fix for copilot detected bugs

Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>

CHANGELOG.md

@@ -461,50 +461,6 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 </details>
 
-## 2026-05-14
-
-### 🆕 New Scripts
-
-  - CLIProxyAPI ([#14443](https://github.com/community-scripts/ProxmoxVE/pull/14443))
-
-## 2026-05-13
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Fix: Broken Manifold update [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#14468](https://github.com/community-scripts/ProxmoxVE/pull/14468))
-    - SoulSync: Fix update function [@tremor021](https://github.com/tremor021) ([#14465](https://github.com/community-scripts/ProxmoxVE/pull/14465))
-    - Reactive-Resume: fix PDF generation timeout in LXC containers [@MickLesk](https://github.com/MickLesk) ([#14416](https://github.com/community-scripts/ProxmoxVE/pull/14416))
-    - (calibre-web) Add --no-sandbox for PDF conversion [@jamesmyatt](https://github.com/jamesmyatt) ([#14461](https://github.com/community-scripts/ProxmoxVE/pull/14461))
-
-### 💾 Core
-
-  - #### 🔧 Refactor
-
-    - tools.func: encode GitHub tag, refine pin logic, add Codeberg [@MickLesk](https://github.com/MickLesk) ([#14473](https://github.com/community-scripts/ProxmoxVE/pull/14473))
-
-## 2026-05-12
-
-### 🆕 New Scripts
-
-  - DocuSeal ([#14445](https://github.com/community-scripts/ProxmoxVE/pull/14445))
-- Authentik ([#14440](https://github.com/community-scripts/ProxmoxVE/pull/14440))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Save Omada version [@lucacome](https://github.com/lucacome) ([#14433](https://github.com/community-scripts/ProxmoxVE/pull/14433))
-
-  - #### ✨ New Features
-
-    - OpenCloud: bump version to 6.2.0 [@vhsdream](https://github.com/vhsdream) ([#14451](https://github.com/community-scripts/ProxmoxVE/pull/14451))
-
-  - #### 🔧 Refactor
-
-    - misc: bump node versions [@CrazyWolf13](https://github.com/CrazyWolf13) ([#14447](https://github.com/community-scripts/ProxmoxVE/pull/14447))
-
 ## 2026-05-11
 
 ### 🆕 New Scripts

ct/authentik.sh

@@ -1,155 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: Thieneret
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/goauthentik/authentik
-
-APP="authentik"
-var_tags="${var_tags:-auth}"
-var_cpu="${var_cpu:-4}"
-var_ram="${var_ram:-4096}"
-var_disk="${var_disk:-16}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/authentik ]]; then
-    msg_error "No authentik Installation Found!"
-    exit
-  fi
-
-  NODE_VERSION="24" setup_nodejs
-  setup_go
-  UV_PYTHON_INSTALL_DIR="/usr/local/bin" PYTHON_VERSION="3.14.3" setup_uv
-  setup_rust
-
-  AUTHENTIK_VERSION="version/2026.2.2"
-  XMLSEC_VERSION="1.3.11"
-
-  if check_for_gh_release "geoipupdate" "maxmind/geoipupdate"; then
-    fetch_and_deploy_gh_release "geoipupdate" "maxmind/geoipupdate" "binary"
-  fi
-
-  if check_for_gh_release "xmlsec" "lsh123/xmlsec" "${XMLSEC_VERSION}"; then
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "xmlsec" "lsh123/xmlsec" "tarball" "${XMLSEC_VERSION}" "/opt/xmlsec"
-
-    msg_info "Updating xmlsec"
-    cd /opt/xmlsec
-    $STD ./autogen.sh
-    $STD make -j $(nproc)
-    $STD make check
-    $STD make install
-    $STD ldconfig
-    msg_ok "Updated xmlsec"
-  fi
-
-  if check_for_gh_release "authentik" "goauthentik/authentik" "${AUTHENTIK_VERSION}"; then
-    msg_info "Stopping Services"
-    systemctl stop authentik-server authentik-worker
-	if [[ $(systemctl is-active authentik-ldap) == active ]]; then
-		systemctl stop authentik-ldap
-	fi
-	if [[ $(systemctl is-active authentik-rac) == active ]]; then
-		systemctl stop authentik-rac
-	fi
-	if [[ $(systemctl is-active authentik-radius) == active ]]; then
-		systemctl stop authentik-radius
-	fi
-    msg_ok "Stopped Services"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "authentik" "goauthentik/authentik" "tarball" "${AUTHENTIK_VERSION}" "/opt/authentik"
-
-    msg_info "Updating web"
-    cd /opt/authentik/web
-    export NODE_ENV="production"
-    $STD npm install
-    $STD npm run build
-    $STD npm run build:sfe
-    msg_ok "Updated web"
-
-    msg_info "Updating go proxy"
-    cd /opt/authentik
-    export CGO_ENABLED="1"
-    $STD go mod download
-    $STD go build -o /opt/authentik/authentik-server ./cmd/server
-	$STD go build -o /opt/authentik/ldap ./cmd/ldap
-	$STD go build -o /opt/authentik/rac ./cmd/rac
-	$STD go build -o /opt/authentik/radius ./cmd/radius
-    msg_ok "Updated go proxy"
-
-    msg_info "Updating python server"
-    export UV_NO_BINARY_PACKAGE="cryptography lxml python-kadmin-rs xmlsec"
-    export UV_COMPILE_BYTECODE="1"
-    export UV_LINK_MODE="copy"
-    export UV_NATIVE_TLS="1"
-    export RUSTUP_PERMIT_COPY_RENAME="true"
-    export UV_PYTHON_INSTALL_DIR="/usr/local/bin"
-    cd /opt/authentik
-    $STD uv sync --frozen --no-install-project --no-dev
-    chown -R authentik:authentik /opt/authentik
-    msg_ok "Updated python server"
-  fi
-
-  msg_info "Starting Services"
-  systemctl start authentik-server authentik-worker
-  if [[ $(systemctl is-enabled authentik-ldap) == enabled ]]; then
-  	systemctl start authentik-ldap
-  fi
-  if [[ $(systemctl is-enabled authentik-rac) == enabled ]]; then
-  	systemctl start authentik-rac
-  fi
-  if [[ $(systemctl is-enabled authentik-radius) == enabled ]]; then
-  	systemctl start authentik-radius
-  fi
-  msg_ok "Started Services"
-  msg_ok "Updated successfully!"
-  exit
-}
-
-start
-build_container
-
-msg_info "Attaching data storage volume"
-$STD pct stop "$CTID"
-if [ "${PROTECT_CT:-}" == "1" ] || [ "${PROTECT_CT:-}" == "yes" ]; then
-  $STD pct set "$CTID" --protection 0
-  $STD pct set "$CTID" -mp0 "${CONTAINER_STORAGE}":1,mp=/opt/authentik-data,backup=1
-  $STD pct set "$CTID" --protection 1
-else
-  $STD pct set "$CTID" -mp0 "${CONTAINER_STORAGE}":1,mp=/opt/authentik-data,backup=1
-fi
-$STD pct start "$CTID"
-for i in {1..10}; do
-  pct status "$CTID" | grep -q "status: running" && break
-  sleep 1
-done
-$STD pct exec "$CTID" -- bash -c "mkdir -p /opt/authentik-data/{certs,media,geoip,templates}; \
-  cp /opt/authentik/tests/GeoLite2-ASN-Test.mmdb /opt/authentik-data/geoip/GeoLite2-ASN.mmdb; \
-  cp /opt/authentik/tests/GeoLite2-City-Test.mmdb /opt/authentik-data/geoip/GeoLite2-City.mmdb; \
-  chown authentik:authentik /opt/authentik-data; \
-  chown -R authentik:authentik /opt/authentik-data/{certs,media,geoip,templates}"
-msg_ok "Attached data storage volume"
-
-msg_info "Starting Services"
-pct exec "$CTID" -- systemctl enable -q --now authentik-server authentik-worker
-msg_ok "Started Services"
-
-description
-
-msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Initial setup URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:9000/if/flow/initial-setup/${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:9000${CL}"

ct/cliproxyapi.sh

@@ -1,55 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: mathiasnagler
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/router-for-me/CLIProxyAPI
-
-APP="CLIProxyAPI"
-var_tags="${var_tags:-ai;proxy}"
-var_cpu="${var_cpu:-1}"
-var_ram="${var_ram:-512}"
-var_disk="${var_disk:-2}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/cliproxyapi ]]; then
-    msg_error "No CLIProxyAPI Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "cliproxyapi" "router-for-me/CLIProxyAPI"; then
-    msg_info "Stopping CLIProxyAPI"
-    systemctl stop cliproxyapi
-    msg_ok "Stopped CLIProxyAPI"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "cliproxyapi" "router-for-me/CLIProxyAPI" "prebuild" "latest" "/opt/cliproxyapi" "CLIProxyAPI_*_linux_amd64.tar.gz"
-
-    msg_info "Starting CLIProxyAPI"
-    systemctl start cliproxyapi
-    msg_ok "Started CLIProxyAPI"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8317${CL}"

ct/docuseal.sh

@@ -1,84 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://www.docuseal.com/
-
-APP="DocuSeal"
-var_tags="${var_tags:-document;esignature;pdf}"
-var_cpu="${var_cpu:-4}"
-var_ram="${var_ram:-4096}"
-var_disk="${var_disk:-10}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-
-  if [[ ! -d /opt/docuseal ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  if check_for_gh_release "docuseal" "docusealco/docuseal"; then
-    msg_info "Stopping Services"
-    systemctl stop docuseal docuseal-sidekiq
-    msg_ok "Stopped Services"
-
-    msg_info "Backing up Data"
-    cp /opt/docuseal/.env /opt/docuseal.env.bak
-    [[ -d /opt/docuseal/data ]] && mv /opt/docuseal/data /opt/docuseal_data.bak
-    msg_ok "Backed up Data"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "docuseal" "docusealco/docuseal" "tarball"
-
-    msg_info "Restoring Data"
-    mv /opt/docuseal.env.bak /opt/docuseal/.env
-    [[ -d /opt/docuseal_data.bak ]] && mv /opt/docuseal_data.bak /opt/docuseal/data
-    msg_ok "Restored Data"
-
-    msg_info "Building Application"
-    cd /opt/docuseal
-    export PATH="$HOME/.rbenv/bin:$HOME/.rbenv/shims:$PATH"
-    eval "$(rbenv init - bash)" 2>/dev/null || true
-    export RAILS_ENV=production
-    export NODE_ENV=production
-    export SECRET_KEY_BASE_DUMMY=1
-    set -a
-    source /opt/docuseal/.env
-    set +a
-    $STD bundle config set --local deployment 'true'
-    $STD bundle config set --local without 'development:test'
-    $STD bundle install -j"$(nproc)"
-    $STD yarn install --network-timeout 1000000
-    $STD ./bin/shakapacker
-    $STD bundle exec rails db:migrate
-    $STD bundle exec bootsnap precompile -j 1 --gemfile app/ lib/
-    chown -R docuseal:docuseal /opt/docuseal
-    msg_ok "Built Application"
-
-    msg_info "Starting Services"
-    systemctl start docuseal docuseal-sidekiq
-    msg_ok "Started Services"
-    msg_ok "Updated successfully!"
-  fi
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"

ct/excalidraw.sh

@@ -28,9 +28,6 @@ function update_script() {
     msg_error "No ${APP} Installation Found!"
     exit
   fi
-
-  NODE_VERSION="24" NODE_MODULE="yarn" setup_nodejs
-  
   if check_for_gh_release "excalidraw" "excalidraw/excalidraw"; then
     msg_info "Stopping Service"
     systemctl stop excalidraw

ct/headers/authentik

@@ -1,6 +0,0 @@
-               __  __               __  _ __  
-  ____ ___  __/ /_/ /_  ___  ____  / /_(_) /__
- / __ `/ / / / __/ __ \/ _ \/ __ \/ __/ / //_/
-/ /_/ / /_/ / /_/ / / /  __/ / / / /_/ / ,<   
-\__,_/\__,_/\__/_/ /_/\___/_/ /_/\__/_/_/|_|  
-                                              

ct/headers/cliproxyapi

@@ -1,6 +0,0 @@
-   ________    ________                        ___    ____  ____
-  / ____/ /   /  _/ __ \_________  _  ____  __/   |  / __ \/  _/
- / /   / /    / // /_/ / ___/ __ \| |/_/ / / / /| | / /_/ // /  
-/ /___/ /____/ // ____/ /  / /_/ />  </ /_/ / ___ |/ ____// /   
-\____/_____/___/_/   /_/   \____/_/|_|\__, /_/  |_/_/   /___/   
-                                     /____/                     

ct/headers/docuseal

@@ -1,6 +0,0 @@
-    ____                   _____            __
-   / __ \____  _______  __/ ___/___  ____ _/ /
-  / / / / __ \/ ___/ / / /\__ \/ _ \/ __ `/ / 
- / /_/ / /_/ / /__/ /_/ /___/ /  __/ /_/ / /  
-/_____/\____/\___/\__,_//____/\___/\__,_/_/   
-                                              

ct/manyfold.sh

@@ -55,20 +55,9 @@ function update_script() {
 
     RUBY_VERSION=${RUBY_INSTALL_VERSION} RUBY_INSTALL_RAILS="true" HOME=/home/manyfold setup_ruby
 
-    msg_info "Restoring Data"
-    rm -rf /opt/manyfold/app/{storage,tmp,config/credentials.yml.enc,config/master.key}
-    cp -r /opt/manyfold_storage_backup /opt/manyfold/app/storage 2>/dev/null || true
-    cp -r /opt/manyfold_tmp_backup /opt/manyfold/app/tmp 2>/dev/null || true
-    cp /opt/manyfold_credentials.yml.enc /opt/manyfold/app/config/credentials.yml.enc 2>/dev/null || true
-    cp /opt/manyfold_master.key /opt/manyfold/app/config/master.key 2>/dev/null || true
-    chown -R manyfold:manyfold {/home/manyfold,/opt/manyfold}
-    chown -R manyfold:manyfold /opt/manyfold/app/storage /opt/manyfold/app/tmp /opt/manyfold/app/config
-    rm -rf /opt/manyfold_storage_backup /opt/manyfold_tmp_backup /opt/manyfold_credentials.yml.enc /opt/manyfold_master.key
-    msg_ok "Restored Data"
-
     msg_info "Installing Manyfold"
-    $STD npm install --global corepack
-    $STD corepack enable yarn
+    chown -R manyfold:manyfold {/home/manyfold,/opt/manyfold}
+    chown -R manyfold:manyfold /opt/manyfold
 
     sudo -u manyfold bash -c '
             source /opt/manyfold/.env
@@ -77,6 +66,7 @@ function update_script() {
             cd /opt/manyfold/app
             gem install bundler sidekiq foreman
             bundle install
+            corepack enable yarn
             corepack prepare '"$YARN_VERSION"' --activate
             corepack use '"$YARN_VERSION"'
             bin/rails db:migrate
@@ -84,6 +74,16 @@ function update_script() {
         '
     msg_ok "Installed Manyfold"
 
+    msg_info "Restoring Data"
+    rm -rf /opt/manyfold/app/{storage,tmp,config/credentials.yml.enc,config/master.key}
+    cp -r /opt/manyfold_storage_backup /opt/manyfold/app/storage 2>/dev/null || true
+    cp -r /opt/manyfold_tmp_backup /opt/manyfold/app/tmp 2>/dev/null || true
+    cp /opt/manyfold_credentials.yml.enc /opt/manyfold/app/config/credentials.yml.enc 2>/dev/null || true
+    cp /opt/manyfold_master.key /opt/manyfold/app/config/master.key 2>/dev/null || true
+    chown -R manyfold:manyfold /opt/manyfold/app/storage /opt/manyfold/app/tmp /opt/manyfold/app/config
+    rm -rf /opt/manyfold_storage_backup /opt/manyfold_tmp_backup /opt/manyfold_credentials.yml.enc /opt/manyfold_master.key
+    msg_ok "Restored Data"
+
     msg_info "Restarting Services"
     source /opt/manyfold/.env
     export PATH="/home/manyfold/.rbenv/shims:/home/manyfold/.rbenv/bin:$PATH"

ct/ollama.sh

@@ -27,26 +27,34 @@ function update_script() {
     msg_error "No Ollama Installation Found!"
     exit
   fi
-  if check_for_gh_release "ollama" "ollama/ollama"; then
+  RELEASE=$(curl -fsSL https://api.github.com/repos/ollama/ollama/releases/latest | grep "tag_name" | awk -F '"' '{print $4}')
+  if [[ ! -f /opt/Ollama_version.txt ]] || [[ "${RELEASE}" != "$(cat /opt/Ollama_version.txt)" ]]; then
+    if [[ ! -f /opt/Ollama_version.txt ]]; then
+      touch /opt/Ollama_version.txt
+    fi
     ensure_dependencies zstd
     msg_info "Stopping Services"
     systemctl stop ollama
     msg_ok "Services Stopped"
 
-    OLLAMA_INSTALL_DIR="/usr/local/lib/ollama"
-    rm -rf "$OLLAMA_INSTALL_DIR" /usr/local/bin/ollama
-    mkdir -p "$OLLAMA_INSTALL_DIR"
-    if ! fetch_and_deploy_gh_release "ollama" "ollama/ollama" "prebuild" "latest" "$OLLAMA_INSTALL_DIR" "ollama-linux-amd64.tar.zst"; then
-      msg_error "Download or deployment failed – check network connectivity and GitHub API availability"
-      exit 250
-    fi
-    ln -sf "$OLLAMA_INSTALL_DIR/bin/ollama" /usr/local/bin/ollama
-    msg_ok "Updated Ollama"
+    TMP_TAR=$(mktemp --suffix=.tar.zst)
+    curl -fL# -C - -o "${TMP_TAR}" "https://github.com/ollama/ollama/releases/download/${RELEASE}/ollama-linux-amd64.tar.zst"
+    msg_info "Updating Ollama to ${RELEASE}"
+    rm -rf /usr/local/lib/ollama
+    rm -rf /usr/local/bin/ollama
+    mkdir -p /usr/local/lib/ollama
+    tar --zstd -xf "${TMP_TAR}" -C /usr/local/lib/ollama
+    ln -sf /usr/local/lib/ollama/bin/ollama /usr/local/bin/ollama
+    rm -f "${TMP_TAR}"
+    echo "${RELEASE}" >/opt/Ollama_version.txt
+    msg_ok "Updated Ollama to ${RELEASE}"
 
     msg_info "Starting Services"
     systemctl start ollama
     msg_ok "Started Services"
     msg_ok "Updated successfully!"
+  else
+    msg_ok "No update required. Ollama is already at ${RELEASE}"
   fi
   exit
 }

ct/omada.sh

@@ -38,32 +38,20 @@ function update_script() {
 
   JAVA_VERSION="21" setup_java
 
+  msg_info "Updating Omada Controller"
   OMADA_URL=$(curl -fsSL "https://support.omadanetworks.com/en/download/software/omada-controller/" |
     grep -o 'https://static\.tp-link\.com/upload/software/[^"]*linux_x64[^"]*\.deb' |
     head -n1)
-  OMADA_PKG=$(basename "${OMADA_URL}")
-  VERSION=$(sed -n 's/.*_v\([0-9.]*\)_.*_\([0-9]\{14\}\)\.deb$/\1-\2/p' <<<"${OMADA_PKG}")
-
-  CURRENT_VERSION=$(cat $HOME/.omada 2>/dev/null || echo "0")
-
-  if dpkg --compare-versions "${VERSION}" gt "${CURRENT_VERSION}"; then
-
-    msg_info "Updating Omada Controller"
-
-    if [ -z "${OMADA_PKG}" ]; then
-      msg_error "Could not retrieve Omada package – server may be down."
-      exit
-    fi
-    curl -fsSL "${OMADA_URL}" -o "${OMADA_PKG}"
-    export DEBIAN_FRONTEND=noninteractive
-    $STD dpkg -i "${OMADA_PKG}"
-    rm -f "${OMADA_PKG}"
-    echo "${VERSION}" >$HOME/.omada
-    msg_ok "Updated Omada Controller to ${VERSION}"
-    msg_ok "Updated successfully!"
-  else
-    msg_ok "No update available: ${APP} (${CURRENT_VERSION})"
+  OMADA_PKG=$(basename "$OMADA_URL")
+  if [ -z "$OMADA_PKG" ]; then
+    msg_error "Could not retrieve Omada package – server may be down."
+    exit
   fi
+  curl -fsSL "$OMADA_URL" -o "$OMADA_PKG"
+  export DEBIAN_FRONTEND=noninteractive
+  $STD dpkg -i "$OMADA_PKG"
+  rm -f "$OMADA_PKG"
+  msg_ok "Updated successfully!"
   exit
 }
 

ct/opencloud.sh

@@ -29,7 +29,7 @@ function update_script() {
     exit
   fi
 
-  RELEASE="v6.2.0"
+  RELEASE="v6.1.0"
   if check_for_gh_release "OpenCloud" "opencloud-eu/opencloud" "${RELEASE}" "each release is tested individually before the version is updated. Please do not open issues for this"; then
     msg_info "Stopping services"
     systemctl stop opencloud opencloud-wopi

ct/openwebui.sh

@@ -91,22 +91,37 @@ EOF
 
   if [ -x "/usr/bin/ollama" ]; then
     msg_info "Checking for Ollama Update"
-    if check_for_gh_release "ollama" "ollama/ollama"; then
-      msg_info "Stopping Ollama Service"
-      systemctl stop ollama
-      msg_ok "Stopped Service"
+    OLLAMA_VERSION=$(ollama -v | awk '{print $NF}')
+    RELEASE=$(curl -s https://api.github.com/repos/ollama/ollama/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4)}')
+    if [ "$OLLAMA_VERSION" != "$RELEASE" ]; then
+      msg_info "Ollama update available: v$OLLAMA_VERSION -> v$RELEASE"
+      msg_info "Downloading Ollama v$RELEASE \n"
+      curl -fS#LO https://github.com/ollama/ollama/releases/download/v${RELEASE}/ollama-linux-amd64.tar.zst
+      msg_ok "Download Complete"
 
-      rm -rf /usr/lib/ollama /usr/bin/ollama
-      if ! fetch_and_deploy_gh_release "ollama" "ollama/ollama" "prebuild" "latest" "/usr/lib/ollama" "ollama-linux-amd64.tar.zst"; then
-        msg_error "Ollama download or deployment failed – check network connectivity and GitHub API availability"
+      if [ -f "ollama-linux-amd64.tar.zst" ]; then
+
+        msg_info "Stopping Ollama Service"
+        systemctl stop ollama
+        msg_ok "Stopped Service"
+
+        msg_info "Installing Ollama"
+        rm -rf /usr/lib/ollama
+        rm -rf /usr/bin/ollama
+        tar --zstd -C /usr -xf ollama-linux-amd64.tar.zst
+        rm -rf ollama-linux-amd64.tar.zst
+        msg_ok "Installed Ollama"
+
+        msg_info "Starting Ollama Service"
+        systemctl start ollama
+        msg_ok "Started Service"
+
+        msg_ok "Ollama updated to version $RELEASE"
       else
-        ln -sf /usr/lib/ollama/bin/ollama /usr/bin/ollama
-        msg_ok "Updated Ollama to ${CHECK_UPDATE_RELEASE}"
+        msg_error "Ollama download failed. Aborting update."
       fi
-
-      msg_info "Starting Ollama Service"
-      systemctl start ollama
-      msg_ok "Started Service"
+    else
+      msg_ok "Ollama is already up to date."
     fi
   fi
 

ct/soulsync.sh

@@ -44,7 +44,7 @@ function update_script() {
     msg_info "Updating Python Dependencies"
     cd /opt/soulsync
     $STD uv venv --clear /opt/soulsync/.venv --python 3.11
-    $STD uv pip install -r requirements.txt
+    $STD /opt/soulsync/.venv/bin/pip install -r requirements.txt
     msg_ok "Updated Python Dependencies"
 
     mv /opt/soulsync-config.bak /opt/soulsync/config

ct/termix.sh

@@ -29,8 +29,6 @@ function update_script() {
     exit
   fi
 
-  NODE_VERSION="24" setup_nodejs
-
   if check_for_gh_tag "guacd" "apache/guacamole-server"; then
     msg_info "Stopping guacd"
     systemctl stop guacd 2>/dev/null || true
@@ -157,6 +155,8 @@ EOF
       /opt/termix/nginx/client_body
     msg_ok "Recreated Directories"
 
+    NODE_VERSION="24" setup_nodejs
+
     msg_info "Building Frontend"
     cd /opt/termix
     export COREPACK_ENABLE_DOWNLOAD_PROMPT=0
@@ -206,10 +206,7 @@ EOF
       sed -i 's|/app/nginx|/opt/termix/nginx|g' /etc/nginx/nginx.conf
       sed -i 's|listen ${PORT};|listen 80;|g' /etc/nginx/nginx.conf
 
-      rm -f /etc/systemd/system/nginx.service.d/pidfile.conf
-      rm -f /etc/tmpfiles.d/nginx-termix.conf
-      systemctl daemon-reload
-      nginx -t && systemctl restart nginx
+      nginx -t && systemctl reload nginx
       msg_ok "Updated Nginx Configuration"
     else
       msg_warn "Nginx configuration not updated. If Termix doesn't work, restore from backup or update manually."

ct/trek.sh

@@ -29,8 +29,6 @@ function update_script() {
     exit
   fi
 
-  NODE_VERSION="24" setup_nodejs
-
   if check_for_gh_release "trek" "mauriceboe/TREK"; then
     msg_info "Stopping Service"
     systemctl stop trek

ct/wallabag.sh

@@ -28,10 +28,7 @@ function update_script() {
     msg_error "No ${APP} Installation Found!"
     exit
   fi
-
-  NODE_VERSION="24" setup_nodejs
   setup_mariadb
-  
   if check_for_gh_release "wallabag" "wallabag/wallabag"; then
     msg_info "Stopping Services"
     systemctl stop nginx php8.3-fpm

ct/wikijs.sh

@@ -28,7 +28,7 @@ function update_script() {
     exit
   fi
 
-  NODE_VERSION="24" NODE_MODULE="yarn,node-gyp" setup_nodejs
+  NODE_VERSION="22" NODE_MODULE="yarn,node-gyp" setup_nodejs
 
   if check_for_gh_release "wikijs" "requarks/wiki"; then
     msg_info "Verifying whether ${APP}' new release is v3.x+ and current install uses SQLite."

install/authentik-install.sh

@@ -1,257 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: Thieneret
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/goauthentik/authentik
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  build-essential \
-  pkg-config \
-  libffi-dev \
-  libxslt-dev \
-  zlib1g-dev \
-  libpq-dev \
-  krb5-multidev \
-  libkrb5-dev \
-  heimdal-multidev \
-  libclang-dev \
-  libltdl-dev \
-  libpq5 \
-  libmaxminddb0 \
-  libkrb5-3 \
-  libkdb5-10 \
-  libkadm5clnt-mit12 \
-  libkadm5clnt7t64-heimdal \
-  libltdl7 \
-  libxslt1.1 \
-  python3-dev \
-  libxml2-dev \
-  libxml2 \
-  libxslt1-dev \
-  automake \
-  autoconf \
-  libtool \
-  libtool-bin \
-  gcc \
-  git
-msg_ok "Installed Dependencies"
-
-NODE_VERSION="24" setup_nodejs
-setup_yq
-setup_go
-UV_PYTHON_INSTALL_DIR="/usr/local/bin" PYTHON_VERSION="3.14.3" setup_uv
-setup_rust
-PG_VERSION="17" setup_postgresql
-PG_DB_NAME="authentik" PG_DB_USER="authentik" PG_DB_GRANT_SUPERUSER="true" setup_postgresql_db
-
-XMLSEC_VERSION="1.3.11"
-AUTHENTIK_VERSION="version/2026.2.2"
-fetch_and_deploy_gh_release "xmlsec" "lsh123/xmlsec" "tarball" "${XMLSEC_VERSION}" "/opt/xmlsec"
-fetch_and_deploy_gh_release "authentik" "goauthentik/authentik" "tarball" "${AUTHENTIK_VERSION}" "/opt/authentik"
-fetch_and_deploy_gh_release "geoipupdate" "maxmind/geoipupdate" "binary"
-
-msg_info "Setup xmlsec"
-cd /opt/xmlsec
-$STD ./autogen.sh
-$STD make -j $(nproc)
-$STD make check
-$STD make install
-$STD ldconfig
-msg_ok "xmlsec installed"
-
-msg_info "Setup web"
-cd /opt/authentik/web
-export NODE_ENV="production"
-$STD npm install
-$STD npm run build
-$STD npm run build:sfe
-msg_ok "Web installed"
-
-msg_info "Setup go proxy"
-cd /opt/authentik
-export CGO_ENABLED="1"
-$STD go mod download
-$STD go build -o /opt/authentik/authentik-server ./cmd/server
-$STD go build -o /opt/authentik/ldap ./cmd/ldap
-$STD go build -o /opt/authentik/rac ./cmd/rac
-$STD go build -o /opt/authentik/radius ./cmd/radius
-msg_ok "Go proxy installed"
-
-cat <<EOF >/usr/local/etc/GeoIP.conf
-AccountID ChangeME
-LicenseKey ChangeME
-EditionIDs GeoLite2-ASN GeoLite2-City GeoLite2-Country
-DatabaseDirectory /opt/authentik-data/geoip
-RetryFor 5m
-Parallelism 1
-EOF
-
-echo "#39 19 * * 6,4 /usr/bin/geoipupdate -f /usr/local/etc/GeoIP.conf" | crontab -
-
-msg_info "Setup python server"
-export UV_NO_BINARY_PACKAGE="cryptography lxml python-kadmin-rs xmlsec"
-export UV_COMPILE_BYTECODE="1"
-export UV_LINK_MODE="copy"
-export UV_NATIVE_TLS="1"
-export RUSTUP_PERMIT_COPY_RENAME="true"
-export UV_PYTHON_INSTALL_DIR="/usr/local/bin"
-cd /opt/authentik
-$STD uv sync --frozen --no-install-project --no-dev
-cp /opt/authentik/authentik/sources/kerberos/krb5.conf /etc/krb5.conf
-msg_ok "Installed python server"
-
-msg_info "Creating authentik config"
-mkdir -p /etc/authentik
-mv /opt/authentik/authentik/lib/default.yml /etc/authentik/config.yml
-yq -i ".secret_key = \"$(openssl rand -base64 128 | tr -dc 'a-zA-Z0-9' | head -c64)\"" /etc/authentik/config.yml
-yq -i ".postgresql.password = \"${PG_DB_PASS}\"" /etc/authentik/config.yml
-yq -i ".events.context_processors.geoip = \"/opt/authentik-data/geoip/GeoLite2-City.mmdb\"" /etc/authentik/config.yml
-yq -i ".events.context_processors.asn = \"/opt/authentik-data/geoip/GeoLite2-ASN.mmdb\"" /etc/authentik/config.yml
-yq -i ".blueprints_dir = \"/opt/authentik/blueprints\"" /etc/authentik/config.yml
-yq -i ".cert_discovery_dir = \"/opt/authentik-data/certs\"" /etc/authentik/config.yml
-yq -i ".email.template_dir = \"/opt/authentik-data/templates\"" /etc/authentik/config.yml
-yq -i ".storage.file.path = \"/opt/authentik-data\"" /etc/authentik/config.yml
-yq -i ".disable_startup_analytics = \"true\"" /etc/authentik/config.yml
-$STD useradd -U -s /usr/sbin/nologin -r -M -d /opt/authentik authentik
-chown -R authentik:authentik /opt/authentik
-cat <<EOF >/etc/default/authentik
-TMPDIR=/dev/shm/
-UV_LINK_MODE=copy
-UV_PYTHON_DOWNLOADS=0
-UV_NATIVE_TLS=1
-VENV_PATH=/opt/authentik/.venv
-PYTHONDONTWRITEBYTECODE=1
-PYTHONUNBUFFERED=1
-PATH=/opt/authentik/lifecycle:/opt/authentik/.venv/bin:/usr/local/bin:/usr/local/sbin:/usr/sbin:/usr/bin:/sbin:/bin
-DJANGO_SETTINGS_MODULE=authentik.root.settings
-PROMETHEUS_MULTIPROC_DIR="/tmp/authentik_prometheus_tmp"
-EOF
-cat <<EOF >/etc/default/authentik_ldap
-AUTHENTIK_HOST="https://127.0.0.1:9443"
-AUTHENTIK_INSECURE="true"
-AUTHENTIK_TOKEN="token-generated-by-authentik"
-EOF
-cat <<EOF >/etc/default/authentik_rac
-AUTHENTIK_HOST="https://127.0.0.1:9443"
-AUTHENTIK_INSECURE="true"
-AUTHENTIK_TOKEN="token-generated-by-authentik"
-EOF
-cat <<EOF >/etc/default/authentik_radius
-AUTHENTIK_HOST="https://127.0.0.1:9443"
-AUTHENTIK_INSECURE="true"
-AUTHENTIK_TOKEN="token-generated-by-authentik"
-EOF
-msg_ok "authentik config created"
-
-msg_info "Creating services"
-cat <<EOF >/etc/systemd/system/authentik-server.service
-[Unit]
-Description=authentik Go Server (API Gateway)
-After=network.target
-Wants=postgresql.service
-
-[Service]
-User=authentik
-Group=authentik
-ExecStartPre=/usr/bin/mkdir -p "\${PROMETHEUS_MULTIPROC_DIR}"
-ExecStart=/opt/authentik/authentik-server
-WorkingDirectory=/opt/authentik/
-Restart=always
-RestartSec=5
-EnvironmentFile=/etc/default/authentik
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-cat <<EOF >/etc/systemd/system/authentik-worker.service
-[Unit]
-Description=authentik Worker
-After=network.target postgresql.service
-
-[Service]
-User=authentik
-Group=authentik
-Type=simple
-EnvironmentFile=/etc/default/authentik
-ExecStart=/usr/local/bin/uv run python -m manage worker --pid-file /dev/shm/authentik-worker.pid
-WorkingDirectory=/opt/authentik
-Restart=always
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-cat <<EOF >/etc/systemd/system/authentik-ldap.service
-[Unit]
-Description=authentik LDAP Outpost
-After=network.target
-Wants=postgresql.service
-
-[Service]
-User=authentik
-Group=authentik
-ExecStart=/opt/authentik/ldap
-WorkingDirectory=/opt/authentik/
-Restart=always
-RestartSec=5
-EnvironmentFile=/etc/default/authentik_ldap
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-cat <<EOF >/etc/systemd/system/authentik-rac.service
-[Unit]
-Description=authentik RAC Outpost
-After=network.target
-Wants=postgresql.service
-
-[Service]
-User=authentik
-Group=authentik
-ExecStart=/opt/authentik/rac
-WorkingDirectory=/opt/authentik/
-Restart=always
-RestartSec=5
-EnvironmentFile=/etc/default/authentik_rac
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-cat <<EOF >/etc/systemd/system/authentik-radius.service
-[Unit]
-Description=authentik Radius Outpost
-After=network.target
-Wants=postgresql.service
-
-[Service]
-User=authentik
-Group=authentik
-ExecStart=/opt/authentik/radius
-WorkingDirectory=/opt/authentik/
-Restart=always
-RestartSec=5
-EnvironmentFile=/etc/default/authentik_radius
-
-[Install]
-WantedBy=multi-user.target
-EOF
-msg_ok "Services created"
-
-motd_ssh
-customize
-cleanup_lxc

install/calibre-web-install.sh

@@ -52,7 +52,6 @@ After=network.target
 [Service]
 Type=simple
 User=root
-Environment="QTWEBENGINE_CHROMIUM_FLAGS=--no-sandbox"
 WorkingDirectory=/opt/calibre-web
 ExecStart=/opt/calibre-web/.venv/bin/python /opt/calibre-web/cps.py
 Restart=on-failure

install/cliproxyapi-install.sh

@@ -1,64 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: mathiasnagler
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://github.com/router-for-me/CLIProxyAPI
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y openssl
-msg_ok "Installed Dependencies"
-
-fetch_and_deploy_gh_release "cliproxyapi" "router-for-me/CLIProxyAPI" "prebuild" "latest" "/opt/cliproxyapi" "CLIProxyAPI_*_linux_amd64.tar.gz"
-
-msg_info "Configuring CLIProxyAPI"
-MANAGEMENT_PASSWORD=$(openssl rand -hex 32)
-API_KEY="sk-$(openssl rand -hex 16)"
-cat <<EOF >/opt/cliproxyapi/config.yaml
-host: ""
-port: 8317
-auth-dir: "/root/.cli-proxy-api"
-remote-management:
-  allow-remote: true
-  secret-key: "${MANAGEMENT_PASSWORD}"
-api-keys:
-  - "${API_KEY}"
-request-retry: 3
-quota-exceeded:
-  switch-project: true
-  switch-preview-model: true
-routing:
-  strategy: "round-robin"
-EOF
-msg_ok "Configured CLIProxyAPI"
-
-msg_info "Creating Service"
-cat <<EOF >/etc/systemd/system/cliproxyapi.service
-[Unit]
-Description=CLIProxyAPI
-After=network.target
-
-[Service]
-Type=simple
-WorkingDirectory=/opt/cliproxyapi
-ExecStart=/opt/cliproxyapi/cli-proxy-api
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now cliproxyapi
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc

install/docuseal-install.sh

@@ -1,164 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: MickLesk (CanbiZ)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://www.docuseal.com/
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  build-essential \
-  git \
-  libpq-dev \
-  libssl-dev \
-  libyaml-dev \
-  libreadline-dev \
-  zlib1g-dev \
-  libffi-dev \
-  libvips42 \
-  libvips-dev \
-  libheif1 \
-  redis-server \
-  fontconfig
-msg_ok "Installed Dependencies"
-
-NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
-RUBY_VERSION="4.0.1" RUBY_INSTALL_RAILS="false" setup_ruby
-PG_VERSION="17" setup_postgresql
-PG_DB_NAME="docuseal" PG_DB_USER="docuseal" setup_postgresql_db
-
-msg_info "Downloading Fonts and PDFium"
-mkdir -p /opt/fonts /usr/share/fonts/noto
-ARCH=$(uname -m | sed 's/x86_64/x64/;s/aarch64/arm64/')
-curl -fsSL -o /opt/fonts/GoNotoKurrent-Regular.ttf \
-  https://github.com/satbyy/go-noto-universal/releases/download/v7.0/GoNotoKurrent-Regular.ttf
-curl -fsSL -o /opt/fonts/GoNotoKurrent-Bold.ttf \
-  https://github.com/satbyy/go-noto-universal/releases/download/v7.0/GoNotoKurrent-Bold.ttf
-curl -fsSL -o /opt/fonts/DancingScript-Regular.otf \
-  https://github.com/impallari/DancingScript/raw/master/fonts/DancingScript-Regular.otf
-ln -sf /opt/fonts/GoNotoKurrent-Regular.ttf /usr/share/fonts/noto/
-ln -sf /opt/fonts/GoNotoKurrent-Bold.ttf /usr/share/fonts/noto/
-$STD fc-cache -f
-curl -fsSL -o /tmp/pdfium.tgz \
-  "https://github.com/bblanchon/pdfium-binaries/releases/latest/download/pdfium-linux-${ARCH}.tgz"
-mkdir -p /tmp/pdfium && tar -xzf /tmp/pdfium.tgz -C /tmp/pdfium
-cp /tmp/pdfium/lib/libpdfium.so /usr/lib/libpdfium.so
-rm -rf /tmp/pdfium /tmp/pdfium.tgz
-msg_ok "Downloaded Fonts and PDFium"
-
-fetch_and_deploy_gh_release "docuseal" "docusealco/docuseal" "tarball"
-
-msg_info "Downloading Field Detection Model"
-mkdir -p /opt/docuseal/tmp
-curl -fsSL -o /opt/docuseal/tmp/model.onnx \
-  "https://github.com/docusealco/fields-detection/releases/download/2.0.0/model_704_int8.onnx"
-mkdir -p /opt/docuseal/public/fonts
-ln -sf /opt/fonts/DancingScript-Regular.otf /opt/docuseal/public/fonts/DancingScript-Regular.otf
-msg_ok "Downloaded Field Detection Model"
-
-msg_info "Configuring DocuSeal"
-SECRET_KEY=$(openssl rand -hex 64)
-mkdir -p /opt/docuseal/data
-cat <<EOF >/opt/docuseal/.env
-RAILS_ENV=production
-NODE_ENV=production
-RAILS_LOG_TO_STDOUT=true
-RAILS_SERVE_STATIC_FILES=true
-SECRET_KEY_BASE=${SECRET_KEY}
-DATABASE_URL=postgresql://docuseal:${PG_DB_PASS}@127.0.0.1:5432/docuseal
-REDIS_URL=redis://localhost:6379/0
-WORKDIR=/opt/docuseal/data
-VIPS_MAX_COORD=17000
-EOF
-msg_ok "Configured DocuSeal"
-
-msg_info "Building Application"
-cd /opt/docuseal
-export PATH="$HOME/.rbenv/bin:$HOME/.rbenv/shims:$PATH"
-eval "$(rbenv init - bash)" 2>/dev/null || true
-export RAILS_ENV=production
-export NODE_ENV=production
-export SECRET_KEY_BASE_DUMMY=1
-set -a
-source /opt/docuseal/.env
-set +a
-$STD bundle config set --local deployment 'true'
-$STD bundle config set --local without 'development:test'
-$STD bundle install -j"$(nproc)"
-$STD yarn install --network-timeout 1000000
-$STD ./bin/shakapacker
-$STD bundle exec rails db:migrate
-$STD bundle exec bootsnap precompile -j 1 --gemfile app/ lib/
-msg_ok "Built Application"
-
-msg_info "Enabling Redis"
-systemctl enable -q --now redis-server
-msg_ok "Enabled Redis"
-
-msg_info "Creating docuseal User"
-id docuseal &>/dev/null || useradd -u 2000 -M -s /usr/sbin/nologin -d /opt/docuseal docuseal
-chmod o+x /root
-chmod -R o+rX /root/.rbenv
-chown -R docuseal:docuseal /opt/docuseal /opt/fonts
-msg_ok "Created docuseal User"
-
-msg_info "Creating Services"
-cat <<EOF >/etc/systemd/system/docuseal.service
-[Unit]
-Description=DocuSeal Web
-After=network.target postgresql.service redis-server.service
-
-[Service]
-Type=simple
-User=docuseal
-Group=docuseal
-WorkingDirectory=/opt/docuseal
-EnvironmentFile=/opt/docuseal/.env
-Environment=HOME=/opt/docuseal
-Environment=PATH=/root/.rbenv/shims:/root/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-Environment=BUNDLE_GEMFILE=/opt/docuseal/Gemfile
-Environment=BUNDLE_WITHOUT=development:test
-ExecStart=/opt/docuseal/bin/bundle exec puma -C /opt/docuseal/config/puma.rb --dir /opt/docuseal -p 3000
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-cat <<EOF >/etc/systemd/system/docuseal-sidekiq.service
-[Unit]
-Description=DocuSeal Sidekiq
-After=network.target postgresql.service redis-server.service
-
-[Service]
-Type=simple
-User=docuseal
-Group=docuseal
-WorkingDirectory=/opt/docuseal
-EnvironmentFile=/opt/docuseal/.env
-Environment=HOME=/opt/docuseal
-Environment=PATH=/root/.rbenv/shims:/root/.rbenv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-Environment=BUNDLE_GEMFILE=/opt/docuseal/Gemfile
-Environment=BUNDLE_WITHOUT=development:test
-ExecStart=/opt/docuseal/bin/bundle exec sidekiq
-Restart=on-failure
-RestartSec=5
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now docuseal docuseal-sidekiq
-msg_ok "Created Services"
-
-motd_ssh
-customize
-cleanup_lxc

install/excalidraw-install.sh

@@ -17,7 +17,7 @@ msg_info "Installing Dependencies"
 $STD apt install -y xdg-utils
 msg_ok "Installed Dependencies"
 
-NODE_VERSION="24" NODE_MODULE="yarn" setup_nodejs
+NODE_VERSION="22" NODE_MODULE="yarn" setup_nodejs
 fetch_and_deploy_gh_release "excalidraw" "excalidraw/excalidraw" "tarball"
 
 msg_info "Configuring Excalidraw"

install/ollama-install.sh

@@ -62,15 +62,26 @@ $STD apt install -y --no-install-recommends intel-basekit-2024.1
 msg_ok "Installed Intel® oneAPI Base Toolkit"
 
 msg_info "Installing Ollama (Patience)"
+RELEASE=$(curl -fsSL https://api.github.com/repos/ollama/ollama/releases/latest | grep "tag_name" | awk -F '"' '{print $4}')
 OLLAMA_INSTALL_DIR="/usr/local/lib/ollama"
 BINDIR="/usr/local/bin"
-mkdir -p "$OLLAMA_INSTALL_DIR"
-if ! fetch_and_deploy_gh_release "ollama" "ollama/ollama" "prebuild" "latest" "$OLLAMA_INSTALL_DIR" "ollama-linux-amd64.tar.zst"; then
-  msg_error "Failed to download or deploy Ollama – check network connectivity and GitHub API availability"
+mkdir -p $OLLAMA_INSTALL_DIR
+OLLAMA_URL="https://github.com/ollama/ollama/releases/download/${RELEASE}/ollama-linux-amd64.tar.zst"
+TMP_TAR="/tmp/ollama.tar.zst"
+echo -e "\n"
+if curl -fL# -C - -o "$TMP_TAR" "$OLLAMA_URL"; then
+  if tar --zstd -xf "$TMP_TAR" -C "$OLLAMA_INSTALL_DIR"; then
+    ln -sf "$OLLAMA_INSTALL_DIR/bin/ollama" "$BINDIR/ollama"
+    echo "${RELEASE}" >/opt/Ollama_version.txt
+    msg_ok "Installed Ollama ${RELEASE}"
+  else
+    msg_error "Extraction failed – archive corrupt or incomplete"
+    exit 251
+  fi
+else
+  msg_error "Download failed – $OLLAMA_URL not reachable"
   exit 250
 fi
-ln -sf "$OLLAMA_INSTALL_DIR/bin/ollama" "$BINDIR/ollama"
-msg_ok "Installed Ollama"
 
 msg_info "Creating ollama User and Group"
 if ! id ollama >/dev/null 2>&1; then

install/omada-install.sh

@@ -38,12 +38,10 @@ msg_info "Installing Omada Controller"
 OMADA_URL=$(curl -fsSL "https://support.omadanetworks.com/en/download/software/omada-controller/" |
   grep -o 'https://static\.tp-link\.com/upload/software/[^"]*linux_x64[^"]*\.deb' |
   head -n1)
-OMADA_PKG=$(basename "${OMADA_URL}")
-curl -fsSL "${OMADA_URL}" -o "${OMADA_PKG}"
-$STD dpkg -i "${OMADA_PKG}"
-rm -rf "${OMADA_PKG}"
-VERSION=$(sed -n 's/.*_v\([0-9.]*\)_.*_\([0-9]\{14\}\)\.deb$/\1-\2/p' <<<"${OMADA_PKG}")
-echo "${VERSION}" >$HOME/.omada
+OMADA_PKG=$(basename "$OMADA_URL")
+curl -fsSL "$OMADA_URL" -o "$OMADA_PKG"
+$STD dpkg -i "$OMADA_PKG"
+rm -rf "$OMADA_PKG"
 msg_ok "Installed Omada Controller"
 
 motd_ssh

install/opencloud-install.sh

@@ -64,7 +64,7 @@ $STD sudo -u cool coolconfig set-admin-password --user=admin --password="$COOLPA
 echo "$COOLPASS" >~/.coolpass
 msg_ok "Installed Collabora Online"
 
-fetch_and_deploy_gh_release "OpenCloud" "opencloud-eu/opencloud" "singlefile" "v6.2.0" "/usr/bin" "opencloud-*-linux-amd64"
+fetch_and_deploy_gh_release "OpenCloud" "opencloud-eu/opencloud" "singlefile" "v6.1.0" "/usr/bin" "opencloud-*-linux-amd64"
 mv /usr/bin/OpenCloud /usr/bin/opencloud
 
 msg_info "Configuring OpenCloud"

install/openwebui-install.sh

@@ -73,11 +73,11 @@ EOF
   msg_ok "Installed Intel® oneAPI Base Toolkit"
 
   msg_info "Installing Ollama"
-  if ! fetch_and_deploy_gh_release "ollama" "ollama/ollama" "prebuild" "latest" "/usr/lib/ollama" "ollama-linux-amd64.tar.zst"; then
-    msg_error "Failed to download or deploy Ollama – check network connectivity and GitHub API availability"
-  else
-    ln -sf /usr/lib/ollama/bin/ollama /usr/bin/ollama
-    cat <<EOF >/etc/systemd/system/ollama.service
+  OLLAMA_RELEASE=$(curl -fsSL https://api.github.com/repos/ollama/ollama/releases/latest | grep "tag_name" | awk -F '"' '{print $4}')
+  curl -fsSLO -C - https://github.com/ollama/ollama/releases/download/${OLLAMA_RELEASE}/ollama-linux-amd64.tar.zst
+  tar --zstd -C /usr -xf ollama-linux-amd64.tar.zst
+  rm -rf ollama-linux-amd64.tar.zst
+  cat <<EOF >/etc/systemd/system/ollama.service
 [Unit]
 Description=Ollama Service
 After=network-online.target
@@ -93,10 +93,9 @@ RestartSec=3
 [Install]
 WantedBy=multi-user.target
 EOF
-    systemctl enable -q --now ollama
-    echo "ENABLE_OLLAMA_API=true" >/root/.env
-    msg_ok "Installed Ollama"
-  fi
+  systemctl enable -q --now ollama
+  echo "ENABLE_OLLAMA_API=true" >/root/.env
+  msg_ok "Installed Ollama"
 fi
 
 msg_info "Creating Service"

install/reactive-resume-install.sh

@@ -55,7 +55,7 @@ DATABASE_URL=postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAM
 AUTH_SECRET=${AUTH_SECRET}
 
 # Printer (headless Chromium for PDF generation)
-PRINTER_ENDPOINT=http://127.0.0.1:9222
+PRINTER_ENDPOINT=http://localhost:9222
 
 # Storage: uses local filesystem (/opt/reactive-resume/data) when S3 is not configured
 # S3_ACCESS_KEY_ID=
@@ -92,7 +92,7 @@ After=network.target
 
 [Service]
 Type=simple
-ExecStart=/usr/bin/chromium --headless --disable-gpu --no-sandbox --no-zygote --disable-dev-shm-usage --remote-debugging-address=127.0.0.1 --remote-debugging-port=9222
+ExecStart=/usr/bin/chromium --headless --disable-gpu --no-sandbox --disable-dev-shm-usage --remote-debugging-address=127.0.0.1 --remote-debugging-port=9222
 Restart=always
 RestartSec=5
 

install/termix-install.sh

@@ -54,7 +54,7 @@ cd /opt
 rm -rf /opt/guacamole-server
 msg_ok "Built Guacamole Server (guacd)"
 
-NODE_VERSION="24" setup_nodejs
+NODE_VERSION="22" setup_nodejs
 fetch_and_deploy_gh_release "termix" "Termix-SSH/Termix" "tarball"
 
 msg_info "Building Frontend"
@@ -101,17 +101,16 @@ sed -i 's|/app/nginx|/opt/termix/nginx|g' /etc/nginx/nginx.conf
 sed -i 's|listen ${PORT};|listen 80;|g' /etc/nginx/nginx.conf
 
 mkdir -p /tmp/nginx
-echo "d /tmp/nginx 0755 nobody nogroup -" >/etc/tmpfiles.d/nginx-termix.conf
+echo "d /tmp/nginx 0755 nobody nobody -" > /etc/tmpfiles.d/nginx-termix.conf
 mkdir -p /etc/systemd/system/nginx.service.d/
-cat >/etc/systemd/system/nginx.service.d/pidfile.conf <<EOF
+cat > /etc/systemd/system/nginx.service.d/pidfile.conf << EOF
 [Service]
 PIDFile=/tmp/nginx/nginx.pid
 EOF
 systemctl daemon-reload
 rm -f /etc/nginx/sites-enabled/default
 nginx -t
-systemctl enable nginx
-systemctl restart nginx
+systemctl reload nginx
 msg_ok "Configured Nginx"
 
 msg_info "Creating Service"

install/trek-install.sh

@@ -17,7 +17,7 @@ msg_info "Installing Dependencies"
 $STD apt install -y build-essential
 msg_ok "Installed Dependencies"
 
-NODE_VERSION="24" setup_nodejs
+NODE_VERSION="22" setup_nodejs
 fetch_and_deploy_gh_release "trek" "mauriceboe/TREK" "tarball"
 
 msg_info "Building Client"

install/wallabag-install.sh

@@ -24,7 +24,7 @@ setup_mariadb
 MARIADB_DB_NAME="wallabag" MARIADB_DB_USER="wallabag" setup_mariadb_db
 PHP_VERSION="8.3" PHP_FPM="YES" PHP_MODULE="tidy" setup_php
 setup_composer
-NODE_VERSION="24" setup_nodejs
+NODE_VERSION="22" setup_nodejs
 fetch_and_deploy_gh_release "wallabag" "wallabag/wallabag" "prebuild" "latest" "/opt/wallabag" "wallabag-*.tar.gz"
 
 msg_info "Configuring Wallabag"

install/wikijs-install.sh

@@ -17,7 +17,7 @@ msg_info "Installing Dependencies"
 $STD apt install -y git
 msg_ok "Installed Dependencies"
 
-NODE_VERSION="24" NODE_MODULE="yarn,node-gyp" setup_nodejs
+NODE_VERSION="22" NODE_MODULE="yarn,node-gyp" setup_nodejs
 PG_VERSION="17" setup_postgresql
 PG_DB_NAME="wiki" PG_DB_USER="wikijs_user" PG_DB_EXTENSIONS="pg_trgm" setup_postgresql_db
 fetch_and_deploy_gh_release "wikijs" "requarks/wiki" "prebuild" "latest" "/opt/wikijs" "wiki-js.tar.gz"

misc/api.func

@@ -196,7 +196,7 @@ explain_exit_code() {
   103) echo "Validation: Shell is not Bash" ;;
   104) echo "Validation: Not running as root (or invoked via sudo)" ;;
   105) echo "Validation: Proxmox VE version not supported" ;;
-  106) echo "Validation: Architecture not supported (ARM / PiMox)" ;;
+  106) echo "Validation: Unsupported architecture (requires amd64 or arm64)" ;;
   107) echo "Validation: Kernel key parameters unreadable" ;;
   108) echo "Validation: Kernel key limits exceeded" ;;
   109) echo "Proxmox: No available container ID after max attempts" ;;

misc/build.func

@@ -52,6 +52,11 @@ variables() {
   # as "/tmp/${NSAPP}-${CTID}-${SESSION_ID}.log" (requires CTID, not available here)
   CTTYPE="${CTTYPE:-${CT_TYPE:-1}}"
 
+  # ARM64 Template default variables
+  DEBIAN_DEFAULT_CODENAME="trixie"
+  UBUNTU_DEFAULT_CODENAME="noble"
+  ALPINE_DEFAULT_VERSION="3.23"
+
   # Parse dev_mode early
   parse_dev_mode
 
@@ -1942,7 +1947,7 @@ advanced_settings() {
 
     # ═══════════════════════════════════════════════════════════════════════════
     # STEP 2: Root Password
-    # ════════════════════════════════════════<EFBFBD><EFBFBD><EFBFBD>═══════════════════════════════<EFBFBD><EFBFBD><EFBFBD>══
+    # ═══════════════════════════════════════════════════════════════════════════
     2)
       if PW1=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \
         --title "ROOT PASSWORD" \
@@ -3052,6 +3057,9 @@ echo_default() {
   echo -e "${DISKSIZE}${BOLD}${DGN}Disk Size: ${BGN}${DISK_SIZE} GB${CL}"
   echo -e "${CPUCORE}${BOLD}${DGN}CPU Cores: ${BGN}${CORE_COUNT}${CL}"
   echo -e "${RAMSIZE}${BOLD}${DGN}RAM Size: ${BGN}${RAM_SIZE} MiB${CL}"
+  if [[ "$(dpkg --print-architecture)" == "arm64" ]]; then
+    echo -e "${INFO}${BOLD}${DGN}Architecture: ${BGN}arm64${CL}"
+  fi
   if [[ -n "${var_gpu:-}" && "${var_gpu}" == "yes" ]]; then
     echo -e "${GPU}${BOLD}${DGN}GPU Passthrough: ${BGN}Enabled${CL}"
   fi
@@ -3088,7 +3096,9 @@ install_script() {
   pve_check
   shell_check
   root_check
+  ensure_whiptail
   arch_check
+  arm64_notice
   ssh_check
   maxkeys_check
   diagnostics_check
@@ -4351,19 +4361,23 @@ EOF
       msg_warn "Skipping timezone setup – zone '$tz' not found in container"
     fi
 
+    local _base_pkgs="sudo curl mc gnupg2 jq"
+    if [[ "${ARCH:-amd64}" == "arm64" ]]; then
+      _base_pkgs+=" openssh-server wget gcc"
+    fi
+
     # Detect broken DNS resolver (e.g. Tailscale MagicDNS) and inject public DNS
     if ! pct exec "$CTID" -- bash -c "getent hosts deb.debian.org >/dev/null 2>&1 && getent hosts archive.ubuntu.com >/dev/null 2>&1"; then
       msg_warn "APT repository DNS resolution failed in container, injecting public DNS servers"
       pct exec "$CTID" -- bash -c "echo -e 'nameserver 8.8.8.8\nnameserver 1.1.1.1' >/etc/resolv.conf"
     fi
 
-    pct exec "$CTID" -- bash -c "apt-get update 2>&1 && apt-get install -y sudo curl mc gnupg2 jq 2>&1" >>"$BUILD_LOG" 2>&1 || {
+    pct exec "$CTID" -- bash -c "apt-get update 2>&1 && apt-get install -y ${_base_pkgs} 2>&1" >>"$BUILD_LOG" 2>&1 || {
       local failed_mirror
       failed_mirror=$(pct exec "$CTID" -- bash -c "grep -m1 -oP '(?<=URIs: https?://)[^/]+' /etc/apt/sources.list.d/debian.sources 2>/dev/null || grep -m1 -oP '(?<=deb https?://)[^/]+' /etc/apt/sources.list 2>/dev/null" 2>/dev/null || echo "unknown")
       msg_warn "apt-get update failed (${failed_mirror}), trying alternate mirrors..."
       local mirror_exit=0
-      pct exec "$CTID" -- bash -c '
-        APT_BASE="sudo curl mc gnupg2 jq"
+      pct exec "$CTID" -- env APT_BASE="$_base_pkgs" bash -c '
         DISTRO=$(. /etc/os-release 2>/dev/null && echo "$ID" || echo "debian")
 
         if [ "$DISTRO" = "ubuntu" ]; then
@@ -4473,7 +4487,7 @@ EOF
               [ -f \"\$src\" ] && sed -i \"s|URIs: http[s]*://[^/]*/|URIs: http://${custom_mirror}/|g; s|deb http[s]*://[^/]*/|deb http://${custom_mirror}/|g\" \"\$src\"
             done
             rm -rf /var/lib/apt/lists/*
-            apt-get update >/dev/null 2>&1 && apt-get install -y sudo curl mc gnupg2 jq >/dev/null 2>&1
+            apt-get update >/dev/null 2>&1 && apt-get install -y ${_base_pkgs} >/dev/null 2>&1
           " && break
           msg_warn "Mirror '${custom_mirror}' also failed. Try another or type 'skip'."
         done
@@ -4513,7 +4527,9 @@ EOF
     # that sends "configuring" status AFTER the host already reported "failed"
     export CONTAINER_INSTALLING=true
 
-    lxc-attach -n "$CTID" -- bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/install/${var_install}.sh)"
+    local _install_script
+    _install_script="$(curl -fsSL "https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/install/${var_install}.sh")"
+    lxc-attach -n "$CTID" -- bash -c "$_install_script"
     local lxc_exit=$?
 
     unset CONTAINER_INSTALLING
@@ -4908,7 +4924,9 @@ EOF
           # Re-run install script in existing container (don't destroy/recreate)
           set +Eeuo pipefail
           trap - ERR
-          lxc-attach -n "$CTID" -- bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/install/${var_install}.sh)"
+          local _install_script
+          _install_script="$(curl -fsSL "https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/install/${var_install}.sh")"
+          lxc-attach -n "$CTID" -- bash -c "$_install_script"
           local apt_retry_exit=$?
           set -Eeuo pipefail
           trap 'error_handler' ERR
@@ -5666,6 +5684,72 @@ create_lxc_container() {
     esac
   }
 
+  ARCH="$(dpkg --print-architecture)"
+
+  # Maps OS type + version to the release variant name used by ARM64 template sources.
+  arm64_template_variant() {
+    case "$1:$2" in
+      debian:12) echo "bookworm" ;;
+      debian:13) echo "trixie" ;;
+      debian:) echo "$DEBIAN_DEFAULT_CODENAME" ;;
+
+      ubuntu:24.04) echo "noble" ;;
+      ubuntu:26.04) echo "questing" ;;
+      ubuntu:) echo "$UBUNTU_DEFAULT_CODENAME" ;;
+
+      alpine:*) echo "${2:-$ALPINE_DEFAULT_VERSION}" ;;
+
+      *) return 1 ;;
+    esac
+  }
+
+  # Downloads an ARM64 LXC rootfs template to $1.
+  # Debian: fetches latest release from community-scripts/debian-arm64-lxc on GitHub.
+  # Others: fetches from jenkins.linuxcontainers.org.
+  download_arm64_template() {
+    local dest="$1" url
+
+    mkdir -p "$(dirname "$dest")" || {
+      msg_error "Cannot create template dir."
+      exit 207
+    }
+
+    if [[ "$PCT_OSTYPE" == "debian" ]]; then
+      url=$(
+        curl -fsSL "https://api.github.com/repos/community-scripts/debian-arm64-lxc/releases/latest" |
+          jq -r --arg v "$CUSTOM_TEMPLATE_VARIANT" \
+            '.assets[].browser_download_url | select(test("debian-" + $v + "-arm64-rootfs\\.tar\\.xz$"))' |
+          head -n1
+      )
+
+      [[ -n "$url" ]] || {
+        msg_error "Could not find Debian ${CUSTOM_TEMPLATE_VARIANT} ARM64 template URL."
+        exit 207
+      }
+    else
+      url="https://jenkins.linuxcontainers.org/job/image-${PCT_OSTYPE}/architecture=arm64,release=${CUSTOM_TEMPLATE_VARIANT},variant=default/lastStableBuild/artifact/rootfs.tar.xz"
+    fi
+
+    msg_info "Downloading ${PCT_OSTYPE^} ${CUSTOM_TEMPLATE_VARIANT} ARM64 template"
+    if ! curl -fsSL -o "$dest" "$url"; then
+      msg_error "Failed to download ARM64 template from: $url"
+      exit 208
+    fi
+    msg_ok "Downloaded ARM64 LXC template"
+  }
+
+  download_template() {
+    local dest="${1:-$TEMPLATE_PATH}"
+    if [[ "$ARCH" == "arm64" ]]; then
+      download_arm64_template "$dest"
+    else
+      pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1 || {
+        msg_error "Failed to download template '$TEMPLATE' to storage '$TEMPLATE_STORAGE'"
+        exit 222
+      }
+    fi
+  }
+
   # ------------------------------------------------------------------------------
   # Required input variables
   # ------------------------------------------------------------------------------
@@ -5832,153 +5916,120 @@ create_lxc_container() {
   # ------------------------------------------------------------------------------
   # Template discovery & validation
   # ------------------------------------------------------------------------------
-  TEMPLATE_SEARCH="${PCT_OSTYPE}-${PCT_OSVERSION:-}"
-  case "$PCT_OSTYPE" in
-  debian | ubuntu) TEMPLATE_PATTERN="-standard_" ;;
-  alpine | fedora | rocky | centos) TEMPLATE_PATTERN="-default_" ;;
-  *) TEMPLATE_PATTERN="" ;;
-  esac
+  CUSTOM_TEMPLATE_VARIANT=""
 
-  msg_info "Searching for template '$TEMPLATE_SEARCH'"
+  if [[ "$ARCH" == "arm64" ]]; then
+    # ARM64: use custom template download from linuxcontainers.org / GitHub
+    msg_info "Preparing ARM64 template"
 
-  # Initialize variables
-  ONLINE_TEMPLATE=""
-  ONLINE_TEMPLATES=()
+    CUSTOM_TEMPLATE_VARIANT=$(arm64_template_variant "$PCT_OSTYPE" "${PCT_OSVERSION:-}") || {
+      msg_error "No ARM64 template mapping for ${PCT_OSTYPE} ${PCT_OSVERSION:-latest}"
+      exit 207
+    }
 
-  # Step 1: Check local templates first (instant)
-  mapfile -t LOCAL_TEMPLATES < <(
-    pveam list "$TEMPLATE_STORAGE" 2>/dev/null |
-      awk -v search="${TEMPLATE_SEARCH}" -v pattern="${TEMPLATE_PATTERN}" '$1 ~ search && $1 ~ pattern {print $1}' |
-      sed 's|.*/||' | sort -t - -k 2 -V
-  )
+    TEMPLATE="${PCT_OSTYPE}-${CUSTOM_TEMPLATE_VARIANT}-rootfs.tar.xz"
+    TEMPLATE_SOURCE="custom-arm64"
 
-  # Step 2: If local template found, use it immediately (skip pveam update)
-  if [[ ${#LOCAL_TEMPLATES[@]} -gt 0 ]]; then
-    TEMPLATE="${LOCAL_TEMPLATES[-1]}"
-    TEMPLATE_SOURCE="local"
-    msg_ok "Template search completed"
-  else
-    # Step 3: No local template - need to check online (this may be slow)
-    msg_info "No local template found, checking online catalog..."
-
-    # Update catalog with timeout to prevent long hangs
-    if command -v timeout &>/dev/null; then
-      if ! timeout 30 pveam update >/dev/null 2>&1; then
-        msg_warn "Template catalog update timed out (possible network/DNS issue). Run 'pveam update' manually to diagnose."
-      fi
-    else
-      pveam update >/dev/null 2>&1 || msg_warn "Could not update template catalog (pveam update failed)"
+    # Resolve template path
+    TEMPLATE_PATH="$(pvesm path "${TEMPLATE_STORAGE}:vztmpl/${TEMPLATE}" 2>/dev/null || true)"
+    if [[ -z "$TEMPLATE_PATH" ]]; then
+      local _tpl_base
+      _tpl_base=$(awk -v s="$TEMPLATE_STORAGE" '
+        $0 ~ "^[^:]+:[[:space:]]*" s "$" {f=1; next}
+        f && /^[^[:space:]]/ {f=0}
+        f && $1 == "path" {print $2; exit}
+      ' /etc/pve/storage.cfg)
+      TEMPLATE_PATH="${_tpl_base:-/var/lib/vz}/template/cache/$TEMPLATE"
     fi
 
+    # Download if missing, too small, or corrupt
+    if [[ ! -f "$TEMPLATE_PATH" ]]; then
+      download_arm64_template "$TEMPLATE_PATH"
+    elif [[ "$(stat -c%s "$TEMPLATE_PATH")" -lt 1000000 ]] || ! tar -tf "$TEMPLATE_PATH" &>/dev/null; then
+      msg_warn "Local template invalid - re-downloading."
+      rm -f "$TEMPLATE_PATH"
+      download_arm64_template "$TEMPLATE_PATH"
+    else
+      msg_ok "Template ${BL}$TEMPLATE${CL} found locally."
+    fi
+
+  else
+    TEMPLATE_SEARCH="${PCT_OSTYPE}-${PCT_OSVERSION:-}"
+    case "$PCT_OSTYPE" in
+    debian | ubuntu) TEMPLATE_PATTERN="-standard_" ;;
+    alpine | fedora | rocky | centos) TEMPLATE_PATTERN="-default_" ;;
+    *) TEMPLATE_PATTERN="" ;;
+    esac
+
+    msg_info "Searching for template '$TEMPLATE_SEARCH'"
+
+    # Initialize variables
+    ONLINE_TEMPLATE=""
     ONLINE_TEMPLATES=()
-    mapfile -t ONLINE_TEMPLATES < <(pveam available -section system 2>/dev/null | grep -E '\.(tar\.zst|tar\.xz|tar\.gz)$' | awk '{print $2}' | grep -E "^${TEMPLATE_SEARCH}.*${TEMPLATE_PATTERN}" | sort -t - -k 2 -V 2>/dev/null || true)
-    [[ ${#ONLINE_TEMPLATES[@]} -gt 0 ]] && ONLINE_TEMPLATE="${ONLINE_TEMPLATES[-1]}"
 
-    TEMPLATE="$ONLINE_TEMPLATE"
-    TEMPLATE_SOURCE="online"
-    msg_ok "Template search completed"
-  fi
-
-  # If still no template, try to find alternatives
-  if [[ -z "$TEMPLATE" ]]; then
-    msg_warn "No template found for ${PCT_OSTYPE} ${PCT_OSVERSION}, searching for alternatives..."
-
-    # Get all available versions for this OS type
-    AVAILABLE_VERSIONS=()
-    mapfile -t AVAILABLE_VERSIONS < <(
-      pveam available -section system 2>/dev/null |
-        grep -E '\.(tar\.zst|tar\.xz|tar\.gz)$' |
-        awk -F'\t' '{print $1}' |
-        grep "^${PCT_OSTYPE}-" |
-        sed -E "s/.*${PCT_OSTYPE}-([0-9]+(\.[0-9]+)?).*/\1/" |
-        sort -u -V 2>/dev/null
+    # Step 1: Check local templates first (instant)
+    mapfile -t LOCAL_TEMPLATES < <(
+      pveam list "$TEMPLATE_STORAGE" 2>/dev/null |
+        awk -v search="${TEMPLATE_SEARCH}" -v pattern="${TEMPLATE_PATTERN}" '$1 ~ search && $1 ~ pattern {print $1}' |
+        sed 's|.*/||' | sort -t - -k 2 -V
     )
 
-    if [[ ${#AVAILABLE_VERSIONS[@]} -gt 0 ]]; then
-      echo ""
-      echo "${BL}Available ${PCT_OSTYPE} versions:${CL}"
-      for i in "${!AVAILABLE_VERSIONS[@]}"; do
-        echo "  [$((i + 1))] ${AVAILABLE_VERSIONS[$i]}"
-      done
-      echo ""
-      read -p "Select version [1-${#AVAILABLE_VERSIONS[@]}] or press Enter to cancel: " choice </dev/tty
+    # Step 2: If local template found, use it immediately (skip pveam update)
+    if [[ ${#LOCAL_TEMPLATES[@]} -gt 0 ]]; then
+      TEMPLATE="${LOCAL_TEMPLATES[-1]}"
+      TEMPLATE_SOURCE="local"
+      msg_ok "Template search completed"
+    else
+      # Step 3: No local template - need to check online (this may be slow)
+      msg_info "No local template found, checking online catalog..."
 
-      if [[ "$choice" =~ ^[0-9]+$ ]] && [[ "$choice" -ge 1 ]] && [[ "$choice" -le ${#AVAILABLE_VERSIONS[@]} ]]; then
-        PCT_OSVERSION="${AVAILABLE_VERSIONS[$((choice - 1))]}"
-        TEMPLATE_SEARCH="${PCT_OSTYPE}-${PCT_OSVERSION}"
-
-        ONLINE_TEMPLATES=()
-        mapfile -t ONLINE_TEMPLATES < <(
-          pveam available -section system 2>/dev/null |
-            grep -E '\.(tar\.zst|tar\.xz|tar\.gz)$' |
-            awk '{print $2}' |
-            grep -E "^${TEMPLATE_SEARCH}-.*${TEMPLATE_PATTERN}" |
-            sort -t - -k 2 -V 2>/dev/null || true
-        )
-
-        if [[ ${#ONLINE_TEMPLATES[@]} -gt 0 ]]; then
-          TEMPLATE="${ONLINE_TEMPLATES[-1]}"
-          TEMPLATE_SOURCE="online"
-        else
-          msg_error "No templates available for ${PCT_OSTYPE} ${PCT_OSVERSION}"
-          exit 225
+      # Update catalog with timeout to prevent long hangs
+      if command -v timeout &>/dev/null; then
+        if ! timeout 30 pveam update >/dev/null 2>&1; then
+          msg_warn "Template catalog update timed out (possible network/DNS issue). Run 'pveam update' manually to diagnose."
         fi
       else
-        msg_custom "🚫" "${YW}" "Installation cancelled"
-        exit 0
+        pveam update >/dev/null 2>&1 || msg_warn "Could not update template catalog (pveam update failed)"
       fi
-    else
-      msg_error "No ${PCT_OSTYPE} templates available at all"
-      exit 225
+
+      ONLINE_TEMPLATES=()
+      mapfile -t ONLINE_TEMPLATES < <(pveam available -section system 2>/dev/null | grep -E '\.(tar\.zst|tar\.xz|tar\.gz)$' | awk '{print $2}' | grep -E "^${TEMPLATE_SEARCH}.*${TEMPLATE_PATTERN}" | sort -t - -k 2 -V 2>/dev/null || true)
+      [[ ${#ONLINE_TEMPLATES[@]} -gt 0 ]] && ONLINE_TEMPLATE="${ONLINE_TEMPLATES[-1]}"
+
+      TEMPLATE="$ONLINE_TEMPLATE"
+      TEMPLATE_SOURCE="online"
+      msg_ok "Template search completed"
     fi
-  fi
 
-  TEMPLATE_PATH="$(pvesm path $TEMPLATE_STORAGE:vztmpl/$TEMPLATE 2>/dev/null || true)"
-  if [[ -z "$TEMPLATE_PATH" ]]; then
-    TEMPLATE_BASE=$(awk -v s="$TEMPLATE_STORAGE" '$1==s {f=1} f && /path/ {print $2; exit}' /etc/pve/storage.cfg)
-    [[ -n "$TEMPLATE_BASE" ]] && TEMPLATE_PATH="$TEMPLATE_BASE/template/cache/$TEMPLATE"
-  fi
-
-  # If we still don't have a path but have a valid template name, construct it
-  if [[ -z "$TEMPLATE_PATH" && -n "$TEMPLATE" ]]; then
-    TEMPLATE_PATH="/var/lib/vz/template/cache/$TEMPLATE"
-  fi
-
-  [[ -n "$TEMPLATE_PATH" ]] || {
+    # If still no template, try to find alternatives
     if [[ -z "$TEMPLATE" ]]; then
-      msg_error "Template ${PCT_OSTYPE} ${PCT_OSVERSION} not available"
+      msg_warn "No template found for ${PCT_OSTYPE} ${PCT_OSVERSION}, searching for alternatives..."
 
-      # Get available versions
+      # Get all available versions for this OS type
+      AVAILABLE_VERSIONS=()
       mapfile -t AVAILABLE_VERSIONS < <(
         pveam available -section system 2>/dev/null |
+          grep -E '\.(tar\.zst|tar\.xz|tar\.gz)$' |
+          awk -F'\t' '{print $1}' |
           grep "^${PCT_OSTYPE}-" |
-          sed -E 's/.*'"${PCT_OSTYPE}"'-([0-9]+\.[0-9]+).*/\1/' |
-          grep -E '^[0-9]+\.[0-9]+$' |
-          sort -u -V 2>/dev/null || sort -u
+          sed -E "s/.*${PCT_OSTYPE}-([0-9]+(\.[0-9]+)?).*/\1/" |
+          sort -u -V 2>/dev/null
       )
 
       if [[ ${#AVAILABLE_VERSIONS[@]} -gt 0 ]]; then
-        echo -e "\n${BL}Available versions:${CL}"
+        echo ""
+        echo "${BL}Available ${PCT_OSTYPE} versions:${CL}"
         for i in "${!AVAILABLE_VERSIONS[@]}"; do
           echo "  [$((i + 1))] ${AVAILABLE_VERSIONS[$i]}"
         done
-
         echo ""
-        read -p "Select version [1-${#AVAILABLE_VERSIONS[@]}] or Enter to exit: " choice </dev/tty
+        read -p "Select version [1-${#AVAILABLE_VERSIONS[@]}] or press Enter to cancel: " choice </dev/tty
 
         if [[ "$choice" =~ ^[0-9]+$ ]] && [[ "$choice" -ge 1 ]] && [[ "$choice" -le ${#AVAILABLE_VERSIONS[@]} ]]; then
-          export var_version="${AVAILABLE_VERSIONS[$((choice - 1))]}"
-          export PCT_OSVERSION="$var_version"
-          msg_ok "Switched to ${PCT_OSTYPE} ${var_version}"
+          PCT_OSVERSION="${AVAILABLE_VERSIONS[$((choice - 1))]}"
+          TEMPLATE_SEARCH="${PCT_OSTYPE}-${PCT_OSVERSION}"
 
-          # Retry template search with new version
-          TEMPLATE_SEARCH="${PCT_OSTYPE}-${PCT_OSVERSION:-}"
-
-          mapfile -t LOCAL_TEMPLATES < <(
-            pveam list "$TEMPLATE_STORAGE" 2>/dev/null |
-              awk -v search="${TEMPLATE_SEARCH}-" -v pattern="${TEMPLATE_PATTERN}" '$1 ~ search && $1 ~ pattern {print $1}' |
-              sed 's|.*/||' | sort -t - -k 2 -V
-          )
+          ONLINE_TEMPLATES=()
           mapfile -t ONLINE_TEMPLATES < <(
             pveam available -section system 2>/dev/null |
               grep -E '\.(tar\.zst|tar\.xz|tar\.gz)$' |
@@ -5986,109 +6037,181 @@ create_lxc_container() {
               grep -E "^${TEMPLATE_SEARCH}-.*${TEMPLATE_PATTERN}" |
               sort -t - -k 2 -V 2>/dev/null || true
           )
-          ONLINE_TEMPLATE=""
-          [[ ${#ONLINE_TEMPLATES[@]} -gt 0 ]] && ONLINE_TEMPLATE="${ONLINE_TEMPLATES[-1]}"
 
-          if [[ ${#LOCAL_TEMPLATES[@]} -gt 0 ]]; then
-            TEMPLATE="${LOCAL_TEMPLATES[-1]}"
-            TEMPLATE_SOURCE="local"
-          else
-            TEMPLATE="$ONLINE_TEMPLATE"
+          if [[ ${#ONLINE_TEMPLATES[@]} -gt 0 ]]; then
+            TEMPLATE="${ONLINE_TEMPLATES[-1]}"
             TEMPLATE_SOURCE="online"
+          else
+            msg_error "No templates available for ${PCT_OSTYPE} ${PCT_OSVERSION}"
+            exit 225
           fi
-
-          TEMPLATE_PATH="$(pvesm path $TEMPLATE_STORAGE:vztmpl/$TEMPLATE 2>/dev/null || true)"
-          if [[ -z "$TEMPLATE_PATH" ]]; then
-            TEMPLATE_BASE=$(awk -v s="$TEMPLATE_STORAGE" '$1==s {f=1} f && /path/ {print $2; exit}' /etc/pve/storage.cfg)
-            [[ -n "$TEMPLATE_BASE" ]] && TEMPLATE_PATH="$TEMPLATE_BASE/template/cache/$TEMPLATE"
-          fi
-
-          # If we still don't have a path but have a valid template name, construct it
-          if [[ -z "$TEMPLATE_PATH" && -n "$TEMPLATE" ]]; then
-            TEMPLATE_PATH="/var/lib/vz/template/cache/$TEMPLATE"
-          fi
-
-          [[ -n "$TEMPLATE_PATH" ]] || {
-            msg_error "Template still not found after version change"
-            exit 220
-          }
         else
           msg_custom "🚫" "${YW}" "Installation cancelled"
           exit 0
         fi
       else
         msg_error "No ${PCT_OSTYPE} templates available"
-        exit 220
+        exit 225
       fi
     fi
-  }
 
-  # Validate that we found a template
-  if [[ -z "$TEMPLATE" ]]; then
-    msg_error "No template found for ${PCT_OSTYPE} ${PCT_OSVERSION}"
-    msg_custom "ℹ️" "${YW}" "Please check:"
-    msg_custom "  •" "${YW}" "Is pveam catalog available? (run: pveam available -section system)"
-    msg_custom "  •" "${YW}" "Does the template exist for your OS version?"
-    exit 225
-  fi
-
-  msg_ok "Template ${BL}$TEMPLATE${CL} [$TEMPLATE_SOURCE]"
-  msg_debug "Resolved TEMPLATE_PATH=$TEMPLATE_PATH"
-
-  NEED_DOWNLOAD=0
-  if [[ ! -f "$TEMPLATE_PATH" ]]; then
-    msg_info "Template not present locally – will download."
-    NEED_DOWNLOAD=1
-  elif [[ ! -r "$TEMPLATE_PATH" ]]; then
-    msg_error "Template file exists but is not readable – check permissions."
-    exit 221
-  elif [[ "$(stat -c%s "$TEMPLATE_PATH")" -lt 1000000 ]]; then
-    if [[ -n "$ONLINE_TEMPLATE" ]]; then
-      msg_warn "Template file too small (<1MB) – re-downloading."
-      NEED_DOWNLOAD=1
-    else
-      msg_warn "Template looks too small, but no online version exists. Keeping local file."
+    TEMPLATE_PATH="$(pvesm path $TEMPLATE_STORAGE:vztmpl/$TEMPLATE 2>/dev/null || true)"
+    if [[ -z "$TEMPLATE_PATH" ]]; then
+      TEMPLATE_BASE=$(awk -v s="$TEMPLATE_STORAGE" '$1==s {f=1} f && /path/ {print $2; exit}' /etc/pve/storage.cfg)
+      [[ -n "$TEMPLATE_BASE" ]] && TEMPLATE_PATH="$TEMPLATE_BASE/template/cache/$TEMPLATE"
     fi
-  elif ! tar -tf "$TEMPLATE_PATH" &>/dev/null; then
-    if [[ -n "$ONLINE_TEMPLATE" ]]; then
-      msg_warn "Template appears corrupted – re-downloading."
-      NEED_DOWNLOAD=1
-    else
-      msg_warn "Template appears corrupted, but no online version exists. Keeping local file."
-    fi
-  else
-    $STD msg_ok "Template $TEMPLATE is present and valid."
-  fi
 
-  if [[ "$TEMPLATE_SOURCE" == "local" && -n "$ONLINE_TEMPLATE" && "$TEMPLATE" != "$ONLINE_TEMPLATE" ]]; then
-    msg_warn "Local template is outdated: $TEMPLATE (latest available: $ONLINE_TEMPLATE)"
-    if whiptail --yesno "A newer template is available:\n$ONLINE_TEMPLATE\n\nDo you want to download and use it instead?" 12 70; then
-      TEMPLATE="$ONLINE_TEMPLATE"
-      NEED_DOWNLOAD=1
-    else
-      msg_custom "ℹ️" "${BL}" "Continuing with local template $TEMPLATE"
+    # If we still don't have a path but have a valid template name, construct it
+    if [[ -z "$TEMPLATE_PATH" && -n "$TEMPLATE" ]]; then
+      TEMPLATE_PATH="/var/lib/vz/template/cache/$TEMPLATE"
     fi
-  fi
 
-  if [[ "$NEED_DOWNLOAD" -eq 1 ]]; then
-    [[ -f "$TEMPLATE_PATH" ]] && rm -f "$TEMPLATE_PATH"
-    for attempt in {1..3}; do
-      msg_info "Attempt $attempt: Downloading template $TEMPLATE to $TEMPLATE_STORAGE"
-      if pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1; then
-        msg_ok "Template download successful."
-        break
+    [[ -n "$TEMPLATE_PATH" ]] || {
+      if [[ -z "$TEMPLATE" ]]; then
+        msg_error "Template ${PCT_OSTYPE} ${PCT_OSVERSION} not available"
+
+        # Get available versions
+        mapfile -t AVAILABLE_VERSIONS < <(
+          pveam available -section system 2>/dev/null |
+            grep "^${PCT_OSTYPE}-" |
+            sed -E 's/.*'"${PCT_OSTYPE}"'-([0-9]+\.[0-9]+).*/\1/' |
+            grep -E '^[0-9]+\.[0-9]+$' |
+            sort -u -V 2>/dev/null || sort -u
+        )
+
+        if [[ ${#AVAILABLE_VERSIONS[@]} -gt 0 ]]; then
+          echo -e "\n${BL}Available versions:${CL}"
+          for i in "${!AVAILABLE_VERSIONS[@]}"; do
+            echo "  [$((i + 1))] ${AVAILABLE_VERSIONS[$i]}"
+          done
+
+          echo ""
+          read -p "Select version [1-${#AVAILABLE_VERSIONS[@]}] or press Enter to exit: " choice </dev/tty
+
+          if [[ "$choice" =~ ^[0-9]+$ ]] && [[ "$choice" -ge 1 ]] && [[ "$choice" -le ${#AVAILABLE_VERSIONS[@]} ]]; then
+            export var_version="${AVAILABLE_VERSIONS[$((choice - 1))]}"
+            export PCT_OSVERSION="$var_version"
+            msg_ok "Switched to ${PCT_OSTYPE} ${var_version}"
+
+            # Retry template search with new version
+            TEMPLATE_SEARCH="${PCT_OSTYPE}-${PCT_OSVERSION:-}"
+
+            mapfile -t LOCAL_TEMPLATES < <(
+              pveam list "$TEMPLATE_STORAGE" 2>/dev/null |
+                awk -v search="${TEMPLATE_SEARCH}-" -v pattern="${TEMPLATE_PATTERN}" '$1 ~ search && $1 ~ pattern {print $1}' |
+                sed 's|.*/||' | sort -t - -k 2 -V
+            )
+            mapfile -t ONLINE_TEMPLATES < <(
+              pveam available -section system 2>/dev/null |
+                grep -E '\.(tar\.zst|tar\.xz|tar\.gz)$' |
+                awk '{print $2}' |
+                grep -E "^${TEMPLATE_SEARCH}-.*${TEMPLATE_PATTERN}" |
+                sort -t - -k 2 -V 2>/dev/null || true
+            )
+            ONLINE_TEMPLATE=""
+            [[ ${#ONLINE_TEMPLATES[@]} -gt 0 ]] && ONLINE_TEMPLATE="${ONLINE_TEMPLATES[-1]}"
+
+            if [[ ${#LOCAL_TEMPLATES[@]} -gt 0 ]]; then
+              TEMPLATE="${LOCAL_TEMPLATES[-1]}"
+              TEMPLATE_SOURCE="local"
+            else
+              TEMPLATE="$ONLINE_TEMPLATE"
+              TEMPLATE_SOURCE="online"
+            fi
+
+            TEMPLATE_PATH="$(pvesm path $TEMPLATE_STORAGE:vztmpl/$TEMPLATE 2>/dev/null || true)"
+            if [[ -z "$TEMPLATE_PATH" ]]; then
+              TEMPLATE_BASE=$(awk -v s="$TEMPLATE_STORAGE" '$1==s {f=1} f && /path/ {print $2; exit}' /etc/pve/storage.cfg)
+              [[ -n "$TEMPLATE_BASE" ]] && TEMPLATE_PATH="$TEMPLATE_BASE/template/cache/$TEMPLATE"
+            fi
+
+            # If we still don't have a path but have a valid template name, construct it
+            if [[ -z "$TEMPLATE_PATH" && -n "$TEMPLATE" ]]; then
+              TEMPLATE_PATH="/var/lib/vz/template/cache/$TEMPLATE"
+            fi
+
+            [[ -n "$TEMPLATE_PATH" ]] || {
+              msg_error "Template still not found after version change"
+              exit 220
+            }
+          else
+            msg_custom "🚫" "${YW}" "Installation cancelled"
+            exit 0
+          fi
+        else
+          msg_error "No ${PCT_OSTYPE} templates available"
+          exit 220
+        fi
       fi
-      if [[ $attempt -eq 3 ]]; then
-        msg_error "Failed after 3 attempts. Please check network access, permissions, or manually run:\n  pveam download $TEMPLATE_STORAGE $TEMPLATE"
-        exit 222
-      fi
-      sleep $((attempt * 5))
-    done
-  fi
+    }
 
-  if ! pveam list "$TEMPLATE_STORAGE" 2>/dev/null | grep -q "$TEMPLATE"; then
-    msg_error "Template $TEMPLATE not available in storage $TEMPLATE_STORAGE after download."
-    exit 223
+    # Validate that we found a template
+    if [[ -z "$TEMPLATE" ]]; then
+      msg_error "No template found for ${PCT_OSTYPE} ${PCT_OSVERSION}"
+      msg_custom "ℹ️" "${YW}" "Please check:"
+      msg_custom "  •" "${YW}" "Is pveam catalog available? (run: pveam available -section system)"
+      msg_custom "  •" "${YW}" "Does the template exist for your OS version?"
+      exit 225
+    fi
+
+    msg_ok "Template ${BL}$TEMPLATE${CL} [$TEMPLATE_SOURCE]"
+    msg_debug "Resolved TEMPLATE_PATH=$TEMPLATE_PATH"
+
+    NEED_DOWNLOAD=0
+    if [[ ! -f "$TEMPLATE_PATH" ]]; then
+      msg_info "Template not present locally, will download it."
+      NEED_DOWNLOAD=1
+    elif [[ ! -r "$TEMPLATE_PATH" ]]; then
+      msg_error "Template file exists but is not readable, check permissions."
+      exit 221
+    elif [[ "$(stat -c%s "$TEMPLATE_PATH")" -lt 1000000 ]]; then
+      if [[ -n "$ONLINE_TEMPLATE" ]]; then
+        msg_warn "Template file too small (<1MB), re-downloading."
+        NEED_DOWNLOAD=1
+      else
+        msg_warn "Template looks too small, but no online version exists. Keeping local file."
+      fi
+    elif ! tar -tf "$TEMPLATE_PATH" &>/dev/null; then
+      if [[ -n "$ONLINE_TEMPLATE" ]]; then
+        msg_warn "Template appears corrupted, re-downloading."
+        NEED_DOWNLOAD=1
+      else
+        msg_warn "Template appears corrupted, but no online version exists. Keeping local file."
+      fi
+    else
+      $STD msg_ok "Template $TEMPLATE is present and valid."
+    fi
+
+    if [[ "$TEMPLATE_SOURCE" == "local" && -n "$ONLINE_TEMPLATE" && "$TEMPLATE" != "$ONLINE_TEMPLATE" ]]; then
+      msg_warn "Local template is outdated: $TEMPLATE (latest available: $ONLINE_TEMPLATE)"
+      if whiptail --yesno "A newer template is available:\n$ONLINE_TEMPLATE\n\nDo you want to download and use it instead?" 12 70; then
+        TEMPLATE="$ONLINE_TEMPLATE"
+        NEED_DOWNLOAD=1
+      else
+        msg_custom "ℹ️" "${BL}" "Continuing with local template $TEMPLATE"
+      fi
+    fi
+
+    if [[ "$NEED_DOWNLOAD" -eq 1 ]]; then
+      [[ -f "$TEMPLATE_PATH" ]] && rm -f "$TEMPLATE_PATH"
+      for attempt in {1..3}; do
+        msg_info "Attempt $attempt: Downloading template $TEMPLATE to $TEMPLATE_STORAGE"
+        if pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1; then
+          msg_ok "Template download successful."
+          break
+        fi
+        if [[ $attempt -eq 3 ]]; then
+          msg_error "Failed after 3 attempts. Please check network access, permissions, or manually run:\n  pveam download $TEMPLATE_STORAGE $TEMPLATE"
+          exit 222
+        fi
+        sleep $((attempt * 5))
+      done
+    fi
+
+    if ! pveam list "$TEMPLATE_STORAGE" 2>/dev/null | grep -q "$TEMPLATE"; then
+      msg_error "Template $TEMPLATE not available in storage $TEMPLATE_STORAGE after download."
+      exit 223
+    fi
   fi
 
   # ------------------------------------------------------------------------------
@@ -6165,21 +6288,15 @@ create_lxc_container() {
 
   # Validate template before pct create (while holding lock)
   if [[ ! -s "$TEMPLATE_PATH" || "$(stat -c%s "$TEMPLATE_PATH" 2>/dev/null || echo 0)" -lt 1000000 ]]; then
-    msg_info "Template file missing or too small – downloading"
+    msg_info "Template file missing or too small - downloading"
     rm -f "$TEMPLATE_PATH"
-    pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1 || {
-      msg_error "Failed to download template '$TEMPLATE' to storage '$TEMPLATE_STORAGE'"
-      exit 222
-    }
+    download_template
     msg_ok "Template downloaded"
   elif ! tar -tf "$TEMPLATE_PATH" &>/dev/null; then
-    if [[ -n "$ONLINE_TEMPLATE" ]]; then
-      msg_info "Template appears corrupted – re-downloading"
+    if [[ "$ARCH" == "arm64" || -n "$ONLINE_TEMPLATE" ]]; then
+      msg_info "Template appears corrupted - re-downloading"
       rm -f "$TEMPLATE_PATH"
-      pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1 || {
-        msg_error "Failed to re-download template '$TEMPLATE'"
-        exit 222
-      }
+      download_template
       msg_ok "Template re-downloaded"
     else
       msg_warn "Template appears corrupted, but no online version exists. Skipping re-download."
@@ -6227,9 +6344,9 @@ create_lxc_container() {
     else
       # Not a CTID collision - check if template issue and retry with fresh download
       if grep -qiE 'unable to open|corrupt|invalid' "$LOGFILE"; then
-        msg_info "Template may be corrupted – re-downloading"
+        msg_info "Template may be corrupted - re-downloading"
         rm -f "$TEMPLATE_PATH"
-        pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
+        download_template
         msg_ok "Template re-downloaded"
       fi
 
@@ -6242,7 +6359,11 @@ create_lxc_container() {
           if [[ ! -f "$LOCAL_TEMPLATE_PATH" ]]; then
             msg_ok "Trying local storage fallback"
             msg_info "Downloading template to local"
-            pveam download local "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
+            if [[ "$ARCH" == "arm64" ]]; then
+              download_arm64_template "$LOCAL_TEMPLATE_PATH"
+            else
+              pveam download local "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
+            fi
             msg_ok "Template downloaded to local"
           else
             msg_ok "Trying local storage fallback"

misc/core.func

@@ -344,9 +344,15 @@ pve_check() {
 # - Provides link to ARM64-compatible scripts
 # ------------------------------------------------------------------------------
 arch_check() {
-  if [ "$(dpkg --print-architecture)" != "amd64" ]; then
-    msg_error "This script will not work with PiMox (ARM architecture detected)."
-    msg_warn "Visit https://github.com/asylumexp/Proxmox for ARM64 support."
+  local arch
+  arch="$(dpkg --print-architecture)"
+  if [[ "$arch" != "amd64" && "$arch" != "arm64" ]]; then
+    msg_error "This script requires amd64 or arm64 (detected: $arch)."
+    sleep 2
+    exit 106
+  fi
+  if [[ "$arch" == "arm64" && "${var_arm64:-}" != "yes" ]]; then
+    msg_error "This script does not yet support arm64."
     sleep 2
     exit 106
   fi
@@ -1712,6 +1718,38 @@ function get_lxc_ip() {
   export LOCAL_IP
 }
 
+# ------------------------------------------------------------------------------
+# ensure_whiptail()
+#
+# - Ensures whiptail is installed
+# - Some ARM64 systems will not have whiptail installed
+# - Exits with error message if installation fails
+# ------------------------------------------------------------------------------
+ensure_whiptail() {
+  command -v whiptail >/dev/null 2>&1 && return 0
+
+  msg_info "Installing whiptail"
+  apt_update_safe
+  $STD apt-get install -y whiptail || {
+    msg_error "Failed to install whiptail"
+    exit 100
+  }
+  msg_ok "Installed whiptail"
+}
+
+# ------------------------------------------------------------------------------
+# arm64_notice()
+#
+# - Shows a short warning when running scripts on ARM64 systems
+# ------------------------------------------------------------------------------
+arm64_notice() {
+  [[ "$(dpkg --print-architecture)" == "arm64" ]] || return 0
+
+  whiptail --backtitle "Proxmox VE Helper Scripts" \
+    --title "ARM64 SUPPORT" \
+    --ok-button "Continue" \
+    --msgbox "ARM64 support is in active development.\n\nSome scripts, packages, or application releases may not be fully tested or working yet." 10 68
+}
 # ==============================================================================
 # SIGNAL TRAPS
 # ==============================================================================

misc/error_handler.func

@@ -99,7 +99,7 @@ if ! declare -f explain_exit_code &>/dev/null; then
     103) echo "Validation: Shell is not Bash" ;;
     104) echo "Validation: Not running as root (or invoked via sudo)" ;;
     105) echo "Validation: Proxmox VE version not supported" ;;
-    106) echo "Validation: Architecture not supported (ARM / PiMox)" ;;
+    106) echo "Validation: Unsupported architecture (requires amd64 or arm64)" ;;
     107) echo "Validation: Kernel key parameters unreadable" ;;
     108) echo "Validation: Kernel key limits exceeded" ;;
     109) echo "Proxmox: No available container ID after max attempts" ;;

misc/tools.func

@@ -2394,12 +2394,11 @@ check_for_gh_release() {
 
   # For pinned versions, query the specific release tag directly
   if [[ -n "$pinned_version_in" ]]; then
-    local pinned_version_encoded="${pinned_version_in//\//%2F}"
     http_code=$(curl -sSL --max-time 20 -w "%{http_code}" -o /tmp/gh_check.json \
       -H 'Accept: application/vnd.github+json' \
       -H 'X-GitHub-Api-Version: 2022-11-28' \
       "${header_args[@]}" \
-      "https://api.github.com/repos/${source}/releases/tags/${pinned_version_encoded}" 2>/dev/null) || true
+      "https://api.github.com/repos/${source}/releases/tags/${pinned_version_in}" 2>/dev/null) || true
 
     if [[ "$http_code" == "200" ]] && [[ -s /tmp/gh_check.json ]]; then
       releases_json="[$(</tmp/gh_check.json)]"
@@ -2521,19 +2520,11 @@ check_for_gh_release() {
       rm -f "${legacy_files[0]}"
     fi
   fi
-  if [[ "$current" =~ ^v[0-9] ]]; then
-    current="${current:1}"
-  fi
-						
+  current="${current#v}"
 
   # Pinned version handling
   if [[ -n "$pinned_version_in" ]]; then
-    local pin_clean
-    if [[ "$pinned_version_in" =~ ^v[0-9] ]]; then
-      pin_clean="${pinned_version_in:1}"
-    else
-      pin_clean="$pinned_version_in"
-    fi
+    local pin_clean="${pinned_version_in#v}"
     local match_raw=""
     for i in "${!clean_tags[@]}"; do
       if [[ "${clean_tags[$i]}" == "$pin_clean" ]]; then
@@ -2571,6 +2562,7 @@ check_for_gh_release() {
   msg_ok "No update available: ${app} (${latest_clean})"
   return 1
 }
+
 # ------------------------------------------------------------------------------
 # Checks for new Codeberg release (latest tag).
 #
@@ -3068,10 +3060,14 @@ function fetch_and_deploy_codeberg_release() {
     # Fall back to architecture heuristic
     if [[ -z "$url_match" ]]; then
       for u in $assets; do
-        if [[ "$u" =~ ($arch|amd64|x86_64|aarch64|arm64).*\.deb$ ]]; then
-          url_match="$u"
-          break
+        [[ "$u" =~ \.deb$ ]] || continue
+        if [[ "${arch,,}" =~ ^(amd64|x86_64)$ ]]; then
+          [[ "$u" =~ (amd64|x86_64).*\.deb$ ]] || continue
+        elif [[ "${arch,,}" =~ ^(arm64|aarch64)$ ]]; then
+          [[ "$u" =~ (arm64|aarch64).*\.deb$ ]] || continue
         fi
+        url_match="$u"
+        break
       done
     fi
 
@@ -3368,7 +3364,11 @@ _gh_scan_older_releases() {
         done)
       fi
       if [[ "$has_match" != "true" ]]; then
-        has_match=$(echo "$releases_list" | jq -r ".[$i].assets[].browser_download_url" | grep -qE "($arch|amd64|x86_64|aarch64|arm64).*\.deb$" && echo true)
+        if [[ "${arch,,}" =~ ^(amd64|x86_64)$ ]]; then
+          has_match=$(echo "$releases_list" | jq -r ".[$i].assets[].browser_download_url" | grep -qE '(amd64|x86_64).*\.deb$' && echo true)
+        elif [[ "${arch,,}" =~ ^(arm64|aarch64)$ ]]; then
+          has_match=$(echo "$releases_list" | jq -r ".[$i].assets[].browser_download_url" | grep -qE '(arm64|aarch64).*\.deb$' && echo true)
+        fi
       fi
       if [[ "$has_match" != "true" ]]; then
         has_match=$(echo "$releases_list" | jq -r ".[$i].assets[].browser_download_url" | grep -qE '\.deb$' && echo true)
@@ -3574,10 +3574,14 @@ function fetch_and_deploy_gh_release() {
     # If no match via explicit pattern, fall back to architecture heuristic
     if [[ -z "$url_match" ]]; then
       for u in $assets; do
-        if [[ "$u" =~ ($arch|amd64|x86_64|aarch64|arm64).*\.deb$ ]]; then
-          url_match="$u"
-          break
+        [[ "$u" =~ \.deb$ ]] || continue
+        if [[ "${arch,,}" =~ ^(amd64|x86_64)$ ]]; then
+          [[ "$u" =~ (amd64|x86_64).*\.deb$ ]] || continue
+        elif [[ "${arch,,}" =~ ^(arm64|aarch64)$ ]]; then
+          [[ "$u" =~ (arm64|aarch64).*\.deb$ ]] || continue
         fi
+        url_match="$u"
+        break
       done
     fi
 
@@ -3608,10 +3612,14 @@ function fetch_and_deploy_gh_release() {
         fi
         if [[ -z "$url_match" ]]; then
           for u in $assets; do
-            if [[ "$u" =~ ($arch|amd64|x86_64|aarch64|arm64).*\.deb$ ]]; then
-              url_match="$u"
-              break
+            [[ "$u" =~ \.deb$ ]] || continue
+            if [[ "${arch,,}" =~ ^(amd64|x86_64)$ ]]; then
+              [[ "$u" =~ (amd64|x86_64).*\.deb$ ]] || continue
+            elif [[ "${arch,,}" =~ ^(arm64|aarch64)$ ]]; then
+              [[ "$u" =~ (arm64|aarch64).*\.deb$ ]] || continue
             fi
+            url_match="$u"
+            break
           done
         fi
         if [[ -z "$url_match" ]]; then
@@ -3979,7 +3987,12 @@ function setup_ffmpeg() {
 
   # Binary fallback mode
   if [[ "$TYPE" == "binary" ]]; then
-    if ! CURL_TIMEOUT=300 curl_with_retry "https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz" "$TMP_DIR/ffmpeg.tar.xz"; then
+    local ffmpeg_arch
+    case "$(dpkg --print-architecture 2>/dev/null || echo amd64)" in
+    arm64) ffmpeg_arch="arm64" ;;
+    *) ffmpeg_arch="amd64" ;;
+    esac
+    if ! CURL_TIMEOUT=300 curl_with_retry "https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-${ffmpeg_arch}-static.tar.xz" "$TMP_DIR/ffmpeg.tar.xz"; then
       msg_error "Failed to download FFmpeg binary"
       rm -rf "$TMP_DIR"
       return 250
@@ -4066,7 +4079,17 @@ function setup_ffmpeg() {
   # If no source download (either VERSION empty or download failed), use binary
   if [[ -z "$VERSION" ]]; then
     msg_info "Setup FFmpeg from pre-built binary"
-    if ! CURL_TIMEOUT=300 curl_with_retry "https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz" "$TMP_DIR/ffmpeg.tar.xz"; then
+    local ffmpeg_arch detected_arch
+    detected_arch="$(dpkg --print-architecture 2>/dev/null || true)"
+    if [[ -z "$detected_arch" ]]; then
+      detected_arch="$(uname -m 2>/dev/null || true)"
+    fi
+    case "$detected_arch" in
+    arm64 | aarch64) ffmpeg_arch="arm64" ;;
+    amd64 | x86_64) ffmpeg_arch="amd64" ;;
+    *) ffmpeg_arch="amd64" ;;
+    esac
+    if ! CURL_TIMEOUT=300 curl_with_retry "https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-${ffmpeg_arch}-static.tar.xz" "$TMP_DIR/ffmpeg.tar.xz"; then
       msg_error "Failed to download FFmpeg pre-built binary"
       rm -rf "$TMP_DIR"
       return 250
@@ -8242,7 +8265,19 @@ function setup_yq() {
     msg_info "Setup yq $LATEST_VERSION"
   fi
 
-  if ! curl_with_retry "https://github.com/${GITHUB_REPO}/releases/download/v${LATEST_VERSION}/yq_linux_amd64" "$TMP_DIR/yq"; then
+  local yq_arch detected_arch
+  if command -v dpkg &>/dev/null; then
+    detected_arch="$(dpkg --print-architecture 2>/dev/null)"
+  else
+    detected_arch="$(uname -m 2>/dev/null)"
+  fi
+
+  case "$detected_arch" in
+  arm64 | aarch64) yq_arch="arm64" ;;
+  amd64 | x86_64) yq_arch="amd64" ;;
+  *) yq_arch="amd64" ;;
+  esac
+  if ! curl_with_retry "https://github.com/${GITHUB_REPO}/releases/download/v${LATEST_VERSION}/yq_linux_${yq_arch}" "$TMP_DIR/yq"; then
     msg_error "Failed to download yq"
     rm -rf "$TMP_DIR"
     return 250