Update index.yaml

Signed-off-by: szaimen <szaimen@users.noreply.github.com>
Update index.yaml
2026-05-21 10:50:10 +00:00 · 2026-05-16 07:26:45 +00:00 · 2026-05-13 14:10:42 +00:00 · 2026-05-13 16:07:06 +02:00 · 2026-05-13 16:07:00 +02:00 · 2026-05-13 09:19:47 +00:00
312 changed files with 5924 additions and 14315 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -1 +0,0 @@
-* text=auto
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -1,7 +1,7 @@
 ---
-name: 🐛 Bug report - no questions and no support!
-about: Help us improving by reporting a bug - this category is not for questions and also not for support! Please use one of the options below for questions and support
-labels: 0. Needs triage
+name: 🐛 Bug report
+about: Help us improving by reporting a bug
+labels: bug, 0. Needs triage
 ---

 <!---
@@ -20,11 +20,11 @@ labels: 0. Needs triage
 ### Actual behavior <!--- Tell us what happens instead -->


-### Other information
-#### Host OS <!--- (the host OS on which you are trying to install AIO on) -->
+### Host OS <!--- (the host OS on which you are trying to install AIO on) -->

-#### Output of `sudo docker info`

-#### Docker run command or docker-compose file that you used
+#### Nextcloud AIO version <!--- (see Nextcloud AIO interface) -->
+
+#### Current channel <!--- (see the channel name in the AIO interface) -->

 #### Other valuable info <!--- (like logs, screenshots & Co.) -->
--- a/.github/ISSUE_TEMPLATE/Feature_request.md
+++ b/.github/ISSUE_TEMPLATE/Feature_request.md
@@ -1,7 +1,7 @@
 ---
 name: 📖 Existing feature/documentation enhancement
 about: Suggest an enhancement of an existing feature/documentation - for other types, please use the feature request option below
-labels: 0. Needs triage
+labels: enhancement, 0. Needs triage
 ---

 <!--- Please fill out the whole template below -->
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,14 +1,14 @@
 blank_issues_enabled: false
 contact_links:
-    - name: ⛑️ General questions and support
-      url: https://help.nextcloud.com/tag/aio
-      about: For general questions, support and help
    - name: 💡 Suggest a new feature or discuss one
      url:  https://github.com/nextcloud/all-in-one/discussions/categories/ideas
      about: For new feature requests and discussion of existing ones
-    - name: ❓ Questions about Nextcloud AIO
+    - name: ❓ Questions on AIO
      url: https://github.com/nextcloud/all-in-one/discussions/categories/questions
-      about: For questions specifically about AIO
+      about: For questions regarding AIO
+    - name: ⛑️ Community Support and Help
+      url: https://help.nextcloud.com/tag/aio
+      about: For other types of questions
    - name: 💼 Nextcloud Enterprise
      url: https://portal.nextcloud.com/
      about: If you are a Nextcloud Enterprise customer, or need Professional support, so it can be resolved directly by our dedicated engineers more quickly
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -6,54 +6,153 @@ updates:
    interval: "daily"
    time: "12:00"
  open-pull-requests-limit: 10
-  rebase-strategy: "disabled"
-  labels:
-  - 3. to review
-  - dependencies
 - package-ecosystem: composer
  directory: "/php/"
  schedule:
    interval: "daily"
    time: "12:00"
  open-pull-requests-limit: 10
-  rebase-strategy: "auto"
  labels:
  - 3. to review
  - dependencies
 - package-ecosystem: "docker"
-  directories:
-    - "/Containers/apache"
-    - "/Containers/borgbackup"
-    - "/Containers/clamav"
-    - "/Containers/collabora"
-    - "/Containers/docker-socket-proxy"
-    - "/Containers/domaincheck"
-    - "/Containers/fulltextsearch"
-    - "/Containers/imaginary"
-    - "/Containers/mastercontainer"
-    - "/Containers/nextcloud"
-    - "/Containers/notify-push"
-    - "/Containers/onlyoffice"
-    - "/Containers/postgresql"
-    - "/Containers/redis"
-    - "/Containers/talk"
-    - "/Containers/talk-recording"
-    - "/Containers/watchtower"
-    - "/Containers/whiteboard"
+  directory: "/Containers/apache"
  schedule:
    interval: "daily"
-    time: "04:00"
+    time: "12:00"
  open-pull-requests-limit: 10
-  rebase-strategy: "disabled"
  labels:
  - 3. to review
  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/borgbackup"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/collabora"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/domaincheck"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/mastercontainer"
+  schedule:
+    interval: "daily"
+    time: "12:00"
  ignore:
    - dependency-name: "php"
      update-types: ["version-update:semver-major", "version-update:semver-minor"]
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/nextcloud"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  ignore:
+    - dependency-name: "php"
+      update-types: ["version-update:semver-major", "version-update:semver-minor"]
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/postgresql"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  ignore:
    - dependency-name: "postgres"
      update-types: ["version-update:semver-major"]
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/redis"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  ignore:
    - dependency-name: "redis"
-      update-types: ["version-update:semver-major", "version-update:semver-minor"]
+      update-types: ["version-update:semver-major"]
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/talk"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/watchtower"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/clamav"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/onlyoffice"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/imaginary"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
+- package-ecosystem: "docker"
+  directory: "/Containers/fulltextsearch"
+  schedule:
+    interval: "daily"
+    time: "12:00"
+  ignore:
    - dependency-name: "elasticsearch"
      update-types: ["version-update:semver-major"]
+  open-pull-requests-limit: 10
+  labels:
+  - 3. to review
+  - dependencies
--- a/.github/release.yml
+++ b/.github/release.yml
@@ -1,14 +0,0 @@
-changelog:
-  categories:
-    - title: 🏕 New features and other improvements
-      labels:
-        - enhancement
-    - title: 🐞 Fixed bugs
-      labels:
-        - bug
-    - title: 👒 Updated dependencies
-      labels:
-        - dependencies
-    - title: 📄 Improved documentation
-      labels:
-        - documentation
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -1,20 +0,0 @@
-name: 'Codespell'
-
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-
-jobs:
-  codespell:
-    name: Check spelling
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-      - name: Check spelling
-        uses: codespell-project/actions-codespell@v2
-        with:
-          check_filenames: true
-          check_hidden: true
--- a/.github/workflows/command-rebase.yml
+++ b/.github/workflows/command-rebase.yml
@@ -0,0 +1,51 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+
+name: Rebase command
+
+on:
+  issue_comment:
+    types: created
+
+permissions:
+  contents: read
+
+jobs:
+  rebase:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: none
+
+    # On pull requests and if the comment starts with `/rebase`
+    if: github.event.issue.pull_request != '' && startsWith(github.event.comment.body, '/rebase')
+
+    steps:
+      - name: Add reaction on start
+        uses: peter-evans/create-or-update-comment@v2
+        with:
+          token: ${{ secrets.COMMAND_BOT_PAT }}
+          repository: ${{ github.event.repository.full_name }}
+          comment-id: ${{ github.event.comment.id }}
+          reaction-type: "+1"
+
+      - name: Checkout the latest code
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.COMMAND_BOT_PAT }}
+
+      - name: Automatic Rebase
+        uses: cirrus-actions/rebase@1.8
+        env:
+          GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}
+
+      - name: Add reaction on failure
+        uses: peter-evans/create-or-update-comment@v2
+        if: failure()
+        with:
+          token: ${{ secrets.COMMAND_BOT_PAT }}
+          repository: ${{ github.event.repository.full_name }}
+          comment-id: ${{ github.event.comment.id }}
+          reaction-type: "-1"
--- a/.github/workflows/community-containers.yml
+++ b/.github/workflows/community-containers.yml
@@ -1,37 +0,0 @@
-name: Validate community containers
-
-on:
-  pull_request:
-    paths:
-      - 'community-containers/**'
-  push:
-    branches:
-      - main
-    paths:
-      - 'community-containers/**'
-
-jobs:
-  validator-community-containers:
-    name: Validate community containers
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-      - name: Validate structure
-        run: |
-          CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)"
-          mapfile -t CONTAINERS <<< "$CONTAINERS"
-          for container in "${CONTAINERS[@]}"; do
-            container="$(echo "$container" | sed 's|./community-containers/||')"
-            if ! [ -f ./community-containers/"$container"/"$container.json" ]; then
-                echo ".json file must be named like its parent folder $container"
-                FAIL=1
-            fi
-            if ! [ -f ./community-containers/"$container"/readme.md ]; then
-                echo "There must be a readme.md file in the folder!"
-                FAIL=1
-            fi
-            if [ -n "$FAIL" ]; then
-                exit 1
-            fi
-          done
--- a/.github/workflows/create-psalm-container.yml
+++ b/.github/workflows/create-psalm-container.yml
@@ -0,0 +1,54 @@
+name: Create Psalm Container
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '5 4 * * *'
+
+jobs:
+  push_to_registry:
+    runs-on: ubuntu-latest
+
+    name: Create Psalm Container
+
+    permissions:
+      packages: write
+      contents: read
+
+    steps:
+      - name: Check out the repo
+        run: |
+          git clone https://github.com/psalm/psalm-github-actions.git
+      
+      - name: Modify the Dockerfile
+        run: |
+          set -x
+          sed -i 's|FROM php:7.4-alpine|FROM php:8.1-alpine|' "psalm-github-actions/Dockerfile"
+          cat << APCU >> "psalm-github-actions/Dockerfile"
+          RUN mkdir -p /usr/src/php/ext/apcu && \
+            curl -fsSL https://pecl.php.net/get/apcu | tar xvz -C "/usr/src/php/ext/apcu" --strip 1 && \
+            docker-php-ext-install apcu
+          APCU
+
+      - name: Log in to GitHub Docker Registry
+        uses: docker/login-action@v2
+        with:
+          registry: docker.pkg.github.com
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build container image
+        uses: docker/build-push-action@v4
+        with:
+          push: true
+          context: 'psalm-github-actions'
+          file: 'psalm-github-actions/Dockerfile'
+          tags: |
+            ghcr.io/nextcloud/all-in-one-psalm:latest
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -10,27 +10,26 @@ jobs:
    name: Run dependency update script
    runs-on: ubuntu-20.04
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v3
    - uses: shivammathur/setup-php@v2
      with:
-        php-version: 8.3
+        php-version: 8.1
        extensions: apcu
    - name: Run dependency update script
      run: |
        set -x
        cd ./php
-        composer update --with-all-dependencies
-        # Disable dependency updates for now
-        # set +e
-        # ALL_LINES="$(composer outdated | grep -v "^$\|Direct dependencies\|Everything up to date\|Transitive dependencies")"
-        # set -e
-        # while [ -n "$ALL_LINES" ]; do
-        #   CURRENT_LINE="$(echo "$ALL_LINES" | head -1)"
-        #   composer require "$(echo "$CURRENT_LINE" | awk '{print $1}')" "^$(echo "$CURRENT_LINE" | awk '{print $4}')" --with-all-dependencies
-        #   ALL_LINES="$(echo "$ALL_LINES" | sed '1d')"
-        # done
-        # echo "outdated dependencies:
-        # $(composer outdated)"
+        composer update
+        set +e
+        ALL_LINES="$(composer outdated | grep -v "^$\|Direct dependencies\|Everything up to date\|Transitive dependencies")"
+        set -e
+        while [ -n "$ALL_LINES" ]; do
+          CURRENT_LINE="$(echo "$ALL_LINES" | head -1)"
+          composer require "$(echo "$CURRENT_LINE" | awk '{print $1}')" "^$(echo "$CURRENT_LINE" | awk '{print $4}')" --with-all-dependencies
+          ALL_LINES="$(echo "$ALL_LINES" | sed '1d')"
+        done
+        echo "outdated dependencies:
+        $(composer outdated)"
    - name: Update apcu
      run: |
        # APCU
@@ -44,12 +43,12 @@ jobs:
        )"
        sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile
    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v7
+      uses: peter-evans/create-pull-request@v4
      with:
-        commit-message: php dependency updates
+        commit-message: dependency updates
        signoff: true
-        title: PHP dependency updates
-        body: Automated php dependency updates since dependabot does not support grouped updates
-        labels: dependencies, 3. to review
+        title: Dependency updates
+        body: Automated dependency updates since dependabot does not support grouped updates
+        labels: dependencies, enhancement
        milestone: next
        branch: aio-dependency-update
--- a/.github/workflows/docker-lint.yml
+++ b/.github/workflows/docker-lint.yml
@@ -1,46 +0,0 @@
-name: Docker Lint
-
-on:
-  pull_request:
-    paths:
-      - 'Containers/**'
-  push:
-    branches:
-      - main
-    paths:
-      - 'Containers/**'
-
-permissions:
-  contents: read
-
-concurrency: 
-  group: docker-lint-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  docker-lint:
-    runs-on: ubuntu-latest
-
-    name: docker-lint
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Install hadolint
-        run: |
-          sudo wget https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64 -O /usr/bin/hadolint
-          sudo chmod +x /usr/bin/hadolint
-
-      - name: run lint
-        run: |
-          DOCKERFILES="$(find ./Containers -name Dockerfile)"
-          mapfile -t DOCKERFILES <<< "$DOCKERFILES"
-          for file in "${DOCKERFILES[@]}"; do
-            # DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
-            # DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check
-            hadolint "$file" --ignore DL3018 --ignore DL4006 | tee -a ./hadolint.log
-          done
-          if grep -q "DL[0-9]\+\|SC[0-9]\+" ./hadolint.log; then
-            exit 1
-          fi
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -6,17 +6,17 @@ on:
    branches:
      - main
    paths:
-      - 'nextcloud-aio-helm-chart/**'
+      - 'helm-chart/**'

 jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3

      - name: Turnstyle
-        uses: softprops/turnstyle@v2
+        uses: softprops/turnstyle@v1
        with:
          continue-after-seconds: 180
        env:
@@ -32,19 +32,17 @@ jobs:

      # See https://github.com/helm/chart-releaser-action/issues/6
      - name: Set up Helm
-        uses: azure/setup-helm@v4
+        uses: azure/setup-helm@v3.1
        with:
          version: v3.6.3

-      - name: Run Helm Lint
-        run: |
-          helm lint ./nextcloud-aio-helm-chart
-
      - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.7.0
+        # TODO: switch back @main to a specific version like @v1.5.1 or higher
+        uses: helm/chart-releaser-action@main
        with:
+          charts_repo_url: https://nextcloud.github.io/all-in-one
+          charts_dir: helm-chart
          mark_as_latest: false
-          charts_dir: .
        env:
          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
          CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}"
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -1,33 +0,0 @@
-name: imaginary-update
-
-on:
-  workflow_dispatch:
-  schedule:
-  - cron:  '00 12 * * *'
-
-jobs:
-  run_update:
-    name: update to latest imaginary commit on master branch
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: Run imaginary-update
-      run: |
-        # Imaginary
-        imaginary_version="$(
-          git ls-remote https://github.com/h2non/imaginary master \
-            | cut -f1 \
-            | tail -1
-        )"
-        sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH=$imaginary_version|" ./Containers/imaginary/Dockerfile
-        
-    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v7
-      with:
-        commit-message: imaginary-update automated change
-        signoff: true
-        title: Imaginary update
-        body: Automated Imaginary container update
-        labels: dependencies, 3. to review
-        milestone: next
-        branch: imaginary-container-update
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -1,37 +1,20 @@
-name: Json Validator
-
-on:
-  pull_request:
-    paths:
-      - '**.json'
-  push:
-    branches:
-      - main
-    paths:
-      - '**.json'
-
-jobs:
-  json-validator:
-    name: Json Validator
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-      - name: Validate Json
-        run: |
-          sudo apt-get update
-          sudo apt-get install python3-venv -y --no-install-recommends
-          python3 -m venv venv
-          . venv/bin/activate
-          pip3 install json-spec
-          if ! json validate --schema-file=php/containers-schema.json --document-file=php/containers.json; then
-            exit 1
-          fi
-          JSON_FILES="$(find ./community-containers -name '*.json')"
-          mapfile -t JSON_FILES <<< "$JSON_FILES"
-          for file in "${JSON_FILES[@]}"; do
-            json validate --schema-file=php/containers-schema.json --document-file="$file" 2>&1 | tee -a ./json-validator.log
-          done
-          if grep -q "document does not validate with schema.\|invalid JSONFile" ./json-validator.log; then
-            exit 1
-          fi
+name: Json Validator
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  psalm:
+    name: Json Validator
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Validate Json
+        run: |
+          sudo apt install python3-pip --no-install-recommends
+          sudo pip3 install json-spec
+          json validate --schema-file=php/containers-schema.json --document-file=php/containers.json
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -1,24 +0,0 @@
-name: Lint Helm Charts
-
-on:
-  workflow_dispatch:
-  pull_request:
-    paths:
-      - 'nextcloud-aio-helm-chart/**'
-
-jobs:
-  lint-helm:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Install Helm
-        uses: azure/setup-helm@v4
-        with:
-          version: v3.11.1
-
-      - name: Lint charts
-        run: helm lint nextcloud-aio-helm-chart
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -3,22 +3,18 @@
 # https://github.com/nextcloud/.github
 # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization

-name: Lint php
+name: Lint

 on:
  pull_request:
-    paths:
-      - 'php/**'
  push:
    branches:
      - main
-    paths:
-      - 'php/**'

 permissions:
  contents: read

-concurrency:
+concurrency: 
  group: lint-php-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true

@@ -27,22 +23,19 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        php-versions: [ "8.3" ]
+        php-versions: ["8.1"]

    name: php-lint

    steps:
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@v3

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
+        uses: shivammathur/setup-php@v2
        with:
          php-version: ${{ matrix.php-versions }}
          coverage: none
-          ini-file: development
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Lint
        run: cd php && composer run lint
@@ -50,7 +43,7 @@ jobs:
  summary:
    permissions:
      contents: none
-    runs-on: ubuntu-latest-low
+    runs-on: ubuntu-latest
    needs: php-lint

    if: always()
--- a/.github/workflows/lock-threads.yml
+++ b/.github/workflows/lock-threads.yml
@@ -14,7 +14,7 @@ jobs:
  action:
    runs-on: ubuntu-latest
    steps:
-      - uses: dessant/lock-threads@v5
+      - uses: dessant/lock-threads@v4
        with: 
          issue-inactive-days: '14'
          process-only: 'issues'
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -11,7 +11,7 @@ jobs:
    name: Run nextcloud-update script
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v3
    - name: Run nextcloud-update script
      run: |
        # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh
@@ -25,7 +25,7 @@ jobs:
            | sort -V \
            | tail -1
        )"
-        sed -i "s|\(pecl install[^;]*APCu-\)[0-9.]*|\1$apcu_version|" ./Containers/nextcloud/Dockerfile
+        sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/nextcloud/Dockerfile
        
        # Memcached
        memcached_version="$(
@@ -36,7 +36,7 @@ jobs:
            | sort -V \
            | tail -1
        )"
-        sed -i "s|\(pecl install[^;]*memcached-\)[0-9.]*|\1$memcached_version|" ./Containers/nextcloud/Dockerfile
+        sed -i "s|pecl install memcached.*\;|pecl install memcached-$memcached_version\;|" ./Containers/nextcloud/Dockerfile
        
        # Redis
        redis_version="$(
@@ -47,50 +47,31 @@ jobs:
            | sort -V \
            | tail -1
        )"
-        sed -i "s|\(pecl install[^;]*redis-\)[0-9.]*|\1$redis_version|" ./Containers/nextcloud/Dockerfile
+        sed -i "s|pecl install redis.*\;|pecl install redis-$redis_version\;|" ./Containers/nextcloud/Dockerfile
        
        # Imagick
        imagick_version="$(
-          git ls-remote --tags https://github.com/imagick/imagick.git \
+          git ls-remote --tags https://github.com/mkoppanen/imagick.git \
            | cut -d/ -f3 \
            | grep -viE '[a-z]' \
            | tr -d '^{}' \
            | sort -V \
            | tail -1
        )"
-        sed -i "s|\(pecl install[^;]*imagick-\)[0-9.]*|\1$imagick_version|" ./Containers/nextcloud/Dockerfile
-
-        # Imagick git-commit-hash from HEAD
-        imagick_commit_hash="$(
-          git ls-remote https://github.com/imagick/imagick.git HEAD | awk '{print $1}'
-        )"
-        sed -i "s/\(ARG IMAGICK_COMMIT_HASH=\)[a-fA-F0-9]*$/\1$imagick_commit_hash/" ./Containers/nextcloud/Dockerfile
-
-        # Igbinary
-        igbinary_version="$(
-          git ls-remote --tags https://github.com/igbinary/igbinary.git \
-            | cut -d/ -f3 \
-            | grep -viE '[a-z]' \
-            | tr -d '^{}' \
-            | sort -V \
-            | tail -1
-        )"
-        sed -i "s|\(pecl install[^;]*igbinary-\)[0-9.]*|\1$igbinary_version|" ./Containers/nextcloud/Dockerfile
+        sed -i "s|pecl install imagick.*\;|pecl install imagick-$imagick_version\;|" ./Containers/nextcloud/Dockerfile

        # Nextcloud
        NC_MAJOR="$(grep "ENV NEXTCLOUD_VERSION" ./Containers/nextcloud/Dockerfile | grep -oP '[23][0-9]')"
        NCVERSION=$(curl -s -m 900 https://download.nextcloud.com/server/releases/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | grep "$NC_MAJOR" | sort --version-sort | tail -1)
-        if [ -n "$NCVERSION" ]; then
-          sed -i "s|^ENV NEXTCLOUD_VERSION.*|ENV NEXTCLOUD_VERSION=$NCVERSION|" ./Containers/nextcloud/Dockerfile
-        fi
+        sed -i "s|^ENV NEXTCLOUD_VERSION.*|ENV NEXTCLOUD_VERSION $NCVERSION|" ./Containers/nextcloud/Dockerfile

    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v7
+      uses: peter-evans/create-pull-request@v4
      with:
        commit-message: nextcloud-update automated change
        signoff: true
-        title: Nextcloud dependency update
+        title: Nextcloud update
        body: Automated Nextcloud container update
-        labels: dependencies, 3. to review
+        labels: dependencies, enhancement
        milestone: next
        branch: nextcloud-container-update
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -3,24 +3,20 @@ name: PHP Deprecation Detector

 on:
  pull_request:
-    paths:
-      - 'php/**'
  push:
    branches:
      - main
-    paths:
-      - 'php/**'

 jobs:
-  phpdd:
+  psalm:
    name: PHP Deprecation Detector
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
-      - name: Set up php
+      - uses: actions/checkout@v3
+      - name: Set up php8.1
        uses: shivammathur/setup-php@v2
        with:
-          php-version: 8.3
+          php-version: 8.1
          extensions: apcu
          coverage: none

@@ -28,6 +24,7 @@ jobs:
        run: |
          set -x
          cd php
+          composer global require wapmorgan/php-deprecation-detector dev-master
          composer install
          composer run php-deprecation-detector | tee -i ./phpdd.log
          if grep "Total issues:" ./phpdd.log; then
--- a/.github/workflows/psalm-analysis.yml
+++ b/.github/workflows/psalm-analysis.yml
@@ -0,0 +1,28 @@
+name: Psalm Analysis
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  psalm:
+    name: Psalm
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up php8.1
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 8.1
+          extensions: apcu
+          coverage: none
+
+      - name: Run script
+        run: |
+          set -x
+          cd php
+          composer global require vimeo/psalm --prefer-dist --no-progress --dev
+          composer install
+          composer run psalm
--- a/.github/workflows/psalm-security.yml
+++ b/.github/workflows/psalm-security.yml
@@ -0,0 +1,25 @@
+name: Psalm Security Analysis
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  psalm:
+    name: Psalm
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Psalm
+        uses: docker://ghcr.io/nextcloud/all-in-one-psalm
+        with:
+          relative_dir: php
+          security_analysis: true
+          composer_ignore_platform_reqs: false
+          report_file: results.sarif
+      - name: Upload Security Analysis results to GitHub
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: php/results.sarif
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -10,12 +10,12 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3

-      - name: Set up php
+      - name: Set up php8.1
        uses: shivammathur/setup-php@v2
        with:
-          php-version: 8.3
+          php-version: 8.1
          extensions: apcu
          coverage: none

@@ -23,14 +23,15 @@ jobs:
        run: |
          set -x
          cd php
+          composer global require vimeo/psalm --prefer-dist --no-progress --dev
          composer install
-          composer run psalm:update-baseline
+          composer run psalm -- --monochrome --no-progress --output-format=text --update-baseline
          git clean -f lib/composer
          git checkout composer.json composer.lock lib/composer
        continue-on-error: true

      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@v4
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: Update psalm baseline
@@ -38,9 +39,10 @@ jobs:
          author: nextcloud-command <nextcloud-command@users.noreply.github.com>
          signoff: true
          branch: automated/noid/psalm-baseline-update
+          # Make sure we can open multiple PRs
+          branch-suffix: timestamp
          title: '[Automated] Update psalm-baseline.xml'
-          milestone: next
          body: |
            Auto-generated update psalm-baseline.xml with fixed psalm warnings
          labels: |
-            3. to review, dependencies
+            3. to review
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -1,46 +0,0 @@
-# This workflow is provided via the organization template repository
-#
-# https://github.com/nextcloud/.github
-# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
-
-name: Static analysis
-
-on:
-  pull_request:
-    paths:
-      - 'php/**'
-  push:
-    branches:
-      - main
-    paths:
-      - 'php/**'
-
-concurrency:
-  group: psalm-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  static-analysis:
-    runs-on: ubuntu-latest
-
-    name: static-psalm-analysis
-    steps:
-      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-      - name: Set up php
-        uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
-        with:
-          php-version: 8.3
-          extensions: apcu
-          coverage: none
-          ini-file: development
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Install dependencies and run psalm
-        run: |
-          set -x
-          cd php
-          composer install
-          composer run psalm
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -2,20 +2,16 @@ name: Shellcheck

 on:
  pull_request:
-    paths:
-      - '**.sh'
  push:
    branches:
      - main
-    paths:
-      - '**.sh'

 jobs:
  shellcheck:
    name: Check Shell
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v3
    - name: Run Shellcheck
      uses: ludeeus/action-shellcheck@2.0.0
      with:
--- a/.github/workflows/spellcheck.yml
+++ b/.github/workflows/spellcheck.yml
@@ -0,0 +1,23 @@
+name: 'Spellcheck'
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  spellcheck:
+    name: Check spelling
+    runs-on: ubuntu-latest
+    steps:
+      - name: spelling or typos
+        uses: actions/checkout@v3
+      - name: fix permission for reviewdog
+        run: sudo chown -R root:root $GITHUB_WORKSPACE
+      - name: misspell
+        uses: reviewdog/action-misspell@v1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          locale: "US"
+          fail_on_error: true
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -1,56 +0,0 @@
-name: talk-update
-
-on:
-  workflow_dispatch:
-  schedule:
-  - cron:  '00 12 * * *'
-
-jobs:
-  talk-update:
-    name: update talk
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: Run talk-container-update
-      run: |
-        # Recording
-        recording_version="$(
-          git ls-remote https://github.com/nextcloud/nextcloud-talk-recording v* \
-            | cut -d/ -f3 \
-            | sort -V \
-            | grep -E "^v[0-9\.]+$" \
-            | tail -1
-        )"
-        sed -i "s|^ENV RECORDING_VERSION.*$|ENV RECORDING_VERSION=$recording_version|" ./Containers/talk-recording/Dockerfile
-        curl -L "https://raw.githubusercontent.com/nextcloud/nextcloud-talk-recording/$recording_version/server.conf.in" -o Containers/talk-recording/recording.conf
-        
-        # Signaling
-        signaling_version="$(
-          git ls-remote https://github.com/strukturag/nextcloud-spreed-signaling v*.*.* \
-            | cut -d/ -f3 \
-            | sort -V \
-            | grep -E "^v[0-9]+\.[0-9]+\.[0-9]+$" \
-            | tail -1
-        )"
-        curl -L "https://raw.githubusercontent.com/strukturag/nextcloud-spreed-signaling/$signaling_version/server.conf.in" -o Containers/talk/server.conf.in
-        
-        # Janus
-        janus_version="$(
-          git ls-remote https://github.com/meetecho/janus-gateway v1.*.* \
-            | cut -d/ -f3 \
-            | sort -V \
-            | grep -E "^v[0-9]+\.[0-9]+\.[0-9]+$" \
-            | tail -1
-        )"
-        sed -i "s|^ARG JANUS_VERSION=.*$|ARG JANUS_VERSION=$janus_version|" ./Containers/talk/Dockerfile
-        
-    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v7
-      with:
-        commit-message: talk-update automated change
-        signoff: true
-        title: talk container update
-        body: Automated talk container update
-        labels: dependencies, 3. to review
-        milestone: next
-        branch: talk-container-update
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -1,40 +0,0 @@
-name: Twig Lint
-
-on:
-  pull_request:
-    paths:
-      - '**.twig'
-  push:
-    branches:
-      - main
-    paths:
-      - '**.twig'
-
-permissions:
-  contents: read
-
-concurrency:
-  group: lint-twig-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  twig-lint:
-    runs-on: ubuntu-latest
-    name: twig-lint
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@v2
-        with:
-          php-version: 8.3
-          extensions: apcu
-          coverage: none
-
-      - name: twig lint
-        run: |
-          cd php
-          composer install
-          composer run lint:twig
--- a/.github/workflows/update-copyright.yml
+++ b/.github/workflows/update-copyright.yml
@@ -1,11 +0,0 @@
-name: Update Copyright
-
-on:
-  workflow_dispatch:
-
-jobs:
-  update-copyright:
-    name: update copyright
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -6,27 +6,28 @@ on:
  - cron:  '00 12 * * *'

 jobs:
-  update-helm:
+  psalm:
    name: update helm chart
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      - name: update helm chart
        run: |
-          DOCKER_TAG="$(curl -L -s 'https://registry.hub.docker.com/v2/repositories/nextcloud/all-in-one/tags?page_size=1024' | jq '."results"[]["name"]' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
+          DOCKER_TAG="$(curl -L -s 'https://registry.hub.docker.com/v2/repositories/nextcloud/all-in-one/tags?page_size=1024' | jq '."results"[]["name"]' | sed 's|"||g' | grep '^20' | sort -r | head -1)"
+          DOCKER_TAG="${DOCKER_TAG%%-latest*}"
          export DOCKER_TAG
-          if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
-            sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
+          if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
+            sudo bash helm-chart/update-helm.sh "$DOCKER_TAG"
          fi
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@v4
        with:
          commit-message: Helm Chart updates
          signoff: true
          title: Helm Chart updates
          body: Automated Helm Chart updates for the yaml files. It can be merged if it looks good at any time which will automatically trigger a new release of the helm chart.
-          labels: dependencies, 3. to review
+          labels: dependencies
          milestone: next
          branch: aio-helm-update
          token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -6,23 +6,23 @@ on:
  - cron:  '00 12 * * *'

 jobs:
-  update-yaml:
+  psalm:
    name: update yaml files
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      - name: update yaml files
        run: |
          sudo bash manual-install/update-yaml.sh
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@v4
        with:
          commit-message: Yaml updates
          signoff: true
          title: Yaml updates
          body: Automated yaml updates for the docker-compose files. Should only be merged shortly before the next latest release.
-          labels: dependencies, 3. to review
+          labels: dependencies
          milestone: next
          branch: aio-yaml-update
          token: ${{ secrets.GITHUB_TOKEN }}
--- a/.gitignore
+++ b/.gitignore
@@ -1,15 +1,9 @@
 .DS_Store
-.idea/
-*.iml
-
-/php/data/*
-/php/session/*
-!/php/data/.gitkeep
-!/php/session/.gitkeep
+/php/data/containers.json
+/php/data/configuration.json
+/php/data/backupsecret.json
 /php/vendor
-
 /manual-install/*.conf
 !/manual-install/sample.conf
 /manual-install/docker-compose.yml
-/manual-install/compose.yaml
 /manual-install/.env
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -5,65 +5,66 @@
        root /mnt/data/caddy
    }

-    servers {
-        # trusted_proxies placeholder
-    }
-
    log {
        level ERROR
    }
 }

-https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
 {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
-    header -Server
-    header -X-Powered-By
-
-    # Collabora
-    route /browser/* {
-        reverse_proxy {$COLLABORA_HOST}:9980
-    }
-    route /hosting/* {
-        reverse_proxy {$COLLABORA_HOST}:9980
-    }
-    route /cool/* {
-        reverse_proxy {$COLLABORA_HOST}:9980
-    }

    # Notify Push
    route /push/* {
        uri strip_prefix /push
-        reverse_proxy {$NOTIFY_PUSH_HOST}:7867
-    }
-
-    # Onlyoffice
-    route /onlyoffice/* {
-        uri strip_prefix /onlyoffice
-        reverse_proxy {$ONLYOFFICE_HOST}:80 {
-            header_up X-Forwarded-Host {http.request.hostport}/onlyoffice
-            header_up X-Forwarded-Proto https
+        reverse_proxy {$NEXTCLOUD_HOST}:7867 {
+            # trusted_proxies placeholder
        }
    }

    # Talk
    route /standalone-signaling/* {
        uri strip_prefix /standalone-signaling
-        reverse_proxy {$TALK_HOST}:8081
+        reverse_proxy {$TALK_HOST}:8081 {
+            # trusted_proxies placeholder
+        }
    }

-    # Whiteboard
-    route /whiteboard/* {
-        uri strip_prefix /whiteboard
-        reverse_proxy {$WHITEBOARD_HOST}:3002
+    # Collabora
+    route /browser/* {
+        reverse_proxy {$COLLABORA_HOST}:9980 {
+            # trusted_proxies placeholder
+        }
+    }
+    route /hosting/* {
+        reverse_proxy {$COLLABORA_HOST}:9980 {
+            # trusted_proxies placeholder
+        }
+    }
+    route /cool/* {
+        reverse_proxy {$COLLABORA_HOST}:9980 {
+            # trusted_proxies placeholder
+        }
+    }
+
+    # Onlyoffice
+    route /onlyoffice/* {
+        uri strip_prefix /onlyoffice
+        reverse_proxy {$ONLYOFFICE_HOST}:80 {
+            header_up X-Forwarded-Host {http.request.host}/onlyoffice
+            header_up X-Forwarded-Proto https
+            # trusted_proxies placeholder
+        }
    }

    # Nextcloud
    route {
+        rewrite /.well-known/carddav /remote.php/dav
+        rewrite /.well-known/caldav /remote.php/dav
        header Strict-Transport-Security max-age=31536000;
-        reverse_proxy 127.0.0.1:8000
+        reverse_proxy localhost:8000 {
+            # See https://github.com/nextcloud/all-in-one/issues/828
+            # trusted_proxies placeholder
+        }
    }
-    redir /.well-known/carddav /remote.php/dav/ 301
-    redir /.well-known/caldav /remote.php/dav/ 301

    # TLS options
    tls {
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,90 +1,85 @@
-# syntax=docker/dockerfile:latest
-FROM caddy:2.9.1-alpine AS caddy
+# Caddy is a requirement
+FROM caddy:2.6.4-alpine as caddy

-# From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.63-alpine3.21
+FROM httpd:2.4.56-alpine3.17

-COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
+RUN set -ex; \
+    apk add --no-cache shadow; \
+    groupmod -g 333 xfs; \
+    usermod -u 333 -g 333 xfs; \
+    groupmod -g 33 www-data; \
+    usermod -u 33 -g 33 www-data; \
+    apk del --no-cache shadow

-COPY --chown=33:33 Caddyfile /Caddyfile
-COPY --chmod=664 nextcloud.conf /usr/local/apache2/conf/nextcloud.conf
-COPY --chmod=664 supervisord.conf /supervisord.conf
-COPY --chmod=775 start.sh /start.sh
-COPY --chmod=775 healthcheck.sh /healthcheck.sh
+RUN mkdir -p /mnt/data; \
+    chown www-data:www-data /mnt/data;

 VOLUME /mnt/data

 RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache shadow; \
-    groupmod -g 33 www-data; \
-    usermod -u 33 -g 33 www-data; \
-    apk del --no-cache shadow; \
-    \
-    mkdir -p /mnt/data; \
-    chown -R www-data:www-data /mnt/data; \
-    chown -R 777 /tmp; \
-    \
    apk add --no-cache \
        bash \
        supervisor \
+        wget \
        tzdata \
        ca-certificates \
        openssl \
-        bind-tools \
-        netcat-openbsd; \
-    \
-    sed -i \
-            -e '/^Listen /d' \
-            -e 's/^#\(LoadModule .*mod_rewrite.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_headers.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_proxy.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_proxy_fcgi.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_setenvif.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_env.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_mime.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_dir.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_authz_core.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_alias.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_brotli.so\)/\1/' \
-            -e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \
-            -e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \
-            -e 's/\(ScriptAlias \)/#\1/' \
-        /usr/local/apache2/conf/httpd.conf; \
-    echo "Include conf/nextcloud.conf" | tee -a /usr/local/apache2/conf/httpd.conf; \
-    echo "ServerName localhost" | tee -a /usr/local/apache2/conf/httpd.conf; \
-# Sync this with max db connections and pm.max_children
-# We don't actually expect so many workers but don't want to limit it artificially because people will report issues otherwise.
-    sed -i 's|MaxRequestWorkers.*|MaxRequestWorkers 5000|' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
-    grep -q '<IfModule mpm_event_module>' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
-# ServerLimit needs to be set to MaxRequestWorkers divided by ThreadsPerChild which is set to 25 by default
-    sed -i '/<IfModule mpm_event_module>/a\ \ \ \ ServerLimit 200' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
-    \
-    rm -rf /usr/local/apache2/conf/original /var/www; \
-    mkdir -p /var/www; \
-    chown -R www-data:www-data /var/www; \
-    \
-    mkdir /var/log/supervisord; \
+        netcat-openbsd
+
+COPY --from=caddy /usr/bin/caddy /usr/bin/
+RUN chmod +x /usr/bin/caddy
+
+RUN sed -i \
+                -e '/^Listen /d' \
+                -e 's/^#\(LoadModule .*mod_rewrite.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_headers.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_proxy.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_proxy_fcgi.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_setenvif.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_env.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_mime.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_dir.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_authz_core.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_alias.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \
+                -e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \
+                -e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \
+                conf/httpd.conf; \
+		echo "Include conf/nextcloud.conf" | tee -a conf/httpd.conf; \
+                echo "ServerName localhost" | tee -a conf/httpd.conf
+		
+COPY nextcloud.conf conf
+
+RUN set -ex; \
+    rm -rf conf/original conf/original && \
+    rm -rf /var/www/html/* && \
+    mkdir /var/www && \
+    chown -R www-data:www-data /var/www;
+
+RUN mkdir /var/log/supervisord; \
    mkdir /var/run/supervisord; \
    chown www-data:www-data /var/run/supervisord; \
-    chown www-data:www-data /var/log/supervisord; \
-    chmod 777 /var/run/supervisord; \
-    chmod 777 /var/log/supervisord; \
-    \
+    chown www-data:www-data /var/log/supervisord;
+
+COPY Caddyfile /
+
+COPY start.sh /usr/bin/
+COPY healthcheck.sh /usr/bin/
+COPY supervisord.conf /
+RUN chmod +x /usr/bin/start.sh; \
+    chmod +x /usr/bin/healthcheck.sh; \
+    chmod +r /supervisord.conf; \
+    chown www-data:www-data /Caddyfile; \
    chown -R www-data:www-data /usr/local/apache2; \
-    chmod +r -R /usr/local/apache2; \
-    mkdir -p /usr/local/apache2/logs; \
-    chmod 777 -R /home/www-data; \
-    chmod 777 -R /usr/local/apache2/logs; \
-    rm -rf /usr/local/apache2/cgi-bin/; \
-    \
-    echo "root:$(openssl rand -base64 12)" | chpasswd
+    chmod +r -R /usr/local/apache2

-USER 33
+# Give root a random password
+RUN echo "root:$(openssl rand -base64 12)" | chpasswd

-ENTRYPOINT ["/start.sh"]
+USER www-data
+
+ENTRYPOINT ["start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

-HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+HEALTHCHECK CMD healthcheck.sh
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/apache/healthcheck.sh
+++ b/Containers/apache/healthcheck.sh
@@ -1,5 +1,9 @@
 #!/bin/bash

 nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
-nc -z 127.0.0.1 8000 || exit 1
-nc -z 127.0.0.1 "$APACHE_PORT" || exit 1
+nc -z localhost 8000 || exit 1
+if [ "$APACHE_PORT" != '443' ]; then
+    nc -z localhost "$APACHE_PORT" || exit 1
+else
+    nc -z "$NC_DOMAIN" "$APACHE_PORT" || exit 1
+fi
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -3,26 +3,13 @@ Listen 8000
    ServerName localhost

    # Add error log
-    CustomLog /proc/self/fd/1 proxy
-    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+    CustomLog /proc/self/fd/1 combined
    ErrorLog /proc/self/fd/2
-    ErrorLogFormat "[%t] [%l] [%E] [client: %{X-Forwarded-For}i] [%M] [%{User-Agent}i]"
-    LogLevel warn

    # PHP match
    <FilesMatch "\.php$">
        SetHandler "proxy:fcgi://${NEXTCLOUD_HOST}:9000"
    </FilesMatch>
-
-    <Proxy "fcgi://${NEXTCLOUD_HOST}:9000" flushpackets=on>
-    </Proxy>
-
-    # Enable Brotli compression for js, css and svg files - other plain files are compressed by Nextcloud by default
-    <IfModule mod_brotli.c>
-        AddOutputFilterByType BROTLI_COMPRESS text/javascript application/javascript application/x-javascript text/css image/svg+xml
-        BrotliCompressionQuality 0
-    </IfModule>
-
    # Nextcloud dir
    DocumentRoot /var/www/html/
    <Directory /var/www/html/>
@@ -40,6 +27,10 @@ Listen 8000
        Require all denied
    </Files>

+    # Fix zero file sizes 
+    # See https://github.com/nextcloud/server/issues/3056#issuecomment-954209565
+    SetEnv proxy-sendcl 1
+
    # See https://httpd.apache.org/docs/current/en/mod/core.html#limitrequestbody
    LimitRequestBody ${APACHE_MAX_SIZE}

@@ -48,7 +39,4 @@ Listen 8000

    # See https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxytimeout
    ProxyTimeout ${APACHE_MAX_TIME}
-
-    # See https://httpd.apache.org/docs/trunk/mod/core.html#traceenable
-    TraceEnable Off
 </VirtualHost>
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -17,13 +17,6 @@ while ! nc -z "$NEXTCLOUD_HOST" 9000; do
    sleep 5
 done

-# Get ipv4-address of Apache
-# shellcheck disable=SC2153
-IPv4_ADDRESS="$(dig "$APACHE_HOST" A +short +search | head -1)"
-# Bring it in CIDR notation
-# shellcheck disable=SC2001
-IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|0/16|')"
-
 if [ -z "$APACHE_PORT" ]; then
    export APACHE_PORT="443"
 fi
@@ -42,24 +35,18 @@ if [ "$APACHE_PORT" != '443' ]; then
 else
    CADDYFILE="$(sed 's|auto_https.*|auto_https disable_redirects|' /Caddyfile)"
 fi
-echo "$CADDYFILE" > /tmp/Caddyfile
+echo "$CADDYFILE" > /Caddyfile

 # Change the trusted_proxies in case of reverse proxies
 if [ "$APACHE_PORT" != '443' ]; then
-    CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges|' /tmp/Caddyfile)"
+    CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies private_ranges|' /Caddyfile)"
 else
-    CADDYFILE="$(sed "s|# trusted_proxies placeholder|trusted_proxies static $IPv4_ADDRESS|" /tmp/Caddyfile)"
+    CADDYFILE="$(sed 's|trusted_proxies private_ranges|# trusted_proxies placeholder|' /Caddyfile)"
 fi
-echo "$CADDYFILE" > /tmp/Caddyfile
-
-# Remove additional domain if not given
-if [ -z "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
-    CADDYFILE="$(sed '/ADDITIONAL_TRUSTED_DOMAIN/d' /tmp/Caddyfile)"
-fi
-echo "$CADDYFILE" > /tmp/Caddyfile
+echo "$CADDYFILE" > /Caddyfile

 # Fix the Caddyfile format
-caddy fmt --overwrite /tmp/Caddyfile
+caddy fmt --overwrite /Caddyfile

 # Add caddy path
 mkdir -p /mnt/data/caddy/
--- a/Containers/apache/supervisord.conf
+++ b/Containers/apache/supervisord.conf
@@ -9,8 +9,8 @@ logfile_backups=10
 loglevel=error

 [program:apache]
-# Stdout logging is disabled as otherwise the logs are spammed
-stdout_logfile=NONE
+# stdout_logfile=/dev/stdout
+# stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=apachectl -DFOREGROUND
@@ -20,4 +20,4 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=/usr/bin/caddy run --config /tmp/Caddyfile
+command=/usr/bin/caddy run --config /Caddyfile
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,9 +1,7 @@
-# syntax=docker/dockerfile:latest
-FROM alpine:3.21.2
+FROM alpine:3.17.2

 RUN set -ex; \
    \
-    apk upgrade --no-cache -a; \
    apk add --no-cache \
        util-linux-misc \
        bash \
@@ -11,17 +9,15 @@ RUN set -ex; \
        rsync \
        fuse \
        py3-llfuse \
-        jq \
-        openssh-client
+        jq

 VOLUME /root

-COPY --chmod=770 *.sh /
-COPY borg_excludes /
+COPY start.sh /usr/bin/
+COPY backupscript.sh /
+RUN chmod +x /usr/bin/start.sh; \
+    chmod +x /backupscript.sh

-ENTRYPOINT ["/start.sh"]
-# hadolint ignore=DL3002
 USER root
-
-LABEL com.centurylinklabs.watchtower.enable="false"
-ENV BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"
+ENTRYPOINT ["start.sh"]
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -24,34 +24,22 @@ for directory in "${VOLUME_DIRS[@]}"; do
        exit 1
    fi
 done
-# Test if default volumes are there
-DEFAULT_VOLUMES=(nextcloud_aio_apache nextcloud_aio_nextcloud nextcloud_aio_database nextcloud_aio_database_dump nextcloud_aio_elasticsearch nextcloud_aio_nextcloud_data nextcloud_aio_mastercontainer)
-for volume in "${DEFAULT_VOLUMES[@]}"; do
-    if ! mountpoint -q "/nextcloud_aio_volumes/$volume"; then
-        echo "$volume is missing which is not intended."
-        exit 1
-    fi
-done

 # Check if target is mountpoint
-if [ -z "$BORG_REMOTE_REPO" ] && ! mountpoint -q "$MOUNT_DIR"; then
-    echo "$MOUNT_DIR is not a mountpoint which is not allowed."
+if ! mountpoint -q /mnt/borgbackup; then
+    echo "/mnt/borgbackup is not a mountpoint which is not allowed"
    exit 1
 fi

-# Check if repo is uninitialized
-if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != test ] && ! borg info > /dev/null; then
-    if [ -n "$BORG_REMOTE_REPO" ]; then
-        echo "The repository is uninitialized or cannot connect to remote. Cannot perform check or restore."
-    else
-        echo "The repository is uninitialized. Cannot perform check or restore."
-    fi
+# Check if target is empty
+if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != test ] && ! [ -f "$BORG_BACKUP_DIRECTORY/config" ]; then
+    echo "The repository is empty. cannot perform check or restore."
    exit 1
 fi

 # Do not continue if this file exists (needed for simple external blocking)
-if [ -z "$BORG_REMOTE_REPO" ] && [ -f "$BORG_BACKUP_DIRECTORY/aio-lockfile" ]; then
-    echo "Not continuing because aio-lockfile exists – it seems like a script is externally running which is locking the backup archive."
+if [ -f "$BORG_BACKUP_DIRECTORY/aio-lockfile" ]; then
+    echo "Not continuing because aio-lockfile exists - it seems like a script is externally running which is locking the backup archive."
    echo "If this should not be the case, you can fix this by deleting the 'aio-lockfile' file from the backup archive directory."
    exit 1
 fi
@@ -61,15 +49,6 @@ if [ "$BORG_MODE" = backup ] || [ "$BORG_MODE" = restore ]; then
    touch "/nextcloud_aio_volumes/nextcloud_aio_database_dump/backup-is-running"
 fi

-if [ -n "$BORG_REMOTE_REPO" ] && ! [ -f "$BORGBACKUP_KEY" ]; then
-    echo "First run, creating borg ssh key"
-    ssh-keygen  -f "$BORGBACKUP_KEY" -N ""
-    echo "You should configure the remote to accept this public key"
-fi
-if [ -n "$BORG_REMOTE_REPO" ] && [ -f "$BORGBACKUP_KEY.pub" ]; then
-    echo "Your public ssh key for borgbackup is: $(cat "$BORGBACKUP_KEY.pub")"
-fi
-
 # Do the backup
 if [ "$BORG_MODE" = backup ]; then

@@ -78,102 +57,65 @@ if [ "$BORG_MODE" = backup ]; then
        echo "configuration.json not present. Cannot perform the backup!"
        exit 1
    elif ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/config/config.php" ]; then
-        echo "config.php is missing. Cannot perform backup!"
+        echo "config.php is missing cannot perform backup"
        exit 1
    elif ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_database_dump/database-dump.sql" ]; then
-        echo "database-dump is missing. Cannot perform backup!"
-        echo "Please check the database container logs!"
-        exit 1
-    elif ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.ocdata" ] && ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.ncdata" ]; then
-        echo "The .ncdata or .ocdata file is missing in Nextcloud datadir which means it is invalid!"
-        echo "Is the drive where the datadir is located on still mounted?"
+        echo "database-dump is missing. cannot perform backup"
        exit 1
    fi

-    # Test that default volumes are not empty
-    for volume in "${DEFAULT_VOLUMES[@]}"; do
-        if [ -z "$(ls -A "/nextcloud_aio_volumes/$volume")" ] && [ "$volume" != "nextcloud_aio_elasticsearch" ]; then
-            echo "/nextcloud_aio_volumes/$volume is empty which should not happen!"
+    # Test that nothing is empty
+    for directory in "${VOLUME_DIRS[@]}"; do
+        if [ -z "$(ls -A "$directory")" ] && [ "$directory" != "/nextcloud_aio_volumes/nextcloud_aio_elasticsearch" ]; then
+            echo "$directory is empty which is not allowed."
            exit 1
        fi
    done

    if [ -f "/nextcloud_aio_volumes/nextcloud_aio_database_dump/export.failed" ]; then
+        echo "Database export failed the last time. Most likely was the export time not high enough."
        echo "Cannot create a backup now."
-        echo "Reason is that the database export failed the last time."
-        echo "Most likely was the database container not correctly shut down via the AIO interface."
-        echo ""
-        echo "You might want to try the database export again manually by running the three commands:"
-        echo "sudo docker start nextcloud-aio-database"
-        echo "sleep 10"
-        echo "sudo docker stop nextcloud-aio-database -t 1800"
-        echo ""
-        echo "Afterwards try to create a backup again and it should hopefully work."
-        echo "If it should still fail, feel free to report this to https://github.com/nextcloud/all-in-one/issues and post the database container logs and the borgbackup container logs into the thread. Thanks!"
+        echo "Please report this to https://github.com/nextcloud/all-in-one/issues. Thanks!"
        exit 1
    fi

-    if [ -z "$BORG_REMOTE_REPO" ]; then
-        # Create backup folder
-        mkdir -p "$BORG_BACKUP_DIRECTORY"
-    fi
+    # Create backup folder
+    mkdir -p "$BORG_BACKUP_DIRECTORY"

-    # Initialize the repository if can't get info from target
-    if ! borg info > /dev/null; then
+    # Initialize the repository if the target is empty
+    if ! [ -f "$BORG_BACKUP_DIRECTORY/config" ]; then
        # Don't initialize if already initialized
        if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
-            if [ -n "$BORG_REMOTE_REPO" ]; then
-                echo "Borg could not get info from the remote repo."
-                echo "This might be a failure to connect to the remote server. See the above borg info output for details."
-            else
-                echo "Borg could not get info from the targeted directory."
-                echo "This might happen if the targeted directory is located on an external drive and the drive not connected anymore. You should check this."
-            fi
-            echo "If you instead want to initialize a new backup repository, you may delete the 'borg.config' file that is stored in the mastercontainer volume manually, which will allow you to initialize a new borg repository in the chosen directory:"
+            echo "Cannot initialize a new repository as that was already done at least one time."
+            echo "If you still want to do so, you may delete the 'borg.config' file that is stored in the mastercontainer volume manually, which will allow you to initialize a new borg repository in the chosen directory:"
            echo "sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/borg.config"
            exit 1
        fi

-        echo "Initializing repository..."
+        echo "initializing repository..."
        NEW_REPOSITORY=1
-        if ! borg init --debug --encryption=repokey-blake2; then
+        if ! borg init --debug --encryption=repokey-blake2 "$BORG_BACKUP_DIRECTORY"; then
            echo "Could not initialize borg repository."
-            if [ -z "$BORG_REMOTE_REPO" ]; then
-                # Originally we checked for presence of the config file instead of calling `borg info`. Likely `borg info`
-                # will error on a partially initialized repo, so this line is probably no longer necessary
-                rm -f "$BORG_BACKUP_DIRECTORY/config"
-            fi
+            rm -f "$BORG_BACKUP_DIRECTORY/config"
            exit 1
        fi
+        borg config "$BORG_BACKUP_DIRECTORY" additional_free_space 2G

-        if [ -z "$BORG_REMOTE_REPO" ]; then
-            # borg config only works for local repos; it's up to the remote to ensure the disk isn't full
-            borg config :: additional_free_space 2G
+        # Fix too large Borg cache
+        # https://borgbackup.readthedocs.io/en/stable/faq.html#the-borg-cache-eats-way-too-much-disk-space-what-can-i-do
+        BORG_ID="$(borg config "$BORG_BACKUP_DIRECTORY" id)"
+        rm -r "/root/.cache/borg/$BORG_ID/chunks.archive.d"
+        touch "/root/.cache/borg/$BORG_ID/chunks.archive.d"

-            # Fix too large Borg cache
-            # https://borgbackup.readthedocs.io/en/stable/faq.html#the-borg-cache-eats-way-too-much-disk-space-what-can-i-do
-            BORG_ID="$(borg config :: id)"
-            rm -r "/root/.cache/borg/$BORG_ID/chunks.archive.d"
-            touch "/root/.cache/borg/$BORG_ID/chunks.archive.d"
-        fi
-
-        if ! borg info > /dev/null; then
-            echo "Borg can't get info from the repo it created. Something is wrong."
+        # Make a backup from the borg config file
+        if ! [ -f "$BORG_BACKUP_DIRECTORY/config" ]; then
+            echo "The borg config file wasn't created. Something is wrong."
            exit 1
        fi
-
        rm -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config"
-        if [ -n "$BORG_REMOTE_REPO" ]; then
-            # `borg config` does not support remote repos so instead create a dummy file and rely on the remote to avoid
-            # corruption of the config file (which contains the encryption key). We don't actually use the contents of
-            # this file anywhere, so a touch is all we need so we remember we already initialized the repo.
-            touch "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config"
-        else
-            # Make a backup from the borg config file
-            if ! cp "$BORG_BACKUP_DIRECTORY/config" "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config"; then
-                echo "Could not copy config file to second place. Cannot perform backup."
-                exit 1
-            fi
+        if ! cp "$BORG_BACKUP_DIRECTORY/config" "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config"; then
+            echo "Could not copy config file to second place. Cannot perform backup."
+            exit 1
        fi

        echo "Repository successfully initialized."
@@ -185,29 +127,18 @@ if [ "$BORG_MODE" = backup ]; then
    # Borg options
    # auto,zstd compression seems to has the best ratio based on:
    # https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6
-    BORG_OPTS=(-v --stats --compression "auto,zstd" --exclude-caches)
-    if [ "$NEW_REPOSITORY" = 1 ]; then
-        BORG_OPTS+=(--progress)
-    fi
+    BORG_OPTS=(-v --stats --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)

    # Exclude the nextcloud log and audit log for GDPR reasons
    BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log")

-    # Make sure that there is always a borg.config file before creating a new backup
-    if ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
-        echo "Did not find borg.config file in the mastercontainer volume."
-        echo "Cannot create a backup as this is wrong."
-        exit 1
-    fi
-
    # Create the backup
    echo "Starting the backup..."
    get_start_time
-    if ! borg create "${BORG_OPTS[@]}" "${BORG_EXCLUDE[@]}" "::$CURRENT_DATE-nextcloud-aio" "/nextcloud_aio_volumes/" --exclude-from /borg_excludes; then
+    if ! borg create "${BORG_OPTS[@]}" "${BORG_EXCLUDE[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-nextcloud-aio" "/nextcloud_aio_volumes/"; then
        echo "Deleting the failed backup archive..."
-        borg delete --stats "::$CURRENT_DATE-nextcloud-aio"
+        borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-nextcloud-aio"
        echo "Backup failed!"
-        echo "You might want to check the backup integrity via the AIO interface."
        if [ "$NEW_REPOSITORY" = 1 ]; then
            echo "Deleting borg.config file so that you can choose a different location for the backup."
            rm "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config"
@@ -219,19 +150,18 @@ if [ "$BORG_MODE" = backup ]; then
    rm -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/skip.update"

    # Prune options
-    read -ra BORG_PRUNE_OPTS <<< "$BORG_RETENTION_POLICY"
-    echo "BORG_PRUNE_OPTS are ${BORG_PRUNE_OPTS[*]}"
+    BORG_PRUNE_OPTS=(--stats --keep-within=7d --keep-weekly=4 --keep-monthly=6 "$BORG_BACKUP_DIRECTORY")

    # Prune archives
    echo "Pruning the archives..."
-    if ! borg prune --stats --glob-archives '*_*-nextcloud-aio' "${BORG_PRUNE_OPTS[@]}"; then
+    if ! borg prune --glob-archives '*_*-nextcloud-aio' "${BORG_PRUNE_OPTS[@]}"; then
        echo "Failed to prune archives!"
        exit 1
    fi

    # Compact archives
    echo "Compacting the archives..."
-    if ! borg compact; then
+    if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
        echo "Failed to compact archives!"
        exit 1
    fi
@@ -248,20 +178,20 @@ if [ "$BORG_MODE" = backup ]; then
                fi
            done
            echo "Starting the backup for additional volumes..."
-            if ! borg create "${BORG_OPTS[@]}" "::$CURRENT_DATE-additional-docker-volumes" "/docker_volumes/"; then
+            if ! borg create "${BORG_OPTS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-docker-volumes" "/docker_volumes/"; then
                echo "Deleting the failed backup archive..."
-                borg delete --stats "::$CURRENT_DATE-additional-docker-volumes"
+                borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-docker-volumes"
                echo "Backup of additional docker-volumes failed!"
                exit 1
            fi
            echo "Pruning additional volumes..."
-            if ! borg prune --stats --glob-archives '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
+            if ! borg prune --glob-archives '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
                echo "Failed to prune additional docker-volumes archives!"
                exit 1
            fi
            echo "Compacting additional volumes..."
-            if ! borg compact; then
-                echo "Failed to compact additional docker-volume archives!"
+            if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
+                echo "Failed to compact archives!"
                exit 1
            fi
        fi
@@ -278,20 +208,20 @@ if [ "$BORG_MODE" = backup ]; then
                EXCLUDE_DIRS+=(--exclude "/host_mounts/$directory/")
            done
            echo "Starting the backup for additional host mounts..."
-            if ! borg create "${BORG_OPTS[@]}" "${EXCLUDE_DIRS[@]}" "::$CURRENT_DATE-additional-host-mounts" "/host_mounts/"; then
+            if ! borg create "${BORG_OPTS[@]}" "${EXCLUDE_DIRS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-host-mounts" "/host_mounts/"; then
                echo "Deleting the failed backup archive..."
-                borg delete --stats "::$CURRENT_DATE-additional-host-mounts"
+                borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-host-mounts"
                echo "Backup of additional host-mounts failed!"
                exit 1
            fi
            echo "Pruning additional host mounts..."
-            if ! borg prune --stats --glob-archives '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}"; then
+            if ! borg prune --glob-archives '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}"; then
                echo "Failed to prune additional host-mount archives!"
                exit 1
            fi
            echo "Compacting additional host mounts..."
-            if ! borg compact; then
-                echo "Failed to compact additional host-mount archives!"
+            if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
+                echo "Failed to compact archives!"
                exit 1
            fi
        fi
@@ -299,7 +229,7 @@ if [ "$BORG_MODE" = backup ]; then

    # Inform user
    get_expiration_time
-    echo "Backup finished successfully on $END_DATE_READABLE ($DURATION_READABLE)."
+    echo "Backup finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"
    if [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/update.failed" ]; then
        echo "However a Nextcloud update failed. So reporting that the backup failed which will skip any update attempt the next time."
        echo "Please restore a backup from before the failed Nextcloud update attempt."
@@ -312,24 +242,17 @@ fi
 if [ "$BORG_MODE" = restore ]; then
    get_start_time

-    # Pick archive to restore
+    # Perform the restore
    if [ -n "$SELECTED_RESTORE_TIME" ]; then
-        SELECTED_ARCHIVE="$(borg list | grep "nextcloud-aio" | grep "$SELECTED_RESTORE_TIME" | awk -F " " '{print $1}' | head -1)"
+        SELECTED_ARCHIVE="$(borg list "$BORG_BACKUP_DIRECTORY" | grep "nextcloud-aio" | grep "$SELECTED_RESTORE_TIME" | awk -F " " '{print $1}' | head -1)"
    else
-        SELECTED_ARCHIVE="$(borg list | grep "nextcloud-aio" | awk -F " " '{print $1}' | sort -r | head -1)"
+        SELECTED_ARCHIVE="$(borg list "$BORG_BACKUP_DIRECTORY" | grep "nextcloud-aio" | awk -F " " '{print $1}' | sort -r | head -1)"
    fi
    echo "Restoring '$SELECTED_ARCHIVE'..."
-
-    # Exclude previews from restore if selected to speed up process
-    ADDITIONAL_RSYNC_EXCLUDES=()
-    ADDITIONAL_BORG_EXCLUDES=()
-    ADDITIONAL_FIND_EXCLUDES=()
-    if [ -n "$RESTORE_EXCLUDE_PREVIEWS" ]; then
-        # Keep these 3 in sync. Beware, the pattern syntax and the paths differ
-        ADDITIONAL_RSYNC_EXCLUDES=(--exclude "nextcloud_aio_nextcloud_data/appdata_*/preview/**")
-        ADDITIONAL_BORG_EXCLUDES=(--exclude "sh:nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_*/preview/**")
-        ADDITIONAL_FIND_EXCLUDES=(-o -regex 'nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/appdata_[^/]*/preview\(/.*\)?')
-        echo "Excluding previews from restore"
+    mkdir -p /tmp/borg
+    if ! borg mount "$BORG_BACKUP_DIRECTORY::$SELECTED_ARCHIVE" /tmp/borg; then
+        echo "Could not mount the backup!"
+        exit 1
    fi

    # Save Additional Backup dirs
@@ -342,12 +265,27 @@ if [ "$BORG_MODE" = restore ]; then
        DAILY_BACKUPTIME="$(cat /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_time)"
    fi

+    # Restore everything except the configuration file
+    if ! rsync --stats --archive --human-readable -vv --delete \
+    --exclude "nextcloud_aio_apache/caddy/**" \
+    --exclude "nextcloud_aio_mastercontainer/caddy/**" \
+    --exclude "nextcloud_aio_nextcloud/data/nextcloud.log*" \
+    --exclude "nextcloud_aio_nextcloud/data/audit.log" \
+    --exclude "nextcloud_aio_mastercontainer/certs/**" \
+    --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \
+    --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
+    --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
+    --exclude "nextcloud_aio_mastercontainer/session/**" \
+    /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes; then
+        RESTORE_FAILED=1
+        echo "Something failed while restoring from backup."
+    fi
+
    # Save current aio password
    AIO_PASSWORD="$(jq '.password' /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"

-    # Save current backup location vars
+    # Save current path
    BORG_LOCATION="$(jq '.borg_backup_host_location' /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"
-    REMOTE_REPO="$(jq '.borg_remote_repo' /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"

    # Save current nextcloud datadir
    if grep -q '"nextcloud_datadir":' /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json; then
@@ -356,114 +294,21 @@ if [ "$BORG_MODE" = restore ]; then
        NEXTCLOUD_DATADIR='""'
    fi

-    if [ -z "$BORG_REMOTE_REPO" ]; then
-        mkdir -p /tmp/borg
-        if ! borg mount "::$SELECTED_ARCHIVE" /tmp/borg; then
-            echo "Could not mount the backup!"
-            exit 1
-        fi
-
-        # Restore everything except the configuration file
-        #
-        # These exclude patterns need to be kept in sync with the borg_excludes file and the find excludes in this file,
-        # which use a different syntax (patterns appear in 3 places in total)
-        if ! rsync --stats --archive --human-readable -vv --delete \
-        --exclude "nextcloud_aio_apache/caddy/**" \
-        --exclude "nextcloud_aio_mastercontainer/caddy/**" \
-        --exclude "nextcloud_aio_nextcloud/data/nextcloud.log*" \
-        --exclude "nextcloud_aio_nextcloud/data/audit.log" \
-        --exclude "nextcloud_aio_mastercontainer/certs/**" \
-        --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \
-        --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
-        --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
-        --exclude "nextcloud_aio_mastercontainer/session/**" \
-        "${ADDITIONAL_RSYNC_EXCLUDES[@]}" \
-        /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes/; then
-            RESTORE_FAILED=1
-            echo "Something failed while restoring from backup."
-        fi
-
-        # Restore the configuration file
-        if ! rsync --archive --human-readable -vv \
-                /tmp/borg/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json \
-                /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json; then
-            RESTORE_FAILED=1
-            echo "Something failed while restoring the configuration.json."
-        fi
-
-        if ! umount /tmp/borg; then
-            echo "Failed to unmount the borg archive but should still be able to restore successfully"
-        fi
-    else
-        # Restore nearly everything
-        #
-        # borg mount is really slow for remote repos (did not check whether it's slow for local repos too),
-        # using extract to /tmp would require temporarily storing a second copy of the data.
-        # So instead extract directly on top of the destination with exclude patterns for the config, but
-        # then we do still need to delete local files which are not present in the archive.
-        #
-        # Older backups may still contain files we've since excluded, so we have to exclude on extract as well.
-        cd /  # borg extract has no destination arg and extracts to CWD
-        if ! borg extract "::$SELECTED_ARCHIVE" --progress --exclude-from /borg_excludes "${ADDITIONAL_BORG_EXCLUDES[@]}" --pattern '+nextcloud_aio_volumes/**'
-        then
-            RESTORE_FAILED=1
-            echo "Failed to extract backup archive."
-        else
-            # Delete files/dirs present locally, but not in the backup archive, excluding conf files
-            # https://unix.stackexchange.com/a/759341
-            # This comm does not support -z, but I doubt any file names would have \n in them
-            #
-            # These find patterns need to be kept in sync with the borg_excludes file and the rsync excludes in this
-            # file, which use a different syntax (patterns appear in 3 places in total)
-            echo "Deleting local files which do not exist in the backup"
-            if ! find nextcloud_aio_volumes \
-                    -not \( \
-                        -path nextcloud_aio_volumes/nextcloud_aio_apache/caddy \
-                        -o -path "nextcloud_aio_volumes/nextcloud_aio_apache/caddy/*" \
-                        -o -path nextcloud_aio_volumes/nextcloud_aio_mastercontainer/caddy \
-                        -o -path "nextcloud_aio_volumes/nextcloud_aio_mastercontainer/caddy/*" \
-                        -o -path nextcloud_aio_volumes/nextcloud_aio_mastercontainer/certs \
-                        -o -path "nextcloud_aio_volumes/nextcloud_aio_mastercontainer/certs/*" \
-                        -o -path nextcloud_aio_volumes/nextcloud_aio_mastercontainer/session \
-                        -o -path "nextcloud_aio_volumes/nextcloud_aio_mastercontainer/session/*" \
-                        -o -path "nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" \
-                        -o -path nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log \
-                        -o -path nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_running \
-                        -o -path nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/session_date_file \
-                        -o -path "nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/id_borg*" \
-                        "${ADDITIONAL_FIND_EXCLUDES[@]}" \
-                    \) \
-                    | LC_ALL=C sort \
-                    | LC_ALL=C comm -23 - \
-                        <(borg list "::$SELECTED_ARCHIVE" --short --exclude-from /borg_excludes  --pattern '+nextcloud_aio_volumes/**' | LC_ALL=C sort) \
-                    > /tmp/local_files_not_in_backup
-            then
-                RESTORE_FAILED=1
-                echo "Failed to delete local files not in backup archive."
-            else
-                # More robust than e.g. xargs as I got a ~"args line too long" error while testing that, but it's slower
-                # https://stackoverflow.com/a/21848934
-                while IFS= read -r file
-                do rm -vrf -- "$file" || DELETE_FAILED=1
-                done < /tmp/local_files_not_in_backup
-
-                if [ "$DELETE_FAILED" = 1 ]; then
-                    RESTORE_FAILED=1
-                    echo "Failed to delete (some) local files not in backup archive."
-                fi
-            fi
-        fi
+    # Restore the configuration file
+    if ! rsync --archive --human-readable -vv \
+    /tmp/borg/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json \
+    /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json; then
+        RESTORE_FAILED=1
+        echo "Something failed while restoring the configuration.json."
    fi

    # Set backup-mode to restore since it was a restore
    CONTENTS="$(jq '."backup-mode" = "restore"' /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"
    echo -E "${CONTENTS}" > /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json

-    # Reset the backup location vars to the currently used one
+    # Reset the backup path to the currently used one
    CONTENTS="$(jq ".borg_backup_host_location = $BORG_LOCATION" /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"
    echo -E "${CONTENTS}" > /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json
-    CONTENTS="$(jq ".borg_remote_repo = $REMOTE_REPO" /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"
-    echo -E "${CONTENTS}" > /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json

    # Reset the AIO password to the currently used one
    CONTENTS="$(jq ".password = $AIO_PASSWORD" /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json)"
@@ -487,13 +332,15 @@ if [ "$BORG_MODE" = restore ]; then
        chmod 770 "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_time"
    fi

+    umount /tmp/borg
+
    if [ "$RESTORE_FAILED" = 1 ]; then
        exit 1
    fi

    # Inform user
    get_expiration_time
-    echo "Restore finished successfully on $END_DATE_READABLE ($DURATION_READABLE)."
+    echo "Restore finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"

    # Add file to Nextcloud container so that it skips any update the next time
    touch "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/skip.update"
@@ -503,12 +350,6 @@ if [ "$BORG_MODE" = restore ]; then
    touch "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/fingerprint.update"
    chmod 777 "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/fingerprint.update"

-    # Add file to Netcloud container to trigger a preview scan the next time it starts
-    if [ -n "$RESTORE_EXCLUDE_PREVIEWS" ]; then
-        touch "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/trigger-preview.scan"
-        chmod 777 "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/trigger-preview.scan"
-    fi
-
    # Delete redis cache
    rm -f "/mnt/redis/dump.rdb"
 fi
@@ -519,15 +360,14 @@ if [ "$BORG_MODE" = check ]; then
    echo "Checking the backup integrity..."

    # Perform the check
-    if ! borg check -v --verify-data; then
+    if ! borg check -v --verify-data "$BORG_BACKUP_DIRECTORY"; then
        echo "Some errors were found while checking the backup integrity!"
-        echo "Check the AIO interface for advice on how to proceed now!"
        exit 1
    fi

    # Inform user
    get_expiration_time
-    echo "Check finished successfully on $END_DATE_READABLE ($DURATION_READABLE)."
+    echo "Check finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"
    exit 0
 fi

@@ -537,53 +377,37 @@ if [ "$BORG_MODE" = "check-repair" ]; then
    echo "Checking the backup integrity and repairing it..."

    # Perform the check-repair
-    if ! echo YES | borg check -v --repair; then
+    if ! echo YES | borg check -v --repair "$BORG_BACKUP_DIRECTORY"; then
        echo "Some errors were found while checking and repairing the backup integrity!"
        exit 1
    fi

    # Inform user
    get_expiration_time
-    echo "Check finished successfully on $END_DATE_READABLE ($DURATION_READABLE)."
+    echo "Check finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"
    exit 0
 fi

 # Do the backup test
 if [ "$BORG_MODE" = test ]; then
-    if [ -n "$BORG_REMOTE_REPO" ]; then
-        if ! borg info > /dev/null; then
-            echo "Borg could not get info from the remote repo."
-            echo "See the above borg info output for details."
-            exit 1
-        fi
-    else
-        if ! [ -d "$BORG_BACKUP_DIRECTORY" ]; then
-            echo "No 'borg' directory in the given backup directory found!"
-            echo "Only the files/folders below have been found in the given directory."
-            ls -a "$MOUNT_DIR"
-            echo "Please adjust the directory so that the borg archive is positioned in a folder named 'borg' inside the given directory!"
-            exit 1
-        elif ! [ -f "$BORG_BACKUP_DIRECTORY/config" ]; then
-            echo "A 'borg' directory was found but could not find the borg archive."
-            echo "Only the files/folders below have been found in the borg directory."
-            ls -a "$BORG_BACKUP_DIRECTORY"
-            echo "The archive and most importantly the config file must be positioned directly in the 'borg' subfolder."
-            exit 1
-        fi
-    fi
-
-    if ! borg list >/dev/null; then
+    if ! [ -d "$BORG_BACKUP_DIRECTORY" ]; then
+        echo "No 'borg' directory in the given backup directory found!"
+        echo "Only the files/folders below have been found in the given directory."
+        ls -a "$MOUNT_DIR"
+        echo "Please adjust the directory so that the borg archive is positioned in a folder named 'borg' inside the given directory!"
+        exit 1
+    elif ! [ -f "$BORG_BACKUP_DIRECTORY/config" ]; then
+        echo "A 'borg' directory was found but could not find the borg archive."
+        echo "Only the files/folders below have been found in the borg directory."
+        ls -a "$BORG_BACKUP_DIRECTORY"
+        echo "The archive and most importantly the config file must be positioned directly in the 'borg' subfolder."
+        exit 1
+    elif ! borg list "$BORG_BACKUP_DIRECTORY"; then
        echo "The entered path seems to be valid but could not open the backup archive."
        echo "Most likely the entered password was wrong so please adjust it accordingly!"
        exit 1
    else
-        if ! borg list | grep "nextcloud-aio"; then
-            echo "The backup archive does not contain a valid Nextcloud AIO backup."
-            echo "Most likely was the archive not created via Nextcloud AIO."
-            exit 1
-        else
-            echo "Everything looks fine so feel free to continue!"
-            exit 0
-        fi
+        echo "Everything looks fine so feel free to continue!"
+        exit 0
    fi
 fi
--- a/Containers/borgbackup/borg_excludes
+++ b/Containers/borgbackup/borg_excludes
@@ -1,11 +0,0 @@
-# These patterns need to be kept in sync with rsync and find excludes in backupscript.sh,
-# which use a different syntax (patterns appear in 3 places in total)
-nextcloud_aio_volumes/nextcloud_aio_apache/caddy/
-nextcloud_aio_volumes/nextcloud_aio_mastercontainer/caddy/
-nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*
-nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log
-nextcloud_aio_volumes/nextcloud_aio_mastercontainer/certs/
-nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/daily_backup_running
-nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/session_date_file
-nextcloud_aio_volumes/nextcloud_aio_mastercontainer/session/
-nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/id_borg*
--- a/Containers/borgbackup/start.sh
+++ b/Containers/borgbackup/start.sh
@@ -2,7 +2,7 @@

 # Variables
 export MOUNT_DIR="/mnt/borgbackup"
-export BORG_BACKUP_DIRECTORY="$MOUNT_DIR/borg"  # necessary even when remote to store the aio-lockfile
+export BORG_BACKUP_DIRECTORY="$MOUNT_DIR/borg"

 # Validate BORG_PASSWORD
 if [ -z "$BORG_PASSWORD" ] && [ -z "$BACKUP_RESTORE_PASSWORD" ]; then
@@ -18,18 +18,6 @@ else
 fi
 export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes
 export BORG_RELOCATED_REPO_ACCESS_IS_OK=yes
-if [ -n "$BORG_REMOTE_REPO" ]; then
-    export BORG_REPO="$BORG_REMOTE_REPO"
-
-    # Location to create the borg ssh pub/priv key
-    export BORGBACKUP_KEY="/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/id_borg"
-
-    # Accept any host key the first time connecting to the remote. Strictly speaking should be provided by user but you'd
-    # have to be very unlucky to get MitM'ed on your first connection.
-    export BORG_RSH="ssh -o StrictHostKeyChecking=accept-new -i $BORGBACKUP_KEY"
-else
-    export BORG_REPO="$BORG_BACKUP_DIRECTORY"
-fi

 # Validate BORG_MODE
 if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ] && [ "$BORG_MODE" != "check-repair" ] && [ "$BORG_MODE" != test ]; then
@@ -48,8 +36,8 @@ fi
 rm -f "/nextcloud_aio_volumes/nextcloud_aio_database_dump/backup-is-running"

 # Get a list of all available borg archives
-if borg list &>/dev/null; then
-    borg list | grep "nextcloud-aio" | awk -F " " '{print $1","$3,$4}' > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/backup_archives.list"
+if borg list "$BORG_BACKUP_DIRECTORY" &>/dev/null; then
+    borg list "$BORG_BACKUP_DIRECTORY" | grep "nextcloud-aio" | awk -F " " '{print $1","$3,$4}' > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/backup_archives.list"
 else
    echo "" > "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/backup_archives.list"
 fi
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,28 +1,7 @@
-# syntax=docker/dockerfile:latest
-# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.4.2-24
+# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/0.105/alpine/Dockerfile
+FROM clamav/clamav:1.0.1-1

-COPY clamav.conf /clamav.conf
-COPY --chmod=775 start.script /start.script
-
-RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache tzdata bash; \
-    mkdir -p /var/run/clamav /run/lock; \
-    chown -R clamav:clamav /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock; \
-    chmod 777 -R /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock /tmp; \
-    sed -i "/^set -eu/r /start.script" /init-unprivileged; \
-    rm /start.script; \
-    grep -q 'clamd --foreground &' /init-unprivileged; \
-    sed -i "s|clamd --foreground \&|clamd --foreground --config-file /tmp/clamd.conf \&|" /init-unprivileged; \
-    cat /init-unprivileged
-
-VOLUME /var/lib/clamav
-
-USER 100
-
-LABEL com.centurylinklabs.watchtower.enable="false"
-
-HEALTHCHECK --start-period=60s --retries=9 CMD clamdcheck.sh
-
-ENTRYPOINT ["/init-unprivileged"]
+RUN apk add --no-cache tzdata
+COPY clamav.conf /tmp/
+RUN cat /tmp/clamav.conf >> /etc/clamav/clamd.conf
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/clamav/clamav.conf
+++ b/Containers/clamav/clamav.conf
@@ -1,5 +1,4 @@
-# AIO settings
 MaxDirectoryRecursion 30
-MaxFileSize 16G
-PCREMaxFileSize 16G
-StreamMaxLength 16G
+MaxFileSize 100M
+PCREMaxFileSize 100M
+StreamMaxLength 100M
--- a/Containers/clamav/start.script
+++ b/Containers/clamav/start.script
@@ -1,4 +0,0 @@
-# Adjust settings
-cat /etc/clamav/clamd.conf > /tmp/clamd.conf
-CLAMAV_FILE="$(sed "s|16G|$MAX_SIZE|" /clamav.conf)"
-echo "$CLAMAV_FILE" >> /tmp/clamd.conf
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,24 +1,19 @@
-# syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.12.1.1
+FROM collabora/code:22.05.12.2.1

 USER root
-ARG DEBIAN_FRONTEND=noninteractive

-# hadolint ignore=DL3008
 RUN set -ex; \
    \
    apt-get update; \
+    export DEBIAN_FRONTEND=noninteractive; \
    apt-get install -y --no-install-recommends \
-#        # Disable because seems to be failing currently
-#        # tzdata \
-        netcat-openbsd \
+        tzdata \
+        netcat \
    ; \
-    rm -rf /var/lib/apt/lists/*;
+    rm -rf /var/lib/apt/lists/*

-COPY --chmod=775 healthcheck.sh /healthcheck.sh
+USER 104

-USER 100
-
-HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+HEALTHCHECK CMD nc -z localhost 9980 || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/collabora/healthcheck.sh
+++ b/Containers/collabora/healthcheck.sh
@@ -1,3 +0,0 @@
-#!/bin/bash
-
-nc -z 127.0.0.1 9980 || exit 1
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,21 +0,0 @@
-# syntax=docker/dockerfile:latest
-FROM haproxy:3.1.2-alpine
-
-# hadolint ignore=DL3002
-USER root
-ENV NEXTCLOUD_HOST=nextcloud-aio-nextcloud
-RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache \
-        ca-certificates \
-        tzdata \
-        bash \
-        bind-tools; \
-    chmod -R 777 /tmp
-
-COPY --chmod=775 *.sh /
-COPY --chmod=664 haproxy.cfg /haproxy.cfg
-
-ENTRYPOINT ["/start.sh"]
-HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -1,66 +0,0 @@
-# Inspiration: https://github.com/Tecnativa/docker-socket-proxy/blob/master/haproxy.cfg
-
-global
-    maxconn 10
-
-defaults
-    timeout connect 10s
-    timeout client 10s
-    timeout server 10s
-
-frontend http
-    mode http
-    bind :::2375 v4v6
-    http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER }
-    # docker system _ping
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping } METH_GET
-    # container inspect: GET containers/%s/json
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/json } METH_GET
-    # container inspect: GET containers/%s/logs
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/logs } METH_GET
-    # container start/stop: POST containers/%s/start containers/%s/stop
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/((start)|(stop)) } METH_POST
-    # container rm: DELETE containers/%s
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+ } METH_DELETE
-    # container update/exec: POST containers/%s/update containers/%s/exec
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/((update)|(exec)) } METH_POST
-    # container put: PUT containers/%s/archive
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/archive } METH_PUT
-    # run exec instance: POST exec/%s
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/exec/[a-zA-Z0-9_.-]+/start } METH_POST
-
-    # container create: POST containers/create?name=%s
-    # ACL to restrict container name to nc_app_[a-zA-Z0-9_.-]+
-    acl nc_app_container_name url_param(name) -m reg -i "^nc_app_[a-zA-Z0-9_.-]+"
-
-    # ACL to restrict the number of Mounts to 1
-    acl one_mount_volume req.body -m reg -i "\"Mounts\"\s*:\s*\[\s*(?:(?!\"Mounts\"\s*:\s*\[)[^}]*)}[^}]*\]"
-    # ACL to deny if there are any binds
-    acl binds_present req.body -m reg -i "\"HostConfig\"\s*:.*\"Binds\"\s*:"
-    # ACL to restrict the type of Mounts to volume
-    acl type_not_volume req.body -m reg -i "\"Mounts\":\s*\[[^\]]*(\"Type\":\s*\"(?!volume\b)\w+\"[^\]]*)+\]"
-    http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name !one_mount_volume binds_present type_not_volume METH_POST
-
-    # ACL to restrict container creation, that it has HostConfig.Privileged not set
-    acl no_privileged_flag req.body -m reg -i "\"HostConfig\":\s?{[^}]*\"Privileged\""
-    # ACL to allow mount volume with strict pattern for name: nc_app_[a-zA-Z0-9_.-]+_data
-    acl nc_app_volume_data_only req.body -m reg -i "\"Mounts\":\s?\[\s?{[^}]*\"Source\":\s?\"nc_app_[a-zA-Z0-9_.-]+_data\""
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name !no_privileged_flag nc_app_volume_data_only METH_POST
-    # end of container create
-
-    # volume create: POST volumes/create
-    # restrict name
-    acl nc_app_volume_data req.body -m reg -i "\"Name\":\s?\"nc_app_[a-zA-Z0-9_.-]+_data\""
-    # do not allow to use "device" word e.g., "--opt device=:/path/to/dir"
-    acl volume_no_device req.body -m reg -i "\"device\""
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes/create } nc_app_volume_data !volume_no_device METH_POST
-    # volume rm: DELETE volumes/%s
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes/nc_app_[a-zA-Z0-9_.-]+_data } METH_DELETE
-    # image pull: POST images/create?fromImage=%s
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images/create } METH_POST
-    http-request deny
-    default_backend dockerbackend
-
-backend dockerbackend
-    mode http
-    server dockersocket /var/run/docker.sock
--- a/Containers/docker-socket-proxy/healthcheck.sh
+++ b/Containers/docker-socket-proxy/healthcheck.sh
@@ -1,4 +0,0 @@
-#!/bin/bash
-
-nc -z "$NEXTCLOUD_HOST" 9001 || exit 0
-nc -z 127.0.0.1 2375 || exit 1
--- a/Containers/docker-socket-proxy/start.sh
+++ b/Containers/docker-socket-proxy/start.sh
@@ -1,23 +0,0 @@
-#!/bin/sh
-
-# Only start container if nextcloud is accessible
-while ! nc -z "$NEXTCLOUD_HOST" 9001; do
-    echo "Waiting for Nextcloud to start..."
-    sleep 5
-done
-
-set -x
-IPv4_ADDRESS_NC="$(dig nextcloud-aio-nextcloud IN A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
-HAPROXYFILE="$(sed "s|NC_IPV4_PLACEHOLDER|$IPv4_ADDRESS_NC|" /haproxy.cfg)" 
-echo "$HAPROXYFILE" > /tmp/haproxy.cfg
-
-IPv6_ADDRESS_NC="$(dig nextcloud-aio-nextcloud AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-if [ -n "$IPv6_ADDRESS_NC" ]; then
-    HAPROXYFILE="$(sed "s|NC_IPV6_PLACEHOLDER|$IPv6_ADDRESS_NC|" /tmp/haproxy.cfg)"
-else
-    HAPROXYFILE="$(sed "s# || { src NC_IPV6_PLACEHOLDER }##g" /tmp/haproxy.cfg)"
-fi
-echo "$HAPROXYFILE" > /tmp/haproxy.cfg
-set +x
-
-haproxy -f /tmp/haproxy.cfg -db
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,20 +1,19 @@
-# syntax=docker/dockerfile:latest
-FROM alpine:3.21.2
-RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache bash lighttpd netcat-openbsd; \
-    adduser -S www-data -G www-data; \
-    rm -rf /etc/lighttpd/lighttpd.conf; \
-    chmod 777 -R /etc/lighttpd; \
-    mkdir -p /var/www/domaincheck; \
-    chown www-data:www-data -R /var/www; \
-    chmod 777 -R /var/www/domaincheck
-COPY --chown=www-data:www-data lighttpd.conf /lighttpd.conf
+FROM alpine:3.17.2
+RUN apk add --no-cache lighttpd bash netcat-openbsd

-COPY --chmod=775 start.sh /start.sh
+RUN adduser -S www-data -G www-data
+RUN rm -rf /etc/lighttpd/lighttpd.conf
+COPY lighttpd.conf /etc/lighttpd/lighttpd.conf
+RUN chmod +r -R /etc/lighttpd && \
+    chown www-data:www-data -R /var/www && \
+    chown www-data:www-data /etc/lighttpd/lighttpd.conf
+
+COPY start.sh /
+RUN chmod +x /start.sh

 USER www-data
+RUN mkdir -p /var/www/domaincheck/
 ENTRYPOINT ["/start.sh"]

-HEALTHCHECK CMD nc -z 127.0.0.1 $APACHE_PORT || exit 1
-LABEL com.centurylinklabs.watchtower.enable="false"
+HEALTHCHECK CMD nc -z localhost $APACHE_PORT || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/domaincheck/start.sh
+++ b/Containers/domaincheck/start.sh
@@ -11,7 +11,7 @@ if [ -z "$APACHE_PORT" ]; then
    export APACHE_PORT="443"
 fi

-CONF_FILE="$(sed "s|ipv6-placeholder|\[::\]:$APACHE_PORT|" /lighttpd.conf)"
+CONF_FILE="$(sed "s|ipv6-placeholder|\[::\]:$APACHE_PORT|" /etc/lighttpd/lighttpd.conf)"
 echo "$CONF_FILE" > /etc/lighttpd/lighttpd.conf

 # Check config file
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,24 +1,15 @@
-# syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.17.1
+FROM elasticsearch:7.17.9

-USER root
+RUN elasticsearch-plugin install --batch ingest-attachment

-ARG DEBIAN_FRONTEND=noninteractive
-
-# hadolint ignore=DL3008
 RUN set -ex; \
    \
    apt-get update; \
-    apt-get upgrade -y; \
    apt-get install -y --no-install-recommends \
        tzdata \
    ; \
-    rm -rf /var/lib/apt/lists/*;
+    rm -rf /var/lib/apt/lists/*

-COPY --chmod=775 healthcheck.sh /healthcheck.sh
-
-USER 1000:0
-
-HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+HEALTHCHECK CMD nc -z localhost 9200 || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/fulltextsearch/healthcheck.sh
+++ b/Containers/fulltextsearch/healthcheck.sh
@@ -1,3 +0,0 @@
-#!/bin/bash
-
-nc -z 127.0.0.1 9200 || exit 1
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,44 +1,29 @@
-# syntax=docker/dockerfile:latest
-FROM golang:1.23.5-alpine3.21 AS go
-
-ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
+# From https://github.com/h2non/imaginary/blob/master/Dockerfile
+FROM nextcloud/imaginary:20230301

+USER root
 RUN set -ex; \
-    apk add --no-cache \
-        vips-dev \
-        vips-magick \
-        vips-heif \
-        vips-jxl \
-        vips-poppler \
-        build-base; \
-    go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
+    \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+        netcat \
+    ; \
+    echo "deb http://deb.debian.org/debian bookworm main" > /etc/apt/sources.list.d/bookworm.list; \
+    apt-get update; \
+    apt-get install -t bookworm -y --no-install-recommends \
+        libheif1 \
+        libde265-0 \
+        libx265-199 \
+        libvips \
+    ; \
+    rm /etc/apt/sources.list.d/bookworm.list; \
+    rm -rf /var/lib/apt/lists/*
+USER nobody

-FROM alpine:3.21.2
-RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache \
-        tzdata \
-        ca-certificates \
-        netcat-openbsd \
-        vips \
-        vips-magick \
-        vips-heif \
-        vips-jxl \
-        vips-poppler \
-        ttf-dejavu \
-        bash
+ENTRYPOINT ["/usr/local/bin/imaginary", "-return-size", "-max-allowed-resolution", "222.2"]

-COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary
-COPY --chmod=775 start.sh /start.sh
-COPY --chmod=775 healthcheck.sh /healthcheck.sh
-
-ENV PORT=9000
-
-USER 65534
+HEALTHCHECK CMD nc -z localhost 9000 || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"

 # https://github.com/h2non/imaginary#memory-issues
 ENV MALLOC_ARENA_MAX=2
-ENTRYPOINT ["/start.sh"]
-
-HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
--- a/Containers/imaginary/healthcheck.sh
+++ b/Containers/imaginary/healthcheck.sh
@@ -1,3 +0,0 @@
-#!/bin/bash
-
-nc -z 127.0.0.1 "$PORT" || exit 1
--- a/Containers/imaginary/start.sh
+++ b/Containers/imaginary/start.sh
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-echo "Imaginary has started"
-if [ -z "$IMAGINARY_SECRET" ]; then
-    imaginary -return-size -max-allowed-resolution 222.2 "$@"
-else
-    imaginary -return-size -max-allowed-resolution 222.2 -key "$IMAGINARY_SECRET" "$@"
-fi
--- a/Containers/mastercontainer/.idea/.gitignore
+++ b/Containers/mastercontainer/.idea/.gitignore
@@ -0,0 +1,8 @@
+# Default ignored files
+/shelf/
+/workspace.xml
+# Datasource local storage ignored files
+/dataSources/
+/dataSources.local.xml
+# Editor-based HTTP Client requests
+/httpRequests/
--- a/Containers/mastercontainer/.idea/mastercontainer.iml
+++ b/Containers/mastercontainer/.idea/mastercontainer.iml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="JAVA_MODULE" version="4">
+  <component name="NewModuleRootManager" inherit-compiler-output="true">
+    <exclude-output />
+    <content url="file://$MODULE_DIR$" />
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>
--- a/Containers/mastercontainer/.idea/misc.xml
+++ b/Containers/mastercontainer/.idea/misc.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectRootManager">
+    <output url="file://$PROJECT_DIR$/out" />
+  </component>
+</project>
--- a/Containers/mastercontainer/.idea/modules.xml
+++ b/Containers/mastercontainer/.idea/modules.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/mastercontainer.iml" filepath="$PROJECT_DIR$/.idea/mastercontainer.iml" />
+    </modules>
+  </component>
+</project>
--- a/Containers/mastercontainer/.idea/vcs.xml
+++ b/Containers/mastercontainer/.idea/vcs.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="$PROJECT_DIR$/../.." vcs="Git" />
+  </component>
+</project>
--- a/Containers/mastercontainer/Caddyfile
+++ b/Containers/mastercontainer/Caddyfile
@@ -10,23 +10,20 @@
    log {
        level ERROR
    }
-
-    servers {
-        protocols h1 h2 h2c
-    }
-
-    on_demand_tls {
-        ask http://127.0.0.1:9876/
-    }
 }

 http://:80 {
-    redir https://{host}{uri} permanent
+  redir https://{host}{uri}
 }

-https://:8443 {
+# Match only host names and not ip-addresses:
+https://*.*:8443,
+https://*.*.*:8443,
+https://*.*.*.*:8443,
+https://*.*.*.*.*:8443,
+https://*.*.*.*.*.*:8443 {

-    reverse_proxy 127.0.0.1:8000
+    reverse_proxy localhost:8000

    tls {
        on_demand
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,29 +1,28 @@
-# syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:27.5.1-cli AS docker
+FROM docker:23.0.1-dind as dind

 # Caddy is a requirement
-FROM caddy:2.9.1-alpine AS caddy
+FROM caddy:2.6.4-alpine as caddy

-# From https://github.com/docker-library/php/blob/master/8.3/alpine3.21/fpm/Dockerfile
-FROM php:8.3.16-fpm-alpine3.21
+# From https://github.com/docker-library/php/blob/master/8.1/alpine3.17/fpm/Dockerfile
+FROM php:8.1.17-fpm-alpine3.17
+
+RUN set -ex; \
+    apk add --no-cache shadow; \
+    groupmod -g 333 xfs; \
+    usermod -u 333 -g 333 xfs; \
+    groupmod -g 33 www-data; \
+    usermod -u 33 -g 33 www-data

 EXPOSE 80
 EXPOSE 8080
 EXPOSE 8443

-COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
-COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
+RUN mkdir -p /var/www/docker-aio;

 WORKDIR /var/www/docker-aio

-# hadolint ignore=SC2086,DL3047,DL3003,DL3004
 RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache shadow; \
-    groupmod -g 33 www-data; \
-    usermod -u 33 -g 33 www-data; \
-    \
    apk add --no-cache \
        util-linux-misc \
        ca-certificates \
@@ -37,54 +36,60 @@ RUN set -ex; \
        sudo \
        netcat-openbsd \
        curl \
-        grep; \
-    \
+        grep
+
+RUN set -ex; \
    apk add --no-cache --virtual .build-deps \
        autoconf \
        build-base; \
-    pecl install APCu-5.1.24; \
+    pecl install APCu-5.1.22; \
    docker-php-ext-enable apcu; \
    rm -r /tmp/pear; \
+    \
    runDeps="$( \
        scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
            | tr ',' '\n' \
            | sort -u \
            | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
    )"; \
-    apk add --no-cache --virtual .nextcloud-aio-rundeps $runDeps; \
+    apk add --virtual .nextcloud-aio-rundeps $runDeps; \
    apk del .build-deps; \
    grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
    sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
    sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
-    grep -q ';listen.allowed_clients' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's|;listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1|' /usr/local/etc/php-fpm.d/www.conf; \
-    \
+    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf
+
+COPY --from=caddy /usr/bin/caddy /usr/bin/
+RUN chmod +x /usr/bin/caddy
+
+COPY --from=dind /usr/local/bin/docker /usr/local/bin/
+RUN chmod +x /usr/local/bin/docker
+
+RUN set -e && \
    apk add --no-cache git; \
    wget https://getcomposer.org/installer -O - | php -- --install-dir=/usr/local/bin --filename=composer; \
    chmod +x /usr/local/bin/composer; \
    cd /var/www/docker-aio; \
    git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
-    find ./ -maxdepth 1 -mindepth 1 -not -path ./php -not -path ./community-containers -exec rm -r {} \; ; \
-    chown www-data:www-data -R /var/www/docker-aio; \
    cd php; \
-    sudo -u www-data composer install --no-dev; \
-    sudo -u www-data composer clear-cache; \
+    composer install --no-dev; \
+    composer clearcache; \
    cd ..; \
    rm -f /usr/local/bin/composer; \
-    chmod -R 770 /var/www/docker-aio; \
-    chown -R www-data:www-data /var/www; \
-    rm -r php/data; \
-    rm -r php/session; \
-    \
-    mkdir -p /etc/apache2/certs; \
-    cd /etc/apache2/certs; \
-    openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout /etc/apache2/certs/ssl.key -out /etc/apache2/certs/ssl.crt; \
-    \
-    sed -i \
+    chmod 770 -R ./; \
+    chown www-data:www-data -R /var/www; \
+    rm -r ./php/data; \
+    rm -r ./php/session; \
+    apk del --no-cache git
+
+RUN mkdir -p /etc/apache2/certs && \
+    cd /etc/apache2/certs && \
+    openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout ./ssl.key -out ./ssl.crt;
+
+COPY mastercontainer.conf /etc/apache2/sites-available/
+
+RUN sed -i \
            -e '/^Listen /d' \
-            -e 's/^LogLevel .*/LogLevel error/' \
-            -e 's|^ErrorLog .*|ErrorLog /proc/self/fd/2|' \
            -e 's/User apache/User www-data/g' \
            -e 's/Group apache/Group www-data/g' \
            -e 's/^#\(LoadModule .*mod_rewrite.so\)/\1/' \
@@ -96,34 +101,41 @@ RUN set -ex; \
            -e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \
            -e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \
            -e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \
-            -e 's/\(ScriptAlias \)/#\1/' \
        /etc/apache2/httpd.conf; \
        mkdir -p /etc/apache2/logs; \
        rm /etc/apache2/conf.d/ssl.conf; \
        echo "ServerName localhost" | tee -a /etc/apache2/httpd.conf; \
-        grep -q '^LoadModule lbmethod_heartbeat_module' /etc/apache2/conf.d/proxy.conf; \
-        sed -i 's|^LoadModule lbmethod_heartbeat_module.*|#LoadModule lbmethod_heartbeat_module|' /etc/apache2/conf.d/proxy.conf; \
-        echo "SSLSessionCache nonenotnull" | tee -a /etc/apache2/httpd.conf; \
        echo "LoadModule ssl_module modules/mod_ssl.so" | tee -a /etc/apache2/httpd.conf; \
        echo "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so" | tee -a /etc/apache2/httpd.conf; \
-        echo "Include /etc/apache2/sites-available/mastercontainer.conf" | tee -a /etc/apache2/httpd.conf; \
-    \
+        echo "Include /etc/apache2/sites-available/mastercontainer.conf" | tee -a /etc/apache2/httpd.conf
+
+RUN set -ex; \
    rm -f /etc/apache2/conf.d/default.conf \
          /etc/apache2/conf.d/userdir.conf \
-          /etc/apache2/conf.d/info.conf; \
-    \
-    rm -rf /var/www/localhost/cgi-bin/; \
-    mkdir /var/log/supervisord; \
+          /etc/apache2/conf.d/info.conf
+
+RUN mkdir /var/log/supervisord; \
    mkdir /var/run/supervisord;

-COPY --chmod=775 *.sh /
-COPY --chmod=664 Caddyfile /Caddyfile
-COPY --chmod=664 supervisord.conf /supervisord.conf
-COPY mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf
+COPY Caddyfile /
+COPY start.sh /usr/bin/
+COPY backup-time-file-watcher.sh /
+COPY session-deduplicator.sh /
+COPY cron.sh /
+COPY daily-backup.sh /
+COPY supervisord.conf /
+COPY healthcheck.sh /
+RUN chmod +x /usr/bin/start.sh; \
+    chmod +x /cron.sh; \
+    chmod +x /session-deduplicator.sh; \
+    chmod +x /backup-time-file-watcher.sh; \
+    chmod +x /daily-backup.sh; \
+    chmod a+r /Caddyfile; \
+    chmod +x /healthcheck.sh

-# hadolint ignore=DL3002
 USER root

-ENTRYPOINT ["/start.sh"]
+ENTRYPOINT ["start.sh"]
+CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

 HEALTHCHECK CMD /healthcheck.sh
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -12,11 +12,6 @@ while true; do
            export AUTOMATIC_UPDATES=0
            export START_CONTAINERS=1
        fi
-        if [ "$(sed -n '3p' "/mnt/docker-aio-config/data/daily_backup_time")" != 'successNotificationsAreNotEnabled' ]; then
-            export SEND_SUCCESS_NOTIFICATIONS=1
-        else
-            export SEND_SUCCESS_NOTIFICATIONS=0
-        fi
        set +x
        if [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
            export LOCK_FILE_PRESENT=1
@@ -62,14 +57,6 @@ while true; do
    # Remove dangling images
    sudo -u www-data docker image prune --force

-    # Check for available free space
-    sudo -u www-data php /var/www/docker-aio/php/src/Cron/CheckFreeDiskSpace.php
-
-    # Remove mastercontainer from default bridge network
-    if sudo -u www-data docker inspect nextcloud-aio-mastercontainer  --format "{{.NetworkSettings.Networks}}" | grep -q "bridge"; then
-        sudo -u www-data docker network disconnect bridge nextcloud-aio-mastercontainer
-    fi
-
    # Wait 60s so that the whole loop will not be executed again
    sleep 60
 done
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -16,15 +16,11 @@ fi
 sudo -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"

 # Check if apache is running/stopped, watchtower is stopped and backupcontainer is stopped
-APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.Config.Env}}" | grep -o 'APACHE_PORT=[0-9]\+' | grep -o '[0-9]\+' | head -1)"
-if [ -z "$APACHE_PORT" ]; then
-    echo "APACHE_PORT is not set which is not expected..."
-else
-    while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do
-        echo "Waiting for apache to become available"
-        sleep 30
-    done
-fi
+APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.HostConfig.PortBindings}}" | grep -oP '[0-9]+' | head -1)"
+while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do
+    echo "Waiting for apache to become available"
+    sleep 30
+done
 while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
    echo "Waiting for watchtower to stop"
    sleep 30
@@ -109,7 +105,7 @@ if [ "$DAILY_BACKUP" = 1 ] && ([ "$AUTOMATIC_UPDATES" = 1 ] || [ "$START_CONTAIN
        done
    fi
    echo "Sending backup notification..."
-    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/BackupNotification.php
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/BackupNotification.php
 fi

 echo "Daily backup script has finished"
--- a/Containers/mastercontainer/healthcheck.sh
+++ b/Containers/mastercontainer/healthcheck.sh
@@ -1,10 +1,5 @@
 #!/bin/bash

 if [ -f "/mnt/docker-aio-config/data/configuration.json" ]; then
-    nc -z 127.0.0.1 80 || exit 1
-    nc -z 127.0.0.1 8000 || exit 1
-    nc -z 127.0.0.1 8080 || exit 1
-    nc -z 127.0.0.1 8443 || exit 1
-    nc -z 127.0.0.1 9000 || exit 1
-    nc -z 127.0.0.1 9876 || exit 1
+    nc -z localhost 8080 || exit 1
 fi
--- a/Containers/mastercontainer/mastercontainer.conf
+++ b/Containers/mastercontainer/mastercontainer.conf
@@ -11,15 +11,12 @@ Listen 8080
    ServerName localhost

    # Add error log
-    CustomLog /proc/self/fd/1 proxy
-    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+    CustomLog /proc/self/fd/1 combined
    ErrorLog /proc/self/fd/2
-    ErrorLogFormat "[%t] [%l] [%E] [client: %{X-Forwarded-For}i] [%M] [%{User-Agent}i]"
-    LogLevel warn

    # PHP match
    <FilesMatch "\.php$">
-        SetHandler "proxy:fcgi://127.0.0.1:9000"
+        SetHandler "proxy:fcgi://localhost:9000"
    </FilesMatch>
    # Master dir
    DocumentRoot /var/www/docker-aio/php/public/
@@ -41,22 +38,16 @@ Listen 8080
 # Https host
 <VirtualHost *:8080>
    # Proxy to https
-    ProxyPass / http://127.0.0.1:8000/
-    ProxyPassReverse / http://127.0.0.1:8000/
+    ProxyPass / http://localhost:8000/
+    ProxyPassReverse / http://localhost:8000/
    ProxyPreserveHost On
    # SSL
    SSLCertificateKeyFile /etc/apache2/certs/ssl.key
    SSLCertificateFile /etc/apache2/certs/ssl.crt
    SSLEngine               on
    SSLProtocol             -all +TLSv1.2 +TLSv1.3
-    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
-    SSLHonorCipherOrder     off
-    SSLSessionTickets       off
 </VirtualHost>

 # Increase timeout in case e.g. the initial download takes a long time
 Timeout 7200
 ProxyTimeout 7200
-
-# See https://httpd.apache.org/docs/trunk/mod/core.html#traceenable
-TraceEnable Off
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -6,12 +6,6 @@ print_green() {
    printf "%b%s%b\n" "\e[0;92m" "$TEXT" "\e[0m"
 }

-# Function to show text in red
-print_red() {
-    local TEXT="$1"
-    printf "%b%s%b\n" "\e[0;31m" "$TEXT" "\e[0m"
-}
-
 # Function to check if number was provided
 check_if_number() {
 case "${1}" in
@@ -20,34 +14,18 @@ case "${1}" in
 esac
 }

-# Check if running as root user
-if [ "$EUID" != "0" ]; then
-    print_red "Container does not run as root user. This is not supported."
-    exit 1
-fi
-
-# Check that the CMD is not overwritten nor set
-if [ "$*" != "" ]; then
-    print_red "Docker run command for AIO is incorrect as a CMD option was given which is not expected."
-    exit 1
-fi
-
 # Check if socket is available and readable
 if ! [ -a "/var/run/docker.sock" ]; then
-    print_red "Docker socket is not available. Cannot continue."
-    echo "Please make sure to mount the docker socket into /var/run/docker.sock inside the container!"
-    echo "If you did this by purpose because you don't want the container to have access to the docker socket, see https://github.com/nextcloud/all-in-one/tree/main/manual-install."
+    echo "Docker socket is not available. Cannot continue."
    exit 1
 elif ! mountpoint -q "/mnt/docker-aio-config"; then
-    print_red "/mnt/docker-aio-config is not a mountpoint. Cannot proceed!"
-    echo "Please make sure to mount the nextcloud_aio_mastercontainer docker volume into /mnt/docker-aio-config inside the container!"
-    echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
+    echo "/mnt/docker-aio-config is not a mountpoint. Cannot proceed!"
    exit 1
 elif ! sudo -u www-data test -r /var/run/docker.sock; then
    echo "Trying to fix docker.sock permissions internally..."
    DOCKER_GROUP=$(stat -c '%G' /var/run/docker.sock)
    DOCKER_GROUP_ID=$(stat -c '%g' /var/run/docker.sock)
-    # Check if a group with the same group name of /var/run/docker.socket already exists in the container
+    # Check if a group with the same group id of /var/run/docker.socket already exists in the container
    if grep -q "^$DOCKER_GROUP:" /etc/group; then
        # If yes, add www-data to that group
        echo "Adding internal www-data to group $DOCKER_GROUP"
@@ -62,27 +40,24 @@ elif ! sudo -u www-data test -r /var/run/docker.sock; then
        usermod -aG docker www-data
    fi
    if ! sudo -u www-data test -r /var/run/docker.sock; then
-        print_red "Docker socket is not readable by the www-data user. Cannot continue."
+        echo "Docker socket is not readable by the www-data user. Cannot continue."
        exit 1
    fi
 fi

 # Check if api version is supported
 if ! sudo -u www-data docker info &>/dev/null; then
-    print_red "Cannot connect to the docker socket. Cannot proceed."
-    echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket."
-    echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"
-    echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
+    echo "Cannot connect to the docker socket. Cannot proceed."
    exit 1
 fi
 API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)"
-API_VERSION="$(grep -oP 'const string API_VERSION.*\;' "$API_VERSION_FILE" | grep -oP '[0-9]+.[0-9]+' | head -1)"
+API_VERSION="$(grep -oP 'const API_VERSION.*\;' "$API_VERSION_FILE" | grep -oP '[0-9]+.[0-9]+' | head -1)"
 # shellcheck disable=SC2001
 API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
 LOCAL_API_VERSION_NUMB="$(sudo -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
 if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
    if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
-        print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
+        echo "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
        exit 1
    fi
 else
@@ -91,35 +66,28 @@ else
 fi

 # Check Storage drivers
-STORAGE_DRIVER="$(sudo -u www-data docker info | grep "Storage Driver")"
+STORAGE_DRIVER="$(docker info | grep "Storage Driver")"
 # Check if vfs is used: https://github.com/nextcloud/all-in-one/discussions/1467
 if echo "$STORAGE_DRIVER" | grep -q vfs; then
    echo "$STORAGE_DRIVER"
-    print_red "Warning: It seems like the storage driver vfs is used. This will lead to problems with disk space and performance and is disrecommended!"
+    echo "Warning: It seems like the storage driver vfs is used. This will lead to problems with disk space and performance and is disrecommended!"
 elif echo "$STORAGE_DRIVER" | grep -q fuse-overlayfs; then
    echo "$STORAGE_DRIVER"
-    print_red "Warning: It seems like the storage driver fuse-overlayfs is used. Please check if you can switch to overlay2 instead."
-fi
-
-# Check if snap install
-if sudo -u www-data docker info | grep "Docker Root Dir" | grep "/var/snap/docker/"; then
-    print_red "Warning: It looks like your installation uses docker installed via snap."
-    print_red "This comes with some limitations and is disrecommended by the docker maintainers."
-    print_red "See for example https://github.com/nextcloud/all-in-one/discussions/4890#discussioncomment-10386752"
+    echo "Warning: It seems like the storage driver fuse-overlayfs is used. Please check if you can switch to overlay2 instead."
 fi

 # Check if startup command was executed correctly
 if ! sudo -u www-data docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; then
-    print_red "It seems like you did not give the mastercontainer the correct name? (The 'nextcloud-aio-mastercontainer' container was not found.)
+    echo "It seems like you did not give the mastercontainer the correct name? (The 'nextcloud-aio-mastercontainer' container was not found.)
 Using a different name is not supported since mastercontainer updates will not work in that case!
 If you are on docker swarm and try to run AIO, see https://github.com/nextcloud/all-in-one#can-i-run-this-with-docker-swarm"
    exit 1
 elif ! sudo -u www-data docker volume ls --format "{{.Name}}" | grep -q "^nextcloud_aio_mastercontainer$"; then
-    print_red "It seems like you did not give the mastercontainer volume the correct name? (The 'nextcloud_aio_mastercontainer' volume was not found.)
+    echo "It seems like you did not give the mastercontainer volume the correct name? (The 'nextcloud_aio_mastercontainer' volume was not found.)
 Using a different name is not supported since the built-in backup solution will not work in that case!"
    exit 1
 elif ! sudo -u www-data docker inspect nextcloud-aio-mastercontainer | grep -q "nextcloud_aio_mastercontainer"; then
-    print_red "It seems like you did not attach the 'nextcloud_aio_mastercontainer' volume to the mastercontainer?
+    echo "It seems like you did not attach the 'nextcloud_aio_mastercontainer' volume to the mastercontainer?
 This is not supported since the built-in backup solution will not work in that case!"
    exit 1
 fi
@@ -127,34 +95,34 @@ fi
 # Check for other options
 if [ -n "$NEXTCLOUD_DATADIR" ]; then
    if [ "$NEXTCLOUD_DATADIR" = "nextcloud_aio_nextcloud_datadir" ]; then
-        sleep 1
+        echo "NEXTCLOUD_DATADIR is set to $NEXTCLOUD_DATADIR"
    elif ! echo "$NEXTCLOUD_DATADIR" | grep -q "^/" || [ "$NEXTCLOUD_DATADIR" = "/" ]; then
-        print_red "You've set NEXTCLOUD_DATADIR but not to an allowed value.
-The string must start with '/' and must not be equal to '/'. Also allowed is 'nextcloud_aio_nextcloud_datadir'.
+        echo "You've set NEXTCLOUD_DATADIR but not to an allowed value.
+The string must start with '/' and must not be equal to '/'.
 It is set to '$NEXTCLOUD_DATADIR'."
        exit 1
    fi
 fi
 if [ -n "$NEXTCLOUD_MOUNT" ]; then
    if ! echo "$NEXTCLOUD_MOUNT" | grep -q "^/" || [ "$NEXTCLOUD_MOUNT" = "/" ]; then
-        print_red "You've set NEXTCLOUD_MOUNT but not to an allowed value.
+        echo "You've set NEXCLOUD_MOUNT but not to an allowed value.
 The string must start with '/' and must not be equal to '/'.
 It is set to '$NEXTCLOUD_MOUNT'."
        exit 1
    elif [ "$NEXTCLOUD_MOUNT" = "/mnt/ncdata" ] || echo "$NEXTCLOUD_MOUNT" | grep -q "^/mnt/ncdata/"; then
-        print_red "'/mnt/ncdata' and '/mnt/ncdata/' are not allowed as values for NEXTCLOUD_MOUNT."
+        echo "'/mnt/ncdata' and '/mnt/ncdata/' are not allowed as values for NEXTCLOUD_MOUNT."
        exit 1
    fi
 fi
 if [ -n "$NEXTCLOUD_DATADIR" ] && [ -n "$NEXTCLOUD_MOUNT" ]; then
    if [ "$NEXTCLOUD_DATADIR" = "$NEXTCLOUD_MOUNT" ]; then
-        print_red "NEXTCLOUD_DATADIR and NEXTCLOUD_MOUNT are not allowed to be equal."
+        echo "NEXTCLOUD_DATADIR and NEXTCLOUD_MOUNT are not allowed to be equal."
        exit 1
    fi
 fi
 if [ -n "$NEXTCLOUD_UPLOAD_LIMIT" ]; then
    if ! echo "$NEXTCLOUD_UPLOAD_LIMIT" | grep -q '^[0-9]\+G$'; then
-        print_red "You've set NEXTCLOUD_UPLOAD_LIMIT but not to an allowed value.
+        echo "You've set NEXTCLOUD_UPLOAD_LIMIT but not to an allowed value.
 The string must start with a number and end with 'G'.
 It is set to '$NEXTCLOUD_UPLOAD_LIMIT'."
        exit 1
@@ -162,7 +130,7 @@ It is set to '$NEXTCLOUD_UPLOAD_LIMIT'."
 fi
 if [ -n "$NEXTCLOUD_MAX_TIME" ]; then
    if ! echo "$NEXTCLOUD_MAX_TIME" | grep -q '^[0-9]\+$'; then
-        print_red "You've set NEXTCLOUD_MAX_TIME but not to an allowed value.
+        echo "You've set NEXTCLOUD_MAX_TIME but not to an allowed value.
 The string must be a number. E.g. '3600'.
 It is set to '$NEXTCLOUD_MAX_TIME'."
        exit 1
@@ -170,7 +138,7 @@ It is set to '$NEXTCLOUD_MAX_TIME'."
 fi
 if [ -n "$NEXTCLOUD_MEMORY_LIMIT" ]; then
    if ! echo "$NEXTCLOUD_MEMORY_LIMIT" | grep -q '^[0-9]\+M$'; then
-        print_red "You've set NEXTCLOUD_MEMORY_LIMIT but not to an allowed value.
+        echo "You've set NEXTCLOUD_MEMORY_LIMIT but not to an allowed value.
 The string must start with a number and end with 'M'.
 It is set to '$NEXTCLOUD_MEMORY_LIMIT'."
        exit 1
@@ -178,72 +146,64 @@ It is set to '$NEXTCLOUD_MEMORY_LIMIT'."
 fi
 if [ -n "$APACHE_PORT" ]; then
    if ! check_if_number "$APACHE_PORT"; then
-        print_red "You provided an Apache port but did not only use numbers.
+        echo "You provided an Apache port but did not only use numbers.
 It is set to '$APACHE_PORT'."
        exit 1
    elif ! [ "$APACHE_PORT" -le 65535 ] || ! [ "$APACHE_PORT" -ge 1 ]; then
-        print_red "The provided Apache port is invalid. It must be between 1 and 65535"
+        echo "The provided Apache port is invalid. It must be between 1 and 65535"
        exit 1
    fi
 fi
 if [ -n "$APACHE_IP_BINDING" ]; then
-    if ! echo "$APACHE_IP_BINDING" | grep -q '^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$\|^[0-9a-f:]\+$\|^@INTERNAL$'; then
-        print_red "You provided an ip-address for the apache container's ip-binding but it was not a valid ip-address.
+    if ! echo "$APACHE_IP_BINDING" | grep -q '^[0-9.]\+$'; then
+        echo "You provided an ip-address for the apache container's ip-binding but it was not a valid ip-address.
 It is set to '$APACHE_IP_BINDING'."
        exit 1
    fi
 fi
-if [ -n "$APACHE_ADDITIONAL_NETWORK" ]; then
-    if ! echo "$APACHE_ADDITIONAL_NETWORK" | grep -q "^[a-zA-Z0-9._-]\+$"; then
-        print_red "You've set APACHE_ADDITIONAL_NETWORK but not to an allowed value.
-It needs to be a string with letters, numbers, hyphens and underscores.
-It is set to '$APACHE_ADDITIONAL_NETWORK'."
-        exit 1
-    fi
-fi
 if [ -n "$TALK_PORT" ]; then
    if ! check_if_number "$TALK_PORT"; then
-        print_red "You provided an Talk port but did not only use numbers.
+        echo "You provided an Talk port but did not only use numbers.
 It is set to '$TALK_PORT'."
        exit 1
    elif ! [ "$TALK_PORT" -le 65535 ] || ! [ "$TALK_PORT" -ge 1 ]; then
-        print_red "The provided Talk port is invalid. It must be between 1 and 65535"
+        echo "The provided Talk port is invalid. It must be between 1 and 65535"
        exit 1
    fi
 fi
 if [ -n "$APACHE_PORT" ] && [ -n "$TALK_PORT" ]; then
    if [ "$APACHE_PORT" = "$TALK_PORT" ]; then
-        print_red "APACHE_PORT and TALK_PORT are not allowed to be equal."
+        echo "APACHE_PORT and TALK_PORT are not allowed to be equal."
        exit 1
    fi
 fi
-if [ -n "$WATCHTOWER_DOCKER_SOCKET_PATH" ]; then
-    if ! echo "$WATCHTOWER_DOCKER_SOCKET_PATH" | grep -q "^/" || echo "$WATCHTOWER_DOCKER_SOCKET_PATH" | grep -q "/$"; then
-        print_red "You've set WATCHTOWER_DOCKER_SOCKET_PATH but not to an allowed value.
+if [ -n "$DOCKER_SOCKET_PATH" ]; then
+    if ! echo "$DOCKER_SOCKET_PATH" | grep -q "^/" || echo "$DOCKER_SOCKET_PATH" | grep -q "/$"; then
+        echo "You've set DOCKER_SOCKET_PATH but not to an allowed value.
 The string must start with '/' and must not end with '/'.
-It is set to '$WATCHTOWER_DOCKER_SOCKET_PATH'."
+It is set to '$DOCKER_SOCKET_PATH'."
        exit 1
    fi
 fi
 if [ -n "$NEXTCLOUD_TRUSTED_CACERTS_DIR" ]; then
    if ! echo "$NEXTCLOUD_TRUSTED_CACERTS_DIR" | grep -q "^/" || echo "$NEXTCLOUD_TRUSTED_CACERTS_DIR" | grep -q "/$"; then
-        print_red "You've set NEXTCLOUD_TRUSTED_CACERTS_DIR but not to an allowed value.
+        echo "You've set NEXTCLOUD_TRUSTED_CACERTS_DIR but not to an allowed value.
 It should be an absolute path to a directory that starts with '/' but not end with '/'.
 It is set to '$NEXTCLOUD_TRUSTED_CACERTS_DIR '."
        exit 1
    fi
 fi
 if [ -n "$NEXTCLOUD_STARTUP_APPS" ]; then
-    if ! echo "$NEXTCLOUD_STARTUP_APPS" | grep -q "^[a-z0-9 _-]\+$"; then
-        print_red "You've set NEXTCLOUD_STARTUP_APPS but not to an allowed value.
-It needs to be a string. Allowed are small letters a-z, 0-9, spaces, hyphens and '_'.
+    if ! echo "$NEXTCLOUD_STARTUP_APPS" | grep -q "^[a-z _-]\+$"; then
+        echo "You've set NEXTCLOUD_STARTUP_APPS but not to an allowed value.
+It needs to be a string. Allowed are small letters a-z, spaces, hyphens and '_'.
 It is set to '$NEXTCLOUD_STARTUP_APPS'."
        exit 1
    fi
 fi
 if [ -n "$NEXTCLOUD_ADDITIONAL_APKS" ]; then
    if ! echo "$NEXTCLOUD_ADDITIONAL_APKS" | grep -q "^[a-z0-9 ._-]\+$"; then
-        print_red "You've set NEXTCLOUD_ADDITIONAL_APKS but not to an allowed value.
+        echo "You've set NEXTCLOUD_ADDITIONAL_APKS but not to an allowed value.
 It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens, dots and '_'.
 It is set to '$NEXTCLOUD_ADDITIONAL_APKS'."
        exit 1
@@ -251,76 +211,24 @@ It is set to '$NEXTCLOUD_ADDITIONAL_APKS'."
 fi
 if [ -n "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" ]; then
    if ! echo "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" | grep -q "^[a-z0-9 ._-]\+$"; then
-        print_red "You've set NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS but not to an allowed value.
+        echo "You've set NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS but not to an allowed value.
 It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens, dots and '_'.
 It is set to '$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS'."
        exit 1
    fi
 fi
-if [ -n "$AIO_COMMUNITY_CONTAINERS" ]; then
-    read -ra AIO_CCONTAINERS <<< "$AIO_COMMUNITY_CONTAINERS"
-    for container in "${AIO_CCONTAINERS[@]}"; do
-        if ! [ -d "/var/www/docker-aio/community-containers/$container" ]; then
-            print_red "The community container $container was not found!"
-            FAIL_CCONTAINERS=1
-        fi
-    done
-    if [ -n "$FAIL_CCONTAINERS" ]; then
-        print_red "You've set AIO_COMMUNITY_CONTAINERS but at least one container was not found.
-It is set to '$AIO_COMMUNITY_CONTAINERS'."
-        exit 1
-    fi
-fi

 # Check DNS resolution
 # Prevents issues like https://github.com/nextcloud/all-in-one/discussions/565
 curl https://nextcloud.com &>/dev/null
 if [ "$?" = 6 ]; then
-    print_red "Could not resolve the host nextcloud.com."
+    echo "Could not resolve the host nextcloud.com."
    echo "Most likely the DNS resolving does not work."
    echo "You should be able to fix this by following https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html"
    echo "Apart from that, there has been this: https://github.com/nextcloud/all-in-one/discussions/2065"
    exit 1
 fi

-# Check if auth.docker.io is reachable
-# Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268
-if ! curl https://auth.docker.io/token 2>&1 | grep -q token; then
-    print_red "Could not reach https://auth.docker.io."
-    echo "Most likely is something blocking access to it."
-    echo "You should be able to fix this by using https://github.com/nextcloud/all-in-one/tree/main/manual-install"
-    exit 1
-fi
-
-# Check that no changes have been made to timezone settings since AIO only supports running in Etc/UTC timezone
-if [ -n "$TZ" ]; then
-    print_red "The environmental variable TZ has been set which is not supported by AIO since it only supports running in the default Etc/UTC timezone!"
-    echo "The correct timezone can be set in the AIO interface later on!"
-    # Disable exit since it seems to be by default set on unraid and we dont want to break these instances
-    # exit 1
-fi
-if mountpoint -q /etc/localtime; then
-    print_red "/etc/localtime has been mounted into the container which is not allowed because AIO only supports running in the default Etc/UTC timezone!"
-    echo "The correct timezone can be set in the AIO interface later on!"
-    exit 1
-fi
-if mountpoint -q /etc/timezone; then
-    print_red "/etc/timezone has been mounted into the container which is not allowed because AIO only supports running in the default Etc/UTC timezone!"
-    echo "The correct timezone can be set in the AIO interface later on!"
-    exit 1
-fi
-
-# Check if unsupported env are set (but don't exit as it would break many instances)
-if [ -n "$APACHE_DISABLE_REWRITE_IP" ]; then
-    print_red "The environmental variable APACHE_DISABLE_REWRITE_IP has been set which is not supported by AIO. Please remove it!"
-fi
-if [ -n "$NEXTCLOUD_TRUSTED_DOMAINS" ]; then
-    print_red "The environmental variable NEXTCLOUD_TRUSTED_DOMAINS has been set which is not supported by AIO. Please remove it!"
-fi
-if [ -n "$TRUSTED_PROXIES" ]; then
-    print_red "The environmental variable TRUSTED_PROXIES has been set which is not supported by AIO. Please remove it!"
-fi
-
 # Add important folders
 mkdir -p /mnt/docker-aio-config/data/
 mkdir -p /mnt/docker-aio-config/session/
@@ -365,16 +273,15 @@ if [ -f ./ssl.crt ] && [ -f ./ssl.key ]; then
    cp "$GENERATED_CERTS/ssl.key" ./
 fi

-print_green "Initial startup of Nextcloud All-in-One complete!
+print_green "Initial startup of Nextcloud All In One complete!
 You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
 E.g. https://internal.ip.of.this.server:8080
-⚠️ Important: do always use an ip-address if you access this port and not a domain as HSTS might block access to it later!

 If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
 https://your-domain-that-points-to-this-server.tld:8443"

-# Set the timezone to Etc/UTC
-export TZ=Etc/UTC
+# Set the timezone to UTC
+export TZ=UTC

 # Fix apache startup
 rm -f /var/run/apache2/httpd.pid
@@ -385,5 +292,4 @@ caddy fmt --overwrite /Caddyfile
 # Fix caddy log 
 chmod 777 /root

-# Start supervisord
-/usr/bin/supervisord -c /supervisord.conf
+exec "$@"
--- a/Containers/mastercontainer/supervisord.conf
+++ b/Containers/mastercontainer/supervisord.conf
@@ -9,16 +9,16 @@ loglevel=error
 user=root

 [program:php-fpm]
-# Stdout logging is disabled as otherwise the logs are spammed
-stdout_logfile=NONE
+# stdout_logfile=/dev/stdout
+# stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=php-fpm
 user=root

 [program:apache]
-# Stdout logging is disabled as otherwise the logs are spammed
-stdout_logfile=NONE
+# stdout_logfile=/dev/stdout
+# stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=httpd -DFOREGROUND
@@ -38,7 +38,6 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/cron.sh
-user=root

 [program:backup-time-file-watcher]
 stdout_logfile=/dev/stdout
@@ -55,10 +54,3 @@ stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/session-deduplicator.sh
 user=root
-
-[program:domain-validator]
-# Logging is disabled as otherwise all attempts will be logged which spams the logs
-stdout_logfile=NONE
-stderr_logfile=NONE
-command=php -S 127.0.0.1:9876 /var/www/docker-aio/php/domain-validator.php
-user=www-data
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,107 +1,82 @@
-# syntax=docker/dockerfile:latest
-FROM php:8.3.16-fpm-alpine3.21
-
-ENV PHP_MEMORY_LIMIT=512M
-ENV PHP_UPLOAD_LIMIT=16G
-ENV PHP_MAX_TIME=3600
-ENV SOURCE_LOCATION=/usr/src/nextcloud
-ENV REDIS_DB_INDEX=0
-
-# AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=30.0.5
-ENV AIO_TOKEN=123456
-ENV AIO_URL=localhost
-# AIO settings end # Do not remove or change this line!
-
-# Define the commit hash for imagick as a variable
-ARG IMAGICK_COMMIT_HASH=28f27044e435a2b203e32675e942eb8de620ee58
-
-COPY --chmod=775 *.sh /
-COPY --chmod=774 upgrade.exclude /upgrade.exclude
-COPY config/*.php /
-COPY supervisord.conf /supervisord.conf
-COPY root.motd /root.motd
-
-VOLUME /mnt/ncdata
-VOLUME /var/www/html
+# From https://github.com/nextcloud/docker/blob/master/23/fpm-alpine/Dockerfile
+FROM php:8.0.28-fpm-alpine3.16

 # Custom: change id of www-data user as it needs to be the same like on old installations
-# hadolint ignore=SC2086,DL3003
 RUN set -ex; \
-    apk upgrade --no-cache -a; \
    apk add --no-cache shadow; \
    deluser www-data; \
+    groupmod -g 333 xfs; \
+    usermod -u 333 -g 333 xfs; \
    addgroup -g 33 -S www-data; \
-    adduser -u 33 -D -S -G www-data www-data; \
-    \
+    adduser -u 33 -D -S -G www-data www-data
+
 # entrypoint.sh and cron.sh dependencies
+RUN set -ex; \
+    \
    apk add --no-cache \
        rsync \
-    ; \
+    ;
+
 # install the PHP extensions we need
 # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
+ENV PHP_MEMORY_LIMIT 512M
+ENV PHP_UPLOAD_LIMIT 10G
+ENV PHP_MAX_TIME 3600
+RUN set -ex; \
+    \
    apk add --no-cache --virtual .build-deps \
        $PHPIZE_DEPS \
        autoconf \
+        libtool \
        freetype-dev \
-        gmp-dev \
        icu-dev \
-        imagemagick-dev \
-        imagemagick-svg \
-        imagemagick-heic \
-        imagemagick-tiff \
        libevent-dev \
        libjpeg-turbo-dev \
        libmcrypt-dev \
-        libmemcached-dev \
        libpng-dev \
-        libwebp-dev \
+        libmemcached-dev \
        libxml2-dev \
        libzip-dev \
        openldap-dev \
        pcre-dev \
        postgresql-dev \
+        libwebp-dev \
+        gmp-dev \
+        lcms2-dev \
+        fontconfig-dev \
+        freetype-dev \
+        ghostscript-dev \
+        tiff-dev \
+        zlib-dev \
+        imagemagick-dev \
+        libheif-dev \
+        librsvg-dev \
+        libxext-dev \
+        ghostscript-fonts \
    ; \
    \
    docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
-    docker-php-ext-configure ftp --with-openssl-dir=/usr; \
    docker-php-ext-configure ldap; \
    docker-php-ext-install -j "$(nproc)" \
        bcmath \
        exif \
        gd \
-        gmp \
        intl \
        ldap \
        opcache \
        pcntl \
        pdo_pgsql \
-        sysvsem \
        zip \
+        gmp \
    ; \
    \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install -o igbinary-3.2.16; \
-    pecl install APCu-5.1.24; \
-    pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \
-    pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.1.0; \
-#    pecl install -o imagick-3.7.0; \
-# Begin workaround ->
-# The master version on the imagick repository is compatible with PHP 8.3. However, the PECL version is not updated yet.
-# As soon as it will get updated, we can switch back to the PECL version, instead of having this workaround.
-    apk add --no-cache --virtual .git-build-deps git \
-    && git clone https://github.com/imagick/imagick.git --depth 1 /tmp/imagick \
-    && cd /tmp/imagick \
-    && git fetch --depth 1 origin ${IMAGICK_COMMIT_HASH} \
-    && git checkout ${IMAGICK_COMMIT_HASH} \
-    && sed -i "s/@PACKAGE_VERSION@/git-${IMAGICK_COMMIT_HASH:0:7}/" php_imagick.h \
-    && phpize && ./configure && make && make install; \
-    apk del .git-build-deps; \
-    cd && rm -r /tmp/imagick; \
-# <- End workaround
+    pecl install APCu-5.1.22; \
+    pecl install memcached-3.2.0; \
+    pecl install redis-5.3.7; \
+    pecl install imagick-3.7.0; \
    \
    docker-php-ext-enable \
-        igbinary \
        apcu \
        memcached \
        redis \
@@ -114,24 +89,15 @@ RUN set -ex; \
            | sort -u \
            | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
    )"; \
-    apk add --no-cache --virtual .nextcloud-phpext-rundeps $runDeps; \
-    apk del .build-deps; \
-    \
-    { \
-        echo 'apc.serializer=igbinary'; \
-        echo 'session.serialize_handler=igbinary'; \
-    } >> /usr/local/etc/php/conf.d/docker-php-ext-igbinary.ini; \
-    \
+    apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
+    apk del .build-deps
+
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
-    { \
-        echo 'opcache.max_accelerated_files=10000'; \
-        echo 'opcache.memory_consumption=256'; \
-        echo 'opcache.interned_strings_buffer=64'; \
+RUN { \
+        echo 'opcache.interned_strings_buffer=32'; \
        echo 'opcache.save_comments=1'; \
        echo 'opcache.revalidate_freq=60'; \
-        echo 'opcache.jit=1255'; \
-        echo 'opcache.jit_buffer_size=8M'; \
    } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
    \
    echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
@@ -142,23 +108,17 @@ RUN set -ex; \
        echo 'post_max_size=${PHP_UPLOAD_LIMIT}'; \
        echo 'max_execution_time=${PHP_MAX_TIME}'; \
        echo 'max_input_time=${PHP_MAX_TIME}'; \
-        echo 'default_socket_timeout=600'; \
    } > /usr/local/etc/php/conf.d/nextcloud.ini; \
    \
-    { \
-        echo 'session.save_handler = redis'; \
-        echo 'session.save_path = "tcp://${REDIS_HOST}:6379?database=${REDIS_DB_INDEX}${REDIS_USER_AUTH}&auth[]=${REDIS_HOST_PASSWORD}"'; \
-        echo 'redis.session.locking_enabled = 1'; \
-        echo 'redis.session.lock_retries = -1'; \
-        echo 'redis.session.lock_wait_time = 10000'; \
-        echo 'session.gc_maxlifetime = 86400'; \
-    } > /usr/local/etc/php/conf.d/redis-session.ini; \
-    \
-    mkdir -p /var/www/data; \
+    mkdir /var/www/data; \
    chown -R www-data:root /var/www; \
-    chmod -R g=u /var/www; \
-    \
-# Download Nextcloud archive start # Do not remove or change this line!
+    chmod -R g=u /var/www
+
+VOLUME /var/www/html
+
+ENV NEXTCLOUD_VERSION 25.0.5
+
+RUN set -ex; \
    apk add --no-cache --virtual .fetch-deps \
        bzip2 \
        gnupg \
@@ -178,19 +138,27 @@ RUN set -ex; \
    mkdir -p /usr/src/nextcloud/data; \
    mkdir -p /usr/src/nextcloud/custom_apps; \
    chmod +x /usr/src/nextcloud/occ; \
-    mkdir -p /usr/src/nextcloud/config; \
-    apk del .fetch-deps; \
-# Download Nextcloud archive end # Do not remove or change this line!
-    mv /*.php /usr/src/nextcloud/config/; \
-    \
+    apk del .fetch-deps
+
+COPY *.sh upgrade.exclude /
+COPY config/* /usr/src/nextcloud/config/
+
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["php-fpm"]
+
 # Template from https://github.com/nextcloud/docker/blob/master/.examples/dockerfiles/full/fpm-alpine/Dockerfile
+
+RUN set -ex; \
+    \
    apk add --no-cache \
        ffmpeg \
        procps \
        samba-client \
        supervisor \
 #       libreoffice \
-    ; \
+    ;
+
+RUN set -ex; \
    \
    apk add --no-cache --virtual .build-deps \
        $PHPIZE_DEPS \
@@ -207,7 +175,6 @@ RUN set -ex; \
        bz2 \
        imap \
        pgsql \
-        ftp \
    ; \
    pecl install smbclient; \
    docker-php-ext-enable smbclient; \
@@ -218,15 +185,22 @@ RUN set -ex; \
            | sort -u \
            | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
    )"; \
-    apk add --no-cache --virtual .nextcloud-phpext-rundeps $runDeps; \
-    apk del .build-deps; \
-    \
-    mkdir -p \
+    apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
+    apk del .build-deps
+
+RUN mkdir -p \
    /var/log/supervisord \
    /var/run/supervisord \
-    ; \
-    chown www-data:root -R /var/log/supervisord; \
-    chown www-data:root -R /var/run/supervisord; \
+;
+
+COPY supervisord.conf /
+
+ENV NEXTCLOUD_UPDATE=1
+
+CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
+
+# Custom:
+RUN set -ex; \
    \
    apk add --no-cache \
        bash \
@@ -236,49 +210,63 @@ RUN set -ex; \
        git \
        postgresql-client \
        tzdata \
+        mawk \
        sudo \
        grep \
-        nodejs \
-        libreoffice \
-        bind-tools \
-        imagemagick \
-        imagemagick-svg \
-        imagemagick-heic \
-        imagemagick-tiff \
-        coreutils; \
-    \
+        coreutils \
+        libjpeg \
+        librsvg \
+        libheif \
+        libpng \
+        ghostscript-fonts;
+
+RUN set -ex; \
    grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
    sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
-# Sync this with max db connections and MaxRequestWorkers
-# We don't actually expect so many children but don't want to limit it artificially because people will report issues otherwise.
-# Also children will usually be terminated again after the process is done due to the ondemand setting
-    sed -i 's/^pm.max_children =.*/pm.max_children = 5000/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
-    \
-# AIO cloning start # Do not remove or change this line!
+    sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's/^pm.start_servers =.*/pm.start_servers = 2/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's/^pm.min_spare_servers =.*/pm.min_spare_servers = 1/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's/^pm.max_spare_servers =.*/pm.max_spare_servers = 3/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf
+
+RUN set -ex; \
    rm -rf /tmp/nextcloud-aio && \
    mkdir -p /tmp/nextcloud-aio && \
    cd /tmp/nextcloud-aio && \
    git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
    mkdir -p /usr/src/nextcloud/apps/nextcloud-aio; \
-    cp -r ./app/* /usr/src/nextcloud/apps/nextcloud-aio/; \
-    echo "[ -n \"\$TERM\" ] && cat /root.motd" >> /root/.bashrc; \
-# AIO cloning end # Do not remove or change this line!
-    \
+    cp -r ./app/* /usr/src/nextcloud/apps/nextcloud-aio/
+
+RUN set -ex; \
    chown www-data:root -R /usr/src && \
    chown www-data:root -R /usr/local/etc/php/conf.d && \
    chown www-data:root -R /usr/local/etc/php-fpm.d && \
-    chmod -R 777 /tmp; \
-    rm -rf /usr/src/nextcloud/apps/updatenotification; \
-    \
-    mkdir -p /nc-updater; \
-    chown -R www-data:www-data /nc-updater; \
-    chmod -R 770 /nc-updater
+    rm -r /usr/src/nextcloud/apps/updatenotification
+
+COPY start.sh /
+COPY notify.sh /
+COPY notify-all.sh /
+RUN set -ex; \
+    chmod +x /start.sh && \
+    chmod +x /entrypoint.sh && \
+    chmod +r /upgrade.exclude && \
+    chmod +x /cron.sh && \
+    chmod +x /notify.sh && \
+    chmod +x /notify-all.sh && \
+    chmod +x /activate-collabora.sh && \
+    chmod +x /healthcheck.sh
+
+RUN set -ex; \
+    mkdir /mnt/ncdata; \
+    chown www-data:www-data /mnt/ncdata;
+
+VOLUME /mnt/ncdata
+
+# Give root a random password
+RUN echo "root:$(openssl rand -base64 12)" | chpasswd

-# hadolint ignore=DL3002
 USER root
 ENTRYPOINT ["/start.sh"]
-CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

-HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+HEALTHCHECK CMD sudo -E -u www-data bash /healthcheck.sh
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/nextcloud/activate-collabora.sh
+++ b/Containers/nextcloud/activate-collabora.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+if [ "$COLLABORA_ENABLED" != yes ]; then
+    # Basically sleep for forever if collabora is not enabled
+    sleep inf
+fi
+while ! nc -z "$NC_DOMAIN" 443; do
+    sleep 5
+done
+sleep 10
+echo "Activating collabora config..."
+php /var/www/html/occ richdocuments:activate-config
+sleep inf
--- a/Containers/nextcloud/config/aio.config.php
+++ b/Containers/nextcloud/config/aio.config.php
@@ -1,5 +0,0 @@
-<?php
-$CONFIG = array (
-  'one-click-instance' => true,
-  'one-click-instance.user-limit' => 100,
-);
--- a/Containers/nextcloud/config/apps.config.php
+++ b/Containers/nextcloud/config/apps.config.php
@@ -2,17 +2,14 @@
 $CONFIG = array (
  'apps_paths' => array (
      0 => array (
-              'path'     => '/var/www/html/apps',
+              'path'     => OC::$SERVERROOT.'/apps',
              'url'      => '/apps',
              'writable' => false,
      ),
      1 => array (
-              'path'     => '/var/www/html/custom_apps',
+              'path'     => OC::$SERVERROOT.'/custom_apps',
              'url'      => '/custom_apps',
              'writable' => true,
      ),
  ),
 );
-if (getenv('APPS_ALLOWLIST')) {
-    $CONFIG['appsallowlist'] = explode(" ", getenv('APPS_ALLOWLIST'));
-}
--- a/Containers/nextcloud/config/proxy.config.php
+++ b/Containers/nextcloud/config/proxy.config.php
@@ -1,13 +0,0 @@
-<?php
-if (getenv('HTTP_PROXY')) {
-    $CONFIG['proxy'] = getenv('HTTP_PROXY');
-}
-if (getenv('HTTPS_PROXY')) {
-    $CONFIG['proxy'] = getenv('HTTPS_PROXY');
-}
-if (getenv('PROXY_USER_PASSWORD')) {
-    $CONFIG['proxyuserpwd'] = getenv('PROXY_USER_PASSWORD');
-}
-if (getenv('NO_PROXY')) {
-    $CONFIG['proxyexclude'] = explode(',', getenv('NO_PROXY'));
-}
--- a/Containers/nextcloud/config/redis.config.php
+++ b/Containers/nextcloud/config/redis.config.php
@@ -9,17 +9,9 @@ if (getenv('REDIS_HOST')) {
    ),
  );

-  if (getenv('REDIS_HOST_PORT')) {
+  if (getenv('REDIS_HOST_PORT') !== false) {
    $CONFIG['redis']['port'] = (int) getenv('REDIS_HOST_PORT');
  } elseif (getenv('REDIS_HOST')[0] != '/') {
    $CONFIG['redis']['port'] = 6379;
  }
-
-  if (getenv('REDIS_DB_INDEX')) {
-    $CONFIG['redis']['dbindex'] = (int) getenv('REDIS_DB_INDEX');
-  }
-
-  if (getenv('REDIS_USER_AUTH') !== false) {
-    $CONFIG['redis']['user'] = str_replace("&auth[]=", "", getenv('REDIS_USER_AUTH'));
-  }
 }
--- a/Containers/nextcloud/config/s3.config.php
+++ b/Containers/nextcloud/config/s3.config.php
@@ -14,7 +14,6 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
        'region' => getenv('OBJECTSTORE_S3_REGION') ?: '',
        'hostname' => getenv('OBJECTSTORE_S3_HOST') ?: '',
        'port' => getenv('OBJECTSTORE_S3_PORT') ?: '',
-        'storageClass' => getenv('OBJECTSTORE_S3_STORAGE_CLASS') ?: '',
        'objectPrefix' => getenv("OBJECTSTORE_S3_OBJECT_PREFIX") ? getenv("OBJECTSTORE_S3_OBJECT_PREFIX") : "urn:oid:",
        'autocreate' => (strtolower($autocreate) === 'false' || $autocreate == false) ? false : true,
        'use_ssl' => (strtolower($use_ssl) === 'false' || $use_ssl == false) ? false : true,
@@ -25,9 +24,4 @@ if (getenv('OBJECTSTORE_S3_BUCKET')) {
      )
    )
  );
-
-  $sse_c_key = getenv('OBJECTSTORE_S3_SSE_C_KEY');
-  if ($sse_c_key) {
-    $CONFIG['objectstore']['arguments']['sse_c_key'] = $sse_c_key;
-  }
-}
+} 
--- a/Containers/nextcloud/config/smtp.config.php
+++ b/Containers/nextcloud/config/smtp.config.php
@@ -1,20 +0,0 @@
-<?php
-if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
-  $CONFIG = array (
-    'mail_smtpmode' => 'smtp',
-    'mail_smtphost' => getenv('SMTP_HOST'),
-    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
-    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
-    'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'),
-    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
-    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
-    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
-    'mail_domain' => getenv('MAIL_DOMAIN'),
-  );
-
-  if (getenv('SMTP_PASSWORD')) {
-      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
-  } else {
-      $CONFIG['mail_smtppassword'] = '';
-  }
-}
--- a/Containers/nextcloud/cron.sh
+++ b/Containers/nextcloud/cron.sh
@@ -1,18 +1,7 @@
 #!/bin/bash
-wait_for_cron() {
-    set -x
-    while [ -n "$(pgrep -f /var/www/html/cron.php)" ]; do
-        echo "Waiting for cron to stop..."
-        sleep 5
-    done
-    echo "Cronjob successfully exited."
-    exit
-}
-
-trap wait_for_cron SIGINT SIGTERM
+set -eu

 while true; do
    php -f /var/www/html/cron.php &
-    sleep 5m &
-    wait $!
+    sleep 5m
 done
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -10,28 +10,24 @@ directory_empty() {
    [ -z "$(ls -A "$1/")" ]
 }

-run_upgrade_if_needed_due_to_app_update() {
-    if php /var/www/html/occ status | grep maintenance | grep -q true; then
-        php /var/www/html/occ maintenance:mode --off
-    fi
-    if php /var/www/html/occ status | grep needsDbUpgrade | grep -q true; then
-        php /var/www/html/occ upgrade
-        php /var/www/html/occ app:enable nextcloud-aio --force
-    fi
-}
+echo "Configuring Redis as session handler..."
+cat << REDIS_CONF > /usr/local/etc/php/conf.d/redis-session.ini
+session.save_handler = redis
+session.save_path = "tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}"
+redis.session.locking_enabled = 1
+redis.session.lock_retries = -1
+# redis.session.lock_wait_time is specified in microseconds.
+# Wait 10ms before retrying the lock rather than the default 2ms.
+redis.session.lock_wait_time = 10000
+REDIS_CONF

-# Adjust DATABASE_TYPE to by Nextcloud supported value
-if [ "$DATABASE_TYPE" = postgres ]; then
-    export DATABASE_TYPE=pgsql
+echo "Setting php max children..."
+MEMORY=$(mawk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
+PHP_MAX_CHILDREN=$((MEMORY/50))
+if [ -n "$PHP_MAX_CHILDREN" ]; then
+    sed -i "s/^pm.max_children =.*/pm.max_children = $PHP_MAX_CHILDREN/" /usr/local/etc/php-fpm.d/www.conf
 fi

-# Only start container if redis is accessible
-# shellcheck disable=SC2153
-while ! nc -z "$REDIS_HOST" "6379"; do
-    echo "Waiting for redis to start..."
-    sleep 5
-done
-
 # Check permissions in ncdata
 touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
 if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
@@ -57,9 +53,9 @@ if [ -f /var/www/html/version.php ]; then
 else
    installed_version="0.0.0.0"
 fi
-if [ -f "$SOURCE_LOCATION/version.php" ]; then
+if [ -f "/usr/src/nextcloud/version.php" ]; then
    # shellcheck disable=SC2016
-    image_version="$(php -r "require '$SOURCE_LOCATION/version.php'; echo implode('.', \$OC_Version);")"
+    image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
 else
    image_version="$installed_version"
 fi
@@ -105,25 +101,9 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
            # Write output to logfile.
            exec > >(tee -i "/var/www/html/data/update.log")
            exec 2>&1
-            # Run built-in upgrader if version is below 28.0.2 to upgrade to 28.0.x first
-            touch "$NEXTCLOUD_DATA_DIR/update.failed"
-            if ! version_greater "$installed_version" "28.0.1.20"; then
-                php /var/www/html/updater/updater.phar --no-interaction --no-backup
-                if ! php /var/www/html/occ upgrade || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
-                    echo "Upgrade failed. Please restore from backup."
-                    bash /notify.sh "Nextcloud update to $image_version failed!" "Please restore from backup!"
-                    exit 1
-                fi
-                rm "$NEXTCLOUD_DATA_DIR/update.failed"
-                # shellcheck disable=SC2016
-                installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
-                INSTALLED_MAJOR="${installed_version%%.*}"
-            fi
        fi

        if [ "$installed_version" != "0.0.0.0" ] && [ "$((IMAGE_MAJOR - INSTALLED_MAJOR))" -gt 1 ]; then
-# Do not skip major versions placeholder # Do not remove or change this line!
-# Do not skip major versions start # Do not remove or change this line!
            set -ex
            NEXT_MAJOR="$((INSTALLED_MAJOR + 1))"
            curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/latest-${NEXT_MAJOR}.tar.bz2"
@@ -140,31 +120,23 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
            mkdir -p /usr/src/tmp/nextcloud/data
            mkdir -p /usr/src/tmp/nextcloud/custom_apps
            chmod +x /usr/src/tmp/nextcloud/occ
-            cp -r "$SOURCE_LOCATION"/config/* /usr/src/tmp/nextcloud/config/
+            cp -r /usr/src/nextcloud/config/* /usr/src/tmp/nextcloud/config/
            mkdir -p /usr/src/tmp/nextcloud/apps/nextcloud-aio
-            cp -r "$SOURCE_LOCATION"/apps/nextcloud-aio/* /usr/src/tmp/nextcloud/apps/nextcloud-aio/
-            mv "$SOURCE_LOCATION" /usr/src/temp-nextcloud
-            mv /usr/src/tmp/nextcloud "$SOURCE_LOCATION"
+            cp -r /usr/src/nextcloud/apps/nextcloud-aio/* /usr/src/tmp/nextcloud/apps/nextcloud-aio/
+            mv /usr/src/nextcloud /usr/src/temp-nextcloud
+            mv /usr/src/tmp/nextcloud /usr/src/nextcloud
            rm -r /usr/src/tmp
            rm -r /usr/src/temp-nextcloud
            # shellcheck disable=SC2016
-            image_version="$(php -r "require '$SOURCE_LOCATION/version.php'; echo implode('.', \$OC_Version);")"
+            image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
            IMAGE_MAJOR="${image_version%%.*}"
            set +ex
-# Do not skip major versions end # Do not remove or change this line!
        fi

        if [ "$installed_version" != "0.0.0.0" ]; then
-# Check connection to appstore start # Do not remove or change this line!
            while true; do
                echo -e "Checking connection to appstore"
-                APPSTORE_URL="https://apps.nextcloud.com/"
-                if grep -q appstoreurl /var/www/html/config/config.php; then
-                    set -x
-                    APPSTORE_URL="$(grep appstoreurl /var/www/html/config/config.php | grep -oP 'https://.*v[0-9]+')"
-                    set +x
-                fi
-                CURL_STATUS="$(curl -LI "$APPSTORE_URL" -o /dev/null -w '%{http_code}\n' -s)"
+                CURL_STATUS="$(curl -LI "https://apps.nextcloud.com/" -o /dev/null -w '%{http_code}\n' -s)"
                if [[ "$CURL_STATUS" = "200" ]]
                then
                    echo "Appstore is reachable"
@@ -174,9 +146,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                    sleep 5
                fi
            done
-# Check connection to appstore end # Do not remove or change this line!
-
-            run_upgrade_if_needed_due_to_app_update

            php /var/www/html/occ maintenance:mode --off

@@ -190,12 +159,8 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                declare -Ag APPSTORAGE
                echo "Disabling apps before the update in order to make the update procedure more safe. This can take a while..."
                for app in "${NC_APPS_ARRAY[@]}"; do
-                    if APPSTORAGE[$app]="$(php /var/www/html/occ config:app:get "$app" enabled)"; then
-                        php /var/www/html/occ app:disable "$app"
-                    else
-                        APPSTORAGE[$app]=""
-                        echo "Not disabling $app because the occ command to get the enabled state was failing."
-                    fi
+                    APPSTORAGE[$app]=$(php /var/www/html/occ config:app:get "$app" enabled)
+                    php /var/www/html/occ app:disable "$app"
                done
            fi

@@ -205,8 +170,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then

            php /var/www/html/occ app:update --all

-            run_upgrade_if_needed_due_to_app_update
-
            # Fix removing the updatenotification for old instances
            UPDATENOTIFICATION_STATUS="$(php /var/www/html/occ config:app:get updatenotification enabled)"
            if [ -d "/var/www/html/apps/updatenotification" ]; then
@@ -217,15 +180,15 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
        fi

        echo "Initializing nextcloud $image_version ..."
-        rsync -rlD --delete --exclude-from=/upgrade.exclude "$SOURCE_LOCATION/" /var/www/html/
+        rsync -rlD --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/

        for dir in config data custom_apps themes; do
            if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
-                rsync -rlD --include "/$dir/" --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/
+                rsync -rlD --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
            fi
        done
-        rsync -rlD --delete --include '/config/' --exclude '/*' --exclude '/config/CAN_INSTALL' --exclude '/config/config.sample.php' --exclude '/config/config.php' "$SOURCE_LOCATION/" /var/www/html/
-        rsync -rlD --include '/version.php' --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/
+        rsync -rlD --delete --include '/config/' --exclude '/*' --exclude '/config/CAN_INSTALL' --exclude '/config/config.sample.php' --exclude '/config/config.php' /usr/src/nextcloud/ /var/www/html/
+        rsync -rlD --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
        echo "Initializing finished"

        #install
@@ -242,20 +205,8 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                INSTALL_OPTIONS+=(--data-dir "$NEXTCLOUD_DATA_DIR")
            fi

-            # We do our own permission check so the permission check is not needed
-            cat << DATADIR_PERMISSION_CONF > /var/www/html/config/datadir.permission.config.php
-<?php
-    \$CONFIG = array (
-    'check_data_directory_permissions' => false
-);
-DATADIR_PERMISSION_CONF
-
-            echo "Installing with $DATABASE_TYPE database"
-            # Set a default value for POSTGRES_PORT
-            if [ -z "$POSTGRES_PORT" ]; then
-              POSTGRES_PORT=5432
-            fi
-            INSTALL_OPTIONS+=(--database "$DATABASE_TYPE" --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST" --database-port "$POSTGRES_PORT")
+            echo "Installing with PostgreSQL database"
+            INSTALL_OPTIONS+=(--database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST")

            echo "Starting Nextcloud installation..."
            if ! php /var/www/html/occ maintenance:install "${INSTALL_OPTIONS[@]}"; then
@@ -264,6 +215,9 @@ DATADIR_PERMISSION_CONF
                exit 1
            fi

+            # We do our own permission check so the permission check is not needed
+            php /var/www/html/occ config:system:set check_data_directory_permissions --value=false --type=bool
+
            # Try to force generation of appdata dir:
            php /var/www/html/occ maintenance:repair

@@ -284,67 +238,25 @@ DATADIR_PERMISSION_CONF
                fi
            fi

-            # This autoconfig is not needed anymore and should be able to be overwritten by the user
-            rm /var/www/html/config/datadir.permission.config.php
-
            # unset admin password
            unset ADMIN_PASSWORD

-# AIO update to latest start # Do not remove or change this line!
-            if [ "$INSTALL_LATEST_MAJOR" = yes ]; then
-                php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
-                INSTALLED_AT="$(php /var/www/html/occ config:app:get core installedat)"
-                if [ -n "${INSTALLED_AT}" ]; then
-                    # Set the installdat to 00 which will allow to skip staging and install the next major directly
-                    # shellcheck disable=SC2001
-                    INSTALLED_AT="$(echo "${INSTALLED_AT}" | sed "s|[0-9][0-9]$|00|")"
-                    php /var/www/html/occ config:app:set core installedat --value="${INSTALLED_AT}" 
-                fi
-                php /var/www/html/updater/updater.phar --no-interaction --no-backup
-                if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
-                    echo "Installation of Nextcloud failed!"
-                    touch "$NEXTCLOUD_DATA_DIR/install.failed"
-                    exit 1
-                fi
-                # shellcheck disable=SC2016
-                installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
-                INSTALLED_MAJOR="${installed_version%%.*}"
-                IMAGE_MAJOR="${image_version%%.*}"
-                if ! [ "$INSTALLED_MAJOR" -gt "$IMAGE_MAJOR" ]; then
-                    php /var/www/html/updater/updater.phar --no-interaction --no-backup
-                    if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
-                        echo "Installation of Nextcloud failed!"
-                        touch "$NEXTCLOUD_DATA_DIR/install.failed"
-                        exit 1
-                    fi
-                    # shellcheck disable=SC2016
-                    installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
-                fi
-                php /var/www/html/occ app:disable updatenotification
-                rm -rf /var/www/html/apps/updatenotification
-                php /var/www/html/occ app:enable nextcloud-aio --force
-                php /var/www/html/occ db:add-missing-columns
-                php /var/www/html/occ db:add-missing-primary-keys
-                yes | php /var/www/html/occ db:convert-filecache-bigint
-            fi
-# AIO update to latest end # Do not remove or change this line!
-
            # Apply log settings
            echo "Applying default settings..."
            mkdir -p /var/www/html/data
-            php /var/www/html/occ config:system:set loglevel --value="2" --type=integer
-            php /var/www/html/occ config:system:set log_type --value="file"
+            php /var/www/html/occ config:system:set loglevel --value=2
+            php /var/www/html/occ config:system:set log_type --value=file
            php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
-            php /var/www/html/occ config:system:set log_rotate_size --value="10485760" --type=integer
+            php /var/www/html/occ config:system:set log_rotate_size --value="10485760"
            php /var/www/html/occ app:enable admin_audit
            php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log"
            php /var/www/html/occ config:system:set log.condition apps 0 --value="admin_audit"

            # Apply preview settings
            echo "Applying preview settings..."
-            php /var/www/html/occ config:system:set preview_max_x --value="2048" --type=integer
-            php /var/www/html/occ config:system:set preview_max_y --value="2048" --type=integer
-            php /var/www/html/occ config:system:set jpeg_quality --value="60" --type=integer
+            php /var/www/html/occ config:system:set preview_max_x --value="2048"
+            php /var/www/html/occ config:system:set preview_max_y --value="2048"
+            php /var/www/html/occ config:system:set jpeg_quality --value="60"
            php /var/www/html/occ config:app:set preview jpeg_quality --value="60"
            php /var/www/html/occ config:system:delete enabledPreviewProviders
            php /var/www/html/occ config:system:set enabledPreviewProviders 1 --value="OC\\Preview\\Image"
@@ -353,18 +265,15 @@ DATADIR_PERMISSION_CONF
            php /var/www/html/occ config:system:set enabledPreviewProviders 4 --value="OC\\Preview\\TXT"
            php /var/www/html/occ config:system:set enabledPreviewProviders 5 --value="OC\\Preview\\OpenDocument"
            php /var/www/html/occ config:system:set enabledPreviewProviders 6 --value="OC\\Preview\\Movie"
-            php /var/www/html/occ config:system:set enabledPreviewProviders 7 --value="OC\\Preview\\Krita"
            php /var/www/html/occ config:system:set enable_previews --value=true --type=boolean

            # Apply other settings
            echo "Applying other settings..."
-            # Add missing indices after new installation because they seem to be missing on new installation
-            php /var/www/html/occ db:add-missing-indices
            php /var/www/html/occ config:system:set upgrade.disable-web --type=bool --value=true
            php /var/www/html/occ config:system:set mail_smtpmode --value="smtp"
            php /var/www/html/occ config:system:set trashbin_retention_obligation --value="auto, 30"
            php /var/www/html/occ config:system:set versions_retention_obligation --value="auto, 30"
-            php /var/www/html/occ config:system:set activity_expire_days --value="30" --type=integer
+            php /var/www/html/occ config:system:set activity_expire_days --value="30"
            php /var/www/html/occ config:system:set simpleSignUpLink.shown --type=bool --value=false
            php /var/www/html/occ config:system:set share_folder --value="/Shared"
            # Not needed anymore with the removal of the updatenotification app:
@@ -390,27 +299,26 @@ DATADIR_PERMISSION_CONF
                done
            fi

+            # Set the permission check to its default value again if not set
+            if [ "$SKIP_DATA_DIRECTORY_PERMISSION_CHECK" != yes ]; then
+                php /var/www/html/occ config:system:set check_data_directory_permissions --value=true --type=bool
+            fi
+
        #upgrade
        else
            touch "$NEXTCLOUD_DATA_DIR/update.failed"
            echo "Upgrading nextcloud from $installed_version to $image_version..."
-            php /var/www/html/occ config:system:delete integrity.check.disabled
            if ! php /var/www/html/occ upgrade || ! php /var/www/html/occ -V; then
                echo "Upgrade failed. Please restore from backup."
                bash /notify.sh "Nextcloud update to $image_version failed!" "Please restore from backup!"
                exit 1
            fi

-            # shellcheck disable=SC2016
-            installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
-
            rm "$NEXTCLOUD_DATA_DIR/update.failed"
            bash /notify.sh "Nextcloud update to $image_version successful!" "Feel free to inspect the Nextcloud container logs for more info."

            php /var/www/html/occ app:update --all

-            run_upgrade_if_needed_due_to_app_update
-
            # Restore app status
            if [ "${APPSTORAGE[0]}" != "no-export-done" ]; then
                echo "Restoring the status of apps. This can take a while..."
@@ -419,12 +327,6 @@ DATADIR_PERMISSION_CONF
                        if [ "${APPSTORAGE[$app]}" != "no" ]; then
                            echo "Enabling $app..."
                            if ! php /var/www/html/occ app:enable "$app" >/dev/null; then
-                                php /var/www/html/occ app:disable "$app" >/dev/null
-                                if ! php /var/www/html/occ -V &>/dev/null; then
-                                    rm -r "/var/www/html/custom_apps/$app"
-                                    php /var/www/html/occ maintenance:mode --off
-                                fi
-                                run_upgrade_if_needed_due_to_app_update
                                echo "The $app app could not get enabled. Probably because it is not compatible with the new Nextcloud version."
                                if [ "$app" = apporder ]; then
                                    CUSTOM_HINT="The apporder app was deprecated. A possible replacement is the side_menu app, aka 'Custom menu'."
@@ -445,26 +347,23 @@ DATADIR_PERMISSION_CONF

            php /var/www/html/occ app:update --all

-            run_upgrade_if_needed_due_to_app_update
-
            # Apply optimization
            echo "Doing some optimizations..."
-            if [ "$NEXTCLOUD_SKIP_DATABASE_OPTIMIZATION" != yes ]; then
-                php /var/www/html/occ maintenance:repair --include-expensive
-                php /var/www/html/occ db:add-missing-indices
-                php /var/www/html/occ db:add-missing-columns
-                php /var/www/html/occ db:add-missing-primary-keys
-                yes | php /var/www/html/occ db:convert-filecache-bigint
-            else
-                php /var/www/html/occ maintenance:repair
-            fi
+            php /var/www/html/occ maintenance:repair
+            php /var/www/html/occ db:add-missing-indices
+            php /var/www/html/occ db:add-missing-columns
+            php /var/www/html/occ db:add-missing-primary-keys
+            yes | php /var/www/html/occ db:convert-filecache-bigint
+            php /var/www/html/occ maintenance:mimetype:update-js
+            php /var/www/html/occ maintenance:mimetype:update-db
        fi
    fi

    # Performing update of all apps if daily backups are enabled, running and successful and if it is saturday
    if [ "$UPDATE_NEXTCLOUD_APPS" = 'yes' ] && [ "$(date +%u)" = 6 ]; then
        UPDATED_APPS="$(php /var/www/html/occ app:update --all)"
-        run_upgrade_if_needed_due_to_app_update
+        # Update all apps again and try to prevent something like https://github.com/nextcloud/polls/issues/2793 from happening
+        php /var/www/html/occ app:update --all
        if [ -n "$UPDATED_APPS" ]; then
             bash /notify.sh "Your apps just got updated!" "$UPDATED_APPS"
        fi
@@ -473,28 +372,23 @@ else
    SKIP_UPDATE=1
 fi

-run_upgrade_if_needed_due_to_app_update
-
 if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
    # Check if appdata is present
    # If not, something broke (e.g. changing ncdatadir after aio was first started)
    if [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
-        echo "Appdata is not present. Did you maybe change the datadir after the initial Nextcloud installation? This is not supported!"
+        echo "Appdata is not present. Did you maybe change the datadir after aio was first started?"
        echo "See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir"
-        echo "If you adjusted the datadir to be located on an external drive, make sure that the drive is still mounted!"
        echo "In the datadir was found:"
        ls -la "$NEXTCLOUD_DATA_DIR/"
        exit 1
    fi

-    # Delete formerly configured tempdirectory as the default is usually faster (if the datadir is on a HDD or network FS)
-    if [ "$(php /var/www/html/occ config:system:get tempdirectory)" = "$NEXTCLOUD_DATA_DIR/tmp/" ]; then
-        php /var/www/html/occ config:system:delete tempdirectory
-        if [ -d "$NEXTCLOUD_DATA_DIR/tmp/" ]; then
-            rm -r "$NEXTCLOUD_DATA_DIR/tmp/"
-        fi
+    # Configure tempdirectory
+    mkdir -p "$NEXTCLOUD_DATA_DIR/tmp/"
+    if ! grep -q upload_tmp_dir /usr/local/etc/php/conf.d/nextcloud.ini; then
+        echo "upload_tmp_dir = $NEXTCLOUD_DATA_DIR/tmp/" >> /usr/local/etc/php/conf.d/nextcloud.ini
    fi
-
+    php /var/www/html/occ config:system:set tempdirectory --value="$NEXTCLOUD_DATA_DIR/tmp/"
 fi

 # Perform fingerprint update if instance was restored
@@ -503,68 +397,25 @@ if [ -f "$NEXTCLOUD_DATA_DIR/fingerprint.update" ]; then
    rm "$NEXTCLOUD_DATA_DIR/fingerprint.update"
 fi

-# Perform preview scan if previews were excluded from restore
-if [ -f "$NEXTCLOUD_DATA_DIR/trigger-preview.scan" ]; then
-    php /var/www/html/occ files:scan-app-data preview -vvv
-    rm "$NEXTCLOUD_DATA_DIR/trigger-preview.scan"
-fi
-
-# AIO one-click settings start # Do not remove or change this line!
 # Apply one-click-instance settings
 echo "Applying one-click-instance settings..."
 php /var/www/html/occ config:system:set one-click-instance --value=true --type=bool
 php /var/www/html/occ config:system:set one-click-instance.user-limit --value=100 --type=int
 php /var/www/html/occ config:system:set one-click-instance.link --value="https://nextcloud.com/all-in-one/"
-# AIO one-click settings end # Do not remove or change this line!
 php /var/www/html/occ app:enable support
-if [ -n "$SUBSCRIPTION_KEY" ] && [ -z "$(php /var/www/html/occ config:app:get support potential_subscription_key)" ]; then
-    php /var/www/html/occ config:app:set support potential_subscription_key --value="$SUBSCRIPTION_KEY"
-    php /var/www/html/occ config:app:delete support last_check
-fi
-if [ -n "$NEXTCLOUD_DEFAULT_QUOTA" ]; then
-    if [ "$NEXTCLOUD_DEFAULT_QUOTA" = "unlimited" ]; then
-        php /var/www/html/occ config:app:delete files default_quota
-    else
-        php /var/www/html/occ config:app:set files default_quota --value="$NEXTCLOUD_DEFAULT_QUOTA"
-    fi
-fi

 # Adjusting log files to be stored on a volume
 echo "Adjusting log files..."
-php /var/www/html/occ config:system:set upgrade.cli-upgrade-link --value="https://github.com/nextcloud/all-in-one/discussions/2726"
 php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
 php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log"
-php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
-if [ -n "$SERVERINFO_TOKEN" ] && [ -z "$(php /var/www/html/occ config:app:get serverinfo token)" ]; then
-    php /var/www/html/occ config:app:set serverinfo token --value="$SERVERINFO_TOKEN"
-fi
-# Set maintenance window so that no warning is shown in the admin overview
-if [ -z "$NEXTCLOUD_MAINTENANCE_WINDOW" ]; then
-    NEXTCLOUD_MAINTENANCE_WINDOW=100
-fi
-php /var/www/html/occ config:system:set maintenance_window_start --type=int --value="$NEXTCLOUD_MAINTENANCE_WINDOW"

 # Apply network settings
 echo "Applying network settings..."
-php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
-php /var/www/html/occ config:system:set davstorage.request_timeout --value="$PHP_MAX_TIME" --type=int
 php /var/www/html/occ config:system:set trusted_domains 1 --value="$NC_DOMAIN"
 php /var/www/html/occ config:system:set overwrite.cli.url --value="https://$NC_DOMAIN/"
-php /var/www/html/occ config:system:set documentation_url.server_logs --value="https://github.com/nextcloud/all-in-one/discussions/5425"
 php /var/www/html/occ config:system:set htaccess.RewriteBase --value="/"
 php /var/www/html/occ maintenance:update:htaccess

-# Revert dbpersistent setting to check if it fixes too many db connections
-php /var/www/html/occ config:system:set dbpersistent --value=false --type=bool
-
-if [ "$DISABLE_BRUTEFORCE_PROTECTION" = yes ]; then
-    php /var/www/html/occ config:system:set auth.bruteforce.protection.enabled --type=bool --value=false
-    php /var/www/html/occ config:system:set ratelimit.protection.enabled --type=bool --value=false
-else
-    php /var/www/html/occ config:system:set auth.bruteforce.protection.enabled --type=bool --value=true
-    php /var/www/html/occ config:system:set ratelimit.protection.enabled --type=bool --value=true
-fi
-
 # Disallow creating local external storages when nothing was mounted
 if [ -z "$NEXTCLOUD_MOUNT" ]; then
    php /var/www/html/occ config:system:set files_external_allow_create_new_local --type=bool --value=false
@@ -572,18 +423,10 @@ else
    php /var/www/html/occ config:system:set files_external_allow_create_new_local --type=bool --value=true
 fi

-# AIO app start # Do not remove or change this line!
 # AIO app
-if [ "$THIS_IS_AIO" = "true" ]; then
-    if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" != "yes" ]; then
-        php /var/www/html/occ app:enable nextcloud-aio
-    fi
-else
-    if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" != "no" ]; then
-        php /var/www/html/occ app:disable nextcloud-aio
-    fi
+if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" != "yes" ]; then
+    php /var/www/html/occ app:enable nextcloud-aio
 fi
-# AIO app end # Do not remove or change this line!

 # Notify push
 if ! [ -d "/var/www/html/custom_apps/notify_push" ]; then
@@ -593,41 +436,12 @@ elif [ "$(php /var/www/html/occ config:app:get notify_push enabled)" != "yes" ];
 elif [ "$SKIP_UPDATE" != 1 ]; then
    php /var/www/html/occ app:update notify_push
 fi
-chmod 775 -R /var/www/html/custom_apps/notify_push/bin/
 php /var/www/html/occ config:system:set trusted_proxies 0 --value="127.0.0.1"
 php /var/www/html/occ config:system:set trusted_proxies 1 --value="::1"
-if [ -n "$ADDITIONAL_TRUSTED_PROXY" ]; then
-    php /var/www/html/occ config:system:set trusted_proxies 2 --value="$ADDITIONAL_TRUSTED_PROXY"
-fi
-
-# Get ipv4-address of Nextcloud
-if [ -z "$NEXTCLOUD_HOST" ]; then
-    export NEXTCLOUD_HOST="nextcloud-aio-nextcloud"
-fi
-IPv4_ADDRESS="$(dig "$NEXTCLOUD_HOST" A +short +search | head -1)" 
-# Bring it in CIDR notation 
-# shellcheck disable=SC2001
-IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|0/16|')" 
-if [ -n "$IPv4_ADDRESS" ]; then
-    php /var/www/html/occ config:system:set trusted_proxies 10 --value="$IPv4_ADDRESS"
-fi
-
-if [ -n "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
-    php /var/www/html/occ config:system:set trusted_domains 2 --value="$ADDITIONAL_TRUSTED_DOMAIN"
-fi
 php /var/www/html/occ config:app:set notify_push base_endpoint --value="https://$NC_DOMAIN/push"

 # Collabora
 if [ "$COLLABORA_ENABLED" = 'yes' ]; then
-    set -x
-    if echo "$COLLABORA_HOST" | grep -q "nextcloud-.*-collabora"; then
-        COLLABORA_HOST="$NC_DOMAIN"
-    fi
-    set +x
-    # Remove richdcoumentscode if it should be incorrectly installed
-    if [ -d "/var/www/html/custom_apps/richdocumentscode" ]; then
-        php /var/www/html/occ app:remove richdocumentscode
-    fi
    if ! [ -d "/var/www/html/custom_apps/richdocuments" ]; then
        php /var/www/html/occ app:install richdocuments
    elif [ "$(php /var/www/html/occ config:app:get richdocuments enabled)" != "yes" ]; then
@@ -635,10 +449,15 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
    elif [ "$SKIP_UPDATE" != 1 ]; then
        php /var/www/html/occ app:update richdocuments
    fi
-    php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$COLLABORA_HOST/"
+    php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$NC_DOMAIN/"
+    # Fix https://github.com/nextcloud/all-in-one/issues/188:
+    php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
    # Make collabora more save
-    COLLABORA_IPv4_ADDRESS="$(dig "$COLLABORA_HOST" A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
-    COLLABORA_IPv6_ADDRESS="$(dig "$COLLABORA_HOST" AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+    COLLABORA_IPv4_ADDRESS="$(echo "<?php echo gethostbyname('$NC_DOMAIN');" | php | head -1)"
+    COLLABORA_IPv6_ADDRESS="<?php \$record = dns_get_record('$NC_DOMAIN', DNS_AAAA);"
+    # shellcheck disable=SC2016
+    COLLABORA_IPv6_ADDRESS+='if (!empty($record)) {echo $record[0]["ipv6"];}'
+    COLLABORA_IPv6_ADDRESS="$(echo "$COLLABORA_IPv6_ADDRESS" | php | head -1)"
    COLLABORA_ALLOW_LIST="$(php /var/www/html/occ config:app:get richdocuments wopi_allowlist)"
    if [ -n "$COLLABORA_IPv4_ADDRESS" ]; then
        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv4_ADDRESS"; then
@@ -649,7 +468,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
            fi
        fi
    else
-        echo "Warning: No ipv4-address found for $COLLABORA_HOST."
+        echo "Warning: No ipv4-address found for $NC_DOMAIN."
    fi
    if [ -n "$COLLABORA_IPv6_ADDRESS" ]; then
        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv6_ADDRESS"; then
@@ -660,24 +479,19 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
            fi
        fi
    else
-        echo "No ipv6-address found for $COLLABORA_HOST."
+        echo "No ipv6-address found for $NC_DOMAIN."
    fi
    if [ -n "$COLLABORA_ALLOW_LIST" ]; then
        PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1'
        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$PRIVATE_IP_RANGES"; then
            COLLABORA_ALLOW_LIST+=",$PRIVATE_IP_RANGES"
        fi
-        if [ -n "$ADDITIONAL_TRUSTED_PROXY" ]; then
-            if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$ADDITIONAL_TRUSTED_PROXY"; then
-                COLLABORA_ALLOW_LIST+=",$ADDITIONAL_TRUSTED_PROXY"
-            fi
-        fi
        php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value="$COLLABORA_ALLOW_LIST"
    else
        echo "Warning: wopi_allowlist is empty which should not be the case!"
    fi
 else
-    if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/richdocuments" ]; then
+    if [ -d "/var/www/html/custom_apps/richdocuments" ]; then
        php /var/www/html/occ app:remove richdocuments
    fi
 fi
@@ -696,26 +510,17 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
        php /var/www/html/occ app:update onlyoffice
    fi
    php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
-    php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
    php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
    php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$NC_DOMAIN/onlyoffice"
+    php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
 else
-    if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/onlyoffice" ] && [ -n "$ONLYOFFICE_SECRET" ] && [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then
+    if [ -d "/var/www/html/custom_apps/onlyoffice" ] && [ -n "$ONLYOFFICE_SECRET" ] && [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then
        php /var/www/html/occ app:remove onlyoffice
    fi
 fi

 # Talk
 if [ "$TALK_ENABLED" = 'yes' ]; then
-    set -x
-    if [ -z "$TALK_HOST" ] || echo "$TALK_HOST" | grep -q "nextcloud-.*-talk"; then
-        TALK_HOST="$NC_DOMAIN"
-        HPB_PATH="/standalone-signaling/"
-    fi
-    if [ -z "$TURN_DOMAIN" ]; then
-        TURN_DOMAIN="$TALK_HOST"
-    fi
-    set +x
    if ! [ -d "/var/www/html/custom_apps/spreed" ]; then
        php /var/www/html/occ app:install spreed
    elif [ "$(php /var/www/html/occ config:app:get spreed enabled)" != "yes" ]; then
@@ -725,38 +530,22 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
    fi
    # Based on https://github.com/nextcloud/spreed/issues/960#issuecomment-416993435
    if [ -z "$(php /var/www/html/occ talk:turn:list --output="plain")" ]; then
-        # shellcheck disable=SC2153
-        php /var/www/html/occ talk:turn:add turn "$TURN_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
+        php /var/www/html/occ talk:turn:add turn "$NC_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
    fi
    STUN_SERVER="$(php /var/www/html/occ talk:stun:list --output="plain")"
    if [ -z "$STUN_SERVER" ] || echo "$STUN_SERVER" | grep -oP '[a-zA-Z.:0-9]+' | grep -q "^stun.nextcloud.com:443$"; then
-        php /var/www/html/occ talk:stun:add "$TURN_DOMAIN:$TALK_PORT"
+        php /var/www/html/occ talk:stun:add "$NC_DOMAIN:$TALK_PORT"
        php /var/www/html/occ talk:stun:delete "stun.nextcloud.com:443"
    fi
-    if ! php /var/www/html/occ talk:signaling:list --output="plain" | grep -q "https://$TALK_HOST$HPB_PATH"; then
-        php /var/www/html/occ talk:signaling:add "https://$TALK_HOST$HPB_PATH" "$SIGNALING_SECRET" --verify
+    if ! php /var/www/html/occ talk:signaling:list --output="plain" | grep -q "https://$NC_DOMAIN/standalone-signaling/"; then
+        php /var/www/html/occ talk:signaling:add "https://$NC_DOMAIN/standalone-signaling/" "$SIGNALING_SECRET" --verify
    fi
 else
-    if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/spreed" ]; then
+    if [ -d "/var/www/html/custom_apps/spreed" ]; then
        php /var/www/html/occ app:remove spreed
    fi
 fi

-# Talk recording
-if [ -d "/var/www/html/custom_apps/spreed" ]; then
-    if [ "$TALK_RECORDING_ENABLED" = 'yes' ]; then
-        while ! nc -z "$TALK_RECORDING_HOST" 1234; do
-            echo "waiting for Talk Recording to become available..."
-            sleep 5
-        done
-        # TODO: migrate to occ command if that becomes available
-        RECORDING_SERVERS_STRING="{\"servers\":[{\"server\":\"http://$TALK_RECORDING_HOST:1234/\",\"verify\":true}],\"secret\":\"$RECORDING_SECRET\"}"
-        php /var/www/html/occ config:app:set spreed recording_servers --value="$RECORDING_SERVERS_STRING"
-    else
-        php /var/www/html/occ config:app:delete spreed recording_servers
-    fi
-fi
-
 # Clamav
 if [ "$CLAMAV_ENABLED" = 'yes' ]; then
    count=0
@@ -779,30 +568,29 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then
        php /var/www/html/occ config:app:set files_antivirus av_mode --value="daemon"
        php /var/www/html/occ config:app:set files_antivirus av_port --value="3310"
        php /var/www/html/occ config:app:set files_antivirus av_host --value="$CLAMAV_HOST"
-        php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="$CLAMAV_MAX_SIZE"
-        php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="$CLAMAV_MAX_SIZE"
+        php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="104857600"
+        php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="-1"
        php /var/www/html/occ config:app:set files_antivirus av_infected_action --value="only_log"
    fi
 else
-    if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
+    if [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
        php /var/www/html/occ app:remove files_antivirus
    fi
 fi

 # Imaginary
-if [ "$IMAGINARY_ENABLED" = 'yes' ]; then
-    php /var/www/html/occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\Imaginary"
-    php /var/www/html/occ config:system:set enabledPreviewProviders 23 --value="OC\\Preview\\ImaginaryPDF"
-    php /var/www/html/occ config:system:set preview_imaginary_url --value="http://$IMAGINARY_HOST:9000"
-    php /var/www/html/occ config:system:set preview_imaginary_key --value="$IMAGINARY_SECRET"
-else
-    if [ -n "$(php /var/www/html/occ config:system:get preview_imaginary_url)" ]; then
-        php /var/www/html/occ config:system:delete enabledPreviewProviders 0
-        php /var/www/html/occ config:system:delete preview_imaginary_url
-        php /var/www/html/occ config:system:delete enabledPreviewProviders 20
-        php /var/www/html/occ config:system:delete enabledPreviewProviders 21
-        php /var/www/html/occ config:system:delete enabledPreviewProviders 22
-        php /var/www/html/occ config:system:delete enabledPreviewProviders 23
+if version_greater "$installed_version" "24.0.0.0"; then
+    if [ "$IMAGINARY_ENABLED" = 'yes' ]; then
+        php /var/www/html/occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\Imaginary"
+        php /var/www/html/occ config:system:set preview_imaginary_url --value="http://$IMAGINARY_HOST:9000"
+    else
+        if [ -n "$(php /var/www/html/occ config:system:get preview_imaginary_url)" ]; then
+            php /var/www/html/occ config:system:delete enabledPreviewProviders 0
+            php /var/www/html/occ config:system:delete preview_imaginary_url
+            php /var/www/html/occ config:system:delete enabledPreviewProviders 20
+            php /var/www/html/occ config:system:delete enabledPreviewProviders 21
+            php /var/www/html/occ config:system:delete enabledPreviewProviders 22
+        fi
    fi
 fi

@@ -834,7 +622,7 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
        php /var/www/html/occ app:update files_fulltextsearch
    fi
    php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
-    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://elastic:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:9200\",\"elastic_index\":\"nextcloud-aio\"}"
+    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_HOST:9200\",\"elastic_index\":\"nextcloud-aio\"}"
    php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}"

    # Do the index
@@ -850,51 +638,14 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
        fi
    fi
 else
-    if [ "$REMOVE_DISABLED_APPS" = yes ]; then
-        if [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then
-            php /var/www/html/occ app:remove fulltextsearch
-        fi
-        if [ -d "/var/www/html/custom_apps/fulltextsearch_elasticsearch" ]; then
-            php /var/www/html/occ app:remove fulltextsearch_elasticsearch
-        fi
-        if [ -d "/var/www/html/custom_apps/files_fulltextsearch" ]; then
-            php /var/www/html/occ app:remove files_fulltextsearch
-        fi
+    if [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then
+        php /var/www/html/occ app:remove fulltextsearch
    fi
-fi
-
-# Docker socket proxy
-# app_api is a shipped app
-if [ -d "/var/www/html/custom_apps/app_api" ]; then
-    php /var/www/html/occ app:disable app_api
-    rm -r "/var/www/html/custom_apps/app_api"
-fi
-if [ "$DOCKER_SOCKET_PROXY_ENABLED" = 'yes' ]; then
-    if [ "$(php /var/www/html/occ config:app:get app_api enabled)" != "yes" ]; then
-        php /var/www/html/occ app:enable app_api
+    if [ -d "/var/www/html/custom_apps/fulltextsearch_elasticsearch" ]; then
+        php /var/www/html/occ app:remove fulltextsearch_elasticsearch
    fi
-else
-    if [ "$REMOVE_DISABLED_APPS" = yes ]; then
-        if [ "$(php /var/www/html/occ config:app:get app_api enabled)" != "no" ]; then
-            php /var/www/html/occ app:disable app_api
-        fi
-    fi
-fi
-
-# Whiteboard app
-if [ "$WHITEBOARD_ENABLED" = 'yes' ]; then
-    if ! [ -d "/var/www/html/custom_apps/whiteboard" ]; then
-        php /var/www/html/occ app:install whiteboard
-    elif [ "$(php /var/www/html/occ config:app:get whiteboard enabled)" != "yes" ]; then
-        php /var/www/html/occ app:enable whiteboard
-    elif [ "$SKIP_UPDATE" != 1 ]; then
-        php /var/www/html/occ app:update whiteboard
-    fi
-    php /var/www/html/occ config:app:set whiteboard collabBackendUrl --value="https://$NC_DOMAIN/whiteboard"
-    php /var/www/html/occ config:app:set whiteboard jwt_secret_key --value="$WHITEBOARD_SECRET"
-else
-    if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/whiteboard" ]; then
-        php /var/www/html/occ app:remove whiteboard
+    if [ -d "/var/www/html/custom_apps/files_fulltextsearch" ]; then
+        php /var/www/html/occ app:remove files_fulltextsearch
    fi
 fi

--- a/Containers/nextcloud/healthcheck.sh
+++ b/Containers/nextcloud/healthcheck.sh
@@ -1,15 +1,7 @@
 #!/bin/bash

-# Set a default value for POSTGRES_PORT
-if [ -z "$POSTGRES_PORT" ]; then
-    POSTGRES_PORT=5432
-fi
+nc -z "$POSTGRES_HOST" 5432 || exit 0

-
-# POSTGRES_HOST must be set in the containers env vars and POSTGRES_PORT has a default above
-# shellcheck disable=SC2153
-nc -z "$POSTGRES_HOST" "$POSTGRES_PORT" || exit 0
-
-if ! nc -z 127.0.0.1 9000; then
+if ! nc -z localhost 9000 || ! nc -z localhost 7867; then
    exit 1
 fi
--- a/Containers/nextcloud/notify-all.sh
+++ b/Containers/nextcloud/notify-all.sh
@@ -20,7 +20,7 @@ mapfile -t NC_USERS <<< "$NC_USERS"
 for user in "${NC_USERS[@]}"
 do
    echo "Posting '$SUBJECT' to: $user"
-    "${COMMAND[@]}" notification:generate "$user" "$NC_DOMAIN: $SUBJECT" -l "$MESSAGE" --object-type='update' --object-id="$SUBJECT"
+    "${COMMAND[@]}" notification:generate "$user" "$NC_DOMAIN: $SUBJECT" -l "$MESSAGE"
 done

 echo "Done!"
--- a/Containers/nextcloud/notify.sh
+++ b/Containers/nextcloud/notify.sh
@@ -28,7 +28,7 @@ done
 for admin in "${NC_ADMIN_USER[@]}"
 do
    echo "Posting '$SUBJECT' to: $admin"
-    "${COMMAND[@]}" notification:generate "$admin" "$NC_DOMAIN: $SUBJECT" -l "$MESSAGE" --object-type='update' --object-id="$SUBJECT"
+    "${COMMAND[@]}" notification:generate "$admin" "$NC_DOMAIN: $SUBJECT" -l "$MESSAGE"
 done

 echo "Done!"
--- a/Containers/nextcloud/root.motd
+++ b/Containers/nextcloud/root.motd
@@ -1,4 +0,0 @@
-Warning: You have logged in into the Nextcloud container as root user.
-See https://github.com/nextcloud/all-in-one#how-to-run-occ-commands if you want to run occ commands.
-Apart from that, you can use 'sudo -u www-data -E php occ <your-command>' in order to run occ commands.
-Of course <your-command> needs to be substituted with the command that you want to use.
--- a/Containers/nextcloud/run-exec-commands.sh
+++ b/Containers/nextcloud/run-exec-commands.sh
@@ -1,29 +0,0 @@
-#!/bin/bash
-
-# Wait until the apache container is ready
-while ! nc -z "$APACHE_HOST" "$APACHE_PORT"; do
-    echo "Waiting for Apache to become available..."
-    sleep 15
-done
-
-if [ -n "$NEXTCLOUD_EXEC_COMMANDS" ]; then
-    echo "#!/bin/bash" > /tmp/nextcloud-exec-commands
-    echo "$NEXTCLOUD_EXEC_COMMANDS" >> /tmp/nextcloud-exec-commands
-    if ! grep "one-click-instance" /tmp/nextcloud-exec-commands; then
-        bash /tmp/nextcloud-exec-commands
-        rm /tmp/nextcloud-exec-commands
-    fi
-else
-    # Collabora must work also if using manual-install 
-    if [ "$COLLABORA_ENABLED" = yes ]; then
-        echo "Activating Collabora config..."
-        php /var/www/html/occ richdocuments:activate-config
-    fi
-    # OnlyOffice must work also if using manual-install
-    if [ "$ONLYOFFICE_ENABLED" = yes ]; then
-        echo "Activating OnlyOffice config..."
-        php /var/www/html/occ onlyoffice:documentserver --check
-    fi
-fi
-
-sleep inf
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -1,14 +1,7 @@
 #!/bin/bash

-# Set a default value for POSTGRES_PORT
-if [ -z "$POSTGRES_PORT" ]; then
-    POSTGRES_PORT=5432
-fi
-
 # Only start container if database is accessible
-# POSTGRES_HOST must be set in the containers env vars and POSTGRES_PORT has a default above
-# shellcheck disable=SC2153
-while ! sudo -u www-data nc -z "$POSTGRES_HOST" "$POSTGRES_PORT"; do
+while ! sudo -u www-data nc -z "$POSTGRES_HOST" 5432; do
    echo "Waiting for database to start..."
    sleep 5
 done
@@ -17,15 +10,10 @@ done
 POSTGRES_USER="oc_$POSTGRES_USER"
 export POSTGRES_USER

-# Check that db type is not empty
-if [ -z "$DATABASE_TYPE" ]; then
-    export DATABASE_TYPE=postgres
-fi
-
 # Fix false database connection on old instances
 if [ -f "/var/www/html/config/config.php" ]; then
    sleep 2
-    while ! sudo -u www-data psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB" -c "select now()"; do
+    while ! sudo -u www-data psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:5432/$POSTGRES_DB" -c "select now()"; do
        echo "Waiting for the database to start..."
        sleep 5
    done
@@ -46,7 +34,7 @@ fi
 # Check if /dev/dri device is present and apply correct permissions
 set -x
 if ! [ -f "/dev-dri-group-was-added" ] && [ -n "$(find /dev -maxdepth 1 -mindepth 1 -name dri)" ] && [ -n "$(find /dev/dri -maxdepth 1 -mindepth 1 -name renderD128)" ]; then
-    # From https://memories.gallery/hw-transcoding/#docker-installations
+    # From https://github.com/pulsejet/memories/wiki/QSV-Transcoding#docker-installations
    GID="$(stat -c "%g" /dev/dri/renderD128)"
    groupadd -g "$GID" render2 || true # sometimes this is needed
    GROUP="$(getent group "$GID" | cut -d: -f1)"
@@ -66,17 +54,11 @@ sudo -u www-data rm -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
 # Install additional dependencies
 if [ -n "$ADDITIONAL_APKS" ]; then
    if ! [ -f "/additional-apks-are-installed" ]; then
-        # Allow to disable imagemagick without having to download it each time
-        if ! echo "$ADDITIONAL_APKS" | grep -q imagemagick; then
-            apk del imagemagick imagemagick-svg imagemagick-heic imagemagick-tiff;
-        fi
        read -ra ADDITIONAL_APKS_ARRAY <<< "$ADDITIONAL_APKS"
        for app in "${ADDITIONAL_APKS_ARRAY[@]}"; do
-            if [ "$app" != imagemagick ]; then
-                echo "Installing $app via apk..."
-                if ! apk add --no-cache "$app" >/dev/null; then
-                    echo "The packet $app was not installed!"
-                fi
+            echo "Installing $app via apk..."
+            if ! apk add --no-cache "$app" >/dev/null; then
+                echo "The packet $app was not installed!"
            fi
        done
    fi
@@ -137,7 +119,7 @@ if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
                    | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
            )";
            # shellcheck disable=SC2086
-            apk add --no-cache --virtual .nextcloud-phpext-rundeps $runDeps >/dev/null
+            apk add --virtual .nextcloud-phpext-rundeps $runDeps >/dev/null
            apk del .build-deps >/dev/null
        fi
    fi
@@ -149,25 +131,14 @@ if ! sudo -E -u www-data bash /entrypoint.sh; then
    exit 1
 fi

-while [ "$THIS_IS_AIO" = "true" ] && [ -z "$(dig nextcloud-aio-apache A +short +search)" ]; do
-    echo "Waiting for nextcloud-aio-apache to start..."
-    sleep 5
-done
-
-set -x
-# shellcheck disable=SC2235
-if [ "$THIS_IS_AIO" = "true" ] && [ "$APACHE_PORT" = 443 ]; then
-    IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
-    IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-    IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
-    IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-
-    sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
-    sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER|" /usr/local/etc/php-fpm.d/www.conf
-    sed -i "/^listen.allowed_clients/s/,,/,/g" /usr/local/etc/php-fpm.d/www.conf
-    sed -i "/^listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
-    grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
+# Correctly set CPU_ARCH for notify_push
+CPU_ARCH="$(uname -m)"
+export CPU_ARCH
+if [ -z "$CPU_ARCH" ]; then
+    echo "Could not get processor architecture. Exiting."
+    exit 1
+elif [ "$CPU_ARCH" != "x86_64" ]; then
+    export CPU_ARCH="aarch64"
 fi
-set +x

-exec "$@"
+exec "$@"
--- a/Containers/nextcloud/supervisord.conf
+++ b/Containers/nextcloud/supervisord.conf
@@ -25,19 +25,18 @@ stderr_logfile_maxbytes=0
 command=/cron.sh
 user=www-data

-[program:run-exec-commands]
+[program:notify-push]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=/run-exec-commands.sh
+command=/var/www/html/custom_apps/notify_push/bin/%(ENV_CPU_ARCH)s/notify_push /var/www/html/config/config.php --port 7867 --redis-url redis://:%(ENV_REDIS_HOST_PASSWORD)s@%(ENV_REDIS_HOST)s
 user=www-data

-# This is a hack but no better solution is there
-[program:is-nextcloud-online]
+[program:activate-collabora]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=nc -lk 9001
+command=/activate-collabora.sh
 user=www-data
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,24 +0,0 @@
-# syntax=docker/dockerfile:latest
-FROM alpine:3.21.2
-
-COPY --chmod=775 start.sh /start.sh
-COPY --chmod=775 healthcheck.sh /healthcheck.sh
-
-RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache \
-        ca-certificates \
-        netcat-openbsd \
-        tzdata \
-        bash \
-        openssl; \
-# Give root a random password
-    echo "root:$(openssl rand -base64 12)" | chpasswd; \
-    apk del --no-cache \
-        openssl;
-
-USER 33
-ENTRYPOINT ["/start.sh"]
-
-HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
--- a/Containers/notify-push/healthcheck.sh
+++ b/Containers/notify-push/healthcheck.sh
@@ -1,7 +0,0 @@
-#!/bin/bash
-
-if ! nc -z "$NEXTCLOUD_HOST" 9001; then
-    exit 0
-fi
-
-nc -z 127.0.0.1 7867 || exit 1
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -1,73 +0,0 @@
-#!/bin/bash
-
-if [ -z "$NEXTCLOUD_HOST" ]; then
-    echo "NEXTCLOUD_HOST needs to be provided. Exiting!"
-    exit 1
-elif [ -z "$POSTGRES_HOST" ]; then
-    echo "POSTGRES_HOST needs to be provided. Exiting!"
-    exit 1
-elif [ -z "$REDIS_HOST" ]; then
-    echo "REDIS_HOST needs to be provided. Exiting!"
-    exit 1
-fi
-
-# Only start container if nextcloud is accessible
-while ! nc -z "$NEXTCLOUD_HOST" 9001; do
-    echo "Waiting for Nextcloud to start..."
-    sleep 5
-done
-
-# Correctly set CPU_ARCH for notify_push
-CPU_ARCH="$(uname -m)"
-export CPU_ARCH
-if [ -z "$CPU_ARCH" ]; then
-    echo "Could not get processor architecture. Exiting."
-    exit 1
-elif [ "$CPU_ARCH" != "x86_64" ]; then
-    export CPU_ARCH="aarch64"
-fi
-
-# Add warning
-if ! [ -f /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ]; then
-    echo "The notify_push binary was not found."
-    echo "Most likely is DNS resolution not working correctly."
-    echo "You can try to fix this by configuring a DNS server globally in dockers daemon.json."
-    echo "See https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html"
-    echo "Afterwards a restart of docker should automatically resolve this."
-    echo "Additionally, make sure to disable VPN software that might be running on your server"
-    echo "Also check your firewall if it blocks connections to github"
-    echo "If it should still not work afterwards, feel free to create a new thread at https://github.com/nextcloud/all-in-one/discussions/new?category=questions and post the Nextcloud container logs there."
-    echo ""
-    echo ""
-    exit 1
-fi
-
-echo "notify-push was started"
-
-# Set a default value for POSTGRES_PORT
-if [ -z "$POSTGRES_PORT" ]; then
-    POSTGRES_PORT=5432
-fi
-# Set a default for redis db index
-if [ -z "$REDIS_DB_INDEX" ]; then
-    REDIS_DB_INDEX=0
-fi
-# Set a default for db type
-if [ -z "$DATABASE_TYPE" ]; then
-    DATABASE_TYPE=postgres
-elif [ "$DATABASE_TYPE" != postgres ] && [ "$DATABASE_TYPE" != mysql ]; then
-    echo "DB type must be either postgres or mysql"
-    exit 1
-fi
-
-# Set sensitive values as env
-export DATABASE_URL="$DATABASE_TYPE://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST:$POSTGRES_PORT/$POSTGRES_DB"
-export REDIS_URL="redis://$REDIS_USER:$REDIS_HOST_PASSWORD@$REDIS_HOST/$REDIS_DB_INDEX"
-
-# Run it
-/nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \
-    --database-prefix="oc_" \
-    --nextcloud-url "https://$NC_DOMAIN" \
-    --port 7867
-
-exec "$@"
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,10 +1,5 @@
-# syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:8.2.2.1
+FROM onlyoffice/documentserver:7.3.3.49

-# USER root is probably used
-
-COPY --chmod=775 healthcheck.sh /healthcheck.sh
-
-HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+HEALTHCHECK CMD nc -z localhost 80 || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/onlyoffice/healthcheck.sh
+++ b/Containers/onlyoffice/healthcheck.sh
@@ -1,3 +0,0 @@
-#!/bin/bash
-
-nc -z 127.0.0.1 80 || exit 1
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,46 +1,39 @@
-# syntax=docker/dockerfile:latest
-# From https://github.com/docker-library/postgres/blob/master/16/alpine3.21/Dockerfile
-FROM postgres:16.6-alpine
+# From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
+FROM postgres:15.2-alpine

-COPY --chmod=775 start.sh /start.sh
-COPY --chmod=775 healthcheck.sh /healthcheck.sh
-COPY --chmod=775 init-user-db.sh /docker-entrypoint-initdb.d/init-user-db.sh
+RUN apk add --no-cache bash openssl shadow grep mawk

-RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache \
-        bash \
-        openssl \
-        shadow \
-        grep; \
-    \
 # We need to use the same gid and uid as on old installations
+RUN set -ex; \
    deluser postgres; \
    groupmod -g 9999 ping; \
    addgroup -g 999 -S postgres; \
-    adduser -u 999 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
-    apk del --no-cache shadow; \
-    \
+    adduser -u 999 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres
+
 # Fix default permissions
+RUN set -ex; \
    chown -R postgres:postgres /var/lib/postgresql; \
    chown -R postgres:postgres /var/run/postgresql; \
-    chmod -R 777 /var/run/postgresql; \
-    chown -R postgres:postgres "$PGDATA"; \
-    \
-    mkdir /mnt/data; \
-    chown postgres:postgres /mnt/data; \
-    \
-# Give root a random password
-    echo "root:$(openssl rand -base64 12)" | chpasswd; \
-    apk --no-cache del openssl; \
-    \
-# Get rid of unused binaries
-    rm -f /usr/local/bin/gosu /usr/local/bin/su-exec;
+    chown -R postgres:postgres "$PGDATA"
+
+COPY start.sh /usr/bin/
+COPY healthcheck.sh /usr/bin/
+COPY init-user-db.sh /docker-entrypoint-initdb.d/
+RUN set -ex; \
+    chmod +x /usr/bin/start.sh; \
+    chmod +xr /docker-entrypoint-initdb.d/init-user-db.sh; \
+    chmod +x /usr/bin/healthcheck.sh
+
+RUN mkdir /mnt/data; \
+    chown postgres:postgres /mnt/data;

 VOLUME /mnt/data

-USER 999
-ENTRYPOINT ["/start.sh"]
+# Give root a random password
+RUN echo "root:$(openssl rand -base64 12)" | chpasswd

-HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+USER postgres
+ENTRYPOINT ["start.sh"]
+
+HEALTHCHECK CMD healthcheck.sh
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/postgresql/healthcheck.sh
+++ b/Containers/postgresql/healthcheck.sh
@@ -2,6 +2,4 @@

 test -f "/mnt/data/backup-is-running" && exit 0

-psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@127.0.0.1:11000/$POSTGRES_DB" -c "select now()" && exit 0
-
-psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@127.0.0.1:5432/$POSTGRES_DB" -c "select now()" || exit 1
+psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/$POSTGRES_DB" -c "select now()" || exit 1
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -31,7 +31,7 @@ fi
 if [ -f "$DUMP_DIR/initialization.failed" ]; then
    echo "The database initialization failed. Most likely was a wrong timezone selected."
    echo "The selected timezone is '$TZ'." 
-    echo "Please check if it is in the 'TZ identifier' column of the timezone list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"
+    echo "Please check if it is in 'TZ database name' column of the timezone list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"
    echo "For further clues on what went wrong, look at the logs above."
    echo "You might start again from scratch by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance and selecting a proper timezone."
    exit 1
@@ -85,21 +85,21 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
    exec docker-entrypoint.sh postgres &

    # Wait for creation
-    while ! psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@127.0.0.1:11000/$POSTGRES_DB" -c "select now()"; do
+    while ! psql -d "postgresql://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:11000/$POSTGRES_DB" -c "select now()"; do
        echo "Waiting for the database to start."
        sleep 5
    done

    # Check if the line we grep for later on is there
    GREP_STRING='Name: oc_appconfig; Type: TABLE; Schema: public; Owner:'
-    if ! grep -qa "$GREP_STRING" "$DUMP_FILE"; then
+    if ! grep -q "$GREP_STRING" "$DUMP_FILE"; then
        echo "The needed oc_appconfig line is not there which is unexpected."
        echo "Please report this to https://github.com/nextcloud/all-in-one/issues. Thanks!"
        exit 1
    fi

    # Get the Owner
-    DB_OWNER="$(grep -a "$GREP_STRING" "$DUMP_FILE" | head -1 | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g')"
+    DB_OWNER="$(grep "$GREP_STRING" "$DUMP_FILE" | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g')"
    if [ "$DB_OWNER" = "$POSTGRES_USER" ]; then
        echo "Unfortunately was the found database owner of the dump file the same as the POSTGRES_USER $POSTGRES_USER"
        echo "It is not possible to import a database dump from this database owner."
@@ -146,51 +146,32 @@ if ! [ -f "$DATADIR/PG_VERSION" ] && ! [ -f "$DUMP_FILE" ]; then
    rm -rf "${DATADIR:?}/"*
 fi

-# Modify postgresql.conf
-if [ -f "/var/lib/postgresql/data/postgresql.conf" ]; then
-    echo "Setting postgres values..."
-
-    # Sync this with max pm.max_children and MaxRequestWorkers
-    # 5000 connections is apparently the highest possible value with postgres so set it to that so that we don't run into a limit here.
-    # We don't actually expect so many connections but don't want to limit it artificially because people will report issues otherwise
-    # Also connections should usually be closed again after the process is done
-    # If we should actually exceed this limit, it is definitely a bug in Nextcloud server or some of its apps that does not close connections correctly and not a bug in AIO
-    sed -i "s|^max_connections =.*|max_connections = 5000|" "/var/lib/postgresql/data/postgresql.conf"
-
-    # Do not log checkpoints
-    if grep -q "#log_checkpoints" /var/lib/postgresql/data/postgresql.conf; then
-        sed -i 's|#log_checkpoints.*|log_checkpoints = off|' /var/lib/postgresql/data/postgresql.conf
-    fi
-
-    # Closing idling connections automatically seems to break any logic so was reverted again to default where it is disabled
-    if grep -q "^idle_session_timeout" /var/lib/postgresql/data/postgresql.conf; then
-        sed -i 's|^idle_session_timeout.*|#idle_session_timeout|' /var/lib/postgresql/data/postgresql.conf
-    fi
+echo "Setting max connections..."
+MEMORY=$(mawk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
+MAX_CONNECTIONS=$((MEMORY/50+3))
+if [ -n "$MAX_CONNECTIONS" ]; then
+    sed -i "s|^max_connections =.*|max_connections = $MAX_CONNECTIONS|" "/var/lib/postgresql/data/postgresql.conf"
 fi

-do_database_dump() {
-    set -x
-    rm -f "$DUMP_FILE.temp"
-    touch "$DUMP_DIR/export.failed"
-    if pg_dump --username "$POSTGRES_USER" "$POSTGRES_DB" > "$DUMP_FILE.temp"; then
-        rm -f "$DUMP_FILE"
-        mv "$DUMP_FILE.temp" "$DUMP_FILE"
-        pg_ctl stop -m fast
-        rm "$DUMP_DIR/export.failed"
-        echo 'Database dump successful!'
-        set +x
-        exit 0
-    else
-        pg_ctl stop -m fast
-        echo "Database dump unsuccessful!"
-        set +x
-        exit 1
-    fi
-}
-
 # Catch docker stop attempts
-trap do_database_dump SIGINT SIGTERM
+trap 'true' SIGINT SIGTERM

 # Start the database
 exec docker-entrypoint.sh postgres &
 wait $!
+
+# Continue with shutdown procedure: do database dump, etc.
+rm -f "$DUMP_FILE.temp"
+touch "$DUMP_DIR/export.failed"
+if pg_dump --username "$POSTGRES_USER" "$POSTGRES_DB" > "$DUMP_FILE.temp"; then
+    rm -f "$DUMP_FILE"
+    mv "$DUMP_FILE.temp" "$DUMP_FILE"
+    pg_ctl stop -m fast
+    rm "$DUMP_DIR/export.failed"
+    echo 'Database dump successful!'
+    exit 0
+else
+    pg_ctl stop -m fast
+    echo "Database dump unsuccessful!"
+    exit 1
+fi
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,23 +1,16 @@
-# syntax=docker/dockerfile:latest
-# From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile
-FROM redis:7.2.7-alpine
+# From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
+FROM redis:7.0.10-alpine

-COPY --chmod=775 start.sh /start.sh
+RUN apk add --no-cache openssl bash
+
+COPY start.sh /usr/bin/
+RUN chmod +x /usr/bin/start.sh

-RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache openssl bash; \
-    \
 # Give root a random password
-    echo "root:$(openssl rand -base64 12)" | chpasswd; \
-    \
-# Get rid of unused binaries
-    rm -f /usr/local/bin/gosu;
+RUN echo "root:$(openssl rand -base64 12)" | chpasswd

-COPY --chmod=775 healthcheck.sh /healthcheck.sh
+USER redis
+ENTRYPOINT ["start.sh"]

-USER 999
-ENTRYPOINT ["/start.sh"]
-
-HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+HEALTHCHECK CMD redis-cli -a $REDIS_HOST_PASSWORD PING || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/redis/healthcheck.sh
+++ b/Containers/redis/healthcheck.sh
@@ -1,3 +0,0 @@
-#!/bin/bash
-
-redis-cli -a "$REDIS_HOST_PASSWORD" PING || exit 1
--- a/Containers/redis/start.sh
+++ b/Containers/redis/start.sh
@@ -7,11 +7,10 @@ if [ "$(sysctl -n vm.overcommit_memory)" != "1" ]; then
 fi

 # Run redis with a password if provided
-echo "Redis has started"
 if [ -n "$REDIS_HOST_PASSWORD" ]; then
-    exec redis-server --requirepass "$REDIS_HOST_PASSWORD" --loglevel warning
+    exec redis-server --requirepass "$REDIS_HOST_PASSWORD"
 else
-    exec redis-server --loglevel warning
+    exec redis-server
 fi

 exec "$@"
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,59 +0,0 @@
-# syntax=docker/dockerfile:latest
-FROM python:3.13.1-alpine3.21
-
-COPY --chmod=775 start.sh /start.sh
-COPY --chmod=775 healthcheck.sh /healthcheck.sh
-
-ENV RECORDING_VERSION=v0.1
-ENV ALLOW_ALL=false
-ENV HPB_PROTOCOL=https
-ENV SKIP_VERIFY=false
-ENV HPB_PATH=/standalone-signaling/
-
-RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache \
-        ca-certificates \
-        tzdata \
-        bash \
-        xvfb \
-        ffmpeg \
-        firefox \
-        bind-tools \
-        netcat-openbsd \
-        git \
-        wget \
-        shadow \
-        pulseaudio \
-        openssl \
-        build-base \
-        linux-headers \
-        geckodriver; \
-    useradd -d /tmp --system recording -u 122; \
-# Give root a random password
-    echo "root:$(openssl rand -base64 12)" | chpasswd; \
-    git clone --recursive https://github.com/nextcloud/nextcloud-talk-recording --depth=1 --single-branch --branch "$RECORDING_VERSION" /src; \
-    python3 -m pip install --no-cache-dir /src; \
-    rm -rf /src; \
-    touch /etc/recording.conf; \
-    chown recording:recording -R \
-        /tmp /etc/recording.conf; \
-    mkdir -p /conf; \
-    chmod 777 /conf; \
-    chmod 777 /tmp; \
-    apk del --no-cache \
-        git \
-        wget \
-        shadow \
-        openssl \
-        build-base \
-        linux-headers;
-
-VOLUME /tmp
-WORKDIR /tmp
-USER 122
-ENTRYPOINT ["/start.sh"]
-CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/conf/recording.conf"]
-
-HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
szaimen	6063db801c	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2026-05-16 07:26:45 +00:00
szaimen	22da7408a5	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2026-05-13 14:10:42 +00:00
Simon L.	8423dc785a	Revert "Update index.yaml" This reverts commit `4dd278bab9`.	2026-05-13 16:07:06 +02:00
Simon L.	cbf558f01c	Revert "Update index.yaml" This reverts commit `a28409c858`.	2026-05-13 16:07:00 +02:00
szaimen	a28409c858	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2026-05-13 09:19:47 +00:00
szaimen	4dd278bab9	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2026-05-13 09:18:29 +00:00
szaimen	4c47dddc2e	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2026-04-09 09:59:15 +00:00
szaimen	9d754ec537	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2026-03-06 08:18:33 +00:00
szaimen	0ba0ace5e1	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2026-02-18 12:44:05 +00:00
szaimen	30fffcba07	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2026-02-11 14:28:44 +00:00
szaimen	ae86b688f6	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2026-01-22 14:27:34 +00:00
szaimen	7460e78e98	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2026-01-14 11:56:43 +00:00
szaimen	ad2d53180b	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-12-18 10:02:56 +00:00
szaimen	b7730b46a6	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-12-10 13:41:10 +00:00
szaimen	4fb6b0d57b	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-11-28 09:00:14 +00:00
szaimen	c7afd4f90e	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-10-31 12:29:07 +00:00
szaimen	b470a6051a	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-10-15 08:44:28 +00:00
szaimen	3a298076ba	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-09-27 08:19:20 +00:00
szaimen	0662e57d9b	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-09-18 09:33:41 +00:00
szaimen	3defa4967f	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-09-05 10:15:50 +00:00
szaimen	4b19f4c0a3	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-08-22 11:38:12 +00:00
szaimen	c2ba3481a6	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-08-11 12:03:26 +00:00
szaimen	6aafc753d4	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-07-17 09:31:27 +00:00
szaimen	206fbf8422	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-07-10 08:55:03 +00:00
szaimen	ac966412cf	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-07-01 11:54:02 +00:00
szaimen	e64121a977	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-06-19 08:34:22 +00:00
szaimen	ff22ab211f	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-06-10 12:35:00 +00:00
szaimen	33a917c163	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-05-26 13:29:23 +00:00
Simon L.	f4dd1cf5d0	Revert "Update index.yaml" This reverts commit `0b5e8110c1`.	2025-05-26 15:28:04 +02:00
szaimen	0b5e8110c1	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-05-26 12:47:42 +00:00
szaimen	2d00da6012	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-05-12 08:47:50 +00:00
szaimen	3692457b00	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-04-24 09:59:17 +00:00
szaimen	0bd1512549	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-04-17 08:58:40 +00:00
szaimen	136f1c884e	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-04-08 08:22:21 +00:00
szaimen	72b6e60400	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-03-31 08:47:04 +00:00
szaimen	be6c5d3714	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-03-25 09:47:09 +00:00
szaimen	cb07f18cc8	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-03-06 09:46:09 +00:00
szaimen	fdaf675dd1	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-02-25 13:01:03 +00:00
szaimen	4e1c8dd95e	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-02-04 11:04:54 +00:00
szaimen	a4915339ad	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-01-22 10:12:10 +00:00
szaimen	52a19f75f7	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-01-14 10:47:51 +00:00
szaimen	8cc9d73d93	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-01-06 11:07:45 +00:00
szaimen	ad61683b8d	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-12-16 14:06:57 +00:00
szaimen	8a8b0721ef	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-12-16 12:48:12 +00:00
szaimen	1ee210b481	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-12-16 10:50:19 +00:00
szaimen	1274ebd000	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-12-03 14:16:27 +00:00
szaimen	b1c38e03c9	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-11-26 10:17:01 +00:00
szaimen	fdf4e5dc4a	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-11-06 15:32:42 +00:00
szaimen	0d6cabc3ba	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-10-17 09:57:05 +00:00
szaimen	cc0923c84d	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-09-25 08:27:20 +00:00
szaimen	cb2a69f32f	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-09-14 06:46:11 +00:00
Simon L.	614a9b97be	Revert "Update index.yaml" This reverts commit `e235a9dd46`.	2024-08-19 15:08:12 +02:00
szaimen	e235a9dd46	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-08-19 13:03:18 +00:00
szaimen	b8b0ad99c8	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-08-08 09:10:12 +00:00
szaimen	2e28033838	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-07-25 07:48:24 +00:00
szaimen	cd08be3551	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-07-18 06:49:41 +00:00
szaimen	57e3e5c66f	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-07-01 09:24:12 +00:00
szaimen	9e309e97e8	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-06-17 09:03:01 +00:00
szaimen	2b2d1ce764	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-06-06 08:02:39 +00:00
Simon L.	e6dadecd15	Revert "Update index.yaml" This reverts commit `19a221205d`.	2024-05-21 15:05:09 +02:00
szaimen	19a221205d	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-05-21 12:11:59 +00:00
szaimen	5ecb856959	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-05-02 10:52:50 +00:00
szaimen	c2761f24f5	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-04-24 10:17:55 +00:00
szaimen	1adf679e18	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-04-11 12:10:05 +00:00
szaimen	73563b69b6	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-04-04 09:38:02 +00:00
szaimen	e4034ac013	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-04-04 09:26:34 +00:00
szaimen	060f6aeb1f	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-03-26 13:20:18 +00:00
szaimen	9326394386	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-03-21 08:11:15 +00:00
szaimen	88da974922	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-03-08 09:36:30 +00:00
szaimen	a41ca6c341	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-02-28 19:30:19 +00:00
szaimen	cc5129c6b3	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-02-28 11:31:05 +00:00
szaimen	7cf0b6437c	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-02-23 18:58:07 +00:00
szaimen	a2cc883d9a	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-02-01 14:53:58 +00:00
szaimen	365a4dab8a	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-02-01 12:57:41 +00:00
Simon L	39b9765f52	Revert "Update index.yaml" This reverts commit `63165d1910`.	2024-02-01 13:40:09 +01:00
szaimen	63165d1910	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-02-01 12:37:03 +00:00
szaimen	c722eae2b1	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-01-24 12:26:17 +00:00
szaimen	5761af59f8	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-01-17 09:01:07 +00:00
szaimen	542277a615	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-01-09 12:32:52 +00:00
szaimen	dec906e92b	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-12-20 15:40:32 +00:00
szaimen	9021b608b4	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-12-12 12:02:53 +00:00
szaimen	8697e39be0	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-12-07 12:22:35 +00:00
szaimen	873aba9cf7	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-12-07 11:35:38 +00:00
szaimen	5990aaa8d8	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-12-07 08:23:56 +00:00
szaimen	b01a999081	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-30 08:20:39 +00:00
szaimen	bb4c1954a0	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-23 18:37:06 +00:00
szaimen	cf83598dc5	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-23 14:29:04 +00:00
szaimen	b2d35138ea	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-23 11:08:33 +00:00
szaimen	378ddfffa4	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-23 09:57:20 +00:00
szaimen	c73a6d77e7	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-23 08:48:20 +00:00
szaimen	3f56b3b710	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-21 18:10:38 +00:00
szaimen	a6108e394b	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-21 15:41:33 +00:00
szaimen	d03d413060	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-21 10:46:03 +00:00
szaimen	98bcc39683	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-17 10:03:32 +00:00
szaimen	8861c16685	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-16 20:38:57 +00:00
szaimen	47f81a40f9	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-13 13:26:34 +00:00
szaimen	ea6383f4d9	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-13 13:11:06 +00:00
szaimen	47dc35a60c	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-13 13:05:29 +00:00
szaimen	a04d40db8a	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-08 10:30:24 +00:00
szaimen	17ee039b6a	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-06 20:47:57 +00:00
szaimen	8ef2ca3064	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-06 15:09:33 +00:00
szaimen	6264490965	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-06 15:09:08 +00:00
szaimen	6de6549f18	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-06 15:08:12 +00:00
szaimen	2733056d0d	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-06 15:07:48 +00:00
szaimen	da012b4c21	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-06 13:28:53 +00:00
szaimen	2d0dfe5ef0	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-10-30 13:08:41 +00:00
szaimen	8e01eb665a	Publishing chart package for helm-chart-7.5.1 Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-10-30 13:08:39 +00:00
szaimen	f8c0737350	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-10-27 11:27:53 +00:00
szaimen	8260b7f745	Publishing chart package for helm-chart-7.5.0 Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-10-27 11:27:52 +00:00
szaimen	41ba7cc1c6	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-10-16 08:27:09 +00:00
szaimen	be4e99f61c	Publishing chart package for helm-chart-7.4.1 Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-10-16 08:27:07 +00:00
szaimen	adbebb4a4c	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-09-16 12:40:49 +00:00
szaimen	f12e5b244e	Publishing chart package for helm-chart-7.2.1 Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-09-16 12:40:48 +00:00
szaimen	fd31fc0a32	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-09-12 08:55:15 +00:00
szaimen	1a6a7acce6	Publishing chart package for helm-chart-7.1.1 Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-09-12 08:55:13 +00:00
szaimen	30778fcc07	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-08-17 07:28:19 +00:00
szaimen	17f71a128c	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-07-28 09:41:57 +00:00
szaimen	e72bfd6c34	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-07-20 14:07:23 +00:00
szaimen	b32a8230cb	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-06-26 10:34:47 +00:00
szaimen	564a0366b2	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-06-13 12:14:24 +00:00
szaimen	efa350e2d0	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-06-13 08:12:10 +00:00
szaimen	0a1aa673a7	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-06-06 07:20:26 +00:00
szaimen	f047678b43	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-05-30 10:38:18 +00:00
szaimen	d17bb88086	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-05-11 09:49:06 +00:00
szaimen	d83a996d0d	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-05-01 12:16:52 +00:00
Simon L	f4f36e8a52	adjust the readme Signed-off-by: Simon L <szaimen@e.mail.de>	2023-04-22 11:51:39 +02:00
szaimen	55ac1c4fa4	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-04-22 09:46:22 +00:00
szaimen	180e0246b8	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-04-14 13:50:10 +00:00
szaimen	c7fa53b02f	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-03-30 09:28:19 +00:00