Update index.yaml

Signed-off-by: szaimen <szaimen@users.noreply.github.com>
Update index.yaml
2026-05-21 10:50:10 +00:00 · 2026-05-16 07:26:45 +00:00 · 2026-05-13 14:10:42 +00:00 · 2026-05-13 16:07:06 +02:00 · 2026-05-13 16:07:00 +02:00 · 2026-05-13 09:19:47 +00:00
227 changed files with 4010 additions and 7756 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -1 +0,0 @@
-* text=auto
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -108,15 +108,6 @@ updates:
  labels:
  - 3. to review
  - dependencies
- package-ecosystem: "docker"
-  directory: "/Containers/talk-recording"
-  schedule:
-    interval: "daily"
-    time: "12:00"
-  open-pull-requests-limit: 10
-  labels:
-  - 3. to review
-  - dependencies
 - package-ecosystem: "docker"
  directory: "/Containers/watchtower"
  schedule:
@@ -165,21 +156,3 @@ updates:
  labels:
  - 3. to review
  - dependencies
- package-ecosystem: "docker"
-  directory: "/Containers/notify-push"
-  schedule:
-    interval: "daily"
-    time: "12:00"
-  open-pull-requests-limit: 10
-  labels:
-  - 3. to review
-  - dependencies
- package-ecosystem: "docker"
-  directory: "/Containers/docker-socket-proxy"
-  schedule:
-    interval: "daily"
-    time: "12:00"
-  open-pull-requests-limit: 10
-  labels:
-  - 3. to review
-  - dependencies
--- a/.github/release.yml
+++ b/.github/release.yml
@@ -1,14 +0,0 @@
-changelog:
-  categories:
-    - title: 🏕 New features and other improvements
-      labels:
-        - enhancement
-    - title: 🐞 Fixed bugs
-      labels:
-        - bug
-    - title: 👒 Updated dependencies
-      labels:
-        - dependencies
-    - title: 📄 Improved documentation
-      labels:
-        - documentation
--- a/.github/workflows/codespell.yml
+++ b/.github/workflows/codespell.yml
@@ -1,20 +0,0 @@
-name: 'Codespell'
-
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-
-jobs:
-  codespell:
-    name: Check spelling
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-      - name: Check spelling
-        uses: codespell-project/actions-codespell@v2
-        with:
-          check_filenames: true
-          check_hidden: true
--- a/.github/workflows/command-rebase.yml
+++ b/.github/workflows/command-rebase.yml
@@ -23,7 +23,7 @@ jobs:

    steps:
      - name: Add reaction on start
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        uses: peter-evans/create-or-update-comment@v2
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          repository: ${{ github.event.repository.full_name }}
@@ -31,18 +31,18 @@ jobs:
          reaction-type: "+1"

      - name: Checkout the latest code
-        uses: actions/checkout@v4 # v3.5.2
+        uses: actions/checkout@v3
        with:
          fetch-depth: 0
          token: ${{ secrets.COMMAND_BOT_PAT }}

      - name: Automatic Rebase
-        uses: cirrus-actions/rebase@b87d48154a87a85666003575337e27b8cd65f691 # 1.8
+        uses: cirrus-actions/rebase@1.8
        env:
          GITHUB_TOKEN: ${{ secrets.COMMAND_BOT_PAT }}

      - name: Add reaction on failure
-        uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0
+        uses: peter-evans/create-or-update-comment@v2
        if: failure()
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
--- a/.github/workflows/community-containers.yml
+++ b/.github/workflows/community-containers.yml
@@ -1,37 +0,0 @@
-name: Validate community containers
-
-on:
-  pull_request:
-    paths:
-      - 'community-containers/**'
-  push:
-    branches:
-      - main
-    paths:
-      - 'community-containers/**'
-
-jobs:
-  validator-community-containers:
-    name: Validate community containers
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-      - name: Validate structure
-        run: |
-          CONTAINERS="$(find ./community-containers -mindepth 1 -maxdepth 1 -type d)"
-          mapfile -t CONTAINERS <<< "$CONTAINERS"
-          for container in "${CONTAINERS[@]}"; do
-            container="$(echo "$container" | sed 's|./community-containers/||')"
-            if ! [ -f ./community-containers/"$container"/"$container.json" ]; then
-                echo ".json file must be named like its parent folder $container"
-                FAIL=1
-            fi
-            if ! [ -f ./community-containers/"$container"/readme.md ]; then
-                echo "There must be a readme.md file in the folder!"
-                FAIL=1
-            fi
-            if [ -n "$FAIL" ]; then
-                exit 1
-            fi
-          done
--- a/.github/workflows/create-psalm-container.yml
+++ b/.github/workflows/create-psalm-container.yml
@@ -0,0 +1,54 @@
+name: Create Psalm Container
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '5 4 * * *'
+
+jobs:
+  push_to_registry:
+    runs-on: ubuntu-latest
+
+    name: Create Psalm Container
+
+    permissions:
+      packages: write
+      contents: read
+
+    steps:
+      - name: Check out the repo
+        run: |
+          git clone https://github.com/psalm/psalm-github-actions.git
+      
+      - name: Modify the Dockerfile
+        run: |
+          set -x
+          sed -i 's|FROM php:7.4-alpine|FROM php:8.1-alpine|' "psalm-github-actions/Dockerfile"
+          cat << APCU >> "psalm-github-actions/Dockerfile"
+          RUN mkdir -p /usr/src/php/ext/apcu && \
+            curl -fsSL https://pecl.php.net/get/apcu | tar xvz -C "/usr/src/php/ext/apcu" --strip 1 && \
+            docker-php-ext-install apcu
+          APCU
+
+      - name: Log in to GitHub Docker Registry
+        uses: docker/login-action@v2
+        with:
+          registry: docker.pkg.github.com
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build container image
+        uses: docker/build-push-action@v4
+        with:
+          push: true
+          context: 'psalm-github-actions'
+          file: 'psalm-github-actions/Dockerfile'
+          tags: |
+            ghcr.io/nextcloud/all-in-one-psalm:latest
--- a/.github/workflows/dependency-updates.yml
+++ b/.github/workflows/dependency-updates.yml
@@ -10,27 +10,26 @@ jobs:
    name: Run dependency update script
    runs-on: ubuntu-20.04
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v3
    - uses: shivammathur/setup-php@v2
      with:
-        php-version: 8.3
+        php-version: 8.1
        extensions: apcu
    - name: Run dependency update script
      run: |
        set -x
        cd ./php
-        composer update --with-all-dependencies
-        # Disable dependency updates for now
-        # set +e
-        # ALL_LINES="$(composer outdated | grep -v "^$\|Direct dependencies\|Everything up to date\|Transitive dependencies")"
-        # set -e
-        # while [ -n "$ALL_LINES" ]; do
-        #   CURRENT_LINE="$(echo "$ALL_LINES" | head -1)"
-        #   composer require "$(echo "$CURRENT_LINE" | awk '{print $1}')" "^$(echo "$CURRENT_LINE" | awk '{print $4}')" --with-all-dependencies
-        #   ALL_LINES="$(echo "$ALL_LINES" | sed '1d')"
-        # done
-        # echo "outdated dependencies:
-        # $(composer outdated)"
+        composer update
+        set +e
+        ALL_LINES="$(composer outdated | grep -v "^$\|Direct dependencies\|Everything up to date\|Transitive dependencies")"
+        set -e
+        while [ -n "$ALL_LINES" ]; do
+          CURRENT_LINE="$(echo "$ALL_LINES" | head -1)"
+          composer require "$(echo "$CURRENT_LINE" | awk '{print $1}')" "^$(echo "$CURRENT_LINE" | awk '{print $4}')" --with-all-dependencies
+          ALL_LINES="$(echo "$ALL_LINES" | sed '1d')"
+        done
+        echo "outdated dependencies:
+        $(composer outdated)"
    - name: Update apcu
      run: |
        # APCU
@@ -44,12 +43,12 @@ jobs:
        )"
        sed -i "s|pecl install APCu.*\;|pecl install APCu-$apcu_version\;|" ./Containers/mastercontainer/Dockerfile
    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v6
+      uses: peter-evans/create-pull-request@v4
      with:
-        commit-message: php dependency updates
+        commit-message: dependency updates
        signoff: true
-        title: PHP dependency updates
-        body: Automated php dependency updates since dependabot does not support grouped updates
-        labels: dependencies, 3. to review
+        title: Dependency updates
+        body: Automated dependency updates since dependabot does not support grouped updates
+        labels: dependencies, enhancement
        milestone: next
        branch: aio-dependency-update
--- a/.github/workflows/docker-lint.yml
+++ b/.github/workflows/docker-lint.yml
@@ -1,46 +0,0 @@
-name: Docker Lint
-
-on:
-  pull_request:
-    paths:
-      - 'Containers/**'
-  push:
-    branches:
-      - main
-    paths:
-      - 'Containers/**'
-
-permissions:
-  contents: read
-
-concurrency: 
-  group: docker-lint-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  docker-lint:
-    runs-on: ubuntu-latest
-
-    name: docker-lint
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Install hadolint
-        run: |
-          sudo wget https://github.com/hadolint/hadolint/releases/latest/download/hadolint-Linux-x86_64 -O /usr/bin/hadolint
-          sudo chmod +x /usr/bin/hadolint
-
-      - name: run lint
-        run: |
-          DOCKERFILES="$(find ./Containers -name Dockerfile)"
-          mapfile -t DOCKERFILES <<< "$DOCKERFILES"
-          for file in "${DOCKERFILES[@]}"; do
-            # DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
-            # DL4006 warning: Set the SHELL option -o pipefail before RUN with a pipe in it. If you are using /bin/sh in an alpine image or if your shell is symlinked to busybox then consider explicitly setting your SHELL to /bin/ash, or disable this check
-            hadolint "$file" --ignore DL3018 --ignore DL4006 | tee -a ./hadolint.log
-          done
-          if grep -q "DL[0-9]\+\|SC[0-9]\+" ./hadolint.log; then
-            exit 1
-          fi
--- a/.github/workflows/helm-release.yml
+++ b/.github/workflows/helm-release.yml
@@ -6,14 +6,14 @@ on:
    branches:
      - main
    paths:
-      - 'nextcloud-aio-helm-chart/**'
+      - 'helm-chart/**'

 jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3

      - name: Turnstyle
        uses: softprops/turnstyle@v1
@@ -32,19 +32,17 @@ jobs:

      # See https://github.com/helm/chart-releaser-action/issues/6
      - name: Set up Helm
-        uses: azure/setup-helm@v4
+        uses: azure/setup-helm@v3.1
        with:
          version: v3.6.3

-      - name: Run Helm Lint
-        run: |
-          helm lint ./nextcloud-aio-helm-chart
-
      - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.6.0
+        # TODO: switch back @main to a specific version like @v1.5.1 or higher
+        uses: helm/chart-releaser-action@main
        with:
+          charts_repo_url: https://nextcloud.github.io/all-in-one
+          charts_dir: helm-chart
          mark_as_latest: false
-          charts_dir: .
        env:
          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
          CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}"
--- a/.github/workflows/imaginary-update.yml
+++ b/.github/workflows/imaginary-update.yml
@@ -1,33 +0,0 @@
-name: imaginary-update
-
-on:
-  workflow_dispatch:
-  schedule:
-  - cron:  '00 12 * * *'
-
-jobs:
-  run_update:
-    name: update to latest imaginary commit on master branch
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: Run imaginary-update
-      run: |
-        # Imaginary
-        imaginary_version="$(
-          git ls-remote https://github.com/h2non/imaginary master \
-            | cut -f1 \
-            | tail -1
-        )"
-        sed -i "s|^ENV IMAGINARY_HASH.*$|ENV IMAGINARY_HASH $imaginary_version|" ./Containers/imaginary/Dockerfile
-        
-    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v6
-      with:
-        commit-message: imaginary-update automated change
-        signoff: true
-        title: Imaginary update
-        body: Automated Imaginary container update
-        labels: dependencies, 3. to review
-        milestone: next
-        branch: imaginary-container-update
--- a/.github/workflows/json-validator.yml
+++ b/.github/workflows/json-validator.yml
@@ -2,34 +2,19 @@ name: Json Validator

 on:
  pull_request:
-    paths:
-      - '**.json'
  push:
    branches:
      - main
-    paths:
-      - '**.json'

 jobs:
-  json-validator:
+  psalm:
    name: Json Validator
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      - name: Validate Json
        run: |
-          sudo apt-get update
-          sudo apt-get install python3-pip -y --no-install-recommends
+          sudo apt install python3-pip --no-install-recommends
          sudo pip3 install json-spec
-          if ! json validate --schema-file=php/containers-schema.json --document-file=php/containers.json; then
-            exit 1
-          fi
-          JSON_FILES="$(find ./community-containers -name '*.json')"
-          mapfile -t JSON_FILES <<< "$JSON_FILES"
-          for file in "${JSON_FILES[@]}"; do
-            json validate --schema-file=php/containers-schema.json --document-file="$file" 2>&1 | tee -a ./json-validator.log
-          done
-          if grep -q "document does not validate with schema." ./json-validator.log; then
-            exit 1
-          fi
+          json validate --schema-file=php/containers-schema.json --document-file=php/containers.json
--- a/.github/workflows/lint-helm.yml
+++ b/.github/workflows/lint-helm.yml
@@ -1,24 +0,0 @@
-name: Lint Helm Charts
-
-on:
-  workflow_dispatch:
-  pull_request:
-    paths:
-      - 'nextcloud-aio-helm-chart/**'
-
-jobs:
-  lint-helm:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Install Helm
-        uses: azure/setup-helm@v4
-        with:
-          version: v3.11.1
-
-      - name: Lint charts
-        run: helm lint nextcloud-aio-helm-chart
--- a/.github/workflows/lint-php.yml
+++ b/.github/workflows/lint-php.yml
@@ -3,22 +3,18 @@
 # https://github.com/nextcloud/.github
 # https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization

-name: Lint php
+name: Lint

 on:
  pull_request:
-    paths:
-      - 'php/**'
  push:
    branches:
      - main
-    paths:
-      - 'php/**'

 permissions:
  contents: read

-concurrency:
+concurrency: 
  group: lint-php-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true

@@ -27,22 +23,19 @@ jobs:
    runs-on: ubuntu-latest
    strategy:
      matrix:
-        php-versions: [ "8.3" ]
+        php-versions: ["8.1"]

    name: php-lint

    steps:
      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@v3

      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
+        uses: shivammathur/setup-php@v2
        with:
          php-version: ${{ matrix.php-versions }}
          coverage: none
-          ini-file: development
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Lint
        run: cd php && composer run lint
@@ -50,7 +43,7 @@ jobs:
  summary:
    permissions:
      contents: none
-    runs-on: ubuntu-latest-low
+    runs-on: ubuntu-latest
    needs: php-lint

    if: always()
--- a/.github/workflows/lock-threads.yml
+++ b/.github/workflows/lock-threads.yml
@@ -14,7 +14,7 @@ jobs:
  action:
    runs-on: ubuntu-latest
    steps:
-      - uses: dessant/lock-threads@v5
+      - uses: dessant/lock-threads@v4
        with: 
          issue-inactive-days: '14'
          process-only: 'issues'
--- a/.github/workflows/nextcloud-update.yml
+++ b/.github/workflows/nextcloud-update.yml
@@ -11,7 +11,7 @@ jobs:
    name: Run nextcloud-update script
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v3
    - name: Run nextcloud-update script
      run: |
        # Inspired by https://github.com/nextcloud/docker/blob/master/update.sh
@@ -63,17 +63,15 @@ jobs:
        # Nextcloud
        NC_MAJOR="$(grep "ENV NEXTCLOUD_VERSION" ./Containers/nextcloud/Dockerfile | grep -oP '[23][0-9]')"
        NCVERSION=$(curl -s -m 900 https://download.nextcloud.com/server/releases/ | sed --silent 's/.*href="nextcloud-\([^"]\+\).zip.asc".*/\1/p' | grep "$NC_MAJOR" | sort --version-sort | tail -1)
-        if [ -n "$NCVERSION" ]; then
-          sed -i "s|^ENV NEXTCLOUD_VERSION.*|ENV NEXTCLOUD_VERSION $NCVERSION|" ./Containers/nextcloud/Dockerfile
-        fi
+        sed -i "s|^ENV NEXTCLOUD_VERSION.*|ENV NEXTCLOUD_VERSION $NCVERSION|" ./Containers/nextcloud/Dockerfile

    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v6
+      uses: peter-evans/create-pull-request@v4
      with:
        commit-message: nextcloud-update automated change
        signoff: true
-        title: Nextcloud dependency update
+        title: Nextcloud update
        body: Automated Nextcloud container update
-        labels: dependencies, 3. to review
+        labels: dependencies, enhancement
        milestone: next
        branch: nextcloud-container-update
--- a/.github/workflows/php-deprecation-detector.yml
+++ b/.github/workflows/php-deprecation-detector.yml
@@ -3,24 +3,20 @@ name: PHP Deprecation Detector

 on:
  pull_request:
-    paths:
-      - 'php/**'
  push:
    branches:
      - main
-    paths:
-      - 'php/**'

 jobs:
-  phpdd:
+  psalm:
    name: PHP Deprecation Detector
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
-      - name: Set up php
+      - uses: actions/checkout@v3
+      - name: Set up php8.1
        uses: shivammathur/setup-php@v2
        with:
-          php-version: 8.3
+          php-version: 8.1
          extensions: apcu
          coverage: none

--- a/.github/workflows/psalm-analysis.yml
+++ b/.github/workflows/psalm-analysis.yml
@@ -0,0 +1,28 @@
+name: Psalm Analysis
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  psalm:
+    name: Psalm
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up php8.1
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: 8.1
+          extensions: apcu
+          coverage: none
+
+      - name: Run script
+        run: |
+          set -x
+          cd php
+          composer global require vimeo/psalm --prefer-dist --no-progress --dev
+          composer install
+          composer run psalm
--- a/.github/workflows/psalm-security.yml
+++ b/.github/workflows/psalm-security.yml
@@ -0,0 +1,25 @@
+name: Psalm Security Analysis
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  psalm:
+    name: Psalm
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Psalm
+        uses: docker://ghcr.io/nextcloud/all-in-one-psalm
+        with:
+          relative_dir: php
+          security_analysis: true
+          composer_ignore_platform_reqs: false
+          report_file: results.sarif
+      - name: Upload Security Analysis results to GitHub
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: php/results.sarif
--- a/.github/workflows/psalm-update-baseline.yml
+++ b/.github/workflows/psalm-update-baseline.yml
@@ -10,12 +10,12 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3

-      - name: Set up php
+      - name: Set up php8.1
        uses: shivammathur/setup-php@v2
        with:
-          php-version: 8.3
+          php-version: 8.1
          extensions: apcu
          coverage: none

@@ -31,7 +31,7 @@ jobs:
        continue-on-error: true

      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v6
+        uses: peter-evans/create-pull-request@v4
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: Update psalm baseline
@@ -39,9 +39,10 @@ jobs:
          author: nextcloud-command <nextcloud-command@users.noreply.github.com>
          signoff: true
          branch: automated/noid/psalm-baseline-update
+          # Make sure we can open multiple PRs
+          branch-suffix: timestamp
          title: '[Automated] Update psalm-baseline.xml'
-          milestone: next
          body: |
            Auto-generated update psalm-baseline.xml with fixed psalm warnings
          labels: |
-            3. to review, dependencies
+            3. to review
--- a/.github/workflows/psalm.yml
+++ b/.github/workflows/psalm.yml
@@ -1,47 +0,0 @@
-# This workflow is provided via the organization template repository
-#
-# https://github.com/nextcloud/.github
-# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
-
-name: Static analysis
-
-on:
-  pull_request:
-    paths:
-      - 'php/**'
-  push:
-    branches:
-      - main
-    paths:
-      - 'php/**'
-
-concurrency:
-  group: psalm-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  static-analysis:
-    runs-on: ubuntu-latest
-
-    name: static-psalm-analysis
-    steps:
-      - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-      - name: Set up php
-        uses: shivammathur/setup-php@a4e22b60bbb9c1021113f2860347b0759f66fe5d # v2
-        with:
-          php-version: 8.3
-          extensions: apcu
-          coverage: none
-          ini-file: development
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Install dependencies and run psalm
-        run: |
-          set -x
-          cd php
-          composer global require vimeo/psalm --prefer-dist --no-progress --dev
-          composer install
-          composer run psalm
--- a/.github/workflows/shellcheck.yml
+++ b/.github/workflows/shellcheck.yml
@@ -2,20 +2,16 @@ name: Shellcheck

 on:
  pull_request:
-    paths:
-      - '**.sh'
  push:
    branches:
      - main
-    paths:
-      - '**.sh'

 jobs:
  shellcheck:
    name: Check Shell
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v3
    - name: Run Shellcheck
      uses: ludeeus/action-shellcheck@2.0.0
      with:
--- a/.github/workflows/spellcheck.yml
+++ b/.github/workflows/spellcheck.yml
@@ -0,0 +1,23 @@
+name: 'Spellcheck'
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  spellcheck:
+    name: Check spelling
+    runs-on: ubuntu-latest
+    steps:
+      - name: spelling or typos
+        uses: actions/checkout@v3
+      - name: fix permission for reviewdog
+        run: sudo chown -R root:root $GITHUB_WORKSPACE
+      - name: misspell
+        uses: reviewdog/action-misspell@v1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          locale: "US"
+          fail_on_error: true
--- a/.github/workflows/talk.yml
+++ b/.github/workflows/talk.yml
@@ -1,56 +0,0 @@
-name: talk-update
-
-on:
-  workflow_dispatch:
-  schedule:
-  - cron:  '00 12 * * *'
-
-jobs:
-  talk-update:
-    name: update talk
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v4
-    - name: Run talk-container-update
-      run: |
-        # Recording
-        recording_version="$(
-          git ls-remote https://github.com/nextcloud/nextcloud-talk-recording v* \
-            | cut -d/ -f3 \
-            | sort -V \
-            | grep -E "^v[0-9\.]+$" \
-            | tail -1
-        )"
-        sed -i "s|^ENV RECORDING_VERSION.*$|ENV RECORDING_VERSION $recording_version|" ./Containers/talk-recording/Dockerfile
-        curl -L "https://raw.githubusercontent.com/nextcloud/nextcloud-talk-recording/$recording_version/server.conf.in" -o Containers/talk-recording/recording.conf
-        
-        # Signaling
-        signaling_version="$(
-          git ls-remote https://github.com/strukturag/nextcloud-spreed-signaling v*.*.* \
-            | cut -d/ -f3 \
-            | sort -V \
-            | grep -E "^v[0-9]+\.[0-9]+\.[0-9]+$" \
-            | tail -1
-        )"
-        curl -L "https://raw.githubusercontent.com/strukturag/nextcloud-spreed-signaling/$signaling_version/server.conf.in" -o Containers/talk/server.conf.in
-        
-        # Janus
-        janus_version="$(
-          git ls-remote https://github.com/meetecho/janus-gateway v0.*.* \
-            | cut -d/ -f3 \
-            | sort -V \
-            | grep -E "^v[0-9]+\.[0-9]+\.[0-9]+$" \
-            | tail -1
-        )"
-        sed -i "s|^ARG JANUS_VERSION=.*$|ARG JANUS_VERSION=$janus_version|" ./Containers/talk/Dockerfile
-        
-    - name: Create Pull Request
-      uses: peter-evans/create-pull-request@v6
-      with:
-        commit-message: talk-update automated change
-        signoff: true
-        title: talk container update
-        body: Automated talk container update
-        labels: dependencies, 3. to review
-        milestone: next
-        branch: talk-container-update
--- a/.github/workflows/twig-lint.yml
+++ b/.github/workflows/twig-lint.yml
@@ -1,42 +0,0 @@
-name: Twig Lint
-
-on:
-  pull_request:
-    paths:
-      - '**.twig'
-  push:
-    branches:
-      - main
-    paths:
-      - '**.twig'
-
-permissions:
-  contents: read
-
-concurrency: 
-  group: lint-twig-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  twig-lint:
-    runs-on: ubuntu-latest
-    name: twig-lint
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@v2
-        with:
-          php-version: 8.3
-          extensions: apcu
-          coverage: none
-
-      - name: twig lint
-        run: |
-          cd php
-          composer require sserbin/twig-linter:@dev --no-progress --dev
-          composer install
-          chmod +x ./vendor/bin/twig-linter
-          ./vendor/bin/twig-linter lint ./templates
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -6,28 +6,28 @@ on:
  - cron:  '00 12 * * *'

 jobs:
-  update-helm:
+  psalm:
    name: update helm chart
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      - name: update helm chart
        run: |
          DOCKER_TAG="$(curl -L -s 'https://registry.hub.docker.com/v2/repositories/nextcloud/all-in-one/tags?page_size=1024' | jq '."results"[]["name"]' | sed 's|"||g' | grep '^20' | sort -r | head -1)"
          DOCKER_TAG="${DOCKER_TAG%%-latest*}"
          export DOCKER_TAG
-          if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
-            sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
+          if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
+            sudo bash helm-chart/update-helm.sh "$DOCKER_TAG"
          fi
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v6
+        uses: peter-evans/create-pull-request@v4
        with:
          commit-message: Helm Chart updates
          signoff: true
          title: Helm Chart updates
          body: Automated Helm Chart updates for the yaml files. It can be merged if it looks good at any time which will automatically trigger a new release of the helm chart.
-          labels: dependencies, 3. to review
+          labels: dependencies
          milestone: next
          branch: aio-helm-update
          token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/update-yaml.yml
+++ b/.github/workflows/update-yaml.yml
@@ -6,23 +6,23 @@ on:
  - cron:  '00 12 * * *'

 jobs:
-  update-yaml:
+  psalm:
    name: update yaml files
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v3
      - name: update yaml files
        run: |
          sudo bash manual-install/update-yaml.sh
      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v6
+        uses: peter-evans/create-pull-request@v4
        with:
          commit-message: Yaml updates
          signoff: true
          title: Yaml updates
          body: Automated yaml updates for the docker-compose files. Should only be merged shortly before the next latest release.
-          labels: dependencies, 3. to review
+          labels: dependencies
          milestone: next
          branch: aio-yaml-update
          token: ${{ secrets.GITHUB_TOKEN }}
--- a/.gitignore
+++ b/.gitignore
@@ -6,5 +6,4 @@
 /manual-install/*.conf
 !/manual-install/sample.conf
 /manual-install/docker-compose.yml
-/manual-install/compose.yaml
 /manual-install/.env
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -5,35 +5,44 @@
        root /mnt/data/caddy
    }

-    servers {
-        # trusted_proxies placeholder
-    }
-
    log {
        level ERROR
    }
 }

-https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
 {$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
-    header -Server
-    header -X-Powered-By
-
-    # Collabora
-    route /browser/* {
-        reverse_proxy {$COLLABORA_HOST}:9980
-    }
-    route /hosting/* {
-        reverse_proxy {$COLLABORA_HOST}:9980
-    }
-    route /cool/* {
-        reverse_proxy {$COLLABORA_HOST}:9980
-    }

    # Notify Push
    route /push/* {
        uri strip_prefix /push
-        reverse_proxy {$NOTIFY_PUSH_HOST}:7867
+        reverse_proxy {$NEXTCLOUD_HOST}:7867 {
+            # trusted_proxies placeholder
+        }
+    }
+
+    # Talk
+    route /standalone-signaling/* {
+        uri strip_prefix /standalone-signaling
+        reverse_proxy {$TALK_HOST}:8081 {
+            # trusted_proxies placeholder
+        }
+    }
+
+    # Collabora
+    route /browser/* {
+        reverse_proxy {$COLLABORA_HOST}:9980 {
+            # trusted_proxies placeholder
+        }
+    }
+    route /hosting/* {
+        reverse_proxy {$COLLABORA_HOST}:9980 {
+            # trusted_proxies placeholder
+        }
+    }
+    route /cool/* {
+        reverse_proxy {$COLLABORA_HOST}:9980 {
+            # trusted_proxies placeholder
+        }
    }

    # Onlyoffice
@@ -42,24 +51,19 @@ https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
        reverse_proxy {$ONLYOFFICE_HOST}:80 {
            header_up X-Forwarded-Host {http.request.host}/onlyoffice
            header_up X-Forwarded-Proto https
+            # trusted_proxies placeholder
        }
    }

-    # Talk
-    route /standalone-signaling/* {
-        uri strip_prefix /standalone-signaling
-        reverse_proxy {$TALK_HOST}:8081
-    }
-
-    # Others
-    import /mnt/data/caddy-imports/*
-
    # Nextcloud
    route {
        rewrite /.well-known/carddav /remote.php/dav
        rewrite /.well-known/caldav /remote.php/dav
        header Strict-Transport-Security max-age=31536000;
-        reverse_proxy localhost:8000
+        reverse_proxy localhost:8000 {
+            # See https://github.com/nextcloud/all-in-one/issues/828
+            # trusted_proxies placeholder
+        }
    }

    # TLS options
--- a/Containers/apache/Dockerfile
+++ b/Containers/apache/Dockerfile
@@ -1,91 +1,85 @@
-# syntax=docker/dockerfile:latest
-FROM caddy:2.7.6-alpine as caddy
+# Caddy is a requirement
+FROM caddy:2.6.4-alpine as caddy

-FROM httpd:2.4.59-alpine3.19
-
-COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
-
-COPY --chown=33:33 Caddyfile /Caddyfile
-COPY --chmod=664 nextcloud.conf /usr/local/apache2/conf/nextcloud.conf
-COPY --chmod=664 supervisord.conf /supervisord.conf
-COPY --chmod=775 start.sh /start.sh
-COPY --chmod=775 healthcheck.sh /healthcheck.sh
-
-VOLUME /mnt/data
+FROM httpd:2.4.56-alpine3.17

 RUN set -ex; \
-    apk upgrade --no-cache -a; \
    apk add --no-cache shadow; \
    groupmod -g 333 xfs; \
    usermod -u 333 -g 333 xfs; \
    groupmod -g 33 www-data; \
    usermod -u 33 -g 33 www-data; \
-    apk del --no-cache shadow; \
-    \
-    mkdir -p /mnt/data; \
-    chown -R www-data:www-data /mnt/data; \
-    chown -R 777 /tmp; \
-    \
+    apk del --no-cache shadow
+
+RUN mkdir -p /mnt/data; \
+    chown www-data:www-data /mnt/data;
+
+VOLUME /mnt/data
+
+RUN set -ex; \
    apk add --no-cache \
        bash \
        supervisor \
+        wget \
        tzdata \
        ca-certificates \
        openssl \
-        bind-tools \
-        netcat-openbsd; \
-    \
-    sed -i \
-            -e '/^Listen /d' \
-            -e 's/^#\(LoadModule .*mod_rewrite.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_headers.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_proxy.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_proxy_fcgi.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_setenvif.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_env.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_mime.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_dir.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_authz_core.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_alias.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \
-            -e 's/^#\(LoadModule .*mod_brotli.so\)/\1/' \
-            -e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \
-            -e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \
-            -e 's/\(ScriptAlias \)/#\1/' \
-        /usr/local/apache2/conf/httpd.conf; \
-    echo "Include conf/nextcloud.conf" | tee -a /usr/local/apache2/conf/httpd.conf; \
-    echo "ServerName localhost" | tee -a /usr/local/apache2/conf/httpd.conf; \
-# Sync this with max db connections and pm.max_children
-# We don't actually expect so many workers but don't want to limit it artificially because people will report issues otherwise.
-    sed -i 's|MaxRequestWorkers.*|MaxRequestWorkers 5000|' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
-    grep -q '<IfModule mpm_event_module>' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
-# ServerLimit needs to be set to MaxRequestWorkers divided by ThreadsPerChild which is set to 25 by default
-    sed -i '/<IfModule mpm_event_module>/a\ \ \ \ ServerLimit 200' /usr/local/apache2/conf/extra/httpd-mpm.conf; \
-    \
-    rm -rf /usr/local/apache2/conf/original /var/www; \
-    mkdir -p /var/www; \
-    chown -R www-data:www-data /var/www; \
-    \
-    mkdir /var/log/supervisord; \
+        netcat-openbsd
+
+COPY --from=caddy /usr/bin/caddy /usr/bin/
+RUN chmod +x /usr/bin/caddy
+
+RUN sed -i \
+                -e '/^Listen /d' \
+                -e 's/^#\(LoadModule .*mod_rewrite.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_headers.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_proxy.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_proxy_fcgi.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_setenvif.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_env.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_mime.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_dir.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_authz_core.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_alias.so\)/\1/' \
+                -e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \
+                -e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \
+                -e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \
+                conf/httpd.conf; \
+		echo "Include conf/nextcloud.conf" | tee -a conf/httpd.conf; \
+                echo "ServerName localhost" | tee -a conf/httpd.conf
+		
+COPY nextcloud.conf conf
+
+RUN set -ex; \
+    rm -rf conf/original conf/original && \
+    rm -rf /var/www/html/* && \
+    mkdir /var/www && \
+    chown -R www-data:www-data /var/www;
+
+RUN mkdir /var/log/supervisord; \
    mkdir /var/run/supervisord; \
    chown www-data:www-data /var/run/supervisord; \
-    chown www-data:www-data /var/log/supervisord; \
-    chmod 777 /var/run/supervisord; \
-    chmod 777 /var/log/supervisord; \
-    \
+    chown www-data:www-data /var/log/supervisord;
+
+COPY Caddyfile /
+
+COPY start.sh /usr/bin/
+COPY healthcheck.sh /usr/bin/
+COPY supervisord.conf /
+RUN chmod +x /usr/bin/start.sh; \
+    chmod +x /usr/bin/healthcheck.sh; \
+    chmod +r /supervisord.conf; \
+    chown www-data:www-data /Caddyfile; \
    chown -R www-data:www-data /usr/local/apache2; \
-    chmod +r -R /usr/local/apache2; \
-    mkdir -p /usr/local/apache2/logs; \
-    chmod 777 -R /home/www-data; \
-    chmod 777 -R /usr/local/apache2/logs; \
-    rm -rf /usr/local/apache2/cgi-bin/; \
-    \
-    echo "root:$(openssl rand -base64 12)" | chpasswd
+    chmod +r -R /usr/local/apache2
+
+# Give root a random password
+RUN echo "root:$(openssl rand -base64 12)" | chpasswd

 USER www-data

-ENTRYPOINT ["/start.sh"]
+ENTRYPOINT ["start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

-HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+HEALTHCHECK CMD healthcheck.sh
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/apache/healthcheck.sh
+++ b/Containers/apache/healthcheck.sh
@@ -2,8 +2,8 @@

 nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
 nc -z localhost 8000 || exit 1
-nc -z localhost "$APACHE_PORT" || exit 1
-if ! nc -z "$NC_DOMAIN" 443; then
-    echo "Could not reach $NC_DOMAIN on port 443."
-    exit 1
+if [ "$APACHE_PORT" != '443' ]; then
+    nc -z localhost "$APACHE_PORT" || exit 1
+else
+    nc -z "$NC_DOMAIN" "$APACHE_PORT" || exit 1
 fi
--- a/Containers/apache/nextcloud.conf
+++ b/Containers/apache/nextcloud.conf
@@ -3,26 +3,13 @@ Listen 8000
    ServerName localhost

    # Add error log
-    CustomLog /proc/self/fd/1 proxy
-    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+    CustomLog /proc/self/fd/1 combined
    ErrorLog /proc/self/fd/2
-    ErrorLogFormat "[%t] [%l] [%E] [client: %{X-Forwarded-For}i] [%M] [%{User-Agent}i]"
-    LogLevel warn

    # PHP match
    <FilesMatch "\.php$">
        SetHandler "proxy:fcgi://${NEXTCLOUD_HOST}:9000"
    </FilesMatch>
-
-    <Proxy "fcgi://${NEXTCLOUD_HOST}:9000" flushpackets=on>
-    </Proxy>
-
-    # Enable Brotli compression for js, css and svg files - other plain files are compressed by Nextcloud by default
-    <IfModule mod_brotli.c>
-        AddOutputFilterByType BROTLI_COMPRESS text/javascript application/javascript application/x-javascript text/css image/svg+xml
-        BrotliCompressionQuality 0
-    </IfModule>
-
    # Nextcloud dir
    DocumentRoot /var/www/html/
    <Directory /var/www/html/>
@@ -52,7 +39,4 @@ Listen 8000

    # See https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxytimeout
    ProxyTimeout ${APACHE_MAX_TIME}
-
-    # See https://httpd.apache.org/docs/trunk/mod/core.html#traceenable
-    TraceEnable Off
 </VirtualHost>
--- a/Containers/apache/start.sh
+++ b/Containers/apache/start.sh
@@ -17,12 +17,6 @@ while ! nc -z "$NEXTCLOUD_HOST" 9000; do
    sleep 5
 done

-# Get ipv4-address of Apache
-IPv4_ADDRESS="$(dig nextcloud-aio-apache A +short +search | head -1)"
-# Bring it in CIDR notation
-# shellcheck disable=SC2001
-IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|1/32|')"
-
 if [ -z "$APACHE_PORT" ]; then
    export APACHE_PORT="443"
 fi
@@ -41,37 +35,22 @@ if [ "$APACHE_PORT" != '443' ]; then
 else
    CADDYFILE="$(sed 's|auto_https.*|auto_https disable_redirects|' /Caddyfile)"
 fi
-echo "$CADDYFILE" > /tmp/Caddyfile
+echo "$CADDYFILE" > /Caddyfile

 # Change the trusted_proxies in case of reverse proxies
 if [ "$APACHE_PORT" != '443' ]; then
-    CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges|' /tmp/Caddyfile)"
+    CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies private_ranges|' /Caddyfile)"
 else
-    CADDYFILE="$(sed "s|# trusted_proxies placeholder|trusted_proxies static $IPv4_ADDRESS|" /tmp/Caddyfile)"
+    CADDYFILE="$(sed 's|trusted_proxies private_ranges|# trusted_proxies placeholder|' /Caddyfile)"
 fi
-echo "$CADDYFILE" > /tmp/Caddyfile
-
-# Remove additional domain if not given
-if [ -z "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
-    CADDYFILE="$(sed '/ADDITIONAL_TRUSTED_DOMAIN/d' /tmp/Caddyfile)"
-fi
-echo "$CADDYFILE" > /tmp/Caddyfile
+echo "$CADDYFILE" > /Caddyfile

 # Fix the Caddyfile format
-caddy fmt --overwrite /tmp/Caddyfile
+caddy fmt --overwrite /Caddyfile

 # Add caddy path
 mkdir -p /mnt/data/caddy/

-# Add caddy import path
-mkdir -p /mnt/data/caddy-imports
-
-# Remove falsely added Nextcloud conf
-rm -f /mnt/data/caddy-imports/nextcloud
-
-# Make sure that the caddy-imports dir is not empty
-echo "# empty file so that caddy does not print a warning" > /mnt/data/caddy-imports/empty
-
 # Fix apache startup
 rm -f /usr/local/apache2/logs/httpd.pid

--- a/Containers/apache/supervisord.conf
+++ b/Containers/apache/supervisord.conf
@@ -20,4 +20,4 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=/usr/bin/caddy run --config /tmp/Caddyfile
+command=/usr/bin/caddy run --config /Caddyfile
--- a/Containers/borgbackup/Dockerfile
+++ b/Containers/borgbackup/Dockerfile
@@ -1,9 +1,7 @@
-# syntax=docker/dockerfile:latest
-FROM alpine:3.19.1
+FROM alpine:3.17.2

 RUN set -ex; \
    \
-    apk upgrade --no-cache -a; \
    apk add --no-cache \
        util-linux-misc \
        bash \
@@ -15,11 +13,11 @@ RUN set -ex; \

 VOLUME /root

-COPY --chmod=770 *.sh /
+COPY start.sh /usr/bin/
+COPY backupscript.sh /
+RUN chmod +x /usr/bin/start.sh; \
+    chmod +x /backupscript.sh

-ENTRYPOINT ["/start.sh"]
-# hadolint ignore=DL3002
 USER root
-
-LABEL com.centurylinklabs.watchtower.enable="false"
-ENV BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"
+ENTRYPOINT ["start.sh"]
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/borgbackup/backupscript.sh
+++ b/Containers/borgbackup/backupscript.sh
@@ -24,30 +24,22 @@ for directory in "${VOLUME_DIRS[@]}"; do
        exit 1
    fi
 done
-# Test if default volumes are there
-DEFAULT_VOLUMES=(nextcloud_aio_apache nextcloud_aio_nextcloud nextcloud_aio_database nextcloud_aio_database_dump nextcloud_aio_elasticsearch nextcloud_aio_nextcloud_data nextcloud_aio_mastercontainer)
-for volume in "${DEFAULT_VOLUMES[@]}"; do
-    if ! mountpoint -q "/nextcloud_aio_volumes/$volume"; then
-        echo "$volume is missing which is not intended."
-        exit 1
-    fi
-done

 # Check if target is mountpoint
 if ! mountpoint -q /mnt/borgbackup; then
-    echo "/mnt/borgbackup is not a mountpoint which is not allowed."
+    echo "/mnt/borgbackup is not a mountpoint which is not allowed"
    exit 1
 fi

 # Check if target is empty
 if [ "$BORG_MODE" != backup ] && [ "$BORG_MODE" != test ] && ! [ -f "$BORG_BACKUP_DIRECTORY/config" ]; then
-    echo "The repository is empty. Cannot perform check or restore."
+    echo "The repository is empty. cannot perform check or restore."
    exit 1
 fi

 # Do not continue if this file exists (needed for simple external blocking)
 if [ -f "$BORG_BACKUP_DIRECTORY/aio-lockfile" ]; then
-    echo "Not continuing because aio-lockfile exists – it seems like a script is externally running which is locking the backup archive."
+    echo "Not continuing because aio-lockfile exists - it seems like a script is externally running which is locking the backup archive."
    echo "If this should not be the case, you can fix this by deleting the 'aio-lockfile' file from the backup archive directory."
    exit 1
 fi
@@ -65,38 +57,25 @@ if [ "$BORG_MODE" = backup ]; then
        echo "configuration.json not present. Cannot perform the backup!"
        exit 1
    elif ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/config/config.php" ]; then
-        echo "config.php is missing. Cannot perform backup!"
+        echo "config.php is missing cannot perform backup"
        exit 1
    elif ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_database_dump/database-dump.sql" ]; then
-        echo "database-dump is missing. Cannot perform backup!"
-        echo "Please check the database container logs!"
-        exit 1
-    elif ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/.ocdata" ]; then
-        echo "The .ocdata file is missing in Nextcloud datadir which means it is invalid!"
-        echo "Is the drive where the datadir is located on still mounted?"
+        echo "database-dump is missing. cannot perform backup"
        exit 1
    fi

-    # Test that default volumes are not empty
-    for volume in "${DEFAULT_VOLUMES[@]}"; do
-        if [ -z "$(ls -A "/nextcloud_aio_volumes/$volume")" ] && [ "$volume" != "nextcloud_aio_elasticsearch" ]; then
-            echo "/nextcloud_aio_volumes/$volume is empty which should not happen!"
+    # Test that nothing is empty
+    for directory in "${VOLUME_DIRS[@]}"; do
+        if [ -z "$(ls -A "$directory")" ] && [ "$directory" != "/nextcloud_aio_volumes/nextcloud_aio_elasticsearch" ]; then
+            echo "$directory is empty which is not allowed."
            exit 1
        fi
    done

    if [ -f "/nextcloud_aio_volumes/nextcloud_aio_database_dump/export.failed" ]; then
+        echo "Database export failed the last time. Most likely was the export time not high enough."
        echo "Cannot create a backup now."
-        echo "Reason is that the database export failed the last time."
-        echo "Most likely was the database container not correctly shut down via the AIO interface."
-        echo ""
-        echo "You might want to try the database export again manually by running the three commands:"
-        echo "sudo docker start nextcloud-aio-database"
-        echo "sleep 10"
-        echo "sudo docker stop nextcloud-aio-database -t 1800"
-        echo ""
-        echo "Afterwards try to create a backup again and it should hopefully work."
-        echo "If it should still fail, feel free to report this to https://github.com/nextcloud/all-in-one/issues and post the database container logs and the borgbackup container logs into the thread. Thanks!"
+        echo "Please report this to https://github.com/nextcloud/all-in-one/issues. Thanks!"
        exit 1
    fi

@@ -107,14 +86,13 @@ if [ "$BORG_MODE" = backup ]; then
    if ! [ -f "$BORG_BACKUP_DIRECTORY/config" ]; then
        # Don't initialize if already initialized
        if [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
-            echo "No borg config file was found in the targeted directory."
-            echo "This might happen if the targeted directory is located on an external drive and the drive not connected anymore. You should check this."
-            echo "If you instead want to initialize a new backup repository, you may delete the 'borg.config' file that is stored in the mastercontainer volume manually, which will allow you to initialize a new borg repository in the chosen directory:"
+            echo "Cannot initialize a new repository as that was already done at least one time."
+            echo "If you still want to do so, you may delete the 'borg.config' file that is stored in the mastercontainer volume manually, which will allow you to initialize a new borg repository in the chosen directory:"
            echo "sudo docker exec nextcloud-aio-mastercontainer rm /mnt/docker-aio-config/data/borg.config"
            exit 1
        fi

-        echo "Initializing repository..."
+        echo "initializing repository..."
        NEW_REPOSITORY=1
        if ! borg init --debug --encryption=repokey-blake2 "$BORG_BACKUP_DIRECTORY"; then
            echo "Could not initialize borg repository."
@@ -149,21 +127,11 @@ if [ "$BORG_MODE" = backup ]; then
    # Borg options
    # auto,zstd compression seems to has the best ratio based on:
    # https://forum.level1techs.com/t/optimal-compression-for-borg-backups/145870/6
-    BORG_OPTS=(-v --stats --compression "auto,zstd" --exclude-caches)
-    if [ "$NEW_REPOSITORY" = 1 ]; then
-        BORG_OPTS+=(--progress)
-    fi
+    BORG_OPTS=(-v --stats --compression "auto,zstd" --exclude-caches --checkpoint-interval 86400)

    # Exclude the nextcloud log and audit log for GDPR reasons
    BORG_EXCLUDE=(--exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/nextcloud.log*" --exclude "/nextcloud_aio_volumes/nextcloud_aio_nextcloud/data/audit.log")

-    # Make sure that there is always a borg.config file before creating a new backup
-    if ! [ -f "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config" ]; then
-        echo "Did not find borg.config file in the mastercontainer volume."
-        echo "Cannot create a backup as this is wrong."
-        exit 1
-    fi
-
    # Create the backup
    echo "Starting the backup..."
    get_start_time
@@ -171,7 +139,6 @@ if [ "$BORG_MODE" = backup ]; then
        echo "Deleting the failed backup archive..."
        borg delete --stats "$BORG_BACKUP_DIRECTORY::$CURRENT_DATE-nextcloud-aio"
        echo "Backup failed!"
-        echo "You might want to check the backup integrity via the AIO interface."
        if [ "$NEW_REPOSITORY" = 1 ]; then
            echo "Deleting borg.config file so that you can choose a different location for the backup."
            rm "/nextcloud_aio_volumes/nextcloud_aio_mastercontainer/data/borg.config"
@@ -183,12 +150,11 @@ if [ "$BORG_MODE" = backup ]; then
    rm -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/skip.update"

    # Prune options
-    read -ra BORG_PRUNE_OPTS <<< "$BORG_RETENTION_POLICY"
-    echo "BORG_PRUNE_OPTS are ${BORG_PRUNE_OPTS[*]}"
+    BORG_PRUNE_OPTS=(--stats --keep-within=7d --keep-weekly=4 --keep-monthly=6 "$BORG_BACKUP_DIRECTORY")

    # Prune archives
    echo "Pruning the archives..."
-    if ! borg prune --stats --glob-archives '*_*-nextcloud-aio' "${BORG_PRUNE_OPTS[@]}" "$BORG_BACKUP_DIRECTORY"; then
+    if ! borg prune --glob-archives '*_*-nextcloud-aio' "${BORG_PRUNE_OPTS[@]}"; then
        echo "Failed to prune archives!"
        exit 1
    fi
@@ -219,13 +185,13 @@ if [ "$BORG_MODE" = backup ]; then
                exit 1
            fi
            echo "Pruning additional volumes..."
-            if ! borg prune --stats --glob-archives '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}" "$BORG_BACKUP_DIRECTORY"; then
+            if ! borg prune --glob-archives '*_*-additional-docker-volumes' "${BORG_PRUNE_OPTS[@]}"; then
                echo "Failed to prune additional docker-volumes archives!"
                exit 1
            fi
            echo "Compacting additional volumes..."
            if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
-                echo "Failed to compact additional docker-volume archives!"
+                echo "Failed to compact archives!"
                exit 1
            fi
        fi
@@ -249,13 +215,13 @@ if [ "$BORG_MODE" = backup ]; then
                exit 1
            fi
            echo "Pruning additional host mounts..."
-            if ! borg prune --stats --glob-archives '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}" "$BORG_BACKUP_DIRECTORY"; then
+            if ! borg prune --glob-archives '*_*-additional-host-mounts' "${BORG_PRUNE_OPTS[@]}"; then
                echo "Failed to prune additional host-mount archives!"
                exit 1
            fi
            echo "Compacting additional host mounts..."
            if ! borg compact "$BORG_BACKUP_DIRECTORY"; then
-                echo "Failed to compact additional host-mount archives!"
+                echo "Failed to compact archives!"
                exit 1
            fi
        fi
@@ -263,7 +229,7 @@ if [ "$BORG_MODE" = backup ]; then

    # Inform user
    get_expiration_time
-    echo "Backup finished successfully on $END_DATE_READABLE ($DURATION_READABLE)."
+    echo "Backup finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"
    if [ -f "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/update.failed" ]; then
        echo "However a Nextcloud update failed. So reporting that the backup failed which will skip any update attempt the next time."
        echo "Please restore a backup from before the failed Nextcloud update attempt."
@@ -310,7 +276,7 @@ if [ "$BORG_MODE" = restore ]; then
    --exclude "nextcloud_aio_mastercontainer/data/daily_backup_running" \
    --exclude "nextcloud_aio_mastercontainer/data/session_date_file" \
    --exclude "nextcloud_aio_mastercontainer/session/**" \
-    /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes/; then
+    /tmp/borg/nextcloud_aio_volumes/ /nextcloud_aio_volumes; then
        RESTORE_FAILED=1
        echo "Something failed while restoring from backup."
    fi
@@ -374,7 +340,7 @@ if [ "$BORG_MODE" = restore ]; then

    # Inform user
    get_expiration_time
-    echo "Restore finished successfully on $END_DATE_READABLE ($DURATION_READABLE)."
+    echo "Restore finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"

    # Add file to Nextcloud container so that it skips any update the next time
    touch "/nextcloud_aio_volumes/nextcloud_aio_nextcloud_data/skip.update"
@@ -396,13 +362,12 @@ if [ "$BORG_MODE" = check ]; then
    # Perform the check
    if ! borg check -v --verify-data "$BORG_BACKUP_DIRECTORY"; then
        echo "Some errors were found while checking the backup integrity!"
-        echo "Check the AIO interface for advices on how to proceed now!"
        exit 1
    fi

    # Inform user
    get_expiration_time
-    echo "Check finished successfully on $END_DATE_READABLE ($DURATION_READABLE)."
+    echo "Check finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"
    exit 0
 fi

@@ -419,7 +384,7 @@ if [ "$BORG_MODE" = "check-repair" ]; then

    # Inform user
    get_expiration_time
-    echo "Check finished successfully on $END_DATE_READABLE ($DURATION_READABLE)."
+    echo "Check finished successfully on $END_DATE_READABLE ($DURATION_READABLE)"
    exit 0
 fi

--- a/Containers/clamav/Dockerfile
+++ b/Containers/clamav/Dockerfile
@@ -1,20 +1,7 @@
-# syntax=docker/dockerfile:latest
-# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.3.1-49
+# Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/0.105/alpine/Dockerfile
+FROM clamav/clamav:1.0.1-1

-COPY clamav.conf /tmp/clamav.conf
-
-RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache tzdata; \
-    cat /tmp/clamav.conf >> /etc/clamav/clamd.conf; \
-    rm /tmp/clamav.conf; \
-    mkdir -p /var/run/clamav /run/lock; \
-    chown -R clamav:clamav /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock; \
-    chmod 777 -R /var/run/clamav /run/clamav /var/log/clamav /var/lock /run/lock /tmp
-
-VOLUME /var/lib/clamav
-
-USER clamav
-
-LABEL com.centurylinklabs.watchtower.enable="false"
+RUN apk add --no-cache tzdata
+COPY clamav.conf /tmp/
+RUN cat /tmp/clamav.conf >> /etc/clamav/clamd.conf
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/collabora/Dockerfile
+++ b/Containers/collabora/Dockerfile
@@ -1,22 +1,19 @@
-# syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/tree/master/docker
-FROM collabora/code:24.04.1.4.1
+FROM collabora/code:22.05.12.2.1

 USER root
-ARG DEBIAN_FRONTEND noninteractive

-# hadolint ignore=DL3008
 RUN set -ex; \
    \
    apt-get update; \
-    apt-get upgrade -y; \
+    export DEBIAN_FRONTEND=noninteractive; \
    apt-get install -y --no-install-recommends \
        tzdata \
-        netcat-openbsd \
+        netcat \
    ; \
-    rm -rf /var/lib/apt/lists/*;
+    rm -rf /var/lib/apt/lists/*

-USER 100
+USER 104

 HEALTHCHECK CMD nc -z localhost 9980 || exit 1
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/docker-socket-proxy/Dockerfile
+++ b/Containers/docker-socket-proxy/Dockerfile
@@ -1,21 +0,0 @@
-# syntax=docker/dockerfile:latest
-FROM haproxy:2.9.7-alpine3.19
-
-# hadolint ignore=DL3002
-USER root
-ENV NEXTCLOUD_HOST nextcloud-aio-nextcloud
-RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache \
-        ca-certificates \
-        tzdata \
-        bash \
-        bind-tools; \
-    chmod -R 777 /tmp
-
-COPY --chmod=775 *.sh /
-COPY --chmod=664 haproxy.cfg /haproxy.cfg
-
-ENTRYPOINT ["/start.sh"]
-HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
--- a/Containers/docker-socket-proxy/haproxy.cfg
+++ b/Containers/docker-socket-proxy/haproxy.cfg
@@ -1,61 +0,0 @@
-# Inspiration: https://github.com/Tecnativa/docker-socket-proxy/blob/master/haproxy.cfg
-
-global
-    maxconn 10
-
-defaults
-    timeout connect 10s
-    timeout client 10s
-    timeout server 10s
-
-frontend http
-    mode http
-    bind :::2375 v4v6
-    http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER }
-    # docker system _ping
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping } METH_GET
-    # container inspect: GET containers/%s/json
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/json } METH_GET
-    # container inspect: GET containers/%s/logs
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/logs } METH_GET
-    # container start/stop: POST containers/%s/start containers/%s/stop
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/((start)|(stop)) } METH_POST
-    # container rm: DELETE containers/%s
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+ } METH_DELETE
-
-
-    # container create: POST containers/create?name=%s
-    # ACL to restrict container name to nc_app_[a-zA-Z0-9_.-]+
-    acl nc_app_container_name url_param(name) -m reg -i "^nc_app_[a-zA-Z0-9_.-]+"
-
-    # ACL to restrict the number of Mounts to 1
-    acl one_mount_volume req.body -m reg -i "\"Mounts\"\s*:\s*\[\s*(?:(?!\"Mounts\"\s*:\s*\[)[^}]*)}[^}]*\]"
-    # ACL to deny if there are any binds
-    acl binds_present req.body -m reg -i "\"HostConfig\"\s*:.*\"Binds\"\s*:"
-    # ACL to restrict the type of Mounts to volume
-    acl type_not_volume req.body -m reg -i "\"Mounts\":\s*\[[^\]]*(\"Type\":\s*\"(?!volume\b)\w+\"[^\]]*)+\]"
-    http-request deny if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name !one_mount_volume binds_present type_not_volume METH_POST
-
-    # ACL to restrict container creation, that it has HostConfig.Privileged not set
-    acl no_privileged_flag req.body -m reg -i "\"HostConfig\":\s?{[^}]*\"Privileged\""
-    # ACL to allow mount volume with strict pattern for name: nc_app_[a-zA-Z0-9_.-]+_data
-    acl nc_app_volume_data_only req.body -m reg -i "\"Mounts\":\s?\[\s?{[^}]*\"Source\":\s?\"nc_app_[a-zA-Z0-9_.-]+_data\""
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/create } nc_app_container_name !no_privileged_flag nc_app_volume_data_only METH_POST
-    # end of container create
-
-    # volume create: POST volumes/create
-    # restrict name
-    acl nc_app_volume_data req.body -m reg -i "\"Name\":\s?\"nc_app_[a-zA-Z0-9_.-]+_data\""
-    # do not allow to use "device" word e.g., "--opt device=:/path/to/dir"
-    acl volume_no_device req.body -m reg -i "\"device\""
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes/create } nc_app_volume_data !volume_no_device METH_POST
-    # volume rm: DELETE volumes/%s
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/volumes/nc_app_[a-zA-Z0-9_.-]+_data } METH_DELETE
-    # image pull: POST images/create?fromImage=%s
-    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images/create } METH_POST
-    http-request deny
-    default_backend dockerbackend
-
-backend dockerbackend
-    mode http
-    server dockersocket /var/run/docker.sock
--- a/Containers/docker-socket-proxy/healthcheck.sh
+++ b/Containers/docker-socket-proxy/healthcheck.sh
@@ -1,4 +0,0 @@
-#!/bin/bash
-
-nc -z "$NEXTCLOUD_HOST" 9001 || exit 0
-nc -z localhost 2375 || exit 1
--- a/Containers/docker-socket-proxy/start.sh
+++ b/Containers/docker-socket-proxy/start.sh
@@ -1,23 +0,0 @@
-#!/bin/sh
-
-# Only start container if nextcloud is accessible
-while ! nc -z "$NEXTCLOUD_HOST" 9001; do
-    echo "Waiting for Nextcloud to start..."
-    sleep 5
-done
-
-set -x
-IPv4_ADDRESS_NC="$(dig nextcloud-aio-nextcloud IN A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
-HAPROXYFILE="$(sed "s|NC_IPV4_PLACEHOLDER|$IPv4_ADDRESS_NC|" /haproxy.cfg)" 
-echo "$HAPROXYFILE" > /tmp/haproxy.cfg
-
-IPv6_ADDRESS_NC="$(dig nextcloud-aio-nextcloud AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-if [ -n "$IPv6_ADDRESS_NC" ]; then
-    HAPROXYFILE="$(sed "s|NC_IPV6_PLACEHOLDER|$IPv6_ADDRESS_NC|" /tmp/haproxy.cfg)"
-else
-    HAPROXYFILE="$(sed "s# || { src NC_IPV6_PLACEHOLDER }##g" /tmp/haproxy.cfg)"
-fi
-echo "$HAPROXYFILE" > /tmp/haproxy.cfg
-set +x
-
-haproxy -f /tmp/haproxy.cfg -db
--- a/Containers/domaincheck/Dockerfile
+++ b/Containers/domaincheck/Dockerfile
@@ -1,20 +1,19 @@
-# syntax=docker/dockerfile:latest
-FROM alpine:3.19.1
-RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache bash lighttpd netcat-openbsd; \
-    adduser -S www-data -G www-data; \
-    rm -rf /etc/lighttpd/lighttpd.conf; \
-    chmod 777 -R /etc/lighttpd; \
-    mkdir -p /var/www/domaincheck; \
-    chown www-data:www-data -R /var/www; \
-    chmod 777 -R /var/www/domaincheck
-COPY --chown=www-data:www-data lighttpd.conf /lighttpd.conf
+FROM alpine:3.17.2
+RUN apk add --no-cache lighttpd bash netcat-openbsd

-COPY --chmod=775 start.sh /start.sh
+RUN adduser -S www-data -G www-data
+RUN rm -rf /etc/lighttpd/lighttpd.conf
+COPY lighttpd.conf /etc/lighttpd/lighttpd.conf
+RUN chmod +r -R /etc/lighttpd && \
+    chown www-data:www-data -R /var/www && \
+    chown www-data:www-data /etc/lighttpd/lighttpd.conf
+
+COPY start.sh /
+RUN chmod +x /start.sh

 USER www-data
+RUN mkdir -p /var/www/domaincheck/
 ENTRYPOINT ["/start.sh"]

 HEALTHCHECK CMD nc -z localhost $APACHE_PORT || exit 1
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/domaincheck/start.sh
+++ b/Containers/domaincheck/start.sh
@@ -11,7 +11,7 @@ if [ -z "$APACHE_PORT" ]; then
    export APACHE_PORT="443"
 fi

-CONF_FILE="$(sed "s|ipv6-placeholder|\[::\]:$APACHE_PORT|" /lighttpd.conf)"
+CONF_FILE="$(sed "s|ipv6-placeholder|\[::\]:$APACHE_PORT|" /etc/lighttpd/lighttpd.conf)"
 echo "$CONF_FILE" > /etc/lighttpd/lighttpd.conf

 # Check config file
--- a/Containers/fulltextsearch/Dockerfile
+++ b/Containers/fulltextsearch/Dockerfile
@@ -1,23 +1,15 @@
-# syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.13.0
+FROM elasticsearch:7.17.9

-USER root
+RUN elasticsearch-plugin install --batch ingest-attachment

-ARG DEBIAN_FRONTEND noninteractive
-
-# hadolint ignore=DL3008
 RUN set -ex; \
    \
    apt-get update; \
-    apt-get upgrade -y; \
    apt-get install -y --no-install-recommends \
        tzdata \
    ; \
-    rm -rf /var/lib/apt/lists/*; \
-    elasticsearch-plugin install --batch ingest-attachment
-
-USER 1000:0
+    rm -rf /var/lib/apt/lists/*

 HEALTHCHECK CMD nc -z localhost 9200 || exit 1
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@@ -1,42 +1,29 @@
-# syntax=docker/dockerfile:latest
-FROM golang:1.22.2-alpine3.18 as go
-
-ENV IMAGINARY_HASH 6cd9edd1d3fb151eb773c14552886e4fc8e50138
+# From https://github.com/h2non/imaginary/blob/master/Dockerfile
+FROM nextcloud/imaginary:20230301

+USER root
 RUN set -ex; \
-    apk add --no-cache \
-        vips-dev \
-        vips-magick \
-        vips-heif \
-        vips-jxl \
-        vips-poppler \
-        build-base; \
-    go install github.com/h2non/imaginary@"$IMAGINARY_HASH";
-
-FROM alpine:3.18.6
-RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache \
-        tzdata \
-        ca-certificates \
-        netcat-openbsd \
-        vips \
-        vips-magick \
-        vips-heif \
-        vips-jxl \
-        vips-poppler \
-        bash
-
-COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary
-COPY --chmod=775 start.sh /start.sh
-
-ENV PORT 9000
-
+    \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+        netcat \
+    ; \
+    echo "deb http://deb.debian.org/debian bookworm main" > /etc/apt/sources.list.d/bookworm.list; \
+    apt-get update; \
+    apt-get install -t bookworm -y --no-install-recommends \
+        libheif1 \
+        libde265-0 \
+        libx265-199 \
+        libvips \
+    ; \
+    rm /etc/apt/sources.list.d/bookworm.list; \
+    rm -rf /var/lib/apt/lists/*
 USER nobody

+ENTRYPOINT ["/usr/local/bin/imaginary", "-return-size", "-max-allowed-resolution", "222.2"]
+
+HEALTHCHECK CMD nc -z localhost 9000 || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
+
 # https://github.com/h2non/imaginary#memory-issues
 ENV MALLOC_ARENA_MAX=2
-ENTRYPOINT ["/start.sh"]
-
-HEALTHCHECK CMD nc -z localhost "$PORT" || exit 1
-LABEL com.centurylinklabs.watchtower.enable="false"
--- a/Containers/imaginary/start.sh
+++ b/Containers/imaginary/start.sh
@@ -1,8 +0,0 @@
-#!/bin/bash
-
-echo "Imaginary has started"
-if [ -z "$IMAGINARY_SECRET" ]; then
-    imaginary -return-size -max-allowed-resolution 222.2 "$@"
-else
-    imaginary -return-size -max-allowed-resolution 222.2 -key "$IMAGINARY_SECRET" "$@"
-fi
--- a/Containers/mastercontainer/Caddyfile
+++ b/Containers/mastercontainer/Caddyfile
@@ -10,21 +10,18 @@
    log {
        level ERROR
    }
-
-    servers {
-        protocols h1 h2 h2c
-    }
-
-    on_demand_tls {
-        ask http://localhost:9876/
-    }
 }

 http://:80 {
-    redir https://{host}{uri} permanent
+  redir https://{host}{uri}
 }

-https://:8443 {
+# Match only host names and not ip-addresses:
+https://*.*:8443,
+https://*.*.*:8443,
+https://*.*.*.*:8443,
+https://*.*.*.*.*:8443,
+https://*.*.*.*.*.*:8443 {

    reverse_proxy localhost:8000

--- a/Containers/mastercontainer/Dockerfile
+++ b/Containers/mastercontainer/Dockerfile
@@ -1,31 +1,28 @@
-# syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:26.1.0-cli as docker
+FROM docker:23.0.1-dind as dind

 # Caddy is a requirement
-FROM caddy:2.7.6-alpine as caddy
+FROM caddy:2.6.4-alpine as caddy

-# From https://github.com/docker-library/php/blob/master/8.3/alpine3.19/fpm/Dockerfile
-FROM php:8.3.6-fpm-alpine3.19
+# From https://github.com/docker-library/php/blob/master/8.1/alpine3.17/fpm/Dockerfile
+FROM php:8.1.17-fpm-alpine3.17
+
+RUN set -ex; \
+    apk add --no-cache shadow; \
+    groupmod -g 333 xfs; \
+    usermod -u 333 -g 333 xfs; \
+    groupmod -g 33 www-data; \
+    usermod -u 33 -g 33 www-data

 EXPOSE 80
 EXPOSE 8080
 EXPOSE 8443

-COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
-COPY --from=docker /usr/local/bin/docker /usr/local/bin/docker
+RUN mkdir -p /var/www/docker-aio;

 WORKDIR /var/www/docker-aio

-# hadolint ignore=SC2086,DL3047,DL3003,DL3004
 RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache shadow; \
-    groupmod -g 333 xfs; \
-    usermod -u 333 -g 333 xfs; \
-    groupmod -g 33 www-data; \
-    usermod -u 33 -g 33 www-data; \
-    \
    apk add --no-cache \
        util-linux-misc \
        ca-certificates \
@@ -39,54 +36,60 @@ RUN set -ex; \
        sudo \
        netcat-openbsd \
        curl \
-        grep; \
-    \
+        grep
+
+RUN set -ex; \
    apk add --no-cache --virtual .build-deps \
        autoconf \
        build-base; \
-    pecl install APCu-5.1.23; \
+    pecl install APCu-5.1.22; \
    docker-php-ext-enable apcu; \
    rm -r /tmp/pear; \
+    \
    runDeps="$( \
        scanelf --needed --nobanner --format '%n#p' --recursive /usr/local/lib/php/extensions \
            | tr ',' '\n' \
            | sort -u \
            | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
    )"; \
-    apk add --no-cache --virtual .nextcloud-aio-rundeps $runDeps; \
+    apk add --virtual .nextcloud-aio-rundeps $runDeps; \
    apk del .build-deps; \
    grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
    sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
    sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
-    grep -q ';listen.allowed_clients' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's|;listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1|' /usr/local/etc/php-fpm.d/www.conf; \
-    \
+    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf
+
+COPY --from=caddy /usr/bin/caddy /usr/bin/
+RUN chmod +x /usr/bin/caddy
+
+COPY --from=dind /usr/local/bin/docker /usr/local/bin/
+RUN chmod +x /usr/local/bin/docker
+
+RUN set -e && \
    apk add --no-cache git; \
    wget https://getcomposer.org/installer -O - | php -- --install-dir=/usr/local/bin --filename=composer; \
    chmod +x /usr/local/bin/composer; \
    cd /var/www/docker-aio; \
    git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
-    find ./ -maxdepth 1 -mindepth 1 -not -path ./php -not -path ./community-containers -exec rm -r {} \; ; \
-    chown www-data:www-data -R /var/www/docker-aio; \
    cd php; \
-    sudo -u www-data composer install --no-dev; \
-    sudo -u www-data composer clear-cache; \
+    composer install --no-dev; \
+    composer clearcache; \
    cd ..; \
    rm -f /usr/local/bin/composer; \
-    chmod -R 770 /var/www/docker-aio; \
-    chown -R www-data:www-data /var/www; \
-    rm -r php/data; \
-    rm -r php/session; \
-    \
-    mkdir -p /etc/apache2/certs; \
-    cd /etc/apache2/certs; \
-    openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout /etc/apache2/certs/ssl.key -out /etc/apache2/certs/ssl.crt; \
-    \
-    sed -i \
+    chmod 770 -R ./; \
+    chown www-data:www-data -R /var/www; \
+    rm -r ./php/data; \
+    rm -r ./php/session; \
+    apk del --no-cache git
+
+RUN mkdir -p /etc/apache2/certs && \
+    cd /etc/apache2/certs && \
+    openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout ./ssl.key -out ./ssl.crt;
+
+COPY mastercontainer.conf /etc/apache2/sites-available/
+
+RUN sed -i \
            -e '/^Listen /d' \
-            -e 's/^LogLevel .*/LogLevel error/' \
-            -e 's|^ErrorLog .*|ErrorLog /proc/self/fd/2|' \
            -e 's/User apache/User www-data/g' \
            -e 's/Group apache/Group www-data/g' \
            -e 's/^#\(LoadModule .*mod_rewrite.so\)/\1/' \
@@ -98,34 +101,41 @@ RUN set -ex; \
            -e 's/^#\(LoadModule .*mod_mpm_event.so\)/\1/' \
            -e 's/\(LoadModule .*mod_mpm_worker.so\)/#\1/' \
            -e 's/\(LoadModule .*mod_mpm_prefork.so\)/#\1/' \
-            -e 's/\(ScriptAlias \)/#\1/' \
        /etc/apache2/httpd.conf; \
        mkdir -p /etc/apache2/logs; \
        rm /etc/apache2/conf.d/ssl.conf; \
        echo "ServerName localhost" | tee -a /etc/apache2/httpd.conf; \
-        grep -q '^LoadModule lbmethod_heartbeat_module' /etc/apache2/conf.d/proxy.conf; \
-        sed -i 's|^LoadModule lbmethod_heartbeat_module.*|#LoadModule lbmethod_heartbeat_module|' /etc/apache2/conf.d/proxy.conf; \
-        echo "SSLSessionCache nonenotnull" | tee -a /etc/apache2/httpd.conf; \
        echo "LoadModule ssl_module modules/mod_ssl.so" | tee -a /etc/apache2/httpd.conf; \
        echo "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so" | tee -a /etc/apache2/httpd.conf; \
-        echo "Include /etc/apache2/sites-available/mastercontainer.conf" | tee -a /etc/apache2/httpd.conf; \
-    \
+        echo "Include /etc/apache2/sites-available/mastercontainer.conf" | tee -a /etc/apache2/httpd.conf
+
+RUN set -ex; \
    rm -f /etc/apache2/conf.d/default.conf \
          /etc/apache2/conf.d/userdir.conf \
-          /etc/apache2/conf.d/info.conf; \
-    \
-    rm -rf /var/www/localhost/cgi-bin/; \
-    mkdir /var/log/supervisord; \
+          /etc/apache2/conf.d/info.conf
+
+RUN mkdir /var/log/supervisord; \
    mkdir /var/run/supervisord;

-COPY --chmod=775 *.sh /
-COPY --chmod=664 Caddyfile /Caddyfile
-COPY --chmod=664 supervisord.conf /supervisord.conf
-COPY mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf
+COPY Caddyfile /
+COPY start.sh /usr/bin/
+COPY backup-time-file-watcher.sh /
+COPY session-deduplicator.sh /
+COPY cron.sh /
+COPY daily-backup.sh /
+COPY supervisord.conf /
+COPY healthcheck.sh /
+RUN chmod +x /usr/bin/start.sh; \
+    chmod +x /cron.sh; \
+    chmod +x /session-deduplicator.sh; \
+    chmod +x /backup-time-file-watcher.sh; \
+    chmod +x /daily-backup.sh; \
+    chmod a+r /Caddyfile; \
+    chmod +x /healthcheck.sh

-# hadolint ignore=DL3002
 USER root

-ENTRYPOINT ["/start.sh"]
+ENTRYPOINT ["start.sh"]
+CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

 HEALTHCHECK CMD /healthcheck.sh
--- a/Containers/mastercontainer/cron.sh
+++ b/Containers/mastercontainer/cron.sh
@@ -12,11 +12,6 @@ while true; do
            export AUTOMATIC_UPDATES=0
            export START_CONTAINERS=1
        fi
-        if [ "$(sed -n '3p' "/mnt/docker-aio-config/data/daily_backup_time")" != 'successNotificationsAreNotEnabled' ]; then
-            export SEND_SUCCESS_NOTIFICATIONS=1
-        else
-            export SEND_SUCCESS_NOTIFICATIONS=0
-        fi
        set +x
        if [ -f "/mnt/docker-aio-config/data/daily_backup_running" ]; then
            export LOCK_FILE_PRESENT=1
@@ -62,14 +57,6 @@ while true; do
    # Remove dangling images
    sudo -u www-data docker image prune --force

-    # Check for available free space
-    sudo -u www-data php /var/www/docker-aio/php/src/Cron/CheckFreeDiskSpace.php
-
-    # Remove mastercontainer from default bridge network
-    if sudo -u www-data docker inspect nextcloud-aio-mastercontainer  --format "{{.NetworkSettings.Networks}}" | grep -q "bridge"; then
-        sudo -u www-data docker network disconnect bridge nextcloud-aio-mastercontainer
-    fi
-
    # Wait 60s so that the whole loop will not be executed again
    sleep 60
 done
--- a/Containers/mastercontainer/daily-backup.sh
+++ b/Containers/mastercontainer/daily-backup.sh
@@ -16,7 +16,7 @@ fi
 sudo -u www-data touch "/mnt/docker-aio-config/data/daily_backup_running"

 # Check if apache is running/stopped, watchtower is stopped and backupcontainer is stopped
-APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.HostConfig.PortBindings}}" | grep -o '[0-9]\+' | head -1)"
+APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.HostConfig.PortBindings}}" | grep -oP '[0-9]+' | head -1)"
 while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do
    echo "Waiting for apache to become available"
    sleep 30
@@ -105,7 +105,7 @@ if [ "$DAILY_BACKUP" = 1 ] && ([ "$AUTOMATIC_UPDATES" = 1 ] || [ "$START_CONTAIN
        done
    fi
    echo "Sending backup notification..."
-    sudo -E -u www-data php /var/www/docker-aio/php/src/Cron/BackupNotification.php
+    sudo -u www-data php /var/www/docker-aio/php/src/Cron/BackupNotification.php
 fi

 echo "Daily backup script has finished"
--- a/Containers/mastercontainer/healthcheck.sh
+++ b/Containers/mastercontainer/healthcheck.sh
@@ -1,10 +1,5 @@
 #!/bin/bash

 if [ -f "/mnt/docker-aio-config/data/configuration.json" ]; then
-    nc -z localhost 80 || exit 1
-    nc -z localhost 8000 || exit 1
    nc -z localhost 8080 || exit 1
-    nc -z localhost 8443 || exit 1
-    nc -z localhost 9000 || exit 1
-    nc -z localhost 9876 || exit 1
 fi
--- a/Containers/mastercontainer/mastercontainer.conf
+++ b/Containers/mastercontainer/mastercontainer.conf
@@ -11,11 +11,8 @@ Listen 8080
    ServerName localhost

    # Add error log
-    CustomLog /proc/self/fd/1 proxy
-    LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy
+    CustomLog /proc/self/fd/1 combined
    ErrorLog /proc/self/fd/2
-    ErrorLogFormat "[%t] [%l] [%E] [client: %{X-Forwarded-For}i] [%M] [%{User-Agent}i]"
-    LogLevel warn

    # PHP match
    <FilesMatch "\.php$">
@@ -49,14 +46,8 @@ Listen 8080
    SSLCertificateFile /etc/apache2/certs/ssl.crt
    SSLEngine               on
    SSLProtocol             -all +TLSv1.2 +TLSv1.3
-    SSLCipherSuite          ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
-    SSLHonorCipherOrder     off
-    SSLSessionTickets       off
 </VirtualHost>

 # Increase timeout in case e.g. the initial download takes a long time
 Timeout 7200
 ProxyTimeout 7200
-
-# See https://httpd.apache.org/docs/trunk/mod/core.html#traceenable
-TraceEnable Off
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -6,12 +6,6 @@ print_green() {
    printf "%b%s%b\n" "\e[0;92m" "$TEXT" "\e[0m"
 }

-# Function to show text in red
-print_red() {
-    local TEXT="$1"
-    printf "%b%s%b\n" "\e[0;31m" "$TEXT" "\e[0m"
-}
-
 # Function to check if number was provided
 check_if_number() {
 case "${1}" in
@@ -20,34 +14,18 @@ case "${1}" in
 esac
 }

-# Check if running as root user
-if [ "$EUID" != "0" ]; then
-    print_red "Container does not run as root user. This is not supported."
-    exit 1
-fi
-
-# Check that the CMD is not overwritten nor set
-if [ "$*" != "" ]; then
-    print_red "Docker run command for AIO is incorrect as a CMD option was given which is not expected."
-    exit 1
-fi
-
 # Check if socket is available and readable
 if ! [ -a "/var/run/docker.sock" ]; then
-    print_red "Docker socket is not available. Cannot continue."
-    echo "Please make sure to mount the docker socket into /var/run/docker.sock inside the container!"
-    echo "If you did this by purpose because you don't want the container to have access to the docker socket, see https://github.com/nextcloud/all-in-one/tree/main/manual-install."
+    echo "Docker socket is not available. Cannot continue."
    exit 1
 elif ! mountpoint -q "/mnt/docker-aio-config"; then
-    print_red "/mnt/docker-aio-config is not a mountpoint. Cannot proceed!"
-    echo "Please make sure to mount the nextcloud_aio_mastercontainer docker volume into /mnt/docker-aio-config inside the container!"
-    echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
+    echo "/mnt/docker-aio-config is not a mountpoint. Cannot proceed!"
    exit 1
 elif ! sudo -u www-data test -r /var/run/docker.sock; then
    echo "Trying to fix docker.sock permissions internally..."
    DOCKER_GROUP=$(stat -c '%G' /var/run/docker.sock)
    DOCKER_GROUP_ID=$(stat -c '%g' /var/run/docker.sock)
-    # Check if a group with the same group name of /var/run/docker.socket already exists in the container
+    # Check if a group with the same group id of /var/run/docker.socket already exists in the container
    if grep -q "^$DOCKER_GROUP:" /etc/group; then
        # If yes, add www-data to that group
        echo "Adding internal www-data to group $DOCKER_GROUP"
@@ -62,17 +40,14 @@ elif ! sudo -u www-data test -r /var/run/docker.sock; then
        usermod -aG docker www-data
    fi
    if ! sudo -u www-data test -r /var/run/docker.sock; then
-        print_red "Docker socket is not readable by the www-data user. Cannot continue."
+        echo "Docker socket is not readable by the www-data user. Cannot continue."
        exit 1
    fi
 fi

 # Check if api version is supported
 if ! sudo -u www-data docker info &>/dev/null; then
-    print_red "Cannot connect to the docker socket. Cannot proceed."
-    echo "Did you maybe remove group read permissions for the docker socket? AIO needs them in order to access the docker socket."
-    echo "If SELinux is enabled on your host, see https://github.com/nextcloud/all-in-one#are-there-known-problems-when-selinux-is-enabled"
-    echo "If you are on TrueNas SCALE, see https://github.com/nextcloud/all-in-one#can-i-run-aio-on-truenas-scale"
+    echo "Cannot connect to the docker socket. Cannot proceed."
    exit 1
 fi
 API_VERSION_FILE="$(find ./ -name DockerActionManager.php | head -1)"
@@ -82,7 +57,7 @@ API_VERSION_NUMB="$(echo "$API_VERSION" | sed 's/\.//')"
 LOCAL_API_VERSION_NUMB="$(sudo -u www-data docker version | grep -i "api version" | grep -oP '[0-9]+.[0-9]+' | head -1 | sed 's/\.//')"
 if [ -n "$LOCAL_API_VERSION_NUMB" ] && [ -n "$API_VERSION_NUMB" ]; then
    if ! [ "$LOCAL_API_VERSION_NUMB" -ge "$API_VERSION_NUMB" ]; then
-        print_red "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
+        echo "Docker API v$API_VERSION is not supported by your docker engine. Cannot proceed. Please upgrade your docker engine if you want to run Nextcloud AIO!"
        exit 1
    fi
 else
@@ -103,16 +78,16 @@ fi

 # Check if startup command was executed correctly
 if ! sudo -u www-data docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-mastercontainer$"; then
-    print_red "It seems like you did not give the mastercontainer the correct name? (The 'nextcloud-aio-mastercontainer' container was not found.)
+    echo "It seems like you did not give the mastercontainer the correct name? (The 'nextcloud-aio-mastercontainer' container was not found.)
 Using a different name is not supported since mastercontainer updates will not work in that case!
 If you are on docker swarm and try to run AIO, see https://github.com/nextcloud/all-in-one#can-i-run-this-with-docker-swarm"
    exit 1
 elif ! sudo -u www-data docker volume ls --format "{{.Name}}" | grep -q "^nextcloud_aio_mastercontainer$"; then
-    print_red "It seems like you did not give the mastercontainer volume the correct name? (The 'nextcloud_aio_mastercontainer' volume was not found.)
+    echo "It seems like you did not give the mastercontainer volume the correct name? (The 'nextcloud_aio_mastercontainer' volume was not found.)
 Using a different name is not supported since the built-in backup solution will not work in that case!"
    exit 1
 elif ! sudo -u www-data docker inspect nextcloud-aio-mastercontainer | grep -q "nextcloud_aio_mastercontainer"; then
-    print_red "It seems like you did not attach the 'nextcloud_aio_mastercontainer' volume to the mastercontainer?
+    echo "It seems like you did not attach the 'nextcloud_aio_mastercontainer' volume to the mastercontainer?
 This is not supported since the built-in backup solution will not work in that case!"
    exit 1
 fi
@@ -120,34 +95,34 @@ fi
 # Check for other options
 if [ -n "$NEXTCLOUD_DATADIR" ]; then
    if [ "$NEXTCLOUD_DATADIR" = "nextcloud_aio_nextcloud_datadir" ]; then
-        sleep 1
+        echo "NEXTCLOUD_DATADIR is set to $NEXTCLOUD_DATADIR"
    elif ! echo "$NEXTCLOUD_DATADIR" | grep -q "^/" || [ "$NEXTCLOUD_DATADIR" = "/" ]; then
-        print_red "You've set NEXTCLOUD_DATADIR but not to an allowed value.
-The string must start with '/' and must not be equal to '/'. Also allowed is 'nextcloud_aio_nextcloud_datadir'.
+        echo "You've set NEXTCLOUD_DATADIR but not to an allowed value.
+The string must start with '/' and must not be equal to '/'.
 It is set to '$NEXTCLOUD_DATADIR'."
        exit 1
    fi
 fi
 if [ -n "$NEXTCLOUD_MOUNT" ]; then
    if ! echo "$NEXTCLOUD_MOUNT" | grep -q "^/" || [ "$NEXTCLOUD_MOUNT" = "/" ]; then
-        print_red "You've set NEXCLOUD_MOUNT but not to an allowed value.
+        echo "You've set NEXCLOUD_MOUNT but not to an allowed value.
 The string must start with '/' and must not be equal to '/'.
 It is set to '$NEXTCLOUD_MOUNT'."
        exit 1
    elif [ "$NEXTCLOUD_MOUNT" = "/mnt/ncdata" ] || echo "$NEXTCLOUD_MOUNT" | grep -q "^/mnt/ncdata/"; then
-        print_red "'/mnt/ncdata' and '/mnt/ncdata/' are not allowed as values for NEXTCLOUD_MOUNT."
+        echo "'/mnt/ncdata' and '/mnt/ncdata/' are not allowed as values for NEXTCLOUD_MOUNT."
        exit 1
    fi
 fi
 if [ -n "$NEXTCLOUD_DATADIR" ] && [ -n "$NEXTCLOUD_MOUNT" ]; then
    if [ "$NEXTCLOUD_DATADIR" = "$NEXTCLOUD_MOUNT" ]; then
-        print_red "NEXTCLOUD_DATADIR and NEXTCLOUD_MOUNT are not allowed to be equal."
+        echo "NEXTCLOUD_DATADIR and NEXTCLOUD_MOUNT are not allowed to be equal."
        exit 1
    fi
 fi
 if [ -n "$NEXTCLOUD_UPLOAD_LIMIT" ]; then
    if ! echo "$NEXTCLOUD_UPLOAD_LIMIT" | grep -q '^[0-9]\+G$'; then
-        print_red "You've set NEXTCLOUD_UPLOAD_LIMIT but not to an allowed value.
+        echo "You've set NEXTCLOUD_UPLOAD_LIMIT but not to an allowed value.
 The string must start with a number and end with 'G'.
 It is set to '$NEXTCLOUD_UPLOAD_LIMIT'."
        exit 1
@@ -155,7 +130,7 @@ It is set to '$NEXTCLOUD_UPLOAD_LIMIT'."
 fi
 if [ -n "$NEXTCLOUD_MAX_TIME" ]; then
    if ! echo "$NEXTCLOUD_MAX_TIME" | grep -q '^[0-9]\+$'; then
-        print_red "You've set NEXTCLOUD_MAX_TIME but not to an allowed value.
+        echo "You've set NEXTCLOUD_MAX_TIME but not to an allowed value.
 The string must be a number. E.g. '3600'.
 It is set to '$NEXTCLOUD_MAX_TIME'."
        exit 1
@@ -163,7 +138,7 @@ It is set to '$NEXTCLOUD_MAX_TIME'."
 fi
 if [ -n "$NEXTCLOUD_MEMORY_LIMIT" ]; then
    if ! echo "$NEXTCLOUD_MEMORY_LIMIT" | grep -q '^[0-9]\+M$'; then
-        print_red "You've set NEXTCLOUD_MEMORY_LIMIT but not to an allowed value.
+        echo "You've set NEXTCLOUD_MEMORY_LIMIT but not to an allowed value.
 The string must start with a number and end with 'M'.
 It is set to '$NEXTCLOUD_MEMORY_LIMIT'."
        exit 1
@@ -171,64 +146,64 @@ It is set to '$NEXTCLOUD_MEMORY_LIMIT'."
 fi
 if [ -n "$APACHE_PORT" ]; then
    if ! check_if_number "$APACHE_PORT"; then
-        print_red "You provided an Apache port but did not only use numbers.
+        echo "You provided an Apache port but did not only use numbers.
 It is set to '$APACHE_PORT'."
        exit 1
    elif ! [ "$APACHE_PORT" -le 65535 ] || ! [ "$APACHE_PORT" -ge 1 ]; then
-        print_red "The provided Apache port is invalid. It must be between 1 and 65535"
+        echo "The provided Apache port is invalid. It must be between 1 and 65535"
        exit 1
    fi
 fi
 if [ -n "$APACHE_IP_BINDING" ]; then
-    if ! echo "$APACHE_IP_BINDING" | grep -q '^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$\|^[0-9a-f:]\+$'; then
-        print_red "You provided an ip-address for the apache container's ip-binding but it was not a valid ip-address.
+    if ! echo "$APACHE_IP_BINDING" | grep -q '^[0-9.]\+$'; then
+        echo "You provided an ip-address for the apache container's ip-binding but it was not a valid ip-address.
 It is set to '$APACHE_IP_BINDING'."
        exit 1
    fi
 fi
 if [ -n "$TALK_PORT" ]; then
    if ! check_if_number "$TALK_PORT"; then
-        print_red "You provided an Talk port but did not only use numbers.
+        echo "You provided an Talk port but did not only use numbers.
 It is set to '$TALK_PORT'."
        exit 1
    elif ! [ "$TALK_PORT" -le 65535 ] || ! [ "$TALK_PORT" -ge 1 ]; then
-        print_red "The provided Talk port is invalid. It must be between 1 and 65535"
+        echo "The provided Talk port is invalid. It must be between 1 and 65535"
        exit 1
    fi
 fi
 if [ -n "$APACHE_PORT" ] && [ -n "$TALK_PORT" ]; then
    if [ "$APACHE_PORT" = "$TALK_PORT" ]; then
-        print_red "APACHE_PORT and TALK_PORT are not allowed to be equal."
+        echo "APACHE_PORT and TALK_PORT are not allowed to be equal."
        exit 1
    fi
 fi
-if [ -n "$WATCHTOWER_DOCKER_SOCKET_PATH" ]; then
-    if ! echo "$WATCHTOWER_DOCKER_SOCKET_PATH" | grep -q "^/" || echo "$WATCHTOWER_DOCKER_SOCKET_PATH" | grep -q "/$"; then
-        print_red "You've set WATCHTOWER_DOCKER_SOCKET_PATH but not to an allowed value.
+if [ -n "$DOCKER_SOCKET_PATH" ]; then
+    if ! echo "$DOCKER_SOCKET_PATH" | grep -q "^/" || echo "$DOCKER_SOCKET_PATH" | grep -q "/$"; then
+        echo "You've set DOCKER_SOCKET_PATH but not to an allowed value.
 The string must start with '/' and must not end with '/'.
-It is set to '$WATCHTOWER_DOCKER_SOCKET_PATH'."
+It is set to '$DOCKER_SOCKET_PATH'."
        exit 1
    fi
 fi
 if [ -n "$NEXTCLOUD_TRUSTED_CACERTS_DIR" ]; then
    if ! echo "$NEXTCLOUD_TRUSTED_CACERTS_DIR" | grep -q "^/" || echo "$NEXTCLOUD_TRUSTED_CACERTS_DIR" | grep -q "/$"; then
-        print_red "You've set NEXTCLOUD_TRUSTED_CACERTS_DIR but not to an allowed value.
+        echo "You've set NEXTCLOUD_TRUSTED_CACERTS_DIR but not to an allowed value.
 It should be an absolute path to a directory that starts with '/' but not end with '/'.
 It is set to '$NEXTCLOUD_TRUSTED_CACERTS_DIR '."
        exit 1
    fi
 fi
 if [ -n "$NEXTCLOUD_STARTUP_APPS" ]; then
-    if ! echo "$NEXTCLOUD_STARTUP_APPS" | grep -q "^[a-z0-9 _-]\+$"; then
-        print_red "You've set NEXTCLOUD_STARTUP_APPS but not to an allowed value.
-It needs to be a string. Allowed are small letters a-z, 0-9, spaces, hyphens and '_'.
+    if ! echo "$NEXTCLOUD_STARTUP_APPS" | grep -q "^[a-z _-]\+$"; then
+        echo "You've set NEXTCLOUD_STARTUP_APPS but not to an allowed value.
+It needs to be a string. Allowed are small letters a-z, spaces, hyphens and '_'.
 It is set to '$NEXTCLOUD_STARTUP_APPS'."
        exit 1
    fi
 fi
 if [ -n "$NEXTCLOUD_ADDITIONAL_APKS" ]; then
    if ! echo "$NEXTCLOUD_ADDITIONAL_APKS" | grep -q "^[a-z0-9 ._-]\+$"; then
-        print_red "You've set NEXTCLOUD_ADDITIONAL_APKS but not to an allowed value.
+        echo "You've set NEXTCLOUD_ADDITIONAL_APKS but not to an allowed value.
 It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens, dots and '_'.
 It is set to '$NEXTCLOUD_ADDITIONAL_APKS'."
        exit 1
@@ -236,67 +211,24 @@ It is set to '$NEXTCLOUD_ADDITIONAL_APKS'."
 fi
 if [ -n "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" ]; then
    if ! echo "$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS" | grep -q "^[a-z0-9 ._-]\+$"; then
-        print_red "You've set NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS but not to an allowed value.
+        echo "You've set NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS but not to an allowed value.
 It needs to be a string. Allowed are small letters a-z, digits 0-9, spaces, hyphens, dots and '_'.
 It is set to '$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS'."
        exit 1
    fi
 fi
-if [ -n "$AIO_COMMUNITY_CONTAINERS" ]; then
-    read -ra AIO_CCONTAINERS <<< "$AIO_COMMUNITY_CONTAINERS"
-    for container in "${AIO_CCONTAINERS[@]}"; do
-        if ! [ -d "/var/www/docker-aio/community-containers/$container" ]; then
-            print_red "The community container $container was not found!"
-            FAIL_CCONTAINERS=1
-        fi
-    done
-    if [ -n "$FAIL_CCONTAINERS" ]; then
-        print_red "You've set AIO_COMMUNITY_CONTAINERS but at least one container was not found.
-It is set to '$AIO_COMMUNITY_CONTAINERS'."
-        exit 1
-    fi
-fi

 # Check DNS resolution
 # Prevents issues like https://github.com/nextcloud/all-in-one/discussions/565
 curl https://nextcloud.com &>/dev/null
 if [ "$?" = 6 ]; then
-    print_red "Could not resolve the host nextcloud.com."
+    echo "Could not resolve the host nextcloud.com."
    echo "Most likely the DNS resolving does not work."
    echo "You should be able to fix this by following https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html"
    echo "Apart from that, there has been this: https://github.com/nextcloud/all-in-one/discussions/2065"
    exit 1
 fi

-# Check that no changes have been made to timezone settings since AIO only supports running in Etc/UTC timezone
-if [ -n "$TZ" ]; then
-    print_red "The environmental variable TZ has been set which is not supported by AIO since it only supports running in the default Etc/UTC timezone!"
-    echo "The correct timezone can be set in the AIO interface later on!"
-    # Disable exit since it seems to be by default set on unraid and we dont want to break these instances
-    # exit 1
-fi
-if mountpoint -q /etc/localtime; then
-    print_red "/etc/localtime has been mounted into the container which is not allowed because AIO only supports running in the default Etc/UTC timezone!"
-    echo "The correct timezone can be set in the AIO interface later on!"
-    exit 1
-fi
-if mountpoint -q /etc/timezone; then
-    print_red "/etc/timezone has been mounted into the container which is not allowed because AIO only supports running in the default Etc/UTC timezone!"
-    echo "The correct timezone can be set in the AIO interface later on!"
-    exit 1
-fi
-
-# Check if unsupported env are set (but don't exit as it would break many instances)
-if [ -n "$APACHE_DISABLE_REWRITE_IP" ]; then
-    print_red "The environmental variable APACHE_DISABLE_REWRITE_IP has been set which is not supported by AIO. Please remove it!"
-fi
-if [ -n "$NEXTCLOUD_TRUSTED_DOMAINS" ]; then
-    print_red "The environmental variable NEXTCLOUD_TRUSTED_DOMAINS has been set which is not supported by AIO. Please remove it!"
-fi
-if [ -n "$TRUSTED_PROXIES" ]; then
-    print_red "The environmental variable TRUSTED_PROXIES has been set which is not supported by AIO. Please remove it!"
-fi
-
 # Add important folders
 mkdir -p /mnt/docker-aio-config/data/
 mkdir -p /mnt/docker-aio-config/session/
@@ -341,16 +273,15 @@ if [ -f ./ssl.crt ] && [ -f ./ssl.key ]; then
    cp "$GENERATED_CERTS/ssl.key" ./
 fi

-print_green "Initial startup of Nextcloud All-in-One complete!
+print_green "Initial startup of Nextcloud All In One complete!
 You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
 E.g. https://internal.ip.of.this.server:8080
-⚠️ Important: do always use an ip-address if you access this port and not a domain as HSTS might block access to it later!

 If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
 https://your-domain-that-points-to-this-server.tld:8443"

-# Set the timezone to Etc/UTC
-export TZ=Etc/UTC
+# Set the timezone to UTC
+export TZ=UTC

 # Fix apache startup
 rm -f /var/run/apache2/httpd.pid
@@ -361,5 +292,4 @@ caddy fmt --overwrite /Caddyfile
 # Fix caddy log 
 chmod 777 /root

-# Start supervisord
-/usr/bin/supervisord -c /supervisord.conf
+exec "$@"
--- a/Containers/mastercontainer/supervisord.conf
+++ b/Containers/mastercontainer/supervisord.conf
@@ -38,7 +38,6 @@ stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/cron.sh
-user=root

 [program:backup-time-file-watcher]
 stdout_logfile=/dev/stdout
@@ -55,12 +54,3 @@ stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
 command=/session-deduplicator.sh
 user=root
-
-[program:domain-validator]
-# Logging is disabled as otherwise all attempts will be logged which spams the logs
-# stdout_logfile=/dev/stdout
-# stdout_logfile_maxbytes=0
-# stderr_logfile=/dev/stderr
-# stderr_logfile_maxbytes=0
-command=php -S 127.0.0.1:9876 /var/www/docker-aio/php/domain-validator.php
-user=www-data
--- a/Containers/nextcloud/Dockerfile
+++ b/Containers/nextcloud/Dockerfile
@@ -1,86 +1,79 @@
-# syntax=docker/dockerfile:latest
-FROM php:8.2.18-fpm-alpine3.19
-
-ENV PHP_MEMORY_LIMIT 512M
-ENV PHP_UPLOAD_LIMIT 10G
-ENV PHP_MAX_TIME 3600
-ENV SOURCE_LOCATION /usr/src/nextcloud
-
-# AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION 28.0.5
-ENV AIO_TOKEN 123456
-ENV AIO_URL localhost
-# AIO settings end # Do not remove or change this line!
-
-COPY --chmod=775 *.sh /
-COPY --chmod=774 upgrade.exclude /upgrade.exclude
-COPY config/*.php /
-COPY supervisord.conf /supervisord.conf
-
-VOLUME /mnt/ncdata
-VOLUME /var/www/html
+# From https://github.com/nextcloud/docker/blob/master/23/fpm-alpine/Dockerfile
+FROM php:8.0.28-fpm-alpine3.16

 # Custom: change id of www-data user as it needs to be the same like on old installations
-# hadolint ignore=SC2086,DL3003
 RUN set -ex; \
-    apk upgrade --no-cache -a; \
    apk add --no-cache shadow; \
    deluser www-data; \
    groupmod -g 333 xfs; \
    usermod -u 333 -g 333 xfs; \
    addgroup -g 33 -S www-data; \
-    adduser -u 33 -D -S -G www-data www-data; \
-    \
+    adduser -u 33 -D -S -G www-data www-data
+
 # entrypoint.sh and cron.sh dependencies
+RUN set -ex; \
+    \
    apk add --no-cache \
        rsync \
-    ; \
+    ;
+
 # install the PHP extensions we need
 # see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
+ENV PHP_MEMORY_LIMIT 512M
+ENV PHP_UPLOAD_LIMIT 10G
+ENV PHP_MAX_TIME 3600
+RUN set -ex; \
+    \
    apk add --no-cache --virtual .build-deps \
        $PHPIZE_DEPS \
        autoconf \
+        libtool \
        freetype-dev \
-        gmp-dev \
        icu-dev \
-        imagemagick-dev \
-        imagemagick-svg \
-        imagemagick-heic \
-        imagemagick-tiff \
        libevent-dev \
        libjpeg-turbo-dev \
        libmcrypt-dev \
-        libmemcached-dev \
        libpng-dev \
-        libwebp-dev \
+        libmemcached-dev \
        libxml2-dev \
        libzip-dev \
        openldap-dev \
        pcre-dev \
        postgresql-dev \
+        libwebp-dev \
+        gmp-dev \
+        lcms2-dev \
+        fontconfig-dev \
+        freetype-dev \
+        ghostscript-dev \
+        tiff-dev \
+        zlib-dev \
+        imagemagick-dev \
+        libheif-dev \
+        librsvg-dev \
+        libxext-dev \
+        ghostscript-fonts \
    ; \
    \
    docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
-    docker-php-ext-configure ftp --with-openssl-dir=/usr; \
    docker-php-ext-configure ldap; \
    docker-php-ext-install -j "$(nproc)" \
        bcmath \
        exif \
        gd \
-        gmp \
        intl \
        ldap \
        opcache \
        pcntl \
        pdo_pgsql \
-        sysvsem \
        zip \
+        gmp \
    ; \
    \
 # pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.23; \
+    pecl install APCu-5.1.22; \
    pecl install memcached-3.2.0; \
-    pecl install redis-6.0.2; \
+    pecl install redis-5.3.7; \
    pecl install imagick-3.7.0; \
    \
    docker-php-ext-enable \
@@ -96,18 +89,15 @@ RUN set -ex; \
            | sort -u \
            | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
    )"; \
-    apk add --no-cache --virtual .nextcloud-phpext-rundeps $runDeps; \
-    apk del .build-deps; \
-    \
+    apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
+    apk del .build-deps
+
 # set recommended PHP.ini settings
 # see https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/server_tuning.html#enable-php-opcache
-    { \
-        echo 'opcache.memory_consumption=256'; \
-        echo 'opcache.interned_strings_buffer=64'; \
+RUN { \
+        echo 'opcache.interned_strings_buffer=32'; \
        echo 'opcache.save_comments=1'; \
        echo 'opcache.revalidate_freq=60'; \
-        echo 'opcache.jit=1255'; \
-        echo 'opcache.jit_buffer_size=8M'; \
    } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
    \
    echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
@@ -120,19 +110,15 @@ RUN set -ex; \
        echo 'max_input_time=${PHP_MAX_TIME}'; \
    } > /usr/local/etc/php/conf.d/nextcloud.ini; \
    \
-    { \
-        echo 'session.save_handler = redis'; \
-        echo 'session.save_path = "tcp://${REDIS_HOST}:6379?auth=${REDIS_HOST_PASSWORD}"'; \
-        echo 'redis.session.locking_enabled = 1'; \
-        echo 'redis.session.lock_retries = -1'; \
-        echo 'redis.session.lock_wait_time = 10000'; \
-    } > /usr/local/etc/php/conf.d/redis-session.ini; \
-    \
-    mkdir -p /var/www/data; \
+    mkdir /var/www/data; \
    chown -R www-data:root /var/www; \
-    chmod -R g=u /var/www; \
-    \
-# Download Nextcloud archive start # Do not remove or change this line!
+    chmod -R g=u /var/www
+
+VOLUME /var/www/html
+
+ENV NEXTCLOUD_VERSION 25.0.5
+
+RUN set -ex; \
    apk add --no-cache --virtual .fetch-deps \
        bzip2 \
        gnupg \
@@ -152,19 +138,27 @@ RUN set -ex; \
    mkdir -p /usr/src/nextcloud/data; \
    mkdir -p /usr/src/nextcloud/custom_apps; \
    chmod +x /usr/src/nextcloud/occ; \
-    mkdir -p /usr/src/nextcloud/config; \
-    apk del .fetch-deps; \
-# Download Nextcloud archive end # Do not remove or change this line!
-    mv /*.php /usr/src/nextcloud/config/; \
-    \
+    apk del .fetch-deps
+
+COPY *.sh upgrade.exclude /
+COPY config/* /usr/src/nextcloud/config/
+
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["php-fpm"]
+
 # Template from https://github.com/nextcloud/docker/blob/master/.examples/dockerfiles/full/fpm-alpine/Dockerfile
+
+RUN set -ex; \
+    \
    apk add --no-cache \
        ffmpeg \
        procps \
        samba-client \
        supervisor \
 #       libreoffice \
-    ; \
+    ;
+
+RUN set -ex; \
    \
    apk add --no-cache --virtual .build-deps \
        $PHPIZE_DEPS \
@@ -181,7 +175,6 @@ RUN set -ex; \
        bz2 \
        imap \
        pgsql \
-        ftp \
    ; \
    pecl install smbclient; \
    docker-php-ext-enable smbclient; \
@@ -192,15 +185,22 @@ RUN set -ex; \
            | sort -u \
            | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
    )"; \
-    apk add --no-cache --virtual .nextcloud-phpext-rundeps $runDeps; \
-    apk del .build-deps; \
-    \
-    mkdir -p \
+    apk add --virtual .nextcloud-phpext-rundeps $runDeps; \
+    apk del .build-deps
+
+RUN mkdir -p \
    /var/log/supervisord \
    /var/run/supervisord \
-    ; \
-    chown www-data:root -R /var/log/supervisord; \
-    chown www-data:root -R /var/run/supervisord; \
+;
+
+COPY supervisord.conf /
+
+ENV NEXTCLOUD_UPDATE=1
+
+CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
+
+# Custom:
+RUN set -ex; \
    \
    apk add --no-cache \
        bash \
@@ -210,50 +210,63 @@ RUN set -ex; \
        git \
        postgresql-client \
        tzdata \
+        mawk \
        sudo \
        grep \
-        nodejs \
-        bind-tools \
-        imagemagick \
-        imagemagick-svg \
-        imagemagick-heic \
-        imagemagick-tiff \
-        coreutils; \
-    \
+        coreutils \
+        libjpeg \
+        librsvg \
+        libheif \
+        libpng \
+        ghostscript-fonts;
+
+RUN set -ex; \
    grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
    sed -i 's/^pm = dynamic/pm = ondemand/' /usr/local/etc/php-fpm.d/www.conf; \
-# Sync this with max db connections and MaxRequestWorkers
-# We don't actually expect so many children but don't want to limit it artificially because people will report issues otherwise.
-# Also children will usually be terminated again after the process is done due to the ondemand setting
-    sed -i 's/^pm.max_children =.*/pm.max_children = 5000/' /usr/local/etc/php-fpm.d/www.conf; \
-    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf; \
-    \
-# AIO cloning start # Do not remove or change this line!
+    sed -i 's/^pm.max_children =.*/pm.max_children = 80/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's/^pm.start_servers =.*/pm.start_servers = 2/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's/^pm.min_spare_servers =.*/pm.min_spare_servers = 1/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's/^pm.max_spare_servers =.*/pm.max_spare_servers = 3/' /usr/local/etc/php-fpm.d/www.conf; \
+    sed -i 's|access.log = /proc/self/fd/2|access.log = /proc/self/fd/1|' /usr/local/etc/php-fpm.d/docker.conf
+
+RUN set -ex; \
    rm -rf /tmp/nextcloud-aio && \
    mkdir -p /tmp/nextcloud-aio && \
    cd /tmp/nextcloud-aio && \
    git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
    mkdir -p /usr/src/nextcloud/apps/nextcloud-aio; \
-    cp -r ./app/* /usr/src/nextcloud/apps/nextcloud-aio/; \
-# AIO cloning end # Do not remove or change this line!
-    \
+    cp -r ./app/* /usr/src/nextcloud/apps/nextcloud-aio/
+
+RUN set -ex; \
    chown www-data:root -R /usr/src && \
    chown www-data:root -R /usr/local/etc/php/conf.d && \
    chown www-data:root -R /usr/local/etc/php-fpm.d && \
-    chmod -R 777 /tmp; \
-    rm -rf /usr/src/nextcloud/apps/updatenotification; \
-    \
-    mkdir -p /nc-updater; \
-    chown -R www-data:www-data /nc-updater; \
-    chmod -R 770 /nc-updater; \
-    \
-# Give root a random password
-    echo "root:$(openssl rand -base64 12)" | chpasswd
+    rm -r /usr/src/nextcloud/apps/updatenotification
+
+COPY start.sh /
+COPY notify.sh /
+COPY notify-all.sh /
+RUN set -ex; \
+    chmod +x /start.sh && \
+    chmod +x /entrypoint.sh && \
+    chmod +r /upgrade.exclude && \
+    chmod +x /cron.sh && \
+    chmod +x /notify.sh && \
+    chmod +x /notify-all.sh && \
+    chmod +x /activate-collabora.sh && \
+    chmod +x /healthcheck.sh
+
+RUN set -ex; \
+    mkdir /mnt/ncdata; \
+    chown www-data:www-data /mnt/ncdata;
+
+VOLUME /mnt/ncdata
+
+# Give root a random password
+RUN echo "root:$(openssl rand -base64 12)" | chpasswd

-# hadolint ignore=DL3002
 USER root
 ENTRYPOINT ["/start.sh"]
-CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

-HEALTHCHECK --start-period=60s CMD sudo -E -u www-data bash /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+HEALTHCHECK CMD sudo -E -u www-data bash /healthcheck.sh
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/nextcloud/activate-collabora.sh
+++ b/Containers/nextcloud/activate-collabora.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+if [ "$COLLABORA_ENABLED" != yes ]; then
+    # Basically sleep for forever if collabora is not enabled
+    sleep inf
+fi
+while ! nc -z "$NC_DOMAIN" 443; do
+    sleep 5
+done
+sleep 10
+echo "Activating collabora config..."
+php /var/www/html/occ richdocuments:activate-config
+sleep inf
--- a/Containers/nextcloud/config/aio.config.php
+++ b/Containers/nextcloud/config/aio.config.php
@@ -1,5 +0,0 @@
-<?php
-$CONFIG = array (
-  'one-click-instance' => true,
-  'one-click-instance.user-limit' => 100,
-);
--- a/Containers/nextcloud/config/apps.config.php
+++ b/Containers/nextcloud/config/apps.config.php
@@ -2,15 +2,14 @@
 $CONFIG = array (
  'apps_paths' => array (
      0 => array (
-              'path'     => '/var/www/html/apps',
+              'path'     => OC::$SERVERROOT.'/apps',
              'url'      => '/apps',
              'writable' => false,
      ),
      1 => array (
-              'path'     => '/var/www/html/custom_apps',
+              'path'     => OC::$SERVERROOT.'/custom_apps',
              'url'      => '/custom_apps',
              'writable' => true,
      ),
  ),
-  'appsallowlist' => getenv('APPS_ALLOWLIST') ? explode(" ", getenv('APPS_ALLOWLIST')) : false,
 );
--- a/Containers/nextcloud/config/redis.config.php
+++ b/Containers/nextcloud/config/redis.config.php
@@ -6,7 +6,6 @@ if (getenv('REDIS_HOST')) {
    'redis' => array(
      'host' => getenv('REDIS_HOST'),
      'password' => (string) getenv('REDIS_HOST_PASSWORD'),
-      // 'dbindex' => (int) getenv('REDIS_DB_INDEX'),
    ),
  );

--- a/Containers/nextcloud/config/smtp.config.php
+++ b/Containers/nextcloud/config/smtp.config.php
@@ -1,20 +0,0 @@
-<?php
-if (getenv('SMTP_HOST') && getenv('MAIL_FROM_ADDRESS') && getenv('MAIL_DOMAIN')) {
-  $CONFIG = array (
-    'mail_smtpmode' => 'smtp',
-    'mail_smtphost' => getenv('SMTP_HOST'),
-    'mail_smtpport' => getenv('SMTP_PORT') ?: (getenv('SMTP_SECURE') ? 465 : 25),
-    'mail_smtpsecure' => getenv('SMTP_SECURE') ?: '',
-    'mail_smtpauth' => getenv('SMTP_NAME') && getenv('SMTP_PASSWORD'),
-    'mail_smtpauthtype' => getenv('SMTP_AUTHTYPE') ?: 'LOGIN',
-    'mail_smtpname' => getenv('SMTP_NAME') ?: '',
-    'mail_from_address' => getenv('MAIL_FROM_ADDRESS'),
-    'mail_domain' => getenv('MAIL_DOMAIN'),
-  );
-
-  if (getenv('SMTP_PASSWORD')) {
-      $CONFIG['mail_smtppassword'] = getenv('SMTP_PASSWORD');
-  } else {
-      $CONFIG['mail_smtppassword'] = '';
-  }
-}
--- a/Containers/nextcloud/cron.sh
+++ b/Containers/nextcloud/cron.sh
@@ -1,18 +1,7 @@
 #!/bin/bash
-wait_for_cron() {
-    set -x
-    while [ -n "$(pgrep -f /var/www/html/cron.php)" ]; do
-        echo "Waiting for cron to stop..."
-        sleep 5
-    done
-    echo "Cronjob successfully exited."
-    exit
-}
-
-trap wait_for_cron SIGINT SIGTERM
+set -eu

 while true; do
    php -f /var/www/html/cron.php &
-    sleep 5m &
-    wait $!
+    sleep 5m
 done
--- a/Containers/nextcloud/entrypoint.sh
+++ b/Containers/nextcloud/entrypoint.sh
@@ -10,14 +10,23 @@ directory_empty() {
    [ -z "$(ls -A "$1/")" ]
 }

-run_upgrade_if_needed_due_to_app_update() {
-    if php /var/www/html/occ status | grep needsDbUpgrade | grep -q true; then
-        # Disable integrity check temporarily until next update
-        php /var/www/html/occ config:system:set integrity.check.disabled --type bool --value true
-        php /var/www/html/occ upgrade
-        php /var/www/html/occ app:enable nextcloud-aio --force
-    fi
-}
+echo "Configuring Redis as session handler..."
+cat << REDIS_CONF > /usr/local/etc/php/conf.d/redis-session.ini
+session.save_handler = redis
+session.save_path = "tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}"
+redis.session.locking_enabled = 1
+redis.session.lock_retries = -1
+# redis.session.lock_wait_time is specified in microseconds.
+# Wait 10ms before retrying the lock rather than the default 2ms.
+redis.session.lock_wait_time = 10000
+REDIS_CONF
+
+echo "Setting php max children..."
+MEMORY=$(mawk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
+PHP_MAX_CHILDREN=$((MEMORY/50))
+if [ -n "$PHP_MAX_CHILDREN" ]; then
+    sed -i "s/^pm.max_children =.*/pm.max_children = $PHP_MAX_CHILDREN/" /usr/local/etc/php-fpm.d/www.conf
+fi

 # Check permissions in ncdata
 touch "$NEXTCLOUD_DATA_DIR/this-is-a-test-file" &>/dev/null
@@ -44,9 +53,9 @@ if [ -f /var/www/html/version.php ]; then
 else
    installed_version="0.0.0.0"
 fi
-if [ -f "$SOURCE_LOCATION/version.php" ]; then
+if [ -f "/usr/src/nextcloud/version.php" ]; then
    # shellcheck disable=SC2016
-    image_version="$(php -r "require '$SOURCE_LOCATION/version.php'; echo implode('.', \$OC_Version);")"
+    image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
 else
    image_version="$installed_version"
 fi
@@ -95,8 +104,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
        fi

        if [ "$installed_version" != "0.0.0.0" ] && [ "$((IMAGE_MAJOR - INSTALLED_MAJOR))" -gt 1 ]; then
-# Do not skip major versions placeholder # Do not remove or change this line!
-# Do not skip major versions start # Do not remove or change this line!
            set -ex
            NEXT_MAJOR="$((INSTALLED_MAJOR + 1))"
            curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/latest-${NEXT_MAJOR}.tar.bz2"
@@ -113,18 +120,17 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
            mkdir -p /usr/src/tmp/nextcloud/data
            mkdir -p /usr/src/tmp/nextcloud/custom_apps
            chmod +x /usr/src/tmp/nextcloud/occ
-            cp -r "$SOURCE_LOCATION"/config/* /usr/src/tmp/nextcloud/config/
+            cp -r /usr/src/nextcloud/config/* /usr/src/tmp/nextcloud/config/
            mkdir -p /usr/src/tmp/nextcloud/apps/nextcloud-aio
-            cp -r "$SOURCE_LOCATION"/apps/nextcloud-aio/* /usr/src/tmp/nextcloud/apps/nextcloud-aio/
-            mv "$SOURCE_LOCATION" /usr/src/temp-nextcloud
-            mv /usr/src/tmp/nextcloud "$SOURCE_LOCATION"
+            cp -r /usr/src/nextcloud/apps/nextcloud-aio/* /usr/src/tmp/nextcloud/apps/nextcloud-aio/
+            mv /usr/src/nextcloud /usr/src/temp-nextcloud
+            mv /usr/src/tmp/nextcloud /usr/src/nextcloud
            rm -r /usr/src/tmp
            rm -r /usr/src/temp-nextcloud
            # shellcheck disable=SC2016
-            image_version="$(php -r "require $SOURCE_LOCATION/version.php; echo implode('.', \$OC_Version);")"
+            image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')"
            IMAGE_MAJOR="${image_version%%.*}"
            set +ex
-# Do not skip major versions end # Do not remove or change this line!
        fi

        if [ "$installed_version" != "0.0.0.0" ]; then
@@ -141,8 +147,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                fi
            done

-            run_upgrade_if_needed_due_to_app_update
-
            php /var/www/html/occ maintenance:mode --off

            echo "Getting and backing up the status of apps for later, this might take a while..."
@@ -166,8 +170,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then

            php /var/www/html/occ app:update --all

-            run_upgrade_if_needed_due_to_app_update
-
            # Fix removing the updatenotification for old instances
            UPDATENOTIFICATION_STATUS="$(php /var/www/html/occ config:app:get updatenotification enabled)"
            if [ -d "/var/www/html/apps/updatenotification" ]; then
@@ -178,15 +180,15 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
        fi

        echo "Initializing nextcloud $image_version ..."
-        rsync -rlD --delete --exclude-from=/upgrade.exclude "$SOURCE_LOCATION/" /var/www/html/
+        rsync -rlD --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/

        for dir in config data custom_apps themes; do
            if [ ! -d "/var/www/html/$dir" ] || directory_empty "/var/www/html/$dir"; then
-                rsync -rlD --include "/$dir/" --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/
+                rsync -rlD --include "/$dir/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
            fi
        done
-        rsync -rlD --delete --include '/config/' --exclude '/*' --exclude '/config/CAN_INSTALL' --exclude '/config/config.sample.php' --exclude '/config/config.php' "$SOURCE_LOCATION/" /var/www/html/
-        rsync -rlD --include '/version.php' --exclude '/*' "$SOURCE_LOCATION/" /var/www/html/
+        rsync -rlD --delete --include '/config/' --exclude '/*' --exclude '/config/CAN_INSTALL' --exclude '/config/config.sample.php' --exclude '/config/config.php' /usr/src/nextcloud/ /var/www/html/
+        rsync -rlD --include '/version.php' --exclude '/*' /usr/src/nextcloud/ /var/www/html/
        echo "Initializing finished"

        #install
@@ -203,14 +205,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
                INSTALL_OPTIONS+=(--data-dir "$NEXTCLOUD_DATA_DIR")
            fi

-            # We do our own permission check so the permission check is not needed
-            cat << DATADIR_PERMISSION_CONF > /var/www/html/config/datadir.permission.config.php
-<?php
-    \$CONFIG = array (
-    'check_data_directory_permissions' => false
-);
-DATADIR_PERMISSION_CONF
-
            echo "Installing with PostgreSQL database"
            INSTALL_OPTIONS+=(--database pgsql --database-name "$POSTGRES_DB" --database-user "$POSTGRES_USER" --database-pass "$POSTGRES_PASSWORD" --database-host "$POSTGRES_HOST")

@@ -221,6 +215,9 @@ DATADIR_PERMISSION_CONF
                exit 1
            fi

+            # We do our own permission check so the permission check is not needed
+            php /var/www/html/occ config:system:set check_data_directory_permissions --value=false --type=bool
+
            # Try to force generation of appdata dir:
            php /var/www/html/occ maintenance:repair

@@ -241,52 +238,9 @@ DATADIR_PERMISSION_CONF
                fi
            fi

-            # This autoconfig is not needed anymore and should be able to be overwritten by the user
-            rm /var/www/html/config/datadir.permission.config.php
-
            # unset admin password
            unset ADMIN_PASSWORD

-# AIO update to latest start # Do not remove or change this line!
-            if [ "$INSTALL_LATEST_MAJOR" = yes ]; then
-                php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
-                INSTALLED_AT="$(php /var/www/html/occ config:app:get core installedat)"
-                if [ -n "${INSTALLED_AT}" ]; then
-                    # Set the installdat to 00 which will allow to skip staging and install the next major directly
-                    # shellcheck disable=SC2001
-                    INSTALLED_AT="$(echo "${INSTALLED_AT}" | sed "s|[0-9][0-9]$|00|")"
-                    php /var/www/html/occ config:app:set core installedat --value="${INSTALLED_AT}" 
-                fi
-                php /var/www/html/updater/updater.phar --no-interaction --no-backup
-                if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
-                    echo "Installation of Nextcloud failed!"
-                    touch "$NEXTCLOUD_DATA_DIR/install.failed"
-                    exit 1
-                fi
-                # shellcheck disable=SC2016
-                installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
-                INSTALLED_MAJOR="${installed_version%%.*}"
-                IMAGE_MAJOR="${image_version%%.*}"
-                if ! [ "$INSTALLED_MAJOR" -gt "$IMAGE_MAJOR" ]; then
-                    php /var/www/html/updater/updater.phar --no-interaction --no-backup
-                    if ! php /var/www/html/occ -V || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
-                        echo "Installation of Nextcloud failed!"
-                        touch "$NEXTCLOUD_DATA_DIR/install.failed"
-                        exit 1
-                    fi
-                    # shellcheck disable=SC2016
-                    installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
-                fi
-                php /var/www/html/occ app:disable updatenotification
-                rm -rf /var/www/html/apps/updatenotification
-                php /var/www/html/occ app:enable nextcloud-aio --force
-                php /var/www/html/occ db:add-missing-indices
-                php /var/www/html/occ db:add-missing-columns
-                php /var/www/html/occ db:add-missing-primary-keys
-                yes | php /var/www/html/occ db:convert-filecache-bigint
-            fi
-# AIO update to latest end # Do not remove or change this line!
-
            # Apply log settings
            echo "Applying default settings..."
            mkdir -p /var/www/html/data
@@ -311,13 +265,10 @@ DATADIR_PERMISSION_CONF
            php /var/www/html/occ config:system:set enabledPreviewProviders 4 --value="OC\\Preview\\TXT"
            php /var/www/html/occ config:system:set enabledPreviewProviders 5 --value="OC\\Preview\\OpenDocument"
            php /var/www/html/occ config:system:set enabledPreviewProviders 6 --value="OC\\Preview\\Movie"
-            php /var/www/html/occ config:system:set enabledPreviewProviders 7 --value="OC\\Preview\\Krita"
            php /var/www/html/occ config:system:set enable_previews --value=true --type=boolean

            # Apply other settings
            echo "Applying other settings..."
-            # Add missing indices after new installation because they seem to be missing on new installation
-            php /var/www/html/occ db:add-missing-indices
            php /var/www/html/occ config:system:set upgrade.disable-web --type=bool --value=true
            php /var/www/html/occ config:system:set mail_smtpmode --value="smtp"
            php /var/www/html/occ config:system:set trashbin_retention_obligation --value="auto, 30"
@@ -348,27 +299,26 @@ DATADIR_PERMISSION_CONF
                done
            fi

+            # Set the permission check to its default value again if not set
+            if [ "$SKIP_DATA_DIRECTORY_PERMISSION_CHECK" != yes ]; then
+                php /var/www/html/occ config:system:set check_data_directory_permissions --value=true --type=bool
+            fi
+
        #upgrade
        else
            touch "$NEXTCLOUD_DATA_DIR/update.failed"
            echo "Upgrading nextcloud from $installed_version to $image_version..."
-            php /var/www/html/occ config:system:delete integrity.check.disabled
            if ! php /var/www/html/occ upgrade || ! php /var/www/html/occ -V; then
                echo "Upgrade failed. Please restore from backup."
                bash /notify.sh "Nextcloud update to $image_version failed!" "Please restore from backup!"
                exit 1
            fi

-            # shellcheck disable=SC2016
-            installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
-
            rm "$NEXTCLOUD_DATA_DIR/update.failed"
            bash /notify.sh "Nextcloud update to $image_version successful!" "Feel free to inspect the Nextcloud container logs for more info."

            php /var/www/html/occ app:update --all

-            run_upgrade_if_needed_due_to_app_update
-
            # Restore app status
            if [ "${APPSTORAGE[0]}" != "no-export-done" ]; then
                echo "Restoring the status of apps. This can take a while..."
@@ -377,12 +327,6 @@ DATADIR_PERMISSION_CONF
                        if [ "${APPSTORAGE[$app]}" != "no" ]; then
                            echo "Enabling $app..."
                            if ! php /var/www/html/occ app:enable "$app" >/dev/null; then
-                                php /var/www/html/occ app:disable "$app" >/dev/null
-                                if ! php /var/www/html/occ -V &>/dev/null; then
-                                    rm -r "/var/www/html/custom_apps/$app"
-                                    php /var/www/html/occ maintenance:mode --off
-                                fi
-                                run_upgrade_if_needed_due_to_app_update
                                echo "The $app app could not get enabled. Probably because it is not compatible with the new Nextcloud version."
                                if [ "$app" = apporder ]; then
                                    CUSTOM_HINT="The apporder app was deprecated. A possible replacement is the side_menu app, aka 'Custom menu'."
@@ -403,8 +347,6 @@ DATADIR_PERMISSION_CONF

            php /var/www/html/occ app:update --all

-            run_upgrade_if_needed_due_to_app_update
-
            # Apply optimization
            echo "Doing some optimizations..."
            php /var/www/html/occ maintenance:repair
@@ -420,7 +362,8 @@ DATADIR_PERMISSION_CONF
    # Performing update of all apps if daily backups are enabled, running and successful and if it is saturday
    if [ "$UPDATE_NEXTCLOUD_APPS" = 'yes' ] && [ "$(date +%u)" = 6 ]; then
        UPDATED_APPS="$(php /var/www/html/occ app:update --all)"
-        run_upgrade_if_needed_due_to_app_update
+        # Update all apps again and try to prevent something like https://github.com/nextcloud/polls/issues/2793 from happening
+        php /var/www/html/occ app:update --all
        if [ -n "$UPDATED_APPS" ]; then
             bash /notify.sh "Your apps just got updated!" "$UPDATED_APPS"
        fi
@@ -429,28 +372,23 @@ else
    SKIP_UPDATE=1
 fi

-run_upgrade_if_needed_due_to_app_update
-
 if [ -z "$OBJECTSTORE_S3_BUCKET" ] && [ -z "$OBJECTSTORE_SWIFT_URL" ]; then
    # Check if appdata is present
    # If not, something broke (e.g. changing ncdatadir after aio was first started)
    if [ -z "$(find "$NEXTCLOUD_DATA_DIR/" -maxdepth 1 -mindepth 1 -type d -name "appdata_*")" ]; then
-        echo "Appdata is not present. Did you maybe change the datadir after the initial Nextcloud installation? This is not supported!"
+        echo "Appdata is not present. Did you maybe change the datadir after aio was first started?"
        echo "See https://github.com/nextcloud/all-in-one#how-to-change-the-default-location-of-nextclouds-datadir"
-        echo "If you adjusted the datadir to be located on an external drive, make sure that the drive is still mounted!"
        echo "In the datadir was found:"
        ls -la "$NEXTCLOUD_DATA_DIR/"
        exit 1
    fi

-    # Delete formerly configured tempdirectory as the default is usually faster (if the datadir is on a HDD or network FS)
-    if [ "$(php /var/www/html/occ config:system:get tempdirectory)" = "$NEXTCLOUD_DATA_DIR/tmp/" ]; then
-        php /var/www/html/occ config:system:delete tempdirectory
-        if [ -d "$NEXTCLOUD_DATA_DIR/tmp/" ]; then
-            rm -r "$NEXTCLOUD_DATA_DIR/tmp/"
-        fi
+    # Configure tempdirectory
+    mkdir -p "$NEXTCLOUD_DATA_DIR/tmp/"
+    if ! grep -q upload_tmp_dir /usr/local/etc/php/conf.d/nextcloud.ini; then
+        echo "upload_tmp_dir = $NEXTCLOUD_DATA_DIR/tmp/" >> /usr/local/etc/php/conf.d/nextcloud.ini
    fi
-
+    php /var/www/html/occ config:system:set tempdirectory --value="$NEXTCLOUD_DATA_DIR/tmp/"
 fi

 # Perform fingerprint update if instance was restored
@@ -459,53 +397,25 @@ if [ -f "$NEXTCLOUD_DATA_DIR/fingerprint.update" ]; then
    rm "$NEXTCLOUD_DATA_DIR/fingerprint.update"
 fi

-# AIO one-click settings start # Do not remove or change this line!
 # Apply one-click-instance settings
 echo "Applying one-click-instance settings..."
 php /var/www/html/occ config:system:set one-click-instance --value=true --type=bool
 php /var/www/html/occ config:system:set one-click-instance.user-limit --value=100 --type=int
 php /var/www/html/occ config:system:set one-click-instance.link --value="https://nextcloud.com/all-in-one/"
-# AIO one-click settings end # Do not remove or change this line!
 php /var/www/html/occ app:enable support
-if [ -n "$SUBSCRIPTION_KEY" ] && [ -z "$(php /var/www/html/occ config:app:get support potential_subscription_key)" ]; then
-    php /var/www/html/occ config:app:set support potential_subscription_key --value="$SUBSCRIPTION_KEY"
-    php /var/www/html/occ config:app:delete support last_check
-fi

 # Adjusting log files to be stored on a volume
 echo "Adjusting log files..."
-php /var/www/html/occ config:system:set upgrade.cli-upgrade-link --value="https://github.com/nextcloud/all-in-one/discussions/2726"
 php /var/www/html/occ config:system:set logfile --value="/var/www/html/data/nextcloud.log"
 php /var/www/html/occ config:app:set admin_audit logfile --value="/var/www/html/data/audit.log"
-php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
-if [ -n "$SERVERINFO_TOKEN" ] && [ -z "$(php /var/www/html/occ config:app:get serverinfo token)" ]; then
-    php /var/www/html/occ config:app:set serverinfo token --value="$SERVERINFO_TOKEN"
-fi
-# Set maintenance window so that no warning is shown in the admin overview
-if [ -z "$(php /var/www/html/occ config:system:get maintenance_window_start)" ]; then
-    php /var/www/html/occ config:system:set maintenance_window_start --type=int --value=100
-fi

 # Apply network settings
 echo "Applying network settings..."
-php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
-php /var/www/html/occ config:system:set davstorage.request_timeout --value="$PHP_MAX_TIME" --type=int
 php /var/www/html/occ config:system:set trusted_domains 1 --value="$NC_DOMAIN"
 php /var/www/html/occ config:system:set overwrite.cli.url --value="https://$NC_DOMAIN/"
 php /var/www/html/occ config:system:set htaccess.RewriteBase --value="/"
 php /var/www/html/occ maintenance:update:htaccess

-# Revert dbpersistent setting to check if it fixes too many db connections
-php /var/www/html/occ config:system:set dbpersistent --value=false --type=bool
-
-if [ "$DISABLE_BRUTEFORCE_PROTECTION" = yes ]; then
-    php /var/www/html/occ config:system:set auth.bruteforce.protection.enabled --type=bool --value=false
-    php /var/www/html/occ config:system:set ratelimit.protection.enabled --type=bool --value=false
-else
-    php /var/www/html/occ config:system:set auth.bruteforce.protection.enabled --type=bool --value=true
-    php /var/www/html/occ config:system:set ratelimit.protection.enabled --type=bool --value=true
-fi
-
 # Disallow creating local external storages when nothing was mounted
 if [ -z "$NEXTCLOUD_MOUNT" ]; then
    php /var/www/html/occ config:system:set files_external_allow_create_new_local --type=bool --value=false
@@ -513,18 +423,10 @@ else
    php /var/www/html/occ config:system:set files_external_allow_create_new_local --type=bool --value=true
 fi

-# AIO app start # Do not remove or change this line!
 # AIO app
-if [ "$THIS_IS_AIO" = "true" ]; then
-    if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" != "yes" ]; then
-        php /var/www/html/occ app:enable nextcloud-aio
-    fi
-else
-    if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" != "no" ]; then
-        php /var/www/html/occ app:disable nextcloud-aio
-    fi
+if [ "$(php /var/www/html/occ config:app:get nextcloud-aio enabled)" != "yes" ]; then
+    php /var/www/html/occ app:enable nextcloud-aio
 fi
-# AIO app end # Do not remove or change this line!

 # Notify push
 if ! [ -d "/var/www/html/custom_apps/notify_push" ]; then
@@ -534,32 +436,12 @@ elif [ "$(php /var/www/html/occ config:app:get notify_push enabled)" != "yes" ];
 elif [ "$SKIP_UPDATE" != 1 ]; then
    php /var/www/html/occ app:update notify_push
 fi
-chmod 775 -R /var/www/html/custom_apps/notify_push/bin/
 php /var/www/html/occ config:system:set trusted_proxies 0 --value="127.0.0.1"
 php /var/www/html/occ config:system:set trusted_proxies 1 --value="::1"
-if [ -n "$ADDITIONAL_TRUSTED_PROXY" ]; then
-    php /var/www/html/occ config:system:set trusted_proxies 2 --value="$ADDITIONAL_TRUSTED_PROXY"
-fi
-
-# Get ipv4-address of Nextcloud 
-IPv4_ADDRESS="$(dig nextcloud-aio-nextcloud A +short +search | head -1)" 
-# Bring it in CIDR notation 
-# shellcheck disable=SC2001
-IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|1/32|')" 
-php /var/www/html/occ config:system:set trusted_proxies 10 --value="$IPv4_ADDRESS"
-
-if [ -n "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
-    php /var/www/html/occ config:system:set trusted_domains 2 --value="$ADDITIONAL_TRUSTED_DOMAIN"
-fi
 php /var/www/html/occ config:app:set notify_push base_endpoint --value="https://$NC_DOMAIN/push"

 # Collabora
 if [ "$COLLABORA_ENABLED" = 'yes' ]; then
-    set -x
-    if echo "$COLLABORA_HOST" | grep -q "nextcloud-.*-collabora"; then
-        COLLABORA_HOST="$NC_DOMAIN"
-    fi
-    set +x
    if ! [ -d "/var/www/html/custom_apps/richdocuments" ]; then
        php /var/www/html/occ app:install richdocuments
    elif [ "$(php /var/www/html/occ config:app:get richdocuments enabled)" != "yes" ]; then
@@ -567,10 +449,15 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
    elif [ "$SKIP_UPDATE" != 1 ]; then
        php /var/www/html/occ app:update richdocuments
    fi
-    php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$COLLABORA_HOST/"
+    php /var/www/html/occ config:app:set richdocuments wopi_url --value="https://$NC_DOMAIN/"
+    # Fix https://github.com/nextcloud/all-in-one/issues/188:
+    php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
    # Make collabora more save
-    COLLABORA_IPv4_ADDRESS="$(dig "$COLLABORA_HOST" A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
-    COLLABORA_IPv6_ADDRESS="$(dig "$COLLABORA_HOST" AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+    COLLABORA_IPv4_ADDRESS="$(echo "<?php echo gethostbyname('$NC_DOMAIN');" | php | head -1)"
+    COLLABORA_IPv6_ADDRESS="<?php \$record = dns_get_record('$NC_DOMAIN', DNS_AAAA);"
+    # shellcheck disable=SC2016
+    COLLABORA_IPv6_ADDRESS+='if (!empty($record)) {echo $record[0]["ipv6"];}'
+    COLLABORA_IPv6_ADDRESS="$(echo "$COLLABORA_IPv6_ADDRESS" | php | head -1)"
    COLLABORA_ALLOW_LIST="$(php /var/www/html/occ config:app:get richdocuments wopi_allowlist)"
    if [ -n "$COLLABORA_IPv4_ADDRESS" ]; then
        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv4_ADDRESS"; then
@@ -581,7 +468,7 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
            fi
        fi
    else
-        echo "Warning: No ipv4-address found for $COLLABORA_HOST."
+        echo "Warning: No ipv4-address found for $NC_DOMAIN."
    fi
    if [ -n "$COLLABORA_IPv6_ADDRESS" ]; then
        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv6_ADDRESS"; then
@@ -592,24 +479,19 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
            fi
        fi
    else
-        echo "No ipv6-address found for $COLLABORA_HOST."
+        echo "No ipv6-address found for $NC_DOMAIN."
    fi
    if [ -n "$COLLABORA_ALLOW_LIST" ]; then
        PRIVATE_IP_RANGES='127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1'
        if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$PRIVATE_IP_RANGES"; then
            COLLABORA_ALLOW_LIST+=",$PRIVATE_IP_RANGES"
        fi
-        if [ -n "$ADDITIONAL_TRUSTED_PROXY" ]; then
-            if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$ADDITIONAL_TRUSTED_PROXY"; then
-                COLLABORA_ALLOW_LIST+=",$ADDITIONAL_TRUSTED_PROXY"
-            fi
-        fi
        php /var/www/html/occ config:app:set richdocuments wopi_allowlist --value="$COLLABORA_ALLOW_LIST"
    else
        echo "Warning: wopi_allowlist is empty which should not be the case!"
    fi
 else
-    if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/richdocuments" ]; then
+    if [ -d "/var/www/html/custom_apps/richdocuments" ]; then
        php /var/www/html/occ app:remove richdocuments
    fi
 fi
@@ -628,26 +510,17 @@ if [ "$ONLYOFFICE_ENABLED" = 'yes' ]; then
        php /var/www/html/occ app:update onlyoffice
    fi
    php /var/www/html/occ config:system:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
-    php /var/www/html/occ config:app:set onlyoffice jwt_secret --value="$ONLYOFFICE_SECRET"
    php /var/www/html/occ config:system:set onlyoffice jwt_header --value="AuthorizationJwt"
    php /var/www/html/occ config:app:set onlyoffice DocumentServerUrl --value="https://$NC_DOMAIN/onlyoffice"
+    php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
 else
-    if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/onlyoffice" ] && [ -n "$ONLYOFFICE_SECRET" ] && [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then
+    if [ -d "/var/www/html/custom_apps/onlyoffice" ] && [ -n "$ONLYOFFICE_SECRET" ] && [ "$(php /var/www/html/occ config:system:get onlyoffice jwt_secret)" = "$ONLYOFFICE_SECRET" ]; then
        php /var/www/html/occ app:remove onlyoffice
    fi
 fi

 # Talk
 if [ "$TALK_ENABLED" = 'yes' ]; then
-    set -x
-    if [ -z "$TALK_HOST" ] || echo "$TALK_HOST" | grep -q "nextcloud-.*-talk"; then
-        TALK_HOST="$NC_DOMAIN"
-        HPB_PATH="/standalone-signaling/"
-    fi
-    if [ -z "$TURN_DOMAIN" ]; then
-        TURN_DOMAIN="$TALK_HOST"
-    fi
-    set +x
    if ! [ -d "/var/www/html/custom_apps/spreed" ]; then
        php /var/www/html/occ app:install spreed
    elif [ "$(php /var/www/html/occ config:app:get spreed enabled)" != "yes" ]; then
@@ -657,38 +530,22 @@ if [ "$TALK_ENABLED" = 'yes' ]; then
    fi
    # Based on https://github.com/nextcloud/spreed/issues/960#issuecomment-416993435
    if [ -z "$(php /var/www/html/occ talk:turn:list --output="plain")" ]; then
-        # shellcheck disable=SC2153
-        php /var/www/html/occ talk:turn:add turn "$TURN_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
+        php /var/www/html/occ talk:turn:add turn "$NC_DOMAIN:$TALK_PORT" "udp,tcp" --secret="$TURN_SECRET"
    fi
    STUN_SERVER="$(php /var/www/html/occ talk:stun:list --output="plain")"
    if [ -z "$STUN_SERVER" ] || echo "$STUN_SERVER" | grep -oP '[a-zA-Z.:0-9]+' | grep -q "^stun.nextcloud.com:443$"; then
-        php /var/www/html/occ talk:stun:add "$TURN_DOMAIN:$TALK_PORT"
+        php /var/www/html/occ talk:stun:add "$NC_DOMAIN:$TALK_PORT"
        php /var/www/html/occ talk:stun:delete "stun.nextcloud.com:443"
    fi
-    if ! php /var/www/html/occ talk:signaling:list --output="plain" | grep -q "https://$TALK_HOST$HPB_PATH"; then
-        php /var/www/html/occ talk:signaling:add "https://$TALK_HOST$HPB_PATH" "$SIGNALING_SECRET" --verify
+    if ! php /var/www/html/occ talk:signaling:list --output="plain" | grep -q "https://$NC_DOMAIN/standalone-signaling/"; then
+        php /var/www/html/occ talk:signaling:add "https://$NC_DOMAIN/standalone-signaling/" "$SIGNALING_SECRET" --verify
    fi
 else
-    if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/spreed" ]; then
+    if [ -d "/var/www/html/custom_apps/spreed" ]; then
        php /var/www/html/occ app:remove spreed
    fi
 fi

-# Talk recording
-if [ -d "/var/www/html/custom_apps/spreed" ]; then
-    if [ "$TALK_RECORDING_ENABLED" = 'yes' ]; then
-        while ! nc -z "$TALK_RECORDING_HOST" 1234; do
-            echo "waiting for Talk Recording to become available..."
-            sleep 5
-        done
-        # TODO: migrate to occ command if that becomes available
-        RECORDING_SERVERS_STRING="{\"servers\":[{\"server\":\"http://$TALK_RECORDING_HOST:1234/\",\"verify\":true}],\"secret\":\"$RECORDING_SECRET\"}"
-        php /var/www/html/occ config:app:set spreed recording_servers --value="$RECORDING_SERVERS_STRING"
-    else
-        php /var/www/html/occ config:app:delete spreed recording_servers
-    fi
-fi
-
 # Clamav
 if [ "$CLAMAV_ENABLED" = 'yes' ]; then
    count=0
@@ -712,27 +569,28 @@ if [ "$CLAMAV_ENABLED" = 'yes' ]; then
        php /var/www/html/occ config:app:set files_antivirus av_port --value="3310"
        php /var/www/html/occ config:app:set files_antivirus av_host --value="$CLAMAV_HOST"
        php /var/www/html/occ config:app:set files_antivirus av_stream_max_length --value="104857600"
-        php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="104857600"
+        php /var/www/html/occ config:app:set files_antivirus av_max_file_size --value="-1"
        php /var/www/html/occ config:app:set files_antivirus av_infected_action --value="only_log"
    fi
 else
-    if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
+    if [ -d "/var/www/html/custom_apps/files_antivirus" ]; then
        php /var/www/html/occ app:remove files_antivirus
    fi
 fi

 # Imaginary
-if [ "$IMAGINARY_ENABLED" = 'yes' ]; then
-    php /var/www/html/occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\Imaginary"
-    php /var/www/html/occ config:system:set preview_imaginary_url --value="http://$IMAGINARY_HOST:9000"
-    php /var/www/html/occ config:system:set preview_imaginary_key --value="$IMAGINARY_SECRET"
-else
-    if [ -n "$(php /var/www/html/occ config:system:get preview_imaginary_url)" ]; then
-        php /var/www/html/occ config:system:delete enabledPreviewProviders 0
-        php /var/www/html/occ config:system:delete preview_imaginary_url
-        php /var/www/html/occ config:system:delete enabledPreviewProviders 20
-        php /var/www/html/occ config:system:delete enabledPreviewProviders 21
-        php /var/www/html/occ config:system:delete enabledPreviewProviders 22
+if version_greater "$installed_version" "24.0.0.0"; then
+    if [ "$IMAGINARY_ENABLED" = 'yes' ]; then
+        php /var/www/html/occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\Imaginary"
+        php /var/www/html/occ config:system:set preview_imaginary_url --value="http://$IMAGINARY_HOST:9000"
+    else
+        if [ -n "$(php /var/www/html/occ config:system:get preview_imaginary_url)" ]; then
+            php /var/www/html/occ config:system:delete enabledPreviewProviders 0
+            php /var/www/html/occ config:system:delete preview_imaginary_url
+            php /var/www/html/occ config:system:delete enabledPreviewProviders 20
+            php /var/www/html/occ config:system:delete enabledPreviewProviders 21
+            php /var/www/html/occ config:system:delete enabledPreviewProviders 22
+        fi
    fi
 fi

@@ -764,7 +622,7 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
        php /var/www/html/occ app:update files_fulltextsearch
    fi
    php /var/www/html/occ fulltextsearch:configure '{"search_platform":"OCA\\FullTextSearch_Elasticsearch\\Platform\\ElasticSearchPlatform"}'
-    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://elastic:$FULLTEXTSEARCH_PASSWORD@$FULLTEXTSEARCH_HOST:9200\",\"elastic_index\":\"nextcloud-aio\"}"
+    php /var/www/html/occ fulltextsearch_elasticsearch:configure "{\"elastic_host\":\"http://$FULLTEXTSEARCH_HOST:9200\",\"elastic_index\":\"nextcloud-aio\"}"
    php /var/www/html/occ files_fulltextsearch:configure "{\"files_pdf\":\"1\",\"files_office\":\"1\"}"

    # Do the index
@@ -780,33 +638,14 @@ if [ "$FULLTEXTSEARCH_ENABLED" = 'yes' ]; then
        fi
    fi
 else
-    if [ "$REMOVE_DISABLED_APPS" = yes ]; then
-        if [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then
-            php /var/www/html/occ app:remove fulltextsearch
-        fi
-        if [ -d "/var/www/html/custom_apps/fulltextsearch_elasticsearch" ]; then
-            php /var/www/html/occ app:remove fulltextsearch_elasticsearch
-        fi
-        if [ -d "/var/www/html/custom_apps/files_fulltextsearch" ]; then
-            php /var/www/html/occ app:remove files_fulltextsearch
-        fi
+    if [ -d "/var/www/html/custom_apps/fulltextsearch" ]; then
+        php /var/www/html/occ app:remove fulltextsearch
    fi
-fi
-
-# Docker socket proxy
-if version_greater "$installed_version" "27.1.2.0"; then
-    if [ "$DOCKER_SOCKET_PROXY_ENABLED" = 'yes' ]; then
-        if ! [ -d "/var/www/html/custom_apps/app_api" ]; then
-            php /var/www/html/occ app:install app_api
-        elif [ "$(php /var/www/html/occ config:app:get app_api enabled)" != "yes" ]; then
-            php /var/www/html/occ app:enable app_api
-        elif [ "$SKIP_UPDATE" != 1 ]; then
-            php /var/www/html/occ app:update app_api
-        fi
-    else
-        if [ "$REMOVE_DISABLED_APPS" = yes ] && [ -d "/var/www/html/custom_apps/app_api" ]; then
-            php /var/www/html/occ app:remove app_api
-        fi
+    if [ -d "/var/www/html/custom_apps/fulltextsearch_elasticsearch" ]; then
+        php /var/www/html/occ app:remove fulltextsearch_elasticsearch
+    fi
+    if [ -d "/var/www/html/custom_apps/files_fulltextsearch" ]; then
+        php /var/www/html/occ app:remove files_fulltextsearch
    fi
 fi

--- a/Containers/nextcloud/healthcheck.sh
+++ b/Containers/nextcloud/healthcheck.sh
@@ -2,6 +2,6 @@

 nc -z "$POSTGRES_HOST" 5432 || exit 0

-if ! nc -z localhost 9000; then
+if ! nc -z localhost 9000 || ! nc -z localhost 7867; then
    exit 1
 fi
--- a/Containers/nextcloud/run-exec-commands.sh
+++ b/Containers/nextcloud/run-exec-commands.sh
@@ -1,26 +0,0 @@
-#!/bin/bash
-
-# Wait 15s for domain to be reachable
-sleep 15
-
-if [ -n "$NEXTCLOUD_EXEC_COMMANDS" ]; then
-    echo "#!/bin/bash" > /tmp/nextcloud-exec-commands
-    echo "$NEXTCLOUD_EXEC_COMMANDS" >> /tmp/nextcloud-exec-commands
-    if ! grep "one-click-instance" /tmp/nextcloud-exec-commands; then
-        bash /tmp/nextcloud-exec-commands
-        rm /tmp/nextcloud-exec-commands
-    fi
-else
-    # Collabora must work also if using manual-install 
-    if [ "$COLLABORA_ENABLED" = yes ]; then
-        echo "Activating Collabora config..."
-        php /var/www/html/occ richdocuments:activate-config
-    fi
-    # OnlyOffice must work also if using manual-install
-    if [ "$ONLYOFFICE_ENABLED" = yes ]; then
-        echo "Activating OnlyOffice config..."
-        php /var/www/html/occ onlyoffice:documentserver --check
-    fi
-fi
-
-sleep inf
--- a/Containers/nextcloud/start.sh
+++ b/Containers/nextcloud/start.sh
@@ -34,7 +34,7 @@ fi
 # Check if /dev/dri device is present and apply correct permissions
 set -x
 if ! [ -f "/dev-dri-group-was-added" ] && [ -n "$(find /dev -maxdepth 1 -mindepth 1 -name dri)" ] && [ -n "$(find /dev/dri -maxdepth 1 -mindepth 1 -name renderD128)" ]; then
-    # From https://memories.gallery/hw-transcoding/#docker-installations
+    # From https://github.com/pulsejet/memories/wiki/QSV-Transcoding#docker-installations
    GID="$(stat -c "%g" /dev/dri/renderD128)"
    groupadd -g "$GID" render2 || true # sometimes this is needed
    GROUP="$(getent group "$GID" | cut -d: -f1)"
@@ -54,17 +54,11 @@ sudo -u www-data rm -f "$NEXTCLOUD_DATA_DIR/this-is-a-test-file"
 # Install additional dependencies
 if [ -n "$ADDITIONAL_APKS" ]; then
    if ! [ -f "/additional-apks-are-installed" ]; then
-        # Allow to disable imagemagick without having to download it each time
-        if ! echo "$ADDITIONAL_APKS" | grep -q imagemagick; then
-            apk del imagemagick imagemagick-svg imagemagick-heic imagemagick-tiff;
-        fi
        read -ra ADDITIONAL_APKS_ARRAY <<< "$ADDITIONAL_APKS"
        for app in "${ADDITIONAL_APKS_ARRAY[@]}"; do
-            if [ "$app" != imagemagick ]; then
-                echo "Installing $app via apk..."
-                if ! apk add --no-cache "$app" >/dev/null; then
-                    echo "The packet $app was not installed!"
-                fi
+            echo "Installing $app via apk..."
+            if ! apk add --no-cache "$app" >/dev/null; then
+                echo "The packet $app was not installed!"
            fi
        done
    fi
@@ -125,7 +119,7 @@ if [ -n "$ADDITIONAL_PHP_EXTENSIONS" ]; then
                    | awk 'system("[ -e /usr/local/lib/" $1 " ]") == 0 { next } { print "so:" $1 }' \
            )";
            # shellcheck disable=SC2086
-            apk add --no-cache --virtual .nextcloud-phpext-rundeps $runDeps >/dev/null
+            apk add --virtual .nextcloud-phpext-rundeps $runDeps >/dev/null
            apk del .build-deps >/dev/null
        fi
    fi
@@ -137,25 +131,14 @@ if ! sudo -E -u www-data bash /entrypoint.sh; then
    exit 1
 fi

-while [ "$THIS_IS_AIO" = "true" ] && [ -z "$(dig nextcloud-aio-apache A +short +search)" ]; do
-    echo "Waiting for nextcloud-aio-apache to start..."
-    sleep 5
-done
-
-set -x
-# shellcheck disable=SC2235
-if [ "$THIS_IS_AIO" = "true" ] && ([ "$APACHE_PORT" = 443 ] || [ "$APACHE_IP_BINDING" = "127.0.0.1" ] || [ "$APACHE_IP_BINDING" = "::1" ]); then
-    IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
-    IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-    IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
-    IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
-
-    sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
-    sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER|" /usr/local/etc/php-fpm.d/www.conf
-    sed -i "/^listen.allowed_clients/s/,,/,/g" /usr/local/etc/php-fpm.d/www.conf
-    sed -i "/^listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
-    grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
+# Correctly set CPU_ARCH for notify_push
+CPU_ARCH="$(uname -m)"
+export CPU_ARCH
+if [ -z "$CPU_ARCH" ]; then
+    echo "Could not get processor architecture. Exiting."
+    exit 1
+elif [ "$CPU_ARCH" != "x86_64" ]; then
+    export CPU_ARCH="aarch64"
 fi
-set +x

-exec "$@"
+exec "$@"
--- a/Containers/nextcloud/supervisord.conf
+++ b/Containers/nextcloud/supervisord.conf
@@ -25,19 +25,18 @@ stderr_logfile_maxbytes=0
 command=/cron.sh
 user=www-data

-[program:run-exec-commands]
+[program:notify-push]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=/run-exec-commands.sh
+command=/var/www/html/custom_apps/notify_push/bin/%(ENV_CPU_ARCH)s/notify_push /var/www/html/config/config.php --port 7867 --redis-url redis://:%(ENV_REDIS_HOST_PASSWORD)s@%(ENV_REDIS_HOST)s
 user=www-data

-# This is a hack but no better solution is there
-[program:is-nextcloud-online]
+[program:activate-collabora]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=nc -lk 9001
+command=/activate-collabora.sh
 user=www-data
--- a/Containers/notify-push/Dockerfile
+++ b/Containers/notify-push/Dockerfile
@@ -1,24 +0,0 @@
-# syntax=docker/dockerfile:latest
-FROM alpine:3.19.1
-
-COPY --chmod=775 start.sh /start.sh
-COPY --chmod=775 healthcheck.sh /healthcheck.sh
-
-RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache \
-        ca-certificates \
-        netcat-openbsd \
-        tzdata \
-        bash \
-        openssl; \
-# Give root a random password
-    echo "root:$(openssl rand -base64 12)" | chpasswd; \
-    apk del --no-cache \
-        openssl;
-
-USER 33
-ENTRYPOINT ["/start.sh"]
-
-HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
--- a/Containers/notify-push/healthcheck.sh
+++ b/Containers/notify-push/healthcheck.sh
@@ -1,7 +0,0 @@
-#!/bin/bash
-
-if ! nc -z "$NEXTCLOUD_HOST" 9001; then
-    exit 0
-fi
-
-nc -z localhost 7867 || exit 1
--- a/Containers/notify-push/start.sh
+++ b/Containers/notify-push/start.sh
@@ -1,57 +0,0 @@
-#!/bin/bash
-
-if [ -z "$NEXTCLOUD_HOST" ]; then
-    echo "NEXTCLOUD_HOST need to be provided. Exiting!"
-    exit 1
-elif [ -z "$POSTGRES_HOST" ]; then
-    echo "POSTGRES_HOST need to be provided. Exiting!"
-    exit 1
-elif [ -z "$REDIS_HOST" ]; then
-    echo "REDIS_HOST need to be provided. Exiting!"
-    exit 1
-fi
-
-# Only start container if nextcloud is accessible
-while ! nc -z "$NEXTCLOUD_HOST" 9001; do
-    echo "Waiting for Nextcloud to start..."
-    sleep 5
-done
-
-# Correctly set CPU_ARCH for notify_push
-CPU_ARCH="$(uname -m)"
-export CPU_ARCH
-if [ -z "$CPU_ARCH" ]; then
-    echo "Could not get processor architecture. Exiting."
-    exit 1
-elif [ "$CPU_ARCH" != "x86_64" ]; then
-    export CPU_ARCH="aarch64"
-fi
-
-# Add warning
-if ! [ -f /nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push ]; then
-    echo "The notify_push binary was not found."
-    echo "Most likely is DNS resolution not working correctly."
-    echo "You can try to fix this by configuring a DNS server globally in dockers daemon.json."
-    echo "See https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html"
-    echo "Afterwards a restart of docker should automatically resolve this."
-    echo "Additionally, make sure to disable VPN software that might be running on your server"
-    echo "Also check your firewall if it blocks connections to github"
-    echo "If it should still not work afterwards, feel free to create a new thread at https://github.com/nextcloud/all-in-one/discussions/new?category=questions and post the Nextcloud container logs there."
-    echo ""
-    echo ""
-    exit 1
-fi
-
-echo "notify-push was started"
-
-# Set sensitive values as env
-export DATABASE_URL="postgres://oc_$POSTGRES_USER:$POSTGRES_PASSWORD@$POSTGRES_HOST/$POSTGRES_DB"
-export REDIS_URL="redis://:$REDIS_HOST_PASSWORD@$REDIS_HOST"
-
-# Run it
-/nextcloud/custom_apps/notify_push/bin/"$CPU_ARCH"/notify_push \
-    --database-prefix="oc_" \
-    --nextcloud-url "https://$NC_DOMAIN" \
-    --port 7867
-
-exec "$@"
--- a/Containers/onlyoffice/Dockerfile
+++ b/Containers/onlyoffice/Dockerfile
@@ -1,8 +1,5 @@
-# syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:8.0.1.1
-
-# USER root is probably used
+FROM onlyoffice/documentserver:7.3.3.49

 HEALTHCHECK CMD nc -z localhost 80 || exit 1
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/postgresql/Dockerfile
+++ b/Containers/postgresql/Dockerfile
@@ -1,43 +1,39 @@
-# syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/postgres/blob/master/15/alpine/Dockerfile
-FROM postgres:15.6-alpine
+FROM postgres:15.2-alpine

-COPY --chmod=775 start.sh /start.sh
-COPY --chmod=775 healthcheck.sh /healthcheck.sh
-COPY --chmod=775 init-user-db.sh /docker-entrypoint-initdb.d/init-user-db.sh
+RUN apk add --no-cache bash openssl shadow grep mawk

-RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache \
-        bash \
-        openssl \
-        shadow \
-        grep; \
-    \
 # We need to use the same gid and uid as on old installations
+RUN set -ex; \
    deluser postgres; \
    groupmod -g 9999 ping; \
    addgroup -g 999 -S postgres; \
-    adduser -u 999 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres; \
-    apk del --no-cache shadow; \
-    \
+    adduser -u 999 -S -D -G postgres -H -h /var/lib/postgresql -s /bin/sh postgres
+
 # Fix default permissions
+RUN set -ex; \
    chown -R postgres:postgres /var/lib/postgresql; \
    chown -R postgres:postgres /var/run/postgresql; \
-    chmod -R 777 /var/run/postgresql; \
-    chown -R postgres:postgres "$PGDATA"; \
-    \
-    mkdir /mnt/data; \
-    chown postgres:postgres /mnt/data; \
-    \
-# Give root a random password
-    echo "root:$(openssl rand -base64 12)" | chpasswd; \
-    apk --no-cache del openssl;
+    chown -R postgres:postgres "$PGDATA"
+
+COPY start.sh /usr/bin/
+COPY healthcheck.sh /usr/bin/
+COPY init-user-db.sh /docker-entrypoint-initdb.d/
+RUN set -ex; \
+    chmod +x /usr/bin/start.sh; \
+    chmod +xr /docker-entrypoint-initdb.d/init-user-db.sh; \
+    chmod +x /usr/bin/healthcheck.sh
+
+RUN mkdir /mnt/data; \
+    chown postgres:postgres /mnt/data;

 VOLUME /mnt/data

-USER postgres
-ENTRYPOINT ["/start.sh"]
+# Give root a random password
+RUN echo "root:$(openssl rand -base64 12)" | chpasswd

-HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+USER postgres
+ENTRYPOINT ["start.sh"]
+
+HEALTHCHECK CMD healthcheck.sh
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/postgresql/start.sh
+++ b/Containers/postgresql/start.sh
@@ -31,7 +31,7 @@ fi
 if [ -f "$DUMP_DIR/initialization.failed" ]; then
    echo "The database initialization failed. Most likely was a wrong timezone selected."
    echo "The selected timezone is '$TZ'." 
-    echo "Please check if it is in the 'TZ identifier' column of the timezone list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"
+    echo "Please check if it is in 'TZ database name' column of the timezone list: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List"
    echo "For further clues on what went wrong, look at the logs above."
    echo "You might start again from scratch by following https://github.com/nextcloud/all-in-one#how-to-properly-reset-the-instance and selecting a proper timezone."
    exit 1
@@ -92,14 +92,14 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO

    # Check if the line we grep for later on is there
    GREP_STRING='Name: oc_appconfig; Type: TABLE; Schema: public; Owner:'
-    if ! grep -qa "$GREP_STRING" "$DUMP_FILE"; then
+    if ! grep -q "$GREP_STRING" "$DUMP_FILE"; then
        echo "The needed oc_appconfig line is not there which is unexpected."
        echo "Please report this to https://github.com/nextcloud/all-in-one/issues. Thanks!"
        exit 1
    fi

    # Get the Owner
-    DB_OWNER="$(grep -a "$GREP_STRING" "$DUMP_FILE" | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g')"
+    DB_OWNER="$(grep "$GREP_STRING" "$DUMP_FILE" | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g')"
    if [ "$DB_OWNER" = "$POSTGRES_USER" ]; then
        echo "Unfortunately was the found database owner of the dump file the same as the POSTGRES_USER $POSTGRES_USER"
        echo "It is not possible to import a database dump from this database owner."
@@ -146,51 +146,32 @@ if ! [ -f "$DATADIR/PG_VERSION" ] && ! [ -f "$DUMP_FILE" ]; then
    rm -rf "${DATADIR:?}/"*
 fi

-# Modify postgresql.conf
-if [ -f "/var/lib/postgresql/data/postgresql.conf" ]; then
-    echo "Setting postgres values..."
-
-    # Sync this with max pm.max_children and MaxRequestWorkers
-    # 5000 connections is apparently the highest possible value with postgres so set it to that so that we don't run into a limit here.
-    # We don't actually expect so many connections but don't want to limit it artificially because people will report issues otherwise
-    # Also connections should usually be closed again after the process is done
-    # If we should actually exceed this limit, it is definitely a bug in Nextcloud server or some of its apps that does not close connections correctly and not a bug in AIO
-    sed -i "s|^max_connections =.*|max_connections = 5000|" "/var/lib/postgresql/data/postgresql.conf"
-
-    # Do not log checkpoints
-    if grep -q "#log_checkpoints" /var/lib/postgresql/data/postgresql.conf; then
-        sed -i 's|#log_checkpoints.*|log_checkpoints = off|' /var/lib/postgresql/data/postgresql.conf
-    fi
-
-    # Closing idling connections automatically seems to break any logic so was reverted again to default where it is disabled
-    if grep -q "^idle_session_timeout" /var/lib/postgresql/data/postgresql.conf; then
-        sed -i 's|^idle_session_timeout.*|#idle_session_timeout|' /var/lib/postgresql/data/postgresql.conf
-    fi
+echo "Setting max connections..."
+MEMORY=$(mawk '/MemTotal/ {printf "%d", $2/1024}' /proc/meminfo)
+MAX_CONNECTIONS=$((MEMORY/50+3))
+if [ -n "$MAX_CONNECTIONS" ]; then
+    sed -i "s|^max_connections =.*|max_connections = $MAX_CONNECTIONS|" "/var/lib/postgresql/data/postgresql.conf"
 fi

-do_database_dump() {
-    set -x
-    rm -f "$DUMP_FILE.temp"
-    touch "$DUMP_DIR/export.failed"
-    if pg_dump --username "$POSTGRES_USER" "$POSTGRES_DB" > "$DUMP_FILE.temp"; then
-        rm -f "$DUMP_FILE"
-        mv "$DUMP_FILE.temp" "$DUMP_FILE"
-        pg_ctl stop -m fast
-        rm "$DUMP_DIR/export.failed"
-        echo 'Database dump successful!'
-        set +x
-        exit 0
-    else
-        pg_ctl stop -m fast
-        echo "Database dump unsuccessful!"
-        set +x
-        exit 1
-    fi
-}
-
 # Catch docker stop attempts
-trap do_database_dump SIGINT SIGTERM
+trap 'true' SIGINT SIGTERM

 # Start the database
 exec docker-entrypoint.sh postgres &
 wait $!
+
+# Continue with shutdown procedure: do database dump, etc.
+rm -f "$DUMP_FILE.temp"
+touch "$DUMP_DIR/export.failed"
+if pg_dump --username "$POSTGRES_USER" "$POSTGRES_DB" > "$DUMP_FILE.temp"; then
+    rm -f "$DUMP_FILE"
+    mv "$DUMP_FILE.temp" "$DUMP_FILE"
+    pg_ctl stop -m fast
+    rm "$DUMP_DIR/export.failed"
+    echo 'Database dump successful!'
+    exit 0
+else
+    pg_ctl stop -m fast
+    echo "Database dump unsuccessful!"
+    exit 1
+fi
--- a/Containers/redis/Dockerfile
+++ b/Containers/redis/Dockerfile
@@ -1,18 +1,16 @@
-# syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/redis/blob/master/7.0/alpine/Dockerfile
-FROM redis:7.2.4-alpine
+FROM redis:7.0.10-alpine

-COPY --chmod=775 start.sh /start.sh
+RUN apk add --no-cache openssl bash
+
+COPY start.sh /usr/bin/
+RUN chmod +x /usr/bin/start.sh

-RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache openssl bash; \
-    \
 # Give root a random password
-    echo "root:$(openssl rand -base64 12)" | chpasswd
+RUN echo "root:$(openssl rand -base64 12)" | chpasswd

 USER redis
-ENTRYPOINT ["/start.sh"]
+ENTRYPOINT ["start.sh"]

 HEALTHCHECK CMD redis-cli -a $REDIS_HOST_PASSWORD PING || exit 1
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/redis/start.sh
+++ b/Containers/redis/start.sh
@@ -8,9 +8,9 @@ fi

 # Run redis with a password if provided
 if [ -n "$REDIS_HOST_PASSWORD" ]; then
-    exec redis-server --requirepass "$REDIS_HOST_PASSWORD" --loglevel warning
+    exec redis-server --requirepass "$REDIS_HOST_PASSWORD"
 else
-    exec redis-server --loglevel warning
+    exec redis-server
 fi

 exec "$@"
--- a/Containers/talk-recording/Dockerfile
+++ b/Containers/talk-recording/Dockerfile
@@ -1,58 +0,0 @@
-# syntax=docker/dockerfile:latest
-FROM python:3.12.3-alpine3.19
-
-COPY --chmod=775 start.sh /start.sh
-
-ENV RECORDING_VERSION v0.1
-ENV ALLOW_ALL false
-ENV HPB_PROTOCOL https
-ENV SKIP_VERIFY false
-ENV HPB_PATH /standalone-signaling/
-
-RUN set -ex; \
-    apk upgrade --no-cache -a; \
-    apk add --no-cache \
-        ca-certificates \
-        tzdata \
-        bash \
-        xvfb \
-        ffmpeg \
-        firefox \
-        bind-tools \
-        netcat-openbsd \
-        git \
-        wget \
-        shadow \
-        pulseaudio \
-        openssl \
-        build-base \
-        linux-headers; \
-    # chromium chromium-chromedriver?
-    apk add --no-cache geckodriver --repository http://dl-cdn.alpinelinux.org/alpine/edge/community; \
-    useradd -d /tmp --system recording; \
-# Give root a random password
-    echo "root:$(openssl rand -base64 12)" | chpasswd; \
-    git clone --recursive https://github.com/nextcloud/nextcloud-talk-recording --depth=1 --single-branch --branch "$RECORDING_VERSION" /src; \
-    python3 -m pip install --no-cache-dir /src; \
-    rm -rf /src; \
-    touch /etc/recording.conf; \
-    chown recording:recording -R \
-        /tmp /etc/recording.conf; \
-    mkdir -p /conf; \
-    chmod 777 /conf; \
-    chmod 777 /tmp; \
-    apk del --no-cache \
-        git \
-        wget \
-        shadow \
-        openssl \
-        build-base \
-        linux-headers;
-
-WORKDIR /tmp
-USER recording
-ENTRYPOINT ["/start.sh"]
-CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/conf/recording.conf"]
-
-HEALTHCHECK CMD nc -z localhost 1234 || exit 1
-LABEL com.centurylinklabs.watchtower.enable="false"
--- a/Containers/talk-recording/recording.conf
+++ b/Containers/talk-recording/recording.conf
@@ -1,123 +0,0 @@
-[logs]
-# Log level based on numeric values of Python logging levels:
-# - Critical: 50
-# - Error:    40
-# - Warning:  30
-# - Info:     20
-# - Debug:    10
-# - Not set:   0
-#level = 20
-
-[http]
-# IP and port to listen on for HTTP requests.
-#listen = 127.0.0.1:8000
-
-[backend]
-# Allow any hostname as backend endpoint. This is extremely insecure and should
-# only be used during development.
-#allowall = false
-
-# Common shared secret for requests from and to the backend servers if
-# "allowall" is enabled. This must be the same value as configured in the
-# Nextcloud admin ui.
-#secret = the-shared-secret
-
-# Comma-separated list of backend ids allowed to connect.
-#backends = backend-id, another-backend
-
-# If set to "true", certificate validation of backend endpoints will be skipped.
-# This should only be enabled during development, e.g. to work with self-signed
-# certificates.
-# Overridable by backend.
-#skipverify = false
-
-# Maximum allowed size in bytes for messages sent by the backend.
-# Overridable by backend.
-#maxmessagesize = 1024
-
-# Width for recorded videos.
-# Overridable by backend.
-#videowidth = 1920
-
-# Height for recorded videos.
-# Overridable by backend.
-#videoheight = 1080
-
-# Temporary directory used to store recordings until uploaded. It must be
-# writable by the user running the recording server.
-# Overridable by backend.
-#directory = /tmp
-
-# Backend configurations as defined in the "[backend]" section above. The
-# section names must match the ids used in "backends" above.
-#[backend-id]
-# URL of the Nextcloud instance
-#url = https://cloud.domain.invalid
-
-# Shared secret for requests from and to the backend servers. This must be the
-# same value as configured in the Nextcloud admin ui.
-#secret = the-shared-secret
-
-#[another-backend]
-# URL of the Nextcloud instance
-#url = https://cloud.otherdomain.invalid
-
-# Shared secret for requests from and to the backend servers. This must be the
-# same value as configured in the Nextcloud admin ui.
-#secret = the-shared-secret
-
-[signaling]
-# Common shared secret for authenticating as an internal client of signaling
-# servers if a specific secret is not set for a signaling server. This must be
-# the same value as configured in the signaling server configuration file.
-#internalsecret = the-shared-secret-for-internal-clients
-
-# Comma-separated list of signaling servers with specific internal secrets.
-#signalings = signaling-id, another-signaling
-
-# Signaling server configurations as defined in the "[signaling]" section above.
-# The section names must match the ids used in "signalings" above.
-#[signaling-id]
-# URL of the signaling server
-#url = https://signaling.domain.invalid
-
-# Shared secret for authenticating as an internal client of signaling servers.
-# This must be the same value as configured in the signaling server
-# configuration file.
-#internalsecret = the-shared-secret-for-internal-clients
-
-#[another-signaling]
-# URL of the signaling server
-#url = https://signaling.otherdomain.invalid
-
-# Shared secret for authenticating as an internal client of signaling servers.
-# This must be the same value as configured in the signaling server
-# configuration file.
-#internalsecret = the-shared-secret-for-internal-clients
-
-[ffmpeg]
-# The ffmpeg executable (name or full path) and the global options given to
-# ffmpeg. The options given here fully override the default global options.
-#common = ffmpeg -loglevel level+warning -n
-
-# The options given to ffmpeg to encode the audio output. The options given here
-# fully override the default options for the audio output.
-#outputaudio = -c:a libopus
-
-# The options given to ffmpeg to encode the video output. The options given here
-# fully override the default options for the video output.
-#outputvideo = -c:v libvpx -deadline:v realtime -crf 10 -b:v 1M
-
-# The extension of the file for audio only recordings.
-#extensionaudio = .ogg
-
-# The extension of the file for audio and video recordings.
-#extensionvideo = .webm
-
-[recording]
-# Browser to use for recordings. Please note that the "chrome" value does not
-# refer to the web browser, but to the Selenium WebDriver. In practice, "chrome"
-# will use Google Chrome, or Chromium if Google Chrome is not installed.
-# Allowed values: firefox, chrome
-# Defaults to firefox
-# browser = firefox
--- a/Containers/talk-recording/start.sh
+++ b/Containers/talk-recording/start.sh
@@ -1,61 +0,0 @@
-#!/bin/bash
-
-# Variables
-if [ -z "$NC_DOMAIN" ]; then
-    echo "You need to provide the NC_DOMAIN."
-    exit 1
-elif [ -z "$RECORDING_SECRET" ]; then
-    echo "You need to provide the RECORDING_SECRET."
-    exit 1
-elif [ -z "$INTERNAL_SECRET" ]; then
-    echo "You need to provide the INTERNAL_SECRET."
-    exit 1
-fi
-
-if [ -z "$HPB_DOMAIN" ]; then
-    export HPB_DOMAIN="$NC_DOMAIN"
-fi
-
-cat << RECORDING_CONF > "/conf/recording.conf"
-[logs]
-# 30 means Warning
-level = 30
-
-[http]
-listen = 0.0.0.0:1234
-
-[backend]
-allowall = ${ALLOW_ALL}
-# The secret below is still needed if allowall is set to true, also it doesn't hurt to be here
-secret = ${RECORDING_SECRET}
-backends = backend-1
-skipverify = ${SKIP_VERIFY}
-maxmessagesize = 1024
-videowidth = 1920
-videoheight = 1080
-directory = /tmp
-
-[backend-1]
-url = ${HPB_PROTOCOL}://${NC_DOMAIN}
-secret = ${RECORDING_SECRET}
-skipverify = ${SKIP_VERIFY}
-
-[signaling]
-signalings = signaling-1
-
-[signaling-1]
-url = ${HPB_PROTOCOL}://${HPB_DOMAIN}${HPB_PATH}
-internalsecret = ${INTERNAL_SECRET}
-
-[ffmpeg]
-# common = ffmpeg -loglevel level+warning -n
-# outputaudio = -c:a libopus
-# outputvideo = -c:v libvpx -deadline:v realtime -crf 10 -b:v 1M
-extensionaudio = .ogg
-extensionvideo = .webm
-
-[recording]
-browser = firefox
-RECORDING_CONF
-
-exec "$@"
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@@ -1,107 +1,71 @@
-# syntax=docker/dockerfile:latest
-FROM nats:2.10.14-scratch as nats
-FROM eturnal/eturnal:1.12.0 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:1.2.4 as signaling
-FROM alpine:3.19.1 as janus
+FROM nats:2.9.15-scratch as nats
+FROM strukturag/nextcloud-spreed-signaling:1.1.2 as signaling
+FROM alpine:3.17.2
+USER root

-ARG JANUS_VERSION=v0.14.2
-WORKDIR /src
-RUN set -ex; \
-    apk add --no-cache \
-        ca-certificates \
-        git \
-        autoconf \
-        automake \
-        build-base \
-        pkgconfig \
-        libtool \
-        util-linux \
-        glib-dev \
-        zlib-dev \
-        openssl-dev \
-        jansson-dev \
-        libnice-dev \
-        libconfig-dev \
-        libsrtp-dev \
-        libusrsctp-dev \
-        gengetopt-dev \
-        libwebsockets-dev; \
-    git clone --recursive https://github.com/meetecho/janus-gateway --depth=1 --single-branch --branch "$JANUS_VERSION" /src; \
-    /src/autogen.sh; \
-    /src/configure --disable-rabbitmq --disable-mqtt --disable-boringssl; \
-    make; \
-    make install; \
-    make configs; \
-    rename -v ".jcfg.sample" ".jcfg" /usr/local/etc/janus/*.jcfg.sample
-
-FROM alpine:3.19.1
-ENV ETURNAL_ETC_DIR="/conf"
-COPY --from=janus     --chmod=777 --chown=1000:1000 /usr/local                          /usr/local
-COPY --from=eturnal   --chmod=777 --chown=1000:1000 /opt/eturnal                        /opt/eturnal
-COPY --from=nats      --chmod=777 --chown=1000:1000 /nats-server                        /usr/local/bin/nats-server
-COPY --from=signaling --chmod=777 --chown=1000:1000 /usr/bin/nextcloud-spreed-signaling /usr/local/bin/nextcloud-spreed-signaling
-
-COPY --chmod=775 start.sh /start.sh
-COPY --chmod=775 healthcheck.sh /healthcheck.sh
-COPY --chmod=664 supervisord.conf /supervisord.conf
+COPY --from=nats /nats-server /usr/local/bin/nats-server
+COPY --from=signaling /usr/bin/nextcloud-spreed-signaling /usr/local/bin/nextcloud-spreed-signaling

 RUN set -ex; \
-    apk upgrade --no-cache -a; \
    apk add --no-cache \
        ca-certificates \
        tzdata \
        bash \
+        coturn \
        openssl \
        supervisor \
        bind-tools \
        netcat-openbsd \
-        \
-        glib \
-        zlib \
-        libssl3 \
-        libcrypto3 \
-        jansson \
-        libnice \
-        libconfig \
-        libsrtp \
-        libusrsctp \
-        libwebsockets \
-        \
        shadow \
-        grep; \
-    useradd --system -u 1000 eturnal; \
+        util-linux \
+        build-base \
+        lua5.3-dev \
+        luarocks5.3; \
+    apk add --no-cache janus-gateway --repository http://dl-cdn.alpinelinux.org/alpine/edge/community; \
+    useradd --system talk; \
+    luarocks-5.3 install luajson; \
+    luarocks-5.3 install ansicolors; \
+    rename -v ".jcfg.sample" ".jcfg" /etc/janus/*.sample; \
    apk del --no-cache \
-        shadow; \
-    \
+        shadow \
+        util-linux \
+        build-base \
+        lua5.3-dev \
+        luarocks5.3;
+
 # Give root a random password
-    echo "root:$(openssl rand -base64 12)" | chpasswd; \
-    \
+RUN echo "root:$(openssl rand -base64 12)" | chpasswd
+
+COPY --chmod=775 start.sh /usr/bin/start.sh
+COPY --chmod=664 supervisord.conf /supervisord.conf
+
+RUN set -ex; \
    touch \
        /etc/nats.conf \
-        /etc/eturnal.yml; \
+        /etc/signaling.conf \
+        /etc/turnserver.conf; \
    echo "listen: 127.0.0.1:4222" | tee /etc/nats.conf; \
    mkdir -p \
        /var/tmp \
-        /conf \
        /var/lib/turn \
        /var/log/supervisord \
-        /var/run/supervisord \
-        /usr/local/lib/janus/loggers; \
-    chown eturnal:eturnal -R \
-        /etc/nats.conf \
-        /var/log/supervisord \
        /var/run/supervisord; \
-    chmod 777 -R \
-        /tmp \
-        /conf \
-        /var/run/supervisord \
-        /var/log/supervisord; \
-    ln -s /opt/eturnal/bin/stun /usr/local/bin/stun; \
-    ln -s /opt/eturnal/bin/eturnalctl /usr/local/bin/eturnalctl
+    chown talk:talk -R \
+        /usr \
+        /etc/janus \
+        /etc/nats.conf \
+        /etc/signaling.conf \
+        /etc/turnserver.conf \
+        /var/lib/turn \
+        /var/log/supervisord \
+        /var/run/supervisord;

-USER eturnal
-ENTRYPOINT ["/start.sh"]
-CMD ["supervisord", "-c", "/supervisord.conf"]
+# Set default talk port https://github.com/nextcloud/all-in-one/issues/1011
+ENV TALK_PORT=3478

-HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+USER talk
+ENTRYPOINT ["start.sh"]
+CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
+
+HEALTHCHECK CMD (nc -z localhost 8081 && nc -z localhost 8188 && nc -z localhost 4222 && nc -z localhost $TALK_PORT) || exit 1
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/Containers/talk/healthcheck.sh
+++ b/Containers/talk/healthcheck.sh
@@ -1,11 +0,0 @@
-#!/bin/bash
-
-nc -z localhost 8081 || exit 1
-nc -z localhost 8188 || exit 1
-nc -z localhost 4222 || exit 1
-nc -z localhost "$TALK_PORT" || exit 1
-eturnalctl status || exit 1
-if ! nc -z "$NC_DOMAIN" "$TALK_PORT"; then
-    echo "Could not reach $NC_DOMAIN on port $TALK_PORT."
-    exit 1
-fi
--- a/Containers/talk/server.conf.in
+++ b/Containers/talk/server.conf.in
@@ -1,319 +0,0 @@
-[http]
-# IP and port to listen on for HTTP requests.
-# Comment line to disable the listener.
-#listen = 127.0.0.1:8080
-
-# HTTP socket read timeout in seconds.
-#readtimeout = 15
-
-# HTTP socket write timeout in seconds.
-#writetimeout = 15
-
-[https]
-# IP and port to listen on for HTTPS requests.
-# Comment line to disable the listener.
-#listen = 127.0.0.1:8443
-
-# HTTPS socket read timeout in seconds.
-#readtimeout = 15
-
-# HTTPS socket write timeout in seconds.
-#writetimeout = 15
-
-# Certificate / private key to use for the HTTPS server.
-certificate = /etc/nginx/ssl/server.crt
-key = /etc/nginx/ssl/server.key
-
-[app]
-# Set to "true" to install pprof debug handlers.
-# See "https://golang.org/pkg/net/http/pprof/" for further information.
-debug = false
-
-# Set to "true" to allow subscribing any streams. This is insecure and should
-# only be enabled for testing. By default only streams of users in the same
-# room and call can be subscribed.
-#allowsubscribeany = false
-
-[sessions]
-# Secret value used to generate checksums of sessions. This should be a random
-# string of 32 or 64 bytes.
-hashkey = the-secret-for-session-checksums
-
-# Optional key for encrypting data in the sessions. Must be either 16, 24 or
-# 32 bytes.
-# If no key is specified, data will not be encrypted (not recommended).
-blockkey = -encryption-key-
-
-[clients]
-# Shared secret for connections from internal clients. This must be the same
-# value as configured in the respective internal services.
-internalsecret = the-shared-secret-for-internal-clients
-
-[backend]
-# Type of backend configuration.
-# Defaults to "static".
-#
-# Possible values:
-# - static: A comma-separated list of backends is given in the "backends" option.
-# - etcd: Backends are retrieved from an etcd cluster.
-#backendtype = static
-
-# For backend type "static":
-# Comma-separated list of backend ids from which clients are allowed to connect
-# from. Each backend will have isolated rooms, i.e. clients connecting to room
-# "abc12345" on backend 1 will be in a different room than clients connected to
-# a room with the same name on backend 2. Also sessions connected from different
-# backends will not be able to communicate with each other.
-#backends = backend-id, another-backend
-
-# For backend type "etcd":
-# Key prefix of backend entries. All keys below will be watched and assumed to
-# contain a JSON document with the following entries:
-# - "url": Url of the Nextcloud instance.
-# - "secret": Shared secret for requests from and to the backend servers.
-#
-# Additional optional entries:
-# - "maxstreambitrate": Maximum bitrate per publishing stream (in bits per second).
-# - "maxscreenbitrate": Maximum bitrate per screensharing stream (in bits per second).
-# - "sessionlimit": Number of sessions that are allowed to connect.
-#
-# Example:
-# "/signaling/backend/one" -> {"url": "https://nextcloud.domain1.invalid", ...}
-# "/signaling/backend/two" -> {"url": "https://domain2.invalid/nextcloud", ...}
-#backendprefix = /signaling/backend
-
-# Allow any hostname as backend endpoint. This is extremely insecure and should
-# only be used while running the benchmark client against the server.
-allowall = false
-
-# Common shared secret for requests from and to the backend servers. Used if
-# "allowall" is enabled or as fallback for individual backends that don't have
-# their own secret set.
-# This must be the same value as configured in the Nextcloud admin ui.
-#secret = the-shared-secret-for-allowall
-
-# Timeout in seconds for requests to the backend.
-timeout = 10
-
-# Maximum number of concurrent backend connections per host.
-connectionsperhost = 8
-
-# If set to "true", certificate validation of backend endpoints will be skipped.
-# This should only be enabled during development, e.g. to work with self-signed
-# certificates.
-#skipverify = false
-
-# For backendtype "static":
-# Backend configurations as defined in the "[backend]" section above. The
-# section names must match the ids used in "backends" above.
-#[backend-id]
-# URL of the Nextcloud instance
-#url = https://cloud.domain.invalid
-
-# Shared secret for requests from and to the backend servers. Leave empty to use
-# the common shared secret from above.
-# This must be the same value as configured in the Nextcloud admin ui.
-#secret = the-shared-secret
-
-# Limit the number of sessions that are allowed to connect to this backend.
-# Omit or set to 0 to not limit the number of sessions.
-#sessionlimit = 10
-
-# The maximum bitrate per publishing stream (in bits per second).
-# Defaults to the maximum bitrate configured for the proxy / MCU.
-#maxstreambitrate = 1048576
-
-# The maximum bitrate per screensharing stream (in bits per second).
-# Defaults to the maximum bitrate configured for the proxy / MCU.
-#maxscreenbitrate = 2097152
-
-#[another-backend]
-# URL of the Nextcloud instance
-#url = https://cloud.otherdomain.invalid
-
-# Shared secret for requests from and to the backend servers. Leave empty to use
-# the common shared secret from above.
-# This must be the same value as configured in the Nextcloud admin ui.
-#secret = the-shared-secret
-
-[nats]
-# Url of NATS backend to use. This can also be a list of URLs to connect to
-# multiple backends. For local development, this can be set to "nats://loopback"
-# to process NATS messages internally instead of sending them through an
-# external NATS backend.
-#url = nats://localhost:4222
-
-[mcu]
-# The type of the MCU to use. Currently only "janus" and "proxy" are supported.
-# Leave empty to disable MCU functionality.
-#type =
-
-# For type "janus": the URL to the websocket endpoint of the MCU server.
-# For type "proxy": a space-separated list of proxy URLs to connect to.
-#url =
-
-# The maximum bitrate per publishing stream (in bits per second).
-# Defaults to 1 mbit/sec.
-# For type "proxy": will be capped to the maximum bitrate configured at the
-# proxy server that is used.
-#maxstreambitrate = 1048576
-
-# The maximum bitrate per screensharing stream (in bits per second).
-# Default is 2 mbit/sec.
-# For type "proxy": will be capped to the maximum bitrate configured at the
-# proxy server that is used.
-#maxscreenbitrate = 2097152
-
-# For type "proxy": timeout in seconds for requests to the proxy server.
-#proxytimeout = 2
-
-# For type "proxy": type of URL configuration for proxy servers.
-# Defaults to "static".
-#
-# Possible values:
-# - static: A space-separated list of proxy URLs is given in the "url" option.
-# - etcd: Proxy URLs are retrieved from an etcd cluster (see below).
-#urltype = static
-
-# If set to "true", certificate validation of proxy servers will be skipped.
-# This should only be enabled during development, e.g. to work with self-signed
-# certificates.
-#skipverify = false
-
-# For type "proxy": the id of the token to use when connecting to proxy servers.
-#token_id = server1
-
-# For type "proxy": the private key for the configured token id to use when
-# connecting to proxy servers.
-#token_key = privkey.pem
-
-# For url type "static": Enable DNS discovery on hostname of configured URL.
-# If the hostname resolves to multiple IP addresses, a connection is established
-# to each of them.
-# Changes to the DNS are monitored regularly and proxy connections are created
-# or deleted as necessary.
-#dnsdiscovery = true
-
-# For url type "etcd": Key prefix of MCU proxy entries. All keys below will be
-# watched and assumed to contain a JSON document. The entry "address" from this
-# document will be used as proxy URL, other contents in the document will be
-# ignored.
-#
-# Example:
-# "/signaling/proxy/server/one" -> {"address": "https://proxy1.domain.invalid"}
-# "/signaling/proxy/server/two" -> {"address": "https://proxy2.domain.invalid"}
-#keyprefix = /signaling/proxy/server
-
-[turn]
-# API key that the MCU will need to send when requesting TURN credentials.
-#apikey = the-api-key-for-the-rest-service
-
-# The shared secret to use for generating TURN credentials. This must be the
-# same as on the TURN server.
-#secret = 6d1c17a7-c736-4e22-b02c-e2955b7ecc64
-
-# A comma-separated list of TURN servers to use. Leave empty to disable the
-# TURN REST API.
-#servers = turn:1.2.3.4:9991?transport=udp,turn:1.2.3.4:9991?transport=tcp
-
-[geoip]
-# License key to use when downloading the MaxMind GeoIP database. You can
-# register an account at "https://www.maxmind.com/en/geolite2/signup" for
-# free. See "https://dev.maxmind.com/geoip/geoip2/geolite2/" for further
-# information.
-# You can also get a free GeoIP database from https://db-ip.com/ without
-# registration. Provide the URL below in this case.
-# Leave empty to disable GeoIP lookups.
-#license =
-
-# Optional URL to download a MaxMind GeoIP database from. Will be generated if
-# "license" is provided above. Can be a "file://" url if a local file should
-# be used. Please note that the database must provide a country field when
-# looking up IP addresses.
-#url =
-
-[geoip-overrides]
-# Optional overrides for GeoIP lookups. The key is an IP address / range, the
-# value the associated country code.
-#127.0.0.1 = DE
-#192.168.0.0/24 = DE
-
-[continent-overrides]
-# Optional overrides for continent mappings. The key is a continent code, the
-# value a comma-separated list of continent codes to map the continent to.
-# Use European servers for clients in Africa.
-#AF = EU
-# Use servers in North Africa for clients in South America.
-#SA = NA
-
-[stats]
-# Comma-separated list of IP addresses that are allowed to access the stats
-# endpoint. Leave empty (or commented) to only allow access from "127.0.0.1".
-#allowed_ips =
-
-[etcd]
-# Comma-separated list of static etcd endpoints to connect to.
-#endpoints = 127.0.0.1:2379,127.0.0.1:22379,127.0.0.1:32379
-
-# Options to perform endpoint discovery through DNS SRV.
-# Only used if no endpoints are configured manually.
-#discoverysrv = example.com
-#discoveryservice = foo
-
-# Path to private key, client certificate and CA certificate if TLS
-# authentication should be used.
-#clientkey = /path/to/etcd-client.key
-#clientcert = /path/to/etcd-client.crt
-#cacert = /path/to/etcd-ca.crt
-
-[grpc]
-# IP and port to listen on for GRPC requests.
-# Comment line to disable the listener.
-#listen = 0.0.0.0:9090
-
-# Certificate / private key to use for the GRPC server.
-# Omit to use unencrypted connections.
-#servercertificate = /path/to/grpc-server.crt
-#serverkey = /path/to/grpc-server.key
-
-# CA certificate that is allowed to issue certificates of GRPC servers.
-# Omit to expect unencrypted connections.
-#serverca = /path/to/grpc-ca.crt
-
-# Certificate / private key to use for the GRPC client.
-# Omit if clients don't need to authenticate on the server.
-#clientcertificate = /path/to/grpc-client.crt
-#clientkey = /path/to/grpc-client.key
-
-# CA certificate that is allowed to issue certificates of GRPC clients.
-# Omit to allow any clients to connect.
-#clientca = /path/to/grpc-ca.crt
-
-# Type of GRPC target configuration.
-# Defaults to "static".
-#
-# Possible values:
-# - static: A comma-separated list of targets is given in the "targets" option.
-# - etcd: Target URLs are retrieved from an etcd cluster.
-#targettype = static
-
-# For target type "static": Comma-separated list of GRPC targets to connect to
-# for clustering mode.
-#targets = 192.168.0.1:9090, 192.168.0.2:9090
-
-# For target type "static": Enable DNS discovery on hostnames of GRPC target.
-# If a hostname resolves to multiple IP addresses, a connection is established
-# to each of them.
-# Changes to the DNS are monitored regularly and GRPC clients are created or
-# deleted as necessary.
-#dnsdiscovery = true
-
-# For target type "etcd": Key prefix of GRPC target entries. All keys below will
-# be watched and assumed to contain a JSON document. The entry "address" from
-# this document will be used as target URL, other contents in the document will
-# be ignored.
-#
-# Example:
-# "/signaling/cluster/grpc/one" -> {"address": "192.168.0.1:9090"}
-# "/signaling/cluster/grpc/two" -> {"address": "192.168.0.2:9090"}
-#targetprefix = /signaling/cluster/grpc
--- a/Containers/talk/start.sh
+++ b/Containers/talk/start.sh
@@ -4,68 +4,55 @@
 if [ -z "$NC_DOMAIN" ]; then
    echo "You need to provide the NC_DOMAIN."
    exit 1
-elif [ -z "$TALK_PORT" ]; then
-    echo "You need to provide the TALK_PORT."
-    exit 1
 elif [ -z "$TURN_SECRET" ]; then
    echo "You need to provide the TURN_SECRET."
    exit 1
 elif [ -z "$SIGNALING_SECRET" ]; then
    echo "You need to provide the SIGNALING_SECRET."
    exit 1
-elif [ -z "$INTERNAL_SECRET" ]; then
-    echo "You need to provide the INTERNAL_SECRET."
-    exit 1
 fi

 set -x
-IPv4_ADDRESS_TALK_RELAY="$(hostname -i | grep -oP '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -1)"
-IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk IN A +short +search | grep '^[0-9.]\+$' | sort | head -n1)"
-IPv6_ADDRESS_TALK="$(dig nextcloud-aio-talk AAAA +short +search | grep '^[0-9a-f:]\+$' | sort | head -n1)"
+IPv4_ADDRESS_TALK="$(dig nextcloud-aio-talk A +short)"
 set +x

-if [ -n "$IPv4_ADDRESS_TALK" ] && [ "$IPv4_ADDRESS_TALK_RELAY" = "$IPv4_ADDRESS_TALK" ]; then
-    IPv4_ADDRESS_TALK=""
-fi
-
 # Turn
-cat << TURN_CONF > "/conf/eturnal.yml"
-eturnal:
-  listen:
-    - ip: "::"
-      port: $TALK_PORT
-      transport: udp
-    - ip: "::"
-      port: $TALK_PORT
-      transport: tcp
-  log_dir: stdout
-  log_level: warning
-  secret: "$TURN_SECRET"
-  relay_ipv4_addr: "$IPv4_ADDRESS_TALK_RELAY"
-  relay_ipv6_addr: "$IPv6_ADDRESS_TALK"
-  blacklist_peers:
-  - recommended
-  whitelist_peers:
-  - 127.0.0.1
-  - ::1
-  - "$IPv4_ADDRESS_TALK_RELAY"
-  - "$IPv4_ADDRESS_TALK"
-  - "$IPv6_ADDRESS_TALK"
+cat << TURN_CONF > "/etc/turnserver.conf"
+listening-port=$TALK_PORT
+fingerprint
+lt-cred-mech
+use-auth-secret
+static-auth-secret=$TURN_SECRET
+realm=$NC_DOMAIN
+total-quota=0
+bps-capacity=0
+stale-nonce
+no-multicast-peers
+simple-log
+pidfile=/var/tmp/turnserver.pid
+no-tls
+no-dtls
+userdb=/var/lib/turn/turndb
+# Based on https://nextcloud-talk.readthedocs.io/en/latest/TURN/#turn-server-and-internal-networks
+allowed-peer-ip=$IPv4_ADDRESS_TALK
+denied-peer-ip=0.0.0.0-0.255.255.255
+denied-peer-ip=10.0.0.0-10.255.255.255
+denied-peer-ip=100.64.0.0-100.127.255.255
+denied-peer-ip=127.0.0.0-127.255.255.255
+denied-peer-ip=169.254.0.0-169.254.255.255
+denied-peer-ip=172.16.0.0-172.31.255.255
+denied-peer-ip=192.0.0.0-192.0.0.255
+denied-peer-ip=192.0.2.0-192.0.2.255
+denied-peer-ip=192.88.99.0-192.88.99.255
+denied-peer-ip=192.168.0.0-192.168.255.255
+denied-peer-ip=198.18.0.0-198.19.255.255
+denied-peer-ip=198.51.100.0-198.51.100.255
+denied-peer-ip=203.0.113.0-203.0.113.255
+denied-peer-ip=240.0.0.0-255.255.255.255
 TURN_CONF

-# Remove empty lines so that the config is not invalid
-sed -i '/""/d' /conf/eturnal.yml
-
-if [ -z "$TALK_MAX_STREAM_BITRATE" ]; then
-    TALK_MAX_STREAM_BITRATE=1048576
-fi
-
-if [ -z "$TALK_MAX_SCREEN_BITRATE" ]; then
-    TALK_MAX_SCREEN_BITRATE=2097152
-fi
-
 # Signling
-cat << SIGNALING_CONF > "/conf/signaling.conf"
+cat << SIGNALING_CONF > "/etc/signaling.conf"
 [http]
 listen = 0.0.0.0:8081

@@ -77,7 +64,7 @@ hashkey = $(openssl rand -hex 16)
 blockkey = $(openssl rand -hex 16)

 [clients]
-internalsecret = ${INTERNAL_SECRET}
+internalsecret = $(openssl rand -hex 16)

 [backend]
 backends = backend-1
@@ -88,8 +75,6 @@ connectionsperhost = 8
 [backend-1]
 url = https://${NC_DOMAIN}
 secret = ${SIGNALING_SECRET}
-maxstreambitrate = ${TALK_MAX_STREAM_BITRATE}
-maxscreenbitrate = ${TALK_MAX_SCREEN_BITRATE}

 [nats]
 url = nats://127.0.0.1:4222
@@ -97,8 +82,6 @@ url = nats://127.0.0.1:4222
 [mcu]
 type = janus
 url = ws://127.0.0.1:8188
-maxstreambitrate = ${TALK_MAX_STREAM_BITRATE}
-maxscreenbitrate = ${TALK_MAX_SCREEN_BITRATE}
 SIGNALING_CONF

 exec "$@"
--- a/Containers/talk/supervisord.conf
+++ b/Containers/talk/supervisord.conf
@@ -1,5 +1,6 @@
 [supervisord]
 nodaemon=true
+nodaemon=true
 logfile=/var/log/supervisord/supervisord.log
 pidfile=/var/run/supervisord/supervisord.pid
 childlogdir=/var/log/supervisord/
@@ -7,12 +8,12 @@ logfile_maxbytes=50MB
 logfile_backups=10                              
 loglevel=error

-[program:eturnal]
+[program:turnserver]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=eturnalctl foreground
+command=turnserver -c /etc/turnserver.conf

 [program:nats-server]
 stdout_logfile=/dev/stdout
@@ -26,12 +27,11 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-# debug-level 3 means warning
-command=janus --config=/usr/local/etc/janus/janus.jcfg --disable-colors --log-stdout --full-trickle --debug-level 3
+command=janus --config=/etc/janus/janus.jcfg --disable-colors --log-stdout

 [program:signaling]
 stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=nextcloud-spreed-signaling -config /conf/signaling.conf
+command=nextcloud-spreed-signaling -config /etc/signaling.conf
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@@ -1,18 +1,14 @@
-# syntax=docker/dockerfile:latest
 # From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
-FROM containrrr/watchtower:1.7.1 as watchtower
+FROM containrrr/watchtower:1.5.3 as watchtower

-FROM alpine:3.19.1
+FROM alpine:3.17.2

-RUN apk upgrade --no-cache -a; \
-    apk add --no-cache bash
+RUN apk add --no-cache bash
+COPY --from=watchtower /watchtower /

-COPY --from=watchtower /watchtower /watchtower
+COPY start.sh /
+RUN chmod +x /start.sh

-COPY --chmod=775 start.sh /start.sh
-
-# hadolint ignore=DL3002
 USER root
-
 ENTRYPOINT ["/start.sh"]
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.monitor-only="true"
--- a/app/appinfo/info.xml
+++ b/app/appinfo/info.xml
@@ -2,10 +2,10 @@
 <info xmlns:xsi= "http://www.w3.org/2001/XMLSchema-instance"
 	  xsi:noNamespaceSchemaLocation="https://apps.nextcloud.com/schema/apps/info.xsd">
 	<id>nextcloud-aio</id>
-	<name>Nextcloud All-in-One</name>
+	<name>Nextcloud All In One</name>
 	<summary>Provides a login link for admins.</summary>
-	<description>Add a link to the admin settings that gives access to the Nextcloud All-in-One admin interface</description>
-	<version>0.5.0</version>
+	<description>Add a link to the admin settings that gives access to the Nextcloud All In One admin interface</description>
+	<version>0.3.0</version>
 	<licence>agpl</licence>
 	<author>Azul</author>
 	<namespace>AllInOne</namespace>
@@ -13,7 +13,7 @@
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="27" max-version="28"/>
+		<nextcloud min-version="24" max-version="25"/>
 	</dependencies>

 	<settings>
--- a/app/lib/Settings/Admin.php
+++ b/app/lib/Settings/Admin.php
@@ -78,6 +78,6 @@ class Admin implements ISettings {
 	 * E.g.: 70
 	 */
 	public function getPriority(): int {
-		return 0;
+		return 5;
 	}
 }
--- a/app/templates/admin.php
+++ b/app/templates/admin.php
@@ -10,7 +10,6 @@ declare(strict_types=1);
 */
 	/** @var array $_ */ ?>
 <div id="allinone" class="section">
-	<h2><?php p($l->t('Nextcloud All-in-One'));?></h2>
-	<a href="<?php p($_['AIOLoginUrl']);?>" class="button" target="_blank" rel="noopener">Open Nextcloud AIO Interface ↗</a><br><br>
-	<p><a href="https://github.com/nextcloud/all-in-one#how-to-easily-log-in-to-the-aio-interface">Click here for more infos on this feature (e.g. also on how to change the link in the button)</a></p>
+	<h2><?php p($l->t('Nextcloud All In One'));?></h2>
+	<a href="<?php p($_['AIOLoginUrl']);?>" class="button" target="_blank" rel="noopener">Open Nextcloud AIO Interface ↗</a>
 </div>
--- a/community-containers/caddy/caddy.json
+++ b/community-containers/caddy/caddy.json
@@ -1,52 +0,0 @@
-{
-    "aio_services_v1": [
-        {
-            "container_name": "nextcloud-aio-caddy",
-            "display_name": "Caddy with geoblocking",
-            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy",
-            "image": "szaimen/aio-caddy",
-            "image_tag": "v1",
-            "internal_port": "443",
-            "restart": "unless-stopped",
-            "ports": [
-                {
-                  "ip_binding": "",
-                  "port_number": "443",
-                  "protocol": "tcp"
-                },
-                {
-                    "ip_binding": "",
-                    "port_number": "443",
-                    "protocol": "udp"
-                }
-            ],
-            "environment": [
-                "TZ=%TIMEZONE%",
-                "NC_DOMAIN=%NC_DOMAIN%",
-                "APACHE_PORT=%APACHE_PORT%"
-            ],
-            "volumes": [
-                {
-                    "source": "nextcloud_aio_caddy",
-                    "destination": "/data",
-                    "writeable": true
-                },
-                {
-                    "source": "%NEXTCLOUD_DATADIR%",
-                    "destination": "/nextcloud",
-                    "writeable": false
-                }
-            ],
-            "aio_variables": [
-                "apache_ip_binding=127.0.0.1",
-                "apache_port=11000"
-            ],
-            "nextcloud_exec_commands": [
-                "mkdir '/mnt/ncdata/admin/files/nextcloud-aio-caddy'",
-                "touch '/mnt/ncdata/admin/files/nextcloud-aio-caddy/allowed-countries.txt'",
-                "echo 'Scanning nextcloud-aio-caddy folder for admin user...'",
-                "php /var/www/html/occ files:scan --path='/admin/files/nextcloud-aio-caddy'"
-            ]
-        }
-    ]
-}
--- a/community-containers/caddy/readme.md
+++ b/community-containers/caddy/readme.md
@@ -1,17 +0,0 @@
-## Caddy with geoblocking
-This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on `media.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap by listening on `ldap.$NC_DOMAIN`, if installed.
-
-### Notes
- This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
- Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
- If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart, make sure that you point `mail.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for stalwart.
- After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
- You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup.
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
-
-### Repository
-https://github.com/szaimen/aio-caddy
-
-### Maintainer
-https://github.com/szaimen
--- a/community-containers/dlna/dlna.json
+++ b/community-containers/dlna/dlna.json
@@ -1,39 +0,0 @@
-{
-    "aio_services_v1": [
-        {
-            "container_name": "nextcloud-aio-dlna",
-            "display_name": "DLNA",
-            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/dlna",
-            "image": "thanek/nextcloud-dlna",
-            "image_tag": "latest",
-            "internal_port": "host",
-            "restart": "unless-stopped",
-            "depends_on": [
-                "nextcloud-aio-database"
-            ],
-            "environment": [
-                "NC_DOMAIN=%NC_DOMAIN%",
-                "NC_PORT=443",
-                "NEXTCLOUD_DLNA_SERVER_PORT=9999",
-                "NEXTCLOUD_DLNA_FRIENDLY_NAME=nextcloud-aio",
-                "NEXTCLOUD_DATA_DIR=/data",
-                "NEXTCLOUD_DB_TYPE=postgres",
-                "NEXTCLOUD_DB_HOST=%AIO_DATABASE_HOST%",
-                "NEXTCLOUD_DB_PORT=5432",
-                "NEXTCLOUD_DB_NAME=nextcloud_database",
-                "NEXTCLOUD_DB_USER=oc_nextcloud",
-                "NEXTCLOUD_DB_PASS=%DATABASE_PASSWORD%"
-            ],
-            "secrets": [
-                "DATABASE_PASSWORD"
-            ],
-            "volumes": [
-                {
-                    "source": "%NEXTCLOUD_DATADIR%",
-                    "destination": "/data",
-                    "writeable": false
-                }
-            ]
-        }
-    ]
-}
--- a/community-containers/dlna/readme.md
+++ b/community-containers/dlna/readme.md
@@ -1,15 +0,0 @@
-## DLNA server
-This container bundles DLNA server for your Nextcloud files to be accessible by the clients in your local network. Simply run the container and look for a new media server `nextcloud-aio` in your local network.
-
-### Notes
- This container will work only if the Nextcloud installation is in your home network, it is not suitable for installations on remote servers.
- This is not working with Docker Desktop since it requires the `host` networking mode in docker, and it doesn't really share the host's network interfaces in this system
- If you have a firewall like ufw configured, you might need to open at least port 9999 TCP and 1900 UDP first in order to make it work.
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
-
-### Repository
-https://github.com/thanek/nextcloud-dlna
-
-### Maintainer
-https://github.com/thanek
-
--- a/community-containers/facerecognition/facerecognition.json
+++ b/community-containers/facerecognition/facerecognition.json
@@ -1,35 +0,0 @@
-{
-    "aio_services_v1": [
-        {
-            "container_name": "nextcloud-aio-facerecognition",
-            "display_name": "Computing container for facerecognition",
-            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/facerecognition",
-            "image": "matiasdelellis/facerecognition-external-model",
-            "image_tag": "v1",
-            "internal_port": "5000",
-            "restart": "unless-stopped",
-            "environment": [
-                "TZ=%TIMEZONE%",
-                "API_KEY=some-super-secret-api-key"
-            ],
-            "aio_variables": [
-                "nextcloud_memory_limit=4096M"
-            ],
-            "nextcloud_exec_commands": [
-                "php /var/www/html/occ app:install facerecognition",
-                "php /var/www/html/occ app:enable facerecognition", 
-                "php /var/www/html/occ config:system:set facerecognition.external_model_url --value nextcloud-aio-facerecognition:5000",
-                "php /var/www/html/occ config:system:set facerecognition.external_model_api_key --value some-super-secret-api-key",
-                "php /var/www/html/occ face:setup -m 5",
-                "php /var/www/html/occ face:setup -M 4G",
-                "php /var/www/html/occ config:app:set facerecognition analysis_image_area --value 4320000",
-                "php /var/www/html/occ config:system:set enabledFaceRecognitionMimetype 0 --value image/jpeg",
-                "php /var/www/html/occ config:system:set enabledFaceRecognitionMimetype 1 --value image/png",
-                "php /var/www/html/occ config:system:set enabledFaceRecognitionMimetype 2 --value image/heic",
-                "php /var/www/html/occ config:system:set enabledFaceRecognitionMimetype 3 --value image/tiff",
-                "php /var/www/html/occ config:system:set enabledFaceRecognitionMimetype 4 --value image/webp",
-                "php /var/www/html/occ face:background_job --defer-clustering &"
-            ]
-        }
-    ]
-}
--- a/community-containers/facerecognition/readme.md
+++ b/community-containers/facerecognition/readme.md
@@ -1,31 +0,0 @@
-## Facerecognition
-This container bundles the external model of facerecognition and auto-configures it for you.
-
-### Notes
- This container needs imaginary in order to analyze modern file format images. Make sure to enable imaginary in the AIO interface before adding this container.
- Facerecognition is by default disabled for all users, if you want to enable facerecognition for all users, you can run the following before adding this container:
-    ```bash
-    # Go into the container
-    sudo docker exec --user www-data -it nextcloud-aio-nextcloud bash
-    ```
-    Now inside the container:
-    ```bash
-    NC_USERS_NEW=$(php occ user:list | sed 's|^  - ||g' | sed 's|:.*||')
-    mapfile -t NC_USERS_NEW <<< "$NC_USERS_NEW"
-    for user in "${NC_USERS_NEW[@]}"
-    do
-        php occ user:setting "$user" facerecognition full_image_scan_done false
-        php occ user:setting "$user" facerecognition enabled true
-    done
-
-    # Exit the container shell
-    exit
-    ```
- If facerecognition shall analyze shared files & folders (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_shared_files --value true`), groupfolders (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_group_files --value true`) and/or external storages (`sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:app:set facerecognition handle_external_files --value true`) in Nextcloud, you need to enable support for it manually first by running the mentioned commands before adding this container. See https://github.com/matiasdelellis/facerecognition/wiki/Settings#hidden-settings for further notes on each of these settings.
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
-
-### Repository
-https://github.com/matiasdelellis/facerecognition-external-model
-
-### Maintainer
-https://github.com/matiasdelellis
--- a/community-containers/fail2ban/fail2ban.json
+++ b/community-containers/fail2ban/fail2ban.json
@@ -1,32 +0,0 @@
-{
-    "aio_services_v1": [
-        {
-            "container_name": "nextcloud-aio-fail2ban",
-            "display_name": "Fail2ban",
-            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/fail2ban",
-            "image": "szaimen/aio-fail2ban",
-            "image_tag": "v1",
-            "internal_port": "host",
-            "restart": "unless-stopped",
-            "cap_add": [
-                "NET_ADMIN",
-                "NET_RAW"
-            ],
-            "environment": [
-                "TZ=%TIMEZONE%"
-            ],
-            "volumes": [
-                {
-                    "source": "nextcloud_aio_nextcloud",
-                    "destination": "/nextcloud",
-                    "writeable": false
-                },
-                {
-                    "source": "nextcloud_aio_vaultwarden_logs",
-                    "destination": "/vaultwarden",
-                    "writeable": false
-                }
-            ]
-        }
-    ]
-}
--- a/community-containers/fail2ban/readme.md
+++ b/community-containers/fail2ban/readme.md
@@ -1,14 +0,0 @@
-## Fail2ban
-This container bundles fail2ban and auto-configures it for you in order to block ip-addresses automatically. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, if installed.
-
-### Notes
- This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
- If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.
- If you get an error like  `stderr: 'iptables: No chain/target/match by that name.'` and `stderr: 'ip6tables: No chain/target/match by that name.'`, you need to follow https://github.com/szaimen/aio-fail2ban/issues/9#issuecomment-2026898790 in order to resolve this.
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
-
-### Repository
-https://github.com/szaimen/aio-fail2ban
-
-### Maintainer
-https://github.com/szaimen
--- a/community-containers/jellyfin/jellyfin.json
+++ b/community-containers/jellyfin/jellyfin.json
@@ -1,39 +0,0 @@
-{
-    "aio_services_v1": [
-        {
-            "container_name": "nextcloud-aio-jellyfin",
-            "display_name": "Jellyfin",
-            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin",
-            "image": "jellyfin/jellyfin",
-            "image_tag": "latest",
-            "internal_port": "host",
-            "restart": "unless-stopped",
-            "environment": [
-                "TZ=%TIMEZONE%"
-            ],
-            "volumes": [
-                {
-                    "source": "nextcloud_aio_jellyfin",
-                    "destination": "/config",
-                    "writeable": true
-                },
-                {
-                    "source": "%NEXTCLOUD_DATADIR%",
-                    "destination": "/media",
-                    "writeable": false
-                },
-                {
-                    "source": "%NEXTCLOUD_MOUNT%",
-                    "destination": "%NEXTCLOUD_MOUNT%",
-                    "writeable": false
-                }
-            ],
-            "devices": [
-                "/dev/dri"
-            ],
-            "backup_volumes": [
-                "nextcloud_aio_jellyfin"
-            ]
-        }
-    ]
-}
--- a/community-containers/jellyfin/readme.md
+++ b/community-containers/jellyfin/readme.md
@@ -1,20 +0,0 @@
-## Jellyfin
-This container bundles Jellyfin and auto-configures it for you.
-
-### Notes
- This container is incompatible with the [Plex](https://github.com/nextcloud/all-in-one/tree/main/community-containers/plex) community container. So make sure that you do not enable both at the same time!
- This container does not work on Docker Desktop since it needs `network_mode: host` in order to work correctly.
- After adding and starting the container, you can directly visit http://ip.address.of.server:8096/ and access your new Jellyfin instance!
- This container should usually only be run in home networks as it exposes unencrypted services like DLNA by default which can be disabld via the web interface though.
- In order to access your Jellyfin outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) and [Jellyfin's networking documentation](https://jellyfin.org/docs/general/networking/#running-jellyfin-behind-a-reverse-proxy), OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `media.$NC_DOMAIN` to redirect to your Jellyfin.
- ⚠️ After the initial start, Jellyfin shows a configuration page to set up the root password, etc. **Be careful to initialize your Jellyfin before adding the DNS record.**
- If you have a firewall like ufw configured, you might need to open all Jellyfin ports in there first in order to make it work. Especially port 8096 is important!
- The data of Jellyfin will be automatically included in AIO's backup solution!
- See [here](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) how to add it to the AIO stack.
-
-
-### Repository
-https://github.com/jellyfin/jellyfin
-
-### Maintainer
-https://github.com/airopi
--- a/community-containers/libretranslate/libretranslate.json
+++ b/community-containers/libretranslate/libretranslate.json
@@ -1,34 +0,0 @@
-{
-    "aio_services_v1": [
-        {
-            "container_name": "nextcloud-aio-libretranslate",
-            "display_name": "LibreTranslate",
-            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/libretranslate",
-            "image": "szaimen/aio-libretranslate",
-            "image_tag": "v1",
-            "internal_port": "5000",
-            "restart": "unless-stopped",
-            "environment": [
-                "TZ=%TIMEZONE%"
-            ],
-            "volumes": [
-                {
-                    "source": "nextcloud_aio_libretranslate_db",
-                    "destination": "/app/db",
-                    "writeable": true
-                },
-                {
-                    "source": "nextcloud_aio_libretranslate_models",
-                    "destination": "/home/libretranslate/.local",
-                    "writeable": true
-                }
-            ],
-            "nextcloud_exec_commands": [
-                "php /var/www/html/occ app:install integration_libretranslate",
-                "php /var/www/html/occ app:enable integration_libretranslate",
-                "php /var/www/html/occ config:app:set integration_libretranslate host --value='http://nextcloud-aio-libretranslate'",
-                "php /var/www/html/occ config:app:set integration_libretranslate port --value='5000'"
-            ]
-        }
-    ]
-}
--- a/community-containers/libretranslate/readme.md
+++ b/community-containers/libretranslate/readme.md
@@ -1,17 +0,0 @@
-## LibreTranslate
-This container bundles LibreTranslate and auto-configures it for you.
-
-### Notes
- After the initial startup is done, you might want to change the default language to translate from and to via:
-```bash
-# Adjust the values `en` and `de` in commands below accordingly
-sudo docker exec --user www-data nextcloud-aio-nextcloud php occ config:app:set integration_libretranslate from_lang --value="en"
-sudo docker exec --user www-data nextcloud-aio-nextcloud php occ config:app:set integration_libretranslate to_lang --value="de"
-```
- See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
-
-### Repository
-https://github.com/szaimen/aio-libretranslate
-
-### Maintainer
-https://github.com/szaimen
--- a/community-containers/lldap/lldap.json
+++ b/community-containers/lldap/lldap.json
@@ -1,46 +0,0 @@
-{
-  "aio_services_v1": [
-    {
-      "container_name": "nextcloud-aio-lldap",
-      "display_name": "Light LDAP implementation",
-      "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/lldap",
-      "image": "lldap/lldap",
-      "image_tag": "v0-alpine",
-      "internal_port": "17170",
-      "restart": "unless-stopped",
-      "ports": [
-        {
-          "ip_binding": "%APACHE_IP_BINDING%",
-          "port_number": "17170",
-          "protocol": "tcp"
-        }
-      ],
-      "environment": [
-        "TZ=%TIMEZONE%",
-        "UID=65534",
-        "GID=65534",
-        "LLDAP_JWT_SECRET=%LLDAP_JWT_SECRET%",
-        "LLDAP_LDAP_USER_PASS=%LLDAP_LDAP_USER_PASS%",
-        "LLDAP_LDAP_BASE_DN=%NC_BASE_DN%"
-      ],
-      "secrets": [
-        "LLDAP_JWT_SECRET",
-        "LLDAP_LDAP_USER_PASS"
-      ],
-      "volumes": [
-        {
-          "source": "nextcloud_aio_lldap",
-          "destination": "/data",
-          "writeable": true
-        }
-      ],
-      "backup_volumes": [
-        "nextcloud_aio_lldap"
-      ],
-      "nextcloud_exec_commands": [
-        "php /var/www/html/occ app:install user_ldap",
-        "php /var/www/html/occ app:enable user_ldap"
-      ]
-    }
-  ]
-}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
szaimen	6063db801c	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2026-05-16 07:26:45 +00:00
szaimen	22da7408a5	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2026-05-13 14:10:42 +00:00
Simon L.	8423dc785a	Revert "Update index.yaml" This reverts commit `4dd278bab9`.	2026-05-13 16:07:06 +02:00
Simon L.	cbf558f01c	Revert "Update index.yaml" This reverts commit `a28409c858`.	2026-05-13 16:07:00 +02:00
szaimen	a28409c858	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2026-05-13 09:19:47 +00:00
szaimen	4dd278bab9	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2026-05-13 09:18:29 +00:00
szaimen	4c47dddc2e	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2026-04-09 09:59:15 +00:00
szaimen	9d754ec537	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2026-03-06 08:18:33 +00:00
szaimen	0ba0ace5e1	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2026-02-18 12:44:05 +00:00
szaimen	30fffcba07	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2026-02-11 14:28:44 +00:00
szaimen	ae86b688f6	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2026-01-22 14:27:34 +00:00
szaimen	7460e78e98	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2026-01-14 11:56:43 +00:00
szaimen	ad2d53180b	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-12-18 10:02:56 +00:00
szaimen	b7730b46a6	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-12-10 13:41:10 +00:00
szaimen	4fb6b0d57b	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-11-28 09:00:14 +00:00
szaimen	c7afd4f90e	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-10-31 12:29:07 +00:00
szaimen	b470a6051a	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-10-15 08:44:28 +00:00
szaimen	3a298076ba	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-09-27 08:19:20 +00:00
szaimen	0662e57d9b	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-09-18 09:33:41 +00:00
szaimen	3defa4967f	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-09-05 10:15:50 +00:00
szaimen	4b19f4c0a3	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-08-22 11:38:12 +00:00
szaimen	c2ba3481a6	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-08-11 12:03:26 +00:00
szaimen	6aafc753d4	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-07-17 09:31:27 +00:00
szaimen	206fbf8422	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-07-10 08:55:03 +00:00
szaimen	ac966412cf	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-07-01 11:54:02 +00:00
szaimen	e64121a977	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-06-19 08:34:22 +00:00
szaimen	ff22ab211f	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-06-10 12:35:00 +00:00
szaimen	33a917c163	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-05-26 13:29:23 +00:00
Simon L.	f4dd1cf5d0	Revert "Update index.yaml" This reverts commit `0b5e8110c1`.	2025-05-26 15:28:04 +02:00
szaimen	0b5e8110c1	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-05-26 12:47:42 +00:00
szaimen	2d00da6012	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-05-12 08:47:50 +00:00
szaimen	3692457b00	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-04-24 09:59:17 +00:00
szaimen	0bd1512549	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-04-17 08:58:40 +00:00
szaimen	136f1c884e	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-04-08 08:22:21 +00:00
szaimen	72b6e60400	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-03-31 08:47:04 +00:00
szaimen	be6c5d3714	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-03-25 09:47:09 +00:00
szaimen	cb07f18cc8	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-03-06 09:46:09 +00:00
szaimen	fdaf675dd1	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-02-25 13:01:03 +00:00
szaimen	4e1c8dd95e	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-02-04 11:04:54 +00:00
szaimen	a4915339ad	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-01-22 10:12:10 +00:00
szaimen	52a19f75f7	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-01-14 10:47:51 +00:00
szaimen	8cc9d73d93	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2025-01-06 11:07:45 +00:00
szaimen	ad61683b8d	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-12-16 14:06:57 +00:00
szaimen	8a8b0721ef	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-12-16 12:48:12 +00:00
szaimen	1ee210b481	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-12-16 10:50:19 +00:00
szaimen	1274ebd000	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-12-03 14:16:27 +00:00
szaimen	b1c38e03c9	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-11-26 10:17:01 +00:00
szaimen	fdf4e5dc4a	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-11-06 15:32:42 +00:00
szaimen	0d6cabc3ba	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-10-17 09:57:05 +00:00
szaimen	cc0923c84d	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-09-25 08:27:20 +00:00
szaimen	cb2a69f32f	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-09-14 06:46:11 +00:00
Simon L.	614a9b97be	Revert "Update index.yaml" This reverts commit `e235a9dd46`.	2024-08-19 15:08:12 +02:00
szaimen	e235a9dd46	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-08-19 13:03:18 +00:00
szaimen	b8b0ad99c8	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-08-08 09:10:12 +00:00
szaimen	2e28033838	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-07-25 07:48:24 +00:00
szaimen	cd08be3551	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-07-18 06:49:41 +00:00
szaimen	57e3e5c66f	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-07-01 09:24:12 +00:00
szaimen	9e309e97e8	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-06-17 09:03:01 +00:00
szaimen	2b2d1ce764	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-06-06 08:02:39 +00:00
Simon L.	e6dadecd15	Revert "Update index.yaml" This reverts commit `19a221205d`.	2024-05-21 15:05:09 +02:00
szaimen	19a221205d	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-05-21 12:11:59 +00:00
szaimen	5ecb856959	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-05-02 10:52:50 +00:00
szaimen	c2761f24f5	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-04-24 10:17:55 +00:00
szaimen	1adf679e18	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-04-11 12:10:05 +00:00
szaimen	73563b69b6	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-04-04 09:38:02 +00:00
szaimen	e4034ac013	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-04-04 09:26:34 +00:00
szaimen	060f6aeb1f	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-03-26 13:20:18 +00:00
szaimen	9326394386	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-03-21 08:11:15 +00:00
szaimen	88da974922	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-03-08 09:36:30 +00:00
szaimen	a41ca6c341	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-02-28 19:30:19 +00:00
szaimen	cc5129c6b3	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-02-28 11:31:05 +00:00
szaimen	7cf0b6437c	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-02-23 18:58:07 +00:00
szaimen	a2cc883d9a	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-02-01 14:53:58 +00:00
szaimen	365a4dab8a	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-02-01 12:57:41 +00:00
Simon L	39b9765f52	Revert "Update index.yaml" This reverts commit `63165d1910`.	2024-02-01 13:40:09 +01:00
szaimen	63165d1910	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-02-01 12:37:03 +00:00
szaimen	c722eae2b1	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-01-24 12:26:17 +00:00
szaimen	5761af59f8	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-01-17 09:01:07 +00:00
szaimen	542277a615	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2024-01-09 12:32:52 +00:00
szaimen	dec906e92b	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-12-20 15:40:32 +00:00
szaimen	9021b608b4	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-12-12 12:02:53 +00:00
szaimen	8697e39be0	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-12-07 12:22:35 +00:00
szaimen	873aba9cf7	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-12-07 11:35:38 +00:00
szaimen	5990aaa8d8	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-12-07 08:23:56 +00:00
szaimen	b01a999081	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-30 08:20:39 +00:00
szaimen	bb4c1954a0	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-23 18:37:06 +00:00
szaimen	cf83598dc5	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-23 14:29:04 +00:00
szaimen	b2d35138ea	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-23 11:08:33 +00:00
szaimen	378ddfffa4	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-23 09:57:20 +00:00
szaimen	c73a6d77e7	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-23 08:48:20 +00:00
szaimen	3f56b3b710	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-21 18:10:38 +00:00
szaimen	a6108e394b	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-21 15:41:33 +00:00
szaimen	d03d413060	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-21 10:46:03 +00:00
szaimen	98bcc39683	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-17 10:03:32 +00:00
szaimen	8861c16685	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-16 20:38:57 +00:00
szaimen	47f81a40f9	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-13 13:26:34 +00:00
szaimen	ea6383f4d9	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-13 13:11:06 +00:00
szaimen	47dc35a60c	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-13 13:05:29 +00:00
szaimen	a04d40db8a	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-08 10:30:24 +00:00
szaimen	17ee039b6a	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-06 20:47:57 +00:00
szaimen	8ef2ca3064	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-06 15:09:33 +00:00
szaimen	6264490965	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-06 15:09:08 +00:00
szaimen	6de6549f18	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-06 15:08:12 +00:00
szaimen	2733056d0d	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-06 15:07:48 +00:00
szaimen	da012b4c21	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-11-06 13:28:53 +00:00
szaimen	2d0dfe5ef0	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-10-30 13:08:41 +00:00
szaimen	8e01eb665a	Publishing chart package for helm-chart-7.5.1 Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-10-30 13:08:39 +00:00
szaimen	f8c0737350	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-10-27 11:27:53 +00:00
szaimen	8260b7f745	Publishing chart package for helm-chart-7.5.0 Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-10-27 11:27:52 +00:00
szaimen	41ba7cc1c6	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-10-16 08:27:09 +00:00
szaimen	be4e99f61c	Publishing chart package for helm-chart-7.4.1 Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-10-16 08:27:07 +00:00
szaimen	adbebb4a4c	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-09-16 12:40:49 +00:00
szaimen	f12e5b244e	Publishing chart package for helm-chart-7.2.1 Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-09-16 12:40:48 +00:00
szaimen	fd31fc0a32	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-09-12 08:55:15 +00:00
szaimen	1a6a7acce6	Publishing chart package for helm-chart-7.1.1 Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-09-12 08:55:13 +00:00
szaimen	30778fcc07	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-08-17 07:28:19 +00:00
szaimen	17f71a128c	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-07-28 09:41:57 +00:00
szaimen	e72bfd6c34	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-07-20 14:07:23 +00:00
szaimen	b32a8230cb	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-06-26 10:34:47 +00:00
szaimen	564a0366b2	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-06-13 12:14:24 +00:00
szaimen	efa350e2d0	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-06-13 08:12:10 +00:00
szaimen	0a1aa673a7	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-06-06 07:20:26 +00:00
szaimen	f047678b43	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-05-30 10:38:18 +00:00
szaimen	d17bb88086	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-05-11 09:49:06 +00:00
szaimen	d83a996d0d	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-05-01 12:16:52 +00:00
Simon L	f4f36e8a52	adjust the readme Signed-off-by: Simon L <szaimen@e.mail.de>	2023-04-22 11:51:39 +02:00
szaimen	55ac1c4fa4	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-04-22 09:46:22 +00:00
szaimen	180e0246b8	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-04-14 13:50:10 +00:00
szaimen	c7fa53b02f	Update index.yaml Signed-off-by: szaimen <szaimen@users.noreply.github.com>	2023-03-30 09:28:19 +00:00