switch returns

tools.func: Improve GitHub/Codeberg API error handling and error output
Enhance API call robustness and user feedback in misc/tools.func: add explicit handling for HTTP 401 (authentication) and 000/no-response cases, provide clearer error messages and actionable guidance (e.g. export GITHUB_TOKEN, check network/DNS), and preserve retry/backoff logic. Adjusted curl invocation/error capture to avoid echoing sentinel values and updated messages for 403/404/other HTTP errors. Changes touch github_api_call, codeberg_api_call, get_latest_gh_tag, check_for_gh_release, and fetch_and_deploy_gh_release to fail earlier and clean up temp files on errors.
2026-02-25 19:07:40 +03:00 · 2026-02-25 16:37:36 +01:00 · 2026-02-25 16:28:21 +01:00 · 2026-02-25 16:18:48 +01:00 · 2026-02-25 15:16:59 +00:00 · 2026-02-25 16:16:23 +01:00
18 changed files with 507 additions and 51 deletions
--- a/.github/workflows/check-node-versions.yml
+++ b/.github/workflows/check-node-versions.yml
@@ -13,7 +13,7 @@ permissions:
 jobs:
  check-node-versions:
    if: github.repository == 'community-scripts/ProxmoxVE'
-    runs-on: ubuntu-latest
+    runs-on: coolify-runner

    steps:
      - name: Checkout Repository
@@ -110,22 +110,94 @@ jobs:
          }

          # Extract Node major from engines.node in package.json
-          # Sets: ENGINES_NODE_RAW (raw string), ENGINES_MIN_MAJOR
+          # Sets: ENGINES_NODE_RAW (raw string), ENGINES_MIN_MAJOR, ENGINES_IS_MINIMUM
          extract_engines_node() {
            local content="$1"
            ENGINES_NODE_RAW=""
            ENGINES_MIN_MAJOR=""
+            ENGINES_IS_MINIMUM="false"

            ENGINES_NODE_RAW=$(echo "$content" | jq -r '.engines.node // empty' 2>/dev/null || echo "")
            if [[ -z "$ENGINES_NODE_RAW" ]]; then
              return
            fi

+            # Detect if constraint is a minimum (>=, ^) vs exact pinning
+            if [[ "$ENGINES_NODE_RAW" =~ ^(\>=|\^|\~) ]]; then
+              ENGINES_IS_MINIMUM="true"
+            fi
+
            # Extract the first number (major) from the constraint
            # Handles: ">=24.13.1", "^22", ">=18.0.0", ">=18.15.0 <19 || ^20", etc.
            ENGINES_MIN_MAJOR=$(echo "$ENGINES_NODE_RAW" | grep -oP '\d+' | head -1 || echo "")
          }

+          # Check if our_version satisfies an engines.node constraint
+          # Returns 0 if satisfied, 1 if not
+          # Usage: version_satisfies_engines "22" ">=18.0.0" "true"
+          version_satisfies_engines() {
+            local our="$1"
+            local min_major="$2"
+            local is_minimum="$3"
+
+            if [[ -z "$min_major" || -z "$our" ]]; then
+              return 1
+            fi
+
+            if [[ "$is_minimum" == "true" ]]; then
+              # >= or ^ constraint: our version must be >= min_major
+              if [[ "$our" -ge "$min_major" ]]; then
+                return 0
+              fi
+            fi
+            return 1
+          }
+
+          # Search for files in subdirectories via GitHub API tree
+          # Usage: find_repo_file "owner/repo" "branch" "filename" => sets REPLY to raw URL or empty
+          find_repo_file() {
+            local repo="$1"
+            local branch="$2"
+            local filename="$3"
+            REPLY=""
+
+            # Try root first (fast)
+            local root_url="https://raw.githubusercontent.com/${repo}/${branch}/${filename}"
+            if curl -sfI "$root_url" >/dev/null 2>&1; then
+              REPLY="$root_url"
+              return
+            fi
+
+            # Search via GitHub API tree (recursive)
+            local tree_url="https://api.github.com/repos/${repo}/git/trees/${branch}?recursive=1"
+            local tree_json
+            tree_json=$(curl -sf -H "Authorization: token $GH_TOKEN" "$tree_url" 2>/dev/null || echo "")
+            if [[ -z "$tree_json" ]]; then
+              return
+            fi
+
+            # Find first matching path (prefer shorter/root-level paths)
+            local match_path
+            match_path=$(echo "$tree_json" | jq -r --arg fn "$filename" \
+              '.tree[]? | select(.path | endswith("/" + $fn) or . == $fn) | .path' 2>/dev/null \
+              | sort | head -1 || echo "")
+
+            if [[ -n "$match_path" ]]; then
+              REPLY="https://raw.githubusercontent.com/${repo}/${branch}/${match_path}"
+            fi
+          }
+
+          # Extract Node major from .nvmrc or .node-version
+          # Sets: NVMRC_NODE_MAJOR
+          extract_nvmrc_node() {
+            local content="$1"
+            NVMRC_NODE_MAJOR=""
+            # .nvmrc/.node-version typically has: "v22.9.0", "22", "lts/iron", etc.
+            local ver
+            ver=$(echo "$content" | tr -d '[:space:]' | grep -oP '^v?\K[0-9]+' | head -1 || echo "")
+            NVMRC_NODE_MAJOR="$ver"
+          }
+
          # Collect results
          declare -a issue_scripts=()
          declare -a report_lines=()
@@ -143,7 +215,10 @@ jobs:
            slug=$(basename "$script" | sed 's/-install\.sh$//')

            # Extract Source URL (GitHub only)
-            source_url=$(head -20 "$script" | grep -oP '(?<=# Source: )https://github\.com/[^\s]+' | head -1 || echo "")
+            # Supports both:
+            #   # Source: https://github.com/owner/repo
+            #   # Source: https://example.com | Github: https://github.com/owner/repo
+            source_url=$(head -20 "$script" | grep -oP 'https://github\.com/[^\s|]+' | head -1 || echo "")
            if [[ -z "$source_url" ]]; then
              report_lines+=("| \`$slug\` | — | — | — | — | ⏭️ No GitHub source |")
              continue
@@ -167,12 +242,23 @@ jobs:
              fi
            fi

-            # Fetch upstream Dockerfile
+            # Determine default branch via GitHub API (fast, single call)
+            detected_branch=""
+            api_default=$(curl -sf -H "Authorization: token $GH_TOKEN" \
+              "https://api.github.com/repos/${repo}" 2>/dev/null \
+              | jq -r '.default_branch // empty' 2>/dev/null || echo "")
+            if [[ -n "$api_default" ]]; then
+              detected_branch="$api_default"
+            else
+              detected_branch="main"
+            fi
+
+            # Fetch upstream Dockerfile (root + subdirectories)
            df_content=""
-            for branch in main master dev; do
-              df_content=$(curl -sf "https://raw.githubusercontent.com/${repo}/${branch}/Dockerfile" 2>/dev/null || echo "")
-              [[ -n "$df_content" ]] && break
-            done
+            find_repo_file "$repo" "$detected_branch" "Dockerfile"
+            if [[ -n "$REPLY" ]]; then
+              df_content=$(curl -sf "$REPLY" 2>/dev/null || echo "")
+            fi

            DF_NODE_MAJOR=""
            DF_SOURCE=""
@@ -180,19 +266,35 @@ jobs:
              extract_dockerfile_node "$df_content"
            fi

-            # Fetch upstream package.json
+            # Fetch upstream package.json (root + subdirectories)
            pkg_content=""
-            for branch in main master dev; do
-              pkg_content=$(curl -sf "https://raw.githubusercontent.com/${repo}/${branch}/package.json" 2>/dev/null || echo "")
-              [[ -n "$pkg_content" ]] && break
-            done
+            find_repo_file "$repo" "$detected_branch" "package.json"
+            if [[ -n "$REPLY" ]]; then
+              pkg_content=$(curl -sf "$REPLY" 2>/dev/null || echo "")
+            fi

            ENGINES_NODE_RAW=""
            ENGINES_MIN_MAJOR=""
+            ENGINES_IS_MINIMUM="false"
            if [[ -n "$pkg_content" ]]; then
              extract_engines_node "$pkg_content"
            fi

+            # Fallback: check .nvmrc or .node-version
+            NVMRC_NODE_MAJOR=""
+            if [[ -z "$DF_NODE_MAJOR" && -z "$ENGINES_MIN_MAJOR" ]]; then
+              for nvmfile in .nvmrc .node-version; do
+                find_repo_file "$repo" "$detected_branch" "$nvmfile"
+                if [[ -n "$REPLY" ]]; then
+                  nvmrc_content=$(curl -sf "$REPLY" 2>/dev/null || echo "")
+                  if [[ -n "$nvmrc_content" ]]; then
+                    extract_nvmrc_node "$nvmrc_content"
+                    [[ -n "$NVMRC_NODE_MAJOR" ]] && break
+                  fi
+                fi
+              done
+            fi
+
            # Determine upstream recommended major version
            upstream_major=""
            upstream_hint=""
@@ -203,6 +305,9 @@ jobs:
            elif [[ -n "$ENGINES_MIN_MAJOR" ]]; then
              upstream_major="$ENGINES_MIN_MAJOR"
              upstream_hint="engines: $ENGINES_NODE_RAW"
+            elif [[ -n "$NVMRC_NODE_MAJOR" ]]; then
+              upstream_major="$NVMRC_NODE_MAJOR"
+              upstream_hint=".nvmrc/.node-version"
            fi

            # Build display values
@@ -214,13 +319,23 @@ jobs:
            if [[ "$our_version" == "dynamic" ]]; then
              status="🔄 Dynamic"
            elif [[ "$our_version" == "unset" ]]; then
-              status="⚠️ NODE_VERSION not set"
+              if [[ -n "$upstream_major" ]]; then
+                status="⚠️ NODE_VERSION not set (upstream=$upstream_major via $upstream_hint)"
+              else
+                status="⚠️ NODE_VERSION not set (no upstream info found)"
+              fi
              issue_scripts+=("$slug|$our_version|$upstream_major|$upstream_hint|$repo")
              drift_count=$((drift_count + 1))
            elif [[ -n "$upstream_major" && "$our_version" != "$upstream_major" ]]; then
-              status="🔸 Drift → upstream=$upstream_major ($upstream_hint)"
-              issue_scripts+=("$slug|$our_version|$upstream_major|$upstream_hint|$repo")
-              drift_count=$((drift_count + 1))
+              # Check if engines.node is a minimum constraint that our version satisfies
+              if [[ -z "$DF_NODE_MAJOR" && "$ENGINES_IS_MINIMUM" == "true" ]] && \
+                 version_satisfies_engines "$our_version" "$ENGINES_MIN_MAJOR" "$ENGINES_IS_MINIMUM"; then
+                status="✅ (engines: $ENGINES_NODE_RAW — ours: $our_version satisfies)"
+              else
+                status="🔸 Drift → upstream=$upstream_major ($upstream_hint)"
+                issue_scripts+=("$slug|$our_version|$upstream_major|$upstream_hint|$repo")
+                drift_count=$((drift_count + 1))
+              fi
            fi

            report_lines+=("| \`$slug\` | $our_version | $engines_display | $dockerfile_display | [$repo](https://github.com/$repo) | $status |")
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -409,8 +409,17 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit

 ## 2026-02-25

+### 🆕 New Scripts
+
+  - Zerobyte ([#12321](https://github.com/community-scripts/ProxmoxVE/pull/12321))
+
 ### 🚀 Updated Scripts

+  - #### 🐞 Bug Fixes
+
+    - Passbolt: Update Nginx config `client_max_body_size` [@tremor021](https://github.com/tremor021) ([#12313](https://github.com/community-scripts/ProxmoxVE/pull/12313))
+    - Zammad: configure Elasticsearch before zammad start [@MickLesk](https://github.com/MickLesk) ([#12308](https://github.com/community-scripts/ProxmoxVE/pull/12308))
+
  - #### 🔧 Refactor

    - OpenProject: Various fixes [@tremor021](https://github.com/tremor021) ([#12246](https://github.com/community-scripts/ProxmoxVE/pull/12246))
@@ -421,6 +430,14 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit

    - Fix detection of ssh keys [@1-tempest](https://github.com/1-tempest) ([#12230](https://github.com/community-scripts/ProxmoxVE/pull/12230))

+  - #### 🔧 Refactor
+
+    - core: remove duplicate traps, consolidate error handling and harden signal traps [@MickLesk](https://github.com/MickLesk) ([#12316](https://github.com/community-scripts/ProxmoxVE/pull/12316))
+
+### 📂 Github
+
+  - github: improvements for node drift wf [@MickLesk](https://github.com/MickLesk) ([#12309](https://github.com/community-scripts/ProxmoxVE/pull/12309))
+
 ## 2026-02-24

 ### 🚀 Updated Scripts
--- a/ct/headers/zerobyte
+++ b/ct/headers/zerobyte
@@ -0,0 +1,6 @@
+ _____                   __          __     
+/__  /  ___  _________  / /_  __  __/ /____ 
+  / /  / _ \/ ___/ __ \/ __ \/ / / / __/ _ \
+ / /__/  __/ /  / /_/ / /_/ / /_/ / /_/  __/
+/____/\___/_/   \____/_.___/\__, /\__/\___/ 
+                           /____/           
--- a/ct/joplin-server.sh
+++ b/ct/joplin-server.sh
@@ -28,7 +28,7 @@ function update_script() {
    exit
  fi

-  NODE_VERSION=24 NODE_MODULE="yarn,npm,pm2" setup_nodejs
+  NODE_VERSION="24" NODE_MODULE="yarn,npm,pm2" setup_nodejs

  if check_for_gh_release "joplin-server" "laurent22/joplin"; then
    msg_info "Stopping Services"
--- a/ct/zerobyte.sh
+++ b/ct/zerobyte.sh
@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: community-scripts
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/nicotsx/zerobyte
+
+APP="Zerobyte"
+var_tags="${var_tags:-backup;encryption;restic}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-6144}"
+var_disk="${var_disk:-10}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -d /opt/zerobyte ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "zerobyte" "nicotsx/zerobyte"; then
+    msg_info "Stopping Service"
+    systemctl stop zerobyte
+    msg_ok "Stopped Service"
+
+    msg_info "Backing up Configuration"
+    cp /opt/zerobyte/.env /opt/zerobyte.env.bak
+    msg_ok "Backed up Configuration"
+    
+    NODE_VERSION="24" setup_nodejs
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "zerobyte" "nicotsx/zerobyte" "tarball"
+
+    msg_info "Building Zerobyte"
+    export NODE_OPTIONS="--max-old-space-size=3072"
+    cd /opt/zerobyte
+    $STD bun install
+    $STD node ./node_modules/vite/bin/vite.js build
+    msg_ok "Built Zerobyte"
+
+    msg_info "Restoring Configuration"
+    cp /opt/zerobyte.env.bak /opt/zerobyte/.env
+    rm -f /opt/zerobyte.env.bak
+    msg_ok "Restored Configuration"
+
+    msg_info "Starting Service"
+    systemctl start zerobyte
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:4096${CL}"
--- a/ct/zigbee2mqtt.sh
+++ b/ct/zigbee2mqtt.sh
@@ -29,7 +29,7 @@ function update_script() {
  fi

  if check_for_gh_release "Zigbee2MQTT" "Koenkk/zigbee2mqtt"; then
-    NODE_VERSION=24 NODE_MODULE="pnpm@$(curl -fsSL https://raw.githubusercontent.com/Koenkk/zigbee2mqtt/master/package.json | jq -r '.packageManager | split("@")[1]')" setup_nodejs
+    NODE_VERSION="24" NODE_MODULE="pnpm@$(curl -fsSL https://raw.githubusercontent.com/Koenkk/zigbee2mqtt/master/package.json | jq -r '.packageManager | split("@")[1]')" setup_nodejs
    msg_info "Stopping Service"
    systemctl stop zigbee2mqtt
    msg_ok "Stopped Service"
--- a/frontend/public/json/github-versions.json
+++ b/frontend/public/json/github-versions.json
@@ -1,5 +1,5 @@
 {
-  "generated": "2026-02-25T06:25:10Z",
+  "generated": "2026-02-25T12:14:52Z",
  "versions": [
    {
      "slug": "2fauth",
@@ -39,9 +39,9 @@
    {
      "slug": "ampache",
      "repo": "ampache/ampache",
-      "version": "7.9.0",
+      "version": "7.9.1",
      "pinned": false,
-      "date": "2026-02-19T07:01:25Z"
+      "date": "2026-02-25T08:52:58Z"
    },
    {
      "slug": "argus",
@@ -823,9 +823,9 @@
    {
      "slug": "manyfold",
      "repo": "manyfold3d/manyfold",
-      "version": "v0.132.1",
+      "version": "v0.133.0",
      "pinned": false,
-      "date": "2026-02-09T22:02:28Z"
+      "date": "2026-02-25T10:40:26Z"
    },
    {
      "slug": "mealie",
@@ -995,6 +995,13 @@
      "pinned": false,
      "date": "2026-02-03T09:00:43Z"
    },
+    {
+      "slug": "openproject",
+      "repo": "jemalloc/jemalloc",
+      "version": "5.3.0",
+      "pinned": false,
+      "date": "2022-05-06T19:14:21Z"
+    },
    {
      "slug": "ots",
      "repo": "Luzifer/ots",
--- a/frontend/public/json/zerobyte.json
+++ b/frontend/public/json/zerobyte.json
@@ -0,0 +1,40 @@
+{
+    "name": "Zerobyte",
+    "slug": "zerobyte",
+    "categories": [
+        7
+    ],
+    "date_created": "2026-02-25",
+    "type": "ct",
+    "updateable": true,
+    "privileged": false,
+    "interface_port": 4096,
+    "documentation": "https://github.com/nicotsx/zerobyte#readme",
+    "website": "https://github.com/nicotsx/zerobyte",
+    "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/zerobyte.webp",
+    "config_path": "/opt/zerobyte/.env",
+    "description": "Zerobyte is a backup automation tool built on top of Restic that provides a modern web interface to schedule, manage, and monitor encrypted backups across multiple storage backends including NFS, SMB, WebDAV, SFTP, S3, and local directories.",
+    "install_methods": [
+        {
+            "type": "default",
+            "script": "ct/zerobyte.sh",
+            "resources": {
+                "cpu": 2,
+                "ram": 6144,
+                "hdd": 10,
+                "os": "Debian",
+                "version": "13"
+            }
+        }
+    ],
+    "default_credentials": {
+        "username": null,
+        "password": null
+    },
+    "notes": [
+        {
+            "text": "For remote mount support (NFS, SMB, WebDAV, SFTP), enable FUSE device passthrough on the LXC container. (FUSE is pre-configured)",
+            "type": "info"
+        }
+    ]
+}
--- a/install/convertx-install.sh
+++ b/install/convertx-install.sh
@@ -39,7 +39,7 @@ $STD apt install -y \
  texlive-xetex
 msg_ok "Installed Dependencies"

-NODE_VERSION=22 NODE_MODULE="bun" setup_nodejs
+NODE_VERSION="22" NODE_MODULE="bun" setup_nodejs
 fetch_and_deploy_gh_release "ConvertX" "C4illin/ConvertX" "tarball" "latest" "/opt/convertx"

 msg_info "Installing ConvertX"
--- a/install/joplin-server-install.sh
+++ b/install/joplin-server-install.sh
@@ -21,7 +21,7 @@ msg_ok "Installed Dependencies"

 PG_VERSION="17" setup_postgresql
 PG_DB_NAME="joplin" PG_DB_USER="joplin" setup_postgresql_db
-NODE_VERSION=24 NODE_MODULE="yarn,npm,pm2" setup_nodejs
+NODE_VERSION="24" NODE_MODULE="yarn,npm,pm2" setup_nodejs
 mkdir -p /opt/pm2
 export PM2_HOME=/opt/pm2
 $STD pm2 install pm2-logrotate
--- a/install/passbolt-install.sh
+++ b/install/passbolt-install.sh
@@ -44,6 +44,8 @@ echo passbolt-ce-server passbolt/nginx-domain string $LOCAL_IP | debconf-set-sel
 echo passbolt-ce-server passbolt/nginx-certificate-file string /etc/ssl/passbolt/passbolt.crt | debconf-set-selections
 echo passbolt-ce-server passbolt/nginx-certificate-key-file string /etc/ssl/passbolt/passbolt.key | debconf-set-selections
 $STD apt install -y --no-install-recommends passbolt-ce-server
+sed -i 's/client_max_body_size[[:space:]]\+[0-9]\+M;/client_max_body_size        15M;/' /etc/nginx/sites-enabled/nginx-passbolt.conf
+systemctl reload nginx
 msg_ok "Setup Passbolt"

 motd_ssh
--- a/install/pve-scripts-local-install.sh
+++ b/install/pve-scripts-local-install.sh
@@ -21,7 +21,7 @@ $STD apt install -y \
  expect
 msg_ok "Dependencies installed."

-NODE_VERSION=24 setup_nodejs
+NODE_VERSION="24" setup_nodejs
 fetch_and_deploy_gh_release "ProxmoxVE-Local" "community-scripts/ProxmoxVE-Local" "tarball"

 msg_info "Installing PVE Scripts local"
--- a/install/zammad-install.sh
+++ b/install/zammad-install.sh
@@ -28,12 +28,23 @@ setup_deb822_repo \
  "stable" \
  "main"
 $STD apt install -y elasticsearch
-sed -i 's/^-Xms.*/-Xms2g/' /etc/elasticsearch/jvm.options
-sed -i 's/^-Xmx.*/-Xmx2g/' /etc/elasticsearch/jvm.options
+sed -i 's/^#\{0,2\} *-Xms[0-9]*g.*/-Xms2g/' /etc/elasticsearch/jvm.options
+sed -i 's/^#\{0,2\} *-Xmx[0-9]*g.*/-Xmx2g/' /etc/elasticsearch/jvm.options
+cat <<EOF >>/etc/elasticsearch/elasticsearch.yml
+discovery.type: single-node
+xpack.security.enabled: false
+bootstrap.memory_lock: false
+EOF
 $STD /usr/share/elasticsearch/bin/elasticsearch-plugin install ingest-attachment -b
 systemctl daemon-reload
 systemctl enable -q elasticsearch
 systemctl restart -q elasticsearch
+for i in $(seq 1 30); do
+  if curl -s http://localhost:9200 >/dev/null 2>&1; then
+    break
+  fi
+  sleep 2
+done
 msg_ok "Setup Elasticsearch"

 msg_info "Installing Zammad"
--- a/install/zerobyte-install.sh
+++ b/install/zerobyte-install.sh
@@ -0,0 +1,96 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: community-scripts
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/nicotsx/zerobyte
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+echo "davfs2 davfs2/suid_file boolean false" | debconf-set-selections
+$STD apt-get install -y \
+  bzip2 \
+  fuse3 \
+  sshfs \
+  davfs2 \
+  openssh-client
+msg_ok "Installed Dependencies"
+
+fetch_and_deploy_gh_release "restic" "restic/restic" "singlefile" "latest" "/usr/local/bin" "restic_*_linux_amd64.bz2"
+mv /usr/local/bin/restic /usr/local/bin/restic.bz2
+bzip2 -d /usr/local/bin/restic.bz2
+chmod +x /usr/local/bin/restic
+
+fetch_and_deploy_gh_release "rclone" "rclone/rclone" "prebuild" "latest" "/opt/rclone" "rclone-*-linux-amd64.zip"
+ln -sf /opt/rclone/rclone /usr/local/bin/rclone
+
+fetch_and_deploy_gh_release "shoutrrr" "nicholas-fedor/shoutrrr" "prebuild" "latest" "/opt/shoutrrr" "shoutrrr_linux_amd64_*.tar.gz"
+ln -sf /opt/shoutrrr/shoutrrr /usr/local/bin/shoutrrr
+
+msg_info "Installing Bun"
+export BUN_INSTALL="/root/.bun"
+curl -fsSL https://bun.sh/install | $STD bash
+ln -sf /root/.bun/bin/bun /usr/local/bin/bun
+ln -sf /root/.bun/bin/bunx /usr/local/bin/bunx
+msg_ok "Installed Bun"
+
+NODE_VERSION="24" setup_nodejs
+fetch_and_deploy_gh_release "zerobyte" "nicotsx/zerobyte" "tarball"
+
+msg_info "Building Zerobyte (Patience)"
+cd /opt/zerobyte
+export VITE_RESTIC_VERSION=$(cat ~/.restic)
+export VITE_RCLONE_VERSION=$(cat ~/.rclone)
+export VITE_SHOUTRRR_VERSION=$(cat ~/.shoutrrr)
+export NODE_OPTIONS="--max-old-space-size=3072"
+$STD bun install
+$STD node ./node_modules/vite/bin/vite.js build
+msg_ok "Built Zerobyte"
+
+msg_info "Configuring Zerobyte"
+mkdir -p /var/lib/zerobyte/{data,restic/cache,repositories,volumes}
+APP_SECRET=$(openssl rand -hex 32)
+cat <<EOF >/opt/zerobyte/.env
+BASE_URL=http://${LOCAL_IP}:4096
+APP_SECRET=${APP_SECRET}
+PORT=4096
+ZEROBYTE_DATABASE_URL=/var/lib/zerobyte/data/zerobyte.db
+RESTIC_CACHE_DIR=/var/lib/zerobyte/restic/cache
+ZEROBYTE_REPOSITORIES_DIR=/var/lib/zerobyte/repositories
+ZEROBYTE_VOLUMES_DIR=/var/lib/zerobyte/volumes
+MIGRATIONS_PATH=/opt/zerobyte/app/drizzle
+NODE_ENV=production
+EOF
+msg_ok "Configured Zerobyte"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/zerobyte.service
+[Unit]
+Description=Zerobyte Backup Automation
+After=network.target
+
+[Service]
+Type=simple
+User=root
+WorkingDirectory=/opt/zerobyte
+EnvironmentFile=/opt/zerobyte/.env
+ExecStart=/usr/local/bin/bun .output/server/index.mjs
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now zerobyte
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/misc/build.func
+++ b/misc/build.func
@@ -4098,10 +4098,11 @@ EOF'

  # Installation failed?
  if [[ $install_exit_code -ne 0 ]]; then
-    # Prevent SIGTSTP (Ctrl+Z) from suspending the script during recovery.
+    # Prevent job-control signals from suspending the script during recovery.
    # In non-interactive shells (bash -c), background processes (spinner) can
    # trigger terminal-related signals that stop the entire process group.
-    trap '' TSTP
+    # TSTP = Ctrl+Z, TTIN = bg read from tty, TTOU = bg write to tty (tostop)
+    trap '' TSTP TTIN TTOU

    msg_error "Installation failed in container ${CTID} (exit code: ${install_exit_code})"

@@ -4551,8 +4552,8 @@ EOF'
    post_update_to_api "failed" "$install_exit_code" "force"
    $STD echo -e "${TAB}${CM:-✔} Telemetry finalized"

-    # Restore default SIGTSTP handling before exit
-    trap - TSTP
+    # Restore default job-control signal handling before exit
+    trap - TSTP TTIN TTOU
    exit $install_exit_code
  fi

--- a/misc/core.func
+++ b/misc/core.func
@@ -607,6 +607,7 @@ stop_spinner() {

  unset SPINNER_PID SPINNER_MSG
  stty sane 2>/dev/null || true
+  stty -tostop 2>/dev/null || true
 }

 # ==============================================================================
--- a/misc/tools.func
+++ b/misc/tools.func
@@ -783,16 +783,25 @@ github_api_call() {

  for attempt in $(seq 1 $max_retries); do
    local http_code
-    http_code=$(curl -fsSL -w "%{http_code}" -o "$output_file" \
+    http_code=$(curl -sSL -w "%{http_code}" -o "$output_file" \
      -H "Accept: application/vnd.github+json" \
      -H "X-GitHub-Api-Version: 2022-11-28" \
      "${header_args[@]}" \
-      "$url" 2>/dev/null || echo "000")
+      "$url" 2>/dev/null) || true

    case "$http_code" in
    200)
      return 0
      ;;
+    401)
+      msg_error "GitHub API authentication failed (HTTP 401)."
+      if [[ -n "${GITHUB_TOKEN:-}" ]]; then
+        msg_error "Your GITHUB_TOKEN appears to be invalid or expired."
+      else
+        msg_error "The repository may require authentication. Try: export GITHUB_TOKEN=\"ghp_your_token\""
+      fi
+      return 1
+      ;;
    403)
      # Rate limit - check if we can retry
      if [[ $attempt -lt $max_retries ]]; then
@@ -801,11 +810,22 @@ github_api_call() {
        retry_delay=$((retry_delay * 2))
        continue
      fi
-      msg_error "GitHub API rate limit exceeded. Set GITHUB_TOKEN to increase limits."
+      msg_error "GitHub API rate limit exceeded (HTTP 403)."
+      msg_error "To increase the limit, export a GitHub token before running the script:"
+      msg_error "  export GITHUB_TOKEN=\"ghp_your_token_here\""
      return 1
      ;;
    404)
-      msg_error "GitHub API endpoint not found: $url"
+      msg_error "GitHub repository or release not found (HTTP 404): $url"
+      return 1
+      ;;
+    000 | "")
+      if [[ $attempt -lt $max_retries ]]; then
+        sleep "$retry_delay"
+        continue
+      fi
+      msg_error "GitHub API connection failed (no response)."
+      msg_error "Check your network/DNS: curl -sSL https://api.github.com/rate_limit"
      return 1
      ;;
    *)
@@ -813,7 +833,7 @@ github_api_call() {
        sleep "$retry_delay"
        continue
      fi
-      msg_error "GitHub API call failed with HTTP $http_code"
+      msg_error "GitHub API call failed (HTTP $http_code)."
      return 1
      ;;
    esac
@@ -833,14 +853,18 @@ codeberg_api_call() {

  for attempt in $(seq 1 $max_retries); do
    local http_code
-    http_code=$(curl -fsSL -w "%{http_code}" -o "$output_file" \
+    http_code=$(curl -sSL -w "%{http_code}" -o "$output_file" \
      -H "Accept: application/json" \
-      "$url" 2>/dev/null || echo "000")
+      "$url" 2>/dev/null) || true

    case "$http_code" in
    200)
      return 0
      ;;
+    401)
+      msg_error "Codeberg API authentication failed (HTTP 401)."
+      return 1
+      ;;
    403)
      # Rate limit - retry
      if [[ $attempt -lt $max_retries ]]; then
@@ -849,11 +873,20 @@ codeberg_api_call() {
        retry_delay=$((retry_delay * 2))
        continue
      fi
-      msg_error "Codeberg API rate limit exceeded."
+      msg_error "Codeberg API rate limit exceeded (HTTP 403)."
      return 1
      ;;
    404)
-      msg_error "Codeberg API endpoint not found: $url"
+      msg_error "Codeberg repository or release not found (HTTP 404): $url"
+      return 1
+      ;;
+    000 | "")
+      if [[ $attempt -lt $max_retries ]]; then
+        sleep "$retry_delay"
+        continue
+      fi
+      msg_error "Codeberg API connection failed (no response)."
+      msg_error "Check your network/DNS: curl -sSL https://codeberg.org"
      return 1
      ;;
    *)
@@ -861,7 +894,7 @@ codeberg_api_call() {
        sleep "$retry_delay"
        continue
      fi
-      msg_error "Codeberg API call failed with HTTP $http_code"
+      msg_error "Codeberg API call failed (HTTP $http_code)."
      return 1
      ;;
    esac
@@ -1441,7 +1474,7 @@ get_latest_github_release() {

  if ! github_api_call "https://api.github.com/repos/${repo}/releases/latest" "$temp_file"; then
    rm -f "$temp_file"
-    return 1
+    return 0
  fi

  local version
@@ -1449,7 +1482,8 @@ get_latest_github_release() {
  rm -f "$temp_file"

  if [[ -z "$version" ]]; then
-    return 1
+    msg_error "Could not determine latest version for ${repo}"
+    return 0
  fi

  echo "$version"
@@ -1466,7 +1500,7 @@ get_latest_codeberg_release() {
  # Codeberg API: get all releases and pick the first non-draft/non-prerelease
  if ! codeberg_api_call "https://codeberg.org/api/v1/repos/${repo}/releases" "$temp_file"; then
    rm -f "$temp_file"
-    return 1
+    return 0
  fi

  local version
@@ -1480,7 +1514,8 @@ get_latest_codeberg_release() {
  rm -f "$temp_file"

  if [[ -z "$version" ]]; then
-    return 1
+    msg_error "Could not determine latest version for ${repo}"
+    return 0
  fi

  echo "$version"
@@ -1567,13 +1602,34 @@ get_latest_gh_tag() {
    "${header_args[@]}" \
    "https://api.github.com/repos/${repo}/tags?per_page=100" 2>/dev/null) || true

+  if [[ "$http_code" == "401" ]]; then
+    msg_error "GitHub API authentication failed (HTTP 401)."
+    if [[ -n "${GITHUB_TOKEN:-}" ]]; then
+      msg_error "Your GITHUB_TOKEN appears to be invalid or expired."
+    else
+      msg_error "The repository may require authentication. Try: export GITHUB_TOKEN=\"ghp_your_token\""
+    fi
+    rm -f /tmp/gh_tags.json
+    return 1
+  fi
+
  if [[ "$http_code" == "403" ]]; then
-    msg_warn "GitHub API rate limit exceeded while fetching tags for ${repo}"
+    msg_error "GitHub API rate limit exceeded (HTTP 403)."
+    msg_error "To increase the limit, export a GitHub token before running the script:"
+    msg_error "  export GITHUB_TOKEN=\"ghp_your_token_here\""
+    rm -f /tmp/gh_tags.json
+    return 1
+  fi
+
+  if [[ "$http_code" == "000" || -z "$http_code" ]]; then
+    msg_error "GitHub API connection failed (no response)."
+    msg_error "Check your network/DNS: curl -sSL https://api.github.com/rate_limit"
    rm -f /tmp/gh_tags.json
    return 1
  fi

  if [[ "$http_code" != "200" ]] || [[ ! -s /tmp/gh_tags.json ]]; then
+    msg_error "Unable to fetch tags for ${repo} (HTTP ${http_code})"
    rm -f /tmp/gh_tags.json
    return 1
  fi
@@ -1659,6 +1715,15 @@ check_for_gh_release() {

    if [[ "$http_code" == "200" ]] && [[ -s /tmp/gh_check.json ]]; then
      releases_json="[$(</tmp/gh_check.json)]"
+    elif [[ "$http_code" == "401" ]]; then
+      msg_error "GitHub API authentication failed (HTTP 401)."
+      if [[ -n "${GITHUB_TOKEN:-}" ]]; then
+        msg_error "Your GITHUB_TOKEN appears to be invalid or expired."
+      else
+        msg_error "The repository may require authentication. Try: export GITHUB_TOKEN=\"ghp_your_token\""
+      fi
+      rm -f /tmp/gh_check.json
+      return 1
    elif [[ "$http_code" == "403" ]]; then
      msg_error "GitHub API rate limit exceeded (HTTP 403)."
      msg_error "To increase the limit, export a GitHub token before running the script:"
@@ -1679,12 +1744,26 @@ check_for_gh_release() {

    if [[ "$http_code" == "200" ]] && [[ -s /tmp/gh_check.json ]]; then
      releases_json=$(</tmp/gh_check.json)
+    elif [[ "$http_code" == "401" ]]; then
+      msg_error "GitHub API authentication failed (HTTP 401)."
+      if [[ -n "${GITHUB_TOKEN:-}" ]]; then
+        msg_error "Your GITHUB_TOKEN appears to be invalid or expired."
+      else
+        msg_error "The repository may require authentication. Try: export GITHUB_TOKEN=\"ghp_your_token\""
+      fi
+      rm -f /tmp/gh_check.json
+      return 1
    elif [[ "$http_code" == "403" ]]; then
      msg_error "GitHub API rate limit exceeded (HTTP 403)."
      msg_error "To increase the limit, export a GitHub token before running the script:"
      msg_error "  export GITHUB_TOKEN=\"ghp_your_token_here\""
      rm -f /tmp/gh_check.json
      return 1
+    elif [[ "$http_code" == "000" || -z "$http_code" ]]; then
+      msg_error "GitHub API connection failed (no response)."
+      msg_error "Check your network/DNS: curl -sSL https://api.github.com/rate_limit"
+      rm -f /tmp/gh_check.json
+      return 1
    else
      msg_error "Unable to fetch releases for ${app} (HTTP ${http_code})"
      rm -f /tmp/gh_check.json
@@ -2608,12 +2687,22 @@ function fetch_and_deploy_gh_release() {
  done

  if ! $success; then
-    if [[ "$http_code" == "403" ]]; then
+    if [[ "$http_code" == "401" ]]; then
+      msg_error "GitHub API authentication failed (HTTP 401)."
+      if [[ -n "${GITHUB_TOKEN:-}" ]]; then
+        msg_error "Your GITHUB_TOKEN appears to be invalid or expired."
+      else
+        msg_error "The repository may require authentication. Try: export GITHUB_TOKEN=\"ghp_your_token\""
+      fi
+    elif [[ "$http_code" == "403" ]]; then
      msg_error "GitHub API rate limit exceeded (HTTP 403)."
      msg_error "To increase the limit, export a GitHub token before running the script:"
      msg_error "  export GITHUB_TOKEN=\"ghp_your_token_here\""
+    elif [[ "$http_code" == "000" || -z "$http_code" ]]; then
+      msg_error "GitHub API connection failed (no response)."
+      msg_error "Check your network/DNS: curl -sSL https://api.github.com/rate_limit"
    else
-      msg_error "Failed to fetch release metadata from $api_url after $max_retries attempts (HTTP $http_code)"
+      msg_error "Failed to fetch release metadata (HTTP $http_code)"
    fi
    return 1
  fi
--- a/tools/addon/immich-public-proxy.sh
+++ b/tools/addon/immich-public-proxy.sh
@@ -28,7 +28,7 @@ INSTALL_PATH="/opt/immich-proxy"
 CONFIG_PATH="/opt/immich-proxy/app"
 DEFAULT_PORT=3000

-# Initialize all core functions (colors, formatting, icons, STD mode)
+# Initialize all core functions (colors, formatting, icons, $STD mode)
 load_functions
 init_tool_telemetry "" "addon"
Author	SHA1	Message	Date
CanbiZ (MickLesk)	4e52111ca0	switch returns	2026-02-25 16:37:36 +01:00
CanbiZ (MickLesk)	375dccacb1	tools.func: Improve GitHub/Codeberg API error handling and error output Enhance API call robustness and user feedback in misc/tools.func: add explicit handling for HTTP 401 (authentication) and 000/no-response cases, provide clearer error messages and actionable guidance (e.g. export GITHUB_TOKEN, check network/DNS), and preserve retry/backoff logic. Adjusted curl invocation/error capture to avoid echoing sentinel values and updated messages for 403/404/other HTTP errors. Changes touch github_api_call, codeberg_api_call, get_latest_gh_tag, check_for_gh_release, and fetch_and_deploy_gh_release to fail earlier and clean up temp files on errors.	2026-02-25 16:28:21 +01:00
community-scripts-pr-app[bot]	1c463369c7	Update .app files (#12325 ) Co-authored-by: GitHub Actions <github-actions[bot]@users.noreply.github.com>	2026-02-25 16:18:48 +01:00
community-scripts-pr-app[bot]	1a1e707db3	Update CHANGELOG.md (#12326 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2026-02-25 15:16:59 +00:00
push-app-to-main[bot]	95a63e66a8	Zerobyte (#12321 ) * Add zerobyte (ct) * Refactor zerobyte.sh to streamline Node.js setup Removed redundant NODE_VERSION setup for Node.js during the build process. * Update note to include FUSE pre-configuration detail * Update date_created from 2026-02-18 to 2026-02-25 * Update zerobyte-install.sh --------- Co-authored-by: push-app-to-main[bot] <203845782+push-app-to-main[bot]@users.noreply.github.com> Co-authored-by: CanbiZ (MickLesk) <47820557+MickLesk@users.noreply.github.com>	2026-02-25 16:16:23 +01:00
CanbiZ (MickLesk)	b09f2db2a9	Handle job-control signals and clear tostop Prevent terminal job-control signals from suspending the script during recovery by trapping TSTP, TTIN and TTOU (instead of only TSTP) and restoring them on exit. Also clear the terminal 'tostop' flag in stop_spinner() with `stty -tostop` to avoid background spinner I/O from stopping the process group.	2026-02-25 14:45:11 +01:00
CanbiZ (MickLesk)	340d999b2b	force gitea sync	2026-02-25 14:25:37 +01:00
community-scripts-pr-app[bot]	8c9874c4aa	Update CHANGELOG.md (#12318 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2026-02-25 13:08:50 +00:00
community-scripts-pr-app[bot]	e9b98c2ab0	Update CHANGELOG.md (#12317 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2026-02-25 13:08:28 +00:00
CanbiZ (MickLesk)	dd46dd2d87	core: remove duplicate traps, consolidate error handling and harden signal traps (#12316 ) * fix(zammad): configure Elasticsearch for LXC container startup - Set discovery.type: single-node (required for single-node ES) - Set xpack.security.enabled: false (not needed in local LXC) - Set bootstrap.memory_lock: false (fails in unprivileged LXC) - Add startup wait loop (up to 60s) to ensure ES is ready before Zammad installation continues Fixes #12301-related recurring Elasticsearch startup failures * refactor(api): eliminate duplicate traps, harden error handling & telemetry Phase 1 - Structural: - Remove api_exit_script() and 5 inline traps from build.func - error_handler.func is now the sole trap owner via catch_errors() - Update api.func comment reference (api_exit_script -> on_exit) Phase 2 - Quality: - Add stop_spinner() + cursor restore to error_handler(), on_interrupt(), on_terminate(), on_hangup() to prevent spinner/cursor artifacts - Enhance _send_abort_telemetry() with error text (last 20 log lines), duration calculation, and 2 retry attempts (was fire-and-forget) - Harden json_escape() to also strip DEL (0x7F) character * fix(build): show spinner during post_update_to_api to prevent Ctrl+Z abort post_update_to_api can take up to 33 seconds worst-case (3 curl attempts x 10s timeout + sleep delays). Without any terminal output during this time, users think the script is stuck and press Ctrl+Z, which prevents the recovery menu from ever appearing. Add msg_info spinner before both post_update_to_api calls in the failure path (initial report + final force retry after recovery menu). * fix(build): prevent SIGTSTP from killing recovery dialog - Replace msg_info/stop_spinner with plain echo for telemetry reporting The background spinner process in non-interactive shells (bash -c) can trigger SIGTSTP, stopping the entire process group before the recovery dialog appears. Plain echo avoids this. - Add trap '' TSTP at failure path entry to ignore suspension signals Prevents Ctrl+Z or terminal-related SIGTSTP from interrupting the recovery menu. Restored with trap - TSTP before exit. - Root cause: msg_info starts a background process (spinner &) that is not properly detached in non-interactive shells where job control (set -m) is OFF. The disown builtin has no effect without job control, leaving the spinner in the same process group. This can cause terminal I/O conflicts during the 33-second post_update_to_api retry window, resulting in [2]+ Stopped. * fix(test): initialize colors and remove illegal local in test harness - Call load_functions() after sourcing core.func to initialize color/formatting/icon variables (RD, GN, YW, CL, TAB, etc.) - Remove 'local' keyword from top-level scope (not inside function) - Default REPO_SOURCE to ref_api instead of main * chore: remove test-recovery-dialog.sh from branch * Revert "fix(zammad): configure Elasticsearch for LXC container startup" This reverts commit `10e450b72f`. * fix(build): show telemetry status only in verbose mode Telemetry reporting is an implementation detail that doesn't help the user during failure recovery. Wrap echo statements with VERBOSE check so they only appear when verbose mode is enabled.	2026-02-25 14:08:24 +01:00
Slaviša Arežina	719761de6c	Update Nginx client_max_body_size for Passbolt (#12313 )	2026-02-25 14:08:02 +01:00
community-scripts-pr-app[bot]	765cd6d123	Update CHANGELOG.md (#12315 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2026-02-25 12:55:32 +00:00
CanbiZ (MickLesk)	26915e3979	Zammad: configure Elasticsearch before zammad start (#12308 ) * fix(zammad): configure Elasticsearch for LXC container startup - Set discovery.type: single-node (required for single-node ES) - Set xpack.security.enabled: false (not needed in local LXC) - Set bootstrap.memory_lock: false (fails in unprivileged LXC) - Add startup wait loop (up to 60s) to ensure ES is ready before Zammad installation continues Fixes #12301-related recurring Elasticsearch startup failures * Update install/zammad-install.sh Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com> --------- Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com>	2026-02-25 13:55:07 +01:00
community-scripts-pr-app[bot]	34343bc61c	chore: update github-versions.json (#12314 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2026-02-25 12:15:02 +00:00
community-scripts-pr-app[bot]	7484c58175	Update CHANGELOG.md (#12311 ) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>	2026-02-25 10:28:24 +00:00
CanbiZ (MickLesk)	dd4a15fff1	github: improvements for node drift wf (#12309 ) * fix(workflow): improve Node.js version drift detection accuracy 1. Fix source URL regex: now captures 'Github: https://github.com/...' pattern (pipe-separated), not just '# Source: https://github.com/...' This was causing ~50 scripts to show 'No GitHub source' 2. Fix semver comparison: engines.node constraints like '>=18.0.0' no longer flag version 22 as drift. >= and ^ constraints are now properly evaluated (our_version >= min_major = satisfied) 3. Add fallback detection: when no Dockerfile or engines.node is found, check .nvmrc and .node-version files for Node version hints 4. Add subdirectory search: Dockerfile and package.json are now found via GitHub API tree search, not just in repo root 5. Use GitHub API to detect default branch instead of guessing main/master/dev with multiple HEAD requests * fix typos in node_version * runs on vps	2026-02-25 11:27:47 +01:00