fix initial options not showing up

Signed-off-by: Simon L <szaimen@e.mail.de>

.github/workflows/command-rebase.yml

@@ -23,7 +23,7 @@ jobs:
 
     steps:
       - name: Add reaction on start
-        uses: peter-evans/create-or-update-comment@v2
+        uses: peter-evans/create-or-update-comment@v3
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           repository: ${{ github.event.repository.full_name }}
@@ -42,7 +42,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}
 
       - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@v2
+        uses: peter-evans/create-or-update-comment@v3
         if: failure()
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}

.github/workflows/dependency-updates.yml

@@ -19,17 +19,18 @@ jobs:
       run: |
         set -x
         cd ./php
-        composer update
-        set +e
-        ALL_LINES="$(composer outdated | grep -v "^$\|Direct dependencies\|Everything up to date\|Transitive dependencies")"
-        set -e
-        while [ -n "$ALL_LINES" ]; do
-          CURRENT_LINE="$(echo "$ALL_LINES" | head -1)"
-          composer require "$(echo "$CURRENT_LINE" | awk '{print $1}')" "^$(echo "$CURRENT_LINE" | awk '{print $4}')" --with-all-dependencies
-          ALL_LINES="$(echo "$ALL_LINES" | sed '1d')"
-        done
-        echo "outdated dependencies:
-        $(composer outdated)"
+        composer update --with-all-dependencies
+        # Disable dependency updates for now
+        # set +e
+        # ALL_LINES="$(composer outdated | grep -v "^$\|Direct dependencies\|Everything up to date\|Transitive dependencies")"
+        # set -e
+        # while [ -n "$ALL_LINES" ]; do
+        #   CURRENT_LINE="$(echo "$ALL_LINES" | head -1)"
+        #   composer require "$(echo "$CURRENT_LINE" | awk '{print $1}')" "^$(echo "$CURRENT_LINE" | awk '{print $4}')" --with-all-dependencies
+        #   ALL_LINES="$(echo "$ALL_LINES" | sed '1d')"
+        # done
+        # echo "outdated dependencies:
+        # $(composer outdated)"
     - name: Update apcu
       run: |
         # APCU
@@ -43,12 +44,12 @@ jobs:
         )"
         sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v4
+      uses: peter-evans/create-pull-request@v5
       with:
         commit-message: dependency updates
         signoff: true
         title: Dependency updates
         body: Automated dependency updates since dependabot does not support grouped updates
-        labels: dependencies, enhancement
+        labels: dependencies, 3. to review
         milestone: next
         branch: aio-dependency-update

.github/workflows/helm-release.yml

@@ -0,0 +1,48 @@
+
+name: Helm Chart Releaser
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'nextcloud-aio-helm-chart/**'
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Turnstyle
+        uses: softprops/turnstyle@v1
+        with:
+          continue-after-seconds: 180
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN  }}
+
+      - name: Fetch history
+        run: git fetch --prune --unshallow
+
+      - name: Configure Git
+        run: |
+          git config user.name "$GITHUB_ACTOR"
+          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
+
+      # See https://github.com/helm/chart-releaser-action/issues/6
+      - name: Set up Helm
+        uses: azure/setup-helm@v3.1
+        with:
+          version: v3.6.3
+
+      - name: Run chart-releaser
+        # TODO: switch back @main to a specific version like @v1.5.1 or higher
+        uses: helm/chart-releaser-action@main
+        with:
+          mark_as_latest: false
+          charts_dir: .
+        env:
+          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}"
+          CR_SKIP_EXISTING: true

.github/workflows/imaginary-update.yml

@@ -0,0 +1,33 @@
+name: imaginary-update
+
+on:
+  workflow_dispatch:
+  schedule:
+  - cron:  '00 12 * * *'
+
+jobs:
+  run_update:
+    name: update to latest imaginary commit on master branch
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - name: Run imaginary-update
+      run: |
+        # Imaginary
+        imaginary_version="$(
+          git ls-remote https://github.com/h2non/imaginary master \
+            | cut -f1 \
+            | tail -1
+        )"
+        sed -i "s|go install github.com/h2non/imaginary.*|go install github.com/h2non/imaginary@$imaginary_version|" ./Containers/imaginary/Dockerfile
+        
+    - name: Create Pull Request
+      uses: peter-evans/create-pull-request@v5
+      with:
+        commit-message: imaginary-update automated change
+        signoff: true
+        title: Imaginary update
+        body: Automated Imaginary container update
+        labels: dependencies, 3. to review
+        milestone: next
+        branch: imaginary-container-update

.github/workflows/json-validator.yml

@@ -15,6 +15,6 @@ jobs:
         uses: actions/checkout@v3
       - name: Validate Json
         run: |
-          sudo apt install python3-pip --no-install-recommends
+          sudo apt-get install python3-pip --no-install-recommends
           sudo pip3 install json-spec
           json validate --schema-file=php/containers-schema.json --document-file=php/containers.json

.github/workflows/lint-php.yml

@@ -3,7 +3,7 @@
 # https://github.com/nextcloud/.github
 # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
 
-name: Lint
+name: PHP Lint
 
 on:
   pull_request:

.github/workflows/nextcloud-update.yml

@@ -66,12 +66,12 @@ jobs:
         sed -i "s|^ENV NEXTCLOUD_VERSION.*|ENV NEXTCLOUD_VERSION $NCVERSION|" ./Containers/nextcloud/Dockerfile
 
     - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v4
+      uses: peter-evans/create-pull-request@v5
       with:
         commit-message: nextcloud-update automated change
         signoff: true
         title: Nextcloud update
         body: Automated Nextcloud container update
-        labels: dependencies, enhancement
+        labels: dependencies, 3. to review
         milestone: next
         branch: nextcloud-container-update

.github/workflows/php-deprecation-detector.yml

@@ -26,4 +26,7 @@ jobs:
           cd php
           composer global require wapmorgan/php-deprecation-detector dev-master
           composer install
-          composer run php-deprecation-detector
+          composer run php-deprecation-detector | tee -i ./phpdd.log
+          if grep "Total issues:" ./phpdd.log; then
+            exit 1
+          fi

.github/workflows/psalm-update-baseline.yml

@@ -31,7 +31,7 @@ jobs:
         continue-on-error: true
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@v5
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           commit-message: Update psalm baseline
@@ -42,7 +42,8 @@ jobs:
           # Make sure we can open multiple PRs
           branch-suffix: timestamp
           title: '[Automated] Update psalm-baseline.xml'
+          milestone: next
           body: |
             Auto-generated update psalm-baseline.xml with fixed psalm warnings
           labels: |
-            3. to review
+            3. to review, dependencies

.github/workflows/twig-lint.yml

@@ -0,0 +1,55 @@
+name: Twig Lint
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+concurrency: 
+  group: lint-twig-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  twig-lint:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        php-versions: ["8.1"]
+
+    name: twig-lint
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up php ${{ matrix.php-versions }}
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: ${{ matrix.php-versions }}
+          coverage: none
+
+      - name: twig lint
+        run: |
+          cd php
+          composer require sserbin/twig-linter:@dev --no-progress --dev
+          composer install
+          chmod +x ./vendor/bin/twig-linter
+          ./vendor/bin/twig-linter lint ./templates
+
+  summary:
+    permissions:
+      contents: none
+    runs-on: ubuntu-latest
+    needs: twig-lint
+
+    if: always()
+
+    name: twig-lint-summary
+
+    steps:
+      - name: Summary status
+        run: if ${{ needs.twig-lint.result != 'success' && needs.twig-lint.result != 'skipped' }}; then exit 1; fi

.github/workflows/update-helm.yml

@@ -17,17 +17,17 @@ jobs:
           DOCKER_TAG="$(curl -L -s 'https://registry.hub.docker.com/v2/repositories/nextcloud/all-in-one/tags?page_size=1024' | jq '."results"[]["name"]' | sed 's|"||g' | grep '^20' | sort -r | head -1)"
           DOCKER_TAG="${DOCKER_TAG%%-latest*}"
           export DOCKER_TAG
-          if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
-            sudo bash helm-chart/update-helm.sh "$DOCKER_TAG"
+          if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
+            sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
           fi
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@v5
         with:
           commit-message: Helm Chart updates
           signoff: true
           title: Helm Chart updates
           body: Automated Helm Chart updates for the yaml files. It can be merged if it looks good at any time which will automatically trigger a new release of the helm chart.
-          labels: dependencies
+          labels: dependencies, 3. to review
           milestone: next
           branch: aio-helm-update
           token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/update-yaml.yml

@@ -16,13 +16,13 @@ jobs:
         run: |
           sudo bash manual-install/update-yaml.sh
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v4
+        uses: peter-evans/create-pull-request@v5
         with:
           commit-message: Yaml updates
           signoff: true
           title: Yaml updates
           body: Automated yaml updates for the docker-compose files. Should only be merged shortly before the next latest release.
-          labels: dependencies
+          labels: dependencies, 3. to review
           milestone: next
           branch: aio-yaml-update
           token: ${{ secrets.GITHUB_TOKEN }}

Containers/apache/Dockerfile

@@ -1,7 +1,7 @@
 # Caddy is a requirement
 FROM caddy:2.6.4-alpine as caddy
 
-FROM httpd:2.4.56-alpine3.17
+FROM httpd:2.4.57-alpine3.17
 
 RUN set -ex; \
     apk add --no-cache shadow; \

Containers/apache/healthcheck.sh

@@ -2,8 +2,5 @@
 
 nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
 nc -z localhost 8000 || exit 1
-if [ "$APACHE_PORT" != '443' ]; then
-    nc -z localhost "$APACHE_PORT" || exit 1
-else
-    nc -z "$NC_DOMAIN" "$APACHE_PORT" || exit 1
-fi
+nc -z localhost "$APACHE_PORT" || exit 1
+nc -z "$NC_DOMAIN" 443 || exit 1

Containers/borgbackup/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.17.2
+FROM alpine:3.17.3
 
 RUN set -ex; \
     \
@@ -13,11 +13,8 @@ RUN set -ex; \
 
 VOLUME /root
 
-COPY start.sh /usr/bin/
-COPY backupscript.sh /
-RUN chmod +x /usr/bin/start.sh; \
-    chmod +x /backupscript.sh
+COPY --chmod=770 *.sh /
+
+ENTRYPOINT ["/start.sh"]
 
-USER root
-ENTRYPOINT ["start.sh"]
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

Containers/borgbackup/backupscript.sh

@@ -127,7 +127,7 @@ if [ "$BORG_MODE" = backup ]; then
     # Borg options
     # auto,zstd compression seems to has the best ratio based on:
     # https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6
-    BORG_OPTS=(-v --stats --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)
+    BORG_OPTS=(-v --stats --compression "auto,zstd" --exclude-caches)
 
     # Exclude the nextcloud log and audit log for GDPR reasons
     BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log")
@@ -139,6 +139,7 @@ if [ "$BORG_MODE" = backup ]; then
         echo "Deleting the failed backup archive..."
         borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-nextcloud-aio"
         echo "Backup failed!"
+        echo "You might want to check the backup integrity via the AIO interface."
         if [ "$NEW_REPOSITORY" = 1 ]; then
             echo "Deleting borg.config file so that you can choose a different location for the backup."
             rm "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config"
@@ -362,6 +363,7 @@ if [ "$BORG_MODE" = check ]; then
     # Perform the check
     if ! borg check -v --verify-data "$BORG_BACKUP_DIRECTORY"; then
         echo "Some errors were found while checking the backup integrity!"
+        echo "Check the AIO interface for advices on how to proceed now!"
         exit 1
     fi
 

Containers/clamav/Dockerfile

@@ -1,7 +1,10 @@
-# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/0.105/alpine/Dockerfile
-FROM clamav/clamav:1.0.1-1
+# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
+FROM clamav/clamav:1.1.0-1
 
-RUN apk add --no-cache tzdata
-COPY clamav.conf /tmp/
-RUN cat /tmp/clamav.conf >> /etc/clamav/clamd.conf
+COPY clamav.conf /tmp/clamav.conf
+
+RUN set -ex; \
+    apk add --no-cache tzdata; \
+    cat /tmp/clamav.conf | tee -a /etc/clamav/clamd.conf; \
+    rm /tmp/clamav.conf
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

Containers/collabora/Dockerfile

@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:22.05.10.8.1
+FROM collabora/code:22.05.13.1.1
 
 USER root
 

Containers/domaincheck/Dockerfile

@@ -1,18 +1,16 @@
-FROM alpine:3.17.2
-RUN apk add --no-cache lighttpd bash netcat-openbsd
+FROM alpine:3.17.3
+RUN set -ex; \
+    apk add --no-cache bash lighttpd netcat-openbsd; \
+    adduser -S www-data -G www-data; \
+    rm -rf /etc/lighttpd/lighttpd.conf; \
+    chmod +r -R /etc/lighttpd; \
+    mkdir -p /var/www/domaincheck; \
+    chown www-data:www-data -R /var/www
+COPY --chown=www-data:www-data lighttpd.conf /etc/lighttpd/lighttpd.conf
 
-RUN adduser -S www-data -G www-data
-RUN rm -rf /etc/lighttpd/lighttpd.conf
-COPY lighttpd.conf /etc/lighttpd/lighttpd.conf
-RUN chmod +r -R /etc/lighttpd && \
-    chown www-data:www-data -R /var/www && \
-    chown www-data:www-data /etc/lighttpd/lighttpd.conf
-
-COPY start.sh /
-RUN chmod +x /start.sh
+COPY --chmod=775 start.sh /start.sh
 
 USER www-data
-RUN mkdir -p /var/www/domaincheck/
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD nc -z localhost $APACHE_PORT || exit 1

Containers/fulltextsearch/Dockerfile

@@ -1,15 +1,15 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:7.17.9
-
-RUN elasticsearch-plugin install --batch ingest-attachment
+FROM elasticsearch:7.17.10
 
 RUN set -ex; \
     \
+    export DEBIAN_FRONTEND=noninteractive; \
     apt-get update; \
     apt-get install -y --no-install-recommends \
         tzdata \
     ; \
-    rm -rf /var/lib/apt/lists/*
+    rm -rf /var/lib/apt/lists/*; \
+    elasticsearch-plugin install --batch ingest-attachment
 
 HEALTHCHECK CMD nc -z localhost 9200 || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

Containers/imaginary/Dockerfile

@@ -1,29 +1,33 @@
-# From https://github.com/h2non/imaginary/blob/master/Dockerfile
-FROM nextcloud/imaginary:20230301
-
-USER root
+FROM golang:1.20.4-alpine3.17 as go
 RUN set -ex; \
-    \
-    apt-get update; \
-    apt-get install -y --no-install-recommends \
-        netcat \
-    ; \
-    echo "deb http://deb.debian.org/debian bookworm main" > /etc/apt/sources.list.d/bookworm.list; \
-    apt-get update; \
-    apt-get install -t bookworm -y --no-install-recommends \
-        libheif1 \
-        libde265-0 \
-        libx265-199 \
-        libvips \
-    ; \
-    rm /etc/apt/sources.list.d/bookworm.list; \
-    rm -rf /var/lib/apt/lists/*
+    apk add --no-cache \
+        vips-dev \
+        vips-magick \
+        vips-heif \
+        vips-jxl \
+        vips-poppler \
+        build-base; \
+    go install github.com/h2non/imaginary@b632dae8cc321452c3f85bcae79c580b1ae1ed84
+
+FROM alpine:3.17.3
+RUN set -ex; \
+    apk add --no-cache \
+        tzdata \
+        ca-certificates \
+        netcat-openbsd \
+        vips \
+        vips-magick \
+        vips-heif \
+        vips-jxl \
+        vips-poppler
+
+COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary
+
 USER nobody
 
-ENTRYPOINT ["/usr/local/bin/imaginary", "-return-size", "-max-allowed-resolution", "222.2"]
-
-HEALTHCHECK CMD nc -z localhost 9000 || exit 1
-LABEL com.centurylinklabs.watchtower.monitor-only="true"
-
 # https://github.com/h2non/imaginary#memory-issues
 ENV MALLOC_ARENA_MAX=2
+ENTRYPOINT ["imaginary", "-p", "9000", "-return-size", "-max-allowed-resolution", "222.2"]
+
+HEALTHCHECK CMD nc -z localhost 9000 || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"

Containers/mastercontainer/Dockerfile

@@ -1,11 +1,11 @@
 # Docker CLI is a requirement
-FROM docker:23.0.1-dind as dind
+FROM docker:23.0.5-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.6.4-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.1/alpine3.17/fpm/Dockerfile
-FROM php:8.1.16-fpm-alpine3.17
+FROM php:8.1.18-fpm-alpine3.17
 
 RUN set -ex; \
     apk add --no-cache shadow; \
@@ -62,7 +62,7 @@ RUN set -ex; \
 COPY --from=caddy /usr/bin/caddy /usr/bin/
 RUN chmod +x /usr/bin/caddy
 
-COPY --from=dind /usr/local/bin/docker /usr/local/bin/
+COPY --from=docker /usr/local/bin/docker /usr/local/bin/
 RUN chmod +x /usr/local/bin/docker
 
 RUN set -e && \
@@ -71,9 +71,11 @@ RUN set -e && \
     chmod +x /usr/local/bin/composer; \
     cd /var/www/docker-aio; \
     git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
+    find ./ -not -path ./php -maxdepth 1 -mindepth 1 -delete; \
+    chown www-data:www-data -R /var/www/docker-aio; \
     cd php; \
-    composer install --no-dev; \
-    composer clearcache; \
+    sudo -u www-data composer install --no-dev; \
+    sudo -u www-data composer clearcache; \
     cd ..; \
     rm -f /usr/local/bin/composer; \
     chmod 770 -R ./; \

Containers/mastercontainer/start.sh

@@ -6,6 +6,12 @@ print_green() {
     printf "%b%s%b\n" "\e[0;92m" "$TEXT" "\e[0m"
 }
 
+# Function to show text in red
+print_red() {
+    local TEXT="$1"
+    printf "%b%s%b\n" "\e[0;31m" "$TEXT" "\e[0m"
+}
+
 # Function to check if number was provided
 check_if_number() {
 case "${1}" in
@@ -16,10 +22,11 @@ esac
 
 # Check if socket is available and readable
 if ! [ -a "/var/run/docker.sock" ]; then
-    echo "Docker socket is not available. Cannot continue."
+    print_red "Docker socket is not available. Cannot continue."
+    echo "If you did this by purpose because you don't want the container to have access to the docker socket, see https://github.com/nextcloud/all-in-one/tree/main/manual-install."
     exit 1
 elif ! mountpoint -q "/mnt/docker-aio-config"; then
-    echo "/mnt/docker-aio-config is not a mountpoint. Cannot proceed!"
+    print_red "/mnt/docker-aio-config is not a mountpoint. Cannot proceed!"
     exit 1
 elif ! sudo -u www-data test -r /var/run/docker.sock; then
     echo "Trying to fix docker.sock permissions internally..."
@@ -40,14 +47,14 @@ elif ! sudo -u www-data test -r /var/run/docker.sock; then
         usermod -aG docker www-data
     fi
     if ! sudo -u www-data test -r /var/run/docker.sock; then
-        echo "Docker socket is not readable by the www-data user. Cannot continue."
+        print_red "Docker socket is not readable by the www-data user. Cannot continue."
         exit 1
     fi
 fi
 
 # Check if api version is supported
 if ! sudo -u www-data docker info &>/dev/null; then
-    echo "Cannot connect to the docker socket. Cannot proceed."
+    print_red "Cannot connect to the docker socket. Cannot proceed."
     exit 1
 fi
 API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)"
@@ -57,7 +64,7 @@ API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
 LOCAL_API_VERSION_NUMB="$(sudo -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
 if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
     if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
-        echo "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
+        print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
         exit 1
     fi
 else
@@ -78,15 +85,16 @@ fi
 
 # Check if startup command was executed correctly
 if ! sudo -u www-data docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; then
-    echo "It seems like you did not give the mastercontainer the correct name? (The 'nextcloud-aio-mastercontainer' container was not found.)
-Using a different name is not supported since mastercontainer updates will not work in that case!"
+    print_red "It seems like you did not give the mastercontainer the correct name? (The 'nextcloud-aio-mastercontainer' container was not found.)
+Using a different name is not supported since mastercontainer updates will not work in that case!
+If you are on docker swarm and try to run AIO, see https://github.com/nextcloud/all-in-one#can-i-run-this-with-docker-swarm"
     exit 1
 elif ! sudo -u www-data docker volume ls --format "{{.Name}}" | grep -q "^nextcloud_aio_mastercontainer$"; then
-    echo "It seems like you did not give the mastercontainer volume the correct name? (The 'nextcloud_aio_mastercontainer' volume was not found.)
+    print_red "It seems like you did not give the mastercontainer volume the correct name? (The 'nextcloud_aio_mastercontainer' volume was not found.)
 Using a different name is not supported since the built-in backup solution will not work in that case!"
     exit 1
 elif ! sudo -u www-data docker inspect nextcloud-aio-mastercontainer | grep -q "nextcloud_aio_mastercontainer"; then
-    echo "It seems like you did not attach the 'nextcloud_aio_mastercontainer' volume to the mastercontainer?
+    print_red "It seems like you did not attach the 'nextcloud_aio_mastercontainer' volume to the mastercontainer?
 This is not supported since the built-in backup solution will not work in that case!"
     exit 1
 fi
@@ -94,34 +102,34 @@ fi
 # Check for other options
 if [ -n "$NEXTCLOUD_DATADIR" ]; then
     if [ "$NEXTCLOUD_DATADIR" = "nextcloud_aio_nextcloud_datadir" ]; then
-        echo "NEXTCLOUD_DATADIR is set to $NEXTCLOUD_DATADIR"
+        sleep 1
     elif ! echo "$NEXTCLOUD_DATADIR" | grep -q "^/" || [ "$NEXTCLOUD_DATADIR" = "/" ]; then
-        echo "You've set NEXTCLOUD_DATADIR but not to an allowed value.
-The string must start with '/' and must not be equal to '/'.
+        print_red "You've set NEXTCLOUD_DATADIR but not to an allowed value.
+The string must start with '/' and must not be equal to '/'. Also allowed is 'nextcloud_aio_nextcloud_datadir'.
 It is set to '$NEXTCLOUD_DATADIR'."
         exit 1
     fi
 fi
 if [ -n "$NEXTCLOUD_MOUNT" ]; then
     if ! echo "$NEXTCLOUD_MOUNT" | grep -q "^/" || [ "$NEXTCLOUD_MOUNT" = "/" ]; then
-        echo "You've set NEXCLOUD_MOUNT but not to an allowed value.
+        print_red "You've set NEXCLOUD_MOUNT but not to an allowed value.
 The string must start with '/' and must not be equal to '/'.
 It is set to '$NEXTCLOUD_MOUNT'."
         exit 1
     elif [ "$NEXTCLOUD_MOUNT" = "/mnt/ncdata" ] || echo "$NEXTCLOUD_MOUNT" | grep -q "^/mnt/ncdata/"; then
-        echo "'/mnt/ncdata' and '/mnt/ncdata/' are not allowed as values for NEXTCLOUD_MOUNT."
+        print_red "'/mnt/ncdata' and '/mnt/ncdata/' are not allowed as values for NEXTCLOUD_MOUNT."
         exit 1
     fi
 fi
 if [ -n "$NEXTCLOUD_DATADIR" ] && [ -n "$NEXTCLOUD_MOUNT" ]; then
     if [ "$NEXTCLOUD_DATADIR" = "$NEXTCLOUD_MOUNT" ]; then
-        echo "NEXTCLOUD_DATADIR and NEXTCLOUD_MOUNT are not allowed to be equal."
+        print_red "NEXTCLOUD_DATADIR and NEXTCLOUD_MOUNT are not allowed to be equal."
         exit 1
     fi
 fi
 if [ -n "$NEXTCLOUD_UPLOAD_LIMIT" ]; then
     if ! echo "$NEXTCLOUD_UPLOAD_LIMIT" | grep -q '^[0-9]\+G$'; then
-        echo "You've set NEXTCLOUD_UPLOAD_LIMIT but not to an allowed value.
+        print_red "You've set NEXTCLOUD_UPLOAD_LIMIT but not to an allowed value.
 The string must start with a number and end with 'G'.
 It is set to '$NEXTCLOUD_UPLOAD_LIMIT'."
         exit 1
@@ -129,7 +137,7 @@ It is set to '$NEXTCLOUD_UPLOAD_LIMIT'."
 fi
 if [ -n "$NEXTCLOUD_MAX_TIME" ]; then
     if ! echo "$NEXTCLOUD_MAX_TIME" | grep -q '^[0-9]\+$'; then
-        echo "You've set NEXTCLOUD_MAX_TIME but not to an allowed value.
+        print_red "You've set NEXTCLOUD_MAX_TIME but not to an allowed value.
 The string must be a number. E.g. '3600'.
 It is set to '$NEXTCLOUD_MAX_TIME'."
         exit 1
@@ -137,7 +145,7 @@ It is set to '$NEXTCLOUD_MAX_TIME'."
 fi
 if [ -n "$NEXTCLOUD_MEMORY_LIMIT" ]; then
     if ! echo "$NEXTCLOUD_MEMORY_LIMIT" | grep -q '^[0-9]\+M$'; then
-        echo "You've set NEXTCLOUD_MEMORY_LIMIT but not to an allowed value.
+        print_red "You've set NEXTCLOUD_MEMORY_LIMIT but not to an allowed value.
 The string must start with a number and end with 'M'.
 It is set to '$NEXTCLOUD_MEMORY_LIMIT'."
         exit 1
@@ -145,64 +153,64 @@ It is set to '$NEXTCLOUD_MEMORY_LIMIT'."
 fi
 if [ -n "$APACHE_PORT" ]; then
     if ! check_if_number "$APACHE_PORT"; then
-        echo "You provided an Apache port but did not only use numbers.
+        print_red "You provided an Apache port but did not only use numbers.
 It is set to '$APACHE_PORT'."
         exit 1
     elif ! [ "$APACHE_PORT" -le 65535 ] || ! [ "$APACHE_PORT" -ge 1 ]; then
-        echo "The provided Apache port is invalid. It must be between 1 and 65535"
+        print_red "The provided Apache port is invalid. It must be between 1 and 65535"
         exit 1
     fi
 fi
 if [ -n "$APACHE_IP_BINDING" ]; then
     if ! echo "$APACHE_IP_BINDING" | grep -q '^[0-9.]\+$'; then
-        echo "You provided an ip-address for the apache container's ip-binding but it was not a valid ip-address.
+        print_red "You provided an ip-address for the apache container's ip-binding but it was not a valid ip-address.
 It is set to '$APACHE_IP_BINDING'."
         exit 1
     fi
 fi
 if [ -n "$TALK_PORT" ]; then
     if ! check_if_number "$TALK_PORT"; then
-        echo "You provided an Talk port but did not only use numbers.
+        print_red "You provided an Talk port but did not only use numbers.
 It is set to '$TALK_PORT'."
         exit 1
     elif ! [ "$TALK_PORT" -le 65535 ] || ! [ "$TALK_PORT" -ge 1 ]; then
-        echo "The provided Talk port is invalid. It must be between 1 and 65535"
+        print_red "The provided Talk port is invalid. It must be between 1 and 65535"
         exit 1
     fi
 fi
 if [ -n "$APACHE_PORT" ] && [ -n "$TALK_PORT" ]; then
     if [ "$APACHE_PORT" = "$TALK_PORT" ]; then
-        echo "APACHE_PORT and TALK_PORT are not allowed to be equal."
+        print_red "APACHE_PORT and TALK_PORT are not allowed to be equal."
         exit 1
     fi
 fi
-if [ -n "$DOCKER_SOCKET_PATH" ]; then
-    if ! echo "$DOCKER_SOCKET_PATH" | grep -q "^/" || echo "$DOCKER_SOCKET_PATH" | grep -q "/$"; then
-        echo "You've set DOCKER_SOCKET_PATH but not to an allowed value.
+if [ -n "$WATCHTOWER_DOCKER_SOCKET_PATH" ]; then
+    if ! echo "$WATCHTOWER_DOCKER_SOCKET_PATH" | grep -q "^/" || echo "$WATCHTOWER_DOCKER_SOCKET_PATH" | grep -q "/$"; then
+        print_red "You've set WATCHTOWER_DOCKER_SOCKET_PATH but not to an allowed value.
 The string must start with '/' and must not end with '/'.
-It is set to '$DOCKER_SOCKET_PATH'."
+It is set to '$WATCHTOWER_DOCKER_SOCKET_PATH'."
         exit 1
     fi
 fi
 if [ -n "$NEXTCLOUD_TRUSTED_CACERTS_DIR" ]; then
     if ! echo "$NEXTCLOUD_TRUSTED_CACERTS_DIR" | grep -q "^/" || echo "$NEXTCLOUD_TRUSTED_CACERTS_DIR" | grep -q "/$"; then
-        echo "You've set NEXTCLOUD_TRUSTED_CACERTS_DIR but not to an allowed value.
+        print_red "You've set NEXTCLOUD_TRUSTED_CACERTS_DIR but not to an allowed value.
 It should be an absolute path to a directory that starts with '/' but not end with '/'.
 It is set to '$NEXTCLOUD_TRUSTED_CACERTS_DIR '."
         exit 1
     fi
 fi
 if [ -n "$NEXTCLOUD_STARTUP_APPS" ]; then
-    if ! echo "$NEXTCLOUD_STARTUP_APPS" | grep -q "^[a-z _-]\+$"; then
-        echo "You've set NEXTCLOUD_STARTUP_APPS but not to an allowed value.
-It needs to be a string. Allowed are small letters a-z, spaces, hyphens and '_'.
+    if ! echo "$NEXTCLOUD_STARTUP_APPS" | grep -q "^[a-z0-9 _-]\+$"; then
+        print_red "You've set NEXTCLOUD_STARTUP_APPS but not to an allowed value.
+It needs to be a string. Allowed are small letters a-z, 0-9, spaces, hyphens and '_'.
 It is set to '$NEXTCLOUD_STARTUP_APPS'."
         exit 1
     fi
 fi
 if [ -n "$NEXTCLOUD_ADDITIONAL_APKS" ]; then
     if ! echo "$NEXTCLOUD_ADDITIONAL_APKS" | grep -q "^[a-z0-9 ._-]\+$"; then
-        echo "You've set NEXTCLOUD_ADDITIONAL_APKS but not to an allowed value.
+        print_red "You've set NEXTCLOUD_ADDITIONAL_APKS but not to an allowed value.
 It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens, dots and '_'.
 It is set to '$NEXTCLOUD_ADDITIONAL_APKS'."
         exit 1
@@ -210,7 +218,7 @@ It is set to '$NEXTCLOUD_ADDITIONAL_APKS'."
 fi
 if [ -n "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" ]; then
     if ! echo "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" | grep -q "^[a-z0-9 ._-]\+$"; then
-        echo "You've set NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS but not to an allowed value.
+        print_red "You've set NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS but not to an allowed value.
 It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens, dots and '_'.
 It is set to '$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS'."
         exit 1
@@ -221,9 +229,10 @@ fi
 # Prevents issues like https://github.com/nextcloud/all-in-one/discussions/565
 curl https://nextcloud.com &>/dev/null
 if [ "$?" = 6 ]; then
-    echo "Could not resolve the host nextcloud.com."
+    print_red "Could not resolve the host nextcloud.com."
     echo "Most likely the DNS resolving does not work."
-    echo "You should be able to fix this by adding the '--dns=\"ip.address.of.dns.server\"' option to the docker run command."
+    echo "You should be able to fix this by following https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html"
+    echo "Apart from that, there has been this: https://github.com/nextcloud/all-in-one/discussions/2065"
     exit 1
 fi
 
@@ -271,7 +280,7 @@ if [ -f ./ssl.crt ] && [ -f ./ssl.key ]; then
     cp "$GENERATED_CERTS/ssl.key" ./
 fi
 
-print_green "Initial startup of Nextcloud All In One complete!
+print_green "Initial startup of Nextcloud All-in-One complete!
 You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
 E.g. https://internal.ip.of.this.server:8080
 

Containers/nextcloud/Dockerfile

@@ -27,32 +27,21 @@ RUN set -ex; \
     apk add --no-cache --virtual .build-deps \
         $PHPIZE_DEPS \
         autoconf \
-        libtool \
         freetype-dev \
+        gmp-dev \
         icu-dev \
+        imagemagick-dev \
         libevent-dev \
         libjpeg-turbo-dev \
         libmcrypt-dev \
-        libpng-dev \
         libmemcached-dev \
+        libpng-dev \
+        libwebp-dev \
         libxml2-dev \
         libzip-dev \
         openldap-dev \
         pcre-dev \
         postgresql-dev \
-        libwebp-dev \
-        gmp-dev \
-        lcms2-dev \
-        fontconfig-dev \
-        freetype-dev \
-        ghostscript-dev \
-        tiff-dev \
-        zlib-dev \
-        imagemagick-dev \
-        libheif-dev \
-        librsvg-dev \
-        libxext-dev \
-        ghostscript-fonts \
     ; \
     \
     docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
@@ -61,13 +50,14 @@ RUN set -ex; \
         bcmath \
         exif \
         gd \
+        gmp \
         intl \
         ldap \
         opcache \
         pcntl \
         pdo_pgsql \
+        sysvsem \
         zip \
-        gmp \
     ; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
@@ -98,6 +88,8 @@ RUN { \
         echo 'opcache.interned_strings_buffer=32'; \
         echo 'opcache.save_comments=1'; \
         echo 'opcache.revalidate_freq=60'; \
+        echo 'opcache.jit=1255'; \
+        echo 'opcache.jit_buffer_size=128M'; \
     } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
     \
     echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
@@ -116,7 +108,7 @@ RUN { \
 
 VOLUME /var/www/html
 
-ENV NEXTCLOUD_VERSION 25.0.4
+ENV NEXTCLOUD_VERSION 25.0.6
 
 RUN set -ex; \
     apk add --no-cache --virtual .fetch-deps \
@@ -213,12 +205,8 @@ RUN set -ex; \
         mawk \
         sudo \
         grep \
-        coreutils \
-        libjpeg \
-        librsvg \
-        libheif \
-        libpng \
-        ghostscript-fonts;
+        nodejs \
+        coreutils;
 
 RUN set -ex; \
     grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
@@ -262,6 +250,11 @@ RUN set -ex; \
 
 VOLUME /mnt/ncdata
 
+RUN set -ex; \
+    mkdir -p /nc-updater; \
+    chown -R www-data:www-data /nc-updater; \
+    chmod -R 770 /nc-updater
+
 # Give root a random password
 RUN echo "root:$(openssl rand -base64 12)" | chpasswd
 

Containers/nextcloud/entrypoint.sh

@@ -39,7 +39,10 @@ $(stat -c "%u:%g %a" "$NEXTCLOUD_DATA_DIR")
 (userID:groupID permissions)
 but they should be:
 33:0 750
-(userID:groupID permissions)"
+(userID:groupID permissions)
+Also make sure that the parent directories on the host of the directory that you've chosen as datadir are publicly readable with e.g. 'sudo chmod +r /mnt' (adjust the command accordingly to your case) and the same for all subdirectories.
+Additionally, if you want to use a Fuse-mount as datadir, set 'allow_other' as additional mount option.
+For SMB/CIFS mounts as datadir, see https://github.com/nextcloud/all-in-one#can-i-use-a-cifssmb-share-as-nextclouds-datadir"
     exit 1
 fi
 rm "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
@@ -213,6 +216,12 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             fi
 
             # We do our own permission check so the permission check is not needed
+            cat << DATADIR_PERMISSION_CONF > /var/www/html/config/datadir.permission.config.php
+<?php
+\$CONFIG = array (
+  'check_data_directory_permissions' => false
+);
+DATADIR_PERMISSION_CONF
             php /var/www/html/occ config:system:set check_data_directory_permissions --value=false --type=bool
 
             # Try to force generation of appdata dir:
@@ -235,9 +244,43 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 fi
             fi
 
+            # This autoconfig is not needed anymore and should be able to be overwritten by the user
+            rm /var/www/html/config/datadir.permission.config.php
+
             # unset admin password
             unset ADMIN_PASSWORD
 
+            if [ "$INSTALL_LATEST_MAJOR" = yes ]; then
+                php /var/www/html/occ config:system:set updater.release.channel --value=beta
+                php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
+                php /var/www/html/updater/updater.phar --no-interaction
+                php /var/www/html/occ app:enable nextcloud-aio --force
+                if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
+                    echo "Installation of Nextcloud failed!"
+                    touch "$NEXTCLOUD_DATA_DIR/install.failed"
+                    exit 1
+                fi
+                # shellcheck disable=SC2016
+                installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
+                INSTALLED_MAJOR="${installed_version%%.*}"
+                IMAGE_MAJOR="${image_version%%.*}"
+                if ! [ "$INSTALLED_MAJOR" -gt "$IMAGE_MAJOR" ]; then
+                    php /var/www/html/occ config:system:set updater.release.channel --value=beta
+                    php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
+                    php /var/www/html/updater/updater.phar --no-interaction
+                    if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
+                        echo "Installation of Nextcloud failed!"
+                        touch "$NEXTCLOUD_DATA_DIR/install.failed"
+                        exit 1
+                    fi
+                fi
+                php /var/www/html/occ config:system:set updater.release.channel --value=stable
+                php /var/www/html/occ db:add-missing-indices
+                php /var/www/html/occ db:add-missing-columns
+                php /var/www/html/occ db:add-missing-primary-keys
+                yes | php /var/www/html/occ db:convert-filecache-bigint
+            fi
+
             # Apply log settings
             echo "Applying default settings..."
             mkdir -p /var/www/html/data
@@ -262,6 +305,7 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             php /var/www/html/occ config:system:set enabledPreviewProviders 4 --value="OC\\Preview\\TXT"
             php /var/www/html/occ config:system:set enabledPreviewProviders 5 --value="OC\\Preview\\OpenDocument"
             php /var/www/html/occ config:system:set enabledPreviewProviders 6 --value="OC\\Preview\\Movie"
+            php /var/www/html/occ config:system:set enabledPreviewProviders 7 --value="OC\\Preview\\Krita"
             php /var/www/html/occ config:system:set enable_previews --value=true --type=boolean
 
             # Apply other settings
@@ -296,11 +340,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 done
             fi
 
-            # Set the permission check to its default value again if not set
-            if [ "$SKIP_DATA_DIRECTORY_PERMISSION_CHECK" != yes ]; then
-                php /var/www/html/occ config:system:set check_data_directory_permissions --value=true --type=bool
-            fi
-
         #upgrade
         else
             touch "$NEXTCLOUD_DATA_DIR/update.failed"
@@ -359,6 +398,8 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
     # Performing update of all apps if daily backups are enabled, running and successful and if it is saturday
     if [ "$UPDATE_NEXTCLOUD_APPS" = 'yes' ] && [ "$(date +%u)" = 6 ]; then
         UPDATED_APPS="$(php /var/www/html/occ app:update --all)"
+        # Update all apps again and try to prevent something like https://github.com/nextcloud/polls/issues/2793 from happening
+        php /var/www/html/occ app:update --all
         if [ -n "$UPDATED_APPS" ]; then
              bash /notify.sh "Your apps just got updated!" "$UPDATED_APPS"
         fi
@@ -403,6 +444,7 @@ php /var/www/html/occ app:enable support
 echo "Adjusting log files..."
 php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
 php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log"
+php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
 
 # Apply network settings
 echo "Applying network settings..."
@@ -527,7 +569,8 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
     if [ -z "$(php /var/www/html/occ talk:turn:list --output="plain")" ]; then
         php /var/www/html/occ talk:turn:add turn "$NC_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
     fi
-    if php /var/www/html/occ talk:stun:list --output="plain" | grep -oP '[a-zA-Z.:0-9]+' | grep -q "^stun.nextcloud.com:443$"; then
+    STUN_SERVER="$(php /var/www/html/occ talk:stun:list --output="plain")"
+    if [ -z "$STUN_SERVER" ] || echo "$STUN_SERVER" | grep -oP '[a-zA-Z.:0-9]+' | grep -q "^stun.nextcloud.com:443$"; then
         php /var/www/html/occ talk:stun:add "$NC_DOMAIN:$TALK_PORT"
         php /var/www/html/occ talk:stun:delete "stun.nextcloud.com:443"
     fi

Containers/onlyoffice/Dockerfile

@@ -1,5 +1,5 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.3.2.8
+FROM onlyoffice/documentserver:7.3.3.50
 
 HEALTHCHECK CMD nc -z localhost 80 || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

Containers/redis/Dockerfile

@@ -1,13 +1,13 @@
 # From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
-FROM redis:7.0.9-alpine
+FROM redis:7.0.11-alpine
 
-RUN apk add --no-cache openssl bash
-
-COPY start.sh /usr/bin/
-RUN chmod +x /usr/bin/start.sh
+COPY --chmod=775 start.sh /usr/bin/start.sh
 
+RUN set -ex; \
+    apk add --no-cache openssl bash; \
+    \
 # Give root a random password
-RUN echo "root:$(openssl rand -base64 12)" | chpasswd
+    echo "root:$(openssl rand -base64 12)" | chpasswd
 
 USER redis
 ENTRYPOINT ["start.sh"]

Containers/talk/Dockerfile

@@ -1,69 +1,62 @@
-FROM ubuntu:focal-20230301
+FROM nats:2.9.16-scratch as nats
+FROM strukturag/nextcloud-spreed-signaling:1.1.2 as signaling
+FROM coturn/coturn:4.6.2-alpine
+USER root
+
+COPY --from=nats /nats-server /usr/local/bin/nats-server
+COPY --from=signaling /usr/bin/nextcloud-spreed-signaling /usr/local/bin/nextcloud-spreed-signaling
+
+COPY --chmod=775 start.sh /usr/bin/start.sh
+COPY --chmod=664 supervisord.conf /supervisord.conf
 
 RUN set -ex; \
-    \
-    apt-get update; \
-    apt-get install -y --no-install-recommends \
-        openssl \
-        coturn \
-        supervisor \
-        curl \
+    apk add --no-cache \
         ca-certificates \
-        netcat \
-        dnsutils \
-    ; \
-    rm -rf /var/lib/apt/lists/*
-
-RUN set -ex; \
-    curl -sL -o "/etc/apt/trusted.gpg.d/morph027-nats-server.asc" "https://packaging.gitlab.io/nats-server/gpg.key"; \
-    echo "deb https://packaging.gitlab.io/nats-server nats main" > /etc/apt/sources.list.d/morph027-nats-server.list; \
-    . /etc/lsb-release; \
-    curl -sL -o "/etc/apt/trusted.gpg.d/morph027-janus.asc" "https://packaging.gitlab.io/janus/gpg.key"; \
-    echo "deb https://packaging.gitlab.io/janus/$DISTRIB_CODENAME $DISTRIB_CODENAME main" > /etc/apt/sources.list.d/morph027-janus.list; \
-    curl -sL -o "/etc/apt/trusted.gpg.d/morph027-nextcloud-spreed-signaling.asc" "https://packaging.gitlab.io/nextcloud-spreed-signaling/gpg.key"; \
-    echo "deb https://packaging.gitlab.io/nextcloud-spreed-signaling signaling main" > /etc/apt/sources.list.d/morph027-nextcloud-spreed-signaling.list
-
-RUN set -ex; \
+        tzdata \
+        bash \
+        openssl \
+        supervisor \
+        bind-tools \
+        netcat-openbsd \
+        shadow \
+        util-linux \
+        build-base \
+        lua5.3-dev \
+        luarocks5.3; \
+    apk add --no-cache janus-gateway --repository http://dl-cdn.alpinelinux.org/alpine/edge/community; \
+    useradd --system talk; \
+    luarocks-5.3 install luajson; \
+    luarocks-5.3 install ansicolors; \
+    rename -v ".jcfg.sample" ".jcfg" /etc/janus/*.sample; \
+    apk del --no-cache \
+        shadow \
+        util-linux \
+        build-base \
+        lua5.3-dev \
+        luarocks5.3; \
     \
-    apt-get update; \
-    apt-get install -y --no-install-recommends \
-        nats-server \
-        janus \
-        nextcloud-spreed-signaling \
-    ; \
-    rm -rf /var/lib/apt/lists/*
-
-RUN adduser --system --group talk
-
-RUN mkdir /var/log/supervisord; \
-    mkdir /var/run/supervisord; \
-    chown talk:talk /var/run/supervisord; \
-    chown talk:talk /var/log/supervisord;
-
-COPY start.sh /usr/bin/
-COPY supervisord.conf /
-RUN chmod +x /usr/bin/start.sh; \
-    chmod +r /supervisord.conf; \
-    touch /etc/turnserver.conf; \
-    chown talk:talk /etc/turnserver.conf; \
-    sed -i '/TURNSERVER_ENABLED/c\TURNSERVER_ENABLED=1' /etc/default/coturn; \
-    mkdir -p /var/tmp;
-
-RUN curl -sL -o "/usr/share/janus/lua/json.lua" "https://raw.githubusercontent.com/rxi/json.lua/master/json.lua"; \
-    curl -sL -o "/usr/share/janus/lua/ansicolors.lua" "https://raw.githubusercontent.com/kikito/ansicolors.lua/master/ansicolors.lua"
-
-RUN mkdir -p /etc/nats; \
-    echo "listen: 127.0.0.1:4222" > /etc/nats/nats.conf; \
-    mkdir /var/lib/turn; \
-    chown talk:talk /etc; \
-    chown talk:talk -R /etc/nats; \
-    chown talk:talk -R /etc/janus; \
-    chown talk:talk -R /etc/signaling; \
-    chown talk:talk -R /usr; \
-    chown talk:talk -R /var/lib/turn;
-
 # Give root a random password
-RUN echo "root:$(openssl rand -base64 12)" | chpasswd
+    echo "root:$(openssl rand -base64 12)" | chpasswd; \
+    \
+    touch \
+        /etc/nats.conf \
+        /etc/signaling.conf \
+        /etc/turnserver.conf; \
+    echo "listen: 127.0.0.1:4222" | tee /etc/nats.conf; \
+    mkdir -p \
+        /var/tmp \
+        /var/lib/turn \
+        /var/log/supervisord \
+        /var/run/supervisord; \
+    chown talk:talk -R \
+        /usr \
+        /etc/janus \
+        /etc/nats.conf \
+        /etc/signaling.conf \
+        /etc/turnserver.conf \
+        /var/lib/turn \
+        /var/log/supervisord \
+        /var/run/supervisord;
 
 # Set default talk port https://github.com/nextcloud/all-in-one/issues/1011
 ENV TALK_PORT=3478
@@ -72,5 +65,5 @@ USER talk
 ENTRYPOINT ["start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
-HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost $TALK_PORT) || exit 1
+HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost "$TALK_PORT" && nc -z "$NC_DOMAIN" "$TALK_PORT") || exit 1
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

Containers/talk/start.sh

@@ -20,7 +20,6 @@ set +x
 cat << TURN_CONF > "/etc/turnserver.conf"
 listening-port=$TALK_PORT
 fingerprint
-lt-cred-mech
 use-auth-secret
 static-auth-secret=$TURN_SECRET
 realm=$NC_DOMAIN
@@ -51,16 +50,8 @@ denied-peer-ip=203.0.113.0-203.0.113.255
 denied-peer-ip=240.0.0.0-255.255.255.255
 TURN_CONF
 
-# Janus
-set -x
-sed -i 's|#interface.*|interface = "lo"|g' /etc/janus/janus.transport.websockets.jcfg
-sed -i 's|#ws_interface.*|ws_interface = "lo"|g' /etc/janus/janus.transport.websockets.jcfg
-sed -i 's|certfile =|#certfile =|g' /etc/janus/janus.transport.mqtt.jcfg
-sed -i 's|keyfile =|#keyfile =|g' /etc/janus/janus.transport.mqtt.jcfg
-set +x
-
 # Signling
-cat << SIGNALING_CONF > "/etc/signaling/server.conf"
+cat << SIGNALING_CONF > "/etc/signaling.conf"
 [http]
 listen = 0.0.0.0:8081
 

Containers/talk/supervisord.conf

@@ -13,25 +13,25 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=turnserver
+command=turnserver -c /etc/turnserver.conf
 
 [program:nats-server]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=nats-server -c /etc/nats/nats.conf
+command=nats-server -c /etc/nats.conf
 
 [program:janus]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=/usr/bin/janus --config=/etc/janus/janus.jcfg --disable-colors --log-stdout
+command=janus --config=/etc/janus/janus.jcfg --disable-colors --log-stdout
 
 [program:signaling]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=signaling --config /etc/signaling/server.conf
+command=nextcloud-spreed-signaling -config /etc/signaling.conf

Containers/watchtower/Dockerfile

@@ -1,14 +1,12 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
 FROM containrrr/watchtower:1.5.3 as watchtower
 
-FROM alpine:3.17.2
+FROM alpine:3.17.3
 
 RUN apk add --no-cache bash
-COPY --from=watchtower /watchtower /
+COPY --from=watchtower /watchtower /watchtower
 
-COPY start.sh /
-RUN chmod +x /start.sh
+COPY --chmod=775 start.sh /start.sh
 
-USER root
 ENTRYPOINT ["/start.sh"]
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

app/appinfo/info.xml

@@ -2,9 +2,9 @@
 <info xmlns:xsi= "http://www.w3.org/2001/XMLSchema-instance"
 	  xsi:noNamespaceSchemaLocation="https://apps.nextcloud.com/schema/apps/info.xsd">
 	<id>nextcloud-aio</id>
-	<name>Nextcloud All In One</name>
+	<name>Nextcloud All-in-One</name>
 	<summary>Provides a login link for admins.</summary>
-	<description>Add a link to the admin settings that gives access to the Nextcloud All In One admin interface</description>
+	<description>Add a link to the admin settings that gives access to the Nextcloud All-in-One admin interface</description>
 	<version>0.3.0</version>
 	<licence>agpl</licence>
 	<author>Azul</author>

app/templates/admin.php

@@ -10,6 +10,7 @@ declare(strict_types=1);
  */
 	/** @var array $_ */ ?>
 <div id="allinone" class="section">
-	<h2><?php p($l->t('Nextcloud All In One'));?></h2>
-	<a href="<?php p($_['AIOLoginUrl']);?>" class="button" target="_blank" rel="noopener">Open Nextcloud AIO Interface ↗</a>
+	<h2><?php p($l->t('Nextcloud All-in-One'));?></h2>
+	<a href="<?php p($_['AIOLoginUrl']);?>" class="button" target="_blank" rel="noopener">Open Nextcloud AIO Interface ↗</a><br><br>
+	<p><a href="https://github.com/nextcloud/all-in-one#how-to-easily-log-in-to-the-aio-interface">Click here for more infos on this feature (e.g. also on how to change the link in the button)</a></p>
 </div>

develop.md

@@ -22,6 +22,8 @@ Simply use https://github.com/nextcloud/all-in-one/issues/180 as template.
 Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/repo-sync.yml and run the workflow that will first sync the repo and then build new container that automatically get published to `develop` and `develop-arm64`.
 
 ## How to test things correctly?
+Before testing, make sure that at least the amd64 containers are built successfully by checking the last workflow here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/build_images.yml. 
+
 There is a testing-VM available for the maintainer of AIO that allows for some final testing before releasing new version. See [this](https://cloud.nextcloud.com/apps/collectives/Nextcloud%20Handbook/Technical/AIO%20testing%20VM?fileId=6350152) for details.
 
 ## How to promote builds from develop to beta

docker-compose.yml

@@ -2,26 +2,25 @@ version: "3.8"
 
 volumes:
   nextcloud_aio_mastercontainer:
-    name: nextcloud_aio_mastercontainer # This line is not allowed to be changed
+    name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
 
 services:
   nextcloud:
     image: nextcloud/all-in-one:latest
     restart: always
-    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed
+    container_name: nextcloud-aio-mastercontainer # This line is not allowed to be changed as otherwise AIO will not work correctly
     volumes:
-      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed
-      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'DOCKER_SOCKET_PATH'!
+      - nextcloud_aio_mastercontainer:/mnt/docker-aio-config # This line is not allowed to be changed as otherwise the built-in backup solution will not work
+      - /var/run/docker.sock:/var/run/docker.sock:ro # May be changed on macOS, Windows or docker rootless. See the applicable documentation. If adjusting, don't forget to also set 'WATCHTOWER_DOCKER_SOCKET_PATH'!
     ports:
       - 80:80 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       - 8080:8080
       - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
     # environment: # Is needed when using any of the options below
+      # - AIO_DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface.
       # - APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
-      # - DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
-      # - DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface.
       # - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
       # - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
       # - NEXTCLOUD_UPLOAD_LIMIT=10G # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud
@@ -33,6 +32,9 @@ services:
       # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container which is needed for hardware-transcoding. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
       # - TALK_PORT=3478 # This allows to adjust the port that the talk container is using.
+      # - WATCHTOWER_DOCKER_SOCKET_PATH=/var/run/docker.sock # Needs to be specified if the docker socket on the host is not located in the default '/var/run/docker.sock'. Otherwise mastercontainer updates will fail. For macos it needs to be '/var/run/docker.sock'
+    # networks: # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
+      # - nextcloud-aio # Is needed when you want to create the nextcloud-aio network with ipv6-support using this file, see the network config at the bottom of the file
 
   # # Optional: Caddy reverse proxy. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
   # # You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
@@ -47,3 +49,16 @@ services:
   #     - ./data:/data
   #     - ./sites:/srv
   #   network_mode: "host"
+
+# # Optional: If you need ipv6, follow step 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md first and then uncomment the below config in order to activate ipv6 for the internal nextcloud-aio network.
+# # Please make sure to uncomment also the networking lines of the mastercontainer above in order to actually create the network with docker-compose
+# # Inspired by https://github.com/mailcow/mailcow-dockerized/blob/master/docker-compose.yml
+# networks:
+#   nextcloud-aio:
+#     name: nextcloud-aio # This line is not allowed to be changed as otherwise the created network will not be used by the other containers of AIO
+#     driver: bridge
+#     enable_ipv6: true
+#     ipam:
+#       driver: default
+#       config:
+#         - subnet: fd12:3456:789a:2::/64 # IPv6 subnet to use

docker-ipv6-support.md

@@ -0,0 +1,43 @@
+# IPv6-Support for Docker
+
+Before you can use IPv6 in Docker containers or swarm services, you need to enable IPv6 support in the Docker daemon. Afterward, you can choose to use either IPv4 or IPv6 (or both) with any container, service, or network.
+
+## Docker on Linux and Docker-rootless
+1.  Edit `/etc/docker/daemon.json` (or `~/.config/docker/daemon.json` in case of docker-rootless), set the `ipv6` key to `true` and the `fixed-cidr-v6` key to your IPv6 subnet. In this example we are setting it to `fd12:3456:789a:1::/64`. Additionally set `experimental` to `true` and `ip6tables` to `true` as well. If you are using mailcow and enabled IPv6 with the update.sh, you can keep their daemon.json, it will work too.
+
+    ```json
+    {
+      "ipv6": true,
+      "fixed-cidr-v6": "fd12:3456:789a:1::/64",
+      "experimental": true,
+      "ip6tables": true
+    }
+    ```
+
+    Save the file.
+
+2.  Reload the Docker configuration file.
+
+    ```console
+    sudo systemctl restart docker
+    ```
+3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `sudo docker network inspect nextcloud-aio | grep EnableIPv6`. On a new instance, this command should return that it did not find a network with this name. Then you can run `sudo docker network create --subnet="fd12:3456:789a:2::/64" --driver bridge --ipv6 nextcloud-aio` in order to create the network with ipv6-support. However if it finds the network and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
+
+## Docker Desktop (Windows and macOS)
+On Windows and macOS which use Docker Desktop, you need to go into the settings, and select `Docker Engine`. There you should see the currently used daemon.json file. 
+
+1. You need to now adjust this json file by setting the `ipv6` key to `true` and the `fixed-cidr-v6` key to your IPv6 subnet. In this example we are setting it to `fd12:3456:789a:1::/64`. Additionally set `experimental` to `true` and `ip6tables` to `true` as well.
+
+    ```
+    "ipv6": true,
+    "fixed-cidr-v6": "fd12:3456:789a:1::/64",
+    "experimental": true,
+    "ip6tables": true
+    ```
+
+2. Add these values to the json and make sure to keep the other currently values and that you don't see `Unexpected token in JSON at position ...` before attempting to restart by clicking on `Apply & restart`.
+3. Make sure that ipv6 is enabled for the internal `nextcloud-aio` network by running `docker network inspect nextcloud-aio`. On a new instance, this command should return that it did not find a network with this name. Then you can run `docker network create --subnet="fd12:3456:789a:2::/64" --driver bridge --ipv6 nextcloud-aio` in order to create the network with ipv6-support. However if it finds the network and its value `EnableIPv6` is set to false, make sure to follow https://github.com/nextcloud/all-in-one/discussions/2045 in order to recreate the network and enable ipv6 for it.
+
+---
+
+**Note**: This is a copy of the original docker docs at https://docs.docker.com/config/daemon/ipv6/ which apparently are not correct. However experimental is set to true which the ip6tables feature needs. Thus it will not get included into the official docs. However it is needed to make it work in our testing.

docker-rootless.md

@@ -4,11 +4,11 @@ You can run AIO with docker rootless by following the steps below.
 
 0. If docker is already installed, you should consider disabling it first: (`sudo systemctl disable --now docker.service docker.socket`)
 1. Install docker rootless by following the official documentation: https://docs.docker.com/engine/security/rootless/#install. The easiest way is installing it **Without packages** (`curl -fsSL https://get.docker.com/rootless | sh`). Further limitations, distribution specific hints, etc. are discussed on the same site. Also do not forget to enable the systemd service, which may not be enabled always by default. See https://docs.docker.com/engine/security/rootless/#usage. (`systemctl --user enable docker`)
-1. If you need ipv6 support, you should enable it by following https://docs.docker.com/config/daemon/ipv6/. The daemon.json file is most likely stored in `~/.config/docker/daemon.json`.
+1. If you need ipv6 support, you should enable it by following https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md.
 1. Do not forget to set the mentioned environmental variables and in best case add them to your `~/.bashrc` file as shown!
 1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
 1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`)
-1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `-e DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly).
+1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly).
 1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or docker-compose file (after installing docker rootles) are things that are mentioned in point 3.
 
 **Please note:** All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 

helm-chart/Chart.yaml

@@ -1,9 +0,0 @@
-name: Nextcloud AIO Helm Chart
-description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 4.5.0
-apiVersion: v2
-keywords:
-  - latest
-sources:
-  - https://github.com/nextcloud/all-in-one/tree/main/helm-chart
-home: https://github.com/nextcloud/all-in-one/tree/main/helm-chart

helm-chart/readme.md

@@ -1,3 +0,0 @@
-# You can also install the AIO containers on Kubernetes using this Helm Chart
-
-This is currently beta and not ready yet.

local-instance.md

@@ -5,7 +5,7 @@ It is possible due to several reasons that you do not want or cannot open Nextcl
 The recommended way is the following:
 1. Set up your domain correctly to point to your home network
 1. Set up a reverse proxy by following the [reverse proxy documentation](./reverse-proxy.md) but only open port 80 (which is needed for the ACME challenge to work - however no real traffic will use this port).
-1. Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the local ip-address of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally)
+1. Set up a local DNS-server like a pi-hole and configure it to be your local DNS-server for the whole network. Then in the Pi-hole interface, add a custom DNS-record for your domain and overwrite the A-record (and possibly the AAAA-record, too) to point to the private ip-address of your reverse proxy (see https://github.com/nextcloud/all-in-one#how-can-i-access-nextcloud-locally)
 1. Enter the the ip-address of your local dns-server in the deamon.json file for docker so that you are sure that all docker containers use the correct local dns-server.
 1. Now, entering the domain in the AIO-interface should work as expected and should allow you to continue with the setup
 

manual-install/latest.yml

@@ -44,6 +44,7 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
+    shm_size: 268435456
 
   nextcloud-aio-nextcloud:
     depends_on:
@@ -101,6 +102,7 @@ services:
       - STARTUP_APPS=${NEXTCLOUD_STARTUP_APPS}
       - ADDITIONAL_APKS=${NEXTCLOUD_ADDITIONAL_APKS}
       - ADDITIONAL_PHP_EXTENSIONS=${NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS}
+      - INSTALL_LATEST_MAJOR=${INSTALL_LATEST_MAJOR}
     restart: unless-stopped
     networks:
       - nextcloud-aio
@@ -125,10 +127,11 @@ services:
       - "9980"
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY} --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY} --o:remote_font_config.url=https://${NC_DOMAIN}/apps/richdocuments/settings/fonts.json
       - dictionaries=${COLLABORA_DICTIONARIES}
       - TZ=${TIMEZONE}
       - server_name=${NC_DOMAIN}
+      - DONT_GEN_SSL_CERT=1
     volumes:
       - nextcloud_aio_collabora_fonts:/opt/cool/systemplate/tmpfonts:rw
     restart: unless-stopped
@@ -193,6 +196,8 @@ services:
     restart: unless-stopped
     networks:
       - nextcloud-aio
+    cap_add:
+      - SYS_NICE
 
   nextcloud-aio-fulltextsearch:
     profiles: ["fulltextsearch"]

manual-install/readme.md

@@ -11,7 +11,7 @@ You can run the containers that are build for AIO with docker-compose. This come
 - You lose the AIO interface
 - You lose update notifications and automatic updates
 - You lose all AIO backup and restore features
-- You need to know what you are doing, especially when modifying the docker-compose file
+- **You need to know what you are doing, especially when modifying the docker-compose file**
 - For updating, you need to strictly follow the at the bottom described update routine
 - Probably more
 
@@ -37,7 +37,7 @@ Since the AIO containers may change in the future, it is highly recommended to s
 1. If your previous copy of `sample.conf` is named `my.conf`, run `mv my.conf .env` in order to rename the file to `.env`.
 1. Run `sudo docker-compose down` to stop all running containers
 1. Back up all important files and folders
-1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `docker-compose.yml` file up-to-date with the updated one from the repository. You can use `diff docker-compose.yml latest.yml` for comparing.
+1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `docker-compose.yml` file up-to-date with the updated one from the repository. You can use `diff docker-compose.yml latest.yml` for comparing. ⚠️ **Please note**: Starting with AIO v5.1.0, ipv6 networking will be enabled by default, so make sure to either enable it first by following steps 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md and then proceed with the steps below or disable ipv6 networking by editing the docker-compose file and removing ipv6 from the network.
 1. Also have a look at the `sample.conf` if any variable was added or renamed and add that to your conf file as well. Here may help the diff command as well.
 1. After the file update was successful, simply run `sudo docker-compose pull` to pull the new images.
 1. At the end run `sudo docker-compose up` in order to start and update the containers with the new configuration.

manual-install/sample.conf

@@ -10,6 +10,7 @@ COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value
 DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
 FULLTEXTSEARCH_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 IMAGINARY_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+INSTALL_LATEST_MAJOR=no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation
 NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
 NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.

manual-install/update-yaml.sh

@@ -71,7 +71,6 @@ sed -i 's|APACHE_MAX_SIZE=|APACHE_MAX_SIZE=10737418240          # This needs to
 sed -i 's|NEXTCLOUD_MAX_TIME=|NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container|' sample.conf
 sed -i 's|NEXTCLOUD_TRUSTED_CACERTS_DIR=|NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.|' sample.conf
 sed -i 's|UPDATE_NEXTCLOUD_APPS=|UPDATE_NEXTCLOUD_APPS="no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.|' sample.conf
-sed -i 's|SKIP_DATA_DIRECTORY_PERMISSION_CHECK=|SKIP_DATA_DIRECTORY_PERMISSION_CHECK="no"          # When setting to "yes" (with quotes), it will skip the datadir permission check upon the initial Nextcloud installation.|' sample.conf
 sed -i 's|APACHE_PORT=|APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).|' sample.conf
 sed -i 's|APACHE_IP_BINDING=|APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else) and if that is running on the same host and using localhost to connect|' sample.conf
 sed -i 's|TALK_PORT=|TALK_PORT=3478          # This allows to adjust the port that the talk container is using.|' sample.conf
@@ -84,7 +83,9 @@ sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccom
 sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
+sed -i 's|INSTALL_LATEST_MAJOR=|INSTALL_LATEST_MAJOR=no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
+echo 'IPV6_NETWORK=fd12:3456:789a:2::/64 # IPv6 subnet to use' >> sample.conf
 
 cat sample.conf
 
@@ -128,8 +129,16 @@ done
 
 cat << NETWORK >> containers.yml
 
+# Inspired by https://github.com/mailcow/mailcow-dockerized/blob/master/docker-compose.yml
 networks:
   nextcloud-aio:
+    name: nextcloud-aio
+    driver: bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: \${IPV6_NETWORK}
 NETWORK
 
 cat containers.yml > latest.yml

multiple-instances.md

@@ -8,12 +8,12 @@ Below is described more in detail how the the second way works.
 ## Run multiple AIO instances on the same server with docker rootless
 1. Create as many linux users as you need first. The easiest way is to use `sudo adduser` and follow the setup for that. Make sure to create a strong unique password for each of them and write it down!
 1. Log in as each of the users e.g. by opening a new SSH connection and install docker rootless for each of them by following step 0-4 of the [docker rootless documentation](./docker-rootless.md).
-1. Then install AIO in reverse proxy mode by using the command that is descriebed in step 2 and 3 of the [reverse proxy documentation](./reverse-proxy.md) but use a different `APACHE_PORT` and [`TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each instance as otherwise it will bug out. Also make sure to adjust the docker socket and `DOCKER_SOCKET_PATH` correctly for each of them by following step 6 of the [docker rootless documentation](./docker-rootless.md). Additionally, modify `--publish 8080:8080` to a different port for each container, e.g. `8081:8080` as otherwise it will not work.<br>
+1. Then install AIO in reverse proxy mode by using the command that is descriebed in step 2 and 3 of the [reverse proxy documentation](./reverse-proxy.md) but use a different `APACHE_PORT` and [`TALK_PORT`](https://github.com/nextcloud/all-in-one#how-to-adjust-the-talk-port) for each instance as otherwise it will bug out. Also make sure to adjust the docker socket and `WATCHTOWER_DOCKER_SOCKET_PATH` correctly for each of them by following step 6 of the [docker rootless documentation](./docker-rootless.md). Additionally, modify `--publish 8080:8080` to a different port for each container, e.g. `8081:8080` as otherwise it will not work.<br>
 **⚠️ Please note:** If you want to adjust the `NEXTCLOUD_DATADIR`, make sure to apply the correct permissions to the chosen path as documented at the bottom of the [docker rootless documentation](./docker-rootless.md). Also for the built-in backup to work, the target path needs to have the correct permissions as documented there, too.
 1. Now install your webserver of choice on the host system. It is recommended to use caddy for this as it is by far the easiest solution. You can do so by following https://caddyserver.com/docs/install#debian-ubuntu-raspbian or below. (It needs to be installed directly on the host or on a different server in the same network).
 1. Next create your Caddyfile with multiple entries and domains for the different instances like described in step 1 of the [reverse proxy documentation](./reverse-proxy.md). Obviously each domain needs to point correctly to the chosen `APACHE_PORT` that you've configured before. Then start Caddy which should automatically get the needed certificates for you if your domains are configured correctly and ports 80 and 443 are forwarded to your server.
 1. Now open each of the AIO interfaces by opening `https://ip.address.of.this.server:8080` or e.g. `https://ip.address.of.this.server:8081` or as chosen during step 3 of this documentation. 
 1. Finally type in the domain that you've configured for each of the instances during step 5 of this documentation and you are done.
-1. Please also do not forget to open each chosen `TALK_PORT` UPD and TCP in your firewall/router as otherwise Talk will not work correctly!
+1. Please also do not forget to open/forward each chosen `TALK_PORT` UPD and TCP in your firewall/router as otherwise Talk will not work correctly!
 
 Now everything should be set up correctly and you should have created multiple working instances of AIO on the same server!

nextcloud-aio-helm-chart/Chart.yaml

@@ -0,0 +1,13 @@
+name: nextcloud-aio-helm-chart
+description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
+version: 5.0.0
+apiVersion: v2
+keywords:
+  - latest
+  - nextcloud
+  - helm-chart
+  - open-source
+  - cloud
+sources:
+  - https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart
+home: https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart

nextcloud-aio-helm-chart/readme.md

@@ -0,0 +1,37 @@
+# Nextcloud AIO Helm-chart
+
+You can run the containers that are build for AIO with Kubernetes using this Helm chart. This comes with a few downsides, that are discussed below.
+
+### Advantages
+- You can run it without a container having access to the docker socket
+- You can run the containers with Kubernetes
+
+### Disadvantages
+- You lose the AIO interface
+- You lose update notifications and automatic updates
+- You lose all AIO backup and restore features
+- **You need to know what you are doing**
+- For updating, you need to strictly follow the at the bottom described update routine
+- You need to monitor yourself if the volumes have enough free space and increase them if they don't by adjusting their size in values.yaml
+- Probably more
+
+## How to use this?
+
+First download this file: https://raw.githubusercontent.com/nextcloud/all-in-one/main/nextcloud-aio-helm-chart/values.yaml and adjust at least all values marked with `# TODO!`
+
+Then run:
+
+```
+helm repo add nextcloud-aio https://nextcloud.github.io/all-in-one/
+helm install my-release nextcloud-aio/nextcloud-aio-helm-chart -f values.yaml
+```
+
+And after a while, everything should be set up.
+
+## How to update?
+Since the values of this helm chart may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade it.
+1. Stop all running pods
+1. Back up all volumes that got created by the Helm chart and the values.yaml file
+1. Run `helm repo update nextcloud-aio` in order to get the updated yaml files from the repository
+1. Now download the updated values.yaml file from https://raw.githubusercontent.com/nextcloud/all-in-one/main/nextcloud-aio-helm-chart/values.yaml and compare that with the one that you currently have locally. Look for variables that changed or got added. You can use the diff command to compare them.
+1. After the file update was successful, simply run `helm install my-release nextcloud-aio/nextcloud-aio-helm-chart -f values.yaml` to update to the new version.

nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml

@@ -54,7 +54,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230302_085724-latest
+          image: nextcloud/aio-apache:20230501_090621-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml

@@ -38,7 +38,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230302_085724-latest
+          image: nextcloud/aio-clamav:20230501_090621-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310

nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml

@@ -41,10 +41,10 @@ spec:
             - name: dictionaries
               value: "{{ .Values.COLLABORA_DICTIONARIES }}"
             - name: extra_params
-              value: --o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
+              value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230302_085724-latest
+          image: nextcloud/aio-collabora:20230501_090621-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980

nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml

@@ -46,7 +46,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230302_085724-latest
+          image: nextcloud/aio-postgresql:20230501_090621-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432

nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml

@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20230302_085724-latest
+          image: nextcloud/aio-fulltextsearch:20230501_090621-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200

nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml

@@ -26,8 +26,12 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230302_085724-latest
+          image: nextcloud/aio-imaginary:20230501_090621-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000
+          securityContext:
+            capabilities:
+              add:
+                - SYS_NICE
 {{- end }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml

@@ -64,6 +64,8 @@ spec:
               value: "{{ .Values.IMAGINARY_ENABLED }}"
             - name: IMAGINARY_HOST
               value: nextcloud-aio-imaginary
+            - name: INSTALL_LATEST_MAJOR
+              value: "{{ .Values.INSTALL_LATEST_MAJOR }}"
             - name: NC_DOMAIN
               value: "{{ .Values.NC_DOMAIN }}"
             - name: NEXTCLOUD_DATA_DIR
@@ -112,7 +114,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230302_085724-latest
+          image: nextcloud/aio-nextcloud:20230501_090621-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000

nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml

@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230302_085724-latest
+          image: nextcloud/aio-onlyoffice:20230501_090621-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80

nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml

@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230302_085724-latest
+          image: nextcloud/aio-redis:20230501_090621-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml

@@ -34,7 +34,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230302_085724-latest
+          image: nextcloud/aio-talk:20230501_090621-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}

nextcloud-aio-helm-chart/update-helm.sh

@@ -2,6 +2,9 @@
 
 DOCKER_TAG="$1"
 
+# The logic needs the files in ./helm-chart
+mv ./nextcloud-aio-helm-chart ./helm-chart
+
 # Clean
 rm -f ./helm-chart/values.yaml
 rm -rf ./helm-chart/templates
@@ -53,11 +56,19 @@ cat << EOL > /tmp/initcontainers
 EOL
 cat << EOL > /tmp/initcontainers.database
       initContainers:
+        - init-subpath
+          image: alpine
+          command:
+            - mkdir
+            - "-p"
+            - /nextcloud-aio-database/data
+          volumeMountsInitContainer:
         - name: init-volumes
           image: alpine
           command:
             - chown
             - 999:999
+            - "-R"
           volumeMountsInitContainer:
 EOL
 # shellcheck disable=SC1083
@@ -77,6 +88,11 @@ for variable in "${DEPLOYMENTS[@]}"; do
             if [ "$volumeName" != "nextcloud-aio-nextcloud-data" ]; then
                 sed -i "/^.*volumeMountsInitContainer:/i\ \ \ \ \ \ \ \ \ \ \ \ - /$volumeName" "$variable"
                 sed -i "/volumeMountsInitContainer:/a\ \ \ \ \ \ \ \ \ \ \ \ - name: $volumeName\n\ \ \ \ \ \ \ \ \ \ \ \ \ \ mountPath: /$volumeName" "$variable"
+                # Workaround for the database volume
+                if [ "$volumeName" = nextcloud-aio-database ]; then
+                    sed -i "/mountPath: \/var\/lib\/postgresql\/data/a\ \ \ \ \ \ \ \ \ \ \ \ \ \ subPath: data" "$variable"
+                fi
+                
             fi
         done
         sed -i "s|volumeMountsInitContainer|volumeMounts|" "$variable"
@@ -174,6 +190,7 @@ sed -i '/^NEXTCLOUD_MOUNT/d' /tmp/sample.conf
 sed -i '/_ENABLED.*/s/ yes / "yes" /' /tmp/sample.conf
 sed -i '/_ENABLED.*/s/ no / "no" /' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf
+sed -i 's|10737418240|"10737418240"|' /tmp/sample.conf
 # shellcheck disable=SC2129
 echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf
 for variable in "${VOLUME_VARIABLE[@]}"; do
@@ -199,4 +216,9 @@ done
 
 chmod 777 -R ./
 
+# Seems like the dir needs to match the name of the chart
+cd ../
+rm -rf ./nextcloud-aio-helm-chart
+mv ./helm-chart ./nextcloud-aio-helm-chart
+
 set +ex

nextcloud-aio-helm-chart/values.yaml

@@ -1,6 +1,6 @@
 AIO_TOKEN: 123456          # Has no function but needs to be set!
 AIO_URL: localhost          # Has no function but needs to be set!
-APACHE_MAX_SIZE: 10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
+APACHE_MAX_SIZE: "10737418240"          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).
 CLAMAV_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_DICTIONARIES: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
@@ -9,6 +9,7 @@ COLLABORA_SECCOMP_POLICY: --o:security.seccomp=true          # Changing the valu
 DATABASE_PASSWORD:           # TODO! This needs to be a unique and good password!
 FULLTEXTSEARCH_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 IMAGINARY_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+INSTALL_LATEST_MAJOR: no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation
 NC_DOMAIN: yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_ADDITIONAL_APKS: imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
 NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.

php/composer.lock

@@ -8,22 +8,22 @@
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
-            "version": "7.5.0",
+            "version": "7.5.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "b50a2a1251152e43f6a37f0fa053e730a67d25ba"
+                "reference": "b964ca597e86b752cd994f27293e9fa6b6a95ed9"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b50a2a1251152e43f6a37f0fa053e730a67d25ba",
-                "reference": "b50a2a1251152e43f6a37f0fa053e730a67d25ba",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/b964ca597e86b752cd994f27293e9fa6b6a95ed9",
+                "reference": "b964ca597e86b752cd994f27293e9fa6b6a95ed9",
                 "shasum": ""
             },
             "require": {
                 "ext-json": "*",
                 "guzzlehttp/promises": "^1.5",
-                "guzzlehttp/psr7": "^1.9 || ^2.4",
+                "guzzlehttp/psr7": "^1.9.1 || ^2.4.5",
                 "php": "^7.2.5 || ^8.0",
                 "psr/http-client": "^1.0",
                 "symfony/deprecation-contracts": "^2.2 || ^3.0"
@@ -116,7 +116,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.5.0"
+                "source": "https://github.com/guzzle/guzzle/tree/7.5.1"
             },
             "funding": [
                 {
@@ -132,7 +132,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-08-28T15:39:27+00:00"
+            "time": "2023-04-17T16:30:08+00:00"
         },
         {
             "name": "guzzlehttp/promises",
@@ -220,22 +220,22 @@
         },
         {
             "name": "guzzlehttp/psr7",
-            "version": "2.4.3",
+            "version": "2.5.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/psr7.git",
-                "reference": "67c26b443f348a51926030c83481b85718457d3d"
+                "reference": "b635f279edd83fc275f822a1188157ffea568ff6"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/psr7/zipball/67c26b443f348a51926030c83481b85718457d3d",
-                "reference": "67c26b443f348a51926030c83481b85718457d3d",
+                "url": "https://api.github.com/repos/guzzle/psr7/zipball/b635f279edd83fc275f822a1188157ffea568ff6",
+                "reference": "b635f279edd83fc275f822a1188157ffea568ff6",
                 "shasum": ""
             },
             "require": {
                 "php": "^7.2.5 || ^8.0",
                 "psr/http-factory": "^1.0",
-                "psr/http-message": "^1.0",
+                "psr/http-message": "^1.1 || ^2.0",
                 "ralouphie/getallheaders": "^3.0"
             },
             "provide": {
@@ -255,9 +255,6 @@
                 "bamarni-bin": {
                     "bin-links": true,
                     "forward-command": false
-                },
-                "branch-alias": {
-                    "dev-master": "2.4-dev"
                 }
             },
             "autoload": {
@@ -319,7 +316,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/psr7/issues",
-                "source": "https://github.com/guzzle/psr7/tree/2.4.3"
+                "source": "https://github.com/guzzle/psr7/tree/2.5.0"
             },
             "funding": [
                 {
@@ -335,7 +332,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-10-26T14:07:24+00:00"
+            "time": "2023-04-17T16:11:26+00:00"
         },
         {
             "name": "http-interop/http-factory-guzzle",
@@ -729,21 +726,21 @@
         },
         {
             "name": "psr/http-client",
-            "version": "1.0.1",
+            "version": "1.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/http-client.git",
-                "reference": "2dfb5f6c5eff0e91e20e913f8c5452ed95b86621"
+                "reference": "0955afe48220520692d2d09f7ab7e0f93ffd6a31"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/http-client/zipball/2dfb5f6c5eff0e91e20e913f8c5452ed95b86621",
-                "reference": "2dfb5f6c5eff0e91e20e913f8c5452ed95b86621",
+                "url": "https://api.github.com/repos/php-fig/http-client/zipball/0955afe48220520692d2d09f7ab7e0f93ffd6a31",
+                "reference": "0955afe48220520692d2d09f7ab7e0f93ffd6a31",
                 "shasum": ""
             },
             "require": {
                 "php": "^7.0 || ^8.0",
-                "psr/http-message": "^1.0"
+                "psr/http-message": "^1.0 || ^2.0"
             },
             "type": "library",
             "extra": {
@@ -763,7 +760,7 @@
             "authors": [
                 {
                     "name": "PHP-FIG",
-                    "homepage": "http://www.php-fig.org/"
+                    "homepage": "https://www.php-fig.org/"
                 }
             ],
             "description": "Common interface for HTTP clients",
@@ -775,27 +772,27 @@
                 "psr-18"
             ],
             "support": {
-                "source": "https://github.com/php-fig/http-client/tree/master"
+                "source": "https://github.com/php-fig/http-client/tree/1.0.2"
             },
-            "time": "2020-06-29T06:28:15+00:00"
+            "time": "2023-04-10T20:12:12+00:00"
         },
         {
             "name": "psr/http-factory",
-            "version": "1.0.1",
+            "version": "1.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/http-factory.git",
-                "reference": "12ac7fcd07e5b077433f5f2bee95b3a771bf61be"
+                "reference": "e616d01114759c4c489f93b099585439f795fe35"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/http-factory/zipball/12ac7fcd07e5b077433f5f2bee95b3a771bf61be",
-                "reference": "12ac7fcd07e5b077433f5f2bee95b3a771bf61be",
+                "url": "https://api.github.com/repos/php-fig/http-factory/zipball/e616d01114759c4c489f93b099585439f795fe35",
+                "reference": "e616d01114759c4c489f93b099585439f795fe35",
                 "shasum": ""
             },
             "require": {
                 "php": ">=7.0.0",
-                "psr/http-message": "^1.0"
+                "psr/http-message": "^1.0 || ^2.0"
             },
             "type": "library",
             "extra": {
@@ -815,7 +812,7 @@
             "authors": [
                 {
                     "name": "PHP-FIG",
-                    "homepage": "http://www.php-fig.org/"
+                    "homepage": "https://www.php-fig.org/"
                 }
             ],
             "description": "Common interfaces for PSR-7 HTTP message factories",
@@ -830,31 +827,31 @@
                 "response"
             ],
             "support": {
-                "source": "https://github.com/php-fig/http-factory/tree/master"
+                "source": "https://github.com/php-fig/http-factory/tree/1.0.2"
             },
-            "time": "2019-04-30T12:38:16+00:00"
+            "time": "2023-04-10T20:10:41+00:00"
         },
         {
             "name": "psr/http-message",
-            "version": "1.0.1",
+            "version": "1.1",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/http-message.git",
-                "reference": "f6561bf28d520154e4b0ec72be95418abe6d9363"
+                "reference": "cb6ce4845ce34a8ad9e68117c10ee90a29919eba"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/http-message/zipball/f6561bf28d520154e4b0ec72be95418abe6d9363",
-                "reference": "f6561bf28d520154e4b0ec72be95418abe6d9363",
+                "url": "https://api.github.com/repos/php-fig/http-message/zipball/cb6ce4845ce34a8ad9e68117c10ee90a29919eba",
+                "reference": "cb6ce4845ce34a8ad9e68117c10ee90a29919eba",
                 "shasum": ""
             },
             "require": {
-                "php": ">=5.3.0"
+                "php": "^7.2 || ^8.0"
             },
             "type": "library",
             "extra": {
                 "branch-alias": {
-                    "dev-master": "1.0.x-dev"
+                    "dev-master": "1.1.x-dev"
                 }
             },
             "autoload": {
@@ -883,27 +880,27 @@
                 "response"
             ],
             "support": {
-                "source": "https://github.com/php-fig/http-message/tree/master"
+                "source": "https://github.com/php-fig/http-message/tree/1.1"
             },
-            "time": "2016-08-06T14:39:51+00:00"
+            "time": "2023-04-04T09:50:52+00:00"
         },
         {
             "name": "psr/http-server-handler",
-            "version": "1.0.1",
+            "version": "1.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/http-server-handler.git",
-                "reference": "aff2f80e33b7f026ec96bb42f63242dc50ffcae7"
+                "reference": "84c4fb66179be4caaf8e97bd239203245302e7d4"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/http-server-handler/zipball/aff2f80e33b7f026ec96bb42f63242dc50ffcae7",
-                "reference": "aff2f80e33b7f026ec96bb42f63242dc50ffcae7",
+                "url": "https://api.github.com/repos/php-fig/http-server-handler/zipball/84c4fb66179be4caaf8e97bd239203245302e7d4",
+                "reference": "84c4fb66179be4caaf8e97bd239203245302e7d4",
                 "shasum": ""
             },
             "require": {
                 "php": ">=7.0",
-                "psr/http-message": "^1.0"
+                "psr/http-message": "^1.0 || ^2.0"
             },
             "type": "library",
             "extra": {
@@ -923,7 +920,7 @@
             "authors": [
                 {
                     "name": "PHP-FIG",
-                    "homepage": "http://www.php-fig.org/"
+                    "homepage": "https://www.php-fig.org/"
                 }
             ],
             "description": "Common interface for HTTP server-side request handler",
@@ -939,28 +936,27 @@
                 "server"
             ],
             "support": {
-                "issues": "https://github.com/php-fig/http-server-handler/issues",
-                "source": "https://github.com/php-fig/http-server-handler/tree/master"
+                "source": "https://github.com/php-fig/http-server-handler/tree/1.0.2"
             },
-            "time": "2018-10-30T16:46:14+00:00"
+            "time": "2023-04-10T20:06:20+00:00"
         },
         {
             "name": "psr/http-server-middleware",
-            "version": "1.0.1",
+            "version": "1.0.2",
             "source": {
                 "type": "git",
                 "url": "https://github.com/php-fig/http-server-middleware.git",
-                "reference": "2296f45510945530b9dceb8bcedb5cb84d40c5f5"
+                "reference": "c1481f747daaa6a0782775cd6a8c26a1bf4a3829"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/php-fig/http-server-middleware/zipball/2296f45510945530b9dceb8bcedb5cb84d40c5f5",
-                "reference": "2296f45510945530b9dceb8bcedb5cb84d40c5f5",
+                "url": "https://api.github.com/repos/php-fig/http-server-middleware/zipball/c1481f747daaa6a0782775cd6a8c26a1bf4a3829",
+                "reference": "c1481f747daaa6a0782775cd6a8c26a1bf4a3829",
                 "shasum": ""
             },
             "require": {
                 "php": ">=7.0",
-                "psr/http-message": "^1.0",
+                "psr/http-message": "^1.0 || ^2.0",
                 "psr/http-server-handler": "^1.0"
             },
             "type": "library",
@@ -981,7 +977,7 @@
             "authors": [
                 {
                     "name": "PHP-FIG",
-                    "homepage": "http://www.php-fig.org/"
+                    "homepage": "https://www.php-fig.org/"
                 }
             ],
             "description": "Common interface for HTTP server-side middleware",
@@ -997,9 +993,9 @@
             ],
             "support": {
                 "issues": "https://github.com/php-fig/http-server-middleware/issues",
-                "source": "https://github.com/php-fig/http-server-middleware/tree/master"
+                "source": "https://github.com/php-fig/http-server-middleware/tree/1.0.2"
             },
-            "time": "2018-10-30T17:12:04+00:00"
+            "time": "2023-04-11T06:14:47+00:00"
         },
         {
             "name": "psr/log",

php/containers-schema.json

@@ -13,40 +13,49 @@
 				"required": ["image", "container_name"],
 				"properties": {
 					"image": {
-						"type": "string"
+						"type": "string",
+						"minLength": 1
 					},
 					"expose": {
 						"type": "array",
 						"items": {
-							"type": "string"
+							"type": "string",
+							"pattern": "^([0-9]{1,5})$"
 						}
 					},
 					"cap_add": {
 						"type": "array",
 						"items": {
-							"type": "string"
+							"type": "string",
+							"pattern": "^[A-Z_]+$"
 						}
 					},
 					"depends_on": {
 						"type": "array",
 						"items": {
-							"type": "string"
+							"type": "string",
+							"pattern": "^nextcloud-aio-[a-z-]+$"
 						}
 					},
 					"display_name": {
-						"type": "string"
+						"type": "string",
+						"pattern": "^[A-Za-z ]+$"
 					},
 					"environment": {
 						"type": "array",
 						"items": {
-							"type": "string"
+							"type": "string",
+							"pattern": "^.*=.*$",
+							"minlength": 1
 						}
 					},
 					"container_name": {
-						"type": "string"
+						"type": "string",
+						"pattern": "^nextcloud-aio-[a-z-]+$"
 					},
 					"internal_port": {
-						"type": "string"
+						"type": "string",
+						"pattern": "^(([0-9]{1,5})|host|(%[A-Z_]+%))$"
 					},
 					"stop_grace_period": {
 						"type": "integer"
@@ -59,32 +68,44 @@
 							"minProperties": 3,
 							"properties": {
 								"ip_binding": {
-									"type": "string"
+									"type": "string",
+									"pattern": "^(%[A-Z_]+%)?$"
 								},
 								"port_number": {
-									"type": "string"
+									"type": "string",
+									"pattern": "^(%[A-Z_]+%)$"
 								},
 								"protocol": {
-									"type": "string"
+									"type": "string",
+									"pattern": "^(tcp|udp)$"
 								}
 							}
 						}
 					},
 					"restart": {
-						"type": "string"
+						"type": "string",
+						"pattern": "^unless-stopped$"
+					},
+					"shm_size": {
+						"type": "integer"
 					},
 					"secrets": {
 						"type": "array",
 						"items": {
-							"type": "string"
+							"type": "string",
+							"pattern": "^[A-Z_]+$"
 						}
 					},
 					"devices": {
 						"type": "array",
 						"items": {
-							"type": "string"
+							"type": "string",
+							"pattern": "^/dev/[a-z]+$"
 						}
 					},
+					"apparmor_unconfined": {
+						"type": "boolean"
+					},
 					"volumes": {
 						"type": "array",
 						"items": {
@@ -93,11 +114,12 @@
 							"minProperties": 3,
 							"properties": {
 								"destination": {
-									"type": "string"
+									"type": "string",
+									"pattern": "^((/[a-z_/.-]+)|(%[A-Z_]+%))$"
 								},
 								"source": {
-									"type": "string"
-								},
+									"type": "string",
+									"pattern": "^(([a-z_]+)|(%[A-Z_]+%))$"								},
 								"writeable": {
 									"type": "boolean"
 								}

php/containers.json

@@ -74,7 +74,8 @@
         "PGTZ=%TIMEZONE%"
       ],
       "stop_grace_period": 1800,
-      "restart": "unless-stopped"
+      "restart": "unless-stopped",
+      "shm_size": 268435456
     },
     {
       "container_name": "nextcloud-aio-nextcloud",
@@ -161,7 +162,7 @@
         "STARTUP_APPS=%NEXTCLOUD_STARTUP_APPS%",
         "ADDITIONAL_APKS=%NEXTCLOUD_ADDITIONAL_APKS%",
         "ADDITIONAL_PHP_EXTENSIONS=%NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS%",
-        "SKIP_DATA_DIRECTORY_PERMISSION_CHECK=%SKIP_DATA_DIRECTORY_PERMISSION_CHECK%"
+        "INSTALL_LATEST_MAJOR=%INSTALL_LATEST_MAJOR%"
       ],
       "restart": "unless-stopped",
       "devices": [
@@ -206,7 +207,8 @@
         "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json",
         "dictionaries=%COLLABORA_DICTIONARIES%",
         "TZ=%TIMEZONE%",
-        "server_name=%NC_DOMAIN%"
+        "server_name=%NC_DOMAIN%",
+        "DONT_GEN_SSL_CERT=1"
       ],
       "volumes": [
         {
@@ -259,7 +261,8 @@
         "SELECTED_RESTORE_TIME=%SELECTED_RESTORE_TIME%",
         "BACKUP_RESTORE_PASSWORD=%BACKUP_RESTORE_PASSWORD%",
         "ADDITIONAL_DIRECTORIES_BACKUP=%ADDITIONAL_DIRECTORIES_BACKUP%",
-        "BORGBACKUP_HOST_LOCATION=%BORGBACKUP_HOST_LOCATION%"
+        "BORGBACKUP_HOST_LOCATION=%BORGBACKUP_HOST_LOCATION%",
+        "BORG_HOST_ID=nextcloud-aio-borgbackup"
       ],
       "volumes": [
         {
@@ -321,7 +324,8 @@
       ],
       "cap_add": [
         "SYS_ADMIN"
-      ]
+      ],
+      "apparmor_unconfined": true
     },
     {
       "container_name": "nextcloud-aio-watchtower",
@@ -331,7 +335,7 @@
       ],
       "volumes": [
         {
-          "source": "%DOCKER_SOCKET_PATH%",
+          "source": "%WATCHTOWER_DOCKER_SOCKET_PATH%",
           "destination": "/var/run/docker.sock",
           "writeable": false
         }

php/psalm-baseline.xml

@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.7.7@e028ba46ba0d7f9a78bc3201c251e137383e145f"/>
+<files psalm-version="5.10.0@a5effd2d2dddd1a7ea7a0f6a051ce63ff979e356"/>

php/psalm.xml

@@ -6,6 +6,8 @@
 	xmlns="https://getpsalm.org/schema/config"
 	xsi:schemaLocation="https://getpsalm.org/schema/config"
     errorBaseline="psalm-baseline.xml"
+	findUnusedBaselineEntry="true"
+	findUnusedCode="false"
 >
 	<projectFiles>
 		<directory name="templates"/>

php/public/forms.js

@@ -20,8 +20,10 @@
     if (xhr.status === 201) {
       window.location.replace(xhr.getResponseHeader('Location'));
     } else if (xhr.status === 422) {
+      disableSpinner()
       showError(xhr.response);
     } else if (xhr.status === 500) {
+      disableSpinner()
       showError("Server error. Please check the mastercontainer logs for details.");
     } else {
       // If the responose is not one of the above, we should reload to show the latest content
@@ -29,16 +31,12 @@
     }
   }
 
-  function disable(element) {
+  function enableSpinner() {
     document.getElementById('overlay').classList.add('loading');
-    element.classList.add('loading');
-    element.disabled = true;
   }
 
-  function enable(element) {
+  function disableSpinner() {
     document.getElementById('overlay').classList.remove('loading');
-    element.classList.remove('loading');
-    element.disabled = false;
   }
 
   function initForm(form) {
@@ -50,11 +48,10 @@
       var xhr = new XMLHttpRequest();
       xhr.addEventListener('load', handleEvent);
       xhr.addEventListener('error', () => showError("Failed to talk to server."));
-      xhr.addEventListener('load', () => enable(event.submitter));
-      xhr.addEventListener('error', () => enable(event.submitter));
+      xhr.addEventListener('error', () => disableSpinner());
       xhr.open(form.method, form.getAttribute("action"));
       xhr.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
-      disable(event.submitter);
+      enableSpinner();
       xhr.send(new URLSearchParams(new FormData(form)));
       event.preventDefault();
     }

php/public/index.php

@@ -70,15 +70,18 @@ $app->post('/api/configuration', \AIO\Controller\ConfigurationController::class
 // Views
 $app->get('/containers', function (Request $request, Response $response, array $args) use ($container) {
     $view = Twig::fromRequest($request);
+    $view->addExtension(new \AIO\Twig\ClassExtension());
     /** @var \AIO\Data\ConfigurationManager $configurationManager */
     $configurationManager = $container->get(\AIO\Data\ConfigurationManager::class);
+    /** @var \AIO\Docker\DockerActionManager $dockerActionManger */
     $dockerActionManger = $container->get(\AIO\Docker\DockerActionManager::class);
-    $dockerActionManger->ConnectMasterContainerToNetwork();
+    /** @var \AIO\Controller\DockerController $dockerController */
     $dockerController = $container->get(\AIO\Controller\DockerController::class);
+    $dockerActionManger->ConnectMasterContainerToNetwork();
     $dockerController->StartDomaincheckContainer();
-    $view->addExtension(new \AIO\Twig\ClassExtension());
     return $view->render($response, 'containers.twig', [
         'domain' => $configurationManager->GetDomain(),
+        'apache_port' => $configurationManager->GetApachePort(),
         'borg_backup_host_location' => $configurationManager->GetBorgBackupHostLocation(),
         'nextcloud_password' => $configurationManager->GetAndGenerateSecret('NEXTCLOUD_PASSWORD'),
         'containers' => (new \AIO\ContainerDefinitionFetcher($container->get(\AIO\Data\ConfigurationManager::class), $container))->FetchDefinition(),
@@ -111,6 +114,12 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_imaginary_enabled' => $configurationManager->isImaginaryEnabled(),
         'is_fulltextsearch_enabled' => $configurationManager->isFulltextsearchEnabled(),
         'additional_backup_directories' => $configurationManager->GetAdditionalBackupDirectoriesString(),
+        'nextcloud_datadir' => $configurationManager->GetNextcloudDatadirMount(),
+        'nextcloud_mount' => $configurationManager->GetNextcloudMount(),
+        'nextcloud_upload_limit' => $configurationManager->GetNextcloudUploadLimit(),
+        'nextcloud_max_time' => $configurationManager->GetNextcloudMaxTime(),
+        'nextcloud_memory_limit' => $configurationManager->GetNextcloudMemoryLimit(),
+        'is_dri_device_enabled' => $configurationManager->isDriDeviceEnabled(),
     ]);
 })->setName('profile');
 $app->get('/login', function (Request $request, Response $response, array $args) use ($container) {
@@ -144,6 +153,7 @@ $app->get('/setup', function (Request $request, Response $response, array $args)
 
 // Auth Redirector
 $app->get('/', function (\Psr\Http\Message\RequestInterface $request, Response $response, array $args) use ($container) {
+    /** @var \AIO\Auth\AuthManager $authManager */
     $authManager = $container->get(\AIO\Auth\AuthManager::class);
 
     /** @var \AIO\Data\Setup $setup */

php/public/style.css

@@ -23,6 +23,11 @@ a {
     outline: none;
 }
 
+.button:focus {
+    color:black;
+    border: 2px solid black;
+}
+
 #logout {
     margin-top: 7px;
 }
@@ -144,7 +149,7 @@ input {
     padding: 20px;
     max-width: 100%;
     word-break: break-word;
-    max-width: 470px;
+    max-width: 500px;
     margin: 0 auto;
 }
 

php/src/Container/Container.php

@@ -25,6 +25,8 @@ class Container {
     private array $devices;
     /** @var string[] */
     private array $capAdd;
+    private int $shmSize;
+    private bool $apparmorUnconfined;
     private DockerActionManager $dockerActionManager;
 
     public function __construct(
@@ -41,6 +43,8 @@ class Container {
         array $secrets,
         array $devices,
         array $capAdd,
+        int $shmSize,
+        bool $apparmorUnconfined,
         DockerActionManager $dockerActionManager
     ) {
         $this->identifier = $identifier;
@@ -56,6 +60,8 @@ class Container {
         $this->secrets = $secrets;
         $this->devices = $devices;
         $this->capAdd = $capAdd;
+        $this->shmSize = $shmSize;
+        $this->apparmorUnconfined = $apparmorUnconfined;
         $this->dockerActionManager = $dockerActionManager;
     }
 
@@ -75,6 +81,14 @@ class Container {
         return $this->restartPolicy;
     }
 
+    public function GetShmSize() : int {
+        return $this->shmSize;
+    }
+
+    public function isApparmorUnconfined() : bool {
+        return $this->apparmorUnconfined;
+    }
+
     public function GetMaxShutdownTime() : int {
         return $this->maxShutdownTime;
     }

php/src/ContainerDefinitionFetcher.php

@@ -117,7 +117,7 @@ class ContainerDefinitionFetcher
                         if ($value['source'] === '') {
                             continue;
                         }
-                    } elseif ($value['source'] === '%DOCKER_SOCKET_PATH%') {
+                    } elseif ($value['source'] === '%WATCHTOWER_DOCKER_SOCKET_PATH%') {
                         $value['source'] = $this->configurationManager->GetDockerSocketPath();
                         if($value['source'] === '') {
                             continue;
@@ -218,6 +218,16 @@ class ContainerDefinitionFetcher
                 $capAdd = $entry['cap_add'];
             }
 
+            $shmSize = -1;
+            if (isset($entry['shm_size'])) {
+                $shmSize = $entry['shm_size'];
+            }
+
+            $apparmorUnconfined = false;
+            if (isset($entry['apparmor_unconfined'])) {
+                $apparmorUnconfined = $entry['apparmor_unconfined'];
+            }
+
             $containers[] = new Container(
                 $entry['container_name'],
                 $displayName,
@@ -232,6 +242,8 @@ class ContainerDefinitionFetcher
                 $secrets,
                 $devices,
                 $capAdd,
+                $shmSize,
+                $apparmorUnconfined,
                 $this->container->get(DockerActionManager::class)
             );
         }

php/src/Controller/DockerController.php

@@ -154,11 +154,19 @@ class DockerController
             $port = 443;
         }
 
+        if (isset($request->getParsedBody()['install_latest_major'])) {
+            $installLatestMajor = 26;
+        } else {
+            $installLatestMajor = "";
+        }
+
         $config = $this->configurationManager->GetConfig();
         // set AIO_URL
         $config['AIO_URL'] = $host . ':' . $port;
         // set wasStartButtonClicked
         $config['wasStartButtonClicked'] = 1;
+        // set install_latest_major
+        $config['install_latest_major'] = $installLatestMajor;
         $this->configurationManager->WriteConfig($config);
 
         // Start container

php/src/Controller/LoginController.php

@@ -21,15 +21,17 @@ class LoginController
 
     public function TryLogin(Request $request, Response $response, array $args) : Response {
         if (!$this->dockerActionManager->isLoginAllowed()) {
-            return $response->withHeader('Location', '/')->withStatus(302);
+            $response->getBody()->write("The login is blocked since Nextcloud is running.");
+            return $response->withHeader('Location', '/')->withStatus(422);
         }
         $password = $request->getParsedBody()['password'] ?? '';
         if($this->authManager->CheckCredentials($password)) {
             $this->authManager->SetAuthState(true);
-            return $response->withHeader('Location', '/')->withStatus(302);
+            return $response->withHeader('Location', '/')->withStatus(201);
         }
 
-        return $response->withHeader('Location', '/')->withStatus(302);
+        $response->getBody()->write("The password is false.");
+        return $response->withHeader('Location', '/')->withStatus(422);
     }
 
     public function GetTryLogin(Request $request, Response $response, array $args) : Response {

php/src/Data/ConfigurationManager.php

@@ -78,7 +78,10 @@ class ConfigurationManager
         }
 
         $lastBackupLines = explode("\n", $content);
-        $lastBackupLine = $lastBackupLines[sizeof($lastBackupLines) - 2];
+        $lastBackupLine = "";
+        if (count($lastBackupLines) >= 2) {
+            $lastBackupLine = $lastBackupLines[sizeof($lastBackupLines) - 2];
+        }
         if ($lastBackupLine === "") {
             return '';
         }
@@ -231,6 +234,21 @@ class ConfigurationManager
      * @throws InvalidSettingConfigurationException
      */
     public function SetDomain(string $domain) : void {
+        // Validate that at least one dot is contained
+        if (strpos($domain, '.') === false) {
+            throw new InvalidSettingConfigurationException("Domain must contain at least one dot!");
+        }
+
+        // Validate that no slashes are contained
+        if (strpos($domain, '/') !== false) {
+            throw new InvalidSettingConfigurationException("Domain must not contain slashes!");
+        }
+
+        // Validate that no colons are contained
+        if (strpos($domain, ':') !== false) {
+            throw new InvalidSettingConfigurationException("Domain must not contain colons!");
+        }
+
         // Validate domain
         if (!filter_var($domain, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME)) {
             throw new InvalidSettingConfigurationException("Domain is not a valid domain!");
@@ -265,11 +283,10 @@ class ConfigurationManager
             $port = $this->GetApachePort();
 
             if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
-                $errorMessage = "It seems like the ip-address is set to an internal or reserved ip-address. This is not supported. (It was found to be set to '" . $dnsRecordIP . "')";
                 if ($port === '443') {
-                    throw new InvalidSettingConfigurationException($errorMessage);
+                    throw new InvalidSettingConfigurationException("It seems like the ip-address is set to an internal or reserved ip-address. This is not supported. (It was found to be set to '" . $dnsRecordIP . "')");
                 } else {
-                    error_log($errorMessage);
+                    error_log("It seems like the ip-address of " . $domain . " is set to an internal or reserved ip-address. (It was found to be set to '" . $dnsRecordIP . "')");
                 }
             }
 
@@ -296,6 +313,8 @@ class ConfigurationManager
             $testUrl = $protocol . $domain . ':443';
             curl_setopt($ch, CURLOPT_URL, $testUrl);
             curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+            curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); 
+            curl_setopt($ch, CURLOPT_TIMEOUT, 10);
             $response = (string)curl_exec($ch);
             # Get rid of trailing \n
             $response = str_replace("\n", "", $response);
@@ -563,7 +582,7 @@ class ConfigurationManager
     }
 
     public function GetDockerSocketPath() : string {
-        $envVariableName = 'DOCKER_SOCKET_PATH';
+        $envVariableName = 'WATCHTOWER_DOCKER_SOCKET_PATH';
         $configName = 'docker_socket_path';
         $defaultValue = '/var/run/docker.sock';
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
@@ -661,7 +680,7 @@ class ConfigurationManager
             // Trim all unwanted chars on both sites
             $entry = trim($entry);
             if ($entry !== "") {
-                if (!preg_match("#^/[0-1a-zA-Z/-_]+$#", $entry) && !preg_match("#^[0-1a-zA-Z_-]+$#", $entry)) {
+                if (!preg_match("#^/[.0-1a-zA-Z/-_]+$#", $entry) && !preg_match("#^[.0-1a-zA-Z_-]+$#", $entry)) {
                     throw new InvalidSettingConfigurationException("You entered unallowed characters! Problematic is " . $entry);
                 }
                 $validDirectories .= rtrim($entry, '/') . PHP_EOL;
@@ -675,6 +694,14 @@ class ConfigurationManager
         }
     }
 
+    public function shouldLatestMajorGetInstalled() : bool {
+        $config = $this->GetConfig();
+        if(!isset($config['install_latest_major'])) {
+            $config['install_latest_major'] = '';
+        }
+        return $config['install_latest_major'] !== '';
+    }
+
     public function GetAdditionalBackupDirectoriesString() : string {
         if (!file_exists(DataConst::GetAdditionalBackupDirectoriesFile())) {
             return '';
@@ -736,14 +763,6 @@ class ConfigurationManager
         return false;
     }
 
-    public function shouldDataDirectoryPermissionCheckGetSkipped() : bool {
-        $datadir = $this->GetNextcloudDatadirMount();
-        if ($datadir === 'nextcloud_aio_nextcloud_datadir' || str_starts_with($datadir, '/run/desktop/mnt/host/')) {
-            return true;
-        }
-        return false;
-    }
-
     public function GetNextcloudStartupApps() : string {
         $apps = getenv('NEXTCLOUD_STARTUP_APPS');
         if (is_string($apps)) {
@@ -792,7 +811,7 @@ class ConfigurationManager
     }
 
     private function GetDisableBackupSection() : string {
-        $envVariableName = 'DISABLE_BACKUP_SECTION';
+        $envVariableName = 'AIO_DISABLE_BACKUP_SECTION';
         $configName = 'disable_backup_section';
         $defaultValue = '';
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);

php/src/Docker/DockerActionManager.php

@@ -132,7 +132,7 @@ class DockerActionManager
         }
         
         if ($internalPort !== "" && $internalPort !== 'host') {
-            $connection = @fsockopen($containerName, (int)$internalPort, $errno, $errstr, 0.1);
+            $connection = @fsockopen($containerName, (int)$internalPort, $errno, $errstr, 0.2);
             if ($connection) {
                 fclose($connection);
                 return new RunningState();
@@ -348,8 +348,8 @@ class DockerActionManager
                     $replacements[1] = $this->configurationManager->GetNextcloudAdditionalApks();
                 } elseif ($out[1] === 'NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS') {
                     $replacements[1] = $this->configurationManager->GetNextcloudAdditionalPhpExtensions();
-                } elseif ($out[1] === 'SKIP_DATA_DIRECTORY_PERMISSION_CHECK') {
-                    if ($this->configurationManager->shouldDataDirectoryPermissionCheckGetSkipped()) {
+                } elseif ($out[1] === 'INSTALL_LATEST_MAJOR') {
+                    if ($this->configurationManager->shouldLatestMajorGetInstalled()) {
                         $replacements[1] = 'yes';
                     } else {
                         $replacements[1] = '';
@@ -411,15 +411,22 @@ class DockerActionManager
             $requestBody['HostConfig']['Devices'] = $devices;
         }
 
+        $shmSize = $container->GetShmSize();
+        if ($shmSize > 0) {
+            $requestBody['HostConfig']['ShmSize'] = $shmSize;
+        }
+
         $capAdds = $container->GetCapAdds();
         if (count($capAdds) > 0) {
             $requestBody['HostConfig']['CapAdd'] = $capAdds;
         }
 
+        if ($container->isApparmorUnconfined()) {
+            $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
+        }
+
         // Special things for the backup container which should not be exposed in the containers.json
         if ($container->GetIdentifier() === 'nextcloud-aio-borgbackup') {
-            $requestBody['HostConfig']['SecurityOpt'] = ["apparmor:unconfined"];
-            
             // Additional backup directories
             $mounts = [];
             foreach ($this->configurationManager->GetAdditionalBackupDirectoriesArray() as $additionalBackupDirectories) {
@@ -483,6 +490,10 @@ class DockerActionManager
     }
 
     public function isAnyUpdateAvailable() : bool {
+        // return early if instance is not installed
+        if (!$this->configurationManager->wasStartButtonClicked()) {
+            return false;
+        }
         $id = 'nextcloud-aio-apache';
 
         if ($this->isContainerUpdateAvailable($id) !== "") {
@@ -672,10 +683,6 @@ class DockerActionManager
                         'CheckDuplicate' => true,
                         'Driver' => 'bridge',
                         'Internal' => false,
-                        'Options' => [
-                            'com.docker.network.bridge.enable_icc' => 'true',
-                            'com.docker.network.bridge.enable_ip_masquerade' => 'true'
-                        ]
                     ]
                 ]
             );

php/templates/containers.twig

@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v4.6.2</h1>
+        <h1>Nextcloud AIO v5.1.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>
@@ -26,6 +26,8 @@
         {% set isWatchtowerRunning = false %}
         {% set isBackupOrRestoreRunning = false %}
         {% set isApacheStarting = false %}
+        {# Setting newMajorVersion to '' will hide corresponding options/elements #}
+        {% set newMajorVersion = 26 %}
 
         {% if is_backup_container_running == true %}
             {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}
@@ -77,9 +79,16 @@
                     </form>
                 {% else %}
                     {% if borg_backup_host_location == '' and borg_restore_password == '' %}
-                        Nextcloud AIO stands for Nextcloud All In One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.<br><br>
+                        Nextcloud AIO stands for Nextcloud All-in-One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.<br><br>
+                        You can either create a new AIO instance or restore a former AIO instance from backup. See the two sections below.<br><br>
+                        {{ include('includes/aio-config.twig') }}
                         <h2>New AIO instance</h2>
-                        Please type in the domain that will be used for Nextcloud if you want to create a new instance:<br><br />
+                        {% if apache_port == '443' %}
+                            AIO is currently in "normal mode" which means that it handles the TLS proxying itself. This also means that it cannot be installed behind a web server or reverse proxy (like Apache, Nginx and else). If you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else), see the <b><a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md">reverse proxy documentation</a></b>. Advice: have a detailed look at the changed docker run command for AIO.<br><br>
+                        {% else %}
+                            AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache Nginx and else) and does not do the TLS proxying itself.<br><br>
+                        {% endif %}
+                        Please type in the domain into the input field below that will be used for Nextcloud in order to create a new AIO instance.<br><br />
                         {% if skip_domain_validation == true %}
                             <b>Please note:</b> The domain validation is disabled so any domain will be accepted here! So make sure that you do not make a typo here as you will not be able to change it afterwards!<br><br>
                         {% endif %}
@@ -90,9 +99,18 @@
                             <input class="button" type="submit" value="Submit" />
                         </form>
                         {% if skip_domain_validation == false %}
-                            Make sure that this server is reachable on Port 443 and you've correctly set up the DNS config for the domain that you enter. <br><br>
-                            If you have a dynamic IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates. <br /><br/>
-                            <b>Hint:</b> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.<br><br>
+                            Make sure that this server is reachable on port 443 (port 443/tcp is open/forwarded in your firewall/router) and that you've correctly set up the DNS config for the domain that you enter (set the A record to your public ipv4-address and if you need ipv6, set the AAAA record to your public ipv6-address. A CNAME record if of course also possible). You should see hints on what went wrong if your domain does not get accepted in the top right corner.<br><br>
+                            <details>
+                                <summary>Click here for further hints</summary><br />
+                                If you should not have a domain yet, you can get one for free e.g. from duckdns.org and others.<br><br>
+                                If you have a dynamic public IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates.<br /><br/>
+                                If you only want to install AIO locally without exposing it to the public internet or if you cannot do so, feel free to follow <a href="https://github.com/nextcloud/all-in-one/blob/main/local-instance.md">this documentation</a>.<br><br>
+                                If you should be using Cloudflare Proxy for your domain, make sure to disable the Proxy feature temporarily as it might block the domain validation attempts.<br /><br/>
+                                {% if apache_port != '443' %}
+                                    If you run into issues getting your domain accepted, see <a href="https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#6-how-to-debug-things">these steps</a> for how to debug things. <br /><br/>
+                                {% endif %}
+                                <b>Hint:</b> If the domain validation fails but you are completely sure that you've configured everything correctly, you may skip the domain validation by following <a href="https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation">this documentation</a>.<br />
+                            </details><br />
                         {% endif %}
 
                         <h2>Restore former AIO instance from backup</h2>
@@ -115,8 +133,8 @@
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                 <input class="button" type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/><br/>
-                                            </form>
-                                        </details><br /><br />
+                                            </form><br />
+                                        </details><br />
                                     {% endif %}
                                 {% elseif backup_exit_code == 0 %}
                                     <span class="status success"></span> Last {{ borg_backup_mode }} successful! (<a href="/api/docker/logs?id=nextcloud-aio-borgbackup">Logs</a>)<br /><br />
@@ -157,12 +175,7 @@
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                 <input class="button" type="submit" value="Submit" />
                             </form>
-                            The folder path that you enter must start with <b>/</b> and must <b>not</b> end with <b>/</b>.<br><br>
-                            An example for Linux is <b>/mnt/backup</b>.<br>
-                            On Synology it could be <b>/volume1/docker/nextcloud/backup</b>.<br>
-                            For macOS it may be <b>/var/backup</b>.<br>
-                            On Windows it might be <b>/run/desktop/mnt/host/c/backup</b>. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host/'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.)<br>
-                            Another option is to enter a specific volume name here: <b>nextcloud_aio_backupdir</b>. This volume needs to be created beforehand manually by you in order to be able to use it.<br><br>
+                            {{ include('includes/backup-dirs.twig') }}
                             ⚠️ Please note that the backup archive must be located in a subfolder of the folder that you enter here and the subfolder which contains the archive must be named 'borg'. Otherwise will the backup container not find the backup archive!<br><br>
                         {% endif %}
                     {% else %}
@@ -176,7 +189,7 @@
                 {% endif %}
             {% endif %}
 
-            {% if domain != "" and was_start_button_clicked == true %}
+            {% if was_start_button_clicked == true %}
                 {% if current_channel starts with 'latest' or current_channel starts with 'beta' or current_channel starts with 'develop' %}
                     You are running the <a href="https://github.com/nextcloud/all-in-one#how-to-switch-the-channel"><b>{{ current_channel }}</b></a> channel. (<a href="/api/docker/logs?id=nextcloud-aio-mastercontainer">Logs</a>)<br><br>
                 {% else %}
@@ -200,11 +213,14 @@
                                 Initial Nextcloud password: 
                         {% if borg_backup_host_location != '' %}
                             {# nextcloud_password needs to be duplicated due to a bug in Firefox. See https://github.com/nextcloud/all-in-one/issues/638. #}
-                            <b>{{ nextcloud_password }}</b></details><br /><br />
+                            <b>{{ nextcloud_password }}</b><br /></details><br />
                         {% else %}
                             <b>{{ nextcloud_password }}</b><br><br>
                         {% endif %}
-                        <a href="https://{{ domain }}" class="button" target="_blank" rel="noopener">Open your Nextcloud ↗</a><br/>
+                        <a href="https://{{ domain }}" class="button" target="_blank" rel="noopener">Open your Nextcloud ↗</a><br/><br>
+                        {% if borg_backup_host_location == '' %}
+                            If your Nextcloud does not open when clicking the button above, see <b><a href="https://github.com/nextcloud/all-in-one/discussions/2105">this documentation</a></b><br><br>
+                        {% endif %}
                     {% else %}
                         {% if isAnyRestarting == false %}
                             <span class="status running"></span> Containers are currently starting.<br /><br />
@@ -221,6 +237,10 @@
                     {% endif %}
                 {% endif %}
 
+                {% if isApacheStarting == false and is_backup_container_running == false %}
+                    {{ include('includes/aio-config.twig') }}
+                {% endif %}
+
                 {% if was_start_button_clicked == true %}
                     <h2>Containers</h2>
                     <ul>
@@ -250,6 +270,12 @@
                     {% else %}
                         {% if is_mastercontainer_update_available == false %}
                             Your containers are up-to-date.<br><br>
+                            {% if newMajorVersion != '' and isAnyRunning == true and isApacheStarting != true %}
+                                <details>
+                                <summary>Note about <b>Nextcloud {{ newMajorVersion }}</b></summary><br>
+                                    If you haven't upgraded to Nextcloud {{ newMajorVersion }} yet and want to do that now, feel free to follow <b><a href="https://github.com/nextcloud/all-in-one/discussions/2208">this documentation</a></b><br/>
+                                </details><br>
+                            {% endif %}
                         {% endif %}
                     {% endif %}
                 {% endif %}
@@ -287,7 +313,16 @@
                                 <input class="button" type="submit" value="Update mastercontainer" />
                             </form>
                         {% else %}
-                            {% if was_start_button_clicked == false or has_update_available == false %}
+                            {% if was_start_button_clicked == false %}
+                                <form method="POST" action="/api/docker/start" class="xhr">
+                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                    {% if newMajorVersion != '' %}
+                                        <input type="checkbox" id="install_latest_major" name="install_latest_major"><label for="install_latest_major">Install Nextcloud {{ newMajorVersion }} (if unchecked, Nextcloud {{ newMajorVersion - 1 }} will get installed)</label><br>
+                                    {% endif %}
+                                    <input class="button" type="submit" value="Download and start containers" />
+                                </form>
+                            {% elseif has_update_available == false %}
                                 <form method="POST" action="/api/docker/start" class="xhr">
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
@@ -319,12 +354,7 @@
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                 <input class="button" type="submit" value="Submit" />
                             </form>
-                            The folder path that you enter must start with <b>/</b> and must <b>not</b> end with <b>/</b>.<br><br>
-                            An example for Linux is <b>/mnt/backup</b>.<br>
-                            On Synology it could be <b>/volume1/docker/nextcloud/backup</b>.<br>
-                            For macOS it may be <b>/var/backup</b>.<br>
-                            On Windows it might be <b>/run/desktop/mnt/host/c/backup</b>. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host/'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.)<br>
-                            Another option is to enter a specific volume name here: <b>nextcloud_aio_backupdir</b>. This volume needs to be created beforehand manually by you in order to be able to use it.<br><br>
+                            {{ include('includes/backup-dirs.twig') }}
                         {% endif %}
                     {% endif %}
 
@@ -344,8 +374,8 @@
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                                 <input class="button" type="submit" value="Check and repair backup integrity" onclick="return confirm('Check and repair backup integrity? Are you sure that you want to check and repair the backup integrity? This should only be done after reading the mentioned documentation.')"/><br/>
-                                            </form>
-                                        </details><br /><br />
+                                            </form><br />
+                                        </details><br />
                                     {% endif %}
                                     {% if has_backup_run_once == false %}
                                         You may change the backup path again since the initial backup was not successful. After submitting the new value, you need to click on 'Create Backup' for testing the new value.<br /><br />
@@ -374,9 +404,12 @@
                                 This is your encryption password for backups: <b>{{ borgbackup_password }}</b><br /><br/>
                                 Please save it at a safe place since you won't be able to restore from backup if you lose this password! <br /><br/>
                                 Backed up will get all important data of your Nextcloud AIO instance like the database, your files and configuration files of the mastercontainer and else. <br /><br/>
-                                The backup itself will use a tool that is called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><b>BorgBackup</b><a/> which is a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
+                                The backup itself uses a tool that is called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><b>BorgBackup</b></a> which is a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
                                 Backups get created in the following directory on the host: <b>{{ borg_backup_host_location }}/borg</b> <br /><br/>
-                                Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app.
+                                Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.<br><br>
+                                Regarding backup retention, see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1675">this</a></b>.<br><br>
+                                Daily backups can get enabled after the initial backup is done. Enabling this also allows to enable an option that allows to update all containers, Nextcloud and its apps automatically.<br><br>
+                                For further documentation and options on this backup solution refer to <b><a href="https://github.com/nextcloud/all-in-one#backup-solution">this section</a></b> and below.<br>
 
                                 {% if isApacheStarting != true %}
                                     <h3>Backup creation</h3>
@@ -441,7 +474,7 @@
                                             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                             <input class="button" type="submit" value="Submit" /><br>
                                         </form>
-                                        Each line and entry needs to start with a slash or letter/digit. Allowed are only <b>a-z</b>, <b>A-Z</b>, <b>0-9</b>, <b>_</b>, <b>-</b>, and <b>/</b>. If the entry begins with a letter/digit are slashes not supported. Two valid entries are <b>/directory/on/the/host</b> and <b>my_custom_docker_volume</b>. You need to make sure yourself that all given directories exist. Otherwise the backup container will fail starting!<br><br/>
+                                        Each line and entry needs to start with a slash or letter/digit. Allowed are only <b>a-z</b>, <b>A-Z</b>, <b>.</b>, <b>0-9</b>, <b>_</b>, <b>-</b>, and <b>/</b>. If the entry begins with a letter/digit are slashes not supported. Two valid entries are <b>/directory/on/the/host</b> and <b>my_custom_docker_volume</b>. You need to make sure yourself that all given directories exist. Otherwise the backup container will fail starting!<br><br/>
                                         Make sure to specify all storages that you want to back up separately since storages will not be mounted recursively. E.g. providing <b>/</b> as additional backup directory will only back up files and folders that are stored on the root partition and not on the EFI partition or any other. Excluded by the backup will be caches and a few other directories. You should make sure to stop all services before the backup can run correctly if you want to back up the root partition. For automating this see <a href="https://github.com/nextcloud/all-in-one#how-to-stopstartupdate-containers-or-trigger-the-daily-backup-from-a-script-externally">this documentation</a><br><br/>
                                         Please note that the chosen directories/volumes will not be restored when you restore your instance, so this would need to be done manually. <br><br>
                                         {% if additional_backup_directories != "" %}
@@ -450,9 +483,9 @@
                                     {% endif %}
                                 {% endif %}
                                 {% if has_backup_run_once == false %}
-                                    <br /><br />
+                                    <br />
                                 {% else %}
-                                    </details><br /><br />
+                                    </details><br />
                                 {% endif %}
                             {% endif %}
                         {% endif %}
@@ -461,15 +494,18 @@
                     {% if is_backup_container_running == false %}
                         {% if isApacheStarting == false %} 
                             <h2>AIO password change</h2>
-                            You can change your AIO password below:<br><br />
-                            <form method="POST" action="/api/configuration" class="xhr">
-                                <input type="text" autocomplete="current-password" name="current-master-password" placeholder="Your current AIO password"/>
-                                <input type="text" autocomplete="new-password" name="new-master-password" placeholder="Your new AIO password"/>
-                                <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
-                                <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                <input class="button" type="submit" value="Submit" />
-                            </form>
-                            The new password needs to be at least 24 characters long. Allowed characters are the <a href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><b>latin characters</b></a> <b>a-z</b>, <b>A-Z</b>, <b>0-9</b> and <b>spaces</b>.<br><br>
+                            <details>
+                                <summary>Click here to change your AIO password</summary><br />
+                                You can change your AIO password below:<br><br />
+                                <form method="POST" action="/api/configuration" class="xhr">
+                                    <input type="text" autocomplete="current-password" name="current-master-password" placeholder="Your current AIO password"/>
+                                    <input type="text" autocomplete="new-password" name="new-master-password" placeholder="Your new AIO password"/>
+                                    <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+                                    <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+                                    <input class="button" type="submit" value="Submit" />
+                                </form>
+                                The new password needs to be at least 24 characters long. Allowed characters are the <a href="https://en.wikipedia.org/wiki/Latin_alphabet#/media/File:Abecedarium.png"><b>latin characters</b></a> <b>a-z</b>, <b>A-Z</b>, <b>0-9</b> and <b>spaces</b>.<br>
+                            </details><br>
                         {% endif %}
                     {% endif %}
                 {% endif %}
@@ -504,9 +540,9 @@
                             <input type="checkbox" id="imaginary" name="imaginary"><label for="imaginary">Imaginary (for previews of heic, heif, illustrator, pdf, svg, tiff and webp)</label><br>
                         {% endif %}
                         {% if is_talk_enabled == true %}
-                            <input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open in your firewall/router)</label><br><br>
+                            <input type="checkbox" id="talk" name="talk" checked="checked"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label><br><br>
                         {% else %}
-                            <input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open in your firewall/router)</label><br><br>
+                            <input type="checkbox" id="talk" name="talk"><label for="talk">Nextcloud Talk (needs ports {{ talk_port }}/TCP and {{ talk_port }}/UDP open/forwarded in your firewall/router)</label><br><br>
                         {% endif %}
                         {% if is_onlyoffice_enabled == true %}
                             <input type="checkbox" id="onlyoffice" name="onlyoffice" checked="checked"><label for="onlyoffice">OnlyOffice</label><br>
@@ -514,8 +550,9 @@
                             {#<input type="checkbox" id="onlyoffice" name="onlyoffice"><label for="onlyoffice">OnlyOffice</label><br>#}
                         {% endif %}
                         <input id="options-form-submit" class="button" type="submit" value="Save changes" />
+                        <script type="text/javascript" src="options-form-submit.js"></script>
                     </form>
-                    <b>Minimal system requirements:</b> When any optional addon is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV or Fulltextsearch, at least 3GB RAM are required. When enabling everything, at least 4GB RAM are required. Recommended are at least 1GB more RAM than the minimal requirement.<br><br>
+                    <b>Minimal system requirements:</b> When any optional addon is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV or Fulltextsearch, at least 3GB RAM are required. When enabling everything, at least 4GB RAM are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advices and recommendations see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></b><br><br>
                     {% if isAnyRunning == true or is_x64_platform == false %}
                         <script type="text/javascript" src="disable-clamav.js"></script>
                     {% endif %}

php/templates/includes/aio-config.twig

@@ -0,0 +1,36 @@
+<details>
+    <summary>Click here to view the current AIO config and documentation links</summary><br />
+    {% if was_start_button_clicked == true %}
+        Nextclouds config.php file is stored in the nextcloud_aio_nextcloud Docker volume and can by edited by following the <a href="https://github.com/nextcloud/all-in-one#how-to-edit-nextclouds-configphp-file-with-a-texteditor">config.php documentation</a>.<br><br>
+        You can run Nextcloud's usual occ commands by following the <a href="https://github.com/nextcloud/all-in-one#how-to-run-occ-commands">occ documentation</a></b>.<br><br>
+    {% endif %}
+    
+    {% if nextcloud_datadir starts with '/' %}
+        Nextcloud's datadir is getting stored in the {{ nextcloud_datadir }} directory.
+    {% else %}
+        Nextcloud's datadir is getting stored in the {{ nextcloud_datadir }} Docker volume.
+    {% endif %}
+    See the <a href="https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir">NEXTCLOUD_DATADIR documentation</a> on how to change this.<br><br>
+
+    {% if nextcloud_mount == '' %}
+        The Nextcloud container is confied and local external storage in Nextcloud is disabled.
+    {% else %}
+        The Nextcloud container is getting gets access to the {{ nextcloud_mount }} directory and local external storage in Nextcloud is enabled.
+    {% endif %}
+    See the <a href="https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host">NEXTCLOUD_MOUNT documentation</a> on how to change this.<br><br>
+
+    Nextcloud has an upload limit of {{ nextcloud_upload_limit }} configured (for public link uploads. Bigger uploads are always possible when users are logged in). See the <a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud">NEXTCLOUD_UPLOAD_LIMIT documentation</a> on how to change this.<br><br>
+
+    For Nextcloud, a memory limit of {{ nextcloud_memory_limit }} per PHP process is configured. See the <a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud">NEXTCLOUD_MEMORY_LIMIT documentation</a> on how to change this.<br><br>
+
+    Nextcloud has a timeout of {{ nextcloud_max_time }} seconds configured (important for big file uploads). See the <a href="https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud">NEXTCLOUD_MAX_TIME documentation</a> on how to change this.<br><br>
+
+    {% if is_dri_device_enabled == true %}
+        The /dev/dri device which is needed for hardware transcoding is getting attached to the Nextcloud container.
+    {% else %}
+        The /dev/dri device which is needed for hardware transcoding is not attached to the Nextcloud container.
+    {% endif %}
+    See the <a href="https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud">NEXTCLOUD_ENABLE_DRI_DEVICE documentation</a> on how to change this.<br><br>
+
+    For further documentation on AIO, refer to <b><a href="https://github.com/nextcloud/all-in-one#nextcloud-all-in-one">this page</a></b>. You can use the browser search [CTRL]+[F] to search through the documentation. Additional documentation can be found <b><a href="https://github.com/nextcloud/all-in-one/discussions/categories/wiki">here</a></b>.<br>
+</details><br />

php/templates/includes/backup-dirs.twig

@@ -0,0 +1,6 @@
+The folder path that you enter must start with <b>/</b> and must <b>not</b> end with <b>/</b>.<br><br>
+An example for Linux is <b>/mnt/backup</b>.<br><br>
+On Synology it could be <b>/volume1/docker/nextcloud/backup</b>.<br><br>
+For macOS it may be <b>/var/backup</b>.<br><br>
+On Windows it might be <b>/run/desktop/mnt/host/c/backup</b>. (This path is equivalent to 'C:\backup' on your Windows host so you need to translate the path accordingly. Hint: the path that you enter needs to start with '/run/desktop/mnt/host/'. Append to that the exact location on your windows host, e.g. 'c/backup' which is equivalent to 'C:\backup'.)<br><br>
+Another option is to enter a specific volume name here: <b>nextcloud_aio_backupdir</b>. This volume needs to be created beforehand manually by you in order to be able to use it.<br><br>

php/templates/layout.twig

@@ -4,7 +4,6 @@
         <link rel="stylesheet" href="/style.css" media="all" />
         <link rel="icon" href="/img/favicon.png">
         <script type="text/javascript" src="forms.js"></script>
-        <script type="text/javascript" src="options-form-submit.js"></script>
     </head>
 
     <body>

php/templates/login.twig

@@ -7,7 +7,7 @@
             <h1>Nextcloud AIO Login</h1>
             {% if is_login_allowed == true %}
                 <p>Log in using your Nextcloud AIO password:</p>
-                <form method="POST" action="/api/auth/login">
+                <form method="POST" action="/api/auth/login" class="xhr">
                     <input type="text" autocomplete="off" name="password" placeholder="Password" />
                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">