increase to 9.4.0

Signed-off-by: Simon L. <szaimen@e.mail.de>

.github/workflows/php-deprecation-detector.yml

@@ -28,7 +28,6 @@ jobs:
         run: |
           set -x
           cd php
-          composer global require wapmorgan/php-deprecation-detector dev-master
           composer install
           composer run php-deprecation-detector | tee -i ./phpdd.log
           if grep "Total issues:" ./phpdd.log; then

.github/workflows/psalm-update-baseline.yml

@@ -23,9 +23,8 @@ jobs:
         run: |
           set -x
           cd php
-          composer global require vimeo/psalm --prefer-dist --no-progress --dev
           composer install
-          composer run psalm -- --monochrome --no-progress --output-format=text --update-baseline
+          composer run psalm:update-baseline
           git clean -f lib/composer
           git checkout composer.json composer.lock lib/composer
         continue-on-error: true

.github/workflows/psalm.yml

@@ -42,6 +42,5 @@ jobs:
         run: |
           set -x
           cd php
-          composer global require vimeo/psalm --prefer-dist --no-progress --dev
           composer install
           composer run psalm

.github/workflows/twig-lint.yml

@@ -13,7 +13,7 @@ on:
 permissions:
   contents: read
 
-concurrency: 
+concurrency:
   group: lint-twig-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
@@ -36,7 +36,5 @@ jobs:
       - name: twig lint
         run: |
           cd php
-          composer require sserbin/twig-linter:@dev --no-progress --dev
           composer install
-          chmod +x ./vendor/bin/twig-linter
-          ./vendor/bin/twig-linter lint ./templates
+          composer run lint:twig

.gitignore

@@ -1,8 +1,13 @@
 .DS_Store
-/php/data/containers.json
-/php/data/configuration.json
-/php/data/backupsecret.json
+.idea/
+*.iml
+
+/php/data/*
+/php/session/*
+!/php/data/.gitkeep
+!/php/session/.gitkeep
 /php/vendor
+
 /manual-install/*.conf
 !/manual-install/sample.conf
 /manual-install/docker-compose.yml

Containers/apache/Dockerfile

@@ -2,7 +2,7 @@
 FROM caddy:2.8.4-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
-FROM httpd:2.4.61-alpine3.20
+FROM httpd:2.4.62-alpine3.20
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 

Containers/borgbackup/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.20.1
+FROM alpine:3.20.2
 
 RUN set -ex; \
     \

Containers/clamav/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.3/alpine/Dockerfile
-FROM clamav/clamav:1.3.1-60
+FROM clamav/clamav:1.3.1-61
 
 COPY clamav.conf /clamav.conf
 COPY --chmod=775 start.script /start.script

Containers/domaincheck/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.20.1
+FROM alpine:3.20.2
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash lighttpd netcat-openbsd; \

Containers/imaginary/Dockerfile

@@ -13,7 +13,7 @@ RUN set -ex; \
         build-base; \
     go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
 
-FROM alpine:3.20.1
+FROM alpine:3.20.2
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache \

Containers/mastercontainer/.idea/.gitignore

@@ -1,8 +0,0 @@
-# Default ignored files
-/shelf/
-/workspace.xml
-# Datasource local storage ignored files
-/dataSources/
-/dataSources.local.xml
-# Editor-based HTTP Client requests
-/httpRequests/

Containers/mastercontainer/.idea/mastercontainer.iml

@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module type="JAVA_MODULE" version="4">
-  <component name="NewModuleRootManager" inherit-compiler-output="true">
-    <exclude-output />
-    <content url="file://$MODULE_DIR$" />
-    <orderEntry type="inheritedJdk" />
-    <orderEntry type="sourceFolder" forTests="false" />
-  </component>
-</module>

Containers/mastercontainer/.idea/misc.xml

@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectRootManager">
-    <output url="file://$PROJECT_DIR$/out" />
-  </component>
-</project>

Containers/mastercontainer/.idea/modules.xml

@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectModuleManager">
-    <modules>
-      <module fileurl="file://$PROJECT_DIR$/.idea/mastercontainer.iml" filepath="$PROJECT_DIR$/.idea/mastercontainer.iml" />
-    </modules>
-  </component>
-</project>

Containers/mastercontainer/.idea/vcs.xml

@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="VcsDirectoryMappings">
-    <mapping directory="$PROJECT_DIR$/../.." vcs="Git" />
-  </component>
-</project>

Containers/mastercontainer/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:27.0.3-cli AS docker
+FROM docker:27.1.1-cli AS docker
 
 # Caddy is a requirement
 FROM caddy:2.8.4-alpine AS caddy

Containers/nextcloud/entrypoint.sh

@@ -295,7 +295,6 @@ DATADIR_PERMISSION_CONF
                 php /var/www/html/occ app:disable updatenotification
                 rm -rf /var/www/html/apps/updatenotification
                 php /var/www/html/occ app:enable nextcloud-aio --force
-                php /var/www/html/occ db:add-missing-indices
                 php /var/www/html/occ db:add-missing-columns
                 php /var/www/html/occ db:add-missing-primary-keys
                 yes | php /var/www/html/occ db:convert-filecache-bigint
@@ -423,12 +422,12 @@ DATADIR_PERMISSION_CONF
             # Apply optimization
             echo "Doing some optimizations..."
             php /var/www/html/occ maintenance:repair
-            php /var/www/html/occ db:add-missing-indices
-            php /var/www/html/occ db:add-missing-columns
-            php /var/www/html/occ db:add-missing-primary-keys
-            yes | php /var/www/html/occ db:convert-filecache-bigint
-            php /var/www/html/occ maintenance:mimetype:update-js
-            php /var/www/html/occ maintenance:mimetype:update-db
+            if [ "$NEXTCLOUD_SKIP_DATABASE_OPTIMIZATION" != yes ]; then
+                php /var/www/html/occ db:add-missing-indices
+                php /var/www/html/occ db:add-missing-columns
+                php /var/www/html/occ db:add-missing-primary-keys
+                yes | php /var/www/html/occ db:convert-filecache-bigint
+            fi
         fi
     fi
 
@@ -504,9 +503,10 @@ if [ -n "$SERVERINFO_TOKEN" ] && [ -z "$(php /var/www/html/occ config:app:get se
     php /var/www/html/occ config:app:set serverinfo token --value="$SERVERINFO_TOKEN"
 fi
 # Set maintenance window so that no warning is shown in the admin overview
-if [ -z "$(php /var/www/html/occ config:system:get maintenance_window_start)" ]; then
-    php /var/www/html/occ config:system:set maintenance_window_start --type=int --value=100
+if [ -z "$NEXTCLOUD_MAINTENANCE_WINDOW" ]; then
+    NEXTCLOUD_MAINTENANCE_WINDOW=100
 fi
+php /var/www/html/occ config:system:set maintenance_window_start --type=int --value="$NEXTCLOUD_MAINTENANCE_WINDOW"
 
 # Apply network settings
 echo "Applying network settings..."

Containers/notify-push/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM alpine:3.20.1
+FROM alpine:3.20.2
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

Containers/talk/Dockerfile

@@ -2,7 +2,7 @@
 FROM nats:2.10.18-scratch AS nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:1.3.2 AS signaling
-FROM alpine:3.20.1 AS janus
+FROM alpine:3.20.2 AS janus
 
 ARG JANUS_VERSION=v0.14.3
 WORKDIR /src
@@ -34,7 +34,7 @@ RUN set -ex; \
     make configs; \
     rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
 
-FROM alpine:3.20.1
+FROM alpine:3.20.2
 ENV ETURNAL_ETC_DIR="/conf"
 COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local
 COPY --from=eturnal   --chmod=777 --chown=1000:1000 /opt/eturnal                        /opt/eturnal

Containers/watchtower/Dockerfile

@@ -2,7 +2,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.7.1 AS watchtower
 
-FROM alpine:3.20.1
+FROM alpine:3.20.2
 
 RUN apk upgrade --no-cache -a; \
     apk add --no-cache bash

nextcloud-aio-helm-chart/templates/nextcloud-aio-networkpolicy.yaml

@@ -0,0 +1,20 @@
+{{- if eq .Values.NETWORK_POLICY_ENABLED "yes" }}
+# https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/04-deny-traffic-from-other-namespaces.md
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  namespace: "{{ .Values.NAMESPACE }}"
+  name: nextcloud-aio-deny-from-other-namespaces
+spec:
+  podSelector:
+    matchLabels:
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+  - from:
+    - podSelector: {}
+  egress:
+  - to:
+    - podSelector: {}
+{{- end }}

nextcloud-aio-helm-chart/update-helm.sh

@@ -290,6 +290,8 @@ cat << EOL > /tmp/additional.config
               value: "{{ .Values.SERVERINFO_TOKEN }}"
             - name: NEXTCLOUD_DEFAULT_QUOTA
               value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}"
+            - name: NEXTCLOUD_MAINTENANCE_WINDOW
+              value: "{{ .Values.NEXTCLOUD_MAINTENANCE_WINDOW }}"
 EOL
 # shellcheck disable=SC1083
 find ./ -name '*nextcloud-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional.config"  \{} \;
@@ -315,6 +317,29 @@ find ./ -name '*talk-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additiona
 # shellcheck disable=SC1083
 find ./ -name '*deployment.yaml' -exec sed -i '/image: nextcloud/s/$/"/;s|image: nextcloud/|image: "{{ .Values.IMAGE_MIRROR_PREFIX }}{{ .Values.NEXTCLOUD_IMAGE_ORG }}/|;' \{} \;
 
+cat << EOL > templates/nextcloud-aio-networkpolicy.yaml
+{{- if eq .Values.NETWORK_POLICY_ENABLED "yes" }}
+# https://github.com/ahmetb/kubernetes-network-policy-recipes/blob/master/04-deny-traffic-from-other-namespaces.md
+kind: NetworkPolicy
+apiVersion: networking.k8s.io/v1
+metadata:
+  namespace: "{{ .Values.NAMESPACE }}"
+  name: nextcloud-aio-deny-from-other-namespaces
+spec:
+  podSelector:
+    matchLabels:
+  policyTypes:
+    - Ingress
+    - Egress
+  ingress:
+  - from:
+    - podSelector: {}
+  egress:
+  - to:
+    - podSelector: {}
+{{- end }}
+EOL
+
 cd ../
 mkdir -p ../helm-chart/
 rm latest/Chart.yaml
@@ -355,12 +380,14 @@ cat << ADDITIONAL_CONFIG >> /tmp/sample.conf
 
 NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
 NAMESPACE_DISABLED: "no"        # By setting this to "yes", you can disabled the creation of the namespace so that you can use a pre-created one
+NETWORK_POLICY_ENABLED: "no"        # By setting this to "yes", you can enable a network policy that limits network access to the same namespace. ⚠️ Attention: this breaks if you use an ingress!!! So it should be disabled if you do so!
 SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
 SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
 ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
 ADDITIONAL_TRUSTED_DOMAIN:        # Allows to add one domain to Nextcloud's trusted domains and also generates a certificate automatically for it
 NEXTCLOUD_DEFAULT_QUOTA: "10 GB"       # Allows to adjust the default quota that will be taken into account in Nextcloud for new users. Setting it to "unlimited" will set it to unlimited
+NEXTCLOUD_MAINTENANCE_WINDOW:        # Allows to define the maintenance window for Nextcloud. See https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/background_jobs_configuration.html#parameters for possible values
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
 SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
 SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.

nextcloud-aio-helm-chart/values.yaml

@@ -49,6 +49,7 @@ REDIS_STORAGE_SIZE: 1Gi       # You can change the size of the redis volume that
 
 NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
 NAMESPACE_DISABLED: "no"        # By setting this to "yes", you can disabled the creation of the namespace so that you can use a pre-created one
+NETWORK_POLICY_ENABLED: "no"        # By setting this to "yes", you can enable a network policy that limits network access to the same namespace. ⚠️ Attention: this breaks if you use an ingress!!! So it should be disabled if you do so!
 SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
 SERVERINFO_TOKEN:        # This allows to set the serverinfo app token for monitoring your Nextcloud via the serverinfo app
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'

php/.gitignore

@@ -1,3 +0,0 @@
-/php/data/configuration.json
-/php/data/containers.json
-

php/.idea/.gitignore

@@ -1,8 +0,0 @@
-# Default ignored files
-/shelf/
-/workspace.xml
-# Datasource local storage ignored files
-/dataSources/
-/dataSources.local.xml
-# Editor-based HTTP Client requests
-/httpRequests/

php/.idea/aio.iml

@@ -1,34 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module type="WEB_MODULE" version="4">
-  <component name="NewModuleRootManager">
-    <content url="file://$MODULE_DIR$">
-      <sourceFolder url="file://$MODULE_DIR$/src" isTestSource="false" packagePrefix="AIO\" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/psr/http-server-middleware" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/guzzlehttp/psr7" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/psr/log" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/guzzlehttp/guzzle" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/psr/http-client" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/psr/http-message" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/guzzlehttp/promises" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/psr/http-factory" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/psr/container" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/http-interop/http-factory-guzzle" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/psr/http-server-handler" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/slim/slim" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/ralouphie/getallheaders" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/nikic/fast-route" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/composer" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/opis/closure" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/php-di/slim-bridge" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/php-di/invoker" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/php-di/php-di" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/php-di/phpdoc-reader" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/slim/twig-view" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/symfony/polyfill-mbstring" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/twig/twig" />
-      <excludeFolder url="file://$MODULE_DIR$/vendor/symfony/polyfill-ctype" />
-    </content>
-    <orderEntry type="inheritedJdk" />
-    <orderEntry type="sourceFolder" forTests="false" />
-  </component>
-</module>

php/.idea/modules.xml

@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectModuleManager">
-    <modules>
-      <module fileurl="file://$PROJECT_DIR$/.idea/aio.iml" filepath="$PROJECT_DIR$/.idea/aio.iml" />
-    </modules>
-  </component>
-</project>

php/.idea/php.xml

@@ -1,34 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="PhpIncludePathManager">
-    <include_path>
-      <path value="$PROJECT_DIR$/vendor/psr/http-server-middleware" />
-      <path value="$PROJECT_DIR$/vendor/guzzlehttp/psr7" />
-      <path value="$PROJECT_DIR$/vendor/psr/log" />
-      <path value="$PROJECT_DIR$/vendor/guzzlehttp/guzzle" />
-      <path value="$PROJECT_DIR$/vendor/psr/http-client" />
-      <path value="$PROJECT_DIR$/vendor/psr/http-message" />
-      <path value="$PROJECT_DIR$/vendor/guzzlehttp/promises" />
-      <path value="$PROJECT_DIR$/vendor/psr/http-factory" />
-      <path value="$PROJECT_DIR$/vendor/psr/container" />
-      <path value="$PROJECT_DIR$/vendor/http-interop/http-factory-guzzle" />
-      <path value="$PROJECT_DIR$/vendor/psr/http-server-handler" />
-      <path value="$PROJECT_DIR$/vendor/slim/slim" />
-      <path value="$PROJECT_DIR$/vendor/ralouphie/getallheaders" />
-      <path value="$PROJECT_DIR$/vendor/nikic/fast-route" />
-      <path value="$PROJECT_DIR$/vendor/composer" />
-      <path value="$PROJECT_DIR$/vendor/opis/closure" />
-      <path value="$PROJECT_DIR$/vendor/php-di/slim-bridge" />
-      <path value="$PROJECT_DIR$/vendor/php-di/invoker" />
-      <path value="$PROJECT_DIR$/vendor/php-di/php-di" />
-      <path value="$PROJECT_DIR$/vendor/php-di/phpdoc-reader" />
-      <path value="$PROJECT_DIR$/vendor/slim/twig-view" />
-      <path value="$PROJECT_DIR$/vendor/symfony/polyfill-mbstring" />
-      <path value="$PROJECT_DIR$/vendor/twig/twig" />
-      <path value="$PROJECT_DIR$/vendor/symfony/polyfill-ctype" />
-    </include_path>
-  </component>
-  <component name="PhpProjectSharedConfiguration" php_language_level="7.4">
-    <option name="suggestChangeDefaultLanguageLevel" value="false" />
-  </component>
-</project>

php/.idea/vcs.xml

@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="VcsDirectoryMappings">
-    <mapping directory="$PROJECT_DIR$/.." vcs="Git" />
-  </component>
-</project>

php/README.md

@@ -4,13 +4,60 @@ This is the code for the PHP Docker controller.
 
 ## How to run
 
-Running this locally requires Docker Engine on the same machine. 
-If this is the case, just execute the following command:
+Running this locally requires :
 
-```
-composer install --no-dev
-cd public/
-php -S 0.0.0.0:8080
+### 1. Install the development environment
+
+This project uses Composer as dependency management software. It is very similar to NPM.
+The command to install all dependencies is:
+
+```bash
+composer install
 ```
 
-You can then access the web interface at `localhost:8080`.
+### 2. Access to docker socket
+
+The `root` user has all privileges including access to the Docker socket. 
+But **it is not recommended to launch the local instance with full privileges**, consider the docker group for docker access without being `root`.
+See https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user
+
+### 3. Run a `nextcloud-aio-mastercontainer` container
+
+This application manages containers, including its own container.
+So you need to run a `nextcloud-aio-mastercontainer` container for the application to work properly.
+
+Here is a command to quickly launch a container :
+
+```bash
+docker run \
+--rm \
+--name nextcloud-aio-mastercontainer \
+--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config \
+nextcloud/all-in-one:latest
+```
+
+### 4. Start your server
+
+With this command you will launch the server:
+
+```bash
+# Make sure to launch this command with a user having access to the docker socket.
+SKIP_DOMAIN_VALIDATION=true composer run dev
+```
+
+You can then access the web interface at http://localhost:8080.
+
+Note: You can restart the server by preceding the command with other environment variables.
+
+## Composer routine
+
+| Command                                 | Description                            |
+|-----------------------------------------|----------------------------------------|
+| `composer run dev`                      | Starts the development server          |
+| `composer run psalm`                    | Run Psalm static analysis              |
+| `composer run psalm:update-baseline`    | Run Psalm with `--update-baseline` arg |
+| `composer run lint`                     | Run PHP Syntax check                   |
+| `composer run lint:twig`                | Run Twig Syntax check                  |
+| `composer run php-deprecation-detector` | Run PHP Deprecation Detector           |
+
+

php/composer.json

@@ -1,6 +1,6 @@
 {
     "autoload": {
-        "psr-4": { 
+        "psr-4": {
             "AIO\\": ["src/"]
         }
     },
@@ -18,10 +18,20 @@
         "slim/csrf": "^1.3",
         "ext-apcu": "*"
     },
+    "require-dev": {
+        "sserbin/twig-linter": "@dev",
+        "vimeo/psalm": "^5.25",
+        "wapmorgan/php-deprecation-detector": "dev-master"
+    },
     "scripts": {
+        "dev": [
+            "Composer\\Config::disableProcessTimeout",
+            "php -S localhost:8080 -t public"
+        ],
 		"psalm": "psalm --threads=1",
-		"psalm:update-baseline": "psalm --threads=1 --update-baseline",
-		"lint": "find . -name \\*.php -not -path './vendor/*' -exec php -l {} \\;",
-		"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.3 \\;"
+		"psalm:update-baseline": "psalm --threads=1 --monochrome --no-progress --output-format=text --update-baseline",
+		"lint": "php -l src/*.php src/**/*.php public/index.php",
+		"lint:twig": "twig-linter lint ./templates",
+		"php-deprecation-detector": "phpdd scan -n -t 8.3 src/*.php src/**/*.php public/index.php"
 	}
 }

php/templates/containers.twig

@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v9.3.0</h1>
+        <h1>Nextcloud AIO v9.4.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

readme.md

@@ -629,7 +629,7 @@ By default, the Nextcloud container is confined and cannot access directories on
 
 After using this option, please make sure to apply the correct permissions to the directories that you want to use in Nextcloud. E.g. `sudo chown -R 33:0 /mnt/your-drive-mountpoint` and `sudo chmod -R 750 /mnt/your-drive-mountpoint` should make it work on Linux when you have used `--env NEXTCLOUD_MOUNT="/mnt/"`. On Windows you could do this e.g. with `docker exec -it nextcloud-aio-nextcloud chown -R 33:0 /run/desktop/mnt/host/d/your-folder/` and `docker exec -it nextcloud-aio-nextcloud chmod -R 750 /run/desktop/mnt/host/d/your-folder/`.
 
-You can then navigate to the apps management page, activate the external storage app, navigate to `https://your-nc-domain.com/settings/admin/externalstorages` and add a local external storage directory that will be accessible inside the container at the same place that you've entered. E.g. `/mnt/your-drive-mountpoint` will be mounted to `/mnt/your-drive-mountpoint` inside the container, etc. 
+You can then navigate to `https://your-nc-domain.com/settings/apps/disabled`, activate the external storage app, navigate to `https://your-nc-domain.com/settings/admin/externalstorages` and add a local external storage directory that will be accessible inside the container at the same place that you've entered. E.g. `/mnt/your-drive-mountpoint` will be mounted to `/mnt/your-drive-mountpoint` inside the container, etc. 
 
 Be aware though that these locations will not be covered by the built-in backup solution - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.