start_telemt() was a no-op when the service was already active, so
regenerating /etc/telemt/config.toml (e.g. reinstalling with a different
mask domain or switching lite<->pro) left the daemon running with the
OLD in-memory config. This caused the reported "lite-mode key does not
work" issue: after a fresh lite install over an existing pro install,
telemt kept tls_domain=anten-ka.com and dropped SNI=google.com clients
with unknown_sni_action=Drop even though /etc/telemt/config.toml said
tls_domain=google.com.
Fix: start_telemt now uses systemctl restart when the service is
already active, guaranteeing the fresh config is loaded.
- install.sh: fix {{NC}} -> ${NC} color escape on line 265
- bot.py: fix TOML parsing for telemt v3 [access.users] format
- bot.py: fix telemt config section [server].port instead of [config].listen_port
- telemt_config.sh: fix add_secret_to_config() for v3 format
- All frame boxes: correct 54-char width with emoji compensation
- Lite mode links now include ee-prefix + mask_host hex (fake-TLS)
- Added qrencode to ensure_deps() so QR codes work after fresh install
- Centralized link generation in generate_proxy_link()
- Fixed bot.py get_proxy_link() for lite mode ee-prefix
Lines 168-172 in show_template_preview() were missing >&2,
causing stdout leak into subshell capture chain.
This corrupted template_dir variable and broke Stealth mode deployment.
- All UI output (echo, printf) in interactive functions now goes to stderr (>&2)
- Only return values go to stdout for $() capture
- Affected: select_quick_domain, select_port, select_category, select_template, show_template_preview
- Also fixed: log_*, confirm, select_option in common.sh
