increase to 4.4.0

Signed-off-by: Simon L <szaimen@e.mail.de>
Merge pull request #2005 from nextcloud/enh/2004/add-spinner-loader
2026-05-21 10:50:10 +00:00 · 2023-02-16 19:17:04 +01:00 · 2023-02-16 19:16:11 +01:00 · 2023-02-16 19:14:09 +01:00 · 2023-02-16 17:43:10 +01:00 · 2023-02-16 16:39:25 +00:00
129 changed files with 3143 additions and 1284 deletions
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -4,12 +4,10 @@ about: Help us improving by reporting a bug
 labels: bug, 0. Needs triage
 ---

-<!--- Please keep this note for other contributors -->
-### How to use GitHub
-
-* Please use the 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to show that you are affected by the same issue.
-* Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
-* Subscribe to receive notifications on status change and new comments. 
+<!---
+- If you use Cloudflare Tunnel or Cloudflare Proxy, see https://github.com/nextcloud/all-in-one#notes-on-cloudflare-proxytunnel for known issues/limitations and workarounds.
+- For issues with Collabora or Talk, make sure to follow https://github.com/nextcloud/all-in-one/discussions/1358. It may already resolve your issue and makes it easier to help you.
+--->

 <!--- Please fill out the whole template below -->
 ### Steps to reproduce
--- a/.github/ISSUE_TEMPLATE/Feature_request.md
+++ b/.github/ISSUE_TEMPLATE/Feature_request.md
@@ -4,12 +4,6 @@ about: Suggest an enhancement of an existing feature/documentation - for other t
 labels: enhancement, 0. Needs triage
 ---

-<!--- Please keep this note for other contributors -->
-### How to use GitHub
-* Please use the 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to show that you are interested into the same feature.
-* Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
-* Subscribe to receive notifications on status change and new comments. 
-
 <!--- Please fill out the whole template below -->
 ### Is your feature request related to a problem? Please describe. 
 <!--- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->
--- a/.github/workflows/command-rebase.yml
+++ b/.github/workflows/command-rebase.yml
@@ -37,7 +37,7 @@ jobs:
          token: ${{ secrets.COMMAND_BOT_PAT }}

      - name: Automatic Rebase
-        uses: cirrus-actions/rebase@1.7
+        uses: cirrus-actions/rebase@1.8
        env:
          GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}

--- a/.github/workflows/create-psalm-container.yml
+++ b/.github/workflows/create-psalm-container.yml
@@ -23,7 +23,7 @@ jobs:
      - name: Modify the Dockerfile
        run: |
          set -x
-          sed -i 's|FROM php:7.4-alpine|FROM php:8.0-alpine|' "psalm-github-actions/Dockerfile"
+          sed -i 's|FROM php:7.4-alpine|FROM php:8.1-alpine|' "psalm-github-actions/Dockerfile"
          cat << APCU >> "psalm-github-actions/Dockerfile"
          RUN mkdir -p /usr/src/php/ext/apcu && \
            curl -fsSL https://pecl.php.net/get/apcu | tar xvz -C "/usr/src/php/ext/apcu" --strip 1 && \
@@ -45,7 +45,7 @@ jobs:
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build container image
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v4
        with:
          push: true
          context: 'psalm-github-actions'
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -1,32 +1,31 @@
 name: dependency-updates

 on:
+  workflow_dispatch:
  schedule:
  - cron:  '00 12 * * *'

 jobs:
  dependency_updates:
    name: Run dependency update script
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
    steps:
    - uses: actions/checkout@v3
-    - uses: nanasess/setup-php@master
+    - uses: shivammathur/setup-php@v2
      with:
-        php-version: '8.0'
+        php-version: 8.1
+        extensions: apcu
    - name: Run dependency update script
      run: |
        set -x
-        curl -sS https://getcomposer.org/installer | php
-        mv composer.phar /usr/local/bin/composer
-        chmod +x /usr/local/bin/composer
        cd ./php
        composer update
        set +e
-        ALL_LINES="$(composer outdated | grep -v "psr/container\|^$\|Direct dependencies\|Everything up to date\|Transitive dependencies")"
+        ALL_LINES="$(composer outdated | grep -v "^$\|Direct dependencies\|Everything up to date\|Transitive dependencies")"
        set -e
        while [ -n "$ALL_LINES" ]; do
          CURRENT_LINE="$(echo "$ALL_LINES" | head -1)"
-          composer require "$(echo "$CURRENT_LINE" | awk '{print $1}')" "^$(echo "$CURRENT_LINE" | awk '{print $4}')"
+          composer require "$(echo "$CURRENT_LINE" | awk '{print $1}')" "^$(echo "$CURRENT_LINE" | awk '{print $4}')" --with-all-dependencies
          ALL_LINES="$(echo "$ALL_LINES" | sed '1d')"
        done
        echo "outdated dependencies:
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -23,7 +23,7 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        php-versions: ["8.0"]
+        php-versions: ["8.1"]

    name: php-lint

--- a/.github/workflows/lock-threads.yml
+++ b/.github/workflows/lock-threads.yml
@@ -14,7 +14,7 @@ jobs:
  action:
    runs-on: ubuntu-latest
    steps:
-      - uses: dessant/lock-threads@v3
+      - uses: dessant/lock-threads@v4
        with: 
          issue-inactive-days: '14'
          process-only: 'issues'
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -2,6 +2,7 @@
 name: nextcloud-update

 on:
+  workflow_dispatch:
  schedule:
  - cron:  '00 12 * * *'

@@ -57,7 +58,7 @@ jobs:
            | sort -V \
            | tail -1
        )"
-        sed -i "s|pecl install imagick.*|pecl install imagick-$imagick_version  >/dev/null|" ./Containers/nextcloud/start.sh
+        sed -i "s|pecl install imagick.*\;|pecl install imagick-$imagick_version\;|" ./Containers/nextcloud/Dockerfile

        # Nextcloud
        NC_MAJOR="$(grep "ENV NEXTCLOUD_VERSION" ./Containers/nextcloud/Dockerfile | grep -oP '[23][0-9]')"
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -13,10 +13,10 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
-      - name: Set up php8.0
+      - name: Set up php8.1
        uses: shivammathur/setup-php@v2
        with:
-          php-version: 8.0
+          php-version: 8.1
          extensions: apcu
          coverage: none

--- a/.github/workflows/psalm-analysis.yml
+++ b/.github/workflows/psalm-analysis.yml
@@ -12,10 +12,10 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
-      - name: Set up php8.0
+      - name: Set up php8.1
        uses: shivammathur/setup-php@v2
        with:
-          php-version: 8.0
+          php-version: 8.1
          extensions: apcu
          coverage: none

--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -12,10 +12,10 @@ jobs:
    steps:
      - uses: actions/checkout@v3

-      - name: Set up php8.0
+      - name: Set up php8.1
        uses: shivammathur/setup-php@v2
        with:
-          php-version: 8.0
+          php-version: 8.1
          extensions: apcu
          coverage: none

--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -13,7 +13,7 @@ jobs:
    steps:
    - uses: actions/checkout@v3
    - name: Run Shellcheck
-      uses: ludeeus/action-shellcheck@master
+      uses: ludeeus/action-shellcheck@2.0.0
      with:
        check_together: 'yes'
      env:
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -0,0 +1,33 @@
+name: Update Helm Chart
+
+on:
+  workflow_dispatch:
+  schedule:
+  - cron:  '00 12 * * *'
+
+jobs:
+  psalm:
+    name: update helm chart
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: update helm chart
+        run: |
+          DOCKER_TAG="$(curl -L -s 'https://registry.hub.docker.com/v2/repositories/nextcloud/all-in-one/tags?page_size=1024' | jq '."results"[]["name"]' | sed 's|"||g' | grep '^20' | sort -r | head -1)"
+          DOCKER_TAG="${DOCKER_TAG%%-latest*}"
+          export DOCKER_TAG
+          if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
+            sudo bash helm-chart/update-helm.sh "$DOCKER_TAG"
+          fi
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v4
+        with:
+          commit-message: Helm Chart updates
+          signoff: true
+          title: Helm Chart updates
+          body: Automated Helm Chart updates for the yaml files. It can be merged if it looks good at any time which will automatically trigger a new release of the helm chart.
+          labels: dependencies
+          milestone: next
+          branch: aio-helm-update
+          token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -25,3 +25,4 @@ jobs:
          labels: dependencies
          milestone: next
          branch: aio-yaml-update
+          token: ${{ secrets.GITHUB_TOKEN }}
--- a/.gitignore
+++ b/.gitignore
@@ -5,4 +5,5 @@
 /php/vendor
 /manual-install/*.conf
 !/manual-install/sample.conf
-/manual-install/docker-compose.yml
+/manual-install/docker-compose.yml
+/manual-install/.env
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -4,6 +4,10 @@
    storage file_system {
        root /mnt/data/caddy
    }
+
+    log {
+        level ERROR
+    }
 }

 {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,7 +1,15 @@
 # Caddy is a requirement
-FROM caddy:2.6.2-alpine as caddy
+FROM caddy:2.6.4-alpine as caddy

-FROM debian:bullseye-20221024-slim
+FROM httpd:2.4.55-alpine3.17
+
+RUN set -ex; \
+    apk add --no-cache shadow; \
+    groupmod -g 333 xfs; \
+    usermod -u 333 -g 333 xfs; \
+    groupmod -g 33 www-data; \
+    usermod -u 33 -g 33 www-data; \
+    apk del --no-cache shadow

 RUN mkdir -p /mnt/data; \
    chown www-data:www-data /mnt/data;
@@ -9,52 +17,43 @@ RUN mkdir -p /mnt/data; \
 VOLUME /mnt/data

 RUN set -ex; \
-    \
-    apt-get update; \
-    apt-get install -y --no-install-recommends \
-        apache2 \
+    apk add --no-cache \
+        bash \
        supervisor \
        wget \
+        tzdata \
        ca-certificates \
        openssl \
-        netcat \
-        dpkg-dev \
-        curl \
-    ; \
-    rm -rf /var/lib/apt/lists/*
+        netcat-openbsd

 COPY --from=caddy /usr/bin/caddy /usr/bin/
 RUN chmod +x /usr/bin/caddy

-RUN a2enmod rewrite \
-    headers \
-    proxy \
-    proxy_fcgi \
-    setenvif \
-    env \
-    mime \
-    dir \
-    authz_core \
-    alias
-
-COPY nextcloud.conf /etc/apache2/sites-available/
-
-RUN rm /etc/apache2/ports.conf; \
-    sed -s -i -e "s/Include ports.conf//" /etc/apache2/apache2.conf; \
-    sed -i "/^Listen /d" /etc/apache2/apache2.conf
+RUN sed -i \
+                -e '/^Listen /d' \
+                -e 's/^#\(LoadModule .*mod_rewrite.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_headers.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_proxy.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_proxy_fcgi.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_setenvif.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_env.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_mime.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_dir.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_authz_core.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_alias.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \
+                -e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \
+                -e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \
+                conf/httpd.conf; \
+		echo "Include conf/nextcloud.conf" | tee -a conf/httpd.conf; \
+                echo "ServerName localhost" | tee -a conf/httpd.conf
+		
+COPY nextcloud.conf conf

 RUN set -ex; \
-    a2dissite 000-default && \
-    a2dissite default-ssl && \
-    rm -f /etc/apache2/sites-enabled/000-default.conf && \
-    rm -f /etc/apache2/sites-enabled/default-ssl.conf && \
-    rm /etc/apache2/sites-available/000-default.conf && \
-    rm /etc/apache2/sites-available/default-ssl.conf && \
-    a2ensite nextcloud.conf && \
+    rm -rf conf/original conf/original && \
    rm -rf /var/www/html/* && \
-    chown www-data:www-data -R /var/log/apache2; \
-    mkdir -p /var/run/apache2; \
-    chown -R www-data:www-data /var/run/apache2; \
+    mkdir /var/www && \
    chown -R www-data:www-data /var/www;

 RUN mkdir /var/log/supervisord; \
@@ -71,7 +70,8 @@ RUN chmod +x /usr/bin/start.sh; \
    chmod +x /usr/bin/healthcheck.sh; \
    chmod +r /supervisord.conf; \
    chown www-data:www-data /Caddyfile; \
-    chmod +r -R /etc/apache2
+    chown -R www-data:www-data /usr/local/apache2; \
+    chmod +r -R /usr/local/apache2

 # Give root a random password
 RUN echo "root:$(openssl rand -base64 12)" | chpasswd
@@ -81,4 +81,5 @@ USER www-data
 ENTRYPOINT ["start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

-HEALTHCHECK CMD healthcheck.sh
+HEALTHCHECK CMD healthcheck.sh
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/apache/healthcheck.sh
+++ b/Containers/apache/healthcheck.sh
@@ -1,6 +1,7 @@
 #!/bin/bash

-curl -skfI localhost:8000 || exit 1
+nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
+nc -z localhost 8000 || exit 1
 if [ "$APACHE_PORT" != '443' ]; then
    nc -z localhost "$APACHE_PORT" || exit 1
 else
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -3,8 +3,8 @@ Listen 8000
    ServerName localhost

    # Add error log
-    CustomLog ${APACHE_LOG_DIR}/access.log combined
-    ErrorLog ${APACHE_LOG_DIR}/error.log
+    CustomLog /proc/self/fd/1 combined
+    ErrorLog /proc/self/fd/2

    # PHP match
    <FilesMatch "\.php$">
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -45,10 +45,13 @@ else
 fi
 echo "$CADDYFILE" > /Caddyfile

+# Fix the Caddyfile format
+caddy fmt --overwrite /Caddyfile
+
 # Add caddy path
 mkdir -p /mnt/data/caddy/

-# Fix apache sturtup
-rm -f /var/run/apache2/apache2.pid
+# Fix apache startup
+rm -f /usr/local/apache2/logs/httpd.pid

-exec "$@"
+exec "$@"
--- a/Containers/apache/supervisord.conf
+++ b/Containers/apache/supervisord.conf
@@ -9,8 +9,8 @@ logfile_backups=10
 loglevel=error

 [program:apache]
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
+# stdout_logfile=/dev/stdout
+# stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=apachectl -DFOREGROUND
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,17 +1,14 @@
-FROM debian:bullseye-20221024-slim
+FROM alpine:3.17.2

 RUN set -ex; \
    \
-    echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/sources.list; \
-    apt-get update; \
-    apt-get install -y --no-install-recommends borgbackup -t bullseye-backports; \
-    apt-get install -y --no-install-recommends \
+    apk add --no-cache \
+        bash \
+        borgbackup \
        rsync \
        fuse \
-        python3-llfuse \
-        jq \
-    ; \
-    rm -rf /var/lib/apt/lists/*
+        py3-llfuse \
+        jq

 VOLUME /root

@@ -21,4 +18,5 @@ RUN chmod +x /usr/bin/start.sh; \
    chmod +x /backupscript.sh

 USER root
-ENTRYPOINT ["start.sh"]
+ENTRYPOINT ["start.sh"]
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -66,7 +66,7 @@ if [ "$BORG_MODE" = backup ]; then

    # Test that nothing is empty
    for directory in "${VOLUME_DIRS[@]}"; do
-        if [ -z "$(ls -A "$directory")" ]; then
+        if [ -z "$(ls -A "$directory")" ] && [ "$directory" != "/nextcloud_aio_volumes/nextcloud_aio_elasticsearch" ]; then
            echo "$directory is empty which is not allowed."
            exit 1
        fi
@@ -87,7 +87,8 @@ if [ "$BORG_MODE" = backup ]; then
        # Don't initialize if already initialized
        if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
            echo "Cannot initialize a new repository as that was already done at least one time."
-            echo "If you still want to do so, you may delete the 'borg.config' file that is stored in the mastercontainer volume manually, which will allow you to initialize a new borg repository in the chosen directory."
+            echo "If you still want to do so, you may delete the 'borg.config' file that is stored in the mastercontainer volume manually, which will allow you to initialize a new borg repository in the chosen directory:"
+            echo "sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/borg.config"
            exit 1
        fi

@@ -126,7 +127,7 @@ if [ "$BORG_MODE" = backup ]; then
    # Borg options
    # auto,zstd compression seems to has the best ratio based on:
    # https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6
-    BORG_OPTS=(--stats --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)
+    BORG_OPTS=(-v --stats --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)

    # Create the backup
    echo "Starting the backup..."
@@ -150,7 +151,7 @@ if [ "$BORG_MODE" = backup ]; then

    # Prune archives
    echo "Pruning the archives..."
-    if ! borg prune --prefix '*_*-nextcloud-aio' "${BORG_PRUNE_OPTS[@]}"; then
+    if ! borg prune --glob-archives '*_*-nextcloud-aio' "${BORG_PRUNE_OPTS[@]}"; then
        echo "Failed to prune archives!"
        exit 1
    fi
@@ -173,16 +174,19 @@ if [ "$BORG_MODE" = backup ]; then
                    exit 1
                fi
            done
+            echo "Starting the backup for additional volumes..."
            if ! borg create "${BORG_OPTS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-docker-volumes" "/docker_volumes/"; then
                echo "Deleting the failed backup archive..."
                borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-docker-volumes"
                echo "Backup of additional docker-volumes failed!"
                exit 1
            fi
-            if ! borg prune --prefix '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
+            echo "Pruning additional volumes..."
+            if ! borg prune --glob-archives '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
                echo "Failed to prune additional docker-volumes archives!"
                exit 1
            fi
+            echo "Compacting additional volumes..."
            if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
                echo "Failed to compact archives!"
                exit 1
@@ -200,16 +204,19 @@ if [ "$BORG_MODE" = backup ]; then
            do
                EXCLUDE_DIRS+=(--exclude "/host_mounts/$directory/")
            done
+            echo "Starting the backup for additional host mounts..."
            if ! borg create "${BORG_OPTS[@]}" "${EXCLUDE_DIRS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-host-mounts" "/host_mounts/"; then
                echo "Deleting the failed backup archive..."
                borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-host-mounts"
                echo "Backup of additional host-mounts failed!"
                exit 1
            fi
-            if ! borg prune --prefix '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}"; then
+            echo "Pruning additional host mounts..."
+            if ! borg prune --glob-archives '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}"; then
                echo "Failed to prune additional host-mount archives!"
                exit 1
            fi
+            echo "Compacting additional host mounts..."
            if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
                echo "Failed to compact archives!"
                exit 1
@@ -257,15 +264,16 @@ if [ "$BORG_MODE" = restore ]; then

    # Restore everything except the configuration file
    if ! rsync --stats --archive --human-readable -vv --delete \
-    --exclude "nextcloud_aio_mastercontainer/session/"** \
+    --exclude "nextcloud_aio_apache/caddy/"** \
+    --exclude "nextcloud_aio_mastercontainer/caddy/"** \
    --exclude "nextcloud_aio_mastercontainer/certs/"** \
+    --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \
    --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
    --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
-    --exclude "nextcloud_aio_mastercontainer/data/configuration.json" \
+    --exclude "nextcloud_aio_mastercontainer/session/"** \
    /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes; then
+        RESTORE_FAILED=1
        echo "Something failed while restoring from backup."
-        umount /tmp/borg
-        exit 1
    fi

    # Save current aio password
@@ -285,9 +293,8 @@ if [ "$BORG_MODE" = restore ]; then
    if ! rsync --archive --human-readable -vv \
    /tmp/borg/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json \
    /nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/configuration.json; then
+        RESTORE_FAILED=1
        echo "Something failed while restoring the configuration.json."
-        umount /tmp/borg
-        exit 1
    fi

    # Set backup-mode to restore since it was a restore
@@ -322,6 +329,10 @@ if [ "$BORG_MODE" = restore ]; then

    umount /tmp/borg

+    if [ "$RESTORE_FAILED" = 1 ]; then
+        exit 1
+    fi
+
    # Inform user
    get_expiration_time
    echo "Restore finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"
@@ -333,6 +344,9 @@ if [ "$BORG_MODE" = restore ]; then
    # Add file to Nextcloud container so that it performs a fingerprint update the next time
    touch "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/fingerprint.update"
    chmod 777 "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/fingerprint.update"
+
+    # Delete redis cache
+    rm -f "/mnt/redis/dump.rdb"
 fi

 # Do the Backup check
@@ -341,7 +355,7 @@ if [ "$BORG_MODE" = check ]; then
    echo "Checking the backup integrity..."

    # Perform the check
-    if ! borg check --verify-data "$BORG_BACKUP_DIRECTORY"; then
+    if ! borg check -v --verify-data "$BORG_BACKUP_DIRECTORY"; then
        echo "Some errors were found while checking the backup integrity!"
        exit 1
    fi
@@ -352,6 +366,23 @@ if [ "$BORG_MODE" = check ]; then
    exit 0
 fi

+# Do the Backup check-repair
+if [ "$BORG_MODE" = "check-repair" ]; then
+    get_start_time
+    echo "Checking the backup integrity and repairing it..."
+
+    # Perform the check-repair
+    if ! echo YES | borg check -v --repair "$BORG_BACKUP_DIRECTORY"; then
+        echo "Some errors were found while checking and repairing the backup integrity!"
+        exit 1
+    fi
+
+    # Inform user
+    get_expiration_time
+    echo "Check finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"
+    exit 0
+fi
+
 # Do the backup test
 if [ "$BORG_MODE" = test ]; then
    if ! [ -d "$BORG_BACKUP_DIRECTORY" ]; then
--- a/Containers/borgbackup/start.sh
+++ b/Containers/borgbackup/start.sh
@@ -20,7 +20,7 @@ export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes
 export BORG_RELOCATED_REPO_ACCESS_IS_OK=yes

 # Validate BORG_MODE
-if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ] && [ "$BORG_MODE" != test ]; then
+if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ] && [ "$BORG_MODE" != "check-repair" ] && [ "$BORG_MODE" != test ]; then
    echo "No correct BORG_MODE mode applied. Valid are 'backup', 'check', 'restore' and 'test'."
    exit 1
 fi
--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,6 +1,7 @@
-# Probably from this file: https://github.com/Cisco-Talos/clamav/blob/main/Dockerfile
-FROM clamav/clamav:0.105.1
+# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/0.105/alpine/Dockerfile
+FROM clamav/clamav:1.0.1-1

-RUN apk add --update --no-cache tzdata
+RUN apk add --no-cache tzdata
 COPY clamav.conf /tmp/
 RUN cat /tmp/clamav.conf >> /etc/clamav/clamd.conf
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.8.2.1
+FROM collabora/code:22.05.10.1.1

 USER root

@@ -16,3 +16,4 @@ RUN set -ex; \
 USER 104

 HEALTHCHECK CMD nc -z localhost 9980 || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,5 +1,5 @@
-FROM alpine:3.16.2
-RUN apk add --update --no-cache lighttpd bash curl netcat-openbsd
+FROM alpine:3.17.2
+RUN apk add --no-cache lighttpd bash netcat-openbsd

 RUN adduser -S www-data -G www-data
 RUN rm -rf /etc/lighttpd/lighttpd.conf
@@ -15,4 +15,5 @@ USER www-data
 RUN mkdir -p /var/www/domaincheck/
 ENTRYPOINT ["/start.sh"]

-HEALTHCHECK CMD nc -z localhost $APACHE_PORT || exit 1
+HEALTHCHECK CMD nc -z localhost $APACHE_PORT || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,6 +1,20 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:7.17.7
+FROM elasticsearch:7.17.9

 RUN elasticsearch-plugin install --batch ingest-attachment

-HEALTHCHECK CMD curl -skfI localhost:9200 || exit 1
+RUN set -ex; \
+    \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+        tzdata \
+    ; \
+    rm -rf /var/lib/apt/lists/*
+
+COPY start.sh /
+
+RUN chmod +x /start.sh
+ENTRYPOINT ["/bin/tini", "--", "/start.sh"]
+
+HEALTHCHECK CMD nc -z localhost 9200 || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/fulltextsearch/start.sh
+++ b/Containers/fulltextsearch/start.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# Only start container if database is accessible (needed for backup to work correctly)
+while ! nc -z "$POSTGRES_HOST" 5432; do
+    echo "Waiting for database to start..."
+    sleep 5
+done
+
+# Show wiki if vm.max_map_count is too low
+if [ "$(sysctl -n vm.max_map_count)" -le 65530 ]; then
+    echo "max_map_count is too low and needs to be adjusted."
+    echo "See https://github.com/nextcloud/all-in-one/discussions/1775 how to change max_map_count"
+fi
+
+# Run initial entrypoint
+/usr/local/bin/docker-entrypoint.sh
+
+exec "$@"
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,16 +1,17 @@
 # From https://github.com/h2non/imaginary/blob/master/Dockerfile
-FROM nextcloud/imaginary:20221101
+FROM nextcloud/imaginary:20230201

 USER root
 RUN set -ex; \
    \
    apt-get update; \
    apt-get install -y --no-install-recommends \
-        ca-certificates \
-        curl \
        netcat \
    ; \
    rm -rf /var/lib/apt/lists/*
 USER nobody

-HEALTHCHECK CMD nc -z localhost 9000 || exit 1
+ENTRYPOINT ["/usr/local/bin/imaginary", "-return-size", "-max-allowed-resolution", "222.2"]
+
+HEALTHCHECK CMD nc -z localhost 9000 || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/mastercontainer/Caddyfile
+++ b/Containers/mastercontainer/Caddyfile
@@ -6,17 +6,29 @@
    storage file_system {
        root /mnt/docker-aio-config/caddy/
    }
+
+    log {
+        level ERROR
+    }
 }

 http://:80 {
  redir https://{host}{uri}
 }

-https://:8443 {
+# Match only host names and not ip-addresses:
+https://*.*:8443,
+https://*.*.*:8443,
+https://*.*.*.*:8443,
+https://*.*.*.*.*:8443,
+https://*.*.*.*.*.*:8443 {

    reverse_proxy localhost:8000

    tls {
        on_demand
+        issuer acme {
+            disable_tlsalpn_challenge
+        }
    }
 }
--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,11 +1,18 @@
 # Docker CLI is a requirement
-FROM docker:20.10.21-dind-alpine3.16 as dind
+FROM docker:23.0.1-dind as dind

 # Caddy is a requirement
-FROM caddy:2.6.2-alpine as caddy
+FROM caddy:2.6.4-alpine as caddy

-# From https://github.com/docker-library/php/blob/master/8.0/bullseye/apache/Dockerfile
-FROM php:8.0.25-apache-bullseye
+# From https://github.com/docker-library/php/blob/master/8.1/alpine3.17/fpm/Dockerfile
+FROM php:8.1.16-fpm-alpine3.17
+
+RUN set -ex; \
+    apk add --no-cache shadow; \
+    groupmod -g 333 xfs; \
+    usermod -u 333 -g 333 xfs; \
+    groupmod -g 33 www-data; \
+    usermod -u 33 -g 33 www-data

 EXPOSE 80
 EXPOSE 8080
@@ -19,16 +26,42 @@ RUN mkdir -p /var/www/docker-aio;

 WORKDIR /var/www/docker-aio

-RUN apt-get update; \
-    apt-get install -y --no-install-recommends \
-        git \
+RUN set -ex; \
+    apk add --no-cache \
+        ca-certificates \
+        wget \
+        tzdata \
+        bash \
+        apache2 \
+        apache2-proxy \
+        apache2-ssl \
        supervisor \
        openssl \
        sudo \
-        dpkg-dev \
-        netcat \
-    ; \
-    rm -rf /var/lib/apt/lists/*
+        netcat-openbsd \
+        curl \
+        grep
+
+RUN set -ex; \
+    apk add --no-cache --virtual .build-deps \
+        autoconf \
+        build-base; \
+    pecl install APCu-5.1.22; \
+    docker-php-ext-enable apcu; \
+    rm -r /tmp/pear; \
+    \
+    runDeps="$( \
+        scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
+            | tr ',' '\n' \
+            | sort -u \
+            | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
+    )"; \
+    apk add --virtual .nextcloud-aio-rundeps $runDeps; \
+    apk del .build-deps; \
+    grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf

 COPY --from=caddy /usr/bin/caddy /usr/bin/
 RUN chmod +x /usr/bin/caddy
@@ -36,14 +69,10 @@ RUN chmod +x /usr/bin/caddy
 COPY --from=dind /usr/local/bin/docker /usr/local/bin/
 RUN chmod +x /usr/local/bin/docker

-RUN set -ex; \
-    pecl install APCu-5.1.22; \
-    docker-php-ext-enable apcu
-
 RUN set -e && \
-    curl -sS https://getcomposer.org/installer | php && \
-    mv composer.phar /usr/local/bin/composer && \
-    chmod +x /usr/local/bin/composer && \
+    apk add --no-cache git; \
+    wget https://getcomposer.org/installer -O - | php -- --install-dir=/usr/local/bin --filename=composer; \
+    chmod +x /usr/local/bin/composer; \
    cd /var/www/docker-aio; \
    git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
    cd php; \
@@ -54,7 +83,8 @@ RUN set -e && \
    chmod 770 -R ./; \
    chown www-data:www-data -R /var/www; \
    rm -r ./php/data; \
-    rm -r ./php/session
+    rm -r ./php/session; \
+    apk del --no-cache git

 RUN mkdir -p /etc/apache2/certs && \
    cd /etc/apache2/certs && \
@@ -62,28 +92,31 @@ RUN mkdir -p /etc/apache2/certs && \

 COPY mastercontainer.conf /etc/apache2/sites-available/

-RUN a2enmod rewrite \
-    headers \
-    env \
-    mime \
-    dir \
-    authz_core \
-    proxy \
-    proxy_http \
-    ssl
-
-RUN rm /etc/apache2/ports.conf; \
-    sed -s -i -e "s/Include ports.conf//" /etc/apache2/apache2.conf; \
-    sed -i "/^Listen /d" /etc/apache2/apache2.conf
+RUN sed -i \
+            -e '/^Listen /d' \
+            -e 's/User apache/User www-data/g' \
+            -e 's/Group apache/Group www-data/g' \
+            -e 's/^#\(LoadModule .*mod_rewrite.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_headers.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_env.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_mime.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_dir.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_authz_core.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \
+            -e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \
+            -e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \
+        /etc/apache2/httpd.conf; \
+        mkdir -p /etc/apache2/logs; \
+        rm /etc/apache2/conf.d/ssl.conf; \
+        echo "ServerName localhost" | tee -a /etc/apache2/httpd.conf; \
+        echo "LoadModule ssl_module modules/mod_ssl.so" | tee -a /etc/apache2/httpd.conf; \
+        echo "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so" | tee -a /etc/apache2/httpd.conf; \
+        echo "Include /etc/apache2/sites-available/mastercontainer.conf" | tee -a /etc/apache2/httpd.conf

 RUN set -ex; \
-    a2dissite 000-default && \
-    a2dissite default-ssl && \
-    rm -f /etc/apache2/sites-enabled/000-default.conf && \
-    rm -f /etc/apache2/sites-enabled/default-ssl.conf && \
-    rm /etc/apache2/sites-available/000-default.conf && \
-    rm /etc/apache2/sites-available/default-ssl.conf && \
-    a2ensite mastercontainer.conf
+    rm -f /etc/apache2/conf.d/default.conf \
+          /etc/apache2/conf.d/userdir.conf \
+          /etc/apache2/conf.d/info.conf

 RUN mkdir /var/log/supervisord; \
    mkdir /var/run/supervisord;
@@ -109,4 +142,4 @@ USER root
 ENTRYPOINT ["start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

-HEALTHCHECK CMD /healthcheck.sh
+HEALTHCHECK CMD /healthcheck.sh
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -13,14 +13,14 @@ while true; do
            export START_CONTAINERS=1
        fi
        set +x
+        if [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
+            export LOCK_FILE_PRESENT=1
+        else
+            export LOCK_FILE_PRESENT=0
+        fi
    else
        export BACKUP_TIME="04:00"
        export DAILY_BACKUP=0
-    fi
-
-    if [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
-        export LOCK_FILE_PRESENT=1
-    else
        export LOCK_FILE_PRESENT=0
    fi

@@ -41,6 +41,9 @@ while true; do
    # Check for updates and send notification if yes
    sudo -u www-data php /var/www/docker-aio/php/src/Cron/UpdateNotification.php

+    # Check if AIO is outdated
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/OutdatedNotification.php
+
    # Remove sessions older than 24h
    find "/mnt/docker-aio-config/session/" -mindepth 1 -mmin +1440 -delete

--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -11,7 +11,7 @@ fi
 # Delete all active sessions and create a lock file
 # But don't kick out the user if the mastercontainer was just updated since we block the interface either way with the lock file
 if [ "$LOCK_FILE_PRESENT" = 0 ] || ! [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
-    rm -f "/mnt/docker-aio-config/session/"*
+    find "/mnt/docker-aio-config/session/" -mindepth 1 -delete
 fi
 sudo -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"

--- a/Containers/mastercontainer/mastercontainer.conf
+++ b/Containers/mastercontainer/mastercontainer.conf
@@ -1,9 +1,6 @@
 Listen 8000
 Listen 8080

-CustomLog ${APACHE_LOG_DIR}/access.log combined
-ErrorLog ${APACHE_LOG_DIR}/error.log
-
 # Deny access to .ht files
 <Files ".ht*">
    Require all denied
@@ -13,9 +10,13 @@ ErrorLog ${APACHE_LOG_DIR}/error.log
 <VirtualHost *:8000>
    ServerName localhost

+    # Add error log
+    CustomLog /proc/self/fd/1 combined
+    ErrorLog /proc/self/fd/2
+
    # PHP match
    <FilesMatch "\.php$">
-        SetHandler application/x-httpd-php
+        SetHandler "proxy:fcgi://localhost:9000"
    </FilesMatch>
    # Master dir
    DocumentRoot /var/www/docker-aio/php/public/
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -65,6 +65,17 @@ else
    sleep 10
 fi

+# Check Storage drivers
+STORAGE_DRIVER="$(docker info | grep "Storage Driver")"
+# Check if vfs is used: https://github.com/nextcloud/all-in-one/discussions/1467
+if echo "$STORAGE_DRIVER" | grep -q vfs; then
+    echo "$STORAGE_DRIVER"
+    echo "Warning: It seems like the storage driver vfs is used. This will lead to problems with disk space and performance and is disrecommended!"
+elif echo "$STORAGE_DRIVER" | grep -q fuse-overlayfs; then
+    echo "$STORAGE_DRIVER"
+    echo "Warning: It seems like the storage driver fuse-overlayfs is used. Please check if you can switch to overlay2 instead."
+fi
+
 # Check if startup command was executed correctly
 if ! sudo -u www-data docker ps | grep -q "nextcloud-aio-mastercontainer"; then
    echo "It seems like you did not give the mastercontainer the correct name?
@@ -228,8 +239,8 @@ chown root:root -R /mnt/docker-aio-config/certs/

 # Don't allow access to the AIO interface from the Nextcloud container
 # Probably more cosmetic than anything but at least an attempt
-if ! grep -q '# nextcloud-aio-block' /etc/apache2/apache2.conf; then
-    cat << APACHE_CONF >> /etc/apache2/apache2.conf
+if ! grep -q '# nextcloud-aio-block' /etc/apache2/httpd.conf; then
+    cat << APACHE_CONF >> /etc/apache2/httpd.conf
 # nextcloud-aio-block-start
 <Location />
 order allow,deny
@@ -266,4 +277,13 @@ https://your-domain-that-points-to-this-server.tld:8443"
 # Set the timezone to UTC
 export TZ=UTC

+# Fix apache startup
+rm -f /var/run/apache2/httpd.pid
+
+# Fix the Caddyfile format
+caddy fmt --overwrite /Caddyfile
+
+# Fix caddy log 
+chmod 777 /root
+
 exec "$@"
--- a/Containers/mastercontainer/supervisord.conf
+++ b/Containers/mastercontainer/supervisord.conf
@@ -8,12 +8,20 @@ logfile_backups=10
 loglevel=error
 user=root

+[program:php-fpm]
+# stdout_logfile=/dev/stdout
+# stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=php-fpm
+user=root
+
 [program:apache]
 # stdout_logfile=/dev/stdout
 # stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=apache2-foreground
+command=httpd -DFOREGROUND
 user=root

 [program:caddy]
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,5 +1,5 @@
 # From https://github.com/nextcloud/docker/blob/master/23/fpm-alpine/Dockerfile
-FROM php:8.0.25-fpm-alpine3.16
+FROM php:8.0.28-fpm-alpine3.16

 # Custom: change id of www-data user as it needs to be the same like on old installations
 RUN set -ex; \
@@ -27,6 +27,7 @@ RUN set -ex; \
    apk add --no-cache --virtual .build-deps \
        $PHPIZE_DEPS \
        autoconf \
+        libtool \
        freetype-dev \
        icu-dev \
        libevent-dev \
@@ -41,6 +42,17 @@ RUN set -ex; \
        postgresql-dev \
        libwebp-dev \
        gmp-dev \
+        lcms2-dev \
+        fontconfig-dev \
+        freetype-dev \
+        ghostscript-dev \
+        tiff-dev \
+        zlib-dev \
+        imagemagick-dev \
+        libheif-dev \
+        librsvg-dev \
+        libxext-dev \
+        ghostscript-fonts \
    ; \
    \
    docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
@@ -53,7 +65,6 @@ RUN set -ex; \
        ldap \
        opcache \
        pcntl \
-        pdo_mysql \
        pdo_pgsql \
        zip \
        gmp \
@@ -63,6 +74,7 @@ RUN set -ex; \
    pecl install APCu-5.1.22; \
    pecl install memcached-3.2.0; \
    pecl install redis-5.3.7; \
+    pecl install imagick-3.7.0; \
    \
    docker-php-ext-enable \
        apcu \
@@ -104,7 +116,7 @@ RUN { \

 VOLUME /var/www/html

-ENV NEXTCLOUD_VERSION 24.0.7
+ENV NEXTCLOUD_VERSION 25.0.3

 RUN set -ex; \
    apk add --no-cache --virtual .fetch-deps \
@@ -123,7 +135,6 @@ RUN set -ex; \
    tar -xjf nextcloud.tar.bz2 -C /usr/src/; \
    gpgconf --kill all; \
    rm nextcloud.tar.bz2.asc nextcloud.tar.bz2; \
-    rm -rf "$GNUPGHOME" /usr/src/nextcloud/updater; \
    mkdir -p /usr/src/nextcloud/data; \
    mkdir -p /usr/src/nextcloud/custom_apps; \
    chmod +x /usr/src/nextcloud/occ; \
@@ -156,12 +167,14 @@ RUN set -ex; \
        openssl-dev \
        samba-dev \
        bzip2-dev \
+        libpq-dev \
    ; \
    \
    docker-php-ext-configure imap --with-kerberos --with-imap-ssl; \
    docker-php-ext-install \
        bz2 \
        imap \
+        pgsql \
    ; \
    pecl install smbclient; \
    docker-php-ext-enable smbclient; \
@@ -200,8 +213,12 @@ RUN set -ex; \
        mawk \
        sudo \
        grep \
-    ; \
-    rm -rf /var/lib/apt/lists/*
+        coreutils \
+        libjpeg \
+        librsvg \
+        libheif \
+        libpng \
+        ghostscript-fonts;

 RUN set -ex; \
    grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
@@ -209,7 +226,8 @@ RUN set -ex; \
    sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
    sed -i 's/^pm.start_servers =.*/pm.start_servers = 2/' /usr/local/etc/php-fpm.d/www.conf; \
    sed -i 's/^pm.min_spare_servers =.*/pm.min_spare_servers = 1/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's/^pm.max_spare_servers =.*/pm.max_spare_servers = 3/' /usr/local/etc/php-fpm.d/www.conf
+    sed -i 's/^pm.max_spare_servers =.*/pm.max_spare_servers = 3/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf

 RUN set -ex; \
    rm -rf /tmp/nextcloud-aio && \
@@ -227,13 +245,16 @@ RUN set -ex; \

 COPY start.sh /
 COPY notify.sh /
+COPY notify-all.sh /
 RUN set -ex; \
    chmod +x /start.sh && \
    chmod +x /entrypoint.sh && \
    chmod +r /upgrade.exclude && \
    chmod +x /cron.sh && \
    chmod +x /notify.sh && \
-    chmod +x /activate-collabora.sh
+    chmod +x /notify-all.sh && \
+    chmod +x /activate-collabora.sh && \
+    chmod +x /healthcheck.sh

 RUN set -ex; \
    mkdir /mnt/ncdata; \
@@ -247,4 +268,5 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 USER root
 ENTRYPOINT ["/start.sh"]

-HEALTHCHECK CMD (sudo -u www-data nc -z localhost 9000 && sudo -u www-data nc -z localhost 7867) || exit 1
+HEALTHCHECK CMD sudo -E -u www-data bash /healthcheck.sh
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -79,12 +79,27 @@ if [ -f "$NEXTCLOUD_DATA_DIR/update.failed" ]; then
    exit 1
 fi

+# Do not start the container if the install failed
+if [ -f "$NEXTCLOUD_DATA_DIR/install.failed" ]; then
+    echo "The initial Nextcloud installation failed."
+    echo "Please reset AIO properly and try again. For further clues what went wrong, check the logs above."
+    echo "See https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance"
+    exit 1
+fi
+
 # Skip any update if Nextcloud was just restored
 if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
    if version_greater "$image_version" "$installed_version"; then
        # Check if it skips a major version
        INSTALLED_MAJOR="${installed_version%%.*}"
        IMAGE_MAJOR="${image_version%%.*}"
+        
+        if [ "$installed_version" != "0.0.0.0" ]; then
+            # Write output to logfile.
+            exec > >(tee -i "/var/www/html/data/update.log")
+            exec 2>&1
+        fi
+
        if [ "$installed_version" != "0.0.0.0" ] && [ "$((IMAGE_MAJOR - INSTALLED_MAJOR))" -gt 1 ]; then
            set -ex
            NEXT_MAJOR="$((INSTALLED_MAJOR + 1))"
@@ -99,13 +114,12 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
            tar -xjf nextcloud.tar.bz2 -C /usr/src/tmp/
            gpgconf --kill all
            rm nextcloud.tar.bz2.asc nextcloud.tar.bz2
-            rm -rf "$GNUPGHOME" /usr/src/tmp/nextcloud/updater
            mkdir -p /usr/src/tmp/nextcloud/data
            mkdir -p /usr/src/tmp/nextcloud/custom_apps
            chmod +x /usr/src/tmp/nextcloud/occ
-            cp /usr/src/nextcloud/config/* /usr/src/tmp/nextcloud/config/
+            cp -r /usr/src/nextcloud/config/* /usr/src/tmp/nextcloud/config/
            mkdir -p /usr/src/tmp/nextcloud/apps/nextcloud-aio
-            cp /usr/src/nextcloud/apps/nextcloud-aio/* /usr/src/tmp/nextcloud/apps/nextcloud-aio/
+            cp -r /usr/src/nextcloud/apps/nextcloud-aio/* /usr/src/tmp/nextcloud/apps/nextcloud-aio/
            mv /usr/src/nextcloud /usr/src/temp-nextcloud
            mv /usr/src/tmp/nextcloud /usr/src/nextcloud
            rm -r /usr/src/tmp
@@ -133,7 +147,19 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
            php /var/www/html/occ maintenance:mode --off

            echo "Getting and backing up the status of apps for later, this might take a while..."
-            php /var/www/html/occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_before
+            NC_APPS="$(find /var/www/html/custom_apps/ -type d -maxdepth 1 -mindepth 1 | sed 's|/var/www/html/custom_apps/||g')"
+            if [ -z "$NC_APPS" ]; then
+                echo "No apps detected, aborting export of app status..."
+                APPSTORAGE="no-export-done"
+            else
+                mapfile -t NC_APPS_ARRAY <<< "$NC_APPS"
+                declare -Ag APPSTORAGE
+                echo "Disabling apps before the update in order to make the update procedure more safe. This can take a while..."
+                for app in "${NC_APPS_ARRAY[@]}"; do
+                    APPSTORAGE[$app]=$(php /var/www/html/occ config:app:get "$app" enabled)
+                    php /var/www/html/occ app:disable "$app"
+                done
+            fi

            if [ "$((IMAGE_MAJOR - INSTALLED_MAJOR))" -eq 1 ]; then
                php /var/www/html/occ config:system:delete app_install_overwrite
@@ -158,12 +184,18 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                rsync -rlD --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
            fi
        done
+        rsync -rlD --delete --include '/config/' --exclude '/*' --exclude '/config/CAN_INSTALL' --exclude '/config/config.sample.php' --exclude '/config/config.php' /usr/src/nextcloud/ /var/www/html/
        rsync -rlD --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
        echo "Initializing finished"

        #install
        if [ "$installed_version" = "0.0.0.0" ]; then
-            echo "New nextcloud instance"
+            echo "New Nextcloud instance."
+
+            # Write output to logfile.
+            mkdir -p /var/www/html/data
+            exec > >(tee -i "/var/www/html/data/install.log")
+            exec 2>&1

            INSTALL_OPTIONS=(-n --admin-user "$ADMIN_USER" --admin-pass "$ADMIN_PASSWORD")
            if [ -n "${NEXTCLOUD_DATA_DIR}" ]; then
@@ -173,17 +205,28 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
            echo "Installing with PostgreSQL database"
            INSTALL_OPTIONS+=(--database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST")

-            echo "starting nextcloud installation"
+            echo "Starting Nextcloud installation..."
+            if ! php /var/www/html/occ maintenance:install "${INSTALL_OPTIONS[@]}"; then
+                echo "Installation of Nextcloud failed!"
+                touch "$NEXTCLOUD_DATA_DIR/install.failed"
+                exit 1
+            fi
+
+            # Try to force generation of appdata dir:
+            php /var/www/html/occ maintenance:repair
+
            max_retries=10
            try=0
-            until php /var/www/html/occ maintenance:install "${INSTALL_OPTIONS[@]}" || [ "$try" -gt "$max_retries" ]
-            do
-                echo "retrying install..."
+            while [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ] && [ "$try" -lt "$max_retries" ]; do
+                echo "Waiting for appdata to become available..."
                try=$((try+1))
                sleep 10s
            done
-            if [ "$try" -gt "$max_retries" ]; then
-                echo "installing of nextcloud failed!"
+
+            if [ "$try" -ge "$max_retries" ]; then
+                echo "Installation of Nextcloud failed!"
+                echo "Install errors: $(cat /var/www/html/data/nextcloud.log)"
+                touch "$NEXTCLOUD_DATA_DIR/install.failed"
                exit 1
            fi

@@ -232,19 +275,25 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
            if [ -n "$STARTUP_APPS" ]; then
                read -ra STARTUP_APPS_ARRAY <<< "$STARTUP_APPS"
                for app in "${STARTUP_APPS_ARRAY[@]}"; do
-                    php /var/www/html/occ app:install "$app"
+                    if ! echo "$app" | grep -q '^-'; then 
+                        if [ -z "$(find /var/www/html/apps -type d -maxdepth 1 -mindepth 1 -name "$app" )" ]; then
+                            # If not shipped, install and enable the app
+                            php /var/www/html/occ app:install "$app"
+                        else
+                            # If shipped, enable the app
+                            php /var/www/html/occ app:enable "$app"
+                        fi
+                    else
+                        app="${app#-}"
+                        # Disable the app if '-' was provided in front of the appid
+                        php /var/www/html/occ app:disable "$app"
+                    fi
                done
            fi

        #upgrade
        else
            touch "$NEXTCLOUD_DATA_DIR/update.failed"
-            while [ -n "$(pgrep -f cron.php)" ]
-            do
-                echo "Waiting for Nextclouds cronjob to finish..."
-                sleep 5
-            done
-
            echo "Upgrading nextcloud from $installed_version to $image_version..."
            if ! php /var/www/html/occ upgrade || ! php /var/www/html/occ -V; then
                echo "Upgrade failed. Please restore from backup."
@@ -255,10 +304,35 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
            rm "$NEXTCLOUD_DATA_DIR/update.failed"
            bash /notify.sh "Nextcloud update to $image_version successful!" "Feel free to inspect the Nextcloud container logs for more info."

-            php /var/www/html/occ app:list | sed -n "/Enabled:/,/Disabled:/p" > /tmp/list_after
-            echo "The following apps have been disabled:"
-            diff /tmp/list_before /tmp/list_after | grep '<' | cut -d- -f2 | cut -d: -f1
-            rm -f /tmp/list_before /tmp/list_after
+            php /var/www/html/occ app:update --all
+
+            # Restore app status
+            if [ "${APPSTORAGE[0]}" != "no-export-done" ]; then
+                echo "Restoring the status of apps. This can take a while..."
+                for app in "${!APPSTORAGE[@]}"; do
+                    if [ -n "${APPSTORAGE[$app]}" ]; then
+                        if [ "${APPSTORAGE[$app]}" != "no" ]; then
+                            echo "Enabling $app..."
+                            if ! php /var/www/html/occ app:enable "$app" >/dev/null; then
+                                echo "The $app app could not get enabled. Probably because it is not compatible with the new Nextcloud version."
+                                if [ "$app" = apporder ]; then
+                                    CUSTOM_HINT="The apporder app was deprecated. A possible replacement is the side_menu app, aka 'Custom menu'."
+                                else
+                                    CUSTOM_HINT="Most likely because it is not compatible with the new Nextcloud version."
+                                fi
+                                bash /notify.sh "Could not enable the $app app after the Nextcloud update!" "$CUSTOM_HINT Feel free to look at the Nextcloud update logs and force-enable the app again from the app-store UI."
+                                continue
+                            fi
+                            # Only restore the group settings, if the app was enabled (and is thus compatible with the new NC version)
+                            if [ "${APPSTORAGE[$app]}" != "yes" ]; then
+                                php /var/www/html/occ config:app:set "$app" enabled --value="${APPSTORAGE[$app]}"
+                            fi
+                        fi
+                    fi
+                done
+            fi
+
+            php /var/www/html/occ app:update --all

            # Apply optimization
            echo "Doing some optimizations..."
@@ -287,6 +361,9 @@ fi
 # If not, something broke (e.g. changing ncdatadir after aio was first started)
 if [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
    echo "Appdata is not present. Did you maybe change the datadir after aio was first started?"
+    echo "See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir"
+    echo "In the datadir was found:"
+    ls -la "$NEXTCLOUD_DATA_DIR/"
    exit 1
 fi

@@ -332,16 +409,14 @@ else
 fi

 # AIO app
-if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" = "" ]; then
-    php /var/www/html/occ app:enable nextcloud-aio
-elif [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" = "no" ]; then
+if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" != "yes" ]; then
    php /var/www/html/occ app:enable nextcloud-aio
 fi

 # Notify push
 if ! [ -d "/var/www/html/custom_apps/notify_push" ]; then
    php /var/www/html/occ app:install notify_push
-elif [ "$(php /var/www/html/occ config:app:get notify_push enabled)" = "no" ]; then
+elif [ "$(php /var/www/html/occ config:app:get notify_push enabled)" != "yes" ]; then
    php /var/www/html/occ app:enable notify_push
 elif [ "$SKIP_UPDATE" != 1 ]; then
    php /var/www/html/occ app:update notify_push
@@ -354,7 +429,7 @@ php /var/www/html/occ config:app:set notify_push base_endpoint --value="https://
 if [ "$COLLABORA_ENABLED" = 'yes' ]; then
    if ! [ -d "/var/www/html/custom_apps/richdocuments" ]; then
        php /var/www/html/occ app:install richdocuments
-    elif [ "$(php /var/www/html/occ config:app:get richdocuments enabled)" = "no" ]; then
+    elif [ "$(php /var/www/html/occ config:app:get richdocuments enabled)" != "yes" ]; then
        php /var/www/html/occ app:enable richdocuments
    elif [ "$SKIP_UPDATE" != 1 ]; then
        php /var/www/html/occ app:update richdocuments
@@ -362,6 +437,44 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
    php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$NC_DOMAIN/"
    # Fix https://github.com/nextcloud/all-in-one/issues/188:
    php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
+    # Make collabora more save
+    COLLABORA_IPv4_ADDRESS="$(echo "<?php echo gethostbyname('$NC_DOMAIN');" | php | head -1)"
+    COLLABORA_IPv6_Address="<?php \$record = dns_get_record('$NC_DOMAIN', DNS_AAAA);"
+    # shellcheck disable=SC2016
+    COLLABORA_IPv6_Address+='if (!empty($record)) {echo $record[0]["ipv6"];}'
+    COLLABORA_IPv6_Address="$(echo "$COLLABORA_IPv6_Address" | php | head -1)"
+    COLLABORA_ALLOW_LIST="$(php /var/www/html/occ config:app:get richdocuments wopi_allowlist)"
+    if [ -n "$COLLABORA_IPv4_ADDRESS" ]; then
+        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv4_ADDRESS"; then
+            if [ -z "$COLLABORA_ALLOW_LIST" ]; then
+                COLLABORA_ALLOW_LIST="$COLLABORA_IPv4_ADDRESS"
+            else
+                COLLABORA_ALLOW_LIST+=",$COLLABORA_IPv4_ADDRESS"
+            fi
+        fi
+    else
+        echo "Warning: No ipv4-address found for $NC_DOMAIN."
+    fi
+    if [ -n "$COLLABORA_IPv6_ADDRESS" ]; then
+        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv6_ADDRESS"; then
+            if [ -z "$COLLABORA_ALLOW_LIST" ]; then
+                COLLABORA_ALLOW_LIST="$COLLABORA_IPv6_ADDRESS"
+            else
+                COLLABORA_ALLOW_LIST+=",$COLLABORA_IPv6_ADDRESS"
+            fi
+        fi
+    else
+        echo "No ipv6-address found for $NC_DOMAIN."
+    fi
+    if [ -n "$COLLABORA_ALLOW_LIST" ]; then
+        PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1'
+        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$PRIVATE_IP_RANGES"; then
+            COLLABORA_ALLOW_LIST+=",$PRIVATE_IP_RANGES"
+        fi
+        php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value="$COLLABORA_ALLOW_LIST"
+    else
+        echo "Warning: wopi_allowlist is empty which should not be the case!"
+    fi
 else
    if [ -d "/var/www/html/custom_apps/richdocuments" ]; then
        php /var/www/html/occ app:remove richdocuments
@@ -376,7 +489,7 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
    done
    if ! [ -d "/var/www/html/custom_apps/onlyoffice" ]; then
        php /var/www/html/occ app:install onlyoffice
-    elif [ "$(php /var/www/html/occ config:app:get onlyoffice enabled)" = "no" ]; then
+    elif [ "$(php /var/www/html/occ config:app:get onlyoffice enabled)" != "yes" ]; then
        php /var/www/html/occ app:enable onlyoffice
    elif [ "$SKIP_UPDATE" != 1 ]; then
        php /var/www/html/occ app:update onlyoffice
@@ -395,14 +508,14 @@ fi
 if [ "$TALK_ENABLED" = 'yes' ]; then
    if ! [ -d "/var/www/html/custom_apps/spreed" ]; then
        php /var/www/html/occ app:install spreed
-    elif [ "$(php /var/www/html/occ config:app:get spreed enabled)" = "no" ]; then
+    elif [ "$(php /var/www/html/occ config:app:get spreed enabled)" != "yes" ]; then
        php /var/www/html/occ app:enable spreed
    elif [ "$SKIP_UPDATE" != 1 ]; then
        php /var/www/html/occ app:update spreed
    fi
    # Based on https://github.com/nextcloud/spreed/issues/960#issuecomment-416993435
    if [ -z "$(php /var/www/html/occ talk:turn:list --output="plain")" ]; then
-        php /var/www/html/occ talk:turn:add "$NC_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
+        php /var/www/html/occ talk:turn:add turn "$NC_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
    fi
    if php /var/www/html/occ talk:stun:list --output="plain" | grep -oP '[a-zA-Z.:0-9]+' | grep -q "^stun.nextcloud.com:443$"; then
        php /var/www/html/occ talk:stun:add "$NC_DOMAIN:$TALK_PORT"
@@ -425,7 +538,7 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then
    done
    if ! [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
        php /var/www/html/occ app:install files_antivirus
-    elif [ "$(php /var/www/html/occ config:app:get files_antivirus enabled)" = "no" ]; then
+    elif [ "$(php /var/www/html/occ config:app:get files_antivirus enabled)" != "yes" ]; then
        php /var/www/html/occ app:enable files_antivirus
    elif [ "$SKIP_UPDATE" != 1 ]; then
        php /var/www/html/occ app:update files_antivirus
@@ -448,8 +561,13 @@ if version_greater "$installed_version" "24.0.0.0"; then
        php /var/www/html/occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\Imaginary"
        php /var/www/html/occ config:system:set preview_imaginary_url --value="http://$IMAGINARY_HOST:9000"
    else
-        php /var/www/html/occ config:system:delete enabledPreviewProviders 0
-        php /var/www/html/occ config:system:delete preview_imaginary_url
+        if [ -n "$(php /var/www/html/occ config:system:get preview_imaginary_url)" ]; then
+            php /var/www/html/occ config:system:delete enabledPreviewProviders 0
+            php /var/www/html/occ config:system:delete preview_imaginary_url
+            php /var/www/html/occ config:system:delete enabledPreviewProviders 20
+            php /var/www/html/occ config:system:delete enabledPreviewProviders 21
+            php /var/www/html/occ config:system:delete enabledPreviewProviders 22
+        fi
    fi
 fi

@@ -461,21 +579,21 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
    done
    if ! [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then
        php /var/www/html/occ app:install fulltextsearch
-    elif [ "$(php /var/www/html/occ config:app:get fulltextsearch enabled)" = "no" ]; then
+    elif [ "$(php /var/www/html/occ config:app:get fulltextsearch enabled)" != "yes" ]; then
        php /var/www/html/occ app:enable fulltextsearch
    elif [ "$SKIP_UPDATE" != 1 ]; then
        php /var/www/html/occ app:update fulltextsearch
    fi    
    if ! [ -d "/var/www/html/custom_apps/fulltextsearch_elasticsearch" ]; then
        php /var/www/html/occ app:install fulltextsearch_elasticsearch
-    elif [ "$(php /var/www/html/occ config:app:get fulltextsearch_elasticsearch enabled)" = "no" ]; then
+    elif [ "$(php /var/www/html/occ config:app:get fulltextsearch_elasticsearch enabled)" != "yes" ]; then
        php /var/www/html/occ app:enable fulltextsearch_elasticsearch
    elif [ "$SKIP_UPDATE" != 1 ]; then
        php /var/www/html/occ app:update fulltextsearch_elasticsearch
    fi    
    if ! [ -d "/var/www/html/custom_apps/files_fulltextsearch" ]; then
        php /var/www/html/occ app:install files_fulltextsearch
-    elif [ "$(php /var/www/html/occ config:app:get files_fulltextsearch enabled)" = "no" ]; then
+    elif [ "$(php /var/www/html/occ config:app:get files_fulltextsearch enabled)" != "yes" ]; then
        php /var/www/html/occ app:enable files_fulltextsearch
    elif [ "$SKIP_UPDATE" != 1 ]; then
        php /var/www/html/occ app:update files_fulltextsearch
@@ -489,10 +607,11 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
        echo "Waiting 10s before activating FTS..."
        sleep 10
        echo "Activating fulltextsearch..."
-        if php /var/www/html/occ fulltextsearch:test && php /var/www/html/occ fulltextsearch:index; then
+        if php /var/www/html/occ fulltextsearch:test && php /var/www/html/occ fulltextsearch:index "{\"errors\": \"reset\"}" --no-readline; then
            touch "$NEXTCLOUD_DATA_DIR/fts-index.done"
        else
            echo "Fulltextsearch failed. Could not index."
+            echo "Feel free to follow https://github.com/nextcloud/all-in-one/discussions/1709 if you want to skip the indexing in the future."
        fi
    fi
 else
--- a/Containers/nextcloud/healthcheck.sh
+++ b/Containers/nextcloud/healthcheck.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+nc -z "$POSTGRES_HOST" 5432 || exit 0
+
+if ! nc -z localhost 9000 || ! nc -z localhost 7867; then
+    exit 1
+fi
--- a/Containers/nextcloud/notify-all.sh
+++ b/Containers/nextcloud/notify-all.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+if [[ "$EUID" = 0 ]]; then
+    COMMAND=(sudo -E -u www-data php /var/www/html/occ)
+else
+    COMMAND=(php /var/www/html/occ)
+fi
+
+SUBJECT="$1"
+MESSAGE="$2"
+
+if [ "$("${COMMAND[@]}" config:app:get notifications enabled)" = "no" ]; then
+    echo "Cannot send notification as notification app is not enabled."
+    exit 1
+fi
+
+echo "Posting notifications to all users..."
+NC_USERS=$("${COMMAND[@]}" user:list | sed 's|^  - ||g' | sed 's|:.*||')
+mapfile -t NC_USERS <<< "$NC_USERS"
+for user in "${NC_USERS[@]}"
+do
+    echo "Posting '$SUBJECT' to: $user"
+    "${COMMAND[@]}" notification:generate "$user" "$NC_DOMAIN: $SUBJECT" -l "$MESSAGE"
+done
+
+echo "Done!"
+exit 0
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -17,9 +17,11 @@ if [ -f "/var/www/html/config/config.php" ]; then
        echo "Waiting for the database to start..."
        sleep 5
    done
-    # The code below is hopefully not needed anymore. Was introduced with https://github.com/nextcloud/all-in-one/pull/218
-    # sed -i "s|'dbuser'.*=>.*$|'dbuser' => '$POSTGRES_USER',|" /var/www/html/config/config.php
-    # sed -i "s|'dbpassword'.*=>.*$|'dbpassword' => '$POSTGRES_PASSWORD',|" /var/www/html/config/config.php
+    if [ "$POSTGRES_USER" = "oc_nextcloud" ] && echo "$POSTGRES_PASSWORD" | grep -q '^[a-z0-9]\+$'; then
+        # this was introduced with https://github.com/nextcloud/all-in-one/pull/218
+        sed -i "s|'dbuser'.*=>.*$|'dbuser' => '$POSTGRES_USER',|" /var/www/html/config/config.php
+        sed -i "s|'dbpassword'.*=>.*$|'dbpassword' => '$POSTGRES_PASSWORD',|" /var/www/html/config/config.php
+    fi
 fi

 # Trust additional Cacerts, if the user provided $TRUSTED_CACERTS_DIR
@@ -28,6 +30,18 @@ if [ -n "$TRUSTED_CACERTS_DIR" ]; then
    update-ca-certificates
 fi

+# Check if /dev/dri device is present and apply correct permissions
+set -x
+if ! [ -f "/dev-dri-group-was-added" ] && [ -n "$(find /dev -maxdepth 1 -mindepth 1 -name dri)" ] && [ -n "$(find /dev/dri -maxdepth 1 -mindepth 1 -name renderD128)" ]; then
+    # From https://github.com/pulsejet/memories/wiki/QSV-Transcoding#docker-installations
+    GID="$(stat -c "%g" /dev/dri/renderD128)"
+    groupadd -g "$GID" render2 || true # sometimes this is needed
+    GROUP="$(getent group "$GID" | cut -d: -f1)"
+    usermod -aG "$GROUP" www-data
+    touch "/dev-dri-group-was-added"
+fi
+set +x
+
 # Check datadir permissions
 sudo -u www-data touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
 if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
@@ -55,21 +69,25 @@ if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
    if ! [ -f "/additional-php-extensions-are-installed" ]; then
        read -ra ADDITIONAL_PHP_EXTENSIONS_ARRAY <<< "$ADDITIONAL_PHP_EXTENSIONS"
        for app in "${ADDITIONAL_PHP_EXTENSIONS_ARRAY[@]}"; do
+            if [ "$app" = imagick ]; then
+                echo "Enabling Imagick..."
+                if ! docker-php-ext-enable imagick >/dev/null; then
+                    echo "Could not install PHP extension imagick!"
+                fi
+                continue
+            fi
            # shellcheck disable=SC2086
            if [ "$PHP_DEPS_ARE_INSTALLED" != 1 ]; then
                echo "Installing PHP build dependencies..."
-                if ! apk add --no-cache --virtual .build-deps libxml2-dev imagemagick-dev autoconf $PHPIZE_DEPS >/dev/null; then
+                    if ! apk add --no-cache --virtual .build-deps \
+                        libxml2-dev \
+                        autoconf \
+                        $PHPIZE_DEPS >/dev/null; then
                    echo "Could not install build-deps!"
                fi
                PHP_DEPS_ARE_INSTALLED=1
            fi
-            if [ "$app" = imagick ]; then
-                echo "Installing Imagick via PECL..."
-                pecl install imagick-3.7.0 >/dev/null
-                if ! docker-php-ext-enable imagick >/dev/null; then
-                    echo "Could not install PHP extension imagick!"
-                fi
-            elif [ "$app" = inotify ]; then
+            if [ "$app" = inotify ]; then
                echo "Installing $app via PECL..."
                pecl install "$app" >/dev/null
                if ! docker-php-ext-enable "$app" >/dev/null; then
--- a/Containers/nextcloud/supervisord.conf
+++ b/Containers/nextcloud/supervisord.conf
@@ -12,8 +12,8 @@ user=root
 [program:php-fpm]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
-# stderr_logfile=/dev/stderr
-# stderr_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
 command=php-fpm
 user=root

--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,4 +1,5 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.2.1.34
+FROM onlyoffice/documentserver:7.3.2.8

-HEALTHCHECK CMD curl -skfI localhost || exit 1
+HEALTHCHECK CMD nc -z localhost 80 || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,7 +1,7 @@
-# From https://github.com/docker-library/postgres/blob/master/13/alpine/Dockerfile
-FROM postgres:14.5-alpine
+# From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
+FROM postgres:15.2-alpine

-RUN apk add --update --no-cache bash openssl shadow netcat-openbsd grep mawk
+RUN apk add --no-cache bash openssl shadow netcat-openbsd grep mawk

 # We need to use the same gid and uid as on old installations
 RUN set -ex; \
@@ -17,9 +17,12 @@ RUN set -ex; \
    chown -R postgres:postgres "$PGDATA"

 COPY start.sh /usr/bin/
+COPY healthcheck.sh /usr/bin/
 COPY init-user-db.sh /docker-entrypoint-initdb.d/
-RUN chmod +x /usr/bin/start.sh; \
-    chmod +xr /docker-entrypoint-initdb.d/init-user-db.sh
+RUN set -ex; \
+    chmod +x /usr/bin/start.sh; \
+    chmod +xr /docker-entrypoint-initdb.d/init-user-db.sh; \
+    chmod +x /usr/bin/healthcheck.sh

 RUN mkdir /mnt/data; \
    chown postgres:postgres /mnt/data;
@@ -32,4 +35,5 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 USER postgres
 ENTRYPOINT ["start.sh"]

-HEALTHCHECK CMD psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/$POSTGRES_DB" -c "select now()" || exit 1
+HEALTHCHECK CMD healthcheck.sh
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/postgresql/healthcheck.sh
+++ b/Containers/postgresql/healthcheck.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+test -f "/mnt/data/backup-is-running" && exit 0
+
+psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/$POSTGRES_DB" -c "select now()" || exit 1
--- a/Containers/postgresql/init-user-db.sh
+++ b/Containers/postgresql/init-user-db.sh
@@ -1,9 +1,15 @@
 #!/bin/bash
 set -ex

+touch "$DUMP_DIR/initialization.failed"
+
 psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
 	CREATE USER "oc_$POSTGRES_USER" WITH PASSWORD '$POSTGRES_PASSWORD' CREATEDB;
 	ALTER DATABASE "$POSTGRES_DB" OWNER TO "oc_$POSTGRES_USER";
+	GRANT ALL PRIVILEGES ON DATABASE "$POSTGRES_DB" TO "oc_$POSTGRES_USER";
+	GRANT ALL PRIVILEGES ON SCHEMA public TO "oc_$POSTGRES_USER";
 EOSQL

+rm "$DUMP_DIR/initialization.failed"
+
 set +ex
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -2,13 +2,15 @@

 # Variables
 DATADIR="/var/lib/postgresql/data"
-DUMP_DIR="/mnt/data"
+export DUMP_DIR="/mnt/data"
 DUMP_FILE="$DUMP_DIR/database-dump.sql"
 export PGPASSWORD="$POSTGRES_PASSWORD"

 # Don't start database as long as backup is running
 while [ -f "$DUMP_DIR/backup-is-running" ]; do
    echo "Waiting for backup container to finish..."
+    echo "If this is incorrect because the backup container is not running anymore (because it was forcefully killed), you might delete the lock file:"
+    echo "sudo docker exec --user root nextcloud-aio-database rm /mnt/data/backup-is-running"
    sleep 10
 done

@@ -18,6 +20,23 @@ if ! [ -w "$DUMP_DIR" ]; then
    exit 1
 fi

+# Don't start if import failed
+if [ -f "$DUMP_DIR/import.failed" ]; then
+    echo "The database import failed. Please restore a backup and try again."
+    echo "For further clues on what went wrong, look at the logs above."
+    exit 1
+fi
+
+# Don't start if initialization failed
+if [ -f "$DUMP_DIR/initialization.failed" ]; then
+    echo "The database initialization failed. Most likely was a wrong timezone selected."
+    echo "The selected timezone is '$TZ'." 
+    echo "Please check if it is in 'TZ database name' column of the timezone list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"
+    echo "For further clues on what went wrong, look at the logs above."
+    echo "You might start again from scratch by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance and selecting a proper timezone."
+    exit 1
+fi
+
 # Delete the datadir once (needed for setting the correct credentials on old instances once)
 if ! [ -f "$DUMP_DIR/export.failed" ] && ! [ -f "$DUMP_DIR/initial-cleanup-done" ]; then
    set -ex
@@ -43,9 +62,16 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
        exit 1
    fi

+    # Write output to logfile.
+    exec > >(tee -i "$DUMP_DIR/database-import.log")
+    exec 2>&1
+
    # Inform
    echo "Restoring from database dump."

+    # Add import.failed file
+    touch "$DUMP_DIR/import.failed"
+
    # Exit if any command fails
    set -ex

@@ -74,11 +100,18 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO

    # Get the Owner
    DB_OWNER="$(grep "$GREP_STRING" "$DUMP_FILE" | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g')"
-    if [ "$DB_OWNER" != "oc_$POSTGRES_USER" ]; then
+    if [ "$DB_OWNER" = "$POSTGRES_USER" ]; then
+        echo "Unfortunately was the found database owner of the dump file the same as the POSTGRES_USER $POSTGRES_USER"
+        echo "It is not possible to import a database dump from this database owner."
+        echo "However you might rename the owner in the dumpfile to something else."
+        exit 1
+    elif [ "$DB_OWNER" != "oc_$POSTGRES_USER" ]; then
        DIFFERENT_DB_OWNER=1
        psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
            CREATE USER "$DB_OWNER" WITH PASSWORD '$POSTGRES_PASSWORD' CREATEDB;
            ALTER DATABASE "$POSTGRES_DB" OWNER TO "$DB_OWNER";
+            GRANT ALL PRIVILEGES ON DATABASE "$POSTGRES_DB" TO "$DB_OWNER";
+            GRANT ALL PRIVILEGES ON SCHEMA public TO "$DB_OWNER";
 EOSQL
    fi

@@ -102,6 +135,9 @@ EOSQL

    # Don't exit if command fails anymore
    set +ex
+
+    # Remove import failed file if everything went correctly
+    rm "$DUMP_DIR/import.failed"
 fi

 # Cover the last case
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,7 +1,7 @@
-# From https://github.com/docker-library/redis/blob/master/6.2/alpine/Dockerfile
-FROM redis:6.2.7-alpine
+# From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
+FROM redis:7.0.8-alpine

-RUN apk add --update --no-cache openssl bash
+RUN apk add --no-cache openssl bash

 COPY start.sh /usr/bin/
 RUN chmod +x /usr/bin/start.sh
@@ -12,4 +12,5 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 USER redis
 ENTRYPOINT ["start.sh"]

-HEALTHCHECK CMD redis-cli -a $REDIS_HOST_PASSWORD PING || exit 1
+HEALTHCHECK CMD redis-cli -a $REDIS_HOST_PASSWORD PING || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/redis/start.sh
+++ b/Containers/redis/start.sh
@@ -1,5 +1,11 @@
 #!/bin/bash

+# Show wiki if vm.overcommit is disabled
+if [ "$(sysctl -n vm.overcommit_memory)" != "1" ]; then
+    echo "Memory overcommit is disabled but necessary for safe operation"
+    echo "See https://github.com/nextcloud/all-in-one/discussions/1731 how to enable overcommit"
+fi
+
 # Run redis with a password if provided
 if [ -n "$REDIS_HOST_PASSWORD" ]; then
    exec redis-server --requirepass "$REDIS_HOST_PASSWORD"
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,4 +1,4 @@
-FROM ubuntu:focal-20221019
+FROM ubuntu:focal-20230126

 RUN set -ex; \
    \
@@ -53,11 +53,13 @@ RUN curl -sL -o "/usr/share/janus/lua/json.lua" "https://raw.githubusercontent.c

 RUN mkdir -p /etc/nats; \
    echo "listen: 127.0.0.1:4222" > /etc/nats/nats.conf; \
+    mkdir /var/lib/turn; \
    chown talk:talk /etc; \
    chown talk:talk -R /etc/nats; \
    chown talk:talk -R /etc/janus; \
    chown talk:talk -R /etc/signaling; \
-    chown talk:talk -R /usr
+    chown talk:talk -R /usr; \
+    chown talk:talk -R /var/lib/turn;

 # Give root a random password
 RUN echo "root:$(openssl rand -base64 12)" | chpasswd
@@ -69,4 +71,5 @@ USER talk
 ENTRYPOINT ["start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

-HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost $TALK_PORT) || exit 1
+HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost $TALK_PORT) || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -15,7 +15,7 @@ elif [ -z "$SIGNALING_SECRET" ]; then
    exit 1
 fi

-# Turn
+# Turn: https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf
 cat << TURN_CONF > "/etc/turnserver.conf"
 listening-port=$TALK_PORT
 fingerprint
@@ -29,6 +29,9 @@ stale-nonce
 no-multicast-peers
 simple-log
 pidfile=/var/tmp/turnserver.pid
+no-tls
+no-dtls
+userdb=/var/lib/turn/turndb
 TURN_CONF

 # Janus
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,9 +1,9 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
-FROM containrrr/watchtower:1.5.1 as watchtower
+FROM containrrr/watchtower:1.5.3 as watchtower

-FROM alpine:3.16.2
+FROM alpine:3.17.2

-RUN apk add --update --no-cache bash
+RUN apk add --no-cache bash
 COPY --from=watchtower /watchtower /

 COPY start.sh /
@@ -11,3 +11,4 @@ RUN chmod +x /start.sh

 USER root
 ENTRYPOINT ["/start.sh"]
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/watchtower/start.sh
+++ b/Containers/watchtower/start.sh
@@ -10,7 +10,7 @@ elif ! test -r /var/run/docker.sock; then
 fi

 if [ -n "$CONTAINER_TO_UPDATE" ]; then
-    exec /watchtower --cleanup --run-once "$CONTAINER_TO_UPDATE"
+    exec /watchtower --cleanup --debug --run-once "$CONTAINER_TO_UPDATE"
 else
    echo "'CONTAINER_TO_UPDATE' is not set. Cannot update anything."
    exit 1
--- a/app/appinfo/info.xml
+++ b/app/appinfo/info.xml
@@ -5,7 +5,7 @@
 	<name>Nextcloud All In One</name>
 	<summary>Provides a login link for admins.</summary>
 	<description>Add a link to the admin settings that gives access to the Nextcloud All In One admin interface</description>
-	<version>0.2.0</version>
+	<version>0.3.0</version>
 	<licence>agpl</licence>
 	<author>Azul</author>
 	<namespace>AllInOne</namespace>
@@ -13,7 +13,7 @@
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="23" max-version="24"/>
+		<nextcloud min-version="24" max-version="25"/>
 	</dependencies>

 	<settings>
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -6,32 +6,33 @@ volumes:

 services:
  nextcloud:
-    image: nextcloud/all-in-one:latest # Must be changed to 'nextcloud/all-in-one:latest-arm64' when used with an arm64 CPU
+    image: nextcloud/all-in-one:latest
    restart: always
    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed
    volumes:
      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed
-      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation
+      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'DOCKER_SOCKET_PATH'!
    ports:
-      - 80:80 # Can be removed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
      - 8080:8080
-      - 8443:8443 # Can be removed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
    # environment: # Is needed when using any of the options below
-      # - APACHE_PORT=11000 # Is needed when running behind a reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-      # - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a reverse proxy that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
-      # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
+      # - APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
+      # - DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
+      # - DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface.
      # - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
      # - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
-      # - DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail.
-      # - DISABLE_BACKUP_SECTION=true # Setting this to true allows to hide the backup section in the AIO interface.
      # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
      # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
      # - NEXTCLOUD_MEMORY_LIMIT=512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
      # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
-      # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
-      # - NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
-      # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container
+      # - NEXTCLOUD_STARTUP_APPS=deck twofactor_totp tasks calendar contacts # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
+      # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
      # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
+      # - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container which is needed for hardware-transcoding. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
+      # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.

  # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
  # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
--- a/docker-rootless.md
+++ b/docker-rootless.md
@@ -12,3 +12,5 @@ You can run AIO with docker rootless by following the steps below.
 1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or docker-compose file (after installing docker rootles) are things that are mentioned in point 3.

 **Please note:** All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 
+
+⚠️ **Additional note:** Almost all commands in this project's documentation use `sudo docker ...`. Since `sudo` is not needed in case of docker rootless, you simply remove `sudo` from the commands and they should work. 
--- a/helm-chart/Chart.yaml
+++ b/helm-chart/Chart.yaml
@@ -0,0 +1,9 @@
+name: Nextcloud AIO Helm Chart
+description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
+version: 4.3.4
+apiVersion: v2
+keywords:
+  - latest
+sources:
+  - https://github.com/nextcloud/all-in-one/tree/main/helm-chart
+home: https://github.com/nextcloud/all-in-one/tree/main/helm-chart
--- a/helm-chart/readme.md
+++ b/helm-chart/readme.md
@@ -0,0 +1,3 @@
+# You can also install the AIO containers on Kubernetes using this Helm Chart
+
+This is currently beta and not ready yet.
--- a/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-apache-deployment.yaml
@@ -0,0 +1,73 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-apache
+  name: nextcloud-aio-apache
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-apache
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.28.0 (c4137012e)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-apache
+    spec:
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - "777"
+            - /nextcloud-aio-nextcloud
+            - /nextcloud-aio-apache
+          volumeMounts:
+            - name: nextcloud-aio-apache
+              mountPath: /nextcloud-aio-apache
+            - name: nextcloud-aio-nextcloud
+              mountPath: /nextcloud-aio-nextcloud
+      containers:
+        - env:
+            - name: APACHE_MAX_SIZE
+              value: "{{ .Values.APACHE_MAX_SIZE }}"
+            - name: APACHE_MAX_TIME
+              value: "{{ .Values.NEXTCLOUD_MAX_TIME }}"
+            - name: APACHE_PORT
+              value: "{{ .Values.APACHE_PORT }}"
+            - name: COLLABORA_HOST
+              value: nextcloud-aio-collabora
+            - name: NC_DOMAIN
+              value: "{{ .Values.NC_DOMAIN }}"
+            - name: NEXTCLOUD_HOST
+              value: nextcloud-aio-nextcloud
+            - name: ONLYOFFICE_HOST
+              value: nextcloud-aio-onlyoffice
+            - name: TALK_HOST
+              value: nextcloud-aio-talk
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+          image: nextcloud/aio-apache:20230216_152733-latest
+          name: nextcloud-aio-apache
+          ports:
+            - containerPort: {{ .Values.APACHE_PORT }}
+          volumeMounts:
+            - mountPath: /var/www/html
+              name: nextcloud-aio-nextcloud
+              readOnly: true
+            - mountPath: /mnt/data
+              name: nextcloud-aio-apache
+      volumes:
+        - name: nextcloud-aio-nextcloud
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-nextcloud
+        - name: nextcloud-aio-apache
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-apache
--- a/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-apache-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-apache
+  name: nextcloud-aio-apache
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.APACHE_STORAGE_SIZE }}
--- a/helm-chart/templates/nextcloud-aio-apache-service.yaml
+++ b/helm-chart/templates/nextcloud-aio-apache-service.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-apache
+  name: nextcloud-aio-apache
+spec:
+  type: LoadBalancer
+  ports:
+    - name: "{{ .Values.APACHE_PORT }}"
+      port: {{ .Values.APACHE_PORT }}
+      targetPort: {{ .Values.APACHE_PORT }}
+  selector:
+    io.kompose.service: nextcloud-aio-apache
--- a/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-clamav-deployment.yaml
@@ -0,0 +1,52 @@
+{{- if eq .Values.CLAMAV_ENABLED "yes" }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-clamav
+  name: nextcloud-aio-clamav
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-clamav
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.28.0 (c4137012e)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-clamav
+    spec:
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - "777"
+            - /nextcloud-aio-clamav
+          volumeMounts:
+            - name: nextcloud-aio-clamav
+              mountPath: /nextcloud-aio-clamav
+      containers:
+        - env:
+            - name: CLAMD_STARTUP_TIMEOUT
+              value: "90"
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+          image: nextcloud/aio-clamav:20230216_152733-latest
+          name: nextcloud-aio-clamav
+          ports:
+            - containerPort: 3310
+          volumeMounts:
+            - mountPath: /var/lib/clamav
+              name: nextcloud-aio-clamav
+      volumes:
+        - name: nextcloud-aio-clamav
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-clamav
+{{- end }}
--- a/helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-clamav
+  name: nextcloud-aio-clamav
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.CLAMAV_STORAGE_SIZE }}
--- a/helm-chart/templates/nextcloud-aio-clamav-service.yaml
+++ b/helm-chart/templates/nextcloud-aio-clamav-service.yaml
@@ -0,0 +1,18 @@
+{{- if eq .Values.CLAMAV_ENABLED "yes" }}
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-clamav
+  name: nextcloud-aio-clamav
+spec:
+  ports:
+    - name: "3310"
+      port: 3310
+      targetPort: 3310
+  selector:
+    io.kompose.service: nextcloud-aio-clamav
+{{- end }}
--- a/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-collabora-deployment.yaml
@@ -0,0 +1,58 @@
+{{- if eq .Values.COLLABORA_ENABLED "yes" }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-collabora
+  name: nextcloud-aio-collabora
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-collabora
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.28.0 (c4137012e)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-collabora
+    spec:
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - "777"
+            - /nextcloud-aio-collabora-fonts
+          volumeMounts:
+            - name: nextcloud-aio-collabora-fonts
+              mountPath: /nextcloud-aio-collabora-fonts
+      containers:
+        - env:
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+            - name: aliasgroup1
+              value: https://{{ .Values.NC_DOMAIN }}:443
+            - name: dictionaries
+              value: "{{ .Values.COLLABORA_DICTIONARIES }}"
+            - name: extra_params
+              value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
+            - name: server_name
+              value: "{{ .Values.NC_DOMAIN }}"
+          image: nextcloud/aio-collabora:20230216_152733-latest
+          name: nextcloud-aio-collabora
+          ports:
+            - containerPort: 9980
+          volumeMounts:
+            - mountPath: /opt/cool/systemplate/tmpfonts
+              name: nextcloud-aio-collabora-fonts
+      volumes:
+        - name: nextcloud-aio-collabora-fonts
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-collabora-fonts
+{{- end }}
--- a/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-collabora-fonts-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-collabora-fonts
+  name: nextcloud-aio-collabora-fonts
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.COLLABORA_FONTS_STORAGE_SIZE }}
--- a/helm-chart/templates/nextcloud-aio-collabora-service.yaml
+++ b/helm-chart/templates/nextcloud-aio-collabora-service.yaml
@@ -0,0 +1,18 @@
+{{- if eq .Values.COLLABORA_ENABLED "yes" }}
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-collabora
+  name: nextcloud-aio-collabora
+spec:
+  ports:
+    - name: "9980"
+      port: 9980
+      targetPort: 9980
+  selector:
+    io.kompose.service: nextcloud-aio-collabora
+{{- end }}
--- a/helm-chart/templates/nextcloud-aio-database-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-deployment.yaml
@@ -0,0 +1,65 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-database
+  name: nextcloud-aio-database
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-database
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.28.0 (c4137012e)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-database
+    spec:
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chown
+            - 999:999
+            - /nextcloud-aio-database
+            - /nextcloud-aio-database-dump
+          volumeMounts:
+            - name: nextcloud-aio-database-dump
+              mountPath: /nextcloud-aio-database-dump
+            - name: nextcloud-aio-database
+              mountPath: /nextcloud-aio-database
+      containers:
+        - env:
+            - name: PGTZ
+              value: "{{ .Values.TIMEZONE }}"
+            - name: POSTGRES_DB
+              value: nextcloud_database
+            - name: POSTGRES_PASSWORD
+              value: "{{ .Values.DATABASE_PASSWORD }}"
+            - name: POSTGRES_USER
+              value: nextcloud
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+          image: nextcloud/aio-postgresql:20230216_152733-latest
+          name: nextcloud-aio-database
+          ports:
+            - containerPort: 5432
+          volumeMounts:
+            - mountPath: /var/lib/postgresql/data
+              name: nextcloud-aio-database
+            - mountPath: /mnt/data
+              name: nextcloud-aio-database-dump
+      terminationGracePeriodSeconds: 1800
+      volumes:
+        - name: nextcloud-aio-database
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-database
+        - name: nextcloud-aio-database-dump
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-database-dump
--- a/helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-dump-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-database-dump
+  name: nextcloud-aio-database-dump
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.DATABASE_DUMP_STORAGE_SIZE }}
--- a/helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-database
+  name: nextcloud-aio-database
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.DATABASE_STORAGE_SIZE }}
--- a/helm-chart/templates/nextcloud-aio-database-service.yaml
+++ b/helm-chart/templates/nextcloud-aio-database-service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-database
+  name: nextcloud-aio-database
+spec:
+  ports:
+    - name: "5432"
+      port: 5432
+      targetPort: 5432
+  selector:
+    io.kompose.service: nextcloud-aio-database
--- a/helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-elasticsearch-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-elasticsearch
+  name: nextcloud-aio-elasticsearch
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.ELASTICSEARCH_STORAGE_SIZE }}
--- a/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml
@@ -0,0 +1,56 @@
+{{- if eq .Values.FULLTEXTSEARCH_ENABLED "yes" }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-fulltextsearch
+  name: nextcloud-aio-fulltextsearch
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-fulltextsearch
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.28.0 (c4137012e)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-fulltextsearch
+    spec:
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - "777"
+            - /nextcloud-aio-elasticsearch
+          volumeMounts:
+            - name: nextcloud-aio-elasticsearch
+              mountPath: /nextcloud-aio-elasticsearch
+      containers:
+        - env:
+            - name: ES_JAVA_OPTS
+              value: -Xms1024M -Xmx1024M
+            - name: POSTGRES_HOST
+              value: nextcloud-aio-database
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+            - name: discovery.type
+              value: single-node
+          image: nextcloud/aio-fulltextsearch:20230216_152733-latest
+          name: nextcloud-aio-fulltextsearch
+          ports:
+            - containerPort: 9200
+          volumeMounts:
+            - mountPath: /usr/share/elasticsearch/data
+              name: nextcloud-aio-elasticsearch
+      volumes:
+        - name: nextcloud-aio-elasticsearch
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-elasticsearch
+{{- end }}
--- a/helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
+++ b/helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml
@@ -0,0 +1,18 @@
+{{- if eq .Values.FULLTEXTSEARCH_ENABLED "yes" }}
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-fulltextsearch
+  name: nextcloud-aio-fulltextsearch
+spec:
+  ports:
+    - name: "9200"
+      port: 9200
+      targetPort: 9200
+  selector:
+    io.kompose.service: nextcloud-aio-fulltextsearch
+{{- end }}
--- a/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml
@@ -0,0 +1,33 @@
+{{- if eq .Values.IMAGINARY_ENABLED "yes" }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-imaginary
+  name: nextcloud-aio-imaginary
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-imaginary
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.28.0 (c4137012e)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-imaginary
+    spec:
+      containers:
+        - env:
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+          image: nextcloud/aio-imaginary:20230216_152733-latest
+          name: nextcloud-aio-imaginary
+          ports:
+            - containerPort: 9000
+{{- end }}
--- a/helm-chart/templates/nextcloud-aio-imaginary-service.yaml
+++ b/helm-chart/templates/nextcloud-aio-imaginary-service.yaml
@@ -0,0 +1,18 @@
+{{- if eq .Values.IMAGINARY_ENABLED "yes" }}
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-imaginary
+  name: nextcloud-aio-imaginary
+spec:
+  ports:
+    - name: "9000"
+      port: 9000
+      targetPort: 9000
+  selector:
+    io.kompose.service: nextcloud-aio-imaginary
+{{- end }}
--- a/helm-chart/templates/nextcloud-aio-networkpolicy.yaml
+++ b/helm-chart/templates/nextcloud-aio-networkpolicy.yaml
@@ -0,0 +1,13 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: nextcloud-aio
+spec:
+  ingress:
+    - from:
+        - podSelector:
+            matchLabels:
+              io.kompose.network/nextcloud-aio: "true"
+  podSelector:
+    matchLabels:
+      io.kompose.network/nextcloud-aio: "true"
--- a/helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-nextcloud-data
+  name: nextcloud-aio-nextcloud-data
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.NEXTCLOUD_DATA_STORAGE_SIZE }}
--- a/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml
@@ -0,0 +1,137 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-nextcloud
+  name: nextcloud-aio-nextcloud
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-nextcloud
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.28.0 (c4137012e)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-nextcloud
+    spec:
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - "777"
+            - /nextcloud-aio-nextcloud
+            - /nextcloud-aio-nextcloud-trusted-cacerts
+          volumeMounts:
+            - name: nextcloud-aio-nextcloud-trusted-cacerts
+              mountPath: /nextcloud-aio-nextcloud-trusted-cacerts
+            - name: nextcloud-aio-nextcloud
+              mountPath: /nextcloud-aio-nextcloud
+      containers:
+        - env:
+            - name: ADDITIONAL_APKS
+              value: "{{ .Values.NEXTCLOUD_ADDITIONAL_APKS }}"
+            - name: ADDITIONAL_PHP_EXTENSIONS
+              value: "{{ .Values.NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS }}"
+            - name: ADMIN_PASSWORD
+              value: "{{ .Values.NEXTCLOUD_PASSWORD }}"
+            - name: ADMIN_USER
+              value: admin
+            - name: AIO_TOKEN
+              value: "{{ .Values.AIO_TOKEN }}"
+            - name: AIO_URL
+              value: "{{ .Values.AIO_URL }}"
+            - name: CLAMAV_ENABLED
+              value: "{{ .Values.CLAMAV_ENABLED }}"
+            - name: CLAMAV_HOST
+              value: nextcloud-aio-clamav
+            - name: COLLABORA_ENABLED
+              value: "{{ .Values.COLLABORA_ENABLED }}"
+            - name: COLLABORA_HOST
+              value: nextcloud-aio-collabora
+            - name: FULLTEXTSEARCH_ENABLED
+              value: "{{ .Values.FULLTEXTSEARCH_ENABLED }}"
+            - name: FULLTEXTSEARCH_HOST
+              value: nextcloud-aio-fulltextsearch
+            - name: IMAGINARY_ENABLED
+              value: "{{ .Values.IMAGINARY_ENABLED }}"
+            - name: IMAGINARY_HOST
+              value: nextcloud-aio-imaginary
+            - name: NC_DOMAIN
+              value: "{{ .Values.NC_DOMAIN }}"
+            - name: NEXTCLOUD_DATA_DIR
+              value: /mnt/ncdata
+            - name: ONLYOFFICE_ENABLED
+              value: "{{ .Values.ONLYOFFICE_ENABLED }}"
+            - name: ONLYOFFICE_HOST
+              value: nextcloud-aio-onlyoffice
+            - name: ONLYOFFICE_SECRET
+              value: "{{ .Values.ONLYOFFICE_SECRET }}"
+            - name: OVERWRITEHOST
+              value: "{{ .Values.NC_DOMAIN }}"
+            - name: OVERWRITEPROTOCOL
+              value: https
+            - name: PHP_MAX_TIME
+              value: "{{ .Values.NEXTCLOUD_MAX_TIME }}"
+            - name: PHP_MEMORY_LIMIT
+              value: "{{ .Values.NEXTCLOUD_MEMORY_LIMIT }}"
+            - name: PHP_UPLOAD_LIMIT
+              value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
+            - name: POSTGRES_DB
+              value: nextcloud_database
+            - name: POSTGRES_HOST
+              value: nextcloud-aio-database
+            - name: POSTGRES_PASSWORD
+              value: "{{ .Values.DATABASE_PASSWORD }}"
+            - name: POSTGRES_USER
+              value: nextcloud
+            - name: REDIS_HOST
+              value: nextcloud-aio-redis
+            - name: REDIS_HOST_PASSWORD
+              value: "{{ .Values.REDIS_PASSWORD }}"
+            - name: SIGNALING_SECRET
+              value: "{{ .Values.SIGNALING_SECRET }}"
+            - name: STARTUP_APPS
+              value: "{{ .Values.NEXTCLOUD_STARTUP_APPS }}"
+            - name: TALK_ENABLED
+              value: "{{ .Values.TALK_ENABLED }}"
+            - name: TALK_PORT
+              value: "{{ .Values.TALK_PORT }}"
+            - name: TRUSTED_CACERTS_DIR
+              value: "{{ .Values.NEXTCLOUD_TRUSTED_CACERTS_DIR }}"
+            - name: TURN_SECRET
+              value: "{{ .Values.TURN_SECRET }}"
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+            - name: UPDATE_NEXTCLOUD_APPS
+              value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
+          image: nextcloud/aio-nextcloud:20230216_152733-latest
+          name: nextcloud-aio-nextcloud
+          ports:
+            - containerPort: 9000
+            - containerPort: 7867
+          volumeMounts:
+            - mountPath: /var/www/html
+              name: nextcloud-aio-nextcloud
+            - mountPath: /mnt/ncdata
+              name: nextcloud-aio-nextcloud-data
+            - mountPath: /usr/local/share/ca-certificates
+              name: nextcloud-aio-nextcloud-trusted-cacerts
+              readOnly: true
+      volumes:
+        - name: nextcloud-aio-nextcloud
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-nextcloud
+        - name: nextcloud-aio-nextcloud-data
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-nextcloud-data
+        - name: nextcloud-aio-nextcloud-trusted-cacerts
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-nextcloud-trusted-cacerts
--- a/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-nextcloud
+  name: nextcloud-aio-nextcloud
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.NEXTCLOUD_STORAGE_SIZE }}
--- a/helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-service.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-nextcloud
+  name: nextcloud-aio-nextcloud
+spec:
+  ports:
+    - name: "9000"
+      port: 9000
+      targetPort: 9000
+    - name: "7867"
+      port: 7867
+      targetPort: 7867
+  selector:
+    io.kompose.service: nextcloud-aio-nextcloud
--- a/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-nextcloud-trusted-cacerts-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-nextcloud-trusted-cacerts
+  name: nextcloud-aio-nextcloud-trusted-cacerts
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.NEXTCLOUD_TRUSTED_CACERTS_STORAGE_SIZE }}
--- a/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml
@@ -0,0 +1,56 @@
+{{- if eq .Values.ONLYOFFICE_ENABLED "yes" }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-onlyoffice
+  name: nextcloud-aio-onlyoffice
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-onlyoffice
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.28.0 (c4137012e)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-onlyoffice
+    spec:
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - "777"
+            - /nextcloud-aio-onlyoffice
+          volumeMounts:
+            - name: nextcloud-aio-onlyoffice
+              mountPath: /nextcloud-aio-onlyoffice
+      containers:
+        - env:
+            - name: JWT_ENABLED
+              value: "true"
+            - name: JWT_HEADER
+              value: AuthorizationJwt
+            - name: JWT_SECRET
+              value: "{{ .Values.ONLYOFFICE_SECRET }}"
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+          image: nextcloud/aio-onlyoffice:20230216_152733-latest
+          name: nextcloud-aio-onlyoffice
+          ports:
+            - containerPort: 80
+          volumeMounts:
+            - mountPath: /var/lib/onlyoffice
+              name: nextcloud-aio-onlyoffice
+      volumes:
+        - name: nextcloud-aio-onlyoffice
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-onlyoffice
+{{- end }}
--- a/helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-onlyoffice
+  name: nextcloud-aio-onlyoffice
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.ONLYOFFICE_STORAGE_SIZE }}
--- a/helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
+++ b/helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml
@@ -0,0 +1,18 @@
+{{- if eq .Values.ONLYOFFICE_ENABLED "yes" }}
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-onlyoffice
+  name: nextcloud-aio-onlyoffice
+spec:
+  ports:
+    - name: "80"
+      port: 80
+      targetPort: 80
+  selector:
+    io.kompose.service: nextcloud-aio-onlyoffice
+{{- end }}
--- a/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-redis-deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-redis
+  name: nextcloud-aio-redis
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-redis
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.28.0 (c4137012e)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-redis
+    spec:
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - "777"
+            - /nextcloud-aio-redis
+          volumeMounts:
+            - name: nextcloud-aio-redis
+              mountPath: /nextcloud-aio-redis
+      containers:
+        - env:
+            - name: REDIS_HOST_PASSWORD
+              value: "{{ .Values.REDIS_PASSWORD }}"
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+          image: nextcloud/aio-redis:20230216_152733-latest
+          name: nextcloud-aio-redis
+          ports:
+            - containerPort: 6379
+          volumeMounts:
+            - mountPath: /data
+              name: nextcloud-aio-redis
+      volumes:
+        - name: nextcloud-aio-redis
+          persistentVolumeClaim:
+            claimName: nextcloud-aio-redis
--- a/helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
+++ b/helm-chart/templates/nextcloud-aio-redis-persistentvolumeclaim.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    io.kompose.service: nextcloud-aio-redis
+  name: nextcloud-aio-redis
+spec:
+  {{- if .Values.STORAGE_CLASS }}
+  storageClassName: {{ .Values.STORAGE_CLASS }}
+  {{- end }}
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: {{ .Values.REDIS_STORAGE_SIZE }}
--- a/helm-chart/templates/nextcloud-aio-redis-service.yaml
+++ b/helm-chart/templates/nextcloud-aio-redis-service.yaml
@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-redis
+  name: nextcloud-aio-redis
+spec:
+  ports:
+    - name: "6379"
+      port: 6379
+      targetPort: 6379
+  selector:
+    io.kompose.service: nextcloud-aio-redis
--- a/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
+++ b/helm-chart/templates/nextcloud-aio-talk-deployment.yaml
@@ -0,0 +1,46 @@
+{{- if eq .Values.TALK_ENABLED "yes" }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-talk
+  name: nextcloud-aio-talk
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      io.kompose.service: nextcloud-aio-talk
+  template:
+    metadata:
+      annotations:
+        kompose.cmd: kompose convert -c -f latest.yml
+        kompose.version: 1.28.0 (c4137012e)
+      labels:
+        io.kompose.network/nextcloud-aio: "true"
+        io.kompose.service: nextcloud-aio-talk
+    spec:
+      containers:
+        - env:
+            - name: JANUS_API_KEY
+              value: "{{ .Values.JANUS_API_KEY }}"
+            - name: NC_DOMAIN
+              value: "{{ .Values.NC_DOMAIN }}"
+            - name: SIGNALING_SECRET
+              value: "{{ .Values.SIGNALING_SECRET }}"
+            - name: TALK_PORT
+              value: "{{ .Values.TALK_PORT }}"
+            - name: TURN_SECRET
+              value: "{{ .Values.TURN_SECRET }}"
+            - name: TZ
+              value: "{{ .Values.TIMEZONE }}"
+          image: nextcloud/aio-talk:20230216_152733-latest
+          name: nextcloud-aio-talk
+          ports:
+            - containerPort: {{ .Values.TALK_PORT }}
+            - containerPort: {{ .Values.TALK_PORT }}
+              protocol: UDP
+            - containerPort: 8081
+{{- end }}
--- a/helm-chart/templates/nextcloud-aio-talk-service.yaml
+++ b/helm-chart/templates/nextcloud-aio-talk-service.yaml
@@ -0,0 +1,41 @@
+{{- if eq .Values.TALK_ENABLED "yes" }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-talk
+  name: nextcloud-aio-talk-public
+spec:
+  type: LoadBalancer
+  ports:
+    - name: "{{ .Values.TALK_PORT }}"
+      port: {{ .Values.TALK_PORT }}
+      targetPort: {{ .Values.TALK_PORT }}
+    - name: {{ .Values.TALK_PORT }}-udp
+      port: {{ .Values.TALK_PORT }}
+      protocol: UDP
+      targetPort: {{ .Values.TALK_PORT }}
+  selector:
+    io.kompose.service: nextcloud-aio-talk
+---
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    kompose.cmd: kompose convert -c -f latest.yml
+    kompose.version: 1.28.0 (c4137012e)
+  labels:
+    io.kompose.service: nextcloud-aio-talk
+  name: nextcloud-aio-talk
+spec:
+  ports:
+    - name: "8081"
+      port: 8081
+      targetPort: 8081
+  selector:
+    io.kompose.service: nextcloud-aio-talk
+{{- end }}
--- a/helm-chart/update-helm.sh
+++ b/helm-chart/update-helm.sh
@@ -0,0 +1,202 @@
+#!/bin/bash
+
+DOCKER_TAG="$1"
+
+# Clean
+rm -f ./helm-chart/values.yaml
+rm -rf ./helm-chart/templates
+
+# Install kompose
+LATEST_KOMPOSE="$(git ls-remote --tags https://github.com/kubernetes/kompose.git | cut -d/ -f3 | grep -viE -- 'rc|b' | sort -V | tail -1)"
+curl -L https://github.com/kubernetes/kompose/releases/download/"$LATEST_KOMPOSE"/kompose-linux-amd64 -o kompose
+chmod +x kompose
+sudo mv ./kompose /usr/local/bin/kompose
+
+set -ex
+
+# Conversion of docker-compose
+cd manual-install
+cp latest.yml latest.yml.backup
+cp sample.conf /tmp/
+sed -i 's|^|export |' /tmp/sample.conf
+# shellcheck disable=SC1091
+source /tmp/sample.conf
+rm /tmp/sample.conf
+sed -i "s|:latest$|:$DOCKER_TAG-latest|" latest.yml
+sed -i "s|\${APACHE_IP_BINDING}:||" latest.yml
+sed -i "s|\${APACHE_PORT}:\${APACHE_PORT}/|$APACHE_PORT:$APACHE_PORT/|" latest.yml
+sed -i "s|\${TALK_PORT}:\${TALK_PORT}/|$TALK_PORT:$TALK_PORT/|g" latest.yml
+sed -i "s|- \${APACHE_PORT}|- $APACHE_PORT|" latest.yml
+sed -i "s|- \${TALK_PORT}|- $TALK_PORT|" latest.yml
+sed -i "s|\${NEXTCLOUD_DATADIR}|$NEXTCLOUD_DATADIR|" latest.yml
+sed -i "/NEXTCLOUD_DATADIR/d" latest.yml
+sed -i "/\${NEXTCLOUD_MOUNT}/d" latest.yml
+sed -i "/^volumes:/a\ \ nextcloud_aio_nextcloud_trusted_cacerts:\n \ \ \ \ name: nextcloud_aio_nextcloud_trusted_cacerts" latest.yml
+sed -i "s|\${NEXTCLOUD_TRUSTED_CACERTS_DIR}:|nextcloud_aio_nextcloud_trusted_cacerts:|g#" latest.yml
+sed -i 's|\${|{{ .Values.|g' latest.yml
+sed -i 's|}| }}|g' latest.yml
+cat latest.yml
+kompose convert -c -f latest.yml
+cd latest
+
+mv ./templates/manual-install-nextcloud-aio-networkpolicy.yaml ./templates/nextcloud-aio-networkpolicy.yaml
+# shellcheck disable=SC1083
+find ./ -name '*networkpolicy.yaml' -exec sed -i "s|manual-install-nextcloud-aio|nextcloud-aio|" \{} \; 
+cat << EOL > /tmp/initcontainers
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - "777"
+          volumeMountsInitContainer:
+EOL
+cat << EOL > /tmp/initcontainers.database
+      initContainers:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chown
+            - 999:999
+          volumeMountsInitContainer:
+EOL
+# shellcheck disable=SC1083
+DEPLOYMENTS="$(find ./ -name '*deployment.yaml')"
+mapfile -t DEPLOYMENTS <<< "$DEPLOYMENTS"
+for variable in "${DEPLOYMENTS[@]}"; do
+    if grep -q volumeMounts "$variable"; then
+        if ! echo "$variable" | grep -q database; then
+            sed -i "/^    spec:/r /tmp/initcontainers" "$variable"
+        else
+            sed -i "/^    spec:/r /tmp/initcontainers.database" "$variable"
+        fi
+        volumeNames="$(grep -A1 mountPath "$variable" | grep -v mountPath | sed 's|.*name: ||' | sed '/^--$/d')"
+        mapfile -t volumeNames <<< "$volumeNames"
+        for volumeName in "${volumeNames[@]}"; do
+            # The Nextcloud container runs as root user and sets the correct permissions automatically for the data-dir if the www-data user cannot write to it
+            if [ "$volumeName" != "nextcloud-aio-nextcloud-data" ]; then
+                sed -i "/^.*volumeMountsInitContainer:/i\ \ \ \ \ \ \ \ \ \ \ \ - /$volumeName" "$variable"
+                sed -i "/volumeMountsInitContainer:/a\ \ \ \ \ \ \ \ \ \ \ \ - name: $volumeName\n\ \ \ \ \ \ \ \ \ \ \ \ \ \ mountPath: /$volumeName" "$variable"
+            fi
+        done
+        sed -i "s|volumeMountsInitContainer|volumeMounts|" "$variable"
+        if grep -q claimName "$variable"; then
+            claimNames="$(grep claimName "$variable")"
+            mapfile -t claimNames <<< "$claimNames"
+            for claimName in "${claimNames[@]}"; do
+                if grep -A1 "^$claimName$" "$variable" | grep -q "readOnly: true"; then
+                    sed -i "/^$claimName$/{n;d}" "$variable"
+                fi
+            done
+        fi
+    fi
+done
+# shellcheck disable=SC1083
+find ./ -name '*service.yaml' -exec sed -i "/^status:/,$ d" \{} \; 
+# shellcheck disable=SC1083
+find ./ -name '*deployment.yaml' -exec sed -i "s|manual-install-nextcloud-aio|nextcloud-aio|" \{} \; 
+# shellcheck disable=SC1083
+find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|ReadOnlyMany|ReadWriteOnce|" \{} \;   
+# shellcheck disable=SC1083
+find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ {{- if .Values.STORAGE_CLASS }}" \{} \;  
+# shellcheck disable=SC1083
+find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ storageClassName: {{ .Values.STORAGE_CLASS }}" \{} \; 
+# shellcheck disable=SC1083
+find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ {{- end }}" \{} \; 
+# shellcheck disable=SC1083
+find ./ -name '*deployment.yaml' -exec sed -i "/restartPolicy:/d" \{} \;  
+# shellcheck disable=SC1083
+find ./ -name '*apache*' -exec sed -i "s|$APACHE_PORT|{{ .Values.APACHE_PORT }}|" \{} \;
+# shellcheck disable=SC1083
+find ./ -name '*talk*' -exec sed -i "s|$TALK_PORT|{{ .Values.TALK_PORT }}|" \{} \;
+# shellcheck disable=SC1083
+find ./ -name '*apache-service.yaml' -exec sed -i "/^spec:/a\ \ type: LoadBalancer" \{} \;
+# shellcheck disable=SC1083
+find ./ -name '*talk-service.yaml' -exec sed -i "/^spec:/a\ \ type: LoadBalancer" \{} \;
+echo '---' > /tmp/talk-service.copy
+# shellcheck disable=SC1083
+find ./ -name '*talk-service.yaml' -exec cat \{} \; >> /tmp/talk-service.copy
+sed -i 's|name: nextcloud-aio-talk|name: nextcloud-aio-talk-public|' /tmp/talk-service.copy
+# shellcheck disable=SC1083
+INTERNAL_TALK_PORTS="$(find ./ -name '*talk-deployment.yaml' -exec grep -oP 'containerPort: [0-9]+' \{} \;)"
+mapfile -t INTERNAL_TALK_PORTS <<< "$INTERNAL_TALK_PORTS"
+for port in "${INTERNAL_TALK_PORTS[@]}"; do
+    port="$(echo "$port" | grep -oP '[0-9]+')"
+    sed -i "/$port/d" /tmp/talk-service.copy
+done
+echo '---' >>  /tmp/talk-service.copy
+# shellcheck disable=SC1083
+find ./ -name '*talk-service.yaml' -exec grep -v '{{ .Values.*}}\|protocol: UDP\|type: LoadBalancer' \{} \; >> /tmp/talk-service.copy
+# shellcheck disable=SC1083
+find ./ -name '*talk-service.yaml' -exec mv /tmp/talk-service.copy \{} \;
+# shellcheck disable=SC1083
+find ./ -name '*.yaml' -exec sed -i "s|'{{|\"{{|g;s|}}'|}}\"|g" \{} \; 
+# shellcheck disable=SC1083
+find ./ -name '*.yaml' -exec sed -i "/type: Recreate/d" \{} \; 
+# shellcheck disable=SC1083
+find ./ -name '*.yaml' -exec sed -i "/strategy:/d" \{} \; 
+# shellcheck disable=SC1083
+find ./ \( -not -name '*service.yaml' -name '*.yaml' \) -exec sed -i "/^status:/d" \{} \; 
+# shellcheck disable=SC1083
+find ./ \( -not -name '*persistentvolumeclaim.yaml' -name '*.yaml' \) -exec sed -i "/resources:/d" \{} \; 
+# shellcheck disable=SC1083
+find ./ -name '*.yaml' -exec sed -i "/creationTimestamp: null/d" \{} \; 
+VOLUMES="$(find ./ -name '*persistentvolumeclaim.yaml' | sed 's|-persistentvolumeclaim.yaml||g;s|.*nextcloud-aio-||g')"
+mapfile -t VOLUMES <<< "$VOLUMES"
+for variable in "${VOLUMES[@]}"; do
+    name="$(echo "$variable" | sed 's|-|_|g' | tr '[:lower:]' '[:upper:]')_STORAGE_SIZE"
+    VOLUME_VARIABLE+=("$name")
+    # shellcheck disable=SC1083
+    find ./ -name "*nextcloud-aio-$variable-persistentvolumeclaim.yaml" -exec sed -i "s|storage: 100Mi|storage: {{ .Values.$name }}|" \{} \; 
+done
+
+cd ../
+mkdir -p ../helm-chart/
+rm latest/Chart.yaml
+rm latest/README.md
+mv latest/* ../helm-chart/
+rm -r latest
+rm latest.yml
+mv latest.yml.backup latest.yml
+
+# Get version of AIO
+AIO_VERSION="$(grep 'Nextcloud AIO ' ../php/templates/containers.twig | grep -oP '[0-9]+.[0-9]+.[0-9]+')"
+sed -i "s|^version:.*|version: $AIO_VERSION|" ../helm-chart/Chart.yaml
+
+# Conversion of sample.conf
+cp sample.conf /tmp/
+sed -i 's|"||g' /tmp/sample.conf
+sed -i 's|=|: |' /tmp/sample.conf
+sed -i 's|= |: |' /tmp/sample.conf
+sed -i '/^NEXTCLOUD_DATADIR/d' /tmp/sample.conf
+sed -i '/^APACHE_IP_BINDING/d' /tmp/sample.conf
+sed -i '/^NEXTCLOUD_MOUNT/d' /tmp/sample.conf
+sed -i '/_ENABLED.*/s/ yes / "yes" /' /tmp/sample.conf
+sed -i '/_ENABLED.*/s/ no / "no" /' /tmp/sample.conf
+sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf
+# shellcheck disable=SC2129
+echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf
+for variable in "${VOLUME_VARIABLE[@]}"; do
+    echo "$variable: 1Gi       # You can change the size of the $(echo "$variable" | sed 's|_STORAGE_SIZE||;s|_|-|g' | tr '[:upper:]' '[:lower:]') volume that default to 1Gi with this value" >> /tmp/sample.conf
+done
+mv /tmp/sample.conf ../helm-chart/values.yaml
+
+ENABLED_VARIABLES="$(grep -oP '^[A-Z]+_ENABLED' ../helm-chart/values.yaml)"
+mapfile -t ENABLED_VARIABLES <<< "$ENABLED_VARIABLES"
+
+cd ../helm-chart/
+for variable in "${ENABLED_VARIABLES[@]}"; do
+    name="$(echo "$variable" | sed 's|_ENABLED||g' | tr '[:upper:]' '[:lower:]')"
+    # shellcheck disable=SC1083
+    find ./ -name "*nextcloud-aio-$name-deployment.yaml" -exec sed -i "1i\\{{- if eq .Values.$variable \"yes\" }}" \{} \; 
+    # shellcheck disable=SC1083
+    find ./ -name "*nextcloud-aio-$name-deployment.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
+    # shellcheck disable=SC1083
+    find ./ -name "*nextcloud-aio-$name-service.yaml" -exec sed -i "1i\\{{- if eq .Values.$variable \"yes\" }}" \{} \; 
+    # shellcheck disable=SC1083
+    find ./ -name "*nextcloud-aio-$name-service.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
+done
+
+chmod 777 -R ./
+
+set +ex
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -0,0 +1,42 @@
+AIO_TOKEN: 123456          # Has no function but needs to be set!
+AIO_URL: localhost          # Has no function but needs to be set!
+APACHE_MAX_SIZE: 10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
+APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).
+CLAMAV_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+COLLABORA_DICTIONARIES: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
+COLLABORA_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+COLLABORA_SECCOMP_POLICY: --o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
+DATABASE_PASSWORD:           # TODO! This needs to be a unique and good password!
+FULLTEXTSEARCH_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+IMAGINARY_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+JANUS_API_KEY:           # TODO! This needs to be a unique and good password!
+NC_DOMAIN: yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
+NEXTCLOUD_ADDITIONAL_APKS: imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
+NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
+NEXTCLOUD_MAX_TIME: 3600          # This allows to change the upload time limit of the Nextcloud container
+NEXTCLOUD_MEMORY_LIMIT: 512M          # This allows to change the PHP memory limit of the Nextcloud container
+NEXTCLOUD_PASSWORD:           # TODO! This is the password of the initially created Nextcloud admin with username admin.
+NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
+NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container
+NEXTCLOUD_UPLOAD_LIMIT: 10G          # This allows to change the upload limit of the Nextcloud container
+ONLYOFFICE_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+ONLYOFFICE_SECRET:           # TODO! This needs to be a unique and good password!
+REDIS_PASSWORD:           # TODO! This needs to be a unique and good password!
+SIGNALING_SECRET:           # TODO! This needs to be a unique and good password!
+TALK_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+TALK_PORT: 3478          # This allows to adjust the port that the talk container is using.
+TIMEZONE: Europe/Berlin          # TODO! This is the timezone that your containers will use.
+TURN_SECRET:           # TODO! This needs to be a unique and good password!
+UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
+STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes
+ELASTICSEARCH_STORAGE_SIZE: 1Gi       # You can change the size of the elasticsearch volume that default to 1Gi with this value
+NEXTCLOUD_TRUSTED_CACERTS_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud-trusted-cacerts volume that default to 1Gi with this value
+COLLABORA_FONTS_STORAGE_SIZE: 1Gi       # You can change the size of the collabora-fonts volume that default to 1Gi with this value
+ONLYOFFICE_STORAGE_SIZE: 1Gi       # You can change the size of the onlyoffice volume that default to 1Gi with this value
+CLAMAV_STORAGE_SIZE: 1Gi       # You can change the size of the clamav volume that default to 1Gi with this value
+DATABASE_DUMP_STORAGE_SIZE: 1Gi       # You can change the size of the database-dump volume that default to 1Gi with this value
+NEXTCLOUD_DATA_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud-data volume that default to 1Gi with this value
+NEXTCLOUD_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud volume that default to 1Gi with this value
+REDIS_STORAGE_SIZE: 1Gi       # You can change the size of the redis volume that default to 1Gi with this value
+DATABASE_STORAGE_SIZE: 1Gi       # You can change the size of the database volume that default to 1Gi with this value
+APACHE_STORAGE_SIZE: 1Gi       # You can change the size of the apache volume that default to 1Gi with this value
--- a/local-instance.md
+++ b/local-instance.md
@@ -13,7 +13,7 @@ The recommended way is the following:
 You can alternatively use the ACME DNS-challenge to get a valid certificate for Nextcloud. Here is described how to set it up: https://github.com/nextcloud/all-in-one#how-to-get-nextcloud-running-using-the-acme-dns-challenge

 ## 3. Use Cloudflare
-If you do not have any contol over the network, you may think about using Cloudflare Argo Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-argo-tunnel how to set this up.
+If you do not have any contol over the network, you may think about using Cloudflare Tunnel to get a valid certificate for your Nextcloud. However it will be opened to the public internet then. See https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel how to set this up.

 ## 4. Buy a certificate and use that
 If none of the above ways work for you, you may simply buy a certificate from an issuer for your domain. You then download the certificate onto your server, configure AIO in [reverse proxy mode](./reverse-proxy.md) and use the certificate for your domain in your reverse proxy config.
--- a/manual-install/latest-arm64.yml
+++ b/manual-install/latest-arm64.yml
@@ -1,199 +0,0 @@
-version: "3.8"
-
-services:
-  nextcloud-aio-apache:
-    container_name: nextcloud-aio-apache
-    depends_on:
-      - nextcloud-aio-onlyoffice
-      - nextcloud-aio-collabora
-      - nextcloud-aio-talk
-      - nextcloud-aio-nextcloud
-    image: nextcloud/aio-apache:latest-arm64
-    ports:
-      - ${APACHE_PORT}:${APACHE_PORT}/tcp
-    environment:
-      - NC_DOMAIN=${NC_DOMAIN}
-      - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
-      - COLLABORA_HOST=nextcloud-aio-collabora
-      - TALK_HOST=nextcloud-aio-talk
-      - APACHE_PORT=${APACHE_PORT}
-      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
-      - TZ=${TIMEZONE}
-      - APACHE_MAX_SIZE=${APACHE_MAX_SIZE}
-      - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
-    volumes:
-      - nextcloud_aio_nextcloud:/var/www/html:ro
-      - nextcloud_aio_apache:/mnt/data:rw
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-database:
-    container_name: nextcloud-aio-database
-    image: nextcloud/aio-postgresql:latest-arm64
-    volumes:
-      - nextcloud_aio_database:/var/lib/postgresql/data:rw
-      - nextcloud_aio_database_dump:/mnt/data:rw
-    environment:
-      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
-      - POSTGRES_DB=nextcloud_database
-      - POSTGRES_USER=nextcloud
-      - TZ=${TIMEZONE}
-      - PGTZ=${TIMEZONE}
-    stop_grace_period: 1800s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-nextcloud:
-    container_name: nextcloud-aio-nextcloud
-    depends_on:
-      - nextcloud-aio-database
-      - nextcloud-aio-redis
-      - nextcloud-aio-fulltextsearch
-      - nextcloud-aio-imaginary
-    image: nextcloud/aio-nextcloud:latest-arm64
-    volumes:
-      - nextcloud_aio_nextcloud:/var/www/html:rw
-      - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
-      - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
-      - ${TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
-    environment:
-      - POSTGRES_HOST=nextcloud-aio-database
-      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
-      - POSTGRES_DB=nextcloud_database
-      - POSTGRES_USER=nextcloud
-      - REDIS_HOST=nextcloud-aio-redis
-      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
-      - AIO_TOKEN=${AIO_TOKEN}
-      - NC_DOMAIN=${NC_DOMAIN}
-      - ADMIN_USER=admin
-      - ADMIN_PASSWORD=${NEXTCLOUD_PASSWORD}
-      - NEXTCLOUD_DATA_DIR=/mnt/ncdata
-      - OVERWRITEHOST=${NC_DOMAIN}
-      - OVERWRITEPROTOCOL=https
-      - TURN_SECRET=${TURN_SECRET}
-      - SIGNALING_SECRET=${SIGNALING_SECRET}
-      - ONLYOFFICE_SECRET=${ONLYOFFICE_SECRET}
-      - AIO_URL=${AIO_URL}
-      - NEXTCLOUD_MOUNT=${NEXTCLOUD_MOUNT}
-      - ONLYOFFICE_ENABLED=${ONLYOFFICE_ENABLED}
-      - COLLABORA_ENABLED=${COLLABORA_ENABLED}
-      - COLLABORA_HOST=nextcloud-aio-collabora
-      - TALK_ENABLED=${TALK_ENABLED}
-      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
-      - UPDATE_NEXTCLOUD_APPS=${UPDATE_NEXTCLOUD_APPS}
-      - TZ=${TIMEZONE}
-      - TALK_PORT=${TALK_PORT}
-      - IMAGINARY_ENABLED=${IMAGINARY_ENABLED}
-      - IMAGINARY_HOST=nextcloud-aio-imaginary
-      - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
-      - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED}
-      - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
-      - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
-      - TRUSTED_CACERTS_DIR=${TRUSTED_CACERTS_DIR}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-redis:
-    container_name: nextcloud-aio-redis
-    image: nextcloud/aio-redis:latest-arm64
-    environment:
-      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
-      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-collabora:
-    container_name: nextcloud-aio-collabora
-    image: nextcloud/aio-collabora:latest-arm64
-    environment:
-      - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY}
-      - dictionaries=${COLLABORA_DICTIONARIES}
-      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-talk:
-    container_name: nextcloud-aio-talk
-    image: nextcloud/aio-talk:latest-arm64
-    ports:
-      - ${TALK_PORT}:${TALK_PORT}/tcp
-      - ${TALK_PORT}:${TALK_PORT}/udp
-    environment:
-      - NC_DOMAIN=${NC_DOMAIN}
-      - TURN_SECRET=${TURN_SECRET}
-      - SIGNALING_SECRET=${SIGNALING_SECRET}
-      - JANUS_API_KEY=${JANUS_API_KEY}
-      - TZ=${TIMEZONE}
-      - TALK_PORT=${TALK_PORT}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-onlyoffice:
-    container_name: nextcloud-aio-onlyoffice
-    image: nextcloud/aio-onlyoffice:latest-arm64
-    environment:
-      - TZ=${TIMEZONE}
-      - JWT_ENABLED=true
-      - JWT_HEADER=AuthorizationJwt
-      - JWT_SECRET=${ONLYOFFICE_SECRET}
-    volumes:
-      - nextcloud_aio_onlyoffice:/var/lib/onlyoffice:rw
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-imaginary:
-    container_name: nextcloud-aio-imaginary
-    image: nextcloud/aio-imaginary:latest-arm64
-    environment:
-      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-fulltextsearch:
-    container_name: nextcloud-aio-fulltextsearch
-    image: nextcloud/aio-fulltextsearch:latest-arm64
-    environment:
-      - TZ=${TIMEZONE}
-      - discovery.type=single-node
-      - ES_JAVA_OPTS=-Xms1024M -Xmx1024M
-    volumes:
-      - nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
-
-volumes:
-  nextcloud_aio_apache:
-    name: nextcloud_aio_apache
-  nextcloud_aio_database:
-    name: nextcloud_aio_database
-  nextcloud_aio_database_dump:
-    name: nextcloud_aio_database_dump
-  nextcloud_aio_elasticsearch:
-    name: nextcloud_aio_elasticsearch
-  nextcloud_aio_nextcloud:
-    name: nextcloud_aio_nextcloud
-  nextcloud_aio_onlyoffice:
-    name: nextcloud_aio_onlyoffice
-  nextcloud_aio_nextcloud_data:
-    name: nextcloud_aio_nextcloud_data
-
-networks:
-  nextcloud-aio:
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -2,7 +2,6 @@ version: "3.8"

 services:
  nextcloud-aio-apache:
-    container_name: nextcloud-aio-apache
    depends_on:
      - nextcloud-aio-onlyoffice
      - nextcloud-aio-collabora
@@ -10,7 +9,7 @@ services:
      - nextcloud-aio-nextcloud
    image: nextcloud/aio-apache:latest
    ports:
-      - ${APACHE_PORT}:${APACHE_PORT}/tcp
+      - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/tcp
    environment:
      - NC_DOMAIN=${NC_DOMAIN}
      - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
@@ -24,14 +23,14 @@ services:
    volumes:
      - nextcloud_aio_nextcloud:/var/www/html:ro
      - nextcloud_aio_apache:/mnt/data:rw
-    stop_grace_period: 10s
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-database:
-    container_name: nextcloud-aio-database
    image: nextcloud/aio-postgresql:latest
+    expose:
+      - "5432"
    volumes:
      - nextcloud_aio_database:/var/lib/postgresql/data:rw
      - nextcloud_aio_database_dump:/mnt/data:rw
@@ -45,9 +44,8 @@ services:
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-nextcloud:
-    container_name: nextcloud-aio-nextcloud
    depends_on:
      - nextcloud-aio-database
      - nextcloud-aio-redis
@@ -55,11 +53,14 @@ services:
      - nextcloud-aio-fulltextsearch
      - nextcloud-aio-imaginary
    image: nextcloud/aio-nextcloud:latest
+    expose:
+      - "9000"
+      - "7867"
    volumes:
      - nextcloud_aio_nextcloud:/var/www/html:rw
      - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
      - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
-      - ${TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
+      - ${NEXTCLOUD_TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
    environment:
      - POSTGRES_HOST=nextcloud-aio-database
      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
@@ -92,45 +93,56 @@ services:
      - IMAGINARY_ENABLED=${IMAGINARY_ENABLED}
      - IMAGINARY_HOST=nextcloud-aio-imaginary
      - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
+      - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT}
      - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED}
      - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
      - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
-      - TRUSTED_CACERTS_DIR=${TRUSTED_CACERTS_DIR}
-    stop_grace_period: 10s
+      - TRUSTED_CACERTS_DIR=${NEXTCLOUD_TRUSTED_CACERTS_DIR}
+      - STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
+      - ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS}
+      - ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS}
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-redis:
-    container_name: nextcloud-aio-redis
    image: nextcloud/aio-redis:latest
+    expose:
+      - "6379"
    environment:
      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
+    volumes:
+      - nextcloud_aio_redis:/data:rw
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-collabora:
-    container_name: nextcloud-aio-collabora
+    profiles: ["collabora"]
    image: nextcloud/aio-collabora:latest
+    expose:
+      - "9980"
    environment:
      - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY}
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY} --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json
      - dictionaries=${COLLABORA_DICTIONARIES}
      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
+      - server_name=${NC_DOMAIN}
+    volumes:
+      - nextcloud_aio_collabora_fonts:/opt/cool/systemplate/tmpfonts:rw
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-talk:
-    container_name: nextcloud-aio-talk
+    profiles: ["talk"]
    image: nextcloud/aio-talk:latest
    ports:
      - ${TALK_PORT}:${TALK_PORT}/tcp
      - ${TALK_PORT}:${TALK_PORT}/udp
+    expose:
+      - "8081"
    environment:
      - NC_DOMAIN=${NC_DOMAIN}
      - TURN_SECRET=${TURN_SECRET}
@@ -138,26 +150,29 @@ services:
      - JANUS_API_KEY=${JANUS_API_KEY}
      - TZ=${TIMEZONE}
      - TALK_PORT=${TALK_PORT}
-    stop_grace_period: 10s
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-clamav:
-    container_name: nextcloud-aio-clamav
+    profiles: ["clamav"]
    image: nextcloud/aio-clamav:latest
+    expose:
+      - "3310"
    environment:
      - TZ=${TIMEZONE}
+      - CLAMD_STARTUP_TIMEOUT=90
    volumes:
      - nextcloud_aio_clamav:/var/lib/clamav:rw
-    stop_grace_period: 10s
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-onlyoffice:
-    container_name: nextcloud-aio-onlyoffice
+    profiles: ["onlyoffice"]
    image: nextcloud/aio-onlyoffice:latest
+    expose:
+      - "80"
    environment:
      - TZ=${TIMEZONE}
      - JWT_ENABLED=true
@@ -165,31 +180,33 @@ services:
      - JWT_SECRET=${ONLYOFFICE_SECRET}
    volumes:
      - nextcloud_aio_onlyoffice:/var/lib/onlyoffice:rw
-    stop_grace_period: 10s
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-imaginary:
-    container_name: nextcloud-aio-imaginary
+    profiles: ["imaginary"]
    image: nextcloud/aio-imaginary:latest
+    expose:
+      - "9000"
    environment:
      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
    restart: unless-stopped
    networks:
      - nextcloud-aio
- 
+
  nextcloud-aio-fulltextsearch:
-    container_name: nextcloud-aio-fulltextsearch
+    profiles: ["fulltextsearch"]
    image: nextcloud/aio-fulltextsearch:latest
+    expose:
+      - "9200"
    environment:
      - TZ=${TIMEZONE}
      - discovery.type=single-node
      - ES_JAVA_OPTS=-Xms1024M -Xmx1024M
+      - POSTGRES_HOST=nextcloud-aio-database
    volumes:
      - nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
-    stop_grace_period: 10s
    restart: unless-stopped
    networks:
      - nextcloud-aio
@@ -199,6 +216,8 @@ volumes:
    name: nextcloud_aio_apache
  nextcloud_aio_clamav:
    name: nextcloud_aio_clamav
+  nextcloud_aio_collabora_fonts:
+    name: nextcloud_aio_collabora_fonts
  nextcloud_aio_database:
    name: nextcloud_aio_database
  nextcloud_aio_database_dump:
@@ -209,6 +228,8 @@ volumes:
    name: nextcloud_aio_nextcloud
  nextcloud_aio_onlyoffice:
    name: nextcloud_aio_onlyoffice
+  nextcloud_aio_redis:
+    name: nextcloud_aio_redis
  nextcloud_aio_nextcloud_data:
    name: nextcloud_aio_nextcloud_data

--- a/manual-install/readme.md
+++ b/manual-install/readme.md
@@ -5,12 +5,14 @@ You can run the containers that are build for AIO with docker-compose. This come
 ### Advantages
 - You can run it without a container having access to the docker socket
 - You can modify all values on your own
+- You can run the containers with docker swarm

 ### Disadvantages
 - You lose the AIO interface
 - You lose update notifications and automatic updates
 - You lose all AIO backup and restore features
 - You need to know what you are doing, especially when modifying the docker-compose file
+- For updating, you need to strictly follow the at the bottom described update routine
 - Probably more

 ## How to use this?
@@ -19,20 +21,26 @@ First, install docker and docker-compose if not already done. Then simply run th
 git clone https://github.com/nextcloud/all-in-one.git
 cd all-in-one/manual-install
 ```
-Then copy the sample.conf to a new file, e.g. `cp sample.conf my.conf`, open the new conf file, e.g. with `nano my.conf`, edit all values that are marked with `# TODO!`, close and save the file.
+Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file. (Note: there is no clamav image for arm64).

-Now copy the provided yaml file to a docker-compose file by running on x64 `cp latest.yml docker-compose.yml` and on arm64 `cp latest-arm64.yml docker-compose.yml`.
+Now copy the provided yaml file to a docker-compose file by running `cp latest.yml docker-compose.yml`.

-Now you should be ready to go with `sudo docker-compose --env-file my.conf up`.
+Now you should be ready to go with `sudo docker-compose up`.
+
+## Docker profiles
+The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, onlyoffice, talk, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`. (Note: there is no clamav image for arm64).
+
+For a complete all-in-one with collabora use `sudo docker-compose --profile collabora --profile talk --profile clamav --profile imaginary --profile fulltextsearch up`. (Note: there is no clamav image for arm64).

 ## How to update?
 Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers.
-1. Run `sudo docker-compose --env-file my.conf down` to stop all running containers
+1. If your previous copy of `sample.conf` is named `my.conf`, run `mv my.conf .env` in order to rename the file to `.env`.
+1. Run `sudo docker-compose down` to stop all running containers
 1. Back up all important files and folders
-1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `docker-compose.yml` file up-to-date with the updated one from the repository. You can use `diff docker-compose.yml latest.yml` on x64 and `diff docker-compose.yml latest-arm64.yml` on arm64 for comparing.
+1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `docker-compose.yml` file up-to-date with the updated one from the repository. You can use `diff docker-compose.yml latest.yml` for comparing.
 1. Also have a look at the `sample.conf` if any variable was added or renamed and add that to your conf file as well. Here may help the diff command as well.
-1. After the file update was successful, simply run `sudo docker-compose --env-file my.conf pull` to pull the new images.
-1. At the end run `sudo docker-compose --env-file my.conf up` in order to start and update the containers with the new configuration.
+1. After the file update was successful, simply run `sudo docker-compose pull` to pull the new images.
+1. At the end run `sudo docker-compose up` in order to start and update the containers with the new configuration.

 ## FAQ
 ### Backup and restore?
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -1,28 +1,33 @@
 AIO_TOKEN=123456          # Has no function but needs to be set!
 AIO_URL=localhost          # Has no function but needs to be set!
+APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else) and if that is running on the same host and using localhost to connect
 APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
-APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.
-CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
-COLLABORA_DICTIONARIES=de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
-COLLABORA_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
+APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).
+CLAMAV_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora
+COLLABORA_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
 DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
-FULLTEXTSEARCH_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
-IMAGINARY_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
+FULLTEXTSEARCH_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+IMAGINARY_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 JANUS_API_KEY=          # TODO! This needs to be a unique and good password!
 NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
+NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
+NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
 NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!
 NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container
+NEXTCLOUD_MEMORY_LIMIT=512M          # This allows to change the PHP memory limit of the Nextcloud container
 NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
 NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
+NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
+NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container
-ONLYOFFICE_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
+ONLYOFFICE_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 ONLYOFFICE_SECRET=          # TODO! This needs to be a unique and good password!
 REDIS_PASSWORD=          # TODO! This needs to be a unique and good password!
 SIGNALING_SECRET=          # TODO! This needs to be a unique and good password!
-TALK_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
+TALK_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_PORT=3478          # This allows to adjust the port that the talk container is using.
 TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.
-TRUSTED_CACERTS_DIR=/path/to/my/cacerts          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 TURN_SECRET=          # TODO! This needs to be a unique and good password!
-UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.
+UPDATE_NEXTCLOUD_APPS="no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -1,15 +1,23 @@
 #!/bin/bash

+set -ex
+
 jq -c . ./php/containers.json > /tmp/containers.json
-sed -i 's|","location":"|:|g' /tmp/containers.json
+sed -i 's|aio_services_v1|services|g' /tmp/containers.json
+sed -i 's|","destination":"|:|g' /tmp/containers.json
 sed -i 's|","writeable":false|:ro"|g' /tmp/containers.json
 sed -i 's|","writeable":true|:rw"|g' /tmp/containers.json
+sed -i 's|","port_number":"|:|g' /tmp/containers.json
+sed -i 's|","protocol":"|/|g' /tmp/containers.json
+sed -i 's|"ip_binding":":|"ip_binding":"|g' /tmp/containers.json
+cat /tmp/containers.json
 OUTPUT="$(cat /tmp/containers.json)"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[].internalPorts)')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[].secrets)')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.identifier == "nextcloud-aio-watchtower"))')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.identifier == "nextcloud-aio-domaincheck"))')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.identifier == "nextcloud-aio-borgbackup"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internal_port)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].secrets)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].devices)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"

 snap install yq
 mkdir -p ./manual-install
@@ -17,24 +25,18 @@ echo "$OUTPUT" | yq -P > ./manual-install/containers.yml

 cd manual-install || exit
 sed -i "s|'||g" containers.yml
-sed -i 's|production:|services:|' containers.yml
-sed -i 's|- identifier:|  container_name:|' containers.yml
-sed -i 's|restartPolicy:|restart:|' containers.yml
-sed -i 's|environmentVariables:|environment:|' containers.yml
-sed -i '/displayName:/d' containers.yml
-sed -i 's|maxShutdownTime:|stop_grace_period:|' containers.yml
+sed -i '/display_name:/d' containers.yml
 sed -i '/stop_grace_period:/s/$/s/' containers.yml
-sed -i 's|containerName:|image:|' containers.yml
 sed -i '/: \[\]/d' containers.yml
-sed -i 's|dependsOn:|depends_on:|' containers.yml
-sed -i 's|- name: |- |' containers.yml
+sed -i 's|- source: |- |' containers.yml
+sed -i 's|- ip_binding: |- |' containers.yml

 TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)"
 mapfile -t TCP <<< "$TCP"
 for port in "${TCP[@]}" 
 do
    solve_port="${port%%/tcp}"
-    sed -i "s|$port|$solve_port:$solve_port/tcp|" containers.yml
+    sed -i "s|$solve_port/tcp|$solve_port:$solve_port/tcp|" containers.yml
 done

 UDP="$(grep -oP '[%A-Z0-9_]+/udp' containers.yml | sort -u)"
@@ -42,7 +44,7 @@ mapfile -t UDP <<< "$UDP"
 for port in "${UDP[@]}"
 do
    solve_port="${port%%/udp}"
-    sed -i "s|$port|$solve_port:$solve_port/udp|" containers.yml
+    sed -i "s|$solve_port/udp|$solve_port:$solve_port/udp|" containers.yml
 done

 rm -f sample.conf
@@ -56,10 +58,11 @@ do
    sed -i "s|$variable|\${$sole_variable}|g" containers.yml
 done

-sed -i 's|_ENABLED=|_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.|' sample.conf
-sed -i 's|TALK_ENABLED=no|TALK_ENABLED=yes|' sample.conf
-sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED=yes|' sample.conf
-sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES=de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora|' sample.conf
+sed -i 's|_ENABLED=|_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.|' sample.conf
+sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically. Note: arm64 has no clamav support|' sample.conf
+sed -i 's|TALK_ENABLED=no|TALK_ENABLED="yes"|' sample.conf
+sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED="yes"|' sample.conf
+sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora|' sample.conf
 sed -i 's|NEXTCLOUD_DATADIR=|NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!|' sample.conf
 sed -i 's|NEXTCLOUD_MOUNT=|NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!|' sample.conf
 sed -i 's|NEXTCLOUD_UPLOAD_LIMIT=|NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container|' sample.conf
@@ -67,8 +70,9 @@ sed -i 's|NEXTCLOUD_MEMORY_LIMIT=|NEXTCLOUD_MEMORY_LIMIT=512M          # This al
 sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT|' sample.conf
 sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container|' sample.conf
 sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
-sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
-sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.|' sample.conf
+sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS="no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
+sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).|' sample.conf
+sed -i 's|APACHE_IP_BINDING=|APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else) and if that is running on the same host and using localhost to connect|' sample.conf
 sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf
 sed -i 's|AIO_TOKEN=|AIO_TOKEN=123456          # Has no function but needs to be set!|' sample.conf
 sed -i 's|AIO_URL=|AIO_URL=localhost          # Has no function but needs to be set!|' sample.conf
@@ -76,7 +80,7 @@ sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be chang
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
-sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS=twofactor_totp deck tasks calendar contacts apporder        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
+sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
@@ -92,6 +96,11 @@ do
    if [ "$name" != "nextcloud-aio-apache" ]; then
        OUTPUT="$(echo "$OUTPUT" | sed "/  $name:/i\ ")"
    fi
+    if ! echo "$name" | grep "apache$" && ! echo "$name" | grep "database$" && ! echo "$name" | grep "nextcloud$" && ! echo "$name" | grep "redis$"; then
+        sed -i '/container_name/d' containers.yml
+        SLIM_NAME="${name##nextcloud-aio-}"
+        OUTPUT="$(echo "$OUTPUT" | sed "/container_name: $name$/a\ \ \ \ profiles:\ \[\"$SLIM_NAME\"\]")"
+    fi
 done

 OUTPUT="$(echo "$OUTPUT" | sed "/restart: /a\ \ \ \ networks:\n\ \ \ \ \ \ - nextcloud-aio")"
@@ -101,6 +110,9 @@ echo "" >> containers.yml

 echo "$OUTPUT" >> containers.yml

+sed -i '/container_name/d' containers.yml
+sed -i 's|^ $||' containers.yml
+
 VOLUMES="$(grep -oP 'nextcloud_aio_[a-z_]+' containers.yml | sort -u)"
 mapfile -t VOLUMES <<< "$VOLUMES"
 echo "" >> containers.yml
@@ -120,12 +132,8 @@ networks:
 NETWORK

 cat containers.yml > latest.yml
-sed -i '/image:/s/$/:latest/' latest.yml
-
-cat containers.yml > latest-arm64.yml
-sed -i '/image:/s/$/:latest-arm64/' latest-arm64.yml
-sed -i '/  nextcloud-aio-clamav:/,/^ $/d' latest-arm64.yml
-sed -i '/nextcloud[-_]aio[-_]clamav/d' latest-arm64.yml
-sed -i '/CLAMAV_ENABLED/d' latest-arm64.yml
+sed -i "/image:/s/$/:latest/" latest.yml

 rm containers.yml
+
+set +ex
--- a/manual-upgrade.md
+++ b/manual-upgrade.md
@@ -6,8 +6,9 @@ The only way to fix this on your side is upgrading regularly (e.g. by enabling d

 1. Start all containers from the aio interface (now, it will report that Nextcloud is restarting because it is not able to start due to the above mentioned problem)
 1. Do **not** click on `Stop containers` because you will need them running going forward, see below
+1. Find out with which PHP version your installed Nextcloud is compatible by running `sudo docker exec nextcloud-aio-nextcloud cat lib/versioncheck.php`. (There you will find information about the max. supported PHP version.)
+
 1. Stop the Nextcloud container and the Apache container by running `sudo docker stop nextcloud-aio-nextcloud && sudo docker stop nextcloud-aio-apache`.
-1. Find out with which PHP version your installed Nextcloud is compatible by running `sudo cat /var/lib/docker/volumes/nextcloud_aio_nextcloud/_data/lib/versioncheck.php`. (There you will find information about the max. supported PHP version.)
 1. Run the following commands in order to reverse engineer the Nextcloud container:
    ```bash
        sudo docker pull assaflavie/runlike
@@ -15,7 +16,7 @@ The only way to fix this on your side is upgrading regularly (e.g. by enabling d
        sudo docker run --rm -v /var/run/docker.sock:/var/run/docker.sock assaflavie/runlike -p nextcloud-aio-nextcloud >> /tmp/nextcloud-aio-nextcloud
        sudo chown root:root /tmp/nextcloud-aio-nextcloud
    ```
-1. Now open the file with e.g. nano: `sudo nano /tmp/nextcloud-aio-nextcloud` and change the line that should probably be `nextcloud/aio-nextcloud:latest` on x64 or `nextcloud/aio-nextcloud:latest-arm64` on arm64 to the highest compatible PHP version: E.g. `nextcloud/aio-nextcloud:php8.0-latest` on x64 or `nextcloud/aio-nextcloud:php8.0-latest-arm64` on arm64. Then save the file and close it with `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]`.
+1. Now open the file with e.g. nano: `sudo nano /tmp/nextcloud-aio-nextcloud` and change the line that should probably be `nextcloud/aio-nextcloud:latest` on x64 or `nextcloud/aio-nextcloud:latest-arm64` on arm64 to the highest compatible PHP version: E.g. `nextcloud/aio-nextcloud:php8.0-latest`. Then save the file and close it with `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]`.
 1. After doing so, remove the Nextcloud container with `sudo docker rm nextcloud-aio-nextcloud`.
 1. Now start the Nextcloud container with the new tag by simply running `sudo bash /tmp/nextcloud-aio-nextcloud` which at startup should automatically upgrade Nextcloud to a more recent version. If not, make sure that there is no `skip.update` file in the Nextcloud datadir. If there is such a file, simply delete the file and restart the container again.<br>
 **Info**: You can open the Nextcloud container logs with `sudo docker logs -f nextcloud-aio-nextcloud`.
--- a/Show More
+++ b/Show More