Update .app files (#12591)

Co-authored-by: GitHub Actions <github-actions[bot]@users.noreply.github.com>

CHANGELOG.md

@@ -410,6 +410,90 @@ Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit
 
 </details>
 
+## 2026-03-05
+
+### 🆕 New Scripts
+
+  - ddclient ([#12587](https://github.com/community-scripts/ProxmoxVE/pull/12587))
+- Netbird ([#12585](https://github.com/community-scripts/ProxmoxVE/pull/12585))
+- Papra ([#12577](https://github.com/community-scripts/ProxmoxVE/pull/12577))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Tianji: Fix the bug introduced by the refactor [@tremor021](https://github.com/tremor021) ([#12564](https://github.com/community-scripts/ProxmoxVE/pull/12564))
+    - PowerDNS: use 'launch=' instead of 'launch+=' for gsqlite3 backend [@MickLesk](https://github.com/MickLesk) ([#12579](https://github.com/community-scripts/ProxmoxVE/pull/12579))
+
+### 💾 Core
+
+  - #### 🔧 Refactor
+
+    - core: add var_os / var_version to whitelist for app.vars [@MickLesk](https://github.com/MickLesk) ([#12576](https://github.com/community-scripts/ProxmoxVE/pull/12576))
+
+## 2026-03-04
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - fix: gitea-mirror [@CrazyWolf13](https://github.com/CrazyWolf13) ([#12549](https://github.com/community-scripts/ProxmoxVE/pull/12549))
+    - fix(immich): correct LibRaw clone URL to official upstream [@DenislavDenev](https://github.com/DenislavDenev) ([#12526](https://github.com/community-scripts/ProxmoxVE/pull/12526))
+    - update: stirling-pdf: java 25 [@CrazyWolf13](https://github.com/CrazyWolf13) ([#12552](https://github.com/community-scripts/ProxmoxVE/pull/12552))
+    - Docmost: register NoopAuditService globally when EE submodule is missing [@MickLesk](https://github.com/MickLesk) ([#12551](https://github.com/community-scripts/ProxmoxVE/pull/12551))
+    - jellyseer/overseer migration corrupting /usr/bin/update [@MickLesk](https://github.com/MickLesk) ([#12539](https://github.com/community-scripts/ProxmoxVE/pull/12539))
+    - PowerDNS: use gsqlite3 backend instead of BIND [@MickLesk](https://github.com/MickLesk) ([#12538](https://github.com/community-scripts/ProxmoxVE/pull/12538))
+    - addon migrations: /usr/bin/update replacement to prevent syntax error [@MickLesk](https://github.com/MickLesk) ([#12540](https://github.com/community-scripts/ProxmoxVE/pull/12540))
+
+  - #### 🔧 Refactor
+
+    - Fluid-Calendar: NodeJS bump [@tremor021](https://github.com/tremor021) ([#12558](https://github.com/community-scripts/ProxmoxVE/pull/12558))
+    - Refactor: LiteLLM [@tremor021](https://github.com/tremor021) ([#12550](https://github.com/community-scripts/ProxmoxVE/pull/12550))
+
+### 💾 Core
+
+  - #### 🐞 Bug Fixes
+
+    - tools: fall back to distro packages for psql [@MickLesk](https://github.com/MickLesk) ([#12542](https://github.com/community-scripts/ProxmoxVE/pull/12542))
+    - fix: whitelist var_searchdomain and fix the handling of var_ns and va… [@tommoyer](https://github.com/tommoyer) ([#12521](https://github.com/community-scripts/ProxmoxVE/pull/12521))
+
+## 2026-03-03
+
+### 🆕 New Scripts
+
+  - Tinyauth: v5 Support & add Debian Version [@MickLesk](https://github.com/MickLesk) ([#12501](https://github.com/community-scripts/ProxmoxVE/pull/12501))
+
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - cross-seed: install build-essential to resolve missing `make` error [@Copilot](https://github.com/Copilot) ([#12522](https://github.com/community-scripts/ProxmoxVE/pull/12522))
+    - meshcentral: increased disk space to 4GB [@MickLesk](https://github.com/MickLesk) ([#12509](https://github.com/community-scripts/ProxmoxVE/pull/12509))
+
+  - #### 🔧 Refactor
+
+    - opnsense-vm: harden temp dir, bridge detection and network selection [@MickLesk](https://github.com/MickLesk) ([#12513](https://github.com/community-scripts/ProxmoxVE/pull/12513))
+
+### 🗑️ Deleted Scripts
+
+  - Remove Unifi Network Server scripts (dead APT repo) [@Copilot](https://github.com/Copilot) ([#12500](https://github.com/community-scripts/ProxmoxVE/pull/12500))
+
+### 💾 Core
+
+  - #### ✨ New Features
+
+    - core: recovery - add ENOSPC disk-full detection with auto-retry using * 2 hdd [@MickLesk](https://github.com/MickLesk) ([#12511](https://github.com/community-scripts/ProxmoxVE/pull/12511))
+
+### 📚 Documentation
+
+  - Fix config_path casing in reactive-resume.json [@ScubyG](https://github.com/ScubyG) ([#12525](https://github.com/community-scripts/ProxmoxVE/pull/12525))
+
+### 🌐 Website
+
+  - #### 🐞 Bug Fixes
+
+    - Revert #11534 PR that messed up search [@BramSuurdje](https://github.com/BramSuurdje) ([#12492](https://github.com/community-scripts/ProxmoxVE/pull/12492))
+
 ## 2026-03-02
 
 ### 🆕 New Scripts

ct/alpine-komodo.sh

@@ -48,9 +48,11 @@ function update_script() {
   fi
 
   msg_info "Migrating update function"
-  cat <<'MIGRATION_EOF' >/usr/bin/update
+  TMP_UPDATE=$(mktemp)
+  cat <<'MIGRATION_EOF' >"$TMP_UPDATE"
 bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/tools/addon/komodo.sh)"
 MIGRATION_EOF
+  mv "$TMP_UPDATE" /usr/bin/update
   chmod +x /usr/bin/update
 
   ln -sf /usr/bin/update /usr/bin/update_komodo 2>/dev/null || true

ct/alpine-tinyauth.sh

@@ -35,6 +35,20 @@ function update_script() {
     $STD service tinyauth stop
     msg_ok "Service Stopped"
 
+    if [[ -f /opt/tinyauth/.env ]] && ! grep -q "^TINYAUTH_" /opt/tinyauth/.env; then
+      msg_info "Migrating .env to v5 format"
+      sed -i \
+        -e 's/^DATABASE_PATH=/TINYAUTH_DATABASE_PATH=/' \
+        -e 's/^USERS=/TINYAUTH_AUTH_USERS=/' \
+        -e "s/^USERS='/TINYAUTH_AUTH_USERS='/" \
+        -e 's/^APP_URL=/TINYAUTH_APPURL=/' \
+        -e 's/^SECRET=/TINYAUTH_AUTH_SECRET=/' \
+        -e 's/^PORT=/TINYAUTH_SERVER_PORT=/' \
+        -e 's/^ADDRESS=/TINYAUTH_SERVER_ADDRESS=/' \
+        /opt/tinyauth/.env
+      msg_ok "Migrated .env to v5 format"
+    fi
+
     msg_info "Updating Tinyauth"
     rm -f /opt/tinyauth/tinyauth
     curl -fsSL "https://github.com/steveiliop56/tinyauth/releases/download/v${RELEASE}/tinyauth-amd64" -o /opt/tinyauth/tinyauth

ct/coolify.sh

@@ -46,9 +46,11 @@ function update_script() {
   fi
 
   msg_info "Migrating update function"
-  cat <<'MIGRATION_EOF' >/usr/bin/update
+  TMP_UPDATE=$(mktemp)
+  cat <<'MIGRATION_EOF' >"$TMP_UPDATE"
 bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/tools/addon/coolify.sh)"
 MIGRATION_EOF
+  mv "$TMP_UPDATE" /usr/bin/update
   chmod +x /usr/bin/update
 
   ln -sf /usr/bin/update /usr/bin/update_coolify 2>/dev/null || true

ct/cross-seed.sh

@@ -25,6 +25,7 @@ function update_script() {
   check_container_resources
 
   NODE_VERSION="24" setup_nodejs
+  ensure_dependencies build-essential
 
   if command -v cross-seed &>/dev/null; then
     current_version=$(cross-seed --version)

ct/ddclient.sh

@@ -1,17 +1,18 @@
 #!/usr/bin/env bash
 source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
-# Copyright (c) 2021-2026 tteck
-# Author: tteck (tteckster)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://ui.com/download/unifi
 
-APP="Unifi"
-var_tags="${var_tags:-network;unifi}"
-var_cpu="${var_cpu:-2}"
-var_ram="${var_ram:-2048}"
-var_disk="${var_disk:-8}"
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: mitchscobell
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://ddclient.net/
+
+APP="ddclient"
+var_tags="${var_tags:-network}"
+var_cpu="${var_cpu:-1}"
+var_ram="${var_ram:-512}"
+var_disk="${var_disk:-2}"
 var_os="${var_os:-debian}"
-var_version="${var_version:-12}"
+var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"
 
 header_info "$APP"
@@ -23,16 +24,16 @@ function update_script() {
   header_info
   check_container_storage
   check_container_resources
-  if [[ ! -d /usr/lib/unifi ]]; then
+  if [[ ! -f /etc/ddclient.conf ]]; then
     msg_error "No ${APP} Installation Found!"
     exit
   fi
 
-  JAVA_VERSION="21" setup_java
-
-  msg_info "Updating ${APP}"
-  $STD apt update --allow-releaseinfo-change
-  ensure_dependencies unifi
+  msg_info "Updating ddclient"
+  $STD apt update
+  $STD apt install --only-upgrade -y ddclient
+  $STD systemctl restart ddclient
+  msg_ok "Updated ddclient"
   msg_ok "Updated successfully!"
   exit
 }
@@ -43,5 +44,3 @@ description
 
 msg_ok "Completed successfully!\n"
 echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
-echo -e "${INFO}${YW} Access it using the following URL:${CL}"
-echo -e "${TAB}${GATEWAY}${BGN}https://${IP}:8443${CL}"

ct/dockge.sh

@@ -48,9 +48,11 @@ function update_script() {
   fi
 
   msg_info "Migrating update function"
-  cat <<'MIGRATION_EOF' >/usr/bin/update
+  TMP_UPDATE=$(mktemp)
+  cat <<'MIGRATION_EOF' >"$TMP_UPDATE"
 bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/tools/addon/dockge.sh)"
 MIGRATION_EOF
+  mv "$TMP_UPDATE" /usr/bin/update
   chmod +x /usr/bin/update
 
   ln -sf /usr/bin/update /usr/bin/update_dockge 2>/dev/null || true

ct/docmost.sh

@@ -48,6 +48,17 @@ function update_script() {
     cd /opt/docmost
     mv /opt/.env /opt/docmost/.env
     mv /opt/data /opt/docmost/data
+
+    # Fix: Docmost EE (audit logs etc.) lives in a git submodule that is NOT
+    # included in GitHub tarballs.  The community NoopAuditService exists but
+    # is only exported by CoreModule – child modules such as UserModule cannot
+    # resolve it.  Making CoreModule @Global() exposes the token app-wide.
+    if [[ ! -f /opt/docmost/apps/server/src/ee/ee.module.ts ]] \
+      && ! grep -q '@Global()' /opt/docmost/apps/server/src/core/core.module.ts 2>/dev/null; then
+      sed -i '/^  Module,$/a\  Global,' /opt/docmost/apps/server/src/core/core.module.ts
+      sed -i '/^@Module({$/i @Global()' /opt/docmost/apps/server/src/core/core.module.ts
+    fi
+
     $STD pnpm install --force
     $STD pnpm build
     msg_ok "Updated ${APP}"

ct/dokploy.sh

@@ -46,9 +46,11 @@ function update_script() {
   fi
 
   msg_info "Migrating update function"
-  cat <<'MIGRATION_EOF' >/usr/bin/update
+  TMP_UPDATE=$(mktemp)
+  cat <<'MIGRATION_EOF' >"$TMP_UPDATE"
 bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/tools/addon/dokploy.sh)"
 MIGRATION_EOF
+  mv "$TMP_UPDATE" /usr/bin/update
   chmod +x /usr/bin/update
 
   ln -sf /usr/bin/update /usr/bin/update_dokploy 2>/dev/null || true

ct/fluid-calendar.sh

@@ -28,6 +28,9 @@ function update_script() {
     msg_error "No ${APP} Installation Found!"
     exit
   fi
+
+  NODE_VERSION="24" setup_nodejs
+
   if check_for_gh_release "fluid-calendar" "dotnetfactory/fluid-calendar"; then
     msg_info "Stopping Service"
     systemctl stop fluid-calendar
@@ -45,7 +48,7 @@ function update_script() {
     $STD npx prisma migrate deploy
     $STD npm run build:os
     msg_ok "Updated Fluid Calendar"
-    
+
     msg_info "Starting Service"
     systemctl start fluid-calendar
     msg_ok "Started Service"

ct/gitea-mirror.sh

@@ -87,6 +87,8 @@ EOF
     msg_ok "Old Enviroment fixed"
   fi
 
+  ensure_dependencies git
+
   if check_for_gh_release "gitea-mirror" "RayLabsHQ/gitea-mirror"; then
     msg_info "Stopping Services"
     systemctl stop gitea-mirror
@@ -94,7 +96,7 @@ EOF
 
     msg_info "Backup Data"
     mkdir -p /opt/gitea-mirror-backup/data
-    cp /opt/gitea-mirror/data/* /opt/gitea-mirror-backup/data/
+    cp -r /opt/gitea-mirror/data/* /opt/gitea-mirror-backup/data/
     msg_ok "Backup Data"
 
     msg_info "Installing Bun"
@@ -111,12 +113,11 @@ EOF
     $STD bun run setup
     $STD bun run build
     APP_VERSION=$(grep -o '"version": *"[^"]*"' package.json | cut -d'"' -f4)
-
-    sudo sed -i.bak "s|^npm_package_version=.*|npm_package_version=${APP_VERSION}|" /opt/gitea-mirror.env
+    sed -i.bak "s|^npm_package_version=.*|npm_package_version=${APP_VERSION}|" /opt/gitea-mirror.env
     msg_ok "Updated and rebuilt ${APP}"
 
     msg_info "Restoring Data"
-    cp /opt/gitea-mirror-backup/data/* /opt/gitea-mirror/data
+    cp -r /opt/gitea-mirror-backup/data/* /opt/gitea-mirror/data
     msg_ok "Restored Data"
 
     msg_info "Starting Service"

ct/headers/ddclient

@@ -0,0 +1,6 @@
+       __    __     ___            __ 
+  ____/ /___/ /____/ (_)__  ____  / /_
+ / __  / __  / ___/ / / _ \/ __ \/ __/
+/ /_/ / /_/ / /__/ / /  __/ / / / /_  
+\__,_/\__,_/\___/_/_/\___/_/ /_/\__/  
+                                      

ct/headers/netbird

@@ -0,0 +1,6 @@
+    _   __     __  ____  _          __
+   / | / /__  / /_/ __ )(_)________/ /
+  /  |/ / _ \/ __/ __  / / ___/ __  / 
+ / /|  /  __/ /_/ /_/ / / /  / /_/ /  
+/_/ |_/\___/\__/_____/_/_/   \__,_/   
+                                      

ct/headers/papra

@@ -0,0 +1,6 @@
+    ____                        
+   / __ \____ _____  _________ _
+  / /_/ / __ `/ __ \/ ___/ __ `/
+ / ____/ /_/ / /_/ / /  / /_/ / 
+/_/    \__,_/ .___/_/   \__,_/  
+           /_/                  

ct/headers/tinyauth

@@ -0,0 +1,6 @@
+  _______                         __  __  
+ /_  __(_)___  __  ______ ___  __/ /_/ /_ 
+  / / / / __ \/ / / / __ `/ / / / __/ __ \
+ / / / / / / / /_/ / /_/ / /_/ / /_/ / / /
+/_/ /_/_/ /_/\__, /\__,_/\__,_/\__/_/ /_/ 
+            /____/                        

ct/headers/unifi

@@ -1,6 +0,0 @@
-   __  __      _ _____ 
-  / / / /___  (_) __(_)
- / / / / __ \/ / /_/ / 
-/ /_/ / / / / / __/ /  
-\____/_/ /_/_/_/ /_/   
-                       

ct/immich.sh

@@ -337,7 +337,7 @@ function compile_libraw() {
   if [[ "$LIBRAW_REVISION" != "$(grep 'libraw' ~/.immich_library_revisions | awk '{print $2}')" ]]; then
     msg_info "Recompiling libraw"
     [[ -d "$SOURCE" ]] && rm -rf "$SOURCE"
-    $STD git clone https://github.com/libraw/libraw.git "$SOURCE"
+    $STD git clone https://github.com/LibRaw/LibRaw.git "$SOURCE"
     cd "$SOURCE"
     $STD git reset --hard "$LIBRAW_REVISION"
     $STD autoreconf --install

ct/jellyseerr.sh

@@ -45,14 +45,15 @@ function update_script() {
     fi
 
     msg_info "Switching update script to Seerr"
-    cat <<'EOF' >/usr/bin/update
-#!/usr/bin/env bash
+    TMP_UPDATE=$(mktemp)
+    cat <<'EOF' >"$TMP_UPDATE"
 bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/seerr.sh)"
 EOF
+    mv "$TMP_UPDATE" /usr/bin/update
     chmod +x /usr/bin/update
     msg_ok "Switched update script to Seerr"
     msg_warn "Please type 'update' again to complete the migration"
-    exit
+    exit 0
   fi
 
   msg_info "Updating Jellyseerr"

ct/komodo.sh

@@ -52,9 +52,11 @@ function update_script() {
   fi
 
   msg_info "Migrating update function"
-  cat <<'MIGRATION_EOF' >/usr/bin/update
+  TMP_UPDATE=$(mktemp)
+  cat <<'MIGRATION_EOF' >"$TMP_UPDATE"
 bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/tools/addon/komodo.sh)"
 MIGRATION_EOF
+  mv "$TMP_UPDATE" /usr/bin/update
   chmod +x /usr/bin/update
 
   ln -sf /usr/bin/update /usr/bin/update_komodo 2>/dev/null || true

ct/litellm.sh

@@ -34,7 +34,7 @@ function update_script() {
   msg_ok "Stopped Service"
 
   VENV_PATH="/opt/litellm/.venv"
-  PYTHON_VERSION="3.13" setup_uv
+  PYTHON_VERSION="3.13" USE_UVX="YES" setup_uv
 
   msg_info "Updating LiteLLM"
   $STD "$VENV_PATH/bin/python" -m pip install --upgrade litellm[proxy] prisma

ct/meshcentral.sh

@@ -9,7 +9,7 @@ APP="MeshCentral"
 var_tags="${var_tags:-remote-management}"
 var_cpu="${var_cpu:-1}"
 var_ram="${var_ram:-512}"
-var_disk="${var_disk:-2}"
+var_disk="${var_disk:-4}"
 var_os="${var_os:-debian}"
 var_version="${var_version:-13}"
 var_unprivileged="${var_unprivileged:-1}"

ct/netbird.sh

@@ -0,0 +1,47 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: TechHutTV
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://netbird.io/
+
+APP="NetBird"
+var_tags="${var_tags:-network;vpn}"
+var_cpu="${var_cpu:-1}"
+var_ram="${var_ram:-512}"
+var_disk="${var_disk:-4}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+var_tun="${var_tun:-yes}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -f /etc/netbird/config.json ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  msg_info "Updating Netbird"
+  $STD apt update
+  $STD apt upgrade -y
+  msg_ok "Updated successfully!"
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access NetBird by entering the container and running:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}netbird up${CL}"

ct/overseerr.sh

@@ -44,10 +44,11 @@ function update_script() {
     fi
 
     msg_info "Switching update script to Seerr"
-    cat <<'EOF' >/usr/bin/update
-#!/usr/bin/env bash
+    TMP_UPDATE=$(mktemp)
+    cat <<'EOF' >"$TMP_UPDATE"
 bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/seerr.sh)"
 EOF
+    mv "$TMP_UPDATE" /usr/bin/update
     chmod +x /usr/bin/update
     msg_ok "Switched update script to Seerr"
     msg_warn "Please type 'update' again to complete the migration"

ct/papra.sh

@@ -0,0 +1,68 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/papra-hq/papra
+
+APP="Papra"
+var_tags="${var_tags:-document-management}"
+var_cpu="${var_cpu:-2}"
+var_ram="${var_ram:-2048}"
+var_disk="${var_disk:-10}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+
+  if [[ ! -d /opt/papra ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "papra" "papra-hq/papra"; then
+    msg_info "Stopping Service"
+    systemctl stop papra
+    msg_ok "Stopped Service"
+
+    msg_info "Backing up Configuration"
+    cp /opt/papra/apps/papra-server/.env /opt/papra_env.bak
+    msg_ok "Backed up Configuration"
+
+    CLEAN_INSTALL=1 fetch_and_deploy_gh_release "papra" "papra-hq/papra" "tarball"
+
+    msg_info "Building Application"
+    cd /opt/papra
+    cp /opt/papra_env.bak /opt/papra/apps/papra-server/.env
+    $STD pnpm install --frozen-lockfile
+    $STD pnpm --filter "@papra/app-client..." run build
+    $STD pnpm --filter "@papra/app-server..." run build
+    ln -sf /opt/papra/apps/papra-client/dist /opt/papra/apps/papra-server/public
+    rm -f /opt/papra_env.bak
+    msg_ok "Built Application"
+
+    msg_info "Starting Service"
+    systemctl start papra
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:1221${CL}"

ct/powerdns.sh

@@ -47,7 +47,10 @@ function update_script() {
     cp /opt/poweradmin_powerdns.db.bak /opt/poweradmin/powerdns.db
     rm -rf /opt/poweradmin/install
     rm -f /opt/poweradmin_settings.php.bak /opt/poweradmin_powerdns.db.bak
-    chown -R www-data:www-data /opt/poweradmin
+    chown -R www-data:pdns /opt/poweradmin
+    chmod 775 /opt/poweradmin
+    chown pdns:pdns /opt/poweradmin/powerdns.db
+    chmod 664 /opt/poweradmin/powerdns.db
     msg_ok "Updated Poweradmin"
 
     msg_info "Restarting Services"

ct/runtipi.sh

@@ -46,9 +46,11 @@ function update_script() {
   fi
 
   msg_info "Migrating update function"
-  cat <<'MIGRATION_EOF' >/usr/bin/update
+  TMP_UPDATE=$(mktemp)
+  cat <<'MIGRATION_EOF' >"$TMP_UPDATE"
 bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/tools/addon/runtipi.sh)"
 MIGRATION_EOF
+  mv "$TMP_UPDATE" /usr/bin/update
   chmod +x /usr/bin/update
 
   ln -sf /usr/bin/update /usr/bin/update_runtipi 2>/dev/null || true

ct/stirling-pdf.sh

@@ -35,7 +35,7 @@ function update_script() {
     fi
 
     PYTHON_VERSION="3.12" setup_uv
-    JAVA_VERSION="21" setup_java
+    JAVA_VERSION="25" setup_java
 
     msg_info "Stopping Services"
     systemctl stop stirlingpdf libreoffice-listener unoserver

ct/tinyauth.sh

@@ -0,0 +1,53 @@
+#!/usr/bin/env bash
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/steveiliop56/tinyauth
+
+APP="Tinyauth"
+var_tags="${var_tags:-auth}"
+var_cpu="${var_cpu:-1}"
+var_ram="${var_ram:-512}"
+var_disk="${var_disk:-4}"
+var_os="${var_os:-debian}"
+var_version="${var_version:-13}"
+var_unprivileged="${var_unprivileged:-1}"
+
+header_info "$APP"
+variables
+color
+catch_errors
+
+function update_script() {
+  header_info
+  check_container_storage
+  check_container_resources
+  if [[ ! -d /opt/tinyauth ]]; then
+    msg_error "No ${APP} Installation Found!"
+    exit
+  fi
+
+  if check_for_gh_release "tinyauth" "steveiliop56/tinyauth"; then
+    msg_info "Stopping Service"
+    systemctl stop tinyauth
+    msg_ok "Stopped Service"
+
+    fetch_and_deploy_gh_release "tinyauth" "steveiliop56/tinyauth" "singlefile" "latest" "/opt/tinyauth" "tinyauth-amd64"
+
+    msg_info "Starting Service"
+    systemctl start tinyauth
+    msg_ok "Started Service"
+    msg_ok "Updated successfully!"
+  fi
+  exit
+}
+
+start
+build_container
+description
+
+msg_ok "Completed successfully!\n"
+echo -e "${CREATING}${GN}${APP} setup has been successfully initialized!${CL}"
+echo -e "${INFO}${YW} Access it using the following URL:${CL}"
+echo -e "${TAB}${GATEWAY}${BGN}http://${IP}:3000${CL}"

frontend/public/json/ddclient.json

@@ -0,0 +1,44 @@
+{
+  "name": "ddclient",
+  "slug": "ddclient",
+  "categories": [
+    4
+  ],
+  "date_created": "2026-03-05",
+  "type": "ct",
+  "updateable": true,
+  "privileged": false,
+  "interface_port": null,
+  "documentation": "https://ddclient.net/",
+  "website": "https://ddclient.net/",
+  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/ddclient.webp",
+  "config_path": "/etc/ddclient.conf",
+  "description": "ddclient is a Perl client used to update dynamic DNS entries for accounts on a wide range of dynamic DNS service providers. It supports multiple protocols and providers, allowing automatic IP address updates for your domain names.",
+  "install_methods": [
+    {
+      "type": "default",
+      "script": "ct/ddclient.sh",
+      "resources": {
+        "cpu": 1,
+        "ram": 512,
+        "hdd": 2,
+        "os": "debian",
+        "version": "13"
+      }
+    }
+  ],
+  "default_credentials": {
+    "username": null,
+    "password": null
+  },
+  "notes": [
+    {
+      "type": "info",
+      "text": "After installation, edit `/etc/ddclient.conf` with your dynamic DNS provider credentials"
+    },
+    {
+      "type": "info",
+      "text": "Sample configuration is created for Namecheap but can be modified for other providers"
+    }
+  ]
+}

frontend/public/json/github-versions.json

@@ -1,5 +1,5 @@
 {
-  "generated": "2026-03-02T18:14:19Z",
+  "generated": "2026-03-05T12:12:30Z",
   "versions": [
     {
       "slug": "2fauth",
@@ -39,9 +39,9 @@
     {
       "slug": "ampache",
       "repo": "ampache/ampache",
-      "version": "7.9.1",
+      "version": "7.9.2",
       "pinned": false,
-      "date": "2026-02-25T08:52:58Z"
+      "date": "2026-03-05T03:54:03Z"
     },
     {
       "slug": "argus",
@@ -193,9 +193,9 @@
     {
       "slug": "checkmate",
       "repo": "bluewave-labs/Checkmate",
-      "version": "v3.4.0",
+      "version": "v3.5.0",
       "pinned": false,
-      "date": "2026-02-20T21:08:55Z"
+      "date": "2026-03-04T19:51:22Z"
     },
     {
       "slug": "cleanuparr",
@@ -214,9 +214,9 @@
     {
       "slug": "comfyui",
       "repo": "comfyanonymous/ComfyUI",
-      "version": "v0.15.1",
+      "version": "v0.16.0",
       "pinned": false,
-      "date": "2026-02-26T22:01:35Z"
+      "date": "2026-03-05T10:35:07Z"
     },
     {
       "slug": "commafeed",
@@ -242,9 +242,9 @@
     {
       "slug": "cosmos",
       "repo": "azukaar/Cosmos-Server",
-      "version": "v0.21.6",
+      "version": "v0.21.7",
       "pinned": false,
-      "date": "2026-02-28T22:00:49Z"
+      "date": "2026-03-03T18:15:29Z"
     },
     {
       "slug": "cronicle",
@@ -291,16 +291,16 @@
     {
       "slug": "dispatcharr",
       "repo": "Dispatcharr/Dispatcharr",
-      "version": "v0.20.1",
+      "version": "v0.20.2",
       "pinned": false,
-      "date": "2026-02-26T21:38:19Z"
+      "date": "2026-03-03T01:40:33Z"
     },
     {
       "slug": "docmost",
       "repo": "docmost/docmost",
-      "version": "v0.25.3",
+      "version": "v0.70.1",
       "pinned": false,
-      "date": "2026-02-10T02:58:23Z"
+      "date": "2026-03-04T12:54:49Z"
     },
     {
       "slug": "domain-locker",
@@ -382,9 +382,9 @@
     {
       "slug": "firefly",
       "repo": "firefly-iii/firefly-iii",
-      "version": "v6.5.1",
+      "version": "v6.5.3",
       "pinned": false,
-      "date": "2026-02-27T20:55:55Z"
+      "date": "2026-03-04T06:53:02Z"
     },
     {
       "slug": "fladder",
@@ -438,9 +438,9 @@
     {
       "slug": "ghostfolio",
       "repo": "ghostfolio/ghostfolio",
-      "version": "2.245.0",
+      "version": "2.247.0",
       "pinned": false,
-      "date": "2026-03-01T09:09:57Z"
+      "date": "2026-03-04T07:48:00Z"
     },
     {
       "slug": "gitea",
@@ -452,9 +452,9 @@
     {
       "slug": "gitea-mirror",
       "repo": "RayLabsHQ/gitea-mirror",
-      "version": "v3.11.0",
+      "version": "v3.12.2",
       "pinned": false,
-      "date": "2026-03-02T10:19:59Z"
+      "date": "2026-03-05T04:26:50Z"
     },
     {
       "slug": "glance",
@@ -473,9 +473,9 @@
     {
       "slug": "gokapi",
       "repo": "Forceu/Gokapi",
-      "version": "v2.2.2",
+      "version": "v2.2.3",
       "pinned": false,
-      "date": "2026-01-31T21:11:27Z"
+      "date": "2026-03-04T21:29:16Z"
     },
     {
       "slug": "gotify",
@@ -557,9 +557,9 @@
     {
       "slug": "homebox",
       "repo": "sysadminsmedia/homebox",
-      "version": "v0.23.1",
+      "version": "v0.24.0",
       "pinned": false,
-      "date": "2026-02-01T22:53:32Z"
+      "date": "2026-03-03T16:09:55Z"
     },
     {
       "slug": "homepage",
@@ -585,9 +585,9 @@
     {
       "slug": "immich-public-proxy",
       "repo": "alangrainger/immich-public-proxy",
-      "version": "v1.15.3",
+      "version": "v1.15.4",
       "pinned": false,
-      "date": "2026-02-16T22:54:27Z"
+      "date": "2026-03-02T21:28:06Z"
     },
     {
       "slug": "inspircd",
@@ -613,9 +613,9 @@
     {
       "slug": "jackett",
       "repo": "Jackett/Jackett",
-      "version": "v0.24.1247",
+      "version": "v0.24.1287",
       "pinned": false,
-      "date": "2026-03-02T05:56:37Z"
+      "date": "2026-03-05T05:49:33Z"
     },
     {
       "slug": "jellystat",
@@ -669,9 +669,9 @@
     {
       "slug": "kima-hub",
       "repo": "Chevron7Locked/kima-hub",
-      "version": "v1.6.0",
+      "version": "v1.6.2",
       "pinned": false,
-      "date": "2026-03-02T05:43:31Z"
+      "date": "2026-03-05T05:38:02Z"
     },
     {
       "slug": "kimai",
@@ -690,9 +690,9 @@
     {
       "slug": "koel",
       "repo": "koel/koel",
-      "version": "v8.3.0",
+      "version": "v8.3.1",
       "pinned": false,
-      "date": "2026-01-08T21:32:58Z"
+      "date": "2026-03-04T08:22:06Z"
     },
     {
       "slug": "koillection",
@@ -753,9 +753,9 @@
     {
       "slug": "libretranslate",
       "repo": "LibreTranslate/LibreTranslate",
-      "version": "v1.9.4",
+      "version": "v1.9.5",
       "pinned": false,
-      "date": "2026-02-24T17:06:05Z"
+      "date": "2026-03-03T18:25:04Z"
     },
     {
       "slug": "lidarr",
@@ -872,9 +872,9 @@
     {
       "slug": "metube",
       "repo": "alexta69/metube",
-      "version": "2026.02.27",
+      "version": "2026.03.03",
       "pinned": false,
-      "date": "2026-02-27T11:47:02Z"
+      "date": "2026-03-03T19:15:55Z"
     },
     {
       "slug": "miniflux",
@@ -921,9 +921,9 @@
     {
       "slug": "netbox",
       "repo": "netbox-community/netbox",
-      "version": "v4.5.3",
+      "version": "v4.5.4",
       "pinned": false,
-      "date": "2026-02-17T15:39:18Z"
+      "date": "2026-03-03T20:32:16Z"
     },
     {
       "slug": "nextcloud-exporter",
@@ -942,9 +942,9 @@
     {
       "slug": "nightscout",
       "repo": "nightscout/cgm-remote-monitor",
-      "version": "v15.0.5",
+      "version": "v15.0.6",
       "pinned": false,
-      "date": "2026-03-01T21:22:37Z"
+      "date": "2026-03-03T23:04:35Z"
     },
     {
       "slug": "nocodb",
@@ -1061,9 +1061,9 @@
     {
       "slug": "paperless-ngx",
       "repo": "paperless-ngx/paperless-ngx",
-      "version": "v2.20.9",
+      "version": "v2.20.10",
       "pinned": false,
-      "date": "2026-02-28T10:17:35Z"
+      "date": "2026-03-04T19:20:57Z"
     },
     {
       "slug": "patchmon",
@@ -1229,9 +1229,9 @@
     {
       "slug": "pulse",
       "repo": "rcourtman/Pulse",
-      "version": "v5.1.17",
+      "version": "v5.1.19",
       "pinned": false,
-      "date": "2026-03-02T17:52:12Z"
+      "date": "2026-03-05T11:14:54Z"
     },
     {
       "slug": "pve-scripts-local",
@@ -1355,9 +1355,9 @@
     {
       "slug": "scanopy",
       "repo": "scanopy/scanopy",
-      "version": "v0.14.11",
+      "version": "v0.14.12",
       "pinned": false,
-      "date": "2026-03-02T08:48:42Z"
+      "date": "2026-03-05T07:24:59Z"
     },
     {
       "slug": "scraparr",
@@ -1369,9 +1369,9 @@
     {
       "slug": "seaweedfs",
       "repo": "seaweedfs/seaweedfs",
-      "version": "4.13",
+      "version": "4.15",
       "pinned": false,
-      "date": "2026-02-17T01:09:45Z"
+      "date": "2026-03-05T06:30:30Z"
     },
     {
       "slug": "seelf",
@@ -1446,9 +1446,9 @@
     {
       "slug": "sonobarr",
       "repo": "Dodelidoo-Labs/sonobarr",
-      "version": "0.11.0",
+      "version": "0.12.1",
       "pinned": false,
-      "date": "2026-01-21T19:07:21Z"
+      "date": "2026-03-03T13:43:02Z"
     },
     {
       "slug": "speedtest-tracker",
@@ -1467,16 +1467,16 @@
     {
       "slug": "sportarr",
       "repo": "Sportarr/Sportarr",
-      "version": "v4.0.983.1057",
+      "version": "v4.0.985.1060",
       "pinned": false,
-      "date": "2026-01-26T18:54:50Z"
+      "date": "2026-03-04T01:00:04Z"
     },
     {
       "slug": "stirling-pdf",
       "repo": "Stirling-Tools/Stirling-PDF",
-      "version": "v2.5.3",
+      "version": "v2.6.0",
       "pinned": false,
-      "date": "2026-02-23T23:23:39Z"
+      "date": "2026-03-03T20:46:42Z"
     },
     {
       "slug": "streamlink-webui",
@@ -1562,6 +1562,13 @@
       "pinned": false,
       "date": "2026-02-13T16:30:09Z"
     },
+    {
+      "slug": "tinyauth",
+      "repo": "steveiliop56/tinyauth",
+      "version": "v5.0.1",
+      "pinned": false,
+      "date": "2026-03-04T21:05:05Z"
+    },
     {
       "slug": "traccar",
       "repo": "traccar/traccar",
@@ -1572,9 +1579,9 @@
     {
       "slug": "tracearr",
       "repo": "connorgallopo/Tracearr",
-      "version": "v1.4.19",
+      "version": "v1.4.21",
       "pinned": false,
-      "date": "2026-02-28T21:25:47Z"
+      "date": "2026-03-03T18:43:20Z"
     },
     {
       "slug": "tracktor",
@@ -1600,9 +1607,9 @@
     {
       "slug": "trip",
       "repo": "itskovacs/TRIP",
-      "version": "1.41.0",
+      "version": "1.41.1",
       "pinned": false,
-      "date": "2026-02-23T17:57:31Z"
+      "date": "2026-03-04T07:25:35Z"
     },
     {
       "slug": "tududi",
@@ -1642,9 +1649,9 @@
     {
       "slug": "upgopher",
       "repo": "wanetty/upgopher",
-      "version": "v1.14.0",
+      "version": "v1.15.2",
       "pinned": false,
-      "date": "2026-02-24T22:43:34Z"
+      "date": "2026-03-03T13:40:45Z"
     },
     {
       "slug": "upsnap",
@@ -1656,9 +1663,9 @@
     {
       "slug": "uptimekuma",
       "repo": "louislam/uptime-kuma",
-      "version": "2.1.3",
+      "version": "2.2.0",
       "pinned": false,
-      "date": "2026-02-19T05:37:30Z"
+      "date": "2026-03-05T02:08:14Z"
     },
     {
       "slug": "vaultwarden",
@@ -1712,9 +1719,9 @@
     {
       "slug": "watcharr",
       "repo": "sbondCo/Watcharr",
-      "version": "v2.1.1",
+      "version": "v3.0.0",
       "pinned": false,
-      "date": "2025-07-15T22:38:01Z"
+      "date": "2026-03-04T09:29:14Z"
     },
     {
       "slug": "watchyourlan",
@@ -1733,9 +1740,9 @@
     {
       "slug": "wealthfolio",
       "repo": "afadil/wealthfolio",
-      "version": "v3.0.0",
+      "version": "v3.0.3",
       "pinned": false,
-      "date": "2026-02-24T22:37:05Z"
+      "date": "2026-03-03T21:47:55Z"
     },
     {
       "slug": "web-check",
@@ -1817,9 +1824,9 @@
     {
       "slug": "zitadel",
       "repo": "zitadel/zitadel",
-      "version": "v4.12.0",
+      "version": "v4.12.1",
       "pinned": false,
-      "date": "2026-03-02T08:16:10Z"
+      "date": "2026-03-04T12:40:17Z"
     },
     {
       "slug": "zoraxy",
@@ -1831,9 +1838,9 @@
     {
       "slug": "zwave-js-ui",
       "repo": "zwave-js/zwave-js-ui",
-      "version": "v11.12.0",
+      "version": "v11.13.0",
       "pinned": false,
-      "date": "2026-02-19T10:14:19Z"
+      "date": "2026-03-04T15:09:54Z"
     }
   ]
 }

frontend/public/json/meshcentral.json

@@ -21,7 +21,7 @@
       "resources": {
         "cpu": 1,
         "ram": 512,
-        "hdd": 2,
+        "hdd": 4,
         "os": "debian",
         "version": "13"
       }

frontend/public/json/netbird.json

@@ -0,0 +1,50 @@
+{
+  "name": "NetBird",
+  "slug": "netbird",
+  "categories": [4],
+  "date_created": "2026-03-05",
+  "type": "ct",
+  "updateable": true,
+  "privileged": false,
+  "interface_port": null,
+  "documentation": "https://docs.netbird.io/",
+  "website": "https://netbird.io/",
+  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/netbird.webp",
+  "config_path": "/etc/netbird/config.json",
+  "description": "NetBird is an open source VPN management platform that creates secure peer-to-peer networks using WireGuard. It enables secure connectivity between devices anywhere in the world without complex firewall configurations or port forwarding. NetBird offers features like zero-configuration networking, SSO integration, access control policies, and a centralized management dashboard. It's designed to be simple to deploy and manage, making it ideal for connecting remote teams, securing IoT devices, or building secure infrastructure networks.",
+  "install_methods": [
+    {
+      "type": "default",
+      "script": "ct/netbird.sh",
+      "resources": {
+        "cpu": 1,
+        "ram": 512,
+        "hdd": 4,
+        "os": "debian",
+        "version": "13"
+      }
+    }
+  ],
+  "default_credentials": {
+    "username": null,
+    "password": null
+  },
+  "notes": [
+    {
+      "text": "The NetBird client (agent) allows a peer to join a pre-existing NetBird deployment. If a NetBird deployment is not yet available, there are both managed and self-hosted options available.",
+      "type": "info"
+    },
+    {
+      "text": "After installation, enter the container and run `netbird` to view the commands.",
+      "type": "info"
+    },
+    {
+      "text": "Use a Setup Key from your NetBird dashboard or SSO login to authenticate during setup or in the container.",
+      "type": "info"
+    },
+    {
+      "text": "Check connection status with `netbird status`.",
+      "type": "info"
+    }
+  ]
+}

frontend/public/json/papra.json

@@ -0,0 +1,56 @@
+{
+  "name": "Papra",
+  "slug": "papra",
+  "categories": [
+    12
+  ],
+  "date_created": "2026-03-05",
+  "type": "ct",
+  "updateable": true,
+  "privileged": false,
+  "interface_port": 1221,
+  "documentation": "https://github.com/CorentinTh/papra",
+  "website": "https://github.com/CorentinTh/papra",
+  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/papra.webp",
+  "config_path": "/opt/papra/.env",
+  "description": "Papra is a modern, self-hosted document management system with full-text search, OCR support, and automatic document processing. Built with Node.js and featuring a clean web interface for organizing and managing your documents.",
+  "install_methods": [
+    {
+      "type": "default",
+      "script": "ct/papra.sh",
+      "resources": {
+        "cpu": 2,
+        "ram": 2048,
+        "hdd": 10,
+        "os": "debian",
+        "version": "13"
+      }
+    }
+  ],
+  "default_credentials": {
+    "username": null,
+    "password": null
+  },
+  "notes": [
+    {
+      "text": "First visit will prompt you to create an account",
+      "type": "info"
+    },
+    {
+      "text": "Tesseract OCR is pre-installed for all languages",
+      "type": "info"
+    },
+    {
+      "text": "Documents are stored in /opt/papra/app-data/documents",
+      "type": "info"
+    },
+    {
+      "text": "Ingestion folder available at /opt/papra/ingestion for automatic document import",
+      "type": "info"
+    },
+    {
+      "text": "Email functionality runs in dry-run mode by default",
+      "type": "warning"
+    }
+  ]
+}

frontend/public/json/reactive-resume.json

@@ -12,7 +12,7 @@
   "documentation": "https://docs.rxresume.org/",
   "website": "https://rxresume.org",
   "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/reactive-resume.webp",
-  "config_path": "/opt/reactive-resume/.env",
+  "config_path": "/opt/Reactive-Resume/.env",
   "description": "A one-of-a-kind resume builder that keeps your privacy in mind. Completely secure, customizable, portable, open-source and free forever.",
   "install_methods": [
     {

frontend/public/json/tinyauth.json

@@ -1,10 +1,10 @@
 {
-  "name": "Alpine-Tinyauth",
-  "slug": "alpine-tinyauth",
+  "name": "Tinyauth",
+  "slug": "tinyauth",
   "categories": [
     6
   ],
-  "date_created": "2025-05-06",
+  "date_created": "2026-03-03",
   "type": "ct",
   "updateable": true,
   "privileged": false,
@@ -17,13 +17,13 @@
   "install_methods": [
     {
       "type": "default",
-      "script": "ct/alpine-tinyauth.sh",
+      "script": "ct/tinyauth.sh",
       "resources": {
         "cpu": 1,
-        "ram": 256,
-        "hdd": 2,
-        "os": "alpine",
-        "version": "3.23"
+        "ram": 512,
+        "hdd": 4,
+        "os": "debian",
+        "version": "13"
       }
     },
     {

frontend/public/json/unifi.json

@@ -1,42 +0,0 @@
-{
-  "name": "UniFi Network Server",
-  "slug": "unifi",
-  "categories": [
-    4
-  ],
-  "date_created": "2024-05-02",
-  "type": "ct",
-  "updateable": true,
-  "privileged": false,
-  "interface_port": 8443,
-  "documentation": "https://help.ui.com/hc/en-us/articles/360012282453-Self-Hosting-a-UniFi-Network-Server",
-  "website": "https://www.ui.com/",
-  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/ubiquiti-unifi.webp",
-  "config_path": "",
-  "description": "UniFi Network Server is a software that helps manage and monitor UniFi networks (Wi-Fi, Ethernet, etc.) by providing an intuitive user interface and advanced features. It allows network administrators to configure, monitor, and upgrade network devices, as well as view network statistics, client devices, and historical events. The aim of the application is to make the management of UniFi networks easier and more efficient.",
-  "disable": true,
-  "disable_description": "This script is disabled because UniFi no longer delivers APT packages for Debian systems. The installation relies on APT repositories that are no longer maintained or available. For more details, see: https://github.com/community-scripts/ProxmoxVE/issues/11876",
-  "install_methods": [
-    {
-      "type": "default",
-      "script": "ct/unifi.sh",
-      "resources": {
-        "cpu": 2,
-        "ram": 2048,
-        "hdd": 8,
-        "os": "debian",
-        "version": "12"
-      }
-    }
-  ],
-  "default_credentials": {
-    "username": null,
-    "password": null
-  },
-  "notes": [
-    {
-      "text": "For non-AVX CPUs, MongoDB 4.4 is installed. Please note this is a legacy solution that may present security risks and could become unsupported in future updates.",
-      "type": "warning"
-    }
-  ]
-}

install/alpine-tinyauth-install.sh

@@ -36,9 +36,9 @@ msg_ok "Installed Tinyauth"
 read -r -p "${TAB3}Enter your Tinyauth subdomain (e.g. https://tinyauth.example.com): " app_url
 
 cat <<EOF >/opt/tinyauth/.env
-DATABASE_PATH=/opt/tinyauth/database.db
-USERS='${USER}'
-APP_URL=${app_url}
+TINYAUTH_DATABASE_PATH=/opt/tinyauth/database.db
+TINYAUTH_AUTH_USERS='${USER}'
+TINYAUTH_APPURL=${app_url}
 EOF
 
 msg_info "Creating Service"

install/cross-seed-install.sh

@@ -13,6 +13,10 @@ setting_up_container
 network_check
 update_os
 
+msg_info "Installing Dependencies"
+$STD apt install -y build-essential
+msg_ok "Installed Dependencies"
+
 NODE_VERSION="24" setup_nodejs
 
 msg_info "Setup Cross-Seed"

install/ddclient-install.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 mitchscobell
+# Author: mitchscobell
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://ddclient.net/
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing ddclient"
+DEBIAN_FRONTEND=noninteractive $STD apt -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install -y ddclient
+msg_ok "Installed ddclient"
+
+msg_info "Creating ddclient service"
+cat << EOF >/etc/ddclient.conf
+protocol=namecheap
+use=web, web=dynamicdns.park-your-domain.com/getip
+protocol=namecheap
+use=web, web=dynamicdns.park-your-domain.com/getip
+server=dynamicdns.park-your-domain.com
+login=yourdomain.com
+password='your-ddns-password'
+@,www
+EOF
+chmod 600 /etc/ddclient.conf
+systemctl enable -q --now ddclient
+msg_ok "Created ddclient service"
+
+motd_ssh
+customize
+cleanup_lxc

install/docmost-install.sh

@@ -26,6 +26,17 @@ fetch_and_deploy_gh_release "docmost" "docmost/docmost" "tarball"
 
 msg_info "Configuring Docmost (Patience)"
 cd /opt/docmost
+
+# Fix: Docmost EE (audit logs etc.) lives in a git submodule that is NOT
+# included in GitHub tarballs.  The community NoopAuditService exists but
+# is only exported by CoreModule – child modules such as UserModule cannot
+# resolve it.  Making CoreModule @Global() exposes the token app-wide.
+if [[ ! -f /opt/docmost/apps/server/src/ee/ee.module.ts ]] \
+  && ! grep -q '@Global()' /opt/docmost/apps/server/src/core/core.module.ts 2>/dev/null; then
+  sed -i '/^  Module,$/a\  Global,' /opt/docmost/apps/server/src/core/core.module.ts
+  sed -i '/^@Module({$/i @Global()' /opt/docmost/apps/server/src/core/core.module.ts
+fi
+
 mv .env.example .env
 mkdir data
 sed -i -e "s|APP_SECRET=.*|APP_SECRET=$(openssl rand -base64 32 | tr -dc 'a-zA-Z0-9' | cut -c1-32)|" \

install/fluid-calendar-install.sh

@@ -19,7 +19,7 @@ msg_ok "Installed Dependencies"
 
 PG_VERSION="17" setup_postgresql
 PG_DB_NAME="fluiddb" PG_DB_USER="fluiduser" setup_postgresql_db
-NODE_VERSION="20" setup_nodejs
+NODE_VERSION="24" setup_nodejs
 fetch_and_deploy_gh_release "fluid-calendar" "dotnetfactory/fluid-calendar" "tarball"
 
 msg_info "Configuring fluid-calendar"

install/gitea-mirror-install.sh

@@ -18,7 +18,8 @@ $STD apt install -y \
   build-essential \
   openssl \
   sqlite3 \
-  unzip
+  unzip \
+  git
 msg_ok "Installed Dependencies"
 
 msg_info "Installing Bun"

install/immich-install.sh

@@ -232,7 +232,7 @@ msg_ok "(2/5) Compiled libheif"
 msg_info "(3/5) Compiling libraw"
 SOURCE=${SOURCE_DIR}/libraw
 : "${LIBRAW_REVISION:=$(jq -cr '.revision' $BASE_DIR/server/sources/libraw.json)}"
-$STD git clone https://github.com/libraw/libraw.git "$SOURCE"
+$STD git clone https://github.com/LibRaw/LibRaw.git "$SOURCE"
 cd "$SOURCE"
 $STD git reset --hard "$LIBRAW_REVISION"
 $STD autoreconf --install

install/litellm-install.sh

@@ -20,24 +20,8 @@ $STD apt install -y \
 msg_ok "Installed Dependencies"
 
 PG_VERSION="17" setup_postgresql
-PYTHON_VERSION="3.13" setup_uv
-
-msg_info "Setting up PostgreSQL"
-DB_NAME="litellm_db"
-DB_USER="litellm"
-DB_PASS="$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | cut -c1-13)"
-$STD sudo -u postgres psql -c "CREATE ROLE $DB_USER WITH LOGIN PASSWORD '$DB_PASS';"
-$STD sudo -u postgres psql -c "CREATE DATABASE $DB_NAME WITH OWNER $DB_USER ENCODING 'UTF8' TEMPLATE template0;"
-$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET client_encoding TO 'utf8';"
-$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET default_transaction_isolation TO 'read committed';"
-$STD sudo -u postgres psql -c "ALTER ROLE $DB_USER SET timezone TO 'UTC';"
-{
-  echo "${APPLICATION} Credentials"
-  echo "Database Name: $DB_NAME"
-  echo "Database User: $DB_USER"
-  echo "Database Password: $DB_PASS"
-} >>~/litellm.creds
-msg_ok "Set up PostgreSQL"
+PG_DB_NAME="litellm_db" PG_DB_USER="litellm" setup_postgresql_db
+PYTHON_VERSION="3.13" USE_UVX="YES" setup_uv
 
 msg_info "Setting up Virtual Environment"
 mkdir -p /opt/litellm
@@ -53,10 +37,9 @@ mkdir -p /opt
 cat <<EOF >/opt/litellm/litellm.yaml
 general_settings:
   master_key: sk-1234
-  database_url: postgresql://$DB_USER:$DB_PASS@127.0.0.1:5432/$DB_NAME
+  database_url: postgresql://$PG_DB_USER:$PG_DB_PASS@127.0.0.1:5432/$PG_DB_NAME
   store_model_in_db: true
 EOF
-
 uv --directory=/opt/litellm run litellm --config /opt/litellm/litellm.yaml --use_prisma_db_push --skip_server_startup
 msg_ok "Configured LiteLLM"
 
@@ -73,7 +56,6 @@ Restart=always
 [Install]
 WantedBy=multi-user.target
 EOF
-
 systemctl enable -q --now litellm
 msg_ok "Created Service"
 

install/netbird-install.sh

@@ -0,0 +1,180 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: TechHutTV
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://netbird.io/
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing NetBird"
+setup_deb822_repo \
+	"netbird" \
+	"https://pkgs.netbird.io/debian/public.key" \
+	"https://pkgs.netbird.io/debian" \
+	"stable"
+$STD apt install -y netbird
+msg_ok "Installed NetBird"
+
+msg_info "Starting NetBird Service"
+systemctl enable -q --now netbird
+msg_ok "Started NetBird Service"
+
+echo ""
+echo ""
+echo -e "${BL}NetBird Deployment Type${CL}"
+echo "─────────────────────────────────────────"
+echo "Are you using NetBird Managed or Self-Hosted?"
+echo ""
+echo " 1) NetBird Managed (default) - Use NetBird's managed service"
+echo " 2) Self-Hosted - Use your own NetBird management server"
+echo ""
+
+read -r -p "${TAB3}Select deployment type [1]: " DEPLOYMENT_TYPE
+DEPLOYMENT_TYPE="${DEPLOYMENT_TYPE:-1}"
+
+NETBIRD_MGMT_URL=""
+case "$DEPLOYMENT_TYPE" in
+  1)
+    msg_ok "Using NetBird Managed service"
+    ;;
+  2)
+    echo ""
+    echo -e "${BL}Self-Hosted Configuration${CL}"
+    echo "─────────────────────────────────────────"
+    echo "Enter your NetBird management server URL."
+    echo "Example: https://management.example.com"
+    echo ""
+    read -r -p "Management URL: " NETBIRD_MGMT_URL
+
+    if [[ -z "$NETBIRD_MGMT_URL" ]]; then
+      msg_warn "No management URL provided. Run 'netbird up --management-url <url>' to connect."
+    else
+      NETBIRD_MGMT_URL="${NETBIRD_MGMT_URL%/}"
+      msg_ok "Management URL configured: ${NETBIRD_MGMT_URL}"
+    fi
+    ;;
+  *)
+    msg_warn "Invalid selection. Using NetBird Managed service."
+    ;;
+esac
+
+echo ""
+echo ""
+echo -e "${BL}NetBird Connection Setup${CL}"
+echo "─────────────────────────────────────────"
+echo "Choose how to connect to your NetBird network:"
+echo ""
+if [[ "$DEPLOYMENT_TYPE" == "1" ]]; then
+  echo " 1) Setup Key (default) - Use a pre-generated setup key"
+  echo " 2) SSO Login - Authenticate via browser with your identity provider"
+  echo " 3) Skip - Configure later with 'netbird up'"
+else
+  echo " 1) Setup Key (default) - Use a pre-generated setup key"
+  echo " 2) Skip - Configure later with 'netbird up'"
+fi
+echo ""
+
+read -r -p "Select authentication method [1]: " AUTH_METHOD
+AUTH_METHOD="${AUTH_METHOD:-1}"
+
+if [[ "$DEPLOYMENT_TYPE" == "1" ]]; then
+  case "$AUTH_METHOD" in
+    1)
+      echo ""
+      echo "Enter your NetBird setup key from the NetBird dashboard."
+      echo ""
+      read -r -p "Setup key: " NETBIRD_SETUP_KEY
+      echo ""
+
+      if [[ -z "$NETBIRD_SETUP_KEY" ]]; then
+        msg_warn "No setup key provided. Run 'netbird up -k <key>' to connect."
+      else
+        msg_info "Connecting to NetBird with setup key"
+        if $STD netbird up -k "$NETBIRD_SETUP_KEY"; then
+          msg_ok "Connected to NetBird"
+        else
+          msg_warn "Connection failed. Run 'netbird up -k <key>' to retry."
+        fi
+      fi
+      ;;
+    2)
+      echo ""
+      echo -e "${BL}SSO Authentication${CL}"
+      echo "─────────────────────────────────────────"
+      echo "A login URL will appear below."
+      echo "Copy the URL and open it in your browser to authenticate."
+      echo ""
+
+      msg_info "Starting SSO login"
+      netbird login 2>&1 || true
+      echo ""
+
+      msg_info "Connecting to NetBird"
+      if $STD netbird up; then
+        msg_ok "Connected to NetBird"
+      else
+        msg_warn "Connection failed. Run 'netbird up' to retry."
+      fi
+      ;;
+    3)
+      msg_ok "Skipped. Run 'netbird up' to connect."
+      ;;
+    *)
+      msg_warn "Invalid selection. Run 'netbird up' to connect."
+      ;;
+  esac
+else
+  case "$AUTH_METHOD" in
+    1)
+      echo ""
+      echo "Enter your NetBird setup key from the NetBird dashboard."
+      echo ""
+      read -r -p "Setup key: " NETBIRD_SETUP_KEY
+      echo ""
+
+      if [[ -z "$NETBIRD_SETUP_KEY" ]]; then
+        if [[ -z "$NETBIRD_MGMT_URL" ]]; then
+          msg_warn "No setup key provided. Run 'netbird up -k <key> --management-url <url>' to connect."
+        else
+          msg_warn "No setup key provided. Run 'netbird up -k <key> --management-url $NETBIRD_MGMT_URL' to connect."
+        fi
+      else
+        if [[ -z "$NETBIRD_MGMT_URL" ]]; then
+          msg_error "Management URL is required for self-hosted deployments. Please configure it first."
+        else
+          msg_info "Connecting to NetBird with setup key"
+          if $STD netbird up -k "$NETBIRD_SETUP_KEY" --management-url "$NETBIRD_MGMT_URL"; then
+            msg_ok "Connected to NetBird"
+          else
+            msg_warn "Connection failed. Run 'netbird up -k <key> --management-url $NETBIRD_MGMT_URL' to retry."
+          fi
+        fi
+      fi
+      ;;
+    2)
+      if [[ -z "$NETBIRD_MGMT_URL" ]]; then
+        msg_ok "Skipped. Run 'netbird up --management-url <url>' to connect."
+      else
+        msg_ok "Skipped. Run 'netbird up --management-url $NETBIRD_MGMT_URL' to connect."
+      fi
+      ;;
+    *)
+      if [[ -z "$NETBIRD_MGMT_URL" ]]; then
+        msg_warn "Invalid selection. Run 'netbird up --management-url <url>' to connect."
+      else
+        msg_warn "Invalid selection. Run 'netbird up --management-url $NETBIRD_MGMT_URL' to connect."
+      fi
+      ;;
+  esac
+fi
+
+motd_ssh
+customize
+cleanup_lxc

install/papra-install.sh

@@ -0,0 +1,79 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/papra-hq/papra
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  build-essential \
+  tesseract-ocr \
+  tesseract-ocr-all
+msg_ok "Installed Dependencies"
+
+RELEASE=$(curl -fsSL https://api.github.com/repos/papra-hq/papra/releases | grep -oP '"tag_name":\s*"\K@papra/app@[^"]+' | head -n1)
+fetch_and_deploy_gh_release "papra" "papra-hq/papra" "tarball" "${RELEASE}" "/opt/papra"
+
+pnpm_version=$(grep -oP '"packageManager":\s*"pnpm@\K[^"]+' /opt/papra/package.json)
+NODE_VERSION="24" NODE_MODULE="pnpm@$pnpm_version" setup_nodejs
+
+msg_info "Installing Papra (Patience)"
+cd /opt/papra
+$STD pnpm install --frozen-lockfile
+$STD pnpm --filter "@papra/app-client..." run build
+$STD pnpm --filter "@papra/app-server..." run build
+ln -sf /opt/papra/apps/papra-client/dist /opt/papra/apps/papra-server/public
+msg_ok "Installed Papra"
+
+msg_info "Configuring Papra"
+mkdir -p /opt/papra_data/{db,documents,ingestion}
+[[ ! -f /opt/papra_data/.secret ]] && openssl rand -hex 32 >/opt/papra_data/.secret
+cat <<EOF >/opt/papra/apps/papra-server/.env
+NODE_ENV=production
+SERVER_SERVE_PUBLIC_DIR=true
+PORT=1221
+DATABASE_URL=file:/opt/papra_data/db/db.sqlite
+DOCUMENT_STORAGE_FILESYSTEM_ROOT=/opt/papra_data/documents
+PAPRA_CONFIG_DIR=/opt/papra_data
+AUTH_SECRET=$(cat /opt/papra_data/.secret)
+BETTER_AUTH_SECRET=$(cat /opt/papra_data/.secret)
+BETTER_AUTH_TELEMETRY=0
+CLIENT_BASE_URL=http://${LOCAL_IP}:1221
+SERVER_BASE_URL=http://${LOCAL_IP}:1221
+EMAILS_DRY_RUN=true
+INGESTION_FOLDER_IS_ENABLED=true
+INGESTION_FOLDER_ROOT_PATH=/opt/papra_data/ingestion
+EOF
+msg_ok "Configured Papra"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/papra.service
+[Unit]
+Description=Papra Document Management
+After=network.target
+
+[Service]
+Type=simple
+WorkingDirectory=/opt/papra/apps/papra-server
+EnvironmentFile=/opt/papra/apps/papra-server/.env
+ExecStartPre=/usr/bin/pnpm run migrate:up
+ExecStart=/usr/bin/node dist/index.js
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now papra
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc

install/powerdns-install.sh

@@ -38,6 +38,12 @@ msg_info "Setting up PowerDNS"
 $STD apt install -y \
   pdns-server \
   pdns-backend-sqlite3
+sed -i 's/^launch=$/# launch=/' /etc/powerdns/pdns.conf
+rm -f /etc/powerdns/pdns.d/bind.conf
+cat <<EOF >/etc/powerdns/pdns.d/gsqlite3.conf
+launch=gsqlite3
+gsqlite3-database=/opt/poweradmin/powerdns.db
+EOF
 msg_ok "Setup PowerDNS"
 
 fetch_and_deploy_gh_release "poweradmin" "poweradmin/poweradmin" "tarball"
@@ -125,9 +131,13 @@ cat <<EOF >/etc/apache2/sites-enabled/poweradmin.conf
 </VirtualHost>
 EOF
 $STD a2enmod rewrite headers
-chown -R www-data:www-data /opt/poweradmin
-$STD systemctl restart apache2
-msg_info "Created Service"
+chown -R www-data:pdns /opt/poweradmin
+chmod 775 /opt/poweradmin
+chown pdns:pdns /opt/poweradmin/powerdns.db
+chmod 664 /opt/poweradmin/powerdns.db
+usermod -aG pdns www-data
+$STD systemctl restart pdns apache2
+msg_ok "Created Service"
 
 motd_ssh
 customize

install/stirling-pdf-install.sh

@@ -31,7 +31,7 @@ $STD apt install -y \
 msg_ok "Installed Dependencies"
 
 PYTHON_VERSION="3.12" setup_uv
-JAVA_VERSION="21" setup_java
+JAVA_VERSION="25" setup_java
 
 read -r -p "${TAB3}Do you want to use Stirling-PDF with Login? (no/n = without Login) [Y/n] " response
 response=${response,,} # Convert to lowercase

install/tianji-install.sh

@@ -27,6 +27,8 @@ PG_VERSION="17" setup_postgresql
 PG_DB_NAME="tianji_db" PG_DB_USER="tianji" setup_postgresql_db
 PYTHON_VERSION="3.13" setup_uv
 fetch_and_deploy_gh_release "tianji" "msgbyte/tianji" "tarball"
+TIANJI_SECRET=$(openssl rand -base64 256 | tr -dc 'A-Za-z' | head -c 64)
+echo "Tianji Secret: $TIANJI_SECRET" >>~/tianji.creds
 
 msg_info "Setting up Tianji"
 cd /opt/tianji

install/tinyauth-install.sh

@@ -0,0 +1,62 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk (CanbiZ)
+# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
+# Source: https://github.com/steveiliop56/tinyauth
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  openssl \
+  apache2-utils
+msg_ok "Installed Dependencies"
+
+fetch_and_deploy_gh_release "tinyauth" "steveiliop56/tinyauth" "singlefile" "latest" "/opt/tinyauth" "tinyauth-amd64"
+
+msg_info "Setting up Tinyauth"
+PASS=$(openssl rand -base64 8 | tr -dc 'a-zA-Z0-9' | head -c 8)
+USER=$(htpasswd -Bbn "tinyauth" "${PASS}")
+cat <<EOF >/opt/tinyauth/credentials.txt
+Tinyauth Credentials
+Username: tinyauth
+Password: ${PASS}
+EOF
+msg_ok "Set up Tinyauth"
+
+read -r -p "${TAB3}Enter your Tinyauth subdomain (e.g. https://tinyauth.example.com): " app_url
+
+msg_info "Creating Service"
+cat <<EOF >/opt/tinyauth/.env
+TINYAUTH_DATABASE_PATH=/opt/tinyauth/database.db
+TINYAUTH_AUTH_USERS='${USER}'
+TINYAUTH_APPURL=${app_url}
+EOF
+cat <<EOF >/etc/systemd/system/tinyauth.service
+[Unit]
+Description=Tinyauth Service
+After=network.target
+
+[Service]
+Type=simple
+EnvironmentFile=/opt/tinyauth/.env
+ExecStart=/opt/tinyauth/tinyauth
+WorkingDirectory=/opt/tinyauth
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now tinyauth
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc

install/unifi-install.sh

@@ -1,53 +0,0 @@
-#!/usr/bin/env bash
-
-# Copyright (c) 2021-2026 tteck
-# Author: tteck (tteckster)
-# License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
-# Source: https://ui.com/download/unifi
-
-source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
-color
-verb_ip6
-catch_errors
-setting_up_container
-network_check
-update_os
-
-msg_info "Installing Dependencies"
-$STD apt install -y apt-transport-https
-curl -fsSL "https://dl.ui.com/unifi/unifi-repo.gpg" -o "/usr/share/keyrings/unifi-repo.gpg"
-cat <<EOF | sudo tee /etc/apt/sources.list.d/100-ubnt-unifi.sources >/dev/null
-Types: deb
-URIs: https://www.ui.com/downloads/unifi/debian
-Suites: stable
-Components: ubiquiti
-Architectures: amd64
-Signed-By: /usr/share/keyrings/unifi-repo.gpg
-EOF
-$STD apt update
-msg_ok "Installed Dependencies"
-
-JAVA_VERSION="21" setup_java
-
-if lscpu | grep -q 'avx'; then
-  MONGO_VERSION="8.0" setup_mongodb
-else
-  msg_error "No AVX detected (CPU-Flag)! We have discontinued support for this. You are welcome to try it manually with a Debian LXC, but due to the many issues with Unifi, we currently only support AVX CPUs."
-  exit 10
-fi
-
-if ! dpkg -l | grep -q 'libssl1.1'; then
-  msg_info "Installing libssl (if needed)"
-  curl -fsSL "https://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl1.1_1.1.1w-0+deb11u4_amd64.deb" -o "/tmp/libssl.deb"
-  $STD dpkg -i /tmp/libssl.deb
-  rm -f /tmp/libssl.deb
-  msg_ok "Installed libssl1.1"
-fi
-
-msg_info "Installing UniFi Network Server"
-$STD apt install -y unifi
-msg_ok "Installed UniFi Network Server"
-
-motd_ssh
-customize
-cleanup_lxc

misc/build.func

@@ -1032,8 +1032,8 @@ load_vars_file() {
   local VAR_WHITELIST=(
     var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu var_keyctl
     var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
-    var_net var_nesting var_ns var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
-    var_verbose var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
+    var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
+    var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage var_searchdomain
   )
 
   # Whitelist check helper
@@ -1214,8 +1214,8 @@ default_var_settings() {
   local VAR_WHITELIST=(
     var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu var_keyctl
     var_gateway var_hostname var_ipv6_method var_mac var_mknod var_mount_fs var_mtu
-    var_net var_nesting var_ns var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
-    var_verbose var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
+    var_net var_nesting var_ns var_os var_protection var_pw var_ram var_tags var_timezone var_tun var_unprivileged
+    var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
   )
 
   # Snapshot: environment variables (highest precedence)
@@ -1376,8 +1376,8 @@ if ! declare -p VAR_WHITELIST >/dev/null 2>&1; then
   declare -ag VAR_WHITELIST=(
     var_apt_cacher var_apt_cacher_ip var_brg var_cpu var_disk var_fuse var_gpu
     var_gateway var_hostname var_ipv6_method var_mac var_mtu
-    var_net var_ns var_pw var_ram var_tags var_tun var_unprivileged
-    var_verbose var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
+    var_net var_ns var_os var_pw var_ram var_tags var_tun var_unprivileged
+    var_verbose var_version var_vlan var_ssh var_ssh_authorized_key var_container_storage var_template_storage
   )
 fi
 
@@ -1549,6 +1549,8 @@ _build_current_app_vars_tmp() {
     echo "# Generated on $(date -u '+%Y-%m-%dT%H:%M:%SZ')"
     echo
 
+    echo "var_os=$(_sanitize_value "${var_os:-}")"
+    echo "var_version=$(_sanitize_value "${var_version:-}")"
     echo "var_unprivileged=$(_sanitize_value "$_unpriv")"
     echo "var_cpu=$(_sanitize_value "$_cpu")"
     echo "var_ram=$(_sanitize_value "$_ram")"
@@ -3617,7 +3619,7 @@ build_container() {
 $PCT_OPTIONS_STRING"
   fi
 
-  # Add storage if specified
+  # Add searchdomain if specified
   if [ -n "$SD" ]; then
     PCT_OPTIONS_STRING="$PCT_OPTIONS_STRING
   $SD"
@@ -4222,6 +4224,7 @@ EOF'
     local is_network_issue=false
     local is_apt_issue=false
     local is_cmd_not_found=false
+    local is_disk_full=false
     local error_explanation=""
     if declare -f explain_exit_code >/dev/null 2>&1; then
       error_explanation="$(explain_exit_code "$install_exit_code")"
@@ -4242,6 +4245,14 @@ EOF'
       ;;
     esac
 
+    # Disk full / ENOSPC detection: errno -28 (ENOSPC), exit 228 (custom handler), exit 23 (curl write error)
+    if [[ $install_exit_code -eq 228 || $install_exit_code -eq 23 ]]; then
+      is_disk_full=true
+    fi
+    if [[ -f "$combined_log" ]] && grep -qiE 'ENOSPC|no space left on device|No space left on device|Disk quota exceeded|errno -28' "$combined_log"; then
+      is_disk_full=true
+    fi
+
     # Command not found detection
     if [[ $install_exit_code -eq 127 ]]; then
       is_cmd_not_found=true
@@ -4278,6 +4289,9 @@ EOF'
       if grep -qiE ': command not found|No such file or directory.*/s?bin/' "$combined_log"; then
         is_cmd_not_found=true
       fi
+      if grep -qiE 'ENOSPC|no space left on device|Disk quota exceeded|errno -28' "$combined_log"; then
+        is_disk_full=true
+      fi
     fi
 
     # Show error explanation if available
@@ -4299,6 +4313,12 @@ EOF'
       echo ""
     fi
 
+    if [[ "$is_disk_full" == true ]]; then
+      echo -e "${TAB}${INFO} The container ran out of disk space during installation (${GN}ENOSPC${CL})."
+      echo -e "${TAB}${INFO} Current disk size: ${GN}${DISK_SIZE} GB${CL}. A rebuild with doubled disk may resolve this."
+      echo ""
+    fi
+
     if [[ "$is_cmd_not_found" == true ]]; then
       local missing_cmd=""
       if [[ -f "$combined_log" ]]; then
@@ -4318,7 +4338,7 @@ EOF'
     echo -e "  ${GN}3)${CL} Retry with verbose mode (full rebuild)"
 
     local next_option=4
-    local APT_OPTION="" OOM_OPTION="" DNS_OPTION=""
+    local APT_OPTION="" OOM_OPTION="" DNS_OPTION="" DISK_OPTION=""
 
     if [[ "$is_apt_issue" == true ]]; then
       if [[ "$var_os" == "alpine" ]]; then
@@ -4343,6 +4363,18 @@ EOF'
       fi
     fi
 
+    if [[ "$is_disk_full" == true ]]; then
+      local disk_recovery_attempt="${DISK_RECOVERY_ATTEMPT:-0}"
+      if [[ $disk_recovery_attempt -lt 2 ]]; then
+        local new_disk=$((DISK_SIZE * 2))
+        echo -e "  ${GN}${next_option})${CL} Retry with more disk space (Disk: ${DISK_SIZE}→${new_disk} GB)"
+        DISK_OPTION=$next_option
+        next_option=$((next_option + 1))
+      else
+        echo -e "  ${DGN}-)${CL} ${DGN}Disk resize retry exhausted (already retried ${disk_recovery_attempt}x)${CL}"
+      fi
+    fi
+
     if [[ "$is_network_issue" == true ]]; then
       echo -e "  ${GN}${next_option})${CL} Retry with DNS override in LXC (8.8.8.8 / 1.1.1.1)"
       DNS_OPTION=$next_option
@@ -4503,6 +4535,35 @@ EOF'
           return $?
         fi
 
+        if [[ -n "${DISK_OPTION}" && "${response}" == "${DISK_OPTION}" ]]; then
+          # Retry with doubled disk size
+          handled=true
+          echo -e "\n${TAB}${HOLD}${YW}Removing container ${CTID} for rebuild with more disk space...${CL}"
+          pct stop "$CTID" &>/dev/null || true
+          pct destroy "$CTID" &>/dev/null || true
+          echo -e "${BFR}${CM}${GN}Container ${CTID} removed${CL}"
+          echo ""
+          local old_ctid="$CTID"
+          local old_disk="$DISK_SIZE"
+          export CTID=$(get_valid_container_id "$CTID")
+          export DISK_SIZE=$((DISK_SIZE * 2))
+          export var_disk="$DISK_SIZE"
+          export VERBOSE="yes"
+          export var_verbose="yes"
+          export DISK_RECOVERY_ATTEMPT=$((${DISK_RECOVERY_ATTEMPT:-0} + 1))
+
+          echo -e "${YW}Rebuilding with increased disk space (attempt ${DISK_RECOVERY_ATTEMPT}/2):${CL}"
+          echo -e "  Container ID: ${old_ctid} → ${CTID}"
+          echo -e "  Disk: ${old_disk} → ${GN}${DISK_SIZE}${CL} GB (x2)"
+          echo -e "  RAM: ${RAM_SIZE} MiB | CPU: ${CORE_COUNT} cores"
+          echo -e "  Network: ${NET:-dhcp} | Bridge: ${BRG:-vmbr0}"
+          echo -e "  Verbose: ${GN}enabled${CL}"
+          echo ""
+          msg_info "Restarting installation..."
+          build_container
+          return $?
+        fi
+
         if [[ -n "${DNS_OPTION}" && "${response}" == "${DNS_OPTION}" ]]; then
           # Retry with DNS override in LXC
           handled=true

misc/tools.func

@@ -6500,14 +6500,13 @@ function setup_postgresql() {
   local SUITE
   case "$DISTRO_CODENAME" in
   trixie | forky | sid)
-
     if verify_repo_available "https://apt.postgresql.org/pub/repos/apt" "trixie-pgdg"; then
       SUITE="trixie-pgdg"
-
     else
-      SUITE="bookworm-pgdg"
+      msg_warn "PGDG repo not available for ${DISTRO_CODENAME}, falling back to distro packages"
+      USE_PGDG_REPO=false setup_postgresql
+      return $?
     fi
-
     ;;
   *)
     SUITE=$(get_fallback_suite "$DISTRO_ID" "$DISTRO_CODENAME" "https://apt.postgresql.org/pub/repos/apt")

vm/opnsense-vm.sh

@@ -105,7 +105,15 @@ function check_disk_space() {
   return 0
 }
 
-TEMP_DIR=$(mktemp -d)
+# Use disk-backed temp directory to avoid tmpfs/RAM size limits in /tmp
+if [ -d "/var/tmp" ] && check_disk_space "/var/tmp" 20; then
+  TEMP_DIR=$(mktemp -d /var/tmp/opnsense-vm.XXXXXX)
+elif [ -d "/tmp" ] && check_disk_space "/tmp" 20; then
+  TEMP_DIR=$(mktemp -d)
+else
+  # Fallback: try /var/tmp anyway, disk space check will catch it later
+  TEMP_DIR=$(mktemp -d /var/tmp/opnsense-vm.XXXXXX)
+fi
 pushd $TEMP_DIR >/dev/null
 function send_line_to_vm() {
   echo -e "${DGN}Sending line: ${YW}$1${CL}"
@@ -260,6 +268,10 @@ function exit-script() {
   exit
 }
 
+function get_available_bridges() {
+  ip -o link show type bridge 2>/dev/null | awk -F': ' '{print $2}' | sort
+}
+
 function default_settings() {
   VMID=$(get_valid_nextid)
   FORMAT=",efitype=4m"
@@ -279,11 +291,17 @@ function default_settings() {
   VLAN=""
   MAC=$GEN_MAC
   WAN_MAC=$GEN_MAC_LAN
-  WAN_BRG="vmbr1"
+  WAN_BRG=""
   MTU=""
   START_VM="yes"
   METHOD="default"
 
+  # Detect available bridges
+  local AVAILABLE_BRIDGES
+  AVAILABLE_BRIDGES=$(get_available_bridges)
+  local BRIDGE_COUNT
+  BRIDGE_COUNT=$(echo "$AVAILABLE_BRIDGES" | wc -l)
+
   echo -e "${DGN}Using Virtual Machine ID: ${BGN}${VMID}${CL}"
   echo -e "${DGN}Using Hostname: ${BGN}${HN}${CL}"
   echo -e "${DGN}Allocated Cores: ${BGN}${CORE_COUNT}${CL}"
@@ -297,26 +315,34 @@ function default_settings() {
   echo -e "${DGN}Using LAN VLAN: ${BGN}Default${CL}"
   echo -e "${DGN}Using LAN MAC Address: ${BGN}${MAC}${CL}"
 
-  if NETWORK_MODE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "NETWORK CONFIGURATION" --radiolist --cancel-button Exit-Script \
-    "Choose network setup mode for OPNsense:\n" 14 70 2 \
-    "dual" "Dual Interface (Traditional Firewall/Router)" ON \
-    "single" "Single Interface (Proxy/VPN/IDS Server)" OFF \
-    3>&1 1>&2 2>&3); then
-    if [ "$NETWORK_MODE" = "dual" ]; then
-      echo -e "${DGN}Network Mode: ${BGN}Dual Interface (Firewall)${CL}"
-      echo -e "${DGN}Using WAN MAC Address: ${BGN}${WAN_MAC}${CL}"
-      if ! ip link show "${WAN_BRG}" &>/dev/null; then
-        msg_error "Bridge '${WAN_BRG}' does not exist"
-        exit
-      else
+  # Determine available network modes based on bridge count
+  local DEFAULT_WAN_BRG
+  DEFAULT_WAN_BRG=$(echo "$AVAILABLE_BRIDGES" | grep -v "^${BRG}$" | head -n1)
+
+  if [ "$BRIDGE_COUNT" -ge 2 ]; then
+    # Multiple bridges available - offer dual or single mode
+    if NETWORK_MODE=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "NETWORK CONFIGURATION" --radiolist --cancel-button Exit-Script \
+      "Choose network setup mode for OPNsense:\n" 14 70 2 \
+      "dual" "Dual Interface (Firewall/Router) - uses ${DEFAULT_WAN_BRG}" ON \
+      "single" "Single Interface (Proxy/VPN/IDS Server)" OFF \
+      3>&1 1>&2 2>&3); then
+      if [ "$NETWORK_MODE" = "dual" ]; then
+        WAN_BRG="$DEFAULT_WAN_BRG"
+        echo -e "${DGN}Network Mode: ${BGN}Dual Interface (Firewall)${CL}"
         echo -e "${DGN}Using WAN Bridge: ${BGN}${WAN_BRG}${CL}"
+        echo -e "${DGN}Using WAN MAC Address: ${BGN}${WAN_MAC}${CL}"
+      else
+        echo -e "${DGN}Network Mode: ${BGN}Single Interface (Proxy/VPN/IDS)${CL}"
+        WAN_BRG=""
       fi
     else
-      echo -e "${DGN}Network Mode: ${BGN}Single Interface (Proxy/VPN/IDS)${CL}"
-      WAN_BRG=""
+      exit-script
     fi
   else
-    exit-script
+    # Only one bridge available - single interface mode only
+    echo -e "${DGN}Network Mode: ${BGN}Single Interface (Proxy/VPN/IDS)${CL}"
+    echo -e "${YW}  (Only one bridge detected, dual interface requires a second bridge)${CL}"
+    WAN_BRG=""
   fi
   echo -e "${DGN}Using Interface MTU Size: ${BGN}Default${CL}"
   echo -e "${DGN}Start VM when completed: ${BGN}yes${CL}"
@@ -470,13 +496,29 @@ function advanced_settings() {
     exit-script
   fi
 
-  if WAN_BRG=$(whiptail --backtitle "Proxmox VE Helper Scripts" --inputbox "Set a WAN Bridge" 8 58 vmbr1 --title "WAN BRIDGE" --cancel-button Exit-Script 3>&1 1>&2 2>&3); then
-    if [ -z $WAN_BRG ]; then
-      WAN_BRG="vmbr1"
+  # Build WAN bridge selection from available bridges (excluding LAN bridge)
+  local WAN_BRIDGES
+  WAN_BRIDGES=$(get_available_bridges | grep -v "^${BRG}$")
+  if [ -z "$WAN_BRIDGES" ]; then
+    msg_error "No additional bridge available for WAN. Only '${BRG}' exists."
+    msg_error "Create a second bridge (e.g. vmbr1) in Proxmox network config first."
+    exit
+  fi
+  local WAN_MENU=()
+  local first=true
+  while IFS= read -r brg; do
+    if $first; then
+      WAN_MENU+=("$brg" "" "ON")
+      first=false
+    else
+      WAN_MENU+=("$brg" "" "OFF")
     fi
-    if ! ip link show "${WAN_BRG}" &>/dev/null; then
-      msg_error "WAN Bridge '${WAN_BRG}' does not exist"
-      exit
+  done <<<"$WAN_BRIDGES"
+
+  if WAN_BRG=$(whiptail --backtitle "Proxmox VE Helper Scripts" --title "WAN BRIDGE" --radiolist "Select WAN Bridge" 14 58 6 \
+    "${WAN_MENU[@]}" 3>&1 1>&2 2>&3); then
+    if [ -z "$WAN_BRG" ]; then
+      WAN_BRG=$(echo "$WAN_BRIDGES" | head -n1)
     fi
     echo -e "${DGN}Using WAN Bridge: ${BGN}$WAN_BRG${CL}"
   else