Fix missing libGL.so.1 in Nvidia LXC containers

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

.github/workflows/check-node-versions.yml

@@ -214,11 +214,12 @@ jobs:
             total=$((total + 1))
             slug=$(basename "$script" | sed 's/-install\.sh$//')
 
-            # Extract Source URL (GitHub only)
+            # Extract Source URL (GitHub only) from the "# Source:" line
             # Supports both:
             #   # Source: https://github.com/owner/repo
             #   # Source: https://example.com | Github: https://github.com/owner/repo
-            source_url=$(head -20 "$script" | grep -oP 'https://github\.com/[^\s|]+' | head -1 || echo "")
+            # NOTE: Must filter for "# Source:" line first to avoid matching the License URL
+            source_url=$(head -20 "$script" | grep -i '# Source:' | grep -oP 'https://github\.com/[^\s|]+' | head -1 || echo "")
             if [[ -z "$source_url" ]]; then
               report_lines+=("| \`$slug\` | — | — | — | — | ⏭️ No GitHub source |")
               continue

.github/workflows/close-new-script-prs.yml

@@ -0,0 +1,119 @@
+name: Close Unauthorized New Script PRs
+
+on:
+  pull_request_target:
+    branches: ["main"]
+    types: [opened, labeled]
+
+jobs:
+  check-new-script:
+    if: github.repository == 'community-scripts/ProxmoxVE'
+    runs-on: coolify-runner
+    permissions:
+      pull-requests: write
+      contents: read
+    steps:
+      - name: Close PR if unauthorized new script submission
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const pr = context.payload.pull_request;
+            const prNumber = pr.number;
+            const author = pr.user.login;
+            const authorType = pr.user.type; // "User" or "Bot"
+            const owner = context.repo.owner;
+            const repo = context.repo.repo;
+
+            // --- Only act on PRs with the "new script" label ---
+            const labels = pr.labels.map(l => l.name);
+            if (!labels.includes("new script")) {
+              core.info(`PR #${prNumber} does not have "new script" label — skipping.`);
+              return;
+            }
+
+            // --- Allow our bots ---
+            const allowedBots = [
+              "push-app-to-main[bot]",
+              "push-app-to-main",
+            ];
+
+            if (allowedBots.includes(author)) {
+              core.info(`PR #${prNumber} by allowed bot "${author}" — skipping.`);
+              return;
+            }
+
+            // --- Check if author is a member of the contributor team ---
+            const teamSlug = "contributor";
+            let isMember = false;
+
+            try {
+              const { status } = await github.rest.teams.getMembershipForUserInOrg({
+                org: owner,
+                team_slug: teamSlug,
+                username: author,
+              });
+              // status 200 means the user is a member (active or pending)
+              isMember = true;
+            } catch (error) {
+              if (error.status === 404) {
+                isMember = false;
+              } else {
+                core.warning(`Could not check team membership for ${author}: ${error.message}`);
+                // Fallback: check org membership
+                try {
+                  await github.rest.orgs.checkMembershipForUser({
+                    org: owner,
+                    username: author,
+                  });
+                  isMember = true;
+                } catch {
+                  isMember = false;
+                }
+              }
+            }
+
+            if (isMember) {
+              core.info(`PR #${prNumber} by contributor "${author}" — skipping.`);
+              return;
+            }
+
+            // --- Unauthorized: close the PR with a comment ---
+            core.info(`Closing PR #${prNumber} by "${author}" — not a contributor or allowed bot.`);
+
+            const comment = [
+              `👋 Hi @${author},`,
+              ``,
+              `Thank you for your interest in contributing a new script!`,
+              ``,
+              `However, **new scripts must first be submitted to our development repository** for testing and review before they can be merged here.`,
+              ``,
+              `> 🛑 New scripts must be submitted to [**ProxmoxVED**](https://github.com/community-scripts/ProxmoxVED) for testing.`,
+              `> PRs without prior testing will be closed.`,
+              ``,
+              `Please open your PR at **https://github.com/community-scripts/ProxmoxVED** instead.`,
+              `Once your script has been tested and approved there, it will be pushed to this repository automatically.`,
+              ``,
+              `This PR will now be closed. Thank you for understanding! 🙏`,
+            ].join("\n");
+
+            await github.rest.issues.createComment({
+              owner,
+              repo,
+              issue_number: prNumber,
+              body: comment,
+            });
+
+            await github.rest.pulls.update({
+              owner,
+              repo,
+              pull_number: prNumber,
+              state: "closed",
+            });
+
+            // Add a label to indicate why it was closed
+            await github.rest.issues.addLabels({
+              owner,
+              repo,
+              issue_number: prNumber,
+              labels: ["not a script issue"],
+            });

CHANGELOG.md

@@ -409,12 +409,24 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 ## 2026-02-26
 
+### 🆕 New Scripts
+
+  - Kima-Hub ([#12319](https://github.com/community-scripts/ProxmoxVE/pull/12319))
+
 ### 🚀 Updated Scripts
 
+  - #### 🐞 Bug Fixes
+
+    - hotfix: overseer version [@CrazyWolf13](https://github.com/CrazyWolf13) ([#12366](https://github.com/community-scripts/ProxmoxVE/pull/12366))
+
   - #### ✨ New Features
 
     - [QOL] Immich: add warning regarding library compilation time [@vhsdream](https://github.com/vhsdream) ([#12345](https://github.com/community-scripts/ProxmoxVE/pull/12345))
 
+### 📂 Github
+
+  - github: add workflow to autom. close unauthorized new-script PRs [@MickLesk](https://github.com/MickLesk) ([#12356](https://github.com/community-scripts/ProxmoxVE/pull/12356))
+
 ## 2026-02-25
 
 ### 🆕 New Scripts

ct/overseerr.sh

@@ -28,7 +28,7 @@ function update_script() {
     exit
   fi
 
-  if [[ -f "$HOME/.overseerr" ]] && [[ "$(printf '%s\n' "1.34.0" "$(cat "$HOME/.overseerr")" | sort -V | head -n1)" == "1.35.0" ]]; then
+  if [[ -f "$HOME/.overseerr" ]] && [[ "$(printf '%s\n' "1.35.0" "$(cat "$HOME/.overseerr")" | sort -V | head -n1)" == "1.35.0" ]]; then
     echo
     echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
     echo "Overseerr v1.34.0 detected."

frontend/public/json/github-versions.json

@@ -1,5 +1,5 @@
 {
-  "generated": "2026-02-26T06:22:43Z",
+  "generated": "2026-02-26T18:16:20Z",
   "versions": [
     {
       "slug": "2fauth",
@@ -109,9 +109,9 @@
     {
       "slug": "bazarr",
       "repo": "morpheus65535/bazarr",
-      "version": "v1.5.5",
+      "version": "v1.5.6",
       "pinned": false,
-      "date": "2026-02-01T18:00:34Z"
+      "date": "2026-02-26T11:33:11Z"
     },
     {
       "slug": "bentopdf",
@@ -242,9 +242,9 @@
     {
       "slug": "cosmos",
       "repo": "azukaar/Cosmos-Server",
-      "version": "v0.21.0",
+      "version": "v0.21.2",
       "pinned": false,
-      "date": "2026-02-25T17:26:37Z"
+      "date": "2026-02-26T11:32:33Z"
     },
     {
       "slug": "cronicle",
@@ -666,6 +666,13 @@
       "pinned": false,
       "date": "2026-02-20T09:19:45Z"
     },
+    {
+      "slug": "kima-hub",
+      "repo": "Chevron7Locked/kima-hub",
+      "version": "v1.5.7",
+      "pinned": false,
+      "date": "2026-02-23T23:58:59Z"
+    },
     {
       "slug": "kimai",
       "repo": "kimai/kimai",
@@ -809,9 +816,9 @@
     {
       "slug": "mail-archiver",
       "repo": "s1t5/mail-archiver",
-      "version": "2602.3",
+      "version": "2602.4",
       "pinned": false,
-      "date": "2026-02-22T20:24:18Z"
+      "date": "2026-02-26T08:43:01Z"
     },
     {
       "slug": "managemydamnlife",
@@ -823,9 +830,9 @@
     {
       "slug": "manyfold",
       "repo": "manyfold3d/manyfold",
-      "version": "v0.133.0",
+      "version": "v0.133.1",
       "pinned": false,
-      "date": "2026-02-25T10:40:26Z"
+      "date": "2026-02-26T15:50:34Z"
     },
     {
       "slug": "mealie",
@@ -963,9 +970,9 @@
     {
       "slug": "oauth2-proxy",
       "repo": "oauth2-proxy/oauth2-proxy",
-      "version": "v7.14.2",
+      "version": "v7.14.3",
       "pinned": false,
-      "date": "2026-01-18T00:26:09Z"
+      "date": "2026-02-26T14:10:21Z"
     },
     {
       "slug": "ombi",
@@ -1054,9 +1061,9 @@
     {
       "slug": "paperless-gpt",
       "repo": "icereed/paperless-gpt",
-      "version": "v0.25.0",
+      "version": "v0.25.1",
       "pinned": false,
-      "date": "2026-02-16T08:31:48Z"
+      "date": "2026-02-26T14:50:11Z"
     },
     {
       "slug": "paperless-ngx",

frontend/public/json/kima-hub.json

@@ -1,48 +1,48 @@
 {
-    "name": "Kima-Hub",
-    "slug": "kima-hub",
-    "categories": [
-        13
-    ],
-    "date_created": "2026-02-25",
-    "type": "ct",
-    "updateable": true,
-    "privileged": false,
-    "interface_port": 3030,
-    "documentation": "https://github.com/Chevron7Locked/kima-hub#readme",
-    "website": "https://github.com/Chevron7Locked/kima-hub",
-    "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/kima-hub.webp",
-    "config_path": "/opt/kima-hub/backend/.env",
-    "description": "Self-hosted, on-demand audio streaming platform with AI-powered vibe matching, mood detection, smart playlists, and Lidarr/Audiobookshelf integration.",
-    "install_methods": [
-        {
-            "type": "default",
-            "script": "ct/kima-hub.sh",
-            "resources": {
-                "cpu": 4,
-                "ram": 8192,
-                "hdd": 20,
-                "os": "Debian",
-                "version": "13"
-            }
-        }
-    ],
-    "default_credentials": {
-        "username": null,
-        "password": null
+  "name": "Kima-Hub",
+  "slug": "kima-hub",
+  "categories": [
+    13
+  ],
+  "date_created": "2026-02-26",
+  "type": "ct",
+  "updateable": true,
+  "privileged": false,
+  "interface_port": 3030,
+  "documentation": "https://github.com/Chevron7Locked/kima-hub#readme",
+  "website": "https://github.com/Chevron7Locked/kima-hub",
+  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/kima-hub.webp",
+  "config_path": "/opt/kima-hub/backend/.env",
+  "description": "Self-hosted, on-demand audio streaming platform with AI-powered vibe matching, mood detection, smart playlists, and Lidarr/Audiobookshelf integration.",
+  "install_methods": [
+    {
+      "type": "default",
+      "script": "ct/kima-hub.sh",
+      "resources": {
+        "cpu": 4,
+        "ram": 8192,
+        "hdd": 20,
+        "os": "Debian",
+        "version": "13"
+      }
+    }
+  ],
+  "default_credentials": {
+    "username": null,
+    "password": null
+  },
+  "notes": [
+    {
+      "text": "First user to register becomes the administrator.",
+      "type": "info"
     },
-    "notes": [
-        {
-            "text": "First user to register becomes the administrator.",
-            "type": "info"
-        },
-        {
-            "text": "Mount your music library to /music in the container.",
-            "type": "warning"
-        },
-        {
-            "text": "Audio analysis (mood/vibe detection) requires significant RAM (2-4GB per worker).",
-            "type": "info"
-        }
-    ]
+    {
+      "text": "Mount your music library to /music in the container.",
+      "type": "warning"
+    },
+    {
+      "text": "Audio analysis (mood/vibe detection) requires significant RAM (2-4GB per worker).",
+      "type": "info"
+    }
+  ]
 }

misc/tools.func

@@ -4237,6 +4237,18 @@ NVIDIA_PIN
   # VA-API for hybrid setups (Intel + NVIDIA)
   $STD apt-get -y install va-driver-all vainfo 2>/dev/null || true
 
+  # Fix GLX alternatives: nvidia-alternative diverts mesa libs but in LXC
+  # containers the nvidia GLX libs are typically missing, leaving libGL.so.1
+  # pointing nowhere. Fall back to mesa if nvidia GLX dir is empty/missing.
+  if command -v update-glx &>/dev/null; then
+    local nvidia_glx_dir="/usr/lib/nvidia"
+    if [[ ! -f "${nvidia_glx_dir}/libGL.so.1" ]] && [[ -d /usr/lib/mesa-diverted ]]; then
+      msg_info "NVIDIA GLX libs missing in container - falling back to mesa"
+      $STD update-glx --set glx /usr/lib/mesa-diverted 2>/dev/null || true
+      ldconfig 2>/dev/null || true
+    fi
+  fi
+
   msg_ok "NVIDIA GPU configured"
 }