arm64 scripts test

Adguard, Bazarr, Homeassistant, jellyfin, pihole, rdtclient, vaultwarden are working kima-hub is unported bentopdf is untested lubelogger is broken
2026-03-06 20:35:01 +10:00
parent dfe47a1ece
commit 34f0284c09
20 changed files with 1500 additions and 0 deletions
--- a/install/arm/adguard-install.sh
+++ b/install/arm/adguard-install.sh
@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 tteck
+# Author: tteck (tteckster)
+# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
+# Source: https://adguard.com/
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+fetch_and_deploy_gh_release "AdGuardHome" "AdguardTeam/AdGuardHome" "prebuild" "latest" "/opt/AdGuardHome" "AdGuardHome_linux_arm64.tar.gz"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/AdGuardHome.service
+[Unit]
+Description=AdGuard Home: Network-level blocker
+ConditionFileIsExecutable=/opt/AdGuardHome/AdGuardHome
+After=syslog.target network-online.target
+
+[Service]
+StartLimitInterval=5
+StartLimitBurst=10
+ExecStart=/opt/AdGuardHome/AdGuardHome "-s" "run"
+WorkingDirectory=/opt/AdGuardHome
+StandardOutput=file:/var/log/AdGuardHome.out
+StandardError=file:/var/log/AdGuardHome.err
+Restart=always
+RestartSec=10
+EnvironmentFile=-/etc/sysconfig/AdGuardHome
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now AdGuardHome
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/arm/bazarr-install.sh
+++ b/install/arm/bazarr-install.sh
@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 tteck
+# Author: tteck (tteckster)
+# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
+# Source: https://www.bazarr.media/
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y libicu76
+msg_ok "Installed Dependencies"
+
+PYTHON_VERSION="3.12" setup_uv
+fetch_and_deploy_gh_release "bazarr" "morpheus65535/bazarr" "prebuild" "latest" "/opt/bazarr" "bazarr.zip"
+
+msg_info "Installing Bazarr"
+mkdir -p /var/lib/bazarr/
+chmod 775 /opt/bazarr /var/lib/bazarr/
+sed -i.bak 's/--only-binary=Pillow//g' /opt/bazarr/requirements.txt
+$STD uv venv --clear /opt/bazarr/venv --python 3.12
+$STD uv pip install -r /opt/bazarr/requirements.txt --python /opt/bazarr/venv/bin/python3
+msg_ok "Installed Bazarr"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/bazarr.service
+[Unit]
+Description=Bazarr Daemon
+After=syslog.target network.target
+
+[Service]
+WorkingDirectory=/opt/bazarr/
+UMask=0002
+Restart=on-failure
+RestartSec=5
+Type=simple
+ExecStart=/opt/bazarr/venv/bin/python3 /opt/bazarr/bazarr.py
+KillSignal=SIGINT
+TimeoutStopSec=20
+SyslogIdentifier=bazarr
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now bazarr
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/arm/bentopdf-install.sh
+++ b/install/arm/bentopdf-install.sh
@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: vhsdream
+# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
+# Source: https://github.com/alam00000/bentopdf
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+NODE_VERSION="24" setup_nodejs
+fetch_and_deploy_gh_release "bentopdf" "alam00000/bentopdf" "tarball" "latest" "/opt/bentopdf"
+
+msg_info "Setup BentoPDF"
+cd /opt/bentopdf
+$STD npm ci --no-audit --no-fund
+export SIMPLE_MODE=true
+$STD npm run build -- --mode production
+msg_ok "Setup BentoPDF"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/bentopdf.service
+[Unit]
+Description=BentoPDF Service
+After=network.target
+
+[Service]
+Type=simple
+WorkingDirectory=/opt/bentopdf
+ExecStart=/usr/bin/npx serve dist -p 8080
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl enable -q --now bentopdf
+msg_ok "Created & started service"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/arm/homeassistant-install.sh
+++ b/install/arm/homeassistant-install.sh
@@ -0,0 +1,81 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 tteck
+# Author: tteck (tteckster)
+# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
+# Source: https://www.home-assistant.io/
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Setup Python3"
+$STD apt install -y \
+  python3 \
+  python3-dev \
+  python3-pip \
+  python3-venv
+rm -rf /usr/lib/python3.*/EXTERNALLY-MANAGED
+msg_ok "Setup Python3"
+
+msg_info "Installing runlike"
+$STD pip install runlike
+msg_ok "Installed runlike"
+
+get_latest_release() {
+  curl -fsSL https://api.github.com/repos/$1/releases/latest | grep '"tag_name":' | cut -d'"' -f4
+}
+
+DOCKER_LATEST_VERSION=$(get_latest_release "moby/moby")
+CORE_LATEST_VERSION=$(get_latest_release "home-assistant/core")
+PORTAINER_LATEST_VERSION=$(get_latest_release "portainer/portainer")
+
+msg_info "Installing Docker $DOCKER_LATEST_VERSION"
+DOCKER_CONFIG_PATH='/etc/docker/daemon.json'
+mkdir -p $(dirname $DOCKER_CONFIG_PATH)
+echo -e '{\n  "log-driver": "journald"\n}' >/etc/docker/daemon.json
+$STD sh <(curl -fsSL https://get.docker.com)
+msg_ok "Installed Docker $DOCKER_LATEST_VERSION"
+
+msg_info "Pulling Portainer $PORTAINER_LATEST_VERSION Image"
+$STD docker pull portainer/portainer-ce:latest
+msg_ok "Pulled Portainer $PORTAINER_LATEST_VERSION Image"
+
+msg_info "Installing Portainer $PORTAINER_LATEST_VERSION"
+$STD docker volume create portainer_data
+$STD docker run -d \
+  -p 8000:8000 \
+  -p 9443:9443 \
+  --name=portainer \
+  --restart=always \
+  -v /var/run/docker.sock:/var/run/docker.sock \
+  -v portainer_data:/data \
+  portainer/portainer-ce:latest
+msg_ok "Installed Portainer $PORTAINER_LATEST_VERSION"
+
+msg_info "Pulling Home Assistant $CORE_LATEST_VERSION Image"
+$STD docker pull ghcr.io/home-assistant/home-assistant:stable
+msg_ok "Pulled Home Assistant $CORE_LATEST_VERSION Image"
+
+msg_info "Installing Home Assistant $CORE_LATEST_VERSION"
+$STD docker volume create hass_config
+$STD docker run -d \
+  --name homeassistant \
+  --privileged \
+  --restart unless-stopped \
+  -v /var/run/docker.sock:/var/run/docker.sock \
+  -v /dev:/dev \
+  -v hass_config:/config \
+  -v /etc/localtime:/etc/localtime:ro \
+  --net=host \
+  ghcr.io/home-assistant/home-assistant:stable
+mkdir /root/hass_config
+msg_ok "Installed Home Assistant $CORE_LATEST_VERSION"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/arm/jellyfin-install.sh
+++ b/install/arm/jellyfin-install.sh
@@ -0,0 +1,67 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 tteck
+# Author: tteck (tteckster)
+# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
+# Source: https://jellyfin.org/
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_custom "ℹ️" "${GN}" "If NVIDIA GPU passthrough is detected, you'll be asked whether to install drivers in the container"
+setup_hwaccel
+
+msg_info "Installing Jellyfin"
+VERSION="$(awk -F'=' '/^VERSION_CODENAME=/{ print $NF }' /etc/os-release)"
+if ! dpkg -s libjemalloc2 >/dev/null 2>&1; then
+  $STD apt install -y libjemalloc2
+fi
+if [[ ! -f /usr/lib/libjemalloc.so ]]; then
+  ln -sf /usr/lib/aarch64-linux-gnu/libjemalloc.so.2 /usr/lib/libjemalloc.so
+fi
+if [[ ! -d /etc/apt/keyrings ]]; then
+  mkdir -p /etc/apt/keyrings
+fi
+curl -fsSL https://repo.jellyfin.org/jellyfin_team.gpg.key | gpg --dearmor --yes --output /etc/apt/keyrings/jellyfin.gpg
+cat <<EOF >/etc/apt/sources.list.d/jellyfin.sources
+Types: deb
+URIs: https://repo.jellyfin.org/${PCT_OSTYPE}
+Suites: ${VERSION}
+Components: main
+Architectures: arm64
+Signed-By: /etc/apt/keyrings/jellyfin.gpg
+EOF
+
+$STD apt update
+$STD apt install -y jellyfin
+# Configure log rotation to prevent disk fill (keeps fail2ban compatibility) (PR: #1690 / Issue: #11224)
+cat <<EOF >/etc/logrotate.d/jellyfin
+/var/log/jellyfin/*.log {
+    daily
+    rotate 3
+    maxsize 100M
+    missingok
+    notifempty
+    compress
+    delaycompress
+    copytruncate
+}
+EOF
+chown -R jellyfin:adm /etc/jellyfin
+sleep 10
+systemctl restart jellyfin
+if [[ "$CTTYPE" == "0" ]]; then
+  sed -i -e 's/^ssl-cert:x:104:$/render:x:104:root,jellyfin/' -e 's/^render:x:108:root,jellyfin$/ssl-cert:x:108:/' /etc/group
+else
+  sed -i -e 's/^ssl-cert:x:104:$/render:x:104:jellyfin/' -e 's/^render:x:108:jellyfin$/ssl-cert:x:108:/' /etc/group
+fi
+msg_ok "Installed Jellyfin"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/arm/kima-hub-install.sh
+++ b/install/arm/kima-hub-install.sh
@@ -0,0 +1,109 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: MickLesk
+# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
+# Source: https://www.kimai.org/
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  apt-transport-https \
+  apache2 \
+  git \
+  expect
+msg_ok "Installed Dependencies"
+
+setup_mariadb
+PHP_VERSION="8.4" PHP_APACHE="YES" setup_php
+setup_composer
+
+msg_info "Setting up database"
+DB_NAME=kimai_db
+DB_USER=kimai
+DB_PASS=$(openssl rand -base64 18 | tr -dc 'a-zA-Z0-9' | head -c13)
+MYSQL_VERSION=$(mariadb --version | grep -oE '[0-9]+\.[0-9]+\.[0-9]+')
+$STD mariadb -e "CREATE DATABASE $DB_NAME;"
+$STD mariadb -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
+$STD mariadb -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost'; FLUSH PRIVILEGES;"
+{
+  echo "Kimai-Credentials"
+  echo "Kimai Database User: $DB_USER"
+  echo "Kimai Database Password: $DB_PASS"
+  echo "Kimai Database Name: $DB_NAME"
+} >>~/kimai.creds
+msg_ok "Set up database"
+
+fetch_and_deploy_gh_release "kimai" "kimai/kimai" "tarball"
+
+msg_info "Setup Kimai"
+cd /opt/kimai
+echo "export COMPOSER_ALLOW_SUPERUSER=1" >>~/.bashrc
+source ~/.bashrc
+$STD composer install --no-dev --optimize-autoloader --no-interaction
+cp .env.dist .env
+sed -i "/^DATABASE_URL=/c\DATABASE_URL=mysql://$DB_USER:$DB_PASS@127.0.0.1:3306/$DB_NAME?charset=utf8mb4&serverVersion=mariadb-$MYSQL_VERSION" /opt/kimai/.env
+$STD bin/console kimai:install -n
+$STD expect <<EOF
+set timeout -1
+log_user 0
+
+spawn bin/console kimai:user:create admin admin@helper-scripts.com ROLE_SUPER_ADMIN
+
+expect "Please enter the password:"
+send "helper-scripts.com\r"
+
+expect eof
+EOF
+$STD composer update --no-interaction
+cat <<EOF >/opt/kimai/config/packages/local.yaml
+kimai:
+    timesheet:
+        rounding:
+            default:
+                begin: 15
+                end: 15
+
+EOF
+msg_ok "Installed Kimai"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/apache2/sites-available/kimai.conf
+<VirtualHost *:80>
+  ServerAdmin webmaster@localhost
+  DocumentRoot /opt/kimai/public/
+
+   <Directory /opt/kimai/public>
+        Options FollowSymLinks
+        AllowOverride All
+        Require all granted
+    </Directory>
+  
+    ErrorLog /var/log/apache2/error.log
+    CustomLog /var/log/apache2/access.log combined
+
+</VirtualHost>
+EOF
+$STD a2ensite kimai.conf
+$STD a2dissite 000-default.conf
+$STD systemctl reload apache2
+msg_ok "Created Service"
+
+msg_info "Setup Permissions"
+chown -R :www-data /opt/*
+chmod -R g+r /opt/*
+chmod -R g+rw /opt/*
+chown -R www-data:www-data /opt/*
+chmod -R 777 /opt/*
+msg_ok "Setup Permissions"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/arm/lubelogger-install.sh
+++ b/install/arm/lubelogger-install.sh
@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 community-scripts ORG
+# Author: kristocopani
+# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
+# Source: https://lubelogger.com/
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+fetch_and_deploy_gh_release "lubelogger" "hargata/lubelog" "prebuild" "latest" "/opt/lubelogger" "LubeLogger*linux_x64.zip"
+
+msg_info "Configuring LubeLogger"
+cd /opt/lubelogger
+chmod 700 /opt/lubelogger/CarCareTracker
+cp /opt/lubelogger/appsettings.json /opt/lubelogger/appsettings_bak.json
+jq '.Kestrel = {"Endpoints": {"Http": {"Url": "http://0.0.0.0:5000"}}}' /opt/lubelogger/appsettings_bak.json >/opt/lubelogger/appsettings.json
+rm -rf /opt/lubelogger/appsettings_bak.json
+msg_ok "Configured LubeLogger"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/lubelogger.service
+[Unit]
+Description=LubeLogger Daemon
+After=network.target
+
+[Service]
+User=root
+
+Type=simple
+WorkingDirectory=/opt/lubelogger
+ExecStart=/opt/lubelogger/CarCareTracker
+TimeoutStopSec=20
+KillMode=process
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl enable -q --now lubelogger
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/arm/pihole-install.sh
+++ b/install/arm/pihole-install.sh
@@ -0,0 +1,160 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 tteck
+# Author: tteck (tteckster)
+# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
+# Source: https://pi-hole.net/
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_warn "WARNING: This script will run an external installer from a third-party source (https://pi-hole.net/)."
+msg_warn "The following code is NOT maintained or audited by our repository."
+msg_warn "If you have any doubts or concerns, please review the installer code before proceeding:"
+msg_custom "${TAB3}${GATEWAY}${BGN}${CL}" "\e[1;34m" "→  https://install.pi-hole.net"
+echo
+read -r -p "${TAB3}Do you want to continue? [y/N]: " CONFIRM
+if [[ ! "$CONFIRM" =~ ^([yY][eE][sS]|[yY])$ ]]; then
+  msg_error "Aborted by user. No changes have been made."
+  exit 10
+fi
+
+msg_info "Installing Dependencies"
+$STD apt install -y ufw
+msg_ok "Installed Dependencies"
+
+msg_info "Installing Pi-hole"
+mkdir -p /etc/pihole
+touch /etc/pihole/pihole.toml
+$STD bash <(curl -fsSL https://install.pi-hole.net) --unattended
+sed -i -E '
+/^\s*upstreams =/ s|=.*|= ["8.8.8.8", "8.8.4.4"]|
+/^\s*interface =/ s|=.*|= "eth0"|
+/^\s*queryLogging =/ s|=.*|= true|
+/^\s*size =/ s|=.*|= 10000|
+/^\s*active =/ s|=.*|= true|
+/^\s*listeningMode =/ s|=.*|= "LOCAL"|
+/^\s*port =/ s|=.*|= "80o,443os,[::]:80o,[::]:443os"|
+/^\s*pwhash =/ s|=.*|= ""|
+
+# DHCP Disable
+/^\s*\[dhcp\]/,/^\s*\[/{s/^\s*active = true/  active = false/}
+
+# NTP Disable
+/^\s*\[ntp.ipv4\]/,/^\s*\[/{s/^\s*active = true/  active = false/}
+/^\s*\[ntp.ipv6\]/,/^\s*\[/{s/^\s*active = true/  active = false/}
+/^\s*\[ntp.sync\]/,/^\s*\[/{s/^\s*active = true/  active = false/}
+/^\s*\[ntp.sync\]/,/^\s*\[/{s/^\s*interval = [0-9]+/  interval = 0/}
+/^\s*\[ntp.sync.rtc\]/,/^\s*\[/{s/^\s*set = true/  set = false/}
+
+# set domainNeeded und expandHosts
+/^\s*domainNeeded =/ s|=.*|= true|
+/^\s*expandHosts =/ s|=.*|= true|
+' /etc/pihole/pihole.toml
+
+cat <<EOF >/etc/dnsmasq.d/01-pihole.conf
+server=8.8.8.8
+server=8.8.4.4
+EOF
+$STD pihole-FTL --config ntp.sync.interval 0
+systemctl restart pihole-FTL.service
+msg_ok "Installed Pi-hole"
+
+read -r -p "${TAB3}Would you like to add Unbound? <y/N> " prompt
+if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
+  read -r -p "${TAB3}Unbound is configured as a recursive DNS server by default, would you like it to be configured as a forwarding DNS server (using DNS-over-TLS (DoT)) instead? <y/N> " prompt
+  msg_info "Installing Unbound"
+  mkdir -p /etc/unbound/unbound.conf.d
+  cat <<EOF >/etc/unbound/unbound.conf.d/pi-hole.conf
+server:
+  verbosity: 0
+  interface: 127.0.0.1
+  port: 5335
+  do-ip6: no
+  do-ip4: yes
+  do-udp: yes
+  do-tcp: yes
+  num-threads: 1
+  hide-identity: yes
+  hide-version: yes
+  harden-glue: yes
+  harden-dnssec-stripped: yes
+  harden-referral-path: yes
+  use-caps-for-id: no
+  harden-algo-downgrade: no
+  qname-minimisation: yes
+  aggressive-nsec: yes
+  rrset-roundrobin: yes
+  cache-min-ttl: 300
+  cache-max-ttl: 14400
+  msg-cache-slabs: 8
+  rrset-cache-slabs: 8
+  infra-cache-slabs: 8
+  key-cache-slabs: 8
+  serve-expired: yes
+  serve-expired-ttl: 3600
+  edns-buffer-size: 1232
+  prefetch: yes
+  prefetch-key: yes
+  target-fetch-policy: "3 2 1 1 1"
+  unwanted-reply-threshold: 10000000
+  rrset-cache-size: 256m
+  msg-cache-size: 128m
+  so-rcvbuf: 1m
+  private-address: 192.168.0.0/16
+  private-address: 169.254.0.0/16
+  private-address: 172.16.0.0/12
+  private-address: 10.0.0.0/8
+  private-address: fd00::/8
+  private-address: fe80::/10
+EOF
+  mkdir -p /etc/dnsmasq.d/
+  cat <<EOF >/etc/dnsmasq.d/99-edns.conf
+edns-packet-max=1232
+EOF
+
+  if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
+    cat <<EOF >>/etc/unbound/unbound.conf.d/pi-hole.conf
+  tls-cert-bundle: "/etc/ssl/certs/ca-certificates.crt"
+forward-zone:
+  name: "."
+  forward-tls-upstream: yes
+  forward-first: no
+
+  forward-addr: 8.8.8.8@853#dns.google
+  forward-addr: 8.8.4.4@853#dns.google
+  forward-addr: 2001:4860:4860::8888@853#dns.google
+  forward-addr: 2001:4860:4860::8844@853#dns.google
+
+  #forward-addr: 1.1.1.1@853#cloudflare-dns.com
+  #forward-addr: 1.0.0.1@853#cloudflare-dns.com
+  #forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
+  #forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
+
+  #forward-addr: 9.9.9.9@853#dns.quad9.net
+  #forward-addr: 149.112.112.112@853#dns.quad9.net
+  #forward-addr: 2620:fe::fe@853#dns.quad9.net
+  #forward-addr: 2620:fe::9@853#dns.quad9.net
+EOF
+  fi
+  $STD apt install -y unbound
+  cat <<EOF >/etc/dnsmasq.d/01-pihole.conf
+server=127.0.0.1#5335
+server=8.8.8.8
+server=8.8.4.4
+EOF
+
+  sed -i -E '/^\s*upstreams\s*=\s*\[/,/^\s*\]/c\  upstreams = [\n    "127.0.0.1#5335",\n    "8.8.4.4"\n  ]' /etc/pihole/pihole.toml
+  systemctl restart unbound
+  systemctl restart pihole-FTL.service
+  msg_ok "Installed Unbound"
+fi
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/arm/rdtclient-install.sh
+++ b/install/arm/rdtclient-install.sh
@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 tteck
+# Author: tteck (tteckster)
+# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
+# Source: https://github.com/rogerfar/rdt-client
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt-get install -y unzip
+msg_ok "Installed Dependencies"
+
+msg_info "Installing ASP.NET Core Runtime"
+$STD apt-get install -y libc6
+$STD apt-get install -y libgcc1
+$STD apt-get install -y libgssapi-krb5-2
+$STD apt-get install -y libicu72
+$STD apt-get install -y liblttng-ust1
+$STD apt-get install -y libssl3
+$STD apt-get install -y libstdc++6
+$STD apt-get install -y zlib1g
+
+curl -SL -o dotnet.tar.gz https://download.visualstudio.microsoft.com/download/pr/6f79d99b-dc38-4c44-a549-32329419bb9f/a411ec38fb374e3a4676647b236ba021/dotnet-sdk-9.0.100-linux-arm64.tar.gz
+mkdir -p /usr/share/dotnet
+$STD tar -zxf dotnet.tar.gz -C /usr/share/dotnet
+$STD ln -s /usr/share/dotnet/dotnet /usr/bin/dotnet
+msg_ok "Installed ASP.NET Core Runtime"
+
+fetch_and_deploy_gh_release "rdt-client" "rogerfar/rdt-client" "prebuild" "latest" "/opt/rdtc" "RealDebridClient.zip"
+
+msg_info "Setting up rdtclient"
+cd /opt/rdtc
+mkdir -p data/{db,downloads}
+sed -i 's#/data/db/#/opt/rdtc&#g' /opt/rdtc/appsettings.json
+msg_ok "Configured rdtclient"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/rdtc.service
+[Unit]
+Description=RdtClient Service
+
+[Service]
+WorkingDirectory=/opt/rdtc
+ExecStart=/usr/bin/dotnet RdtClient.Web.dll
+SyslogIdentifier=RdtClient
+User=root
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now rdtc
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc
--- a/install/arm/vaultwarden-install.sh
+++ b/install/arm/vaultwarden-install.sh
@@ -0,0 +1,105 @@
+#!/usr/bin/env bash
+
+# Copyright (c) 2021-2026 tteck
+# Author: tteck (tteckster)
+# License: MIT | https://github.com/asylumexp/Proxmox/raw/main/LICENSE
+# Source: https://github.com/dani-garcia/vaultwarden
+
+source /dev/stdin <<<"$FUNCTIONS_FILE_PATH"
+color
+verb_ip6
+catch_errors
+setting_up_container
+network_check
+update_os
+
+msg_info "Installing Dependencies"
+$STD apt install -y \
+  build-essential \
+  pkgconf \
+  libssl-dev \
+  libmariadb-dev-compat \
+  libpq-dev \
+  argon2 \
+  ssl-cert
+msg_ok "Installed Dependencies"
+
+setup_rust
+fetch_and_deploy_gh_release "vaultwarden" "dani-garcia/vaultwarden" "tarball" "latest" "/tmp/vaultwarden-src"
+
+msg_info "Building Vaultwarden (Patience)"
+cd /tmp/vaultwarden-src
+VW_VERSION=$(get_latest_github_release "dani-garcia/vaultwarden")
+export VW_VERSION
+$STD cargo build --features "sqlite,mysql,postgresql" --release
+msg_ok "Built Vaultwarden"
+
+msg_info "Setting up Vaultwarden"
+$STD addgroup --system vaultwarden
+$STD adduser --system --home /opt/vaultwarden --shell /usr/sbin/nologin --no-create-home --gecos 'vaultwarden' --ingroup vaultwarden --disabled-login --disabled-password vaultwarden
+mkdir -p /opt/vaultwarden/{bin,data,web-vault}
+cp target/release/vaultwarden /opt/vaultwarden/bin/
+cd ~ && rm -rf /tmp/vaultwarden-src
+msg_ok "Set up Vaultwarden"
+
+fetch_and_deploy_gh_release "vaultwarden_webvault" "dani-garcia/bw_web_builds" "prebuild" "latest" "/opt/vaultwarden/web-vault" "bw_web_*.tar.gz"
+
+msg_info "Configuring Vaultwarden"
+cat <<EOF >/opt/vaultwarden/.env
+ADMIN_TOKEN=''
+ROCKET_ADDRESS=0.0.0.0
+ROCKET_TLS='{certs="/opt/vaultwarden/ssl-cert-snakeoil.pem",key="/opt/vaultwarden/ssl-cert-snakeoil.key"}'
+DATA_FOLDER=/opt/vaultwarden/data
+DATABASE_MAX_CONNS=10
+WEB_VAULT_FOLDER=/opt/vaultwarden/web-vault
+WEB_VAULT_ENABLED=true
+EOF
+mv /etc/ssl/certs/ssl-cert-snakeoil.pem /opt/vaultwarden/
+mv /etc/ssl/private/ssl-cert-snakeoil.key /opt/vaultwarden/
+
+chown -R vaultwarden:vaultwarden /opt/vaultwarden/
+chown root:root /opt/vaultwarden/bin/vaultwarden
+chmod +x /opt/vaultwarden/bin/vaultwarden
+chown -R root:root /opt/vaultwarden/web-vault/
+chmod +r /opt/vaultwarden/.env
+msg_ok "Configured Vaultwarden"
+
+msg_info "Creating Service"
+cat <<EOF >/etc/systemd/system/vaultwarden.service
+[Unit]
+Description=Bitwarden Server (Powered by Vaultwarden)
+Documentation=https://github.com/dani-garcia/vaultwarden
+After=network.target
+
+[Service]
+User=vaultwarden
+Group=vaultwarden
+EnvironmentFile=-/opt/vaultwarden/.env
+ExecStart=/opt/vaultwarden/bin/vaultwarden
+LimitNOFILE=65535
+LimitNPROC=4096
+PrivateTmp=true
+PrivateDevices=true
+ProtectHome=true
+ProtectSystem=strict
+DevicePolicy=closed
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictNamespaces=yes
+RestrictRealtime=yes
+MemoryDenyWriteExecute=yes
+LockPersonality=yes
+WorkingDirectory=/opt/vaultwarden
+ReadWriteDirectories=/opt/vaultwarden/data
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+
+[Install]
+WantedBy=multi-user.target
+EOF
+systemctl enable -q --now vaultwarden
+msg_ok "Created Service"
+
+motd_ssh
+customize
+cleanup_lxc