From 1e559cbb22356bbb394db90bdb2d7993c61acf11 Mon Sep 17 00:00:00 2001
From: Bram Prieshof <bram@bprieshof.nl>
Date: Tue, 21 Oct 2025 23:13:46 +0200
Subject: [PATCH 1/6] Bumped Debian Version 12 (bookworm)>13 (trixie) - Added
 automatic `apt modernize-sources`

---
 CT-Build/Debian.yaml | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/CT-Build/Debian.yaml b/CT-Build/Debian.yaml
index e73c302..5766eb0 100644
--- a/CT-Build/Debian.yaml
+++ b/CT-Build/Debian.yaml
@@ -1,6 +1,6 @@
 image:
   distribution: "debian"
-  release: "bookworm"
+  release: "trixie"
 
 source:
   downloader: debootstrap
@@ -1678,6 +1678,13 @@ actions:
     systemctl mask systemd-networkd.socket
     systemctl mask systemd-networkd-wait-online.service
 
+    # Disable unwanted mounts
+    systemctl mask dev-mqueue.mount
+    systemctl mask run-lock.mount 
+    systemctl mask sys-kernel-config.mount 
+    systemctl mask sys-kernel-debug.mount 
+    systemctl mask tmp.mount
+
     # Make sure the locale is built and functional
     echo en_US.UTF-8 UTF-8 >> /etc/locale.gen
     locale-gen en_US.UTF-8 UTF-8
@@ -1741,6 +1748,14 @@ actions:
       mv /opt/Setup/Scripts/PTKAppUpdate.sh /opt/ProxMoxToolKitAppUpdate.sh
     fi
 
+#Modernize apt sources
+- trigger: post-files
+  action: |-
+    #!/bin/sh
+    apt modernize-sources -y
+    rm -f /etc/apt/sources.list.bak
+    rm -f /etc/apt/sources.list.d/*.bak
+
 #Setup jenkins user for node CT
 - trigger: post-packages
   action: |-

From 9e8acf81447fd35bebc85030a720b8dd8a602d6b Mon Sep 17 00:00:00 2001
From: Bram Prieshof <bram@bprieshof.nl>
Date: Sat, 25 Oct 2025 19:01:24 +0200
Subject: [PATCH 2/6] CT Duplicati & Jellyfin: Fixes for upgrade to Debian 13 -
 Duplicati: Fixed curl commands  and  migrated install to deb package -
 Jellyfin: Install failed due to 'missing'  libjemalloc,  this  will now be
 installed earlier in the process

---
 CT-Build/Debian.yaml                          | 37 ++++++-------------
 CT-Files/duplicati/Configs/Duplicati-env      |  1 +
 CT-Files/duplicati/Configs/duplicati.service  | 13 -------
 CT-Files/duplicati/Scripts/FirstRun.sh        |  6 +++
 CT-Files/duplicati/Scripts/Init.sh            | 26 +++++--------
 CT-Files/duplicati/Scripts/PTKAppUpdate.sh    |  2 +-
 CT-Files/duplicati/Scripts/UpdateDuplicati.sh | 20 ----------
 Readme.md                                     |  3 +-
 8 files changed, 31 insertions(+), 77 deletions(-)
 delete mode 100644 CT-Files/duplicati/Configs/duplicati.service
 create mode 100644 CT-Files/duplicati/Scripts/FirstRun.sh
 delete mode 100644 CT-Files/duplicati/Scripts/UpdateDuplicati.sh

diff --git a/CT-Build/Debian.yaml b/CT-Build/Debian.yaml
index 5766eb0..e541c26 100644
--- a/CT-Build/Debian.yaml
+++ b/CT-Build/Debian.yaml
@@ -1377,6 +1377,15 @@ packages:
     - collabora
 
 #jellyfin pkgs    
+  - packages:
+    - libjemalloc2
+    action: install
+    early: true
+    variants:
+    - jellyfin
+
+
+#jellyfin pkgs (part2)   
   - packages:
     - jellyfin
     action: install
@@ -1430,7 +1439,7 @@ packages:
     - cron 
     - avahi-daemon
     - avahi-utils
-    - wsdd
+    - wsdd2
     action: install
     variants:
     - smb
@@ -1495,31 +1504,7 @@ packages:
 
 #Duplicati pkgs
   - packages:
-    - unzip
-    - libsqlite3-0
-    - mono-devel
-    ##  netstandard.dll is newer versions of duplicatie and only incuded in mono-devel, wich satisfy all other mono dependencies,exept libmono-2.0-1
-    #- mono-runtime
-    #- ca-certificates-mono
-    - libmono-2.0-1
-    #- libmono-system-configuration-install4.0-cil
-    #- libmono-system-core4.0-cil
-    #- libmono-system-configuration4.0-cil
-    #- libmono-system-data4.0-cil
-    #- libmono-system-drawing4.0-cil
-    #- libmono-system-net4.0-cil
-    #- libmono-system-net-http4.0-cil
-    #- libmono-system-net-http-webrequest4.0-cil
-    #- libmono-system-numerics4.0-cil
-    #- libmono-system-runtime-serialization4.0-cil
-    #- libmono-system-servicemodel4.0a-cil
-    #- libmono-system-servicemodel-discovery4.0-cil
-    #- libmono-system-serviceprocess4.0-cil
-    #- libmono-system-transactions4.0-cil
-    #- libmono-system-web4.0-cil
-    #- libmono-system-web-services4.0-cil
-    #- libmono-system-xml4.0-cil
-    #- libmono-microsoft-csharp4.0-cil
+    - libicu76
     action: install
     variants:
     - duplicati
diff --git a/CT-Files/duplicati/Configs/Duplicati-env b/CT-Files/duplicati/Configs/Duplicati-env
index cbdc6f2..dfe3afb 100644
--- a/CT-Files/duplicati/Configs/Duplicati-env
+++ b/CT-Files/duplicati/Configs/Duplicati-env
@@ -2,3 +2,4 @@
 
 # Additional options that are passed to the Daemon.
 DAEMON_OPTS="--webservice-interface=any  --accept-any-ssl-certificate"
+USAGEREPORTER_Duplicati_LEVEL=none
diff --git a/CT-Files/duplicati/Configs/duplicati.service b/CT-Files/duplicati/Configs/duplicati.service
deleted file mode 100644
index e0e1e0a..0000000
--- a/CT-Files/duplicati/Configs/duplicati.service
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=Duplicati web-server
-After=network.target
-
-[Service]
-Nice=19
-IOSchedulingClass=idle
-EnvironmentFile=-/etc/default/duplicati
-ExecStart=/usr/bin/mono /opt/duplicati/Duplicati.Server.exe $DAEMON_OPTS
-Restart=always
-
-[Install]
-WantedBy=multi-user.target
\ No newline at end of file
diff --git a/CT-Files/duplicati/Scripts/FirstRun.sh b/CT-Files/duplicati/Scripts/FirstRun.sh
new file mode 100644
index 0000000..d286ad0
--- /dev/null
+++ b/CT-Files/duplicati/Scripts/FirstRun.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+duplicati-server-util --server-datafolder /var/lib/Duplicati change-password
+systemctl stop duplicati
+echo "SETTINGS_ENCRYPTION_KEY=\"$(openssl rand -hex 32)\"" >> /etc/default/duplicati
+systemctl daemon-reload
+systemctl start duplicati
diff --git a/CT-Files/duplicati/Scripts/Init.sh b/CT-Files/duplicati/Scripts/Init.sh
index 368ed9a..e40f532 100644
--- a/CT-Files/duplicati/Scripts/Init.sh
+++ b/CT-Files/duplicati/Scripts/Init.sh
@@ -1,25 +1,19 @@
 #!/bin/bash
-#Get Resources
-##Duplicate get latest (Working with mono-devel )
-CurrentVersion=$(curl -s https://api.github.com/repos/duplicati/duplicati/releases | grep 'tag_name.*' |  grep 'beta' | cut -d : -f 2,3 | tr -d \" |tr -d , |tr -d " "  |tr -d : |head -n 1)
-##Duplicati get older version (Working with only the runtime installed)
-#CurrentVersion="v2.0.5.1-2.0.5.1_beta_2020-01-18"
-echo $CurrentVersion > /opt/Duplicati-installed
-curl -L --retry 7 --retry-delay 5 $(curl -s https://api.github.com/repos/duplicati/duplicati/releases/tags/"$CurrentVersion" | grep browser_download_url | grep .zip |grep -v signatures | sed -e s#^.*https#https# | tr -d \") -o /opt/Setup/duplicati.zip || exit 1
 
+#Get Resources
+##Stable release  (Does not support debian 13 du tue libICU)
+#CurrentVersion=$(curl -s https://api.github.com/repos/duplicati/duplicati/releases/latest | grep 'tag_name.*' | cut -d : -f 2,3 | tr -d \" |tr -d , |tr -d " " |tr -d :)
+##Beta  version
+CurrentVersion=$(curl -s https://api.github.com/repos/duplicati/duplicati/releases | grep 'tag_name.*' |  grep 'beta' | cut -d : -f 2,3 | tr -d \" |tr -d , |tr -d " "  |tr -d : |head -n 1)
+
+curl -L --retry 7 --retry-delay 5 "https://github.com/duplicati/duplicati/releases/download/$CurrentVersion/duplicati-${CurrentVersion:1}-linux-x64-cli.deb"  -o /opt/Setup/duplicati.deb || exit 1
 #Extract duplicati
-unzip  /opt/Setup/duplicati.zip -d /opt/duplicati
+apt install -y /opt/Setup/duplicati.deb
 #Remove Archive
-rm /opt/Setup/duplicati.zip
+rm /opt/Setup/duplicati.deb
 #Install updates-cript
 mv /opt/Setup/Scripts/UpdateDuplicati.sh /opt/UpdateDuplicati.sh
 #Move configuration inplace
-mv /opt/Setup/duplicati-installed /opt/Duplicati-installed
 mv /opt/Setup/Configs/Duplicati-env /etc/default/duplicati
-#Installing and enabling service
-mv /opt/Setup/Configs/duplicati.service /lib/systemd/system/duplicati.service
-chmod +x /lib/systemd/system/duplicati.service
+#Enabling service
 ln -s /lib/systemd/system/duplicati.service /etc/systemd/system/multi-user.target.wants/duplicati.service
-#Fix SSL sert
-/usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt
-update-ca-certificates
\ No newline at end of file
diff --git a/CT-Files/duplicati/Scripts/PTKAppUpdate.sh b/CT-Files/duplicati/Scripts/PTKAppUpdate.sh
index 7c94800..85a8abd 100644
--- a/CT-Files/duplicati/Scripts/PTKAppUpdate.sh
+++ b/CT-Files/duplicati/Scripts/PTKAppUpdate.sh
@@ -1,3 +1,3 @@
 #!/bin/sh
 # Update script for updating apps with ProxmoxHelper/ProxMoxToolKit
-bash /opt/UpdateDuplicati.sh
\ No newline at end of file
+/usr/bin/duplicati-autoupdater DOWNLOAD
\ No newline at end of file
diff --git a/CT-Files/duplicati/Scripts/UpdateDuplicati.sh b/CT-Files/duplicati/Scripts/UpdateDuplicati.sh
deleted file mode 100644
index ce66744..0000000
--- a/CT-Files/duplicati/Scripts/UpdateDuplicati.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/bash
-#Get latest vesion
-NewDuplicatiVer=$(curl -s https://api.github.com/repos/duplicati/duplicati/releases | grep 'tag_name.*' |  grep 'beta' | cut -d : -f 2,3 | tr -d \" |tr -d , |tr -d " " |tr -d : |head -n 1)
-
-#Compare versions to check for update
-if [ "$NewDuplicatiVer" = "$(cat /opt/Duplicati-installed)" ] ; then
-    echo 'Duplicati up-to-date'
-    exit
-else
-    echo "Updater Disabled, Newer versions not compatible"
-    exit 123
-    systemctl stop duplicati
-    rm -rf /opt/duplicati.bck
-    mv /opt/duplicati /opt/duplicati.bck
-    echo 'Updating Duplicati'
-    curl -L --retry 7 --retry-delay 5 $(curl -s https://api.github.com/repos/duplicati/duplicati/releases/tags/"$NewDuplicatiVer" | grep browser_download_url | grep .zip |grep -v signatures | sed -e s#^.*https#https# | tr -d \") -o /tmp/duplicati.zip
-    unzip  /tmp/duplicati.zip -d /opt/duplicati
-    systemctl start duplicati
-    echo $NewDuplicatiVer > "/opt/Duplicati-installed"
-fi
\ No newline at end of file
diff --git a/Readme.md b/Readme.md
index 36178b9..f4a5b1a 100644
--- a/Readme.md
+++ b/Readme.md
@@ -220,7 +220,8 @@ lxc.mount.entry: /dev/ttyACM-Zwave dev/ttyACM-Zwave none bind,optional,create=fi
 * NFS server Available
 
 ## duplicati
-* Available on http://`<ip>`:8200
+1. Run the FistRun script in the container to set the password `bash /opt/Setup/Scripts/FirstRun.sh`
+2. Available on http://`<ip>`:8200
 
 ## mailbackup
 * Info html page available on http://`<ip>`:80

From 85be6a8b3604c85bdc7b781ea3aab2b9c5243964 Mon Sep 17 00:00:00 2001
From: Bram Prieshof <bram@bprieshof.nl>
Date: Sat, 25 Oct 2025 22:28:39 +0200
Subject: [PATCH 3/6] CT domoticz & esphome: Fixed for debian 13 -domoticz:
 Fixed Download URL -esphome: Disabled sudo pseudo-terminal while building
 -kavita: Fixed dailing with existing userdata in update script -nextcloud
 updated a php opcache setting

---
 CT-Build/Debian.Jenkinsfile             |  2 +-
 CT-Build/Debian.yaml                    | 22 +++++++++++++++++++++-
 CT-Files/domoticz/Scripts/Init.sh       |  2 +-
 CT-Files/duplicati/Scripts/Init.sh      |  2 --
 CT-Files/kavita/Scripts/UpdateKavita.sh |  4 ++--
 CT-Files/nextcloud/Configs/php.conf     |  2 +-
 Readme.md                               |  5 +++--
 7 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/CT-Build/Debian.Jenkinsfile b/CT-Build/Debian.Jenkinsfile
index 3cb18b7..00da26a 100644
--- a/CT-Build/Debian.Jenkinsfile
+++ b/CT-Build/Debian.Jenkinsfile
@@ -7,7 +7,7 @@ pipeline {
         string defaultValue: '192.168.200.11', description: 'Proxy server for packages, when enabled', name: 'ProxyServer'
         booleanParam description: 'will disable use of proxy server', name: 'DisProxy'
         checkboxParameter(name: 'ImgVariantList', format: 'JSON', displayNodePath: "//Variants/Variant", valueNodePath: "//Variants/Variant", description: 'Select the variant(s) that should be build',
-            pipelineSubmitContent: '{"Variants": [{"Variant": "minimal"},{"Variant": "default"},{"Variant": "jenkinsbuilder"},{"Variant": "imgbuilder"},{"Variant": "jenkins"},{"Variant": "mysql"},{"Variant": "pihole"},{"Variant": "collabora"},{"Variant": "jellyfin"},{"Variant": "domoticz"},{"Variant": "omadaV3"},{"Variant": "docker"},{"Variant": "smb"},{"Variant": "x2go"},{"Variant": "aptcacherng"},{"Variant": "nfs"},{"Variant": "duplicati"},{"Variant": "fileshelter"},{"Variant": "esphome"},{"Variant": "postgresql"},{"Variant": "linkwarden"}]}')
+            pipelineSubmitContent: '{"Variants": [{"Variant": "minimal"},{"Variant": "default"},{"Variant": "jenkinsbuilder"},{"Variant": "imgbuilder"},{"Variant": "jenkins"},{"Variant": "mysql"},{"Variant": "pihole"},{"Variant": "collabora"},{"Variant": "jellyfin"},{"Variant": "domoticz"},{"Variant": "docker"},{"Variant": "smb"},{"Variant": "x2go"},{"Variant": "aptcacherng"},{"Variant": "nfs"},{"Variant": "duplicati"},{"Variant": "fileshelter"},{"Variant": "esphome"},{"Variant": "postgresql"},{"Variant": "linkwarden"}]}')
     }
     options {
         skipDefaultCheckout()
diff --git a/CT-Build/Debian.yaml b/CT-Build/Debian.yaml
index e541c26..e020fa3 100644
--- a/CT-Build/Debian.yaml
+++ b/CT-Build/Debian.yaml
@@ -1688,6 +1688,15 @@ actions:
     # Cleanup temporary shadow paths
     rm /etc/*-
 
+#Temporarily disable sudo pseudo-terminal(since distrobuilder does not setup pty devices)
+- trigger: post-packages
+  action: |-
+    #!/bin/sh
+    if [ -d "/etc/sudoers.d" ]; then
+      # If sudoers dir exists, presume sudo is installed
+      echo "Defaults !use_pty" > /etc/sudoers.d/DisablePTY
+    fi
+
 #Run init script for NodeJS CT
 - trigger: post-files
   action: |-
@@ -1800,8 +1809,12 @@ actions:
 - trigger: post-unpack
   action: |-
     #!/bin/bash
-    curl --retry 7 --retry-delay 5 -s http://repo.mysql.com/RPM-GPG-KEY-mysql-2023 | gpg --dearmor > /usr/share/keyrings/mysql-archive-keyring.gpg
+    curl --retry 7 --retry-delay 5 -s "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xb7b3b788a8d3785c" | gpg --dearmor > /usr/share/keyrings/mysql-archive-keyring.gpg
     password=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 10 | head -n 1)
+    apt update
+    grep ^Package: /var/lib/apt/lists/repo.mysql.com*
+    ls /var/lib/apt/lists/
+    sleep 30
     mkdir -p /opt/Setup
     echo $password > /opt/Setup/TempMysqlPasswd
     debconf-set-selections <<< "mysql-community-server mysql-community-server/root-pass password $password"
@@ -1870,5 +1883,12 @@ actions:
   variants:
   - linkwarden
 
+- trigger: post-files
+  action: |-
+    #!/bin/sh
+    if [ -f "/etc/sudoers.d/DisablePTY" ]; then
+      rm -f /etc/sudoers.d/DisablePTY
+    fi
+
 mappings:
   architecture_map: debian
\ No newline at end of file
diff --git a/CT-Files/domoticz/Scripts/Init.sh b/CT-Files/domoticz/Scripts/Init.sh
index 3499a14..63aca07 100644
--- a/CT-Files/domoticz/Scripts/Init.sh
+++ b/CT-Files/domoticz/Scripts/Init.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 #Get Resources
-curl -L --retry 7 --retry-delay 5 https://releases.domoticz.com/releases/release/domoticz_linux_x86_64.tgz -o "/opt/Setup/domoticz.tgz"  || exit 1
+curl -L --retry 7 --retry-delay 5 https://releases.domoticz.com/release/domoticz_linux_x86_64.tgz -o "/opt/Setup/domoticz.tgz"  || exit 1
 
 #Adding service user
 adduser --system --shell /bin/bash --group --disabled-password --home /home/domoticz domoticz
diff --git a/CT-Files/duplicati/Scripts/Init.sh b/CT-Files/duplicati/Scripts/Init.sh
index e40f532..83a327a 100644
--- a/CT-Files/duplicati/Scripts/Init.sh
+++ b/CT-Files/duplicati/Scripts/Init.sh
@@ -11,8 +11,6 @@ curl -L --retry 7 --retry-delay 5 "https://github.com/duplicati/duplicati/releas
 apt install -y /opt/Setup/duplicati.deb
 #Remove Archive
 rm /opt/Setup/duplicati.deb
-#Install updates-cript
-mv /opt/Setup/Scripts/UpdateDuplicati.sh /opt/UpdateDuplicati.sh
 #Move configuration inplace
 mv /opt/Setup/Configs/Duplicati-env /etc/default/duplicati
 #Enabling service
diff --git a/CT-Files/kavita/Scripts/UpdateKavita.sh b/CT-Files/kavita/Scripts/UpdateKavita.sh
index 018c55d..de5d82f 100644
--- a/CT-Files/kavita/Scripts/UpdateKavita.sh
+++ b/CT-Files/kavita/Scripts/UpdateKavita.sh
@@ -11,8 +11,8 @@ else
     rm -rf /opt/kavita/*
     tar -C /opt/kavita --strip-components=1 -xf /tmp/kavita.tar.gz
     chown kavita: -R /opt/kavita
-    rm -rf /tmp/kavita.tar.gz
-    mv /tmp/kavitacfg/* /opt/kavita/config
+    rm -rf /tmp/kavita.tar.gz /opt/kavita/config
+    mv /tmp/kavitacfg /opt/kavita/config
     setcap 'cap_net_bind_service=+ep' /opt/kavita/Kavita
     chmod +x /opt/kavita/Kavita
     echo $NewKavitaVersion > /opt/kavita-installed
diff --git a/CT-Files/nextcloud/Configs/php.conf b/CT-Files/nextcloud/Configs/php.conf
index cf4d19f..e683e34 100644
--- a/CT-Files/nextcloud/Configs/php.conf
+++ b/CT-Files/nextcloud/Configs/php.conf
@@ -10,7 +10,7 @@ php_admin_value [date.timezone] = Europe/Amsterdam
 ; OPCACHE SETTINGS
 php_admin_value[opcache.memory_consumption] = 256
 ;Not used since it is enabled using PHP.ini;php_admin_value[opcache.enable] = 1
-php_admin_value[opcache.interned_strings_buffer] = 32
+php_admin_value[opcache.interned_strings_buffer] = 1024
 php_admin_value[opcache.max_accelerated_files] = 50000
 php_admin_value[opcache.max_wasted_percentage] = 5
 php_admin_value[opcache.revalidate_freq] = 0
diff --git a/Readme.md b/Readme.md
index f4a5b1a..16fa0a0 100644
--- a/Readme.md
+++ b/Readme.md
@@ -26,7 +26,7 @@ This can be done on a privileged Debian CT (make sure to enable the Fuse, Nestin
 | collabora | Debian | CollaboraOffice WebService (CODE version) |
 | jellyfin | Debian | Jellyfin in-home streaming server |
 | domoticz | Debian | Domoticz home automation service |
-| omadaV3 | Debian | TP-link Omada SDN controller(V3.2.14) | 
+| omadaV3 `(Unsupported)` | Debian | TP-link Omada SDN controller(V3.2.14) | 
 | docker | Debian | Docker container service |
 | smb | Debian | Samba server |
 | x2go | Debian | Remote xfce desktop accessable via X2go | 
@@ -111,6 +111,7 @@ Then select the created credential and click save
 * Available on http://`<ip>`:8080
 
 ## omadaV3 
+**This version of the Omada software is EOL, Build has been removed form Jenkins build list**
 * To set-up the system follow the initial  set-up wizard on http://`<ip>`:8088
 
 ## docker
@@ -206,7 +207,7 @@ lxc.mount.entry: /dev/ttyACM-Zwave dev/ttyACM-Zwave none bind,optional,create=fi
 
 ## hass
 
-**EOL Use Docker with HomeAssistant compose file instead**
+**EOL Use Docker with HomeAssistant compose file instead, Build has been removed form Jenkins build list**
 * After first start of CT HomeAssistant will finish its installation this will take at least 10 minutes
 * HomeAssistant available on http://`<ip>`:8123
 

From 4b886383c889564d9a55660ad4d3411f4c797aaf Mon Sep 17 00:00:00 2001
From: Bram Prieshof <bram@bprieshof.nl>
Date: Mon, 27 Oct 2025 18:44:26 +0100
Subject: [PATCH 4/6] CT mysql: Using alternate source for the repo gpg key

Oracle/MySQL's has not updated their key in there repo yet, but is availble in on the ubuntu and surfnet.nl gpg servers
---
 CT-Build/Debian.yaml | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/CT-Build/Debian.yaml b/CT-Build/Debian.yaml
index e020fa3..2f5b0fe 100644
--- a/CT-Build/Debian.yaml
+++ b/CT-Build/Debian.yaml
@@ -1809,12 +1809,9 @@ actions:
 - trigger: post-unpack
   action: |-
     #!/bin/bash
-    curl --retry 7 --retry-delay 5 -s "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xb7b3b788a8d3785c" | gpg --dearmor > /usr/share/keyrings/mysql-archive-keyring.gpg
+    curl --retry 7 --retry-delay 5 -s "https://pgp.surfnet.nl/pks/lookup?op=get&search=0xb7b3b788a8d3785c" | gpg --dearmor > /usr/share/keyrings/mysql-archive-keyring.gpg
+    #curl --retry 7 --retry-delay 5 -s http://repo.mysql.com/RPM-GPG-KEY-mysql-2023 | gpg --dearmor > /usr/share/keyrings/mysql-archive-keyring.gpg 
     password=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 10 | head -n 1)
-    apt update
-    grep ^Package: /var/lib/apt/lists/repo.mysql.com*
-    ls /var/lib/apt/lists/
-    sleep 30
     mkdir -p /opt/Setup
     echo $password > /opt/Setup/TempMysqlPasswd
     debconf-set-selections <<< "mysql-community-server mysql-community-server/root-pass password $password"

From 087667500674a7cca8d5c84584e89fa5af219dc1 Mon Sep 17 00:00:00 2001
From: Bram Prieshof <bram@bprieshof.nl>
Date: Tue, 28 Oct 2025 00:16:48 +0100
Subject: [PATCH 5/6] CT Linkwarden Postgresq: Debian 13 fixes linkwarden:
 removed unnecessary build step, fixed deploy command postgresql: locked major
 version, bumpt it from 17 to 18, updated config for compatibility, added
 sleep to config to make sure Postgres is up aptcacherng: skips overwriting
 existing service symlink

---
 CT-Build/Debian.yaml                                      | 8 ++++++++
 CT-Files/aptcacherng/Scripts/Init.sh                      | 4 +++-
 CT-Files/linkwarden/Scripts/FirstRun.sh                   | 2 +-
 CT-Files/linkwarden/Scripts/Init.sh                       | 8 +++++---
 CT-Files/postgresql/Configs/pgadmin-user-preferences.json | 2 +-
 CT-Files/postgresql/Scripts/FirstRun.sh                   | 1 +
 CT-Files/postgresql/Scripts/Init.sh                       | 5 +++--
 7 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/CT-Build/Debian.yaml b/CT-Build/Debian.yaml
index 2f5b0fe..a301e34 100644
--- a/CT-Build/Debian.yaml
+++ b/CT-Build/Debian.yaml
@@ -1532,7 +1532,15 @@ packages:
 
 #postgresql pkgs
   - packages:
+    - postgresql-common
+    action: install
+    early: true
+    variants:
     - postgresql
+
+#postgresql pkgs (part2)
+  - packages:
+    - postgresql-18
     - pgadmin4-server
     - nano
     - uwsgi
diff --git a/CT-Files/aptcacherng/Scripts/Init.sh b/CT-Files/aptcacherng/Scripts/Init.sh
index f72015d..92e405b 100644
--- a/CT-Files/aptcacherng/Scripts/Init.sh
+++ b/CT-Files/aptcacherng/Scripts/Init.sh
@@ -11,4 +11,6 @@ setcap 'cap_net_bind_service=+ep' /sbin/apt-cacher-ng
 mv /opt/Setup/Configs/acng.conf /etc/apt-cacher-ng/acng.conf
 mv /opt/Setup/Scripts/UpdateMirrorList.sh /opt/UpdateMirrorList.sh
 #Enable apt-cacher-ng on startup
-ln -s /lib/systemd/system/apt-cacher-ng.service /etc/systemd/system/multi-user.target.wants/apt-cacher-ng.service || true
\ No newline at end of file
+if ! [ -f /etc/systemd/system/multi-user.target.wants/apt-cacher-ng.service ]; then
+  ln -s /lib/systemd/system/apt-cacher-ng.service /etc/systemd/system/multi-user.target.wants/apt-cacher-ng.service || true
+fi
\ No newline at end of file
diff --git a/CT-Files/linkwarden/Scripts/FirstRun.sh b/CT-Files/linkwarden/Scripts/FirstRun.sh
index db17713..3f53685 100644
--- a/CT-Files/linkwarden/Scripts/FirstRun.sh
+++ b/CT-Files/linkwarden/Scripts/FirstRun.sh
@@ -24,7 +24,7 @@ sed -i "s#http://localhost:3000#$LinkwardenURL#" /opt/node/linkwarden/.env
 
 #Save PM2 statup config
 sudo -u node bash << EOF
-(cd /opt/node/linkwarden; yarn prisma migrate deploy)
+(cd /opt/node/linkwarden; yarn prisma:deploy)
 pm2 install pm2-logrotate
 pm2 start yarn --name Linkwarden --cwd /opt/node/linkwarden -- concurrently:start
 pm2 save
diff --git a/CT-Files/linkwarden/Scripts/Init.sh b/CT-Files/linkwarden/Scripts/Init.sh
index 9fa8b8a..fe4bd46 100644
--- a/CT-Files/linkwarden/Scripts/Init.sh
+++ b/CT-Files/linkwarden/Scripts/Init.sh
@@ -9,8 +9,6 @@ ln -s /opt/monolith-gnu-linux-x86_64 /usr/local/bin/monolith
 mv /opt/Setup/Scripts/Update-monolith.sh /opt/Update-monolith.sh
 
 #Install linkwarden
-
-rm -rf /root/.cache
 startpath=$(pwd)
 
 #Install Linkwarden
@@ -23,10 +21,12 @@ rm -rf /root/.cache
 
 
 yarn install
+yarn next telemetry disable
+sudo -u node yarn next telemetry disable
 yarn prisma:generate
 yarn web:build
-yarn next build
 yarn cache clean
+npm cache clean --force
 apt clean
 
 cd $startpath
@@ -34,3 +34,5 @@ cp /opt/node/linkwarden/.env.sample /opt/node/linkwarden/.env
 chown node: -R /opt/node/linkwarden
 su -c "cd /opt/node/linkwarden; npx playwright install chromium" node
 mv /opt/Setup/Scripts/Update-linkwarden.sh /opt/Update-linkwarden.sh
+
+rm -rf /root/.cache
\ No newline at end of file
diff --git a/CT-Files/postgresql/Configs/pgadmin-user-preferences.json b/CT-Files/postgresql/Configs/pgadmin-user-preferences.json
index 03f6bd8..a7a35f5 100644
--- a/CT-Files/postgresql/Configs/pgadmin-user-preferences.json
+++ b/CT-Files/postgresql/Configs/pgadmin-user-preferences.json
@@ -1,6 +1,6 @@
 {
     "preferences":
         {
-            "misc:themes:theme": "system"
+            "misc:user_interface:theme": "system"
         }
 }
\ No newline at end of file
diff --git a/CT-Files/postgresql/Scripts/FirstRun.sh b/CT-Files/postgresql/Scripts/FirstRun.sh
index e7746d7..e3121c6 100644
--- a/CT-Files/postgresql/Scripts/FirstRun.sh
+++ b/CT-Files/postgresql/Scripts/FirstRun.sh
@@ -3,6 +3,7 @@ read -p "Enter your e-mail for pgAdmin login: " PostgressAdminMail
 read -p "Enter new password for pgAdmin and postgresql database admin: " -s NewPostgressPassword
 echo
 echo "Please wait..."
+sleep 30
 
 #Configure Postgresql
 su postgres -c "psql -c \"alter user postgres with password '$NewPostgressPassword';\""
diff --git a/CT-Files/postgresql/Scripts/Init.sh b/CT-Files/postgresql/Scripts/Init.sh
index 14ddbc8..7afb78d 100644
--- a/CT-Files/postgresql/Scripts/Init.sh
+++ b/CT-Files/postgresql/Scripts/Init.sh
@@ -1,7 +1,8 @@
 #!/bin/sh
 #Setup postgresql
-printf "\n#User entries (Make sure to reload postgressql after updating this file) \n# TYPE  DATABASE        USER            ADDRESS                 METHOD\n" >> /etc/postgresql/17/main/pg_hba.conf
-sed -i "s|#listen_addresses = 'localhost'|listen_addresses = '*'   |" /etc/postgresql/17/main/postgresql.conf
+PGVersion=$(pg_config --version |awk '{split($2,a,"."); print a[1]}')
+printf "\n#User entries (Make sure to reload postgressql after updating this file) \n# TYPE  DATABASE        USER            ADDRESS                 METHOD\n" >> /etc/postgresql/$PGVersion/main/pg_hba.conf
+sed -i "s|#listen_addresses = 'localhost'|listen_addresses = '*'   |" /etc/postgresql/$PGVersion/main/postgresql.conf
 
 #Setup pgadmin
 adduser --system --shell /bin/false --ingroup www-data --disabled-password  --disabled-login  --home /var/lib/www/pgadmin pgadmin

From 4d0585b02e1a5daf9d695bc054b0eff2fb0086fc Mon Sep 17 00:00:00 2001
From: Bram Prieshof <bram@bprieshof.nl>
Date: Fri, 31 Oct 2025 21:54:25 +0100
Subject: [PATCH 6/6] CT  jenkins, x2go,pihole: Fixes for Debian 13 jenkins:
 Added missing packages  &  Fixed broken curl for getting current version  of
 GoLang pihole: will now run a Gravity update on first setup,  to avoid errors
  in the webUI Readme  fixes for: collabora, domoticz & docker

---
 CT-Build/Debian.yaml                 | 3 +++
 CT-Files/jenkins/Scripts/FirstRun.sh | 2 +-
 CT-Files/pihole/Scripts/FirstRun.sh  | 3 ++-
 Readme.md                            | 7 ++++++-
 4 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/CT-Build/Debian.yaml b/CT-Build/Debian.yaml
index a301e34..12199e0 100644
--- a/CT-Build/Debian.yaml
+++ b/CT-Build/Debian.yaml
@@ -1321,6 +1321,8 @@ packages:
     - jenkins
     - gcc
     - libc-dev   
+    - libharfbuzz0b
+    - fontconfig
     action: install
     variants:
     - jenkins
@@ -1447,6 +1449,7 @@ packages:
 #X2go pkgs    
   - packages:
     - gnome-themes-extra
+    - tango-icon-theme
     - xfce4-session
     - xfce4-settings
     - xfce4-panel
diff --git a/CT-Files/jenkins/Scripts/FirstRun.sh b/CT-Files/jenkins/Scripts/FirstRun.sh
index cac6114..ca33203 100644
--- a/CT-Files/jenkins/Scripts/FirstRun.sh
+++ b/CT-Files/jenkins/Scripts/FirstRun.sh
@@ -27,7 +27,7 @@ InstalledPlugins=$(java -jar /opt/jenkins-cli.jar -s http://localhost:8080/ -web
 #Update configuratiopn before putting them in place
 sed -i -e 's/LocaleVersion/'$(printf "%s" "${InstalledPlugins%x}" | grep '^locale ' | awk '{ print $NF}')'/g' /opt/Setup/Configs/locale.xml
 sed -i -e 's/DarkThemeVersion/'$(printf "%s" "${InstalledPlugins%x}" | grep '^dark-theme ' | awk '{ print $NF}')'/g' -e 's/ThemeManagerVersion/'$(printf "%s" "${InstalledPlugins%x}" | grep '^theme-manager ' | awk '{ print $NF}')'/g' /opt/Setup/Configs/io.jenkins.plugins.thememanager.ThemeManagerPageDecorator.xml
-sed -i -e 's/GoPluginVersion/'$(printf "%s" "${InstalledPlugins%x}" | grep '^golang ' | awk '{ print $NF}')'/g' -e 's/GoVersion/'$(curl -Ls https://go.dev/VERSION?m=text |sed 's/go//g')'/g' /opt/Setup/Configs/org.jenkinsci.plugins.golang.GolangBuildWrapper.xml
+sed -i -e 's/GoPluginVersion/'$(printf "%s" "${InstalledPlugins%x}" | grep '^golang ' | awk '{ print $NF}')'/g' -e 's/GoVersion/'$(curl -Ls https://go.dev/VERSION?m=text | head  -n1 | sed 's/go//g')'/g' /opt/Setup/Configs/org.jenkinsci.plugins.golang.GolangBuildWrapper.xml
 mv -t /var/lib/jenkins /opt/Setup/Configs/locale.xml /opt/Setup/Configs/io.jenkins.plugins.thememanager.ThemeManagerPageDecorator.xml /opt/Setup/Configs/org.jenkinsci.plugins.golang.GolangBuildWrapper.xml 
 
 #Restart
diff --git a/CT-Files/pihole/Scripts/FirstRun.sh b/CT-Files/pihole/Scripts/FirstRun.sh
index cc1e6a8..c873781 100644
--- a/CT-Files/pihole/Scripts/FirstRun.sh
+++ b/CT-Files/pihole/Scripts/FirstRun.sh
@@ -13,5 +13,6 @@ done
 sed -i "/upstreams = \[/,/\]/c\upstreams = [ \"$UpStreamDNS1\" , \"$UpStreamDNS2\" ]" /etc/pihole/pihole.toml
 #Finialize instaltation
 /etc/.pihole/automated\ install/basic-install.sh --reconfigure --unattended
+pihole updateGravity
 #Set password
-pihole setpassword
\ No newline at end of file
+pihole setpassword
diff --git a/Readme.md b/Readme.md
index 16fa0a0..7034255 100644
--- a/Readme.md
+++ b/Readme.md
@@ -99,13 +99,17 @@ Then select the created credential and click save
 * Run the FistRun script  in the container `bash /opt/Setup/Scripts/FirstRun.sh`
 
 ## collabora
-* Update the configuration in /etc/coolwsd/coolwsd.xml and reload the service `systemctl restart coolwsd`
+1. Enable container feature: Nesting
+2. Update the configuration `/etc/coolwsd/coolwsd.xml` (make sure to disable SSL since it tries to use a non existent ssl cert, set the `<enable` option below `<ssl desc="SSL settings">` to `false`)
+3. Restart the service `systemctl restart coolwsd`
 
 ## jellyfin 
 * To set-up the system follow the initial  set-up wizard on http://`<ip>`:8096
 
 ## domoticz
 * Available on http://`<ip>`:8080
+* Default username: admin
+* Default password :domoticz
 
 ## transfersh
 * Available on http://`<ip>`:8080
@@ -115,6 +119,7 @@ Then select the created credential and click save
 * To set-up the system follow the initial  set-up wizard on http://`<ip>`:8088
 
 ## docker
+* Enable container feature: Nesting
 * Run the FistRun script  in the container `bash /opt/Setup/Scripts/FirstRun.sh`
 This container can be set up in two ways
 1. As controller with portainer