Update add-iptag.json

Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

.github/autolabeler-config.json

@@ -121,5 +121,32 @@
       ],
       "excludeGlobs": []
     }
+  ],
+  "addon": [
+    {
+      "fileStatus": null,
+      "includeGlobs": [
+        "tools/addon/**"
+      ],
+      "excludeGlobs": []
+    }
+  ],
+  "pve-tool": [
+    {
+      "fileStatus": null,
+      "includeGlobs": [
+        "tools/pve/**"
+      ],
+      "excludeGlobs": []
+    }
+  ],
+  "vm": [
+    {
+      "fileStatus": null,
+      "includeGlobs": [
+        "vm/**"
+      ],
+      "excludeGlobs": []
+    }
   ]
 }

.github/workflows/autolabeler.yml

@@ -19,7 +19,7 @@ jobs:
 
       - name: Install dependencies
         run: npm install minimatch
-      
+
       - name: Label PR based on file changes and PR template
         uses: actions/github-script@v7
         with:
@@ -43,51 +43,51 @@ jobs:
               pull_number: prNumber,
             });
             const prFiles = prListFilesResponse.data;
-           
 
-          
-            // Apply labels based on file changes
             for (const [label, rules] of Object.entries(autolabelerConfig)) {
               const shouldAddLabel = prFiles.some((prFile) => {
                 return rules.some((rule) => {
                   const isFileStatusMatch = rule.fileStatus ? rule.fileStatus === prFile.status : true;
                   const isIncludeGlobMatch = rule.includeGlobs.some((glob) => minimatch(prFile.filename, glob));
                   const isExcludeGlobMatch = rule.excludeGlobs.some((glob) => minimatch(prFile.filename, glob));
-
                   return isFileStatusMatch && isIncludeGlobMatch && !isExcludeGlobMatch;
                 });
               });
 
               if (shouldAddLabel) {
                 labelsToAdd.add(label);
+                if (label === "update script") {
+                  for (const prFile of prFiles) {
+                    const filename = prFile.filename;
+                    if (filename.startsWith("vm/")) labelsToAdd.add("vm");
+                    if (filename.startsWith("tools/addon/")) labelsToAdd.add("addon");
+                    if (filename.startsWith("tools/pve/")) labelsToAdd.add("pve-tool");
+                  }
+                }
               }
             }
-            //if two labels or more are added, return
-              if (labelsToAdd.size < 2) {
-                const templateLabelMappings = {
+
+            if (labelsToAdd.size < 2) {
+              const templateLabelMappings = {
                 "🐞 **Bug fix**": "bugfix",
                 "✨ **New feature**": "feature",
                 "💥 **Breaking change**": "breaking change",
+                "🆕 **New script**": "new script",
+                "🌍 **Website update**": "website",
                 "🔧 **Refactoring / Code Cleanup**": "refactor",
+                "📝 **Documentation update**": "documentation"
               };
 
               for (const [checkbox, label] of Object.entries(templateLabelMappings)) {
-                const escapedCheckbox = checkbox.replace(/([.*+?^=!:${}()|\[\]\/\\])/g, "\\$1");
-                const regex = new RegExp(`- \\[(x|X)\\]\\s*.*${escapedCheckbox}`, "i");
-                const match = prBody.match(regex);              
-                if (match) {
-                  console.log(`Match: ${match}`);
+                const escapedCheckbox = checkbox.replace(/([.*+?^=!:${}()|[\]\/\\])/g, "\\$1");
+                const regex = new RegExp(`- \[(x|X)\]\s*.*${escapedCheckbox}`, "i");
+                if (regex.test(prBody)) {
                   labelsToAdd.add(label);
                 }
               }
             }
 
-            
-            
-            console.log(`Labels to add: ${Array.from(labelsToAdd).join(", ")}`);
-
             if (labelsToAdd.size > 0) {
-              console.log(`Adding labels ${Array.from(labelsToAdd).join(", ")} to PR ${prNumber}`);
               await github.rest.issues.addLabels({
                 owner: context.repo.owner,
                 repo: context.repo.repo,

CHANGELOG.md

@@ -16,6 +16,22 @@ All LXC instances created using this repository come pre-installed with Midnight
 
 ## 2025-07-07
 
+### 🚀 Updated Scripts
+
+  - #### 🐞 Bug Fixes
+
+    - Bookstack: Fix PHP Issue & Bump to PHP 8.3 [@MickLesk](https://github.com/MickLesk) ([#5779](https://github.com/community-scripts/ProxmoxVE/pull/5779))
+
+  - #### ✨ New Features
+
+    - tools.func: better handling when unpacking tarfiles in prebuild mode [@MickLesk](https://github.com/MickLesk) ([#5781](https://github.com/community-scripts/ProxmoxVE/pull/5781))
+    - tools.func: add AVX check for MongoDB [@MickLesk](https://github.com/MickLesk) ([#5780](https://github.com/community-scripts/ProxmoxVE/pull/5780))
+
+  - #### 🔧 Refactor
+
+    - Refactor: Baby Buddy [@tremor021](https://github.com/tremor021) ([#5769](https://github.com/community-scripts/ProxmoxVE/pull/5769))
+    - Refactor: Changed the way we install BunkerWeb by leveraging the brand new install-bunkerweb.sh [@TheophileDiot](https://github.com/TheophileDiot) ([#5707](https://github.com/community-scripts/ProxmoxVE/pull/5707))
+
 ### 🌐 Website
 
   - #### 📝 Script Information

ct/babybuddy.sh

@@ -29,7 +29,7 @@ function update_script() {
   fi
 
   RELEASE=$(curl -fsSL https://api.github.com/repos/babybuddy/babybuddy/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
-  if [[ ! -f /opt/${APP}_version.txt ]] || [[ "${RELEASE}" != "$(cat /opt/babybuddy_version.txt)" ]]; then
+  if [[ "${RELEASE}" != "$(cat ~/.babybuddy 2>/dev/null)" ]] || [[ ! -f ~/.babybuddy ]]; then
     setup_uv
 
     msg_info "Stopping Services"
@@ -42,17 +42,14 @@ function update_script() {
     find . -mindepth 1 -maxdepth 1 ! -name '.venv' -exec rm -rf {} +
     msg_ok "Cleaned old files"
 
+    fetch_and_deploy_gh_release "babybuddy" "babybuddy/babybuddy"
+
     msg_info "Updating ${APP} to v${RELEASE}"
-    temp_file=$(mktemp)
-    curl -fsSL "https://github.com/babybuddy/babybuddy/archive/refs/tags/v${RELEASE}.tar.gz" -o "$temp_file"
     cd /opt/babybuddy
-    tar zxf "$temp_file" --strip-components=1 -C /opt/babybuddy
     mv /tmp/production.py.bak babybuddy/settings/production.py
-    cd /opt/babybuddy
     source .venv/bin/activate
     $STD uv pip install -r requirements.txt
     $STD python manage.py migrate
-    echo "${RELEASE}" >/opt/${APP}_version.txt
     msg_ok "Updated ${APP} to v${RELEASE}"
 
     msg_info "Fixing permissions"
@@ -66,9 +63,6 @@ function update_script() {
     systemctl start nginx
     msg_ok "Services Started"
 
-    msg_info "Cleaning up"
-    rm -f "$temp_file"
-    msg_ok "Cleaned"
     msg_ok "Updated Successfully"
   else
     msg_ok "No update required. ${APP} is already at v${RELEASE}"

ct/bookstack.sh

@@ -39,6 +39,7 @@ function update_script() {
     msg_ok "Backup finished"
 
     fetch_and_deploy_gh_release "bookstack" "BookStackApp/BookStack"
+    PHP_MODULE="ldap,tidy,bz2,mysqli" PHP_FPM="YES" PHP_APACHE="YES" PHP_VERSION="8.3" setup_php
 
     msg_info "Restoring backup"
     cp /opt/bookstack-backup/.env /opt/bookstack/.env

ct/bunkerweb.sh

@@ -37,8 +37,8 @@ Pin: version ${RELEASE}
 Pin-Priority: 1001
 EOF
     apt-get update
-    apt-get install -y nginx=1.26.3*
-    apt-get install -y bunkerweb=${RELEASE}
+    apt-mark unhold bunkerweb nginx
+    apt-get install -y --allow-downgrades bunkerweb=${RELEASE}
     echo "${RELEASE}" >/opt/${APP}_version.txt
     msg_ok "Updated ${APP} to ${RELEASE}"
 

frontend/public/json/add-iptag.json

@@ -37,12 +37,16 @@
       "type": "info"
     },
     {
-      "text": "Configuration: `nano /opt/iptag/iptag.conf`. iptag.service must be restarted after change.",
+      "text": "Configuration: `nano /opt/iptag/iptag.conf`. iptag Service must be restarted after change. See here for full documentation: `https://github.com/community-scripts/ProxmoxVE/discussions/5790`",
       "type": "info"
     },
     {
       "text": "The Proxmox Node must contain ipcalc and net-tools. `apt-get install -y ipcalc net-tools`",
       "type": "warning"
+    },
+    {
+      "text": "You can execute the ip tool manually with `iptag-run`",
+      "type": "info"
     }
   ]
 }

frontend/public/json/bunkerweb.json

@@ -31,5 +31,10 @@
     "username": null,
     "password": null
   },
-  "notes": []
+  "notes": [
+    {
+      "text": "WARNING: Installation sources scripts outside of Community Scripts repo. Please check the source before installing.",
+      "type": "warning"
+    }
+  ]
 }

install/babybuddy-install.sh

@@ -24,13 +24,10 @@ $STD apt-get install -y \
 msg_ok "Installed Dependencies"
 
 setup_uv
+fetch_and_deploy_gh_release "babybuddy" "babybuddy/babybuddy"
 
 msg_info "Installing Babybuddy"
-RELEASE=$(curl -fsSL https://api.github.com/repos/babybuddy/babybuddy/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
-temp_file=$(mktemp)
-mkdir -p /opt/{babybuddy,data}
-curl -fsSL "https://github.com/babybuddy/babybuddy/archive/refs/tags/v${RELEASE}.tar.gz" -o "$temp_file"
-tar zxf "$temp_file" --strip-components=1 -C /opt/babybuddy
+mkdir -p /opt/data
 cd /opt/babybuddy
 $STD uv venv .venv
 $STD source .venv/bin/activate
@@ -102,7 +99,6 @@ motd_ssh
 customize
 
 msg_info "Cleaning up"
-rm -f "$temp_file"
 $STD apt-get -y autoremove
 $STD apt-get -y autoclean
 msg_ok "Cleaned"

install/bookstack-install.sh

@@ -19,7 +19,8 @@ $STD apt-get install -y \
   make
 msg_ok "Installed Dependencies"
 
-PHP_MODULE="fpm, ldap, tidy, bz2, mysql" PHP_FPM="YES" PHP_APACHE="YES" PHP_VERSION="8.2" setup_php
+PHP_MODULE="ldap,tidy,bz2,mysqli" PHP_FPM="YES" PHP_APACHE="YES" PHP_VERSION="8.3" setup_php
+
 setup_composer
 setup_mariadb
 

install/bunkerweb-install.sh

@@ -18,19 +18,12 @@ $STD apt-get install -y apt-transport-https
 $STD apt-get install -y lsb-release
 msg_ok "Installed Dependencies"
 
-msg_info "Installing Nginx"
-curl -fsSL "https://nginx.org/keys/nginx_signing.key" | gpg --dearmor >/usr/share/keyrings/nginx-archive-keyring.gpg
-echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian $(lsb_release -cs) nginx" >/etc/apt/sources.list.d/nginx.list
-$STD apt-get update
-$STD apt-get install -y nginx=1.26.3*
-msg_ok "Installed Nginx"
-
 RELEASE=$(curl -fsSL https://api.github.com/repos/bunkerity/bunkerweb/releases/latest | grep "tag_name" | awk '{print substr($2, 3, length($2)-4) }')
 msg_info "Installing BunkerWeb v${RELEASE} (Patience)"
-curl -fsSL "https://repo.bunkerweb.io/bunkerity/bunkerweb/gpgkey" | gpg --dearmor >/etc/apt/keyrings/bunkerity_bunkerweb-archive-keyring.gpg
-echo "deb [signed-by=/etc/apt/keyrings/bunkerity_bunkerweb-archive-keyring.gpg] https://repo.bunkerweb.io/bunkerity/bunkerweb/debian/ bookworm main" >/etc/apt/sources.list.d/bunkerity_bunkerweb.list
-$STD apt-get update
-$STD apt-get install -y bunkerweb=${RELEASE}
+curl -fsSL -o install-bunkerweb.sh https://github.com/bunkerity/bunkerweb/raw/v${RELEASE}/misc/install-bunkerweb.sh
+chmod +x install-bunkerweb.sh
+$STD ./install-bunkerweb.sh --yes
+$STD apt-mark unhold bunkerweb nginx
 cat <<EOF >/etc/apt/preferences.d/bunkerweb
 Package: bunkerweb
 Pin: version ${RELEASE}

misc/tools.func

@@ -434,6 +434,13 @@ function setup_php() {
     $STD apt-get update
   fi
 
+  for pkg in $MODULE_LIST; do
+    if ! apt-cache show "$pkg" >/dev/null 2>&1; then
+      msg_error "Package not found: $pkg"
+      exit 1
+    fi
+  done
+
   local MODULE_LIST="php${PHP_VERSION}"
   IFS=',' read -ra MODULES <<<"$COMBINED_MODULES"
   for mod in "${MODULES[@]}"; do
@@ -443,6 +450,10 @@ function setup_php() {
   if [[ "$PHP_FPM" == "YES" ]]; then
     MODULE_LIST+=" php${PHP_VERSION}-fpm"
   fi
+  if [[ "$PHP_APACHE" == "YES" ]]; then
+    $STD apt-get install -y apache2
+    $STD systemctl restart apache2 || true
+  fi
 
   if [[ "$PHP_APACHE" == "YES" ]] && [[ -n "$CURRENT_PHP" ]]; then
     if [[ -f /etc/apache2/mods-enabled/php${CURRENT_PHP}.load ]]; then
@@ -458,10 +469,6 @@ function setup_php() {
   $STD apt-get install -y $MODULE_LIST
   msg_ok "Setup PHP $PHP_VERSION"
 
-  if [[ "$PHP_APACHE" == "YES" ]]; then
-    $STD systemctl restart apache2 || true
-  fi
-
   if [[ "$PHP_FPM" == "YES" ]]; then
     $STD systemctl enable php${PHP_VERSION}-fpm
     $STD systemctl restart php${PHP_VERSION}-fpm
@@ -651,6 +658,15 @@ function setup_mongodb() {
   DISTRO_ID=$(awk -F= '/^ID=/{ gsub(/"/,"",$2); print $2 }' /etc/os-release)
   DISTRO_CODENAME=$(awk -F= '/^VERSION_CODENAME=/{ print $2 }' /etc/os-release)
 
+  # Check AVX support
+  if ! grep -qm1 'avx[^ ]*' /proc/cpuinfo; then
+    local major="${MONGO_VERSION%%.*}"
+    if ((major > 5)); then
+      msg_error "MongoDB ${MONGO_VERSION} requires AVX support, which is not available on this system."
+      return 1
+    fi
+  fi
+
   case "$DISTRO_ID" in
   ubuntu)
     MONGO_BASE_URL="https://repo.mongodb.org/apt/ubuntu"
@@ -941,7 +957,11 @@ function fetch_and_deploy_gh_release() {
       fi
       $STD unzip "$tmpdir/$filename" -d "$target"
     elif [[ "$filename" == *.tar.* ]]; then
-      tar --strip-components=1 -xf "$tmpdir/$filename" -C "$target"
+      if tar -tf "$tmpdir/$filename" | grep -qE '^([^/]+/){2}'; then
+        tar --strip-components=1 -xf "$tmpdir/$filename" -C "$target"
+      else
+        tar -xf "$tmpdir/$filename" -C "$target"
+      fi
     else
       msg_error "Unsupported archive format: $filename"
       rm -rf "$tmpdir"

tools/pve/add-iptag.sh

@@ -194,16 +194,16 @@ LXC_STATUS_CHECK_INTERVAL=300
 FORCE_UPDATE_INTERVAL=7200
 
 # Performance optimizations
-VM_IP_CACHE_TTL=120
-MAX_PARALLEL_VM_CHECKS=5
+VM_IP_CACHE_TTL=300
+MAX_PARALLEL_VM_CHECKS=2
 
 # LXC performance optimizations  
-LXC_IP_CACHE_TTL=0
-MAX_PARALLEL_LXC_CHECKS=7
+LXC_IP_CACHE_TTL=300
+MAX_PARALLEL_LXC_CHECKS=2
 
 # Extreme LXC optimizations
-LXC_BATCH_SIZE=20
-LXC_STATUS_CACHE_TTL=30
+LXC_BATCH_SIZE=3
+LXC_STATUS_CACHE_TTL=300
 LXC_AGGRESSIVE_CACHING=true
 LXC_SKIP_SLOW_METHODS=true
 
@@ -222,8 +222,8 @@ After=network.target
 [Service]
 Type=simple
 ExecStart=/opt/iptag/iptag
-Restart=always
-RestartSec=1
+Restart=on-failure
+RestartSec=10
 
 [Install]
 WantedBy=multi-user.target
@@ -872,7 +872,11 @@ main() {
     echo -e "${BLUE}ℹ${NC} Tag format: ${WHITE}${TAG_FORMAT:-$DEFAULT_TAG_FORMAT}${NC}"
     echo -e "${BLUE}ℹ${NC} Allowed CIDRs: ${WHITE}${CIDR_LIST[*]}${NC}"
     echo -e "${PURPLE}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}\n"
-    check
+    
+    while true; do
+        check
+        sleep "${LOOP_INTERVAL:-300}"
+    done
 }
 
 # Cache cleanup function
@@ -1310,6 +1314,21 @@ msg_info "Restarting Service with optimizations"
 systemctl restart iptag.service &>/dev/null
 msg_ok "Service restarted with CPU optimizations"
 
+msg_info "Creating manual run command"
+cat <<'EOF' >/usr/local/bin/iptag-run
+#!/usr/bin/env bash
+CONFIG_FILE="/opt/iptag/iptag.conf"
+SCRIPT_FILE="/opt/iptag/iptag"
+if [[ ! -f "$SCRIPT_FILE" ]]; then
+  echo "❌ Main script not found: $SCRIPT_FILE"
+  exit 1
+fi
+export FORCE_SINGLE_RUN=true
+exec "$SCRIPT_FILE"
+EOF
+chmod +x /usr/local/bin/iptag-run
+msg_ok "Created iptag-run executable - You can execute this manually by entering “iptag-run” in the Proxmox host, so the script is executed by hand."
+
 SPINNER_PID=""
 echo -e "\n${APP} installation completed successfully! ${CL}\n"