Add workflow to close unauthorized new-script PRs

Add a GitHub Actions workflow that runs on pull_request_target (opened, labeled) for main and automatically closes PRs labeled "new script" when the author is not an allowed bot or a member of the "contributor" team. The workflow comments explaining that new scripts must be submitted to the ProxmoxVED testing repo, closes the PR, and adds a "not a script issue" label. It scopes execution to the community-scripts/ProxmoxVE repo, uses a coolify-runner, and requires pull-requests: write and contents: read permissions.
2026-02-28 19:07:52 +03:00 · 2026-02-26 14:05:54 +01:00
19 changed files with 283 additions and 748 deletions
--- a/.github/workflows/check-node-versions.yml
+++ b/.github/workflows/check-node-versions.yml
@@ -214,12 +214,11 @@ jobs:
            total=$((total + 1))
            slug=$(basename "$script" | sed 's/-install\.sh$//')

-            # Extract Source URL (GitHub only) from the "# Source:" line
+            # Extract Source URL (GitHub only)
            # Supports both:
            #   # Source: https://github.com/owner/repo
            #   # Source: https://example.com | Github: https://github.com/owner/repo
-            # NOTE: Must filter for "# Source:" line first to avoid matching the License URL
-            source_url=$(head -20 "$script" | grep -i '# Source:' | grep -oP 'https://github\.com/[^\s|]+' | head -1 || echo "")
+            source_url=$(head -20 "$script" | grep -oP 'https://github\.com/[^\s|]+' | head -1 || echo "")
            if [[ -z "$source_url" ]]; then
              report_lines+=("| \`$slug\` | — | — | — | — | ⏭️ No GitHub source |")
              continue
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -407,27 +407,6 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit

 </details>

-## 2026-02-28
-
-## 2026-02-27
-
-### 🆕 New Scripts
-
-  - Strapi ([#12320](https://github.com/community-scripts/ProxmoxVE/pull/12320))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - TrueNAS VM: filter out new nightlies with MASTER [@juronja](https://github.com/juronja) ([#12355](https://github.com/community-scripts/ProxmoxVE/pull/12355))
-
-### 💾 Core
-
-  - #### ✨ New Features
-
-    - core: graceful fallback for apt-get update failures [@MickLesk](https://github.com/MickLesk) ([#12386](https://github.com/community-scripts/ProxmoxVE/pull/12386))
-    - core: Improve error outputs across core functions [@MickLesk](https://github.com/MickLesk) ([#12378](https://github.com/community-scripts/ProxmoxVE/pull/12378))
-
 ## 2026-02-26

 ### 🆕 New Scripts
@@ -436,34 +415,10 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit

 ### 🚀 Updated Scripts

-  - #### 🐞 Bug Fixes
-
-    - tools.func: update glx alternatives / nvidia alternative if nvidia glx are missing [@MickLesk](https://github.com/MickLesk) ([#12372](https://github.com/community-scripts/ProxmoxVE/pull/12372))
-    - hotfix: overseer version [@CrazyWolf13](https://github.com/CrazyWolf13) ([#12366](https://github.com/community-scripts/ProxmoxVE/pull/12366))
-
  - #### ✨ New Features

-    - Add ffmpeg for booklore (ffprobe) [@MickLesk](https://github.com/MickLesk) ([#12371](https://github.com/community-scripts/ProxmoxVE/pull/12371))
    - [QOL] Immich: add warning regarding library compilation time [@vhsdream](https://github.com/vhsdream) ([#12345](https://github.com/community-scripts/ProxmoxVE/pull/12345))

-### 🧰 Tools
-
-  - #### 🐞 Bug Fixes
-
-    - Improves adguardhome-sync addon when running on alpine LXCs [@Darkangeel-hd](https://github.com/Darkangeel-hd) ([#12362](https://github.com/community-scripts/ProxmoxVE/pull/12362))
-
-  - #### ✨ New Features
-
-    - Add Alpine support and improve Tailscale install [@MickLesk](https://github.com/MickLesk) ([#12370](https://github.com/community-scripts/ProxmoxVE/pull/12370))
-
-### 📚 Documentation
-
-  - fix wrong link on contributions README.md [@Darkangeel-hd](https://github.com/Darkangeel-hd) ([#12363](https://github.com/community-scripts/ProxmoxVE/pull/12363))
-
-### 📂 Github
-
-  - github: add workflow to autom. close unauthorized new-script PRs [@MickLesk](https://github.com/MickLesk) ([#12356](https://github.com/community-scripts/ProxmoxVE/pull/12356))
-
 ## 2026-02-25

 ### 🆕 New Scripts
--- a/ct/booklore.sh
+++ b/ct/booklore.sh
@@ -34,7 +34,6 @@ function update_script() {
    NODE_VERSION="22" setup_nodejs
    setup_mariadb
    setup_yq
-    ensure_dependencies ffmpeg

    msg_info "Stopping Service"
    systemctl stop booklore
--- a/ct/headers/strapi
+++ b/ct/headers/strapi
@@ -1,6 +0,0 @@
-   _____ __                   _ 
-  / ___// /__________ _____  (_)
-  \__ \/ __/ ___/ __ `/ __ \/ / 
- ___/ / /_/ /  / /_/ / /_/ / /  
-/____/\__/_/   \__,_/ .___/_/   
-                   /_/          
--- a/ct/overseerr.sh
+++ b/ct/overseerr.sh
@@ -28,7 +28,7 @@ function update_script() {
    exit
  fi

-  if [[ -f "$HOME/.overseerr" ]] && [[ "$(printf '%s\n' "1.35.0" "$(cat "$HOME/.overseerr")" | sort -V | head -n1)" == "1.35.0" ]]; then
+  if [[ -f "$HOME/.overseerr" ]] && [[ "$(printf '%s\n' "1.34.0" "$(cat "$HOME/.overseerr")" | sort -V | head -n1)" == "1.35.0" ]]; then
    echo
    echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
    echo "Overseerr v1.34.0 detected."
--- a/ct/strapi.sh
+++ b/ct/strapi.sh
@@ -1,61 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: pespinel
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://strapi.io/
-
-APP="Strapi"
-var_tags="${var_tags:-cms}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-4096}"
-var_disk="${var_disk:-8}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-  if [[ ! -f /etc/systemd/system/strapi.service ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  NODE_VERSION="24" setup_nodejs
-
-  msg_info "Stopping Strapi"
-  systemctl stop strapi
-  msg_ok "Stopped Strapi"
-
-  msg_info "Updating Strapi"
-  cd /opt/strapi
-  $STD npx @strapi/upgrade minor --yes
-  msg_ok "Updated Strapi"
-
-  msg_info "Building Strapi"
-  export NODE_OPTIONS="--max-old-space-size=3072"
-  $STD npm run build
-  msg_ok "Built Strapi"
-
-  msg_info "Starting Strapi"
-  systemctl start strapi
-  msg_ok "Started Strapi"
-  msg_ok "Updated successfully!"
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:1337${CL}"
--- a/docs/contribution/README.md
+++ b/docs/contribution/README.md
@@ -175,7 +175,7 @@ All scripts and configurations must follow our coding standards to ensure consis
 ### Available Guides

 - **[CONTRIBUTING.md](CONTRIBUTING.md)** - Essential coding standards and best practices
- **[CODE-AUDIT.md](CODE-AUDIT.md)** - Code review checklist and audit procedures
+- **[CODE_AUDIT.md](CODE_AUDIT.md)** - Code review checklist and audit procedures
 - **[GUIDE.md](GUIDE.md)** - Comprehensive contribution guide
 - **[HELPER_FUNCTIONS.md](HELPER_FUNCTIONS.md)** - Reference for all tools.func helper functions
 - **Container Scripts** - `/ct/` templates and guidelines
--- a/frontend/public/json/github-versions.json
+++ b/frontend/public/json/github-versions.json
@@ -1,5 +1,5 @@
 {
-  "generated": "2026-02-28T06:10:00Z",
+  "generated": "2026-02-26T12:14:56Z",
  "versions": [
    {
      "slug": "2fauth",
@@ -18,9 +18,9 @@
    {
      "slug": "adguardhome-sync",
      "repo": "bakito/adguardhome-sync",
-      "version": "v0.9.0",
+      "version": "v0.8.2",
      "pinned": false,
-      "date": "2026-02-27T18:37:37Z"
+      "date": "2025-10-24T17:13:47Z"
    },
    {
      "slug": "adventurelog",
@@ -116,9 +116,9 @@
    {
      "slug": "bentopdf",
      "repo": "alam00000/bentopdf",
-      "version": "v2.3.3",
+      "version": "v2.3.1",
      "pinned": false,
-      "date": "2026-02-27T08:40:05Z"
+      "date": "2026-02-21T09:04:27Z"
    },
    {
      "slug": "beszel",
@@ -144,23 +144,23 @@
    {
      "slug": "blocky",
      "repo": "0xERR0R/blocky",
-      "version": "v0.29.0",
+      "version": "v0.28.2",
      "pinned": false,
-      "date": "2026-02-27T15:48:56Z"
+      "date": "2025-11-18T05:51:46Z"
    },
    {
      "slug": "booklore",
      "repo": "booklore-app/BookLore",
-      "version": "v2.0.4",
+      "version": "v2.0.2",
      "pinned": false,
-      "date": "2026-02-28T01:54:25Z"
+      "date": "2026-02-25T19:59:20Z"
    },
    {
      "slug": "bookstack",
      "repo": "BookStackApp/BookStack",
-      "version": "v25.12.8",
+      "version": "v25.12.7",
      "pinned": false,
-      "date": "2026-02-27T10:33:14Z"
+      "date": "2026-02-19T23:36:55Z"
    },
    {
      "slug": "byparr",
@@ -200,9 +200,9 @@
    {
      "slug": "cleanuparr",
      "repo": "Cleanuparr/Cleanuparr",
-      "version": "v2.7.6",
+      "version": "v2.7.5",
      "pinned": false,
-      "date": "2026-02-27T19:32:02Z"
+      "date": "2026-02-24T17:11:50Z"
    },
    {
      "slug": "cloudreve",
@@ -214,9 +214,9 @@
    {
      "slug": "comfyui",
      "repo": "comfyanonymous/ComfyUI",
-      "version": "v0.15.1",
+      "version": "v0.15.0",
      "pinned": false,
-      "date": "2026-02-26T22:01:35Z"
+      "date": "2026-02-24T20:56:09Z"
    },
    {
      "slug": "commafeed",
@@ -242,9 +242,9 @@
    {
      "slug": "cosmos",
      "repo": "azukaar/Cosmos-Server",
-      "version": "v0.21.5",
+      "version": "v0.21.2",
      "pinned": false,
-      "date": "2026-02-27T10:07:11Z"
+      "date": "2026-02-26T11:32:33Z"
    },
    {
      "slug": "cronicle",
@@ -277,9 +277,9 @@
    {
      "slug": "dawarich",
      "repo": "Freika/dawarich",
-      "version": "1.3.1",
+      "version": "1.3.0",
      "pinned": false,
-      "date": "2026-02-27T19:47:40Z"
+      "date": "2026-02-25T19:30:25Z"
    },
    {
      "slug": "discopanel",
@@ -291,9 +291,9 @@
    {
      "slug": "dispatcharr",
      "repo": "Dispatcharr/Dispatcharr",
-      "version": "v0.20.1",
+      "version": "v0.19.0",
      "pinned": false,
-      "date": "2026-02-26T21:38:19Z"
+      "date": "2026-02-10T21:18:10Z"
    },
    {
      "slug": "docmost",
@@ -361,9 +361,9 @@
    {
      "slug": "endurain",
      "repo": "endurain-project/endurain",
-      "version": "v0.17.6",
+      "version": "v0.17.5",
      "pinned": false,
-      "date": "2026-02-27T23:08:50Z"
+      "date": "2026-02-24T14:51:03Z"
    },
    {
      "slug": "ersatztv",
@@ -382,9 +382,9 @@
    {
      "slug": "firefly",
      "repo": "firefly-iii/firefly-iii",
-      "version": "v6.5.1",
+      "version": "v6.5.0",
      "pinned": false,
-      "date": "2026-02-27T20:55:55Z"
+      "date": "2026-02-23T19:19:00Z"
    },
    {
      "slug": "fladder",
@@ -452,9 +452,9 @@
    {
      "slug": "gitea-mirror",
      "repo": "RayLabsHQ/gitea-mirror",
-      "version": "v3.9.6",
+      "version": "v3.9.5",
      "pinned": false,
-      "date": "2026-02-27T07:15:42Z"
+      "date": "2026-02-26T05:32:12Z"
    },
    {
      "slug": "glance",
@@ -494,9 +494,9 @@
    {
      "slug": "grist",
      "repo": "gristlabs/grist-core",
-      "version": "v1.7.11",
+      "version": "v1.7.10",
      "pinned": false,
-      "date": "2026-02-27T17:13:50Z"
+      "date": "2026-01-12T20:50:50Z"
    },
    {
      "slug": "grocy",
@@ -550,9 +550,9 @@
    {
      "slug": "homarr",
      "repo": "homarr-labs/homarr",
-      "version": "v1.54.0",
+      "version": "v1.53.2",
      "pinned": false,
-      "date": "2026-02-27T19:38:50Z"
+      "date": "2026-02-20T19:41:55Z"
    },
    {
      "slug": "homebox",
@@ -606,16 +606,16 @@
    {
      "slug": "invoiceninja",
      "repo": "invoiceninja/invoiceninja",
-      "version": "v5.12.69",
+      "version": "v5.12.68",
      "pinned": false,
-      "date": "2026-02-26T22:23:32Z"
+      "date": "2026-02-25T19:38:19Z"
    },
    {
      "slug": "jackett",
      "repo": "Jackett/Jackett",
-      "version": "v0.24.1226",
+      "version": "v0.24.1218",
      "pinned": false,
-      "date": "2026-02-28T05:58:51Z"
+      "date": "2026-02-26T05:55:11Z"
    },
    {
      "slug": "jellystat",
@@ -669,9 +669,9 @@
    {
      "slug": "kima-hub",
      "repo": "Chevron7Locked/kima-hub",
-      "version": "v1.5.10",
+      "version": "v1.5.7",
      "pinned": false,
-      "date": "2026-02-27T19:25:56Z"
+      "date": "2026-02-23T23:58:59Z"
    },
    {
      "slug": "kimai",
@@ -718,9 +718,9 @@
    {
      "slug": "kubo",
      "repo": "ipfs/kubo",
-      "version": "v0.40.1",
+      "version": "v0.40.0",
      "pinned": false,
-      "date": "2026-02-27T17:58:22Z"
+      "date": "2026-02-25T23:16:17Z"
    },
    {
      "slug": "kutt",
@@ -795,9 +795,9 @@
    {
      "slug": "lubelogger",
      "repo": "hargata/lubelog",
-      "version": "v1.6.1",
+      "version": "v1.6.0",
      "pinned": false,
-      "date": "2026-02-26T20:01:24Z"
+      "date": "2026-02-10T20:16:32Z"
    },
    {
      "slug": "mafl",
@@ -830,9 +830,9 @@
    {
      "slug": "manyfold",
      "repo": "manyfold3d/manyfold",
-      "version": "v0.133.1",
+      "version": "v0.133.0",
      "pinned": false,
-      "date": "2026-02-26T15:50:34Z"
+      "date": "2026-02-25T10:40:26Z"
    },
    {
      "slug": "mealie",
@@ -872,9 +872,9 @@
    {
      "slug": "metube",
      "repo": "alexta69/metube",
-      "version": "2026.02.27",
+      "version": "2026.02.22",
      "pinned": false,
-      "date": "2026-02-27T11:47:02Z"
+      "date": "2026-02-22T00:58:45Z"
    },
    {
      "slug": "miniflux",
@@ -956,9 +956,9 @@
    {
      "slug": "nodebb",
      "repo": "NodeBB/NodeBB",
-      "version": "v4.9.0",
+      "version": "v4.8.1",
      "pinned": false,
-      "date": "2026-02-27T19:20:51Z"
+      "date": "2026-01-28T14:19:11Z"
    },
    {
      "slug": "nodecast-tv",
@@ -970,9 +970,9 @@
    {
      "slug": "oauth2-proxy",
      "repo": "oauth2-proxy/oauth2-proxy",
-      "version": "v7.14.3",
+      "version": "v7.14.2",
      "pinned": false,
-      "date": "2026-02-26T14:10:21Z"
+      "date": "2026-01-18T00:26:09Z"
    },
    {
      "slug": "ombi",
@@ -1047,9 +1047,9 @@
    {
      "slug": "pangolin",
      "repo": "fosrl/pangolin",
-      "version": "1.16.1",
+      "version": "1.15.4",
      "pinned": false,
-      "date": "2026-02-27T21:18:53Z"
+      "date": "2026-02-13T23:01:29Z"
    },
    {
      "slug": "paperless-ai",
@@ -1061,9 +1061,9 @@
    {
      "slug": "paperless-gpt",
      "repo": "icereed/paperless-gpt",
-      "version": "v0.25.1",
+      "version": "v0.25.0",
      "pinned": false,
-      "date": "2026-02-26T14:50:11Z"
+      "date": "2026-02-16T08:31:48Z"
    },
    {
      "slug": "paperless-ngx",
@@ -1222,9 +1222,9 @@
    {
      "slug": "pulse",
      "repo": "rcourtman/Pulse",
-      "version": "v5.1.15",
+      "version": "v5.1.14",
      "pinned": false,
-      "date": "2026-02-27T15:17:24Z"
+      "date": "2026-02-25T00:11:58Z"
    },
    {
      "slug": "pve-scripts-local",
@@ -1376,9 +1376,9 @@
    {
      "slug": "seerr",
      "repo": "seerr-team/seerr",
-      "version": "v3.1.0",
+      "version": "v3.0.1",
      "pinned": false,
-      "date": "2026-02-27T17:25:29Z"
+      "date": "2026-02-14T19:30:24Z"
    },
    {
      "slug": "semaphore",
@@ -1558,9 +1558,9 @@
    {
      "slug": "traccar",
      "repo": "traccar/traccar",
-      "version": "v6.12.2",
+      "version": "v6.12.1",
      "pinned": false,
-      "date": "2026-02-27T15:08:36Z"
+      "date": "2026-02-22T18:47:37Z"
    },
    {
      "slug": "tracearr",
@@ -1607,9 +1607,9 @@
    {
      "slug": "tunarr",
      "repo": "chrisbenincasa/tunarr",
-      "version": "v1.1.18",
+      "version": "v1.1.17",
      "pinned": false,
-      "date": "2026-02-26T22:09:44Z"
+      "date": "2026-02-25T19:56:36Z"
    },
    {
      "slug": "uhf",
@@ -1670,9 +1670,9 @@
    {
      "slug": "vikunja",
      "repo": "go-vikunja/vikunja",
-      "version": "v2.1.0",
+      "version": "v2.0.0",
      "pinned": false,
-      "date": "2026-02-27T14:26:53Z"
+      "date": "2026-02-25T13:58:47Z"
    },
    {
      "slug": "wallabag",
@@ -1817,9 +1817,9 @@
    {
      "slug": "zoraxy",
      "repo": "tobychui/zoraxy",
-      "version": "v3.3.2-rc2",
+      "version": "v3.3.2-rc1",
      "pinned": false,
-      "date": "2026-02-27T03:31:25Z"
+      "date": "2026-02-15T02:16:17Z"
    },
    {
      "slug": "zwave-js-ui",
--- a/frontend/public/json/strapi.json
+++ b/frontend/public/json/strapi.json
@@ -1,48 +0,0 @@
-{
-  "name": "Strapi",
-  "slug": "strapi",
-  "categories": [
-    12
-  ],
-  "date_created": "2026-02-27",
-  "type": "ct",
-  "updateable": true,
-  "privileged": false,
-  "interface_port": 1337,
-  "documentation": "https://docs.strapi.io/",
-  "website": "https://strapi.io/",
-  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/strapi.webp",
-  "config_path": "/opt/strapi/.env",
-  "description": "Strapi is a leading open-source headless CMS that enables developers to build powerful APIs quickly. It features a flexible content structure with customizable content types, supporting both REST and GraphQL APIs. The intuitive admin panel allows non-technical users to manage content easily, while developers can extend functionality through plugins. Built on Node.js, Strapi offers role-based access control, media library management, and internationalization support out of the box.",
-  "install_methods": [
-    {
-      "type": "default",
-      "script": "ct/strapi.sh",
-      "resources": {
-        "cpu": 2,
-        "ram": 4096,
-        "hdd": 8,
-        "os": "debian",
-        "version": "13"
-      }
-    }
-  ],
-  "default_credentials": {
-    "username": null,
-    "password": null
-  },
-  "notes": [
-    {
-      "text": "First-time setup requires creating an admin account at http://IP:1337/admin",
-      "type": "info"
-    },
-    {
-      "text": "Default installation uses SQLite. For production use, consider configuring PostgreSQL or MySQL.",
-      "type": "info"
-    },
-    {
-      "text": "Building the admin panel requires 4GB RAM. Container may take 10-15 minutes to fully initialize.",
-      "type": "warning"
-    }
-  ]
-}
--- a/install/booklore-install.sh
+++ b/install/booklore-install.sh
@@ -13,10 +13,6 @@ setting_up_container
 network_check
 update_os

-msg_info "Installing Dependencies"
-$STD apt install -y ffmpeg
-msg_ok "Installed Dependencies"
-
 JAVA_VERSION="25" setup_java
 NODE_VERSION="22" setup_nodejs
 setup_mariadb
--- a/install/strapi-install.sh
+++ b/install/strapi-install.sh
@@ -1,69 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 community-scripts ORG
-# Author: pespinel
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://strapi.io/
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  build-essential \
-  python3 \
-  python3-setuptools \
-  libvips42
-msg_ok "Installed Dependencies"
-
-NODE_VERSION="24" setup_nodejs
-
-msg_info "Installing Strapi (Patience)"
-mkdir -p /opt/strapi
-cd /opt/strapi
-$STD npx --yes create-strapi-app@latest . --quickstart --no-run --skip-cloud
-msg_ok "Installed Strapi"
-
-msg_info "Building Strapi"
-cd /opt/strapi
-export NODE_OPTIONS="--max-old-space-size=3072"
-$STD npm run build
-msg_ok "Built Strapi"
-
-msg_info "Creating Service"
-cat <<EOF >/opt/strapi/.env
-HOST=0.0.0.0
-PORT=1337
-APP_KEYS=$(openssl rand -base64 32)
-API_TOKEN_SALT=$(openssl rand -base64 32)
-ADMIN_JWT_SECRET=$(openssl rand -base64 32)
-TRANSFER_TOKEN_SALT=$(openssl rand -base64 32)
-JWT_SECRET=$(openssl rand -base64 32)
-EOF
-cat <<EOF >/etc/systemd/system/strapi.service
-[Unit]
-Description=Strapi CMS
-After=network.target
-
-[Service]
-Type=simple
-WorkingDirectory=/opt/strapi
-EnvironmentFile=/opt/strapi/.env
-ExecStart=/usr/bin/npm run start
-Restart=on-failure
-Environment=NODE_ENV=production
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now strapi
-msg_ok "Created Service"
-
-motd_ssh
-customize
-cleanup_lxc
--- a/misc/build.func
+++ b/misc/build.func
@@ -118,7 +118,7 @@ maxkeys_check() {

  # Exit if kernel parameters are unavailable
  if [[ "$per_user_maxkeys" -eq 0 || "$per_user_maxbytes" -eq 0 ]]; then
-    msg_error "Unable to read kernel key parameters. Ensure proper permissions."
+    echo -e "${CROSS}${RD} Error: Unable to read kernel parameters. Ensure proper permissions.${CL}"
    exit 1
  fi

@@ -135,19 +135,19 @@ maxkeys_check() {
  # Check if key or byte usage is near limits
  failure=0
  if [[ "$used_lxc_keys" -gt "$threshold_keys" ]]; then
-    msg_warn "Key usage is near the limit (${used_lxc_keys}/${per_user_maxkeys})"
+    echo -e "${CROSS}${RD} Warning: Key usage is near the limit (${used_lxc_keys}/${per_user_maxkeys}).${CL}"
    echo -e "${INFO} Suggested action: Set ${GN}kernel.keys.maxkeys=${new_limit_keys}${CL} in ${BOLD}/etc/sysctl.d/98-community-scripts.conf${CL}."
    failure=1
  fi
  if [[ "$used_lxc_bytes" -gt "$threshold_bytes" ]]; then
-    msg_warn "Key byte usage is near the limit (${used_lxc_bytes}/${per_user_maxbytes})"
+    echo -e "${CROSS}${RD} Warning: Key byte usage is near the limit (${used_lxc_bytes}/${per_user_maxbytes}).${CL}"
    echo -e "${INFO} Suggested action: Set ${GN}kernel.keys.maxbytes=${new_limit_bytes}${CL} in ${BOLD}/etc/sysctl.d/98-community-scripts.conf${CL}."
    failure=1
  fi

  # Provide next steps if issues are detected
  if [[ "$failure" -eq 1 ]]; then
-    msg_error "Kernel key limits exceeded - see suggestions above"
+    echo -e "${INFO} To apply changes, run: ${BOLD}service procps force-reload${CL}"
    exit 1
  fi

@@ -2034,7 +2034,6 @@ advanced_settings() {
          ((STEP++))
        else
          whiptail --msgbox "Default bridge 'vmbr0' not found!\n\nPlease configure a network bridge in Proxmox first." 10 58
-          msg_error "Default bridge 'vmbr0' not found"
          exit 1
        fi
      else
@@ -3050,7 +3049,7 @@ install_script() {
      CHOICE=""
      ;;
    *)
-      msg_error "Invalid option: $CHOICE"
+      echo -e "${CROSS}${RD}Invalid option: $CHOICE${CL}"
      exit 1
      ;;
    esac
@@ -3129,12 +3128,12 @@ check_container_resources() {
  current_cpu=$(nproc)

  if [[ "$current_ram" -lt "$var_ram" ]] || [[ "$current_cpu" -lt "$var_cpu" ]]; then
-    msg_warn "Under-provisioned: Required ${var_cpu} CPU/${var_ram}MB RAM, Current ${current_cpu} CPU/${current_ram}MB RAM"
+    echo -e "\n${INFO}${HOLD} ${GN}Required: ${var_cpu} CPU, ${var_ram}MB RAM ${CL}| ${RD}Current: ${current_cpu} CPU, ${current_ram}MB RAM${CL}"
    echo -e "${YWB}Please ensure that the ${APP} LXC is configured with at least ${var_cpu} vCPU and ${var_ram} MB RAM for the build process.${CL}\n"
    echo -ne "${INFO}${HOLD} May cause data loss! ${INFO} Continue update with under-provisioned LXC? <yes/No>  "
-    read -r prompt </dev/tty
+    read -r prompt
    if [[ ! ${prompt,,} =~ ^(yes)$ ]]; then
-      msg_error "Aborted: under-provisioned LXC (${current_cpu} CPU/${current_ram}MB RAM < ${var_cpu} CPU/${var_ram}MB RAM)"
+      echo -e "${CROSS}${HOLD} ${YWB}Exiting based on user input.${CL}"
      exit 1
    fi
  else
@@ -3153,11 +3152,11 @@ check_container_storage() {
  local used_size=$(df /boot --output=used | tail -n 1)
  usage=$((100 * used_size / total_size))
  if ((usage > 80)); then
-    msg_warn "Storage is dangerously low (${usage}% used on /boot)"
+    echo -e "${INFO}${HOLD} ${YWB}Warning: Storage is dangerously low (${usage}%).${CL}"
    echo -ne "Continue anyway? <y/N>  "
-    read -r prompt </dev/tty
+    read -r prompt
    if [[ ! ${prompt,,} =~ ^(y|yes)$ ]]; then
-      msg_error "Aborted: storage too low (${usage}% used)"
+      echo -e "${CROSS}${HOLD}${YWB}Exiting based on user input.${CL}"
      exit 1
    fi
  fi
@@ -3547,16 +3546,10 @@ build_container() {
  # Build PCT_OPTIONS as string for export
  TEMP_DIR=$(mktemp -d)
  pushd "$TEMP_DIR" >/dev/null
-  local _func_url
  if [ "$var_os" == "alpine" ]; then
-    _func_url="https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/alpine-install.func"
+    export FUNCTIONS_FILE_PATH="$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/alpine-install.func)"
  else
-    _func_url="https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/install.func"
-  fi
-  export FUNCTIONS_FILE_PATH="$(curl -fsSL "$_func_url")"
-  if [[ -z "$FUNCTIONS_FILE_PATH" || ${#FUNCTIONS_FILE_PATH} -lt 100 ]]; then
-    msg_error "Failed to download install functions from: $_func_url"
-    exit 1
+    export FUNCTIONS_FILE_PATH="$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/install.func)"
  fi

  # Core exports for install.func
@@ -3707,18 +3700,10 @@ $PCT_OPTIONS_STRING"
    NVIDIA_DEVICES=()

    # Store PCI info to avoid multiple calls
-    # grep returns exit 1 when no match — use || true to prevent ERR trap
-    local pci_vga_info
-    pci_vga_info=$(lspci -nn 2>/dev/null | grep -E "VGA|Display|3D" || true)
-
-    # No GPU-related PCI devices at all? Skip silently.
-    if [[ -z "$pci_vga_info" ]]; then
-      msg_debug "No VGA/Display/3D PCI devices found"
-      return 0
-    fi
+    local pci_vga_info=$(lspci -nn 2>/dev/null | grep -E "VGA|Display|3D")

    # Check for Intel GPU - look for Intel vendor ID [8086]
-    if grep -q "\[8086:" <<<"$pci_vga_info"; then
+    if echo "$pci_vga_info" | grep -q "\[8086:"; then
      msg_custom "🎮" "${BL}" "Detected Intel GPU"
      if [[ -d /dev/dri ]]; then
        for d in /dev/dri/renderD* /dev/dri/card*; do
@@ -3728,7 +3713,7 @@ $PCT_OPTIONS_STRING"
    fi

    # Check for AMD GPU - look for AMD vendor IDs [1002] (AMD/ATI) or [1022] (AMD)
-    if grep -qE "\[1002:|\[1022:" <<<"$pci_vga_info"; then
+    if echo "$pci_vga_info" | grep -qE "\[1002:|\[1022:"; then
      msg_custom "🎮" "${RD}" "Detected AMD GPU"
      if [[ -d /dev/dri ]]; then
        # Only add if not already claimed by Intel
@@ -3741,7 +3726,7 @@ $PCT_OPTIONS_STRING"
    fi

    # Check for NVIDIA GPU - look for NVIDIA vendor ID [10de]
-    if grep -q "\[10de:" <<<"$pci_vga_info"; then
+    if echo "$pci_vga_info" | grep -q "\[10de:"; then
      msg_custom "🎮" "${GN}" "Detected NVIDIA GPU"

      # Simple passthrough - just bind /dev/nvidia* devices if they exist
@@ -3842,7 +3827,7 @@ EOF
      for gpu in "${available_gpus[@]}"; do
        echo "  - $gpu"
      done
-      read -rp "Which GPU type to passthrough? (${available_gpus[*]}): " selected_gpu </dev/tty
+      read -rp "Which GPU type to passthrough? (${available_gpus[*]}): " selected_gpu
      selected_gpu="${selected_gpu^^}"

      # Validate selection
@@ -3935,9 +3920,7 @@ EOF
    fi
    sleep 1
    if [ "$i" -eq 10 ]; then
-      local ct_status
-      ct_status=$(pct status "$CTID" 2>/dev/null || echo "unknown")
-      msg_error "LXC Container did not reach running state (status: ${ct_status})"
+      msg_error "LXC Container did not reach running state"
      exit 1
    fi
  done
@@ -3961,7 +3944,7 @@ EOF

    if [ -z "$ip_in_lxc" ]; then
      msg_error "No IP assigned to CT $CTID after 20s"
-      msg_custom "🔧" "${YW}" "Troubleshooting:"
+      echo -e "${YW}Troubleshooting:${CL}"
      echo "  • Verify bridge ${BRG} exists and has connectivity"
      echo "  • Check if DHCP server is reachable (if using DHCP)"
      echo "  • Verify static IP configuration (if using static IP)"
@@ -3983,7 +3966,8 @@ EOF
    done

    if [ "$ping_success" = false ]; then
-      msg_warn "Network configured (IP: $ip_in_lxc) but connectivity test failed - installation will continue"
+      msg_warn "Network configured (IP: $ip_in_lxc) but connectivity test failed"
+      echo -e "${YW}Container may have limited internet access. Installation will continue...${CL}"
    else
      msg_ok "Network in LXC is reachable (ping)"
    fi
@@ -4020,16 +4004,6 @@ EOF
  #   install_gpu_userland "NVIDIA"
  # fi

-  # Disable error trap for entire customization & install phase.
-  # All errors are handled explicitly — recovery menu shown on failure.
-  # Without this, customization errors (e.g. container stopped during base package
-  # install) would trigger error_handler() with a simple "Remove broken container?"
-  # prompt instead of the full recovery menu with retry/repair options.
-  set +Eeuo pipefail
-  trap - ERR
-
-  local install_exit_code=0
-
  # Continue with standard container setup
  if [ "$var_os" == "alpine" ]; then
    sleep 3
@@ -4037,10 +4011,7 @@ EOF
 http://dl-cdn.alpinelinux.org/alpine/latest-stable/main
 http://dl-cdn.alpinelinux.org/alpine/latest-stable/community
 EOF'
-    pct exec "$CTID" -- ash -c "apk add bash newt curl openssh nano mc ncurses jq" >>"$BUILD_LOG" 2>&1 || {
-      msg_error "Failed to install base packages in Alpine container"
-      install_exit_code=1
-    }
+    pct exec "$CTID" -- ash -c "apk add bash newt curl openssh nano mc ncurses jq >/dev/null"
  else
    sleep 3
    LANG=${LANG:-en_US.UTF-8}
@@ -4063,69 +4034,69 @@ EOF'
      msg_warn "Skipping timezone setup – zone '$tz' not found in container"
    fi

-    pct exec "$CTID" -- bash -c "apt-get update 2>&1 && apt-get install -y sudo curl mc gnupg2 jq 2>&1" >>"$BUILD_LOG" 2>&1 || {
+    pct exec "$CTID" -- bash -c "apt-get update >/dev/null && apt-get install -y sudo curl mc gnupg2 jq >/dev/null" || {
      msg_error "apt-get base packages installation failed"
-      install_exit_code=1
+      exit 1
    }
  fi

-  # Only continue with installation if customization succeeded
-  if [[ $install_exit_code -eq 0 ]]; then
-    msg_ok "Customized LXC Container"
+  msg_ok "Customized LXC Container"

-    # Optional DNS override for retry scenarios (inside LXC, never on host)
-    if [[ "${DNS_RETRY_OVERRIDE:-false}" == "true" ]]; then
-      msg_info "Applying DNS retry override in LXC (8.8.8.8, 1.1.1.1)"
-      pct exec "$CTID" -- bash -c "printf 'nameserver 8.8.8.8\nnameserver 1.1.1.1\n' >/etc/resolv.conf" >/dev/null 2>&1 || true
-      msg_ok "DNS override applied in LXC"
+  # Optional DNS override for retry scenarios (inside LXC, never on host)
+  if [[ "${DNS_RETRY_OVERRIDE:-false}" == "true" ]]; then
+    msg_info "Applying DNS retry override in LXC (8.8.8.8, 1.1.1.1)"
+    pct exec "$CTID" -- bash -c "printf 'nameserver 8.8.8.8\nnameserver 1.1.1.1\n' >/etc/resolv.conf" >/dev/null 2>&1 || true
+    msg_ok "DNS override applied in LXC"
+  fi
+
+  # Install SSH keys
+  install_ssh_keys_into_ct
+
+  # Start timer for duration tracking
+  start_install_timer
+
+  # Run application installer
+  # Disable error trap - container errors are handled internally via flag file
+  set +Eeuo pipefail # Disable ALL error handling temporarily
+  trap - ERR         # Remove ERR trap completely
+
+  # Signal handlers use this flag to stop the container on abort (SIGHUP/SIGINT/SIGTERM)
+  # Without this, SSH disconnects leave the container running as an orphan process
+  # that sends "configuring" status AFTER the host already reported "failed"
+  export CONTAINER_INSTALLING=true
+
+  # Capture lxc-attach terminal output to host-side log via tee.
+  # This is the ONLY reliable way to get install output when:
+  #   - install.func fails to load (DNS error) → no container-side logging
+  #   - install script crashes before logging starts
+  #   - $STD/silent() not used for some commands
+  # PIPESTATUS[0] gets the real exit code from lxc-attach (not from tee).
+  local _LXC_CAPTURE_LOG="/tmp/.install-capture-${SESSION_ID}.log"
+  lxc-attach -n "$CTID" -- bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/install/${var_install}.sh)" 2>&1 | tee "$_LXC_CAPTURE_LOG"
+  local lxc_exit=${PIPESTATUS[0]}
+
+  unset CONTAINER_INSTALLING
+
+  # Keep error handling DISABLED during failure detection and recovery
+  # Re-enabling it here would cause any pct exec/pull failure to trigger
+  # error_handler() on the host, bypassing the recovery menu entirely
+
+  # Check for error flag file in container (more reliable than lxc-attach exit code)
+  local install_exit_code=0
+  if [[ -n "${SESSION_ID:-}" ]]; then
+    local error_flag="/root/.install-${SESSION_ID}.failed"
+    if pct exec "$CTID" -- test -f "$error_flag" 2>/dev/null; then
+      install_exit_code=$(pct exec "$CTID" -- cat "$error_flag" 2>/dev/null || echo "1")
+      pct exec "$CTID" -- rm -f "$error_flag" 2>/dev/null || true
    fi
+  fi

-    # Install SSH keys
-    install_ssh_keys_into_ct
+  # Fallback to lxc-attach exit code if no flag file
+  if [[ $install_exit_code -eq 0 && $lxc_exit -ne 0 ]]; then
+    install_exit_code=$lxc_exit
+  fi

-    # Start timer for duration tracking
-    start_install_timer
-
-    # Run application installer
-    # Error handling already disabled above (before customization phase)
-
-    # Signal handlers use this flag to stop the container on abort (SIGHUP/SIGINT/SIGTERM)
-    # Without this, SSH disconnects leave the container running as an orphan process
-    # that sends "configuring" status AFTER the host already reported "failed"
-    export CONTAINER_INSTALLING=true
-
-    # Capture lxc-attach terminal output to host-side log via tee.
-    # This is the ONLY reliable way to get install output when:
-    #   - install.func fails to load (DNS error) → no container-side logging
-    #   - install script crashes before logging starts
-    #   - $STD/silent() not used for some commands
-    # PIPESTATUS[0] gets the real exit code from lxc-attach (not from tee).
-    local _LXC_CAPTURE_LOG="/tmp/.install-capture-${SESSION_ID}.log"
-    lxc-attach -n "$CTID" -- bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/install/${var_install}.sh)" 2>&1 | tee "$_LXC_CAPTURE_LOG"
-    local lxc_exit=${PIPESTATUS[0]}
-
-    unset CONTAINER_INSTALLING
-
-    # Keep error handling DISABLED during failure detection and recovery
-    # Re-enabling it here would cause any pct exec/pull failure to trigger
-    # error_handler() on the host, bypassing the recovery menu entirely
-
-    # Check for error flag file in container (more reliable than lxc-attach exit code)
-    if [[ -n "${SESSION_ID:-}" ]]; then
-      local error_flag="/root/.install-${SESSION_ID}.failed"
-      if pct exec "$CTID" -- test -f "$error_flag" 2>/dev/null; then
-        install_exit_code=$(pct exec "$CTID" -- cat "$error_flag" 2>/dev/null || echo "1")
-        pct exec "$CTID" -- rm -f "$error_flag" 2>/dev/null || true
-      fi
-    fi
-
-    # Fallback to lxc-attach exit code if no flag file
-    if [[ $install_exit_code -eq 0 && ${lxc_exit:-0} -ne 0 ]]; then
-      install_exit_code=${lxc_exit:-0}
-    fi
-  fi # end: if [[ $install_exit_code -eq 0 ]] (customization succeeded)
-
-  # Installation or customization failed?
+  # Installation failed?
  if [[ $install_exit_code -ne 0 ]]; then
    # Prevent job-control signals from suspending the script during recovery.
    # In non-interactive shells (bash -c), background processes (spinner) can
@@ -4237,7 +4208,7 @@ EOF'
      pct enter "$CTID"
      echo ""
      echo -en "${YW}Container ${CTID} still running. Remove now? (y/N): ${CL}"
-      if read -r response </dev/tty && [[ "$response" =~ ^[Yy]$ ]]; then
+      if read -r response && [[ "$response" =~ ^[Yy]$ ]]; then
        pct stop "$CTID" &>/dev/null || true
        pct destroy "$CTID" &>/dev/null || true
        msg_ok "Container ${CTID} removed"
@@ -4387,7 +4358,7 @@ EOF'
    echo ""
    echo -en "${YW}Select option [1-${max_option}] (default: 1, auto-remove in 60s): ${CL}"

-    if read -t 60 -r response </dev/tty; then
+    if read -t 60 -r response; then
      case "${response:-1}" in
      1)
        # Remove container
@@ -4604,7 +4575,7 @@ destroy_lxc() {
  trap 'echo; msg_error "Aborted by user (SIGINT/SIGQUIT)"; return 130' INT QUIT

  local prompt
-  if ! read -rp "Remove this Container? <y/N> " prompt </dev/tty; then
+  if ! read -rp "Remove this Container? <y/N> " prompt; then
    # read returns non-zero on Ctrl-D/ESC
    msg_error "Aborted input (Ctrl-D/ESC)"
    return 130
@@ -4937,16 +4908,16 @@ create_lxc_container() {
      return 0
    fi

-    msg_info "An update for the Proxmox LXC stack is available"
+    echo
+    echo "An update for the Proxmox LXC stack is available:"
    echo "  pve-container: installed=${_pvec_i:-n/a}  candidate=${_pvec_c:-n/a}"
    echo "  lxc-pve     : installed=${_lxcp_i:-n/a}  candidate=${_lxcp_c:-n/a}"
    echo
-    read -rp "Do you want to upgrade now? [y/N] " _ans </dev/tty
+    read -rp "Do you want to upgrade now? [y/N] " _ans
    case "${_ans,,}" in
    y | yes)
      msg_info "Upgrading Proxmox LXC stack (pve-container, lxc-pve)"
-      apt_update_safe
-      if $STD apt-get install -y --only-upgrade pve-container lxc-pve; then
+      if $STD apt-get update && $STD apt-get install -y --only-upgrade pve-container lxc-pve; then
        msg_ok "LXC stack upgraded."
        if [[ "$do_retry" == "yes" ]]; then
          msg_info "Retrying container creation after upgrade"
@@ -4990,6 +4961,7 @@ create_lxc_container() {
    exit 205
  }
  if qm status "$CTID" &>/dev/null || pct status "$CTID" &>/dev/null; then
+    echo -e "ID '$CTID' is already in use."
    unset CTID
    msg_error "Cannot use ID that is already in use."
    exit 206
@@ -5047,40 +5019,17 @@ create_lxc_container() {
  msg_info "Validating storage '$CONTAINER_STORAGE'"
  STORAGE_TYPE=$(grep -E "^[^:]+: $CONTAINER_STORAGE$" /etc/pve/storage.cfg | cut -d: -f1 | head -1)

-  if [[ -z "$STORAGE_TYPE" ]]; then
-    msg_error "Storage '$CONTAINER_STORAGE' not found in /etc/pve/storage.cfg"
-    exit 213
-  fi
-
  case "$STORAGE_TYPE" in
-  iscsidirect)
-    msg_error "Storage '$CONTAINER_STORAGE' uses iSCSI-direct which does not support container rootfs."
-    exit 212
-    ;;
-  iscsi | zfs)
-    msg_error "Storage '$CONTAINER_STORAGE' ($STORAGE_TYPE) does not support container rootdir content."
-    exit 213
-    ;;
-  cephfs)
-    msg_error "Storage '$CONTAINER_STORAGE' uses CephFS which is not supported for LXC rootfs."
-    exit 219
-    ;;
-  pbs)
-    msg_error "Storage '$CONTAINER_STORAGE' is a Proxmox Backup Server — cannot be used for containers."
-    exit 224
-    ;;
+  iscsidirect) exit 212 ;;
+  iscsi | zfs) exit 213 ;;
+  cephfs) exit 219 ;;
+  pbs) exit 224 ;;
  linstor | rbd | nfs | cifs)
-    if ! pvesm status -storage "$CONTAINER_STORAGE" &>/dev/null; then
-      msg_error "Storage '$CONTAINER_STORAGE' ($STORAGE_TYPE) is not accessible or inactive."
-      exit 217
-    fi
+    pvesm status -storage "$CONTAINER_STORAGE" &>/dev/null || exit 217
    ;;
  esac

-  if ! pvesm status -content rootdir 2>/dev/null | awk 'NR>1{print $1}' | grep -qx "$CONTAINER_STORAGE"; then
-    msg_error "Storage '$CONTAINER_STORAGE' ($STORAGE_TYPE) does not support 'rootdir' content."
-    exit 213
-  fi
+  pvesm status -content rootdir 2>/dev/null | awk 'NR>1{print $1}' | grep -qx "$CONTAINER_STORAGE" || exit 213
  msg_ok "Storage '$CONTAINER_STORAGE' ($STORAGE_TYPE) validated"

  msg_info "Validating template storage '$TEMPLATE_STORAGE'"
@@ -5153,7 +5102,8 @@ create_lxc_container() {

  # If still no template, try to find alternatives
  if [[ -z "$TEMPLATE" ]]; then
-    msg_warn "No template found for ${PCT_OSTYPE} ${PCT_OSVERSION}, searching for alternatives..."
+    echo ""
+    echo "[DEBUG] No template found for ${PCT_OSTYPE} ${PCT_OSVERSION}, searching for alternatives..."

    # Get all available versions for this OS type
    AVAILABLE_VERSIONS=()
@@ -5173,7 +5123,7 @@ create_lxc_container() {
        echo "  [$((i + 1))] ${AVAILABLE_VERSIONS[$i]}"
      done
      echo ""
-      read -p "Select version [1-${#AVAILABLE_VERSIONS[@]}] or press Enter to cancel: " choice </dev/tty
+      read -p "Select version [1-${#AVAILABLE_VERSIONS[@]}] or press Enter to cancel: " choice

      if [[ "$choice" =~ ^[0-9]+$ ]] && [[ "$choice" -ge 1 ]] && [[ "$choice" -le ${#AVAILABLE_VERSIONS[@]} ]]; then
        PCT_OSVERSION="${AVAILABLE_VERSIONS[$((choice - 1))]}"
@@ -5236,7 +5186,7 @@ create_lxc_container() {
        done

        echo ""
-        read -p "Select version [1-${#AVAILABLE_VERSIONS[@]}] or Enter to exit: " choice </dev/tty
+        read -p "Select version [1-${#AVAILABLE_VERSIONS[@]}] or Enter to exit: " choice

        if [[ "$choice" =~ ^[0-9]+$ ]] && [[ "$choice" -ge 1 ]] && [[ "$choice" -le ${#AVAILABLE_VERSIONS[@]} ]]; then
          export var_version="${AVAILABLE_VERSIONS[$((choice - 1))]}"
@@ -5346,7 +5296,7 @@ create_lxc_container() {
    [[ -f "$TEMPLATE_PATH" ]] && rm -f "$TEMPLATE_PATH"
    for attempt in {1..3}; do
      msg_info "Attempt $attempt: Downloading template $TEMPLATE to $TEMPLATE_STORAGE"
-      if pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1; then
+      if pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >/dev/null 2>&1; then
        msg_ok "Template download successful."
        break
      fi
@@ -5423,35 +5373,17 @@ create_lxc_container() {

  LOGFILE="/tmp/pct_create_${CTID}_$(date +%Y%m%d_%H%M%S)_${SESSION_ID}.log"

-  # Helper: append pct_create log to BUILD_LOG before exit so combined log has full context
-  _flush_pct_log() {
-    if [[ -s "${LOGFILE:-}" && -n "${BUILD_LOG:-}" ]]; then
-      {
-        echo ""
-        echo "--- pct create output (${LOGFILE}) ---"
-        cat "$LOGFILE"
-        echo "--- end pct create output ---"
-      } >>"$BUILD_LOG" 2>/dev/null || true
-    fi
-  }
-
  # Validate template before pct create (while holding lock)
  if [[ ! -s "$TEMPLATE_PATH" || "$(stat -c%s "$TEMPLATE_PATH" 2>/dev/null || echo 0)" -lt 1000000 ]]; then
    msg_info "Template file missing or too small – downloading"
    rm -f "$TEMPLATE_PATH"
-    pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1 || {
-      msg_error "Failed to download template '$TEMPLATE' to storage '$TEMPLATE_STORAGE'"
-      exit 222
-    }
+    pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >/dev/null 2>&1
    msg_ok "Template downloaded"
  elif ! tar -tf "$TEMPLATE_PATH" &>/dev/null; then
    if [[ -n "$ONLINE_TEMPLATE" ]]; then
      msg_info "Template appears corrupted – re-downloading"
      rm -f "$TEMPLATE_PATH"
-      pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1 || {
-        msg_error "Failed to re-download template '$TEMPLATE'"
-        exit 222
-      }
+      pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >/dev/null 2>&1
      msg_ok "Template re-downloaded"
    else
      msg_warn "Template appears corrupted, but no online version exists. Skipping re-download."
@@ -5472,7 +5404,7 @@ create_lxc_container() {
    if grep -qiE 'unable to open|corrupt|invalid' "$LOGFILE"; then
      msg_info "Template may be corrupted – re-downloading"
      rm -f "$TEMPLATE_PATH"
-      pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
+      pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >/dev/null 2>&1
      msg_ok "Template re-downloaded"
    fi

@@ -5485,7 +5417,7 @@ create_lxc_container() {
        if [[ ! -f "$LOCAL_TEMPLATE_PATH" ]]; then
          msg_ok "Trying local storage fallback"
          msg_info "Downloading template to local"
-          pveam download local "$TEMPLATE" >>"${BUILD_LOG:-/dev/null}" 2>&1
+          pveam download local "$TEMPLATE" >/dev/null 2>&1
          msg_ok "Template downloaded to local"
        else
          msg_ok "Trying local storage fallback"
@@ -5493,19 +5425,20 @@ create_lxc_container() {
        if ! pct create "$CTID" "local:vztmpl/${TEMPLATE}" $PCT_OPTIONS >>"$LOGFILE" 2>&1; then
          # Local fallback also failed - check for LXC stack version issue
          if grep -qiE 'unsupported .* version' "$LOGFILE"; then
-            msg_warn "pct reported 'unsupported version' – LXC stack might be too old for this template"
+            echo
+            echo "pct reported 'unsupported ... version' – your LXC stack might be too old for this template."
+            echo "We can try to upgrade 'pve-container' and 'lxc-pve' now and retry automatically."
            offer_lxc_stack_upgrade_and_maybe_retry "yes"
            rc=$?
            case $rc in
            0) : ;; # success - container created, continue
            2)
-              msg_error "Upgrade declined. Please update and re-run: apt update && apt install --only-upgrade pve-container lxc-pve"
-              _flush_pct_log
+              echo "Upgrade was declined. Please update and re-run:
+  apt update && apt install --only-upgrade pve-container lxc-pve"
              exit 231
              ;;
            3)
-              msg_error "Upgrade and/or retry failed. Please inspect: $LOGFILE"
-              _flush_pct_log
+              echo "Upgrade and/or retry failed. Please inspect: $LOGFILE"
              exit 231
              ;;
            esac
@@ -5516,7 +5449,6 @@ create_lxc_container() {
              pct create "$CTID" "local:vztmpl/${TEMPLATE}" $PCT_OPTIONS 2>&1 | tee -a "$LOGFILE"
              set +x
            fi
-            _flush_pct_log
            exit 209
          fi
        else
@@ -5525,19 +5457,20 @@ create_lxc_container() {
      else
        # Already on local storage and still failed - check LXC stack version
        if grep -qiE 'unsupported .* version' "$LOGFILE"; then
-          msg_warn "pct reported 'unsupported version' – LXC stack might be too old for this template"
+          echo
+          echo "pct reported 'unsupported ... version' – your LXC stack might be too old for this template."
+          echo "We can try to upgrade 'pve-container' and 'lxc-pve' now and retry automatically."
          offer_lxc_stack_upgrade_and_maybe_retry "yes"
          rc=$?
          case $rc in
          0) : ;; # success - container created, continue
          2)
-            msg_error "Upgrade declined. Please update and re-run: apt update && apt install --only-upgrade pve-container lxc-pve"
-            _flush_pct_log
+            echo "Upgrade was declined. Please update and re-run:
+  apt update && apt install --only-upgrade pve-container lxc-pve"
            exit 231
            ;;
          3)
-            msg_error "Upgrade and/or retry failed. Please inspect: $LOGFILE"
-            _flush_pct_log
+            echo "Upgrade and/or retry failed. Please inspect: $LOGFILE"
            exit 231
            ;;
          esac
@@ -5548,7 +5481,6 @@ create_lxc_container() {
            pct create "$CTID" "local:vztmpl/${TEMPLATE}" $PCT_OPTIONS 2>&1 | tee -a "$LOGFILE"
            set +x
          fi
-          _flush_pct_log
          exit 209
        fi
      fi
@@ -5560,28 +5492,16 @@ create_lxc_container() {
  # Verify container exists
  pct list | awk '{print $1}' | grep -qx "$CTID" || {
    msg_error "Container ID $CTID not listed in 'pct list'. See $LOGFILE"
-    _flush_pct_log
    exit 215
  }

  # Verify config rootfs
  grep -q '^rootfs:' "/etc/pve/lxc/$CTID.conf" || {
    msg_error "RootFS entry missing in container config. See $LOGFILE"
-    _flush_pct_log
    exit 216
  }

  msg_ok "LXC Container ${BL}$CTID${CL} ${GN}was successfully created."
-
-  # Append pct create log to BUILD_LOG for combined log visibility
-  if [[ -s "$LOGFILE" && -n "${BUILD_LOG:-}" ]]; then
-    {
-      echo ""
-      echo "--- pct create output ---"
-      cat "$LOGFILE"
-      echo "--- end pct create output ---"
-    } >>"$BUILD_LOG" 2>/dev/null || true
-  fi
 }

 # ==============================================================================
--- a/misc/core.func
+++ b/misc/core.func
@@ -276,7 +276,7 @@ shell_check() {
    msg_error "Your default shell is currently not set to Bash. To use these scripts, please switch to the Bash shell."
    echo -e "\nExiting..."
    sleep 2
-    exit 1
+    exit
  fi
 }

@@ -293,7 +293,7 @@ root_check() {
    msg_error "Please run this script as root."
    echo -e "\nExiting..."
    sleep 2
-    exit 1
+    exit
  fi
 }

@@ -345,10 +345,11 @@ pve_check() {
 # ------------------------------------------------------------------------------
 arch_check() {
  if [ "$(dpkg --print-architecture)" != "amd64" ]; then
-    msg_error "This script will not work with PiMox (ARM architecture detected)."
-    msg_warn "Visit https://github.com/asylumexp/Proxmox for ARM64 support."
+    echo -e "\n ${INFO}${YWB}This script will not work with PiMox! \n"
+    echo -e "\n ${YWB}Visit https://github.com/asylumexp/Proxmox for ARM64 support. \n"
+    echo -e "Exiting..."
    sleep 2
-    exit 1
+    exit
  fi
 }

@@ -529,9 +530,7 @@ silent() {
  if [[ $rc -ne 0 ]]; then
    # Source explain_exit_code if needed
    if ! declare -f explain_exit_code >/dev/null 2>&1; then
-      if ! source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/error_handler.func); then
-        explain_exit_code() { echo "unknown (error_handler.func download failed)"; }
-      fi
+      source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/error_handler.func)
    fi

    local explanation
@@ -552,53 +551,6 @@ silent() {
  fi
 }

-# ------------------------------------------------------------------------------
-# apt_update_safe()
-#
-# - Runs apt-get update with graceful error handling
-# - On failure: shows warning with common causes instead of aborting
-# - Logs full output to active log file
-# - Returns 0 even on failure so the caller can continue
-# - Typical cause: enterprise repos returning 401 Unauthorized
-#
-# Usage:
-#   apt_update_safe       # Warn on failure, continue without aborting
-# ------------------------------------------------------------------------------
-apt_update_safe() {
-  local logfile
-  logfile="$(get_active_logfile)"
-
-  local _restore_errexit=false
-  [[ "$-" == *e* ]] && _restore_errexit=true
-
-  set +Eeuo pipefail
-  trap - ERR
-
-  apt-get update >>"$logfile" 2>&1
-  local rc=$?
-
-  if $_restore_errexit; then
-    set -Eeuo pipefail
-    trap 'error_handler' ERR
-  fi
-
-  if [[ $rc -ne 0 ]]; then
-    msg_warn "apt-get update exited with code ${rc} — some repositories may have failed."
-
-    # Check log for common 401/403 enterprise repo issues
-    if grep -qiE '401\s*Unauthorized|403\s*Forbidden|enterprise\.proxmox\.com' "$logfile" 2>/dev/null; then
-      echo -e "${TAB}${INFO} ${YWB}Hint: Proxmox enterprise repository returned an auth error.${CL}"
-      echo -e "${TAB}       If you don't have a subscription, you can disable the enterprise"
-      echo -e "${TAB}       repo and use the no-subscription repo instead."
-    fi
-
-    echo -e "${TAB}${INFO} ${YWB}Continuing despite partial update failure — packages may still be installable.${CL}"
-    echo ""
-  fi
-
-  return 0
-}
-
 # ------------------------------------------------------------------------------
 # spinner()
 #
@@ -833,8 +785,8 @@ fatal() {
 # ------------------------------------------------------------------------------
 exit_script() {
  clear
-  msg_error "User exited script"
-  exit 0
+  echo -e "\n${CROSS}${RD}User exited script${CL}\n"
+  exit
 }

 # ------------------------------------------------------------------------------
@@ -855,7 +807,6 @@ get_header() {

  if [ ! -s "$local_header_path" ]; then
    if ! curl -fsSL "$header_url" -o "$local_header_path"; then
-      msg_warn "Failed to download header: $header_url"
      return 1
    fi
  fi
@@ -896,10 +847,10 @@ header_info() {
 ensure_tput() {
  if ! command -v tput >/dev/null 2>&1; then
    if grep -qi 'alpine' /etc/os-release; then
-      apk add --no-cache ncurses >/dev/null 2>&1 || msg_warn "Failed to install ncurses (tput may be unavailable)"
+      apk add --no-cache ncurses >/dev/null 2>&1
    elif command -v apt-get >/dev/null 2>&1; then
      apt-get update -qq >/dev/null
-      apt-get install -y -qq ncurses-bin >/dev/null 2>&1 || msg_warn "Failed to install ncurses-bin (tput may be unavailable)"
+      apt-get install -y -qq ncurses-bin >/dev/null 2>&1
    fi
  fi
 }
@@ -1359,7 +1310,6 @@ prompt_select() {

  # Validate options
  if [[ $num_options -eq 0 ]]; then
-    msg_warn "prompt_select called with no options"
    echo "" >&2
    return 1
  fi
@@ -1602,30 +1552,22 @@ check_or_create_swap() {
  local swap_size_mb
  swap_size_mb=$(prompt_input "Enter swap size in MB (e.g., 2048 for 2GB):" "2048" 60)
  if ! [[ "$swap_size_mb" =~ ^[0-9]+$ ]]; then
-    msg_error "Invalid swap size: '${swap_size_mb}' (must be a number in MB)"
+    msg_error "Invalid size input. Aborting."
    return 1
  fi

  local swap_file="/swapfile"

  msg_info "Creating ${swap_size_mb}MB swap file at $swap_file"
-  if ! dd if=/dev/zero of="$swap_file" bs=1M count="$swap_size_mb" status=progress; then
-    msg_error "Failed to allocate swap file (dd failed)"
+  if dd if=/dev/zero of="$swap_file" bs=1M count="$swap_size_mb" status=progress &&
+    chmod 600 "$swap_file" &&
+    mkswap "$swap_file" &&
+    swapon "$swap_file"; then
+    msg_ok "Swap file created and activated successfully"
+  else
+    msg_error "Failed to create or activate swap"
    return 1
  fi
-  if ! chmod 600 "$swap_file"; then
-    msg_error "Failed to set permissions on $swap_file"
-    return 1
-  fi
-  if ! mkswap "$swap_file"; then
-    msg_error "Failed to format swap file (mkswap failed)"
-    return 1
-  fi
-  if ! swapon "$swap_file"; then
-    msg_error "Failed to activate swap (swapon failed)"
-    return 1
-  fi
-  msg_ok "Swap file created and activated successfully"
 }

 # ------------------------------------------------------------------------------
@@ -1707,7 +1649,7 @@ function get_lxc_ip() {

    LOCAL_IP="$(get_current_ip || true)"
    if [[ -z "$LOCAL_IP" ]]; then
-      msg_error "Could not determine LOCAL_IP (checked: eth0, hostname -I, ip route, IPv6 targets)"
+      msg_error "Could not determine LOCAL_IP"
      return 1
    fi
  fi
--- a/misc/error_handler.func
+++ b/misc/error_handler.func
@@ -286,7 +286,7 @@ error_handler() {
        echo -en "${YW}Remove broken container ${CTID}? (Y/n) [auto-remove in 60s]: ${CL}"
      fi

-      if read -t 60 -r response </dev/tty; then
+      if read -t 60 -r response; then
        if [[ -z "$response" || "$response" =~ ^[Yy]$ ]]; then
          echo ""
          if declare -f msg_info >/dev/null 2>&1; then
--- a/misc/install.func
+++ b/misc/install.func
@@ -233,7 +233,7 @@ fi
 EOF
    chmod +x /usr/local/bin/apt-proxy-detect.sh
  fi
-  apt_update_safe
+  $STD apt-get update
  $STD apt-get -o Dpkg::Options::="--force-confold" -y dist-upgrade
  rm -rf /usr/lib/python3.*/EXTERNALLY-MANAGED
  msg_ok "Updated Container OS"
--- a/misc/tools.func
+++ b/misc/tools.func
@@ -201,7 +201,6 @@ install_packages_with_retry() {
    fi
  done

-  msg_error "Failed to install packages after $((max_retries + 1)) attempts: ${packages[*]}"
  return 1
 }

@@ -232,7 +231,6 @@ upgrade_packages_with_retry() {
    fi
  done

-  msg_error "Failed to upgrade packages after $((max_retries + 1)) attempts: ${packages[*]}"
  return 1
 }

@@ -677,7 +675,6 @@ verify_repo_available() {
  if curl -fsSL --max-time 10 "${repo_url}/dists/${suite}/Release" &>/dev/null; then
    return 0
  fi
-  msg_warn "Repository not available: ${repo_url} (suite: ${suite})"
  return 1
 }

@@ -842,7 +839,6 @@ github_api_call() {
    esac
  done

-  msg_error "GitHub API call failed after ${max_retries} attempts: ${url}"
  return 1
 }

@@ -904,7 +900,6 @@ codeberg_api_call() {
    esac
  done

-  msg_error "Codeberg API call failed after ${max_retries} attempts: ${url}"
  return 1
 }

@@ -1374,9 +1369,7 @@ setup_deb822_repo() {
    [[ -n "$enabled" ]] && echo "Enabled: $enabled"
  } >/etc/apt/sources.list.d/${name}.sources

-  $STD apt update || {
-    msg_warn "apt update failed after adding repository: ${name}"
-  }
+  $STD apt update
 }

 # ------------------------------------------------------------------------------
@@ -1384,16 +1377,12 @@ setup_deb822_repo() {
 # ------------------------------------------------------------------------------
 hold_package_version() {
  local package="$1"
-  $STD apt-mark hold "$package" || {
-    msg_warn "Failed to hold package version: ${package}"
-  }
+  $STD apt-mark hold "$package"
 }

 unhold_package_version() {
  local package="$1"
-  $STD apt-mark unhold "$package" || {
-    msg_warn "Failed to unhold package version: ${package}"
-  }
+  $STD apt-mark unhold "$package"
 }

 # ------------------------------------------------------------------------------
@@ -1423,7 +1412,6 @@ enable_and_start_service() {
  local service="$1"

  if ! systemctl enable "$service" &>/dev/null; then
-    msg_error "Failed to enable service: $service"
    return 1
  fi

@@ -1466,7 +1454,6 @@ extract_version_from_json() {
  version=$(echo "$json" | jq -r ".${field} // empty")

  if [[ -z "$version" ]]; then
-    msg_warn "JSON field '${field}' is empty in API response"
    return 1
  fi

@@ -1486,9 +1473,8 @@ get_latest_github_release() {
  local temp_file=$(mktemp)

  if ! github_api_call "https://api.github.com/repos/${repo}/releases/latest" "$temp_file"; then
-    msg_warn "GitHub API call failed for ${repo}"
    rm -f "$temp_file"
-    return 1
+    return 0
  fi

  local version
@@ -1497,7 +1483,7 @@ get_latest_github_release() {

  if [[ -z "$version" ]]; then
    msg_error "Could not determine latest version for ${repo}"
-    return 1
+    return 0
  fi

  echo "$version"
@@ -1513,9 +1499,8 @@ get_latest_codeberg_release() {

  # Codeberg API: get all releases and pick the first non-draft/non-prerelease
  if ! codeberg_api_call "https://codeberg.org/api/v1/repos/${repo}/releases" "$temp_file"; then
-    msg_warn "Codeberg API call failed for ${repo}"
    rm -f "$temp_file"
-    return 1
+    return 0
  fi

  local version
@@ -1530,7 +1515,7 @@ get_latest_codeberg_release() {

  if [[ -z "$version" ]]; then
    msg_error "Could not determine latest version for ${repo}"
-    return 1
+    return 0
  fi

  echo "$version"
@@ -1661,7 +1646,6 @@ get_latest_gh_tag() {
    sort -V | tail -n1)

  if [[ -z "$latest" ]]; then
-    msg_warn "No matching tags found for ${repo}${prefix:+ (prefix: $prefix)}"
    return 1
  fi

@@ -1897,7 +1881,7 @@ check_for_codeberg_release() {
  releases_json=$(curl -fsSL --max-time 20 \
    -H 'Accept: application/json' \
    "https://codeberg.org/api/v1/repos/${source}/releases" 2>/dev/null) || {
-    msg_error "Unable to fetch releases for ${app} (codeberg.org/api/v1/repos/${source}/releases)"
+    msg_error "Unable to fetch releases for ${app}"
    return 1
  }

@@ -2030,12 +2014,12 @@ function download_with_progress() {

  if [[ -z "$content_length" ]]; then
    if ! curl -fL# -o "$output" "$url"; then
-      msg_error "Download failed: $url"
+      msg_error "Download failed"
      return 1
    fi
  else
    if ! curl -fsSL "$url" | pv -s "$content_length" >"$output"; then
-      msg_error "Download failed: $url"
+      msg_error "Download failed"
      return 1
    fi
  fi
@@ -2578,10 +2562,7 @@ _gh_scan_older_releases() {
    -H 'Accept: application/vnd.github+json' \
    -H 'X-GitHub-Api-Version: 2022-11-28' \
    "${header[@]}" \
-    "https://api.github.com/repos/${repo}/releases?per_page=15" 2>/dev/null) || {
-    msg_warn "Failed to fetch older releases for ${repo}"
-    return 1
-  }
+    "https://api.github.com/repos/${repo}/releases?per_page=15" 2>/dev/null) || return 1

  local count
  count=$(echo "$releases_list" | jq 'length')
@@ -3123,9 +3104,7 @@ function setup_composer() {
  # Scenario 1: Already installed - just self-update
  if [[ -n "$INSTALLED_VERSION" ]]; then
    msg_info "Update Composer $INSTALLED_VERSION"
-    $STD "$COMPOSER_BIN" self-update --no-interaction || {
-      msg_warn "Composer self-update failed, continuing with current version"
-    }
+    $STD "$COMPOSER_BIN" self-update --no-interaction || true
    local UPDATED_VERSION
    UPDATED_VERSION=$("$COMPOSER_BIN" --version 2>/dev/null | awk '{print $3}')
    cache_installed_version "composer" "$UPDATED_VERSION"
@@ -3161,9 +3140,7 @@ function setup_composer() {
  fi

  chmod +x "$COMPOSER_BIN"
-  $STD "$COMPOSER_BIN" self-update --no-interaction || {
-    msg_warn "Composer self-update failed after fresh install"
-  }
+  $STD "$COMPOSER_BIN" self-update --no-interaction || true

  local FINAL_VERSION
  FINAL_VERSION=$("$COMPOSER_BIN" --version 2>/dev/null | awk '{print $3}')
@@ -4260,18 +4237,6 @@ NVIDIA_PIN
  # VA-API for hybrid setups (Intel + NVIDIA)
  $STD apt-get -y install va-driver-all vainfo 2>/dev/null || true

-  # Fix GLX alternatives: nvidia-alternative diverts mesa libs but in LXC
-  # containers the nvidia GLX libs are typically missing, leaving libGL.so.1
-  # pointing nowhere. Fall back to mesa if nvidia GLX dir is empty/missing.
-  if command -v update-glx &>/dev/null; then
-    local nvidia_glx_dir="/usr/lib/nvidia"
-    if [[ ! -f "${nvidia_glx_dir}/libGL.so.1" ]] && [[ -d /usr/lib/mesa-diverted ]]; then
-      msg_info "NVIDIA GLX libs missing in container - falling back to mesa"
-      $STD update-glx --set glx /usr/lib/mesa-diverted 2>/dev/null || true
-      ldconfig 2>/dev/null || true
-    fi
-  fi
-
  msg_ok "NVIDIA GPU configured"
 }

@@ -5246,9 +5211,7 @@ function setup_mysql() {
    ensure_apt_working || return 1

    # Perform upgrade with retry logic (non-fatal if fails)
-    upgrade_packages_with_retry "mysql-server" "mysql-client" || {
-      msg_warn "MySQL package upgrade had issues, continuing with current version"
-    }
+    upgrade_packages_with_retry "mysql-server" "mysql-client" || true

    cache_installed_version "mysql" "$MYSQL_VERSION"
    msg_ok "Update MySQL $MYSQL_VERSION"
@@ -5438,9 +5401,7 @@ function setup_nodejs() {
    }

    # Force APT cache refresh after repository setup
-    $STD apt update || {
-      msg_warn "apt update failed after Node.js repository setup"
-    }
+    $STD apt update

    ensure_dependencies curl ca-certificates gnupg

@@ -5683,10 +5644,7 @@ EOF
  if [[ "$DISTRO_ID" == "ubuntu" ]]; then
    # Ubuntu: Use ondrej/php PPA
    msg_info "Adding ondrej/php PPA for Ubuntu"
-    $STD apt install -y software-properties-common || {
-      msg_error "Failed to install software-properties-common"
-      return 1
-    }
+    $STD apt install -y software-properties-common
    # Don't use $STD for add-apt-repository as it uses background processes
    add-apt-repository -y ppa:ondrej/php >>"$(get_active_logfile)" 2>&1
  else
@@ -5697,9 +5655,7 @@ EOF
    }
  fi
  ensure_apt_working || return 1
-  $STD apt update || {
-    msg_warn "apt update failed after PHP repository setup"
-  }
+  $STD apt update

  # Get available PHP version from repository
  local AVAILABLE_PHP_VERSION=""
@@ -5994,9 +5950,7 @@ function setup_postgresql() {
    }
  fi

-  $STD systemctl enable --now postgresql 2>/dev/null || {
-    msg_warn "Failed to enable/start PostgreSQL service"
-  }
+  $STD systemctl enable --now postgresql 2>/dev/null || true

  # Add PostgreSQL binaries to PATH
  if ! grep -q '/usr/lib/postgresql' /etc/environment 2>/dev/null; then
@@ -6010,9 +5964,7 @@ function setup_postgresql() {
  if [[ -n "$PG_MODULES" ]]; then
    IFS=',' read -ra MODULES <<<"$PG_MODULES"
    for module in "${MODULES[@]}"; do
-      $STD apt install -y "postgresql-${PG_VERSION}-${module}" 2>/dev/null || {
-        msg_warn "Failed to install PostgreSQL module: ${module}"
-      }
+      $STD apt install -y "postgresql-${PG_VERSION}-${module}" 2>/dev/null || true
    done
  fi
 }
@@ -6671,9 +6623,7 @@ function setup_clickhouse() {
    ensure_apt_working || return 1

    # Perform upgrade with retry logic (non-fatal if fails)
-    upgrade_packages_with_retry "clickhouse-server" "clickhouse-client" || {
-      msg_warn "ClickHouse package upgrade had issues, continuing with current version"
-    }
+    upgrade_packages_with_retry "clickhouse-server" "clickhouse-client" || true
    cache_installed_version "clickhouse" "$CLICKHOUSE_VERSION"
    msg_ok "Update ClickHouse $CLICKHOUSE_VERSION"
    return 0
@@ -6808,9 +6758,7 @@ function setup_rust() {
    }

    # Update to latest patch version
-    $STD rustup update "$RUST_TOOLCHAIN" </dev/null || {
-      msg_warn "Rust toolchain update had issues"
-    }
+    $STD rustup update "$RUST_TOOLCHAIN" </dev/null || true

    # Ensure PATH is updated for current shell session
    export PATH="$CARGO_BIN:$PATH"
@@ -7212,10 +7160,7 @@ function setup_docker() {
        docker-ce-cli \
        containerd.io \
        docker-buildx-plugin \
-        docker-compose-plugin || {
-        msg_error "Failed to update Docker packages"
-        return 1
-      }
+        docker-compose-plugin
      msg_ok "Updated Docker to $DOCKER_LATEST_VERSION"
    else
      msg_ok "Docker is up-to-date ($DOCKER_CURRENT_VERSION)"
@@ -7227,10 +7172,7 @@ function setup_docker() {
      docker-ce-cli \
      containerd.io \
      docker-buildx-plugin \
-      docker-compose-plugin || {
-      msg_error "Failed to install Docker packages"
-      return 1
-    }
+      docker-compose-plugin

    DOCKER_CURRENT_VERSION=$(docker --version | grep -oP '\d+\.\d+\.\d+' | head -1)
    msg_ok "Installed Docker $DOCKER_CURRENT_VERSION"
--- a/tools/addon/add-tailscale-lxc.sh
+++ b/tools/addon/add-tailscale-lxc.sh
@@ -76,90 +76,70 @@ grep -q "lxc.mount.entry: /dev/net/tun" "$CTID_CONFIG_PATH" || echo "lxc.mount.e
 header_info
 msg_info "Installing Tailscale in CT $CTID"

-pct exec "$CTID" -- sh -c '
+pct exec "$CTID" -- bash -c '
 set -e
+export DEBIAN_FRONTEND=noninteractive

-# Detect OS inside container
-if [ -f /etc/alpine-release ]; then
-  # ── Alpine Linux ──
-  echo "[INFO] Alpine Linux detected, installing Tailscale via apk..."
+# Source os-release properly (handles quoted values)
+source /etc/os-release

-  # Enable community repo if not already enabled
-  if ! grep -q "^[^#].*community" /etc/apk/repositories 2>/dev/null; then
-    ALPINE_VERSION=$(cat /etc/alpine-release | cut -d. -f1,2)
-    echo "https://dl-cdn.alpinelinux.org/alpine/v${ALPINE_VERSION}/community" >> /etc/apk/repositories
-  fi
+# Fallback if DNS is poisoned or blocked
+ORIG_RESOLV="/etc/resolv.conf"
+BACKUP_RESOLV="/tmp/resolv.conf.backup"

-  apk update
-  apk add --no-cache tailscale
-
-  # Enable and start Tailscale service
-  rc-update add tailscale default 2>/dev/null || true
-  rc-service tailscale start 2>/dev/null || true
-
-else
-  # ── Debian / Ubuntu ──
-  export DEBIAN_FRONTEND=noninteractive
-
-  # Source os-release properly (handles quoted values)
-  . /etc/os-release
-
-  # Fallback if DNS is poisoned or blocked
-  ORIG_RESOLV="/etc/resolv.conf"
-  BACKUP_RESOLV="/tmp/resolv.conf.backup"
-
-  # Check DNS resolution using multiple methods (dig may not be installed)
-  dns_check_failed=true
-  if command -v dig >/dev/null 2>&1; then
-    if dig +short pkgs.tailscale.com 2>/dev/null | grep -qvE "^127\.|^0\.0\.0\.0$|^$"; then
-      dns_check_failed=false
-    fi
-  elif command -v host >/dev/null 2>&1; then
-    if host pkgs.tailscale.com 2>/dev/null | grep -q "has address"; then
-      dns_check_failed=false
-    fi
-  elif command -v nslookup >/dev/null 2>&1; then
-    if nslookup pkgs.tailscale.com 2>/dev/null | grep -q "Address:"; then
-      dns_check_failed=false
-    fi
-  elif command -v getent >/dev/null 2>&1; then
-    if getent hosts pkgs.tailscale.com >/dev/null 2>&1; then
-      dns_check_failed=false
-    fi
-  else
-    # No DNS tools available, try curl directly and assume DNS works
+# Check DNS resolution using multiple methods (dig may not be installed)
+dns_check_failed=true
+if command -v dig &>/dev/null; then
+  if dig +short pkgs.tailscale.com 2>/dev/null | grep -qvE "^127\.|^0\.0\.0\.0$|^$"; then
    dns_check_failed=false
  fi
-
-  if $dns_check_failed; then
-    echo "[INFO] DNS resolution for pkgs.tailscale.com failed (blocked or redirected)."
-    echo "[INFO] Temporarily overriding /etc/resolv.conf with Cloudflare DNS (1.1.1.1)"
-    cp "$ORIG_RESOLV" "$BACKUP_RESOLV"
-    echo "nameserver 1.1.1.1" >"$ORIG_RESOLV"
+elif command -v host &>/dev/null; then
+  if host pkgs.tailscale.com 2>/dev/null | grep -q "has address"; then
+    dns_check_failed=false
  fi
-
-  if ! command -v curl >/dev/null 2>&1; then
-    echo "[INFO] curl not found, installing..."
-    apt-get update -qq
-    apt-get install -y curl >/dev/null
+elif command -v nslookup &>/dev/null; then
+  if nslookup pkgs.tailscale.com 2>/dev/null | grep -q "Address:"; then
+    dns_check_failed=false
  fi
+elif command -v getent &>/dev/null; then
+  if getent hosts pkgs.tailscale.com &>/dev/null; then
+    dns_check_failed=false
+  fi
+else
+  # No DNS tools available, try curl directly and assume DNS works
+  dns_check_failed=false
+fi

-  # Ensure keyrings directory exists
-  mkdir -p /usr/share/keyrings
-
-  curl -fsSL "https://pkgs.tailscale.com/stable/${ID}/${VERSION_CODENAME}.noarmor.gpg" \
-    | tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
-
-  echo "deb [signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/${ID} ${VERSION_CODENAME} main" \
-    >/etc/apt/sources.list.d/tailscale.list
+if $dns_check_failed; then
+  echo "[INFO] DNS resolution for pkgs.tailscale.com failed (blocked or redirected)."
+  echo "[INFO] Temporarily overriding /etc/resolv.conf with Cloudflare DNS (1.1.1.1)"
+  cp "$ORIG_RESOLV" "$BACKUP_RESOLV"
+  echo "nameserver 1.1.1.1" >"$ORIG_RESOLV"
+fi

+if ! command -v curl &>/dev/null; then
+  echo "[INFO] curl not found, installing..."
  apt-get update -qq
-  apt-get install -y tailscale >/dev/null
+ apt update -qq
+ apt install -y curl >/dev/null
+fi

-  if [ -f /tmp/resolv.conf.backup ]; then
-    echo "[INFO] Restoring original /etc/resolv.conf"
-    mv /tmp/resolv.conf.backup /etc/resolv.conf
-  fi
+# Ensure keyrings directory exists
+mkdir -p /usr/share/keyrings
+
+curl -fsSL "https://pkgs.tailscale.com/stable/${ID}/${VERSION_CODENAME}.noarmor.gpg" \
+  | tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
+
+echo "deb [signed-by=/usr/share/keyrings/tailscale-archive-keyring.gpg] https://pkgs.tailscale.com/stable/${ID} ${VERSION_CODENAME} main" \
+  >/etc/apt/sources.list.d/tailscale.list
+
+apt-get update -qq
+apt update -qq
+apt install -y tailscale >/dev/null
+
+if [[ -f /tmp/resolv.conf.backup ]]; then
+  echo "[INFO] Restoring original /etc/resolv.conf"
+  mv /tmp/resolv.conf.backup /etc/resolv.conf
 fi
 '

--- a/tools/addon/adguardhome-sync.sh
+++ b/tools/addon/adguardhome-sync.sh
@@ -7,12 +7,8 @@

 if ! command -v curl &>/dev/null; then
  printf "\r\e[2K%b" '\033[93m Setup Source \033[m' >&2
-  if [[ -f "/etc/alpine-release" ]]; then
-    apk -U add curl >/dev/null 2>&1
-  else
-    apt-get update >/dev/null 2>&1
-    apt-get install -y curl >/dev/null 2>&1
-  fi
+  apt-get update >/dev/null 2>&1
+  apt-get install -y curl >/dev/null 2>&1
 fi
 source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/core.func)
 source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/tools.func)
@@ -55,7 +51,7 @@ EOF
 # HELPER FUNCTIONS
 # ==============================================================================
 get_ip() {
- ifconfig | grep -v '127.0.0.1' | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -m1 -Eo '([0-9]*\.){3}[0-9]*' || echo "127.0.0.1"
+  hostname -I 2>/dev/null | awk '{print $1}' || echo "127.0.0.1"
 }

 # ==============================================================================
@@ -72,16 +68,6 @@ else
  exit 1
 fi

-# ==============================================================================
-# DEPENDENCY CHECK
-# ==============================================================================
-if ! command -v jq &>/dev/null; then
-  printf "\r\e[2K%b" '\033[93m Installing jq \033[m' >&2
-  if [[ "$OS" == "Alpine" ]]; then
-    apk -U add jq >/dev/null 2>&1
-  fi
-fi
-
 # ==============================================================================
 # UNINSTALL
 # ==============================================================================
--- a/vm/truenas-vm.sh
+++ b/vm/truenas-vm.sh
@@ -88,7 +88,7 @@ function truenas_iso_lookup() {
    curl -sL "$BASE_URL" |
      grep -oE 'href="[^"]+\.iso"' |
      sed 's/href="//; s/"$//' |
-      grep -vE '(MASTER|ALPHA)' |
+      grep -vE '(nightly|ALPHA)' |
      grep -E "$year_pattern"
  )