refactor(mariadb): use distro repo by default, add USE_MARIADB_REPO option

- Default behavior now uses Debian/Ubuntu apt packages (more stable)
- Set USE_MARIADB_REPO=true to use official MariaDB repository
- Reduces dependency on external mirrors (mirror.mariadb.org, r.mariadb.com)
- Fixes GPG key and mirror availability issues
- Updated documentation with usage examples

misc/tools.func

@@ -13,7 +13,6 @@
 #   - Legacy installation cleanup (nvm, rbenv, rustup)
 #   - OS-upgrade-safe repository preparation
 #   - Service pattern matching for multi-version tools
-#   - Debug mode for troubleshooting (TOOLS_DEBUG=true)
 #
 # Usage in install scripts:
 #   source /dev/stdin <<< "$FUNCTIONS"  # Load from build.func
@@ -28,195 +27,9 @@
 #   prepare_repository_setup()       - Cleanup repos + keyrings + validate APT
 #   install_packages_with_retry()    - Install with 3 retries and APT refresh
 #   upgrade_packages_with_retry()    - Upgrade with 3 retries and APT refresh
-#   curl_with_retry()                - Curl with retry logic and timeouts
-#
-# Debug Mode:
-#   TOOLS_DEBUG=true ./script.sh     - Enable verbose output for troubleshooting
 #
 # ==============================================================================
 
-# ------------------------------------------------------------------------------
-# Debug helper - outputs to stderr when TOOLS_DEBUG is enabled
-# Usage: debug_log "message"
-# ------------------------------------------------------------------------------
-debug_log() {
-  if [[ "${TOOLS_DEBUG:-false}" == "true" || "${TOOLS_DEBUG:-0}" == "1" ]]; then
-    echo "[DEBUG] $*" >&2
-  fi
-}
-
-# ------------------------------------------------------------------------------
-# Robust curl wrapper with retry logic, timeouts, and error handling
-#
-# Usage:
-#   curl_with_retry "https://example.com/file" "/tmp/output"
-#   curl_with_retry "https://api.github.com/..." "-" | jq .
-#   CURL_RETRIES=5 curl_with_retry "https://slow.server/file" "/tmp/out"
-#
-# Parameters:
-#   $1 - URL to download
-#   $2 - Output file path (use "-" for stdout)
-#   $3 - (optional) Additional curl options as string
-#
-# Variables:
-#   CURL_RETRIES     - Number of retries (default: 3)
-#   CURL_TIMEOUT     - Max time per attempt in seconds (default: 60)
-#   CURL_CONNECT_TO  - Connection timeout in seconds (default: 10)
-#
-# Returns: 0 on success, 1 on failure after all retries
-# ------------------------------------------------------------------------------
-curl_with_retry() {
-  local url="$1"
-  local output="${2:--}"
-  local extra_opts="${3:-}"
-  local retries="${CURL_RETRIES:-3}"
-  local timeout="${CURL_TIMEOUT:-60}"
-  local connect_timeout="${CURL_CONNECT_TO:-10}"
-
-  local attempt=1
-  local success=false
-
-  while [[ $attempt -le $retries ]]; do
-    debug_log "curl attempt $attempt/$retries: $url"
-
-    local curl_cmd="curl -fsSL --connect-timeout $connect_timeout --max-time $timeout"
-    [[ -n "$extra_opts" ]] && curl_cmd="$curl_cmd $extra_opts"
-
-    if [[ "$output" == "-" ]]; then
-      if $curl_cmd "$url"; then
-        success=true
-        break
-      fi
-    else
-      if $curl_cmd -o "$output" "$url"; then
-        success=true
-        break
-      fi
-    fi
-
-    debug_log "curl attempt $attempt failed, waiting ${attempt}s before retry..."
-    sleep "$attempt"
-    ((attempt++))
-  done
-
-  if [[ "$success" == "true" ]]; then
-    debug_log "curl successful: $url"
-    return 0
-  else
-    debug_log "curl FAILED after $retries attempts: $url"
-    return 1
-  fi
-}
-
-# ------------------------------------------------------------------------------
-# Robust curl wrapper for API calls (returns HTTP code + body)
-#
-# Usage:
-#   response=$(curl_api_with_retry "https://api.github.com/repos/owner/repo/releases/latest")
-#   http_code=$(curl_api_with_retry "https://api.github.com/..." "/tmp/body.json")
-#
-# Parameters:
-#   $1 - URL to call
-#   $2 - (optional) Output file for body (default: stdout)
-#   $3 - (optional) Additional curl options as string
-#
-# Returns: HTTP status code, body in file or stdout
-# ------------------------------------------------------------------------------
-curl_api_with_retry() {
-  local url="$1"
-  local body_file="${2:-}"
-  local extra_opts="${3:-}"
-  local retries="${CURL_RETRIES:-3}"
-  local timeout="${CURL_TIMEOUT:-60}"
-  local connect_timeout="${CURL_CONNECT_TO:-10}"
-
-  local attempt=1
-  local http_code=""
-
-  while [[ $attempt -le $retries ]]; do
-    debug_log "curl API attempt $attempt/$retries: $url"
-
-    local curl_cmd="curl -fsSL --connect-timeout $connect_timeout --max-time $timeout -w '%{http_code}'"
-    [[ -n "$extra_opts" ]] && curl_cmd="$curl_cmd $extra_opts"
-
-    if [[ -n "$body_file" ]]; then
-      http_code=$($curl_cmd -o "$body_file" "$url" 2>/dev/null) || true
-    else
-      # Capture body and http_code separately
-      local tmp_body="/tmp/curl_api_body_$$"
-      http_code=$($curl_cmd -o "$tmp_body" "$url" 2>/dev/null) || true
-      if [[ -f "$tmp_body" ]]; then
-        cat "$tmp_body"
-        rm -f "$tmp_body"
-      fi
-    fi
-
-    # Success on 2xx codes
-    if [[ "$http_code" =~ ^2[0-9]{2}$ ]]; then
-      debug_log "curl API successful: $url (HTTP $http_code)"
-      echo "$http_code"
-      return 0
-    fi
-
-    debug_log "curl API attempt $attempt failed (HTTP $http_code), waiting ${attempt}s..."
-    sleep "$attempt"
-    ((attempt++))
-  done
-
-  debug_log "curl API FAILED after $retries attempts: $url"
-  echo "$http_code"
-  return 1
-}
-
-# ------------------------------------------------------------------------------
-# Download and install GPG key with retry logic
-#
-# Usage:
-#   download_gpg_key "https://example.com/key.gpg" "/etc/apt/keyrings/example.gpg"
-#   download_gpg_key "https://example.com/key.asc" "/etc/apt/keyrings/example.gpg" "dearmor"
-#
-# Parameters:
-#   $1 - URL to GPG key
-#   $2 - Output path for keyring file
-#   $3 - (optional) "dearmor" to convert ASCII-armored key to binary
-#
-# Returns: 0 on success, 1 on failure
-# ------------------------------------------------------------------------------
-download_gpg_key() {
-  local url="$1"
-  local output="$2"
-  local mode="${3:-}"
-  local retries="${CURL_RETRIES:-3}"
-  local timeout="${CURL_TIMEOUT:-30}"
-
-  mkdir -p "$(dirname "$output")"
-
-  local attempt=1
-  while [[ $attempt -le $retries ]]; do
-    debug_log "GPG key download attempt $attempt/$retries: $url"
-
-    if [[ "$mode" == "dearmor" ]]; then
-      if curl -fsSL --connect-timeout 10 --max-time "$timeout" "$url" 2>/dev/null | \
-         gpg --dearmor --yes -o "$output" 2>/dev/null; then
-        debug_log "GPG key installed: $output"
-        return 0
-      fi
-    else
-      if curl -fsSL --connect-timeout 10 --max-time "$timeout" -o "$output" "$url" 2>/dev/null; then
-        debug_log "GPG key downloaded: $output"
-        return 0
-      fi
-    fi
-
-    debug_log "GPG key download attempt $attempt failed, waiting ${attempt}s..."
-    sleep "$attempt"
-    ((attempt++))
-  done
-
-  debug_log "GPG key download FAILED after $retries attempts: $url"
-  return 1
-}
-
 # ------------------------------------------------------------------------------
 # Cache installed version to avoid repeated checks
 # ------------------------------------------------------------------------------
@@ -640,8 +453,9 @@ manage_tool_repository() {
     # Clean old repos first
     cleanup_old_repo_files "mongodb"
 
-    # Import GPG key with retry logic
-    if ! download_gpg_key "$gpg_key_url" "/etc/apt/keyrings/mongodb-server-${version}.gpg" "dearmor"; then
+    # Import GPG key
+    mkdir -p /etc/apt/keyrings
+    if ! curl -fsSL "$gpg_key_url" | gpg --dearmor --yes -o "/etc/apt/keyrings/mongodb-server-${version}.gpg" 2>/dev/null; then
       msg_error "Failed to download MongoDB GPG key"
       return 1
     fi
@@ -721,11 +535,14 @@ EOF
     local distro_codename
     distro_codename=$(awk -F= '/^VERSION_CODENAME=/{print $2}' /etc/os-release)
 
-    # Download GPG key from NodeSource with retry logic
-    if ! download_gpg_key "$gpg_key_url" "/etc/apt/keyrings/nodesource.gpg" "dearmor"; then
+    # Create keyring directory first
+    mkdir -p /etc/apt/keyrings
+
+    # Download GPG key from NodeSource
+    curl -fsSL "$gpg_key_url" | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg || {
       msg_error "Failed to import NodeSource GPG key"
       return 1
-    fi
+    }
 
     cat <<EOF >/etc/apt/sources.list.d/nodesource.sources
 Types: deb
@@ -746,11 +563,11 @@ EOF
 
     cleanup_old_repo_files "php"
 
-    # Download and install keyring with retry logic
-    if ! curl_with_retry "$gpg_key_url" "/tmp/debsuryorg-archive-keyring.deb"; then
+    # Download and install keyring
+    curl -fsSLo /tmp/debsuryorg-archive-keyring.deb "$gpg_key_url" || {
       msg_error "Failed to download PHP keyring"
       return 1
-    fi
+    }
     dpkg -i /tmp/debsuryorg-archive-keyring.deb >/dev/null 2>&1 || {
       msg_error "Failed to install PHP keyring"
       rm -f /tmp/debsuryorg-archive-keyring.deb
@@ -780,11 +597,14 @@ EOF
 
     cleanup_old_repo_files "postgresql"
 
-    # Import PostgreSQL key with retry logic
-    if ! download_gpg_key "$gpg_key_url" "/etc/apt/keyrings/postgresql.gpg" "dearmor"; then
+    # Create keyring directory first
+    mkdir -p /etc/apt/keyrings
+
+    # Import PostgreSQL key
+    curl -fsSL "$gpg_key_url" | gpg --dearmor -o /etc/apt/keyrings/postgresql.gpg || {
       msg_error "Failed to import PostgreSQL GPG key"
       return 1
-    fi
+    }
 
     # Setup repository
     local distro_codename
@@ -1419,11 +1239,11 @@ setup_deb822_repo() {
     return 1
   }
 
-  # Import GPG key with retry logic
-  if ! download_gpg_key "$gpg_url" "/etc/apt/keyrings/${name}.gpg" "dearmor"; then
+  # Import GPG
+  curl -fsSL "$gpg_url" | gpg --dearmor --yes -o "/etc/apt/keyrings/${name}.gpg" || {
     msg_error "Failed to import GPG key for ${name}"
     return 1
-  fi
+  }
 
   # Write deb822
   {
@@ -1873,16 +1693,6 @@ function fetch_and_deploy_gh_release() {
   local target="${5:-/opt/$app}"
   local asset_pattern="${6:-}"
 
-  # Validate app name to prevent /root/. directory issues
-  if [[ -z "$app" ]]; then
-    # Derive app name from repo if not provided
-    app="${repo##*/}"
-    if [[ -z "$app" ]]; then
-      msg_error "fetch_and_deploy_gh_release requires app name or valid repo"
-      return 1
-    fi
-  fi
-
   local app_lc=$(echo "${app,,}" | tr -d ' ')
   local version_file="$HOME/.${app_lc}"
 
@@ -2244,10 +2054,11 @@ function setup_adminer() {
   if grep -qi alpine /etc/os-release; then
     msg_info "Setup Adminer (Alpine)"
     mkdir -p /var/www/localhost/htdocs/adminer
-    if ! curl_with_retry "https://github.com/vrana/adminer/releases/latest/download/adminer.php" "/var/www/localhost/htdocs/adminer/index.php"; then
+    curl -fsSL https://github.com/vrana/adminer/releases/latest/download/adminer.php \
+      -o /var/www/localhost/htdocs/adminer/index.php || {
       msg_error "Failed to download Adminer"
       return 1
-    fi
+    }
     cache_installed_version "adminer" "latest-alpine"
     msg_ok "Setup Adminer (Alpine)"
   else
@@ -2308,10 +2119,10 @@ function setup_composer() {
   ensure_usr_local_bin_persist
   export PATH="/usr/local/bin:$PATH"
 
-  if ! curl_with_retry "https://getcomposer.org/installer" "/tmp/composer-setup.php"; then
+  curl -fsSL https://getcomposer.org/installer -o /tmp/composer-setup.php || {
     msg_error "Failed to download Composer installer"
     return 1
-  fi
+  }
 
   $STD php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer || {
     msg_error "Failed to install Composer"
@@ -2369,11 +2180,11 @@ function setup_ffmpeg() {
 
   # Binary fallback mode
   if [[ "$TYPE" == "binary" ]]; then
-    if ! CURL_TIMEOUT=300 curl_with_retry "https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz" "$TMP_DIR/ffmpeg.tar.xz"; then
+    curl -fsSL https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz -o "$TMP_DIR/ffmpeg.tar.xz" || {
       msg_error "Failed to download FFmpeg binary"
       rm -rf "$TMP_DIR"
       return 1
-    fi
+    }
     tar -xf "$TMP_DIR/ffmpeg.tar.xz" -C "$TMP_DIR" || {
       msg_error "Failed to extract FFmpeg binary"
       rm -rf "$TMP_DIR"
@@ -2442,20 +2253,20 @@ function setup_ffmpeg() {
 
   # Try to download source if VERSION is set
   if [[ -n "$VERSION" ]]; then
-    if ! CURL_TIMEOUT=300 curl_with_retry "https://github.com/${GITHUB_REPO}/archive/refs/tags/${VERSION}.tar.gz" "$TMP_DIR/ffmpeg.tar.gz"; then
+    curl -fsSL "https://github.com/${GITHUB_REPO}/archive/refs/tags/${VERSION}.tar.gz" -o "$TMP_DIR/ffmpeg.tar.gz" || {
       msg_warn "Failed to download FFmpeg source ${VERSION}, falling back to pre-built binary"
       VERSION=""
-    fi
+    }
   fi
 
   # If no source download (either VERSION empty or download failed), use binary
   if [[ -z "$VERSION" ]]; then
     msg_info "Setup FFmpeg from pre-built binary"
-    if ! CURL_TIMEOUT=300 curl_with_retry "https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz" "$TMP_DIR/ffmpeg.tar.xz"; then
+    curl -fsSL https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz -o "$TMP_DIR/ffmpeg.tar.xz" || {
       msg_error "Failed to download FFmpeg pre-built binary"
       rm -rf "$TMP_DIR"
       return 1
-    fi
+    }
 
     tar -xJf "$TMP_DIR/ffmpeg.tar.xz" -C "$TMP_DIR" || {
       msg_error "Failed to extract FFmpeg binary archive"
@@ -2575,13 +2386,14 @@ function setup_go() {
   # Resolve "latest" version
   local GO_VERSION="${GO_VERSION:-latest}"
   if [[ "$GO_VERSION" == "latest" ]]; then
-    local go_version_tmp
-    go_version_tmp=$(curl_with_retry "https://go.dev/VERSION?m=text" "-" 2>/dev/null | head -n1 | sed 's/^go//') || true
-    if [[ -z "$go_version_tmp" ]]; then
+    GO_VERSION=$(curl -fsSL https://go.dev/VERSION?m=text 2>/dev/null | head -n1 | sed 's/^go//') || {
       msg_error "Could not determine latest Go version"
       return 1
-    fi
-    GO_VERSION="$go_version_tmp"
+    }
+    [[ -z "$GO_VERSION" ]] && {
+      msg_error "Latest Go version is empty"
+      return 1
+    }
   fi
 
   local GO_BIN="/usr/local/bin/go"
@@ -2611,11 +2423,11 @@ function setup_go() {
   local URL="https://go.dev/dl/${TARBALL}"
   local TMP_TAR=$(mktemp)
 
-  if ! CURL_TIMEOUT=300 curl_with_retry "$URL" "$TMP_TAR"; then
+  curl -fsSL "$URL" -o "$TMP_TAR" || {
     msg_error "Failed to download Go $GO_VERSION"
     rm -f "$TMP_TAR"
     return 1
-  fi
+  }
 
   $STD tar -C /usr/local -xzf "$TMP_TAR" || {
     msg_error "Failed to extract Go tarball"
@@ -2691,11 +2503,11 @@ function setup_gs() {
     msg_info "Setup Ghostscript $LATEST_VERSION_DOTTED"
   fi
 
-  if ! CURL_TIMEOUT=180 curl_with_retry "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${LATEST_VERSION}/ghostscript-${LATEST_VERSION_DOTTED}.tar.gz" "$TMP_DIR/ghostscript.tar.gz"; then
+  curl -fsSL "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs${LATEST_VERSION}/ghostscript-${LATEST_VERSION_DOTTED}.tar.gz" -o "$TMP_DIR/ghostscript.tar.gz" || {
     msg_error "Failed to download Ghostscript"
     rm -rf "$TMP_DIR"
     return 1
-  fi
+  }
 
   if ! tar -xzf "$TMP_DIR/ghostscript.tar.gz" -C "$TMP_DIR"; then
     msg_error "Failed to extract Ghostscript archive"
@@ -2892,16 +2704,16 @@ EOF
       # Fallback to open drivers or older Intel GPUs
       if [[ "$needs_nonfree" == false ]]; then
         # Fetch latest Intel drivers from GitHub for Debian
-        fetch_and_deploy_gh_release "intel-igc-core" "intel/intel-graphics-compiler" "binary" "latest" "" "intel-igc-core-2_*_amd64.deb" || {
+        fetch_and_deploy_gh_release "" "intel/intel-graphics-compiler" "binary" "latest" "" "intel-igc-core-2_*_amd64.deb" || {
           msg_warn "Failed to deploy Intel IGC core 2"
         }
-        fetch_and_deploy_gh_release "intel-igc-opencl" "intel/intel-graphics-compiler" "binary" "latest" "" "intel-igc-opencl-2_*_amd64.deb" || {
+        fetch_and_deploy_gh_release "" "intel/intel-graphics-compiler" "binary" "latest" "" "intel-igc-opencl-2_*_amd64.deb" || {
           msg_warn "Failed to deploy Intel IGC OpenCL 2"
         }
-        fetch_and_deploy_gh_release "libigdgmm12" "intel/compute-runtime" "binary" "latest" "" "libigdgmm12_*_amd64.deb" || {
+        fetch_and_deploy_gh_release "" "intel/compute-runtime" "binary" "latest" "" "libigdgmm12_*_amd64.deb" || {
           msg_warn "Failed to deploy Intel GDGMM12"
         }
-        fetch_and_deploy_gh_release "intel-opencl-icd" "intel/compute-runtime" "binary" "latest" "" "intel-opencl-icd_*_amd64.deb" || {
+        fetch_and_deploy_gh_release "" "intel/compute-runtime" "binary" "latest" "" "intel-opencl-icd_*_amd64.deb" || {
           msg_warn "Failed to deploy Intel OpenCL ICD"
         }
 
@@ -3067,11 +2879,11 @@ function setup_imagemagick() {
     pkg-config \
     ghostscript
 
-  if ! CURL_TIMEOUT=180 curl_with_retry "https://imagemagick.org/archive/ImageMagick.tar.gz" "$TMP_DIR/ImageMagick.tar.gz"; then
+  curl -fsSL https://imagemagick.org/archive/ImageMagick.tar.gz -o "$TMP_DIR/ImageMagick.tar.gz" || {
     msg_error "Failed to download ImageMagick"
     rm -rf "$TMP_DIR"
     return 1
-  fi
+  }
 
   tar -xzf "$TMP_DIR/ImageMagick.tar.gz" -C "$TMP_DIR" || {
     msg_error "Failed to extract ImageMagick"
@@ -3704,31 +3516,20 @@ function setup_mongodb() {
 }
 
 # ------------------------------------------------------------------------------
-# Installs or upgrades MySQL.
+# Installs or upgrades MySQL and configures APT repo.
 #
 # Description:
-#   - By default uses distro repository (Debian/Ubuntu apt) for stability
-#   - Optionally uses official MySQL repository for specific versions
 #   - Detects existing MySQL installation
 #   - Purges conflicting packages before installation
 #   - Supports clean upgrade
 #   - Handles Debian Trixie libaio1t64 transition
 #
 # Variables:
-#   USE_MYSQL_REPO - Set to "true" to use official MySQL repository
-#                    (default: false, uses distro packages)
-#   MYSQL_VERSION  - MySQL version to install when using official repo
-#                    (e.g. 8.0, 8.4) (default: 8.0)
-#
-# Examples:
-#   setup_mysql                              # Uses distro package (recommended)
-#   USE_MYSQL_REPO=true setup_mysql          # Uses official MySQL repo
-#   USE_MYSQL_REPO=true MYSQL_VERSION="8.4" setup_mysql  # Specific version
+#   MYSQL_VERSION  - MySQL version to install (e.g. 5.7, 8.0) (default: 8.0)
 # ------------------------------------------------------------------------------
 
 function setup_mysql() {
   local MYSQL_VERSION="${MYSQL_VERSION:-8.0}"
-  local USE_MYSQL_REPO="${USE_MYSQL_REPO:-false}"
   local DISTRO_ID DISTRO_CODENAME
   DISTRO_ID=$(awk -F= '/^ID=/{print $2}' /etc/os-release | tr -d '"')
   DISTRO_CODENAME=$(awk -F= '/^VERSION_CODENAME=/{print $2}' /etc/os-release)
@@ -3737,70 +3538,7 @@ function setup_mysql() {
   local CURRENT_VERSION=""
   CURRENT_VERSION=$(is_tool_installed "mysql" 2>/dev/null) || true
 
-  # Scenario 1: Use distro repository (default, most stable)
-  if [[ "$USE_MYSQL_REPO" != "true" && "$USE_MYSQL_REPO" != "TRUE" && "$USE_MYSQL_REPO" != "1" ]]; then
-    msg_info "Setup MySQL (distro package)"
-
-    # If already installed, just update
-    if [[ -n "$CURRENT_VERSION" ]]; then
-      msg_info "Update MySQL $CURRENT_VERSION"
-      ensure_apt_working || return 1
-      upgrade_packages_with_retry "default-mysql-server" "default-mysql-client" || \
-        upgrade_packages_with_retry "mysql-server" "mysql-client" || \
-        upgrade_packages_with_retry "mariadb-server" "mariadb-client" || {
-        msg_error "Failed to upgrade MySQL/MariaDB packages"
-        return 1
-      }
-      cache_installed_version "mysql" "$CURRENT_VERSION"
-      msg_ok "Update MySQL $CURRENT_VERSION"
-      return 0
-    fi
-
-    # Fresh install from distro repo
-    ensure_apt_working || return 1
-
-    export DEBIAN_FRONTEND=noninteractive
-    # Try default-mysql-server first, fallback to mysql-server, then mariadb
-    if apt-cache search "^default-mysql-server$" 2>/dev/null | grep -q .; then
-      install_packages_with_retry "default-mysql-server" "default-mysql-client" || {
-        msg_warn "default-mysql-server failed, trying mysql-server"
-        install_packages_with_retry "mysql-server" "mysql-client" || {
-          msg_warn "mysql-server failed, trying mariadb as fallback"
-          install_packages_with_retry "mariadb-server" "mariadb-client" || {
-            msg_error "Failed to install any MySQL/MariaDB from distro repository"
-            return 1
-          }
-        }
-      }
-    elif apt-cache search "^mysql-server$" 2>/dev/null | grep -q .; then
-      install_packages_with_retry "mysql-server" "mysql-client" || {
-        msg_warn "mysql-server failed, trying mariadb as fallback"
-        install_packages_with_retry "mariadb-server" "mariadb-client" || {
-          msg_error "Failed to install any MySQL/MariaDB from distro repository"
-          return 1
-        }
-      }
-    else
-      # Distro doesn't have MySQL, use MariaDB
-      install_packages_with_retry "mariadb-server" "mariadb-client" || {
-        msg_error "Failed to install MariaDB from distro repository"
-        return 1
-      }
-    fi
-
-    # Get installed version
-    local INSTALLED_VERSION=""
-    INSTALLED_VERSION=$(is_tool_installed "mysql" 2>/dev/null) || true
-    if [[ -z "$INSTALLED_VERSION" ]]; then
-      INSTALLED_VERSION=$(is_tool_installed "mariadb" 2>/dev/null) || true
-    fi
-    cache_installed_version "mysql" "${INSTALLED_VERSION:-distro}"
-    msg_ok "Setup MySQL/MariaDB ${INSTALLED_VERSION:-from distro}"
-    return 0
-  fi
-
-  # Scenario 2: Use official MySQL repository (USE_MYSQL_REPO=true)
-  # Scenario 2a: Already at target version - just update packages
+  # Scenario 1: Already at target version - just update packages
   if [[ -n "$CURRENT_VERSION" && "$CURRENT_VERSION" == "$MYSQL_VERSION" ]]; then
     msg_info "Update MySQL $MYSQL_VERSION"
 
@@ -3832,7 +3570,7 @@ function setup_mysql() {
   if [[ "$DISTRO_ID" == "debian" && "$DISTRO_CODENAME" =~ ^(trixie|forky|sid)$ ]]; then
     msg_info "Debian ${DISTRO_CODENAME} detected → using MySQL 8.4 LTS (libaio1t64 compatible)"
 
-    if ! download_gpg_key "https://repo.mysql.com/RPM-GPG-KEY-mysql-2023" "/etc/apt/keyrings/mysql.gpg" "dearmor"; then
+    if ! curl -fsSL https://repo.mysql.com/RPM-GPG-KEY-mysql-2023 | gpg --dearmor -o /etc/apt/keyrings/mysql.gpg 2>/dev/null; then
       msg_error "Failed to import MySQL GPG key"
       return 1
     fi
@@ -4314,29 +4052,17 @@ EOF
 # Installs or upgrades PostgreSQL and optional extensions/modules.
 #
 # Description:
-#   - By default uses distro repository (Debian/Ubuntu apt) for stability
-#   - Optionally uses official PGDG repository for specific versions
 #   - Detects existing PostgreSQL version
 #   - Dumps all databases before upgrade
+#   - Adds PGDG repo and installs specified version
 #   - Installs optional PG_MODULES (e.g. postgis, contrib)
 #   - Restores dumped data post-upgrade
 #
 # Variables:
-#   USE_PGDG_REPO  - Set to "true" to use official PGDG repository
-#                    (default: false, uses distro packages)
-#   PG_VERSION    - Major PostgreSQL version (e.g. 15, 16) (default: 16)
-#   PG_MODULES    - Comma-separated list of modules (e.g. "postgis,contrib")
-#
-# Examples:
-#   setup_postgresql                              # Uses distro package (recommended)
-#   USE_PGDG_REPO=true setup_postgresql           # Uses official PGDG repo
-#   USE_PGDG_REPO=true PG_VERSION="17" setup_postgresql  # Specific version from PGDG
-# ------------------------------------------------------------------------------
-
+#   PG_VERSION     - Major PostgreSQL version (e.g. 15, 16) (default: 16)
 function setup_postgresql() {
   local PG_VERSION="${PG_VERSION:-16}"
   local PG_MODULES="${PG_MODULES:-}"
-  local USE_PGDG_REPO="${USE_PGDG_REPO:-false}"
   local DISTRO_ID DISTRO_CODENAME
   DISTRO_ID=$(awk -F= '/^ID=/{print $2}' /etc/os-release | tr -d '"')
   DISTRO_CODENAME=$(awk -F= '/^VERSION_CODENAME=/{print $2}' /etc/os-release)
@@ -4347,65 +4073,7 @@ function setup_postgresql() {
     CURRENT_PG_VERSION="$(psql -V 2>/dev/null | awk '{print $3}' | cut -d. -f1)"
   fi
 
-  # Scenario 1: Use distro repository (default, most stable)
-  if [[ "$USE_PGDG_REPO" != "true" && "$USE_PGDG_REPO" != "TRUE" && "$USE_PGDG_REPO" != "1" ]]; then
-    msg_info "Setup PostgreSQL (distro package)"
-
-    # If already installed, just update
-    if [[ -n "$CURRENT_PG_VERSION" ]]; then
-      msg_info "Update PostgreSQL $CURRENT_PG_VERSION"
-      ensure_apt_working || return 1
-      upgrade_packages_with_retry "postgresql" "postgresql-client" || true
-      cache_installed_version "postgresql" "$CURRENT_PG_VERSION"
-      msg_ok "Update PostgreSQL $CURRENT_PG_VERSION"
-
-      # Still install modules if specified
-      if [[ -n "$PG_MODULES" ]]; then
-        IFS=',' read -ra MODULES <<<"$PG_MODULES"
-        for module in "${MODULES[@]}"; do
-          $STD apt install -y "postgresql-${CURRENT_PG_VERSION}-${module}" 2>/dev/null || true
-        done
-      fi
-      return 0
-    fi
-
-    # Fresh install from distro repo
-    ensure_apt_working || return 1
-
-    export DEBIAN_FRONTEND=noninteractive
-    install_packages_with_retry "postgresql" "postgresql-client" || {
-      msg_error "Failed to install PostgreSQL from distro repository"
-      return 1
-    }
-
-    # Get installed version
-    local INSTALLED_VERSION=""
-    if command -v psql >/dev/null; then
-      INSTALLED_VERSION="$(psql -V 2>/dev/null | awk '{print $3}' | cut -d. -f1)"
-    fi
-
-    $STD systemctl enable --now postgresql 2>/dev/null || true
-
-    # Add PostgreSQL binaries to PATH
-    if [[ -n "$INSTALLED_VERSION" ]] && ! grep -q '/usr/lib/postgresql' /etc/environment 2>/dev/null; then
-      echo 'PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/lib/postgresql/'"${INSTALLED_VERSION}"'/bin"' >/etc/environment
-    fi
-
-    cache_installed_version "postgresql" "${INSTALLED_VERSION:-distro}"
-    msg_ok "Setup PostgreSQL ${INSTALLED_VERSION:-from distro}"
-
-    # Install optional modules
-    if [[ -n "$PG_MODULES" && -n "$INSTALLED_VERSION" ]]; then
-      IFS=',' read -ra MODULES <<<"$PG_MODULES"
-      for module in "${MODULES[@]}"; do
-        $STD apt install -y "postgresql-${INSTALLED_VERSION}-${module}" 2>/dev/null || true
-      done
-    fi
-    return 0
-  fi
-
-  # Scenario 2: Use official PGDG repository (USE_PGDG_REPO=true)
-  # Scenario 2a: Already at correct version
+  # Scenario 1: Already at correct version
   if [[ "$CURRENT_PG_VERSION" == "$PG_VERSION" ]]; then
     msg_info "Update PostgreSQL $PG_VERSION"
     ensure_apt_working || return 1
@@ -4742,11 +4410,11 @@ function setup_ruby() {
       return 1
     fi
 
-    if ! curl_with_retry "https://github.com/rbenv/rbenv/archive/refs/tags/v${RBENV_RELEASE}.tar.gz" "$TMP_DIR/rbenv.tar.gz"; then
+    curl -fsSL "https://github.com/rbenv/rbenv/archive/refs/tags/v${RBENV_RELEASE}.tar.gz" -o "$TMP_DIR/rbenv.tar.gz" || {
       msg_error "Failed to download rbenv"
       rm -rf "$TMP_DIR"
       return 1
-    fi
+    }
 
     tar -xzf "$TMP_DIR/rbenv.tar.gz" -C "$TMP_DIR" || {
       msg_error "Failed to extract rbenv"
@@ -4789,11 +4457,11 @@ function setup_ruby() {
       return 1
     fi
 
-    if ! curl_with_retry "https://github.com/rbenv/ruby-build/archive/refs/tags/v${RUBY_BUILD_RELEASE}.tar.gz" "$TMP_DIR/ruby-build.tar.gz"; then
+    curl -fsSL "https://github.com/rbenv/ruby-build/archive/refs/tags/v${RUBY_BUILD_RELEASE}.tar.gz" -o "$TMP_DIR/ruby-build.tar.gz" || {
       msg_error "Failed to download ruby-build"
       rm -rf "$TMP_DIR"
       return 1
-    fi
+    }
 
     tar -xzf "$TMP_DIR/ruby-build.tar.gz" -C "$TMP_DIR" || {
       msg_error "Failed to extract ruby-build"
@@ -5197,10 +4865,10 @@ function setup_uv() {
 
   local UV_URL="https://github.com/astral-sh/uv/releases/download/${LATEST_VERSION}/${UV_TAR}"
 
-  if ! curl_with_retry "$UV_URL" "$TMP_DIR/uv.tar.gz"; then
+  $STD curl -fsSL "$UV_URL" -o "$TMP_DIR/uv.tar.gz" || {
     msg_error "Failed to download uv from $UV_URL"
     return 1
-  fi
+  }
 
   # Extract
   $STD tar -xzf "$TMP_DIR/uv.tar.gz" -C "$TMP_DIR" || {
@@ -5330,11 +4998,11 @@ function setup_yq() {
     msg_info "Setup yq $LATEST_VERSION"
   fi
 
-  if ! curl_with_retry "https://github.com/${GITHUB_REPO}/releases/download/v${LATEST_VERSION}/yq_linux_amd64" "$TMP_DIR/yq"; then
+  curl -fsSL "https://github.com/${GITHUB_REPO}/releases/download/v${LATEST_VERSION}/yq_linux_amd64" -o "$TMP_DIR/yq" || {
     msg_error "Failed to download yq"
     rm -rf "$TMP_DIR"
     return 1
-  fi
+  }
 
   chmod +x "$TMP_DIR/yq"
   mv "$TMP_DIR/yq" "$BINARY_PATH" || {
@@ -5356,28 +5024,23 @@ function setup_yq() {
 # Docker Engine Installation and Management (All-In-One)
 #
 # Description:
-#   - By default uses distro repository (docker.io) for stability
-#   - Optionally uses official Docker repository for latest features
 #   - Detects and migrates old Docker installations
+#   - Installs/Updates Docker Engine via official repository
 #   - Optional: Installs/Updates Portainer CE
 #   - Updates running containers interactively
 #   - Cleans up legacy repository files
 #
 # Usage:
-#   setup_docker                              # Uses distro package (recommended)
-#   USE_DOCKER_REPO=true setup_docker         # Uses official Docker repo
+#   setup_docker
 #   DOCKER_PORTAINER="true" setup_docker
 #   DOCKER_LOG_DRIVER="json-file" setup_docker
 #
 # Variables:
-#   USE_DOCKER_REPO        - Set to "true" to use official Docker repository
-#                            (default: false, uses distro docker.io package)
 #   DOCKER_PORTAINER       - Install Portainer CE (optional, "true" to enable)
 #   DOCKER_LOG_DRIVER      - Log driver (optional, default: "journald")
 #   DOCKER_SKIP_UPDATES    - Skip container update check (optional, "true" to skip)
 #
 # Features:
-#   - Uses stable distro packages by default
 #   - Migrates from get.docker.com to repository-based installation
 #   - Updates Docker Engine if newer version available
 #   - Interactive container update with multi-select
@@ -5386,7 +5049,6 @@ function setup_yq() {
 function setup_docker() {
   local docker_installed=false
   local portainer_installed=false
-  local USE_DOCKER_REPO="${USE_DOCKER_REPO:-false}"
 
   # Check if Docker is already installed
   if command -v docker &>/dev/null; then
@@ -5401,113 +5063,68 @@ function setup_docker() {
     msg_info "Portainer container detected"
   fi
 
-  # Scenario 1: Use distro repository (default, most stable)
-  if [[ "$USE_DOCKER_REPO" != "true" && "$USE_DOCKER_REPO" != "TRUE" && "$USE_DOCKER_REPO" != "1" ]]; then
+  # Cleanup old repository configurations
+  if [ -f /etc/apt/sources.list.d/docker.list ]; then
+    msg_info "Migrating from old Docker repository format"
+    rm -f /etc/apt/sources.list.d/docker.list
+    rm -f /etc/apt/keyrings/docker.asc
+  fi
 
-    # Install or upgrade Docker from distro repo
-    if [ "$docker_installed" = true ]; then
-      msg_info "Checking for Docker updates (distro package)"
-      ensure_apt_working || return 1
-      upgrade_packages_with_retry "docker.io" "docker-compose" || true
-      DOCKER_CURRENT_VERSION=$(docker --version | grep -oP '\d+\.\d+\.\d+' | head -1)
-      msg_ok "Docker is up-to-date ($DOCKER_CURRENT_VERSION)"
-    else
-      msg_info "Installing Docker (distro package)"
-      ensure_apt_working || return 1
+  # Setup/Update Docker repository
+  msg_info "Setting up Docker Repository"
+  setup_deb822_repo \
+    "docker" \
+    "https://download.docker.com/linux/$(get_os_info id)/gpg" \
+    "https://download.docker.com/linux/$(get_os_info id)" \
+    "$(get_os_info codename)" \
+    "stable" \
+    "$(dpkg --print-architecture)"
 
-      # Install docker.io and docker-compose from distro
-      if ! install_packages_with_retry "docker.io"; then
-        msg_error "Failed to install docker.io from distro repository"
-        return 1
-      fi
-      # docker-compose is optional
-      $STD apt install -y docker-compose 2>/dev/null || true
+  # Install or upgrade Docker
+  if [ "$docker_installed" = true ]; then
+    msg_info "Checking for Docker updates"
+    DOCKER_LATEST_VERSION=$(apt-cache policy docker-ce | grep Candidate | awk '{print $2}' 2>/dev/null | cut -d':' -f2 | cut -d'-' -f1 || echo '')
 
-      DOCKER_CURRENT_VERSION=$(docker --version | grep -oP '\d+\.\d+\.\d+' | head -1)
-      msg_ok "Installed Docker $DOCKER_CURRENT_VERSION (distro package)"
-    fi
-
-    # Configure daemon.json
-    local log_driver="${DOCKER_LOG_DRIVER:-journald}"
-    mkdir -p /etc/docker
-    if [ ! -f /etc/docker/daemon.json ]; then
-      cat <<EOF >/etc/docker/daemon.json
-{
-  "log-driver": "$log_driver"
-}
-EOF
-    fi
-
-    # Enable and start Docker
-    systemctl enable -q --now docker
-
-    # Continue to Portainer section below
-  else
-    # Scenario 2: Use official Docker repository (USE_DOCKER_REPO=true)
-
-    # Cleanup old repository configurations
-    if [ -f /etc/apt/sources.list.d/docker.list ]; then
-      msg_info "Migrating from old Docker repository format"
-      rm -f /etc/apt/sources.list.d/docker.list
-      rm -f /etc/apt/keyrings/docker.asc
-    fi
-
-    # Setup/Update Docker repository
-    msg_info "Setting up Docker Repository"
-    setup_deb822_repo \
-      "docker" \
-      "https://download.docker.com/linux/$(get_os_info id)/gpg" \
-      "https://download.docker.com/linux/$(get_os_info id)" \
-      "$(get_os_info codename)" \
-      "stable" \
-      "$(dpkg --print-architecture)"
-
-    # Install or upgrade Docker
-    if [ "$docker_installed" = true ]; then
-      msg_info "Checking for Docker updates"
-      DOCKER_LATEST_VERSION=$(apt-cache policy docker-ce | grep Candidate | awk '{print $2}' 2>/dev/null | cut -d':' -f2 | cut -d'-' -f1 || echo '')
-
-      if [ "$DOCKER_CURRENT_VERSION" != "$DOCKER_LATEST_VERSION" ]; then
-        msg_info "Updating Docker $DOCKER_CURRENT_VERSION → $DOCKER_LATEST_VERSION"
-        $STD apt install -y --only-upgrade \
-          docker-ce \
-          docker-ce-cli \
-          containerd.io \
-          docker-buildx-plugin \
-          docker-compose-plugin
-        msg_ok "Updated Docker to $DOCKER_LATEST_VERSION"
-      else
-        msg_ok "Docker is up-to-date ($DOCKER_CURRENT_VERSION)"
-      fi
-    else
-      msg_info "Installing Docker"
-      $STD apt install -y \
+    if [ "$DOCKER_CURRENT_VERSION" != "$DOCKER_LATEST_VERSION" ]; then
+      msg_info "Updating Docker $DOCKER_CURRENT_VERSION → $DOCKER_LATEST_VERSION"
+      $STD apt install -y --only-upgrade \
         docker-ce \
         docker-ce-cli \
         containerd.io \
         docker-buildx-plugin \
         docker-compose-plugin
-
-      DOCKER_CURRENT_VERSION=$(docker --version | grep -oP '\d+\.\d+\.\d+' | head -1)
-      msg_ok "Installed Docker $DOCKER_CURRENT_VERSION"
+      msg_ok "Updated Docker to $DOCKER_LATEST_VERSION"
+    else
+      msg_ok "Docker is up-to-date ($DOCKER_CURRENT_VERSION)"
     fi
+  else
+    msg_info "Installing Docker"
+    $STD apt install -y \
+      docker-ce \
+      docker-ce-cli \
+      containerd.io \
+      docker-buildx-plugin \
+      docker-compose-plugin
 
-    # Configure daemon.json
-    local log_driver="${DOCKER_LOG_DRIVER:-journald}"
-    mkdir -p /etc/docker
-    if [ ! -f /etc/docker/daemon.json ]; then
-      cat <<EOF >/etc/docker/daemon.json
+    DOCKER_CURRENT_VERSION=$(docker --version | grep -oP '\d+\.\d+\.\d+' | head -1)
+    msg_ok "Installed Docker $DOCKER_CURRENT_VERSION"
+  fi
+
+  # Configure daemon.json
+  local log_driver="${DOCKER_LOG_DRIVER:-journald}"
+  mkdir -p /etc/docker
+  if [ ! -f /etc/docker/daemon.json ]; then
+    cat <<EOF >/etc/docker/daemon.json
 {
   "log-driver": "$log_driver"
 }
 EOF
-    fi
-
-    # Enable and start Docker
-    systemctl enable -q --now docker
   fi
 
-  # Portainer Management (common for both modes)
+  # Enable and start Docker
+  systemctl enable -q --now docker
+
+  # Portainer Management
   if [[ "${DOCKER_PORTAINER:-}" == "true" ]]; then
     if [ "$portainer_installed" = true ]; then
       msg_info "Checking for Portainer updates"