substitute borg --progress by borg -v

Signed-off-by: Simon L <szaimen@e.mail.de>
try to fix the borg check
2026-05-21 19:00:33 +00:00 · 2023-01-04 17:10:21 +01:00 · 2023-01-04 16:49:47 +01:00 · 2023-01-04 16:22:38 +01:00 · 2023-01-04 16:21:45 +01:00 · 2023-01-04 16:17:04 +01:00
76 changed files with 1241 additions and 899 deletions
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -11,6 +11,12 @@ labels: bug, 0. Needs triage
 * Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
 * Subscribe to receive notifications on status change and new comments. 

+
+<!---
+For issues with Collabora or Talk, make sure to follow https://github.com/nextcloud/all-in-one/discussions/1358. It may already resolve your issue and/or makes it easier to help you.
+--->
+
+
 <!--- Please fill out the whole template below -->
 ### Steps to reproduce
 1.
--- a/.github/workflows/command-rebase.yml
+++ b/.github/workflows/command-rebase.yml
@@ -37,7 +37,7 @@ jobs:
          token: ${{ secrets.COMMAND_BOT_PAT }}

      - name: Automatic Rebase
-        uses: cirrus-actions/rebase@1.7
+        uses: cirrus-actions/rebase@1.8
        env:
          GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}

--- a/.github/workflows/create-psalm-container.yml
+++ b/.github/workflows/create-psalm-container.yml
@@ -23,7 +23,7 @@ jobs:
      - name: Modify the Dockerfile
        run: |
          set -x
-          sed -i 's|FROM php:7.4-alpine|FROM php:8.0-alpine|' "psalm-github-actions/Dockerfile"
+          sed -i 's|FROM php:7.4-alpine|FROM php:8.1-alpine|' "psalm-github-actions/Dockerfile"
          cat << APCU >> "psalm-github-actions/Dockerfile"
          RUN mkdir -p /usr/src/php/ext/apcu && \
            curl -fsSL https://pecl.php.net/get/apcu | tar xvz -C "/usr/src/php/ext/apcu" --strip 1 && \
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -1,18 +1,20 @@
 name: dependency-updates

 on:
+  workflow_dispatch:
  schedule:
  - cron:  '00 12 * * *'

 jobs:
  dependency_updates:
    name: Run dependency update script
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    steps:
    - uses: actions/checkout@v3
    - uses: nanasess/setup-php@master
      with:
-        php-version: '8.0'
+        php-version: 8.1
+        extensions: apcu
    - name: Run dependency update script
      run: |
        set -x
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -23,7 +23,7 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        php-versions: ["8.0"]
+        php-versions: ["8.1"]

    name: php-lint

--- a/.github/workflows/lock-threads.yml
+++ b/.github/workflows/lock-threads.yml
@@ -14,7 +14,7 @@ jobs:
  action:
    runs-on: ubuntu-latest
    steps:
-      - uses: dessant/lock-threads@v3
+      - uses: dessant/lock-threads@v4
        with: 
          issue-inactive-days: '14'
          process-only: 'issues'
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -2,6 +2,7 @@
 name: nextcloud-update

 on:
+  workflow_dispatch:
  schedule:
  - cron:  '00 12 * * *'

@@ -57,7 +58,7 @@ jobs:
            | sort -V \
            | tail -1
        )"
-        sed -i "s|pecl install imagick.*|pecl install imagick-$imagick_version  >/dev/null|" ./Containers/nextcloud/start.sh
+        sed -i "s|pecl install imagick.*\;|pecl install imagick-$imagick_version\;|" ./Containers/nextcloud/Dockerfile

        # Nextcloud
        NC_MAJOR="$(grep "ENV NEXTCLOUD_VERSION" ./Containers/nextcloud/Dockerfile | grep -oP '[23][0-9]')"
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -13,10 +13,10 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
-      - name: Set up php8.0
+      - name: Set up php8.1
        uses: shivammathur/setup-php@v2
        with:
-          php-version: 8.0
+          php-version: 8.1
          extensions: apcu
          coverage: none

--- a/.github/workflows/psalm-analysis.yml
+++ b/.github/workflows/psalm-analysis.yml
@@ -12,10 +12,10 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
-      - name: Set up php8.0
+      - name: Set up php8.1
        uses: shivammathur/setup-php@v2
        with:
-          php-version: 8.0
+          php-version: 8.1
          extensions: apcu
          coverage: none

--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -12,10 +12,10 @@ jobs:
    steps:
      - uses: actions/checkout@v3

-      - name: Set up php8.0
+      - name: Set up php8.1
        uses: shivammathur/setup-php@v2
        with:
-          php-version: 8.0
+          php-version: 8.1
          extensions: apcu
          coverage: none

--- a/.gitignore
+++ b/.gitignore
@@ -5,4 +5,5 @@
 /php/vendor
 /manual-install/*.conf
 !/manual-install/sample.conf
-/manual-install/docker-compose.yml
+/manual-install/docker-compose.yml
+/manual-install/.env
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,7 +1,7 @@
 # Caddy is a requirement
 FROM caddy:2.6.2-alpine as caddy

-FROM debian:bullseye-20221024-slim
+FROM debian:bullseye-20221219-slim

 RUN mkdir -p /mnt/data; \
    chown www-data:www-data /mnt/data;
@@ -19,7 +19,6 @@ RUN set -ex; \
        openssl \
        netcat \
        dpkg-dev \
-        curl \
    ; \
    rm -rf /var/lib/apt/lists/*

--- a/Containers/apache/healthcheck.sh
+++ b/Containers/apache/healthcheck.sh
@@ -1,6 +1,7 @@
 #!/bin/bash

-curl -skfI localhost:8000 || exit 1
+nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
+nc -z localhost 8000 || exit 1
 if [ "$APACHE_PORT" != '443' ]; then
    nc -z localhost "$APACHE_PORT" || exit 1
 else
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -3,8 +3,8 @@ Listen 8000
    ServerName localhost

    # Add error log
-    CustomLog ${APACHE_LOG_DIR}/access.log combined
-    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog /proc/self/fd/1 combined
+    ErrorLog /proc/self/fd/2

    # PHP match
    <FilesMatch "\.php$">
--- a/Containers/apache/supervisord.conf
+++ b/Containers/apache/supervisord.conf
@@ -9,8 +9,8 @@ logfile_backups=10
 loglevel=error

 [program:apache]
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
+# stdout_logfile=/dev/stdout
+# stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=apachectl -DFOREGROUND
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:bullseye-20221024-slim
+FROM debian:bullseye-20221219-slim

 RUN set -ex; \
    \
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -66,7 +66,7 @@ if [ "$BORG_MODE" = backup ]; then

    # Test that nothing is empty
    for directory in "${VOLUME_DIRS[@]}"; do
-        if [ -z "$(ls -A "$directory")" ]; then
+        if [ -z "$(ls -A "$directory")" ] && [ "$directory" != "/nextcloud_aio_volumes/nextcloud_aio_elasticsearch" ]; then
            echo "$directory is empty which is not allowed."
            exit 1
        fi
@@ -88,6 +88,7 @@ if [ "$BORG_MODE" = backup ]; then
        if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
            echo "Cannot initialize a new repository as that was already done at least one time."
            echo "If you still want to do so, you may delete the 'borg.config' file that is stored in the mastercontainer volume manually, which will allow you to initialize a new borg repository in the chosen directory."
+            echo "By default it is stored here: /var/lib/docker/volumes/nextcloud_aio_mastercontainer/_data/data/borg.config"
            exit 1
        fi

@@ -126,7 +127,7 @@ if [ "$BORG_MODE" = backup ]; then
    # Borg options
    # auto,zstd compression seems to has the best ratio based on:
    # https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6
-    BORG_OPTS=(--stats --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)
+    BORG_OPTS=(-v --stats --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)

    # Create the backup
    echo "Starting the backup..."
@@ -173,16 +174,19 @@ if [ "$BORG_MODE" = backup ]; then
                    exit 1
                fi
            done
+            echo "Starting the backup for additional volumes..."
            if ! borg create "${BORG_OPTS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-docker-volumes" "/docker_volumes/"; then
                echo "Deleting the failed backup archive..."
                borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-docker-volumes"
                echo "Backup of additional docker-volumes failed!"
                exit 1
            fi
+            echo "Pruning additional volumes..."
            if ! borg prune --prefix '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
                echo "Failed to prune additional docker-volumes archives!"
                exit 1
            fi
+            echo "Compacting additional volumes..."
            if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
                echo "Failed to compact archives!"
                exit 1
@@ -200,16 +204,19 @@ if [ "$BORG_MODE" = backup ]; then
            do
                EXCLUDE_DIRS+=(--exclude "/host_mounts/$directory/")
            done
+            echo "Starting the backup for additional host mounts..."
            if ! borg create "${BORG_OPTS[@]}" "${EXCLUDE_DIRS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-host-mounts" "/host_mounts/"; then
                echo "Deleting the failed backup archive..."
                borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-host-mounts"
                echo "Backup of additional host-mounts failed!"
                exit 1
            fi
+            echo "Pruning additional host mounts..."
            if ! borg prune --prefix '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}"; then
                echo "Failed to prune additional host-mount archives!"
                exit 1
            fi
+            echo "Compacting additional host mounts..."
            if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
                echo "Failed to compact archives!"
                exit 1
@@ -257,11 +264,13 @@ if [ "$BORG_MODE" = restore ]; then

    # Restore everything except the configuration file
    if ! rsync --stats --archive --human-readable -vv --delete \
-    --exclude "nextcloud_aio_mastercontainer/session/"** \
+    --exclude "nextcloud_aio_apache/caddy/"** \
+    --exclude "nextcloud_aio_mastercontainer/caddy/"** \
    --exclude "nextcloud_aio_mastercontainer/certs/"** \
+    --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \
    --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
    --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
-    --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \
+    --exclude "nextcloud_aio_mastercontainer/session/"** \
    /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes; then
        echo "Something failed while restoring from backup."
        umount /tmp/borg
@@ -333,6 +342,9 @@ if [ "$BORG_MODE" = restore ]; then
    # Add file to Nextcloud container so that it performs a fingerprint update the next time
    touch "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/fingerprint.update"
    chmod 777 "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/fingerprint.update"
+
+    # Delete redis cache
+    rm -f "/mnt/redis/dump.rdb"
 fi

 # Do the Backup check
@@ -341,7 +353,7 @@ if [ "$BORG_MODE" = check ]; then
    echo "Checking the backup integrity..."

    # Perform the check
-    if ! borg check --verify-data "$BORG_BACKUP_DIRECTORY"; then
+    if ! borg check -v --verify-data "$BORG_BACKUP_DIRECTORY"; then
        echo "Some errors were found while checking the backup integrity!"
        exit 1
    fi
@@ -352,6 +364,23 @@ if [ "$BORG_MODE" = check ]; then
    exit 0
 fi

+# Do the Backup check-repair
+if [ "$BORG_MODE" = "check-repair" ]; then
+    get_start_time
+    echo "Checking the backup integrity and repairing it..."
+
+    # Perform the check-repair
+    if ! echo YES | borg check -v --repair "$BORG_BACKUP_DIRECTORY"; then
+        echo "Some errors were found while checking and repairing the backup integrity!"
+        exit 1
+    fi
+
+    # Inform user
+    get_expiration_time
+    echo "Check finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"
+    exit 0
+fi
+
 # Do the backup test
 if [ "$BORG_MODE" = test ]; then
    if ! [ -d "$BORG_BACKUP_DIRECTORY" ]; then
--- a/Containers/borgbackup/start.sh
+++ b/Containers/borgbackup/start.sh
@@ -20,7 +20,7 @@ export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes
 export BORG_RELOCATED_REPO_ACCESS_IS_OK=yes

 # Validate BORG_MODE
-if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ] && [ "$BORG_MODE" != test ]; then
+if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ] && [ "$BORG_MODE" != "check-repair" ] && [ "$BORG_MODE" != test ]; then
    echo "No correct BORG_MODE mode applied. Valid are 'backup', 'check', 'restore' and 'test'."
    exit 1
 fi
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,5 +1,5 @@
-# Probably from this file: https://github.com/Cisco-Talos/clamav/blob/main/Dockerfile
-FROM clamav/clamav:0.105.1
+# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/0.105/alpine/Dockerfile
+FROM clamav/clamav:0.105.1-7

 RUN apk add --update --no-cache tzdata
 COPY clamav.conf /tmp/
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.8.2.1
+FROM collabora/code:22.05.9.2.1

 USER root

--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,5 +1,5 @@
-FROM alpine:3.16.2
-RUN apk add --update --no-cache lighttpd bash curl netcat-openbsd
+FROM alpine:3.16.3
+RUN apk add --update --no-cache lighttpd bash netcat-openbsd

 RUN adduser -S www-data -G www-data
 RUN rm -rf /etc/lighttpd/lighttpd.conf
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,14 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:7.17.7
+FROM elasticsearch:7.17.8

 RUN elasticsearch-plugin install --batch ingest-attachment

-HEALTHCHECK CMD curl -skfI localhost:9200 || exit 1
+RUN set -ex; \
+    \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+        tzdata \
+    ; \
+    rm -rf /var/lib/apt/lists/*
+
+HEALTHCHECK CMD nc -z localhost 9200 || exit 1
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,16 +1,16 @@
 # From https://github.com/h2non/imaginary/blob/master/Dockerfile
-FROM nextcloud/imaginary:20221101
+FROM nextcloud/imaginary:20230101

 USER root
 RUN set -ex; \
    \
    apt-get update; \
    apt-get install -y --no-install-recommends \
-        ca-certificates \
-        curl \
        netcat \
    ; \
    rm -rf /var/lib/apt/lists/*
 USER nobody

+ENTRYPOINT ["/usr/local/bin/imaginary", "-return-size"]
+
 HEALTHCHECK CMD nc -z localhost 9000 || exit 1
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -5,7 +5,7 @@ FROM docker:20.10.21-dind-alpine3.16 as dind
 FROM caddy:2.6.2-alpine as caddy

 # From https://github.com/docker-library/php/blob/master/8.0/bullseye/apache/Dockerfile
-FROM php:8.0.25-apache-bullseye
+FROM php:8.1.13-apache-bullseye

 EXPOSE 80
 EXPOSE 8080
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -13,14 +13,14 @@ while true; do
            export START_CONTAINERS=1
        fi
        set +x
+        if [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
+            export LOCK_FILE_PRESENT=1
+        else
+            export LOCK_FILE_PRESENT=0
+        fi
    else
        export BACKUP_TIME="04:00"
        export DAILY_BACKUP=0
-    fi
-
-    if [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
-        export LOCK_FILE_PRESENT=1
-    else
        export LOCK_FILE_PRESENT=0
    fi

@@ -41,6 +41,9 @@ while true; do
    # Check for updates and send notification if yes
    sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateNotification.php

+    # Check if AIO is outdated
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/OutdatedNotification.php
+
    # Remove sessions older than 24h
    find "/mnt/docker-aio-config/session/" -mindepth 1 -mmin +1440 -delete

--- a/Containers/mastercontainer/mastercontainer.conf
+++ b/Containers/mastercontainer/mastercontainer.conf
@@ -1,9 +1,6 @@
 Listen 8000
 Listen 8080

-CustomLog ${APACHE_LOG_DIR}/access.log combined
-ErrorLog ${APACHE_LOG_DIR}/error.log
-
 # Deny access to .ht files
 <Files ".ht*">
    Require all denied
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -65,6 +65,17 @@ else
    sleep 10
 fi

+# Check Storage drivers
+STORAGE_DRIVER="$(docker info | grep "Storage Driver")"
+# Check if vfs is used: https://github.com/nextcloud/all-in-one/discussions/1467
+if echo "$STORAGE_DRIVER" | grep -q vfs; then
+    echo "$STORAGE_DRIVER"
+    echo "Warning: It seems like the storage driver vfs is used. This will lead to problems with disk space and performance and is disrecommended!"
+elif echo "$STORAGE_DRIVER" | grep -q fuse-overlayfs; then
+    echo "$STORAGE_DRIVER"
+    echo "Warning: It seems like the storage driver fuse-overlayfs is used. Please check if you can switch to overlay2 instead."
+fi
+
 # Check if startup command was executed correctly
 if ! sudo -u www-data docker ps | grep -q "nextcloud-aio-mastercontainer"; then
    echo "It seems like you did not give the mastercontainer the correct name?
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/nextcloud/docker/blob/master/23/fpm-alpine/Dockerfile
-FROM php:8.0.25-fpm-alpine3.16
+FROM php:8.0.26-fpm-alpine3.16

 # Custom: change id of www-data user as it needs to be the same like on old installations
 RUN set -ex; \
@@ -41,6 +41,16 @@ RUN set -ex; \
        postgresql-dev \
        libwebp-dev \
        gmp-dev \
+        lcms2-dev \
+        fontconfig-dev \
+        freetype-dev \
+        ghostscript-dev \
+        tiff-dev \
+        zlib-dev \
+        imagemagick-dev \
+        libheif-dev \
+        librsvg-dev \
+        libxext-dev \
    ; \
    \
    docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
@@ -53,7 +63,6 @@ RUN set -ex; \
        ldap \
        opcache \
        pcntl \
-        pdo_mysql \
        pdo_pgsql \
        zip \
        gmp \
@@ -63,6 +72,7 @@ RUN set -ex; \
    pecl install APCu-5.1.22; \
    pecl install memcached-3.2.0; \
    pecl install redis-5.3.7; \
+    pecl install imagick-3.7.0; \
    \
    docker-php-ext-enable \
        apcu \
@@ -104,7 +114,7 @@ RUN { \

 VOLUME /var/www/html

-ENV NEXTCLOUD_VERSION 24.0.7
+ENV NEXTCLOUD_VERSION 25.0.2

 RUN set -ex; \
    apk add --no-cache --virtual .fetch-deps \
@@ -123,7 +133,6 @@ RUN set -ex; \
    tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
    gpgconf --kill all; \
    rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
-    rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \
    mkdir -p /usr/src/nextcloud/data; \
    mkdir -p /usr/src/nextcloud/custom_apps; \
    chmod +x /usr/src/nextcloud/occ; \
@@ -200,6 +209,11 @@ RUN set -ex; \
        mawk \
        sudo \
        grep \
+        coreutils \
+        gcompat \
+        libjpeg \
+        librsvg \
+        libheif \
    ; \
    rm -rf /var/lib/apt/lists/*

@@ -209,7 +223,8 @@ RUN set -ex; \
    sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
    sed -i 's/^pm.start_servers =.*/pm.start_servers = 2/' /usr/local/etc/php-fpm.d/www.conf; \
    sed -i 's/^pm.min_spare_servers =.*/pm.min_spare_servers = 1/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's/^pm.max_spare_servers =.*/pm.max_spare_servers = 3/' /usr/local/etc/php-fpm.d/www.conf
+    sed -i 's/^pm.max_spare_servers =.*/pm.max_spare_servers = 3/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf

 RUN set -ex; \
    rm -rf /tmp/nextcloud-aio && \
@@ -227,13 +242,16 @@ RUN set -ex; \

 COPY start.sh /
 COPY notify.sh /
+COPY notify-all.sh /
 RUN set -ex; \
    chmod +x /start.sh && \
    chmod +x /entrypoint.sh && \
    chmod +r /upgrade.exclude && \
    chmod +x /cron.sh && \
    chmod +x /notify.sh && \
-    chmod +x /activate-collabora.sh
+    chmod +x /notify-all.sh && \
+    chmod +x /activate-collabora.sh && \
+    chmod +x /healthcheck.sh

 RUN set -ex; \
    mkdir /mnt/ncdata; \
@@ -247,4 +265,4 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 USER root
 ENTRYPOINT ["/start.sh"]

-HEALTHCHECK CMD (sudo -u www-data nc -z localhost 9000 && sudo -u www-data nc -z localhost 7867) || exit 1
+HEALTHCHECK CMD sudo -E -u www-data bash /healthcheck.sh
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -79,12 +79,27 @@ if [ -f "$NEXTCLOUD_DATA_DIR/update.failed" ]; then
    exit 1
 fi

+# Do not start the container if the install failed
+if [ -f "$NEXTCLOUD_DATA_DIR/install.failed" ]; then
+    echo "The initial Nextcloud installation failed."
+    echo "Please reset AIO properly and try again. For further clues what went wrong, check the logs above."
+    echo "See https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance"
+    exit 1
+fi
+
 # Skip any update if Nextcloud was just restored
 if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
    if version_greater "$image_version" "$installed_version"; then
        # Check if it skips a major version
        INSTALLED_MAJOR="${installed_version%%.*}"
        IMAGE_MAJOR="${image_version%%.*}"
+        
+        if [ "$installed_version" != "0.0.0.0" ]; then
+            # Write output to logfile.
+            exec > >(tee -i "/var/www/html/data/update.log")
+            exec 2>&1
+        fi
+
        if [ "$installed_version" != "0.0.0.0" ] && [ "$((IMAGE_MAJOR - INSTALLED_MAJOR))" -gt 1 ]; then
            set -ex
            NEXT_MAJOR="$((INSTALLED_MAJOR + 1))"
@@ -99,7 +114,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
            tar -xjf nextcloud.tar.bz2 -C /usr/src/tmp/
            gpgconf --kill all
            rm nextcloud.tar.bz2.asc nextcloud.tar.bz2
-            rm -rf "$GNUPGHOME" /usr/src/tmp/nextcloud/updater
            mkdir -p /usr/src/tmp/nextcloud/data
            mkdir -p /usr/src/tmp/nextcloud/custom_apps
            chmod +x /usr/src/tmp/nextcloud/occ
@@ -133,7 +147,19 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
            php /var/www/html/occ maintenance:mode --off

            echo "Getting and backing up the status of apps for later, this might take a while..."
-            php /var/www/html/occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
+            NC_APPS="$(find /var/www/html/custom_apps/ -type d -maxdepth 1 -mindepth 1 | sed 's|/var/www/html/custom_apps/||g')"
+            if [ -z "$NC_APPS" ]; then
+                echo "No apps detected, aborting export of app status..."
+                APPSTORAGE="no-export-done"
+            else
+                mapfile -t NC_APPS_ARRAY <<< "$NC_APPS"
+                declare -Ag APPSTORAGE
+                echo "Disabling apps before the update in order to make the update procedure more safe. This can take a while..."
+                for app in "${NC_APPS_ARRAY[@]}"; do
+                    APPSTORAGE[$app]=$(php /var/www/html/occ config:app:get "$app" enabled)
+                    php /var/www/html/occ app:disable "$app"
+                done
+            fi

            if [ "$((IMAGE_MAJOR - INSTALLED_MAJOR))" -eq 1 ]; then
                php /var/www/html/occ config:system:delete app_install_overwrite
@@ -158,6 +184,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                rsync -rlD --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
            fi
        done
+        rsync -rlD --delete --include '/config/' --exclude '/*' --exclude '/config/CAN_INSTALL' --exclude '/config/config.sample.php' --exclude '/config/config.php' /usr/src/nextcloud/ /var/www/html/
        rsync -rlD --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
        echo "Initializing finished"

@@ -184,12 +211,16 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
            done
            if [ "$try" -gt "$max_retries" ]; then
                echo "installing of nextcloud failed!"
+                touch "$NEXTCLOUD_DATA_DIR/install.failed"
                exit 1
            fi

            # unset admin password
            unset ADMIN_PASSWORD

+            # Post Install logs: For questions like https://help.nextcloud.com/t/nextcloud-aio-error-could-not-get-appdata-folder-after-container-has-already-written-data-in-it/151122/5
+            echo "Install errors: $(cat /var/www/html/data/nextcloud.log)"
+
            # Apply log settings
            echo "Applying default settings..."
            mkdir -p /var/www/html/data
@@ -232,19 +263,25 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
            if [ -n "$STARTUP_APPS" ]; then
                read -ra STARTUP_APPS_ARRAY <<< "$STARTUP_APPS"
                for app in "${STARTUP_APPS_ARRAY[@]}"; do
-                    php /var/www/html/occ app:install "$app"
+                    if ! echo "$app" | grep -q '^-'; then 
+                        if [ -z "$(find /var/www/html/apps -type d -maxdepth 1 -mindepth 1 -name "$app" )" ]; then
+                            # If not shipped, install and enable the app
+                            php /var/www/html/occ app:install "$app"
+                        else
+                            # If shipped, enable the app
+                            php /var/www/html/occ app:enable "$app"
+                        fi
+                    else
+                        app="${app#-}"
+                        # Disable the app if '-' was provided in front of the appid
+                        php /var/www/html/occ app:disable "$app"
+                    fi
                done
            fi

        #upgrade
        else
            touch "$NEXTCLOUD_DATA_DIR/update.failed"
-            while [ -n "$(pgrep -f cron.php)" ]
-            do
-                echo "Waiting for Nextclouds cronjob to finish..."
-                sleep 5
-            done
-
            echo "Upgrading nextcloud from $installed_version to $image_version..."
            if ! php /var/www/html/occ upgrade || ! php /var/www/html/occ -V; then
                echo "Upgrade failed. Please restore from backup."
@@ -255,10 +292,35 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
            rm "$NEXTCLOUD_DATA_DIR/update.failed"
            bash /notify.sh "Nextcloud update to $image_version successful!" "Feel free to inspect the Nextcloud container logs for more info."

-            php /var/www/html/occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
-            echo "The following apps have been disabled:"
-            diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
-            rm -f /tmp/list_before /tmp/list_after
+            php /var/www/html/occ app:update --all
+
+            # Restore app status
+            if [ "${APPSTORAGE[0]}" != "no-export-done" ]; then
+                echo "Restoring the status of apps. This can take a while..."
+                for app in "${!APPSTORAGE[@]}"; do
+                    if [ -n "${APPSTORAGE[$app]}" ]; then
+                        if [ "${APPSTORAGE[$app]}" != "no" ]; then
+                            echo "Enabling $app..."
+                            if ! php /var/www/html/occ app:enable "$app" >/dev/null; then
+                                echo "The $app app could not get enabled. Probably because it is not compatible with the new Nextcloud version."
+                                if [ "$app" = apporder ]; then
+                                    CUSTOM_HINT="The apporder app was deprecated. A possible replacement is the side_menu app, aka 'Custom menu'."
+                                else
+                                    CUSTOM_HINT="Most likely because it is not compatible with the new Nextcloud version."
+                                fi
+                                bash /notify.sh "Could not enable the $app app after the Nextcloud update!" "$CUSTOM_HINT Feel free to look at the Nextcloud update logs and force-enable the app again from the app-store UI."
+                                continue
+                            fi
+                            # Only restore the group settings, if the app was enabled (and is thus compatible with the new NC version)
+                            if [ "${APPSTORAGE[$app]}" != "yes" ]; then
+                                php /var/www/html/occ config:app:set "$app" enabled --value="${APPSTORAGE[$app]}"
+                            fi
+                        fi
+                    fi
+                done
+            fi
+
+            php /var/www/html/occ app:update --all

            # Apply optimization
            echo "Doing some optimizations..."
@@ -287,6 +349,9 @@ fi
 # If not, something broke (e.g. changing ncdatadir after aio was first started)
 if [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
    echo "Appdata is not present. Did you maybe change the datadir after aio was first started?"
+    echo "See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir"
+    echo "In the datadir was found:"
+    ls -la "$NEXTCLOUD_DATA_DIR/"
    exit 1
 fi

@@ -362,6 +427,44 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
    php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$NC_DOMAIN/"
    # Fix https://github.com/nextcloud/all-in-one/issues/188:
    php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
+    # Make collabora more save
+    COLLABORA_IPv4_ADDRESS="$(echo "<?php echo gethostbyname('$NC_DOMAIN');" | php | head -1)"
+    COLLABORA_IPv6_Address="<?php \$record = dns_get_record('$NC_DOMAIN', DNS_AAAA);"
+    # shellcheck disable=SC2016
+    COLLABORA_IPv6_Address+='if (!empty($record)) {echo $record[0]["ipv6"];}'
+    COLLABORA_IPv6_Address="$(echo "$COLLABORA_IPv6_Address" | php | head -1)"
+    COLLABORA_ALLOW_LIST="$(php /var/www/html/occ config:app:get richdocuments wopi_allowlist)"
+    if [ -n "$COLLABORA_IPv4_ADDRESS" ]; then
+        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv4_ADDRESS"; then
+            if [ -z "$COLLABORA_ALLOW_LIST" ]; then
+                COLLABORA_ALLOW_LIST="$COLLABORA_IPv4_ADDRESS"
+            else
+                COLLABORA_ALLOW_LIST+=",$COLLABORA_IPv4_ADDRESS"
+            fi
+        fi
+    else
+        echo "Warning: No ipv4-address found for $NC_DOMAIN."
+    fi
+    if [ -n "$COLLABORA_IPv6_ADDRESS" ]; then
+        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv6_ADDRESS"; then
+            if [ -z "$COLLABORA_ALLOW_LIST" ]; then
+                COLLABORA_ALLOW_LIST="$COLLABORA_IPv6_ADDRESS"
+            else
+                COLLABORA_ALLOW_LIST+=",$COLLABORA_IPv6_ADDRESS"
+            fi
+        fi
+    else
+        echo "No ipv6-address found for $NC_DOMAIN."
+    fi
+    if [ -n "$COLLABORA_ALLOW_LIST" ]; then
+        PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1'
+        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$PRIVATE_IP_RANGES"; then
+            COLLABORA_ALLOW_LIST+=",$PRIVATE_IP_RANGES"
+        fi
+        php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value="$COLLABORA_ALLOW_LIST"
+    else
+        echo "Warning: wopi_allowlist is empty which should not be the case!"
+    fi
 else
    if [ -d "/var/www/html/custom_apps/richdocuments" ]; then
        php /var/www/html/occ app:remove richdocuments
@@ -402,7 +505,7 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
    fi
    # Based on https://github.com/nextcloud/spreed/issues/960#issuecomment-416993435
    if [ -z "$(php /var/www/html/occ talk:turn:list --output="plain")" ]; then
-        php /var/www/html/occ talk:turn:add "$NC_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
+        php /var/www/html/occ talk:turn:add turn "$NC_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
    fi
    if php /var/www/html/occ talk:stun:list --output="plain" | grep -oP '[a-zA-Z.:0-9]+' | grep -q "^stun.nextcloud.com:443$"; then
        php /var/www/html/occ talk:stun:add "$NC_DOMAIN:$TALK_PORT"
--- a/Containers/nextcloud/healthcheck.sh
+++ b/Containers/nextcloud/healthcheck.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+nc -z "$POSTGRES_HOST" 5432 || exit 0
+
+if ! nc -z localhost 9000 || ! nc -z localhost 7867; then
+    exit 1
+fi
--- a/Containers/nextcloud/notify-all.sh
+++ b/Containers/nextcloud/notify-all.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+if [[ "$EUID" = 0 ]]; then
+    COMMAND=(sudo -E -u www-data php /var/www/html/occ)
+else
+    COMMAND=(php /var/www/html/occ)
+fi
+
+SUBJECT="$1"
+MESSAGE="$2"
+
+if [ "$("${COMMAND[@]}" config:app:get notifications enabled)" = "no" ]; then
+    echo "Cannot send notification as notification app is not enabled."
+    exit 1
+fi
+
+echo "Posting notifications to all users..."
+NC_USERS=$("${COMMAND[@]}" user:list | sed 's|^  - ||g' | sed 's|:.*||')
+mapfile -t NC_USERS <<< "$NC_USERS"
+for user in "${NC_USERS[@]}"
+do
+    echo "Posting '$SUBJECT' to: $user"
+    "${COMMAND[@]}" notification:generate "$user" "$NC_DOMAIN: $SUBJECT" -l "$MESSAGE"
+done
+
+echo "Done!"
+exit 0
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -17,9 +17,11 @@ if [ -f "/var/www/html/config/config.php" ]; then
        echo "Waiting for the database to start..."
        sleep 5
    done
-    # The code below is hopefully not needed anymore. Was introduced with https://github.com/nextcloud/all-in-one/pull/218
-    # sed -i "s|'dbuser'.*=>.*$|'dbuser' => '$POSTGRES_USER',|" /var/www/html/config/config.php
-    # sed -i "s|'dbpassword'.*=>.*$|'dbpassword' => '$POSTGRES_PASSWORD',|" /var/www/html/config/config.php
+    if [ "$POSTGRES_USER" = "oc_nextcloud" ] && echo "$POSTGRES_PASSWORD" | grep -q '^[a-z0-9]\+$'; then
+        # this was introduced with https://github.com/nextcloud/all-in-one/pull/218
+        sed -i "s|'dbuser'.*=>.*$|'dbuser' => '$POSTGRES_USER',|" /var/www/html/config/config.php
+        sed -i "s|'dbpassword'.*=>.*$|'dbpassword' => '$POSTGRES_PASSWORD',|" /var/www/html/config/config.php
+    fi
 fi

 # Trust additional Cacerts, if the user provided $TRUSTED_CACERTS_DIR
@@ -28,6 +30,18 @@ if [ -n "$TRUSTED_CACERTS_DIR" ]; then
    update-ca-certificates
 fi

+# Check if /dev/dri device is present and apply correct permissions
+set -x
+if ! [ -f "/dev-dri-group-was-added" ] && [ -n "$(find /dev -maxdepth 1 -mindepth 1 -name dri)" ] && [ -n "$(find /dev/dri -maxdepth 1 -mindepth 1 -name renderD128)" ]; then
+    # From https://github.com/pulsejet/memories/wiki/QSV-Transcoding#docker-installations
+    GID="$(stat -c "%g" /dev/dri/renderD128)"
+    groupadd -g "$GID" render2 || true # sometimes this is needed
+    GROUP="$(getent group "$GID" | cut -d: -f1)"
+    usermod -aG "$GROUP" www-data
+    touch "/dev-dri-group-was-added"
+fi
+set +x
+
 # Check datadir permissions
 sudo -u www-data touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
 if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
@@ -55,21 +69,25 @@ if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
    if ! [ -f "/additional-php-extensions-are-installed" ]; then
        read -ra ADDITIONAL_PHP_EXTENSIONS_ARRAY <<< "$ADDITIONAL_PHP_EXTENSIONS"
        for app in "${ADDITIONAL_PHP_EXTENSIONS_ARRAY[@]}"; do
+            if [ "$app" = imagick ]; then
+                echo "Enabling Imagick..."
+                if ! docker-php-ext-enable imagick >/dev/null; then
+                    echo "Could not install PHP extension imagick!"
+                fi
+                continue
+            fi
            # shellcheck disable=SC2086
            if [ "$PHP_DEPS_ARE_INSTALLED" != 1 ]; then
                echo "Installing PHP build dependencies..."
-                if ! apk add --no-cache --virtual .build-deps libxml2-dev imagemagick-dev autoconf $PHPIZE_DEPS >/dev/null; then
+                    if ! apk add --no-cache --virtual .build-deps \
+                        libxml2-dev \
+                        autoconf \
+                        $PHPIZE_DEPS >/dev/null; then
                    echo "Could not install build-deps!"
                fi
                PHP_DEPS_ARE_INSTALLED=1
            fi
-            if [ "$app" = imagick ]; then
-                echo "Installing Imagick via PECL..."
-                pecl install imagick-3.7.0 >/dev/null
-                if ! docker-php-ext-enable imagick >/dev/null; then
-                    echo "Could not install PHP extension imagick!"
-                fi
-            elif [ "$app" = inotify ]; then
+            if [ "$app" = inotify ]; then
                echo "Installing $app via PECL..."
                pecl install "$app" >/dev/null
                if ! docker-php-ext-enable "$app" >/dev/null; then
--- a/Containers/nextcloud/supervisord.conf
+++ b/Containers/nextcloud/supervisord.conf
@@ -12,8 +12,8 @@ user=root
 [program:php-fpm]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
-# stderr_logfile=/dev/stderr
-# stderr_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
 command=php-fpm
 user=root

--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,4 +1,4 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.2.1.34
+FROM onlyoffice/documentserver:7.2.2.56

-HEALTHCHECK CMD curl -skfI localhost || exit 1
+HEALTHCHECK CMD nc -z localhost 80 || exit 1
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,5 +1,5 @@
-# From https://github.com/docker-library/postgres/blob/master/13/alpine/Dockerfile
-FROM postgres:14.5-alpine
+# From https://github.com/docker-library/postgres/blob/master/14/alpine/Dockerfile
+FROM postgres:14.6-alpine

 RUN apk add --update --no-cache bash openssl shadow netcat-openbsd grep mawk

@@ -17,9 +17,12 @@ RUN set -ex; \
    chown -R postgres:postgres "$PGDATA"

 COPY start.sh /usr/bin/
+COPY healthcheck.sh /usr/bin/
 COPY init-user-db.sh /docker-entrypoint-initdb.d/
-RUN chmod +x /usr/bin/start.sh; \
-    chmod +xr /docker-entrypoint-initdb.d/init-user-db.sh
+RUN set -ex; \
+    chmod +x /usr/bin/start.sh; \
+    chmod +xr /docker-entrypoint-initdb.d/init-user-db.sh; \
+    chmod +x /usr/bin/healthcheck.sh

 RUN mkdir /mnt/data; \
    chown postgres:postgres /mnt/data;
@@ -32,4 +35,4 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 USER postgres
 ENTRYPOINT ["start.sh"]

-HEALTHCHECK CMD psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/$POSTGRES_DB" -c "select now()" || exit 1
+HEALTHCHECK CMD healthcheck.sh
--- a/Containers/postgresql/healthcheck.sh
+++ b/Containers/postgresql/healthcheck.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+test -f "/mnt/data/backup-is-running" && exit 0
+
+psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/$POSTGRES_DB" -c "select now()" || exit 1
--- a/Containers/postgresql/init-user-db.sh
+++ b/Containers/postgresql/init-user-db.sh
@@ -1,9 +1,13 @@
 #!/bin/bash
 set -ex

+touch "$DUMP_DIR/initialization.failed"
+
 psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
 	CREATE USER "oc_$POSTGRES_USER" WITH PASSWORD '$POSTGRES_PASSWORD' CREATEDB;
 	ALTER DATABASE "$POSTGRES_DB" OWNER TO "oc_$POSTGRES_USER";
 EOSQL

+rm "$DUMP_DIR/initialization.failed"
+
 set +ex
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -2,13 +2,15 @@

 # Variables
 DATADIR="/var/lib/postgresql/data"
-DUMP_DIR="/mnt/data"
+export DUMP_DIR="/mnt/data"
 DUMP_FILE="$DUMP_DIR/database-dump.sql"
 export PGPASSWORD="$POSTGRES_PASSWORD"

 # Don't start database as long as backup is running
 while [ -f "$DUMP_DIR/backup-is-running" ]; do
    echo "Waiting for backup container to finish..."
+    echo "If this is incorrect because the backup container is not running anymore (because it was forcefully killed), you might delete the lock file which is by default stored here:"
+    echo "/var/lib/docker/volumes/nextcloud_aio_database_dump/_data/backup-is-running"
    sleep 10
 done

@@ -18,6 +20,23 @@ if ! [ -w "$DUMP_DIR" ]; then
    exit 1
 fi

+# Don't start if import failed
+if [ -f "$DUMP_DIR/import.failed" ]; then
+    echo "The database import failed. Please restore a backup and try again."
+    echo "For further clues on what went wrong, look at the logs above."
+    exit 1
+fi
+
+# Don't start if initialization failed
+if [ -f "$DUMP_DIR/initialization.failed" ]; then
+    echo "The database initialization failed. Most likely was a wrong timezone selected."
+    echo "The selected timezone is '$TZ'." 
+    echo "Please check if it is in 'TZ database name' column of the timezone list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"
+    echo "For further clues on what went wrong, look at the logs above."
+    echo "You might start again from scratch by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance and selecting a proper timezone."
+    exit 1
+fi
+
 # Delete the datadir once (needed for setting the correct credentials on old instances once)
 if ! [ -f "$DUMP_DIR/export.failed" ] && ! [ -f "$DUMP_DIR/initial-cleanup-done" ]; then
    set -ex
@@ -43,9 +62,16 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
        exit 1
    fi

+    # Write output to logfile.
+    exec > >(tee -i "$DUMP_DIR/database-import.log")
+    exec 2>&1
+
    # Inform
    echo "Restoring from database dump."

+    # Add import.failed file
+    touch "$DUMP_DIR/import.failed"
+
    # Exit if any command fails
    set -ex

@@ -74,7 +100,12 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO

    # Get the Owner
    DB_OWNER="$(grep "$GREP_STRING" "$DUMP_FILE" | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g')"
-    if [ "$DB_OWNER" != "oc_$POSTGRES_USER" ]; then
+    if [ "$DB_OWNER" = "$POSTGRES_USER" ]; then
+        echo "Unfortunately was the found database owner of the dump file the same as the POSTGRES_USER $POSTGRES_USER"
+        echo "It is not possible to import a database dump from this database owner."
+        echo "However you might rename the owner in the dumpfile to something else."
+        exit 1
+    elif [ "$DB_OWNER" != "oc_$POSTGRES_USER" ]; then
        DIFFERENT_DB_OWNER=1
        psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
            CREATE USER "$DB_OWNER" WITH PASSWORD '$POSTGRES_PASSWORD' CREATEDB;
@@ -102,6 +133,9 @@ EOSQL

    # Don't exit if command fails anymore
    set +ex
+
+    # Remove import failed file if everything went correctly
+    rm "$DUMP_DIR/import.failed"
 fi

 # Cover the last case
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/redis/blob/master/6.2/alpine/Dockerfile
-FROM redis:6.2.7-alpine
+FROM redis:6.2.8-alpine

 RUN apk add --update --no-cache openssl bash

--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:focal-20221019
+FROM ubuntu:focal-20221130

 RUN set -ex; \
    \
@@ -53,11 +53,13 @@ RUN curl -sL -o "/usr/share/janus/lua/json.lua" "https://raw.githubusercontent.c

 RUN mkdir -p /etc/nats; \
    echo "listen: 127.0.0.1:4222" > /etc/nats/nats.conf; \
+    mkdir /var/lib/turn; \
    chown talk:talk /etc; \
    chown talk:talk -R /etc/nats; \
    chown talk:talk -R /etc/janus; \
    chown talk:talk -R /etc/signaling; \
-    chown talk:talk -R /usr
+    chown talk:talk -R /usr; \
+    chown talk:talk -R /var/lib/turn;

 # Give root a random password
 RUN echo "root:$(openssl rand -base64 12)" | chpasswd
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -15,7 +15,7 @@ elif [ -z "$SIGNALING_SECRET" ]; then
    exit 1
 fi

-# Turn
+# Turn: https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf
 cat << TURN_CONF > "/etc/turnserver.conf"
 listening-port=$TALK_PORT
 fingerprint
@@ -29,6 +29,9 @@ stale-nonce
 no-multicast-peers
 simple-log
 pidfile=/var/tmp/turnserver.pid
+no-tls
+no-dtls
+userdb=/var/lib/turn/turndb
 TURN_CONF

 # Janus
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,7 +1,7 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.5.1 as watchtower

-FROM alpine:3.16.2
+FROM alpine:3.16.3

 RUN apk add --update --no-cache bash
 COPY --from=watchtower /watchtower /
--- a/Containers/watchtower/start.sh
+++ b/Containers/watchtower/start.sh
@@ -10,7 +10,7 @@ elif ! test -r /var/run/docker.sock; then
 fi

 if [ -n "$CONTAINER_TO_UPDATE" ]; then
-    exec /watchtower --cleanup --run-once "$CONTAINER_TO_UPDATE"
+    exec /watchtower --cleanup --debug --run-once "$CONTAINER_TO_UPDATE"
 else
    echo "'CONTAINER_TO_UPDATE' is not set. Cannot update anything."
    exit 1
--- a/app/appinfo/info.xml
+++ b/app/appinfo/info.xml
@@ -5,7 +5,7 @@
 	<name>Nextcloud All In One</name>
 	<summary>Provides a login link for admins.</summary>
 	<description>Add a link to the admin settings that gives access to the Nextcloud All In One admin interface</description>
-	<version>0.2.0</version>
+	<version>0.3.0</version>
 	<licence>agpl</licence>
 	<author>Azul</author>
 	<namespace>AllInOne</namespace>
@@ -13,7 +13,7 @@
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="23" max-version="24"/>
+		<nextcloud min-version="24" max-version="25"/>
 	</dependencies>

 	<settings>
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,7 +11,7 @@ services:
    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed
-      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation
+      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'DOCKER_SOCKET_PATH'!
    ports:
      - 80:80 # Can be removed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
      - 8080:8080
@@ -19,19 +19,20 @@ services:
    # environment: # Is needed when using any of the options below
      # - APACHE_PORT=11000 # Is needed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
      # - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a reverse proxy that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-      # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
+      # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
+      # - DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail.
+      # - DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface.
      # - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
      # - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
-      # - DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail.
-      # - DISABLE_BACKUP_SECTION=true # Setting this to true allows to hide the backup section in the AIO interface.
      # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
      # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
      # - NEXTCLOUD_MEMORY_LIMIT=512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
      # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
-      # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
-      # - NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
+      # - NEXTCLOUD_STARTUP_APPS=deck twofactor_totp tasks calendar contacts # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
      # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container
      # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
+      # - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container which is needed for hardware-transcoding. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
+      # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.

  # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
  # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
--- a/manual-install/latest-arm64.yml
+++ b/manual-install/latest-arm64.yml
@@ -1,199 +0,0 @@
-version: "3.8"
-
-services:
-  nextcloud-aio-apache:
-    container_name: nextcloud-aio-apache
-    depends_on:
-      - nextcloud-aio-onlyoffice
-      - nextcloud-aio-collabora
-      - nextcloud-aio-talk
-      - nextcloud-aio-nextcloud
-    image: nextcloud/aio-apache:latest-arm64
-    ports:
-      - ${APACHE_PORT}:${APACHE_PORT}/tcp
-    environment:
-      - NC_DOMAIN=${NC_DOMAIN}
-      - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
-      - COLLABORA_HOST=nextcloud-aio-collabora
-      - TALK_HOST=nextcloud-aio-talk
-      - APACHE_PORT=${APACHE_PORT}
-      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
-      - TZ=${TIMEZONE}
-      - APACHE_MAX_SIZE=${APACHE_MAX_SIZE}
-      - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
-    volumes:
-      - nextcloud_aio_nextcloud:/var/www/html:ro
-      - nextcloud_aio_apache:/mnt/data:rw
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-database:
-    container_name: nextcloud-aio-database
-    image: nextcloud/aio-postgresql:latest-arm64
-    volumes:
-      - nextcloud_aio_database:/var/lib/postgresql/data:rw
-      - nextcloud_aio_database_dump:/mnt/data:rw
-    environment:
-      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
-      - POSTGRES_DB=nextcloud_database
-      - POSTGRES_USER=nextcloud
-      - TZ=${TIMEZONE}
-      - PGTZ=${TIMEZONE}
-    stop_grace_period: 1800s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-nextcloud:
-    container_name: nextcloud-aio-nextcloud
-    depends_on:
-      - nextcloud-aio-database
-      - nextcloud-aio-redis
-      - nextcloud-aio-fulltextsearch
-      - nextcloud-aio-imaginary
-    image: nextcloud/aio-nextcloud:latest-arm64
-    volumes:
-      - nextcloud_aio_nextcloud:/var/www/html:rw
-      - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
-      - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
-      - ${TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
-    environment:
-      - POSTGRES_HOST=nextcloud-aio-database
-      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
-      - POSTGRES_DB=nextcloud_database
-      - POSTGRES_USER=nextcloud
-      - REDIS_HOST=nextcloud-aio-redis
-      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
-      - AIO_TOKEN=${AIO_TOKEN}
-      - NC_DOMAIN=${NC_DOMAIN}
-      - ADMIN_USER=admin
-      - ADMIN_PASSWORD=${NEXTCLOUD_PASSWORD}
-      - NEXTCLOUD_DATA_DIR=/mnt/ncdata
-      - OVERWRITEHOST=${NC_DOMAIN}
-      - OVERWRITEPROTOCOL=https
-      - TURN_SECRET=${TURN_SECRET}
-      - SIGNALING_SECRET=${SIGNALING_SECRET}
-      - ONLYOFFICE_SECRET=${ONLYOFFICE_SECRET}
-      - AIO_URL=${AIO_URL}
-      - NEXTCLOUD_MOUNT=${NEXTCLOUD_MOUNT}
-      - ONLYOFFICE_ENABLED=${ONLYOFFICE_ENABLED}
-      - COLLABORA_ENABLED=${COLLABORA_ENABLED}
-      - COLLABORA_HOST=nextcloud-aio-collabora
-      - TALK_ENABLED=${TALK_ENABLED}
-      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
-      - UPDATE_NEXTCLOUD_APPS=${UPDATE_NEXTCLOUD_APPS}
-      - TZ=${TIMEZONE}
-      - TALK_PORT=${TALK_PORT}
-      - IMAGINARY_ENABLED=${IMAGINARY_ENABLED}
-      - IMAGINARY_HOST=nextcloud-aio-imaginary
-      - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
-      - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED}
-      - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
-      - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
-      - TRUSTED_CACERTS_DIR=${TRUSTED_CACERTS_DIR}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-redis:
-    container_name: nextcloud-aio-redis
-    image: nextcloud/aio-redis:latest-arm64
-    environment:
-      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
-      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-collabora:
-    container_name: nextcloud-aio-collabora
-    image: nextcloud/aio-collabora:latest-arm64
-    environment:
-      - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY}
-      - dictionaries=${COLLABORA_DICTIONARIES}
-      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-talk:
-    container_name: nextcloud-aio-talk
-    image: nextcloud/aio-talk:latest-arm64
-    ports:
-      - ${TALK_PORT}:${TALK_PORT}/tcp
-      - ${TALK_PORT}:${TALK_PORT}/udp
-    environment:
-      - NC_DOMAIN=${NC_DOMAIN}
-      - TURN_SECRET=${TURN_SECRET}
-      - SIGNALING_SECRET=${SIGNALING_SECRET}
-      - JANUS_API_KEY=${JANUS_API_KEY}
-      - TZ=${TIMEZONE}
-      - TALK_PORT=${TALK_PORT}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-onlyoffice:
-    container_name: nextcloud-aio-onlyoffice
-    image: nextcloud/aio-onlyoffice:latest-arm64
-    environment:
-      - TZ=${TIMEZONE}
-      - JWT_ENABLED=true
-      - JWT_HEADER=AuthorizationJwt
-      - JWT_SECRET=${ONLYOFFICE_SECRET}
-    volumes:
-      - nextcloud_aio_onlyoffice:/var/lib/onlyoffice:rw
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-imaginary:
-    container_name: nextcloud-aio-imaginary
-    image: nextcloud/aio-imaginary:latest-arm64
-    environment:
-      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-fulltextsearch:
-    container_name: nextcloud-aio-fulltextsearch
-    image: nextcloud/aio-fulltextsearch:latest-arm64
-    environment:
-      - TZ=${TIMEZONE}
-      - discovery.type=single-node
-      - ES_JAVA_OPTS=-Xms1024M -Xmx1024M
-    volumes:
-      - nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
-
-volumes:
-  nextcloud_aio_apache:
-    name: nextcloud_aio_apache
-  nextcloud_aio_database:
-    name: nextcloud_aio_database
-  nextcloud_aio_database_dump:
-    name: nextcloud_aio_database_dump
-  nextcloud_aio_elasticsearch:
-    name: nextcloud_aio_elasticsearch
-  nextcloud_aio_nextcloud:
-    name: nextcloud_aio_nextcloud
-  nextcloud_aio_onlyoffice:
-    name: nextcloud_aio_onlyoffice
-  nextcloud_aio_nextcloud_data:
-    name: nextcloud_aio_nextcloud_data
-
-networks:
-  nextcloud-aio:
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -2,15 +2,14 @@ version: "3.8"

 services:
  nextcloud-aio-apache:
-    container_name: nextcloud-aio-apache
    depends_on:
      - nextcloud-aio-onlyoffice
      - nextcloud-aio-collabora
      - nextcloud-aio-talk
      - nextcloud-aio-nextcloud
-    image: nextcloud/aio-apache:latest
+    image: nextcloud/aio-apache:${IMAGE_TAG}
    ports:
-      - ${APACHE_PORT}:${APACHE_PORT}/tcp
+      - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/tcp
    environment:
      - NC_DOMAIN=${NC_DOMAIN}
      - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
@@ -24,14 +23,12 @@ services:
    volumes:
      - nextcloud_aio_nextcloud:/var/www/html:ro
      - nextcloud_aio_apache:/mnt/data:rw
-    stop_grace_period: 10s
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-database:
-    container_name: nextcloud-aio-database
-    image: nextcloud/aio-postgresql:latest
+    image: nextcloud/aio-postgresql:${IMAGE_TAG}
    volumes:
      - nextcloud_aio_database:/var/lib/postgresql/data:rw
      - nextcloud_aio_database_dump:/mnt/data:rw
@@ -45,21 +42,20 @@ services:
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-nextcloud:
-    container_name: nextcloud-aio-nextcloud
    depends_on:
      - nextcloud-aio-database
      - nextcloud-aio-redis
      - nextcloud-aio-clamav
      - nextcloud-aio-fulltextsearch
      - nextcloud-aio-imaginary
-    image: nextcloud/aio-nextcloud:latest
+    image: nextcloud/aio-nextcloud:${IMAGE_TAG}
    volumes:
      - nextcloud_aio_nextcloud:/var/www/html:rw
      - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
      - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
-      - ${TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
+      - ${NEXTCLOUD_TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
    environment:
      - POSTGRES_HOST=nextcloud-aio-database
      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
@@ -92,42 +88,46 @@ services:
      - IMAGINARY_ENABLED=${IMAGINARY_ENABLED}
      - IMAGINARY_HOST=nextcloud-aio-imaginary
      - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
+      - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT}
      - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED}
      - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
      - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
-      - TRUSTED_CACERTS_DIR=${TRUSTED_CACERTS_DIR}
-    stop_grace_period: 10s
+      - TRUSTED_CACERTS_DIR=${NEXTCLOUD_TRUSTED_CACERTS_DIR}
+      - STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
+      - ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS}
+      - ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS}
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-redis:
-    container_name: nextcloud-aio-redis
-    image: nextcloud/aio-redis:latest
+    image: nextcloud/aio-redis:${IMAGE_TAG}
    environment:
      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
+    volumes:
+      - nextcloud_aio_redis:/data:rw
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-collabora:
-    container_name: nextcloud-aio-collabora
-    image: nextcloud/aio-collabora:latest
+    profiles: ["collabora"]
+    image: nextcloud/aio-collabora:${IMAGE_TAG}
    environment:
      - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY}
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY} --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json
      - dictionaries=${COLLABORA_DICTIONARIES}
      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
+    volumes:
+      - nextcloud_aio_collabora_fonts:/opt/cool/systemplate/tmpfonts:rw
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-talk:
-    container_name: nextcloud-aio-talk
-    image: nextcloud/aio-talk:latest
+    profiles: ["talk"]
+    image: nextcloud/aio-talk:${IMAGE_TAG}
    ports:
      - ${TALK_PORT}:${TALK_PORT}/tcp
      - ${TALK_PORT}:${TALK_PORT}/udp
@@ -138,26 +138,25 @@ services:
      - JANUS_API_KEY=${JANUS_API_KEY}
      - TZ=${TIMEZONE}
      - TALK_PORT=${TALK_PORT}
-    stop_grace_period: 10s
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-clamav:
-    container_name: nextcloud-aio-clamav
-    image: nextcloud/aio-clamav:latest
+    profiles: ["clamav"]
+    image: nextcloud/aio-clamav:${IMAGE_TAG}
    environment:
      - TZ=${TIMEZONE}
+      - CLAMD_STARTUP_TIMEOUT=90
    volumes:
      - nextcloud_aio_clamav:/var/lib/clamav:rw
-    stop_grace_period: 10s
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-onlyoffice:
-    container_name: nextcloud-aio-onlyoffice
-    image: nextcloud/aio-onlyoffice:latest
+    profiles: ["onlyoffice"]
+    image: nextcloud/aio-onlyoffice:${IMAGE_TAG}
    environment:
      - TZ=${TIMEZONE}
      - JWT_ENABLED=true
@@ -165,31 +164,28 @@ services:
      - JWT_SECRET=${ONLYOFFICE_SECRET}
    volumes:
      - nextcloud_aio_onlyoffice:/var/lib/onlyoffice:rw
-    stop_grace_period: 10s
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-imaginary:
-    container_name: nextcloud-aio-imaginary
-    image: nextcloud/aio-imaginary:latest
+    profiles: ["imaginary"]
+    image: nextcloud/aio-imaginary:${IMAGE_TAG}
    environment:
      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-fulltextsearch:
-    container_name: nextcloud-aio-fulltextsearch
-    image: nextcloud/aio-fulltextsearch:latest
+    profiles: ["fulltextsearch"]
+    image: nextcloud/aio-fulltextsearch:${IMAGE_TAG}
    environment:
      - TZ=${TIMEZONE}
      - discovery.type=single-node
      - ES_JAVA_OPTS=-Xms1024M -Xmx1024M
    volumes:
      - nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
-    stop_grace_period: 10s
    restart: unless-stopped
    networks:
      - nextcloud-aio
@@ -199,6 +195,8 @@ volumes:
    name: nextcloud_aio_apache
  nextcloud_aio_clamav:
    name: nextcloud_aio_clamav
+  nextcloud_aio_collabora_fonts:
+    name: nextcloud_aio_collabora_fonts
  nextcloud_aio_database:
    name: nextcloud_aio_database
  nextcloud_aio_database_dump:
@@ -209,6 +207,8 @@ volumes:
    name: nextcloud_aio_nextcloud
  nextcloud_aio_onlyoffice:
    name: nextcloud_aio_onlyoffice
+  nextcloud_aio_redis:
+    name: nextcloud_aio_redis
  nextcloud_aio_nextcloud_data:
    name: nextcloud_aio_nextcloud_data

--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -5,12 +5,14 @@ You can run the containers that are build for AIO with docker-compose. This come
 ### Advantages
 - You can run it without a container having access to the docker socket
 - You can modify all values on your own
+- You can run the containers with docker swarm

 ### Disadvantages
 - You lose the AIO interface
 - You lose update notifications and automatic updates
 - You lose all AIO backup and restore features
 - You need to know what you are doing, especially when modifying the docker-compose file
+- For updating, you need to strictly follow the at the bottom described update routine
 - Probably more

 ## How to use this?
@@ -19,20 +21,26 @@ First, install docker and docker-compose if not already done. Then simply run th
 git clone https://github.com/nextcloud/all-in-one.git
 cd all-in-one/manual-install
 ```
-Then copy the sample.conf to a new file, e.g. `cp sample.conf my.conf`, open the new conf file, e.g. with `nano my.conf`, edit all values that are marked with `# TODO!`, close and save the file.
+Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file.  For arm64 support use `IMAGE_TAG=latest-arm64` (Note: there is no clamav image for arm64).

-Now copy the provided yaml file to a docker-compose file by running on x64 `cp latest.yml docker-compose.yml` and on arm64 `cp latest-arm64.yml docker-compose.yml`.
+Now copy the provided yaml file to a docker-compose file by running `cp latest.yml docker-compose.yml`.

-Now you should be ready to go with `sudo docker-compose --env-file my.conf up`.
+Now you should be ready to go with `sudo docker-compose up`.
+
+## Docker profiles
+The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, onlyoffice, talk, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`.
+
+For a complete all-in-one with collabora use `sudo docker-compose --profile collabora --profile talk --profile clamav --profile imaginary --profile fulltextsearch up`.

 ## How to update?
 Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers.
-1. Run `sudo docker-compose --env-file my.conf down` to stop all running containers
+1. If your previous copy of `sample.conf` is named `my.conf`, run `mv my.conf .env` in order to rename the file to `.env`.
+1. Run `sudo docker-compose down` to stop all running containers
 1. Back up all important files and folders
 1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `docker-compose.yml` file up-to-date with the updated one from the repository. You can use `diff docker-compose.yml latest.yml` on x64 and `diff docker-compose.yml latest-arm64.yml` on arm64 for comparing.
 1. Also have a look at the `sample.conf` if any variable was added or renamed and add that to your conf file as well. Here may help the diff command as well.
-1. After the file update was successful, simply run `sudo docker-compose --env-file my.conf pull` to pull the new images.
-1. At the end run `sudo docker-compose --env-file my.conf up` in order to start and update the containers with the new configuration.
+1. After the file update was successful, simply run `sudo docker-compose pull` to pull the new images.
+1. At the end run `sudo docker-compose up` in order to start and update the containers with the new configuration.

 ## FAQ
 ### Backup and restore?
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -1,9 +1,11 @@
+IMAGE_TAG=latest          # Version of docker images, should be latest or latest-arm64. Note: latest-arm64 has no clamav support
 AIO_TOKEN=123456          # Has no function but needs to be set!
 AIO_URL=localhost          # Has no function but needs to be set!
+APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a reverse proxy and if that is running on the same host and using localhost to connect
 APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.
-CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
-COLLABORA_DICTIONARIES=de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
+CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support
+COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora
 COLLABORA_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
 COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
 DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
@@ -11,10 +13,15 @@ FULLTEXTSEARCH_ENABLED=no          # Setting this to "yes" enables the option in
 IMAGINARY_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
 JANUS_API_KEY=          # TODO! This needs to be a unique and good password!
 NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
+NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
+NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
 NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!
 NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container
+NEXTCLOUD_MEMORY_LIMIT=512M          # This allows to change the PHP memory limit of the Nextcloud container
 NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
 NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
+NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
+NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container
 ONLYOFFICE_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
 ONLYOFFICE_SECRET=          # TODO! This needs to be a unique and good password!
@@ -23,6 +30,5 @@ SIGNALING_SECRET=          # TODO! This needs to be a unique and good password!
 TALK_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
 TALK_PORT=3478          # This allows to adjust the port that the talk container is using.
 TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.
-TRUSTED_CACERTS_DIR=/path/to/my/cacerts          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 TURN_SECRET=          # TODO! This needs to be a unique and good password!
 UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -1,15 +1,21 @@
 #!/bin/bash

 jq -c . ./php/containers.json > /tmp/containers.json
-sed -i 's|","location":"|:|g' /tmp/containers.json
+sed -i 's|aio_services_v1|services|g' /tmp/containers.json
+sed -i 's|","destination":"|:|g' /tmp/containers.json
 sed -i 's|","writeable":false|:ro"|g' /tmp/containers.json
 sed -i 's|","writeable":true|:rw"|g' /tmp/containers.json
+sed -i 's|","port_number":"|:|g' /tmp/containers.json
+sed -i 's|","protocol":"|/|g' /tmp/containers.json
+sed -i 's|"ip_binding":":|"ip_binding":"|g' /tmp/containers.json
+cat /tmp/containers.json
 OUTPUT="$(cat /tmp/containers.json)"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[].internalPorts)')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[].secrets)')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.identifier == "nextcloud-aio-watchtower"))')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.identifier == "nextcloud-aio-domaincheck"))')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.identifier == "nextcloud-aio-borgbackup"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internal_port)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].secrets)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].devices)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"

 snap install yq
 mkdir -p ./manual-install
@@ -17,24 +23,18 @@ echo "$OUTPUT" | yq -P > ./manual-install/containers.yml

 cd manual-install || exit
 sed -i "s|'||g" containers.yml
-sed -i 's|production:|services:|' containers.yml
-sed -i 's|- identifier:|  container_name:|' containers.yml
-sed -i 's|restartPolicy:|restart:|' containers.yml
-sed -i 's|environmentVariables:|environment:|' containers.yml
-sed -i '/displayName:/d' containers.yml
-sed -i 's|maxShutdownTime:|stop_grace_period:|' containers.yml
+sed -i '/display_name:/d' containers.yml
 sed -i '/stop_grace_period:/s/$/s/' containers.yml
-sed -i 's|containerName:|image:|' containers.yml
 sed -i '/: \[\]/d' containers.yml
-sed -i 's|dependsOn:|depends_on:|' containers.yml
-sed -i 's|- name: |- |' containers.yml
+sed -i 's|- source: |- |' containers.yml
+sed -i 's|- ip_binding: |- |' containers.yml

 TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)"
 mapfile -t TCP <<< "$TCP"
 for port in "${TCP[@]}" 
 do
    solve_port="${port%%/tcp}"
-    sed -i "s|$port|$solve_port:$solve_port/tcp|" containers.yml
+    sed -i "s|$solve_port/tcp|$solve_port:$solve_port/tcp|" containers.yml
 done

 UDP="$(grep -oP '[%A-Z0-9_]+/udp' containers.yml | sort -u)"
@@ -42,10 +42,11 @@ mapfile -t UDP <<< "$UDP"
 for port in "${UDP[@]}"
 do
    solve_port="${port%%/udp}"
-    sed -i "s|$port|$solve_port:$solve_port/udp|" containers.yml
+    sed -i "s|$solve_port/udp|$solve_port:$solve_port/udp|" containers.yml
 done

 rm -f sample.conf
+echo 'IMAGE_TAG=latest          # Version of docker images, should be latest or latest-arm64. Note: latest-arm64 has no clamav support' >> sample.conf
 VARIABLES="$(grep -oP '%[A-Z_a-z0-6]+%' containers.yml | sort -u)"
 mapfile -t VARIABLES <<< "$VARIABLES"
 for variable in "${VARIABLES[@]}"
@@ -57,9 +58,10 @@ do
 done

 sed -i 's|_ENABLED=|_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.|' sample.conf
+sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support|' sample.conf
 sed -i 's|TALK_ENABLED=no|TALK_ENABLED=yes|' sample.conf
 sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED=yes|' sample.conf
-sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES=de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora|' sample.conf
+sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora|' sample.conf
 sed -i 's|NEXTCLOUD_DATADIR=|NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!|' sample.conf
 sed -i 's|NEXTCLOUD_MOUNT=|NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!|' sample.conf
 sed -i 's|NEXTCLOUD_UPLOAD_LIMIT=|NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container|' sample.conf
@@ -69,6 +71,7 @@ sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to
 sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
 sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
 sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.|' sample.conf
+sed -i 's|APACHE_IP_BINDING=|APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a reverse proxy and if that is running on the same host and using localhost to connect|' sample.conf
 sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf
 sed -i 's|AIO_TOKEN=|AIO_TOKEN=123456          # Has no function but needs to be set!|' sample.conf
 sed -i 's|AIO_URL=|AIO_URL=localhost          # Has no function but needs to be set!|' sample.conf
@@ -76,7 +79,7 @@ sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be chang
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
-sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
+sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
@@ -92,6 +95,11 @@ do
    if [ "$name" != "nextcloud-aio-apache" ]; then
        OUTPUT="$(echo "$OUTPUT" | sed "/  $name:/i\ ")"
    fi
+    if ! echo "$name" | grep "apache$" && ! echo "$name" | grep "database$" && ! echo "$name" | grep "nextcloud$" && ! echo "$name" | grep "redis$"; then
+        sed -i '/container_name/d' containers.yml
+        SLIM_NAME="${name##nextcloud-aio-}"
+        OUTPUT="$(echo "$OUTPUT" | sed "/container_name: $name$/a\ \ \ \ profiles:\ \[\"$SLIM_NAME\"\]")"
+    fi
 done

 OUTPUT="$(echo "$OUTPUT" | sed "/restart: /a\ \ \ \ networks:\n\ \ \ \ \ \ - nextcloud-aio")"
@@ -101,6 +109,9 @@ echo "" >> containers.yml

 echo "$OUTPUT" >> containers.yml

+sed -i '/container_name/d' containers.yml
+sed -i 's|^ $||' containers.yml
+
 VOLUMES="$(grep -oP 'nextcloud_aio_[a-z_]+' containers.yml | sort -u)"
 mapfile -t VOLUMES <<< "$VOLUMES"
 echo "" >> containers.yml
@@ -120,12 +131,6 @@ networks:
 NETWORK

 cat containers.yml > latest.yml
-sed -i '/image:/s/$/:latest/' latest.yml
-
-cat containers.yml > latest-arm64.yml
-sed -i '/image:/s/$/:latest-arm64/' latest-arm64.yml
-sed -i '/  nextcloud-aio-clamav:/,/^ $/d' latest-arm64.yml
-sed -i '/nextcloud[-_]aio[-_]clamav/d' latest-arm64.yml
-sed -i '/CLAMAV_ENABLED/d' latest-arm64.yml
+sed -i "/image:/s/$/:\${IMAGE_TAG}/" latest.yml

 rm containers.yml
--- a/migration.md
+++ b/migration.md
@@ -3,7 +3,7 @@
 There are basically three ways how to migrate from an already existing Nextcloud installation to Nextcloud AIO:

 1. Migrate only the files which is the easiest way
-1. Migrate the files and the database which is much more complicated
+1. Migrate the files and the database which is much more complicated (and doesn't work on former snap installations)
 1. Use the user_migration app that allows to migrate some of the user's data from a former instance to a new instance but needs to be done manually for each user

 ## Migrate only the files 
@@ -20,7 +20,7 @@ The procedure for migrating only the files works like this:
 1. Run `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan-app-data && sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all` in order to scan all files in the datadirectory.

 ## Migrate the files and the database
-**Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned!
+**Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned! Also, this will not work on former snap installations as the snap is read-only and thus you cannot install the necessary `pdo_pgsql` PHP extension.

 The procedure for migrating the files and the database works like this:
 1. Make sure that your old instance is on exactly the same version like the version used in Nextcloud AIO. (e.g. 23.0.0) You can find the used version here: [click here](https://github.com/nextcloud/all-in-one/search?l=Dockerfile&q=NEXTCLOUD_VERSION&type=). If not, simply upgrade your former installation to that version or wait until the version used in Nextcloud AIO got updated to the same version of your former installation or the other way around.
@@ -44,8 +44,8 @@ The procedure for migrating the files and the database works like this:
        ```
        occ db:convert-type --all-apps --password "$PG_PASSWORD" pgsql "$PG_USER" 127.0.0.1 "$PG_DATABASE"
        ```
-        **Please note:** You might need to change the ip-address `127.0.0.1` based on your exact installation.<br>
-        Further information on the conversion is additionally available here: https://docs.nextcloud.com/server/stable/admin_manual/configuration_database/db_conversion.html#converting-database-type
+        **Please note:** You might need to change the ip-address `127.0.0.1` and adjust the occ command (`occ`) based on your exact installation. Further information on the conversion is additionally available here: https://docs.nextcloud.com/server/stable/admin_manual/configuration_database/db_conversion.html#converting-database-type<br>
+        **Troubleshooting:** If you get an error that it could not find a driver for the conversion, you most likely need to install the PHP extension `pdo_pgsql`.
    1. Hopefully does the conversion finish successfully. If not, simply restore your old Nextcloud installation from backup. If yes, you should now log in to your Nextcloud and test if everything works and if all data has been converted successfully.
    1. If everything works as expected, feel free to continue with the steps below.
 1. Now, run a pg_dump to get an export of your current database. Something like the following command should work:
@@ -64,7 +64,8 @@ The procedure for migrating the files and the database works like this:
    1. Type in `local::/your/old/datadir/` which should bring up the exact line where you need to modify the path to use the one used in Nextcloud AIO, instead.
    1. Change it to look like this: `local::/mnt/ncdata/`.
    1. Now save the file by pressing `[CTRL] + [o]` then `[ENTER]` and close nano by pressing `[CTRL] + [x]`
-    1. In order to make sure that everything is good, you can now run `grep "/your/old/datadir" database-dump.sql` which should not bring up further results.
+    1. In order to make sure that everything is good, you can now run `grep "/your/old/datadir" database-dump.sql` which should not bring up further results.<br>
+    1. **Please note:** Unfortunately it is not possible to import a database dump from a former database owner with the name `nextcloud`. You can check if that is the case with this command: `grep "Name: oc_appconfig; Type: TABLE; Schema: public; Owner:" database-dump.sql | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g'`. If it returns `nextcloud`, you need to rename the owner in the dump file manually. A command like the following should work, however please note that it is possible that it will overwrite wrong lines. You can thus first check which lines it will change with `grep "Owner: nextcloud$" database-dump.sql`. If only correct  looking lines get returned, feel free to change them with `sed -i 's|Owner: nextcloud$|Owner: ncadmin|' database-dump.sql`. 
 1. Next, copy the database dump into the correct place and prepare the database container which will import from the database dump automatically the next container start: 
    ```
    sudo rm /var/lib/docker/volumes/nextcloud_aio_database_dump/_data/database-dump.sql
--- a/php/composer.json
+++ b/php/composer.json
@@ -5,7 +5,7 @@
        }
    },
    "require": {
-        "php": "^8.0",
+        "php": "^8.1",
        "ext-json": "*",
        "ext-sodium": "*",
        "ext-curl": "*",
@@ -22,6 +22,6 @@
 		"psalm": "psalm --threads=1",
 		"psalm:update-baseline": "psalm --threads=1 --update-baseline",
 		"lint": "find . -name \\*.php -not -path './vendor/*' -exec php -l {} \\;",
-		"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.0 \\;"
+		"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.1 \\;"
 	}
 }
--- a/php/composer.lock
+++ b/php/composer.lock
@@ -4,7 +4,7 @@
        "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
        "This file is @generated automatically"
    ],
-    "content-hash": "46e4dcf2df4e1a85aba17d664cacd815",
+    "content-hash": "7a318338d9e074d6f02e1fba5b3dda24",
    "packages": [
        {
            "name": "guzzlehttp/guzzle",
@@ -1375,25 +1375,25 @@
        },
        {
            "name": "symfony/deprecation-contracts",
-            "version": "v3.0.2",
+            "version": "v3.2.0",
            "source": {
                "type": "git",
                "url": "https://github.com/symfony/deprecation-contracts.git",
-                "reference": "26954b3d62a6c5fd0ea8a2a00c0353a14978d05c"
+                "reference": "1ee04c65529dea5d8744774d474e7cbd2f1206d3"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/26954b3d62a6c5fd0ea8a2a00c0353a14978d05c",
-                "reference": "26954b3d62a6c5fd0ea8a2a00c0353a14978d05c",
+                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/1ee04c65529dea5d8744774d474e7cbd2f1206d3",
+                "reference": "1ee04c65529dea5d8744774d474e7cbd2f1206d3",
                "shasum": ""
            },
            "require": {
-                "php": ">=8.0.2"
+                "php": ">=8.1"
            },
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-main": "3.0-dev"
+                    "dev-main": "3.3-dev"
                },
                "thanks": {
                    "name": "symfony/contracts",
@@ -1422,7 +1422,7 @@
            "description": "A generic function and convention to trigger deprecation notices",
            "homepage": "https://symfony.com",
            "support": {
-                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.0.2"
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.2.0"
            },
            "funding": [
                {
@@ -1438,7 +1438,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2022-01-02T09:55:41+00:00"
+            "time": "2022-11-25T10:21:52+00:00"
        },
        {
            "name": "symfony/polyfill-ctype",
@@ -1686,16 +1686,16 @@
        },
        {
            "name": "twig/twig",
-            "version": "v3.4.3",
+            "version": "v3.5.0",
            "source": {
                "type": "git",
                "url": "https://github.com/twigphp/Twig.git",
-                "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58"
+                "reference": "3ffcf4b7d890770466da3b2666f82ac054e7ec72"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/c38fd6b0b7f370c198db91ffd02e23b517426b58",
-                "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/3ffcf4b7d890770466da3b2666f82ac054e7ec72",
+                "reference": "3ffcf4b7d890770466da3b2666f82ac054e7ec72",
                "shasum": ""
            },
            "require": {
@@ -1710,7 +1710,7 @@
            "type": "library",
            "extra": {
                "branch-alias": {
-                    "dev-master": "3.4-dev"
+                    "dev-master": "3.5-dev"
                }
            },
            "autoload": {
@@ -1746,7 +1746,7 @@
            ],
            "support": {
                "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.4.3"
+                "source": "https://github.com/twigphp/Twig/tree/v3.5.0"
            },
            "funding": [
                {
@@ -1758,7 +1758,7 @@
                    "type": "tidelift"
                }
            ],
-            "time": "2022-09-28T08:42:51+00:00"
+            "time": "2022-12-27T12:28:18+00:00"
        }
    ],
    "packages-dev": [],
@@ -1768,7 +1768,7 @@
    "prefer-stable": false,
    "prefer-lowest": false,
    "platform": {
-        "php": "^8.0",
+        "php": "^8.1",
        "ext-json": "*",
        "ext-sodium": "*",
        "ext-curl": "*",
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -1,57 +1,77 @@
 {
 	"type": "object",
 	"description": "AIO containers definition schema",
-	"additionalProperties": false,
 	"minProperties": 1,
+	"required": ["aio_services_v1"],
 	"properties": {
-		"production": {
+		"aio_services_v1": {
 			"type": "array",
 			"items": {
 				"type": "object",
 				"additionalProperties": false,
-				"minProperties": 11,
+				"minProperties": 2,
+				"required": ["image", "container_name"],
 				"properties": {
-					"containerName": {
+					"image": {
 						"type": "string"
 					},
-					"dependsOn": {
+					"depends_on": {
 						"type": "array",
 						"items": {
 							"type": "string"
 						}
 					},
-					"displayName": {
+					"display_name": {
 						"type": "string"
 					},
-					"environmentVariables": {
+					"environment": {
 						"type": "array",
 						"items": {
 							"type": "string"
 						}
 					},
-					"identifier": {
+					"container_name": {
 						"type": "string"
 					},
-					"internalPorts": {
-						"type": "array",
-						"items": {
-							"type": "string"
-						}
+					"internal_port": {
+						"type": "string"
 					},
-					"maxShutdownTime": {
+					"stop_grace_period": {
 						"type": "integer"
 					},
 					"ports": {
 						"type": "array",
 						"items": {
-							"type": "string"
+							"type": "object",
+							"additionalProperties": false,
+							"minProperties": 3,
+							"properties": {
+								"ip_binding": {
+									"type": "string"
+								},
+								"port_number": {
+									"type": "string"
+								},
+								"protocol": {
+									"type": "string"
+								}
+							}
 						}
 					},
-					"restartPolicy": {
+					"restart": {
 						"type": "string"
 					},
 					"secrets": {
-						"type": "array"
+						"type": "array",
+						"items": {
+							"type": "string"
+						}
+					},
+					"devices": {
+						"type": "array",
+						"items": {
+							"type": "string"
+						}
 					},
 					"volumes": {
 						"type": "array",
@@ -60,10 +80,10 @@
 							"additionalProperties": false,
 							"minProperties": 3,
 							"properties": {
-								"location": {
+								"destination": {
 									"type": "string"
 								},
-								"name": {
+								"source": {
 									"type": "string"
 								},
 								"writeable": {
--- a/php/containers.json
+++ b/php/containers.json
@@ -1,23 +1,24 @@
 {
-  "production": [
+  "aio_services_v1": [
    {
-      "identifier": "nextcloud-aio-apache",
-      "dependsOn": [
+      "container_name": "nextcloud-aio-apache",
+      "depends_on": [
        "nextcloud-aio-onlyoffice",
        "nextcloud-aio-collabora",
        "nextcloud-aio-talk",
        "nextcloud-aio-nextcloud"
      ],
-      "displayName": "Apache",
-      "containerName": "nextcloud/aio-apache",
+      "display_name": "Apache",
+      "image": "nextcloud/aio-apache",
      "ports": [
-        "%APACHE_PORT%/tcp"
+        {
+          "ip_binding": "%APACHE_IP_BINDING%",
+          "port_number": "%APACHE_PORT%",
+          "protocol": "tcp"
+        }
      ],
-      "internalPorts": [
-        "%APACHE_PORT%"
-      ],
-      "secrets": [],
-      "environmentVariables": [
+      "internal_port": "%APACHE_PORT%",
+      "environment": [
        "NC_DOMAIN=%NC_DOMAIN%",
        "NEXTCLOUD_HOST=nextcloud-aio-nextcloud",
        "COLLABORA_HOST=nextcloud-aio-collabora",
@@ -30,68 +31,60 @@
      ],
      "volumes": [
        {
-          "name": "nextcloud_aio_nextcloud",
-          "location": "/var/www/html",
+          "source": "nextcloud_aio_nextcloud",
+          "destination": "/var/www/html",
          "writeable": false
        },
        {
-          "name": "nextcloud_aio_apache",
-          "location": "/mnt/data",
+          "source": "nextcloud_aio_apache",
+          "destination": "/mnt/data",
          "writeable": true
        }
      ],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
    },
    {
-      "identifier": "nextcloud-aio-database",
-      "dependsOn": [],
-      "displayName": "Database",
-      "containerName": "nextcloud/aio-postgresql",
-      "ports": [],
-      "internalPorts": [
-        "5432"
-      ],
+      "container_name": "nextcloud-aio-database",
+      "display_name": "Database",
+      "image": "nextcloud/aio-postgresql",
+      "internal_port": "5432",
      "secrets": [
        "DATABASE_PASSWORD"
      ],
      "volumes": [
        {
-          "name": "nextcloud_aio_database",
-          "location": "/var/lib/postgresql/data",
+          "source": "nextcloud_aio_database",
+          "destination": "/var/lib/postgresql/data",
          "writeable": true
        },
        {
-          "name": "nextcloud_aio_database_dump",
-          "location": "/mnt/data",
+          "source": "nextcloud_aio_database_dump",
+          "destination": "/mnt/data",
          "writeable": true
        }
      ],
-      "environmentVariables": [
+      "environment": [
        "POSTGRES_PASSWORD=%DATABASE_PASSWORD%",
        "POSTGRES_DB=nextcloud_database",
        "POSTGRES_USER=nextcloud",
        "TZ=%TIMEZONE%",
        "PGTZ=%TIMEZONE%"
      ],
-      "maxShutdownTime": 1800,
-      "restartPolicy": "unless-stopped"
+      "stop_grace_period": 1800,
+      "restart": "unless-stopped"
    },
    {
-      "identifier": "nextcloud-aio-nextcloud",
-      "dependsOn": [
+      "container_name": "nextcloud-aio-nextcloud",
+      "depends_on": [
        "nextcloud-aio-database",
        "nextcloud-aio-redis",
        "nextcloud-aio-clamav",
        "nextcloud-aio-fulltextsearch",
        "nextcloud-aio-imaginary"
      ],
-      "displayName": "Nextcloud",
-      "containerName": "nextcloud/aio-nextcloud",
-      "ports": [],
-      "internalPorts": [
-        "9000"
-      ],
+      "display_name": "Nextcloud",
+      "image": "nextcloud/aio-nextcloud",
+      "internal_port": "9000",
      "secrets": [
        "DATABASE_PASSWORD",
        "REDIS_PASSWORD",
@@ -101,27 +94,27 @@
      ],
      "volumes": [
        {
-          "name": "nextcloud_aio_nextcloud",
-          "location": "/var/www/html",
+          "source": "nextcloud_aio_nextcloud",
+          "destination": "/var/www/html",
          "writeable": true
        },
        {
-          "name": "%NEXTCLOUD_DATADIR%",
-          "location": "/mnt/ncdata",
+          "source": "%NEXTCLOUD_DATADIR%",
+          "destination": "/mnt/ncdata",
          "writeable": true
        },
        {
-          "name": "%NEXTCLOUD_MOUNT%",
-          "location": "%NEXTCLOUD_MOUNT%",
+          "source": "%NEXTCLOUD_MOUNT%",
+          "destination": "%NEXTCLOUD_MOUNT%",
          "writeable": true
        },
        {
-          "name": "%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
-          "location": "/usr/local/share/ca-certificates",
+          "source": "%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
+          "destination": "/usr/local/share/ca-certificates",
          "writeable": false
        }
      ],
-      "environmentVariables": [
+      "environment": [
        "POSTGRES_HOST=nextcloud-aio-database",
        "POSTGRES_PASSWORD=%DATABASE_PASSWORD%",
        "POSTGRES_DB=nextcloud_database",
@@ -162,63 +155,71 @@
        "ADDITIONAL_APKS=%NEXTCLOUD_ADDITIONAL_APKS%",
        "ADDITIONAL_PHP_EXTENSIONS=%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%"
      ],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped",
+      "devices": [
+        "/dev/dri"
+      ]
    },
    {
-      "identifier": "nextcloud-aio-redis",
-      "dependsOn": [],
-      "displayName": "Redis",
-      "containerName": "nextcloud/aio-redis",
-      "ports": [],
-      "internalPorts": [
-        "6379"
-      ],
-      "environmentVariables": [
+      "container_name": "nextcloud-aio-redis",
+      "display_name": "Redis",
+      "image": "nextcloud/aio-redis",
+      "internal_port": "6379",
+      "environment": [
        "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
        "TZ=%TIMEZONE%"
      ],
-      "volumes": [],
+      "volumes": [
+        {
+          "source": "nextcloud_aio_redis",
+          "destination": "/data",
+          "writeable": true
+        }
+      ],
      "secrets": [
        "REDIS_PASSWORD",
        "ONLYOFFICE_SECRET"
      ],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
    },
    {
-      "identifier": "nextcloud-aio-collabora",
-      "dependsOn": [],
-      "displayName": "Collabora",
-      "containerName": "nextcloud/aio-collabora",
-      "ports": [],
-      "internalPorts": [
-        "9980"
-      ],
-      "environmentVariables": [
+      "container_name": "nextcloud-aio-collabora",
+      "display_name": "Collabora",
+      "image": "nextcloud/aio-collabora",
+      "internal_port": "9980",
+      "environment": [
        "aliasgroup1=https://%NC_DOMAIN%:443",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY%",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json",
        "dictionaries=%COLLABORA_DICTIONARIES%",
        "TZ=%TIMEZONE%"
      ],
-      "volumes": [],
-      "secrets": [],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "volumes": [
+        {
+          "source": "nextcloud_aio_collabora_fonts",
+          "destination": "/opt/cool/systemplate/tmpfonts",
+          "writeable": true
+        }
+      ],
+      "restart": "unless-stopped"
    },
    {
-      "identifier": "nextcloud-aio-talk",
-      "dependsOn": [],
-      "displayName": "Talk",
-      "containerName": "nextcloud/aio-talk",
+      "container_name": "nextcloud-aio-talk",
+      "display_name": "Talk",
+      "image": "nextcloud/aio-talk",
      "ports": [
-        "%TALK_PORT%/tcp",
-        "%TALK_PORT%/udp"
+        {
+          "ip_binding": "",
+          "port_number": "%TALK_PORT%",
+          "protocol": "tcp"
+        },
+        {
+          "ip_binding": "",
+          "port_number": "%TALK_PORT%",
+          "protocol": "udp"
+        }
      ],
-      "internalPorts": [
-        "%TALK_PORT%"
-      ],
-      "environmentVariables": [
+      "internal_port": "%TALK_PORT%",
+      "environment": [
        "NC_DOMAIN=%NC_DOMAIN%",
        "TURN_SECRET=%TURN_SECRET%",
        "SIGNALING_SECRET=%SIGNALING_SECRET%",
@@ -226,23 +227,17 @@
        "TZ=%TIMEZONE%",
        "TALK_PORT=%TALK_PORT%"
      ],
-      "volumes": [],
      "secrets": [
        "TURN_SECRET",
        "SIGNALING_SECRET",
        "JANUS_API_KEY"
      ],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
    },
    {
-      "identifier": "nextcloud-aio-borgbackup",
-      "dependsOn": [],
-      "displayName": "Borgbackup",
-      "containerName": "nextcloud/aio-borgbackup",
-      "ports": [],
-      "internalPorts": [],
-      "environmentVariables": [
+      "container_name": "nextcloud-aio-borgbackup",
+      "image": "nextcloud/aio-borgbackup",
+      "environment": [
        "BORG_PASSWORD=%BORGBACKUP_PASSWORD%",
        "BORG_MODE=%BORGBACKUP_MODE%",
        "SELECTED_RESTORE_TIME=%SELECTED_RESTORE_TIME%",
@@ -252,126 +247,120 @@
      ],
      "volumes": [
        {
-          "name": "nextcloud_aio_backup_cache",
-          "location": "/root",
+          "source": "nextcloud_aio_backup_cache",
+          "destination": "/root",
          "writeable": true
        },
        {
-          "name": "nextcloud_aio_nextcloud",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud",
+          "source": "nextcloud_aio_nextcloud",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud",
          "writeable": true
        },
        {
-          "name": "%NEXTCLOUD_DATADIR%",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data",
+          "source": "%NEXTCLOUD_DATADIR%",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data",
          "writeable": true
        },
        {
-          "name": "nextcloud_aio_database",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_database",
+          "source": "nextcloud_aio_database",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_database",
          "writeable": true
        },
        {
-          "name": "nextcloud_aio_database_dump",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_database_dump",
+          "source": "nextcloud_aio_database_dump",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_database_dump",
          "writeable": true
        },
        {
-          "name": "nextcloud_aio_apache",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_apache",
+          "source": "nextcloud_aio_apache",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_apache",
          "writeable": true
        },
        {
-          "name": "nextcloud_aio_mastercontainer",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer",
+          "source": "nextcloud_aio_mastercontainer",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer",
          "writeable": true
        },
        {
-          "name": "%BORGBACKUP_HOST_LOCATION%",
-          "location": "/mnt/borgbackup",
+          "source": "%BORGBACKUP_HOST_LOCATION%",
+          "destination": "/mnt/borgbackup",
+          "writeable": true
+        },
+        {
+          "source": "nextcloud_aio_elasticsearch",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_elasticsearch",
+          "writeable": true
+        },
+        {
+          "source": "nextcloud_aio_redis",
+          "destination": "/mnt/redis",
          "writeable": true
        }
      ],
      "secrets": [
        "BORGBACKUP_PASSWORD"
      ],
-      "maxShutdownTime": 10,
-      "restartPolicy": ""
+      "devices": [
+        "/dev/fuse"
+      ]
    },
    {
-      "identifier": "nextcloud-aio-watchtower",
-      "dependsOn": [],
-      "displayName": "Watchtower",
-      "containerName": "nextcloud/aio-watchtower",
-      "ports": [],
-      "internalPorts": [],
-      "environmentVariables": [
+      "container_name": "nextcloud-aio-watchtower",
+      "image": "nextcloud/aio-watchtower",
+      "environment": [
        "CONTAINER_TO_UPDATE=nextcloud-aio-mastercontainer"
      ],
      "volumes": [
        {
-          "name": "%DOCKER_SOCKET_PATH%",
-          "location": "/var/run/docker.sock",
+          "source": "%DOCKER_SOCKET_PATH%",
+          "destination": "/var/run/docker.sock",
          "writeable": false
        }
-      ],
-      "secrets": [],
-      "maxShutdownTime": 10,
-      "restartPolicy": ""
+      ]
    },
    {
-      "dependsOn": [],
-      "identifier": "nextcloud-aio-domaincheck",
-      "displayName": "Domaincheck",
-      "containerName": "nextcloud/aio-domaincheck",
+      "container_name": "nextcloud-aio-domaincheck",
+      "image": "nextcloud/aio-domaincheck",
      "ports": [
-        "%APACHE_PORT%/tcp"
+        {
+          "ip_binding": "%APACHE_IP_BINDING%",
+          "port_number": "%APACHE_PORT%",
+          "protocol": "tcp"
+        }
      ],
-      "internalPorts": [],
-      "environmentVariables": [
+      "environment": [
        "INSTANCE_ID=%INSTANCE_ID%",
        "APACHE_PORT=%APACHE_PORT%"
      ],
-      "volumes": [],
      "secrets": [
        "INSTANCE_ID"
      ],
-      "maxShutdownTime": 1,
-      "restartPolicy": ""
+      "stop_grace_period": 1
    },
    {
-      "identifier": "nextcloud-aio-clamav",
-      "dependsOn": [],
-      "displayName": "ClamAV",
-      "containerName": "nextcloud/aio-clamav",
-      "ports": [],
-      "internalPorts": [
-        "3310"
-      ],
-      "environmentVariables": [
-        "TZ=%TIMEZONE%"
+      "container_name": "nextcloud-aio-clamav",
+      "display_name": "ClamAV",
+      "image": "nextcloud/aio-clamav",
+      "internal_port": "3310",
+      "environment": [
+        "TZ=%TIMEZONE%",
+        "CLAMD_STARTUP_TIMEOUT=90"
      ],
      "volumes": [
        {
-          "name": "nextcloud_aio_clamav",
-          "location": "/var/lib/clamav",
+          "source": "nextcloud_aio_clamav",
+          "destination": "/var/lib/clamav",
          "writeable": true
        }
      ],
-      "secrets": [],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
    },
    {
-      "identifier": "nextcloud-aio-onlyoffice",
-      "dependsOn": [],
-      "displayName": "OnlyOffice",
-      "containerName": "nextcloud/aio-onlyoffice",
-      "ports": [],
-      "internalPorts": [
-        "80"
-      ],
-      "environmentVariables": [
+      "container_name": "nextcloud-aio-onlyoffice",
+      "display_name": "OnlyOffice",
+      "image": "nextcloud/aio-onlyoffice",
+      "internal_port": "80",
+      "environment": [
        "TZ=%TIMEZONE%",
        "JWT_ENABLED=true",
        "JWT_HEADER=AuthorizationJwt",
@@ -379,58 +368,44 @@
      ],
      "volumes": [
        {
-          "name": "nextcloud_aio_onlyoffice",
-          "location": "/var/lib/onlyoffice",
+          "source": "nextcloud_aio_onlyoffice",
+          "destination": "/var/lib/onlyoffice",
          "writeable": true
        }
      ],
      "secrets": [
        "ONLYOFFICE_SECRET"
      ],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
    },
    {
-      "identifier": "nextcloud-aio-imaginary",
-      "dependsOn": [],
-      "displayName": "Imaginary",
-      "containerName": "nextcloud/aio-imaginary",
-      "ports": [],
-      "internalPorts": [
-        "9000"
-      ],
-      "environmentVariables": [
+      "container_name": "nextcloud-aio-imaginary",
+      "display_name": "Imaginary",
+      "image": "nextcloud/aio-imaginary",
+      "internal_port": "9000",
+      "environment": [
        "TZ=%TIMEZONE%"
      ],
-      "volumes": [],
-      "secrets": [],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
    },
    {
-      "identifier": "nextcloud-aio-fulltextsearch",
-      "dependsOn": [],
-      "displayName": "Fulltextsearch",
-      "containerName": "nextcloud/aio-fulltextsearch",
-      "ports": [],
-      "internalPorts": [
-        "9200"
-      ],
-      "environmentVariables": [
+      "container_name": "nextcloud-aio-fulltextsearch",
+      "display_name": "Fulltextsearch",
+      "image": "nextcloud/aio-fulltextsearch",
+      "internal_port": "9200",
+      "environment": [
        "TZ=%TIMEZONE%",
        "discovery.type=single-node",
        "ES_JAVA_OPTS=-Xms1024M -Xmx1024M"
      ],
      "volumes": [
        {
-          "name": "nextcloud_aio_elasticsearch",
-          "location": "/usr/share/elasticsearch/data",
+          "source": "nextcloud_aio_elasticsearch",
+          "destination": "/usr/share/elasticsearch/data",
          "writeable": true
        }
      ],
-      "secrets": [],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
    }
  ]
 }
--- a/php/psalm-baseline.xml
+++ b/php/psalm-baseline.xml
@@ -1,57 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="4.30.0@d0bc6e25d89f649e4f36a534f330f8bb4643dd69">
-  <file src="public/index.php">
-    <MissingClosureParamType occurrences="10">
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$request</code>
-      <code>$request</code>
-      <code>$request</code>
-      <code>$response</code>
-      <code>$response</code>
-      <code>$response</code>
-    </MissingClosureParamType>
-  </file>
-  <file src="src/Controller/ConfigurationController.php">
-    <MissingParamType occurrences="1">
-      <code>$args</code>
-    </MissingParamType>
-  </file>
-  <file src="src/Controller/DockerController.php">
-    <MissingParamType occurrences="8">
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-    </MissingParamType>
-  </file>
-  <file src="src/Controller/LoginController.php">
-    <MissingParamType occurrences="3">
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-    </MissingParamType>
-  </file>
-  <file src="src/Docker/DockerActionManager.php">
-    <InvalidReturnType occurrences="1">
-      <code>IContainerState</code>
-    </InvalidReturnType>
-    <InvalidScalarArgument occurrences="1">
-      <code>$internalPort</code>
-    </InvalidScalarArgument>
-    <RedundantCondition occurrences="1">
-      <code>$container-&gt;GetInternalPorts() !== null</code>
-    </RedundantCondition>
-  </file>
-  <file src="src/Twig/ClassExtension.php">
-    <MissingParamType occurrences="1">
-      <code>$object</code>
-    </MissingParamType>
-  </file>
-</files>
+<files psalm-version="5.4.0@62db5d4f6a7ae0a20f7cc5a4952d730272fc0863"/>
--- a/php/public/disable-onlyoffice.js
+++ b/php/public/disable-onlyoffice.js
@@ -1,9 +1,7 @@
 document.addEventListener("DOMContentLoaded", function(event) {
    // OnlyOffice
-    try {
-        var onlyoffice = document.getElementById("onlyoffice");
+    var onlyoffice = document.getElementById("onlyoffice");
+    if (onlyoffice) {
        onlyoffice.disabled = true;
-    } catch (error) {
-        // console.error(error);
    }
 });
--- a/php/public/forms.js
+++ b/php/public/forms.js
@@ -19,12 +19,13 @@
    const xhr = e.target;
    if (xhr.status === 201) {
      window.location.replace(xhr.getResponseHeader('Location'));
-    }
-    if (xhr.status === 422) {
+    } else if (xhr.status === 422) {
      showError(xhr.response);
-    }
-    if (xhr.status === 500) {
-      showError("Server error. Please see the logs for details.");
+    } else if (xhr.status === 500) {
+      showError("Server error. Please check the mastercontainer logs for details.");
+    } else {
+      // If the responose is not one of the above, we should reload to show the latest content
+      window.location.reload(1);
    }
  }

--- a/php/public/index.php
+++ b/php/public/index.php
@@ -12,6 +12,8 @@ use Slim\Csrf\Guard;
 use Slim\Factory\AppFactory;
 use Slim\Views\Twig;
 use Slim\Views\TwigMiddleware;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;

 require __DIR__ . '/../vendor/autoload.php';

@@ -55,6 +57,7 @@ $app->get('/api/docker/getwatchtower', AIO\Controller\DockerController::class .
 $app->post('/api/docker/start', AIO\Controller\DockerController::class . ':StartContainer');
 $app->post('/api/docker/backup', AIO\Controller\DockerController::class . ':StartBackupContainerBackup');
 $app->post('/api/docker/backup-check', AIO\Controller\DockerController::class . ':StartBackupContainerCheck');
+$app->post('/api/docker/backup-check-repair', AIO\Controller\DockerController::class . ':StartBackupContainerCheckRepair');
 $app->post('/api/docker/backup-test', AIO\Controller\DockerController::class . ':StartBackupContainerTest');
 $app->post('/api/docker/restore', AIO\Controller\DockerController::class . ':StartBackupContainerRestore');
 $app->post('/api/docker/stop', AIO\Controller\DockerController::class . ':StopContainer');
@@ -65,7 +68,7 @@ $app->post('/api/auth/logout', AIO\Controller\LoginController::class . ':Logout'
 $app->post('/api/configuration', \AIO\Controller\ConfigurationController::class . ':SetConfig');

 // Views
-$app->get('/containers', function ($request, $response, $args) use ($container) {
+$app->get('/containers', function (Request $request, Response $response, array $args) use ($container) {
    $view = Twig::fromRequest($request);
    /** @var \AIO\Data\ConfigurationManager $configurationManager */
    $configurationManager = $container->get(\AIO\Data\ConfigurationManager::class);
@@ -77,9 +80,9 @@ $app->get('/containers', function ($request, $response, $args) use ($container)
    return $view->render($response, 'containers.twig', [
        'domain' => $configurationManager->GetDomain(),
        'borg_backup_host_location' => $configurationManager->GetBorgBackupHostLocation(),
-        'nextcloud_password' => $configurationManager->GetSecret('NEXTCLOUD_PASSWORD'),
+        'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'),
        'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(),
-        'borgbackup_password' => $configurationManager->GetSecret('BORGBACKUP_PASSWORD'),
+        'borgbackup_password' => $configurationManager->GetAndGenerateSecret('BORGBACKUP_PASSWORD'),
        'is_mastercontainer_update_available' => $dockerActionManger->IsMastercontainerUpdateAvailable(),
        'has_backup_run_once' => $configurationManager->hasBackupRunOnce(),
        'is_backup_container_running' => $dockerActionManger->isBackupContainerRunning(),
@@ -110,7 +113,7 @@ $app->get('/containers', function ($request, $response, $args) use ($container)
        'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(),
    ]);
 })->setName('profile');
-$app->get('/login', function ($request, $response, $args) use ($container) {
+$app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
    $view = Twig::fromRequest($request);
    /** @var \AIO\Docker\DockerActionManager $dockerActionManger */
    $dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
@@ -118,7 +121,7 @@ $app->get('/login', function ($request, $response, $args) use ($container) {
        'is_login_allowed' => $dockerActionManger->isLoginAllowed(),
    ]);
 });
-$app->get('/setup', function ($request, $response, $args) use ($container) {
+$app->get('/setup', function (Request $request, Response $response, array $args) use ($container) {
    $view = Twig::fromRequest($request);
    /** @var \AIO\Data\Setup $setup */
    $setup = $container->get(\AIO\Data\Setup::class);
@@ -140,7 +143,7 @@ $app->get('/setup', function ($request, $response, $args) use ($container) {
 });

 // Auth Redirector
-$app->get('/', function (\Psr\Http\Message\RequestInterface $request, \Psr\Http\Message\ResponseInterface $response, $args) use ($container) {
+$app->get('/', function (\Psr\Http\Message\RequestInterface $request, Response $response, array $args) use ($container) {
    $authManager = $container->get(\AIO\Auth\AuthManager::class);

    /** @var \AIO\Data\Setup $setup */
--- a/php/public/options-form-submit.js
+++ b/php/public/options-form-submit.js
@@ -13,11 +13,9 @@ document.addEventListener("DOMContentLoaded", function(event) {
    clamav.addEventListener('change', makeOptionsFormSubmitVisible);

    // OnlyOffice
-    try {
-        var onlyoffice = document.getElementById("onlyoffice");
+    var onlyoffice = document.getElementById("onlyoffice");
+    if (onlyoffice) {
        onlyoffice.addEventListener('change', makeOptionsFormSubmitVisible);
-    } catch (error) {
-        // console.error(error);
    }

    // Collabora
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -14,13 +14,15 @@ class Container {
    private string $restartPolicy;
    private int $maxShutdownTime;
    private ContainerPorts $ports;
-    private ContainerInternalPorts $internalPorts;
+    private string $internalPorts;
    private ContainerVolumes $volumes;
    private ContainerEnvironmentVariables $containerEnvironmentVariables;
    /** @var string[] */
    private array $dependsOn;
    /** @var string[] */
    private array $secrets;
+    /** @var string[] */
+    private array $devices;
    private DockerActionManager $dockerActionManager;

    public function __construct(
@@ -30,11 +32,12 @@ class Container {
        string $restartPolicy,
        int $maxShutdownTime,
        ContainerPorts $ports,
-        ContainerInternalPorts $internalPorts,
+        string $internalPorts,
        ContainerVolumes $volumes,
        ContainerEnvironmentVariables $containerEnvironmentVariables,
        array $dependsOn,
        array $secrets,
+        array $devices,
        DockerActionManager $dockerActionManager
    ) {
        $this->identifier = $identifier;
@@ -48,6 +51,7 @@ class Container {
        $this->containerEnvironmentVariables = $containerEnvironmentVariables;
        $this->dependsOn = $dependsOn;
        $this->secrets = $secrets;
+        $this->devices = $devices;
        $this->dockerActionManager = $dockerActionManager;
    }

@@ -75,11 +79,15 @@ class Container {
        return $this->secrets;
    }

+    public function GetDevices() : array {
+        return $this->devices;
+    }
+
    public function GetPorts() : ContainerPorts {
        return $this->ports;
    }

-    public function GetInternalPorts() : ContainerInternalPorts {
+    public function GetInternalPort() : string {
        return $this->internalPorts;
    }

--- a/php/src/Container/ContainerInternalPorts.php
+++ b/php/src/Container/ContainerInternalPorts.php
@@ -1,19 +0,0 @@
-<?php
-
-namespace AIO\Container;
-
-class ContainerInternalPorts {
-    /** @var string[] */
-    private array $internalPorts = [];
-
-    public function AddInternalPort(string $internalPort) : void {
-        $this->internalPorts[] = $internalPort;
-    }
-
-    /**
-     * @return string[]
-     */
-    public function GetInternalPorts() : array {
-        return $this->internalPorts;
-    }
-}
--- a/php/src/Container/ContainerPort.php
+++ b/php/src/Container/ContainerPort.php
@@ -0,0 +1,19 @@
+<?php
+
+namespace AIO\Container;
+
+class ContainerPort {
+    public string $port;
+    public string $ipBinding;
+    public string $protocol;
+
+    public function __construct(
+        string $port,
+        string $ipBinding,
+        string $protocol
+    ) {
+        $this->port = $port;
+        $this->ipBinding = $ipBinding;
+        $this->protocol = $protocol;
+    }
+}
--- a/php/src/Container/ContainerPorts.php
+++ b/php/src/Container/ContainerPorts.php
@@ -3,17 +3,17 @@
 namespace AIO\Container;

 class ContainerPorts {
-    /** @var string[] */
+    /** @var ContainerPort[] */
    private array $ports = [];

-    public function AddPort(string $port) : void {
+    public function AddPort(ContainerPort $port) : void {
        $this->ports[] = $port;
    }

    /**
-     * @return string[]
+     * @return ContainerPort[]
     */
    public function GetPorts() : array {
        return $this->ports;
    }
-}
+}
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -4,8 +4,8 @@ namespace AIO;

 use AIO\Container\Container;
 use AIO\Container\ContainerEnvironmentVariables;
+use AIO\Container\ContainerPort;
 use AIO\Container\ContainerPorts;
-use AIO\Container\ContainerInternalPorts;
 use AIO\Container\ContainerVolume;
 use AIO\Container\ContainerVolumes;
 use AIO\Container\State\RunningState;
@@ -48,146 +48,184 @@ class ContainerDefinitionFetcher
        $data = json_decode(file_get_contents(__DIR__ . '/../containers.json'), true);

        $containers = [];
-        foreach ($data['production'] as $entry) {
-            if ($entry['identifier'] === 'nextcloud-aio-clamav') {
+        foreach ($data['aio_services_v1'] as $entry) {
+            if ($entry['container_name'] === 'nextcloud-aio-clamav') {
                if (!$this->configurationManager->isClamavEnabled()) {
                    continue;
                }
-            } elseif ($entry['identifier'] === 'nextcloud-aio-onlyoffice') {
+            } elseif ($entry['container_name'] === 'nextcloud-aio-onlyoffice') {
                if (!$this->configurationManager->isOnlyofficeEnabled()) {
                    continue;
                }
-            } elseif ($entry['identifier'] === 'nextcloud-aio-collabora') {
+            } elseif ($entry['container_name'] === 'nextcloud-aio-collabora') {
                if (!$this->configurationManager->isCollaboraEnabled()) {
                    continue;
                }
-            } elseif ($entry['identifier'] === 'nextcloud-aio-talk') {
+            } elseif ($entry['container_name'] === 'nextcloud-aio-talk') {
                if (!$this->configurationManager->isTalkEnabled()) {
                    continue;
                }
-            } elseif ($entry['identifier'] === 'nextcloud-aio-imaginary') {
+            } elseif ($entry['container_name'] === 'nextcloud-aio-imaginary') {
                if (!$this->configurationManager->isImaginaryEnabled()) {
                    continue;
                }
-            } elseif ($entry['identifier'] === 'nextcloud-aio-fulltextsearch') {
+            } elseif ($entry['container_name'] === 'nextcloud-aio-fulltextsearch') {
                if (!$this->configurationManager->isFulltextsearchEnabled()) {
                    continue;
                }
            }

            $ports = new ContainerPorts();
-            foreach ($entry['ports'] as $port) {
-                if($port === '%APACHE_PORT%/tcp') {
-                    $port = $this->configurationManager->GetApachePort() . '/tcp';
-                } elseif($port === '%TALK_PORT%/tcp') {
-                    $port = $this->configurationManager->GetTalkPort() . '/tcp';
-                } elseif($port === '%TALK_PORT%/udp') {
-                    $port = $this->configurationManager->GetTalkPort() . '/udp';
-                }
-                $ports->AddPort($port);
-            }
+            if (isset($entry['ports'])) {
+                foreach ($entry['ports'] as $value) {
+                    if ($value['port_number'] === '%APACHE_PORT%') {
+                        $value['port_number'] = $this->configurationManager->GetApachePort();
+                    } elseif ($value['port_number'] === '%TALK_PORT%') {
+                        $value['port_number'] = $this->configurationManager->GetTalkPort();
+                    }

-            $internalPorts = new ContainerInternalPorts();
-            foreach ($entry['internalPorts'] as $internalPort) {
-                if($internalPort === '%APACHE_PORT%') {
-                    $internalPort = $this->configurationManager->GetApachePort();
-                } elseif($internalPort === '%TALK_PORT%') {
-                    $internalPort = $this->configurationManager->GetTalkPort();
+                    if ($value['ip_binding'] === '%APACHE_IP_BINDING%') {
+                        $value['ip_binding'] = $this->configurationManager->GetApacheIPBinding();
+                    }
+                    
+                    $ports->AddPort(
+                        new ContainerPort(
+                            $value['port_number'],
+                            $value['ip_binding'],
+                            $value['protocol']
+                        )
+                    );
                }
-                $internalPorts->AddInternalPort($internalPort);
            }

            $volumes = new ContainerVolumes();
-            foreach ($entry['volumes'] as $value) {
-                if($value['name'] === '%BORGBACKUP_HOST_LOCATION%') {
-                    $value['name'] = $this->configurationManager->GetBorgBackupHostLocation();
-                    if($value['name'] === '') {
-                        continue;
+            if (isset($entry['volumes'])) {
+                foreach ($entry['volumes'] as $value) {
+                    if($value['source'] === '%BORGBACKUP_HOST_LOCATION%') {
+                        $value['source'] = $this->configurationManager->GetBorgBackupHostLocation();
+                        if($value['source'] === '') {
+                            continue;
+                        }
                    }
+                    if($value['source'] === '%NEXTCLOUD_MOUNT%') {
+                        $value['source'] = $this->configurationManager->GetNextcloudMount();
+                        if($value['source'] === '') {
+                            continue;
+                        }
+                    } elseif ($value['source'] === '%NEXTCLOUD_DATADIR%') {
+                        $value['source'] = $this->configurationManager->GetNextcloudDatadirMount();
+                        if ($value['source'] === '') {
+                            continue;
+                        }
+                    } elseif ($value['source'] === '%DOCKER_SOCKET_PATH%') {
+                        $value['source'] = $this->configurationManager->GetDockerSocketPath();
+                        if($value['source'] === '') {
+                            continue;
+                        }
+                    } elseif ($value['source'] === '%NEXTCLOUD_TRUSTED_CACERTS_DIR%') {
+                        $value['source'] = $this->configurationManager->GetTrustedCacertsDir();
+                        if($value['source'] === '') {
+                            continue;
+                        }
+                    }
+                    if ($value['destination'] === '%NEXTCLOUD_MOUNT%') {
+                        $value['destination'] = $this->configurationManager->GetNextcloudMount();
+                        if($value['destination'] === '') {
+                            continue;
+                        }
+                    }
+                    $volumes->AddVolume(
+                        new ContainerVolume(
+                            $value['source'],
+                            $value['destination'],
+                            $value['writeable']
+                        )
+                    );
                }
-                if($value['name'] === '%NEXTCLOUD_MOUNT%') {
-                    $value['name'] = $this->configurationManager->GetNextcloudMount();
-                    if($value['name'] === '') {
-                        continue;
-                    }
-                } elseif ($value['name'] === '%NEXTCLOUD_DATADIR%') {
-                    $value['name'] = $this->configurationManager->GetNextcloudDatadirMount();
-                    if ($value['name'] === '') {
-                        continue;
-                    }
-                } elseif ($value['name'] === '%DOCKER_SOCKET_PATH%') {
-                    $value['name'] = $this->configurationManager->GetDockerSocketPath();
-                    if($value['name'] === '') {
-                        continue;
-                    }
-                } elseif ($value['name'] === '%NEXTCLOUD_TRUSTED_CACERTS_DIR%') {
-                    $value['name'] = $this->configurationManager->GetTrustedCacertsDir();
-                    if($value['name'] === '') {
-                        continue;
-                    }
-                }
-                if ($value['location'] === '%NEXTCLOUD_MOUNT%') {
-                    $value['location'] = $this->configurationManager->GetNextcloudMount();
-                    if($value['location'] === '') {
-                        continue;
-                    }
-                }
-                $volumes->AddVolume(
-                    new ContainerVolume(
-                        $value['name'],
-                        $value['location'],
-                        $value['writeable']
-                    )
-                );
            }

            $dependsOn = [];
-            foreach ($entry['dependsOn'] as $value) {
-                if ($value === 'nextcloud-aio-clamav') {
-                    if (!$this->configurationManager->isClamavEnabled()) {
-                        continue;
-                    }
-                } elseif ($value === 'nextcloud-aio-onlyoffice') {
-                    if (!$this->configurationManager->isOnlyofficeEnabled()) {
-                        continue;
-                    }
-                } elseif ($value === 'nextcloud-aio-collabora') {
-                    if (!$this->configurationManager->isCollaboraEnabled()) {
-                        continue;
-                    }
-                } elseif ($value === 'nextcloud-aio-talk') {
-                    if (!$this->configurationManager->isTalkEnabled()) {
-                        continue;
-                    }
-                } elseif ($value === 'nextcloud-aio-imaginary') {
-                    if (!$this->configurationManager->isImaginaryEnabled()) {
-                        continue;
-                    }
-                } elseif ($value === 'nextcloud-aio-fulltextsearch') {
-                    if (!$this->configurationManager->isFulltextsearchEnabled()) {
-                        continue;
+            if (isset($entry['depends_on'])) {
+                foreach ($entry['depends_on'] as $value) {
+                    if ($value === 'nextcloud-aio-clamav') {
+                        if (!$this->configurationManager->isClamavEnabled()) {
+                            continue;
+                        }
+                    } elseif ($value === 'nextcloud-aio-onlyoffice') {
+                        if (!$this->configurationManager->isOnlyofficeEnabled()) {
+                            continue;
+                        }
+                    } elseif ($value === 'nextcloud-aio-collabora') {
+                        if (!$this->configurationManager->isCollaboraEnabled()) {
+                            continue;
+                        }
+                    } elseif ($value === 'nextcloud-aio-talk') {
+                        if (!$this->configurationManager->isTalkEnabled()) {
+                            continue;
+                        }
+                    } elseif ($value === 'nextcloud-aio-imaginary') {
+                        if (!$this->configurationManager->isImaginaryEnabled()) {
+                            continue;
+                        }
+                    } elseif ($value === 'nextcloud-aio-fulltextsearch') {
+                        if (!$this->configurationManager->isFulltextsearchEnabled()) {
+                            continue;
+                        }
                    }
+                    $dependsOn[] = $value;
                }
-                $dependsOn[] = $value;
            }
            
            $variables = new ContainerEnvironmentVariables();
-            foreach ($entry['environmentVariables'] as $value) {
-                $variables->AddVariable($value);
+            if (isset($entry['environment'])) {
+                foreach ($entry['environment'] as $value) {
+                    $variables->AddVariable($value);
+                }
+            }
+
+            $displayName = '';
+            if (isset($entry['display_name'])) {
+                $displayName = $entry['display_name'];
+            }
+
+            $restartPolicy = '';
+            if (isset($entry['restart'])) {
+                $restartPolicy = $entry['restart'];
+            }
+
+            $maxShutdownTime = 10;
+            if (isset($entry['stop_grace_period'])) {
+                $maxShutdownTime = $entry['stop_grace_period'];
+            }
+
+            $internalPort = '';
+            if (isset($entry['internal_port'])) {
+                $internalPort = $entry['internal_port'];
+            }
+
+            $secrets = [];
+            if (isset($entry['secrets'])) {
+                $secrets = $entry['secrets'];
+            }
+
+            $devices = [];
+            if (isset($entry['devices'])) {
+                $devices = $entry['devices'];
            }

            $containers[] = new Container(
-                $entry['identifier'],
-                $entry['displayName'],
-                $entry['containerName'],
-                $entry['restartPolicy'],
-                $entry['maxShutdownTime'],
+                $entry['container_name'],
+                $displayName,
+                $entry['image'],
+                $restartPolicy,
+                $maxShutdownTime,
                $ports,
-                $internalPorts,
+                $internalPort,
                $volumes,
                $variables,
                $dependsOn,
-                $entry['secrets'],
+                $secrets,
+                $devices,
                $this->container->get(DockerActionManager::class)
            );
        }
--- a/php/src/Controller/ConfigurationController.php
+++ b/php/src/Controller/ConfigurationController.php
@@ -19,7 +19,7 @@ class ConfigurationController
        $this->configurationManager = $configurationManager;
    }

-    public function SetConfig(Request $request, Response $response, $args) : Response {
+    public function SetConfig(Request $request, Response $response, array $args) : Response {
        try {
            if (isset($request->getParsedBody()['domain'])) {
                $domain = $request->getParsedBody()['domain'] ?? '';
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -49,7 +49,7 @@ class DockerController
        $this->dockerActionManager->ConnectContainerToNetwork($container);
    }

-    public function GetLogs(Request $request, Response $response, $args) : Response
+    public function GetLogs(Request $request, Response $response, array $args) : Response
    {
        $id = $request->getQueryParams()['id'];
        if (str_starts_with($id, 'nextcloud-aio-')) {
@@ -67,7 +67,7 @@ class DockerController
            ->withHeader('Content-Disposition', 'inline');
    }

-    public function StartBackupContainerBackup(Request $request, Response $response, $args) : Response {
+    public function StartBackupContainerBackup(Request $request, Response $response, array $args) : Response {
        $this->startBackup();
        return $response->withStatus(201)->withHeader('Location', '/');
    }
@@ -84,7 +84,7 @@ class DockerController
        $this->PerformRecursiveContainerStart($id);
    }

-    public function StartBackupContainerCheck(Request $request, Response $response, $args) : Response {
+    public function StartBackupContainerCheck(Request $request, Response $response, array $args) : Response {
        $this->checkBackup();
        return $response->withStatus(201)->withHeader('Location', '/');
    }
@@ -98,7 +98,7 @@ class DockerController
        $this->PerformRecursiveContainerStart($id);
    }

-    public function StartBackupContainerRestore(Request $request, Response $response, $args) : Response {
+    public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response {
        $config = $this->configurationManager->GetConfig();
        $config['backup-mode'] = 'restore';
        $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'] ?? '';
@@ -113,7 +113,23 @@ class DockerController
        return $response->withStatus(201)->withHeader('Location', '/');
    }

-    public function StartBackupContainerTest(Request $request, Response $response, $args) : Response {
+    public function StartBackupContainerCheckRepair(Request $request, Response $response, array $args) : Response {
+        $config = $this->configurationManager->GetConfig();
+        $config['backup-mode'] = 'check-repair';
+        $this->configurationManager->WriteConfig($config);
+
+        $id = 'nextcloud-aio-borgbackup';
+        $this->PerformRecursiveContainerStart($id);
+
+        // Restore to backup check which is needed to make the UI logic work correctly
+        $config = $this->configurationManager->GetConfig();
+        $config['backup-mode'] = 'check';
+        $this->configurationManager->WriteConfig($config);
+
+        return $response->withStatus(201)->withHeader('Location', '/');
+    }
+
+    public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response {
        $config = $this->configurationManager->GetConfig();
        $config['backup-mode'] = 'test';
        $config['instance_restore_attempt'] = 0;
@@ -128,7 +144,7 @@ class DockerController
        return $response->withStatus(201)->withHeader('Location', '/');
    }

-    public function StartContainer(Request $request, Response $response, $args) : Response
+    public function StartContainer(Request $request, Response $response, array $args) : Response
    {
        $uri = $request->getUri();
        $host = $uri->getHost();
@@ -165,7 +181,7 @@ class DockerController
        $this->PerformRecursiveContainerStart($id, $pullContainer);
    }

-    public function StartWatchtowerContainer(Request $request, Response $response, $args) : Response {
+    public function StartWatchtowerContainer(Request $request, Response $response, array $args) : Response {
        $this->startWatchtower();
        return $response->withStatus(201)->withHeader('Location', '/');
    }
@@ -188,7 +204,7 @@ class DockerController
        $this->dockerActionManager->StopContainer($container);
    }

-    public function StopContainer(Request $request, Response $response, $args) : Response
+    public function StopContainer(Request $request, Response $response, array $args) : Response
    {
        $id = self::TOP_CONTAINER;
        $this->PerformRecursiveContainerStop($id);
--- a/php/src/Controller/LoginController.php
+++ b/php/src/Controller/LoginController.php
@@ -19,7 +19,7 @@ class LoginController
        $this->dockerActionManager = $dockerActionManager;
    }

-    public function TryLogin(Request $request, Response $response, $args) : Response {
+    public function TryLogin(Request $request, Response $response, array $args) : Response {
        if (!$this->dockerActionManager->isLoginAllowed()) {
            return $response->withHeader('Location', '/')->withStatus(302);
        }
@@ -32,7 +32,7 @@ class LoginController
        return $response->withHeader('Location', '/')->withStatus(302);
    }

-    public function GetTryLogin(Request $request, Response $response, $args) : Response {
+    public function GetTryLogin(Request $request, Response $response, array $args) : Response {
        $token = $request->getQueryParams()['token'] ?? '';
        if($this->authManager->CheckToken($token)) {
            $this->authManager->SetAuthState(true);
@@ -42,7 +42,7 @@ class LoginController
        return $response->withHeader('Location', '/')->withStatus(302);
    }

-    public function Logout(Request $request, Response $response, $args) : Response
+    public function Logout(Request $request, Response $response, array $args) : Response
    {
        $this->authManager->SetAuthState(false);
        return $response
--- a/php/src/Cron/OutdatedNotification.php
+++ b/php/src/Cron/OutdatedNotification.php
@@ -0,0 +1,26 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+use DI\Container;
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Docker\DockerActionManager $dockerActionManger */
+$dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
+/** @var \AIO\ContainerDefinitionFetcher $containerDefinitionFetcher */
+$containerDefinitionFetcher = $container->get(\AIO\ContainerDefinitionFetcher::class);
+
+$id = 'nextcloud-aio-nextcloud';
+$nextcloudContainer = $containerDefinitionFetcher->GetContainerById($id);
+
+$isNextcloudImageOutdated = $dockerActionManger->isNextcloudImageOutdated();
+
+if ($isNextcloudImageOutdated === true) {
+    $dockerActionManger->sendNotification($nextcloudContainer, 'AIO is outdated!', 'Please open the AIO interface or ask an administrator to update it. If you do not want to do it manually each time, you can enable the daily backup feature from the AIO interface which automatically updates all containers.', '/notify-all.sh');
+}
+
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -32,7 +32,7 @@ class ConfigurationManager
        $this->WriteConfig($config);
    }

-    public function GetSecret(string $secretId) : string {
+    public function GetAndGenerateSecret(string $secretId) : string {
        $config = $this->GetConfig();
        if(!isset($config['secrets'][$secretId])) {
            $config['secrets'][$secretId] = bin2hex(random_bytes(24));
@@ -46,6 +46,15 @@ class ConfigurationManager
        return $config['secrets'][$secretId];
    }

+    public function GetSecret(string $secretId) : string {
+        $config = $this->GetConfig();
+        if(!isset($config['secrets'][$secretId])) {
+            $config['secrets'][$secretId] = "";
+        }
+
+        return $config['secrets'][$secretId];
+    }
+
    private function DoubleSafeBackupSecret(string $borgBackupPassword) : void {
        file_put_contents(DataConst::GetBackupSecretFile(), $borgBackupPassword);
    }
@@ -269,7 +278,7 @@ class ConfigurationManager
            }

            // Get Instance ID
-            $instanceID = $this->GetSecret('INSTANCE_ID');
+            $instanceID = $this->GetAndGenerateSecret('INSTANCE_ID');

            // set protocol
            if ($port !== '443') {
@@ -726,7 +735,7 @@ class ConfigurationManager
        if (is_string($apps)) {
            return trim($apps);
        }
-        return 'twofactor_totp deck tasks calendar contacts apporder';
+        return 'deck twofactor_totp tasks calendar contacts';
    }

    public function GetCollaboraDictionaries() : string {
@@ -782,4 +791,19 @@ class ConfigurationManager
            return true;
        }
    }
+
+    private function GetEnabledDriDevice() : string {
+        $envVariableName = 'NEXTCLOUD_ENABLE_DRI_DEVICE';
+        $configName = 'nextcloud_enable_dri_device';
+        $defaultValue = '';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    public function isDriDeviceEnabled() : bool {
+        if ($this->GetEnabledDriDevice() === 'true') {
+            return true;
+        } else {
+            return false;
+        }
+    }
 }
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -124,15 +124,20 @@ class DockerActionManager
        }

        $containerName = $container->GetIdentifier();
-        if ($container->GetInternalPorts() !== null) {
-            foreach($container->GetInternalPorts()->GetInternalPorts() as $internalPort) {
-                $connection = @fsockopen($containerName, $internalPort, $errno, $errstr, 0.1);
-                if ($connection) {
-                    fclose($connection);
-                    return new RunningState();
-                } else {
-                    return new StartingState();
-                }
+        $internalPort = $container->GetInternalPort();
+        if($internalPort === '%APACHE_PORT%') {
+            $internalPort = $this->configurationManager->GetApachePort();
+        } elseif($internalPort === '%TALK_PORT%') {
+            $internalPort = $this->configurationManager->GetTalkPort();
+        }
+        
+        if ($internalPort !== "" && $internalPort !== 'host') {
+            $connection = @fsockopen($containerName, (int)$internalPort, $errno, $errstr, 0.1);
+            if ($connection) {
+                fclose($connection);
+                return new RunningState();
+            } else {
+                return new StartingState();
            }
        } else {
            return new RunningState();
@@ -217,11 +222,6 @@ class DockerActionManager
            $volumes[] = $volumeEntry;
        }

-        $exposedPorts = [];
-        foreach($container->GetPorts()->GetPorts() as $port) {
-            $exposedPorts[$port] = null;
-        }
-
        $requestBody = [
            'Image' => $this->BuildImageName($container),
        ];
@@ -230,10 +230,22 @@ class DockerActionManager
            $requestBody['HostConfig']['Binds'] = $volumes;
        }

+        foreach($container->GetSecrets() as $secret) {
+            $this->configurationManager->GetAndGenerateSecret($secret);
+        }
+
        $envs = $container->GetEnvironmentVariables()->GetVariables();
        foreach($envs as $key => $env) {
-            $patterns = ['/%(.*)%/'];
+            // TODO: This whole block below is a hack and needs to get reworked in order to support multiple substitutions per line by default for all envs
+            if (str_starts_with($env, 'extra_params=')) {
+                $env = str_replace('%COLLABORA_SECCOMP_POLICY%', $this->configurationManager->GetCollaboraSeccompPolicy(), $env);
+                $env = str_replace('%NC_DOMAIN%', $this->configurationManager->GetDomain(), $env);
+                $envs[$key] = $env;
+                continue;
+            }

+            // Original implementation
+            $patterns = ['/%(.*)%/'];

            if(preg_match($patterns[0], $env, $out) === 1) {
                $replacements = array();
@@ -337,7 +349,11 @@ class DockerActionManager
                } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
                    $replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
                } else {
-                    $replacements[1] = $this->configurationManager->GetSecret($out[1]);
+                    $secret = $this->configurationManager->GetSecret($out[1]);
+                    if ($secret === "") {
+                        throw new \Exception("The secret " . $out[1] . " is empty. Cannot substitute its value. Pleas check if it is defined in secrets of containers.json.");
+                    }
+                    $replacements[1] = $secret;
                }

                $envs[$key] = preg_replace($patterns, $replacements, $env);
@@ -349,32 +365,48 @@ class DockerActionManager
        }

        $requestBody['HostConfig']['RestartPolicy']['Name'] = $container->GetRestartPolicy();
+ 
+        $exposedPorts = [];
+        if ($container->GetInternalPort() !== 'host') {
+            foreach($container->GetPorts()->GetPorts() as $value) {
+                $portWithProtocol = $value->port . '/' . $value->protocol;
+                $exposedPorts[$portWithProtocol] = null;
+            }
+        } else {
+            $requestBody['HostConfig']['NetworkMode'] = 'host';
+        }

        if(count($exposedPorts) > 0) {
            $requestBody['ExposedPorts'] = $exposedPorts;
-            foreach ($container->GetPorts()->GetPorts() as $port) {
-                $portNumber = explode("/", $port);
-                if ($this->configurationManager->GetApachePort() === $portNumber[0] && $this->configurationManager->GetApacheIPBinding() !== '') {
-                    $requestBody['HostConfig']['PortBindings'][$port] = [
-                        [
-                        'HostPort' => $portNumber[0],
-                        'HostIp' => $this->configurationManager->GetApacheIPBinding(),
-                        ]
-                    ];
-                } else {
-                    $requestBody['HostConfig']['PortBindings'][$port] = [
-                        [
-                        'HostPort' => $portNumber[0],
-                        ]
-                    ];
-                }
+            foreach ($container->GetPorts()->GetPorts() as $value) {
+                $port = $value->port;
+                $ipBinding = $value->ipBinding;
+                $protocol = $value->protocol;
+                $portWithProtocol = $port . '/' . $protocol;
+                $requestBody['HostConfig']['PortBindings'][$portWithProtocol] = [
+                    [
+                    'HostPort' => $port,
+                    'HostIp' => $ipBinding,
+                    ]
+                ];
            }
        }

+        $devices = [];
+        foreach($container->GetDevices() as $device) {
+            if ($device === '/dev/dri' && ! $this->configurationManager->isDriDeviceEnabled()) {
+                continue;
+            }
+            $devices[] = ["PathOnHost" => $device, "PathInContainer" => $device, "CgroupPermissions" => "rwm"];
+        }
+
+        if (count($devices) > 0) {
+            $requestBody['HostConfig']['Devices'] = $devices;
+        }
+
        // Special things for the backup container which should not be exposed in the containers.json
        if ($container->GetIdentifier() === 'nextcloud-aio-borgbackup') {
            $requestBody['HostConfig']['CapAdd'] = ["SYS_ADMIN"];
-            $requestBody['HostConfig']['Devices'] = [["PathOnHost" => "/dev/fuse", "PathInContainer" => "/dev/fuse", "CgroupPermissions" => "rwm"]];
            $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
            
            // Additional backup directories
@@ -391,6 +423,10 @@ class DockerActionManager
            if(count($mounts) > 0) {
                $requestBody['HostConfig']['Mounts'] = $mounts;
            }
+        // Special things for the talk container which should not be exposed in the containers.json
+        } elseif ($container->GetIdentifier() === 'nextcloud-aio-talk') {
+            // This is needed due to a bug in libwebsockets which cannot handle unlimited ulimits
+            $requestBody['HostConfig']['Ulimits'] = [["Name" => "nofile", "Hard" => 200000, "Soft" => 200000]];
        }

        $url = $this->BuildApiUrl('containers/create?name=' . $container->GetIdentifier());
@@ -540,7 +576,7 @@ class DockerActionManager
        return true;
    }

-    public function sendNotification(Container $container, string $subject, string $message) : void
+    public function sendNotification(Container $container, string $subject, string $message, string $file = '/notify.sh') : void
    {
        if ($this->GetContainerStartingState($container) instanceof RunningState) {

@@ -558,7 +594,7 @@ class DockerActionManager
                            'Tty' => true,
                            'Cmd' => [
                                'bash',
-                                '/notify.sh',
+                                $file,
                                $subject,
                                $message
                            ],
@@ -568,7 +604,6 @@ class DockerActionManager
                true
            );

-            // get the id from the response
            $id = $response['Id'];

            // start the exec
@@ -608,8 +643,13 @@ class DockerActionManager
        }
    }

-    private function ConnectContainerIdToNetwork(string $id) : void
+    private function ConnectContainerIdToNetwork(string $id, string $internalPort) : void
    {
+        if ($internalPort === 'host') {
+            return;
+        }
+
+        $network = 'nextcloud-aio';
        $url = $this->BuildApiUrl('networks/create');
        try {
            $this->guzzleClient->request(
@@ -635,7 +675,7 @@ class DockerActionManager
        }

        $url = $this->BuildApiUrl(
-            sprintf('networks/%s/connect', 'nextcloud-aio')
+            sprintf('networks/%s/connect', $network)
        );
        try {
            $this->guzzleClient->request(
@@ -657,12 +697,12 @@ class DockerActionManager

    public function ConnectMasterContainerToNetwork() : void
    {
-        $this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer');
+        $this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer', '');
    }

    public function ConnectContainerToNetwork(Container $container) : void
    {
-      $this->ConnectContainerIdToNetwork($container->GetIdentifier());
+      $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort());
    }

    public function StopContainer(Container $container) : void {
@@ -739,4 +779,36 @@ class DockerActionManager
        }
        return false;
    }
+
+    private function GetCreatedTimeOfNextcloudImage() : ?string {
+        $imageName = 'nextcloud/aio-nextcloud' . ':' . $this->GetCurrentChannel();
+        try {
+            $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
+            $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true);
+
+            if (!isset($imageOutput['Created'])) {
+                error_log('Created is not set of image ' . $imageName);
+                return null;
+            }
+
+            return str_replace('T', ' ', $imageOutput['Created']);
+        } catch (\Exception $e) {
+            return null;
+        }
+    }
+
+    public function isNextcloudImageOutdated() : bool {
+        $createdTime = $this->GetCreatedTimeOfNextcloudImage();
+
+        if ($createdTime === null) {
+            return false;
+        }
+
+        // If the image is older than 90 days, it is outdated.
+        if ((time() - (60 * 60 * 24 * 90)) > strtotime($createdTime)) {
+            return true;
+        }
+
+        return false;
+    }
 }
--- a/php/src/Twig/ClassExtension.php
+++ b/php/src/Twig/ClassExtension.php
@@ -14,7 +14,7 @@ class ClassExtension extends TwigExtension
        );
    }

-    public function getClassName($object) : ?string
+    public function getClassName(mixed $object) : ?string
    {
        if (!is_object($object)) {
            return null;
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -16,7 +16,7 @@
    </header>

    <div class="content">
-        <h1>Nextcloud AIO v3.0.0</h1>
+        <h1>Nextcloud AIO v4.1.0</h1>

        {# Add 2nd tab warning #}
        <script type="text/javascript" src="second-tab-warning.js"></script>
@@ -38,10 +38,10 @@
        {% endif %}

        {% for container in containers %}
-            {% if container.GetIdentifier() not in ['nextcloud-aio-domaincheck', 'nextcloud-aio-borgbackup', 'nextcloud-aio-watchtower'] and class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
+            {% if container.GetDisplayName() != '' and class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
                {% set isAnyRunning = true %}
            {% endif %}
-            {% if container.GetIdentifier() not in ['nextcloud-aio-domaincheck', 'nextcloud-aio-borgbackup', 'nextcloud-aio-watchtower'] and class(container.GetRestartingState()) == 'AIO\\Container\\State\\RestartingState' %}
+            {% if container.GetDisplayName() != '' and class(container.GetRestartingState()) == 'AIO\\Container\\State\\RestartingState' %}
                {% set isAnyRestarting = true %}
            {% endif %}
            {% if container.GetIdentifier() == 'nextcloud-aio-watchtower' and class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
@@ -111,7 +111,16 @@
                                    {% if borg_backup_mode == 'test' %}
                                        Please adjust the path and/or the password in order to make it work!<br><br>
                                    {% elseif borg_backup_mode == 'check' %}
-                                        The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html?highlight=repair#:~:text=repairing%20a%20damaged%20repository"><b>this documentation</b></a>
+                                        The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><b>this documentation</b></a><br><br>
+                                        <details>
+                                            <summary>Reveal repair option</summary><br />
+                                            Below is the option to repair the integrity of your backup. <b>Please note:</b> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)<br><br>
+                                            <form method="POST" action="/api/docker/backup-check-repair" class="xhr">
+                                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                                <input class="button" type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/><br/>
+                                            </form>
+                                        </details><br /><br />
                                    {% endif %}
                                {% elseif backup_exit_code == 0 %}
                                    <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
@@ -219,7 +228,7 @@
                    <ul>
                        {# @var containers \AIO\Container\Container[] #}
                        {% for container in containers %}
-                            {% if container.GetIdentifier() not in ['nextcloud-aio-borgbackup', 'nextcloud-aio-watchtower', 'nextcloud-aio-domaincheck'] %}
+                            {% if container.GetDisplayName() != '' %}
                                <li>
                                    {% if class(container.GetStartingState()) == 'AIO\\Container\\State\\StartingState' %}
                                        <span class="status running"></span>
@@ -328,6 +337,18 @@
                                <h2>Backup and restore</h2>
                                {% if backup_exit_code > 0 %}
                                    <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
+                                    {% if borg_backup_mode == "check" %}
+                                        The backup check was not successful which might points towards a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><b>this documentation</b></a><br /><br />
+                                        <details>
+                                            <summary>Reveal repair option</summary><br />
+                                            Below is the option to repair the integrity of your backup. <b>Please note:</b> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)<br><br>
+                                            <form method="POST" action="/api/docker/backup-check-repair" class="xhr">
+                                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                                <input class="button" type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/><br/>
+                                            </form>
+                                        </details><br /><br />
+                                    {% endif %}
                                    {% if has_backup_run_once == false %}
                                        You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on 'Create Backup' for testing the new value.<br /><br />
                                        <form method="POST" action="/api/configuration" class="xhr">
--- a/readme.md
+++ b/readme.md
@@ -62,7 +62,7 @@ The following instructions are especially meant for Linux. For macOS see [this](
    - `--publish 8080:8080` This means that port 8080 of the container should get published on the host using port 8080. This port is used for the AIO interface and uses a self-signed certificate by default. You can also use a different host port if port 8080 is already used on your host, for example `--publish 8081:8080` (only the first port can be changed for the host, the second port is for the container and must remain at 8080).
    - `--publish 8443:8443` This means that port 8443 of the container should get published on the host using port 8443. If you publish port 80 and 8443 to the public internet, you can access the AIO interface via this port with a valid certificate. It is not needed if you run AIO behind a reverse proxy and can get removed in that case as you can simply use port 8080 for the AIO interface then.
    - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
-    - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If you dislike this, see https://github.com/nextcloud/all-in-one/discussions/500#discussioncomment-2740767 and the whole thread for options.
+    - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/discussions/500#discussioncomment-2740767 and the whole thread for options.
    - `nextcloud/all-in-one:latest` or `nextcloud/all-in-one:latest-arm64` This is the docker container image that is used. See https://github.com/nextcloud/all-in-one/discussions/490 for why there are different images for the different CPU architectures.
    - Further options can be set using environment variables, for example `--env TALK_PORT=3478`. To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml
    </details>
@@ -431,7 +431,24 @@ You can configure the Nextcloud container to use a specific directory on your ho
    -o type="none" ^
    -o o="bind"
    ```
-    (The value `/host_mnt/c/your/data/path` in this example would be equivalent to `C:\your\data\path` on the Windows host. So you need to translate the path that you want to use into the correct format.) ⚠️️ **Attention**: Make sure that the path exists on the host before you create the volume! Otherwise everything will bug out!
+(The value `/host_mnt/c/your/data/path` in this example would be equivalent to `C:\your\data\path` on the Windows host. So you need to translate the path that you want to use into the correct format.) ⚠️️ **Attention**: Make sure that the path exists on the host before you create the volume! Otherwise everything will bug out!
+
+### Can I use a CIFS/SMB share as Nextcloud's datadir?
+
+Sure. Add this to the `/etc/fstab` file: <br>
+`<your-storage-host-and-subpath> <your-mount-dir> cifs rw,credentials=<your-credentials-file>,uid=33,gid=0,file_mode=0770,dir_mode=0770 0 0`<br>
+(Of course you need to modify `<your-storage-host-and-subpath>`, `<your-mount-dir>` and `<your-credentials-file>` for your specific case.)
+
+One example could look like this:<br>
+`//your-storage-host/subpath /mnt/storagebox cifs rw,credentials=/etc/storage-credentials,uid=33,gid=0,file_mode=0770,dir_mode=0770 0 0`<br>
+and add into `/etc/storage-credentials`:
+```
+username=<smb/cifs username>
+password=<password>
+```
+(Of course you need to modify `<smb/cifs username>` and `<password>` for your specific case.)
+
+Now you can use `/mnt/storagebox` as Nextcloud's datadir like described in the section above above this one.

 ### How to allow the Nextcloud container to access directories on the host?
 By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the initial startup of the mastercontainer. Allowed values for that variable are strings that start with `/` and are not equal to `/`.
@@ -446,6 +463,8 @@ You can then navigate to the apps management page, activate the external storage

 Be aware though that these locations will not be covered by the built-in backup solution!

+**Please note:** If you can't see the type "local storage" in the external storage admin options, a restart of the containers from the AIO interface may be required.
+
 ### How to adjust the Talk port?
 By default will the talk container use port `3478/UDP` and `3478/TCP` for connections. You can adjust the port by adding e.g. `-e TALK_PORT=3478` to the initial docker run command and adjusting the port to your desired value.

@@ -465,18 +484,24 @@ If you get an error during the domain validation which states that your ip-addre
 You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md)

 ### How to change the Nextcloud apps that are installed on the first startup?
-You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="twofactor_totp deck tasks calendar contacts apporder"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'.
+You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.

 ### How to add packets permanently to the Nextcloud container?
-Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is not recommended since we do not test Nextcloud apps that require external dependencies. 
+Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 

 You can do so by adding `-e NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?name=&branch=v3.16&repo=&arch=&maintainer=. By default added is `imagemagick`. If you want to keep that, you need to specify it as well.

 ### How to add PHP extensions permanently to the Nextcloud container?
-Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional php extensions into the Nextcloud container. However note that doing this is not recommended since we do not test Nextcloud apps that require additional php extensions. 
+Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 

 You can do so by adding `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default added is `imagick`. If you want to keep that, you need to specify it as well.

+### What about the pdlib PHP extension for the facerecognition app?
+The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requires the pdlib PHP extension to be installed. Unfortunately, it is not available on PECL nor via PHP core, so there is no way to add this into AIO currently. However you can vote up [this issue](https://github.com/goodspb/pdlib/issues/56) to bring it to PECL and there is the [recognize app](https://apps.nextcloud.com/apps/recognize) that also allows to do face-recognition.
+
+### How to enable hardware-transcoding for Nextcloud?
+The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `-e NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer which will mount the `/dev/dri` device into the container (⚠️ Attention: this only works if the device is present on the host!). Additionally, you need to add required packets to the Nextcloud container by using [this feature](https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container) and adding the required Alpine packages that are documented [here](https://github.com/pulsejet/memories/wiki/QSV-Transcoding).
+
 ### Huge docker logs
 When your containers run for a few days without a restart, the container logs that you can view from the AIO interface can get really huge. You can limit the loge sizes by enabling logrotate for docker container logs. Feel free to enable this by following those instructions: https://sandro-keil.de/blog/logrotate-for-docker-container/

@@ -486,7 +511,7 @@ The files and folders that you add to Nextcloud are by default stored in the fol
 After you are done modifying/adding/deleting files/folders, don't forget to apply the correct permissions by running: `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and rescan the files with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all`.

 ### How to store the files/installation on a separate drive?
-You can move the whole docker library and all its files including all Nextcloud AIO files and folders to a separate drive by first mounting the drive in the host OS (NTFS is not supported) and then following this tutorial: https://www.guguweb.com/2019/02/07/how-to-move-docker-data-directory-to-another-location-on-ubuntu/<br>
+You can move the whole docker library and all its files including all Nextcloud AIO files and folders to a separate drive by first mounting the drive in the host OS (NTFS is not supported and ext4 is recommended as FS) and then following this tutorial: https://www.guguweb.com/2019/02/07/how-to-move-docker-data-directory-to-another-location-on-ubuntu/<br>
 (Of course docker needs to be installed first for this to work.)

 ### How to edit Nextclouds config.php file with a texteditor?
@@ -537,3 +562,69 @@ In order for the value to be valid, the path should start with `/` and not end w

 ### How to disable Collabora's Seccomp feature?
 The Collabora container enables Seccomp by default, which is a security feature of the Linux kernel. On systems without this kernel feature enabled, you need to provide `-e COLLABORA_SECCOMP_DISABLED=true` to the initial docker run command in order to make it work.
+
+### How to enable automatic updates without creating a backup beforehand?
+If you have an external backup solution, you might want to enable automatic updates without creating a backup first. However note that doing this is disrecommended since you will not be able to easily create and restore a backup from the AIO interface anymore and you need to make sure to shut down all the containers properly before creating the backup, e.g. by stopping them from the AIO interface first. 
+
+But anyhow, is here a guide that helps you automate the whole procedure:
+
+<details>
+<summary>Click here to expand</summary>
+
+```bash
+#!/bin/bash
+
+# Stop the containers
+docker exec -e STOP_CONTAINERS=1 nextcloud-aio-mastercontainer /daily-backup.sh
+
+# Below is optional if you run AIO in a VM which will shut down the VM afterwards
+# poweroff
+
+```
+
+</details>
+
+You can simply copy and past the script into a file e.g. named `shutdown-script.sh` e.g. here: `/root/shutdown-script.sh`. 
+
+Afterwards apply the correct permissions with `sudo chown root:root /root/shutdown-script.sh` and `sudo chmod 700 /root/shutdown-script.sh`. Then you can create a cronjob that runs e.g. runs the script at `04:00` each day like this: 
+1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). 
+1. Add the following new line to the crontab if not already present: `0 4 * * * /root/shutdown-script.sh` which will run the script at 04:00 each day. 
+1. save and close the crontab (when using nano are the shortcuts for this `Ctrl + o` -> `Enter` and close the editor with `Ctrl + x`).
+
+
+**After that is in place, you should schedule a backup from your backup solution that creates a backup after AIO is shut down properly. Hint: If your backup runs on the same host, make sure to at least back up all docker volumes and additionally Nextclouds datadir, if it is not stored in a docker volume.**
+
+**Afterwards, you can create a second script that automatically updates the containers:**
+
+<details>
+<summary>Click here to expand</summary>
+
+```bash
+#!/bin/bash
+
+# Run container update once
+if ! docker exec -e AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh; then
+    while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-watchtower$"; do
+        echo "Waiting for watchtower to stop"
+        sleep 30
+    done
+
+    while ! docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; do
+        echo "Waiting for Mastercontainer to start"
+        sleep 30
+    done
+
+    # Run container update another time to make sure that all containers are updated correctly.
+    docker exec -e AUTOMATIC_UPDATES=1 nextcloud-aio-mastercontainer /daily-backup.sh
+fi
+
+```
+
+</details>
+
+You can simply copy and past the script into a file e.g. named `automatic-updates.sh` e.g. here: `/root/automatic-updates.sh`.
+
+Afterwards apply the correct permissions with `sudo chown root:root /root/automatic-updates.sh` and `sudo chmod 700 /root/automatic-updates.sh`. Then you can create a cronjob that runs e.g. at `05:00` each day like this: 
+1. Open the cronjob with `sudo crontab -u root -e` (and choose your editor of choice if not already done. I'd recommend nano). 
+1. Add the following new line to the crontab if not already present: `0 5 * * * /root/automatic-updates.sh` which will run the script at 05:00 each day. 
+1. save and close the crontab (when using nano are the shortcuts for this `Ctrl + o` -> `Enter` and close the editor with `Ctrl + x`).
--- a/reverse-proxy.md
+++ b/reverse-proxy.md
@@ -1,15 +1,16 @@
 # Reverse Proxy Documentation

-**Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 4](#4-optional-get-a-valid-certificate-for-the-aio-interface). 
+**Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface). 

 In order to run Nextcloud behind a reverse proxy, you need to specify the port that the Apache container shall use, add a specific config to your reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example Apache port which will be exposed on the host. Modify it to your needings.

-**Attention** The process to run Nextcloud behind a reverse proxy consists of at least these 2 steps:
+**Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-add-this-to-your-reverse-proxy-config)**
 1. **Use the in this document provided startup command! See [point 2](#2-use-this-startup-command)**
-1. If the reverse proxy is installed on the same host, you should limit the apache container to only listen on localhost. See [point 3](#3-if-the-reverse-proxy-is-installed-on-the-same-host-you-should-configure-the-apache-container-to-only-listen-on-localhost)
- Optional: get a valid certificate for the AIO interface! See [point 4](#4-optional-get-a-valid-certificate-for-the-aio-interface)
- How to debug things? See [point 5](#5-how-to-debug-things)
+1. Optional: If the reverse proxy is installed on the same host, you should limit the apache container to only listen on localhost. See [point 3](#3-if-the-reverse-proxy-is-installed-on-the-same-host-you-should-configure-the-apache-container-to-only-listen-on-localhost)
+1. **Open the AIO interface. See [point 4](#4-open-the-aio-interface)**
+1. Optional: Get a valid certificate for the AIO interface! See [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface)
+1. Optional: How to debug things? See [point 6](#6-how-to-debug-things)

 ## 1. Add this to your reverse proxy config

@@ -45,10 +46,11 @@ Add this as a new Apache site config:
    RewriteEngine On
    ProxyPreserveHost On
    AllowEncodedSlashes NoDecode
-    ProxyPass / http://localhost:11000/
+    ProxyPass / http://localhost:11000/ nocanon
    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
-    RewriteRule ^/?(.*) "ws://localhost:11000/$1" [P,QSA,B=?:;]
+    RewriteCond %{THE_REQUEST} "^[a-zA-Z]+ /(.*) HTTP/\d+(\.\d+)?$"
+    RewriteRule .? "ws://localhost:11000/%1" [P,L]

    # Enable h2, h2c and http1.1
    Protocols h2 h2c http/1.1
@@ -243,18 +245,19 @@ map $http_upgrade $connection_upgrade {

 server {
    listen 80;
-#    listen [::]:80;            # uncomment to use IPv6
+    listen [::]:80;            # comment to disable IPv6

    if ($scheme = "http") {
        return 301 https://$host$request_uri;
    }

    listen 443 ssl http2;
-#    listen [::]:443 ssl http2; # uncomment to use IPv6
+    listen [::]:443 ssl http2; # comment to disable IPv6

    server_name <your-nc-domain>;

    location / {
+        resolver localhost;
        proxy_pass http://localhost:11000$request_uri;

        proxy_set_header Host $host;
@@ -470,16 +473,14 @@ nextcloud/all-in-one:latest

 Simply translate the docker run command into a docker-compose file. You can have a look at [this file](https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml) for some inspiration but you will need to modify it either way. You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588

---
-
-### How to continue? 
-After using the above command, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`. Enter your domain that you've entered in the reverse proxy config and you should be done. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
-
 ## 3. If the reverse proxy is installed on the same host, you should configure the apache container to only listen on localhost.

 Use this envorinmental variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `-e APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address, you can either simply skip this step or set it to `0.0.0.0` if you are unsure what the correct value is.

-## 4. Optional: get a valid certificate for the AIO interface
+## 4. Open the AIO interface.
+After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`. Enter your domain that you've entered in the reverse proxy config and you should be done. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
+
+## 5. Optional: get a valid certificate for the AIO interface

 If you want to also access your AIO interface publicly with a valid certificate, you can add e.g. the following config to your Caddyfile:

@@ -497,7 +498,7 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want

 Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://<your-alternative-domain>:443` instead of `https://<your-nc-domain>:8443` in the Caddyfile and use that to access the AIO interface.

-## 5. How to debug things?
+## 6. How to debug things?
 If something does not work, follow the steps below:
 1. Make sure to exactly follow the whole reverse proxy documentation step-for-step from top to bottom!
 1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. If that is not possible, substitute `localhost` in the default configurations by the ip-address that you can easily get when running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (The command only works on Linux)
--- a/tests/QA/060-environmental-variables.md
+++ b/tests/QA/060-environmental-variables.md
@@ -15,8 +15,9 @@
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
 See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
 - [ ] When starting the mastercontainer with `-e COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.
- [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `twofactor_totp deck tasks calendar contacts apporder`.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `deck twofactor_totp tasks calendar contacts`.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed and not imagemagick.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_ENABLE_DRI_DEVICE=true`, the resulting Nextcloud container should have the /dev/dri device mounted into the container. (Only works if a `/dev/dri` device is present on the host)

 You can now continue with [070-timezone-change.md](./070-timezone-change.md)