Update docker-vm.sh

Updated the script to use Debian 13 Qcow2 Disk Image and removed redundant installation of libguestfs-tools.

CHANGELOG.md

@@ -10,6 +10,63 @@
 > [!CAUTION]
 Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit the project's popularity for potentially malicious purposes.
 
+## 2025-11-11
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Part-DB: Increase amount of RAM [@tremor021](https://github.com/tremor021) ([#9039](https://github.com/community-scripts/ProxmoxVE/pull/9039))
+
+## 2025-11-10
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Plex: extend checking for deb822 source [@Matt17000](https://github.com/Matt17000) ([#9036](https://github.com/community-scripts/ProxmoxVE/pull/9036))
+
+  - #### ✨ New Features
+
+    - tools.func: add helper functions for MariaDB and PostgreSQL setup [@MickLesk](https://github.com/MickLesk) ([#9026](https://github.com/community-scripts/ProxmoxVE/pull/9026))
+    - core: update message for no available updates scenario (if pinned) [@MickLesk](https://github.com/MickLesk) ([#9021](https://github.com/community-scripts/ProxmoxVE/pull/9021))
+    - Migrate Open WebUI to uv-based installation [@MickLesk](https://github.com/MickLesk) ([#9019](https://github.com/community-scripts/ProxmoxVE/pull/9019))
+
+  - #### 🔧 Refactor
+
+    - Refactor: phpIPAM [@MickLesk](https://github.com/MickLesk) ([#9027](https://github.com/community-scripts/ProxmoxVE/pull/9027))
+
+## 2025-11-09
+
+### 🚀 Updated Scripts
+
+  - core: improve log cleaning [@MickLesk](https://github.com/MickLesk) ([#8999](https://github.com/community-scripts/ProxmoxVE/pull/8999))
+
+  - #### 🐞 Bug Fixes
+
+    - Add wkhtmltopdf to Odoo installation dependencies [@akileos](https://github.com/akileos) ([#9010](https://github.com/community-scripts/ProxmoxVE/pull/9010))
+    - fix(jotty): Comments removed from variables, as they are interpreted. [@schneider-de-com](https://github.com/schneider-de-com) ([#9002](https://github.com/community-scripts/ProxmoxVE/pull/9002))
+    - fix(n8n): Add python3-setuptools dependency for Debian 13 [@chrikodo](https://github.com/chrikodo) ([#9007](https://github.com/community-scripts/ProxmoxVE/pull/9007))
+    - Paperless-ngx: hotfix config path [@vhsdream](https://github.com/vhsdream) ([#9003](https://github.com/community-scripts/ProxmoxVE/pull/9003))
+    - Paperless-NGX: Move config backup outside of app folder [@vhsdream](https://github.com/vhsdream) ([#8996](https://github.com/community-scripts/ProxmoxVE/pull/8996))
+
+## 2025-11-08
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Technitium DNS: Fix update [@tremor021](https://github.com/tremor021) ([#8980](https://github.com/community-scripts/ProxmoxVE/pull/8980))
+    - MediaManager: add LOG_FILE to start.sh script; fix BASE_PATH and PUBLIC_API_URL [@vhsdream](https://github.com/vhsdream) ([#8981](https://github.com/community-scripts/ProxmoxVE/pull/8981))
+    - Firefly: Fix missing command in update script [@tremor021](https://github.com/tremor021) ([#8972](https://github.com/community-scripts/ProxmoxVE/pull/8972))
+    - MongoDB: Remove unused message [@tremor021](https://github.com/tremor021) ([#8969](https://github.com/community-scripts/ProxmoxVE/pull/8969))
+    - Set TZ=Etc/UTC in Ghostfolio installation script [@LuloDev](https://github.com/LuloDev) ([#8961](https://github.com/community-scripts/ProxmoxVE/pull/8961))
+
+  - #### 🔧 Refactor
+
+    - paperless: refactor - remove backup after update and enable clean install [@MickLesk](https://github.com/MickLesk) ([#8988](https://github.com/community-scripts/ProxmoxVE/pull/8988))
+    - Refactor setup_deb822_repo for optional architectures [@MickLesk](https://github.com/MickLesk) ([#8983](https://github.com/community-scripts/ProxmoxVE/pull/8983))
+
 ## 2025-11-07
 
 ### 🆕 New Scripts
@@ -20,9 +77,15 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
   - #### 🐞 Bug Fixes
 
+    - Update script URLs to ProxmoxVE repository [@MickLesk](https://github.com/MickLesk) ([#8946](https://github.com/community-scripts/ProxmoxVE/pull/8946))
+    - tools.func: fix amd64 arm64 mismatch [@MickLesk](https://github.com/MickLesk) ([#8943](https://github.com/community-scripts/ProxmoxVE/pull/8943))
     - ghostfolio: refactor CoinGecko key prompts in installer [@MickLesk](https://github.com/MickLesk) ([#8935](https://github.com/community-scripts/ProxmoxVE/pull/8935))
     - flaresolverr: pin release to 3.4.3 [@CrazyWolf13](https://github.com/CrazyWolf13) ([#8937](https://github.com/community-scripts/ProxmoxVE/pull/8937))
 
+  - #### ✨ New Features
+
+    - Pangolin: Add Traefik proxy [@tremor021](https://github.com/tremor021) ([#8952](https://github.com/community-scripts/ProxmoxVE/pull/8952))
+
 ## 2025-11-06
 
 ### 🚀 Updated Scripts

ct/firefly.sh

@@ -51,7 +51,7 @@ function update_script() {
     find /opt/firefly/storage -type f -exec chmod 664 {} \;
     mkdir -p /opt/firefly/storage/framework/{cache/data,sessions,views}
     $STD sudo -u www-data php /opt/firefly/artisan cache:clear
-
+    cd /opt/firefly
     $STD php artisan migrate --seed --force
     $STD php artisan cache:clear
     $STD php artisan view:clear

ct/mediamanager.sh

@@ -40,19 +40,24 @@ function update_script() {
     MM_DIR="/opt/mm"
     export CONFIG_DIR="${MM_DIR}/config"
     export FRONTEND_FILES_DIR="${MM_DIR}/web/build"
-    export BASE_PATH=""
     export PUBLIC_VERSION=""
     export PUBLIC_API_URL=""
+    export BASE_PATH="/web"
     cd /opt/mediamanager/web
-    $STD npm ci
+    $STD npm ci --no-fund --no-audit
     $STD npm run build
     rm -rf "$FRONTEND_FILES_DIR"/build
     cp -r build "$FRONTEND_FILES_DIR"
+    export BASE_PATH=""
     export VIRTUAL_ENV="/opt/${MM_DIR}/venv"
     cd /opt/mediamanager
     rm -rf "$MM_DIR"/{media_manager,alembic*}
     cp -r {media_manager,alembic*} "$MM_DIR"
     $STD /usr/local/bin/uv sync --locked --active -n -p cpython3.13 --managed-python
+    if ! grep -q "LOG_FILE" "$MM_DIR"/start.sh; then
+      sed -i "\|build\"$|a\export LOG_FILE=\"$CONFIG_DIR/media_manager.log\"" "$MM_DIR"/start.sh
+    fi
+
     msg_ok "Updated $APP"
 
     msg_info "Starting Service"

ct/openwebui.sh

@@ -23,6 +23,62 @@ function update_script() {
   header_info
   check_container_storage
   check_container_resources
+
+  if [[ -d /opt/open-webui ]]; then
+    msg_warn "Legacy installation detected — migrating to uv based install..."
+    msg_info "Stopping Service"
+    systemctl stop open-webui
+    msg_ok "Stopped Service"
+
+    msg_info "Creating Backup"
+    mkdir -p /opt/open-webui-backup
+    cp -a /opt/open-webui/backend/data /opt/open-webui-backup/data || true
+    msg_ok "Created Backup"
+
+    msg_info "Removing legacy installation"
+    rm -rf /opt/open-webui
+    rm -rf /root/.open-webui || true
+    msg_ok "Removed legacy installation"
+
+    msg_info "Installing uv-based Open-WebUI"
+    PYTHON_VERSION="3.12" setup_uv
+    $STD uv tool install --python $PYTHON_VERSION open-webui[all]
+    msg_ok "Installed uv-based Open-WebUI"
+
+    msg_info "Restoring data"
+    mkdir -p /root/.open-webui
+    cp -a /opt/open-webui-backup/data/* /root/.open-webui/ || true
+    rm -rf /opt/open-webui-backup || true
+    msg_ok "Restored data"
+
+    msg_info "Recreating Service"
+    cat <<EOF >/etc/systemd/system/open-webui.service
+[Unit]
+Description=Open WebUI Service
+After=network.target
+
+[Service]
+Type=simple
+Environment=DATA_DIR=/root/.open-webui
+EnvironmentFile=-/root/.env
+ExecStart=/root/.local/bin/open-webui serve
+WorkingDirectory=/root
+Restart=on-failure
+RestartSec=5
+User=root
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+    $STD systemctl daemon-reload
+    systemctl enable -q --now open-webui
+    msg_ok "Recreated Service"
+
+    msg_ok "Migration completed"
+    exit 0
+  fi
+
   if [[ ! -d /root/.open-webui ]]; then
     msg_error "No ${APP} Installation Found!"
     exit
@@ -50,8 +106,11 @@ function update_script() {
     fi
   fi
 
-  msg_info "Restarting Open WebUI to initiate update"
+  msg_info "Updating Open WebUI via uv"
+  PYTHON_VERSION="3.12" setup_uv
+  $STD uv tool install --python 3.12 open-webui[all]
   systemctl restart open-webui
+  msg_ok "Updated Open WebUI"
   msg_ok "Updated successfully!"
   exit
 }

ct/pangolin.sh

@@ -21,52 +21,52 @@ color
 catch_errors
 
 function update_script() {
-    header_info
-    check_container_storage
-    check_container_resources
-    if [[ ! -d /opt/pangolin ]]; then
-        msg_error "No ${APP} Installation Found!"
-        exit
-    fi
-
-    if check_for_gh_release "pangolin" "fosrl/pangolin"; then
-        msg_info "Stopping Service"
-        systemctl stop pangolin
-        systemctl stop gerbil
-        msg_info "Service stopped"
-
-        msg_info "Creating backup"
-        tar -czf /opt/pangolin_config_backup.tar.gz -C /opt/pangolin config
-        msg_ok "Created backup"
-
-        CLEAN_INSTALL=1 fetch_and_deploy_gh_release "pangolin" "fosrl/pangolin" "tarball"
-        CLEAN_INSTALL=1 fetch_and_deploy_gh_release "gerbil" "fosrl/gerbil" "singlefile" "latest" "/usr/bin" "gerbil_linux_amd64"
-
-        msg_info "Updating Pangolin"
-        cd /opt/pangolin
-        $STD npm ci
-        $STD npm run set:sqlite
-        $STD npm run set:oss
-        rm -rf server/private
-        $STD npm run build:sqlite
-        $STD npm run build:cli
-        cp -R .next/standalone ./
-        chmod +x ./dist/cli.mjs
-        cp server/db/names.json ./dist/names.json
-        msg_ok "Updated Pangolin"
-
-        msg_info "Restoring config"
-        tar -xzf /opt/pangolin_config_backup.tar.gz -C /opt/pangolin --overwrite
-        rm -f /opt/pangolin_config_backup.tar.gz
-        msg_ok "Restored config"
-
-        msg_info "Starting Services"
-        systemctl start pangolin
-        systemctl start gerbil
-        msg_ok "Started Services"
-        msg_ok "Updated successfully!"
-    fi
+  header_info
+  check_container_storage
+  check_container_resources
+  if [[ ! -d /opt/pangolin ]]; then
+    msg_error "No ${APP} Installation Found!"
     exit
+  fi
+
+  if check_for_gh_release "pangolin" "fosrl/pangolin"; then
+    msg_info "Stopping Service"
+    systemctl stop pangolin
+    systemctl stop gerbil
+    msg_info "Service stopped"
+
+    msg_info "Creating backup"
+    tar -czf /opt/pangolin_config_backup.tar.gz -C /opt/pangolin config
+    msg_ok "Created backup"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "pangolin" "fosrl/pangolin" "tarball"
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "gerbil" "fosrl/gerbil" "singlefile" "latest" "/usr/bin" "gerbil_linux_amd64"
+
+    msg_info "Updating Pangolin"
+    cd /opt/pangolin
+    $STD npm ci
+    $STD npm run set:sqlite
+    $STD npm run set:oss
+    rm -rf server/private
+    $STD npm run build:sqlite
+    $STD npm run build:cli
+    cp -R .next/standalone ./
+    chmod +x ./dist/cli.mjs
+    cp server/db/names.json ./dist/names.json
+    msg_ok "Updated Pangolin"
+
+    msg_info "Restoring config"
+    tar -xzf /opt/pangolin_config_backup.tar.gz -C /opt/pangolin --overwrite
+    rm -f /opt/pangolin_config_backup.tar.gz
+    msg_ok "Restored config"
+
+    msg_info "Starting Services"
+    systemctl start pangolin
+    systemctl start gerbil
+    msg_ok "Started Services"
+    msg_ok "Updated successfully!"
+  fi
+  exit
 }
 
 start
@@ -76,4 +76,4 @@ description
 msg_ok "Completed Successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
 echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3002${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}https://<YOUR_PANGOLIN_URL>${CL}"

ct/paperless-ngx.sh

@@ -35,24 +35,38 @@ function update_script() {
     if grep -q "uv run" /etc/systemd/system/paperless-webserver.service; then
 
       msg_info "Backing up data"
-      mkdir -p /opt/paperless/backup
-      cp -r /opt/paperless/data /opt/paperless/backup/
-      cp -r /opt/paperless/media /opt/paperless/backup/
-      cp -r /opt/paperless/paperless.conf /opt/paperless/backup/
+      mkdir -p /opt/paperless_backup
+      cp -r /opt/paperless/data /opt/paperless_backup/
+      cp -r /opt/paperless/media /opt/paperless_backup/
+      cp -r /opt/paperless/paperless.conf /opt/paperless_backup/
       msg_ok "Backup completed"
 
       PYTHON_VERSION="3.13" setup_uv
-      fetch_and_deploy_gh_release "paperless" "paperless-ngx/paperless-ngx" "prebuild" "latest" "/opt/paperless" "paperless*tar.xz"
-      fetch_and_deploy_gh_release "jbig2enc" "ie13/jbig2enc" "tarball" "latest" "/opt/jbig2enc"
-      setup_gs
+      CLEAN_INSTALL=1 fetch_and_deploy_gh_release "paperless" "paperless-ngx/paperless-ngx" "prebuild" "latest" "/opt/paperless" "paperless*tar.xz"
+      CLEAN_INSTALL=1 fetch_and_deploy_gh_release "jbig2enc" "ie13/jbig2enc" "tarball" "latest" "/opt/jbig2enc"
+
+      . /etc/os-release
+      if [ "$VERSION_CODENAME" = "bookworm" ]; then
+        setup_gs
+      else
+        $STD apt install -y ghostscript
+      fi
 
       msg_info "Updating Paperless-ngx"
-      cp -r /opt/paperless/backup/* /opt/paperless/
+      cp -r /opt/paperless_backup/* /opt/paperless/
+      CONSUME_DIR="$(sed -n 's/^PAPERLESS_CONSUMPTION_DIR=//p' /opt/paperless/paperless.conf)"
+      if [[ -z "$CONSUME_DIR" ]]; then
+        CONSUME_DIR="/opt/paperless/consume"
+      fi
+      mkdir -p "$CONSUME_DIR"
       cd /opt/paperless
       $STD uv sync --all-extras
       cd /opt/paperless/src
       $STD uv run -- python manage.py migrate
       msg_ok "Updated Paperless-ngx"
+
+      rm -rf /opt/paperless_backup
+
     else
       msg_warn "You are about to migrate your Paperless-ngx installation to uv!"
       msg_custom "🔒" "It is strongly recommended to take a Proxmox snapshot first:"
@@ -96,24 +110,40 @@ function update_script() {
 
       $STD systemctl daemon-reload
       msg_info "Backing up data"
-      mkdir -p /opt/paperless/backup
-      cp -r /opt/paperless/data /opt/paperless/backup/
-      cp -r /opt/paperless/media /opt/paperless/backup/
-      cp -r /opt/paperless/paperless.conf /opt/paperless/backup/
+      mkdir -p /opt/paperless_backup
+      cp -r /opt/paperless/data /opt/paperless_backup/
+      cp -r /opt/paperless/media /opt/paperless_backup/
+      cp -r /opt/paperless/paperless.conf /opt/paperless_backup/
       msg_ok "Backup completed"
 
       PYTHON_VERSION="3.13" setup_uv
-      fetch_and_deploy_gh_release "paperless" "paperless-ngx/paperless-ngx" "prebuild" "latest" "/opt/paperless" "paperless*tar.xz"
-      fetch_and_deploy_gh_release "jbig2enc" "ie13/jbig2enc" "tarball" "latest" "/opt/jbig2enc"
-      setup_gs
+      CLEAN_INSTALL=1 fetch_and_deploy_gh_release "paperless" "paperless-ngx/paperless-ngx" "prebuild" "latest" "/opt/paperless" "paperless*tar.xz"
+      CLEAN_INSTALL=1 fetch_and_deploy_gh_release "jbig2enc" "ie13/jbig2enc" "tarball" "latest" "/opt/jbig2enc"
+
+      . /etc/os-release
+      if [ "$VERSION_CODENAME" = "bookworm" ]; then
+        setup_gs
+      else
+        msg_info "Installing Ghostscript"
+        $STD apt install -y ghostscript
+        msg_ok "Installed Ghostscript"
+      fi
 
       msg_info "Updating Paperless-ngx"
-      cp -r /opt/paperless/backup/* /opt/paperless/
+      cp -r /opt/paperless_backup/* /opt/paperless/
+      CONSUME_DIR="$(sed -n '/^PAPERLESS_CONSUMPTION/s/[^=]=*//p' /opt/paperless/paperless.conf)"
+      mkdir -p "${CONSUME_DIR:-/opt/paperless/consume}"
       cd /opt/paperless
       $STD uv sync --all-extras
       cd /opt/paperless/src
       $STD uv run -- python manage.py migrate
       msg_ok "Paperless-ngx migration and update completed"
+
+      rm -rf /opt/paperless_backup
+      if [[ -d /opt/paperless/backup ]]; then
+        rm -rf /opt/paperless/backup
+        msg_ok "Removed old backup directory"
+      fi
     fi
 
     msg_info "Starting all Paperless-ngx Services"

ct/part-db.sh

@@ -8,7 +8,7 @@ source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxV
 APP="Part-DB"
 var_tags="${var_tags:-inventory;parts}"
 var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-1024}"
+var_ram="${var_ram:-2048}"
 var_disk="${var_disk:-8}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"

ct/phpipam.sh

@@ -33,17 +33,22 @@ function update_script() {
     systemctl stop apache2
     msg_ok "Stopped Service"
 
+    PHP_VERSION="8.4" PHP_APACHE="YES" PHP_FPM="YES" PHP_MODULE="mysql,gmp,snmp,ldap,apcu" setup_php
+
+    msg_info "Installing PHP-PEAR"
+    $STD apt install -y \
+      php-pear \
+      php-dev
+    msg_ok "Installed PHP-PEAR"
+
     mv /opt/phpipam/ /opt/phpipam-backup
-    fetch_and_deploy_gh_release "phpipam" "phpipam/phpipam" "prebuild" "latest" "/opt/phpipam" "phpipam-v*.zip"
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "phpipam" "phpipam/phpipam" "prebuild" "latest" "/opt/phpipam" "phpipam-v*.zip"
     cp /opt/phpipam-backup/config.php /opt/phpipam
+    rm -r /opt/phpipam-backup
 
     msg_info "Starting Service"
     systemctl start apache2
     msg_ok "Started Service"
-
-    msg_info "Cleaning up"
-    rm -r /opt/phpipam-backup
-    msg_ok "Cleaned"
     msg_ok "Updated successfully!"
   fi
   exit

ct/plex.sh

@@ -23,7 +23,7 @@ function update_script() {
   header_info
   check_container_storage
   check_container_resources
-  if [[ ! -f /etc/apt/sources.list.d/plexmediaserver.list ]]; then
+  if [ ! -f /etc/apt/sources.list.d/plexmediaserver.list ]] && [[ ! -f /etc/apt/sources.list.d/plexmediaserver.sources ]]; then
     msg_error "No ${APP} Installation Found!"
     exit
   fi

ct/technitiumdns.sh

@@ -28,6 +28,11 @@ function update_script() {
     exit
   fi
 
+  if is_package_installed "aspnetcore-runtime-8.0"; then
+    $STD apt remove -y aspnetcore-runtime-8.0
+    $STD apt install -y aspnetcore-runtime-9.0
+  fi
+
   RELEASE=$(curl -fsSL https://technitium.com/dns/ | grep -oP 'Version \K[\d.]+')
   if [[ ! -f ~/.technitium || "${RELEASE}" != "$(cat ~/.technitium)" ]]; then
     msg_info "Updating Technitium DNS"

frontend/public/json/cockpit.json

@@ -33,8 +33,12 @@
   },
   "notes": [
     {
-      "text": "Set a root password if using autologin. This will be the Cockpit password.`sudo passwd root`",
+      "text": "Set a root password if using autologin. This will be the Cockpit password. To set root password run `sudo passwd root`",
       "type": "info"
+    },
+    {
+      "text": "If you plan on using 45Drives extension with NFS, you must setup LXC as privileged. Some features of 45Drives don't work on Debian 13, so Debian 12 must be used.",
+      "type": "warning"
     }
   ]
 }

frontend/public/json/pangolin.json

@@ -8,7 +8,7 @@
   "type": "ct",
   "updateable": true,
   "privileged": false,
-  "interface_port": 3002,
+  "interface_port": 443,
   "documentation": "https://docs.pangolin.net/",
   "config_path": "/opt/pangolin/config/config.yml",
   "website": "https://pangolin.net/",

frontend/public/json/part-db.json

@@ -20,7 +20,7 @@
       "script": "ct/part-db.sh",
       "resources": {
         "cpu": 2,
-        "ram": 1024,
+        "ram": 2048,
         "hdd": 8,
         "os": "debian",
         "version": "13"

frontend/public/json/versions.json

@@ -1,4 +1,279 @@
 [
+  {
+    "name": "chrisvel/tududi",
+    "version": "v0.86",
+    "date": "2025-11-10T20:54:25Z"
+  },
+  {
+    "name": "pommee/goaway",
+    "version": "v0.62.17",
+    "date": "2025-11-10T19:45:49Z"
+  },
+  {
+    "name": "chrisbenincasa/tunarr",
+    "version": "v0.22.13",
+    "date": "2025-11-10T18:12:24Z"
+  },
+  {
+    "name": "autobrr/autobrr",
+    "version": "v1.69.0",
+    "date": "2025-11-10T17:22:00Z"
+  },
+  {
+    "name": "meilisearch/meilisearch",
+    "version": "latest",
+    "date": "2025-11-10T17:01:21Z"
+  },
+  {
+    "name": "gtsteffaniak/filebrowser",
+    "version": "v1.0.1-stable",
+    "date": "2025-11-10T16:51:44Z"
+  },
+  {
+    "name": "msgbyte/tianji",
+    "version": "v1.30.9",
+    "date": "2025-11-10T16:23:29Z"
+  },
+  {
+    "name": "fuma-nama/fumadocs",
+    "version": "fumadocs-mdx@13.0.6",
+    "date": "2025-11-10T14:43:06Z"
+  },
+  {
+    "name": "n8n-io/n8n",
+    "version": "v1.0.0",
+    "date": "2025-11-07T12:52:42Z"
+  },
+  {
+    "name": "grokability/snipe-it",
+    "version": "v8.3.5",
+    "date": "2025-11-10T14:12:12Z"
+  },
+  {
+    "name": "SigNoz/signoz",
+    "version": "v0.101.0-rc.1",
+    "date": "2025-11-10T13:08:55Z"
+  },
+  {
+    "name": "dgtlmoon/changedetection.io",
+    "version": "0.50.42",
+    "date": "2025-11-10T12:32:49Z"
+  },
+  {
+    "name": "emqx/emqx",
+    "version": "e6.0.1",
+    "date": "2025-11-10T11:58:39Z"
+  },
+  {
+    "name": "documenso/documenso",
+    "version": "v2.0.6",
+    "date": "2025-11-10T08:08:43Z"
+  },
+  {
+    "name": "mattermost/mattermost",
+    "version": "v10.11.6",
+    "date": "2025-11-04T09:43:16Z"
+  },
+  {
+    "name": "Jackett/Jackett",
+    "version": "v0.24.270",
+    "date": "2025-11-10T05:57:22Z"
+  },
+  {
+    "name": "firefly-iii/firefly-iii",
+    "version": "v6.4.6",
+    "date": "2025-11-08T22:45:35Z"
+  },
+  {
+    "name": "jeedom/core",
+    "version": "4.4.20",
+    "date": "2025-11-10T00:27:05Z"
+  },
+  {
+    "name": "steveiliop56/tinyauth",
+    "version": "v4.0.1",
+    "date": "2025-10-15T16:53:55Z"
+  },
+  {
+    "name": "navidrome/navidrome",
+    "version": "v0.58.5",
+    "date": "2025-11-09T19:12:41Z"
+  },
+  {
+    "name": "rcourtman/Pulse",
+    "version": "v4.27.2",
+    "date": "2025-11-09T18:39:30Z"
+  },
+  {
+    "name": "pelican-dev/panel",
+    "version": "v1.0.0-beta28",
+    "date": "2025-11-09T17:36:07Z"
+  },
+  {
+    "name": "pelican-dev/wings",
+    "version": "v1.0.0-beta19",
+    "date": "2025-11-09T17:26:30Z"
+  },
+  {
+    "name": "duplicati/duplicati",
+    "version": "v2.2.0.1_stable_2025-11-09",
+    "date": "2025-11-09T17:21:54Z"
+  },
+  {
+    "name": "Cleanuparr/Cleanuparr",
+    "version": "v2.4.5",
+    "date": "2025-11-09T17:14:01Z"
+  },
+  {
+    "name": "TechnitiumSoftware/DnsServer",
+    "version": "v14.0.1",
+    "date": "2025-11-09T13:03:18Z"
+  },
+  {
+    "name": "BookStackApp/BookStack",
+    "version": "v25.11",
+    "date": "2025-11-09T13:00:14Z"
+  },
+  {
+    "name": "karakeep-app/karakeep",
+    "version": "extension/v1.2.7",
+    "date": "2025-11-09T12:21:54Z"
+  },
+  {
+    "name": "NginxProxyManager/nginx-proxy-manager",
+    "version": "v2.13.2",
+    "date": "2025-11-09T11:56:25Z"
+  },
+  {
+    "name": "keycloak/keycloak",
+    "version": "26.4.4",
+    "date": "2025-11-07T08:55:27Z"
+  },
+  {
+    "name": "authelia/authelia",
+    "version": "v4.39.14",
+    "date": "2025-11-09T07:18:40Z"
+  },
+  {
+    "name": "apache/couchdb",
+    "version": "3.5.1",
+    "date": "2025-11-09T05:09:28Z"
+  },
+  {
+    "name": "BerriAI/litellm",
+    "version": "v1.79.3.rc.1",
+    "date": "2025-11-09T02:52:13Z"
+  },
+  {
+    "name": "inventree/InvenTree",
+    "version": "1.1.3",
+    "date": "2025-11-09T00:28:21Z"
+  },
+  {
+    "name": "raydak-labs/configarr",
+    "version": "v1.17.2",
+    "date": "2025-11-08T22:47:58Z"
+  },
+  {
+    "name": "TwiN/gatus",
+    "version": "v5.31.0",
+    "date": "2025-11-08T22:18:46Z"
+  },
+  {
+    "name": "hargata/lubelog",
+    "version": "v1.5.4",
+    "date": "2025-11-08T16:26:45Z"
+  },
+  {
+    "name": "Luligu/matterbridge",
+    "version": "3.3.7",
+    "date": "2025-11-08T15:47:24Z"
+  },
+  {
+    "name": "heiher/hev-socks5-server",
+    "version": "2.11.1",
+    "date": "2025-11-08T14:27:27Z"
+  },
+  {
+    "name": "oauth2-proxy/oauth2-proxy",
+    "version": "v7.13.0",
+    "date": "2025-11-08T13:36:25Z"
+  },
+  {
+    "name": "runtipi/runtipi",
+    "version": "v4.6.3",
+    "date": "2025-11-08T10:06:18Z"
+  },
+  {
+    "name": "pocketbase/pocketbase",
+    "version": "v0.32.0",
+    "date": "2025-11-08T09:36:27Z"
+  },
+  {
+    "name": "home-assistant/core",
+    "version": "2025.11.1",
+    "date": "2025-11-07T21:32:26Z"
+  },
+  {
+    "name": "homarr-labs/homarr",
+    "version": "v1.43.2",
+    "date": "2025-11-07T19:16:41Z"
+  },
+  {
+    "name": "semaphoreui/semaphore",
+    "version": "v2.16.45",
+    "date": "2025-11-07T19:08:05Z"
+  },
+  {
+    "name": "cloudflare/cloudflared",
+    "version": "2025.11.1",
+    "date": "2025-11-07T17:05:45Z"
+  },
+  {
+    "name": "traefik/traefik",
+    "version": "v3.6.0",
+    "date": "2025-11-07T15:34:35Z"
+  },
+  {
+    "name": "YunoHost/yunohost",
+    "version": "debian/12.1.35",
+    "date": "2025-11-07T14:35:24Z"
+  },
+  {
+    "name": "nzbgetcom/nzbget",
+    "version": "v25.4",
+    "date": "2025-10-09T10:27:01Z"
+  },
+  {
+    "name": "openobserve/openobserve",
+    "version": "v0.16.0",
+    "date": "2025-11-07T12:55:42Z"
+  },
+  {
+    "name": "element-hq/synapse",
+    "version": "v1.142.0rc2",
+    "date": "2025-11-04T16:22:11Z"
+  },
+  {
+    "name": "Paymenter/Paymenter",
+    "version": "v1.4.3",
+    "date": "2025-11-07T11:07:17Z"
+  },
+  {
+    "name": "wazuh/wazuh",
+    "version": "coverity-w45-4.14.1",
+    "date": "2025-11-05T16:56:57Z"
+  },
+  {
+    "name": "umami-software/umami",
+    "version": "v3.0.0",
+    "date": "2025-11-07T06:13:49Z"
+  },
+  {
+    "name": "OliveTin/OliveTin",
+    "version": "3000.3.2",
+    "date": "2025-11-07T01:05:59Z"
+  },
   {
     "name": "FlowiseAI/Flowise",
     "version": "flowise@3.0.10",
@@ -9,11 +284,6 @@
     "version": "v4.52.0",
     "date": "2025-11-06T22:39:26Z"
   },
-  {
-    "name": "rcourtman/Pulse",
-    "version": "v4.26.4",
-    "date": "2025-11-06T22:38:52Z"
-  },
   {
     "name": "open-webui/open-webui",
     "version": "v0.6.36",
@@ -24,21 +294,11 @@
     "version": "v2.19.5",
     "date": "2025-11-06T20:20:13Z"
   },
-  {
-    "name": "chrisbenincasa/tunarr",
-    "version": "v0.22.12",
-    "date": "2025-11-06T18:43:51Z"
-  },
   {
     "name": "MariaDB/server",
     "version": "mariadb-11.8.4",
     "date": "2025-11-06T17:24:30Z"
   },
-  {
-    "name": "chrisvel/tududi",
-    "version": "v0.85.1",
-    "date": "2025-10-31T10:45:26Z"
-  },
   {
     "name": "HabitRPG/habitica",
     "version": "v5.41.6",
@@ -54,76 +314,26 @@
     "version": "v2025.11.2",
     "date": "2025-11-06T12:08:24Z"
   },
-  {
-    "name": "meilisearch/meilisearch",
-    "version": "prototype-v1.24.0.s3-snapshots-5",
-    "date": "2025-11-06T11:43:12Z"
-  },
   {
     "name": "transmission/transmission",
     "version": "4.0.1-beta.1",
     "date": "2024-12-13T00:16:24Z"
   },
-  {
-    "name": "semaphoreui/semaphore",
-    "version": "v2.17.0-beta20",
-    "date": "2025-11-06T10:49:56Z"
-  },
-  {
-    "name": "keycloak/keycloak",
-    "version": "26.4.3",
-    "date": "2025-11-06T09:56:20Z"
-  },
-  {
-    "name": "OliveTin/OliveTin",
-    "version": "2025.11.06",
-    "date": "2025-11-06T08:45:02Z"
-  },
-  {
-    "name": "SigNoz/signoz",
-    "version": "v0.100.1",
-    "date": "2025-11-06T07:53:11Z"
-  },
   {
     "name": "apache/tomcat",
     "version": "9.0.112",
     "date": "2025-11-06T07:49:59Z"
   },
-  {
-    "name": "Jackett/Jackett",
-    "version": "v0.24.252",
-    "date": "2025-11-06T05:55:30Z"
-  },
   {
     "name": "Kozea/Radicale",
     "version": "v3.5.8",
     "date": "2025-11-06T05:32:51Z"
   },
-  {
-    "name": "firefly-iii/firefly-iii",
-    "version": "v6.4.4",
-    "date": "2025-11-01T19:48:08Z"
-  },
-  {
-    "name": "apache/couchdb",
-    "version": "3.5.1-RC1",
-    "date": "2025-11-06T03:23:20Z"
-  },
   {
     "name": "Notifiarr/notifiarr",
     "version": "v0.9.1",
     "date": "2025-11-06T02:26:53Z"
   },
-  {
-    "name": "jeedom/core",
-    "version": "4.4.20",
-    "date": "2025-11-06T00:27:04Z"
-  },
-  {
-    "name": "steveiliop56/tinyauth",
-    "version": "v4.0.1",
-    "date": "2025-10-15T16:53:55Z"
-  },
   {
     "name": "ollama/ollama",
     "version": "v0.12.10",
@@ -134,45 +344,20 @@
     "version": "5.26.16",
     "date": "2025-11-05T20:41:40Z"
   },
-  {
-    "name": "BerriAI/litellm",
-    "version": "v1.79.1.dev6",
-    "date": "2025-11-05T19:25:05Z"
-  },
-  {
-    "name": "home-assistant/core",
-    "version": "2025.11.0",
-    "date": "2025-11-05T19:23:12Z"
-  },
   {
     "name": "leiweibau/Pi.Alert",
     "version": "v2025-11-05",
     "date": "2025-11-05T18:08:26Z"
   },
-  {
-    "name": "n8n-io/n8n",
-    "version": "n8n@1.118.2",
-    "date": "2025-11-05T18:07:04Z"
-  },
   {
     "name": "bunkerity/bunkerweb",
     "version": "v1.6.5",
     "date": "2025-10-06T15:25:17Z"
   },
-  {
-    "name": "wazuh/wazuh",
-    "version": "coverity-w45-4.14.1",
-    "date": "2025-11-05T16:56:57Z"
-  },
-  {
-    "name": "mattermost/mattermost",
-    "version": "v10.11.6",
-    "date": "2025-11-04T09:43:16Z"
-  },
   {
     "name": "javedh-dev/tracktor",
     "version": "0.5.1",
-    "date": "2025-11-05T15:51:02Z"
+    "date": "2025-11-05T16:14:37Z"
   },
   {
     "name": "zitadel/zitadel",
@@ -189,11 +374,6 @@
     "version": "v2.2.3",
     "date": "2025-11-05T13:47:03Z"
   },
-  {
-    "name": "duplicati/duplicati",
-    "version": "v2.2.0.100-2.2.0.100_canary_2025-11-05",
-    "date": "2025-11-05T13:01:37Z"
-  },
   {
     "name": "azukaar/Cosmos-Server",
     "version": "v0.18.4",
@@ -204,11 +384,6 @@
     "version": "1.5.0",
     "date": "2025-11-05T11:10:20Z"
   },
-  {
-    "name": "emqx/emqx",
-    "version": "e5.10.2-alpha.1",
-    "date": "2025-11-05T09:55:26Z"
-  },
   {
     "name": "glpi-project/glpi",
     "version": "11.0.2",
@@ -224,11 +399,6 @@
     "version": "0.209.7",
     "date": "2025-11-05T08:32:08Z"
   },
-  {
-    "name": "NginxProxyManager/nginx-proxy-manager",
-    "version": "v2.13.1",
-    "date": "2025-11-05T06:06:08Z"
-  },
   {
     "name": "jenkinsci/jenkins",
     "version": "jenkins-2.535",
@@ -264,26 +434,11 @@
     "version": "v1.25.1",
     "date": "2025-11-04T20:01:09Z"
   },
-  {
-    "name": "runtipi/runtipi",
-    "version": "nightly",
-    "date": "2025-11-04T19:16:17Z"
-  },
-  {
-    "name": "element-hq/synapse",
-    "version": "v1.142.0rc2",
-    "date": "2025-11-04T16:22:11Z"
-  },
   {
     "name": "jhuckaby/Cronicle",
     "version": "v0.9.100",
     "date": "2025-11-04T17:44:39Z"
   },
-  {
-    "name": "msgbyte/tianji",
-    "version": "v1.30.6",
-    "date": "2025-11-04T17:41:01Z"
-  },
   {
     "name": "VictoriaMetrics/VictoriaMetrics",
     "version": "v1.129.1",
@@ -339,61 +494,21 @@
     "version": "v25.11.0",
     "date": "2025-11-04T00:32:21Z"
   },
-  {
-    "name": "inventree/InvenTree",
-    "version": "1.1.2",
-    "date": "2025-11-03T23:16:29Z"
-  },
-  {
-    "name": "gtsteffaniak/filebrowser",
-    "version": "v1.0.0-stable",
-    "date": "2025-11-03T22:24:23Z"
-  },
   {
     "name": "jupyter/notebook",
     "version": "@jupyter-notebook/ui-components@7.5.0-rc.0",
     "date": "2025-11-03T19:37:03Z"
   },
-  {
-    "name": "dgtlmoon/changedetection.io",
-    "version": "0.50.39",
-    "date": "2025-11-03T17:58:41Z"
-  },
-  {
-    "name": "cloudflare/cloudflared",
-    "version": "2025.10.1-3-g52809511",
-    "date": "2025-11-03T17:13:35Z"
-  },
   {
     "name": "goauthentik/authentik",
     "version": "version/2025.10.1",
     "date": "2025-11-03T16:49:16Z"
   },
-  {
-    "name": "Cleanuparr/Cleanuparr",
-    "version": "v2.4.3",
-    "date": "2025-11-03T16:49:03Z"
-  },
-  {
-    "name": "YunoHost/yunohost",
-    "version": "debian/12.1.34",
-    "date": "2025-11-03T16:42:07Z"
-  },
-  {
-    "name": "Paymenter/Paymenter",
-    "version": "v1.4.2",
-    "date": "2025-11-03T11:52:53Z"
-  },
   {
     "name": "silverbulletmd/silverbullet",
     "version": "2.2.1",
     "date": "2025-11-03T06:57:15Z"
   },
-  {
-    "name": "fuma-nama/fumadocs",
-    "version": "fumadocs-mdx@13.0.5",
-    "date": "2025-11-03T06:55:11Z"
-  },
   {
     "name": "jellyfin/jellyfin",
     "version": "v10.11.2",
@@ -434,31 +549,16 @@
     "version": "0.42.1",
     "date": "2020-06-07T07:27:04Z"
   },
-  {
-    "name": "Luligu/matterbridge",
-    "version": "3.3.6",
-    "date": "2025-11-01T10:41:15Z"
-  },
   {
     "name": "tailscale/tailscale",
     "version": "v1.90.6",
     "date": "2025-10-31T22:24:04Z"
   },
-  {
-    "name": "homarr-labs/homarr",
-    "version": "v1.43.1",
-    "date": "2025-10-31T19:15:02Z"
-  },
   {
     "name": "mealie-recipes/mealie",
     "version": "v3.4.0",
     "date": "2025-10-31T18:50:18Z"
   },
-  {
-    "name": "pommee/goaway",
-    "version": "v0.62.12",
-    "date": "2025-10-31T17:30:55Z"
-  },
   {
     "name": "zabbix/zabbix",
     "version": "7.4.5",
@@ -494,11 +594,6 @@
     "version": "1.0.2",
     "date": "2025-10-30T18:23:23Z"
   },
-  {
-    "name": "TwiN/gatus",
-    "version": "v5.30.0",
-    "date": "2025-10-30T16:52:58Z"
-  },
   {
     "name": "AdguardTeam/AdGuardHome",
     "version": "v0.107.69",
@@ -529,11 +624,6 @@
     "version": "v1.5.3",
     "date": "2025-09-20T12:12:33Z"
   },
-  {
-    "name": "documenso/documenso",
-    "version": "v1.13.2",
-    "date": "2025-10-30T04:12:40Z"
-  },
   {
     "name": "ipfs/kubo",
     "version": "v0.38.2",
@@ -559,11 +649,6 @@
     "version": "server-v3.4.4",
     "date": "2025-09-25T13:19:26Z"
   },
-  {
-    "name": "heiher/hev-socks5-server",
-    "version": "2.11.0",
-    "date": "2025-10-29T14:26:23Z"
-  },
   {
     "name": "cockpit-project/cockpit",
     "version": "350",
@@ -574,11 +659,6 @@
     "version": "cassandra-5.0.6",
     "date": "2025-10-29T07:40:47Z"
   },
-  {
-    "name": "openobserve/openobserve",
-    "version": "v0.15.3",
-    "date": "2025-10-29T05:15:45Z"
-  },
   {
     "name": "outline/outline",
     "version": "v1.0.1",
@@ -609,21 +689,11 @@
     "version": "2.0.2",
     "date": "2025-10-28T15:51:35Z"
   },
-  {
-    "name": "traefik/traefik",
-    "version": "v3.5.4",
-    "date": "2025-10-28T11:09:25Z"
-  },
   {
     "name": "librespeed/speedtest-rust",
     "version": "v1.4.0",
     "date": "2025-10-28T15:11:12Z"
   },
-  {
-    "name": "nzbgetcom/nzbget",
-    "version": "v25.4",
-    "date": "2025-10-09T10:27:01Z"
-  },
   {
     "name": "thecfu/scraparr",
     "version": "v3.0.0-beta.2",
@@ -684,11 +754,6 @@
     "version": "v1.7.3",
     "date": "2025-10-24T10:51:12Z"
   },
-  {
-    "name": "pocketbase/pocketbase",
-    "version": "v0.31.0",
-    "date": "2025-10-24T04:07:27Z"
-  },
   {
     "name": "drakkan/sftpgo",
     "version": "v2.7.0",
@@ -749,11 +814,6 @@
     "version": "v1.71.2",
     "date": "2025-10-20T15:25:52Z"
   },
-  {
-    "name": "pelican-dev/panel",
-    "version": "v1.0.0-beta27",
-    "date": "2025-10-20T00:38:13Z"
-  },
   {
     "name": "seriousm4x/UpSnap",
     "version": "5.2.3",
@@ -789,11 +849,6 @@
     "version": "0.20.4",
     "date": "2025-10-18T10:00:42Z"
   },
-  {
-    "name": "grokability/snipe-it",
-    "version": "v8.3.4",
-    "date": "2025-10-17T18:13:24Z"
-  },
   {
     "name": "NodeBB/NodeBB",
     "version": "v4.6.1",
@@ -854,11 +909,6 @@
     "version": "v2.0.119",
     "date": "2025-10-13T23:15:11Z"
   },
-  {
-    "name": "hargata/lubelog",
-    "version": "v1.5.3",
-    "date": "2025-10-13T19:59:30Z"
-  },
   {
     "name": "node-red/node-red",
     "version": "4.1.1",
@@ -869,11 +919,6 @@
     "version": "v5.0.85",
     "date": "2025-10-12T19:55:18Z"
   },
-  {
-    "name": "authelia/authelia",
-    "version": "v4.39.13",
-    "date": "2025-10-12T05:45:48Z"
-  },
   {
     "name": "gelbphoenix/autocaliweb",
     "version": "v0.10.4",
@@ -889,21 +934,11 @@
     "version": "v5.16.0",
     "date": "2025-10-10T16:17:02Z"
   },
-  {
-    "name": "raydak-labs/configarr",
-    "version": "v1.17.1",
-    "date": "2025-10-10T16:12:41Z"
-  },
   {
     "name": "projectsend/projectsend",
     "version": "r1945",
     "date": "2025-10-10T02:30:05Z"
   },
-  {
-    "name": "autobrr/autobrr",
-    "version": "v1.68.0",
-    "date": "2025-10-08T18:33:12Z"
-  },
   {
     "name": "advplyr/audiobookshelf",
     "version": "v2.30.0",
@@ -914,11 +949,6 @@
     "version": "1.23.5",
     "date": "2025-10-08T07:31:37Z"
   },
-  {
-    "name": "pelican-dev/wings",
-    "version": "v1.0.0-beta18",
-    "date": "2025-10-07T21:05:57Z"
-  },
   {
     "name": "C4illin/ConvertX",
     "version": "v0.15.1",
@@ -944,11 +974,6 @@
     "version": "v1.5.9",
     "date": "2025-10-06T08:34:01Z"
   },
-  {
-    "name": "BookStackApp/BookStack",
-    "version": "v25.07.3",
-    "date": "2025-10-05T14:47:20Z"
-  },
   {
     "name": "webmin/webmin",
     "version": "2.520",
@@ -1079,11 +1104,6 @@
     "version": "v2.7.6",
     "date": "2025-09-15T15:50:44Z"
   },
-  {
-    "name": "karakeep-app/karakeep",
-    "version": "cli/v0.27.1",
-    "date": "2025-09-14T14:48:48Z"
-  },
   {
     "name": "intri-in/manage-my-damn-life-nextjs",
     "version": "v0.8.1",
@@ -1159,11 +1179,6 @@
     "version": "v2.10.2",
     "date": "2025-08-23T03:10:31Z"
   },
-  {
-    "name": "oauth2-proxy/oauth2-proxy",
-    "version": "v7.12.0",
-    "date": "2025-08-19T06:57:20Z"
-  },
   {
     "name": "ventoy/Ventoy",
     "version": "v1.1.07",
@@ -1239,16 +1254,6 @@
     "version": "v0.4.5",
     "date": "2025-07-29T16:39:18Z"
   },
-  {
-    "name": "navidrome/navidrome",
-    "version": "v0.58.0",
-    "date": "2025-07-28T18:59:50Z"
-  },
-  {
-    "name": "umami-software/umami",
-    "version": "v2.19.0",
-    "date": "2025-07-27T22:25:00Z"
-  },
   {
     "name": "PCJones/UmlautAdaptarr",
     "version": "v0.7.3",
@@ -1349,11 +1354,6 @@
     "version": "2025-05-07-r1",
     "date": "2025-05-07T12:18:42Z"
   },
-  {
-    "name": "TechnitiumSoftware/DnsServer",
-    "version": "v13.6.0",
-    "date": "2025-04-26T10:21:12Z"
-  },
   {
     "name": "dotnetfactory/fluid-calendar",
     "version": "v1.4.0",

install/ghostfolio-install.sh

@@ -78,6 +78,7 @@ JWT_SECRET_KEY=$JWT_SECRET_KEY
 NODE_ENV=production
 PORT=3333
 HOST=0.0.0.0
+TZ=Etc/UTC
 EOF
 
 if [[ -n "${COINGECKO_DEMO_KEY:-}" ]]; then

install/jotty-install.sh

@@ -40,9 +40,9 @@ NODE_ENV=production
 # OIDC_ISSUER=<your-oidc-issuer-url>
 # OIDC_CLIENT_ID=<oidc-client-id>
 # APP_URL=<https://app.domain.tld>
-# SSO_FALLBACK_LOCAL=yes # Allow both SSO and normal login
-# OIDC_CLIENT_SECRET=your_client_secret  # Enable confidential client mode with client authentication
-# OIDC_ADMIN_GROUPS=admins # Map provider groups to admin role
+# SSO_FALLBACK_LOCAL=yes
+# OIDC_CLIENT_SECRET=your_client_secret
+# OIDC_ADMIN_GROUPS=admins
 EOF
 msg_ok "Installed ${APPLICATION}"
 

install/mediamanager-install.sh

@@ -45,15 +45,15 @@ MM_DIR="/opt/mm"
 MEDIA_DIR="${MM_DIR}/media"
 export CONFIG_DIR="${MM_DIR}/config"
 export FRONTEND_FILES_DIR="${MM_DIR}/web/build"
-export BASE_PATH=""
 export PUBLIC_VERSION=""
 export PUBLIC_API_URL=""
-export BASE_PATH=""
+export BASE_PATH="/web"
 cd /opt/mediamanager/web
-$STD npm ci
+$STD npm ci --no-fund --no-audit
 $STD npm run build
 mkdir -p {"$MM_DIR"/web,"$MEDIA_DIR","$CONFIG_DIR"}
 cp -r build "$FRONTEND_FILES_DIR"
+export BASE_PATH=""
 export VIRTUAL_ENV="${MM_DIR}/venv"
 cd /opt/mediamanager
 cp -r {media_manager,alembic*} "$MM_DIR"
@@ -81,8 +81,9 @@ cat <<EOF >"$MM_DIR"/start.sh
 
 export CONFIG_DIR="$CONFIG_DIR"
 export FRONTEND_FILES_DIR="$FRONTEND_FILES_DIR"
+export LOG_FILE="$CONFIG_DIR/media_manager.log"
 export BASE_PATH=""
-cd "$MM_DIR"
+cd $MM_DIR
 source ./venv/bin/activate
 /usr/local/bin/uv run alembic upgrade head
 /usr/local/bin/uv run fastapi run ./media_manager/main.py --port 8000

install/mongodb-install.sh

@@ -20,13 +20,7 @@ else
   MONGO_VERSION="7.0" setup_mongodb
 fi
 sed -i 's/bindIp: 127.0.0.1/bindIp: 0.0.0.0/' /etc/mongod.conf
-msg_ok "Installed MongoDB $MONGO_VERSION"
 
 motd_ssh
 customize
-
-msg_info "Cleaning up"
-$STD apt -y autoremove
-$STD apt -y autoclean
-$STD apt -y clean
-msg_ok "Cleaned"
+cleanup_lxc

install/n8n-install.sh

@@ -16,7 +16,9 @@ update_os
 msg_info "Installing Dependencies"
 $STD apt install -y \
   ca-certificates \
-  build-essential
+  build-essential \
+  python3 \
+  python3-setuptools
 msg_ok "Installed Dependencies"
 
 NODE_VERSION="22" setup_nodejs

install/odoo-install.sh

@@ -14,7 +14,7 @@ network_check
 update_os
 
 msg_info "Installing Dependencies"
-$STD apt install -y python3-lxml
+$STD apt install -y python3-lxml wkhtmltopdf
 curl -fsSL "http://archive.ubuntu.com/ubuntu/pool/universe/l/lxml-html-clean/python3-lxml-html-clean_0.1.1-1_all.deb" -o /opt/python3-lxml-html-clean.deb
 $STD dpkg -i /opt/python3-lxml-html-clean.deb
 msg_ok "Installed Dependencies"

install/openwebui-install.sh

@@ -17,7 +17,11 @@ msg_info "Installing Dependencies"
 $STD apt install -y ffmpeg
 msg_ok "Installed Dependencies"
 
-USE_UVX="YES" PYTHON_VERSION="3.12" setup_uv
+PYTHON_VERSION="3.12" setup_uv
+
+msg_info "Installing Open WebUI"
+$STD uv tool install --python 3.12 open-webui[all]
+msg_ok "Installed Open WebUI"
 
 read -r -p "${TAB3}Would you like to add Ollama? <y/N> " prompt
 if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
@@ -56,7 +60,7 @@ After=network.target
 Type=simple
 EnvironmentFile=-/root/.env
 Environment=DATA_DIR=/root/.open-webui
-ExecStart=/usr/local/bin/uvx --python 3.12 open-webui@latest serve
+ExecStart=/root/.local/bin/open-webui serve
 WorkingDirectory=/root
 Restart=on-failure
 RestartSec=5
@@ -70,9 +74,4 @@ msg_ok "Created Service"
 
 motd_ssh
 customize
-
-msg_info "Cleaning up"
-$STD apt -y autoremove
-$STD apt -y autoclean
-$STD apt -y clean
-msg_ok "Cleaned"
+cleanup_lxc

install/pangolin-install.sh

@@ -22,11 +22,16 @@ msg_ok "Installed Dependencies"
 NODE_VERSION="22" setup_nodejs
 fetch_and_deploy_gh_release "pangolin" "fosrl/pangolin" "tarball"
 fetch_and_deploy_gh_release "gerbil" "fosrl/gerbil" "singlefile" "latest" "/usr/bin" "gerbil_linux_amd64"
+fetch_and_deploy_gh_release "traefik" "traefik/traefik" "prebuild" "latest" "/usr/bin" "traefik_v*_linux_amd64.tar.gz"
+
+read -rp "${TAB3}Enter your Pangolin URL (ex: https://pangolin.example.com): " pango_url
+read -rp "${TAB3}Enter your email address: " pango_email
 
 msg_info "Setup Pangolin"
 IP_ADDR=$(hostname -I | awk '{print $1}')
 SECRET_KEY=$(openssl rand -base64 48 | tr -dc 'A-Za-z0-9' | head -c 32)
 cd /opt/pangolin
+mkdir -p /opt/pangolin/config/{traefik,db,letsencrypt,logs}
 $STD npm ci
 $STD npm run set:sqlite
 $STD npm run set:oss
@@ -46,30 +51,129 @@ mkdir -p /var/config
 
 cat <<EOF >/opt/pangolin/config/config.yml
 app:
-  dashboard_url: http://$IP_ADDR:3002
-  log_level: debug
+  dashboard_url: "$pango_url"
 
 domains:
   domain1:
-    base_domain: example.com
+    base_domain: "$pango_url"
+    cert_resolver: "letsencrypt"
 
 server:
-  secret: $SECRET_KEY
+  secret: "$SECRET_KEY"
 
 gerbil:
-  base_endpoint: example.com
-
-orgs:
-  block_size: 24
-  subnet_group: 100.90.137.0/20
+  base_endpoint: "$pango_url"
 
 flags:
   require_email_verification: false
-  disable_signup_without_invite: true
-  disable_user_create_org: true
-  allow_raw_resources: true
-  enable_integration_api: true
-  enable_clients: true
+  disable_signup_without_invite: false
+  disable_user_create_org: false
+EOF
+
+cat <<EOF >/opt/pangolin/config/traefik/traefik_config.yml
+api:
+  insecure: true
+  dashboard: true
+
+providers:
+  http:
+    endpoint: "http://$IP_ADDR:3001/api/v1/traefik-config"
+    pollInterval: "5s"
+  file:
+    filename: "/opt/pangolin/config/traefik/dynamic_config.yml"
+
+experimental:
+  plugins:
+    badger:
+      moduleName: "github.com/fosrl/badger"
+      version: "v1.2.0"
+
+log:
+  level: "INFO"
+  format: "common"
+
+certificatesResolvers:
+  letsencrypt:
+    acme:
+      httpChallenge:
+        entryPoint: web
+      email: $pango_email
+      storage: "/opt/pangolin/config/letsencrypt/acme.json"
+      caServer: "https://acme-v02.api.letsencrypt.org/directory"
+
+entryPoints:
+  web:
+    address: ":80"
+  websecure:
+    address: ":443"
+    transport:
+      respondingTimeouts:
+        readTimeout: "30m"
+    http:
+      tls:
+        certResolver: "letsencrypt"
+
+serversTransport:
+  insecureSkipVerify: true
+
+ping:
+    entryPoint: "web"
+EOF
+
+cat <<EOF >/opt/pangolin/config/traefik/dynamic_config.yml
+http:
+  middlewares:
+    redirect-to-https:
+      redirectScheme:
+        scheme: https
+
+  routers:
+    # HTTP to HTTPS redirect router
+    main-app-router-redirect:
+      rule: "Host(\`$pango_url\`)"
+      service: next-service
+      entryPoints:
+        - web
+      middlewares:
+        - redirect-to-https
+
+    # Next.js router (handles everything except API and WebSocket paths)
+    next-router:
+      rule: "Host(\`$pango_url\`) && !PathPrefix(\`/api/v1\`)"
+      service: next-service
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+
+    # API router (handles /api/v1 paths)
+    api-router:
+      rule: "Host(\`$pango_url\`) && PathPrefix(\`/api/v1\`)"
+      service: api-service
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+
+    # WebSocket router
+    ws-router:
+      rule: "Host(\`$pango_url\`)"
+      service: api-service
+      entryPoints:
+        - websecure
+      tls:
+        certResolver: letsencrypt
+
+  services:
+    next-service:
+      loadBalancer:
+        servers:
+          - url: "http://$IP_ADDR:3002"
+
+    api-service:
+      loadBalancer:
+        servers:
+          - url: "http://$IP_ADDR:3000"
 EOF
 $STD npm run db:sqlite:generate
 $STD npm run db:sqlite:push
@@ -122,6 +226,21 @@ RestartSec=10
 WantedBy=multi-user.target
 EOF
 systemctl enable -q --now gerbil
+
+cat <<'EOF' >/etc/systemd/system/traefik.service
+[Unit]
+Description=Traefik is an open-source Edge Router that makes publishing your services a fun and easy experience
+
+[Service]
+Type=notify
+ExecStart=/usr/bin/traefik --configFile=/opt/pangolin/config/traefik/traefik_config.yml
+Restart=on-failure
+ExecReload=/bin/kill -USR1 \$MAINPID
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now traefik
 msg_ok "Created Services"
 
 motd_ssh

install/phpipam-install.sh

@@ -13,39 +13,27 @@ setting_up_container
 network_check
 update_os
 
-msg_info "Installing Dependencies"
-$STD apt install -y php-pear
-msg_ok "Installed Dependencies"
+PHP_VERSION="8.4" PHP_APACHE="YES" PHP_FPM="YES" PHP_MODULE="mysql,gmp,snmp,ldap,apcu" setup_php
+
+msg_info "Installing PHP-PEAR"
+$STD apt install -y \
+  php-pear \
+  php-dev
+msg_ok "Installed PHP-PEAR"
 
-PHP_VERSION="8.2" PHP_APACHE="YES" PHP_FPM="YES" PHP_MODULE="mysql,imap,apcu,pspell,tidy,xmlrpc,gmp,ldap,common,snmp" setup_php
 setup_mariadb
-
-msg_info "Setting up MariaDB"
-DB_NAME=phpipam
-DB_USER=phpipam
-DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
-$STD mariadb -u root -e "CREATE DATABASE $DB_NAME;"
-$STD mariadb -u root -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
-$STD mariadb -u root -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
-{
-  echo "phpIPAM-Credentials"
-  echo "phpIPAM Database User: $DB_USER"
-  echo "phpIPAM Database Password: $DB_PASS"
-  echo "phpIPAM Database Name: $DB_NAME"
-} >>~/phpipam.creds
-msg_ok "Set up MariaDB"
-
+MARIADB_DB_NAME="phpipam" MARIADB_DB_USER="phpipam" setup_mariadb_db
 fetch_and_deploy_gh_release "phpipam" "phpipam/phpipam" "prebuild" "latest" "/opt/phpipam" "phpipam-v*.zip"
 
 msg_info "Installing phpIPAM"
-$STD mariadb -u root "${DB_NAME}" </opt/phpipam/db/SCHEMA.sql
+$STD mariadb -u root "${MARIADB_DB_NAME}" </opt/phpipam/db/SCHEMA.sql
 cp /opt/phpipam/config.dist.php /opt/phpipam/config.php
 sed -i -e "s/\(\$disable_installer = \).*/\1true;/" \
-  -e "s/\(\$db\['user'\] = \).*/\1'$DB_USER';/" \
-  -e "s/\(\$db\['pass'\] = \).*/\1'$DB_PASS';/" \
-  -e "s/\(\$db\['name'\] = \).*/\1'$DB_NAME';/" \
+  -e "s/\(\$db\['user'\] = \).*/\1'$MARIADB_DB_USER';/" \
+  -e "s/\(\$db\['pass'\] = \).*/\1'$MARIADB_DB_PASS';/" \
+  -e "s/\(\$db\['name'\] = \).*/\1'$MARIADB_DB_NAME';/" \
   /opt/phpipam/config.php
-sed -i '/max_execution_time/s/= .*/= 600/' /etc/php/8.2/apache2/php.ini
+sed -i '/max_execution_time/s/= .*/= 600/' /etc/php/8.4/apache2/php.ini
 msg_ok "Installed phpIPAM"
 
 msg_info "Creating Service"
@@ -71,9 +59,4 @@ msg_ok "Created Service"
 
 motd_ssh
 customize
-
-msg_info "Cleaning up"
-$STD apt -y autoremove
-$STD apt -y autoclean
-$STD apt -y clean
-msg_ok "Cleaned"
+cleanup_lxc

install/technitiumdns-install.sh

@@ -18,7 +18,7 @@ curl -fsSL "https://packages.microsoft.com/config/debian/12/packages-microsoft-p
 $STD dpkg -i packages-microsoft-prod.deb
 rm -rf packages-microsoft-prod.deb
 $STD apt update
-$STD apt install -y aspnetcore-runtime-8.0
+$STD apt install -y aspnetcore-runtime-9.0
 msg_ok "Installed ASP.NET Core Runtime"
 
 RELEASE=$(curl -fsSL https://technitium.com/dns/ | grep -oP 'Version \K[\d.]+')
@@ -26,20 +26,15 @@ msg_info "Installing Technitium DNS"
 mkdir -p /opt/technitium/dns
 curl -fsSL "https://download.technitium.com/dns/DnsServerPortable.tar.gz" -o /opt/DnsServerPortable.tar.gz
 $STD tar zxvf /opt/DnsServerPortable.tar.gz -C /opt/technitium/dns/
+rm -f /opt/DnsServerPortable.tar.gz
 echo "${RELEASE}" >~/.technitium
 msg_ok "Installed Technitium DNS"
 
 msg_info "Creating service"
 cp /opt/technitium/dns/systemd.service /etc/systemd/system/technitium.service
-systemctl enable -q --now technitium
+systemctl enable -q --now technitium 
 msg_ok "Service created"
 
 motd_ssh
 customize
-
-msg_info "Cleaning up"
-rm -f /opt/DnsServerPortable.tar.gz
-$STD apt -y autoremove
-$STD apt -y autoclean
-$STD apt -y clean
-msg_ok "Cleaned"
+cleanup_lxc

misc/core.func

@@ -370,6 +370,7 @@ run_container_safe() {
 
 cleanup_lxc() {
   msg_info "Cleaning up"
+
   if is_alpine; then
     $STD apk cache clean || true
     rm -rf /var/cache/apk/*
@@ -379,36 +380,38 @@ cleanup_lxc() {
     $STD apt -y clean || true
   fi
 
-  rm -rf /tmp/* /var/tmp/*
-
-  # Remove temp files created by mktemp/tempfile
+  # Clear temp artifacts (keep sockets/FIFOs; ignore errors)
   find /tmp /var/tmp -type f -name 'tmp*' -delete 2>/dev/null || true
   find /tmp /var/tmp -type f -name 'tempfile*' -delete 2>/dev/null || true
 
-  find /var/log -type f -exec truncate -s 0 {} +
+  # Truncate writable log files silently (permission errors ignored)
+  if command -v truncate >/dev/null 2>&1; then
+    find /var/log -type f -writable -print0 2>/dev/null |
+      xargs -0 -n1 truncate -s 0 2>/dev/null || true
+  fi
 
   # Python pip
-  if command -v pip &>/dev/null; then pip cache purge || true; fi
+  if command -v pip &>/dev/null; then $STD pip cache purge || true; fi
   # Python uv
-  if command -v uv &>/dev/null; then uv cache clear || true; fi
+  if command -v uv &>/dev/null; then $STD uv cache clear || true; fi
   # Node.js npm
-  if command -v npm &>/dev/null; then npm cache clean --force || true; fi
+  if command -v npm &>/dev/null; then $STD npm cache clean --force || true; fi
   # Node.js yarn
-  if command -v yarn &>/dev/null; then yarn cache clean || true; fi
+  if command -v yarn &>/dev/null; then $STD yarn cache clean || true; fi
   # Node.js pnpm
-  if command -v pnpm &>/dev/null; then pnpm store prune || true; fi
+  if command -v pnpm &>/dev/null; then $STD pnpm store prune || true; fi
   # Go
-  if command -v go &>/dev/null; then go clean -cache -modcache || true; fi
+  if command -v go &>/dev/null; then $STD go clean -cache -modcache || true; fi
   # Rust cargo
-  if command -v cargo &>/dev/null; then cargo clean || true; fi
+  if command -v cargo &>/dev/null; then $STD cargo clean || true; fi
   # Ruby gem
-  if command -v gem &>/dev/null; then gem cleanup || true; fi
+  if command -v gem &>/dev/null; then $STD gem cleanup || true; fi
   # Composer (PHP)
-  if command -v composer &>/dev/null; then composer clear-cache || true; fi
+  if command -v composer &>/dev/null; then $STD composer clear-cache || true; fi
 
   if command -v journalctl &>/dev/null; then
-    $STD journalctl --rotate
-    $STD journalctl --vacuum-time=10m
+    $STD journalctl --rotate || true
+    $STD journalctl --vacuum-time=10m || true
   fi
   msg_ok "Cleaned"
 }

misc/tools.func

@@ -72,15 +72,23 @@ stop_all_services() {
   local service_patterns=("$@")
 
   for pattern in "${service_patterns[@]}"; do
-    # Find all matching services
-    systemctl list-units --type=service --all 2>/dev/null |
-      grep -oE "${pattern}[^ ]*\.service" |
-      sort -u |
-      while read -r service; do
+    # Find all matching services (use || true to avoid pipeline failures)
+    local services
+    services=$(systemctl list-units --type=service --all 2>/dev/null |
+      grep -oE "${pattern}[^ ]*\.service" 2>/dev/null |
+      sort -u 2>/dev/null || true)
+
+    # Only process if we found any services
+    if [[ -n "$services" ]]; then
+      while IFS= read -r service; do
+        [[ -z "$service" ]] && continue
         $STD systemctl stop "$service" 2>/dev/null || true
         $STD systemctl disable "$service" 2>/dev/null || true
-      done
+      done <<<"$services"
+    fi
   done
+
+  return 0
 }
 
 # ------------------------------------------------------------------------------
@@ -427,7 +435,12 @@ manage_tool_repository() {
     suite=$(get_fallback_suite "$distro_id" "$distro_codename" "$repo_url/$distro_id")
 
     # Setup new repository using deb822 format
-    setup_deb822_repo "mariadb" "$gpg_key_url" "$repo_url/$distro_id" "$suite" "main" "amd64 arm64" || return 1
+    setup_deb822_repo \
+      "mariadb" \
+      "$gpg_key_url" \
+      "$repo_url/$distro_id" \
+      "$suite" \
+      "main"
     return 0
     ;;
 
@@ -504,7 +517,7 @@ Types: deb
 URIs: ${repo_url}
 Suites: ${suite}/mongodb-org/${version}
 Components: ${repo_component}
-Architectures: amd64 arm64
+Architectures: $(dpkg --print-architecture)
 Signed-By: /etc/apt/keyrings/mongodb-server-${version}.gpg
 EOF
     return 0
@@ -536,7 +549,7 @@ Types: deb
 URIs: $repo_url
 Suites: nodistro
 Components: main
-Architectures: amd64 arm64
+Architectures: $(dpkg --print-architecture)
 Signed-By: /etc/apt/keyrings/nodesource.gpg
 EOF
     return 0
@@ -570,7 +583,7 @@ Types: deb
 URIs: https://packages.sury.org/php
 Suites: $distro_codename
 Components: main
-Architectures: amd64 arm64
+Architectures: $(dpkg --print-architecture)
 Signed-By: /usr/share/keyrings/deb.sury.org-php.gpg
 EOF
     return 0
@@ -601,7 +614,7 @@ Types: deb
 URIs: http://apt.postgresql.org/pub/repos/apt
 Suites: $distro_codename-pgdg
 Components: main
-Architectures: amd64 arm64
+Architectures: $(dpkg --print-architecture)
 Signed-By: /etc/apt/keyrings/postgresql.gpg
 EOF
     return 0
@@ -1193,8 +1206,8 @@ ensure_apt_working() {
 }
 
 # ------------------------------------------------------------------------------
-# Standardized deb822 repository setup
-# Validates all parameters and fails safely if any are empty
+# Standardized deb822 repository setup (with optional Architectures)
+# Always runs apt update after repo creation to ensure package availability
 # ------------------------------------------------------------------------------
 setup_deb822_repo() {
   local name="$1"
@@ -1202,56 +1215,40 @@ setup_deb822_repo() {
   local repo_url="$3"
   local suite="$4"
   local component="${5:-main}"
-  local architectures="${6:-amd64 arm64}"
+  local architectures="${6-}" # optional
 
   # Validate required parameters
   if [[ -z "$name" || -z "$gpg_url" || -z "$repo_url" || -z "$suite" ]]; then
-    msg_error "setup_deb822_repo: missing required parameters (name=$name, gpg=$gpg_url, repo=$repo_url, suite=$suite)"
+    msg_error "setup_deb822_repo: missing required parameters (name=$name repo=$repo_url suite=$suite)"
     return 1
   fi
 
-  # Cleanup old configs for this app
+  # Cleanup
   cleanup_old_repo_files "$name"
-
-  # Cleanup any orphaned .sources files from other apps
   cleanup_orphaned_sources
 
-  # Ensure keyring directory exists
   mkdir -p /etc/apt/keyrings || {
-    msg_error "Failed to create /etc/apt/keyrings directory"
+    msg_error "Failed to create /etc/apt/keyrings"
     return 1
   }
 
-  # Download GPG key (with --yes to avoid interactive prompts)
-  curl -fsSL "$gpg_url" | gpg --dearmor --yes -o "/etc/apt/keyrings/${name}.gpg" 2>/dev/null || {
-    msg_error "Failed to download or import GPG key for ${name} from $gpg_url"
+  # Import GPG
+  curl -fsSL "$gpg_url" | gpg --dearmor --yes -o "/etc/apt/keyrings/${name}.gpg" || {
+    msg_error "Failed to import GPG key for ${name}"
     return 1
   }
 
-  # Create deb822 sources file
-  cat <<EOF >/etc/apt/sources.list.d/${name}.sources
-Types: deb
-URIs: $repo_url
-Suites: $suite
-Components: $component
-Architectures: $architectures
-Signed-By: /etc/apt/keyrings/${name}.gpg
-EOF
+  # Write deb822
+  {
+    echo "Types: deb"
+    echo "URIs: $repo_url"
+    echo "Suites: $suite"
+    echo "Components: $component"
+    [[ -n "$architectures" ]] && echo "Architectures: $architectures"
+    echo "Signed-By: /etc/apt/keyrings/${name}.gpg"
+  } >/etc/apt/sources.list.d/${name}.sources
 
-  # Use cached apt update
-  local apt_cache_file="/var/cache/apt-update-timestamp"
-  local current_time=$(date +%s)
-  local last_update=0
-
-  if [[ -f "$apt_cache_file" ]]; then
-    last_update=$(cat "$apt_cache_file" 2>/dev/null || echo 0)
-  fi
-
-  # For repo changes, always update but respect short-term cache (30s)
-  if ((current_time - last_update > 30)); then
-    $STD apt update
-    echo "$current_time" >"$apt_cache_file"
-  fi
+  $STD apt update
 }
 
 # ------------------------------------------------------------------------------
@@ -1410,7 +1407,7 @@ verify_gpg_fingerprint() {
 }
 
 # ==============================================================================
-# EXISTING FUNCTIONS
+# INSTALL FUNCTIONS
 # ==============================================================================
 
 # ------------------------------------------------------------------------------
@@ -1512,7 +1509,7 @@ check_for_gh_release() {
       return 0
     fi
 
-    msg_error "No update available: ${app} is not installed!"
+    msg_ok "No update available: ${app} is already on pinned version (${current})"
     return 1
   fi
 
@@ -2780,8 +2777,7 @@ function setup_java() {
       "https://packages.adoptium.net/artifactory/api/gpg/key/public" \
       "https://packages.adoptium.net/artifactory/deb" \
       "$SUITE" \
-      "main" \
-      "amd64 arm64"
+      "main"
   fi
 
   # Get currently installed version
@@ -3056,6 +3052,85 @@ setup_mariadb() {
   msg_ok "Setup MariaDB $MARIADB_VERSION"
 }
 
+# ------------------------------------------------------------------------------
+# Creates MariaDB database with user, charset and optional extra grants/modes
+#
+# Description:
+#   - Generates password if empty
+#   - Creates database with utf8mb4_unicode_ci
+#   - Creates local user with password
+#   - Grants full access to this DB
+#   - Optional: apply extra GRANT statements (comma-separated)
+#   - Optional: apply custom GLOBAL sql_mode
+#   - Saves credentials to file
+#   - Exports variables for use in calling script
+#
+# Usage:
+#   MARIADB_DB_NAME="myapp_db" MARIADB_DB_USER="myapp_user" setup_mariadb_db
+#   MARIADB_DB_NAME="domain_monitor" MARIADB_DB_USER="domainmonitor" setup_mariadb_db
+#   MARIADB_DB_NAME="myapp" MARIADB_DB_USER="myapp" MARIADB_DB_EXTRA_GRANTS="GRANT SELECT ON \`mysql\`.\`time_zone_name\`" setup_mariadb_db
+#   MARIADB_DB_NAME="ghostfolio" MARIADB_DB_USER="ghostfolio" MARIADB_DB_SQL_MODE="" setup_mariadb_db
+#
+# Variables:
+#   MARIADB_DB_NAME         - Database name (required)
+#   MARIADB_DB_USER         - Database user (required)
+#   MARIADB_DB_PASS         - User password (optional, auto-generated if empty)
+#   MARIADB_DB_EXTRA_GRANTS - Comma-separated GRANT statements (optional)
+#                             Example: "GRANT SELECT ON \`mysql\`.\`time_zone_name\`"
+#   MARIADB_DB_SQL_MODE     - Optional global sql_mode override (e.g. "", "STRICT_TRANS_TABLES")
+#   MARIADB_DB_CREDS_FILE   - Credentials file path (optional, default: ~/${APPLICATION}.creds)
+#
+# Exports:
+#   MARIADB_DB_NAME, MARIADB_DB_USER, MARIADB_DB_PASS
+# ------------------------------------------------------------------------------
+
+function setup_mariadb_db() {
+  if [[ -z "${MARIADB_DB_NAME:-}" || -z "${MARIADB_DB_USER:-}" ]]; then
+    msg_error "MARIADB_DB_NAME and MARIADB_DB_USER must be set before calling setup_mariadb_db"
+    return 1
+  fi
+
+  if [[ -z "${MARIADB_DB_PASS:-}" ]]; then
+    MARIADB_DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
+  fi
+
+  msg_info "Setting up MariaDB Database"
+
+  $STD mariadb -u root -e "CREATE DATABASE \`$MARIADB_DB_NAME\` CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
+  $STD mariadb -u root -e "CREATE USER '$MARIADB_DB_USER'@'localhost' IDENTIFIED BY '$MARIADB_DB_PASS';"
+  $STD mariadb -u root -e "GRANT ALL ON \`$MARIADB_DB_NAME\`.* TO '$MARIADB_DB_USER'@'localhost';"
+
+  # Optional extra grants
+  if [[ -n "${MARIADB_DB_EXTRA_GRANTS:-}" ]]; then
+    IFS=',' read -ra G_LIST <<<"${MARIADB_DB_EXTRA_GRANTS:-}"
+    for g in "${G_LIST[@]}"; do
+      g=$(echo "$g" | xargs)
+      $STD mariadb -u root -e "$g TO '$MARIADB_DB_USER'@'localhost';"
+    done
+  fi
+
+  # Optional sql_mode override
+  if [[ -n "${MARIADB_DB_SQL_MODE:-}" ]]; then
+    $STD mariadb -u root -e "SET GLOBAL sql_mode='${MARIADB_DB_SQL_MODE:-}';"
+  fi
+
+  $STD mariadb -u root -e "FLUSH PRIVILEGES;"
+
+  local CREDS_FILE="${MARIADB_DB_CREDS_FILE:-${HOME}/${APPLICATION}.creds}"
+  {
+    echo "MariaDB Credentials"
+    echo "Database: $MARIADB_DB_NAME"
+    echo "User: $MARIADB_DB_USER"
+    echo "Password: $MARIADB_DB_PASS"
+  } >>"$CREDS_FILE"
+
+  msg_ok "Set up MariaDB Database"
+
+  export MARIADB_DB_NAME
+  export MARIADB_DB_USER
+  export MARIADB_DB_PASS
+}
+
 # ------------------------------------------------------------------------------
 # Installs or updates MongoDB to specified major version.
 #
@@ -3233,12 +3308,12 @@ function setup_mysql() {
       return 1
     fi
 
-    cat >/etc/apt/sources.list.d/mysql.sources <<'EOF'
+    cat >/etc/apt/sources.list.d/mysql.sources <<EOF
 Types: deb
 URIs: https://repo.mysql.com/apt/debian/
 Suites: bookworm
 Components: mysql-8.4-lts
-Architectures: amd64 arm64
+Architectures: $(dpkg --print-architecture)
 Signed-By: /etc/apt/keyrings/mysql.gpg
 EOF
 
@@ -3746,8 +3821,7 @@ function setup_postgresql() {
     "https://www.postgresql.org/media/keys/ACCC4CF8.asc" \
     "https://apt.postgresql.org/pub/repos/apt" \
     "$SUITE" \
-    "main" \
-    "amd64 arm64"
+    "main"
 
   if ! $STD apt update; then
     msg_error "APT update failed for PostgreSQL repository"
@@ -3816,6 +3890,103 @@ function setup_postgresql() {
   fi
 }
 
+# ------------------------------------------------------------------------------
+# Creates PostgreSQL database with user and optional extensions
+#
+# Description:
+#   - Creates PostgreSQL role with login and password
+#   - Creates database with UTF8 encoding and template0
+#   - Installs optional extensions (postgis, pgvector, etc.)
+#   - Configures ALTER ROLE settings for Django/Rails compatibility
+#   - Saves credentials to file
+#   - Exports variables for use in calling script
+#
+# Usage:
+#   PG_DB_NAME="myapp_db" PG_DB_USER="myapp_user" setup_postgresql_db
+#   PG_DB_NAME="immich" PG_DB_USER="immich" PG_DB_EXTENSIONS="pgvector" setup_postgresql_db
+#   PG_DB_NAME="ghostfolio" PG_DB_USER="ghostfolio" PG_DB_GRANT_SUPERUSER="true" setup_postgresql_db
+#   PG_DB_NAME="adventurelog" PG_DB_USER="adventurelog" PG_DB_EXTENSIONS="postgis" setup_postgresql_db
+#
+# Variables:
+#   PG_DB_NAME             - Database name (required)
+#   PG_DB_USER             - Database user (required)
+#   PG_DB_PASS             - Database password (optional, auto-generated if empty)
+#   PG_DB_EXTENSIONS       - Comma-separated list of extensions (optional, e.g. "postgis,pgvector")
+#   PG_DB_GRANT_SUPERUSER  - Grant SUPERUSER privilege (optional, "true" to enable, security risk!)
+#   PG_DB_SCHEMA_PERMS     - Grant schema-level permissions (optional, "true" to enable)
+#   PG_DB_SKIP_ALTER_ROLE  - Skip ALTER ROLE settings (optional, "true" to skip)
+#   PG_DB_CREDS_FILE       - Credentials file path (optional, default: ~/${APPLICATION}.creds)
+#
+# Exports:
+#   PG_DB_NAME, PG_DB_USER, PG_DB_PASS - For use in calling script
+# ------------------------------------------------------------------------------
+
+function setup_postgresql_db() {
+  # Validation
+  if [[ -z "${PG_DB_NAME:-}" || -z "${PG_DB_USER:-}" ]]; then
+    msg_error "PG_DB_NAME and PG_DB_USER must be set before calling setup_postgresql_db"
+    return 1
+  fi
+
+  # Generate password if not provided
+  if [[ -z "${PG_DB_PASS:-}" ]]; then
+    PG_DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
+  fi
+
+  msg_info "Setting up PostgreSQL Database"
+  $STD sudo -u postgres psql -c "CREATE ROLE $PG_DB_USER WITH LOGIN PASSWORD '$PG_DB_PASS';"
+  $STD sudo -u postgres psql -c "CREATE DATABASE $PG_DB_NAME WITH OWNER $PG_DB_USER ENCODING 'UTF8' TEMPLATE template0;"
+
+  # Install extensions (comma-separated)
+  if [[ -n "${PG_DB_EXTENSIONS:-}" ]]; then
+    IFS=',' read -ra EXT_LIST <<<"${PG_DB_EXTENSIONS:-}"
+    for ext in "${EXT_LIST[@]}"; do
+      ext=$(echo "$ext" | xargs) # Trim whitespace
+      $STD sudo -u postgres psql -d "$PG_DB_NAME" -c "CREATE EXTENSION IF NOT EXISTS $ext;"
+    done
+  fi
+
+  # ALTER ROLE settings for Django/Rails compatibility (unless skipped)
+  if [[ "${PG_DB_SKIP_ALTER_ROLE:-}" != "true" ]]; then
+    $STD sudo -u postgres psql -c "ALTER ROLE $PG_DB_USER SET client_encoding TO 'utf8';"
+    $STD sudo -u postgres psql -c "ALTER ROLE $PG_DB_USER SET default_transaction_isolation TO 'read committed';"
+    $STD sudo -u postgres psql -c "ALTER ROLE $PG_DB_USER SET timezone TO 'UTC';"
+  fi
+
+  # Schema permissions (if requested)
+  if [[ "${PG_DB_SCHEMA_PERMS:-}" == "true" ]]; then
+    $STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $PG_DB_NAME TO $PG_DB_USER;"
+    $STD sudo -u postgres psql -c "ALTER USER $PG_DB_USER CREATEDB;"
+    $STD sudo -u postgres psql -d "$PG_DB_NAME" -c "GRANT ALL ON SCHEMA public TO $PG_DB_USER;"
+    $STD sudo -u postgres psql -d "$PG_DB_NAME" -c "GRANT CREATE ON SCHEMA public TO $PG_DB_USER;"
+    $STD sudo -u postgres psql -d "$PG_DB_NAME" -c "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO $PG_DB_USER;"
+    $STD sudo -u postgres psql -d "$PG_DB_NAME" -c "ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO $PG_DB_USER;"
+  fi
+
+  # Superuser grant (if requested - WARNING!)
+  if [[ "${PG_DB_GRANT_SUPERUSER:-}" == "true" ]]; then
+    msg_warn "Granting SUPERUSER privilege (security risk!)"
+    $STD sudo -u postgres psql -c "GRANT ALL PRIVILEGES ON DATABASE $PG_DB_NAME to $PG_DB_USER;"
+    $STD sudo -u postgres psql -c "ALTER USER $PG_DB_USER WITH SUPERUSER;"
+  fi
+
+  # Save credentials
+  local CREDS_FILE="${PG_DB_CREDS_FILE:-${HOME}/${APPLICATION}.creds}"
+  {
+    echo "PostgreSQL Credentials"
+    echo "Database: $PG_DB_NAME"
+    echo "User: $PG_DB_USER"
+    echo "Password: $PG_DB_PASS"
+  } >>"$CREDS_FILE"
+
+  msg_ok "Set up PostgreSQL Database"
+
+  # Export for use in calling script
+  export PG_DB_NAME
+  export PG_DB_USER
+  export PG_DB_PASS
+}
+
 # ------------------------------------------------------------------------------
 # Installs rbenv and ruby-build, installs Ruby and optionally Rails.
 #
@@ -4096,8 +4267,7 @@ function setup_clickhouse() {
     "https://packages.clickhouse.com/rpm/lts/repodata/repomd.xml.key" \
     "https://packages.clickhouse.com/deb" \
     "stable" \
-    "main" \
-    "amd64 arm64"
+    "main"
 
   # Install packages with retry logic
   export DEBIAN_FRONTEND=noninteractive

vm/docker-vm.sh

@@ -5,6 +5,8 @@
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
 
 source /dev/stdin <<<$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/api.func)
+# Load Cloud-Init library for VM configuration
+source /dev/stdin <<<$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/vm/cloud-init-lib.sh) 2>/dev/null || true
 
 function header_info() {
   clear
@@ -24,8 +26,12 @@ RANDOM_UUID="$(cat /proc/sys/kernel/random/uuid)"
 METHOD=""
 NSAPP="docker-vm"
 var_os="debian"
-var_version="12"
+var_version="13"
 DISK_SIZE="10G"
+USE_CLOUD_INIT="no"
+INSTALL_PORTAINER="no"
+OS_TYPE=""
+OS_VERSION=""
 
 YW=$(echo "\033[33m")
 BL=$(echo "\033[36m")
@@ -129,6 +135,21 @@ function msg_error() {
   echo -e "${BFR}${CROSS}${RD}${msg}${CL}"
 }
 
+function spinner() {
+  local pid=$1
+  local msg="$2"
+  local spin='⠋⠙⠹⠸⠼⠴⠦⠧⠇⠏'
+  local i=0
+
+  echo -ne "${TAB}${YW}${msg} "
+  while kill -0 $pid 2>/dev/null; do
+    i=$(((i + 1) % 10))
+    echo -ne "\b${spin:$i:1}"
+    sleep 0.1
+  done
+  echo -ne "\b"
+}
+
 function check_root() {
   if [[ "$(id -u)" -ne 0 || $(ps -o comm= -p $PPID) == "sudo" ]]; then
     clear
@@ -153,6 +174,7 @@ pve_check() {
       msg_error "Supported: Proxmox VE version 8.0 – 8.9"
       exit 1
     fi
+    PVE_MAJOR=8
     return 0
   fi
 
@@ -164,6 +186,7 @@ pve_check() {
       msg_error "Supported: Proxmox VE version 9.0"
       exit 1
     fi
+    PVE_MAJOR=9
     return 0
   fi
 
@@ -202,14 +225,114 @@ function exit-script() {
   exit
 }
 
+function select_os() {
+  if OS_CHOICE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "SELECT OS" --radiolist \
+    "Choose Operating System for Docker VM" 14 68 4 \
+    "debian13" "Debian 13 (Trixie) - Latest" ON \
+    "debian12" "Debian 12 (Bookworm) - Stable" OFF \
+    "ubuntu2404" "Ubuntu 24.04 LTS (Noble)" OFF \
+    "ubuntu2204" "Ubuntu 22.04 LTS (Jammy)" OFF \
+    3>&1 1>&2 2>&3); then
+    case $OS_CHOICE in
+    debian13)
+      OS_TYPE="debian"
+      OS_VERSION="13"
+      OS_CODENAME="trixie"
+      OS_DISPLAY="Debian 13 (Trixie)"
+      ;;
+    debian12)
+      OS_TYPE="debian"
+      OS_VERSION="12"
+      OS_CODENAME="bookworm"
+      OS_DISPLAY="Debian 12 (Bookworm)"
+      ;;
+    ubuntu2404)
+      OS_TYPE="ubuntu"
+      OS_VERSION="24.04"
+      OS_CODENAME="noble"
+      OS_DISPLAY="Ubuntu 24.04 LTS"
+      ;;
+    ubuntu2204)
+      OS_TYPE="ubuntu"
+      OS_VERSION="22.04"
+      OS_CODENAME="jammy"
+      OS_DISPLAY="Ubuntu 22.04 LTS"
+      ;;
+    esac
+    echo -e "${OS}${BOLD}${DGN}Operating System: ${BGN}${OS_DISPLAY}${CL}"
+  else
+    exit-script
+  fi
+}
+
+function select_cloud_init() {
+  # Ubuntu only has cloudimg variant (always Cloud-Init), so no choice needed
+  if [ "$OS_TYPE" = "ubuntu" ]; then
+    USE_CLOUD_INIT="yes"
+    echo -e "${CLOUD}${BOLD}${DGN}Cloud-Init: ${BGN}yes (Ubuntu requires Cloud-Init)${CL}"
+    return
+  fi
+
+  # Debian has two image variants, so user can choose
+  if (whiptail --backtitle "Proxmox VE Helper Scripts" --title "CLOUD-INIT" \
+    --yesno "Enable Cloud-Init for VM configuration?\n\nCloud-Init allows automatic configuration of:\n• User accounts and passwords\n• SSH keys\n• Network settings (DHCP/Static)\n• DNS configuration\n\nYou can also configure these settings later in Proxmox UI.\n\nNote: Debian without Cloud-Init will use nocloud image with console auto-login." 18 68); then
+    USE_CLOUD_INIT="yes"
+    echo -e "${CLOUD}${BOLD}${DGN}Cloud-Init: ${BGN}yes${CL}"
+  else
+    USE_CLOUD_INIT="no"
+    echo -e "${CLOUD}${BOLD}${DGN}Cloud-Init: ${BGN}no${CL}"
+  fi
+}
+
+function select_portainer() {
+  if (whiptail --backtitle "Proxmox VE Helper Scripts" --title "PORTAINER" \
+    --yesno "Install Portainer for Docker management?\n\nPortainer is a lightweight management UI for Docker.\n\nAccess after installation:\n• HTTP:  http://<VM-IP>:9000\n• HTTPS: https://<VM-IP>:9443" 14 68); then
+    INSTALL_PORTAINER="yes"
+    echo -e "${ADVANCED}${BOLD}${DGN}Portainer: ${BGN}yes${CL}"
+  else
+    INSTALL_PORTAINER="no"
+    echo -e "${ADVANCED}${BOLD}${DGN}Portainer: ${BGN}no${CL}"
+  fi
+}
+
+function get_image_url() {
+  local arch=$(dpkg --print-architecture)
+  case $OS_TYPE in
+  debian)
+    # Debian has two variants:
+    # - generic: For Cloud-Init enabled VMs
+    # - nocloud: For VMs without Cloud-Init (has console auto-login)
+    if [ "$USE_CLOUD_INIT" = "yes" ]; then
+      echo "https://cloud.debian.org/images/cloud/${OS_CODENAME}/latest/debian-${OS_VERSION}-generic-${arch}.qcow2"
+    else
+      echo "https://cloud.debian.org/images/cloud/${OS_CODENAME}/latest/debian-${OS_VERSION}-nocloud-${arch}.qcow2"
+    fi
+    ;;
+  ubuntu)
+    # Ubuntu only has cloudimg variant (always with Cloud-Init support)
+    echo "https://cloud-images.ubuntu.com/${OS_CODENAME}/current/${OS_CODENAME}-server-cloudimg-${arch}.img"
+    ;;
+  esac
+}
+
 function default_settings() {
+  # OS Selection - ALWAYS ask
+  select_os
+
+  # Cloud-Init Selection - ALWAYS ask
+  select_cloud_init
+
+  # Portainer Selection - ALWAYS ask
+  select_portainer
+
+  # Set defaults for other settings
   VMID=$(get_valid_nextid)
-  FORMAT=",efitype=4m"
-  MACHINE=""
+  FORMAT=""
+  MACHINE=" -machine q35"
   DISK_CACHE=""
   DISK_SIZE="10G"
   HN="docker"
-  CPU_TYPE=""
+  CPU_TYPE=" -cpu host"
   CORE_COUNT="2"
   RAM_SIZE="4096"
   BRG="vmbr0"
@@ -218,12 +341,14 @@ function default_settings() {
   MTU=""
   START_VM="yes"
   METHOD="default"
+
+  # Display summary
   echo -e "${CONTAINERID}${BOLD}${DGN}Virtual Machine ID: ${BGN}${VMID}${CL}"
-  echo -e "${CONTAINERTYPE}${BOLD}${DGN}Machine Type: ${BGN}i440fx${CL}"
+  echo -e "${CONTAINERTYPE}${BOLD}${DGN}Machine Type: ${BGN}Q35 (Modern)${CL}"
   echo -e "${DISKSIZE}${BOLD}${DGN}Disk Size: ${BGN}${DISK_SIZE}${CL}"
   echo -e "${DISKSIZE}${BOLD}${DGN}Disk Cache: ${BGN}None${CL}"
   echo -e "${HOSTNAME}${BOLD}${DGN}Hostname: ${BGN}${HN}${CL}"
-  echo -e "${OS}${BOLD}${DGN}CPU Model: ${BGN}KVM64${CL}"
+  echo -e "${OS}${BOLD}${DGN}CPU Model: ${BGN}Host${CL}"
   echo -e "${CPUCORE}${BOLD}${DGN}CPU Cores: ${BGN}${CORE_COUNT}${CL}"
   echo -e "${RAMSIZE}${BOLD}${DGN}RAM Size: ${BGN}${RAM_SIZE}${CL}"
   echo -e "${BRIDGE}${BOLD}${DGN}Bridge: ${BGN}${BRG}${CL}"
@@ -231,10 +356,19 @@ function default_settings() {
   echo -e "${VLANTAG}${BOLD}${DGN}VLAN: ${BGN}Default${CL}"
   echo -e "${DEFAULT}${BOLD}${DGN}Interface MTU Size: ${BGN}Default${CL}"
   echo -e "${GATEWAY}${BOLD}${DGN}Start VM when completed: ${BGN}yes${CL}"
-  echo -e "${CREATING}${BOLD}${DGN}Creating a Docker VM using the above default settings${CL}"
+  echo -e "${CREATING}${BOLD}${DGN}Creating a Docker VM using the above settings${CL}"
 }
 
 function advanced_settings() {
+  # OS Selection - ALWAYS ask (at the beginning)
+  select_os
+
+  # Cloud-Init Selection - ALWAYS ask (at the beginning)
+  select_cloud_init
+
+  # Portainer Selection - ALWAYS ask (at the beginning)
+  select_portainer
+
   METHOD="advanced"
   [ -z "${VMID:-}" ] && VMID=$(get_valid_nextid)
   while true; do
@@ -255,15 +389,15 @@ function advanced_settings() {
   done
 
   if MACH=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "MACHINE TYPE" --radiolist --cancel-button Exit-Script "Choose Type" 10 58 2 \
-    "i440fx" "Machine i440fx" ON \
-    "q35" "Machine q35" OFF \
+    "q35" "Q35 (Modern, PCIe)" ON \
+    "i440fx" "i440fx (Legacy, PCI)" OFF \
     3>&1 1>&2 2>&3); then
     if [ $MACH = q35 ]; then
-      echo -e "${CONTAINERTYPE}${BOLD}${DGN}Machine Type: ${BGN}$MACH${CL}"
+      echo -e "${CONTAINERTYPE}${BOLD}${DGN}Machine Type: ${BGN}Q35 (Modern)${CL}"
       FORMAT=""
       MACHINE=" -machine q35"
     else
-      echo -e "${CONTAINERTYPE}${BOLD}${DGN}Machine Type: ${BGN}$MACH${CL}"
+      echo -e "${CONTAINERTYPE}${BOLD}${DGN}Machine Type: ${BGN}i440fx (Legacy)${CL}"
       FORMAT=",efitype=4m"
       MACHINE=""
     fi
@@ -314,8 +448,8 @@ function advanced_settings() {
   fi
 
   if CPU_TYPE1=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "CPU MODEL" --radiolist "Choose" --cancel-button Exit-Script 10 58 2 \
-    "0" "KVM64 (Default)" ON \
-    "1" "Host" OFF \
+    "1" "Host (Recommended)" ON \
+    "0" "KVM64" OFF \
     3>&1 1>&2 2>&3); then
     if [ $CPU_TYPE1 = "1" ]; then
       echo -e "${OS}${BOLD}${DGN}CPU Model: ${BGN}Host${CL}"
@@ -462,8 +596,18 @@ else
 fi
 msg_ok "Using ${CL}${BL}$STORAGE${CL} ${GN}for Storage Location."
 msg_ok "Virtual Machine ID is ${CL}${BL}$VMID${CL}."
-msg_info "Retrieving the URL for the Debian 12 Qcow2 Disk Image"
-URL="https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-nocloud-$(dpkg --print-architecture).qcow2"
+
+if ! command -v virt-customize &>/dev/null; then
+  msg_info "Installing Pre-Requisite libguestfs-tools onto Host"
+  apt-get -qq update >/dev/null
+  apt-get -qq install libguestfs-tools lsb-release -y >/dev/null
+  # Workaround for Proxmox VE 9.0 libguestfs issue
+  apt-get -qq install dhcpcd-base -y >/dev/null 2>&1 || true
+  msg_ok "Installed libguestfs-tools successfully"
+fi
+
+msg_info "Retrieving the URL for the ${OS_DISPLAY} Qcow2 Disk Image"
+URL=$(get_image_url)
 sleep 2
 msg_ok "${CL}${BL}${URL}${CL}"
 curl -f#SL -o "$(basename "$URL")" "$URL"
@@ -493,32 +637,162 @@ for i in {0,1}; do
   eval DISK${i}_REF=${STORAGE}:${DISK_REF:-}${!disk}
 done
 
-if ! command -v virt-customize &>/dev/null; then
-  msg_info "Installing Pre-Requisite libguestfs-tools onto Host"
-  apt-get -qq update >/dev/null
-  apt-get -qq install libguestfs-tools lsb-release -y >/dev/null
-  # Workaround for Proxmox VE 9.0 libguestfs issue
-  apt-get -qq install dhcpcd-base -y >/dev/null 2>&1 || true
-  msg_ok "Installed libguestfs-tools successfully"
+echo -e "${INFO}${BOLD}${GN}Preparing ${OS_DISPLAY} Qcow2 Disk Image${CL}"
+
+# Set DNS for libguestfs appliance environment (not the guest)
+export LIBGUESTFS_BACKEND_SETTINGS=dns=8.8.8.8,1.1.1.1
+
+# Always create first-boot installation script as fallback
+virt-customize -q -a "${FILE}" --run-command "cat > /root/install-docker.sh << 'INSTALLEOF'
+#!/bin/bash
+# Log output to file
+exec > /var/log/install-docker.log 2>&1
+echo \"[\\$(date)] Starting Docker installation on first boot\"
+
+# Check if Docker is already installed
+if command -v docker >/dev/null 2>&1; then
+  echo \"[\\$(date)] Docker already installed, checking if running\"
+  systemctl start docker 2>/dev/null || true
+  if docker info >/dev/null 2>&1; then
+    echo \"[\\$(date)] Docker is already working, exiting\"
+    exit 0
+  fi
 fi
 
-msg_info "Adding Docker and Docker Compose Plugin to Debian 12 Qcow2 Disk Image"
-virt-customize -q -a "${FILE}" --install qemu-guest-agent,apt-transport-https,ca-certificates,curl,gnupg,software-properties-common,lsb-release >/dev/null &&
-  virt-customize -q -a "${FILE}" --run-command "mkdir -p /etc/apt/keyrings && curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg" >/dev/null &&
-  virt-customize -q -a "${FILE}" --run-command "echo 'deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian bookworm stable' > /etc/apt/sources.list.d/docker.list" >/dev/null &&
-  virt-customize -q -a "${FILE}" --run-command "apt-get update -qq && apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin" >/dev/null &&
-  virt-customize -q -a "${FILE}" --run-command "systemctl enable docker" >/dev/null &&
-  virt-customize -q -a "${FILE}" --hostname "${HN}" >/dev/null &&
-  virt-customize -q -a "${FILE}" --run-command "echo -n > /etc/machine-id" >/dev/null
-msg_ok "Added Docker and Docker Compose Plugin to Debian 12 Qcow2 Disk Image successfully"
+# Wait for network to be fully available
+for i in {1..30}; do
+  if ping -c 1 8.8.8.8 >/dev/null 2>&1; then
+    echo \"[\\$(date)] Network is available\"
+    break
+  fi
+  echo \"[\\$(date)] Waiting for network... attempt \\$i/30\"
+  sleep 2
+done
+
+# Configure DNS
+echo \"[\\$(date)] Configuring DNS\"
+mkdir -p /etc/systemd/resolved.conf.d
+cat > /etc/systemd/resolved.conf.d/dns.conf << DNSEOF
+[Resolve]
+DNS=8.8.8.8 1.1.1.1
+FallbackDNS=8.8.4.4 1.0.0.1
+DNSEOF
+systemctl restart systemd-resolved 2>/dev/null || true
+
+# Update package lists
+echo \"[\\$(date)] Updating package lists\"
+apt-get update
+
+# Install base packages if not already installed
+echo \"[\\$(date)] Installing base packages\"
+apt-get install -y qemu-guest-agent curl ca-certificates 2>/dev/null || true
+
+# Install Docker
+echo \"[\\$(date)] Installing Docker\"
+curl -fsSL https://get.docker.com | sh
+systemctl enable docker
+systemctl start docker
+
+# Wait for Docker to be ready
+for i in {1..10}; do
+  if docker info >/dev/null 2>&1; then
+    echo \"[\\$(date)] Docker is ready\"
+    break
+  fi
+  sleep 1
+done
+
+# Install Portainer if requested
+INSTALL_PORTAINER_PLACEHOLDER
+
+# Create completion flag
+echo \"[\\$(date)] Docker installation completed successfully\"
+touch /root/.docker-installed
+INSTALLEOF" >/dev/null
+
+# Replace Portainer placeholder based on user choice
+if [ "$INSTALL_PORTAINER" = "yes" ]; then
+  virt-customize -q -a "${FILE}" --run-command "sed -i 's|INSTALL_PORTAINER_PLACEHOLDER|echo \"[\\\\\\$(date)] Installing Portainer\"\\\ndocker volume create portainer_data\\\ndocker run -d -p 9000:9000 -p 9443:9443 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest\\\necho \"[\\\\\\$(date)] Portainer installed and started\"|' /root/install-docker.sh" >/dev/null
+else
+  virt-customize -q -a "${FILE}" --run-command "sed -i 's|INSTALL_PORTAINER_PLACEHOLDER|echo \"[\\\\\\$(date)] Skipping Portainer installation\"|' /root/install-docker.sh" >/dev/null
+fi
+
+virt-customize -q -a "${FILE}" --run-command "chmod +x /root/install-docker.sh" >/dev/null
+
+virt-customize -q -a "${FILE}" --run-command "cat > /etc/systemd/system/install-docker.service << 'SERVICEEOF'
+[Unit]
+Description=Install Docker on First Boot
+After=network-online.target
+Wants=network-online.target
+ConditionPathExists=!/root/.docker-installed
+
+[Service]
+Type=oneshot
+ExecStart=/root/install-docker.sh
+RemainAfterExit=yes
+
+[Install]
+WantedBy=multi-user.target
+SERVICEEOF" >/dev/null
+
+virt-customize -q -a "${FILE}" --run-command "systemctl enable install-docker.service" >/dev/null
+
+# Try to install packages and Docker during image customization
+DOCKER_INSTALLED_ON_FIRST_BOOT="yes" # Assume first-boot by default
+
+msg_info "Installing base packages (qemu-guest-agent, curl, ca-certificates)"
+if virt-customize -a "${FILE}" --install qemu-guest-agent,curl,ca-certificates >/dev/null 2>&1; then
+  msg_ok "Installed base packages"
+
+  msg_info "Installing Docker via get.docker.com"
+  if virt-customize -q -a "${FILE}" --run-command "curl -fsSL https://get.docker.com | sh" >/dev/null 2>&1 &&
+    virt-customize -q -a "${FILE}" --run-command "systemctl enable docker" >/dev/null 2>&1; then
+    msg_ok "Installed Docker"
+
+    # Optimize Docker daemon configuration
+    virt-customize -q -a "${FILE}" --run-command "mkdir -p /etc/docker" >/dev/null 2>&1
+    virt-customize -q -a "${FILE}" --run-command "cat > /etc/docker/daemon.json << 'DOCKEREOF'
+{
+  \"storage-driver\": \"overlay2\",
+  \"log-driver\": \"json-file\",
+  \"log-opts\": {
+    \"max-size\": \"10m\",
+    \"max-file\": \"3\"
+  }
+}
+DOCKEREOF" >/dev/null 2>&1
+
+    # Create completion flag to prevent first-boot script from running
+    virt-customize -q -a "${FILE}" --run-command "touch /root/.docker-installed" >/dev/null 2>&1
+
+    DOCKER_INSTALLED_ON_FIRST_BOOT="no"
+  else
+    msg_ok "Docker will be installed on first boot (installation failed during image preparation)"
+  fi
+else
+  msg_ok "Packages will be installed on first boot (network not available during image preparation)"
+fi
+
+# Set hostname and clean machine-id
+virt-customize -q -a "${FILE}" --hostname "${HN}" >/dev/null 2>&1
+virt-customize -q -a "${FILE}" --run-command "truncate -s 0 /etc/machine-id" >/dev/null 2>&1
+virt-customize -q -a "${FILE}" --run-command "rm -f /var/lib/dbus/machine-id" >/dev/null 2>&1
+
+# Configure SSH to allow root login with password when Cloud-Init is enabled
+# (Cloud-Init will set the password, but SSH needs to accept password authentication)
+if [ "$USE_CLOUD_INIT" = "yes" ]; then
+  virt-customize -q -a "${FILE}" --run-command "sed -i 's/^#*PermitRootLogin.*/PermitRootLogin yes/' /etc/ssh/sshd_config" >/dev/null 2>&1 || true
+  virt-customize -q -a "${FILE}" --run-command "sed -i 's/^#*PasswordAuthentication.*/PasswordAuthentication yes/' /etc/ssh/sshd_config" >/dev/null 2>&1 || true
+fi
 
 msg_info "Expanding root partition to use full disk space"
 qemu-img create -f qcow2 expanded.qcow2 ${DISK_SIZE} >/dev/null 2>&1
-virt-resize --expand /dev/sda1 ${FILE} expanded.qcow2 >/dev/null 2>&1
+virt-resize --quiet --expand /dev/sda1 ${FILE} expanded.qcow2 >/dev/null 2>&1
 mv expanded.qcow2 ${FILE} >/dev/null 2>&1
 msg_ok "Expanded image to full size"
 
 msg_info "Creating a Docker VM"
+
 qm create $VMID -agent 1${MACHINE} -tablet 0 -localtime 1 -bios ovmf${CPU_TYPE} -cores $CORE_COUNT -memory $RAM_SIZE \
   -name $HN -tags community-script -net0 virtio,bridge=$BRG,macaddr=$MAC$VLAN$MTU -onboot 1 -ostype l26 -scsihw virtio-scsi-pci
 pvesm alloc $STORAGE $VMID $DISK0 4M 1>&/dev/null
@@ -528,9 +802,22 @@ qm set $VMID \
   -scsi0 ${DISK1_REF},${DISK_CACHE}${THIN}size=${DISK_SIZE} \
   -boot order=scsi0 \
   -serial0 socket >/dev/null
-qm resize $VMID scsi0 8G >/dev/null
 qm set $VMID --agent enabled=1 >/dev/null
 
+# Proxmox 9: Enable I/O Thread for better disk performance
+if [ "${PVE_MAJOR:-8}" = "9" ]; then
+  qm set $VMID -iothread 1 >/dev/null 2>&1 || true
+fi
+
+msg_ok "Created a Docker VM ${CL}${BL}(${HN})${CL}"
+
+# Add Cloud-Init drive if requested
+if [ "$USE_CLOUD_INIT" = "yes" ]; then
+  msg_info "Configuring Cloud-Init"
+  setup_cloud_init "$VMID" "$STORAGE" "$HN" "yes" >/dev/null 2>&1
+  msg_ok "Cloud-Init configured"
+fi
+
 DESCRIPTION=$(
   cat <<EOF
 <div align='center'>
@@ -563,11 +850,57 @@ EOF
 )
 qm set "$VMID" -description "$DESCRIPTION" >/dev/null
 
-msg_ok "Created a Docker VM ${CL}${BL}(${HN})"
 if [ "$START_VM" == "yes" ]; then
   msg_info "Starting Docker VM"
-  qm start $VMID
+  qm start $VMID >/dev/null 2>&1
   msg_ok "Started Docker VM"
 fi
+
+# Try to get VM IP address silently in background (max 10 seconds)
+VM_IP=""
+if [ "$START_VM" == "yes" ]; then
+  for i in {1..5}; do
+    VM_IP=$(qm guest cmd "$VMID" network-get-interfaces 2>/dev/null |
+      jq -r '.[] | select(.name != "lo") | ."ip-addresses"[]? | select(."ip-address-type" == "ipv4") | ."ip-address"' 2>/dev/null |
+      grep -v "^127\." | head -1)
+
+    if [ -n "$VM_IP" ]; then
+      break
+    fi
+    sleep 2
+  done
+fi
+
+# Display information about installed components
+echo -e "\n${INFO}${BOLD}${GN}VM Configuration Summary:${CL}"
+echo -e "${TAB}${DGN}VM ID: ${BGN}${VMID}${CL}"
+echo -e "${TAB}${DGN}Hostname: ${BGN}${HN}${CL}"
+echo -e "${TAB}${DGN}OS: ${BGN}${OS_DISPLAY}${CL}"
+
+if [ -n "$VM_IP" ]; then
+  echo -e "${TAB}${DGN}IP Address: ${BGN}${VM_IP}${CL}"
+fi
+
+if [ "$DOCKER_INSTALLED_ON_FIRST_BOOT" = "yes" ]; then
+  echo -e "${TAB}${DGN}Docker: ${BGN}Will be installed on first boot${CL}"
+  echo -e "${TAB}${YW}⚠️  Docker installation will happen automatically after VM starts${CL}"
+  echo -e "${TAB}${YW}⚠️  Wait 2-3 minutes after boot for installation to complete${CL}"
+  echo -e "${TAB}${YW}⚠️  Check installation progress: ${BL}cat /var/log/install-docker.log${CL}"
+else
+  echo -e "${TAB}${DGN}Docker: ${BGN}Latest (via get.docker.com)${CL}"
+fi
+
+if [ "$INSTALL_PORTAINER" = "yes" ]; then
+  if [ -n "$VM_IP" ]; then
+    echo -e "${TAB}${DGN}Portainer: ${BGN}https://${VM_IP}:9443${CL}"
+  else
+    echo -e "${TAB}${DGN}Portainer: ${BGN}Will be accessible at https://<VM-IP>:9443${CL}"
+    echo -e "${TAB}${YW}⚠️  Get IP with: ${BL}qm guest cmd ${VMID} network-get-interfaces${CL}"
+  fi
+fi
+if [ "$USE_CLOUD_INIT" = "yes" ]; then
+  display_cloud_init_info "$VMID" "$HN"
+fi
+
 post_update_to_api "done" "none"
 msg_ok "Completed Successfully!\n"