /openvino-model/ssdlite_mobilenet_v2.xml ]] && [[ -f /openvino-model/coco_91cl_bkgr.txt ]]; then
-  cat <<EOF >/config/config.yml
+  cat <<EOF >>/config/config.yml
 ffmpeg:
  hwaccel_args: auto
 detectors:
@@ -306,7 +306,7 @@ model:
  labelmap_path: /openvino-model/coco_91cl_bkgr.txt
 EOF
 else
-  cat <<EOF >/config/config.yml
+  cat <<EOF >>/config/config.yml
 ffmpeg:
  hwaccel_args: auto
 model:
@@ -22,12 +22,12 @@ mkdir -p /etc/garage
 RPC_SECRET=$(openssl rand -hex 32)
 ADMIN_TOKEN=$(openssl rand -base64 32)
 METRICS_TOKEN=$(openssl rand -base64 32)
-cat <<EOF >~/garage.creds
-Garage Tokens and Secrets
-RPC Secret: $RPC_SECRET
-Admin Token: $ADMIN_TOKEN
-Metrics Token: $METRICS_TOKEN
-EOF
+{
+    echo "Garage Tokens and Secrets"
+    echo "RPC Secret: $RPC_SECRET"
+    echo "Admin Token: $ADMIN_TOKEN"
+    echo "Metrics Token: $METRICS_TOKEN"
+} >>~/garage.creds
 echo $GITEA_RELEASE >>~/.garage
 cat <<EOF >/etc/garage.toml
 metadata_dir = "/var/lib/garage/meta"
@@ -29,12 +29,12 @@ PG_DB_NAME="ghostfolio" PG_DB_USER="ghostfolio" PG_DB_SCHEMA_PERMS="true" setup_
 REDIS_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 ACCESS_TOKEN_SALT=$(openssl rand -base64 32)
 JWT_SECRET_KEY=$(openssl rand -base64 32)
-cat <<EOF >~/ghostfolio.creds
-Ghostfolio Credentials
-Redis Password: $REDIS_PASS
-Access Token Salt: $ACCESS_TOKEN_SALT
-JWT Secret Key: $JWT_SECRET_KEY
-EOF
+{
+  echo "Ghostfolio Credentials"
+  echo "Redis Password: $REDIS_PASS"
+  echo "Access Token Salt: $ACCESS_TOKEN_SALT"
+  echo "JWT Secret Key: $JWT_SECRET_KEY"
+} >>~/ghostfolio.creds
 msg_ok "Set up Database"

 fetch_and_deploy_gh_release "ghostfolio" "ghostfolio/ghostfolio" "tarball" "latest" "/opt/ghostfolio"
@@ -33,12 +33,12 @@ $STD mariadb -u root -e "CREATE DATABASE $DB_NAME;"
 $STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
 $STD mariadb -u root -e "GRANT ALL PRIVILEGES ON $DB_NAME.* TO '$DB_USER'@'localhost';"
 $STD mariadb -u root -e "GRANT SELECT ON \`mysql\`.\`time_zone_name\` TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-cat <<EOF >~/glpi_db.creds
-GLPI Database Credentials
-Database: $DB_NAME
-Username: $DB_USER
-Password: $DB_PASS
-EOF
+{
+  echo "GLPI Database Credentials"
+  echo "Database: $DB_NAME"
+  echo "Username: $DB_USER"
+  echo "Password: $DB_PASS"
+} >>~/glpi_db.creds
 msg_ok "Set up database"

 msg_info "Installing GLPi"
@@ -28,11 +28,11 @@ msg_ok "Setup Graylog Data Node"
 msg_info "Setup ${APPLICATION}"
 $STD apt-get install graylog-server
 ROOT_PASSWORD=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c16)
-cat <<EOF >~/graylog.creds
-${APPLICATION} Credentials
-Admin User: admin
-Admin Password: ${ROOT_PASSWORD}
-EOF
+{
+  echo "${APPLICATION} Credentials"
+  echo "Admin User: admin"
+  echo "Admin Password: ${ROOT_PASSWORD}"
+} >>~/graylog.creds
 ROOT_PASSWORD=$(echo -n $ROOT_PASSWORD | shasum -a 256 | awk '{print $1}')
 sed -i "s/password_secret =/password_secret = $PASSWORD_SECRET/g" /etc/graylog/server/server.conf
 sed -i "s/root_password_sha2 =/root_password_sha2 = $ROOT_PASSWORD/g" /etc/graylog/server/server.conf
@@ -14,14 +14,14 @@ update_os

 msg_info "Installing Dependencies"
 $STD apt install -y \
-    gcc \
-    python3 \
-    python3-dev \
-    python3-venv \
-    libpq-dev \
-    libcurl4-openssl-dev \
-    libssl-dev \
-    caddy
+  gcc \
+  python3 \
+  python3-dev \
+  python3-venv \
+  libpq-dev \
+  libcurl4-openssl-dev \
+  libssl-dev \
+  caddy

 mkdir -p ~/.config/pip
 cat >~/.config/pip/pip.conf <<EOF
@@ -37,10 +37,10 @@ msg_info "Setup Keys (Admin / Secret)"
 SECRET_KEY="$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | cut -c1-32)"
 ADMIN_EMAIL="admin@community-scripts.org"
 ADMIN_PASSWORD="$PG_DB_PASS"
-cat <<EOF >~/healthchecks.creds
-healthchecks Admin Email: $ADMIN_EMAIL
-healthchecks Admin Password: $ADMIN_PASSWORD
-EOF
+{
+  echo "healthchecks Admin Email: $ADMIN_EMAIL"
+  echo "healthchecks Admin Password: $ADMIN_PASSWORD"
+} >>~/healthchecks.creds
 msg_ok "Set up Keys"

 fetch_and_deploy_gh_release "healthchecks" "healthchecks/healthchecks" "tarball"
@@ -46,12 +46,12 @@ ADMIN_EMAIL="admin@example.com"
 ADMIN_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)"
 ADMIN_HASH=$(php -r "echo password_hash('$ADMIN_PASS', PASSWORD_BCRYPT);")
 $STD mariadb -u root -D $MARIADB_DB_NAME -e "INSERT IGNORE INTO UserModel (name, email, password, admin) VALUES ('Admin', '$ADMIN_EMAIL', '$ADMIN_HASH', 1);"
-cat <<EOF >~/hortusfox.creds
-
-HortusFox-Admin-Creds:
-E-Mail: $ADMIN_EMAIL
-Passwort: $ADMIN_PASS
-EOF
+{
+  echo ""
+  echo "HortusFox-Admin-Creds:"
+  echo "E-Mail: $ADMIN_EMAIL"
+  echo "Passwort: $ADMIN_PASS"
+} >>~/hortusfox.creds
 $STD mariadb -u root -D $MARIADB_DB_NAME -e "INSERT IGNORE INTO LocationsModel (name, active, created_at) VALUES ('Home', 1, NOW());"
 msg_ok "Set up HortusFox"

@@ -293,13 +293,13 @@ ldconfig /usr/local/lib
 cd "$STAGING_DIR"
 rm -rf "$SOURCE"/build
 msg_ok "(5/5) Compiled libvips"
-cat <<EOF >~/.immich_library_revisions
-imagemagick: $IMAGEMAGICK_REVISION
-libheif: $LIBHEIF_REVISION
-libjxl: $LIBJXL_REVISION
-libraw: $LIBRAW_REVISION
-libvips: $LIBVIPS_REVISION
-EOF
+{
+  echo "imagemagick: $IMAGEMAGICK_REVISION"
+  echo "libheif: $LIBHEIF_REVISION"
+  echo "libjxl: $LIBJXL_REVISION"
+  echo "libraw: $LIBRAW_REVISION"
+  echo "libvips: $LIBVIPS_REVISION"
+} >~/.immich_library_revisions
 msg_ok "Custom Photo-processing Libraries Compiled Successfully"

 INSTALL_DIR="/opt/${APPLICATION}"
@@ -30,10 +30,10 @@ chmod +x /usr/local/bin/ironclaw
 msg_info "Configuring Environment"
 GATEWAY_TOKEN=$(openssl rand -hex 32)
 mkdir -p /root/.ironclaw
-cat <<EOF >/root/.ironclaw/gateway.creds
-Gateway-Token
-Token: $GATEWAY_TOKEN
-EOF
+{
+    echo "Gateway-Token"
+    echo "Token: $GATEWAY_TOKEN"
+} >> /root/.ironclaw/gateway.creds

 mkdir -p /root/.ironclaw
 cat <<EOF >/root/.ironclaw/.env
@@ -33,12 +33,12 @@ MYSQL_VERSION=$(mariadb --version | grep -oE '[0-9]+\.[0-9]+\.[0-9]+')
 $STD mariadb -e "CREATE DATABASE $DB_NAME;"
 $STD mariadb -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
 $STD mariadb -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-cat <<EOF >~/kimai.creds
-Kimai-Credentials
-Kimai Database User: $DB_USER
-Kimai Database Password: $DB_PASS
-Kimai Database Name: $DB_NAME
-EOF
+{
+  echo "Kimai-Credentials"
+  echo "Kimai Database User: $DB_USER"
+  echo "Kimai Database Password: $DB_PASS"
+  echo "Kimai Database Name: $DB_NAME"
+} >>~/kimai.creds
 msg_ok "Set up database"

 fetch_and_deploy_gh_release "kimai" "kimai/kimai" "tarball"
@@ -1,62 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: (AminGholizad)
-# License: MIT | https://github.com/AminGholizad/ProxmoxVED/raw/main/LICENSE
-# Source: https://github.com/PanSalut/Koffan
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y build-essential
-msg_ok "Installed Dependencies"
-
-setup_go
-fetch_and_deploy_gh_release "koffan" "PanSalut/Koffan" "tarball"
-
-msg_info "Building Koffan"
-cd /opt/koffan
-$STD go build -o koffan main.go
-msg_ok "Built Koffan"
-
-msg_info "Configuring Koffan"
-APP_PASSWD=$(openssl rand -base64 12)
-mkdir /opt/koffan/data
-cat <<EOF >/opt/koffan/data/.env
-APP_ENV=production
-APP_PASSWORD=${APP_PASSWD}
-PORT=3000
-DB_PATH=/opt/koffan/data/shopping.db
-EOF
-cat <<EOF >~/koffan.creds
-Password: ${APP_PASSWD}
-EOF
-msg_ok "Configured Koffan"
-
-msg_info "Creating systemd service"
-cat <<EOF >/etc/systemd/system/koffan.service
-[Unit]
-Description=Koffan Service
-After=network.target
-
-[Service]
-EnvironmentFile=/opt/koffan/data/.env
-WorkingDirectory=/opt/koffan
-ExecStart=/opt/koffan/koffan
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now koffan
-msg_ok "Created systemd service"
-
-motd_ssh
-customize
-cleanup_lxc
@@ -116,11 +116,11 @@ cp /opt/librenms/snmpd.conf.example /etc/snmp/snmpd.conf

 APP_PASSWORD=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 APP_USER="admin"
-cat <<EOF >~/librenms.creds
-LibreNMS Credentials
-Username: ${APP_USER}
-Password: ${APP_PASSWORD}
-EOF
+{
+  echo "LibreNMS Credentials"
+  echo "Username: ${APP_USER}"
+  echo "Password: ${APP_PASSWORD}"
+} >>~/librenms.creds

 $STD su - librenms -s /bin/bash -c "cd /opt/librenms && COMPOSER_ALLOW_SUPERUSER=1 composer install --no-dev"
 $STD su - librenms -s /bin/bash -c "cd /opt/librenms && php8.4 artisan migrate --force"
@@ -23,12 +23,12 @@ DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD mariadb -u root -e "CREATE DATABASE $DB_NAME CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
 $STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
 $STD mariadb -u root -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-cat <<EOF >~/limesurvey.creds
-LimeSurvey-Credentials
-LimeSurvey Database User: $DB_USER
-LimeSurvey Database Password: $DB_PASS
-LimeSurvey Database Name: $DB_NAME
-EOF
+{
+  echo "LimeSurvey-Credentials"
+  echo "LimeSurvey Database User: $DB_USER"
+  echo "LimeSurvey Database Password: $DB_PASS"
+  echo "LimeSurvey Database Name: $DB_NAME"
+} >>~/limesurvey.creds
 msg_ok "Configured MariaDB Database"

 msg_info "Setting up LimeSurvey"
@@ -21,12 +21,12 @@ DB_USER=listmonk
 DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)
 $STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';"
 $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER TEMPLATE template0;"
-cat <<EOF >~/listmonk.creds
-listmonk-Credentials
-listmonk Database User: $DB_USER
-listmonk Database Password: $DB_PASS
-listmonk Database Name: $DB_NAME
-EOF
+{
+  echo "listmonk-Credentials"
+  echo -e "listmonk Database User: \e[32m$DB_USER\e[0m"
+  echo -e "listmonk Database Password: \e[32m$DB_PASS\e[0m"
+  echo -e "listmonk Database Name: \e[32m$DB_NAME\e[0m"
+} >>~/listmonk.creds
 msg_ok "Configured PostgreSQL"

 fetch_and_deploy_gh_release "listmonk" "knadh/listmonk" "prebuild" "latest" "/opt/listmonk" "listmonk*linux_$(arch_resolve).tar.gz"
@@ -67,10 +67,10 @@ export ERLANG_BIN="/opt/livebook/.elixir-install/installs/otp/\${ERLANG_VERSION}
 export ELIXIR_BIN="/opt/livebook/.elixir-install/installs/elixir/\${ELIXIR_VERSION}/bin"
 export PATH="\$ESCRIPTS_BIN:\$ERLANG_BIN:\$ELIXIR_BIN:\$PATH"
 EOF
-cat <<EOF >~/livebook.creds
-Livebook-Credentials
-Livebook Password: $LIVEBOOK_PASSWORD
-EOF
+{
+  echo "Livebook-Credentials"
+  echo "Livebook Password: $LIVEBOOK_PASSWORD"
+} >>~/livebook.creds
 msg_ok "Installed Erlang $ERLANG_VERSION and Elixir $ELIXIR_VERSION"

 msg_info "Installing Livebook"
@@ -27,12 +27,12 @@ DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD mariadb -u root -e "CREATE DATABASE $DB_NAME;"
 $STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED by '$DB_PASS';"
 $STD mariadb -u root -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-cat <<EOF >~/mmdl.creds
-Manage My Damn Life Credentials
-Database User: $DB_USER
-Database Password: $DB_PASS
-Database Name: $DB_NAME
-EOF
+{
+  echo "Manage My Damn Life Credentials"
+  echo "Database User: $DB_USER"
+  echo "Database Password: $DB_PASS"
+  echo "Database Name: $DB_NAME"
+} >>~/mmdl.creds
 msg_ok "Set up Database"

 fetch_and_deploy_gh_release "mmdl" "intri-in/manage-my-damn-life-nextjs" "tarball"
@@ -35,12 +35,12 @@ $STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';"
 $STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME to $DB_USER;"
 $STD sudo -u postgres psql -c "ALTER DATABASE $DB_NAME OWNER TO $DB_USER;"
 $STD sudo -u postgres psql -c "GRANT USAGE, CREATE ON SCHEMA PUBLIC TO $DB_USER;"
-cat <<EOF >~/mattermost.creds
-Mattermost Credentials
-Database User: $DB_USER
-Database Password: $DB_PASS
-Database Name: $DB_NAME
-EOF
+{
+  echo "Mattermost Credentials"
+  echo "Database User: $DB_USER"
+  echo "Database Password: $DB_PASS"
+  echo "Database Name: $DB_NAME"
+} >>~/mattermost.creds
 msg_ok "Set up PostgreSQL"

 msg_info "Installing Mattermost"
@@ -30,12 +30,12 @@ DB_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)"
 $STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';"
 $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER TEMPLATE template0;"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
-cat <<EOF >~/mediamanager.creds
-MediaManager Credentials
-MediaManager Database User: $DB_USER
-MediaManager Database Password: $DB_PASS
-MediaManager Database Name: $DB_NAME
-EOF
+{
+  echo "MediaManager Credentials"
+  echo "MediaManager Database User: $DB_USER"
+  echo "MediaManager Database Password: $DB_PASS"
+  echo "MediaManager Database Name: $DB_NAME"
+} >>~/mediamanager.creds
 msg_ok "Set up PostgreSQL"

 fetch_and_deploy_gh_release "MediaManager" "maxdorninger/MediaManager" "tarball" "latest" "/opt/mediamanager"
@@ -28,10 +28,10 @@ ADMIN_USERNAME=$ADMIN_NAME
 ADMIN_PASSWORD=$ADMIN_PASS
 LISTEN_ADDR=0.0.0.0:8080
 EOF
-cat <<EOF >~/miniflux.creds
-ADMIN_USERNAME: $ADMIN_NAME
-ADMIN_PASSWORD: $ADMIN_PASS
-EOF
+{
+  echo "ADMIN_USERNAME: $ADMIN_NAME"
+  echo "ADMIN_PASSWORD: $ADMIN_PASS"
+} >>~/miniflux.creds
 $STD miniflux -migrate -config-file /etc/miniflux.conf
 systemctl enable -q --now miniflux
 msg_ok "Configured Miniflux"
@@ -85,12 +85,12 @@ user.is_superuser = True
 user.is_staff = True
 user.save()
 EOF
-cat <<EOF >~/netbox.creds
-
-Netbox-Django-Credentials
-Django User: $DJANGO_USER
-Django Password: $DJANGO_PASS
-EOF
+{
+  echo ""
+  echo "Netbox-Django-Credentials"
+  echo -e "Django User: \e[32m$DJANGO_USER\e[0m"
+  echo -e "Django Password: \e[32m$DJANGO_PASS\e[0m"
+} >>~/netbox.creds
 msg_ok "Setup Django Admin"

 motd_ssh
@@ -18,7 +18,7 @@ $STD apt install -y \
  apache2-utils \
  logrotate \
  build-essential \
-  libpcre2-dev \
+  libpcre3-dev \
  libssl-dev \
  zlib1g-dev \
  git \
@@ -36,8 +36,7 @@ $STD /opt/certbot/bin/pip install certbot certbot-dns-cloudflare
 ln -sf /opt/certbot/bin/certbot /usr/local/bin/certbot
 msg_ok "Set up Certbot"

-OPENRESTY_VERSION="1.29.2.5"
-fetch_and_deploy_from_url "https://openresty.org/download/openresty-${OPENRESTY_VERSION}.tar.gz" "/opt/openresty"
+fetch_and_deploy_gh_release "openresty" "openresty/openresty" "prebuild" "latest" "/opt/openresty" "openresty-*.tar.gz"

 msg_info "Building OpenResty"
 cd /opt/openresty
@@ -53,7 +52,6 @@ $STD ./configure \
  --with-stream_ssl_module
 $STD make -j"$(nproc)"
 $STD make install
-echo "${OPENRESTY_VERSION}" >~/.openresty
 rm -rf /opt/openresty

 cat <<'EOF' >/lib/systemd/system/openresty.service
@@ -59,10 +59,10 @@ EOF
 systemctl enable -q --now nightscout
 msg_ok "Created Service"

-cat <<EOF >~/nightscout.creds
-Nightscout Credentials
-API_SECRET: ${API_SECRET}
-EOF
+{
+  echo "Nightscout Credentials"
+  echo "API_SECRET: ${API_SECRET}"
+} >> ~/nightscout.creds

 motd_ssh
 customize
@@ -15,10 +15,10 @@ update_os

 msg_info "Installing Dependencies (Patience)"
 $STD apt install -y \
-    build-essential \
-    redis-server \
-    expect \
-    ca-certificates
+  build-essential \
+  redis-server \
+  expect \
+  ca-certificates
 msg_ok "Installed Dependencies"

 setup_mongodb
@@ -31,14 +31,14 @@ NODEBB_USER="nodebb"
 NODEBB_PWD="$(openssl rand -base64 18 | cut -c1-13)"
 MONGO_CONNECTION_STRING="mongodb://${NODEBB_USER}:${NODEBB_PWD}@localhost:27017/nodebb"
 NODEBB_SECRET=$(uuidgen)
-cat <<EOF >~/nodebb.creds
-NodeBB-Credentials
-Mongo Database User: $MONGO_ADMIN_USER
-Mongo Database Password: $MONGO_ADMIN_PWD
-NodeBB User: $NODEBB_USER
-NodeBB Password: $NODEBB_PWD
-NodeBB Secret: $NODEBB_SECRET
-EOF
+{
+  echo "NodeBB-Credentials"
+  echo "Mongo Database User: $MONGO_ADMIN_USER"
+  echo "Mongo Database Password: $MONGO_ADMIN_PWD"
+  echo "NodeBB User: $NODEBB_USER"
+  echo "NodeBB Password: $NODEBB_PWD"
+  echo "NodeBB Secret: $NODEBB_SECRET"
+} >>~/nodebb.creds

 $STD mongosh <<EOF
 use admin
@@ -42,12 +42,12 @@ $STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';"
 $STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $DB_NAME TO $DB_USER;"
 $STD sudo -u postgres psql -c "ALTER DATABASE $DB_NAME OWNER TO $DB_USER;"
 $STD sudo -u postgres psql -c "ALTER USER $DB_USER WITH SUPERUSER;"
-cat <<EOF >~/odoo.creds
-Odoo-Credentials
-Odoo Database User: $DB_USER
-Odoo Database Password: $DB_PASS
-Odoo Database Name: $DB_NAME
-EOF
+{
+  echo "Odoo-Credentials"
+  echo -e "Odoo Database User: $DB_USER"
+  echo -e "Odoo Database Password: $DB_PASS"
+  echo -e "Odoo Database Name: $DB_NAME"
+} >>~/odoo.creds
 msg_ok "Setup PostgreSQL"

 msg_info "Configuring Odoo"
@@ -30,12 +30,12 @@ $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCO
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET default_transaction_isolation TO 'read committed';"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET timezone TO 'UTC'"
-cat <<EOF >~/onlyoffice.creds
-ONLYOFFICE-Credentials
-ONLYOFFICE Database User: $DB_USER
-ONLYOFFICE Database Password: $DB_PASS
-ONLYOFFICE Database Name: $DB_NAME
-EOF
+{
+  echo "ONLYOFFICE-Credentials"
+  echo "ONLYOFFICE Database User: $DB_USER"
+  echo "ONLYOFFICE Database Password: $DB_PASS"
+  echo "ONLYOFFICE Database Name: $DB_NAME"
+} >>~/onlyoffice.creds
 msg_ok "Set up Database"

 msg_info "Adding ONLYOFFICE GPG Key"
@@ -81,13 +81,16 @@ echo onlyoffice-documentserver onlyoffice/rabbitmq-pwd password $RMQ_PASS | debc
 echo onlyoffice-documentserver onlyoffice/jwt-enabled boolean true | debconf-set-selections
 echo onlyoffice-documentserver onlyoffice/jwt-secret password $JWT_SECRET | debconf-set-selections

-cat <<EOF >~/onlyoffice.creds
-
-ONLYOFFICE RabbitMQ Credentials
-User: $RMQ_USER
-Password: $RMQ_PASS
-Secret: $JWT_SECRET
-EOF
+echo "RabbitMQ User: $RMQ_USER" >>~/onlyoffice.creds
+echo "RabbitMQ Password: $RMQ_PASS" >>~/onlyoffice.creds
+echo "JWT Secret: $JWT_SECRET" >>~/onlyoffice.creds
+{
+  echo ""
+  echo "ONLYOFFICE RabbitMQ Credentials"
+  echo "User: $RMQ_USER"
+  echo "Password: $RMQ_PASS"
+  echo "Secret: $JWT_SECRET"
+} >>~/onlyoffice.creds
 msg_ok "Debconf Preconfiguration Done"

 msg_info "Installing ttf-mscorefonts-installer"
@@ -112,7 +112,7 @@ if grep -q 'authenticated' $PAPERCLIP_CONFIG; then
  PAPERCLIP_INVITE_URL=$(awk -F'Invite URL: ' '/Invite URL:/ {print $2; exit}' "$PAPERCLIP_BOOTSTRAP_LOG")
  PAPERCLIP_INVITE_EXPIRY=$(awk -F'Expires: ' '/Expires:/ {print $2; exit}' "$PAPERCLIP_BOOTSTRAP_LOG")
  if [[ -n "$PAPERCLIP_INVITE_URL" ]]; then
-    cat <<EOF >~/paperclip.creds
+    cat <<EOF >>~/paperclip.creds

 Paperclip Admin Invite
 Invite URL: ${PAPERCLIP_INVITE_URL}
@@ -56,12 +56,12 @@ curl -fsSL "https://raw.githubusercontent.com/paperless-ngx/paperless-ngx/main/p
 mkdir -p /opt/paperless_data/{consume,data,media,trash}
 mkdir -p /opt/paperless/static
 SECRET_KEY="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 32)"
-cat <<EOF >~/paperless-ngx.creds
-
-Paperless-ngx Secret Key: $SECRET_KEY
-Paperless-ngx WebUI User: admin
-Paperless-ngx WebUI Password: $PG_DB_PASS
-EOF
+{
+  echo ""
+  echo "Paperless-ngx Secret Key: $SECRET_KEY"
+  echo "Paperless-ngx WebUI User: admin"
+  echo "Paperless-ngx WebUI Password: $PG_DB_PASS"
+} >>~/paperless-ngx.creds
 sed -i \
  -e 's|#PAPERLESS_REDIS=redis://localhost:6379|PAPERLESS_REDIS=redis://localhost:6379|' \
  -e "s|#PAPERLESS_CONSUMPTION_DIR=../consume|PAPERLESS_CONSUMPTION_DIR=/opt/paperless_data/consume|" \
@@ -30,11 +30,11 @@ $STD php bin/console cache:clear
 php bin/console doctrine:migrations:migrate -n >~/database-migration-output
 chown -R www-data:www-data /opt/partdb
 ADMIN_PASS=$(grep -oP 'The initial password for the "admin" user is: \K\w+' ~/database-migration-output)
-cat <<EOF >~/partdb.creds
-
-Part-DB Admin User: admin
-Part-DB Admin Password: $ADMIN_PASS
-EOF
+{
+  echo ""
+  echo "Part-DB Admin User: admin"
+  echo "Part-DB Admin Password: $ADMIN_PASS"
+} >>~/partdb.creds
 rm -rf ~/database-migration-output
 msg_ok "Installed Part-DB"

@@ -15,10 +15,10 @@ update_os

 msg_info "Installing Dependencies"
 $STD apt install -y \
-    git \
-    nginx \
-    redis-server \
-    cron
+  git \
+  nginx \
+  redis-server \
+  cron
 msg_ok "Installed Dependencies"

 setup_mariadb
@@ -35,12 +35,12 @@ mariadb-tzinfo-to-sql /usr/share/zoneinfo | mariadb mysql
 $STD mariadb -u root -e "CREATE DATABASE $DB_NAME;"
 $STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
 $STD mariadb -u root -e "GRANT ALL PRIVILEGES ON $DB_NAME.* TO '$DB_USER'@'localhost' WITH GRANT OPTION;"
-cat <<EOF >~/paymenter_db.creds
-Paymenter Database Credentials
-Database: $DB_NAME
-Username: $DB_USER
-Password: $DB_PASS
-EOF
+{
+  echo "Paymenter Database Credentials"
+  echo "Database: $DB_NAME"
+  echo "Username: $DB_USER"
+  echo "Password: $DB_PASS"
+} >>~/paymenter_db.creds
 cd /opt/paymenter
 cp .env.example .env
 $STD composer install --no-dev --optimize-autoloader --no-interaction
@@ -119,7 +119,7 @@ edns-packet-max=1232
 EOF

  if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
-    cat <<EOF >/etc/unbound/unbound.conf.d/pi-hole.conf
+    cat <<EOF >>/etc/unbound/unbound.conf.d/pi-hole.conf
  tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
 forward-zone:
  name: "."
@@ -15,21 +15,21 @@ update_os

 msg_info "Installing Dependencies"
 $STD apt install -y \
-    nginx \
-    build-essential \
-    libpq-dev \
-    libxml2-dev \
-    libxslt1-dev \
-    libxmlsec1-dev \
-    libxmlsec1-openssl \
-    pkg-config \
-    python3-dev \
-    python3-venv \
-    redis-server \
-    erlang-base \
-    erlang-{asn1,crypto,eldap,ftp,inets,mnesia,os-mon,parsetools} \
-    erlang-{public-key,runtime-tools,snmp,ssl,syntax-tools,tftp,tools,xmerl} \
-    rabbitmq-server
+  nginx \
+  build-essential \
+  libpq-dev \
+  libxml2-dev \
+  libxslt1-dev \
+  libxmlsec1-dev \
+  libxmlsec1-openssl \
+  pkg-config \
+  python3-dev \
+  python3-venv \
+  redis-server \
+  erlang-base \
+  erlang-{asn1,crypto,eldap,ftp,inets,mnesia,os-mon,parsetools} \
+  erlang-{public-key,runtime-tools,snmp,ssl,syntax-tools,tftp,tools,xmerl} \
+  rabbitmq-server
 msg_ok "Installed Dependencies"

 NODE_VERSION="24" NODE_MODULE="corepack" setup_nodejs
@@ -86,7 +86,7 @@ VITE_LIVE_BASE_URL=http://${LOCAL_IP}
 VITE_LIVE_BASE_PATH=/live"
 # Each Vite app needs its own .env for the build
 for app in web admin space; do
-    echo "$FRONTEND_ENV" >/opt/plane/apps/${app}/.env
+  echo "$FRONTEND_ENV" >/opt/plane/apps/${app}/.env
 done
 export NODE_OPTIONS="--max-old-space-size=4096"
 export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
@@ -271,14 +271,14 @@ WantedBy=multi-user.target
 EOF
 systemctl daemon-reload
 systemctl enable -q --now plane-api plane-worker plane-beat plane-live plane-space
-cat <<EOF >~/plane.creds
-RabbitMQ User: plane
-RabbitMQ Password: ${RABBITMQ_PASS}
-MinIO Access Key: ${MINIO_ACCESS_KEY}
-MinIO Secret Key: ${MINIO_SECRET_KEY}
-Secret Key: ${SECRET_KEY}
-Config: /opt/plane/apps/api/.env
-EOF
+{
+  echo "RabbitMQ User: plane"
+  echo "RabbitMQ Password: ${RABBITMQ_PASS}"
+  echo "MinIO Access Key: ${MINIO_ACCESS_KEY}"
+  echo "MinIO Secret Key: ${MINIO_SECRET_KEY}"
+  echo "Secret Key: ${SECRET_KEY}"
+  echo "Config: /opt/plane/apps/api/.env"
+} >>~/plane.creds
 msg_ok "Created Services and MinIO Bucket"

 msg_info "Configuring Nginx"
@@ -32,12 +32,12 @@ $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCO
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET default_transaction_isolation TO 'read committed';"
 $STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET timezone TO 'UTC'"
-cat <<EOF >~/planka.creds
-PLANKA DB Credentials
-PLANKA Database User: $DB_USER
-PLANKA Database Password: $DB_PASS
-PLANKA Database Name: $DB_NAME
-EOF
+{
+  echo "PLANKA DB Credentials"
+  echo "PLANKA Database User: $DB_USER"
+  echo "PLANKA Database Password: $DB_PASS"
+  echo "PLANKA Database Name: $DB_NAME"
+} >>~/planka.creds
 msg_ok "Set up PostgreSQL Database"

 fetch_and_deploy_gh_release "planka" "plankanban/planka" "prebuild" "latest" "/opt/planka" "planka-prebuild.zip"
@@ -67,14 +67,14 @@ echo "DEFAULT_ADMIN_NAME=$ADMIN_NAME" >>.env
 echo "DEFAULT_ADMIN_USERNAME=$ADMIN_USERNAME" >>.env
 $STD npm run db:seed
 sed -i '/# Temporary admin user creation settings/,$d' .env
-cat <<EOF >~/planka.creds
-
-PLANKA Admin Credentials
-Admin Email: $ADMIN_EMAIL
-Admin Password: $ADMIN_PASSWORD
-Admin Name: $ADMIN_NAME
-Admin Username: $ADMIN_USERNAME
-EOF
+{
+  echo ""
+  echo "PLANKA Admin Credentials"
+  echo "Admin Email: $ADMIN_EMAIL"
+  echo "Admin Password: $ADMIN_PASSWORD"
+  echo "Admin Name: $ADMIN_NAME"
+  echo "Admin Username: $ADMIN_USERNAME"
+} >>~/planka.creds
 msg_ok "Created Admin User"

 msg_info "Creating Service"
@@ -52,12 +52,12 @@ DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD mariadb -u root -e "CREATE DATABASE $DB_NAME;"
 $STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
 $STD mariadb -u root -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-cat <<EOF >~/pterodactyl-panel.creds
-pterodactyl Panel-Credentials
-pterodactyl Panel Database User: $DB_USER
-pterodactyl Panel Database Password: $DB_PASS
-pterodactyl Panel Database Name: $DB_NAME
-EOF
+{
+  echo "pterodactyl Panel-Credentials"
+  echo "pterodactyl Panel Database User: $DB_USER"
+  echo "pterodactyl Panel Database Password: $DB_PASS"
+  echo "pterodactyl Panel Database Name: $DB_NAME"
+} >>~/pterodactyl-panel.creds
 msg_ok "Set up MariaDB"

 read -p "${TAB3}Provide an email address for admin login, this should be a valid email address: " ADMIN_EMAIL
@@ -82,12 +82,12 @@ echo "* * * * * php /opt/pterodactyl-panel/artisan schedule:run >> /dev/null 2>&
 chown -R www-data:www-data /opt/pterodactyl-panel/*
 chmod -R 755 /opt/pterodactyl-panel/storage/* /opt/pterodactyl-panel/bootstrap/cache/
 ln -s /opt/pterodactyl-panel /var/www/pterodactyl
-cat <<EOF >~/pterodactyl-panel.creds
-
-pterodactyl Admin Username: admin
-pterodactyl Admin Email: $ADMIN_EMAIL
-pterodactyl Admin Password: $ADMIN_PASS
-EOF
+{
+  echo ""
+  echo "pterodactyl Admin Username: admin"
+  echo "pterodactyl Admin Email: $ADMIN_EMAIL"
+  echo "pterodactyl Admin Password: $ADMIN_PASS"
+} >>~/pterodactyl-panel.creds
 rm -rf "/opt/pterodactyl-panel/panel.tar.gz"
 rm -rf "/tmp/debsuryorg-archive-keyring.deb"
 echo "${RELEASE}" >/opt/"${APPLICATION}"_version.txt
@@ -0,0 +1,96 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: gVNS (ggfevans)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/RackulaLives/Rackula
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y nginx
+msg_ok "Installed Dependencies"
+
+msg_info "Installing Bun"
+ensure_dependencies unzip ca-certificates
+BUN_VERSION="${BUN_VERSION:-1.3.14}"
+case "$(uname -m)" in
+x86_64) grep -q avx2 /proc/cpuinfo && BUN_VARIANT="x64" || BUN_VARIANT="x64-baseline" ;;
+aarch64) BUN_VARIANT="aarch64" ;;
+*)
+  msg_error "Unsupported architecture: $(uname -m)"
+  exit 1
+  ;;
+esac
+export BUN_INSTALL="/root/.bun"
+curl -fsSL https://bun.sh/install | $STD bash
+ln -sf /root/.bun/bin/bun /usr/local/bin/bun
+fetch_and_deploy_gh_release "rackula" "RackulaLives/Rackula" "prebuild" "latest" "/opt/rackula" "rackula-lxc-*.tar.gz"
+mkdir -p /opt/rackula/data /etc/nginx/snippets
+
+SECURITY_HEADERS_SRC="/opt/rackula/config/security-headers.conf"
+if [ ! -f "$SECURITY_HEADERS_SRC" ]; then
+  msg_error "Required config file missing: $SECURITY_HEADERS_SRC (release may be incomplete)"
+  exit 1
+fi
+cp "$SECURITY_HEADERS_SRC" /etc/nginx/snippets/security-headers.conf
+
+chown -R root:root /opt/rackula/frontend
+find /opt/rackula/frontend -type d -exec chmod 755 {} \;
+find /opt/rackula/frontend -type f -exec chmod 644 {} \;
+chmod 750 /opt/rackula/data
+
+API_WRITE_TOKEN=$(openssl rand -hex 32)
+cat <<EOF >/opt/rackula/data/.env
+RACKULA_API_WRITE_TOKEN=${API_WRITE_TOKEN}
+CORS_ORIGIN=http://localhost
+ALLOW_INSECURE_CORS=false
+EOF
+chmod 600 /opt/rackula/data/.env
+
+cat <<EOF >/etc/nginx/snippets/rackula-api-token.conf
+map \$host \$rackula_api_write_token {
+  default "${API_WRITE_TOKEN}";
+}
+map \$host \$rackula_has_api_write_token {
+  default 1;
+}
+EOF
+chmod 640 /etc/nginx/snippets/rackula-api-token.conf
+msg_ok "Set up Rackula"
+
+msg_info "Configuring nginx"
+cp /opt/rackula/config/nginx.conf /etc/nginx/sites-available/rackula
+rm -f /etc/nginx/sites-enabled/default
+ln -sf /etc/nginx/sites-available/rackula /etc/nginx/sites-enabled/rackula
+$STD nginx -t
+msg_ok "Configured nginx"
+
+msg_info "Creating Services"
+cp /opt/rackula/config/rackula-api.service /etc/systemd/system/rackula-api.service
+if grep -q '^User=' /etc/systemd/system/rackula-api.service; then
+  sed -i 's/^User=.*/User=root/' /etc/systemd/system/rackula-api.service
+else
+  sed -i '/^\[Service\]/a User=root' /etc/systemd/system/rackula-api.service
+fi
+if grep -q '^Group=' /etc/systemd/system/rackula-api.service; then
+  sed -i 's/^Group=.*/Group=root/' /etc/systemd/system/rackula-api.service
+else
+  sed -i '/^\[Service\]/a Group=root' /etc/systemd/system/rackula-api.service
+fi
+mkdir -p /etc/systemd/system/nginx.service.d
+cp /opt/rackula/config/nginx.service.d-override.conf /etc/systemd/system/nginx.service.d/override.conf
+systemctl daemon-reload
+systemctl enable -q nginx rackula-api
+systemctl restart nginx rackula-api
+msg_ok "Created Services"
+
+motd_ssh
+customize
+cleanup_lxc
@@ -24,11 +24,11 @@ msg_info "Setting up Radicale"
 cd /opt/radicale
 RNDPASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD htpasswd -c -b -5 /opt/radicale/users admin "$RNDPASS"
-cat <<EOF >~/radicale.creds
-Radicale Credentials
-Admin User: admin
-Admin Password: $RNDPASS
-EOF
+{
+  echo "Radicale Credentials"
+  echo "Admin User: admin"
+  echo "Admin Password: $RNDPASS"
+} >>~/radicale.creds

 mkdir -p /etc/radicale
 cat <<EOF >/etc/radicale/config
@@ -23,11 +23,11 @@ msg_info "Installing rclone"
 cd /opt/rclone
 RCLONE_PASSWORD=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD htpasswd -cb -B /opt/login.pwd admin "$RCLONE_PASSWORD"
-cat <<EOF >~/rclone.creds
-rclone-Credentials
-rclone User Name: admin
-rclone Password: $RCLONE_PASSWORD
-EOF
+{
+  echo "rclone-Credentials"
+  echo "rclone User Name: admin"
+  echo "rclone Password: $RCLONE_PASSWORD"
+} >>~/rclone.creds
 msg_ok "Installed rclone"

 msg_info "Creating Service"
@@ -20,11 +20,6 @@ $STD apt install -y \
  potrace \
  libopenjp2-tools \
  libegl1 \
-  libgl1 \
-  libglib2.0-0 \
-  libsm6 \
-  libxext6 \
-  libxrender1 \
  libwayland-client0 \
  libwayland-cursor0 \
  libwayland-egl1 \
@@ -27,18 +27,18 @@ while true; do
    echo -e "${TAB3}Do you accept the Splunk General Terms? (y/N): \c"
    read -r response
    case $response in
-    [Yy] | [Yy][Ee][Ss])
-        msg_ok "Terms accepted. Proceeding with installation..."
-        break
-        ;;
-    [Nn] | [Nn][Oo] | "")
-        msg_error "Terms not accepted. Installation cannot proceed."
-        msg_error "Please review the terms and run the script again if you wish to proceed."
-        exit 254
-        ;;
-    *)
-        msg_error "Invalid response. Please enter 'y' for yes or 'n' for no."
-        ;;
+        [Yy]|[Yy][Ee][Ss])
+            msg_ok "Terms accepted. Proceeding with installation..."
+            break
+            ;;
+        [Nn]|[Nn][Oo]|"")
+            msg_error "Terms not accepted. Installation cannot proceed."
+            msg_error "Please review the terms and run the script again if you wish to proceed."
+            exit 254
+            ;;
+        *)
+            msg_error "Invalid response. Please enter 'y' for yes or 'n' for no."
+            ;;
    esac
 done

@@ -59,13 +59,13 @@ msg_ok "Setup Splunk Enterprise v${RELEASE}"
 msg_info "Creating Splunk admin user"
 ADMIN_USER="admin"
 ADMIN_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
-cat <<EOF >~/splunk.creds
-Splunk-Credentials
-Username: $ADMIN_USER
-Password: $ADMIN_PASS
-EOF
+{
+    echo "Splunk-Credentials"
+    echo "Username: $ADMIN_USER"
+    echo "Password: $ADMIN_PASS"
+} >> ~/splunk.creds

-cat <<EOF >"/opt/splunk/etc/system/local/user-seed.conf"
+cat << EOF > "/opt/splunk/etc/system/local/user-seed.conf"
 [user_info]
 USERNAME = $ADMIN_USER
 PASSWORD = $ADMIN_PASS
@@ -103,7 +103,7 @@ PATH=/opt/.venv/bin:/usr/lib/libreoffice/program:/usr/local/sbin:/usr/local/bin:
 EOF

 if [[ "$login_mode" == "true" ]]; then
-  cat <<EOF >/opt/Stirling-PDF/.env
+  cat <<EOF >>/opt/Stirling-PDF/.env
 # activate Login
 DISABLE_ADDITIONAL_FEATURES=false
 SECURITY_ENABLELOGIN=true
@@ -46,11 +46,11 @@ NODE_ENV=production
 NEXT_TELEMETRY_DISABLED=1
 EOF
 mkdir -p /opt/storyteller/data
-cat <<EOF >~/storyteller.creds
-Storyteller Credentials
-=======================
-Secret Key: ${STORYTELLER_SECRET_KEY}
-EOF
+{
+  echo "Storyteller Credentials"
+  echo "======================="
+  echo "Secret Key: ${STORYTELLER_SECRET_KEY}"
+} >~/storyteller.creds
 msg_ok "Set up Storyteller"

 msg_info "Building Storyteller"
@@ -106,13 +106,13 @@ TZ=UTC
 PYTHONUNBUFFERED=1
 YTDLP_PLUGIN_DIRS=/opt/yt_plugins
 EOF
-cat <<EOF >~/tubearchivist.creds
-Tube Archivist Credentials
-==========================
-Username: admin
-Password: ${TA_PASSWORD}
-Elasticsearch Password: ${ES_PASSWORD}
-EOF
+{
+  echo "Tube Archivist Credentials"
+  echo "=========================="
+  echo "Username: admin"
+  echo "Password: ${TA_PASSWORD}"
+  echo "Elasticsearch Password: ${ES_PASSWORD}"
+} >~/tubearchivist.creds
 systemctl enable -q --now redis-server
 msg_ok "Set up Tube Archivist"

@@ -38,13 +38,13 @@ $STD apt-get install -y twingate-connector
 msg_ok "Setup Twingate Connector"

 msg_info "Configure Twingate-Connector"
-cat <<EOF >/etc/twingate/connector.conf
-TWINGATE_NETWORK=${network}
-TWINGATE_ACCESS_TOKEN=${access_token}
-TWINGATE_REFRESH_TOKEN=${refresh_token}
-TWINGATE_LABEL_HOSTNAME=$(hostname)
-TWINGATE_LABEL_DEPLOYED_BY=proxmox
-EOF
+{
+  echo "TWINGATE_NETWORK=${network}"
+  echo "TWINGATE_ACCESS_TOKEN=${access_token}"
+  echo "TWINGATE_REFRESH_TOKEN=${refresh_token}"
+  echo "TWINGATE_LABEL_HOSTNAME=$(hostname)"
+  echo "TWINGATE_LABEL_DEPLOYED_BY=proxmox"
+} >/etc/twingate/connector.conf
 chmod 600 /etc/twingate/connector.conf
 msg_ok "Configured Twingate-Connector"

@@ -19,7 +19,7 @@ $STD apt install -y valkey openssl
 sed -i 's/^bind .*/bind 0.0.0.0/' /etc/valkey/valkey.conf

 PASS="$(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9' | head -c32)"
-echo "requirepass $PASS" >>/etc/valkey/valkey.conf
+echo "requirepass $PASS" >> /etc/valkey/valkey.conf
 echo "$PASS" >~/valkey.creds
 chmod 600 ~/valkey.creds

@@ -27,11 +27,11 @@ MEMTOTAL_MB=$(free -m | grep ^Mem: | awk '{print $2}')
 # reserve 25% of a node type's maxmemory value for system use
 MAXMEMORY_MB=$((MEMTOTAL_MB * 75 / 100))

-echo "" >>/etc/valkey/valkey.conf
-echo "# Memory-optimized settings for small-scale deployments" >>/etc/valkey/valkey.conf
-echo "maxmemory ${MAXMEMORY_MB}mb" >>/etc/valkey/valkey.conf
-echo "maxmemory-policy allkeys-lru" >>/etc/valkey/valkey.conf
-echo "maxmemory-samples 10" >>/etc/valkey/valkey.conf
+echo "" >> /etc/valkey/valkey.conf
+echo "# Memory-optimized settings for small-scale deployments" >> /etc/valkey/valkey.conf
+echo "maxmemory ${MAXMEMORY_MB}mb" >> /etc/valkey/valkey.conf
+echo "maxmemory-policy allkeys-lru" >> /etc/valkey/valkey.conf
+echo "maxmemory-samples 10" >> /etc/valkey/valkey.conf
 msg_ok "Installed Valkey"

 echo
@@ -47,26 +47,26 @@ if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
    chown valkey:valkey "$TLS_CERT" "$TLS_KEY"

    if [[ ${tls_only,,} =~ ^(y|yes)$ ]]; then
-        cat <<EOF >/etc/valkey/valkey.conf
-
-# TLS configuration generated by Proxmox VE Valkey helper-script
-port 0
-tls-port 6379
-tls-cert-file $TLS_DIR/valkey.crt
-tls-key-file $TLS_DIR/valkey.key
-tls-auth-clients no
-EOF
-        msg_ok "Enabled TLS-only mode on port 6379"
+    {
+      echo ""
+      echo "# TLS configuration generated by Proxmox VE Valkey helper-script"
+      echo "port 0"
+      echo "tls-port 6379"
+      echo "tls-cert-file $TLS_DIR/valkey.crt"
+      echo "tls-key-file $TLS_DIR/valkey.key"
+      echo "tls-auth-clients no"
+    } >> /etc/valkey/valkey.conf
+    msg_ok "Enabled TLS-only mode on port 6379"
    else
-        cat <<EOF >/etc/valkey/valkey.conf
-
-# TLS configuration generated by Proxmox VE Valkey helper-script
-tls-port 6380
-tls-cert-file $TLS_DIR/valkey.crt
-tls-key-file $TLS_DIR/valkey.key
-tls-auth-clients no
-EOF
-        msg_ok "Enabled TLS on port 6380 and TCP on 6379"
+    {
+      echo ""
+      echo "# TLS configuration generated by Proxmox VE Valkey helper-script"
+      echo "tls-port 6380"
+      echo "tls-cert-file $TLS_DIR/valkey.crt"
+      echo "tls-key-file $TLS_DIR/valkey.key"
+      echo "tls-auth-clients no"
+    } >> /etc/valkey/valkey.conf
+    msg_ok "Enabled TLS on port 6380 and TCP on 6379"
    fi
 fi

@@ -35,14 +35,14 @@ $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_ADMIN_USER;"
 $STD sudo -u postgres psql -d "$DB_NAME" -c "GRANT USAGE ON SCHEMA public TO $DB_USER;"
 $STD sudo -u postgres psql -d "$DB_NAME" -c "GRANT CREATE ON SCHEMA public TO $DB_USER;"
 $STD sudo -u postgres psql -d "$DB_NAME" -c "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO $DB_USER;"
-cat <<EOF >~/warracker.creds
-Application Credentials
-DB_NAME: $DB_NAME
-DB_USER: $DB_USER
-DB_PASS: $DB_PASS
-DB_ADMIN_USER: $DB_ADMIN_USER
-DB_ADMIN_PASS: $DB_ADMIN_PASS
-EOF
+{
+    echo "Application Credentials"
+    echo "DB_NAME: $DB_NAME"
+    echo "DB_USER: $DB_USER"
+    echo "DB_PASS: $DB_PASS"
+    echo "DB_ADMIN_USER: $DB_ADMIN_USER"
+    echo "DB_ADMIN_PASS: $DB_ADMIN_PASS"
+} >>~/warracker.creds
 msg_ok "Setup PostgreSQL"

 fetch_and_deploy_gh_release "warracker" "sassanix/Warracker" "tarball" "latest" "/opt/warracker"
@@ -63,7 +63,7 @@ $STD sudo -u www-data php /opt/webtrees/index.php user Admin \
  --password="${WT_ADMIN_PASS}"
 $STD sudo -u www-data php /opt/webtrees/index.php user-setting Admin canadmin 1

-cat <<EOF >~/webtrees.creds
+cat <<EOF >>~/webtrees.creds

 Webtrees Admin User: Admin
 Webtrees Admin Password: ${WT_ADMIN_PASS}
@@ -24,11 +24,11 @@ msg_info "Setting up YT-DLP-WEBUI"
 mkdir -p /opt/yt-dlp-webui
 mkdir /downloads
 RPC_PASSWORD=$(openssl rand -base64 16)
-cat <<EOF >~/yt-dlp-webui.creds
-yt-dlp-webui-Credentials
-Username: admin
-Password: ${RPC_PASSWORD}
-EOF
+{
+  echo "yt-dlp-webui-Credentials"
+  echo "Username: admin"
+  echo "Password: ${RPC_PASSWORD}"
+} >>~/yt-dlp-webui.creds

 cat <<EOF >/opt/yt-dlp-webui/config.conf
 # Host where server will listen at (default: "0.0.0.0")
@@ -30,7 +30,7 @@ setup_deb822_repo \
 $STD apt install -y elasticsearch
 sed -i 's/^#\{0,2\} *-Xms[0-9]*g.*/-Xms2g/' /etc/elasticsearch/jvm.options
 sed -i 's/^#\{0,2\} *-Xmx[0-9]*g.*/-Xmx2g/' /etc/elasticsearch/jvm.options
-cat <<EOF >/etc/elasticsearch/elasticsearch.yml
+cat <<EOF >>/etc/elasticsearch/elasticsearch.yml
 discovery.type: single-node
 xpack.security.enabled: false
 bootstrap.memory_lock: false
@@ -29,14 +29,14 @@ systemctl start postgresql
 $STD sudo -u postgres psql -c "CREATE USER $DB_USER WITH PASSWORD '$DB_PASS';"
 $STD sudo -u postgres psql -c "CREATE USER $DB_ADMIN_USER WITH PASSWORD '$DB_ADMIN_PASS' SUPERUSER;"
 $STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME OWNER $DB_ADMIN_USER;"
-cat <<EOF >~/zitadel.creds
-Application Credentials
-DB_NAME: $DB_NAME
-DB_USER: $DB_USER
-DB_PASS: $DB_PASS
-DB_ADMIN_USER: $DB_ADMIN_USER
-DB_ADMIN_PASS: $DB_ADMIN_PASS
-EOF
+{
+  echo "Application Credentials"
+  echo "DB_NAME: $DB_NAME"
+  echo "DB_USER: $DB_USER"
+  echo "DB_PASS: $DB_PASS"
+  echo "DB_ADMIN_USER: $DB_ADMIN_USER"
+  echo "DB_ADMIN_PASS: $DB_ADMIN_PASS"
+} >>~/zitadel.creds
 msg_ok "Installed PostgreSQL"

 fetch_and_deploy_gh_release "zitadel" "zitadel/zitadel" "prebuild" "latest" "/usr/local/bin" "zitadel-linux-$(arch_resolve).tar.gz"
@@ -45,10 +45,10 @@ msg_info "Setting up Zitadel Environments"
 mkdir -p /opt/zitadel
 echo "/opt/zitadel/config.yaml" >"/opt/zitadel/.config"
 head -c 32 < <(openssl rand -base64 48 | tr -dc 'a-zA-Z0-9') >"/opt/zitadel/.masterkey"
-cat <<EOF >~/zitadel.creds
-Config location: $(cat "/opt/zitadel/.config")
-Masterkey: $(cat "/opt/zitadel/.masterkey")
-EOF
+{
+  echo "Config location: $(cat "/opt/zitadel/.config")"
+  echo "Masterkey: $(cat "/opt/zitadel/.masterkey")"
+} >>~/zitadel.creds
 cat <<EOF >/opt/zitadel/config.yaml
 Port: 8080
 ExternalPort: 8080
@@ -24,11 +24,11 @@ mkdir -p /etc/zot
 curl -fsSL https://raw.githubusercontent.com/project-zot/zot/refs/heads/main/examples/config-ui.json -o /etc/zot/config.json
 ZOTPASSWORD=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
 $STD htpasswd -b -B -c /etc/zot/htpasswd admin "$ZOTPASSWORD"
-cat <<EOF >~/zot.creds
-Zot-Credentials
-Zot User: admin
-Zot Password: $ZOTPASSWORD
-EOF
+{
+  echo "Zot-Credentials"
+  echo "Zot User: admin"
+  echo "Zot Password: $ZOTPASSWORD"
+} >>~/zot.creds
 msg_ok "Configured Zot Registry"

 msg_info "Setup Service"
@@ -266,47 +266,6 @@ download_gpg_key() {
  return 7
 }

-# ------------------------------------------------------------------------------
-# Edit a key-value pair in a YAML configuration file.
-#
-# Description:
-#   - Finds the first occurrence of the given key in the YAML file and replaces
-#     its value in-place using sed.
-#   - Handles both quoted and unquoted values on the same line.
-#   - The key is matched at the start of a line (optionally preceded by spaces),
-#     followed by a colon and optional whitespace.
-#   - If the key is not found, the function exits with a non-zero status and
-#     prints an error message.
-#
-# Usage:
-#   edit_yaml_config "/opt/myapp/config.yml" "database_host" "localhost"
-#   edit_yaml_config "/opt/myapp/config.yml" "port" "5432"
-#
-# Parameters:
-#   $1 - Path to the YAML file
-#   $2 - Key to find (e.g. "database_host")
-#   $3 - New value to set (e.g. "localhost")
-#
-# Returns: 0 on success, 1 if the file does not exist or the key is not found
-# ------------------------------------------------------------------------------
-edit_yaml_config() {
-  local file="$1"
-  local key="$2"
-  local value="$3"
-
-  if [[ ! -f "$file" ]]; then
-    msg_error "edit_yaml_config: file not found: $file"
-    return 1
-  fi
-
-  if ! grep -qE "^[[:space:]]*${key}[[:space:]]*:" "$file"; then
-    msg_error "edit_yaml_config: key '${key}' not found in $file"
-    return 1
-  fi
-
-  sed -i "s|^\([[:space:]]*${key}[[:space:]]*:\).*|\1 ${value}|" "$file"
-}
-
 # ------------------------------------------------------------------------------
 # Cache installed version to avoid repeated checks
 # ------------------------------------------------------------------------------
@@ -6164,6 +6123,7 @@ _setup_gpu_permissions() {
 #   - Requires: build-essential, libtool, libjpeg-dev, libpng-dev, etc.
 # ------------------------------------------------------------------------------
 setup_imagemagick() {
+  local TMP_DIR=$(mktemp -d)
  local BINARY_PATH="/usr/local/bin/magick"

  # Get currently installed version
@@ -6194,39 +6154,51 @@ setup_imagemagick() {
    pkg-config \
    ghostscript

-  # Fetch and deploy source tarball from GitHub Releases
-  fetch_and_deploy_gh_release "imagemagick" "ImageMagick/ImageMagick" "tarball" || {
-    msg_error "Failed to download ImageMagick source from GitHub"
-    msg_error "Hint: Check connectivity to github.com/ImageMagick/ImageMagick"
+  if ! CURL_TIMEOUT=180 curl_with_retry "https://imagemagick.org/archive/ImageMagick.tar.gz" "$TMP_DIR/ImageMagick.tar.gz"; then
+    msg_error "Failed to download ImageMagick"
+    msg_error "Hint: Check connectivity to imagemagick.org/archive"
+    rm -rf "$TMP_DIR"
    return 250
+  fi
+
+  tar -xzf "$TMP_DIR/ImageMagick.tar.gz" -C "$TMP_DIR" || {
+    msg_error "Failed to extract ImageMagick"
+    rm -rf "$TMP_DIR"
+    return 251
  }

-  cd /opt/imagemagick || {
-    msg_error "Failed to enter ImageMagick source directory"
+  cd "$TMP_DIR"/ImageMagick-* || {
+    msg_error "Source extraction failed"
+    rm -rf "$TMP_DIR"
    return 251
  }

  $STD ./configure --disable-static || {
    msg_error "ImageMagick configure failed"
+    rm -rf "$TMP_DIR"
    return 150
  }
  $STD make -j"$(nproc)" || {
    msg_error "ImageMagick compilation failed"
+    rm -rf "$TMP_DIR"
    return 150
  }
  $STD make install || {
    msg_error "ImageMagick installation failed"
+    rm -rf "$TMP_DIR"
    return 150
  }
  $STD ldconfig /usr/local/lib

  if [[ ! -x "$BINARY_PATH" ]]; then
    msg_error "ImageMagick installation failed"
+    rm -rf "$TMP_DIR"
    return 150
  fi

  local FINAL_VERSION
  FINAL_VERSION=$("$BINARY_PATH" -version | awk '/^Version/ {print $3}')
+  rm -rf "$TMP_DIR"
  cache_installed_version "imagemagick" "$FINAL_VERSION"
  ensure_usr_local_bin_persist

@@ -105,7 +105,7 @@ EOF
  yes)
    msg_info "Enabling 'pbs-no-subscription' repository"
    cat <<EOF >/etc/apt/sources.list.d/pbs-install-repo.list
-deb http://download.proxmox.com/debian/pbs bookworm pbs-no-subscription
+deb https://download.proxmox.com/debian/pbs bookworm pbs-no-subscription
 EOF
    msg_ok "Enabled 'pbs-no-subscription' repository"
    ;;
@@ -152,7 +152,7 @@ EOF
  yes)
    msg_info "Enabling 'pve-no-subscription' repository"
    cat <<EOF >/etc/apt/sources.list.d/pve-install-repo.list
-deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
+deb https://download.proxmox.com/debian/pve bookworm pve-no-subscription
 EOF
    msg_ok "Enabled 'pve-no-subscription' repository"
    ;;
@@ -70,7 +70,7 @@ EOF
  whiptail --backtitle "Proxmox VE Helper Scripts" --msgbox --title "PVE8-NO-SUBSCRIPTION" "The 'pve-no-subscription' repository provides access to all of the open-source components of Proxmox VE." 10 58
  msg_info "Enabling 'pve-no-subscription' repository"
  cat <<EOF >/etc/apt/sources.list.d/pve-install-repo.list
-deb http://download.proxmox.com/debian/pve bookworm pve-no-subscription
+deb https://download.proxmox.com/debian/pve bookworm pve-no-subscription
 EOF
  msg_ok "Enabled 'pve-no-subscription' repository"
Author	SHA1	Message	Date
CanbiZ (MickLesk)	dcac3e0870	Update install/rackula-install.sh Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>	2026-06-29 09:32:39 +02:00
CanbiZ (MickLesk)	82e3fc0d2e	Update install/rackula-install.sh Co-authored-by: Tobias <96661824+CrazyWolf13@users.noreply.github.com>	2026-06-29 09:32:29 +02:00
CanbiZ (MickLesk)	151d021f15	Update rackula.sh	2026-06-29 09:06:10 +02:00
push-app-to-main[bot]	2ab62bea16	Add rackula (ct)	2026-06-29 07:03:50 +00:00