Add Alpine support and improve Tailscale install

Detect Alpine inside the LXC container and install Tailscale via apk (add community repo if missing), enable/start the service. Preserve Debian/Ubuntu install path but improve DNS resolution checks, temporarily override /etc/resolv.conf if DNS appears blocked, and restore it afterwards. Switch pct exec to use sh -c, tighten command existence checks and redirections, ensure curl and keyring directory are present, add Tailscale apt source and install package. Overall robustness and error-handling improvements for installing Tailscale in containers.

.github/workflows/close-new-script-prs.yml

@@ -1,119 +0,0 @@
-name: Close Unauthorized New Script PRs
-
-on:
-  pull_request_target:
-    branches: ["main"]
-    types: [opened, labeled]
-
-jobs:
-  check-new-script:
-    if: github.repository == 'community-scripts/ProxmoxVE'
-    runs-on: coolify-runner
-    permissions:
-      pull-requests: write
-      contents: read
-    steps:
-      - name: Close PR if unauthorized new script submission
-        uses: actions/github-script@v7
-        with:
-          script: |
-            const pr = context.payload.pull_request;
-            const prNumber = pr.number;
-            const author = pr.user.login;
-            const authorType = pr.user.type; // "User" or "Bot"
-            const owner = context.repo.owner;
-            const repo = context.repo.repo;
-
-            // --- Only act on PRs with the "new script" label ---
-            const labels = pr.labels.map(l => l.name);
-            if (!labels.includes("new script")) {
-              core.info(`PR #${prNumber} does not have "new script" label — skipping.`);
-              return;
-            }
-
-            // --- Allow our bots ---
-            const allowedBots = [
-              "push-app-to-main[bot]",
-              "push-app-to-main",
-            ];
-
-            if (allowedBots.includes(author)) {
-              core.info(`PR #${prNumber} by allowed bot "${author}" — skipping.`);
-              return;
-            }
-
-            // --- Check if author is a member of the contributor team ---
-            const teamSlug = "contributor";
-            let isMember = false;
-
-            try {
-              const { status } = await github.rest.teams.getMembershipForUserInOrg({
-                org: owner,
-                team_slug: teamSlug,
-                username: author,
-              });
-              // status 200 means the user is a member (active or pending)
-              isMember = true;
-            } catch (error) {
-              if (error.status === 404) {
-                isMember = false;
-              } else {
-                core.warning(`Could not check team membership for ${author}: ${error.message}`);
-                // Fallback: check org membership
-                try {
-                  await github.rest.orgs.checkMembershipForUser({
-                    org: owner,
-                    username: author,
-                  });
-                  isMember = true;
-                } catch {
-                  isMember = false;
-                }
-              }
-            }
-
-            if (isMember) {
-              core.info(`PR #${prNumber} by contributor "${author}" — skipping.`);
-              return;
-            }
-
-            // --- Unauthorized: close the PR with a comment ---
-            core.info(`Closing PR #${prNumber} by "${author}" — not a contributor or allowed bot.`);
-
-            const comment = [
-              `👋 Hi @${author},`,
-              ``,
-              `Thank you for your interest in contributing a new script!`,
-              ``,
-              `However, **new scripts must first be submitted to our development repository** for testing and review before they can be merged here.`,
-              ``,
-              `> 🛑 New scripts must be submitted to [**ProxmoxVED**](https://github.com/community-scripts/ProxmoxVED) for testing.`,
-              `> PRs without prior testing will be closed.`,
-              ``,
-              `Please open your PR at **https://github.com/community-scripts/ProxmoxVED** instead.`,
-              `Once your script has been tested and approved there, it will be pushed to this repository automatically.`,
-              ``,
-              `This PR will now be closed. Thank you for understanding! 🙏`,
-            ].join("\n");
-
-            await github.rest.issues.createComment({
-              owner,
-              repo,
-              issue_number: prNumber,
-              body: comment,
-            });
-
-            await github.rest.pulls.update({
-              owner,
-              repo,
-              pull_number: prNumber,
-              state: "closed",
-            });
-
-            // Add a label to indicate why it was closed
-            await github.rest.issues.addLabels({
-              owner,
-              repo,
-              issue_number: prNumber,
-              labels: ["not a script issue"],
-            });

CHANGELOG.md

@@ -409,10 +409,6 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 ## 2026-02-26
 
-### 🆕 New Scripts
-
-  - Kima-Hub ([#12319](https://github.com/community-scripts/ProxmoxVE/pull/12319))
-
 ### 🚀 Updated Scripts
 
   - #### ✨ New Features

ct/headers/kima-hub

@@ -1,6 +0,0 @@
-    __ __ _                       __  __      __  
-   / //_/(_)___ ___  ____ _      / / / /_  __/ /_ 
-  / ,<  / / __ `__ \/ __ `/_____/ /_/ / / / / __ \
- / /| |/ / / / / / / /_/ /_____/ __  / /_/ / /_/ /
-/_/ |_/_/_/ /_/ /_/\__,_/     /_/ /_/\__,_/_.___/ 
-                                                  

ct/kima-hub.sh

@@ -1,79 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/Chevron7Locked/kima-hub
-
-APP="Kima-Hub"
-var_tags="${var_tags:-music;streaming;media}"
-var_cpu="${var_cpu:-4}"
-var_ram="${var_ram:-8192}"
-var_disk="${var_disk:-20}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/kima-hub ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "kima-hub" "Chevron7Locked/kima-hub"; then
-    msg_info "Stopping Services"
-    systemctl stop kima-frontend kima-backend kima-analyzer kima-analyzer-clap
-    msg_ok "Stopped Services"
-
-    msg_info "Backing up Data"
-    cp /opt/kima-hub/backend/.env /opt/kima-hub-backend-env.bak
-    cp /opt/kima-hub/frontend/.env /opt/kima-hub-frontend-env.bak
-    msg_ok "Backed up Data"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "kima-hub" "Chevron7Locked/kima-hub" "tarball"
-
-    msg_info "Restoring Data"
-    cp /opt/kima-hub-backend-env.bak /opt/kima-hub/backend/.env
-    cp /opt/kima-hub-frontend-env.bak /opt/kima-hub/frontend/.env
-    rm -f /opt/kima-hub-backend-env.bak /opt/kima-hub-frontend-env.bak
-    msg_ok "Restored Data"
-
-    msg_info "Rebuilding Backend"
-    cd /opt/kima-hub/backend
-    $STD npm install
-    $STD npm run build
-    $STD npx prisma generate
-    $STD npx prisma migrate deploy
-    msg_ok "Rebuilt Backend"
-
-    msg_info "Rebuilding Frontend"
-    cd /opt/kima-hub/frontend
-    $STD npm install
-    $STD npm run build
-    msg_ok "Rebuilt Frontend"
-
-    msg_info "Starting Services"
-    systemctl start kima-backend kima-frontend kima-analyzer kima-analyzer-clap
-    msg_ok "Started Services"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3030${CL}"

frontend/public/json/github-versions.json

@@ -1,5 +1,5 @@
 {
-  "generated": "2026-02-26T12:14:56Z",
+  "generated": "2026-02-26T06:22:43Z",
   "versions": [
     {
       "slug": "2fauth",
@@ -109,9 +109,9 @@
     {
       "slug": "bazarr",
       "repo": "morpheus65535/bazarr",
-      "version": "v1.5.6",
+      "version": "v1.5.5",
       "pinned": false,
-      "date": "2026-02-26T11:33:11Z"
+      "date": "2026-02-01T18:00:34Z"
     },
     {
       "slug": "bentopdf",
@@ -242,9 +242,9 @@
     {
       "slug": "cosmos",
       "repo": "azukaar/Cosmos-Server",
-      "version": "v0.21.2",
+      "version": "v0.21.0",
       "pinned": false,
-      "date": "2026-02-26T11:32:33Z"
+      "date": "2026-02-25T17:26:37Z"
     },
     {
       "slug": "cronicle",
@@ -666,13 +666,6 @@
       "pinned": false,
       "date": "2026-02-20T09:19:45Z"
     },
-    {
-      "slug": "kima-hub",
-      "repo": "Chevron7Locked/kima-hub",
-      "version": "v1.5.7",
-      "pinned": false,
-      "date": "2026-02-23T23:58:59Z"
-    },
     {
       "slug": "kimai",
       "repo": "kimai/kimai",
@@ -816,9 +809,9 @@
     {
       "slug": "mail-archiver",
       "repo": "s1t5/mail-archiver",
-      "version": "2602.4",
+      "version": "2602.3",
       "pinned": false,
-      "date": "2026-02-26T08:43:01Z"
+      "date": "2026-02-22T20:24:18Z"
     },
     {
       "slug": "managemydamnlife",

frontend/public/json/kima-hub.json

@@ -1,48 +0,0 @@
-{
-  "name": "Kima-Hub",
-  "slug": "kima-hub",
-  "categories": [
-    13
-  ],
-  "date_created": "2026-02-26",
-  "type": "ct",
-  "updateable": true,
-  "privileged": false,
-  "interface_port": 3030,
-  "documentation": "https://github.com/Chevron7Locked/kima-hub#readme",
-  "website": "https://github.com/Chevron7Locked/kima-hub",
-  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/kima-hub.webp",
-  "config_path": "/opt/kima-hub/backend/.env",
-  "description": "Self-hosted, on-demand audio streaming platform with AI-powered vibe matching, mood detection, smart playlists, and Lidarr/Audiobookshelf integration.",
-  "install_methods": [
-    {
-      "type": "default",
-      "script": "ct/kima-hub.sh",
-      "resources": {
-        "cpu": 4,
-        "ram": 8192,
-        "hdd": 20,
-        "os": "Debian",
-        "version": "13"
-      }
-    }
-  ],
-  "default_credentials": {
-    "username": null,
-    "password": null
-  },
-  "notes": [
-    {
-      "text": "First user to register becomes the administrator.",
-      "type": "info"
-    },
-    {
-      "text": "Mount your music library to /music in the container.",
-      "type": "warning"
-    },
-    {
-      "text": "Audio analysis (mood/vibe detection) requires significant RAM (2-4GB per worker).",
-      "type": "info"
-    }
-  ]
-}

install/kima-hub-install.sh

@@ -1,212 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/Chevron7Locked/kima-hub
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt-get install -y \
-  build-essential \
-  git \
-  openssl \
-  ffmpeg \
-  python3 \
-  python3-pip \
-  python3-dev \
-  python3-numpy \
-  redis-server
-msg_ok "Installed Dependencies"
-
-PG_VERSION="16" PG_MODULES="pgvector" setup_postgresql
-PG_DB_NAME="kima" PG_DB_USER="kima" PG_DB_GRANT_SUPERUSER="true" setup_postgresql_db
-NODE_VERSION="20" setup_nodejs
-
-msg_info "Configuring Redis"
-systemctl enable -q --now redis-server
-msg_ok "Configured Redis"
-
-fetch_and_deploy_gh_release "kima-hub" "Chevron7Locked/kima-hub" "tarball"
-
-msg_info "Installing Python Dependencies"
-export PIP_BREAK_SYSTEM_PACKAGES=1
-$STD pip3 install --no-cache-dir \
-  tensorflow \
-  essentia-tensorflow \
-  redis \
-  psycopg2-binary \
-  laion-clap \
-  torch \
-  torchaudio \
-  librosa \
-  transformers \
-  pgvector \
-  python-dotenv \
-  requests
-msg_ok "Installed Python Dependencies"
-
-msg_info "Downloading Essentia ML Models"
-mkdir -p /opt/kima-hub/models
-cd /opt/kima-hub/models
-curl -fsSL -o msd-musicnn-1.pb "https://essentia.upf.edu/models/autotagging/msd/msd-musicnn-1.pb"
-curl -fsSL -o mood_happy-msd-musicnn-1.pb "https://essentia.upf.edu/models/classification-heads/mood_happy/mood_happy-msd-musicnn-1.pb"
-curl -fsSL -o mood_sad-msd-musicnn-1.pb "https://essentia.upf.edu/models/classification-heads/mood_sad/mood_sad-msd-musicnn-1.pb"
-curl -fsSL -o mood_relaxed-msd-musicnn-1.pb "https://essentia.upf.edu/models/classification-heads/mood_relaxed/mood_relaxed-msd-musicnn-1.pb"
-curl -fsSL -o mood_aggressive-msd-musicnn-1.pb "https://essentia.upf.edu/models/classification-heads/mood_aggressive/mood_aggressive-msd-musicnn-1.pb"
-curl -fsSL -o mood_party-msd-musicnn-1.pb "https://essentia.upf.edu/models/classification-heads/mood_party/mood_party-msd-musicnn-1.pb"
-curl -fsSL -o mood_acoustic-msd-musicnn-1.pb "https://essentia.upf.edu/models/classification-heads/mood_acoustic/mood_acoustic-msd-musicnn-1.pb"
-curl -fsSL -o mood_electronic-msd-musicnn-1.pb "https://essentia.upf.edu/models/classification-heads/mood_electronic/mood_electronic-msd-musicnn-1.pb"
-curl -fsSL -o danceability-msd-musicnn-1.pb "https://essentia.upf.edu/models/classification-heads/danceability/danceability-msd-musicnn-1.pb"
-curl -fsSL -o voice_instrumental-msd-musicnn-1.pb "https://essentia.upf.edu/models/classification-heads/voice_instrumental/voice_instrumental-msd-musicnn-1.pb"
-msg_ok "Downloaded Essentia ML Models"
-
-msg_info "Downloading CLAP Model"
-curl -fsSL -o /opt/kima-hub/models/music_audioset_epoch_15_esc_90.14.pt "https://huggingface.co/lukewys/laion_clap/resolve/main/music_audioset_epoch_15_esc_90.14.pt"
-msg_ok "Downloaded CLAP Model"
-
-msg_info "Building Backend"
-cd /opt/kima-hub/backend
-$STD npm ci
-$STD npm run build
-msg_ok "Built Backend"
-
-msg_info "Configuring Backend"
-SESSION_SECRET=$(openssl rand -hex 32)
-ENCRYPTION_KEY=$(openssl rand -hex 32)
-cat <<EOF >/opt/kima-hub/backend/.env
-NODE_ENV=production
-DATABASE_URL=postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}
-REDIS_URL=redis://localhost:6379
-PORT=3006
-MUSIC_PATH=/music
-TRANSCODE_CACHE_PATH=/opt/kima-hub/cache/transcodes
-SESSION_SECRET=${SESSION_SECRET}
-SETTINGS_ENCRYPTION_KEY=${ENCRYPTION_KEY}
-INTERNAL_API_SECRET=$(openssl rand -hex 16)
-EOF
-msg_ok "Configured Backend"
-
-msg_info "Running Database Migrations"
-cd /opt/kima-hub/backend
-$STD npx prisma generate
-$STD npx prisma migrate deploy
-msg_ok "Ran Database Migrations"
-
-msg_info "Building Frontend"
-cd /opt/kima-hub/frontend
-$STD npm ci
-export NEXT_PUBLIC_BACKEND_URL=http://127.0.0.1:3006
-$STD npm run build
-msg_ok "Built Frontend"
-
-msg_info "Configuring Frontend"
-cat <<EOF >/opt/kima-hub/frontend/.env
-NODE_ENV=production
-BACKEND_URL=http://localhost:3006
-PORT=3030
-EOF
-msg_ok "Configured Frontend"
-
-msg_info "Creating Directories"
-mkdir -p /opt/kima-hub/cache/transcodes
-mkdir -p /music
-msg_ok "Created Directories"
-
-msg_info "Creating Services"
-cat <<EOF >/etc/systemd/system/kima-backend.service
-[Unit]
-Description=Kima Hub Backend
-After=network.target postgresql.service redis-server.service
-Wants=postgresql.service redis-server.service
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/kima-hub/backend
-EnvironmentFile=/opt/kima-hub/backend/.env
-ExecStart=/usr/bin/node /opt/kima-hub/backend/dist/index.js
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-cat <<EOF >/etc/systemd/system/kima-frontend.service
-[Unit]
-Description=Kima Hub Frontend
-After=network.target kima-backend.service
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/kima-hub/frontend
-EnvironmentFile=/opt/kima-hub/frontend/.env
-ExecStart=/usr/bin/npm start
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-cat <<EOF >/etc/systemd/system/kima-analyzer.service
-[Unit]
-Description=Kima Hub Audio Analyzer (Essentia)
-After=network.target postgresql.service redis-server.service kima-backend.service
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/kima-hub/services/audio-analyzer
-Environment=DATABASE_URL=postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}
-Environment=REDIS_URL=redis://localhost:6379
-Environment=MUSIC_PATH=/music
-Environment=BATCH_SIZE=10
-Environment=SLEEP_INTERVAL=5
-Environment=NUM_WORKERS=2
-Environment=THREADS_PER_WORKER=1
-ExecStart=/usr/bin/python3 /opt/kima-hub/services/audio-analyzer/analyzer.py
-Restart=on-failure
-RestartSec=10
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-cat <<EOF >/etc/systemd/system/kima-analyzer-clap.service
-[Unit]
-Description=Kima Hub CLAP Audio Analyzer
-After=network.target postgresql.service redis-server.service kima-backend.service kima-analyzer.service
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/kima-hub/services/audio-analyzer-clap
-Environment=DATABASE_URL=postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}
-Environment=REDIS_URL=redis://localhost:6379
-Environment=BACKEND_URL=http://localhost:3006
-Environment=MUSIC_PATH=/music
-Environment=SLEEP_INTERVAL=5
-Environment=NUM_WORKERS=1
-ExecStart=/usr/bin/python3 /opt/kima-hub/services/audio-analyzer-clap/analyzer.py
-Restart=on-failure
-RestartSec=10
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now kima-backend kima-frontend kima-analyzer kima-analyzer-clap
-msg_ok "Created Services"
-
-motd_ssh
-customize
-cleanup_lxc

tools/addon/add-tailscale-lxc.sh

@@ -76,70 +76,90 @@ grep -q "lxc.mount.entry: /dev/net/tun" "$CTID_CONFIG_PATH" || echo "lxc.mount.e
 header_info
 msg_info "Installing Tailscale in CT $CTID"
 
-pct exec "$CTID" -- bash -c '
+pct exec "$CTID" -- sh -c '
 set -e
-export DEBIAN_FRONTEND=noninteractive
 
-# Source os-release properly (handles quoted values)
+# Detect OS inside container
-source /etc/os-release
+if [ -f /etc/alpine-release ]; then
+  # ── Alpine Linux ──
+  echo "[INFO] Alpine Linux detected, installing Tailscale via apk..."
 
-# Fallback if DNS is poisoned or blocked
+  # Enable community repo if not already enabled
-ORIG_RESOLV="/etc/resolv.conf"
+  if ! grep -q "^[^#].*community" /etc/apk/repositories 2>/dev/null; then
-BACKUP_RESOLV="/tmp/resolv.conf.backup"
+    ALPINE_VERSION=$(cat /etc/alpine-release | cut -d. -f1,2)
+    echo "https://dl-cdn.alpinelinux.org/alpine/v${ALPINE_VERSION}/community" >> /etc/apk/repositories
+  fi
+
+  apk update
+  apk add --no-cache tailscale
+
+  # Enable and start Tailscale service
+  rc-update add tailscale default 2>/dev/null || true
+  rc-service tailscale start 2>/dev/null || true
 
-# Check DNS resolution using multiple methods (dig may not be installed)
-dns_check_failed=true
-if command -v dig &>/dev/null; then
-  if dig +short pkgs.tailscale.com 2>/dev/null | grep -qvE "^127\.|^0\.0\.0\.0$|^$"; then
-    dns_check_failed=false
-  fi
-elif command -v host &>/dev/null; then
-  if host pkgs.tailscale.com 2>/dev/null | grep -q "has address"; then
-    dns_check_failed=false
-  fi
-elif command -v nslookup &>/dev/null; then
-  if nslookup pkgs.tailscale.com 2>/dev/null | grep -q "Address:"; then
-    dns_check_failed=false
-  fi
-elif command -v getent &>/dev/null; then
-  if getent hosts pkgs.tailscale.com &>/dev/null; then
-    dns_check_failed=false
-  fi
 else
-  # No DNS tools available, try curl directly and assume DNS works
+  # ── Debian / Ubuntu ──
-  dns_check_failed=false
+  export DEBIAN_FRONTEND=noninteractive
-fi
 
-if $dns_check_failed; then
+  # Source os-release properly (handles quoted values)
-  echo "[INFO] DNS resolution for pkgs.tailscale.com failed (blocked or redirected)."
+  . /etc/os-release
-  echo "[INFO] Temporarily overriding /etc/resolv.conf with Cloudflare DNS (1.1.1.1)"
+
-  cp "$ORIG_RESOLV" "$BACKUP_RESOLV"
+  # Fallback if DNS is poisoned or blocked
-  echo "nameserver 1.1.1.1" >"$ORIG_RESOLV"
+  ORIG_RESOLV="/etc/resolv.conf"
-fi
+  BACKUP_RESOLV="/tmp/resolv.conf.backup"
+
+  # Check DNS resolution using multiple methods (dig may not be installed)
+  dns_check_failed=true
+  if command -v dig >/dev/null 2>&1; then
+    if dig +short pkgs.tailscale.com 2>/dev/null | grep -qvE "^127\.|^0\.0\.0\.0$|^$"; then
+      dns_check_failed=false
+    fi
+  elif command -v host >/dev/null 2>&1; then
+    if host pkgs.tailscale.com 2>/dev/null | grep -q "has address"; then
+      dns_check_failed=false
+    fi
+  elif command -v nslookup >/dev/null 2>&1; then
+    if nslookup pkgs.tailscale.com 2>/dev/null | grep -q "Address:"; then
+      dns_check_failed=false
+    fi
+  elif command -v getent >/dev/null 2>&1; then
+    if getent hosts pkgs.tailscale.com >/dev/null 2>&1; then
+      dns_check_failed=false
+    fi
+  else
+    # No DNS tools available, try curl directly and assume DNS works
+    dns_check_failed=false
+  fi
+
+  if $dns_check_failed; then
+    echo "[INFO] DNS resolution for pkgs.tailscale.com failed (blocked or redirected)."
+    echo "[INFO] Temporarily overriding /etc/resolv.conf with Cloudflare DNS (1.1.1.1)"
+    cp "$ORIG_RESOLV" "$BACKUP_RESOLV"
+    echo "nameserver 1.1.1.1" >"$ORIG_RESOLV"
+  fi
+
+  if ! command -v curl >/dev/null 2>&1; then
+    echo "[INFO] curl not found, installing..."
+    apt-get update -qq
+    apt-get install -y curl >/dev/null
+  fi
+
+  # Ensure keyrings directory exists
+  mkdir -p /usr/share/keyrings
+
+  curl -fsSL "https://pkgs.tailscale.com/stable/${ID}/${VERSION_CODENAME}.noarmor.gpg" \
+    | tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
+
+  echo "deb [signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/${ID} ${VERSION_CODENAME} main" \
+    >/etc/apt/sources.list.d/tailscale.list
 
-if ! command -v curl &>/dev/null; then
-  echo "[INFO] curl not found, installing..."
   apt-get update -qq
- apt update -qq
+  apt-get install -y tailscale >/dev/null
- apt install -y curl >/dev/null
-fi
 
-# Ensure keyrings directory exists
+  if [ -f /tmp/resolv.conf.backup ]; then
-mkdir -p /usr/share/keyrings
+    echo "[INFO] Restoring original /etc/resolv.conf"
-
+    mv /tmp/resolv.conf.backup /etc/resolv.conf
-curl -fsSL "https://pkgs.tailscale.com/stable/${ID}/${VERSION_CODENAME}.noarmor.gpg" \
+  fi
-  | tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
-
-echo "deb [signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/${ID} ${VERSION_CODENAME} main" \
-  >/etc/apt/sources.list.d/tailscale.list
-
-apt-get update -qq
-apt update -qq
-apt install -y tailscale >/dev/null
-
-if [[ -f /tmp/resolv.conf.backup ]]; then
-  echo "[INFO] Restoring original /etc/resolv.conf"
-  mv /tmp/resolv.conf.backup /etc/resolv.conf
 fi
 '