Merge branch 'main' into Anvil5465-patch-2

.github/workflows/dependency-updates.yml

@@ -8,12 +8,12 @@ on:
 jobs:
   dependency_updates:
     name: Run dependency update script
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
-    - uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2
+    - uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
       with:
-        php-version: 8.3
+        php-version: 8.4
         extensions: apcu
     - name: Run dependency update script
       run: |

.github/workflows/helm-release.yml

@@ -16,7 +16,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Turnstyle
-        uses: softprops/turnstyle@25dcee5c3fcb84375f3a3f93a3c97ed0d42cfcdc # v2
+        uses: softprops/turnstyle@807f6009e7cee5c2c9faa41ccef03a8bb24b06ab # v2
         with:
           continue-after-seconds: 180
         env:

.github/workflows/lint-php.yml

@@ -27,7 +27,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        php-versions: [ "8.3" ]
+        php-versions: [ "8.4" ]
 
     name: php-lint
 
@@ -36,7 +36,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2
+        uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
         with:
           php-version: ${{ matrix.php-versions }}
           coverage: none

.github/workflows/nextcloud-update.yml

@@ -60,12 +60,6 @@ jobs:
         )"
         sed -i "s|\(pecl install[^;]*imagick-\)[0-9.]*|\1$imagick_version|" ./Containers/nextcloud/Dockerfile
 
-        # Imagick git-commit-hash from HEAD
-        imagick_commit_hash="$(
-          git ls-remote https://github.com/imagick/imagick.git HEAD | awk '{print $1}'
-        )"
-        sed -i "s/\(ARG IMAGICK_COMMIT_HASH=\)[a-fA-F0-9]*$/\1$imagick_commit_hash/" ./Containers/nextcloud/Dockerfile
-
         # Igbinary
         igbinary_version="$(
           git ls-remote --tags https://github.com/igbinary/igbinary.git \

.github/workflows/php-deprecation-detector.yml

@@ -18,9 +18,9 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Set up php
-        uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2
+        uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
         with:
-          php-version: 8.3
+          php-version: 8.4
           extensions: apcu
           coverage: none
 

.github/workflows/psalm-update-baseline.yml

@@ -13,9 +13,9 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Set up php
-        uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2
+        uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
         with:
-          php-version: 8.3
+          php-version: 8.4
           extensions: apcu
           coverage: none
 

.github/workflows/psalm.yml

@@ -29,9 +29,9 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Set up php
-        uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2
+        uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
         with:
-          php-version: 8.3
+          php-version: 8.4
           extensions: apcu
           coverage: none
           ini-file: development

.github/workflows/twig-lint.yml

@@ -27,9 +27,9 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@9e72090525849c5e82e596468b86eb55e9cc5401 # v2
+        uses: shivammathur/setup-php@0f7f1d08e3e32076e51cae65eb0b0c871405b16e # v2
         with:
-          php-version: 8.3
+          php-version: 8.4
           extensions: apcu
           coverage: none
 

.github/workflows/update-helm.yml

@@ -19,7 +19,7 @@ jobs:
           DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g;s|[[:space:]]||g;s|,||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
           export DOCKER_TAG
           set +x
-          if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
+          if [ -n "$DOCKER_TAG" ] && ! grep -q "aio-nextcloud:$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
             sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
           fi
       - name: Create Pull Request

Containers/alpine/Dockerfile

@@ -3,3 +3,5 @@ FROM alpine:3.21.3
 
 RUN set -ex; \
     apk upgrade --no-cache -a
+
+LABEL org.label-schema.vendor="Nextcloud"

Containers/apache/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM caddy:2.9.1-alpine AS caddy
+FROM caddy:2.10.0-alpine AS caddy
 
 # From https://github.com/docker-library/httpd/blob/master/2.4/alpine/Dockerfile
 FROM httpd:2.4.63-alpine3.21
@@ -87,4 +87,5 @@ ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"

Containers/borgbackup/Dockerfile

@@ -23,5 +23,6 @@ ENTRYPOINT ["/start.sh"]
 # hadolint ignore=DL3002
 USER root
 
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
 ENV BORG_RETENTION_POLICY="--keep-within=7d --keep-weekly=4 --keep-monthly=6"

Containers/clamav/Dockerfile

@@ -11,6 +11,7 @@ RUN set -ex; \
     sed -i "s|#\?PCREMaxFileSize.*|PCREMaxFileSize aio-placeholder|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?StreamMaxLength.*|StreamMaxLength aio-placeholder|g" /etc/clamav/clamd.conf; \
     sed -i "s|#\?TCPSocket|TCPSocket|g" /etc/clamav/clamd.conf; \
+    sed -i "s|^LocalSocket .*|LocalSocket /tmp/clamd.sock|g" /etc/clamav/clamd.conf; \
     freshclam --foreground --stdout
 
 COPY --chmod=775 start.sh /start.sh
@@ -21,5 +22,6 @@ USER 100
 VOLUME /var/lib/clamav
 ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh

Containers/collabora/Dockerfile

@@ -1,22 +1,14 @@
 # syntax=docker/dockerfile:latest
 # From a file located probably somewhere here: https://github.com/CollaboraOnline/online/blob/master/docker/from-packages/Dockerfile
-FROM collabora/code:24.04.13.2.1
+FROM collabora/code:25.04.2.2.1
 
 USER root
 ARG DEBIAN_FRONTEND=noninteractive
 
-# hadolint ignore=DL3008
-RUN set -ex; \
-    \
-    apt-get update; \
-    apt-get install -y --no-install-recommends \
-        netcat-openbsd \
-    ; \
-    rm -rf /var/lib/apt/lists/*;
-
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 USER 1001
 
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"

Containers/collabora/healthcheck.sh

@@ -1,3 +1,7 @@
 #!/bin/bash
 
-nc -z 127.0.0.1 9980 || exit 1
+# Unfortunately, no curl and no nc is installed in the container 
+# and packages can also not be added as the package list is broken.
+# So always exiting 0 for now.
+# nc http://127.0.0.1:9980 || exit 1
+exit 0

Containers/docker-socket-proxy/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM haproxy:3.1.6-alpine
+FROM haproxy:3.2.1-alpine
 
 # hadolint ignore=DL3002
 USER root
@@ -18,4 +18,5 @@ COPY --chmod=664 haproxy.cfg /haproxy.cfg
 
 ENTRYPOINT ["/start.sh"]
 HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"

Containers/docker-socket-proxy/haproxy.cfg

@@ -4,9 +4,9 @@ global
     maxconn 10
 
 defaults
-    timeout connect 10s
+    timeout connect 30s
-    timeout client 10s
+    timeout client 30s
-    timeout server 10s
+    timeout server 1800s
 
 frontend http
     mode http
@@ -14,6 +14,8 @@ frontend http
     http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER }
     # docker system _ping
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/_ping$ } METH_GET
+    # docker inspect image: GET images/%s/json
+    http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images/.*/json } METH_GET
     # container inspect: GET containers/%s/json
     http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/nc_app_[a-zA-Z0-9_.-]+/json } METH_GET
     # container inspect: GET containers/%s/logs

Containers/domaincheck/Dockerfile

@@ -17,4 +17,5 @@ USER www-data
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD nc -z 127.0.0.1 $APACHE_PORT || exit 1
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"

Containers/fulltextsearch/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from here https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/Dockerfile
-FROM elasticsearch:8.17.4
+FROM elasticsearch:8.18.2
 
 USER root
 
@@ -21,5 +21,6 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 USER 1000:0
 
 HEALTHCHECK --interval=10s --timeout=5s --start-period=1m --retries=5 CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"
 ENV ES_JAVA_OPTS="-Xms512M -Xmx512M"

Containers/imaginary/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.1-alpine3.21 AS go
+FROM golang:1.24.4-alpine3.21 AS go
 
 ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
 
@@ -42,4 +42,5 @@ ENV MALLOC_ARENA_MAX=2
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"

Containers/mastercontainer/Dockerfile

@@ -1,12 +1,12 @@
 # syntax=docker/dockerfile:latest
 # Docker CLI is a requirement
-FROM docker:28.0.4-cli AS docker
+FROM docker:28.2.2-cli AS docker
 
 # Caddy is a requirement
-FROM caddy:2.9.1-alpine AS caddy
+FROM caddy:2.10.0-alpine AS caddy
 
-# From https://github.com/docker-library/php/blob/master/8.3/alpine3.21/fpm/Dockerfile
+# From https://github.com/docker-library/php/blob/master/8.4/alpine3.21/fpm/Dockerfile
-FROM php:8.3.19-fpm-alpine3.21
+FROM php:8.4.8-fpm-alpine3.21
 
 EXPOSE 80
 EXPOSE 8080
@@ -122,6 +122,8 @@ COPY --chmod=664 Caddyfile /Caddyfile
 COPY --chmod=664 supervisord.conf /supervisord.conf
 COPY mastercontainer.conf /etc/apache2/sites-available/mastercontainer.conf
 
+LABEL org.label-schema.vendor="Nextcloud"
+
 # hadolint ignore=DL3002
 USER root
 

Containers/mastercontainer/daily-backup.sh

@@ -20,6 +20,11 @@ APACHE_PORT="$(docker inspect nextcloud-aio-apache --format "{{.Config.Env}}" |
 if [ -z "$APACHE_PORT" ]; then
     echo "APACHE_PORT is not set which is not expected..."
 else
+    # Connect mastercontainer to nextcloud-aio network to make sure that nextcloud-aio-apache is reachable
+    # Prevent issues like https://github.com/nextcloud/all-in-one/discussions/5222
+    docker network connect nextcloud-aio nextcloud-aio-mastercontainer &>/dev/null
+
+    # Wait for apache to start
     while docker ps --format "{{.Names}}" | grep -q "^nextcloud-aio-apache$" && ! nc -z nextcloud-aio-apache "$APACHE_PORT"; do
         echo "Waiting for apache to become available"
         sleep 30

Containers/mastercontainer/start.sh

@@ -258,26 +258,17 @@ It is set to '$NEXTCLOUD_ADDITIONAL_PHP_EXTENSIONS'."
     fi
 fi
 if [ -n "$AIO_COMMUNITY_CONTAINERS" ]; then
-    read -ra AIO_CCONTAINERS <<< "$AIO_COMMUNITY_CONTAINERS"
+    print_red "You've set AIO_COMMUNITY_CONTAINERS but the option was removed.
-    for container in "${AIO_CCONTAINERS[@]}"; do
+The community containers get managed via the AIO interface now."
-        if ! [ -d "/var/www/docker-aio/community-containers/$container" ]; then
-            print_red "The community container $container was not found!"
-            FAIL_CCONTAINERS=1
-        fi
-    done
-    if [ -n "$FAIL_CCONTAINERS" ]; then
-        print_red "You've set AIO_COMMUNITY_CONTAINERS but at least one container was not found.
-It is set to '$AIO_COMMUNITY_CONTAINERS'."
-        exit 1
-    fi
 fi
 
 # Check if ghcr.io is reachable
 # Solves issues like https://github.com/nextcloud/all-in-one/discussions/5268
-if ! curl https://ghcr.io &>/dev/null; then
+if ! curl --no-progress-meter https://ghcr.io/v2/ >/dev/null; then
     print_red "Could not reach https://ghcr.io."
     echo "Most likely is something blocking access to it."
-    echo "You should be able to fix this by using https://github.com/nextcloud/all-in-one/tree/main/manual-install"
+    echo "You should be able to fix this by following https://dockerlabs.collabnix.com/intermediate/networking/Configuring_DNS.html"
+    echo "Another solution is using https://github.com/nextcloud/all-in-one/tree/main/manual-install"
     exit 1
 fi
 

Containers/nextcloud/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.3.19-fpm-alpine3.21
+FROM php:8.3.22-fpm-alpine3.21
 
 ENV PHP_MEMORY_LIMIT=512M
 ENV PHP_UPLOAD_LIMIT=16G
@@ -8,14 +8,11 @@ ENV SOURCE_LOCATION=/usr/src/nextcloud
 ENV REDIS_DB_INDEX=0
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION=30.0.8
+ENV NEXTCLOUD_VERSION=31.0.6
 ENV AIO_TOKEN=123456
 ENV AIO_URL=localhost
 # AIO settings end # Do not remove or change this line!
 
-# Define the commit hash for imagick as a variable
-ARG IMAGICK_COMMIT_HASH=28f27044e435a2b203e32675e942eb8de620ee58
-
 COPY --chmod=775 *.sh /
 COPY --chmod=774 upgrade.exclude /upgrade.exclude
 COPY config/*.php /
@@ -85,20 +82,7 @@ RUN set -ex; \
     pecl install APCu-5.1.24; \
     pecl install -D 'enable-memcached-igbinary="yes"' memcached-3.3.0; \
     pecl install -oD 'enable-redis-igbinary="yes" enable-redis-zstd="yes" enable-redis-lz4="yes"' redis-6.2.0; \
-#    pecl install -o imagick-3.7.0; \
+   pecl install -o imagick-3.8.0; \
-# Begin workaround ->
-# The master version on the imagick repository is compatible with PHP 8.3. However, the PECL version is not updated yet.
-# As soon as it will get updated, we can switch back to the PECL version, instead of having this workaround.
-    apk add --no-cache --virtual .git-build-deps git \
-    && git clone https://github.com/imagick/imagick.git --depth 1 /tmp/imagick \
-    && cd /tmp/imagick \
-    && git fetch --depth 1 origin ${IMAGICK_COMMIT_HASH} \
-    && git checkout ${IMAGICK_COMMIT_HASH} \
-    && sed -i "s/@PACKAGE_VERSION@/git-${IMAGICK_COMMIT_HASH:0:7}/" php_imagick.h \
-    && phpize && ./configure && make && make install; \
-    apk del .git-build-deps; \
-    cd && rm -r /tmp/imagick; \
-# <- End workaround
     \
     docker-php-ext-enable \
         igbinary \
@@ -134,7 +118,10 @@ RUN set -ex; \
         echo 'opcache.jit_buffer_size=8M'; \
     } > /usr/local/etc/php/conf.d/opcache-recommended.ini; \
     \
-    echo 'apc.enable_cli=1' >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
+    { \
+        echo 'apc.enable_cli=1'; \
+        echo 'apc.shm_size=64M'; \
+    } >> /usr/local/etc/php/conf.d/docker-php-ext-apcu.ini; \
     \
     { \
         echo 'memory_limit=${PHP_MEMORY_LIMIT}'; \
@@ -225,8 +212,8 @@ RUN set -ex; \
     /var/log/supervisord \
     /var/run/supervisord \
     ; \
-    chown www-data:root -R /var/log/supervisord; \
+    chmod 777 -R /var/log/supervisord; \
-    chown www-data:root -R /var/run/supervisord; \
+    chmod 777 -R /var/run/supervisord; \
     \
     apk add --no-cache \
         bash \
@@ -266,14 +253,12 @@ RUN set -ex; \
 # AIO cloning end # Do not remove or change this line!
     \
     chown www-data:root -R /usr/src && \
-    chown www-data:root -R /usr/local/etc/php/conf.d && \
+    chmod 777 -R /usr/local/etc/php/conf.d && \
-    chown www-data:root -R /usr/local/etc/php-fpm.d && \
+    chmod 777 -R /usr/local/etc/php-fpm.d && \
     chmod -R 777 /tmp; \
-    rm -rf /usr/src/nextcloud/apps/updatenotification; \
     \
     mkdir -p /nc-updater; \
-    chown -R www-data:www-data /nc-updater; \
+    chmod -R 777 /nc-updater
-    chmod -R 770 /nc-updater
 
 # hadolint ignore=DL3002
 USER root
@@ -281,4 +266,5 @@ ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"

Containers/nextcloud/entrypoint.sh

@@ -105,20 +105,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             # Write output to logfile.
             exec > >(tee -i "/var/www/html/data/update.log")
             exec 2>&1
-            # Run built-in upgrader if version is below 28.0.2 to upgrade to 28.0.x first
-            touch "$NEXTCLOUD_DATA_DIR/update.failed"
-            if ! version_greater "$installed_version" "28.0.1.20"; then
-                php /var/www/html/updater/updater.phar --no-interaction --no-backup
-                if ! php /var/www/html/occ upgrade || php /var/www/html/occ status | grep maintenance | grep -q 'true'; then
-                    echo "Upgrade failed. Please restore from backup."
-                    bash /notify.sh "Nextcloud update to $image_version failed!" "Please restore from backup!"
-                    exit 1
-                fi
-                rm "$NEXTCLOUD_DATA_DIR/update.failed"
-                # shellcheck disable=SC2016
-                installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
-                INSTALLED_MAJOR="${installed_version%%.*}"
-            fi
         fi
 
         if [ "$installed_version" != "0.0.0.0" ] && [ "$((IMAGE_MAJOR - INSTALLED_MAJOR))" -gt 1 ]; then
@@ -158,13 +144,14 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
 # Check connection to appstore start # Do not remove or change this line!
             while true; do
                 echo -e "Checking connection to appstore"
-                APPSTORE_URL="https://apps.nextcloud.com/"
+                APPSTORE_URL="https://apps.nextcloud.com/api/v1"
                 if grep -q appstoreurl /var/www/html/config/config.php; then
                     set -x
                     APPSTORE_URL="$(grep appstoreurl /var/www/html/config/config.php | grep -oP 'https://.*v[0-9]+')"
                     set +x
                 fi
-                CURL_STATUS="$(curl -LI "$APPSTORE_URL" -o /dev/null -w '%{http_code}\n' -s)"
+                # Default appstoreurl parameter in config.php defaults to 'https://apps.nextcloud.com/api/v1' so we check for the apps.json file stored in there
+                CURL_STATUS="$(curl -LI "$APPSTORE_URL"/apps.json -o /dev/null -w '%{http_code}\n' -s)"
                 if [[ "$CURL_STATUS" = "200" ]]
                 then
                     echo "Appstore is reachable"
@@ -206,14 +193,6 @@ if ! [ -f "$NEXTCLOUD_DATA_DIR/skip.update" ]; then
             php /var/www/html/occ app:update --all
 
             run_upgrade_if_needed_due_to_app_update
-
-            # Fix removing the updatenotification for old instances
-            UPDATENOTIFICATION_STATUS="$(php /var/www/html/occ config:app:get updatenotification enabled)"
-            if [ -d "/var/www/html/apps/updatenotification" ]; then
-                php /var/www/html/occ app:disable updatenotification
-            elif [ "$UPDATENOTIFICATION_STATUS" != "no" ] && [ -n "$UPDATENOTIFICATION_STATUS" ]; then
-                php /var/www/html/occ config:app:set updatenotification enabled --value="no"
-            fi
         fi
 
         echo "Initializing nextcloud $image_version ..."
@@ -290,6 +269,10 @@ DATADIR_PERMISSION_CONF
             # unset admin password
             unset ADMIN_PASSWORD
 
+            # Enable the updatenotification app but disable its UI and server update notifications
+            php /var/www/html/occ config:system:set updatechecker --type=bool --value=false
+            php /var/www/html/occ config:app:set updatenotification notify_groups --value="[]"
+
 # AIO update to latest start # Do not remove or change this line!
             if [ "$INSTALL_LATEST_MAJOR" = yes ]; then
                 php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
@@ -320,8 +303,7 @@ DATADIR_PERMISSION_CONF
                     # shellcheck disable=SC2016
                     installed_version="$(php -r 'require "/var/www/html/version.php"; echo implode(".", $OC_Version);')"
                 fi
-                php /var/www/html/occ app:disable updatenotification
+                php /var/www/html/occ config:system:set updatechecker --type=bool --value=true
-                rm -rf /var/www/html/apps/updatenotification
                 php /var/www/html/occ app:enable nextcloud-aio --force
                 php /var/www/html/occ db:add-missing-columns
                 php /var/www/html/occ db:add-missing-primary-keys
@@ -367,8 +349,6 @@ DATADIR_PERMISSION_CONF
             php /var/www/html/occ config:system:set activity_expire_days --value="30" --type=integer
             php /var/www/html/occ config:system:set simpleSignUpLink.shown --type=bool --value=false
             php /var/www/html/occ config:system:set share_folder --value="/Shared"
-            # Not needed anymore with the removal of the updatenotification app:
-            # php /var/www/html/occ config:app:set updatenotification notify_groups --value="[]"
 
             # Install some apps by default
             if [ -n "$STARTUP_APPS" ]; then
@@ -447,6 +427,11 @@ DATADIR_PERMISSION_CONF
 
             run_upgrade_if_needed_due_to_app_update
 
+            # Enable the updatenotification app but disable its UI and server update notifications
+            php /var/www/html/occ config:system:set updatechecker --type=bool --value=false
+            php /var/www/html/occ app:enable updatenotification
+            php /var/www/html/occ config:app:set updatenotification notify_groups --value="[]"
+
             # Apply optimization
             echo "Doing some optimizations..."
             if [ "$NEXTCLOUD_SKIP_DATABASE_OPTIMIZATION" != yes ]; then

Containers/nextcloud/root.motd

@@ -1,4 +1,4 @@
 Warning: You have logged in into the Nextcloud container as root user.
 See https://github.com/nextcloud/all-in-one#how-to-run-occ-commands if you want to run occ commands.
-Apart from that, you can use 'sudo -u www-data -E php occ <your-command>' in order to run occ commands.
+Apart from that, you can use 'sudo -E -u www-data php occ <your-command>' in order to run occ commands.
 Of course <your-command> needs to be substituted with the command that you want to use.

Containers/nextcloud/supervisord.conf

@@ -39,5 +39,7 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-command=nc -lk 9001
+# Restart the netcat command once a day to ensure that it stays reachable
+# See https://github.com/nextcloud/all-in-one/issues/6334
+command=timeout 86400 nc -lk 9001
 user=www-data

Containers/notify-push/Dockerfile

@@ -21,4 +21,5 @@ USER 33
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"

Containers/onlyoffice/Dockerfile

@@ -1,10 +1,11 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/ONLYOFFICE/Docker-DocumentServer/blob/master/Dockerfile
-FROM onlyoffice/documentserver:8.3.2.1
+FROM onlyoffice/documentserver:8.3.3.1
 
 # USER root is probably used
 
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 HEALTHCHECK --start-period=60s --retries=9 CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"

Containers/postgresql/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
-# From https://github.com/docker-library/postgres/blob/master/16/alpine3.21/Dockerfile
+# From https://github.com/docker-library/postgres/blob/master/17/alpine3.21/Dockerfile
-FROM postgres:16.8-alpine
+FROM postgres:17.5-alpine
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
@@ -43,4 +43,5 @@ USER 999
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"

Containers/postgresql/start.sh

@@ -99,7 +99,7 @@ if ( [ -f "$DATADIR/PG_VERSION" ] && [ "$PG_MAJOR" != "$(cat "$DATADIR/PG_VERSIO
     fi
 
     # Get the Owner
-    DB_OWNER="$(grep -a "$GREP_STRING" "$DUMP_FILE" | head -1 | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g')"
+    DB_OWNER="$(grep -a "$GREP_STRING" "$DUMP_FILE" | head -1 | grep -oP 'Owner:.*$' | sed 's|Owner:||;s|[[:space:]]||g')"
     if [ "$DB_OWNER" = "$POSTGRES_USER" ]; then
         echo "Unfortunately was the found database owner of the dump file the same as the POSTGRES_USER $POSTGRES_USER"
         echo "It is not possible to import a database dump from this database owner."

Containers/redis/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # From https://github.com/docker-library/redis/blob/master/7.2/alpine/Dockerfile
-FROM redis:7.2.7-alpine
+FROM redis:7.2.9-alpine
 
 COPY --chmod=775 start.sh /start.sh
 
@@ -20,4 +20,5 @@ USER 999
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"

Containers/talk-recording/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM python:3.13.2-alpine3.21
+FROM python:3.13.4-alpine3.21
 
 COPY --chmod=775 start.sh /start.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
@@ -7,6 +7,7 @@ COPY --chmod=775 healthcheck.sh /healthcheck.sh
 ENV RECORDING_VERSION=v0.1
 ENV ALLOW_ALL=false
 ENV HPB_PROTOCOL=https
+ENV NC_PROTOCOL=https
 ENV SKIP_VERIFY=false
 ENV HPB_PATH=/standalone-signaling/
 
@@ -56,4 +57,5 @@ ENTRYPOINT ["/start.sh"]
 CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/conf/recording.conf"]
 
 HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"

Containers/talk-recording/start.sh

@@ -39,7 +39,7 @@ videoheight = 1080
 directory = /tmp
 
 [backend-1]
-url = ${HPB_PROTOCOL}://${NC_DOMAIN}
+url = ${NC_PROTOCOL}://${NC_DOMAIN}
 secret = ${RECORDING_SECRET}
 skipverify = ${SKIP_VERIFY}
 

Containers/talk/Dockerfile

@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.11.0-scratch AS nats
+FROM nats:2.11.4-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
-FROM strukturag/nextcloud-spreed-signaling:2.0.2 AS signaling
+FROM strukturag/nextcloud-spreed-signaling:2.0.3 AS signaling
 FROM alpine:3.21.3 AS janus
 
 ARG JANUS_VERSION=v1.3.1
@@ -105,4 +105,5 @@ ENTRYPOINT ["/start.sh"]
 CMD ["supervisord", "-c", "/supervisord.conf"]
 
 HEALTHCHECK CMD /healthcheck.sh
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"

Containers/watchtower/Dockerfile

@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM golang:1.24.1-alpine3.21 AS go
+FROM golang:1.24.4-alpine3.21 AS go
 
 RUN set -ex; \
     apk upgrade --no-cache -a; \
@@ -21,4 +21,5 @@ COPY --chmod=775 start.sh /start.sh
 USER root
 
 ENTRYPOINT ["/start.sh"]
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"

Containers/whiteboard/Dockerfile

@@ -18,4 +18,5 @@ WORKDIR /tmp
 
 ENTRYPOINT ["/start.sh"]
 
-LABEL com.centurylinklabs.watchtower.enable="false"
+LABEL com.centurylinklabs.watchtower.enable="false" \
+    org.label-schema.vendor="Nextcloud"

app/appinfo/info.xml

@@ -5,7 +5,7 @@
 	<name>Nextcloud All-in-One</name>
 	<summary>Provides a login link for admins.</summary>
 	<description>Add a link to the admin settings that gives access to the Nextcloud All-in-One admin interface</description>
-	<version>0.7.0</version>
+	<version>0.8.0</version>
 	<licence>agpl</licence>
 	<author>Azul</author>
 	<namespace>AllInOne</namespace>
@@ -13,20 +13,11 @@
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="29" max-version="30"/>
+		<nextcloud min-version="30" max-version="31"/>
 	</dependencies>
 
 	<settings>
 		<admin>OCA\AllInOne\Settings\Admin</admin>
 	</settings>
 
- <!-- not implemented yet - but might be useful:
-        <background-jobs>
-		<job>OCA\AllInOne\Notification\BackgroundJob</job>
-	</background-jobs>
-	<commands>
-		<command>OCA\UpdateNotification\Command\Check</command>
-	</commands>
- -->
-
 </info>

community-containers/fail2ban/readme.md

@@ -4,6 +4,7 @@ This container bundles fail2ban and auto-configures it for you in order to block
 ### Notes
 - If you get an error like `"ip6tables v1.8.9 (legacy): can't initialize ip6tables table filter': Table does not exist (do you need to insmod?)"`, you need to enable ip6tables on your host via `sudo modprobe ip6table_filter`.
 - If you get an error like  `stderr: 'iptables: No chain/target/match by that name.'` and `stderr: 'ip6tables: No chain/target/match by that name.'`, you need to follow https://github.com/szaimen/aio-fail2ban/issues/9#issuecomment-2026898790 in order to resolve this.
+- You can unban ip addresses like so for example: `docker exec -it nextcloud-aio-fail2ban fail2ban-client set nextcloud unbanip 203.113.167.162`.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository

community-containers/readme.md

@@ -5,9 +5,8 @@ This directory features containers that are built for AIO which allows to add ad
 All containers that are in this directory are community maintained so the responsibility is on the community to keep them updated and secure. There is no guarantee that this will be the case in the future.
 
 ## How to use this?
-Before adding any additional container, make sure to create a backup via the AIO interface!
+Starting with v11 of AIO, the management of Community Containers is done via the AIO interface (it is the last section in the AIO interface, so only visible if you scroll down). 
-
+⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! **Hint:** If the containers where running already, in order to actually start the added container, you need to click on `Stop containers` and the `Update and start containers` in order to actually start it.
-Afterwards, you might want to add additional community containers to the default AIO stack. You can do so by adding `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` to the docker run command of the mastercontainer (but before the last line `ghcr.io/nextcloud-releases/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used) and customize the value to your fitting. It must match the folder names in this directory! ⚠️⚠️⚠️ Please review the folder for documentation on each of the containers before adding them! Not reviewing the documentation for each of them first might break starting the AIO containers because e.g. fail2ban only works on Linux and not on Docker Desktop! **Hint:** If the containers where running already, in order to actually start the added container, you need to click on `Stop containers` and the `Update and start containers` in order to actually start it.
 
 ## How to add containers?
 Simply submit a PR by creating a new folder in this directory: https://github.com/nextcloud/all-in-one/tree/main/community-containers with the name of your container. It must include a json file with the same name and with correct syntax and a readme.md with additional information. You might get inspired by caddy, fail2ban, local-ai, libretranslate, plex, pi-hole or vaultwarden (subfolders in this directory). For a full-blown example of the json file, see https://github.com/nextcloud/all-in-one/blob/main/php/containers.json. The json-schema that it validates against can be found here: https://github.com/nextcloud/all-in-one/blob/main/php/containers-schema.json.
@@ -16,8 +15,6 @@ Simply submit a PR by creating a new folder in this directory: https://github.co
 Yes, see [this list](https://github.com/nextcloud/all-in-one/issues/5251) for already existing ideas for new community containers. Feel free to pick one up and add it to this folder by following the instructions above.
 
 ## How to remove containers from AIOs stack?
-In some cases, you might want to remove some community containers from the AIO stack again. Here is how to do this.
+You can remove containers now via the web interface.
-
-First, do a backup from the AIO interface in order to save the current state. Do not start the containers again afterwards! Now simply recreate the mastercontainer and remove any container from the `--env AIO_COMMUNITY_CONTAINERS="container1 container2"` that you do not actually need. If you want to remove all, simply use `--env AIO_COMMUNITY_CONTAINERS=" "`. 
 
 After removing the containers, there might be some data left on your server that you might want to remove. You can get rid of the data by first running `sudo docker rm nextcloud-aio-container1`, (adjust `container1` accordingly) per community-container that you removed. Then run `sudo docker image prune -a` in order to remove all images that are not used anymore. As last step you can get rid of persistent data of these containers that is stored in volumes. You can check if there is some by running `sudo docker volume ls` and look for any volume that matches the ones that you removed. If so, you can remove them with `sudo docker volume rm nextcloud_aio_volume-id` (of course you need to adjust the `volume-id`).

compose.yaml

@@ -14,7 +14,6 @@ services:
       - 8443:8443 # Can be removed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
     # environment: # Is needed when using any of the options below
       # AIO_DISABLE_BACKUP_SECTION: false # Setting this to true allows to hide the backup section in the AIO interface. See https://github.com/nextcloud/all-in-one#how-to-disable-the-backup-section
-      # AIO_COMMUNITY_CONTAINERS: # With this variable, you can add community containers very easily. See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers
       # APACHE_PORT: 11000 # Is needed when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else). See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # APACHE_IP_BINDING: 127.0.0.1 # Should be set when running behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) that is running on the same host. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md
       # APACHE_ADDITIONAL_NETWORK: frontend_net # (Optional) Connect the apache container to an additional docker network. Needed when behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) running in a different docker network on same server. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md

develop.md

@@ -41,8 +41,9 @@ This is documented here: https://github.com/nextcloud-releases/all-in-one/tree/m
 
 ## How to promote builds from beta to latest
 
+1. Verify that GitHub Services are running correctly: https://www.githubstatus.com/
 1. Verify that no job is running here: https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-beta.yml
-2. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-latest.yml, click on `Run workflow`.
+1. Go to https://github.com/nextcloud-releases/all-in-one/actions/workflows/promote-to-latest.yml, click on `Run workflow`.
 
 ## How to connect to the database?
 Simply run `sudo docker exec -it nextcloud-aio-database psql -U oc_nextcloud nextcloud_database` and you should be in.

manual-install/latest.yml

@@ -264,6 +264,7 @@ services:
     cap_add:
       - MKNOD
       - SYS_ADMIN
+      - CHOWN
     cap_drop:
       - NET_RAW
 

manual-upgrade.md

@@ -35,13 +35,13 @@ The only way to fix this on your side is upgrading regularly (e.g. by enabling d
 
 | To change                              | Replace with                                        |
 |----------------------------------------|-----------------------------------------------------|
-| `nextcloud/aio-nextcloud:latest`       | `nextcloud/aio-nextcloud:php{version}-latest`       |
+| `ghcr.io/nextcloud-releases/aio-nextcloud:latest`       | `ghcr.io/nextcloud-releases/aio-nextcloud:php{version}-latest`       |
-| `nextcloud/aio-nextcloud:latest-arm64` | `nextcloud/aio-nextcloud:php{version}-latest-arm64` |
+| `ghcr.io/nextcloud-releases/aio-nextcloud:latest-arm64` | `ghcr.io/nextcloud-releases/aio-nextcloud:php{version}-latest-arm64` |
 
 
 
- - e.g. `nextcloud/aio-nextcloud:php8.0-latest` or `nextcloud/aio-nextcloud:php8.0-latest-arm64`
+ - e.g. `ghcr.io/nextcloud-releases/aio-nextcloud:php8.0-latest` or `ghcr.io/nextcloud-releases/aio-nextcloud:php8.0-latest-arm64`
- - However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged)
+ - However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) and docker hub: https://hub.docker.com/r/nextcloud/aio-nextcloud/tags?name=php
  - Using nano and the arrow keys to navigate:
   - `sudo nano /tmp/nextcloud-aio-nextcloud` making changes as above, then `[Ctrl]+[o]` -> `[Enter]` and `[Ctrl]+[x]` to save and exit.
 6. Next, stop and remove the current container: 
@@ -94,8 +94,8 @@ Make **note** of the version which is compatible, rounding down to 1 digit after
  - In this example we would want php 8.1 since anything with 8.2 or above is incompatible
 
 ##### 5. Find the correct container version
-In general it should be ```nextcloud/aio-nextcloud:php8.x-latest-arm64``` or `nextcloud/aio-nextcloud:php8.x-latest` replacing `x` with the version you require.
+In general it should be ```ghcr.io/nextcloud-releases/aio-nextcloud:php8.x-latest-arm64``` or `ghcr.io/nextcloud-releases/aio-nextcloud:php8.x-latest` replacing `x` with the version you require.
-However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged)
+However, if you are unsure check the ghcr.io (https://github.com/nextcloud-releases/all-in-one/pkgs/container/aio-nextcloud/versions?filters%5Bversion_type%5D=tagged) and docker hub: https://hub.docker.com/r/nextcloud/aio-nextcloud/tags?name=php
 
 ##### 6. Replace the container
 - Navigate to the ```nextcloud-aio-nextcloud``` container within portainer

migration.md

@@ -57,9 +57,9 @@ The procedure for migrating the files and the database works like this:
     ```
     **Please note:** The exact name of the database export file is important! (`database-dump.sql`)<br>
     And of course you need to to use the correct name that the Postgresql database has for the export (if `$PG_DATABASE` doesn't work directly).
-1. At this point, you can finally install Nextcloud AIO on a new server/linux installation, enter your domain in the AIO interface (use the same domain that you used on your former installation) and wait until all containers are running. Then you should check the included Nextcloud version by running `sudo docker inspect nextcloud-aio-nextcloud | grep NEXTCLOUD_VERSION`. Also install all apps via the apps management site that were installed on the old Nextcloud installation. Otherwise they will show as installed, but will not work.
+1. At this point, you can finally install Nextcloud AIO on a new server/linux installation, enter your domain in the AIO interface (use the same domain that you used on your former installation) and wait until all containers are running. Then you should check the included Nextcloud version by running `sudo docker inspect nextcloud-aio-nextcloud | grep NEXTCLOUD_VERSION`. On the AIO interface, use the passphrase to connect to your newly created Nextcloud instance's admin account. There, install all the Nextcloud apps that were installed on the old Nextcloud installation. If you don't, the migration will show them as installed, but they won't work.
-1. Next, take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again) (Note: this will stop all containers and is expected: don't start the container again at this point!)
+1. Next, take a backup using Nextcloud AIO's built-in backup solution (so that you can easily restore to this state again). Once finished, all containers are automatically stopped and is expected: **don't start the container again at this point!**
-1. Now, we are slowly starting to import your files and database. First, you need to modify the datadirectory that is stored inside the database export:
+1. Now, with the containers still stopped, we are slowly starting to import your files and database. First, you need to modify the datadirectory that is stored inside the database export:
     1. Find out what the directory of your old Nextcloud installation is by e.g. opening the config.php file and looking at the value `datadirectory`.
     1. Now, create a copy of the database file so that you can simply restore it if you should make a mistake while editing: `cp database-dump.sql database-dump.sql.backup`
     1. Next, open the database export with e.g. nano: `nano database-dump.sql`
@@ -81,7 +81,6 @@ The same applies for the second statement, check with `grep " OWNER TO nextcloud
 1. Next, run `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chown -R 33:0 /mnt/ncdata/` and `sudo docker run --rm --volume nextcloud_aio_nextcloud_data:/mnt/ncdata:rw alpine chmod -R 750 /mnt/ncdata/` to apply the correct permissions on the datadirectory. (Or if `NEXTCLOUD_DATADIR` was provided, apply `chown -R 33:0` and `chmod -R 750` to the chosen path.)
 1. Edit the Nextcloud AIO config.php file using `sudo docker run -it --rm --volume nextcloud_aio_nextcloud:/var/www/html:rw alpine sh -c "apk add --no-cache nano && nano /var/www/html/config/config.php"` and modify only `passwordsalt`, `secret`, `instanceid` and set it to the old values that you used on your old installation. If you are brave, feel free to modify further values e.g. add your old LDAP config or S3 storage config. (Some things like Mail server config can be added back using Nextcloud's webinterface later on).
 1. When you are done and saved your changes to the file, finally start the containers again and wait until all containers are running.
-1. As last step, install all apps again that were installed before on your old instance by using the webinterface.
 
 Now the whole Nextcloud instance should work again.<br>
 If not, feel free to restore the AIO instance from backup and start at step 8 again.

nextcloud-aio-helm-chart/Chart.yaml

@@ -1,6 +1,6 @@
 name: nextcloud-aio-helm-chart
 description: A generated Helm Chart for Nextcloud AIO from Skippbox Kompose
-version: 10.10.0
+version: 11.1.0
 apiVersion: v2
 keywords:
   - latest

nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-deployment.yaml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-apache
     spec:
@@ -61,7 +61,7 @@ spec:
               value: "{{ .Values.TIMEZONE }}"
             - name: WHITEBOARD_HOST
               value: nextcloud-aio-whiteboard
-          image: ghcr.io/nextcloud-releases/aio-apache:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-apache:20250619_082329
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-apache-service.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-apache
   name: nextcloud-aio-apache

nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-deployment.yaml

@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav
@@ -18,7 +18,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-clamav
     spec:
@@ -36,7 +36,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: "alpine:3.20"
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329
           command:
             - mkdir
             - "-p"
@@ -59,7 +59,7 @@ spec:
               value: "{{ .Values.NEXTCLOUD_UPLOAD_LIMIT }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-clamav:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-clamav:20250619_082329
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-clamav-service.yaml

@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-clamav
   name: nextcloud-aio-clamav

nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-deployment.yaml

@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-collabora
     spec:
@@ -35,7 +35,7 @@ spec:
               value: --o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true --o:remote_font_config.url=https://{{ .Values.NC_DOMAIN }}/apps/richdocuments/settings/fonts.json --o:net.post_allow.host[0]=.+
             - name: server_name
               value: "{{ .Values.NC_DOMAIN }}"
-          image: ghcr.io/nextcloud-releases/aio-collabora:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-collabora:20250619_082329
           readinessProbe:
             exec:
               command:
@@ -61,4 +61,5 @@ spec:
               add:
                 - MKNOD
                 - CAP_SYS_ADMIN
+                - CHOWN
 {{- end }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-collabora-service.yaml

@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-collabora
   name: nextcloud-aio-collabora

nextcloud-aio-helm-chart/templates/nextcloud-aio-database-deployment.yaml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-database
     spec:
@@ -35,7 +35,7 @@ spec:
         {{- end }}
       initContainers:
         - name: init-subpath
-          image: "alpine:3.20"
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329
           command:
             - mkdir
             - "-p"
@@ -64,7 +64,7 @@ spec:
               value: nextcloud
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-postgresql:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-postgresql:20250619_082329
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-database-service.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-database
   name: nextcloud-aio-database

nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-deployment.yaml

@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch
@@ -18,13 +18,13 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-fulltextsearch
     spec:
       initContainers:
         - name: init-volumes
-          image: "alpine:3.20"
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329
           command:
             - chmod
             - "777"
@@ -54,7 +54,7 @@ spec:
               value: basic
             - name: xpack.security.enabled
               value: "false"
-          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-fulltextsearch:20250619_082329
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-fulltextsearch-service.yaml

@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-fulltextsearch
   name: nextcloud-aio-fulltextsearch

nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-deployment.yaml

@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-imaginary
     spec:
@@ -38,7 +38,7 @@ spec:
               value: "{{ .Values.IMAGINARY_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-imaginary:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-imaginary:20250619_082329
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-imaginary-service.yaml

@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-imaginary
   name: nextcloud-aio-imaginary

nextcloud-aio-helm-chart/templates/nextcloud-aio-namespace-namespace.yaml

@@ -4,4 +4,8 @@ kind: Namespace
 metadata:
   name: "{{ .Values.NAMESPACE }}"
   namespace: "{{ .Values.NAMESPACE }}"
+  {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
+  labels:
+    pod-security.kubernetes.io/enforce: restricted
+  {{- end }}
 {{- end }}

nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml

@@ -6,7 +6,9 @@ metadata:
   name: nextcloud-aio-nextcloud-data
   namespace: "{{ .Values.NAMESPACE }}"
 spec:
-  {{- if .Values.STORAGE_CLASS }}
+  {{- if .Values.STORAGE_CLASS_DATA }}
+  storageClassName: {{ .Values.STORAGE_CLASS_DATA }}
+  {{- else if .Values.STORAGE_CLASS }}
   storageClassName: {{ .Values.STORAGE_CLASS }}
   {{- end }}
   accessModes:

nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-nextcloud
     spec:
@@ -38,7 +38,7 @@ spec:
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: "alpine:3.20"
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329
           command:
             - chmod
             - "777"
@@ -81,7 +81,7 @@ spec:
             - name: NEXTCLOUD_DEFAULT_QUOTA
               value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}"
             - name: NEXTCLOUD_SKELETON_DIRECTORY
-              value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY | default "" }}"
+              value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY }}"
             - name: NEXTCLOUD_MAINTENANCE_WINDOW
               value: "{{ .Values.NEXTCLOUD_MAINTENANCE_WINDOW }}"
             - name: ADDITIONAL_APKS
@@ -182,7 +182,7 @@ spec:
               value: "{{ .Values.WHITEBOARD_ENABLED }}"
             - name: WHITEBOARD_SECRET
               value: "{{ .Values.WHITEBOARD_SECRET }}"
-          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-nextcloud:20250619_082329
           {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }} # AIO-config - do not change this comment!
           securityContext:
             # The items below only work in container context

nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-service.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-nextcloud
   name: nextcloud-aio-nextcloud

nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-deployment.yaml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-notify-push
     spec:
@@ -55,7 +55,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-notify-push:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-notify-push:20250619_082329
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-notify-push-service.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-notify-push
   name: nextcloud-aio-notify-push

nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-deployment.yaml

@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice
@@ -18,13 +18,13 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-onlyoffice
     spec:
       initContainers:
         - name: init-volumes
-          image: "alpine:3.20"
+          image: ghcr.io/nextcloud-releases/aio-alpine:20250619_082329
           command:
             - chmod
             - "777"
@@ -42,7 +42,7 @@ spec:
               value: "{{ .Values.ONLYOFFICE_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-onlyoffice:20250619_082329
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-onlyoffice-service.yaml

@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-onlyoffice
   name: nextcloud-aio-onlyoffice

nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-deployment.yaml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis
@@ -17,7 +17,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-redis
     spec:
@@ -39,7 +39,7 @@ spec:
               value: "{{ .Values.REDIS_PASSWORD }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-redis:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-redis:20250619_082329
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-redis-service.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-redis
   name: nextcloud-aio-redis

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-deployment.yaml

@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-talk
     spec:
@@ -52,7 +52,7 @@ spec:
               value: "{{ .Values.TURN_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-talk:20250619_082329
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-deployment.yaml

@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording
@@ -18,7 +18,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-talk-recording
     spec:
@@ -44,7 +44,7 @@ spec:
               value: "{{ .Values.RECORDING_SECRET }}"
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-talk-recording:20250619_082329
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-recording-service.yaml

@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-talk-recording
   name: nextcloud-aio-talk-recording

nextcloud-aio-helm-chart/templates/nextcloud-aio-talk-service.yaml

@@ -4,7 +4,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk-public
@@ -28,7 +28,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-talk
   name: nextcloud-aio-talk

nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-deployment.yaml

@@ -3,7 +3,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-whiteboard
   name: nextcloud-aio-whiteboard
@@ -16,7 +16,7 @@ spec:
   template:
     metadata:
       annotations:
-        kompose.version: 1.35.0 (9532ceef3)
+        kompose.version: 1.36.0 (ae2a39403)
       labels:
         io.kompose.service: nextcloud-aio-whiteboard
     spec:
@@ -48,7 +48,7 @@ spec:
               value: redis
             - name: TZ
               value: "{{ .Values.TIMEZONE }}"
-          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250331_082515
+          image: ghcr.io/nextcloud-releases/aio-whiteboard:20250619_082329
           readinessProbe:
             exec:
               command:

nextcloud-aio-helm-chart/templates/nextcloud-aio-whiteboard-service.yaml

@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   annotations:
-    kompose.version: 1.35.0 (9532ceef3)
+    kompose.version: 1.36.0 (ae2a39403)
   labels:
     io.kompose.service: nextcloud-aio-whiteboard
   name: nextcloud-aio-whiteboard

nextcloud-aio-helm-chart/update-helm.sh

@@ -27,7 +27,7 @@ cp latest.yml latest.yml.backup
 
 # Additional config
 # shellcheck disable=SC1083
-sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml
+sed -i -E '/^( *- )(NET_RAW|SYS_NICE|MKNOD|SYS_ADMIN|CHOWN)$/!s/( *- )([A-Z_]+)$/\1\2=${\2}/' latest.yml
 cp sample.conf /tmp/
 sed -i 's|^|export |' /tmp/sample.conf
 # shellcheck disable=SC1091
@@ -72,7 +72,7 @@ find ./ -name '*networkpolicy.yaml' -exec sed -i "s|manual-install-nextcloud-aio
 cat << EOL > /tmp/initcontainers
       initContainers:
         - name: init-volumes
-          image: "ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG"
+          image: ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG
           command:
             - chmod
             - "777"
@@ -81,7 +81,7 @@ EOL
 cat << EOL > /tmp/initcontainers.database
       initContainers:
         - name: init-subpath
-          image: "ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG"
+          image: ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG
           command:
             - mkdir
             - "-p"
@@ -94,7 +94,7 @@ EOL
 cat << EOL > /tmp/initcontainers.clamav
       initContainers:
         - name: init-subpath
-          image: "ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG"
+          image: ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG
           command:
             - mkdir
             - "-p"
@@ -108,7 +108,7 @@ cat << EOL > /tmp/initcontainers.nextcloud
 # AIO settings start # Do not remove or change this line!
       initContainers:
         - name: init-volumes
-          image: "ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG"
+          image: ghcr.io/nextcloud-releases/aio-alpine:$DOCKER_TAG
           command:
             - chmod
             - "777"
@@ -222,6 +222,10 @@ find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ sto
 # shellcheck disable=SC1083
 find ./ -name '*persistentvolumeclaim.yaml' -exec sed -i "/accessModes:/i\ \ {{- end }}" \{} \; 
 # shellcheck disable=SC1083
+find ./ -name 'nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml' -exec sed -i "/{{- if .Values.STORAGE_CLASS }}/i\  {{- if .Values.STORAGE_CLASS_DATA }}\n  storageClassName: {{ .Values.STORAGE_CLASS_DATA }}" \{} \;
+# shellcheck disable=SC1083
+find ./ -name 'nextcloud-aio-nextcloud-data-persistentvolumeclaim.yaml' -exec sed -i "s/{{- if .Values.STORAGE_CLASS }}/{{- else if .Values.STORAGE_CLASS }}/" \{} \;
+# shellcheck disable=SC1083
 find ./ -name '*deployment.yaml' -exec sed -i "/restartPolicy:/d" \{} \;  
 # shellcheck disable=SC1083
 find ./ -name '*apache*' -exec sed -i "s|$APACHE_PORT|{{ .Values.APACHE_PORT }}|" \{} \;
@@ -259,6 +263,15 @@ find ./ \( -not -name '*service.yaml' -name '*.yaml' \) -exec sed -i "/^status:/
 find ./ \( -not -name '*persistentvolumeclaim.yaml' -name '*.yaml' \) -exec sed -i "/resources:/d" \{} \; 
 # shellcheck disable=SC1083
 find ./ -name "*namespace.yaml" -exec sed -i "1i\\{{- if and \(ne .Values.NAMESPACE \"default\"\) \(ne .Values.NAMESPACE_DISABLED \"yes\"\) }}" \{} \; 
+# Additional config
+cat << EOL > /tmp/additional-namespace.config
+  {{- if eq (.Values.RPSS_ENABLED | default "no") "yes" }}
+  labels:
+    pod-security.kubernetes.io/enforce: restricted
+  {{- end }}
+EOL
+# shellcheck disable=SC1083
+find ./ -name "*namespace.yaml" -exec sed -i "/namespace.*/r /tmp/additional-namespace.config"  \{} \;
 # shellcheck disable=SC1083
 find ./ -name "*namespace.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
 # shellcheck disable=SC1083
@@ -303,7 +316,7 @@ cat << EOL > /tmp/additional.config
             - name: NEXTCLOUD_DEFAULT_QUOTA
               value: "{{ .Values.NEXTCLOUD_DEFAULT_QUOTA }}"
             - name: NEXTCLOUD_SKELETON_DIRECTORY
-              value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY | default "" }}"
+              value: "{{ .Values.NEXTCLOUD_SKELETON_DIRECTORY }}"
             - name: NEXTCLOUD_MAINTENANCE_WINDOW
               value: "{{ .Values.NEXTCLOUD_MAINTENANCE_WINDOW }}"
 EOL
@@ -397,7 +410,8 @@ sed -i 's|17179869184|"17179869184"|' /tmp/sample.conf
 # shellcheck disable=SC2129
 echo "" >> /tmp/sample.conf
 # shellcheck disable=SC2129
-echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes' >> /tmp/sample.conf
+echo 'STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage!' >> /tmp/sample.conf
+echo 'STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. ⚠️ Warning: only set this for new installations, not existing ones!' >> /tmp/sample.conf
 for variable in "${VOLUME_VARIABLE[@]}"; do
     echo "$variable: 1Gi       # You can change the size of the $(echo "$variable" | sed 's|_STORAGE_SIZE||;s|_|-|g' | tr '[:upper:]' '[:lower:]') volume that default to 1Gi with this value" >> /tmp/sample.conf
 done

nextcloud-aio-helm-chart/values.yaml

@@ -38,7 +38,8 @@ REMOVE_DISABLED_APPS: yes        # Setting this to no keep Nextcloud apps that a
 TALK_PORT: 3478          # This allows to adjust the port that the talk container is using. It should be set to something higher than 1024! Otherwise it might not work!
 UPDATE_NEXTCLOUD_APPS: no          # When setting to yes (with quotes), it will automatically update all installed Nextcloud apps upon container startup on saturdays.
 
-STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes
+STORAGE_CLASS:        # By setting this, you can adjust the storage class for your volumes. This should be a fast storage like SSD backed storage!
+STORAGE_CLASS_DATA:        # Allows to set a dedicated storage class for the Nextcloud data volume. This can be a bit slower storage than the one above. ⚠️ Warning: only set this for new installations, not existing ones!
 APACHE_STORAGE_SIZE: 1Gi       # You can change the size of the apache volume that default to 1Gi with this value
 CLAMAV_STORAGE_SIZE: 1Gi       # You can change the size of the clamav volume that default to 1Gi with this value
 DATABASE_STORAGE_SIZE: 1Gi       # You can change the size of the database volume that default to 1Gi with this value

php/composer.json

@@ -5,7 +5,7 @@
 		}
 	},
 	"require": {
-		"php": "8.3.*",
+		"php": "8.4.*",
 		"ext-json": "*",
 		"ext-sodium": "*",
 		"ext-curl": "*",
@@ -20,7 +20,7 @@
 	},
 	"require-dev": {
 		"sserbin/twig-linter": "@dev",
-		"vimeo/psalm": "^5.25",
+		"vimeo/psalm": "^6.0",
 		"wapmorgan/php-deprecation-detector": "dev-master"
 	},
 	"scripts": {
@@ -33,6 +33,6 @@
 		"psalm:strict": "psalm --threads=1 --show-info=true",
 		"lint": "php -l src/*.php src/**/*.php public/index.php",
 		"lint:twig": "twig-linter lint ./templates",
-		"php-deprecation-detector": "phpdd scan -n -t 8.3 src/*.php src/**/*.php public/index.php"
+		"php-deprecation-detector": "phpdd scan -n -t 8.4 src/*.php src/**/*.php public/index.php"
 	}
 }

php/containers.json

@@ -393,7 +393,8 @@
       ],
       "cap_add": [
         "MKNOD",
-        "SYS_ADMIN"
+        "SYS_ADMIN",
+        "CHOWN"
       ],
       "cap_drop": [
         "NET_RAW"

php/psalm-baseline.xml

@@ -1,2 +1,64 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="5.26.1@d747f6500b38ac4f7dfc5edbcae6e4b637d7add0"/>
+<files psalm-version="6.12.0@cf420941d061a57050b6c468ef2c778faf40aee2">
+  <file src="src/ContainerDefinitionFetcher.php">
+    <PossiblyFalseArgument>
+      <code><![CDATA[file_get_contents($path)]]></code>
+      <code><![CDATA[file_get_contents(__DIR__ . '/../containers.json')]]></code>
+    </PossiblyFalseArgument>
+  </file>
+  <file src="src/Controller/DockerController.php">
+    <InvalidOperand>
+      <code><![CDATA[$port]]></code>
+    </InvalidOperand>
+  </file>
+  <file src="src/Data/ConfigurationManager.php">
+    <FalsableReturnStatement>
+      <code><![CDATA[$additionalBackupDirectories]]></code>
+    </FalsableReturnStatement>
+    <InvalidFalsableReturnType>
+      <code><![CDATA[string]]></code>
+    </InvalidFalsableReturnType>
+    <PossiblyFalseArgument>
+      <code><![CDATA[$ch]]></code>
+      <code><![CDATA[$ch]]></code>
+      <code><![CDATA[$ch]]></code>
+      <code><![CDATA[$ch]]></code>
+      <code><![CDATA[$ch]]></code>
+      <code><![CDATA[$ch]]></code>
+      <code><![CDATA[$configContent]]></code>
+      <code><![CDATA[$content]]></code>
+      <code><![CDATA[$content]]></code>
+      <code><![CDATA[$dailyBackupFile]]></code>
+      <code><![CDATA[$dailyBackupFile]]></code>
+      <code><![CDATA[file_get_contents(DataConst::GetBackupPublicKey())]]></code>
+    </PossiblyFalseArgument>
+  </file>
+  <file src="src/Data/DataConst.php">
+    <FalsableReturnStatement>
+      <code><![CDATA[realpath(__DIR__ . '/../../../community-containers/')]]></code>
+      <code><![CDATA[realpath(__DIR__ . '/../../data/')]]></code>
+      <code><![CDATA[realpath(__DIR__ . '/../../session/')]]></code>
+    </FalsableReturnStatement>
+    <InvalidFalsableReturnType>
+      <code><![CDATA[string]]></code>
+      <code><![CDATA[string]]></code>
+      <code><![CDATA[string]]></code>
+    </InvalidFalsableReturnType>
+  </file>
+  <file src="src/Docker/DockerActionManager.php">
+    <PossiblyFalseArgument>
+      <code><![CDATA[$line]]></code>
+      <code><![CDATA[$line]]></code>
+    </PossiblyFalseArgument>
+  </file>
+  <file src="src/Twig/ClassExtension.php">
+    <MissingOverrideAttribute>
+      <code><![CDATA[public function getFunctions() : array]]></code>
+    </MissingOverrideAttribute>
+  </file>
+  <file src="src/Twig/CsrfExtension.php">
+    <MissingOverrideAttribute>
+      <code><![CDATA[public function getGlobals() : array]]></code>
+    </MissingOverrideAttribute>
+  </file>
+</files>

php/psalm.xml

@@ -5,6 +5,7 @@
 	xsi:schemaLocation="https://getpsalm.org/schema/config vendor/vimeo/psalm/config.xsd"
 	errorBaseline="psalm-baseline.xml"
 	findUnusedBaselineEntry="true"
+	findUnusedCode="false"
 >
 	<projectFiles>
 		<directory name="templates"/>
@@ -18,5 +19,6 @@
 		<directory name="vendor" />
 	</extraFiles>
 	<issueHandlers>
+  		<ClassMustBeFinal errorLevel="suppress" />
 	</issueHandlers>
 </psalm>

php/public/containers-form-submit.js

@@ -0,0 +1,88 @@
+document.addEventListener("DOMContentLoaded", function () {
+    // Hide submit button initially
+    const optionsFormSubmit = document.getElementById("options-form-submit");
+    optionsFormSubmit.style.display = 'none';
+
+    const communityFormSubmit = document.getElementById("community-form-submit");
+    communityFormSubmit.style.display = 'none';
+
+    // Store initial states for all checkboxes
+    const initialStateOptionsContainers = {};
+    const initialStateCommunityContainers = {};
+    const optionsContainersCheckboxes = document.querySelectorAll("#options-form input[type='checkbox']");
+    const communityContainersCheckboxes = document.querySelectorAll("#community-form input[type='checkbox']");
+
+    optionsContainersCheckboxes.forEach(checkbox => {
+        initialStateOptionsContainers[checkbox.id] = checkbox.checked;  // Use checked property to capture actual initial state
+    });
+
+    communityContainersCheckboxes.forEach(checkbox => {
+        initialStateCommunityContainers[checkbox.id] = checkbox.checked;  // Use checked property to capture actual initial state
+    });
+
+    // Function to compare current states to initial states
+    function checkForOptionContainerChanges() {
+        let hasChanges = false;
+
+        optionsContainersCheckboxes.forEach(checkbox => {
+            if (checkbox.checked !== initialStateOptionsContainers[checkbox.id]) {
+                hasChanges = true;
+            }
+        });
+
+        // Show or hide submit button based on changes
+        optionsFormSubmit.style.display = hasChanges ? 'block' : 'none';
+    }
+
+    // Function to compare current states to initial states
+    function checkForCommunityContainerChanges() {
+        let hasChanges = false;
+
+        communityContainersCheckboxes.forEach(checkbox => {
+            if (checkbox.checked !== initialStateCommunityContainers[checkbox.id]) {
+                hasChanges = true;
+            }
+        });
+
+        // Show or hide submit button based on changes
+        communityFormSubmit.style.display = hasChanges ? 'block' : 'none';
+    }
+
+    // Event listener to trigger visibility check on each change
+    optionsContainersCheckboxes.forEach(checkbox => {
+        checkbox.addEventListener("change", checkForOptionContainerChanges);
+    });
+
+    communityContainersCheckboxes.forEach(checkbox => {
+        checkbox.addEventListener("change", checkForCommunityContainerChanges);
+    });
+
+    // Custom behaviors for specific options
+    function handleTalkVisibility() {
+        const talkRecording = document.getElementById("talk-recording");
+        if (document.getElementById("talk").checked) {
+            talkRecording.disabled = false;
+        } else {
+            talkRecording.checked = false;
+            talkRecording.disabled = true;
+        }
+        checkForOptionContainerChanges();  // Check changes after toggling Talk Recording
+    }
+
+    function handleDockerSocketProxyWarning() {
+        if (document.getElementById("docker-socket-proxy").checked) {
+            alert('⚠️ Warning! Enabling this container comes with possible Security problems since you are exposing the docker socket and all its privileges to the Nextcloud container. Enable this only if you are sure what you are doing!');
+        }
+    }
+
+    // Initialize event listeners for specific behaviors
+    document.getElementById("talk").addEventListener('change', handleTalkVisibility);
+    document.getElementById("docker-socket-proxy").addEventListener('change', handleDockerSocketProxyWarning);
+
+    // Initialize talk-recording visibility on page load
+    handleTalkVisibility();  // Ensure talk-recording is correctly initialized
+
+    // Initial call to check for changes
+    checkForOptionContainerChanges();
+    checkForCommunityContainerChanges();
+});

php/public/index.php

@@ -129,6 +129,8 @@ $app->get('/containers', function (Request $request, Response $response, array $
         'is_talk_recording_enabled' => $configurationManager->isTalkRecordingEnabled(),
         'is_docker_socket_proxy_enabled' => $configurationManager->isDockerSocketProxyEnabled(),
         'is_whiteboard_enabled' => $configurationManager->isWhiteboardEnabled(),
+        'community_containers' => $configurationManager->listAvailableCommunityContainers(),
+        'community_containers_enabled' => $configurationManager->GetEnabledCommunityContainers(),
     ]);
 })->setName('profile');
 $app->get('/login', function (Request $request, Response $response, array $args) use ($container) {

php/public/options-form-submit.js

@@ -1,60 +0,0 @@
-document.addEventListener("DOMContentLoaded", function () {
-    // Hide submit button initially
-    const optionsFormSubmit = document.getElementById("options-form-submit");
-    optionsFormSubmit.style.display = 'none';
-
-    // Store initial states for all checkboxes
-    const initialState = {};
-    const checkboxes = document.querySelectorAll("#options-form input[type='checkbox']");
-
-    checkboxes.forEach(checkbox => {
-        initialState[checkbox.id] = checkbox.checked;  // Use checked property to capture actual initial state
-    });
-
-    // Function to compare current states to initial states
-    function checkForChanges() {
-        let hasChanges = false;
-        
-        checkboxes.forEach(checkbox => {
-            if (checkbox.checked !== initialState[checkbox.id]) {
-                hasChanges = true;
-            }
-        });
-
-        // Show or hide submit button based on changes
-        optionsFormSubmit.style.display = hasChanges ? 'block' : 'none';
-    }
-
-    // Event listener to trigger visibility check on each change
-    checkboxes.forEach(checkbox => {
-        checkbox.addEventListener("change", checkForChanges);
-    });
-
-    // Custom behaviors for specific options
-    function handleTalkVisibility() {
-        const talkRecording = document.getElementById("talk-recording");
-        if (document.getElementById("talk").checked) {
-            talkRecording.disabled = false;
-        } else {
-            talkRecording.checked = false;
-            talkRecording.disabled = true;
-        }
-        checkForChanges();  // Check changes after toggling Talk Recording
-    }
-
-    function handleDockerSocketProxyWarning() {
-        if (document.getElementById("docker-socket-proxy").checked) {
-            alert('⚠️ Warning! Enabling this container comes with possible Security problems since you are exposing the docker socket and all its privileges to the Nextcloud container. Enable this only if you are sure what you are doing!');
-        }
-    }
-
-    // Initialize event listeners for specific behaviors
-    document.getElementById("talk").addEventListener('change', handleTalkVisibility);
-    document.getElementById("docker-socket-proxy").addEventListener('change', handleDockerSocketProxyWarning);
-
-    // Initialize talk-recording visibility on page load
-    handleTalkVisibility();  // Ensure talk-recording is correctly initialized
-
-    // Initial call to check for changes
-    checkForChanges();
-});

php/public/style.css

@@ -349,6 +349,7 @@ main {
     word-break: break-word;
     max-width: calc(var(--max-width) + calc(var(--main-padding) * 2));
     margin: 0 auto;
+    padding-bottom: var(--main-padding);
 }
 
 .logo {

php/src/Controller/ConfigurationController.php

@@ -15,7 +15,7 @@ readonly class ConfigurationController {
     ) {
     }
 
-    public function SetConfig(Request $request, Response $response, array $args) : Response {
+    public function SetConfig(Request $request, Response $response, array $args): Response {
         try {
             if (isset($request->getParsedBody()['domain'])) {
                 $domain = $request->getParsedBody()['domain'] ?? '';
@@ -125,6 +125,20 @@ readonly class ConfigurationController {
                 }
             }
 
+            if (isset($request->getParsedBody()['community-form'])) {
+                $cc = $this->configurationManager->listAvailableCommunityContainers();
+                $enabledCC = [];
+                /**
+                 * @psalm-suppress PossiblyNullIterator
+                 */
+                foreach ($request->getParsedBody() as $item) {
+                    if (array_key_exists($item , $cc)) {
+                        $enabledCC[] = $item;
+                    }
+                }
+                $this->configurationManager->SetEnabledCommunityContainers($enabledCC);
+            }
+
             if (isset($request->getParsedBody()['delete_collabora_dictionaries'])) {
                 $this->configurationManager->DeleteCollaboraDictionaries();
             }

php/src/Controller/DockerController.php

@@ -62,7 +62,11 @@ readonly class DockerController {
 
     public function GetLogs(Request $request, Response $response, array $args) : Response
     {
-        $id = $request->getQueryParams()['id'];
+        $requestParams = $request->getQueryParams();
+        $id = '';
+        if (isset($requestParams['id']) && is_string($requestParams['id'])) {
+            $id = $requestParams['id'];
+        }
         if (str_starts_with($id, 'nextcloud-aio-')) {
             $logs = $this->dockerActionManager->GetLogs($id);
         } else {

php/src/Data/ConfigurationManager.php

@@ -1008,16 +1008,61 @@ class ConfigurationManager
     }
 
     private function GetCommunityContainers() : string {
-        $envVariableName = 'AIO_COMMUNITY_CONTAINERS';
+        $config = $this->GetConfig();
-        $configName = 'aio_community_containers';
+        if(!isset($config['aio_community_containers'])) {
-        $defaultValue = '';
+            $config['aio_community_containers'] = '';
-        return $this->GetEnvironmentalVariableOrConfig($envVariableName, $configName, $defaultValue);
+        }
+
+        return $config['aio_community_containers'];
     }
 
-    public function GetEnabledCommunityContainers() : array {
+
+    public function listAvailableCommunityContainers() : array {
+        $cc = [];
+        $dir = scandir(DataConst::GetCommunityContainersDirectory());
+        if ($dir === false) {
+            return $cc;
+        }
+        // Get rid of dots from the scandir command
+        $dir = array_diff($dir, array('..', '.', 'readme.md'));
+        foreach ($dir as $id) {
+            $filePath = DataConst::GetCommunityContainersDirectory() . '/' . $id . '/' . $id . '.json';
+            $fileContents = apcu_fetch($filePath);
+            if (!is_string($fileContents)) {
+                $fileContents = file_get_contents($filePath);
+                if (is_string($fileContents)) {
+                    apcu_add($filePath, $fileContents);
+                }
+            } 
+            $json = is_string($fileContents) ? json_decode($fileContents, true) : false;
+            if(is_array($json) && is_array($json['aio_services_v1'])) {
+                foreach ($json['aio_services_v1'] as $service) {
+                    $documentation = is_string($service['documentation']) ? $service['documentation'] : '';
+                    if (is_string($service['display_name'])) {
+                        $cc[$id] = [ 
+                            'id' => $id,
+                            'name' => $service['display_name'],
+                            'documentation' => $documentation
+                        ];
+                    }
+                    break;
+                }
+            }
+        }
+        return $cc;
+    }
+
+    /** @return list<string> */
+    public function GetEnabledCommunityContainers(): array {
         return explode(' ', $this->GetCommunityContainers());
     }
 
+    public function SetEnabledCommunityContainers(array $enabledCommunityContainers) : void {
+        $config = $this->GetConfig();
+        $config['aio_community_containers'] = implode(' ', $enabledCommunityContainers);
+        $this->WriteConfig($config);
+    }
+
     private function GetEnabledDriDevice() : string {
         $envVariableName = 'NEXTCLOUD_ENABLE_DRI_DEVICE';
         $configName = 'nextcloud_enable_dri_device';

php/src/Docker/DockerActionManager.php

@@ -1030,8 +1030,8 @@ readonly class DockerActionManager {
         return false;
     }
 
-    private function GetCreatedTimeOfNextcloudImage(): ?string {
+    private function GetCreatedTimeOfNextcloudImage(string $imageName): ?string {
-        $imageName = 'nextcloud/aio-nextcloud' . ':' . $this->GetCurrentChannel();
+        $imageName = $imageName . ':' . $this->GetCurrentChannel();
         try {
             $imageUrl = $this->BuildApiUrl(sprintf('images/%s/json', $imageName));
             $imageOutput = json_decode($this->guzzleClient->get($imageUrl)->getBody()->getContents(), true);
@@ -1052,7 +1052,11 @@ readonly class DockerActionManager {
     }
 
     public function isNextcloudImageOutdated(): bool {
-        $createdTime = $this->GetCreatedTimeOfNextcloudImage();
+        $createdTime = $this->GetCreatedTimeOfNextcloudImage('ghcr.io/nextcloud-releases/aio-nextcloud');
+
+        if ($createdTime === null) {
+            $createdTime = $this->GetCreatedTimeOfNextcloudImage('nextcloud/aio-nextcloud');
+        }
 
         if ($createdTime === null) {
             return false;

php/templates/containers.twig

@@ -17,7 +17,7 @@
 
     <div class="container">
         <main>
-            <h1>Nextcloud AIO v10.11.0</h1>
+            <h1>Nextcloud AIO v11.1.0</h1>
 
             {# Add 2nd tab warning #}
             <script type="text/javascript" src="second-tab-warning.js"></script>
@@ -25,6 +25,9 @@
             {# timezone-prefill #}
             <script type="text/javascript" src="timezone.js"></script>
 
+            {# js for optional containers and additional containers forms #}
+            <script type="text/javascript" src="containers-form-submit.js?v4"></script>
+
             {% set hasBackupLocation = borg_backup_host_location or borg_remote_repo %}
             {% set isAnyRunning = false %}
             {% set isAnyRestarting = false %}
@@ -33,7 +36,7 @@
             {% set isBackupOrRestoreRunning = false %}
             {% set isApacheStarting = false %}
             {# Setting newMajorVersion to '' will hide corresponding options/elements, can be set to an integer like 26 in order to show corresponding elements. If set, also increase installLatestMajor in https://github.com/nextcloud/all-in-one/blob/main/php/src/Controller/DockerController.php #}
-            {% set newMajorVersion = 31 %}
+            {% set newMajorVersion = '' %}
 
             {% if is_backup_container_running == true %}
                 {% if borg_backup_mode == 'backup' or borg_backup_mode == 'restore' %}
@@ -101,7 +104,7 @@
                             {% else %}
                                 <p>AIO is currently in "reverse proxy mode" which means that it can be installed behind a web server or reverse proxy (like Apache, Nginx, Caddy, Cloudflare Tunnel and else) and does not do the TLS proxying itself.</p>
                             {% endif %}
-                            <p>Please type the domain that will be used for Nextcloud.</p>
+                            <p>Please type in the domain that will be used for Nextcloud and submit it.</p>
                             {% if skip_domain_validation == true %}
                                 <p><strong>Please note:</strong> The domain validation is disabled so any domain will be accepted here! Make sure you do not make a typo here as you will not be able to change it afterwards!</p>
                             {% endif %}
@@ -192,7 +195,7 @@
                                 <p>
                                 Please enter the location of the backup archive on your host or a
                                 <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url</a>
-                                if stored remotely; and the encryption password of the backup archive below:
+                                if stored remotely; and the encryption password of the backup archive below and submit all values:
                                 </p>
                                 <form method="POST" action="/api/configuration" class="xhr">
                                     <label>Local backup location</label> <input type="text" id="borg_restore_host_location" name="borg_restore_host_location" value="{{borg_backup_host_location}}" placeholder="/mnt/backup"/><br>
@@ -364,10 +367,10 @@
                         {% else %}
                             {% if is_backup_container_running == false and not hasBackupLocation and isApacheStarting != true %}
                                 <h2>Backup and restore</h2>
-                                <p>Please enter the directory path below where backups will be created on the host system. It's best to choose a location on a separate drive and not on your root drive.</p>
+                                <p>Please enter the directory path below where backups will be created on the host system and submit it. It's best to choose a location on a separate drive and not on your root drive.</p>
                                 <p>
                                 To store backups remotely instead, fill in the
-                                <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url</a>.
+                                <a target="_blank" href="https://borgbackup.readthedocs.io/en/stable/usage/general.html#repository-urls">remote borg repo url and submit it</a>.
                                 </p>
                                 <form method="POST" action="/api/configuration" class="xhr">
                                     <label>Local backup location</label> <input type="text" id="borg_backup_host_location" name="borg_backup_host_location" placeholder="/mnt/backup"/><br>
@@ -507,12 +510,12 @@
 
                                             <h3>Daily backup and automatic updates</h3>
                                             {% if daily_backup_time == "" %}
-                                                <p>By entering a time below, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <strong>04:00</strong> will create backups at 4 am UTC and <strong>16:00</strong> at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.</p>
+                                                <p>By entering a time below and submitting it, you can enable daily backups. It will create them at the entered time in 24h format. E.g. <strong>04:00</strong> will create backups at 4 am UTC and <strong>16:00</strong> at 4 pm UTC. When creating the backup, containers will be stopped and restarted after the backup is complete.</p>
                                                 <form method="POST" action="/api/configuration" class="xhr">
-                                                    <input type="text" name="daily_backup_time" value="04:00" placeholder="04:00"/>
+                                                    <input type="text" name="daily_backup_time" placeholder="04:00"/>
                                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                                    <input type="submit" value="Submit backup time" /><br>
+                                                    <input type="submit" value="Submit daily backup time and settings" /><br>
                                                     <input type="checkbox" id="automatic_updates" name="automatic_updates" checked="checked"><label for="automatic_updates">Automatically update all containers, the mastercontainer and on saturdays your Nextcloud apps</label><br>
                                                     <input type="checkbox" id="success_notification" name="success_notification" checked="checked"><label for="success_notification">Send notifications about successful backups (notifications about unsuccessful backups will always be sent)</label>
                                                 </form>
@@ -526,12 +529,12 @@
                                                     <input type="hidden" name="delete_daily_backup_time" value="yes"/>
                                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
                                                     <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
-                                                    <input type="submit" value="Disable or change daily backups" />
+                                                    <input type="submit" value="Disable or change daily backup settings" />
                                                 </form>
                                             {% endif %}
 
                                             <h3>Back up additional directories and docker volumes of your host</h3>
-                                            <p>Below you can enter directories and docker volumes of your host that will be backed up into the same borg backup archive.</p>
+                                            <p>Below you can enter directories and docker volumes of your host that will be backed up into the same borg backup archive. Make sure to press the submit button after changing anything.</p>
                                             <form method="POST" action="/api/configuration" class="xhr">
                                                 <textarea id="additional_backup_directories" name="additional_backup_directories" rows="4" cols="50" placeholder="/directory/on/the/host&#10;my_custom_docker_volume">{{ additional_backup_directories }}</textarea>
                                                 <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -584,7 +587,7 @@
                         {% else %}
                             {% if timezone == "" %}
                                 <p>To get the correct time values for certain Nextcloud features, set the timezone for Nextcloud to the one that your users mainly use. Please note that this setting does not apply to the mastercontainer and any backup option.</p>
-                                <p>You can configure the timezone for Nextcloud below:</p>
+                                <p>You can configure the timezone for Nextcloud below (Do not forget to submit the value!):</p>
                                 <form method="POST" action="/api/configuration" class="xhr">
                                     <input type="text" id="timezone" name="timezone" placeholder="Europe/Berlin" />
                                     <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
@@ -602,6 +605,7 @@
                                 </form>
                             {% endif %}
                         {% endif %}
+                        {{ include('includes/community-containers.twig') }}
                     {% endif %}
                 {% endif %}
             {% endif %}

php/templates/includes/aio-config.twig

@@ -16,7 +16,7 @@
 
     <p>
         {% if nextcloud_mount == '' %}
-            The Nextcloud container is confied and local external storage in Nextcloud is disabled.
+            The Nextcloud container is confined and local external storage in Nextcloud is disabled.
         {% else %}
             The Nextcloud container is getting access to the {{ nextcloud_mount }} directory and local external storage in Nextcloud is enabled.
         {% endif %}

php/templates/includes/community-containers.twig

@@ -0,0 +1,42 @@
+<h2>Community Containers</h2>
+<p>In this section you can enable or disable optional Community Containers that are not included by default in the main installation. These containers are provided by the community and can be useful for various purposes and are automatically integrated in AIOs backup solution and update mechanisms.</p>
+<p><strong>⚠️ Caution: </strong>Community Containers are maintained by the community and not officially by Nextcloud. Some containers may not be compatible with your system, may not work as expected or may discontinue. Use them at your own risk. Please read the documentation for each container first before adding any as some are also incompatible between each other! Never add all of them at the same time!</p>
+{% if isAnyRunning == true %}
+    <p><strong>Please note:</strong> You can enable or disable the options below only when your containers are stopped.</p>
+{% else %}
+    <p><strong>Please note:</strong> Make sure to save your changes by clicking <strong>Save changes</strong> below the list of Community Containers. The changes will not be auto-saved.</p>
+{% endif %}
+<details>
+    <summary>Show/Hide available Community Containers</summary>
+    <form id="community-form" method="POST" action="/api/configuration" class="xhr">
+        <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
+        <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
+        <input type="hidden" name="community-form" value="community-form">
+        {% for cc in community_containers %}
+            <p>
+                <input
+                    type="checkbox"
+                    id="{{ cc.id }}"
+                    value="{{ cc.id }}"
+                    name="{{ cc.id }}"
+                    {% if cc.id in community_containers_enabled %}
+                        checked="checked"
+                        data-initial-state="true"
+                    {% else %}
+                        data-initial-state="false"
+                    {% endif %}
+                    {% if isAnyRunning == true %}
+                        disabled="disabled"
+                    {% endif %}
+                >
+                <label for="{{ cc.id }}">{{ cc.name }} 
+                    {% if cc.documentation != '' %}
+                        <a href="{{ cc.documentation }}" target="_blank">(Documentation)</a>
+                    {% endif %}
+                </label>
+            </p>
+        {% endfor %}
+
+        <input id="community-form-submit" type="submit" value="Save changes" onclick="return confirm('Are you sure that you read the documentation of all community containers that you enabled? If no, please do not continue as this might break your instance!')" />
+    </form>
+</details>

php/templates/includes/optional-containers.twig

@@ -1,5 +1,5 @@
 <h2>Optional containers</h2>
-<p>In this section you can enable or disable optional containers. There are further community containers available that are not listed below. See <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers">this documentation</a></strong> how to add them.</p>
+<p>In this section you can enable or disable optional containers.</p>
 {% if isAnyRunning == true %}
     <p><strong>Please note:</strong> You can enable or disable the options below only when your containers are stopped.</p>
 {% else %}
@@ -143,7 +143,6 @@
         <label for="whiteboard">Whiteboard</label>
     </p>
     <input id="options-form-submit" type="submit" value="Save changes" />
-    <script type="text/javascript" src="options-form-submit.js?v3"></script>
 </form>
 <p><strong>Minimal system requirements:</strong> When any optional container is enabled, at least 2GB RAM, a dual-core CPU and 40GB system storage are required. When enabling ClamAV,  Nextcloud Talk Recording-server or Fulltextsearch, at least 3GB RAM are required. For Talk Recording-server additional 2 vCPUs are required. When enabling everything, at least 5GB RAM and a quad-core CPU are required. Recommended are at least 1GB more RAM than the minimal requirement. For further advice and recommendations see <strong><a target="_blank" href="https://github.com/nextcloud/all-in-one/discussions/1335">this documentation</a></strong></p>
 {% if isAnyRunning == true %}
@@ -184,14 +183,14 @@
 
     {% if collabora_additional_options == "" %}
         <p>You can configure additional options for collabora below.</p>
-        <p>(This can be used for configuring the net.content_security_policy and more)</p>
+        <p>(This can be used for configuring the net.content_security_policy and more. Make sure to submit the value!)</p>
         <form method="POST" action="/api/configuration" class="xhr">
             <input type="text" name="collabora_additional_options" />
             <input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
             <input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
             <input type="submit" value="Submit additional collabora options" />
         </form>
-        <p>You need to make sure that the options that you enter are valid. An example is <strong>--o:net.content_security_policy="frame-ancestors *.example.com:*;"</strong>.</p>
+        <p>You need to make sure that the options that you enter are valid. An example is <strong>--o:net.content_security_policy=frame-ancestors *.example.com:*;</strong>.</p>
     {% else %}
         <p>The additioinal options for Collabora are currently set to <strong>{{ collabora_additional_options }}</strong>. You can reset them again by clicking on the button below.</p>
         <form method="POST" action="/api/configuration" class="xhr">

php/templates/layout.twig

@@ -1,7 +1,7 @@
 <html>
     <head>
         <title>AIO</title>
-        <link rel="stylesheet" href="/style.css?v4" media="all" />
+        <link rel="stylesheet" href="/style.css?v5" media="all" />
         <link rel="icon" href="/img/favicon.png">
         <script type="text/javascript" src="forms.js"></script>
         <script type="text/javascript" src="toggle-dark-mode.js"></script>

php/tests/tests/restore-instance.spec.js

@@ -60,7 +60,7 @@ test('Restore instance', async ({ page: setupPage }) => {
   await containersPage.getByRole('button', { name: 'Check backup integrity' }).click();
   await expect(containersPage.getByRole('main')).toContainText('Last check successful!', { timeout: 5 * 60 * 1000 });
   await containersPage.getByRole('button', { name: 'Restore selected backup' }).click();
-  await expect(containersPage.getByRole('main')).toContainText('Backup container is currently running:');
+  await expect(containersPage.getByRole('main')).toContainText('Backup container is currently running:', { timeout: 1 * 60 * 1000 });
 
   // Verify a successful backup restore
   await expect(containersPage.getByRole('main')).toContainText('Last restore successful!', { timeout: 3 * 60 * 1000 });

readme.md

@@ -667,7 +667,7 @@ You can edit Nextclouds config.php file directly from the host with your favorit
 All users see a set of [default files and folders](https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/default_files_configuration.html) as dictated by Nextcloud's configuration.  To change these default files and folders a custom skeleton directory must first be created; this can be accomplished by copying your skeleton files `sudo docker cp --follow-link /path/to/nextcloud/skeleton/ nextcloud-aio-nextcloud:/mnt/ncdata/skeleton/`, applying the correct permissions with `sudo docker exec nextcloud-aio-nextcloud chown -R 33:0 /mnt/ncdata/skeleton/` and `sudo docker exec nextcloud-aio-nextcloud chmod -R 750 /mnt/ncdata/skeleton/` and setting the skeleton directory option with `sudo docker exec --user www-data -it nextcloud-aio-nextcloud php occ config:system:set skeletondirectory --value="/mnt/ncdata/skeleton"`.  Further information is available in the Nextcloud documentation on [configuration parameters for the skeleton directory](https://docs.nextcloud.com/server/stable/admin_manual/configuration_server/config_sample_php_parameters.html#skeletondirectory).
 
 ### How to adjust the version retention policy and trashbin retention policy?
-By default, AIO sets the `versions_retention_obligation` and `versions_retention_obligation` both to `auto, 30` which means that versions and items in the trashbin get deleted after 30 days. If you want to change this, see https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/file_versioning.html.
+By default, AIO sets the `versions_retention_obligation` and `trashbin_retention_obligation` both to `auto, 30` which means that versions and items in the trashbin get deleted after 30 days. If you want to change this, see https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/file_versioning.html.
 
 ### How to enable automatic updates without creating a backup beforehand?
 If you have an external backup solution, you might want to enable automatic updates without creating a backup first. However note that doing this is disrecommended since you will not be able to easily create and restore a backup from the AIO interface anymore and you need to make sure to shut down all the containers properly before creating the backup, e.g. by stopping them from the AIO interface first. 
@@ -736,7 +736,7 @@ Afterwards apply the correct permissions with `sudo chown root:root /root/automa
 1. save and close the crontab (when using nano the shortcuts for this are `Ctrl + o` then `Enter` to save, and close the editor with `Ctrl + x`).
 
 ### Securing the AIO interface from unauthorized ACME challenges
-[By design](https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384), Caddy that runs inside the mastercontainer, which handles automatic TLS certificate generation for the AIO interface, is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.
+[By design](https://github.com/nextcloud/all-in-one/discussions/4882#discussioncomment-9858384), Caddy that runs inside the mastercontainer, which handles automatic TLS certificate generation for the AIO interface on port 8443, is configured to accept traffic on any valid domain in order to make the AIO interface as convenient to use as possible. However due to this, it is vulnerable to receiving DNS challenges for arbitrary hostnames from anyone on the internet. While this does not compromise your server's security, it can result in cluttered logs and rejected certificate renewal attempts due to rate limit abuse. To mitigate this issue, it is recommended to place the AIO interface behind a VPN and/or limit its public exposure.
 
 ### How to migrate from an already existing Nextcloud installation to Nextcloud AIO?
 Please see the following documentation on this: [migration.md](https://github.com/nextcloud/all-in-one/blob/main/migration.md)
@@ -820,7 +820,7 @@ Backing up directly to a remote borg repository is supported. This avoids having
 Some alternatives, which do not have all the above benefits:
 
 - Mount a network FS like SSHFS, SMB or NFS in the directory that you enter in AIO as backup directory
-- Use rsync or rclone for syncing the borg backup archive that AIO creates locally to a remote target (make sure to lock the backup archive correctly before starting the sync; search for "aio-lockfile"; you can find a local example script here: https://github.com/nextcloud/all-in-one#sync-the-backup-regularly-to-another-drive)
+- Use rsync or rclone for syncing the borg backup archive that AIO creates locally to a remote target (make sure to lock the backup archive correctly before starting the sync; search for "aio-lockfile"; you can find a local example script here: https://github.com/nextcloud/all-in-one#sync-local-backups-regularly-to-another-drive)
 - You can find a well written guide that uses rclone and e.g. BorgBase for remote backups here: https://github.com/nextcloud/all-in-one/discussions/2247
 - Here is another one that utilizes borgmatic and BorgBase for remote backups: https://github.com/nextcloud/all-in-one/discussions/4391
 - create your own backup solution using a script and borg, borgmatic or any other to backup tool for backing up to a remote target (make sure to stop and start the AIO containers correctly following https://github.com/nextcloud/all-in-one#how-to-enable-automatic-updates-without-creating-a-backup-beforehand)

reverse-proxy.md

@@ -139,8 +139,9 @@ Add this as a new Apache site config:
     RequestHeader set X-Real-IP %{REMOTE_ADDR}s
     AllowEncodedSlashes NoDecode
     
-    ProxyPass / http://localhost:11000/ nocanon # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
+    # Adjust the two lines below to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
-    ProxyPassReverse / http://localhost:11000/ # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
+    ProxyPass / http://localhost:11000/ nocanon
+    ProxyPassReverse / http://localhost:11000/
     
     RewriteCond %{HTTP:Upgrade} websocket [NC]
     RewriteCond %{HTTP:Connection} upgrade [NC]
@@ -237,6 +238,16 @@ You can get AIO running using the ACME DNS-challenge. Here is how to do it.
 
 </details>
 
+### OpenLiteSpeed
+
+<details>
+
+<summary>click here to expand</summary>
+
+You can find the OpenLiteSpeed reverse proxy guide by @MorrowShore here: https://github.com/nextcloud/all-in-one/discussions/6370
+
+</details>
+
 ### Citrix ADC VPX / Citrix Netscaler
 
 <details>
@@ -734,6 +745,89 @@ The examples below define the dynamic configuration in YAML files. If you rather
 
 </details>
 
+### Traefik 3
+
+<details>
+
+<summary>click here to expand</summary>
+
+**Disclaimer:** it might be possible that the config below is not working 100% correctly, yet. Improvements to it are very welcome!
+
+Traefik's building blocks (router, service, middlewares) need to be defined using dynamic configuration similar to [this](https://doc.traefik.io/traefik/providers/file/#configuration-examples) official Traefik configuration example. Using **docker labels _won't work_** because of the nature of the project.
+
+The examples below define the dynamic configuration in YAML files. If you rather prefer TOML, use a YAML to TOML converter.
+
+1. In Traefik's static configuration define a [file provider](https://doc.traefik.io/traefik/providers/file/) for dynamic providers:
+
+    ```yml
+    # STATIC CONFIGURATION
+   
+    entryPoints:
+      https:
+        address: ":443" # Create an entrypoint called "https" that uses port 443
+        # If you want to enable HTTP/3 support, uncomment the line below
+        # http3: {}
+    
+    certificatesResolvers:
+      # Define "letsencrypt" certificate resolver
+      letsencrypt:
+        acme:
+          storage: /letsencrypt/acme.json # Defines the path where certificates should be stored
+          email: <your-email-address> # Where LE sends notification about certificates expiring
+          tlschallenge: true
+   
+    providers:
+      file:
+        directory: "/path/to/dynamic/conf" # Adjust the path according your needs.
+        watch: true
+    ```
+
+2. Declare the router, service and middlewares for Nextcloud in `/path/to/dynamic/conf/nextcloud.yml`:
+
+    ```yml
+    http:
+      routers:
+        nextcloud:
+          rule: "Host(`<your-nc-domain>`)"
+          entrypoints:
+            - "https"
+          service: nextcloud
+          middlewares:
+            - nextcloud-chain
+          tls:
+            certresolver: "letsencrypt"
+
+      services:
+        nextcloud:
+          loadBalancer:
+            servers:
+              - url: "http://localhost:11000" # Adjust to match APACHE_PORT and APACHE_IP_BINDING. See https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md#adapting-the-sample-web-server-configurations-below
+
+      middlewares:
+        nextcloud-secure-headers:
+          headers:
+            hostsProxyHeaders:
+              - "X-Forwarded-Host"
+            referrerPolicy: "same-origin"
+
+        https-redirect:
+          redirectscheme:
+            scheme: https 
+
+        nextcloud-chain:
+          chain:
+            middlewares:
+              # - ... (e.g. rate limiting middleware)
+              - https-redirect
+              - nextcloud-secure-headers
+    ```
+
+---
+
+⚠️ **Please note:** look into [this](#adapting-the-sample-web-server-configurations-below) to adapt the above example configuration.
+
+</details>
+
 ### IIS with ARR and URL Rewrite
 
 <details>

tests/QA/060-environmental-variables.md

@@ -24,6 +24,5 @@ See https://github.com/nextcloud/all-in-one#how-to-trust-user-defined-certificat
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_DRI_DEVICE=true`, the resulting Nextcloud container should have the /dev/dri device mounted into the container. (Only works if a `/dev/dri` device is present on the host)
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_ENABLE_NVIDIA_GPU=true`, the resulting Nextcloud container should have the nvidia gpu device mounted into the container. (Only works if a Nvidia GPU and runtime is installed on the host)
 - [ ] When starting the mastercontainer with `--env NEXTCLOUD_KEEP_DISABLED_APPS=true` it should keep apps in Nextcloud that are disabled in the AIO interface. For example if Collabora is disabled in the AIO interface and you install the richdocuments app in Nextcloud, a restart should not uninstall the richdocuments app in Nextcloud anymore.
-- [ ] When starting the mastercontainer with `--env AIO_COMMUNITY_CONTAINERS="fail2ban"`, it should add the fail2ban container to the container stack and show it in the AIO interface as well as start it, etc.
 
 You can now continue with [070-timezone-change.md](./070-timezone-change.md)