Merge pull request #3815 from nextcloud/aio-helm-update

Helm Chart updates

Containers/clamav/Dockerfile

@@ -1,5 +1,5 @@
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.2.1-15
+FROM clamav/clamav:1.2.1-16
 
 COPY clamav.conf /tmp/clamav.conf
 

Containers/docker-socket-proxy/Dockerfile

@@ -1,4 +1,4 @@
-FROM haproxy:2.8.3-alpine3.18
+FROM haproxy:2.8.4-alpine3.18
 
 # hadolint ignore=DL3002
 USER root

Containers/nextcloud/Dockerfile

@@ -3,7 +3,7 @@ FROM php:8.1.25-fpm-alpine3.18
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
 ENV PHP_MAX_TIME 3600
-ENV NEXTCLOUD_VERSION 27.1.3
+ENV NEXTCLOUD_VERSION 27.1.4
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 

Containers/nextcloud/entrypoint.sh

@@ -516,6 +516,9 @@ fi
 chmod 775 -R /var/www/html/custom_apps/notify_push/bin/
 php /var/www/html/occ config:system:set trusted_proxies 0 --value="127.0.0.1"
 php /var/www/html/occ config:system:set trusted_proxies 1 --value="::1"
+if [ -n "$ADDITIONAL_TRUSTED_PROXY" ]; then
+    php /var/www/html/occ config:system:set trusted_proxies 2 --value="$ADDITIONAL_TRUSTED_PROXY"
+fi
 php /var/www/html/occ config:app:set notify_push base_endpoint --value="https://$NC_DOMAIN/push"
 
 # Collabora
@@ -561,6 +564,11 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
         if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$PRIVATE_IP_RANGES"; then
             COLLABORA_ALLOW_LIST+=",$PRIVATE_IP_RANGES"
         fi
+        if [ -n "$ADDITIONAL_TRUSTED_PROXY" ]; then
+            if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$ADDITIONAL_TRUSTED_PROXY"; then
+                COLLABORA_ALLOW_LIST+=",$ADDITIONAL_TRUSTED_PROXY"
+            fi
+        fi
         php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value="$COLLABORA_ALLOW_LIST"
     else
         echo "Warning: wopi_allowlist is empty which should not be the case!"

develop.md

@@ -38,3 +38,6 @@ This is documented here: https://github.com/nextcloud-releases/all-in-one/tree/m
 
 1. Verify that no job is running here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-beta.yml
 2. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-latest.yml, click on `Run workflow`.
+
+## How to connect to the database?
+Simply run `sudo docker exec -it nextcloud-aio-database psql -U oc_nextcloud nextcloud_database` and you should be in.

manual-install/latest.yml

@@ -202,6 +202,8 @@ services:
       - collabora
     networks:
       - nextcloud-aio
+    cap_add:
+      - MKNOD
 
   nextcloud-aio-talk:
     image: nextcloud/aio-talk:latest

manual-install/update-yaml.sh

@@ -32,7 +32,7 @@ echo "$OUTPUT" | yq -P > ./manual-install/containers.yml
 cd manual-install || exit
 sed -i "s|'||g" containers.yml
 sed -i '/display_name:/d' containers.yml
-sed -i '/THIS_IS_AIO:/d' containers.yml
+sed -i '/THIS_IS_AIO/d' containers.yml
 sed -i '/stop_grace_period:/s/$/s/' containers.yml
 sed -i '/: \[\]/d' containers.yml
 sed -i 's|- source: |- |' containers.yml

nextcloud-aio-helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 7.6.2
+version: 7.7.1
 apiVersion: v2
 keywords:
   - latest

nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml

@@ -57,7 +57,7 @@ spec:
               value: nextcloud-aio-talk
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-apache:20231113_125854-latest
+          image: nextcloud/aio-apache:20231130_081302-latest
           name: nextcloud-aio-apache
           ports:
             - containerPort: {{ .Values.APACHE_PORT }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml

@@ -24,11 +24,22 @@ spec:
         io.kompose.service: nextcloud-aio-clamav
     spec:
       initContainers:
+        - name: init-subpath
+          image: alpine
+          command:
+            - mkdir
+            - "-p"
+            - /nextcloud-aio-clamav/data
+            - /nextcloud-aio-clamav
+          volumeMounts:
+            - name: nextcloud-aio-clamav
+              mountPath: /nextcloud-aio-clamav
         - name: init-volumes
           image: alpine
           command:
-            - chmod
-            - "777"
+            - chown
+            - 100:100
+            - "-R"
             - /nextcloud-aio-clamav
           volumeMounts:
             - name: nextcloud-aio-clamav
@@ -39,13 +50,14 @@ spec:
               value: "90"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-clamav:20231113_125854-latest
+          image: nextcloud/aio-clamav:20231130_081302-latest
           name: nextcloud-aio-clamav
           ports:
             - containerPort: 3310
               protocol: TCP
           volumeMounts:
             - mountPath: /var/lib/clamav
+              subPath: data
               name: nextcloud-aio-clamav
       volumes:
         - name: nextcloud-aio-clamav

nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-persistentvolumeclaim.yaml

@@ -1,3 +1,4 @@
+{{- if eq .Values.CLAMAV_ENABLED "yes" }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -14,3 +15,4 @@ spec:
   resources:
     requests:
       storage: {{ .Values.CLAMAV_STORAGE_SIZE }}
+{{- end }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml

@@ -37,9 +37,13 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true {{ .Values.COLLABORA_SECCOMP_POLICY }} --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: nextcloud/aio-collabora:20231113_125854-latest
+          image: nextcloud/aio-collabora:20231130_081302-latest
           name: nextcloud-aio-collabora
           ports:
             - containerPort: 9980
               protocol: TCP
+          securityContext:
+            capabilities:
+              add:
+                - MKNOD
 {{- end }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml

@@ -61,7 +61,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-postgresql:20231113_125854-latest
+          image: nextcloud/aio-postgresql:20231130_081302-latest
           name: nextcloud-aio-database
           ports:
             - containerPort: 5432

nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml

@@ -55,7 +55,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: nextcloud/aio-fulltextsearch:20231113_125854-latest
+          image: nextcloud/aio-fulltextsearch:20231130_081302-latest
           name: nextcloud-aio-fulltextsearch
           ports:
             - containerPort: 9200

nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml

@@ -27,7 +27,7 @@ spec:
         - env:
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-imaginary:20231113_125854-latest
+          image: nextcloud/aio-imaginary:20231130_081302-latest
           name: nextcloud-aio-imaginary
           ports:
             - containerPort: 9000

nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml

@@ -23,6 +23,17 @@ spec:
         io.kompose.service: nextcloud-aio-nextcloud
     spec:
       initContainers:
+        - name: delete lost+found
+          image: alpine
+          command:
+            - rm
+            - "-rf"
+            - /nextcloud-aio-nextcloud/lost+found
+          volumeMounts:
+            - name: nextcloud-aio-nextcloud-trusted-cacerts
+              mountPath: /nextcloud-aio-nextcloud-trusted-cacerts
+            - name: nextcloud-aio-nextcloud
+              mountPath: /nextcloud-aio-nextcloud
         - name: init-volumes
           image: alpine
           command:
@@ -37,8 +48,6 @@ spec:
               mountPath: /nextcloud-aio-nextcloud
       containers:
         - env:
-            - name: SMTP_HOST
-              value: "{{ .Values.SMTP_HOST }}"
             - name: SMTP_HOST
               value: "{{ .Values.SMTP_HOST }}"
             - name: SMTP_SECURE
@@ -59,6 +68,8 @@ spec:
               value: "{{ .Values.SUBSCRIPTION_KEY }}"
             - name: APPS_ALLOWLIST
               value: "{{ .Values.APPS_ALLOWLIST }}"
+            - name: ADDITIONAL_TRUSTED_PROXY
+              value: "{{ .Values.ADDITIONAL_TRUSTED_PROXY }}"
             - name: ADDITIONAL_APKS
               value: "{{ .Values.NEXTCLOUD_ADDITIONAL_APKS }}"
             - name: ADDITIONAL_PHP_EXTENSIONS
@@ -145,7 +156,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: UPDATE_NEXTCLOUD_APPS
               value: "{{ .Values.UPDATE_NEXTCLOUD_APPS }}"
-          image: nextcloud/aio-nextcloud:20231113_125854-latest
+          image: nextcloud/aio-nextcloud:20231130_081302-latest
           name: nextcloud-aio-nextcloud
           ports:
             - containerPort: 9000

nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml

@@ -50,7 +50,7 @@ spec:
               value: nextcloud-aio-redis
             - name: REDIS_HOST_PASSWORD
               value: "{{ .Values.REDIS_PASSWORD }}"
-          image: nextcloud/aio-notify-push:20231113_125854-latest
+          image: nextcloud/aio-notify-push:20231130_081302-latest
           name: nextcloud-aio-notify-push
           ports:
             - containerPort: 7867

nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml

@@ -43,7 +43,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-onlyoffice:20231113_125854-latest
+          image: nextcloud/aio-onlyoffice:20231130_081302-latest
           name: nextcloud-aio-onlyoffice
           ports:
             - containerPort: 80

nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-persistentvolumeclaim.yaml

@@ -1,3 +1,4 @@
+{{- if eq .Values.ONLYOFFICE_ENABLED "yes" }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -14,3 +15,4 @@ spec:
   resources:
     requests:
       storage: {{ .Values.ONLYOFFICE_STORAGE_SIZE }}
+{{- end }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml

@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-redis:20231113_125854-latest
+          image: nextcloud/aio-redis:20231130_081302-latest
           name: nextcloud-aio-redis
           ports:
             - containerPort: 6379

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml

@@ -37,7 +37,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk:20231113_125854-latest
+          image: nextcloud/aio-talk:20231130_081302-latest
           name: nextcloud-aio-talk
           ports:
             - containerPort: {{ .Values.TALK_PORT }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml

@@ -33,7 +33,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: nextcloud/aio-talk-recording:20231113_125854-latest
+          image: nextcloud/aio-talk-recording:20231130_081302-latest
           name: nextcloud-aio-talk-recording
           ports:
             - containerPort: 1234

nextcloud-aio-helm-chart/update-helm.sh

@@ -81,15 +81,52 @@ cat << EOL > /tmp/initcontainers.database
             - "-R"
           volumeMountsInitContainer:
 EOL
+cat << EOL > /tmp/initcontainers.clamav
+      initContainers:
+        - name: init-subpath
+          image: alpine
+          command:
+            - mkdir
+            - "-p"
+            - /nextcloud-aio-clamav/data
+          volumeMountsInitContainer:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chown
+            - 100:100
+            - "-R"
+          volumeMountsInitContainer:
+EOL
+cat << EOL > /tmp/initcontainers.nextcloud
+      initContainers:
+        - name: delete lost+found
+          image: alpine
+          command:
+            - rm
+            - "-rf"
+            - /nextcloud-aio-nextcloud/lost+found
+          volumeMountsInitRmLostFound:
+        - name: init-volumes
+          image: alpine
+          command:
+            - chmod
+            - "777"
+          volumeMountsInitContainer:
+EOL
 # shellcheck disable=SC1083
 DEPLOYMENTS="$(find ./ -name '*deployment.yaml')"
 mapfile -t DEPLOYMENTS <<< "$DEPLOYMENTS"
 for variable in "${DEPLOYMENTS[@]}"; do
     if grep -q volumeMounts "$variable"; then
-        if ! echo "$variable" | grep -q database; then
-            sed -i "/^    spec:/r /tmp/initcontainers" "$variable"
-        else
+        if echo "$variable" | grep -q database; then
             sed -i "/^    spec:/r /tmp/initcontainers.database" "$variable"
+        elif echo "$variable" | grep -q clamav; then
+            sed -i "/^    spec:/r /tmp/initcontainers.clamav" "$variable"
+        elif echo "$variable" | grep -q "nextcloud-deployment.yaml"; then
+            sed -i "/^    spec:/r /tmp/initcontainers.nextcloud" "$variable"
+        else
+            sed -i "/^    spec:/r /tmp/initcontainers" "$variable"
         fi
         volumeNames="$(grep -A1 mountPath "$variable" | grep -v mountPath | sed 's|.*name: ||' | sed '/^--$/d')"
         mapfile -t volumeNames <<< "$volumeNames"
@@ -98,14 +135,18 @@ for variable in "${DEPLOYMENTS[@]}"; do
             if [ "$volumeName" != "nextcloud-aio-nextcloud-data" ]; then
                 sed -i "/^.*volumeMountsInitContainer:/i\ \ \ \ \ \ \ \ \ \ \ \ - /$volumeName" "$variable"
                 sed -i "/volumeMountsInitContainer:/a\ \ \ \ \ \ \ \ \ \ \ \ - name: $volumeName\n\ \ \ \ \ \ \ \ \ \ \ \ \ \ mountPath: /$volumeName" "$variable"
+                sed -i "/volumeMountsInitRmLostFound:/a\ \ \ \ \ \ \ \ \ \ \ \ - name: $volumeName\n\ \ \ \ \ \ \ \ \ \ \ \ \ \ mountPath: /$volumeName" "$variable"
                 # Workaround for the database volume
                 if [ "$volumeName" = nextcloud-aio-database ]; then
                     sed -i "/mountPath: \/var\/lib\/postgresql\/data/a\ \ \ \ \ \ \ \ \ \ \ \ \ \ subPath: data" "$variable"
+                elif [ "$volumeName" = nextcloud-aio-clamav ]; then
+                    sed -i "/mountPath: \/var\/lib\/clamav/a\ \ \ \ \ \ \ \ \ \ \ \ \ \ subPath: data" "$variable"
                 fi
                 
             fi
         done
-        sed -i "s|volumeMountsInitContainer|volumeMounts|" "$variable"
+        sed -i "s|volumeMountsInitContainer:|volumeMounts:|" "$variable"
+        sed -i "s|volumeMountsInitRmLostFound:|volumeMounts:|" "$variable"
         if grep -q claimName "$variable"; then
             claimNames="$(grep claimName "$variable")"
             mapfile -t claimNames <<< "$claimNames"
@@ -192,8 +233,6 @@ done
 
 # Additional config
 cat << EOL > /tmp/additional.config
-            - name: SMTP_HOST
-              value: "{{ .Values.SMTP_HOST }}"
             - name: SMTP_HOST
               value: "{{ .Values.SMTP_HOST }}"
             - name: SMTP_SECURE
@@ -214,6 +253,8 @@ cat << EOL > /tmp/additional.config
               value: "{{ .Values.SUBSCRIPTION_KEY }}"
             - name: APPS_ALLOWLIST
               value: "{{ .Values.APPS_ALLOWLIST }}"
+            - name: ADDITIONAL_TRUSTED_PROXY
+              value: "{{ .Values.ADDITIONAL_TRUSTED_PROXY }}"
 EOL
 # shellcheck disable=SC1083
 find ./ -name '*nextcloud-deployment.yaml' -exec sed -i "/^.*\- env:/r /tmp/additional.config"  \{} \;
@@ -245,8 +286,6 @@ sed -i '/_ENABLED.*/s/ no / "no" /' /tmp/sample.conf
 sed -i 's|^NEXTCLOUD_TRUSTED_CACERTS_DIR: .*|NEXTCLOUD_TRUSTED_CACERTS_DIR:        # Setting this to any value allows to automatically import root certificates into the Nextcloud container|' /tmp/sample.conf
 sed -i 's|10737418240|"10737418240"|' /tmp/sample.conf
 # shellcheck disable=SC2129
-echo "NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster" >> /tmp/sample.conf
-# shellcheck disable=SC2129
 echo "" >> /tmp/sample.conf
 # shellcheck disable=SC2129
 echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf
@@ -259,8 +298,10 @@ sed -i "s|NEXTCLOUD_DATA_STORAGE_SIZE: 1Gi|NEXTCLOUD_DATA_STORAGE_SIZE: 5Gi|" /t
 # Additional config
 cat << ADDITIONAL_CONFIG >> /tmp/sample.conf
 
+NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
 SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
+ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
 SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
 SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.
@@ -287,6 +328,10 @@ for variable in "${ENABLED_VARIABLES[@]}"; do
     find ./ -name "*nextcloud-aio-$name-service.yaml" -exec sed -i "1i\\{{- if eq .Values.$variable \"yes\" }}" \{} \; 
     # shellcheck disable=SC1083
     find ./ -name "*nextcloud-aio-$name-service.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
+    # shellcheck disable=SC1083
+    find ./ -name "*nextcloud-aio-$name-persistentvolumeclaim.yaml" -exec sed -i "1i\\{{- if eq .Values.$variable \"yes\" }}" \{} \; 
+    # shellcheck disable=SC1083
+    find ./ -name "*nextcloud-aio-$name-persistentvolumeclaim.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
 done
 
 chmod 777 -R ./

nextcloud-aio-helm-chart/values.yaml

@@ -33,7 +33,6 @@ NEXTCLOUD_UPLOAD_LIMIT: 10G          # This allows to change the upload limit of
 REMOVE_DISABLED_APPS: yes        # Setting this to no keep Nextcloud apps that are disabled via their switch and not uninstall them if they should be installed in Nextcloud.
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using.
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
-NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
 
 STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes
 APACHE_STORAGE_SIZE: 1Gi       # You can change the size of the apache volume that default to 1Gi with this value
@@ -47,8 +46,10 @@ NEXTCLOUD_TRUSTED_CACERTS_STORAGE_SIZE: 1Gi       # You can change the size of t
 ONLYOFFICE_STORAGE_SIZE: 1Gi       # You can change the size of the onlyoffice volume that default to 1Gi with this value
 REDIS_STORAGE_SIZE: 1Gi       # You can change the size of the redis volume that default to 1Gi with this value
 
+NAMESPACE: default        # By changing this, you can adjust the namespace of the installation which allows to install multiple instances on one kubernetes cluster
 SUBSCRIPTION_KEY:        # This allows to set the Nextcloud Enterprise key via ENV
 APPS_ALLOWLIST:        # This allows to configure allowed apps that will be shown in Nextcloud's Appstore. You need to enter the app-IDs of the apps here and separate them with spaces. E.g. 'files richdocuments'
+ADDITIONAL_TRUSTED_PROXY:        # Allows to add one additional ip-address to Nextcloud's trusted proxies and to the Office WOPI-allowlist automatically. Set it e.g. like this: 'your.public.ip-address'. You can also use an ip-range here.
 SMTP_HOST:        # (empty by default): The hostname of the SMTP server.
 SMTP_SECURE:         # (empty by default): Set to 'ssl' to use SSL, or 'tls' to use STARTTLS.
 SMTP_PORT:         # (default: '465' for SSL and '25' for non-secure connections): Optional port for the SMTP connection. Use '587' for an alternative port for STARTTLS.

php/composer.lock

@@ -1558,6 +1558,89 @@
             ],
             "time": "2023-07-28T09:04:16+00:00"
         },
+        {
+            "name": "symfony/polyfill-php80",
+            "version": "v1.28.0",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/symfony/polyfill-php80.git",
+                "reference": "6caa57379c4aec19c0a12a38b59b26487dcfe4b5"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/symfony/polyfill-php80/zipball/6caa57379c4aec19c0a12a38b59b26487dcfe4b5",
+                "reference": "6caa57379c4aec19c0a12a38b59b26487dcfe4b5",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=7.1"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-main": "1.28-dev"
+                },
+                "thanks": {
+                    "name": "symfony/polyfill",
+                    "url": "https://github.com/symfony/polyfill"
+                }
+            },
+            "autoload": {
+                "files": [
+                    "bootstrap.php"
+                ],
+                "psr-4": {
+                    "Symfony\\Polyfill\\Php80\\": ""
+                },
+                "classmap": [
+                    "Resources/stubs"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Ion Bazan",
+                    "email": "ion.bazan@gmail.com"
+                },
+                {
+                    "name": "Nicolas Grekas",
+                    "email": "p@tchwork.com"
+                },
+                {
+                    "name": "Symfony Community",
+                    "homepage": "https://symfony.com/contributors"
+                }
+            ],
+            "description": "Symfony polyfill backporting some PHP 8.0+ features to lower PHP versions",
+            "homepage": "https://symfony.com",
+            "keywords": [
+                "compatibility",
+                "polyfill",
+                "portable",
+                "shim"
+            ],
+            "support": {
+                "source": "https://github.com/symfony/polyfill-php80/tree/v1.28.0"
+            },
+            "funding": [
+                {
+                    "url": "https://symfony.com/sponsor",
+                    "type": "custom"
+                },
+                {
+                    "url": "https://github.com/fabpot",
+                    "type": "github"
+                },
+                {
+                    "url": "https://tidelift.com/funding/github/packagist/symfony/symfony",
+                    "type": "tidelift"
+                }
+            ],
+            "time": "2023-01-26T09:26:14+00:00"
+        },
         {
             "name": "symfony/polyfill-php81",
             "version": "v1.28.0",
@@ -1639,26 +1722,27 @@
         },
         {
             "name": "twig/twig",
-            "version": "v3.7.1",
+            "version": "v3.8.0",
             "source": {
                 "type": "git",
                 "url": "https://github.com/twigphp/Twig.git",
-                "reference": "a0ce373a0ca3bf6c64b9e3e2124aca502ba39554"
+                "reference": "9d15f0ac07f44dc4217883ec6ae02fd555c6f71d"
             },
             "dist": {
                 "type": "zip",
-                "url": "https://api.github.com/repos/twigphp/Twig/zipball/a0ce373a0ca3bf6c64b9e3e2124aca502ba39554",
-                "reference": "a0ce373a0ca3bf6c64b9e3e2124aca502ba39554",
+                "url": "https://api.github.com/repos/twigphp/Twig/zipball/9d15f0ac07f44dc4217883ec6ae02fd555c6f71d",
+                "reference": "9d15f0ac07f44dc4217883ec6ae02fd555c6f71d",
                 "shasum": ""
             },
             "require": {
                 "php": ">=7.2.5",
                 "symfony/polyfill-ctype": "^1.8",
-                "symfony/polyfill-mbstring": "^1.3"
+                "symfony/polyfill-mbstring": "^1.3",
+                "symfony/polyfill-php80": "^1.22"
             },
             "require-dev": {
                 "psr/container": "^1.0|^2.0",
-                "symfony/phpunit-bridge": "^5.4.9|^6.3"
+                "symfony/phpunit-bridge": "^5.4.9|^6.3|^7.0"
             },
             "type": "library",
             "autoload": {
@@ -1694,7 +1778,7 @@
             ],
             "support": {
                 "issues": "https://github.com/twigphp/Twig/issues",
-                "source": "https://github.com/twigphp/Twig/tree/v3.7.1"
+                "source": "https://github.com/twigphp/Twig/tree/v3.8.0"
             },
             "funding": [
                 {
@@ -1706,7 +1790,7 @@
                     "type": "tidelift"
                 }
             ],
-            "time": "2023-08-28T11:09:02+00:00"
+            "time": "2023-11-21T18:54:41+00:00"
         }
     ],
     "packages-dev": [],

php/containers.json

@@ -323,6 +323,9 @@
       ],
       "networks": [
         "nextcloud-aio"
+      ],
+      "cap_add": [
+        "MKNOD"
       ]
     },
     {

php/psalm-baseline.xml

@@ -1,2 +1,2 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.15.0@5c774aca4746caf3d239d9c8cadb9f882ca29352"/>
+<files psalm-version="5.16.0@2897ba636551a8cb61601cc26f6ccfbba6c36591"/>

php/src/Controller/DockerController.php

@@ -26,11 +26,11 @@ class DockerController
         $this->configurationManager = $configurationManager;
     }
 
-    private function PerformRecursiveContainerStart(string $id, bool $pullContainer = true) : void {
+    private function PerformRecursiveContainerStart(string $id, bool $pullImage = true) : void {
         $container = $this->containerDefinitionFetcher->GetContainerById($id);
 
         foreach($container->GetDependsOn() as $dependency) {
-            $this->PerformRecursiveContainerStart($dependency, $pullContainer);
+            $this->PerformRecursiveContainerStart($dependency, $pullImage);
         }
 
         // Don't start if container is already running
@@ -43,15 +43,15 @@ class DockerController
         // Skip database image pull if the last shutdown was not clean
         if ($id === 'nextcloud-aio-database') {
             if ($this->dockerActionManager->GetDatabasecontainerExitCode() > 0) {
-                $pullContainer = false;
+                $pullImage = false;
                 error_log('Not pulling the latest database image because the container was not correctly shut down.');
             }
         }
 
         $this->dockerActionManager->DeleteContainer($container);
         $this->dockerActionManager->CreateVolumes($container);
-        if ($pullContainer) {
-            $this->dockerActionManager->PullContainer($container);
+        if ($pullImage) {
+            $this->dockerActionManager->PullImage($container);
         }
         $this->dockerActionManager->CreateContainer($container);
         $this->dockerActionManager->StartContainer($container);
@@ -188,7 +188,7 @@ class DockerController
         return $response->withStatus(201)->withHeader('Location', '/');
     }
 
-    public function startTopContainer(bool $pullContainer) : void {
+    public function startTopContainer(bool $pullImage) : void {
         $config = $this->configurationManager->GetConfig();
         // set AIO_TOKEN
         $config['AIO_TOKEN'] = bin2hex(random_bytes(24));
@@ -199,7 +199,7 @@ class DockerController
 
         $id = self::TOP_CONTAINER;
 
-        $this->PerformRecursiveContainerStart($id, $pullContainer);
+        $this->PerformRecursiveContainerStart($id, $pullImage);
     }
 
     public function StartWatchtowerContainer(Request $request, Response $response, array $args) : Response {

php/src/Docker/DockerActionManager.php

@@ -577,11 +577,17 @@ class DockerActionManager
 
     }
 
-    public function PullContainer(Container $container) : void
+    public function PullImage(Container $container) : void
     {
-        $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', urlencode($this->BuildImageName($container))));
-        // do not catch any exception so that it always throws and logs the error
-        $this->guzzleClient->post($url);
+        $imageName = urlencode($this->BuildImageName($container));
+        $url = $this->BuildApiUrl(sprintf('images/create?fromImage=%s', $imageName));
+        try {
+            $this->guzzleClient->post($url);
+            $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
+            $this->guzzleClient->get($imageUrl)->getBody()->getContents();
+        } catch (\Throwable $e) {
+            throw new \Exception("Could not pull image " . $imageName . ". Please run 'sudo docker exec -it nextcloud-aio-mastercontainer docker pull " . $imageName . "' in order to find out why it failed.");
+        }
     }
 
     private function isContainerUpdateAvailable(string $id) : string

php/templates/containers.twig

@@ -16,7 +16,7 @@
     </header>
 
     <div class="content">
-        <h1>Nextcloud AIO v7.7.0</h1>
+        <h1>Nextcloud AIO v7.7.1</h1>
 
         {# Add 2nd tab warning #}
         <script type="text/javascript" src="second-tab-warning.js"></script>

readme.md

@@ -16,7 +16,7 @@ Included are:
 - Simple web interface included that enables easy installation and maintenance
 - [Easy updates included](https://github.com/nextcloud/all-in-one#how-to-update-the-containers)
 - Update and backup notifications included
-- Daily backups can get enabled from the AIO interface which also allows to update all containers, Nextcloud and its apps afterwards automatically
+- Daily backups can be enabled from the AIO interface which also allows updating all containers, Nextcloud and its apps afterwards automatically
 - Instance restore from backup archive via the AIO interface included (you only need the archive and the password in order to restore the whole instance on a new AIO instance)
 - APCu as local cache
 - Redis as distributed cache and for file locking
@@ -258,9 +258,9 @@ No and they will not be. Please use a dedicated domain for Nextcloud and set it
 No and it will not be added. Please use a dedicated domain for Nextcloud and set it up correctly by following the [reverse proxy documentation](./reverse-proxy.md).
 
 ### How can I access Nextcloud locally?
-Please note that local access is not possible if you should be running AIO behind Cloudflare Tunnel since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally and will make the steps below work.
+Please note that local access is not possible if you are running AIO behind Cloudflare Tunnel since TLS proxying is in that case offloaded to Cloudflares infrastructure. You can fix this by setting up your own reverse proxy that handles TLS proxying locally and will make the steps below work.
 
-Please make sure that if you should be running AIO behind a reverse proxy, that the reverse proxy is configured to use port 443 on the server that runs it. Otherwise the steps below will not work.
+Please make sure that if you are running AIO behind a reverse proxy, that the reverse proxy is configured to use port 443 on the server that runs it. Otherwise the steps below will not work.
 
 Now that this is out of the way, the recommended way how to access Nextcloud locally, is to set up a local dns-server like a pi-hole and set up a custom dns-record for that domain that points to the internal ip-adddress of your server that runs Nextcloud AIO. Below are some guides:
 - https://www.howtogeek.com/devops/how-to-run-your-own-dns-server-on-your-local-network/
@@ -371,6 +371,9 @@ Be aware that this solution does not back up files and folders that are mounted
 
 ---
 
+#### What is getting backed up by AIO's backup solution?
+Backed up will get all important data of your Nextcloud AIO instance like the database, your files and configuration files of the mastercontainer and else. Files and folders that are mounted into Nextcloud using the external storage app are not getting backed up. There is currently no way to exclude the data directory because it would require hacks like running files:scan and would make the backup solution much more unreliable (since the database and your files/folders need to stay in sync). If you still don't want your datadirectory to be backed up, see https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand for options (there is a hint what needs to be backed up in which order).
+
 #### How to adjust borgs retention policy?
 The built-in borg-based backup solution has by default a retention policy of `--keep-within=7d --keep-weekly=4 --keep-monthly=6`. See https://borgbackup.readthedocs.io/en/stable/usage/prune.html for what these values mean. You can adjust the retention policy by providing `--env BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. ⚠️ Please make sure that this value is valid, otherwise backup pruning will bug out!
 
@@ -665,7 +668,7 @@ The [facerecognition app](https://apps.nextcloud.com/apps/facerecognition) requi
 ### How to enable hardware-transcoding for Nextcloud?
 ⚠️⚠️⚠️ Warning: this only works if the `/dev/dri` device is present on the host! If it does not exists on your host, don't proceed as otherwise the Nextcloud container will fail to start! If you are unsure about this, better do not proceed with the instructions below.
 
-The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container. Additionally, you need to add required packets to the Nextcloud container by using [this feature](https://github.com/nextcloud/all-in-one#how-to-add-os-packages-permanently-to-the-nextcloud-container) and adding the required Alpine packages that are documented [here](https://memories.gallery/hw-transcoding/#va-api).
+The [memories app](https://apps.nextcloud.com/apps/memories) allows to enable hardware transcoding for videos. In order to use that, you need to add `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) which will mount the `/dev/dri` device into the container. There is now a community container which allows to easily add the transcoding container of Memories to AIO: https://github.com/nextcloud/all-in-one/tree/main/community-containers/memories
 
 ### How to keep disabled apps?
 In certain situations you might want to keep Nextcloud apps that are disabled in the AIO interface and not uninstall them if they should be installed in Nextcloud. You can do so by adding `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). ⚠️⚠️⚠️ **Warning** doing this might cause unintended problems in Nextcloud if an app that requires an external dependency is still installed but the external dependency not for example.