diff --git a/community-containers/borgbackup-viewer/borgbackup-viewer.json b/community-containers/borgbackup-viewer/borgbackup-viewer.json
index 417cc660..9b5c58e5 100644
--- a/community-containers/borgbackup-viewer/borgbackup-viewer.json
+++ b/community-containers/borgbackup-viewer/borgbackup-viewer.json
@@ -26,6 +26,7 @@
"BORGBACKUP_VIEWER_PASSWORD",
"BORGBACKUP_PASSWORD"
],
+ "ui_secret": "BORGBACKUP_VIEWER_PASSWORD",
"volumes": [
{
"source": "nextcloud_aio_backup_cache",
diff --git a/community-containers/borgbackup-viewer/readme.md b/community-containers/borgbackup-viewer/readme.md
index 42b692ec..dc3d5806 100644
--- a/community-containers/borgbackup-viewer/readme.md
+++ b/community-containers/borgbackup-viewer/readme.md
@@ -2,7 +2,7 @@
This container allows to view the local borg repository in a web session. It also allows you to restore files and folders from the backup by using desktop programs in a web browser.
### Notes
-- After adding and starting the container, you need to visit `https://ip.address.of.this.server:5801` in order to log in with the user `nextcloud` and the password that you can retrieve when running `sudo docker inspect nextcloud-aio-borgbackup-viewer | grep WEB_AUTHENTICATION_PASSWORD`. (It uses a self-signed certificate, so you need to accept the warning).
+- After adding and starting the container, you need to visit `https://ip.address.of.this.server:5801` in order to log in with the user `nextcloud` and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning).
- Then, you should see a terminal. There type in `borg mount /mnt/borgbackup/borg /tmp/borg` to mount the backup archive at `/tmp/borg` inside the container. Afterwards type in `nautilus /tmp/borg` which will show a file explorer and allows you to see all the files. You can then copy files and folders back to their initial mountpoints inside `/nextcloud_aio_volumes/`, `/host_mounts/` and `/docker_volumes/`. ⚠️ Be very carefully while doing that as can break your instance!
- After you are done with the operation, click on the terminal in the background and press `[CTRL]+[c]` multiple times to close any open application. Then run `umount /tmp/borg` to unmount the mountpoint correctly.
- You can also delete specific archives by running `borg list`, delete a specific archive e.g. via `borg delete --stats --progress "::20220223_174237-nextcloud-aio"` and compact the archives via `borg compact`. After doing so, make sure to update the backup archives list in the AIO interface! You can do so by clicking on the `Check backup integrity` button or `Create backup` button.
diff --git a/community-containers/lldap/readme.md b/community-containers/lldap/readme.md
index 27934d28..74a51c61 100644
--- a/community-containers/lldap/readme.md
+++ b/community-containers/lldap/readme.md
@@ -3,7 +3,7 @@ This container bundles LLDAP server and auto-configures your Nextcloud instance
### Notes
- In order to access your LLDAP web interface outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `ldap.$NC_DOMAIN` to redirect to your Lldap. You need to point the reverse proxy at port 17170 of this server.
-- After adding and starting the container, you can log in to the lldap web interface by using the username `admin` and the password that you can retrieve via `sudo docker inspect nextcloud-aio-lldap | grep LLDAP_JWT_SECRET`.
+- After adding and starting the container, you can log in to the lldap web interface by using the username `admin` and the secret that you can see next to the container in the AIO interface.
- To configure Nextcloud, you can use the generic configuration proposed below.
- For advanced configurations, see how to configure a client with lldap https://github.com/lldap/lldap#client-configuration
- Also, see how Nextcloud's LDAP application works https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html
diff --git a/community-containers/makemkv/makemkv.json b/community-containers/makemkv/makemkv.json
index e8d7f8dd..22132cb8 100644
--- a/community-containers/makemkv/makemkv.json
+++ b/community-containers/makemkv/makemkv.json
@@ -50,6 +50,7 @@
"secrets": [
"MAKEMKV_PASSWORD"
],
+ "ui_secret": "MAKEMKV_PASSWORD",
"backup_volumes": [
"nextcloud_aio_makemkv"
]
diff --git a/community-containers/makemkv/readme.md b/community-containers/makemkv/readme.md
index fa26be40..ed9ce040 100644
--- a/community-containers/makemkv/readme.md
+++ b/community-containers/makemkv/readme.md
@@ -6,7 +6,7 @@ This container bundles MakeMKV and auto-configures it for you.
- ⚠️ This container mounts all devices from the host inside the container in order to be able to access the external DVD/Blu-ray drives which is a security issue. However no better solution was found for the time being.
- This container only works on Linux and not on Docker-Desktop.
- This container requires the [`NEXTCLOUD_MOUNT` variable in AIO to be set](https://github.com/nextcloud/all-in-one?tab=readme-ov-file#how-to-allow-the-nextcloud-container-to-access-directories-on-the-host). Otherwise the output will not be saved correctly..
-- After adding and starting the container, you need to visit `https://internal.ip.of.server:5802` in order to log in with the `makemkv` user and the password that you can retrieve when running `sudo docker inspect nextcloud-aio-makemkv | grep WEB_AUTHENTICATION_PASSWORD`. (It uses a self-signed certificate, so you need to accept the warning).
+- After adding and starting the container, you need to visit `https://internal.ip.of.server:5802` in order to log in with the `makemkv` user and the password that you can see next to the container in the AIO interface. (The web page uses a self-signed certificate, so you need to accept the warning).
- After the first login, you can adjust the `/output` directory in the MakeMKV settings to a subdirectory of the root of your chosen `NEXTCLOUD_MOUNT`. (by default `NEXTCLOUD_MOUNT` is mounted to `/output` inside the container. Thus all data is written to the root of it)
- The configured `NEXTCLOUD_DATADIR` is getting mounted to `/storage` inside the container.
- The config data of MakeMKV will be automatically included in AIOs backup solution!
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
index f4d207c3..95c99426 100644
--- a/manual-install/update-yaml.sh
+++ b/manual-install/update-yaml.sh
@@ -14,6 +14,7 @@ cat /tmp/containers.json
OUTPUT="$(cat /tmp/containers.json)"
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].internal_port)')"
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].secrets)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].ui_secrets)')"
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].devices)')"
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].enable_nvidia_gpu)')"
OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].backup_volumes)')"
diff --git a/php/containers-schema.json b/php/containers-schema.json
index 4f030e8f..7a675e60 100644
--- a/php/containers-schema.json
+++ b/php/containers-schema.json
@@ -145,6 +145,10 @@
"pattern": "^[A-Z_]+$"
}
},
+ "ui_secret": {
+ "type": "string",
+ "pattern": "^[A-Z_]+$"
+ },
"image_tag": {
"type": "string",
"pattern": "^([a-z0-9.-]+|%AIO_CHANNEL%)$"
diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
index 0b032e8c..77858283 100644
--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@@ -21,6 +21,7 @@ readonly class Container {
private array $dependsOn,
/** @var string[] */
private array $secrets,
+ private string $uiSecret,
/** @var string[] */
private array $devices,
private bool $enableNvidiaGpu,
@@ -85,6 +86,10 @@ readonly class Container {
return $this->secrets;
}
+ public function GetUiSecret() : string {
+ return $this->dockerActionManager->GetAndGenerateSecretWrapper($this->uiSecret);
+ }
+
public function GetTmpfs() : array {
return $this->tmpfs;
}
diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php
index 8f7c6a97..6809650c 100644
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@@ -244,6 +244,11 @@ readonly class ContainerDefinitionFetcher {
$secrets = $entry['secrets'];
}
+ $uiSecret = '';
+ if (isset($entry['ui_secret'])) {
+ $uiSecret = $entry['ui_secret'];
+ }
+
$devices = [];
if (isset($entry['devices'])) {
$devices = $entry['devices'];
@@ -316,6 +321,7 @@ readonly class ContainerDefinitionFetcher {
$variables,
$dependsOn,
$secrets,
+ $uiSecret,
$devices,
$enableNvidiaGpu,
$capAdd,
diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php
index e7d6884f..2a0fa3d5 100644
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@@ -33,6 +33,10 @@ class ConfigurationManager
}
public function GetAndGenerateSecret(string $secretId) : string {
+ if ($secretId === '') {
+ return '';
+ }
+
$config = $this->GetConfig();
if(!isset($config['secrets'][$secretId])) {
$config['secrets'][$secretId] = bin2hex(random_bytes(24));
diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
index c9eb402e..e98a5237 100644
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@@ -1032,6 +1032,10 @@ readonly class DockerActionManager {
}
}
+ public function GetAndGenerateSecretWrapper(string $secretId) : string {
+ return $this->configurationManager->GetAndGenerateSecret($secretId);
+ }
+
public function isNextcloudImageOutdated() : bool {
$createdTime = $this->GetCreatedTimeOfNextcloudImage();
diff --git a/php/templates/containers.twig b/php/templates/containers.twig
index 1a2fd11c..6f0128b3 100644
--- a/php/templates/containers.twig
+++ b/php/templates/containers.twig
@@ -282,6 +282,9 @@
{% if container.GetDocumentation() != '' %}
(docs)
{% endif %}
+ {% if container.GetUiSecret() != '' %}
+ (secret: {{ GetUiSecret.GetUiSecret() }} )
+ {% endif %}
{% elseif container.GetRunningState().value == 'running' %}
@@ -289,6 +292,9 @@
{% if container.GetDocumentation() != '' %}
(docs)
{% endif %}
+ {% if container.GetUiSecret() != '' %}
+ (secret: {{ GetUiSecret.GetUiSecret() }} )
+ {% endif %}
{% else %}
@@ -296,6 +302,9 @@
{% if container.GetDocumentation() != '' %}
(docs)
{% endif %}
+ {% if container.GetUiSecret() != '' %}
+ (secret: {{ GetUiSecret.GetUiSecret() }} )
+ {% endif %}
{% endif %}