Add protonmail-bridge (ct)

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

CHANGELOG.md

@@ -448,6 +448,19 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 </details>
 
+## 2026-04-30
+
+### 🆕 New Scripts
+
+  - Nagios ([#14126](https://github.com/community-scripts/ProxmoxVE/pull/14126))
+- Neko ([#14121](https://github.com/community-scripts/ProxmoxVE/pull/14121))
+
+### 💾 Core
+
+  - #### 🔧 Refactor
+
+    - tools.func: Manage minor versions for MongoDB 8.x [@tremor021](https://github.com/tremor021) ([#14131](https://github.com/community-scripts/ProxmoxVE/pull/14131))
+
 ## 2026-04-29
 
 ### 🚀 Updated Scripts

ct/headers/nagios

@@ -0,0 +1,6 @@
+    _   __            _           
+   / | / /___ _____ _(_)___  _____
+  /  |/ / __ `/ __ `/ / __ \/ ___/
+ / /|  / /_/ / /_/ / / /_/ (__  ) 
+/_/ |_/\__,_/\__, /_/\____/____/  
+            /____/                

ct/headers/neko

@@ -0,0 +1,6 @@
+    _   __     __       
+   / | / /__  / /______ 
+  /  |/ / _ \/ //_/ __ \
+ / /|  /  __/ ,< / /_/ /
+/_/ |_/\___/_/|_|\____/ 
+                        

ct/headers/protonmail-bridge

@@ -0,0 +1,6 @@
+    ____             __              __  ___      _ __      ____       _     __         
+   / __ \_________  / /_____  ____  /  |/  /___ _(_) /     / __ )_____(_)___/ /___ ____ 
+  / /_/ / ___/ __ \/ __/ __ \/ __ \/ /|_/ / __ `/ / /_____/ __  / ___/ / __  / __ `/ _ \
+ / ____/ /  / /_/ / /_/ /_/ / / / / /  / / /_/ / / /_____/ /_/ / /  / / /_/ / /_/ /  __/
+/_/   /_/   \____/\__/\____/_/ /_/_/  /_/\__,_/_/_/     /_____/_/  /_/\__,_/\__, /\___/ 
+                                                                           /____/       

ct/nagios.sh

@@ -0,0 +1,90 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: CanbiZ (MickLesk)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/NagiosEnterprises/nagioscore
+
+APP="Nagios"
+var_tags="${var_tags:-monitoring;alerts;infrastructure}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-2048}"
+var_disk="${var_disk:-20}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -f /usr/local/nagios/etc/nagios.cfg ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  msg_info "Backing up Configuration"
+  cp -a /usr/local/nagios/etc /opt/nagios-etc-backup
+  msg_ok "Backed up Configuration"
+
+  if check_for_gh_release "nagios" "NagiosEnterprises/nagioscore"; then
+    msg_info "Stopping Nagios"
+    systemctl stop nagios
+    msg_ok "Stopped Nagios"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "nagios" "NagiosEnterprises/nagioscore" "tarball"
+
+    msg_info "Building Nagios Core"
+    cd /opt/nagios
+    $STD ./configure --with-httpd-conf=/etc/apache2/sites-enabled
+    $STD make all
+    $STD make install-groups-users
+    usermod -a -G nagios www-data
+    $STD make install
+    $STD make install-daemoninit
+    $STD make install-commandmode
+    $STD make install-webconf
+    $STD a2enmod rewrite
+    $STD a2enmod cgi
+    msg_ok "Built Nagios Core"
+
+    msg_info "Starting Nagios"
+    systemctl restart apache2
+    systemctl start nagios
+    msg_ok "Started Nagios"
+  fi
+
+  if check_for_gh_release "nagios-plugins" "nagios-plugins/nagios-plugins"; then
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "nagios-plugins" "nagios-plugins/nagios-plugins" "tarball"
+    msg_info "Building Nagios Plugins"
+    cd /opt/nagios-plugins
+    $STD ./tools/setup
+    $STD ./configure
+    $STD make
+    $STD make install
+    msg_ok "Built Nagios Plugins"
+  fi
+
+  msg_info "Restoring Configuration"
+  rm -rf /usr/local/nagios/etc
+  cp -a /opt/nagios-etc-backup /usr/local/nagios/etc
+  rm -rf /opt/nagios-etc-backup
+  msg_ok "Restored Configuration"
+  msg_ok "Updated successfully!"
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}/nagios${CL}"

ct/neko.sh

@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: CanbiZ (MickLesk)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://neko.m1k1o.net/
+
+APP="Neko"
+var_tags="${var_tags:-virtual-browser;webrtc;streaming}"
+var_cpu="${var_cpu:-4}"
+var_ram="${var_ram:-4096}"
+var_disk="${var_disk:-12}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-12}"
+var_unprivileged="${var_unprivileged:-1}"
+var_gpu="${var_gpu:-yes}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -d /opt/neko ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "neko" "m1k1o/neko"; then
+    msg_info "Stopping Service"
+    systemctl stop neko
+    msg_ok "Stopped Service"
+
+    msg_info "Backing up Data"
+    cp /etc/neko/neko.yaml /opt/neko.yaml.bak
+    msg_ok "Backed up Data"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "neko" "m1k1o/neko" "tarball"
+
+    msg_info "Building Client"
+    cd /opt/neko/client
+    $STD npm install
+    $STD npm run build
+    cp -r /opt/neko/client/dist/* /var/www/
+    msg_ok "Built Client"
+
+    msg_info "Building Server"
+    cd /opt/neko/server
+    $STD ./build
+    cp /opt/neko/server/bin/neko /usr/bin/neko
+    cp -r /opt/neko/server/bin/plugins/* /etc/neko/plugins/ 2>/dev/null || true
+    msg_ok "Built Server"
+
+    msg_info "Restoring Data"
+    cp /opt/neko.yaml.bak /etc/neko/neko.yaml
+    rm -f /opt/neko.yaml.bak
+    msg_ok "Restored Data"
+
+    msg_info "Starting Service"
+    systemctl start neko
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed Successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:8080${CL}"

ct/protonmail-bridge.sh

@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: Stephen Chin (steveonjava)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/ProtonMail/proton-bridge
+
+APP="ProtonMail-Bridge"
+var_tags="${var_tags:-mail;proton}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-1024}"
+var_disk="${var_disk:-8}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -x /usr/bin/protonmail-bridge ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit 1
+  fi
+
+  if check_for_gh_release "protonmail-bridge" "ProtonMail/proton-bridge"; then
+    local -a bridge_units=(
+      protonmail-bridge
+      protonmail-bridge-imap.socket
+      protonmail-bridge-smtp.socket
+      protonmail-bridge-imap-proxy
+      protonmail-bridge-smtp-proxy
+    )
+    local unit
+    declare -A was_active
+    for unit in "${bridge_units[@]}"; do
+      if systemctl is-active --quiet "$unit" 2>/dev/null; then
+        was_active["$unit"]=1
+      else
+        was_active["$unit"]=0
+      fi
+    done
+
+    msg_info "Stopping Services"
+    systemctl stop protonmail-bridge-imap.socket protonmail-bridge-smtp.socket protonmail-bridge-imap-proxy protonmail-bridge-smtp-proxy protonmail-bridge
+    msg_ok "Stopped Services"
+
+    fetch_and_deploy_gh_release "protonmail-bridge" "ProtonMail/proton-bridge" "binary"
+
+    if [[ -f /home/protonbridge/.protonmailbridge-initialized ]]; then
+      msg_info "Starting Services"
+      for unit in "${bridge_units[@]}"; do
+        if [[ "${was_active[$unit]:-0}" == "1" ]]; then
+          systemctl start "$unit"
+        fi
+      done
+      msg_ok "Started Services"
+    else
+      msg_ok "Initialization not completed. Services remain disabled."
+    fi
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW}One-time configuration is required before Bridge services are enabled.${CL}"
+echo -e "${INFO}${YW}Run this command in the container: protonmailbridge-configure${CL}"

install/nagios-install.sh

@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: CanbiZ (MickLesk)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/NagiosEnterprises/nagioscore
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  autoconf \
+  automake \
+  build-essential \
+  bc \
+  dc \
+  gawk \
+  gettext \
+  gperf \
+  libgd-dev \
+  libmcrypt-dev \
+  libnet-snmp-perl \
+  libssl-dev \
+  snmp \
+  apache2 \
+  apache2-utils
+msg_ok "Installed Dependencies"
+
+PHP_APACHE="YES" setup_php
+
+fetch_and_deploy_gh_release "nagios" "NagiosEnterprises/nagioscore" "tarball"
+
+msg_info "Building Nagios Core"
+cd /opt/nagios
+$STD ./configure --with-httpd-conf=/etc/apache2/sites-enabled
+$STD make all
+$STD make install-groups-users
+usermod -a -G nagios www-data
+$STD make install
+$STD make install-daemoninit
+$STD make install-commandmode
+$STD make install-config
+$STD make install-webconf
+$STD a2enmod rewrite
+$STD a2enmod cgi
+msg_ok "Built Nagios Core"
+
+fetch_and_deploy_gh_release "nagios-plugins" "nagios-plugins/nagios-plugins" "tarball"
+
+msg_info "Building Nagios Plugins"
+cd /opt/nagios-plugins
+$STD ./tools/setup
+$STD ./configure
+$STD make
+$STD make install
+msg_ok "Built Nagios Plugins"
+
+msg_info "Configuring Web Authentication"
+$STD htpasswd -bc /usr/local/nagios/etc/htpasswd.users nagiosadmin nagiosadmin
+chown root:www-data /usr/local/nagios/etc/htpasswd.users
+chmod 640 /usr/local/nagios/etc/htpasswd.users
+msg_ok "Configured Web Authentication"
+
+msg_info "Starting Services"
+systemctl enable -q apache2
+systemctl restart apache2
+systemctl enable -q --now nagios
+msg_ok "Started Services"
+
+motd_ssh
+customize
+cleanup_lxc

install/neko-install.sh

@@ -0,0 +1,255 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: CanbiZ (MickLesk)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://neko.m1k1o.net/
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  supervisor \
+  pulseaudio \
+  dbus-x11 \
+  xserver-xorg-video-dummy \
+  xdotool \
+  xclip \
+  libgtk-3-0 \
+  gstreamer1.0-plugins-base \
+  gstreamer1.0-plugins-good \
+  gstreamer1.0-plugins-bad \
+  gstreamer1.0-plugins-ugly \
+  gstreamer1.0-pulseaudio \
+  openbox \
+  firefox-esr \
+  fonts-noto-color-emoji \
+  fonts-wqy-zenhei
+msg_ok "Installed Dependencies"
+systemctl disable -q --now supervisor
+
+msg_info "Installing Build Dependencies"
+$STD apt install -y \
+  build-essential \
+  pkg-config \
+  libx11-dev \
+  libxrandr-dev \
+  libxtst-dev \
+  libgtk-3-dev \
+  libxcvt-dev \
+  libgstreamer1.0-dev \
+  libgstreamer-plugins-base1.0-dev
+msg_ok "Installed Build Dependencies"
+
+NODE_VERSION="22" setup_nodejs
+setup_go
+
+fetch_and_deploy_gh_release "neko" "m1k1o/neko" "tarball"
+
+msg_info "Building Client"
+cd /opt/neko/client
+$STD npm install
+$STD npm run build
+mkdir -p /var/www
+cp -r /opt/neko/client/dist/* /var/www/
+msg_ok "Built Client"
+
+msg_info "Building Server"
+cd /opt/neko/server
+$STD ./build
+cp /opt/neko/server/bin/neko /usr/bin/neko
+mkdir -p /etc/neko/plugins
+cp -r /opt/neko/server/bin/plugins/* /etc/neko/plugins/ 2>/dev/null || true
+msg_ok "Built Server"
+
+msg_info "Setting up Runtime"
+useradd -m -s /bin/bash neko
+usermod -aG audio,video neko
+
+mkdir -p /etc/neko/supervisord /var/www /var/log/neko /tmp/.X11-unix /tmp/runtime-neko /home/neko/.config/pulse /home/neko/.local/share/xorg
+chmod 1777 /tmp/.X11-unix
+chmod 1777 /var/log/neko
+chmod 0700 /tmp/runtime-neko
+chown neko /tmp/.X11-unix /var/log/neko /tmp/runtime-neko
+chown -R neko:neko /home/neko
+
+cp /opt/neko/runtime/xorg.conf /etc/neko/xorg.conf
+# Remove the dummy_touchscreen InputDevice section (requires custom "neko" Xorg driver not available bare-metal)
+sed -i '/Section "InputDevice"/{N;/dummy_touchscreen/{:l;N;/EndSection/!bl;d}}' /etc/neko/xorg.conf
+sed -i '/dummy_touchscreen/d' /etc/neko/xorg.conf
+sed -i 's/InputDevice  "dummy_mouse"/InputDevice  "dummy_mouse" "CorePointer"/' /etc/neko/xorg.conf
+cp /opt/neko/runtime/default.pa /etc/pulse/default.pa
+
+cat <<EOF >/etc/neko/supervisord.conf
+[supervisord]
+nodaemon=true
+user=root
+pidfile=/var/run/supervisord.pid
+logfile=/dev/null
+logfile_maxbytes=0
+loglevel=debug
+
+[include]
+files=/etc/neko/supervisord/*.conf
+
+[program:x-server]
+environment=HOME="/home/neko",USER="neko"
+command=/usr/bin/X :99.0 -config /etc/neko/xorg.conf -noreset -nolisten tcp
+autorestart=true
+priority=300
+user=neko
+stdout_logfile=/var/log/neko/xorg.log
+stdout_logfile_maxbytes=100MB
+stdout_logfile_backups=10
+redirect_stderr=true
+
+[program:pulseaudio]
+environment=HOME="/home/neko",USER="neko",DISPLAY=":99.0"
+command=/usr/bin/pulseaudio --log-level=error --disallow-module-loading --disallow-exit --exit-idle-time=-1
+autorestart=true
+priority=300
+user=neko
+stdout_logfile=/var/log/neko/pulseaudio.log
+stdout_logfile_maxbytes=100MB
+stdout_logfile_backups=10
+redirect_stderr=true
+
+[program:neko]
+environment=HOME="/home/neko",USER="neko",DISPLAY=":99.0"
+command=/usr/bin/neko serve --server.static "/var/www"
+stopsignal=INT
+stopwaitsecs=3
+autorestart=true
+priority=800
+user=neko
+stdout_logfile=/var/log/neko/neko.log
+stdout_logfile_maxbytes=100MB
+stdout_logfile_backups=10
+redirect_stderr=true
+
+[unix_http_server]
+file=/var/run/supervisor.sock
+chmod=0770
+chown=root:neko
+
+[supervisorctl]
+serverurl=unix:///var/run/supervisor.sock
+
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+EOF
+
+cat <<EOF >/etc/neko/supervisord/firefox.conf
+[program:firefox]
+environment=HOME="/home/neko",USER="neko",DISPLAY=":99.0"
+command=/usr/bin/firefox-esr --no-remote --display=:99.0 -width 1280 -height 720
+stopsignal=INT
+autorestart=true
+priority=800
+user=neko
+stdout_logfile=/var/log/neko/firefox.log
+stdout_logfile_maxbytes=100MB
+stdout_logfile_backups=10
+redirect_stderr=true
+
+[program:openbox]
+environment=HOME="/home/neko",USER="neko",DISPLAY=":99.0"
+command=/usr/bin/openbox --config-file /etc/neko/openbox.xml
+autorestart=true
+priority=300
+user=neko
+stdout_logfile=/var/log/neko/openbox.log
+stdout_logfile_maxbytes=100MB
+stdout_logfile_backups=10
+redirect_stderr=true
+EOF
+
+cat <<'EOF' >/etc/neko/openbox.xml
+<?xml version="1.0" encoding="UTF-8"?>
+<openbox_config xmlns="http://openbox.org/3.4/rc" xmlns:xi="http://www.w3.org/2001/XInclude">
+<applications>
+    <application class="firefox" name="Navigator" role="browser">
+      <decor>no</decor>
+      <maximized>true</maximized>
+      <focus>yes</focus>
+      <layer>normal</layer>
+    </application>
+</applications>
+<focus>
+  <focusNew>yes</focusNew>
+  <followMouse>no</followMouse>
+  <focusLast>yes</focusLast>
+  <underMouse>no</underMouse>
+  <focusDelay>200</focusDelay>
+  <raiseOnFocus>no</raiseOnFocus>
+</focus>
+<placement>
+  <policy>Smart</policy>
+  <center>yes</center>
+</placement>
+<desktops>
+  <number>1</number>
+  <firstdesk>1</firstdesk>
+  <popupTime>0</popupTime>
+</desktops>
+</openbox_config>
+EOF
+
+cat <<EOF >/etc/neko/neko.yaml
+server:
+  bind: "0.0.0.0:8080"
+  static: "/var/www"
+session:
+  cookie:
+    enabled: false
+webrtc:
+  icelite: true
+  nat1to1:
+    - "${LOCAL_IP}"
+  epr: "59000-59100"
+desktop:
+  input:
+    enabled: false
+member:
+  provider: "multiuser"
+  multiuser:
+    admin_password: "admin"
+    user_password: "neko"
+EOF
+msg_ok "Set up Runtime"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/neko.service
+[Unit]
+Description=Neko Virtual Browser
+After=network.target
+
+[Service]
+Type=simple
+User=root
+Environment=USER=neko
+Environment=DISPLAY=:99.0
+Environment=PULSE_SERVER=unix:/tmp/pulseaudio.socket
+Environment=XDG_RUNTIME_DIR=/tmp/runtime-neko
+Environment=NEKO_PLUGINS_ENABLED=true
+Environment=NEKO_PLUGINS_DIR=/etc/neko/plugins/
+Environment=NEKO_CONFIG=/etc/neko/neko.yaml
+ExecStart=/usr/bin/supervisord -c /etc/neko/supervisord.conf -n
+Restart=on-failure
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now neko
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc

install/protonmail-bridge-install.sh

@@ -0,0 +1,192 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: Stephen Chin (steveonjava)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/ProtonMail/proton-bridge
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y pass
+msg_ok "Installed Dependencies"
+
+msg_info "Creating Service User"
+useradd -r -m -d /home/protonbridge -s /usr/sbin/nologin protonbridge
+install -d -m 0750 -o protonbridge -g protonbridge /home/protonbridge
+msg_ok "Created Service User"
+
+fetch_and_deploy_gh_release "protonmail-bridge" "ProtonMail/proton-bridge" "binary"
+
+msg_info "Creating Services"
+cat <<EOF >/etc/systemd/system/protonmail-bridge.service
+[Unit]
+Description=Proton Mail Bridge (noninteractive)
+After=network-online.target
+Wants=network-online.target
+ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized
+
+[Service]
+Type=simple
+User=protonbridge
+Group=protonbridge
+WorkingDirectory=/home/protonbridge
+Environment=HOME=/home/protonbridge
+ExecStart=/usr/bin/protonmail-bridge --noninteractive
+Restart=always
+RestartSec=3
+NoNewPrivileges=yes
+PrivateTmp=yes
+ProtectSystem=full
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectControlGroups=yes
+
+[Install]
+WantedBy=multi-user.target
+EOF
+cat <<'EOF' >/etc/systemd/system/protonmail-bridge-imap.socket
+[Unit]
+Description=Proton Mail Bridge IMAP Socket (143)
+ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized
+
+[Socket]
+ListenStream=143
+Accept=no
+Service=protonmail-bridge-imap-proxy.service
+
+[Install]
+WantedBy=sockets.target
+EOF
+cat <<'EOF' >/etc/systemd/system/protonmail-bridge-imap-proxy.service
+[Unit]
+Description=Proton Mail Bridge IMAP Proxy (143 -> 127.0.0.1:1143)
+After=protonmail-bridge.service
+Requires=protonmail-bridge.service
+ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized
+
+[Service]
+Type=simple
+Sockets=protonmail-bridge-imap.socket
+ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:1143
+NoNewPrivileges=yes
+PrivateTmp=yes
+EOF
+cat <<'EOF' >/etc/systemd/system/protonmail-bridge-smtp.socket
+[Unit]
+Description=Proton Mail Bridge SMTP Socket (587)
+ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized
+
+[Socket]
+ListenStream=587
+Accept=no
+Service=protonmail-bridge-smtp-proxy.service
+
+[Install]
+WantedBy=sockets.target
+EOF
+cat <<'EOF' >/etc/systemd/system/protonmail-bridge-smtp-proxy.service
+[Unit]
+Description=Proton Mail Bridge SMTP Proxy (587 -> 127.0.0.1:1025)
+After=protonmail-bridge.service
+Requires=protonmail-bridge.service
+ConditionPathExists=/home/protonbridge/.protonmailbridge-initialized
+
+[Service]
+Type=simple
+Sockets=protonmail-bridge-smtp.socket
+ExecStart=/usr/lib/systemd/systemd-socket-proxyd 127.0.0.1:1025
+NoNewPrivileges=yes
+PrivateTmp=yes
+EOF
+msg_ok "Created Services"
+
+msg_info "Creating Helper Commands"
+
+cat <<'EOF' >/usr/local/bin/protonmailbridge-configure
+#!/usr/bin/env bash
+set -euo pipefail
+
+BRIDGE_USER="protonbridge"
+BRIDGE_HOME="/home/${BRIDGE_USER}"
+GNUPG_HOME="${BRIDGE_HOME}/.gnupg"
+MARKER="${BRIDGE_HOME}/.protonmailbridge-initialized"
+
+FIRST_TIME=0
+if [[ ! -f "${MARKER}" ]]; then
+  FIRST_TIME=1
+fi
+
+# Stop sockets/proxies/bridge daemon before configuration
+systemctl stop protonmail-bridge-imap.socket protonmail-bridge-smtp.socket
+systemctl stop protonmail-bridge-imap-proxy protonmail-bridge-smtp-proxy protonmail-bridge
+
+if [[ "${FIRST_TIME}" == "1" ]]; then
+  echo "First-time setup: initializing pass keychain for ${BRIDGE_USER} (required by Proton Mail Bridge on Linux)."
+
+  install -d -m 0700 -o "${BRIDGE_USER}" -g "${BRIDGE_USER}" "${GNUPG_HOME}"
+
+  FPR="$(runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \
+    gpg --list-secret-keys --with-colons 2>/dev/null | awk -F: '$1=="fpr"{print $10; exit}')"
+
+  if [[ -z "${FPR}" ]]; then
+    runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \
+      gpg --batch --pinentry-mode loopback --passphrase '' \
+      --quick-gen-key 'ProtonMail Bridge' default default never
+
+    FPR="$(runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \
+      gpg --list-secret-keys --with-colons 2>/dev/null | awk -F: '$1=="fpr"{print $10; exit}')"
+  fi
+
+  if [[ -z "${FPR}" ]]; then
+    echo "Failed to detect a GPG key fingerprint for ${BRIDGE_USER}." >&2
+    exit 1
+  fi
+
+  runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" GNUPGHOME="${GNUPG_HOME}" \
+    pass init "${FPR}"
+
+  echo
+  echo "To do initial configuration of the Proton Mail Bridge:"
+  echo "Run: login"
+  echo "Run: info"
+  echo "Run: exit"
+  echo
+else
+  echo
+  echo "Launching Proton Mail Bridge CLI for configuration."
+  echo "External access is disabled until you exit."
+  echo "Run: exit"
+  echo
+fi
+
+runuser -u "${BRIDGE_USER}" -- env HOME="${BRIDGE_HOME}" \
+  protonmail-bridge -c
+
+if [[ "${FIRST_TIME}" == "1" ]]; then
+  touch "${MARKER}"
+  chown "${BRIDGE_USER}:${BRIDGE_USER}" "${MARKER}"
+  chmod 0644 "${MARKER}"
+fi
+
+systemctl enable -q --now protonmail-bridge.service protonmail-bridge-imap.socket protonmail-bridge-smtp.socket
+
+if [[ "${FIRST_TIME}" == "1" ]]; then
+  echo "Initialization complete. Services enabled and started."
+else
+  echo "Configuration complete. Services enabled and started."
+fi
+EOF
+chmod +x /usr/local/bin/protonmailbridge-configure
+ln -sf /usr/local/bin/protonmailbridge-configure /usr/bin/protonmailbridge-configure
+msg_ok "Created Helper Commands"
+
+motd_ssh
+customize
+cleanup_lxc

misc/tools.func

@@ -5964,14 +5964,14 @@ function setup_mariadb_db() {
 }
 
 # ------------------------------------------------------------------------------
-# Installs or updates MongoDB to specified major version.
+# Installs or updates MongoDB to specified version.
 #
 # Description:
 #   - Preserves data across installations
 #   - Adds official MongoDB repo
 #
 # Variables:
-#   MONGO_VERSION  - MongoDB major version to install (e.g. 7.0, 8.0)
+#   MONGO_VERSION  - MongoDB version to install (e.g. 7.0, 8.2)
 # ------------------------------------------------------------------------------
 
 function setup_mongodb() {
@@ -6044,8 +6044,11 @@ function setup_mongodb() {
   }
 
   # Setup repository
+  # MongoDB 8.x versions beyond 8.0 reuse the server-8.0.asc PGP key
+  local MONGO_KEY_VERSION="${MONGO_VERSION}"
+  [[ "${MONGO_VERSION}" == 8.[1-9]* ]] && MONGO_KEY_VERSION="8.0"
   manage_tool_repository "mongodb" "$MONGO_VERSION" "$MONGO_BASE_URL" \
-    "https://www.mongodb.org/static/pgp/server-${MONGO_VERSION}.asc" || {
+    "https://www.mongodb.org/static/pgp/server-${MONGO_KEY_VERSION}.asc" || {
     msg_error "Failed to setup MongoDB repository"
     return 100
   }