Merge pull request #3805 from nextcloud/enh/noid/disable-volumes

Signed-off-by: Simon L <szaimen@e.mail.de>

.github/workflows/lint-helm.yml

@@ -21,7 +21,7 @@ jobs:
           version: v3.11.1
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.4.0
+        uses: helm/chart-testing-action@v2.6.1
 
       - name: Run chart-testing (lint)
         id: lint

.github/workflows/lock-threads.yml

@@ -14,7 +14,7 @@ jobs:
   action:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@v4
+      - uses: dessant/lock-threads@v5
         with: 
           issue-inactive-days: '14'
           process-only: 'issues'

.github/workflows/talk.yml

@@ -11,18 +11,18 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-    - name: Run talk-update
+    - name: Run talk-container-update
       run: |
-        # Spreed
-        spreed_version="$(
-          git ls-remote https://github.com/nextcloud/spreed v*.*.* \
+        # Recording
+        recording_version="$(
+          git ls-remote https://github.com/nextcloud/nextcloud-talk-recording v* \
             | cut -d/ -f3 \
             | sort -V \
-            | grep -E "^v[0-9]+\.[0-9]+\.[0-9]+$" \
+            | grep -E "^v[0-9\.]+$" \
             | tail -1
         )"
-        sed -i "s|^ENV RECORDING_VERSION.*$|ENV RECORDING_VERSION $spreed_version|" ./Containers/talk-recording/Dockerfile
-        curl -L "https://raw.githubusercontent.com/nextcloud/spreed/$spreed_version/recording/server.conf.in" -o Containers/talk-recording/recording.conf
+        sed -i "s|^ENV RECORDING_VERSION.*$|ENV RECORDING_VERSION $recording_version|" ./Containers/talk-recording/Dockerfile
+        curl -L "https://raw.githubusercontent.com/nextcloud/nextcloud-talk-recording/$recording_version/server.conf.in" -o Containers/talk-recording/recording.conf
         
         # Signaling
         signaling_version="$(
@@ -49,7 +49,7 @@ jobs:
       with:
         commit-message: talk-update automated change
         signoff: true
-        title: talk update
+        title: talk container update
         body: Automated talk container update
         labels: dependencies, 3. to review
         milestone: next

Containers/apache/start.sh

@@ -18,7 +18,7 @@ while ! nc -z "$NEXTCLOUD_HOST" 9000; do
 done
 
 # Get ipv4-address of Apache
-IPv4_ADDRESS="$(dig nextcloud-aio-apache A +short | head -1)"
+IPv4_ADDRESS="$(dig nextcloud-aio-apache A +short +search | head -1)"
 # Bring it in CIDR notation
 # shellcheck disable=SC2001
 IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|1/32|')"

Containers/borgbackup/backupscript.sh

@@ -72,10 +72,10 @@ if [ "$BORG_MODE" = backup ]; then
         exit 1
     fi
 
-    # Test that nothing is empty
-    for directory in "${VOLUME_DIRS[@]}"; do
-        if [ -z "$(ls -A "$directory")" ] && [ "$directory" != "/nextcloud_aio_volumes/nextcloud_aio_elasticsearch" ]; then
-            echo "$directory is empty which is not allowed."
+    # Test that default volumes are not empty
+    for volume in "${DEFAULT_VOLUMES[@]}"; do
+        if [ -z "$(ls -A "/nextcloud_aio_volumes/$volume")" ] && [ "$volume" != "nextcloud_aio_elasticsearch" ]; then
+            echo "/nextcloud_aio_volumes/$volume is empty which should not happen!"
             exit 1
         fi
     done

Containers/clamav/Dockerfile

@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.0-9
+FROM clamav/clamav:1.2.1-16
 
 COPY clamav.conf /tmp/clamav.conf
 

Containers/collabora/Dockerfile

@@ -1,5 +1,5 @@
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:23.05.5.1.1
+FROM collabora/code:23.05.5.4.1
 
 USER root
 

Containers/docker-socket-proxy/Dockerfile

@@ -1,4 +1,4 @@
-FROM haproxy:2.8.3-alpine3.18
+FROM haproxy:2.8.4-alpine3.18
 
 # hadolint ignore=DL3002
 USER root

Containers/docker-socket-proxy/start.sh

@@ -7,11 +7,11 @@ while ! nc -z "$NEXTCLOUD_HOST" 9001; do
 done
 
 set -x
-IPv4_ADDRESS_NC="$(dig nextcloud-aio-nextcloud IN A +short | grep '^[0-9.]\+$' | sort | head -n1)"
+IPv4_ADDRESS_NC="$(dig nextcloud-aio-nextcloud IN A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
 HAPROXYFILE="$(sed "s|NC_IPV4_PLACEHOLDER|$IPv4_ADDRESS_NC|" /haproxy.cfg)" 
 echo "$HAPROXYFILE" > /tmp/haproxy.cfg
 
-IPv6_ADDRESS_NC="$(dig nextcloud-aio-nextcloud AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+IPv6_ADDRESS_NC="$(dig nextcloud-aio-nextcloud AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 if [ -n "$IPv6_ADDRESS_NC" ]; then
     HAPROXYFILE="$(sed "s|NC_IPV6_PLACEHOLDER|$IPv6_ADDRESS_NC|" /tmp/haproxy.cfg)"
 else

Containers/fulltextsearch/Dockerfile

@@ -1,5 +1,5 @@
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.10.2
+FROM elasticsearch:8.11.0
 
 USER root
 

Containers/imaginary/Dockerfile

@@ -1,6 +1,6 @@
-FROM golang:1.21.3-alpine3.18 as go
+FROM golang:1.21.4-alpine3.18 as go
 
-ENV IMAGINARY_HASH b632dae8cc321452c3f85bcae79c580b1ae1ed84
+ENV IMAGINARY_HASH 7efb66c243056e5b3b65215e101be7915983e364
 
 RUN set -ex; \
     apk add --no-cache \

Containers/mastercontainer/Dockerfile

@@ -1,11 +1,11 @@
 # Docker CLI is a requirement
-FROM docker:24.0.6-cli as docker
+FROM docker:24.0.7-cli as docker
 
 # Caddy is a requirement
 FROM caddy:2.7.5-alpine as caddy
 
 # From https://github.com/docker-library/php/blob/master/8.2/alpine3.18/fpm/Dockerfile
-FROM php:8.2.11-fpm-alpine3.18
+FROM php:8.2.12-fpm-alpine3.18
 
 EXPOSE 80
 EXPOSE 8080
@@ -42,7 +42,7 @@ RUN set -ex; \
     apk add --no-cache --virtual .build-deps \
         autoconf \
         build-base; \
-    pecl install APCu-5.1.22; \
+    pecl install APCu-5.1.23; \
     docker-php-ext-enable apcu; \
     rm -r /tmp/pear; \
     runDeps="$( \

Containers/nextcloud/Dockerfile

@@ -1,4 +1,4 @@
-FROM php:8.1.24-fpm-alpine3.18
+FROM php:8.1.25-fpm-alpine3.18
 
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
@@ -68,9 +68,9 @@ RUN set -ex; \
     ; \
     \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.22; \
+    pecl install APCu-5.1.23; \
     pecl install memcached-3.2.0; \
-    pecl install redis-6.0.1; \
+    pecl install redis-6.0.2; \
     pecl install imagick-3.7.0; \
     \
     docker-php-ext-enable \
@@ -195,10 +195,10 @@ RUN set -ex; \
     \
     grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's/^pm.start_servers =.*/pm.start_servers = 2/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's/^pm.min_spare_servers =.*/pm.min_spare_servers = 1/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's/^pm.max_spare_servers =.*/pm.max_spare_servers = 3/' /usr/local/etc/php-fpm.d/www.conf; \
+# Sync this with max db connections
+# We don't actually expect so many children but don't want to limit it artificially because people will report issues otherwise.
+# Also children will usually be terminated again after the process is done due to the ondemand setting
+    sed -i 's/^pm.max_children =.*/pm.max_children = 5000/' /usr/local/etc/php-fpm.d/www.conf; \
     sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
     \
     rm -rf /tmp/nextcloud-aio && \

Containers/nextcloud/config/apps.config.php

@@ -12,4 +12,5 @@ $CONFIG = array (
               'writable' => true,
       ),
   ),
+  'appsallowlist' => getenv('APPS_ALLOWLIST') ? explode(" ", getenv('APPS_ALLOWLIST')) : [],
 );

Containers/nextcloud/config/smtp.config.php

@@ -0,0 +1,20 @@
+<?php
+if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
+  $CONFIG = array (
+    'mail_smtpmode' => 'smtp',
+    'mail_smtphost' => getenv('SMTP_HOST'),
+    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
+    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
+    'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'),
+    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
+    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
+    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
+    'mail_domain' => getenv('MAIL_DOMAIN'),
+  );
+
+  if (getenv('SMTP_PASSWORD')) {
+      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
+  } else {
+      $CONFIG['mail_smtppassword'] = '';
+  }
+}

Containers/nextcloud/entrypoint.sh

@@ -30,13 +30,6 @@ redis.session.lock_retries = -1
 redis.session.lock_wait_time = 10000
 REDIS_CONF
 
-echo "Setting php max children..."
-MEMORY=$(awk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
-PHP_MAX_CHILDREN=$((MEMORY/50))
-if [ -n "$PHP_MAX_CHILDREN" ]; then
-    sed -i "s/^pm.max_children =.*/pm.max_children = $PHP_MAX_CHILDREN/" /usr/local/etc/php-fpm.d/www.conf
-fi
-
 # Check permissions in ncdata
 touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
 if ! [ -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" ]; then
@@ -471,6 +464,10 @@ php /var/www/html/occ config:system:set one-click-instance --value=true --type=b
 php /var/www/html/occ config:system:set one-click-instance.user-limit --value=100 --type=int
 php /var/www/html/occ config:system:set one-click-instance.link --value="https://nextcloud.com/all-in-one/"
 php /var/www/html/occ app:enable support
+if [ -n "$SUBSCRIPTION_KEY" ] && [ -z "$(php /var/www/html/occ config:app:get support potential_subscription_key)" ]; then
+    php /var/www/html/occ config:app:set support potential_subscription_key --value="$SUBSCRIPTION_KEY"
+    php /var/www/html/occ config:app:delete support last_check
+fi
 
 # Adjusting log files to be stored on a volume
 echo "Adjusting log files..."
@@ -498,8 +495,14 @@ else
 fi
 
 # AIO app
-if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" != "yes" ]; then
-    php /var/www/html/occ app:enable nextcloud-aio
+if [ "$THIS_IS_AIO" = "true" ]; then
+    if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" != "yes" ]; then
+        php /var/www/html/occ app:enable nextcloud-aio
+    fi
+else
+    if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" != "no" ]; then
+        php /var/www/html/occ app:disable nextcloud-aio
+    fi
 fi
 
 # Notify push
@@ -510,8 +513,12 @@ elif [ "$(php /var/www/html/occ config:app:get notify_push enabled)" != "yes" ];
 elif [ "$SKIP_UPDATE" != 1 ]; then
     php /var/www/html/occ app:update notify_push
 fi
+chmod 775 -R /var/www/html/custom_apps/notify_push/bin/
 php /var/www/html/occ config:system:set trusted_proxies 0 --value="127.0.0.1"
 php /var/www/html/occ config:system:set trusted_proxies 1 --value="::1"
+if [ -n "$ADDITIONAL_TRUSTED_PROXY" ]; then
+    php /var/www/html/occ config:system:set trusted_proxies 2 --value="$ADDITIONAL_TRUSTED_PROXY"
+fi
 php /var/www/html/occ config:app:set notify_push base_endpoint --value="https://$NC_DOMAIN/push"
 
 # Collabora
@@ -527,8 +534,8 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
     # Fix https://github.com/nextcloud/all-in-one/issues/188:
     php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
     # Make collabora more save
-    COLLABORA_IPv4_ADDRESS="$(dig "$NC_DOMAIN" A +short | grep '^[0-9.]\+$' | sort | head -n1)"
-    COLLABORA_IPv6_ADDRESS="$(dig "$NC_DOMAIN" AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+    COLLABORA_IPv4_ADDRESS="$(dig "$NC_DOMAIN" A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
+    COLLABORA_IPv6_ADDRESS="$(dig "$NC_DOMAIN" AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
     COLLABORA_ALLOW_LIST="$(php /var/www/html/occ config:app:get richdocuments wopi_allowlist)"
     if [ -n "$COLLABORA_IPv4_ADDRESS" ]; then
         if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv4_ADDRESS"; then
@@ -557,6 +564,11 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
         if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$PRIVATE_IP_RANGES"; then
             COLLABORA_ALLOW_LIST+=",$PRIVATE_IP_RANGES"
         fi
+        if [ -n "$ADDITIONAL_TRUSTED_PROXY" ]; then
+            if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$ADDITIONAL_TRUSTED_PROXY"; then
+                COLLABORA_ALLOW_LIST+=",$ADDITIONAL_TRUSTED_PROXY"
+            fi
+        fi
         php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value="$COLLABORA_ALLOW_LIST"
     else
         echo "Warning: wopi_allowlist is empty which should not be the case!"

Containers/nextcloud/start.sh

@@ -131,17 +131,18 @@ if ! sudo -E -u www-data bash /entrypoint.sh; then
     exit 1
 fi
 
-while [ -z "$(dig nextcloud-aio-apache A +short)" ]; do
+while [ "$THIS_IS_AIO" = "true" ] && [ -z "$(dig nextcloud-aio-apache A +short +search)" ]; do
     echo "Waiting for nextcloud-aio-apache to start..."
     sleep 5
 done
 
 set -x
-if [ "$APACHE_PORT" = 443 ] || [ "$APACHE_IP_BINDING" = "127.0.0.1" ] || [ "$APACHE_IP_BINDING" = "::1" ]; then
-    IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short | grep '^[0-9.]\+$' | sort | head -n1)"
-    IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-    IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short | grep '^[0-9.]\+$' | sort | head -n1)"
-    IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+# shellcheck disable=SC2235
+if [ "$THIS_IS_AIO" = "true" ] && ([ "$APACHE_PORT" = 443 ] || [ "$APACHE_IP_BINDING" = "127.0.0.1" ] || [ "$APACHE_IP_BINDING" = "::1" ]); then
+    IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
+    IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+    IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
+    IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 
     sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
     sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER|" /usr/local/etc/php-fpm.d/www.conf

Containers/onlyoffice/Dockerfile

@@ -1,5 +1,5 @@
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:7.5.0.1
+FROM onlyoffice/documentserver:7.5.1.1
 
 # USER root is probably used
 

Containers/postgresql/Dockerfile

@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
-FROM postgres:15.4-alpine
+FROM postgres:15.5-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh

Containers/postgresql/start.sh

@@ -31,7 +31,7 @@ fi
 if [ -f "$DUMP_DIR/initialization.failed" ]; then
     echo "The database initialization failed. Most likely was a wrong timezone selected."
     echo "The selected timezone is '$TZ'." 
-    echo "Please check if it is in 'TZ database name' column of the timezone list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"
+    echo "Please check if it is in the 'TZ identifier' column of the timezone list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"
     echo "For further clues on what went wrong, look at the logs above."
     echo "You might start again from scratch by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance and selecting a proper timezone."
     exit 1
@@ -148,17 +148,23 @@ fi
 
 # Modify postgresql.conf
 if [ -f "/var/lib/postgresql/data/postgresql.conf" ]; then
-    echo "Setting max connections..."
-    MEMORY=$(awk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
-    MAX_CONNECTIONS=$((MEMORY/50+3))
-    if [ -n "$MAX_CONNECTIONS" ]; then
-        sed -i "s|^max_connections =.*|max_connections = $MAX_CONNECTIONS|" "/var/lib/postgresql/data/postgresql.conf"
-    fi
+    echo "Setting postgres values..."
 
-    # Modify conf
+    # 5000 connections is apparently the highest possible value with postgres so set it to that so that we don't run into a limit here.
+    # We don't actually expect so many connections but don't want to limit it artificially because people will report issues otherwise
+    # Also connections should usually be closed again after the process is done
+    # If we should actually exceed this limit, it is definitely a bug in Nextcloud server or some of its apps that does not close connections correctly and not a bug in AIO
+    sed -i "s|^max_connections =.*|max_connections = 5000|" "/var/lib/postgresql/data/postgresql.conf"
+
+    # Do not log checkpoints
     if grep -q "#log_checkpoints" /var/lib/postgresql/data/postgresql.conf; then
         sed -i 's|#log_checkpoints.*|log_checkpoints = off|' /var/lib/postgresql/data/postgresql.conf
     fi
+
+    # Closing idling connections automatically seems to break any logic so was reverted again to default where it is disabled
+    if grep -q "^idle_session_timeout" /var/lib/postgresql/data/postgresql.conf; then
+        sed -i 's|^idle_session_timeout.*|#idle_session_timeout|' /var/lib/postgresql/data/postgresql.conf
+    fi
 fi
 
 # Catch docker stop attempts

Containers/redis/Dockerfile

@@ -1,5 +1,5 @@
 # From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
-FROM redis:7.2.2-alpine
+FROM redis:7.2.3-alpine
 
 COPY --chmod=775 start.sh /start.sh
 

Containers/talk-recording/Dockerfile

@@ -2,7 +2,7 @@ FROM python:3.12.0-alpine3.18
 
 COPY --chmod=775 start.sh /start.sh
 
-ENV RECORDING_VERSION v17.1.1
+ENV RECORDING_VERSION v0.1
 ENV ALLOW_ALL false
 ENV HPB_PROTOCOL https
 ENV SKIP_VERIFY false
@@ -22,15 +22,16 @@ RUN set -ex; \
         wget \
         shadow \
         pulseaudio \
-        openssl; \
+        openssl \
+        build-base \
+        linux-headers; \
     # chromium chromium-chromedriver?
     apk add --no-cache geckodriver --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing; \
     useradd -d /tmp --system recording; \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
-    git clone --recursive https://github.com/nextcloud/spreed --depth=1 --single-branch --branch "$RECORDING_VERSION" /src; \
-    mv -v /src/recording/pyproject.toml /src/recording/src/pyproject.toml; \
-    python3 -m pip install --no-cache-dir /src/recording/src; \
+    git clone --recursive https://github.com/nextcloud/nextcloud-talk-recording --depth=1 --single-branch --branch "$RECORDING_VERSION" /src; \
+    python3 -m pip install --no-cache-dir /src; \
     rm -rf /src; \
     touch /etc/recording.conf; \
     chown recording:recording -R \
@@ -42,7 +43,9 @@ RUN set -ex; \
         git \
         wget \
         shadow \
-        openssl;
+        openssl \
+        build-base \
+        linux-headers;
 
 WORKDIR /tmp
 USER recording

Containers/talk-recording/recording.conf

@@ -96,11 +96,15 @@
 #internalsecret = the-shared-secret-for-internal-clients
 
 [ffmpeg]
-# The options given to FFmpeg to encode the audio output. The options given here
+# The ffmpeg executable (name or full path) and the global options given to
+# ffmpeg. The options given here fully override the default global options.
+#common = ffmpeg -loglevel level+warning -n
+
+# The options given to ffmpeg to encode the audio output. The options given here
 # fully override the default options for the audio output.
 #outputaudio = -c:a libopus
 
-# The options given to FFmpeg to encode the video output. The options given here
+# The options given to ffmpeg to encode the video output. The options given here
 # fully override the default options for the video output.
 #outputvideo = -c:v libvpx -deadline:v realtime -crf 10 -b:v 1M
 
@@ -109,3 +113,11 @@
 
 # The extension of the file for audio and video recordings.
 #extensionvideo = .webm
+
+[recording]
+# Browser to use for recordings. Please note that the "chrome" value does not
+# refer to the web browser, but to the Selenium WebDriver. In practice, "chrome"
+# will use Google Chrome, or Chromium if Google Chrome is not installed.
+# Allowed values: firefox, chrome
+# Defaults to firefox
+# browser = firefox

Containers/talk-recording/start.sh

@@ -26,8 +26,6 @@ listen = 0.0.0.0:1234
 
 [backend]
 allowall = ${ALLOW_ALL}
-# TODO: remove secret below when https://github.com/nextcloud/spreed/issues/9580 is fixed
-secret = ${RECORDING_SECRET}
 backends = backend-1
 skipverify = ${SKIP_VERIFY}
 maxmessagesize = 1024
@@ -48,10 +46,14 @@ url = ${HPB_PROTOCOL}://${HPB_DOMAIN}${HPB_PATH}
 internalsecret = ${INTERNAL_SECRET}
 
 [ffmpeg]
+# common = ffmpeg -loglevel level+warning -n
 # outputaudio = -c:a libopus
 # outputvideo = -c:v libvpx -deadline:v realtime -crf 10 -b:v 1M
 extensionaudio = .ogg
 extensionvideo = .webm
+
+[recording]
+browser = firefox
 RECORDING_CONF
 
 exec "$@"

Containers/talk/Dockerfile

@@ -1,6 +1,6 @@
-FROM nats:2.10.3-scratch as nats
+FROM nats:2.10.5-scratch as nats
 FROM eturnal/eturnal:1.12.0 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:1.1.3 as signaling
+FROM strukturag/nextcloud-spreed-signaling:1.2.1 as signaling
 FROM alpine:3.18.4 as janus
 
 ARG JANUS_VERSION=v0.14.0
@@ -65,7 +65,8 @@ RUN set -ex; \
         libusrsctp \
         libwebsockets \
         \
-        shadow; \
+        shadow \
+        grep; \
     useradd --system -u 1000 eturnal; \
     apk del --no-cache \
         shadow; \

Containers/talk/server.conf.in

@@ -86,9 +86,10 @@ internalsecret = the-shared-secret-for-internal-clients
 # only be used while running the benchmark client against the server.
 allowall = false
 
-# Common shared secret for requests from and to the backend servers if
-# "allowall" is enabled. This must be the same value as configured in the
-# Nextcloud admin ui.
+# Common shared secret for requests from and to the backend servers. Used if
+# "allowall" is enabled or as fallback for individual backends that don't have
+# their own secret set.
+# This must be the same value as configured in the Nextcloud admin ui.
 #secret = the-shared-secret-for-allowall
 
 # Timeout in seconds for requests to the backend.
@@ -109,8 +110,9 @@ connectionsperhost = 8
 # URL of the Nextcloud instance
 #url = https://cloud.domain.invalid
 
-# Shared secret for requests from and to the backend servers. This must be the
-# same value as configured in the Nextcloud admin ui.
+# Shared secret for requests from and to the backend servers. Leave empty to use
+# the common shared secret from above.
+# This must be the same value as configured in the Nextcloud admin ui.
 #secret = the-shared-secret
 
 # Limit the number of sessions that are allowed to connect to this backend.
@@ -129,8 +131,9 @@ connectionsperhost = 8
 # URL of the Nextcloud instance
 #url = https://cloud.otherdomain.invalid
 
-# Shared secret for requests from and to the backend servers. This must be the
-# same value as configured in the Nextcloud admin ui.
+# Shared secret for requests from and to the backend servers. Leave empty to use
+# the common shared secret from above.
+# This must be the same value as configured in the Nextcloud admin ui.
 #secret = the-shared-secret
 
 [nats]

Containers/talk/start.sh

@@ -19,10 +19,15 @@ elif [ -z "$INTERNAL_SECRET" ]; then
 fi
 
 set -x
-IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk IN A +short | grep '^[0-9.]\+$' | sort | head -n1)"
-IPv6_ADDRESS_TALK="$(dig nextcloud-aio-talk AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+IPv4_ADDRESS_TALK_RELAY="$(hostname -i | grep -oP '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -1)"
+IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk IN A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
+IPv6_ADDRESS_TALK="$(dig nextcloud-aio-talk AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
 set +x
 
+if [ -n "$IPv4_ADDRESS_TALK" ] && [ "$IPv4_ADDRESS_TALK_RELAY" = "$IPv4_ADDRESS_TALK" ]; then
+    IPv4_ADDRESS_TALK=""
+fi
+
 # Turn
 cat << TURN_CONF > "/conf/eturnal.yml"
 eturnal:
@@ -36,13 +41,14 @@ eturnal:
   log_dir: stdout
   log_level: warning
   secret: "$TURN_SECRET"
-  relay_ipv4_addr: "$IPv4_ADDRESS_TALK"
+  relay_ipv4_addr: "$IPv4_ADDRESS_TALK_RELAY"
   relay_ipv6_addr: "$IPv6_ADDRESS_TALK"
   blacklist_peers:
   - recommended
   whitelist_peers:
   - 127.0.0.1
   - ::1
+  - "$IPv4_ADDRESS_TALK_RELAY"
   - "$IPv4_ADDRESS_TALK"
   - "$IPv6_ADDRESS_TALK"
 TURN_CONF

Containers/watchtower/Dockerfile

@@ -1,5 +1,5 @@
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
-FROM containrrr/watchtower:1.6.0 as watchtower
+FROM containrrr/watchtower:1.7.1 as watchtower
 
 FROM alpine:3.18.4
 

app/lib/Settings/Admin.php

@@ -78,6 +78,6 @@ class Admin implements ISettings {
 	 * E.g.: 70
 	 */
 	public function getPriority(): int {
-		return 5;
+		return 0;
 	}
 }

community-containers/dlna/dlna.json

@@ -0,0 +1,39 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-dlna",
+            "display_name": "DLNA",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/dlna",
+            "image": "thanek/nextcloud-dlna",
+            "image_tag": "latest",
+            "internal_port": "host",
+            "restart": "unless-stopped",
+            "depends_on": [
+                "nextcloud-aio-database"
+            ],
+            "environment": [
+                "NC_DOMAIN=%NC_DOMAIN%",
+                "NC_PORT=443",
+                "NEXTCLOUD_DLNA_SERVER_PORT=9999",
+                "NEXTCLOUD_DLNA_FRIENDLY_NAME=nextcloud-aio",
+                "NEXTCLOUD_DATA_DIR=/data",
+                "NEXTCLOUD_DB_TYPE=postgres",
+                "NEXTCLOUD_DB_HOST=%AIO_DATABASE_HOST%",
+                "NEXTCLOUD_DB_PORT=5432",
+                "NEXTCLOUD_DB_NAME=nextcloud_database",
+                "NEXTCLOUD_DB_USER=oc_nextcloud",
+                "NEXTCLOUD_DB_PASS=%DATABASE_PASSWORD%"
+            ],
+            "secrets": [
+                "DATABASE_PASSWORD"
+            ],
+            "volumes": [
+                {
+                    "source": "%NEXTCLOUD_DATADIR%",
+                    "destination": "/data",
+                    "writeable": false
+                }
+            ]
+        }
+    ]
+}

community-containers/dlna/readme.md

@@ -0,0 +1,15 @@
+## DLNA server
+This container bundles DLNA server for your Nextcloud files to be accessible by the clients in your local network. Simply run the container and look for a new media server `nextcloud-aio` in your local network.
+
+### Notes
+- This container will work only if the Nextcloud installation is in your home network, it is not suitable for installations on remote servers.
+- This is not working with Docker Desktop since it requires the `host` networking mode in docker, and it doesn't really share the host's network interfaces in this system
+- If you have a firewall like ufw configured, you might need to open at least port 9999 TCP and 1900 UDP first in order to make it work.
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/thanek/nextcloud-dlna
+
+### Maintainer
+https://github.com/thanek
+

community-containers/libretranslate/libretranslate.json

@@ -25,6 +25,7 @@
             ],
             "nextcloud_exec_commands": [
                 "php /var/www/html/occ app:install integration_libretranslate",
+                "php /var/www/html/occ app:enable integration_libretranslate",
                 "php /var/www/html/occ config:app:set integration_libretranslate host --value='http://nextcloud-aio-libretranslate'",
                 "php /var/www/html/occ config:app:set integration_libretranslate port --value='5000'"
             ]

community-containers/libretranslate/readme.md

@@ -1,4 +1,4 @@
-## Local AI
+## LibreTranslate
 This container bundles LibreTranslate and auto-configures it for you.
 
 ### Notes

community-containers/local-ai/local-ai.json

@@ -20,7 +20,7 @@
                 },
                 {
                     "source": "nextcloud_aio_localai_images",
-                    "destination": "/images",
+                    "destination": "/tmp/generated/images/",
                     "writeable": true
                 },
                 {
@@ -35,8 +35,10 @@
                 "echo 'Scanning nextcloud-aio-local-ai folder for admin user...'",
                 "php /var/www/html/occ files:scan --path='/admin/files/nextcloud-aio-local-ai'",
                 "php /var/www/html/occ app:install integration_openai",
+                "php /var/www/html/occ app:enable integration_openai",
                 "php /var/www/html/occ config:app:set integration_openai url --value http://nextcloud-aio-local-ai:8080",
-                "php /var/www/html/occ app:install assistant"
+                "php /var/www/html/occ app:install assistant",
+                "php /var/www/html/occ app:enable assistant"
             ]
         }
     ]

community-containers/memories/memories.json

@@ -0,0 +1,33 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-memories",
+            "display_name": "Memories Transcoder",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/memories",
+            "image": "radialapps/go-vod",
+            "image_tag": "latest",
+            "internal_port": "47788",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%",
+                "NEXTCLOUD_HOST=https://%NC_DOMAIN%"
+            ],
+            "volumes": [
+                {
+                    "source": "%NEXTCLOUD_DATADIR%",
+                    "destination": "/mnt/ncdata",
+                    "writeable": false
+                }
+            ],
+            "devices": [
+                "/dev/dri"
+            ],
+            "nextcloud_exec_commands": [
+                "php /var/www/html/occ app:install memories",
+                "php /var/www/html/occ app:enable memories",
+                "php /var/www/html/occ config:system:set memories.vod.external --value true --type bool",
+                "php /var/www/html/occ config:system:set memories.vod.connect --value nextcloud-aio-memories:47788"
+            ]
+        }
+    ]
+}

community-containers/memories/readme.md

@@ -0,0 +1,12 @@
+## Memories
+This container bundles the hardware-transcoding container of memories and auto-configures it for you.
+
+### Notes
+- In order to actually enable the hardware transcoding, you need to add the following flag to AIO apart from adding this container: https://github.com/nextcloud/all-in-one#how-to-enable-hardware-transcoding-for-nextcloud
+- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
+
+### Repository
+https://github.com/pulsejet/memories
+
+### Maintainer
+https://github.com/pulsejet

community-containers/pi-hole/pi-hole.json

@@ -8,6 +8,7 @@
             "image_tag": "latest",
             "internal_port": "8573",
             "restart": "unless-stopped",
+            "init": false,
             "ports": [
                 {
                   "ip_binding": "",

community-containers/plex/readme.md

@@ -5,7 +5,7 @@ This container bundles Plex and auto-configures it for you.
 - This is not working on arm64 since Plex does only provide x64 docker images.
 - This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
 - If you have a firewall like ufw configured, you might need to open all Plex ports in there first in order to make it work. Especially port 32400 is important!
-- After adding and starting the container, you need to visit http://ip.address.of.server:32400 in order to claim your server with a plex account
+- After adding and starting the container, you need to visit http://ip.address.of.server:32400/manage in order to claim your server with a plex account
 - The data of Plex will be automatically included in AIOs backup solution!
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 

community-containers/readme.md

@@ -16,3 +16,10 @@ Simply submit a PR by creating a new folder in this directory: https://github.co
 
 ### Is there a list of ideas for new community containers?
 Yes, see [this list](https://github.com/nextcloud/all-in-one/discussions/categories/ideas?discussions_q=is%3Aopen+category%3AIdeas+label%3A%22help+wanted%22) for already existing ideas for new community containers. Feel free to pick one up and add it to this folder by following the instructions above.
+
+## How to remove containers from AIOs stack?
+In some cases, you might want to remove some community containers from the AIO stack again. Here is how to do this.
+
+First, do a backup from the AIO interface in order to save the current state. Do not start the containers again afterwards! Now simply recreate the mastercontainer and remove any container from the `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` that you do not actually need. If you want to remove all, simply use `--env AIO_COMMUNITY_CONTAINERS=" "`. 
+
+After removing the containers, there might be some data left on your server that you might want to remove. You can get rid of the data by first running `sudo docker rm nextcloud-aio-container1`, (adjust `container1` accordingly) per community-container that you removed. Then run `sudo docker image prune -a` in order to remove all images that are not used anymore. As last step you can get rid of persistent data of these containers that is stored in volumes. You can check if there is some by running `sudo docker volume ls` and look for any volume that matches the ones that you removed. If so, you can remove them with `sudo docker volume rm nextcloud_aio_volume-id` (of course you need to adjust the `volume-id`).

develop.md

@@ -38,3 +38,6 @@ This is documented here: https://github.com/nextcloud-releases/all-in-one/tree/m
 
 1. Verify that no job is running here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-beta.yml
 2. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-latest.yml, click on `Run workflow`.
+
+## How to connect to the database?
+Simply run `sudo docker exec -it nextcloud-aio-database psql -U oc_nextcloud nextcloud_database` and you should be in.

docker-rootless.md

@@ -1,5 +1,7 @@
 # Docker rootless
 
+**Please note:** Due to a bug in Collabora is the Collabora container currently in rootless mode not working. See https://github.com/CollaboraOnline/online/issues/2800. In that case, you need to run a separate Collabora instance on your own if you want to use this feature. The following flag will be useful https://github.com/nextcloud/all-in-one#how-to-keep-disabled-apps.
+
 You can run AIO with docker rootless by following the steps below.
 
 0. If docker is already installed, you should consider disabling it first: (`sudo systemctl disable --now docker.service docker.socket`)

manual-install/update-yaml.sh

@@ -32,6 +32,7 @@ echo "$OUTPUT" | yq -P > ./manual-install/containers.yml
 cd manual-install || exit
 sed -i "s|'||g" containers.yml
 sed -i '/display_name:/d' containers.yml
+sed -i '/THIS_IS_AIO/d' containers.yml
 sed -i '/stop_grace_period:/s/$/s/' containers.yml
 sed -i '/: \[\]/d' containers.yml
 sed -i 's|- source: |- |' containers.yml

migration.md

@@ -18,6 +18,7 @@ The procedure for migrating only the files works like this:
 1. Next, run `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chown -R 33:0 /mnt/ncdata/` and `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chmod -R 750 /mnt/ncdata/` to apply the correct permissions. (Or if `NEXTCLOUD_DATADIR` was provided, apply `chown -R 33:0` and `chmod -R 750` to the chosen path.)
 1. Start the containers again and wait until all containers are running
 1. Run `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan-app-data && sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ files:scan --all` in order to scan all files in the datadirectory.
+1. If the restored data is older than any clients you want to continue to sync, for example if the server was down for a period of time during migration, you may want to take a look at [Synchronising with clients after migration](/migration.md#synchronising-with-clients-after-migration) below.
 
 ## Migrate the files and the database
 **Please note**: this is much more complicated than migrating only the files and also not as failproof so be warned! Also, this will not work on former snap installations as the snap is read-only and thus you cannot install the necessary `pdo_pgsql` PHP extension. So if migrating from snap, you will need to use one of the other methods. However you could try to ask if the snaps maintainer could add this one small PHP extension to the snap here: https://github.com/nextcloud-snap/nextcloud-snap/issues which would allow for an easy migration.
@@ -84,5 +85,21 @@ The procedure for migrating the files and the database works like this:
 Now the whole Nextcloud instance should work again.<br>
 If not, feel free to restore the AIO instance from backup and start at step 8 again.
 
+If the restored data is older than any clients you want to continue to sync, for example if the server was down for a period of time during migration, you may want to take a look at [Synchronising with clients after migration](/migration.md#synchronising-with-clients-after-migration) below.
+
 ## Use the user_migration app
 A new way since the Nextcloud update to 24 is to use the new [user_migration app](https://apps.nextcloud.com/apps/user_migration#app-gallery). It allows to export the most important data on one instance and import it on a different Nextcloud instance. For that, you need to install and enable the user_migration app on your old instance, trigger the export for the user, create the user on the new instance, log in with that user and import the archive that was created during the export. This then needs to be done for each user that you want to migrate.
+
+If the restored data is older than any clients you want to continue to sync, for example if the server was down for a period of time during migration, you may want to take a look at [Synchronising with clients after migration](/migration.md#synchronising-with-clients-after-migration) below.
+
+# Synchronising with clients after migration
+#### From https://docs.nextcloud.com/server/latest/admin_manual/maintenance/restore.html#synchronising-with-clients-after-data-recovery
+By default the Nextcloud server is considered the authoritative source for the data. If the data on the server and the client differs clients will default to fetching the data from the server.
+
+If the recovered backup is outdated the state of the clients may be more up to date than the state of the server. In this case also make sure to run `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ maintenance:data-fingerprint` command afterwards. It changes the logic of the synchronisation algorithm to try an recover as much data as possible. Files missing on the server are therefore recovered from the clients and in case of different content the users will be asked.
+
+>[!Note]
+>The usage of maintenance:data-fingerprint can cause conflict dialogues and difficulties deleting files on the client. Therefore it’s only recommended to prevent dataloss if the backup was outdated.
+
+
+If you are running multiple application servers you will need to make sure the config files are synced between them so that the updated data-fingerprint is applied on all instances.

nextcloud-aio-helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.5.0
+version: 7.7.1-dev2
 apiVersion: v2
 keywords:
   - latest

nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml

@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20231027_071516-latest
+          image: nextcloud/aio-apache:20231123_084113-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml

@@ -9,7 +9,9 @@ metadata:
   name: nextcloud-aio-apache
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   type: LoadBalancer
+  externalTrafficPolicy: Local
   ports:
     - name: "{{ .Values.APACHE_PORT }}"
       port: {{ .Values.APACHE_PORT }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml

@@ -24,11 +24,22 @@ spec:
         io.kompose.service: nextcloud-aio-clamav
     spec:
       initContainers:
+        - name: init-subpath
+          image: alpine
+          command:
+            - mkdir
+            - "-p"
+            - /nextcloud-aio-clamav/data
+            - /nextcloud-aio-clamav
+          volumeMounts:
+            - name: nextcloud-aio-clamav
+              mountPath: /nextcloud-aio-clamav
         - name: init-volumes
           image: alpine
           command:
-            - chmod
-            - "777"
+            - chown
+            - 100:100
+            - "-R"
             - /nextcloud-aio-clamav
           volumeMounts:
             - name: nextcloud-aio-clamav
@@ -39,13 +50,14 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20231027_071516-latest
+          image: nextcloud/aio-clamav:20231123_084113-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
               protocol: TCP
           volumeMounts:
             - mountPath: /var/lib/clamav
+              subPath: data
               name: nextcloud-aio-clamav
       volumes:
         - name: nextcloud-aio-clamav

nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml

@@ -1,3 +1,4 @@
+{{- if eq .Values.CLAMAV_ENABLED "yes" }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -14,3 +15,4 @@ spec:
   resources:
     requests:
       storage: {{ .Values.CLAMAV_STORAGE_SIZE }}
+{{- end }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml

@@ -10,6 +10,7 @@ metadata:
   name: nextcloud-aio-clamav
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "3310"
       port: 3310

nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml

@@ -37,7 +37,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20231027_071516-latest
+          image: nextcloud/aio-collabora:20231123_084113-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980

nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml

@@ -10,6 +10,7 @@ metadata:
   name: nextcloud-aio-collabora
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "9980"
       port: 9980

nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml

@@ -61,7 +61,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20231027_071516-latest
+          image: nextcloud/aio-postgresql:20231123_084113-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432

nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml

@@ -9,6 +9,7 @@ metadata:
   name: nextcloud-aio-database
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "5432"
       port: 5432

nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml

@@ -55,7 +55,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20231027_071516-latest
+          image: nextcloud/aio-fulltextsearch:20231123_084113-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200

nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml

@@ -10,6 +10,7 @@ metadata:
   name: nextcloud-aio-fulltextsearch
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "9200"
       port: 9200

nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml

@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20231027_071516-latest
+          image: nextcloud/aio-imaginary:20231123_084113-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000

nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml

@@ -10,6 +10,7 @@ metadata:
   name: nextcloud-aio-imaginary
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "9000"
       port: 9000

nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml

@@ -37,6 +37,26 @@ spec:
               mountPath: /nextcloud-aio-nextcloud
       containers:
         - env:
+            - name: SMTP_HOST
+              value: "{{ .Values.SMTP_HOST }}"
+            - name: SMTP_SECURE
+              value: "{{ .Values.SMTP_SECURE }}"
+            - name: SMTP_PORT
+              value: "{{ .Values.SMTP_PORT }}"
+            - name: SMTP_AUTHTYPE
+              value: "{{ .Values.SMTP_AUTHTYPE }}"
+            - name: SMTP_NAME
+              value: "{{ .Values.SMTP_NAME }}"
+            - name: SMTP_PASSWORD
+              value: "{{ .Values.SMTP_PASSWORD }}"
+            - name: MAIL_FROM_ADDRESS
+              value: "{{ .Values.MAIL_FROM_ADDRESS }}"
+            - name: MAIL_DOMAIN
+              value: "{{ .Values.MAIL_DOMAIN }}"
+            - name: SUBSCRIPTION_KEY
+              value: "{{ .Values.SUBSCRIPTION_KEY }}"
+            - name: APPS_ALLOWLIST
+              value: "{{ .Values.APPS_ALLOWLIST }}"
             - name: ADDITIONAL_APKS
               value: "{{ .Values.NEXTCLOUD_ADDITIONAL_APKS }}"
             - name: ADDITIONAL_PHP_EXTENSIONS
@@ -123,7 +143,8 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20231027_071516-latest
+          image: nextcloud/aio-nextcloud:develop
+          imagePullPolicy: Always
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000

nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-persistentvolumeclaim.yaml

@@ -10,7 +10,7 @@ spec:
   storageClassName: {{ .Values.STORAGE_CLASS }}
   {{- end }}
   accessModes:
-    - ReadWriteOnce
+    - ReadWriteMany
   resources:
     requests:
       storage: {{ .Values.NEXTCLOUD_STORAGE_SIZE }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml

@@ -9,6 +9,7 @@ metadata:
   name: nextcloud-aio-nextcloud
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "9000"
       port: 9000

nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml

@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20231027_071516-latest
+          image: nextcloud/aio-notify-push:20231123_084113-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867

nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml

@@ -9,6 +9,7 @@ metadata:
   name: nextcloud-aio-notify-push
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "7867"
       port: 7867

nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml

@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20231027_071516-latest
+          image: nextcloud/aio-onlyoffice:20231123_084113-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80

nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml

@@ -1,3 +1,4 @@
+{{- if eq .Values.ONLYOFFICE_ENABLED "yes" }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -14,3 +15,4 @@ spec:
   resources:
     requests:
       storage: {{ .Values.ONLYOFFICE_STORAGE_SIZE }}
+{{- end }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml

@@ -10,6 +10,7 @@ metadata:
   name: nextcloud-aio-onlyoffice
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "80"
       port: 80

nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml

@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20231027_071516-latest
+          image: nextcloud/aio-redis:20231123_084113-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379

nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml

@@ -9,6 +9,7 @@ metadata:
   name: nextcloud-aio-redis
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "6379"
       port: 6379

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml

@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20231027_071516-latest
+          image: nextcloud/aio-talk:20231123_084113-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml

@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20231027_071516-latest
+          image: nextcloud/aio-talk-recording:20231123_084113-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml

@@ -10,6 +10,7 @@ metadata:
   name: nextcloud-aio-talk-recording
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "1234"
       port: 1234

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml

@@ -11,7 +11,9 @@ metadata:
   name: nextcloud-aio-talk-public
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   type: LoadBalancer
+  externalTrafficPolicy: Local
   ports:
     - name: "{{ .Values.TALK_PORT }}"
       port: {{ .Values.TALK_PORT }}
@@ -34,6 +36,7 @@ metadata:
   name: nextcloud-aio-talk
   namespace: {{ .Values.NAMESPACE }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
     - name: "8081"
       port: 8081

nextcloud-aio-helm-chart/update-helm.sh

@@ -81,15 +81,34 @@ cat << EOL > /tmp/initcontainers.database
             - "-R"
           volumeMountsInitContainer:
 EOL
+cat << EOL > /tmp/initcontainers.clamav
+      initContainers:
+        - name: init-subpath
+          image: alpine
+          command:
+            - mkdir
+            - "-p"
+            - /nextcloud-aio-clamav/data
+          volumeMountsInitContainer:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chown
+            - 100:100
+            - "-R"
+          volumeMountsInitContainer:
+EOL
 # shellcheck disable=SC1083
 DEPLOYMENTS="$(find ./ -name '*deployment.yaml')"
 mapfile -t DEPLOYMENTS <<< "$DEPLOYMENTS"
 for variable in "${DEPLOYMENTS[@]}"; do
     if grep -q volumeMounts "$variable"; then
-        if ! echo "$variable" | grep -q database; then
-            sed -i "/^    spec:/r /tmp/initcontainers" "$variable"
-        else
+        if echo "$variable" | grep -q database; then
             sed -i "/^    spec:/r /tmp/initcontainers.database" "$variable"
+        elif echo "$variable" | grep -q clamav; then
+            sed -i "/^    spec:/r /tmp/initcontainers.clamav" "$variable"
+        else
+            sed -i "/^    spec:/r /tmp/initcontainers" "$variable"
         fi
         volumeNames="$(grep -A1 mountPath "$variable" | grep -v mountPath | sed 's|.*name: ||' | sed '/^--$/d')"
         mapfile -t volumeNames <<< "$volumeNames"
@@ -101,6 +120,8 @@ for variable in "${DEPLOYMENTS[@]}"; do
                 # Workaround for the database volume
                 if [ "$volumeName" = nextcloud-aio-database ]; then
                     sed -i "/mountPath: \/var\/lib\/postgresql\/data/a\ \ \ \ \ \ \ \ \ \ \ \ \ \ subPath: data" "$variable"
+                elif [ "$volumeName" = nextcloud-aio-clamav ]; then
+                    sed -i "/mountPath: \/var\/lib\/clamav/a\ \ \ \ \ \ \ \ \ \ \ \ \ \ subPath: data" "$variable"
                 fi
                 
             fi
@@ -132,6 +153,8 @@ find ./ -name '*deployment.yaml' -exec sed -i "/hostPort:/d" \{} \;
 # shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "s|ReadOnlyMany|ReadWriteOnce|" \{} \;   
 # shellcheck disable=SC1083
+find ./ -name 'nextcloud-aio-nextcloud-persistentvolumeclaim.yaml' -exec sed -i "s|ReadWriteOnce|ReadWriteMany|"  \{} \;
+# shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ {{- if .Values.STORAGE_CLASS }}" \{} \;  
 # shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ storageClassName: {{ .Values.STORAGE_CLASS }}" \{} \; 
@@ -164,6 +187,10 @@ find ./ -name '*talk-service.yaml' -exec grep -v '{{ .Values.TALK.*}}\|protocol:
 # shellcheck disable=SC1083
 find ./ -name '*talk-service.yaml' -exec mv /tmp/talk-service.copy \{} \;
 # shellcheck disable=SC1083
+find ./ -name '*service.yaml' -exec sed -i "/type: LoadBalancer/a\ \ externalTrafficPolicy: Local" \{} \;
+# shellcheck disable=SC1083
+find ./ -name '*service.yaml' -exec sed -i "/^spec:/a\ \ ipFamilyPolicy: PreferDualStack" \{} \;
+# shellcheck disable=SC1083
 find ./ -name '*.yaml' -exec sed -i "s|'{{|\"{{|g;s|}}'|}}\"|g" \{} \; 
 # shellcheck disable=SC1083
 find ./ -name '*.yaml' -exec sed -i "/type: Recreate/d" \{} \; 
@@ -184,6 +211,34 @@ for variable in "${VOLUMES[@]}"; do
     find ./ -name "*nextcloud-aio-$variable-persistentvolumeclaim.yaml" -exec sed -i "s|storage: 100Mi|storage: {{ .Values.$name }}|" \{} \; 
 done
 
+# Additional config
+cat << EOL > /tmp/additional.config
+            - name: SMTP_HOST
+              value: "{{ .Values.SMTP_HOST }}"
+            - name: SMTP_SECURE
+              value: "{{ .Values.SMTP_SECURE }}"
+            - name: SMTP_PORT
+              value: "{{ .Values.SMTP_PORT }}"
+            - name: SMTP_AUTHTYPE
+              value: "{{ .Values.SMTP_AUTHTYPE }}"
+            - name: SMTP_NAME
+              value: "{{ .Values.SMTP_NAME }}"
+            - name: SMTP_PASSWORD
+              value: "{{ .Values.SMTP_PASSWORD }}"
+            - name: MAIL_FROM_ADDRESS
+              value: "{{ .Values.MAIL_FROM_ADDRESS }}"
+            - name: MAIL_DOMAIN
+              value: "{{ .Values.MAIL_DOMAIN }}"
+            - name: SUBSCRIPTION_KEY
+              value: "{{ .Values.SUBSCRIPTION_KEY }}"
+            - name: APPS_ALLOWLIST
+              value: "{{ .Values.APPS_ALLOWLIST }}"
+            - name: ADDITIONAL_TRUSTED_PROXY
+              value: "{{ .Values.ADDITIONAL_TRUSTED_PROXY }}"
+EOL
+# shellcheck disable=SC1083
+find ./ -name '*nextcloud-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional.config"  \{} \;
+
 cd ../
 mkdir -p ../helm-chart/
 rm latest/Chart.yaml
@@ -211,14 +266,32 @@ sed -i '/_ENABLED.*/s/ no / "no" /' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf
 sed -i 's|10737418240|"10737418240"|' /tmp/sample.conf
 # shellcheck disable=SC2129
-echo "NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster" >> /tmp/sample.conf
-# shellcheck disable=SC2129
 echo "" >> /tmp/sample.conf
 # shellcheck disable=SC2129
 echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf
 for variable in "${VOLUME_VARIABLE[@]}"; do
     echo "$variable: 1Gi       # You can change the size of the $(echo "$variable" | sed 's|_STORAGE_SIZE||;s|_|-|g' | tr '[:upper:]' '[:lower:]') volume that default to 1Gi with this value" >> /tmp/sample.conf
 done
+sed -i "s|NEXTCLOUD_STORAGE_SIZE: 1Gi|NEXTCLOUD_STORAGE_SIZE: 5Gi|" /tmp/sample.conf
+sed -i "s|NEXTCLOUD_DATA_STORAGE_SIZE: 1Gi|NEXTCLOUD_DATA_STORAGE_SIZE: 5Gi|" /tmp/sample.conf
+
+# Additional config
+cat << ADDITIONAL_CONFIG >> /tmp/sample.conf
+
+NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
+SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
+APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
+ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
+SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
+SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
+SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.
+SMTP_AUTHTYPE:         # (default: 'LOGIN'): The method used for authentication. Use 'PLAIN' if no authentication or STARTLS is required.
+SMTP_NAME:         # (empty by default): The username for the authentication.
+SMTP_PASSWORD:         # (empty by default): The password for the authentication.
+MAIL_FROM_ADDRESS:         # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud.
+MAIL_DOMAIN:         # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.
+ADDITIONAL_CONFIG
+
 mv /tmp/sample.conf ../helm-chart/values.yaml
 
 ENABLED_VARIABLES="$(grep -oP '^[A-Z_]+_ENABLED' ../helm-chart/values.yaml)"
@@ -235,6 +308,10 @@ for variable in "${ENABLED_VARIABLES[@]}"; do
     find ./ -name "*nextcloud-aio-$name-service.yaml" -exec sed -i "1i\\{{- if eq .Values.$variable \"yes\" }}" \{} \; 
     # shellcheck disable=SC1083
     find ./ -name "*nextcloud-aio-$name-service.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
+    # shellcheck disable=SC1083
+    find ./ -name "*nextcloud-aio-$name-persistentvolumeclaim.yaml" -exec sed -i "1i\\{{- if eq .Values.$variable \"yes\" }}" \{} \; 
+    # shellcheck disable=SC1083
+    find ./ -name "*nextcloud-aio-$name-persistentvolumeclaim.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
 done
 
 chmod 777 -R ./

nextcloud-aio-helm-chart/values.yaml

@@ -33,7 +33,6 @@ NEXTCLOUD_UPLOAD_LIMIT: 10G          # This allows to change the upload limit of
 REMOVE_DISABLED_APPS: yes        # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using.
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
-NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
 
 STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes
 APACHE_STORAGE_SIZE: 1Gi       # You can change the size of the apache volume that default to 1Gi with this value
@@ -41,8 +40,21 @@ CLAMAV_STORAGE_SIZE: 1Gi       # You can change the size of the clamav volume th
 DATABASE_STORAGE_SIZE: 1Gi       # You can change the size of the database volume that default to 1Gi with this value
 DATABASE_DUMP_STORAGE_SIZE: 1Gi       # You can change the size of the database-dump volume that default to 1Gi with this value
 ELASTICSEARCH_STORAGE_SIZE: 1Gi       # You can change the size of the elasticsearch volume that default to 1Gi with this value
-NEXTCLOUD_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud volume that default to 1Gi with this value
-NEXTCLOUD_DATA_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud-data volume that default to 1Gi with this value
+NEXTCLOUD_STORAGE_SIZE: 5Gi       # You can change the size of the nextcloud volume that default to 1Gi with this value
+NEXTCLOUD_DATA_STORAGE_SIZE: 5Gi       # You can change the size of the nextcloud-data volume that default to 1Gi with this value
 NEXTCLOUD_TRUSTED_CACERTS_STORAGE_SIZE: 1Gi       # You can change the size of the nextcloud-trusted-cacerts volume that default to 1Gi with this value
 ONLYOFFICE_STORAGE_SIZE: 1Gi       # You can change the size of the onlyoffice volume that default to 1Gi with this value
 REDIS_STORAGE_SIZE: 1Gi       # You can change the size of the redis volume that default to 1Gi with this value
+
+NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
+SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
+APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
+ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
+SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
+SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
+SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.
+SMTP_AUTHTYPE:         # (default: 'LOGIN'): The method used for authentication. Use 'PLAIN' if no authentication or STARTLS is required.
+SMTP_NAME:         # (empty by default): The username for the authentication.
+SMTP_PASSWORD:         # (empty by default): The password for the authentication.
+MAIL_FROM_ADDRESS:         # (not set by default): Set the local-part for the 'from' field in the emails sent by Nextcloud.
+MAIL_DOMAIN:         # (not set by default): Set a different domain for the emails than the domain where Nextcloud is installed.

php/composer.lock

@@ -391,16 +391,16 @@
         },
         {
             "name": "laravel/serializable-closure",
-            "version": "v1.3.1",
+            "version": "v1.3.3",
             "source": {
                 "type": "git",
                 "url": "https://github.com/laravel/serializable-closure.git",
-                "reference": "e5a3057a5591e1cfe8183034b0203921abe2c902"
+                "reference": "3dbf8a8e914634c48d389c1234552666b3d43754"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/e5a3057a5591e1cfe8183034b0203921abe2c902",
-                "reference": "e5a3057a5591e1cfe8183034b0203921abe2c902",
+                "url": "https://api.github.com/repos/laravel/serializable-closure/zipball/3dbf8a8e914634c48d389c1234552666b3d43754",
+                "reference": "3dbf8a8e914634c48d389c1234552666b3d43754",
                 "shasum": ""
             },
             "require": {
@@ -447,7 +447,7 @@
                 "issues": "https://github.com/laravel/serializable-closure/issues",
                 "source": "https://github.com/laravel/serializable-closure"
             },
-            "time": "2023-07-14T13:56:28+00:00"
+            "time": "2023-11-08T14:08:06+00:00"
         },
         {
             "name": "nikic/fast-route",
@@ -556,16 +556,16 @@
         },
         {
             "name": "php-di/php-di",
-            "version": "7.0.5",
+            "version": "7.0.6",
             "source": {
                 "type": "git",
                 "url": "https://github.com/PHP-DI/PHP-DI.git",
-                "reference": "9ea40a5a6970bf1ca5cbe148bc16cbad6ca3db6c"
+                "reference": "8097948a89f6ec782839b3e958432f427cac37fd"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/9ea40a5a6970bf1ca5cbe148bc16cbad6ca3db6c",
-                "reference": "9ea40a5a6970bf1ca5cbe148bc16cbad6ca3db6c",
+                "url": "https://api.github.com/repos/PHP-DI/PHP-DI/zipball/8097948a89f6ec782839b3e958432f427cac37fd",
+                "reference": "8097948a89f6ec782839b3e958432f427cac37fd",
                 "shasum": ""
             },
             "require": {
@@ -613,7 +613,7 @@
             ],
             "support": {
                 "issues": "https://github.com/PHP-DI/PHP-DI/issues",
-                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.5"
+                "source": "https://github.com/PHP-DI/PHP-DI/tree/7.0.6"
             },
             "funding": [
                 {
@@ -625,7 +625,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-08-10T14:57:56+00:00"
+            "time": "2023-11-02T10:04:50+00:00"
         },
         {
             "name": "php-di/slim-bridge",
@@ -1328,7 +1328,7 @@
         },
         {
             "name": "symfony/deprecation-contracts",
-            "version": "v3.3.0",
+            "version": "v3.4.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/symfony/deprecation-contracts.git",
@@ -1375,7 +1375,7 @@
             "description": "A generic function and convention to trigger deprecation notices",
             "homepage": "https://symfony.com",
             "support": {
-                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.3.0"
+                "source": "https://github.com/symfony/deprecation-contracts/tree/v3.4.0"
             },
             "funding": [
                 {
@@ -1558,6 +1558,89 @@
             ],
             "time": "2023-07-28T09:04:16+00:00"
         },
+        {
+            "name": "symfony/polyfill-php80",
+            "version": "v1.28.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/polyfill-php80.git",
+                "reference": "6caa57379c4aec19c0a12a38b59b26487dcfe4b5"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/6caa57379c4aec19c0a12a38b59b26487dcfe4b5",
+                "reference": "6caa57379c4aec19c0a12a38b59b26487dcfe4b5",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.1"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-main": "1.28-dev"
+                },
+                "thanks": {
+                    "name": "symfony/polyfill",
+                    "url": "https://github.com/symfony/polyfill"
+                }
+            },
+            "autoload": {
+                "files": [
+                    "bootstrap.php"
+                ],
+                "psr-4": {
+                    "Symfony\\Polyfill\\Php80\\": ""
+                },
+                "classmap": [
+                    "Resources/stubs"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Ion Bazan",
+                    "email": "ion.bazan@gmail.com"
+                },
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Symfony polyfill backporting some PHP 8.0+ features to lower PHP versions",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "compatibility",
+                "polyfill",
+                "portable",
+                "shim"
+            ],
+            "support": {
+                "source": "https://github.com/symfony/polyfill-php80/tree/v1.28.0"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2023-01-26T09:26:14+00:00"
+        },
         {
             "name": "symfony/polyfill-php81",
             "version": "v1.28.0",
@@ -1639,26 +1722,27 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.7.1",
+            "version": "v3.8.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "a0ce373a0ca3bf6c64b9e3e2124aca502ba39554"
+                "reference": "9d15f0ac07f44dc4217883ec6ae02fd555c6f71d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/a0ce373a0ca3bf6c64b9e3e2124aca502ba39554",
-                "reference": "a0ce373a0ca3bf6c64b9e3e2124aca502ba39554",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/9d15f0ac07f44dc4217883ec6ae02fd555c6f71d",
+                "reference": "9d15f0ac07f44dc4217883ec6ae02fd555c6f71d",
                 "shasum": ""
             },
             "require": {
                 "php": ">=7.2.5",
                 "symfony/polyfill-ctype": "^1.8",
-                "symfony/polyfill-mbstring": "^1.3"
+                "symfony/polyfill-mbstring": "^1.3",
+                "symfony/polyfill-php80": "^1.22"
             },
             "require-dev": {
                 "psr/container": "^1.0|^2.0",
-                "symfony/phpunit-bridge": "^5.4.9|^6.3"
+                "symfony/phpunit-bridge": "^5.4.9|^6.3|^7.0"
             },
             "type": "library",
             "autoload": {
@@ -1694,7 +1778,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.7.1"
+                "source": "https://github.com/twigphp/Twig/tree/v3.8.0"
             },
             "funding": [
                 {
@@ -1706,7 +1790,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-08-28T11:09:02+00:00"
+            "time": "2023-11-21T18:54:41+00:00"
         }
     ],
     "packages-dev": [],

php/containers.json

@@ -212,7 +212,8 @@
         "DOCKER_SOCKET_PROXY_ENABLED=%DOCKER_SOCKET_PROXY_ENABLED%",
         "REMOVE_DISABLED_APPS=%REMOVE_DISABLED_APPS%",
         "APACHE_PORT=%APACHE_PORT%",
-        "APACHE_IP_BINDING=%APACHE_IP_BINDING%"
+        "APACHE_IP_BINDING=%APACHE_IP_BINDING%",
+        "THIS_IS_AIO=true"
       ],
       "restart": "unless-stopped",
       "devices": [
@@ -322,6 +323,9 @@
       ],
       "networks": [
         "nextcloud-aio"
+      ],
+      "cap_add": [
+        "MKNOD"
       ]
     },
     {

php/psalm-baseline.xml

@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.15.0@5c774aca4746caf3d239d9c8cadb9f882ca29352"/>
+<files psalm-version="5.16.0@2897ba636551a8cb61601cc26f6ccfbba6c36591"/>

php/public/index.php

@@ -7,6 +7,9 @@ ini_set('memory_limit', '2048M');
 // set max execution time to 2h just in case of a very slow internet connection
 ini_set('max_execution_time', '7200');
 
+// Log whole log messages
+ini_set('log_errors_max_len', '0');
+
 use DI\Container;
 use Slim\Csrf\Guard;
 use Slim\Factory\AppFactory;

php/src/Controller/DockerController.php

@@ -26,23 +26,32 @@ class DockerController
         $this->configurationManager = $configurationManager;
     }
 
-    private function PerformRecursiveContainerStart(string $id, bool $pullContainer = true) : void {
+    private function PerformRecursiveContainerStart(string $id, bool $pullImage = true) : void {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
         foreach($container->GetDependsOn() as $dependency) {
-            $this->PerformRecursiveContainerStart($dependency, $pullContainer);
+            $this->PerformRecursiveContainerStart($dependency, $pullImage);
         }
 
+        // Don't start if container is already running
+        // This is expected to happen if a container is defined in depends_on of multiple containers
+        if ($container->GetRunningState() instanceof RunningState) {
+            error_log('Not starting ' . $id . ' because it was already started.');
+            return;
+        }
+
+        // Skip database image pull if the last shutdown was not clean
         if ($id === 'nextcloud-aio-database') {
             if ($this->dockerActionManager->GetDatabasecontainerExitCode() > 0) {
-                $pullContainer = false;
+                $pullImage = false;
                 error_log('Not pulling the latest database image because the container was not correctly shut down.');
             }
         }
+
         $this->dockerActionManager->DeleteContainer($container);
         $this->dockerActionManager->CreateVolumes($container);
-        if ($pullContainer) {
-            $this->dockerActionManager->PullContainer($container);
+        if ($pullImage) {
+            $this->dockerActionManager->PullImage($container);
         }
         $this->dockerActionManager->CreateContainer($container);
         $this->dockerActionManager->StartContainer($container);
@@ -179,7 +188,7 @@ class DockerController
         return $response->withStatus(201)->withHeader('Location', '/');
     }
 
-    public function startTopContainer(bool $pullContainer) : void {
+    public function startTopContainer(bool $pullImage) : void {
         $config = $this->configurationManager->GetConfig();
         // set AIO_TOKEN
         $config['AIO_TOKEN'] = bin2hex(random_bytes(24));
@@ -190,7 +199,7 @@ class DockerController
 
         $id = self::TOP_CONTAINER;
 
-        $this->PerformRecursiveContainerStart($id, $pullContainer);
+        $this->PerformRecursiveContainerStart($id, $pullImage);
     }
 
     public function StartWatchtowerContainer(Request $request, Response $response, array $args) : Response {

php/src/Cron/StartAndUpdateContainers.php

@@ -4,6 +4,9 @@ declare(strict_types=1);
 // increase memory limit to 2GB
 ini_set('memory_limit', '2048M');
 
+// Log whole log messages
+ini_set('log_errors_max_len', '0');
+
 use DI\Container;
 
 require __DIR__ . '/../../vendor/autoload.php';

php/src/Cron/StartContainers.php

@@ -4,6 +4,9 @@ declare(strict_types=1);
 // increase memory limit to 2GB
 ini_set('memory_limit', '2048M');
 
+// Log whole log messages
+ini_set('log_errors_max_len', '0');
+
 use DI\Container;
 
 require __DIR__ . '/../../vendor/autoload.php';

php/src/Data/ConfigurationManager.php

@@ -12,7 +12,7 @@ class ConfigurationManager
         if(file_exists(DataConst::GetConfigFile()))
         {
             $configContent = file_get_contents(DataConst::GetConfigFile());
-            return json_decode($configContent, true);
+            return json_decode($configContent, true, 512, JSON_THROW_ON_ERROR);
         }
 
         return [];
@@ -514,7 +514,7 @@ class ConfigurationManager
             throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not exist! Something was set up falsely!");
         }
         $df = disk_free_space(DataConst::GetDataDirectory());
-        $content = json_encode($config, JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT);
+        $content = json_encode($config, JSON_UNESCAPED_SLASHES|JSON_PRETTY_PRINT|JSON_THROW_ON_ERROR);
         $size = strlen($content) + 10240;
         if ($df !== false && (int)$df < $size) {
             throw new InvalidSettingConfigurationException(DataConst::GetDataDirectory() . " does not have enough space for writing the config file! Not writing it back!");

php/src/Docker/DockerActionManager.php

@@ -403,6 +403,9 @@ class DockerActionManager
                     } else {
                         $replacements[1] = '';
                     }
+                // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
+                } elseif ($out[1] === 'AIO_DATABASE_HOST') {
+                    $replacements[1] = gethostbyname('nextcloud-aio-database');
                 } else {
                     $secret = $this->configurationManager->GetSecret($out[1]);
                     if ($secret === "") {
@@ -574,16 +577,16 @@ class DockerActionManager
 
     }
 
-    public function PullContainer(Container $container) : void
+    public function PullImage(Container $container) : void
     {
-        $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', urlencode($this->BuildImageName($container))));
+        $imageName = urlencode($this->BuildImageName($container));
+        $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', $imageName));
         try {
             $this->guzzleClient->post($url);
-        } catch (RequestException $e) {
-            error_log('Could not get image ' . $this->BuildImageName($container) . ' from docker hub. Probably due to rate limits. ' . $e->getMessage());
-            // Don't exit here because it is possible that the image is already present 
-            // and we ran into docker hub limits.
-            // We will exit later if not image should be available.
+            $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
+            $this->guzzleClient->get($imageUrl)->getBody()->getContents();
+        } catch (\Throwable $e) {
+            throw new \Exception("Could not pull image " . $imageName . ". Please run 'sudo docker exec -it nextcloud-aio-mastercontainer docker pull " . $imageName . "' in order to find out why it failed.");
         }
     }
 

php/templates/containers.twig

@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.5.1</h1>
+        <h1>Nextcloud AIO v7.7.0</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>
@@ -649,7 +649,7 @@
                                 <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
                                 <input class="button" type="submit" value="Submit timezone" onclick="return confirm('Are you sure that this is a valid timezone? Please double check by following the wikipedia article and checking the correct column since if not, it will break the startup since the database will not get correctly initialized and you will end in a startup loop.')" />
                             </form>
-                            You need to make sure that the timezone that you enter is valid. An example is <b>Europe/Berlin</b>. You can get valid values by looking at the 'TZ database name' column of this list: <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><b>click here</b></a>. The default is <b>Etc/UTC</b> if nothing is entered.<br><br>
+                            You need to make sure that the timezone that you enter is valid. An example is <b>Europe/Berlin</b>. You can get valid values by looking at the 'TZ identifier' column of this list: <a href="https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"><b>click here</b></a>. The default is <b>Etc/UTC</b> if nothing is entered.<br><br>
                         {% else %}
                             The timezone for Nextcloud is currently set to <b>{{ timezone }}</b>. You can reset the timezone again by clicking on the button below.<br><br/>
                             <form method="POST" action="/api/configuration" class="xhr">

reverse-proxy.md

@@ -8,7 +8,7 @@ In order to run Nextcloud behind a web server or reverse proxy (like Apache, Ngi
 
 **Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
 1. **Configure the reverse proxy! See [point 1](#1-add-this-to-your-reverse-proxy-config)**
-1. **Use the in this document provided startup command! See [point 2](#2-use-this-startup-command)**
+1. **Use this startup command! See [point 2](#2-use-this-startup-command)**
 1. Optional: If the reverse proxy is installed on the same host and in the host network, you should limit the apache container to only listen on localhost. See [point 3](#3-limit-the-access-to-the-apache-container)
 1. **Open the AIO interface. See [point 4](#4-open-the-aio-interface)**
 1. Optional: Get a valid certificate for the AIO interface! See [point 5](#5-optional-get-a-valid-certificate-for-the-aio-interface)
@@ -25,12 +25,12 @@ Of course you need to modify `<your-nc-domain>` to the domain on which you want
 For this setup, the default sample configurations with `localhost:$APACHE_PORT` should work.
 
 **Running the Reverse Proxy in a Docker container on the same server**<br>
-For this setup, you can use as target `host.docker.internal:$APACHE_PORT` instead of `localhost:$APACHE_PORT`.<br>
+For this setup, you can use as target `host.docker.internal:$APACHE_PORT` instead of `localhost:$APACHE_PORT`. **⚠️ Important:** In order to make this work on Docker for Linux, you need to add `--add-host=host.docker.internal:host-gateway` to the docker run command of your reverse proxy container or `extra_hosts: ["host.docker.internal:host-gateway"]` in docker compose (it works on Docker Desktop by default).<br>
 Another option and actually the recommended way in this case is to use `--network host` option (or `network_mode: host` for docker-compose) as setting for the reverse proxy container to connect it to the host network. If you are using a firewall on the server, you need to open ports 80 and 443 for the reverse proxy manually. By doing so, the default sample configurations that point at `localhost:$APACHE_PORT` should work without having to modify them.
 
 **Running the Reverse Proxy on a different server (no matter if in container or not)**<br>
 For this setup, you need to use as target the private ip-address of the host that shall be running AIO. So e.g. `private.ip.address.of.aio.server:$APACHE_PORT` instead of `localhost:$APACHE_PORT`.<br>
-If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` on the server that shall be running AIO. If the command returns a public ip-address, use `ip a | grep "scope global" | grep docker0 | awk '{print $2}' | sed 's|/.*||'` instead (the commands only work on Linux).
+If you are not sure how to retrieve that, you can run: `ip a | grep "scope global" | head -1 | awk '{print $2}' | sed 's|/.*||'` on the server that shall be running AIO (the commands only work on Linux).
 
 ### Apache
 
@@ -383,7 +383,7 @@ Second, see these screenshots for a working config:
 
 ![grafik](https://user-images.githubusercontent.com/75573284/213889724-1ab32264-3e0c-4d83-b067-9fe9d1672fb2.png)
 
-![grafik](https://user-images.githubusercontent.com/75573284/213889797-42642302-b079-4378-a4a6-079f4f67058c.png)
+![grafik](https://github.com/nextcloud/all-in-one/assets/24786786/fecbb5ef-d2f4-4e0f-bc4b-82207e2c2809)
 
 ![grafik](https://user-images.githubusercontent.com/75573284/213889746-87dbe8c5-4d1f-492f-b251-bbf82f1510d0.png)