opnsense-VM: Use ip link to verify bridge existence

Replace grep on /etc/network/interfaces with ip link show checks when validating bridge interfaces.. This removes dependency on the interfaces file (which may not reflect actual links) and updates error messages accordingly in default_settings and advanced_settings functions.
2026-02-26 23:15:55 +01:00 · 2026-02-25 16:21:42 +01:00
21 changed files with 122 additions and 796 deletions
--- a/.github/workflows/check-node-versions.yml
+++ b/.github/workflows/check-node-versions.yml
@@ -214,12 +214,11 @@ jobs:
            total=$((total + 1))
            slug=$(basename "$script" | sed 's/-install\.sh$//')
-            # Extract Source URL (GitHub only) from the "# Source:" line
+            # Extract Source URL (GitHub only)
            # Supports both:
            #   # Source: https://github.com/owner/repo
            #   # Source: https://example.com | Github: https://github.com/owner/repo
-            # NOTE: Must filter for "# Source:" line first to avoid matching the License URL
+            source_url=$(head -20 "$script" | grep -oP 'https://github\.com/[^\s|]+' | head -1 || echo "")
            source_url=$(head -20 "$script" | grep -i '# Source:' | grep -oP 'https://github\.com/[^\s|]+' | head -1 || echo "")
            if [[ -z "$source_url" ]]; then
              report_lines+=("| \`$slug\` | — | — | — | — | ⏭️ No GitHub source |")
              continue
--- a/.github/workflows/close-new-script-prs.yml
+++ b/.github/workflows/close-new-script-prs.yml
@@ -1,119 +0,0 @@
 name: Close Unauthorized New Script PRs
 on:
  pull_request_target:
    branches: ["main"]
    types: [opened, labeled]
 jobs:
  check-new-script:
    if: github.repository == 'community-scripts/ProxmoxVE'
    runs-on: coolify-runner
    permissions:
      pull-requests: write
      contents: read
    steps:
      - name: Close PR if unauthorized new script submission
        uses: actions/github-script@v7
        with:
          script: |
            const pr = context.payload.pull_request;
            const prNumber = pr.number;
            const author = pr.user.login;
            const authorType = pr.user.type; // "User" or "Bot"
            const owner = context.repo.owner;
            const repo = context.repo.repo;
            // --- Only act on PRs with the "new script" label ---
            const labels = pr.labels.map(l => l.name);
            if (!labels.includes("new script")) {
              core.info(`PR #${prNumber} does not have "new script" label — skipping.`);
              return;
            }
            // --- Allow our bots ---
            const allowedBots = [
              "push-app-to-main[bot]",
              "push-app-to-main",
            ];
            if (allowedBots.includes(author)) {
              core.info(`PR #${prNumber} by allowed bot "${author}" — skipping.`);
              return;
            }
            // --- Check if author is a member of the contributor team ---
            const teamSlug = "contributor";
            let isMember = false;
            try {
              const { status } = await github.rest.teams.getMembershipForUserInOrg({
                org: owner,
                team_slug: teamSlug,
                username: author,
              });
              // status 200 means the user is a member (active or pending)
              isMember = true;
            } catch (error) {
              if (error.status === 404) {
                isMember = false;
              } else {
                core.warning(`Could not check team membership for ${author}: ${error.message}`);
                // Fallback: check org membership
                try {
                  await github.rest.orgs.checkMembershipForUser({
                    org: owner,
                    username: author,
                  });
                  isMember = true;
                } catch {
                  isMember = false;
                }
              }
            }
            if (isMember) {
              core.info(`PR #${prNumber} by contributor "${author}" — skipping.`);
              return;
            }
            // --- Unauthorized: close the PR with a comment ---
            core.info(`Closing PR #${prNumber} by "${author}" — not a contributor or allowed bot.`);
            const comment = [
              `👋 Hi @${author},`,
              ``,
              `Thank you for your interest in contributing a new script!`,
              ``,
              `However, **new scripts must first be submitted to our development repository** for testing and review before they can be merged here.`,
              ``,
              `> 🛑 New scripts must be submitted to [**ProxmoxVED**](https://github.com/community-scripts/ProxmoxVED) for testing.`,
              `> PRs without prior testing will be closed.`,
              ``,
              `Please open your PR at **https://github.com/community-scripts/ProxmoxVED** instead.`,
              `Once your script has been tested and approved there, it will be pushed to this repository automatically.`,
              ``,
              `This PR will now be closed. Thank you for understanding! 🙏`,
            ].join("\n");
            await github.rest.issues.createComment({
              owner,
              repo,
              issue_number: prNumber,
              body: comment,
            });
            await github.rest.pulls.update({
              owner,
              repo,
              pull_number: prNumber,
              state: "closed",
            });
            // Add a label to indicate why it was closed
            await github.rest.issues.addLabels({
              owner,
              repo,
              issue_number: prNumber,
              labels: ["not a script issue"],
            });
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -407,42 +407,6 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 </details>
 ## 2026-02-26
 ### 🆕 New Scripts
  - Kima-Hub ([#12319](https://github.com/community-scripts/ProxmoxVE/pull/12319))
 ### 🚀 Updated Scripts
  - #### 🐞 Bug Fixes
    - tools.func: update glx alternatives / nvidia alternative if nvidia glx are missing [@MickLesk](https://github.com/MickLesk) ([#12372](https://github.com/community-scripts/ProxmoxVE/pull/12372))
    - hotfix: overseer version [@CrazyWolf13](https://github.com/CrazyWolf13) ([#12366](https://github.com/community-scripts/ProxmoxVE/pull/12366))
  - #### ✨ New Features
    - Add ffmpeg for booklore (ffprobe) [@MickLesk](https://github.com/MickLesk) ([#12371](https://github.com/community-scripts/ProxmoxVE/pull/12371))
    - [QOL] Immich: add warning regarding library compilation time [@vhsdream](https://github.com/vhsdream) ([#12345](https://github.com/community-scripts/ProxmoxVE/pull/12345))
 ### 🧰 Tools
  - #### 🐞 Bug Fixes
    - Improves adguardhome-sync addon when running on alpine LXCs [@Darkangeel-hd](https://github.com/Darkangeel-hd) ([#12362](https://github.com/community-scripts/ProxmoxVE/pull/12362))
  - #### ✨ New Features
    - Add Alpine support and improve Tailscale install [@MickLesk](https://github.com/MickLesk) ([#12370](https://github.com/community-scripts/ProxmoxVE/pull/12370))
 ### 📚 Documentation
  - fix wrong link on contributions README.md [@Darkangeel-hd](https://github.com/Darkangeel-hd) ([#12363](https://github.com/community-scripts/ProxmoxVE/pull/12363))
 ### 📂 Github
  - github: add workflow to autom. close unauthorized new-script PRs [@MickLesk](https://github.com/MickLesk) ([#12356](https://github.com/community-scripts/ProxmoxVE/pull/12356))
 ## 2026-02-25
 ### 🆕 New Scripts
@@ -453,10 +417,6 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
  - #### 🐞 Bug Fixes
    - fix: overseer migration [@CrazyWolf13](https://github.com/CrazyWolf13) ([#12340](https://github.com/community-scripts/ProxmoxVE/pull/12340))
    - add: vikunja: daemon reload [@CrazyWolf13](https://github.com/CrazyWolf13) ([#12323](https://github.com/community-scripts/ProxmoxVE/pull/12323))
    - opnsense-VM: Use ip link to verify bridge existence [@MickLesk](https://github.com/MickLesk) ([#12329](https://github.com/community-scripts/ProxmoxVE/pull/12329))
    - wger: Use $http_host for proxy Host header [@MickLesk](https://github.com/MickLesk) ([#12327](https://github.com/community-scripts/ProxmoxVE/pull/12327))
    - Passbolt: Update Nginx config `client_max_body_size` [@tremor021](https://github.com/tremor021) ([#12313](https://github.com/community-scripts/ProxmoxVE/pull/12313))
    - Zammad: configure Elasticsearch before zammad start [@MickLesk](https://github.com/MickLesk) ([#12308](https://github.com/community-scripts/ProxmoxVE/pull/12308))
@@ -470,10 +430,6 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
    - Fix detection of ssh keys [@1-tempest](https://github.com/1-tempest) ([#12230](https://github.com/community-scripts/ProxmoxVE/pull/12230))
  - #### ✨ New Features
    - tools.func: Improve GitHub/Codeberg API error handling and error output [@MickLesk](https://github.com/MickLesk) ([#12330](https://github.com/community-scripts/ProxmoxVE/pull/12330))
  - #### 🔧 Refactor
    - core: remove duplicate traps, consolidate error handling and harden signal traps [@MickLesk](https://github.com/MickLesk) ([#12316](https://github.com/community-scripts/ProxmoxVE/pull/12316))
--- a/ct/booklore.sh
+++ b/ct/booklore.sh
@@ -34,7 +34,6 @@ function update_script() {
    NODE_VERSION="22" setup_nodejs
    setup_mariadb
    setup_yq
    ensure_dependencies ffmpeg
    msg_info "Stopping Service"
    systemctl stop booklore
--- a/ct/headers/kima-hub
+++ b/ct/headers/kima-hub
@@ -1,6 +0,0 @@
    __ __ _                       __  __      __  
   / //_/(_)___ ___  ____ _      / / / /_  __/ /_ 
  / ,<  / / __ `__ \/ __ `/_____/ /_/ / / / / __ \
 / /| |/ / / / / / / /_/ /_____/ __  / /_/ / /_/ /
 /_/ |_/_/_/ /_/ /_/\__,_/     /_/ /_/\__,_/_.___/ 
--- a/ct/headers/zerobyte
+++ b/ct/headers/zerobyte
@@ -1,6 +0,0 @@
 _____                   __          __     
 /__  /  ___  _________  / /_  __  __/ /____ 
  / /  / _ \/ ___/ __ \/ __ \/ / / / __/ _ \
 / /__/  __/ /  / /_/ / /_/ / /_/ / /_/  __/
 /____/\___/_/   \____/_.___/\__, /\__/\___/ 
                           /____/           
--- a/ct/immich.sh
+++ b/ct/immich.sh
@@ -97,7 +97,7 @@ EOF
  if [[ -f ~/.immich_library_revisions ]]; then
    libraries=("libjxl" "libheif" "libraw" "imagemagick" "libvips")
    cd "$BASE_DIR"
-    msg_warn "Checking for updates to custom image-processing libraries (recompile time: 2-15min per library)"
+    msg_info "Checking for updates to custom image-processing libraries"
    $STD git pull
    for library in "${libraries[@]}"; do
      compile_"$library"
--- a/ct/kima-hub.sh
+++ b/ct/kima-hub.sh
@@ -1,79 +0,0 @@
 #!/usr/bin/env bash
 source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: MickLesk (CanbiZ)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://github.com/Chevron7Locked/kima-hub
 APP="Kima-Hub"
 var_tags="${var_tags:-music;streaming;media}"
 var_cpu="${var_cpu:-4}"
 var_ram="${var_ram:-8192}"
 var_disk="${var_disk:-20}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"
 header_info "$APP"
 variables
 color
 catch_errors
 function update_script() {
  header_info
  check_container_storage
  check_container_resources
  if [[ ! -d /opt/kima-hub ]]; then
    msg_error "No ${APP} Installation Found!"
    exit
  fi
  if check_for_gh_release "kima-hub" "Chevron7Locked/kima-hub"; then
    msg_info "Stopping Services"
    systemctl stop kima-frontend kima-backend kima-analyzer kima-analyzer-clap
    msg_ok "Stopped Services"
    msg_info "Backing up Data"
    cp /opt/kima-hub/backend/.env /opt/kima-hub-backend-env.bak
    cp /opt/kima-hub/frontend/.env /opt/kima-hub-frontend-env.bak
    msg_ok "Backed up Data"
    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "kima-hub" "Chevron7Locked/kima-hub" "tarball"
    msg_info "Restoring Data"
    cp /opt/kima-hub-backend-env.bak /opt/kima-hub/backend/.env
    cp /opt/kima-hub-frontend-env.bak /opt/kima-hub/frontend/.env
    rm -f /opt/kima-hub-backend-env.bak /opt/kima-hub-frontend-env.bak
    msg_ok "Restored Data"
    msg_info "Rebuilding Backend"
    cd /opt/kima-hub/backend
    $STD npm install
    $STD npm run build
    $STD npx prisma generate
    $STD npx prisma migrate deploy
    msg_ok "Rebuilt Backend"
    msg_info "Rebuilding Frontend"
    cd /opt/kima-hub/frontend
    $STD npm install
    $STD npm run build
    msg_ok "Rebuilt Frontend"
    msg_info "Starting Services"
    systemctl start kima-backend kima-frontend kima-analyzer kima-analyzer-clap
    msg_ok "Started Services"
    msg_ok "Updated successfully!"
  fi
  exit
 }
 start
 build_container
 description
 msg_ok "Completed successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Access it using the following URL:${CL}"
 echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3030${CL}"
--- a/ct/overseerr.sh
+++ b/ct/overseerr.sh
@@ -28,7 +28,7 @@ function update_script() {
    exit
  fi
-  if [[ -f "$HOME/.overseerr" ]] && [[ "$(printf '%s\n' "1.35.0" "$(cat "$HOME/.overseerr")" | sort -V | head -n1)" == "1.35.0" ]]; then
+  if [[ -f "$HOME/.overseerr" ]] && [[ "$(cat "$HOME/.overseerr")" == "1.34.0" ]]; then
    echo
    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
    echo "Overseerr v1.34.0 detected."
--- a/ct/vikunja.sh
+++ b/ct/vikunja.sh
@@ -65,7 +65,6 @@ function update_script() {
    msg_ok "Stopped Service"
    fetch_and_deploy_gh_release "vikunja" "go-vikunja/vikunja" "binary"
    $STD systemctl daemon-reload
    msg_info "Starting Service"
    systemctl start vikunja
--- a/docs/contribution/README.md
+++ b/docs/contribution/README.md
@@ -175,7 +175,7 @@ All scripts and configurations must follow our coding standards to ensure consis
 ### Available Guides
 - **[CONTRIBUTING.md](CONTRIBUTING.md)** - Essential coding standards and best practices
- **[CODE-AUDIT.md](CODE-AUDIT.md)** - Code review checklist and audit procedures
+- **[CODE_AUDIT.md](CODE_AUDIT.md)** - Code review checklist and audit procedures
 - **[GUIDE.md](GUIDE.md)** - Comprehensive contribution guide
 - **[HELPER_FUNCTIONS.md](HELPER_FUNCTIONS.md)** - Reference for all tools.func helper functions
 - **Container Scripts** - `/ct/` templates and guidelines
--- a/frontend/public/json/github-versions.json
+++ b/frontend/public/json/github-versions.json
@@ -1,5 +1,5 @@
 {
-  "generated": "2026-02-26T18:16:20Z",
+  "generated": "2026-02-25T12:14:52Z",
  "versions": [
    {
      "slug": "2fauth",
@@ -109,9 +109,9 @@
    {
      "slug": "bazarr",
      "repo": "morpheus65535/bazarr",
-      "version": "v1.5.6",
+      "version": "v1.5.5",
      "pinned": false,
-      "date": "2026-02-26T11:33:11Z"
+      "date": "2026-02-01T18:00:34Z"
    },
    {
      "slug": "bentopdf",
@@ -151,9 +151,9 @@
    {
      "slug": "booklore",
      "repo": "booklore-app/BookLore",
-      "version": "v2.0.2",
+      "version": "v2.0.1",
      "pinned": false,
-      "date": "2026-02-25T19:59:20Z"
+      "date": "2026-02-24T04:15:33Z"
    },
    {
      "slug": "bookstack",
@@ -242,9 +242,9 @@
    {
      "slug": "cosmos",
      "repo": "azukaar/Cosmos-Server",
-      "version": "v0.21.2",
+      "version": "v0.20.2",
      "pinned": false,
-      "date": "2026-02-26T11:32:33Z"
+      "date": "2026-01-24T00:12:39Z"
    },
    {
      "slug": "cronicle",
@@ -270,16 +270,16 @@
    {
      "slug": "databasus",
      "repo": "databasus/databasus",
-      "version": "v3.16.3",
+      "version": "v3.16.2",
      "pinned": false,
-      "date": "2026-02-25T19:57:26Z"
+      "date": "2026-02-22T21:10:12Z"
    },
    {
      "slug": "dawarich",
      "repo": "Freika/dawarich",
-      "version": "1.3.0",
+      "version": "1.2.0",
      "pinned": false,
-      "date": "2026-02-25T19:30:25Z"
+      "date": "2026-02-15T22:33:56Z"
    },
    {
      "slug": "discopanel",
@@ -452,9 +452,9 @@
    {
      "slug": "gitea-mirror",
      "repo": "RayLabsHQ/gitea-mirror",
-      "version": "v3.9.5",
+      "version": "v3.9.4",
      "pinned": false,
-      "date": "2026-02-26T05:32:12Z"
+      "date": "2026-02-24T06:17:56Z"
    },
    {
      "slug": "glance",
@@ -606,16 +606,16 @@
    {
      "slug": "invoiceninja",
      "repo": "invoiceninja/invoiceninja",
-      "version": "v5.12.68",
+      "version": "v5.12.66",
      "pinned": false,
-      "date": "2026-02-25T19:38:19Z"
+      "date": "2026-02-24T09:12:50Z"
    },
    {
      "slug": "jackett",
      "repo": "Jackett/Jackett",
-      "version": "v0.24.1218",
+      "version": "v0.24.1205",
      "pinned": false,
-      "date": "2026-02-26T05:55:11Z"
+      "date": "2026-02-25T05:49:14Z"
    },
    {
      "slug": "jellystat",
@@ -627,9 +627,9 @@
    {
      "slug": "joplin-server",
      "repo": "laurent22/joplin",
-      "version": "v3.5.13",
+      "version": "v3.5.12",
      "pinned": false,
-      "date": "2026-02-25T21:19:11Z"
+      "date": "2026-01-17T14:20:33Z"
    },
    {
      "slug": "jotty",
@@ -666,19 +666,12 @@
      "pinned": false,
      "date": "2026-02-20T09:19:45Z"
    },
    {
      "slug": "kima-hub",
      "repo": "Chevron7Locked/kima-hub",
      "version": "v1.5.7",
      "pinned": false,
      "date": "2026-02-23T23:58:59Z"
    },
    {
      "slug": "kimai",
      "repo": "kimai/kimai",
-      "version": "2.50.0",
+      "version": "2.49.0",
      "pinned": false,
-      "date": "2026-02-25T20:13:51Z"
+      "date": "2026-02-15T20:40:19Z"
    },
    {
      "slug": "kitchenowl",
@@ -718,9 +711,9 @@
    {
      "slug": "kubo",
      "repo": "ipfs/kubo",
-      "version": "v0.40.0",
+      "version": "v0.39.0",
      "pinned": false,
-      "date": "2026-02-25T23:16:17Z"
+      "date": "2025-11-27T03:47:38Z"
    },
    {
      "slug": "kutt",
@@ -816,9 +809,9 @@
    {
      "slug": "mail-archiver",
      "repo": "s1t5/mail-archiver",
-      "version": "2602.4",
+      "version": "2602.3",
      "pinned": false,
-      "date": "2026-02-26T08:43:01Z"
+      "date": "2026-02-22T20:24:18Z"
    },
    {
      "slug": "managemydamnlife",
@@ -830,9 +823,9 @@
    {
      "slug": "manyfold",
      "repo": "manyfold3d/manyfold",
-      "version": "v0.133.1",
+      "version": "v0.133.0",
      "pinned": false,
-      "date": "2026-02-26T15:50:34Z"
+      "date": "2026-02-25T10:40:26Z"
    },
    {
      "slug": "mealie",
@@ -970,9 +963,9 @@
    {
      "slug": "oauth2-proxy",
      "repo": "oauth2-proxy/oauth2-proxy",
-      "version": "v7.14.3",
+      "version": "v7.14.2",
      "pinned": false,
-      "date": "2026-02-26T14:10:21Z"
+      "date": "2026-01-18T00:26:09Z"
    },
    {
      "slug": "ombi",
@@ -1061,9 +1054,9 @@
    {
      "slug": "paperless-gpt",
      "repo": "icereed/paperless-gpt",
-      "version": "v0.25.1",
+      "version": "v0.25.0",
      "pinned": false,
-      "date": "2026-02-26T14:50:11Z"
+      "date": "2026-02-16T08:31:48Z"
    },
    {
      "slug": "paperless-ngx",
@@ -1173,9 +1166,9 @@
    {
      "slug": "prometheus",
      "repo": "prometheus/prometheus",
-      "version": "v3.10.0",
+      "version": "v3.9.1",
      "pinned": false,
-      "date": "2026-02-26T01:19:51Z"
+      "date": "2026-01-07T17:05:53Z"
    },
    {
      "slug": "prometheus-alertmanager",
@@ -1271,9 +1264,9 @@
    {
      "slug": "radicale",
      "repo": "Kozea/Radicale",
-      "version": "v3.6.1",
+      "version": "v3.6.0",
      "pinned": false,
-      "date": "2026-02-24T06:36:23Z"
+      "date": "2026-01-10T06:56:46Z"
    },
    {
      "slug": "rclone",
@@ -1299,9 +1292,9 @@
    {
      "slug": "recyclarr",
      "repo": "recyclarr/recyclarr",
-      "version": "v8.3.2",
+      "version": "v8.3.1",
      "pinned": false,
-      "date": "2026-02-25T22:39:51Z"
+      "date": "2026-02-25T01:01:31Z"
    },
    {
      "slug": "reitti",
@@ -1397,9 +1390,9 @@
    {
      "slug": "signoz",
      "repo": "SigNoz/signoz-otel-collector",
-      "version": "v0.144.2",
+      "version": "v0.144.1",
      "pinned": false,
-      "date": "2026-02-26T05:57:26Z"
+      "date": "2026-02-25T05:57:17Z"
    },
    {
      "slug": "silverbullet",
@@ -1607,9 +1600,9 @@
    {
      "slug": "tunarr",
      "repo": "chrisbenincasa/tunarr",
-      "version": "v1.1.17",
+      "version": "v1.1.16",
      "pinned": false,
-      "date": "2026-02-25T19:56:36Z"
+      "date": "2026-02-23T21:24:47Z"
    },
    {
      "slug": "uhf",
@@ -1670,9 +1663,9 @@
    {
      "slug": "vikunja",
      "repo": "go-vikunja/vikunja",
-      "version": "v2.0.0",
+      "version": "v1.1.0",
      "pinned": false,
-      "date": "2026-02-25T13:58:47Z"
+      "date": "2026-02-09T10:34:29Z"
    },
    {
      "slug": "wallabag",
@@ -1786,13 +1779,6 @@
      "pinned": false,
      "date": "2026-02-24T15:15:46Z"
    },
    {
      "slug": "zerobyte",
      "repo": "restic/restic",
      "version": "v0.18.1",
      "pinned": false,
      "date": "2025-09-21T18:24:38Z"
    },
    {
      "slug": "zigbee2mqtt",
      "repo": "Koenkk/zigbee2mqtt",
--- a/frontend/public/json/immich.json
+++ b/frontend/public/json/immich.json
@@ -51,10 +51,6 @@
    {
      "text": "Logs: `/var/log/immich`",
      "type": "info"
    },
    {
      "text": "During first install, 5 custom libraries need to be compiled from source. Depending on your CPU, this can take anywhere between 15 minutes and 2 hours. Please be patient. Touch grass or something.",
      "type": "warning"
    }
  ]
 }
--- a/frontend/public/json/kima-hub.json
+++ b/frontend/public/json/kima-hub.json
@@ -1,48 +0,0 @@
 {
  "name": "Kima-Hub",
  "slug": "kima-hub",
  "categories": [
    13
  ],
  "date_created": "2026-02-26",
  "type": "ct",
  "updateable": true,
  "privileged": false,
  "interface_port": 3030,
  "documentation": "https://github.com/Chevron7Locked/kima-hub#readme",
  "website": "https://github.com/Chevron7Locked/kima-hub",
  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/kima-hub.webp",
  "config_path": "/opt/kima-hub/backend/.env",
  "description": "Self-hosted, on-demand audio streaming platform with AI-powered vibe matching, mood detection, smart playlists, and Lidarr/Audiobookshelf integration.",
  "install_methods": [
    {
      "type": "default",
      "script": "ct/kima-hub.sh",
      "resources": {
        "cpu": 4,
        "ram": 8192,
        "hdd": 20,
        "os": "Debian",
        "version": "13"
      }
    }
  ],
  "default_credentials": {
    "username": null,
    "password": null
  },
  "notes": [
    {
      "text": "First user to register becomes the administrator.",
      "type": "info"
    },
    {
      "text": "Mount your music library to /music in the container.",
      "type": "warning"
    },
    {
      "text": "Audio analysis (mood/vibe detection) requires significant RAM (2-4GB per worker).",
      "type": "info"
    }
  ]
 }
--- a/install/booklore-install.sh
+++ b/install/booklore-install.sh
@@ -13,10 +13,6 @@ setting_up_container
 network_check
 update_os
 msg_info "Installing Dependencies"
 $STD apt install -y ffmpeg
 msg_ok "Installed Dependencies"
 JAVA_VERSION="25" setup_java
 NODE_VERSION="22" setup_nodejs
 setup_mariadb
--- a/install/immich-install.sh
+++ b/install/immich-install.sh
@@ -154,7 +154,7 @@ sed -i -e "/^#shared_preload/s/^#//;/^shared_preload/s/''/'vchord.so'/" /etc/pos
 systemctl restart postgresql.service
 PG_DB_NAME="immich" PG_DB_USER="immich" PG_DB_GRANT_SUPERUSER="true" PG_DB_SKIP_ALTER_ROLE="true" setup_postgresql_db
-msg_warn "Compiling Custom Photo-processing Libraries (can take anywhere from 15min to 2h)"
+msg_info "Compiling Custom Photo-processing Library (extreme patience)"
 LD_LIBRARY_PATH=/usr/local/lib
 export LD_RUN_PATH=/usr/local/lib
 STAGING_DIR=/opt/staging
--- a/install/kima-hub-install.sh
+++ b/install/kima-hub-install.sh
@@ -1,212 +0,0 @@
 #!/usr/bin/env bash
 # Copyright (c) 2021-2026 community-scripts ORG
 # Author: MickLesk (CanbiZ)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://github.com/Chevron7Locked/kima-hub
 source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
 color
 verb_ip6
 catch_errors
 setting_up_container
 network_check
 update_os
 msg_info "Installing Dependencies"
 $STD apt-get install -y \
  build-essential \
  git \
  openssl \
  ffmpeg \
  python3 \
  python3-pip \
  python3-dev \
  python3-numpy \
  redis-server
 msg_ok "Installed Dependencies"
 PG_VERSION="16" PG_MODULES="pgvector" setup_postgresql
 PG_DB_NAME="kima" PG_DB_USER="kima" PG_DB_GRANT_SUPERUSER="true" setup_postgresql_db
 NODE_VERSION="20" setup_nodejs
 msg_info "Configuring Redis"
 systemctl enable -q --now redis-server
 msg_ok "Configured Redis"
 fetch_and_deploy_gh_release "kima-hub" "Chevron7Locked/kima-hub" "tarball"
 msg_info "Installing Python Dependencies"
 export PIP_BREAK_SYSTEM_PACKAGES=1
 $STD pip3 install --no-cache-dir \
  tensorflow \
  essentia-tensorflow \
  redis \
  psycopg2-binary \
  laion-clap \
  torch \
  torchaudio \
  librosa \
  transformers \
  pgvector \
  python-dotenv \
  requests
 msg_ok "Installed Python Dependencies"
 msg_info "Downloading Essentia ML Models"
 mkdir -p /opt/kima-hub/models
 cd /opt/kima-hub/models
 curl -fsSL -o msd-musicnn-1.pb "https://essentia.upf.edu/models/autotagging/msd/msd-musicnn-1.pb"
 curl -fsSL -o mood_happy-msd-musicnn-1.pb "https://essentia.upf.edu/models/classification-heads/mood_happy/mood_happy-msd-musicnn-1.pb"
 curl -fsSL -o mood_sad-msd-musicnn-1.pb "https://essentia.upf.edu/models/classification-heads/mood_sad/mood_sad-msd-musicnn-1.pb"
 curl -fsSL -o mood_relaxed-msd-musicnn-1.pb "https://essentia.upf.edu/models/classification-heads/mood_relaxed/mood_relaxed-msd-musicnn-1.pb"
 curl -fsSL -o mood_aggressive-msd-musicnn-1.pb "https://essentia.upf.edu/models/classification-heads/mood_aggressive/mood_aggressive-msd-musicnn-1.pb"
 curl -fsSL -o mood_party-msd-musicnn-1.pb "https://essentia.upf.edu/models/classification-heads/mood_party/mood_party-msd-musicnn-1.pb"
 curl -fsSL -o mood_acoustic-msd-musicnn-1.pb "https://essentia.upf.edu/models/classification-heads/mood_acoustic/mood_acoustic-msd-musicnn-1.pb"
 curl -fsSL -o mood_electronic-msd-musicnn-1.pb "https://essentia.upf.edu/models/classification-heads/mood_electronic/mood_electronic-msd-musicnn-1.pb"
 curl -fsSL -o danceability-msd-musicnn-1.pb "https://essentia.upf.edu/models/classification-heads/danceability/danceability-msd-musicnn-1.pb"
 curl -fsSL -o voice_instrumental-msd-musicnn-1.pb "https://essentia.upf.edu/models/classification-heads/voice_instrumental/voice_instrumental-msd-musicnn-1.pb"
 msg_ok "Downloaded Essentia ML Models"
 msg_info "Downloading CLAP Model"
 curl -fsSL -o /opt/kima-hub/models/music_audioset_epoch_15_esc_90.14.pt "https://huggingface.co/lukewys/laion_clap/resolve/main/music_audioset_epoch_15_esc_90.14.pt"
 msg_ok "Downloaded CLAP Model"
 msg_info "Building Backend"
 cd /opt/kima-hub/backend
 $STD npm ci
 $STD npm run build
 msg_ok "Built Backend"
 msg_info "Configuring Backend"
 SESSION_SECRET=$(openssl rand -hex 32)
 ENCRYPTION_KEY=$(openssl rand -hex 32)
 cat <<EOF >/opt/kima-hub/backend/.env
 NODE_ENV=production
 DATABASE_URL=postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}
 REDIS_URL=redis://localhost:6379
 PORT=3006
 MUSIC_PATH=/music
 TRANSCODE_CACHE_PATH=/opt/kima-hub/cache/transcodes
 SESSION_SECRET=${SESSION_SECRET}
 SETTINGS_ENCRYPTION_KEY=${ENCRYPTION_KEY}
 INTERNAL_API_SECRET=$(openssl rand -hex 16)
 EOF
 msg_ok "Configured Backend"
 msg_info "Running Database Migrations"
 cd /opt/kima-hub/backend
 $STD npx prisma generate
 $STD npx prisma migrate deploy
 msg_ok "Ran Database Migrations"
 msg_info "Building Frontend"
 cd /opt/kima-hub/frontend
 $STD npm ci
 export NEXT_PUBLIC_BACKEND_URL=http://127.0.0.1:3006
 $STD npm run build
 msg_ok "Built Frontend"
 msg_info "Configuring Frontend"
 cat <<EOF >/opt/kima-hub/frontend/.env
 NODE_ENV=production
 BACKEND_URL=http://localhost:3006
 PORT=3030
 EOF
 msg_ok "Configured Frontend"
 msg_info "Creating Directories"
 mkdir -p /opt/kima-hub/cache/transcodes
 mkdir -p /music
 msg_ok "Created Directories"
 msg_info "Creating Services"
 cat <<EOF >/etc/systemd/system/kima-backend.service
 [Unit]
 Description=Kima Hub Backend
 After=network.target postgresql.service redis-server.service
 Wants=postgresql.service redis-server.service
 [Service]
 Type=simple
 User=root
 WorkingDirectory=/opt/kima-hub/backend
 EnvironmentFile=/opt/kima-hub/backend/.env
 ExecStart=/usr/bin/node /opt/kima-hub/backend/dist/index.js
 Restart=on-failure
 RestartSec=5
 [Install]
 WantedBy=multi-user.target
 EOF
 cat <<EOF >/etc/systemd/system/kima-frontend.service
 [Unit]
 Description=Kima Hub Frontend
 After=network.target kima-backend.service
 [Service]
 Type=simple
 User=root
 WorkingDirectory=/opt/kima-hub/frontend
 EnvironmentFile=/opt/kima-hub/frontend/.env
 ExecStart=/usr/bin/npm start
 Restart=on-failure
 RestartSec=5
 [Install]
 WantedBy=multi-user.target
 EOF
 cat <<EOF >/etc/systemd/system/kima-analyzer.service
 [Unit]
 Description=Kima Hub Audio Analyzer (Essentia)
 After=network.target postgresql.service redis-server.service kima-backend.service
 [Service]
 Type=simple
 User=root
 WorkingDirectory=/opt/kima-hub/services/audio-analyzer
 Environment=DATABASE_URL=postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}
 Environment=REDIS_URL=redis://localhost:6379
 Environment=MUSIC_PATH=/music
 Environment=BATCH_SIZE=10
 Environment=SLEEP_INTERVAL=5
 Environment=NUM_WORKERS=2
 Environment=THREADS_PER_WORKER=1
 ExecStart=/usr/bin/python3 /opt/kima-hub/services/audio-analyzer/analyzer.py
 Restart=on-failure
 RestartSec=10
 [Install]
 WantedBy=multi-user.target
 EOF
 cat <<EOF >/etc/systemd/system/kima-analyzer-clap.service
 [Unit]
 Description=Kima Hub CLAP Audio Analyzer
 After=network.target postgresql.service redis-server.service kima-backend.service kima-analyzer.service
 [Service]
 Type=simple
 User=root
 WorkingDirectory=/opt/kima-hub/services/audio-analyzer-clap
 Environment=DATABASE_URL=postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}
 Environment=REDIS_URL=redis://localhost:6379
 Environment=BACKEND_URL=http://localhost:3006
 Environment=MUSIC_PATH=/music
 Environment=SLEEP_INTERVAL=5
 Environment=NUM_WORKERS=1
 ExecStart=/usr/bin/python3 /opt/kima-hub/services/audio-analyzer-clap/analyzer.py
 Restart=on-failure
 RestartSec=10
 [Install]
 WantedBy=multi-user.target
 EOF
 systemctl enable -q --now kima-backend kima-frontend kima-analyzer kima-analyzer-clap
 msg_ok "Created Services"
 motd_ssh
 customize
 cleanup_lxc
--- a/install/wger-install.sh
+++ b/install/wger-install.sh
@@ -164,7 +164,7 @@ server {
    location / {
        proxy_pass http://127.0.0.1:8000;
-        proxy_set_header Host $http_host;
+        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_redirect off;
--- a/misc/tools.func
+++ b/misc/tools.func
@@ -783,25 +783,16 @@ github_api_call() {
  for attempt in $(seq 1 $max_retries); do
    local http_code
-    http_code=$(curl -sSL -w "%{http_code}" -o "$output_file" \
+    http_code=$(curl -fsSL -w "%{http_code}" -o "$output_file" \
      -H "Accept: application/vnd.github+json" \
      -H "X-GitHub-Api-Version: 2022-11-28" \
      "${header_args[@]}" \
-      "$url" 2>/dev/null) || true
+      "$url" 2>/dev/null || echo "000")
    case "$http_code" in
    200)
      return 0
      ;;
    401)
      msg_error "GitHub API authentication failed (HTTP 401)."
      if [[ -n "${GITHUB_TOKEN:-}" ]]; then
        msg_error "Your GITHUB_TOKEN appears to be invalid or expired."
      else
        msg_error "The repository may require authentication. Try: export GITHUB_TOKEN=\"ghp_your_token\""
      fi
      return 1
      ;;
    403)
      # Rate limit - check if we can retry
      if [[ $attempt -lt $max_retries ]]; then
@@ -810,22 +801,11 @@ github_api_call() {
        retry_delay=$((retry_delay * 2))
        continue
      fi
-      msg_error "GitHub API rate limit exceeded (HTTP 403)."
+      msg_error "GitHub API rate limit exceeded. Set GITHUB_TOKEN to increase limits."
      msg_error "To increase the limit, export a GitHub token before running the script:"
      msg_error "  export GITHUB_TOKEN=\"ghp_your_token_here\""
      return 1
      ;;
    404)
-      msg_error "GitHub repository or release not found (HTTP 404): $url"
+      msg_error "GitHub API endpoint not found: $url"
      return 1
      ;;
    000 | "")
      if [[ $attempt -lt $max_retries ]]; then
        sleep "$retry_delay"
        continue
      fi
      msg_error "GitHub API connection failed (no response)."
      msg_error "Check your network/DNS: curl -sSL https://api.github.com/rate_limit"
      return 1
      ;;
    *)
@@ -833,7 +813,7 @@ github_api_call() {
        sleep "$retry_delay"
        continue
      fi
-      msg_error "GitHub API call failed (HTTP $http_code)."
+      msg_error "GitHub API call failed with HTTP $http_code"
      return 1
      ;;
    esac
@@ -853,18 +833,14 @@ codeberg_api_call() {
  for attempt in $(seq 1 $max_retries); do
    local http_code
-    http_code=$(curl -sSL -w "%{http_code}" -o "$output_file" \
+    http_code=$(curl -fsSL -w "%{http_code}" -o "$output_file" \
      -H "Accept: application/json" \
-      "$url" 2>/dev/null) || true
+      "$url" 2>/dev/null || echo "000")
    case "$http_code" in
    200)
      return 0
      ;;
    401)
      msg_error "Codeberg API authentication failed (HTTP 401)."
      return 1
      ;;
    403)
      # Rate limit - retry
      if [[ $attempt -lt $max_retries ]]; then
@@ -873,20 +849,11 @@ codeberg_api_call() {
        retry_delay=$((retry_delay * 2))
        continue
      fi
-      msg_error "Codeberg API rate limit exceeded (HTTP 403)."
+      msg_error "Codeberg API rate limit exceeded."
      return 1
      ;;
    404)
-      msg_error "Codeberg repository or release not found (HTTP 404): $url"
+      msg_error "Codeberg API endpoint not found: $url"
      return 1
      ;;
    000 | "")
      if [[ $attempt -lt $max_retries ]]; then
        sleep "$retry_delay"
        continue
      fi
      msg_error "Codeberg API connection failed (no response)."
      msg_error "Check your network/DNS: curl -sSL https://codeberg.org"
      return 1
      ;;
    *)
@@ -894,7 +861,7 @@ codeberg_api_call() {
        sleep "$retry_delay"
        continue
      fi
-      msg_error "Codeberg API call failed (HTTP $http_code)."
+      msg_error "Codeberg API call failed with HTTP $http_code"
      return 1
      ;;
    esac
@@ -1474,7 +1441,7 @@ get_latest_github_release() {
  if ! github_api_call "https://api.github.com/repos/${repo}/releases/latest" "$temp_file"; then
    rm -f "$temp_file"
-    return 0
+    return 1
  fi
  local version
@@ -1482,8 +1449,7 @@ get_latest_github_release() {
  rm -f "$temp_file"
  if [[ -z "$version" ]]; then
-    msg_error "Could not determine latest version for ${repo}"
+    return 1
    return 0
  fi
  echo "$version"
@@ -1500,7 +1466,7 @@ get_latest_codeberg_release() {
  # Codeberg API: get all releases and pick the first non-draft/non-prerelease
  if ! codeberg_api_call "https://codeberg.org/api/v1/repos/${repo}/releases" "$temp_file"; then
    rm -f "$temp_file"
-    return 0
+    return 1
  fi
  local version
@@ -1514,8 +1480,7 @@ get_latest_codeberg_release() {
  rm -f "$temp_file"
  if [[ -z "$version" ]]; then
-    msg_error "Could not determine latest version for ${repo}"
+    return 1
    return 0
  fi
  echo "$version"
@@ -1602,34 +1567,13 @@ get_latest_gh_tag() {
    "${header_args[@]}" \
    "https://api.github.com/repos/${repo}/tags?per_page=100" 2>/dev/null) || true
  if [[ "$http_code" == "401" ]]; then
    msg_error "GitHub API authentication failed (HTTP 401)."
    if [[ -n "${GITHUB_TOKEN:-}" ]]; then
      msg_error "Your GITHUB_TOKEN appears to be invalid or expired."
    else
      msg_error "The repository may require authentication. Try: export GITHUB_TOKEN=\"ghp_your_token\""
    fi
    rm -f /tmp/gh_tags.json
    return 1
  fi
  if [[ "$http_code" == "403" ]]; then
-    msg_error "GitHub API rate limit exceeded (HTTP 403)."
+    msg_warn "GitHub API rate limit exceeded while fetching tags for ${repo}"
    msg_error "To increase the limit, export a GitHub token before running the script:"
    msg_error "  export GITHUB_TOKEN=\"ghp_your_token_here\""
    rm -f /tmp/gh_tags.json
    return 1
  fi
  if [[ "$http_code" == "000" || -z "$http_code" ]]; then
    msg_error "GitHub API connection failed (no response)."
    msg_error "Check your network/DNS: curl -sSL https://api.github.com/rate_limit"
    rm -f /tmp/gh_tags.json
    return 1
  fi
  if [[ "$http_code" != "200" ]] || [[ ! -s /tmp/gh_tags.json ]]; then
    msg_error "Unable to fetch tags for ${repo} (HTTP ${http_code})"
    rm -f /tmp/gh_tags.json
    return 1
  fi
@@ -1715,15 +1659,6 @@ check_for_gh_release() {
    if [[ "$http_code" == "200" ]] && [[ -s /tmp/gh_check.json ]]; then
      releases_json="[$(</tmp/gh_check.json)]"
    elif [[ "$http_code" == "401" ]]; then
      msg_error "GitHub API authentication failed (HTTP 401)."
      if [[ -n "${GITHUB_TOKEN:-}" ]]; then
        msg_error "Your GITHUB_TOKEN appears to be invalid or expired."
      else
        msg_error "The repository may require authentication. Try: export GITHUB_TOKEN=\"ghp_your_token\""
      fi
      rm -f /tmp/gh_check.json
      return 1
    elif [[ "$http_code" == "403" ]]; then
      msg_error "GitHub API rate limit exceeded (HTTP 403)."
      msg_error "To increase the limit, export a GitHub token before running the script:"
@@ -1744,26 +1679,12 @@ check_for_gh_release() {
    if [[ "$http_code" == "200" ]] && [[ -s /tmp/gh_check.json ]]; then
      releases_json=$(</tmp/gh_check.json)
    elif [[ "$http_code" == "401" ]]; then
      msg_error "GitHub API authentication failed (HTTP 401)."
      if [[ -n "${GITHUB_TOKEN:-}" ]]; then
        msg_error "Your GITHUB_TOKEN appears to be invalid or expired."
      else
        msg_error "The repository may require authentication. Try: export GITHUB_TOKEN=\"ghp_your_token\""
      fi
      rm -f /tmp/gh_check.json
      return 1
    elif [[ "$http_code" == "403" ]]; then
      msg_error "GitHub API rate limit exceeded (HTTP 403)."
      msg_error "To increase the limit, export a GitHub token before running the script:"
      msg_error "  export GITHUB_TOKEN=\"ghp_your_token_here\""
      rm -f /tmp/gh_check.json
      return 1
    elif [[ "$http_code" == "000" || -z "$http_code" ]]; then
      msg_error "GitHub API connection failed (no response)."
      msg_error "Check your network/DNS: curl -sSL https://api.github.com/rate_limit"
      rm -f /tmp/gh_check.json
      return 1
    else
      msg_error "Unable to fetch releases for ${app} (HTTP ${http_code})"
      rm -f /tmp/gh_check.json
@@ -2687,22 +2608,12 @@ function fetch_and_deploy_gh_release() {
  done
  if ! $success; then
-    if [[ "$http_code" == "401" ]]; then
+    if [[ "$http_code" == "403" ]]; then
      msg_error "GitHub API authentication failed (HTTP 401)."
      if [[ -n "${GITHUB_TOKEN:-}" ]]; then
        msg_error "Your GITHUB_TOKEN appears to be invalid or expired."
      else
        msg_error "The repository may require authentication. Try: export GITHUB_TOKEN=\"ghp_your_token\""
      fi
    elif [[ "$http_code" == "403" ]]; then
      msg_error "GitHub API rate limit exceeded (HTTP 403)."
      msg_error "To increase the limit, export a GitHub token before running the script:"
      msg_error "  export GITHUB_TOKEN=\"ghp_your_token_here\""
    elif [[ "$http_code" == "000" || -z "$http_code" ]]; then
      msg_error "GitHub API connection failed (no response)."
      msg_error "Check your network/DNS: curl -sSL https://api.github.com/rate_limit"
    else
-      msg_error "Failed to fetch release metadata (HTTP $http_code)"
+      msg_error "Failed to fetch release metadata from $api_url after $max_retries attempts (HTTP $http_code)"
    fi
    return 1
  fi
@@ -4237,18 +4148,6 @@ NVIDIA_PIN
  # VA-API for hybrid setups (Intel + NVIDIA)
  $STD apt-get -y install va-driver-all vainfo 2>/dev/null || true
  # Fix GLX alternatives: nvidia-alternative diverts mesa libs but in LXC
  # containers the nvidia GLX libs are typically missing, leaving libGL.so.1
  # pointing nowhere. Fall back to mesa if nvidia GLX dir is empty/missing.
  if command -v update-glx &>/dev/null; then
    local nvidia_glx_dir="/usr/lib/nvidia"
    if [[ ! -f "${nvidia_glx_dir}/libGL.so.1" ]] && [[ -d /usr/lib/mesa-diverted ]]; then
      msg_info "NVIDIA GLX libs missing in container - falling back to mesa"
      $STD update-glx --set glx /usr/lib/mesa-diverted 2>/dev/null || true
      ldconfig 2>/dev/null || true
    fi
  fi
  msg_ok "NVIDIA GPU configured"
 }
--- a/tools/addon/add-tailscale-lxc.sh
+++ b/tools/addon/add-tailscale-lxc.sh
@@ -76,90 +76,70 @@ grep -q "lxc.mount.entry: /dev/net/tun" "$CTID_CONFIG_PATH" || echo "lxc.mount.e
 header_info
 msg_info "Installing Tailscale in CT $CTID"
-pct exec "$CTID" -- sh -c '
+pct exec "$CTID" -- bash -c '
 set -e
 export DEBIAN_FRONTEND=noninteractive
-# Detect OS inside container
+# Source os-release properly (handles quoted values)
-if [ -f /etc/alpine-release ]; then
+source /etc/os-release
  # ── Alpine Linux ──
  echo "[INFO] Alpine Linux detected, installing Tailscale via apk..."
-  # Enable community repo if not already enabled
+# Fallback if DNS is poisoned or blocked
-  if ! grep -q "^[^#].*community" /etc/apk/repositories 2>/dev/null; then
+ORIG_RESOLV="/etc/resolv.conf"
-    ALPINE_VERSION=$(cat /etc/alpine-release | cut -d. -f1,2)
+BACKUP_RESOLV="/tmp/resolv.conf.backup"
    echo "https://dl-cdn.alpinelinux.org/alpine/v${ALPINE_VERSION}/community" >> /etc/apk/repositories
  fi
-  apk update
+# Check DNS resolution using multiple methods (dig may not be installed)
-  apk add --no-cache tailscale
+dns_check_failed=true
-
+if command -v dig &>/dev/null; then
-  # Enable and start Tailscale service
+  if dig +short pkgs.tailscale.com 2>/dev/null | grep -qvE "^127\.|^0\.0\.0\.0$|^$"; then
  rc-update add tailscale default 2>/dev/null || true
  rc-service tailscale start 2>/dev/null || true
 else
  # ── Debian / Ubuntu ──
  export DEBIAN_FRONTEND=noninteractive
  # Source os-release properly (handles quoted values)
  . /etc/os-release
  # Fallback if DNS is poisoned or blocked
  ORIG_RESOLV="/etc/resolv.conf"
  BACKUP_RESOLV="/tmp/resolv.conf.backup"
  # Check DNS resolution using multiple methods (dig may not be installed)
  dns_check_failed=true
  if command -v dig >/dev/null 2>&1; then
    if dig +short pkgs.tailscale.com 2>/dev/null | grep -qvE "^127\.|^0\.0\.0\.0$|^$"; then
      dns_check_failed=false
    fi
  elif command -v host >/dev/null 2>&1; then
    if host pkgs.tailscale.com 2>/dev/null | grep -q "has address"; then
      dns_check_failed=false
    fi
  elif command -v nslookup >/dev/null 2>&1; then
    if nslookup pkgs.tailscale.com 2>/dev/null | grep -q "Address:"; then
      dns_check_failed=false
    fi
  elif command -v getent >/dev/null 2>&1; then
    if getent hosts pkgs.tailscale.com >/dev/null 2>&1; then
      dns_check_failed=false
    fi
  else
    # No DNS tools available, try curl directly and assume DNS works
    dns_check_failed=false
  fi
-
+elif command -v host &>/dev/null; then
-  if $dns_check_failed; then
+  if host pkgs.tailscale.com 2>/dev/null | grep -q "has address"; then
-    echo "[INFO] DNS resolution for pkgs.tailscale.com failed (blocked or redirected)."
+    dns_check_failed=false
    echo "[INFO] Temporarily overriding /etc/resolv.conf with Cloudflare DNS (1.1.1.1)"
    cp "$ORIG_RESOLV" "$BACKUP_RESOLV"
    echo "nameserver 1.1.1.1" >"$ORIG_RESOLV"
  fi
-
+elif command -v nslookup &>/dev/null; then
-  if ! command -v curl >/dev/null 2>&1; then
+  if nslookup pkgs.tailscale.com 2>/dev/null | grep -q "Address:"; then
-    echo "[INFO] curl not found, installing..."
+    dns_check_failed=false
    apt-get update -qq
    apt-get install -y curl >/dev/null
  fi
 elif command -v getent &>/dev/null; then
  if getent hosts pkgs.tailscale.com &>/dev/null; then
    dns_check_failed=false
  fi
 else
  # No DNS tools available, try curl directly and assume DNS works
  dns_check_failed=false
 fi
-  # Ensure keyrings directory exists
+if $dns_check_failed; then
-  mkdir -p /usr/share/keyrings
+  echo "[INFO] DNS resolution for pkgs.tailscale.com failed (blocked or redirected)."
-
+  echo "[INFO] Temporarily overriding /etc/resolv.conf with Cloudflare DNS (1.1.1.1)"
-  curl -fsSL "https://pkgs.tailscale.com/stable/${ID}/${VERSION_CODENAME}.noarmor.gpg" \
+  cp "$ORIG_RESOLV" "$BACKUP_RESOLV"
-    | tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
+  echo "nameserver 1.1.1.1" >"$ORIG_RESOLV"
-
+fi
  echo "deb [signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/${ID} ${VERSION_CODENAME} main" \
    >/etc/apt/sources.list.d/tailscale.list
 if ! command -v curl &>/dev/null; then
  echo "[INFO] curl not found, installing..."
  apt-get update -qq
-  apt-get install -y tailscale >/dev/null
+ apt update -qq
 apt install -y curl >/dev/null
 fi
-  if [ -f /tmp/resolv.conf.backup ]; then
+# Ensure keyrings directory exists
-    echo "[INFO] Restoring original /etc/resolv.conf"
+mkdir -p /usr/share/keyrings
-    mv /tmp/resolv.conf.backup /etc/resolv.conf
+
-  fi
+curl -fsSL "https://pkgs.tailscale.com/stable/${ID}/${VERSION_CODENAME}.noarmor.gpg" \
  | tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
 echo "deb [signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/${ID} ${VERSION_CODENAME} main" \
  >/etc/apt/sources.list.d/tailscale.list
 apt-get update -qq
 apt update -qq
 apt install -y tailscale >/dev/null
 if [[ -f /tmp/resolv.conf.backup ]]; then
  echo "[INFO] Restoring original /etc/resolv.conf"
  mv /tmp/resolv.conf.backup /etc/resolv.conf
 fi
 '
--- a/tools/addon/adguardhome-sync.sh
+++ b/tools/addon/adguardhome-sync.sh
@@ -7,12 +7,8 @@
 if ! command -v curl &>/dev/null; then
  printf "\r\e[2K%b" '\033[93m Setup Source \033[m' >&2
-  if [[ -f "/etc/alpine-release" ]]; then
+  apt-get update >/dev/null 2>&1
-    apk -U add curl >/dev/null 2>&1
+  apt-get install -y curl >/dev/null 2>&1
  else
    apt-get update >/dev/null 2>&1
    apt-get install -y curl >/dev/null 2>&1
  fi
 fi
 source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/core.func)
 source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/tools.func)
@@ -55,7 +51,7 @@ EOF
 # HELPER FUNCTIONS
 # ==============================================================================
 get_ip() {
- ifconfig | grep -v '127.0.0.1' | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -m1 -Eo '([0-9]*\.){3}[0-9]*' || echo "127.0.0.1"
+  hostname -I 2>/dev/null | awk '{print $1}' || echo "127.0.0.1"
 }
 # ==============================================================================
@@ -72,16 +68,6 @@ else
  exit 1
 fi
 # ==============================================================================
 # DEPENDENCY CHECK
 # ==============================================================================
 if ! command -v jq &>/dev/null; then
  printf "\r\e[2K%b" '\033[93m Installing jq \033[m' >&2
  if [[ "$OS" == "Alpine" ]]; then
    apk -U add jq >/dev/null 2>&1
  fi
 fi
 # ==============================================================================
 # UNINSTALL
 # ==============================================================================