feat(tools): add var_github_token support with token validation

- Add var_github_token to all VAR_WHITELIST arrays in build.func so the
  token can be set via default.vars, app.vars, or environment variable
- Map var_github_token -> GITHUB_TOKEN in default_var_settings() (env
  variable takes precedence over the var file value)
- Add commented var_github_token example to the default.vars template
- Add validate_github_token() to tools.func:
    * Calls GET /user to verify the token is accepted
    * Reports expiry date from x-oauth-expiry header (fine-grained PATs)
    * Warns when classic PAT is missing public_repo scope
    * Returns distinct exit codes: 0=valid, 1=invalid/expired, 2=no scope, 3=error
- Update prompt_for_github_token():
    * Non-interactive path now picks up var_github_token automatically
    * Interactive path also picks up var_github_token without prompting
    * Validates token immediately after entry; loops until valid or Ctrl+C

CHANGELOG.md

@@ -439,42 +439,11 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 </details>
 
-## 2026-04-11
-
-### 🚀 Updated Scripts
-
-  - #### ✨ New Features
-
-    - Immich: Pin version to 2.7.4 [@vhsdream](https://github.com/vhsdream) ([#13661](https://github.com/community-scripts/ProxmoxVE/pull/13661))
-
-  - #### 🔧 Refactor
-
-    - Refactor: Alpine-Wakapi [@tremor021](https://github.com/tremor021) ([#13656](https://github.com/community-scripts/ProxmoxVE/pull/13656))
-
 ## 2026-04-10
 
 ### 🚀 Updated Scripts
 
-  - #### 🐞 Bug Fixes
-
-    - fix: ensure trailing newline in redis.conf before appending bind directive [@Copilot](https://github.com/Copilot) ([#13647](https://github.com/community-scripts/ProxmoxVE/pull/13647))
-
-  - #### ✨ New Features
-
-    - Immich: Pin version to 2.7.3 [@vhsdream](https://github.com/vhsdream) ([#13631](https://github.com/community-scripts/ProxmoxVE/pull/13631))
-    - Homarr: bind Redis to localhost only [@MickLesk](https://github.com/MickLesk) ([#13552](https://github.com/community-scripts/ProxmoxVE/pull/13552))
-
-### 💾 Core
-
-  - #### 🐞 Bug Fixes
-
-    - tools.func: prevent script crash when entering GitHub token after rate limit [@MickLesk](https://github.com/MickLesk) ([#13638](https://github.com/community-scripts/ProxmoxVE/pull/13638))
-
-### 🧰 Tools
-
-  - #### 🔧 Refactor
-
-    - addons: Filebrowser & Filebrowser-Quantum get warning if host install [@MickLesk](https://github.com/MickLesk) ([#13639](https://github.com/community-scripts/ProxmoxVE/pull/13639))
+  - Immich: Pin version to 2.7.3 [@vhsdream](https://github.com/vhsdream) ([#13631](https://github.com/community-scripts/ProxmoxVE/pull/13631))
 
 ## 2026-04-09
 

ct/alpine-wakapi.sh

@@ -44,10 +44,12 @@ function update_script() {
     cp /opt/wakapi/config.yml /opt/wakapi/wakapi_db.db /opt/wakapi-backup/
     msg_ok "Created backup"
 
-    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "wakapi" "muety/wakapi" "prebuild" "latest" "/opt/wakapi" "wakapi_linux_amd64.zip"
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "wakapi" "muety/wakapi" "tarball"
 
     msg_info "Configuring Wakapi"
     cd /opt/wakapi
+    $STD go mod download
+    $STD go build -o wakapi
     cp /opt/wakapi-backup/config.yml /opt/wakapi/
     cp /opt/wakapi-backup/wakapi_db.db /opt/wakapi/
     rm -rf /opt/wakapi-backup

ct/homarr.sh

@@ -65,8 +65,6 @@ EOF
 
     msg_info "Updating Homarr"
     cp /opt/homarr/redis.conf /etc/redis/redis.conf
-    sed -i -e '$a\' /etc/redis/redis.conf
-    grep -q '^bind 127.0.0.1 -::1$' /etc/redis/redis.conf || echo "bind 127.0.0.1 -::1" >> /etc/redis/redis.conf
     rm /etc/nginx/nginx.conf
     cp /opt/homarr/nginx.conf /etc/nginx/templates/nginx.conf
     msg_ok "Updated Homarr"

ct/immich.sh

@@ -109,7 +109,7 @@ EOF
     msg_ok "Image-processing libraries up to date"
   fi
 
-  RELEASE="v2.7.4"
+  RELEASE="v2.7.3"
   if check_for_gh_release "Immich" "immich-app/immich" "${RELEASE}" "each release is tested individually before the version is updated. Please do not open issues for this"; then
     if [[ $(cat ~/.immich) > "2.5.1" ]]; then
       msg_info "Enabling Maintenance Mode"

ct/romm.sh

@@ -54,12 +54,8 @@ function update_script() {
     # Merge static assets into dist folder
     cp -rf /opt/romm/frontend/assets/* /opt/romm/frontend/dist/assets/
     mkdir -p /opt/romm/frontend/dist/assets/romm
-    ROMM_BASE=$(grep '^ROMM_BASE_PATH=' /opt/romm/.env | cut -d'=' -f2)
-    ROMM_BASE=${ROMM_BASE:-/var/lib/romm}
-    ln -sfn "$ROMM_BASE"/resources /opt/romm/frontend/dist/assets/romm/resources
-    ln -sfn "$ROMM_BASE"/assets /opt/romm/frontend/dist/assets/romm/assets
-    sed -i "s|alias .*/library/;|alias ${ROMM_BASE}/library/;|" /etc/nginx/sites-available/romm
-    systemctl reload nginx
+    ln -sfn /var/lib/romm/resources /opt/romm/frontend/dist/assets/romm/resources
+    ln -sfn /var/lib/romm/assets /opt/romm/frontend/dist/assets/romm/assets
     msg_ok "Updated ROMM"
 
     msg_info "Starting Services"

install/alpine-wakapi-install.sh

@@ -18,13 +18,17 @@ $STD apk add --no-cache \
   ca-certificates \
   tzdata
 $STD update-ca-certificates
+$STD apk add --no-cache go --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community
 msg_ok "Installed Dependencies"
 
-fetch_and_deploy_gh_release "wakapi" "muety/wakapi" "prebuild" "latest" "/opt/wakapi" "wakapi_linux_amd64.zip"
+fetch_and_deploy_gh_release "wakapi" "muety/wakapi" "tarball"
 
 msg_info "Configuring Wakapi"
 LOCAL_IP=$(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1)
 cd /opt/wakapi
+$STD go mod download
+$STD go build -o wakapi
+cp config.default.yml config.yml
 sed -i 's/listen_ipv6: ::1/listen_ipv6: "-"/g' config.yml
 sed -i 's/listen_ipv4: 127.0.0.1/listen_ipv4: "0.0.0.0"/g' config.yml
 sed -i "s/public_url: http:\/\/localhost:3000/public_url: http:\/\/$LOCAL_IP:3000/g" config.yml

install/homarr-install.sh

@@ -47,8 +47,6 @@ mkdir -p /appdata/redis
 chown -R redis:redis /appdata/redis
 chmod 744 /appdata/redis
 cp /opt/homarr/redis.conf /etc/redis/redis.conf
-sed -i -e '$a\' /etc/redis/redis.conf
-grep -q '^bind 127.0.0.1 -::1$' /etc/redis/redis.conf || echo "bind 127.0.0.1 -::1" >>/etc/redis/redis.conf
 rm /etc/nginx/nginx.conf
 mkdir -p /etc/nginx/templates
 cp /opt/homarr/nginx.conf /etc/nginx/templates/nginx.conf
@@ -82,7 +80,7 @@ chmod +x /opt/homarr/run.sh
 systemctl daemon-reload
 systemctl enable -q --now redis-server
 systemctl enable -q --now homarr
-systemctl disable -q --now nginx
+systemctl disable -q --now nginx 
 msg_ok "Created Services"
 
 motd_ssh

install/immich-install.sh

@@ -295,7 +295,7 @@ ML_DIR="${APP_DIR}/machine-learning"
 GEO_DIR="${INSTALL_DIR}/geodata"
 mkdir -p {"${APP_DIR}","${UPLOAD_DIR}","${GEO_DIR}","${INSTALL_DIR}"/cache}
 
-fetch_and_deploy_gh_release "Immich" "immich-app/immich" "tarball" "v2.7.4" "$SRC_DIR"
+fetch_and_deploy_gh_release "Immich" "immich-app/immich" "tarball" "v2.7.3" "$SRC_DIR"
 PNPM_VERSION="$(jq -r '.packageManager | split("@")[1] | split("+")[0]' ${SRC_DIR}/package.json)"
 NODE_VERSION="24" NODE_MODULE="pnpm@${PNPM_VERSION}" setup_nodejs
 

install/romm-install.sh

@@ -176,10 +176,8 @@ $STD npm run build
 cp -rf /opt/romm/frontend/assets/* /opt/romm/frontend/dist/assets/
 
 mkdir -p /opt/romm/frontend/dist/assets/romm
-ROMM_BASE=$(grep '^ROMM_BASE_PATH=' /opt/romm/.env | cut -d'=' -f2)
-ROMM_BASE=${ROMM_BASE:-/var/lib/romm}
-ln -sfn "$ROMM_BASE"/resources /opt/romm/frontend/dist/assets/romm/resources
-ln -sfn "$ROMM_BASE"/assets /opt/romm/frontend/dist/assets/romm/assets
+ln -sfn /var/lib/romm/resources /opt/romm/frontend/dist/assets/romm/resources
+ln -sfn /var/lib/romm/assets /opt/romm/frontend/dist/assets/romm/assets
 msg_ok "Set up RomM Frontend"
 
 msg_info "Configuring Nginx"
@@ -253,7 +251,6 @@ server {
 }
 EOF
 
-sed -i "s|alias /var/lib/romm/library/;|alias ${ROMM_BASE}/library/;|" /etc/nginx/sites-available/romm
 rm -f /etc/nginx/sites-enabled/default
 ln -sf /etc/nginx/sites-available/romm /etc/nginx/sites-enabled/romm
 systemctl restart nginx

tools/addon/filebrowser-quantum.sh

@@ -43,21 +43,6 @@ IP=$(ip -4 addr show "$IFACE" | awk '/inet / {print $2}' | cut -d/ -f1 | head -n
 [[ -z "$IP" ]] && IP=$(hostname -I | awk '{print $1}')
 [[ -z "$IP" ]] && IP="127.0.0.1"
 
-# Proxmox Host Warning
-if [[ -d "/etc/pve" ]]; then
-  echo -e "${RD}⚠️  Warning: Running this addon directly on the Proxmox host is not recommended!${CL}"
-  echo -e "${YW}   Only the boot disk will be visible — passthrough drives will not be indexed.${CL}"
-  echo -e "${YW}   This causes incorrect disk usage stats and incomplete file browsing.${CL}"
-  echo -e "${YW}   Run this addon inside an LXC or VM instead and mount your drives there.${CL}"
-  echo ""
-  echo -n "Continue anyway on the Proxmox host? (y/N): "
-  read -r host_confirm
-  if [[ ! "${host_confirm,,}" =~ ^(y|yes)$ ]]; then
-    echo -e "${YW}Aborted.${CL}"
-    exit 0
-  fi
-fi
-
 # OS Detection
 if [[ -f "/etc/alpine-release" ]]; then
   OS="Alpine"

tools/addon/filebrowser.sh

@@ -41,21 +41,6 @@ IP=$(ip -4 addr show "$IFACE" | awk '/inet / {print $2}' | cut -d/ -f1 | head -n
 [[ -z "$IP" ]] && IP=$(hostname -I | awk '{print $1}')
 [[ -z "$IP" ]] && IP="127.0.0.1"
 
-# Proxmox Host Warning
-if [[ -d "/etc/pve" ]]; then
-  echo -e "${RD}⚠️  Warning: Running this addon directly on the Proxmox host is not recommended!${CL}"
-  echo -e "${YW}   Only the boot disk will be visible — passthrough drives will not be indexed.${CL}"
-  echo -e "${YW}   This causes incorrect disk usage stats and incomplete file browsing.${CL}"
-  echo -e "${YW}   Run this addon inside an LXC or VM instead and mount your drives there.${CL}"
-  echo ""
-  echo -n "Continue anyway on the Proxmox host? (y/N): "
-  read -r host_confirm
-  if [[ ! "${host_confirm,,}" =~ ^(y|yes)$ ]]; then
-    echo -e "${YW}Aborted.${CL}"
-    exit 0
-  fi
-fi
-
 # Detect OS
 if [[ -f "/etc/alpine-release" ]]; then
   OS="Alpine"