From b45b63c7c6f8144293bda373a98d333f1dc431dc Mon Sep 17 00:00:00 2001
From: pshankinclarke <parkerwsc1@gmail.com>
Date: Mon, 8 Dec 2025 16:14:48 -0800
Subject: [PATCH 1/4] add optional tls to installer

---
 install/valkey-install.sh | 45 ++++++++++++++++++++++++++++++++++++++-
 1 file changed, 44 insertions(+), 1 deletion(-)

diff --git a/install/valkey-install.sh b/install/valkey-install.sh
index d855eac5bb7..22714e305fe 100644
--- a/install/valkey-install.sh
+++ b/install/valkey-install.sh
@@ -32,10 +32,53 @@ echo "# Memory-optimized settings for small-scale deployments" >> /etc/valkey/va
 echo "maxmemory ${MAXMEMORY_MB}mb" >> /etc/valkey/valkey.conf
 echo "maxmemory-policy allkeys-lru" >> /etc/valkey/valkey.conf
 echo "maxmemory-samples 10" >> /etc/valkey/valkey.conf
+msg_ok "Installed Valkey"
+
+read -r -p "${TAB3}Would you like to enable TLS for Valkey (Note: sentinel mode does not support TLS)? [y/N]: " prompt
+if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
+    read -r -p "${TAB3}Would you like Valkey to listen only on TLS (disable TCP port 6379)? [y/N]: " tls_only
+    msg_info "Configuring TLS for Valkey..."
+    TLS_DIR="/etc/valkey/tls"
+    mkdir -p "$TLS_DIR"
+    chown valkey:valkey "$TLS_DIR"
+    chmod 750 "$TLS_DIR"
+
+    openssl req -x509 -nodes -newkey rsa:2048 -days 3650 \
+      -subj "/CN=$(hostname)" \
+      -keyout "$TLS_DIR/valkey.key" \
+      -out "$TLS_DIR/valkey.crt" \
+      >/dev/null 2>&1
+
+    chown valkey:valkey "$TLS_DIR"/valkey.{crt,key}
+    chmod 640 "$TLS_DIR/valkey.crt"
+    chmod 600 "$TLS_DIR/valkey.key"
+
+    if [[ ${tls_only,,} =~ ^(y|yes)$ ]]; then
+    {
+      echo ""
+      echo "# TLS configuration generated by Proxmox VE Valkey helper-script"
+      echo "port 0"
+      echo "tls-port 6379"
+      echo "tls-cert-file $TLS_DIR/valkey.crt"
+      echo "tls-key-file $TLS_DIR/valkey.key"
+      echo "tls-auth-clients no"
+    } >> /etc/valkey/valkey.conf
+    msg_ok "Enabled TLS-only mode on port 6379"
+    else
+    {
+      echo ""
+      echo "# TLS configuration generated by Proxmox VE Valkey helper-script"
+      echo "tls-port 6380"
+      echo "tls-cert-file $TLS_DIR/valkey.crt"
+      echo "tls-key-file $TLS_DIR/valkey.key"
+      echo "tls-auth-clients no"
+    } >> /etc/valkey/valkey.conf
+    msg_ok "Enabled TLS on port 6380 and TCP on 6379"
+    fi
+fi
 
 systemctl enable -q --now valkey-server
 systemctl restart valkey-server
-msg_ok "Installed Valkey"
 
 motd_ssh
 customize

From dfe42bd003a58fea11508ecf261a13fe2a744976 Mon Sep 17 00:00:00 2001
From: pshankinclarke <parkerwsc1@gmail.com>
Date: Tue, 9 Dec 2025 14:36:47 -0800
Subject: [PATCH 2/4] test tls w/ create_self_signed

---
 ct/valkey.sh              |  2 +-
 install/valkey-install.sh | 18 +++++-------------
 misc/build.func           | 22 +++++++++++-----------
 misc/install.func         |  8 ++++----
 4 files changed, 21 insertions(+), 29 deletions(-)

diff --git a/ct/valkey.sh b/ct/valkey.sh
index 2c1506e9c31..58eb28928a2 100644
--- a/ct/valkey.sh
+++ b/ct/valkey.sh
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
+source <(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/build.func)
 # Copyright (c) 2021-2025 community-scripts ORG
 # Author: pshankinclarke (lazarillo)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
diff --git a/install/valkey-install.sh b/install/valkey-install.sh
index 22714e305fe..f860027ba02 100644
--- a/install/valkey-install.sh
+++ b/install/valkey-install.sh
@@ -38,20 +38,12 @@ read -r -p "${TAB3}Would you like to enable TLS for Valkey (Note: sentinel mode
 if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
     read -r -p "${TAB3}Would you like Valkey to listen only on TLS (disable TCP port 6379)? [y/N]: " tls_only
     msg_info "Configuring TLS for Valkey..."
-    TLS_DIR="/etc/valkey/tls"
-    mkdir -p "$TLS_DIR"
-    chown valkey:valkey "$TLS_DIR"
-    chmod 750 "$TLS_DIR"
 
-    openssl req -x509 -nodes -newkey rsa:2048 -days 3650 \
-      -subj "/CN=$(hostname)" \
-      -keyout "$TLS_DIR/valkey.key" \
-      -out "$TLS_DIR/valkey.crt" \
-      >/dev/null 2>&1
-
-    chown valkey:valkey "$TLS_DIR"/valkey.{crt,key}
-    chmod 640 "$TLS_DIR/valkey.crt"
-    chmod 600 "$TLS_DIR/valkey.key"
+    create_self_signed_cert "Valkey"
+    TLS_DIR="/etc/ssl/valkey"
+    TLS_CERT="$TLS_DIR/valkey.crt"
+    TLS_KEY="$TLS_DIR/valkey.key"
+    chown valkey:valkey "$TLS_CERT" "$TLS_KEY"
 
     if [[ ${tls_only,,} =~ ^(y|yes)$ ]]; then
     {
diff --git a/misc/build.func b/misc/build.func
index ce024eeac0b..c7b726b659d 100644
--- a/misc/build.func
+++ b/misc/build.func
@@ -80,16 +80,16 @@ variables() {
   fi
 }
 
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/api.func)
+source <(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/api.func)
 
 if command -v curl >/dev/null 2>&1; then
-  source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/core.func)
-  source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/error_handler.func)
+  source <(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/core.func)
+  source <(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/error_handler.func)
   load_functions
   catch_errors
 elif command -v wget >/dev/null 2>&1; then
-  source <(wget -qO- https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/core.func)
-  source <(wget -qO- https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/error_handler.func)
+  source <(wget -qO- https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/core.func)
+  source <(wget -qO- https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/error_handler.func)
   load_functions
   catch_errors
 fi
@@ -2214,7 +2214,7 @@ configure_ssh_settings() {
 # - Otherwise: shows update/setting menu
 # ------------------------------------------------------------------------------
 start() {
-  source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/tools.func)
+  source <(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/tools.func)
   if command -v pveversion >/dev/null 2>&1; then
     install_script || return 0
     return 0
@@ -2332,9 +2332,9 @@ build_container() {
   TEMP_DIR=$(mktemp -d)
   pushd "$TEMP_DIR" >/dev/null
   if [ "$var_os" == "alpine" ]; then
-    export FUNCTIONS_FILE_PATH="$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/alpine-install.func)"
+    export FUNCTIONS_FILE_PATH="$(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/alpine-install.func)"
   else
-    export FUNCTIONS_FILE_PATH="$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/install.func)"
+    export FUNCTIONS_FILE_PATH="$(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/install.func)"
   fi
 
   # Core exports for install.func
@@ -2782,7 +2782,7 @@ EOF'
   set +Eeuo pipefail # Disable ALL error handling temporarily
   trap - ERR         # Remove ERR trap completely
 
-  lxc-attach -n "$CTID" -- bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/install/${var_install}.sh)"
+  lxc-attach -n "$CTID" -- bash -c "$(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/install/${var_install}.sh)"
   local lxc_exit=$?
 
   set -Eeuo pipefail       # Re-enable error handling
@@ -2866,7 +2866,7 @@ EOF'
         if [[ "${DEV_MODE_MOTD:-false}" == "true" ]]; then
           echo -e "${TAB}${HOLD}${DGN}Setting up MOTD and SSH for debugging...${CL}"
           if pct exec "$CTID" -- bash -c "
-            source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/install.func)
+            source <(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/install.func)
             declare -f motd_ssh >/dev/null 2>&1 && motd_ssh || true
           " >/dev/null 2>&1; then
             local ct_ip=$(pct exec "$CTID" ip a s dev eth0 2>/dev/null | awk '/inet / {print $2}' | cut -d/ -f1)
@@ -3738,7 +3738,7 @@ description() {
     cat <<EOF
 <div align='center'>
   <a href='https://Helper-Scripts.com' target='_blank' rel='noopener noreferrer'>
-    <img src='https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/images/logo-81x112.png' alt='Logo' style='width:81px;height:112px;'/>
+    <img src='https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/images/logo-81x112.png' alt='Logo' style='width:81px;height:112px;'/>
   </a>
 
   <h2 style='font-size: 24px; margin: 20px 0;'>${APP} LXC</h2>
diff --git a/misc/install.func b/misc/install.func
index c9b4910ba2e..3b2609dedbc 100644
--- a/misc/install.func
+++ b/misc/install.func
@@ -32,8 +32,8 @@ if ! command -v curl >/dev/null 2>&1; then
   apt update >/dev/null 2>&1
   apt install -y curl >/dev/null 2>&1
 fi
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/core.func)
-source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/error_handler.func)
+source <(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/core.func)
+source <(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/error_handler.func)
 load_functions
 catch_errors
 
@@ -197,7 +197,7 @@ EOF
   rm -rf /usr/lib/python3.*/EXTERNALLY-MANAGED
   msg_ok "Updated Container OS"
 
-  source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/tools.func)
+  source <(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/tools.func)
 }
 
 # ==============================================================================
@@ -267,7 +267,7 @@ EOF
     systemctl restart $(basename $(dirname $GETTY_OVERRIDE) | sed 's/\.d//')
     msg_ok "Customized Container"
   fi
-  echo "bash -c \"\$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/${app}.sh)\"" >/usr/bin/update
+  echo "bash -c \"\$(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/ct/${app}.sh)\"" >/usr/bin/update
   chmod +x /usr/bin/update
 
   if [[ -n "${SSH_AUTHORIZED_KEY}" ]]; then

From 41ad28d1d079e7471250a65fed151bd13ec58b5a Mon Sep 17 00:00:00 2001
From: pshankinclarke <parkerwsc1@gmail.com>
Date: Tue, 9 Dec 2025 14:47:16 -0800
Subject: [PATCH 3/4] improve prompting

---
 install/valkey-install.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/install/valkey-install.sh b/install/valkey-install.sh
index f860027ba02..dd170e2f74a 100644
--- a/install/valkey-install.sh
+++ b/install/valkey-install.sh
@@ -34,9 +34,10 @@ echo "maxmemory-policy allkeys-lru" >> /etc/valkey/valkey.conf
 echo "maxmemory-samples 10" >> /etc/valkey/valkey.conf
 msg_ok "Installed Valkey"
 
-read -r -p "${TAB3}Would you like to enable TLS for Valkey (Note: sentinel mode does not support TLS)? [y/N]: " prompt
+echo
+read -r -p "${TAB3}Enable TLS for Valkey (Sentinel mode does not supported)? [y/N]: " prompt
 if [[ ${prompt,,} =~ ^(y|yes)$ ]]; then
-    read -r -p "${TAB3}Would you like Valkey to listen only on TLS (disable TCP port 6379)? [y/N]: " tls_only
+    read -r -p "${TAB3}Use TLS-only mode (disable TCP port 6379)? [y/N]: " tls_only
     msg_info "Configuring TLS for Valkey..."
 
     create_self_signed_cert "Valkey"

From 92a42f98364847c5db826750e95a48e980079608 Mon Sep 17 00:00:00 2001
From: pshankinclarke <parkerwsc1@gmail.com>
Date: Tue, 9 Dec 2025 15:00:27 -0800
Subject: [PATCH 4/4] revert urls to upstream

---
 ct/valkey.sh      |  2 +-
 misc/build.func   | 22 +++++++++++-----------
 misc/install.func |  8 ++++----
 3 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/ct/valkey.sh b/ct/valkey.sh
index 58eb28928a2..2c1506e9c31 100644
--- a/ct/valkey.sh
+++ b/ct/valkey.sh
@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-source <(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/build.func)
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/build.func)
 # Copyright (c) 2021-2025 community-scripts ORG
 # Author: pshankinclarke (lazarillo)
 # License: MIT | https://github.com/community-scripts/ProxmoxVE/raw/main/LICENSE
diff --git a/misc/build.func b/misc/build.func
index c7b726b659d..ce024eeac0b 100644
--- a/misc/build.func
+++ b/misc/build.func
@@ -80,16 +80,16 @@ variables() {
   fi
 }
 
-source <(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/api.func)
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/api.func)
 
 if command -v curl >/dev/null 2>&1; then
-  source <(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/core.func)
-  source <(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/error_handler.func)
+  source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/core.func)
+  source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/error_handler.func)
   load_functions
   catch_errors
 elif command -v wget >/dev/null 2>&1; then
-  source <(wget -qO- https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/core.func)
-  source <(wget -qO- https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/error_handler.func)
+  source <(wget -qO- https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/core.func)
+  source <(wget -qO- https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/error_handler.func)
   load_functions
   catch_errors
 fi
@@ -2214,7 +2214,7 @@ configure_ssh_settings() {
 # - Otherwise: shows update/setting menu
 # ------------------------------------------------------------------------------
 start() {
-  source <(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/tools.func)
+  source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/tools.func)
   if command -v pveversion >/dev/null 2>&1; then
     install_script || return 0
     return 0
@@ -2332,9 +2332,9 @@ build_container() {
   TEMP_DIR=$(mktemp -d)
   pushd "$TEMP_DIR" >/dev/null
   if [ "$var_os" == "alpine" ]; then
-    export FUNCTIONS_FILE_PATH="$(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/alpine-install.func)"
+    export FUNCTIONS_FILE_PATH="$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/alpine-install.func)"
   else
-    export FUNCTIONS_FILE_PATH="$(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/install.func)"
+    export FUNCTIONS_FILE_PATH="$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/install.func)"
   fi
 
   # Core exports for install.func
@@ -2782,7 +2782,7 @@ EOF'
   set +Eeuo pipefail # Disable ALL error handling temporarily
   trap - ERR         # Remove ERR trap completely
 
-  lxc-attach -n "$CTID" -- bash -c "$(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/install/${var_install}.sh)"
+  lxc-attach -n "$CTID" -- bash -c "$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/install/${var_install}.sh)"
   local lxc_exit=$?
 
   set -Eeuo pipefail       # Re-enable error handling
@@ -2866,7 +2866,7 @@ EOF'
         if [[ "${DEV_MODE_MOTD:-false}" == "true" ]]; then
           echo -e "${TAB}${HOLD}${DGN}Setting up MOTD and SSH for debugging...${CL}"
           if pct exec "$CTID" -- bash -c "
-            source <(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/install.func)
+            source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/install.func)
             declare -f motd_ssh >/dev/null 2>&1 && motd_ssh || true
           " >/dev/null 2>&1; then
             local ct_ip=$(pct exec "$CTID" ip a s dev eth0 2>/dev/null | awk '/inet / {print $2}' | cut -d/ -f1)
@@ -3738,7 +3738,7 @@ description() {
     cat <<EOF
 <div align='center'>
   <a href='https://Helper-Scripts.com' target='_blank' rel='noopener noreferrer'>
-    <img src='https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/images/logo-81x112.png' alt='Logo' style='width:81px;height:112px;'/>
+    <img src='https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/images/logo-81x112.png' alt='Logo' style='width:81px;height:112px;'/>
   </a>
 
   <h2 style='font-size: 24px; margin: 20px 0;'>${APP} LXC</h2>
diff --git a/misc/install.func b/misc/install.func
index 3b2609dedbc..c9b4910ba2e 100644
--- a/misc/install.func
+++ b/misc/install.func
@@ -32,8 +32,8 @@ if ! command -v curl >/dev/null 2>&1; then
   apt update >/dev/null 2>&1
   apt install -y curl >/dev/null 2>&1
 fi
-source <(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/core.func)
-source <(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/error_handler.func)
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/core.func)
+source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/error_handler.func)
 load_functions
 catch_errors
 
@@ -197,7 +197,7 @@ EOF
   rm -rf /usr/lib/python3.*/EXTERNALLY-MANAGED
   msg_ok "Updated Container OS"
 
-  source <(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/misc/tools.func)
+  source <(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/tools.func)
 }
 
 # ==============================================================================
@@ -267,7 +267,7 @@ EOF
     systemctl restart $(basename $(dirname $GETTY_OVERRIDE) | sed 's/\.d//')
     msg_ok "Customized Container"
   fi
-  echo "bash -c \"\$(curl -fsSL https://raw.githubusercontent.com/pshankinclarke/ProxmoxVE/refs/heads/valkey-tls/ct/${app}.sh)\"" >/usr/bin/update
+  echo "bash -c \"\$(curl -fsSL https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/ct/${app}.sh)\"" >/usr/bin/update
   chmod +x /usr/bin/update
 
   if [[ -n "${SSH_AUTHORIZED_KEY}" ]]; then