* fix(build.func): pct create audit — 5 fixes
1. Disable globbing (set -f) around pct create calls to prevent
passwords containing * or ? from expanding to filenames.
2. Fix TAGS: use semicolons (pct format), prevent duplicate
community-script prefix, remove trailing separator.
3. Skip keyctl dialog for unprivileged containers — pct always
forces keyctl=1 for CT_TYPE=1, so the dialog was misleading.
4. Remove dead IPV6_STATIC variable (IPv6 is handled via
IPV6_ADDR/IPV6_GATE which are properly wired into NET_STRING).
5. Remove dead UDHCPC_FIX variable — set and exported but never
consumed by any install script.
* Update api.func
User input like 'nfs, cifs' or 'nfs,' would produce invalid pct
features strings like 'mount=nfs; cifs' (space breaks pct argument
parsing) or 'mount=nfs;' (trailing semicolon). Fixes:
- Whiptail dialog (Step 27): normalize input immediately after entry
- load_vars_file validation: normalize before regex check, use
stricter regex that rejects trailing/leading commas
- FEATURES construction: defensive sanitize before building the
mount= value (strip spaces, trailing commas/semicolons)
All three layers ensure 'nfs, cifs' -> 'nfs,cifs' -> 'mount=nfs;cifs'
* fix(core): remove unused TEMP_DIR mktemp leak in build_container
The build_container() function created a temp directory via mktemp -d and
pushd into it, but never popd or rm -rf. The directory was not used for
anything — FUNCTIONS_FILE_PATH is downloaded into a variable, not a file.
Remove the mktemp -d and pushd entirely to eliminate the leak.
* fix(sonarqube): clean up temp file after zip extraction
The SonarQube update function (ct/sonarqube.sh) never deleted the
downloaded zip file (~200-500 MB) from /tmp after extraction. On LXC
containers with 4-8 GB disks, this accumulates with every update and
can eventually fill the disk.
Also add explicit cleanup in the install script instead of relying
solely on cleanup_lxc() pattern matching.
* fix(tools): prevent script crash when entering GitHub token after rate limit
fetch_and_deploy_gh_release set attempt=0 after accepting a token, then
immediately ran ((0++)) which evaluates to 0 (falsy) causing exit code 1
and killing the script under set -e.
Fix: set attempt=1 and continue to restart the retry loop cleanly,
giving the full max_retries budget with the new token.
Also fix fetch_and_deploy_codeberg_release: replace ((attempt++)) with
attempt=\ to avoid the same zero-evaluation crash on
the first connection timeout (attempt starts at 0 in that loop).
Fixes#13635
* feat(tools): add var_github_token support with token validation
- Add var_github_token to all VAR_WHITELIST arrays in build.func so the
token can be set via default.vars, app.vars, or environment variable
- Map var_github_token -> GITHUB_TOKEN in default_var_settings() (env
variable takes precedence over the var file value)
- Add commented var_github_token example to the default.vars template
- Add validate_github_token() to tools.func:
* Calls GET /user to verify the token is accepted
* Reports expiry date from x-oauth-expiry header (fine-grained PATs)
* Warns when classic PAT is missing public_repo scope
* Returns distinct exit codes: 0=valid, 1=invalid/expired, 2=no scope, 3=error
- Update prompt_for_github_token():
* Non-interactive path now picks up var_github_token automatically
* Interactive path also picks up var_github_token without prompting
* Validates token immediately after entry; loops until valid or Ctrl+C
Update LXC and VM description blocks to include donation and script page badges. Introduces script_slug, script_url and donate_url variables (derived from SCRIPT_SLUG or NSAPP/APP, normalized to lowercase and dashed) and uses them to build links. Replaces the old Ko-fi "Buy us a coffee" badge with a generic donate badge and adds an "Open Script Page" badge linking to the script detail page.
When var_gateway is set to an empty string, the resulting gw= token
in the comma-separated network string causes pct create to fail with
a 'missing key in comma-separated list property' error.
Closes#13421
Node.js 22.22.2 ships with a broken npm self-upgrade path where 'npm install -g npm@latest' fails with MODULE_NOT_FOUND for promise-retry. Pin to npm@11.11.0 as a known-good version until the upstream issue is resolved. Ref: nodejs/node#62425, npm/cli#9151
Add defensive fallbacks (|| true) to multiple command substitutions to prevent non-zero exits when commands produce no output or are unavailable. Changes touch misc/api.func, misc/build.func and misc/tools.func and cover places like lspci, /proc/cpuinfo parsing, /etc/os-release reads, hostname -I usage, grep reads from vars files and maps, pct config parsing, storage/template lookups, tool version detection, NVIDIA driver version extraction, and MeiliSearch config parsing. These edits do not change functional behavior aside from ensuring the scripts continue running (variables will be empty) instead of failing in stricter shells or when commands return non-zero status.
* refactor(turnkey): modernize turnkey.sh with shared libraries and telemetry
- Source core.func, error_handler.func, api.func instead of custom error/msg functions
- Replace custom error_exit/warn/info/msg with msg_info/msg_ok/msg_error/msg_warn
- Upgrade validate_container_id to cluster-aware (pvesh + all-node config check)
- Add diagnostics_check() and telemetry (post_to_api / post_update_to_api)
- Add pve_check, shell_check, root_check for environment validation
- Use proper EXIT trap for cleanup (destroy container on error, restart monitor)
- Improve quoting throughout (PCT_OPTIONS as array, quoted variables)
- Secure credentials file with chmod 600
- Use exit_script for user cancellations (consistent with other scripts)
* fix(turnkey): replace diagnostics_check with inline config read
diagnostics_check() is defined in build.func which is not sourced.
Read the diagnostics config file directly instead — respects existing
user preference without prompting (turnkey has no settings menu).
* bump hardcoded names to dynamic list
* Preserve telemetry type and report failures
Respect a pre-set TELEMETRY_TYPE in misc/api.func and use it in the API payload instead of the hardcoded "lxc". In turnkey/turnkey.sh, set TELEMETRY_TYPE="turnkey" for turnkey installs and enhance turnkey_cleanup() to report failed installs to telemetry (calls post_update_to_api "failed" with the exit code when POST_TO_API_DONE is true and POST_UPDATE_DONE is not), then destroy the failed container. These changes ensure correct telemetry type propagation and that failed turnkey deployments are reported.
---------
Co-authored-by: Slaviša Arežina <58952836+tremor021@users.noreply.github.com>
Analyze logs for generic exit code 1 and export an ERROR_CATEGORY_OVERRIDE so telemetry receives a more accurate error category (apt, oom, network, storage, dependency). Preserve any existing TELEMETRY_TYPE when posting updates. Add defense-in-depth by disabling strict error traps before running grep/sed log analysis to avoid spurious error_handler invocations. Mark successful installs with INSTALL_COMPLETE and update the error handler to only report a successful "done" telemetry state when INSTALL_COMPLETE is explicitly set, preventing false-positive success reports from early zero-exit exits.
* Display pin reason in release-check messages
Add an optional pin_reason parameter to check_for_gh_release and check_for_codeberg_release and update the no-update messaging to show the provided reason. If no reason is supplied, show a default message indicating the update is temporarily held back due to issues with newer releases. This improves user feedback when versions are intentionally pinned.
* Add informational args to release checks
Pass extra informational strings to check_for_gh_release calls to surface release-specific notes. Updated ct/immich.sh (notes for Immich and VectorChord releases), ct/opencloud.sh (note for OpenCloud), and ct/plant-it.sh (note about web frontend presence). These messages clarify testing/compatibility expectations when checking/releases.
* fix(tdarr): use curl_with_retry and verify binaries before enabling service
Tdarr_Updater downloads the actual server/node binaries from tdarr.io at
runtime. If tdarr.io is blocked by local DNS (e.g. OPNsense OISD blocklists),
the updater exits silently with code 0, leaving no binaries on disk. The
subsequent systemctl enable then fails with 'Operation not permitted' (exit 1)
because the ExecStart paths don't exist.
Changes:
- Replace bare curl with curl_with_retry for versions.json and Tdarr_Updater.zip
downloads to gain retry logic, DNS pre-check and exponential backoff
- Add msg_info before Tdarr_Updater run so users see this step in the log
- Check that Tdarr_Server and Tdarr_Node binaries exist after the updater
runs; fail immediately with a clear message pointing to tdarr.io connectivity
instead of letting systemctl fail with a confusing 'Operation not permitted'
Fixes: #13030
* Improve Tdarr installer error handling
Refine post-update validation and failure behavior in tdarr-install.sh: remove a redundant status message, simplify the updater check to only require the Tdarr_Server binary, and replace the previous fatal path with msg_error plus an explicit exit 250. This makes failures (for example when tdarr.io is blocked by local DNS) clearer and avoids false negatives from the Tdarr_Node existence check.
* Use curl_with_retry and handle updater failure
Replace direct curl calls with curl_with_retry for fetching versions.json and downloading Tdarr_Updater.zip to improve network reliability. Add a post-update check that verifies /opt/tdarr/Tdarr_Server/Tdarr_Server exists; if missing, log an error suggesting possible DNS blocking and exit with code 250. Minor cleanup of updater artifacts remains unchanged.
* Reorder hwaccel setup and adjust GPU group usermod
Move setup_hwaccel invocations in emby, jellyfin, ollama, and plex installers to occur after package installation/configuration so GPU drivers/repos are present before enabling hardware acceleration. Update _setup_gpu_permissions to call usermod directly (remove $STD wrapper) when adding service users to render/video groups. Includes minor whitespace/ordering cleanups in the installer scripts.
improve hardware-acceleration setup to centralize service user group management. Install scripts (emby, plex, ollama, channels) now pass a service user to setup_hwaccel (or no user for channels) and have had inline /etc/group sed/usermod tweaks removed. misc/tools.func updated: setup_hwaccel accepts an optional service_user and forwards it to _setup_gpu_permissions, which now adds the service user to render and video groups if provided. This consolidates GPU permission changes in one place and removes duplicated per-service group edits.
* tools.func Implement check_for_gh_tag function
Adds a function to check for new GitHub tags for repositories without releases. (needed for termix / guacd-server)
* Update documentation for check_for_gh_tag function
* tools.func: Implement fetch_and_deploy_gh_tag function
Adds function to fetch and deploy GitHub tag-based source tarballs.
* Refactor fetch_and_deploy_gh_tag function and comments
Updated the function to fetch and deploy GitHub tags, enhancing its description and usage instructions.
* cleanuo
AMD APUs (Radeon 780M/760M/740M and similar integrated graphics) do not
benefit from the full ROCm compute stack in LXC containers. ROCm is a
multi-GB GPGPU framework primarily designed for discrete AMD GPUs and
ML/AI workloads, not for video transcoding with integrated graphics.
For APUs the Mesa VA-API drivers (mesa-va-drivers, mesa-opencl-icd) and
firmware (firmware-amd-graphics) provide all the hardware acceleration
needed for media tasks. Installing ROCm on top adds ~4GB of packages
that frequently fail or time out for this class of hardware.
Discrete AMD GPUs (GPU_TYPE=AMD) are unaffected and still receive ROCm.
When repo.radeon.com has broken metadata, apt update fails with
exit code 100 and kills the entire install. Make it non-fatal so
the script can continue with cached packages or skip ROCm gracefully.
Fixes#12879
The full 'rocm' meta-package includes 15GB+ of dev tools (compilers,
debuggers, dev headers) which are unnecessary in LXC containers.
Install only runtime packages: rocm-opencl-runtime, rocm-hip-runtime,
rocm-smi-lib. Reduce disk resize from +8GB to +4GB accordingly.
