From d3ac48f352340a928c903ee3fa176ec77547340a Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 26 Mar 2025 10:45:15 +0100
Subject: [PATCH 1/3] add a note to `NEXTCLOUD_TRUSTED_CACERTS_DIR`

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 readme.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/readme.md b/readme.md
index 0eb92033..2b0f731a 100644
--- a/readme.md
+++ b/readme.md
@@ -486,6 +486,9 @@ In certain situations you might want to keep Nextcloud apps that are disabled in
 > Doing this might cause unintended problems in Nextcloud if an app that requires an external dependency is still installed but the external dependency not for example.
 
 ### How to trust user-defined Certification Authorities (CA)?
+> [!NOTE]
+> Please note, that this feature is only intended to make LDAPS connections with self-signed certificates work. It will not make other interconnectivity between the different containers work, as they expect a valid publicly trusted certificate like one from Let's Encrypt.
+
 For some applications it might be necessary to establish a secure connection to another host/server which is using a certificate issued by a Certification Authority that is not trusted out of the box. An example could be configuring LDAPS against a domain controller (Active Directory or Samba-based) of an organization.
 
 You can make the Nextcloud container trust any Certification Authority by providing the environmental variable `NEXTCLOUD_TRUSTED_CACERTS_DIR` to the docker run command of the mastercontainer (but before the last line `nextcloud/all-in-one:latest`! If it was started already, you will need to stop the mastercontainer, remove it (no data will be lost) and recreate it using the docker run command that you initially used). The value of the variables should be set to the absolute paths of the directory on the host, which contains one or more Certification Authorities certificates. You should use X.509 certificates, Base64 encoded. (Other formats may work but have not been tested!) All the certificates in the directory will be trusted.

From 80920778fbc5a5cf08e279ab228b9bc1e3be0790 Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 26 Mar 2025 18:55:50 +0100
Subject: [PATCH 2/3] update update-helm with correct syntax

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/update-helm.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 83c35135..0a97ee87 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -14,9 +14,11 @@ jobs:
         uses: actions/checkout@v4
       - name: update helm chart
         run: |
-          GHCR_TOKEN="$(curl https://ghcr.io/token\?scope\="repository:nextcloud-releases/all-in-one:pull" | jq '.token')"
+          set -x
+          GHCR_TOKEN="$(curl https://ghcr.io/token?scope=repository:nextcloud-releases/nce-php-fpm-mgmt:pull | jq '.token' | sed 's|"||g')"
           DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
           export DOCKER_TAG
+          set +x
           if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then
             sudo bash nextcloud-aio-helm-chart/update-helm.sh "$DOCKER_TAG"
           fi

From 25c580bca370eaead5f1fad9d3842a9c49562dff Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Wed, 26 Mar 2025 19:00:31 +0100
Subject: [PATCH 3/3] fix update-helm by removing spaces

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 .github/workflows/update-helm.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/update-helm.yml b/.github/workflows/update-helm.yml
index 0a97ee87..75aaceb5 100644
--- a/.github/workflows/update-helm.yml
+++ b/.github/workflows/update-helm.yml
@@ -16,7 +16,7 @@ jobs:
         run: |
           set -x
           GHCR_TOKEN="$(curl https://ghcr.io/token?scope=repository:nextcloud-releases/nce-php-fpm-mgmt:pull | jq '.token' | sed 's|"||g')"
-          DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
+          DOCKER_TAG="$(curl -H "Authorization: Bearer ${GHCR_TOKEN}" -L -s 'https://ghcr.io/v2/nextcloud-releases/all-in-one/tags/list?page_size=1024' | jq '.tags' | sed 's|"||g;s|[[:space:]]||g' | grep '^20[0-9_]\+' | grep -v latest | sort -r | head -1)"
           export DOCKER_TAG
           set +x
           if [ -n "$DOCKER_TAG" ] && ! grep -q "$DOCKER_TAG" ./nextcloud-aio-helm-chart/templates/nextcloud-aio-nextcloud-deployment.yaml; then