substitute borg --progress by borg -v

Signed-off-by: Simon L <szaimen@e.mail.de>

.github/ISSUE_TEMPLATE/Bug_report.md

@@ -11,6 +11,12 @@ labels: bug, 0. Needs triage
 * Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
 * Subscribe to receive notifications on status change and new comments. 
 
+
+<!---
+For issues with Collabora or Talk, make sure to follow https://github.com/nextcloud/all-in-one/discussions/1358. It may already resolve your issue and/or makes it easier to help you.
+--->
+
+
 <!--- Please fill out the whole template below -->
 ### Steps to reproduce
 1.

.github/workflows/create-psalm-container.yml

@@ -23,7 +23,7 @@ jobs:
       - name: Modify the Dockerfile
         run: |
           set -x
-          sed -i 's|FROM php:7.4-alpine|FROM php:8.0-alpine|' "psalm-github-actions/Dockerfile"
+          sed -i 's|FROM php:7.4-alpine|FROM php:8.1-alpine|' "psalm-github-actions/Dockerfile"
           cat << APCU >> "psalm-github-actions/Dockerfile"
           RUN mkdir -p /usr/src/php/ext/apcu && \
             curl -fsSL https://pecl.php.net/get/apcu | tar xvz -C "/usr/src/php/ext/apcu" --strip 1 && \

.github/workflows/dependency-updates.yml

@@ -13,7 +13,7 @@ jobs:
     - uses: actions/checkout@v3
     - uses: nanasess/setup-php@master
       with:
-        php-version: 8.0
+        php-version: 8.1
         extensions: apcu
     - name: Run dependency update script
       run: |

.github/workflows/lint-php.yml

@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php-versions: ["8.0"]
+        php-versions: ["8.1"]
 
     name: php-lint
 

.github/workflows/nextcloud-update.yml

@@ -58,7 +58,7 @@ jobs:
             | sort -V \
             | tail -1
         )"
-        sed -i "s|pecl install imagick.*|pecl install imagick-$imagick_version >/dev/null|" ./Containers/nextcloud/start.sh
+        sed -i "s|pecl install imagick.*\;|pecl install imagick-$imagick_version\;|" ./Containers/nextcloud/Dockerfile
 
         # Nextcloud
         NC_MAJOR="$(grep "ENV NEXTCLOUD_VERSION" ./Containers/nextcloud/Dockerfile | grep -oP '[23][0-9]')"

.github/workflows/php-deprecation-detector.yml

@@ -13,10 +13,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - name: Set up php8.0
+      - name: Set up php8.1
         uses: shivammathur/setup-php@v2
         with:
-          php-version: 8.0
+          php-version: 8.1
           extensions: apcu
           coverage: none
 

.github/workflows/psalm-analysis.yml

@@ -12,10 +12,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - name: Set up php8.0
+      - name: Set up php8.1
         uses: shivammathur/setup-php@v2
         with:
-          php-version: 8.0
+          php-version: 8.1
           extensions: apcu
           coverage: none
 

.github/workflows/psalm-update-baseline.yml

@@ -12,10 +12,10 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - name: Set up php8.0
+      - name: Set up php8.1
         uses: shivammathur/setup-php@v2
         with:
-          php-version: 8.0
+          php-version: 8.1
           extensions: apcu
           coverage: none
 

.gitignore

@@ -5,4 +5,5 @@
 /php/vendor
 /manual-install/*.conf
 !/manual-install/sample.conf
-/manual-install/docker-compose.yml
+/manual-install/docker-compose.yml
+/manual-install/.env

Containers/apache/Dockerfile

@@ -1,7 +1,7 @@
 # Caddy is a requirement
 FROM caddy:2.6.2-alpine as caddy
 
-FROM debian:bullseye-20221205-slim
+FROM debian:bullseye-20221219-slim
 
 RUN mkdir -p /mnt/data; \
     chown www-data:www-data /mnt/data;
@@ -19,7 +19,6 @@ RUN set -ex; \
         openssl \
         netcat \
         dpkg-dev \
-        curl \
     ; \
     rm -rf /var/lib/apt/lists/*
 

Containers/apache/healthcheck.sh

@@ -1,6 +1,7 @@
 #!/bin/bash
 
-curl -skfI localhost:8000 || exit 1
+nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
+nc -z localhost 8000 || exit 1
 if [ "$APACHE_PORT" != '443' ]; then
     nc -z localhost "$APACHE_PORT" || exit 1
 else

Containers/borgbackup/Dockerfile

@@ -1,4 +1,4 @@
-FROM debian:bullseye-20221205-slim
+FROM debian:bullseye-20221219-slim
 
 RUN set -ex; \
     \

Containers/borgbackup/backupscript.sh

@@ -127,7 +127,7 @@ if [ "$BORG_MODE" = backup ]; then
     # Borg options
     # auto,zstd compression seems to has the best ratio based on:
     # https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6
-    BORG_OPTS=(--stats --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)
+    BORG_OPTS=(-v --stats --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)
 
     # Create the backup
     echo "Starting the backup..."
@@ -174,16 +174,19 @@ if [ "$BORG_MODE" = backup ]; then
                     exit 1
                 fi
             done
+            echo "Starting the backup for additional volumes..."
             if ! borg create "${BORG_OPTS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-docker-volumes" "/docker_volumes/"; then
                 echo "Deleting the failed backup archive..."
                 borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-docker-volumes"
                 echo "Backup of additional docker-volumes failed!"
                 exit 1
             fi
+            echo "Pruning additional volumes..."
             if ! borg prune --prefix '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
                 echo "Failed to prune additional docker-volumes archives!"
                 exit 1
             fi
+            echo "Compacting additional volumes..."
             if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
                 echo "Failed to compact archives!"
                 exit 1
@@ -201,16 +204,19 @@ if [ "$BORG_MODE" = backup ]; then
             do
                 EXCLUDE_DIRS+=(--exclude "/host_mounts/$directory/")
             done
+            echo "Starting the backup for additional host mounts..."
             if ! borg create "${BORG_OPTS[@]}" "${EXCLUDE_DIRS[@]}" "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-host-mounts" "/host_mounts/"; then
                 echo "Deleting the failed backup archive..."
                 borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-additional-host-mounts"
                 echo "Backup of additional host-mounts failed!"
                 exit 1
             fi
+            echo "Pruning additional host mounts..."
             if ! borg prune --prefix '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}"; then
                 echo "Failed to prune additional host-mount archives!"
                 exit 1
             fi
+            echo "Compacting additional host mounts..."
             if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
                 echo "Failed to compact archives!"
                 exit 1
@@ -347,7 +353,7 @@ if [ "$BORG_MODE" = check ]; then
     echo "Checking the backup integrity..."
 
     # Perform the check
-    if ! borg check --verify-data "$BORG_BACKUP_DIRECTORY"; then
+    if ! borg check -v --verify-data "$BORG_BACKUP_DIRECTORY"; then
         echo "Some errors were found while checking the backup integrity!"
         exit 1
     fi
@@ -358,6 +364,23 @@ if [ "$BORG_MODE" = check ]; then
     exit 0
 fi
 
+# Do the Backup check-repair
+if [ "$BORG_MODE" = "check-repair" ]; then
+    get_start_time
+    echo "Checking the backup integrity and repairing it..."
+
+    # Perform the check-repair
+    if ! echo YES | borg check -v --repair "$BORG_BACKUP_DIRECTORY"; then
+        echo "Some errors were found while checking and repairing the backup integrity!"
+        exit 1
+    fi
+
+    # Inform user
+    get_expiration_time
+    echo "Check finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"
+    exit 0
+fi
+
 # Do the backup test
 if [ "$BORG_MODE" = test ]; then
     if ! [ -d "$BORG_BACKUP_DIRECTORY" ]; then

Containers/borgbackup/start.sh

@@ -20,7 +20,7 @@ export BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=yes
 export BORG_RELOCATED_REPO_ACCESS_IS_OK=yes
 
 # Validate BORG_MODE
-if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ] && [ "$BORG_MODE" != test ]; then
+if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != restore ] && [ "$BORG_MODE" != check ] && [ "$BORG_MODE" != "check-repair" ] && [ "$BORG_MODE" != test ]; then
     echo "No correct BORG_MODE mode applied. Valid are 'backup', 'check', 'restore' and 'test'."
     exit 1
 fi

Containers/clamav/Dockerfile

@@ -1,4 +1,4 @@
-# Probably from this file: https://github.com/Cisco-Talos/clamav/blob/main/Dockerfile
+# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/0.105/alpine/Dockerfile
 FROM clamav/clamav:0.105.1-7
 
 RUN apk add --update --no-cache tzdata

Containers/collabora/Dockerfile

@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.8.4.1
+FROM collabora/code:22.05.9.2.1
 
 USER root
 

Containers/domaincheck/Dockerfile

@@ -1,5 +1,5 @@
 FROM alpine:3.16.3
-RUN apk add --update --no-cache lighttpd bash curl netcat-openbsd
+RUN apk add --update --no-cache lighttpd bash netcat-openbsd
 
 RUN adduser -S www-data -G www-data
 RUN rm -rf /etc/lighttpd/lighttpd.conf

Containers/fulltextsearch/Dockerfile

@@ -3,4 +3,12 @@ FROM elasticsearch:7.17.8
 
 RUN elasticsearch-plugin install --batch ingest-attachment
 
-HEALTHCHECK CMD curl -skfI localhost:9200 || exit 1
+RUN set -ex; \
+    \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+        tzdata \
+    ; \
+    rm -rf /var/lib/apt/lists/*
+
+HEALTHCHECK CMD nc -z localhost 9200 || exit 1

Containers/imaginary/Dockerfile

@@ -1,13 +1,11 @@
 # From https://github.com/h2non/imaginary/blob/master/Dockerfile
-FROM nextcloud/imaginary:20221201
+FROM nextcloud/imaginary:20230101
 
 USER root
 RUN set -ex; \
     \
     apt-get update; \
     apt-get install -y --no-install-recommends \
-        ca-certificates \
-        curl \
         netcat \
     ; \
     rm -rf /var/lib/apt/lists/*

Containers/mastercontainer/Dockerfile

@@ -5,7 +5,7 @@ FROM docker:20.10.21-dind-alpine3.16 as dind
 FROM caddy:2.6.2-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.0/bullseye/apache/Dockerfile
-FROM php:8.0.26-apache-bullseye
+FROM php:8.1.13-apache-bullseye
 
 EXPOSE 80
 EXPOSE 8080

Containers/nextcloud/Dockerfile

@@ -41,6 +41,16 @@ RUN set -ex; \
         postgresql-dev \
         libwebp-dev \
         gmp-dev \
+        lcms2-dev \
+        fontconfig-dev \
+        freetype-dev \
+        ghostscript-dev \
+        tiff-dev \
+        zlib-dev \
+        imagemagick-dev \
+        libheif-dev \
+        librsvg-dev \
+        libxext-dev \
     ; \
     \
     docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
@@ -62,6 +72,7 @@ RUN set -ex; \
     pecl install APCu-5.1.22; \
     pecl install memcached-3.2.0; \
     pecl install redis-5.3.7; \
+    pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \
         apcu \
@@ -199,6 +210,10 @@ RUN set -ex; \
         sudo \
         grep \
         coreutils \
+        gcompat \
+        libjpeg \
+        librsvg \
+        libheif \
     ; \
     rm -rf /var/lib/apt/lists/*
 
@@ -235,7 +250,8 @@ RUN set -ex; \
     chmod +x /cron.sh && \
     chmod +x /notify.sh && \
     chmod +x /notify-all.sh && \
-    chmod +x /activate-collabora.sh
+    chmod +x /activate-collabora.sh && \
+    chmod +x /healthcheck.sh
 
 RUN set -ex; \
     mkdir /mnt/ncdata; \
@@ -249,4 +265,4 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 USER root
 ENTRYPOINT ["/start.sh"]
 
-HEALTHCHECK CMD (sudo -u www-data nc -z localhost 9000 && sudo -u www-data nc -z localhost 7867) || exit 1
+HEALTHCHECK CMD sudo -E -u www-data bash /healthcheck.sh

Containers/nextcloud/entrypoint.sh

@@ -263,7 +263,19 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             if [ -n "$STARTUP_APPS" ]; then
                 read -ra STARTUP_APPS_ARRAY <<< "$STARTUP_APPS"
                 for app in "${STARTUP_APPS_ARRAY[@]}"; do
-                    php /var/www/html/occ app:install "$app"
+                    if ! echo "$app" | grep -q '^-'; then 
+                        if [ -z "$(find /var/www/html/apps -type d -maxdepth 1 -mindepth 1 -name "$app" )" ]; then
+                            # If not shipped, install and enable the app
+                            php /var/www/html/occ app:install "$app"
+                        else
+                            # If shipped, enable the app
+                            php /var/www/html/occ app:enable "$app"
+                        fi
+                    else
+                        app="${app#-}"
+                        # Disable the app if '-' was provided in front of the appid
+                        php /var/www/html/occ app:disable "$app"
+                    fi
                 done
             fi
 
@@ -415,6 +427,44 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
     php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$NC_DOMAIN/"
     # Fix https://github.com/nextcloud/all-in-one/issues/188:
     php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
+    # Make collabora more save
+    COLLABORA_IPv4_ADDRESS="$(echo "<?php echo gethostbyname('$NC_DOMAIN');" | php | head -1)"
+    COLLABORA_IPv6_Address="<?php \$record = dns_get_record('$NC_DOMAIN', DNS_AAAA);"
+    # shellcheck disable=SC2016
+    COLLABORA_IPv6_Address+='if (!empty($record)) {echo $record[0]["ipv6"];}'
+    COLLABORA_IPv6_Address="$(echo "$COLLABORA_IPv6_Address" | php | head -1)"
+    COLLABORA_ALLOW_LIST="$(php /var/www/html/occ config:app:get richdocuments wopi_allowlist)"
+    if [ -n "$COLLABORA_IPv4_ADDRESS" ]; then
+        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv4_ADDRESS"; then
+            if [ -z "$COLLABORA_ALLOW_LIST" ]; then
+                COLLABORA_ALLOW_LIST="$COLLABORA_IPv4_ADDRESS"
+            else
+                COLLABORA_ALLOW_LIST+=",$COLLABORA_IPv4_ADDRESS"
+            fi
+        fi
+    else
+        echo "Warning: No ipv4-address found for $NC_DOMAIN."
+    fi
+    if [ -n "$COLLABORA_IPv6_ADDRESS" ]; then
+        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv6_ADDRESS"; then
+            if [ -z "$COLLABORA_ALLOW_LIST" ]; then
+                COLLABORA_ALLOW_LIST="$COLLABORA_IPv6_ADDRESS"
+            else
+                COLLABORA_ALLOW_LIST+=",$COLLABORA_IPv6_ADDRESS"
+            fi
+        fi
+    else
+        echo "No ipv6-address found for $NC_DOMAIN."
+    fi
+    if [ -n "$COLLABORA_ALLOW_LIST" ]; then
+        PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1'
+        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$PRIVATE_IP_RANGES"; then
+            COLLABORA_ALLOW_LIST+=",$PRIVATE_IP_RANGES"
+        fi
+        php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value="$COLLABORA_ALLOW_LIST"
+    else
+        echo "Warning: wopi_allowlist is empty which should not be the case!"
+    fi
 else
     if [ -d "/var/www/html/custom_apps/richdocuments" ]; then
         php /var/www/html/occ app:remove richdocuments
@@ -455,7 +505,7 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
     fi
     # Based on https://github.com/nextcloud/spreed/issues/960#issuecomment-416993435
     if [ -z "$(php /var/www/html/occ talk:turn:list --output="plain")" ]; then
-        php /var/www/html/occ talk:turn:add "$NC_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
+        php /var/www/html/occ talk:turn:add turn "$NC_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
     fi
     if php /var/www/html/occ talk:stun:list --output="plain" | grep -oP '[a-zA-Z.:0-9]+' | grep -q "^stun.nextcloud.com:443$"; then
         php /var/www/html/occ talk:stun:add "$NC_DOMAIN:$TALK_PORT"

Containers/nextcloud/healthcheck.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+nc -z "$POSTGRES_HOST" 5432 || exit 0
+
+if ! nc -z localhost 9000 || ! nc -z localhost 7867; then
+    exit 1
+fi

Containers/nextcloud/start.sh

@@ -30,6 +30,18 @@ if [ -n "$TRUSTED_CACERTS_DIR" ]; then
     update-ca-certificates
 fi
 
+# Check if /dev/dri device is present and apply correct permissions
+set -x
+if ! [ -f "/dev-dri-group-was-added" ] && [ -n "$(find /dev -maxdepth 1 -mindepth 1 -name dri)" ] && [ -n "$(find /dev/dri -maxdepth 1 -mindepth 1 -name renderD128)" ]; then
+    # From https://github.com/pulsejet/memories/wiki/QSV-Transcoding#docker-installations
+    GID="$(stat -c "%g" /dev/dri/renderD128)"
+    groupadd -g "$GID" render2 || true # sometimes this is needed
+    GROUP="$(getent group "$GID" | cut -d: -f1)"
+    usermod -aG "$GROUP" www-data
+    touch "/dev-dri-group-was-added"
+fi
+set +x
+
 # Check datadir permissions
 sudo -u www-data touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
 if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
@@ -57,21 +69,25 @@ if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
     if ! [ -f "/additional-php-extensions-are-installed" ]; then
         read -ra ADDITIONAL_PHP_EXTENSIONS_ARRAY <<< "$ADDITIONAL_PHP_EXTENSIONS"
         for app in "${ADDITIONAL_PHP_EXTENSIONS_ARRAY[@]}"; do
+            if [ "$app" = imagick ]; then
+                echo "Enabling Imagick..."
+                if ! docker-php-ext-enable imagick >/dev/null; then
+                    echo "Could not install PHP extension imagick!"
+                fi
+                continue
+            fi
             # shellcheck disable=SC2086
             if [ "$PHP_DEPS_ARE_INSTALLED" != 1 ]; then
                 echo "Installing PHP build dependencies..."
-                if ! apk add --no-cache --virtual .build-deps libxml2-dev imagemagick-dev autoconf $PHPIZE_DEPS >/dev/null; then
+                    if ! apk add --no-cache --virtual .build-deps \
+                        libxml2-dev \
+                        autoconf \
+                        $PHPIZE_DEPS >/dev/null; then
                     echo "Could not install build-deps!"
                 fi
                 PHP_DEPS_ARE_INSTALLED=1
             fi
-            if [ "$app" = imagick ]; then
-                echo "Installing Imagick via PECL..."
-                pecl install imagick-3.7.0 >/dev/null
-                if ! docker-php-ext-enable imagick >/dev/null; then
-                    echo "Could not install PHP extension imagick!"
-                fi
-            elif [ "$app" = inotify ]; then
+            if [ "$app" = inotify ]; then
                 echo "Installing $app via PECL..."
                 pecl install "$app" >/dev/null
                 if ! docker-php-ext-enable "$app" >/dev/null; then

Containers/onlyoffice/Dockerfile

@@ -1,4 +1,4 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.2.1.34
+FROM onlyoffice/documentserver:7.2.2.56
 
-HEALTHCHECK CMD curl -skfI localhost || exit 1
+HEALTHCHECK CMD nc -z localhost 80 || exit 1

Containers/postgresql/Dockerfile

@@ -1,4 +1,4 @@
-# From https://github.com/docker-library/postgres/blob/master/13/alpine/Dockerfile
+# From https://github.com/docker-library/postgres/blob/master/14/alpine/Dockerfile
 FROM postgres:14.6-alpine
 
 RUN apk add --update --no-cache bash openssl shadow netcat-openbsd grep mawk
@@ -17,9 +17,12 @@ RUN set -ex; \
     chown -R postgres:postgres "$PGDATA"
 
 COPY start.sh /usr/bin/
+COPY healthcheck.sh /usr/bin/
 COPY init-user-db.sh /docker-entrypoint-initdb.d/
-RUN chmod +x /usr/bin/start.sh; \
-    chmod +xr /docker-entrypoint-initdb.d/init-user-db.sh
+RUN set -ex; \
+    chmod +x /usr/bin/start.sh; \
+    chmod +xr /docker-entrypoint-initdb.d/init-user-db.sh; \
+    chmod +x /usr/bin/healthcheck.sh
 
 RUN mkdir /mnt/data; \
     chown postgres:postgres /mnt/data;
@@ -32,4 +35,4 @@ RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 USER postgres
 ENTRYPOINT ["start.sh"]
 
-HEALTHCHECK CMD psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/$POSTGRES_DB" -c "select now()" || exit 1
+HEALTHCHECK CMD healthcheck.sh

Containers/postgresql/healthcheck.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+test -f "/mnt/data/backup-is-running" && exit 0
+
+psql -d "postgresql://$POSTGRES_USER:$POSTGRES_PASSWORD@localhost:5432/$POSTGRES_DB" -c "select now()" || exit 1

Containers/postgresql/init-user-db.sh

@@ -1,9 +1,13 @@
 #!/bin/bash
 set -ex
 
+touch "$DUMP_DIR/initialization.failed"
+
 psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
 	CREATE USER "oc_$POSTGRES_USER" WITH PASSWORD '$POSTGRES_PASSWORD' CREATEDB;
 	ALTER DATABASE "$POSTGRES_DB" OWNER TO "oc_$POSTGRES_USER";
 EOSQL
 
+rm "$DUMP_DIR/initialization.failed"
+
 set +ex

Containers/postgresql/start.sh

@@ -2,7 +2,7 @@
 
 # Variables
 DATADIR="/var/lib/postgresql/data"
-DUMP_DIR="/mnt/data"
+export DUMP_DIR="/mnt/data"
 DUMP_FILE="$DUMP_DIR/database-dump.sql"
 export PGPASSWORD="$POSTGRES_PASSWORD"
 
@@ -20,6 +20,23 @@ if ! [ -w "$DUMP_DIR" ]; then
     exit 1
 fi
 
+# Don't start if import failed
+if [ -f "$DUMP_DIR/import.failed" ]; then
+    echo "The database import failed. Please restore a backup and try again."
+    echo "For further clues on what went wrong, look at the logs above."
+    exit 1
+fi
+
+# Don't start if initialization failed
+if [ -f "$DUMP_DIR/initialization.failed" ]; then
+    echo "The database initialization failed. Most likely was a wrong timezone selected."
+    echo "The selected timezone is '$TZ'." 
+    echo "Please check if it is in 'TZ database name' column of the timezone list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"
+    echo "For further clues on what went wrong, look at the logs above."
+    echo "You might start again from scratch by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance and selecting a proper timezone."
+    exit 1
+fi
+
 # Delete the datadir once (needed for setting the correct credentials on old instances once)
 if ! [ -f "$DUMP_DIR/export.failed" ] && ! [ -f "$DUMP_DIR/initial-cleanup-done" ]; then
     set -ex
@@ -45,9 +62,16 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
         exit 1
     fi
 
+    # Write output to logfile.
+    exec > >(tee -i "$DUMP_DIR/database-import.log")
+    exec 2>&1
+
     # Inform
     echo "Restoring from database dump."
 
+    # Add import.failed file
+    touch "$DUMP_DIR/import.failed"
+
     # Exit if any command fails
     set -ex
 
@@ -76,7 +100,12 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
 
     # Get the Owner
     DB_OWNER="$(grep "$GREP_STRING" "$DUMP_FILE" | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g')"
-    if [ "$DB_OWNER" != "oc_$POSTGRES_USER" ]; then
+    if [ "$DB_OWNER" = "$POSTGRES_USER" ]; then
+        echo "Unfortunately was the found database owner of the dump file the same as the POSTGRES_USER $POSTGRES_USER"
+        echo "It is not possible to import a database dump from this database owner."
+        echo "However you might rename the owner in the dumpfile to something else."
+        exit 1
+    elif [ "$DB_OWNER" != "oc_$POSTGRES_USER" ]; then
         DIFFERENT_DB_OWNER=1
         psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
             CREATE USER "$DB_OWNER" WITH PASSWORD '$POSTGRES_PASSWORD' CREATEDB;
@@ -104,6 +133,9 @@ EOSQL
 
     # Don't exit if command fails anymore
     set +ex
+
+    # Remove import failed file if everything went correctly
+    rm "$DUMP_DIR/import.failed"
 fi
 
 # Cover the last case

Containers/talk/Dockerfile

@@ -53,11 +53,13 @@ RUN curl -sL -o "/usr/share/janus/lua/json.lua" "https://raw.githubusercontent.c
 
 RUN mkdir -p /etc/nats; \
     echo "listen: 127.0.0.1:4222" > /etc/nats/nats.conf; \
+    mkdir /var/lib/turn; \
     chown talk:talk /etc; \
     chown talk:talk -R /etc/nats; \
     chown talk:talk -R /etc/janus; \
     chown talk:talk -R /etc/signaling; \
-    chown talk:talk -R /usr
+    chown talk:talk -R /usr; \
+    chown talk:talk -R /var/lib/turn;
 
 # Give root a random password
 RUN echo "root:$(openssl rand -base64 12)" | chpasswd

Containers/talk/start.sh

@@ -15,7 +15,7 @@ elif [ -z "$SIGNALING_SECRET" ]; then
     exit 1
 fi
 
-# Turn
+# Turn: https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf
 cat << TURN_CONF > "/etc/turnserver.conf"
 listening-port=$TALK_PORT
 fingerprint
@@ -29,6 +29,9 @@ stale-nonce
 no-multicast-peers
 simple-log
 pidfile=/var/tmp/turnserver.pid
+no-tls
+no-dtls
+userdb=/var/lib/turn/turndb
 TURN_CONF
 
 # Janus

docker-compose.yml

@@ -28,9 +28,10 @@ services:
       # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
       # - NEXTCLOUD_MEMORY_LIMIT=512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
       # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
-      # - NEXTCLOUD_STARTUP_APPS=deck tasks calendar contacts # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
+      # - NEXTCLOUD_STARTUP_APPS=deck twofactor_totp tasks calendar contacts # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
       # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
+      # - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container which is needed for hardware-transcoding. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
       # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md

manual-install/latest-arm64.yml

@@ -1,203 +0,0 @@
-version: "3.8"
-
-services:
-  nextcloud-aio-apache:
-    container_name: nextcloud-aio-apache
-    depends_on:
-      - nextcloud-aio-onlyoffice
-      - nextcloud-aio-collabora
-      - nextcloud-aio-talk
-      - nextcloud-aio-nextcloud
-    image: nextcloud/aio-apache:latest-arm64
-    ports:
-      - ${APACHE_PORT}:${APACHE_PORT}/tcp
-    environment:
-      - NC_DOMAIN=${NC_DOMAIN}
-      - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
-      - COLLABORA_HOST=nextcloud-aio-collabora
-      - TALK_HOST=nextcloud-aio-talk
-      - APACHE_PORT=${APACHE_PORT}
-      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
-      - TZ=${TIMEZONE}
-      - APACHE_MAX_SIZE=${APACHE_MAX_SIZE}
-      - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
-    volumes:
-      - nextcloud_aio_nextcloud:/var/www/html:ro
-      - nextcloud_aio_apache:/mnt/data:rw
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-database:
-    container_name: nextcloud-aio-database
-    image: nextcloud/aio-postgresql:latest-arm64
-    volumes:
-      - nextcloud_aio_database:/var/lib/postgresql/data:rw
-      - nextcloud_aio_database_dump:/mnt/data:rw
-    environment:
-      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
-      - POSTGRES_DB=nextcloud_database
-      - POSTGRES_USER=nextcloud
-      - TZ=${TIMEZONE}
-      - PGTZ=${TIMEZONE}
-    stop_grace_period: 1800s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-nextcloud:
-    container_name: nextcloud-aio-nextcloud
-    depends_on:
-      - nextcloud-aio-database
-      - nextcloud-aio-redis
-      - nextcloud-aio-fulltextsearch
-      - nextcloud-aio-imaginary
-    image: nextcloud/aio-nextcloud:latest-arm64
-    volumes:
-      - nextcloud_aio_nextcloud:/var/www/html:rw
-      - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
-      - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
-      - ${NEXTCLOUD_TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
-    environment:
-      - POSTGRES_HOST=nextcloud-aio-database
-      - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
-      - POSTGRES_DB=nextcloud_database
-      - POSTGRES_USER=nextcloud
-      - REDIS_HOST=nextcloud-aio-redis
-      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
-      - AIO_TOKEN=${AIO_TOKEN}
-      - NC_DOMAIN=${NC_DOMAIN}
-      - ADMIN_USER=admin
-      - ADMIN_PASSWORD=${NEXTCLOUD_PASSWORD}
-      - NEXTCLOUD_DATA_DIR=/mnt/ncdata
-      - OVERWRITEHOST=${NC_DOMAIN}
-      - OVERWRITEPROTOCOL=https
-      - TURN_SECRET=${TURN_SECRET}
-      - SIGNALING_SECRET=${SIGNALING_SECRET}
-      - ONLYOFFICE_SECRET=${ONLYOFFICE_SECRET}
-      - AIO_URL=${AIO_URL}
-      - NEXTCLOUD_MOUNT=${NEXTCLOUD_MOUNT}
-      - ONLYOFFICE_ENABLED=${ONLYOFFICE_ENABLED}
-      - COLLABORA_ENABLED=${COLLABORA_ENABLED}
-      - COLLABORA_HOST=nextcloud-aio-collabora
-      - TALK_ENABLED=${TALK_ENABLED}
-      - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
-      - UPDATE_NEXTCLOUD_APPS=${UPDATE_NEXTCLOUD_APPS}
-      - TZ=${TIMEZONE}
-      - TALK_PORT=${TALK_PORT}
-      - IMAGINARY_ENABLED=${IMAGINARY_ENABLED}
-      - IMAGINARY_HOST=nextcloud-aio-imaginary
-      - PHP_UPLOAD_LIMIT=${NEXTCLOUD_UPLOAD_LIMIT}
-      - PHP_MEMORY_LIMIT=${NEXTCLOUD_MEMORY_LIMIT}
-      - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED}
-      - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
-      - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
-      - TRUSTED_CACERTS_DIR=${NEXTCLOUD_TRUSTED_CACERTS_DIR}
-      - STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
-      - ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS}
-      - ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-redis:
-    container_name: nextcloud-aio-redis
-    image: nextcloud/aio-redis:latest-arm64
-    environment:
-      - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
-      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-collabora:
-    container_name: nextcloud-aio-collabora
-    image: nextcloud/aio-collabora:latest-arm64
-    environment:
-      - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY}
-      - dictionaries=${COLLABORA_DICTIONARIES}
-      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-talk:
-    container_name: nextcloud-aio-talk
-    image: nextcloud/aio-talk:latest-arm64
-    ports:
-      - ${TALK_PORT}:${TALK_PORT}/tcp
-      - ${TALK_PORT}:${TALK_PORT}/udp
-    environment:
-      - NC_DOMAIN=${NC_DOMAIN}
-      - TURN_SECRET=${TURN_SECRET}
-      - SIGNALING_SECRET=${SIGNALING_SECRET}
-      - JANUS_API_KEY=${JANUS_API_KEY}
-      - TZ=${TIMEZONE}
-      - TALK_PORT=${TALK_PORT}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-onlyoffice:
-    container_name: nextcloud-aio-onlyoffice
-    image: nextcloud/aio-onlyoffice:latest-arm64
-    environment:
-      - TZ=${TIMEZONE}
-      - JWT_ENABLED=true
-      - JWT_HEADER=AuthorizationJwt
-      - JWT_SECRET=${ONLYOFFICE_SECRET}
-    volumes:
-      - nextcloud_aio_onlyoffice:/var/lib/onlyoffice:rw
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-imaginary:
-    container_name: nextcloud-aio-imaginary
-    image: nextcloud/aio-imaginary:latest-arm64
-    environment:
-      - TZ=${TIMEZONE}
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
- 
-  nextcloud-aio-fulltextsearch:
-    container_name: nextcloud-aio-fulltextsearch
-    image: nextcloud/aio-fulltextsearch:latest-arm64
-    environment:
-      - TZ=${TIMEZONE}
-      - discovery.type=single-node
-      - ES_JAVA_OPTS=-Xms1024M -Xmx1024M
-    volumes:
-      - nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
-    stop_grace_period: 10s
-    restart: unless-stopped
-    networks:
-      - nextcloud-aio
-
-volumes:
-  nextcloud_aio_apache:
-    name: nextcloud_aio_apache
-  nextcloud_aio_database:
-    name: nextcloud_aio_database
-  nextcloud_aio_database_dump:
-    name: nextcloud_aio_database_dump
-  nextcloud_aio_elasticsearch:
-    name: nextcloud_aio_elasticsearch
-  nextcloud_aio_nextcloud:
-    name: nextcloud_aio_nextcloud
-  nextcloud_aio_onlyoffice:
-    name: nextcloud_aio_onlyoffice
-  nextcloud_aio_nextcloud_data:
-    name: nextcloud_aio_nextcloud_data
-
-networks:
-  nextcloud-aio:

manual-install/latest.yml

@@ -2,15 +2,14 @@ version: "3.8"
 
 services:
   nextcloud-aio-apache:
-    container_name: nextcloud-aio-apache
     depends_on:
       - nextcloud-aio-onlyoffice
       - nextcloud-aio-collabora
       - nextcloud-aio-talk
       - nextcloud-aio-nextcloud
-    image: nextcloud/aio-apache:latest
+    image: nextcloud/aio-apache:${IMAGE_TAG}
     ports:
-      - ${APACHE_PORT}:${APACHE_PORT}/tcp
+      - ${APACHE_IP_BINDING}:${APACHE_PORT}:${APACHE_PORT}/tcp
     environment:
       - NC_DOMAIN=${NC_DOMAIN}
       - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
@@ -24,14 +23,12 @@ services:
     volumes:
       - nextcloud_aio_nextcloud:/var/www/html:ro
       - nextcloud_aio_apache:/mnt/data:rw
-    stop_grace_period: 10s
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-database:
-    container_name: nextcloud-aio-database
-    image: nextcloud/aio-postgresql:latest
+    image: nextcloud/aio-postgresql:${IMAGE_TAG}
     volumes:
       - nextcloud_aio_database:/var/lib/postgresql/data:rw
       - nextcloud_aio_database_dump:/mnt/data:rw
@@ -45,16 +42,15 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-nextcloud:
-    container_name: nextcloud-aio-nextcloud
     depends_on:
       - nextcloud-aio-database
       - nextcloud-aio-redis
       - nextcloud-aio-clamav
       - nextcloud-aio-fulltextsearch
       - nextcloud-aio-imaginary
-    image: nextcloud/aio-nextcloud:latest
+    image: nextcloud/aio-nextcloud:${IMAGE_TAG}
     volumes:
       - nextcloud_aio_nextcloud:/var/www/html:rw
       - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
@@ -100,38 +96,38 @@ services:
       - STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
       - ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS}
       - ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS}
-    stop_grace_period: 10s
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-redis:
-    container_name: nextcloud-aio-redis
-    image: nextcloud/aio-redis:latest
+    image: nextcloud/aio-redis:${IMAGE_TAG}
     environment:
       - REDIS_HOST_PASSWORD=${REDIS_PASSWORD}
       - TZ=${TIMEZONE}
-    stop_grace_period: 10s
+    volumes:
+      - nextcloud_aio_redis:/data:rw
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-collabora:
-    container_name: nextcloud-aio-collabora
-    image: nextcloud/aio-collabora:latest
+    profiles: ["collabora"]
+    image: nextcloud/aio-collabora:${IMAGE_TAG}
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY}
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY} --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json
       - dictionaries=${COLLABORA_DICTIONARIES}
       - TZ=${TIMEZONE}
-    stop_grace_period: 10s
+    volumes:
+      - nextcloud_aio_collabora_fonts:/opt/cool/systemplate/tmpfonts:rw
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-talk:
-    container_name: nextcloud-aio-talk
-    image: nextcloud/aio-talk:latest
+    profiles: ["talk"]
+    image: nextcloud/aio-talk:${IMAGE_TAG}
     ports:
       - ${TALK_PORT}:${TALK_PORT}/tcp
       - ${TALK_PORT}:${TALK_PORT}/udp
@@ -142,26 +138,25 @@ services:
       - JANUS_API_KEY=${JANUS_API_KEY}
       - TZ=${TIMEZONE}
       - TALK_PORT=${TALK_PORT}
-    stop_grace_period: 10s
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-clamav:
-    container_name: nextcloud-aio-clamav
-    image: nextcloud/aio-clamav:latest
+    profiles: ["clamav"]
+    image: nextcloud/aio-clamav:${IMAGE_TAG}
     environment:
       - TZ=${TIMEZONE}
+      - CLAMD_STARTUP_TIMEOUT=90
     volumes:
       - nextcloud_aio_clamav:/var/lib/clamav:rw
-    stop_grace_period: 10s
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-onlyoffice:
-    container_name: nextcloud-aio-onlyoffice
-    image: nextcloud/aio-onlyoffice:latest
+    profiles: ["onlyoffice"]
+    image: nextcloud/aio-onlyoffice:${IMAGE_TAG}
     environment:
       - TZ=${TIMEZONE}
       - JWT_ENABLED=true
@@ -169,31 +164,28 @@ services:
       - JWT_SECRET=${ONLYOFFICE_SECRET}
     volumes:
       - nextcloud_aio_onlyoffice:/var/lib/onlyoffice:rw
-    stop_grace_period: 10s
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-imaginary:
-    container_name: nextcloud-aio-imaginary
-    image: nextcloud/aio-imaginary:latest
+    profiles: ["imaginary"]
+    image: nextcloud/aio-imaginary:${IMAGE_TAG}
     environment:
       - TZ=${TIMEZONE}
-    stop_grace_period: 10s
     restart: unless-stopped
     networks:
       - nextcloud-aio
- 
+
   nextcloud-aio-fulltextsearch:
-    container_name: nextcloud-aio-fulltextsearch
-    image: nextcloud/aio-fulltextsearch:latest
+    profiles: ["fulltextsearch"]
+    image: nextcloud/aio-fulltextsearch:${IMAGE_TAG}
     environment:
       - TZ=${TIMEZONE}
       - discovery.type=single-node
       - ES_JAVA_OPTS=-Xms1024M -Xmx1024M
     volumes:
       - nextcloud_aio_elasticsearch:/usr/share/elasticsearch/data:rw
-    stop_grace_period: 10s
     restart: unless-stopped
     networks:
       - nextcloud-aio
@@ -203,6 +195,8 @@ volumes:
     name: nextcloud_aio_apache
   nextcloud_aio_clamav:
     name: nextcloud_aio_clamav
+  nextcloud_aio_collabora_fonts:
+    name: nextcloud_aio_collabora_fonts
   nextcloud_aio_database:
     name: nextcloud_aio_database
   nextcloud_aio_database_dump:
@@ -213,6 +207,8 @@ volumes:
     name: nextcloud_aio_nextcloud
   nextcloud_aio_onlyoffice:
     name: nextcloud_aio_onlyoffice
+  nextcloud_aio_redis:
+    name: nextcloud_aio_redis
   nextcloud_aio_nextcloud_data:
     name: nextcloud_aio_nextcloud_data
 

manual-install/readme.md

@@ -21,20 +21,26 @@ First, install docker and docker-compose if not already done. Then simply run th
 git clone https://github.com/nextcloud/all-in-one.git
 cd all-in-one/manual-install
 ```
-Then copy the sample.conf to a new file, e.g. `cp sample.conf my.conf`, open the new conf file, e.g. with `nano my.conf`, edit all values that are marked with `# TODO!`, close and save the file.
+Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file.  For arm64 support use `IMAGE_TAG=latest-arm64` (Note: there is no clamav image for arm64).
 
-Now copy the provided yaml file to a docker-compose file by running on x64 `cp latest.yml docker-compose.yml` and on arm64 `cp latest-arm64.yml docker-compose.yml`.
+Now copy the provided yaml file to a docker-compose file by running `cp latest.yml docker-compose.yml`.
 
-Now you should be ready to go with `sudo docker-compose --env-file my.conf up`.
+Now you should be ready to go with `sudo docker-compose up`.
+
+## Docker profiles
+The default profile of `latest.yml` only provide the minimum necessary services: nextcloud, database, redis and apache. To get optional services collabora, onlyoffice, talk, clamav, imaginary or fulltextsearch use additional arguments for each of them, for example `--profile collabora`.
+
+For a complete all-in-one with collabora use `sudo docker-compose --profile collabora --profile talk --profile clamav --profile imaginary --profile fulltextsearch up`.
 
 ## How to update?
 Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers.
-1. Run `sudo docker-compose --env-file my.conf down` to stop all running containers
+1. If your previous copy of `sample.conf` is named `my.conf`, run `mv my.conf .env` in order to rename the file to `.env`.
+1. Run `sudo docker-compose down` to stop all running containers
 1. Back up all important files and folders
 1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `docker-compose.yml` file up-to-date with the updated one from the repository. You can use `diff docker-compose.yml latest.yml` on x64 and `diff docker-compose.yml latest-arm64.yml` on arm64 for comparing.
 1. Also have a look at the `sample.conf` if any variable was added or renamed and add that to your conf file as well. Here may help the diff command as well.
-1. After the file update was successful, simply run `sudo docker-compose --env-file my.conf pull` to pull the new images.
-1. At the end run `sudo docker-compose --env-file my.conf up` in order to start and update the containers with the new configuration.
+1. After the file update was successful, simply run `sudo docker-compose pull` to pull the new images.
+1. At the end run `sudo docker-compose up` in order to start and update the containers with the new configuration.
 
 ## FAQ
 ### Backup and restore?

manual-install/sample.conf

@@ -1,8 +1,10 @@
+IMAGE_TAG=latest          # Version of docker images, should be latest or latest-arm64. Note: latest-arm64 has no clamav support
 AIO_TOKEN=123456          # Has no function but needs to be set!
 AIO_URL=localhost          # Has no function but needs to be set!
+APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a reverse proxy and if that is running on the same host and using localhost to connect
 APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.
-CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
+CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support
 COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora
 COLLABORA_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
 COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
@@ -18,7 +20,7 @@ NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit o
 NEXTCLOUD_MEMORY_LIMIT=512M          # This allows to change the PHP memory limit of the Nextcloud container
 NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
 NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
-NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
+NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container
 ONLYOFFICE_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.

manual-install/update-yaml.sh

@@ -1,15 +1,21 @@
 #!/bin/bash
 
 jq -c . ./php/containers.json > /tmp/containers.json
-sed -i 's|","location":"|:|g' /tmp/containers.json
+sed -i 's|aio_services_v1|services|g' /tmp/containers.json
+sed -i 's|","destination":"|:|g' /tmp/containers.json
 sed -i 's|","writeable":false|:ro"|g' /tmp/containers.json
 sed -i 's|","writeable":true|:rw"|g' /tmp/containers.json
+sed -i 's|","port_number":"|:|g' /tmp/containers.json
+sed -i 's|","protocol":"|/|g' /tmp/containers.json
+sed -i 's|"ip_binding":":|"ip_binding":"|g' /tmp/containers.json
+cat /tmp/containers.json
 OUTPUT="$(cat /tmp/containers.json)"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[].internalPorts)')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[].secrets)')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.identifier == "nextcloud-aio-watchtower"))')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.identifier == "nextcloud-aio-domaincheck"))')"
-OUTPUT="$(echo "$OUTPUT" | jq 'del(.production[] | select(.identifier == "nextcloud-aio-borgbackup"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internal_port)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].secrets)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].devices)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
 
 snap install yq
 mkdir -p ./manual-install
@@ -17,24 +23,18 @@ echo "$OUTPUT" | yq -P > ./manual-install/containers.yml
 
 cd manual-install || exit
 sed -i "s|'||g" containers.yml
-sed -i 's|production:|services:|' containers.yml
-sed -i 's|- identifier:|  container_name:|' containers.yml
-sed -i 's|restartPolicy:|restart:|' containers.yml
-sed -i 's|environmentVariables:|environment:|' containers.yml
-sed -i '/displayName:/d' containers.yml
-sed -i 's|maxShutdownTime:|stop_grace_period:|' containers.yml
+sed -i '/display_name:/d' containers.yml
 sed -i '/stop_grace_period:/s/$/s/' containers.yml
-sed -i 's|containerName:|image:|' containers.yml
 sed -i '/: \[\]/d' containers.yml
-sed -i 's|dependsOn:|depends_on:|' containers.yml
-sed -i 's|- name: |- |' containers.yml
+sed -i 's|- source: |- |' containers.yml
+sed -i 's|- ip_binding: |- |' containers.yml
 
 TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)"
 mapfile -t TCP <<< "$TCP"
 for port in "${TCP[@]}" 
 do
     solve_port="${port%%/tcp}"
-    sed -i "s|$port|$solve_port:$solve_port/tcp|" containers.yml
+    sed -i "s|$solve_port/tcp|$solve_port:$solve_port/tcp|" containers.yml
 done
 
 UDP="$(grep -oP '[%A-Z0-9_]+/udp' containers.yml | sort -u)"
@@ -42,10 +42,11 @@ mapfile -t UDP <<< "$UDP"
 for port in "${UDP[@]}"
 do
     solve_port="${port%%/udp}"
-    sed -i "s|$port|$solve_port:$solve_port/udp|" containers.yml
+    sed -i "s|$solve_port/udp|$solve_port:$solve_port/udp|" containers.yml
 done
 
 rm -f sample.conf
+echo 'IMAGE_TAG=latest          # Version of docker images, should be latest or latest-arm64. Note: latest-arm64 has no clamav support' >> sample.conf
 VARIABLES="$(grep -oP '%[A-Z_a-z0-6]+%' containers.yml | sort -u)"
 mapfile -t VARIABLES <<< "$VARIABLES"
 for variable in "${VARIABLES[@]}"
@@ -57,6 +58,7 @@ do
 done
 
 sed -i 's|_ENABLED=|_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.|' sample.conf
+sed -i 's|CLAMAV_ENABLED=no.*|CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically. Note: latest-arm64 has no clamav support|' sample.conf
 sed -i 's|TALK_ENABLED=no|TALK_ENABLED=yes|' sample.conf
 sed -i 's|COLLABORA_ENABLED=no|COLLABORA_ENABLED=yes|' sample.conf
 sed -i 's|COLLABORA_DICTIONARIES=|COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora|' sample.conf
@@ -69,6 +71,7 @@ sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to
 sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
 sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
 sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.|' sample.conf
+sed -i 's|APACHE_IP_BINDING=|APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a reverse proxy and if that is running on the same host and using localhost to connect|' sample.conf
 sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf
 sed -i 's|AIO_TOKEN=|AIO_TOKEN=123456          # Has no function but needs to be set!|' sample.conf
 sed -i 's|AIO_URL=|AIO_URL=localhost          # Has no function but needs to be set!|' sample.conf
@@ -76,7 +79,7 @@ sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be chang
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
-sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
+sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
@@ -92,6 +95,11 @@ do
     if [ "$name" != "nextcloud-aio-apache" ]; then
         OUTPUT="$(echo "$OUTPUT" | sed "/  $name:/i\ ")"
     fi
+    if ! echo "$name" | grep "apache$" && ! echo "$name" | grep "database$" && ! echo "$name" | grep "nextcloud$" && ! echo "$name" | grep "redis$"; then
+        sed -i '/container_name/d' containers.yml
+        SLIM_NAME="${name##nextcloud-aio-}"
+        OUTPUT="$(echo "$OUTPUT" | sed "/container_name: $name$/a\ \ \ \ profiles:\ \[\"$SLIM_NAME\"\]")"
+    fi
 done
 
 OUTPUT="$(echo "$OUTPUT" | sed "/restart: /a\ \ \ \ networks:\n\ \ \ \ \ \ - nextcloud-aio")"
@@ -102,6 +110,7 @@ echo "" >> containers.yml
 echo "$OUTPUT" >> containers.yml
 
 sed -i '/container_name/d' containers.yml
+sed -i 's|^ $||' containers.yml
 
 VOLUMES="$(grep -oP 'nextcloud_aio_[a-z_]+' containers.yml | sort -u)"
 mapfile -t VOLUMES <<< "$VOLUMES"
@@ -122,12 +131,6 @@ networks:
 NETWORK
 
 cat containers.yml > latest.yml
-sed -i '/image:/s/$/:latest/' latest.yml
-
-cat containers.yml > latest-arm64.yml
-sed -i '/image:/s/$/:latest-arm64/' latest-arm64.yml
-sed -i '/  nextcloud-aio-clamav:/,/^ $/d' latest-arm64.yml
-sed -i '/nextcloud[-_]aio[-_]clamav/d' latest-arm64.yml
-sed -i '/CLAMAV_ENABLED/d' latest-arm64.yml
+sed -i "/image:/s/$/:\${IMAGE_TAG}/" latest.yml
 
 rm containers.yml

migration.md

@@ -64,7 +64,8 @@ The procedure for migrating the files and the database works like this:
     1. Type in `local::/your/old/datadir/` which should bring up the exact line where you need to modify the path to use the one used in Nextcloud AIO, instead.
     1. Change it to look like this: `local::/mnt/ncdata/`.
     1. Now save the file by pressing `[CTRL] + [o]` then `[ENTER]` and close nano by pressing `[CTRL] + [x]`
-    1. In order to make sure that everything is good, you can now run `grep "/your/old/datadir" database-dump.sql` which should not bring up further results.
+    1. In order to make sure that everything is good, you can now run `grep "/your/old/datadir" database-dump.sql` which should not bring up further results.<br>
+    1. **Please note:** Unfortunately it is not possible to import a database dump from a former database owner with the name `nextcloud`. You can check if that is the case with this command: `grep "Name: oc_appconfig; Type: TABLE; Schema: public; Owner:" database-dump.sql | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g'`. If it returns `nextcloud`, you need to rename the owner in the dump file manually. A command like the following should work, however please note that it is possible that it will overwrite wrong lines. You can thus first check which lines it will change with `grep "Owner: nextcloud$" database-dump.sql`. If only correct  looking lines get returned, feel free to change them with `sed -i 's|Owner: nextcloud$|Owner: ncadmin|' database-dump.sql`. 
 1. Next, copy the database dump into the correct place and prepare the database container which will import from the database dump automatically the next container start: 
     ```
     sudo rm /var/lib/docker/volumes/nextcloud_aio_database_dump/_data/database-dump.sql

php/composer.json

@@ -5,7 +5,7 @@
         }
     },
     "require": {
-        "php": "^8.0",
+        "php": "^8.1",
         "ext-json": "*",
         "ext-sodium": "*",
         "ext-curl": "*",
@@ -22,6 +22,6 @@
 		"psalm": "psalm --threads=1",
 		"psalm:update-baseline": "psalm --threads=1 --update-baseline",
 		"lint": "find . -name \\*.php -not -path './vendor/*' -exec php -l {} \\;",
-		"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.0 \\;"
+		"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.1 \\;"
 	}
 }

php/composer.lock

@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "46e4dcf2df4e1a85aba17d664cacd815",
+    "content-hash": "7a318338d9e074d6f02e1fba5b3dda24",
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
@@ -1375,25 +1375,25 @@
         },
         {
             "name": "symfony/deprecation-contracts",
-            "version": "v3.0.2",
+            "version": "v3.2.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/deprecation-contracts.git",
-                "reference": "26954b3d62a6c5fd0ea8a2a00c0353a14978d05c"
+                "reference": "1ee04c65529dea5d8744774d474e7cbd2f1206d3"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/26954b3d62a6c5fd0ea8a2a00c0353a14978d05c",
-                "reference": "26954b3d62a6c5fd0ea8a2a00c0353a14978d05c",
+                "url": "https://api.github.com/repos/symfony/deprecation-contracts/zipball/1ee04c65529dea5d8744774d474e7cbd2f1206d3",
+                "reference": "1ee04c65529dea5d8744774d474e7cbd2f1206d3",
                 "shasum": ""
             },
             "require": {
-                "php": ">=8.0.2"
+                "php": ">=8.1"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-main": "3.0-dev"
+                    "dev-main": "3.3-dev"
                 },
                 "thanks": {
                     "name": "symfony/contracts",
@@ -1422,7 +1422,7 @@
             "description": "A generic function and convention to trigger deprecation notices",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.0.2"
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.2.0"
             },
             "funding": [
                 {
@@ -1438,7 +1438,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-01-02T09:55:41+00:00"
+            "time": "2022-11-25T10:21:52+00:00"
         },
         {
             "name": "symfony/polyfill-ctype",
@@ -1686,16 +1686,16 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.4.3",
+            "version": "v3.5.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58"
+                "reference": "3ffcf4b7d890770466da3b2666f82ac054e7ec72"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/c38fd6b0b7f370c198db91ffd02e23b517426b58",
-                "reference": "c38fd6b0b7f370c198db91ffd02e23b517426b58",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/3ffcf4b7d890770466da3b2666f82ac054e7ec72",
+                "reference": "3ffcf4b7d890770466da3b2666f82ac054e7ec72",
                 "shasum": ""
             },
             "require": {
@@ -1710,7 +1710,7 @@
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "3.4-dev"
+                    "dev-master": "3.5-dev"
                 }
             },
             "autoload": {
@@ -1746,7 +1746,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.4.3"
+                "source": "https://github.com/twigphp/Twig/tree/v3.5.0"
             },
             "funding": [
                 {
@@ -1758,7 +1758,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-09-28T08:42:51+00:00"
+            "time": "2022-12-27T12:28:18+00:00"
         }
     ],
     "packages-dev": [],
@@ -1768,7 +1768,7 @@
     "prefer-stable": false,
     "prefer-lowest": false,
     "platform": {
-        "php": "^8.0",
+        "php": "^8.1",
         "ext-json": "*",
         "ext-sodium": "*",
         "ext-curl": "*",

php/containers-schema.json

@@ -1,57 +1,77 @@
 {
 	"type": "object",
 	"description": "AIO containers definition schema",
-	"additionalProperties": false,
 	"minProperties": 1,
+	"required": ["aio_services_v1"],
 	"properties": {
-		"production": {
+		"aio_services_v1": {
 			"type": "array",
 			"items": {
 				"type": "object",
 				"additionalProperties": false,
-				"minProperties": 11,
+				"minProperties": 2,
+				"required": ["image", "container_name"],
 				"properties": {
-					"containerName": {
+					"image": {
 						"type": "string"
 					},
-					"dependsOn": {
+					"depends_on": {
 						"type": "array",
 						"items": {
 							"type": "string"
 						}
 					},
-					"displayName": {
+					"display_name": {
 						"type": "string"
 					},
-					"environmentVariables": {
+					"environment": {
 						"type": "array",
 						"items": {
 							"type": "string"
 						}
 					},
-					"identifier": {
+					"container_name": {
 						"type": "string"
 					},
-					"internalPorts": {
-						"type": "array",
-						"items": {
-							"type": "string"
-						}
+					"internal_port": {
+						"type": "string"
 					},
-					"maxShutdownTime": {
+					"stop_grace_period": {
 						"type": "integer"
 					},
 					"ports": {
 						"type": "array",
 						"items": {
-							"type": "string"
+							"type": "object",
+							"additionalProperties": false,
+							"minProperties": 3,
+							"properties": {
+								"ip_binding": {
+									"type": "string"
+								},
+								"port_number": {
+									"type": "string"
+								},
+								"protocol": {
+									"type": "string"
+								}
+							}
 						}
 					},
-					"restartPolicy": {
+					"restart": {
 						"type": "string"
 					},
 					"secrets": {
-						"type": "array"
+						"type": "array",
+						"items": {
+							"type": "string"
+						}
+					},
+					"devices": {
+						"type": "array",
+						"items": {
+							"type": "string"
+						}
 					},
 					"volumes": {
 						"type": "array",
@@ -60,10 +80,10 @@
 							"additionalProperties": false,
 							"minProperties": 3,
 							"properties": {
-								"location": {
+								"destination": {
 									"type": "string"
 								},
-								"name": {
+								"source": {
 									"type": "string"
 								},
 								"writeable": {

php/containers.json

@@ -1,23 +1,24 @@
 {
-  "production": [
+  "aio_services_v1": [
     {
-      "identifier": "nextcloud-aio-apache",
-      "dependsOn": [
+      "container_name": "nextcloud-aio-apache",
+      "depends_on": [
         "nextcloud-aio-onlyoffice",
         "nextcloud-aio-collabora",
         "nextcloud-aio-talk",
         "nextcloud-aio-nextcloud"
       ],
-      "displayName": "Apache",
-      "containerName": "nextcloud/aio-apache",
+      "display_name": "Apache",
+      "image": "nextcloud/aio-apache",
       "ports": [
-        "%APACHE_PORT%/tcp"
+        {
+          "ip_binding": "%APACHE_IP_BINDING%",
+          "port_number": "%APACHE_PORT%",
+          "protocol": "tcp"
+        }
       ],
-      "internalPorts": [
-        "%APACHE_PORT%"
-      ],
-      "secrets": [],
-      "environmentVariables": [
+      "internal_port": "%APACHE_PORT%",
+      "environment": [
         "NC_DOMAIN=%NC_DOMAIN%",
         "NEXTCLOUD_HOST=nextcloud-aio-nextcloud",
         "COLLABORA_HOST=nextcloud-aio-collabora",
@@ -30,68 +31,60 @@
       ],
       "volumes": [
         {
-          "name": "nextcloud_aio_nextcloud",
-          "location": "/var/www/html",
+          "source": "nextcloud_aio_nextcloud",
+          "destination": "/var/www/html",
           "writeable": false
         },
         {
-          "name": "nextcloud_aio_apache",
-          "location": "/mnt/data",
+          "source": "nextcloud_aio_apache",
+          "destination": "/mnt/data",
           "writeable": true
         }
       ],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
     },
     {
-      "identifier": "nextcloud-aio-database",
-      "dependsOn": [],
-      "displayName": "Database",
-      "containerName": "nextcloud/aio-postgresql",
-      "ports": [],
-      "internalPorts": [
-        "5432"
-      ],
+      "container_name": "nextcloud-aio-database",
+      "display_name": "Database",
+      "image": "nextcloud/aio-postgresql",
+      "internal_port": "5432",
       "secrets": [
         "DATABASE_PASSWORD"
       ],
       "volumes": [
         {
-          "name": "nextcloud_aio_database",
-          "location": "/var/lib/postgresql/data",
+          "source": "nextcloud_aio_database",
+          "destination": "/var/lib/postgresql/data",
           "writeable": true
         },
         {
-          "name": "nextcloud_aio_database_dump",
-          "location": "/mnt/data",
+          "source": "nextcloud_aio_database_dump",
+          "destination": "/mnt/data",
           "writeable": true
         }
       ],
-      "environmentVariables": [
+      "environment": [
         "POSTGRES_PASSWORD=%DATABASE_PASSWORD%",
         "POSTGRES_DB=nextcloud_database",
         "POSTGRES_USER=nextcloud",
         "TZ=%TIMEZONE%",
         "PGTZ=%TIMEZONE%"
       ],
-      "maxShutdownTime": 1800,
-      "restartPolicy": "unless-stopped"
+      "stop_grace_period": 1800,
+      "restart": "unless-stopped"
     },
     {
-      "identifier": "nextcloud-aio-nextcloud",
-      "dependsOn": [
+      "container_name": "nextcloud-aio-nextcloud",
+      "depends_on": [
         "nextcloud-aio-database",
         "nextcloud-aio-redis",
         "nextcloud-aio-clamav",
         "nextcloud-aio-fulltextsearch",
         "nextcloud-aio-imaginary"
       ],
-      "displayName": "Nextcloud",
-      "containerName": "nextcloud/aio-nextcloud",
-      "ports": [],
-      "internalPorts": [
-        "9000"
-      ],
+      "display_name": "Nextcloud",
+      "image": "nextcloud/aio-nextcloud",
+      "internal_port": "9000",
       "secrets": [
         "DATABASE_PASSWORD",
         "REDIS_PASSWORD",
@@ -101,27 +94,27 @@
       ],
       "volumes": [
         {
-          "name": "nextcloud_aio_nextcloud",
-          "location": "/var/www/html",
+          "source": "nextcloud_aio_nextcloud",
+          "destination": "/var/www/html",
           "writeable": true
         },
         {
-          "name": "%NEXTCLOUD_DATADIR%",
-          "location": "/mnt/ncdata",
+          "source": "%NEXTCLOUD_DATADIR%",
+          "destination": "/mnt/ncdata",
           "writeable": true
         },
         {
-          "name": "%NEXTCLOUD_MOUNT%",
-          "location": "%NEXTCLOUD_MOUNT%",
+          "source": "%NEXTCLOUD_MOUNT%",
+          "destination": "%NEXTCLOUD_MOUNT%",
           "writeable": true
         },
         {
-          "name": "%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
-          "location": "/usr/local/share/ca-certificates",
+          "source": "%NEXTCLOUD_TRUSTED_CACERTS_DIR%",
+          "destination": "/usr/local/share/ca-certificates",
           "writeable": false
         }
       ],
-      "environmentVariables": [
+      "environment": [
         "POSTGRES_HOST=nextcloud-aio-database",
         "POSTGRES_PASSWORD=%DATABASE_PASSWORD%",
         "POSTGRES_DB=nextcloud_database",
@@ -162,26 +155,24 @@
         "ADDITIONAL_APKS=%NEXTCLOUD_ADDITIONAL_APKS%",
         "ADDITIONAL_PHP_EXTENSIONS=%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%"
       ],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped",
+      "devices": [
+        "/dev/dri"
+      ]
     },
     {
-      "identifier": "nextcloud-aio-redis",
-      "dependsOn": [],
-      "displayName": "Redis",
-      "containerName": "nextcloud/aio-redis",
-      "ports": [],
-      "internalPorts": [
-        "6379"
-      ],
-      "environmentVariables": [
+      "container_name": "nextcloud-aio-redis",
+      "display_name": "Redis",
+      "image": "nextcloud/aio-redis",
+      "internal_port": "6379",
+      "environment": [
         "REDIS_HOST_PASSWORD=%REDIS_PASSWORD%",
         "TZ=%TIMEZONE%"
       ],
       "volumes": [
         {
-          "name": "nextcloud_aio_redis",
-          "location": "/data",
+          "source": "nextcloud_aio_redis",
+          "destination": "/data",
           "writeable": true
         }
       ],
@@ -189,48 +180,46 @@
         "REDIS_PASSWORD",
         "ONLYOFFICE_SECRET"
       ],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
     },
     {
-      "identifier": "nextcloud-aio-collabora",
-      "dependsOn": [],
-      "displayName": "Collabora",
-      "containerName": "nextcloud/aio-collabora",
-      "ports": [],
-      "internalPorts": [
-        "9980"
-      ],
-      "environmentVariables": [
+      "container_name": "nextcloud-aio-collabora",
+      "display_name": "Collabora",
+      "image": "nextcloud/aio-collabora",
+      "internal_port": "9980",
+      "environment": [
         "aliasgroup1=https://%NC_DOMAIN%:443",
-        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY%",
+        "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%"
       ],
       "volumes": [
         {
-          "name": "nextcloud_aio_collabora_fonts",
-          "location": "/opt/cool/systemplate/tmpfonts",
+          "source": "nextcloud_aio_collabora_fonts",
+          "destination": "/opt/cool/systemplate/tmpfonts",
           "writeable": true
         }
       ],
-      "secrets": [],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
     },
     {
-      "identifier": "nextcloud-aio-talk",
-      "dependsOn": [],
-      "displayName": "Talk",
-      "containerName": "nextcloud/aio-talk",
+      "container_name": "nextcloud-aio-talk",
+      "display_name": "Talk",
+      "image": "nextcloud/aio-talk",
       "ports": [
-        "%TALK_PORT%/tcp",
-        "%TALK_PORT%/udp"
+        {
+          "ip_binding": "",
+          "port_number": "%TALK_PORT%",
+          "protocol": "tcp"
+        },
+        {
+          "ip_binding": "",
+          "port_number": "%TALK_PORT%",
+          "protocol": "udp"
+        }
       ],
-      "internalPorts": [
-        "%TALK_PORT%"
-      ],
-      "environmentVariables": [
+      "internal_port": "%TALK_PORT%",
+      "environment": [
         "NC_DOMAIN=%NC_DOMAIN%",
         "TURN_SECRET=%TURN_SECRET%",
         "SIGNALING_SECRET=%SIGNALING_SECRET%",
@@ -238,23 +227,17 @@
         "TZ=%TIMEZONE%",
         "TALK_PORT=%TALK_PORT%"
       ],
-      "volumes": [],
       "secrets": [
         "TURN_SECRET",
         "SIGNALING_SECRET",
         "JANUS_API_KEY"
       ],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
     },
     {
-      "identifier": "nextcloud-aio-borgbackup",
-      "dependsOn": [],
-      "displayName": "Borgbackup",
-      "containerName": "nextcloud/aio-borgbackup",
-      "ports": [],
-      "internalPorts": [],
-      "environmentVariables": [
+      "container_name": "nextcloud-aio-borgbackup",
+      "image": "nextcloud/aio-borgbackup",
+      "environment": [
         "BORG_PASSWORD=%BORGBACKUP_PASSWORD%",
         "BORG_MODE=%BORGBACKUP_MODE%",
         "SELECTED_RESTORE_TIME=%SELECTED_RESTORE_TIME%",
@@ -264,137 +247,120 @@
       ],
       "volumes": [
         {
-          "name": "nextcloud_aio_backup_cache",
-          "location": "/root",
+          "source": "nextcloud_aio_backup_cache",
+          "destination": "/root",
           "writeable": true
         },
         {
-          "name": "nextcloud_aio_nextcloud",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud",
+          "source": "nextcloud_aio_nextcloud",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud",
           "writeable": true
         },
         {
-          "name": "%NEXTCLOUD_DATADIR%",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data",
+          "source": "%NEXTCLOUD_DATADIR%",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data",
           "writeable": true
         },
         {
-          "name": "nextcloud_aio_database",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_database",
+          "source": "nextcloud_aio_database",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_database",
           "writeable": true
         },
         {
-          "name": "nextcloud_aio_database_dump",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_database_dump",
+          "source": "nextcloud_aio_database_dump",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_database_dump",
           "writeable": true
         },
         {
-          "name": "nextcloud_aio_apache",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_apache",
+          "source": "nextcloud_aio_apache",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_apache",
           "writeable": true
         },
         {
-          "name": "nextcloud_aio_mastercontainer",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer",
+          "source": "nextcloud_aio_mastercontainer",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer",
           "writeable": true
         },
         {
-          "name": "%BORGBACKUP_HOST_LOCATION%",
-          "location": "/mnt/borgbackup",
+          "source": "%BORGBACKUP_HOST_LOCATION%",
+          "destination": "/mnt/borgbackup",
           "writeable": true
         },
         {
-          "name": "nextcloud_aio_elasticsearch",
-          "location": "/nextcloud_aio_volumes/nextcloud_aio_elasticsearch",
+          "source": "nextcloud_aio_elasticsearch",
+          "destination": "/nextcloud_aio_volumes/nextcloud_aio_elasticsearch",
           "writeable": true
         },
         {
-          "name": "nextcloud_aio_redis",
-          "location": "/mnt/redis",
+          "source": "nextcloud_aio_redis",
+          "destination": "/mnt/redis",
           "writeable": true
         }
       ],
       "secrets": [
         "BORGBACKUP_PASSWORD"
       ],
-      "maxShutdownTime": 10,
-      "restartPolicy": ""
+      "devices": [
+        "/dev/fuse"
+      ]
     },
     {
-      "identifier": "nextcloud-aio-watchtower",
-      "dependsOn": [],
-      "displayName": "Watchtower",
-      "containerName": "nextcloud/aio-watchtower",
-      "ports": [],
-      "internalPorts": [],
-      "environmentVariables": [
+      "container_name": "nextcloud-aio-watchtower",
+      "image": "nextcloud/aio-watchtower",
+      "environment": [
         "CONTAINER_TO_UPDATE=nextcloud-aio-mastercontainer"
       ],
       "volumes": [
         {
-          "name": "%DOCKER_SOCKET_PATH%",
-          "location": "/var/run/docker.sock",
+          "source": "%DOCKER_SOCKET_PATH%",
+          "destination": "/var/run/docker.sock",
           "writeable": false
         }
-      ],
-      "secrets": [],
-      "maxShutdownTime": 10,
-      "restartPolicy": ""
+      ]
     },
     {
-      "dependsOn": [],
-      "identifier": "nextcloud-aio-domaincheck",
-      "displayName": "Domaincheck",
-      "containerName": "nextcloud/aio-domaincheck",
+      "container_name": "nextcloud-aio-domaincheck",
+      "image": "nextcloud/aio-domaincheck",
       "ports": [
-        "%APACHE_PORT%/tcp"
+        {
+          "ip_binding": "%APACHE_IP_BINDING%",
+          "port_number": "%APACHE_PORT%",
+          "protocol": "tcp"
+        }
       ],
-      "internalPorts": [],
-      "environmentVariables": [
+      "environment": [
         "INSTANCE_ID=%INSTANCE_ID%",
         "APACHE_PORT=%APACHE_PORT%"
       ],
-      "volumes": [],
       "secrets": [
         "INSTANCE_ID"
       ],
-      "maxShutdownTime": 1,
-      "restartPolicy": ""
+      "stop_grace_period": 1
     },
     {
-      "identifier": "nextcloud-aio-clamav",
-      "dependsOn": [],
-      "displayName": "ClamAV",
-      "containerName": "nextcloud/aio-clamav",
-      "ports": [],
-      "internalPorts": [
-        "3310"
-      ],
-      "environmentVariables": [
+      "container_name": "nextcloud-aio-clamav",
+      "display_name": "ClamAV",
+      "image": "nextcloud/aio-clamav",
+      "internal_port": "3310",
+      "environment": [
         "TZ=%TIMEZONE%",
         "CLAMD_STARTUP_TIMEOUT=90"
       ],
       "volumes": [
         {
-          "name": "nextcloud_aio_clamav",
-          "location": "/var/lib/clamav",
+          "source": "nextcloud_aio_clamav",
+          "destination": "/var/lib/clamav",
           "writeable": true
         }
       ],
-      "secrets": [],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
     },
     {
-      "identifier": "nextcloud-aio-onlyoffice",
-      "dependsOn": [],
-      "displayName": "OnlyOffice",
-      "containerName": "nextcloud/aio-onlyoffice",
-      "ports": [],
-      "internalPorts": [
-        "80"
-      ],
-      "environmentVariables": [
+      "container_name": "nextcloud-aio-onlyoffice",
+      "display_name": "OnlyOffice",
+      "image": "nextcloud/aio-onlyoffice",
+      "internal_port": "80",
+      "environment": [
         "TZ=%TIMEZONE%",
         "JWT_ENABLED=true",
         "JWT_HEADER=AuthorizationJwt",
@@ -402,58 +368,44 @@
       ],
       "volumes": [
         {
-          "name": "nextcloud_aio_onlyoffice",
-          "location": "/var/lib/onlyoffice",
+          "source": "nextcloud_aio_onlyoffice",
+          "destination": "/var/lib/onlyoffice",
           "writeable": true
         }
       ],
       "secrets": [
         "ONLYOFFICE_SECRET"
       ],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
     },
     {
-      "identifier": "nextcloud-aio-imaginary",
-      "dependsOn": [],
-      "displayName": "Imaginary",
-      "containerName": "nextcloud/aio-imaginary",
-      "ports": [],
-      "internalPorts": [
-        "9000"
-      ],
-      "environmentVariables": [
+      "container_name": "nextcloud-aio-imaginary",
+      "display_name": "Imaginary",
+      "image": "nextcloud/aio-imaginary",
+      "internal_port": "9000",
+      "environment": [
         "TZ=%TIMEZONE%"
       ],
-      "volumes": [],
-      "secrets": [],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
     },
     {
-      "identifier": "nextcloud-aio-fulltextsearch",
-      "dependsOn": [],
-      "displayName": "Fulltextsearch",
-      "containerName": "nextcloud/aio-fulltextsearch",
-      "ports": [],
-      "internalPorts": [
-        "9200"
-      ],
-      "environmentVariables": [
+      "container_name": "nextcloud-aio-fulltextsearch",
+      "display_name": "Fulltextsearch",
+      "image": "nextcloud/aio-fulltextsearch",
+      "internal_port": "9200",
+      "environment": [
         "TZ=%TIMEZONE%",
         "discovery.type=single-node",
         "ES_JAVA_OPTS=-Xms1024M -Xmx1024M"
       ],
       "volumes": [
         {
-          "name": "nextcloud_aio_elasticsearch",
-          "location": "/usr/share/elasticsearch/data",
+          "source": "nextcloud_aio_elasticsearch",
+          "destination": "/usr/share/elasticsearch/data",
           "writeable": true
         }
       ],
-      "secrets": [],
-      "maxShutdownTime": 10,
-      "restartPolicy": "unless-stopped"
+      "restart": "unless-stopped"
     }
   ]
 }

php/psalm-baseline.xml

@@ -1,57 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.2.0@fb685a16df3050d4c18d8a4100fe83abe6458cba">
-  <file src="public/index.php">
-    <MissingClosureParamType occurrences="10">
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$request</code>
-      <code>$request</code>
-      <code>$request</code>
-      <code>$response</code>
-      <code>$response</code>
-      <code>$response</code>
-    </MissingClosureParamType>
-  </file>
-  <file src="src/Controller/ConfigurationController.php">
-    <MissingParamType occurrences="1">
-      <code>$args</code>
-    </MissingParamType>
-  </file>
-  <file src="src/Controller/DockerController.php">
-    <MissingParamType occurrences="8">
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-    </MissingParamType>
-  </file>
-  <file src="src/Controller/LoginController.php">
-    <MissingParamType occurrences="3">
-      <code>$args</code>
-      <code>$args</code>
-      <code>$args</code>
-    </MissingParamType>
-  </file>
-  <file src="src/Docker/DockerActionManager.php">
-    <InvalidReturnType occurrences="1">
-      <code>IContainerState</code>
-    </InvalidReturnType>
-    <InvalidScalarArgument occurrences="1">
-      <code>$internalPort</code>
-    </InvalidScalarArgument>
-    <RedundantCondition occurrences="1">
-      <code>$container-&gt;GetInternalPorts() !== null</code>
-    </RedundantCondition>
-  </file>
-  <file src="src/Twig/ClassExtension.php">
-    <MissingParamType occurrences="1">
-      <code>$object</code>
-    </MissingParamType>
-  </file>
-</files>
+<files psalm-version="5.4.0@62db5d4f6a7ae0a20f7cc5a4952d730272fc0863"/>

php/public/index.php

@@ -12,6 +12,8 @@ use Slim\Csrf\Guard;
 use Slim\Factory\AppFactory;
 use Slim\Views\Twig;
 use Slim\Views\TwigMiddleware;
+use Psr\Http\Message\ResponseInterface as Response;
+use Psr\Http\Message\ServerRequestInterface as Request;
 
 require __DIR__ . '/../vendor/autoload.php';
 
@@ -55,6 +57,7 @@ $app->get('/api/docker/getwatchtower', AIO\Controller\DockerController::class .
 $app->post('/api/docker/start', AIO\Controller\DockerController::class . ':StartContainer');
 $app->post('/api/docker/backup', AIO\Controller\DockerController::class . ':StartBackupContainerBackup');
 $app->post('/api/docker/backup-check', AIO\Controller\DockerController::class . ':StartBackupContainerCheck');
+$app->post('/api/docker/backup-check-repair', AIO\Controller\DockerController::class . ':StartBackupContainerCheckRepair');
 $app->post('/api/docker/backup-test', AIO\Controller\DockerController::class . ':StartBackupContainerTest');
 $app->post('/api/docker/restore', AIO\Controller\DockerController::class . ':StartBackupContainerRestore');
 $app->post('/api/docker/stop', AIO\Controller\DockerController::class . ':StopContainer');
@@ -65,7 +68,7 @@ $app->post('/api/auth/logout', AIO\Controller\LoginController::class . ':Logout'
 $app->post('/api/configuration', \AIO\Controller\ConfigurationController::class . ':SetConfig');
 
 // Views
-$app->get('/containers', function ($request, $response, $args) use ($container) {
+$app->get('/containers', function (Request $request, Response $response, array $args) use ($container) {
     $view = Twig::fromRequest($request);
     /** @var \AIO\Data\ConfigurationManager $configurationManager */
     $configurationManager = $container->get(\AIO\Data\ConfigurationManager::class);
@@ -77,9 +80,9 @@ $app->get('/containers', function ($request, $response, $args) use ($container)
     return $view->render($response, 'containers.twig', [
         'domain' => $configurationManager->GetDomain(),
         'borg_backup_host_location' => $configurationManager->GetBorgBackupHostLocation(),
-        'nextcloud_password' => $configurationManager->GetSecret('NEXTCLOUD_PASSWORD'),
+        'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'),
         'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(),
-        'borgbackup_password' => $configurationManager->GetSecret('BORGBACKUP_PASSWORD'),
+        'borgbackup_password' => $configurationManager->GetAndGenerateSecret('BORGBACKUP_PASSWORD'),
         'is_mastercontainer_update_available' => $dockerActionManger->IsMastercontainerUpdateAvailable(),
         'has_backup_run_once' => $configurationManager->hasBackupRunOnce(),
         'is_backup_container_running' => $dockerActionManger->isBackupContainerRunning(),
@@ -110,7 +113,7 @@ $app->get('/containers', function ($request, $response, $args) use ($container)
         'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(),
     ]);
 })->setName('profile');
-$app->get('/login', function ($request, $response, $args) use ($container) {
+$app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
     $view = Twig::fromRequest($request);
     /** @var \AIO\Docker\DockerActionManager $dockerActionManger */
     $dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
@@ -118,7 +121,7 @@ $app->get('/login', function ($request, $response, $args) use ($container) {
         'is_login_allowed' => $dockerActionManger->isLoginAllowed(),
     ]);
 });
-$app->get('/setup', function ($request, $response, $args) use ($container) {
+$app->get('/setup', function (Request $request, Response $response, array $args) use ($container) {
     $view = Twig::fromRequest($request);
     /** @var \AIO\Data\Setup $setup */
     $setup = $container->get(\AIO\Data\Setup::class);
@@ -140,7 +143,7 @@ $app->get('/setup', function ($request, $response, $args) use ($container) {
 });
 
 // Auth Redirector
-$app->get('/', function (\Psr\Http\Message\RequestInterface $request, \Psr\Http\Message\ResponseInterface $response, $args) use ($container) {
+$app->get('/', function (\Psr\Http\Message\RequestInterface $request, Response $response, array $args) use ($container) {
     $authManager = $container->get(\AIO\Auth\AuthManager::class);
 
     /** @var \AIO\Data\Setup $setup */

php/src/Container/Container.php

@@ -14,13 +14,15 @@ class Container {
     private string $restartPolicy;
     private int $maxShutdownTime;
     private ContainerPorts $ports;
-    private ContainerInternalPorts $internalPorts;
+    private string $internalPorts;
     private ContainerVolumes $volumes;
     private ContainerEnvironmentVariables $containerEnvironmentVariables;
     /** @var string[] */
     private array $dependsOn;
     /** @var string[] */
     private array $secrets;
+    /** @var string[] */
+    private array $devices;
     private DockerActionManager $dockerActionManager;
 
     public function __construct(
@@ -30,11 +32,12 @@ class Container {
         string $restartPolicy,
         int $maxShutdownTime,
         ContainerPorts $ports,
-        ContainerInternalPorts $internalPorts,
+        string $internalPorts,
         ContainerVolumes $volumes,
         ContainerEnvironmentVariables $containerEnvironmentVariables,
         array $dependsOn,
         array $secrets,
+        array $devices,
         DockerActionManager $dockerActionManager
     ) {
         $this->identifier = $identifier;
@@ -48,6 +51,7 @@ class Container {
         $this->containerEnvironmentVariables = $containerEnvironmentVariables;
         $this->dependsOn = $dependsOn;
         $this->secrets = $secrets;
+        $this->devices = $devices;
         $this->dockerActionManager = $dockerActionManager;
     }
 
@@ -75,11 +79,15 @@ class Container {
         return $this->secrets;
     }
 
+    public function GetDevices() : array {
+        return $this->devices;
+    }
+
     public function GetPorts() : ContainerPorts {
         return $this->ports;
     }
 
-    public function GetInternalPorts() : ContainerInternalPorts {
+    public function GetInternalPort() : string {
         return $this->internalPorts;
     }
 

php/src/Container/ContainerInternalPorts.php

@@ -1,19 +0,0 @@
-<?php
-
-namespace AIO\Container;
-
-class ContainerInternalPorts {
-    /** @var string[] */
-    private array $internalPorts = [];
-
-    public function AddInternalPort(string $internalPort) : void {
-        $this->internalPorts[] = $internalPort;
-    }
-
-    /**
-     * @return string[]
-     */
-    public function GetInternalPorts() : array {
-        return $this->internalPorts;
-    }
-}

php/src/Container/ContainerPort.php

@@ -0,0 +1,19 @@
+<?php
+
+namespace AIO\Container;
+
+class ContainerPort {
+    public string $port;
+    public string $ipBinding;
+    public string $protocol;
+
+    public function __construct(
+        string $port,
+        string $ipBinding,
+        string $protocol
+    ) {
+        $this->port = $port;
+        $this->ipBinding = $ipBinding;
+        $this->protocol = $protocol;
+    }
+}

php/src/Container/ContainerPorts.php

@@ -3,17 +3,17 @@
 namespace AIO\Container;
 
 class ContainerPorts {
-    /** @var string[] */
+    /** @var ContainerPort[] */
     private array $ports = [];
 
-    public function AddPort(string $port) : void {
+    public function AddPort(ContainerPort $port) : void {
         $this->ports[] = $port;
     }
 
     /**
-     * @return string[]
+     * @return ContainerPort[]
      */
     public function GetPorts() : array {
         return $this->ports;
     }
-}
+}

php/src/ContainerDefinitionFetcher.php

@@ -4,8 +4,8 @@ namespace AIO;
 
 use AIO\Container\Container;
 use AIO\Container\ContainerEnvironmentVariables;
+use AIO\Container\ContainerPort;
 use AIO\Container\ContainerPorts;
-use AIO\Container\ContainerInternalPorts;
 use AIO\Container\ContainerVolume;
 use AIO\Container\ContainerVolumes;
 use AIO\Container\State\RunningState;
@@ -48,146 +48,184 @@ class ContainerDefinitionFetcher
         $data = json_decode(file_get_contents(__DIR__ . '/../containers.json'), true);
 
         $containers = [];
-        foreach ($data['production'] as $entry) {
-            if ($entry['identifier'] === 'nextcloud-aio-clamav') {
+        foreach ($data['aio_services_v1'] as $entry) {
+            if ($entry['container_name'] === 'nextcloud-aio-clamav') {
                 if (!$this->configurationManager->isClamavEnabled()) {
                     continue;
                 }
-            } elseif ($entry['identifier'] === 'nextcloud-aio-onlyoffice') {
+            } elseif ($entry['container_name'] === 'nextcloud-aio-onlyoffice') {
                 if (!$this->configurationManager->isOnlyofficeEnabled()) {
                     continue;
                 }
-            } elseif ($entry['identifier'] === 'nextcloud-aio-collabora') {
+            } elseif ($entry['container_name'] === 'nextcloud-aio-collabora') {
                 if (!$this->configurationManager->isCollaboraEnabled()) {
                     continue;
                 }
-            } elseif ($entry['identifier'] === 'nextcloud-aio-talk') {
+            } elseif ($entry['container_name'] === 'nextcloud-aio-talk') {
                 if (!$this->configurationManager->isTalkEnabled()) {
                     continue;
                 }
-            } elseif ($entry['identifier'] === 'nextcloud-aio-imaginary') {
+            } elseif ($entry['container_name'] === 'nextcloud-aio-imaginary') {
                 if (!$this->configurationManager->isImaginaryEnabled()) {
                     continue;
                 }
-            } elseif ($entry['identifier'] === 'nextcloud-aio-fulltextsearch') {
+            } elseif ($entry['container_name'] === 'nextcloud-aio-fulltextsearch') {
                 if (!$this->configurationManager->isFulltextsearchEnabled()) {
                     continue;
                 }
             }
 
             $ports = new ContainerPorts();
-            foreach ($entry['ports'] as $port) {
-                if($port === '%APACHE_PORT%/tcp') {
-                    $port = $this->configurationManager->GetApachePort() . '/tcp';
-                } elseif($port === '%TALK_PORT%/tcp') {
-                    $port = $this->configurationManager->GetTalkPort() . '/tcp';
-                } elseif($port === '%TALK_PORT%/udp') {
-                    $port = $this->configurationManager->GetTalkPort() . '/udp';
-                }
-                $ports->AddPort($port);
-            }
+            if (isset($entry['ports'])) {
+                foreach ($entry['ports'] as $value) {
+                    if ($value['port_number'] === '%APACHE_PORT%') {
+                        $value['port_number'] = $this->configurationManager->GetApachePort();
+                    } elseif ($value['port_number'] === '%TALK_PORT%') {
+                        $value['port_number'] = $this->configurationManager->GetTalkPort();
+                    }
 
-            $internalPorts = new ContainerInternalPorts();
-            foreach ($entry['internalPorts'] as $internalPort) {
-                if($internalPort === '%APACHE_PORT%') {
-                    $internalPort = $this->configurationManager->GetApachePort();
-                } elseif($internalPort === '%TALK_PORT%') {
-                    $internalPort = $this->configurationManager->GetTalkPort();
+                    if ($value['ip_binding'] === '%APACHE_IP_BINDING%') {
+                        $value['ip_binding'] = $this->configurationManager->GetApacheIPBinding();
+                    }
+                    
+                    $ports->AddPort(
+                        new ContainerPort(
+                            $value['port_number'],
+                            $value['ip_binding'],
+                            $value['protocol']
+                        )
+                    );
                 }
-                $internalPorts->AddInternalPort($internalPort);
             }
 
             $volumes = new ContainerVolumes();
-            foreach ($entry['volumes'] as $value) {
-                if($value['name'] === '%BORGBACKUP_HOST_LOCATION%') {
-                    $value['name'] = $this->configurationManager->GetBorgBackupHostLocation();
-                    if($value['name'] === '') {
-                        continue;
+            if (isset($entry['volumes'])) {
+                foreach ($entry['volumes'] as $value) {
+                    if($value['source'] === '%BORGBACKUP_HOST_LOCATION%') {
+                        $value['source'] = $this->configurationManager->GetBorgBackupHostLocation();
+                        if($value['source'] === '') {
+                            continue;
+                        }
                     }
+                    if($value['source'] === '%NEXTCLOUD_MOUNT%') {
+                        $value['source'] = $this->configurationManager->GetNextcloudMount();
+                        if($value['source'] === '') {
+                            continue;
+                        }
+                    } elseif ($value['source'] === '%NEXTCLOUD_DATADIR%') {
+                        $value['source'] = $this->configurationManager->GetNextcloudDatadirMount();
+                        if ($value['source'] === '') {
+                            continue;
+                        }
+                    } elseif ($value['source'] === '%DOCKER_SOCKET_PATH%') {
+                        $value['source'] = $this->configurationManager->GetDockerSocketPath();
+                        if($value['source'] === '') {
+                            continue;
+                        }
+                    } elseif ($value['source'] === '%NEXTCLOUD_TRUSTED_CACERTS_DIR%') {
+                        $value['source'] = $this->configurationManager->GetTrustedCacertsDir();
+                        if($value['source'] === '') {
+                            continue;
+                        }
+                    }
+                    if ($value['destination'] === '%NEXTCLOUD_MOUNT%') {
+                        $value['destination'] = $this->configurationManager->GetNextcloudMount();
+                        if($value['destination'] === '') {
+                            continue;
+                        }
+                    }
+                    $volumes->AddVolume(
+                        new ContainerVolume(
+                            $value['source'],
+                            $value['destination'],
+                            $value['writeable']
+                        )
+                    );
                 }
-                if($value['name'] === '%NEXTCLOUD_MOUNT%') {
-                    $value['name'] = $this->configurationManager->GetNextcloudMount();
-                    if($value['name'] === '') {
-                        continue;
-                    }
-                } elseif ($value['name'] === '%NEXTCLOUD_DATADIR%') {
-                    $value['name'] = $this->configurationManager->GetNextcloudDatadirMount();
-                    if ($value['name'] === '') {
-                        continue;
-                    }
-                } elseif ($value['name'] === '%DOCKER_SOCKET_PATH%') {
-                    $value['name'] = $this->configurationManager->GetDockerSocketPath();
-                    if($value['name'] === '') {
-                        continue;
-                    }
-                } elseif ($value['name'] === '%NEXTCLOUD_TRUSTED_CACERTS_DIR%') {
-                    $value['name'] = $this->configurationManager->GetTrustedCacertsDir();
-                    if($value['name'] === '') {
-                        continue;
-                    }
-                }
-                if ($value['location'] === '%NEXTCLOUD_MOUNT%') {
-                    $value['location'] = $this->configurationManager->GetNextcloudMount();
-                    if($value['location'] === '') {
-                        continue;
-                    }
-                }
-                $volumes->AddVolume(
-                    new ContainerVolume(
-                        $value['name'],
-                        $value['location'],
-                        $value['writeable']
-                    )
-                );
             }
 
             $dependsOn = [];
-            foreach ($entry['dependsOn'] as $value) {
-                if ($value === 'nextcloud-aio-clamav') {
-                    if (!$this->configurationManager->isClamavEnabled()) {
-                        continue;
-                    }
-                } elseif ($value === 'nextcloud-aio-onlyoffice') {
-                    if (!$this->configurationManager->isOnlyofficeEnabled()) {
-                        continue;
-                    }
-                } elseif ($value === 'nextcloud-aio-collabora') {
-                    if (!$this->configurationManager->isCollaboraEnabled()) {
-                        continue;
-                    }
-                } elseif ($value === 'nextcloud-aio-talk') {
-                    if (!$this->configurationManager->isTalkEnabled()) {
-                        continue;
-                    }
-                } elseif ($value === 'nextcloud-aio-imaginary') {
-                    if (!$this->configurationManager->isImaginaryEnabled()) {
-                        continue;
-                    }
-                } elseif ($value === 'nextcloud-aio-fulltextsearch') {
-                    if (!$this->configurationManager->isFulltextsearchEnabled()) {
-                        continue;
+            if (isset($entry['depends_on'])) {
+                foreach ($entry['depends_on'] as $value) {
+                    if ($value === 'nextcloud-aio-clamav') {
+                        if (!$this->configurationManager->isClamavEnabled()) {
+                            continue;
+                        }
+                    } elseif ($value === 'nextcloud-aio-onlyoffice') {
+                        if (!$this->configurationManager->isOnlyofficeEnabled()) {
+                            continue;
+                        }
+                    } elseif ($value === 'nextcloud-aio-collabora') {
+                        if (!$this->configurationManager->isCollaboraEnabled()) {
+                            continue;
+                        }
+                    } elseif ($value === 'nextcloud-aio-talk') {
+                        if (!$this->configurationManager->isTalkEnabled()) {
+                            continue;
+                        }
+                    } elseif ($value === 'nextcloud-aio-imaginary') {
+                        if (!$this->configurationManager->isImaginaryEnabled()) {
+                            continue;
+                        }
+                    } elseif ($value === 'nextcloud-aio-fulltextsearch') {
+                        if (!$this->configurationManager->isFulltextsearchEnabled()) {
+                            continue;
+                        }
                     }
+                    $dependsOn[] = $value;
                 }
-                $dependsOn[] = $value;
             }
             
             $variables = new ContainerEnvironmentVariables();
-            foreach ($entry['environmentVariables'] as $value) {
-                $variables->AddVariable($value);
+            if (isset($entry['environment'])) {
+                foreach ($entry['environment'] as $value) {
+                    $variables->AddVariable($value);
+                }
+            }
+
+            $displayName = '';
+            if (isset($entry['display_name'])) {
+                $displayName = $entry['display_name'];
+            }
+
+            $restartPolicy = '';
+            if (isset($entry['restart'])) {
+                $restartPolicy = $entry['restart'];
+            }
+
+            $maxShutdownTime = 10;
+            if (isset($entry['stop_grace_period'])) {
+                $maxShutdownTime = $entry['stop_grace_period'];
+            }
+
+            $internalPort = '';
+            if (isset($entry['internal_port'])) {
+                $internalPort = $entry['internal_port'];
+            }
+
+            $secrets = [];
+            if (isset($entry['secrets'])) {
+                $secrets = $entry['secrets'];
+            }
+
+            $devices = [];
+            if (isset($entry['devices'])) {
+                $devices = $entry['devices'];
             }
 
             $containers[] = new Container(
-                $entry['identifier'],
-                $entry['displayName'],
-                $entry['containerName'],
-                $entry['restartPolicy'],
-                $entry['maxShutdownTime'],
+                $entry['container_name'],
+                $displayName,
+                $entry['image'],
+                $restartPolicy,
+                $maxShutdownTime,
                 $ports,
-                $internalPorts,
+                $internalPort,
                 $volumes,
                 $variables,
                 $dependsOn,
-                $entry['secrets'],
+                $secrets,
+                $devices,
                 $this->container->get(DockerActionManager::class)
             );
         }

php/src/Controller/ConfigurationController.php

@@ -19,7 +19,7 @@ class ConfigurationController
         $this->configurationManager = $configurationManager;
     }
 
-    public function SetConfig(Request $request, Response $response, $args) : Response {
+    public function SetConfig(Request $request, Response $response, array $args) : Response {
         try {
             if (isset($request->getParsedBody()['domain'])) {
                 $domain = $request->getParsedBody()['domain'] ?? '';

php/src/Controller/DockerController.php

@@ -49,7 +49,7 @@ class DockerController
         $this->dockerActionManager->ConnectContainerToNetwork($container);
     }
 
-    public function GetLogs(Request $request, Response $response, $args) : Response
+    public function GetLogs(Request $request, Response $response, array $args) : Response
     {
         $id = $request->getQueryParams()['id'];
         if (str_starts_with($id, 'nextcloud-aio-')) {
@@ -67,7 +67,7 @@ class DockerController
             ->withHeader('Content-Disposition', 'inline');
     }
 
-    public function StartBackupContainerBackup(Request $request, Response $response, $args) : Response {
+    public function StartBackupContainerBackup(Request $request, Response $response, array $args) : Response {
         $this->startBackup();
         return $response->withStatus(201)->withHeader('Location', '/');
     }
@@ -84,7 +84,7 @@ class DockerController
         $this->PerformRecursiveContainerStart($id);
     }
 
-    public function StartBackupContainerCheck(Request $request, Response $response, $args) : Response {
+    public function StartBackupContainerCheck(Request $request, Response $response, array $args) : Response {
         $this->checkBackup();
         return $response->withStatus(201)->withHeader('Location', '/');
     }
@@ -98,7 +98,7 @@ class DockerController
         $this->PerformRecursiveContainerStart($id);
     }
 
-    public function StartBackupContainerRestore(Request $request, Response $response, $args) : Response {
+    public function StartBackupContainerRestore(Request $request, Response $response, array $args) : Response {
         $config = $this->configurationManager->GetConfig();
         $config['backup-mode'] = 'restore';
         $config['selected-restore-time'] = $request->getParsedBody()['selected_restore_time'] ?? '';
@@ -113,7 +113,23 @@ class DockerController
         return $response->withStatus(201)->withHeader('Location', '/');
     }
 
-    public function StartBackupContainerTest(Request $request, Response $response, $args) : Response {
+    public function StartBackupContainerCheckRepair(Request $request, Response $response, array $args) : Response {
+        $config = $this->configurationManager->GetConfig();
+        $config['backup-mode'] = 'check-repair';
+        $this->configurationManager->WriteConfig($config);
+
+        $id = 'nextcloud-aio-borgbackup';
+        $this->PerformRecursiveContainerStart($id);
+
+        // Restore to backup check which is needed to make the UI logic work correctly
+        $config = $this->configurationManager->GetConfig();
+        $config['backup-mode'] = 'check';
+        $this->configurationManager->WriteConfig($config);
+
+        return $response->withStatus(201)->withHeader('Location', '/');
+    }
+
+    public function StartBackupContainerTest(Request $request, Response $response, array $args) : Response {
         $config = $this->configurationManager->GetConfig();
         $config['backup-mode'] = 'test';
         $config['instance_restore_attempt'] = 0;
@@ -128,7 +144,7 @@ class DockerController
         return $response->withStatus(201)->withHeader('Location', '/');
     }
 
-    public function StartContainer(Request $request, Response $response, $args) : Response
+    public function StartContainer(Request $request, Response $response, array $args) : Response
     {
         $uri = $request->getUri();
         $host = $uri->getHost();
@@ -165,7 +181,7 @@ class DockerController
         $this->PerformRecursiveContainerStart($id, $pullContainer);
     }
 
-    public function StartWatchtowerContainer(Request $request, Response $response, $args) : Response {
+    public function StartWatchtowerContainer(Request $request, Response $response, array $args) : Response {
         $this->startWatchtower();
         return $response->withStatus(201)->withHeader('Location', '/');
     }
@@ -188,7 +204,7 @@ class DockerController
         $this->dockerActionManager->StopContainer($container);
     }
 
-    public function StopContainer(Request $request, Response $response, $args) : Response
+    public function StopContainer(Request $request, Response $response, array $args) : Response
     {
         $id = self::TOP_CONTAINER;
         $this->PerformRecursiveContainerStop($id);

php/src/Controller/LoginController.php

@@ -19,7 +19,7 @@ class LoginController
         $this->dockerActionManager = $dockerActionManager;
     }
 
-    public function TryLogin(Request $request, Response $response, $args) : Response {
+    public function TryLogin(Request $request, Response $response, array $args) : Response {
         if (!$this->dockerActionManager->isLoginAllowed()) {
             return $response->withHeader('Location', '/')->withStatus(302);
         }
@@ -32,7 +32,7 @@ class LoginController
         return $response->withHeader('Location', '/')->withStatus(302);
     }
 
-    public function GetTryLogin(Request $request, Response $response, $args) : Response {
+    public function GetTryLogin(Request $request, Response $response, array $args) : Response {
         $token = $request->getQueryParams()['token'] ?? '';
         if($this->authManager->CheckToken($token)) {
             $this->authManager->SetAuthState(true);
@@ -42,7 +42,7 @@ class LoginController
         return $response->withHeader('Location', '/')->withStatus(302);
     }
 
-    public function Logout(Request $request, Response $response, $args) : Response
+    public function Logout(Request $request, Response $response, array $args) : Response
     {
         $this->authManager->SetAuthState(false);
         return $response

php/src/Data/ConfigurationManager.php

@@ -32,7 +32,7 @@ class ConfigurationManager
         $this->WriteConfig($config);
     }
 
-    public function GetSecret(string $secretId) : string {
+    public function GetAndGenerateSecret(string $secretId) : string {
         $config = $this->GetConfig();
         if(!isset($config['secrets'][$secretId])) {
             $config['secrets'][$secretId] = bin2hex(random_bytes(24));
@@ -46,6 +46,15 @@ class ConfigurationManager
         return $config['secrets'][$secretId];
     }
 
+    public function GetSecret(string $secretId) : string {
+        $config = $this->GetConfig();
+        if(!isset($config['secrets'][$secretId])) {
+            $config['secrets'][$secretId] = "";
+        }
+
+        return $config['secrets'][$secretId];
+    }
+
     private function DoubleSafeBackupSecret(string $borgBackupPassword) : void {
         file_put_contents(DataConst::GetBackupSecretFile(), $borgBackupPassword);
     }
@@ -269,7 +278,7 @@ class ConfigurationManager
             }
 
             // Get Instance ID
-            $instanceID = $this->GetSecret('INSTANCE_ID');
+            $instanceID = $this->GetAndGenerateSecret('INSTANCE_ID');
 
             // set protocol
             if ($port !== '443') {
@@ -726,7 +735,7 @@ class ConfigurationManager
         if (is_string($apps)) {
             return trim($apps);
         }
-        return 'deck tasks calendar contacts';
+        return 'deck twofactor_totp tasks calendar contacts';
     }
 
     public function GetCollaboraDictionaries() : string {
@@ -782,4 +791,19 @@ class ConfigurationManager
             return true;
         }
     }
+
+    private function GetEnabledDriDevice() : string {
+        $envVariableName = 'NEXTCLOUD_ENABLE_DRI_DEVICE';
+        $configName = 'nextcloud_enable_dri_device';
+        $defaultValue = '';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
+    public function isDriDeviceEnabled() : bool {
+        if ($this->GetEnabledDriDevice() === 'true') {
+            return true;
+        } else {
+            return false;
+        }
+    }
 }

php/src/Docker/DockerActionManager.php

@@ -124,15 +124,20 @@ class DockerActionManager
         }
 
         $containerName = $container->GetIdentifier();
-        if ($container->GetInternalPorts() !== null) {
-            foreach($container->GetInternalPorts()->GetInternalPorts() as $internalPort) {
-                $connection = @fsockopen($containerName, $internalPort, $errno, $errstr, 0.1);
-                if ($connection) {
-                    fclose($connection);
-                    return new RunningState();
-                } else {
-                    return new StartingState();
-                }
+        $internalPort = $container->GetInternalPort();
+        if($internalPort === '%APACHE_PORT%') {
+            $internalPort = $this->configurationManager->GetApachePort();
+        } elseif($internalPort === '%TALK_PORT%') {
+            $internalPort = $this->configurationManager->GetTalkPort();
+        }
+        
+        if ($internalPort !== "" && $internalPort !== 'host') {
+            $connection = @fsockopen($containerName, (int)$internalPort, $errno, $errstr, 0.1);
+            if ($connection) {
+                fclose($connection);
+                return new RunningState();
+            } else {
+                return new StartingState();
             }
         } else {
             return new RunningState();
@@ -217,11 +222,6 @@ class DockerActionManager
             $volumes[] = $volumeEntry;
         }
 
-        $exposedPorts = [];
-        foreach($container->GetPorts()->GetPorts() as $port) {
-            $exposedPorts[$port] = null;
-        }
-
         $requestBody = [
             'Image' => $this->BuildImageName($container),
         ];
@@ -230,10 +230,22 @@ class DockerActionManager
             $requestBody['HostConfig']['Binds'] = $volumes;
         }
 
+        foreach($container->GetSecrets() as $secret) {
+            $this->configurationManager->GetAndGenerateSecret($secret);
+        }
+
         $envs = $container->GetEnvironmentVariables()->GetVariables();
         foreach($envs as $key => $env) {
-            $patterns = ['/%(.*)%/'];
+            // TODO: This whole block below is a hack and needs to get reworked in order to support multiple substitutions per line by default for all envs
+            if (str_starts_with($env, 'extra_params=')) {
+                $env = str_replace('%COLLABORA_SECCOMP_POLICY%', $this->configurationManager->GetCollaboraSeccompPolicy(), $env);
+                $env = str_replace('%NC_DOMAIN%', $this->configurationManager->GetDomain(), $env);
+                $envs[$key] = $env;
+                continue;
+            }
 
+            // Original implementation
+            $patterns = ['/%(.*)%/'];
 
             if(preg_match($patterns[0], $env, $out) === 1) {
                 $replacements = array();
@@ -337,7 +349,11 @@ class DockerActionManager
                 } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
                     $replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
                 } else {
-                    $replacements[1] = $this->configurationManager->GetSecret($out[1]);
+                    $secret = $this->configurationManager->GetSecret($out[1]);
+                    if ($secret === "") {
+                        throw new \Exception("The secret " . $out[1] . " is empty. Cannot substitute its value. Pleas check if it is defined in secrets of containers.json.");
+                    }
+                    $replacements[1] = $secret;
                 }
 
                 $envs[$key] = preg_replace($patterns, $replacements, $env);
@@ -349,32 +365,48 @@ class DockerActionManager
         }
 
         $requestBody['HostConfig']['RestartPolicy']['Name'] = $container->GetRestartPolicy();
+ 
+        $exposedPorts = [];
+        if ($container->GetInternalPort() !== 'host') {
+            foreach($container->GetPorts()->GetPorts() as $value) {
+                $portWithProtocol = $value->port . '/' . $value->protocol;
+                $exposedPorts[$portWithProtocol] = null;
+            }
+        } else {
+            $requestBody['HostConfig']['NetworkMode'] = 'host';
+        }
 
         if(count($exposedPorts) > 0) {
             $requestBody['ExposedPorts'] = $exposedPorts;
-            foreach ($container->GetPorts()->GetPorts() as $port) {
-                $portNumber = explode("/", $port);
-                if ($this->configurationManager->GetApachePort() === $portNumber[0] && $this->configurationManager->GetApacheIPBinding() !== '') {
-                    $requestBody['HostConfig']['PortBindings'][$port] = [
-                        [
-                        'HostPort' => $portNumber[0],
-                        'HostIp' => $this->configurationManager->GetApacheIPBinding(),
-                        ]
-                    ];
-                } else {
-                    $requestBody['HostConfig']['PortBindings'][$port] = [
-                        [
-                        'HostPort' => $portNumber[0],
-                        ]
-                    ];
-                }
+            foreach ($container->GetPorts()->GetPorts() as $value) {
+                $port = $value->port;
+                $ipBinding = $value->ipBinding;
+                $protocol = $value->protocol;
+                $portWithProtocol = $port . '/' . $protocol;
+                $requestBody['HostConfig']['PortBindings'][$portWithProtocol] = [
+                    [
+                    'HostPort' => $port,
+                    'HostIp' => $ipBinding,
+                    ]
+                ];
             }
         }
 
+        $devices = [];
+        foreach($container->GetDevices() as $device) {
+            if ($device === '/dev/dri' && ! $this->configurationManager->isDriDeviceEnabled()) {
+                continue;
+            }
+            $devices[] = ["PathOnHost" => $device, "PathInContainer" => $device, "CgroupPermissions" => "rwm"];
+        }
+
+        if (count($devices) > 0) {
+            $requestBody['HostConfig']['Devices'] = $devices;
+        }
+
         // Special things for the backup container which should not be exposed in the containers.json
         if ($container->GetIdentifier() === 'nextcloud-aio-borgbackup') {
             $requestBody['HostConfig']['CapAdd'] = ["SYS_ADMIN"];
-            $requestBody['HostConfig']['Devices'] = [["PathOnHost" => "/dev/fuse", "PathInContainer" => "/dev/fuse", "CgroupPermissions" => "rwm"]];
             $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
             
             // Additional backup directories
@@ -391,6 +423,10 @@ class DockerActionManager
             if(count($mounts) > 0) {
                 $requestBody['HostConfig']['Mounts'] = $mounts;
             }
+        // Special things for the talk container which should not be exposed in the containers.json
+        } elseif ($container->GetIdentifier() === 'nextcloud-aio-talk') {
+            // This is needed due to a bug in libwebsockets which cannot handle unlimited ulimits
+            $requestBody['HostConfig']['Ulimits'] = [["Name" => "nofile", "Hard" => 200000, "Soft" => 200000]];
         }
 
         $url = $this->BuildApiUrl('containers/create?name=' . $container->GetIdentifier());
@@ -568,7 +604,6 @@ class DockerActionManager
                 true
             );
 
-            // get the id from the response
             $id = $response['Id'];
 
             // start the exec
@@ -608,8 +643,13 @@ class DockerActionManager
         }
     }
 
-    private function ConnectContainerIdToNetwork(string $id) : void
+    private function ConnectContainerIdToNetwork(string $id, string $internalPort) : void
     {
+        if ($internalPort === 'host') {
+            return;
+        }
+
+        $network = 'nextcloud-aio';
         $url = $this->BuildApiUrl('networks/create');
         try {
             $this->guzzleClient->request(
@@ -635,7 +675,7 @@ class DockerActionManager
         }
 
         $url = $this->BuildApiUrl(
-            sprintf('networks/%s/connect', 'nextcloud-aio')
+            sprintf('networks/%s/connect', $network)
         );
         try {
             $this->guzzleClient->request(
@@ -657,12 +697,12 @@ class DockerActionManager
 
     public function ConnectMasterContainerToNetwork() : void
     {
-        $this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer');
+        $this->ConnectContainerIdToNetwork('nextcloud-aio-mastercontainer', '');
     }
 
     public function ConnectContainerToNetwork(Container $container) : void
     {
-      $this->ConnectContainerIdToNetwork($container->GetIdentifier());
+      $this->ConnectContainerIdToNetwork($container->GetIdentifier(), $container->GetInternalPort());
     }
 
     public function StopContainer(Container $container) : void {

php/src/Twig/ClassExtension.php

@@ -14,7 +14,7 @@ class ClassExtension extends TwigExtension
         );
     }
 
-    public function getClassName($object) : ?string
+    public function getClassName(mixed $object) : ?string
     {
         if (!is_object($object)) {
             return null;

php/templates/containers.twig

@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.0.0</h1>
+        <h1>Nextcloud AIO v4.1.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>
@@ -38,10 +38,10 @@
         {% endif %}
 
         {% for container in containers %}
-            {% if container.GetIdentifier() not in ['nextcloud-aio-domaincheck', 'nextcloud-aio-borgbackup', 'nextcloud-aio-watchtower'] and class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
+            {% if container.GetDisplayName() != '' and class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
                 {% set isAnyRunning = true %}
             {% endif %}
-            {% if container.GetIdentifier() not in ['nextcloud-aio-domaincheck', 'nextcloud-aio-borgbackup', 'nextcloud-aio-watchtower'] and class(container.GetRestartingState()) == 'AIO\\Container\\State\\RestartingState' %}
+            {% if container.GetDisplayName() != '' and class(container.GetRestartingState()) == 'AIO\\Container\\State\\RestartingState' %}
                 {% set isAnyRestarting = true %}
             {% endif %}
             {% if container.GetIdentifier() == 'nextcloud-aio-watchtower' and class(container.GetRunningState()) == 'AIO\\Container\\State\\RunningState' %}
@@ -111,7 +111,16 @@
                                     {% if borg_backup_mode == 'test' %}
                                         Please adjust the path and/or the password in order to make it work!<br><br>
                                     {% elseif borg_backup_mode == 'check' %}
-                                        The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><b>this documentation</b></a>
+                                        The backup archive seems to be corrupt. Please try to use a different intact backup archive or try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><b>this documentation</b></a><br><br>
+                                        <details>
+                                            <summary>Reveal repair option</summary><br />
+                                            Below is the option to repair the integrity of your backup. <b>Please note:</b> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)<br><br>
+                                            <form method="POST" action="/api/docker/backup-check-repair" class="xhr">
+                                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                                <input class="button" type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/><br/>
+                                            </form>
+                                        </details><br /><br />
                                     {% endif %}
                                 {% elseif backup_exit_code == 0 %}
                                     <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
@@ -219,7 +228,7 @@
                     <ul>
                         {# @var containers \AIO\Container\Container[] #}
                         {% for container in containers %}
-                            {% if container.GetIdentifier() not in ['nextcloud-aio-borgbackup', 'nextcloud-aio-watchtower', 'nextcloud-aio-domaincheck'] %}
+                            {% if container.GetDisplayName() != '' %}
                                 <li>
                                     {% if class(container.GetStartingState()) == 'AIO\\Container\\State\\StartingState' %}
                                         <span class="status running"></span>
@@ -329,7 +338,16 @@
                                 {% if backup_exit_code > 0 %}
                                     <span class="status error"></span> Last {{ borg_backup_mode }} failed! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
                                     {% if borg_backup_mode == "check" %}
-                                        The backup archive seems to be corrupt. You can try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><b>this documentation</b></a><br /><br />
+                                        The backup check was not successful which might points towards a corrupt archive (look at the logs). If that should be the case, you can try to fix it by following <a href="https://borgbackup.readthedocs.io/en/stable/faq.html#i-get-an-integrityerror-or-similar-what-now"><b>this documentation</b></a><br /><br />
+                                        <details>
+                                            <summary>Reveal repair option</summary><br />
+                                            Below is the option to repair the integrity of your backup. <b>Please note:</b> Please only use this after you have read the documentation above! (It will run the command 'borg check --repair' for you.)<br><br>
+                                            <form method="POST" action="/api/docker/backup-check-repair" class="xhr">
+                                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                                <input class="button" type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/><br/>
+                                            </form>
+                                        </details><br /><br />
                                     {% endif %}
                                     {% if has_backup_run_once == false %}
                                         You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on 'Create Backup' for testing the new value.<br /><br />

readme.md

@@ -431,7 +431,24 @@ You can configure the Nextcloud container to use a specific directory on your ho
     -o type="none" ^
     -o o="bind"
     ```
-    (The value `/host_mnt/c/your/data/path` in this example would be equivalent to `C:\your\data\path` on the Windows host. So you need to translate the path that you want to use into the correct format.) ⚠️️ **Attention**: Make sure that the path exists on the host before you create the volume! Otherwise everything will bug out!
+(The value `/host_mnt/c/your/data/path` in this example would be equivalent to `C:\your\data\path` on the Windows host. So you need to translate the path that you want to use into the correct format.) ⚠️️ **Attention**: Make sure that the path exists on the host before you create the volume! Otherwise everything will bug out!
+
+### Can I use a CIFS/SMB share as Nextcloud's datadir?
+
+Sure. Add this to the `/etc/fstab` file: <br>
+`<your-storage-host-and-subpath> <your-mount-dir> cifs rw,credentials=<your-credentials-file>,uid=33,gid=0,file_mode=0770,dir_mode=0770 0 0`<br>
+(Of course you need to modify `<your-storage-host-and-subpath>`, `<your-mount-dir>` and `<your-credentials-file>` for your specific case.)
+
+One example could look like this:<br>
+`//your-storage-host/subpath /mnt/storagebox cifs rw,credentials=/etc/storage-credentials,uid=33,gid=0,file_mode=0770,dir_mode=0770 0 0`<br>
+and add into `/etc/storage-credentials`:
+```
+username=<smb/cifs username>
+password=<password>
+```
+(Of course you need to modify `<smb/cifs username>` and `<password>` for your specific case.)
+
+Now you can use `/mnt/storagebox` as Nextcloud's datadir like described in the section above above this one.
 
 ### How to allow the Nextcloud container to access directories on the host?
 By default, the Nextcloud container is confined and cannot access directories on the host OS. You might want to change this when you are planning to use local external storage in Nextcloud to store some files outside the data directory and can do so by adding the environmental variable `NEXTCLOUD_MOUNT` to the initial startup of the mastercontainer. Allowed values for that variable are strings that start with `/` and are not equal to `/`.
@@ -467,7 +484,7 @@ If you get an error during the domain validation which states that your ip-addre
 You can run AIO also with docker rootless. How to do this is documented here: [docker-rootless.md](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md)
 
 ### How to change the Nextcloud apps that are installed on the first startup?
-You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="deck tasks calendar contacts"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'.
+You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `-e NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
 
 ### How to add packets permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
@@ -479,6 +496,12 @@ Some Nextcloud apps require additional php extensions that must be bundled withi
 
 You can do so by adding `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS="imagick extension1 extension2"` to the docker run command of the mastercontainer and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available extensions here: https://pecl.php.net/packages.php. By default added is `imagick`. If you want to keep that, you need to specify it as well.
 
+### What about the pdlib PHP extension for the facerecognition app?
+The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requires the pdlib PHP extension to be installed. Unfortunately, it is not available on PECL nor via PHP core, so there is no way to add this into AIO currently. However you can vote up [this issue](https://github.com/goodspb/pdlib/issues/56) to bring it to PECL and there is the [recognize app](https://apps.nextcloud.com/apps/recognize) that also allows to do face-recognition.
+
+### How to enable hardware-transcoding for Nextcloud?
+The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `-e NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer which will mount the `/dev/dri` device into the container (⚠️ Attention: this only works if the device is present on the host!). Additionally, you need to add required packets to the Nextcloud container by using [this feature](https://github.com/nextcloud/all-in-one#how-to-add-packets-permanently-to-the-nextcloud-container) and adding the required Alpine packages that are documented [here](https://github.com/pulsejet/memories/wiki/QSV-Transcoding).
+
 ### Huge docker logs
 When your containers run for a few days without a restart, the container logs that you can view from the AIO interface can get really huge. You can limit the loge sizes by enabling logrotate for docker container logs. Feel free to enable this by following those instructions: https://sandro-keil.de/blog/logrotate-for-docker-container/
 
@@ -488,7 +511,7 @@ The files and folders that you add to Nextcloud are by default stored in the fol
 After you are done modifying/adding/deleting files/folders, don't forget to apply the correct permissions by running: `sudo chown -R 33:0 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and `sudo chmod -R 750 /var/lib/docker/volumes/nextcloud_aio_nextcloud_data/_data/*` and rescan the files with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all`.
 
 ### How to store the files/installation on a separate drive?
-You can move the whole docker library and all its files including all Nextcloud AIO files and folders to a separate drive by first mounting the drive in the host OS (NTFS is not supported) and then following this tutorial: https://www.guguweb.com/2019/02/07/how-to-move-docker-data-directory-to-another-location-on-ubuntu/<br>
+You can move the whole docker library and all its files including all Nextcloud AIO files and folders to a separate drive by first mounting the drive in the host OS (NTFS is not supported and ext4 is recommended as FS) and then following this tutorial: https://www.guguweb.com/2019/02/07/how-to-move-docker-data-directory-to-another-location-on-ubuntu/<br>
 (Of course docker needs to be installed first for this to work.)
 
 ### How to edit Nextclouds config.php file with a texteditor?

reverse-proxy.md

@@ -1,15 +1,16 @@
 # Reverse Proxy Documentation
 
-**Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 4](#4-optional-get-a-valid-certificate-for-the-aio-interface). 
+**Please note:** Publishing the AIO interface with a valid certificate to the public internet is **not** the goal of this documentation! Instead, the main goal is to publish Nextcloud with a valid certificate to the public internet which is **not** running inside the mastercontainer but in a different container! If you need a valid certificate for the AIO interface, see [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface). 
 
 In order to run Nextcloud behind a reverse proxy, you need to specify the port that the Apache container shall use, add a specific config to your reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example Apache port which will be exposed on the host. Modify it to your needings.
 
-**Attention** The process to run Nextcloud behind a reverse proxy consists of at least these 2 steps:
+**Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-add-this-to-your-reverse-proxy-config)**
 1. **Use the in this document provided startup command! See [point 2](#2-use-this-startup-command)**
-1. If the reverse proxy is installed on the same host, you should limit the apache container to only listen on localhost. See [point 3](#3-if-the-reverse-proxy-is-installed-on-the-same-host-you-should-configure-the-apache-container-to-only-listen-on-localhost)
-- Optional: get a valid certificate for the AIO interface! See [point 4](#4-optional-get-a-valid-certificate-for-the-aio-interface)
-- How to debug things? See [point 5](#5-how-to-debug-things)
+1. Optional: If the reverse proxy is installed on the same host, you should limit the apache container to only listen on localhost. See [point 3](#3-if-the-reverse-proxy-is-installed-on-the-same-host-you-should-configure-the-apache-container-to-only-listen-on-localhost)
+1. **Open the AIO interface. See [point 4](#4-open-the-aio-interface)**
+1. Optional: Get a valid certificate for the AIO interface! See [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface)
+1. Optional: How to debug things? See [point 6](#6-how-to-debug-things)
 
 ## 1. Add this to your reverse proxy config
 
@@ -45,10 +46,11 @@ Add this as a new Apache site config:
     RewriteEngine On
     ProxyPreserveHost On
     AllowEncodedSlashes NoDecode
-    ProxyPass / http://localhost:11000/
+    ProxyPass / http://localhost:11000/ nocanon
     RewriteCond %{HTTP:Upgrade} websocket [NC]
     RewriteCond %{HTTP:Connection} upgrade [NC]
-    RewriteRule ^/?(.*) "ws://localhost:11000/$1" [P,QSA,B=?:;]
+    RewriteCond %{THE_REQUEST} "^[a-zA-Z]+ /(.*) HTTP/\d+(\.\d+)?$"
+    RewriteRule .? "ws://localhost:11000/%1" [P,L]
 
     # Enable h2, h2c and http1.1
     Protocols h2 h2c http/1.1
@@ -471,16 +473,14 @@ nextcloud/all-in-one:latest
 
 Simply translate the docker run command into a docker-compose file. You can have a look at [this file](https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml) for some inspiration but you will need to modify it either way. You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
 
----
-
-### How to continue? 
-After using the above command, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`. Enter your domain that you've entered in the reverse proxy config and you should be done. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
-
 ## 3. If the reverse proxy is installed on the same host, you should configure the apache container to only listen on localhost.
 
 Use this envorinmental variable during the initial startup of the mastercontainer to make the apache container only listen on localhost: `-e APACHE_IP_BINDING=127.0.0.1`. **Attention:** This is only recommended to be set if you use `localhost` in your reverse proxy config to connect to your AIO instance. If you use an ip-address, you can either simply skip this step or set it to `0.0.0.0` if you are unsure what the correct value is.
 
-## 4. Optional: get a valid certificate for the AIO interface
+## 4. Open the AIO interface.
+After starting AIO, you should be able to access the AIO Interface via `https://ip.address.of.the.host:8080`. Enter your domain that you've entered in the reverse proxy config and you should be done. Please do not forget to open port `3478/TCP` and `3478/UDP` in your firewall/router for the Talk container!
+
+## 5. Optional: get a valid certificate for the AIO interface
 
 If you want to also access your AIO interface publicly with a valid certificate, you can add e.g. the following config to your Caddyfile:
 
@@ -498,7 +498,7 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
 
 Afterwards should the AIO interface be accessible via `https://ip.address.of.the.host:8443`. You can alternatively change the domain to a different subdomain by using `https://<your-alternative-domain>:443` instead of `https://<your-nc-domain>:8443` in the Caddyfile and use that to access the AIO interface.
 
-## 5. How to debug things?
+## 6. How to debug things?
 If something does not work, follow the steps below:
 1. Make sure to exactly follow the whole reverse proxy documentation step-for-step from top to bottom!
 1. Make sure that the reverse proxy is running on the host OS or if running in a container, connected to the host network. If that is not possible, substitute `localhost` in the default configurations by the ip-address that you can easily get when running the following command on the host OS: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` (The command only works on Linux)

tests/QA/060-environmental-variables.md

@@ -15,8 +15,9 @@
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
 See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
 - [ ] When starting the mastercontainer with `-e COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.
-- [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `deck tasks calendar contacts`.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `deck twofactor_totp tasks calendar contacts`.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed and not imagemagick.
 - [ ] When starting the mastercontainer with `-e NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension.
+- [ ] When starting the mastercontainer with `-e NEXTCLOUD_ENABLE_DRI_DEVICE=true`, the resulting Nextcloud container should have the /dev/dri device mounted into the container. (Only works if a `/dev/dri` device is present on the host)
 
 You can now continue with [070-timezone-change.md](./070-timezone-change.md)