Add yamtrack (ct)

.github/workflows/delete-pocketbase-entry-on-removal.yml

@@ -75,8 +75,7 @@ jobs:
             const http = require('http');
             const url = require('url');
 
-            function request(fullUrl, opts, redirectCount) {
-              redirectCount = redirectCount || 0;
+            function request(fullUrl, opts) {
               return new Promise(function(resolve, reject) {
                 const u = url.parse(fullUrl);
                 const isHttps = u.protocol === 'https:';
@@ -91,13 +90,6 @@ jobs:
                 if (body) options.headers['Content-Length'] = Buffer.byteLength(body);
                 const lib = isHttps ? https : http;
                 const req = lib.request(options, function(res) {
-                  if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
-                    if (redirectCount >= 5) return reject(new Error('Too many redirects from ' + fullUrl));
-                    const redirectUrl = url.resolve(fullUrl, res.headers.location);
-                    res.resume();
-                    resolve(request(redirectUrl, opts, redirectCount + 1));
-                    return;
-                  }
                   let data = '';
                   res.on('data', function(chunk) { data += chunk; });
                   res.on('end', function() {

.github/workflows/pocketbase-bot.yml

@@ -1,675 +0,0 @@
-name: PocketBase Bot
-
-on:
-  issue_comment:
-    types: [created]
-
-permissions:
-  issues: write
-  pull-requests: write
-  contents: read
-
-jobs:
-  pocketbase-bot:
-    runs-on: self-hosted
-
-    # Only act on /pocketbase commands
-    if: startsWith(github.event.comment.body, '/pocketbase')
-
-    steps:
-      - name: Execute PocketBase bot command
-        env:
-          POCKETBASE_URL: ${{ secrets.POCKETBASE_URL }}
-          POCKETBASE_COLLECTION: ${{ secrets.POCKETBASE_COLLECTION }}
-          POCKETBASE_ADMIN_EMAIL: ${{ secrets.POCKETBASE_ADMIN_EMAIL }}
-          POCKETBASE_ADMIN_PASSWORD: ${{ secrets.POCKETBASE_ADMIN_PASSWORD }}
-          COMMENT_BODY: ${{ github.event.comment.body }}
-          COMMENT_ID: ${{ github.event.comment.id }}
-          ISSUE_NUMBER: ${{ github.event.issue.number }}
-          REPO_OWNER: ${{ github.repository_owner }}
-          REPO_NAME: ${{ github.event.repository.name }}
-          ACTOR: ${{ github.event.comment.user.login }}
-          ACTOR_ASSOCIATION: ${{ github.event.comment.author_association }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          node << 'ENDSCRIPT'
-          (async function () {
-            const https = require('https');
-            const http = require('http');
-            const url = require('url');
-
-            // ── HTTP helper with redirect following ────────────────────────────
-            function request(fullUrl, opts, redirectCount) {
-              redirectCount = redirectCount || 0;
-              return new Promise(function (resolve, reject) {
-                const u = url.parse(fullUrl);
-                const isHttps = u.protocol === 'https:';
-                const body = opts.body;
-                const options = {
-                  hostname: u.hostname,
-                  port: u.port || (isHttps ? 443 : 80),
-                  path: u.path,
-                  method: opts.method || 'GET',
-                  headers: opts.headers || {}
-                };
-                if (body) options.headers['Content-Length'] = Buffer.byteLength(body);
-                const lib = isHttps ? https : http;
-                const req = lib.request(options, function (res) {
-                  if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
-                    if (redirectCount >= 5) return reject(new Error('Too many redirects from ' + fullUrl));
-                    const redirectUrl = url.resolve(fullUrl, res.headers.location);
-                    res.resume();
-                    resolve(request(redirectUrl, opts, redirectCount + 1));
-                    return;
-                  }
-                  let data = '';
-                  res.on('data', function (chunk) { data += chunk; });
-                  res.on('end', function () {
-                    resolve({ ok: res.statusCode >= 200 && res.statusCode < 300, statusCode: res.statusCode, body: data });
-                  });
-                });
-                req.on('error', reject);
-                if (body) req.write(body);
-                req.end();
-              });
-            }
-
-            // ── GitHub API helpers ─────────────────────────────────────────────
-            const owner = process.env.REPO_OWNER;
-            const repo = process.env.REPO_NAME;
-            const issueNumber = parseInt(process.env.ISSUE_NUMBER, 10);
-            const commentId = parseInt(process.env.COMMENT_ID, 10);
-            const actor = process.env.ACTOR;
-
-            function ghRequest(path, method, body) {
-              const headers = {
-                'Authorization': 'Bearer ' + process.env.GITHUB_TOKEN,
-                'Accept': 'application/vnd.github+json',
-                'X-GitHub-Api-Version': '2022-11-28',
-                'User-Agent': 'PocketBase-Bot'
-              };
-              const bodyStr = body ? JSON.stringify(body) : undefined;
-              if (bodyStr) headers['Content-Type'] = 'application/json';
-              return request('https://api.github.com' + path, { method: method || 'GET', headers, body: bodyStr });
-            }
-
-            async function addReaction(content) {
-              try {
-                await ghRequest(
-                  '/repos/' + owner + '/' + repo + '/issues/comments/' + commentId + '/reactions',
-                  'POST', { content }
-                );
-              } catch (e) {
-                console.warn('Could not add reaction:', e.message);
-              }
-            }
-
-            async function postComment(text) {
-              const res = await ghRequest(
-                '/repos/' + owner + '/' + repo + '/issues/' + issueNumber + '/comments',
-                'POST', { body: text }
-              );
-              if (!res.ok) console.warn('Could not post comment:', res.body);
-            }
-
-            // ── Permission check ───────────────────────────────────────────────
-            // author_association: OWNER = repo/org owner, MEMBER = org member (includes Contributors team)
-            const association = process.env.ACTOR_ASSOCIATION;
-            if (association !== 'OWNER' && association !== 'MEMBER') {
-              await addReaction('-1');
-              await postComment(
-                '❌ **PocketBase Bot**: @' + actor + ' is not authorized to use this command.\n' +
-                'Only org members (Contributors team) can use `/pocketbase`.'
-              );
-              process.exit(0);
-            }
-
-            // ── Acknowledge ────────────────────────────────────────────────────
-            await addReaction('eyes');
-
-            // ── Parse command ──────────────────────────────────────────────────
-            // Formats (first line of comment):
-            //   /pocketbase <slug> field=value [field=value ...]    ← field updates (simple values)
-            //   /pocketbase <slug> set <field>                       ← value from code block below
-            //   /pocketbase <slug> note list|add|edit|remove ...     ← note management
-            //   /pocketbase <slug> method list                        ← list install methods
-            //   /pocketbase <slug> method <type> cpu=N ram=N hdd=N   ← edit install method resources
-            const commentBody = process.env.COMMENT_BODY || '';
-            const lines = commentBody.trim().split('\n');
-            const firstLine = lines[0].trim();
-            const withoutCmd = firstLine.replace(/^\/pocketbase\s+/, '').trim();
-
-            // Extract code block content from comment body (```...``` or ```lang\n...```)
-            function extractCodeBlock(body) {
-              const m = body.match(/```[^\n]*\n([\s\S]*?)```/);
-              return m ? m[1].trim() : null;
-            }
-            const codeBlockValue = extractCodeBlock(commentBody);
-
-            const HELP_TEXT =
-              '**Field update (simple):** `/pocketbase <slug> field=value [field=value ...]`\n\n' +
-              '**Field update (HTML/multiline) — value from code block:**\n' +
-              '````\n' +
-              '/pocketbase <slug> set description\n' +
-              '```html\n' +
-              '<p>Your <b>HTML</b> or multi-line content here</p>\n' +
-              '```\n' +
-              '````\n\n' +
-              '**Note management:**\n' +
-              '```\n' +
-              '/pocketbase <slug> note list\n' +
-              '/pocketbase <slug> note add <type> "<text>"\n' +
-              '/pocketbase <slug> note edit <type> "<old text>" "<new text>"\n' +
-              '/pocketbase <slug> note remove <type> "<text>"\n' +
-              '```\n\n' +
-              '**Install method resources:**\n' +
-              '```\n' +
-              '/pocketbase <slug> method list\n' +
-              '/pocketbase <slug> method <type> hdd=10\n' +
-              '/pocketbase <slug> method <type> cpu=4 ram=2048 hdd=20\n' +
-              '```\n\n' +
-              '**Editable fields:** `name` `description` `logo` `documentation` `website` `project_url` `github` ' +
-              '`config_path` `port` `default_user` `default_passwd` ' +
-              '`updateable` `privileged` `has_arm` `is_dev` ' +
-              '`is_disabled` `disable_message` `is_deleted` `deleted_message`';
-
-            if (!withoutCmd) {
-              await addReaction('-1');
-              await postComment('❌ **PocketBase Bot**: No slug or command specified.\n\n' + HELP_TEXT);
-              process.exit(0);
-            }
-
-            const spaceIdx = withoutCmd.indexOf(' ');
-            const slug = (spaceIdx === -1 ? withoutCmd : withoutCmd.substring(0, spaceIdx)).trim();
-            const rest = spaceIdx === -1 ? '' : withoutCmd.substring(spaceIdx + 1).trim();
-
-            if (!rest) {
-              await addReaction('-1');
-              await postComment('❌ **PocketBase Bot**: No command specified for slug `' + slug + '`.\n\n' + HELP_TEXT);
-              process.exit(0);
-            }
-
-            // ── Allowed fields and their types ─────────────────────────────────
-            // ── PocketBase: authenticate (shared by all paths) ─────────────────
-            const raw = process.env.POCKETBASE_URL.replace(/\/$/, '');
-            const apiBase = /\/api$/i.test(raw) ? raw : raw + '/api';
-            const coll = process.env.POCKETBASE_COLLECTION;
-
-            const authRes = await request(apiBase + '/collections/users/auth-with-password', {
-              method: 'POST',
-              headers: { 'Content-Type': 'application/json' },
-              body: JSON.stringify({
-                identity: process.env.POCKETBASE_ADMIN_EMAIL,
-                password: process.env.POCKETBASE_ADMIN_PASSWORD
-              })
-            });
-            if (!authRes.ok) {
-              await addReaction('-1');
-              await postComment('❌ **PocketBase Bot**: PocketBase authentication failed. CC @' + owner + '/maintainers');
-              process.exit(1);
-            }
-            const token = JSON.parse(authRes.body).token;
-
-            // ── PocketBase: find record by slug (shared by all paths) ──────────
-            const recordsUrl = apiBase + '/collections/' + encodeURIComponent(coll) + '/records';
-            const filter = "(slug='" + slug.replace(/'/g, "''") + "')";
-            const listRes = await request(recordsUrl + '?filter=' + encodeURIComponent(filter) + '&perPage=1', {
-              headers: { 'Authorization': token }
-            });
-            const list = JSON.parse(listRes.body);
-            const record = list.items && list.items[0];
-
-            if (!record) {
-              await addReaction('-1');
-              await postComment(
-                '❌ **PocketBase Bot**: No record found for slug `' + slug + '`.\n\n' +
-                'Make sure the script was already pushed to PocketBase (JSON must exist and have been synced).'
-              );
-              process.exit(0);
-            }
-
-            // ── Route: dispatch to subcommand handler ──────────────────────────
-            const noteMatch   = rest.match(/^note\s+(list|add|edit|remove)\b/i);
-            const methodMatch = rest.match(/^method\b/i);
-            const setMatch    = rest.match(/^set\s+(\S+)/i);
-
-            if (noteMatch) {
-              // ── NOTE SUBCOMMAND (reads/writes notes_json on script record) ────
-              const noteAction  = noteMatch[1].toLowerCase();
-              const noteArgsStr = rest.substring(noteMatch[0].length).trim();
-
-              // Parse notes_json from the already-fetched script record
-              // PocketBase may return JSON fields as already-parsed objects
-              let notesArr = [];
-              try {
-                const rawNotes = record.notes_json;
-                notesArr = Array.isArray(rawNotes) ? rawNotes : JSON.parse(rawNotes || '[]');
-              } catch (e) { notesArr = []; }
-
-              // Token parser: unquoted-word OR "quoted string" (supports \" escapes)
-              function parseNoteTokens(str) {
-                const tokens = [];
-                let pos = 0;
-                while (pos < str.length) {
-                  while (pos < str.length && /\s/.test(str[pos])) pos++;
-                  if (pos >= str.length) break;
-                  if (str[pos] === '"') {
-                    pos++;
-                    let start = pos;
-                    while (pos < str.length && str[pos] !== '"') {
-                      if (str[pos] === '\\') pos++;
-                      pos++;
-                    }
-                    tokens.push(str.substring(start, pos).replace(/\\"/g, '"'));
-                    if (pos < str.length) pos++;
-                  } else {
-                    let start = pos;
-                    while (pos < str.length && !/\s/.test(str[pos])) pos++;
-                    tokens.push(str.substring(start, pos));
-                  }
-                }
-                return tokens;
-              }
-
-              function formatNotesList(arr) {
-                if (arr.length === 0) return '*None*';
-                return arr.map(function (n, i) {
-                  return (i + 1) + '. **`' + (n.type || '?') + '`**: ' + (n.text || '');
-                }).join('\n');
-              }
-
-              async function patchNotesJson(arr) {
-                const res = await request(recordsUrl + '/' + record.id, {
-                  method: 'PATCH',
-                  headers: { 'Authorization': token, 'Content-Type': 'application/json' },
-                  body: JSON.stringify({ notes_json: JSON.stringify(arr) })
-                });
-                if (!res.ok) {
-                  await addReaction('-1');
-                  await postComment('❌ **PocketBase Bot**: Failed to update `notes_json`:\n```\n' + res.body + '\n```');
-                  process.exit(1);
-                }
-              }
-
-              if (noteAction === 'list') {
-                await addReaction('+1');
-                await postComment(
-                  'ℹ️ **PocketBase Bot**: Notes for **`' + slug + '`** (' + notesArr.length + ' total)\n\n' +
-                  formatNotesList(notesArr)
-                );
-
-              } else if (noteAction === 'add') {
-                const tokens = parseNoteTokens(noteArgsStr);
-                if (tokens.length < 2) {
-                  await addReaction('-1');
-                  await postComment(
-                    '❌ **PocketBase Bot**: `note add` requires `<type>` and `"<text>"`.\n\n' +
-                    '**Usage:** `/pocketbase ' + slug + ' note add <type> "<text>"`'
-                  );
-                  process.exit(0);
-                }
-                const noteType = tokens[0].toLowerCase();
-                const noteText = tokens.slice(1).join(' ');
-                notesArr.push({ type: noteType, text: noteText });
-                await patchNotesJson(notesArr);
-                await addReaction('+1');
-                await postComment(
-                  '✅ **PocketBase Bot**: Added note to **`' + slug + '`**\n\n' +
-                  '- **Type:** `' + noteType + '`\n' +
-                  '- **Text:** ' + noteText + '\n\n' +
-                  '*Executed by @' + actor + '*'
-                );
-
-              } else if (noteAction === 'edit') {
-                const tokens = parseNoteTokens(noteArgsStr);
-                if (tokens.length < 3) {
-                  await addReaction('-1');
-                  await postComment(
-                    '❌ **PocketBase Bot**: `note edit` requires `<type>`, `"<old text>"`, and `"<new text>"`.\n\n' +
-                    '**Usage:** `/pocketbase ' + slug + ' note edit <type> "<old text>" "<new text>"`\n\n' +
-                    'Use `/pocketbase ' + slug + ' note list` to see current notes.'
-                  );
-                  process.exit(0);
-                }
-                const noteType = tokens[0].toLowerCase();
-                const oldText  = tokens[1];
-                const newText  = tokens[2];
-                const idx = notesArr.findIndex(function (n) {
-                  return n.type.toLowerCase() === noteType && n.text === oldText;
-                });
-                if (idx === -1) {
-                  await addReaction('-1');
-                  await postComment(
-                    '❌ **PocketBase Bot**: No `' + noteType + '` note found with that exact text.\n\n' +
-                    '**Current notes for `' + slug + '`:**\n' + formatNotesList(notesArr)
-                  );
-                  process.exit(0);
-                }
-                notesArr[idx].text = newText;
-                await patchNotesJson(notesArr);
-                await addReaction('+1');
-                await postComment(
-                  '✅ **PocketBase Bot**: Edited note in **`' + slug + '`**\n\n' +
-                  '- **Type:** `' + noteType + '`\n' +
-                  '- **Old:** ' + oldText + '\n' +
-                  '- **New:** ' + newText + '\n\n' +
-                  '*Executed by @' + actor + '*'
-                );
-
-              } else if (noteAction === 'remove') {
-                const tokens = parseNoteTokens(noteArgsStr);
-                if (tokens.length < 2) {
-                  await addReaction('-1');
-                  await postComment(
-                    '❌ **PocketBase Bot**: `note remove` requires `<type>` and `"<text>"`.\n\n' +
-                    '**Usage:** `/pocketbase ' + slug + ' note remove <type> "<text>"`\n\n' +
-                    'Use `/pocketbase ' + slug + ' note list` to see current notes.'
-                  );
-                  process.exit(0);
-                }
-                const noteType = tokens[0].toLowerCase();
-                const noteText = tokens[1];
-                const before   = notesArr.length;
-                notesArr = notesArr.filter(function (n) {
-                  return !(n.type.toLowerCase() === noteType && n.text === noteText);
-                });
-                if (notesArr.length === before) {
-                  await addReaction('-1');
-                  await postComment(
-                    '❌ **PocketBase Bot**: No `' + noteType + '` note found with that exact text.\n\n' +
-                    '**Current notes for `' + slug + '`:**\n' + formatNotesList(notesArr)
-                  );
-                  process.exit(0);
-                }
-                await patchNotesJson(notesArr);
-                await addReaction('+1');
-                await postComment(
-                  '✅ **PocketBase Bot**: Removed note from **`' + slug + '`**\n\n' +
-                  '- **Type:** `' + noteType + '`\n' +
-                  '- **Text:** ' + noteText + '\n\n' +
-                  '*Executed by @' + actor + '*'
-                );
-              }
-
-            } else if (methodMatch) {
-              // ── METHOD SUBCOMMAND (reads/writes install_methods_json on script record) ──
-              const methodArgs     = rest.replace(/^method\s*/i, '').trim();
-              const methodListMode = !methodArgs || methodArgs.toLowerCase() === 'list';
-
-              // Parse install_methods_json from the already-fetched script record
-              // PocketBase may return JSON fields as already-parsed objects
-              let methodsArr = [];
-              try {
-                const rawMethods = record.install_methods_json;
-                methodsArr = Array.isArray(rawMethods) ? rawMethods : JSON.parse(rawMethods || '[]');
-              } catch (e) { methodsArr = []; }
-
-              function formatMethodsList(arr) {
-                if (arr.length === 0) return '*None*';
-                return arr.map(function (im, i) {
-                  const r = im.resources || {};
-                  return (i + 1) + '. **`' + (im.type || '?') + '`** — CPU: `' + (r.cpu != null ? r.cpu : '?') +
-                    '` · RAM: `' + (r.ram != null ? r.ram : '?') + ' MB` · HDD: `' + (r.hdd != null ? r.hdd : '?') + ' GB`';
-                }).join('\n');
-              }
-
-              async function patchInstallMethodsJson(arr) {
-                const res = await request(recordsUrl + '/' + record.id, {
-                  method: 'PATCH',
-                  headers: { 'Authorization': token, 'Content-Type': 'application/json' },
-                  body: JSON.stringify({ install_methods_json: JSON.stringify(arr) })
-                });
-                if (!res.ok) {
-                  await addReaction('-1');
-                  await postComment('❌ **PocketBase Bot**: Failed to update `install_methods_json`:\n```\n' + res.body + '\n```');
-                  process.exit(1);
-                }
-              }
-
-              if (methodListMode) {
-                await addReaction('+1');
-                await postComment(
-                  'ℹ️ **PocketBase Bot**: Install methods for **`' + slug + '`** (' + methodsArr.length + ' total)\n\n' +
-                  formatMethodsList(methodsArr)
-                );
-              } else {
-                // Parse: <type> cpu=N ram=N hdd=N
-                const methodParts = methodArgs.match(/^(\S+)\s+(.+)$/);
-                if (!methodParts) {
-                  await addReaction('-1');
-                  await postComment(
-                    '❌ **PocketBase Bot**: Invalid `method` syntax.\n\n' +
-                    '**Usage:**\n```\n/pocketbase ' + slug + ' method list\n/pocketbase ' + slug + ' method <type> hdd=10\n/pocketbase ' + slug + ' method <type> cpu=4 ram=2048 hdd=20\n```'
-                  );
-                  process.exit(0);
-                }
-                const targetType   = methodParts[1].toLowerCase();
-                const resourcesStr = methodParts[2];
-
-                // Parse resource fields (only cpu/ram/hdd allowed)
-                const RESOURCE_FIELDS = { cpu: true, ram: true, hdd: true };
-                const resourceChanges = {};
-                const rePairs = /([a-z]+)=(\d+)/gi;
-                let m;
-                while ((m = rePairs.exec(resourcesStr)) !== null) {
-                  const key = m[1].toLowerCase();
-                  if (RESOURCE_FIELDS[key]) resourceChanges[key] = parseInt(m[2], 10);
-                }
-                if (Object.keys(resourceChanges).length === 0) {
-                  await addReaction('-1');
-                  await postComment('❌ **PocketBase Bot**: No valid resource fields found. Use `cpu=N`, `ram=N`, `hdd=N`.');
-                  process.exit(0);
-                }
-
-                // Find matching method by type name (case-insensitive)
-                const idx = methodsArr.findIndex(function (im) {
-                  return (im.type || '').toLowerCase() === targetType;
-                });
-                if (idx === -1) {
-                  await addReaction('-1');
-                  const availableTypes = methodsArr.map(function (im) { return im.type || '?'; });
-                  await postComment(
-                    '❌ **PocketBase Bot**: No install method with type `' + targetType + '` found for `' + slug + '`.\n\n' +
-                    '**Available types:** `' + (availableTypes.length ? availableTypes.join('`, `') : '(none)') + '`\n\n' +
-                    'Use `/pocketbase ' + slug + ' method list` to see all methods.'
-                  );
-                  process.exit(0);
-                }
-
-                if (!methodsArr[idx].resources) methodsArr[idx].resources = {};
-                if (resourceChanges.cpu != null) methodsArr[idx].resources.cpu = resourceChanges.cpu;
-                if (resourceChanges.ram != null) methodsArr[idx].resources.ram = resourceChanges.ram;
-                if (resourceChanges.hdd != null) methodsArr[idx].resources.hdd = resourceChanges.hdd;
-
-                await patchInstallMethodsJson(methodsArr);
-
-                const changesLines = Object.entries(resourceChanges)
-                  .map(function ([k, v]) { return '- `' + k + '` → `' + v + (k === 'ram' ? ' MB' : k === 'hdd' ? ' GB' : '') + '`'; })
-                  .join('\n');
-                await addReaction('+1');
-                await postComment(
-                  '✅ **PocketBase Bot**: Updated install method **`' + methodsArr[idx].type + '`** for **`' + slug + '`**\n\n' +
-                  '**Changes applied:**\n' + changesLines + '\n\n' +
-                  '*Executed by @' + actor + '*'
-                );
-              }
-
-            } else if (setMatch) {
-              // ── SET SUBCOMMAND (multi-line / HTML / special chars via code block) ──
-              const fieldName = setMatch[1].toLowerCase();
-              const SET_ALLOWED = {
-                name: 'string', description: 'string', logo: 'string',
-                documentation: 'string', website: 'string', project_url: 'string', github: 'string',
-                config_path: 'string', disable_message: 'string', deleted_message: 'string'
-              };
-              if (!SET_ALLOWED[fieldName]) {
-                await addReaction('-1');
-                await postComment(
-                  '❌ **PocketBase Bot**: `set` only supports text fields.\n\n' +
-                  '**Allowed:** `' + Object.keys(SET_ALLOWED).join('`, `') + '`\n\n' +
-                  'For boolean/number fields use `field=value` syntax instead.'
-                );
-                process.exit(0);
-              }
-              if (!codeBlockValue) {
-                await addReaction('-1');
-                await postComment(
-                  '❌ **PocketBase Bot**: `set` requires a code block with the value.\n\n' +
-                  '**Usage:**\n````\n/pocketbase ' + slug + ' set ' + fieldName + '\n```\nYour content here (HTML, multiline, special chars all fine)\n```\n````'
-                );
-                process.exit(0);
-              }
-              const setPayload = {};
-              setPayload[fieldName] = codeBlockValue;
-              const setPatchRes = await request(recordsUrl + '/' + record.id, {
-                method: 'PATCH',
-                headers: { 'Authorization': token, 'Content-Type': 'application/json' },
-                body: JSON.stringify(setPayload)
-              });
-              if (!setPatchRes.ok) {
-                await addReaction('-1');
-                await postComment('❌ **PocketBase Bot**: PATCH failed for `' + slug + '`:\n```\n' + setPatchRes.body + '\n```');
-                process.exit(1);
-              }
-              const preview = codeBlockValue.length > 300 ? codeBlockValue.substring(0, 300) + '…' : codeBlockValue;
-              await addReaction('+1');
-              await postComment(
-                '✅ **PocketBase Bot**: Set `' + fieldName + '` for **`' + slug + '`**\n\n' +
-                '**Value set:**\n```\n' + preview + '\n```\n\n' +
-                '*Executed by @' + actor + '*'
-              );
-
-            } else {
-              // ── FIELD=VALUE PATH ─────────────────────────────────────────────
-              const fieldsStr = rest;
-
-              // Skipped: slug, script_created/updated, created (auto), categories/
-              // install_methods/notes/type (relations), github_data/install_methods_json/
-              // notes_json (auto-generated), execute_in (select relation), last_update_commit (auto)
-              const ALLOWED_FIELDS = {
-                name:             'string',
-                description:      'string',
-                logo:             'string',
-                documentation:    'string',
-                website:          'string',
-                project_url:      'string',
-                github:           'string',
-                config_path:      'string',
-                port:             'number',
-                default_user:     'nullable_string',
-                default_passwd:   'nullable_string',
-                updateable:       'boolean',
-                privileged:       'boolean',
-                has_arm:          'boolean',
-                is_dev:           'boolean',
-                is_disabled:      'boolean',
-                disable_message:  'string',
-                is_deleted:       'boolean',
-                deleted_message:  'string',
-              };
-
-              // Field=value parser (handles quoted values and empty=null)
-              function parseFields(str) {
-                const fields = {};
-                let pos = 0;
-                while (pos < str.length) {
-                  while (pos < str.length && /\s/.test(str[pos])) pos++;
-                  if (pos >= str.length) break;
-                  let keyStart = pos;
-                  while (pos < str.length && str[pos] !== '=' && !/\s/.test(str[pos])) pos++;
-                  const key = str.substring(keyStart, pos).trim();
-                  if (!key || pos >= str.length || str[pos] !== '=') { pos++; continue; }
-                  pos++;
-                  let value;
-                  if (str[pos] === '"') {
-                    pos++;
-                    let valStart = pos;
-                    while (pos < str.length && str[pos] !== '"') {
-                      if (str[pos] === '\\') pos++;
-                      pos++;
-                    }
-                    value = str.substring(valStart, pos).replace(/\\"/g, '"');
-                    if (pos < str.length) pos++;
-                  } else {
-                    let valStart = pos;
-                    while (pos < str.length && !/\s/.test(str[pos])) pos++;
-                    value = str.substring(valStart, pos);
-                  }
-                  fields[key] = value;
-                }
-                return fields;
-              }
-
-              const parsedFields = parseFields(fieldsStr);
-
-              const unknownFields = Object.keys(parsedFields).filter(function (f) { return !ALLOWED_FIELDS[f]; });
-              if (unknownFields.length > 0) {
-                await addReaction('-1');
-                await postComment(
-                  '❌ **PocketBase Bot**: Unknown field(s): `' + unknownFields.join('`, `') + '`\n\n' +
-                  '**Allowed fields:** `' + Object.keys(ALLOWED_FIELDS).join('`, `') + '`'
-                );
-                process.exit(0);
-              }
-
-              if (Object.keys(parsedFields).length === 0) {
-                await addReaction('-1');
-                await postComment('❌ **PocketBase Bot**: Could not parse any valid `field=value` pairs.\n\n' + HELP_TEXT);
-                process.exit(0);
-              }
-
-              // Cast values to correct types
-              const payload = {};
-              for (const [key, rawVal] of Object.entries(parsedFields)) {
-                const type = ALLOWED_FIELDS[key];
-                if (type === 'boolean') {
-                  if (rawVal === 'true') payload[key] = true;
-                  else if (rawVal === 'false') payload[key] = false;
-                  else {
-                    await addReaction('-1');
-                    await postComment('❌ **PocketBase Bot**: `' + key + '` must be `true` or `false`, got: `' + rawVal + '`');
-                    process.exit(0);
-                  }
-                } else if (type === 'number') {
-                  const n = parseInt(rawVal, 10);
-                  if (isNaN(n)) {
-                    await addReaction('-1');
-                    await postComment('❌ **PocketBase Bot**: `' + key + '` must be a number, got: `' + rawVal + '`');
-                    process.exit(0);
-                  }
-                  payload[key] = n;
-                } else if (type === 'nullable_string') {
-                  payload[key] = rawVal === '' ? null : rawVal;
-                } else {
-                  payload[key] = rawVal;
-                }
-              }
-
-              const patchRes = await request(recordsUrl + '/' + record.id, {
-                method: 'PATCH',
-                headers: { 'Authorization': token, 'Content-Type': 'application/json' },
-                body: JSON.stringify(payload)
-              });
-              if (!patchRes.ok) {
-                await addReaction('-1');
-                await postComment('❌ **PocketBase Bot**: PATCH failed for `' + slug + '`:\n```\n' + patchRes.body + '\n```');
-                process.exit(1);
-              }
-              await addReaction('+1');
-              const changesLines = Object.entries(payload)
-                .map(function ([k, v]) { return '- `' + k + '` → `' + JSON.stringify(v) + '`'; })
-                .join('\n');
-              await postComment(
-                '✅ **PocketBase Bot**: Updated **`' + slug + '`** successfully!\n\n' +
-                '**Changes applied:**\n' + changesLines + '\n\n' +
-                '*Executed by @' + actor + '*'
-              );
-            }
-
-            console.log('Done.');
-          })().catch(function (e) {
-            console.error('Fatal error:', e.message || e);
-            process.exit(1);
-          });
-          ENDSCRIPT
-        shell: bash

.github/workflows/push-json-to-pocketbase.yml

@@ -48,8 +48,7 @@ jobs:
           const https = require('https');
           const http = require('http');
           const url = require('url');
-          function request(fullUrl, opts, redirectCount) {
-            redirectCount = redirectCount || 0;
+          function request(fullUrl, opts) {
             return new Promise(function(resolve, reject) {
               const u = url.parse(fullUrl);
               const isHttps = u.protocol === 'https:';
@@ -64,13 +63,6 @@ jobs:
               if (body) options.headers['Content-Length'] = Buffer.byteLength(body);
               const lib = isHttps ? https : http;
               const req = lib.request(options, function(res) {
-                if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
-                  if (redirectCount >= 5) return reject(new Error('Too many redirects from ' + fullUrl));
-                  const redirectUrl = url.resolve(fullUrl, res.headers.location);
-                  res.resume();
-                  resolve(request(redirectUrl, opts, redirectCount + 1));
-                  return;
-                }
                 let data = '';
                 res.on('data', function(chunk) { data += chunk; });
                 res.on('end', function() {
@@ -133,15 +125,15 @@ jobs:
           var osVersionToId = {};
           try {
             const res = await request(apiBase + '/collections/z_ref_note_types/records?perPage=500', { headers: { 'Authorization': token } });
-            if (res.ok) JSON.parse(res.body).items?.forEach(function(item) { if (item.type != null) { noteTypeToId[item.type] = item.id; noteTypeToId[item.type.toLowerCase()] = item.id; } });
+            if (res.ok) JSON.parse(res.body).items?.forEach(function(item) { if (item.type != null) noteTypeToId[item.type] = item.id; });
           } catch (e) { console.warn('z_ref_note_types:', e.message); }
           try {
             const res = await request(apiBase + '/collections/z_ref_install_method_types/records?perPage=500', { headers: { 'Authorization': token } });
-            if (res.ok) JSON.parse(res.body).items?.forEach(function(item) { if (item.type != null) { installMethodTypeToId[item.type] = item.id; installMethodTypeToId[item.type.toLowerCase()] = item.id; } });
+            if (res.ok) JSON.parse(res.body).items?.forEach(function(item) { if (item.type != null) installMethodTypeToId[item.type] = item.id; });
           } catch (e) { console.warn('z_ref_install_method_types:', e.message); }
           try {
             const res = await request(apiBase + '/collections/z_ref_os/records?perPage=500', { headers: { 'Authorization': token } });
-            if (res.ok) JSON.parse(res.body).items?.forEach(function(item) { if (item.os != null) { osToId[item.os] = item.id; osToId[item.os.toLowerCase()] = item.id; } });
+            if (res.ok) JSON.parse(res.body).items?.forEach(function(item) { if (item.os != null) osToId[item.os] = item.id; });
           } catch (e) { console.warn('z_ref_os:', e.message); }
           try {
             const res = await request(apiBase + '/collections/z_ref_os_version/records?perPage=500&expand=os', { headers: { 'Authorization': token } });
@@ -162,7 +154,7 @@ jobs:
               name: data.name,
               slug: data.slug,
               script_created: data.date_created || data.script_created,
-              script_updated: new Date().toISOString().split('T')[0],
+              script_updated: data.date_created || data.script_updated,
               updateable: data.updateable,
               privileged: data.privileged,
               port: data.interface_port != null ? data.interface_port : data.port,
@@ -171,8 +163,8 @@ jobs:
               logo: data.logo,
               description: data.description,
               config_path: data.config_path,
-              default_user: (data.default_credentials && data.default_credentials.username) || data.default_user || null,
-              default_passwd: (data.default_credentials && data.default_credentials.password) || data.default_passwd || null,
+              default_user: (data.default_credentials && data.default_credentials.username) || data.default_user,
+              default_passwd: (data.default_credentials && data.default_credentials.password) || data.default_passwd,
               is_dev: false
             };
             var resolvedType = typeValueToId[data.type];
@@ -198,7 +190,7 @@ jobs:
                 var postRes = await request(notesCollUrl, {
                   method: 'POST',
                   headers: { 'Authorization': token, 'Content-Type': 'application/json' },
-                  body: JSON.stringify({ text: note.text || '', type: typeId, script: scriptId })
+                  body: JSON.stringify({ text: note.text || '', type: typeId })
                 });
                 if (postRes.ok) noteIds.push(JSON.parse(postRes.body).id);
               }

.github/workflows/update-script-timestamp-on-sh-change.yml

@@ -83,8 +83,7 @@ jobs:
             const http = require('http');
             const url = require('url');
 
-            function request(fullUrl, opts, redirectCount) {
-              redirectCount = redirectCount || 0;
+            function request(fullUrl, opts) {
               return new Promise(function(resolve, reject) {
                 const u = url.parse(fullUrl);
                 const isHttps = u.protocol === 'https:';
@@ -99,13 +98,6 @@ jobs:
                 if (body) options.headers['Content-Length'] = Buffer.byteLength(body);
                 const lib = isHttps ? https : http;
                 const req = lib.request(options, function(res) {
-                  if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
-                    if (redirectCount >= 5) return reject(new Error('Too many redirects from ' + fullUrl));
-                    const redirectUrl = url.resolve(fullUrl, res.headers.location);
-                    res.resume();
-                    resolve(request(redirectUrl, opts, redirectCount + 1));
-                    return;
-                  }
                   let data = '';
                   res.on('data', function(chunk) { data += chunk; });
                   res.on('end', function() {
@@ -159,7 +151,7 @@ jobs:
                 method: 'PATCH',
                 headers: { 'Authorization': token, 'Content-Type': 'application/json' },
                 body: JSON.stringify({
-                  script_updated: new Date().toISOString().split('T')[0],
+                  name: record.name || record.slug,
                   last_update_commit: process.env.PR_URL || process.env.COMMIT_URL || ''
                 })
               });

CHANGELOG.md

@@ -423,92 +423,8 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 </details>
 
-## 2026-03-19
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - core: reorder hwaccel setup and adjust GPU group usermod [@MickLesk](https://github.com/MickLesk) ([#13072](https://github.com/community-scripts/ProxmoxVE/pull/13072))
-
-## 2026-03-18
-
-### 🆕 New Scripts
-
-  - Alpine-Ntfy [@MickLesk](https://github.com/MickLesk) ([#13048](https://github.com/community-scripts/ProxmoxVE/pull/13048))
-- Split-Pro ([#12975](https://github.com/community-scripts/ProxmoxVE/pull/12975))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Tdarr: use curl_with_retry and correct exit code [@MickLesk](https://github.com/MickLesk) ([#13060](https://github.com/community-scripts/ProxmoxVE/pull/13060))
-    - reitti: fix: v4 [@CrazyWolf13](https://github.com/CrazyWolf13) ([#13039](https://github.com/community-scripts/ProxmoxVE/pull/13039))
-    - Paperless-NGX: increase default RAM to 3GB [@MickLesk](https://github.com/MickLesk) ([#13018](https://github.com/community-scripts/ProxmoxVE/pull/13018))
-    - Plex: restart service after update to apply new version [@MickLesk](https://github.com/MickLesk) ([#13017](https://github.com/community-scripts/ProxmoxVE/pull/13017))
-
-  - #### ✨ New Features
-
-    - tools: centralize GPU group setup via setup_hwaccel [@MickLesk](https://github.com/MickLesk) ([#13044](https://github.com/community-scripts/ProxmoxVE/pull/13044))
-    - Termix: add guacd build and systemd integration [@MickLesk](https://github.com/MickLesk) ([#12999](https://github.com/community-scripts/ProxmoxVE/pull/12999))
-
-  - #### 🔧 Refactor
-
-    - Podman: replace deprecated commands with Quadlets [@MickLesk](https://github.com/MickLesk) ([#13052](https://github.com/community-scripts/ProxmoxVE/pull/13052))
-    - Refactor: Jellyfin repo, ffmpeg package and symlinks [@MickLesk](https://github.com/MickLesk) ([#13045](https://github.com/community-scripts/ProxmoxVE/pull/13045))
-    - pve-scripts-local: Increase default disk size from 4GB to 10GB [@MickLesk](https://github.com/MickLesk) ([#13009](https://github.com/community-scripts/ProxmoxVE/pull/13009))
-
-### 💾 Core
-
-  - #### ✨ New Features
-
-    - tools.func Implement pg_cron setup for setup_postgresql [@MickLesk](https://github.com/MickLesk) ([#13053](https://github.com/community-scripts/ProxmoxVE/pull/13053))
-    - tools.func: Implement check_for_gh_tag function [@MickLesk](https://github.com/MickLesk) ([#12998](https://github.com/community-scripts/ProxmoxVE/pull/12998))
-    - tools.func: Implement fetch_and_deploy_gh_tag function [@MickLesk](https://github.com/MickLesk) ([#13000](https://github.com/community-scripts/ProxmoxVE/pull/13000))
-
-## 2026-03-17
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Gluetun: add OpenVPN process user and cleanup stale config [@MickLesk](https://github.com/MickLesk) ([#13016](https://github.com/community-scripts/ProxmoxVE/pull/13016))
-    - Frigate: check OpenVino model files exist before configuring detector and use curl_with_retry instead of default wget [@MickLesk](https://github.com/MickLesk) ([#13019](https://github.com/community-scripts/ProxmoxVE/pull/13019))
-
-### 💾 Core
-
-  - #### 🔧 Refactor
-
-    - tools.func: Update `create_self_signed_cert()` [@tremor021](https://github.com/tremor021) ([#13008](https://github.com/community-scripts/ProxmoxVE/pull/13008))
-
-## 2026-03-16
-
-### 🆕 New Scripts
-
-  - Gluetun ([#12976](https://github.com/community-scripts/ProxmoxVE/pull/12976))
-- Anytype-Server ([#12974](https://github.com/community-scripts/ProxmoxVE/pull/12974))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Immich: use gcc-13 for compilation & add uv python pre-install with retry logic [@MickLesk](https://github.com/MickLesk) ([#12935](https://github.com/community-scripts/ProxmoxVE/pull/12935))
-    - Tautulli: add setuptools<81 constraint to update script [@MickLesk](https://github.com/MickLesk) ([#12959](https://github.com/community-scripts/ProxmoxVE/pull/12959))
-    - Seerr: add missing build deps [@MickLesk](https://github.com/MickLesk) ([#12960](https://github.com/community-scripts/ProxmoxVE/pull/12960))
-    - fix: yubal update [@CrazyWolf13](https://github.com/CrazyWolf13) ([#12961](https://github.com/community-scripts/ProxmoxVE/pull/12961))
-
-### 💾 Core
-
-  - #### 🐞 Bug Fixes
-
-    - hwaccel: remove ROCm install from AMD APU setup [@MickLesk](https://github.com/MickLesk) ([#12958](https://github.com/community-scripts/ProxmoxVE/pull/12958))
-
 ## 2026-03-15
 
-### 🆕 New Scripts
-
-  - Yamtrack ([#12936](https://github.com/community-scripts/ProxmoxVE/pull/12936))
-
 ### 🚀 Updated Scripts
 
   - #### 🐞 Bug Fixes
@@ -529,10 +445,6 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
     - core: retry downloads with exponential backoff [@MickLesk](https://github.com/MickLesk) ([#12896](https://github.com/community-scripts/ProxmoxVE/pull/12896))
 
-### ❔ Uncategorized
-
-  - [go2rtc] Add ffmpeg dependency to install script [@Copilot](https://github.com/Copilot) ([#12944](https://github.com/community-scripts/ProxmoxVE/pull/12944))
-
 ## 2026-03-14
 
 ### 🚀 Updated Scripts

ct/alpine-ntfy.sh

@@ -1,50 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: cobalt (cobaltgit)
-# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
-# Source: https://ntfy.sh/
-
-APP="Alpine-ntfy"
-var_tags="${var_tags:-notification}"
-var_cpu="${var_cpu:-1}"
-var_ram="${var_ram:-256}"
-var_disk="${var_disk:-2}"
-var_os="${var_os:-alpine}"
-var_version="${var_version:-3.23}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-  if [[ ! -d /etc/ntfy ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-  msg_info "Updating ntfy LXC"
-  $STD apk -U upgrade
-  setcap 'cap_net_bind_service=+ep' /usr/bin/ntfy
-  msg_ok "Updated ntfy LXC"
-
-  msg_info "Restarting ntfy"
-  rc-service ntfy restart
-  msg_ok "Restarted ntfy"
-  msg_ok "Updated successfully!"
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}${CL}"

ct/anytype-server.sh

@@ -1,67 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://anytype.io
-
-APP="Anytype-Server"
-var_tags="${var_tags:-notes;productivity;sync}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-4096}"
-var_disk="${var_disk:-16}"
-var_os="${var_os:-ubuntu}"
-var_version="${var_version:-24.04}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -f /opt/anytype/any-sync-bundle ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "anytype" "grishy/any-sync-bundle"; then
-    msg_info "Stopping Service"
-    systemctl stop anytype
-    msg_ok "Stopped Service"
-
-    msg_info "Backing up Data"
-    cp -r /opt/anytype/data /opt/anytype_data_backup
-    msg_ok "Backed up Data"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "anytype" "grishy/any-sync-bundle" "prebuild" "latest" "/opt/anytype" "any-sync-bundle_*_linux_amd64.tar.gz"
-    chmod +x /opt/anytype/any-sync-bundle
-
-    msg_info "Restoring Data"
-    cp -r /opt/anytype_data_backup/. /opt/anytype/data
-    rm -rf /opt/anytype_data_backup
-    msg_ok "Restored Data"
-
-    msg_info "Starting Service"
-    systemctl start anytype
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:33010${CL}"
-echo -e "${INFO}${YW} Client config file:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}/opt/anytype/data/client-config.yml${CL}"

ct/gluetun.sh

@@ -1,61 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/qdm12/gluetun
-
-APP="Gluetun"
-var_tags="${var_tags:-vpn;wireguard;openvpn}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-2048}"
-var_disk="${var_disk:-8}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-var_tun="${var_tun:-yes}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -f /usr/local/bin/gluetun ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "gluetun" "qdm12/gluetun"; then
-    msg_info "Stopping Service"
-    systemctl stop gluetun
-    msg_ok "Stopped Service"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "gluetun" "qdm12/gluetun" "tarball"
-
-    msg_info "Building Gluetun"
-    cd /opt/gluetun
-    $STD go mod download
-    CGO_ENABLED=0 $STD go build -trimpath -ldflags="-s -w" -o /usr/local/bin/gluetun ./cmd/gluetun/
-    msg_ok "Built Gluetun"
-
-    msg_info "Starting Service"
-    systemctl start gluetun
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8000${CL}"

ct/headers/alpine-ntfy

@@ -1,6 +0,0 @@
-    ___    __      _                        __  ____     
-   /   |  / /___  (_)___  ___        ____  / /_/ __/_  __
-  / /| | / / __ \/ / __ \/ _ \______/ __ \/ __/ /_/ / / /
- / ___ |/ / /_/ / / / / /  __/_____/ / / / /_/ __/ /_/ / 
-/_/  |_/_/ .___/_/_/ /_/\___/     /_/ /_/\__/_/  \__, /  
-        /_/                                     /____/   

ct/headers/anytype-server

@@ -1,6 +0,0 @@
-    ___                __                        _____                          
-   /   |  ____  __  __/ /___  ______  ___       / ___/___  ______   _____  _____
-  / /| | / __ \/ / / / __/ / / / __ \/ _ \______\__ \/ _ \/ ___/ | / / _ \/ ___/
- / ___ |/ / / / /_/ / /_/ /_/ / /_/ /  __/_____/__/ /  __/ /   | |/ /  __/ /    
-/_/  |_/_/ /_/\__, /\__/\__, / .___/\___/     /____/\___/_/    |___/\___/_/     
-             /____/    /____/_/                                                 

ct/headers/gluetun

@@ -1,6 +0,0 @@
-   ________           __            
-  / ____/ /_  _____  / /___  ______ 
- / / __/ / / / / _ \/ __/ / / / __ \
-/ /_/ / / /_/ /  __/ /_/ /_/ / / / /
-\____/_/\__,_/\___/\__/\__,_/_/ /_/ 
-                                    

ct/headers/split-pro

@@ -1,6 +0,0 @@
-   _____       ___ __        ____           
-  / ___/____  / (_) /_      / __ \_________ 
-  \__ \/ __ \/ / / __/_____/ /_/ / ___/ __ \
- ___/ / /_/ / / / /_/_____/ ____/ /  / /_/ /
-/____/ .___/_/_/\__/     /_/   /_/   \____/ 
-    /_/                                     

ct/headers/yamtrack

@@ -1,6 +0,0 @@
-__  __                __                  __  
-\ \/ /___ _____ ___  / /__________ ______/ /__
- \  / __ `/ __ `__ \/ __/ ___/ __ `/ ___/ //_/
- / / /_/ / / / / / / /_/ /  / /_/ / /__/ ,<   
-/_/\__,_/_/ /_/ /_/\__/_/   \__,_/\___/_/|_|  
-                                              

ct/immich.sh

@@ -76,7 +76,7 @@ EOF
   SOURCE_DIR=${STAGING_DIR}/image-source
   cd /tmp
   if [[ -f ~/.intel_version ]]; then
-    curl_with_retry "https://raw.githubusercontent.com/immich-app/immich/refs/heads/main/machine-learning/Dockerfile" "Dockerfile"
+    curl -fsSLO https://raw.githubusercontent.com/immich-app/immich/refs/heads/main/machine-learning/Dockerfile
     readarray -t INTEL_URLS < <(
       sed -n "/intel-[igc|opencl]/p" ./Dockerfile | awk '{print $3}'
       sed -n "/libigdgmm12/p" ./Dockerfile | awk '{print $3}'
@@ -85,7 +85,7 @@ EOF
     if [[ "$INTEL_RELEASE" != "$(cat ~/.intel_version)" ]]; then
       msg_info "Updating Intel iGPU dependencies"
       for url in "${INTEL_URLS[@]}"; do
-        curl_with_retry "$url" "$(basename "$url")"
+        curl -fsSLO "$url"
       done
       $STD apt-mark unhold libigdgmm12
       $STD apt install -y --allow-downgrades ./libigdgmm12*.deb
@@ -133,7 +133,7 @@ EOF
       $STD sudo -u postgres psql -d immich -c "REINDEX INDEX face_index;"
       $STD sudo -u postgres psql -d immich -c "REINDEX INDEX clip_index;"
     fi
-    ensure_dependencies ccache gcc-13 g++-13
+    ensure_dependencies ccache
 
     INSTALL_DIR="/opt/${APP}"
     UPLOAD_DIR="$(sed -n '/^IMMICH_MEDIA_LOCATION/s/[^=]*=//p' /opt/immich/.env)"
@@ -166,7 +166,7 @@ EOF
 
     setup_uv
     CLEAN_INSTALL=1 fetch_and_deploy_gh_release "Immich" "immich-app/immich" "tarball" "${RELEASE}" "$SRC_DIR"
-    PNPM_VERSION="$(jq -r '.packageManager | split("@")[1] | split("+")[0]' ${SRC_DIR}/package.json)"
+    PNPM_VERSION="$(jq -r '.packageManager | split("@")[1]' ${SRC_DIR}/package.json)"
     NODE_VERSION="24" NODE_MODULE="pnpm@${PNPM_VERSION}" setup_nodejs
 
     msg_info "Updating Immich web and microservices"
@@ -217,36 +217,15 @@ EOF
     chown -R immich:immich "$INSTALL_DIR"
     chown immich:immich ./uv.lock
     export VIRTUAL_ENV="${ML_DIR}"/ml-venv
-    export UV_HTTP_TIMEOUT=300
     if [[ -f ~/.openvino ]]; then
-      ML_PYTHON="python3.13"
-      msg_info "Pre-installing Python ${ML_PYTHON} for machine-learning"
-      for attempt in $(seq 1 3); do
-        $STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv python install "${ML_PYTHON}" && break
-        [[ $attempt -lt 3 ]] && msg_warn "Python download attempt $attempt failed, retrying..." && sleep 5
-      done
-      msg_ok "Pre-installed Python ${ML_PYTHON}"
       msg_info "Updating HW-accelerated machine-learning"
-      $STD uv add --no-sync --optional openvino onnxruntime-openvino==1.24.1 --active -n -p "${ML_PYTHON}" --managed-python
-      for attempt in $(seq 1 3); do
-        $STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -nu immich uv sync --extra openvino --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
-        [[ $attempt -lt 3 ]] && msg_warn "uv sync attempt $attempt failed, retrying..." && sleep 10
-      done
+      $STD uv add --no-sync --optional openvino onnxruntime-openvino==1.24.1 --active -n -p python3.13 --managed-python
+      $STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv sync --extra openvino --no-dev --active --link-mode copy -n -p python3.13 --managed-python
       patchelf --clear-execstack "${VIRTUAL_ENV}/lib/python3.13/site-packages/onnxruntime/capi/onnxruntime_pybind11_state.cpython-313-x86_64-linux-gnu.so"
       msg_ok "Updated HW-accelerated machine-learning"
     else
-      ML_PYTHON="python3.11"
-      msg_info "Pre-installing Python ${ML_PYTHON} for machine-learning"
-      for attempt in $(seq 1 3); do
-        $STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv python install "${ML_PYTHON}" && break
-        [[ $attempt -lt 3 ]] && msg_warn "Python download attempt $attempt failed, retrying..." && sleep 5
-      done
-      msg_ok "Pre-installed Python ${ML_PYTHON}"
       msg_info "Updating machine-learning"
-      for attempt in $(seq 1 3); do
-        $STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -nu immich uv sync --extra cpu --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
-        [[ $attempt -lt 3 ]] && msg_warn "uv sync attempt $attempt failed, retrying..." && sleep 10
-      done
+      $STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv sync --extra cpu --no-dev --active --link-mode copy -n -p python3.11 --managed-python
       msg_ok "Updated machine-learning"
     fi
     cd "$SRC_DIR"

ct/jellyfin.sh

@@ -39,23 +39,14 @@ function update_script() {
     msg_ok "Updated Intel Dependencies"
   fi
 
-  msg_info "Setting up Jellyfin Repository"
-  setup_deb822_repo \
-    "jellyfin" \
-    "https://repo.jellyfin.org/jellyfin_team.gpg.key" \
-    "https://repo.jellyfin.org/$(get_os_info id)" \
-    "$(get_os_info codename)"
-  msg_ok "Set up Jellyfin Repository"
-
   msg_info "Updating Jellyfin"
   ensure_dependencies libjemalloc2
   if [[ ! -f /usr/lib/libjemalloc.so ]]; then
     ln -sf /usr/lib/x86_64-linux-gnu/libjemalloc.so.2 /usr/lib/libjemalloc.so
   fi
+  $STD apt update
   $STD apt -y upgrade
-  $STD apt -y --with-new-pkgs upgrade jellyfin jellyfin-server jellyfin-ffmpeg7
-  ln -sf /usr/lib/jellyfin-ffmpeg/ffmpeg /usr/bin/ffmpeg
-  ln -sf /usr/lib/jellyfin-ffmpeg/ffprobe /usr/bin/ffprobe
+  $STD apt -y --with-new-pkgs upgrade jellyfin jellyfin-server
   msg_ok "Updated Jellyfin"
   msg_ok "Updated successfully!"
   exit

ct/paperless-ngx.sh

@@ -8,7 +8,7 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV
 APP="Paperless-ngx"
 var_tags="${var_tags:-document;management}"
 var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-3072}"
+var_ram="${var_ram:-2048}"
 var_disk="${var_disk:-12}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"

ct/plex.sh

@@ -79,11 +79,6 @@ function update_script() {
   $STD apt update
   $STD apt install -y plexmediaserver
   msg_ok "Updated Plex Media Server"
-
-  msg_info "Restarting Plex Media Server"
-  systemctl restart plexmediaserver
-  msg_ok "Restarted Plex Media Server"
-
   msg_ok "Updated successfully!"
   exit
 }

ct/podman-homeassistant.sh

@@ -23,7 +23,7 @@ function update_script() {
   header_info
   check_container_storage
   check_container_resources
-  if [[ ! -f /etc/containers/systemd/homeassistant.container ]]; then
+  if [[ ! -f /etc/systemd/system/homeassistant.service ]]; then
     msg_error "No ${APP} Installation Found!"
     exit
   fi

ct/pve-scripts-local.sh

@@ -9,7 +9,7 @@ APP="PVE-Scripts-Local"
 var_tags="${var_tags:-pve-scripts-local}"
 var_cpu="${var_cpu:-2}"
 var_ram="${var_ram:-4096}"
-var_disk="${var_disk:-10}"
+var_disk="${var_disk:-4}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"

ct/reitti.sh

@@ -89,49 +89,17 @@ EOF
     msg_ok "Started Service"
     msg_ok "Updated successfully!"
   fi
-  
   if check_for_gh_release "photon" "komoot/photon"; then
-    if [[ -f "$HOME/.photon" ]] && [[ "$(cat "$HOME/.photon")" == 0.7 ]]; then
-      CURRENT_VERSION="$(<"$HOME/.photon")"
-      echo
-      echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
-      echo "Photon v1 upgrade detected (breaking change)"
-      echo
-      echo "Your current version: $CURRENT_VERSION"
-      echo
-      echo "Photon v1 requires a manual migration before updating."
-      echo
-      echo "You need to:"
-      echo "  1. Remove existing geocoding data (not actual reitti data):"
-      echo "     rm -rf /opt/photon_data"
-      echo
-      echo "  2. Follow the inial setup guide again:"
-      echo "     https://github.com/community-scripts/ProxmoxVE/discussions/8737"
-      echo
-      echo "  3. Re-download and import Photon data for v1"
-      echo
-      read -rp "Do you want to continue anyway? (y/N): " CONTINUE
-      echo
-        
-      if [[ ! "$CONTINUE" =~ ^[Yy]$ ]]; then
-        msg_info "Migration required. Update cancelled."
-        exit 0
-      fi
-        
-      msg_warn "Continuing without migration may break Photon in the future!"
-    fi
-  
     msg_info "Stopping Service"
     systemctl stop photon
     msg_ok "Stopped Service"
 
     rm -f /opt/photon/photon.jar
-    USE_ORIGINAL_FILENAME="true" fetch_and_deploy_gh_release "photon" "komoot/photon" "singlefile" "latest" "/opt/photon" "photon-*.jar"
+    USE_ORIGINAL_FILENAME="true" fetch_and_deploy_gh_release "photon" "komoot/photon" "singlefile" "latest" "/opt/photon" "photon-0*.jar"
     mv /opt/photon/photon-*.jar /opt/photon/photon.jar
 
     msg_info "Starting Service"
     systemctl start photon
-    systemctl restart nginx
     msg_ok "Started Service"
     msg_ok "Updated successfully!"
   fi

ct/seerr.sh

@@ -128,8 +128,6 @@ EOF
 
     CLEAN_INSTALL=1 fetch_and_deploy_gh_release "seerr" "seerr-team/seerr" "tarball"
 
-    ensure_dependencies build-essential python3-setuptools
-
     msg_info "Updating PNPM Version"
     pnpm_desired=$(grep -Po '"pnpm":\s*"\K[^"]+' /opt/seerr/package.json)
     NODE_VERSION="22" NODE_MODULE="pnpm@$pnpm_desired" setup_nodejs

ct/sparkyfitness.sh

@@ -51,7 +51,7 @@ function update_script() {
 
     msg_info "Updating Sparky Fitness Backend"
     cd /opt/sparkyfitness/SparkyFitnessServer
-    $STD pnpm install
+    $STD npm install --legacy-peer-deps
     msg_ok "Updated Sparky Fitness Backend"
 
     msg_info "Updating Sparky Fitness Frontend (Patience)"
@@ -79,7 +79,7 @@ function update_script() {
 
   [Install]
   WantedBy=multi-user.target
-EOF
+  EOF
     systemctl daemon-reload
     msg_ok "Refreshed SparkyFitness Service"
 

ct/split-pro.sh

@@ -1,68 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: johanngrobe
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/oss-apps/split-pro
-
-APP="Split-Pro"
-var_tags="${var_tags:-finance;expense-sharing}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-4096}"
-var_disk="${var_disk:-6}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/split-pro ]]; then
-    msg_error "No Split Pro Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "split-pro" "oss-apps/split-pro"; then
-    msg_info "Stopping Service"
-    systemctl stop split-pro
-    msg_ok "Stopped Service"
-
-    msg_info "Backing up Data"
-    cp /opt/split-pro/.env /opt/split-pro.env
-    msg_ok "Backed up Data"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "split-pro" "oss-apps/split-pro" "tarball"
-
-    msg_info "Building Application"
-    cd /opt/split-pro
-    $STD pnpm install --frozen-lockfile
-    $STD pnpm build
-    cp /opt/split-pro.env /opt/split-pro/.env
-    rm -f /opt/split-pro.env
-    ln -sf /opt/split-pro_data/uploads /opt/split-pro/uploads
-    $STD pnpm exec prisma migrate deploy
-    msg_ok "Built Application"
-
-    msg_info "Starting Service"
-    systemctl start split-pro
-    msg_ok "Started Service"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"

ct/tautulli.sh

@@ -51,7 +51,6 @@ function update_script() {
     $STD source /opt/Tautulli/.venv/bin/activate
     $STD uv pip install -r requirements.txt
     $STD uv pip install pyopenssl
-    $STD uv pip install "setuptools<81"
     msg_ok "Updated Tautulli"
 
     msg_info "Restoring config and database"

ct/tdarr.sh

@@ -33,16 +33,12 @@ function update_script() {
   $STD apt upgrade -y
   rm -rf /opt/tdarr/Tdarr_Updater
   cd /opt/tdarr
-  RELEASE=$(curl_with_retry "https://f000.backblazeb2.com/file/tdarrs/versions.json" "-" | grep -oP '(?<="Tdarr_Updater": ")[^"]+' | grep linux_x64 | head -n 1)
-  curl_with_retry "$RELEASE" "Tdarr_Updater.zip"
+  RELEASE=$(curl -fsSL https://f000.backblazeb2.com/file/tdarrs/versions.json | grep -oP '(?<="Tdarr_Updater": ")[^"]+' | grep linux_x64 | head -n 1)
+  curl -fsSL "$RELEASE" -o Tdarr_Updater.zip
   $STD unzip Tdarr_Updater.zip
   chmod +x Tdarr_Updater
   $STD ./Tdarr_Updater
   rm -rf /opt/tdarr/Tdarr_Updater.zip
-  [[ -f /opt/tdarr/Tdarr_Server/Tdarr_Server ]] || {
-    msg_error "Tdarr_Updater failed — tdarr.io may be blocked by local DNS"
-    exit 250
-  }
   msg_ok "Updated Tdarr"
   msg_ok "Updated successfully!"
   exit

ct/termix.sh

@@ -29,116 +29,10 @@ function update_script() {
     exit
   fi
 
-  if check_for_gh_tag "guacd" "apache/guacamole-server"; then
-    msg_info "Stopping guacd"
-    systemctl stop guacd 2>/dev/null || true
-    msg_ok "Stopped guacd"
-
-    ensure_dependencies \
-      libcairo2-dev \
-      libjpeg62-turbo-dev \
-      libpng-dev \
-      libtool-bin \
-      uuid-dev \
-      libvncserver-dev \
-      freerdp3-dev \
-      libssh2-1-dev \
-      libtelnet-dev \
-      libwebsockets-dev \
-      libpulse-dev \
-      libvorbis-dev \
-      libwebp-dev \
-      libssl-dev \
-      libpango1.0-dev \
-      libswscale-dev \
-      libavcodec-dev \
-      libavutil-dev \
-      libavformat-dev
-
-    msg_info "Updating Guacamole Server (guacd)"
-    fetch_and_deploy_gh_tag "guacd" "apache/guacamole-server" "${CHECK_UPDATE_RELEASE}" "/opt/guacamole-server"
-    cd /opt/guacamole-server
-    export CPPFLAGS="-Wno-error=deprecated-declarations"
-    $STD autoreconf -fi
-    $STD ./configure --with-init-dir=/etc/init.d --enable-allow-freerdp-snapshots
-    $STD make
-    $STD make install
-    $STD ldconfig
-    cd /opt
-    rm -rf /opt/guacamole-server
-    msg_ok "Updated Guacamole Server (guacd) to ${CHECK_UPDATE_RELEASE}"
-
-    if [[ ! -f /etc/guacamole/guacd.conf ]]; then
-      mkdir -p /etc/guacamole
-      cat <<EOF >/etc/guacamole/guacd.conf
-[server]
-bind_host = 127.0.0.1
-bind_port = 4822
-EOF
-    fi
-
-    if [[ ! -f /etc/systemd/system/guacd.service ]] || grep -q "Type=forking" /etc/systemd/system/guacd.service 2>/dev/null; then
-      cat <<EOF >/etc/systemd/system/guacd.service
-[Unit]
-Description=Guacamole Proxy Daemon (guacd)
-After=network.target
-
-[Service]
-Type=simple
-ExecStart=/usr/local/sbin/guacd -f -b 127.0.0.1 -l 4822
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-    fi
-
-    if ! grep -q "guacd.service" /etc/systemd/system/termix.service 2>/dev/null; then
-      sed -i '/^After=network.target/s/$/ guacd.service/' /etc/systemd/system/termix.service
-      sed -i '/^\[Unit\]/a Wants=guacd.service' /etc/systemd/system/termix.service
-    fi
-
-    systemctl daemon-reload
-    systemctl enable -q --now guacd
-  fi
-
   if check_for_gh_release "termix" "Termix-SSH/Termix"; then
-    msg_info "Stopping Termix"
+    msg_info "Stopping Service"
     systemctl stop termix
-    msg_ok "Stopped Termix"
-
-    msg_info "Migrating Configuration"
-    if [[ ! -f /opt/termix/.env ]]; then
-      cat <<EOF >/opt/termix/.env
-NODE_ENV=production
-DATA_DIR=/opt/termix/data
-GUACD_HOST=127.0.0.1
-GUACD_PORT=4822
-EOF
-    fi
-    if ! grep -q "EnvironmentFile" /etc/systemd/system/termix.service 2>/dev/null; then
-      cat <<EOF >/etc/systemd/system/termix.service
-[Unit]
-Description=Termix Backend
-After=network.target guacd.service
-Wants=guacd.service
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/termix
-EnvironmentFile=/opt/termix/.env
-ExecStart=/usr/bin/node /opt/termix/dist/backend/backend/starter.js
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-      systemctl daemon-reload
-    fi
-    msg_ok "Migrated Configuration"
+    msg_ok "Stopped Service"
 
     msg_info "Backing up Data"
     cp -r /opt/termix/data /opt/termix_data_backup
@@ -201,16 +95,16 @@ EOF
       sed -i 's|/app/html|/opt/termix/html|g' /etc/nginx/nginx.conf
       sed -i 's|/app/nginx|/opt/termix/nginx|g' /etc/nginx/nginx.conf
       sed -i 's|listen ${PORT};|listen 80;|g' /etc/nginx/nginx.conf
-
+      
       nginx -t && systemctl reload nginx
       msg_ok "Updated Nginx Configuration"
     else
       msg_warn "Nginx configuration not updated. If Termix doesn't work, restore from backup or update manually."
     fi
 
-    msg_info "Starting Termix"
+    msg_info "Starting Service"
     systemctl start termix
-    msg_ok "Started Termix"
+    msg_ok "Started Service"
     msg_ok "Updated successfully!"
   fi
   exit

ct/yubal.sh

@@ -47,7 +47,7 @@ function update_script() {
 
     msg_info "Installing Python Dependencies"
     cd /opt/yubal
-    $STD uv sync --package yubal-api --no-dev --frozen
+    $STD uv sync --no-dev --frozen
     msg_ok "Installed Python Dependencies"
 
     msg_info "Starting Services"

install/alpine-ntfy-install.sh

@@ -1,25 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: cobalt (cobaltgit)
-# License: MIT | https://github.com/community-scripts/ProxmoxVED/raw/main/LICENSE
-# Source: https://ntfy.sh/
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing ntfy"
-$STD apk add --no-cache ntfy ntfy-openrc libcap
-sed -i '/^listen-http/s/^\(.*\)$/#\1\n/' /etc/ntfy/server.yml
-setcap 'cap_net_bind_service=+ep' /usr/bin/ntfy
-$STD rc-update add ntfy default
-$STD service ntfy start
-msg_ok "Installed ntfy"
-
-motd_ssh
-customize

install/anytype-server-install.sh

@@ -1,81 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://anytype.io
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-setup_mongodb
-
-msg_info "Configuring MongoDB Replica Set"
-cat <<EOF >>/etc/mongod.conf
-
-replication:
-  replSetName: "rs0"
-EOF
-systemctl restart mongod
-sleep 3
-$STD mongosh --eval 'rs.initiate({_id: "rs0", members: [{_id: 0, host: "127.0.0.1:27017"}]})'
-msg_ok "Configured MongoDB Replica Set"
-
-msg_info "Installing Redis Stack"
-setup_deb822_repo \
-  "redis-stack" \
-  "https://packages.redis.io/gpg" \
-  "https://packages.redis.io/deb" \
-  "jammy" \
-  "main"
-$STD apt install -y redis-stack-server
-systemctl enable -q --now redis-stack-server
-msg_ok "Installed Redis Stack"
-
-fetch_and_deploy_gh_release "anytype" "grishy/any-sync-bundle" "prebuild" "latest" "/opt/anytype" "any-sync-bundle_*_linux_amd64.tar.gz"
-chmod +x /opt/anytype/any-sync-bundle
-
-msg_info "Configuring Anytype"
-mkdir -p /opt/anytype/data/storage
-cat <<EOF >/opt/anytype/.env
-ANY_SYNC_BUNDLE_CONFIG=/opt/anytype/data/bundle-config.yml
-ANY_SYNC_BUNDLE_CLIENT_CONFIG=/opt/anytype/data/client-config.yml
-ANY_SYNC_BUNDLE_INIT_STORAGE=/opt/anytype/data/storage/
-ANY_SYNC_BUNDLE_INIT_EXTERNAL_ADDRS=${LOCAL_IP}
-ANY_SYNC_BUNDLE_INIT_MONGO_URI=mongodb://127.0.0.1:27017/
-ANY_SYNC_BUNDLE_INIT_REDIS_URI=redis://127.0.0.1:6379/
-ANY_SYNC_BUNDLE_LOG_LEVEL=info
-EOF
-msg_ok "Configured Anytype"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/anytype.service
-[Unit]
-Description=Anytype Sync Server (any-sync-bundle)
-After=network-online.target mongod.service redis-stack-server.service
-Wants=network-online.target
-Requires=mongod.service redis-stack-server.service
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/anytype
-EnvironmentFile=/opt/anytype/.env
-ExecStart=/opt/anytype/any-sync-bundle start-bundle
-Restart=on-failure
-RestartSec=10
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now anytype
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc

install/channels-install.sh

@@ -35,6 +35,7 @@ setup_hwaccel
 msg_info "Installing Channels DVR Server (Patience)"
 cd /opt
 $STD bash <(curl -fsSL https://getchannels.com/dvr/setup.sh)
+sed -i -e 's/^sgx:x:104:$/render:x:104:root/' -e 's/^render:x:106:root$/sgx:x:106:/' /etc/group
 msg_ok "Installed Channels DVR Server"
 
 motd_ssh

install/emby-install.sh

@@ -13,9 +13,17 @@ setting_up_container
 network_check
 update_os
 
+setup_hwaccel
+
 fetch_and_deploy_gh_release "emby" "MediaBrowser/Emby.Releases" "binary"
 
-setup_hwaccel "emby"
+msg_info "Configuring Emby"
+if [[ "$CTTYPE" == "0" ]]; then
+  sed -i -e 's/^ssl-cert:x:104:$/render:x:104:root,emby/' -e 's/^render:x:108:root,emby$/ssl-cert:x:108:/' /etc/group
+else
+  sed -i -e 's/^ssl-cert:x:104:$/render:x:104:emby/' -e 's/^render:x:108:emby$/ssl-cert:x:108:/' /etc/group
+fi
+msg_ok "Configured Emby"
 
 motd_ssh
 customize

install/frigate-install.sh

@@ -146,7 +146,7 @@ ldconfig
 msg_ok "Built libUSB"
 
 msg_info "Bootstrapping pip"
-curl_with_retry "https://bootstrap.pypa.io/get-pip.py" "/tmp/get-pip.py"
+wget -q https://bootstrap.pypa.io/get-pip.py -O /tmp/get-pip.py
 sed -i 's/args.append("setuptools")/args.append("setuptools==77.0.3")/' /tmp/get-pip.py
 $STD python3 /tmp/get-pip.py "pip"
 rm -f /tmp/get-pip.py
@@ -169,13 +169,13 @@ NODE_VERSION="20" setup_nodejs
 
 msg_info "Downloading Inference Models"
 mkdir -p /models /openvino-model
-curl_with_retry "https://github.com/google-coral/test_data/raw/release-frogfish/ssdlite_mobiledet_coco_qat_postprocess_edgetpu.tflite" "/edgetpu_model.tflite"
-curl_with_retry "https://github.com/google-coral/test_data/raw/release-frogfish/ssdlite_mobiledet_coco_qat_postprocess.tflite" "/models/cpu_model.tflite"
+wget -q -O /edgetpu_model.tflite https://github.com/google-coral/test_data/raw/release-frogfish/ssdlite_mobiledet_coco_qat_postprocess_edgetpu.tflite
+wget -q -O /models/cpu_model.tflite https://github.com/google-coral/test_data/raw/release-frogfish/ssdlite_mobiledet_coco_qat_postprocess.tflite
 cp /opt/frigate/labelmap.txt /labelmap.txt
 msg_ok "Downloaded Inference Models"
 
 msg_info "Downloading Audio Model"
-curl_with_retry "https://www.kaggle.com/api/v1/models/google/yamnet/tfLite/classification-tflite/1/download" "/tmp/yamnet.tar.gz"
+wget -q -O /tmp/yamnet.tar.gz https://www.kaggle.com/api/v1/models/google/yamnet/tfLite/classification-tflite/1/download
 $STD tar xzf /tmp/yamnet.tar.gz -C /
 mv /1.tflite /cpu_audio_model.tflite
 cp /opt/frigate/audio-labelmap.txt /audio-labelmap.txt
@@ -205,7 +205,7 @@ msg_ok "Installed OpenVino"
 
 msg_info "Building OpenVino Model"
 cd /models
-curl_with_retry "http://download.tensorflow.org/models/object_detection/ssdlite_mobilenet_v2_coco_2018_05_09.tar.gz" "ssdlite_mobilenet_v2_coco_2018_05_09.tar.gz"
+wget -q http://download.tensorflow.org/models/object_detection/ssdlite_mobilenet_v2_coco_2018_05_09.tar.gz
 $STD tar -zxf ssdlite_mobilenet_v2_coco_2018_05_09.tar.gz --no-same-owner
 if python3 /opt/frigate/docker/main/build_ov_model.py &>/dev/null; then
   mkdir -p /openvino-model
@@ -219,7 +219,7 @@ if python3 /opt/frigate/docker/main/build_ov_model.py &>/dev/null; then
     if [[ -n "$OV_LABELS" ]]; then
       ln -sf "$OV_LABELS" /openvino-model/coco_91cl_bkgr.txt
     else
-      curl_with_retry "https://raw.githubusercontent.com/openvinotoolkit/open_model_zoo/master/data/dataset_classes/coco_91cl_bkgr.txt" "/openvino-model/coco_91cl_bkgr.txt"
+      wget -q "https://raw.githubusercontent.com/openvinotoolkit/open_model_zoo/master/data/dataset_classes/coco_91cl_bkgr.txt" -O /openvino-model/coco_91cl_bkgr.txt
     fi
   fi
   sed -i 's/truck/car/g' /openvino-model/coco_91cl_bkgr.txt
@@ -246,7 +246,7 @@ msg_info "Configuring Frigate"
 mkdir -p /config /media/frigate
 cp -r /opt/frigate/config/. /config
 
-curl_with_retry "https://github.com/intel-iot-devkit/sample-videos/raw/master/person-bicycle-car-detection.mp4" "/media/frigate/person-bicycle-car-detection.mp4"
+curl -fsSL "https://github.com/intel-iot-devkit/sample-videos/raw/master/person-bicycle-car-detection.mp4" -o "/media/frigate/person-bicycle-car-detection.mp4"
 
 echo "tmpfs   /tmp/cache      tmpfs   defaults        0       0" >>/etc/fstab
 
@@ -289,7 +289,7 @@ detect:
   enabled: false
 EOF
 
-if grep -q -o -m1 -E 'avx[^ ]*|sse4_2' /proc/cpuinfo && [[ -f /openvino-model/ssdlite_mobilenet_v2.xml ]] && [[ -f /openvino-model/coco_91cl_bkgr.txt ]]; then
+if grep -q -o -m1 -E 'avx[^ ]*|sse4_2' /proc/cpuinfo; then
   cat <<EOF >>/config/config.yml
 ffmpeg:
   hwaccel_args: auto

install/gluetun-install.sh

@@ -1,96 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/qdm12/gluetun
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  openvpn \
-  wireguard-tools \
-  iptables
-msg_ok "Installed Dependencies"
-
-msg_info "Configuring iptables"
-$STD update-alternatives --set iptables /usr/sbin/iptables-legacy
-$STD update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
-ln -sf /usr/sbin/openvpn /usr/sbin/openvpn2.6
-msg_ok "Configured iptables"
-
-setup_go
-
-fetch_and_deploy_gh_release "gluetun" "qdm12/gluetun" "tarball"
-
-msg_info "Building Gluetun"
-cd /opt/gluetun
-$STD go mod download
-CGO_ENABLED=0 $STD go build -trimpath -ldflags="-s -w" -o /usr/local/bin/gluetun ./cmd/gluetun/
-msg_ok "Built Gluetun"
-
-msg_info "Configuring Gluetun"
-mkdir -p /opt/gluetun-data
-touch /etc/alpine-release
-ln -sf /opt/gluetun-data /gluetun
-cat <<EOF >/opt/gluetun-data/.env
-VPN_SERVICE_PROVIDER=custom
-VPN_TYPE=openvpn
-OPENVPN_CUSTOM_CONFIG=/opt/gluetun-data/custom.ovpn
-OPENVPN_USER=
-OPENVPN_PASSWORD=
-OPENVPN_PROCESS_USER=root
-PUID=0
-PGID=0
-HTTP_CONTROL_SERVER_ADDRESS=:8000
-HTTPPROXY=off
-SHADOWSOCKS=off
-PPROF_ENABLED=no
-PPROF_BLOCK_PROFILE_RATE=0
-PPROF_MUTEX_PROFILE_RATE=0
-PPROF_HTTP_SERVER_ADDRESS=:6060
-FIREWALL_ENABLED_DISABLING_IT_SHOOTS_YOU_IN_YOUR_FOOT=on
-HEALTH_SERVER_ADDRESS=127.0.0.1:9999
-DNS_UPSTREAM_RESOLVERS=cloudflare
-LOG_LEVEL=info
-STORAGE_FILEPATH=/gluetun/servers.json
-PUBLICIP_FILE=/gluetun/ip
-VPN_PORT_FORWARDING_STATUS_FILE=/gluetun/forwarded_port
-TZ=UTC
-EOF
-msg_ok "Configured Gluetun"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/gluetun.service
-[Unit]
-Description=Gluetun VPN Client
-After=network.target
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/gluetun-data
-EnvironmentFile=/opt/gluetun-data/.env
-UnsetEnvironment=USER
-ExecStartPre=/bin/sh -c 'rm -f /etc/openvpn/target.ovpn'
-ExecStart=/usr/local/bin/gluetun
-Restart=on-failure
-RestartSec=5
-AmbientCapabilities=CAP_NET_ADMIN
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now gluetun
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc

install/go2rtc-install.sh

@@ -14,10 +14,6 @@ network_check
 update_os
 setup_hwaccel
 
-msg_info "Installing Dependencies"
-$STD apt install -y ffmpeg
-msg_ok "Installed Dependencies"
-
 USE_ORIGINAL_FILENAME="true" fetch_and_deploy_gh_release "go2rtc" "AlexxIT/go2rtc" "singlefile" "latest" "/opt/go2rtc" "go2rtc_linux_amd64"
 
 msg_info "Creating Service"

install/immich-install.sh

@@ -32,13 +32,13 @@ if [ -d /dev/dri ]; then
     $STD apt install -y --no-install-recommends patchelf
     tmp_dir=$(mktemp -d)
     $STD pushd "$tmp_dir"
-    curl_with_retry "https://raw.githubusercontent.com/immich-app/immich/refs/heads/main/machine-learning/Dockerfile" "Dockerfile"
+    curl -fsSLO https://raw.githubusercontent.com/immich-app/immich/refs/heads/main/machine-learning/Dockerfile
     readarray -t INTEL_URLS < <(
       sed -n "/intel-[igc|opencl]/p" ./Dockerfile | awk '{print $3}'
       sed -n "/libigdgmm12/p" ./Dockerfile | awk '{print $3}'
     )
     for url in "${INTEL_URLS[@]}"; do
-      curl_with_retry "$url" "$(basename "$url")"
+      curl -fsSLO "$url"
     done
     $STD apt install -y ./libigdgmm12*.deb
     rm ./libigdgmm12*.deb
@@ -154,10 +154,6 @@ sed -i "s/^#shared_preload.*/shared_preload_libraries = 'vchord.so'/" /etc/postg
 systemctl restart postgresql.service
 PG_DB_NAME="immich" PG_DB_USER="immich" PG_DB_GRANT_SUPERUSER="true" PG_DB_SKIP_ALTER_ROLE="true" setup_postgresql_db
 
-msg_info "Installing GCC-13 (available as fallback compiler)"
-$STD apt install -y gcc-13 g++-13
-msg_ok "Installed GCC-13"
-
 msg_warn "Compiling Custom Photo-processing Libraries (can take anywhere from 15min to 2h)"
 LD_LIBRARY_PATH=/usr/local/lib
 export LD_RUN_PATH=/usr/local/lib
@@ -294,7 +290,7 @@ GEO_DIR="${INSTALL_DIR}/geodata"
 mkdir -p {"${APP_DIR}","${UPLOAD_DIR}","${GEO_DIR}","${INSTALL_DIR}"/cache}
 
 fetch_and_deploy_gh_release "Immich" "immich-app/immich" "tarball" "v2.5.6" "$SRC_DIR"
-PNPM_VERSION="$(jq -r '.packageManager | split("@")[1] | split("+")[0]' ${SRC_DIR}/package.json)"
+PNPM_VERSION="$(jq -r '.packageManager | split("@")[1]' ${SRC_DIR}/package.json)"
 NODE_VERSION="24" NODE_MODULE="pnpm@${PNPM_VERSION}" setup_nodejs
 
 msg_info "Installing Immich (patience)"
@@ -344,36 +340,15 @@ cd "$SRC_DIR"/machine-learning
 $STD useradd -U -s /usr/sbin/nologin -r -M -d "$INSTALL_DIR" immich
 mkdir -p "$ML_DIR" && chown -R immich:immich "$INSTALL_DIR"
 export VIRTUAL_ENV="${ML_DIR}/ml-venv"
-export UV_HTTP_TIMEOUT=300
 if [[ -f ~/.openvino ]]; then
-  ML_PYTHON="python3.13"
-  msg_info "Pre-installing Python ${ML_PYTHON} for machine-learning"
-  for attempt in $(seq 1 3); do
-    $STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv python install "${ML_PYTHON}" && break
-    [[ $attempt -lt 3 ]] && msg_warn "Python download attempt $attempt failed, retrying..." && sleep 5
-  done
-  msg_ok "Pre-installed Python ${ML_PYTHON}"
   msg_info "Installing HW-accelerated machine-learning"
-  $STD uv add --no-sync --optional openvino onnxruntime-openvino==1.24.1 --active -n -p "${ML_PYTHON}" --managed-python
-  for attempt in $(seq 1 3); do
-    $STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -nu immich uv sync --extra openvino --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
-    [[ $attempt -lt 3 ]] && msg_warn "uv sync attempt $attempt failed, retrying..." && sleep 10
-  done
+  $STD uv add --no-sync --optional openvino onnxruntime-openvino==1.24.1 --active -n -p python3.13 --managed-python
+  $STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv sync --extra openvino --no-dev --active --link-mode copy -n -p python3.13 --managed-python
   patchelf --clear-execstack "${VIRTUAL_ENV}/lib/python3.13/site-packages/onnxruntime/capi/onnxruntime_pybind11_state.cpython-313-x86_64-linux-gnu.so"
   msg_ok "Installed HW-accelerated machine-learning"
 else
-  ML_PYTHON="python3.11"
-  msg_info "Pre-installing Python ${ML_PYTHON} for machine-learning"
-  for attempt in $(seq 1 3); do
-    $STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv python install "${ML_PYTHON}" && break
-    [[ $attempt -lt 3 ]] && msg_warn "Python download attempt $attempt failed, retrying..." && sleep 5
-  done
-  msg_ok "Pre-installed Python ${ML_PYTHON}"
   msg_info "Installing machine-learning"
-  for attempt in $(seq 1 3); do
-    $STD sudo --preserve-env=VIRTUAL_ENV,UV_HTTP_TIMEOUT -nu immich uv sync --extra cpu --no-dev --active --link-mode copy -n -p "${ML_PYTHON}" --managed-python && break
-    [[ $attempt -lt 3 ]] && msg_warn "uv sync attempt $attempt failed, retrying..." && sleep 10
-  done
+  $STD sudo --preserve-env=VIRTUAL_ENV -nu immich uv sync --extra cpu --no-dev --active --link-mode copy -n -p python3.11 --managed-python
   msg_ok "Installed machine-learning"
 fi
 cd "$SRC_DIR"
@@ -390,10 +365,10 @@ ln -s "$UPLOAD_DIR" "$ML_DIR"/upload
 
 msg_info "Installing GeoNames data"
 cd "$GEO_DIR"
-curl_with_retry "https://download.geonames.org/export/dump/admin1CodesASCII.txt" "admin1CodesASCII.txt"
-curl_with_retry "https://download.geonames.org/export/dump/admin2Codes.txt" "admin2Codes.txt"
-curl_with_retry "https://download.geonames.org/export/dump/cities500.zip" "cities500.zip"
-curl_with_retry "https://raw.githubusercontent.com/nvkelso/natural-earth-vector/v5.1.2/geojson/ne_10m_admin_0_countries.geojson" "ne_10m_admin_0_countries.geojson"
+curl -fsSLZ -O "https://download.geonames.org/export/dump/admin1CodesASCII.txt" \
+  -O "https://download.geonames.org/export/dump/admin2Codes.txt" \
+  -O "https://download.geonames.org/export/dump/cities500.zip" \
+  -O "https://raw.githubusercontent.com/nvkelso/natural-earth-vector/v5.1.2/geojson/ne_10m_admin_0_countries.geojson"
 unzip -q cities500.zip
 date --iso-8601=seconds | tr -d "\n" >geodata-date.txt
 rm cities500.zip

install/jellyfin-install.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
+# Copyright (c) 2021-2026 tteck
+# Author: tteck (tteckster)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://jellyfin.org/
 
@@ -14,31 +14,31 @@ network_check
 update_os
 
 msg_custom "ℹ️" "${GN}" "If NVIDIA GPU passthrough is detected, you'll be asked whether to install drivers in the container"
+setup_hwaccel
 
-msg_info "Installing Dependencies"
-ensure_dependencies libjemalloc2
+msg_info "Installing Jellyfin"
+VERSION="$(awk -F'=' '/^VERSION_CODENAME=/{ print $NF }' /etc/os-release)"
+if ! dpkg -s libjemalloc2 >/dev/null 2>&1; then
+  $STD apt install -y libjemalloc2
+fi
 if [[ ! -f /usr/lib/libjemalloc.so ]]; then
   ln -sf /usr/lib/x86_64-linux-gnu/libjemalloc.so.2 /usr/lib/libjemalloc.so
 fi
-msg_ok "Installed Dependencies"
+if [[ ! -d /etc/apt/keyrings ]]; then
+  mkdir -p /etc/apt/keyrings
+fi
+curl -fsSL https://repo.jellyfin.org/jellyfin_team.gpg.key | gpg --dearmor --yes --output /etc/apt/keyrings/jellyfin.gpg
+cat <<EOF >/etc/apt/sources.list.d/jellyfin.sources
+Types: deb
+URIs: https://repo.jellyfin.org/${PCT_OSTYPE}
+Suites: ${VERSION}
+Components: main
+Architectures: amd64
+Signed-By: /etc/apt/keyrings/jellyfin.gpg
+EOF
 
-msg_info "Setting up Jellyfin Repository"
-setup_deb822_repo \
-  "jellyfin" \
-  "https://repo.jellyfin.org/jellyfin_team.gpg.key" \
-  "https://repo.jellyfin.org/$(get_os_info id)" \
-  "$(get_os_info codename)"
-msg_ok "Set up Jellyfin Repository"
-
-msg_info "Installing Jellyfin"
-$STD apt install -y jellyfin jellyfin-ffmpeg7
-ln -sf /usr/lib/jellyfin-ffmpeg/ffmpeg /usr/bin/ffmpeg
-ln -sf /usr/lib/jellyfin-ffmpeg/ffprobe /usr/bin/ffprobe
-msg_ok "Installed Jellyfin"
-
-setup_hwaccel "jellyfin"
-
-msg_info "Configuring Jellyfin"
+$STD apt update
+$STD apt install -y jellyfin
 # Configure log rotation to prevent disk fill (keeps fail2ban compatibility) (PR: #1690 / Issue: #11224)
 cat <<EOF >/etc/logrotate.d/jellyfin
 /var/log/jellyfin/*.log {
@@ -55,7 +55,12 @@ EOF
 chown -R jellyfin:adm /etc/jellyfin
 sleep 10
 systemctl restart jellyfin
-msg_ok "Configured Jellyfin"
+if [[ "$CTTYPE" == "0" ]]; then
+  sed -i -e 's/^ssl-cert:x:104:$/render:x:104:root,jellyfin/' -e 's/^render:x:108:root,jellyfin$/ssl-cert:x:108:/' /etc/group
+else
+  sed -i -e 's/^ssl-cert:x:104:$/render:x:104:jellyfin/' -e 's/^render:x:108:jellyfin$/ssl-cert:x:108:/' /etc/group
+fi
+msg_ok "Installed Jellyfin"
 
 motd_ssh
 customize

install/ollama-install.sh

@@ -42,6 +42,8 @@ EOF
 $STD apt update
 msg_ok "Set up Intel® Repositories"
 
+setup_hwaccel
+
 msg_info "Installing Intel® Level Zero"
 # Debian 13+ has newer Level Zero packages in system repos that conflict with Intel repo packages
 if is_debian && [[ "$(get_os_version_major)" -ge 13 ]]; then
@@ -87,11 +89,11 @@ msg_info "Creating ollama User and Group"
 if ! id ollama >/dev/null 2>&1; then
   useradd -r -s /usr/sbin/nologin -U -m -d /usr/share/ollama ollama
 fi
+$STD usermod -aG render ollama || true
+$STD usermod -aG video ollama || true
 $STD usermod -aG ollama $(id -u -n)
 msg_ok "Created ollama User and adjusted Groups"
 
-setup_hwaccel "ollama"
-
 msg_info "Creating Service"
 cat <<EOF >/etc/systemd/system/ollama.service
 [Unit]

install/plex-install.sh

@@ -13,6 +13,8 @@ setting_up_container
 network_check
 update_os
 
+setup_hwaccel
+
 msg_info "Setting Up Plex Media Server Repository"
 setup_deb822_repo \
   "plexmediaserver" \
@@ -24,10 +26,13 @@ msg_ok "Set Up Plex Media Server Repository"
 
 msg_info "Installing Plex Media Server"
 $STD apt install -y plexmediaserver
+if [[ "$CTTYPE" == "0" ]]; then
+  sed -i -e 's/^ssl-cert:x:104:plex$/render:x:104:root,plex/' -e 's/^render:x:108:root$/ssl-cert:x:108:plex/' /etc/group
+else
+  sed -i -e 's/^ssl-cert:x:104:plex$/render:x:104:plex/' -e 's/^render:x:108:$/ssl-cert:x:108:/' /etc/group
+fi
 msg_ok "Installed Plex Media Server"
 
-setup_hwaccel "plex"
-
 motd_ssh
 customize
 cleanup_lxc

install/podman-homeassistant-install.sh

@@ -45,58 +45,32 @@ systemctl enable -q --now podman.socket
 echo -e 'unqualified-search-registries=["docker.io"]' >>/etc/containers/registries.conf
 msg_ok "Installed Podman"
 
-mkdir -p /etc/containers/systemd
-
 read -r -p "${TAB3}Would you like to add Portainer? <y/N> " prompt
 if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
   msg_info "Installing Portainer $PORTAINER_LATEST_VERSION"
   podman volume create portainer_data >/dev/null
-  cat <<EOF >/etc/containers/systemd/portainer.container
-[Unit]
-Description=Portainer Container
-After=network-online.target
-
-[Container]
-Image=docker.io/portainer/portainer-ce:latest
-ContainerName=portainer
-PublishPort=8000:8000
-PublishPort=9443:9443
-Volume=/run/podman/podman.sock:/var/run/docker.sock
-Volume=portainer_data:/data
-
-[Service]
-Restart=always
-
-[Install]
-WantedBy=default.target multi-user.target
-EOF
-  systemctl daemon-reload
-  $STD systemctl start portainer
+  $STD podman run -d \
+    -p 8000:8000 \
+    -p 9443:9443 \
+    --name=portainer \
+    --restart=always \
+    -v /run/podman/podman.sock:/var/run/docker.sock \
+    -v portainer_data:/data \
+    portainer/portainer-ce:latest
   msg_ok "Installed Portainer $PORTAINER_LATEST_VERSION"
 else
   read -r -p "${TAB3}Would you like to add the Portainer Agent? <y/N> " prompt
   if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
     msg_info "Installing Portainer agent $PORTAINER_AGENT_LATEST_VERSION"
-    cat <<EOF >/etc/containers/systemd/portainer-agent.container
-[Unit]
-Description=Portainer Agent Container
-After=network-online.target
-
-[Container]
-Image=docker.io/portainer/agent:latest
-ContainerName=portainer_agent
-PublishPort=9001:9001
-Volume=/run/podman/podman.sock:/var/run/docker.sock
-Volume=/var/lib/containers/storage/volumes:/var/lib/docker/volumes
-
-[Service]
-Restart=always
-
-[Install]
-WantedBy=default.target multi-user.target
-EOF
-    systemctl daemon-reload
-    $STD systemctl start portainer-agent
+    podman volume create temp >/dev/null
+    podman volume remove temp >/dev/null
+    $STD podman run -d \
+      -p 9001:9001 \
+      --name portainer_agent \
+      --restart=always \
+      -v /run/podman/podman.sock:/var/run/docker.sock \
+      -v /var/lib/containers/storage/volumes:/var/lib/docker/volumes \
+      portainer/agent
     msg_ok "Installed Portainer Agent $PORTAINER_AGENT_LATEST_VERSION"
   fi
 fi
@@ -107,29 +81,19 @@ msg_ok "Pulled Home Assistant Image"
 
 msg_info "Installing Home Assistant"
 $STD podman volume create hass_config
-cat <<EOF >/etc/containers/systemd/homeassistant.container
-[Unit]
-Description=Home Assistant Container
-After=network-online.target
-
-[Container]
-Image=docker.io/homeassistant/home-assistant:stable
-ContainerName=homeassistant
-Volume=/dev:/dev
-Volume=hass_config:/config
-Volume=/etc/localtime:/etc/localtime:ro
-Volume=/etc/timezone:/etc/timezone:ro
-Network=host
-
-[Service]
-Restart=always
-TimeoutStartSec=300
-
-[Install]
-WantedBy=default.target multi-user.target
-EOF
-systemctl daemon-reload
-$STD systemctl start homeassistant
+$STD podman run -d \
+  --name homeassistant \
+  --restart unless-stopped \
+  -v /dev:/dev \
+  -v hass_config:/config \
+  -v /etc/localtime:/etc/localtime:ro \
+  -v /etc/timezone:/etc/timezone:ro \
+  --net=host \
+  homeassistant/home-assistant:stable
+podman generate systemd \
+  --new --name homeassistant \
+  >/etc/systemd/system/homeassistant.service
+systemctl enable -q --now homeassistant
 msg_ok "Installed Home Assistant"
 
 motd_ssh

install/podman-install.sh

@@ -45,58 +45,32 @@ systemctl enable -q --now podman.socket
 echo -e 'unqualified-search-registries=["docker.io"]' >>/etc/containers/registries.conf
 msg_ok "Installed Podman"
 
-mkdir -p /etc/containers/systemd
-
 read -r -p "${TAB3}Would you like to add Portainer? <y/N> " prompt
 if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
   msg_info "Installing Portainer $PORTAINER_LATEST_VERSION"
   podman volume create portainer_data >/dev/null
-  cat <<EOF >/etc/containers/systemd/portainer.container
-[Unit]
-Description=Portainer Container
-After=network-online.target
-
-[Container]
-Image=docker.io/portainer/portainer-ce:latest
-ContainerName=portainer
-PublishPort=8000:8000
-PublishPort=9443:9443
-Volume=/run/podman/podman.sock:/var/run/docker.sock
-Volume=portainer_data:/data
-
-[Service]
-Restart=always
-
-[Install]
-WantedBy=default.target multi-user.target
-EOF
-  systemctl daemon-reload
-  $STD systemctl start portainer
+  $STD podman run -d \
+    -p 8000:8000 \
+    -p 9443:9443 \
+    --name=portainer \
+    --restart=always \
+    -v /run/podman/podman.sock:/var/run/docker.sock \
+    -v portainer_data:/data \
+    portainer/portainer-ce:latest
   msg_ok "Installed Portainer $PORTAINER_LATEST_VERSION"
 else
   read -r -p "${TAB3}Would you like to add the Portainer Agent? <y/N> " prompt
   if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
     msg_info "Installing Portainer agent $PORTAINER_AGENT_LATEST_VERSION"
-    cat <<EOF >/etc/containers/systemd/portainer-agent.container
-[Unit]
-Description=Portainer Agent Container
-After=network-online.target
-
-[Container]
-Image=docker.io/portainer/agent:latest
-ContainerName=portainer_agent
-PublishPort=9001:9001
-Volume=/run/podman/podman.sock:/var/run/docker.sock
-Volume=/var/lib/containers/storage/volumes:/var/lib/docker/volumes
-
-[Service]
-Restart=always
-
-[Install]
-WantedBy=default.target multi-user.target
-EOF
-    systemctl daemon-reload
-    $STD systemctl start portainer-agent
+    podman volume create temp >/dev/null
+    podman volume remove temp >/dev/null
+    $STD podman run -d \
+      -p 9001:9001 \
+      --name portainer_agent \
+      --restart=always \
+      -v /run/podman/podman.sock:/var/run/docker.sock \
+      -v /var/lib/containers/storage/volumes:/var/lib/docker/volumes \
+      portainer/agent
     msg_ok "Installed Portainer Agent $PORTAINER_AGENT_LATEST_VERSION"
   fi
 fi

install/reitti-install.sh

@@ -44,7 +44,7 @@ msg_ok "Configured RabbitMQ"
 
 USE_ORIGINAL_FILENAME="true" fetch_and_deploy_gh_release "reitti" "dedicatedcode/reitti" "singlefile" "latest" "/opt/reitti" "reitti-app.jar"
 mv /opt/reitti/reitti-*.jar /opt/reitti/reitti.jar
-USE_ORIGINAL_FILENAME="true" fetch_and_deploy_gh_release "photon" "komoot/photon" "singlefile" "latest" "/opt/photon" "photon-*.jar"
+USE_ORIGINAL_FILENAME="true" fetch_and_deploy_gh_release "photon" "komoot/photon" "singlefile" "latest" "/opt/photon" "photon-0*.jar"
 mv /opt/photon/photon-*.jar /opt/photon/photon.jar
 
 msg_info "Installing Nginx Tile Cache"

install/seerr-install.sh

@@ -14,9 +14,7 @@ network_check
 update_os
 
 msg_info "Installing Dependencies"
-$STD apt install -y \
-  build-essential \
-  python3-setuptools
+$STD apt-get install -y build-essential
 msg_ok "Installed Dependencies"
 
 fetch_and_deploy_gh_release "seerr" "seerr-team/seerr" "tarball"

install/sparkyfitness-install.sh

@@ -47,7 +47,7 @@ msg_ok "Configured Sparky Fitness"
 
 msg_info "Building Backend"
 cd /opt/sparkyfitness/SparkyFitnessServer
-$STD pnpm install
+$STD npm install --legacy-peer-deps
 msg_ok "Built Backend"
 
 msg_info "Building Frontend (Patience)"

install/split-pro-install.sh

@@ -1,74 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: johanngrobe
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/oss-apps/split-pro
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-NODE_VERSION="22" NODE_MODULE="pnpm" setup_nodejs
-PG_VERSION="17" PG_MODULES="cron" setup_postgresql
-
-msg_info "Installing Dependencies"
-$STD apt install -y openssl
-msg_ok "Installed Dependencies"
-
-PG_DB_NAME="splitpro" PG_DB_USER="splitpro" PG_DB_EXTENSIONS="pg_cron" setup_postgresql_db
-fetch_and_deploy_gh_release "split-pro" "oss-apps/split-pro" "tarball"
-
-msg_info "Installing Dependencies"
-cd /opt/split-pro
-$STD pnpm install --frozen-lockfile
-msg_ok "Installed Dependencies"
-
-msg_info "Building Split Pro"
-cd /opt/split-pro
-mkdir -p /opt/split-pro_data/uploads
-ln -sf /opt/split-pro_data/uploads /opt/split-pro/uploads
-NEXTAUTH_SECRET=$(openssl rand -base64 32)
-cp .env.example .env
-sed -i "s|^DATABASE_URL=.*|DATABASE_URL=\"postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}\"|" .env
-sed -i "s|^NEXTAUTH_SECRET=.*|NEXTAUTH_SECRET=\"${NEXTAUTH_SECRET}\"|" .env
-sed -i "s|^NEXTAUTH_URL=.*|NEXTAUTH_URL=\"http://${LOCAL_IP}:3000\"|" .env
-sed -i "s|^NEXTAUTH_URL_INTERNAL=.*|NEXTAUTH_URL_INTERNAL=\"http://localhost:3000\"|" .env
-sed -i "/^POSTGRES_CONTAINER_NAME=/d" .env
-sed -i "/^POSTGRES_USER=/d" .env
-sed -i "/^POSTGRES_PASSWORD=/d" .env
-sed -i "/^POSTGRES_DB=/d" .env
-sed -i "/^POSTGRES_PORT=/d" .env
-$STD pnpm build
-$STD pnpm exec prisma migrate deploy
-msg_ok "Built Split Pro"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/split-pro.service
-[Unit]
-Description=Split Pro
-After=network.target postgresql.service
-Requires=postgresql.service
-
-[Service]
-Type=simple
-User=root
-WorkingDirectory=/opt/split-pro
-EnvironmentFile=/opt/split-pro/.env
-ExecStart=/usr/bin/pnpm start
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now split-pro
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc

install/tdarr-install.sh

@@ -20,16 +20,12 @@ msg_ok "Installed Dependencies"
 msg_info "Installing Tdarr"
 mkdir -p /opt/tdarr
 cd /opt/tdarr
-RELEASE=$(curl_with_retry "https://f000.backblazeb2.com/file/tdarrs/versions.json" "-" | grep -oP '(?<="Tdarr_Updater": ")[^"]+' | grep linux_x64 | head -n 1)
-curl_with_retry "$RELEASE" "Tdarr_Updater.zip"
+RELEASE=$(curl -fsSL https://f000.backblazeb2.com/file/tdarrs/versions.json | grep -oP '(?<="Tdarr_Updater": ")[^"]+' | grep linux_x64 | head -n 1)
+curl -fsSL "$RELEASE" -o Tdarr_Updater.zip
 $STD unzip Tdarr_Updater.zip
 chmod +x Tdarr_Updater
 $STD ./Tdarr_Updater
 rm -rf /opt/tdarr/Tdarr_Updater.zip
-[[ -f /opt/tdarr/Tdarr_Server/Tdarr_Server ]] || {
-  msg_error "Tdarr_Updater failed — tdarr.io may be blocked by local DNS"
-  exit 250
-}
 msg_ok "Installed Tdarr"
 
 setup_hwaccel

install/termix-install.sh

@@ -19,41 +19,9 @@ $STD apt install -y \
   python3 \
   nginx \
   openssl \
-  gettext-base \
-  libcairo2-dev \
-  libjpeg62-turbo-dev \
-  libpng-dev \
-  libtool-bin \
-  uuid-dev \
-  libvncserver-dev \
-  freerdp3-dev \
-  libssh2-1-dev \
-  libtelnet-dev \
-  libwebsockets-dev \
-  libpulse-dev \
-  libvorbis-dev \
-  libwebp-dev \
-  libssl-dev \
-  libpango1.0-dev \
-  libswscale-dev \
-  libavcodec-dev \
-  libavutil-dev \
-  libavformat-dev
+  gettext-base
 msg_ok "Installed Dependencies"
 
-msg_info "Building Guacamole Server (guacd)"
-fetch_and_deploy_gh_tag "guacd" "apache/guacamole-server" "latest" "/opt/guacamole-server"
-cd /opt/guacamole-server
-export CPPFLAGS="-Wno-error=deprecated-declarations"
-$STD autoreconf -fi
-$STD ./configure --with-init-dir=/etc/init.d --enable-allow-freerdp-snapshots
-$STD make
-$STD make install
-$STD ldconfig
-cd /opt
-rm -rf /opt/guacamole-server
-msg_ok "Built Guacamole Server (guacd)"
-
 NODE_VERSION="22" setup_nodejs
 fetch_and_deploy_gh_release "termix" "Termix-SSH/Termix"
 
@@ -106,46 +74,17 @@ systemctl reload nginx
 msg_ok "Configured Nginx"
 
 msg_info "Creating Service"
-mkdir -p /etc/guacamole
-cat <<EOF >/etc/guacamole/guacd.conf
-[server]
-bind_host = 127.0.0.1
-bind_port = 4822
-EOF
-
-cat <<EOF >/opt/termix/.env
-NODE_ENV=production
-DATA_DIR=/opt/termix/data
-GUACD_HOST=127.0.0.1
-GUACD_PORT=4822
-EOF
-
-cat <<EOF >/etc/systemd/system/guacd.service
-[Unit]
-Description=Guacamole Proxy Daemon (guacd)
-After=network.target
-
-[Service]
-Type=simple
-ExecStart=/usr/local/sbin/guacd -f -b 127.0.0.1 -l 4822
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
 cat <<EOF >/etc/systemd/system/termix.service
 [Unit]
 Description=Termix Backend
-After=network.target guacd.service
-Wants=guacd.service
+After=network.target
 
 [Service]
 Type=simple
 User=root
 WorkingDirectory=/opt/termix
-EnvironmentFile=/opt/termix/.env
+Environment=NODE_ENV=production
+Environment=DATA_DIR=/opt/termix/data
 ExecStart=/usr/bin/node /opt/termix/dist/backend/backend/starter.js
 Restart=on-failure
 RestartSec=5
@@ -153,7 +92,7 @@ RestartSec=5
 [Install]
 WantedBy=multi-user.target
 EOF
-systemctl enable -q --now guacd termix
+systemctl enable -q --now termix
 msg_ok "Created Service"
 
 motd_ssh

misc/tools.func

@@ -1979,47 +1979,6 @@ extract_version_from_json() {
   fi
 }
 
-# ------------------------------------------------------------------------------
-# Get latest GitHub tag (for repos that only publish tags, not releases).
-#
-# Usage:
-#   get_latest_gh_tag "owner/repo" [prefix]
-#
-# Arguments:
-#   $1 - GitHub repo (owner/repo)
-#   $2 - Optional prefix filter (e.g., "v" to only match tags starting with "v")
-#
-# Returns:
-#   Latest tag name (stdout), or returns 1 on failure
-# ------------------------------------------------------------------------------
-get_latest_gh_tag() {
-  local repo="$1"
-  local prefix="${2:-}"
-  local temp_file
-  temp_file=$(mktemp)
-
-  if ! github_api_call "https://api.github.com/repos/${repo}/tags?per_page=50" "$temp_file"; then
-    rm -f "$temp_file"
-    return 1
-  fi
-
-  local tag=""
-  if [[ -n "$prefix" ]]; then
-    tag=$(jq -r --arg p "$prefix" '[.[] | select(.name | startswith($p))][0].name // empty' "$temp_file")
-  else
-    tag=$(jq -r '.[0].name // empty' "$temp_file")
-  fi
-
-  rm -f "$temp_file"
-
-  if [[ -z "$tag" ]]; then
-    msg_error "No tags found for ${repo}"
-    return 1
-  fi
-
-  echo "$tag"
-}
-
 # ------------------------------------------------------------------------------
 # Get latest GitHub release version with fallback to tags
 # Usage: get_latest_github_release "owner/repo" [strip_v] [include_prerelease]
@@ -2118,129 +2077,101 @@ verify_gpg_fingerprint() {
 }
 
 # ------------------------------------------------------------------------------
-# Fetches and deploys a GitHub tag-based source tarball.
+# Get latest GitHub tag for a repository.
 #
 # Description:
-#   - Downloads the source tarball for a given tag from GitHub
-#   - Extracts to the target directory
-#   - Writes the version to ~/.<app>
+#   - Queries the GitHub API for tags (not releases)
+#   - Useful for repos that only create tags, not full releases
+#   - Supports optional prefix filter and version-only extraction
+#   - Returns the latest tag name (printed to stdout)
 #
 # Usage:
-#     fetch_and_deploy_gh_tag "guacd" "apache/guacamole-server"
-#     fetch_and_deploy_gh_tag "guacd" "apache/guacamole-server" "latest" "/opt/guacamole-server"
+#   MONGO_VERSION=$(get_latest_gh_tag "mongodb/mongo-tools")
+#   LATEST=$(get_latest_gh_tag "owner/repo" "v")          # only tags starting with "v"
+#   LATEST=$(get_latest_gh_tag "owner/repo" "" "true")     # strip leading "v"
 #
 # Arguments:
-#   $1 - App name (used for version file ~/.<app>)
-#   $2 - GitHub repo (owner/repo)
-#   $3 - Tag version (default: "latest" → auto-detect via get_latest_gh_tag)
-#   $4 - Target directory (default: /opt/$app)
+#   $1 - GitHub repo (owner/repo)
+#   $2 - Tag prefix filter (optional, e.g. "v" or "100.")
+#   $3 - Strip prefix from result (optional, "true" to strip $2 prefix)
+#
+# Returns:
+#   0 on success (tag printed to stdout), 1 on failure
 #
 # Notes:
-#   - Supports CLEAN_INSTALL=1 to wipe target before extracting
-#   - For repos that only publish tags, not GitHub Releases
+#   - Skips tags containing "rc", "alpha", "beta", "dev", "test"
+#   - Sorts by version number (sort -V) to find the latest
+#   - Respects GITHUB_TOKEN for rate limiting
 # ------------------------------------------------------------------------------
-fetch_and_deploy_gh_tag() {
-  local app="$1"
-  local repo="$2"
-  local version="${3:-latest}"
-  local target="${4:-/opt/$app}"
-  local app_lc=""
-  app_lc="$(echo "${app,,}" | tr -d ' ')"
-  local version_file="$HOME/.${app_lc}"
+get_latest_gh_tag() {
+  local repo="$1"
+  local prefix="${2:-}"
+  local strip_prefix="${3:-false}"
 
-  if [[ "$version" == "latest" ]]; then
-    version=$(get_latest_gh_tag "$repo") || {
-      msg_error "Failed to determine latest tag for ${repo}"
-      return 1
-    }
-  fi
+  local header_args=()
+  [[ -n "${GITHUB_TOKEN:-}" ]] && header_args=(-H "Authorization: Bearer $GITHUB_TOKEN")
 
-  local current_version=""
-  [[ -f "$version_file" ]] && current_version=$(<"$version_file")
+  local http_code=""
+  http_code=$(curl -sSL --max-time 20 -w "%{http_code}" -o /tmp/gh_tags.json \
+    -H 'Accept: application/vnd.github+json' \
+    -H 'X-GitHub-Api-Version: 2022-11-28' \
+    "${header_args[@]}" \
+    "https://api.github.com/repos/${repo}/tags?per_page=100" 2>/dev/null) || true
 
-  if [[ "$current_version" == "$version" ]]; then
-    msg_ok "$app is already up-to-date ($version)"
-    return 0
-  fi
-
-  local tmpdir
-  tmpdir=$(mktemp -d) || return 1
-  local tarball_url="https://github.com/${repo}/archive/refs/tags/${version}.tar.gz"
-  local filename="${app_lc}-${version}.tar.gz"
-
-  msg_info "Fetching GitHub tag: ${app} (${version})"
-
-  download_file "$tarball_url" "$tmpdir/$filename" || {
-    msg_error "Download failed: $tarball_url"
-    rm -rf "$tmpdir"
+  if [[ "$http_code" == "401" ]]; then
+    msg_error "GitHub API authentication failed (HTTP 401)."
+    if [[ -n "${GITHUB_TOKEN:-}" ]]; then
+      msg_error "Your GITHUB_TOKEN appears to be invalid or expired."
+    else
+      msg_error "The repository may require authentication. Try: export GITHUB_TOKEN=\"ghp_your_token\""
+    fi
+    rm -f /tmp/gh_tags.json
     return 1
-  }
-
-  mkdir -p "$target"
-  if [[ "${CLEAN_INSTALL:-0}" == "1" ]]; then
-    rm -rf "${target:?}/"*
   fi
 
-  tar --no-same-owner -xzf "$tmpdir/$filename" -C "$tmpdir" || {
-    msg_error "Failed to extract tarball"
-    rm -rf "$tmpdir"
+  if [[ "$http_code" == "403" ]]; then
+    msg_error "GitHub API rate limit exceeded (HTTP 403)."
+    msg_error "To increase the limit, export a GitHub token before running the script:"
+    msg_error "  export GITHUB_TOKEN=\"ghp_your_token_here\""
+    rm -f /tmp/gh_tags.json
     return 1
-  }
+  fi
 
-  local unpack_dir
-  unpack_dir=$(find "$tmpdir" -mindepth 1 -maxdepth 1 -type d | head -n1)
+  if [[ "$http_code" == "000" || -z "$http_code" ]]; then
+    msg_error "GitHub API connection failed (no response)."
+    msg_error "Check your network/DNS: curl -sSL https://api.github.com/rate_limit"
+    rm -f /tmp/gh_tags.json
+    return 1
+  fi
 
-  shopt -s dotglob nullglob
-  cp -r "$unpack_dir"/* "$target/"
-  shopt -u dotglob nullglob
+  if [[ "$http_code" != "200" ]] || [[ ! -s /tmp/gh_tags.json ]]; then
+    msg_error "Unable to fetch tags for ${repo} (HTTP ${http_code})"
+    rm -f /tmp/gh_tags.json
+    return 1
+  fi
 
-  rm -rf "$tmpdir"
-  echo "$version" >"$version_file"
-  msg_ok "Deployed ${app} ${version} to ${target}"
-  return 0
-}
-
-# ------------------------------------------------------------------------------
-# Checks for new GitHub tag (for repos without releases).
-#
-# Description:
-#   - Uses get_latest_gh_tag to fetch the latest tag
-#   - Compares it to a local cached version (~/.<app>)
-#   - If newer, sets global CHECK_UPDATE_RELEASE and returns 0
-#
-# Usage:
-#     if check_for_gh_tag "guacd" "apache/guacamole-server"; then
-#       fetch_and_deploy_gh_tag "guacd" "apache/guacamole-server" "/opt/guacamole-server"
-#     fi
-#
-# Notes:
-#   - For repos that only publish tags, not GitHub Releases
-#   - Same interface as check_for_gh_release
-# ------------------------------------------------------------------------------
-check_for_gh_tag() {
-  local app="$1"
-  local repo="$2"
-  local prefix="${3:-}"
-  local app_lc=""
-  app_lc="$(echo "${app,,}" | tr -d ' ')"
-  local current_file="$HOME/.${app_lc}"
-
-  msg_info "Checking for update: ${app}"
+  local tags_json
+  tags_json=$(</tmp/gh_tags.json)
+  rm -f /tmp/gh_tags.json
 
+  # Extract tag names, filter by prefix, exclude pre-release patterns, sort by version
   local latest=""
-  latest=$(get_latest_gh_tag "$repo" "$prefix") || return 1
+  latest=$(echo "$tags_json" | grep -oP '"name":\s*"\K[^"]+' |
+    { [[ -n "$prefix" ]] && grep "^${prefix}" || cat; } |
+    grep -viE '(rc|alpha|beta|dev|test|preview|snapshot)' |
+    sort -V | tail -n1)
 
-  local current=""
-  [[ -f "$current_file" ]] && current="$(<"$current_file")"
-
-  if [[ -z "$current" || "$current" != "$latest" ]]; then
-    CHECK_UPDATE_RELEASE="$latest"
-    msg_ok "Update available: ${app} ${current:-not installed} → ${latest}"
-    return 0
+  if [[ -z "$latest" ]]; then
+    msg_warn "No matching tags found for ${repo}${prefix:+ (prefix: $prefix)}"
+    return 1
   fi
 
-  msg_ok "No update available: ${app} (${latest})"
-  return 1
+  if [[ "$strip_prefix" == "true" && -n "$prefix" ]]; then
+    latest="${latest#"$prefix"}"
+  fi
+
+  echo "$latest"
+  return 0
 }
 
 # ==============================================================================
@@ -2588,8 +2519,6 @@ check_for_codeberg_release() {
 # ------------------------------------------------------------------------------
 create_self_signed_cert() {
   local APP_NAME="${1:-${APPLICATION}}"
-  local HOSTNAME="$(hostname -f)"
-  local IP="$(hostname -I | awk '{print $1}')"
   local APP_NAME_LC=$(echo "${APP_NAME,,}" | tr -d ' ')
   local CERT_DIR="/etc/ssl/${APP_NAME_LC}"
   local CERT_KEY="${CERT_DIR}/${APP_NAME_LC}.key"
@@ -2607,8 +2536,8 @@ create_self_signed_cert() {
 
   mkdir -p "$CERT_DIR"
   $STD openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 \
-    -subj "/CN=${HOSTNAME}" \
-    -addext "subjectAltName=DNS:${HOSTNAME},DNS:localhost,IP:${IP},IP:127.0.0.1" \
+    -subj "/CN=${APP_NAME}" \
+    -addext "subjectAltName=DNS:${APP_NAME}" \
     -keyout "$CERT_KEY" \
     -out "$CERT_CRT" || {
     msg_error "Failed to create self-signed certificate"
@@ -4256,8 +4185,6 @@ function setup_gs() {
 #   - NVIDIA requires matching host driver version
 # ------------------------------------------------------------------------------
 function setup_hwaccel() {
-  local service_user="${1:-}"
-
   # Check if user explicitly disabled GPU in advanced settings
   # ENABLE_GPU is exported from build.func
   if [[ "${ENABLE_GPU:-no}" == "no" ]]; then
@@ -4509,7 +4436,7 @@ function setup_hwaccel() {
   # ═══════════════════════════════════════════════════════════════════════════
   # Device Permissions
   # ═══════════════════════════════════════════════════════════════════════════
-  _setup_gpu_permissions "$in_ct" "$service_user"
+  _setup_gpu_permissions "$in_ct"
 
   cache_installed_version "hwaccel" "1.0"
   msg_ok "Setup Hardware Acceleration"
@@ -4702,6 +4629,9 @@ _setup_amd_apu() {
     $STD apt -y install firmware-amd-graphics 2>/dev/null || true
   fi
 
+  # ROCm compute stack (OpenCL + HIP) - also works for many APUs
+  _setup_rocm "$os_id" "$os_codename"
+
   msg_ok "AMD APU configured"
 }
 
@@ -4749,9 +4679,16 @@ _setup_rocm() {
     return 0
   }
 
-  # Note: The amdgpu/latest/ubuntu repo (kernel driver packages) is intentionally
-  # omitted — kernel drivers are managed by the Proxmox host, not the LXC container.
-  # Only the ROCm userspace compute stack is needed inside the container.
+  # AMDGPU driver repository (append to same keyring)
+  {
+    echo ""
+    echo "Types: deb"
+    echo "URIs: https://repo.radeon.com/amdgpu/latest/ubuntu"
+    echo "Suites: ${ROCM_REPO_CODENAME}"
+    echo "Components: main"
+    echo "Architectures: amd64"
+    echo "Signed-By: /etc/apt/keyrings/rocm.gpg"
+  } >>/etc/apt/sources.list.d/rocm.sources
 
   # Pin ROCm packages to prefer radeon repo
   cat <<EOF >/etc/apt/preferences.d/rocm-pin-600
@@ -4760,26 +4697,7 @@ Pin: release o=repo.radeon.com
 Pin-Priority: 600
 EOF
 
-  # apt update with retry — repo.radeon.com CDN can be mid-sync (transient size mismatches).
-  # Run with ERR trap disabled so a transient failure does not abort the entire install.
-  local _apt_ok=0
-  for _attempt in 1 2 3; do
-    if (
-      set +e
-      apt-get update -qq 2>&1
-      exit $?
-    ) 2>/dev/null; then
-      _apt_ok=1
-      break
-    fi
-    msg_warn "apt update failed (attempt ${_attempt}/3) — AMD repo may be temporarily unavailable, retrying in 30s…"
-    sleep 30
-  done
-  if [[ $_apt_ok -eq 0 ]]; then
-    msg_warn "apt update still failing after 3 attempts — skipping ROCm install"
-    return 0
-  fi
-
+  $STD apt update || msg_warn "apt update failed (AMD repo may be temporarily unavailable) — continuing anyway"
   # Install only runtime packages — full 'rocm' meta-package includes 15GB+ dev tools
   $STD apt install -y rocm-opencl-runtime rocm-hip-runtime rocm-smi-lib 2>/dev/null || {
     msg_warn "ROCm runtime install failed — trying minimal set"
@@ -5143,7 +5061,6 @@ EOF
 # ══════════════════════════════════════════════════════════════════════════════
 _setup_gpu_permissions() {
   local in_ct="$1"
-  local service_user="${2:-}"
 
   # /dev/dri permissions (Intel/AMD)
   if [[ "$in_ct" == "0" && -d /dev/dri ]]; then
@@ -5210,12 +5127,6 @@ _setup_gpu_permissions() {
     chmod 666 /dev/kfd 2>/dev/null || true
     msg_info "AMD ROCm compute device configured"
   fi
-
-  # Add service user to render and video groups for GPU hardware acceleration
-  if [[ -n "$service_user" ]]; then
-    usermod -aG render "$service_user" 2>/dev/null || true
-    usermod -aG video "$service_user" 2>/dev/null || true
-  fi
 }
 
 # ------------------------------------------------------------------------------
@@ -6698,38 +6609,22 @@ EOF
 #   - Optionally uses official PGDG repository for specific versions
 #   - Detects existing PostgreSQL version
 #   - Dumps all databases before upgrade
-#   - Installs optional PG_MODULES (e.g. postgis, contrib, cron)
+#   - Installs optional PG_MODULES (e.g. postgis, contrib)
 #   - Restores dumped data post-upgrade
 #
 # Variables:
 #   USE_PGDG_REPO  - Use official PGDG repository (default: true)
 #                    Set to "false" to use distro packages instead
 #   PG_VERSION    - Major PostgreSQL version (e.g. 15, 16) (default: 16)
-#   PG_MODULES    - Comma-separated list of modules (e.g. "postgis,contrib,cron")
+#   PG_MODULES    - Comma-separated list of modules (e.g. "postgis,contrib")
 #
 # Examples:
-#   setup_postgresql                                          # Uses PGDG repo, PG 16
-#   PG_VERSION="17" setup_postgresql                          # Specific version from PGDG
-#   USE_PGDG_REPO=false setup_postgresql                      # Uses distro package instead
-#   PG_VERSION="17" PG_MODULES="cron" setup_postgresql        # With pg_cron module
+#   setup_postgresql                              # Uses PGDG repo, PG 16
+#   PG_VERSION="17" setup_postgresql               # Specific version from PGDG
+#   USE_PGDG_REPO=false setup_postgresql           # Uses distro package instead
 # ------------------------------------------------------------------------------
 
-# Internal helper: Configure shared_preload_libraries for pg_cron
-_configure_pg_cron_preload() {
-  local modules="${1:-}"
-  [[ -z "$modules" ]] && return 0
-  if [[ ",$modules," == *",cron,"* ]]; then
-    local current_libs
-    current_libs=$(sudo -u postgres psql -tAc "SHOW shared_preload_libraries;" 2>/dev/null || echo "")
-    if [[ "$current_libs" != *"pg_cron"* ]]; then
-      local new_libs="${current_libs:+${current_libs},}pg_cron"
-      $STD sudo -u postgres psql -c "ALTER SYSTEM SET shared_preload_libraries = '${new_libs}';"
-      $STD systemctl restart postgresql
-    fi
-  fi
-}
-
-setup_postgresql() {
+function setup_postgresql() {
   local PG_VERSION="${PG_VERSION:-16}"
   local PG_MODULES="${PG_MODULES:-}"
   local USE_PGDG_REPO="${USE_PGDG_REPO:-true}"
@@ -6767,7 +6662,6 @@ setup_postgresql() {
           $STD apt install -y "postgresql-${CURRENT_PG_VERSION}-${module}" 2>/dev/null || true
         done
       fi
-      _configure_pg_cron_preload "$PG_MODULES"
       return 0
     fi
 
@@ -6803,7 +6697,6 @@ setup_postgresql() {
         $STD apt install -y "postgresql-${INSTALLED_VERSION}-${module}" 2>/dev/null || true
       done
     fi
-    _configure_pg_cron_preload "$PG_MODULES"
     return 0
   fi
 
@@ -6825,7 +6718,6 @@ setup_postgresql() {
         $STD apt install -y "postgresql-${PG_VERSION}-${module}" 2>/dev/null || true
       done
     fi
-    _configure_pg_cron_preload "$PG_MODULES"
     return 0
   fi
 
@@ -6853,16 +6745,13 @@ setup_postgresql() {
   local SUITE
   case "$DISTRO_CODENAME" in
   trixie | forky | sid)
-
     if verify_repo_available "https://apt.postgresql.org/pub/repos/apt" "trixie-pgdg"; then
       SUITE="trixie-pgdg"
-
     else
       msg_warn "PGDG repo not available for ${DISTRO_CODENAME}, falling back to distro packages"
       USE_PGDG_REPO=false setup_postgresql
       return $?
     fi
-
     ;;
   *)
     SUITE=$(get_fallback_suite "$DISTRO_ID" "$DISTRO_CODENAME" "https://apt.postgresql.org/pub/repos/apt")
@@ -6946,7 +6835,6 @@ setup_postgresql() {
       }
     done
   fi
-  _configure_pg_cron_preload "$PG_MODULES"
 }
 
 # ------------------------------------------------------------------------------
@@ -6965,7 +6853,6 @@ setup_postgresql() {
 #   PG_DB_NAME="immich" PG_DB_USER="immich" PG_DB_EXTENSIONS="pgvector" setup_postgresql_db
 #   PG_DB_NAME="ghostfolio" PG_DB_USER="ghostfolio" PG_DB_GRANT_SUPERUSER="true" setup_postgresql_db
 #   PG_DB_NAME="adventurelog" PG_DB_USER="adventurelog" PG_DB_EXTENSIONS="postgis" setup_postgresql_db
-#   PG_DB_NAME="splitpro" PG_DB_USER="splitpro" PG_DB_EXTENSIONS="pg_cron" setup_postgresql_db
 #
 # Variables:
 #   PG_DB_NAME             - Database name (required)
@@ -6997,13 +6884,6 @@ function setup_postgresql_db() {
   $STD sudo -u postgres psql -c "CREATE ROLE $PG_DB_USER WITH LOGIN PASSWORD '$PG_DB_PASS';"
   $STD sudo -u postgres psql -c "CREATE DATABASE $PG_DB_NAME WITH OWNER $PG_DB_USER ENCODING 'UTF8' TEMPLATE template0;"
 
-  # Configure pg_cron database BEFORE creating the extension (must be set before pg_cron loads)
-  if [[ -n "${PG_DB_EXTENSIONS:-}" ]] && [[ ",${PG_DB_EXTENSIONS//[[:space:]]/}," == *",pg_cron,"* ]]; then
-    $STD sudo -u postgres psql -c "ALTER SYSTEM SET cron.database_name = '${PG_DB_NAME}';"
-    $STD sudo -u postgres psql -c "ALTER SYSTEM SET cron.timezone = 'UTC';"
-    $STD systemctl restart postgresql
-  fi
-
   # Install extensions (comma-separated)
   if [[ -n "${PG_DB_EXTENSIONS:-}" ]]; then
     IFS=',' read -ra EXT_LIST <<<"${PG_DB_EXTENSIONS:-}"
@@ -7013,12 +6893,6 @@ function setup_postgresql_db() {
     done
   fi
 
-  # Grant pg_cron schema permissions to DB user
-  if [[ -n "${PG_DB_EXTENSIONS:-}" ]] && [[ ",${PG_DB_EXTENSIONS//[[:space:]]/}," == *",pg_cron,"* ]]; then
-    $STD sudo -u postgres psql -d "$PG_DB_NAME" -c "GRANT USAGE ON SCHEMA cron TO ${PG_DB_USER};"
-    $STD sudo -u postgres psql -d "$PG_DB_NAME" -c "GRANT ALL ON ALL TABLES IN SCHEMA cron TO ${PG_DB_USER};"
-  fi
-
   # ALTER ROLE settings for Django/Rails compatibility (unless skipped)
   if [[ "${PG_DB_SKIP_ALTER_ROLE:-}" != "true" ]]; then
     $STD sudo -u postgres psql -c "ALTER ROLE $PG_DB_USER SET client_encoding TO 'utf8';"
@@ -7060,6 +6934,7 @@ function setup_postgresql_db() {
   export PG_DB_USER
   export PG_DB_PASS
 }
+
 # ------------------------------------------------------------------------------
 # Installs rbenv and ruby-build, installs Ruby and optionally Rails.
 #