Refactor agent service control in zabbix.sh

Replaces conditional logic for stopping and starting Zabbix agent services with a variable ($AGENT_SERVICE), simplifying service management.
2025-11-11 13:52:51 +00:00 · 2025-11-05 15:01:38 +01:00
45 changed files with 699 additions and 1390 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,111 +10,10 @@
 > [!CAUTION]
 Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit the project's popularity for potentially malicious purposes.

-## 2025-11-11
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Part-DB: Increase amount of RAM [@tremor021](https://github.com/tremor021) ([#9039](https://github.com/community-scripts/ProxmoxVE/pull/9039))
-
-## 2025-11-10
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Plex: extend checking for deb822 source [@Matt17000](https://github.com/Matt17000) ([#9036](https://github.com/community-scripts/ProxmoxVE/pull/9036))
-
-  - #### ✨ New Features
-
-    - tools.func: add helper functions for MariaDB and PostgreSQL setup [@MickLesk](https://github.com/MickLesk) ([#9026](https://github.com/community-scripts/ProxmoxVE/pull/9026))
-    - core: update message for no available updates scenario (if pinned) [@MickLesk](https://github.com/MickLesk) ([#9021](https://github.com/community-scripts/ProxmoxVE/pull/9021))
-    - Migrate Open WebUI to uv-based installation [@MickLesk](https://github.com/MickLesk) ([#9019](https://github.com/community-scripts/ProxmoxVE/pull/9019))
-
-  - #### 🔧 Refactor
-
-    - Refactor: phpIPAM [@MickLesk](https://github.com/MickLesk) ([#9027](https://github.com/community-scripts/ProxmoxVE/pull/9027))
-
-## 2025-11-09
-
-### 🚀 Updated Scripts
-
-  - core: improve log cleaning [@MickLesk](https://github.com/MickLesk) ([#8999](https://github.com/community-scripts/ProxmoxVE/pull/8999))
-
-  - #### 🐞 Bug Fixes
-
-    - Add wkhtmltopdf to Odoo installation dependencies [@akileos](https://github.com/akileos) ([#9010](https://github.com/community-scripts/ProxmoxVE/pull/9010))
-    - fix(jotty): Comments removed from variables, as they are interpreted. [@schneider-de-com](https://github.com/schneider-de-com) ([#9002](https://github.com/community-scripts/ProxmoxVE/pull/9002))
-    - fix(n8n): Add python3-setuptools dependency for Debian 13 [@chrikodo](https://github.com/chrikodo) ([#9007](https://github.com/community-scripts/ProxmoxVE/pull/9007))
-    - Paperless-ngx: hotfix config path [@vhsdream](https://github.com/vhsdream) ([#9003](https://github.com/community-scripts/ProxmoxVE/pull/9003))
-    - Paperless-NGX: Move config backup outside of app folder [@vhsdream](https://github.com/vhsdream) ([#8996](https://github.com/community-scripts/ProxmoxVE/pull/8996))
-
-## 2025-11-08
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Technitium DNS: Fix update [@tremor021](https://github.com/tremor021) ([#8980](https://github.com/community-scripts/ProxmoxVE/pull/8980))
-    - MediaManager: add LOG_FILE to start.sh script; fix BASE_PATH and PUBLIC_API_URL [@vhsdream](https://github.com/vhsdream) ([#8981](https://github.com/community-scripts/ProxmoxVE/pull/8981))
-    - Firefly: Fix missing command in update script [@tremor021](https://github.com/tremor021) ([#8972](https://github.com/community-scripts/ProxmoxVE/pull/8972))
-    - MongoDB: Remove unused message [@tremor021](https://github.com/tremor021) ([#8969](https://github.com/community-scripts/ProxmoxVE/pull/8969))
-    - Set TZ=Etc/UTC in Ghostfolio installation script [@LuloDev](https://github.com/LuloDev) ([#8961](https://github.com/community-scripts/ProxmoxVE/pull/8961))
-
-  - #### 🔧 Refactor
-
-    - paperless: refactor - remove backup after update and enable clean install [@MickLesk](https://github.com/MickLesk) ([#8988](https://github.com/community-scripts/ProxmoxVE/pull/8988))
-    - Refactor setup_deb822_repo for optional architectures [@MickLesk](https://github.com/MickLesk) ([#8983](https://github.com/community-scripts/ProxmoxVE/pull/8983))
-
-## 2025-11-07
-
-### 🆕 New Scripts
-
-  - infisical ([#8926](https://github.com/community-scripts/ProxmoxVE/pull/8926))
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - Update script URLs to ProxmoxVE repository [@MickLesk](https://github.com/MickLesk) ([#8946](https://github.com/community-scripts/ProxmoxVE/pull/8946))
-    - tools.func: fix amd64 arm64 mismatch [@MickLesk](https://github.com/MickLesk) ([#8943](https://github.com/community-scripts/ProxmoxVE/pull/8943))
-    - ghostfolio: refactor CoinGecko key prompts in installer [@MickLesk](https://github.com/MickLesk) ([#8935](https://github.com/community-scripts/ProxmoxVE/pull/8935))
-    - flaresolverr: pin release to 3.4.3 [@CrazyWolf13](https://github.com/CrazyWolf13) ([#8937](https://github.com/community-scripts/ProxmoxVE/pull/8937))
-
-  - #### ✨ New Features
-
-    - Pangolin: Add Traefik proxy [@tremor021](https://github.com/tremor021) ([#8952](https://github.com/community-scripts/ProxmoxVE/pull/8952))
-
-## 2025-11-06
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - OpenProject: Remove duplicate server_path_prefix configuration [@tremor021](https://github.com/tremor021) ([#8919](https://github.com/community-scripts/ProxmoxVE/pull/8919))
-    - Grist: Fix change directory to /opt/grist before build steps [@tremor021](https://github.com/tremor021) ([#8913](https://github.com/community-scripts/ProxmoxVE/pull/8913))
-    - Jotty hotfix: SSO_FALLBACK_LOCAL value [@vhsdream](https://github.com/vhsdream) ([#8907](https://github.com/community-scripts/ProxmoxVE/pull/8907))
-    - npm: add Debian version check to update script [@MickLesk](https://github.com/MickLesk) ([#8901](https://github.com/community-scripts/ProxmoxVE/pull/8901))
-
-  - #### ✨ New Features
-
-    - MongoDB: install script now use setup_mongodb [@MickLesk](https://github.com/MickLesk) ([#8897](https://github.com/community-scripts/ProxmoxVE/pull/8897))
-
-  - #### 🔧 Refactor
-
-    - Refactor: Graylog [@tremor021](https://github.com/tremor021) ([#8912](https://github.com/community-scripts/ProxmoxVE/pull/8912))
-
 ## 2025-11-05

 ### 🚀 Updated Scripts

-  - #### 🐞 Bug Fixes
-
-    - Immich: Pin version to 2.2.3 [@vhsdream](https://github.com/vhsdream) ([#8861](https://github.com/community-scripts/ProxmoxVE/pull/8861))
-    - Jotty: increase RAM to 4GB [@vhsdream](https://github.com/vhsdream) ([#8887](https://github.com/community-scripts/ProxmoxVE/pull/8887))
-    - Zabbix: fix agent service recognition in update [@MickLesk](https://github.com/MickLesk) ([#8881](https://github.com/community-scripts/ProxmoxVE/pull/8881))
-
  - #### 💥 Breaking Changes

    - fix: npm: refactor for v2.13.x [@CrazyWolf13](https://github.com/CrazyWolf13) ([#8870](https://github.com/community-scripts/ProxmoxVE/pull/8870))
@@ -128,7 +27,6 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit

  - #### 📝 Script Information

-    - npm: Increase RAM and HDD, update Certbot notes [@MickLesk](https://github.com/MickLesk) ([#8882](https://github.com/community-scripts/ProxmoxVE/pull/8882))
    - Update config_path in donetick.json [@fyxtro](https://github.com/fyxtro) ([#8872](https://github.com/community-scripts/ProxmoxVE/pull/8872))

 ## 2025-11-04
--- a/ct/firefly.sh
+++ b/ct/firefly.sh
@@ -51,7 +51,7 @@ function update_script() {
    find /opt/firefly/storage -type f -exec chmod 664 {} \;
    mkdir -p /opt/firefly/storage/framework/{cache/data,sessions,views}
    $STD sudo -u www-data php /opt/firefly/artisan cache:clear
-    cd /opt/firefly
+
    $STD php artisan migrate --seed --force
    $STD php artisan cache:clear
    $STD php artisan view:clear
--- a/ct/graylog.sh
+++ b/ct/graylog.sh
@@ -11,7 +11,7 @@ var_cpu="${var_cpu:-2}"
 var_ram="${var_ram:-8192}"
 var_disk="${var_disk:-30}"
 var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
+var_version="${var_version:-12}"
 var_unprivileged="${var_unprivileged:-1}"

 header_info "$APP"
@@ -28,32 +28,15 @@ function update_script() {
    msg_error "No ${APP} Installation Found!"
    exit
  fi
-
  msg_info "Stopping Service"
  systemctl stop graylog-datanode
  systemctl stop graylog-server
  msg_info "Stopped Service"

-  CURRENT_VERSION=$(apt list --installed 2>/dev/null | grep graylog-server | grep -oP '\d+\.\d+\.\d+')
-
-  if dpkg --compare-versions "$CURRENT_VERSION" lt "6.3"; then
-    MONGO_VERSION="8.0" setup_mongodb
-
-    msg_info "Updating Graylog"
-    $STD apt update
-    $STD apt upgrade -y
-    curl -fsSL "https://packages.graylog2.org/repo/packages/graylog-7.0-repository_latest.deb" -o "graylog-7.0-repository_latest.deb"
-    $STD dpkg -i graylog-7.0-repository_latest.deb
-    $STD apt update
-    $STD apt install -y graylog-server graylog-datanode
-    rm -f graylog-7.0-repository_latest.deb
-    msg_ok "Updated Graylog"
-  elif dpkg --compare-versions "$CURRENT_VERSION" ge "7.0"; then
-    msg_info "Updating Graylog"
-    $STD apt update
-    $STD apt upgrade -y
-    msg_ok "Updated Graylog"
-  fi
+  msg_info "Updating $APP"
+  $STD apt-get update
+  $STD apt-get upgrade -y
+  msg_ok "Updated $APP"

  msg_info "Starting Service"
  systemctl start graylog-datanode
--- a/ct/grist.sh
+++ b/ct/grist.sh
@@ -47,7 +47,6 @@ function update_script() {
    cp -r /opt/grist_bak/docs/* /opt/grist/docs/
    cp /opt/grist_bak/grist-sessions.db /opt/grist/grist-sessions.db
    cp /opt/grist_bak/landing.db /opt/grist/landing.db
-    cd /opt/grist
    $STD yarn install
    $STD yarn run build:prod
    $STD yarn run install:python
--- a/ct/headers/infisical
+++ b/ct/headers/infisical
@@ -1,6 +0,0 @@
-    ____      _____      _            __
-   /  _/___  / __(_)____(_)________ _/ /
-   / // __ \/ /_/ / ___/ / ___/ __ `/ / 
- _/ // / / / __/ (__  ) / /__/ /_/ / /  
-/___/_/ /_/_/ /_/____/_/\___/\__,_/_/   
-                                        
--- a/ct/immich.sh
+++ b/ct/immich.sh
@@ -93,7 +93,7 @@ EOF
    msg_ok "Image-processing libraries up to date"
  fi

-  RELEASE="2.2.3"
+  RELEASE="2.2.2"
  if check_for_gh_release "immich" "immich-app/immich" "${RELEASE}"; then
    msg_info "Stopping Services"
    systemctl stop immich-web
--- a/ct/infisical.sh
+++ b/ct/infisical.sh
@@ -1,60 +0,0 @@
-#!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2025 community-scripts ORG
-# Author: Slaviša Arežina (tremor021)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://infisical.com/
-
-APP="Infisical"
-var_tags="${var_tags:-auth}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-2048}"
-var_disk="${var_disk:-6}"
-var_os="${var_os:-debian}"
-var_version="${var_version:-13}"
-var_unprivileged="${var_unprivileged:-1}"
-
-header_info "$APP"
-variables
-color
-catch_errors
-
-function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-  if [[ ! -d /etc/infisical ]]; then
-    msg_error "No ${APP} Installation Found!"
-    exit
-  fi
-
-  msg_info "Stopping service"
-  $STD infisical-ctl stop
-  msg_ok "Service stopped"
-
-  msg_info "Creating backup"
-  DB_PASS=$(grep -Po '(?<=^Database Password:\s).*' ~/infisical.creds | head -n1)
-  PGPASSWORD=$DB_PASS pg_dump -U infisical -h localhost -d infisical_db > /opt/infisical_backup.sql
-  msg_ok "Created backup"
-
-  msg_info "Updating Infisical"
-  $STD apt update
-  $STD apt install -y infisical-core
-  $STD infisical-ctl reconfigure
-  msg_ok "Updated Infisical"
-
-  msg_info "Starting service"
-  infisical-ctl start
-  msg_ok "Started service"
-  msg_ok "Updated successfully"
-  exit
-}
-
-start
-build_container
-description
-
-msg_ok "Completed Successfully!\n"
-echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080${CL}"
--- a/ct/jotty.sh
+++ b/ct/jotty.sh
@@ -8,7 +8,7 @@ source <(curl -s https://raw.githubusercontent.com/community-scripts/ProxmoxVE/m
 APP="jotty"
 var_tags="${var_tags:-tasks;notes}"
 var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-4096}"
+var_ram="${var_ram:-3072}"
 var_disk="${var_disk:-6}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
--- a/ct/livebook.sh
+++ b/ct/livebook.sh
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/refs/heads/main/misc/build.func)
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/refs/heads/main/misc/build.func)
 # Copyright (c) 2021-2025 community-scripts ORG
 # Author: dkuku
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
--- a/ct/mediamanager.sh
+++ b/ct/mediamanager.sh
@@ -40,24 +40,19 @@ function update_script() {
    MM_DIR="/opt/mm"
    export CONFIG_DIR="${MM_DIR}/config"
    export FRONTEND_FILES_DIR="${MM_DIR}/web/build"
+    export BASE_PATH=""
    export PUBLIC_VERSION=""
    export PUBLIC_API_URL=""
-    export BASE_PATH="/web"
    cd /opt/mediamanager/web
-    $STD npm ci --no-fund --no-audit
+    $STD npm ci
    $STD npm run build
    rm -rf "$FRONTEND_FILES_DIR"/build
    cp -r build "$FRONTEND_FILES_DIR"
-    export BASE_PATH=""
    export VIRTUAL_ENV="/opt/${MM_DIR}/venv"
    cd /opt/mediamanager
    rm -rf "$MM_DIR"/{media_manager,alembic*}
    cp -r {media_manager,alembic*} "$MM_DIR"
    $STD /usr/local/bin/uv sync --locked --active -n -p cpython3.13 --managed-python
-    if ! grep -q "LOG_FILE" "$MM_DIR"/start.sh; then
-      sed -i "\|build\"$|a\export LOG_FILE=\"$CONFIG_DIR/media_manager.log\"" "$MM_DIR"/start.sh
-    fi
-
    msg_ok "Updated $APP"

    msg_info "Starting Service"
--- a/ct/nginxproxymanager.sh
+++ b/ct/nginxproxymanager.sh
@@ -28,12 +28,6 @@ function update_script() {
    exit
  fi

-  if [[ $(grep -E '^VERSION_ID=' /etc/os-release) == *"12"* ]]; then
-    msg_error "Wrong Debian version detected!"
-    msg_error "Please create a snapshot first. You must upgrade your LXC to Debian Trixie before updating. Visit: https://github.com/community-scripts/ProxmoxVE/discussions/7489"
-    exit
-  fi
-
  if command -v node &>/dev/null; then
    CURRENT_NODE_VERSION=$(node --version | cut -d'v' -f2 | cut -d'.' -f1)
    if [[ "$CURRENT_NODE_VERSION" != "22" ]]; then
@@ -150,7 +144,7 @@ EOF
  cd /app
  $STD yarn install --network-timeout 600000
  msg_ok "Initialized Backend"
-
+  
  msg_info "Updating Certbot"
  [ -f /etc/apt/trusted.gpg.d/openresty-archive-keyring.gpg ] && rm -f /etc/apt/trusted.gpg.d/openresty-archive-keyring.gpg
  [ -f /etc/apt/sources.list.d/openresty.list ] && rm -f /etc/apt/sources.list.d/openresty.list
--- a/ct/openwebui.sh
+++ b/ct/openwebui.sh
@@ -23,62 +23,6 @@ function update_script() {
  header_info
  check_container_storage
  check_container_resources
-
-  if [[ -d /opt/open-webui ]]; then
-    msg_warn "Legacy installation detected — migrating to uv based install..."
-    msg_info "Stopping Service"
-    systemctl stop open-webui
-    msg_ok "Stopped Service"
-
-    msg_info "Creating Backup"
-    mkdir -p /opt/open-webui-backup
-    cp -a /opt/open-webui/backend/data /opt/open-webui-backup/data || true
-    msg_ok "Created Backup"
-
-    msg_info "Removing legacy installation"
-    rm -rf /opt/open-webui
-    rm -rf /root/.open-webui || true
-    msg_ok "Removed legacy installation"
-
-    msg_info "Installing uv-based Open-WebUI"
-    PYTHON_VERSION="3.12" setup_uv
-    $STD uv tool install --python $PYTHON_VERSION open-webui[all]
-    msg_ok "Installed uv-based Open-WebUI"
-
-    msg_info "Restoring data"
-    mkdir -p /root/.open-webui
-    cp -a /opt/open-webui-backup/data/* /root/.open-webui/ || true
-    rm -rf /opt/open-webui-backup || true
-    msg_ok "Restored data"
-
-    msg_info "Recreating Service"
-    cat <<EOF >/etc/systemd/system/open-webui.service
-[Unit]
-Description=Open WebUI Service
-After=network.target
-
-[Service]
-Type=simple
-Environment=DATA_DIR=/root/.open-webui
-EnvironmentFile=-/root/.env
-ExecStart=/root/.local/bin/open-webui serve
-WorkingDirectory=/root
-Restart=on-failure
-RestartSec=5
-User=root
-
-[Install]
-WantedBy=multi-user.target
-EOF
-
-    $STD systemctl daemon-reload
-    systemctl enable -q --now open-webui
-    msg_ok "Recreated Service"
-
-    msg_ok "Migration completed"
-    exit 0
-  fi
-
  if [[ ! -d /root/.open-webui ]]; then
    msg_error "No ${APP} Installation Found!"
    exit
@@ -106,11 +50,8 @@ EOF
    fi
  fi

-  msg_info "Updating Open WebUI via uv"
-  PYTHON_VERSION="3.12" setup_uv
-  $STD uv tool install --python 3.12 open-webui[all]
+  msg_info "Restarting Open WebUI to initiate update"
  systemctl restart open-webui
-  msg_ok "Updated Open WebUI"
  msg_ok "Updated successfully!"
  exit
 }
--- a/ct/pangolin.sh
+++ b/ct/pangolin.sh
@@ -21,52 +21,52 @@ color
 catch_errors

 function update_script() {
-  header_info
-  check_container_storage
-  check_container_resources
-  if [[ ! -d /opt/pangolin ]]; then
-    msg_error "No ${APP} Installation Found!"
+    header_info
+    check_container_storage
+    check_container_resources
+    if [[ ! -d /opt/pangolin ]]; then
+        msg_error "No ${APP} Installation Found!"
+        exit
+    fi
+
+    if check_for_gh_release "pangolin" "fosrl/pangolin"; then
+        msg_info "Stopping Service"
+        systemctl stop pangolin
+        systemctl stop gerbil
+        msg_info "Service stopped"
+
+        msg_info "Creating backup"
+        tar -czf /opt/pangolin_config_backup.tar.gz -C /opt/pangolin config
+        msg_ok "Created backup"
+
+        CLEAN_INSTALL=1 fetch_and_deploy_gh_release "pangolin" "fosrl/pangolin" "tarball"
+        CLEAN_INSTALL=1 fetch_and_deploy_gh_release "gerbil" "fosrl/gerbil" "singlefile" "latest" "/usr/bin" "gerbil_linux_amd64"
+
+        msg_info "Updating Pangolin"
+        cd /opt/pangolin
+        $STD npm ci
+        $STD npm run set:sqlite
+        $STD npm run set:oss
+        rm -rf server/private
+        $STD npm run build:sqlite
+        $STD npm run build:cli
+        cp -R .next/standalone ./
+        chmod +x ./dist/cli.mjs
+        cp server/db/names.json ./dist/names.json
+        msg_ok "Updated Pangolin"
+
+        msg_info "Restoring config"
+        tar -xzf /opt/pangolin_config_backup.tar.gz -C /opt/pangolin --overwrite
+        rm -f /opt/pangolin_config_backup.tar.gz
+        msg_ok "Restored config"
+
+        msg_info "Starting Services"
+        systemctl start pangolin
+        systemctl start gerbil
+        msg_ok "Started Services"
+        msg_ok "Updated successfully!"
+    fi
    exit
-  fi
-
-  if check_for_gh_release "pangolin" "fosrl/pangolin"; then
-    msg_info "Stopping Service"
-    systemctl stop pangolin
-    systemctl stop gerbil
-    msg_info "Service stopped"
-
-    msg_info "Creating backup"
-    tar -czf /opt/pangolin_config_backup.tar.gz -C /opt/pangolin config
-    msg_ok "Created backup"
-
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "pangolin" "fosrl/pangolin" "tarball"
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "gerbil" "fosrl/gerbil" "singlefile" "latest" "/usr/bin" "gerbil_linux_amd64"
-
-    msg_info "Updating Pangolin"
-    cd /opt/pangolin
-    $STD npm ci
-    $STD npm run set:sqlite
-    $STD npm run set:oss
-    rm -rf server/private
-    $STD npm run build:sqlite
-    $STD npm run build:cli
-    cp -R .next/standalone ./
-    chmod +x ./dist/cli.mjs
-    cp server/db/names.json ./dist/names.json
-    msg_ok "Updated Pangolin"
-
-    msg_info "Restoring config"
-    tar -xzf /opt/pangolin_config_backup.tar.gz -C /opt/pangolin --overwrite
-    rm -f /opt/pangolin_config_backup.tar.gz
-    msg_ok "Restored config"
-
-    msg_info "Starting Services"
-    systemctl start pangolin
-    systemctl start gerbil
-    msg_ok "Started Services"
-    msg_ok "Updated successfully!"
-  fi
-  exit
 }

 start
@@ -76,4 +76,4 @@ description
 msg_ok "Completed Successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}https://<YOUR_PANGOLIN_URL>${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3002${CL}"
--- a/ct/paperless-ngx.sh
+++ b/ct/paperless-ngx.sh
@@ -35,38 +35,24 @@ function update_script() {
    if grep -q "uv run" /etc/systemd/system/paperless-webserver.service; then

      msg_info "Backing up data"
-      mkdir -p /opt/paperless_backup
-      cp -r /opt/paperless/data /opt/paperless_backup/
-      cp -r /opt/paperless/media /opt/paperless_backup/
-      cp -r /opt/paperless/paperless.conf /opt/paperless_backup/
+      mkdir -p /opt/paperless/backup
+      cp -r /opt/paperless/data /opt/paperless/backup/
+      cp -r /opt/paperless/media /opt/paperless/backup/
+      cp -r /opt/paperless/paperless.conf /opt/paperless/backup/
      msg_ok "Backup completed"

      PYTHON_VERSION="3.13" setup_uv
-      CLEAN_INSTALL=1 fetch_and_deploy_gh_release "paperless" "paperless-ngx/paperless-ngx" "prebuild" "latest" "/opt/paperless" "paperless*tar.xz"
-      CLEAN_INSTALL=1 fetch_and_deploy_gh_release "jbig2enc" "ie13/jbig2enc" "tarball" "latest" "/opt/jbig2enc"
-
-      . /etc/os-release
-      if [ "$VERSION_CODENAME" = "bookworm" ]; then
-        setup_gs
-      else
-        $STD apt install -y ghostscript
-      fi
+      fetch_and_deploy_gh_release "paperless" "paperless-ngx/paperless-ngx" "prebuild" "latest" "/opt/paperless" "paperless*tar.xz"
+      fetch_and_deploy_gh_release "jbig2enc" "ie13/jbig2enc" "tarball" "latest" "/opt/jbig2enc"
+      setup_gs

      msg_info "Updating Paperless-ngx"
-      cp -r /opt/paperless_backup/* /opt/paperless/
-      CONSUME_DIR="$(sed -n 's/^PAPERLESS_CONSUMPTION_DIR=//p' /opt/paperless/paperless.conf)"
-      if [[ -z "$CONSUME_DIR" ]]; then
-        CONSUME_DIR="/opt/paperless/consume"
-      fi
-      mkdir -p "$CONSUME_DIR"
+      cp -r /opt/paperless/backup/* /opt/paperless/
      cd /opt/paperless
      $STD uv sync --all-extras
      cd /opt/paperless/src
      $STD uv run -- python manage.py migrate
      msg_ok "Updated Paperless-ngx"
-
-      rm -rf /opt/paperless_backup
-
    else
      msg_warn "You are about to migrate your Paperless-ngx installation to uv!"
      msg_custom "🔒" "It is strongly recommended to take a Proxmox snapshot first:"
@@ -110,40 +96,24 @@ function update_script() {

      $STD systemctl daemon-reload
      msg_info "Backing up data"
-      mkdir -p /opt/paperless_backup
-      cp -r /opt/paperless/data /opt/paperless_backup/
-      cp -r /opt/paperless/media /opt/paperless_backup/
-      cp -r /opt/paperless/paperless.conf /opt/paperless_backup/
+      mkdir -p /opt/paperless/backup
+      cp -r /opt/paperless/data /opt/paperless/backup/
+      cp -r /opt/paperless/media /opt/paperless/backup/
+      cp -r /opt/paperless/paperless.conf /opt/paperless/backup/
      msg_ok "Backup completed"

      PYTHON_VERSION="3.13" setup_uv
-      CLEAN_INSTALL=1 fetch_and_deploy_gh_release "paperless" "paperless-ngx/paperless-ngx" "prebuild" "latest" "/opt/paperless" "paperless*tar.xz"
-      CLEAN_INSTALL=1 fetch_and_deploy_gh_release "jbig2enc" "ie13/jbig2enc" "tarball" "latest" "/opt/jbig2enc"
-
-      . /etc/os-release
-      if [ "$VERSION_CODENAME" = "bookworm" ]; then
-        setup_gs
-      else
-        msg_info "Installing Ghostscript"
-        $STD apt install -y ghostscript
-        msg_ok "Installed Ghostscript"
-      fi
+      fetch_and_deploy_gh_release "paperless" "paperless-ngx/paperless-ngx" "prebuild" "latest" "/opt/paperless" "paperless*tar.xz"
+      fetch_and_deploy_gh_release "jbig2enc" "ie13/jbig2enc" "tarball" "latest" "/opt/jbig2enc"
+      setup_gs

      msg_info "Updating Paperless-ngx"
-      cp -r /opt/paperless_backup/* /opt/paperless/
-      CONSUME_DIR="$(sed -n '/^PAPERLESS_CONSUMPTION/s/[^=]=*//p' /opt/paperless/paperless.conf)"
-      mkdir -p "${CONSUME_DIR:-/opt/paperless/consume}"
+      cp -r /opt/paperless/backup/* /opt/paperless/
      cd /opt/paperless
      $STD uv sync --all-extras
      cd /opt/paperless/src
      $STD uv run -- python manage.py migrate
      msg_ok "Paperless-ngx migration and update completed"
-
-      rm -rf /opt/paperless_backup
-      if [[ -d /opt/paperless/backup ]]; then
-        rm -rf /opt/paperless/backup
-        msg_ok "Removed old backup directory"
-      fi
    fi

    msg_info "Starting all Paperless-ngx Services"
--- a/ct/part-db.sh
+++ b/ct/part-db.sh
@@ -8,7 +8,7 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV
 APP="Part-DB"
 var_tags="${var_tags:-inventory;parts}"
 var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-2048}"
+var_ram="${var_ram:-1024}"
 var_disk="${var_disk:-8}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
--- a/ct/phpipam.sh
+++ b/ct/phpipam.sh
@@ -33,22 +33,17 @@ function update_script() {
    systemctl stop apache2
    msg_ok "Stopped Service"

-    PHP_VERSION="8.4" PHP_APACHE="YES" PHP_FPM="YES" PHP_MODULE="mysql,gmp,snmp,ldap,apcu" setup_php
-
-    msg_info "Installing PHP-PEAR"
-    $STD apt install -y \
-      php-pear \
-      php-dev
-    msg_ok "Installed PHP-PEAR"
-
    mv /opt/phpipam/ /opt/phpipam-backup
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "phpipam" "phpipam/phpipam" "prebuild" "latest" "/opt/phpipam" "phpipam-v*.zip"
+    fetch_and_deploy_gh_release "phpipam" "phpipam/phpipam" "prebuild" "latest" "/opt/phpipam" "phpipam-v*.zip"
    cp /opt/phpipam-backup/config.php /opt/phpipam
-    rm -r /opt/phpipam-backup

    msg_info "Starting Service"
    systemctl start apache2
    msg_ok "Started Service"
+
+    msg_info "Cleaning up"
+    rm -r /opt/phpipam-backup
+    msg_ok "Cleaned"
    msg_ok "Updated successfully!"
  fi
  exit
--- a/ct/plex.sh
+++ b/ct/plex.sh
@@ -23,7 +23,7 @@ function update_script() {
  header_info
  check_container_storage
  check_container_resources
-  if [ ! -f /etc/apt/sources.list.d/plexmediaserver.list ]] && [[ ! -f /etc/apt/sources.list.d/plexmediaserver.sources ]]; then
+  if [[ ! -f /etc/apt/sources.list.d/plexmediaserver.list ]]; then
    msg_error "No ${APP} Installation Found!"
    exit
  fi
--- a/ct/sonarqube.sh
+++ b/ct/sonarqube.sh
@@ -39,7 +39,6 @@ function update_script() {
    msg_ok "Backup created"

    msg_info "Installing sonarqube"
-    temp_file=$(mktemp)
    RELEASE=$(curl -fsSL https://api.github.com/repos/SonarSource/sonarqube/releases/latest | grep "tag_name" | awk '{print substr($2, 2, length($2)-3) }')
    curl -fsSL "https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-${RELEASE}.zip" -o $temp_file
    unzip -q "$temp_file" -d /opt
--- a/ct/technitiumdns.sh
+++ b/ct/technitiumdns.sh
@@ -28,11 +28,6 @@ function update_script() {
    exit
  fi

-  if is_package_installed "aspnetcore-runtime-8.0"; then
-    $STD apt remove -y aspnetcore-runtime-8.0
-    $STD apt install -y aspnetcore-runtime-9.0
-  fi
-
  RELEASE=$(curl -fsSL https://technitium.com/dns/ | grep -oP 'Version \K[\d.]+')
  if [[ ! -f ~/.technitium || "${RELEASE}" != "$(cat ~/.technitium)" ]]; then
    msg_info "Updating Technitium DNS"
--- a/frontend/public/json/cockpit.json
+++ b/frontend/public/json/cockpit.json
@@ -33,12 +33,8 @@
  },
  "notes": [
    {
-      "text": "Set a root password if using autologin. This will be the Cockpit password. To set root password run `sudo passwd root`",
+      "text": "Set a root password if using autologin. This will be the Cockpit password.`sudo passwd root`",
      "type": "info"
-    },
-    {
-      "text": "If you plan on using 45Drives extension with NFS, you must setup LXC as privileged. Some features of 45Drives don't work on Debian 13, so Debian 12 must be used.",
-      "type": "warning"
    }
  ]
 }
--- a/frontend/public/json/graylog.json
+++ b/frontend/public/json/graylog.json
@@ -1,44 +1,44 @@
 {
-  "name": "Graylog",
-  "slug": "graylog",
-  "categories": [
-    9
-  ],
-  "date_created": "2025-02-12",
-  "type": "ct",
-  "updateable": true,
-  "privileged": false,
-  "interface_port": 9000,
-  "documentation": "https://go2docs.graylog.org/current/home.htm",
-  "website": "https://graylog.org/",
-  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons/webp/graylog.webp",
-  "config_path": "/etc/graylog/server/server.conf",
-  "description": "Graylog is an open-source log management and analysis platform that centralizes and processes log data from various sources, enabling real-time search, analysis, and alerting for IT infrastructure monitoring and troubleshooting.",
-  "install_methods": [
-    {
-      "type": "default",
-      "script": "ct/graylog.sh",
-      "resources": {
-        "cpu": 2,
-        "ram": 8192,
-        "hdd": 30,
-        "os": "debian",
-        "version": "13"
-      }
-    }
-  ],
-  "default_credentials": {
-    "username": null,
-    "password": null
-  },
-  "notes": [
-    {
-      "text": "Initial Setup credentials: `tail /var/log/graylog-server/server.log` after the server starts for the first time.",
-      "type": "info"
+    "name": "Graylog",
+    "slug": "graylog",
+    "categories": [
+        9
+    ],
+    "date_created": "2025-02-12",
+    "type": "ct",
+    "updateable": true,
+    "privileged": false,
+    "interface_port": 9000,
+    "documentation": "https://go2docs.graylog.org/current/home.htm",
+    "website": "https://graylog.org/",
+    "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons/webp/graylog.webp",
+    "config_path": "/etc/graylog/server/server.conf",
+    "description": "Graylog is an open-source log management and analysis platform that centralizes and processes log data from various sources, enabling real-time search, analysis, and alerting for IT infrastructure monitoring and troubleshooting.",
+    "install_methods": [
+        {
+            "type": "default",
+            "script": "ct/graylog.sh",
+            "resources": {
+                "cpu": 2,
+                "ram": 8192,
+                "hdd": 30,
+                "os": "debian",
+                "version": "12"
+            }
+        }
+    ],
+    "default_credentials": {
+        "username": null,
+        "password": null
    },
-    {
-      "text": "Type `cat ~/graylog.creds` to get admin password that you use to log in AFTER the Initial Setup",
-      "type": "info"
-    }
-  ]
+    "notes": [
+        {
+            "text": "Initial Setup credentials: `tail /var/log/graylog-server/server.log` after the server starts for the first time.",
+            "type": "info"
+        },
+        {
+            "text": "Type `cat ~/graylog.creds` to get admin password that you use to log in AFTER the Initial Setup",
+            "type": "info"
+        }
+    ]
 }
--- a/frontend/public/json/infisical.json
+++ b/frontend/public/json/infisical.json
@@ -1,35 +0,0 @@
-{
-  "name": "Infisical",
-  "slug": "infisical",
-  "categories": [
-    6
-  ],
-  "date_created": "2025-11-07",
-  "type": "ct",
-  "updateable": true,
-  "privileged": false,
-  "interface_port": 8080,
-  "documentation": "https://infisical.com/docs/documentation/getting-started/overview",
-  "config_path": "/etc/infisical/infisical.rb",
-  "website": "https://infisical.com/",
-  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons/webp/infisical.webp",
-  "description": "Secrets, certificates, and access management on autopilot. All-in-one platform to securely manage application secrets, certificates, SSH keys, and configurations across your team and infrastructure.",
-  "install_methods": [
-    {
-      "type": "default",
-      "script": "ct/infisical.sh",
-      "resources": {
-        "cpu": 2,
-        "ram": 2048,
-        "hdd": 6,
-        "os": "Debian",
-        "version": "13"
-      }
-    }
-  ],
-  "default_credentials": {
-    "username": null,
-    "password": null
-  },
-  "notes": []
-}
--- a/frontend/public/json/jotty.json
+++ b/frontend/public/json/jotty.json
@@ -20,7 +20,7 @@
      "script": "ct/jotty.sh",
      "resources": {
        "cpu": 2,
-        "ram": 4096,
+        "ram": 3072,
        "hdd": 6,
        "os": "debian",
        "version": "13"
--- a/frontend/public/json/nginxproxymanager.json
+++ b/frontend/public/json/nginxproxymanager.json
@@ -20,8 +20,8 @@
      "script": "ct/nginxproxymanager.sh",
      "resources": {
        "cpu": 2,
-        "ram": 2048,
-        "hdd": 8,
+        "ram": 1024,
+        "hdd": 4,
        "os": "debian",
        "version": "13"
      }
@@ -33,8 +33,12 @@
  },
  "notes": [
    {
-      "text": "You can install the specific one certbot you prefer, or you can Running /app/scripts/install-certbot-plugins within the Nginx Proxy Manager (NPM) LXC shell will install many common plugins. Important: This script does not install all Certbot plugins, as some require additional, external system dependencies (like specific packages for certain DNS providers). These external dependencies must be manually installed within the LXC container before you can successfully install and use the corresponding Certbot plugin. Consult the plugin's documentation for required packages.",
-      "type": "info"
+      "text": "Since there are hundreds of Certbot instances, it's necessary to install the specific Certbot of your preference. Running `/app/scripts/install-certbot-plugins` within the nginxproxymanager LXC shell will install many additional plugins.",
+      "type": "warning"
+    },
+    {
+      "text": "WARNING: Installation sources scripts outside of Community Scripts repo. Please check the source before installing.",
+      "type": "warning"
    }
  ]
 }
--- a/frontend/public/json/pangolin.json
+++ b/frontend/public/json/pangolin.json
@@ -8,7 +8,7 @@
  "type": "ct",
  "updateable": true,
  "privileged": false,
-  "interface_port": 443,
+  "interface_port": 3002,
  "documentation": "https://docs.pangolin.net/",
  "config_path": "/opt/pangolin/config/config.yml",
  "website": "https://pangolin.net/",
--- a/frontend/public/json/part-db.json
+++ b/frontend/public/json/part-db.json
@@ -20,7 +20,7 @@
      "script": "ct/part-db.sh",
      "resources": {
        "cpu": 2,
-        "ram": 2048,
+        "ram": 1024,
        "hdd": 8,
        "os": "debian",
        "version": "13"
--- a/frontend/public/json/versions.json
+++ b/frontend/public/json/versions.json
--- a/install/ghostfolio-install.sh
+++ b/install/ghostfolio-install.sh
@@ -60,10 +60,11 @@ $STD npm ci
 $STD npm run build:production
 msg_ok "Built Ghostfolio"

-echo -e ""
-msg_custom "🪙" "$YW" "CoinGecko API keys are optional but provide better cryptocurrency data."
-msg_custom "🪙" "$YW" "You can skip this and add them later by editing /opt/ghostfolio/.env"
-echo -e ""
+msg_ok "Optional CoinGecko API Configuration"
+echo
+echo -e "${YW}CoinGecko API keys are optional but provide better cryptocurrency data.${CL}"
+echo -e "${YW}You can skip this and add them later by editing /opt/ghostfolio/.env${CL}"
+echo
 read -rp "${TAB3}CoinGecko Demo API key (press Enter to skip): " COINGECKO_DEMO_KEY
 read -rp "${TAB3}CoinGecko Pro API key (press Enter to skip): " COINGECKO_PRO_KEY

@@ -78,7 +79,6 @@ JWT_SECRET_KEY=$JWT_SECRET_KEY
 NODE_ENV=production
 PORT=3333
 HOST=0.0.0.0
-TZ=Etc/UTC
 EOF

 if [[ -n "${COINGECKO_DEMO_KEY:-}" ]]; then
--- a/install/graylog-install.sh
+++ b/install/graylog-install.sh
@@ -13,12 +13,12 @@ setting_up_container
 network_check
 update_os

-MONGO_VERSION="8.0" setup_mongodb
+MONGO_VERSION="7.0" setup_mongodb

 msg_info "Setup Graylog Data Node"
 PASSWORD_SECRET=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c16)
-curl -fsSL "https://packages.graylog2.org/repo/packages/graylog-7.0-repository_latest.deb" -o "graylog-7.0-repository_latest.deb"
-$STD dpkg -i graylog-7.0-repository_latest.deb
+curl -fsSL "https://packages.graylog2.org/repo/packages/graylog-6.3-repository_latest.deb" -o "graylog-6.3-repository_latest.deb"
+$STD dpkg -i graylog-6.3-repository_latest.deb
 $STD apt-get update
 $STD apt-get install graylog-datanode -y
 sed -i "s/password_secret =/password_secret = $PASSWORD_SECRET/g" /etc/graylog/datanode/datanode.conf
@@ -42,4 +42,9 @@ msg_ok "Setup ${APPLICATION}"

 motd_ssh
 customize
-cleanup_lxc
+
+msg_info "Cleaning up"
+rm -f graylog-*-repository_latest.deb
+$STD apt-get -y autoremove
+$STD apt-get -y autoclean
+msg_ok "Cleaned"
--- a/install/immich-install.sh
+++ b/install/immich-install.sh
@@ -288,7 +288,7 @@ GEO_DIR="${INSTALL_DIR}/geodata"
 mkdir -p "$INSTALL_DIR"
 mkdir -p {"${APP_DIR}","${UPLOAD_DIR}","${GEO_DIR}","${INSTALL_DIR}"/cache}

-fetch_and_deploy_gh_release "immich" "immich-app/immich" "tarball" "v2.2.3" "$SRC_DIR"
+fetch_and_deploy_gh_release "immich" "immich-app/immich" "tarball" "v2.2.2" "$SRC_DIR"

 msg_info "Installing ${APPLICATION} (patience)"

--- a/install/infisical-install.sh
+++ b/install/infisical-install.sh
@@ -1,68 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2025 community-scripts ORG
-# Author: Slaviša Arežina (tremor021)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://infisical.com/
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y \
-  apt-transport-https \
-  ca-certificates \
-  redis
-msg_ok "Installed Dependencies"
-
-PG_VERSION="17" setup_postgresql
-
-msg_info "Setting up Infisical Repository"
-setup_deb822_repo \
-  "infisical" \
-  "https://artifacts-infisical-core.infisical.com/infisical.gpg" \
-  "https://artifacts-infisical-core.infisical.com/deb" \
-  "stable"
-msg_ok "Setup Infisical repository"
-
-msg_info "Configuring PostgreSQL"
-DB_NAME="infisical_db"
-DB_USER="infisical"
-DB_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)"
-$STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';"
-$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCODING 'UTF8' TEMPLATE template0;"
-$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
-$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET default_transaction_isolation TO 'read committed';"
-$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET timezone TO 'UTC';"
-{
-  echo "Infiscal Credentials"
-  echo "Database Name: $DB_NAME"
-  echo "Database User: $DB_USER"
-  echo "Database Password: $DB_PASS"
-} >>~/infisical.creds
-msg_ok "Configured PostgreSQL"
-
-msg_info "Setting up Infisical"
-AUTH_SECRET="$(openssl rand -base64 32 | tr -d '\n')"
-ENC_KEY="$(openssl rand -hex 16 | tr -d '\n')"
-IP_ADDR=$(hostname -I | awk '{print $1}')
-$STD apt install -y infisical-core
-mkdir -p /etc/infisical
-cat <<EOF >/etc/infisical/infisical.rb
-infisical_core['ENCRYPTION_KEY'] = '$ENC_KEY'
-infisical_core['AUTH_SECRET'] = '$AUTH_SECRET'
-infisical_core['HOST'] = '$IP_ADDR'
-infisical_core['DB_CONNECTION_URI'] = 'postgres://${DB_USER}:${DB_PASS}@localhost:5432/${DB_NAME}'
-infisical_core['REDIS_URL'] = 'redis://localhost:6379'
-EOF
-$STD infisical-ctl reconfigure
-msg_ok "Setup Infisical"
-
-motd_ssh
-customize
-cleanup_lxc
--- a/install/jotty-install.sh
+++ b/install/jotty-install.sh
@@ -40,9 +40,9 @@ NODE_ENV=production
 # OIDC_ISSUER=<your-oidc-issuer-url>
 # OIDC_CLIENT_ID=<oidc-client-id>
 # APP_URL=<https://app.domain.tld>
-# SSO_FALLBACK_LOCAL=yes
-# OIDC_CLIENT_SECRET=your_client_secret
-# OIDC_ADMIN_GROUPS=admins
+# SSO_FALLBACK_LOCAL=true # Allow both SSO and normal login
+# OIDC_CLIENT_SECRET=your_client_secret  # Enable confidential client mode with client authentication
+# OIDC_ADMIN_GROUPS=admins # Map provider groups to admin role
 EOF
 msg_ok "Installed ${APPLICATION}"

--- a/install/mediamanager-install.sh
+++ b/install/mediamanager-install.sh
@@ -45,15 +45,15 @@ MM_DIR="/opt/mm"
 MEDIA_DIR="${MM_DIR}/media"
 export CONFIG_DIR="${MM_DIR}/config"
 export FRONTEND_FILES_DIR="${MM_DIR}/web/build"
+export BASE_PATH=""
 export PUBLIC_VERSION=""
 export PUBLIC_API_URL=""
-export BASE_PATH="/web"
+export BASE_PATH=""
 cd /opt/mediamanager/web
-$STD npm ci --no-fund --no-audit
+$STD npm ci
 $STD npm run build
 mkdir -p {"$MM_DIR"/web,"$MEDIA_DIR","$CONFIG_DIR"}
 cp -r build "$FRONTEND_FILES_DIR"
-export BASE_PATH=""
 export VIRTUAL_ENV="${MM_DIR}/venv"
 cd /opt/mediamanager
 cp -r {media_manager,alembic*} "$MM_DIR"
@@ -81,9 +81,8 @@ cat <<EOF >"$MM_DIR"/start.sh

 export CONFIG_DIR="$CONFIG_DIR"
 export FRONTEND_FILES_DIR="$FRONTEND_FILES_DIR"
-export LOG_FILE="$CONFIG_DIR/media_manager.log"
 export BASE_PATH=""
-cd $MM_DIR
+cd "$MM_DIR"
 source ./venv/bin/activate
 /usr/local/bin/uv run alembic upgrade head
 /usr/local/bin/uv run fastapi run ./media_manager/main.py --port 8000
--- a/install/mongodb-install.sh
+++ b/install/mongodb-install.sh
@@ -15,12 +15,31 @@ update_os

 read -p "${TAB3}Do you want to install MongoDB 8.0 instead of 7.0? [y/N]: " install_mongodb_8
 if [[ "$install_mongodb_8" =~ ^[Yy]$ ]]; then
-  MONGO_VERSION="8.0" setup_mongodb
+  MONGODB_VERSION="8.0"
 else
-  MONGO_VERSION="7.0" setup_mongodb
+  MONGODB_VERSION="7.0"
 fi
+
+msg_info "Installing MongoDB $MONGODB_VERSION"
+curl -fsSL "https://www.mongodb.org/static/pgp/server-${MONGODB_VERSION}.asc" | gpg --dearmor >/usr/share/keyrings/mongodb-server-${MONGODB_VERSION}.gpg
+cat <<EOF >/etc/apt/sources.list.d/mongodb-org-${MONGODB_VERSION}.sources
+Types: deb
+URIs: http://repo.mongodb.org/apt/debian
+Suites: $(grep '^VERSION_CODENAME=' /etc/os-release | cut -d'=' -f2)/mongodb-org/${MONGODB_VERSION}
+Components: main
+Signed-By: /usr/share/keyrings/mongodb-server-${MONGODB_VERSION}.gpg
+EOF
+$STD apt update
+$STD apt install -y mongodb-org
 sed -i 's/bindIp: 127.0.0.1/bindIp: 0.0.0.0/' /etc/mongod.conf
+systemctl enable -q --now mongod
+msg_ok "Installed MongoDB $MONGODB_VERSION"

 motd_ssh
 customize
-cleanup_lxc
+
+msg_info "Cleaning up"
+$STD apt -y autoremove
+$STD apt -y autoclean
+$STD apt -y clean
+msg_ok "Cleaned"
--- a/install/n8n-install.sh
+++ b/install/n8n-install.sh
@@ -16,9 +16,7 @@ update_os
 msg_info "Installing Dependencies"
 $STD apt install -y \
  ca-certificates \
-  build-essential \
-  python3 \
-  python3-setuptools
+  build-essential
 msg_ok "Installed Dependencies"

 NODE_VERSION="22" setup_nodejs
--- a/install/odoo-install.sh
+++ b/install/odoo-install.sh
@@ -14,7 +14,7 @@ network_check
 update_os

 msg_info "Installing Dependencies"
-$STD apt install -y python3-lxml wkhtmltopdf
+$STD apt install -y python3-lxml
 curl -fsSL "http://archive.ubuntu.com/ubuntu/pool/universe/l/lxml-html-clean/python3-lxml-html-clean_0.1.1-1_all.deb" -o /opt/python3-lxml-html-clean.deb
 $STD dpkg -i /opt/python3-lxml-html-clean.deb
 msg_ok "Installed Dependencies"
--- a/install/openproject-install.sh
+++ b/install/openproject-install.sh
@@ -66,6 +66,7 @@ server/hostname ${IP_ADDR}
 server/server_path_prefix /openproject
 server/ssl no
 server/variant apache2
+server/server_path_prefix
 repositories/api-key ${API_KEY}
 repositories/svn-install skip
 repositories/git-install install
--- a/install/openwebui-install.sh
+++ b/install/openwebui-install.sh
@@ -17,11 +17,7 @@ msg_info "Installing Dependencies"
 $STD apt install -y ffmpeg
 msg_ok "Installed Dependencies"

-PYTHON_VERSION="3.12" setup_uv
-
-msg_info "Installing Open WebUI"
-$STD uv tool install --python 3.12 open-webui[all]
-msg_ok "Installed Open WebUI"
+USE_UVX="YES" PYTHON_VERSION="3.12" setup_uv

 read -r -p "${TAB3}Would you like to add Ollama? <y/N> " prompt
 if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
@@ -60,7 +56,7 @@ After=network.target
 Type=simple
 EnvironmentFile=-/root/.env
 Environment=DATA_DIR=/root/.open-webui
-ExecStart=/root/.local/bin/open-webui serve
+ExecStart=/usr/local/bin/uvx --python 3.12 open-webui@latest serve
 WorkingDirectory=/root
 Restart=on-failure
 RestartSec=5
@@ -74,4 +70,9 @@ msg_ok "Created Service"

 motd_ssh
 customize
-cleanup_lxc
+
+msg_info "Cleaning up"
+$STD apt -y autoremove
+$STD apt -y autoclean
+$STD apt -y clean
+msg_ok "Cleaned"
--- a/install/pangolin-install.sh
+++ b/install/pangolin-install.sh
@@ -22,16 +22,11 @@ msg_ok "Installed Dependencies"
 NODE_VERSION="22" setup_nodejs
 fetch_and_deploy_gh_release "pangolin" "fosrl/pangolin" "tarball"
 fetch_and_deploy_gh_release "gerbil" "fosrl/gerbil" "singlefile" "latest" "/usr/bin" "gerbil_linux_amd64"
-fetch_and_deploy_gh_release "traefik" "traefik/traefik" "prebuild" "latest" "/usr/bin" "traefik_v*_linux_amd64.tar.gz"
-
-read -rp "${TAB3}Enter your Pangolin URL (ex: https://pangolin.example.com): " pango_url
-read -rp "${TAB3}Enter your email address: " pango_email

 msg_info "Setup Pangolin"
 IP_ADDR=$(hostname -I | awk '{print $1}')
 SECRET_KEY=$(openssl rand -base64 48 | tr -dc 'A-Za-z0-9' | head -c 32)
 cd /opt/pangolin
-mkdir -p /opt/pangolin/config/{traefik,db,letsencrypt,logs}
 $STD npm ci
 $STD npm run set:sqlite
 $STD npm run set:oss
@@ -51,129 +46,30 @@ mkdir -p /var/config

 cat <<EOF >/opt/pangolin/config/config.yml
 app:
-  dashboard_url: "$pango_url"
+  dashboard_url: http://$IP_ADDR:3002
+  log_level: debug

 domains:
  domain1:
-    base_domain: "$pango_url"
-    cert_resolver: "letsencrypt"
+    base_domain: example.com

 server:
-  secret: "$SECRET_KEY"
+  secret: $SECRET_KEY

 gerbil:
-  base_endpoint: "$pango_url"
+  base_endpoint: example.com
+
+orgs:
+  block_size: 24
+  subnet_group: 100.90.137.0/20

 flags:
  require_email_verification: false
-  disable_signup_without_invite: false
-  disable_user_create_org: false
-EOF
-
-cat <<EOF >/opt/pangolin/config/traefik/traefik_config.yml
-api:
-  insecure: true
-  dashboard: true
-
-providers:
-  http:
-    endpoint: "http://$IP_ADDR:3001/api/v1/traefik-config"
-    pollInterval: "5s"
-  file:
-    filename: "/opt/pangolin/config/traefik/dynamic_config.yml"
-
-experimental:
-  plugins:
-    badger:
-      moduleName: "github.com/fosrl/badger"
-      version: "v1.2.0"
-
-log:
-  level: "INFO"
-  format: "common"
-
-certificatesResolvers:
-  letsencrypt:
-    acme:
-      httpChallenge:
-        entryPoint: web
-      email: $pango_email
-      storage: "/opt/pangolin/config/letsencrypt/acme.json"
-      caServer: "https://acme-v02.api.letsencrypt.org/directory"
-
-entryPoints:
-  web:
-    address: ":80"
-  websecure:
-    address: ":443"
-    transport:
-      respondingTimeouts:
-        readTimeout: "30m"
-    http:
-      tls:
-        certResolver: "letsencrypt"
-
-serversTransport:
-  insecureSkipVerify: true
-
-ping:
-    entryPoint: "web"
-EOF
-
-cat <<EOF >/opt/pangolin/config/traefik/dynamic_config.yml
-http:
-  middlewares:
-    redirect-to-https:
-      redirectScheme:
-        scheme: https
-
-  routers:
-    # HTTP to HTTPS redirect router
-    main-app-router-redirect:
-      rule: "Host(\`$pango_url\`)"
-      service: next-service
-      entryPoints:
-        - web
-      middlewares:
-        - redirect-to-https
-
-    # Next.js router (handles everything except API and WebSocket paths)
-    next-router:
-      rule: "Host(\`$pango_url\`) && !PathPrefix(\`/api/v1\`)"
-      service: next-service
-      entryPoints:
-        - websecure
-      tls:
-        certResolver: letsencrypt
-
-    # API router (handles /api/v1 paths)
-    api-router:
-      rule: "Host(\`$pango_url\`) && PathPrefix(\`/api/v1\`)"
-      service: api-service
-      entryPoints:
-        - websecure
-      tls:
-        certResolver: letsencrypt
-
-    # WebSocket router
-    ws-router:
-      rule: "Host(\`$pango_url\`)"
-      service: api-service
-      entryPoints:
-        - websecure
-      tls:
-        certResolver: letsencrypt
-
-  services:
-    next-service:
-      loadBalancer:
-        servers:
-          - url: "http://$IP_ADDR:3002"
-
-    api-service:
-      loadBalancer:
-        servers:
-          - url: "http://$IP_ADDR:3000"
+  disable_signup_without_invite: true
+  disable_user_create_org: true
+  allow_raw_resources: true
+  enable_integration_api: true
+  enable_clients: true
 EOF
 $STD npm run db:sqlite:generate
 $STD npm run db:sqlite:push
@@ -226,21 +122,6 @@ RestartSec=10
 WantedBy=multi-user.target
 EOF
 systemctl enable -q --now gerbil
-
-cat <<'EOF' >/etc/systemd/system/traefik.service
-[Unit]
-Description=Traefik is an open-source Edge Router that makes publishing your services a fun and easy experience
-
-[Service]
-Type=notify
-ExecStart=/usr/bin/traefik --configFile=/opt/pangolin/config/traefik/traefik_config.yml
-Restart=on-failure
-ExecReload=/bin/kill -USR1 \$MAINPID
-
-[Install]
-WantedBy=multi-user.target
-EOF
-systemctl enable -q --now traefik
 msg_ok "Created Services"

 motd_ssh
--- a/install/phpipam-install.sh
+++ b/install/phpipam-install.sh
@@ -13,27 +13,39 @@ setting_up_container
 network_check
 update_os

-PHP_VERSION="8.4" PHP_APACHE="YES" PHP_FPM="YES" PHP_MODULE="mysql,gmp,snmp,ldap,apcu" setup_php
-
-msg_info "Installing PHP-PEAR"
-$STD apt install -y \
-  php-pear \
-  php-dev
-msg_ok "Installed PHP-PEAR"
+msg_info "Installing Dependencies"
+$STD apt install -y php-pear
+msg_ok "Installed Dependencies"

+PHP_VERSION="8.2" PHP_APACHE="YES" PHP_FPM="YES" PHP_MODULE="mysql,imap,apcu,pspell,tidy,xmlrpc,gmp,ldap,common,snmp" setup_php
 setup_mariadb
-MARIADB_DB_NAME="phpipam" MARIADB_DB_USER="phpipam" setup_mariadb_db
+
+msg_info "Setting up MariaDB"
+DB_NAME=phpipam
+DB_USER=phpipam
+DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
+$STD mariadb -u root -e "CREATE DATABASE $DB_NAME;"
+$STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
+$STD mariadb -u root -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
+{
+  echo "phpIPAM-Credentials"
+  echo "phpIPAM Database User: $DB_USER"
+  echo "phpIPAM Database Password: $DB_PASS"
+  echo "phpIPAM Database Name: $DB_NAME"
+} >>~/phpipam.creds
+msg_ok "Set up MariaDB"
+
 fetch_and_deploy_gh_release "phpipam" "phpipam/phpipam" "prebuild" "latest" "/opt/phpipam" "phpipam-v*.zip"

 msg_info "Installing phpIPAM"
-$STD mariadb -u root "${MARIADB_DB_NAME}" </opt/phpipam/db/SCHEMA.sql
+$STD mariadb -u root "${DB_NAME}" </opt/phpipam/db/SCHEMA.sql
 cp /opt/phpipam/config.dist.php /opt/phpipam/config.php
 sed -i -e "s/\(\$disable_installer = \).*/\1true;/" \
-  -e "s/\(\$db\['user'\] = \).*/\1'$MARIADB_DB_USER';/" \
-  -e "s/\(\$db\['pass'\] = \).*/\1'$MARIADB_DB_PASS';/" \
-  -e "s/\(\$db\['name'\] = \).*/\1'$MARIADB_DB_NAME';/" \
+  -e "s/\(\$db\['user'\] = \).*/\1'$DB_USER';/" \
+  -e "s/\(\$db\['pass'\] = \).*/\1'$DB_PASS';/" \
+  -e "s/\(\$db\['name'\] = \).*/\1'$DB_NAME';/" \
  /opt/phpipam/config.php
-sed -i '/max_execution_time/s/= .*/= 600/' /etc/php/8.4/apache2/php.ini
+sed -i '/max_execution_time/s/= .*/= 600/' /etc/php/8.2/apache2/php.ini
 msg_ok "Installed phpIPAM"

 msg_info "Creating Service"
@@ -59,4 +71,9 @@ msg_ok "Created Service"

 motd_ssh
 customize
-cleanup_lxc
+
+msg_info "Cleaning up"
+$STD apt -y autoremove
+$STD apt -y autoclean
+$STD apt -y clean
+msg_ok "Cleaned"
--- a/install/technitiumdns-install.sh
+++ b/install/technitiumdns-install.sh
@@ -18,7 +18,7 @@ curl -fsSL "https://packages.microsoft.com/config/debian/12/packages-microsoft-p
 $STD dpkg -i packages-microsoft-prod.deb
 rm -rf packages-microsoft-prod.deb
 $STD apt update
-$STD apt install -y aspnetcore-runtime-9.0
+$STD apt install -y aspnetcore-runtime-8.0
 msg_ok "Installed ASP.NET Core Runtime"

 RELEASE=$(curl -fsSL https://technitium.com/dns/ | grep -oP 'Version \K[\d.]+')
@@ -26,15 +26,20 @@ msg_info "Installing Technitium DNS"
 mkdir -p /opt/technitium/dns
 curl -fsSL "https://download.technitium.com/dns/DnsServerPortable.tar.gz" -o /opt/DnsServerPortable.tar.gz
 $STD tar zxvf /opt/DnsServerPortable.tar.gz -C /opt/technitium/dns/
-rm -f /opt/DnsServerPortable.tar.gz
 echo "${RELEASE}" >~/.technitium
 msg_ok "Installed Technitium DNS"

 msg_info "Creating service"
 cp /opt/technitium/dns/systemd.service /etc/systemd/system/technitium.service
-systemctl enable -q --now technitium 
+systemctl enable -q --now technitium
 msg_ok "Service created"

 motd_ssh
 customize
-cleanup_lxc
+
+msg_info "Cleaning up"
+rm -f /opt/DnsServerPortable.tar.gz
+$STD apt -y autoremove
+$STD apt -y autoclean
+$STD apt -y clean
+msg_ok "Cleaned"
--- a/misc/core.func
+++ b/misc/core.func
@@ -370,7 +370,6 @@ run_container_safe() {

 cleanup_lxc() {
  msg_info "Cleaning up"
-
  if is_alpine; then
    $STD apk cache clean || true
    rm -rf /var/cache/apk/*
@@ -380,38 +379,36 @@ cleanup_lxc() {
    $STD apt -y clean || true
  fi

-  # Clear temp artifacts (keep sockets/FIFOs; ignore errors)
+  rm -rf /tmp/* /var/tmp/*
+
+  # Remove temp files created by mktemp/tempfile
  find /tmp /var/tmp -type f -name 'tmp*' -delete 2>/dev/null || true
  find /tmp /var/tmp -type f -name 'tempfile*' -delete 2>/dev/null || true

-  # Truncate writable log files silently (permission errors ignored)
-  if command -v truncate >/dev/null 2>&1; then
-    find /var/log -type f -writable -print0 2>/dev/null |
-      xargs -0 -n1 truncate -s 0 2>/dev/null || true
-  fi
+  find /var/log -type f -exec truncate -s 0 {} +

  # Python pip
-  if command -v pip &>/dev/null; then $STD pip cache purge || true; fi
+  if command -v pip &>/dev/null; then pip cache purge || true; fi
  # Python uv
-  if command -v uv &>/dev/null; then $STD uv cache clear || true; fi
+  if command -v uv &>/dev/null; then uv cache clear || true; fi
  # Node.js npm
-  if command -v npm &>/dev/null; then $STD npm cache clean --force || true; fi
+  if command -v npm &>/dev/null; then npm cache clean --force || true; fi
  # Node.js yarn
-  if command -v yarn &>/dev/null; then $STD yarn cache clean || true; fi
+  if command -v yarn &>/dev/null; then yarn cache clean || true; fi
  # Node.js pnpm
-  if command -v pnpm &>/dev/null; then $STD pnpm store prune || true; fi
+  if command -v pnpm &>/dev/null; then pnpm store prune || true; fi
  # Go
-  if command -v go &>/dev/null; then $STD go clean -cache -modcache || true; fi
+  if command -v go &>/dev/null; then go clean -cache -modcache || true; fi
  # Rust cargo
-  if command -v cargo &>/dev/null; then $STD cargo clean || true; fi
+  if command -v cargo &>/dev/null; then cargo clean || true; fi
  # Ruby gem
-  if command -v gem &>/dev/null; then $STD gem cleanup || true; fi
+  if command -v gem &>/dev/null; then gem cleanup || true; fi
  # Composer (PHP)
-  if command -v composer &>/dev/null; then $STD composer clear-cache || true; fi
+  if command -v composer &>/dev/null; then composer clear-cache || true; fi

  if command -v journalctl &>/dev/null; then
-    $STD journalctl --rotate || true
-    $STD journalctl --vacuum-time=10m || true
+    $STD journalctl --rotate
+    $STD journalctl --vacuum-time=10m
  fi
  msg_ok "Cleaned"
 }
--- a/misc/tools.func
+++ b/misc/tools.func
@@ -72,23 +72,15 @@ stop_all_services() {
  local service_patterns=("$@")

  for pattern in "${service_patterns[@]}"; do
-    # Find all matching services (use || true to avoid pipeline failures)
-    local services
-    services=$(systemctl list-units --type=service --all 2>/dev/null |
-      grep -oE "${pattern}[^ ]*\.service" 2>/dev/null |
-      sort -u 2>/dev/null || true)
-
-    # Only process if we found any services
-    if [[ -n "$services" ]]; then
-      while IFS= read -r service; do
-        [[ -z "$service" ]] && continue
+    # Find all matching services
+    systemctl list-units --type=service --all 2>/dev/null |
+      grep -oE "${pattern}[^ ]*\.service" |
+      sort -u |
+      while read -r service; do
        $STD systemctl stop "$service" 2>/dev/null || true
        $STD systemctl disable "$service" 2>/dev/null || true
-      done <<<"$services"
-    fi
+      done
  done
-
-  return 0
 }

 # ------------------------------------------------------------------------------
@@ -435,12 +427,7 @@ manage_tool_repository() {
    suite=$(get_fallback_suite "$distro_id" "$distro_codename" "$repo_url/$distro_id")

    # Setup new repository using deb822 format
-    setup_deb822_repo \
-      "mariadb" \
-      "$gpg_key_url" \
-      "$repo_url/$distro_id" \
-      "$suite" \
-      "main"
+    setup_deb822_repo "mariadb" "$gpg_key_url" "$repo_url/$distro_id" "$suite" "main" "amd64 arm64" || return 1
    return 0
    ;;

@@ -463,51 +450,7 @@ manage_tool_repository() {
    # Setup repository
    local distro_codename
    distro_codename=$(awk -F= '/^VERSION_CODENAME=/{print $2}' /etc/os-release)
-
-    # Suite mapping with fallback for newer releases not yet supported by upstream
-    if [[ "$distro_id" == "debian" ]]; then
-      case "$distro_codename" in
-      trixie | forky | sid)
-        # Testing/unstable releases fallback to latest stable suite
-        suite="bookworm"
-        ;;
-      bookworm)
-        suite="bookworm"
-        ;;
-      bullseye)
-        suite="bullseye"
-        ;;
-      *)
-        # Unknown release: fallback to latest stable suite
-        msg_warn "Unknown Debian release '${distro_codename}', using bookworm"
-        suite="bookworm"
-        ;;
-      esac
-    elif [[ "$distro_id" == "ubuntu" ]]; then
-      case "$distro_codename" in
-      oracular | plucky)
-        # Newer releases fallback to latest LTS
-        suite="noble"
-        ;;
-      noble)
-        suite="noble"
-        ;;
-      jammy)
-        suite="jammy"
-        ;;
-      focal)
-        suite="focal"
-        ;;
-      *)
-        # Unknown release: fallback to latest LTS
-        msg_warn "Unknown Ubuntu release '${distro_codename}', using noble"
-        suite="noble"
-        ;;
-      esac
-    else
-      # For other distros, try generic fallback
-      suite=$(get_fallback_suite "$distro_id" "$distro_codename" "$repo_url")
-    fi
+    suite=$(get_fallback_suite "$distro_id" "$distro_codename" "$repo_url")

    repo_component="main"
    [[ "$distro_id" == "ubuntu" ]] && repo_component="multiverse"
@@ -517,7 +460,7 @@ Types: deb
 URIs: ${repo_url}
 Suites: ${suite}/mongodb-org/${version}
 Components: ${repo_component}
-Architectures: $(dpkg --print-architecture)
+Architectures: amd64 arm64
 Signed-By: /etc/apt/keyrings/mongodb-server-${version}.gpg
 EOF
    return 0
@@ -549,7 +492,7 @@ Types: deb
 URIs: $repo_url
 Suites: nodistro
 Components: main
-Architectures: $(dpkg --print-architecture)
+Architectures: amd64 arm64
 Signed-By: /etc/apt/keyrings/nodesource.gpg
 EOF
    return 0
@@ -583,7 +526,7 @@ Types: deb
 URIs: https://packages.sury.org/php
 Suites: $distro_codename
 Components: main
-Architectures: $(dpkg --print-architecture)
+Architectures: amd64 arm64
 Signed-By: /usr/share/keyrings/deb.sury.org-php.gpg
 EOF
    return 0
@@ -614,7 +557,7 @@ Types: deb
 URIs: http://apt.postgresql.org/pub/repos/apt
 Suites: $distro_codename-pgdg
 Components: main
-Architectures: $(dpkg --print-architecture)
+Architectures: amd64 arm64
 Signed-By: /etc/apt/keyrings/postgresql.gpg
 EOF
    return 0
@@ -1206,8 +1149,8 @@ ensure_apt_working() {
 }

 # ------------------------------------------------------------------------------
-# Standardized deb822 repository setup (with optional Architectures)
-# Always runs apt update after repo creation to ensure package availability
+# Standardized deb822 repository setup
+# Validates all parameters and fails safely if any are empty
 # ------------------------------------------------------------------------------
 setup_deb822_repo() {
  local name="$1"
@@ -1215,40 +1158,56 @@ setup_deb822_repo() {
  local repo_url="$3"
  local suite="$4"
  local component="${5:-main}"
-  local architectures="${6-}" # optional
+  local architectures="${6:-amd64 arm64}"

  # Validate required parameters
  if [[ -z "$name" || -z "$gpg_url" || -z "$repo_url" || -z "$suite" ]]; then
-    msg_error "setup_deb822_repo: missing required parameters (name=$name repo=$repo_url suite=$suite)"
+    msg_error "setup_deb822_repo: missing required parameters (name=$name, gpg=$gpg_url, repo=$repo_url, suite=$suite)"
    return 1
  fi

-  # Cleanup
+  # Cleanup old configs for this app
  cleanup_old_repo_files "$name"
+
+  # Cleanup any orphaned .sources files from other apps
  cleanup_orphaned_sources

+  # Ensure keyring directory exists
  mkdir -p /etc/apt/keyrings || {
-    msg_error "Failed to create /etc/apt/keyrings"
+    msg_error "Failed to create /etc/apt/keyrings directory"
    return 1
  }

-  # Import GPG
-  curl -fsSL "$gpg_url" | gpg --dearmor --yes -o "/etc/apt/keyrings/${name}.gpg" || {
-    msg_error "Failed to import GPG key for ${name}"
+  # Download GPG key (with --yes to avoid interactive prompts)
+  curl -fsSL "$gpg_url" | gpg --dearmor --yes -o "/etc/apt/keyrings/${name}.gpg" 2>/dev/null || {
+    msg_error "Failed to download or import GPG key for ${name} from $gpg_url"
    return 1
  }

-  # Write deb822
-  {
-    echo "Types: deb"
-    echo "URIs: $repo_url"
-    echo "Suites: $suite"
-    echo "Components: $component"
-    [[ -n "$architectures" ]] && echo "Architectures: $architectures"
-    echo "Signed-By: /etc/apt/keyrings/${name}.gpg"
-  } >/etc/apt/sources.list.d/${name}.sources
+  # Create deb822 sources file
+  cat <<EOF >/etc/apt/sources.list.d/${name}.sources
+Types: deb
+URIs: $repo_url
+Suites: $suite
+Components: $component
+Architectures: $architectures
+Signed-By: /etc/apt/keyrings/${name}.gpg
+EOF

-  $STD apt update
+  # Use cached apt update
+  local apt_cache_file="/var/cache/apt-update-timestamp"
+  local current_time=$(date +%s)
+  local last_update=0
+
+  if [[ -f "$apt_cache_file" ]]; then
+    last_update=$(cat "$apt_cache_file" 2>/dev/null || echo 0)
+  fi
+
+  # For repo changes, always update but respect short-term cache (30s)
+  if ((current_time - last_update > 30)); then
+    $STD apt update
+    echo "$current_time" >"$apt_cache_file"
+  fi
 }

 # ------------------------------------------------------------------------------
@@ -1407,7 +1366,7 @@ verify_gpg_fingerprint() {
 }

 # ==============================================================================
-# INSTALL FUNCTIONS
+# EXISTING FUNCTIONS
 # ==============================================================================

 # ------------------------------------------------------------------------------
@@ -1509,7 +1468,7 @@ check_for_gh_release() {
      return 0
    fi

-    msg_ok "No update available: ${app} is already on pinned version (${current})"
+    msg_error "No update available: ${app} is not installed!"
    return 1
  fi

@@ -2777,7 +2736,8 @@ function setup_java() {
      "https://packages.adoptium.net/artifactory/api/gpg/key/public" \
      "https://packages.adoptium.net/artifactory/deb" \
      "$SUITE" \
-      "main"
+      "main" \
+      "amd64 arm64"
  fi

  # Get currently installed version
@@ -3052,85 +3012,6 @@ setup_mariadb() {
  msg_ok "Setup MariaDB $MARIADB_VERSION"
 }

-# ------------------------------------------------------------------------------
-# Creates MariaDB database with user, charset and optional extra grants/modes
-#
-# Description:
-#   - Generates password if empty
-#   - Creates database with utf8mb4_unicode_ci
-#   - Creates local user with password
-#   - Grants full access to this DB
-#   - Optional: apply extra GRANT statements (comma-separated)
-#   - Optional: apply custom GLOBAL sql_mode
-#   - Saves credentials to file
-#   - Exports variables for use in calling script
-#
-# Usage:
-#   MARIADB_DB_NAME="myapp_db" MARIADB_DB_USER="myapp_user" setup_mariadb_db
-#   MARIADB_DB_NAME="domain_monitor" MARIADB_DB_USER="domainmonitor" setup_mariadb_db
-#   MARIADB_DB_NAME="myapp" MARIADB_DB_USER="myapp" MARIADB_DB_EXTRA_GRANTS="GRANT SELECT ON \`mysql\`.\`time_zone_name\`" setup_mariadb_db
-#   MARIADB_DB_NAME="ghostfolio" MARIADB_DB_USER="ghostfolio" MARIADB_DB_SQL_MODE="" setup_mariadb_db
-#
-# Variables:
-#   MARIADB_DB_NAME         - Database name (required)
-#   MARIADB_DB_USER         - Database user (required)
-#   MARIADB_DB_PASS         - User password (optional, auto-generated if empty)
-#   MARIADB_DB_EXTRA_GRANTS - Comma-separated GRANT statements (optional)
-#                             Example: "GRANT SELECT ON \`mysql\`.\`time_zone_name\`"
-#   MARIADB_DB_SQL_MODE     - Optional global sql_mode override (e.g. "", "STRICT_TRANS_TABLES")
-#   MARIADB_DB_CREDS_FILE   - Credentials file path (optional, default: ~/${APPLICATION}.creds)
-#
-# Exports:
-#   MARIADB_DB_NAME, MARIADB_DB_USER, MARIADB_DB_PASS
-# ------------------------------------------------------------------------------
-
-function setup_mariadb_db() {
-  if [[ -z "${MARIADB_DB_NAME:-}" || -z "${MARIADB_DB_USER:-}" ]]; then
-    msg_error "MARIADB_DB_NAME and MARIADB_DB_USER must be set before calling setup_mariadb_db"
-    return 1
-  fi
-
-  if [[ -z "${MARIADB_DB_PASS:-}" ]]; then
-    MARIADB_DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
-  fi
-
-  msg_info "Setting up MariaDB Database"
-
-  $STD mariadb -u root -e "CREATE DATABASE \`$MARIADB_DB_NAME\` CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
-  $STD mariadb -u root -e "CREATE USER '$MARIADB_DB_USER'@'localhost' IDENTIFIED BY '$MARIADB_DB_PASS';"
-  $STD mariadb -u root -e "GRANT ALL ON \`$MARIADB_DB_NAME\`.* TO '$MARIADB_DB_USER'@'localhost';"
-
-  # Optional extra grants
-  if [[ -n "${MARIADB_DB_EXTRA_GRANTS:-}" ]]; then
-    IFS=',' read -ra G_LIST <<<"${MARIADB_DB_EXTRA_GRANTS:-}"
-    for g in "${G_LIST[@]}"; do
-      g=$(echo "$g" | xargs)
-      $STD mariadb -u root -e "$g TO '$MARIADB_DB_USER'@'localhost';"
-    done
-  fi
-
-  # Optional sql_mode override
-  if [[ -n "${MARIADB_DB_SQL_MODE:-}" ]]; then
-    $STD mariadb -u root -e "SET GLOBAL sql_mode='${MARIADB_DB_SQL_MODE:-}';"
-  fi
-
-  $STD mariadb -u root -e "FLUSH PRIVILEGES;"
-
-  local CREDS_FILE="${MARIADB_DB_CREDS_FILE:-${HOME}/${APPLICATION}.creds}"
-  {
-    echo "MariaDB Credentials"
-    echo "Database: $MARIADB_DB_NAME"
-    echo "User: $MARIADB_DB_USER"
-    echo "Password: $MARIADB_DB_PASS"
-  } >>"$CREDS_FILE"
-
-  msg_ok "Set up MariaDB Database"
-
-  export MARIADB_DB_NAME
-  export MARIADB_DB_USER
-  export MARIADB_DB_PASS
-}
-
 # ------------------------------------------------------------------------------
 # Installs or updates MongoDB to specified major version.
 #
@@ -3308,12 +3189,12 @@ function setup_mysql() {
      return 1
    fi

-    cat >/etc/apt/sources.list.d/mysql.sources <<EOF
+    cat >/etc/apt/sources.list.d/mysql.sources <<'EOF'
 Types: deb
 URIs: https://repo.mysql.com/apt/debian/
 Suites: bookworm
 Components: mysql-8.4-lts
-Architectures: $(dpkg --print-architecture)
+Architectures: amd64 arm64
 Signed-By: /etc/apt/keyrings/mysql.gpg
 EOF

@@ -3821,7 +3702,8 @@ function setup_postgresql() {
    "https://www.postgresql.org/media/keys/ACCC4CF8.asc" \
    "https://apt.postgresql.org/pub/repos/apt" \
    "$SUITE" \
-    "main"
+    "main" \
+    "amd64 arm64"

  if ! $STD apt update; then
    msg_error "APT update failed for PostgreSQL repository"
@@ -3890,103 +3772,6 @@ function setup_postgresql() {
  fi
 }

-# ------------------------------------------------------------------------------
-# Creates PostgreSQL database with user and optional extensions
-#
-# Description:
-#   - Creates PostgreSQL role with login and password
-#   - Creates database with UTF8 encoding and template0
-#   - Installs optional extensions (postgis, pgvector, etc.)
-#   - Configures ALTER ROLE settings for Django/Rails compatibility
-#   - Saves credentials to file
-#   - Exports variables for use in calling script
-#
-# Usage:
-#   PG_DB_NAME="myapp_db" PG_DB_USER="myapp_user" setup_postgresql_db
-#   PG_DB_NAME="immich" PG_DB_USER="immich" PG_DB_EXTENSIONS="pgvector" setup_postgresql_db
-#   PG_DB_NAME="ghostfolio" PG_DB_USER="ghostfolio" PG_DB_GRANT_SUPERUSER="true" setup_postgresql_db
-#   PG_DB_NAME="adventurelog" PG_DB_USER="adventurelog" PG_DB_EXTENSIONS="postgis" setup_postgresql_db
-#
-# Variables:
-#   PG_DB_NAME             - Database name (required)
-#   PG_DB_USER             - Database user (required)
-#   PG_DB_PASS             - Database password (optional, auto-generated if empty)
-#   PG_DB_EXTENSIONS       - Comma-separated list of extensions (optional, e.g. "postgis,pgvector")
-#   PG_DB_GRANT_SUPERUSER  - Grant SUPERUSER privilege (optional, "true" to enable, security risk!)
-#   PG_DB_SCHEMA_PERMS     - Grant schema-level permissions (optional, "true" to enable)
-#   PG_DB_SKIP_ALTER_ROLE  - Skip ALTER ROLE settings (optional, "true" to skip)
-#   PG_DB_CREDS_FILE       - Credentials file path (optional, default: ~/${APPLICATION}.creds)
-#
-# Exports:
-#   PG_DB_NAME, PG_DB_USER, PG_DB_PASS - For use in calling script
-# ------------------------------------------------------------------------------
-
-function setup_postgresql_db() {
-  # Validation
-  if [[ -z "${PG_DB_NAME:-}" || -z "${PG_DB_USER:-}" ]]; then
-    msg_error "PG_DB_NAME and PG_DB_USER must be set before calling setup_postgresql_db"
-    return 1
-  fi
-
-  # Generate password if not provided
-  if [[ -z "${PG_DB_PASS:-}" ]]; then
-    PG_DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
-  fi
-
-  msg_info "Setting up PostgreSQL Database"
-  $STD sudo -u postgres psql -c "CREATE ROLE $PG_DB_USER WITH LOGIN PASSWORD '$PG_DB_PASS';"
-  $STD sudo -u postgres psql -c "CREATE DATABASE $PG_DB_NAME WITH OWNER $PG_DB_USER ENCODING 'UTF8' TEMPLATE template0;"
-
-  # Install extensions (comma-separated)
-  if [[ -n "${PG_DB_EXTENSIONS:-}" ]]; then
-    IFS=',' read -ra EXT_LIST <<<"${PG_DB_EXTENSIONS:-}"
-    for ext in "${EXT_LIST[@]}"; do
-      ext=$(echo "$ext" | xargs) # Trim whitespace
-      $STD sudo -u postgres psql -d "$PG_DB_NAME" -c "CREATE EXTENSION IF NOT EXISTS $ext;"
-    done
-  fi
-
-  # ALTER ROLE settings for Django/Rails compatibility (unless skipped)
-  if [[ "${PG_DB_SKIP_ALTER_ROLE:-}" != "true" ]]; then
-    $STD sudo -u postgres psql -c "ALTER ROLE $PG_DB_USER SET client_encoding TO 'utf8';"
-    $STD sudo -u postgres psql -c "ALTER ROLE $PG_DB_USER SET default_transaction_isolation TO 'read committed';"
-    $STD sudo -u postgres psql -c "ALTER ROLE $PG_DB_USER SET timezone TO 'UTC';"
-  fi
-
-  # Schema permissions (if requested)
-  if [[ "${PG_DB_SCHEMA_PERMS:-}" == "true" ]]; then
-    $STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $PG_DB_NAME TO $PG_DB_USER;"
-    $STD sudo -u postgres psql -c "ALTER USER $PG_DB_USER CREATEDB;"
-    $STD sudo -u postgres psql -d "$PG_DB_NAME" -c "GRANT ALL ON SCHEMA public TO $PG_DB_USER;"
-    $STD sudo -u postgres psql -d "$PG_DB_NAME" -c "GRANT CREATE ON SCHEMA public TO $PG_DB_USER;"
-    $STD sudo -u postgres psql -d "$PG_DB_NAME" -c "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO $PG_DB_USER;"
-    $STD sudo -u postgres psql -d "$PG_DB_NAME" -c "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO $PG_DB_USER;"
-  fi
-
-  # Superuser grant (if requested - WARNING!)
-  if [[ "${PG_DB_GRANT_SUPERUSER:-}" == "true" ]]; then
-    msg_warn "Granting SUPERUSER privilege (security risk!)"
-    $STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $PG_DB_NAME to $PG_DB_USER;"
-    $STD sudo -u postgres psql -c "ALTER USER $PG_DB_USER WITH SUPERUSER;"
-  fi
-
-  # Save credentials
-  local CREDS_FILE="${PG_DB_CREDS_FILE:-${HOME}/${APPLICATION}.creds}"
-  {
-    echo "PostgreSQL Credentials"
-    echo "Database: $PG_DB_NAME"
-    echo "User: $PG_DB_USER"
-    echo "Password: $PG_DB_PASS"
-  } >>"$CREDS_FILE"
-
-  msg_ok "Set up PostgreSQL Database"
-
-  # Export for use in calling script
-  export PG_DB_NAME
-  export PG_DB_USER
-  export PG_DB_PASS
-}
-
 # ------------------------------------------------------------------------------
 # Installs rbenv and ruby-build, installs Ruby and optionally Rails.
 #
@@ -4267,7 +4052,8 @@ function setup_clickhouse() {
    "https://packages.clickhouse.com/rpm/lts/repodata/repomd.xml.key" \
    "https://packages.clickhouse.com/deb" \
    "stable" \
-    "main"
+    "main" \
+    "amd64 arm64"

  # Install packages with retry logic
  export DEBIAN_FRONTEND=noninteractive
--- a/tools/addon/glances.sh
+++ b/tools/addon/glances.sh
@@ -48,7 +48,7 @@ install_glances_debian() {
  msg_ok "Installed dependencies"

  msg_info "Setting up Python + uv"
-  source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/tools.func)
+  source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/tools.func)
  setup_uv PYTHON_VERSION="3.12"
  msg_ok "Setup Python + uv"

@@ -118,7 +118,7 @@ install_glances_alpine() {
  msg_ok "Installed dependencies"

  msg_info "Setting up Python + uv"
-  source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/tools.func)
+  source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVED/main/misc/tools.func)
  setup_uv PYTHON_VERSION="3.12"
  msg_ok "Setup Python + uv"

--- a/tools/pve/pve-privilege-converter.sh
+++ b/tools/pve/pve-privilege-converter.sh
@@ -10,7 +10,7 @@ if ! command -v curl >/dev/null 2>&1; then
  apt-get update >/dev/null 2>&1
  apt-get install -y curl >/dev/null 2>&1
 fi
-source <(curl -fsSL https://git.community-scripts.org/community-scripts/ProxmoxVE/raw/branch/main/misc/core.func)
+source <(curl -fsSL https://git.community-scripts.org/community-scripts/ProxmoxVED/raw/branch/main/misc/core.func)
 load_functions

 set -euo pipefail