Update CHANGELOG.md (#13605 )

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
bambuddy: add mkdir before data restore & add ffmpeg dependency (#13601 )
2026-04-09 19:45:05 +02:00 · 2026-04-08 21:22:58 +00:00 · 2026-04-08 23:22:34 +02:00 · 2026-04-08 19:41:23 +00:00 · 2026-04-08 21:40:52 +02:00 · 2026-04-08 17:47:34 +00:00
16 changed files with 491 additions and 74 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -439,6 +439,46 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit

 </details>

+## 2026-04-08
+
+### 🆕 New Scripts
+
+  - IronClaw | Alpine-IronClaw ([#13591](https://github.com/community-scripts/ProxmoxVE/pull/13591))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - immich: disable upgrade-insecure-requests CSP directive [@MickLesk](https://github.com/MickLesk) ([#13600](https://github.com/community-scripts/ProxmoxVE/pull/13600))
+    - Immich: v2.7.2 [@vhsdream](https://github.com/vhsdream) ([#13579](https://github.com/community-scripts/ProxmoxVE/pull/13579))
+    - Update flaresolverr-install.sh [@maztheman](https://github.com/maztheman) ([#13584](https://github.com/community-scripts/ProxmoxVE/pull/13584))
+
+  - #### ✨ New Features
+
+    - bambuddy: add mkdir before data restore & add ffmpeg dependency [@MickLesk](https://github.com/MickLesk) ([#13601](https://github.com/community-scripts/ProxmoxVE/pull/13601))
+
+  - #### 🔧 Refactor
+
+    - feat: update UHF Server script to use setup_ffmpeg [@zackwithak13](https://github.com/zackwithak13) ([#13564](https://github.com/community-scripts/ProxmoxVE/pull/13564))
+
+### 💾 Core
+
+  - #### ✨ New Features
+
+    - core: add script page badges to descriptions | change donate URL [@MickLesk](https://github.com/MickLesk) ([#13596](https://github.com/community-scripts/ProxmoxVE/pull/13596))
+
+## 2026-04-07
+
+### 🗑️ Deleted Scripts
+
+  - Remove low-install-count CT scripts and installers [@michelroegl-brunner](https://github.com/michelroegl-brunner) ([#13570](https://github.com/community-scripts/ProxmoxVE/pull/13570))
+
+### 💾 Core
+
+  - #### ✨ New Features
+
+    - core: improve resilience for top Proxmox error codes (209, 215, 118, 206) [@MickLesk](https://github.com/MickLesk) ([#13575](https://github.com/community-scripts/ProxmoxVE/pull/13575))
+
 ## 2026-04-06

 ### 🆕 New Scripts
--- a/ct/alpine-ironclaw.sh
+++ b/ct/alpine-ironclaw.sh
@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/nearai/ironclaw
+
+APP="Alpine-IronClaw"
+var_tags="${var_tags:-ai;agent;alpine}"
+var_cpu="${var_cpu:-1}"
+var_ram="${var_ram:-1024}"
+var_disk="${var_disk:-8}"
+var_os="${var_os:-alpine}"
+var_version="${var_version:-3.23}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -f /usr/local/bin/ironclaw ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "ironclaw-bin" "nearai/ironclaw"; then
+    msg_info "Stopping Service"
+    rc-service ironclaw stop 2>/dev/null || true
+    msg_ok "Stopped Service"
+
+    msg_info "Backing up Configuration"
+    cp /root/.ironclaw/.env /root/ironclaw.env.bak
+    msg_ok "Backed up Configuration"
+
+    fetch_and_deploy_gh_release "ironclaw-bin" "nearai/ironclaw" "prebuild" "latest" "/usr/local/bin" \
+      "ironclaw-$(uname -m)-unknown-linux-musl.tar.gz"
+    chmod +x /usr/local/bin/ironclaw
+
+    msg_info "Restoring Configuration"
+    cp /root/ironclaw.env.bak /root/.ironclaw/.env
+    rm -f /root/ironclaw.env.bak
+    msg_ok "Restored Configuration"
+
+    msg_info "Starting Service"
+    rc-service ironclaw start
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Complete setup by running:${CL}"
+echo -e "${TAB}${BGN}ironclaw onboard${CL}"
+echo -e "${INFO}${YW} Then start the service:${CL}"
+echo -e "${TAB}${BGN}rc-service ironclaw start${CL}"
+echo -e "${INFO}${YW} Access the Web UI at:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"
+echo -e "${INFO}${YW} Auth token and database credentials:${CL}"
+echo -e "${TAB}${BGN}cat /root/.ironclaw/.env${CL}"
--- a/ct/bambuddy.sh
+++ b/ct/bambuddy.sh
@@ -29,6 +29,8 @@ function update_script() {
    exit
  fi

+  ensure_dependencies ffmpeg
+
  if check_for_gh_release "bambuddy" "maziggy/bambuddy"; then
    msg_info "Stopping Service"
    systemctl stop bambuddy
@@ -54,6 +56,7 @@ function update_script() {
    msg_ok "Rebuilt Frontend"

    msg_info "Restoring Configuration and Data"
+    mkdir -p /opt/bambuddy/data
    cp /opt/bambuddy.env.bak /opt/bambuddy/.env
    cp -r /opt/bambuddy_data_bak/. /opt/bambuddy/data/
    rm -f /opt/bambuddy.env.bak
--- a/ct/headers/alpine-ironclaw
+++ b/ct/headers/alpine-ironclaw
@@ -0,0 +1,6 @@
+    ___    __      _                  ____                 ________              
+   /   |  / /___  (_)___  ___        /  _/________  ____  / ____/ /___ __      __
+  / /| | / / __ \/ / __ \/ _ \______ / // ___/ __ \/ __ \/ /   / / __ `/ | /| / /
+ / ___ |/ / /_/ / / / / /  __/_____// // /  / /_/ / / / / /___/ / /_/ /| |/ |/ / 
+/_/  |_/_/ .___/_/_/ /_/\___/     /___/_/   \____/_/ /_/\____/_/\__,_/ |__/|__/  
+        /_/                                                                      
--- a/ct/headers/ironclaw
+++ b/ct/headers/ironclaw
@@ -0,0 +1,6 @@
+    ____                 ________              
+   /  _/________  ____  / ____/ /___ __      __
+   / // ___/ __ \/ __ \/ /   / / __ `/ | /| / /
+ _/ // /  / /_/ / / / / /___/ / /_/ /| |/ |/ / 
+/___/_/   \____/_/ /_/\____/_/\__,_/ |__/|__/  
+                                               
--- a/ct/immich.sh
+++ b/ct/immich.sh
@@ -109,7 +109,7 @@ EOF
    msg_ok "Image-processing libraries up to date"
  fi

-  RELEASE="v2.6.3"
+  RELEASE="v2.7.2"
  if check_for_gh_release "Immich" "immich-app/immich" "${RELEASE}" "each release is tested individually before the version is updated. Please do not open issues for this"; then
    if [[ $(cat ~/.immich) > "2.5.1" ]]; then
      msg_info "Enabling Maintenance Mode"
@@ -181,6 +181,12 @@ EOF
    unset SHARP_IGNORE_GLOBAL_LIBVIPS
    export SHARP_FORCE_GLOBAL_LIBVIPS=true
    $STD pnpm --filter immich --frozen-lockfile --prod --no-optional deploy "$APP_DIR"
+
+    # Patch helmet.json: disable upgrade-insecure-requests for HTTP access
+    if [[ -f "$APP_DIR/helmet.json" ]]; then
+      jq '.contentSecurityPolicy.directives["upgrade-insecure-requests"] = null' "$APP_DIR/helmet.json" >"$APP_DIR/helmet.json.tmp" && mv "$APP_DIR/helmet.json.tmp" "$APP_DIR/helmet.json"
+    fi
+
    cp "$APP_DIR"/package.json "$APP_DIR"/bin
    sed -i "s|^start|${APP_DIR}/bin/start|" "$APP_DIR"/bin/immich-admin

@@ -269,6 +275,9 @@ EOF
    if ! grep -q '^DB_HOSTNAME=' "$INSTALL_DIR"/.env; then
      sed -i '/^DB_DATABASE_NAME/a DB_HOSTNAME=127.0.0.1' "$INSTALL_DIR"/.env
    fi
+    if ! grep -q 'HELMET_FILE' "$INSTALL_DIR"/.env; then
+      echo "IMMICH_HELMET_FILE=true" >>"$INSTALL_DIR"/.env
+    fi

    if grep -q 'ExecStart=/usr/bin/node' /etc/systemd/system/immich-web.service; then
      sed -i '/^EnvironmentFile=/d' /etc/systemd/system/immich-web.service
--- a/ct/ironclaw.sh
+++ b/ct/ironclaw.sh
@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/nearai/ironclaw
+
+APP="IronClaw"
+var_tags="${var_tags:-ai;agent;security}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-2048}"
+var_disk="${var_disk:-8}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -f /usr/local/bin/ironclaw ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "ironclaw-bin" "nearai/ironclaw"; then
+    msg_info "Stopping Service"
+    systemctl stop ironclaw
+    msg_ok "Stopped Service"
+
+    msg_info "Backing up Configuration"
+    cp /root/.ironclaw/.env /root/ironclaw.env.bak
+    msg_ok "Backed up Configuration"
+
+    fetch_and_deploy_gh_release "ironclaw-bin" "nearai/ironclaw" "prebuild" "latest" "/usr/local/bin" \
+      "ironclaw-$(uname -m)-unknown-linux-$([[ -f /etc/alpine-release ]] && echo "musl" || echo "gnu").tar.gz"
+    chmod +x /usr/local/bin/ironclaw
+
+    msg_info "Restoring Configuration"
+    cp /root/ironclaw.env.bak /root/.ironclaw/.env
+    rm -f /root/ironclaw.env.bak
+    msg_ok "Restored Configuration"
+
+    msg_info "Starting Service"
+    systemctl start ironclaw
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Complete setup by running:${CL}"
+echo -e "${TAB}${BGN}ironclaw onboard${CL}"
+echo -e "${INFO}${YW} Then start the service:${CL}"
+echo -e "${TAB}${BGN}systemctl start ironclaw${CL}"
+echo -e "${INFO}${YW} Access the Web UI at:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"
+echo -e "${INFO}${YW} Auth token and database credentials:${CL}"
+echo -e "${TAB}${BGN}cat /root/.ironclaw/.env${CL}"
--- a/ct/uhf.sh
+++ b/ct/uhf.sh
@@ -38,8 +38,14 @@ function update_script() {
    $STD apt -y upgrade
    msg_ok "Updated LXC"

+    msg_info "Updating UHF Server"
+    if dpkg -l ffmpeg 2>&1 | grep -q "ii"; then
+      apt remove ffmpeg -y && apt autoremove -y
+    fi
+    setup_ffmpeg
    fetch_and_deploy_gh_release "comskip" "swapplications/comskip" "prebuild" "latest" "/opt/comskip" "comskip-x64-*.zip"
    fetch_and_deploy_gh_release "uhf-server" "swapplications/uhf-server-dist" "prebuild" "latest" "/opt/uhf-server" "UHF.Server-linux-x64-*.zip"
+    msg_ok "Updated UHF Server"

    msg_info "Starting Service"
    systemctl start uhf-server
--- a/install/alpine-ironclaw-install.sh
+++ b/install/alpine-ironclaw-install.sh
@@ -0,0 +1,75 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/nearai/ironclaw
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apk add openssl
+msg_ok "Installed Dependencies"
+
+msg_info "Installing PostgreSQL"
+$STD apk add postgresql17 postgresql17-openrc postgresql-pgvector postgresql-common
+$STD rc-service postgresql setup
+$STD rc-update add postgresql default
+$STD rc-service postgresql start
+msg_ok "Installed PostgreSQL"
+
+msg_info "Setting up Database"
+PG_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)
+$STD su -s /bin/sh postgres -c "psql -c \"CREATE ROLE ironclaw WITH LOGIN PASSWORD '${PG_PASS}';\""
+$STD su -s /bin/sh postgres -c "psql -c \"CREATE DATABASE ironclaw WITH OWNER ironclaw;\""
+$STD su -s /bin/sh postgres -c "psql -d ironclaw -c \"CREATE EXTENSION IF NOT EXISTS vector;\""
+msg_ok "Set up Database"
+
+fetch_and_deploy_gh_release "ironclaw-bin" "nearai/ironclaw" "prebuild" "latest" "/usr/local/bin" \
+  "ironclaw-$(uname -m)-unknown-linux-musl.tar.gz"
+chmod +x /usr/local/bin/ironclaw
+
+msg_info "Configuring IronClaw"
+mkdir -p /root/.ironclaw
+GATEWAY_TOKEN=$(openssl rand -hex 32)
+cat <<EOF >/root/.ironclaw/.env
+DATABASE_URL=postgresql://ironclaw:${PG_PASS}@localhost:5432/ironclaw?sslmode=disable
+GATEWAY_ENABLED=true
+GATEWAY_HOST=0.0.0.0
+GATEWAY_PORT=3000
+GATEWAY_AUTH_TOKEN=${GATEWAY_TOKEN}
+CLI_ENABLED=false
+AGENT_NAME=ironclaw
+RUST_LOG=ironclaw=info,tower_http=info
+EOF
+chmod 600 /root/.ironclaw/.env
+msg_ok "Configured IronClaw"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/init.d/ironclaw
+#!/sbin/openrc-run
+
+name="IronClaw"
+description="IronClaw AI Agent"
+command="/usr/local/bin/ironclaw"
+command_background=true
+pidfile="/run/ironclaw.pid"
+directory="/root"
+supervise_daemon_args="--env-file /root/.ironclaw/.env"
+
+depend() {
+  need net postgresql
+}
+EOF
+chmod +x /etc/init.d/ironclaw
+$STD rc-update add ironclaw default
+msg_ok "Created Service"
+
+motd_ssh
+customize
--- a/install/bambuddy-install.sh
+++ b/install/bambuddy-install.sh
@@ -14,7 +14,7 @@ network_check
 update_os

 msg_info "Installing Dependencies"
-$STD apt install -y libglib2.0-0
+$STD apt install -y libglib2.0-0 ffmpeg
 msg_ok "Installed Dependencies"

 PYTHON_VERSION="3.13" setup_uv
--- a/install/flaresolverr-install.sh
+++ b/install/flaresolverr-install.sh
@@ -29,7 +29,9 @@ setup_deb822_repo \
 $STD apt update
 $STD apt install -y google-chrome-stable
 # remove google-chrome.list added by google-chrome-stable
-rm /etc/apt/sources.list.d/google-chrome.list
+if [ -f /etc/apt/sources.list.d/google-chrome.list ]; then
+  rm /etc/apt/sources.list.d/google-chrome.list
+fi
 msg_ok "Installed Chrome"

 fetch_and_deploy_gh_release "flaresolverr" "FlareSolverr/FlareSolverr" "prebuild" "latest" "/opt/flaresolverr" "flaresolverr_linux_x64.tar.gz"
--- a/install/immich-install.sh
+++ b/install/immich-install.sh
@@ -295,7 +295,7 @@ ML_DIR="${APP_DIR}/machine-learning"
 GEO_DIR="${INSTALL_DIR}/geodata"
 mkdir -p {"${APP_DIR}","${UPLOAD_DIR}","${GEO_DIR}","${INSTALL_DIR}"/cache}

-fetch_and_deploy_gh_release "Immich" "immich-app/immich" "tarball" "v2.6.3" "$SRC_DIR"
+fetch_and_deploy_gh_release "Immich" "immich-app/immich" "tarball" "v2.7.2" "$SRC_DIR"
 PNPM_VERSION="$(jq -r '.packageManager | split("@")[1] | split("+")[0]' ${SRC_DIR}/package.json)"
 NODE_VERSION="24" NODE_MODULE="pnpm@${PNPM_VERSION}" setup_nodejs

@@ -312,6 +312,12 @@ $STD pnpm --filter immich --frozen-lockfile build
 unset SHARP_IGNORE_GLOBAL_LIBVIPS
 export SHARP_FORCE_GLOBAL_LIBVIPS=true
 $STD pnpm --filter immich --frozen-lockfile --prod --no-optional deploy "$APP_DIR"
+
+# Patch helmet.json: disable upgrade-insecure-requests for HTTP access
+if [[ -f "$APP_DIR/helmet.json" ]]; then
+  jq '.contentSecurityPolicy.directives["upgrade-insecure-requests"] = null' "$APP_DIR/helmet.json" >"$APP_DIR/helmet.json.tmp" && mv "$APP_DIR/helmet.json.tmp" "$APP_DIR/helmet.json"
+fi
+
 cp "$APP_DIR"/package.json "$APP_DIR"/bin
 sed -i "s|^start|${APP_DIR}/bin/start|" "$APP_DIR"/bin/immich-admin

@@ -419,6 +425,9 @@ IMMICH_VERSION=release
 NODE_ENV=production
 IMMICH_ALLOW_SETUP=true

+## Change to 'false' to disable CSP
+IMMICH_HELMET_FILE=true
+
 DB_HOSTNAME=127.0.0.1
 DB_USERNAME=${PG_DB_USER}
 DB_PASSWORD=${PG_DB_PASS}
--- a/install/ironclaw-install.sh
+++ b/install/ironclaw-install.sh
@@ -0,0 +1,61 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/nearai/ironclaw
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+PG_VERSION="17" PG_MODULES="pgvector" setup_postgresql
+PG_DB_NAME="ironclaw" PG_DB_USER="ironclaw" PG_DB_EXTENSIONS="vector" setup_postgresql_db
+
+fetch_and_deploy_gh_release "ironclaw-bin" "nearai/ironclaw" "prebuild" "latest" "/usr/local/bin" \
+  "ironclaw-$(uname -m)-unknown-linux-$([[ -f /etc/alpine-release ]] && echo "musl" || echo "gnu").tar.gz"
+chmod +x /usr/local/bin/ironclaw
+
+msg_info "Configuring IronClaw"
+mkdir -p /root/.ironclaw
+GATEWAY_TOKEN=$(openssl rand -hex 32)
+cat <<EOF >/root/.ironclaw/.env
+DATABASE_URL=postgresql://${PG_DB_USER}:${PG_DB_PASS}@localhost:5432/${PG_DB_NAME}?sslmode=disable
+GATEWAY_ENABLED=true
+GATEWAY_HOST=0.0.0.0
+GATEWAY_PORT=3000
+GATEWAY_AUTH_TOKEN=${GATEWAY_TOKEN}
+CLI_ENABLED=false
+AGENT_NAME=ironclaw
+RUST_LOG=ironclaw=info,tower_http=info
+EOF
+chmod 600 /root/.ironclaw/.env
+msg_ok "Configured IronClaw"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/ironclaw.service
+[Unit]
+Description=IronClaw AI Agent
+After=network.target postgresql.service
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/root
+ExecStart=/usr/local/bin/ironclaw
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q ironclaw
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/uhf-install.sh
+++ b/install/uhf-install.sh
@@ -15,7 +15,7 @@ update_os
 setup_hwaccel

 msg_info "Installing Dependencies"
-$STD apt install -y ffmpeg
+setup_ffmpeg
 msg_ok "Installed Dependencies"

 msg_info "Setting Up UHF Server Environment"
--- a/misc/build.func
+++ b/misc/build.func
@@ -4018,7 +4018,7 @@ EOF

    # Wait for IP assignment (IPv4 or IPv6)
    local ip_in_lxc=""
-    for i in {1..20}; do
+    for i in {1..60}; do
      # Try IPv4 first
      ip_in_lxc=$(pct exec "$CTID" -- ip -4 addr show dev eth0 2>/dev/null | awk '/inet / {print $2}' | cut -d/ -f1)
      # Fallback to IPv6 if IPv4 not available
@@ -4026,11 +4026,18 @@ EOF
        ip_in_lxc=$(pct exec "$CTID" -- ip -6 addr show dev eth0 scope global 2>/dev/null | awk '/inet6 / {print $2}' | cut -d/ -f1 | head -n1)
      fi
      [ -n "$ip_in_lxc" ] && break
-      sleep 1
+      # Progressive backoff: 1s for first 20, 2s for next 20, 3s for last 20
+      if [ "$i" -le 20 ]; then
+        sleep 1
+      elif [ "$i" -le 40 ]; then
+        sleep 2
+      else
+        sleep 3
+      fi
    done

    if [ -z "$ip_in_lxc" ]; then
-      msg_error "No IP assigned to CT $CTID after 20s"
+      msg_error "No IP assigned to CT $CTID after 60 attempts"
      msg_custom "🔧" "${YW}" "Troubleshooting:"
      echo "  • Verify bridge ${BRG} exists and has connectivity"
      echo "  • Check if DHCP server is reachable (if using DHCP)"
@@ -5261,9 +5268,10 @@ create_lxc_container() {
    exit 205
  }
  if qm status "$CTID" &>/dev/null || pct status "$CTID" &>/dev/null; then
-    unset CTID
-    msg_error "Cannot use ID that is already in use."
-    exit 206
+    msg_warn "Container/VM ID $CTID is already in use (detected late). Reassigning..."
+    CTID=$(get_valid_container_id "$((CTID + 1))")
+    export CTID
+    msg_ok "Reassigned to container ID $CTID"
  fi

  # Report installation start to API early - captures failures in storage/template/create
@@ -5739,30 +5747,77 @@ create_lxc_container() {
  if ! pct create "$CTID" "${TEMPLATE_STORAGE}:vztmpl/${TEMPLATE}" $PCT_OPTIONS >"$LOGFILE" 2>&1; then
    msg_debug "Container creation failed on ${TEMPLATE_STORAGE}. Checking error..."

-    # Check if template issue - retry with fresh download
-    if grep -qiE 'unable to open|corrupt|invalid' "$LOGFILE"; then
-      msg_info "Template may be corrupted – re-downloading"
-      rm -f "$TEMPLATE_PATH"
-      pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
-      msg_ok "Template re-downloaded"
-    fi
+    # Check if CTID collision (race condition: ID claimed between validation and creation)
+    if grep -qiE 'already exists|already in use' "$LOGFILE"; then
+      local old_ctid="$CTID"
+      CTID=$(get_valid_container_id "$((CTID + 1))")
+      export CTID
+      msg_warn "Container ID $old_ctid was claimed by another process. Retrying with ID $CTID"
+      LOGFILE="/tmp/pct_create_${CTID}_$(date +%Y%m%d_%H%M%S)_${SESSION_ID}.log"
+      if pct create "$CTID" "${TEMPLATE_STORAGE}:vztmpl/${TEMPLATE}" $PCT_OPTIONS >"$LOGFILE" 2>&1; then
+        msg_ok "Container successfully created with new ID $CTID"
+      else
+        msg_error "Container creation failed even with new ID $CTID. See $LOGFILE"
+        _flush_pct_log
+        exit 209
+      fi
+    else
+      # Not a CTID collision - check if template issue and retry with fresh download
+      if grep -qiE 'unable to open|corrupt|invalid' "$LOGFILE"; then
+        msg_info "Template may be corrupted – re-downloading"
+        rm -f "$TEMPLATE_PATH"
+        pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
+        msg_ok "Template re-downloaded"
+      fi

-    # Retry after repair
-    if ! pct create "$CTID" "${TEMPLATE_STORAGE}:vztmpl/${TEMPLATE}" $PCT_OPTIONS >>"$LOGFILE" 2>&1; then
-      # Fallback to local storage if not already on local
-      if [[ "$TEMPLATE_STORAGE" != "local" ]]; then
-        msg_info "Retrying container creation with fallback to local storage"
-        LOCAL_TEMPLATE_PATH="/var/lib/vz/template/cache/$TEMPLATE"
-        if [[ ! -f "$LOCAL_TEMPLATE_PATH" ]]; then
-          msg_ok "Trying local storage fallback"
-          msg_info "Downloading template to local"
-          pveam download local "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
-          msg_ok "Template downloaded to local"
+      # Retry after repair
+      if ! pct create "$CTID" "${TEMPLATE_STORAGE}:vztmpl/${TEMPLATE}" $PCT_OPTIONS >>"$LOGFILE" 2>&1; then
+        # Fallback to local storage if not already on local
+        if [[ "$TEMPLATE_STORAGE" != "local" ]]; then
+          msg_info "Retrying container creation with fallback to local storage"
+          LOCAL_TEMPLATE_PATH="/var/lib/vz/template/cache/$TEMPLATE"
+          if [[ ! -f "$LOCAL_TEMPLATE_PATH" ]]; then
+            msg_ok "Trying local storage fallback"
+            msg_info "Downloading template to local"
+            pveam download local "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
+            msg_ok "Template downloaded to local"
+          else
+            msg_ok "Trying local storage fallback"
+          fi
+          if ! pct create "$CTID" "local:vztmpl/${TEMPLATE}" $PCT_OPTIONS >>"$LOGFILE" 2>&1; then
+            # Local fallback also failed - check for LXC stack version issue
+            if grep -qiE 'unsupported .* version' "$LOGFILE"; then
+              msg_warn "pct reported 'unsupported version' – LXC stack might be too old for this template"
+              offer_lxc_stack_upgrade_and_maybe_retry "yes"
+              rc=$?
+              case $rc in
+              0) : ;; # success - container created, continue
+              2)
+                msg_error "Upgrade declined. Please update and re-run: apt update && apt install --only-upgrade pve-container lxc-pve"
+                _flush_pct_log
+                exit 231
+                ;;
+              3)
+                msg_error "Upgrade and/or retry failed. Please inspect: $LOGFILE"
+                _flush_pct_log
+                exit 231
+                ;;
+              esac
+            else
+              msg_error "Container creation failed. See $LOGFILE"
+              if whiptail --yesno "pct create failed.\nDo you want to enable verbose debug mode and view detailed logs?" 12 70; then
+                set -x
+                pct create "$CTID" "local:vztmpl/${TEMPLATE}" $PCT_OPTIONS 2>&1 | tee -a "$LOGFILE"
+                set +x
+              fi
+              _flush_pct_log
+              exit 209
+            fi
+          else
+            msg_ok "Container successfully created using local fallback."
+          fi
        else
-          msg_ok "Trying local storage fallback"
-        fi
-        if ! pct create "$CTID" "local:vztmpl/${TEMPLATE}" $PCT_OPTIONS >>"$LOGFILE" 2>&1; then
-          # Local fallback also failed - check for LXC stack version issue
+          # Already on local storage and still failed - check LXC stack version
          if grep -qiE 'unsupported .* version' "$LOGFILE"; then
            msg_warn "pct reported 'unsupported version' – LXC stack might be too old for this template"
            offer_lxc_stack_upgrade_and_maybe_retry "yes"
@@ -5790,50 +5845,28 @@ create_lxc_container() {
            _flush_pct_log
            exit 209
          fi
-        else
-          msg_ok "Container successfully created using local fallback."
        fi
      else
-        # Already on local storage and still failed - check LXC stack version
-        if grep -qiE 'unsupported .* version' "$LOGFILE"; then
-          msg_warn "pct reported 'unsupported version' – LXC stack might be too old for this template"
-          offer_lxc_stack_upgrade_and_maybe_retry "yes"
-          rc=$?
-          case $rc in
-          0) : ;; # success - container created, continue
-          2)
-            msg_error "Upgrade declined. Please update and re-run: apt update && apt install --only-upgrade pve-container lxc-pve"
-            _flush_pct_log
-            exit 231
-            ;;
-          3)
-            msg_error "Upgrade and/or retry failed. Please inspect: $LOGFILE"
-            _flush_pct_log
-            exit 231
-            ;;
-          esac
-        else
-          msg_error "Container creation failed. See $LOGFILE"
-          if whiptail --yesno "pct create failed.\nDo you want to enable verbose debug mode and view detailed logs?" 12 70; then
-            set -x
-            pct create "$CTID" "local:vztmpl/${TEMPLATE}" $PCT_OPTIONS 2>&1 | tee -a "$LOGFILE"
-            set +x
-          fi
-          _flush_pct_log
-          exit 209
-        fi
+        msg_ok "Container successfully created after template repair."
      fi
-    else
-      msg_ok "Container successfully created after template repair."
-    fi
+    fi # close CTID collision else-branch
  fi

-  # Verify container exists
-  pct list | awk '{print $1}' | grep -qx "$CTID" || {
-    msg_error "Container ID $CTID not listed in 'pct list'. See $LOGFILE"
+  # Verify container exists (allow up to 10s for pmxcfs sync in clusters)
+  local _pct_visible=false
+  for _pct_check in {1..10}; do
+    if pct list | awk '{print $1}' | grep -qx "$CTID"; then
+      _pct_visible=true
+      break
+    fi
+    sleep 1
+  done
+  if [[ "$_pct_visible" != true ]]; then
+    msg_error "Container ID $CTID not listed in 'pct list' after 10s. See $LOGFILE"
+    msg_custom "🔧" "${YW}" "This can happen in clusters with pmxcfs sync delays."
    _flush_pct_log
    exit 215
-  }
+  fi

  # Verify config rootfs
  grep -q '^rootfs:' "/etc/pve/lxc/$CTID.conf" || {
@@ -5873,6 +5906,12 @@ create_lxc_container() {
 # ------------------------------------------------------------------------------
 description() {
  IP=$(pct exec "$CTID" ip a s dev eth0 | awk '/inet / {print $2}' | cut -d/ -f1)
+  local script_slug script_url donate_url
+
+  script_slug="${SCRIPT_SLUG:-${NSAPP}}"
+  script_slug="$(echo "$script_slug" | tr '[:upper:]' '[:lower:]' | tr ' ' '-')"
+  script_url="https://community-scripts.org/scripts/${script_slug}"
+  donate_url="https://community-scripts.org/donate"

  # Generate LXC Description
  DESCRIPTION=$(
@@ -5885,8 +5924,14 @@ description() {
  <h2 style='font-size: 24px; margin: 20px 0;'>${APP} LXC</h2>

  <p style='margin: 16px 0;'>
-    <a href='https://ko-fi.com/community_scripts' target='_blank' rel='noopener noreferrer'>
-      <img src='https://img.shields.io/badge/&#x2615;-Buy us a coffee-blue' alt='spend Coffee' />
+    <a href='${donate_url}' target='_blank' rel='noopener noreferrer'>
+      <img src='https://img.shields.io/badge/❤️-Sponsoring%20%26%20Donations-FF5E5B' alt='Sponsoring and donations' />
+    </a>
+  </p>
+
+  <p style='margin: 12px 0;'>
+    <a href='${script_url}' target='_blank' rel='noopener noreferrer'>
+      <img src='https://img.shields.io/badge/📦-Open%20Script%20Page-00617f' alt='Open script page' />
    </a>
  </p>

--- a/misc/vm-core.func
+++ b/misc/vm-core.func
@@ -577,6 +577,13 @@ check_hostname_conflict() {
 }

 set_description() {
+  local app_name script_slug script_url donate_url
+  app_name=$(echo "${APP,,}" | tr ' ' '-')
+  script_slug="${SCRIPT_SLUG:-${app_name}}"
+  script_slug="$(echo "$script_slug" | tr '[:upper:]' '[:lower:]' | tr ' ' '-')"
+  script_url="https://community-scripts.org/scripts/${script_slug}"
+  donate_url="https://community-scripts.org/donate"
+
  DESCRIPTION=$(
    cat <<EOF
 <div align='center'>
@@ -587,8 +594,14 @@ set_description() {
  <h2 style='font-size: 24px; margin: 20px 0;'>${NSAPP} VM</h2>

  <p style='margin: 16px 0;'>
-    <a href='https://ko-fi.com/community_scripts' target='_blank' rel='noopener noreferrer'>
-      <img src='https://img.shields.io/badge/&#x2615;-Buy us a coffee-blue' alt='spend Coffee' />
+    <a href='${donate_url}' target='_blank' rel='noopener noreferrer'>
+      <img src='https://img.shields.io/badge/❤️-Sponsoring%20%26%20Donations-FF5E5B' alt='Sponsoring and donations' />
+    </a>
+  </p>
+
+  <p style='margin: 12px 0;'>
+    <a href='${script_url}' target='_blank' rel='noopener noreferrer'>
+      <img src='https://img.shields.io/badge/📦-Open%20Script%20Page-00617f' alt='Open script page' />
    </a>
  </p>
Author	SHA1	Message	Date
community-scripts-pr-app[bot]	a10100d66a	Update CHANGELOG.md (#13605 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2026-04-08 21:22:58 +00:00
CanbiZ (MickLesk)	41848653d6	bambuddy: add mkdir before data restore & add ffmpeg dependency (#13601 )	2026-04-08 23:22:34 +02:00
community-scripts-pr-app[bot]	1eb246ee41	Update CHANGELOG.md (#13604 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2026-04-08 19:41:23 +00:00
CanbiZ (MickLesk)	68b486be92	Add donate & script page badges to descriptions (#13596 ) Update LXC and VM description blocks to include donation and script page badges. Introduces script_slug, script_url and donate_url variables (derived from SCRIPT_SLUG or NSAPP/APP, normalized to lowercase and dashed) and uses them to build links. Replaces the old Ko-fi "Buy us a coffee" badge with a generic donate badge and adds an "Open Script Page" badge linking to the script detail page.	2026-04-08 21:40:52 +02:00
community-scripts-pr-app[bot]	9dd4bff9c5	Update CHANGELOG.md (#13602 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2026-04-08 17:47:34 +00:00
CanbiZ (MickLesk)	ae3e1deece	fix(immich): disable upgrade-insecure-requests CSP directive (#13600 ) Helmet's useDefaults adds upgrade-insecure-requests to the CSP, which forces browsers to upgrade all HTTP requests to HTTPS. Since most LXC users access Immich directly via HTTP, this breaks the web UI completely (CORS errors, spinning logo). Patch helmet.json after deploy to explicitly null out the directive, keeping CSP benefits while allowing HTTP access. Fixes #13597	2026-04-08 19:47:10 +02:00
community-scripts-pr-app[bot]	c11b2e9db2	Update .app files (#13595 ) Co-authored-by: GitHub Actions <github-actions[bot]@users.noreply.github.com>	2026-04-08 16:05:59 +02:00
community-scripts-pr-app[bot]	f7c2477e09	Update CHANGELOG.md (#13594 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2026-04-08 13:59:50 +00:00
push-app-to-main[bot]	8b7c620f92	IronClaw \| Alpine-IronClaw (#13591 ) * Add ironclaw (ct) * add alpine variant --------- Co-authored-by: push-app-to-main[bot] <203845782+push-app-to-main[bot]@users.noreply.github.com> Co-authored-by: CanbiZ (MickLesk) <47820557+MickLesk@users.noreply.github.com>	2026-04-08 15:59:21 +02:00
community-scripts-pr-app[bot]	d3a935e347	Update CHANGELOG.md (#13592 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2026-04-08 12:57:01 +00:00
Zack	74c430ddf2	feat: update UHF Server script to use setup_ffmpeg (#13564 ) Co-authored-by: Zack Rupinga <zackruppert@livenation.com>	2026-04-08 14:56:33 +02:00
community-scripts-pr-app[bot]	be0d0a6a7a	Update CHANGELOG.md (#13587 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2026-04-08 08:39:18 +00:00
maztheman	507ad186dd	Update flaresolverr-install.sh (#13584 ) Fix error saying this file already doesnt exist?	2026-04-08 10:38:53 +02:00
community-scripts-pr-app[bot]	927e7181c2	Update CHANGELOG.md (#13583 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2026-04-08 05:21:31 +00:00
Chris	c5083471d9	Immich: v2.7.2 (#13579 ) * Squash merge dev/openvino-cpu into immich * Immich: bump to v2.7.0 * Upstream fix for helmet.json * Pin to 2.7.1; revert `helmet.json` fix * Pin to v2.7.2	2026-04-08 07:21:07 +02:00
community-scripts-pr-app[bot]	fb6c428a0f	Update CHANGELOG.md (#13581 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2026-04-07 21:11:00 +00:00
CanbiZ (MickLesk)	ac3cf75b11	core: improve resilience for top Proxmox error codes (209, 215, 118, 206) (#13575 )	2026-04-07 23:10:37 +02:00
community-scripts-pr-app[bot]	8e010cacfe	Update CHANGELOG.md (#13571 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2026-04-07 12:46:23 +00:00
Michel Roegl-Brunner	a7a6d5dd17	Remove low-install-count CT scripts and installers (#13570 )	2026-04-07 14:45:56 +02:00