Merge pull request #2677 from nextcloud/aio-helm-update

Helm Chart updates

.github/workflows/command-rebase.yml

@@ -23,7 +23,7 @@ jobs:
 
     steps:
       - name: Add reaction on start
-        uses: peter-evans/create-or-update-comment@v3
+        uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}
           repository: ${{ github.event.repository.full_name }}
@@ -31,18 +31,18 @@ jobs:
           reaction-type: "+1"
 
       - name: Checkout the latest code
-        uses: actions/checkout@v3
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
         with:
           fetch-depth: 0
           token: ${{ secrets.COMMAND_BOT_PAT }}
 
       - name: Automatic Rebase
-        uses: cirrus-actions/rebase@1.8
+        uses: cirrus-actions/rebase@b87d48154a87a85666003575337e27b8cd65f691 # 1.8
         env:
           GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}
 
       - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@v3
+        uses: peter-evans/create-or-update-comment@ca08ebd5dc95aa0cd97021e9708fcd6b87138c9b # v3.0.1
         if: failure()
         with:
           token: ${{ secrets.COMMAND_BOT_PAT }}

.github/workflows/create-psalm-container.yml

@@ -1,54 +0,0 @@
-name: Create Psalm Container
-
-on:
-  workflow_dispatch:
-  schedule:
-    - cron: '5 4 * * *'
-
-jobs:
-  push_to_registry:
-    runs-on: ubuntu-latest
-
-    name: Create Psalm Container
-
-    permissions:
-      packages: write
-      contents: read
-
-    steps:
-      - name: Check out the repo
-        run: |
-          git clone https://github.com/psalm/psalm-github-actions.git
-      
-      - name: Modify the Dockerfile
-        run: |
-          set -x
-          sed -i 's|FROM php:7.4-alpine|FROM php:8.2-alpine|' "psalm-github-actions/Dockerfile"
-          cat << APCU >> "psalm-github-actions/Dockerfile"
-          RUN mkdir -p /usr/src/php/ext/apcu && \
-            curl -fsSL https://pecl.php.net/get/apcu | tar xvz -C "/usr/src/php/ext/apcu" --strip 1 && \
-            docker-php-ext-install apcu
-          APCU
-
-      - name: Log in to GitHub Docker Registry
-        uses: docker/login-action@v2
-        with:
-          registry: docker.pkg.github.com
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Log in to GitHub Container Registry
-        uses: docker/login-action@v2
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build container image
-        uses: docker/build-push-action@v4
-        with:
-          push: true
-          context: 'psalm-github-actions'
-          file: 'psalm-github-actions/Dockerfile'
-          tags: |
-            ghcr.io/nextcloud/all-in-one-psalm:latest

.github/workflows/docker-lint.yml

@@ -0,0 +1,53 @@
+name: Docker Lint
+
+on:
+  pull_request:
+    paths:
+      - 'Containers/**'
+  push:
+    branches:
+      - main
+    paths:
+      - 'Containers/**'
+
+permissions:
+  contents: read
+
+concurrency: 
+  group: docker-lint-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  docker-lint:
+    runs-on: ubuntu-latest
+
+    name: docker-lint
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Install npm and dockerfilelint
+        run: |
+          sudo apt-get install nodejs npm -y
+          npm install -g dockerfilelint
+          wget https://github.com/replicatedhq/dockerfilelint/pull/184.patch -O /usr/local/lib/node_modules/dockerfilelint/184.patch
+          CURRENT_DIR=$PWD
+          cd /usr/local/lib/node_modules/dockerfilelint/
+          git apply 184.patch
+          cd $CURRENT_DIR
+          cat << RULES > ./.dockerfilelintrc
+          rules:
+            sudo_usage: off
+          RULES
+
+      - name: run lint
+        run: |
+          DOCKERFILES="$(find ./Containers -name Dockerfile)"
+          mapfile -t DOCKERFILES <<< "$DOCKERFILES"
+          for file in "${DOCKERFILES[@]}"; do
+            dockerfilelint "$file" --config ./ | tee -a ./dockerfilelint.log
+          done
+          if grep "^Issues: [0-9]" ./dockerfilelint.log; then
+            exit 1
+          fi

.github/workflows/json-validator.yml

@@ -2,9 +2,13 @@ name: Json Validator
 
 on:
   pull_request:
+    paths:
+      - '**.json'
   push:
     branches:
       - main
+    paths:
+      - '**.json'
 
 jobs:
   psalm:

.github/workflows/lint-php.yml

@@ -3,18 +3,22 @@
 # https://github.com/nextcloud/.github
 # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
 
-name: PHP Lint
+name: Lint php
 
 on:
   pull_request:
+    paths:
+      - 'php/**'
   push:
     branches:
       - main
+    paths:
+      - 'php/**'
 
 permissions:
   contents: read
 
-concurrency: 
+concurrency:
   group: lint-php-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
@@ -23,19 +27,22 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php-versions: ["8.2"]
+        php-versions: [ "8.2" ]
 
     name: php-lint
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@v2
+        uses: shivammathur/setup-php@c5fc0d8281aba02c7fda07d3a70cc5371548067d # v2
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none
+          ini-file: development
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Lint
         run: cd php && composer run lint

.github/workflows/php-deprecation-detector.yml

@@ -3,9 +3,13 @@ name: PHP Deprecation Detector
 
 on:
   pull_request:
+    paths:
+      - 'php/**'
   push:
     branches:
       - main
+    paths:
+      - 'php/**'
 
 jobs:
   psalm:

.github/workflows/psalm-analysis.yml

@@ -1,28 +0,0 @@
-name: Psalm Analysis
-
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-
-jobs:
-  psalm:
-    name: Psalm
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up php8.2
-        uses: shivammathur/setup-php@v2
-        with:
-          php-version: 8.2
-          extensions: apcu
-          coverage: none
-
-      - name: Run script
-        run: |
-          set -x
-          cd php
-          composer global require vimeo/psalm --prefer-dist --no-progress --dev
-          composer install
-          composer run psalm

.github/workflows/psalm-security.yml

@@ -1,25 +0,0 @@
-name: Psalm Security Analysis
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  psalm:
-    name: Psalm
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v3
-      - name: Psalm
-        uses: docker://ghcr.io/nextcloud/all-in-one-psalm
-        with:
-          relative_dir: php
-          security_analysis: true
-          composer_ignore_platform_reqs: false
-          report_file: results.sarif
-      - name: Upload Security Analysis results to GitHub
-        uses: github/codeql-action/upload-sarif@v2
-        with:
-          sarif_file: php/results.sarif

.github/workflows/psalm.yml

@@ -0,0 +1,47 @@
+# This workflow is provided via the organization template repository
+#
+# https://github.com/nextcloud/.github
+# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
+
+name: Static analysis
+
+on:
+  pull_request:
+    paths:
+      - 'php/**'
+  push:
+    branches:
+      - main
+    paths:
+      - 'php/**'
+
+concurrency:
+  group: psalm-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  static-analysis:
+    runs-on: ubuntu-latest
+
+    name: Nextcloud
+    steps:
+      - name: Checkout
+        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+
+      - name: Set up php
+        uses: shivammathur/setup-php@c5fc0d8281aba02c7fda07d3a70cc5371548067d # v2
+        with:
+          php-version: 8.2
+          extensions: apcu
+          coverage: none
+          ini-file: development
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Install dependencies and run psalm
+        run: |
+          set -x
+          cd php
+          composer global require vimeo/psalm --prefer-dist --no-progress --dev
+          composer install
+          composer run psalm

.github/workflows/shellcheck.yml

@@ -2,9 +2,13 @@ name: Shellcheck
 
 on:
   pull_request:
+    paths:
+      - '**.sh'
   push:
     branches:
       - main
+    paths:
+      - '**.sh'
 
 jobs:
   shellcheck:

.github/workflows/twig-lint.yml

@@ -2,9 +2,13 @@ name: Twig Lint
 
 on:
   pull_request:
+    paths:
+      - '**.twig'
   push:
     branches:
       - main
+    paths:
+      - '**.twig'
 
 permissions:
   contents: read
@@ -16,10 +20,6 @@ concurrency:
 jobs:
   twig-lint:
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        php-versions: ["8.2"]
-
     name: twig-lint
 
     steps:
@@ -29,7 +29,8 @@ jobs:
       - name: Set up php ${{ matrix.php-versions }}
         uses: shivammathur/setup-php@v2
         with:
-          php-version: ${{ matrix.php-versions }}
+          php-version: 8.2
+          extensions: apcu
           coverage: none
 
       - name: twig lint
@@ -39,17 +40,3 @@ jobs:
           composer install
           chmod +x ./vendor/bin/twig-linter
           ./vendor/bin/twig-linter lint ./templates
-
-  summary:
-    permissions:
-      contents: none
-    runs-on: ubuntu-latest
-    needs: twig-lint
-
-    if: always()
-
-    name: twig-lint-summary
-
-    steps:
-      - name: Summary status
-        run: if ${{ needs.twig-lint.result != 'success' && needs.twig-lint.result != 'skipped' }}; then exit 1; fi

.gitignore

@@ -6,4 +6,5 @@
 /manual-install/*.conf
 !/manual-install/sample.conf
 /manual-install/docker-compose.yml
+/manual-install/compose.yaml
 /manual-install/.env

Containers/apache/Dockerfile

@@ -45,6 +45,7 @@ RUN set -ex; \
             -e 's/^#\(LoadModule .*mod_authz_core.so\)/\1/' \
             -e 's/^#\(LoadModule .*mod_alias.so\)/\1/' \
             -e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \
+            -e 's/^#\(LoadModule .*mod_brotli.so\)/\1/' \
             -e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \
             -e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \
         /usr/local/apache2/conf/httpd.conf; \

Containers/apache/nextcloud.conf

@@ -10,6 +10,13 @@ Listen 8000
     <FilesMatch "\.php$">
         SetHandler "proxy:fcgi://${NEXTCLOUD_HOST}:9000"
     </FilesMatch>
+
+    # Enable Brotli compression for js files
+    <IfModule mod_brotli.c>
+        AddOutputFilterByType BROTLI_COMPRESS text/javascript application/javascript application/x-javascript
+        BrotliCompressionQuality 0
+    </IfModule>
+
     # Nextcloud dir
     DocumentRoot /var/www/html/
     <Directory /var/www/html/>

Containers/borgbackup/Dockerfile

@@ -18,3 +18,4 @@ COPY --chmod=770 *.sh /
 ENTRYPOINT ["/start.sh"]
 
 LABEL com.centurylinklabs.watchtower.monitor-only="true"
+ENV BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"

Containers/borgbackup/backupscript.sh

@@ -167,11 +167,12 @@ if [ "$BORG_MODE" = backup ]; then
     rm -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/skip.update"
 
     # Prune options
-    BORG_PRUNE_OPTS=(--stats --keep-within=7d --keep-weekly=4 --keep-monthly=6 "$BORG_BACKUP_DIRECTORY")
+    read -ra BORG_PRUNE_OPTS <<< "$BORG_RETENTION_POLICY"
+    echo "BORG_PRUNE_OPTS are ${BORG_PRUNE_OPTS[*]}"
 
     # Prune archives
     echo "Pruning the archives..."
-    if ! borg prune --glob-archives '*_*-nextcloud-aio' "${BORG_PRUNE_OPTS[@]}"; then
+    if ! borg prune --stats --glob-archives '*_*-nextcloud-aio' "${BORG_PRUNE_OPTS[@]}" "$BORG_BACKUP_DIRECTORY"; then
         echo "Failed to prune archives!"
         exit 1
     fi
@@ -202,7 +203,7 @@ if [ "$BORG_MODE" = backup ]; then
                 exit 1
             fi
             echo "Pruning additional volumes..."
-            if ! borg prune --glob-archives '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
+            if ! borg prune --stats --glob-archives '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}" "$BORG_BACKUP_DIRECTORY"; then
                 echo "Failed to prune additional docker-volumes archives!"
                 exit 1
             fi
@@ -232,7 +233,7 @@ if [ "$BORG_MODE" = backup ]; then
                 exit 1
             fi
             echo "Pruning additional host mounts..."
-            if ! borg prune --glob-archives '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}"; then
+            if ! borg prune --stats --glob-archives '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}" "$BORG_BACKUP_DIRECTORY"; then
                 echo "Failed to prune additional host-mount archives!"
                 exit 1
             fi

Containers/mastercontainer/Dockerfile

@@ -1,5 +1,5 @@
 # Docker CLI is a requirement
-FROM docker:23.0.6-cli as docker
+FROM docker:24.0.2-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.6.4-alpine as caddy

Containers/nextcloud/Dockerfile

@@ -1,5 +1,18 @@
 # From https://github.com/nextcloud/docker/blob/master/23/fpm-alpine/Dockerfile
-FROM php:8.0.28-fpm-alpine3.16
+FROM php:8.1.19-fpm-alpine3.17
+
+ENV PHP_MEMORY_LIMIT 512M
+ENV PHP_UPLOAD_LIMIT 10G
+ENV PHP_MAX_TIME 3600
+ENV NEXTCLOUD_VERSION 26.0.2
+
+COPY --chmod=775 *.sh /
+COPY --chmod=774 upgrade.exclude /upgrade.exclude
+COPY config/*.php /
+COPY supervisord.conf /supervisord.conf
+
+VOLUME /mnt/ncdata
+VOLUME /var/www/html
 
 # Custom: change id of www-data user as it needs to be the same like on old installations
 RUN set -ex; \
@@ -8,22 +21,14 @@ RUN set -ex; \
     groupmod -g 333 xfs; \
     usermod -u 333 -g 333 xfs; \
     addgroup -g 33 -S www-data; \
-    adduser -u 33 -D -S -G www-data www-data
-
-# entrypoint.sh and cron.sh dependencies
-RUN set -ex; \
+    adduser -u 33 -D -S -G www-data www-data; \
     \
+# entrypoint.sh and cron.sh dependencies
     apk add --no-cache \
         rsync \
-    ;
-
+    ; \
 # install the PHP extensions we need
 # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
-ENV PHP_MEMORY_LIMIT 512M
-ENV PHP_UPLOAD_LIMIT 10G
-ENV PHP_MAX_TIME 3600
-RUN set -ex; \
-    \
     apk add --no-cache --virtual .build-deps \
         $PHPIZE_DEPS \
         autoconf \
@@ -80,11 +85,11 @@ RUN set -ex; \
             | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
     )"; \
     apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
-    apk del .build-deps
-
+    apk del .build-deps; \
+    \
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
-RUN { \
+    { \
         echo 'opcache.interned_strings_buffer=32'; \
         echo 'opcache.save_comments=1'; \
         echo 'opcache.revalidate_freq=60'; \
@@ -102,15 +107,10 @@ RUN { \
         echo 'max_input_time=${PHP_MAX_TIME}'; \
     } > /usr/local/etc/php/conf.d/nextcloud.ini; \
     \
-    mkdir /var/www/data; \
+    mkdir -p /var/www/data; \
     chown -R www-data:root /var/www; \
-    chmod -R g=u /var/www
-
-VOLUME /var/www/html
-
-ENV NEXTCLOUD_VERSION 25.0.7
-
-RUN set -ex; \
+    chmod -R g=u /var/www; \
+    \
     apk add --no-cache --virtual .fetch-deps \
         bzip2 \
         gnupg \
@@ -130,27 +130,18 @@ RUN set -ex; \
     mkdir -p /usr/src/nextcloud/data; \
     mkdir -p /usr/src/nextcloud/custom_apps; \
     chmod +x /usr/src/nextcloud/occ; \
-    apk del .fetch-deps
-
-COPY *.sh upgrade.exclude /
-COPY config/* /usr/src/nextcloud/config/
-
-ENTRYPOINT ["/entrypoint.sh"]
-CMD ["php-fpm"]
-
-# Template from https://github.com/nextcloud/docker/blob/master/.examples/dockerfiles/full/fpm-alpine/Dockerfile
-
-RUN set -ex; \
+    mkdir -p /usr/src/nextcloud/config; \
+    mv /*.php /usr/src/nextcloud/config/; \
+    apk del .fetch-deps; \
     \
+# Template from https://github.com/nextcloud/docker/blob/master/.examples/dockerfiles/full/fpm-alpine/Dockerfile
     apk add --no-cache \
         ffmpeg \
         procps \
         samba-client \
         supervisor \
 #       libreoffice \
-    ;
-
-RUN set -ex; \
+    ; \
     \
     apk add --no-cache --virtual .build-deps \
         $PHPIZE_DEPS \
@@ -178,21 +169,12 @@ RUN set -ex; \
             | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
     )"; \
     apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
-    apk del .build-deps
-
-RUN mkdir -p \
+    apk del .build-deps; \
+    \
+    mkdir -p \
     /var/log/supervisord \
     /var/run/supervisord \
-;
-
-COPY supervisord.conf /
-
-ENV NEXTCLOUD_UPDATE=1
-
-CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
-
-# Custom:
-RUN set -ex; \
+    ; \
     \
     apk add --no-cache \
         bash \
@@ -206,60 +188,38 @@ RUN set -ex; \
         sudo \
         grep \
         nodejs \
-        coreutils;
-
-RUN set -ex; \
+        coreutils; \
+    \
     grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm.start_servers =.*/pm.start_servers = 2/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm.min_spare_servers =.*/pm.min_spare_servers = 1/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm.max_spare_servers =.*/pm.max_spare_servers = 3/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf
-
-RUN set -ex; \
+    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
+    \
     rm -rf /tmp/nextcloud-aio && \
     mkdir -p /tmp/nextcloud-aio && \
     cd /tmp/nextcloud-aio && \
     git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
     mkdir -p /usr/src/nextcloud/apps/nextcloud-aio; \
-    cp -r ./app/* /usr/src/nextcloud/apps/nextcloud-aio/
-
-RUN set -ex; \
+    cp -r ./app/* /usr/src/nextcloud/apps/nextcloud-aio/; \
+    \
     chown www-data:root -R /usr/src && \
     chown www-data:root -R /usr/local/etc/php/conf.d && \
     chown www-data:root -R /usr/local/etc/php-fpm.d && \
-    rm -r /usr/src/nextcloud/apps/updatenotification
-
-COPY start.sh /
-COPY notify.sh /
-COPY notify-all.sh /
-RUN set -ex; \
-    chmod +x /start.sh && \
-    chmod +x /entrypoint.sh && \
-    chmod +r /upgrade.exclude && \
-    chmod +x /cron.sh && \
-    chmod +x /notify.sh && \
-    chmod +x /notify-all.sh && \
-    chmod +x /activate-collabora.sh && \
-    chmod +x /healthcheck.sh
-
-RUN set -ex; \
-    mkdir /mnt/ncdata; \
-    chown www-data:www-data /mnt/ncdata;
-
-VOLUME /mnt/ncdata
-
-RUN set -ex; \
+    rm -r /usr/src/nextcloud/apps/updatenotification; \
+    \
     mkdir -p /nc-updater; \
     chown -R www-data:www-data /nc-updater; \
-    chmod -R 770 /nc-updater
-
+    chmod -R 770 /nc-updater; \
+    \
 # Give root a random password
-RUN echo "root:$(openssl rand -base64 12)" | chpasswd
+    echo "root:$(openssl rand -base64 12)" | chpasswd
 
 USER root
 ENTRYPOINT ["/start.sh"]
+CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD sudo -E -u www-data bash /healthcheck.sh
 LABEL com.centurylinklabs.watchtower.monitor-only="true"

Containers/nextcloud/activate-collabora.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-
-if [ "$COLLABORA_ENABLED" != yes ]; then
-    # Basically sleep for forever if collabora is not enabled
-    sleep inf
-fi
-while ! nc -z "$NC_DOMAIN" 443; do
-    sleep 5
-done
-sleep 10
-echo "Activating collabora config..."
-php /var/www/html/occ richdocuments:activate-config
-sleep inf

Containers/nextcloud/entrypoint.sh

@@ -205,6 +205,14 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 INSTALL_OPTIONS+=(--data-dir "$NEXTCLOUD_DATA_DIR")
             fi
 
+            # We do our own permission check so the permission check is not needed
+            cat << DATADIR_PERMISSION_CONF > /var/www/html/config/datadir.permission.config.php
+<?php
+    \$CONFIG = array (
+    'check_data_directory_permissions' => false
+);
+DATADIR_PERMISSION_CONF
+
             echo "Installing with PostgreSQL database"
             INSTALL_OPTIONS+=(--database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST")
 
@@ -215,15 +223,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                 exit 1
             fi
 
-            # We do our own permission check so the permission check is not needed
-            cat << DATADIR_PERMISSION_CONF > /var/www/html/config/datadir.permission.config.php
-<?php
-\$CONFIG = array (
-  'check_data_directory_permissions' => false
-);
-DATADIR_PERMISSION_CONF
-            php /var/www/html/occ config:system:set check_data_directory_permissions --value=false --type=bool
-
             # Try to force generation of appdata dir:
             php /var/www/html/occ maintenance:repair
 
@@ -547,6 +546,7 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
         php /var/www/html/occ app:update onlyoffice
     fi
     php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
+    php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
     php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
     php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$NC_DOMAIN/onlyoffice"
     php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
@@ -616,18 +616,16 @@ else
 fi
 
 # Imaginary
-if version_greater "$installed_version" "24.0.0.0"; then
-    if [ "$IMAGINARY_ENABLED" = 'yes' ]; then
-        php /var/www/html/occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\Imaginary"
-        php /var/www/html/occ config:system:set preview_imaginary_url --value="http://$IMAGINARY_HOST:9000"
-    else
-        if [ -n "$(php /var/www/html/occ config:system:get preview_imaginary_url)" ]; then
-            php /var/www/html/occ config:system:delete enabledPreviewProviders 0
-            php /var/www/html/occ config:system:delete preview_imaginary_url
-            php /var/www/html/occ config:system:delete enabledPreviewProviders 20
-            php /var/www/html/occ config:system:delete enabledPreviewProviders 21
-            php /var/www/html/occ config:system:delete enabledPreviewProviders 22
-        fi
+if [ "$IMAGINARY_ENABLED" = 'yes' ]; then
+    php /var/www/html/occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\Imaginary"
+    php /var/www/html/occ config:system:set preview_imaginary_url --value="http://$IMAGINARY_HOST:9000"
+else
+    if [ -n "$(php /var/www/html/occ config:system:get preview_imaginary_url)" ]; then
+        php /var/www/html/occ config:system:delete enabledPreviewProviders 0
+        php /var/www/html/occ config:system:delete preview_imaginary_url
+        php /var/www/html/occ config:system:delete enabledPreviewProviders 20
+        php /var/www/html/occ config:system:delete enabledPreviewProviders 21
+        php /var/www/html/occ config:system:delete enabledPreviewProviders 22
     fi
 fi
 

Containers/nextcloud/run-exec-commands.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+while ! nc -z "$NC_DOMAIN" 443; do
+    sleep 5
+done
+sleep 10
+
+if [ -n "$NEXTCLOUD_EXEC_COMMANDS" ]; then
+    echo "#!/bin/bash" > /tmp/nextcloud-exec-commands
+    echo "$NEXTCLOUD_EXEC_COMMANDS" >> /tmp/nextcloud-exec-commands
+    if ! grep "one-click-instance" /tmp/nextcloud-exec-commands; then
+        bash /tmp/nextcloud-exec-commands
+        rm /tmp/nextcloud-exec-commands
+    fi
+else
+    # Collabora must work also if using manual-install 
+    if [ "$COLLABORA_ENABLED" = yes ]; then
+        echo "Activating collabora config..."
+        php /var/www/html/occ richdocuments:activate-config
+    fi
+fi
+
+sleep inf

Containers/nextcloud/supervisord.conf

@@ -33,10 +33,10 @@ stderr_logfile_maxbytes=0
 command=/var/www/html/custom_apps/notify_push/bin/%(ENV_CPU_ARCH)s/notify_push /var/www/html/config/config.php --port 7867 --redis-url redis://:%(ENV_REDIS_HOST_PASSWORD)s@%(ENV_REDIS_HOST)s
 user=www-data
 
-[program:activate-collabora]
+[program:run-exec-commands]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=/activate-collabora.sh
+command=/run-exec-commands.sh
 user=www-data

Containers/talk/Dockerfile

@@ -1,4 +1,4 @@
-FROM nats:2.9.16-scratch as nats
+FROM nats:2.9.17-scratch as nats
 FROM strukturag/nextcloud-spreed-signaling:1.1.2 as signaling
 FROM coturn/coturn:4.6.2-r0-alpine
 USER root

app/appinfo/info.xml

@@ -5,7 +5,7 @@
 	<name>Nextcloud All-in-One</name>
 	<summary>Provides a login link for admins.</summary>
 	<description>Add a link to the admin settings that gives access to the Nextcloud All-in-One admin interface</description>
-	<version>0.3.0</version>
+	<version>0.4.0</version>
 	<licence>agpl</licence>
 	<author>Azul</author>
 	<namespace>AllInOne</namespace>
@@ -13,7 +13,7 @@
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="24" max-version="25"/>
+		<nextcloud min-version="25" max-version="26"/>
 	</dependencies>
 
 	<settings>

compose.yaml

@@ -1,9 +1,3 @@
-version: "3.8"
-
-volumes:
-  nextcloud_aio_mastercontainer:
-    name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
-
 services:
   nextcloud:
     image: nextcloud/all-in-one:latest
@@ -20,6 +14,7 @@ services:
       # - AIO_DISABLE_BACKUP_SECTION=false # Setting this to true allows to hide the backup section in the AIO interface.
       # - APACHE_PORT=11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # - APACHE_IP_BINDING=127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
+      # - BORG_RETENTION_POLICY=--keep-within=7d --keep-weekly=4 --keep-monthly=6 # Allows to adjust borgs retention policy. See https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy
       # - COLLABORA_SECCOMP_DISABLED=false # Setting this to true allows to disable Collabora's Seccomp feature. See https://github.com/nextcloud/all-in-one#how-to-disable-collaboras-seccomp-feature
       # - NEXTCLOUD_DATADIR=/mnt/ncdata # Allows to set the host directory for Nextcloud's datadir. See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir
       # - NEXTCLOUD_MOUNT=/mnt/ # Allows the Nextcloud container to access the chosen directory on the host. See https://github.com/nextcloud/all-in-one#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host
@@ -27,7 +22,7 @@ services:
       # - NEXTCLOUD_MAX_TIME=3600 # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud
       # - NEXTCLOUD_MEMORY_LIMIT=512M # Can be adjusted if you need more. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud
       # - NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts # CA certificates in this directory will be trusted by the OS of the nexcloud container (Useful e.g. for LDAPS) See See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
-      # - NEXTCLOUD_STARTUP_APPS=deck twofactor_totp tasks calendar contacts # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
+      # - NEXTCLOUD_STARTUP_APPS=deck twofactor_totp tasks calendar contacts notes # Allows to modify the Nextcloud apps that are installed on starting AIO the first time. See https://github.com/nextcloud/all-in-one#how-to-change-the-nextcloud-apps-that-are-installed-on-the-first-startup
       # - NEXTCLOUD_ADDITIONAL_APKS=imagemagick # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value. See https://github.com/nextcloud/all-in-one#how-to-add-php-extensions-permanently-to-the-nextcloud-container
       # - NEXTCLOUD_ENABLE_DRI_DEVICE=true # This allows to enable the /dev/dri device in the Nextcloud container which is needed for hardware-transcoding. See https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
@@ -50,6 +45,10 @@ services:
   #     - ./sites:/srv
   #   network_mode: "host"
 
+volumes:
+  nextcloud_aio_mastercontainer:
+    name: nextcloud_aio_mastercontainer # This line is not allowed to be changed as otherwise the built-in backup solution will not work
+
 # # Optional: If you need ipv6, follow step 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md first and then uncomment the below config in order to activate ipv6 for the internal nextcloud-aio network.
 # # Please make sure to uncomment also the networking lines of the mastercontainer above in order to actually create the network with docker-compose
 # # Inspired by https://github.com/mailcow/mailcow-dockerized/blob/master/docker-compose.yml

docker-rootless.md

@@ -9,7 +9,7 @@ You can run AIO with docker rootless by following the steps below.
 1. Also do not forget to run `loginctl enable-linger USERNAME` (and substitute USERNAME with the correct one) in order to make sure that user services are automatically started after every reboot.
 1. Expose the privileged ports by following https://docs.docker.com/engine/security/rootless/#exposing-privileged-ports. (`sudo setcap cap_net_bind_service=ep $(which rootlesskit); systemctl --user restart docker`)
 1. Use the official AIO startup command but use `--volume $XDG_RUNTIME_DIR/docker.sock:/var/run/docker.sock:ro` instead of `--volume /var/run/docker.sock:/var/run/docker.sock:ro` and also add `--env WATCHTOWER_DOCKER_SOCKET_PATH=$XDG_RUNTIME_DIR/docker.sock` to the initial container startup (which is needed for mastercontainer updates to work correctly).
-1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or docker-compose file (after installing docker rootles) are things that are mentioned in point 3.
+1. Now everything should work like without docker rootless. You can consider using docker-compose for this or running it behind a reverse proxy. Basically the only thing that needs to be adjusted always in the startup command or compose.yaml file (after installing docker rootles) are things that are mentioned in point 3.
 
 **Please note:** All files outside the containers get created, written to and accessed as the user that is running the docker daemon or a subuid of it. So for the built-in backup to work you need to allow this user to write to the target directory. E.g. with `sudo chown -R USERNAME:GROUPNAME /mnt/backup`. The same applies when changing Nextcloud's datadir. E.g. `sudo chown -R USERNAME:GROUPNAME /mnt/ncdata`. When you want to use the NEXTCLOUD_MOUNT option for local external storage, you need to adjust the permissions of the chosen folders to be accessible/writeable by the userid `100032:100032` (if running `grep ^$(whoami): /etc/subuid` as the user that is running the docker daemon returns 100000 as first value). 
 

manual-install/latest.yml

@@ -1,5 +1,3 @@
-version: "3.8"
-
 services:
   nextcloud-aio-apache:
     depends_on:

manual-install/readme.md

@@ -11,19 +11,19 @@ You can run the containers that are build for AIO with docker-compose. This come
 - You lose the AIO interface
 - You lose update notifications and automatic updates
 - You lose all AIO backup and restore features
-- **You need to know what you are doing, especially when modifying the docker-compose file**
+- **You need to know what you are doing, especially when modifying the compose.yaml file**
 - For updating, you need to strictly follow the at the bottom described update routine
 - Probably more
 
 ## How to use this?
-First, install docker and docker-compose if not already done. Then simply run the following:
+First, install docker and docker-compose (v2) if not already done. Then simply run the following:
 ```bash
 git clone https://github.com/nextcloud/all-in-one.git
 cd all-in-one/manual-install
 ```
 Then copy the sample.conf to default environment file, e.g. `cp sample.conf .env`, open the new conf file, e.g. with `nano .env`, edit all values that are marked with `# TODO!`, close and save the file. (Note: there is no clamav image for arm64).
 
-Now copy the provided yaml file to a docker-compose file by running `cp latest.yml docker-compose.yml`.
+Now copy the provided yaml file to a compose.yaml file by running `cp latest.yml compose.yaml`.
 
 Now you should be ready to go with `sudo docker-compose up`.
 
@@ -34,10 +34,11 @@ For a complete all-in-one with collabora use `sudo docker-compose --profile coll
 
 ## How to update?
 Since the AIO containers may change in the future, it is highly recommended to strictly follow the following procedure whenever you want to upgrade your containers.
-1. If your previous copy of `sample.conf` is named `my.conf`, run `mv my.conf .env` in order to rename the file to `.env`.
+1. If your previous copy of `sample.conf` is named `my.conf`, run `mv -vn my.conf .env` in order to rename the file to `.env`.
 1. Run `sudo docker-compose down` to stop all running containers
 1. Back up all important files and folders
-1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `docker-compose.yml` file up-to-date with the updated one from the repository. You can use `diff docker-compose.yml latest.yml` for comparing. ⚠️ **Please note**: Starting with AIO v5.1.0, ipv6 networking will be enabled by default, so make sure to either enable it first by following steps 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md and then proceed with the steps below or disable ipv6 networking by editing the docker-compose file and removing ipv6 from the network.
+1. If your compose file is still named `docker-compose.yml` rename it to `compose.yaml` by running `mv -vn docker-compose.yml compose.yaml`
+1. Run `git pull` in order to get the updated yaml files from the repository. Now bring your `compose.yaml` file up-to-date with the updated one from the repository. You can use `diff compose.yaml latest.yml` for comparing. ⚠️ **Please note**: Starting with AIO v5.1.0, ipv6 networking will be enabled by default, so make sure to either enable it first by following steps 1 and 2 of https://github.com/nextcloud/all-in-one/blob/main/docker-ipv6-support.md and then proceed with the steps below or disable ipv6 networking by editing the compose.yaml file and removing ipv6 from the network.
 1. Also have a look at the `sample.conf` if any variable was added or renamed and add that to your conf file as well. Here may help the diff command as well.
 1. After the file update was successful, simply run `sudo docker-compose pull` to pull the new images.
 1. At the end run `sudo docker-compose up` in order to start and update the containers with the new configuration.

manual-install/sample.conf

@@ -1,34 +1,36 @@
+DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
+NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
+NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
+ONLYOFFICE_SECRET=          # TODO! This needs to be a unique and good password!
+REDIS_PASSWORD=          # TODO! This needs to be a unique and good password!
+SIGNALING_SECRET=          # TODO! This needs to be a unique and good password!
+TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.
+TURN_SECRET=          # TODO! This needs to be a unique and good password!
+
+CLAMAV_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+COLLABORA_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+FULLTEXTSEARCH_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+IMAGINARY_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+ONLYOFFICE_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+TALK_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+
 AIO_TOKEN=123456          # Has no function but needs to be set!
 AIO_URL=localhost          # Has no function but needs to be set!
 APACHE_IP_BINDING=0.0.0.0          # This can be changed to e.g. 127.0.0.1 if you want to run AIO behind a web server or reverse proxy (like Apache, Nginx and else) and if that is running on the same host and using localhost to connect
 APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).
-CLAMAV_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_DICTIONARIES="de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru"        # You can change this in order to enable other dictionaries for collabora
-COLLABORA_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
-DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
-FULLTEXTSEARCH_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
-IMAGINARY_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 INSTALL_LATEST_MAJOR=no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation
-NC_DOMAIN=yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
 NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
 NEXTCLOUD_DATADIR=nextcloud_aio_nextcloud_data          # You can change this to e.g. "/mnt/ncdata" to map it to a location on your host. It needs to be adjusted before the first startup and never afterwards!
 NEXTCLOUD_MAX_TIME=3600          # This allows to change the upload time limit of the Nextcloud container
 NEXTCLOUD_MEMORY_LIMIT=512M          # This allows to change the PHP memory limit of the Nextcloud container
 NEXTCLOUD_MOUNT=/mnt/          # This allows the Nextcloud container to access directories on the host. It must never be equal to the value of NEXTCLOUD_DATADIR!
-NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".
-NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
+NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR=/usr/local/share/ca-certificates/my-custom-ca          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 NEXTCLOUD_UPLOAD_LIMIT=10G          # This allows to change the upload limit of the Nextcloud container
-ONLYOFFICE_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
-ONLYOFFICE_SECRET=          # TODO! This needs to be a unique and good password!
-REDIS_PASSWORD=          # TODO! This needs to be a unique and good password!
-SIGNALING_SECRET=          # TODO! This needs to be a unique and good password!
-TALK_ENABLED="no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_PORT=3478          # This allows to adjust the port that the talk container is using.
-TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.
-TURN_SECRET=          # TODO! This needs to be a unique and good password!
 UPDATE_NEXTCLOUD_APPS="no"          # When setting to "yes" (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
 IPV6_NETWORK=fd12:3456:789a:2::/64 # IPv6 subnet to use

manual-install/update-yaml.sh

@@ -16,6 +16,7 @@ OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internal_port)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].secrets)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].devices)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].backup_volumes)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].nextcloud_exec_commands)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"
@@ -81,13 +82,23 @@ sed -i 's|NC_DOMAIN=|NC_DOMAIN=yourdomain.com          # TODO! Needs to be chang
 sed -i 's|NEXTCLOUD_PASSWORD=|NEXTCLOUD_PASSWORD=          # TODO! This is the password of the initially created Nextcloud admin with username "admin".|' sample.conf
 sed -i 's|TIMEZONE=|TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.|' sample.conf
 sed -i 's|COLLABORA_SECCOMP_POLICY=|COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.|' sample.conf
-sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
+sed -i 's|NEXTCLOUD_STARTUP_APPS=|NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_APKS=|NEXTCLOUD_ADDITIONAL_APKS=imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=|NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.|' sample.conf
 sed -i 's|INSTALL_LATEST_MAJOR=|INSTALL_LATEST_MAJOR=no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation|' sample.conf
 sed -i 's|=$|=          # TODO! This needs to be a unique and good password!|' sample.conf
 echo 'IPV6_NETWORK=fd12:3456:789a:2::/64 # IPv6 subnet to use' >> sample.conf
 
+grep  '# TODO!' sample.conf > todo.conf
+grep -v '# TODO!\|_ENABLED' sample.conf > temp.conf
+grep '_ENABLED' sample.conf > enabled.conf
+cat todo.conf > sample.conf
+# shellcheck disable=SC2129
+echo '' >> sample.conf
+cat enabled.conf >> sample.conf
+echo '' >> sample.conf
+cat temp.conf >> sample.conf
+rm todo.conf temp.conf enabled.conf
 cat sample.conf
 
 OUTPUT="$(cat containers.yml)"
@@ -108,10 +119,7 @@ done
 
 OUTPUT="$(echo "$OUTPUT" | sed "/restart: /a\ \ \ \ networks:\n\ \ \ \ \ \ - nextcloud-aio")"
 
-echo 'version: "3.8"' > containers.yml
-echo "" >> containers.yml
-
-echo "$OUTPUT" >> containers.yml
+echo "$OUTPUT" > containers.yml
 
 sed -i '/container_name/d' containers.yml
 sed -i 's|^ $||' containers.yml

nextcloud-aio-helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 5.1.0
+version: 6.0.0
 apiVersion: v2
 keywords:
   - latest

nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml

@@ -54,7 +54,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20230511_075831-latest
+          image: nextcloud/aio-apache:20230606_070951-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml

@@ -38,7 +38,7 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20230511_075831-latest
+          image: nextcloud/aio-clamav:20230606_070951-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310

nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml

@@ -46,7 +46,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20230511_075831-latest
+          image: nextcloud/aio-collabora:20230606_070951-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980

nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml

@@ -60,7 +60,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20230511_075831-latest
+          image: nextcloud/aio-postgresql:20230606_070951-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432

nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml

@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: discovery.type
               value: single-node
-          image: nextcloud/aio-fulltextsearch:20230511_075831-latest
+          image: nextcloud/aio-fulltextsearch:20230606_070951-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200

nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml

@@ -26,7 +26,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20230511_075831-latest
+          image: nextcloud/aio-imaginary:20230606_070951-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000

nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml

@@ -114,7 +114,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20230511_075831-latest
+          image: nextcloud/aio-nextcloud:20230606_070951-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000

nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml

@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20230511_075831-latest
+          image: nextcloud/aio-onlyoffice:20230606_070951-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80

nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml

@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20230511_075831-latest
+          image: nextcloud/aio-redis:20230606_070951-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml

@@ -34,7 +34,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20230511_075831-latest
+          image: nextcloud/aio-talk:20230606_070951-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}

nextcloud-aio-helm-chart/values.yaml

@@ -1,32 +1,34 @@
+DATABASE_PASSWORD:           # TODO! This needs to be a unique and good password!
+NC_DOMAIN: yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
+NEXTCLOUD_PASSWORD:           # TODO! This is the password of the initially created Nextcloud admin with username admin.
+ONLYOFFICE_SECRET:           # TODO! This needs to be a unique and good password!
+REDIS_PASSWORD:           # TODO! This needs to be a unique and good password!
+SIGNALING_SECRET:           # TODO! This needs to be a unique and good password!
+TIMEZONE: Europe/Berlin          # TODO! This is the timezone that your containers will use.
+TURN_SECRET:           # TODO! This needs to be a unique and good password!
+
+CLAMAV_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+COLLABORA_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+FULLTEXTSEARCH_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+IMAGINARY_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+ONLYOFFICE_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+TALK_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
+
 AIO_TOKEN: 123456          # Has no function but needs to be set!
 AIO_URL: localhost          # Has no function but needs to be set!
 APACHE_MAX_SIZE: "10737418240"          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT: 443          # Changing this to a different value than 443 will allow you to run it behind a web server or reverse proxy (like Apache, Nginx and else).
-CLAMAV_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_DICTIONARIES: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
-COLLABORA_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 COLLABORA_SECCOMP_POLICY: --o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
-DATABASE_PASSWORD:           # TODO! This needs to be a unique and good password!
-FULLTEXTSEARCH_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
-IMAGINARY_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 INSTALL_LATEST_MAJOR: no        # Setting this to yes will install the latest Major Nextcloud version upon the first installation
-NC_DOMAIN: yourdomain.com          # TODO! Needs to be changed to the domain that you want to use for Nextcloud.
 NEXTCLOUD_ADDITIONAL_APKS: imagemagick        # This allows to add additional packages to the Nextcloud container permanently. Default is imagemagick but can be overwritten by modifying this value.
 NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS: imagick        # This allows to add additional php extensions to the Nextcloud container permanently. Default is imagick but can be overwritten by modifying this value.
 NEXTCLOUD_MAX_TIME: 3600          # This allows to change the upload time limit of the Nextcloud container
 NEXTCLOUD_MEMORY_LIMIT: 512M          # This allows to change the PHP memory limit of the Nextcloud container
-NEXTCLOUD_PASSWORD:           # TODO! This is the password of the initially created Nextcloud admin with username admin.
-NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
+NEXTCLOUD_STARTUP_APPS: deck twofactor_totp tasks calendar contacts notes        # Allows to modify the Nextcloud apps that are installed on starting AIO the first time
 NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container
 NEXTCLOUD_UPLOAD_LIMIT: 10G          # This allows to change the upload limit of the Nextcloud container
-ONLYOFFICE_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
-ONLYOFFICE_SECRET:           # TODO! This needs to be a unique and good password!
-REDIS_PASSWORD:           # TODO! This needs to be a unique and good password!
-SIGNALING_SECRET:           # TODO! This needs to be a unique and good password!
-TALK_ENABLED: "no"          # Setting this to "yes" (with quotes) enables the option in Nextcloud automatically.
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using.
-TIMEZONE: Europe/Berlin          # TODO! This is the timezone that your containers will use.
-TURN_SECRET:           # TODO! This needs to be a unique and good password!
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
 STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes
 APACHE_STORAGE_SIZE: 1Gi       # You can change the size of the apache volume that default to 1Gi with this value

php/composer.json

@@ -16,7 +16,8 @@
         "http-interop/http-factory-guzzle": "^1.2",
         "slim/twig-view": "^3.3",
         "slim/csrf": "^1.3",
-        "ext-apcu": "*"
+        "ext-apcu": "*",
+        "justinrainbow/json-schema": "^5.2"
     },
     "scripts": {
 		"psalm": "psalm --threads=1",

php/composer.lock

@@ -4,25 +4,25 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "b0074cfbf6b5cde6d6d2207286ad2e85",
+    "content-hash": "3cbf9ef41575f504b9bdbc8dbe8562e3",
     "packages": [
         {
             "name": "guzzlehttp/guzzle",
-            "version": "7.6.1",
+            "version": "7.7.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/guzzle.git",
-                "reference": "8444a2bacf1960bc6a2b62ed86b8e72e11eebe51"
+                "reference": "fb7566caccf22d74d1ab270de3551f72a58399f5"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/8444a2bacf1960bc6a2b62ed86b8e72e11eebe51",
-                "reference": "8444a2bacf1960bc6a2b62ed86b8e72e11eebe51",
+                "url": "https://api.github.com/repos/guzzle/guzzle/zipball/fb7566caccf22d74d1ab270de3551f72a58399f5",
+                "reference": "fb7566caccf22d74d1ab270de3551f72a58399f5",
                 "shasum": ""
             },
             "require": {
                 "ext-json": "*",
-                "guzzlehttp/promises": "^1.5",
+                "guzzlehttp/promises": "^1.5.3 || ^2.0",
                 "guzzlehttp/psr7": "^1.9.1 || ^2.4.5",
                 "php": "^7.2.5 || ^8.0",
                 "psr/http-client": "^1.0",
@@ -34,7 +34,8 @@
             "require-dev": {
                 "bamarni/composer-bin-plugin": "^1.8.1",
                 "ext-curl": "*",
-                "php-http/client-integration-tests": "^3.0",
+                "php-http/client-integration-tests": "dev-master#2c025848417c1135031fdf9c728ee53d0a7ceaee as 3.0.999",
+                "php-http/message-factory": "^1.1",
                 "phpunit/phpunit": "^8.5.29 || ^9.5.23",
                 "psr/log": "^1.1 || ^2.0 || ^3.0"
             },
@@ -113,7 +114,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/guzzle/issues",
-                "source": "https://github.com/guzzle/guzzle/tree/7.6.1"
+                "source": "https://github.com/guzzle/guzzle/tree/7.7.0"
             },
             "funding": [
                 {
@@ -129,38 +130,37 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-05-15T20:43:01+00:00"
+            "time": "2023-05-21T14:04:53+00:00"
         },
         {
             "name": "guzzlehttp/promises",
-            "version": "1.5.2",
+            "version": "2.0.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/guzzle/promises.git",
-                "reference": "b94b2807d85443f9719887892882d0329d1e2598"
+                "reference": "3a494dc7dc1d7d12e511890177ae2d0e6c107da6"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/guzzle/promises/zipball/b94b2807d85443f9719887892882d0329d1e2598",
-                "reference": "b94b2807d85443f9719887892882d0329d1e2598",
+                "url": "https://api.github.com/repos/guzzle/promises/zipball/3a494dc7dc1d7d12e511890177ae2d0e6c107da6",
+                "reference": "3a494dc7dc1d7d12e511890177ae2d0e6c107da6",
                 "shasum": ""
             },
             "require": {
-                "php": ">=5.5"
+                "php": "^7.2.5 || ^8.0"
             },
             "require-dev": {
-                "symfony/phpunit-bridge": "^4.4 || ^5.1"
+                "bamarni/composer-bin-plugin": "^1.8.1",
+                "phpunit/phpunit": "^8.5.29 || ^9.5.23"
             },
             "type": "library",
             "extra": {
-                "branch-alias": {
-                    "dev-master": "1.5-dev"
+                "bamarni-bin": {
+                    "bin-links": true,
+                    "forward-command": false
                 }
             },
             "autoload": {
-                "files": [
-                    "src/functions_include.php"
-                ],
                 "psr-4": {
                     "GuzzleHttp\\Promise\\": "src/"
                 }
@@ -197,7 +197,7 @@
             ],
             "support": {
                 "issues": "https://github.com/guzzle/promises/issues",
-                "source": "https://github.com/guzzle/promises/tree/1.5.2"
+                "source": "https://github.com/guzzle/promises/tree/2.0.0"
             },
             "funding": [
                 {
@@ -213,7 +213,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2022-08-28T14:55:35+00:00"
+            "time": "2023-05-21T13:50:22+00:00"
         },
         {
             "name": "guzzlehttp/psr7",
@@ -389,6 +389,76 @@
             },
             "time": "2021-07-21T13:50:14+00:00"
         },
+        {
+            "name": "justinrainbow/json-schema",
+            "version": "5.2.12",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/justinrainbow/json-schema.git",
+                "reference": "ad87d5a5ca981228e0e205c2bc7dfb8e24559b60"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/justinrainbow/json-schema/zipball/ad87d5a5ca981228e0e205c2bc7dfb8e24559b60",
+                "reference": "ad87d5a5ca981228e0e205c2bc7dfb8e24559b60",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.3.3"
+            },
+            "require-dev": {
+                "friendsofphp/php-cs-fixer": "~2.2.20||~2.15.1",
+                "json-schema/json-schema-test-suite": "1.2.0",
+                "phpunit/phpunit": "^4.8.35"
+            },
+            "bin": [
+                "bin/validate-json"
+            ],
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "5.0.x-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "JsonSchema\\": "src/JsonSchema/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Bruno Prieto Reis",
+                    "email": "bruno.p.reis@gmail.com"
+                },
+                {
+                    "name": "Justin Rainbow",
+                    "email": "justin.rainbow@gmail.com"
+                },
+                {
+                    "name": "Igor Wiedler",
+                    "email": "igor@wiedler.ch"
+                },
+                {
+                    "name": "Robert Schönthal",
+                    "email": "seroscho@googlemail.com"
+                }
+            ],
+            "description": "A library to validate a json schema.",
+            "homepage": "https://github.com/justinrainbow/json-schema",
+            "keywords": [
+                "json",
+                "schema"
+            ],
+            "support": {
+                "issues": "https://github.com/justinrainbow/json-schema/issues",
+                "source": "https://github.com/justinrainbow/json-schema/tree/5.2.12"
+            },
+            "time": "2022-04-13T08:02:27+00:00"
+        },
         {
             "name": "laravel/serializable-closure",
             "version": "v1.3.0",

php/containers-schema.json

@@ -113,6 +113,14 @@
 							"pattern": "^nextcloud_aio_[a-z_]+$"
 						}
 					},
+					"nextcloud_exec_commands": {
+						"type": "array",
+						"items": {
+							"type": "string",
+							"pattern": "^(php /var/www/html/occ .*|echo .*)$",
+							"minlength": 1
+						}
+					},
 					"volumes": {
 						"type": "array",
 						"items": {

php/containers.json

@@ -228,7 +228,11 @@
           "writeable": true
         }
       ],
-      "restart": "unless-stopped"
+      "restart": "unless-stopped",
+      "nextcloud_exec_commands": [
+        "echo 'Activating collabora config...'",
+        "php /var/www/html/occ richdocuments:activate-config"
+      ]
     },
     {
       "container_name": "nextcloud-aio-talk",
@@ -273,7 +277,8 @@
         "BACKUP_RESTORE_PASSWORD=%BACKUP_RESTORE_PASSWORD%",
         "ADDITIONAL_DIRECTORIES_BACKUP=%ADDITIONAL_DIRECTORIES_BACKUP%",
         "BORGBACKUP_HOST_LOCATION=%BORGBACKUP_HOST_LOCATION%",
-        "BORG_HOST_ID=nextcloud-aio-borgbackup"
+        "BORG_HOST_ID=nextcloud-aio-borgbackup",
+        "BORG_RETENTION_POLICY=%BORG_RETENTION_POLICY%"
       ],
       "volumes": [
         {

php/src/Container/Container.php

@@ -29,6 +29,7 @@ class Container {
     private bool $apparmorUnconfined;
     /** @var string[] */
     private array $backupVolumes;
+    private array $nextcloudExecCommands;
     private DockerActionManager $dockerActionManager;
 
     public function __construct(
@@ -48,6 +49,7 @@ class Container {
         int $shmSize,
         bool $apparmorUnconfined,
         array $backupVolumes,
+        array $nextcloudExecCommands,
         DockerActionManager $dockerActionManager
     ) {
         $this->identifier = $identifier;
@@ -66,6 +68,7 @@ class Container {
         $this->shmSize = $shmSize;
         $this->apparmorUnconfined = $apparmorUnconfined;
         $this->backupVolumes = $backupVolumes;
+        $this->nextcloudExecCommands = $nextcloudExecCommands;
         $this->dockerActionManager = $dockerActionManager;
     }
 
@@ -148,6 +151,10 @@ class Container {
         return $this->dependsOn;
     }
 
+    public function GetNextcloudExecCommands() : array {
+        return $this->nextcloudExecCommands;
+    }
+
     public function GetEnvironmentVariables() : ContainerEnvironmentVariables {
         return $this->containerEnvironmentVariables;
     }

php/src/ContainerDefinitionFetcher.php

@@ -12,6 +12,7 @@ use AIO\Container\State\RunningState;
 use AIO\Data\ConfigurationManager;
 use AIO\Data\DataConst;
 use AIO\Docker\DockerActionManager;
+use JsonSchema\Validator;
 
 class ContainerDefinitionFetcher
 {
@@ -40,12 +41,27 @@ class ContainerDefinitionFetcher
         throw new \Exception("The provided id " . $id . " was not found in the container definition.");
     }
 
+    private function validateJson(object $data): void {
+        // Validate against json schema
+        $validator = new Validator;
+        $validator->validate($data, (object)[file_get_contents(__DIR__ . '/../containers-schema.json')]);
+        if (!$validator->isValid()) {
+            error_log("JSON does not validate. Violations:");
+            foreach ($validator->getErrors() as $error) {
+                error_log(printf("[%s] %s\n", $error['property'], $error['message']));
+            }
+        }
+    }
+
     /**
      * @return array
      */
     private function GetDefinition(bool $latest): array
     {
-        $data = json_decode(file_get_contents(__DIR__ . '/../containers.json'), true);
+        $rawData = file_get_contents(__DIR__ . '/../containers.json');
+        $objectData = json_decode($rawData, false);
+        $this->validateJson($objectData);
+        $data = json_decode($rawData, true);
 
         $containers = [];
         foreach ($data['aio_services_v1'] as $entry) {
@@ -233,6 +249,11 @@ class ContainerDefinitionFetcher
                 $backupVolumes = $entry['backup_volumes'];
             }
 
+            $nextcloudExecCommands = [];
+            if (isset($entry['nextcloud_exec_commands'])) {
+                $nextcloudExecCommands = $entry['nextcloud_exec_commands'];
+            }
+
             $containers[] = new Container(
                 $entry['container_name'],
                 $displayName,
@@ -250,6 +271,7 @@ class ContainerDefinitionFetcher
                 $shmSize,
                 $apparmorUnconfined,
                 $backupVolumes,
+                $nextcloudExecCommands,
                 $this->container->get(DockerActionManager::class)
             );
         }

php/src/Controller/DockerController.php

@@ -172,6 +172,9 @@ class DockerController
         // Start container
         $this->startTopContainer(true);
 
+        // Clear apcu cache in order to check if container updates are available
+        apcu_clear_cache();
+
         return $response->withStatus(201)->withHeader('Location', '/');
     }
 

php/src/Data/ConfigurationManager.php

@@ -157,10 +157,10 @@ class ConfigurationManager
 
     public function isImaginaryEnabled() : bool {
         $config = $this->GetConfig();
-        if (isset($config['isImaginaryEnabled']) && $config['isImaginaryEnabled'] === 1) {
-            return true;
-        } else {
+        if (isset($config['isImaginaryEnabled']) && $config['isImaginaryEnabled'] === 0) {
             return false;
+        } else {
+            return true;
         }
     }
 
@@ -581,6 +581,13 @@ class ConfigurationManager
         return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
     }
 
+    public function GetBorgRetentionPolicy() : string {
+        $envVariableName = 'BORG_RETENTION_POLICY';
+        $configName = 'borg_retention_policy';
+        $defaultValue = '--keep-within=7d --keep-weekly=4 --keep-monthly=6';
+        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+    }
+
     public function GetDockerSocketPath() : string {
         $envVariableName = 'WATCHTOWER_DOCKER_SOCKET_PATH';
         $configName = 'docker_socket_path';
@@ -768,7 +775,7 @@ class ConfigurationManager
         if (is_string($apps)) {
             return trim($apps);
         }
-        return 'deck twofactor_totp tasks calendar contacts';
+        return 'deck twofactor_totp tasks calendar contacts notes';
     }
 
     public function GetCollaboraDictionaries() : string {

php/src/Docker/DockerActionManager.php

@@ -235,6 +235,10 @@ class DockerActionManager
         }
 
         $envs = $container->GetEnvironmentVariables()->GetVariables();
+        // Special thing for the nextcloud container
+        if ($container->GetIdentifier() === 'nextcloud-aio-nextcloud') {
+            $envs[] = $this->GetAllNextcloudExecCommands();
+        }
         foreach($envs as $key => $env) {
             // TODO: This whole block below is a hack and needs to get reworked in order to support multiple substitutions per line by default for all envs
             if (str_starts_with($env, 'extra_params=')) {
@@ -328,6 +332,8 @@ class DockerActionManager
                     $replacements[1] = $this->configurationManager->GetNextcloudMemoryLimit();
                 } elseif ($out[1] === 'NEXTCLOUD_MAX_TIME') {
                     $replacements[1] = $this->configurationManager->GetNextcloudMaxTime();
+                } elseif ($out[1] === 'BORG_RETENTION_POLICY') {
+                    $replacements[1] = $this->configurationManager->GetBorgRetentionPolicy();
                 } elseif ($out[1] === 'NEXTCLOUD_TRUSTED_CACERTS_DIR') {
                     $replacements[1] = $this->configurationManager->GetTrustedCacertsDir();
                 } elseif ($out[1] === 'ADDITIONAL_DIRECTORIES_BACKUP') {
@@ -508,29 +514,44 @@ class DockerActionManager
         }
     }
 
-    private function getBackupVolumes(string $id) : array
+    private function getBackupVolumes(string $id) : string
     {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
-        $backupVolumes = $container->GetBackupVolumes();
-
+        $backupVolumes = '';
+        foreach ($container->GetBackupVolumes() as $backupVolume) {
+            $backupVolumes .= $backupVolume . ' ';
+        }
         foreach ($container->GetDependsOn() as $dependency) {
-            $backupVolumes[] = $this->getBackupVolumes($dependency);
+            $backupVolumes .= $this->getBackupVolumes($dependency);
         }
         return $backupVolumes;
     }
 
     private function getAllBackupVolumes() : array {
         $id = 'nextcloud-aio-apache';
-        $backupVolumesArray = $this->getBackupVolumes($id);
-        // Flatten array
-        $backupVolumesArrayFlat = iterator_to_array(
-            new \RecursiveIteratorIterator(
-                new \RecursiveArrayIterator($backupVolumesArray)
-            ),
-            $use_keys = false
-        );
-        return array_unique($backupVolumesArrayFlat);
+        $backupVolumesArray = explode(' ', $this->getBackupVolumes($id));
+        return array_unique($backupVolumesArray);
+    }
+
+    private function GetNextcloudExecCommands(string $id) : string
+    {
+        $container = $this->containerDefinitionFetcher->GetContainerById($id);
+
+        $nextcloudExecCommands = '';
+        foreach ($container->GetNextcloudExecCommands() as $execCommand) {
+            $nextcloudExecCommands .= $execCommand . PHP_EOL;
+        }
+        foreach ($container->GetDependsOn() as $dependency) {
+            $nextcloudExecCommands .= $this->GetNextcloudExecCommands($dependency);
+        }
+        return $nextcloudExecCommands;
+    }
+
+    private function GetAllNextcloudExecCommands() : string
+    {
+        $id = 'nextcloud-aio-apache';
+        return 'NEXTCLOUD_EXEC_COMMANDS=' . $this->GetNextcloudExecCommands($id);
     }
 
     private function GetRepoDigestsOfContainer(string $containerName) : ?array {

php/templates/containers.twig

@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v5.2.2</h1>
+        <h1>Nextcloud AIO v6.0.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>
@@ -26,8 +26,8 @@
         {% set isWatchtowerRunning = false %}
         {% set isBackupOrRestoreRunning = false %}
         {% set isApacheStarting = false %}
-        {# Setting newMajorVersion to '' will hide corresponding options/elements #}
-        {% set newMajorVersion = 26 %}
+        {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
+        {% set newMajorVersion = '' %}
 
         {% if is_backup_container_running == true %}
             {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}
@@ -407,7 +407,7 @@
                                 The backup itself uses a tool that is called <a href="https://github.com/borgbackup/borg#what-is-borgbackup"><b>BorgBackup</b></a> which is a well-known server backup tool that efficiently backs up your files and encrypts them on the fly. <br /><br/>
                                 Backups get created in the following directory on the host: <b>{{ borg_backup_host_location }}/borg</b> <br /><br/>
                                 Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.<br><br>
-                                Regarding backup retention, see <b><a href="https://github.com/nextcloud/all-in-one/discussions/1675">this</a></b>.<br><br>
+                                Regarding backup retention, see <b><a href="https://github.com/nextcloud/all-in-one#how-to-adjust-borgs-retention-policy">this</a></b>.<br><br>
                                 Daily backups can get enabled after the initial backup is done. Enabling this also allows to enable an option that allows to update all containers, Nextcloud and its apps automatically.<br><br>
                                 For further documentation and options on this backup solution refer to <b><a href="https://github.com/nextcloud/all-in-one#backup-solution">this section</a></b> and below.<br>
 

readme.md

@@ -17,10 +17,10 @@ Included are:
 - Update and backup notifications included
 - Daily backups can get enabled from the AIO interface which also allows to update all containers, Nextcloud and its apps afterwards automatically
 - Instance restore from backup archive via the AIO interface included (you only need the archive and the password in order to restore the whole instance on a new AIO instance)
-- APCU as local cache
+- APCu as local cache
 - Redis as distributed cache and for file locking
 - Postgresql as database
-- PHP-FPM with performance-optimized config
+- PHP-FPM with performance-optimized config (e.g. Opcache and JIT enabled by default)
 - A+ security in Nextcloud security scan
 - Ready to be used behind existing [Reverse proxies](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md)
 - Can be used behind [Cloudflare Tunnel](https://github.com/nextcloud/all-in-one#how-to-run-nextcloud-behind-a-cloudflare-tunnel)
@@ -28,6 +28,7 @@ Included are:
 - PHP and web server timeouts set to 3600s, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud) (important for big file uploads)
 - Defaults to a max of 512 MB RAM per PHP process, [adjustable](https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud)
 - Automatic TLS included (by using Let's Encrypt)
+- Brotli compression enabled by default for javascript files which reduces Nextcloud load times
 - HTTP/2 and HTTP/3 enabled
 - "Pretty URLs" for Nextcloud are enabled by default (removes the index.php from all links)
 - Video previews work out of the box and when Imaginary is enabled, many recent image formats as well!
@@ -52,7 +53,7 @@ Included are:
 - Can be used with [Docker rootles](https://github.com/nextcloud/all-in-one/blob/main/docker-rootless.md) (good for additional security)
 - Runs on all platforms Docker supports (e.g. also on Windows and Macos)
 - Included containers easy to debug by having the possibility to check their logs directly from the AIO interface
-- [Docker-compose ready](https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml)
+- [Docker-compose ready](./compose.yaml)
 - Can be installed [without a container having access to the docker socket](https://github.com/nextcloud/all-in-one/tree/main/manual-install)
 - Can be installed with [Docker Swarm](https://github.com/nextcloud/all-in-one#can-i-run-this-with-docker-swarm)
 - Can be installed with [Kubernetes](https://github.com/nextcloud/all-in-one/tree/main/nextcloud-aio-helm-chart)
@@ -107,7 +108,7 @@ The following instructions are meant for installations without a web server or r
     - `--volume nextcloud_aio_mastercontainer:/mnt/docker-aio-config` This means that the files that are created by the mastercontainer will be stored in a docker volume that is called `nextcloud_aio_mastercontainer`. This line is not allowed to be changed, since built-in backups would fail later on.
     - `--volume /var/run/docker.sock:/var/run/docker.sock:ro` The docker socket is mounted into the container which is used for spinning up all the other containers and for further features. It needs to be adjusted on Windows/macOS and on docker rootless. See the applicable documentation on this. If adjusting, don't forget to also set `WATCHTOWER_DOCKER_SOCKET_PATH`! If you dislike this, see https://github.com/nextcloud/all-in-one/tree/main/manual-install.
     - `nextcloud/all-in-one:latest` This is the docker container image that is used.
-    - Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml
+    - Further options can be set using environment variables, for example `--env NEXTCLOUD_DATADIR="/mnt/ncdata"` (This is an example for Linux. See [this](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) for other OS' and for an explanation of what this value does. This specific one needs to be specified upon the first startup if you want to change it to a specific path instead of the default Docker volume). To see explanations and examples for further variables (like changing the location of Nextcloud's datadir or mounting some locations as external storage into the Nextcloud container), read through this readme and look at the docker-compose file: https://github.com/nextcloud/all-in-one/blob/main/compose.yaml
     </details>
 
     Note: You may be interested in adjusting Nextcloud’s datadir to store the files in a different location than the default docker volume. See [this documentation](https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir) on how to do it.
@@ -189,16 +190,17 @@ If you have the NAS setup on your local network (which is most often the case) y
 </details>
 
 ### How to run AIO with Portainer?
-The easiest way to run it with Portainer on Linux is to use Portainer's stacks feature and use [this docker-compose file](./docker-compose.yml) in order to start AIO correctly. 
+The easiest way to run it with Portainer on Linux is to use Portainer's stacks feature and use [this docker-compose file](./compose.yaml) in order to start AIO correctly. 
 
 ### Notes on Cloudflare (proxy/tunnel)
-- It is known that the domain validation may not work correctly behind Cloudflare. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
+- Using Cloudflare Tunnel potentially slows down Nextcloud by a lot since local access via the configured domain is not possible since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally.
+- It is known that the domain validation may not work correctly behind Cloudflare since Cloudflare might block the validation attempt. You can simply skip it in that case by following: https://github.com/nextcloud/all-in-one#how-to-skip-the-domain-validation
 - Make sure to [disable Cloudflares Rocket Loader feature](https://help.nextcloud.com/t/login-page-not-working-solved/149417/8) as otherwise Nextcloud's login prompt will not be shown.
 - Cloudflare only supports uploading files up to 100 MB in the free plan, if you try to upload bigger files you will get an error (413 - Payload Too Large) if no chunking is used (e.g. for public uploads in the web, or if chunks are configured to be bigger than 100 MB in the clients or the web). If you need to upload bigger files, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
 - Cloudflare only allows a max timeout of 100s for requests which is not configurable. This means that any server-side processing e.g. for assembling chunks for big files during upload that take longer than 100s will simply not work. See https://github.com/nextcloud/server/issues/19223. If you need to upload big files reliably, you need to disable the proxy option in your DNS settings, or you must use another proxy than Cloudflare tunnels. Both options will disable Cloudflare DDoS protection.
 - It is known that the in AIO included collabora (Nextcloud Office) does not work out of the box behind Cloudflare. To make it work, you need to add all [Cloudflare IP-ranges](https://www.cloudflare.com/ips/) to the wopi-allowlist in `https://yourdomain.com/settings/admin/richdocuments`
 - Cloudflare Proxy might block the Turnserver for Nextcloud Talk from working correctly. You might want to disable Cloudflare Proxy thus. See https://github.com/nextcloud/all-in-one/discussions/2463#discussioncomment-5779981
-- The built-in High performance backend for Nextcloud Talk will potentially not work out-of-the-box since it needs a separate port (by default 3478 or as chosen) available on the same domain. If you still want to use the feature, you will need to adjust and test your settings in `https://yourdomain.com/settings/admin/talk`.
+- The built-in turn-server for Nextcloud Talk will not work behind Cloudflare Tunnel since it needs a separate port (by default 3478 or as chosen) available on the same domain. If you still want to use the feature, you will need to adjust and test your settings in `https://yourdomain.com/settings/admin/talk`.
 - If you get an error in Nextcloud's admin overview that the HSTS header is not set correctly, you might need to enable it in Cloudflare manually.
 - If you are using AIO's built-in Reverse Proxy and don't use your own, then may the certificate issuing possibly not work out-of-the-box because Cloudflare might block the attempt. In that case you need to disable the Proxy feature at least temporarily in order to make it work. See https://github.com/nextcloud/all-in-one/discussions/1101.
 
@@ -223,6 +225,9 @@ You can install AIO in reverse proxy mode where is also documented how to get it
 ### How to run Nextcloud locally?
 If you do not want to open Nextcloud to the public internet, you may have a look at the following documentation how to set it up locally: [local-instance.md](./local-instance.md)
 
+### Can I run AIO offline or in an airgapped system?
+No. This is not possible and will not be added due to multiple reasons: update checks, app installs via app-store, downloading additional docker images on demand and more.
+
 ### Are self-signed certificates supported for Nextcloud?
 No and they will not be. If you want to run it locally, without opening Nextcloud to the public internet, please have a look at the [local instance documentation](./local-instance.md).
 
@@ -236,7 +241,11 @@ No and they will not be. Please use a dedicated domain for Nextcloud and set it
 No and it will not be added. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md).
 
 ### How can I access Nextcloud locally?
-The recommended way is to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your server that runs Nextcloud AIO. Below are some guides:
+Please note that local access is not possible if you should be running AIO behind Cloudflare Tunnel since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally and will make the steps below work.
+
+Please make sure that if you should be running AIO behind a reverse proxy, that the reverse proxy is configured to use port 443 on the server that runs it. Otherwise the steps below will not work.
+
+Now that this is out of the way, the recommended way how to access Nextcloud locally, is to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your server that runs Nextcloud AIO. Below are some guides:
 - https://www.howtogeek.com/devops/how-to-run-your-own-dns-server-on-your-local-network/
 - https://help.nextcloud.com/t/need-help-to-configure-internal-access/156075/6
 - https://howchoo.com/pi/pi-hole-setup together with https://web.archive.org/web/20221203223505/https://docs.callitkarma.me/posts/PiHole-Local-DNS/
@@ -337,10 +346,11 @@ Daily backups can get enabled after the initial backup is done. Enabling this al
 
 Be aware that this solution does not back up files and folders that are mounted into Nextcloud using the external storage app - but you can add further Docker volumes and host paths that you want to back up after the initial backup is done.
 
-Regarding backup retention, see [this documentation](https://github.com/nextcloud/all-in-one/discussions/1675).
-
 ---
 
+#### How to adjust borgs retention policy?
+The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the retention policy by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out!
+
 #### Are remote borg backups supported?
 
 Not directly but you have multiple options to achieve this:
@@ -598,12 +608,12 @@ You can run AIO also with docker rootless. How to do this is documented here: [d
 No. Since Podman is not 100% compatible with the Docker API, you cannot use Podman instead of Docker (since that would add yet another platform where the maintaner would need to test on). However you can use and follow the [manual-install documentation](./manual-install/) to get AIO's containers running with Podman or use Docker rootless, as described in the above section.
 
 ### How to change the Nextcloud apps that are installed on the first startup?
-You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `--env NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
+You might want to adjust the Nextcloud apps that are installed upon the first startup of the Nextcloud container. You can do so by adding `--env NEXTCLOUD_STARTUP_APPS="deck twofactor_totp tasks calendar contacts notes"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, 0-9, spaces and hyphens or '_'. You can disable shipped and by default enabled apps by adding a hyphen in front of the appid. E.g. `-contactsinteraction`.
 
 ### How to add OS packages permanently to the Nextcloud container?
 Some Nextcloud apps require additional external dependencies that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional dependencies into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require external dependencies. 
 
-You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?name=&branch=v3.16&repo=&arch=&maintainer=. By default added is `imagemagick`. If you want to keep that, you need to specify it as well.
+You can do so by adding `--env NEXTCLOUD_ADDITIONAL_APKS="imagemagick dependency2 dependency3"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must be a string with small letters a-z, digits 0-9, spaces, dots and hyphens or '_'. You can find available packages here: https://pkgs.alpinelinux.org/packages?branch=v3.17. By default added is `imagemagick`. If you want to keep that, you need to specify it as well.
 
 ### How to add PHP extensions permanently to the Nextcloud container?
 Some Nextcloud apps require additional php extensions that must be bundled within Nextcloud container in order to work correctly. As we cannot put each and every dependency for all apps into the container - as this would make the project very fast unmaintainable - there is an official way how you can add additional php extensions into the Nextcloud container. However note that doing this is disrecommended since we do not test Nextcloud apps that require additional php extensions. 

reverse-proxy.md

@@ -100,6 +100,7 @@ https://<your-nc-domain>:443 {
     reverse_proxy localhost:11000
 }
 ```
+The Caddyfile is a text file called `Caddyfile` (no extension) which – if you should be running Caddy inside a container – should usually be created in the same location as your `compose.yaml` file prior to starting the container.
 
 Of course you need to modify `<your-nc-domain>` to the domain on which you want to run Nextcloud. Also make sure to adjust the port 11000 to match the chosen `APACHE_PORT`. **Please note:** The above configuration will only work if your reverse proxy is running directly on the host that is running the docker daemon. If the reverse proxy is running in a docker container, you can use the `--network host` option (or `network_mode: host` for docker-compose) when starting the reverse proxy container in order to connect the reverse proxy container to the host network. ***If that is not an option or not possible for you (like e.g. on Windows or if the reverse proxy is running on a different host), you can alternatively instead of `localhost` use the private ip-address of the host that is running the docker daemon. If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'`. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux)***
 
@@ -273,6 +274,11 @@ server {
 
     listen 443 ssl http2;
     listen [::]:443 ssl http2; # comment to disable IPv6
+	
+    # http3 on;              # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
+    # listen 443 quic;       # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
+    # listen [::]:443 quic;  # uncomment to enable HTTP/3 / QUIC - supported on nginx v1.25.0+
+    # add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400'; # uncomment to enable HTTP3/QUIC - supported on nginx v1.25.0+
 
     server_name <your-nc-domain>;
 
@@ -338,7 +344,7 @@ Apart from that, there is this: [manual-install](https://github.com/nextcloud/al
 
 <summary>click here to expand</summary>
 
-First, please make sure that the environmental variables `PUID` and `PGID` in the docker-compose.yml file for NPM are either unset or set to `0`.
+First, please make sure that the environmental variables `PUID` and `PGID` in the compose.yaml file for NPM are either unset or set to `0`.
 
 Second, see these screenshots for a working config:
 
@@ -567,7 +573,7 @@ Config examples for other reverse proxies are currently not documented. Pull req
 
 After adjusting your reverse proxy config, use the following command to start AIO:<br>
 
-(For an docker-compose example, see the example further [below](#inspiration-for-a-docker-compose-file).)
+(For a docker-compose example, see the example further [below](#inspiration-for-a-docker-compose-file).)
 
 ```
 # For Linux:
@@ -616,7 +622,7 @@ On Synology DSM see https://github.com/nextcloud/all-in-one#how-to-run-aio-on-sy
 
 ### Inspiration for a docker-compose file
 
-Simply translate the docker run command into a docker-compose file. You can have a look at [this file](https://github.com/nextcloud/all-in-one/blob/main/docker-compose.yml) for some inspiration but you will need to modify it either way. You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
+Simply translate the docker run command into a docker-compose file. You can have a look at [this file](https://github.com/nextcloud/all-in-one/blob/main/compose.yaml) for some inspiration but you will need to modify it either way. You can find further examples here: https://github.com/nextcloud/all-in-one/discussions/588
 
 ## 3. Limit the access to the apache container
 

tests/QA/060-environmental-variables.md

@@ -10,12 +10,13 @@
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_UPLOAD_LIMIT=11G` it should change Nextclouds upload limit to 11G. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-upload-limit-for-nextcloud for allowed values.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_MEMORY_LIMIT=1024M` it should change Nextclouds PHP memory limit to 1024M. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-php-memory-limit-for-nextcloud for allowed values.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_MAX_TIME=4000` it should change Nextclouds upload max time 4000s. See https://github.com/nextcloud/all-in-one#how-to-adjust-the-max-execution-time-for-nextcloud for allowed values.
+- [ ] When starting the mastercontainer with `--env BORG_RETENTION_POLICY="--keep-within=1d --keep-weekly=1 --keep-monthly=1"` it should change borgs retention policy to the defined one. This can be checked when creating a backup and looking at the logs.
 - [ ] When starting the mastercontainer with `--env WATCHTOWER_DOCKER_SOCKET_PATH="$XDG_RUNTIME_DIR/docker.sock"` it should map `$XDG_RUNTIME_DIR/docker.sock` to `/var/run/docker.sock` inside the watchtower container which allow to update the mastercontainer on docker rootless.
 - [ ] When starting the mastercontainer with `--env AIO_DISABLE_BACKUP_SECTION=true` it should hide the backup section that gets shown after AIO is set up (everything of [020-backup-and-restore](./020-backup-and-restore.md)) and simply show that the backup section is disabled.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_TRUSTED_CACERTS_DIR=/path/to/my/cacerts`, the resulting nextcloud container should trust all the Certification Authorities, whose certificates are included in the directory `/path/to/my/cacerts` on the host.
 See https://github.com/nextcloud/all-in-one#how-to-trust-user-defiend-certification-authorities-ca
 - [ ] When starting the mastercontainer with `--env COLLABORA_SECCOMP_DISABLED=true`, the resulting collabora container should have `--o:security.seccomp=false` applied to it.
-- [ ] When starting the mastercontainer with `--env NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `deck twofactor_totp tasks calendar contacts`.
+- [ ] When starting the mastercontainer with `--env NEXTCLOUD_STARTUP_APPS=deck`, the resulting Nextcloud should have only installed the deck app and not the other apps that get installed by default. Default are `deck twofactor_totp tasks calendar contacts notes`.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ADDITIONAL_APKS=zip`, the resulting Nextcloud container should have the zip package installed and not imagemagick.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS=inotify`, the resulting Nextcloud container should have the inotify extension installed and not the imagick extension.
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true`, the resulting Nextcloud container should have the /dev/dri device mounted into the container. (Only works if a `/dev/dri` device is present on the host)