just exclude the whole dir on restore

Signed-off-by: Simon L <szaimen@e.mail.de>

.github/workflows/nextcloud-update.yml

@@ -57,8 +57,8 @@ jobs:
             | sort -V \
             | tail -1
         )"
-        sed -i "s|pecl install imagick.*\;|pecl install imagick-$imagick_version\;|" ./Containers/nextcloud/Dockerfile
-        
+        sed -i "s|pecl install imagick.*|pecl install imagick-$imagick_version >/dev/null|" ./Containers/nextcloud/start.sh
+
         # Nextcloud
         NC_MAJOR="$(grep "ENV NEXTCLOUD_VERSION" ./Containers/nextcloud/Dockerfile | grep -oP '[23][0-9]')"
         NCVERSION=$(curl -s -m 900 https://download.nextcloud.com/server/releases/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | grep "$NC_MAJOR" | sort --version-sort | tail -1)

.github/workflows/php-deprecation-detector.yml

@@ -0,0 +1,29 @@
+name: PHP Deprecation Detector
+# See https://github.com/wapmorgan/PhpDeprecationDetector
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  psalm:
+    name: PHP Deprecation Detector
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up php8.0
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 8.0
+          extensions: apcu
+          coverage: none
+
+      - name: Run script
+        run: |
+          set -x
+          cd php
+          composer global require wapmorgan/php-deprecation-detector dev-master
+          composer install
+          composer run php-deprecation-detector

Containers/apache/Dockerfile

@@ -1,7 +1,7 @@
 # Caddy is a requirement
 FROM caddy:2.6.2-alpine as caddy
 
-FROM debian:bullseye-20221024-slim
+FROM debian:bullseye-20221114-slim
 
 RUN mkdir -p /mnt/data; \
     chown www-data:www-data /mnt/data;

Containers/borgbackup/Dockerfile

@@ -1,4 +1,4 @@
-FROM debian:bullseye-20221024-slim
+FROM debian:bullseye-20221114-slim
 
 RUN set -ex; \
     \

Containers/borgbackup/backupscript.sh

@@ -262,6 +262,8 @@ if [ "$BORG_MODE" = restore ]; then
     --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
     --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
     --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \
+    --exclude "nextcloud_aio_apache/caddy/"** \
+    --exclude "nextcloud_aio_mastercontainer/caddy/"** \
     /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes; then
         echo "Something failed while restoring from backup."
         umount /tmp/borg

Containers/collabora/Dockerfile

@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.7.2.1
+FROM collabora/code:22.05.8.2.1
 
 USER root
 

Containers/domaincheck/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.16.2
+FROM alpine:3.16.3
 RUN apk add --update --no-cache lighttpd bash curl netcat-openbsd
 
 RUN adduser -S www-data -G www-data

Containers/imaginary/Dockerfile

@@ -1,5 +1,5 @@
 # From https://github.com/h2non/imaginary/blob/master/Dockerfile
-FROM nextcloud/imaginary:20221003
+FROM nextcloud/imaginary:20221101
 
 USER root
 RUN set -ex; \
@@ -13,4 +13,6 @@ RUN set -ex; \
     rm -rf /var/lib/apt/lists/*
 USER nobody
 
+ENTRYPOINT ["/usr/local/bin/imaginary", "-return-size"]
+
 HEALTHCHECK CMD nc -z localhost 9000 || exit 1

Containers/mastercontainer/cron.sh

@@ -13,14 +13,14 @@ while true; do
             export START_CONTAINERS=1
         fi
         set +x
+        if [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
+            export LOCK_FILE_PRESENT=1
+        else
+            export LOCK_FILE_PRESENT=0
+        fi
     else
         export BACKUP_TIME="04:00"
         export DAILY_BACKUP=0
-    fi
-
-    if [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
-        export LOCK_FILE_PRESENT=1
-    else
         export LOCK_FILE_PRESENT=0
     fi
 
@@ -41,6 +41,9 @@ while true; do
     # Check for updates and send notification if yes
     sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateNotification.php
 
+    # Check if AIO is outdated
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/OutdatedNotification.php
+
     # Remove sessions older than 24h
     find "/mnt/docker-aio-config/session/" -mindepth 1 -mmin +1440 -delete
 

Containers/mastercontainer/start.sh

@@ -120,6 +120,14 @@ It is set to '$NEXTCLOUD_MAX_TIME'."
         exit 1
     fi
 fi
+if [ -n "$NEXTCLOUD_MEMORY_LIMIT" ]; then
+    if ! echo "$NEXTCLOUD_MEMORY_LIMIT" | grep -q '^[0-9]\+M$'; then
+        echo "You've set NEXTCLOUD_MEMORY_LIMIT but not to an allowed value.
+The string must start with a number and end with 'M'.
+It is set to '$NEXTCLOUD_MEMORY_LIMIT'."
+        exit 1
+    fi
+fi
 if [ -n "$APACHE_PORT" ]; then
     if ! check_if_number "$APACHE_PORT"; then
         echo "You provided an Apache port but did not only use numbers.
@@ -161,11 +169,35 @@ It is set to '$DOCKER_SOCKET_PATH'."
         exit 1
     fi
 fi
-if [ -n "$TRUSTED_CACERTS_DIR" ]; then
-    if ! echo "$TRUSTED_CACERTS_DIR" | grep -q "^/" || echo "$TRUSTED_CACERTS_DIR" | grep -q "/$"; then
-        echo "You've set TRUSTED_CACERTS_DIR but not to an allowed value.
+if [ -n "$NEXTCLOUD_TRUSTED_CACERTS_DIR" ]; then
+    if ! echo "$NEXTCLOUD_TRUSTED_CACERTS_DIR" | grep -q "^/" || echo "$NEXTCLOUD_TRUSTED_CACERTS_DIR" | grep -q "/$"; then
+        echo "You've set NEXTCLOUD_TRUSTED_CACERTS_DIR but not to an allowed value.
 It should be an absolute path to a directory that starts with '/' but not end with '/'.
-It is set to '$TRUSTED_CACERTS_DIR '."
+It is set to '$NEXTCLOUD_TRUSTED_CACERTS_DIR '."
+        exit 1
+    fi
+fi
+if [ -n "$NEXTCLOUD_STARTUP_APPS" ]; then
+    if ! echo "$NEXTCLOUD_STARTUP_APPS" | grep -q "^[a-z _-]\+$"; then
+        echo "You've set NEXTCLOUD_STARTUP_APPS but not to an allowed value.
+It needs to be a string. Allowed are small letters a-z, spaces, hyphens and '_'.
+It is set to '$NEXTCLOUD_STARTUP_APPS'."
+        exit 1
+    fi
+fi
+if [ -n "$NEXTCLOUD_ADDITIONAL_APKS" ]; then
+    if ! echo "$NEXTCLOUD_ADDITIONAL_APKS" | grep -q "^[a-z0-9 ._-]\+$"; then
+        echo "You've set NEXTCLOUD_ADDITIONAL_APKS but not to an allowed value.
+It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens, dots and '_'.
+It is set to '$NEXTCLOUD_ADDITIONAL_APKS'."
+        exit 1
+    fi
+fi
+if [ -n "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" ]; then
+    if ! echo "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" | grep -q "^[a-z0-9 ._-]\+$"; then
+        echo "You've set NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS but not to an allowed value.
+It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens, dots and '_'.
+It is set to '$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS'."
         exit 1
     fi
 fi

Containers/nextcloud/Dockerfile

@@ -39,7 +39,6 @@ RUN set -ex; \
         openldap-dev \
         pcre-dev \
         postgresql-dev \
-        imagemagick-dev \
         libwebp-dev \
         gmp-dev \
     ; \
@@ -64,13 +63,11 @@ RUN set -ex; \
     pecl install APCu-5.1.22; \
     pecl install memcached-3.2.0; \
     pecl install redis-5.3.7; \
-    pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \
         apcu \
         memcached \
         redis \
-        imagick \
     ; \
     rm -r /tmp/pear; \
     \
@@ -107,7 +104,7 @@ RUN { \
 
 VOLUME /var/www/html
 
-ENV NEXTCLOUD_VERSION 24.0.6
+ENV NEXTCLOUD_VERSION 24.0.7
 
 RUN set -ex; \
     apk add --no-cache --virtual .fetch-deps \
@@ -144,7 +141,6 @@ RUN set -ex; \
     \
     apk add --no-cache \
         ffmpeg \
-        imagemagick \
         procps \
         samba-client \
         supervisor \
@@ -231,12 +227,14 @@ RUN set -ex; \
 
 COPY start.sh /
 COPY notify.sh /
+COPY notify-all.sh /
 RUN set -ex; \
     chmod +x /start.sh && \
     chmod +x /entrypoint.sh && \
     chmod +r /upgrade.exclude && \
     chmod +x /cron.sh && \
     chmod +x /notify.sh && \
+    chmod +x /notify-all.sh && \
     chmod +x /activate-collabora.sh
 
 RUN set -ex; \

Containers/nextcloud/entrypoint.sh

@@ -85,6 +85,13 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
         # Check if it skips a major version
         INSTALLED_MAJOR="${installed_version%%.*}"
         IMAGE_MAJOR="${image_version%%.*}"
+        
+        if [ "$installed_version" != "0.0.0.0" ]; then
+            # Write output to logfile.
+            exec > >(tee -i "/var/www/html/data/update.log")
+            exec 2>&1
+        fi
+
         if [ "$installed_version" != "0.0.0.0" ] && [ "$((IMAGE_MAJOR - INSTALLED_MAJOR))" -gt 1 ]; then
             set -ex
             NEXT_MAJOR="$((INSTALLED_MAJOR + 1))"
@@ -133,7 +140,19 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             php /var/www/html/occ maintenance:mode --off
 
             echo "Getting and backing up the status of apps for later, this might take a while..."
-            php /var/www/html/occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
+            NC_APPS="$(find /var/www/html/custom_apps/ -type d -maxdepth 1 -mindepth 1 | sed 's|/var/www/html/custom_apps/||g')"
+            if [ -z "$NC_APPS" ]; then
+                echo "No apps detected, aborting export of app status..."
+                APPSTORAGE="no-export-done"
+            else
+                mapfile -t NC_APPS_ARRAY <<< "$NC_APPS"
+                declare -Ag APPSTORAGE
+                echo "Disabling apps before the update in order to make the update procedure more safe. This can take a while..."
+                for app in "${NC_APPS_ARRAY[@]}"; do
+                    APPSTORAGE[$app]=$(php /var/www/html/occ config:app:get "$app" enabled)
+                    php /var/www/html/occ app:disable "$app"
+                done
+            fi
 
             if [ "$((IMAGE_MAJOR - INSTALLED_MAJOR))" -eq 1 ]; then
                 php /var/www/html/occ config:system:delete app_install_overwrite
@@ -229,22 +248,16 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             # php /var/www/html/occ config:app:set updatenotification notify_groups --value="[]"
 
             # Install some apps by default
-            php /var/www/html/occ app:install twofactor_totp
-            php /var/www/html/occ app:install deck
-            php /var/www/html/occ app:install tasks
-            php /var/www/html/occ app:install calendar
-            php /var/www/html/occ app:install contacts
-            php /var/www/html/occ app:install apporder
+            if [ -n "$STARTUP_APPS" ]; then
+                read -ra STARTUP_APPS_ARRAY <<< "$STARTUP_APPS"
+                for app in "${STARTUP_APPS_ARRAY[@]}"; do
+                    php /var/www/html/occ app:install "$app"
+                done
+            fi
 
         #upgrade
         else
             touch "$NEXTCLOUD_DATA_DIR/update.failed"
-            while [ -n "$(pgrep -f cron.php)" ]
-            do
-                echo "Waiting for Nextclouds cronjob to finish..."
-                sleep 5
-            done
-
             echo "Upgrading nextcloud from $installed_version to $image_version..."
             if ! php /var/www/html/occ upgrade || ! php /var/www/html/occ -V; then
                 echo "Upgrade failed. Please restore from backup."
@@ -255,10 +268,30 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             rm "$NEXTCLOUD_DATA_DIR/update.failed"
             bash /notify.sh "Nextcloud update to $image_version successful!" "Feel free to inspect the Nextcloud container logs for more info."
 
-            php /var/www/html/occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
-            echo "The following apps have been disabled:"
-            diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
-            rm -f /tmp/list_before /tmp/list_after
+            php /var/www/html/occ app:update --all
+
+            # Restore app status
+            if [ "${APPSTORAGE[0]}" != "no-export-done" ]; then
+                echo "Restoring the status of apps. This can take a while..."
+                for app in "${!APPSTORAGE[@]}"; do
+                    if [ -n "${APPSTORAGE[$app]}" ]; then
+                        if [ "${APPSTORAGE[$app]}" != "no" ]; then
+                            echo "Enabling $app..."
+                            if ! php /var/www/html/occ app:enable "$app" >/dev/null; then
+                                echo "$app could not get enabled. Probably because it is not compatible with the new Nextcloud version."
+                                bash /notify.sh "Could not enable the $app after the Nextcloud update!" "Feel free to look at the Nextcloud update logs and force-enable the app again from the app-store UI."
+                                continue
+                            fi
+                            # Only restore the group settings, if the app was enabled (and is thus compatible with the new NC version)
+                            if [ "${APPSTORAGE[$app]}" != "yes" ]; then
+                                php /var/www/html/occ config:app:set "$app" enabled --value="${APPSTORAGE[$app]}"
+                            fi
+                        fi
+                    fi
+                done
+            fi
+
+            php /var/www/html/occ app:update --all
 
             # Apply optimization
             echo "Doing some optimizations..."

Containers/nextcloud/notify-all.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+
+if [[ "$EUID" = 0 ]]; then
+    COMMAND=(sudo -E -u www-data php /var/www/html/occ)
+else
+    COMMAND=(php /var/www/html/occ)
+fi
+
+SUBJECT="$1"
+MESSAGE="$2"
+
+if [ "$("${COMMAND[@]}" config:app:get notifications enabled)" = "no" ]; then
+    echo "Cannot send notification as notification app is not enabled."
+    exit 1
+fi
+
+echo "Posting notifications to all users..."
+NC_USERS=$("${COMMAND[@]}" user:list | sed 's|^  - ||g' | sed 's|:.*||')
+mapfile -t NC_USERS <<< "$NC_USERS"
+for user in "${NC_USERS[@]}"
+do
+    echo "Posting '$SUBJECT' to: $user"
+    "${COMMAND[@]}" notification:generate "$user" "$NC_DOMAIN: $SUBJECT" -l "$MESSAGE"
+done
+
+echo "Done!"
+exit 0

Containers/nextcloud/start.sh

@@ -17,14 +17,16 @@ if [ -f "/var/www/html/config/config.php" ]; then
         echo "Waiting for the database to start..."
         sleep 5
     done
-    # The code below is hopefully not needed anymore. Was introduced with https://github.com/nextcloud/all-in-one/pull/218
-    # sed -i "s|'dbuser'.*=>.*$|'dbuser' => '$POSTGRES_USER',|" /var/www/html/config/config.php
-    # sed -i "s|'dbpassword'.*=>.*$|'dbpassword' => '$POSTGRES_PASSWORD',|" /var/www/html/config/config.php
+    if [ "$POSTGRES_USER" = "oc_nextcloud" ] && echo "$POSTGRES_PASSWORD" | grep -q '^[a-z0-9]\+$'; then
+        # this was introduced with https://github.com/nextcloud/all-in-one/pull/218
+        sed -i "s|'dbuser'.*=>.*$|'dbuser' => '$POSTGRES_USER',|" /var/www/html/config/config.php
+        sed -i "s|'dbpassword'.*=>.*$|'dbpassword' => '$POSTGRES_PASSWORD',|" /var/www/html/config/config.php
+    fi
 fi
 
 # Trust additional Cacerts, if the user provided $TRUSTED_CACERTS_DIR
 if [ -n "$TRUSTED_CACERTS_DIR" ]; then
-    echo "User required to trust additional CA certificates, running 'update-ca-certificates."
+    echo "User required to trust additional CA certificates, running 'update-ca-certificates.'"
     update-ca-certificates
 fi
 
@@ -36,6 +38,77 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
 fi
 sudo -u www-data rm -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
 
+# Install additional dependencies
+if [ -n "$ADDITIONAL_APKS" ]; then
+    if ! [ -f "/additional-apks-are-installed" ]; then
+        read -ra ADDITIONAL_APKS_ARRAY <<< "$ADDITIONAL_APKS"
+        for app in "${ADDITIONAL_APKS_ARRAY[@]}"; do
+            echo "Installing $app via apk..."
+            if ! apk add --no-cache "$app" >/dev/null; then
+                echo "The packet $app was not installed!"
+            fi
+        done
+    fi
+    touch /additional-apks-are-installed
+fi
+
+# Install additional php extensions
+if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
+    if ! [ -f "/additional-php-extensions-are-installed" ]; then
+        read -ra ADDITIONAL_PHP_EXTENSIONS_ARRAY <<< "$ADDITIONAL_PHP_EXTENSIONS"
+        for app in "${ADDITIONAL_PHP_EXTENSIONS_ARRAY[@]}"; do
+            # shellcheck disable=SC2086
+            if [ "$PHP_DEPS_ARE_INSTALLED" != 1 ]; then
+                echo "Installing PHP build dependencies..."
+                if ! apk add --no-cache --virtual .build-deps libxml2-dev imagemagick-dev autoconf $PHPIZE_DEPS >/dev/null; then
+                    echo "Could not install build-deps!"
+                fi
+                PHP_DEPS_ARE_INSTALLED=1
+            fi
+            if [ "$app" = imagick ]; then
+                echo "Installing Imagick via PECL..."
+                pecl install imagick-3.7.0 >/dev/null
+                if ! docker-php-ext-enable imagick >/dev/null; then
+                    echo "Could not install PHP extension imagick!"
+                fi
+            elif [ "$app" = inotify ]; then
+                echo "Installing $app via PECL..."
+                pecl install "$app" >/dev/null
+                if ! docker-php-ext-enable "$app" >/dev/null; then
+                    echo "Could not install PHP extension $app!"
+                fi
+            elif [ "$app" = soap ]; then
+                echo "Installing $app from core..."
+                if ! docker-php-ext-install -j "$(nproc)" "$app" >/dev/null; then
+                    echo "Could not install PHP extension $app!"
+                fi
+            else
+                echo "Installing PHP extension $app ..."
+                if ! docker-php-ext-install -j "$(nproc)" "$app" >/dev/null; then
+                    echo "Could not install $app from core. Trying to install from PECL..."
+                    pecl install "$app" >/dev/null
+                    if ! docker-php-ext-enable "$app" >/dev/null; then
+                        echo "Could also not install $app from PECL. The PHP extensions was not installed!"
+                    fi
+                fi
+            fi
+        done
+        if [ "$PHP_DEPS_ARE_INSTALLED" = 1 ]; then
+            rm -rf /tmp/pear
+            runDeps="$( \
+                scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
+                    | tr ',' '\n' \
+                    | sort -u \
+                    | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
+            )";
+            # shellcheck disable=SC2086
+            apk add --virtual .nextcloud-phpext-rundeps $runDeps >/dev/null
+            apk del .build-deps >/dev/null
+        fi
+    fi
+    touch /additional-php-extensions-are-installed
+fi
+
 # Run original entrypoint
 if ! sudo -E -u www-data bash /entrypoint.sh; then
     exit 1

Containers/postgresql/Dockerfile

@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/postgres/blob/master/13/alpine/Dockerfile
-FROM postgres:14.5-alpine
+FROM postgres:14.6-alpine
 
 RUN apk add --update --no-cache bash openssl shadow netcat-openbsd grep mawk
 

Containers/watchtower/Dockerfile

@@ -1,7 +1,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
-FROM containrrr/watchtower:1.4.0 as watchtower
+FROM containrrr/watchtower:1.5.1 as watchtower
 
-FROM alpine:3.16.2
+FROM alpine:3.16.3
 
 RUN apk add --update --no-cache bash
 COPY --from=watchtower /watchtower /

docker-compose.yml

@@ -11,7 +11,7 @@ services:
     container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed
     volumes:
       - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed
-      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation
+      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'DOCKER_SOCKET_PATH'!
     ports:
       - 80:80 # Can be removed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       - 8080:8080
@@ -19,15 +19,19 @@ services:
     # environment: # Is needed when using any of the options below
       # - APACHE_PORT=11000 # Is needed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a reverse proxy that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-      # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
+      # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
+      # - DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail.
+      # - DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface.
       # - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
       # - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
-      # - DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail.
-      # - DISABLE_BACKUP_SECTION=true # Setting this to true allows to hide the backup section in the AIO interface.
       # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
       # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
-      # - TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
-      # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
+      # - NEXTCLOUD_MEMORY_LIMIT=512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
+      # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
+      # - NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
+      # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container
+      # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
+      # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
   # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588

manual-install/latest-arm64.yml

@@ -58,7 +58,7 @@ services:
       - nextcloud_aio_nextcloud:/var/www/html:rw
       - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
       - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
-      - ${TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
+      - ${NEXTCLOUD_TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
     environment:
       - POSTGRES_HOST=nextcloud-aio-database
       - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
@@ -89,10 +89,14 @@ services:
       - IMAGINARY_ENABLED=${IMAGINARY_ENABLED}
       - IMAGINARY_HOST=nextcloud-aio-imaginary
       - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
+      - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT}
       - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED}
       - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
       - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
-      - TRUSTED_CACERTS_DIR=${TRUSTED_CACERTS_DIR}
+      - TRUSTED_CACERTS_DIR=${NEXTCLOUD_TRUSTED_CACERTS_DIR}
+      - STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
+      - ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS}
+      - ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS}
     stop_grace_period: 10s
     restart: unless-stopped
     networks:

manual-install/latest.yml

@@ -59,7 +59,7 @@ services:
       - nextcloud_aio_nextcloud:/var/www/html:rw
       - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
       - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
-      - ${TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
+      - ${NEXTCLOUD_TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
     environment:
       - POSTGRES_HOST=nextcloud-aio-database
       - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
@@ -92,10 +92,14 @@ services:
       - IMAGINARY_ENABLED=${IMAGINARY_ENABLED}
       - IMAGINARY_HOST=nextcloud-aio-imaginary
       - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
+      - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT}
       - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED}
       - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
       - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
-      - TRUSTED_CACERTS_DIR=${TRUSTED_CACERTS_DIR}
+      - TRUSTED_CACERTS_DIR=${NEXTCLOUD_TRUSTED_CACERTS_DIR}
+      - STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
+      - ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS}
+      - ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS}
     stop_grace_period: 10s
     restart: unless-stopped
     networks:

manual-install/sample.conf

@@ -11,10 +11,15 @@ FULLTEXTSEARCH_ENABLED=no          # Setting this to "yes" enables the option in
 IMAGINARY_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
 JANUS_API_KEY=          # TODO! This needs to be a unique and good password!
 NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
+NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
+NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
 NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!
 NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container
+NEXTCLOUD_MEMORY_LIMIT=512M          # This allows to change the PHP memory limit of the Nextcloud container
 NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
 NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
+NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
+NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container
 ONLYOFFICE_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
 ONLYOFFICE_SECRET=          # TODO! This needs to be a unique and good password!
@@ -23,6 +28,5 @@ SIGNALING_SECRET=          # TODO! This needs to be a unique and good password!
 TALK_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
 TALK_PORT=3478          # This allows to adjust the port that the talk container is using.
 TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.
-TRUSTED_CACERTS_DIR=/path/to/my/cacerts          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 TURN_SECRET=          # TODO! This needs to be a unique and good password!
 UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.

manual-install/update-yaml.sh

@@ -63,9 +63,10 @@ sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES=de_DE en_GB en_US es_ES
 sed -i 's|NEXTCLOUD_DATADIR=|NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!|' sample.conf
 sed -i 's|NEXTCLOUD_MOUNT=|NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!|' sample.conf
 sed -i 's|NEXTCLOUD_UPLOAD_LIMIT=|NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container|' sample.conf
+sed -i 's|NEXTCLOUD_MEMORY_LIMIT=|NEXTCLOUD_MEMORY_LIMIT=512M          # This allows to change the PHP memory limit of the Nextcloud container|' sample.conf
 sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT|' sample.conf
 sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container|' sample.conf
-sed -i 's|TRUSTED_CACERTS_DIR=|TRUSTED_CACERTS_DIR=/path/to/my/cacerts          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
+sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
 sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
 sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.|' sample.conf
 sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf
@@ -75,6 +76,9 @@ sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be chang
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
+sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
+sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
+sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
 
 cat sample.conf

php/composer.json

@@ -21,6 +21,7 @@
     "scripts": {
 		"psalm": "psalm --threads=1",
 		"psalm:update-baseline": "psalm --threads=1 --update-baseline",
-        "lint": "find . -name \\*.php -not -path './vendor/*' -print0 | xargs -0 -n1 php -l"
+		"lint": "find . -name \\*.php -not -path './vendor/*' -exec php -l {} \\;",
+		"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.0 \\;"
 	}
 }

php/composer.lock

@@ -1137,30 +1137,30 @@
         },
         {
             "name": "slim/csrf",
-            "version": "1.2.1",
+            "version": "1.3.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/slimphp/Slim-Csrf.git",
-                "reference": "ee811a258ecee807846aefc51aabc1963ae0a400"
+                "reference": "ebaaf295fd6d7224078d8ae3bba45329b31798c7"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim-Csrf/zipball/ee811a258ecee807846aefc51aabc1963ae0a400",
-                "reference": "ee811a258ecee807846aefc51aabc1963ae0a400",
+                "url": "https://api.github.com/repos/slimphp/Slim-Csrf/zipball/ebaaf295fd6d7224078d8ae3bba45329b31798c7",
+                "reference": "ebaaf295fd6d7224078d8ae3bba45329b31798c7",
                 "shasum": ""
             },
             "require": {
-                "php": "^7.3|^8.0",
+                "php": "^7.4 || ^8.0",
                 "psr/http-factory": "^1.0",
                 "psr/http-message": "^1.0",
                 "psr/http-server-handler": "^1.0",
                 "psr/http-server-middleware": "^1.0"
             },
             "require-dev": {
-                "phpspec/prophecy": "^1.12",
+                "phpspec/prophecy": "^1.15",
                 "phpspec/prophecy-phpunit": "^2.0",
                 "phpunit/phpunit": "^9.5",
-                "squizlabs/php_codesniffer": "^3.5.8"
+                "squizlabs/php_codesniffer": "^3.7"
             },
             "type": "library",
             "autoload": {
@@ -1180,7 +1180,7 @@
                 }
             ],
             "description": "Slim Framework 4 CSRF protection PSR-15 middleware",
-            "homepage": "http://slimframework.com",
+            "homepage": "https://www.slimframework.com",
             "keywords": [
                 "csrf",
                 "framework",
@@ -1189,22 +1189,22 @@
             ],
             "support": {
                 "issues": "https://github.com/slimphp/Slim-Csrf/issues",
-                "source": "https://github.com/slimphp/Slim-Csrf/tree/1.2.1"
+                "source": "https://github.com/slimphp/Slim-Csrf/tree/1.3.0"
             },
-            "time": "2021-02-04T15:37:21+00:00"
+            "time": "2022-11-05T19:27:53+00:00"
         },
         {
             "name": "slim/slim",
-            "version": "4.10.0",
+            "version": "4.11.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/slimphp/Slim.git",
-                "reference": "0dfc7d2fdf2553b361d864d51af3fe8a6ad168b0"
+                "reference": "b0f4ca393ea037be9ac7292ba7d0a34d18bac0c7"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/slimphp/Slim/zipball/0dfc7d2fdf2553b361d864d51af3fe8a6ad168b0",
-                "reference": "0dfc7d2fdf2553b361d864d51af3fe8a6ad168b0",
+                "url": "https://api.github.com/repos/slimphp/Slim/zipball/b0f4ca393ea037be9ac7292ba7d0a34d18bac0c7",
+                "reference": "b0f4ca393ea037be9ac7292ba7d0a34d18bac0c7",
                 "shasum": ""
             },
             "require": {
@@ -1219,21 +1219,21 @@
                 "psr/log": "^1.1 || ^2.0 || ^3.0"
             },
             "require-dev": {
-                "adriansuter/php-autoload-override": "^1.2",
+                "adriansuter/php-autoload-override": "^1.3",
                 "ext-simplexml": "*",
-                "guzzlehttp/psr7": "^2.1",
+                "guzzlehttp/psr7": "^2.4",
                 "httpsoft/http-message": "^1.0",
                 "httpsoft/http-server-request": "^1.0",
-                "laminas/laminas-diactoros": "^2.8",
+                "laminas/laminas-diactoros": "^2.17",
                 "nyholm/psr7": "^1.5",
                 "nyholm/psr7-server": "^1.0",
                 "phpspec/prophecy": "^1.15",
                 "phpspec/prophecy-phpunit": "^2.0",
-                "phpstan/phpstan": "^1.4",
+                "phpstan/phpstan": "^1.8",
                 "phpunit/phpunit": "^9.5",
                 "slim/http": "^1.2",
                 "slim/psr7": "^1.5",
-                "squizlabs/php_codesniffer": "^3.6"
+                "squizlabs/php_codesniffer": "^3.7"
             },
             "suggest": {
                 "ext-simplexml": "Needed to support XML format in BodyParsingMiddleware",
@@ -1306,7 +1306,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-03-14T14:18:23+00:00"
+            "time": "2022-11-06T16:33:39+00:00"
         },
         {
             "name": "slim/twig-view",
@@ -1442,16 +1442,16 @@
         },
         {
             "name": "symfony/polyfill-ctype",
-            "version": "v1.26.0",
+            "version": "v1.27.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-ctype.git",
-                "reference": "6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4"
+                "reference": "5bbc823adecdae860bb64756d639ecfec17b050a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4",
-                "reference": "6fd1b9a79f6e3cf65f9e679b23af304cd9e010d4",
+                "url": "https://api.github.com/repos/symfony/polyfill-ctype/zipball/5bbc823adecdae860bb64756d639ecfec17b050a",
+                "reference": "5bbc823adecdae860bb64756d639ecfec17b050a",
                 "shasum": ""
             },
             "require": {
@@ -1466,7 +1466,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "1.26-dev"
+                    "dev-main": "1.27-dev"
                 },
                 "thanks": {
                     "name": "symfony/polyfill",
@@ -1504,7 +1504,7 @@
                 "portable"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.26.0"
+                "source": "https://github.com/symfony/polyfill-ctype/tree/v1.27.0"
             },
             "funding": [
                 {
@@ -1520,20 +1520,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-05-24T11:49:31+00:00"
+            "time": "2022-11-03T14:55:06+00:00"
         },
         {
             "name": "symfony/polyfill-mbstring",
-            "version": "v1.26.0",
+            "version": "v1.27.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-mbstring.git",
-                "reference": "9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e"
+                "reference": "8ad114f6b39e2c98a8b0e3bd907732c207c2b534"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e",
-                "reference": "9344f9cb97f3b19424af1a21a3b0e75b0a7d8d7e",
+                "url": "https://api.github.com/repos/symfony/polyfill-mbstring/zipball/8ad114f6b39e2c98a8b0e3bd907732c207c2b534",
+                "reference": "8ad114f6b39e2c98a8b0e3bd907732c207c2b534",
                 "shasum": ""
             },
             "require": {
@@ -1548,7 +1548,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "1.26-dev"
+                    "dev-main": "1.27-dev"
                 },
                 "thanks": {
                     "name": "symfony/polyfill",
@@ -1587,7 +1587,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.26.0"
+                "source": "https://github.com/symfony/polyfill-mbstring/tree/v1.27.0"
             },
             "funding": [
                 {
@@ -1603,20 +1603,20 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-05-24T11:49:31+00:00"
+            "time": "2022-11-03T14:55:06+00:00"
         },
         {
             "name": "symfony/polyfill-php81",
-            "version": "v1.26.0",
+            "version": "v1.27.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/polyfill-php81.git",
-                "reference": "13f6d1271c663dc5ae9fb843a8f16521db7687a1"
+                "reference": "707403074c8ea6e2edaf8794b0157a0bfa52157a"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/13f6d1271c663dc5ae9fb843a8f16521db7687a1",
-                "reference": "13f6d1271c663dc5ae9fb843a8f16521db7687a1",
+                "url": "https://api.github.com/repos/symfony/polyfill-php81/zipball/707403074c8ea6e2edaf8794b0157a0bfa52157a",
+                "reference": "707403074c8ea6e2edaf8794b0157a0bfa52157a",
                 "shasum": ""
             },
             "require": {
@@ -1625,7 +1625,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "1.26-dev"
+                    "dev-main": "1.27-dev"
                 },
                 "thanks": {
                     "name": "symfony/polyfill",
@@ -1666,7 +1666,7 @@
                 "shim"
             ],
             "support": {
-                "source": "https://github.com/symfony/polyfill-php81/tree/v1.26.0"
+                "source": "https://github.com/symfony/polyfill-php81/tree/v1.27.0"
             },
             "funding": [
                 {
@@ -1682,7 +1682,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-05-24T11:49:31+00:00"
+            "time": "2022-11-03T14:55:06+00:00"
         },
         {
             "name": "twig/twig",

php/containers.json

@@ -116,7 +116,7 @@
           "writeable": true
         },
         {
-          "name": "%TRUSTED_CACERTS_DIR%",
+          "name": "%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
           "location": "/usr/local/share/ca-certificates",
           "writeable": false
         }
@@ -153,10 +153,14 @@
         "IMAGINARY_ENABLED=%IMAGINARY_ENABLED%",
         "IMAGINARY_HOST=nextcloud-aio-imaginary",
         "PHP_UPLOAD_LIMIT=%NEXTCLOUD_UPLOAD_LIMIT%",
+        "PHP_MEMORY_LIMIT=%NEXTCLOUD_MEMORY_LIMIT%",
         "FULLTEXTSEARCH_ENABLED=%FULLTEXTSEARCH_ENABLED%",
         "FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch",
         "PHP_MAX_TIME=%NEXTCLOUD_MAX_TIME%",
-        "TRUSTED_CACERTS_DIR=%TRUSTED_CACERTS_DIR%"
+        "TRUSTED_CACERTS_DIR=%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
+        "STARTUP_APPS=%NEXTCLOUD_STARTUP_APPS%",
+        "ADDITIONAL_APKS=%NEXTCLOUD_ADDITIONAL_APKS%",
+        "ADDITIONAL_PHP_EXTENSIONS=%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%"
       ],
       "maxShutdownTime": 10,
       "restartPolicy": "unless-stopped"

php/psalm-baseline.xml

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="4.29.0@7ec5ffbd5f68ae03782d7fd33fff0c45a69f95b3">
+<files psalm-version="4.30.0@d0bc6e25d89f649e4f36a534f330f8bb4643dd69">
   <file src="public/index.php">
     <MissingClosureParamType occurrences="10">
       <code>$args</code>

php/public/index.php

@@ -22,6 +22,9 @@ ini_set('session.save_path', $dataConst->GetSessionDirectory());
 // Auto logout on browser close
 ini_set('session.cookie_lifetime', '0');
 
+# Keep session for 24h max
+ini_set('session.gc_maxlifetime', '86400');
+
 // Create app
 AppFactory::setContainer($container);
 $app = AppFactory::create();

php/src/ContainerDefinitionFetcher.php

@@ -120,7 +120,7 @@ class ContainerDefinitionFetcher
                     if($value['name'] === '') {
                         continue;
                     }
-                } elseif ($value['name'] === '%TRUSTED_CACERTS_DIR%') {
+                } elseif ($value['name'] === '%NEXTCLOUD_TRUSTED_CACERTS_DIR%') {
                     $value['name'] = $this->configurationManager->GetTrustedCacertsDir();
                     if($value['name'] === '') {
                         continue;

php/src/Cron/OutdatedNotification.php

@@ -0,0 +1,26 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Docker\DockerActionManager $dockerActionManger */
+$dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
+/** @var \AIO\ContainerDefinitionFetcher $containerDefinitionFetcher */
+$containerDefinitionFetcher = $container->get(\AIO\ContainerDefinitionFetcher::class);
+
+$id = 'nextcloud-aio-nextcloud';
+$nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id);
+
+$isNextcloudImageOutdated = $dockerActionManger->isNextcloudImageOutdated();
+
+if ($isNextcloudImageOutdated === true) {
+    $dockerActionManger->sendNotification($nextcloudContainer, 'AIO is outdated!', 'Please open the AIO interface or ask an administrator to update it. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which automatically updates all containers.', '/notify-all.sh');
+}
+

php/src/Data/ConfigurationManager.php

@@ -528,6 +528,13 @@ class ConfigurationManager
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
     }
 
+    public function GetNextcloudMemoryLimit() : string {
+        $envVariableName = 'NEXTCLOUD_MEMORY_LIMIT';
+        $configName = 'nextcloud_memory_limit';
+        $defaultValue = '512M';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
     public function GetApacheMaxSize() : int {
         $uploadLimit = (int)rtrim($this->GetNextcloudUploadLimit(), 'G');
         return $uploadLimit * 1024 * 1024 * 1024;
@@ -548,12 +555,26 @@ class ConfigurationManager
     }
 
     public function GetTrustedCacertsDir() : string {
-        $envVariableName = 'TRUSTED_CACERTS_DIR';
+        $envVariableName = 'NEXTCLOUD_TRUSTED_CACERTS_DIR';
         $configName = 'trusted_cacerts_dir';
         $defaultValue = '';
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
     }
 
+    public function GetNextcloudAdditionalApks() : string {
+        $envVariableName = 'NEXTCLOUD_ADDITIONAL_APKS';
+        $configName = 'nextcloud_additional_apks';
+        $defaultValue = 'imagemagick';
+        return trim($this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue));
+    }
+
+    public function GetNextcloudAdditionalPhpExtensions() : string {
+        $envVariableName = 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS';
+        $configName = 'nextcloud_additional_php_extensions';
+        $defaultValue = 'imagick';
+        return trim($this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue));
+    }
+
     public function GetCollaboraSeccompPolicy() : string {
         $defaultString = '--o:security.seccomp=';
         if ($this->GetCollaboraSeccompDisabledState() !== 'true') {
@@ -700,6 +721,14 @@ class ConfigurationManager
         return false;
     }
 
+    public function GetNextcloudStartupApps() : string {
+        $apps = getenv('NEXTCLOUD_STARTUP_APPS');
+        if (is_string($apps)) {
+            return trim($apps);
+        }
+        return 'twofactor_totp deck tasks calendar contacts apporder';
+    }
+
     public function GetCollaboraDictionaries() : string {
         $config = $this->GetConfig();
         if(!isset($config['collabora_dictionaries'])) {

php/src/Docker/DockerActionManager.php

@@ -312,9 +312,11 @@ class DockerActionManager
                     }
                 } elseif ($out[1] === 'NEXTCLOUD_UPLOAD_LIMIT') {
                     $replacements[1] = $this->configurationManager->GetNextcloudUploadLimit();
+                } elseif ($out[1] === 'NEXTCLOUD_MEMORY_LIMIT') {
+                    $replacements[1] = $this->configurationManager->GetNextcloudMemoryLimit();
                 } elseif ($out[1] === 'NEXTCLOUD_MAX_TIME') {
                     $replacements[1] = $this->configurationManager->GetNextcloudMaxTime();
-                } elseif ($out[1] === 'TRUSTED_CACERTS_DIR') {
+                } elseif ($out[1] === 'NEXTCLOUD_TRUSTED_CACERTS_DIR') {
                     $replacements[1] = $this->configurationManager->GetTrustedCacertsDir();
                 } elseif ($out[1] === 'ADDITIONAL_DIRECTORIES_BACKUP') {
                     if ($this->configurationManager->GetAdditionalBackupDirectoriesString() !== '') {
@@ -328,6 +330,12 @@ class DockerActionManager
                     $replacements[1] = $this->configurationManager->GetApacheMaxSize();
                 } elseif ($out[1] === 'COLLABORA_SECCOMP_POLICY') {
                     $replacements[1] = $this->configurationManager->GetCollaboraSeccompPolicy();
+                } elseif ($out[1] === 'NEXTCLOUD_STARTUP_APPS') {
+                    $replacements[1] = $this->configurationManager->GetNextcloudStartupApps();
+                } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_APKS') {
+                    $replacements[1] = $this->configurationManager->GetNextcloudAdditionalApks();
+                } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
+                    $replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
                 } else {
                     $replacements[1] = $this->configurationManager->GetSecret($out[1]);
                 }
@@ -532,7 +540,7 @@ class DockerActionManager
         return true;
     }
 
-    public function sendNotification(Container $container, string $subject, string $message) : void
+    public function sendNotification(Container $container, string $subject, string $message, string $file = '/notify.sh') : void
     {
         if ($this->GetContainerStartingState($container) instanceof RunningState) {
 
@@ -550,7 +558,7 @@ class DockerActionManager
                             'Tty' => true,
                             'Cmd' => [
                                 'bash',
-                                '/notify.sh',
+                                $file,
                                 $subject,
                                 $message
                             ],
@@ -731,4 +739,36 @@ class DockerActionManager
         }
         return false;
     }
+
+    private function GetCreatedTimeOfNextcloudImage() : ?string {
+        $imageName = 'nextcloud/aio-nextcloud' . ':' . $this->GetCurrentChannel();
+        try {
+            $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
+            $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true);
+
+            if (!isset($imageOutput['Created'])) {
+                error_log('Created is not set of image ' . $imageName);
+                return null;
+            }
+
+            return str_replace('T', ' ', $imageOutput['Created']);
+        } catch (\Exception $e) {
+            return null;
+        }
+    }
+
+    public function isNextcloudImageOutdated() : bool {
+        $createdTime = $this->GetCreatedTimeOfNextcloudImage();
+
+        if ($createdTime === null) {
+            return false;
+        }
+
+        // If the image is older than 90 days, it is outdated.
+        if ((time() - (60 * 60 * 24 * 90)) > strtotime($createdTime)) {
+            return true;
+        }
+
+        return false;
+    }
 }

php/templates/containers.twig

@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v2.1.1</h1>
+        <h1>Nextcloud AIO v3.1.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

php/templates/login.twig

@@ -14,8 +14,8 @@
                     <input type="submit" class="button" value="Log in" />
                 </form>
             {% else %}
-                <p>The login is blocked since Nextcloud is running. Please use the automatic login from your Nextcloud.<br><br>
-                You can unblock the login by running 'sudo docker stop nextcloud-aio-apache'.</p>
+                <p>The login is blocked since Nextcloud is running.<br>Please use the <a href="https://github.com/nextcloud/all-in-one#how-to-easily-log-in-to-the-aio-interface"><b>automatic login</b></a> from your Nextcloud.<br><br>
+                If that is not possible, you can unblock the login by running<br><b>sudo docker stop nextcloud-aio-apache</b></p>
             {% endif %}
         </div>
     </div>

readme.md

@@ -52,6 +52,21 @@ The following instructions are especially meant for Linux. For macOS see [this](
 
     </details>
 
+    <details>
+    <summary>Explanation of the command</summary>
+
+    - `sudo docker run` This command spins up a new docker container. Docker commands can optionally be used without `sudo` if the user is added to the docker group (this is not the same as docker rootless, see FAQ below).
+    - `--name nextcloud-aio-mastercontainer` This is the name of the container. This line is not allowed to be changed, since mastercontainer updates would fail.
+    - `--restart always` This is the "restart policy". `always` means that the container should always get started with the Docker daemon. See the Docker documentation for further detail about restart policies: https://docs.docker.com/config/containers/start-containers-automatically/
+    - `--publish 80:80` This means that port 80 of the container should get published on the host using port 80. It is used for getting valid certificates for the AIO interface if you want to use port 8443. It is not needed if you run AIO behind a reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.
+    - `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different host port if port 8080 is already used on your host, for example `--publish 8081:8080` (only the first port can be changed for the host, the second port is for the container and must remain at 8080).
+    - `--publish 8443:8443` This means that port 8443 of the container should get published on the host using port 8443. If you publish port 80 and 8443 to the public internet, you can access the AIO interface via this port with a valid certificate. It is not needed if you run AIO behind a reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.
+    - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
+    - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/discussions/500#discussioncomment-2740767 and the whole thread for options.
+    - `nextcloud/all-in-one:latest` or `nextcloud/all-in-one:latest-arm64` This is the docker container image that is used. See https://github.com/nextcloud/all-in-one/discussions/490 for why there are different images for the different CPU architectures.
+    - Further options can be set using environment variables, for example `--env TALK_PORT=3478`. To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml
+    </details>
+
 3. After the initial startup, you should be able to open the Nextcloud AIO Interface now on port 8080 of this server.<br>
 E.g. `https://ip.address.of.this.server:8080`<br><br>
 If your firewall/router has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:<br>
@@ -137,6 +152,7 @@ No and it will not be added. Please use a dedicated domain for Nextcloud and set
 The recommended way is to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your server that runs Nextcloud AIO. Below are some guides:
 - https://www.howtogeek.com/devops/how-to-run-your-own-dns-server-on-your-local-network/
 - https://howchoo.com/pi/pi-hole-setup together with https://docs.callitkarma.me/posts/PiHole-Local-DNS/
+- https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html
 
 ### How to skip the domain validation?
 If you are completely sure that you've configured everything correctly and are not able to pass the domain validation, you may skip the domain validation by adding `-e SKIP_DOMAIN_VALIDATION=true` to the docker run command of the mastercontainer.
@@ -274,7 +290,7 @@ sudo borg list "/mnt/backup/borg"
 sudo borg delete --stats --progress "/mnt/backup/borg::20220223_174237-nextcloud-aio"
 
 # If borg 1.2.0 or higher is installed, you then need to run borg compact in order to clean up the freed space
-sudo borg version
+sudo borg --version
 # If version number of the command above is higher than 1.2.0 you need to run the command below:
 sudo borg compact "/mnt/backup/"
 
@@ -325,7 +341,7 @@ if ! [ -d "$DRIVE_MOUNTPOINT" ]; then
     exit 1
 fi
 
-if ! grep -q " $DRIVE_MOUNTPOINT " /etc/fstab; then
+if ! grep -q "$DRIVE_MOUNTPOINT" /etc/fstab; then
     echo "Could not find the drive mountpoint in the fstab file. Did you add it there?"
     exit 1
 fi
@@ -439,12 +455,28 @@ By default are uploads to Nextcloud limited to a max of 10G. You can adjust the
 ### How to adjust the max execution time for Nextcloud?
 By default are uploads to Nextcloud limited to a max of 3600s. You can adjust the upload time limit by providing `-e NEXTCLOUD_MAX_TIME=3600` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a number e.g. `3600`.
 
+### How to adjust the PHP memory limit for Nextcloud?
+By default is each PHP process in the Nextcloud container limited to a max of 512 MB. You can adjust the memory limit by providing `-e NEXTCLOUD_MEMORY_LIMIT=512M` to the docker run command of the mastercontainer and customize the value to your fitting. It must start with a number and end with `M` e.g. `1024M`.
+
 ### What can I do to fix the internal or reserved ip-address error?
 If you get an error during the domain validation which states that your ip-address is an internal or reserved ip-address, you can fix this by first making sure that your domain indeed has the correct public ip-address that points to the server and then adding `--add-host yourdomain.com:<public-ip-address>` to the initial docker run command which will allow the domain validation to work correctly. And so that you know: even if the `A` record of your domain should change over time, this is no problem since the mastercontainer will not make any attempt to access the chosen domain after the initial domain validation.
 
 ### How to run this with docker rootless?
 You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md)
 
+### How to change the Nextcloud apps that are installed on the first startup?
+You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="twofactor_totp deck tasks calendar contacts apporder"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'.
+
+### How to add packets permanently to the Nextcloud container?
+Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is not recommended since we do not test Nextcloud apps that require external dependencies. 
+
+You can do so by adding `-e NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?name=&branch=v3.16&repo=&arch=&maintainer=. By default added is `imagemagick`. If you want to keep that, you need to specify it as well.
+
+### How to add PHP extensions permanently to the Nextcloud container?
+Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional php extensions into the Nextcloud container. However note that doing this is not recommended since we do not test Nextcloud apps that require additional php extensions. 
+
+You can do so by adding `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default added is `imagick`. If you want to keep that, you need to specify it as well.
+
 ### Huge docker logs
 When your containers run for a few days without a restart, the container logs that you can view from the AIO interface can get really huge. You can limit the loge sizes by enabling logrotate for docker container logs. Feel free to enable this by following those instructions: https://sandro-keil.de/blog/logrotate-for-docker-container/
 
@@ -497,11 +529,77 @@ What are the requirements?
 ### How to trust user-defiend Certification Authorities (CA)?
 For some applications it might be necessary to enstablish a secured connection to a host / server which is using a certificated issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against the Domain Controller (ActiveDirectory) of an organization
 
-You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `TRUSTED_CACERTS_DIR` when starting the AIO-mastercontainer. The value of the variables should be set to the absolute path to a directory on the host, which contains one or more Certification Authority's certificate. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted.
+You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` when starting the AIO-mastercontainer. The value of the variables should be set to the absolute path to a directory on the host, which contains one or more Certification Authority's certificate. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted.
 
-When using `docker run`, the environmental variable can be set with `-e TRUSTED_CACERTS_DIR=/path/to/my/cacerts`.
+When using `docker run`, the environmental variable can be set with `-e NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`.
 
 In order for the value to be valid, the path should start with `/` and not end with '/' and point to an existing **directory**. Pointing the variable directly to a certificate **file** will not work and may also break things.
 
 ### How to disable Collabora's Seccomp feature?
 The Collabora container enables Seccomp by default, which is a security feature of the Linux kernel. On systems without this kernel feature enabled, you need to provide `-e COLLABORA_SECCOMP_DISABLED=true` to the initial docker run command in order to make it work.
+
+### How to enable automatic updates without creating a backup beforehand?
+If you have an external backup solution, you might want to enable automatic updates without creating a backup first. However note that doing this is not recommended since you will not be able to easily create and restore a backup from the AIO interface anymore and you need to make sure to shut down all the containers properly before creating the backup, e.g. by stopping them from the AIO interface first. 
+
+But anyhow, is here a guide that helps you automate the whole procedure:
+
+<details>
+<summary>Click here to expand</summary>
+
+```bash
+#!/bin/bash
+
+# Stop the containers
+docker exec -e STOP_CONTAINERS=1 nextcloud-aio-mastercontainer /daily-backup.sh
+
+# Below is optional if you run AIO in a VM which will shut down the VM afterwards
+# poweroff
+
+```
+
+</details>
+
+You can simply copy and past the script into a file e.g. named `shutdown-script.sh` e.g. here: `/root/shutdown-script.sh`. 
+
+Afterwards apply the correct permissions with `sudo chown root:root /root/shutdown-script.sh` and `sudo chmod 700 /root/shutdown-script.sh`. Then you can create a cronjob that runs e.g. runs the script at `04:00` each day like this: 
+1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). 
+1. Add the following new line to the crontab if not already present: `0 4 * * * /root/shutdown-script.sh` which will run the script at 04:00 each day. 
+1. save and close the crontab (when using nano are the shortcuts for this `Ctrl + o` -> `Enter` and close the editor with `Ctrl + x`).
+
+
+**After that is in place, you should schedule a backup from your backup solution that creates a backup after AIO is shut down properly. Hint: If your backup runs on the same host, make sure to at least back up all docker volumes and additionally Nextclouds datadir, if it is not stored in a docker volume.**
+
+**Afterwards, you can create a second script that automatically updates the containers:**
+
+<details>
+<summary>Click here to expand</summary>
+
+```bash
+#!/bin/bash
+
+# Run container update once
+if ! docker exec -e AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh; then
+    while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
+        echo "Waiting for watchtower to stop"
+        sleep 30
+    done
+
+    while ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; do
+        echo "Waiting for Mastercontainer to start"
+        sleep 30
+    done
+
+    # Run container update another time to make sure that all containers are updated correctly.
+    docker exec -e AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh
+fi
+
+```
+
+</details>
+
+You can simply copy and past the script into a file e.g. named `automatic-updates.sh` e.g. here: `/root/automatic-updates.sh`.
+
+Afterwards apply the correct permissions with `sudo chown root:root /root/automatic-updates.sh` and `sudo chmod 700 /root/automatic-updates.sh`. Then you can create a cronjob that runs e.g. at `05:00` each day like this: 
+1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). 
+1. Add the following new line to the crontab if not already present: `0 5 * * * /root/automatic-updates.sh` which will run the script at 05:00 each day. 
+1. save and close the crontab (when using nano are the shortcuts for this `Ctrl + o` -> `Enter` and close the editor with `Ctrl + x`).

tests/QA/060-environmental-variables.md

@@ -8,11 +8,15 @@
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_DATADIR="/mnt/testdata"` it should map that location from `/mnt/testdata` to `/mnt/ncdata` inside the Nextcloud container. Not having adjusted the permissions correctly before starting the Nextcloud container the first time will not allow the Nextcloud container to start correctly. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir for allowed values.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_MOUNT="/mnt/"` it should map `/mnt/` to `/mnt/` inside the Nextcloud container. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host for allowed values.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_UPLOAD_LIMIT=11G` it should change Nextclouds upload limit to 11G. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud for allowed values.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_MEMORY_LIMIT=1024M` it should change Nextclouds PHP memory limit to 1024M. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud for allowed values.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_MAX_TIME=4000` it should change Nextclouds upload max time 4000s. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud for allowed values.
 - [ ] When starting the mastercontainer with `-e DOCKER_SOCKET_PATH="/var/run/docker.sock.raw"` it should map `/var/run/docker.sock.raw` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on macos and with docker rootless.
 - [ ] When starting the mastercontainer with `-e DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled.
-- [ ] When starting the mastercontainer with `-e TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
 See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
 - [ ] When starting the mastercontainer with `-e COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `twofactor_totp deck tasks calendar contacts apporder`.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed and not imagemagick.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension.
 
 You can now continue with [070-timezone-change.md](./070-timezone-change.md)