linting

- Add log_msg(), log_section(), strip_ansi() helper functions to core.func
- Extend msg_ok, msg_error, msg_warn, msg_info, msg_custom to write to log file
- Log container settings (default and advanced) to log file
- Combine host creation log and container installation log on failure
- Use app-specific log path: /tmp/{app}-{ctid}-{session}.log
- Add timestamps and section headers in log files
- Improve get_error_text() with combined log fallback chain
- Add ensure_log_on_host() for trap handlers to pull logs before API reporting

CHANGELOG.md

@@ -417,6 +417,12 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
     - chore(donetick): add config entry for v0.1.73 [@tomfrenzel](https://github.com/tomfrenzel) ([#11872](https://github.com/community-scripts/ProxmoxVE/pull/11872))
     - Refactor: Radicale [@vhsdream](https://github.com/vhsdream) ([#11850](https://github.com/community-scripts/ProxmoxVE/pull/11850))
 
+### 💾 Core
+
+  - #### 🔧 Refactor
+
+    - core: retry reporting with fallback payloads [@MickLesk](https://github.com/MickLesk) ([#11885](https://github.com/community-scripts/ProxmoxVE/pull/11885))
+
 ### 📡 API
 
   - #### ✨ New Features

ct/frigate.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
-source <(curl -fsSL https://git.community-scripts.org/community-scripts/ProxmoxVE/raw/branch/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Authors: MickLesk (CanbiZ) | Co-Author: remz1337
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 tteck
+# Authors: tteck (tteckster)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://frigate.video/
 
@@ -11,7 +11,7 @@ var_cpu="${var_cpu:-4}"
 var_ram="${var_ram:-4096}"
 var_disk="${var_disk:-20}"
 var_os="${var_os:-debian}"
-var_version="${var_version:-12}"
+var_version="${var_version:-11}"
 var_unprivileged="${var_unprivileged:-0}"
 var_gpu="${var_gpu:-yes}"
 
@@ -21,15 +21,15 @@ color
 catch_errors
 
 function update_script() {
-    header_info
-    check_container_storage
-    check_container_resources
-    if [[ ! -f /etc/systemd/system/frigate.service ]]; then
-        msg_error "No ${APP} Installation Found!"
-        exit
-    fi
-    msg_error "To update Frigate, create a new container and transfer your configuration."
+  header_info
+  check_container_storage
+  check_container_resources
+  if [[ ! -f /etc/systemd/system/frigate.service ]]; then
+    msg_error "No ${APP} Installation Found!"
     exit
+  fi
+  msg_error "To update Frigate, create a new container and transfer your configuration."
+  exit
 }
 
 start

frontend/public/json/frigate.json

@@ -1,44 +0,0 @@
-{
-  "name": "Frigate",
-  "slug": "frigate",
-  "categories": [
-    15
-  ],
-  "date_created": "2026-02-13",
-  "type": "ct",
-  "updateable": false,
-  "privileged": false,
-  "config_path": "/config/config.yml",
-  "interface_port": 5000,
-  "documentation": "https://frigate.io/",
-  "website": "https://frigate.io/",
-  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/frigate-light.webp",
-  "description": "Frigate is a complete and local NVR (Network Video Recorder) with realtime AI object detection for CCTV cameras.",
-  "install_methods": [
-    {
-      "type": "default",
-      "script": "ct/frigate.sh",
-      "resources": {
-        "cpu": 4,
-        "ram": 4096,
-        "hdd": 20,
-        "os": "Debian",
-        "version": "12"
-      }
-    }
-  ],
-  "default_credentials": {
-    "username": null,
-    "password": null
-  },
-  "notes": [
-    {
-      "text": "SemanticSearch is not pre-installed due to high resource requirements (8+ cores, 16-24GB RAM, GPU recommended). Manual configuration required if needed.",
-      "type": "info"
-    },
-    {
-      "text": "OpenVino detector may fail on older CPUs (pre-Haswell/AVX2). If you encounter 'Illegal instruction' errors, consider using alternative detectors.",
-      "type": "warning"
-    }
-  ]
-}

frontend/public/json/frigate.json.bak

@@ -0,0 +1,44 @@
+{
+  "name": "Frigate",
+  "slug": "frigate",
+  "categories": [
+    15
+  ],
+  "date_created": "2024-05-02",
+  "type": "ct",
+  "updateable": false,
+  "privileged": true,
+  "interface_port": 5000,
+  "documentation": "https://docs.frigate.video/",
+  "website": "https://frigate.video/",
+  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/frigate.webp",
+  "config_path": "",
+  "description": "Frigate is an open source NVR built around real-time AI object detection. All processing is performed locally on your own hardware, and your camera feeds never leave your home.",
+  "install_methods": [
+    {
+      "type": "default",
+      "script": "ct/frigate.sh",
+      "resources": {
+        "cpu": 4,
+        "ram": 4096,
+        "hdd": 20,
+        "os": "debian",
+        "version": "11"
+      }
+    }
+  ],
+  "default_credentials": {
+    "username": null,
+    "password": null
+  },
+  "notes": [
+    {
+      "text": "Discussions (explore more advanced methods): `https://github.com/tteck/Proxmox/discussions/2711`",
+      "type": "info"
+    },
+    {
+      "text": "go2rtc Interface port:`1984`",
+      "type": "info"
+    }
+  ]
+}

install/frigate-install.sh

@@ -1,8 +1,8 @@
 #!/usr/bin/env bash
 
-# Copyright (c) 2021-2026 community-scripts ORG
-# Authors: MickLesk (CanbiZ)
-# Co-Authors: remz1337
+# Copyright (c) 2021-2026 tteck
+# Author: tteck (tteckster)
+# Co-Author: remz1337
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 # Source: https://frigate.video/
 
@@ -14,221 +14,60 @@ setting_up_container
 network_check
 update_os
 
-source /etc/os-release
-if [[ "$VERSION_ID" != "12" ]]; then
-  msg_error "Frigate requires Debian 12 (Bookworm) due to Python 3.11 dependencies"
-  exit 1
-fi
-
-msg_info "Converting APT sources to DEB822 format"
-if [ -f /etc/apt/sources.list ]; then
-  cat > /etc/apt/sources.list.d/debian.sources <<'EOF'
-Types: deb
-URIs: http://deb.debian.org/debian
-Suites: bookworm
-Components: main contrib
-Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
-
-Types: deb
-URIs: http://deb.debian.org/debian
-Suites: bookworm-updates
-Components: main contrib
-Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
-
-Types: deb
-URIs: http://security.debian.org
-Suites: bookworm-security
-Components: main contrib
-Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg
-EOF
-  mv /etc/apt/sources.list /etc/apt/sources.list.bak
-  $STD apt update
-fi
-msg_ok "Converted APT sources"
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  xz-utils \
-  python3 \
-  python3-dev \
-  python3-pip \
-  gcc \
-  pkg-config \
-  libhdf5-dev \
-  build-essential \
-  automake \
-  libtool \
-  ccache \
-  libusb-1.0-0-dev \
-  apt-transport-https \
-  cmake \
-  git \
-  libgtk-3-dev \
-  libavcodec-dev \
-  libavformat-dev \
-  libswscale-dev \
-  libv4l-dev \
-  libxvidcore-dev \
-  libx264-dev \
-  libjpeg-dev \
-  libpng-dev \
-  libtiff-dev \
-  gfortran \
-  openexr \
-  libssl-dev \
-  libtbbmalloc2 \
-  libtbb-dev \
-  libdc1394-dev \
-  libopenexr-dev \
-  libgstreamer-plugins-base1.0-dev \
-  libgstreamer1.0-dev \
-  tclsh \
-  libopenblas-dev \
-  liblapack-dev \
-  make \
-  moreutils
+msg_info "Installing Dependencies (Patience)"
+$STD apt-get install -y {git,ca-certificates,automake,build-essential,xz-utils,libtool,ccache,pkg-config,libgtk-3-dev,libavcodec-dev,libavformat-dev,libswscale-dev,libv4l-dev,libxvidcore-dev,libx264-dev,libjpeg-dev,libpng-dev,libtiff-dev,gfortran,openexr,libatlas-base-dev,libssl-dev,libtbb2,libtbb-dev,libdc1394-22-dev,libopenexr-dev,libgstreamer-plugins-base1.0-dev,libgstreamer1.0-dev,gcc,gfortran,libopenblas-dev,liblapack-dev,libusb-1.0-0-dev,jq,moreutils}
 msg_ok "Installed Dependencies"
 
+msg_info "Setup Python3"
+$STD apt-get install -y {python3,python3-dev,python3-setuptools,python3-distutils,python3-pip}
+$STD pip install --upgrade pip
+msg_ok "Setup Python3"
+
+NODE_VERSION="22" setup_nodejs
+
+msg_info "Installing go2rtc"
+mkdir -p /usr/local/go2rtc/bin
+cd /usr/local/go2rtc/bin
+curl -fsSL "https://github.com/AlexxIT/go2rtc/releases/latest/download/go2rtc_linux_amd64" -o "go2rtc"
+chmod +x go2rtc
+$STD ln -svf /usr/local/go2rtc/bin/go2rtc /usr/local/bin/go2rtc
+msg_ok "Installed go2rtc"
+
 setup_hwaccel
 
-export TARGETARCH="amd64"
-export CCACHE_DIR=/root/.ccache
-export CCACHE_MAXSIZE=2G
-export APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=DontWarn
-export PIP_BREAK_SYSTEM_PACKAGES=1
-export NVIDIA_VISIBLE_DEVICES=all
-export NVIDIA_DRIVER_CAPABILITIES="compute,video,utility"
-export TOKENIZERS_PARALLELISM=true
-export TRANSFORMERS_NO_ADVISORY_WARNINGS=1
-export OPENCV_FFMPEG_LOGLEVEL=8
-export HAILORT_LOGGER_PATH=NONE
-
-fetch_and_deploy_gh_release "frigate" "blakeblackshear/frigate" "tarball" "v0.16.4" "/opt/frigate"
-
-msg_info "Building Nginx"
-$STD bash /opt/frigate/docker/main/build_nginx.sh
-sed -e '/s6-notifyoncheck/ s/^#*/#/' -i /opt/frigate/docker/main/rootfs/etc/s6-overlay/s6-rc.d/nginx/run
-ln -sf /usr/local/nginx/sbin/nginx /usr/local/bin/nginx
-msg_ok "Built Nginx"
-
-msg_info "Building SQLite Extensions"
-$STD bash /opt/frigate/docker/main/build_sqlite_vec.sh
-msg_ok "Built SQLite Extensions"
-
-fetch_and_deploy_gh_release "go2rtc" "AlexxIT/go2rtc" "singlefile" "latest" "/usr/local/go2rtc/bin" "go2rtc_linux_amd64"
-
-msg_info "Installing Tempio"
-sed -i 's|/rootfs/usr/local|/usr/local|g' /opt/frigate/docker/main/install_tempio.sh
-$STD bash /opt/frigate/docker/main/install_tempio.sh
-ln -sf /usr/local/tempio/bin/tempio /usr/local/bin/tempio
-msg_ok "Installed Tempio"
-
-msg_info "Building libUSB"
-fetch_and_deploy_gh_release "libusb" "libusb/libusb" "tarball" "v1.0.26" "/opt/libusb"
-cd /opt/libusb
-$STD ./bootstrap.sh
-$STD ./configure CC='ccache gcc' CCX='ccache g++' --disable-udev --enable-shared
-$STD make -j "$(nproc)"
-cd /opt/libusb/libusb
-mkdir -p /usr/local/lib /usr/local/include/libusb-1.0 /usr/local/lib/pkgconfig
-$STD bash ../libtool --mode=install /usr/bin/install -c libusb-1.0.la /usr/local/lib
-install -c -m 644 libusb.h /usr/local/include/libusb-1.0
-cd /opt/libusb/
-install -c -m 644 libusb-1.0.pc /usr/local/lib/pkgconfig
-ldconfig
-msg_ok "Built libUSB"
-
-msg_info "Installing Python Dependencies"
-$STD pip3 install -r /opt/frigate/docker/main/requirements.txt
-msg_ok "Installed Python Dependencies"
-
-msg_info "Building Python Wheels (Patience)"
-mkdir -p /wheels
-sed -i 's|^SQLITE3_VERSION=.*|SQLITE3_VERSION="version-3.46.0"|g' /opt/frigate/docker/main/build_pysqlite3.sh
-$STD bash /opt/frigate/docker/main/build_pysqlite3.sh
-for i in {1..3}; do
-  $STD pip3 wheel --wheel-dir=/wheels -r /opt/frigate/docker/main/requirements-wheels.txt --default-timeout=300 --retries=3 && break
-  [[ $i -lt 3 ]] && sleep 10
-done
-msg_ok "Built Python Wheels"
-
-NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
-
-msg_info "Downloading Inference Models"
-mkdir -p /models /openvino-model
-wget -q -O /edgetpu_model.tflite https://github.com/google-coral/test_data/raw/release-frogfish/ssdlite_mobiledet_coco_qat_postprocess_edgetpu.tflite
-wget -q -O /models/cpu_model.tflite https://github.com/google-coral/test_data/raw/release-frogfish/ssdlite_mobiledet_coco_qat_postprocess.tflite
-cp /opt/frigate/labelmap.txt /labelmap.txt
-msg_ok "Downloaded Inference Models"
-
-msg_info "Downloading Audio Model"
-wget -q -O /tmp/yamnet.tar.gz https://www.kaggle.com/api/v1/models/google/yamnet/tfLite/classification-tflite/1/download
-$STD tar xzf /tmp/yamnet.tar.gz -C /
-mv /1.tflite /cpu_audio_model.tflite
-cp /opt/frigate/audio-labelmap.txt /audio-labelmap.txt
-rm -f /tmp/yamnet.tar.gz
-msg_ok "Downloaded Audio Model"
-
-msg_info "Installing HailoRT Runtime"
-$STD bash /opt/frigate/docker/main/install_hailort.sh
+msg_info "Installing Frigate v0.14.1 (Perseverance)"
+cd ~
+mkdir -p /opt/frigate/models
+curl -fsSL "https://github.com/blakeblackshear/frigate/archive/refs/tags/v0.14.1.tar.gz" -o "frigate.tar.gz"
+tar -xzf frigate.tar.gz -C /opt/frigate --strip-components 1
+rm -rf frigate.tar.gz
+cd /opt/frigate
+$STD pip3 wheel --wheel-dir=/wheels -r /opt/frigate/docker/main/requirements-wheels.txt
 cp -a /opt/frigate/docker/main/rootfs/. /
-sed -i '/^.*unset DEBIAN_FRONTEND.*$/d' /opt/frigate/docker/main/install_deps.sh
-echo "libedgetpu1-max libedgetpu/accepted-eula boolean true" | debconf-set-selections
-echo "libedgetpu1-max libedgetpu/install-confirm-max boolean true" | debconf-set-selections
-$STD bash /opt/frigate/docker/main/install_deps.sh
+export TARGETARCH="amd64"
+echo 'libc6 libraries/restart-without-asking boolean true' | debconf-set-selections
+$STD /opt/frigate/docker/main/install_deps.sh
+$STD apt update
+$STD ln -svf /usr/lib/btbn-ffmpeg/bin/ffmpeg /usr/local/bin/ffmpeg
+$STD ln -svf /usr/lib/btbn-ffmpeg/bin/ffprobe /usr/local/bin/ffprobe
 $STD pip3 install -U /wheels/*.whl
 ldconfig
-msg_ok "Installed HailoRT Runtime"
-
-msg_info "Installing OpenVino"
-$STD pip3 install -r /opt/frigate/docker/main/requirements-ov.txt
-msg_ok "Installed OpenVino"
-
-msg_info "Building OpenVino Model"
-cd /models
-wget -q http://download.tensorflow.org/models/object_detection/ssdlite_mobilenet_v2_coco_2018_05_09.tar.gz
-$STD tar -zxf ssdlite_mobilenet_v2_coco_2018_05_09.tar.gz --no-same-owner
-if python3 /opt/frigate/docker/main/build_ov_model.py 2>&1; then
-  cp /models/ssdlite_mobilenet_v2.xml /openvino-model/
-  cp /models/ssdlite_mobilenet_v2.bin /openvino-model/
-  wget -q https://github.com/openvinotoolkit/open_model_zoo/raw/master/data/dataset_classes/coco_91cl_bkgr.txt -O /openvino-model/coco_91cl_bkgr.txt
-  sed -i 's/truck/car/g' /openvino-model/coco_91cl_bkgr.txt
-  msg_ok "Built OpenVino Model"
-else
-  msg_warn "OpenVino build failed (CPU may not support required instructions). Frigate will use CPU model."
-fi
-
-msg_info "Building Frigate Application (Patience)"
-cd /opt/frigate
 $STD pip3 install -r /opt/frigate/docker/main/requirements-dev.txt
-$STD bash /opt/frigate/.devcontainer/initialize.sh
+$STD /opt/frigate/.devcontainer/initialize.sh
 $STD make version
 cd /opt/frigate/web
 $STD npm install
 $STD npm run build
 cp -r /opt/frigate/web/dist/* /opt/frigate/web/
-sed -i '/^s6-svc -O \.$/s/^/#/' /opt/frigate/docker/main/rootfs/etc/s6-overlay/s6-rc.d/frigate/run
-msg_ok "Built Frigate Application"
-
-msg_info "Configuring Frigate"
-mkdir -p /config /media/frigate
 cp -r /opt/frigate/config/. /config
-
-curl -fsSL "https://github.com/intel-iot-devkit/sample-videos/raw/master/person-bicycle-car-detection.mp4" -o "/media/frigate/person-bicycle-car-detection.mp4"
-
-echo "tmpfs   /tmp/cache      tmpfs   defaults        0       0" >>/etc/fstab
-
-cat <<EOF >/etc/frigate.env
-DEFAULT_FFMPEG_VERSION="7.0"
-INCLUDED_FFMPEG_VERSIONS="7.0:5.0"
-EOF
-
+sed -i '/^s6-svc -O \.$/s/^/#/' /opt/frigate/docker/main/rootfs/etc/s6-overlay/s6-rc.d/frigate/run
 cat <<EOF >/config/config.yml
 mqtt:
   enabled: false
 cameras:
   test:
     ffmpeg:
+      #hwaccel_args: preset-vaapi
       inputs:
         - path: /media/frigate/person-bicycle-car-detection.mp4
           input_args: -re -stream_loop -1 -fflags +genpts
@@ -239,42 +78,96 @@ cameras:
       height: 1080
       width: 1920
       fps: 5
-auth:
-  enabled: false
-detect:
-  enabled: false
 EOF
+ln -sf /config/config.yml /opt/frigate/config/config.yml
+if [[ "$CTTYPE" == "0" ]]; then
+  sed -i -e 's/^kvm:x:104:$/render:x:104:root,frigate/' -e 's/^render:x:105:root$/kvm:x:105:/' /etc/group
+else
+  sed -i -e 's/^kvm:x:104:$/render:x:104:frigate/' -e 's/^render:x:105:$/kvm:x:105:/' /etc/group
+fi
+echo "tmpfs   /tmp/cache      tmpfs   defaults        0       0" >>/etc/fstab
+msg_ok "Installed Frigate"
 
-if grep -q -o -m1 -E 'avx[^ ]*|sse4_2' /proc/cpuinfo; then
+if grep -q -o -m1 -E 'avx[^ ]*' /proc/cpuinfo; then
+  msg_ok "AVX Support Detected"
+  msg_info "Installing Openvino Object Detection Model (Resilience)"
+  $STD pip install -r /opt/frigate/docker/main/requirements-ov.txt
+  cd /opt/frigate/models
+  export ENABLE_ANALYTICS=NO
+  $STD /usr/local/bin/omz_downloader --name ssdlite_mobilenet_v2 --num_attempts 2
+  $STD /usr/local/bin/omz_converter --name ssdlite_mobilenet_v2 --precision FP16 --mo /usr/local/bin/mo
+  cd /
+  cp -r /opt/frigate/models/public/ssdlite_mobilenet_v2 openvino-model
+  curl -fsSL "https://github.com/openvinotoolkit/open_model_zoo/raw/master/data/dataset_classes/coco_91cl_bkgr.txt" -o "openvino-model/coco_91cl_bkgr.txt"
+  sed -i 's/truck/car/g' openvino-model/coco_91cl_bkgr.txt
   cat <<EOF >>/config/config.yml
-ffmpeg:
-  hwaccel_args: auto
 detectors:
-  detector01:
+  ov:
     type: openvino
+    device: CPU
+    model:
+      path: /openvino-model/FP16/ssdlite_mobilenet_v2.xml
 model:
   width: 300
   height: 300
   input_tensor: nhwc
   input_pixel_format: bgr
-  path: /openvino-model/ssdlite_mobilenet_v2.xml
   labelmap_path: /openvino-model/coco_91cl_bkgr.txt
 EOF
+  msg_ok "Installed Openvino Object Detection Model"
 else
   cat <<EOF >>/config/config.yml
-ffmpeg:
-  hwaccel_args: auto
 model:
   path: /cpu_model.tflite
 EOF
 fi
-msg_ok "Configured Frigate"
+
+msg_info "Installing Coral Object Detection Model (Patience)"
+cd /opt/frigate
+export CCACHE_DIR=/root/.ccache
+export CCACHE_MAXSIZE=2G
+curl -fsSL "https://github.com/libusb/libusb/archive/v1.0.26.zip" -o "v1.0.26.zip"
+$STD unzip v1.0.26.zip
+rm v1.0.26.zip
+cd libusb-1.0.26
+$STD ./bootstrap.sh
+$STD ./configure --disable-udev --enable-shared
+$STD make -j $(nproc --all)
+cd /opt/frigate/libusb-1.0.26/libusb
+mkdir -p /usr/local/lib
+$STD /bin/bash ../libtool --mode=install /usr/bin/install -c libusb-1.0.la '/usr/local/lib'
+mkdir -p /usr/local/include/libusb-1.0
+$STD /usr/bin/install -c -m 644 libusb.h '/usr/local/include/libusb-1.0'
+ldconfig
+cd /
+curl -fsSL "https://github.com/google-coral/test_data/raw/release-frogfish/ssdlite_mobiledet_coco_qat_postprocess_edgetpu.tflite" -o "edgetpu_model.tflite"
+curl -fsSL "https://github.com/google-coral/test_data/raw/release-frogfish/ssdlite_mobiledet_coco_qat_postprocess.tflite" -o "cpu_model.tflite"
+cp /opt/frigate/labelmap.txt /labelmap.txt
+curl -fsSL "https://www.kaggle.com/api/v1/models/google/yamnet/tfLite/classification-tflite/1/download" -o "yamnet-tflite-classification-tflite-v1.tar.gz"
+tar xzf yamnet-tflite-classification-tflite-v1.tar.gz
+rm -rf yamnet-tflite-classification-tflite-v1.tar.gz
+mv 1.tflite cpu_audio_model.tflite
+cp /opt/frigate/audio-labelmap.txt /audio-labelmap.txt
+mkdir -p /media/frigate
+curl -fsSL "https://github.com/intel-iot-devkit/sample-videos/raw/master/person-bicycle-car-detection.mp4" -o "/media/frigate/person-bicycle-car-detection.mp4"
+msg_ok "Installed Coral Object Detection Model"
+
+msg_info "Building Nginx with Custom Modules"
+$STD /opt/frigate/docker/main/build_nginx.sh
+sed -e '/s6-notifyoncheck/ s/^#*/#/' -i /opt/frigate/docker/main/rootfs/etc/s6-overlay/s6-rc.d/nginx/run
+ln -sf /usr/local/nginx/sbin/nginx /usr/local/bin/nginx
+msg_ok "Built Nginx"
+
+msg_info "Installing Tempio"
+sed -i 's|/rootfs/usr/local|/usr/local|g' /opt/frigate/docker/main/install_tempio.sh
+$STD /opt/frigate/docker/main/install_tempio.sh
+ln -sf /usr/local/tempio/bin/tempio /usr/local/bin/tempio
+msg_ok "Installed Tempio"
 
 msg_info "Creating Services"
 cat <<EOF >/etc/systemd/system/create_directories.service
 [Unit]
-Description=Create necessary directories for Frigate logs
-Before=frigate.service go2rtc.service nginx.service
+Description=Create necessary directories for logs
 
 [Service]
 Type=oneshot
@@ -283,11 +176,13 @@ ExecStart=/bin/bash -c '/bin/mkdir -p /dev/shm/logs/{frigate,go2rtc,nginx} && /b
 [Install]
 WantedBy=multi-user.target
 EOF
-
+systemctl enable -q --now create_directories
+sleep 3
 cat <<EOF >/etc/systemd/system/go2rtc.service
 [Unit]
-Description=go2rtc streaming service
-After=network.target create_directories.service
+Description=go2rtc service
+After=network.target
+After=create_directories.service
 StartLimitIntervalSec=0
 
 [Service]
@@ -295,8 +190,7 @@ Type=simple
 Restart=always
 RestartSec=1
 User=root
-EnvironmentFile=/etc/frigate.env
-ExecStartPre=+rm -f /dev/shm/logs/go2rtc/current
+ExecStartPre=+rm /dev/shm/logs/go2rtc/current
 ExecStart=/bin/bash -c "bash /opt/frigate/docker/main/rootfs/etc/s6-overlay/s6-rc.d/go2rtc/run 2> >(/usr/bin/ts '%%Y-%%m-%%d %%H:%%M:%%.S ' >&2) | /usr/bin/ts '%%Y-%%m-%%d %%H:%%M:%%.S '"
 StandardOutput=file:/dev/shm/logs/go2rtc/current
 StandardError=file:/dev/shm/logs/go2rtc/current
@@ -304,11 +198,13 @@ StandardError=file:/dev/shm/logs/go2rtc/current
 [Install]
 WantedBy=multi-user.target
 EOF
-
+systemctl enable -q --now go2rtc
+sleep 3
 cat <<EOF >/etc/systemd/system/frigate.service
 [Unit]
-Description=Frigate NVR service
-After=go2rtc.service create_directories.service
+Description=Frigate service
+After=go2rtc.service
+After=create_directories.service
 StartLimitIntervalSec=0
 
 [Service]
@@ -316,8 +212,8 @@ Type=simple
 Restart=always
 RestartSec=1
 User=root
-EnvironmentFile=/etc/frigate.env
-ExecStartPre=+rm -f /dev/shm/logs/frigate/current
+# Environment=PLUS_API_KEY=
+ExecStartPre=+rm /dev/shm/logs/frigate/current
 ExecStart=/bin/bash -c "bash /opt/frigate/docker/main/rootfs/etc/s6-overlay/s6-rc.d/frigate/run 2> >(/usr/bin/ts '%%Y-%%m-%%d %%H:%%M:%%.S ' >&2) | /usr/bin/ts '%%Y-%%m-%%d %%H:%%M:%%.S '"
 StandardOutput=file:/dev/shm/logs/frigate/current
 StandardError=file:/dev/shm/logs/frigate/current
@@ -325,11 +221,13 @@ StandardError=file:/dev/shm/logs/frigate/current
 [Install]
 WantedBy=multi-user.target
 EOF
-
+systemctl enable -q --now frigate
+sleep 3
 cat <<EOF >/etc/systemd/system/nginx.service
 [Unit]
-Description=Nginx reverse proxy for Frigate
-After=frigate.service create_directories.service
+Description=Nginx service
+After=frigate.service
+After=create_directories.service
 StartLimitIntervalSec=0
 
 [Service]
@@ -337,7 +235,7 @@ Type=simple
 Restart=always
 RestartSec=1
 User=root
-ExecStartPre=+rm -f /dev/shm/logs/nginx/current
+ExecStartPre=+rm /dev/shm/logs/nginx/current
 ExecStart=/bin/bash -c "bash /opt/frigate/docker/main/rootfs/etc/s6-overlay/s6-rc.d/nginx/run 2> >(/usr/bin/ts '%%Y-%%m-%%d %%H:%%M:%%.S ' >&2) | /usr/bin/ts '%%Y-%%m-%%d %%H:%%M:%%.S '"
 StandardOutput=file:/dev/shm/logs/nginx/current
 StandardError=file:/dev/shm/logs/nginx/current
@@ -345,20 +243,8 @@ StandardError=file:/dev/shm/logs/nginx/current
 [Install]
 WantedBy=multi-user.target
 EOF
-
-systemctl daemon-reload
-systemctl enable -q --now create_directories
-sleep 2
-systemctl enable -q --now go2rtc
-sleep 2
-systemctl enable -q --now frigate
-sleep 2
 systemctl enable -q --now nginx
-msg_ok "Created Services"
-
-msg_info "Cleaning Up"
-rm -rf /opt/libusb /wheels /models/*.tar.gz
-msg_ok "Cleaned Up"
+msg_ok "Configured Services"
 
 motd_ssh
 customize

misc/api.func

@@ -242,7 +242,7 @@ explain_exit_code() {
 json_escape() {
   local s="$1"
   s=${s//\\/\\\\}
-  s=${s//"/\\"}
+  s=${s//"/\\"/}
   s=${s//$'\n'/\\n}
   s=${s//$'\r'/}
   s=${s//$'\t'/\\t}
@@ -253,7 +253,8 @@ json_escape() {
 # get_error_text()
 #
 # - Returns last 20 lines of the active log (INSTALL_LOG or BUILD_LOG)
-# - Falls back to empty string if no log is available
+# - Falls back to combined log or BUILD_LOG if primary is not accessible
+# - Handles container paths that don't exist on the host
 # ------------------------------------------------------------------------------
 get_error_text() {
   local logfile=""
@@ -265,6 +266,22 @@ get_error_text() {
     logfile="$BUILD_LOG"
   fi
 
+  # If logfile is inside container (e.g. /root/.install-*), try the host copy
+  if [[ -n "$logfile" && ! -s "$logfile" ]]; then
+    # Try combined log: /tmp/<app>-<CTID>-<SESSION_ID>.log
+    if [[ -n "${CTID:-}" && -n "${SESSION_ID:-}" ]]; then
+      local combined_log="/tmp/${NSAPP:-lxc}-${CTID}-${SESSION_ID}.log"
+      if [[ -s "$combined_log" ]]; then
+        logfile="$combined_log"
+      fi
+    fi
+  fi
+
+  # Also try BUILD_LOG as fallback if primary log is empty/missing
+  if [[ -z "$logfile" || ! -s "$logfile" ]] && [[ -n "${BUILD_LOG:-}" && -s "${BUILD_LOG}" ]]; then
+    logfile="$BUILD_LOG"
+  fi
+
   if [[ -n "$logfile" && -s "$logfile" ]]; then
     tail -n 20 "$logfile" 2>/dev/null | sed 's/\r$//'
   fi
@@ -422,7 +439,8 @@ post_to_api() {
     detect_gpu
   fi
   local gpu_vendor="${GPU_VENDOR:-unknown}"
-  local gpu_model="${GPU_MODEL:-}"
+  local gpu_model
+  gpu_model=$(json_escape "${GPU_MODEL:-}")
   local gpu_passthrough="${GPU_PASSTHROUGH:-unknown}"
 
   # Detect CPU if not already set
@@ -430,7 +448,8 @@ post_to_api() {
     detect_cpu
   fi
   local cpu_vendor="${CPU_VENDOR:-unknown}"
-  local cpu_model="${CPU_MODEL:-}"
+  local cpu_model
+  cpu_model=$(json_escape "${CPU_MODEL:-}")
 
   # Detect RAM if not already set
   if [[ -z "${RAM_SPEED:-}" ]]; then
@@ -521,7 +540,8 @@ post_to_api_vm() {
     detect_gpu
   fi
   local gpu_vendor="${GPU_VENDOR:-unknown}"
-  local gpu_model="${GPU_MODEL:-}"
+  local gpu_model
+  gpu_model=$(json_escape "${GPU_MODEL:-}")
   local gpu_passthrough="${GPU_PASSTHROUGH:-unknown}"
 
   # Detect CPU if not already set
@@ -529,7 +549,8 @@ post_to_api_vm() {
     detect_cpu
   fi
   local cpu_vendor="${CPU_VENDOR:-unknown}"
-  local cpu_model="${CPU_MODEL:-}"
+  local cpu_model
+  cpu_model=$(json_escape "${CPU_MODEL:-}")
 
   # Detect RAM if not already set
   if [[ -z "${RAM_SPEED:-}" ]]; then
@@ -592,9 +613,12 @@ post_update_to_api() {
   # Silent fail - telemetry should never break scripts
   command -v curl &>/dev/null || return 0
 
-  # Prevent duplicate submissions
+  # Support "force" mode (3rd arg) to bypass duplicate check for retries after cleanup
+  local force="${3:-}"
   POST_UPDATE_DONE=${POST_UPDATE_DONE:-false}
-  [[ "$POST_UPDATE_DONE" == "true" ]] && return 0
+  if [[ "$POST_UPDATE_DONE" == "true" && "$force" != "force" ]]; then
+    return 0
+  fi
 
   [[ "${DIAGNOSTICS:-no}" == "no" ]] && return 0
   [[ -z "${RANDOM_UUID:-}" ]] && return 0
@@ -605,12 +629,14 @@ post_update_to_api() {
 
   # Get GPU info (if detected)
   local gpu_vendor="${GPU_VENDOR:-unknown}"
-  local gpu_model="${GPU_MODEL:-}"
+  local gpu_model
+  gpu_model=$(json_escape "${GPU_MODEL:-}")
   local gpu_passthrough="${GPU_PASSTHROUGH:-unknown}"
 
   # Get CPU info (if detected)
   local cpu_vendor="${CPU_VENDOR:-unknown}"
-  local cpu_model="${CPU_MODEL:-}"
+  local cpu_model
+  cpu_model=$(json_escape "${CPU_MODEL:-}")
 
   # Get RAM info (if detected)
   local ram_speed="${RAM_SPEED:-}"
@@ -632,6 +658,7 @@ post_update_to_api() {
   esac
 
   # For failed/unknown status, resolve exit code and error description
+  local short_error=""
   if [[ "$pb_status" == "failed" ]] || [[ "$pb_status" == "unknown" ]]; then
     if [[ "$raw_exit_code" =~ ^[0-9]+$ ]]; then
       exit_code="$raw_exit_code"
@@ -645,6 +672,7 @@ post_update_to_api() {
     else
       error=$(json_escape "$(explain_exit_code "$exit_code")")
     fi
+    short_error=$(json_escape "$(explain_exit_code "$exit_code")")
     error_category=$(categorize_error "$exit_code")
     [[ -z "$error" ]] && error="Unknown error"
   fi
@@ -661,8 +689,9 @@ post_update_to_api() {
     pve_version=$(pveversion 2>/dev/null | awk -F'[/ ]' '{print $2}') || true
   fi
 
-  # Full payload including all fields - allows record creation if initial call failed
-  # The Go service will find the record by random_id and PATCH, or create if not found
+  local http_code=""
+
+  # ── Attempt 1: Full payload with complete error text ──
   local JSON_PAYLOAD
   JSON_PAYLOAD=$(
     cat <<EOF
@@ -694,11 +723,80 @@ post_update_to_api() {
 EOF
   )
 
-  # Fire-and-forget: never block, never fail
+  http_code=$(curl -sS -w "%{http_code}" -m "${TELEMETRY_TIMEOUT}" -X POST "${TELEMETRY_URL}" \
+    -H "Content-Type: application/json" \
+    -d "$JSON_PAYLOAD" -o /dev/null 2>/dev/null) || http_code="000"
+
+  if [[ "$http_code" =~ ^2[0-9]{2}$ ]]; then
+    POST_UPDATE_DONE=true
+    return 0
+  fi
+
+  # ── Attempt 2: Short error text (no full log) ──
+  sleep 1
+  local RETRY_PAYLOAD
+  RETRY_PAYLOAD=$(
+    cat <<EOF
+{
+    "random_id": "${RANDOM_UUID}",
+    "type": "${TELEMETRY_TYPE:-lxc}",
+    "nsapp": "${NSAPP:-unknown}",
+    "status": "${pb_status}",
+    "ct_type": ${CT_TYPE:-1},
+    "disk_size": ${DISK_SIZE:-0},
+    "core_count": ${CORE_COUNT:-0},
+    "ram_size": ${RAM_SIZE:-0},
+    "os_type": "${var_os:-}",
+    "os_version": "${var_version:-}",
+    "pve_version": "${pve_version}",
+    "method": "${METHOD:-default}",
+    "exit_code": ${exit_code},
+    "error": "${short_error}",
+    "error_category": "${error_category}",
+    "install_duration": ${duration},
+    "cpu_vendor": "${cpu_vendor}",
+    "cpu_model": "${cpu_model}",
+    "gpu_vendor": "${gpu_vendor}",
+    "gpu_model": "${gpu_model}",
+    "gpu_passthrough": "${gpu_passthrough}",
+    "ram_speed": "${ram_speed}",
+    "repo_source": "${REPO_SOURCE}"
+}
+EOF
+  )
+
+  http_code=$(curl -sS -w "%{http_code}" -m "${TELEMETRY_TIMEOUT}" -X POST "${TELEMETRY_URL}" \
+    -H "Content-Type: application/json" \
+    -d "$RETRY_PAYLOAD" -o /dev/null 2>/dev/null) || http_code="000"
+
+  if [[ "$http_code" =~ ^2[0-9]{2}$ ]]; then
+    POST_UPDATE_DONE=true
+    return 0
+  fi
+
+  # ── Attempt 3: Minimal payload (bare minimum to set status) ──
+  sleep 2
+  local MINIMAL_PAYLOAD
+  MINIMAL_PAYLOAD=$(
+    cat <<EOF
+{
+    "random_id": "${RANDOM_UUID}",
+    "type": "${TELEMETRY_TYPE:-lxc}",
+    "nsapp": "${NSAPP:-unknown}",
+    "status": "${pb_status}",
+    "exit_code": ${exit_code},
+    "error": "${short_error}",
+    "error_category": "${error_category}",
+    "install_duration": ${duration}
+}
+EOF
+  )
+
   curl -sS -w "%{http_code}" -m "${TELEMETRY_TIMEOUT}" -X POST "${TELEMETRY_URL}" \
     -H "Content-Type: application/json" \
-    -d "$JSON_PAYLOAD" -o /dev/null 2>&1 || true
+    -d "$MINIMAL_PAYLOAD" -o /dev/null 2>/dev/null || true
 
+  # Tried 3 times - mark as done regardless to prevent infinite loops
   POST_UPDATE_DONE=true
 }
 

misc/build.func

@@ -38,15 +38,16 @@
 # - Captures app-declared resource defaults (CPU, RAM, Disk)
 # ------------------------------------------------------------------------------
 variables() {
-  NSAPP=$(echo "${APP,,}" | tr -d ' ')              # This function sets the NSAPP variable by converting the value of the APP variable to lowercase and removing any spaces.
-  var_install="${NSAPP}-install"                    # sets the var_install variable by appending "-install" to the value of NSAPP.
-  INTEGER='^[0-9]+([.][0-9]+)?$'                    # it defines the INTEGER regular expression pattern.
-  PVEHOST_NAME=$(hostname)                          # gets the Proxmox Hostname and sets it to Uppercase
-  DIAGNOSTICS="yes"                                 # sets the DIAGNOSTICS variable to "yes", used for the API call.
-  METHOD="default"                                  # sets the METHOD variable to "default", used for the API call.
-  RANDOM_UUID="$(cat /proc/sys/kernel/random/uuid)" # generates a random UUID and sets it to the RANDOM_UUID variable.
-  SESSION_ID="${RANDOM_UUID:0:8}"                   # Short session ID (first 8 chars of UUID) for log files
-  BUILD_LOG="/tmp/create-lxc-${SESSION_ID}.log"     # Host-side container creation log
+  NSAPP=$(echo "${APP,,}" | tr -d ' ')                   # This function sets the NSAPP variable by converting the value of the APP variable to lowercase and removing any spaces.
+  var_install="${NSAPP}-install"                         # sets the var_install variable by appending "-install" to the value of NSAPP.
+  INTEGER='^[0-9]+([.][0-9]+)?$'                         # it defines the INTEGER regular expression pattern.
+  PVEHOST_NAME=$(hostname)                               # gets the Proxmox Hostname and sets it to Uppercase
+  DIAGNOSTICS="yes"                                      # sets the DIAGNOSTICS variable to "yes", used for the API call.
+  METHOD="default"                                       # sets the METHOD variable to "default", used for the API call.
+  RANDOM_UUID="$(cat /proc/sys/kernel/random/uuid)"      # generates a random UUID and sets it to the RANDOM_UUID variable.
+  SESSION_ID="${RANDOM_UUID:0:8}"                        # Short session ID (first 8 chars of UUID) for log files
+  BUILD_LOG="/tmp/create-lxc-${SESSION_ID}.log"          # Host-side container creation log
+  combined_log="/tmp/install-${SESSION_ID}-combined.log" # Combined log (build + install) for failed installations
   CTTYPE="${CTTYPE:-${CT_TYPE:-1}}"
 
   # Parse dev_mode early
@@ -217,7 +218,7 @@ update_motd_ip() {
     local current_os="$(grep ^NAME /etc/os-release | cut -d= -f2 | tr -d '"') - Version: $(grep ^VERSION_ID /etc/os-release | cut -d= -f2 | tr -d '"')"
     local current_hostname="$(hostname)"
     local current_ip="$(hostname -I | awk '{print $1}')"
-    
+
     # Update only if values actually changed
     if ! grep -q "OS:.*$current_os" "$PROFILE_FILE" 2>/dev/null; then
       sed -i "s|OS:.*|OS: \${GN}$current_os\${CL}\\\"|" "$PROFILE_FILE"
@@ -385,7 +386,7 @@ validate_hostname() {
 
   # Split by dots and validate each label
   local IFS='.'
-  read -ra labels <<< "$hostname"
+  read -ra labels <<<"$hostname"
   for label in "${labels[@]}"; do
     # Each label: 1-63 chars, alphanumeric, hyphens allowed (not at start/end)
     if [[ -z "$label" ]] || [[ ${#label} -gt 63 ]]; then
@@ -489,7 +490,7 @@ validate_ipv6_address() {
   # Check that no segment exceeds 4 hex chars
   local IFS=':'
   local -a segments
-  read -ra segments <<< "$addr"
+  read -ra segments <<<"$addr"
   for seg in "${segments[@]}"; do
     if [[ ${#seg} -gt 4 ]]; then
       return 1
@@ -539,14 +540,14 @@ validate_gateway_in_subnet() {
 
   # Convert IPs to integers
   local IFS='.'
-  read -r i1 i2 i3 i4 <<< "$ip"
-  read -r g1 g2 g3 g4 <<< "$gateway"
+  read -r i1 i2 i3 i4 <<<"$ip"
+  read -r g1 g2 g3 g4 <<<"$gateway"
 
-  local ip_int=$(( (i1 << 24) + (i2 << 16) + (i3 << 8) + i4 ))
-  local gw_int=$(( (g1 << 24) + (g2 << 16) + (g3 << 8) + g4 ))
+  local ip_int=$(((i1 << 24) + (i2 << 16) + (i3 << 8) + i4))
+  local gw_int=$(((g1 << 24) + (g2 << 16) + (g3 << 8) + g4))
 
   # Check if both are in same network
-  if (( (ip_int & mask) != (gw_int & mask) )); then
+  if (((ip_int & mask) != (gw_int & mask))); then
     return 1
   fi
 
@@ -1079,117 +1080,117 @@ load_vars_file() {
       # Validate values before setting (skip empty values - they use defaults)
       if [[ -n "$var_val" ]]; then
         case "$var_key" in
-          var_mac)
-            if ! validate_mac_address "$var_val"; then
-              msg_warn "Invalid MAC address '$var_val' in $file, ignoring"
+        var_mac)
+          if ! validate_mac_address "$var_val"; then
+            msg_warn "Invalid MAC address '$var_val' in $file, ignoring"
+            continue
+          fi
+          ;;
+        var_vlan)
+          if ! validate_vlan_tag "$var_val"; then
+            msg_warn "Invalid VLAN tag '$var_val' in $file (must be 1-4094), ignoring"
+            continue
+          fi
+          ;;
+        var_mtu)
+          if ! validate_mtu "$var_val"; then
+            msg_warn "Invalid MTU '$var_val' in $file (must be 576-65535), ignoring"
+            continue
+          fi
+          ;;
+        var_tags)
+          if ! validate_tags "$var_val"; then
+            msg_warn "Invalid tags '$var_val' in $file (alphanumeric, -, _, ; only), ignoring"
+            continue
+          fi
+          ;;
+        var_timezone)
+          if ! validate_timezone "$var_val"; then
+            msg_warn "Invalid timezone '$var_val' in $file, ignoring"
+            continue
+          fi
+          ;;
+        var_brg)
+          if ! validate_bridge "$var_val"; then
+            msg_warn "Bridge '$var_val' not found in $file, ignoring"
+            continue
+          fi
+          ;;
+        var_gateway)
+          if ! validate_gateway_ip "$var_val"; then
+            msg_warn "Invalid gateway IP '$var_val' in $file, ignoring"
+            continue
+          fi
+          ;;
+        var_hostname)
+          if ! validate_hostname "$var_val"; then
+            msg_warn "Invalid hostname '$var_val' in $file, ignoring"
+            continue
+          fi
+          ;;
+        var_cpu)
+          if ! [[ "$var_val" =~ ^[0-9]+$ ]] || ((var_val < 1 || var_val > 128)); then
+            msg_warn "Invalid CPU count '$var_val' in $file (must be 1-128), ignoring"
+            continue
+          fi
+          ;;
+        var_ram)
+          if ! [[ "$var_val" =~ ^[0-9]+$ ]] || ((var_val < 256)); then
+            msg_warn "Invalid RAM '$var_val' in $file (must be >= 256 MiB), ignoring"
+            continue
+          fi
+          ;;
+        var_disk)
+          if ! [[ "$var_val" =~ ^[0-9]+$ ]] || ((var_val < 1)); then
+            msg_warn "Invalid disk size '$var_val' in $file (must be >= 1 GB), ignoring"
+            continue
+          fi
+          ;;
+        var_unprivileged)
+          if [[ "$var_val" != "0" && "$var_val" != "1" ]]; then
+            msg_warn "Invalid unprivileged value '$var_val' in $file (must be 0 or 1), ignoring"
+            continue
+          fi
+          ;;
+        var_nesting)
+          if [[ "$var_val" != "0" && "$var_val" != "1" ]]; then
+            msg_warn "Invalid nesting value '$var_val' in $file (must be 0 or 1), ignoring"
+            continue
+          fi
+          # Warn about potential issues with systemd-based OS when nesting is disabled via vars file
+          if [[ "$var_val" == "0" && "${var_os:-debian}" != "alpine" ]]; then
+            msg_warn "Nesting disabled in $file - modern systemd-based distributions may require nesting for proper operation"
+          fi
+          ;;
+        var_keyctl)
+          if [[ "$var_val" != "0" && "$var_val" != "1" ]]; then
+            msg_warn "Invalid keyctl value '$var_val' in $file (must be 0 or 1), ignoring"
+            continue
+          fi
+          ;;
+        var_net)
+          # var_net can be: dhcp, static IP/CIDR, or IP range
+          if [[ "$var_val" != "dhcp" ]]; then
+            if is_ip_range "$var_val"; then
+              : # IP range is valid, will be resolved at runtime
+            elif ! validate_ip_address "$var_val"; then
+              msg_warn "Invalid network '$var_val' in $file (must be dhcp or IP/CIDR), ignoring"
               continue
             fi
-            ;;
-          var_vlan)
-            if ! validate_vlan_tag "$var_val"; then
-              msg_warn "Invalid VLAN tag '$var_val' in $file (must be 1-4094), ignoring"
-              continue
-            fi
-            ;;
-          var_mtu)
-            if ! validate_mtu "$var_val"; then
-              msg_warn "Invalid MTU '$var_val' in $file (must be 576-65535), ignoring"
-              continue
-            fi
-            ;;
-          var_tags)
-            if ! validate_tags "$var_val"; then
-              msg_warn "Invalid tags '$var_val' in $file (alphanumeric, -, _, ; only), ignoring"
-              continue
-            fi
-            ;;
-          var_timezone)
-            if ! validate_timezone "$var_val"; then
-              msg_warn "Invalid timezone '$var_val' in $file, ignoring"
-              continue
-            fi
-            ;;
-          var_brg)
-            if ! validate_bridge "$var_val"; then
-              msg_warn "Bridge '$var_val' not found in $file, ignoring"
-              continue
-            fi
-            ;;
-          var_gateway)
-            if ! validate_gateway_ip "$var_val"; then
-              msg_warn "Invalid gateway IP '$var_val' in $file, ignoring"
-              continue
-            fi
-            ;;
-          var_hostname)
-            if ! validate_hostname "$var_val"; then
-              msg_warn "Invalid hostname '$var_val' in $file, ignoring"
-              continue
-            fi
-            ;;
-          var_cpu)
-            if ! [[ "$var_val" =~ ^[0-9]+$ ]] || ((var_val < 1 || var_val > 128)); then
-              msg_warn "Invalid CPU count '$var_val' in $file (must be 1-128), ignoring"
-              continue
-            fi
-            ;;
-          var_ram)
-            if ! [[ "$var_val" =~ ^[0-9]+$ ]] || ((var_val < 256)); then
-              msg_warn "Invalid RAM '$var_val' in $file (must be >= 256 MiB), ignoring"
-              continue
-            fi
-            ;;
-          var_disk)
-            if ! [[ "$var_val" =~ ^[0-9]+$ ]] || ((var_val < 1)); then
-              msg_warn "Invalid disk size '$var_val' in $file (must be >= 1 GB), ignoring"
-              continue
-            fi
-            ;;
-          var_unprivileged)
-            if [[ "$var_val" != "0" && "$var_val" != "1" ]]; then
-              msg_warn "Invalid unprivileged value '$var_val' in $file (must be 0 or 1), ignoring"
-              continue
-            fi
-            ;;
-          var_nesting)
-            if [[ "$var_val" != "0" && "$var_val" != "1" ]]; then
-              msg_warn "Invalid nesting value '$var_val' in $file (must be 0 or 1), ignoring"
-              continue
-            fi
-            # Warn about potential issues with systemd-based OS when nesting is disabled via vars file
-            if [[ "$var_val" == "0" && "${var_os:-debian}" != "alpine" ]]; then
-              msg_warn "Nesting disabled in $file - modern systemd-based distributions may require nesting for proper operation"
-            fi
-            ;;
-          var_keyctl)
-            if [[ "$var_val" != "0" && "$var_val" != "1" ]]; then
-              msg_warn "Invalid keyctl value '$var_val' in $file (must be 0 or 1), ignoring"
-              continue
-            fi
-            ;;
-          var_net)
-            # var_net can be: dhcp, static IP/CIDR, or IP range
-            if [[ "$var_val" != "dhcp" ]]; then
-              if is_ip_range "$var_val"; then
-                : # IP range is valid, will be resolved at runtime
-              elif ! validate_ip_address "$var_val"; then
-                msg_warn "Invalid network '$var_val' in $file (must be dhcp or IP/CIDR), ignoring"
-                continue
-              fi
-            fi
-            ;;
-          var_fuse|var_tun|var_gpu|var_ssh|var_verbose|var_protection)
-            if [[ "$var_val" != "yes" && "$var_val" != "no" ]]; then
-              msg_warn "Invalid boolean '$var_val' for $var_key in $file (must be yes/no), ignoring"
-              continue
-            fi
-            ;;
-          var_ipv6_method)
-            if [[ "$var_val" != "auto" && "$var_val" != "dhcp" && "$var_val" != "static" && "$var_val" != "none" ]]; then
-              msg_warn "Invalid IPv6 method '$var_val' in $file (must be auto/dhcp/static/none), ignoring"
-              continue
-            fi
-            ;;
+          fi
+          ;;
+        var_fuse | var_tun | var_gpu | var_ssh | var_verbose | var_protection)
+          if [[ "$var_val" != "yes" && "$var_val" != "no" ]]; then
+            msg_warn "Invalid boolean '$var_val' for $var_key in $file (must be yes/no), ignoring"
+            continue
+          fi
+          ;;
+        var_ipv6_method)
+          if [[ "$var_val" != "auto" && "$var_val" != "dhcp" && "$var_val" != "static" && "$var_val" != "none" ]]; then
+            msg_warn "Invalid IPv6 method '$var_val' in $file (must be auto/dhcp/static/none), ignoring"
+            continue
+          fi
+          ;;
         esac
       fi
 
@@ -2764,6 +2765,26 @@ Advanced:
   [[ "$APT_CACHER" == "yes" ]] && echo -e "${INFO}${BOLD}${DGN}APT Cacher: ${BGN}$APT_CACHER_IP${CL}"
   echo -e "${SEARCH}${BOLD}${DGN}Verbose Mode: ${BGN}$VERBOSE${CL}"
   echo -e "${CREATING}${BOLD}${RD}Creating an LXC of ${APP} using the above advanced settings${CL}"
+
+  # Log settings to file
+  log_section "CONTAINER SETTINGS (ADVANCED) - ${APP}"
+  log_msg "Application: ${APP}"
+  log_msg "PVE Version: ${PVEVERSION} (Kernel: ${KERNEL_VERSION})"
+  log_msg "Operating System: $var_os ($var_version)"
+  log_msg "Container Type: $([ "$CT_TYPE" == "1" ] && echo "Unprivileged" || echo "Privileged")"
+  log_msg "Container ID: $CT_ID"
+  log_msg "Hostname: $HN"
+  log_msg "Disk Size: ${DISK_SIZE} GB"
+  log_msg "CPU Cores: $CORE_COUNT"
+  log_msg "RAM Size: ${RAM_SIZE} MiB"
+  log_msg "Bridge: $BRG"
+  log_msg "IPv4: $NET"
+  log_msg "IPv6: $IPV6_METHOD"
+  log_msg "FUSE Support: ${ENABLE_FUSE:-no}"
+  log_msg "Nesting: $([ "${ENABLE_NESTING:-1}" == "1" ] && echo "Enabled" || echo "Disabled")"
+  log_msg "GPU Passthrough: ${ENABLE_GPU:-no}"
+  log_msg "Verbose Mode: $VERBOSE"
+  log_msg "Session ID: ${SESSION_ID}"
 }
 
 # ==============================================================================
@@ -2871,6 +2892,7 @@ diagnostics_menu() {
 # - Prints summary of default values (ID, OS, type, disk, RAM, CPU, etc.)
 # - Uses icons and formatting for readability
 # - Convert CT_TYPE to description
+# - Also logs settings to log file for debugging
 # ------------------------------------------------------------------------------
 echo_default() {
   CT_TYPE_DESC="Unprivileged"
@@ -2892,6 +2914,20 @@ echo_default() {
   fi
   echo -e "${CREATING}${BOLD}${BL}Creating a ${APP} LXC using the above default settings${CL}"
   echo -e "  "
+
+  # Log settings to file
+  log_section "CONTAINER SETTINGS - ${APP}"
+  log_msg "Application: ${APP}"
+  log_msg "PVE Version: ${PVEVERSION} (Kernel: ${KERNEL_VERSION})"
+  log_msg "Container ID: ${CT_ID}"
+  log_msg "Operating System: $var_os ($var_version)"
+  log_msg "Container Type: $CT_TYPE_DESC"
+  log_msg "Disk Size: ${DISK_SIZE} GB"
+  log_msg "CPU Cores: ${CORE_COUNT}"
+  log_msg "RAM Size: ${RAM_SIZE} MiB"
+  [[ -n "${var_gpu:-}" && "${var_gpu}" == "yes" ]] && log_msg "GPU Passthrough: Enabled"
+  [[ "$VERBOSE" == "yes" ]] && log_msg "Verbose Mode: Enabled"
+  log_msg "Session ID: ${SESSION_ID}"
 }
 
 # ------------------------------------------------------------------------------
@@ -4049,30 +4085,56 @@ EOF'
     # Copy install log from container BEFORE API call so get_error_text() can read it
     local build_log_copied=false
     local install_log_copied=false
-    local host_install_log="/tmp/install-lxc-${CTID}-${SESSION_ID}.log"
+    local combined_log="/tmp/${NSAPP:-lxc}-${CTID}-${SESSION_ID}.log"
 
     if [[ -n "$CTID" && -n "${SESSION_ID:-}" ]]; then
-      # Copy BUILD_LOG (creation log) if it exists
+      # Create combined log with header
+      {
+        echo "================================================================================"
+        echo "COMBINED INSTALLATION LOG - ${APP:-LXC}"
+        echo "Container ID: ${CTID}"
+        echo "Session ID: ${SESSION_ID}"
+        echo "Timestamp: $(date '+%Y-%m-%d %H:%M:%S')"
+        echo "================================================================================"
+        echo ""
+      } >"$combined_log"
+
+      # Append BUILD_LOG (host-side creation log) if it exists
       if [[ -f "${BUILD_LOG}" ]]; then
-        cp "${BUILD_LOG}" "/tmp/create-lxc-${CTID}-${SESSION_ID}.log" 2>/dev/null && build_log_copied=true
+        {
+          echo "================================================================================"
+          echo "PHASE 1: CONTAINER CREATION (Host)"
+          echo "================================================================================"
+          cat "${BUILD_LOG}"
+          echo ""
+        } >>"$combined_log"
+        build_log_copied=true
       fi
 
-      # Copy INSTALL_LOG from container to host
-      if pct pull "$CTID" "/root/.install-${SESSION_ID}.log" "$host_install_log" 2>/dev/null; then
+      # Copy and append INSTALL_LOG from container
+      local temp_install_log="/tmp/.install-temp-${SESSION_ID}.log"
+      if pct pull "$CTID" "/root/.install-${SESSION_ID}.log" "$temp_install_log" 2>/dev/null; then
+        {
+          echo "================================================================================"
+          echo "PHASE 2: APPLICATION INSTALLATION (Container)"
+          echo "================================================================================"
+          cat "$temp_install_log"
+          echo ""
+        } >>"$combined_log"
+        rm -f "$temp_install_log"
         install_log_copied=true
-        # Point INSTALL_LOG to host copy so get_error_text() finds it
-        INSTALL_LOG="$host_install_log"
+        # Point INSTALL_LOG to combined log so get_error_text() finds it
+        INSTALL_LOG="$combined_log"
       fi
     fi
 
     # Report failure to telemetry API (now with log available on host)
     post_update_to_api "failed" "$install_exit_code"
 
-    # Show available logs
+    # Show combined log location
     if [[ -n "$CTID" && -n "${SESSION_ID:-}" ]]; then
       echo ""
-      [[ "$build_log_copied" == true ]] && echo -e "${GN}✔${CL} Container creation log: ${BL}/tmp/create-lxc-${CTID}-${SESSION_ID}.log${CL}"
-      [[ "$install_log_copied" == true ]] && echo -e "${GN}✔${CL} Installation log: ${BL}${host_install_log}${CL}"
+      echo -e "${GN}✔${CL} Installation log: ${BL}${combined_log}${CL}"
     fi
 
     # Dev mode: Keep container or open breakpoint shell
@@ -4130,6 +4192,10 @@ EOF'
       echo -e "${BFR}${CM}${GN}Container ${CTID} removed${CL}"
     fi
 
+    # Force one final status update attempt after cleanup
+    # This ensures status is updated even if the first attempt failed (e.g., HTTP 400)
+    post_update_to_api "failed" "$install_exit_code" "force"
+
     exit $install_exit_code
   fi
 }
@@ -5133,6 +5199,61 @@ EOF
 # SECTION 10: ERROR HANDLING & EXIT TRAPS
 # ==============================================================================
 
+# ------------------------------------------------------------------------------
+# ensure_log_on_host()
+#
+# - Ensures INSTALL_LOG points to a readable file on the host
+# - If INSTALL_LOG points to a container path (e.g. /root/.install-*),
+#   tries to pull it from the container and create a combined log
+# - This allows get_error_text() to find actual error output for telemetry
+# ------------------------------------------------------------------------------
+ensure_log_on_host() {
+  # Already readable on host? Nothing to do.
+  [[ -n "${INSTALL_LOG:-}" && -s "${INSTALL_LOG}" ]] && return 0
+
+  # Try pulling from container and creating combined log
+  if [[ -n "${CTID:-}" && -n "${SESSION_ID:-}" ]] && command -v pct &>/dev/null; then
+    local combined_log="/tmp/${NSAPP:-lxc}-${CTID}-${SESSION_ID}.log"
+    if [[ ! -s "$combined_log" ]]; then
+      # Create combined log
+      {
+        echo "================================================================================"
+        echo "COMBINED INSTALLATION LOG - ${APP:-LXC}"
+        echo "Container ID: ${CTID}"
+        echo "Session ID: ${SESSION_ID}"
+        echo "Timestamp: $(date '+%Y-%m-%d %H:%M:%S')"
+        echo "================================================================================"
+        echo ""
+      } >"$combined_log" 2>/dev/null || return 0
+      # Append BUILD_LOG if it exists
+      if [[ -f "${BUILD_LOG:-}" ]]; then
+        {
+          echo "================================================================================"
+          echo "PHASE 1: CONTAINER CREATION (Host)"
+          echo "================================================================================"
+          cat "${BUILD_LOG}"
+          echo ""
+        } >>"$combined_log"
+      fi
+      # Pull INSTALL_LOG from container
+      local temp_log="/tmp/.install-temp-${SESSION_ID}.log"
+      if pct pull "$CTID" "/root/.install-${SESSION_ID}.log" "$temp_log" 2>/dev/null; then
+        {
+          echo "================================================================================"
+          echo "PHASE 2: APPLICATION INSTALLATION (Container)"
+          echo "================================================================================"
+          cat "$temp_log"
+          echo ""
+        } >>"$combined_log"
+        rm -f "$temp_log"
+      fi
+    fi
+    if [[ -s "$combined_log" ]]; then
+      INSTALL_LOG="$combined_log"
+    fi
+  fi
+}
+
 # ------------------------------------------------------------------------------
 # api_exit_script()
 #
@@ -5145,6 +5266,7 @@ EOF
 api_exit_script() {
   exit_code=$?
   if [ $exit_code -ne 0 ]; then
+    ensure_log_on_host
     post_update_to_api "failed" "$exit_code"
   fi
 }
@@ -5152,6 +5274,6 @@ api_exit_script() {
 if command -v pveversion >/dev/null 2>&1; then
   trap 'api_exit_script' EXIT
 fi
-trap 'post_update_to_api "failed" "$?"' ERR
-trap 'post_update_to_api "failed" "130"' SIGINT
-trap 'post_update_to_api "failed" "143"' SIGTERM
+trap 'ensure_log_on_host; post_update_to_api "failed" "$?"' ERR
+trap 'ensure_log_on_host; post_update_to_api "failed" "130"' SIGINT
+trap 'ensure_log_on_host; post_update_to_api "failed" "143"' SIGTERM

misc/core.func

@@ -413,6 +413,69 @@ get_active_logfile() {
 # Legacy compatibility: SILENT_LOGFILE points to active log
 SILENT_LOGFILE="$(get_active_logfile)"
 
+# ------------------------------------------------------------------------------
+# strip_ansi()
+#
+# - Removes ANSI escape sequences from input text
+# - Used to clean colored output for log files
+# - Handles both piped input and arguments
+# ------------------------------------------------------------------------------
+strip_ansi() {
+  if [[ $# -gt 0 ]]; then
+    echo -e "$*" | sed 's/\x1b\[[0-9;]*m//g; s/\x1b\[[0-9;]*[a-zA-Z]//g'
+  else
+    sed 's/\x1b\[[0-9;]*m//g; s/\x1b\[[0-9;]*[a-zA-Z]//g'
+  fi
+}
+
+# ------------------------------------------------------------------------------
+# log_msg()
+#
+# - Writes message to active log file without ANSI codes
+# - Adds timestamp prefix for log correlation
+# - Creates log file if it doesn't exist
+# - Arguments: message text (can include ANSI codes, will be stripped)
+# ------------------------------------------------------------------------------
+log_msg() {
+  local msg="$*"
+  local logfile
+  logfile="$(get_active_logfile)"
+  
+  [[ -z "$msg" ]] && return
+  [[ -z "$logfile" ]] && return
+  
+  # Ensure log directory exists
+  mkdir -p "$(dirname "$logfile")" 2>/dev/null || true
+  
+  # Strip ANSI codes and write with timestamp
+  local clean_msg
+  clean_msg=$(strip_ansi "$msg")
+  echo "[$(date '+%Y-%m-%d %H:%M:%S')] $clean_msg" >>"$logfile"
+}
+
+# ------------------------------------------------------------------------------
+# log_section()
+#
+# - Writes a section header to the log file
+# - Used for separating different phases of installation
+# - Arguments: section name
+# ------------------------------------------------------------------------------
+log_section() {
+  local section="$1"
+  local logfile
+  logfile="$(get_active_logfile)"
+  
+  [[ -z "$logfile" ]] && return
+  mkdir -p "$(dirname "$logfile")" 2>/dev/null || true
+  
+  {
+    echo ""
+    echo "================================================================================"
+    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $section"
+    echo "================================================================================"
+  } >>"$logfile"
+}
+
 # ------------------------------------------------------------------------------
 # silent()
 #
@@ -555,6 +618,9 @@ msg_info() {
   [[ -n "${MSG_INFO_SHOWN["$msg"]+x}" ]] && return
   MSG_INFO_SHOWN["$msg"]=1
 
+  # Log to file
+  log_msg "[INFO] $msg"
+
   stop_spinner
   SPINNER_MSG="$msg"
 
@@ -598,6 +664,7 @@ msg_ok() {
   stop_spinner
   clear_line
   echo -e "$CM ${GN}${msg}${CL}"
+  log_msg "[OK] $msg"
   unset MSG_INFO_SHOWN["$msg"]
 }
 
@@ -613,6 +680,7 @@ msg_error() {
   stop_spinner
   local msg="$1"
   echo -e "${BFR:-}${CROSS:-✖️} ${RD}${msg}${CL}" >&2
+  log_msg "[ERROR] $msg"
 }
 
 # ------------------------------------------------------------------------------
@@ -627,6 +695,7 @@ msg_warn() {
   stop_spinner
   local msg="$1"
   echo -e "${BFR:-}${INFO:-ℹ️} ${YWB}${msg}${CL}" >&2
+  log_msg "[WARN] $msg"
 }
 
 # ------------------------------------------------------------------------------
@@ -644,6 +713,7 @@ msg_custom() {
   [[ -z "$msg" ]] && return
   stop_spinner
   echo -e "${BFR:-} ${symbol} ${color}${msg}${CL:-\e[0m}"
+  log_msg "$msg"
 }
 
 # ------------------------------------------------------------------------------

misc/error_handler.func

@@ -222,6 +222,12 @@ error_handler() {
           pct destroy "$CTID" &>/dev/null || true
           echo -e "${GN}✔${CL} Container ${CTID} removed"
         fi
+
+        # Force one final status update attempt after cleanup
+        # This ensures status is updated even if the first attempt failed (e.g., HTTP 400)
+        if declare -f post_update_to_api &>/dev/null; then
+          post_update_to_api "failed" "$exit_code" "force"
+        fi
       fi
     fi
   fi