diff --git a/docs/misc/build.func/BUILD_FUNC_ADVANCED_SETTINGS.md b/docs/misc/build.func/BUILD_FUNC_ADVANCED_SETTINGS.md new file mode 100644 index 00000000000..aac584988ab --- /dev/null +++ b/docs/misc/build.func/BUILD_FUNC_ADVANCED_SETTINGS.md @@ -0,0 +1,164 @@ +# Advanced Settings Wizard Reference + +## Overview + +The Advanced Settings wizard provides a 28-step interactive configuration for LXC container creation. It allows users to customize every aspect of the container while inheriting sensible defaults from the CT script. + +## Key Features + +- **Inherit App Defaults**: All `var_*` values from CT scripts pre-populate wizard fields +- **Back Navigation**: Press Cancel/Back to return to previous step +- **App Default Hints**: Each dialog shows `(App default: X)` to indicate script defaults +- **Full Customization**: Every configurable option is accessible + +## Wizard Steps + +| Step | Title | Variable(s) | Description | +| ---- | ------------------------ | --------------------------------- | ----------------------------------------------------- | +| 1 | Container Type | `var_unprivileged` | Privileged (0) or Unprivileged (1) container | +| 2 | Root Password | `var_pw` | Set password or use automatic login | +| 3 | Container ID | `var_ctid` | Unique container ID (auto-suggested) | +| 4 | Hostname | `var_hostname` | Container hostname | +| 5 | Disk Size | `var_disk` | Disk size in GB | +| 6 | CPU Cores | `var_cpu` | Number of CPU cores | +| 7 | RAM Size | `var_ram` | RAM size in MiB | +| 8 | Network Bridge | `var_brg` | Network bridge (vmbr0, etc.) | +| 9 | IPv4 Configuration | `var_net`, `var_gateway` | DHCP or static IP with gateway | +| 10 | IPv6 Configuration | `var_ipv6_method` | Auto, DHCP, Static, or None | +| 11 | MTU Size | `var_mtu` | Network MTU (default: 1500) | +| 12 | DNS Search Domain | `var_searchdomain` | DNS search domain | +| 13 | DNS Server | `var_ns` | Custom DNS server IP | +| 14 | MAC Address | `var_mac` | Custom MAC address (auto-generated if empty) | +| 15 | VLAN Tag | `var_vlan` | VLAN tag ID | +| 16 | Tags | `var_tags` | Container tags (comma/semicolon separated) | +| 17 | SSH Settings | `var_ssh` | SSH key selection and root access | +| 18 | FUSE Support | `var_fuse` | Enable FUSE for rclone, mergerfs, AppImage | +| 19 | TUN/TAP Support | `var_tun` | Enable for VPN apps (WireGuard, OpenVPN, Tailscale) | +| 20 | Nesting Support | `var_nesting` | Enable for Docker, LXC in LXC, Podman | +| 21 | GPU Passthrough | `var_gpu` | Auto-detect and pass through Intel/AMD/NVIDIA GPUs | +| 22 | Keyctl Support | `var_keyctl` | Enable for Docker, systemd-networkd | +| 23 | APT Cacher Proxy | `var_apt_cacher`, `var_apt_cacher_ip` | Use apt-cacher-ng for faster downloads | +| 24 | Container Timezone | `var_timezone` | Set timezone (e.g., Europe/Berlin) | +| 25 | Container Protection | `var_protection` | Prevent accidental deletion | +| 26 | Device Node Creation | `var_mknod` | Allow mknod (experimental, kernel 5.3+) | +| 27 | Mount Filesystems | `var_mount_fs` | Allow specific mounts: nfs, cifs, fuse, etc. | +| 28 | Verbose Mode & Confirm | `var_verbose` | Enable verbose output + final confirmation | + +## Default Value Inheritance + +The wizard inherits defaults from multiple sources: + +```text +CT Script (var_*) → default.vars → app.vars → User Input +``` + +### Example: VPN Container (alpine-wireguard.sh) + +```bash +# CT script sets: +var_tun="${var_tun:-1}" # TUN enabled by default + +# In Advanced Settings Step 19: +# Dialog shows: "(App default: 1)" and pre-selects "Yes" +``` + +### Example: Media Server (jellyfin.sh) + +```bash +# CT script sets: +var_gpu="${var_gpu:-yes}" # GPU enabled by default + +# In Advanced Settings Step 21: +# Dialog shows: "(App default: yes)" and pre-selects "Yes" +``` + +## Feature Matrix + +| Feature | Variable | When to Enable | +| ----------------- | ---------------- | --------------------------------------------------- | +| FUSE | `var_fuse` | rclone, mergerfs, AppImage, SSHFS | +| TUN/TAP | `var_tun` | WireGuard, OpenVPN, Tailscale, VPN containers | +| Nesting | `var_nesting` | Docker, Podman, LXC-in-LXC, systemd-nspawn | +| GPU Passthrough | `var_gpu` | Plex, Jellyfin, Emby, Frigate, Ollama, ComfyUI | +| Keyctl | `var_keyctl` | Docker (unprivileged), systemd-networkd | +| Protection | `var_protection` | Production containers, prevent accidental deletion | +| Mknod | `var_mknod` | Device node creation (experimental) | +| Mount FS | `var_mount_fs` | NFS mounts, CIFS shares, custom filesystems | +| APT Cacher | `var_apt_cacher` | Speed up downloads with local apt-cacher-ng | + +## Confirmation Summary + +Step 28 displays a comprehensive summary before creation: + +```text +Container Type: Unprivileged +Container ID: 100 +Hostname: jellyfin + +Resources: + Disk: 8 GB + CPU: 2 cores + RAM: 2048 MiB + +Network: + Bridge: vmbr0 + IPv4: dhcp + IPv6: auto + +Features: + FUSE: no | TUN: no + Nesting: Enabled | Keyctl: Disabled + GPU: yes | Protection: No + +Advanced: + Timezone: Europe/Berlin + APT Cacher: no + Verbose: no +``` + +## Usage Examples + +### Skip to Advanced Settings + +```bash +# Run script, select "Advanced" from menu +bash -c "$(curl -fsSL https://...jellyfin.sh)" +# Then select option 3 "Advanced" +``` + +### Pre-set Defaults via Environment + +```bash +# Set defaults before running +export var_cpu=4 +export var_ram=4096 +export var_gpu=yes +bash -c "$(curl -fsSL https://...jellyfin.sh)" +# Advanced settings will inherit these values +``` + +### Non-Interactive with All Options + +```bash +# Set all variables for fully automated deployment +export var_unprivileged=1 +export var_cpu=2 +export var_ram=2048 +export var_disk=8 +export var_net=dhcp +export var_fuse=no +export var_tun=no +export var_gpu=yes +export var_nesting=1 +export var_protection=no +export var_verbose=no +bash -c "$(curl -fsSL https://...jellyfin.sh)" +``` + +## Notes + +- **Cancel at Step 1**: Exits the script entirely +- **Cancel at Steps 2-28**: Goes back to previous step +- **Empty fields**: Use default value +- **Keyctl**: Automatically enabled for unprivileged containers +- **Nesting**: Enabled by default (required for many apps) diff --git a/docs/misc/build.func/BUILD_FUNC_ENVIRONMENT_VARIABLES.md b/docs/misc/build.func/BUILD_FUNC_ENVIRONMENT_VARIABLES.md index 11b9821857e..d0c7bd94c88 100644 --- a/docs/misc/build.func/BUILD_FUNC_ENVIRONMENT_VARIABLES.md +++ b/docs/misc/build.func/BUILD_FUNC_ENVIRONMENT_VARIABLES.md @@ -66,17 +66,36 @@ This document provides a comprehensive reference of all environment variables us ### Feature Flags -| Variable | Description | Default | Set In | Used In | -| --------------------- | --------------------------- | ------- | --------------- | ------------------ | -| `ENABLE_FUSE` | Enable FUSE support | "true" | base_settings() | Container features | -| `ENABLE_TUN` | Enable TUN/TAP support | "true" | base_settings() | Container features | -| `ENABLE_KEYCTL` | Enable keyctl support | "true" | base_settings() | Container features | -| `ENABLE_MOUNT` | Enable mount support | "true" | base_settings() | Container features | -| `ENABLE_NESTING` | Enable nesting support | "false" | base_settings() | Container features | -| `ENABLE_PRIVILEGED` | Enable privileged mode | "false" | base_settings() | Container features | -| `ENABLE_UNPRIVILEGED` | Enable unprivileged mode | "true" | base_settings() | Container features | -| `VERBOSE` | Enable verbose output | "false" | Environment | Logging | -| `SSH` | Enable SSH key provisioning | "true" | base_settings() | SSH setup | +| Variable | Description | Default | Set In | Used In | +| ---------------- | ------------------------------ | ------- | ------------------------------- | ------------------ | +| `var_fuse` | Enable FUSE support | "no" | CT script / Advanced Settings | Container features | +| `var_tun` | Enable TUN/TAP support | "no" | CT script / Advanced Settings | Container features | +| `var_nesting` | Enable nesting support | "1" | CT script / Advanced Settings | Container features | +| `var_keyctl` | Enable keyctl support | "0" | CT script / Advanced Settings | Container features | +| `var_mknod` | Allow device node creation | "0" | CT script / Advanced Settings | Container features | +| `var_mount_fs` | Allowed filesystem mounts | "" | CT script / Advanced Settings | Container features | +| `var_protection` | Enable container protection | "no" | CT script / Advanced Settings | Container creation | +| `var_timezone` | Container timezone | "" | CT script / Advanced Settings | Container creation | +| `var_verbose` | Enable verbose output | "no" | Environment / Advanced Settings | Logging | +| `var_ssh` | Enable SSH key provisioning | "no" | CT script / Advanced Settings | SSH setup | +| `ENABLE_FUSE` | FUSE flag (internal) | "no" | Advanced Settings | Container creation | +| `ENABLE_TUN` | TUN/TAP flag (internal) | "no" | Advanced Settings | Container creation | +| `ENABLE_NESTING` | Nesting flag (internal) | "1" | Advanced Settings | Container creation | +| `ENABLE_KEYCTL` | Keyctl flag (internal) | "0" | Advanced Settings | Container creation | +| `ENABLE_MKNOD` | Mknod flag (internal) | "0" | Advanced Settings | Container creation | +| `PROTECT_CT` | Protection flag (internal) | "no" | Advanced Settings | Container creation | +| `CT_TIMEZONE` | Timezone setting (internal) | "" | Advanced Settings | Container creation | +| `VERBOSE` | Verbose mode flag | "no" | Environment | Logging | +| `SSH` | SSH access flag | "no" | Advanced Settings | SSH setup | + +### APT Cacher Configuration + +| Variable | Description | Default | Set In | Used In | +| ------------------ | ------------------------ | ------- | ----------------------------- | ------------------- | +| `var_apt_cacher` | Enable APT cacher proxy | "no" | CT script / Advanced Settings | Package management | +| `var_apt_cacher_ip`| APT cacher server IP | "" | CT script / Advanced Settings | Package management | +| `APT_CACHER` | APT cacher flag | "no" | Advanced Settings | Container creation | +| `APT_CACHER_IP` | APT cacher IP (internal) | "" | Advanced Settings | Container creation | ### GPU Passthrough Variables diff --git a/docs/misc/build.func/README.md b/docs/misc/build.func/README.md index c7ede47c771..2b495d0811e 100644 --- a/docs/misc/build.func/README.md +++ b/docs/misc/build.func/README.md @@ -6,6 +6,16 @@ This directory contains comprehensive documentation for the `build.func` script, ## Documentation Files +### 🎛️ [BUILD_FUNC_ADVANCED_SETTINGS.md](./BUILD_FUNC_ADVANCED_SETTINGS.md) +Complete reference for the 28-step Advanced Settings wizard, including all configurable options and their inheritance behavior. + +**Contents:** +- All 28 wizard steps explained +- Default value inheritance +- Feature matrix (when to enable each feature) +- Confirmation summary format +- Usage examples + ### 📊 [BUILD_FUNC_FLOWCHART.md](./BUILD_FUNC_FLOWCHART.md) Visual ASCII flowchart showing the main execution flow, decision trees, and key decision points in the build.func script. diff --git a/misc/build.func b/misc/build.func index ce024eeac0b..5596bf957b2 100644 --- a/misc/build.func +++ b/misc/build.func @@ -816,6 +816,7 @@ _build_current_app_vars_tmp() { _apt_cacher_ip="${APT_CACHER_IP:-}" _fuse="${ENABLE_FUSE:-no}" _tun="${ENABLE_TUN:-no}" + _gpu="${ENABLE_GPU:-no}" _nesting="${ENABLE_NESTING:-1}" _keyctl="${ENABLE_KEYCTL:-0}" _mknod="${ENABLE_MKNOD:-0}" @@ -865,6 +866,7 @@ _build_current_app_vars_tmp() { [ -n "$_fuse" ] && echo "var_fuse=$(_sanitize_value "$_fuse")" [ -n "$_tun" ] && echo "var_tun=$(_sanitize_value "$_tun")" + [ -n "$_gpu" ] && echo "var_gpu=$(_sanitize_value "$_gpu")" [ -n "$_nesting" ] && echo "var_nesting=$(_sanitize_value "$_nesting")" [ -n "$_keyctl" ] && echo "var_keyctl=$(_sanitize_value "$_keyctl")" [ -n "$_mknod" ] && echo "var_mknod=$(_sanitize_value "$_mknod")" @@ -1011,38 +1013,49 @@ advanced_settings() { # Initialize defaults TAGS="community-script;${var_tags:-}" local STEP=1 - local MAX_STEP=20 + local MAX_STEP=28 - # Store values for back navigation - local _ct_type="${CT_TYPE:-1}" + # Store values for back navigation - inherit from var_* app defaults + local _ct_type="${var_unprivileged:-1}" local _pw="" local _pw_display="Automatic Login" local _ct_id="$NEXTID" local _hostname="$NSAPP" - local _disk_size="$var_disk" - local _core_count="$var_cpu" - local _ram_size="$var_ram" - local _bridge="vmbr0" - local _net="dhcp" - local _gate="" - local _ipv6_method="auto" + local _disk_size="${var_disk:-4}" + local _core_count="${var_cpu:-1}" + local _ram_size="${var_ram:-1024}" + local _bridge="${var_brg:-vmbr0}" + local _net="${var_net:-dhcp}" + local _gate="${var_gateway:-}" + local _ipv6_method="${var_ipv6_method:-auto}" local _ipv6_addr="" local _ipv6_gate="" - local _apt_cacher_ip="" - local _mtu="" - local _sd="" - local _ns="" - local _mac="" - local _vlan="" + local _apt_cacher="${var_apt_cacher:-no}" + local _apt_cacher_ip="${var_apt_cacher_ip:-}" + local _mtu="${var_mtu:-}" + local _sd="${var_searchdomain:-}" + local _ns="${var_ns:-}" + local _mac="${var_mac:-}" + local _vlan="${var_vlan:-}" local _tags="$TAGS" - local _enable_fuse="no" + local _enable_fuse="${var_fuse:-no}" + local _enable_tun="${var_tun:-no}" local _enable_gpu="${var_gpu:-no}" - local _verbose="no" - local _enable_keyctl="0" - local _enable_mknod="0" - local _mount_fs="" - local _protect_ct="no" - local _ct_timezone="" + local _enable_nesting="${var_nesting:-1}" + local _verbose="${var_verbose:-no}" + local _enable_keyctl="${var_keyctl:-0}" + local _enable_mknod="${var_mknod:-0}" + local _mount_fs="${var_mount_fs:-}" + local _protect_ct="${var_protection:-no}" + + # Detect host timezone for default (if not set via var_timezone) + local _host_timezone="" + if command -v timedatectl >/dev/null 2>&1; then + _host_timezone=$(timedatectl show --value --property=Timezone 2>/dev/null || echo "") + elif [ -f /etc/timezone ]; then + _host_timezone=$(cat /etc/timezone 2>/dev/null || echo "") + fi + local _ct_timezone="${var_timezone:-$_host_timezone}" # Helper to show current progress show_progress() { @@ -1498,14 +1511,17 @@ advanced_settings() { ;; # ═══════════════════════════════════════════════════════════════════════════ - # STEP 18: FUSE & Verbose Mode + # STEP 18: FUSE Support # ═══════════════════════════════════════════════════════════════════════════ 18) + local fuse_default_flag="--defaultno" + [[ "$_enable_fuse" == "yes" || "$_enable_fuse" == "1" ]] && fuse_default_flag="" + if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \ --title "FUSE SUPPORT" \ --ok-button "Next" --cancel-button "Back" \ - --defaultno \ - --yesno "\nEnable FUSE support?\n\nRequired for: rclone, mergerfs, AppImage, etc." 12 58; then + $fuse_default_flag \ + --yesno "\nEnable FUSE support?\n\nRequired for: rclone, mergerfs, AppImage, etc.\n\n(App default: ${var_fuse:-no})" 14 58; then _enable_fuse="yes" else if [ $? -eq 1 ]; then @@ -1515,30 +1531,69 @@ advanced_settings() { continue fi fi + ((STEP++)) + ;; + + # ═══════════════════════════════════════════════════════════════════════════ + # STEP 19: TUN/TAP Support + # ═══════════════════════════════════════════════════════════════════════════ + 19) + local tun_default_flag="--defaultno" + [[ "$_enable_tun" == "yes" || "$_enable_tun" == "1" ]] && tun_default_flag="" if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \ - --title "VERBOSE MODE" \ - --defaultno \ - --yesno "\nEnable Verbose Mode?\n\nShows detailed output during installation." 12 58; then - _verbose="yes" + --title "TUN/TAP SUPPORT" \ + --ok-button "Next" --cancel-button "Back" \ + $tun_default_flag \ + --yesno "\nEnable TUN/TAP device support?\n\nRequired for: VPN apps (WireGuard, OpenVPN, Tailscale),\nnetwork tunneling, and containerized networking.\n\n(App default: ${var_tun:-no})" 14 62; then + _enable_tun="yes" else - _verbose="no" + if [ $? -eq 1 ]; then + _enable_tun="no" + else + ((STEP--)) + continue + fi fi ((STEP++)) ;; # ═══════════════════════════════════════════════════════════════════════════ - # STEP 19: GPU Passthrough + # STEP 20: Nesting Support # ═══════════════════════════════════════════════════════════════════════════ - 19) - local gpu_default="OFF" - [[ "$_enable_gpu" == "yes" ]] && gpu_default="ON" + 20) + local nesting_default_flag="" + [[ "$_enable_nesting" == "0" || "$_enable_nesting" == "no" ]] && nesting_default_flag="--defaultno" + + if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \ + --title "NESTING SUPPORT" \ + --ok-button "Next" --cancel-button "Back" \ + $nesting_default_flag \ + --yesno "\nEnable Nesting?\n\nRequired for: Docker, LXC inside LXC, Podman,\nand other containerization tools.\n\n(App default: ${var_nesting:-1})" 14 58; then + _enable_nesting="1" + else + if [ $? -eq 1 ]; then + _enable_nesting="0" + else + ((STEP--)) + continue + fi + fi + ((STEP++)) + ;; + + # ═══════════════════════════════════════════════════════════════════════════ + # STEP 21: GPU Passthrough + # ═══════════════════════════════════════════════════════════════════════════ + 21) + local gpu_default_flag="--defaultno" + [[ "$_enable_gpu" == "yes" ]] && gpu_default_flag="" if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \ --title "GPU PASSTHROUGH" \ --ok-button "Next" --cancel-button "Back" \ - --defaultno \ - --yesno "\nEnable GPU Passthrough?\n\nAutomatically detects and passes through available GPUs\n(Intel/AMD/NVIDIA) for hardware acceleration.\n\nRecommended for: Media servers, AI/ML, Transcoding" 14 62; then + $gpu_default_flag \ + --yesno "\nEnable GPU Passthrough?\n\nAutomatically detects and passes through available GPUs\n(Intel/AMD/NVIDIA) for hardware acceleration.\n\nRecommended for: Media servers, AI/ML, Transcoding\n\n(App default: ${var_gpu:-no})" 16 62; then _enable_gpu="yes" else if [ $? -eq 1 ]; then @@ -1552,13 +1607,179 @@ advanced_settings() { ;; # ═══════════════════════════════════════════════════════════════════════════ - # STEP 20: Confirmation + # STEP 22: Keyctl Support (Docker/systemd) # ═══════════════════════════════════════════════════════════════════════════ - 20) + 22) + local keyctl_default_flag="--defaultno" + [[ "$_enable_keyctl" == "1" ]] && keyctl_default_flag="" + + if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \ + --title "KEYCTL SUPPORT" \ + --ok-button "Next" --cancel-button "Back" \ + $keyctl_default_flag \ + --yesno "\nEnable Keyctl support?\n\nRequired for: Docker containers, systemd-networkd,\nand kernel keyring operations.\n\nNote: Automatically enabled for unprivileged containers.\n\n(App default: ${var_keyctl:-0})" 16 62; then + _enable_keyctl="1" + else + if [ $? -eq 1 ]; then + _enable_keyctl="0" + else + ((STEP--)) + continue + fi + fi + ((STEP++)) + ;; + + # ═══════════════════════════════════════════════════════════════════════════ + # STEP 23: APT Cacher Proxy + # ═══════════════════════════════════════════════════════════════════════════ + 23) + local apt_cacher_default_flag="--defaultno" + [[ "$_apt_cacher" == "yes" ]] && apt_cacher_default_flag="" + + if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \ + --title "APT CACHER PROXY" \ + --ok-button "Next" --cancel-button "Back" \ + $apt_cacher_default_flag \ + --yesno "\nUse APT Cacher-NG proxy?\n\nSpeeds up package downloads by caching them locally.\nRequires apt-cacher-ng running on your network.\n\n(App default: ${var_apt_cacher:-no})" 14 62; then + _apt_cacher="yes" + # Ask for IP if enabled + if result=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \ + --title "APT CACHER IP" \ + --inputbox "\nEnter APT Cacher-NG server IP address:" 10 58 "$_apt_cacher_ip" \ + 3>&1 1>&2 2>&3); then + _apt_cacher_ip="$result" + fi + else + if [ $? -eq 1 ]; then + _apt_cacher="no" + _apt_cacher_ip="" + else + ((STEP--)) + continue + fi + fi + ((STEP++)) + ;; + + # ═══════════════════════════════════════════════════════════════════════════ + # STEP 24: Container Timezone + # ═══════════════════════════════════════════════════════════════════════════ + 24) + local tz_hint="$_ct_timezone" + [[ -z "$tz_hint" ]] && tz_hint="(empty - will use host timezone)" + + if result=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \ + --title "CONTAINER TIMEZONE" \ + --ok-button "Next" --cancel-button "Back" \ + --inputbox "\nSet container timezone.\n\nExamples: Europe/Berlin, America/New_York, Asia/Tokyo\n\nHost timezone: ${_host_timezone:-unknown}\n\nLeave empty to inherit from host." 16 62 "$_ct_timezone" \ + 3>&1 1>&2 2>&3); then + _ct_timezone="$result" + ((STEP++)) + else + ((STEP--)) + fi + ;; + + # ═══════════════════════════════════════════════════════════════════════════ + # STEP 25: Container Protection + # ═══════════════════════════════════════════════════════════════════════════ + 25) + local protect_default_flag="--defaultno" + [[ "$_protect_ct" == "yes" || "$_protect_ct" == "1" ]] && protect_default_flag="" + + if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \ + --title "CONTAINER PROTECTION" \ + --ok-button "Next" --cancel-button "Back" \ + $protect_default_flag \ + --yesno "\nEnable Container Protection?\n\nPrevents accidental deletion of this container.\nYou must disable protection before removing.\n\n(App default: ${var_protection:-no})" 14 62; then + _protect_ct="yes" + else + if [ $? -eq 1 ]; then + _protect_ct="no" + else + ((STEP--)) + continue + fi + fi + ((STEP++)) + ;; + + # ═══════════════════════════════════════════════════════════════════════════ + # STEP 26: Device Node Creation (mknod) + # ═══════════════════════════════════════════════════════════════════════════ + 26) + local mknod_default_flag="--defaultno" + [[ "$_enable_mknod" == "1" ]] && mknod_default_flag="" + + if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \ + --title "DEVICE NODE CREATION" \ + --ok-button "Next" --cancel-button "Back" \ + $mknod_default_flag \ + --yesno "\nAllow device node creation (mknod)?\n\nRequired for: Creating device files inside container.\nExperimental feature (requires kernel 5.3+).\n\n(App default: ${var_mknod:-0})" 14 62; then + _enable_mknod="1" + else + if [ $? -eq 1 ]; then + _enable_mknod="0" + else + ((STEP--)) + continue + fi + fi + ((STEP++)) + ;; + + # ═══════════════════════════════════════════════════════════════════════════ + # STEP 27: Mount Filesystems + # ═══════════════════════════════════════════════════════════════════════════ + 27) + local mount_hint="" + [[ -n "$_mount_fs" ]] && mount_hint="$_mount_fs" || mount_hint="(none)" + + if result=$(whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \ + --title "MOUNT FILESYSTEMS" \ + --ok-button "Next" --cancel-button "Back" \ + --inputbox "\nAllow specific filesystem mounts.\n\nComma-separated list: nfs, cifs, fuse, ext4, etc.\nLeave empty for defaults (none).\n\nCurrent: $mount_hint" 14 62 "$_mount_fs" \ + 3>&1 1>&2 2>&3); then + _mount_fs="$result" + ((STEP++)) + else + ((STEP--)) + fi + ;; + + # ═══════════════════════════════════════════════════════════════════════════ + # STEP 28: Verbose Mode & Confirmation + # ═══════════════════════════════════════════════════════════════════════════ + 28) + local verbose_default_flag="--defaultno" + [[ "$_verbose" == "yes" ]] && verbose_default_flag="" + + if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \ + --title "VERBOSE MODE" \ + $verbose_default_flag \ + --yesno "\nEnable Verbose Mode?\n\nShows detailed output during installation." 12 58; then + _verbose="yes" + else + _verbose="no" + fi # Build summary local ct_type_desc="Unprivileged" [[ "$_ct_type" == "0" ]] && ct_type_desc="Privileged" + local nesting_desc="Disabled" + [[ "$_enable_nesting" == "1" ]] && nesting_desc="Enabled" + + local keyctl_desc="Disabled" + [[ "$_enable_keyctl" == "1" ]] && keyctl_desc="Enabled" + + local protect_desc="No" + [[ "$_protect_ct" == "yes" || "$_protect_ct" == "1" ]] && protect_desc="Yes" + + local tz_display="${_ct_timezone:-Host TZ}" + local apt_display="${_apt_cacher:-no}" + [[ "$_apt_cacher" == "yes" && -n "$_apt_cacher_ip" ]] && apt_display="$_apt_cacher_ip" + local summary="Container Type: $ct_type_desc Container ID: $_ct_id Hostname: $_hostname @@ -1573,15 +1794,20 @@ Network: IPv4: $_net IPv6: $_ipv6_method -Options: - FUSE: $_enable_fuse - GPU Passthrough: $_enable_gpu +Features: + FUSE: $_enable_fuse | TUN: $_enable_tun + Nesting: $nesting_desc | Keyctl: $keyctl_desc + GPU: $_enable_gpu | Protection: $protect_desc + +Advanced: + Timezone: $tz_display + APT Cacher: $apt_display Verbose: $_verbose" if whiptail --backtitle "Proxmox VE Helper Scripts [Step $STEP/$MAX_STEP]" \ --title "CONFIRM SETTINGS" \ --ok-button "Create LXC" --cancel-button "Back" \ - --yesno "$summary\n\nCreate ${APP} LXC with these settings?" 28 58; then + --yesno "$summary\n\nCreate ${APP} LXC with these settings?" 32 62; then ((STEP++)) else ((STEP--)) @@ -1608,11 +1834,30 @@ Options: IPV6_GATE="$_ipv6_gate" TAGS="$_tags" ENABLE_FUSE="$_enable_fuse" + ENABLE_TUN="$_enable_tun" ENABLE_GPU="$_enable_gpu" + ENABLE_NESTING="$_enable_nesting" + ENABLE_KEYCTL="$_enable_keyctl" + ENABLE_MKNOD="$_enable_mknod" + ALLOW_MOUNT_FS="$_mount_fs" + PROTECT_CT="$_protect_ct" + CT_TIMEZONE="$_ct_timezone" + APT_CACHER="$_apt_cacher" + APT_CACHER_IP="$_apt_cacher_ip" VERBOSE="$_verbose" - # Update var_gpu based on user choice (for is_gpu_app function) + # Update var_* based on user choice (for functions that check these) var_gpu="$_enable_gpu" + var_fuse="$_enable_fuse" + var_tun="$_enable_tun" + var_nesting="$_enable_nesting" + var_keyctl="$_enable_keyctl" + var_mknod="$_enable_mknod" + var_mount_fs="$_mount_fs" + var_protection="$_protect_ct" + var_timezone="$_ct_timezone" + var_apt_cacher="$_apt_cacher" + var_apt_cacher_ip="$_apt_cacher_ip" # Format optional values [[ -n "$_mtu" ]] && MTU=",mtu=$_mtu" || MTU="" @@ -1648,7 +1893,13 @@ Options: echo -e "${NETWORK}${BOLD}${DGN}IPv4: ${BGN}$NET${CL}" echo -e "${NETWORK}${BOLD}${DGN}IPv6: ${BGN}$IPV6_METHOD${CL}" echo -e "${FUSE}${BOLD}${DGN}FUSE Support: ${BGN}$ENABLE_FUSE${CL}" + [[ "$ENABLE_TUN" == "yes" ]] && echo -e "${NETWORK}${BOLD}${DGN}TUN/TAP Support: ${BGN}$ENABLE_TUN${CL}" + echo -e "${CONTAINERTYPE}${BOLD}${DGN}Nesting: ${BGN}$([ "$ENABLE_NESTING" == "1" ] && echo "Enabled" || echo "Disabled")${CL}" + [[ "$ENABLE_KEYCTL" == "1" ]] && echo -e "${CONTAINERTYPE}${BOLD}${DGN}Keyctl: ${BGN}Enabled${CL}" echo -e "${GPU}${BOLD}${DGN}GPU Passthrough: ${BGN}$ENABLE_GPU${CL}" + [[ "$PROTECT_CT" == "yes" || "$PROTECT_CT" == "1" ]] && echo -e "${CONTAINERTYPE}${BOLD}${DGN}Protection: ${BGN}Enabled${CL}" + [[ -n "$CT_TIMEZONE" ]] && echo -e "${INFO}${BOLD}${DGN}Timezone: ${BGN}$CT_TIMEZONE${CL}" + [[ "$APT_CACHER" == "yes" ]] && echo -e "${INFO}${BOLD}${DGN}APT Cacher: ${BGN}$APT_CACHER_IP${CL}" echo -e "${SEARCH}${BOLD}${DGN}Verbose Mode: ${BGN}$VERBOSE${CL}" echo -e "${CREATING}${BOLD}${RD}Creating a ${APP} LXC using the above advanced settings${CL}" } @@ -2317,15 +2568,23 @@ build_container() { none) ;; esac - # Build FEATURES string - if [ "$CT_TYPE" == "1" ]; then - FEATURES="keyctl=1,nesting=1" - else + # Build FEATURES string based on container type and user choices + FEATURES="" + + # Nesting support (user configurable, default enabled) + if [ "${ENABLE_NESTING:-1}" == "1" ]; then FEATURES="nesting=1" fi + # Keyctl for unprivileged containers (needed for Docker) + if [ "$CT_TYPE" == "1" ]; then + [ -n "$FEATURES" ] && FEATURES="$FEATURES," + FEATURES="${FEATURES}keyctl=1" + fi + if [ "$ENABLE_FUSE" == "yes" ]; then - FEATURES="$FEATURES,fuse=1" + [ -n "$FEATURES" ] && FEATURES="$FEATURES," + FEATURES="${FEATURES}fuse=1" fi # Build PCT_OPTIONS as string for export