Documentation Index Fetch the complete documentation index at: https://mintlify.com/community-scripts/ProxmoxVE/llms.txt
Use this file to discover all available pages before exploring further.
Proxmox VE Helper Scripts follows a modular architecture designed for maintainability, security, and ease of use. The system is built around reusable function libraries that power hundreds of application scripts.
System Components The architecture consists of three primary layers:
Host Scripts Scripts executed on Proxmox VE host for container/VM creation
Function Libraries Shared utilities providing core functionality
Install Scripts Application-specific setup running inside containers
Architecture Diagram Function Libraries The system relies on several specialized function libraries:
Core Libraries (Sourced from GitHub)
build.func - Container Build & Configuration
The primary library for LXC container creation. Located at misc/build.func, it provides:
Variable initialization (variables()) - Normalizes app names, generates session IDsStorage management - Handles storage selection for containers and templatesConfiguration system - Loads user defaults from .vars filesContainer creation (build_container()) - Orchestrates the entire build processResource allocation - CPU, RAM, disk configuration with precedence logic # Key sections in build.func SOURCE: https://raw.githubusercontent.com/.../misc/build.func 1. Initialization & Core Variables 2. Pre-flight Checks & System Validation 3. Container Setup Utilities 4. Storage & Resource Management 5. Configuration & Defaults Management 6. Build Process Orchestration
install.func - In-Container Installation
Executes inside containers after creation. Located at misc/install.func, it handles:
Network connectivity verification (IPv4/IPv6)OS updates - update_os() refreshes package listsDNS resolution checksMOTD configuration - Sets up message of the daySSH setup - Configures SSH access if enabledService configuration - Post-installation setup # Typical install.func workflow source /dev/stdin <<< " $FUNCTIONS_FILE_PATH " color verb_ip6 catch_errors setting_up_container network_check update_os
core.func - Shared Utilities
Provides common functions used across all scripts:
Message formatting (msg_info, msg_ok, msg_error, msg_warn)
Color definitions and UI helpers
GitHub release fetching (get_latest_github_release)
Service setup functions (PHP, MariaDB, Composer, etc.)
Network utilities
api.func - API Integration & Telemetry
Handles communication with external services:
Telemetry reporting (with user consent)
Update checks
Session tracking
Progress reporting
error_handler.func - Error Management
Provides robust error handling:
Trap handlers for script failures
Cleanup on exit
Detailed error reporting
Log management
Data Flow Container Creation Flow βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β User Executes ct/2fauth.sh β β bash -c "$(wget -qLO - https://github.com/.../ct/2fauth)" β ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ β v βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β Source build.func from GitHub β β source <(curl -fsSL .../misc/build.func) β ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ β v βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β build.func sources dependencies: β β - api.func (API communication) β β - core.func (utilities) β β - error_handler.func (error management) β ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ β v βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β Initialize Variables β β - APP="2FAuth" β β - NSAPP="2fauth" (normalized) β β - var_install="2fauth-install" β β - Set resource defaults (CPU, RAM, disk) β ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ β v βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β Load Configuration β β 1. Check environment variables (var_cpu, var_ram, etc.) β β 2. Load app defaults: /defaults/2fauth.vars (if exists) β β 3. Load user defaults: /default.vars (if exists) β β 4. Apply built-in defaults (fallback) β ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ β v βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β User Interaction β β - Display installation mode menu β β - Options: Default, Advanced, App Defaults, etc. β β - Collect storage selection β ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ β v βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β Create LXC Container β β pct create <CTID> <template> \ β β --cores <CPU> --memory <RAM> --rootfs <storage>:<size> β ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ β v βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β Start Container β β pct start <CTID> β ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ β v βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β Execute Install Script Inside Container β β pct push <CTID> install/2fauth-install.sh β β pct exec <CTID> -- bash /tmp/install.sh β ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ β v βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β Install Script Sources install.func β β - Verifies network connectivity β β - Updates OS packages β β - Installs application dependencies β β - Configures services β ββββββββββββββββββββββ¬βββββββββββββββββββββββββββββββββββββββββ β v βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β Application Ready β β Display access URL and completion message β βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Variable Precedence System Configuration values follow a strict precedence order:
Environment Variables (Highest Priority)
Variables set in the shell environment before running the script: export var_cpu = 8 export var_ram = 4096 bash -c "$( wget -qLO - ...)"
App-Specific Defaults
Stored in /usr/local/community-scripts/defaults/<app>.vars: var_cpu = 2 var_ram = 1024 var_disk = 10
User Global Defaults
Stored in /usr/local/community-scripts/default.vars: var_cpu = 4 var_ram = 2048 var_brg = vmbr0
Built-in Defaults (Lowest Priority)
Hardcoded in the app script: var_cpu = "${ var_cpu :- 1 }" var_ram = "${ var_ram :- 512 }"
For resource allocation (CPU, RAM, disk), if the app script declares higher values than user defaults, the app values take precedence. This ensures applications get the resources they need to run properly.
Security Model The architecture implements multiple security layers:
Safe Configuration Parsing The system never uses source or eval on configuration files to prevent arbitrary code execution.
Instead, load_vars_file() implements safe parsing:
# β DANGEROUS (NOT USED) source /path/to/config.conf # Could execute malicious code # β
SAFE (ACTUAL IMPLEMENTATION) load_vars_file "/path/to/config.conf" # Only reads key=value pairs
Whitelist validation - Only approved variable names accepted
Value sanitization - Blocks command injection patterns:
$(command) - Command substitution`command` - Backtick execution; - Command chaining& - Background execution<(...) - Process substitution
Type validation - Numeric values validated against regex patterns
Secure Defaults
Containers run unprivileged by default (var_unprivileged=1)
Limited resource allocation prevents resource exhaustion
SSH access requires explicit user consent
Firewall features available for network isolation
Extension Points Developers can extend the system through:
Custom Function Libraries Specialized libraries for specific scenarios:
alpine-install.func - Alpine Linux supportalpine-tools.func - Alpine-specific utilitiescloud-init.func - Cloud-init integration for VMsvm-core.func - Virtual machine creation
Update Scripts Every app script includes an update_script() function:
function update_script () { header_info check_container_storage check_container_resources # Application-specific update logic if check_for_gh_release "2fauth" "Bubka/2FAuth" ; then $STD apt update $STD apt -y upgrade # ... update application fi }
This function is called when users run the update command on an existing container.
Logging and Diagnostics The architecture includes comprehensive logging:
Build logs : /tmp/create-lxc-${SESSION_ID}.log (on host)Combined logs : /tmp/${NSAPP}-${CTID}-${SESSION_ID}.logPersistent logs : /var/log/community-scripts/ (when DEV_MODE_LOGS enabled)Session tracking : Unique session IDs for troubleshooting
Enable verbose logging by setting var_verbose=yes or using the diagnostic mode menu option.
Resource Management The system intelligently manages storage and resources:
Storage Selection
Auto-detection : If only one storage exists, auto-select itValidation : Checks available space before allocationSeparation : Container and template storage can differUser control : Advanced mode allows manual selection
Resource Allocation Logic # Example from build.func:883-914 base_settings () { local final_disk = "${ var_disk :- 4 }" local final_cpu = "${ var_cpu :- 1 }" local final_ram = "${ var_ram :- 1024 }" # If app declared higher values, use those instead if [[ -n "${ APP_DEFAULT_DISK :- }" && "${ APP_DEFAULT_DISK }" =~ ^[0-9]+$ ]]; then if [[ "${ APP_DEFAULT_DISK }" -gt "${ final_disk }" ]]; then final_disk = "${ APP_DEFAULT_DISK }" fi fi DISK_SIZE = "${ final_disk }" CORE_COUNT = "${ final_cpu }" RAM_SIZE = "${ final_ram }" }
This ensures applications always get sufficient resources while respecting user preferences.
Next Steps
Containers vs VMs Learn the differences between LXC containers and virtual machines
Script Structure Deep dive into how scripts are organized and executed