Reorder hwaccel setup and adjust GPU group usermod

Move setup_hwaccel invocations in emby, jellyfin, ollama, and plex installers to occur after package installation/configuration so GPU drivers/repos are present before enabling hardware acceleration. Update _setup_gpu_permissions to call usermod directly (remove $STD wrapper) when adding service users to render/video groups. Includes minor whitespace/ordering cleanups in the installer scripts.

.github/workflows/delete-pocketbase-entry-on-removal.yml

@@ -75,7 +75,8 @@ jobs:
             const http = require('http');
             const url = require('url');
 
-            function request(fullUrl, opts) {
+            function request(fullUrl, opts, redirectCount) {
+              redirectCount = redirectCount || 0;
               return new Promise(function(resolve, reject) {
                 const u = url.parse(fullUrl);
                 const isHttps = u.protocol === 'https:';
@@ -90,6 +91,13 @@ jobs:
                 if (body) options.headers['Content-Length'] = Buffer.byteLength(body);
                 const lib = isHttps ? https : http;
                 const req = lib.request(options, function(res) {
+                  if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
+                    if (redirectCount >= 5) return reject(new Error('Too many redirects from ' + fullUrl));
+                    const redirectUrl = url.resolve(fullUrl, res.headers.location);
+                    res.resume();
+                    resolve(request(redirectUrl, opts, redirectCount + 1));
+                    return;
+                  }
                   let data = '';
                   res.on('data', function(chunk) { data += chunk; });
                   res.on('end', function() {

.github/workflows/push-json-to-pocketbase.yml

@@ -48,7 +48,8 @@ jobs:
           const https = require('https');
           const http = require('http');
           const url = require('url');
-          function request(fullUrl, opts) {
+          function request(fullUrl, opts, redirectCount) {
+            redirectCount = redirectCount || 0;
             return new Promise(function(resolve, reject) {
               const u = url.parse(fullUrl);
               const isHttps = u.protocol === 'https:';
@@ -63,6 +64,13 @@ jobs:
               if (body) options.headers['Content-Length'] = Buffer.byteLength(body);
               const lib = isHttps ? https : http;
               const req = lib.request(options, function(res) {
+                if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
+                  if (redirectCount >= 5) return reject(new Error('Too many redirects from ' + fullUrl));
+                  const redirectUrl = url.resolve(fullUrl, res.headers.location);
+                  res.resume();
+                  resolve(request(redirectUrl, opts, redirectCount + 1));
+                  return;
+                }
                 let data = '';
                 res.on('data', function(chunk) { data += chunk; });
                 res.on('end', function() {
@@ -125,15 +133,15 @@ jobs:
           var osVersionToId = {};
           try {
             const res = await request(apiBase + '/collections/z_ref_note_types/records?perPage=500', { headers: { 'Authorization': token } });
-            if (res.ok) JSON.parse(res.body).items?.forEach(function(item) { if (item.type != null) noteTypeToId[item.type] = item.id; });
+            if (res.ok) JSON.parse(res.body).items?.forEach(function(item) { if (item.type != null) { noteTypeToId[item.type] = item.id; noteTypeToId[item.type.toLowerCase()] = item.id; } });
           } catch (e) { console.warn('z_ref_note_types:', e.message); }
           try {
             const res = await request(apiBase + '/collections/z_ref_install_method_types/records?perPage=500', { headers: { 'Authorization': token } });
-            if (res.ok) JSON.parse(res.body).items?.forEach(function(item) { if (item.type != null) installMethodTypeToId[item.type] = item.id; });
+            if (res.ok) JSON.parse(res.body).items?.forEach(function(item) { if (item.type != null) { installMethodTypeToId[item.type] = item.id; installMethodTypeToId[item.type.toLowerCase()] = item.id; } });
           } catch (e) { console.warn('z_ref_install_method_types:', e.message); }
           try {
             const res = await request(apiBase + '/collections/z_ref_os/records?perPage=500', { headers: { 'Authorization': token } });
-            if (res.ok) JSON.parse(res.body).items?.forEach(function(item) { if (item.os != null) osToId[item.os] = item.id; });
+            if (res.ok) JSON.parse(res.body).items?.forEach(function(item) { if (item.os != null) { osToId[item.os] = item.id; osToId[item.os.toLowerCase()] = item.id; } });
           } catch (e) { console.warn('z_ref_os:', e.message); }
           try {
             const res = await request(apiBase + '/collections/z_ref_os_version/records?perPage=500&expand=os', { headers: { 'Authorization': token } });
@@ -154,7 +162,7 @@ jobs:
               name: data.name,
               slug: data.slug,
               script_created: data.date_created || data.script_created,
-              script_updated: data.date_created || data.script_updated,
+              script_updated: new Date().toISOString().split('T')[0],
               updateable: data.updateable,
               privileged: data.privileged,
               port: data.interface_port != null ? data.interface_port : data.port,
@@ -163,8 +171,8 @@ jobs:
               logo: data.logo,
               description: data.description,
               config_path: data.config_path,
-              default_user: (data.default_credentials && data.default_credentials.username) || data.default_user,
-              default_passwd: (data.default_credentials && data.default_credentials.password) || data.default_passwd,
+              default_user: (data.default_credentials && data.default_credentials.username) || data.default_user || null,
+              default_passwd: (data.default_credentials && data.default_credentials.password) || data.default_passwd || null,
               is_dev: false
             };
             var resolvedType = typeValueToId[data.type];
@@ -190,7 +198,7 @@ jobs:
                 var postRes = await request(notesCollUrl, {
                   method: 'POST',
                   headers: { 'Authorization': token, 'Content-Type': 'application/json' },
-                  body: JSON.stringify({ text: note.text || '', type: typeId })
+                  body: JSON.stringify({ text: note.text || '', type: typeId, script: scriptId })
                 });
                 if (postRes.ok) noteIds.push(JSON.parse(postRes.body).id);
               }

.github/workflows/update-script-timestamp-on-sh-change.yml

@@ -83,7 +83,8 @@ jobs:
             const http = require('http');
             const url = require('url');
 
-            function request(fullUrl, opts) {
+            function request(fullUrl, opts, redirectCount) {
+              redirectCount = redirectCount || 0;
               return new Promise(function(resolve, reject) {
                 const u = url.parse(fullUrl);
                 const isHttps = u.protocol === 'https:';
@@ -98,6 +99,13 @@ jobs:
                 if (body) options.headers['Content-Length'] = Buffer.byteLength(body);
                 const lib = isHttps ? https : http;
                 const req = lib.request(options, function(res) {
+                  if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
+                    if (redirectCount >= 5) return reject(new Error('Too many redirects from ' + fullUrl));
+                    const redirectUrl = url.resolve(fullUrl, res.headers.location);
+                    res.resume();
+                    resolve(request(redirectUrl, opts, redirectCount + 1));
+                    return;
+                  }
                   let data = '';
                   res.on('data', function(chunk) { data += chunk; });
                   res.on('end', function() {
@@ -151,7 +159,7 @@ jobs:
                 method: 'PATCH',
                 headers: { 'Authorization': token, 'Content-Type': 'application/json' },
                 body: JSON.stringify({
-                  name: record.name || record.slug,
+                  script_updated: new Date().toISOString().split('T')[0],
                   last_update_commit: process.env.PR_URL || process.env.COMMIT_URL || ''
                 })
               });

CHANGELOG.md

@@ -450,6 +450,7 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
   - #### ✨ New Features
 
+    - tools.func Implement pg_cron setup for setup_postgresql [@MickLesk](https://github.com/MickLesk) ([#13053](https://github.com/community-scripts/ProxmoxVE/pull/13053))
     - tools.func: Implement check_for_gh_tag function [@MickLesk](https://github.com/MickLesk) ([#12998](https://github.com/community-scripts/ProxmoxVE/pull/12998))
     - tools.func: Implement fetch_and_deploy_gh_tag function [@MickLesk](https://github.com/MickLesk) ([#13000](https://github.com/community-scripts/ProxmoxVE/pull/13000))
 

ct/podman-homeassistant.sh

@@ -23,7 +23,7 @@ function update_script() {
   header_info
   check_container_storage
   check_container_resources
-  if [[ ! -f /etc/containers/systemd/homeassistant.container ]]; then
+  if [[ ! -f /etc/systemd/system/homeassistant.service ]]; then
     msg_error "No ${APP} Installation Found!"
     exit
   fi

ct/tdarr.sh

@@ -33,12 +33,16 @@ function update_script() {
   $STD apt upgrade -y
   rm -rf /opt/tdarr/Tdarr_Updater
   cd /opt/tdarr
-  RELEASE=$(curl -fsSL https://f000.backblazeb2.com/file/tdarrs/versions.json | grep -oP '(?<="Tdarr_Updater": ")[^"]+' | grep linux_x64 | head -n 1)
-  curl -fsSL "$RELEASE" -o Tdarr_Updater.zip
+  RELEASE=$(curl_with_retry "https://f000.backblazeb2.com/file/tdarrs/versions.json" "-" | grep -oP '(?<="Tdarr_Updater": ")[^"]+' | grep linux_x64 | head -n 1)
+  curl_with_retry "$RELEASE" "Tdarr_Updater.zip"
   $STD unzip Tdarr_Updater.zip
   chmod +x Tdarr_Updater
   $STD ./Tdarr_Updater
   rm -rf /opt/tdarr/Tdarr_Updater.zip
+  [[ -f /opt/tdarr/Tdarr_Server/Tdarr_Server ]] || {
+    msg_error "Tdarr_Updater failed — tdarr.io may be blocked by local DNS"
+    exit 250
+  }
   msg_ok "Updated Tdarr"
   msg_ok "Updated successfully!"
   exit

install/emby-install.sh

@@ -13,10 +13,10 @@ setting_up_container
 network_check
 update_os
 
-setup_hwaccel "emby"
-
 fetch_and_deploy_gh_release "emby" "MediaBrowser/Emby.Releases" "binary"
 
+setup_hwaccel "emby"
+
 motd_ssh
 customize
 cleanup_lxc

install/jellyfin-install.sh

@@ -14,7 +14,6 @@ network_check
 update_os
 
 msg_custom "ℹ️" "${GN}" "If NVIDIA GPU passthrough is detected, you'll be asked whether to install drivers in the container"
-setup_hwaccel "jellyfin"
 
 msg_info "Installing Dependencies"
 ensure_dependencies libjemalloc2
@@ -37,6 +36,8 @@ ln -sf /usr/lib/jellyfin-ffmpeg/ffmpeg /usr/bin/ffmpeg
 ln -sf /usr/lib/jellyfin-ffmpeg/ffprobe /usr/bin/ffprobe
 msg_ok "Installed Jellyfin"
 
+setup_hwaccel "jellyfin"
+
 msg_info "Configuring Jellyfin"
 # Configure log rotation to prevent disk fill (keeps fail2ban compatibility) (PR: #1690 / Issue: #11224)
 cat <<EOF >/etc/logrotate.d/jellyfin

install/ollama-install.sh

@@ -42,8 +42,6 @@ EOF
 $STD apt update
 msg_ok "Set up Intel® Repositories"
 
-setup_hwaccel "ollama"
-
 msg_info "Installing Intel® Level Zero"
 # Debian 13+ has newer Level Zero packages in system repos that conflict with Intel repo packages
 if is_debian && [[ "$(get_os_version_major)" -ge 13 ]]; then
@@ -92,6 +90,8 @@ fi
 $STD usermod -aG ollama $(id -u -n)
 msg_ok "Created ollama User and adjusted Groups"
 
+setup_hwaccel "ollama"
+
 msg_info "Creating Service"
 cat <<EOF >/etc/systemd/system/ollama.service
 [Unit]

install/plex-install.sh

@@ -13,8 +13,6 @@ setting_up_container
 network_check
 update_os
 
-setup_hwaccel "plex"
-
 msg_info "Setting Up Plex Media Server Repository"
 setup_deb822_repo \
   "plexmediaserver" \
@@ -28,6 +26,8 @@ msg_info "Installing Plex Media Server"
 $STD apt install -y plexmediaserver
 msg_ok "Installed Plex Media Server"
 
+setup_hwaccel "plex"
+
 motd_ssh
 customize
 cleanup_lxc

install/podman-homeassistant-install.sh

@@ -45,58 +45,32 @@ systemctl enable -q --now podman.socket
 echo -e 'unqualified-search-registries=["docker.io"]' >>/etc/containers/registries.conf
 msg_ok "Installed Podman"
 
-mkdir -p /etc/containers/systemd
-
 read -r -p "${TAB3}Would you like to add Portainer? <y/N> " prompt
 if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
   msg_info "Installing Portainer $PORTAINER_LATEST_VERSION"
   podman volume create portainer_data >/dev/null
-  cat <<EOF >/etc/containers/systemd/portainer.container
-[Unit]
-Description=Portainer Container
-After=network-online.target
-
-[Container]
-Image=docker.io/portainer/portainer-ce:latest
-ContainerName=portainer
-PublishPort=8000:8000
-PublishPort=9443:9443
-Volume=/run/podman/podman.sock:/var/run/docker.sock
-Volume=portainer_data:/data
-
-[Service]
-Restart=always
-
-[Install]
-WantedBy=default.target multi-user.target
-EOF
-  systemctl daemon-reload
-  systemctl enable -q --now portainer
+  $STD podman run -d \
+    -p 8000:8000 \
+    -p 9443:9443 \
+    --name=portainer \
+    --restart=always \
+    -v /run/podman/podman.sock:/var/run/docker.sock \
+    -v portainer_data:/data \
+    portainer/portainer-ce:latest
   msg_ok "Installed Portainer $PORTAINER_LATEST_VERSION"
 else
   read -r -p "${TAB3}Would you like to add the Portainer Agent? <y/N> " prompt
   if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
     msg_info "Installing Portainer agent $PORTAINER_AGENT_LATEST_VERSION"
-    cat <<EOF >/etc/containers/systemd/portainer-agent.container
-[Unit]
-Description=Portainer Agent Container
-After=network-online.target
-
-[Container]
-Image=docker.io/portainer/agent:latest
-ContainerName=portainer_agent
-PublishPort=9001:9001
-Volume=/run/podman/podman.sock:/var/run/docker.sock
-Volume=/var/lib/containers/storage/volumes:/var/lib/docker/volumes
-
-[Service]
-Restart=always
-
-[Install]
-WantedBy=default.target multi-user.target
-EOF
-    systemctl daemon-reload
-    systemctl enable -q --now portainer-agent
+    podman volume create temp >/dev/null
+    podman volume remove temp >/dev/null
+    $STD podman run -d \
+      -p 9001:9001 \
+      --name portainer_agent \
+      --restart=always \
+      -v /run/podman/podman.sock:/var/run/docker.sock \
+      -v /var/lib/containers/storage/volumes:/var/lib/docker/volumes \
+      portainer/agent
     msg_ok "Installed Portainer Agent $PORTAINER_AGENT_LATEST_VERSION"
   fi
 fi
@@ -107,28 +81,18 @@ msg_ok "Pulled Home Assistant Image"
 
 msg_info "Installing Home Assistant"
 $STD podman volume create hass_config
-cat <<EOF >/etc/containers/systemd/homeassistant.container
-[Unit]
-Description=Home Assistant Container
-After=network-online.target
-
-[Container]
-Image=docker.io/homeassistant/home-assistant:stable
-ContainerName=homeassistant
-Volume=/dev:/dev
-Volume=hass_config:/config
-Volume=/etc/localtime:/etc/localtime:ro
-Volume=/etc/timezone:/etc/timezone:ro
-Network=host
-
-[Service]
-Restart=always
-TimeoutStartSec=300
-
-[Install]
-WantedBy=default.target multi-user.target
-EOF
-systemctl daemon-reload
+$STD podman run -d \
+  --name homeassistant \
+  --restart unless-stopped \
+  -v /dev:/dev \
+  -v hass_config:/config \
+  -v /etc/localtime:/etc/localtime:ro \
+  -v /etc/timezone:/etc/timezone:ro \
+  --net=host \
+  homeassistant/home-assistant:stable
+podman generate systemd \
+  --new --name homeassistant \
+  >/etc/systemd/system/homeassistant.service
 systemctl enable -q --now homeassistant
 msg_ok "Installed Home Assistant"
 

install/podman-install.sh

@@ -45,58 +45,32 @@ systemctl enable -q --now podman.socket
 echo -e 'unqualified-search-registries=["docker.io"]' >>/etc/containers/registries.conf
 msg_ok "Installed Podman"
 
-mkdir -p /etc/containers/systemd
-
 read -r -p "${TAB3}Would you like to add Portainer? <y/N> " prompt
 if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
   msg_info "Installing Portainer $PORTAINER_LATEST_VERSION"
   podman volume create portainer_data >/dev/null
-  cat <<EOF >/etc/containers/systemd/portainer.container
-[Unit]
-Description=Portainer Container
-After=network-online.target
-
-[Container]
-Image=docker.io/portainer/portainer-ce:latest
-ContainerName=portainer
-PublishPort=8000:8000
-PublishPort=9443:9443
-Volume=/run/podman/podman.sock:/var/run/docker.sock
-Volume=portainer_data:/data
-
-[Service]
-Restart=always
-
-[Install]
-WantedBy=default.target multi-user.target
-EOF
-  systemctl daemon-reload
-  systemctl enable -q --now portainer
+  $STD podman run -d \
+    -p 8000:8000 \
+    -p 9443:9443 \
+    --name=portainer \
+    --restart=always \
+    -v /run/podman/podman.sock:/var/run/docker.sock \
+    -v portainer_data:/data \
+    portainer/portainer-ce:latest
   msg_ok "Installed Portainer $PORTAINER_LATEST_VERSION"
 else
   read -r -p "${TAB3}Would you like to add the Portainer Agent? <y/N> " prompt
   if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
     msg_info "Installing Portainer agent $PORTAINER_AGENT_LATEST_VERSION"
-    cat <<EOF >/etc/containers/systemd/portainer-agent.container
-[Unit]
-Description=Portainer Agent Container
-After=network-online.target
-
-[Container]
-Image=docker.io/portainer/agent:latest
-ContainerName=portainer_agent
-PublishPort=9001:9001
-Volume=/run/podman/podman.sock:/var/run/docker.sock
-Volume=/var/lib/containers/storage/volumes:/var/lib/docker/volumes
-
-[Service]
-Restart=always
-
-[Install]
-WantedBy=default.target multi-user.target
-EOF
-    systemctl daemon-reload
-    systemctl enable -q --now portainer-agent
+    podman volume create temp >/dev/null
+    podman volume remove temp >/dev/null
+    $STD podman run -d \
+      -p 9001:9001 \
+      --name portainer_agent \
+      --restart=always \
+      -v /run/podman/podman.sock:/var/run/docker.sock \
+      -v /var/lib/containers/storage/volumes:/var/lib/docker/volumes \
+      portainer/agent
     msg_ok "Installed Portainer Agent $PORTAINER_AGENT_LATEST_VERSION"
   fi
 fi

install/tdarr-install.sh

@@ -20,12 +20,16 @@ msg_ok "Installed Dependencies"
 msg_info "Installing Tdarr"
 mkdir -p /opt/tdarr
 cd /opt/tdarr
-RELEASE=$(curl -fsSL https://f000.backblazeb2.com/file/tdarrs/versions.json | grep -oP '(?<="Tdarr_Updater": ")[^"]+' | grep linux_x64 | head -n 1)
-curl -fsSL "$RELEASE" -o Tdarr_Updater.zip
+RELEASE=$(curl_with_retry "https://f000.backblazeb2.com/file/tdarrs/versions.json" "-" | grep -oP '(?<="Tdarr_Updater": ")[^"]+' | grep linux_x64 | head -n 1)
+curl_with_retry "$RELEASE" "Tdarr_Updater.zip"
 $STD unzip Tdarr_Updater.zip
 chmod +x Tdarr_Updater
 $STD ./Tdarr_Updater
 rm -rf /opt/tdarr/Tdarr_Updater.zip
+[[ -f /opt/tdarr/Tdarr_Server/Tdarr_Server ]] || {
+  msg_error "Tdarr_Updater failed — tdarr.io may be blocked by local DNS"
+  exit 250
+}
 msg_ok "Installed Tdarr"
 
 setup_hwaccel

misc/tools.func

@@ -5213,8 +5213,8 @@ _setup_gpu_permissions() {
 
   # Add service user to render and video groups for GPU hardware acceleration
   if [[ -n "$service_user" ]]; then
-    $STD usermod -aG render "$service_user" 2>/dev/null || true
-    $STD usermod -aG video "$service_user" 2>/dev/null || true
+    usermod -aG render "$service_user" 2>/dev/null || true
+    usermod -aG video "$service_user" 2>/dev/null || true
   fi
 }
 
@@ -6698,22 +6698,38 @@ EOF
 #   - Optionally uses official PGDG repository for specific versions
 #   - Detects existing PostgreSQL version
 #   - Dumps all databases before upgrade
-#   - Installs optional PG_MODULES (e.g. postgis, contrib)
+#   - Installs optional PG_MODULES (e.g. postgis, contrib, cron)
 #   - Restores dumped data post-upgrade
 #
 # Variables:
 #   USE_PGDG_REPO  - Use official PGDG repository (default: true)
 #                    Set to "false" to use distro packages instead
 #   PG_VERSION    - Major PostgreSQL version (e.g. 15, 16) (default: 16)
-#   PG_MODULES    - Comma-separated list of modules (e.g. "postgis,contrib")
+#   PG_MODULES    - Comma-separated list of modules (e.g. "postgis,contrib,cron")
 #
 # Examples:
-#   setup_postgresql                              # Uses PGDG repo, PG 16
-#   PG_VERSION="17" setup_postgresql               # Specific version from PGDG
-#   USE_PGDG_REPO=false setup_postgresql           # Uses distro package instead
+#   setup_postgresql                                          # Uses PGDG repo, PG 16
+#   PG_VERSION="17" setup_postgresql                          # Specific version from PGDG
+#   USE_PGDG_REPO=false setup_postgresql                      # Uses distro package instead
+#   PG_VERSION="17" PG_MODULES="cron" setup_postgresql        # With pg_cron module
 # ------------------------------------------------------------------------------
 
-function setup_postgresql() {
+# Internal helper: Configure shared_preload_libraries for pg_cron
+_configure_pg_cron_preload() {
+  local modules="${1:-}"
+  [[ -z "$modules" ]] && return 0
+  if [[ ",$modules," == *",cron,"* ]]; then
+    local current_libs
+    current_libs=$(sudo -u postgres psql -tAc "SHOW shared_preload_libraries;" 2>/dev/null || echo "")
+    if [[ "$current_libs" != *"pg_cron"* ]]; then
+      local new_libs="${current_libs:+${current_libs},}pg_cron"
+      $STD sudo -u postgres psql -c "ALTER SYSTEM SET shared_preload_libraries = '${new_libs}';"
+      $STD systemctl restart postgresql
+    fi
+  fi
+}
+
+setup_postgresql() {
   local PG_VERSION="${PG_VERSION:-16}"
   local PG_MODULES="${PG_MODULES:-}"
   local USE_PGDG_REPO="${USE_PGDG_REPO:-true}"
@@ -6751,6 +6767,7 @@ function setup_postgresql() {
           $STD apt install -y "postgresql-${CURRENT_PG_VERSION}-${module}" 2>/dev/null || true
         done
       fi
+      _configure_pg_cron_preload "$PG_MODULES"
       return 0
     fi
 
@@ -6786,6 +6803,7 @@ function setup_postgresql() {
         $STD apt install -y "postgresql-${INSTALLED_VERSION}-${module}" 2>/dev/null || true
       done
     fi
+    _configure_pg_cron_preload "$PG_MODULES"
     return 0
   fi
 
@@ -6807,6 +6825,7 @@ function setup_postgresql() {
         $STD apt install -y "postgresql-${PG_VERSION}-${module}" 2>/dev/null || true
       done
     fi
+    _configure_pg_cron_preload "$PG_MODULES"
     return 0
   fi
 
@@ -6834,13 +6853,16 @@ function setup_postgresql() {
   local SUITE
   case "$DISTRO_CODENAME" in
   trixie | forky | sid)
+
     if verify_repo_available "https://apt.postgresql.org/pub/repos/apt" "trixie-pgdg"; then
       SUITE="trixie-pgdg"
+
     else
       msg_warn "PGDG repo not available for ${DISTRO_CODENAME}, falling back to distro packages"
       USE_PGDG_REPO=false setup_postgresql
       return $?
     fi
+
     ;;
   *)
     SUITE=$(get_fallback_suite "$DISTRO_ID" "$DISTRO_CODENAME" "https://apt.postgresql.org/pub/repos/apt")
@@ -6924,6 +6946,7 @@ function setup_postgresql() {
       }
     done
   fi
+  _configure_pg_cron_preload "$PG_MODULES"
 }
 
 # ------------------------------------------------------------------------------
@@ -6942,6 +6965,7 @@ function setup_postgresql() {
 #   PG_DB_NAME="immich" PG_DB_USER="immich" PG_DB_EXTENSIONS="pgvector" setup_postgresql_db
 #   PG_DB_NAME="ghostfolio" PG_DB_USER="ghostfolio" PG_DB_GRANT_SUPERUSER="true" setup_postgresql_db
 #   PG_DB_NAME="adventurelog" PG_DB_USER="adventurelog" PG_DB_EXTENSIONS="postgis" setup_postgresql_db
+#   PG_DB_NAME="splitpro" PG_DB_USER="splitpro" PG_DB_EXTENSIONS="pg_cron" setup_postgresql_db
 #
 # Variables:
 #   PG_DB_NAME             - Database name (required)
@@ -6973,6 +6997,13 @@ function setup_postgresql_db() {
   $STD sudo -u postgres psql -c "CREATE ROLE $PG_DB_USER WITH LOGIN PASSWORD '$PG_DB_PASS';"
   $STD sudo -u postgres psql -c "CREATE DATABASE $PG_DB_NAME WITH OWNER $PG_DB_USER ENCODING 'UTF8' TEMPLATE template0;"
 
+  # Configure pg_cron database BEFORE creating the extension (must be set before pg_cron loads)
+  if [[ -n "${PG_DB_EXTENSIONS:-}" ]] && [[ ",${PG_DB_EXTENSIONS//[[:space:]]/}," == *",pg_cron,"* ]]; then
+    $STD sudo -u postgres psql -c "ALTER SYSTEM SET cron.database_name = '${PG_DB_NAME}';"
+    $STD sudo -u postgres psql -c "ALTER SYSTEM SET cron.timezone = 'UTC';"
+    $STD systemctl restart postgresql
+  fi
+
   # Install extensions (comma-separated)
   if [[ -n "${PG_DB_EXTENSIONS:-}" ]]; then
     IFS=',' read -ra EXT_LIST <<<"${PG_DB_EXTENSIONS:-}"
@@ -6982,6 +7013,12 @@ function setup_postgresql_db() {
     done
   fi
 
+  # Grant pg_cron schema permissions to DB user
+  if [[ -n "${PG_DB_EXTENSIONS:-}" ]] && [[ ",${PG_DB_EXTENSIONS//[[:space:]]/}," == *",pg_cron,"* ]]; then
+    $STD sudo -u postgres psql -d "$PG_DB_NAME" -c "GRANT USAGE ON SCHEMA cron TO ${PG_DB_USER};"
+    $STD sudo -u postgres psql -d "$PG_DB_NAME" -c "GRANT ALL ON ALL TABLES IN SCHEMA cron TO ${PG_DB_USER};"
+  fi
+
   # ALTER ROLE settings for Django/Rails compatibility (unless skipped)
   if [[ "${PG_DB_SKIP_ALTER_ROLE:-}" != "true" ]]; then
     $STD sudo -u postgres psql -c "ALTER ROLE $PG_DB_USER SET client_encoding TO 'utf8';"
@@ -7023,7 +7060,6 @@ function setup_postgresql_db() {
   export PG_DB_USER
   export PG_DB_PASS
 }
-
 # ------------------------------------------------------------------------------
 # Installs rbenv and ruby-build, installs Ruby and optionally Rails.
 #