Calibre-Web: Remove from Frontend during Critical Security Issues

CHANGELOG.md

@@ -10,23 +10,6 @@
 > [!CAUTION]
 Exercise vigilance regarding copycat or coat-tailing sites that seek to exploit the project's popularity for potentially malicious purposes.
 
-## 2025-07-28
-
-### 🚀 Updated Scripts
-
-  - #### ✨ New Features
-
-    - karakeep: Run workers in prod without tsx [@vhsdream](https://github.com/vhsdream) ([#6285](https://github.com/community-scripts/ProxmoxVE/pull/6285))
-
-## 2025-07-27
-
-### 🚀 Updated Scripts
-
-  - #### 🐞 Bug Fixes
-
-    - karakeep: export DATA_DIR from user config in update [@vhsdream](https://github.com/vhsdream) ([#6283](https://github.com/community-scripts/ProxmoxVE/pull/6283))
-    - go2rtc: Fix release download handling [@tremor021](https://github.com/tremor021) ([#6280](https://github.com/community-scripts/ProxmoxVE/pull/6280))
-
 ## 2025-07-26
 
 ### 🚀 Updated Scripts

ct/karakeep.sh

@@ -52,10 +52,6 @@ function update_script() {
   rm -rf /opt/karakeep
   msg_ok "Update prepared"
 
-  if grep -q "start:prod" /etc/systemd/system/karakeep-workers.service; then
-    sed -i 's|^ExecStart=.*$|ExecStart=/usr/bin/node dist/index.mjs|' /etc/systemd/system/karakeep-workers.service
-    systemctl daemon-reload
-  fi
   fetch_and_deploy_gh_release "karakeep" "karakeep-app/karakeep"
   if command -v corepack >/dev/null; then
     $STD corepack disable
@@ -64,7 +60,6 @@ function update_script() {
   NODE_VERSION="22" NODE_MODULE="pnpm@${MODULE_VERSION}" setup_nodejs
 
   msg_info "Updating ${APP} to v${RELEASE}"
-  corepack enable
   export PUPPETEER_SKIP_DOWNLOAD="true"
   export PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD="true"
   export NEXT_TELEMETRY_DISABLED=1
@@ -74,12 +69,10 @@ function update_script() {
   $STD pnpm build
   cd /opt/karakeep/apps/workers
   $STD pnpm install --frozen-lockfile
-  $STD pnpm build
   cd /opt/karakeep/apps/cli
   $STD pnpm install --frozen-lockfile
   $STD pnpm build
-  DATA_DIR="$(sed -n '/^DATA_DIR/p' /etc/karakeep/karakeep.env | awk -F= '{print $2}')"
-  export DATA_DIR="${DATA_DIR:-/opt/karakeep_data}"
+  export DATA_DIR=/opt/karakeep_data
   cd /opt/karakeep/packages/db
   $STD pnpm migrate
   $STD pnpm store prune

frontend/public/json/onlyoffice.json

@@ -2,7 +2,7 @@
   "name": "ONLYOFFICE Docs",
   "slug": "onlyoffice",
   "categories": [
-    12
+    9
   ],
   "date_created": "2025-06-24",
   "type": "ct",

frontend/public/json/opnsense-vm.json

@@ -0,0 +1,41 @@
+{
+  "name": "OPNsense",
+  "slug": "opnsense-vm",
+  "categories": [
+    4,
+    2
+  ],
+  "date_created": "2025-02-11",
+  "type": "vm",
+  "updateable": true,
+  "privileged": false,
+  "interface_port": 443,
+  "documentation": "https://docs.opnsense.org/",
+  "website": "https://opnsense.org/",
+  "logo": "https://cdn.jsdelivr.net/gh/selfhst/icons/webp/opnsense.webp",
+  "config_path": "",
+  "description": "OPNsense is an open-source firewall and routing platform based on FreeBSD. It provides advanced security features, including intrusion detection, VPN support, traffic shaping, and web filtering, with an intuitive web interface for easy management. Known for its reliability and regular updates, OPNsense is a popular choice for both businesses and home networks.",
+  "install_methods": [
+    {
+      "type": "default",
+      "script": "vm/opnsense-vm.sh",
+      "resources": {
+        "cpu": 4,
+        "ram": 8192,
+        "hdd": 10,
+        "os": "FreeBSD",
+        "version": "latest"
+      }
+    }
+  ],
+  "default_credentials": {
+    "username": "root",
+    "password": "opnsense"
+  },
+  "notes": [
+    {
+      "text": "It will fail with default settings if there is no vmbr0 and vmbr1 on your node. Use advanced settings in this case.",
+      "type": "warning"
+    }
+  ]
+}

frontend/public/json/versions.json

@@ -1,64 +1,4 @@
 [
-  {
-    "name": "umami-software/umami",
-    "version": "v2.19.0",
-    "date": "2025-07-27T22:25:00Z"
-  },
-  {
-    "name": "moghtech/komodo",
-    "version": "v1.18.4",
-    "date": "2025-06-25T00:06:56Z"
-  },
-  {
-    "name": "dani-garcia/vaultwarden",
-    "version": "1.34.2",
-    "date": "2025-07-27T18:49:05Z"
-  },
-  {
-    "name": "msgbyte/tianji",
-    "version": "v1.24.7",
-    "date": "2025-07-27T18:34:18Z"
-  },
-  {
-    "name": "benjaminjonard/koillection",
-    "version": "1.6.16",
-    "date": "2025-07-27T14:48:37Z"
-  },
-  {
-    "name": "Jackett/Jackett",
-    "version": "v0.22.2200",
-    "date": "2025-07-27T05:52:33Z"
-  },
-  {
-    "name": "project-zot/zot",
-    "version": "v2.1.6",
-    "date": "2025-07-27T01:14:14Z"
-  },
-  {
-    "name": "steveiliop56/tinyauth",
-    "version": "v3.6.2",
-    "date": "2025-07-17T12:08:03Z"
-  },
-  {
-    "name": "aceberg/WatchYourLAN",
-    "version": "2.1.3",
-    "date": "2025-07-26T14:19:00Z"
-  },
-  {
-    "name": "blakeblackshear/frigate",
-    "version": "v0.14.1",
-    "date": "2024-08-29T22:32:51Z"
-  },
-  {
-    "name": "keycloak/keycloak",
-    "version": "26.3.2",
-    "date": "2025-07-24T10:14:27Z"
-  },
-  {
-    "name": "MediaBrowser/Emby.Releases",
-    "version": "4.9.1.2",
-    "date": "2025-06-26T22:08:00Z"
-  },
   {
     "name": "henrygd/beszel",
     "version": "v0.12.1",
@@ -114,6 +54,11 @@
     "version": "v1.5.3-beta.10",
     "date": "2025-07-15T06:07:03Z"
   },
+  {
+    "name": "Jackett/Jackett",
+    "version": "v0.22.2193",
+    "date": "2025-07-25T05:54:10Z"
+  },
   {
     "name": "ErsatzTV/ErsatzTV",
     "version": "v25.3.1",
@@ -124,6 +69,11 @@
     "version": "v1.28.0",
     "date": "2025-07-25T01:21:13Z"
   },
+  {
+    "name": "steveiliop56/tinyauth",
+    "version": "v3.6.2",
+    "date": "2025-07-17T12:08:03Z"
+  },
   {
     "name": "Brandawg93/PeaNUT",
     "version": "v5.10.0",
@@ -134,6 +84,11 @@
     "version": "v4.102.2",
     "date": "2025-07-24T22:42:01Z"
   },
+  {
+    "name": "MediaBrowser/Emby.Releases",
+    "version": "4.9.1.2",
+    "date": "2025-06-26T22:08:00Z"
+  },
   {
     "name": "linuxserver/Heimdall",
     "version": "v2.7.3",
@@ -159,6 +114,11 @@
     "version": "prototype-cellulite-1",
     "date": "2025-07-24T16:32:57Z"
   },
+  {
+    "name": "keycloak/keycloak",
+    "version": "26.3.2",
+    "date": "2025-07-24T10:14:27Z"
+  },
   {
     "name": "grokability/snipe-it",
     "version": "v8.2.1",
@@ -279,6 +239,11 @@
     "version": "v3.42.0",
     "date": "2025-07-14T22:07:28Z"
   },
+  {
+    "name": "msgbyte/tianji",
+    "version": "v1.24.6",
+    "date": "2025-07-22T17:14:21Z"
+  },
   {
     "name": "Dolibarr/dolibarr",
     "version": "21.0.2",
@@ -479,6 +444,11 @@
     "version": "8.1.15",
     "date": "2025-07-16T18:06:03Z"
   },
+  {
+    "name": "benjaminjonard/koillection",
+    "version": "1.6.15",
+    "date": "2025-07-16T16:47:57Z"
+  },
   {
     "name": "usememos/memos",
     "version": "v0.25.0",
@@ -584,6 +554,11 @@
     "version": "v10.10.7",
     "date": "2025-04-05T19:14:59Z"
   },
+  {
+    "name": "blakeblackshear/frigate",
+    "version": "v0.14.1",
+    "date": "2024-08-29T22:32:51Z"
+  },
   {
     "name": "leiweibau/Pi.Alert",
     "version": "v2025-07-12",
@@ -824,6 +799,11 @@
     "version": "v1.6.1",
     "date": "2025-06-25T21:19:25Z"
   },
+  {
+    "name": "moghtech/komodo",
+    "version": "v1.18.4",
+    "date": "2025-06-25T00:06:56Z"
+  },
   {
     "name": "arunavo4/gitea-mirror",
     "version": "v2.18.0",
@@ -894,6 +874,11 @@
     "version": "2.0.0-pre3",
     "date": "2025-06-18T08:01:24Z"
   },
+  {
+    "name": "project-zot/zot",
+    "version": "v2.1.5",
+    "date": "2025-06-17T18:04:11Z"
+  },
   {
     "name": "donaldzou/WGDashboard",
     "version": "v4.2.4",
@@ -1024,6 +1009,11 @@
     "version": "5.10.0",
     "date": "2025-05-28T05:48:20Z"
   },
+  {
+    "name": "dani-garcia/vaultwarden",
+    "version": "1.34.1",
+    "date": "2025-05-26T21:40:54Z"
+  },
   {
     "name": "stonith404/pingvin-share",
     "version": "v1.13.0",
@@ -1069,6 +1059,11 @@
     "version": "1.0.0",
     "date": "2025-05-12T07:39:23Z"
   },
+  {
+    "name": "umami-software/umami",
+    "version": "v2.18.1",
+    "date": "2025-05-12T07:16:12Z"
+  },
   {
     "name": "owncast/owncast",
     "version": "v0.2.3",
@@ -1174,6 +1169,11 @@
     "version": "1.5.0",
     "date": "2025-03-30T17:42:59Z"
   },
+  {
+    "name": "aceberg/WatchYourLAN",
+    "version": "2.1.2-alpine",
+    "date": "2025-03-30T06:25:22Z"
+  },
   {
     "name": "inspircd/inspircd",
     "version": "v4.7.0",

install/go2rtc-install.sh

@@ -13,7 +13,7 @@ setting_up_container
 network_check
 update_os
 
-USE_ORIGINAL_FILENAME="true" fetch_and_deploy_gh_release "go2rtc" "AlexxIT/go2rtc" "singlefile" "latest" "/opt/go2rtc" "go2rtc_linux_amd64"
+fetch_and_deploy_gh_release "go2rtc" "AlexxIT/go2rtc" "singlefile" "latest" "/opt/go2rtc" "go2rtc_linux_amd64"
 
 msg_info "Creating Service"
 cat <<EOF >/etc/systemd/system/go2rtc.service

install/karakeep-install.sh

@@ -64,7 +64,6 @@ $STD pnpm install --frozen-lockfile
 $STD pnpm build
 cd /opt/karakeep/apps/workers
 $STD pnpm install --frozen-lockfile
-$STD pnpm build
 cd /opt/karakeep/apps/cli
 $STD pnpm install --frozen-lockfile
 $STD pnpm build
@@ -168,7 +167,7 @@ Wants=network.target karakeep-browser.service meilisearch.service
 After=network.target karakeep-browser.service meilisearch.service
 
 [Service]
-ExecStart=/usr/bin/node dist/index.mjs
+ExecStart=pnpm start:prod
 WorkingDirectory=/opt/karakeep/apps/workers
 EnvironmentFile=/etc/karakeep/karakeep.env
 Restart=always

misc/create_lxc.sh

@@ -32,6 +32,7 @@ function on_exit() {
 }
 
 function error_handler() {
+
   local exit_code="$?"
   local line_number="$1"
   local command="$2"
@@ -50,14 +51,6 @@ function on_terminate() {
   exit 143
 }
 
-function exit_script() {
-  clear
-  printf "\e[?25h"
-  echo -e "\n${CROSS}${RD}User exited script${CL}\n"
-  kill 0
-  exit 1
-}
-
 function check_storage_support() {
   local CONTENT="$1"
   local -a VALID_STORAGES=()
@@ -71,7 +64,21 @@ function check_storage_support() {
   [[ ${#VALID_STORAGES[@]} -gt 0 ]]
 }
 
-# This function selects a storage pool for a given content type (e.g., rootdir, vztmpl).
+# This checks for the presence of valid Container Storage and Template Storage locations
+msg_info "Validating Storage"
+if ! check_storage_support "rootdir"; then
+
+  msg_error "No valid storage found for 'rootdir' (Container)."
+  exit 1
+fi
+if ! check_storage_support "vztmpl"; then
+
+  msg_error "No valid storage found for 'vztmpl' (Template)."
+  exit 1
+fi
+msg_ok "Validated Storage (rootdir / vztmpl)."
+
+# This function is used to select the storage class and determine the corresponding storage content type and label.
 function select_storage() {
   local CLASS=$1 CONTENT CONTENT_LABEL
 
@@ -106,20 +113,8 @@ function select_storage() {
     ;;
   esac
 
-  # Check for preset STORAGE variable
-  if [ "$CONTENT" = "rootdir" ] && [ -n "${STORAGE:-}" ]; then
-    if pvesm status -content "$CONTENT" | awk 'NR>1 {print $1}' | grep -qx "$STORAGE"; then
-      STORAGE_RESULT="$STORAGE"
-      msg_info "Using preset storage: $STORAGE_RESULT for $CONTENT_LABEL"
-      return 0
-    else
-      msg_error "Preset storage '$STORAGE' is not valid for content type '$CONTENT'."
-      return 2
-    fi
-  fi
-
+local -a MENU
   local -A STORAGE_MAP
-  local -a MENU
   local COL_WIDTH=0
 
   while read -r TAG TYPE _ TOTAL USED FREE _; do
@@ -140,23 +135,17 @@ function select_storage() {
 
   if [ $((${#MENU[@]} / 3)) -eq 1 ]; then
     STORAGE_RESULT="${STORAGE_MAP[${MENU[0]}]}"
-    STORAGE_INFO="${MENU[1]}"
     return 0
   fi
 
   local WIDTH=$((COL_WIDTH + 42))
   while true; do
-    local DISPLAY_SELECTED
-    DISPLAY_SELECTED=$(whiptail --backtitle "Proxmox VE Helper Scripts" \
+    local DISPLAY_SELECTED=$(whiptail --backtitle "Proxmox VE Helper Scripts" \
       --title "Storage Pools" \
       --radiolist "Which storage pool for ${CONTENT_LABEL,,}?\n(Spacebar to select)" \
       16 "$WIDTH" 6 "${MENU[@]}" 3>&1 1>&2 2>&3)
 
-    # Cancel or ESC
-    [[ $? -ne 0 ]] && exit_script
-
-    # Strip trailing whitespace or newline (important for storages like "storage (dir)")
-    DISPLAY_SELECTED=$(sed 's/[[:space:]]*$//' <<<"$DISPLAY_SELECTED")
+    [[ $? -ne 0 ]] && return 3
 
     if [[ -z "$DISPLAY_SELECTED" || -z "${STORAGE_MAP[$DISPLAY_SELECTED]+_}" ]]; then
       whiptail --msgbox "No valid storage selected. Please try again." 8 58
@@ -164,12 +153,6 @@ function select_storage() {
     fi
 
     STORAGE_RESULT="${STORAGE_MAP[$DISPLAY_SELECTED]}"
-    for ((i = 0; i < ${#MENU[@]}; i += 3)); do
-      if [[ "${MENU[$i]}" == "$DISPLAY_SELECTED" ]]; then
-        STORAGE_INFO="${MENU[$i + 1]}"
-        break
-      fi
-    done
     return 0
   done
 }
@@ -198,22 +181,45 @@ if qm status "$CTID" &>/dev/null || pct status "$CTID" &>/dev/null; then
   exit 206
 fi
 
-# This checks for the presence of valid Container Storage and Template Storage locations
-msg_info "Validating Storage"
-if ! check_storage_support "rootdir"; then
-  msg_error "No valid storage found for 'rootdir' (Container)."
-  exit 1
-fi
-if ! check_storage_support "vztmpl"; then
-  msg_error "No valid storage found for 'vztmpl' (Template)."
-  exit 1
-fi
-msg_ok "Valid Storage Found"
+# DEFAULT_FILE="/usr/local/community-scripts/default_storage"
+# if [[ -f "$DEFAULT_FILE" ]]; then
+#   source "$DEFAULT_FILE"
+#   if [[ -n "$TEMPLATE_STORAGE" && -n "$CONTAINER_STORAGE" ]]; then
+#     msg_info "Using default storage configuration from: $DEFAULT_FILE"
+#     msg_ok "Template Storage: ${BL}$TEMPLATE_STORAGE${CL} ${GN}|${CL} Container Storage: ${BL}$CONTAINER_STORAGE${CL}"
+#   else
+#     msg_warn "Default storage file exists but is incomplete – falling back to manual selection"
+#     TEMPLATE_STORAGE=$(select_storage template)
+#     msg_ok "Using ${BL}$TEMPLATE_STORAGE${CL} ${GN}for Template Storage."
+#     CONTAINER_STORAGE=$(select_storage container)
+#     msg_ok "Using ${BL}$CONTAINER_STORAGE${CL} ${GN}for Container Storage."
+#   fi
+# else
+#   # TEMPLATE STORAGE SELECTION
+#   # Template Storage
+#   while true; do
+#     TEMPLATE_STORAGE=$(select_storage template)
+#     if [[ -n "$TEMPLATE_STORAGE" ]]; then
+#       msg_ok "Using ${BL}$TEMPLATE_STORAGE${CL} ${GN}for Template Storage."
+#       break
+#     fi
+#     msg_warn "No valid template storage selected. Please try again."
+#   done
+
+#   while true; do
+#     CONTAINER_STORAGE=$(select_storage container)
+#     if [[ -n "$CONTAINER_STORAGE" ]]; then
+#       msg_ok "Using ${BL}$CONTAINER_STORAGE${CL} ${GN}for Container Storage."
+#       break
+#     fi
+#     msg_warn "No valid container storage selected. Please try again."
+#   done
+
+# fi
 
 while true; do
   if select_storage template; then
     TEMPLATE_STORAGE="$STORAGE_RESULT"
-    TEMPLATE_STORAGE_INFO="$STORAGE_INFO"
     break
   fi
 done
@@ -221,11 +227,9 @@ done
 while true; do
   if select_storage container; then
     CONTAINER_STORAGE="$STORAGE_RESULT"
-    CONTAINER_STORAGE_INFO="$STORAGE_INFO"
     break
   fi
 done
-msg_ok "Validated Storage | Container: ${BL}$CONTAINER_STORAGE${CL} ($CONTAINER_STORAGE_INFO)"
 
 # Check free space on selected container storage
 STORAGE_FREE=$(pvesm status | awk -v s="$CONTAINER_STORAGE" '$1 == s { print $6 }')
@@ -272,34 +276,28 @@ fi
 TEMPLATE="${TEMPLATES[-1]}"
 TEMPLATE_PATH="$(pvesm path $TEMPLATE_STORAGE:vztmpl/$TEMPLATE 2>/dev/null || echo "/var/lib/vz/template/cache/$TEMPLATE")"
 
-TEMPLATE_VALID=1
-if ! pveam list "$TEMPLATE_STORAGE" | grep -q "$TEMPLATE"; then
-  TEMPLATE_VALID=0
-elif [ ! -s "$TEMPLATE_PATH" ]; then
-  TEMPLATE_VALID=0
-elif ! tar --use-compress-program=zstdcat -tf "$TEMPLATE_PATH" >/dev/null 2>&1; then
-  TEMPLATE_VALID=0
-fi
-
-if [ "$TEMPLATE_VALID" -eq 0 ]; then
+# Check if template exists and is valid
+if ! pveam list "$TEMPLATE_STORAGE" | grep -q "$TEMPLATE" || ! zstdcat "$TEMPLATE_PATH" | tar -tf - >/dev/null 2>&1; then
   msg_warn "Template $TEMPLATE not found or appears to be corrupted. Re-downloading."
+
   [[ -f "$TEMPLATE_PATH" ]] && rm -f "$TEMPLATE_PATH"
   for attempt in {1..3}; do
     msg_info "Attempt $attempt: Downloading LXC template..."
+
     if pveam download "$TEMPLATE_STORAGE" "$TEMPLATE" >/dev/null 2>&1; then
       msg_ok "Template download successful."
       break
     fi
+
     if [ $attempt -eq 3 ]; then
-      msg_error "Failed after 3 attempts. Please check network access or manually run:\n  pveam download $TEMPLATE_STORAGE $TEMPLATE"
+      msg_error "Failed after 3 attempts. Please check your Proxmox host’s internet access or manually run:\n  pveam download $TEMPLATE_STORAGE $TEMPLATE"
       exit 208
     fi
+
     sleep $((attempt * 5))
   done
 fi
 
-msg_ok "LXC Template '$TEMPLATE' is ready to use."
-
 msg_info "Creating LXC Container"
 # Check and fix subuid/subgid
 grep -q "root:100000:65536" /etc/subuid || echo "root:100000:65536" >>/etc/subuid
@@ -311,7 +309,7 @@ PCT_OPTIONS=(${PCT_OPTIONS[@]:-${DEFAULT_PCT_OPTIONS[@]}})
 
 # Secure creation of the LXC container with lock and template check
 lockfile="/tmp/template.${TEMPLATE}.lock"
-exec 9>"$lockfile" || {
+exec 9>"$lockfile" >/dev/null 2>&1 || {
   msg_error "Failed to create lock file '$lockfile'."
   exit 200
 }
@@ -349,6 +347,7 @@ if ! pct create "$CTID" "${TEMPLATE_STORAGE}:vztmpl/${TEMPLATE}" "${PCT_OPTIONS[
   done
 
   sleep 1 # I/O-Sync-Delay
+
   msg_ok "Re-downloaded LXC Template"
 fi